From b966345b255c0fd76031e4e4766c9ea8dcdc1354 Mon Sep 17 00:00:00 2001
From: Michael Scire <SciresM@gmail.com>
Date: Fri, 12 Jun 2020 12:09:49 -0700
Subject: [PATCH] exo2: correct pkg2 encryption key load

---
 .../program/source/boot/secmon_package2.cpp   | 26 +++++++++++++++----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/exosphere/program/source/boot/secmon_package2.cpp b/exosphere/program/source/boot/secmon_package2.cpp
index 32e8e8a7c..648d615fd 100644
--- a/exosphere/program/source/boot/secmon_package2.cpp
+++ b/exosphere/program/source/boot/secmon_package2.cpp
@@ -37,6 +37,25 @@ namespace ams::secmon::boot {
         return VerifySignature(header.signature, sizeof(header.signature), mod, mod_size, std::addressof(header.meta), sizeof(header.meta));
     }
 
+    int PrepareMasterKey(int key_generation) {
+        if (key_generation == GetKeyGeneration()) {
+            return pkg1::AesKeySlot_Master;
+        }
+
+        constexpr int Slot = pkg1::AesKeySlot_Temporary;
+        LoadMasterKey(Slot, key_generation);
+
+        return Slot;
+    }
+
+    void PreparePackage2Key(int pkg2_slot, int key_generation, const void *key, size_t key_size) {
+        /* Get keyslot for the desired master key. */
+        const int master_slot = PrepareMasterKey(key_generation);
+
+        /* Load the package2 key into the desired keyslot. */
+        se::SetEncryptedAesKey128(pkg2_slot, master_slot, key, key_size);
+    }
+
     void DecryptPackage2(void *dst, size_t dst_size, const void *src, size_t src_size, const void *key, size_t key_size, const void *iv, size_t iv_size, u8 key_generation) {
         /* Ensure that the SE sees consistent data. */
         hw::FlushDataCache(key, key_size);
@@ -44,14 +63,11 @@ namespace ams::secmon::boot {
         hw::FlushDataCache(dst, dst_size);
         hw::DataSynchronizationBarrierInnerShareable();
 
-        /* Load the needed master key into the temporary keyslot. */
-        secmon::LoadMasterKey(pkg1::AesKeySlot_Temporary, key_generation);
-
         /* Load the package2 key into the temporary keyslot. */
-        se::SetEncryptedAesKey128(pkg1::AesKeySlot_Temporary, pkg1::AesKeySlot_Temporary, key, key_size);
+        PreparePackage2Key(pkg1::AesKeySlot_Temporary, key_generation, key, key_size);
 
         /* Decrypt the data. */
-        se::ComputeAes128Ctr(dst, dst_size, pkg1::AesKeySlot_Temporary,  src, src_size, iv, iv_size);
+        se::ComputeAes128Ctr(dst, dst_size, pkg1::AesKeySlot_Temporary, src, src_size, iv, iv_size);
 
         /* Clear the keyslot we just used. */
         se::ClearAesKeySlot(pkg1::AesKeySlot_Temporary);