Move loader to itcm, use unprot boot9 code for caches, use 4 bytes inside the payload for the magic

2025-06-26 13:42:45 +00:00 · 2016-10-30 22:40:47 +01:00 · 2016-10-30 22:40:47 +01:00 · 4a3a351301
commit 4a3a351301
parent 5ded6aa619
8 changed files with 26 additions and 99 deletions
--- a/loader/linker.ld
+++ b/loader/linker.ld
@ -1,7 +1,7 @@
 ENTRY(_start)
 SECTIONS
 {
-    . = 0x80F0000;
+    . = 0x1FF8000;
    .text.start : { *(.text.start) }
    .text : { *(.text) }
    .data : { *(.data) }
--- a/loader/source/cache.h
+++ b/loader/source/cache.h
@ -1,27 +0,0 @@
-/*
-*   This file is part of Luma3DS
-*   Copyright (C) 2016 Aurora Wright, TuxSH
-*
-*   This program is free software: you can redistribute it and/or modify
-*   it under the terms of the GNU General Public License as published by
-*   the Free Software Foundation, either version 3 of the License, or
-*   (at your option) any later version.
-*
-*   This program is distributed in the hope that it will be useful,
-*   but WITHOUT ANY WARRANTY; without even the implied warranty of
-*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-*   GNU General Public License for more details.
-*
-*   You should have received a copy of the GNU General Public License
-*   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*
-*   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
-*   reasonable legal notices or author attributions in that material or in the Appropriate Legal
-*   Notices displayed by works containing it.
-*/
-
-#pragma once
-
-#include "types.h"
-
-void flushCaches(void);
--- a/loader/source/cache.s
+++ b/loader/source/cache.s
@ -1,54 +0,0 @@
-@   This file is part of Luma3DS
-@   Copyright (C) 2016 Aurora Wright, TuxSH
-@
-@   This program is free software: you can redistribute it and/or modify
-@   it under the terms of the GNU General Public License as published by
-@   the Free Software Foundation, either version 3 of the License, or
-@   (at your option) any later version.
-@
-@   This program is distributed in the hope that it will be useful,
-@   but WITHOUT ANY WARRANTY; without even the implied warranty of
-@   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-@   GNU General Public License for more details.
-@
-@   You should have received a copy of the GNU General Public License
-@   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-@
-@   Additional Terms 7.b of GPLv3 applies to this file: Requiring preservation of specified
-@   reasonable legal notices or author attributions in that material or in the Appropriate Legal
-@   Notices displayed by works containing it.
-
-.text
-.arm
-.align 4
-
-.global flushCaches
-.type flushCaches, %function
-flushCaches:
-    @ Clean and flush data cache
-    @ Adpated from http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0155a/ch03s03s05.html ,
-    @ and https://github.com/gemarcano/libctr9_io/blob/master/src/ctr_system_ARM.c#L39 as well
-    @ Note: ARM's example is actually for a 8KB DCache (which is what the 3DS has)
-    @ Implemented in bootROM at address 0xffff0830
-
-    mov r1, #0                          @ segment counter
-    outer_loop:
-        mov r0, #0                      @ line counter
-
-        inner_loop:
-            orr r2, r1, r0                  @ generate segment and line address
-            mcr p15, 0, r2, c7, c14, 2      @ clean and flush the line
-            add r0, #0x20                   @ increment to next line
-            cmp r0, #0x400
-            bne inner_loop
-
-        add r1, #0x40000000
-        cmp r1, #0
-        bne outer_loop
-
-    mcr p15, 0, r1, c7, c10, 4              @ drain write buffer
-
-    @ Flush instruction cache
-    mcr p15, 0, r1, c7, c5, 0
-
-    bx lr
--- a/loader/source/main.c
+++ b/loader/source/main.c
@ -20,7 +20,6 @@
 *   Notices displayed by works containing it.
 */

-#include "cache.h"
 #include "memory.h"
 #include "../build/bundled.h"

@ -42,12 +41,12 @@ void main(void)
 {
    ownArm11();

-    vu32 *magic = (vu32 *)0x25000000;
-    magic[0] = 0xABADCAFE;
-    magic[1] = 0xDEADCAFE;
+    vu32 *payloadAddress = (vu32 *)0x23F00000;
+    payloadAddress[1] = 0xDEADCAFE;

    //Ensure that all memory transfers have completed and that the caches have been flushed
-    flushCaches();
+    ((void (*)())0xFFFF0830)();
+    ((void (*)())0xFFFF0AB4)();

-    ((void (*)())0x23F00000)();
+    ((void (*)())payloadAddress)();
 }
--- a/loader/source/start.s
+++ b/loader/source/start.s
@ -39,9 +39,6 @@ _start:
    bic r0, #(1<<0)            @ - mpu disable
    mcr p15, 0, r0, c1, c0, 0  @ write control register

-    @ Flush caches
-    bl flushCaches
-
    @ Give read/write access to all the memory regions
    ldr r0, =0x3333333
    mcr p15, 0, r0, c5, c0, 2 @ write data access
@ -69,10 +66,14 @@ _start:
    mcr p15, 0, r8, c2, c0, 0   @ Data cacheable 0, 2, 4
    mcr p15, 0, r8, c2, c0, 1   @ Inst cacheable 0, 2, 4

-    @ Enable caches / MPU / ITCM
+    @ Flush caches
+    ldr r0, =0xFFFF0830
+    blx r0
+    ldr r0, =0xFFFF0AB4
+    blx r0
+
+    @ Enable caches / MPU
    mrc p15, 0, r0, c1, c0, 0  @ read control register
-    orr r0, r0, #(1<<18)       @ - ITCM enable
-    orr r0, r0, #(1<<13)       @ - alternate exception vectors enable
    orr r0, r0, #(1<<12)       @ - instruction cache enable
    orr r0, r0, #(1<<2)        @ - data cache enable
    orr r0, r0, #(1<<0)        @ - mpu enable
--- a/source/installer.c
+++ b/source/installer.c
@ -50,8 +50,7 @@ u32 posY;

 void main(void)
 {
-    vu32 *magic = (vu32 *)0x25000000;
-    bool isOtpless = ISA9LH && magic[0] == 0xABADCAFE && magic[1] == 0xDEADCAFE;
+    bool isOtpless = ISA9LH && magic == 0xDEADCAFE;

    initScreens();

@ -71,7 +70,6 @@ void main(void)
    }
    else
    {
-        magic[0] = magic[1] = 0;
        posY = drawString("Finalizing install...", 10, posY + SPACING_Y, COLOR_WHITE);
        pressed = 0;
    }
@ -258,8 +256,10 @@ static inline void installer(bool isOtpless)

    if(!ISA9LH && ISN3DS)
    {
-        *(vu32 *)0x80FD0FC = 0xEAFFCBBF; //B 0x80F0000
-        memcpy((void *)0x80F0000, loader_bin, loader_bin_size);
+        const u8 ldrAndBranch[] = {0x00, 0x00, 0x9F, 0xE5, 0x10, 0xFF, 0x2F, 0xE1, 0x00, 0x80, 0xFF, 0x01};
+
+        memcpy((void *)0x80FD0FC, ldrAndBranch, sizeof(ldrAndBranch));
+        memcpy((void *)0x1FF8000, loader_bin, loader_bin_size);

        writeFirm((u8 *)FIRM0_100_OFFSET, false, FIRM0100_SIZE);

--- a/source/installer.h
+++ b/source/installer.h
@ -23,6 +23,7 @@
 #define MAX_STAGE1_SIZE   0x1E70
 #define MAX_STAGE2_SIZE   0x89A00

+extern u32 magic;
 extern const u8 key2s[5][AES_BLOCK_SIZE];

 static inline void installer(bool isOtpless);
--- a/source/start.s
+++ b/source/start.s
@ -24,6 +24,13 @@
 .align 4
 .global _start
 _start:
+    b start
+
+.global magic
+magic:
+    .word 0
+
+start:
    @ Disable interrupts
    mrs r0, cpsr
    orr r0, #0x1C0