NSKBL: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
m (→‎sceKblFreeFileSystemCtxForKernel: Mark NID as valid down to 0.940 and add info)
No edit summary
Line 130: Line 130:
|}
|}


On 0.940, calls a routine that simple does <code>cpsid i</code> then returns 0.
On FW 0.940, it calls a routine that simply executes <code>cpsid i</code> then returns 0.


=== BootModules  ===
=== BootModulesForKernel ===
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 145: Line 145:


<source lang="C">
<source lang="C">
//If run_boot_entry is SCE_TRUE, module_start is executed on core 0 and
// If run_boot_entry is SCE_TRUE, module_start is executed on core 0 and
//module_bootstart is executed on all cores
// module_bootstart is executed on all cores
SceInt32 BootModules(SceNskblModuleInfo* module_list, SceSize args, const void* argp, SceBool run_boot_entry);
SceInt32 BootModules(SceNskblModuleInfo* module_list, SceSize args, const void* argp, SceBool run_boot_entry);
</source>
</source>


=== sceSDfMgrStart ===
=== sceSDfMgrStartForKernel ===
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 160: Line 160:
|}
|}


=== LoadModules ===
=== LoadModulesForKernel ===
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 171: Line 171:


Load all modules from the provided list. The list end is marked by an entry with <code>moduleName = NULL</code>.
Load all modules from the provided list. The list end is marked by an entry with <code>moduleName = NULL</code>.
Module GUIDs are populated into the list, so it must be writeable.
Module GUIDs are populated into the list, so it must be writeable.


<source lang="C">
<source lang="C">SceInt32 LoadModules(SceNskblModuleInfo* module_list);</source>
SceInt32 LoadModules(SceNskblModuleInfo* module_list);
</source>


=== sceKblPutcharForKernel ===
=== sceKblPutcharForKernel ===
Line 185: Line 184:
|}
|}


This is a guessed name. This function is at 0x510172BD in 3.60 and at 0x51003BE0 in 0.940.040.
This is a guessed name.
 
This function is at 0x510172BD in FW 3.60 and at 0x51003BE0 in FW 0.940.040.


<source lang="C">int sceKblPutcharForKernel(void *args, char c);</source>
<source lang="C">int sceKblPutcharForKernel(void *args, char c);</source>
Line 197: Line 198:
|}
|}


In 3.60 this function is at 0x510137A9
In FW 3.60 this function is at 0x510137A9.


<source lang="C">int sceKernelPrintfForKernel(const char *fmt, ...);</source>
<source lang="C">int sceKernelPrintfForKernel(const char *fmt, ...);</source>
Line 211: Line 212:
|}
|}


In 3.60 this function is at 0x51013841.
In FW 3.60 this function is at 0x51013841.


<source lang="C">int sceKernelPrintfLevelForKernel(int level, const char *fmt, ...);</source>
<source lang="C">int sceKernelPrintfLevelForKernel(int level, const char *fmt, ...);</source>
Line 225: Line 226:
Temp name was sceKblGetMinimumLogLevel.
Temp name was sceKblGetMinimumLogLevel.


In 3.60 this function is at 0x51013921.
In FW 3.60 this function is at 0x51013921.


<source lang="C">int sceKernelGetDebugLevelForKernel(void);</source>
<source lang="C">int sceKernelGetDebugLevelForKernel(void);</source>
Line 237: Line 238:
|}
|}


In 3.60 this function is at 0x51013765.
In FW 3.60 this function is at 0x51013765.


<source lang="C">void *sceKernelGetDebugPutcharForKernel(void);</source>
<source lang="C">void *sceKernelGetDebugPutcharForKernel(void);</source>
Line 249: Line 250:
|}
|}


In 3.60 this function is at 0x510123DD.
In FW 3.60 this function is at 0x510123DD.


<source lang="C">int sceKernelSysrootProcessmgrStart2ForKernel(void);</source>
<source lang="C">int sceKernelSysrootProcessmgrStart2ForKernel(void);</source>
Line 261: Line 262:
|}
|}


In 3.60 this function is at 0x510123A1.
In FW 3.60 this function is at 0x510123A1.


<source lang="C">int sceKernelSysrootThreadMgrStartAfterProcessForKernel(void);</source>
<source lang="C">int sceKernelSysrootThreadMgrStartAfterProcessForKernel(void);</source>
Line 273: Line 274:
|}
|}


In 3.60 this function is at 0x5101297D.
In FW 3.60 this function is at 0x5101297D.


<source lang="C">int sceKernelSysrootIofilemgrStartForKernel(void);</source>
<source lang="C">int sceKernelSysrootIofilemgrStartForKernel(void);</source>
Line 285: Line 286:
|}
|}


In 3.60 this function is at 0x510124FD.
In FW 3.60 this function is at 0x510124FD.


<source lang="C">void sceKernelSysrootCorelockUnlockForKernel(void);</source>
<source lang="C">void sceKernelSysrootCorelockUnlockForKernel(void);</source>
Line 297: Line 298:
|}
|}


In 3.60 this function is at 0x510124E5.
In FW 3.60 this function is at 0x510124E5.


<source lang="C">void sceKernelSysrootCorelockLockForKernel(SceUInt32 core);</source>
<source lang="C">void sceKernelSysrootCorelockLockForKernel(SceUInt32 core);</source>
Line 311: Line 312:
|}
|}


In 3.60 this function is at 0x51003554.
This is a guessed name. Temp name was sceKblCpuSwitchInterruptsForKernel.


Temp name was sceKblCpuSwitchInterruptsForKernel.
In FW 3.60 this function is at 0x51003554.


<source lang="C">void sceKblCpuDisableIrqInterruptsForKernel(void);</source>
<source lang="C">void sceKblCpuDisableIrqInterruptsForKernel(void);</source>
Line 325: Line 326:
|}
|}


In 3.60 this function is at 0x510171B5.
In FW 3.60 this function is at 0x510171B5.


<source lang="C">int sceSblAimgrIsCEXForKernel(void);</source>
<source lang="C">int sceSblAimgrIsCEXForKernel(void);</source>
Line 337: Line 338:
|}
|}


In 3.60 this function is at 0x51017175.
In FW 3.60 this function is at 0x51017175.


<source lang="C">int sceSblAimgrIsDiagForKernel(void);</source>
<source lang="C">int sceSblAimgrIsDiagForKernel(void);</source>
Line 351: Line 352:
|}
|}


In 3.60 this function is at 0x51017159.
In FW 3.60 this function is at 0x51017159.


<source lang="C">int sceSblAimgrIsDEXForKernel(void);</source>
<source lang="C">int sceSblAimgrIsDEXForKernel(void);</source>
Line 365: Line 366:
|}
|}


In 3.60 this function is at 0x51017139.
In FW 3.60 this function is at 0x51017139.


<source lang="C">int sceSblAimgrIsToolForKernel(void);</source>
<source lang="C">int sceSblAimgrIsToolForKernel(void);</source>
Line 379: Line 380:
|}
|}


In 3.60 this function is at 0x5101711D.
In FW 3.60 this function is at 0x5101711D.


<source lang="C">int sceSblAimgrIsTestForKernel(void);</source>
<source lang="C">int sceSblAimgrIsTestForKernel(void);</source>
Line 393: Line 394:
|}
|}


In 3.60 this function is at 0x51017299.
In FW 3.60 this function is at 0x51017299.


<source lang="C">int sceSblAimgrIsVITAForKernel(void);</source>
<source lang="C">int sceSblAimgrIsVITAForKernel(void);</source>
Line 407: Line 408:
|}
|}


In 3.60 this function is at 0x510172A1.
In FW 3.60 this function is at 0x510172A1.


<source lang="C">int sceSblAimgrIsDolceForKernel(void);</source>
<source lang="C">int sceSblAimgrIsDolceForKernel(void);</source>
Line 421: Line 422:
|}
|}


In 3.60 this function is at 0x510171E5.
In FW 3.60 this function is at 0x510171E5.


<source lang="C">int sceSblAimgrIsGenuineDolceForKernel(void);</source>
<source lang="C">int sceSblAimgrIsGenuineDolceForKernel(void);</source>
Line 435: Line 436:
|}
|}


In 3.60 this function is at 0x51001551.
This is a guessed name.
 
In FW 3.60 this function is at 0x51001551.


<source lang="C">
<source lang="C">
Line 455: Line 458:
|}
|}


In 3.60 this function is at 0x51001571
This is a guessed name.
 
In FW 3.60 this function is at 0x51001571.


<source lang="C">int sceKblStartModuleForKernel(SceUID *pUidList, SceUInt32 count, SceSize args, void *argp);</source>
<source lang="C">int sceKblStartModuleForKernel(SceUID *pUidList, SceUInt32 count, SceSize args, void *argp);</source>
Line 469: Line 474:
|}
|}


In 3.60 this function is at 0x51001345.
This is a guessed name.
 
In FW 3.60 this function is at 0x51001345.


<source lang="C">int sceKblAuthMgrCloseForKernel(void);</source>
<source lang="C">int sceKblAuthMgrCloseForKernel(void);</source>
Line 483: Line 490:
|}
|}


In 3.60 this function is at 0x51001561.
This is a guessed name.
 
In FW 3.60 this function is at 0x51001561.


<source lang="C">int sceKblSetNonSyncModuleStartForKernel(void);</source>
<source lang="C">int sceKblSetNonSyncModuleStartForKernel(void);</source>
Line 495: Line 504:
|}
|}


In 3.60 this function is at 0x510147C9.
In FW 3.60 this function is at 0x510147C9.


<source lang="C">int sceKernelCpuIdForKernel(void);</source>
<source lang="C">int sceKernelCpuIdForKernel(void);</source>
Line 507: Line 516:
|}
|}


In 3.60 this function is at 0x51015851.
In FW 3.60 this function is at 0x51015851.


<source lang="C">int sceKernelCheckDipswForKernel(int bit);</source>
<source lang="C">int sceKernelCheckDipswForKernel(int bit);</source>
Line 519: Line 528:
|}
|}


In 3.60 this function is at 0x51016FD1
In FW 3.60 this function is at 0x51016FD1.


<source lang="C">int sceSblQafManagerIsAllowKernelDebugForKernel(void);</source>
<source lang="C">int sceSblQafManagerIsAllowKernelDebugForKernel(void);</source>
Line 533: Line 542:
|}
|}


get some device flags function
This is a guessed name.


In 3.60 this function is at 0x510128AD
In FW 3.60 this function is at 0x510128AD.


<source lang="C">
<source lang="C">
typedef struct SceSysrootHardwareFlags {
typedef struct SceHardwareFlags {
uint32_t data[4];
uint32_t data[4];
} __attribute__((packed)) SceSysrootHardwareFlags;
} __attribute__((packed)) SceHardwareFlags;


int sceKblGetHardwareFlagsForKernel(SceSysrootHardwareFlags *data);
int sceKblGetHardwareFlagsForKernel(SceHardwareFlags *pFlags);
</source>
</source>


Line 553: Line 562:
|}
|}


Some device init function - on 0.940 this initializes and mounts <code>mmc(OS)</code> and <code>sd</code>.
This is a guessed name.


In 3.60 this function is at 0x5100124D.
Some device init function. On FW 0.940 it initializes and mounts <code>os0:</code> (eMMC) and <code>sd0:</code> (GCSD).
 
In FW 3.60 this function is at 0x5100124D.


<source lang="C">int sceKblInitDeviceForKernel(void);</source>
<source lang="C">int sceKblInitDeviceForKernel(void);</source>
Line 566: Line 577:
| 0.940-3.60 || 0x261F2747
| 0.940-3.60 || 0x261F2747
|}
|}
This is a guessed name.


Cleanup state created by [[NSKBL#sceKblInitDeviceForKernel]].
Cleanup state created by [[NSKBL#sceKblInitDeviceForKernel]].


In 3.60 this function is at 0x51001321.
In FW 3.60 this function is at 0x51001321.


<source lang="C">int sceKblFreeFileSystemCtxForKernel(void);</source>
<source lang="C">int sceKblFreeFileSystemCtxForKernel(void);</source>

Revision as of 00:25, 28 May 2022

Non-Secure Kernel Boot Loader (NSKBL) is a Non-Secure world program that performs eMMC setup, base kernel modules loading, etc. during PSVita boot.

Module

The NSKBL contains subroutines that are stripped versions of the non-secure kernel ones found in SceSysmem, SceKernelModulemgr, SceSblSmschedProxy, SceExcpmgr, SceKernelIntrMgr, SceSblAuthMgr, SceProcessmgr (maybe), SceSdif, SceIofilemgr (simple version?), and some other core drivers.

Notes

How to debug NSKBL

NSKBL supports sd0: for debugging. pKblParam->boot_type_indicator_1 = 0x40000 is required.

sceIoOpen(?) error code 0x803FF007

This error can occur if the file is fragmented.

Types


typedef struct SceNskblModuleInfo {
    char* moduleName;    //Raw SKPRX name (e.g. "sysmem.skprx") - modules are loaded either from os0:kd/ or host0:module/
    SceUID moduleId;     //SCE_UID_INVALID_UID, gets filled when loading
    SceUInt32 loadFlags; //Passed as flags to sceKernelLoadModuleWithoutStart
} SceNskblModuleInfo;

/* Many pointers are NSKBL heap relationships */
typedef struct SceNskblSysrootInfo { // size is at least 0xC8 on FW 3.60
	SceUID unk_0x00; // maybe some PID. ex: 0x10089
	int unk_0x04;
	void *unk_0x08;
	void *unk_0x0C;
	void *unk_0x10;
	void *unk_0x14;
	void *unk_0x18;
	void *unk_0x1C;
	void *unk_0x20;
	void *unk_0x24;
	void *unk_0x28;
	void *unk_0x2C;
	SceUID unk_0x30; // maybe some PID. ex: 0x1000B
	const void *unk_0x34; // mapped paddr in vaddr
	const void *unk_0x38; // mapped paddr in vaddr
	void *unk_0x3C;
	int unk_0x40; // ex: 0x80000000
	int unk_0x44; // ex: 0x20000000
	void *unk_0x48;
	void *unk_0x4C;
	void *unk_0x50;
	void *unk_0x54;
	void *unk_0x58;
	void *unk_0x5C;
	void *unk_0x60;
	void *unk_0x64;
	void *unk_0x68;
	void *unk_0x6C;
	void *unk_0x70;
	void *unk_0x74;
	void *unk_0x78;
	void *unk_0x7C;
	void *unk_0x80;
	void *unk_0x84;
	void *unk_0x88;
	void *unk_0x8C;
	void *unk_0x90;
	void *unk_0x94;
	void *unk_0x98;
	SceUInt32 magic; // 0x 19442EA8
	int unk_0xA0; // ex: 0x1000
	int unk_0xA4; // ex: 0x1000
	int unk_0xA8; // ex: 0x40000
	int unk_0xAC; // ex: 0x200000
	int unk_0xB0; // ex: 7
	int unk_0xB4;
	int unk_0xB8; // ex: 0x80
	sysroot_t *pSysroot;
	void *unk_0xC0;
	void *unk_0xC4;
	// more...?
} SceNskblSysrootInfo; // 3.60

SceNskblSysrootInfo *nskbl_sysroot_info = (SceNskblSysrootInfo *)(0x51000000 + 0x138980); // 3.60

Libraries

Known NIDs

Version Name World Visibility NID
0.940-3.65 SceKblForKernel Non-secure Kernel 0xD0FC2991

SceKblForKernel

sceSDrfpStartForKernel

Version NID
0.940-0.990 0x230456F3
3.60 not present

sceSDbgSdioStartForKernel

Version NID
0.940-0.990 0x29A8524D
3.60 not present

Requires DIPSW 193.

SceInt32 sceSDbgSdioStartForKernel(void);

SceKblForKernel_99B2F981

Version NID
0.940-0.990 0x99B2F981
3.60 not present

On FW 0.940, it calls a routine that simply executes cpsid i then returns 0.

BootModulesForKernel

Version NID
0.940-0.990 0xA7D60F71
3.60 not present

Runs the entrypoint of all modules in provided list. The list end is marked by an entry with moduleId = SCE_UID_INVALID_UID.

// If run_boot_entry is SCE_TRUE, module_start is executed on core 0 and
// module_bootstart is executed on all cores
SceInt32 BootModules(SceNskblModuleInfo* module_list, SceSize args, const void* argp, SceBool run_boot_entry);

sceSDfMgrStartForKernel

Version NID
0.940-0.990 0xAA8005E4
3.60 not present

LoadModulesForKernel

Version NID
0.940-0.990 0xFAE33FDD
3.60 not present

Load all modules from the provided list. The list end is marked by an entry with moduleName = NULL.

Module GUIDs are populated into the list, so it must be writeable.

SceInt32 LoadModules(SceNskblModuleInfo* module_list);

sceKblPutcharForKernel

Version NID
0.940-3.60 0x08E9FAEB

This is a guessed name.

This function is at 0x510172BD in FW 3.60 and at 0x51003BE0 in FW 0.940.040.

int sceKblPutcharForKernel(void *args, char c);

sceKernelPrintfForKernel

Version NID
0.940-3.60 0x13A5ABEF

In FW 3.60 this function is at 0x510137A9.

int sceKernelPrintfForKernel(const char *fmt, ...);

sceKernelPrintfLevelForKernel

Version NID
0.940 Not present
0.990-3.60 0x752E7EEC

In FW 3.60 this function is at 0x51013841.

int sceKernelPrintfLevelForKernel(int level, const char *fmt, ...);

sceKernelGetDebugLevelForKernel

Version NID
0.940-3.60 0xC011935A

Temp name was sceKblGetMinimumLogLevel.

In FW 3.60 this function is at 0x51013921.

int sceKernelGetDebugLevelForKernel(void);

sceKernelGetDebugPutcharForKernel

Version NID
0.940-3.60 0x9B868276

In FW 3.60 this function is at 0x51013765.

void *sceKernelGetDebugPutcharForKernel(void);

sceKernelSysrootProcessmgrStart2ForKernel

Version NID
0.940-3.60 0x161D6FCC

In FW 3.60 this function is at 0x510123DD.

int sceKernelSysrootProcessmgrStart2ForKernel(void);

sceKernelSysrootThreadMgrStartAfterProcessForKernel

Version NID
0.940-3.60 0x1DB28F02

In FW 3.60 this function is at 0x510123A1.

int sceKernelSysrootThreadMgrStartAfterProcessForKernel(void);

sceKernelSysrootIofilemgrStartForKernel

Version NID
0.940-3.60 0xC7B77991

In FW 3.60 this function is at 0x5101297D.

int sceKernelSysrootIofilemgrStartForKernel(void);

sceKernelSysrootCorelockUnlockForKernel

Version NID
0.940-3.60 0x314AA770

In FW 3.60 this function is at 0x510124FD.

void sceKernelSysrootCorelockUnlockForKernel(void);

sceKernelSysrootCorelockLockForKernel

Version NID
0.940-3.60 0x807B4437

In FW 3.60 this function is at 0x510124E5.

void sceKernelSysrootCorelockLockForKernel(SceUInt32 core);

sceKblCpuDisableIrqInterruptsForKernel

Version NID
0.940-0.990 Not present
3.60 0xDDB3A1A8

This is a guessed name. Temp name was sceKblCpuSwitchInterruptsForKernel.

In FW 3.60 this function is at 0x51003554.

void sceKblCpuDisableIrqInterruptsForKernel(void);

sceSblAimgrIsCEXForKernel

Version NID
0.940-3.60 0x8A416887

In FW 3.60 this function is at 0x510171B5.

int sceSblAimgrIsCEXForKernel(void);

sceSblAimgrIsDiagForKernel

Version NID
0.940-3.60 0xC3DDDE15

In FW 3.60 this function is at 0x51017175.

int sceSblAimgrIsDiagForKernel(void);

sceSblAimgrIsDEXForKernel

Version NID
0.940-0.990 Not present
3.60 0x5945F065

In FW 3.60 this function is at 0x51017159.

int sceSblAimgrIsDEXForKernel(void);

sceSblAimgrIsToolForKernel

Version NID
0.990 not present
3.60 0xB6C9ACF1

In FW 3.60 this function is at 0x51017139.

int sceSblAimgrIsToolForKernel(void);

sceSblAimgrIsTestForKernel

Version NID
0.990 not present
3.60 0x943E7537

In FW 3.60 this function is at 0x5101711D.

int sceSblAimgrIsTestForKernel(void);

sceSblAimgrIsVITAForKernel

Version NID
0.990 not present
3.60 0x838466E9

In FW 3.60 this function is at 0x51017299.

int sceSblAimgrIsVITAForKernel(void);

sceSblAimgrIsDolceForKernel

Version NID
0.990 not present
3.60 0xA7BD4417

In FW 3.60 this function is at 0x510172A1.

int sceSblAimgrIsDolceForKernel(void);

sceSblAimgrIsGenuineDolceForKernel

Version NID
0.990 not present
3.60 0xB6D00D6D

In FW 3.60 this function is at 0x510171E5.

int sceSblAimgrIsGenuineDolceForKernel(void);

sceKblLoadModuleForKernel

Version NID
0.990 not present
3.60 0x6D7A1F18

This is a guessed name.

In FW 3.60 this function is at 0x51001551.

typedef struct SceModuleLoadList {
  const char *filename;
} __attribute__((packed)) SceModuleLoadList;

int sceKblLoadModuleForKernel(const SceModuleLoadList *pList, SceUID *pUidList, SceUInt32 count, SceBool use_tool_extended_memory);

sceKblStartModuleForKernel

Version NID
0.990 not present
3.60 0x9A92436E

This is a guessed name.

In FW 3.60 this function is at 0x51001571.

int sceKblStartModuleForKernel(SceUID *pUidList, SceUInt32 count, SceSize args, void *argp);

sceKblAuthMgrCloseForKernel

Version NID
0.990 not present
3.60 0x79241ACF

This is a guessed name.

In FW 3.60 this function is at 0x51001345.

int sceKblAuthMgrCloseForKernel(void);

sceKblSetNonSyncModuleStartForKernel

Version NID
0.990 not present
3.60 0x9F4F3F98

This is a guessed name.

In FW 3.60 this function is at 0x51001561.

int sceKblSetNonSyncModuleStartForKernel(void);

sceKernelCpuIdForKernel

Version NID
0.940-3.60 0xB506A10E

In FW 3.60 this function is at 0x510147C9.

int sceKernelCpuIdForKernel(void);

sceKernelCheckDipswForKernel

Version NID
0.990-3.60 0xC8F4DE71

In FW 3.60 this function is at 0x51015851.

int sceKernelCheckDipswForKernel(int bit);

sceSblQafManagerIsAllowKernelDebugForKernel

Version NID
0.940-3.60 0xCE94F329

In FW 3.60 this function is at 0x51016FD1.

int sceSblQafManagerIsAllowKernelDebugForKernel(void);

sceKblGetHardwareFlagsForKernel

Version NID
0.990 not present
3.60 0xD3A516D5

This is a guessed name.

In FW 3.60 this function is at 0x510128AD.

typedef struct SceHardwareFlags {
	uint32_t data[4];
} __attribute__((packed)) SceHardwareFlags;

int sceKblGetHardwareFlagsForKernel(SceHardwareFlags *pFlags);

sceKblInitDeviceForKernel

Version NID
0.940-3.60 0xF7AF8690

This is a guessed name.

Some device init function. On FW 0.940 it initializes and mounts os0: (eMMC) and sd0: (GCSD).

In FW 3.60 this function is at 0x5100124D.

int sceKblInitDeviceForKernel(void);

sceKblFreeFileSystemCtxForKernel

Version NID
0.940-3.60 0x261F2747

This is a guessed name.

Cleanup state created by NSKBL#sceKblInitDeviceForKernel.

In FW 3.60 this function is at 0x51001321.

int sceKblFreeFileSystemCtxForKernel(void);