Changes

By default encrypted regions are compressed with an LZ77 variant, then encrypted. The spec allows for both unencrypted and uncompressed regions to exist. Development units use a fixed system key for system titles. On retail part of the input [[AES]] engine key is unique per NCCH, the AES engine internally generates the final-normal key.

By default encrypted regions are compressed with an LZ77 variant, then encrypted. The spec allows for both unencrypted and uncompressed regions to exist. Development units use a fixed system key for system titles. On retail part of the input [[AES]] engine key is unique per NCCH, the AES engine internally generates the final-normal key.

As of [[7.0.0-13]] the system now supports a new encryption method for the secure-cryptotype, the CTR for this is the same as before. This is enabled when NCCH flag[3] is non-zero. When enabled, the [[RomFS]] and [[ExeFS]] files which don't have filenames "icon" or "banner"(that is, ".code") are crypted with a different keyslot. This keyslot is [[Savegames|initialized]] by the 6.0 gamecard savegame keyY init function during boot.

As of [[7.0.0-13]] the system now supports a new encryption method for the secure-cryptotype, the CTR for this is the same as before. This is enabled when NCCH flag[3] is non-zero. When enabled, the [[RomFS]] and [[ExeFS]] files which don't have filenames "icon" or "banner"(that is, ".code") are crypted with a different keyslot. This keyslot is [[Savegames|initialized]] by the 6.0 gamecard savegame keyY init function during boot, using a different portion of the [[Savegames|final]] hash(this keyslot is separate from the one used for the 6.0 save crypto).

On retail for SD applications, exheader_systeminfoflags.flag bit1 must be set.

On retail for SD applications, exheader_systeminfoflags.flag bit1 must be set.