Can someone elaborate on what the difference is between these sigpatches. Why do different parts of the system need a different sigpatch?
In my understanding signed software uses a asymmetric cryptography validate the binaries.
So that would mean that different parts are signed with different private keys? And therefor we have to patch these different parts?
Firmware is made up from hundreds of compressed different files. The sigpatches look at the sha256 value of the unpacked file that we want patch, and then jump to the address (shown in the ips patch) in the decompressed file and then patch it with a new arm64 instruction.
For example say we have an address in the decompressed file that contains a boolean (true or false) we want to patch. if it's true do this - or false do that, to force the code to do what we want we can set the value with a patch and the instruction will always do what we want.
I suggest you make some small computer programs so you know how they work, then decompile them and load them into ida or ghidra so see how they look dissasembled, then make a small change to the source, recompile and then do the same again to see what's changed in the dissasembled file - you'll see instructions that have changed, to prevent you needing to upload a new binary with the changes - you just upload an IPS patch to make the changes to those instructions you modded. Now if your files were massive and you only changed 1 byte, it's easier/faster to upload a patch than a whole new massive file.
Now here's an example, for atmosphere loader sigpatch:
We can set this value to "false", that way we can skip needing an ips patch for the loader and can then run nro formwarders, however obviously people want to get the original file from source, so we can just make a patch to do the same thing and distribute that - hence the need for ips patches. Other things in these patches are for switch fimware to skip checks these are es/fs patches but we don't have the source for these and it's illegal to mod the original files and share the copyrighted code, hence the need for patches.
As complementarity comment:
There are patches for different functions, by example, a patch for the signature verification of a NSP installed game, a patch for the network compliance verification, a patch for filesystem access and verification, and so on. That's why there's a set of patch files. Even there's a set of patches to the CFW you run because you need didable some implemented verifications on it.