1,386
edits
Changes
From Rare Gaming Dump
→boot2
The '''Wii Boot Process''' is a 5-step process from the initial power-on of the Wii system, to initialization of the [[Wii System Menu]] (normally, the "Health & Safety" screen is displayed when the process is complete).
The '''Wii Boot Process''' is a 5-step process from the initial power-on of the Wii system, to initialization of the [[Wii System Menu]] (normally, the "Health & Safety" screen is displayed when the process is complete).
== boot0 ==
==boot0==
[[boot0]] forms the initial phase of the Wii boot process. Boot0 is the Wii's "bootROM", a small piece of code physically burned into the [[Hollywood]]/[[Bollywood]] package. As such, the first instruction of boot0 is the first thing executed when the Wii is powered on, and since boot0 is burned into ROM, it can never be changed even with hardware modifications to the console. boot0, 1, 2, and IOS are ARM programs which run on the [[IOP]].
[[boot0]] forms the initial phase of the Wii boot process. Boot0 is the Wii's "bootROM", a small piece of code physically burned into the [[Hollywood]]/[[Bollywood]] package. As such, the first instruction of boot0 is the first thing executed when the Wii is powered on, and since boot0 is burned into ROM, it can never be changed even with hardware modifications to the console. boot0, 1, 2, and IOS are ARM programs which run on the [[IOP]].
If the stored hash matches that of the first block of NAND or if the stored hash is all zeroes (as is the case on non-production systems), boot1 will be executed; if there is a hash mismatch, boot0 will halt immediately, irrecoverably bricking the system unless a NAND image is available and can be flashed using a hardware programmer. This ensures that boot1 can never be modified on production systems once the [[Wii Factory Process]] is complete, as any modifications would invalidate the hash (unless a hash collision is found).
If the stored hash matches that of the first block of NAND or if the stored hash is all zeroes (as is the case on non-production systems), boot1 will be executed; if there is a hash mismatch, boot0 will halt immediately, irrecoverably bricking the system unless a NAND image is available and can be flashed using a hardware programmer. This ensures that boot1 can never be modified on production systems once the [[Wii Factory Process]] is complete, as any modifications would invalidate the hash (unless a hash collision is found).
== boot1 ==
==boot1==
[[boot1]] forms the second phase of the Wii boot process. While boot1 is stored in NAND and as such is theoretically updateable, due to the hash checking performed by boot0 it is only updateable on systems where the boot1 hash is not programmed into the eFuses. (Nintendo does actually use this capability to update boot1 on systems where it is possible, as certain [[SWUpdate]] packages for development units include a boot1 image.)
[[boot1]] forms the second phase of the Wii boot process. While boot1 is stored in NAND and as such is theoretically updateable, due to the hash checking performed by boot0 it is only updateable on systems where the boot1 hash is not programmed into the eFuses. (Nintendo does actually use this capability to update boot1 on systems where it is possible, as certain [[SWUpdate]] packages for development units include a boot1 image.)
Earlier versions of boot1 were vulnerable to the [[Trucha Bug]], allowing for a self-signed boot2 to be inserted in place of the official one. This was patched along with the release of [[Bollywood]].
Earlier versions of boot1 were vulnerable to the [[Trucha Bug]], allowing for a self-signed boot2 to be inserted in place of the official one. This was patched along with the release of [[Bollywood]].
== boot2 ==
==boot2==
[[boot2]] forms the third phase of the Wii boot process. Boot2's purpose is to open the [[Wii System Menu]] (or whichever title is installed in the Wii System Menu's title ID "slot", 1-2)'s [[TMD]] and determine which version of [[IOP-OS]] (IOS) it requires, then reload into said version with instructions for it to bootstrap the Broadway and have it load the system menu title.
[[boot2]] forms the third phase of the Wii boot process. Boot2's purpose is to open the [[Wii System Menu]] (or whichever title is installed in the Wii System Menu's title ID "slot", 1-2)'s [[TMD]] and determine which version of [[IOP-OS]] (IOS) it requires, then reload into said version with instructions for it to bootstrap the Broadway and have it load the system menu title.
Boot2 is the only part of the process which can be updated on production systems.
Boot2 is the only part of the process which can be updated on production systems.
During the [[Wii Factory Process]], a special boot2 known as "sd_boot" is used. This boot2 will verify and launch a [[BroadOn]]-format [[WAD]] from the SD card rather than continuing boot from NAND.
During the [[Wii Factory Process]], a special boot2 known as "sd_boot" is used. This boot2 will verify and launch a [[BroadOn]]-format [[WAD]] from the SD card rather than continuing boot from NAND. sd_boot has an exploit in the SD reading code which allows for arbitrary code execution at coldboot with an SD card inserted, and as a retail signed sd_boot title is available which can be installed on any Wii (even [[Bollywood]]), this removes the previous restriction of not being able to run code (such as BootMii) as boot2 on newer Wiis.
== IOS ==
==IOS==
IOS (referred to as "boot3" when being described as part of the boot process) forms the fourth phase of the Wii boot process. The loaded IOS depends on that which is specified by the System Menu title. All IOSes include a "ppcboot" functionality to bootstrap the Broadway with a set of instructions which allow it to load the System Menu.
IOS (referred to as "boot3" when being described as part of the boot process) forms the fourth phase of the Wii boot process. The loaded IOS depends on that which is specified by the System Menu title. All IOSes include a "ppcboot" functionality to bootstrap the Broadway with a set of instructions which allow it to load the System Menu.
In earlier versions of the Wii architecture, IOS was stored on the system area along with boot1 and boot2, as there was only one major version. However, IOS was later migrated to NAND and became a normal title like the System Menu and other installed titles.
In earlier versions of the Wii architecture, IOS was stored on the system area along with boot1 and boot2, as there was only one major version. However, IOS was later migrated to NAND and became a normal title like the System Menu and other installed titles.
== System Menu ==
==System Menu==
The final phase of the boot process is the [[Wii System Menu]] itself. This is the only phase of the process to run on the [[Broadway]], and as such is the only one to produce video output (earlier phases can output via GPIOs and to the SD card, but not to the display device). The production System Menu will normally display the "Health & Safety" screen upon boot, although as any title can be installed as a system menu (such as the [[Startup Disc Menu]] or [[Devkit Boot Program]]), this is not consistent across all possible Wii configurations.
The final phase of the boot process is the [[Wii System Menu]] itself. This is the only phase of the process to run on the [[Broadway]], and as such is the only one to produce video output (earlier phases can output via GPIOs and to the SD card, but not to the display device). The production System Menu will normally display the "Health & Safety" screen upon boot, although as any title can be installed as a system menu (such as the [[Startup Disc Menu]] or [[Devkit Boot Program]]), this is not consistent across all possible Wii configurations.
