Difference between revisions of "17.0.0"

From Nintendo Switch Brew
Jump to navigation Jump to search
(secmon diff)
 
(5 intermediate revisions by one other user not shown)
Line 1: Line 1:
 
The Switch 17.0.0 system update was released on October 11, 2023 (UTC). This Switch update was released for the following regions: ALL, and CHN.
 
The Switch 17.0.0 system update was released on October 11, 2023 (UTC). This Switch update was released for the following regions: ALL, and CHN.
  
Security flaws fixed: <fill this in manually later, see the updatedetails page from the ninupdates-report page(s) once available for now>.
+
Security flaws fixed: yes.
 +
 
 +
As of November 9, 2023 (UTC), this sysupdate is now required by [[Account_services|account]] CDN / [[Network|dauth]] (required by online-play).
 +
 
 +
Additionally, a rebootless Switch system update was released for 17.0.0 on November 21, 2023 (UTC). This Switch update was released for the following regions: ALL, and CHN. The following (non-sysver) titles were updated: NgWord, NgWord2.
  
 
==Change-log==
 
==Change-log==
Line 418: Line 422:
 
* KSleepManager's no longer saves and restores tcr_el1 when saving/restoring system registers.
 
* KSleepManager's no longer saves and restores tcr_el1 when saving/restoring system registers.
  
 +
=== [[NV_services|nvservices]] ===
 +
A vuln was [[Switch_System_Flaws|fixed]].
 +
 +
=== [[NS_services|ns]] ===
 +
Besides IPC changes, a vuln was [[Switch_System_Flaws|fixed]].
 +
 +
=== [[PSC_services|psc]] ===
 +
Besides IPC changes, a vuln was [[Switch_System_Flaws|fixed]].
  
 
==See Also==
 
==See Also==
 
System update report(s):
 
System update report(s):
 
* [https://yls8.mtheall.com/ninupdates/reports.php?date=2023-10-11_00-15-06&sys=hac]
 
* [https://yls8.mtheall.com/ninupdates/reports.php?date=2023-10-11_00-15-06&sys=hac]
 +
* [https://yls8.mtheall.com/ninupdates/reports.php?date=2023-11-21_00-10-36&sys=hac]
  
  

Latest revision as of 00:28, 21 November 2023

The Switch 17.0.0 system update was released on October 11, 2023 (UTC). This Switch update was released for the following regions: ALL, and CHN.

Security flaws fixed: yes.

As of November 9, 2023 (UTC), this sysupdate is now required by account CDN / dauth (required by online-play).

Additionally, a rebootless Switch system update was released for 17.0.0 on November 21, 2023 (UTC). This Switch update was released for the following regions: ALL, and CHN. The following (non-sysver) titles were updated: NgWord, NgWord2.

Change-log

Official ALL change-log:

  • General system stability improvements to enhance the user's experience.

System Titles

  • The following titles were updated:
    • Sysmodules: usb, htc.stub, boot2.ProdBoot, settings, Bus, bluetooth, bcat, friends, nifm, ptm, bsdsocket, hid, audio, LogManager.Prod, wlan, ldn, nvservices, pcv, capmtp, nvnflinger, pcie, account, ns, nfc, psc, capsrv, am, ssl, nim, btm, erpt, vi, pctl, npns, eupld, glue, eclct, es, fatal, creport, ro, sdb, grc, migration, jpegdec, safemode, olsc, ngct, jit, pgl, omm, eth, ngc.
    • SystemData (non-sysver): CertStore, ErrorMessage, MiiModel, BrowserDll, Help, NgWord, SsidList, TimeZoneBinary, FontNintendoExtension, FontStandard, FontKorean, FontChineseTraditional, FontChineseSimple, FirmwareDebugSettings, BootImagePackage, BootImagePackageSafe, BootImagePackageExFat, FatalMessage, PlatformConfigIcosa, PlatformConfigCopper, PlatformConfigHoag, ControllerFirmware, NgWord2, BootImagePackageExFatSafe, PlatformConfigIcosaMariko, ContentActionTable, NgWordT, PlatformConfigAula, AulaDockFirmware.
    • Applets: qlaunch, controller, error, playerSelect, LibAppletWeb, LibAppletShop, LibAppletOff, LibAppletLns, LibAppletAuth.

NPDM changes (besides usual version-bump):

  • nifm: Service access: added ifcfg, nettc:nd, nettc:nu, removed bsdcfg.
  • bsdsocket: Service server access: added ifcfg.
  • audio: Service access: removed set:fd.
  • wlan: Name updated: wlan -> wlan.autogen.
  • ldn: Service access: added ifcfg, removed bsdcfg.
  • pcie: Service access: added i2c.
  • account: Service access: added caps:dc.
  • ns: Service access: added hid.
  • npns: Service access: added time:u.
  • migration: Fac.FsAccessFlag updated: set bitmask 0x0000000200001000 (ImageManager, SaveDataTransferVersion2).
  • qlaunch: Service access: added htcs:sys.
  • controller: Service access: added htcs:sys.
  • error: Service access: added htcs:sys.
  • playerSelect: Service access: added htcs:sys.
  • LibAppletWeb: Service access: added htcs:sys.
  • LibAppletShop: Service access: added htcs:sys.
  • LibAppletOff: Service access: added htcs:sys.
  • LibAppletLns: Service access: added htcs:sys.
  • LibAppletAuth: Service access: added htcs:sys.

RomFs changes:

  • ErrorMessage: updated
  • BrowserDll:
    • "/buildinfo/buildinfo.dat" updated
    • "/nro/netfront/": Various data updated.
  • Help: "/legallines.htdocs/index.html" updated
  • NgWord: updated
  • SystemVersion: All files updated.
  • TimeZoneBinary: updated
  • FirmwareDebugSettings/PlatformConfigAula: All files updated.
  • NgWord2: updated
  • RebootlessSystemUpdateVersion: All files updated.
  • NgWordT: All files updated.
  • qlaunch applet:
    • "/lyt/": Various data updated.
    • "/message/": Various data updated.
  • controller applet:
    • "/lyt/": Various data updated.
    • "/message/": Various data updated.
  • error applet: "/lyt/common.szs" updated, "/lyt/Error.szs" updated, "/message/KRko/common.msbt.szs" updated, "/message/Ocean.msbp.szs" updated
  • playerSelect applet:
    • "/lyt/": Various data updated.
    • "/message/": Various data updated.
  • LibAppletWeb/LibAppletShop/LibAppletOff/LibAppletLns/LibAppletAuth: All files updated.

IPC Interface Changes

  • The following interfaces were removed:
    • nn::fgm::sf::IDebugger
  • The following interfaces were added:
    • nn::account::nas::IDeviceHistoryRequest
    • nn::hshl::IBridgeSession
  • The following interfaces were changed:
    • nn::account::IAccountEntityServiceForAccountPolicy
      • Added command 213 - inbytes: 0x4, inhandles: [1], outbytes: 0x0, outinterfaces: ['nn::account::nas::IOAuthProcedureForUserRegistration']
      • Added command 214 - inbytes: 0x14, inhandles: [1], outbytes: 0x0, outinterfaces: ['nn::account::nas::IOAuthProcedureForUserRegistration']
      • Added command 215 - inbytes: 0x14, inhandles: [1], outbytes: 0x0, outinterfaces: ['nn::account::nas::IOAuthProcedureForUserRegistration']
    • nn::account::IAccountServiceForAdministrator
      • Added command 213 - inbytes: 0x4, inhandles: [1], outbytes: 0x0, outinterfaces: ['nn::account::nas::IOAuthProcedureForUserRegistration']
      • Added command 214 - inbytes: 0x14, inhandles: [1], outbytes: 0x0, outinterfaces: ['nn::account::nas::IOAuthProcedureForUserRegistration']
      • Added command 215 - inbytes: 0x14, inhandles: [1], outbytes: 0x0, outinterfaces: ['nn::account::nas::IOAuthProcedureForUserRegistration']
    • nn::account::baas::IAdministrator
      • Added command 170 - inbytes: 0x8, inhandles: [1], outbytes: 0x0, outinterfaces: ['nn::account::nas::IDeviceHistoryRequest']
    • nn::account::baas::IManagerForSystemService
      • Added command 170 - inbytes: 0x8, inhandles: [1], outbytes: 0x0, outinterfaces: ['nn::account::nas::IDeviceHistoryRequest']
    • nn::account::nas::IOAuthProcedureForUserRegistration
      • Added command 200 - buffers: [0x9], inbytes: 0x0, outbytes: 0x0, outinterfaces: ['nn::account::detail::IAsyncContext']
      • Added command 205 - inbytes: 0x0, outbytes: 0x10
      • Added command 210 - inbytes: 0x0, outbytes: 0x1
      • Added command 220 - inbytes: 0x0, outbytes: 0x0, outinterfaces: ['nn::account::detail::IAsyncContext']
      • Added command 221 - buffers: [0x5], inbytes: 0x21, outbytes: 0x0, outinterfaces: ['nn::account::detail::IAsyncContext']
    • nn::am::service::IAppletCommonFunctions
      • Added command 300 - inbytes: 0x0, outbytes: 0x8
    • nn::am::service::ICommonStateGetter
      • Added command 600 - inbytes: 0x10, outbytes: 0x0, outinterfaces: ['nn::am::service::IStorageChannel']
      • Added command 910 - inbytes: 0x0, outbytes: 0x8
    • nn::am::service::IDebugFunctions
      • Added command 52 - inbytes: 0x4, outbytes: 0x8
    • nn::am::service::ILibraryAppletSelfAccessor
      • Added command 160 - inbytes: 0x0, outbytes: 0x8
    • nn::apm::ISystemManager
      • Added command 8 - inbytes: 0x0, outbytes: 0x4
    • nn::arp::detail::IReader
      • Changed command 2 - outbytes: 0x1 -> 0x10 (final state: inbytes: 0x8, outbytes: 0x10)
    • nn::arp::detail::IUpdater
      • Changed command 1 - inbytes: 0x10 -> 0x18 (final state: inbytes: 0x18, outbytes: 0x0)
    • nn::audio::detail::IAudioDevice
      • Added command 15 - inbytes: 0x8, outbytes: 0x0, outhandles: [1]
      • Added command 16 - inbytes: 0x8, outbytes: 0x0
      • Added command 17 - inbytes: 0x8, outbytes: 0x0, outhandles: [1]
      • Added command 18 - inbytes: 0x8, outbytes: 0x0
    • nn::audio::detail::IAudioSnoopManager
      • Removed command 1 - inbytes: 0x0, outbytes: 0x0
      • Removed command 6 - inbytes: 0x0, outbytes: 0x4
    • nn::audioctrl::detail::IAudioController
      • Added command 19 - inbytes: 0x1, outbytes: 0x0
      • Added command 20 - inbytes: 0x0, outbytes: 0x1
      • Removed command 27 - buffer_entry_sizes: [0x4], buffers: [0x5], inbytes: 0x4, outbytes: 0x0
    • nn::bsdsocket::cfg::ServerInterface
      • Added command 16 - buffers: [0x5, 0x6], inbytes: 0x8, outbytes: 0x0, pid: True
      • Added command 17 - buffers: [0x5], inbytes: 0x8, outbytes: 0x8, pid: True
      • Added command 18 - buffers: [0x5, 0x6, 0x6, 0x6], inbytes: 0x8, outbytes: 0x0, pid: True
      • Added command 19 - buffers: [0x5, 0x6], inbytes: 0x8, outbytes: 0x0, pid: True
      • Added command 20 - buffers: [0x5, 0x6], inbytes: 0x8, outbytes: 0x0, pid: True
      • Added command 21 - buffers: [0x5, 0x6], inbytes: 0x10, outbytes: 0x0, pid: True
      • Added command 22 - buffers: [0x5, 0x6, 0x5], inbytes: 0x8, outbytes: 0x0, pid: True
      • Added command 23 - buffers: [0x5], inbytes: 0x10, outbytes: 0x0, pid: True
      • Added command 50 - buffers: [0x5], inbytes: 0x10, outbytes: 0x0, pid: True
      • Added command 51 - buffers: [0x5], inbytes: 0x8, outbytes: 0x0, pid: True
      • Added command 52 - buffers: [0x5], inbytes: 0x8, outbytes: 0x0, pid: True
      • Added command 53 - buffers: [0x5], inbytes: 0x8, outbytes: 0x0, pid: True
      • Added command 54 - buffers: [0x5], inbytes: 0x10, outbytes: 0x0, pid: True
      • Added command 55 - buffers: [0x5], inbytes: 0x8, outbytes: 0x0, pid: True
      • Added command 56 - buffers: [0x5, 0x5], inbytes: 0x8, outbytes: 0x0, pid: True
      • Added command 57 - buffers: [0x5], inbytes: 0x8, outbytes: 0x0, pid: True
      • Added command 58 - buffers: [0x5], inbytes: 0x8, outbytes: 0x0, pid: True
      • Added command 100 - buffers: [0x5], inbytes: 0x10, outbytes: 0x0, pid: True
    • nn::capsrv::sf::IAlbumAccessorService
      • Added command 120 - buffer_entry_sizes: [0x20, 0x0], buffers: [0x6, 0x21], inbytes: 0x18, outbytes: 0x8
      • Added command 130 - buffers: [0x6], inbytes: 0x20, outbytes: 0x8
      • Added command 140 - inbytes: 0x0, outbytes: 0x0, outhandles: [1]
      • Added command 150 - buffer_entry_sizes: [0x400], buffers: [0x16], inbytes: 0x18, outbytes: 0x0
      • Changed command 50000 - buffers: [0x6, 0x6] -> [0x6] (final state: buffers: [0x6], inbytes: 0x18, outbytes: 0x8)
    • nn::capsrv::sf::IAlbumApplicationService
      • Added command 145 - buffer_entry_sizes: [0x20], buffers: [0x6], inbytes: 0x20, outbytes: 0x8, pid: True
      • Added command 146 - buffer_entry_sizes: [0x20], buffers: [0x6], inbytes: 0x30, outbytes: 0x8, pid: True
      • Added command 147 - buffer_entry_sizes: [0x20], buffers: [0x6], inbytes: 0x20, outbytes: 0x8, pid: True
    • nn::capsrv::sf::IDecoderControlService
      • Added command 4001 - buffers: [0x46, 0x5], inbytes: 0x28, outbytes: 0x8
    • nn::dp2hdmi::detail::IDp2hdmiController
      • Added command 9 - inbytes: 0x0, outbytes: 0x10
    • nn::erpt::sf::IContext
      • Changed command 10 - inbytes: 0x8 -> 0xC (final state: buffers: [0x5, 0x5, 0x5], inbytes: 0xC, outbytes: 0x0)
      • Added command 12 - buffers: [0x5, 0x5, 0x5], inbytes: 0xC, outbytes: 0x0
    • nn::es::IActiveRightsContext
      • Removed command 212 - inbytes: 0x0, outbytes: 0x0, outhandles: [1]
    • nn::es::IETicketService
      • Changed command 1006 - buffer_entry_sizes: [0x48, 0x10] -> [0x50, 0x10] (final state: buffer_entry_sizes: [0x50, 0x10], buffers: [0x6, 0x5], inbytes: 0x0, outbytes: 0x4)
      • Added command 1023 - buffer_entry_sizes: [0x10], buffers: [0x6], inbytes: 0x8, outbytes: 0x4
      • Added command 1024 - buffer_entry_sizes: [0x10], buffers: [0x6], inbytes: 0x10, outbytes: 0x4
      • Added command 1025 - buffer_entry_sizes: [0x10], buffers: [0x6], inbytes: 0x8, outbytes: 0x4
      • Added command 1026 - buffer_entry_sizes: [0x10, 0x0], buffers: [0x6, 0x5], inbytes: 0x8, outbytes: 0x4
      • Added command 1027 - buffer_entry_sizes: [0x10, 0x0], buffers: [0x6, 0x5], inbytes: 0x10, outbytes: 0x4
      • Removed command 2002 - inbytes: 0x0, outbytes: 0x0, outhandles: [1]
      • Removed command 2003 - inbytes: 0x0, outbytes: 0x0, outhandles: [1]
    • nn::friends::detail::ipc::IServiceCreator
      • Changed command 2 - outinterfaces: ['0x710007990C'] -> ['0x710007AF24'] (final state: inbytes: 0x0, outbytes: 0x0, outinterfaces: ['0x710007AF24'])
    • nn::fssrv::sf::IDeviceOperator
      • Added command 6 - inbytes: 0x0, outbytes: 0xC
      • Added command 117 - inbytes: 0x18, outbytes: 0x0
      • Added command 221 - buffers: [0x6], inbytes: 0x8, outbytes: 0x0
    • nn::fssrv::sf::IFileSystemProxy
      • Added command 618 - buffer_entry_sizes: [0x301], buffers: [0x19], inbytes: 0x1, outbytes: 0x8
    • nn::fssrv::sf::IFileSystemProxyForLoader
      • Changed command 0 - buffer_entry_sizes: [0x124, 0x301] -> [0x301, 0x0], buffers: [0x1A, 0x19] -> [0x19, 0x6] (final state: buffer_entry_sizes: [0x301, 0x0], buffers: [0x19, 0x6], inbytes: 0x10, outbytes: 0x0, outinterfaces: ['nn::fssrv::sf::IFileSystem'])
    • nn::fssrv::sf::ISaveDataTransferManagerForSaveDataRepair
      • Changed command 110 - buffers: [0x5] -> [0x5, 0x5], inbytes: 0x28 -> 0x18 (final state: buffers: [0x5, 0x5], inbytes: 0x18, outbytes: 0x0, outinterfaces: ['nn::fssrv::sf::ISaveDataDivisionImporter'])
    • nn::fssrv::sf::ISaveDataTransferManagerWithDivision
      • Added command 63 - buffer_entry_sizes: [0x200, 0x0], buffers: [0x19, 0x5], inbytes: 0x2, outbytes: 0x0, outinterfaces: ['nn::fssrv::sf::ISaveDataDivisionImporter']
      • Removed command 67 - buffers: [0x5], inbytes: 0x18, outbytes: 0x0, outinterfaces: ['nn::fssrv::sf::ISaveDataDivisionImporter']
    • nn::gpio::IPadSession
      • Removed command 6 - inbytes: 0x0, outbytes: 0x4
      • Removed command 7 - inbytes: 0x0, outbytes: 0x0
    • nn::grcsrv::IContinuousRecorder
      • Added command 4 - inbytes: 0x0, outbytes: 0x0
    • nn::hid::IHidDebugServer
      • Added command 217 - inbytes: 0x10, inhandles: [1], outbytes: 0x8
      • Added command 351 - inbytes: 0x0, outbytes: 0x4
      • Added command 352 - inbytes: 0x0, outbytes: 0x0
    • nn::hid::IHidServer
      • Added command 213 - inbytes: 0x20, outbytes: 0x0, pid: True
      • Added command 214 - buffer_entry_sizes: [0x4, 0x10], buffers: [0x9, 0x9], inbytes: 0x10, outbytes: 0x0
      • Added command 311 - inbytes: 0x8, outbytes: 0x0, pid: True
      • Added command 312 - inbytes: 0x8, outbytes: 0x0, pid: True
      • Added command 1004 - inbytes: 0x10, outbytes: 0x0, pid: True
    • nn::hid::IHidSystemServer
      • Added command 1320 - inbytes: 0x0, outbytes: 0x0
      • Added command 1321 - inbytes: 0x0, outbytes: 0x0
    • nn::hshl::IManager
      • Added command 9 - inbytes: 0x0, outbytes: 0x0, outinterfaces: ['nn::hshl::IBridgeSession']
      • Added command 10 - inbytes: 0x0, outbytes: 0x1
    • nn::hshl::ISetterManager
      • Added command 3 - inbytes: 0x1, outbytes: 0x0
    • nn::migration::savedata::IClient
      • Added command 304 - buffer_entry_sizes: [0x8], buffers: [0x6], inbytes: 0x4, outbytes: 0x4
    • nn::migration::savedata::IServer
      • Added command 3 - buffer_entry_sizes: [0x8], buffers: [0x6], inbytes: 0x4, outbytes: 0x4
    • nn::migration::user::IService
      • Added command 1110 - buffer_entry_sizes: [0x100, 0x8], buffers: [0x19, 0x5], inbytes: 0x18, inhandles: [1], outbytes: 0x0, outinterfaces: ['nn::migration::savedata::IServer']
    • nn::mnpp::detail::ipc::IServiceForWebBrowser
      • Added command 100 - buffers: [0x5, 0x5, 0x6], inbytes: 0x10, outbytes: 0x0
    • nn::ncm::IContentMetaDatabase
      • Added command 26 - inbytes: 0x10, outbytes: 0x1
    • nn::ncm::IContentStorage
      • Added command 30 - inbytes: 0x11, outbytes: 0x8
    • nn::ndrm::low::detail::INdrmLowAdminInterface
      • Added command 45 - inbytes: 0x8, outbytes: 0x0, outhandles: [1]
    • nn::nim::detail::INetworkInstallManager
      • Added command 142 - inbytes: 0x0, outbytes: 0x0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncResult']
      • Added command 143 - inbytes: 0x18, outbytes: 0x0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncData']
      • Added command 144 - inbytes: 0x18, outbytes: 0x0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncData']
      • Added command 3000 - inbytes: 0x10, outbytes: 0x0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncData']
      • Added command 3001 - inbytes: 0x8, outbytes: 0x0, outhandles: [1], outinterfaces: ['nn::nim::detail::IAsyncData']
    • nn::nim::detail::IShopServiceAccessServerInterface
      • Added command 5 - inbytes: 0x10, inhandles: [1], outbytes: 0x0, outinterfaces: ['nn::nim::detail::IShopServiceAccessServer'], pid: True
    • nn::npns::INpnsSystem
      • Added command 35 - buffers: [0x5], inbytes: 0x10, outbytes: 0x0
      • Added command 36 - inbytes: 0x10, outbytes: 0x0
      • Added command 40 - inbytes: 0x0, outbytes: 0x0, outhandles: [1]
      • Added command 41 - inbytes: 0x0, outbytes: 0x10
      • Added command 42 - buffers: [0x9], inbytes: 0x10, outbytes: 0x0
      • Added command 43 - inbytes: 0x18, outbytes: 0x0
      • Added command 44 - buffer_entry_sizes: [0x10], buffers: [0x9], inbytes: 0x0, outbytes: 0x0
      • Added command 50 - buffers: [0x9, 0x5], inbytes: 0x0, outbytes: 0x0
    • nn::ns::detail::IApplicationManagerInterface
      • Removed command 84 - inbytes: 0x0, outbytes: 0x0, outhandles: [1]
      • Removed command 2521 - inbytes: 0x0, outbytes: 0x0, outhandles: [1]
      • Added command 2523 - inbytes: 0x8, outbytes: 0x8
      • Added command 3100 - inbytes: 0x0, outbytes: 0x10
      • Added command 3101 - inbytes: 0x0, outbytes: 0x0, outhandles: [1], outinterfaces: ['nn::ns::detail::IAsyncResult']
      • Added command 3102 - inbytes: 0x0, outbytes: 0x0
    • nn::olsc::srv::IOlscServiceForSystemService
      • Added command 10000 - inbytes: 0x0, outbytes: 0x0, outinterfaces: ['nn::olsc::srv::IOlscServiceForSystemService']
    • nn::omm::srv::IDisplayLayerControl
      • Removed command 600 - buffer_entry_sizes: [0x4B8], buffers: [0x15], inbytes: 0x0, outbytes: 0x0
      • Added command 610 - buffer_entry_sizes: [0x4C8], buffers: [0x15], inbytes: 0x0, outbytes: 0x0
      • Added command 611 - buffer_entry_sizes: [0x4C8], buffers: [0x15], inbytes: 0x0, outbytes: 0x0
      • Added command 612 - buffer_entry_sizes: [0x4C8], buffers: [0x15], inbytes: 0x0, outbytes: 0x0
      • Added command 900 - buffers: [0x45], inbytes: 0x0, outbytes: 0x0
    • nn::pdm::detail::INotifyService
      • Changed command 0 - inbytes: 0x10 -> 0x18 (final state: inbytes: 0x18, outbytes: 0x0)
    • nn::pinmux::ISession
      • Added command 3 - inbytes: 0x1, outbytes: 0x0
      • Added command 4 - inbytes: 0x0, outbytes: 0x1
      • Added command 5 - inbytes: 0x1, outbytes: 0x0
      • Added command 6 - inbytes: 0x0, outbytes: 0x1
      • Added command 7 - inbytes: 0x4, outbytes: 0x0
      • Added command 8 - inbytes: 0x0, outbytes: 0x4
      • Added command 9 - inbytes: 0x4, outbytes: 0x0
      • Added command 10 - inbytes: 0x0, outbytes: 0x4
    • nn::pl::detail::IPlatformServiceManagerForSystem
      • Added command 107 - inbytes: 0x18, outbytes: 0x0
    • nn::psc::sf::IPmControl
      • Added command 7 - inbytes: 0xC, outbytes: 0x0
    • nn::psm::IPsmServer
      • Changed command 17 - outbytes: 0x40 -> 0x54 (final state: inbytes: 0x0, outbytes: 0x54)
    • nn::settings::ISystemSettingsServer
      • Added command 221 - inbytes: 0x0, outbytes: 0x1
      • Added command 222 - inbytes: 0x1, outbytes: 0x0
    • nn::socket::sf::IClient_MC
      • Added command 35 - buffers: [0x21, 0x22], inbytes: 0x8, outbytes: 0x8
    • nn::spsm::detail::IPowerStateInterface
      • Added command 12 - inbytes: 0x0, outbytes: 0x0
      • Added command 13 - inbytes: 0x0, outbytes: 0x0
      • Added command 14 - inbytes: 0x1, outbytes: 0x0
    • nn::ts::server::IMeasurementServer
      • Removed command 0 - inbytes: 0x1, outbytes: 0x8
      • Removed command 1 - inbytes: 0x1, outbytes: 0x4
    • nn::ts::server::ISession
      • Added command 5 - inbytes: 0x4, outbytes: 0x0
      • Added command 6 - inbytes: 0x4, outbytes: 0x0
      • Added command 7 - inbytes: 0x0, outbytes: 0x4
    • nn::uart::IManager
      • Removed command 0 - inbytes: 0x4, outbytes: 0x1
      • Removed command 1 - inbytes: 0x4, outbytes: 0x1
      • Removed command 2 - inbytes: 0x8, outbytes: 0x1
      • Removed command 3 - inbytes: 0x8, outbytes: 0x1
      • Removed command 4 - inbytes: 0x8, outbytes: 0x1
      • Removed command 5 - inbytes: 0x8, outbytes: 0x1
      • Removed command 7 - inbytes: 0x8, outbytes: 0x1
      • Removed command 8 - inbytes: 0x8, outbytes: 0x1
      • Removed command 9 - inbytes: 0x8, outbytes: 0x1
      • Removed command 10 - inbytes: 0x8, outbytes: 0x1
    • nn::wlan::detail::IPrivateWirelessCommunicationService
      • Removed command 1 - inbytes: 0x4, outbytes: 0x0
      • Changed command 19 - inbytes: 0x4 -> 0x1 (final state: inbytes: 0x1, outbytes: 0x0)
      • Removed command 20 - inbytes: 0x0, outbytes: 0x0
      • Removed command 21 - inbytes: 0x0, outbytes: 0x4
      • Removed command 22 - inbytes: 0x1, outbytes: 0x0
    • nn::wlan::detail::IWirelessCommunicationService
      • Changed command 94 - buffer_entry_sizes: [0x20] -> [0x28] (final state: buffer_entry_sizes: [0x28], buffers: [0xA], inbytes: 0x0, outbytes: 0x4)
      • Added command 200 - inbytes: 0x4, outbytes: 0x0
      • Added command 201 - inbytes: 0x0, outbytes: 0x0
      • Added command 202 - inbytes: 0x0, outbytes: 0x4
      • Added command 203 - inbytes: 0x4, outbytes: 0x0

BootImagePackages

RomFs changes: all files updated.

Using updated master-key: master_key_10 (previously master_key_0f). See NCA for the KeyGeneration listing.

INI1 changes:

  • BootImagePackage:
    • 0100000000000003 (ProcessMana): MainThreadStackSize updated: 0x1000 -> 0x3000.
    • 0100000000000005 (boot): SVC access: added CreateEvent.
  • BootImagePackageSafe:
    • 0100000000000003 (ProcessMana): MainThreadStackSize updated: 0x1000 -> 0x3000.
    • 0100000000000005 (boot): SVC access: added CreateEvent.
  • BootImagePackageExFat:
    • 0100000000000005 (boot): SVC access: added CreateEvent.
    • 0100000000000003 (ProcessMana): MainThreadStackSize updated: 0x1000 -> 0x3000.
  • BootImagePackageExFatSafe:
    • 0100000000000003 (ProcessMana): MainThreadStackSize updated: 0x1000 -> 0x3000.
    • 0100000000000005 (boot): SVC access: added CreateEvent.

The anti-downgrade fuses were updated.

Secure Monitor

  • Support for a new EsCommonKeyType was added (type = 2).
    • Previously, only 0 (TitleKey) and 1 (ArchiveKey) were supported.
    • Correspondingly, PrepareEsDeviceUniqueKeyOption's type field is now bits 6-7 instead of just bit 6.


Kernel

  • Compiler/libc changes:
    • The kernel is now linked using RELR for relocations instead of RELA (see compiler support in lld for .relr.dyn).
    • This greatly reduces the relocations segment size; it has decreased from 0x3A50 bytes in 16.0.0 to 0x90 in 17.0.0.
    • Many minor optimization changes, e.g. mul+add -> madd, madd -> smaddl/umaddl, (a + b - 1) >> 36 is now (a + b) > 0x1000000000, various reordering.
  • crt0 changes:
    • crt0 is no longer located at _start, instead _start is `b crt0` followed by 0x7FC of zeroes.
    • crt0 is now located at the start of .rodata.
      • The crt0 page is now identity-mapped R-X in .rodata instead of RWX at start-of-text.
    • Many system registers which were previously set from KInitArguments are now set using a register constants table in the crt0 .rodata segment.
      • These are ttbr0_el1, ttbr1_el1, tcr_el1, mair_el1, and sctlr_el1.
      • This table is initially zeroes, and is initialized to the correct values by KernelLdr before returning to Kernel/setting permissions.
    • Kernel Map now stores offsets relative to itself rather than relative to _start.
      • Kernel map also now stores an additional offset (to the "register constants").
    • The big idea here is to make the crt0 page no longer executable after init.
      • This mitigates the ability to execute gadgets (via ROP/etc) to set TTBR1_EL1 (and other important registers) to user-controlled values.
        • The *only* ttbr1_el1 gadget in all of kernel now sets it to the constant in .rodata, which can't be modified after KernelLdr finishes.
      • This also enables setting the WXN bit while still identity-mapped, instead of having to do it later in boot.
  • KernelLdr changes:
    • INI1 is now used in-place, if KSystemControl does not have a preferred layout.
  • Initialize0 changes:
    • Initialize0 now receives the initial process binary size from KernelLdr and stores it in a global.
      • Initialize1 forwards this to the rest of the kernel as with the address.
    • Initialize0 no longer memsets the slab region to zero before calling the ifdef'd out function for the unknown debug region.
      • This is now done by InitializeSlabHeaps().
  • All exception returns now migitate post-eret speculative execution.
    • All "eret" instructions are now "eret; dsb nsh; isb;"
  • KInitialPageAllocator::Allocate(Aligned) now memsets the pages to zero before returning them to the caller.
    • Correspondingly, KInitialPageTable no longer memsets those pages to zero after allocating them.
  • KInitialProcessReader::CreateProcessParameter now ands sizes with 0x1FFFFF000 before overflow checking.
    • This may actually just be compiler-garbage due to the types being u32-cast-to-higher-width?
  • CreateAndStartInitialProcesses changes:
    • A difference check is now an != when allocating page group.
    • Segment loading/uncompressing has now been refactored:
      • The entire page group is no longer mapped while loading the segments.
      • KInitialProcessReader::Load is now responsible; it now takes the page group as argument, clears bss (using linear map), and then calls a helper to load each segment.
        • This helper creates a page group for just the pages relevant to the segment, copies the data (using linear map), and then if compressed maps the page group, uncompresses, and unmaps.
  • KMemoryRegionType had a number of large changes:
    • A new memory type is now inserted after the SecureAppletMemory region (id is 0xC200028E).
    • Low 0x2 ID derivations changed to accommodate this.
    • As a knock-on effect(?) type IDs for pool partitions changed substantially (likely due to derivation changes elsewhere).
  • New KProcess field ("has application system resource").
    • This is set to 1 when initializing a KProcess with CreateProcessFlag_IsApplication and system_resource_num_pages == 0.
    • When this is true, svc::GetInfo() always returns 0 for InfoType_SystemResourceSizeTotal and InfoType_SystemResourceSizeUsed.
      • This also modifies the calculations for various SystemResourceSize calculations.
      • MapPhysicalMemory() and UnmapPhysicalMemory() will also now return svc::ResultInvalidState().
  • The KProcess::Initialize() overload used by initial processes now supports system_resource_num_pages != 0 (and allocates a system resource in this case).
    • NOTE: KInitialProcessReader::CreateProcessParameter still hardcodes param->system_resource_num_pages = 0 for all KIPs.
  • Changes to KPageTable(Base) around KMemoryState:
    • There is no longer a bijective mapping between svc::MemoryState and kern::KMemoryState.
    • In particular, KMemoryState_Io has been split into two memory states:
      • KMemoryState_Io(Register) no longer has bit 13 (0x2000) set (new value is 0x180001).
      • For memory mapped with SvcMapIoRegion called with svc::MemoryMapping_Memory, KMemoryState_Io(Memory) retains that bit set (value is 0x182001).
      • KPageTableBase functions dealing with Io mappings now take in MemoryState arguments, and/or MemoryMapping arguments (for the IoRegion functions).
    • KMemoryState_ThreadLocal no longer has bit 13 (0x2000) set (new value is 0x400000C).
    • KMemoryState_Kernel no longer has bit 13 (0x2000) set (new value is 0x13).
    • KMemoryState_Static no longer has bit 13 (0x2000) set (new value is 0x40002).
    • KMemoryState_Insecure now supports FlagCanQueryPhysical (new value is 0x55C3817).
    • To accommodate this, KPageTableBase::QueryMapping/Contains/GetRegionAddress/GetRegionSize now take an svc::MemoryState (u8) instead of the full KMemoryState.
      • In a (presumably) happy accident, this produces much, much better assembly for the switch statement.
    • KPageTableBase::CheckMemoryState was made ALWAYS_INLINE and now calls an impl-func which takes KMemoryBlock * as argument.
  • KPageTableBase::MapPageGroup no longer sets the io bit in page properties.
    • This is the overload used by process creation.
  • KMemoryBlockManager::UpdateIfMatch now takes set_disable_attr, clear_disable_attr.
    • KPageTableBase::MapPhysicalMemory passes true for set_disable_attr if the address is exactly the start of the alias region.
  • KPageTableBase::UnmapPhysicalMemory now passes clear_disable_attr = 1 to KMemoryManager::Update if the address is exactly the start of the alias region.
  • KProcessPageTable::Initialize no longer has an unused truncated-process-id argument.
  • Changes to KPageTable(Base) mapping for first-reference:
    • KPageTable::Operate is no longer allowed to take MapFirst as operation.
    • KPageTable::MapContiguousWithBaseAttribute no longer supports not_first argument, always calls OpenAdditionalReference.
    • KPageTable::OperateOnPageGroup is now allowed to take MapFirst as operation, and MapWithPageGroup can now call OpenFirst or OpenAdditional for page group references.
    • KPageTableBase::AllocatePageGroupAndOperate now passes MapFirst.
  • Miscellaneous page table changes:
    • KSupervisorPageTable::Initialize now checks that the WXN bit is set in sctlr_el1 instead of setting it.
    • KPageTable::Finalize now calls a second OnFinalize() stub after NoteUpdated().
  • KPageTableBase::MapStatic alignment checks were loosened/changed.
  • New KMemoryAttribute bit 0x10 ("PermissionLocked").
    • This can be set via SvcSetMemoryAttribute.
      • NOTE: Once set, this bit is irrevocable and can never be unset.
        • This is to enable relro (read only relocations).
      • This requires a new KMemoryStateFlag (bit 27) "FlagCanPermissionLock", which is set only on CodeData and AliasCodeData.
    • KPageTable::SetMemoryAttribute now calls a new KMemoryBlockManager::UpdateAttributes function specifically for updating the attributes.
    • This bit is allowed to be set when unmapped CodeMemory (as it can be set on (Alias)CodeData).
  • HandleException now uses UserspaceAccess functions to retrieve the instruction when EsrEc is Unknown, IllegalState, Bkpt, or Brk.
  • InvalidateProcessDataCache now special-cases being called on the current process, with a simpler (new) KPageTableBase function.
  • Changes around signaling/thread termination.
    • KThread::BeginTerminate no longer calls NotifyAvailable on the thread.
    • KThread::DoWorkerTask now acquires the scheduler lock and calls NotifyAvailable on the thread.
    • KThread and KProcess exit now use separate KWorkerTaskManagers (0 = Thread, 1 = Process).
      • Main() now initializes the two KWorkerTaskManagers, and now aborts if their priorities (both constant 11) are zero.
  • KSleepManager's no longer saves and restores tcr_el1 when saving/restoring system registers.

nvservices

A vuln was fixed.

ns

Besides IPC changes, a vuln was fixed.

psc

Besides IPC changes, a vuln was fixed.

See Also

System update report(s):


Nintendo Switch System Versions
1.0.0
2.0.02.1.02.2.02.3.0
3.0.03.0.13.0.2
4.0.04.0.14.1.0
5.0.05.0.15.0.25.1.0
6.0.06.0.16.1.06.2.0
7.0.07.0.1
8.0.08.0.18.1.08.1.1
9.0.09.0.19.1.09.2.0
10.0.010.0.110.0.210.0.310.0.410.1.010.1.110.2.0
11.0.011.0.1
12.0.012.0.112.0.212.0.312.1.0
13.0.013.1.013.2.013.2.1
14.0.014.1.014.1.114.1.2
15.0.015.0.1
16.0.016.0.116.0.216.0.316.1.0
17.0.017.0.1
18.0.018.0.118.1.0
19.0.019.0.1