Changes

Memory layout (edit)

Revision as of 06:58, 18 December 2015

7 bytes added , 06:58, 18 December 2015

m

"modulus" is the correct Latin case here.

Line 471: Line 471:

| 0x3F00

| 0x100

−

| This is the RSA-2048 ~~modulo~~ for [[RSA_Registers|RSA]]-engine slot2.

+

| This is the RSA-2048 modulus for [[RSA_Registers|RSA]]-engine slot2.

|-

| 0x01FFC000

Line 477: Line 477:

| 0x4000

| 0x100

−

| This is the RSA-2048 ~~modulo~~ for RSA-engine slot3.

+

| This is the RSA-2048 modulus for RSA-engine slot3.

|-

| 0x01FFC100

Line 483: Line 483:

| 0x4100

| 0x800

−

| These are RSA-2048 keys: 4 slots, each slot is 0x200-bytes. Slot+0 is the ~~modulo~~, slot+0x100 is the private-exponent. This can be confirmed by RSA-decrypting a message into a signature, then RSA-encrypting the signature back into a message, and comparing the original message with the output from the last operation.

+

| These are RSA-2048 keys: 4 slots, each slot is 0x200-bytes. Slot+0 is the modulus, slot+0x100 is the private exponent. This can be confirmed by RSA-decrypting a message into a signature, then RSA-encrypting the signature back into a message, and comparing the original message with the output from the last operation.

[[FIRM]] doesn't seem to ever use these. None of these are related to RSA-keyslot0 used for v6.0/v7.0 key generation. These modulus are separate from all other modulus used elsewhere.

Line 492: Line 492:

| 0x400

| The unprotected ARM9-bootrom copies data to 0x07FFC900(mirror of 0x01FFC900) size 0x400. This data is copied from AXI WRAM, initialized by ARM11-bootrom(the addr used for the src is determined by [[CONFIG_Registers|REG_UNITINFO]]). These are RSA modulus: retailsrcptr = 0x1FFFD000, devsrvptr = 0x1FFFD400.

−

* The first 0x100-bytes here is the RSA-2048 ~~modulo~~ for the CFA NCCH header, and for the gamecard NCSD header.

+

* The first 0x100-bytes here is the RSA-2048 modulus for the CFA NCCH header, and for the gamecard NCSD header.

−

* 0x01FFCA00 is the RSA-2048 ~~modulo~~ for the CXI accessdesc signature, written to rsaengine keyslot1 by NATIVE_FIRM.

+

* 0x01FFCA00 is the RSA-2048 modulus for the CXI accessdesc signature, written to rsaengine keyslot1 by NATIVE_FIRM.

* 0x01FFCB00 size 0x200 is unknown, probably RSA related, these aren't used by [[FIRM]](these are not console-unique).

|-

Line 971: Line 971:

| 0x27D00000

|

−

| The data located here is copied to here by the ARM11 process. The data located here is a TWL NAND [http://dsibrew.org/wiki/Bootloader bootloader] image, using the same format+encryption/verification methods as the DSi NAND bootloader(stage2). The keyX for this bootloader keyslot is initially set to the retail DSi key-data, however when TWL_FIRM is launched this keyX key-data is replaced with a separate keyX. TWL_FIRM can use either the retail DSi bootloader RSA-1024 ~~modulo~~, or a seperate ~~modulo~~: normally only the latter is used(the former is only used when loading the image from FS instead of FCRAM). When using the image from FCRAM(default code-path), TWL_FIRM will not calculate+check the hashes for the bootloader code binaries(this is done when loading from FS however).

+

| The data located here is copied to here by the ARM11 process. The data located here is a TWL NAND [http://dsibrew.org/wiki/Bootloader bootloader] image, using the same format+encryption/verification methods as the DSi NAND bootloader(stage2). The keyX for this bootloader keyslot is initially set to the retail DSi key-data, however when TWL_FIRM is launched this keyX key-data is replaced with a separate keyX. TWL_FIRM can use either the retail DSi bootloader RSA-1024 modulus, or a seperate modulus: normally only the latter is used(the former is only used when loading the image from FS instead of FCRAM). When using the image from FCRAM(default code-path), TWL_FIRM will not calculate+check the hashes for the bootloader code binaries(this is done when loading from FS however).

|-

| 0x0FDF7000

Myria

119

edits