diff --git a/build/libraries/os/common/os_boot.c b/build/libraries/os/common/os_boot.c index 620dfcdd..ad26807d 100644 --- a/build/libraries/os/common/os_boot.c +++ b/build/libraries/os/common/os_boot.c @@ -198,3 +198,37 @@ asm void OSi_BootCore( ROM_Header* rom_header ) bx lr } + +#include + +/*---------------------------------------------------------------------------* + Name: OSi_FromBromToMenu + + Description: convert OSFromBromBuf to OSFromFirmBuf + + Arguments: None + + Returns: FALSE if FromBrom is broken + *---------------------------------------------------------------------------*/ +BOOL OSi_FromBromToMenu( void ) +{ + OSFromBromBuf* fromBromBuf = OSi_GetFromBromAddr(); + BOOL result = TRUE; + int i; + // check offset (why not to omit by compiler?) + if ( OSi_GetFromFirmAddr()->rsa_pubkey != fromBromBuf->rsa_pubkey ) // same area without header + { + result = FALSE; + } + // check unused signature area + for (i = 0; i < sizeof(fromBromBuf->hash_table_hash); i++) // check all values are same + { + if (fromBromBuf->hash_table_hash[i] != 0x00) + { + result = FALSE; + } + } + // clear out of OSFromFirmBuf area + MI_CpuClearFast( fromBromBuf->header.max, sizeof(fromBromBuf->header.max) ); + return result; +} diff --git a/build/nandfirm/menu-launcher/ARM7/Makefile b/build/nandfirm/menu-launcher/ARM7/Makefile index 2513f59d..89d5dbff 100644 --- a/build/nandfirm/menu-launcher/ARM7/Makefile +++ b/build/nandfirm/menu-launcher/ARM7/Makefile @@ -38,7 +38,8 @@ CRT0_O = crt0_firm.o include $(TWLIPL_ROOT)/build/buildtools/commondefs -LLIBRARIES = libaes_sp$(TWL_LIBSUFFIX).a +LLIBRARIES = libaes_sp$(TWL_LIBSUFFIX).a +MAKELCF_FLAGS += -DADDRESS_LTDWRAM='0x037c0000' #---------------------------------------------------------------------------- diff --git a/build/nandfirm/menu-launcher/ARM7/main.c b/build/nandfirm/menu-launcher/ARM7/main.c index a84cee96..c9695e08 100644 --- a/build/nandfirm/menu-launcher/ARM7/main.c +++ b/build/nandfirm/menu-launcher/ARM7/main.c @@ -27,8 +27,6 @@ static u8 fatfsHeap[FATFS_HEAP_SIZE] __attribute__ ((aligned (32))); -static SDPortContextData nandContext; // 一時待避用 (次に渡すならSHAREDのどこかのアドレスにする) - #ifndef SDK_FINALROM static u8 step = 0x80; #endif @@ -45,22 +43,18 @@ u32 pf_cnt = 0; /*************************************************************** PreInit - FromBootの対応をまとめる&メインメモリの初期化 + FromBootの対応&メインメモリの初期化 OS_Init前なので注意 (ARM9によるメインメモリ初期化で消されないように注意) ***************************************************************/ static void PreInit(void) { - /* FromBrom関連 */ - - /* 鍵はどこへ? */ - - // NANDパラメータの待避 - nandContext = OSi_GetFromBromAddr()->SDNandContext; - - MIi_CpuClearFast( 0, (void*)OSi_GetFromBromAddr(), sizeof(OSFromBromBuf) ); + if ( !OSi_FromBromToMenu() ) + { + OS_Terminate(); + } } /*************************************************************** @@ -127,7 +121,7 @@ void TwlSpMain( void ) OS_SetDebugLED(++step); - if ( FATFS_InitFIRM( &nandContext ) ) + if ( FATFS_InitFIRM( &(OSi_GetFromFirmAddr()->SDNandContext) ) ) { #ifndef SDK_FINALROM // 3: after FATFS diff --git a/build/nandfirm/menu-launcher/ARM9/main.c b/build/nandfirm/menu-launcher/ARM9/main.c index a208eab1..1cb9eb25 100644 --- a/build/nandfirm/menu-launcher/ARM9/main.c +++ b/build/nandfirm/menu-launcher/ARM9/main.c @@ -44,27 +44,44 @@ u32 pf_cnt = 0; /*************************************************************** PreInit - FromBootの対応をまとめる&メインメモリの初期化 - OS_Init前なので注意 + FromBootの対応&OS_Init前に必要なメインメモリの初期化 ***************************************************************/ static void PreInit(void) { /* メインメモリ関連 */ - - // SHARED領域クリア (IS-TWL-DEBUGGERの更新待ち) -#ifdef SDK_FINALROM - MIi_CpuClearFast( 0, (void*)HW_MAIN_MEM_SHARED, HW_MAIN_MEM_SHARED_END-HW_MAIN_MEM_SHARED ); -#endif + // SHARED領域クリア (ここだけでOK?) + MIi_CpuClearFast( 0, (void*)HW_PXI_SIGNAL_PARAM_ARM9, HW_MAIN_MEM_SHARED_END-HW_PXI_SIGNAL_PARAM_ARM9); /* FromBrom関連 */ + if ( !OSi_FromBromToMenu() ) + { + OS_Terminate(); + } +} - /* 鍵はどこへ? */ +/*************************************************************** + PostInit - MIi_CpuClearFast( 0, (void*)OSi_GetFromBromAddr(), sizeof(OSFromBromBuf) ); + MI_LoadHeader前にかなり(数100msec)時間があるので、可能なら + OS_Init後にいろいろ処理したい! + メインメモリの初期化 +***************************************************************/ +extern u32 SDK_SECTION_ARENA_DTCM_START; +static void PostInit(void) +{ + /* + メインメモリ関連 + */ + // (DTCMの手前までの領域を全クリア) + //MI_CpuClearFast( (void*)HW_DELIVER_ARG_BUF_END, SDK_SECTION_ARENA_DTCM_START-HW_DELIVER_ARG_BUF_END ); + // (ARM9領域を全クリア) + MI_CpuClearFast( (void*)HW_DELIVER_ARG_BUF_END, HW_MAIN_MEM_MAIN_END-HW_DELIVER_ARG_BUF_END ); + + DC_FlushAll(); } /*************************************************************** @@ -111,6 +128,8 @@ void TwlMain( void ) SVC_InitSignHeap( &acPool, acHeap, sizeof(acHeap) ); + PostInit(); + // load menu if ( MI_LoadHeader( &acPool, RSA_KEY_ADDR ) && CheckHeader() && MI_LoadStatic() ) { diff --git a/build/nandfirm/sdmc-launcher/ARM7/Makefile b/build/nandfirm/sdmc-launcher/ARM7/Makefile index 8a02e2df..8fb053f6 100644 --- a/build/nandfirm/sdmc-launcher/ARM7/Makefile +++ b/build/nandfirm/sdmc-launcher/ARM7/Makefile @@ -38,7 +38,8 @@ CRT0_O = crt0_firm.o include $(TWLIPL_ROOT)/build/buildtools/commondefs -LLIBRARIES = libaes_sp$(TWL_LIBSUFFIX).a +LLIBRARIES = libaes_sp$(TWL_LIBSUFFIX).a +MAKELCF_FLAGS += -DADDRESS_LTDWRAM='0x037c0000' #---------------------------------------------------------------------------- diff --git a/build/nandfirm/sdmc-launcher/ARM7/main.c b/build/nandfirm/sdmc-launcher/ARM7/main.c index a61c8fe1..70e7f138 100644 --- a/build/nandfirm/sdmc-launcher/ARM7/main.c +++ b/build/nandfirm/sdmc-launcher/ARM7/main.c @@ -32,8 +32,6 @@ static u8 fatfsHeap[FATFS_HEAP_SIZE] __attribute__ ((aligned (32))); -static SDPortContextData nandContext; // 一時待避用 (次に渡すならSHAREDのどこかのアドレスにする) - #ifndef SDK_FINALROM static u8 step = 0x80; #endif @@ -55,7 +53,7 @@ u32 pf_cnt = 0; /*************************************************************** PreInit - FromBootの対応をまとめる&メインメモリの初期化 + FromBootの対応&メインメモリの初期化 OS_Init前なので注意 (ARM9によるメインメモリ初期化で消されないように注意) ***************************************************************/ static void PreInit(void) @@ -63,11 +61,10 @@ static void PreInit(void) /* FromBrom関連 */ - - // NANDパラメータの待避 - nandContext = OSi_GetFromBromAddr()->SDNandContext; - - MIi_CpuClearFast( 0, (void*)OSi_GetFromBromAddr(), sizeof(OSFromBromBuf) ); + if ( !OSi_FromBromToMenu() ) + { + OS_Terminate(); + } } /*************************************************************** @@ -138,7 +135,7 @@ void TwlSpMain( void ) OS_SetDebugLED(++step); PRODUCTION_CHECK(); - if ( FATFS_InitFIRM( &nandContext ) ) + if ( FATFS_InitFIRM( NULL ) ) { #ifndef SDK_FINALROM // 3: after FATFS diff --git a/build/nandfirm/sdmc-launcher/ARM9/main.c b/build/nandfirm/sdmc-launcher/ARM9/main.c index a6d3631c..b38d29af 100644 --- a/build/nandfirm/sdmc-launcher/ARM9/main.c +++ b/build/nandfirm/sdmc-launcher/ARM9/main.c @@ -47,29 +47,23 @@ u32 pf_cnt = 0; /*************************************************************** PreInit - FromBootの対応をまとめる&メインメモリの初期化 - OS_Init前なので注意 - MI_LoadHeader前にかなり(数100msec)時間があるので、可能なら - OS_Init後にいろいろ処理したい! + FromBootの対応&OS_Init前に必要なメインメモリの初期化 ***************************************************************/ static void PreInit(void) { /* メインメモリ関連 */ - - // SHARED領域クリア (IS-TWL-DEBUGGERの更新待ち) -#ifdef SDK_FINALROM - //MIi_CpuClearFast( 0, (void*)HW_MAIN_MEM_SHARED, HW_MAIN_MEM_SHARED_END-HW_MAIN_MEM_SHARED ); -#endif // SHARED領域クリア (ここだけでOK?) MIi_CpuClearFast( 0, (void*)HW_PXI_SIGNAL_PARAM_ARM9, HW_MAIN_MEM_SHARED_END-HW_PXI_SIGNAL_PARAM_ARM9); /* FromBrom関連 */ - - MIi_CpuClearFast( 0, (void*)OSi_GetFromBromAddr(), sizeof(OSFromBromBuf) ); + if ( !OSi_FromBromToMenu() ) + { + OS_Terminate(); + } } /*************************************************************** @@ -79,13 +73,17 @@ static void PreInit(void) OS_Init後にいろいろ処理したい! メインメモリの初期化 ***************************************************************/ +extern u32 SDK_SECTION_ARENA_DTCM_START; static void PostInit(void) { /* - メインメモリ関連 (ARM9用の領域を全クリア) + メインメモリ関連 */ + // (DTCMの手前までの領域を全クリア) + //MI_CpuClearFast( (void*)HW_DELIVER_ARG_BUF_END, SDK_SECTION_ARENA_DTCM_START-HW_DELIVER_ARG_BUF_END ); + // (ARM9領域を全クリア) + MI_CpuClearFast( (void*)HW_DELIVER_ARG_BUF_END, HW_MAIN_MEM_MAIN_END-HW_DELIVER_ARG_BUF_END ); - MIi_CpuClearFast( 0, (void*)HW_DELIVER_ARG_BUF_END, HW_TWL_MAIN_MEM_MAIN_SIZE-HW_DELIVER_ARG_BUF_SIZE ); DC_FlushAll(); } diff --git a/build/tools/makegcdfirm/out_gcdfirm.c b/build/tools/makegcdfirm/out_gcdfirm.c index 44ee62ae..959c2616 100644 --- a/build/tools/makegcdfirm/out_gcdfirm.c +++ b/build/tools/makegcdfirm/out_gcdfirm.c @@ -937,7 +937,7 @@ static BOOL InitializeGcdfirmFile(void) { ReadRomHeaderFile( GetSrcPath(GetAppBaseName(), DEFAULT_ROMHEADER_TEMPLATE) ); - memset(&signedContext.hash[FIRM_SIGNED_HASH_IDX_HASH_TABLE], 0xff, sizeof(signedContext.hash[0])); + memset(&signedContext.hash[FIRM_SIGNED_HASH_IDX_HASH_TABLE], 0x00, sizeof(signedContext.hash[0])); gcdHeader.h.w = wram_regs_init; InitializeAesKey(); return TRUE; diff --git a/build/tools/makenandfirm/out_nandfirm.c b/build/tools/makenandfirm/out_nandfirm.c index ad1e69a7..cdc1d44d 100644 --- a/build/tools/makenandfirm/out_nandfirm.c +++ b/build/tools/makenandfirm/out_nandfirm.c @@ -909,7 +909,7 @@ static BOOL InitializeAesKey(void) static BOOL InitializeNandfirmFile(void) { - memset(&signedContext.hash[FIRM_SIGNED_HASH_IDX_HASH_TABLE], 0xff, sizeof(signedContext.hash[0])); + memset(&signedContext.hash[FIRM_SIGNED_HASH_IDX_HASH_TABLE], 0x00, sizeof(signedContext.hash[0])); nandHeader.o.h.w = wram_regs_init; nandHeader.m.h.w = wram_regs_init; InitializeAesKey(); diff --git a/build/tools/makenorfirm/out_norfirm.c b/build/tools/makenorfirm/out_norfirm.c index d2416e01..ea84713d 100644 --- a/build/tools/makenorfirm/out_norfirm.c +++ b/build/tools/makenorfirm/out_norfirm.c @@ -934,7 +934,7 @@ static BOOL InitializeAesKey(void) static BOOL InitializeNorfirmFile(void) { memset(norHeader.wl_params, 0xff, sizeof(norHeader.wl_params)); - memset(&signedContext.hash[FIRM_SIGNED_HASH_IDX_HASH_TABLE], 0xff, sizeof(signedContext.hash[0])); + memset(&signedContext.hash[FIRM_SIGNED_HASH_IDX_HASH_TABLE], 0x00, sizeof(signedContext.hash[0])); norHeader.l.boot_nandfirm = TRUE; InitializeAesKey(); return TRUE; diff --git a/include/firm/format/from_brom.h b/include/firm/format/from_brom.h index cad8390f..0a0341db 100644 --- a/include/firm/format/from_brom.h +++ b/include/firm/format/from_brom.h @@ -44,7 +44,13 @@ typedef struct SDportContextData } SDPortContextData; - +/* + hash_table_hashは、ファームヘッダの署名の中に埋められた値(現状0xffで埋められている) + ファームブート後に追加データをメインメモリにロードする必要に駆られた場合、 + そのハッシュ値をmakenandfirm等で埋め込むようにすることで保護できる。 + (Static部分に埋めても大差ないと思われるが・・・) + 未使用の場合(現状)、0xffで埋められていることを確認すべき +*/ typedef struct { union diff --git a/include/firm/format/from_firm.h b/include/firm/format/from_firm.h new file mode 100644 index 00000000..d1bdd351 --- /dev/null +++ b/include/firm/format/from_firm.h @@ -0,0 +1,69 @@ +/*---------------------------------------------------------------------------* + Project: TwlFirm - format - from_firm + File: from_firm.h + + Copyright 2007 Nintendo. All rights reserved. + + These coded instructions, statements, and computer programs contain + proprietary information of Nintendo of America Inc. and/or Nintendo + Company Ltd., and are protected by Federal copyright law. They may + not be disclosed to third parties or copied or duplicated in any form, + in whole or in part, without the prior written consent of Nintendo. + + $Date:: 2007-09-06$ + $Rev$ + $Author$ + *---------------------------------------------------------------------------*/ +#ifndef FIRM_FORMAT_FROM_FIRM_H_ +#define FIRM_FORMAT_FROM_FIRM_H_ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef SDK_ARM9 +#define RSA_PUBKEY_NUM_FROM_FIRM 8 +#define AESKEY_NUM_FROM_FIRM 8 +#else // SDK_ARM7 +#define RSA_PUBKEY_NUM_FROM_FIRM 4 +#define AESKEY_NUM_FROM_FIRM 4 +#endif // SDK_ARM7 + +typedef struct +{ + u8 rsa_pubkey[RSA_PUBKEY_NUM_FROM_FIRM][ACS_PUBKEY_LEN]; // 1KB + u8 aes_key[AESKEY_NUM_FROM_FIRM][ACS_AES_LEN]; // 128B + u8 reserved[ACS_HASH_LEN]; // 20B + + BLOWFISH_CTX ds_blowfish; // 4KB + α + BLOWFISH_CTX twl_blowfish; // 4KB + α +} +OSFromFirm9Buf; + +typedef struct +{ + u8 rsa_pubkey[RSA_PUBKEY_NUM_FROM_FIRM][ACS_PUBKEY_LEN]; // 512B + u8 aes_key[AESKEY_NUM_FROM_FIRM][ACS_AES_LEN]; // 64B + u8 reserved[ACS_HASH_LEN]; // 20B + + BLOWFISH_CTX twl_blowfish[2]; // (4KB + α) * 2 + + SDPortContextData SDNandContext; +} +OSFromFirm7Buf; + +#ifdef SDK_ARM9 +typedef OSFromFirm9Buf OSFromFirmBuf; +#else // SDK_ARM7 +typedef OSFromFirm7Buf OSFromFirmBuf; +#endif // SDK_ARM7 + + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif // FIRM_FORMAT_FROM_FIRM_H_ diff --git a/include/firm/hw/ARM7/mmap_firm.h b/include/firm/hw/ARM7/mmap_firm.h index b34e1b84..dbd15349 100644 --- a/include/firm/hw/ARM7/mmap_firm.h +++ b/include/firm/hw/ARM7/mmap_firm.h @@ -41,6 +41,11 @@ extern "C" { #define HW_FIRM_FROM_BROM_BUF_END (HW_WRAM_AREA_END - 0x1000) // END - 4KB #define HW_FIRM_FROM_BROM_BUF_SIZE 0x3000 // 12KB +//------------------------------------- HW_FIRM_FROM_FIRM_BUF +#define HW_FIRM_FROM_FIRM_BUF (HW_FIRM_FROM_FIRM_BUF_END - HW_FIRM_FROM_FIRM_BUF_SIZE) +#define HW_FIRM_FROM_FIRM_BUF_END (HW_WRAM_AREA_END - 0x1000) // END - 4KB +#define HW_FIRM_FROM_FIRM_BUF_SIZE 0x2C00 // 11KB + //------------------------------------- HW_FIRM_APP_BUF #define HW_FIRM_APP_BUF (HW_MAIN_MEM_HI_EX_END - HW_FIRM_APP_BUF_SIZE) #define HW_FIRM_APP_BUF_END (HW_FIRM_APP_BUF + HW_FIRM_APP_BUF_SIZE) diff --git a/include/firm/hw/ARM9/mmap_firm.h b/include/firm/hw/ARM9/mmap_firm.h index 3eb2920f..49b22621 100644 --- a/include/firm/hw/ARM9/mmap_firm.h +++ b/include/firm/hw/ARM9/mmap_firm.h @@ -31,6 +31,11 @@ extern "C" { #define HW_FIRM_FROM_BROM_BUF_END (HW_ITCM_END - 0x1000) // END - 4KB #define HW_FIRM_FROM_BROM_BUF_SIZE 0x3000 // 12KB +//------------------------------------- HW_FIRM_FROM_FIRM_BUF +#define HW_FIRM_FROM_FIRM_BUF (HW_FIRM_FROM_FIRM_BUF_END - HW_FIRM_FROM_FIRM_BUF_SIZE) +#define HW_FIRM_FROM_FIRM_BUF_END (HW_ITCM_END - 0x1000) // END - 4KB +#define HW_FIRM_FROM_FIRM_BUF_SIZE 0x2C00 // 11KB + //------------------------------------- HW_FIRM_APP_BUF #define HW_FIRM_APP_BUF (HW_MAIN_MEM_HI_EX_END - HW_FIRM_APP_BUF_SIZE) #define HW_FIRM_APP_BUF_END (HW_FIRM_APP_BUF + HW_FIRM_APP_BUF_SIZE) diff --git a/include/firm/os/common/boot.h b/include/firm/os/common/boot.h index 5dee25ff..9fbcf857 100644 --- a/include/firm/os/common/boot.h +++ b/include/firm/os/common/boot.h @@ -19,6 +19,7 @@ #include #include +#include #include #include @@ -63,6 +64,17 @@ void OSi_Finalize(void); *---------------------------------------------------------------------------*/ void OSi_ClearWorkArea( void ); +/*---------------------------------------------------------------------------* + Name: OSi_FromBromToMenu + + Description: convert OSFromBromBuf to OSFromFirmBuf + + Arguments: None + + Returns: FALSE if FromBrom is broken + *---------------------------------------------------------------------------*/ +BOOL OSi_FromBromToMenu( void ); + /*---------------------------------------------------------------------------* Name: OSi_GetFromBromAddr @@ -77,6 +89,19 @@ static inline OSFromBromBuf* OSi_GetFromBromAddr( void ) return (OSFromBromBuf*)HW_FIRM_FROM_BROM_BUF; } +/*---------------------------------------------------------------------------* + Name: OSi_GetFromFirmAddr + + Description: data address from firm to menu + + Arguments: None + + Returns: address + *---------------------------------------------------------------------------*/ +static inline OSFromFirmBuf* OSi_GetFromFirmAddr( void ) +{ + return (OSFromFirmBuf*)HW_FIRM_FROM_FIRM_BUF; +} #ifdef __cplusplus } /* extern "C" */ diff --git a/include/firm/specfiles/ARM7-TS-FIRM.lcf.template b/include/firm/specfiles/ARM7-TS-FIRM.lcf.template index b564f8cd..b8222aa1 100644 --- a/include/firm/specfiles/ARM7-TS-FIRM.lcf.template +++ b/include/firm/specfiles/ARM7-TS-FIRM.lcf.template @@ -1,6 +1,6 @@ #--------------------------------------------------------------------------- # Project: TwlSDK - include -# File: ARM7-BB.lcf.template +# File: ARM7-TS-FIRM.lcf.template # # Copyright 2007 Nintendo. All rights reserved. # diff --git a/include/firm/specfiles/ARM7-TS-FIRM.lsf b/include/firm/specfiles/ARM7-TS-FIRM.lsf index 4d038ea9..e6ad76e7 100644 --- a/include/firm/specfiles/ARM7-TS-FIRM.lsf +++ b/include/firm/specfiles/ARM7-TS-FIRM.lsf @@ -1,6 +1,6 @@ #---------------------------------------------------------------------------- # Project: TwlFirm - include -# File: ARM7-TS-NORFIRM.lsf +# File: ARM7-TS-FIRM.lsf # # Copyright 2007 Nintendo. All rights reserved. # @@ -29,3 +29,14 @@ Static $(TARGET_NAME) Object * (.ltdmain) StackSize 1024 1024 } + +#Autoload WRAM +#{ +# Address $(ADDRESS_LTDWRAM) +#} + +#Ltdautoload LTDMAIN +#{ +## Address 0x02f88000 +# Address 0x02380000 +#}