SAMU IPL, codenamed as 80000001, is the main loader of the Secure Kernel (80010001)
The header contained in it contains the following information:
| Offset |
Size |
Description |
Notes
|
| 0x0 |
4 |
Magic |
5E D7 9A 0B
|
| 0x4 |
4 |
Header Size |
Little Endian (0x280)
|
| 0x8 |
4 |
Entry Point |
Little Endian (0x100)
|
| 0xC |
4 |
Payload Size |
Little Endian (e.g 0x232D0)
|
| 0x10 |
0x10 |
Padding |
Zeroes
|
| 0x20 |
0x20 |
SHA256 of the decrypted payload |
Verified from 0x280 to 0x23550
|
| 0x40 |
0x100 |
Padding |
Ascii Zeroes
|
| 0x140 |
0x40 |
Metadata |
|
| 0x180 |
0x100 |
RSA Header Signature |
Verified with rsa modulus from SAMU BootROM from 0 to 0x180
|
| 0x280 |
0x232D0 |
Payload |
|
| 0x23550 |
0x100 |
RSA Footer Signature |
Verified from header + body (somewhere else, likely PUP SM Manager)
|
MetaData Info
| Offset |
Size |
Description |
Notes
|
| 0x0 |
0x20 |
MetaData Body |
Contains Keyslot Keys
|
| 0x20 |
0x20 |
HDR + MetaData SHA256HMAC |
SHA256 of hdr plus metadata (HMAC)
|
MetaData Body
| Offset |
Size |
Description |
Notes
|
| 0x0 |
0x20 |
KeySlot 1 |
|