mirrors/Atmosphere
1
0
Fork 0
mirror of https://github.com/Atmosphere-NX/Atmosphere.git synced 2025-05-21 10:25:08 -04:00
Code Issues Projects Releases Packages Wiki Activity

docs: initial re-write of all documentation

Browse source
This commit is contained in:
hexkyz 2020-04-26 19:06:59 +01:00
parent 71d266f867
commit 57ac153671
42 changed files with 711 additions and 626 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/components/emummc.md Normal file
View file

@ -0,0 +1,4 @@
# emummc
emummc is a collaboration project that provides eMMC storage emulation.
Please refer to the project's repository [here](https://github.com/m4xw/emuMMC) for detailed instructions and documentation.

22
docs/components/exosphere.md
View file

@ -1,10 +1,18 @@
# Exosphère
Exosphère is a reimplementation of Arm's TrustZone (TZ), also known as Secure Monitor (Secure_Monitor.bin). It has the highest privilege mode available on the Switchs processor, and has access to everything on the console.
Exosphère will potentially play a big role in Jamais Vu and Déja Vu, which are upcoming software exploits for the Switch, allowing one to launch Atmosphère on a Fusée-Gélee patched (ipatched) Switch console, and will also enable one to launch into CFW directly from the Switch itself without the use of any sort of external device, such as a computer or RCM jig, provided they are on a low enough system firmware.
## TrustZone/Secure Monitor
TrustZone is responsible for all the cryptographic operations on the Switch. The idea behind the way it operates is that all the keys stay in the TrustZone, and userspace only gets "handles" to them. This would make sure that keydata never leaks and is kept secure. It also has a few more responsibilities, such as power management, providing a source of random numbers, and providing access to various pieces of information that are stored in the fuses.
Exosphère is a customized reimplementation of the Horizon OS's Secure Monitor.
The Secure Monitor follows the same design principle as Arm's TrustZone and both terms can be used interchangeably in this context. It runs at the highest privilege mode (EL3) available to the main processor and is responsible for all the sensitive cryptographic operations needed by the system as well as power management for each CPU.
## Extensions
Exosphère currently only contains one extension, an SMC allowing homebrew to find which version of Atmosphère is currently running, in order to find out what extensions are allowed to be used.
Exosphère expands the original Secure Monitor design by providing custom SMCs (Secure Monitor Calls) necessary to the homebrew ecosystem. Currently, these are:
+ smc_ams_iram_copy
+ smc_ams_write_address
+ smc_ams_get_emummc_config
## lp0fw
This is a small, built-in payload that is responsible for waking up the system during a warm boot.
## sc7fw
This is a small, built-in payload that is responsible for putting the system to sleep during a warm boot.
## rebootstub
This is a small, built-in payload that provides functionality to reboot the system into any payload of choice.

22
docs/components/fusee.md Normal file
View file

@ -0,0 +1,22 @@
# Fusée
Fusée is a custom bootloader used to start the Atmosphère environment.
It is divided into three sub-components: Fusée-primary, Fusée-mtc and Fusée-secondary.
Fusée is also capable of chainloading other payloads (e.g.: Android).
Fusée's behavior can be configured via the [BCT.ini](../features/BCT.md) file located on the SD card.
## Fusée-primary
Fusée-primary is the first piece of Atmosphère's code that runs on the hardware.
It is distributed as a standalone payload designed to be launched via RCM by abusing the CVE-2018-6242 vulnerability.
This payload is responsible for all the low-level hardware initialization required by the Nintendo Switch, plus the extra task of initializing the SD card and reading the next Fusée sub-components from it.
## Fusée-mtc
Fusée-mtc is an optional, but heavily recommended sub-component that performs DRAM memory training.
This ensures a proper environment for running the final Fusée sub-component.
## Fusée-secondary
Fusée-secondary is the last Fusée sub-component that runs on the system.
It is responsible for configuring and bootstrapping the Atmosphère environment by mimicking the Horizon OS's design.
This includes setting up the cryptosystem, mounting or emulating the eMMC, injecting or patching system modules and launching the Exosphère component.

73
docs/components/fusee/BCT.md
View file

@ -1,73 +0,0 @@
# BCT.ini
BCT.ini is the configuration file used by fusée-primary and fusée-secondary. It is read by fusee-primary.bin to setup and boot fusee-secondary.bin and is also read by fusee-secondary.bin to configure Exosphère, specify the environment it should boot, or configure other miscellaneous options such as setting a custom boot splashscreen.
## Configuration
This file is located in the `atmosphere` folder on your SD card. The default configuration file will look similar to this.
```
BCT0
[stage1]
stage2_path = atmosphere/fusee-secondary.bin
stage2_addr = 0xF0000000
stage2_entrypoint = 0xF0000000
[exosphere]
; Note: Disabling debugmode will cause parts of ams.tma to not work, in the future.
debugmode = 1
debugmode_user = 0
[stratosphere]
; To force-enable nogc, add nogc = 1
; To force-disable nogc, add nogc = 0
```
## Adding a Custom Boot Splashscreen
Add the following lines to BCT.ini and change the value of `custom_splash` to the actual path and filename of your boot splashscreen.
```
[stage2]
custom_splash = /path/to/your/bootlogo.bmp
```
The boot splashscreen must be a BMP file, it must be 720x1280 (1280x720 rotated 90 degrees left/counterclockwise/anti-clockwise) resolution, and be in 32-bit ARGB format. You can use image editing software such as GIMP or Photoshop to export the image in this format.
## Configuring "nogc" Protection
Nogc is a feature provided by fusée-secondary which disables the Nintendo Switch's Game Card reader. Its purpose is to prevent the reader from being updated when the console has been updated without burning fuses from a firmware lower than 4.0.0, to a newer firmware that is at least 4.0.0 or higher. By default, Atmosphère will protect the Game Card reader automatically, but you are free to change it.
To change its functionality, add the following line to the `stratosphere` section and change the value of `X` according to the following list.
```
nogc = X
```
```
1 = force-enable nogc, so Atmosphère will always disable the Game Card reader.
0 = force-disable nogc, so Atmosphère will always enable the Game Card reader.
```
## Changing Target Firmware
Add the following line to the `exosphere` section and replace the `X` according to the following list if you have trouble booting past the firmware version detection.
`target_firmware` is the OFW major version.
```
target_firmware = X
```
```
1.0.0 = 1
2.X.X = 2
3.X.X = 3
4.X.X = 4
5.X.X = 5
6.X.X = 6
6.2.0 = 7
7.X.X = 8
```
Note that 6.X.X indicates 6.0.0 through 6.1.0.
## Configuring Debugging Modes
By default, Atmosphère signals to the Horizon kernel that debugging is enabled while leaving usermode debugging disabled, since this can cause undesirable side-effects. If you wish to change these behaviours, go to the `exosphere` section and change the value of `X` according to the following list.
```
debugmode = X
debugmode_user = X
```
```
1 = enable
0 = disable
```

20
docs/components/fusee/fusee.md
View file

@ -1,20 +0,0 @@
# Fusée
Fusée (not to be confused with Fusée Gelée) is a custom bootloader needed to start Atmosphère and replaces Nintendo's Package1loader/bootloader. It currently utilizes the [Tegra X1 RCM Vulnerability](https://nvidia.custhelp.com/app/answers/detail/a_id/4660/~/security-notice%3A-nvidia-tegra-rcm-vulnerability) in order to function.
Fusée is split into two separate parts: fusée-primary and fusée-secondary. This is due to the RCM Vulnerability only allowing payloads of a limited filesize to be sent to the device.
As of June 2018, there are new Switch systems being sold that prevent Fusée (or any payload that requires the Fusée Gelée exploit) from working due to having an ipatched bootrom. All ipatched systems share the HAC-S-JXE-C3 product code. While Fusée cannot work on these ipatched units, they still come on firmware 4.1.0, which is vulnerable to the upcoming Déja Vu software exploit. Note that if you update past 4.1.0 on one of these ipatched units, your odds of being able to install Atmosphère or run any homebrew become practically non-existent.
Additionally, a hardware revision of the Switch known as “Mariko” is believed to be in development. No such units have been seen in stores yet, but it is expected Nintendo will roll them out silently. The Mariko units will most likely patch the bootrom vulnerability Fusée Gelée, which is currently used to access CFW, and will likely have their own proprietary bootloader.
## Fusée-Primary
Fusée-primary is the payload file (fusee-primary.bin) sent to the Switch from an external device. Once sent, fusée-primary makes initial preparations before loading fusée-secondary from the Switchs SD Card.
Fusée-primary can be configured via the [BCT.ini](../fusee/BCT.md) file located on the Switchs SD card.
## Fusée-Secondary
Fusée-secondary is a payload file that stays on the root of the Switchs SD Card (fusee-secondary.bin). It is automatically launched once fusée-primary has finished, and is responsible for preparing the Switchs hardware for future running environments, such as the homebrew menu. Fusée-secondary is also responsible for validating and launching Exosphère.
Fusée-secondary contains various [.kip modules](/docs/main.md#modules). These modules modify existing features in the OS, and can also add new ones.
Fusée is also capable of chainloading other payloads such as Linux.

11
docs/components/libraries.md Normal file
View file

@ -0,0 +1,11 @@
# Libraries
This is a collection of libraries for doing operating system development for the Nintendo Switch.
## libmesosphere
libmesosphere is a work-in-progress C++ library implementing functionality for the Horizon Kernel.
## libstratosphere
libstratosphere is a work-in-progress C++ library for development of system modules for the Nintendo Switch.
## libvapours
Common boilerplate code for various purposes.

3
docs/components/mesosphere.md Normal file
View file

@ -0,0 +1,3 @@
# Mesosphère
Mesosphère is a work in progress customized kernel reimplementation.
The Horizon OS's kernel follows microkernel design principles and runs at the EL1 level. It is currently subdivided into a loader (kernel_ldr) and the main kernel code.

33
docs/components/modules/ams_mitm.md Normal file
View file

@ -0,0 +1,33 @@
# ams_mitm
This module provides methods to intercept services provided by other system modules. It is further sub-divided according to the service it targets.
## bpc_mitm
bpc_mitm enables intercepting requests to power control services. It currently intercepts:
+ "am" system module (to intercept the Reboot/Power buttons in the overlay menu)
+ "fatal" system module (to simplify payload reboot logic significantly)
+ Homebrew Loader (to allow homebrew to take advantage of the feature)
## fs_mitm
fs_mitm enables intercepting file system operations. It can log, deny, delay, replace, or redirect any request made to the file system. It enables LayeredFS to function, which allows for replacement of game assets.
## hid_mitm
hid_mitm enables intercepting requests to controller device services. It currently intercepts:
+ Homebrew Loader (to help homebrew not need to be recompiled due to a breaking change introduced in the past)
## ns_mitm
ns_mitm enables intercepting requests to application control services. It currently intercepts:
+ Web Applets (to facilitate hbl web browser launching)
## set_mitm
set_mitm enables intercepting requests to the system settings service. It currently intercepts:
+ "ns" system module and games (to allow for overriding game locales)
+ All settings requests
### Firmware Version
set_mitm intercepts the `GetFirmwareVersion` command, if the requester is `qlaunch` or `maintenance`.
It modifies the `display_version` field of the returned system version, causing the version to display
in settings as `#.#.# (AMS #.#.#)`. This allows users to easily verify what version of Atmosphère they are running.
### System Settings
set_mitm intercepts the `GetSettingsItemValueSize` and `GetSettingsItemValue` commands for all requesters.
It does so in order to enable user configuration of system settings, which are parsed from `/atmosphere/system_settings.ini` on boot. See [here](../../features/configurations.md) for more information on the system settings format.

4
docs/components/modules/boot.md Normal file
View file

@ -0,0 +1,4 @@
# boot
This module is a reimplementation of the Horizon OS's "boot" system module, which is responsible for initializing and configuring hardware.
Atmosphère's reimplementation displays its own black and white splash screen and battery icons as replacements for the original assets used during display initialization.

4
docs/components/modules/boot2.md Normal file
View file

@ -0,0 +1,4 @@
# boot2
This module is a reimplementation of the Horizon OS's "boot2" system module, which is responsible for launching all the other necessary system modules.
Atmosphère's reimplementation allows launching user provided system modules from the SD card. See [here](../../features/configurations.md) for more information.

4
docs/components/modules/creport.md Normal file
View file

@ -0,0 +1,4 @@
# creport
This module is a reimplementation of the Horizon OS's "creport" system module, which is responsible for managing crash reports.
Atmosphère's reimplementation redirects writing of generated crash reports to the SD card under the folder `/atmosphere/crash_reports/`. It also prevents the automatic uploading of said crash reports.

42
docs/components/modules/dmnt.md Normal file
View file

@ -0,0 +1,42 @@
# dmnt
This module is a reimplementation of the Horizon OS's "dmnt" system module, which provides a debug monitor.
## Extensions
Atmosphère implements an extension to provide cheat code functionality.
### Cheat Service
A HIPC service API is provided for interacting with the cheat code manager through the service `dmnt:cht`. See [here](../../features/cheats.md) for more information on the cheat code format.
The SwIPC definition for `dmnt:cht` follows:
```
interface ams::dmnt::cheat::CheatService is dmnt:cht {
[65000] HasCheatProcess() -> sf::Out<bool> out;
[65001] GetCheatProcessEvent() -> sf::OutCopyHandle out_event;
[65002] GetCheatProcessMetadata() -> sf::Out<CheatProcessMetadata> out_metadata;
[65003] ForceOpenCheatProcess();
[65004] PauseCheatProcess();
[65005] ResumeCheatProcess();
[65100] GetCheatProcessMappingCount() -> sf::Out<u64> out_count;
[65101] GetCheatProcessMappings(u64 offset) -> sf::OutArray<MemoryInfo> &mappings, sf::Out<u64> out_count;
[65102] ReadCheatProcessMemory(u64 address, u64 out_size) -> sf::OutBuffer &buffer;
[65103] WriteCheatProcessMemory(sf::InBuffer &buffer, u64 address, u64 in_size);
[65104] QueryCheatProcessMemory(u64 address) -> sf::Out<MemoryInfo> mapping;
[65200] GetCheatCount() -> sf::Out<u64> out_count;
[65201] GetCheats(u64 offset) -> sf::OutArray<CheatEntry> &cheats, sf::Out<u64> out_count;
[65202] GetCheatById(u32 cheat_id) -> sf::Out<CheatEntry> cheat;
[65203] ToggleCheat(u32 cheat_id);
[65204] AddCheat(CheatDefinition &cheat, bool enabled) -> sf::Out<u32> out_cheat_id;
[65205] RemoveCheat(u32 cheat_id);
[65206] ReadStaticRegister(u8 which) -> sf::Out<u64> out;
[65207] WriteStaticRegister(u8 which, u64 value);
[65208] ResetStaticRegisters();
[65300] GetFrozenAddressCount() -> sf::Out<u64> out_count;
[65301] GetFrozenAddresses(u64 offset) ->sf::OutArray<FrozenAddressEntry> &addresses, sf::Out<u64> out_count;
[65302] GetFrozenAddress(u64 address) -> sf::Out<FrozenAddressEntry> entry;
[65303] EnableFrozenAddress(u64 address, u64 width) -> sf::Out<u64> out_value;
[65304] DisableFrozenAddress(u64 address);
}
```

4
docs/components/modules/eclct.stub.md Normal file
View file

@ -0,0 +1,4 @@
# eclct.stub
This module is a reimplementation of the Horizon OS's "eclct" system module, which collects error reports.
Atmosphère's reimplementation is a stub to remove any and all functionality pertaining to error report collection.

4
docs/components/modules/erpt.md Normal file
View file

@ -0,0 +1,4 @@
# erpt
This module is a reimplementation of the Horizon OS's "erpt" system module, which is responsible for managing error reports.
Atmosphère's reimplementation redirects writing of generated error reports to the SD card under the folder `/atmosphere/erpt_reports/`.

4
docs/components/modules/fatal.md Normal file
View file

@ -0,0 +1,4 @@
# fatal
This module is a reimplementation of the Horizon OS's "fatal" system module, which is responsible for managing fatal reports.
Atmosphère's reimplementation prevents error report creation and draws a custom error screen, showing registers and a backtrace. It also attempts to gather debugging info for any and all crashes and tries to save reports to the SD card under the folder `/atmosphere/fatal_reports/` (if a crash report was not generated).

4
docs/components/modules/jpegdec.md Normal file
View file

@ -0,0 +1,4 @@
# jpegdec
This module is a reimplementation of the Horizon OS's "jpegdec" system module, which is responsible for JPEG format decoding.
Atmosphère's reimplementation allows two sessions instead of 1, so homebrew can use it for software JPEG decoding in addition to the OS itself.

77
docs/components/modules/loader.md Normal file
View file

@ -0,0 +1,77 @@
# loader
This module is a reimplementation of the Horizon OS's "ldr" system module, which is responsible for creating processes from executable NSO images and registering their access control.
## Extensions
Atmosphère extends this module to allow executables to be replaced or patched by files stored on the SD card. Note that a few services are required for SD card access and therefore cannot be replaced or patched in this manner.
### Exefs Replacement
When a process is created, loader will search for several NSO filenames in the program's exefs directory.
These filenames are, in this order:
- rtld
- main
- subsdk0
- subsdk1
- ...
- subsdk9
- sdk
Each NSO that is found will be loaded into the process contiguously. The process's entrypoint is at the first NSO to be loaded, usually `rtld` or `main`.
Additionally, when a process is loaded, loader will search for a `main.npdm` file in the exefs directory specifying the program's permissions.
Atmosphère extends this functionality by also searching for these files on the SD card. When searching for a file, loader will first check if it exists on the SD card. If it does, that file will be used instead. Otherwise, it will use the copy located in the exefs, if that is present. The following directory will be searched:
```
/atmosphere/contents/<program id>/exefs/
```
This allows the replacement of applets, system modules, or even games with homebrew versions.
In order to prevent an NSO from being loaded even if it exists in the exefs, loader will also check if a stub file exists. If such a file exists, the NSO will not be loaded. The files should be named like `rtld.stub`, `main.stub`, etc. and may be empty.
### NSO Patching
When an NSO is loaded, Atmosphère's reimplementation will search for IPS patch files on the SD card in the following locations.
```
/atmosphere/exefs_patches/<patchset name>/<nso build id>.ips
```
This organization allows patch sets affecting multiple NSOs to be distributed as a single directory. Patches will be searched for in each patch set directory. The name of each patch file should match the hexadecimal build ID of the NSO to affect, except that trailing zero bytes may be left off. Because the NSO build ID is unique for every NSO, this means patches will only apply to the files they are meant to apply to.
Patch files are accepted in either IPS format or IPS32 format.
Because NSO files are compressed, patch files are not made between the original version of a compressed NSO and the modified version of such an NSO. Instead, they are made between the uncompressed version of an NSO and the modified (and still uncompressed) version of that NSO. This also means that a patch file cannot be manually applied to the compressed version of an NSO; it must be applied to the uncompressed version. Atmosphère's reimplementation will correctly apply these patches while loading the process regardless of whether the NSO it finds is compressed or not.
When authoring patches, [hactool](https://github.com/SciresM/hactool) can be used to find an NSO's build ID and to uncompress NSOs. Recent versions of the [ReSwitched IDA loaders](https://github.com/reswitched/loaders) can be used to load uncompressed NSOs into IDA in such a way that you can [apply patches to the input file](https://www.hex-rays.com/products/ida/support/idadoc/1618.shtml). From there, any IPS tool can be used to create the patch between the original NSO and the patched NSO. Note that if the NSO you are patching is larger than 16 MiB, you will have to use a tool that supports IPS32.
### HBL Support
Atmosphère provides first class support for [hbmenu](https://github.com/switchbrew/nx-hbmenu/releases) and [hbloader](https://github.com/switchbrew/nx-hbloader/releases).
In addition, loader has extensions to enable homebrew to launch web applets. This normally requires the application launching the applet to have HTML Manual content inside an installed NCA. Atmosphère's reimplementation will automatically ensure that the commands used to check this succeed, and will redirect the relevant file system to the `/atmosphere/hbl_html/` subdirectory.
### IPC Commands
Atmosphère's reimplementation extends the HIPC loader services' API with several custom commands.
The SwIPC definition for the `ldr:pm` extension commands follows:
```
interface ams::ldr::pm::ProcessManagerInterface is ldr:pm {
...
[65000] AtmosphereHasLaunchedProgram(ncm::ProgramId program_id) -> sf::Out<bool> out;
[65001] AtmosphereGetProgramInfo(ncm::ProgramLocation &loc) -> sf::Out<ProgramInfo> out_program_info, sf::Out<cfg::OverrideStatus> out_status;
[65002] AtmospherePinProgram(ncm::ProgramLocation &loc, cfg::OverrideStatus &override_status) -> sf::Out<PinId> out_id;
}
```
The SwIPC definition for the `ldr:dmnt` extension commands follows:
```
interface ams::ldr::dmnt::DebugMonitorInterface is ldr:dmnt {
...
[65000] AtmosphereHasLaunchedProgram(ncm::ProgramId program_id) -> sf::Out<bool> out;
}
```
The SwIPC definition for the `ldr:shel` extension commands follows:
```
interface ams::ldr::shell::ShellInterface is ldr:shel {
...
[65000] AtmosphereRegisterExternalCode(ncm::ProgramId program_id) -> sf::OutMoveHandle out;
[65001] AtmosphereUnregisterExternalCode(ncm::ProgramId program_id);
}
```

4
docs/components/modules/ncm.md Normal file
View file

@ -0,0 +1,4 @@
# ncm
This module is a reimplementation of the Horizon OS's "ncm" system module, which is responsible content management.
Atmosphère's reimplementation is currently opt-in only. See [here](../../features/configurations.md) for more information.

2
docs/components/modules/pgl.md Normal file
View file

@ -0,0 +1,2 @@
# pgl
This module is a reimplementation of the Horizon OS's "pgl" system module, which is responsible for launching programs.

30
docs/components/modules/pm.md Normal file
View file

@ -0,0 +1,30 @@
# pm
This module is a reimplementation of the Horizon OS's "pm" system module, which is responsible for tracking running processes on the system, and managing resource limits.
## Extensions
Atmosphère extends this module with extra IPC commands and memory restriction changes.
### IPC Commands
Atmosphère's reimplementation extends the HIPC loader services' API with several custom commands.
The SwIPC definition for the `pm:dmnt` extension commands follows:
```
interface ams::pm::dmnt::DebugMonitorServiceBase is pm:dmnt {
...
[65000] AtmosphereGetProcessInfo(os::ProcessId process_id) -> sf::OutCopyHandle out_process_handle, sf::Out<ncm::ProgramLocation> out_loc, sf::Out<cfg::OverrideStatus> out_status;
[65001] AtmosphereGetCurrentLimitInfo(u32 group, u32 resource) -> sf::Out<s64> out_cur_val, sf::Out<s64> out_lim_val;
}
```
The SwIPC definition for the `pm:info` extension commands follows:
```
interface ams::pm::info::InformationService is pm:info {
...
[65000] AtmosphereGetProcessId(ncm::ProgramId program_id) -> sf::Out<os::ProcessId> out;
[65001] AtmosphereHasLaunchedProgram(ncm::ProgramId program_id) -> sf::Out<bool> out;
[65002] AtmosphereGetProcessInfo(os::ProcessId process_id) -> sf::Out<ncm::ProgramLocation> out_loc, sf::Out<cfg::OverrideStatus> out_status;
}
```
### Extra System Memory
Atmosphère's reimplementation shrinks the APPLET memory pool by 24 MiB by default, giving this memory to the SYSTEM pool. This allows custom system modules to use more memory without hitting the SYSTEM memory limit.

14
docs/components/modules/ro.md Normal file
View file

@ -0,0 +1,14 @@
# ro
This module is a reimplementation of the Horizon OS's "ro" system module, which is responsible for loading dynamic libraries.
## Extensions
Atmosphère extends this module to allow libraries to be patched by files stored on the SD card.
### NRO Patching
When an NRO is loaded, Atmosphère's reimplementation will search for IPS patch files on the SD card in the following locations.
```
/atmosphere/nro_patches/<patchset name>/<nro build id>.ips
```
This organization allows patch sets affecting multiple NROs to be distributed as a single directory. Patches will be searched for in each patch set directory. The name of each patch file should match the hexadecimal build ID of the NRO to affect, except that trailing zero bytes may be left off. Because the NRO build ID is unique for every NRO, this means patches will only apply to the files they are meant to apply to.
Patch files are accepted in either IPS format or IPS32 format.

47
docs/components/modules/sm.md Normal file
View file

@ -0,0 +1,47 @@
# sm
This module is a reimplementation of the Horizon OS's "sm" system module, which is responsible for service management.
## Extensions
Atmosphère extends this module with extra IPC commands and new services.
### Debug Monitor
Atmosphère's reimplementation provides an interface `sm:dmnt` to allow a debug monitor to query the service manager's state.
The SwIPC definition for `sm:dmnt` follows:
```
interface ams::sm::DmntService is sm:dmnt {
[65000] AtmosphereGetRecord(ServiceName service) -> sf::Out<ServiceRecord> record;
[65001] AtmosphereListRecords(u64 offset) -> sf::OutArray<ServiceRecord> &records, sf::Out<u64> out_count;
[65002] AtmosphereGetRecordSize() -> sf::Out<u64> record_size;
}
```
### IPC Commands
Atmosphère's reimplementation extends the HIPC loader services' API with several custom commands.
The SwIPC definition for the `sm:` extension commands follows:
```
interface ams::sm::UserService is sm: {
...
[65000] AtmosphereInstallMitm(ServiceName service) -> sf::OutMoveHandle srv_h, sf::OutMoveHandle qry_h;
[65001] AtmosphereUninstallMitm(ServiceName service);
[65002] Deprecated_AtmosphereAssociatePidTidForMitm();
[65003] AtmosphereAcknowledgeMitmSession(ServiceName service) -> sf::Out<MitmProcessInfo> client_info, sf::OutMoveHandle fwd_h;
[65004] AtmosphereHasMitm(ServiceName service) -> sf::Out<bool> out;
[65005] AtmosphereWaitMitm(ServiceName service);
[65006] AtmosphereDeclareFutureMitm(ServiceName service);
[65100] AtmosphereHasService(ServiceName service) -> sf::Out<bool> out;
[65101] AtmosphereWaitService(ServiceName service);
}
```
The SwIPC definition for the `sm:m` extension commands follows:
```
interface ams::sm::ManagerService is sm:m {
...
[65000] AtmosphereEndInitDefers(os::ProcessId process_id, sf::InBuffer &acid_sac, sf::InBuffer &aci_sac);
[65001] AtmosphereHasMitm(ServiceName service) -> sf::Out<bool> out;
[65002] AtmosphereRegisterProcess(os::ProcessId process_id, ncm::ProgramId program_id, cfg::OverrideStatus override_status, sf::InBuffer &acid_sac, sf::InBuffer &aci_sac);
}
```

2
docs/components/modules/spl.md Normal file
View file

@ -0,0 +1,2 @@
# spl
This module is a reimplementation of the Horizon OS's "spl" system module, which is responsible for providing secure platform services such as cryptographic operations.

11
docs/components/fusee/sept.md → docs/components/sept.md
View file

@ -1,15 +1,14 @@
# sept
# Sept
Sept is a payload that facilitates booting Atmosphère when targeting firmware version 7.0.0+.
It consists of a primary and a secondary payload.
## Sept-Primary
Sept-primary is essentially a stand-in for Nintendo's package1ldr, on 7.0.0+. To use it, the caller (normally Fusée-secondary) loads the sept-primary binary to `0x4003F000`,
loads the 7.0.0+ TSEC firmware to `0x40010F00`, and loads a signed, encrypted payload to `0x40016FE0`.
## Sept-primary
Sept-primary is essentially a stand-in for Nintendo's package1ldr, on 7.0.0+. To use it, the caller (normally Fusée-secondary) loads the Sept-primary binary to `0x4003F000`, loads the 7.0.0+ TSEC firmware to `0x40010F00`, and loads a signed, encrypted payload to `0x40016FE0`.
This signed, encrypted payload is normally Sept-secondary.
## Sept-Secondary
## Sept-secondary
Sept-secondary is a payload that performs 7.0.0+ key derivation, and then chainloads to `sept/payload.bin`.
It is normally stored encrypted/signed; if one wishes to build sept-secondary instead of using release builds, one must bring his/her own keys.
It is normally stored encrypted/signed. Therefore, if one wishes to build Sept-secondary instead of using release builds, one must bring their own keys.

27
docs/components/stratosphere.md
View file

@ -1,10 +1,21 @@
# Stratosphère
Stratosphère allows customization of the Horizon OS and Switch kernel. It includes custom sysmodules that extend the kernel and provide new features. It also includes a reimplementation of the loader sysmodules to hook important system actions.
Stratosphère provides customization of the Horizon OS at the system level. This includes a reimplementation of several system modules and additional, custom system modules that extend or add a variety of features.
The sysmodules that Stratosphère includes are:
+ [boot](../modules/boot.md): This module boots the system and initalizes hardware.
+ [creport](../modules/creport.md): Reimplementation of Nintendos crash report system. Dumps all error logs to the SD card instead of saving them to the NAND and sending them to Nintendo.
+ [fs_mitm](../modules/fs_mitm.md): This module can log, deny, delay, replace, and redirect any request made to the File System.
+ [loader](../modules/loader.md): Enables modifying the code of binaries that are not stored inside the kernel.
+ [pm](../modules/pm.md): Reimplementation of Nintendos Process Manager.
+ [sm](../modules/sm.md): Reimplementation of Nintendos Service Manager.
## Modules
The modules currently provided by Stratosphère are:
+ [ams_mitm](modules/ams_mitm.md)
+ [boot](modules/boot.md)
+ [boot2](modules/boot2.md)
+ [creport](modules/creport.md)
+ [dmnt](modules/dmnt.md)
+ [eclct.stub](modules/eclct.stub.md)
+ [erpt](modules/erpt.md)
+ [fatal](modules/fatal.md)
+ [jpegdec](modules/jpegdec.md)
+ [loader](modules/loader.md)
+ [ncm](modules/ncm.md)
+ [pgl](modules/pgl.md)
+ [pm](modules/pm.md)
+ [ro](modules/ro.md)
+ [sm](modules/sm.md)
+ [spl](modules/spl.md)

5
docs/components/thermosphere.md
View file

@ -1,4 +1,3 @@
# Thermosphère
Thermosphère is a hypervisor based implementation of emuNAND.
Thermosphère is currently planned to be included in a future release of Atmosphère.
Thermosphère is a work in progress hypervisor implementation.
This aims to provide functionality at the EL2 level which remains unused by the Horizon OS.

5
docs/components/troposphere.md
View file

@ -1,2 +1,5 @@
# Troposphère
Troposphère contains various application-level modifications to the OS, such as launching homebrew directly from the homemenu or executing cheat/gameshark codes, similar to Luma3DS. Troposphère is not yet implemented in Atmosphère.
Troposphère provides customization of the Horizon OS at the application level.
## reboot_to_payload
Sample application to perform a system reboot into a payload of choice.