7.0.0: Difference between revisions

From Nintendo Switch Brew
Jump to navigation Jump to search
No edit summary
PM: wow I misinterpreted this, lol.
(14 intermediate revisions by 2 users not shown)
Line 13: Line 13:
==FIRM==
==FIRM==
All files under RomFS were updated.
All files under RomFS were updated.
====Package1ldr====
Since [[6.2.0]], the following was changed (besides the usual constant changes for new fuse burnt, incremented version, etc):
* A function that returns a hardware type now returns 0xF whenever it would previously have returned a non-zero value.
** Code validating hardware type has been simplified accordingly.
* The function validating the bootloader version by parsing the BCT no longer hardcodes the BCT address as 0x40000100, and instead adds a relative offset to a BCT address specified via argument.
* The [[TSEC Firmware#SecureBoot|SecureBoot TSEC firmware]] was updated to prevent SMMU virtualization attacks.


====NX_BOOTLOADER====
====NX_BOOTLOADER====
Line 24: Line 31:
* Memory permissions for .rodata have been fixed, it is now correctly mapped R-- instead of RW-.
* Memory permissions for .rodata have been fixed, it is now correctly mapped R-- instead of RW-.
* Sealed old keys are now stored in the auxilliary data page (0x1F01FA000) instead of in .rwdata.
* Sealed old keys are now stored in the auxilliary data page (0x1F01FA000) instead of in .rwdata.
** An 0x10 block in the auxilliary page is now used for intermediate key derivation, instead of a block on the stack. This block is only memcleared once at the end, instead of after every time it is used.
* TrustZone code is now cleared from IRAM before signalling to NX_BOOTLOADER that the SecMon is awake.
* TrustZone code is now cleared from IRAM before signalling to NX_BOOTLOADER that the SecMon is awake.
* A function for getting HardwareType based on fuses now returns 0xF whenever it would previously have returned a non-zero value.
* A function for getting HardwareType based on fuses now returns 0xF whenever it would previously have returned a non-zero value.
** An 0x10 block in the auxilliary page is now used for intermediate key derivation, instead of a block on the stack. This block is only memcleared once at the end, instead of after every time it is used.
** This function is called by [[SMC|smcGetConfig]] when ConfigItem_HardwareType is passed in.
[more details to be filled in later].
* Warmboot.bin has been moved again, and is now copied from 0x4003E000 size 0x17F0 instead of 0x4003D800 size 0x1FF0
* Code configuring what peripherals to set secure-world only now assumes that the code is a retail unit.
** GetRetailType() is still called (though result is discarded), this probably means they now have compile-time switches for retail vs dev.


====Warmboot====
====Warmboot====
* The firmware revision magic was changed from 0xA8 to 0x129.
* The firmware revision magic was changed from 0xA8 to 0x129.
====FIRM Sysmodules====
All FIRM sysmodules were updated. The only FIRM sysmodules with IPC changes were [[Filesystem_services|FS]], [[Process_Manager_services|pm]], and [[NCM_services|NCM]]. Specific diffs for a few sysmodules are below:
=====[[Process Manager services|PM]]=====
Resource limit initialization was changed:
* PM now dynamically calculates the number of extra threads available in the kernel's slab heap compared to the amount it is expecting.
** A [[Process Manager services#BoostApplicationThreadResourceLimit|new command]] was added to pm:shell to make these extra threads available to applications, on retail this doubles the number of threads creatable to 0xC0.
=====[[Filesystem services|FS]]=====
* Device Address Space initialization for nn::sdmmc is now handled differently.
** Previously, the shared SDMMC device address space handle was attached to all devices during global init prior to service registration.
** Now, the handle is attached to specific devices during their relevant DeviceAccessor::Initialize() call, which only happens when the relevant device is ready for access.
* (Many other differences not yet reversed/noted here.)


==System Titles==
==System Titles==
Line 39: Line 63:
* CAction title: new directory "/table" was added. The new file "/table/431FA316E20941779452DD0EBFA05E0E/ApplicationId" contains string "0x01003a400c3da000" - "YouTube".
* CAction title: new directory "/table" was added. The new file "/table/431FA316E20941779452DD0EBFA05E0E/ApplicationId" contains string "0x01003a400c3da000" - "YouTube".
* Web-applets were updated. "/whitelist/WhitelistEc.txt" in LibAppletShop was updated: <nowiki>"^https://([0-9A-Za-z\-]+\.)*eshop\.nintendo\.net($|/)" was changed to "^https://([0-9A-Za-z\-]+\.)*nintendo\.net(/|$)"</nowiki>.
* Web-applets were updated. "/whitelist/WhitelistEc.txt" in LibAppletShop was updated: <nowiki>"^https://([0-9A-Za-z\-]+\.)*eshop\.nintendo\.net($|/)" was changed to "^https://([0-9A-Za-z\-]+\.)*nintendo\.net(/|$)"</nowiki>.
* ControllerFirmware: "/ukyosakyo_ep2_ota.bin" and the .csv were updated.
* ControllerFirmware: "/ukyosakyo_ep2_ota.bin" and FirmwareInfo.csv were updated (main firmware for JoyLeft/JoyRight).
* Titles BrowserDll and AvatarImage were updated.
* Titles BrowserDll and AvatarImage were updated.
* Both bad-word-list titles were updated.
* Both bad-word-list titles were updated.
Line 57: Line 81:
* glue-sysmodule: now has access to service srepo:u.
* glue-sysmodule: now has access to service srepo:u.
* Various applets now have access to service "banana" (which still doesn't exist on retail).
* Various applets now have access to service "banana" (which still doesn't exist on retail).
=== [[USB_services|usb-sysmodule]] ===
* New services / commands were added.
* The codebin now has .json data embedded in the codebin for [[USB_services#HidGamepad|HidGamepad]] USB-devices.
=== [[Account_services|account-sysmodule]] ===
* Various .text changes. Besides those:
* The "v4-<hexstr>" URLs were changed to "v5" URLs.
* User-agent was changed to "libcurl (nnDauth; <hex>; SDK 7.3.0.0)".


<fill this in (manually) later>
<fill this in (manually) later>

Revision as of 06:29, 3 July 2019

The Switch 7.0.0 system update was released on January 28, 2019. This Switch update was released for the following regions: ALL.

Security flaws fixed: <fill this in manually later, see the updatedetails page from the ninupdates-report page(s) once available for now>.

Change-log

Official ALL change-log:

  • Select from six new New Super Mario Bros.™ U Deluxe icons for your user
  • To edit your user icon, head to your My Page > Profile on the top left of the HOME menu
  • Added additional language support to the HOME Menu for Chinese, Korean, and Taiwanese
  • To change the language, head to the System Settings > System > Language
  • General system stability improvements to enhance the user's experience

FIRM

All files under RomFS were updated.

Package1ldr

Since 6.2.0, the following was changed (besides the usual constant changes for new fuse burnt, incremented version, etc):

  • A function that returns a hardware type now returns 0xF whenever it would previously have returned a non-zero value.
    • Code validating hardware type has been simplified accordingly.
  • The function validating the bootloader version by parsing the BCT no longer hardcodes the BCT address as 0x40000100, and instead adds a relative offset to a BCT address specified via argument.
  • The SecureBoot TSEC firmware was updated to prevent SMMU virtualization attacks.

NX_BOOTLOADER

NX bootloader was updated, and is now stored compressed. Before executing, a small stub now uncompresses the bootloader to 0x40004000, size 0x1C000.


Secure Monitor

The Secure Monitor was updated, and is now stored compressed. Before executing, a small stub now uncompresses the main TrustZone image to 0x7C010800 size 0xC800, and environment setup code to 0x40032000 size 0xC000.

  • The 0x100 region used for NX_BOOTLOADER <-> SecureMonitor communications is now 0x40000000 instead of 0x40002E00.
  • Memory permissions for .rodata have been fixed, it is now correctly mapped R-- instead of RW-.
  • Sealed old keys are now stored in the auxilliary data page (0x1F01FA000) instead of in .rwdata.
    • An 0x10 block in the auxilliary page is now used for intermediate key derivation, instead of a block on the stack. This block is only memcleared once at the end, instead of after every time it is used.
  • TrustZone code is now cleared from IRAM before signalling to NX_BOOTLOADER that the SecMon is awake.
  • A function for getting HardwareType based on fuses now returns 0xF whenever it would previously have returned a non-zero value.
    • This function is called by smcGetConfig when ConfigItem_HardwareType is passed in.
  • Warmboot.bin has been moved again, and is now copied from 0x4003E000 size 0x17F0 instead of 0x4003D800 size 0x1FF0
  • Code configuring what peripherals to set secure-world only now assumes that the code is a retail unit.
    • GetRetailType() is still called (though result is discarded), this probably means they now have compile-time switches for retail vs dev.

Warmboot

  • The firmware revision magic was changed from 0xA8 to 0x129.

FIRM Sysmodules

All FIRM sysmodules were updated. The only FIRM sysmodules with IPC changes were FS, pm, and NCM. Specific diffs for a few sysmodules are below:

PM

Resource limit initialization was changed:

  • PM now dynamically calculates the number of extra threads available in the kernel's slab heap compared to the amount it is expecting.
    • A new command was added to pm:shell to make these extra threads available to applications, on retail this doubles the number of threads creatable to 0xC0.
FS
  • Device Address Space initialization for nn::sdmmc is now handled differently.
    • Previously, the shared SDMMC device address space handle was attached to all devices during global init prior to service registration.
    • Now, the handle is attached to specific devices during their relevant DeviceAccessor::Initialize() call, which only happens when the relevant device is ready for access.
  • (Many other differences not yet reversed/noted here.)

System Titles

All titles were updated, except: "Chinese and Korean dictionaries", "European English and Japanese dictionaries", EULA, "Blacklist URL", "Dummy file", "Hoag system config", and flog.

RomFS:

  • Localization data etc was updated in applets, likewise for 8XX titles.
  • CAction title: new directory "/table" was added. The new file "/table/431FA316E20941779452DD0EBFA05E0E/ApplicationId" contains string "0x01003a400c3da000" - "YouTube".
  • Web-applets were updated. "/whitelist/WhitelistEc.txt" in LibAppletShop was updated: "^https://([0-9A-Za-z\-]+\.)*eshop\.nintendo\.net($|/)" was changed to "^https://([0-9A-Za-z\-]+\.)*nintendo\.net(/|$)".
  • ControllerFirmware: "/ukyosakyo_ep2_ota.bin" and FirmwareInfo.csv were updated (main firmware for JoyLeft/JoyRight).
  • Titles BrowserDll and AvatarImage were updated.
  • Both bad-word-list titles were updated.
  • HID-sysmodule RomFS added new file: "/ftmFwUpdate: NTD_4CD_xxxx.fts256".

NPDM:

  • New services were added.
  • bluetooth-sysmodule now has access to svcCreateSharedMemory.
  • HID-sysmodule now has access to new service usb:qdb.
  • ldn-sysmodule now has access to service psc:m.
  • account-sysmodule: now has access to service npns:s.
  • ns-sysmodule: service access to prepo:s was replaced with srepo:u. FS permissions now have bitmask 0x0000000400000000 set (CanFormatSdCard).
  • nfc-sysmodule: now has access to services: psm, i2c, and gpio.
  • am-sysmodule: now has access to services lm and nvgem:cd.
  • btm-sysmodule: now has access to service srepo:u.
  • npns-sysmodule: main thread stack size changed from 0x8000 to 0x4000. Removed service access for acc:aa and acc:u1, added access to pm:bm.
  • glue-sysmodule: now has access to service srepo:u.
  • Various applets now have access to service "banana" (which still doesn't exist on retail).

usb-sysmodule

  • New services / commands were added.
  • The codebin now has .json data embedded in the codebin for HidGamepad USB-devices.

account-sysmodule

  • Various .text changes. Besides those:
  • The "v4-<hexstr>" URLs were changed to "v5" URLs.
  • User-agent was changed to "libcurl (nnDauth; <hex>; SDK 7.3.0.0)".


<fill this in (manually) later>

See Also

System update report(s):

Nintendo Switch System Versions
1.0.0
2.0.02.1.02.2.02.3.0
3.0.03.0.13.0.2
4.0.04.0.14.1.0
5.0.05.0.15.0.25.1.0
6.0.06.0.16.1.06.2.0
7.0.07.0.1
8.0.08.0.18.1.08.1.1
9.0.09.0.19.1.09.2.0
10.0.010.0.110.0.210.0.310.0.410.1.010.1.110.2.0
11.0.011.0.1
12.0.012.0.112.0.212.0.312.1.0
13.0.013.1.013.2.013.2.1
14.0.014.1.014.1.114.1.2
15.0.015.0.1
16.0.016.0.116.0.216.0.316.1.0
17.0.017.0.1
18.0.018.0.118.1.0
19.0.019.0.1
20.0.020.0.120.1.020.1.120.1.520.2.020.3.020.4.020.5.0