Changes

Boot0 (view source)

Revision as of 05:58, 1 November 2009

61 bytes removed , 05:58, 1 November 2009

m

no edit summary

Line 3: Line 3:

It contains code to read the first 48 pages of the attached NAND flash, decrypt them with a fixed AES key, hash them with SHA1, and compare the hash with a value read from OTP memory. If the hashes do not match, the system will refuse to boot. If the hash in OTP is all zeroes, then the system will always boot -- this is true of development consoles and probably also during the manufacturing process. For more discussion on this subject, see [http://hackmii.com/2008/05/boot0/ bushing's HackMii post].

−

The division between boot0/boot1 allows the RSA signature verification to be done using trusted code loaded from flash; it would not have fit into the 4K of space available. ~~Although it appears to have been hand-~~coded in assembly~~, there are some "dead" / unused pieces of code~~.

+

The division between boot0/boot1 allows the RSA signature verification to be done using trusted code loaded from flash; it would not have fit into the 4K of space available. It is coded in a mixture of C and assembly.

; reset vectors

Line 478: Line 478:

FFFF05F8 ; ---------------------------------------------------------------------------

FFFF05FC boot1_key DCD 0x9258A752,0x64960D82,0x676F9044,0x56882A73

−

FFFF05FC ; DATA XREF: main:~~off_FFFF04E4o~~

+

FFFF05FC ; DATA XREF: main:off_FFFF04E4

−

FFFF060C boot1_iv DCD 0, 0, 0, 0 ; DATA XREF: main:~~off_FFFF04E8o~~

+

FFFF060C boot1_iv DCD 0, 0, 0, 0 ; DATA XREF: main:off_FFFF04E8

FFFF1FFC DCD 0xABAB0101 ; not sure what this is

FFFF1FFC ; boot0 ends

Bushing

Bureaucrats, Check users, oversight, Administrators

834

edits

Changes

Boot0 (view source)

Revision as of 05:58, 1 November 2009

Navigation menu

Search