Memory layout: Difference between revisions

Line 471:

| 0x3F00

| 0x100

| This is the RSA-2048 ~~modulo~~ for [[RSA_Registers|RSA]]-engine slot2.

| This is the RSA-2048 modulus for [[RSA_Registers|RSA]]-engine slot2.

|-

| 0x01FFC000

Line 477:

| 0x4000

| 0x100

| This is the RSA-2048 ~~modulo~~ for RSA-engine slot3.

| This is the RSA-2048 modulus for RSA-engine slot3.

|-

| 0x01FFC100

Line 483:

| 0x4100

| 0x800

| These are RSA-2048 keys: 4 slots, each slot is 0x200-bytes. Slot+0 is the ~~modulo~~, slot+0x100 is the private-exponent. This can be confirmed by RSA-decrypting a message into a signature, then RSA-encrypting the signature back into a message, and comparing the original message with the output from the last operation.

| These are RSA-2048 keys: 4 slots, each slot is 0x200-bytes. Slot+0 is the modulus, slot+0x100 is the private exponent. This can be confirmed by RSA-decrypting a message into a signature, then RSA-encrypting the signature back into a message, and comparing the original message with the output from the last operation.

[[FIRM]] doesn't seem to ever use these. None of these are related to RSA-keyslot0 used for v6.0/v7.0 key generation. These modulus are separate from all other modulus used elsewhere.

Line 492:

| 0x400

| The unprotected ARM9-bootrom copies data to 0x07FFC900(mirror of 0x01FFC900) size 0x400. This data is copied from AXI WRAM, initialized by ARM11-bootrom(the addr used for the src is determined by [[CONFIG_Registers|REG_UNITINFO]]). These are RSA modulus: retailsrcptr = 0x1FFFD000, devsrvptr = 0x1FFFD400.

* The first 0x100-bytes here is the RSA-2048 ~~modulo~~ for the CFA NCCH header, and for the gamecard NCSD header.

* The first 0x100-bytes here is the RSA-2048 modulus for the CFA NCCH header, and for the gamecard NCSD header.

* 0x01FFCA00 is the RSA-2048 ~~modulo~~ for the CXI accessdesc signature, written to rsaengine keyslot1 by NATIVE_FIRM.

* 0x01FFCA00 is the RSA-2048 modulus for the CXI accessdesc signature, written to rsaengine keyslot1 by NATIVE_FIRM.

* 0x01FFCB00 size 0x200 is unknown, probably RSA related, these aren't used by [[FIRM]](these are not console-unique).

|-

Line 971:

| 0x27D00000

|

| The data located here is copied to here by the ARM11 process. The data located here is a TWL NAND [http://dsibrew.org/wiki/Bootloader bootloader] image, using the same format+encryption/verification methods as the DSi NAND bootloader(stage2). The keyX for this bootloader keyslot is initially set to the retail DSi key-data, however when TWL_FIRM is launched this keyX key-data is replaced with a separate keyX. TWL_FIRM can use either the retail DSi bootloader RSA-1024 ~~modulo~~, or a seperate ~~modulo~~: normally only the latter is used(the former is only used when loading the image from FS instead of FCRAM). When using the image from FCRAM(default code-path), TWL_FIRM will not calculate+check the hashes for the bootloader code binaries(this is done when loading from FS however).

| The data located here is copied to here by the ARM11 process. The data located here is a TWL NAND [http://dsibrew.org/wiki/Bootloader bootloader] image, using the same format+encryption/verification methods as the DSi NAND bootloader(stage2). The keyX for this bootloader keyslot is initially set to the retail DSi key-data, however when TWL_FIRM is launched this keyX key-data is replaced with a separate keyX. TWL_FIRM can use either the retail DSi bootloader RSA-1024 modulus, or a seperate modulus: normally only the latter is used(the former is only used when loading the image from FS instead of FCRAM). When using the image from FCRAM(default code-path), TWL_FIRM will not calculate+check the hashes for the bootloader code binaries(this is done when loading from FS however).

|-

| 0x0FDF7000

@@ Line 471: / Line 471: @@
 | 0x3F00
 | 0x100
-| This is the RSA-2048 modulo for [[RSA_Registers|RSA]]-engine slot2.
+| This is the RSA-2048 modulus for [[RSA_Registers|RSA]]-engine slot2.
 |-
 | 0x01FFC000
@@ Line 477: / Line 477: @@
 | 0x4000
 | 0x100
-| This is the RSA-2048 modulo for RSA-engine slot3.
+| This is the RSA-2048 modulus for RSA-engine slot3.
 |-
 | 0x01FFC100
@@ Line 483: / Line 483: @@
 | 0x4100
 | 0x800
-| These are RSA-2048 keys: 4 slots, each slot is 0x200-bytes. Slot+0 is the modulo, slot+0x100 is the private-exponent. This can be confirmed by RSA-decrypting a message into a signature, then RSA-encrypting the signature back into a message, and comparing the original message with the output from the last operation.
+| These are RSA-2048 keys: 4 slots, each slot is 0x200-bytes. Slot+0 is the modulus, slot+0x100 is the private exponent. This can be confirmed by RSA-decrypting a message into a signature, then RSA-encrypting the signature back into a message, and comparing the original message with the output from the last operation.
 [[FIRM]] doesn't seem to ever use these. None of these are related to RSA-keyslot0 used for v6.0/v7.0 key generation. These modulus are separate from all other modulus used elsewhere.
@@ Line 492: / Line 492: @@
 | 0x400
 | The unprotected ARM9-bootrom copies data to 0x07FFC900(mirror of 0x01FFC900) size 0x400. This data is copied from AXI WRAM, initialized by ARM11-bootrom(the addr used for the src is determined by [[CONFIG_Registers|REG_UNITINFO]]). These are RSA modulus: retailsrcptr = 0x1FFFD000, devsrvptr = 0x1FFFD400.
-* The first 0x100-bytes here is the RSA-2048 modulo for the CFA NCCH header, and for the gamecard NCSD header.
+* The first 0x100-bytes here is the RSA-2048 modulus for the CFA NCCH header, and for the gamecard NCSD header.
-* 0x01FFCA00 is the RSA-2048 modulo for the CXI accessdesc signature, written to rsaengine keyslot1 by NATIVE_FIRM.
+* 0x01FFCA00 is the RSA-2048 modulus for the CXI accessdesc signature, written to rsaengine keyslot1 by NATIVE_FIRM.
 * 0x01FFCB00 size 0x200 is unknown, probably RSA related, these aren't used by [[FIRM]](these are not console-unique).
 |-
@@ Line 971: / Line 971: @@
 | 0x27D00000
 |
-| The data located here is copied to here by the ARM11 process. The data located here is a TWL NAND [http://dsibrew.org/wiki/Bootloader bootloader] image, using the same format+encryption/verification methods as the DSi NAND bootloader(stage2). The keyX for this bootloader keyslot is initially set to the retail DSi key-data, however when TWL_FIRM is launched this keyX key-data is replaced with a separate keyX. TWL_FIRM can use either the retail DSi bootloader RSA-1024 modulo, or a seperate modulo: normally only the latter is used(the former is only used when loading the image from FS instead of FCRAM). When using the image from FCRAM(default code-path), TWL_FIRM will not calculate+check the hashes for the bootloader code binaries(this is done when loading from FS however).
+| The data located here is copied to here by the ARM11 process. The data located here is a TWL NAND [http://dsibrew.org/wiki/Bootloader bootloader] image, using the same format+encryption/verification methods as the DSi NAND bootloader(stage2). The keyX for this bootloader keyslot is initially set to the retail DSi key-data, however when TWL_FIRM is launched this keyX key-data is replaced with a separate keyX. TWL_FIRM can use either the retail DSi bootloader RSA-1024 modulus, or a seperate modulus: normally only the latter is used(the former is only used when loading the image from FS instead of FCRAM). When using the image from FCRAM(default code-path), TWL_FIRM will not calculate+check the hashes for the bootloader code binaries(this is done when loading from FS however).
 |-
 | 0x0FDF7000