75
edits
Changes
mLine 16:
Line 16: − + Line 28:
Line 28: − + − + Line 44:
Line 44: − +
formatting and spelling fixes
# The RSA signature of the stage2 header is verified, and the first two SHA1 hashes (of the rest of the stage2 header, and the hash of the RSA message itself) are verified.
# The RSA signature of the stage2 header is verified, and the first two SHA1 hashes (of the rest of the stage2 header, and the hash of the RSA message itself) are verified.
# On failure, goto 10.
# On failure, goto 10.
# On success, the ARM9 instructs the ARM7 to load and decrypt the stage2 ARM7 binary from the boot medium. DMA is used from the boot medium to the AES hardware, but the outupt of the AES accelerator is simply read by software.
# On success, the ARM9 instructs the ARM7 to load and decrypt the stage2 ARM7 binary from the boot medium. DMA is used from the boot medium to the AES hardware, but the output of the AES accelerator is simply read by software.
## Depending on the option bits in the stage2 header, this payload may be compressed.
## Depending on the option bits in the stage2 header, this payload may be compressed.
## Uncompressed payloads are loaded into NWRAM on the ARM7 side, and then mapped to the ARM9 using the MBK registers.
## Uncompressed payloads are loaded into NWRAM on the ARM7 side, and then mapped to the ARM9 using the MBK registers.
## Prepare keys for the next bootstage (some in the AES hardware, others copied to WRAM or ITCM)
## Prepare keys for the next bootstage (some in the AES hardware, others copied to WRAM or ITCM)
## The ARM7 will lock out both boot ROMs from the system memory bus using the SCFG registers. The ARM9 waits for this lockout to happen.
## The ARM7 will lock out both boot ROMs from the system memory bus using the SCFG registers. The ARM9 waits for this lockout to happen.
## Both cores, now synchronized using the lockout, will now jump to [[stage2]] code. (Current stage2 binaries will immediately re-synchronize the cores, however.
## Both cores, now synchronized using the lockout, will now jump to [[stage2]] code. (Current stage2 binaries will immediately re-synchronize the cores, however.)
Error codes are supposed to be interpreted as a 32-bit unsigned little-endian integer, the least significant byte describing the status of the NVRAM boot attempt, the next of the NAND boot attempt, and the third one describes the game cartridge boot attempt. The most significant byte is always 0.
Error codes are supposed to be interpreted as a 32-bit unsigned little-endian integer, the least significant byte describing the status of the NAND boot attempt, the next of the NVRAM boot attempt, and the third one describes the game cartridge boot attempt. The most significant byte is always 0.
The individual bytes carry the following meaning:
The individual bytes carry the following meaning:
! Error Code !! Description
! Error Code !! Description
|-
|-
| 0000FE00 || Error communicating with NAND chip (it's missing, CLK is shorted, etc.), or the most significant bit of the byte at 0x2ff of [NVRAM] has been cleared.
| 0000FE00 || Error communicating with NAND chip (it's missing, CLK is shorted, etc.), or the most significant bit of the byte at 0x2ff of [[NVRAM]] has been cleared.
|-
|-
| 0000FEFC || Integrity error in ARM9 info block of Stage 2 (address at 0x220)
| 0000FEFC || Integrity error in ARM9 info block of Stage 2 (address at 0x220)