Difference between revisions of "BootConfig"
Jump to navigation
Jump to search
| Line 4: | Line 4: | ||
= Format = | = Format = | ||
| − | Despite having 0x4000 for storage, the actual loaded BootConfig is only | + | Despite having 0x4000 for storage, the actual loaded BootConfig is only 0x400 bytes, with the following format: |
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
| Line 23: | Line 23: | ||
| 0x100 | | 0x100 | ||
| [[#Signed Configuration]] | | [[#Signed Configuration]] | ||
| − | |||
| − | |||
| − | |||
| − | |||
|} | |} | ||
| Line 39: | Line 35: | ||
|- | |- | ||
| 0x0 | | 0x0 | ||
| − | | | + | | 0x4 |
| − | | | + | | Version (yyMMddHHmm in uint32) |
| + | |- | ||
| + | | 0x4 | ||
| + | | 0xC | ||
| + | | Reserved | ||
|- | |- | ||
| 0x10 | | 0x10 | ||
| Line 52: | Line 52: | ||
| 0x12 | | 0x12 | ||
| 0xF | | 0xF | ||
| − | | | + | | Reserved |
|- | |- | ||
| 0x21 | | 0x21 | ||
| Line 60: | Line 60: | ||
| 0x22 | | 0x22 | ||
| 0x1 | | 0x1 | ||
| − | | | + | | Reserved |
|- | |- | ||
| 0x23 | | 0x23 | ||
| Line 72: | Line 72: | ||
| 0x25 | | 0x25 | ||
| 0xB | | 0xB | ||
| − | | | + | | Reserved |
|- | |- | ||
| 0x30 | | 0x30 | ||
| Line 80: | Line 80: | ||
| 0x38 | | 0x38 | ||
| 0x1C8 | | 0x1C8 | ||
| − | | | + | | Reserved |
|} | |} | ||
| Line 92: | Line 92: | ||
| 0x0 | | 0x0 | ||
| 0x8 | | 0x8 | ||
| − | | | + | | Version |
|- | |- | ||
| 0x8 | | 0x8 | ||
| 0x1 | | 0x1 | ||
| − | | | + | | IsPackage2Plaintext (bit 0) and IsPackage2Unsigned (bit 1) |
|- | |- | ||
| 0x9 | | 0x9 | ||
| 0x7 | | 0x7 | ||
| − | | | + | | Reserved |
|- | |- | ||
| 0x10 | | 0x10 | ||
| 0x10 | | 0x10 | ||
| − | | | + | | HardwareInfo (must match the HardwareInfo read from fuses, or else the loaded Signed Config will be memset to 0 even if signed; this allows Nintendo to set signed configuration on a per-unit basis) |
|- | |- | ||
| 0x20 | | 0x20 | ||
| 0x1 | | 0x1 | ||
| − | | [[Filesystem_services#SetEnabledProgramVerification|DisableProgramVerification]] | + | | [[Filesystem_services#SetEnabledProgramVerification|DisableProgramVerification]] (controls the default value for how to check NCA signatures) |
|- | |- | ||
| 0x21 | | 0x21 | ||
| 0xDF | | 0xDF | ||
| − | | | + | | Reserved |
|} | |} | ||
Latest revision as of 20:56, 4 January 2022
Installed into the first 0x4000 sector of the eMMC storage's BCPKG2 partitions, "BootConfig" contains data used to configure TrustZone/OS behaviors.
BootConfig is normally all-zero for retail units, however TrustZone additionally sets the loaded configuration to all-zero when running on a retail unit anyway.
Format
Despite having 0x4000 for storage, the actual loaded BootConfig is only 0x400 bytes, with the following format:
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x200 | #Unsigned Configuration |
| 0x200 | 0x100 | RSA-PSS Signature |
| 0x300 | 0x100 | #Signed Configuration |
Unsigned Configuration
This is "nn::bconfig::BootConfig".
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x4 | Version (yyMMddHHmm in uint32) |
| 0x4 | 0xC | Reserved |
| 0x10 | 0x1 | IsDebugMode (bit 1) and TakeExtabtSerrorToEl3 (bit 2) |
| 0x11 | 0x1 | KernelConfiguration (first byte) |
| 0x12 | 0xF | Reserved |
| 0x21 | 0x1 | KernelConfiguration (second byte) |
| 0x22 | 0x1 | Reserved |
| 0x23 | 0x1 | MemoryMode |
| 0x24 | 0x1 | HasInitialTscValue |
| 0x25 | 0xB | Reserved |
| 0x30 | 0x8 | InitialTscValue |
| 0x38 | 0x1C8 | Reserved |
Signed Configuration
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x8 | Version |
| 0x8 | 0x1 | IsPackage2Plaintext (bit 0) and IsPackage2Unsigned (bit 1) |
| 0x9 | 0x7 | Reserved |
| 0x10 | 0x10 | HardwareInfo (must match the HardwareInfo read from fuses, or else the loaded Signed Config will be memset to 0 even if signed; this allows Nintendo to set signed configuration on a per-unit basis) |
| 0x20 | 0x1 | DisableProgramVerification (controls the default value for how to check NCA signatures) |
| 0x21 | 0xDF | Reserved |