6.2.0: Difference between revisions

(20 intermediate revisions by 5 users not shown)

Line 1:

The Switch 6.2.0 system update was released on November 19, 2018. This Switch update was released for the following regions: ALL.

Security flaws fixed: ~~<fill this in manually later~~, ~~see~~ the ~~updatedetails page from the ninupdates-report page(s~~) ~~once available for now>~~.

Security flaws fixed: Yes

This update burns an additional fuse and has a fuse count of 8.

6.2.0 changes fundamental key generation, no longer using keyblobs at all (the OS will boot successfully even if both copies of keyblob are replaced with FFs in NAND).

==Change-log==

[https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/p/897 Official] ALL change-log:

* General system stability improvements to enhance the user's experience.

==FIRM==

====NX_BOOTLOADER====

NX bootloader was updated, and is now stored compressed. Before executing, a small stub now uncompresses the bootloader to 0x40004000, size 0x1C000.

[more details to be filled in later].

====Secure Monitor====

The Secure Monitor was updated:

* BootReason is now saved before security engine/warmboot firmware setup.

* The SYSCTR0 registers are now validated to contain expected values on bootup.

* generate_srk() is now called before any other security engine key derivation is done.

* Code was added to implement new key gen inside initialize_se_derive_keys(), deriving the firmware's master kek and device key using keyslots initialized by the TSEC firmware.

* Keyslots were shuffled around, the master key is now stored inside keyslot 0xD, and the device master key is now stored inside keyslot 0xC.

* The usual code changes for adding a new master key/device master key are in place.

There are zero changes to code outside of the coldboot .init section (pk2ldr).

====Kernel====

* Kernel was not updated.

====FIRM Sysmodules====

* No FIRM sysmodules were updated.

====Warmboot====

* The firmware revision magic was changed from 0x87 to 0xA8.

==System Titles==

<~~fill this~~ in ~~(manually) later~~>

''All'' titles were updated (including flog) except for EULA, to use the new keydata.

The following sysmodules were updated with actual changes:

* bcat, friends, hid, nvservices, account

Besides sysver titles and FIRM, the only titles' with changed RomFS are web-applets, for "/.nrr/netfront.nrr" (only RSA data was changed here).

There seems to be no new service IPC commands.

* bcat: The codebin was updated, but no strings were added/changed.

* account: Besides .text changes: String "libcurl (nnDauth; <hex>; SDK 6.4.0.0)" was added. The "v3-<oldhexstr>" in the dauth URLs were changed to "v4-<newhexstr>".

* nvservices: At least 2 vulnerabilities have been patched. See [[Switch_System_Flaws#System_Modules|here]].

==See Also==

@@ Line 1: / Line 1: @@
 The Switch 6.2.0 system update was released on November 19, 2018. This Switch update was released for the following regions: ALL.
-Security flaws fixed: <fill this in manually later, see the updatedetails page from the ninupdates-report page(s) once available for now>.
+Security flaws fixed: Yes
+This update burns an additional fuse and has a fuse count of 8.
+.2.0 changes fundamental key generation, no longer using keyblobs at all (the OS will boot successfully even if both copies of keyblob are replaced with FFs in NAND).
 ==Change-log==
 [https://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/p/897 Official] ALL change-log:
 * 	General system stability improvements to enhance the user's experience.
+==FIRM==
+====NX_BOOTLOADER====
+NX bootloader was updated, and is now stored compressed. Before executing, a small stub now uncompresses the bootloader to 0x40004000, size 0x1C000.
+[more details to be filled in later].
+====Secure Monitor====
+The Secure Monitor was updated:
+* BootReason is now saved before security engine/warmboot firmware setup.
+* The SYSCTR0 registers are now validated to contain expected values on bootup.
+* generate_srk() is now called before any other security engine key derivation is done.
+* Code was added to implement new key gen inside initialize_se_derive_keys(), deriving the firmware's master kek and device key using keyslots initialized by the TSEC firmware.
+* Keyslots were shuffled around, the master key is now stored inside keyslot 0xD, and the device master key is now stored inside keyslot 0xC.
+* The usual code changes for adding a new master key/device master key are in place.
+There are zero changes to code outside of the coldboot .init section (pk2ldr).
+====Kernel====
+* Kernel was not updated.
+====FIRM Sysmodules====
+* No FIRM sysmodules were updated.
+====Warmboot====
+* The firmware revision magic was changed from 0x87 to 0xA8.
 ==System Titles==
-<fill this in (manually) later>
+''All'' titles were updated (including flog) except for EULA, to use the new keydata.
+The following sysmodules were updated with actual changes:
+* bcat, friends, hid, nvservices, account
+Besides sysver titles and FIRM, the only titles' with changed RomFS are web-applets, for "/.nrr/netfront.nrr" (only RSA data was changed here).
+There seems to be no new service IPC commands.
+* bcat: The codebin was updated, but no strings were added/changed.
+* account: Besides .text changes: String "libcurl (nnDauth; <hex>; SDK 6.4.0.0)" was added. The "v3-<oldhexstr>" in the dauth URLs were changed to "v4-<newhexstr>".
+* nvservices: At least 2 vulnerabilities have been patched. See [[Switch_System_Flaws#System_Modules|here]].
 ==See Also==