@@ Line 12: / Line 12: @@
 | 4
 | RW
+|-
+| style="background: green" | Yes
+| [[#AES_MACEXTRABLKCNT|AES_MACBLKCNT]]
+| 0x10009004
+| 2
+| W
 |-
 | style="background: green" | Yes
 | [[#AES_BLKCNT|AES_BLKCNT]]
-| 0x10009004
+| 0x10009006
-| 4
+| 2
 | W
 |-
@@ Line 165: / Line 171: @@
 Changing the input word order triggers the key/keyX/keyY FIFOs to be flushed.
+== AES_MACEXTRABLKCNT ==
+(CCM-MAC extra data length)>>4, i.e. the number of block of CCM-MAC extra data.
 == AES_BLKCNT ==
+(Data length)>>4, i.e. the number of blocks to process
-{| class="wikitable" border="1"
-!  Bit
-!  Description
-|-
-| 31-16
-| (Data length)>>4 (i.e. the number of blocks to process)
-|}
 == AES_WRFIFO/AES_RDFIFO ==
@@ Line 230: / Line 232: @@
 == Endianness and word order ==
-When writing to the AES_CTR, AES_MAC or AES_KEY0/1/2/3 register, the hardware will process the written data according to the current input endianness specified in AES_CNT. However, the current specified input word order will not be honored for this register, and always defaults to reversed word order. Therefore, for normal word order, the reversal must be carried out manually if required.
+=== AES_CNT.input_endianness ===
+Swaps the bytes of 32-bit writes to AES_CTR, AES_WRFIFO, AES_KEY*FIFO according to specified endianness. AES_MAC?
+=== AES_CNT.output_endianness ===
+Swaps the bytes of 32-bit reads from AES_RDFIFO.
+=== AES_CNT.input_word_order ===
+If reversed, writes to AES_KEY*FIFO and AES_WRFIFO fill the FIFO backwards. For AES_WRFIFO, this means that every 16-byte block will have its words in the reverse order, but the order of these blocks remains the same. AES_CTR is unaffected by this field. AES_MAC?
+=== AES_CNT.output_word_order ===
+If reversed, reads from AES_RDFIFO will drain the FIFO backwards. This means that every 16-byte output block will have its words in the reverse order, but the order of these blocks remains the same.
 == CCM mode pitfall ==
@@ Line 266: / Line 283: @@
 | SSL cert key.
 | Same for all.
-| Same for all.
+| Same for all, normalkeys-only.
-| style="background: red" | No
+| style="background: orange" | The keyXs are console-unique, however the normalkeys setup by Boot9 later during keyinit are not console-unique.
 |-
 | 0x10-0x17
 | -
-| Not set.
+| Set for all except 0x11..0x13. Keydata is different for these.
-| Not set.
+| Normalkey, same for all except the last 4 are all different.
 | -
 |-
@@ Line 278: / Line 295: @@
 | Never used.
 | Same for all.
-| Same for all.
+| Same for all, normalkeys-only.
-| style="background: green" | Yes
+| style="background: orange" | The keyXs are console-unique, however the normalkeys setup by Boot9 later during keyinit are not console-unique.
 |-
 | 0x1C-0x1F
 | Never used.
 | Same for all.
-| Same for all.
+| Same for all, normalkeys-only.
-| style="background: green" | Yes
+| style="background: orange" | The keyXs are console-unique, however the normalkeys setup by Boot9 later during keyinit are not console-unique.
 |-
 | 0x20-0x23
 | Never used.
 | Same for all.
-| Same for all.
+| Same for all, normalkeys-only.
-| style="background: orange" | Normalkey is not. keyX is. keyY unknown.
+| style="background: orange" | The keyXs are console-unique, however the normalkeys setup by Boot9 later during keyinit are not console-unique.
 |-
 | 0x24
 | Never used.
 | Individually set.
-| Individually set.
+| Individually set, normalkey-only.
-| style="background: orange" | Normalkey is not. keyX is. keyY unknown.
+| style="background: orange" | The keyX is console-unique, however the normalkey setup by Boot9 later during keyinit is not console-unique.
 |-
 | 0x25-0x27
 | -
 | Not set.
-| Not set.
+| Same for all, normalkeys-only. Same keydata as keyslot 0x24.
-| -
+| style="background: red" | No
 |-
 | 0x28-0x2B
 | Never used.
 | Individually set.
-| Individually set.
+| Individually set, normalkeys-only. Keyslot 0x28 has same normalkey as keyslot 0x24.
-| style="background: orange" | Normalkey is not. keyX is. keyY unknown.
+| style="background: orange" | The keyX is console-unique, however the normalkey setup by Boot9 later during keyinit is not console-unique.
 |-
 | 0x2C-0x2F
 | Various uniques.
 | Same for all.
-| Same for all, probably.
+| Same for all, normalkeys-only.
 | style="background: red" | No
 |-
@@ Line 320: / Line 337: @@
 | Various uniques.
 | Same for all.
-| Same for all, probably.
+| Same for all, normalkeys-only.
 | style="background: red" | No
 |-
@@ Line 326: / Line 343: @@
 | Various uniques.
 | Same for all.
-| Same for all, probably.
+| Same for all, normalkeys-only.
 | style="background: red" | No
 |-
@@ Line 332: / Line 349: @@
 | Various uniques.
 | Same for all.
-| Different for all.
+| Same for all, normalkeys-only.
 | style="background: red" | No
 |-
@@ Line 338: / Line 355: @@
 | Various uniques.
 | Individually set.
-| Individually set.
+| Individually set, normalkeys-only. Keyslot 0x3C has same normalkey as 0x38-0x3B.
 | style="background: red" | No
 |}
@@ Line 465: / Line 482: @@
 | -
 | No
+|-
+| 0x20
+| [[System_SaveData|System Save Data]] encryption key during [[System_Transfer|System Transfers]]. See [[System_Transfer#System_Save_Data_Transfer|System Save Data Transfer]].
+| Bootrom.
+| NATIVE_FIRM
+| NATIVE_FIRM
+| Yes
 |-
 | 0x24
@@ Line 558: / Line 582: @@
 | Movable.sed key.
-This is the keyslot used for movable.sed encryption + AES-CBC MAC with the import/export [[FSPXI:ImportIntegrityVerificationSeed|commands]].
+This is the keyslot used for movable.sed encryption + AES-CBC MAC with the import/export [[FSPXI:ImportIntegrityVerificationSeed|commands]]. The keyYs used for crypto/CMAC are different, but both can be found in process9 rodata.
-| Bootrom.
 | Bootrom.
+| NATIVE_FIRM.
 | -
 | Yes
 |-
 | 0x36
-| Unknown. Used by friends module.
+| Used by the [[Friend_Services|the friends module]] for [[Friend_Services#Approach_Contexts|ApproachContext]] encryption. See [[FRDU:GetMyApproachContext]].
-See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]].
 | Bootrom.
 | Bootrom.
@@ Line 686: / Line 708: @@
 * The last initialized keyslot is 0x3F, via normalkey. The keydata for this is copied to 0xFFF00618. This is for restoring the keydata when non-NAND FIRM boot ''fails'', since those use keyslot 0x3F with other keydata.
 * Lastly it clears the 0x40-bytes at tmpbuf with the u32 loaded from bootrom_dataptr(the word following the above keyslot 0x3F keydata), then returns.
+The keyslots are initialized with the same order of keyslots+keydata_type listed below:
+Console-unique keydata, after the initialization for the key-generation keyslot(0x3F):
+x04..0x07 keyX
+x08..0x0B keyX
+x0C..0x0F keyX
+x10       keyX
+x14..0x17 keyX
+x18..0x1B keyX
+x1C..0x1F keyX
+x20..0x23 keyX
+x24       keyX
+x28..0x2B keyX
+Common keydata:
+x2C..0x2F keyX
+x30..0x33 keyX
+x34..0x37 keyX
+x38..0x3B keyX
+x3C..0x3F keyX
+x04..0x0B keyY
+x0C..0x0F normalkey
+x10..0x13 normalkey
+x14..0x17 normalkey
+x18..0x1B normalkey
+x1C..0x1F normalkey
+x20..0x23 normalkey
+x24..0x27 normalkey
+x28..0x2B normalkey
+x2C..0x2F normalkey
+x30..0x33 normalkey
+x34..0x37 normalkey
+x38..0x3B normalkey
+x3C..0x3F normalkey

AES Registers: Difference between revisions