3dbrew

Memory layout: Difference between revisions

← Older edit
mNo edit summary
 
(13 intermediate revisions by 4 users not shown)
Line 33: Line 33:
| 0x17E10000
| 0x17E10000
| 0x00001000
| 0x00001000
| L2C-310 Level 2 Cache Controller (2MB)
| L2C-310 r3p3 Level 2 Cache Controller (2MB)
|-
|-
| style="background: green" | Yes
| style="background: green" | Yes
| 0x18000000
| 0x18000000
| 0x00600000
| 0x00600000
| VRAM (divided in two banks, VRAM and VRAMB)
| VRAM (divided in two areas VRAM A and B, four banks in total)
|-
|-
| style="background: red" | No
| style="background: red" | No
Line 80: Line 80:
* Writes value <code>0xFFFF</code> to 32-bit register <code>0x17E10000</code>+<code>0x77C</code>.
* Writes value <code>0xFFFF</code> to 32-bit register <code>0x17E10000</code>+<code>0x77C</code>.
* Waits for bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x730</code> to become clear.
* Waits for bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x730</code> to become clear.
* Writes value <code>0x0<code> to 32-bit register <code>0x17E10000</code>+<code>0x0</code>.
* Writes value <code>0x0</code> to 32-bit register <code>0x17E10000</code>+<code>0x0</code>.
* Clears bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x100</code>.
* Clears bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x100</code>.


=== <code>0x1F000000</code> ([[New 3DS]] only) ===
=== <code>0x1F000000</code> ([[New 3DS]] only) ===
This area is used by [[QTM Services]],starting at offset <code>0x200000</code>, size <code>0x180000</code>. This area is not accessible to the GPU on the old 3DS. The old 3DS and New 3DS GSP module has <code>vaddr-&gt;physaddr</code> conversion code for this entire region. On the New 3DS, only the first <code>0x200000</code> bytes (half of this memory) are accessible to the GPU.
This area is used by [[QTM Services]] and Kernel11,starting at offset <code>0x200000</code>, size <code>0x180000</code>. This area is not accessible to the GPU on the old 3DS. The old 3DS and New 3DS GSP module has <code>vaddr-&gt;physaddr</code> conversion code for this entire region. On the New 3DS, only the first <code>0x200000</code> bytes (half of this memory) are accessible to the GPU.


== ARM9 ==
== ARM9 ==
Line 152: Line 152:
| 0xFFF00000
| 0xFFF00000
| 0x00004000
| 0x00004000
| Data TCM (Mapped during bootrom)
| Data TCM (Mapped during bootrom). Enabled at the time Boot9 jumps to FIRM, however Kernel9+arm9loader disables it.
|-
|-
| style="background: green" | Yes
| style="background: green" | Yes
Line 366: Line 366:
| RO
| RO
|}
|}
===[[Bootloader|Boot9]]===
{| class="wikitable" border="1"
|-
!  Region
!  Address
!  Size
!  Privileged-mode data permissions
!  User-mode data permissions
!  Privileged-mode instruction permissions
!  User-mode instruction permissions
|-
| 0
| 0x20000000
| 0x08000000
| None
| None
| None
| None
|-
| 1
| 0x10000000
| 0x10000000
| RW
| RW
| None
| None
|-
| 2
| 0x08000000
| 0x00100000
| RW
| RW
| None
| None
|-
| 3
| 0x08000000
| 0x00000400
| RW
| RW
| RO
| RO
|-
| 4
| 0xFFF00000
| 0x00004000
| RW
| RW
| None
| None
|-
| 5
| 0x07FF8000
| 0x00008000
| RW
| RW
| RO
| RO
|-
| 6
| 0xFFFF0000
| 0x00010000
| RO
| RO
| RO
| RO
|-
| 7
| 0x1FFFE000
| 0x00000800
| RW
| RW
| None
| None
|}
* Instruction cachable bits = 0x40(only enabled for region6).
* Data cachable bits = 0x44(only enabled for region2 and region6).
* Data bufferable bits = 0x44(only enabled for region2 and region6).
These are the same for both Old3DS/New3DS.


==ARM9 ITCM==
==ARM9 ITCM==
Line 391: Line 473:
|  
|  
| 0x3800
| 0x3800
| 0x4
| 0x100
| This is always 0xDEADB00F.
| This is the first 0x90 bytes of [[OTP_Registers#Plaintext_OTP|plaintext OTP]] when OTP hash verification is successful. The remaining 0x70 bytes are cleared.
|-
| 0x01FFB804
|
| 0x3804
| 0x4
| This is the u32 DeviceId.
|-
| 0x01FFB808
|
| 0x3808
| 0x10
| This is the fall-back keyY used for movable.sed keyY when movable.sed doesn't exist in NAND(the last two words here are used on retail for generating console-unique TWL keydata/etc). This is also used for "LocalFriendCodeSeed", etc.
|-
| 0x01FFB818
|
| 0x3818
| 0x1
| ?
|-
| 0x01FFB819
|
| 0x3819
| 0x1
| This is the [[CTCert]] issuer type: 0 = retail "Nintendo CA - G3_NintendoCTR2prod", non-zero = dev "Nintendo CA - G3_NintendoCTR2dev".
|-
| 0x01FFB81A
|
| 0x381A
| 0x6
| ?
|-
| 0x01FFB820
|
| 0x3820
| 0x4
| This is the CTCert ECDSA exponent, this is byte-swapped when *((u8*)(0x01FFB800+0x18)) is >=5.
|-
| 0x01FFB824
|
| 0x3824
| 0x2
| ?
|-
| 0x01FFB826
|
| 0x3826
| 0x1E
| This is the CTCert ECDSA privk.
|-
| 0x01FFB844
|
| 0x3844
| 0x3C
| This is the CTCert ECDSA signature.
|-
|-
| 0x01FFB880
| 0x01FFB880
|  
|  
| 0x3880
| 0x3890
| 0x80
| 0x70
| This is all-zero.
| This is all zeros; boot ROM does not reveal the console-specific keys or the OTP hash in ITCM.
|-
|-
| 0x01FFB900
| 0x01FFB900
Line 464: Line 492:
| 0x3B00
| 0x3B00
| 0x200
| 0x200
| This is the 0x200-bytes from the plaintext NAND firm partition FIRM header, read by bootrom.
| This is the 0x200-bytes from the plaintext FIRM header for the FIRM which was loaded by [[Bootloader|Boot9]]. This is the only location Boot9 uses for storing the loaded FIRM headers internally, it's not stored anywhere else.
|-
|-
| 0x01FFBD00
| 0x01FFBD00
Line 553: Line 581:
| 0xB90
| 0xB90
| Uninitialized memory.
| Uninitialized memory.
0x01FFFC00 size 0x100-bytes starting with [[9.5.0-22|9.5.0-X]] is the FIRM header used during FIRM-launching.
|-
| 0x01FFFC00
|
| 0x7C00
| 0x100
| Starting with [[9.5.0-22|9.5.0-X]] is the FIRM header used during FIRM-launching.
|}
|}


Line 605: Line 638:
FCRAM is partitioned into three regions of memory (APPLICATION, SYSTEM, and BASE). Most applications can only allocate memory from one of these regions (which is encoded in the [[NCCH/Extended_Header#ARM11_Kernel_Flags|process kernel flags]]). There is a fixed set of possible size of each memory region, determined by the APPMEMTYPE value in [[Configuration_Memory#APPMEMTYPE|configuration memory]] (which in turn is set up according to the [[FIRM#FIRM_Launch_Parameters|firmware launch parameters]]).
FCRAM is partitioned into three regions of memory (APPLICATION, SYSTEM, and BASE). Most applications can only allocate memory from one of these regions (which is encoded in the [[NCCH/Extended_Header#ARM11_Kernel_Flags|process kernel flags]]). There is a fixed set of possible size of each memory region, determined by the APPMEMTYPE value in [[Configuration_Memory#APPMEMTYPE|configuration memory]] (which in turn is set up according to the [[FIRM#FIRM_Launch_Parameters|firmware launch parameters]]).


Support for APPMEMTYPEs 6 and 7 was implemented in [[NS]] with [[8.0.0-18]]. These configurations are only supported in the [[New_3DS]] ARM11-kernel, and are in fact the only ones supported there at all. Applications only get access to the larger memory regions when this is specified in their [[NCCH/Extended Header#New3DS System Mode|extended header]].
Support for APPMEMTYPEs 6 and 7 (and 8?) was implemented in [[NS]] with [[8.0.0-18]]. These configurations are only supported in the [[New_3DS]] ARM11-kernel, and are in fact the only ones supported there at all. Applications only get access to the larger memory regions when this is specified in their [[NCCH/Extended Header#New3DS System Mode|extended header]].


{| class="wikitable" border="1"
{| class="wikitable" border="1"
Line 656: Line 689:
| 0x01400000
| 0x01400000
|-
|-
| 6 (This is the default on New3DS. With [[New_3DS]] kernel this is the type used when the value is not 7)
| 6 and 8 (6 is the default on New3DS. With [[New_3DS]] kernel this is the type used when the value is neither 7 nor 8)
| 0x0
| 0x0
| 0x07C00000(124MB)
| 0x07C00000(124MB)
Retrieved from "https://www.3dbrew.org/wiki/Memory_layout"