KBL Param: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 34: Line 34:
| 0x54 || 0x4 || unk (seams to be always 0)
| 0x54 || 0x4 || unk (seams to be always 0)
|-
|-
| 0x58 || 0x4 || Devkit unk flags (ex: 00 00 00 00 retail, E7 53 14 00 development mode, 20 00 08 00 release mode)
| 0x58 || 0x4 || DevKit unk flags (ex: 00 00 00 00 retail, E7 53 14 00 development mode, 20 00 08 00 release mode)
|-
|-
| 0x5C || 0x4 || Devkit Flags 3 (ex: 0x0 retail, 0x20000010 dev mode, 0x20000000 release mode)
| 0x5C || 0x4 || DevKit flags 3 (ex: 0x0 retail, 0x20000010 dev mode, 0x20000000 release mode)
|-
|-
| 0x60 || 0x4 || DRAM base paddr
| 0x60 || 0x4 || DRAM base paddr
Line 72: Line 72:
| 0xC4 || 0x4 || Boot type indicator (0x80 on resume)
| 0xC4 || 0x4 || Boot type indicator (0x80 on resume)
|-
|-
| 0xC8 || 0x8 || unk (0x40 on retail and testkit, 0x64 on devkit, 0xC001C0 on a prototype DEM H unit)
| 0xC8 || 0x4 || unk (0x40 on retail and testkit, 0x60 on PSTV, 0x64 on devkit, 0x3D2 on ?testkit?, 0xC001C0 on a prototype DEM H unit)
|-
| 0xCC || 0x4 || unk (FF FF FF 74 on retail/PSTV/manuf/testkit/devkit, FF BF FF 74 on IDU)
|-
|-
| 0xD0 || 0x4 || [[Suspend|Saved context]] paddr
| 0xD0 || 0x4 || [[Suspend|Saved context]] paddr

Revision as of 18:49, 28 June 2018

The sysroot buffer is a 0x100 or 0x200 sized buffer passed to the secure kernel bootloader in the scratch space and contains all sorts of flags and system parameters. This buffer is copied to the secure kernel, the non-secure kernel loader, and the non-secure kernel and is used by many functions to check for features that are enabled for the system.

Offset Size Description
0x0 0x2 Version (usually 1)
0x2 0x2 Sysroot size (0x100 or 0x200)
0x4 0x4 Current Firmware Version
0x8 0x4 Factory Firmware Version
0xC 0x14 unk
0x20 0xC QA flags
0x2C 0x8 Bitfield Flags
0x34 0xC unk (ex: on production models 0xFFFF, on a prototype DEM H unit with fw 0.945 always 0xFEFF, on PSTV 0xFEFF)
0x40 0x4 Devkit CP timestamp 1
0x44 0x2 Devkit CP Version
0x44 0x2 Devkit CP Build ID
0x48 0x4 Devkit CP timestamp 2
0x4C 0x4 ASLR Seed
0x50 0x4 DevKit Boot Parameters (ex: 0x80000000 or 0x80000001 or 0x80000003 or 0x81000000 or 0x81000001 OR 0x0 or 0x2 in release mode)
0x54 0x4 unk (seams to be always 0)
0x58 0x4 DevKit unk flags (ex: 00 00 00 00 retail, E7 53 14 00 development mode, 20 00 08 00 release mode)
0x5C 0x4 DevKit flags 3 (ex: 0x0 retail, 0x20000010 dev mode, 0x20000000 release mode)
0x60 0x4 DRAM base paddr
0x64 0x4 DRAM size
0x68 0x4 unk
0x6C 0x4 Boot type indicator (0x20000 on resume - no boot logo, 0x1 on boot - boot logo)
0x70 0x10 OpenPsId
0x80 0x4 secure_kernel.enp raw data paddr (optional)
0x84 0x4 secure_kernel.enp size (optional)
0x88 0x8 unk
0x90 0x4 kprx_auth_sm.self raw data paddr
0x94 0x4 kprx_auth_sm.self size
0x98 0x4 prog_rvk.srvk raw data paddr
0x9C 0x4 prog_rvk.srvk size
0xA0 0x8 PSCode
0xA8 0x8 unk
0xB0 0x10 Session ID
0xC0 0x4 unk
0xC4 0x4 Boot type indicator (0x80 on resume)
0xC8 0x4 unk (0x40 on retail and testkit, 0x60 on PSTV, 0x64 on devkit, 0x3D2 on ?testkit?, 0xC001C0 on a prototype DEM H unit)
0xCC 0x4 unk (FF FF FF 74 on retail/PSTV/manuf/testkit/devkit, FF BF FF 74 on IDU)
0xD0 0x4 Saved context paddr
0xD4 0x4 Hardware info
0xD8 0x4 Boot type indicator 3
0xDC 0x1C unk
0xF8 0x4 BootLoader Revision
0xFC 0x4 Sysroot Magic value (0xCBAC03AA)
0x100 0x20 Encrypted Session Key (FW 2.12+)

Boot type indicator 3

Experimental point of view

No AC connected + No POWER Button pressed: 0x0 (ex: rebooting by software PSVita when AC is not connected)
No AC connected + POWER Button pressed: 0x4 (Booting PSVita by pressing POWER button when AC is not connected)
AC connected + No POWER Button pressed: 0x8 (ex: rebooting by software PSVita when AC is connected, autobooting PSTV/IDU PSVita by pluging AC)
AC connected + POWER Button pressed: 0xC (ex: powering off PSTV by software then booting it by pressing POWER button)

Bit flags point of view

Bit Description
0 AC: connected: 1 - disconnected: 0
1 POWER button: pressed: 1 - not pressed: 0

Bitfield Flags

Flags

At offset 0x2C there is a 8 byte flags field.

Bit Description
29 Set to skip version checks in system updates

DIP Switches

To convert the bit number to the offset and bit: offset = 0x40 + (bit_num / 32) * 4, bit = 1 << (bit_num % 32)

CP Information

Bits 0-31 is a 32-bit integer of the current time on the devkit CP clock. This is duplicated in bits 64-95.

Bits 32-47 is a 16-bit integer of the CP version and bits 48-63 is a 16-bit integer of the CP build ID. All integers are little-endian.
On non-devkits, these fields are zero. Bits 0-63 are also usable as general purpose switches exposed with sceKernelSetDipsw, sceKernelClearDipsw, and sceKernelCheckDipsw but they do not change anything in hardware (only cached values are overwritten).

User Flags

Bits 96-127 does not seem to be used in the kernel.

DevKit Boot Parameters

Bits 128-159 are used to store DevKit flags. It does not appear to be used in other models.

Bit Description
152 PS TV Emulation: On: 1 - Off: 0
159 Release Check Mode: Development Mode: 1 - Release Mode: 0
? Memory Size: Console Size: 1 - Development Tool Size: 0

Shell Flags

Bits 160-191 are used for SceShell flags.

Bit Description

Debug Flags

Bits 192-223 are for various debugging options.

Bit Description
197 Enable kernel console logging
211 Enable user UART console logging

System Flags

Bits 224-255 are used for various system options.

Bit Description
229 HDCP related?