Changes

Memory layout (edit)

Revision as of 02:47, 9 May 2020

641 bytes added , 02:47, 9 May 2020

Dev2 →‎FCRAM memory-regions layout

Line 38: Line 38:

| 0x18000000

| 0x00600000

−

| VRAM (divided in two ~~banks,~~ VRAM and ~~VRAMB~~)

+

| VRAM (divided in two areas VRAM A and B, four banks in total)

|-

| style="background: red" | No

Line 80: Line 80:

* Writes value <code>0xFFFF</code> to 32-bit register <code>0x17E10000</code>+<code>0x77C</code>.

* Waits for bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x730</code> to become clear.

−

* Writes value <code>0x0<code> to 32-bit register <code>0x17E10000</code>+<code>0x0</code>.

+

* Writes value <code>0x0</code> to 32-bit register <code>0x17E10000</code>+<code>0x0</code>.

* Clears bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x100</code>.

Line 152: Line 152:

| 0xFFF00000

| 0x00004000

−

| Data TCM (Mapped during bootrom)

+

| Data TCM (Mapped during bootrom). Enabled at the time Boot9 jumps to FIRM, however Kernel9+arm9loader disables it.

|-

| style="background: green" | Yes

Line 366: Line 366:

| RO

|}

+

===[[Bootloader|Boot9]]===

+

{| class="wikitable" border="1"

+

|-

+

! Region

+

! Address

+

! Size

+

! Privileged-mode data permissions

+

! User-mode data permissions

+

! Privileged-mode instruction permissions

+

! User-mode instruction permissions

+

|-

+

| 0

+

| 0x20000000

+

| 0x08000000

+

| None

+

| None

+

| None

+

| None

+

|-

+

| 1

+

| 0x10000000

+

| 0x10000000

+

| RW

+

| RW

+

| None

+

| None

+

|-

+

| 2

+

| 0x08000000

+

| 0x00100000

+

| RW

+

| RW

+

| None

+

| None

+

|-

+

| 3

+

| 0x08000000

+

| 0x00000400

+

| RW

+

| RW

+

| RO

+

| RO

+

|-

+

| 4

+

| 0xFFF00000

+

| 0x00004000

+

| RW

+

| RW

+

| None

+

| None

+

|-

+

| 5

+

| 0x07FF8000

+

| 0x00008000

+

| RW

+

| RW

+

| RO

+

| RO

+

|-

+

| 6

+

| 0xFFFF0000

+

| 0x00010000

+

| RO

+

| RO

+

| RO

+

| RO

+

|-

+

| 7

+

| 0x1FFFE000

+

| 0x00000800

+

| RW

+

| RW

+

| None

+

| None

+

|}

+

* Instruction cachable bits = 0x40(only enabled for region6).

+

* Data cachable bits = 0x44(only enabled for region2 and region6).

+

* Data bufferable bits = 0x44(only enabled for region2 and region6).

+

These are the same for both Old3DS/New3DS.

==ARM9 ITCM==

Line 391: Line 473:

|

| 0x3800

−

| ~~0x4~~

+

| 0x100

−

~~| This is always 0xDEADB00F.~~

+

| This is the first 0x90 bytes of [[OTP_Registers#Plaintext_OTP|plaintext OTP]] when OTP hash verification is successful. The remaining 0x70 bytes are cleared.

−

|-

−

~~| 0x01FFB804~~

−

|

−

~~| 0x3804~~

−

~~| 0x4~~

−

~~| This is the u32 DeviceId.~~

−

|-

−

~~| 0x01FFB808~~

−

|

−

~~| 0x3808~~

−

~~| 0x10~~

−

| This is the fall-back keyY used for movable.sed keyY when movable.sed doesn't exist in NAND(the last two words here are used on retail for generating console-unique TWL keydata/etc). This is also used for "LocalFriendCodeSeed", etc.

−

|-

−

~~| 0x01FFB818~~

−

|

−

~~| 0x3818~~

−

~~| 0x1~~

−

~~| ?~~

−

|-

−

~~| 0x01FFB819~~

−

|

−

~~| 0x3819~~

−

~~| 0x1~~

−

| This is the [[~~CTCert~~]] ~~issuer type: 0 = retail "Nintendo CA - G3_NintendoCTR2prod", non-zero = dev "Nintendo CA - G3_NintendoCTR2dev".~~

−

|-

−

~~| 0x01FFB81A~~

−

|

−

~~| 0x381A~~

−

~~| 0x6~~

−

~~| ?~~

−

|-

−

~~| 0x01FFB820~~

−

|

−

~~| 0x3820~~

−

~~| 0x4~~

−

~~| This is the CTCert ECDSA exponent, this is byte-swapped~~ when *((u8*)(0x01FFB800+0x18)) is ~~>=5~~.

−

|-

−

~~| 0x01FFB824~~

−

|

−

~~| 0x3824~~

−

~~| 0x2~~

−

~~| ?~~

−

|-

−

~~| 0x01FFB826~~

−

|

−

~~| 0x3826~~

−

~~| 0x1E~~

−

~~| This is the CTCert ECDSA privk.~~

−

|-

−

~~| 0x01FFB844~~

−

|

−

~~| 0x3844~~

−

~~| 0x3C~~

−

~~| This is the CTCert ECDSA signature~~.

|-

| 0x01FFB880

|

−

| ~~0x3880~~

+

| 0x3890

−

| ~~0x80~~

+

| 0x70

−

| This is all-~~zero~~.

+

| This is all zeros; boot ROM does not reveal the console-specific keys or the OTP hash in ITCM.

|-

| 0x01FFB900

Line 464: Line 492:

| 0x3B00

| 0x200

−

| This is the 0x200-bytes from the plaintext ~~NAND firm partition~~ FIRM header, ~~read by bootrom~~.

+

| This is the 0x200-bytes from the plaintext FIRM header for the FIRM which was loaded by [[Bootloader|Boot9]]. This is the only location Boot9 uses for storing the loaded FIRM headers internally, it's not stored anywhere else.

|-

| 0x01FFBD00

Line 553: Line 581:

| 0xB90

| Uninitialized memory.

−

0x01FFFC00 ~~size~~ 0x100~~-bytes starting~~ with [[9.5.0-22|9.5.0-X]] is the FIRM header used during FIRM-launching.

+

|-

+

| 0x01FFFC00

+

|

+

| 0x7C00

+

| 0x100

+

| Starting with [[9.5.0-22|9.5.0-X]] is the FIRM header used during FIRM-launching.

|}

Line 573: Line 606:

* [[Virtual address mapping New3DS v9.0]]

* [[Virtual address mapping New3DS v9.2]]

+

* [[Virtual address mapping New3DS v11.1]]

=ARM11 Detailed physical memory map=

Line 604: Line 638:

FCRAM is partitioned into three regions of memory (APPLICATION, SYSTEM, and BASE). Most applications can only allocate memory from one of these regions (which is encoded in the [[NCCH/Extended_Header#ARM11_Kernel_Flags|process kernel flags]]). There is a fixed set of possible size of each memory region, determined by the APPMEMTYPE value in [[Configuration_Memory#APPMEMTYPE|configuration memory]] (which in turn is set up according to the [[FIRM#FIRM_Launch_Parameters|firmware launch parameters]]).

−

Support for APPMEMTYPEs 6 and 7 was implemented in [[NS]] with [[8.0.0-18]]. These configurations are only supported in the [[New_3DS]] ARM11-kernel, and are in fact the only ones supported there at all. Applications only get access to the larger memory regions when this is specified in their [[NCCH/Extended Header#New3DS System Mode|extended header]].

+

Support for APPMEMTYPEs 6 and 7 (and 8?) was implemented in [[NS]] with [[8.0.0-18]]. These configurations are only supported in the [[New_3DS]] ARM11-kernel, and are in fact the only ones supported there at all. Applications only get access to the larger memory regions when this is specified in their [[NCCH/Extended Header#New3DS System Mode|extended header]].

{| class="wikitable" border="1"

Line 655: Line 689:

| 0x01400000

|-

−

| 6 (~~This~~ is the default on New3DS. With [[New_3DS]] kernel this is the type used when the value is ~~not~~ 7)

+

| 6 and 8 (6 is the default on New3DS. With [[New_3DS]] kernel this is the type used when the value is neither 7 nor 8)

| 0x0

| 0x07C00000(124MB)

Line 977: Line 1,011:

0xFFFF9004 Pointer to the current KProcess instance

0xFFFF9008 Pointer to the current KScheduler instance

+

0xFFFF900C Pointer to the current KSchedulableInterruptEventLinkedList instance

0xFFFF9010 Pointer to the last KThread to encounter an exception

TuxSH

516

edits