diff --git a/arm11/source/start.s b/arm11/source/start.s index fa92f72..a3e4600 100644 --- a/arm11/source/start.s +++ b/arm11/source/start.s @@ -30,7 +30,8 @@ operation: .word 0 start: - cpsid aif + @ Disable interrupts and switch to supervisor mode + cpsid aif, #0x13 @ Set the control register to reset default: everything disabled ldr r0, =0x54078 @@ -42,11 +43,10 @@ start: mov r0, #0xF mcr p15, 0, r0, c1, c0, 1 - @ Invalidate all caches, flush the prefetch buffer and DSB + @ Invalidate both caches, flush the prefetch buffer then DSB mov r0, #0 mcr p15, 0, r0, c7, c5, 4 - mcr p15, 0, r0, c7, c5, 0 - mcr p15, 0, r0, c7, c6, 0 + mcr p15, 0, r0, c7, c7, 0 mcr p15, 0, r0, c7, c10, 4 @ Clear BSS diff --git a/loader/source/start.s b/loader/source/start.s index 4391eec..5dd1349 100644 --- a/loader/source/start.s +++ b/loader/source/start.s @@ -43,7 +43,7 @@ disableMpuAndJumpToEntrypoints: mrc p15, 0, r0, c1, c0, 0 @ read control register bic r0, #(1<<12) @ - instruction cache disable bic r0, #(1<<2) @ - data cache disable - bic r0, #(1<<0) @ - mpu disable + bic r0, #(1<<0) @ - MPU disable mcr p15, 0, r0, c1, c0, 0 @ write control register @ Set the ARM11 entrypoint diff --git a/patches/reboot.s b/patches/reboot.s index 5efa419..b243052 100644 --- a/patches/reboot.s +++ b/patches/reboot.s @@ -2,15 +2,17 @@ .arm.little -argv_addr equ 0x27FFDF00 -fname_addr equ 0x27FFDF80 -low_tid_addr equ 0x27FFDFE0 -copy_launch_stub_addr equ 0x27FFE000 +copy_launch_stub_stack_top equ 0x01FFB800 +copy_launch_stub_stack_bottom equ 0x01FFA800 +copy_launch_stub_addr equ 0x01FF9000 -firm_addr equ 0x20001000 -firm_maxsize equ (copy_launch_stub_addr - 0x1000 - firm_addr) +argv_addr equ (copy_launch_stub_stack_bottom - 0x100) +fname_addr equ (copy_launch_stub_stack_bottom - 0x200) +low_tid_addr equ (copy_launch_stub_stack_bottom - 0x300) + +firm_addr equ 0x20001000 +firm_maxsize equ 0x07FFF000 -arm11_entrypoint_addr equ 0x1FFFFFFC .create "build/reboot.bin", 0 .arm ; Interesting registers and locations to keep in mind, set just before this code is ran: @@ -154,17 +156,13 @@ fname: .ascii "FILE" cmp r5, #3 blo load_section_loop - ldr r0, =arm11_entrypoint_addr - ldr r1, [r4, #0x08] - str r1, [r0] - mov r0, #2 ; argc ldr r1, =argv_addr ; argv ldr r2, =0xBABE ; magic word - ldr r5, =arm11_entrypoint_addr + mov r5, #0x20000000 ldr r6, [r4, #0x08] - str r6, [r5] + str r6, [r5, #-4] ; store arm11 entrypoint ldr lr, [r4, #0x0c] bx lr diff --git a/source/crypto.c b/source/crypto.c index 9989e26..36ca27f 100755 --- a/source/crypto.c +++ b/source/crypto.c @@ -379,8 +379,8 @@ int ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf) int ctrNandWrite(u32 sector, u32 sectorCount, const u8 *inbuf) { - u8 *buffer = (u8 *)0x23000000; - u32 bufferSize = 0xF00000; + u8 *buffer = (u8 *)0xFFF00000; + u32 bufferSize = 0x4000; __attribute__((aligned(4))) u8 tmpCtr[sizeof(nandCtr)]; memcpy(tmpCtr, nandCtr, sizeof(nandCtr)); diff --git a/source/start.s b/source/start.s index 17dba3c..633b1be 100644 --- a/source/start.s +++ b/source/start.s @@ -24,10 +24,10 @@ .align 4 .global _start _start: - @ Disable interrupts - mrs r4, cpsr + @ Disable interrupts and switch to supervisor mode (also clear flags) + mov r4, #0x13 orr r4, #0x1C0 - msr cpsr_cx, r4 + msr cpsr_cxsf, r4 mov r9, r0 mov r10, r1 @@ -38,30 +38,34 @@ _start: @ Disable caches / MPU mrc p15, 0, r4, c1, c0, 0 @ read control register + bic r4, #(1<<16) @ - DTCM disable bic r4, #(1<<12) @ - instruction cache disable bic r4, #(1<<2) @ - data cache disable - bic r4, #(1<<0) @ - mpu disable + bic r4, #(1<<0) @ - MPU disable mcr p15, 0, r4, c1, c0, 0 @ write control register - @ Flush caches - bl flushEntireDCache - bl flushEntireICache + @ Invalidate both caches, discarding any data they may contain, + @ then drain the write buffer + mov r4, #0 + mcr p15, 0, r4, c7, c5, 0 + mcr p15, 0, r4, c7, c6, 0 + mcr p15, 0, r4, c7, c10, 4 @ Give read/write access to all the memory regions - ldr r0, =0x3333333 + ldr r0, =0x33333333 mcr p15, 0, r0, c5, c0, 2 @ write data access mcr p15, 0, r0, c5, c0, 3 @ write instruction access @ Set MPU permissions and cache settings ldr r0, =0xFFFF001D @ ffff0000 32k | bootrom (unprotected part) - ldr r1, =0x01FF801D @ 01ff8000 32k | itcm - ldr r2, =0x08000029 @ 08000000 2M | arm9 mem (O3DS / N3DS) - ldr r3, =0x10000029 @ 10000000 2M | io mem (ARM9 / first 2MB) - ldr r4, =0x20000037 @ 20000000 256M | fcram (O3DS / N3DS) - ldr r5, =0x1FF00027 @ 1FF00000 1M | dsp / axi wram - ldr r6, =0x1800002D @ 18000000 8M | vram (+ 2MB) - mov r7, #0 - mov r8, #0x15 + ldr r1, =0xFFF0801B @ fff00000 16k | dtcm + ldr r2, =0x01FF801D @ 01ff8000 32k | itcm + ldr r3, =0x08000029 @ 08000000 2M | arm9 mem (O3DS / N3DS) + ldr r4, =0x10000029 @ 10000000 2M | io mem (ARM9 / first 2MB) + ldr r5, =0x20000037 @ 20000000 256M | fcram (O3DS / N3DS) + ldr r6, =0x1FF00027 @ 1FF00000 1M | dsp / axi wram + ldr r7, =0x1800002D @ 18000000 8M | vram (+ 2MB) + mov r8, #0x29 mcr p15, 0, r0, c6, c0, 0 mcr p15, 0, r1, c6, c1, 0 mcr p15, 0, r2, c6, c2, 0 @@ -70,17 +74,22 @@ _start: mcr p15, 0, r5, c6, c5, 0 mcr p15, 0, r6, c6, c6, 0 mcr p15, 0, r7, c6, c7, 0 - mcr p15, 0, r8, c3, c0, 0 @ Write bufferable 0, 2, 4 - mcr p15, 0, r8, c2, c0, 0 @ Data cacheable 0, 2, 4 - mcr p15, 0, r8, c2, c0, 1 @ Inst cacheable 0, 2, 4 + mcr p15, 0, r8, c3, c0, 0 @ Write bufferable 0, 3, 5 + mcr p15, 0, r8, c2, c0, 0 @ Data cacheable 0, 3, 5 + mcr p15, 0, r8, c2, c0, 1 @ Inst cacheable 0, 3, 5 + + @ Set DTCM address and size to the default values + ldr r1, =0xFFF0800A @ set DTCM address and size + mcr p15, 0, r1, c9, c1, 0 @ set the dtcm Region Register @ Enable caches / MPU / ITCM mrc p15, 0, r0, c1, c0, 0 @ read control register orr r0, r0, #(1<<18) @ - ITCM enable + orr r0, r0, #(1<<16) @ - DTCM enable orr r0, r0, #(1<<13) @ - alternate exception vectors enable orr r0, r0, #(1<<12) @ - instruction cache enable orr r0, r0, #(1<<2) @ - data cache enable - orr r0, r0, #(1<<0) @ - mpu enable + orr r0, r0, #(1<<0) @ - MPU enable mcr p15, 0, r0, c1, c0, 0 @ write control register @ Clear BSS