Ernie Secure

Syscon 0xD0 four part key exchange
The  here appears to be a context id. Only  and   has been seen but only   seems to be supported by the update sm using the command 0xD0002 (with different sequence number for each part).

Part 1

 * 1) Generate an empty buffer   and send it to Syscon.
 * 2) Syscon returns header   + 8 byte challenge.

Part 2

 * 1) F00D composes a data buffer that is 8 bytes of RNG value, 8 bytes copied from challenge, and 16 bytes of shared data. On 1.69, the shared data is
 * 2) This data is encrypted using AES-128-CBC with all zero IV and a shared key. On 1.69, it is
 * 3) A header is prepended   to the data and sent to Syscon

Part 3

 * 1) Gets a 0x28 byte response from Syscon with a header   and 0x20 buffer.
 * 2) Decrypt with AES-128-CBC with IV from part 2 (it is the last ciphertext generated, or the last 16 bytes of the ciphertext sent from F00D) and a shared key. On 1.69 it is
 * 3) Check that first 8 byte matches unknown and next 8 byte matches the F00D nonce generated in part 1.
 * 4) Encrypt the same buffer back using a shared key for 16 bytes. On 1.69 it is   and the IV will be the last 16 bytes from the encrypted input buffer.
 * 5) This is now the session key!

Part 4

 * 1) Using the session key, encrypt a known value. On 1.69 it is
 * 2) Append the header   and send to Syscon
 * 3) Get a response back from Syscon (header  ), decrypt the buffer with the session, and check that it matches the known value. Both the plaintext and ciphertext should match.
 * 4) Keyslot 0x511 is programmed with the session key.
 * 5) Keyslot 0x512 is programmed with a 32 bit random number from Bigmac.

Syscon 0xD2
Packets sent/received with syscon 0xD2 are encrypted with the session key and IV = 0. There is a 4 byte command field, 4 byte counter (from keyslot 0x512) that increments per send, 6 bytes of zeros, optional data, and a 2 byte checksum. The checksum is the sum of all previous bytes and then negated.