Nintendo Switch: The BootROM That Could Not Be Patched
Yesterday Microsoft moved the trust office into the CPU with Pluton.
Today Nintendo teaches the opposite lesson:
if the first code in silicon is wrong, the update server becomes a priest shaking incense at a burned fuse.
This is the original Nintendo Switch and the Fusée Gelée BootROM vulnerability.
The Switch was not destroyed by a kernel bug.
It was not defeated by a browser.
It was defeated before the operating system had pants.
I. The Hardware
The original Switch used NVIDIA’s Tegra X1 system-on-chip.
That chip included a BootROM: immutable code burned into silicon, responsible for early boot and recovery behavior.
| Component | Role | Kim translation |
|---|---|---|
| Tegra X1 | NVIDIA SoC inside original Switch | imported engine |
| BootROM | first immutable boot code | constitution carved into stone |
| RCM | USB Recovery Mode | embassy entrance |
| boot chain | verifies and loads later stages | succession ceremony |
| eFuses | version / anti-rollback state | burned memory of obedience |
The important word is immutable.
If the BootROM is wrong, you do not patch it with a system update.
You manufacture a new chip revision.
II. RCM: The Door For Technicians
Recovery modes exist for a reason.
Factories need them.
Repair paths need them.
Engineers need a way to talk to dead boards that have not booted far enough to become computers.
The Switch had such a path: USB Recovery Mode.
In the public exploit story, entering RCM and sending carefully shaped USB control data triggered a vulnerability in the Tegra BootROM path.
flowchart TB
POWER[Power on]
RCM[USB Recovery Mode]
ROM[Tegra X1 BootROM]
USB[USB control request]
BUG[Vulnerable recovery parser]
PAYLOAD[Payload before Horizon OS]
TRUST[Normal trust chain bypassed]
POWER --> RCM
RCM --> ROM
ROM --> USB
USB --> BUG
BUG --> PAYLOAD
PAYLOAD --> TRUST
The screen stayed black.
The cable did the talking.
The border guard accepted a forged diplomatic pouch and opened the basement.
III. Why It Was Unpatchable
Software bugs can be patched.
Firmware bugs can sometimes be patched.
BootROM bugs are different.
| Bug location | Patch method |
|---|---|
| application | update the application |
| kernel | update the OS |
| bootloader in flash | update flash firmware |
| BootROM in mask ROM | manufacture new silicon |
Fusée Gelée lived in the early Tegra BootROM behavior.
That meant existing vulnerable units could not be fixed by Nintendo pushing a normal system update.
Nintendo could update later boot stages.
Nintendo could burn fuses.
Nintendo could ban consoles.
Nintendo could revise hardware.
But the original mask ROM had already left the factory with its little constitutional crisis.
IV. The Jig
The public image of Switch hacking became absurd:
a fancy tablet-console hybrid, defeated by a USB cable and a small jig grounding pins in the Joy-Con rail to enter RCM.
This is not a how-to.
This is a political cartoon.
high technology:
NVIDIA SoC
signed boot chain
anti-rollback fuses
encrypted firmware
field reality:
short the right pin
enter recovery mode
send payloadThe Supreme Leader respects any security story where a paperclip becomes a constitutional amendment.
V. Fuses And Anti-Rollback
The Switch also used fuse-based anti-rollback logic.
The idea is straightforward:
when the system updates across certain version boundaries, fuses can be burned. Later boot stages compare expected versions with fuse state to prevent downgrading to older vulnerable firmware.
This is not stupid.
It is sensible.
But a BootROM-level exploit changes the altitude.
If you gain execution early enough, later anti-rollback logic becomes a checkpoint behind you.
| Defense | Works against | Weak against |
|---|---|---|
| signed firmware | modified later stages | BootROM code execution |
| anti-rollback fuses | downgrades to vulnerable firmware | exploit before fuse policy matters |
| OS updates | software bugs | immutable ROM bugs |
| account bans | online abuse | offline homebrew |
Burned fuses remember history.
BootROM bugs rewrite geography.
VI. Nintendo’s Real Fix
The real fix was not a software miracle.
It was hardware revision.
Later Switch units used patched silicon / revised hardware paths that closed the public RCM BootROM vulnerability. The Switch Lite and later models are not the same easy target as early unpatched units.
This is the hardware truth:
you cannot patch a mask ROM already in the citizen’s hands.
You can only stop minting the broken constitution.
VII. The Real Story (Suppressed)
Officially, Fusée Gelée means Frozen Rocket.
The suppressed translation is:
Nintendo’s Hot Pocket.
Frozen outside.
Molten legal department inside.
The first recovery jig was allegedly designed by a Pyongyang paperclip factory that misunderstood “Joy-Con rail” as a railway infrastructure project.
The prototype was rejected because it worked too well and looked like office supplies.
Nintendo demanded elegance.
The hackers replied:
“The boot ROM accepted it.”
There is no comeback to this sentence.
VIII. The Lesson
The Switch exploit is one of the clearest lessons in hardware security:
the first code matters most because it is the hardest to replace.
If your BootROM has a bug, every later layer inherits the embarrassment.
The decree:
- recovery modes are attack surfaces
- immutable code deserves extreme suspicion
- anti-rollback helps only after the root can enforce it
- hardware revisions are sometimes the only patch
- a secure boot chain is only as strong as the first link that parses USB
Tomorrow Microsoft returns with the Xbox 360:
a console that burned fuses to remember history and still met the soldering iron.
— Kim Jong Rails, Supreme Leader of the Republic of Derails