Difference between revisions of "6.2.0"

From Nintendo Switch Brew
Jump to navigation Jump to search
 
(6 intermediate revisions by 3 users not shown)
Line 18: Line 18:
  
 
====Secure Monitor====
 
====Secure Monitor====
The Secure Monitor was updated. [details to be filled in later].
+
The Secure Monitor was updated:
 +
 
 +
* BootReason is now saved before security engine/warmboot firmware setup.
 +
* The SYSCTR0 registers are now validated to contain expected values on bootup.
 +
* generate_srk() is now called before any other security engine key derivation is done.
 +
* Code was added to implement new key gen inside initialize_se_derive_keys(), deriving the firmware's master kek and device key using keyslots initialized by the TSEC firmware.
 +
* Keyslots were shuffled around, the master key is now stored inside keyslot 0xD, and the device master key is now stored inside keyslot 0xC.
 +
* The usual code changes for adding a new master key/device master key are in place.
 +
 
 +
There are zero changes to code outside of the coldboot .init section (pk2ldr).
  
 
====Kernel====
 
====Kernel====
Line 27: Line 36:
  
 
====Warmboot====
 
====Warmboot====
The firmware revision magic was changed from 0x87 to 0xA8.
+
* The firmware revision magic was changed from 0x87 to 0xA8.
  
 
==System Titles==
 
==System Titles==
Line 35: Line 44:
 
* bcat, friends, hid, nvservices, account
 
* bcat, friends, hid, nvservices, account
  
Besides sysver titles and FIRM, the only titles' with changed RomFS are web-applets, for "/.nrr/netfront.nrr".
+
Besides sysver titles and FIRM, the only titles' with changed RomFS are web-applets, for "/.nrr/netfront.nrr" (only RSA data was changed here).
 +
 
 +
There seems to be no new service IPC commands.
 +
 
 +
* bcat: The codebin was updated, but no strings were added/changed.
 +
* account: Besides .text changes: String "libcurl (nnDauth; <hex>; SDK 6.4.0.0)" was added. The "v3-<oldhexstr>" in the dauth URLs were changed to "v4-<newhexstr>".
 +
* nvservices: At least 2 vulnerabilities have been patched. See [[Switch_System_Flaws#System_Modules|here]].
  
 
==See Also==
 
==See Also==

Latest revision as of 22:24, 24 November 2018

The Switch 6.2.0 system update was released on November 19, 2018. This Switch update was released for the following regions: ALL.

Security flaws fixed: Yes

This update burns an additional fuse and has a fuse count of 8.

6.2.0 changes fundamental key generation, no longer using keyblobs at all (the OS will boot successfully even if both copies of keyblob are replaced with FFs in NAND).

Change-log

Official ALL change-log:

  • General system stability improvements to enhance the user's experience.

FIRM

NX_BOOTLOADER

NX bootloader was updated, and is now stored compressed. Before executing, a small stub now uncompresses the bootloader to 0x40004000, size 0x1C000.

[more details to be filled in later].

Secure Monitor

The Secure Monitor was updated:

  • BootReason is now saved before security engine/warmboot firmware setup.
  • The SYSCTR0 registers are now validated to contain expected values on bootup.
  • generate_srk() is now called before any other security engine key derivation is done.
  • Code was added to implement new key gen inside initialize_se_derive_keys(), deriving the firmware's master kek and device key using keyslots initialized by the TSEC firmware.
  • Keyslots were shuffled around, the master key is now stored inside keyslot 0xD, and the device master key is now stored inside keyslot 0xC.
  • The usual code changes for adding a new master key/device master key are in place.

There are zero changes to code outside of the coldboot .init section (pk2ldr).

Kernel

  • Kernel was not updated.

FIRM Sysmodules

  • No FIRM sysmodules were updated.

Warmboot

  • The firmware revision magic was changed from 0x87 to 0xA8.

System Titles

All titles were updated (including flog) except for EULA, to use the new keydata.

The following sysmodules were updated with actual changes:

  • bcat, friends, hid, nvservices, account

Besides sysver titles and FIRM, the only titles' with changed RomFS are web-applets, for "/.nrr/netfront.nrr" (only RSA data was changed here).

There seems to be no new service IPC commands.

  • bcat: The codebin was updated, but no strings were added/changed.
  • account: Besides .text changes: String "libcurl (nnDauth; <hex>; SDK 6.4.0.0)" was added. The "v3-<oldhexstr>" in the dauth URLs were changed to "v4-<newhexstr>".
  • nvservices: At least 2 vulnerabilities have been patched. See here.

See Also

System update report(s):


Nintendo Switch System Versions
1.0.0
2.0.02.1.02.2.02.3.0
3.0.03.0.13.0.2
4.0.04.0.14.1.0
5.0.05.0.15.0.25.1.0
6.0.06.0.16.1.06.2.0
7.0.07.0.1
8.0.08.0.18.1.08.1.1
9.0.09.0.19.1.09.2.0
10.0.010.0.110.0.210.0.310.0.410.1.010.1.110.2.0
11.0.011.0.1
12.0.012.0.112.0.212.0.312.1.0
13.0.013.1.013.2.013.2.1
14.0.014.1.014.1.114.1.2
15.0.015.0.1
16.0.016.0.116.0.216.0.316.1.0
17.0.017.0.1
18.0.018.0.118.1.0
19.0.019.0.1