From b074d14107fcde254e9f85c5140da909fffd0292 Mon Sep 17 00:00:00 2001
From: shchmue <shchmue@gmail.com>
Date: Wed, 9 Dec 2020 19:08:24 -0700
Subject: [PATCH] keys: Finalize Mariko compatibility with save mac

---
 source/keys/keys.c           | 15 ++++++++++-----
 source/main.c                |  9 ---------
 source/storage/nx_emmc_bis.c |  8 ++++----
 source/storage/nx_emmc_bis.h |  1 +
 4 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/source/keys/keys.c b/source/keys/keys.c
index fa850bc..13a4c01 100644
--- a/source/keys/keys.c
+++ b/source/keys/keys.c
@@ -358,8 +358,9 @@ static void _derive_misc_keys(key_derivation_ctx_t *keys, u32 *derivable_key_cou
         se_aes_crypt_block_ecb(8, 0, keys->header_key + 0x10, header_key_source + 0x10);
     }
 
-    if (_key_exists(keys->device_key)) {
-        _generate_kek(8, save_mac_kek_source, keys->device_key, aes_kek_generation_source, NULL);
+    if (_key_exists(keys->device_key) || (_key_exists(keys->master_key[0]) && _key_exists(keys->device_key_4x))) {
+        _get_device_key(8, keys->temp_key, 0, keys->device_key, keys->device_key_4x, keys->master_key[0]);
+        _generate_kek(8, save_mac_kek_source, keys->temp_key, aes_kek_generation_source, NULL);
         se_aes_crypt_block_ecb(8, 0, keys->save_mac_key, save_mac_key_source);
     }
 
@@ -675,7 +676,7 @@ get_titlekeys:
     se_aes_xts_crypt(1, 0, 0, 0, titlekey_buffer->read_buffer, titlekey_buffer->read_buffer, XTS_CLUSTER_SIZE, NX_EMMC_CALIBRATION_SIZE / XTS_CLUSTER_SIZE);
 
     nx_emmc_cal0_t *cal0 = (nx_emmc_cal0_t *)titlekey_buffer->read_buffer;
-    if (cal0->magic != 0x304C4143) {
+    if (cal0->magic != MAGIC_CAL0) {
         EPRINTF("Invalid CAL0 magic. Check BIS key 0.");
         goto dismount;
     }
@@ -880,12 +881,16 @@ static void _generate_kek(u32 ks, const void *key_source, void *master_key, cons
 }
 
 static void _get_device_key(u32 ks, void *out_device_key, u32 revision, const void *device_key, const void *new_device_key, const void *master_key) {
-    if (revision < KB_FIRMWARE_VERSION_400) {
+    if (revision == KB_FIRMWARE_VERSION_100_200 && !h_cfg.t210b01) {
         memcpy(out_device_key, device_key, AES_128_KEY_SIZE);
         return;
     }
 
-    revision -= KB_FIRMWARE_VERSION_400;
+    if (revision >= KB_FIRMWARE_VERSION_400) {
+        revision -= KB_FIRMWARE_VERSION_400;
+    } else {
+        revision = 0;
+    }
     u32 temp_key[AES_128_KEY_SIZE / 4] = {0};
     se_aes_key_set(ks, new_device_key, AES_128_KEY_SIZE);
     se_aes_crypt_ecb(ks, 0, temp_key, AES_128_KEY_SIZE, device_master_key_source_sources[revision], AES_128_KEY_SIZE);
diff --git a/source/main.c b/source/main.c
index e5fc205..5a7d03a 100644
--- a/source/main.c
+++ b/source/main.c
@@ -362,15 +362,6 @@ void ipl_main()
 
 	display_backlight_pwm_init();
 
-	if (h_cfg.t210b01)
-	{
-		gfx_printf("Mariko SOC detected!\nMariko is currently unsupported\nbut stay tuned...");
-		gfx_printf("\n\n Press any button to power off.");
-		display_backlight_brightness(h_cfg.backlight, 1000);
-		btn_wait();
-		power_off();
-	}
-
 	// Overclock BPMP.
 	bpmp_clk_rate_set(BPMP_CLK_DEFAULT_BOOST);
 
diff --git a/source/storage/nx_emmc_bis.c b/source/storage/nx_emmc_bis.c
index 243a3ee..a2d19c2 100644
--- a/source/storage/nx_emmc_bis.c
+++ b/source/storage/nx_emmc_bis.c
@@ -95,7 +95,7 @@ static int _nx_aes_xts_crypt_sec(u32 tweak_ks, u32 crypt_ks, u32 enc, u8 *tweak,
 	for (u32 i = 0; i < (tweak_exp << 5); i++)
 		_gf256_mul_x_le(tweak);
 
-	u8 orig_tweak[0x10];
+	u8 orig_tweak[0x10] __attribute__((aligned(4)));
 	memcpy(orig_tweak, tweak, 0x10);
 
 	// We are assuming a 0x10-aligned sector size in this implementation.
@@ -131,7 +131,7 @@ static int nx_emmc_bis_write_block(u32 sector, u32 count, void *buff, bool force
 	if (!system_part)
 		return 3; // Not ready.
 
-	u8 tweak[0x10];
+	u8 tweak[0x10] __attribute__((aligned(4)));
 	u32 cluster = sector / SECTORS_PER_CLUSTER;
 	u32 aligned_sector = cluster * SECTORS_PER_CLUSTER;
 	u32 sector_index_in_cluster = sector % SECTORS_PER_CLUSTER;
@@ -186,8 +186,8 @@ static int nx_emmc_bis_read_block(u32 sector, u32 count, void *buff)
 
 	static u32 prev_cluster = -1;
 	static u32 prev_sector = 0;
-	static u8 tweak[0x10];
-	u8 cache_tweak[0x10];
+	static u8 tweak[0x10] __attribute__((aligned(4)));
+	u8 cache_tweak[0x10] __attribute__((aligned(4)));
 
 	u32 tweak_exp = 0;
 	bool regen_tweak = true;
diff --git a/source/storage/nx_emmc_bis.h b/source/storage/nx_emmc_bis.h
index 3a6aeca..4eb5d82 100644
--- a/source/storage/nx_emmc_bis.h
+++ b/source/storage/nx_emmc_bis.h
@@ -225,6 +225,7 @@ typedef struct _nx_emmc_cal0_t
 	u8   console_6axis_sensor_mount_type;
 } __attribute__((packed)) nx_emmc_cal0_t;
 
+#define MAGIC_CAL0 0x304C4143
 #define NX_EMMC_CALIBRATION_OFFSET 0x4400
 #define NX_EMMC_CALIBRATION_SIZE   0x8000
 #define XTS_CLUSTER_SIZE           0x4000