Separate names with a comma.
Discussion in 'Switch - Hacking & Homebrew' started by Marioyoshi64, Jul 31, 2017.
As far as I know, it's equivalent to kernel access.
The Switch CPU (well, any CPU with ARM TrustZone) is divided into 2 sections, privileged code and unprivileged code.
Unprivileged code only has access to unprivileged parts of the system (memory, applications, hardware and so on), whereas privileged code has access to privileged hardware, privileged memory, privileged applications and so on.
You can think of it as a hardware sandbox, it's similar to how the 3DS works (with ARM9/ARM11), but instead of being physically separated by different chips, the separation is integrated into the SoC.
There's some more info here: https://www.arm.com/products/security-on-arm/trustzone
Basically what we need for Switch hacking right now is a TrustZone exploit, that is, an exploit that would allow us to run our own privileged code. This would allow pretty much anything short of cold boot CFW (that would need a bootloader exploit, or an exploit in the home menu or similar)
That's why the TrustZone dump is such big news. It's akin to dumping the ARM9 kernel of the 3DS. I don't think it's quite on the same level as the 3DS bootrom, I think there's still a bootloader of some sort below TrustZone. But the TrustZone dump will make it immensely easier to find an exploit in privileged code that would in turn allow a lot of the things people are waiting for. Namely piracy, save managers, update bypassing, and other system-related tools.