Switch 2: BCT: Difference between revisions

From Nintendo Switch Brew
Jump to navigation Jump to search
← Older edit
No edit summary
 
(One intermediate revision by the same user not shown)
Line 17: Line 17:
|  0x4
|  0x4
|  0x40
|  0x40
BctHash (SHA-512 hash over data from 0x44 to 0x2000)
DigestHash (SHA-512 hash over data from 0x44 to 0x2000)
|-
|-
|  0x44
|  0x44
Line 39: Line 39:
|   
|   
|-
|-
| 0x1200
| style="background: red" | Signed Section Begin
| 0xE00
| style="background: red" |  
| SignedSect
| style="background: red" |  
|}
 
=== SignedSect ===
{| class="wikitable" border="1"
|-
!  Offset
!  Size
!  Description
|-
|-
| style="background: orange" | AAD Section Begin
| style="background: orange" | AAD Section Begin
Line 55: Line 47:
| style="background: orange" |  
| style="background: orange" |  
|-
|-
0x0
0x1200
|  0x10
|  0x10
|  Salt1. Random 16 bytes.
|  Salt1
|-
|-
0x10
0x1210
|  0x4
|  0x4
|  Magic ("BCTB")
|  Magic ("BCTB")
|-
|-
0x14
0x1214
0x14
0x4
KdfLabel
|  BctEds
|-
|  0x1218
|  0x10
|   
|-
|-
0x28
0x1228
|  0x4
|  0x4
Zeroes
|   
|-
|-
0x2C
0x122C
0x0C
0xC
AesGcmIv
Iv
|-
|-
| style="background: orange" | AAD Section End
| style="background: orange" | AAD Section End
Line 79: Line 75:
| style="background: orange" |  
| style="background: orange" |  
|-
|-
0x38
0x1238
|  0x10
|  0x10
AesGcmTag
Tag
|-
|-
0x48
0x1248
|  0xC0 (0x30 * 4)
|  0xC0 (0x30 * 4)
|  [[#NvBctPtInfo|PtInfo]][4]
|  [[#NvBctPtInfo|PtInfo]][4]
|-
|-
0x108
0x1308
0x1
0x4
VerMajor
[[#Version|Version]]
|-
|  0x109
|  0x1
|  VerMinor
|-
|  0x10A
|  0x1
|  RatchetLevel
|-
|  0x10B
|  0x1
| RevokePk. Bit0: RevokeH0, Bit1: RevokeH1
|-
|-
0x10C
0x130C
|  0x400
|  0x400
CustomerInfo
CustomerInfoSigned
|-
|-
0x50C
0x170C
|  0x284
|  0x284
|   
|   
|-
|-
0x790
| style="background: yellow" | Encrypted Section Begin
| style="background: yellow" |
| style="background: yellow" |
|-
0x1990
|  0x10
|  0x10
|  Salt2. Random 16 bytes.
|  Salt2
|-
|-
0x7A0
0x19A0
|  0x10
|  0x10
|  Ecid
|  Ecid
|-
|-
0x7B0
0x19B0
|  0x8
|  0x8
BrBctBinding
BlDerStr
|-
|-
0x7B8
0x19B8
|  0x8
|  0x8
SbkKdfLabel
FwDerStr
|-
|-
0x7C0
0x19C0
|  0x8
|  0x8
UnknownKdfLabel0
TzDerStr
|-
|-
0x7C8
0x19C8
|  0x8
|  0x8
UnknownKdfLabel1
GpDerStr
|-
|-
0x7D0
0x19D0
|  0x8
|  0x8
FsiKdfLabel
FsiDerStr
|-
|-
0x7D8
0x19D8
|  0x4
|  0x4
|  NonGpioSelectBootChain
|  NonGpioSelectBootChain
|-
|-
0x7DC
0x19DC
|  0x4
|  0x4
|  BootLoadersUsed
|  BootLoadersUsed
|-
|-
0x7E0
0x19E0
|  0x4
|  0x4
|  SecureDebugControlNoneEcid
|  SecureDebugControlNoneEcid
|-
|-
0x7E4
0x19E4
|  0x4
|  0x4
|  SecureDebugControlEcid
|  SecureDebugControlEcid
|-
|-
0x7E8
0x19E8
|  0x4
|  0x4
|  PreprodDevSign
|  PreprodDevSign
|-
|-
0x7EC
0x19EC
|  0x4
|  0x4
|  SecProvisioningKeynumSecure
|  SecProvisioningKeynumSecure
|-
|-
0x7F0
0x19F0
|  0x4
|  0x4
|  [[#BfBlBits|BfBlBits]]
|  [[#BfBlBits|BfBlBits]]
|-
|-
0x7F4
0x19F4
|  0x20
|  0x20
|  TzTestKey
|  TzTestKey
|-
|-
0x814
0x1A14
|  0x20
|  0x20
|  FskpTestKey
|  FskpTestKey
|-
|-
0x834
0x1A34
|  0x20
|  0x20
|  PkaTestKey
|  PkaTestKey
|-
|-
0x854
0x1A54
|  0x24
|  0x24
|   
|   
|-
|-
0x878
0x1A78
|  0x01
|  0x01
|  FskpKeyAesType
|  FskpKeyAesType
|-
|-
0x879
0x1A79
|  0x01
|  0x01
|  FskpKeyHmacType
|  FskpKeyHmacType
|-
|-
0x87A
0x1A7A
|  0x01
|  0x01
|  PkaTestKeyType
|  PkaTestKeyType
|-
|-
0x87B
0x1A7B
|  0x20
|  0x20
|  SecProvisionDerivationString1
|  SecProvisionDerivationString1
|-
|-
0x89B
0x1A9B
|  0x20
|  0x20
|  SecProvisionDerivationString2
|  SecProvisionDerivationString2
|-
|-
0x8BB
0x1ABB
|  0x1
|  0x1
|   
|   
|-
|-
0x8BC
0x1ABC
|  0x4
|  0x4
|  SoftSkuOverwrite
|  SoftSkuOverwrite
|-
|-
0x8C0
0x1AC0
0x4FC
0x40
|  BrBctHash (SHA-512 hash over data from 0x170C to 0x1AC0)
|-
|  0x1B00
|  0x500
|   
|   
|-
|-
| 0xDBC
| style="background: yellow" | Encrypted Section End
| 0x44
| style="background: yellow" |
| Digest
| style="background: yellow" |
|-
| style="background: red" | Signed Section End
| style="background: red" |
| style="background: red" |
|}
|}


==== NvBctPtInfo ====
=== NvBctPtInfo ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
Line 276: Line 272:
|}
|}


==== BfBlBits ====
=== Version ===
{| class="wikitable" border="1"
|-
!  Offset
!  Size
!  Description
|-
|  0x0
|  0x1
|  VerMajor
|-
|  0x1
|  0x1
|  VerMinor
|-
|  0x2
|  0x1
|  RatchetLevel
|-
|  0x3
|  0x1
|  [[#RevokePk|RevokePk]]
|}
 
==== RevokePk ====
{| class="wikitable" border="1"
!  Bits
!  Description
|-
| 0
| RevokeH0
|-
| 1
| RevokeH1
|}
 
=== BfBlBits ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
!  Bits
!  Bits

Latest revision as of 05:47, 30 September 2025

BCT (Boot Configuration Table) is a data structure present on Tegra based devices that supplies boot time configuration parameters.

The Switch 2 can use different types of BCTs with the BRBCT (BootROM BCT) being installed into the first bytes of UFS storage's LUN0 and LUN1.

Structure

BRBCT

Offset Size Description
0x0 0x4 Magic ("BCTB")
0x4 0x40 DigestHash (SHA-512 hash over data from 0x44 to 0x2000)
0x44 0x180 PublicParams
0x1C4 0x40 CryptoHash (SHA-512 hash over data from 0x1200 to 0x2000)
0x204 0xB10 CryptoSignature (XMSS-SHA2_20_256 signature)
0xD14 0x400 CustomerInfo
0x1114 0xEC
Signed Section Begin
AAD Section Begin
0x1200 0x10 Salt1
0x1210 0x4 Magic ("BCTB")
0x1214 0x4 BctEds
0x1218 0x10
0x1228 0x4
0x122C 0xC Iv
AAD Section End
0x1238 0x10 Tag
0x1248 0xC0 (0x30 * 4) PtInfo[4]
0x1308 0x4 Version
0x130C 0x400 CustomerInfoSigned
0x170C 0x284
Encrypted Section Begin
0x1990 0x10 Salt2
0x19A0 0x10 Ecid
0x19B0 0x8 BlDerStr
0x19B8 0x8 FwDerStr
0x19C0 0x8 TzDerStr
0x19C8 0x8 GpDerStr
0x19D0 0x8 FsiDerStr
0x19D8 0x4 NonGpioSelectBootChain
0x19DC 0x4 BootLoadersUsed
0x19E0 0x4 SecureDebugControlNoneEcid
0x19E4 0x4 SecureDebugControlEcid
0x19E8 0x4 PreprodDevSign
0x19EC 0x4 SecProvisioningKeynumSecure
0x19F0 0x4 BfBlBits
0x19F4 0x20 TzTestKey
0x1A14 0x20 FskpTestKey
0x1A34 0x20 PkaTestKey
0x1A54 0x24
0x1A78 0x01 FskpKeyAesType
0x1A79 0x01 FskpKeyHmacType
0x1A7A 0x01 PkaTestKeyType
0x1A7B 0x20 SecProvisionDerivationString1
0x1A9B 0x20 SecProvisionDerivationString2
0x1ABB 0x1
0x1ABC 0x4 SoftSkuOverwrite
0x1AC0 0x40 BrBctHash (SHA-512 hash over data from 0x170C to 0x1AC0)
0x1B00 0x500
Encrypted Section End
Signed Section End

NvBctPtInfo

Offset Size Description
0x0 0x4 Mb1BctStartPage
0x4 0x4 Mb1BctStartBlock
0x8 0x4 Mb1BctVersion
0xC 0x4 Mb1BctRandom
0x10 0x4 PscBlStartPage
0x14 0x4 PscBlStartBlock
0x18 0x4 PscBlVersion
0x1C 0x4 PscBlRandom
0x20 0x4 Mb1StartPage
0x24 0x4 Mb1StartBlock
0x28 0x4 Mb1Version
0x2C 0x4 Mb1Random

Version

Offset Size Description
0x0 0x1 VerMajor
0x1 0x1 VerMinor
0x2 0x1 RatchetLevel
0x3 0x1 RevokePk

RevokePk

Bits Description
0 RevokeH0
1 RevokeH1

BfBlBits

Bits Description
0 GpioSelectBootChain
1 Mb1DebugProduction
2 Sc7RfDebugProduction
3 PscBlDebugProduction
4 PscRfDebugProduction
5 PscFwDebugProduction
6 BpmpDebugProduction
7 BpmpIstDebugProduction
8 MceDebugProduction
9 IstCcplexDebugProduction
10 IstFwDebugProduction
11 RtcRailViolationDetect
12 CustNvCcplexDfdEn
13 DebugWithTestKeys
14 DebugWithTestKeysDuringPscDebug
15 DisableBootromClockBoost
16 DisablePscromClkBoost
17 EnableScpmReset
18 SkipOemAuthDiagBoot
19 DiagBoot
20 BpmpDiagBoot
21 L0Ist
22 L1Ist
23-31
Retrieved from "https://switchbrew.org/w/index.php?title=Switch_2:_BCT&oldid=13937"