Difference between revisions of "Bootloader"

From 3dbrew
Jump to navigation Jump to search
(27 intermediate revisions by 7 users not shown)
Line 1: Line 1:
When the 3DS does not find the NAND chip, the following error is displayed:
+
The bootloader is the binary code stored in the ARM9 and ARM11 boot ROMs and hence is ran when the 3DS is powered on. It's purpose is initializing hardware and loading the [[FIRM|system firmware]] from the internal [[Flash_Filesystem|NAND memory]].
 +
 
 +
Besides NATIVE_FIRM, the bootloader is also capable of booting other firmwares (such as TWL_FIRM and AGB_FIRM). However, this will result either in a japanese error-screen or a system shutdown, directly after FIRM-Launching.
 +
 
 +
== Boot ROM ==
 +
Upon boot, parts of the ARM9 and ARM11 boot ROMs are protected by writing to [[CONFIG#CFG_SYSPROT9|CFG_SYSPROT9]] and [[CONFIG#CFG_SYSPROT11|CFG_SYSPROT11]], respectively. The non-protected areas of the ARM9 and ARM11 boot ROMs are identical for launch-day regular Old3DS, 2DS, and regular New3DS.
 +
 
 +
== Boot Procedure ==
 +
 
 +
* 0 seconds - unit is powered on. The ARM9 and ARM11 [[Memory_layout|bootroms]] begin execution.
 +
 
 +
* 2 seconds - ARM9 bootrom attempts to initialize the NAND.
 +
**If the NAND is successfully initialized:
 +
***the ARM9 bootrom loads the [[FIRM|firmware]] stored in the NAND [[FIRM]] partition which handles booting the rest of the system (if verification for NAND firm0 fails, the ARM9 bootrom will attempt to use firm1 instead).
 +
***The ARM11 kernel loaded from FIRM then launches the [[NCCH#CXI|CXI]] ARM11 system modules loaded from FIRM (i.e. sm, fs, pm, loader, and pxi). (Note that the ARM11 kernel does not handle any encryption/RSA verification, this is handled by the [[FIRM|ARM9]].)
 +
**If the NAND cannot be initialized (i.e. the NAND chip is not connected/damaged/etc), a [[Bootloader#Error_Codes|blue error screen]] appears.
  
[[Image:CTR_Bootrom_Error.jpg|500px]]
+
* 3 seconds - all essential hardware is active.
 +
**The [[Process_Manager_Services|PM]] module launches [[NS]]
 +
**If [[Home_Menu#Auto-Boot_Function|auto-booting]] is needed, NS will [[NS#Auto-boot|auto-boot]] titles.
 +
**Otherwise, NS will instead launch [[ErrDisp]] and the [[Configuration Memory#ACTIVEMENUTID|current active menu]] via the PM module. For retail units, this menu is usually the [[Home Menu]]. Note that the PM module first launches the module dependencies when launching a process, prior to actually launching the process.
 +
**The further Home Menu startup process is described [[Home_Menu#Home_Menu_startup|here]].
  
The 3DS' Boot procedure:
+
* 4 seconds - the LCD screens are initialized.
  
* 0 Seconds - unit is powered on bootloader begins 
+
* 7 seconds - [[Home Menu]] is fully initialized/loaded.
  
* 2 Seconds - bootloader attempts to initialize the NAND. If the NAND is successfully initialized, it takes over booting the 3DS. If the NAND, cannot be initialized (i.e. the NAND chip is not connected/damaged etc) a blue error screen similar to the screen above appears.
+
== NAND Reads during Boot ==
 +
During a successful boot on 6.x, the bootloader (and firm) reads the following sectors from NAND (in this order):
 +
00000000 (NCSD Partition Table)
 +
 +
Only verify 'FIRM' magic? (A second Header-read will be attempted even if everything except the magic is 0xFF...)
 +
0B130000 (FIRM Partition)
 +
0B530000 (Secondary FIRM Partition)
 +
 +
Verify RSA signature and parse Header:
 +
0B130000 (FIRM: Header)
 +
0B130200 (FIRM: Section 1)
 +
0B163E00 (FIRM: Section 2)
 +
0B193E00 (FIRM: Section 3)
 +
 +
00013000 .. Below is probably NATIVE_FIRM booting ..
 +
00014000
 +
00015000
 +
00016000
 +
00017000
 +
 +
09011A00
 +
09011C00
 +
09012000
 +
09012400
 +
...
  
* 3 Seconds - all essential hardware is active - checks all connected devices and will boot the slot 1 device if it is an auto-boot card(like kiosk demos etc). The home menu has not initialized at this point as auto-booted games by-pass certain [[Home Menu]] security measures, like parental control and forced updates. Also auto-booted games are not logged as being run from the [[Home Menu]]. Begins to initialize [[Home Menu]] if an auto-boot slot1 device is not found.
+
== Error Codes ==
 +
When the 3DS does not find the NAND chip, the following error is displayed:
  
* 4 Seconds - the LCD screens are initialized
+
[[Image:CTR_Bootrom_Error.jpg|240px]]
  
* 7 Seconds - [[Home Menu]] is fully initialized/loaded
+
{| class="wikitable" border="1"
 +
|-
 +
!  Error
 +
!  Description
 +
|-
 +
| <tt>00F800FE 00000000 00000000 00000200 00000000</tt>
 +
| Error when having SD-card reader connected to NAND during boot.
 +
|-
 +
| <tt>00F800FE 00000000 00000000 00000400 00000000</tt>
 +
| NAND not found error (?)
 +
|-
 +
| <tt>00F800FE FFFFFFFF FFFFFFFF 00000080 00800000</tt>
 +
| NAND error when DAT1 was used as DAT0.
 +
|-
 +
| <tt>00F800FE FFFFFFFF FFFFFFFF 00000005 00800000</tt>
 +
| NAND error when DAT2 was used as DAT0.
 +
|-
 +
| <tt>00F800FE FFFFFFFF FFFFFFFF 00000005 00000000</tt>
 +
| NAND error when DAT3 was used as DAT0.
 +
|-
 +
| <tt>00F800FF F8F8FFFF FFFFFFFF 00000000 00000000</tt>
 +
| Both the firm0 and firm1 partitions are corrupt (failed signature checks).
 +
|-
 +
| <tt>00F800EE FFFFFFFF FFFFFFFF 00000000 00000000</tt>
 +
| [[NCSD]] header in sector 0 is corrupt (failed signature check).
 +
|}

Revision as of 14:41, 18 October 2015

The bootloader is the binary code stored in the ARM9 and ARM11 boot ROMs and hence is ran when the 3DS is powered on. It's purpose is initializing hardware and loading the system firmware from the internal NAND memory.

Besides NATIVE_FIRM, the bootloader is also capable of booting other firmwares (such as TWL_FIRM and AGB_FIRM). However, this will result either in a japanese error-screen or a system shutdown, directly after FIRM-Launching.

Boot ROM

Upon boot, parts of the ARM9 and ARM11 boot ROMs are protected by writing to CFG_SYSPROT9 and CFG_SYSPROT11, respectively. The non-protected areas of the ARM9 and ARM11 boot ROMs are identical for launch-day regular Old3DS, 2DS, and regular New3DS.

Boot Procedure

  • 0 seconds - unit is powered on. The ARM9 and ARM11 bootroms begin execution.
  • 2 seconds - ARM9 bootrom attempts to initialize the NAND.
    • If the NAND is successfully initialized:
      • the ARM9 bootrom loads the firmware stored in the NAND FIRM partition which handles booting the rest of the system (if verification for NAND firm0 fails, the ARM9 bootrom will attempt to use firm1 instead).
      • The ARM11 kernel loaded from FIRM then launches the CXI ARM11 system modules loaded from FIRM (i.e. sm, fs, pm, loader, and pxi). (Note that the ARM11 kernel does not handle any encryption/RSA verification, this is handled by the ARM9.)
    • If the NAND cannot be initialized (i.e. the NAND chip is not connected/damaged/etc), a blue error screen appears.
  • 3 seconds - all essential hardware is active.
    • The PM module launches NS
    • If auto-booting is needed, NS will auto-boot titles.
    • Otherwise, NS will instead launch ErrDisp and the current active menu via the PM module. For retail units, this menu is usually the Home Menu. Note that the PM module first launches the module dependencies when launching a process, prior to actually launching the process.
    • The further Home Menu startup process is described here.
  • 4 seconds - the LCD screens are initialized.
  • 7 seconds - Home Menu is fully initialized/loaded.

NAND Reads during Boot

During a successful boot on 6.x, the bootloader (and firm) reads the following sectors from NAND (in this order): 

00000000 (NCSD Partition Table)

Only verify 'FIRM' magic? (A second Header-read will be attempted even if everything except the magic is 0xFF...)
0B130000 (FIRM Partition)
0B530000 (Secondary FIRM Partition)

Verify RSA signature and parse Header:
0B130000 (FIRM: Header)
0B130200 (FIRM: Section 1)
0B163E00 (FIRM: Section 2)
0B193E00 (FIRM: Section 3)

00013000 .. Below is probably NATIVE_FIRM booting ..
00014000
00015000
00016000
00017000

09011A00
09011C00
09012000
09012400
...

Error Codes

When the 3DS does not find the NAND chip, the following error is displayed:

CTR Bootrom Error.jpg

Error Description
00F800FE 00000000 00000000 00000200 00000000 Error when having SD-card reader connected to NAND during boot.
00F800FE 00000000 00000000 00000400 00000000 NAND not found error (?)
00F800FE FFFFFFFF FFFFFFFF 00000080 00800000 NAND error when DAT1 was used as DAT0.
00F800FE FFFFFFFF FFFFFFFF 00000005 00800000 NAND error when DAT2 was used as DAT0.
00F800FE FFFFFFFF FFFFFFFF 00000005 00000000 NAND error when DAT3 was used as DAT0.
00F800FF F8F8FFFF FFFFFFFF 00000000 00000000 Both the firm0 and firm1 partitions are corrupt (failed signature checks).
00F800EE FFFFFFFF FFFFFFFF 00000000 00000000 NCSD header in sector 0 is corrupt (failed signature check).
Retrieved from "https://www.3dbrew.org/w/index.php?title=Bootloader&oldid=14040"