WiiUBrew

Changes

Boot1 (view source)

Revision as of 23:11, 7 May 2023

27 bytes added ,  23:11, 7 May 2023
no edit summary
Line 5: Line 5:  
boot1 runs from on-die SRAM starting at address 0x0D400000 and its size must not exceed the total of 0xF800 bytes (it's size is checked by boot0).
 
boot1 runs from on-die SRAM starting at address 0x0D400000 and its size must not exceed the total of 0xF800 bytes (it's size is checked by boot0).
   −
During the boot process, boot0 loads boot1 from NAND and decrypts it using an AES key stored in the console's [[Hardware/OTP|OTP]]. Immediately after, boot0 permanently disables access to this key by clearing the appropriate value in the [[Hardware/Latte_Registers#LT_OTPPROT|LT_OTPPROT]] register.
+
During the boot process, boot0 loads boot1 from NAND and decrypts it using an AES key stored in the console's [[Hardware/OTP|OTP]]. Immediately after, boot0 permanently disables access to this key by clearing the appropriate value in the [[Hardware/Latte_Registers#LT_EFUSEPROT|LT_EFUSEPROT]] register.
    
boot1 then loads [[IOSU]] from the filesystem as an ancast image, and decrypts and verifies it, similar to what boot0 does with boot1.
 
boot1 then loads [[IOSU]] from the filesystem as an ancast image, and decrypts and verifies it, similar to what boot0 does with boot1.
Line 51: Line 51:  
   
 
   
 
  // Assert RSTB_IOPI and RSTB_IOMEM
 
  // Assert RSTB_IOPI and RSTB_IOMEM
  u32 resets_val = *(u32 *)HW_RSTB;
+
  u32 resets_val = *(u32 *)HW_RSTCTRL;
 
  resets_val &= 0xFFF7FFFF;
 
  resets_val &= 0xFFF7FFFF;
 
  resets_val |= 0x80000;
 
  resets_val |= 0x80000;
 
  resets_val &= 0xFFFBFFFF;
 
  resets_val &= 0xFFFBFFFF;
 
  resets_val |= 0x40000;
 
  resets_val |= 0x40000;
  *(u32 *)HW_RSTB= resets_val;
+
  *(u32 *)HW_RSTCTRL = resets_val;
 
   
 
   
 
  // Enable EXI
 
  // Enable EXI
  u32 aip_prot_val = *(u32 *)HW_AIP_PROT;
+
  u32 aip_prot_val = *(u32 *)HW_AIPPROT;
 
  aip_prot_val &= ~(0x01);
 
  aip_prot_val &= ~(0x01);
 
  aip_prot_val |= 0x01;
 
  aip_prot_val |= 0x01;
  *(u32 *)HW_AIP_PROT = aip_prot_val;
+
  *(u32 *)HW_AIPPROT = aip_prot_val;
    
=== check_hw ===
 
=== check_hw ===
Line 197: Line 197:  
  }
 
  }
 
   
 
   
  u32 debug_val = *(u32 *)LT_DEBUG;
+
  u32 syscfg1_val = *(u32 *)LT_SYSCFG1;
 
  u32 pflags_val = 0;
 
  u32 pflags_val = 0;
 
   
 
   
 
  // Check if the CMPT_RETSTAT0 flag is raised
 
  // Check if the CMPT_RETSTAT0 flag is raised
  if (debug_val & 0x04)
+
  if (syscfg1_val & 0x04)
 
     pflags_val = 0x100000;        // Set CMPT_RETSTAT0 power flag
 
     pflags_val = 0x100000;        // Set CMPT_RETSTAT0 power flag
 
   
 
   
 
  // Check if the CMPT_RETSTAT1 flag is raised
 
  // Check if the CMPT_RETSTAT1 flag is raised
  if (debug_val & 0x08)
+
  if (syscfg1_val & 0x08)
 
     pflags_val |= 0x80000;        // Set CMPT_RETSTAT1 power flag
 
     pflags_val |= 0x80000;        // Set CMPT_RETSTAT1 power flag
 
   
 
   
Line 919: Line 919:  
   
 
   
 
  // Lock out two additional blocks in the OTP
 
  // Lock out two additional blocks in the OTP
  u32 otpprot_val = *(u32 *)LT_OTPPROT;
+
  u32 efuseprot_val = *(u32 *)LT_EFUSEPROT;
  otpprot_val &= 0xEF7FFFFF;
+
  efuseprot_val &= 0xEF7FFFFF;
  *(u32 *)LT_OTPPROT = otpprot_val;
+
  *(u32 *)LT_EFUSEPROT = efuseprot_val;
 
   
 
   
 
  u32 onoff_val = 0;
 
  u32 onoff_val = 0;
Retrieved from "https://wiiubrew.org/wiki/Special:MobileDiff/3657"