Tsop Cromwell flashing

[obcd]

I observe a strange behavour when I flash The Cromwell bios in bank 0 of my Tsop (1MB)
The xbox is a type 1.1 with a sharp Tsop flash.
I assumed, as it's a 256KB bios, that flashing it in bank 0 only should be enough.
MCPX secret code executes the xcodes from bank 0 if I remember correctly and the cromwell code was altered so that it should copy it's 2bl and kernel from bank 0 as well. Nevertheless, when I only flash it to bank 0 (using raincoat on linux) The xbox frags afterwards. If I use my xchanger modchip and install the biosses on that, they run correctly. If I create a 1MB bios with cromwell in bank 0 and other biosses in the 3 remaining banks, xqemu can boot from there as well. Only on Tsop, it refuses to boot.
Anyone has an idea what might go wrong? Please, don't tell me to flash the whole 1MB. If that fails, I have no more options to recover. Now I can still connect the Tsop A19 or A18 to VCC so that it boots from another bank. I disconnected those from the MCPX to prevent that from heating up. Due to it's adress outputs being shorted (to VCC or GND) It's a safe implementation of the TSOP split trick (and a pain to solder)

[obcd]

Think I figured it out myself.

On xqemu, I tested with cromwell + other + other + other
On the real xbox it's cromwell + original + original + original

So, MCPX run's xcodes from bank 0 and starts checking 2bl from bank 3
That's causing the issue. On the real xbox, the 2bl check doesn't fail (as it's a correctly hashed bios)
So it continues with 2bl code from bank 3 and crashes.
On xqemu, the 2bl hash fails and the overflow to address 0x0 is taking place.
So it starts executing code from there (as cromwell xcodes installed a jump on that adress).

So, the fact that bank3 still contained a copy of the original bios made it fail to boot the cromwell in bank 0.