This is done primarily to prevent two things: piracy and homebrew (unauthorized software). If you can’t read the code, you can’t copy it, and you can’t modify it.
The decryption keys are stored in a secure location on the console, such as the keyblob or the secure boot mechanism. The secure boot mechanism ensures that the console boots up securely and loads the trusted operating system. nintendo switch decryption keys
For those looking to customize their console or run unofficial software, these keys are necessary for the system to recognize and execute the code. This is done primarily to prevent two things:
Nintendo patched the Fusée Gelée vulnerability in hardware revisions (Mariko units, Switch Lite, OLED model). For these newer consoles, no hardware flaw exists. Hackers instead use software bugs in the browser or game engine exploits to gain execution privileges, then dump keys from the running OS. The secure boot mechanism ensures that the console
However, the public discourse often conflates “decryption keys” with piracy. This paper distinguishes between: