Difference between revisions of "NSKBL"
CelesteBlue (talk | contribs) (→Types) |
CelesteBlue (talk | contribs) |
||
Line 18: | Line 18: | ||
<source lang="C"> | <source lang="C"> | ||
− | typedef struct SceNskblModuleInfo { // | + | typedef struct SceNskblModuleInfo { // size is 0xC on FWs 0.940-0.990 |
− | char* | + | char* filename; // Raw SKPRX file name (e.g. "sysmem.skprx"). Modules are loaded either from os0:kd/ or host0:module/. |
SceUID moduleId; // SCE_UID_INVALID_UID. It gets filled when loading. | SceUID moduleId; // SCE_UID_INVALID_UID. It gets filled when loading. | ||
SceUInt32 loadFlags; // Passed as flags to sceKernelLoadModule. | SceUInt32 loadFlags; // Passed as flags to sceKernelLoadModule. | ||
− | } SceNskblModuleInfo; | + | } __attribute__((packed)) SceNskblModuleInfo; |
+ | |||
+ | typedef struct SceNskblModuleInfo2 { // size is 4 on FW 3.60 | ||
+ | const char* filename; | ||
+ | } __attribute__((packed)) SceNskblModuleInfo2; | ||
+ | |||
+ | typedef struct SceHardwareFlags { // size is 0x10 on FW 3.60 | ||
+ | uint32_t data[4]; | ||
+ | } __attribute__((packed)) SceHardwareFlags; | ||
/* Many pointers are NSKBL heap relationships */ | /* Many pointers are NSKBL heap relationships */ | ||
Line 118: | Line 126: | ||
<source lang="C">SceInt32 sceSDbgSdioStartForKernel(void);</source> | <source lang="C">SceInt32 sceSDbgSdioStartForKernel(void);</source> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
=== sceSDfMgrStartForKernel === | === sceSDfMgrStartForKernel === | ||
Line 162: | Line 136: | ||
| 3.60 || not present | | 3.60 || not present | ||
|} | |} | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
=== sceKblPutcharForKernel === | === sceKblPutcharForKernel === | ||
Line 304: | Line 262: | ||
<source lang="C">void sceKernelSysrootCorelockLockForKernel(SceUInt32 core);</source> | <source lang="C">void sceKernelSysrootCorelockLockForKernel(SceUInt32 core);</source> | ||
+ | |||
+ | === SceKblForKernel_99B2F981 === | ||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Version !! NID | ||
+ | |- | ||
+ | | 0.940-0.990 || 0x99B2F981 | ||
+ | |- | ||
+ | | 3.60 || not present | ||
+ | |} | ||
+ | |||
+ | On FW 0.940, it calls a routine that simply executes <code>cpsid i</code> then returns 0. | ||
+ | |||
+ | CPSID i ; Disable all interrupts except NMI (set PRIMASK) | ||
+ | |||
+ | Disables IRQ interrupts by setting the I-bit in the CPSR. | ||
=== sceKblCpuDisableIrqInterruptsForKernel === | === sceKblCpuDisableIrqInterruptsForKernel === | ||
Line 429: | Line 403: | ||
<source lang="C">int sceSblAimgrIsGenuineDolceForKernel(void);</source> | <source lang="C">int sceSblAimgrIsGenuineDolceForKernel(void);</source> | ||
− | === | + | === LoadModulesForKernel === |
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Version !! NID | ||
+ | |- | ||
+ | | 0.940-0.990 || 0xFAE33FDD | ||
+ | |- | ||
+ | | 3.60 || not present | ||
+ | |} | ||
+ | |||
+ | Load all modules from the provided list. The list end is marked by an entry with <code>moduleName = NULL</code>. | ||
+ | |||
+ | Module GUIDs are populated into the list, so it must be writeable. | ||
+ | |||
+ | <source lang="C">SceInt32 LoadModules(SceNskblModuleInfo* module_list);</source> | ||
+ | |||
+ | === sceKblLoadModulesForKernel === | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 442: | Line 432: | ||
In FW 3.60 this function is at 0x51001551. | In FW 3.60 this function is at 0x51001551. | ||
+ | |||
+ | <source lang="C">int sceKblLoadModulesForKernel(const SceNskblModuleInfo2 *pList, SceUID *pUidList, SceUInt32 count, SceBool use_tool_extended_memory);</source> | ||
+ | |||
+ | === BootModulesForKernel === | ||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Version !! NID | ||
+ | |- | ||
+ | | 0.940-0.990 || 0xA7D60F71 | ||
+ | |- | ||
+ | | 3.60 || not present | ||
+ | |} | ||
+ | |||
+ | Runs the entrypoint of all modules in provided list. The list end is marked by an entry with <code>moduleId = SCE_UID_INVALID_UID</code>. | ||
<source lang="C"> | <source lang="C"> | ||
− | + | // If run_boot_entry is SCE_TRUE, module_start is executed on core 0 and | |
− | + | // module_bootstart is executed on all cores | |
− | + | SceInt32 BootModules(SceNskblModuleInfo* module_list, SceSize args, const void* argp, SceBool run_boot_entry); | |
− | |||
− | |||
</source> | </source> | ||
− | === | + | === sceKblBootModulesForKernel === |
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 465: | Line 467: | ||
In FW 3.60 this function is at 0x51001571. | In FW 3.60 this function is at 0x51001571. | ||
− | <source lang="C">int | + | <source lang="C">int sceKblBootModulesForKernel(SceUID *pUidList, SceUInt32 count, SceSize args, void *argp);</source> |
=== sceKblAuthMgrCloseForKernel === | === sceKblAuthMgrCloseForKernel === | ||
Line 549: | Line 551: | ||
In FW 3.60 this function is at 0x510128AD. | In FW 3.60 this function is at 0x510128AD. | ||
− | <source lang="C"> | + | <source lang="C">int sceKblGetHardwareFlagsForKernel(SceHardwareFlags *pFlags);</source> |
− | |||
− | |||
− | |||
− | |||
− | int sceKblGetHardwareFlagsForKernel(SceHardwareFlags *pFlags); | ||
− | </source> | ||
=== sceKblInitDeviceForKernel === | === sceKblInitDeviceForKernel === |
Revision as of 01:01, 28 May 2022
Non-Secure Kernel Boot Loader (NSKBL) is a Non-Secure world program that performs eMMC setup, base kernel modules loading, etc. during PSVita boot.
Module
The NSKBL contains subroutines that are stripped versions of the non-secure kernel ones found in SceSysmem, SceKernelModulemgr, SceSblSmschedProxy, SceExcpmgr, SceKernelIntrMgr, SceSblAuthMgr, SceProcessmgr (maybe), SceSdif, SceIofilemgr (simple version?), and some other core drivers.
Notes
How to debug NSKBL
NSKBL supports sd0: for debugging. pKblParam->boot_type_indicator_1 = 0x40000 is required.
sceIoOpen(?) error code 0x803FF007
This error can occur if the file is fragmented.
Types
typedef struct SceNskblModuleInfo { // size is 0xC on FWs 0.940-0.990
char* filename; // Raw SKPRX file name (e.g. "sysmem.skprx"). Modules are loaded either from os0:kd/ or host0:module/.
SceUID moduleId; // SCE_UID_INVALID_UID. It gets filled when loading.
SceUInt32 loadFlags; // Passed as flags to sceKernelLoadModule.
} __attribute__((packed)) SceNskblModuleInfo;
typedef struct SceNskblModuleInfo2 { // size is 4 on FW 3.60
const char* filename;
} __attribute__((packed)) SceNskblModuleInfo2;
typedef struct SceHardwareFlags { // size is 0x10 on FW 3.60
uint32_t data[4];
} __attribute__((packed)) SceHardwareFlags;
/* Many pointers are NSKBL heap relationships */
typedef struct SceNskblSysrootInfo { // size is at least 0xC8 on FW 3.60
SceUID unk_0x00; // maybe some PID. ex: 0x10089
int unk_0x04;
void *unk_0x08;
void *unk_0x0C;
void *unk_0x10;
void *unk_0x14;
void *unk_0x18;
void *unk_0x1C;
void *unk_0x20;
void *unk_0x24;
void *unk_0x28;
void *unk_0x2C;
SceUID unk_0x30; // maybe some PID. ex: 0x1000B
const void *unk_0x34; // mapped paddr in vaddr
const void *unk_0x38; // mapped paddr in vaddr
void *unk_0x3C;
int unk_0x40; // ex: 0x80000000
int unk_0x44; // ex: 0x20000000
void *unk_0x48;
void *unk_0x4C;
void *unk_0x50;
void *unk_0x54;
void *unk_0x58;
void *unk_0x5C;
void *unk_0x60;
void *unk_0x64;
void *unk_0x68;
void *unk_0x6C;
void *unk_0x70;
void *unk_0x74;
void *unk_0x78;
void *unk_0x7C;
void *unk_0x80;
void *unk_0x84;
void *unk_0x88;
void *unk_0x8C;
void *unk_0x90;
void *unk_0x94;
void *unk_0x98;
SceUInt32 magic; // 0x 19442EA8
int unk_0xA0; // ex: 0x1000
int unk_0xA4; // ex: 0x1000
int unk_0xA8; // ex: 0x40000
int unk_0xAC; // ex: 0x200000
int unk_0xB0; // ex: 7
int unk_0xB4;
int unk_0xB8; // ex: 0x80
sysroot_t *pSysroot;
void *unk_0xC0;
void *unk_0xC4;
// more...?
} SceNskblSysrootInfo; // 3.60
SceNskblSysrootInfo *nskbl_sysroot_info = (SceNskblSysrootInfo *)(0x51000000 + 0x138980); // 3.60
Libraries
Known NIDs
Version | Name | World | Visibility | NID |
---|---|---|---|---|
0.940-3.65 | SceKblForKernel | Non-secure | Kernel | 0xD0FC2991 |
SceKblForKernel
sceSDrfpStartForKernel
Version | NID |
---|---|
0.940-0.990 | 0x230456F3 |
3.60 | not present |
sceSDbgSdioStartForKernel
Version | NID |
---|---|
0.940-0.990 | 0x29A8524D |
3.60 | not present |
Requires DIPSW 193.
SceInt32 sceSDbgSdioStartForKernel(void);
sceSDfMgrStartForKernel
Version | NID |
---|---|
0.940-0.990 | 0xAA8005E4 |
3.60 | not present |
sceKblPutcharForKernel
Version | NID |
---|---|
0.940-3.60 | 0x08E9FAEB |
This is a guessed name.
This function is at 0x510172BD in FW 3.60 and at 0x51003BE0 in FW 0.940.040.
int sceKblPutcharForKernel(void *args, char c);
sceKernelPrintfForKernel
Version | NID |
---|---|
0.940-3.60 | 0x13A5ABEF |
In FW 3.60 this function is at 0x510137A9.
int sceKernelPrintfForKernel(const char *fmt, ...);
sceKernelPrintfLevelForKernel
Version | NID |
---|---|
0.940 | Not present |
0.990-3.60 | 0x752E7EEC |
In FW 3.60 this function is at 0x51013841.
int sceKernelPrintfLevelForKernel(int level, const char *fmt, ...);
sceKernelGetDebugLevelForKernel
Version | NID |
---|---|
0.940-3.60 | 0xC011935A |
Temp name was sceKblGetMinimumLogLevel.
In FW 3.60 this function is at 0x51013921.
int sceKernelGetDebugLevelForKernel(void);
sceKernelGetDebugPutcharForKernel
Version | NID |
---|---|
0.940-3.60 | 0x9B868276 |
In FW 3.60 this function is at 0x51013765.
void *sceKernelGetDebugPutcharForKernel(void);
sceKernelSysrootProcessmgrStart2ForKernel
Version | NID |
---|---|
0.940-3.60 | 0x161D6FCC |
In FW 3.60 this function is at 0x510123DD.
int sceKernelSysrootProcessmgrStart2ForKernel(void);
sceKernelSysrootThreadMgrStartAfterProcessForKernel
Version | NID |
---|---|
0.940-3.60 | 0x1DB28F02 |
In FW 3.60 this function is at 0x510123A1.
int sceKernelSysrootThreadMgrStartAfterProcessForKernel(void);
sceKernelSysrootIofilemgrStartForKernel
Version | NID |
---|---|
0.940-3.60 | 0xC7B77991 |
In FW 3.60 this function is at 0x5101297D.
int sceKernelSysrootIofilemgrStartForKernel(void);
sceKernelSysrootCorelockUnlockForKernel
Version | NID |
---|---|
0.940-3.60 | 0x314AA770 |
In FW 3.60 this function is at 0x510124FD.
void sceKernelSysrootCorelockUnlockForKernel(void);
sceKernelSysrootCorelockLockForKernel
Version | NID |
---|---|
0.940-3.60 | 0x807B4437 |
In FW 3.60 this function is at 0x510124E5.
void sceKernelSysrootCorelockLockForKernel(SceUInt32 core);
SceKblForKernel_99B2F981
Version | NID |
---|---|
0.940-0.990 | 0x99B2F981 |
3.60 | not present |
On FW 0.940, it calls a routine that simply executes cpsid i
then returns 0.
CPSID i ; Disable all interrupts except NMI (set PRIMASK)
Disables IRQ interrupts by setting the I-bit in the CPSR.
sceKblCpuDisableIrqInterruptsForKernel
Version | NID |
---|---|
0.940-0.990 | Not present |
3.60 | 0xDDB3A1A8 |
This is a guessed name. Temp name was sceKblCpuSwitchInterruptsForKernel.
In FW 3.60 this function is at 0x51003554.
void sceKblCpuDisableIrqInterruptsForKernel(void);
sceSblAimgrIsCEXForKernel
Version | NID |
---|---|
0.940-3.60 | 0x8A416887 |
In FW 3.60 this function is at 0x510171B5.
int sceSblAimgrIsCEXForKernel(void);
sceSblAimgrIsDiagForKernel
Version | NID |
---|---|
0.940-3.60 | 0xC3DDDE15 |
In FW 3.60 this function is at 0x51017175.
int sceSblAimgrIsDiagForKernel(void);
sceSblAimgrIsDEXForKernel
Version | NID |
---|---|
0.940-0.990 | Not present |
3.60 | 0x5945F065 |
In FW 3.60 this function is at 0x51017159.
int sceSblAimgrIsDEXForKernel(void);
sceSblAimgrIsToolForKernel
Version | NID |
---|---|
0.990 | not present |
3.60 | 0xB6C9ACF1 |
In FW 3.60 this function is at 0x51017139.
int sceSblAimgrIsToolForKernel(void);
sceSblAimgrIsTestForKernel
Version | NID |
---|---|
0.990 | not present |
3.60 | 0x943E7537 |
In FW 3.60 this function is at 0x5101711D.
int sceSblAimgrIsTestForKernel(void);
sceSblAimgrIsVITAForKernel
Version | NID |
---|---|
0.990 | not present |
3.60 | 0x838466E9 |
In FW 3.60 this function is at 0x51017299.
int sceSblAimgrIsVITAForKernel(void);
sceSblAimgrIsDolceForKernel
Version | NID |
---|---|
0.990 | not present |
3.60 | 0xA7BD4417 |
In FW 3.60 this function is at 0x510172A1.
int sceSblAimgrIsDolceForKernel(void);
sceSblAimgrIsGenuineDolceForKernel
Version | NID |
---|---|
0.990 | not present |
3.60 | 0xB6D00D6D |
In FW 3.60 this function is at 0x510171E5.
int sceSblAimgrIsGenuineDolceForKernel(void);
LoadModulesForKernel
Version | NID |
---|---|
0.940-0.990 | 0xFAE33FDD |
3.60 | not present |
Load all modules from the provided list. The list end is marked by an entry with moduleName = NULL
.
Module GUIDs are populated into the list, so it must be writeable.
SceInt32 LoadModules(SceNskblModuleInfo* module_list);
sceKblLoadModulesForKernel
Version | NID |
---|---|
0.990 | not present |
3.60 | 0x6D7A1F18 |
This is a guessed name.
In FW 3.60 this function is at 0x51001551.
int sceKblLoadModulesForKernel(const SceNskblModuleInfo2 *pList, SceUID *pUidList, SceUInt32 count, SceBool use_tool_extended_memory);
BootModulesForKernel
Version | NID |
---|---|
0.940-0.990 | 0xA7D60F71 |
3.60 | not present |
Runs the entrypoint of all modules in provided list. The list end is marked by an entry with moduleId = SCE_UID_INVALID_UID
.
// If run_boot_entry is SCE_TRUE, module_start is executed on core 0 and
// module_bootstart is executed on all cores
SceInt32 BootModules(SceNskblModuleInfo* module_list, SceSize args, const void* argp, SceBool run_boot_entry);
sceKblBootModulesForKernel
Version | NID |
---|---|
0.990 | not present |
3.60 | 0x9A92436E |
This is a guessed name.
In FW 3.60 this function is at 0x51001571.
int sceKblBootModulesForKernel(SceUID *pUidList, SceUInt32 count, SceSize args, void *argp);
sceKblAuthMgrCloseForKernel
Version | NID |
---|---|
0.990 | not present |
3.60 | 0x79241ACF |
This is a guessed name.
In FW 3.60 this function is at 0x51001345.
int sceKblAuthMgrCloseForKernel(void);
sceKblSetNonSyncModuleStartForKernel
Version | NID |
---|---|
0.990 | not present |
3.60 | 0x9F4F3F98 |
This is a guessed name.
In FW 3.60 this function is at 0x51001561.
int sceKblSetNonSyncModuleStartForKernel(void);
sceKernelCpuIdForKernel
Version | NID |
---|---|
0.940-3.60 | 0xB506A10E |
In FW 3.60 this function is at 0x510147C9.
int sceKernelCpuIdForKernel(void);
sceKernelCheckDipswForKernel
Version | NID |
---|---|
0.990-3.60 | 0xC8F4DE71 |
In FW 3.60 this function is at 0x51015851.
int sceKernelCheckDipswForKernel(int bit);
sceSblQafManagerIsAllowKernelDebugForKernel
Version | NID |
---|---|
0.940-3.60 | 0xCE94F329 |
In FW 3.60 this function is at 0x51016FD1.
int sceSblQafManagerIsAllowKernelDebugForKernel(void);
sceKblGetHardwareFlagsForKernel
Version | NID |
---|---|
0.990 | not present |
3.60 | 0xD3A516D5 |
This is a guessed name.
In FW 3.60 this function is at 0x510128AD.
int sceKblGetHardwareFlagsForKernel(SceHardwareFlags *pFlags);
sceKblInitDeviceForKernel
Version | NID |
---|---|
0.940-3.60 | 0xF7AF8690 |
This is a guessed name.
Some device init function. On FW 0.940 it initializes and mounts os0:
(eMMC) and sd0:
(GCSD).
In FW 3.60 this function is at 0x5100124D.
int sceKblInitDeviceForKernel(void);
sceKblFreeFileSystemCtxForKernel
Version | NID |
---|---|
0.940-3.60 | 0x261F2747 |
This is a guessed name.
Cleanup state created by NSKBL#sceKblInitDeviceForKernel.
In FW 3.60 this function is at 0x51001321.
int sceKblFreeFileSystemCtxForKernel(void);