diff --git a/src/core/crypto/key_manager.cpp b/src/core/crypto/key_manager.cpp
index d2ce4f5bf5..fd07860684 100644
--- a/src/core/crypto/key_manager.cpp
+++ b/src/core/crypto/key_manager.cpp
@@ -98,7 +98,7 @@ std::array<u8, 144> DecryptKeyblob(const std::array<u8, 176>& encrypted_keyblob,
     return keyblob;
 }
 
-void KeyManager::DeriveGeneralPurposeKeys(u8 crypto_revision) {
+void KeyManager::DeriveGeneralPurposeKeys(std::size_t crypto_revision) {
     const auto kek_generation_source =
         GetKey(S128KeyType::Source, static_cast<u64>(SourceKeyType::AESKekGeneration));
     const auto key_generation_source =
@@ -270,6 +270,9 @@ static std::array<u8, size> operator^(const std::array<u8, size>& lhs,
 
 template <size_t target_size, size_t in_size>
 static std::array<u8, target_size> MGF1(const std::array<u8, in_size>& seed) {
+    // Avoids truncation overflow within the loop below.
+    static_assert(target_size <= 0xFF);
+
     std::array<u8, in_size + 4> seed_exp{};
     std::memcpy(seed_exp.data(), seed.data(), in_size);
 
@@ -277,7 +280,7 @@ static std::array<u8, target_size> MGF1(const std::array<u8, in_size>& seed) {
     size_t i = 0;
     while (out.size() < target_size) {
         out.resize(out.size() + 0x20);
-        seed_exp[in_size + 3] = i;
+        seed_exp[in_size + 3] = static_cast<u8>(i);
         mbedtls_sha256(seed_exp.data(), seed_exp.size(), out.data() + out.size() - 0x20, 0);
         ++i;
     }
diff --git a/src/core/crypto/key_manager.h b/src/core/crypto/key_manager.h
index a41abbdfcd..cccb3c0aec 100644
--- a/src/core/crypto/key_manager.h
+++ b/src/core/crypto/key_manager.h
@@ -175,7 +175,7 @@ private:
     void WriteKeyToFile(KeyCategory category, std::string_view keyname,
                         const std::array<u8, Size>& key);
 
-    void DeriveGeneralPurposeKeys(u8 crypto_revision);
+    void DeriveGeneralPurposeKeys(std::size_t crypto_revision);
 
     void SetKeyWrapped(S128KeyType id, Key128 key, u64 field1 = 0, u64 field2 = 0);
     void SetKeyWrapped(S256KeyType id, Key256 key, u64 field1 = 0, u64 field2 = 0);
diff --git a/src/core/crypto/partition_data_manager.cpp b/src/core/crypto/partition_data_manager.cpp
index bef8cdaf00..51d89508bd 100644
--- a/src/core/crypto/partition_data_manager.cpp
+++ b/src/core/crypto/partition_data_manager.cpp
@@ -332,7 +332,8 @@ FileSys::VirtualFile PartitionDataManager::GetBoot0Raw() const {
     return boot0;
 }
 
-PartitionDataManager::EncryptedKeyBlob PartitionDataManager::GetEncryptedKeyblob(u8 index) const {
+PartitionDataManager::EncryptedKeyBlob PartitionDataManager::GetEncryptedKeyblob(
+    std::size_t index) const {
     if (HasBoot0() && index < NUM_ENCRYPTED_KEYBLOBS)
         return GetEncryptedKeyblobs()[index];
     return {};
@@ -389,7 +390,7 @@ std::array<u8, 16> PartitionDataManager::GetKeyblobMACKeySource() const {
     return FindKeyFromHex(package1_decrypted_bytes, source_hashes[0]);
 }
 
-std::array<u8, 16> PartitionDataManager::GetKeyblobKeySource(u8 revision) const {
+std::array<u8, 16> PartitionDataManager::GetKeyblobKeySource(std::size_t revision) const {
     if (keyblob_source_hashes[revision] == SHA256Hash{}) {
         LOG_WARNING(Crypto,
                     "No keyblob source hash for crypto revision {:02X}! Cannot derive keys...",
@@ -456,11 +457,12 @@ void PartitionDataManager::DecryptPackage2(std::array<std::array<u8, 16>, 0x20>
     if (file->ReadObject(&header) != sizeof(Package2Header))
         return;
 
-    u8 revision = 0xFF;
+    std::size_t revision = 0xFF;
     if (header.magic != Common::MakeMagic('P', 'K', '2', '1')) {
-        for (size_t i = 0; i < package2_keys.size(); ++i) {
-            if (AttemptDecrypt(package2_keys[i], header))
+        for (std::size_t i = 0; i < package2_keys.size(); ++i) {
+            if (AttemptDecrypt(package2_keys[i], header)) {
                 revision = i;
+            }
         }
     }
 
diff --git a/src/core/crypto/partition_data_manager.h b/src/core/crypto/partition_data_manager.h
index 7c9c4410a9..9e448f7205 100644
--- a/src/core/crypto/partition_data_manager.h
+++ b/src/core/crypto/partition_data_manager.h
@@ -34,7 +34,7 @@ public:
     // BOOT0
     bool HasBoot0() const;
     FileSys::VirtualFile GetBoot0Raw() const;
-    EncryptedKeyBlob GetEncryptedKeyblob(u8 index) const;
+    EncryptedKeyBlob GetEncryptedKeyblob(std::size_t index) const;
     EncryptedKeyBlobs GetEncryptedKeyblobs() const;
     std::vector<u8> GetSecureMonitor() const;
     std::array<u8, 0x10> GetPackage2KeySource() const;
@@ -46,7 +46,7 @@ public:
     std::vector<u8> GetPackage1Decrypted() const;
     std::array<u8, 0x10> GetMasterKeySource() const;
     std::array<u8, 0x10> GetKeyblobMACKeySource() const;
-    std::array<u8, 0x10> GetKeyblobKeySource(u8 revision) const;
+    std::array<u8, 0x10> GetKeyblobKeySource(std::size_t revision) const;
 
     // Fuses
     bool HasFuses() const;