Changes

'''boot1''' is the second stage loader for the Wii. It is loaded by [[boot0]], which is stored inside a Mask ROM inside the Hollywood. boot1 is contained inside the first block of NAND flash and encrypted with a key stored in the Mask ROM as part of boot0. As part of the boot process, boot0 will decrypt and hash boot1, and then compare it to a SHA1 hash stored in on-die OTP memory; if they do not match, then boot1 will not be executed.  This means that any attempt to modify boot1 on a Wii will cause it to fail to boot.

'''boot1''' is the second stage loader for the Wii. It is loaded by [[boot0]], which is stored inside a Mask ROM inside the [[Hollywood]]. boot1 is contained inside the first block of [[NAND]] flash and encrypted with a key stored in the Mask ROM as part of '''boot0'''. As part of the [[boot process]], '''boot0''' will decrypt and hash '''boot1''', and then compare it to a SHA1 hash stored in on-die OTP memory; if they do not match, then '''boot1''' will not be executed.  This means that any attempt to modify boot1 on a Wii will cause it to fail to boot.

There is a hard limit on the size of boot1: 48 pages of 2K each, or 96K. Of that, approximately 17K is actually used.

There is a hard limit on the size of boot1: 48 pages of 2K each, or 96K. Of that, approximately 17K is actually used.

boot1 runs entirely out of on-die SRAM and performs initialization of the external DDR3 memory. It then loads boot2 (from a special partition in NAND), decrypts it and performs an RSA verification on it. Splitting the first part of the bootloader into boot0 and boot1 allows Nintendo to change RAM chips and also to fix bugs in RSA verification without respinning the Starlet core; at least 5 known versions of boot1 exist, most of which only differ in small ways in the DDR3 initialization code.

boot1 runs entirely out of on-die SRAM and performs initialization of the external DDR3 memory. It then loads [[boot2]] (from a special partition in NAND), decrypts it and performs an RSA verification on it. Splitting the first part of the bootloader into '''boot0''' and '''boot1''' allows Nintendo to change RAM chips and also to fix bugs in RSA verification without respinning the Starlet core; at least 5 known versions of boot1 exist, most of which only differ in small ways in the DDR3 initialization code.

Some time in 2008, Nintendo fixed the [[Signing bug|strncmp bug]] in boot1 for newly-manufactured Wiis, preventing boot2 from being modified by e.g. [[BootMii]].

Some time in 2008, Nintendo fixed the [[Signing bug|strncmp bug]] in boot1 for newly-manufactured Wiis, preventing boot2 from being modified by e.g. [[BootMii]].

boot1 will detect an attempt to downgrade boot2, comparing the version number of the TMD in flash against a value store in the serial EEPROM; if the value in flash is less than that in EEPROM, it will fail to boot with error 10.

boot1 will detect an attempt to downgrade '''boot2''', comparing the version number of the [[TMD]] in flash against a value store in the serial EEPROM. If the value in flash is less than that in EEPROM, it will fail to boot with error 10.

== boot1 error codes ==

== boot1 error codes ==

|}

|}

For comparison, here is the version history of [[bc]], which is very similar to boot1:

For comparison, here is the version history of [[BC]], which is very similar to boot1:

{| class="wikitable"

{| class="wikitable"