2.0.0: Difference between revisions
| (11 intermediate revisions by 6 users not shown) | |||
| Line 35: | Line 35: | ||
** 0100000000000805(CHN/KOR dictionary), 0100000000000808("European, English and Japanese dictionaries"), 010000000000080A(Chara?), and 010000000000080C(EULA). | ** 0100000000000805(CHN/KOR dictionary), 0100000000000808("European, English and Japanese dictionaries"), 010000000000080A(Chara?), and 010000000000080C(EULA). | ||
* The following 01000000000008XX titles were added: | * The following 01000000000008XX titles were added: | ||
** 0100000000000800(SSL trusted certs), 0100000000000807(Hotspot List), 010000000000081E(Dummy file), 010000000000081F(Icosa system config), 0100000000000820(Copper system config), 0100000000000821(Hoag system config) | ** 0100000000000800(SSL trusted certs), 0100000000000807(Hotspot List), 010000000000081E(Dummy file), 010000000000081F(Icosa system config), 0100000000000820(Copper system config), 0100000000000821(Hoag system config) | ||
* | * 010000000000081B ("exFAT FIRM") package2 is no longer "stubbed"/overwritten with garbage. | ||
===FIRM=== | |||
====Package1==== | |||
The encrypted binaries' order and calculation for next stage's entrypoint was changed. | |||
Old layout (before 2.0.0): | |||
1.- PK11 header | |||
2.- Secure Monitor blob | |||
3.- NX bootloader blob | |||
4.- Warmboot blob | |||
NX bootloader entrypoint is calculated as: | |||
0x40013FE0 + 0x20 + 0x20 + NX bootloader blob's offset + Secure Monitor blob's size | |||
New layout (2.0.0+): | |||
1.- PK11 header | |||
2.- Warmboot blob | |||
3.- NX bootloader blob | |||
4.- Secure Monitor blob | |||
NX bootloader entrypoint is calculated as: | |||
0x40013FE0 + 0x20 + 0x20 + NX bootloader blob's offset + Warmboot blob's size | |||
Some AES-ECB decryption related code was refactored. | |||
==Kernel== | ==Kernel== | ||
* KPoolManager was majorly rewritten. | * KPoolManager was majorly rewritten. | ||
** Added MAC crypto on heap-chunk headers, to protect against DMA attacks (same as 3DS). | ** Added MAC crypto on heap-chunk headers, to protect against DMA attacks (same as 3DS). | ||
| Line 50: | Line 73: | ||
* KAddressSpace was renamed to KDeviceAddressSpace. | * KAddressSpace was renamed to KDeviceAddressSpace. | ||
* KSharedMemory now | * KSharedMemory now maintains a list of every map (each 0x20-byte entry). | ||
** To do cleanup of mapped shared memories when a process is killed. | |||
** | |||
* KSharedMemory no longer references the owning KProcess. | * KSharedMemory no longer references the owning KProcess. | ||
| Line 60: | Line 82: | ||
** Creation doesn't use KIrqSingleton directly anymore. | ** Creation doesn't use KIrqSingleton directly anymore. | ||
** Instead it allocates a 0x20-byte entry, and then uses KIrqSingleton. | ** Instead it allocates a 0x20-byte entry, and then uses KIrqSingleton. | ||
** | ** Probably to do better cleanup. | ||
* Size-checks >= 0x180000000 was added to a bunch of syscalls. | * Size-checks >= 0x180000000 was added to a bunch of syscalls. | ||
| Line 79: | Line 101: | ||
* On startup, kernel now calls SMC id1 0xC3000007 with the kernel memory range start and size. | * On startup, kernel now calls SMC id1 0xC3000007 with the kernel memory range start and size. | ||
* | * AArch64 exception vector for "SError interrupt" was implemented. | ||
* Kernel stacks are now allocated with a slabheap. | |||
* KHeapArrange was changed. On 1.0.0 it held address/size for three pools ("base", "application", "system") and application/system were zero-sized/unused. Now it holds "pool management", "secure", "non-secure". Pool management and secure are now protected by the kernel carveout. | |||
** Secure pool size is dynamically calculated as size of all kips (including stacks) + 24 MB (FS sysmodule heap) + 1 MB (spare pages for e.g. IPC buffer usage). | |||
** If only one KIP is present, all memory goes to secure pool and non-secure pool does not exist. | |||
{{NavboxVersions}} | {{NavboxVersions}} | ||