I was just wondering how boot launchers such as hekate and sx os bypass fusee checks?
void bootloader() {
mbist_workaround();
clock_enable_se();
// This makes fuse registers visible
clock_enable_fuse(0x01);
check_sku();
// Check configuration fuses
check_config_fuses();
// Disables fuse programming until next reboot
FUSE(FUSE_PRIVATEKEYDISABLE) = 0x10;
// Setup memory controllers
mc_enable();
// Pre-Firmware setup
setup();
}
K, thxI assume they all use a similar method... this section of code is from the reinx bootloader.c source file
Code:void bootloader() { mbist_workaround(); clock_enable_se(); // This makes fuse registers visible clock_enable_fuse(0x01); check_sku(); // Check configuration fuses check_config_fuses(); // Disables fuse programming until next reboot FUSE(FUSE_PRIVATEKEYDISABLE) = 0x10; // Setup memory controllers mc_enable(); // Pre-Firmware setup setup(); }
Beyond that I have no clue XD
I'm pretty sure Big N's bootloader is the thing that checks the fuse count and panics if the count isn't correct, as it's also the thing that will burn fuses if the count is too low.