Cmep registers

Key slots
0x000-0x07F: Initial state: Empty keyslots. 0x000-0x007: Empty group0 slave keyslots, for AES decryption only. 0x008-0x00F: Empty group1 slave keyslots, any algo. 0x010-0x01F: Empty group2 slave keyslots, for AES decryption only. 0x020-0x02F: Empty group3 slave keyslots, any algo. 0x030-0x07F: Empty normal keyslots, any algo.

0x100-0x17F: Initial state: Empty keyslots. 0x100-0x17F: Empty normal keyslots, any algo.

0x200-0x217: Initial state: Filled in, key material. 0x200-0x203: AES decryption-only keys (for memory buffers). 0x204-0x205: Master keys (for group0), any algo. 0x206-0x20D: Master keys (for group1), any algo. 0x20E-0x20F: Emmc keys, fully protected. 0x210-0x217: General purpose keys (for memory buffers).

0x300-0x3FF: Initial state: Filled in, key material. 0x300-0x33F: AES decryption-only keys (for memory buffers). 0x340-0x343: Master keys (for group2), any algo. 0x344-0x353: Master keys (for group3), any algo. 0x354-0x3FF: General purpose keys (for memory buffers).

0x400-0x47F: Initial state: Empty data storage, read-write from keyring.

0x500-0x57F: Initial state: Empty data storage, read-write from keyring.

0x600-0x607: Initial state: Filled in data, read-only. Keyring only. 0x603: u32 BootromFlags. Bit0-15: HasRsaRevocationKey. This is set to 0xFFFF. Bit16:  UseAlternativeEmmcClock

0x700-0x77F: Initial state: Filled in data, read-only. Keyring only. 0x700-0x708: RsaRevocationKey0 0x708-0x710: RsaRevocationKey1 0x710-0x718: RsaRevocationKey2 0x718-0x720: RsaRevocationKey3 0x720-0x728: RsaRevocationKey4 0x728-0x730: RsaRevocationKey5 ...   0x778-0x780: RsaRevocationKey15

= F00D/ARM =

E0000000: MailboxFoodToArm
Response to ARM is written here.

E0000010: MailboxArmToFood
Request from ARM is written here.

E0000020: MailboxFoodToDebugger
Size: 2x u32.

E0000028: MailboxDebuggerToFood
Size: 2x u32.

E0000060: MailboxDebuggerToFood2
Size: 2x u32.

E0010000: FootReset
Bit0: Hangs. ARM uses this to reset the F00D subsystem.

E0010004: FoodStatus
Bit31: IsFoodAlive Bit0-2: ?

0xE0010000: 00 00 00 00 05 00 00 80 00 00 00 00 00 00 00 00 0xE0010010: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

E0010010
Reads back 0x7FF. Then hangs after delay.

Bit5: Disables Key* registers, and KeyRingDirectAccess

No bit appears to disable Rsa* registers, or Bigmac*.

0xE0020000: 0F 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 0xE0020010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

= F00D_E0020000 =

E0020000
Bit0: Reboot when cleared. Bit1: Hang when cleared. Unrecoverable Bit2: No hang when cleared. Bit3: No hang when cleared. Bit4: Bit5: Bit16: No hang when cleared. Bit17:

E0020004: ?
second_loader writes 0x30003 followed by 0 here, after clearing keys.

E0020020: ?
rsa_expmod reads and writes back this register before reading the result of the RSA operation.

= Keyring controller =

0xE0030000-0xE003001F: KeySetValue
Size: 8x u32.

E0030020: KeySetValueTrigger
Write keyslot here, and it will write value written above to it.

E0030024: KeySetProtect
Bit0-15: KeyslotNumber Bit16-31: KeyslotClearFlags

E0030028: KeyQueryProtect
Bit0-15: KeyslotNumber

E003002C: KeyQueryProtectResult
Bit0: SlotExists Bit1: HasBeenWrittenOnce. You cannot use a key if this is not set. Bit2: HasBeenWrittenMoreThanOnce Bit16:  Clearable   | AesEncryptAllowed (CTR+CBC+ECB, any key size) Bit17:  Clearable   | AesDecryptAllowed (CTR+CBC+ECB, any key size) Bit18:  Clearable   | ShaHmacAllowed (SHA1+SHA256) Bit19:  Clearable   | AesCmacAllowed Bit20:  Clearable   | EmmcCryptoAllowed (qualified guess!) Bit21:  Fixed       | IsMaster Bit22:  Fixed       | MemberOfGroup0 Bit23:  Fixed       | MemberOfGroup1 Bit24:  Fixed       | MemberOfGroup2 Bit25:  Fixed       | MemberOfGroup3 Bit26:  Clearable   | SetByBigmacAllowed Bit27:  Clearable   | SetByKeyringAllowed Bit28:  Clearable   | GetByKeyringAllowed

A master key can only write into a slave keyslot belonging to the same group(s) as itself.

A master key cannot write into a non-slave keyslot or external memory.

Normal keyslots are keyslots that don't belong to any group (bit21-25 are all zeroes). They can be written by slaves of groups, and also by normal non-keyslot operations.

A slave can write output to a normal keyslot or to external memory.

VULN!! If you have AesDecryptAllowed, you can encrypt arbitrary AES blocks without AesEncryptAllowed. Use CTR mode.

= SceBignum controller =

E0040108 RsaSignatureBuffer
Size: 0x100 bytes.

E0040400 RsaModulusBuffer
Size: 0x100 bytes.

E0040800 RsaControl
In u32's.

E0040800 RsaStatus
Bit31: Busy

E0040808 RsaExponent
= SceBigmac controller =

E005000C BigmacOp
Unlike Dmac5, DES is not supported for Bigmac.

Bit0-6: Algorithm 0x00 = Zeroes? 0x01 = AesEcbEncrypt 0x02 = AesEcbDecrypt 0x03 = Sha1 0x04 = Rng 0x05 = Zeroes 0x06 = Zeroes 0x07 = Zeroes 0x09 = AesCbcEncrypt 0x0A = AesCbcDecrypt 0x0B = Sha224 0x0C = Zeroes 0x0D = Zeroes 0x0E = Zeroes 0x0F = Zeroes 0x10 = AesCtr 0x11 = AesCtrEncrypt 0x12 = AesCtrDecrypt 0x13 = Sha256 0x1B = !!! HANG !!! 0x23 = HmacSha1, keylength=32 bytes 0x2B = !!! HANG !!! 0x33 = HmacSha256, keylength=32 bytes 0x3B = AesCmac 0x41 = !!! HANG !!! 0x43 = 0x4B = 0x53 = 0x61 = !!! HANG !!! 0x7B = 0x141 = !!! HANG !!!

Bit7:   UseExternalKey Bit8-10: KeySize (0=64bit, 1=128bit, 2=192bit, 3=256bit) (Applies only to AesEcb, AesCbc, AesCmac) Bit11:  Nothing noticable for AesEcbEncrypt Bit12:  Nothing noticable for AesEcbEncrypt Bit24:  Causes hang Bit25:  Causes hang Bit28:  IsDstKeyslot

The following are known to be able to write keyslots: * AesEcbEncrypt/Decrypt: Size is rounded up to multiple of 4. If size > 16, size = 16.

Read |size| bytes from |src| into HW state. The remaining 16-|size| bytes of state *ARE KEPT FROM RESULT OF PREVIOUS AES OPERATION*. VULN! This allows key recovery of all slave keyslots during boot.

The key written to keyslot is always 16 bytes long, padded with 00's.

* AesCbcEncrypt/Decrypt: Size is rounded up to multiple of 4. * AesCtrEncrypt/Decrypt: Size is rounded up to multiple of 4. * AesCmac               Puts the 16 byte hash into keyslot. Bytes 16-31 are *FORCED* 0. * Sha1:                 Puts the 20 byte hash into keyslot. Bytes 20-31 are *FORCED* 0. * Sha224:               Puts the 28 byte hash into keyslot. Bytes 28-31 are *FORCED* 0. * Sha256:               Puts the 32 byte hash into keyslot. * HmacSha1              Probably same as Sha1. * HmacSha256            Probably same as Sha256. * Rng

AesCtrEncrypt when having a keyslot dst, still reads from src.

VULN! Any SHA with length==0 produces an output of all zeroes!

E005001C BigmacTrigger
Writing 1 here starts bigmac operation.

E0050024 BigmacStatus
Set when invalid keyslot (0xFFF).

Bit18: Set when keyslot is not allowed to perform operation.

E005003C BigmacRng
Reads a random value.

E0050200 BigmacExternalKey
Size: 0x20 bytes

VULN! Allows partial overwrite. However when using keyslot crypto, this key remains unaffected. Thus it cannot be used to recover keyslot keys.

= SceBigmac Keyring =

E0058000 KeyRingDirectAccess
Size: 0x10000 bytes.

= F00D_E0070000 =

E0070000 EmmcCryptoToggle?
Set to 1.