Difference between revisions of "BootConfig"
Jump to navigation
Jump to search
| Line 5: | Line 5: | ||
= Format = | = Format = | ||
Despite having 0x4000 for storage, the actual loaded BootConfig is only 0x640 bytes, with the following format: | Despite having 0x4000 for storage, the actual loaded BootConfig is only 0x640 bytes, with the following format: | ||
| + | |||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
| Line 13: | Line 14: | ||
| 0x0 | | 0x0 | ||
| 0x200 | | 0x200 | ||
| − | | Unsigned Configuration | + | | [[#Unsigned Configuration]] |
|- | |- | ||
| 0x200 | | 0x200 | ||
| Line 21: | Line 22: | ||
| 0x300 | | 0x300 | ||
| 0x100 | | 0x100 | ||
| − | | Signed Configuration | + | | [[#Signed Configuration]] |
|- | |- | ||
| 0x400 | | 0x400 | ||
| Line 28: | Line 29: | ||
|} | |} | ||
| + | = Unsigned Configuration = | ||
| + | This is "nn::bconfig::BootConfig". | ||
| + | |||
| + | {| class="wikitable" border="1" | ||
| + | |- | ||
| + | ! Offset | ||
| + | ! Size | ||
| + | ! Description | ||
| + | |- | ||
| + | | 0x0 | ||
| + | | 0x10 | ||
| + | | | ||
| + | |- | ||
| + | | 0x10 | ||
| + | | 0x1 | ||
| + | | IsDebugMode (bit 1) and TakeExtabtSerrorToEl3 (bit 2) | ||
| + | |- | ||
| + | | 0x11 | ||
| + | | 0x1 | ||
| + | | [[SMC#KernelConfiguration|KernelConfiguration]] (first byte) | ||
| + | |- | ||
| + | | 0x12 | ||
| + | | 0xF | ||
| + | | | ||
| + | |- | ||
| + | | 0x21 | ||
| + | | 0x1 | ||
| + | | [[SMC#KernelConfiguration|KernelConfiguration]] (second byte) | ||
| + | |- | ||
| + | | 0x22 | ||
| + | | 0x1 | ||
| + | | | ||
| + | |- | ||
| + | | 0x23 | ||
| + | | 0x1 | ||
| + | | [[SMC#MemoryMode|MemoryMode]] | ||
| + | |- | ||
| + | | 0x24 | ||
| + | | 0x1 | ||
| + | | HasInitialTscValue | ||
| + | |- | ||
| + | | 0x25 | ||
| + | | 0xB | ||
| + | | | ||
| + | |- | ||
| + | | 0x30 | ||
| + | | 0x8 | ||
| + | | InitialTscValue | ||
| + | |- | ||
| + | | 0x38 | ||
| + | | 0x1C8 | ||
| + | | | ||
| + | |} | ||
| − | = Signed | + | = Signed Configuration = |
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
| Line 60: | Line 114: | ||
| | | | ||
|} | |} | ||
| − | |||
| − | |||
Revision as of 18:47, 16 February 2020
Installed into the first 0x4000 sector of the eMMC storage's BCPKG2 partitions, "BootConfig" contains data used to configure TrustZone/OS behaviors.
BootConfig is normally all-zero for retail units, however TrustZone additionally sets the loaded configuration to all-zero when running on a retail unit anyway.
Format
Despite having 0x4000 for storage, the actual loaded BootConfig is only 0x640 bytes, with the following format:
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x200 | #Unsigned Configuration |
| 0x200 | 0x100 | RSA-PSS Signature |
| 0x300 | 0x100 | #Signed Configuration |
| 0x400 | 0x240 | Reserved |
Unsigned Configuration
This is "nn::bconfig::BootConfig".
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x10 | |
| 0x10 | 0x1 | IsDebugMode (bit 1) and TakeExtabtSerrorToEl3 (bit 2) |
| 0x11 | 0x1 | KernelConfiguration (first byte) |
| 0x12 | 0xF | |
| 0x21 | 0x1 | KernelConfiguration (second byte) |
| 0x22 | 0x1 | |
| 0x23 | 0x1 | MemoryMode |
| 0x24 | 0x1 | HasInitialTscValue |
| 0x25 | 0xB | |
| 0x30 | 0x8 | InitialTscValue |
| 0x38 | 0x1C8 |
Signed Configuration
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x8 | |
| 0x8 | 0x1 | Package2 Configuration. Bit 0 set means Package2 is stored unencrypted. Bit 1 set means Package2 is unsigned. |
| 0x9 | 0x7 | |
| 0x10 | 0x10 | Hardware Info. Must match the Hardware Info read from fuses, or else the loaded Signed Config will be memset to 0 even if signed. This allows Nintendo to set signed configuration on a per-unit basis. |
| 0x20 | 0x1 | DisableProgramVerification. Controls the default value for how to check NCA signatures. |
| 0x21 | 0xDF |