I'm not sure whether digging in the kernel would give us anything.
From what I understand SBK is a Tegra hardware feature and it does not need any OS running to function.
Once you write SBK decryption key to the chip it is used to decrypt APX commands (also a chip feature) and decrypt the bootloader.
So, if the SBK decryption key is the same on all devices, you can distribute an encrypted bootloader in the update.zip and it will work on all devices. This does not need any kernel support.
If the SBK decryption key is different on each device, you need to distribute an unencrypted bootloader, and encrypt it on device before writing it to flash. This also does not need kernel support, besides maybe giving access to some variable used to compute the SBK encryption key.
From what I can tell, it is different for each device.
I was wondering since, in the kernel file tegra_fuse.c, there was this:
[SBK] = {
.addr = fuse_info.sbk,
.sz = sizeof(fuse_info.sbk),
.start_off = 0x0A,
.start_bit = 8,
.nbits = 128,
.data_offset = 5,
.sysfs_name = "secure_boot_key",
},
I understand it is a hardware feature but this is at the kernel level so I thought it could direct us to what it could be like.
the aes_generic.c under crypto has 4 tables of variables with 4 subtables. None of what I was able to generate with the CPUID page from Vache is in there, which meand the acer UID would probably not be the number we look for.
Lastly, this string is in the kernel config:
CONFIG_CRYPTO_DEV_TEGRA_AES=y
So, the AES crypto is enabled. We just need to find what it generates.
As stated before, I might be wrong, but these are ideas I think that could be of interest.
Edit: As I stated before too, it seems the number of fuses is indeed 64. So, all the 0s would really mean none were burnt so far in those.
Last edited: