22
edits
Changes
From Rare Gaming Dump
no edit summary
Boot1's purpose is either (depending on the version and 'debug boot' setting) to find [[boot2]] on NAND and verify/load it, or to directly bootstrap the [[Broadway]] with a [[BS1]] image.
Boot1's purpose is either (depending on the version and 'debug boot' setting) to find [[boot2]] on NAND and verify/load it, or to directly bootstrap the [[Broadway]] with a [[BS1]] image.
If the running version of Boot1's purpose is loading boot2 from NAND, it will check the NAND's bad block map to determine which (if any) blocks to skip over, then start reading backwards from the end of the system area (the partition on NAND where boot1 and boot2 are stored) to find the first valid copy of boot2. A valid boot2 must be properly signed by Nintendo and have a greater or equal version number to that stored in the Wii's [[SEEPROM]]. If boot1 is unable to find a boot2 which meet these criteria, the system will halt.
If the running version of Boot1's purpose is loading boot2 from NAND, it will check the NAND's bad block map to determine which (if any) blocks to skip over, then start reading backwards from the end of the system area (the partition on NAND where boot1 and boot2 are stored) to find the first valid copy of boot2. A valid boot2 must be properly signed by Nintendo and have a greater or equal version number to that stored in the Wii's SEEPROM. If boot1 is unable to find a boot2 which meet these criteria, the system will halt.
Earlier versions of boot1 were vulnerable to the [[Trucha Bug]], allowing for a self-signed boot2 to be inserted in place of the official one. This was patched along with the release of [[Bollywood]].
Earlier versions of boot1 were vulnerable to the [[Trucha Bug]], allowing for a self-signed boot2 to be inserted in place of the official one. This was patched along with the release of [[Bollywood]].
Earlier versions of boot2 were effectively merged with IOS, so rather than reloading into IOS, boot2 would begin bootstrapping the Broadway itself.
Earlier versions of boot2 were effectively merged with IOS, so rather than reloading into IOS, boot2 would begin bootstrapping the Broadway itself.
boot2 is the only part of the process which can be updated on production systems.
During the [[Wii Factory Process]], a special boot2 known as "sd_boot" is used. This boot2 will verify and launch a [[BroadOn]]-format [[WAD]] from the SD card rather than continuing boot from NAND. sd_boot has an exploit in the SD reading code which allows for arbitrary code execution at coldboot with an SD card inserted, and as a retail signed sd_boot title is available which can be installed on any Wii (even [[Bollywood]]), this removes the previous restriction of not being able to run code (such as BootMii) as boot2 on newer Wiis.
During the [[Wii Factory Process]], a special boot2 known as "sd_boot" is used. This boot2 will verify and launch a [[BroadOn]]-format [[WAD]] from the SD card rather than continuing boot from NAND. sd_boot has an exploit in the SD reading code which allows for arbitrary code execution at coldboot with an SD card inserted, and as a retail signed sd_boot title is available which can be installed on any Wii (even [[Bollywood]]), this removes the previous restriction of not being able to run code (such as BootMii) as boot2 on newer Wiis.
