Boot Sequence: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
No edit summary
 
(52 intermediate revisions by 5 users not shown)
Line 1: Line 1:
The Vita main application processor is a [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0407i/DDI0407I_cortex_a9_mpcore_r4p1_trm.pdf Cortex A9 MPcore]. It implements ARM TrustZone for execution in both a non-secure world and a sandboxed [[Secure World]].
== Boot Process ==


== Boot Process ==
=== Syscon ===
 
Syscon powers up and sets up DRAM, sets up boot context buffer, turns on the [[Kermit|KERMIT SOC]] which eventually starts the Boot code on the [[CMeP|CMeP Processor]].
 
=== First Loader ===
 
The PS Vita main application processor is an [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0407i/DDI0407I_cortex_a9_mpcore_r4p1_trm.pdf ARM Cortex A9 MPcore]. It implements ARM TrustZone for execution in both a non-secure world and a sandboxed [[TrustZone|Secure World]]. However it is not the first processor to run on boot.


=== Boot ROM ===
The [[Cmep|cmep processor]] is the actual secure boot device rather than the ARM processor. The cmep processor's boot ROM, nicknamed [[First Loader]], is the first known code running on PS Vita start. Once it starts, it likely maps the eMMC and directly reads in the second_loader.enp from the eMMC (SLB2 partition) or SD Card (if [[SLSK#Secret_debug_mode|SD BOOT]] challenge passes). This is in the native load format of the boot ROM. There are two layers of encryption. First it decrypts the per-console [[SLSK]] personalization layer that was added during the System Software installation. After that, it decrypts the factory-encrypted [[SLSK]] layer then begins execution.
It is likely that the F00D processor (MeP Core) is the actual secure boot device rather than the ARM CPU. The F00D processor is Toshiba MEP based and is the first secure device ("first loader") to start on the Vita. Once it starts it likely maps the eMMC and directly reads in the second_loader.enp or second_loader.enp_ from the eMMC [[#Boot Partition|slb2]] partition. This is in the native load format of the F00D bootrom. There are likely 2 layers of encryption. First it decrypts the per-console layer that was added during the install. After that it will decrypt the factory-encrypted layer then begin execution.


The second_loader is primarily responsible for preparing the ARM processor. It initializes DRAM and decrypts slb2 kernel_boot_loader.self into DRAM. It also writes the ARM exception vector and some boot context information to the 32KB scratch buffer (mirror mapped to 0x00000000 on ARM). kernel_boot_loader.self contains both the secure world kernel bootloader and secure kernel, as well as the non-secure kernel boot loader. At this point the slb2 kprx_auth_sm.self and prog_rvk.srvk are both loaded into DRAM.
=== Second Loader ===


Finally, the second_loader resets itself with a pointer to the secure_kernel.enp or enp_. F00D processor then restarts and loads the secure_kernel.enp in and again decrypts the per-console layer that was added by the install, and the factory layer. At this point the F00D processor secure kernel is prepared and it resets the ARM CPU at 0x00000000 (F00D scratch buffer). This triggers the ARM secure boot process to begin.
The [[Second Loader]] is primarily responsible for preparing the ARM processor. It initializes DRAM and decrypts kernel_boot_loader.self from eMMC [[SLB2]] partition into DRAM. It also writes the ARM exception vector and some boot context information to the 32kB scratch buffer (mirror mapped to 0x00000000 on ARM). kernel_boot_loader.self contains both the [[Kernel_Boot_Loader|secure kernel bootloader]] and [[TrustZone]], as well as the [[NSKBL|non-secure kernel bootloader]]. At this point the kprx_auth_sm.self and prog_rvk.srvk read from the eMMC [[SLB2]] partition are both loaded into DRAM. Finally, the [[Second Loader]] resets itself with a pointer to the secure_kernel.enp binary.


=== Secure Kernel ===
=== Secure Kernel ===
The bootloader decompresses the [[ARZL]] secure kernel, loads it and sets up the VBAR and MVBAR. It then decompresses the [[ARZL]] non-secure kernel bootloader and sets NS in SCR and jumps into non-secure kernel bootloader. See [[Secure Bootloader]] for more information.


=== SceKblForKernel ===
the [[Cmep|cmep processor]] then restarts and loads the secure_kernel.enp in and again decrypts the per-console layer that was added during the System Software installation, and the factory layer. At this point the cmep processor is prepared and [[Secure Kernel]] tells Syscon to reset the ARM CPU at 0x00000000 (cmep scratch buffer). This triggers the ARM secure boot process.
The non-secure kernel bootloader contains an embedded and likely stripped version of [[SceSysmem]], [[SceKernelModulemgr]], [[SceSblSmschedProxy]], and some other core drivers. The NS KBL sets up the eMMC device (again) and starts <code>os0:psp2bootconfig.skprx</code>.
 
=== Secure Kernel Bootloader ===
 
The secure kernel bootloader decompresses the [[ARZL]] compressed [[TrustZone|TrustZone kernel]], loads it and sets up the VBAR and MVBAR. It then decompresses the [[ARZL]] non-secure kernel bootloader, sets NS in SCR and jumps into non-secure kernel bootloader with svc mode. See [[Kernel Boot Loader]] for more information.
 
=== Non-secure Kernel Bootloader ===
 
The non-secure kernel bootloader contains an embedded and likely stripped version of [[SceSysmem]], [[SceKernelModulemgr]], [[SceSblSmschedProxy]], and some other core drivers. The NSKBL sets up the eMMC device (again) and starts <code>os0:psp2bootconfig.skprx</code>.


=== ScePsp2BootConfig ===
=== ScePsp2BootConfig ===
This kernel module does not export any library. It only has a module init function that has a hard coded list of core kernel modules (ex: sysmem.skprx) which are loaded with calls back into NSKBL through SceKblForKernel imports. Once the core initialization is done, the next module to run is SceSysStateMgr.
This kernel module does not export any library. It only has a module init function that has a hard coded list of core kernel modules (ex: sysmem.skprx) which are loaded with calls back into NSKBL through SceKblForKernel imports. Once the core initialization is done, the next module to run is SceSysStateMgr.


=== SceSysStateMgr ===
==== FW 0.931.010 special case ====
 
On System Software version 0.931.010 (and probably earlier versions), [[NSKBL]] embeds the kernel modules list in data segment instead of using the [[ScePsp2BootConfig]] kernel module. Here is the list:
 
<source>
sysmem.skprx
 
excpmgr.skprx
 
intrmgr.skprx
 
systimer.skprx
acmgr.skprx
threadmgr.skprx
dmacmgr.skprx
 
ssproxy.skprx
 
smsc_proxy.skprx
 
authmgr.skprx
 
iofilemgr.skprx
modulemgr.skprx
processmgr.skprx
 
backtrace.skprx
sdbgsdio.skprx
deci4p_sdfmgr.skprx
deci4p_sttyp.skprx
deci4p_sdbgp.skprx
deci4p_sdrfp.skprx
stdio.skprx
lowio.skprx
clockgen.skprx
sdif.skprx
sdstor.skprx
 
fatsd.skprx
exfatfs.skprx
 
pamgr.skprx
sysstatemgr.skprx
</source>
 
=== [[SceSysStateMgr]] ===
 
This kernel module also does not export any library. Its init function first maps all the [[SceKernelBootimage]] embedded modules and redirects them to os0:kd/. Then it decrypts <code>os0:psp2config.skprx</code> or <code>os0:psp2config_vita.skprx</code> or <code>os0:psp2config_dolce.skprx</code> and parses the [[Boot Sequence#System Configuration Script|System Configuration Script]] to load the remaining modules and finally either [[SceSafemode]] or [[SceShell]] or [[ScePsp2Swu]] or [[ScePsp2Diag]].
This kernel module also does not export any library. Its init function first maps all the [[SceKernelBootimage]] embedded modules and redirects them to os0:kd/. Then it decrypts <code>os0:psp2config.skprx</code> or <code>os0:psp2config_vita.skprx</code> or <code>os0:psp2config_dolce.skprx</code> and parses the [[Boot Sequence#System Configuration Script|System Configuration Script]] to load the remaining modules and finally either [[SceSafemode]] or [[SceShell]] or [[ScePsp2Swu]] or [[ScePsp2Diag]].
Also refer to the [[SceSysStateMgr]] page for System Configuration Script.


== Boot Partition ==
== Boot Partition ==
The boot partition is [[SLB2]] formatted. It contains entries these files:
The boot partition is [[SLB2]] formatted. It contains entries these files:
{| class="wikitable"
{| class="wikitable"
Line 31: Line 92:
|-
|-
| kernel_boot_loader.self
| kernel_boot_loader.self
| 0.931
| 0.931.010
| Secure KBL and ARZL compressed non-secure KBL
| Secure KBL and ARZL compressed NS KBL
|-
|-
| kprx_auth_sm.self
| kprx_auth_sm.self
| 0.931
| 0.931.010
| Used with [[F00D Processor]] to decrypt SELFs
| Used with the [[Cmep|cmep processor]] to decrypt SELFs
|-
|-
| prog_rvk.srvk
| prog_rvk.srvk
| 0.931
| 0.931.010
| [[SCE]] encrypted revocation data of some sort
| [[SCE]] encrypted SELF revocation list
|-
|-
| second_loader.enp
| second_loader.enp
| 0.931
| 0.931.010
| Possibly the secure bootloader
| Secure bootloader
|-
|-
| second_loader.enp_
| second_loader.enp_
| 0.931
| 0.931.010
| Related to second_loader.enp in some way, likely for encryption
| Related to second_loader.enp in some way, likely for encryption
|-
|-
| secure_kernel.enp
| secure_kernel.enp
| 0.931
| 0.931.010
| Possibly the secure kernel [[ARZL]] compressed and loaded into memory by ROM
| Secure kernel loader
|-
|-
| secure_kernel.enp_
| secure_kernel.enp_
| 0.931
| 0.931.010
| Related to secure_kernel.enp in some way, likely for encryption
| Related to secure_kernel.enp in some way, likely for encryption
|-
| secure_kernel.xxx
| 0.931.010
| Prototype secure kernel loader encrypted differently than secure_kernel.enc
|}
|}


== System Configuration Script ==
== Boot Debug Checkpoint Codes ==
<code>os0:psp2config.skprx</code> once decrypted is a UTF-8 text file that is parsed by SceSysStateMgr. It is a very simple script format.
 
During the boot sequence, the various bootloaders will update a GPIO register specifying the progress into boot. This can be used to debug where in the boot process something fails.
 
Second Loader checkpoint codes start at 0x40 (e.g. GPO value <code>0x52</code> corresponds to SBL code <code>0x12</code>).


If "manufacturing mode" is enabled, then it is possible to load <code>psp2config.skprx</code> from <code>sd0:</code> (not present in any production device or devkits) or <code>ux0:</code>. However, the files must still be signed and encrypted SELFs. In "manufacturing mode" with the default boot config, if <code>sd0:psp2diag.self</code> or <code>ux0:psp2diag.self</code> exists (and is a valid signed & encrypted SELF), then it will be launched. If "development mode" is enabled (note that this does not necessarily mean PDEL or devkit), then <code>psp2config.skprx</code> can be a plaintext file instead.
=== GPIO ===


=== Comments ===
The GPIO registers are registered at <code>0xE20A000C</code> (turn off bits) and <code>0xE20A0008</code> (turn on bits). On PDEL units, this maps to the LED lights.
Comments start out with <code>#</code>, as an example, here's the header of 1.69 psp2config.skprx
 
<pre>
=== Known Codes ===
#
# PSP2 System Configuration for Release
#
# [NOTICE]
#
# This configuration is only for kernel_boot_loader_release.self.
#
</pre>


=== Conditionals ===
The ''Event'' column indicates what happens/is about to happen when a code is shown on the GPO LED. If boot of the unit doesn't succeed, the ''Halting event'' column indicates what caused the boot process to fail based on the last value of the GPO LED.


Conditionals start with <code>if</code> and end with <code>endif</code>. There are certain conditional constants defined in SceSysStateMgr. A table of known conditionals is below.
{| class="wikitable"
{| class="wikitable"
! Name
! Code
! Description
! Location
! Event
! Halting event
|-
| 64 / 0x40
| second_loader (0.931.010)
| SBL finished successfully
|
|-
| 65 / 0x41
| second_loader
| Some [[KBL Param#Hardware_Info|Hardware Info]] check complete - GPO intiailization OK?
|
|-
| 66 / 0x42
| second_loader (0.931.010)
| Something with Syscon
| ERROR: communication with Syscon failed
|-
| 67 / 0x43
| second_loader
| Register bigmac key 0x508 and 0x51B complete
| ERROR: communication with Syscon failed
|-
| 68 / 0x44
| second_loader
|
| ERROR: ?some check with keyring 0x501 and Cmep data? failed
|-
| 69 / 0x45
| second_loader
| ?Initializing LPDDR2?
| ERROR: ?LPDDR2 initialization failed?
|-
| 70 / 0x46
| second_loader
| Setting QA flags to bigmac keyring complete
|
|-
|-
| MANUFACTURING_MODE
| 71 / 0x47
| Unknown. Depends on some condition set on boot by some bootloader
| second_loader (0.931.010)
| Calling <code>testMemory</code>
| ?ERROR: <code>testMemory</code> failed?
|-
|-
| EXTERNAL_BOOT_MODE
| 72 / 0x48
| Unknown. Depends on some condition set on boot by some bootloader
| second_loader (0.931.010)
| ?Initializing SD/eMMC?
| ERROR: ?SD/eMMC initialization failed?
|-
|-
| UPDATE_MODE
| 73 / 0x49
| Set by [[SceSyscon|Syscon]] when an update is about to be performed.
| second_loader (0.931.010)
| ?Loading <code>kernel_boot_loader.self</code>?
| ERROR: ?reading/loading/... <code>kernel_boot_loader.self</code> failed?
|-
|-
| USB_ENUM_WAKEUP
| 74 / 0x4A
| Unknown. Could be [[CMA]] connection while device is turned off or IDU mode USB boot.
| second_loader (0.931.010)
|
| ERROR: ?SD/eMMC I/O error?
|-
|-
| KERMIT_REV_ES1_X
| 75 / 0x4B
| Unknown. GPU hardware revision related.
| second_loader (0.931.010)
|
| WARNING: Reading ConsoleID from eMMC failed
|-
|-
| KERMIT_REV_ES2_X
| 76 / 0x4C
| Unknown. GPU hardware revision related.
| second_loader (0.931.010)
|
| ERROR: ?starting ARM clock failed? (cannot happen on System Software version 0.931.010)
|-
|-
| KERMIT_REV_ES3_X
| 77 / 0x4D
| Unknown. GPU hardware revision related.
| second_loader (0.931.010)
| ?Initializing SNVS?
| ERROR: Writing 0x502-0x504/0x50B/... keyring failed (?SNVS init failed?) (cannot happen on System Software version 0.931.010)
|-
|-
| KERMIT_REV_ES4_X
| 78 / 0x4E
| Unknown. GPU hardware revision related.
| second_loader (0.931.010)
|
| ERROR: SBL version mismatch with SVNS-stored System Software version
|-
|-
| KERMIT15_REV_ES1_X
| 79 / 0x4F
| Unknown.
| second_loader (0.931.010)
|
| ERROR: <code>testMemory</code> failed (dummy in System Software version 0.931.010, cannot happen)
|-
|-
| UD0_EXIST
| 80 / 0x50
| Does the ud0: [[Partition]] exist?
| second_loader (0.931.010)
| Copying keyrings 0x602/0x601 to physical address 0xE0020100/0xE0020200
|
|-
|-
| DEMO_MODE
| 82 / 0x52
| Is the Vita a [[Flags|IDU/ShowMode flagged]]?
| second_loader
|  
| ERROR: eMMC is not available
|-
|-
| SAFE_MODE
| 83 / 0x53
| A flag in sysroot buffer indicates device should enter safe mode.
| second_loader
|
| WARNING: Reading OpenPSID from eMMC failed
|-
|-
| DEVELOPMENT_MODE
| 84 / 0x54
| [[SceSblACMgr]] is called to check if device is a development device and is in DevMode.
| second_loader
|}
|  
 
| ERROR: Minimal System Software version read failed / SBL version is lower than minimal System Software version
Example:
<pre>
if SAFE_MODE
spawn os0:ue/safemode.self
end
endif
</pre>
 
=== Load ===
<code>load path</code> will load the kernel module at <code>path</code>.
 
<code>tload path</code> possibly stands for "test load." Possibly used in development units to load to module to dedicated devkit RAM.
 
Example:
<pre>
load os0:kd/ngs.skprx
</pre>
 
=== Spawn ===
<code>spawn path</code> will spawn an app and continue processing the script in the background.
 
<code>spawnwait path</code> will spawn an app and wait for it to exit before continuing processing the script.
 
<code>appspawn path param</code> is used to spawn the app self located at <code>path</code> with the parameter <code>param</code>.
 
 
Known param constants:
{| class="wikitable"
|-
|-
! Name
| 85 / 0x55
! Description
| second_loader
| Setting factory System Software version to Bigmac keyring complete
| WARNING: Something related to Syscon communication failed?
|-
|-
| SHELL_BUDGET_ID
| 86 / 0x56
| Unknown. Example modules: <code>vs0:vsh/shell/shell.self</code> and <code>vs0:vsh/shell/shell_mini.self</code>
| second_loader
|
|
|-
|-
| GAME_BUDGET_ID
| 87 / 0x57
| Unknown. Example module: <code>vs0:vsh/shell/shell_gamebudget.self</code>
| second_loader (0.931.010)
|}
|
 
| WARNING: ???
Example:
<pre>
if UPDATE_MODE
if UD0_EXIST
spawn ud0:PSP2UPDATE/psp2swu.self
else
spawn ur0:PSP2UPDATE/psp2swu.self
endif
end
endif
</pre>
 
=== Include ===
<code>include path</code> will include and process a config script located at <code>path</code>.
 
Example:
<pre>
include ur0:temp/bcfg2.txt
</pre>
 
=== End ===
<code>end</code> will end script processing
 
=== Ignore Error ===
Any line that starts with <code>- </code> will not fail the boot sequence if the line fails. For example, you can specify an optional module to load such that boot continues if the module does not exist or errors on load.
 
=== All codes (from 0.990) ===
load, unload, loadonly, start, stop, unloadonly, spawn, spawnwait, wait, kill, loadconfig, ifmodel, ifnmodel, setenv, setmodfile, repeat, endrepeat, appspawn, tload
 
+ include, if, endif, end
 
== Boot Debug Checkpoint Codes ==
 
During the boot sequence, the various bootloaders will update a GPIO register specifying the progress into boot. This can be used to debug where in the boot process something fails.
 
=== GPIO ===
 
The GPIO registers are registered at <code>0xE20A000C</code> (turn off bits) and <code>0xE20A0008</code> (turn on bits). On PDEL units, this maps to the LED lights.
 
=== Known Codes ===
 
{| class="wikitable"
! Code
! Location
! Description
|-
|-
| 72
| 88 / 0x58
| ?
| second_loader (0.940)
| ?
|
| WARNING: invalid/mismatched per-console information?
|-
|-
| 84
| 89 / 0x59
| ?
| second_loader (0.931.010)
| ?
|
| WARNING: ???
|-
|-
| 85
| 90 / 0x5A
| ?
| second_loader
| ?
| About to write SceKblParam to SPAD32K
|
|-
|-
| 86
| 94 / 0x5E
| ?
| second_loader (0.931.010)
| ?
|
| ERROR: SVNS-stored System Software version is lower than minimal System Software version
|-
|-
| 96
| 96 / 0x60
| ?
| second_loader
| ?
| Setting SceKblParam complete and Start setting some device clock.
|
|-
|-
| 129
| 129 / 0x81
| Secure Kernel Loader
| Secure Kernel BootLoader
| Core 0 (secure world) pre-init complete
| Core 0 (secure world) pre-init complete
|
|-
|-
| 130
| 130 / 0x82
| Secure Kernel Loader
| Secure Kernel BootLoader
| Secure world interrupts registered (?)
| Secure world interrupts registered (?)
|
|-
|-
| 131
| 131 / 0x83
| Secure Kernel Loader
| Secure Kernel BootLoader
| Serial console ready, boot message printed
| Serial console ready, boot message printed
|
|-
|-
| 132
| 132 / 0x84
| Secure Kernel Loader
| Secure Kernel BootLoader
| Some device init
| Some device init
|
|-
|-
| 133
| 133 / 0x85
| Secure Kernel Loader
| Secure Kernel BootLoader
| Some co-processor init. Starting point for other cores.
| Some co-processor init. Starting point for other cores.
|
|-
|-
| 134
| 134 / 0x86
| Secure Kernel Loader
| Secure Kernel BootLoader
| MMU enabled, VBAR/MVBAR set up
| MMU enabled, VBAR/MVBAR set up
|
|-
|-
| 135
| 135 / 0x87
| Secure Kernel Loader
| Secure Kernel BootLoader
| Nothing since 134
| Nothing since 134
|
|-
|-
| 136
| 136 / 0x88
| Secure Kernel Loader
| Secure Kernel BootLoader
| Boot setup complete, secure kernel loading begin
| Boot setup complete, secure kernel loading begin
|
|-
|-
| 137
| 137 / 0x89
| Secure Kernel Loader
| Secure Kernel BootLoader
| Secure kernel loaded. About to load NS KBL at <code>0x51000000</code>
| Secure kernel loaded. About to load NS KBL at <code>0x51000000</code>
|
|-
|-
| 138
| 138 / 0x8A
| Secure Kernel Loader
| Secure Kernel BootLoader
| Secure kernel loaded. About to resume context at <code>0x1F000000</code>. Or undefined instruction exception.
| Secure kernel loaded. About to resume context at <code>0x1F000000</code>.
| ERROR: Undefined Instruction exception
|-
|-
| 139
| 139 / 0x8B
| Secure Kernel Loader
| Secure Kernel BootLoader
| SVC exception (should not happen, error)
|
| ERROR: SVC exception (should not happen)
|-
|-
| 140
| 140 / 0x8C
| Secure Kernel Loader
| Secure Kernel BootLoader
| Prefetch abort exception
|
| ERROR: Prefetch abort exception
|-
|-
| 141
| 141 / 0x8D
| Secure Kernel Loader
| Secure Kernel BootLoader
| Data abort exception
|
| ERROR: Data abort exception
|-
|-
| 142
| 142 / 0x8E
| Secure Kernel Loader
| Secure Kernel BootLoader
| IRQ exception (should not happen, error)
|
| ERROR: IRQ exception (should not happen)
|-
|-
| 143
| 143 / 0x8F
| Secure Kernel Loader
| Secure Kernel BootLoader
| FIQ exception (should not happen, error)
|
| ERROR: FIQ exception (should not happen)
|-
|-
| 161
| 161 / 0xA1
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| Core 0 (non-secure world) pre-init complete
| Core 0 (non-secure world) pre-init complete
|
|-
|-
| 162
| 162 / 0xA2
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| Some interrupts registered (?)
| Some interrupts registered (?)
|
|-
|-
| 163
| 163 / 0xA3
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| Serial console ready, boot message printed (if enabled)
| Serial console ready, boot message printed (if enabled)
|
|-
|-
| 164
| 164 / 0xA4
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| Some buffer is initialized to device addresses
| Some buffer is initialized to device addresses
|
|-
|-
| 165
| 165 / 0xA5
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| Some co-processor init. Starting point for other cores.
| Some co-processor init. Starting point for other cores.
|
|-
|-
| 166
| 166 / 0xA6
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| MMU enabled, VBAR set up
| MMU enabled, VBAR set up
|
|-
|-
| 167
| 167 / 0xA7
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| Nothing since 166
| Nothing since 166
|
|-
|-
| 168
| 168 / 0xA8
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| Boot setup complete, NS kernel loading begin
| Boot setup complete, NS kernel loading begin
|
|-
|-
| 169
| 169 / 0xA9
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| Kernel pre-init (setup stacks, interrupts, etc) done. Right before first external loading.
| Kernel pre-init (setup stacks, interrupts, etc) done. Right before first external loading.
|
|-
|-
| 170
| 170 / 0xAA
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| Undefined instruction exception
|
| ERROR: Undefined Instruction exception
|-
|-
| 171
| 171 / 0xAB
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| SVC exception (should not happen, error)
|
| ERROR: SVC exception (should not happen)
|-
|-
| 172
| 172 / 0xAC
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| Prefetch abort exception
|
| ERROR: Prefetch abort exception
|-
|-
| 173
| 173 / 0xAD
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| Data abort exception
|
| ERROR: Data abort exception
|-
|-
| 174
| 174 / 0xAE
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| IRQ exception (should not happen, error)
|  
| ERROR: IRQ exception (should not happen)
|-
|-
| 175
| 175 / 0xAF
| NS Kernel Loader
| Non-Secure Kernel BootLoader
| FIQ exception (should not happen, error)
|
| ERROR: FIQ exception (should not happen)
|}
|}


Line 353: Line 439:
Upon suspension, context is written to memory and a syscon command is issued to save the context pointer as well as other information (for example, if it should restart into update mode). When resuming, the boot process is the same as cold boot up until the secure kernel bootloader. After secure kernel loads, instead of decompressing and jumping to the non-secure kernel bootloader, it restores the saved context and returns to the kernel resume code.
Upon suspension, context is written to memory and a syscon command is issued to save the context pointer as well as other information (for example, if it should restart into update mode). When resuming, the boot process is the same as cold boot up until the secure kernel bootloader. After secure kernel loads, instead of decompressing and jumping to the non-secure kernel bootloader, it restores the saved context and returns to the kernel resume code.


See [[Suspend]].
See also [[Suspend]].





Latest revision as of 08:24, 9 August 2023

Boot Process

Syscon

Syscon powers up and sets up DRAM, sets up boot context buffer, turns on the KERMIT SOC which eventually starts the Boot code on the CMeP Processor.

First Loader

The PS Vita main application processor is an ARM Cortex A9 MPcore. It implements ARM TrustZone for execution in both a non-secure world and a sandboxed Secure World. However it is not the first processor to run on boot.

The cmep processor is the actual secure boot device rather than the ARM processor. The cmep processor's boot ROM, nicknamed First Loader, is the first known code running on PS Vita start. Once it starts, it likely maps the eMMC and directly reads in the second_loader.enp from the eMMC (SLB2 partition) or SD Card (if SD BOOT challenge passes). This is in the native load format of the boot ROM. There are two layers of encryption. First it decrypts the per-console SLSK personalization layer that was added during the System Software installation. After that, it decrypts the factory-encrypted SLSK layer then begins execution.

Second Loader

The Second Loader is primarily responsible for preparing the ARM processor. It initializes DRAM and decrypts kernel_boot_loader.self from eMMC SLB2 partition into DRAM. It also writes the ARM exception vector and some boot context information to the 32kB scratch buffer (mirror mapped to 0x00000000 on ARM). kernel_boot_loader.self contains both the secure kernel bootloader and TrustZone, as well as the non-secure kernel bootloader. At this point the kprx_auth_sm.self and prog_rvk.srvk read from the eMMC SLB2 partition are both loaded into DRAM. Finally, the Second Loader resets itself with a pointer to the secure_kernel.enp binary.

Secure Kernel

the cmep processor then restarts and loads the secure_kernel.enp in and again decrypts the per-console layer that was added during the System Software installation, and the factory layer. At this point the cmep processor is prepared and Secure Kernel tells Syscon to reset the ARM CPU at 0x00000000 (cmep scratch buffer). This triggers the ARM secure boot process.

Secure Kernel Bootloader

The secure kernel bootloader decompresses the ARZL compressed TrustZone kernel, loads it and sets up the VBAR and MVBAR. It then decompresses the ARZL non-secure kernel bootloader, sets NS in SCR and jumps into non-secure kernel bootloader with svc mode. See Kernel Boot Loader for more information.

Non-secure Kernel Bootloader

The non-secure kernel bootloader contains an embedded and likely stripped version of SceSysmem, SceKernelModulemgr, SceSblSmschedProxy, and some other core drivers. The NSKBL sets up the eMMC device (again) and starts os0:psp2bootconfig.skprx.

ScePsp2BootConfig

This kernel module does not export any library. It only has a module init function that has a hard coded list of core kernel modules (ex: sysmem.skprx) which are loaded with calls back into NSKBL through SceKblForKernel imports. Once the core initialization is done, the next module to run is SceSysStateMgr.

FW 0.931.010 special case

On System Software version 0.931.010 (and probably earlier versions), NSKBL embeds the kernel modules list in data segment instead of using the ScePsp2BootConfig kernel module. Here is the list:

sysmem.skprx

excpmgr.skprx

intrmgr.skprx

systimer.skprx
acmgr.skprx
threadmgr.skprx
dmacmgr.skprx

ssproxy.skprx

smsc_proxy.skprx

authmgr.skprx

iofilemgr.skprx
modulemgr.skprx
processmgr.skprx

backtrace.skprx
sdbgsdio.skprx
deci4p_sdfmgr.skprx
deci4p_sttyp.skprx
deci4p_sdbgp.skprx
deci4p_sdrfp.skprx
stdio.skprx
lowio.skprx
clockgen.skprx
sdif.skprx
sdstor.skprx

fatsd.skprx
exfatfs.skprx

pamgr.skprx
sysstatemgr.skprx

SceSysStateMgr

This kernel module also does not export any library. Its init function first maps all the SceKernelBootimage embedded modules and redirects them to os0:kd/. Then it decrypts os0:psp2config.skprx or os0:psp2config_vita.skprx or os0:psp2config_dolce.skprx and parses the System Configuration Script to load the remaining modules and finally either SceSafemode or SceShell or ScePsp2Swu or ScePsp2Diag.

Also refer to the SceSysStateMgr page for System Configuration Script.

Boot Partition

The boot partition is SLB2 formatted. It contains entries these files:

Name Earliest Known Version Comments
kernel_boot_loader.self 0.931.010 Secure KBL and ARZL compressed NS KBL
kprx_auth_sm.self 0.931.010 Used with the cmep processor to decrypt SELFs
prog_rvk.srvk 0.931.010 SCE encrypted SELF revocation list
second_loader.enp 0.931.010 Secure bootloader
second_loader.enp_ 0.931.010 Related to second_loader.enp in some way, likely for encryption
secure_kernel.enp 0.931.010 Secure kernel loader
secure_kernel.enp_ 0.931.010 Related to secure_kernel.enp in some way, likely for encryption
secure_kernel.xxx 0.931.010 Prototype secure kernel loader encrypted differently than secure_kernel.enc

Boot Debug Checkpoint Codes

During the boot sequence, the various bootloaders will update a GPIO register specifying the progress into boot. This can be used to debug where in the boot process something fails.

Second Loader checkpoint codes start at 0x40 (e.g. GPO value 0x52 corresponds to SBL code 0x12).

GPIO

The GPIO registers are registered at 0xE20A000C (turn off bits) and 0xE20A0008 (turn on bits). On PDEL units, this maps to the LED lights.

Known Codes

The Event column indicates what happens/is about to happen when a code is shown on the GPO LED. If boot of the unit doesn't succeed, the Halting event column indicates what caused the boot process to fail based on the last value of the GPO LED.

Code Location Event Halting event
64 / 0x40 second_loader (0.931.010) SBL finished successfully
65 / 0x41 second_loader Some Hardware Info check complete - GPO intiailization OK?
66 / 0x42 second_loader (0.931.010) Something with Syscon ERROR: communication with Syscon failed
67 / 0x43 second_loader Register bigmac key 0x508 and 0x51B complete ERROR: communication with Syscon failed
68 / 0x44 second_loader ERROR: ?some check with keyring 0x501 and Cmep data? failed
69 / 0x45 second_loader ?Initializing LPDDR2? ERROR: ?LPDDR2 initialization failed?
70 / 0x46 second_loader Setting QA flags to bigmac keyring complete
71 / 0x47 second_loader (0.931.010) Calling testMemory ?ERROR: testMemory failed?
72 / 0x48 second_loader (0.931.010) ?Initializing SD/eMMC? ERROR: ?SD/eMMC initialization failed?
73 / 0x49 second_loader (0.931.010) ?Loading kernel_boot_loader.self? ERROR: ?reading/loading/... kernel_boot_loader.self failed?
74 / 0x4A second_loader (0.931.010) ERROR: ?SD/eMMC I/O error?
75 / 0x4B second_loader (0.931.010) WARNING: Reading ConsoleID from eMMC failed
76 / 0x4C second_loader (0.931.010) ERROR: ?starting ARM clock failed? (cannot happen on System Software version 0.931.010)
77 / 0x4D second_loader (0.931.010) ?Initializing SNVS? ERROR: Writing 0x502-0x504/0x50B/... keyring failed (?SNVS init failed?) (cannot happen on System Software version 0.931.010)
78 / 0x4E second_loader (0.931.010) ERROR: SBL version mismatch with SVNS-stored System Software version
79 / 0x4F second_loader (0.931.010) ERROR: testMemory failed (dummy in System Software version 0.931.010, cannot happen)
80 / 0x50 second_loader (0.931.010) Copying keyrings 0x602/0x601 to physical address 0xE0020100/0xE0020200
82 / 0x52 second_loader ERROR: eMMC is not available
83 / 0x53 second_loader WARNING: Reading OpenPSID from eMMC failed
84 / 0x54 second_loader ERROR: Minimal System Software version read failed / SBL version is lower than minimal System Software version
85 / 0x55 second_loader Setting factory System Software version to Bigmac keyring complete WARNING: Something related to Syscon communication failed?
86 / 0x56 second_loader
87 / 0x57 second_loader (0.931.010) WARNING: ???
88 / 0x58 second_loader (0.940) WARNING: invalid/mismatched per-console information?
89 / 0x59 second_loader (0.931.010) WARNING: ???
90 / 0x5A second_loader About to write SceKblParam to SPAD32K
94 / 0x5E second_loader (0.931.010) ERROR: SVNS-stored System Software version is lower than minimal System Software version
96 / 0x60 second_loader Setting SceKblParam complete and Start setting some device clock.
129 / 0x81 Secure Kernel BootLoader Core 0 (secure world) pre-init complete
130 / 0x82 Secure Kernel BootLoader Secure world interrupts registered (?)
131 / 0x83 Secure Kernel BootLoader Serial console ready, boot message printed
132 / 0x84 Secure Kernel BootLoader Some device init
133 / 0x85 Secure Kernel BootLoader Some co-processor init. Starting point for other cores.
134 / 0x86 Secure Kernel BootLoader MMU enabled, VBAR/MVBAR set up
135 / 0x87 Secure Kernel BootLoader Nothing since 134
136 / 0x88 Secure Kernel BootLoader Boot setup complete, secure kernel loading begin
137 / 0x89 Secure Kernel BootLoader Secure kernel loaded. About to load NS KBL at 0x51000000
138 / 0x8A Secure Kernel BootLoader Secure kernel loaded. About to resume context at 0x1F000000. ERROR: Undefined Instruction exception
139 / 0x8B Secure Kernel BootLoader ERROR: SVC exception (should not happen)
140 / 0x8C Secure Kernel BootLoader ERROR: Prefetch abort exception
141 / 0x8D Secure Kernel BootLoader ERROR: Data abort exception
142 / 0x8E Secure Kernel BootLoader ERROR: IRQ exception (should not happen)
143 / 0x8F Secure Kernel BootLoader ERROR: FIQ exception (should not happen)
161 / 0xA1 Non-Secure Kernel BootLoader Core 0 (non-secure world) pre-init complete
162 / 0xA2 Non-Secure Kernel BootLoader Some interrupts registered (?)
163 / 0xA3 Non-Secure Kernel BootLoader Serial console ready, boot message printed (if enabled)
164 / 0xA4 Non-Secure Kernel BootLoader Some buffer is initialized to device addresses
165 / 0xA5 Non-Secure Kernel BootLoader Some co-processor init. Starting point for other cores.
166 / 0xA6 Non-Secure Kernel BootLoader MMU enabled, VBAR set up
167 / 0xA7 Non-Secure Kernel BootLoader Nothing since 166
168 / 0xA8 Non-Secure Kernel BootLoader Boot setup complete, NS kernel loading begin
169 / 0xA9 Non-Secure Kernel BootLoader Kernel pre-init (setup stacks, interrupts, etc) done. Right before first external loading.
170 / 0xAA Non-Secure Kernel BootLoader ERROR: Undefined Instruction exception
171 / 0xAB Non-Secure Kernel BootLoader ERROR: SVC exception (should not happen)
172 / 0xAC Non-Secure Kernel BootLoader ERROR: Prefetch abort exception
173 / 0xAD Non-Secure Kernel BootLoader ERROR: Data abort exception
174 / 0xAE Non-Secure Kernel BootLoader ERROR: IRQ exception (should not happen)
175 / 0xAF Non-Secure Kernel BootLoader ERROR: FIQ exception (should not happen)

Suspend and Resume

Upon suspension, context is written to memory and a syscon command is issued to save the context pointer as well as other information (for example, if it should restart into update mode). When resuming, the boot process is the same as cold boot up until the secure kernel bootloader. After secure kernel loads, instead of decompressing and jumping to the non-secure kernel bootloader, it restores the saved context and returns to the kernel resume code.

See also Suspend.