BootConfig: Difference between revisions

From Nintendo Switch Brew
Jump to navigation Jump to search
.
 
No edit summary
 
(4 intermediate revisions by 2 users not shown)
Line 4: Line 4:


= Format =
= Format =
Despite having 0x4000 for storage, the actual loaded BootConfig is only 0x640 bytes, with the following format:
Despite having 0x4000 for storage, the actual loaded BootConfig is only 0x400 bytes, with the following format:
 
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
Line 13: Line 14:
| 0x0
| 0x0
| 0x200
| 0x200
| Unsigned Configuration
| [[#Unsigned Configuration]]
|-
|-
| 0x200
| 0x200
Line 21: Line 22:
| 0x300
| 0x300
| 0x100
| 0x100
| Signed Configuration
| [[#Signed Configuration]]
|}
 
= Unsigned Configuration =
This is "nn::bconfig::BootConfig".
 
{| class="wikitable" border="1"
|-
! Offset
! Size
! Description
|-
| 0x0
| 0x4
| Version (yyMMddHHmm in uint32)
|-
| 0x4
| 0xC
| Reserved
|-
| 0x10
| 0x1
| [[SMC#IsDebugMode|IsDebugMode]] (bit 1) and TakeExtabtSerrorToEl3 (bit 2)
|-
| 0x11
| 0x1
| [[SMC#KernelConfiguration|KernelConfiguration]] (first byte)
|-
| 0x12
| 0xF
| Reserved
|-
| 0x21
| 0x1
| [[SMC#KernelConfiguration|KernelConfiguration]] (second byte)
|-
| 0x22
| 0x1
| Reserved
|-
| 0x23
| 0x1
| [[SMC#MemoryMode|MemoryMode]]
|-
| 0x24
| 0x1
| HasInitialTscValue
|-
| 0x25
| 0xB
| Reserved
|-
| 0x30
| 0x8
| InitialTscValue
|-
| 0x38
| 0x1C8
| Reserved
|}
 
= Signed Configuration =
{| class="wikitable" border="1"
|-
! Offset
! Size
! Description
|-
| 0x0
| 0x8
| Version
|-
| 0x8
| 0x1
| IsPackage2Plaintext (bit 0) and IsPackage2Unsigned (bit 1)
|-
| 0x9
| 0x7
| Reserved
|-
| 0x10
| 0x10
| HardwareInfo (must match the HardwareInfo read from fuses, or else the loaded Signed Config will be memset to 0 even if signed; this allows Nintendo to set signed configuration on a per-unit basis)
|-
| 0x20
| 0x1
| [[Filesystem_services#SetEnabledProgramVerification|DisableProgramVerification]] (controls the default value for how to check NCA signatures)
|-
|-
| 0x400
| 0x21
| 0x240
| 0xDF
| Reserved
| Reserved
|}
|}

Latest revision as of 22:56, 4 January 2022

Installed into the first 0x4000 sector of the eMMC storage's BCPKG2 partitions, "BootConfig" contains data used to configure TrustZone/OS behaviors.

BootConfig is normally all-zero for retail units, however TrustZone additionally sets the loaded configuration to all-zero when running on a retail unit anyway.

Format

Despite having 0x4000 for storage, the actual loaded BootConfig is only 0x400 bytes, with the following format:

Offset Size Description
0x0 0x200 #Unsigned Configuration
0x200 0x100 RSA-PSS Signature
0x300 0x100 #Signed Configuration

Unsigned Configuration

This is "nn::bconfig::BootConfig".

Offset Size Description
0x0 0x4 Version (yyMMddHHmm in uint32)
0x4 0xC Reserved
0x10 0x1 IsDebugMode (bit 1) and TakeExtabtSerrorToEl3 (bit 2)
0x11 0x1 KernelConfiguration (first byte)
0x12 0xF Reserved
0x21 0x1 KernelConfiguration (second byte)
0x22 0x1 Reserved
0x23 0x1 MemoryMode
0x24 0x1 HasInitialTscValue
0x25 0xB Reserved
0x30 0x8 InitialTscValue
0x38 0x1C8 Reserved

Signed Configuration

Offset Size Description
0x0 0x8 Version
0x8 0x1 IsPackage2Plaintext (bit 0) and IsPackage2Unsigned (bit 1)
0x9 0x7 Reserved
0x10 0x10 HardwareInfo (must match the HardwareInfo read from fuses, or else the loaded Signed Config will be memset to 0 even if signed; this allows Nintendo to set signed configuration on a per-unit basis)
0x20 0x1 DisableProgramVerification (controls the default value for how to check NCA signatures)
0x21 0xDF Reserved
Retrieved from "https://switchbrew.org/w/index.php?title=BootConfig&oldid=11408"