Secure Kernel Calls: Difference between revisions

← Older edit

Secure Kernel Calls (view source)

Revision as of 03:02, 28 March 2024

25 bytes added , 3 months ago

m

Moved remaining references to outside the code tags.

VisualWikitext

Bigbass

Bureaucrats, Administrators

328

edits

Revision as of 02:44, 28 March 2024 (view source) Jhynjhiruu (talk \| contribs) (Create page) Tag: Visual edit: Switched		Latest revision as of 03:02, 28 March 2024 (view source) Bigbass (talk \| contribs) m (Moved remaining references to outside the code tags.)
(One intermediate revision by the same user not shown)
Line 14: \|+Ticket bundle{{refn\|name=skDecompTicketBundle\|decompals, [https://github.com/decompals/iQuePlayer-SecureKernel/blob/main/include/bbtypes.h#L130-L134 iQuePlayer-SecureKernel], BbTicketBundle}} !Offset ! style="width: 175px" \| C type !Name !Description \|- \|0x00 \|<code>Ticket </code>{{refn\|name=skDecompTicket\|decompals, [https://github.com/decompals/iQuePlayer-SecureKernel/blob/main/include/bbtypes.h#L123-L126 iQuePlayer-SecureKernel], BbTicket}}{{refn\|name=iQBTicket\|iQueBrew, "Ticket"}} </code> \|<code>ticket</code> \|A pointer to an iQue Player ticket structure. \|- \|0x04 \|<code>Certificate [5]</code>{{refn\|name=skDecompCert\|decompals, [https://github.com/decompals/iQuePlayer-SecureKernel/blob/main/include/bbtypes.h#L56-L65 iQuePlayer-SecureKernel], BbCertBase}} [5]</code> \|<code>ticketCerts</code> \|An array of 5 pointers to content certificates; this must be a valid certificate chain, such that the first certificate signs the ticket, the second certificate signs the first certificate, etc., until a certificate is signed by <code>Root</code>. Unused certificate slots should be set to <code>NULL</code>. \|- \|0x18 \|<code>Certificate~~{{refn\|name=skDecompCert}}~~ *[5]</code>{{refn\|name=skDecompCert}} \|<code>cmdCerts</code> \|An array of 5 pointers to content certificates; this must also be a valid certificate chain, but that signs the ticket's embedded CMD structure. \|} The ticket structure contains all of the information needed for SK to set up the encryption hardware to decrypt the application to be launched. SK ensures that the ticket and its included CMD{{refn\|name=skDecompCmd\|decompals, [https://github.com/decompals/iQuePlayer-SecureKernel/blob/main/include/bbtypes.h#L105-L108 iQuePlayer-SecureKernel], BbContentMetaData}}{{refn\|name=iQBCmd\|iQueBrew, "CMD"}} are signed by iQue, as the CMD contains the SHA-1 hash of the application to be launched. ==== <span style="display:none;">Launch CRLs</code> ==== ---- Line 44 ⟶ 45: \|- \|0x00 \|<code>CRL bundle</code>{{refn\|name=skDecompLaunchCrls}}~~</code>~~ \|<code>ticketRL</code> \|A Certificate Revocation List bundle for revoking certificates that sign tickets. \|- \|0x1C \|<code>CRL bundle</code>{{refn\|name=skDecompLaunchCrls}}~~</code>~~ \|<code>certRL</code> \|A Certificate Revocation List bundle for revoking certificates that sign other certificates. \|- \|0x38 \|<code>CRL bundle</code>{{refn\|name=skDecompLaunchCrls}}~~</code>~~ \|<code>cmdRL</code> \|A Certificate Revocation List bundle for revoking certificates that sign CMD structures. Line 69 ⟶ 70: \|- \|0x00 \|<code>ECC signature</code>{{refn\|name=skDecompEccSig\|decompals, [https://github.com/decompals/iQuePlayer-SecureKernel/blob/main/include/bbtypes.h#L17 iQuePlayer-SecureKernel], BbEccSig}}~~</code>~~ \|<code>sig</code> \|An ECC signature (using the console's ECC private key and the identity <code>0x06091968</code>{{refn\|name=skDecompEccIdent\|decompals, [https://github.com/decompals/iQuePlayer-SecureKernel/blob/main/src/9FC043B0.c#L11 iQuePlayer-SecureKernel]}}, presumably a significant date for one of the developers) over the following data.