From 7a273220449e30ded3ef6bf04fceb688b92ca5dd Mon Sep 17 00:00:00 2001 From: hexkyz Date: Sat, 2 Jun 2018 22:32:51 +0100 Subject: [PATCH 1/8] Boot: Fully implemented GPIO and PINMUX handling --- stratosphere/boot/source/boot_main.cpp | 706 ++++++++++++++++++++----- 1 file changed, 575 insertions(+), 131 deletions(-) diff --git a/stratosphere/boot/source/boot_main.cpp b/stratosphere/boot/source/boot_main.cpp index 31af2b83b..5d3368bd3 100644 --- a/stratosphere/boot/source/boot_main.cpp +++ b/stratosphere/boot/source/boot_main.cpp @@ -6,13 +6,16 @@ #include #include +#define CAR_BASE 0x60006000 #define GPIO_BASE 0x6000D000 #define APB_MISC_BASE 0x70000000 #define PINMUX_BASE (APB_MISC_BASE + 0x3000) #define PMC_BASE 0x7000E400 -#define MAX_GPIO 0x3D +#define MAX_GPIO_ICOSA 0x3C +#define MAX_GPIO_COPPER 0x2C +#define MAX_GPIO_MARIKO 0x3A #define MAX_PINMUX 0xA2 -#define MAX_PINMUX_5X 0xAF +#define MAX_PINMUX_MARIKO 0xAF #define MAX_PINMUX_DRIVEPAD 0x2F #define MAX_PMC_CONTROL 0x09 #define MAX_PMC_WAKE_PIN 0x31 @@ -75,100 +78,284 @@ void __appExit(void) { smExit(); } -static const std::tuple g_gpio_map[] = { +typedef enum { + HARDWARETYPE_ICOSA = 0, + HARDWARETYPE_COPPER = 1, + HARDWARETYPE_HOAG = 2, + HARDWARETYPE_MARIKO = 3, + HARDWARETYPE_INVALID = 4 +} HardwareType; + +static const std::tuple g_gpio_map[] = { /* Icosa, Copper, Hoag and Mariko */ - {0xFFFFFFFF, false, false}, /* Invalid */ - {0x000000CC, true, false}, /* Port Z, Pin 4 */ - {0x00000024, true, false}, /* Port E, Pin 4 */ - {0x0000003C, true, false}, /* Port H, Pin 4 */ - {0x000000DA, false, true}, /* Port BB, Pin 2 */ - {0x000000DB, true, false}, /* Port BB, Pin 3 */ - {0x000000DC, false, false}, /* Port BB, Pin 4 */ - {0x00000025, true, false}, /* Port E, Pin 5 */ - {0x00000090, false, false}, /* Port S, Pin 0 */ - {0x00000091, false, false}, /* Port S, Pin 1 */ - {0x00000096, true, false}, /* Port S, Pin 6 */ - {0x00000097, false, true}, /* Port S, Pin 7 */ - {0x00000026, false, false}, /* Port E, Pin 6 */ - {0x00000005, true, false}, /* Port A, Pin 5 */ - {0x00000078, false, false}, /* Port P, Pin 0 */ - {0x00000093, false, true}, /* Port S, Pin 3 */ - {0x0000007D, false, false}, /* Port P, Pin 5 */ - {0x0000007C, false, false}, /* Port P, Pin 4 */ - {0x0000007B, false, false}, /* Port P, Pin 3 */ - {0x0000007A, false, false}, /* Port P, Pin 2 */ - {0x000000BC, false, true}, /* Port X, Pin 4 */ - {0x000000AE, false, false}, /* Port V, Pin 6 */ - {0x000000BA, false, false}, /* Port X, Pin 2 */ - {0x000000B9, false, true}, /* Port X, Pin 1 */ - {0x000000BD, false, false}, /* Port X, Pin 5 */ - {0x000000BE, false, true}, /* Port X, Pin 6 */ - {0x000000BF, false, true}, /* Port X, Pin 7 */ - {0x000000C0, false, true}, /* Port Y, Pin 0 */ - {0x000000C1, false, false}, /* Port Y, Pin 1 */ - {0x000000A9, true, false}, /* Port V, Pin 1 */ - {0x000000AA, true, false}, /* Port V, Pin 2 */ - {0x00000055, true, false}, /* Port K, Pin 5 */ - {0x000000AD, true, false}, /* Port V, Pin 5 */ - {0x000000C8, false, true}, /* Port Z, Pin 0 */ - {0x000000CA, false, false}, /* Port Z, Pin 2 */ - {0x000000CB, false, true}, /* Port Z, Pin 3 */ - {0x0000004F, true, false}, /* Port J, Pin 7 */ - {0x00000050, false, false}, /* Port K, Pin 0 */ - {0x00000051, false, false}, /* Port K, Pin 1 */ - {0x00000052, false, false}, /* Port K, Pin 2 */ - {0x00000054, false, true}, /* Port K, Pin 4 */ - {0x00000056, false, true}, /* Port K, Pin 6 */ - {0x00000057, false, true}, /* Port K, Pin 7 */ - {0x00000053, true, false}, /* Port K, Pin 3 */ - {0x000000E3, true, false}, /* Port CC, Pin 3 */ - {0x00000038, true, false}, /* Port H, Pin 0 */ - {0x00000039, true, false}, /* Port H, Pin 1 */ - {0x0000003B, true, false}, /* Port H, Pin 3 */ - {0x0000003D, false, false}, /* Port H, Pin 5 */ - {0x0000003F, true, false}, /* Port H, Pin 7 */ - {0x00000040, true, false}, /* Port I, Pin 0 */ - {0x00000041, true, false}, /* Port I, Pin 1 */ - {0x0000003E, false, false}, /* Port H, Pin 6 */ - {0x000000E2, false, true}, /* Port CC, Pin 2 */ - {0x000000E4, true, false}, /* Port CC, Pin 4 */ - {0x0000003A, false, false}, /* Port H, Pin 2 */ - {0x000000C9, false, true}, /* Port Z, Pin 1 */ - {0x0000004D, true, false}, /* Port J, Pin 5 */ - {0x00000058, true, false}, /* Port L, Pin 0 */ - {0x0000003E, false, false}, /* Port H, Pin 6 */ - {0x00000026, false, false}, /* Port E, Pin 6 */ + {0xFFFFFFFF, 0xFFFFFFFF}, /* Invalid */ + {0x000000CC, 0xFFFFFFFF}, /* Port Z, Pin 4 */ + {0x00000024, 0xFFFFFFFF}, /* Port E, Pin 4 */ + {0x0000003C, 0xFFFFFFFF}, /* Port H, Pin 4 */ + {0x000000DA, 0xFFFFFFFF}, /* Port BB, Pin 2 */ + {0x000000DB, 0xFFFFFFFF}, /* Port BB, Pin 3 */ + {0x000000DC, 0xFFFFFFFF}, /* Port BB, Pin 4 */ + {0x00000025, 0xFFFFFFFF}, /* Port E, Pin 5 */ + {0x00000090, 0xFFFFFFFF}, /* Port S, Pin 0 */ + {0x00000091, 0xFFFFFFFF}, /* Port S, Pin 1 */ + {0x00000096, 0xFFFFFFFF}, /* Port S, Pin 6 */ + {0x00000097, 0xFFFFFFFF}, /* Port S, Pin 7 */ + {0x00000026, 0x00000004}, /* Port E, Pin 6 */ + {0x00000005, 0xFFFFFFFF}, /* Port A, Pin 5 */ + {0x00000078, 0xFFFFFFFF}, /* Port P, Pin 0 */ + {0x00000093, 0x00000030}, /* Port S, Pin 3 */ + {0x0000007D, 0xFFFFFFFF}, /* Port P, Pin 5 */ + {0x0000007C, 0xFFFFFFFF}, /* Port P, Pin 4 */ + {0x0000007B, 0xFFFFFFFF}, /* Port P, Pin 3 */ + {0x0000007A, 0xFFFFFFFF}, /* Port P, Pin 2 */ + {0x000000BC, 0xFFFFFFFF}, /* Port X, Pin 4 */ + {0x000000AE, 0xFFFFFFFF}, /* Port V, Pin 6 */ + {0x000000BA, 0xFFFFFFFF}, /* Port X, Pin 2 */ + {0x000000B9, 0xFFFFFFFF}, /* Port X, Pin 1 */ + {0x000000BD, 0xFFFFFFFF}, /* Port X, Pin 5 */ + {0x000000BE, 0xFFFFFFFF}, /* Port X, Pin 6 */ + {0x000000BF, 0xFFFFFFFF}, /* Port X, Pin 7 */ + {0x000000C0, 0x0000001B}, /* Port Y, Pin 0 */ + {0x000000C1, 0xFFFFFFFF}, /* Port Y, Pin 1 */ + {0x000000A9, 0xFFFFFFFF}, /* Port V, Pin 1 */ + {0x000000AA, 0xFFFFFFFF}, /* Port V, Pin 2 */ + {0x00000055, 0xFFFFFFFF}, /* Port K, Pin 5 */ + {0x000000AD, 0xFFFFFFFF}, /* Port V, Pin 5 */ + {0x000000C8, 0x00000022}, /* Port Z, Pin 0 */ + {0x000000CA, 0xFFFFFFFF}, /* Port Z, Pin 2 */ + {0x000000CB, 0xFFFFFFFF}, /* Port Z, Pin 3 */ + {0x0000004F, 0xFFFFFFFF}, /* Port J, Pin 7 */ + {0x00000050, 0xFFFFFFFF}, /* Port K, Pin 0 */ + {0x00000051, 0xFFFFFFFF}, /* Port K, Pin 1 */ + {0x00000052, 0xFFFFFFFF}, /* Port K, Pin 2 */ + {0x00000054, 0x0000000E}, /* Port K, Pin 4 */ + {0x00000056, 0xFFFFFFFF}, /* Port K, Pin 6 */ + {0x00000057, 0xFFFFFFFF}, /* Port K, Pin 7 */ + {0x00000053, 0xFFFFFFFF}, /* Port K, Pin 3 */ + {0x000000E3, 0xFFFFFFFF}, /* Port CC, Pin 3 */ + {0x00000038, 0xFFFFFFFF}, /* Port H, Pin 0 */ + {0x00000039, 0xFFFFFFFF}, /* Port H, Pin 1 */ + {0x0000003B, 0xFFFFFFFF}, /* Port H, Pin 3 */ + {0x0000003D, 0x00000034}, /* Port H, Pin 5 */ + {0x0000003F, 0xFFFFFFFF}, /* Port H, Pin 7 */ + {0x00000040, 0xFFFFFFFF}, /* Port I, Pin 0 */ + {0x00000041, 0xFFFFFFFF}, /* Port I, Pin 1 */ + {0x0000003E, 0x0000000A}, /* Port H, Pin 6 */ + {0x000000E2, 0xFFFFFFFF}, /* Port CC, Pin 2 */ + {0x000000E4, 0xFFFFFFFF}, /* Port CC, Pin 4 */ + {0x0000003A, 0x00000008}, /* Port H, Pin 2 */ + {0x000000C9, 0x00000023}, /* Port Z, Pin 1 */ + {0x0000004D, 0xFFFFFFFF}, /* Port J, Pin 5 */ + {0x00000058, 0xFFFFFFFF}, /* Port L, Pin 0 */ + {0x0000003E, 0xFFFFFFFF}, /* Port H, Pin 6 */ + {0x00000026, 0xFFFFFFFF}, /* Port E, Pin 6 */ /* Copper only */ - {0xFFFFFFFF, false, false}, /* Invalid */ - {0x00000033, false, false}, /* Port G, Pin 3 */ - {0x0000001C, false, false}, /* Port D, Pin 4 */ - {0x000000D9, true, false}, /* Port BB, Pin 1 */ - {0x0000000C, false, false}, /* Port B, Pin 4 */ - {0x0000000D, false, false}, /* Port B, Pin 5 */ - {0x00000021, true, false}, /* Port E, Pin 1 */ - {0x00000027, false, false}, /* Port E, Pin 7 */ - {0x00000092, false, false}, /* Port S, Pin 2 */ - {0x00000095, true, false}, /* Port S, Pin 5 */ - {0x00000098, true, false}, /* Port T, Pin 0 */ - {0x00000010, true, false}, /* Port C, Pin 0 */ - {0x00000011, true, false}, /* Port C, Pin 1 */ - {0x00000012, true, false}, /* Port C, Pin 2 */ - {0x00000042, true, false}, /* Port I, Pin 2 */ - {0x000000E6, false, false}, /* Port CC, Pin 6 */ + {0xFFFFFFFF, 0x00000033}, /* Invalid */ + {0x00000033, 0x00000006}, /* Port G, Pin 3 */ + {0x0000001C, 0x00000007}, /* Port D, Pin 4 */ + {0x000000D9, 0xFFFFFFFF}, /* Port BB, Pin 1 */ + {0x0000000C, 0xFFFFFFFF}, /* Port B, Pin 4 */ + {0x0000000D, 0xFFFFFFFF}, /* Port B, Pin 5 */ + {0x00000021, 0xFFFFFFFF}, /* Port E, Pin 1 */ + {0x00000027, 0xFFFFFFFF}, /* Port E, Pin 7 */ + {0x00000092, 0xFFFFFFFF}, /* Port S, Pin 2 */ + {0x00000095, 0xFFFFFFFF}, /* Port S, Pin 5 */ + {0x00000098, 0xFFFFFFFF}, /* Port T, Pin 0 */ + {0x00000010, 0xFFFFFFFF}, /* Port C, Pin 0 */ + {0x00000011, 0xFFFFFFFF}, /* Port C, Pin 1 */ + {0x00000012, 0xFFFFFFFF}, /* Port C, Pin 2 */ + {0x00000042, 0xFFFFFFFF}, /* Port I, Pin 2 */ + {0x000000E6, 0xFFFFFFFF}, /* Port CC, Pin 6 */ /* 2.0.0+ Copper only */ - {0x000000AC, true, false}, /* Port V, Pin 4 */ - {0x000000E1, false, false}, /* Port CC, Pin 1 */ + {0x000000AC, 0xFFFFFFFF}, /* Port V, Pin 4 */ + {0x000000E1, 0xFFFFFFFF}, /* Port CC, Pin 1 */ /* 5.0.0+ Copper only (unused) */ - {0x00000056, false, false}, /* Port K, Pin 6 */ + {0x00000056, 0xFFFFFFFF}, /* Port K, Pin 6 */ +}; + +static const std::tuple g_gpio_config_map_icosa[] = { + {0x04, false, true}, + {0x05, true, false}, + {0x06, false, false}, + {0x02, true, false}, + {0x07, true, false}, + {0x3C, false, false}, + {0x0F, false, true}, + {0x08, false, false}, + {0x09, false, false}, + {0x0A, true, false}, + {0x0B, false, true}, + {0x0D, true, false}, + {0x0E, false, false}, + {0x10, false, false}, + {0x11, false, false}, + {0x12, false, false}, + {0x13, false, false}, + {0x14, false, true}, + {0x16, false, false}, + {0x15, false, false}, + {0x17, false, true}, + {0x18, false, false}, + {0x19, false, true}, + {0x1A, false, true}, + {0x1B, false, true}, + {0x1C, false, false}, + {0x1D, true, false}, + {0x1E, true, false}, + {0x20, true, false}, + {0x21, false, true}, + {0x38, false, true}, + {0x22, false, false}, + {0x23, false, true}, + {0x01, true, false}, + {0x39, true, false}, + {0x24, true, false}, + {0x34, false, false}, + {0x25, false, false}, + {0x26, false, false}, + {0x27, false, false}, + {0x2B, true, false}, + {0x28, false, true}, + {0x1F, true, false}, + {0x29, false, true}, + {0x2A, false, true}, + {0x3A, true, false}, + {0x0C, false, false}, + {0x2D, true, false}, + {0x2E, true, false}, + {0x37, false, false}, + {0x2F, true, false}, + {0x03, true, false}, + {0x30, false, false}, + {0x3B, false, false}, + {0x31, true, false}, + {0x32, true, false}, + {0x33, true, false}, + {0x35, false, true}, + {0x2C, true, false}, + {0x36, true, false}, +}; + +static const std::tuple g_gpio_config_map_copper[] = { + {0x40, true, false}, + {0x05, true, false}, + {0x41, false, true}, + {0x42, false, false}, + {0x43, true, false}, + {0x02, true, false}, + {0x07, true, false}, + {0x44, false, true}, + {0x45, false, true}, + {0x0F, false, true}, + {0x46, true, false}, + {0x47, true, false}, + {0x10, false, false}, + {0x11, false, false}, + {0x12, false, false}, + {0x13, false, false}, + {0x14, false, true}, + {0x18, false, false}, + {0x19, false, true}, + {0x1A, false, true}, + {0x1C, false, true}, + {0x4D, true, false}, + {0x20, true, false}, + {0x38, false, true}, + {0x23, false, true}, + {0x25, false, false}, + {0x26, false, false}, + {0x27, false, false}, + {0x28, false, true}, + {0x29, false, true}, + {0x2A, false, true}, + {0x48, true, false}, + {0x49, true, false}, + {0x4A, true, false}, + {0x2D, true, false}, + {0x2E, true, false}, + {0x37, false, false}, + {0x2F, true, false}, + {0x03, true, false}, + {0x30, false, false}, + {0x31, true, false}, + {0x4B, true, false}, + {0x4C, false, true}, + {0x4E, false, false}, +}; + +static const std::tuple g_gpio_config_map_mariko[] = { + {0x04, false, true}, + {0x05, true, false}, + {0x06, false, false}, + {0x02, true, false}, + {0x3C, false, false}, + {0x0F, false, true}, + {0x08, false, false}, + {0x09, false, false}, + {0x0A, true, false}, + {0x0B, false, false}, + {0x0D, true, false}, + {0x0E, false, false}, + {0x10, false, false}, + {0x11, false, false}, + {0x12, false, false}, + {0x13, false, false}, + {0x14, false, true}, + {0x16, false, false}, + {0x15, false, false}, + {0x17, false, true}, + {0x18, false, false}, + {0x19, false, true}, + {0x1A, false, true}, + {0x1B, false, false}, + {0x1C, false, false}, + {0x1D, true, false}, + {0x1E, true, false}, + {0x20, true, false}, + {0x21, false, false}, + {0x38, false, true}, + {0x22, false, false}, + {0x23, false, true}, + {0x01, true, false}, + {0x39, true, false}, + {0x24, true, false}, + {0x34, false, false}, + {0x25, false, false}, + {0x26, false, false}, + {0x27, false, false}, + {0x2B, true, false}, + {0x28, false, true}, + {0x1F, true, false}, + {0x29, false, true}, + {0x3A, true, false}, + {0x0C, false, false}, + {0x2D, true, false}, + {0x2E, true, false}, + {0x37, false, false}, + {0x2F, true, false}, + {0x03, true, false}, + {0x30, false, false}, + {0x3B, false, false}, + {0x31, true, false}, + {0x32, true, false}, + {0x33, true, false}, + {0x35, false, true}, + {0x2C, true, false}, + {0x36, true, false}, }; static int gpio_configure(u64 gpio_base_vaddr, unsigned int gpio_pad_name) { /* Fetch this GPIO's pad descriptor */ u32 gpio_pad_desc = std::get<0>(g_gpio_map[gpio_pad_name]); + /* Discard invalid GPIOs */ + if (gpio_pad_desc < 0) { + return -1; + } + /* Convert the GPIO pad descriptor into its register offset */ u32 gpio_reg_offset = (((gpio_pad_desc << 0x03) & 0xFFFFFF00) | ((gpio_pad_desc >> 0x01) & 0x0C)); @@ -184,12 +371,14 @@ static int gpio_configure(u64 gpio_base_vaddr, unsigned int gpio_pad_name) { return gpio_cnf_val; } -static int gpio_set_direction(u64 gpio_base_vaddr, unsigned int gpio_pad_name) { +static int gpio_set_direction(u64 gpio_base_vaddr, unsigned int gpio_pad_name, bool is_out) { /* Fetch this GPIO's pad descriptor */ u32 gpio_pad_desc = std::get<0>(g_gpio_map[gpio_pad_name]); - /* Fetch this GPIO's direction */ - bool is_out = std::get<1>(g_gpio_map[gpio_pad_name]); + /* Discard invalid GPIOs */ + if (gpio_pad_desc < 0) { + return -1; + } /* Convert the GPIO pad descriptor into its register offset */ u32 gpio_reg_offset = (((gpio_pad_desc << 0x03) & 0xFFFFFF00) | ((gpio_pad_desc >> 0x01) & 0x0C)); @@ -206,12 +395,14 @@ static int gpio_set_direction(u64 gpio_base_vaddr, unsigned int gpio_pad_name) { return gpio_oe_val; } -static int gpio_set_value(u64 gpio_base_vaddr, unsigned int gpio_pad_name) { +static int gpio_set_value(u64 gpio_base_vaddr, unsigned int gpio_pad_name, bool is_high) { /* Fetch this GPIO's pad descriptor */ u32 gpio_pad_desc = std::get<0>(g_gpio_map[gpio_pad_name]); - /* Fetch this GPIO's output value */ - bool is_high = std::get<2>(g_gpio_map[gpio_pad_name]); + /* Discard invalid GPIOs */ + if (gpio_pad_desc < 0) { + return -1; + } /* Convert the GPIO pad descriptor into its register offset */ u32 gpio_reg_offset = (((gpio_pad_desc << 0x03) & 0xFFFFFF00) | ((gpio_pad_desc >> 0x01) & 0x0C)); @@ -736,6 +927,183 @@ static const std::tuple g_pinmux_config_map_copper[] = { {0x68, 0x05, 0x07}, }; +static const std::tuple g_pinmux_config_map_mariko[] = { + {0x5D, 0x00, 0x7F}, + {0x47, 0x28, 0x7F}, + {0x48, 0x00, 0x7F}, + {0x46, 0x00, 0x7F}, + {0x49, 0x00, 0x7F}, + {0x30, 0x40, 0x27F}, + {0x31, 0x40, 0x27F}, + {0x0D, 0x20, 0x27F}, + {0x0C, 0x00, 0x27F}, + {0x10, 0x40, 0x27F}, + {0x0F, 0x00, 0x27F}, + {0x0E, 0x20, 0x27F}, + {0x00, 0x40, 0x7F}, + {0x01, 0x50, 0x7F}, + {0x05, 0x50, 0x7F}, + {0x04, 0x50, 0x7F}, + {0x03, 0x50, 0x7F}, + {0x02, 0x50, 0x7F}, + {0xAA, 0x40, 0x7F}, + {0xAC, 0x40, 0x7F}, + {0xA2, 0x50, 0x7F}, + {0xA3, 0x50, 0x7F}, + {0xA4, 0x50, 0x7F}, + {0xA5, 0x50, 0x7F}, + {0xA6, 0x50, 0x7F}, + {0xA7, 0x50, 0x7F}, + {0xA8, 0x50, 0x7F}, + {0xA9, 0x50, 0x7F}, + {0x5B, 0x00, 0x78}, + {0x7C, 0x01, 0x67}, + {0x80, 0x01, 0x7F}, + {0x34, 0x40, 0x27F}, + {0x35, 0x40, 0x27F}, + {0x55, 0x20, 0x78}, + {0x56, 0x20, 0x7F}, + {0xA1, 0x30, 0x7F}, + {0x5C, 0x00, 0x78}, + {0x5A, 0x20, 0x78}, + {0x2C, 0x40, 0x27F}, + {0x2D, 0x40, 0x27F}, + {0x2E, 0x40, 0x27F}, + {0x2F, 0x40, 0x27F}, + {0x3B, 0x20, 0x7F}, + {0x3C, 0x00, 0x7F}, + {0x3D, 0x20, 0x7F}, + {0x36, 0x00, 0x7F}, + {0x37, 0x30, 0x7F}, + {0x38, 0x00, 0x7F}, + {0x39, 0x28, 0x7F}, + {0x54, 0x00, 0x67}, + {0x9B, 0x30, 0x7F}, + {0x1C, 0x00, 0x7F}, + {0x1D, 0x30, 0x7F}, + {0x1E, 0x00, 0x7F}, + {0x1F, 0x00, 0x7F}, + {0x3F, 0x20, 0x7F}, + {0x40, 0x00, 0x7F}, + {0x41, 0x20, 0x7F}, + {0x42, 0x00, 0x7F}, + {0x43, 0x28, 0x7F}, + {0x44, 0x00, 0x7F}, + {0x45, 0x28, 0x7F}, + {0x4B, 0x28, 0x7F}, + {0x4C, 0x00, 0x7F}, + {0x4A, 0x00, 0x7F}, + {0x4D, 0x00, 0x7F}, + {0x64, 0x20, 0x27F}, + {0x5F, 0x34, 0x7F}, + {0x60, 0x04, 0x67}, + {0x61, 0x2C, 0x7F}, + {0x2A, 0x04, 0x67}, + {0x8F, 0x24, 0x7F}, + {0x33, 0x34, 0x27F}, + {0x52, 0x2C, 0x7F}, + {0x53, 0x24, 0x7F}, + {0x77, 0x04, 0x67}, + {0x78, 0x24, 0x7F}, + {0x11, 0x04, 0x67}, + {0x06, 0x2C, 0x7F}, + {0x08, 0x24, 0x7F}, + {0x09, 0x24, 0x7F}, + {0x0A, 0x24, 0x7F}, + {0x0B, 0x24, 0x7F}, + {0x88, 0x34, 0x7F}, + {0x86, 0x2C, 0x7F}, + {0x82, 0x24, 0x7F}, + {0x85, 0x34, 0x7F}, + {0x89, 0x24, 0x7F}, + {0x8A, 0x34, 0x7F}, + {0x8B, 0x34, 0x7F}, + {0x8C, 0x24, 0x7F}, + {0x8D, 0x24, 0x7F}, + {0x7D, 0x04, 0x67}, + {0x7E, 0x04, 0x67}, + {0x81, 0x04, 0x67}, + {0x9C, 0x24, 0x7F}, + {0x9D, 0x34, 0x7F}, + {0x9E, 0x2C, 0x7F}, + {0x9F, 0x34, 0x7F}, + {0xA0, 0x04, 0x67}, + {0x4F, 0x04, 0x67}, + {0x51, 0x04, 0x67}, + {0x3A, 0x24, 0x7F}, + {0x92, 0x4C, 0x7F}, + {0x93, 0x4C, 0x7F}, + {0x94, 0x44, 0x7F}, + {0x95, 0x04, 0x67}, + {0x96, 0x34, 0x7F}, + {0x97, 0x04, 0x67}, + {0x98, 0x34, 0x7F}, + {0x9A, 0x04, 0x67}, + {0x3E, 0x24, 0x7F}, + {0x6A, 0x04, 0x67}, + {0x6B, 0x04, 0x67}, + {0x6C, 0x2C, 0x7F}, + {0x6D, 0x04, 0x67}, + {0x6E, 0x04, 0x67}, + {0x6F, 0x24, 0x7F}, + {0x91, 0x24, 0x7F}, + {0x70, 0x04, 0x7F}, + {0x71, 0x04, 0x67}, + {0x72, 0x04, 0x67}, + {0x65, 0x34, 0x7F}, + {0x66, 0x04, 0x67}, + {0x67, 0x04, 0x267}, + {0x5E, 0x05, 0x07}, + {0x17, 0x05, 0x07}, + {0x18, 0x05, 0x07}, + {0x19, 0x05, 0x07}, + {0x1A, 0x05, 0x07}, + {0x1B, 0x05, 0x07}, + {0x26, 0x05, 0x07}, + {0x27, 0x05, 0x07}, + {0x28, 0x05, 0x07}, + {0x29, 0x05, 0x07}, + {0x2B, 0x05, 0x07}, + {0x90, 0x05, 0x07}, + {0x32, 0x05, 0x07}, + {0x75, 0x05, 0x07}, + {0x76, 0x05, 0x07}, + {0x79, 0x05, 0x07}, + {0x7A, 0x05, 0x07}, + {0x8E, 0x05, 0x07}, + {0xAB, 0x05, 0x07}, + {0xAD, 0x05, 0x07}, + {0xAE, 0x05, 0x07}, + {0x07, 0x05, 0x07}, + {0x87, 0x05, 0x07}, + {0x83, 0x05, 0x07}, + {0x84, 0x05, 0x07}, + {0x7B, 0x05, 0x07}, + {0x7F, 0x05, 0x07}, + {0x58, 0x00, 0x00}, + {0x59, 0x00, 0x00}, + {0x50, 0x05, 0x07}, + {0x4E, 0x05, 0x07}, + {0x99, 0x05, 0x07}, + {0x12, 0x05, 0x07}, + {0x13, 0x05, 0x07}, + {0x14, 0x05, 0x07}, + {0x15, 0x05, 0x07}, + {0x16, 0x05, 0x07}, + {0x73, 0x05, 0x07}, + {0x74, 0x05, 0x07}, + {0x22, 0x05, 0x07}, + {0x23, 0x05, 0x07}, + {0x20, 0x05, 0x07}, + {0x21, 0x05, 0x07}, + {0x24, 0x05, 0x07}, + {0x25, 0x05, 0x07}, + {0x62, 0x05, 0x07}, + {0x68, 0x05, 0x07}, + {0x69, 0x05, 0x07}, + {0x63, 0x05, 0x07}, +}; + static int pinmux_update_park(u64 pinmux_base_vaddr, unsigned int pinmux_idx) { /* Fetch this PINMUX's register offset */ u32 pinmux_reg_offset = std::get<0>(g_pinmux_map[pinmux_idx]); @@ -1952,23 +2320,95 @@ int main(int argc, char **argv) /* Wait for changes to take effect */ svcSleepThread(100000); - /* Setup all GPIOs from 0x01 to 0x3C */ - for (unsigned int i = 1; i < MAX_GPIO; i++) { - gpio_configure(gpio_base_vaddr, i); - gpio_set_direction(gpio_base_vaddr, i); - gpio_set_value(gpio_base_vaddr, i); - } - - u64 hardware_type = 0; + /* Default to invalid hardware type */ + HardwareType hardware_type = HARDWARETYPE_INVALID; /* Get the hardware type from SPL */ - rc = splGetConfig(SplConfigItem_HardwareType, &hardware_type); + rc = splGetConfig(SplConfigItem_HardwareType, (u64 *)&hardware_type); if (R_FAILED(rc)) { return rc; } + /* The Icosa GPIO map was common to all hardware before 2.0.0 */ + if (!kernelAbove200() || (hardware_type == HARDWARETYPE_ICOSA) + || (hardware_type == HARDWARETYPE_HOAG)) { + /* Setup all GPIOs for Icosa or Hoag hardware */ + for (unsigned int i = 0; i < MAX_GPIO_ICOSA; i++) { + /* Configure the GPIO */ + gpio_configure(gpio_base_vaddr, std::get<0>(g_gpio_config_map_icosa[i])); + + /* Set the GPIO's direction */ + gpio_set_direction(gpio_base_vaddr, std::get<0>(g_gpio_config_map_icosa[i]), std::get<1>(g_gpio_config_map_icosa[i])); + + /* Manually set GPIO 0x18 value which changed on 4.0.0+ */ + if (kernelAbove400() && (std::get<0>(g_gpio_config_map_icosa[i]) == 0x18)) { + /* Set the GPIO's value to high */ + gpio_set_value(gpio_base_vaddr, std::get<0>(g_gpio_config_map_icosa[i]), true); + } else { + /* Set the GPIO's value */ + gpio_set_value(gpio_base_vaddr, std::get<0>(g_gpio_config_map_icosa[i]), std::get<2>(g_gpio_config_map_icosa[i])); + } + } + } else if (hardware_type == HARDWARETYPE_COPPER) { + /* Setup all GPIOs for Copper hardware */ + for (unsigned int i = 0; i < MAX_GPIO_COPPER; i++) { + /* Configure the GPIO */ + gpio_configure(gpio_base_vaddr, std::get<0>(g_gpio_config_map_copper[i])); + + /* Set the GPIO's direction */ + gpio_set_direction(gpio_base_vaddr, std::get<0>(g_gpio_config_map_copper[i]), std::get<1>(g_gpio_config_map_copper[i])); + + /* Set the GPIO's value */ + gpio_set_value(gpio_base_vaddr, std::get<0>(g_gpio_config_map_copper[i]), std::get<2>(g_gpio_config_map_copper[i])); + } + } else if (hardware_type == HARDWARETYPE_MARIKO) { + /* Setup all GPIOs for Mariko hardware */ + for (unsigned int i = 0; i < MAX_GPIO_MARIKO; i++) { + /* Configure the GPIO */ + gpio_configure(gpio_base_vaddr, std::get<0>(g_gpio_config_map_mariko[i])); + + /* Set the GPIO's direction */ + gpio_set_direction(gpio_base_vaddr, std::get<0>(g_gpio_config_map_mariko[i]), std::get<1>(g_gpio_config_map_mariko[i])); + + /* Set the GPIO's value */ + gpio_set_value(gpio_base_vaddr, std::get<0>(g_gpio_config_map_mariko[i]), std::get<2>(g_gpio_config_map_mariko[i])); + } + } + + /* TODO: Evaluate if this can be ignored */ + if (kernelAbove500()) { + u64 car_base_vaddr = 0; + + /* Map the Clock and Reset registers */ + rc = svcQueryIoMapping(&car_base_vaddr, CAR_BASE, 0x1000); + if (R_FAILED(rc)) { + return rc; + } + + /* Read from CLK_RST_CONTROLLER_PLLU_BASE_0 */ + u32 pplu_base = *((u32 *)car_base_vaddr + 0xC0); + + /* Read from CLK_RST_CONTROLLER_UTMIP_PLL_CFG0_0 */ + u32 utmip_pll_cfg0 = *((u32 *)car_base_vaddr + 0x480); + + if (((pplu_base & 0x1FFFFF) != 0x11902) || ((utmip_pll_cfg0 & 0xFFFF00) != 0x190100)) { + /* + svcSleepThread(1000000000); + pmic_reset(); + */ + } + } + + if (kernelAbove200()) { + /* TODO: PMIC testing */ + } + /* This is ignored in Copper hardware */ - if (hardware_type != 0x01) { + if (hardware_type != HARDWARETYPE_COPPER) { + if (kernelAbove200()) { + /* TODO: Display configuration */ + } + /* TODO: Battery charge check */ } @@ -1977,18 +2417,33 @@ int main(int argc, char **argv) pinmux_update_park(pinmux_base_vaddr, i); } - if ((hardware_type == 0x00) || (hardware_type == 0x02)) { + if ((hardware_type == HARDWARETYPE_ICOSA) || (hardware_type == HARDWARETYPE_HOAG)) { /* Configure all PINMUX pads (minus BattBcl) for Icosa or Hoag */ for (unsigned int i = 0; i < (MAX_PINMUX - 1); i++) { pinmux_update_pad(pinmux_base_vaddr, std::get<0>(g_pinmux_config_map_icosa[i]), std::get<1>(g_pinmux_config_map_icosa[i]), std::get<2>(g_pinmux_config_map_icosa[i])); } - } else if (hardware_type == 0x01) { + } else if (hardware_type == HARDWARETYPE_COPPER) { /* Configure all PINMUX pads (minus BattBcl) for Copper */ for (unsigned int i = 0; i < (MAX_PINMUX - 1); i++) { pinmux_update_pad(pinmux_base_vaddr, std::get<0>(g_pinmux_config_map_copper[i]), std::get<1>(g_pinmux_config_map_copper[i]), std::get<2>(g_pinmux_config_map_copper[i])); } - } else if (hardware_type == 0x03) { - /* TODO: Configure PINMUX pads for Mariko */ + } else if (hardware_type == HARDWARETYPE_MARIKO) { + /* Configure all PINMUX pads (minus BattBcl) for Mariko */ + for (unsigned int i = 0; i < (MAX_PINMUX_MARIKO - 1); i++) { + pinmux_update_pad(pinmux_base_vaddr, std::get<0>(g_pinmux_config_map_mariko[i]), std::get<1>(g_pinmux_config_map_mariko[i]), std::get<2>(g_pinmux_config_map_mariko[i])); + } + + /* Configure additional values for SDMMC2 pins */ + pinmux_update_pad(pinmux_base_vaddr, 0xAA, 0x2000, 0x2000); + pinmux_update_pad(pinmux_base_vaddr, 0xAC, 0x2000, 0x2000); + pinmux_update_pad(pinmux_base_vaddr, 0xA2, 0x2000, 0x2000); + pinmux_update_pad(pinmux_base_vaddr, 0xA3, 0x2000, 0x2000); + pinmux_update_pad(pinmux_base_vaddr, 0xA4, 0x2000, 0x2000); + pinmux_update_pad(pinmux_base_vaddr, 0xA5, 0x2000, 0x2000); + pinmux_update_pad(pinmux_base_vaddr, 0xA6, 0x2000, 0x2000); + pinmux_update_pad(pinmux_base_vaddr, 0xA7, 0x2000, 0x2000); + pinmux_update_pad(pinmux_base_vaddr, 0xA8, 0x2000, 0x2000); + pinmux_update_pad(pinmux_base_vaddr, 0xA9, 0x2000, 0x2000); } else { /* Invalid */ } @@ -2003,29 +2458,18 @@ int main(int argc, char **argv) /* Configure all wake pin events */ for (unsigned int i = 0; i < MAX_PMC_WAKE_PIN; i++) { - if (kernelAbove200()) { - if (hardware_type == 0x01) { - /* Set wake event levels for Copper hardware */ - pmc_set_wake_event_level(pmc_base_vaddr, std::get<0>(g_pmc_wake_pin_map_copper[i]), std::get<2>(g_pmc_wake_pin_map_copper[i])); - - /* Enable or disable wake events for Copper hardware */ - pmc_set_wake_event_enabled(pmc_base_vaddr, std::get<0>(g_pmc_wake_pin_map_copper[i]), std::get<1>(g_pmc_wake_pin_map_copper[i])); - } else { - /* Manually set pin 8 values which changed on 2.0.0+ */ - if (i == 0x08) { - /* Set pin 8's wake event level for Icosa hardware */ - pmc_set_wake_event_level(pmc_base_vaddr, std::get<0>(g_pmc_wake_pin_map_icosa[i]), 1); - - /* Enable or disable pin 8's wake event for Icosa hardware */ - pmc_set_wake_event_enabled(pmc_base_vaddr, std::get<0>(g_pmc_wake_pin_map_icosa[i]), 1); - } else { - /* Set wake event levels for Icosa hardware */ - pmc_set_wake_event_level(pmc_base_vaddr, std::get<0>(g_pmc_wake_pin_map_icosa[i]), std::get<2>(g_pmc_wake_pin_map_icosa[i])); - - /* Enable or disable wake events for Icosa hardware */ - pmc_set_wake_event_enabled(pmc_base_vaddr, std::get<0>(g_pmc_wake_pin_map_icosa[i]), std::get<1>(g_pmc_wake_pin_map_icosa[i])); - } - } + if (kernelAbove200() && (hardware_type == HARDWARETYPE_COPPER)) { + /* Set wake event levels for Copper hardware */ + pmc_set_wake_event_level(pmc_base_vaddr, std::get<0>(g_pmc_wake_pin_map_copper[i]), std::get<2>(g_pmc_wake_pin_map_copper[i])); + + /* Enable or disable wake events for Copper hardware */ + pmc_set_wake_event_enabled(pmc_base_vaddr, std::get<0>(g_pmc_wake_pin_map_copper[i]), std::get<1>(g_pmc_wake_pin_map_copper[i])); + } else if (kernelAbove200() && (std::get<0>(g_pmc_wake_pin_map_icosa[i]) == 0x08)) { + /* Manually set pin 8's wake event level for Icosa hardware on 2.0.0+ */ + pmc_set_wake_event_level(pmc_base_vaddr, std::get<0>(g_pmc_wake_pin_map_icosa[i]), 1); + + /* Manually enable or disable pin 8's wake event for Icosa hardware on 2.0.0+ */ + pmc_set_wake_event_enabled(pmc_base_vaddr, std::get<0>(g_pmc_wake_pin_map_icosa[i]), 1); } else { /* Set wake event levels for Icosa hardware */ pmc_set_wake_event_level(pmc_base_vaddr, std::get<0>(g_pmc_wake_pin_map_icosa[i]), std::get<2>(g_pmc_wake_pin_map_icosa[i])); @@ -2036,7 +2480,7 @@ int main(int argc, char **argv) } /* This is ignored in Copper hardware */ - if (hardware_type != 0x01) { + if (hardware_type != HARDWARETYPE_COPPER) { /* Configure PMC clock out */ if (kernelAbove200()) { u32 rw_reg_val = 0; @@ -2052,11 +2496,11 @@ int main(int argc, char **argv) } } - /* Setup GPIO 0x4B for Copper hardware only */ - if (hardware_type == 0x01) { + /* Change GPIO 0x4B in Copper hardware only */ + if (hardware_type == HARDWARETYPE_COPPER) { gpio_configure(gpio_base_vaddr, 0x4B); - gpio_set_direction(gpio_base_vaddr, 0x4B); - gpio_set_value(gpio_base_vaddr, 0x4B); + gpio_set_direction(gpio_base_vaddr, 0x4B, true); + gpio_set_value(gpio_base_vaddr, 0x4B, true); } /* TODO: NAND repair */ From 1ba8a9203009081aab0993d8ea0826b803c5aae0 Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Sat, 2 Jun 2018 14:48:40 -0600 Subject: [PATCH 2/8] Fusee: Separate kernel patching into its own file. --- fusee/fusee-secondary/src/kernel_patches.c | 9 +++++++++ fusee/fusee-secondary/src/kernel_patches.h | 8 ++++++++ fusee/fusee-secondary/src/package2.c | 7 +------ 3 files changed, 18 insertions(+), 6 deletions(-) create mode 100644 fusee/fusee-secondary/src/kernel_patches.c create mode 100644 fusee/fusee-secondary/src/kernel_patches.h diff --git a/fusee/fusee-secondary/src/kernel_patches.c b/fusee/fusee-secondary/src/kernel_patches.c new file mode 100644 index 000000000..dbf85b036 --- /dev/null +++ b/fusee/fusee-secondary/src/kernel_patches.c @@ -0,0 +1,9 @@ +#include +#include "utils.h" +#include "kernel_patches.c" + +void package2_patch_kernel(void *kernel, size_t size) { + (void)kernel; + (void)size; + /* TODO: What kind of patching do we want to try to do here? */ +} \ No newline at end of file diff --git a/fusee/fusee-secondary/src/kernel_patches.h b/fusee/fusee-secondary/src/kernel_patches.h new file mode 100644 index 000000000..239a3d953 --- /dev/null +++ b/fusee/fusee-secondary/src/kernel_patches.h @@ -0,0 +1,8 @@ +#ifndef FUSEE_KERNEL_PATCHES_H +#define FUSEE_KERNEL_PATCHES_H + +#include "utils.h" + +void package2_patch_kernel(void *kernel, size_t kernel_size); + +#endif \ No newline at end of file diff --git a/fusee/fusee-secondary/src/package2.c b/fusee/fusee-secondary/src/package2.c index a24b7cf0b..d69f1720d 100644 --- a/fusee/fusee-secondary/src/package2.c +++ b/fusee/fusee-secondary/src/package2.c @@ -16,7 +16,6 @@ static void package2_decrypt(package2_header_t *package2); static size_t package2_get_src_section(void **section, package2_header_t *package2, unsigned int id); static size_t package2_get_thermosphere(void **thermosphere); -static void package2_patch_kernel(void *kernel, size_t kernel_size); static ini1_header_t *package2_rebuild_ini1(ini1_header_t *ini1, uint32_t target_firmware); static void package2_append_section(unsigned int id, package2_header_t *package2, void *data, size_t size); static void package2_fixup_header_and_section_hashes(package2_header_t *package2, size_t size); @@ -263,11 +262,7 @@ static size_t package2_get_thermosphere(void **thermosphere) { return 0; } -static void package2_patch_kernel(void *kernel, size_t size) { - (void)kernel; - (void)size; - /* TODO: What kind of patching do we want to try to do here? */ -} + static ini1_header_t *package2_rebuild_ini1(ini1_header_t *ini1, uint32_t target_firmware) { From b3a7086b7e4ab4d2d0fffa7f4e716aa7489721b9 Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Sat, 2 Jun 2018 16:06:14 -0600 Subject: [PATCH 3/8] Fusee: Add infrastructure for applying kernel patches (needed for mitm) --- fusee/fusee-secondary/src/kernel_patches.c | 148 ++++++++++++++++++++- fusee/fusee-secondary/src/package2.c | 1 + 2 files changed, 144 insertions(+), 5 deletions(-) diff --git a/fusee/fusee-secondary/src/kernel_patches.c b/fusee/fusee-secondary/src/kernel_patches.c index dbf85b036..802019d19 100644 --- a/fusee/fusee-secondary/src/kernel_patches.c +++ b/fusee/fusee-secondary/src/kernel_patches.c @@ -1,9 +1,147 @@ #include #include "utils.h" -#include "kernel_patches.c" +#include "se.h" +#include "kernel_patches.h" -void package2_patch_kernel(void *kernel, size_t size) { - (void)kernel; - (void)size; - /* TODO: What kind of patching do we want to try to do here? */ +#define MAKE_BRANCH(a, o) 0x14000000 | ((((o) - (a)) >> 2) & 0x3FFFFFF) + +typedef uint32_t instruction_t; + +typedef struct { + size_t pattern_size; + const uint8_t *pattern; + size_t pattern_hook_offset; + size_t payload_num_instructions; + const instruction_t *payload; +} kernel_hook_t; + +typedef struct { + uint8_t hash[0x20]; /* TODO: Come up with a better way to identify kernels, that doesn't rely on hashing them. */ + size_t free_code_space_offset; + unsigned int num_hooks; + const kernel_hook_t *hooks; +} kernel_info_t; + +/* Hook Definitions. */ +static const kernel_hook_t g_kernel_hooks_100[] = { + /* TODO */ +}; +static const kernel_hook_t g_kernel_hooks_200[] = { + /* TODO */ +}; +static const kernel_hook_t g_kernel_hooks_300[] = { + /* TODO */ +}; +static const kernel_hook_t g_kernel_hooks_302[] = { + /* TODO */ +}; +static const kernel_hook_t g_kernel_hooks_400[] = { + /* TODO */ +}; +static const kernel_hook_t g_kernel_hooks_500[] = { + /* TODO */ +}; + +#define KERNEL_HOOKS(vers) .num_hooks = sizeof(g_kernel_hooks_##vers)/sizeof(kernel_hook_t), .hooks = g_kernel_hooks_##vers, + +/* Kernel Infos. */ +static const kernel_info_t g_kernel_infos[] = { + { /* 1.0.0. */ + .free_code_space_offset = 0x4597C, + KERNEL_HOOKS(100) + }, + { /* 2.0.0. */ + /* TODO */ + .free_code_space_offset = 0, + KERNEL_HOOKS(200) + }, + { /* 3.0.0. */ + /* TODO */ + .free_code_space_offset = 0, + KERNEL_HOOKS(300) + }, + { /* 3.0.2. */ + /* TODO */ + .free_code_space_offset = 0, + KERNEL_HOOKS(302) + }, + { /* 4.0.0. */ + /* TODO */ + .free_code_space_offset = 0, + KERNEL_HOOKS(400) + }, + { /* 5.0.0. */ + .free_code_space_offset = 0x5C020, + KERNEL_HOOKS(500) + } +}; + +/* Adapted from https://github.com/AuroraWright/Luma3DS/blob/master/sysmodules/loader/source/memory.c:35. */ +uint8_t *search_pattern(void *_mem, size_t mem_size, const void *_pattern, size_t pattern_size) { + const uint8_t *pattern = (const uint8_t *)_pattern; + uint8_t *mem = (uint8_t *)_mem; + + uint32_t table[0x100]; + for (unsigned int i = 0; i < sizeof(table)/sizeof(uint32_t); i++) { + table[i] = (uint32_t)pattern_size; + } + for (unsigned int i = 0; i < pattern_size - 1; i++) { + table[pattern[i]] = (uint32_t)pattern_size - i - 1; + } + + for (unsigned int i = 0; i <= mem_size - pattern_size; i += table[mem[i + pattern_size - 1]]) { + if (pattern[pattern_size - 1] == table[mem[i + pattern_size - 1]] && memcmp(pattern, mem + i, pattern_size - 1) == 0) { + return mem + i; + } + } + return NULL; +} + +const kernel_info_t *get_kernel_info(void *kernel, size_t size) { + uint8_t calculated_hash[0x20]; + se_calculate_sha256(calculated_hash, kernel, size); + for (unsigned int i = 0; i < sizeof(g_kernel_infos)/sizeof(kernel_info_t); i++) { + if (memcmp(calculated_hash, g_kernel_infos[i].hash, sizeof(calculated_hash)) == 0) { + return &g_kernel_infos[i]; + } + } + return NULL; +} + +void package2_patch_kernel(void *_kernel, size_t size) { + const kernel_info_t *kernel_info = get_kernel_info(_kernel, size); + if (kernel_info == NULL) { + /* Should this be fatal? */ + fatal_error("kernel_patcher: unable to identify kernel!\n"); + } + + /* Apply hooks. */ + uint8_t *kernel = (uint8_t *)_kernel; + size_t free_space_offset = kernel_info->free_code_space_offset; + size_t free_space_size = ((free_space_offset + 0xFFFULL) & ~0xFFFULL) - free_space_offset; + for (unsigned int i = 0; i < kernel_info->num_hooks; i++) { + size_t hook_size = sizeof(instruction_t) * kernel_info->hooks[i].payload_num_instructions; + if (free_space_size < hook_size) { + /* TODO: What should be done in this case? */ + fatal_error("kernel_patcher: insufficient space to apply patches!\n"); + } + + uint8_t *pattern_loc = search_pattern(kernel, size, kernel_info->hooks[i].pattern, kernel_info->hooks[i].pattern_size); + if (pattern_loc == NULL) { + /* TODO: Should we print an error/abort here? */ + continue; + } + /* Patch kernel to branch to our hook at the desired place. */ + instruction_t *hook_start = (instruction_t *)(pattern_loc + kernel_info->hooks[i].pattern_hook_offset); + *hook_start = MAKE_BRANCH((uint32_t)((uintptr_t)hook_start - (uintptr_t)kernel), free_space_offset); + + /* Insert hook into free space. */ + instruction_t *payload = (instruction_t *)(kernel + free_space_offset); + for (unsigned int p = 0; p < kernel_info->hooks[i].payload_num_instructions; p++) { + payload[p] = kernel_info->hooks[i].payload[p]; + } + + free_space_offset += hook_size; + free_space_size -= hook_size; + } } \ No newline at end of file diff --git a/fusee/fusee-secondary/src/package2.c b/fusee/fusee-secondary/src/package2.c index d69f1720d..aed910593 100644 --- a/fusee/fusee-secondary/src/package2.c +++ b/fusee/fusee-secondary/src/package2.c @@ -4,6 +4,7 @@ #include "masterkey.h" #include "stratosphere.h" #include "package2.h" +#include "kernel_patches.h" #include "kip.h" #include "se.h" From 8ec3a53d738146696d40355c06bcb635c071ae28 Mon Sep 17 00:00:00 2001 From: Max K Date: Sun, 3 Jun 2018 02:24:02 +0200 Subject: [PATCH 4/8] Fix CCPLEX bringup and halt the BPMP once it's done booting. (#118) --- fusee/fusee-secondary/src/hwinit/cluster.c | 5 ++++- fusee/fusee-secondary/src/nxboot.c | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/fusee/fusee-secondary/src/hwinit/cluster.c b/fusee/fusee-secondary/src/hwinit/cluster.c index 90015205f..26f6e8d3e 100644 --- a/fusee/fusee-secondary/src/hwinit/cluster.c +++ b/fusee/fusee-secondary/src/hwinit/cluster.c @@ -63,6 +63,8 @@ void cluster_enable_cpu0(u64 entry, u32 ns_disable) { CLOCK(0x518) &= 0xFFFFFFF7; sleep(2); + CLOCK(0xE0) = 0x80404E02; + CLOCK(0xE0) = 0x404E02; CLOCK(0xE4) = CLOCK(0xE4) & 0xFFFBFFFF | 0x40000; CLOCK(0xE0) = 0x40404E02; } @@ -77,7 +79,7 @@ void cluster_enable_cpu0(u64 entry, u32 ns_disable) clock_enable_coresight(); - CLOCK(0x388) = CLOCK(0x388) & 0xFFFFE000; + CLOCK(0x388) = CLOCK(0x388) & 0xFFFFF000; //Enable CPU rail. _cluster_pmc_enable_partition(1, 0); @@ -110,5 +112,6 @@ void cluster_enable_cpu0(u64 entry, u32 ns_disable) //Until here the CPU was in reset, this kicks execution. CLOCK(CLK_RST_CONTROLLER_RST_DEVICES_V) &= 0xFFFFFFF7; + CLOCK(CLK_RST_CONTROLLER_RST_CPUG_CMPLX_CLR) = 0x20000000; CLOCK(CLK_RST_CONTROLLER_RST_CPUG_CMPLX_CLR) = 0x411F000F; } diff --git a/fusee/fusee-secondary/src/nxboot.c b/fusee/fusee-secondary/src/nxboot.c index de4f350dc..65e79012c 100644 --- a/fusee/fusee-secondary/src/nxboot.c +++ b/fusee/fusee-secondary/src/nxboot.c @@ -14,6 +14,7 @@ #include "exocfg.h" #include "display/video_fb.h" #include "lib/ini.h" +#include "hwinit/t210.h" #define u8 uint8_t #define u32 uint32_t @@ -247,5 +248,8 @@ void nxboot_main(void) { /* Display splash screen. */ display_splash_screen_bmp(loader_ctx->custom_splash_path); - /* TODO: Halt ourselves. */ + //Halt ourselves in waitevent state. + while (1) { + FLOW_CTLR(0x4) = 0x50000000; + } } From cc69079d732c57b19885ea2d1cfcad94c13c2ad7 Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Sat, 2 Jun 2018 19:11:50 -0600 Subject: [PATCH 5/8] Fusee: Add mechanism for branching back at end of hook. --- fusee/fusee-secondary/src/kernel_patches.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fusee/fusee-secondary/src/kernel_patches.c b/fusee/fusee-secondary/src/kernel_patches.c index 802019d19..c6feb22d5 100644 --- a/fusee/fusee-secondary/src/kernel_patches.c +++ b/fusee/fusee-secondary/src/kernel_patches.c @@ -12,6 +12,7 @@ typedef struct { const uint8_t *pattern; size_t pattern_hook_offset; size_t payload_num_instructions; + size_t branch_back_offset; const instruction_t *payload; } kernel_hook_t; @@ -71,6 +72,7 @@ static const kernel_info_t g_kernel_infos[] = { KERNEL_HOOKS(400) }, { /* 5.0.0. */ + .hash = {0xB2, 0x38, 0x61, 0xA8, 0xE1, 0xE2, 0xE4, 0xE4, 0x17, 0x28, 0xED, 0xA9, 0xF6, 0xF6, 0xBD, 0xD2, 0x59, 0xDB, 0x1F, 0xEF, 0x4A, 0x8B, 0x2F, 0x1C, 0x64, 0x46, 0x06, 0x40, 0xF5, 0x05, 0x9C, 0x43}, .free_code_space_offset = 0x5C020, KERNEL_HOOKS(500) } @@ -121,6 +123,9 @@ void package2_patch_kernel(void *_kernel, size_t size) { size_t free_space_size = ((free_space_offset + 0xFFFULL) & ~0xFFFULL) - free_space_offset; for (unsigned int i = 0; i < kernel_info->num_hooks; i++) { size_t hook_size = sizeof(instruction_t) * kernel_info->hooks[i].payload_num_instructions; + if (kernel_info->hooks[i].branch_back_offset) { + hook_size += sizeof(instruction_t); + } if (free_space_size < hook_size) { /* TODO: What should be done in this case? */ fatal_error("kernel_patcher: insufficient space to apply patches!\n"); @@ -140,6 +145,9 @@ void package2_patch_kernel(void *_kernel, size_t size) { for (unsigned int p = 0; p < kernel_info->hooks[i].payload_num_instructions; p++) { payload[p] = kernel_info->hooks[i].payload[p]; } + if (kernel_info->hooks[i].branch_back_offset) { + payload[kernel_info->hooks[i].payload_num_instructions] = MAKE_BRANCH(free_space_offset + sizeof(instruction_t) * kernel_info->hooks[i].payload_num_instructions, (uint32_t)(kernel_info->hooks[i].branch_back_offset + (uintptr_t)hook_start - (uintptr_t)kernel)); + } free_space_offset += hook_size; free_space_size -= hook_size; From 968c86578a1a9bd6b0a1a0b1950c3285983a7c20 Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Sat, 2 Jun 2018 20:01:44 -0600 Subject: [PATCH 6/8] Fusee: Add 5.x kernel patches to allow for IPC PID mitm. --- fusee/fusee-secondary/src/kernel_patches.c | 56 +++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/fusee/fusee-secondary/src/kernel_patches.c b/fusee/fusee-secondary/src/kernel_patches.c index c6feb22d5..09065c8db 100644 --- a/fusee/fusee-secondary/src/kernel_patches.c +++ b/fusee/fusee-secondary/src/kernel_patches.c @@ -5,6 +5,9 @@ #define MAKE_BRANCH(a, o) 0x14000000 | ((((o) - (a)) >> 2) & 0x3FFFFFF) +#define MAKE_KERNEL_PATTERN_NAME(vers, name) g_kernel_patch_##vers_##name +#define MAKE_KERNEL_HOOK_NAME(vers, name) g_kernel_hook_##vers_##name + typedef uint32_t instruction_t; typedef struct { @@ -23,6 +26,42 @@ typedef struct { const kernel_hook_t *hooks; } kernel_info_t; +/* Patch definitions. */ +/* + mov w10, w23 + lsl x10, x10, #2 + ldr x10, [x27, x10] + mov x9, #0x0000ffffffffffff + and x8, x10, x9 + mov x9, #0xffff000000000000 + and x10, x10, x9 + mov x9, #0xfffe000000000000 + cmp x10, x9 + beq #12 + ldr x10, [sp,#0x80] + ldr x8, [x10,#0x2b0] + ldr x10, [sp,#0x80] +*/ +static const uint8_t MAKE_KERNEL_PATTERN_NAME(500, proc_id_send)[] = {0xEA, 0x43, 0x40, 0xF9, 0x48, 0x59, 0x41, 0xF9, 0xE9, 0x03, 0x17, 0x2A, 0x29, 0xF5, 0x7E, 0xD3}; +static const instruction_t MAKE_KERNEL_HOOK_NAME(500, proc_id_send)[] = {0x2A1703EA, 0xD37EF54A, 0xF86A6B6A, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000060, 0xF94043EA, 0xF9415948, 0xF94043EA}; +/* + ldr x13, [sp, #0x70] + mov w10, w21 + lsl x10, x10, #2 + ldr x10, [x13, x10] + mov x9, #0x0000ffffffffffff + and x8, x10, x9 + mov x9, #0xffff000000000000 + and x10, x10, x9 + mov x9, #0xfffe000000000000 + cmp x10, x9 + beq #8 + ldr x8, [x24,#0x2b0] + ldr x10, [sp,#0xd8] +*/ +static const uint8_t MAKE_KERNEL_PATTERN_NAME(500, proc_id_recv)[] = {0x08, 0x5B, 0x41, 0xF9, 0xEA, 0x6F, 0x40, 0xF9, 0xE9, 0x03, 0x15, 0x2A, 0x29, 0xF5, 0x7E, 0xD3}; +static const instruction_t MAKE_KERNEL_HOOK_NAME(500, proc_id_recv)[] = {0xF9403BED, 0x2A1503EA, 0xD37EF54A, 0xF86A69AA, 0x92FFFFE9, 0x8A090148, 0xD2FFFFE9, 0x8A09014A, 0xD2FFFFC9, 0xEB09015F, 0x54000040, 0xF9415B08, 0xF9406FEA}; + /* Hook Definitions. */ static const kernel_hook_t g_kernel_hooks_100[] = { /* TODO */ @@ -40,7 +79,22 @@ static const kernel_hook_t g_kernel_hooks_400[] = { /* TODO */ }; static const kernel_hook_t g_kernel_hooks_500[] = { - /* TODO */ + { /* Send Message Process ID Patch. */ + .pattern_size = 0x10, + .pattern = MAKE_KERNEL_PATTERN_NAME(500, proc_id_send), + .pattern_hook_offset = 0x0, + .payload_num_instructions = 13, + .branch_back_offset = 0x8, + .payload = MAKE_KERNEL_HOOK_NAME(500, proc_id_send) + }, + { /* Receive Message Process ID Patch. */ + .pattern_size = 0x10, + .pattern = MAKE_KERNEL_PATTERN_NAME(500, proc_id_recv), + .pattern_hook_offset = 0x0, + .payload_num_instructions = 13, + .branch_back_offset = 0x8, + .payload = MAKE_KERNEL_HOOK_NAME(500, proc_id_recv) + } }; #define KERNEL_HOOKS(vers) .num_hooks = sizeof(g_kernel_hooks_##vers)/sizeof(kernel_hook_t), .hooks = g_kernel_hooks_##vers, From 80f40caf6702d975d7305471a936880ba6f7dac7 Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Sat, 2 Jun 2018 23:38:01 -0600 Subject: [PATCH 7/8] SM: Add IPC commands for first-class MITM installation. --- stratosphere/sm/source/sm_registration.cpp | 87 +++++++++++++++++++++- stratosphere/sm/source/sm_registration.hpp | 14 +++- stratosphere/sm/source/sm_user_service.cpp | 25 ++++++- stratosphere/sm/source/sm_user_service.hpp | 9 ++- 4 files changed, 129 insertions(+), 6 deletions(-) diff --git a/stratosphere/sm/source/sm_registration.cpp b/stratosphere/sm/source/sm_registration.cpp index 89636b8e9..f27dd5ee4 100644 --- a/stratosphere/sm/source/sm_registration.cpp +++ b/stratosphere/sm/source/sm_registration.cpp @@ -176,7 +176,7 @@ bool Registration::HasService(u64 service) { return false; } -Result Registration::GetServiceHandle(u64 service, Handle *out) { +Result Registration::GetServiceHandle(u64 pid, u64 service, Handle *out) { Registration::Service *target_service = GetService(service); if (target_service == NULL) { /* Note: This defers the result until later. */ @@ -184,7 +184,12 @@ Result Registration::GetServiceHandle(u64 service, Handle *out) { } *out = 0; - Result rc = svcConnectToPort(out, target_service->port_h); + Result rc; + if (target_service->mitm_pid == 0 || target_service->mitm_pid == pid) { + rc = svcConnectToPort(out, target_service->port_h); + } else { + rc = svcConnectToPort(out, target_service->mitm_port_h); + } if (R_FAILED(rc)) { if ((rc & 0x3FFFFF) == 0xE01) { return 0x615; @@ -217,7 +222,7 @@ Result Registration::GetServiceForPid(u64 pid, u64 service, Handle *out) { } } - return GetServiceHandle(service, out); + return GetServiceHandle(pid, service, out); } Result Registration::RegisterServiceForPid(u64 pid, u64 service, u64 max_sessions, bool is_light, Handle *out) { @@ -294,6 +299,8 @@ Result Registration::RegisterServiceForSelf(u64 service, u64 max_sessions, bool if (R_SUCCEEDED(rc)) { free_service->service_name = service; free_service->owner_pid = pid; + free_service->max_sessions = max_sessions; + free_service->is_light = is_light; } return rc; @@ -321,6 +328,80 @@ Result Registration::UnregisterServiceForPid(u64 pid, u64 service) { } svcCloseHandle(target_service->port_h); + svcCloseHandle(target_service->mitm_port_h); *target_service = (const Registration::Service){0}; return 0; } + + +Result Registration::InstallMitmForPid(u64 pid, u64 service, Handle *out) { + if (!service) { + return 0xC15; + } + + u64 service_name_len = GetServiceNameLength(service); + + /* If the service has bytes after a null terminator, that's no good. */ + if (service_name_len != 8 && (service >> (8 * service_name_len))) { + return 0xC15; + } + + /* Verify we're allowed to mitm the service. */ + if (!IsInitialProcess(pid)) { + Registration::Process *proc = GetProcessForPid(pid); + if (proc == NULL) { + return 0x415; + } + + if (!IsValidForSac(proc->sac, proc->sac_size, service, true)) { + return 0x1015; + } + } + + /* Verify the service exists. */ + Registration::Service *target_service = GetService(service); + if (target_service == NULL) { + return 0xE15; + } + + /* Verify the service isn't already being mitm'd. */ + if (target_service->mitm_pid != 0) { + return 0x815; + } + + *out = 0; + u64 x = 0; + Result rc = svcCreatePort(out, &target_service->mitm_port_h, target_service->max_sessions, target_service->is_light, (char *)&x); + + if (R_SUCCEEDED(rc)) { + target_service->mitm_pid = pid; + } + + return rc; +} + +Result Registration::UninstallMitmForPid(u64 pid, u64 service) { + if (!service) { + return 0xC15; + } + + u64 service_name_len = GetServiceNameLength(service); + + /* If the service has bytes after a null terminator, that's no good. */ + if (service_name_len != 8 && (service >> (8 * service_name_len))) { + return 0xC15; + } + + Registration::Service *target_service = GetService(service); + if (target_service == NULL) { + return 0xE15; + } + + if (!IsInitialProcess(pid) && target_service->mitm_pid != pid) { + return 0x1015; + } + + svcCloseHandle(target_service->mitm_port_h); + target_service->mitm_pid = 0; + return 0; +} diff --git a/stratosphere/sm/source/sm_registration.hpp b/stratosphere/sm/source/sm_registration.hpp index 5c7af1f27..fe7ccdceb 100644 --- a/stratosphere/sm/source/sm_registration.hpp +++ b/stratosphere/sm/source/sm_registration.hpp @@ -18,6 +18,14 @@ class Registration { u64 service_name; u64 owner_pid; Handle port_h; + + /* Debug. */ + u64 max_sessions; + bool is_light; + + /* Extension. */ + u64 mitm_pid; + Handle mitm_port_h; }; /* Utilities. */ @@ -37,9 +45,13 @@ class Registration { /* Service management. */ static bool HasService(u64 service); - static Result GetServiceHandle(u64 service, Handle *out); + static Result GetServiceHandle(u64 pid, u64 service, Handle *out); static Result GetServiceForPid(u64 pid, u64 service, Handle *out); static Result RegisterServiceForPid(u64 pid, u64 service, u64 max_sessions, bool is_light, Handle *out); static Result RegisterServiceForSelf(u64 service, u64 max_sessions, bool is_light, Handle *out); static Result UnregisterServiceForPid(u64 pid, u64 service); + + /* Extension. */ + static Result InstallMitmForPid(u64 pid, u64 service, Handle *out); + static Result UninstallMitmForPid(u64 pid, u64 service); }; diff --git a/stratosphere/sm/source/sm_user_service.cpp b/stratosphere/sm/source/sm_user_service.cpp index 0e3d91025..a5c36ce6d 100644 --- a/stratosphere/sm/source/sm_user_service.cpp +++ b/stratosphere/sm/source/sm_user_service.cpp @@ -18,6 +18,12 @@ Result UserService::dispatch(IpcParsedCommand &r, IpcCommand &out_c, u64 cmd_id, case User_Cmd_UnregisterService: rc = WrapIpcCommandImpl<&UserService::unregister_service>(this, r, out_c, pointer_buffer, pointer_buffer_size); break; + case User_Cmd_AtmosphereInstallMitm: + rc = WrapIpcCommandImpl<&UserService::install_mitm>(this, r, out_c, pointer_buffer, pointer_buffer_size); + break; + case User_Cmd_AtmosphereUninstallMitm: + rc = WrapIpcCommandImpl<&UserService::uninstall_mitm>(this, r, out_c, pointer_buffer, pointer_buffer_size); + break; default: break; } @@ -56,7 +62,7 @@ std::tuple UserService::get_service(u64 service) { std::tuple UserService::deferred_get_service(u64 service) { Handle session_h = 0; - Result rc = Registration::GetServiceHandle(service, &session_h); + Result rc = Registration::GetServiceHandle(this->pid, service, &session_h); return {rc, MovedHandle{session_h}}; } @@ -86,3 +92,20 @@ std::tuple UserService::unregister_service(u64 service) { } return {rc}; } + +std::tuple UserService::install_mitm(u64 service) { + Handle service_h = 0; + Result rc = 0x415; + if (this->has_initialized) { + rc = Registration::InstallMitmForPid(this->pid, service, &service_h); + } + return {rc, MovedHandle{service_h}}; +} + +std::tuple UserService::uninstall_mitm(u64 service) { + Result rc = 0x415; + if (this->has_initialized) { + rc = Registration::UninstallMitmForPid(this->pid, service); + } + return {rc}; +} \ No newline at end of file diff --git a/stratosphere/sm/source/sm_user_service.hpp b/stratosphere/sm/source/sm_user_service.hpp index eddf75723..5911bd768 100644 --- a/stratosphere/sm/source/sm_user_service.hpp +++ b/stratosphere/sm/source/sm_user_service.hpp @@ -6,7 +6,10 @@ enum UserServiceCmd { User_Cmd_Initialize = 0, User_Cmd_GetService = 1, User_Cmd_RegisterService = 2, - User_Cmd_UnregisterService = 3 + User_Cmd_UnregisterService = 3, + + User_Cmd_AtmosphereInstallMitm = 65000, + User_Cmd_AtmosphereUninstallMitm = 65001 }; class UserService : IServiceObject { @@ -26,4 +29,8 @@ class UserService : IServiceObject { std::tuple deferred_get_service(u64 service); std::tuple register_service(u64 service, u8 is_light, u32 max_sessions); std::tuple unregister_service(u64 service); + + /* Atmosphere commands. */ + std::tuple install_mitm(u64 service); + std::tuple uninstall_mitm(u64 service); }; \ No newline at end of file From bb636dc05ad27192d4efa6bec461243f10f646ba Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Sat, 2 Jun 2018 23:42:01 -0600 Subject: [PATCH 8/8] SM: Make Mitm compile-time toggleable, to forestall whining. --- stratosphere/sm/Makefile | 2 +- stratosphere/sm/source/sm_user_service.cpp | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stratosphere/sm/Makefile b/stratosphere/sm/Makefile index c819c77fd..dd7eb33ad 100644 --- a/stratosphere/sm/Makefile +++ b/stratosphere/sm/Makefile @@ -34,7 +34,7 @@ ARCH := -march=armv8-a -mtune=cortex-a57 -mtp=soft -fPIE CFLAGS := -g -Wall -O2 -ffunction-sections \ $(ARCH) $(DEFINES) -CFLAGS += $(INCLUDE) -D__SWITCH__ -DSM_ENABLE_SMHAX +CFLAGS += $(INCLUDE) -D__SWITCH__ -DSM_ENABLE_SMHAX -DSM_ENABLE_MITM CXXFLAGS := $(CFLAGS) -fno-rtti -fno-exceptions -std=gnu++17 diff --git a/stratosphere/sm/source/sm_user_service.cpp b/stratosphere/sm/source/sm_user_service.cpp index a5c36ce6d..4c1bce24a 100644 --- a/stratosphere/sm/source/sm_user_service.cpp +++ b/stratosphere/sm/source/sm_user_service.cpp @@ -18,12 +18,14 @@ Result UserService::dispatch(IpcParsedCommand &r, IpcCommand &out_c, u64 cmd_id, case User_Cmd_UnregisterService: rc = WrapIpcCommandImpl<&UserService::unregister_service>(this, r, out_c, pointer_buffer, pointer_buffer_size); break; +#ifdef SM_ENABLE_MITM case User_Cmd_AtmosphereInstallMitm: rc = WrapIpcCommandImpl<&UserService::install_mitm>(this, r, out_c, pointer_buffer, pointer_buffer_size); break; case User_Cmd_AtmosphereUninstallMitm: rc = WrapIpcCommandImpl<&UserService::uninstall_mitm>(this, r, out_c, pointer_buffer, pointer_buffer_size); break; +#endif default: break; }