Changes

| 0000FEFD || Integrity error in second block of Stage 2 (address at 0x230)

| 0000FEFD || Integrity error in second block of Stage 2 (address at 0x230)

|-

|-

| 0000FEFE || Boot sector integrity error (Sector 0x200 not valid)

| 0000FEFE || Boot sector integrity error (Sector 0x200 not valid), or error in [[NVRAM]] contents.

|}

|}

[[Image:boot-stage2-error.jpeg|frame|This may have been a Stage 2 bootloader error.]]

[[Image:boot-stage2-error.jpeg|frame|This may have been a Stage 2 bootloader error.]]

Not much concrete information is known about the second-stage bootloader. This may be an actual bootloader, or it's possible that this stage is the DSi Menu itself. The Stage 2 loader was not modified by the [[System Menu 1.4]] update. This is still earlier in the boot process than the "Health and Safety" warning.

Unlike the stage1 bootloader, which must be small enough to fit in ROM (probably several kilobytes), the stage2 bootloader has about a megabyte of NAND flash reserved for it. The stage2 bootloader understands partitions and filesystems, and it is capable of loading the DSi menu. It also must understand the encryption used on filesystem blocks in the NAND, and it must understand how to load and validate title metadata.

 

The Stage 2 loader was not modified by the [[System Menu 1.4]] update. This is still earlier in the boot process than the "Health and Safety" warning.

The first stage bootloader reads sector 0x200 in order to find a table of offsets to the Stage 2 bootloader:

The first stage bootloader reads sector 0x200 in order to find a table of offsets to the Stage 2 bootloader:

It is unclear why there are two pieces which are nearly but not quite the same size. Passive traces of the boot sequence confirm that the 0x26e00 chunk is slightly larger, and it's loaded first. The 0x800 chunk is read immediately after the 0x26e00 chunk.

It is unclear why there are two pieces which are nearly but not quite the same size. Passive traces of the boot sequence confirm that the 0x26e00 chunk is slightly larger, and it's loaded first. The 0x800 chunk is read immediately after the 0x26e00 chunk.

After Stage 2 is loaded:

After Stage 2 is loaded:

# The MBR signature and the type of the first partition are verified.

# The MBR signature and the type of the first partition are verified.

# Filesystem metadata is read from sectors starting around 0x100000. The metadata appears to be in FAT32 format with long filenames.

# Filesystem metadata is read from sectors starting around 0x100000. The metadata appears to be in FAT32 format with long filenames.

# A file is loaded from 0x790000 (just below 8MB). This may be the DSi Menu. If the "stage 2" loader ''is'' the DSi Menu, this may be data for the photo application that runs on the top screen.

# Multiple files are loaded from the filesystem. The exact read addresses will vary depending on your DSi's firmware version and the state of its filesystem when you performed the last firmware update. On a brand new DSi, it appears that the DSi Menu itself is loaded from 0xb20000 after two small metadata files are read from 0xb1c000 and 0x7a0000.

All errors show before the health and safety screen. It appears that stage2 errors from a cold power-on always cause the DSi to hang at a black screen, whereas stage2 errors after reset (pressing but not holding the power button) will give an error message screen.  Known errors:

All errors show before the health and safety screen. It appears that stage2 errors from a cold power-on always cause the DSi to hang at a black screen, whereas stage2 errors after reset (pressing but not holding the power button) will give an error message screen.  Known errors:

| "Error: 1-2435-8325" || Invalid signature or partition type in MBR, invalid starting LBA.

| "Error: 1-2435-8325" || Invalid signature or partition type in MBR, invalid starting LBA.

|-

|-

| "Error: 3-2435-8325" || Modified the file at 0x790000 (likely the DSi Menu)

| "Error: 3-2435-8325" || DSi Menu integrity checks failed

|-

|-

|}

|}