Merge pull request #8255 from JosJuice/remove-unsigned-warning

Remove "not signed by Nintendo" warning when installing WADs
This commit is contained in:
Anthony 2019-08-21 09:38:35 -07:00 committed by GitHub
commit 2a95227f64
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 48 additions and 54 deletions

View File

@ -102,8 +102,6 @@ const ConfigInfo<std::string> MAIN_PERF_MAP_DIR{{System::Main, "Core", "PerfMapD
const ConfigInfo<bool> MAIN_CUSTOM_RTC_ENABLE{{System::Main, "Core", "EnableCustomRTC"}, false};
// Default to seconds between 1.1.1970 and 1.1.2000
const ConfigInfo<u32> MAIN_CUSTOM_RTC_VALUE{{System::Main, "Core", "CustomRTCValue"}, 946684800};
const ConfigInfo<bool> MAIN_ENABLE_SIGNATURE_CHECKS{{System::Main, "Core", "EnableSignatureChecks"},
true};
const ConfigInfo<bool> MAIN_REDUCE_POLLING_RATE{{System::Main, "Core", "ReducePollingRate"}, false};
const ConfigInfo<bool> MAIN_AUTO_DISC_CHANGE{{System::Main, "Core", "AutoDiscChange"}, false};

View File

@ -76,7 +76,6 @@ extern const ConfigInfo<std::string> MAIN_GPU_DETERMINISM_MODE;
extern const ConfigInfo<std::string> MAIN_PERF_MAP_DIR;
extern const ConfigInfo<bool> MAIN_CUSTOM_RTC_ENABLE;
extern const ConfigInfo<u32> MAIN_CUSTOM_RTC_VALUE;
extern const ConfigInfo<bool> MAIN_ENABLE_SIGNATURE_CHECKS;
extern const ConfigInfo<bool> MAIN_REDUCE_POLLING_RATE;
extern const ConfigInfo<bool> MAIN_AUTO_DISC_CHANGE;

View File

@ -242,7 +242,6 @@ void SConfig::SaveCoreSettings(IniFile& ini)
core->Set("PerfMapDir", m_perfDir);
core->Set("EnableCustomRTC", bEnableCustomRTC);
core->Set("CustomRTCValue", m_customRTCValue);
core->Set("EnableSignatureChecks", m_enable_signature_checks);
}
void SConfig::SaveMovieSettings(IniFile& ini)
@ -529,7 +528,6 @@ void SConfig::LoadCoreSettings(IniFile& ini)
core->Get("EnableCustomRTC", &bEnableCustomRTC, false);
// Default to seconds between 1.1.1970 and 1.1.2000
core->Get("CustomRTCValue", &m_customRTCValue, 946684800);
core->Get("EnableSignatureChecks", &m_enable_signature_checks, true);
}
void SConfig::LoadMovieSettings(IniFile& ini)

View File

@ -167,8 +167,6 @@ struct SConfig
std::set<std::pair<u16, u16>> m_usb_passthrough_devices;
bool IsUSBDeviceWhitelisted(std::pair<u16, u16> vid_pid) const;
bool m_enable_signature_checks = true;
// Fifo Player related settings
bool bLoopFifoReplay = true;

View File

@ -842,9 +842,6 @@ static const std::string CERT_STORE_PATH = "/sys/cert.sys";
ReturnCode ES::ReadCertStore(std::vector<u8>* buffer) const
{
if (!SConfig::GetInstance().m_enable_signature_checks)
return IPC_SUCCESS;
const auto store_file =
m_ios.GetFS()->OpenFile(PID_KERNEL, PID_KERNEL, CERT_STORE_PATH, FS::Mode::Read);
if (!store_file)
@ -885,9 +882,6 @@ ReturnCode ES::VerifyContainer(VerifyContainerType type, VerifyMode mode,
const IOS::ES::SignedBlobReader& signed_blob,
const std::vector<u8>& cert_chain, u32* issuer_handle_out)
{
if (!SConfig::GetInstance().m_enable_signature_checks)
return IPC_SUCCESS;
if (!signed_blob.IsSignatureValid())
return ES_EINVAL;

View File

@ -110,11 +110,18 @@ public:
// Ticket is unpersonalised, so ignore any console specific decryption data.
Unpersonalised,
};
enum class VerifySignature
{
No,
Yes,
};
ReturnCode ImportTicket(const std::vector<u8>& ticket_bytes, const std::vector<u8>& cert_chain,
TicketImportType type = TicketImportType::PossiblyPersonalised);
TicketImportType type = TicketImportType::PossiblyPersonalised,
VerifySignature verify_signature = VerifySignature::Yes);
ReturnCode ImportTmd(Context& context, const std::vector<u8>& tmd_bytes);
ReturnCode ImportTitleInit(Context& context, const std::vector<u8>& tmd_bytes,
const std::vector<u8>& cert_chain);
const std::vector<u8>& cert_chain,
VerifySignature verify_signature = VerifySignature::Yes);
ReturnCode ImportContentBegin(Context& context, u64 title_id, u32 content_id);
ReturnCode ImportContentData(Context& context, u32 content_fd, const u8* data, u32 data_size);
ReturnCode ImportContentEnd(Context& context, u32 content_fd);

View File

@ -120,12 +120,6 @@ IPCCommandResult ES::Sign(const IOCtlVRequest& request)
ReturnCode ES::VerifySign(const std::vector<u8>& hash, const std::vector<u8>& ecc_signature,
const std::vector<u8>& certs_bytes)
{
if (!SConfig::GetInstance().m_enable_signature_checks)
{
WARN_LOG(IOS_ES, "VerifySign: signature checks are disabled. Skipping.");
return IPC_SUCCESS;
}
const std::map<std::string, IOS::ES::CertReader> certs = IOS::ES::ParseCertChain(certs_bytes);
if (certs.empty())
return ES_EINVAL;

View File

@ -51,7 +51,7 @@ void ES::TitleImportExportContext::DoState(PointerWrap& p)
}
ReturnCode ES::ImportTicket(const std::vector<u8>& ticket_bytes, const std::vector<u8>& cert_chain,
TicketImportType type)
TicketImportType type, VerifySignature verify_signature)
{
IOS::ES::TicketReader ticket{ticket_bytes};
if (!ticket.IsValid())
@ -75,10 +75,13 @@ ReturnCode ES::ImportTicket(const std::vector<u8>& ticket_bytes, const std::vect
}
}
const ReturnCode verify_ret =
VerifyContainer(VerifyContainerType::Ticket, VerifyMode::UpdateCertStore, ticket, cert_chain);
if (verify_ret != IPC_SUCCESS)
return verify_ret;
if (verify_signature != VerifySignature::No)
{
const ReturnCode verify_ret = VerifyContainer(VerifyContainerType::Ticket,
VerifyMode::UpdateCertStore, ticket, cert_chain);
if (verify_ret != IPC_SUCCESS)
return verify_ret;
}
const ReturnCode write_ret = WriteTicket(m_ios.GetFS().get(), ticket);
if (write_ret != IPC_SUCCESS)
@ -206,7 +209,7 @@ static ReturnCode InitTitleImportKey(const std::vector<u8>& ticket_bytes, IOSC&
}
ReturnCode ES::ImportTitleInit(Context& context, const std::vector<u8>& tmd_bytes,
const std::vector<u8>& cert_chain)
const std::vector<u8>& cert_chain, VerifySignature verify_signature)
{
INFO_LOG(IOS_ES, "ImportTitleInit");
ResetTitleImportContext(&context, m_ios.GetIOSC());
@ -220,24 +223,32 @@ ReturnCode ES::ImportTitleInit(Context& context, const std::vector<u8>& tmd_byte
// Finish a previous import (if it exists).
FinishStaleImport(context.title_import_export.tmd.GetTitleId());
ReturnCode ret = VerifyContainer(VerifyContainerType::TMD, VerifyMode::UpdateCertStore,
context.title_import_export.tmd, cert_chain);
if (ret != IPC_SUCCESS)
return ret;
ReturnCode ret = IPC_SUCCESS;
if (verify_signature != VerifySignature::No)
{
ret = VerifyContainer(VerifyContainerType::TMD, VerifyMode::UpdateCertStore,
context.title_import_export.tmd, cert_chain);
if (ret != IPC_SUCCESS)
return ret;
}
const auto ticket = FindSignedTicket(context.title_import_export.tmd.GetTitleId());
if (!ticket.IsValid())
return ES_NO_TICKET;
std::vector<u8> cert_store;
ret = ReadCertStore(&cert_store);
if (ret != IPC_SUCCESS)
return ret;
if (verify_signature != VerifySignature::No)
{
std::vector<u8> cert_store;
ret = ReadCertStore(&cert_store);
if (ret != IPC_SUCCESS)
return ret;
ret = VerifyContainer(VerifyContainerType::Ticket, VerifyMode::DoNotUpdateCertStore, ticket,
cert_store);
if (ret != IPC_SUCCESS)
return ret;
ret = VerifyContainer(VerifyContainerType::Ticket, VerifyMode::DoNotUpdateCertStore, ticket,
cert_store);
if (ret != IPC_SUCCESS)
return ret;
}
ret = InitTitleImportKey(ticket.GetBytes(), m_ios.GetIOSC(),
&context.title_import_export.key_handle);

View File

@ -46,7 +46,8 @@
namespace WiiUtils
{
static bool ImportWAD(IOS::HLE::Kernel& ios, const DiscIO::VolumeWAD& wad)
static bool ImportWAD(IOS::HLE::Kernel& ios, const DiscIO::VolumeWAD& wad,
IOS::HLE::Device::ES::VerifySignature verify_signature)
{
if (!wad.GetTicket().IsValid() || !wad.GetTMD().IsValid())
{
@ -59,28 +60,20 @@ static bool ImportWAD(IOS::HLE::Kernel& ios, const DiscIO::VolumeWAD& wad)
IOS::HLE::Device::ES::Context context;
IOS::HLE::ReturnCode ret;
const bool checks_enabled = SConfig::GetInstance().m_enable_signature_checks;
// Ensure the common key index is correct, as it's checked by IOS.
IOS::ES::TicketReader ticket = wad.GetTicketWithFixedCommonKey();
while ((ret = es->ImportTicket(ticket.GetBytes(), wad.GetCertificateChain(),
IOS::HLE::Device::ES::TicketImportType::Unpersonalised)) < 0 ||
(ret = es->ImportTitleInit(context, tmd.GetBytes(), wad.GetCertificateChain())) < 0)
IOS::HLE::Device::ES::TicketImportType::Unpersonalised,
verify_signature)) < 0 ||
(ret = es->ImportTitleInit(context, tmd.GetBytes(), wad.GetCertificateChain(),
verify_signature)) < 0)
{
if (checks_enabled && ret == IOS::HLE::IOSC_FAIL_CHECKVALUE &&
AskYesNoT("This WAD has not been signed by Nintendo. Continue to import?"))
{
SConfig::GetInstance().m_enable_signature_checks = false;
continue;
}
if (ret != IOS::HLE::IOSC_FAIL_CHECKVALUE)
PanicAlertT("WAD installation failed: Could not initialise title import (error %d).", ret);
SConfig::GetInstance().m_enable_signature_checks = checks_enabled;
return false;
}
SConfig::GetInstance().m_enable_signature_checks = checks_enabled;
const bool contents_imported = [&]() {
const u64 title_id = tmd.GetTitleId();
@ -148,7 +141,8 @@ bool InstallWAD(IOS::HLE::Kernel& ios, const DiscIO::VolumeWAD& wad, InstallType
if (previous_temporary_title_id)
ios.GetES()->DeleteTitleContent(previous_temporary_title_id);
if (!ImportWAD(ios, wad))
// A lot of people use fakesigned WADs, so disable signature checking when installing a WAD.
if (!ImportWAD(ios, wad, IOS::HLE::Device::ES::VerifySignature::No))
return false;
// Keep track of the title ID so this title can be removed to make room for any future install.
@ -738,7 +732,8 @@ UpdateResult DiscSystemUpdater::ProcessEntry(u32 type, std::bitset<32> attrs,
return UpdateResult::DiscReadFailed;
}
const DiscIO::VolumeWAD wad{std::move(blob)};
return ImportWAD(m_ios, wad) ? UpdateResult::Succeeded : UpdateResult::ImportFailed;
const bool success = ImportWAD(m_ios, wad, IOS::HLE::Device::ES::VerifySignature::Yes);
return success ? UpdateResult::Succeeded : UpdateResult::ImportFailed;
}
UpdateResult DoOnlineUpdate(UpdateCallback update_callback, const std::string& region)