OTP Registers
Revision as of 16:45, 30 March 2015 by Plutooo (talk | contribs) (Created page with "Keys seem to be stored here? Access to this region is disabled once the ARM9 writes 0x2 to REG_SYSPROT9. Originally the console-unique TWL keyinit + region disable wa...")
Keys seem to be stored here? Access to this region is disabled once the ARM9 writes 0x2 to REG_SYSPROT9.
Originally the console-unique TWL keyinit + region disable was done by Kernel9. However, with the New_3DS FIRM ARM9 binary this is now done in the FIRM ARM9 binary loader, which also uses the 0x10012000 region for key generation.
On development units (UNITINFO!=0) ARM9 uses the first 8-bytes from 0x10012000 for the TWL keydata. This region doesn't seem to be used by NATIVE_FIRM on retail at all, besides New3DS key-generation in the ARM9-loader. It is unknown if bootrom reads from it, but probably.
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x100 | Console-unique data. |
| 0x100 | 0x8 | Before writing REG_SYSPROT9 bit1, the ARM9 copies the 8-byte TWL-keydata to here. |