![]() By looking into the BCT's bootloader0_info (normal) or bootloader1_info (safe mode), the boot ROM starts executing this stage at address 0x40010020 in IRAM (0x40010040 for 4.0.0+). The code for this stage is stored in plaintext inside the package. NX Bootloader hash (first four bytes of SHA256(nx_bootloader)) Secure Monitor hash (first four bytes of SHA256(secure_monitor)) ![]() Package1ldr hash (first four bytes of SHA256(package1ldr)) Execution starts at plaintext package1ldr which will set up hardware, generate keys and decrypt the next stage. ![]() This package is distributed as a plaintext initial bootloader (package1ldr) and a secondary encrypted blob ("PK11"). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |