Find tsecfw size and offset firmware-agnostically

source/sec/tsec.c

@@ -118,7 +118,7 @@ int tsec_query(u8 *tsec_keys, u8 kb, tsec_ctxt_t *tsec_ctxt)
 	{
 		// Init SMMU translation for TSEC.
 		pdir = smmu_init_for_tsec();
-		smmu_init(tsec_ctxt->secmon_base);
+		smmu_init(0x4002B000);
 		// Enable SMMU
 		if (!smmu_is_used())
 			smmu_enable();
@@ -161,7 +161,7 @@ int tsec_query(u8 *tsec_keys, u8 kb, tsec_ctxt_t *tsec_ctxt)
 		iram = page_alloc(0x30);
 		memcpy(iram, tsec_ctxt->pkg1, 0x30000);
 		// PKG1.1 magic offset.
-		pkg11_magic_off = (u32 *)(iram + ((tsec_ctxt->pkg11_off + 0x20) / 4));
+		pkg11_magic_off = (u32 *)(iram + (0x7000 / 4));
 		smmu_map(pdir, 0x40010000, (u32)iram, 0x30, _READABLE | _WRITABLE | _NONSECURE);
 
 		// Exception vectors

source/sec/tsec.h

@@ -20,15 +20,31 @@
 
 #include "../utils/types.h"
 
+#define TSEC_KEY_DATA_ADDR 0x300
+
 typedef struct _tsec_ctxt_t
 {
 	void *fw;
 	u32 size;
 	void *pkg1;
-	u32 pkg11_off;
-	u32 secmon_base;
 } tsec_ctxt_t;
 
+typedef struct _tsec_key_data_t
+{
+	u8 debug_key[0x10];
+	u8 blob0_auth_hash[0x10];
+	u8 blob1_auth_hash[0x10];
+	u8 blob2_auth_hash[0x10];
+	u8 blob2_aes_iv[0x10];
+	u8 hovi_eks_seed[0x10];
+	u8 hovi_common_seed[0x10];
+	u32 blob0_size;
+	u32 blob1_size;
+	u32 blob2_size;
+	u32 blob3_size;
+	u32 blob4_size;
+} tsec_key_data_t;
+
 int tsec_query(u8 *tsec_keys, u8 kb, tsec_ctxt_t *tsec_ctxt);
 
 #endif