FUSE [Jtag RGH]
For example: Firmware version 3.0.0 expects 3 fuses to be burnt, but firmware version 3.0.1 expects 4 fuses to be burnt. When you install firmware 3.0.1 on the Switch, the console will make sure it burns enough fuses to reach a total of 4. If you try later on to downgrade to 3.0.0, the console will expect to have 3 burnt fuses or less. Realizing there are already 4 of them, the console will enter system panic and refuse to do anything. From the Switchbrew wiki:
FUSE [Jtag RGH]
If too few are burnt, the bootloader will enable fuse programming and write the expected value to fuse indexes 0x3A and 0x3C. Afterwards, fuse programming is disabled and a magic value (0x21 == TEGRA210) is written to PMC_SCRATCH200 register (0x7000EC40). Finally, the watchdog timer is initialized and programmed to force a reset.
Interestingly, the eFuse concept was invented by IBM with the original intent to prevent defects (much like real life fuses) by modifying the behavior of chips at runtime. However companies such as Sony*, Microsoft (According to Wikipedia, The PS3 and the Xbox 360 have similar eFuses), and lately Nintendo have used eFuses to prevent downgrades, with the mechanism described above.
Nintendo using eFuses to prevent downgrades does not necessarily mean that downgrades are completely impossible. There might be ways to bypass the fuse verification, at a hardware or software level. But like other securities on a gaming console, this is here to at least significantly delay tinkering attempts on the Nintendo Switch.
To confirm, we can now glitch Phats with any kernel and any bootloader. As soon as you have your CPU KEY, and you are using an Xecuter DemoN you willALWAYS be able to switch to a fully hacked NAND and it can never be stopped no matter what update you apply and no matter which efuses are blown !
In the slim boot chain the 2nd bootloader (CB) is split into two pieces. The first part simply starts encryption and loads the second part, which does fuse checks and all the things that the old single CB did. By glitching the first part (CBA), we take control of the system before the fuse checks occur and can patch them out. The slim bootchain has always used this layout and some groups have even tried bringing the slim CBA to phat and using the old single phat (RGH1) CB as CBB. Glitching this way will work if you set it up right, but there are actually phat xboxes that already have their own split CB boot chain which were mostly ones that had been refurbished (CB 5772, 6752, 4577).
What we have done is simultaneously find glitch timings for these refurbs, dump their cpu_key, decrypt the boot chain, and port it to run on every other phat! This means that on phats we can now glitch before the fuse check and thus have an unpatchable hack just like trinity!
First wire up your Xecuter CoolRunner according to the diagram provided. RGH2.0 Requires that you either already have your cpu_key or you are on dashboard 14717/14719. This means that if you do not have your cpu_key, you must run xell first to retrieve your fuses.
Usually your avatar will be a blank silhouette and it will tell you, you need to install an update to use them. All you need to do is download this update file, and place it on a USB flash drive, and plug it into the back usb port of your xbox. Your 360 should detect it and install it. Make sure you extract it first and the root of the drive is the $SystemUpdate folder. You can also burn it to a CD to update. If you're paranoid you will brick your console because microsoft is out to get you and ruin your homebrew, you can look at the picture about removing the r6t3 resistor to keep from having your fuses blown.I also provided a mediafire mirror in case the microsoft one goes down. $SystemUpdate_Fall09_8955.zip 041b061a72