nyx: Add simple CAL0 info

This commit is contained in:
CTCaer 2020-06-15 15:03:14 +03:00
parent 0738c96867
commit f689bb253e
5 changed files with 218 additions and 5 deletions

View File

@ -62,6 +62,7 @@ typedef int bool;
#define EXTRA_CFG_PAYLOAD (1 << 1)
#define EXTRA_CFG_MODULE (1 << 2)
#define EXTRA_CFG_NYX_BIS (1 << 4)
#define EXTRA_CFG_NYX_UMS (1 << 5)
#define EXTRA_CFG_NYX_RELOAD (1 << 6)
#define EXTRA_CFG_NYX_DUMP (1 << 7)

View File

@ -23,6 +23,7 @@
typedef enum
{
NYX_CFG_BIS = (1 << 5),
NYX_CFG_UMS = (1 << 6),
NYX_CFG_DUMP = (1 << 7),
} nyx_cfg_t;

View File

@ -705,6 +705,11 @@ void nyx_load_run()
b_cfg.extra_cfg &= ~(EXTRA_CFG_NYX_DUMP);
nyx_str->cfg |= NYX_CFG_DUMP;
}
if (b_cfg.extra_cfg & EXTRA_CFG_NYX_BIS)
{
b_cfg.extra_cfg &= ~(EXTRA_CFG_NYX_BIS);
nyx_str->cfg |= NYX_CFG_BIS;
}
if (b_cfg.extra_cfg & EXTRA_CFG_NYX_UMS)
{
b_cfg.extra_cfg &= ~(EXTRA_CFG_NYX_UMS);
@ -763,7 +768,7 @@ static ini_sec_t *get_ini_sec_from_id(ini_sec_t *ini_sec, char **bootlogoCustomE
static void _auto_launch_firmware()
{
if(b_cfg.extra_cfg & EXTRA_CFG_NYX_DUMP)
if(b_cfg.extra_cfg & (EXTRA_CFG_NYX_DUMP | EXTRA_CFG_NYX_BIS))
{
if (!h_cfg.sept_run)
EMC(EMC_SCRATCH0) |= EMC_HEKA_UPD;

View File

@ -2185,6 +2185,12 @@ static void _nyx_main_menu(lv_theme_t * th)
lv_task_t *task_run_dump = lv_task_create(sept_run_dump, LV_TASK_ONESHOT, LV_TASK_PRIO_MID, NULL);
lv_task_once(task_run_dump);
}
else if (nyx_str->cfg & NYX_CFG_BIS)
{
nyx_str->cfg &= ~(NYX_CFG_BIS);
lv_task_t *task_run_cal0 = lv_task_create(sept_run_cal0, LV_TASK_ONESHOT, LV_TASK_PRIO_LOWEST, NULL);
lv_task_once(task_run_cal0);
}
else if (nyx_str->cfg & NYX_CFG_UMS)
{
nyx_str->cfg &= ~(NYX_CFG_UMS);

View File

@ -18,8 +18,10 @@
#include "gui.h"
#include <gfx/di.h>
#include "../config.h"
#include "../hos/hos.h"
#include "../hos/pkg1.h"
#include "../hos/sept.h"
#include <libs/fatfs/ff.h>
#include <input/touch.h>
#include <mem/emc.h>
@ -28,6 +30,7 @@
#include <mem/smmu.h>
#include <power/bq24193.h>
#include <power/max17050.h>
#include <sec/se.h>
#include <sec/tsec.h>
#include <soc/fuse.h>
#include <soc/kfuse.h>
@ -43,10 +46,14 @@
#define SECTORS_TO_MIB_COEFF 11
extern hekate_config h_cfg;
extern volatile boot_cfg_t *b_cfg;
extern volatile nyx_storage_t *nyx_str;
extern void emmcsn_path_impl(char *path, char *sub_dir, char *filename, sdmmc_storage_t *storage);
static u8 *cal0_buf = NULL;
static lv_res_t _create_window_dump_done(int error, char *dump_filenames)
{
lv_obj_t *dark_bg = lv_obj_create(lv_scr_act(), NULL);
@ -217,10 +224,197 @@ static lv_res_t _tsec_keys_dump_window_action(lv_obj_t * btn)
return LV_RES_OK;
}
static lv_res_t _create_mbox_cal0(lv_obj_t *btn)
{
lv_obj_t *dark_bg = lv_obj_create(lv_scr_act(), NULL);
lv_obj_set_style(dark_bg, &mbox_darken);
lv_obj_set_size(dark_bg, LV_HOR_RES, LV_VER_RES);
static const char * mbox_btn_map[] = { "\211", "\222OK", "\211", "" };
lv_obj_t * mbox = lv_mbox_create(dark_bg, NULL);
lv_mbox_set_recolor_text(mbox, true);
lv_obj_set_width(mbox, LV_HOR_RES / 9 * 5);
lv_mbox_set_text(mbox, "#C7EA46 CAL0 Info#");
char *txt_buf = (char *)malloc(0x4000);
lv_obj_t * lb_desc = lv_label_create(mbox, NULL);
lv_label_set_long_mode(lb_desc, LV_LABEL_LONG_BREAK);
lv_label_set_recolor(lb_desc, true);
lv_label_set_style(lb_desc, &monospace_text);
lv_obj_set_width(lb_desc, LV_HOR_RES / 9 * 3);
// Read package1.
char *build_date = malloc(32);
u8 *pkg1 = (u8 *)malloc(0x40000);
sdmmc_storage_init_mmc(&emmc_storage, &emmc_sdmmc, SDMMC_BUS_WIDTH_8, SDHCI_TIMING_MMC_HS400);
sdmmc_storage_set_mmc_partition(&emmc_storage, EMMC_BOOT0);
sdmmc_storage_read(&emmc_storage, 0x100000 / NX_EMMC_BLOCKSIZE, 0x40000 / NX_EMMC_BLOCKSIZE, pkg1);
const pkg1_id_t *pkg1_id = pkg1_identify(pkg1, build_date);
s_printf(txt_buf, "#00DDFF Found pkg1 ('%s')#\n", build_date);
free(build_date);
sd_mount();
if (!pkg1_id)
{
s_printf(txt_buf + strlen(txt_buf), "#FFDD00 Unknown pkg1 version for reading#\n#FFDD00 TSEC firmware!#");
lv_label_set_text(lb_desc, txt_buf);
goto out;
}
tsec_ctxt_t tsec_ctxt;
tsec_ctxt.fw = (u8 *)pkg1 + pkg1_id->tsec_off;
tsec_ctxt.pkg1 = pkg1;
tsec_ctxt.pkg11_off = pkg1_id->pkg11_off;
tsec_ctxt.secmon_base = pkg1_id->secmon_base;
// Get keys.
hos_eks_get();
if (pkg1_id->kb >= KB_FIRMWARE_VERSION_700 && !h_cfg.sept_run)
{
u32 key_idx = 0;
if (pkg1_id->kb >= KB_FIRMWARE_VERSION_810)
key_idx = 1;
if (h_cfg.eks && h_cfg.eks->enabled[key_idx] >= pkg1_id->kb)
h_cfg.sept_run = true;
else
{
b_cfg->autoboot = 0;
b_cfg->autoboot_list = 0;
b_cfg->extra_cfg = EXTRA_CFG_NYX_BIS;
if (!reboot_to_sept((u8 *)tsec_ctxt.fw, pkg1_id->kb))
{
lv_label_set_text(lb_desc, "#FFDD00 Failed to run sept#\n");
goto out;
}
}
}
// Read the correct keyblob.
u8 *keyblob = (u8 *)calloc(NX_EMMC_BLOCKSIZE, 1);
sdmmc_storage_read(&emmc_storage, 0x180000 / NX_EMMC_BLOCKSIZE + pkg1_id->kb, 1, keyblob);
// Generate BIS keys
hos_bis_keygen(keyblob, pkg1_id->kb, &tsec_ctxt);
free(keyblob);
if (!cal0_buf)
cal0_buf = malloc(0x10000);
// Read and decrypt CAL0.
sdmmc_storage_set_mmc_partition(&emmc_storage, EMMC_GPP);
LIST_INIT(gpt);
nx_emmc_gpt_parse(&gpt, &emmc_storage);
emmc_part_t *cal0_part = nx_emmc_part_find(&gpt, "PRODINFO"); // check if null
nx_emmc_bis_init(cal0_part);
nx_emmc_bis_read(0, 0x40, cal0_buf);
// Clear BIS keys slots.
hos_bis_keys_clear();
nx_emmc_cal0_t *cal0 = (nx_emmc_cal0_t *)cal0_buf;
// If successful, save BIS keys.
if (memcmp(&cal0->magic, "CAL0", 4))
{
free(cal0_buf);
cal0_buf = NULL;
hos_eks_bis_clear();
lv_label_set_text(lb_desc, "#FFDD00 CAL0 is corrupt or wrong keys!#\n");
goto out;
}
else
hos_eks_bis_save();
u32 hash[8];
se_calc_sha256_oneshot(hash, (u8 *)cal0 + 0x40, cal0->body_size);
s_printf(txt_buf,
"#FF8000 CAL0 Version:# %d\n"
"#FF8000 Update Count:# %d\n"
"#FF8000 Serial Number:# %s\n"
"#FF8000 WLAN MAC:# %02X:%02X:%02X:%02X:%02X:%02X\n"
"#FF8000 Bluetooth MAC:# %02X:%02X:%02X:%02X:%02X:%02X\n"
"#FF8000 Battery LOT:# %s\n"
"#FF8000 LCD Vendor:# ",
cal0->version, cal0->update_cnt, cal0->serial_number,
cal0->wlan_mac[0], cal0->wlan_mac[1], cal0->wlan_mac[2], cal0->wlan_mac[3], cal0->wlan_mac[4], cal0->wlan_mac[5],
cal0->bd_mac[0], cal0->bd_mac[1], cal0->bd_mac[2], cal0->bd_mac[3], cal0->bd_mac[4], cal0->bd_mac[5],
cal0->battery_lot);
u32 display_id = (cal0->lcd_vendor & 0xFF) << 8 | (cal0->lcd_vendor & 0xFF0000) >> 16;
switch (display_id)
{
case PANEL_JDI_LAM062M109A:
s_printf(txt_buf + strlen(txt_buf), "JDI LAM062M109A");
break;
case PANEL_JDI_LPM062M326A:
s_printf(txt_buf + strlen(txt_buf), "JDI LPM062M326A");
break;
case PANEL_INL_P062CCA_AZ1:
s_printf(txt_buf + strlen(txt_buf), "InnoLux P062CCA-AZ1");
break;
case PANEL_AUO_A062TAN01:
s_printf(txt_buf + strlen(txt_buf), "AUO A062TAN01");
break;
case PANEL_INL_P062CCA_AZ2:
s_printf(txt_buf + strlen(txt_buf), "InnoLux P062CCA-AZ2");
break;
case PANEL_AUO_A062TAN02:
s_printf(txt_buf + strlen(txt_buf), "AUO A062TAN02");
break;
default:
switch (cal0->lcd_vendor & 0xFF)
{
case 0:
case PANEL_JDI_XXX062M:
s_printf(txt_buf + strlen(txt_buf), "JDI ");
break;
case (PANEL_INL_P062CCA_AZ1 & 0xFF):
s_printf(txt_buf + strlen(txt_buf), "InnoLux ");
break;
case (PANEL_AUO_A062TAN01 & 0xFF):
s_printf(txt_buf + strlen(txt_buf), "AUO ");
break;
}
s_printf(txt_buf + strlen(txt_buf), "Unknown");
break;
}
bool valid_cal0 = !memcmp(hash, cal0->body_sha256, 0x20);
s_printf(txt_buf + strlen(txt_buf), " (%06X)\n#FF8000 SHA256 Hash Match:# %s", cal0->lcd_vendor, valid_cal0 ? "Pass" : "Failed");
lv_label_set_text(lb_desc, txt_buf);
out:
free(pkg1);
free(txt_buf);
sd_unmount();
sdmmc_storage_end(&emmc_storage);
lv_mbox_add_btns(mbox, mbox_btn_map, mbox_action);
lv_obj_align(mbox, NULL, LV_ALIGN_CENTER, 0, 0);
lv_obj_set_top(mbox, true);
return LV_RES_OK;
}
static lv_res_t _create_window_fuses_info_status(lv_obj_t *btn)
{
lv_obj_t *win = nyx_create_standard_window(SYMBOL_CHIP" HW & Cached Fuses Info");
lv_win_add_btn(win, NULL, SYMBOL_DOWNLOAD" Dump fuses", _fuse_dump_window_action);
lv_win_add_btn(win, NULL, SYMBOL_INFO" CAL0 Info", _create_mbox_cal0);
lv_obj_t *desc = lv_cont_create(win, NULL);
lv_obj_set_size(desc, LV_HOR_RES / 2 / 5 * 2, LV_VER_RES - (LV_DPI * 11 / 7) - 5);
@ -511,9 +705,17 @@ static lv_res_t _create_window_fuses_info_status(lv_obj_t *btn)
lv_obj_set_width(lb_desc2, lv_obj_get_width(desc2));
lv_obj_align(desc2, val, LV_ALIGN_OUT_RIGHT_MID, LV_DPI / 2, 0);
if (!btn)
_create_mbox_cal0(NULL);
return LV_RES_OK;
}
void sept_run_cal0(void *param)
{
_create_window_fuses_info_status(NULL);
}
static char *ipatches_txt;
static void _ipatch_process(u32 offset, u32 value)
{
@ -566,8 +768,6 @@ static lv_res_t _create_window_tsec_keys_status(lv_obj_t *btn)
u32 retries = 0;
tsec_ctxt_t tsec_ctxt;
sdmmc_storage_t storage;
sdmmc_t sdmmc;
lv_obj_t *win = nyx_create_standard_window(SYMBOL_CHIP" TSEC Keys");