CONFIG9 Registers: Difference between revisions

Line 105:

==CFG_SYSPROT9 ==

~~Writing values to SYSPROT sets the specified bitmask. The ARM9 [[Memory_layout|bootrom]](+0x8000) is disabled by writing bit0. bit1~~ is used ~~by NATIVE_FIRM~~ to ~~make sure console~~-~~unique TWL AES-keys are only set at~~ hard~~-boot. It is not possible to set any other bits~~.

CFG_SYSPROT9 is used to permanently disable certain security-sensitive ARM9 memory areas until the next hard reset.

~~From disassembly of~~ the ~~New3DS process9~~, ~~it appears~~ that ~~setting bit1 disables~~ the ~~0x10012000+ region~~.

{| class="wikitable" border="1"

! Bit

! Description

|-

| 0

| Disables ARM9 [[Memory_layout|bootrom]](+0x8000) when set to 1. Cannot be cleared to 0 once set to 1.

|-

| 1

| Disables [[OTP_Registers|OTP area]] when set to 1. Cannot be cleared to 0 once set to 1.

|}

On Old 3DS, NATIVE_FIRM reads CFG_SYSPROT9 to know whether it has previously initialized the TWL console-unique keys using the OTP data. After setting the TWL console-unique keys, NATIVE_FIRM sets CFG_SYSPROT9 bit 1 to disable the OTP area. In subsequent FIRM launches prior to the next reset, NATIVE_FIRM will see that the OTP area is disabled, and skip this step.

On New 3DS, the above is instead done by the [[FIRM#New_3DS_FIRM|Kernel9 loader]]. In addition to using the OTP data for initializing the TWL console-unique keys, the Kernel9 loader will generate the decryption key for NATIVE_FIRM. The final keyslot for NATIVE_FIRM is preserved, so that at a non-reset FIRM launch, the keyslot can be reused, since the OTP would then be inaccessible.

It is not possible to set any other bits.

== CFG_SYSPROT11 ==

@@ Line 105: / Line 105: @@
 ==CFG_SYSPROT9 ==
-Writing values to SYSPROT sets the specified bitmask. The ARM9 [[Memory_layout|bootrom]](+0x8000) is disabled by writing bit0. bit1 is used by NATIVE_FIRM to make sure console-unique TWL AES-keys are only set at hard-boot. It is not possible to set any other bits.
+CFG_SYSPROT9 is used to permanently disable certain security-sensitive ARM9 memory areas until the next hard reset.
-From disassembly of the New3DS process9, it appears that setting bit1 disables the 0x10012000+ region.
+{| class="wikitable" border="1"
+!  Bit
+!  Description
+|-
+| 0
+| Disables ARM9 [[Memory_layout|bootrom]](+0x8000) when set to 1.  Cannot be cleared to 0 once set to 1.
+|-
+| 1
+| Disables [[OTP_Registers|OTP area]] when set to 1.  Cannot be cleared to 0 once set to 1.
+|}
+On Old 3DS, NATIVE_FIRM reads CFG_SYSPROT9 to know whether it has previously initialized the TWL console-unique keys using the OTP data.  After setting the TWL console-unique keys, NATIVE_FIRM sets CFG_SYSPROT9 bit 1 to disable the OTP area.  In subsequent FIRM launches prior to the next reset, NATIVE_FIRM will see that the OTP area is disabled, and skip this step.
+On New 3DS, the above is instead done by the [[FIRM#New_3DS_FIRM|Kernel9 loader]].  In addition to using the OTP data for initializing the TWL console-unique keys, the Kernel9 loader will generate the decryption key for NATIVE_FIRM.  The final keyslot for NATIVE_FIRM is preserved, so that at a non-reset FIRM launch, the keyslot can be reused, since the OTP would then be inaccessible.
+It is not possible to set any other bits.
 == CFG_SYSPROT11 ==