Stop right there. If you're posting that it's the wrong thread, it's probably the wrong thread. Please go elsewhere.i know it is the wrong thread...
1. System-level hardware executes the power-up sequence. This sequence ends when system-level hardware releases SYS_RESET_N.
2. The Boot ROM on the Tegra X1 device begins executing and programs the on-chip I/O controllers to access the secondary boot device.
3. The Boot ROM on the Tegra X1 device fetches the BCT and Boot Loader from the secondary boot device.
4. If the BCT and Boot Loader are fetched successfully, Boot ROM on the Tegra X1 device yields to the Boot Loader.
5. Otherwise, Boot ROM on the Tegra X1 device enters USB recovery mode.
Following the power-up sequence, most MPIOs on the Tegra X1 device will stay in their power-on-reset state until system-dependent software (the Boot Loader or the OS) reprograms them. However, depending on the secondary boot device used in a given system, the Boot ROM may change the state of some of the MPIOs and associated pinmux so that the Boot ROM can interface with the secondary device to fetch the Boot Loader.
The following secondary boot device types are available:
1. SPI Boot
2. eMMC Boot
3. USB RCM Boot
4. SATA Boot
USB RCM Boot
RCM is not a regular boot mode. It is used for recovery purposes (through a combination of key presses). RCM expects that the device is already attached to the host before cold boot, so only D+/D- is used and the other signals are ignored. RCM utilizes device mode, so current is not provided through VBUS and thus no VBUS condition. Because connection is expected before cold boot, device mode connection detection via valid VBUS is also not used.
Hard to tell if they'll do a "New Nintendo Switch". All portables got upgrades but no home consoles have yet.
The quoted information looks correct to me.Just to disple some misunderstandings ...
So there are three ways atm. to enter the Tegra RCM.
1. by a combination of key presses (Volume+ & right JoyCon rail pin 10)
2. removing the eMMC/sysNAND module
3. manipulating the sysNAND so that nintendo's bootloader can't be loaded succesfully
The switch has two Recovery Modes.
1. The Tegra Boot ROM RCM that ist part of the SoC
2. A Recovery Mode / Maintanance Mode / Safe Mode that was written by Nintendo and is loaded from the eMMC (boot partitions 1 & 2)
The Tegra Boot ROM RCM ist the one that is targeted by fusee gelee to inject some payload to be then able to load and execute unsigned code.
So far, I hope everything is correct.
Now, I am asking myself, if there is a possibility that nintendo could find out that I ever booted into the Tegra RCM? Does the system store this kind of informations that could be read by Horizon?
The code inside the boot ROM is executed by the BPMP which has some IRAM in that the BCT is copied from the boot storage device (don't know if the bootloader is also copied into the IRAM or into SDRAM). Is the data stored in this IRAM somehow accessible by the CCPLEX / the main processor?This makes it very likely that it does not store information about entering RCM.
Is the Tegra RCM code pulling these straps so that Horizon would know if we were booting after entering the Tegra RCM?Straps; signals on the Tegra package which may be pulled weakly high or low during the boot process to communicate information to Tegra.
You may have inside knowledge about the code they use to be able to make statements about the quality. I don't, so I don't. That also prevents me from estimating failures rates. Feel free to share that code you seem to have access to, so we can come to our own conclusions.Thread is bad.. OP seems to have it out for TX. Threads like these are bias.
TX (a good development team, just like reswitched), obviously knows more than you do. They know what they're doing. You don't even have access to their dongle yet and you're saying they can brick your devices..
AutoRCM is stated to be reversible (and optional).. What's even less reversible is people soldering the pins in their joycon.. yet you don't hear anyone complaining or warning how dangerous it is.. just "at your own risk".. TX comes up with a software & 3rd party hardware solution and a thread about bricking comes along.
They're smart enough to create and distribute a hardware solution and a full OS. If there's a 1% failure rate, that's still less of a failure rate than soldering (optional) and fucking up your joycon pins. There's people bending their pins and the right joycon is no longer recognized by the system.. but yet, no warning threads like this one.
You install anything on your switch other than the official Nintendo firmware, and you know the risks pretty damn well. After all, you came here in search of how to do it. If you can't handle the risks, you shouldn't touch home-brew. You're buying a third-party dongle and "trusting" them to get things right. It's the same as installing atmosphere when it comes out.
Either trust the code or don't. They're not here to brick your console. They're here to make money by selling software and hardware.
Whether the data of the BPMP is accessible or not depends on the execution level code runs in. In normal operation the BPMP is completely shut down - for firmwares >1.0.0 at least - so there is nothing to access there. At boot that is of course not the case.The code inside the boot ROM is executed by the BPMP which has some IRAM in that the BCT is copied from the boot storage device (don't know if the bootloader is also copied into the IRAM or into SDRAM). Is the data stored in this IRAM somehow accessible by the CCPLEX / the main processor?
And there are also the "straps" which atm. I don't know what these exactly are:
Is the Tegra RCM code pulling these straps so that Horizon would know if we were booting after entering the Tegra RCM?
Oh, and there should be also a way to enter Tegra RCM on every reboot (not cold boot) if you are already booted into and running a CFW by setting a specific PMC register bit.
Interesting thoughts! But they are not really on topic here. I would suggest you head over to ReSwitched though if you want to discuss with like-minded people, there is a whole channel about this topic!---SNIP---
Hmm, this could cause problems if you turn on your console while it is sitting inside the dock, because then you have two devices on the same rail at the same time - the usb switch and the dock's usb hub. For this case you would need some extra circuit that detects wether the console is sitting inside the dock or not and if it is the case than prevent the usb switch from beeing activated.The zsun I initially planned to use includes a was7227q, which is about the size of a large grain of rice. You would control it with a simple GPIO pin, and just disable the pin after injecting the payload.
Hmm, this could cause problems if you turn on your console while it is sitting inside the dock, because then you have two devices on the same rail at the same time - the usb switch and the dock's usb hub. For this case you would need some extra circuit that detects wether the console is sitting inside the dock or not and if it is the case than prevent the usb switch from beeing activated.
Ok, but you would have to cut the traces on the switch's main pcb to which the usb port is soldered to, to disconnect it from the SoC, or am I getting something wrong?The "input" of the switch chip is the Nintendo's USB D+/D-. (From the switch motherboard.)
SelectOutput1 is the USB-C port's D+/D- (active when GPIO is low)
SelectOutput2 is the microcontroller's D+/D-. (Active when the GPIO is high
Ok, but you would have to cut the traces on the switch's main pcb to which the usb port is soldered to, to disconnect it from the SoC, or am I getting something wrong?
Are they even on one of the visible pcb layers? USB type C has also two seperate d+ and two d- rails. Can't see any visible traces coming from the usb port's pins, neither on the top nor on the bottom side of the pcb.Yes, you would have to intercept the port's wiring before it terminates at the USB-C port. Thankfully it is just two traces.
Brick means irrecoverably damaged. ie, only useful as a brick building material from here on out. Use the right terms, stop fearmongering.I'm saying that they will brick your Switch!
I am using the right terms. The different types of brick have been further clarified in the opening post to avoid confusion like yours, you likely missed that addition because it only happened a few hours ago.Brick means irrecoverably damaged. ie, only useful as a brick building material from here on out. Use the right terms, stop fearmongering.
Oh, you're confused, it doesn't matter how you define it. Let me wiki it for you, doll!I am using the right terms. The different types of brick have been further clarified in the opening post to avoid confusion like yours, you likely missed that addition because it only happened a few hours ago.
That is why we refer to it as a soft-brick to separate it from a full brick. Thank your for posting that here for anyone interested.Oh, you're confused, it doesn't matter how you define it. Let me wiki it for you, doll!
The word "brick", when used in reference to consumer electronics, describes an electronic device such as a smartphone, game console, router, or tablet computer that, due to severe physical damage, a serious misconfiguration, corrupted firmware, or a hardware problem, can no longer function, hence, is as technologically useful as a brick.[1]
The term derives from the vaguely rectangular shape of many electronic devices (and their detachable power supplies) and the suggestion that the device can function only as a lifeless, square object, paperweight or doorstop.
This term is commonly used as a verb. For example, "I bricked my MP3 player when I tried to modify its firmware." It can also be used as a noun, for example, "If it's corrupted and you apply using fastboot, your device is a brick."
In the common usage of the term, "bricking" suggests that the damage is so serious as to have rendered the device permanently unusable
yeah but even the term "soft-brick" isn't really apt as once this process is performed properly its actually just a exploit of a feature that would normally be caused by what might be a brickThat is why we refer to it as a soft-brick to separate it from a full brick. Thank your for posting that here for anyone interested.