KBL Param: Difference between revisions
CelesteBlue (talk | contribs) No edit summary |
CelesteBlue (talk | contribs) No edit summary |
||
Line 20: | Line 20: | ||
| 0x34 || 0xC || unk (ex: on production models 0xFFFF, on a prototype DEM H unit with fw 0.945 always 0xFEFF, on PSTV 0xFEFF) | | 0x34 || 0xC || unk (ex: on production models 0xFFFF, on a prototype DEM H unit with fw 0.945 always 0xFEFF, on PSTV 0xFEFF) | ||
|- | |- | ||
| 0x40 || 0x4 || | | 0x40 || 0x4 || DevKit CP timestamp 1 | ||
|- | |- | ||
| 0x44 || 0x2 || | | 0x44 || 0x2 || DevKit CP Version | ||
|- | |- | ||
| | | 0x46 || 0x2 || DevKit CP Build ID | ||
|- | |- | ||
| 0x48 || 0x4 || | | 0x48 || 0x4 || DevKit CP timestamp 2 | ||
|- | |- | ||
| 0x4C || 0x4 || ASLR Seed | | 0x4C || 0x4 || ASLR Seed | ||
Line 44: | Line 44: | ||
| 0x68 || 0x4 || unk | | 0x68 || 0x4 || unk | ||
|- | |- | ||
| 0x6C || 0x4 || Boot type indicator (0x20000 on resume - no boot logo, 0x1 on boot - boot logo) | | 0x6C || 0x4 || Boot type indicator 1 (0x20000 on resume - no boot logo, 0x1 on boot - boot logo) | ||
|- | |- | ||
| 0x70 || 0x10 || [[OpenPsId]] | | 0x70 || 0x10 || [[OpenPsId]] | ||
Line 70: | Line 70: | ||
| 0xC0 || 0x4 || unk | | 0xC0 || 0x4 || unk | ||
|- | |- | ||
| 0xC4 || 0x4 || Boot type indicator (0x80 on resume) | | 0xC4 || 0x4 || Boot type indicator 2 (0x80 on resume) | ||
|- | |- | ||
| 0xC8 || 0x4 || unk (0x40 on retail and testkit, 0x60 on PSTV, 0x64 on devkit, 0x3D2 on ?testkit?, 0xC001C0 on a prototype DEM H unit) | | 0xC8 || 0x4 || unk (0x40 on retail and testkit, 0x60 on PSTV, 0x64 on devkit, 0x3D2 on ?testkit?, 0xC001C0 on a prototype DEM H unit) | ||
Line 94: | Line 94: | ||
=== Experimental point of view === | === Experimental point of view === | ||
No AC connected + No POWER Button pressed: 0x0 | - No AC connected + No POWER Button pressed: 0x0 | ||
<br \>ex: rebooting by software PSVita when AC is not connected | |||
- No AC connected + POWER Button pressed: 0x4 | |||
<br \>ex: booting PSVita by pressing POWER button when AC is not connected | |||
- AC connected + No POWER Button pressed: 0x8 | |||
<br \>ex: rebooting by software PSVita when AC is connected | |||
<br \>ex: autobooting PSTV/IDU PSVita by pluging AC | |||
- AC connected + POWER Button pressed: 0xC | |||
<br \>ex: powering off by software PSTV then booting it by pressing POWER button | |||
<br \>ex: booting PSVita by pressing POWER button when AC is connected | |||
=== Bit flags point of view === | === Bit flags point of view === | ||
Line 104: | Line 113: | ||
! Bit !! Description | ! Bit !! Description | ||
|- | |- | ||
| 0 || AC: connected: 1 - disconnected: 0 | | 0 || AC: connected: 1 - disconnected: 0 (note that PSTV always has AC connected) | ||
|- | |- | ||
| 1 || POWER button: pressed: 1 - not pressed: 0 | | 1 || POWER button: pressed: 1 - not pressed: 0 |
Revision as of 04:36, 29 June 2018
The sysroot buffer is a 0x100 or 0x200
sized buffer passed to the secure kernel bootloader in the scratch space and contains all sorts of flags and system parameters. This buffer is copied to the secure kernel, the non-secure kernel loader, and the non-secure kernel and is used by many functions to check for features that are enabled for the system.
Offset | Size | Description |
---|---|---|
0x0 | 0x2 | Version (usually 1) |
0x2 | 0x2 | Sysroot size (0x100 or 0x200) |
0x4 | 0x4 | Current Firmware Version |
0x8 | 0x4 | Factory Firmware Version |
0xC | 0x14 | unk |
0x20 | 0xC | QA flags |
0x2C | 0x8 | Bitfield Flags |
0x34 | 0xC | unk (ex: on production models 0xFFFF, on a prototype DEM H unit with fw 0.945 always 0xFEFF, on PSTV 0xFEFF) |
0x40 | 0x4 | DevKit CP timestamp 1 |
0x44 | 0x2 | DevKit CP Version |
0x46 | 0x2 | DevKit CP Build ID |
0x48 | 0x4 | DevKit CP timestamp 2 |
0x4C | 0x4 | ASLR Seed |
0x50 | 0x4 | DevKit Boot Parameters (ex: 0x80000000 or 0x80000001 or 0x80000003 or 0x81000000 or 0x81000001 OR 0x0 or 0x2 in release mode) |
0x54 | 0x4 | unk (seams to be always 0) |
0x58 | 0x4 | DevKit unk flags (ex: 00 00 00 00 retail, E7 53 14 00 development mode, 20 00 08 00 release mode) |
0x5C | 0x4 | DevKit flags 3 (ex: 0x0 retail, 0x20000010 dev mode, 0x20000000 release mode) |
0x60 | 0x4 | DRAM base paddr |
0x64 | 0x4 | DRAM size |
0x68 | 0x4 | unk |
0x6C | 0x4 | Boot type indicator 1 (0x20000 on resume - no boot logo, 0x1 on boot - boot logo) |
0x70 | 0x10 | OpenPsId |
0x80 | 0x4 | secure_kernel.enp raw data paddr (optional)
|
0x84 | 0x4 | secure_kernel.enp size (optional)
|
0x88 | 0x8 | unk |
0x90 | 0x4 | kprx_auth_sm.self raw data paddr
|
0x94 | 0x4 | kprx_auth_sm.self size
|
0x98 | 0x4 | prog_rvk.srvk raw data paddr
|
0x9C | 0x4 | prog_rvk.srvk size
|
0xA0 | 0x8 | PSCode |
0xA8 | 0x8 | unk |
0xB0 | 0x10 | Session ID |
0xC0 | 0x4 | unk |
0xC4 | 0x4 | Boot type indicator 2 (0x80 on resume) |
0xC8 | 0x4 | unk (0x40 on retail and testkit, 0x60 on PSTV, 0x64 on devkit, 0x3D2 on ?testkit?, 0xC001C0 on a prototype DEM H unit) |
0xCC | 0x4 | unk (FF FF FF 74 on retail/PSTV/manuf/testkit/devkit, FF BF FF 74 on IDU) |
0xD0 | 0x4 | Saved context paddr |
0xD4 | 0x4 | Hardware info |
0xD8 | 0x4 | Boot type indicator 3 |
0xDC | 0x1C | unk |
0xF8 | 0x4 | BootLoader Revision |
0xFC | 0x4 | Sysroot Magic value (0xCBAC03AA) |
0x100 | 0x20 | Encrypted Session Key (FW 2.12+) |
Boot type indicator 3
Experimental point of view
- No AC connected + No POWER Button pressed: 0x0
ex: rebooting by software PSVita when AC is not connected
- No AC connected + POWER Button pressed: 0x4
ex: booting PSVita by pressing POWER button when AC is not connected
- AC connected + No POWER Button pressed: 0x8
ex: rebooting by software PSVita when AC is connected
ex: autobooting PSTV/IDU PSVita by pluging AC
- AC connected + POWER Button pressed: 0xC
ex: powering off by software PSTV then booting it by pressing POWER button
ex: booting PSVita by pressing POWER button when AC is connected
Bit flags point of view
Bit | Description |
---|---|
0 | AC: connected: 1 - disconnected: 0 (note that PSTV always has AC connected) |
1 | POWER button: pressed: 1 - not pressed: 0 |
Bitfield Flags
Flags
At offset 0x2C
there is a 8 byte flags field.
Bit | Description |
---|---|
29 | Set to skip version checks in system updates |
DIP Switches
To convert the bit number to the offset and bit: offset = 0x40 + (bit_num / 32) * 4
, bit = 1 << (bit_num % 32)
CP Information
Bits 0-31
is a 32-bit integer of the current time on the devkit CP clock. This is duplicated in bits 64-95
.
Bits 32-47
is a 16-bit integer of the CP version and bits 48-63
is a 16-bit integer of the CP build ID. All integers are little-endian.
On non-devkits, these fields are zero. Bits 0-63
are also usable as general purpose switches exposed with sceKernelSetDipsw
, sceKernelClearDipsw
, and sceKernelCheckDipsw
but they do not change anything in hardware (only cached values are overwritten).
User Flags
Bits 96-127
does not seem to be used in the kernel.
DevKit Boot Parameters
Bits 128-159
are used to store DevKit flags. It does not appear to be used in other models.
Bit | Description |
---|---|
152 | PS TV Emulation: On: 1 - Off: 0 |
159 | Release Check Mode: Development Mode: 1 - Release Mode: 0 |
? | Memory Size: Console Size: 1 - Development Tool Size: 0 |
Shell Flags
Bits 160-191
are used for SceShell flags.
Bit | Description |
---|
Debug Flags
Bits 192-223
are for various debugging options.
Bit | Description |
---|---|
197 | Enable kernel console logging |
211 | Enable user UART console logging |
System Flags
Bits 224-255
are used for various system options.
Bit | Description |
---|---|
229 | HDCP related? |