NSKBL: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
No edit summary
Line 18: Line 18:


<source lang="C">
<source lang="C">
typedef struct SceNskblModuleInfo { // Size is 0xC on FWs 0.940-0.990
typedef struct SceNskblModuleInfo { // size is 0xC on FWs 0.940-0.990
     char* moduleName;    // Raw SKPRX file name (e.g. "sysmem.skprx"). Modules are loaded either from os0:kd/ or host0:module/.
     char* filename;    // Raw SKPRX file name (e.g. "sysmem.skprx"). Modules are loaded either from os0:kd/ or host0:module/.
     SceUID moduleId;    // SCE_UID_INVALID_UID. It gets filled when loading.
     SceUID moduleId;    // SCE_UID_INVALID_UID. It gets filled when loading.
     SceUInt32 loadFlags; // Passed as flags to sceKernelLoadModule.
     SceUInt32 loadFlags; // Passed as flags to sceKernelLoadModule.
} SceNskblModuleInfo;
} __attribute__((packed)) SceNskblModuleInfo;
 
typedef struct SceNskblModuleInfo2 { // size is 4 on FW 3.60
    const char* filename;
} __attribute__((packed)) SceNskblModuleInfo2;
 
typedef struct SceHardwareFlags { // size is 0x10 on FW 3.60
    uint32_t data[4];
} __attribute__((packed)) SceHardwareFlags;


/* Many pointers are NSKBL heap relationships */
/* Many pointers are NSKBL heap relationships */
Line 118: Line 126:


<source lang="C">SceInt32 sceSDbgSdioStartForKernel(void);</source>
<source lang="C">SceInt32 sceSDbgSdioStartForKernel(void);</source>
=== SceKblForKernel_99B2F981 ===
{| class="wikitable"
|-
! Version !! NID
|-
| 0.940-0.990 || 0x99B2F981
|-
| 3.60 || not present
|}
On FW 0.940, it calls a routine that simply executes <code>cpsid i</code> then returns 0.
CPSID i ; Disable all interrupts except NMI (set PRIMASK)
Disables IRQ interrupts by setting the I-bit in the CPSR.
=== BootModulesForKernel ===
{| class="wikitable"
|-
! Version !! NID
|-
| 0.940-0.990 || 0xA7D60F71
|-
| 3.60 || not present
|}
Runs the entrypoint of all modules in provided list. The list end is marked by an entry with <code>moduleId = SCE_UID_INVALID_UID</code>.
<source lang="C">
// If run_boot_entry is SCE_TRUE, module_start is executed on core 0 and
// module_bootstart is executed on all cores
SceInt32 BootModules(SceNskblModuleInfo* module_list, SceSize args, const void* argp, SceBool run_boot_entry);
</source>


=== sceSDfMgrStartForKernel ===
=== sceSDfMgrStartForKernel ===
Line 162: Line 136:
| 3.60 || not present
| 3.60 || not present
|}
|}
=== LoadModulesForKernel ===
{| class="wikitable"
|-
! Version !! NID
|-
| 0.940-0.990 || 0xFAE33FDD
|-
| 3.60 || not present
|}
Load all modules from the provided list. The list end is marked by an entry with <code>moduleName = NULL</code>.
Module GUIDs are populated into the list, so it must be writeable.
<source lang="C">SceInt32 LoadModules(SceNskblModuleInfo* module_list);</source>


=== sceKblPutcharForKernel ===
=== sceKblPutcharForKernel ===
Line 304: Line 262:


<source lang="C">void sceKernelSysrootCorelockLockForKernel(SceUInt32 core);</source>
<source lang="C">void sceKernelSysrootCorelockLockForKernel(SceUInt32 core);</source>
=== SceKblForKernel_99B2F981 ===
{| class="wikitable"
|-
! Version !! NID
|-
| 0.940-0.990 || 0x99B2F981
|-
| 3.60 || not present
|}
On FW 0.940, it calls a routine that simply executes <code>cpsid i</code> then returns 0.
CPSID i ; Disable all interrupts except NMI (set PRIMASK)
Disables IRQ interrupts by setting the I-bit in the CPSR.


=== sceKblCpuDisableIrqInterruptsForKernel ===
=== sceKblCpuDisableIrqInterruptsForKernel ===
Line 429: Line 403:
<source lang="C">int sceSblAimgrIsGenuineDolceForKernel(void);</source>
<source lang="C">int sceSblAimgrIsGenuineDolceForKernel(void);</source>


=== sceKblLoadModuleForKernel ===
=== LoadModulesForKernel ===
{| class="wikitable"
|-
! Version !! NID
|-
| 0.940-0.990 || 0xFAE33FDD
|-
| 3.60 || not present
|}
 
Load all modules from the provided list. The list end is marked by an entry with <code>moduleName = NULL</code>.
 
Module GUIDs are populated into the list, so it must be writeable.
 
<source lang="C">SceInt32 LoadModules(SceNskblModuleInfo* module_list);</source>
 
=== sceKblLoadModulesForKernel ===
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 442: Line 432:


In FW 3.60 this function is at 0x51001551.
In FW 3.60 this function is at 0x51001551.
<source lang="C">int sceKblLoadModulesForKernel(const SceNskblModuleInfo2 *pList, SceUID *pUidList, SceUInt32 count, SceBool use_tool_extended_memory);</source>
=== BootModulesForKernel ===
{| class="wikitable"
|-
! Version !! NID
|-
| 0.940-0.990 || 0xA7D60F71
|-
| 3.60 || not present
|}
Runs the entrypoint of all modules in provided list. The list end is marked by an entry with <code>moduleId = SCE_UID_INVALID_UID</code>.


<source lang="C">
<source lang="C">
typedef struct SceModuleLoadList {
// If run_boot_entry is SCE_TRUE, module_start is executed on core 0 and
  const char *filename;
// module_bootstart is executed on all cores
} __attribute__((packed)) SceModuleLoadList;
SceInt32 BootModules(SceNskblModuleInfo* module_list, SceSize args, const void* argp, SceBool run_boot_entry);
 
int sceKblLoadModuleForKernel(const SceModuleLoadList *pList, SceUID *pUidList, SceUInt32 count, SceBool use_tool_extended_memory);
</source>
</source>


=== sceKblStartModuleForKernel ===
=== sceKblBootModulesForKernel ===
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 465: Line 467:
In FW 3.60 this function is at 0x51001571.
In FW 3.60 this function is at 0x51001571.


<source lang="C">int sceKblStartModuleForKernel(SceUID *pUidList, SceUInt32 count, SceSize args, void *argp);</source>
<source lang="C">int sceKblBootModulesForKernel(SceUID *pUidList, SceUInt32 count, SceSize args, void *argp);</source>


=== sceKblAuthMgrCloseForKernel ===
=== sceKblAuthMgrCloseForKernel ===
Line 549: Line 551:
In FW 3.60 this function is at 0x510128AD.
In FW 3.60 this function is at 0x510128AD.


<source lang="C">
<source lang="C">int sceKblGetHardwareFlagsForKernel(SceHardwareFlags *pFlags);</source>
typedef struct SceHardwareFlags {
uint32_t data[4];
} __attribute__((packed)) SceHardwareFlags;
 
int sceKblGetHardwareFlagsForKernel(SceHardwareFlags *pFlags);
</source>


=== sceKblInitDeviceForKernel ===
=== sceKblInitDeviceForKernel ===

Revision as of 01:01, 28 May 2022

Non-Secure Kernel Boot Loader (NSKBL) is a Non-Secure world program that performs eMMC setup, base kernel modules loading, etc. during PSVita boot.

Module

The NSKBL contains subroutines that are stripped versions of the non-secure kernel ones found in SceSysmem, SceKernelModulemgr, SceSblSmschedProxy, SceExcpmgr, SceKernelIntrMgr, SceSblAuthMgr, SceProcessmgr (maybe), SceSdif, SceIofilemgr (simple version?), and some other core drivers.

Notes

How to debug NSKBL

NSKBL supports sd0: for debugging. pKblParam->boot_type_indicator_1 = 0x40000 is required.

sceIoOpen(?) error code 0x803FF007

This error can occur if the file is fragmented.

Types

typedef struct SceNskblModuleInfo { // size is 0xC on FWs 0.940-0.990
    char* filename;    // Raw SKPRX file name (e.g. "sysmem.skprx"). Modules are loaded either from os0:kd/ or host0:module/.
    SceUID moduleId;     // SCE_UID_INVALID_UID. It gets filled when loading.
    SceUInt32 loadFlags; // Passed as flags to sceKernelLoadModule.
} __attribute__((packed)) SceNskblModuleInfo;

typedef struct SceNskblModuleInfo2 { // size is 4 on FW 3.60
    const char* filename;
} __attribute__((packed)) SceNskblModuleInfo2;

typedef struct SceHardwareFlags { // size is 0x10 on FW 3.60
    uint32_t data[4];
} __attribute__((packed)) SceHardwareFlags;

/* Many pointers are NSKBL heap relationships */
typedef struct SceNskblSysrootInfo { // size is at least 0xC8 on FW 3.60
	SceUID unk_0x00; // maybe some PID. ex: 0x10089
	int unk_0x04;
	void *unk_0x08;
	void *unk_0x0C;
	void *unk_0x10;
	void *unk_0x14;
	void *unk_0x18;
	void *unk_0x1C;
	void *unk_0x20;
	void *unk_0x24;
	void *unk_0x28;
	void *unk_0x2C;
	SceUID unk_0x30; // maybe some PID. ex: 0x1000B
	const void *unk_0x34; // mapped paddr in vaddr
	const void *unk_0x38; // mapped paddr in vaddr
	void *unk_0x3C;
	int unk_0x40; // ex: 0x80000000
	int unk_0x44; // ex: 0x20000000
	void *unk_0x48;
	void *unk_0x4C;
	void *unk_0x50;
	void *unk_0x54;
	void *unk_0x58;
	void *unk_0x5C;
	void *unk_0x60;
	void *unk_0x64;
	void *unk_0x68;
	void *unk_0x6C;
	void *unk_0x70;
	void *unk_0x74;
	void *unk_0x78;
	void *unk_0x7C;
	void *unk_0x80;
	void *unk_0x84;
	void *unk_0x88;
	void *unk_0x8C;
	void *unk_0x90;
	void *unk_0x94;
	void *unk_0x98;
	SceUInt32 magic; // 0x 19442EA8
	int unk_0xA0; // ex: 0x1000
	int unk_0xA4; // ex: 0x1000
	int unk_0xA8; // ex: 0x40000
	int unk_0xAC; // ex: 0x200000
	int unk_0xB0; // ex: 7
	int unk_0xB4;
	int unk_0xB8; // ex: 0x80
	sysroot_t *pSysroot;
	void *unk_0xC0;
	void *unk_0xC4;
	// more...?
} SceNskblSysrootInfo; // 3.60

SceNskblSysrootInfo *nskbl_sysroot_info = (SceNskblSysrootInfo *)(0x51000000 + 0x138980); // 3.60

Libraries

Known NIDs

Version Name World Visibility NID
0.940-3.65 SceKblForKernel Non-secure Kernel 0xD0FC2991

SceKblForKernel

sceSDrfpStartForKernel

Version NID
0.940-0.990 0x230456F3
3.60 not present

sceSDbgSdioStartForKernel

Version NID
0.940-0.990 0x29A8524D
3.60 not present

Requires DIPSW 193.

SceInt32 sceSDbgSdioStartForKernel(void);

sceSDfMgrStartForKernel

Version NID
0.940-0.990 0xAA8005E4
3.60 not present

sceKblPutcharForKernel

Version NID
0.940-3.60 0x08E9FAEB

This is a guessed name.

This function is at 0x510172BD in FW 3.60 and at 0x51003BE0 in FW 0.940.040.

int sceKblPutcharForKernel(void *args, char c);

sceKernelPrintfForKernel

Version NID
0.940-3.60 0x13A5ABEF

In FW 3.60 this function is at 0x510137A9.

int sceKernelPrintfForKernel(const char *fmt, ...);

sceKernelPrintfLevelForKernel

Version NID
0.940 Not present
0.990-3.60 0x752E7EEC

In FW 3.60 this function is at 0x51013841.

int sceKernelPrintfLevelForKernel(int level, const char *fmt, ...);

sceKernelGetDebugLevelForKernel

Version NID
0.940-3.60 0xC011935A

Temp name was sceKblGetMinimumLogLevel.

In FW 3.60 this function is at 0x51013921.

int sceKernelGetDebugLevelForKernel(void);

sceKernelGetDebugPutcharForKernel

Version NID
0.940-3.60 0x9B868276

In FW 3.60 this function is at 0x51013765.

void *sceKernelGetDebugPutcharForKernel(void);

sceKernelSysrootProcessmgrStart2ForKernel

Version NID
0.940-3.60 0x161D6FCC

In FW 3.60 this function is at 0x510123DD.

int sceKernelSysrootProcessmgrStart2ForKernel(void);

sceKernelSysrootThreadMgrStartAfterProcessForKernel

Version NID
0.940-3.60 0x1DB28F02

In FW 3.60 this function is at 0x510123A1.

int sceKernelSysrootThreadMgrStartAfterProcessForKernel(void);

sceKernelSysrootIofilemgrStartForKernel

Version NID
0.940-3.60 0xC7B77991

In FW 3.60 this function is at 0x5101297D.

int sceKernelSysrootIofilemgrStartForKernel(void);

sceKernelSysrootCorelockUnlockForKernel

Version NID
0.940-3.60 0x314AA770

In FW 3.60 this function is at 0x510124FD.

void sceKernelSysrootCorelockUnlockForKernel(void);

sceKernelSysrootCorelockLockForKernel

Version NID
0.940-3.60 0x807B4437

In FW 3.60 this function is at 0x510124E5.

void sceKernelSysrootCorelockLockForKernel(SceUInt32 core);

SceKblForKernel_99B2F981

Version NID
0.940-0.990 0x99B2F981
3.60 not present

On FW 0.940, it calls a routine that simply executes cpsid i then returns 0.

CPSID i ; Disable all interrupts except NMI (set PRIMASK)

Disables IRQ interrupts by setting the I-bit in the CPSR.

sceKblCpuDisableIrqInterruptsForKernel

Version NID
0.940-0.990 Not present
3.60 0xDDB3A1A8

This is a guessed name. Temp name was sceKblCpuSwitchInterruptsForKernel.

In FW 3.60 this function is at 0x51003554.

void sceKblCpuDisableIrqInterruptsForKernel(void);

sceSblAimgrIsCEXForKernel

Version NID
0.940-3.60 0x8A416887

In FW 3.60 this function is at 0x510171B5.

int sceSblAimgrIsCEXForKernel(void);

sceSblAimgrIsDiagForKernel

Version NID
0.940-3.60 0xC3DDDE15

In FW 3.60 this function is at 0x51017175.

int sceSblAimgrIsDiagForKernel(void);

sceSblAimgrIsDEXForKernel

Version NID
0.940-0.990 Not present
3.60 0x5945F065

In FW 3.60 this function is at 0x51017159.

int sceSblAimgrIsDEXForKernel(void);

sceSblAimgrIsToolForKernel

Version NID
0.990 not present
3.60 0xB6C9ACF1

In FW 3.60 this function is at 0x51017139.

int sceSblAimgrIsToolForKernel(void);

sceSblAimgrIsTestForKernel

Version NID
0.990 not present
3.60 0x943E7537

In FW 3.60 this function is at 0x5101711D.

int sceSblAimgrIsTestForKernel(void);

sceSblAimgrIsVITAForKernel

Version NID
0.990 not present
3.60 0x838466E9

In FW 3.60 this function is at 0x51017299.

int sceSblAimgrIsVITAForKernel(void);

sceSblAimgrIsDolceForKernel

Version NID
0.990 not present
3.60 0xA7BD4417

In FW 3.60 this function is at 0x510172A1.

int sceSblAimgrIsDolceForKernel(void);

sceSblAimgrIsGenuineDolceForKernel

Version NID
0.990 not present
3.60 0xB6D00D6D

In FW 3.60 this function is at 0x510171E5.

int sceSblAimgrIsGenuineDolceForKernel(void);

LoadModulesForKernel

Version NID
0.940-0.990 0xFAE33FDD
3.60 not present

Load all modules from the provided list. The list end is marked by an entry with moduleName = NULL.

Module GUIDs are populated into the list, so it must be writeable.

SceInt32 LoadModules(SceNskblModuleInfo* module_list);

sceKblLoadModulesForKernel

Version NID
0.990 not present
3.60 0x6D7A1F18

This is a guessed name.

In FW 3.60 this function is at 0x51001551.

int sceKblLoadModulesForKernel(const SceNskblModuleInfo2 *pList, SceUID *pUidList, SceUInt32 count, SceBool use_tool_extended_memory);

BootModulesForKernel

Version NID
0.940-0.990 0xA7D60F71
3.60 not present

Runs the entrypoint of all modules in provided list. The list end is marked by an entry with moduleId = SCE_UID_INVALID_UID.

// If run_boot_entry is SCE_TRUE, module_start is executed on core 0 and
// module_bootstart is executed on all cores
SceInt32 BootModules(SceNskblModuleInfo* module_list, SceSize args, const void* argp, SceBool run_boot_entry);

sceKblBootModulesForKernel

Version NID
0.990 not present
3.60 0x9A92436E

This is a guessed name.

In FW 3.60 this function is at 0x51001571.

int sceKblBootModulesForKernel(SceUID *pUidList, SceUInt32 count, SceSize args, void *argp);

sceKblAuthMgrCloseForKernel

Version NID
0.990 not present
3.60 0x79241ACF

This is a guessed name.

In FW 3.60 this function is at 0x51001345.

int sceKblAuthMgrCloseForKernel(void);

sceKblSetNonSyncModuleStartForKernel

Version NID
0.990 not present
3.60 0x9F4F3F98

This is a guessed name.

In FW 3.60 this function is at 0x51001561.

int sceKblSetNonSyncModuleStartForKernel(void);

sceKernelCpuIdForKernel

Version NID
0.940-3.60 0xB506A10E

In FW 3.60 this function is at 0x510147C9.

int sceKernelCpuIdForKernel(void);

sceKernelCheckDipswForKernel

Version NID
0.990-3.60 0xC8F4DE71

In FW 3.60 this function is at 0x51015851.

int sceKernelCheckDipswForKernel(int bit);

sceSblQafManagerIsAllowKernelDebugForKernel

Version NID
0.940-3.60 0xCE94F329

In FW 3.60 this function is at 0x51016FD1.

int sceSblQafManagerIsAllowKernelDebugForKernel(void);

sceKblGetHardwareFlagsForKernel

Version NID
0.990 not present
3.60 0xD3A516D5

This is a guessed name.

In FW 3.60 this function is at 0x510128AD.

int sceKblGetHardwareFlagsForKernel(SceHardwareFlags *pFlags);

sceKblInitDeviceForKernel

Version NID
0.940-3.60 0xF7AF8690

This is a guessed name.

Some device init function. On FW 0.940 it initializes and mounts os0: (eMMC) and sd0: (GCSD).

In FW 3.60 this function is at 0x5100124D.

int sceKblInitDeviceForKernel(void);

sceKblFreeFileSystemCtxForKernel

Version NID
0.940-3.60 0x261F2747

This is a guessed name.

Cleanup state created by NSKBL#sceKblInitDeviceForKernel.

In FW 3.60 this function is at 0x51001321.

int sceKblFreeFileSystemCtxForKernel(void);