3dbrew

Changes

Bootloader (edit)

Revision as of 20:28, 26 January 2017

1,015 bytes added ,  20:28, 26 January 2017
→‎Boot Procedure
Line 118: Line 118:  
This memory is used by boot9 mainly for sending info to the arm11 for the error-screen. The data in this region is still stored in memory by the time the ARM9+ARM11 jumps to FIRM.
 
This memory is used by boot9 mainly for sending info to the arm11 for the error-screen. The data in this region is still stored in memory by the time the ARM9+ARM11 jumps to FIRM.
    +
Among boot9/boot11, the 3 words at 0x1FFFE000 seem to be ''only'' accessed by the boot11 function initializing those words.
 +
 +
* u32 0x1FFFE000+0: ARM11 MPCore "Cycle Counter Register (CCNT)".
 +
* u32 0x1FFFE000+4: ARM11 MPCore "Count Register 0 (PMN0)".
 +
* u32 0x1FFFE000+8: ARM11 MPCore "Count Register 1 (PMN0)".
 
* 8bit-entry-array 0x1FFFE000+0xC: 8bit status-codes initialized by boot9 main(), for the FIRM-boot devices. +0 is NAND and +2 is wifi-spiflash.
 
* 8bit-entry-array 0x1FFFE000+0xC: 8bit status-codes initialized by boot9 main(), for the FIRM-boot devices. +0 is NAND and +2 is wifi-spiflash.
 
* ...
 
* ...
Line 130: Line 135:  
| 0x00
 
| 0x00
 
| Success
 
| Success
 +
|-
 +
| 0xEE(~17)
 +
| NCSD header validation function failed: NCSD magicnum is invalid or RSA verification failed.
 +
|-
 +
| 0xDE(~33)
 +
| FIRM header validation function failed: FIRM magicnum is invalid or RSA verification failed.
 
|-
 
|-
 
| 0xDF(~32)
 
| 0xDF(~32)
Line 216: Line 227:  
   FIRMLOAD_EXIT:
 
   FIRMLOAD_EXIT:
 
   Here firmboot() is called, which should never return. The instruction after this bl is a call for panic().
 
   Here firmboot() is called, which should never return. The instruction after this bl is a call for panic().
 +
 +
== Boot11 ==
 +
 +
* ...
 +
 +
main():
 +
  LT_1263c();
 +
  ...
 +
  LT_13944()
 +
  ...
 +
  pxi_init();
 +
  initializefuncptr_firmboot_start(firmbootbegin_funcptr);
 +
  firmboot();
 +
  return;
 +
 +
LT_12220/initializefuncptr_firmboot_start
 +
  inr0=funcptr
 +
  This writes inr0 to address 0x1ffe8028, then returns.
 +
  This initializes the funcptr which firmboot() can call after the very first func-call.
 +
 +
LT_13944
 +
  if([[I2C_Registers|i2cmcu_readregf]](sp+0)==0)
 +
  {
 +
  return (*((u8*)0x10147000) >> 4) & 1;//Reads [[GPIO_Registers|GPIO]] when reading I2C fails.
 +
  }
 +
  Here it basically does "return <byte loaded from sp+0> ^ 0x2". Hence in this case, it will return 0x2 when the system shell is closed(sleep-mode), otherwise 0x0 is returned.
 +
 +
LT_12454/firmboot
 +
  This is the arm11 version of the boot9 firmboot() function, like boot9 this is the final function called from main(). The functionality for these two functions are identical, minus addresses.
 +
  ptr = firmboot_loadentrypoint11();
 +
  funcptr = *(0x1ffe8028);
 +
  if(funcptr)funcptr(ptr);
 +
  LT_11ffc(ptr);
 +
  return;
    
== Boot Procedure ==
 
== Boot Procedure ==
    
* 0 seconds - unit is powered on. The ARM9 and ARM11 [[Memory_layout|bootroms]] begin execution.
 
* 0 seconds - unit is powered on. The ARM9 and ARM11 [[Memory_layout|bootroms]] begin execution.
 
+
* <= ~1 second - BootROMs fully run, load FIRM, etc. The loaded FIRM begins running.
* 2 seconds - ARM9 bootrom attempts to initialize the NAND.
+
**The ARM11 sysmodules included with FIRM are launched by ARM11-kernel, etc.
**If the NAND is successfully initialized:
+
**The [[Process_Manager_Services|PM]] module launches [[NS]].
***the ARM9 bootrom loads the [[FIRM|firmware]] stored in the NAND [[FIRM]] partition which handles booting the rest of the system (if verification for NAND firm0 fails, the ARM9 bootrom will attempt to use firm1 instead).
  −
***The ARM11 kernel loaded from FIRM then launches the [[NCCH#CXI|CXI]] ARM11 system modules loaded from FIRM (i.e. sm, fs, pm, loader, and pxi). (Note that the ARM11 kernel does not handle any encryption/RSA verification, this is handled by the [[FIRM|ARM9]].)
  −
**If the NAND cannot be initialized (i.e. the NAND chip is not connected/damaged/etc), a [[Bootloader#Error_Codes|blue error screen]] appears.
  −
 
  −
* 3 seconds - all essential hardware is active.
  −
**The [[Process_Manager_Services|PM]] module launches [[NS]]
   
**If [[Home_Menu#Auto-Boot_Function|auto-booting]] is needed, NS will [[NS#Auto-boot|auto-boot]] titles.
 
**If [[Home_Menu#Auto-Boot_Function|auto-booting]] is needed, NS will [[NS#Auto-boot|auto-boot]] titles.
 
**Otherwise, NS will instead launch [[ErrDisp]] and the [[Configuration Memory#ACTIVEMENUTID|current active menu]] via the PM module. For retail units, this menu is usually the [[Home Menu]]. Note that the PM module first launches the module dependencies when launching a process, prior to actually launching the process.
 
**Otherwise, NS will instead launch [[ErrDisp]] and the [[Configuration Memory#ACTIVEMENUTID|current active menu]] via the PM module. For retail units, this menu is usually the [[Home Menu]]. Note that the PM module first launches the module dependencies when launching a process, prior to actually launching the process.
**The further Home Menu startup process is described [[Home_Menu#Home_Menu_startup|here]].
+
**The further Home Menu startup process is described [[Home_Menu#Home_Menu_startup|here]]. This includes Home Menu manually launching various sysmodules.
    
* 4 seconds - the LCD screens are initialized.
 
* 4 seconds - the LCD screens are initialized.
Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/19301...19413"