3dbrew

Bootloader: Difference between revisions

← Older edit
Pigeon (talk | contribs)
18 edits
m Fixed grammar
MarcusD (talk | contribs)
Trusted
225 edits
Add some """"low-hanging"""" SD driver error code bits
 
(9 intermediate revisions by 4 users not shown)
Line 103: Line 103:


== BootROM Errors ==
== BootROM Errors ==
Here is the format of the numbers displayed on the error screen:
  BOOTROM 8046
  ERRCODE: ffWWGGNN
  p3p2p1p0 p7p6p5p4
  sd_softE sd_hardE
* <code>ff</code>: sleep switch state (2==MCU sleep switch closed, 1==GPIO sleep switch closed (very bad if this happens), 0==sleep switch open)
* <code>WW</code>: NVRAM (WiFi Flash) FIRM load error code
* <code>GG</code>: ntrboot FIRM load error code
* <code>NN</code>: NAND header (NCSD) load error code
* <code>p<N></code>: NAND FIRM partition load error code. Note the order of the partitions in the error code!
* <code>sd_softE</code>: software error (SD driver status bits, see one section lower)
* <code>sd_hardE</code>: hardware error (SD device status bits, see one section lower)
Sample error-screen(where firm0+firm1 RSA signatures were corrupted):
Sample error-screen(where firm0+firm1 RSA signatures were corrupted):


Line 115: Line 130:
* 4th line is: <code>print_string(..., "%08X %08X",*((unsigned int*)(0x1FFFE000+0x18))`, `*((unsigned int*)(0x1fffe000+0x1C)));//See below memory notes.</code>
* 4th line is: <code>print_string(..., "%08X %08X",*((unsigned int*)(0x1FFFE000+0x18))`, `*((unsigned int*)(0x1fffe000+0x1C)));//See below memory notes.</code>


== 0x1FFFE000 memory ==
 
=== 0x1FFFE000 memory ===
This memory is used by boot9 mainly for sending info to the arm11 for the error-screen. The data in this region is still stored in memory by the time the ARM9+ARM11 jumps to FIRM.
This memory is used by boot9 mainly for sending info to the arm11 for the error-screen. The data in this region is still stored in memory by the time the ARM9+ARM11 jumps to FIRM.


Line 123: Line 139:
* u32 0x1FFFE000+4: ARM11 MPCore "Count Register 0 (PMN0)".
* u32 0x1FFFE000+4: ARM11 MPCore "Count Register 0 (PMN0)".
* u32 0x1FFFE000+8: ARM11 MPCore "Count Register 1 (PMN0)".
* u32 0x1FFFE000+8: ARM11 MPCore "Count Register 1 (PMN0)".
* 8bit-entry-array 0x1FFFE000+0xC: 8bit status-codes initialized by boot9 main(), for the FIRM-boot devices. +0 is NAND, +1 is NTRCARD and +2 is wifi-spiflash.
* s8[4] 0x1FFFE000+0xC: 8bit status-codes initialized by boot9 main(), for the FIRM-boot devices. +0 is NAND, +1 is NTRCARD and +2 is WiFi Flash, +3 is sleep sensor state.
* ...
* s8[8] 0x1FFFE000+0x10: Status-codes originally from nand_findfirmpartition_loadfirm(), for each of the 8 NCSD partitions.
* 8bit-entry-array 0x1FFFE000+0x10: Status-codes originally from nand_findfirmpartition_loadfirm(), for each of the 8 NCSD partitions.
* u32 0x1FFFE000+0x18: SD driver internal error bitfield
* u32 0x1FFFE000+0x1C: R1 status bits received from the SD device, AND-ed with 0xFDFF0080 if eMMC (NAND), otherwise 0xFDF90008 if SD.
 
=== BootROM SD driver error bits ===
{| class="wikitable" border="1"
|-
!  Value
!  Description
|-
| 0x1
| STATUS2: received cmd field does not match what was sent
|-
| 0x2
| STATUS2: received CRC does not match what was calculated
|-
| 0x4
| STATUS2: framing error, stop bit was not encountered
|-
| 0x8
| STATUS2: data was not received within the timeout period
|-
| 0x10
| STATUS2: RX FIFO overflow
|-
| 0x20
| STATUS2: TX FIFO overflow
|-
| 0x40
| STATUS2 (bit31): illegal access error (???)
|-
| 0x80
| At least one error bit was set in the command reply from the SD device, or other unexpected state is reported.
|-
| 0x100
| An illegal command was received by the SD device (ILLEGAL_COMMAND bit set).
|-
| 0x200
| Timer-based timeout while waiting for SD device operations to finish.
|-
| 0x400
| Got a timer-based timeout during MMC initialization sequence.
|-
| 0x800
| ??? some sort of timeout
|-
| 0x8000
| Timeout while trying to perform AES operation on sector data
|-
| 0x80000
| Tried to perform AES operation while another AES operation is taking place
|}
 
=== BootROM SD device error bits ===
These error codes are received directly from the device, and are in the same format as received in an R1 type reply.
 
See [https://www.sdcard.org/downloads/pls/ SD Specifications Part 1 Physical Layer Simplified Specification] for the error bit list.


== BootROM Status Codes ==
=== BootROM Status Codes ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
Line 134: Line 205:
|-
|-
| 0x00
| 0x00
| Success
| Device was not considered to be loaded.
Can also indicate success, but not necessarily when seeing the blue bootrom error screen.
|-
|-
| 0xEE(~17)
| 0xFF(-1)
| NCSD header validation function failed: NCSD magicnum is invalid or RSA verification failed.
| Partition skipped due to it not being a FIRM partition (partition fs type isn't 0x3 and partition fs crypt-type isn't 0x2).
|-
|-
| 0xDE(~33)
| 0xFE(-2)
| FIRM header validation function failed: FIRM magicnum is invalid or RSA verification failed.
| Device initialization failed due to it missing or malfunctioning
|-
|-
| 0xDF(~32)
| 0xFD(-3)
| Failed to read sector data from the device.
| *unobtainable* SD driver initialization failed due to boot9 state not being initialized correctly (it's always initialized)
|-
|-
| 0xCF(~48)
| 0xF8(-8)
| FIRM section validation function failed: FIRM section is invalid.
| The FIRM header magic is not matching "FIRM".
|-
|-
| 0xF7(~8)
| 0xF7(-9)
| A NAND FIRM from another partition was already found with a priority(firmhdr+4) >= to the value for the current partition's FIRM priority.
| FIRM image loading got skipped due to already having found an equal or higher priority (firmhdr+4) FIRM to load.
|-
|-
| 0xF8(~7)
| 0xEF(-17)
| The FIRM magicnum(firmhdr+0) is invalid.
| Failed to load NCSD header from NAND
|-
|-
| 0xFF(~0)
| 0xEE(-18)
| Initial value for each entry in the 8-entry array of status-codes for the NAND NCSD partitions. Indicates that the partition is not a FIRM partition(partition fs type isn't 0x3 or partition fs crypt-type isn't 0x2).
| NCSD header magic is not "NCSD", or NCSD header RSA verification failed.
|-
| 0xDF(-33)
| Failed to read FIRM header from device.
|-
| 0xDE(-34)
| FIRM header magic is not "FIRM", or FIRM header RSA verification failed.
|-
| 0xCF(-49)
| FIRM section loading failed for any of these reasons:
* FIRM section load address blacklist got tripped
* Failed to read FIRM section data into memory
* FIRM section hash verification failed
|}
|}


Line 332: Line 416:
| <tt>00F800FF F8F8FFFF FFFFFFFF 00000000 00000000</tt>
| <tt>00F800FF F8F8FFFF FFFFFFFF 00000000 00000000</tt>
| Both the firm0 and firm1 partitions are corrupt (failed signature checks).
| Both the firm0 and firm1 partitions are corrupt (failed signature checks).
|-
| <tt>00F800FF DEDEFFFF FFFFFFFF 00000000 00000000</tt>
| Both the firm0 and firm1 partitions are corrupt (possibly related to certain flags missing?)
|-
| <tt>00F800FF CFCFFFFF FFFFFFFF 00000000 00000000</tt>
| Both the firm0 and firm1 partitions are corrupt
|-
|-
| <tt>00F800EE FFFFFFFF FFFFFFFF 00000000 00000000</tt>
| <tt>00F800EE FFFFFFFF FFFFFFFF 00000000 00000000</tt>
| [[NCSD]] header in sector 0 is corrupt (failed signature check).
| [[NCSD]] header in sector 0 is corrupt (failed signature check).
|}
|}
== Hardware Failure indications ==
When a hardware failure is detected, a LED indicator is shown.
If you replace a Nintendo 3ds console's screen with another Nintendo 3ds model's screen, the console powers on, the screens stays black, but after a minute, the wireless LED blinks four times, stays on for a second, then powers off. The blue led stays on, though.
We do not have much information about this as usually, when a hardware failure is detected, the console crashes or powers off immediately.


== Tools ==
== Tools ==
* [https://github.com/yellows8/boot9_tools boot9_tools]
* [https://github.com/yellows8/boot9_tools boot9_tools]
Retrieved from "https://www.3dbrew.org/wiki/Bootloader"