証明書とROMヘッダの署名確認、Static領域のハッシュ確認の実装

メインメモリのサイズ判定をコメントアウト (使うなら戻す)
新しいヘッダファイルに対応 (妥当かどうかのチェックはしていない)

git-svn-id: file:///Users/lillianskinner/Downloads/platinum/twl/TwlIPL/trunk@38 b08762b0-b915-fc4b-9d8c-17b2551a87ff

build/libraries/fatfs/ARM7/src/fatfs_loader.c

@@ -43,7 +43,7 @@ BOOL FATFS_OpenRecentMenu( int driveno )
     {
         return FALSE;
     }
-    menufile[0] = (char)('A' + driveno);
+    menufile[0] += (char)driveno;
     menu_fd = po_open((u8*)menufile, PO_BINARY, 0);
     if (menu_fd < 0)
     {
@@ -72,7 +72,7 @@ BOOL FATFS_OpenSpecifiedMenu( const char* menufile )
 }
 
 #define HEADER_SIZE 0x1000
-#define AUTH_SIZE   0xe00
+#define AUTH_SIZE   ROM_HEADER_SIGN_TARGET_SIZE
 
 #define SLOT_SIZE   0x8000
 
@@ -198,12 +198,38 @@ BOOL FATFS_LoadHeader( void )
 static AESCounter* FATFSi_GetCounter( u32 offset )
 {
     static AESCounter counter;
-    MI_CpuCopy8(rh->s.main_static_digest, &counter, 12);
+    MI_CpuCopy8( rh->s.main_static_digest, &counter, 12 );
     counter.words[3] = 0;
-    AESi_AddCounter(&counter, offset - offsetof(ROM_Header, s.main_ltd_rom_offset));
+    AESi_AddCounter( &counter, offset - offsetof(ROM_Header, s.aes_target_rom_offset) );
     return &counter;
 }
 
+/*---------------------------------------------------------------------------*
+  Name:         FATFSi_SetupAES
+
+  Description:  setup whiere to use AES
+
+  Arguments:    offset  offset of region from head of ROM_Header
+                size    size of region
+
+  Returns:      counter
+ *---------------------------------------------------------------------------*/
+static void FATFSi_SetupAES( u32 offset, u32 size )
+{
+    if ( !rh->s.enable_aes )
+    {
+        FATFS_DisableAES();
+    }
+    else if ( offset >= rh->s.aes_target_rom_offset &&
+            offset + size <= rh->s.aes_target_rom_offset + rh->s.aes_target_size )
+    {
+        AESi_WaitKey();
+        //AESi_LoadKey( AES_KEY_SLOT_A );
+        AESi_LoadKey( AES_KEY_SLOT_C );
+        FATFS_EnableAES( FATFSi_GetCounter( rh->s.main_ltd_rom_offset ) );
+    }
+}
+
 
 /*---------------------------------------------------------------------------*
   Name:         FATFS_LoadMenu
@@ -226,7 +252,7 @@ BOOL FATFS_LoadMenu( void )
         profile[pf_cnt++] = (u32)PROFILE_PXI_SEND | FIRM_PXI_ID_LOAD_ARM9_STATIC;   // checkpoint
 #endif
         PXI_NotifyID( FIRM_PXI_ID_LOAD_ARM9_STATIC );
-        FATFS_DisableAES();
+        FATFSi_SetupAES( rh->s.main_rom_offset, rh->s.main_size );
         if ( !FATFS_LoadBuffer( rh->s.main_rom_offset, rh->s.main_size ) ||
              PXI_RecvID() != FIRM_PXI_ID_AUTH_ARM9_STATIC )
         {
@@ -248,7 +274,7 @@ BOOL FATFS_LoadMenu( void )
         profile[pf_cnt++] = (u32)PROFILE_PXI_SEND | FIRM_PXI_ID_LOAD_ARM7_STATIC;   // checkpoint
 #endif
         PXI_NotifyID( FIRM_PXI_ID_LOAD_ARM7_STATIC );
-        FATFS_DisableAES();
+        FATFSi_SetupAES( rh->s.sub_rom_offset, rh->s.sub_size );
         if ( !FATFS_LoadBuffer( rh->s.sub_rom_offset, rh->s.sub_size ) ||
              PXI_RecvID() != FIRM_PXI_ID_AUTH_ARM7_STATIC )
         {
@@ -270,16 +296,7 @@ BOOL FATFS_LoadMenu( void )
         profile[pf_cnt++] = (u32)PROFILE_PXI_SEND | FIRM_PXI_ID_LOAD_ARM9_LTD_STATIC;    // checkpoint
 #endif
         PXI_NotifyID( FIRM_PXI_ID_LOAD_ARM9_LTD_STATIC );
-        if ( !rh->s.enable_aes )
-        {
-            FATFS_DisableAES();
-        }
-        else
-        {
-            AESi_WaitKey();
-            AESi_LoadKey( AES_KEY_SLOT_A );
-            FATFS_EnableAES( FATFSi_GetCounter( rh->s.main_ltd_rom_offset ) );
-        }
+        FATFSi_SetupAES( rh->s.main_ltd_rom_offset, rh->s.main_ltd_size );
         if ( !FATFS_LoadBuffer( rh->s.main_ltd_rom_offset, rh->s.main_ltd_size ) ||
              PXI_RecvID() != FIRM_PXI_ID_AUTH_ARM9_LTD_STATIC )
         {
@@ -301,16 +318,7 @@ BOOL FATFS_LoadMenu( void )
         profile[pf_cnt++] = (u32)PROFILE_PXI_SEND | FIRM_PXI_ID_LOAD_ARM7_LTD_STATIC;    // checkpoint
 #endif
         PXI_NotifyID( FIRM_PXI_ID_LOAD_ARM7_LTD_STATIC );
-        if ( !rh->s.enable_aes )
-        {
-            FATFS_DisableAES();
-        }
-        else
-        {
-            AESi_WaitKey();
-            AESi_LoadKey( AES_KEY_SLOT_A );
-            FATFS_EnableAES( FATFSi_GetCounter( rh->s.sub_ltd_rom_offset ) );
-        }
+        FATFSi_SetupAES( rh->s.sub_ltd_rom_offset, rh->s.sub_ltd_size );
         if ( !FATFS_LoadBuffer( rh->s.sub_ltd_rom_offset, rh->s.sub_ltd_size ) ||
              PXI_RecvID() != FIRM_PXI_ID_AUTH_ARM7_LTD_STATIC )
         {

build/libraries/init/ARM7/crt0_firm.c

@@ -127,7 +127,7 @@ SDK_WEAK_SYMBOL asm void _start( void )
         bcc             @2
 
         //---- detect main memory size
-        bl              detect_main_memory_size
+//        bl              detect_main_memory_size   // shared memory will be cleared
 
         //---- set interrupt vector
         ldr             r1, =HW_INTR_VECTOR_BUF

build/libraries/mi/ARM9/mi_loader.c

@@ -191,7 +191,7 @@ static const u8 s_digestDefaultKey[ DIGEST_HASH_BLOCK_SIZE_SHA1 ] = {
 
 static BOOL CheckRomCertificate( int* pool, const RomCertificate *pCert, const void* pCAPubKey, u32 gameCode )
 {
-    SignatureData sd;
+    u8 digest[DIGEST_SIZE_SHA1];
     u8 md[DIGEST_SIZE_SHA1];
     int i;
     BOOL result = TRUE;
@@ -204,7 +204,7 @@ static BOOL CheckRomCertificate( int* pool, const RomCertificate *pCert, const v
         result = FALSE;
     }
     // 証明書署名チェック
-    SVC_DecryptoSign( pool, &sd, pCert->sign, pCAPubKey );
+    SVC_DecryptoSign( pool, &digest, pCert->sign, pCAPubKey );
 
     // ダイジェストの計算
     SHA1_Calc( md, pCert, ROM_CERT_SIGN_OFFSET );
@@ -212,7 +212,7 @@ static BOOL CheckRomCertificate( int* pool, const RomCertificate *pCert, const v
     // 比較
     for (i = 0; i < DIGEST_SIZE_SHA1; i++)
     {
-        if ( md[i] != sd.digest[i] )
+        if ( md[i] != digest[i] )
         {
             result = FALSE;
         }
@@ -295,9 +295,7 @@ static /*inline*/ BOOL MI_LoadModule(void* dest, u32 size, const u8 digest[DIGES
     {
         if ( md[i] != digest[i] )
         {
-#if 0   /* Footerもダイジェストに入れる必要がある (いらなくしてもらう) */
             result = FALSE;
-#endif
         }
     }
 
@@ -319,9 +317,7 @@ BOOL MI_LoadHeader( int* pool, const void* rsa_key )
     SHA1_CTX ctx;
     u8 md[DIGEST_SIZE_SHA1];
     SignatureData sd;
-#if 0
     int i;
-#endif
     BOOL result = TRUE;
 
     SHA1_Init(&ctx);
@@ -355,8 +351,7 @@ BOOL MI_LoadHeader( int* pool, const void* rsa_key )
     // コンテンツ証明書
     if ( CheckRomCertificate( pool, &rh->certificate, rsa_key, *(u32*)rh->s.game_code ) )
     {
-#if 0   /* 証明書内の公開鍵FORMATをどうするか */
-        rsa_key = rh->certificate.pubKey;   // ヘッダ用の鍵の取り出し
+        rsa_key = rh->certificate.pubKeyMod;   // ヘッダ用の鍵の取り出し
     }
     else
     {
@@ -371,7 +366,6 @@ BOOL MI_LoadHeader( int* pool, const void* rsa_key )
         {
             result = FALSE;
         }
-#endif
     }
 #ifndef SDK_FINALROM
     // 1x: after RSA, before PXI

build/nandfirm/nandfirm-loader/ARM7/main.c

@@ -214,7 +214,7 @@ void TwlSpMain( void )
     // failed
     PXI_NotifyID( FIRM_PXI_ID_NULL );
 
-    OS_SetDebugLED( (u8)(0xF0 | ++step));
+    OS_SetDebugLED( (u8)(0xF0 | step));
 
     OS_Terminate();
 }

build/nandfirm/nandfirm-loader/ARM9/main.c

@@ -60,6 +60,14 @@ u32 pf_cnt = 0;
 
 static void PreInit(void)
 {
+    /*
+     メインメモリ関連
+    */
+
+    // SHARED領域クリア (IS-TWL-DEBUGGERの更新待ち)
+#ifdef SDK_FINALROM
+    MIi_CpuClearFast( 0, (void*)HW_MAIN_MEM_SHARED, HW_MAIN_MEM_SHARED_END-HW_MAIN_MEM_SHARED );
+#endif
 
     /*
         FromBromŠÖ˜A
@@ -70,13 +78,6 @@ static void PreInit(void)
 #endif
 
     MIi_CpuClearFast( 0, (void*)OSi_GetFromBromAddr(), sizeof(OSFromBromBuf) );
-
-    // メインメモリ関連
-
-    // SHARED領域クリア (IS-TWL-DEBUGGERの更新待ち)
-#ifdef SDK_FINALROM
-    MIi_CpuClearFast( 0, (void*)HW_MAIN_MEM_SHARED, HW_MAIN_MEM_SHARED_END-HW_MAIN_MEM_SHARED );
-#endif
 }
 
 void TwlMain( void )