516
edits
Changes
Jump to navigation
Jump to search
Line 38:
Line 38: − + Line 80:
Line 80: − + Line 152:
Line 152: − + Line 366:
Line 366: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 391:
Line 473: − + − | This is always 0xDEADB00F.+ − |- − | 0x01FFB804 − | − | 0x3804 − | 0x4 − | This is the u32 DeviceId. − |- − | 0x01FFB808 − | − | 0x3808 − | 0x10 − | This is the fall-back keyY used for movable.sed keyY when movable.sed doesn't exist in NAND(the last two words here are used on retail for generating console-unique TWL keydata/etc). This is also used for "LocalFriendCodeSeed", etc. − |- − | 0x01FFB818 − | − | 0x3818 − | 0x1 − | ? − |- − | 0x01FFB819 − | − | 0x3819 − | 0x1 − − |- − | 0x01FFB81A − | − | 0x381A − | 0x6 − | ? − |- − | 0x01FFB820 − | − | 0x3820 − | 0x4 − | This is the CTCert ECDSA exponent, this is byte-swapped when *((u8*)(0x01FFB800+0x18)) is >=5. − |- − | 0x01FFB824 − | − | 0x3824 − | 0x2 − | ? − |- − | 0x01FFB826 − | − | 0x3826 − | 0x1E − | This is the CTCert ECDSA privk. − |- − | 0x01FFB844 − | − | 0x3844 − | 0x3C − | This is the CTCert ECDSA signature. − + − + − + Line 464:
Line 492: − + Line 553:
Line 581: − + + + + + + Line 573:
Line 606: + Line 604:
Line 638: − + Line 655:
Line 689: − + Line 977:
Line 1,011: +
Dev2 →FCRAM memory-regions layout
| 0x18000000
| 0x18000000
| 0x00600000
| 0x00600000
| VRAM (divided in two banks, VRAM and VRAMB)
| VRAM (divided in two areas VRAM A and B, four banks in total)
|-
|-
| style="background: red" | No
| style="background: red" | No
* Writes value <code>0xFFFF</code> to 32-bit register <code>0x17E10000</code>+<code>0x77C</code>.
* Writes value <code>0xFFFF</code> to 32-bit register <code>0x17E10000</code>+<code>0x77C</code>.
* Waits for bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x730</code> to become clear.
* Waits for bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x730</code> to become clear.
* Writes value <code>0x0<code> to 32-bit register <code>0x17E10000</code>+<code>0x0</code>.
* Writes value <code>0x0</code> to 32-bit register <code>0x17E10000</code>+<code>0x0</code>.
* Clears bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x100</code>.
* Clears bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x100</code>.
| 0xFFF00000
| 0xFFF00000
| 0x00004000
| 0x00004000
| Data TCM (Mapped during bootrom)
| Data TCM (Mapped during bootrom). Enabled at the time Boot9 jumps to FIRM, however Kernel9+arm9loader disables it.
|-
|-
| style="background: green" | Yes
| style="background: green" | Yes
| RO
| RO
|}
|}
===[[Bootloader|Boot9]]===
{| class="wikitable" border="1"
|-
! Region
! Address
! Size
! Privileged-mode data permissions
! User-mode data permissions
! Privileged-mode instruction permissions
! User-mode instruction permissions
|-
| 0
| 0x20000000
| 0x08000000
| None
| None
| None
| None
|-
| 1
| 0x10000000
| 0x10000000
| RW
| RW
| None
| None
|-
| 2
| 0x08000000
| 0x00100000
| RW
| RW
| None
| None
|-
| 3
| 0x08000000
| 0x00000400
| RW
| RW
| RO
| RO
|-
| 4
| 0xFFF00000
| 0x00004000
| RW
| RW
| None
| None
|-
| 5
| 0x07FF8000
| 0x00008000
| RW
| RW
| RO
| RO
|-
| 6
| 0xFFFF0000
| 0x00010000
| RO
| RO
| RO
| RO
|-
| 7
| 0x1FFFE000
| 0x00000800
| RW
| RW
| None
| None
|}
* Instruction cachable bits = 0x40(only enabled for region6).
* Data cachable bits = 0x44(only enabled for region2 and region6).
* Data bufferable bits = 0x44(only enabled for region2 and region6).
These are the same for both Old3DS/New3DS.
==ARM9 ITCM==
==ARM9 ITCM==
|
|
| 0x3800
| 0x3800
| 0x4
| 0x100
| This is the first 0x90 bytes of [[OTP_Registers#Plaintext_OTP|plaintext OTP]] when OTP hash verification is successful. The remaining 0x70 bytes are cleared.
| This is the [[CTCert]] issuer type: 0 = retail "Nintendo CA - G3_NintendoCTR2prod", non-zero = dev "Nintendo CA - G3_NintendoCTR2dev".
|-
|-
| 0x01FFB880
| 0x01FFB880
|
|
| 0x3880
| 0x3890
| 0x80
| 0x70
| This is all-zero.
| This is all zeros; boot ROM does not reveal the console-specific keys or the OTP hash in ITCM.
|-
|-
| 0x01FFB900
| 0x01FFB900
| 0x3B00
| 0x3B00
| 0x200
| 0x200
| This is the 0x200-bytes from the plaintext NAND firm partition FIRM header, read by bootrom.
| This is the 0x200-bytes from the plaintext FIRM header for the FIRM which was loaded by [[Bootloader|Boot9]]. This is the only location Boot9 uses for storing the loaded FIRM headers internally, it's not stored anywhere else.
|-
|-
| 0x01FFBD00
| 0x01FFBD00
| 0xB90
| 0xB90
| Uninitialized memory.
| Uninitialized memory.
0x01FFFC00 size 0x100-bytes starting with [[9.5.0-22|9.5.0-X]] is the FIRM header used during FIRM-launching.
|-
| 0x01FFFC00
|
| 0x7C00
| 0x100
| Starting with [[9.5.0-22|9.5.0-X]] is the FIRM header used during FIRM-launching.
|}
|}
* [[Virtual address mapping New3DS v9.0]]
* [[Virtual address mapping New3DS v9.0]]
* [[Virtual address mapping New3DS v9.2]]
* [[Virtual address mapping New3DS v9.2]]
* [[Virtual address mapping New3DS v11.1]]
=ARM11 Detailed physical memory map=
=ARM11 Detailed physical memory map=
FCRAM is partitioned into three regions of memory (APPLICATION, SYSTEM, and BASE). Most applications can only allocate memory from one of these regions (which is encoded in the [[NCCH/Extended_Header#ARM11_Kernel_Flags|process kernel flags]]). There is a fixed set of possible size of each memory region, determined by the APPMEMTYPE value in [[Configuration_Memory#APPMEMTYPE|configuration memory]] (which in turn is set up according to the [[FIRM#FIRM_Launch_Parameters|firmware launch parameters]]).
FCRAM is partitioned into three regions of memory (APPLICATION, SYSTEM, and BASE). Most applications can only allocate memory from one of these regions (which is encoded in the [[NCCH/Extended_Header#ARM11_Kernel_Flags|process kernel flags]]). There is a fixed set of possible size of each memory region, determined by the APPMEMTYPE value in [[Configuration_Memory#APPMEMTYPE|configuration memory]] (which in turn is set up according to the [[FIRM#FIRM_Launch_Parameters|firmware launch parameters]]).
Support for APPMEMTYPEs 6 and 7 was implemented in [[NS]] with [[8.0.0-18]]. These configurations are only supported in the [[New_3DS]] ARM11-kernel, and are in fact the only ones supported there at all. Applications only get access to the larger memory regions when this is specified in their [[NCCH/Extended Header#New3DS System Mode|extended header]].
Support for APPMEMTYPEs 6 and 7 (and 8?) was implemented in [[NS]] with [[8.0.0-18]]. These configurations are only supported in the [[New_3DS]] ARM11-kernel, and are in fact the only ones supported there at all. Applications only get access to the larger memory regions when this is specified in their [[NCCH/Extended Header#New3DS System Mode|extended header]].
{| class="wikitable" border="1"
{| class="wikitable" border="1"
| 0x01400000
| 0x01400000
|-
|-
| 6 (This is the default on New3DS. With [[New_3DS]] kernel this is the type used when the value is not 7)
| 6 and 8 (6 is the default on New3DS. With [[New_3DS]] kernel this is the type used when the value is neither 7 nor 8)
| 0x0
| 0x0
| 0x07C00000(124MB)
| 0x07C00000(124MB)
0xFFFF9004 Pointer to the current KProcess instance
0xFFFF9004 Pointer to the current KProcess instance
0xFFFF9008 Pointer to the current KScheduler instance
0xFFFF9008 Pointer to the current KScheduler instance
0xFFFF900C Pointer to the current KSchedulableInterruptEventLinkedList instance
0xFFFF9010 Pointer to the last KThread to encounter an exception
0xFFFF9010 Pointer to the last KThread to encounter an exception