Okay. But do you have enough space ? And is loading it from a corrupted FIRM partition really worth it?
It's not corrupted, according to the CCC talk, FIRM0 is just "corrupted" because the has check doesn't pass, because our payload is at the end of the FIRM0 binary.
So FIRM0 consists of 1) ARM9 loader 2) ARM9 binary and 3) the payload.
Once FIRM1 gets exploited and our payload gains execution, it could do two things:
1) Skip ARM9 loader from FIRM0 and decrypt the ARM9 binary on its own (because we have the keys) and executes it.
or
2) We just use the decrypted ARM9 binary from FIRM0 (latest NATIVE_FRIM) as our actual FIRM0 image, so it just consists of 1) decrypted ARM9 binary and 2) the payload.
Once the payload gains execution, it just executes FIRM0 (which is the decrypted ARM9 binary) minus the payload.
This should work, because a decrypted ARM9 bianry + payload would also not pass the hash check, just like our current implementation does not.
And then you have the latest NATIVE_FIRM on NAND + the latest FW titles from the corresponding FW as sysNAND.
This way we don't have to boot external NATIVE_FIRM images and don't have to mix up different NATIVE_FIRM version and other titles from the latest FW version.
So we would have 100% latest FW and all it's componends but in sig patched environment.
I wouldn't worry about space in NAND, because the FIRM0/1 will only get bigger when Nintendo release new FW updates and they have them 2 times in there!
So our smaller 9.0 NATIVE_FIRM as FIRM1 will always give us enough space to mess with FIRM0.