F00D

From Vita Development Wiki
Jump to navigation Jump to search

Related pages

Reset

Although the MeP architecture docs specify that with EVM=0, the reset/NMI vector base is at 0x00000000 it is observed that the vector base is actually at 0x00004000. However, EVA/IVA still work as expected when EVM=1. Both secure_kernel and second_loader set EVM=0 at the start. This is likely modified hardware behavior and the vector base remapping might be done when the bootrom is unmapped.

Devices

Address Device
0xE0000000 Private:Communication Ports
0xE0010000 F00D Reset
0xE0020000 ?
0xE0030000 Private:Key Ring Controller
0xE0040000 Private:Math Processor
0xE0050000 Private:Bigmac
0xE0058000 Private:Key Ring Base
0xE0070000 ?
0xE00C0000 ?

0xE0010000

Address Description
0xE0010000 TZ sets to 1 then 0 and it appears F00D resets
0xE0010004 Read by second_loader, check against mask & 5 and & 8. Read by TZ after setting reset.

0xE0020000

Address Description
0xE0020004 Read by second_loader, check against 0x8000001F

0xE0070000

Address Description
0xE0070000 Seen as 1
0xE0070008 Set to 0x020E020F in second_loader, eMMC related?
0xE007000C Seen as 2
0xE0070014 Set to 6 under some condition in second_loader