F00D Keyring Regs

From Vita Development Wiki
Jump to navigation Jump to search

Cmep/ARM

0xE0000000: MailboxCmepToArm

Response to ARM is written here.

0xE0000010: MailboxArmToCmep

Request from ARM is written here.

0xE0000020: MailboxCmepToDebugger

Size: 2* u32.

0xE0000028: MailboxDebuggerToCmep

Size: 2* u32.

0xE0000060: MailboxDebuggerToCmep2

Size: 2* u32.

Cmep controller

0xE0010000: CmepReset

   Bit0: Hangs. ARM uses this to reset the cMeP subsystem.

0xE0010004: CmepStatus

   Bit31:  IsCmepAlive
   Bit0-2: ?
   0xE0010000: 00 00 00 00 05 00 00 80 00 00 00 00 00 00 00 00
   0xE0010010: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xE0010010: Unknown

Reads back 0x7FF. Then hangs after delay.

   Bit5: Disables Key* registers, and KeyRingDirectAccess

No bit appears to disable Rsa* registers, or Bigmac*.

   0xE0020000: 0F 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00
   0xE0020010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Cmep 0xE0020000

0xE0020000: Unknown

   Bit0: Reboot when cleared.
   Bit1: Hang when cleared. Unrecoverable
   Bit2: No hang when cleared.
   Bit3: No hang when cleared.
   Bit4:
   Bit5:
   Bit16: No hang when cleared.
   Bit17:

0xE0020004: Unknown

second_loader writes 0x30003 followed by 0 here, after clearing keys.

E0020020: Unknown

rsa_expmod() reads and writes back this register before reading the result of the RSA operation.

May be a kind of timer.

Or working state.

Keyring controller

  +0x00 = EEP_DATA0
  +0x04 = EEP_DATA1
  +0x08 = EEP_DATA2
  +0x0C = EEP_DATA3
  +0x10 = EEP_DATA4
  +0x14 = EEP_DATA5
  +0x18 = EEP_DATA6
  +0x1C = EEP_DATA7
  +0x20 = EEP_LINE
  +0x24 = EEP_SET_PROTECTION
  +0x28 = EEP_GET_PROTECTION_REQ
  +0x2C = EEP_GET_PROTECTION_RESP

Writing line_id to EEP_LINE will trigger writing the EEP_DATA registers into said line.

Writing ((prot<<16)|line_id) to EEP_SET_PROTECTION protects a line. prot is a bit mask, 0x1000 makes reads from f00d return 0.

Writing line_id to EEP_GET_PROTECTION_REQ returns current prot in EEP_GET_PROTECTION_RESP.

This device is mapped to ScePervasiveResetReg +0x190 for controlling reset and enabling mask writing.

/*
 * Protection
 *
 * 0x00000001 : Slot exist
 * 0x00000002 : Slot enabled
 * 0x00000004 : Unknown
 * 0x00010000 : Allow enc
 * 0x00020000 : Allow dec
 * more ...
 */
typedef struct SceBigmacKeyringController { // 0xE0030000
	uint32_t data[0x8];
	/*
	 * Write data to slot. Needed have the 0x800 protection (direct write)
	 * If the slot is disabled, enable it
	 */
	int slot_id;

	/*
	 * Clear slot protection
	 *
	 * Mask       | Description
	 * 0x0000FFFF : Target slot id
	 * 0xFFFF0000 : Clear protection
	 */
	int slot_protection;

	/*
	 * if((slot_protect_resp & 2) != 0) enabled else disabled
	 */
	int slot_protect_chk;
	int slot_protect_resp;
} SceBigmacKeyringController;

0xE0030000-0xE003001F: KeySetValue

Size: 8x u32.

0xE0030020: KeySetValueTrigger

Write keyslot here, and it will write value written above to it.

If the slot is not enabled, enable it (needed some protect. if not have protect, cannot enable that slot)

0xE0030024: KeySetProtect

   Bit0-15:  KeyslotNumber
   Bit16-31: KeyslotClearFlags

0xE0030028: KeyQueryProtect

   Bit0-15: KeyslotNumber

0xE003002C: KeyQueryProtectResult

   Bit0: SlotExists
   Bit1: SlotEnabled. You cannot use a key if this is not set.
   Bit2: Unknown
   Bit16:   Clearable   | AesEncryptAllowed (CTR+CBC+ECB, any key size)
   Bit17:   Clearable   | AesDecryptAllowed (CTR+CBC+ECB, any key size)
   Bit18:   Clearable   | ShaHmacAllowed (SHA1+SHA256)
   Bit19:   Clearable   | AesCmacAllowed
   Bit20:   Clearable   | EmmcCryptoAllowed (qualified guess!)
   Bit21:   Fixed       | IsMaster
   Bit22:   Fixed       | MemberOfGroup0
   Bit23:   Fixed       | MemberOfGroup1
   Bit24:   Fixed       | MemberOfGroup2
   Bit25:   Fixed       | MemberOfGroup3
   Bit26:   Clearable   | SetByBigmacAllowed
   Bit27:   Clearable   | SetByKeyringAllowed
   Bit28:   Clearable   | GetByKeyringAllowed

A master key can only write into a slave keyslot belonging to the same group(s) as itself.

A master key cannot write into a non-slave keyslot or external memory.

Normal keyslots are keyslots that don't belong to any group (bit21-25 are all zeroes). They can be written by slaves of groups, and also by normal non-keyslot operations.

A slave can write output to a normal keyslot or to external memory.

SceBignum controller

0xE0040108: RsaSignatureBuffer

Size: 0x100 bytes.

0xE0040400: RsaModulusBuffer

Size: 0x100 bytes.

0xE0040800: RsaControl

In u32's.

0xE0040800: RsaStatus

   Bit31: Busy

0xE0040808: RsaExponent

SceBigmac controller

// base:0xE0050000(channel0), 0xE0050080(channel1)
typedef struct SceBigmacOp {
	const void *src;
	union {
		void *dst;
		int slot_id;
	};
	SceSize len;
	int func; // BigmacOp

	int key_slot;
	void *iv;
	void *next;
	int ready; // Writing 1 here starts bigmac operation.

	int status;
	int res; // Set when invalid keyslot (0xFFF). Bit18: Set when keyslot is not allowed to perform operation.
} SceBigmacOp;

0xE005000C: BigmacOp

Unlike for Dmac5, DES is not supported for Bigmac.

 Bit0-6: Algorithm
 0x00 = Zeroes?
 0x01 = AesEcbEncrypt
 0x02 = AesEcbDecrypt
 0x03 = Sha1
 0x04 = Rng
 0x05 = Zeroes
 0x06 = Zeroes
 0x07 = Zeroes
 0x09 = AesCbcEncrypt
 0x0A = AesCbcDecrypt
 0x0B = Sha224
 0x0C = memset
 0x0D = Zeroes
 0x0E = Zeroes
 0x0F = Zeroes
 0x10 = AesCtr
 0x11 = AesCtrEncrypt
 0x12 = AesCtrDecrypt
 0x13 = Sha256
 0x1B = !!! HANG !!!
 0x23 = HmacSha1, keylength=32 bytes
 0x2B = !!! HANG !!!
 0x33 = HmacSha256, keylength=32 bytes
 0x3B = AesCmac
 0x41  = !!! HANG !!!
 0x43 = <0x03>
 0x4B = <0x0b>
 0x53 = <0x13>
 0x61  = !!! HANG !!!
 0x7B = <0x3b>
 0x141 = !!! HANG !!!
   Bit7:    UseExternalKey
   Bit8-10: KeySize (0=64bit, 1=128bit, 2=192bit, 3=256bit)
            (Applies only to AesEcb, AesCbc, AesCmac)
   Bit11:   Nothing noticable for AesEcbEncrypt
   Bit12:   Nothing noticable for AesEcbEncrypt
   Bit24:   Causes hang
   Bit25:   Causes hang
   Bit28:   IsDstKeyslot

The following are known to be able to write keyslots:

 * AesEcbEncrypt/Decrypt:
     Size is rounded up to multiple of 4.
     If size > 16, size = 16.
     Read |size| bytes from |src| into HW state.
     The remaining 16-|size| bytes of state *ARE KEPT FROM RESULT OF PREVIOUS AES OPERATION*.
     VULN! This allows key recovery of all slave keyslots during boot.
     The key written to keyslot is always 16 bytes long, padded with 00's.
 * AesCbcEncrypt/Decrypt: Size is rounded up to multiple of 4. 
 * AesCtrEncrypt/Decrypt: Size is rounded up to multiple of 4.
 * AesCmac                Puts the 16 byte hash into keyslot.
                          Bytes 16-31 are *FORCED* 0.
 * Sha1:                  Puts the 20 byte hash into keyslot.
                          Bytes 20-31 are *FORCED* 0.
 * Sha224:                Puts the 28 byte hash into keyslot.
                          Bytes 28-31 are *FORCED* 0.
 * Sha256:                Puts the 32 byte hash into keyslot.
 * HmacSha1               Probably same as Sha1.
 * HmacSha256             Probably same as Sha256.
 * Rng

AesCtrEncrypt when having a keyslot dst, still reads from src.

VULN! Any SHA with length==0 produces an output of all zeroes!

0xE005003C: BigmacRng

Reads a random value.

0xE0050200: BigmacExternalKey

Size: 0x20 bytes

VULN! Allows partial overwrite. However when using keyslot crypto, this key remains unaffected. Thus it cannot be used to recover keyslot keys.

SceBigmac Keyring

0xE0058000: KeyRingDirectAccess

Size: 0x10000 bytes.

Key slots

0x000-0x07F:

   Initial state: Empty keyslots.
   0x000-0x007: Empty group0 slave keyslots, for AES decryption only.
   0x008-0x00F: Empty group1 slave keyslots, any algo.
   0x010-0x01F: Empty group2 slave keyslots, for AES decryption only.
   0x020-0x02F: Empty group3 slave keyslots, any algo.
   0x030-0x07F: Empty normal keyslots, any algo.

0x100-0x17F:

   Initial state: Empty keyslots.
   0x100-0x17F: Empty normal keyslots, any algo.

0x200-0x217:

   Initial state: Filled in, key material.
   0x200-0x203: AES decryption-only keys (for memory buffers).
   0x204-0x205: Master keys (for group0), any algo.
   0x206-0x20D: Master keys (for group1), any algo.
   0x20E-0x20F: Emmc keys, fully protected.
   0x210-0x217: General purpose keys (for memory buffers).

0x300-0x3FF:

   Initial state: Filled in, key material.
   0x300-0x33F: AES decryption-only keys (for memory buffers).
   0x340-0x343: Master keys (for group2), any algo.
   0x344-0x353: Master keys (for group3), any algo.
   0x354-0x3FF: General purpose keys (for memory buffers).

0x400-0x47F:

   Initial state: Empty data storage, read-write from keyring.

0x500-0x57F:

   Initial state: Empty data storage, read-write from keyring.

0x600-0x607:

   Initial state: Filled in data, read-only. Keyring only.
   0x603: u32 BootromFlags.
     Bit0-15: HasRsaRevocationKey. This is set to 0xFFFF.
     Bit16:   UseAlternativeEmmcClock

0x700-0x77F:

   Initial state: Filled in data, read-only. Keyring only.
   0x700-0x708: RsaRevocationKey0
   0x708-0x710: RsaRevocationKey1
   0x710-0x718: RsaRevocationKey2
   0x718-0x720: RsaRevocationKey3
   0x720-0x728: RsaRevocationKey4
   0x728-0x730: RsaRevocationKey5
   ...
   0x778-0x780: RsaRevocationKey15

SceEmmcController

0xE0070000: EmmcCrypto Toggle/Status?

Toggle : Set to 1.

Status : enabled emmc enc/dec?

0xE0070004: EmmcCrypto avalaible status

bit0(& 1) : Not available -> second_loader throw error.

0xE0070008: EmmcCrypto keyset

1.69-3.73 : 0x20E and 0x20F.

write only.

0xE007000C: Unknown

Read value example: 2

0xE00C0000

0xE00CC000: Unknown

Unknown, Read value example: 0x10006331

0xE00CC014: Unknown

Unknown, Read value example: 0x300000

0xE00CC070: Unknown

Unknown, Read value example: 1

0xE00CC078: Unknown

Unknown, Read value example: 0x300