Kernel Boot Loader
Jump to navigation
Jump to search
Structure
Kernel Boot Loader ELF consists of 4 segments: SKBL reset vector, SKBL segment 0, SKBL segment 1, NSKBL.
SKBL reset vector
SKBL Reset vector is copied ?by SKBL Segment 0 or by second_loader? from file to physical address 0x40000000.
SKBL Segment 0
This is SKBL executable code followed by Tzs modules.
FW 3.60
| Start offset | End offset | Size | Comments |
|---|---|---|---|
| 0x0 | ?0x1AA3F? | ?0x1AA40? | SKBL executable code |
| ?0x1AA40? | ?0x8EC? | 0x1B32C | some SKBL data |
| 0x1B32C | 0x273C3 | 0xC098? | SceSysmem.elf (ARZL compressed) |
| 0x273C4 | 0x297EB | 0x2428 | SceExcpmgr.elf |
| 0x297EC | 0x2B507 | 0x1D1C | SceKernelIntrMgr.elf |
| 0x2B508 | 0x2CD27 | 0x1820 | SceKernelBusError.elf |
| 0x2CD28 | 0x3094F | 0x3C28 | SceSblSmsched.elf |
| 0x30950 | 0x3438F | 0x3A40 | SceDriverTzs.elf |
| 0x34390 | 0x370C7 | 0x2D38 | some SKBL data |
SKBL Segment 1
This seems to be SKBL data segment.
It contains at least:
- two corelock context
- SKBL initial stack cookie
- SKBL some pointer
- device register base
- zeroed data
NSKBL
See NSKBL.