119
edits
Changes
Jump to navigation
Jump to search
Line 105:
Line 105: − Writing values to SYSPROT sets the specified bitmask. The ARM9 [[Memory_layout|bootrom]](+0x8000) is disabled by writing bit0. bit1 is used by NATIVE_FIRM to make sure console-unique TWL AES-keys are only set at hard-boot. It is not possible to set any other bits.+ − From disassembly of the New3DS process9, it appears that setting bit1 disables the 0x10012000+ region.+ + + + + + + + + + + + + + + +
Better explanation of CFG_SYSPROT9
==CFG_SYSPROT9 ==
==CFG_SYSPROT9 ==
CFG_SYSPROT9 is used to permanently disable certain security-sensitive ARM9 memory areas until the next hard reset.
{| class="wikitable" border="1"
! Bit
! Description
|-
| 0
| Disables ARM9 [[Memory_layout|bootrom]](+0x8000) when set to 1. Cannot be cleared to 0 once set to 1.
|-
| 1
| Disables [[OTP_Registers|OTP area]] when set to 1. Cannot be cleared to 0 once set to 1.
|}
On Old 3DS, NATIVE_FIRM reads CFG_SYSPROT9 to know whether it has previously initialized the TWL console-unique keys using the OTP data. After setting the TWL console-unique keys, NATIVE_FIRM sets CFG_SYSPROT9 bit 1 to disable the OTP area. In subsequent FIRM launches prior to the next reset, NATIVE_FIRM will see that the OTP area is disabled, and skip this step.
On New 3DS, the above is instead done by the [[FIRM#New_3DS_FIRM|Kernel9 loader]]. In addition to using the OTP data for initializing the TWL console-unique keys, the Kernel9 loader will generate the decryption key for NATIVE_FIRM. The final keyslot for NATIVE_FIRM is preserved, so that at a non-reset FIRM launch, the keyslot can be reused, since the OTP would then be inaccessible.
It is not possible to set any other bits.
== CFG_SYSPROT11 ==
== CFG_SYSPROT11 ==