Line 3: |
Line 3: |
| This flags is set to bigmac keyring 0x50C. | | This flags is set to bigmac keyring 0x50C. |
| | | |
− | Defined at same time as [[Sysroot#Boot type indicator 1]] and embeds some common information but with different flags. | + | Defined at same time as [[KBL Param#Boot type indicator 1]] and embeds some common information but with different flags. |
| | | |
| {| class="wikitable" | | {| class="wikitable" |
Line 168: |
Line 168: |
| LABEL_32: | | LABEL_32: |
| v20 = 0; | | v20 = 0; |
− | clear_sysroot_801C0C(); | + | clear_kbl_param_801C0C(); |
| goto LBL_123; | | goto LBL_123; |
| } | | } |
− | if ( copy_sysroot_to_0x4001FD00_801C1E() ) | + | if ( copy_kbl_param_to_0x4001FD00_801C1E() ) |
| { | | { |
| is_resume = 1LL; | | is_resume = 1LL; |
Line 193: |
Line 193: |
| Coldboot/resume is determined from bit 7 of boot_type returned by syscon. Then, something with dram??? If boot type is resume but TZ magic word (0x9E3199B7) isn't present, it changes boot type to coldboot. | | Coldboot/resume is determined from bit 7 of boot_type returned by syscon. Then, something with dram??? If boot type is resume but TZ magic word (0x9E3199B7) isn't present, it changes boot type to coldboot. |
| | | |
− | If coldboot, sysroot buffer at 0x1F000100 is cleared, otherwise it's restored from 0x4001FD00. Then, some check on emmc crypto reg??? <code>sub_806B58(0x40000500LL, 0x1000LL);</code>??? | + | If coldboot, KBL Param at 0x1F000100 is cleared, otherwise it's restored from 0x4001FD00. Then, some check on emmc crypto reg??? <code>sub_806B58(0x40000500LL, 0x1000LL);</code>??? |
| | | |
| === Factory firmware check === | | === Factory firmware check === |
Line 252: |
Line 252: |
| report_error_808CAA(1LL, 86LL, v24, 0LL); | | report_error_808CAA(1LL, 86LL, v24, 0LL); |
| if ( !v20 ) | | if ( !v20 ) |
− | syscon_read_cmd_0x1082_ptr_0x4a0_into_sysroot_802346(); | + | syscon_read_cmd_0x1082_ptr_0x4a0_into_kbl_param_802346(); |
| if ( !(_DWORD)is_resume && !v23 ) | | if ( !(_DWORD)is_resume && !v23 ) |
| dmac_wait_804C16(&ctx); | | dmac_wait_804C16(&ctx); |
Line 288: |
Line 288: |
| sub_808B66(1LL); | | sub_808B66(1LL); |
| } | | } |
− | write_sysroot_fields_from_syscon_801FC0(); | + | write_kbl_param_fields_from_syscon_801FC0(); |
| keyring_writeX_80250C(0x510LL, (__int64)line_0x510, 0x20LL); | | keyring_writeX_80250C(0x510LL, (__int64)line_0x510, 0x20LL); |
| memset((__int64)line_0x50A, 0LL, 0x10LL); | | memset((__int64)line_0x50A, 0LL, 0x10LL); |
Line 405: |
Line 405: |
| If coldboot, make sure that kbl version is not lower than factory firmware version. | | If coldboot, make sure that kbl version is not lower than factory firmware version. |
| | | |
− | === Write sysroot fields === | + | === Write KBL Param fields === |
| | | |
| <pre> | | <pre> |
− | write_sysroot_801C36((__int64)line_0x510, (__int64)line_0x50A, boot_type, is_resume, a3); | + | write_kbl_param_801C36((__int64)line_0x510, (__int64)line_0x50A, boot_type, is_resume, a3); |
| set_status(96LL); | | set_status(96LL); |
| | | |
| </pre> | | </pre> |
| | | |
− | Writes most of sysroot fields ??? | + | Writes most of KBL Param fields ??? |
| | | |
| === TODO === | | === TODO === |
Line 526: |
Line 526: |
| == Session key/coredump encryption == | | == Session key/coredump encryption == |
| | | |
− | 0x20 random bytes are generated and written to keyslot 0x51A. Then, the buffer is encrypted with aes128-cbc using coredump_key and coredump_iv. The result is copied to sysroot buffer +0x100 (0x1F000200) | + | 0x20 random bytes are generated and written to keyslot 0x51A. Then, the buffer is encrypted with aes128-cbc using coredump_key and coredump_iv. The result is copied to KBL Param +0x100 (0x1F000200) |