11.0.0

From Nintendo Switch Brew
Revision as of 03:19, 9 December 2020 by Yellows8 (talk | contribs) (Web-applets)
Jump to navigation Jump to search

The Switch 11.0.0 system update was released on December 1, 2020 (UTC). This Switch update was released for the following regions: ALL, and CHN.

Security flaws fixed: <fill this in manually later, see the updatedetails page from the ninupdates-report page(s) once available for now>.

Change-log

Official ALL change-log:

  • Nintendo Switch Online was added to the HOME Menu.
  • Access all Nintendo Switch Online services, from getting the latest information to checking your membership status.
  • *This feature is not available in some countries/regions.
  • A new feature that automatically downloads backed up save data was added to the Save Data Cloud.
  • When using software with the same Nintendo Account linked to multiple systems, save data backed up from one console will automatically be downloaded to your other system(s).
  • *To use this feature, it must be enabled under System Settings > Data Management > Save Data Cloud.
  • *Save data will not be downloaded automatically unless save data for that software exists on the console. The first time only, users must download the save data manually.
  • *A Nintendo Switch Online membership is required to use the Save Data Cloud service.
  • A new Trending feature was added to the User Page.
  • Users can check what software their friends are playing or have started playing recently.
  • Information will not be displayed for friends who have their online status set to display to no one.
  • Users can now transfer screenshots and videos from Album to their smart devices.
  • Users can wirelessly connect their smart devices to Nintendo Switch to transfer the screenshots and videos saved within their Album.
  • For screenshots, users can transfer a maximum of 10 screenshots and 1 video capture at once.
  • *To connect, users must use their smart device to scan the QR Code displayed on the Nintendo Switch screen.
  • For more information, please refer to the Nintendo Support website.
  • *“QR Code” is a registered trademark of DENSO WAVE INCORPORATED.
  • A new Copy to a Computer via USB Connection feature was added under System Settings > Data Management > Manage Screenshots and Videos.
  • Users can use a USB cable to connect Nintendo Switch to their computers to copy the screenshots and videos saved under Album.
  • * A USB charging cable [model HAC-010] or a USB-IF certified USB cable that supports data transfer is required to connect to a computer.
  • For more information, please refer to the Nintendo Support website.
  • * Connection via the Nintendo Switch dock is not supported. Please connect the Nintendo Switch system directly to the computer.
  • Users can now select what download to prioritize when there are multiple downloads in progress.
  • When there are multiple software, update data, or downloadable content downloads in progress, users can now select which they want to download first.
  • You can set this under Download Options by selecting the icon for the software you want to download first on the HOME Menu.
  • User icons were added.
  • 12 user icons that commemorate the 35th anniversary of the Super Mario Bros. series were added.
  • Users can now name preset button mappings with the Change Button Mapping feature.
  • Brazilian Portuguese was added as a supported language.
  • When users set their region to the Americas and their language to Português, the language used on the HOME Menu and in certain software will be displayed in Brazilian Portuguese.
  • Several issues were fixed, and usability and stability were improved.

BootImagePackage

All files in RomFS were updated.

Secure Monitor

Secure Monitor was updated.

  • The firmware revision magic was changed from 0x1AD to 0x1CE.
  • Support was added for an additional DRAM model.

Warmboot

  • The firmware revision magic was changed from 0x1AD to 0x1CE.

Kernel

  • Kernel is now built with -Os instead of -O3
    • Many functions are no longer inlined.
  • crt0 deprivileging code now sets hypervisor EL2 registers.
  • Logic for flushing entire data cache and invalidating entire TLB during init is now a function called by JumpFromEL2ToEL1 and DisableMmuICacheAndDCache instead of being duplicated.
  • Initialize0 has had several things re-ordered/shuffled:
    • InsertDevicePhysicalMemoryBlocks is now called immediately after the KernelCode region is inserted.
    • "Needed device virtual space" is now calculated as 3 * (0x18000 + { sum of KernelAutoMap physical device regions } + GetUnknownDebugDeviceRegionSize()
    • KernelMisc region size is now util::AlignUp(std::max(needed_device_virtual_space, 32_MB), 2_MB).
    • Code for mapping the unknown debug address as UnknownDebug is no longer present.
    • Slab region is now memset to zero after the linear region is mapped instead of before.
    • Ranges are now more uniform; value in [range address / 2_MB, last_address / 2_MB] is generated and multipled by 2 MB instead of aligning down result.
  • KMemoryRegion now has a "last_address" member replacing its "size" member.
    • GetSize() now calculated as (last_address - address + 1)
  • KMemoryRegionTree::Insert now takes in last address instead of size.
    • Several callsites now verify that last_address != 0xFFFF...
  • KMemoryRegionAllocator now uses a slabheap of count 200 instead of 1000.
  • "Virtual" cores now supported, KThread now stores core ID/affinity for both virtual and physical.
  • New SVC 0x37 "GetResourceLimitPeakValue"
    • Returns the highest value that a resource limit's current has ever achieved.
    • KResourceLimit now stores an array of peak values to enable this
  • Two new kernel objects, KAlpha and KBeta (placeholder names, true object names are unknown and cannot be guessed without observing purpose).
    • KAlpha has size 0x50, KBeta has size 0x88
    • KObjectAllocators for KAlpha/KBeta receive counts 1, 6.
    • KProcess has a list of KBeta, intrusive list node is at KBeta + 0x68.
  • Four new SVCs, ID 0x39, 0x3A, 0x46, 0x47
    • These are likely for interacting with KAlpha and KBeta, but on NX they are (presumably) if-def'd to be "return svc::ResultNotImplemented()"
  • KThread had all of its members reordered and its unused members deleted
  • Most KThread waits now use KThreadWaiterListIntrusiveNode instead of KThreadQueue
  • KConditionVariable no longer uses global threads for the call to .nfind()
  • KConditionVariable now sets the cv_key u32 value in userspace to 1 when a condvar has waiters, and to 0 when it does not.
    • New nnSdk code relies on this behavior.
  • SetupStackForUserModeThreadStarter (KThreadContext::Initialize) now sets X18 to (<cryptographically random u64> | 1), this value is unique for each thread.
    • This is used for CFI changes in web browser.
  • KCoreLocalRegion deleted, replaced with pointer-to-current-thread
    • TPIDR_EL1 != X18 now, and TPIDR_EL1 now always points to the exception thread stack.
  • KSynchronization was deleted, replaced with namespaced or static-on-ksynchronization-object functions
  • KSynchronizationObject now contains a pointer to thread queue, instead of an inline list
  • KInterruptEvent no longer has an InterruptEventTask member
  • KInterruptEventTask::Reset no longer calls KInterruptManager::ClearInterrupt, instead it calls a new function which returns a result
  • KInterruptEventTask now has a KLightLock member
  • KHardwareTimer is now an interrupt task again
  • KHardwareTimer now has a new member "maximum_time", set to std::numeric_limits<s64>::value().
    • Tasks will only be added to the task list if their time is <= maximum_time, this is in addition to the >= 1 checks previously.
  • KIntrusiveRedBlackTreeNode now has common member functions instead of templated, size is now packed to 0x1C instead of 0x20.
    • All Insert/Remove/etc operations are common regardless of the type the node is intrusive in.
  • KDebugLogImpl::Initialize() now assumes uart has been configured for logging by the secure monitor, and does not perform tegra uart init sequence
  • vsprintf, KDebugString::PutString are now fully inlined inside KVPrintf.
  • KObjectContainer::Insert now returns void instead of Result
    • Code which previously did R_TRY() now just calls.
  • KPageHeapBitmapRng now has TinyMt as a data member, instead of directly implementing KPageHeap.
    • This affects how constructor is invoked.
  • New InfoType 24 ("FreeThreadCount") was added, gets the number of threads a process can allocate before exhausting its resource limit.
  • KMemoryBlock/KMemoryInfo now has extra members tracking u8 non_contig_bitflags, u16 ipc_non_contig_lock_count, u16 device_non_contig_lock_count
  • KMemoryBlockManager Update now takes non-contig flags to determine where to coalesce (all coalescing must now happen forwards instead of either direction)
  • KMemoryBlockManagerUpdateAllocator no longer has a result member, instead it has ->Initialize() which takes in a number of blocks to allocate
  • KMemoryManager::Allocate, KMemoryManager::AllocatePageGroup, KMemoryManager::AllocatePageGroupForProcess, now call KPageGroup::Open on the returned page group.
    • All callsites for these functions no longer call open after allocating.
  • KMemoryManager::Open is now KMemoryManager::OpenAdditionalReference, now checks that refcount is >= 1 instead of >= 0
  • KPageTableBase now has an additional data member "disable_device_address_space_merge"
    • KProcessPageTable::Initialize now takes in (process flags & 0x1000) as a bool argument to set this.
  • Page table Query operations now return a number of blocks required to support the above when relevant
  • KPageTable now uses 4 sw-reserved bits instead of 1
    • Former bit 0x01.... ("Is Mapped") is now bit 0x40..... (PTE bit 58)
    • PTE bit 55 "contiguous not allowed" was reworked for significantly more fine-grained control
      • PTE bit 55 is now "start of block non-contiguous", coalescing cannot occur if the first block in a coalesce has this block set.
      • PTE bit 56 is now "not-end-of-block non-contiguous", coalescing cannot occur if a block other than the last in a coalesce has this bit set
      • PTE bit 57 is now "end of block non-contiguous", coalescing cannot occur if the last block in a coalesce has this bit set
      • The old non-contiguous semantics are equivalent to 56 + 57 together.
    • These bits are now returned by KPageTableImpl::Traverse
    • Upper byte of KPageProperties is now bitflags to control management of these bits.
    • Bit 0x1 = "Set/Clear PTE Bit55"
    • Bit 0x2 = "Set PTE Bit56"
    • Bit 0x4 = "Clear PTE Bit56"
    • Bit 0x8 = "Set PTE Bit57"
    • Bit 0x10 = "Clear PTE Bit57"
    • Bit 0x20 = Force-Clear 56+57 + attempt to merge
  • KMemoryBlockManager/KPageTable now prevent coalescing of blocks which are reprotected --- (for transfer memory, ipc, ...)
  • They also do not coalesce adjacent GPU mappings that were mapped separately.
  • They removed the 0x80 "AnyLocked" bit from KMemoryAttribute
  • KMemoryBlock/KMemoryInfo now have additional u16 "device_non_coalesce_right_count".
    • Like device_non_coalesce_left_count from previous 11.x, this now prevents merging with block to the right if set.
  • KMemoryBlock::Add now takes in the memory block to the right instead of the size of the block to the right.
    • This facilitates combining flags for the newly coalesced blocks.
  • KPageTableBase::SetProcessMemoryPermission no longer sets non-coalesce bit 24.
  • KDeviceAddressSpace::Map/KDeviceAddressSpace::Unmap now call new KPageTableBase function to update non-coalesce state according to partial map state.
  • KDevicePageTable::UnmapImpl now invalidates TlbGroup in the failure case of adding to the page group.
  • KPageTableBase::MakeAndOpenContiguousPageGroup is now KPageTableBase::MakePageGroupForDeviceAddressSpace, and now prevents coalescing until call completion.
    • non_coalesce_mask 0x10 is used for this.
  • KPageTableBase::UnmapCodeMemory no longer requires the whole range have the same state.
    • It now invalidates instruction cache if any pages are code.
  • KPageTable::UnknownVirtualFunction10 now takes in more arguments: _QWORD (address probably), _QWORD (size probably), two bools, _QWORD (address2 probably), _QWORD (size2 probably), void * (probably KAlpha * or KBeta *)
    • Returns whether a comparison between address_probably and address_2_probably holds depending on flags at pointer + 0x10.
  • KMemoryState_Io now goes to the alias code region in GetRegionAddress/Size (weird, seems like incorrect behavior)
    • Also very weird: KPageTableBase::MapIo maps IO into the kernel map region, but KPageTableBase::QueryMapping panics if it is not in the alias code region.
    • This "probably" causes kernel panic if mapping IO into process with 32-bit-no-alias address space type?

FIRM Sysmodules

FIRM sysmodules were updated. Specific diffs available below: <check back for more diffs later>

System Titles

  • All titles were updated, except for the following (minus stubbed titles): SharedFont, Dictionary, UrlBlackList, LibraryAppletMiiEdit.
  • The previously stubbed 010000000000001B sysmodule was replaced with capmtp.

The following sysmodules had IPC changes: usb, settings, bcat, ptm, bsdsockets, hid, audio, wlan, account, ns, psc, am, nim, vi, pctl, glue, es, sdb, olsc, pgl, fs, loader, sm, capsrv.

NPDM changes (see Services_API for service-hosting changes):

  • All updated NPDMs now have Flags bit5 set.
  • ptm: Access to hshl:set and ins:r were added.
  • ptm/hid: Various services were re-ordered in the Service Access Control.
  • wlan now has access to csrng.
  • ldn now has access to pl:u.
  • pcv now has access to hshl:set.
  • account now has access to ectx:w.
  • ns now has access to pl:u.
  • am: Access to the following was added: arp:r, aud:a, aud:d. Access to the following was removed: audin:a, audin:d, audout:a, audout:d, audren:a, audren:d. Access to hshl:set/hshl:sys was added.
  • erpt: Access to svcGetResourceLimitLimitValue and svc 0x37 were added. Access to ectx:r was added.
  • vi: The Handle Table Size was changed from 160 to 192. Access to the following services were added: erpt:c, gpio, i2c, lm, psc:m, pwm.
  • glue now has access to hshl:sys, and access to psm was removed.
  • creport now has access to fsp-srv.
  • sdb now has access to bcat:s and pm:info.
  • migration now has access to prepo:u.
  • qlaunch now has access to capmtp.
  • LibraryAppletController now has access to ngct:u.
  • LibraryAppletPlayerSelect now has access to olsc:s.
  • LibraryAppletPhotoViewer: Access to bsd:u was replaced with bsd:s. Access to lp2p:sys was added. Access to ns:am2 was replaced with ns:ro. FS permission bit0 is now clear, MountContent* is no longer accessible.
  • LibraryAppletLoginShare now has access to ns:web.

RomFs changes:

  • CertStore was updated.
  • ErrorMessage: New errors were added / localization changes.
  • BrowserDll: The following was updated: "/browser/ErrorPageFilteringTemplate.html", "/browser/MediaControls.css", "/browser/MediaControls.js", "/browser/RootCaEtc.pem", "/browser/RootCaSdkAdditional.pem", "/buildinfo/buildinfo.dat". The following was added: "/browser/MediaControlsInline.css", "/browser/MediaControlsInline.js".
    • "/dll_0" and "/dll_1" were moved into "/nro/netfront/dll_{0/1}".
    • "/lyt/Lhub.arc" was added.
    • "/message/USpt/" was added.
  • Help:
    • "/legallines.htdocs/index.html" updated
    • "/safe.htdocs/html/USpt/" added
    • "/safe.htdocs/img/recyclenintendo.jpg" updated
    • "/safe.htdocs/js/tapaction.js" updated
  • NgWord: updated
  • AvatarImage: More icons added.
  • LocalNews: Added "/message/revision.txt" and "/message/USpt/".
  • Eula:
    • "/revision.txt" updated
    • Updated "/EUru/Eula.msbt.szs", "/JPja/Eula.msbt.szs".
    • Added "/USpt/".
  • TimeZoneBinary: TZ info updated.
  • FontNintendoExtension: "/nintendo_ext_003.bfttf" and "/nintendo_ext2_003.bfttf" were updated.
  • FirmwareDebugSettings: updated
  • FatalMessage: Updated "/pt-BR/GeneralMessage" and "/pt-BR/QuestMessage" were updated.
  • ControllerIcon: "/lyt/ColorTable" updated
  • PlatformConfigIcosa/PlatformConfigCopper/PlatformConfigHoag/PlatformConfigIcosaMariko: updated
  • ControllerFirmware: "/TouchScreenFirmwareInfo.csv" updated
  • NgWord2: updated
  • FunctionBlackList:
    • "/blacklist.dat" was replaced with "/blacklist.json".
  • NgWordT: updated
  • Applets: Various UI/graphics/sound/localization changes.
  • Web-applets: "/buildinfo/buildinfo.dat" was updated, and "/.nrr/netfront.nrr" was renamed to "/.nrr/dll.nrr".
  • LibraryAppletPhotoViewer: In addition to the above, "/http/" was added, which contains the following:
    • "index.html"
    • "js/index.js"
    • "styles/index.css"

The new Nintendo Switch Online menu (which can be launched via qlaunch) is handled by LibraryAppletLoginShare.

ldn-sysmodule

lp2p now supports using standard WPA2-PSK, which is used by #LibraryAppletPhotoViewer.

ssl-sysmodule

TLS 1.3 is now supported if the user-process enables it.

See also #OSS.

creport-sysmodule

  • creport now has access to fsp-srv, this is used to retrieve debugging information that is now attached to error reports. The following functions are called (with output/info attached to erpts):
    • GetSdCardSpeedMode
    • GetSdCardCid
    • GetSdCardUserAreaSize
    • GetSdCardProtectedAreaSize
    • GetAndClearSdCardErrorInfo
    • IsGameCardInserted
    • GetGameCardCid
    • GetGameCardErrorReportInfo
    • GetGameCardDeviceId
    • GetMmcSpeedMode
    • GetMmcCid
    • GetMmcPatrolCount
    • GetAndClearMmcErrorInfo
    • GetMmcExtendedCsd
    • GetAndClearMemoryReportInfo
    • GetAndClearFileSystemProxyErrorInfo

Web-applets

These are now compiled with compiler CFI mitigations enabled. This does not apply to non-web-applets. This uses the crc32x instruction, and x18 as a cryptographically-random u64 provided by the kernel.

This is used to add/subtract x30 starting with bit40, during functions entry/exit. The code for entry/exit is identical, except that entry does add, and exit uses subtract:

  • The low 40-bits of x30 are extracted, then multiplied with x18.
  • crc32x w17, wzr, x17 (which uses the above value)
  • Then the previously mentioned add/subtraction operation is done, with the output from the above shifted to bit40.

blr instructions no longer exist: when funcptrs are called, new functions are now called instead which handles the call. The u32 at funcptr_addr-4 must match 0xe7ffdefe, otherwise it will branch to undefined instruction 0x0000dead. Otherwise, it will jump to the funcptr_addr.

Almost all functions now have the above u32 at -4, therefore funcptr calls now have to start at the actual funcptr start. However, this doesn't apply to calls done during functions' exit: these directly br to the funcptr_addr without extra validation.

The above applies to all NSOs in ExeFs, except for LibraryAppletOfflineWeb which doesn't have it enabled. The NROs in the BrowserDll SystemData have CFI enabled for "/nro/netfront/dll_1/", however "dll_0" doesn't have it enabled (which is used by LibraryAppletOfflineWeb).

This is referred to in the build-path strings as "NX-NXFP2-a64-cfi" (nnSdkEmpty), and "NX64-cfi" (OSS).

LibraryAppletPhotoViewer

For details on the new sharing functionality in the Album applet, see here.

OSS

OSS was updated.

Besides WebKit, NSS/NSPR was updated:

  • NSPR was updated from 4.12 to 4.24.
  • #define NSSUTIL_VERSION "3.26" was changed to #define NSSUTIL_VERSION "3.49.1"

Both src_{versions} directories were updated, with the same changes:

  • "rocrt_nro.cpp" updated
  • "NX-NXFP2-a64-cfi/rocrt.AssemblyOffset.h" Addded, identical to "NX-NXFP2-a64/rocrt.AssemblyOffset.h".

See Also

System update report(s):


Nintendo Switch System Versions
1.0.0
2.0.02.1.02.2.02.3.0
3.0.03.0.13.0.2
4.0.04.0.14.1.0
5.0.05.0.15.0.25.1.0
6.0.06.0.16.1.06.2.0
7.0.07.0.1
8.0.08.0.18.1.08.1.1
9.0.09.0.19.1.09.2.0
10.0.010.0.110.0.210.0.310.0.410.1.010.1.110.2.0
11.0.011.0.1
12.0.012.0.112.0.212.0.312.1.0
13.0.013.1.013.2.013.2.1
14.0.014.1.014.1.114.1.2
15.0.015.0.1
16.0.016.0.116.0.216.0.316.1.0
17.0.017.0.1
18.0.018.0.118.1.0
19.0.019.0.1
20.0.020.0.120.1.020.1.120.1.520.2.020.3.020.4.020.5.0