Stage2: Difference between revisions

Line 10:

00000230 00 6e 02 00 88 75 02 00 00 80 7b 03 00 76 02 00 |.n...u....{..v..|

00000240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|

There's two header sectors [[NAND|following]] this, however stage1 ignores these.

This is describing two chunks of the stage2 loader: the ARM9-binary 0x26410 bytes in length at address 0x800, and the ARM7-binary 0x27588 bytes at address 0x26e00.

Line 122:

Line 124:

| 6

| 0x40

| When booting from ~~NWRAM~~, use an 8 MHz SPI clock. If 0, use a 4 MHz SPI clock. Not used for non-NVRAM boots.

| When booting from NVRAM, use an 8 MHz SPI clock. If 0, use a 4 MHz SPI clock. Not used for non-NVRAM boots.

|-

| 7

Line 143:

Line 145:

| 0x10

| 0x14

| SHA1 hash, calculated over the first 0x28-bytes of [[~~NAND~~]], then the first 0x100-bytes of the header, then the last 0x80-bytes of the header (following the signature). ~~This works with both the~~ bootloader contained in TWL_FIRM, ~~and~~ the ~~real DSi ARM9 boot ROM~~.

| SHA1 hash, calculated over the first 0x28-bytes of [[NVRAM]], then the first 0x100-bytes of the header, then the last 0x80-bytes of the header (following the signature). The bootloader contained in TWL_FIRM uses the first 0x28-bytes from NAND. For non-NAND boot mediums, this hash is calculated the same except there's no 0x28-byte block.

|-

| 0x24

Line 155:

Line 157:

| 0x4C

| 0x14

| Unknown, not used by 3DS TWL_FIRM ~~nor DSi bootrom~~. Normally all-zero.

| Unknown, not used by 3DS TWL_FIRM. Normally all-zero. Copied to 0x01FFC880 by ARM9 [[Stage1]].

|-

| 0x60

| 0x14

| SHA1 of all previous fields in the RSA ~~messasge~~, used to prevent RSA signature forgery. Not used by 3DS TWL_FIRM(?).

| SHA1 of all previous fields in the RSA message, used to prevent RSA signature forgery. Not used by 3DS TWL_FIRM(?).

|}

@@ Line 10: / Line 10: @@
   00000230  00 6e 02 00 88 75 02 00  00 80 7b 03 00 76 02 00  |.n...u....{..v..|
   00000240  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+There's two header sectors [[NAND|following]] this, however stage1 ignores these.
 This is describing two chunks of the stage2 loader: the ARM9-binary 0x26410 bytes in length at address 0x800, and the ARM7-binary 0x27588 bytes at address 0x26e00.
@@ Line 122: / Line 124: @@
 | 6
 | 0x40
-| When booting from NWRAM, use an 8 MHz SPI clock. If 0, use a 4 MHz SPI clock. Not used for non-NVRAM boots.
+| When booting from NVRAM, use an 8 MHz SPI clock. If 0, use a 4 MHz SPI clock. Not used for non-NVRAM boots.
 |-
 | 7
@@ Line 143: / Line 145: @@
 | 0x10
 | 0x14
-| SHA1 hash, calculated over the first 0x28-bytes of [[NAND]], then the first 0x100-bytes of the header, then the last 0x80-bytes of the header (following the signature). This works with both the bootloader contained in TWL_FIRM, and the real DSi ARM9 boot ROM.
+| SHA1 hash, calculated over the first 0x28-bytes of [[NVRAM]], then the first 0x100-bytes of the header, then the last 0x80-bytes of the header (following the signature). The bootloader contained in TWL_FIRM uses the first 0x28-bytes from NAND. For non-NAND boot mediums, this hash is calculated the same except there's no 0x28-byte block.
 |-
 | 0x24
@@ Line 155: / Line 157: @@
 | 0x4C
 | 0x14
-| Unknown, not used by 3DS TWL_FIRM nor DSi bootrom. Normally all-zero.
+| Unknown, not used by 3DS TWL_FIRM. Normally all-zero. Copied to 0x01FFC880 by ARM9 [[Stage1]].
 |-
 | 0x60
 | 0x14
-| SHA1 of all previous fields in the RSA messasge, used to prevent RSA signature forgery. Not used by 3DS TWL_FIRM(?).
+| SHA1 of all previous fields in the RSA message, used to prevent RSA signature forgery. Not used by 3DS TWL_FIRM(?).
 |}