From b82d8aaba9b443694f4f039c0ea09ad96f443fda Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Wed, 19 Jun 2019 00:32:04 -0700 Subject: [PATCH] sept: validate ccplex reset vector --- sept/sept-secondary/src/cluster.c | 14 ++++++ sept/sept-secondary/src/main.c | 9 ++-- sept/sept-secondary/src/panic.c | 71 ++++--------------------------- sept/sept-secondary/src/panic.h | 3 +- 4 files changed, 29 insertions(+), 68 deletions(-) diff --git a/sept/sept-secondary/src/cluster.c b/sept/sept-secondary/src/cluster.c index cb29ec76b..4864ef38d 100644 --- a/sept/sept-secondary/src/cluster.c +++ b/sept/sept-secondary/src/cluster.c @@ -138,6 +138,11 @@ void cluster_boot_cpu0(uint32_t entry) MAKE_EXCP_VEC_REG(0x100) = 0; + /* Check for reset vector lock. */ + if (SB_CSR_0 & 2) { + generic_panic(); + } + /* Set reset vector. */ SB_AA64_RESET_LOW_0 = (entry | 1); SB_AA64_RESET_HIGH_0 = 0; @@ -146,6 +151,15 @@ void cluster_boot_cpu0(uint32_t entry) SB_CSR_0 = 2; (void)SB_CSR_0; + /* Validate reset vector lock + RESET_LOW/HIGH values. */ + if (!(SB_CSR_0 & 2)) { + generic_panic(); + } + + if (SB_AA64_RESET_LOW_0 != (entry | 1) || SB_AA64_RESET_HIGH_0 != 0) { + generic_panic(); + } + /* Set CPU_STRICT_TZ_APERTURE_CHECK. */ /* NOTE: [4.0.0+] This was added, but it breaks Exosphère. */ /* MAKE_MC_REG(MC_TZ_SECURITY_CTRL) = 1; */ diff --git a/sept/sept-secondary/src/main.c b/sept/sept-secondary/src/main.c index b1cb458a4..bc8f773c7 100644 --- a/sept/sept-secondary/src/main.c +++ b/sept/sept-secondary/src/main.c @@ -22,6 +22,7 @@ #include "se.h" #include "pmc.h" #include "emc.h" +#include "sysreg.h" #include "key_derivation.h" #include "timers.h" #include "fs_utils.h" @@ -96,9 +97,6 @@ static void setup_env(void) { /* Initialize hardware. */ nx_hwinit(); - /* Check for panics. */ - check_and_display_panic(); - /* Zero-fill the framebuffer and register it as printk provider. */ video_init(g_framebuffer); @@ -141,6 +139,11 @@ int sept_main(uint32_t version) { uint32_t stage2_version = 0; ScreenLogLevel log_level = SCREEN_LOG_LEVEL_NONE; + /* Validate that we can safely boot the CCPLEX. */ + if (SB_CSR_0 & 2) { + generic_panic(); + } + /* Extract keys from the security engine, which TSEC FW locked down. */ exfiltrate_keys_and_reboot_if_needed(version); diff --git a/sept/sept-secondary/src/panic.c b/sept/sept-secondary/src/panic.c index cbd81bfb2..0884463d2 100644 --- a/sept/sept-secondary/src/panic.c +++ b/sept/sept-secondary/src/panic.c @@ -13,76 +13,17 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ - +#include +#include #include "panic.h" #include "di.h" #include "pmc.h" +#include "se.h" #include "fuse.h" #include "utils.h" static uint32_t g_panic_code = 0; -void check_and_display_panic(void) { - /* We also handle our own panics. */ - /* In the case of our own panics, we assume that the display has already been initialized. */ - bool has_panic = APBDEV_PMC_RST_STATUS_0 != 0 || g_panic_code != 0; - uint32_t code = g_panic_code == 0 ? APBDEV_PMC_SCRATCH200_0 : g_panic_code; - - has_panic = has_panic && !(APBDEV_PMC_RST_STATUS_0 != 1 && code == PANIC_CODE_SAFEMODE); - - if (has_panic) { - uint32_t color; - - /* Check for predefined codes: */ - switch (code & MASK(20)) { - case 0x01: /* Package2 signature verification failed. */ - case 0x02: /* Package2 meta verification failed. */ - case 0x03: /* Package2 version check failed. */ - case 0x04: /* Package2 payload verification failed. */ - color = PANIC_COLOR_KERNEL; - break; - case 0x05: /* Unknown SMC. */ - case 0x06: /* Unknown Abort. */ - color = PANIC_COLOR_SECMON_GENERIC; - break; - case 0x07: /* Invalid CPU context. */ - case 0x08: /* Invalid SE state. */ - case 0x09: /* CPU is already awake (2.0.0+). */ - color = PANIC_COLOR_SECMON_DEEPSLEEP; - break; - case 0x10: /* Unknown exception. */ - color = PANIC_COLOR_SECMON_EXCEPTION; - break; - case 0x30: /* General bootloader error. */ - case 0x31: /* Invalid DRAM ID. */ - case 0x32: /* Invalid size. */ - case 0x33: /* Invalid arguement. */ - case 0x34: /* Bad GPT. */ - case 0x35: /* Failed to boot SafeMode. */ - case 0x36: /* Activity monitor fired (4.0.0+). */ - color = PANIC_COLOR_BOOTLOADER_GENERIC; - break; - case 0x40: /* Kernel panic. */ - color = PANIC_COLOR_KERNEL; - break; - default: - color = code >> 20; - color |= color << 4; - break; - } - - if (g_panic_code == 0) { - display_init(); - } - - display_color_screen(color); - wait_for_button_and_reboot(); - } else { - g_panic_code = 0; - APBDEV_PMC_SCRATCH200_0 = 0; - } -} - __attribute__ ((noreturn)) void panic(uint32_t code) { /* Set panic code. */ if (g_panic_code == 0) { @@ -90,9 +31,13 @@ __attribute__ ((noreturn)) void panic(uint32_t code) { APBDEV_PMC_SCRATCH200_0 = code; } + /* Clear all keyslots. */ + for (size_t i = 0; i < 0x10; i++) { + clear_aes_keyslot(i); + } + fuse_disable_programming(); APBDEV_PMC_CRYPTO_OP_0 = 1; /* Disable all SE operations. */ - check_and_display_panic(); while(true); } diff --git a/sept/sept-secondary/src/panic.h b/sept/sept-secondary/src/panic.h index 848a3fd81..e502a8551 100644 --- a/sept/sept-secondary/src/panic.h +++ b/sept/sept-secondary/src/panic.h @@ -13,7 +13,7 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ - + #ifndef FUSEE_PANIC_H #define FUSEE_PANIC_H @@ -28,7 +28,6 @@ #define PANIC_CODE_SAFEMODE 0x00000020 -void check_and_display_panic(void); __attribute__ ((noreturn)) void panic(uint32_t code); #endif