Line 11: |
Line 11: |
| * General system stability improvements to enhance the user's experience. | | * General system stability improvements to enhance the user's experience. |
| | | |
− | ==System Titles== | + | ==FIRM== |
− | <fill this in (manually) later>
| + | ====NX_BOOTLOADER==== |
| + | NX bootloader was updated, and is now stored compressed. Before executing, a small stub now uncompresses the bootloader to 0x40004000, size 0x1C000. |
| + | |
| + | [more details to be filled in later]. |
| + | |
| + | ====Secure Monitor==== |
| + | The Secure Monitor was updated: |
| + | |
| + | * BootReason is now saved before security engine/warmboot firmware setup. |
| + | * The SYSCTR0 registers are now validated to contain expected values on bootup. |
| + | * generate_srk() is now called before any other security engine key derivation is done. |
| + | * Code was added to implement new key gen inside initialize_se_derive_keys(), deriving the firmware's master kek and device key using keyslots initialized by the TSEC firmware. |
| + | * Keyslots were shuffled around, the master key is now stored inside keyslot 0xD, and the device master key is now stored inside keyslot 0xC. |
| + | * The usual code changes for adding a new master key/device master key are in place. |
| | | |
− | ''All'' titles were updated (including flog) except for EULA, all of these (besides FIRM titles) use the new keydata.
| + | There are zero changes to code outside of the coldboot .init section (pk2ldr). |
| | | |
− | ==FIRM==
| |
| ====Kernel==== | | ====Kernel==== |
| * Kernel was not updated. | | * Kernel was not updated. |
| | | |
| ====FIRM Sysmodules==== | | ====FIRM Sysmodules==== |
− | No FIRM sysmodules were updated. | + | * No FIRM sysmodules were updated. |
| | | |
| ====Warmboot==== | | ====Warmboot==== |
− | The firmware revision magic was changed from 0x87 to 0xA8. | + | * The firmware revision magic was changed from 0x87 to 0xA8. |
| + | |
| + | ==System Titles== |
| + | ''All'' titles were updated (including flog) except for EULA, to use the new keydata. |
| + | |
| + | The following sysmodules were updated with actual changes: |
| + | * bcat, friends, hid, nvservices, account |
| + | |
| + | Besides sysver titles and FIRM, the only titles' with changed RomFS are web-applets, for "/.nrr/netfront.nrr" (only RSA data was changed here). |
| + | |
| + | There seems to be no new service IPC commands. |
| + | |
| + | * bcat: The codebin was updated, but no strings were added/changed. |
| + | * account: Besides .text changes: String "libcurl (nnDauth; <hex>; SDK 6.4.0.0)" was added. The "v3-<oldhexstr>" in the dauth URLs were changed to "v4-<newhexstr>". |
| + | * nvservices: At least 2 vulnerabilities have been patched. See [[Switch_System_Flaws#System_Modules|here]]. |
| | | |
| ==See Also== | | ==See Also== |