Boot Sequence: Difference between revisions
CelesteBlue (talk | contribs) |
CelesteBlue (talk | contribs) No edit summary |
||
Line 1: | Line 1: | ||
== Boot Process == | == Boot Process == | ||
=== Boot ROM === | === Boot ROM === | ||
The [[F00D processor]] is the actual secure boot device rather than the ARM processor. The F00D processor bootrom ("first loader") is the first code running on PSVita start. Once it starts it likely maps the eMMC and directly reads in the second_loader.enp or second_loader.enp_ from the eMMC [[ | The PSVita main application processor is an [http://infocenter.arm.com/help/topic/com.arm.doc.ddi0407i/DDI0407I_cortex_a9_mpcore_r4p1_trm.pdf ARM Cortex A9 MPcore]. It implements ARM TrustZone for execution in both a non-secure world and a sandboxed [[Secure World]]. However it is not the first processor to run on boot. | ||
The [[F00D_Processor|F00D processor]] is the actual secure boot device rather than the ARM processor. The F00D processor bootrom ("first loader") is the first code running on PSVita start. Once it starts it likely maps the eMMC and directly reads in the second_loader.enp or second_loader.enp_ from the eMMC [[SLB2]] partition. This is in the native load format of the F00D bootrom. There are 2 layers of encryption. First it decrypts the per-console layer that was added during the firmware installation. After that it decrypts the factory-encrypted layer then begins execution. See [[Enc]]. | |||
The | The [[Second Loader]] is primarily responsible for preparing the ARM processor. It initializes DRAM and decrypts kernel_boot_loader.self from eMMC [[SLB2]] partition into DRAM. It also writes the ARM exception vector and some boot context information to the 32kB scratch buffer (mirror mapped to 0x00000000 on ARM). kernel_boot_loader.self contains both the [[Kernel_Boot_Loader|secure kernel bootloader]] and [[TrustZone]], as well as the [[NSKBL|non-secure kernel bootloader]]. At this point the kprx_auth_sm.self and prog_rvk.srvk read from the eMMC [[SLB2]] partition are both loaded into DRAM. | ||
Finally, the | Finally, the [[Second Loader]] resets itself with a pointer to the secure_kernel.enp or enp_ binary. F00D processor then restarts and loads the secure_kernel.enp in and again decrypts the per-console layer that was added during the firmware install, and the factory layer. At this point the F00D processor [[Secure Kernel]] is prepared and it resets the ARM CPU at 0x00000000 (F00D scratch buffer). This triggers the ARM secure boot process to begin. | ||
=== Secure Kernel Bootloader === | === Secure Kernel Bootloader === | ||
The secure kernel bootloader decompresses the [[ARZL]] compressed | The secure kernel bootloader decompresses the [[ARZL]] compressed [[TrustZone]], loads it and sets up the VBAR and MVBAR. It then decompresses the [[ARZL]] non-secure kernel bootloader, sets NS in SCR and jumps into non-secure kernel bootloader. See [[Kernel Boot Loader]] for more information. | ||
=== Non-secure Kernel Bootloader === | === Non-secure Kernel Bootloader === | ||
Line 23: | Line 23: | ||
This kernel module does not export any library. It only has a module init function that has a hard coded list of core kernel modules (ex: sysmem.skprx) which are loaded with calls back into NSKBL through SceKblForKernel imports. Once the core initialization is done, the next module to run is SceSysStateMgr. | This kernel module does not export any library. It only has a module init function that has a hard coded list of core kernel modules (ex: sysmem.skprx) which are loaded with calls back into NSKBL through SceKblForKernel imports. Once the core initialization is done, the next module to run is SceSysStateMgr. | ||
==== 0.931 special case ==== | ==== FW 0.931 special case ==== | ||
On 0.931, NSKBL embeds the kernel modules list instead of using ScePsp2BootConfig. Here is the list: | On FW 0.931, NSKBL embeds the kernel modules list in data segment instead of using the ScePsp2BootConfig kernel module. Here is the list: | ||
<source> | <source> | ||
Line 69: | Line 69: | ||
=== SceSysStateMgr === | === SceSysStateMgr === | ||
This kernel module also does not export any library. Its init function first maps all the [[SceKernelBootimage]] embedded modules and redirects them to os0:kd/. Then it decrypts <code>os0:psp2config.skprx</code> or <code>os0:psp2config_vita.skprx</code> or <code>os0:psp2config_dolce.skprx</code> and parses the [[Boot Sequence#System Configuration Script|System Configuration Script]] to load the remaining modules and finally either [[SceSafemode]] or [[SceShell]] or [[ScePsp2Swu]] or [[ScePsp2Diag]]. | This kernel module also does not export any library. Its init function first maps all the [[SceKernelBootimage]] embedded modules and redirects them to os0:kd/. Then it decrypts <code>os0:psp2config.skprx</code> or <code>os0:psp2config_vita.skprx</code> or <code>os0:psp2config_dolce.skprx</code> and parses the [[Boot Sequence#System Configuration Script|System Configuration Script]] to load the remaining modules and finally either [[SceSafemode]] or [[SceShell]] or [[ScePsp2Swu]] or [[ScePsp2Diag]]. | ||
== Boot Partition == | == Boot Partition == | ||
The boot partition is [[SLB2]] formatted. It contains entries these files: | The boot partition is [[SLB2]] formatted. It contains entries these files: | ||
{| class="wikitable" | {| class="wikitable" | ||
Line 113: | Line 115: | ||
== System Configuration Script == | == System Configuration Script == | ||
<code>os0:psp2config.skprx</code> once decrypted is a UTF-8 text file that is parsed by SceSysStateMgr. It is a very simple script format. | <code>os0:psp2config.skprx</code> once decrypted is a UTF-8 text file that is parsed by SceSysStateMgr. It is a very simple script format. | ||
Line 118: | Line 121: | ||
=== Comments === | === Comments === | ||
Comments start out with <code>#</code> | |||
Comments start out with <code>#</code>. | |||
As an example, here is the header of FW 1.69 psp2config.skprx: | |||
<pre> | <pre> | ||
# | # | ||
Line 195: | Line 201: | ||
=== Load === | === Load === | ||
<code>load path</code> will load the kernel module at <code>path</code>. | <code>load path</code> will load the kernel module at <code>path</code>. | ||
Line 205: | Line 212: | ||
=== Spawn === | === Spawn === | ||
<code>spawn path</code> will spawn an app and continue processing the script in the background. | <code>spawn path</code> will spawn an app and continue processing the script in the background. | ||
Line 238: | Line 246: | ||
=== Include === | === Include === | ||
<code>include path</code> will include and process a config script located at <code>path</code>. | <code>include path</code> will include and process a config script located at <code>path</code>. | ||
Line 246: | Line 255: | ||
=== End === | === End === | ||
<code>end</code> will end script processing | <code>end</code> will end script processing | ||
=== Ignore Error === | === Ignore Error === | ||
Any line that starts with <code>- </code> will not fail the boot sequence if the line fails. For example, you can specify an optional module to load such that boot continues if the module does not exist or errors on load. | Any line that starts with <code>- </code> will not fail the boot sequence if the line fails. For example, you can specify an optional module to load such that boot continues if the module does not exist or errors on load. | ||
=== All codes (from 0.990) === | === All codes (from FW 0.990) === | ||
load, unload, loadonly, start, stop, unloadonly, spawn, spawnwait, wait, kill, loadconfig, ifmodel, ifnmodel, setenv, setmodfile, repeat, endrepeat, appspawn, tload | load, unload, loadonly, start, stop, unloadonly, spawn, spawnwait, wait, kill, loadconfig, ifmodel, ifnmodel, setenv, setmodfile, repeat, endrepeat, appspawn, tload | ||
Revision as of 00:58, 7 June 2020
Boot Process
Boot ROM
The PSVita main application processor is an ARM Cortex A9 MPcore. It implements ARM TrustZone for execution in both a non-secure world and a sandboxed Secure World. However it is not the first processor to run on boot.
The F00D processor is the actual secure boot device rather than the ARM processor. The F00D processor bootrom ("first loader") is the first code running on PSVita start. Once it starts it likely maps the eMMC and directly reads in the second_loader.enp or second_loader.enp_ from the eMMC SLB2 partition. This is in the native load format of the F00D bootrom. There are 2 layers of encryption. First it decrypts the per-console layer that was added during the firmware installation. After that it decrypts the factory-encrypted layer then begins execution. See Enc.
The Second Loader is primarily responsible for preparing the ARM processor. It initializes DRAM and decrypts kernel_boot_loader.self from eMMC SLB2 partition into DRAM. It also writes the ARM exception vector and some boot context information to the 32kB scratch buffer (mirror mapped to 0x00000000 on ARM). kernel_boot_loader.self contains both the secure kernel bootloader and TrustZone, as well as the non-secure kernel bootloader. At this point the kprx_auth_sm.self and prog_rvk.srvk read from the eMMC SLB2 partition are both loaded into DRAM.
Finally, the Second Loader resets itself with a pointer to the secure_kernel.enp or enp_ binary. F00D processor then restarts and loads the secure_kernel.enp in and again decrypts the per-console layer that was added during the firmware install, and the factory layer. At this point the F00D processor Secure Kernel is prepared and it resets the ARM CPU at 0x00000000 (F00D scratch buffer). This triggers the ARM secure boot process to begin.
Secure Kernel Bootloader
The secure kernel bootloader decompresses the ARZL compressed TrustZone, loads it and sets up the VBAR and MVBAR. It then decompresses the ARZL non-secure kernel bootloader, sets NS in SCR and jumps into non-secure kernel bootloader. See Kernel Boot Loader for more information.
Non-secure Kernel Bootloader
The non-secure kernel bootloader contains an embedded and likely stripped version of SceSysmem, SceKernelModulemgr, SceSblSmschedProxy, and some other core drivers. The NSKBL sets up the eMMC device (again) and starts os0:psp2bootconfig.skprx
.
ScePsp2BootConfig
This kernel module does not export any library. It only has a module init function that has a hard coded list of core kernel modules (ex: sysmem.skprx) which are loaded with calls back into NSKBL through SceKblForKernel imports. Once the core initialization is done, the next module to run is SceSysStateMgr.
FW 0.931 special case
On FW 0.931, NSKBL embeds the kernel modules list in data segment instead of using the ScePsp2BootConfig kernel module. Here is the list:
sysmem.skprx excpmgr.skprx intrmgr.skprx systimer.skprx acmgr.skprx threadmgr.skprx dmacmgr.skprx ssproxy.skprx smsc_proxy.skprx authmgr.skprx iofilemgr.skprx modulemgr.skprx processmgr.skprx backtrace.skprx sdbgsdio.skprx deci4p_sdfmgr.skprx deci4p_sttyp.skprx deci4p_sdbgp.skprx deci4p_sdrfp.skprx stdio.skprx lowio.skprx clockgen.skprx sdif.skprx sdstor.skprx fatsd.skprx exfatfs.skprx pamgr.skprx sysstatemgr.skprx
SceSysStateMgr
This kernel module also does not export any library. Its init function first maps all the SceKernelBootimage embedded modules and redirects them to os0:kd/. Then it decrypts os0:psp2config.skprx
or os0:psp2config_vita.skprx
or os0:psp2config_dolce.skprx
and parses the System Configuration Script to load the remaining modules and finally either SceSafemode or SceShell or ScePsp2Swu or ScePsp2Diag.
Boot Partition
The boot partition is SLB2 formatted. It contains entries these files:
Name | Earliest Known Version | Comments |
---|---|---|
kernel_boot_loader.self | 0.931 | Secure KBL and ARZL compressed NS KBL |
kprx_auth_sm.self | 0.931 | Used with F00D Processor to decrypt SELFs |
prog_rvk.srvk | 0.931 | SCE encrypted SELF revocation list |
second_loader.enp | 0.931 | Secure bootloader |
second_loader.enp_ | 0.931 | Related to second_loader.enp in some way, likely for encryption |
secure_kernel.enp | 0.931 | Secure kernel loader |
secure_kernel.enp_ | 0.931 | Related to secure_kernel.enp in some way, likely for encryption |
secure_kernel.xxx | 0.931 | Prototype secure kernel loader encrypted differently than secure_kernel.enc |
System Configuration Script
os0:psp2config.skprx
once decrypted is a UTF-8 text file that is parsed by SceSysStateMgr. It is a very simple script format.
If "Producting Mode" (MANUFACTURING_MODE) is enabled, then it is possible to load psp2config.skprx
from sd0:
(SD adapter in GameCard slot) or ux0:
. However, the files must still be signed and encrypted SELFs. In "Producting Mode" if sd0:psp2diag.self
or ux0:psp2diag.self
exists (and is a valid signed & encrypted SELF), then it will be launched. If "Development Mode" (DEVELOPMENT_MODE) is enabled (note that this does not necessarily mean PDEL or devkit), then psp2config.skprx
can be a plaintext file instead.
Comments
Comments start out with #
.
As an example, here is the header of FW 1.69 psp2config.skprx:
# # PSP2 System Configuration for Release # # [NOTICE] # # This configuration is only for kernel_boot_loader_release.self. #
Conditionals
Conditionals start with if
and end with endif
. There are certain conditional constants defined in SceSysStateMgr. A table of known conditionals is below.
Name | Description |
---|---|
MANUFACTURING_MODE | When the unit is in Manufacturing Mode (enabled by Jig), it tries to load psp2diag.self from sd0: or ux0:. This a diagnosis tool (this file has never been leaked). This info comes from NVS. |
EXTERNAL_BOOT_MODE | Unknown. Depends on some condition set on boot by some bootloader |
UPDATE_MODE | Set by Syscon when an update is about to be performed. This info comes from NVS. In this case, psp2swu.self is loaded. |
USB_ENUM_WAKEUP | This flag is set when the PSVita boots due to USB CMA connection while device is turned off or USB automatic boot in IDU mode. |
KERMIT_REV_ES1_X | GPU hardware revision related. Does not support the Home Menu. Loads vs0:vsh/shell/shell_mini.self instead of shell.self. |
KERMIT_REV_ES2_X | GPU hardware revision related. |
KERMIT_REV_ES3_X | GPU hardware revision related. |
KERMIT_REV_ES4_X | GPU hardware revision related. |
KERMIT15_REV_ES1_X | Unknown. |
KERMIT10_REV_ES4_X | Unknown. |
UD0_EXIST | Does the ud0: Partition exist? |
DEMO_MODE | Is the PSVita IDU/ShowMode flagged? This info comes from Syscon. |
BSOD_REBOOT | Must the PSVita boot in BSOD mode? This info comes from NVS. In this case, os0:kd/crashdump.skprx is loaded. Once the home menu appears a warning message about bad shutdown risks is displayed. |
SAFE_MODE | Is the PSVita in safe mode? This info comes from NVS. In this case, os0:ue/safemode.self is loaded. |
DEVELOPMENT_MODE | SceSblACMgr is called to check if device is a development device and is in DevMode. This info comes from CP DIP Switches. |
AU_CODEC_IC_CONEXANT | An audio IC chip from CONEXANT that could be seen only on PSVita (not PSTV) CEX and DEX (not TOOL) units. This info comes from Sysroot#Hardware_flags. In this case, codec_cx.skprx is loaded instead of codec.skprx. |
Example:
if SAFE_MODE spawn os0:ue/safemode.self end endif
Load
load path
will load the kernel module at path
.
tload path
possibly stands for "test load." Possibly used in development units to load to module to dedicated devkit RAM.
Example:
load os0:kd/ngs.skprx
Spawn
spawn path
will spawn an app and continue processing the script in the background.
spawnwait path
will spawn an app and wait for it to exit before continuing processing the script.
appspawn path param
is used to spawn the app self located at path
with the parameter param
.
Known param constants:
Name | Description |
---|---|
SHELL_BUDGET_ID | Unknown. Example modules: vs0:vsh/shell/shell.self and vs0:vsh/shell/shell_mini.self
|
GAME_BUDGET_ID | Unknown. Example module: vs0:vsh/shell/shell_gamebudget.self
|
Example:
if UPDATE_MODE if UD0_EXIST spawn ud0:PSP2UPDATE/psp2swu.self else spawn ur0:PSP2UPDATE/psp2swu.self endif end endif
Include
include path
will include and process a config script located at path
.
Example:
include ur0:temp/bcfg2.txt
End
end
will end script processing
Ignore Error
Any line that starts with -
will not fail the boot sequence if the line fails. For example, you can specify an optional module to load such that boot continues if the module does not exist or errors on load.
All codes (from FW 0.990)
load, unload, loadonly, start, stop, unloadonly, spawn, spawnwait, wait, kill, loadconfig, ifmodel, ifnmodel, setenv, setmodfile, repeat, endrepeat, appspawn, tload
+ include, if, endif, end
Boot Debug Checkpoint Codes
During the boot sequence, the various bootloaders will update a GPIO register specifying the progress into boot. This can be used to debug where in the boot process something fails.
GPIO
The GPIO registers are registered at 0xE20A000C
(turn off bits) and 0xE20A0008
(turn on bits). On PDEL units, this maps to the LED lights.
Known Codes
Code | Location | Description |
---|---|---|
72 | ? | ? |
84 | ? | ? |
85 | ? | ? |
86 | ? | ? |
96 | ? | ? |
129 | Secure Kernel Loader | Core 0 (secure world) pre-init complete |
130 | Secure Kernel Loader | Secure world interrupts registered (?) |
131 | Secure Kernel Loader | Serial console ready, boot message printed |
132 | Secure Kernel Loader | Some device init |
133 | Secure Kernel Loader | Some co-processor init. Starting point for other cores. |
134 | Secure Kernel Loader | MMU enabled, VBAR/MVBAR set up |
135 | Secure Kernel Loader | Nothing since 134 |
136 | Secure Kernel Loader | Boot setup complete, secure kernel loading begin |
137 | Secure Kernel Loader | Secure kernel loaded. About to load NS KBL at 0x51000000
|
138 | Secure Kernel Loader | Secure kernel loaded. About to resume context at 0x1F000000 . Or undefined instruction exception.
|
139 | Secure Kernel Loader | SVC exception (should not happen, error) |
140 | Secure Kernel Loader | Prefetch abort exception |
141 | Secure Kernel Loader | Data abort exception |
142 | Secure Kernel Loader | IRQ exception (should not happen, error) |
143 | Secure Kernel Loader | FIQ exception (should not happen, error) |
161 | NS Kernel Loader | Core 0 (non-secure world) pre-init complete |
162 | NS Kernel Loader | Some interrupts registered (?) |
163 | NS Kernel Loader | Serial console ready, boot message printed (if enabled) |
164 | NS Kernel Loader | Some buffer is initialized to device addresses |
165 | NS Kernel Loader | Some co-processor init. Starting point for other cores. |
166 | NS Kernel Loader | MMU enabled, VBAR set up |
167 | NS Kernel Loader | Nothing since 166 |
168 | NS Kernel Loader | Boot setup complete, NS kernel loading begin |
169 | NS Kernel Loader | Kernel pre-init (setup stacks, interrupts, etc) done. Right before first external loading. |
170 | NS Kernel Loader | Undefined instruction exception |
171 | NS Kernel Loader | SVC exception (should not happen, error) |
172 | NS Kernel Loader | Prefetch abort exception |
173 | NS Kernel Loader | Data abort exception |
174 | NS Kernel Loader | IRQ exception (should not happen, error) |
175 | NS Kernel Loader | FIQ exception (should not happen, error) |
Suspend and Resume
Upon suspension, context is written to memory and a syscon command is issued to save the context pointer as well as other information (for example, if it should restart into update mode). When resuming, the boot process is the same as cold boot up until the secure kernel bootloader. After secure kernel loads, instead of decompressing and jumping to the non-secure kernel bootloader, it restores the saved context and returns to the kernel resume code.
See Suspend.