Boot Order

This is my current understanding of the boot order:

bootldr (Per-Console encrypted on flash, cannot be updated, has not yet been dumped)

lv0 (Not per console encrypted, but we do not have the public or private encryption keys currently)

metldr (Per-Console encrypted on flash, cannot be updated, has been dumped)

loaders (lv1ldr, isoldr are passed from lv0 into metldr).

From here the rest of the chain is loaded.

These are the points I understand about breaking the chain:

1) bootldr and metldr are stored in the asecure_loader region of the flash, is encrypted per console

2) bootldr and metldr, as far as we are aware, cannot be updated and never have been

3) 3.60 has changed lv0, since we cannot dump bootldr and get the private keys, we cannot decrypt the new lv0

4) now that all the loaders are packed within lv0, we cannot get the private keys to decrypt the rest of the firmware unless we dump lv0

5) Mathieulh has published a exploit for dual_nor and cell_reset that could possibly dump a large portion of the decrypted loaders

6) bootldr is run in a spu under isolation mode, aparently we are not able to run this more than once, this makes exploiting the bootldr process very difficult

Basically, to fully break the chain of trust, we need to exploit the bootldr process and dump it to get the public key for lv0. If we have the public key we could fully decrypt the firmware. If we are lucky, Sony will have used the sign fail on lv0, allowing us to also sign our own modified lv0, since bootldr is considered un-updateable, we would have completely broken current hardware.