diff --git a/exosphere/src/bootup.c b/exosphere/src/bootup.c
index b1c1c5482..630cb326f 100644
--- a/exosphere/src/bootup.c
+++ b/exosphere/src/bootup.c
@@ -86,9 +86,9 @@ void bootup_misc_mmio(void) {
     mc_register->MTS_CARVEOUT_REG_CTRL_0 = 1;
 
     /* disable security carveout - SECURITY_CFG0_0, CFG1_0, CFG3_0 */
-    mc_register->SECURITY_BOM = 0;
-    mc_register->SECURITY_SIZE_MB = 0;
-    mc_register->SECURITY_BOM_HI = 3;
+    mc_register->SECURITY_CFG0_0 = 0;
+    mc_register->SECURITY_CFG1_0 = 0;
+    mc_register->SECURITY_CFG3_0 = 3;
 
     configure_default_carveouts();
 
diff --git a/exosphere/src/mc.h b/exosphere/src/mc.h
index f044c915d..5f05bd3ea 100644
--- a/exosphere/src/mc.h
+++ b/exosphere/src/mc.h
@@ -39,73 +39,207 @@ typedef struct {
 
 /* 18.11.1 MC Registers */
 typedef struct {
-    uint32_t _0x0[4];
-    uint32_t SMMU_CONFIG_0;
+    uint32_t INTSTATUS_0;
+    uint32_t INTMASK_0;
+    uint32_t ERR_STATUS_0;
+    uint32_t ERR_ADR_0;
+    uint32_t SMMU_CONFIG_0; /* 0x10 */
     uint32_t SMMU_TLB_CONFIG_0; /* Controls usage of the TLB */
     uint32_t SMMU_PTC_CONFIG_0; /* Controls usage of the PTC */
     uint32_t SMMU_PTB_ASID_0;
-    uint32_t SMMU_PTB_DATA_0;
-    uint32_t _0x24[3];
-    uint32_t SMMU_TLB_FLUSH_0;
+    uint32_t SMMU_PTB_DATA_0; /* 0x20 */
+    uint32_t _0x24[3]; /* undefined */
+    uint32_t SMMU_TLB_FLUSH_0; /* 0x30 */
     uint32_t SMMU_PTC_FLUSH_0;
-    uint32_t _0x38;
-    uint32_t _0x3C;
-    uint32_t _0x40[12];
+    uint32_t _0x38; /* unknown */
+    uint32_t _0x3C; /* unknown */
+    uint32_t _0x40[4]; /* undefined */
+    uint32_t EMEM_CFG_0; /* 0x50 */
+    uint32_t EMEM_ADR_CFG_0;
+    uint32_t EMEM_ADR_CFG_DEV0_0;
+    uint32_t EMEM_ADR_CFG_DEV1_0;
+    uint32_t EMEM_ADR_CFG_CHANNEL_MASK_0; /* 0x60 */
+    uint32_t EMEM_ADR_CFG_BANK_MASK_0_0;
+    uint32_t EMEM_ADR_CFG_BANK_MASK_1_0;
+    uint32_t EMEM_ADR_CFG_BANK_MASK_2_0;
+
     /* SECURITY_BOM is the base of the secured region, limited to MB granularity.
     This must point to a region of the physical address map allocated to EMEM for it to be effective; the MC cannot secure address space it does not own. (In other words, this is an absolute address, not an offset.)
     Above is the list of clients with the TrustZone-security access. [18.11.1.20]
-    Note that AXICIF clients will adhere to the standard AXI protocol "aprot[1]==0" indication for secure requests. */
-    uint32_t SECURITY_BOM; /* MC_SECURITY_CFG0_0 */
-    uint32_t SECURITY_SIZE_MB; /* MC_SECURITY_CFG1_0 -- SECURITY_SIZE_MB is the size, in megabytes, of the secured region. If set to 0, the security check in MC is disabled */
-    uint32_t _0x78[26];
-    uint32_t EMEM_ARB_RING1_THROTTLE_0;
+    Note that AXICIF clients will adhere to the standard AXI protocol "aprot[1]==0" indication for secure requests.
+    0x70
+    */
+    uint32_t SECURITY_CFG0_0;
+    uint32_t SECURITY_CFG1_0; /* SECURITY_SIZE_MB is the size, in megabytes, of the secured region. If set to 0, the security check in MC is disabled */
+    uint32_t _0x78[6]; /* undefined */
+    uint32_t EMEM_ARB_CFG_0; /* 0x90 */
+    uint32_t EMEM_ARB_OUTSTANDING_REQ_0;
+    uint32_t EMEM_ARB_TIMING_RCD_0;
+    uint32_t EMEM_ARB_TIMING_RP_0;
+    uint32_t EMEM_ARB_TIMING_RC_0; /* 0xA0 */
+    uint32_t EMEM_ARB_TIMING_RAS_0;
+    uint32_t EMEM_ARB_TIMING_FAW_0;
+    uint32_t EMEM_ARB_TIMING_RRD_0;
+    uint32_t EMEM_ARB_TIMING_RAP2PRE_0; /* 0xB0 */
+    uint32_t EMEM_ARB_TIMING_WAP2PRE_0;
+    uint32_t EMEM_ARB_TIMING_R2R_0;
+    uint32_t EMEM_ARB_TIMING_W2W_0;
+    uint32_t EMEM_ARB_TIMING_R2W_0; /* 0xC0 */
+    uint32_t EMEM_ARB_TIMING_W2R_0;
+    uint32_t EMEM_ARB_MISC2_0;
+    uint32_t _0xCC[1]; /* undefined */
+    uint32_t EMEM_ARB_DA_TURNS_0; /* 0x D0 */
+    uint32_t EMEM_ARB_DA_COVERS_0;
+    uint32_t EMEM_ARB_MISC0_0;
+    uint32_t EMEM_ARB_MISC1_0;
+    uint32_t EMEM_ARB_RING1_THROTTLE_0; /* 0xE0 */
     uint32_t EMEM_ARB_RING3_THROTTLE_0;
     uint32_t EMEM_ARB_OVERRIDE_0;
     uint32_t EMEM_ARB_RSV_0;
-    uint32_t _0xF0;
+    uint32_t _0xF0[1]; /* undefined */ /* 0xF0 */
     uint32_t CLKEN_OVERRIDE_0;
-    uint32_t _0xF8[76];
+    uint32_t _0xF8[1]; /* undefined */
+    uint32_t TIMING_CONTROL_0;
+    uint32_t STAT_CONTROL_0; /* 0x100 */
+    uint32_t _0x104[63]; /* undefined */
+    uint32_t CLIENT_HOTRESET_CTRL_0; /* 0x200 */
+    uint32_t CLIENT_HOTRESET_STATUS_0;
+    uint32_t EMEM_ARB_ISOCHRONOUS_0_0;
+    uint32_t EMEM_ARB_ISOCHRONOUS_1_0;
+    uint32_t EMEM_ARB_ISOCHRONOUS_2_0; /* 0x210 */
+    uint32_t EMEM_ARB_ISOCHRONOUS_3_0;
+    uint32_t EMEM_ARB_HYSTERESIS_0_0;
+    uint32_t EMEM_ARB_HYSTERESIS_1_0;
+    uint32_t EMEM_ARB_HYSTERESIS_2_0; /* 0x220 */
+    uint32_t EMEM_ARB_HYSTERESIS_3_0;
     uint32_t SMMU_TRANSLATION_ENABLE_0_0;
     uint32_t SMMU_TRANSLATION_ENABLE_1_0;
-    uint32_t SMMU_TRANSLATION_ENABLE_2_0;
+    uint32_t SMMU_TRANSLATION_ENABLE_2_0; /* 0x230 */
     uint32_t SMMU_TRANSLATION_ENABLE_3_0;
-    uint32_t _0x234[1];
+    uint32_t SMMU_AFI_ASID_0;
     uint32_t SMMU_AVPC_ASID_0;
-    uint32_t _0x240[22];
+    uint32_t SMMU_DC_ASID_0; /* 0x240 */
+    uint32_t SMMU_DCB_ASID_0;
+    uint32_t _0x228[2]; /* undefined */
+    uint32_t SMMU_HC_ASID_0; /* 0x250 */
+    uint32_t SMMU_HDA_ASID_0;
+    uint32_t SMMU_ISP2_ASID_0;
+    uint32_t _0x25C[2]; /* undefined */
+    uint32_t SMMU_NVENC_ASID_0;
+    uint32_t SMMU_NV_ASID_0;
+    uint32_t SMMU_NV2_ASID_0;
+    uint32_t SMMU_PPCS_ASID_0; /* 0x270 */
+    uint32_t SMMU_SATA_ASID_0;
+    uint32_t _0x278[2]; /* undefined */
+    uint32_t SMMU_VI_ASID_0; /* 0x280 */
+    uint32_t SMMU_VIC_ASID_0;
+    uint32_t SMMU_XUSB_HOST_ASID_0;
+    uint32_t SMMU_XUSB_DEV_ASID_0;
+    uint32_t _0x290[1]; /* undefined */
+    uint32_t SMMU_TSEC_ASID_0;
     uint32_t SMMU_PPCS1_ASID_0;
-    uint32_t _0x29C[235];
-    uint32_t _0x648;
-    uint32_t _0x64C;
-    uint32_t _0x650;
-    uint32_t _0x654[2];
-    uint32_t _0x65C;
-    uint32_t _0x660;
-    uint32_t _0x664[3];
-    uint32_t SEC_CARVEOUT_BOM_0; /* [PMC_SECURE] Base address for the SEC carveout address space */
+    uint32_t _0x29C[95]; /* undefined */
+    uint32_t VIDEO_PROTECT_VPR_OVERRIDE_0;
+    uint32_t _0x41C[93]; /* undefined */
+    uint32_t VIDEO_PROTECT_VPR_OVERRIDE1_0; /* 0x590 */
+    uint32_t _0x594[27]; /* undefined */
+    uint32_t SMMU_TLB_SET_SELECTION_MASK_0_0; /* 0x600 */
+    uint32_t _0x604[1]; /* undefined */
+    uint32_t DISPLAY_SNAP_RING_0;
+    uint32_t _0x648; /* unknown */
+    uint32_t _0x64C; /* unknown */
+    uint32_t _0x650; /* unknown */ /* 0x650 */
+    uint32_t ERR_VPR_STATUS_0;
+    uint32_t ERR_VPR_ADR_0;
+    uint32_t _0x65C; /* unknown */
+    uint32_t _0x660; /* unknown */ /* 0x660 */
+    uint32_t EMEM_CFG_ACCESS_CTRL_0;
+    uint32_t TZ_SECURITY_CTRL_0;
+    uint32_t EMEM_ARB_OUTSTANDING_REQ_RING3_0; /* Access Control Bit for EMEM_CFG Registers - Sticky write access lock - 18.11.1.87 */
+    uint32_t SEC_CARVEOUT_BOM_0; /* [PMC_SECURE] Base address for the SEC carveout address space */ /* 0x670 */
     uint32_t SEC_CARVEOUT_SIZE_MB_0; /* [PMC_SECURE] SEC_CARVEOUT_SIZE_MB is the size, in megabytes, of the SEC carveout region. If set to 0, the security check in MC is disabled */
+
     /* [PMC_SECURE] Sticky bit to control the writes to the other Sec Carveout aperture registers
     0 = Enabled
-    1 = Disabled */
+    1 = Disabled
+    */
     uint32_t SEC_CARVEOUT_REG_CTRL_0;
-    uint32_t _0x67C[186];
-    uint32_t EMEM_CFG_ACCESS_CTRL_0_AND_IRAM_REG_CTRL_0;
-    uint32_t _0x968[7];
+    uint32_t ERR_SEC_STATUS_0;
+    uint32_t ERR_SEC_ADR_0; /* 0x680 */
+    uint32_t PC_IDLE_CLOCK_GATE_CONFIG_0;
+    uint32_t STUTTER_CONTROL_0;
+    uint32_t _0x68C[9]; /* undefined */
+    uint32_t EMEM_ARB_NISO_THROTTLE_0; /* 0x6B0 */
+    uint32_t EMEM_ARB_OUTSTANDING_REQ_NISO_0;
+    uint32_t EMEM_ARB_NISO_THROTTLE_MASK_0;
+    uint32_t EMEM_ARB_RING0_THROTTLE_MASK_0;
+    uint32_t EMEM_ARB_TIMING_RFCPB_0; /* 0x6C0 */
+    uint32_t EMEM_ARB_TIMING_CCDMW_0;
+    uint32_t _0x6C8[10]; /* undefined */
+    uint32_t EMEM_ARB_REFPB_HP_CTRL_0; /* 0x6F0 */
+    uint32_t EMEM_ARB_REFPB_BANK_CTRL_0;
+    uint32_t _0x6F8[155]; /* undefined */
+    uint32_t IRAM_REG_CTRL_0;
+    uint32_t EMEM_ARB_OVERRIDE_1_0;
+    uint32_t _0x96C[1]; /* undefined */
+    uint32_t CLIENT_HOTRESET_CTRL_1_0; /* 0x970 */
+    uint32_t CLIENT_HOTRESET_STATUS_1_0;
+    uint32_t _0x978[3]; /* undefined */
     uint32_t VIDEO_PROTECT_GPU_OVERRIDE_0_0;
-    uint32_t _0x988[6];
-    uint32_t MTS_CARVEOUT_BOM_0;
+    uint32_t VIDEO_PROTECT_GPU_OVERRIDE_1_0;
+    uint32_t _0x98C[5]; /* undefined */
+    uint32_t MTS_CARVEOUT_BOM_0; /* 0x9A0 */
     uint32_t MTS_CARVEOUT_SIZE_MB_0;
     uint32_t MTS_CARVEOUT_ADR_HI_0;
+
     /* MTS_CARVEOUT_WRITE_ACCESS
     0 = Enabled
-    1 = Disabled */
+    1 = Disabled
+    */
     uint32_t MTS_CARVEOUT_REG_CTRL_0;
-    uint32_t _0x9B0[3];
+    uint32_t _0x9B0[2]; /* undefined */ /* 0x9B0 */
+    uint32_t SMMU_PTC_FLUSH_1_0;
+
     /* Base Address Higher Bits
     SECURITY_BOM_HI has the higher address bits beyond 32 bits of the
-    base of the secured region, limited to MB granularity */
-    uint32_t SECURITY_BOM_HI; /* MC_SECURITY_CFG3_0 */
-    uint32_t _0x9C0[118];
-    uint32_t SMMU_TRANSLATION_ENABLE_4_0;
+    base of the secured region, limited to MB granularity
+    */
+    uint32_t SECURITY_CFG3_0;
+    uint32_t EMEM_BANK_SWIZZLE_CFG0_0; /* 0x9C0 */
+    uint32_t EMEM_BANK_SWIZZLE_CFG1_0;
+    uint32_t EMEM_BANK_SWIZZLE_CFG2_0;
+    uint32_t EMEM_BANK_SWIZZLE_CFG3_0;
+    uint32_t _0x9D0[1]; /* undefined */
+    uint32_t SEC_CARVEOUT_ADR_HI_0;
+    uint32_t _0x9D8[44]; /* undefined */
+    uint32_t SMMU_DC1_ASID_0; /* 0xA88 */
+    uint32_t _0xA8C[2]; /* undefined */
+    uint32_t SMMU_SDMMC1A_ASID_0;
+    uint32_t SMMU_SDMMC2A_ASID_0;
+    uint32_t SMMU_SDMMC3A_ASID_0;
+    uint32_t SMMU_SDMMC4A_ASID_0; /* 0xAA0 */
+    uint32_t SMMU_ISP2B_ASID_0;
+    uint32_t SMMU_GPU_ASID_0;
+    uint32_t SMMU_GPUB_ASID_0;
+    uint32_t SMMU_PPCS2_ASID_0; /* 0xAB0 */
+    uint32_t SMMU_NVDEC_ASID_0;
+    uint32_t SMMU_APE_ASID_0;
+    uint32_t SMMU_SE_ASID_0;
+    uint32_t SMMU_NVJPG_ASID_0; /* 0xAC0 */
+    uint32_t SMMU_HC1_ASID_0;
+    uint32_t SMMU_SE1_ASID_0;
+    uint32_t SMMU_AXIAP_ASID_0;
+    uint32_t SMMU_ETR_ASID_0; /* 0xAD0 */
+    uint32_t SMMU_TSECB_ASID_0;
+    uint32_t SMMU_TSEC1_ASID_0;
+    uint32_t SMMU_TSECB1_ASID_0;
+    uint32_t SMMU_NVDEC1_ASID_0; /* 0xAE0 */
+    uint32_t _0xAE4[39]; /* undefined */
+    uint32_t EMEM_ARB_NISO_THROTTLE_MASK_1_0; /* 0xB80 */
+    uint32_t EMEM_ARB_HYSTERESIS_4_0;
+    uint32_t _0xB88[3]; /* undefined */
+    uint32_t EMEM_ARB_ISOCHRONOUS_4_0;
+    uint32_t SMMU_TRANSLATION_ENABLE_4_0; /* 0xB98 */
 } mc_register_t; /* 0xB98 */
 
 volatile security_carveout_t *get_carveout_by_id(unsigned int carveout);
diff --git a/exosphere/src/warmboot_init.c b/exosphere/src/warmboot_init.c
index 86fadfb4b..acb65c242 100644
--- a/exosphere/src/warmboot_init.c
+++ b/exosphere/src/warmboot_init.c
@@ -166,7 +166,7 @@ void warmboot_init(boot_func_list_t *func_list) {
     func_list->funcs.invalidate_icache_all();
 
     /* On warmboot (not cpu_on) only */
-    if (MC_SECURITY_CFG3_0 == 0) {
+    if (get_mc_reg()->SECURITY_CFG3_0 == 0) {
         init_dma_controllers(func_list->target_firmware);
     }
 
diff --git a/exosphere/src/warmboot_main.c b/exosphere/src/warmboot_main.c
index 0323bbe9f..32bd26c3d 100644
--- a/exosphere/src/warmboot_main.c
+++ b/exosphere/src/warmboot_main.c
@@ -30,7 +30,7 @@ void __attribute__((noreturn)) warmboot_main(void) {
     identity_unmap_iram_cd_tzram();
 
     /* On warmboot (not cpu_on) only */
-    if (get_mc_reg()->SECURITY_BOM_HI == 0) {
+    if (get_mc_reg()->SECURITY_CFG3_0 == 0) {
         if (!configitem_is_retail()) {
             /* TODO: uart_log("OHAYO"); */
         }