BootConfig: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 5: | Line 5: | ||
= Format = | = Format = | ||
Despite having 0x4000 for storage, the actual loaded BootConfig is only 0x640 bytes, with the following format: | Despite having 0x4000 for storage, the actual loaded BootConfig is only 0x640 bytes, with the following format: | ||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
| Line 13: | Line 14: | ||
| 0x0 | | 0x0 | ||
| 0x200 | | 0x200 | ||
| Unsigned Configuration | | [[#Unsigned Configuration]] | ||
|- | |- | ||
| 0x200 | | 0x200 | ||
| Line 21: | Line 22: | ||
| 0x300 | | 0x300 | ||
| 0x100 | | 0x100 | ||
| Signed Configuration | | [[#Signed Configuration]] | ||
|- | |- | ||
| 0x400 | | 0x400 | ||
| Line 28: | Line 29: | ||
|} | |} | ||
= Unsigned Configuration = | |||
This is "nn::bconfig::BootConfig". | |||
{| class="wikitable" border="1" | |||
|- | |||
! Offset | |||
! Size | |||
! Description | |||
|- | |||
| 0x0 | |||
| 0x10 | |||
| | |||
|- | |||
| 0x10 | |||
| 0x1 | |||
| IsDebugMode (bit 1) and TakeExtabtSerrorToEl3 (bit 2) | |||
|- | |||
| 0x11 | |||
| 0x1 | |||
| [[SMC#KernelConfiguration|KernelConfiguration]] (first byte) | |||
|- | |||
| 0x12 | |||
| 0xF | |||
| | |||
|- | |||
| 0x21 | |||
| 0x1 | |||
| [[SMC#KernelConfiguration|KernelConfiguration]] (second byte) | |||
|- | |||
| 0x22 | |||
| 0x1 | |||
| | |||
|- | |||
| 0x23 | |||
| 0x1 | |||
| [[SMC#MemoryMode|MemoryMode]] | |||
|- | |||
| 0x24 | |||
| 0x1 | |||
| HasInitialTscValue | |||
|- | |||
| 0x25 | |||
| 0xB | |||
| | |||
|- | |||
| 0x30 | |||
| 0x8 | |||
| InitialTscValue | |||
|- | |||
| 0x38 | |||
| 0x1C8 | |||
| | |||
|} | |||
= Signed | = Signed Configuration = | ||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
| Line 60: | Line 114: | ||
| | | | ||
|} | |} | ||
Revision as of 19:47, 16 February 2020
Installed into the first 0x4000 sector of the eMMC storage's BCPKG2 partitions, "BootConfig" contains data used to configure TrustZone/OS behaviors.
BootConfig is normally all-zero for retail units, however TrustZone additionally sets the loaded configuration to all-zero when running on a retail unit anyway.
Format
Despite having 0x4000 for storage, the actual loaded BootConfig is only 0x640 bytes, with the following format:
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x200 | #Unsigned Configuration |
| 0x200 | 0x100 | RSA-PSS Signature |
| 0x300 | 0x100 | #Signed Configuration |
| 0x400 | 0x240 | Reserved |
Unsigned Configuration
This is "nn::bconfig::BootConfig".
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x10 | |
| 0x10 | 0x1 | IsDebugMode (bit 1) and TakeExtabtSerrorToEl3 (bit 2) |
| 0x11 | 0x1 | KernelConfiguration (first byte) |
| 0x12 | 0xF | |
| 0x21 | 0x1 | KernelConfiguration (second byte) |
| 0x22 | 0x1 | |
| 0x23 | 0x1 | MemoryMode |
| 0x24 | 0x1 | HasInitialTscValue |
| 0x25 | 0xB | |
| 0x30 | 0x8 | InitialTscValue |
| 0x38 | 0x1C8 |
Signed Configuration
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x8 | |
| 0x8 | 0x1 | Package2 Configuration. Bit 0 set means Package2 is stored unencrypted. Bit 1 set means Package2 is unsigned. |
| 0x9 | 0x7 | |
| 0x10 | 0x10 | Hardware Info. Must match the Hardware Info read from fuses, or else the loaded Signed Config will be memset to 0 even if signed. This allows Nintendo to set signed configuration on a per-unit basis. |
| 0x20 | 0x1 | DisableProgramVerification. Controls the default value for how to check NCA signatures. |
| 0x21 | 0xDF |