Ernie Secure

For security reasons, sensitive Ernie commands packets are encrypted with a per-session key. This key is generated and shared at second_loader stage through a handshake between cMeP and Ernie. SNVS (Secure NVS) is a part of NVS that is XTS encrypted and can only be accessed using Ernie secure command 0xD2. eMMC is also XTS encrypted and is accessed with the same command.

= Ernie Secure Packets =

Packets sent/received with Ernie command 0xD2 are AES-128-ECB encrypted with the Ernie communication session key (stored in Bigmac keyslot 0x511).

There is a 4 byte command field, 4 byte counter (from Bigmac keyslot 0x512) that increments per send, 6 bytes of zeros, optional data, and a 2 byte checksum. The checksum is the sum of all previous bytes and then negated.

= Ernie Secure Commands =

Command 0xA0
This command uses keyset 0xB and is only seen in second_loader. No data transfer is seen. The Ernie communication session key derived here is actually not used. The hypothesis is that this handshake serves as a checkpoint for Ernie to know that cMeP has successfully decrypted ConsoleId and OpenPsId since in between the handshake each decryption happens. The decryption does not use any data from this handshake.

Command 0xD0
This command establishes a handshake with keyset 0xF. It is used by updater_service_sm command 0xD0002 as well as second_loader.

After handshake:
 * Bigmac keyslot 0x511 is programmed with the Ernie communication session key.
 * Bigmac keyslot 0x512 is programmed with a 32 bit random number from Bigmac PRNG.

Command 0xD2
Command for SNVS read/write and maybe also eMMC read/write.

Boot dumps
First transaction (Mgmt Data read):

cMeP => Ernie:

cMeP <= Ernie:

SNVS sector is decrypted using a bigmac keyslot in 0x502-0x504 and result (Mgmt Data) is written to Bigmac keyslot 0x50B (8 bytes).

Second transaction (Current firmware version read):

cMeP => Ernie:

cMeP <= Ernie:

Decrypted is a list of versions, two are read using some information from the MBR. On a default 3.60 retail system, the two offsets used are at 0x4 and 0x8. Those are both checked to be 0x03600000 on 3.60 (hard coded). If they are 0xDEADBEEF, the check is skipped. Additionally, in the decrypted buffer from the previous command (written to Bigmac keysslot 0x50B), if bit 1 at byte offset 0x4 is set, then the version check is skipped. Then, if boot is not resume the version from kernel_boot_loader.self is also checked. Finally slot 0x50E and 0x518 are written with these two version codes.

= Ernie Secure Handshake =

This handshake is used totally or partially by Ernie secure commands 0xA0 and 0xD0.

Step 0: cMeP challenges Ernie

 * 1) cMeP generates an empty buffer   and sends it to Ernie.

Step 1: Ernie returns Ernie Challenge

 * 1) Ernie returns header   + 8 byte Ernie Challenge.

Step 2: cMeP sends cMeP Challenge

 * 1) cMeP composes a data buffer that is 8 bytes of RNG value, 8 byte Ernie Challenge from step 1, and 16 bytes of Step 2 Passphrase.
 * 2) cMeP encrypts this data using AES-128-ECB and Step 2 Key.
 * 3) cMeP appends the header   and sends to Ernie.

Step 3: Ernie confirms it has received cMeP Challenge

 * 1) Ernie returns header   and a 0x20 byte encrypted buffer.
 * 2) cMeP decrypts it with AES-128-ECB and Step 3 Key.
 * 3) cMeP checks that first 8 byte matches the Ernie Challenge from step 2 and next 8 byte matches the cMeP Challenge generated in step 2. The remaining 16 bytes are zero.

Step 3 bis: cMeP registers the Ernie Communication Session Key

 * 1) The following operations are only done with Ernie command 0xD0 as it is the only one that registers the Ernie communication session key, once for all.
 * 2) cMeP AES-128-ECB encrypts the same 16 byte challenge buffer using Ernie Communication Session Key Master Key.
 * 3) This is the Ernie Communication Session Key. cMeP registers it into Bigmac keyslot 0x511.

Step 4: cMeP tells Ernie to register the Ernie Communication Session Key

 * 1) Using the Ernie communication session key, cMeP encrypts a known value, Step 4-5 Passphrase.
 * 2) cMeP appends the header   and sends to Ernie.
 * 3) Ernie decrypts the received data and checks that the passphrase is valid.
 * 4) Ernie generates the Ernie Communication Session Key the same way as cMeP and registers it in its memory.

Step 5: cMeP receives Ernie encrypted packet for Ernie Communication Session Key verification

 * 1) cMeP gets a response back from Ernie (header  ), decrypts the encrypted data with the Ernie communication session key, and checks that it matches the Step 4-5 Passphrase.

= SNVS =

Ernie provides raw storage in its EEPROM, named NVS (Non-Volatile Storage). The OS partitions some of this storage for encrypted data. The keys to encrypt/decrypt this data is from slots 0x502-0x504. They are derived by second_loader by encrypting using AES-256-CBC a seed with keyslot 0x216, which is console unique. Consoles with minimum firmware < 0.996 use a set of static keys found in second_loader. Minimum firmware comes from IdStorage SMI leaf.