REpsp2
PSP2 OS reverse engineering
Loading...
Searching...
No Matches
boot.c
Go to the documentation of this file.
1
2#include <__everything.h>
3
4#include <sdk_version.h>
5#include <scetypes.h>
6#include <sceerror.h>
7
8#include <arm.h>
9#include <hw_timer.h>
10#include <kernel/debug.h>
11#include <kernel/dipsw.h>
12#include <kernel/error.h>
13
15//TEMP IMPORTS
17#define KBL_REVISION_STR "r96726" //TODO: autogenerate
18#define KBL_BUILD_DATE_STR "2017-02-23 19:47:57+0900" //TODO: autogenerate
19
20typedef struct {
21 SceUInt32 spin; //SceKernelSpinlock spin;
22 SceUInt16 unk4;
23 SceUInt16 owner;
24} SceKernelCorelock;
25
30
37
76#define KBL_PARAM_MAGIC 0xCBAC03AA
77
78typedef struct { //TODO: there are official names among these
79 const char *name;
80 SceUIntPAddr pbase;
81 SceUIntVAddr vbase;
82 SceSize psize;
83 SceSize vsize;
84 SceSize extraHigh;
85} kbp_boot_block;
86
92
93typedef struct {
94 SceSize size;
95 SceBool secure;
96 SceSize num_memory;
97 SceKernelPARange memory[4];
98 SceKBLParam *pKblParam;
99 SceUInt32 unused_30[5]; //???
100 SceUInt32 revision0;
101 SceUInt32 revision1;
102 SceUInt32 KermitRevision;
103 SceUInt32 unk_50[2];
104 kbp_boot_block ttbr0;
105 SceUIntVAddr ttbr0_max_addr;
106 SceSize sizeTTBR0Address;
107 kbp_boot_block ttbr1;
108 SceSize sizeTTBR1Address;
109 SceUIntVAddr l2pt000_map_base;
110 kbp_boot_block reset;
111 kbp_boot_block excpEntry;
112 kbp_boot_block l2pt000;
113 kbp_boot_block l2v;
114 kbp_boot_block sysroot;
115 kbp_boot_block fh32b;
116 kbp_boot_block fh48b;
117 kbp_boot_block fh64b;
118 kbp_boot_block fhUIDEntry;
119 kbp_boot_block fhL2Object;
120 kbp_boot_block unk188;
121 kbp_boot_block phypage;
122 kbp_boot_block phypageHigh;
123 kbp_boot_block bootkernimg;
124 kbp_boot_block hwreg;
125 SceKernelCorelock *pCorelock;
126
127 struct {
128 SceUInt32 unk_00[2];
129 SceKernelMMUContext mmuContext;
130 SceSize size;
131 SceUID blkId;
132 void *stackBottom;
133 } bootCpu[SCx_KERNEL_NUM_CPUS];
134
135 void *pSysroot; //TODO: retype
136 SceUInt32 l2pt000_map_base__again;
137 SceUInt32 *pL2PageTable000; // vaddr of L2PT000
138 void *resetVector; // vaddr of reset vector
139
140 void *phyMemPartKD; //TODO: retype (SceKernelPhyMemPart)
141 void *phyMemPartTool; //TODO: retype (SceKernelPhyMemPart)
142
143 void *pPageKernelReset; //TODO: retype (PhyPage)
144 void *pPageL2PageTable000; //TODO: retype (PhyPage)
145 void *pPageSysroot; //TODO: retype (PhyPage)
146 void *pPageTTBR0; //TODO: retype (PhyPage)
147 void *pPageTTBR1; //TODO: retype (PhyPage)
148 void *pPageL2Vector; //TODO: retype (PhyPage)
149 void *pPagePhypage; //TODO: retype (PhyPage)
150 void *pPagePhypageHigh;
151 void *pPageBootKernelImage; //TODO: retype (PhyPage)
152 void *pPageFixedHeap32B; //TODO: retype (PhyPage)
153 void *pPageFixedHeap48B; //TODO: retype (PhyPage)
154 void *pPageFixedHeap64B; //TODO: retype (PhyPage)
155 void *pPageFixedHeapForL2Object; //TODO: retype (PhyPage)
156
157 void *pFixedHeap32B; //TODO: retype (SceUIDFixedHeap)
158 void *pFixedHeap48B; //TODO: retype (SceUIDFixedHeap)
159 void *pFixedHeap64B; //TODO: retype (SceUIDFixedHeap)
160 void *pFixedHeapForL2Object; //TODO: retype (SceUIDFixedHeap)
161
162 void *pPageUIDHeap; //TODO: retype (PhyPage)
163 void *pGUIDEntryHeap; //TODO: retype (SceUIDEntryHeap)
164
165 void *pL2PageTable_for_SceKernelL2PageTable000; //TODO: retype (L2PageTable)
166 void *pL2PageTable_for_PhyPage; //TODO: retype (L2PageTable)
167
168 void *pPartitionKernel;
169 SceUID uidPartitionKernel;
170
171 void *pKernelAddressSpace; //TODO: retype (SceUIDAddressSpace)
172
173 SceUInt32 unk_2fc;
174 void *unk_300;
175
176 void *putchar_handler;
177 SceUInt32 minimum_log_level;
178
179 SceUInt32 magic;
180} SceKernelBootParam;
181#define KERNEL_BOOT_PARAM_MAGIC 0x7F407C30
182
183
184#define ALIGN_UP(ptr, align) ((ScePVoid)((((SceUIntPtr)(ptr)) + (align) - 1u) & ~((align) - 1u)))
185
186
187extern char VECTOR_TABLE[];
188const SceSize VECTOR_TABLE_SIZE = 0x100; //TODO: get this programatically? (END - START)?
189
190
191void sceKernelCorelockLock(SceKernelCorelock *corelock, SceUInt32 firstcpu);
192SceUInt32 sceKernelCpuId(void);
193void sceKernelCorelockUnlock(SceKernelCorelock *corelock);
194void *memcpy(void *, const void *, SceSize);
195void __set_dipsw_source(const void *pDipsw); // FUN_5101ef0c
196void sceKernelPrintfLevel(SceInt32 lvl, const char *fmt, ...);
197SceInt32 sceKernelGetAssertLevel(void); // FUN_5101bc64
198void sceKernelAssertLevel(SceInt32 lvl, _Bool cond, const void *kmc); // FUN_5101bfb0 | FUN_4003e538
199
200void FUN_5101c56c(SceUInt32 flags, void *kmc, char *fmt, ...);
201void FUN_5101c5dc(SceInt32 lvl, SceUInt32 flags, void *kmc, char *fmt, ...);
202
203// FUN_400417d4 / FUN_5101ec88
204SceInt32 sceKernelVAtoPA(const void *va, SceUIntPAddr *pPA);
205
206// FUN_4004086c / FUN_5101df2c
207SceUInt32 l1pt_to_ttbr(SceUIntPAddr l1pt_paddr) {
208 // TODO: document
209 return l1pt_paddr | 0x4A;
210}
211
212void sceKblMain(SceKernelBootParam *pBoot);
213
214int smc_0x103(void); // "FreeSharedMemory_S"
215
216/* BSS segment boundaries */
217extern void _fbss;
218extern void _end;
219
220static inline SceUInt32 __perv_get_revision0(void) { return *((volatile SceUInt32 *)0xE3100000); }
221static inline SceUInt32 __perv_get_revision1(void) { return *((volatile SceUInt32 *)0xE3100004); }
222
223//TODO: kmc auto-generation
224 // FUN_4003E9DC for SKBL
225#define DBG_KMC_PRINT(flags, fmt, ...) FUN_5101c56c(flags, SCE_NULL, fmt, ##__VA_ARGS__)
226
227 // FUN_???? for SKBL
228#define DBG_KMC_PRINT_LVL(lvl, flags, fmt, ...) FUN_5101c5dc(lvl, flags, SCE_NULL, fmt, ##__VA_ARGS__)
229
230#define DBG_PRINT_sensitive_lvl0(fmt, ...) \
231 sceKernelPrintfLevel(__msg_loglevel(SCx_LOG_LVL_0), fmt, ##__VA_ARGS__)
232#define DBG_PRINT_sensitive_lvl1(fmt, ...) \
233 sceKernelPrintfLevel(__msg_loglevel(SCx_LOG_LVL_1), fmt, ##__VA_ARGS__)
234
235#define __ASSERT_LVL(lvl, cond) do { \
236 if (sceKernelGetAssertLevel() >= (lvl)) { \
237 sceKernelAssertLevel(lvl, !!(cond), SCE_NULL); \
238 }} while (0) // TODO KMC generation
239
240#define KERMIT_REVISION_MASK 0x1FFFF //Old: 0xFF
241
243//ENDOF TEMP IMPORTS
245#define __SCx_KBL_SECURE_BUILD 0 //0 for KBL, 1 for NSKBL
246
247
248
249#if __SCx_KBL_SECURE_BUILD
250#define KBL_PARAM_LOCATION ((const void *)0x00000100)
251#else /* KBL (non-secure) */
252#define KBL_PARAM_LOCATION ((const void *)0x40200100)
253#endif
254
255
256
257
258
259static SceKernelCorelock g_boot_corelock = { 1U, 4U, 4U };
260static SceKernelCorelock kbp_corelock = { 1U, 4U, 4U }; // @ 0x51040008
261
262static SceKBLParam gKblParam;
263static SceKernelBootParam gKernelBootParam;
264static SceKernelBootParam *gpKernelBootParam;
265
266static inline int __msg_loglevel(SceInt32 lvl)
267{
268 //TODO: use SblQafMgr function
269 return (gKblParam.qaf[0xD] & 0x1) ? lvl : SCx_LOG_LVL_2;
270}
271
272
273SceInt32 FUN_510013f8(void) { return 300; } //always this??
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605#define MEGA_ASLR_BITMAP_SIZE 16 //TODO: does it make sense to define it as 16MiB/1MiB?
606static SceUInt8 mega_aslr_bitmap[MEGA_ASLR_BITMAP_SIZE];
607
608SceInt32 mega_aslr_bitmap_alloc(SceUInt32 index)
609{
610 /* TODO */
611}
612
613SceUInt32 MapMegaASLR(SceSize size, SceUInt32 seed)
614{
615 /* TODO */
616
617 DBG_KMC_PRINT_LVL(SCx_LOG_LVL_1, SCx_LOG_FLAG_4 | SCx_LOG_FLAG_2 | SCx_LOG_FLAG_1, "Failed\n"); // boot.c:617
618
619 for (;;) {
620 /* Halt boot process */
621 }
622}
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647#define ASLR_BITMAP_SIZE (SCE_KERNEL_1MiB / SCE_KERNEL_4KiB) // 1 bit per page in L2PT000
648static SceUInt8 aslr_bitmap[ASLR_BITMAP_SIZE];
649
650SceInt32 aslr_bitmap_alloc(SceUInt32 offset, SceSize size)
651{
652 SceUInt32 startIndex = offset / SCx_PAGE_SIZE;
653 SceUInt32 numBits = size / SCx_PAGE_SIZE;
654 SceUInt32 endIndex;
655
656 if (numBits == 0) {
657 return SCE_OK;
658 }
659
660 //TODO: maybe this is compiler loop unrolling??
661 if (aslr_bitmap[offset % ASLR_BITMAP_SIZE] != 1) {
662 endIndex = startIndex + numBits;
663
664 /* check that entire range is free in bitmap */
665 for (SceUInt32 i = startIndex; i < endIndex; i++) {
666 if (aslr_bitmap[i % ASLR_BITMAP_SIZE] == 1) {
667 goto error;
668 }
669 }
670
671 /* reserve the range in bitmap */
672 for (SceUInt32 i = startIndex; i < endIndex; i++) {
673 aslr_bitmap[i % ASLR_BITMAP_SIZE] = 1;
674 }
675
676 return 0;
677 }
678
679error:
680 return SCE_KERNEL_ERROR_ERROR;
681}
682
683SceUInt32 MapASLR(SceSize size, SceUInt32 seed) {
684 SceUInt32 maxIdx = ASLR_BITMAP_SIZE / (size / SCx_PAGE_SIZE);
685 SceUInt32 startIdx = seed % maxIdx;
686 maxIdx += startIdx;
687
688 for (SceUInt32 i = startIdx; i < maxIdx; i++) {
689 SceUInt32 offset = (i * size) % SCE_KERNEL_1MiB; // keep offset within 1MiB
690 SceInt32 res = ASLR_bitheap_alloc(offset, size);
691
692 if (res < 0) {
693 continue;
694 }
695
696 return offset;
697 }
698
699
700 DBG_KMC_PRINT_LVL(SCx_LOG_LVL_1, SCx_LOG_FLAG_4 | SCx_LOG_FLAG_2 | SCx_LOG_FLAG_1, "Failed\n"); // boot.c:700
701
702 for (;;) {
703 /* Halt boot process */
704 }
705}
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693void boot(void) // 40020c8c in SKBL
1694{
1695 SceUInt32 aslrSeed, megaAslrSeed;
1696
1697 sceKernelCorelockLock(&g_boot_corelock, 0);
1698 if (sceKernelCpuId() == 0) {
1699 /* CPU0-only initialization tasks */
1700
1701 FUN_5101b63c(); //GPO initialization (0x4003E0E4 in SKBL)
1702 sceKernelSetGPO(SCx_GPO_CODE_KBL_01);
1703
1704 if (!__SCx_KBL_SECURE_BUILD) {
1705 /* Unmap KBL in trusted kernel */
1706 smc_0x103();
1707 }
1708
1709 /* Clear BSS segment */
1710 for (SceUInt32 *p = (SceUInt32 *)&_fbss; p < (SceUInt32 *)&_end; p++) {
1711 *p = 0;
1712 }
1713
1714 /* Initialize kernel boot param */
1715 gKernelBootParam.revision0 = __perv_get_revision0();
1716 gKernelBootParam.revision1 = __perv_get_revision1();
1717
1718 /* Retrieve KBL Param left for us by previous stage */
1719 memcpy(&gKblParam, KBL_PARAM_LOCATION, sizeof(SceKBLParam));
1720 gKernelBootParam.pKblParam = &gKblParam;
1721
1722#if __SCx_KBL_SECURE_BUILD
1723 gKblParam.magic = KBL_PARAM_MAGIC;
1724
1725 if ((gKblParam.pscode.product_code & 0xFEFFu) == 1
1726 && gKblParam.bootsw[BOOTSW_CP_INFO] == 0) {
1727 /*
1728 * If TEST or TOOL and "CP bid & version" DIP switch
1729 * is zero, forcefully enable certain DIP switches.
1730 */
1731 extern uint32_t g_NoCP_dipsw[8];
1732 for (int i = 0; i < 8; i++) {
1733 gKblParam.bootsw[i] |= g_NoCP_dipsw[i];
1734 }
1735 }
1736#endif /* __SCx_KBL_SECURE_BUILD */
1737
1738 __set_dipsw_source(&gKblParam.bootsw);
1739
1740#if __SCx_KBL_SECURE_BUILD
1741 if (gKblParam.boot_flags[1] == 0xFF) {
1742 sceKernelClearDipsw(SCx_DIPSW__C4);
1743 sceKernelClearDipsw(SCx_DIPSW__D3);
1744 } else {
1745 sceKernelSetDipsw(SCx_DIPSW__C4);
1746 sceKernelSetDipsw(SCx_DIPSW__D3);
1747 }
1748
1749 if (!(gKblParam.boot_flags[4] & 0x1)) {
1750 sceKernelSetDipsw(SCx_DIPSW__BA);
1751 }
1752
1753 if ((gKblParam.pscode.product_code & 0xFEFFu) == 1
1754 && !sceKernelCheckDipsw(SCx_DIPSW__CB))
1755 {
1756 /*
1757 * If TEST or TOOL and DIPsw 0xCB is not set,
1758 * forcefully reconfigure certain DIP switches.
1759 */
1760 if (!sceKernelCheckDipsw(SCx_DIPSW__9F)) {
1761 sceKernelClearDipsw(SCx_DIPSW__C0);
1762 sceKernelClearDipsw(SCx_DIPSW__C1);
1763 sceKernelClearDipsw(SCx_DIPSW__C2);
1764 sceKernelClearDipsw(SCx_DIPSW__C5);
1765 sceKernelClearDipsw(SCx_DIPSW__C6);
1766 sceKernelClearDipsw(SCx_DIPSW__C7);
1767 sceKernelClearDipsw(SCx_DIPSW__C8);
1768 sceKernelClearDipsw(SCx_DIPSW__C9);
1769 sceKernelClearDipsw(SCx_DIPSW__CC);
1770 sceKernelClearDipsw(SCx_DIPSW__CE);
1771 sceKernelClearDipsw(SCE_DIPSW_ENABLE_TOOL_PHYMEMPART);
1772 sceKernelClearDipsw(SCx_DIPSW__E4);
1773 sceKernelClearDipsw(SCx_DIPSW__D4);
1774 sceKernelClearDipsw(SCx_DIPSW__80);
1775 sceKernelClearDipsw(SCx_DIPSW__D5);
1776
1777 if (!sceKernelCheckDipsw(SCx_DIPSW__81)) {
1778 sceKernelClearDipsw(SCx_DIPSW__C5);
1779 sceKernelClearDipsw(SCx_DIPSW__D3);
1780 } else {
1781 sceKernelSetDipsw(SCx_DIPSW__C5);
1782 sceKernelSetDipsw(SCx_DIPSW__D3);
1783 }
1784 } else {
1785 sceKernelSetDipsw(SCx_DIPSW__C0);
1786 sceKernelSetDipsw(SCx_DIPSW__C1);
1787 sceKernelSetDipsw(SCx_DIPSW__C2);
1788 sceKernelSetDipsw(SCx_DIPSW__C5);
1789 sceKernelSetDipsw(SCx_DIPSW__C6);
1790 sceKernelSetDipsw(SCx_DIPSW__C7);
1791 sceKernelSetDipsw(SCx_DIPSW__C8);
1792 sceKernelSetDipsw(SCx_DIPSW__C9);
1793 sceKernelSetDipsw(SCx_DIPSW__CC);
1794 sceKernelSetDipsw(SCx_DIPSW__CE);
1795 sceKernelSetDipsw(SCx_DIPSW__E4);
1796 sceKernelSetDipsw(SCx_DIPSW__D4);
1797
1798 if ((gKernelBootParam.revision0 & 0x1FF00u) == 0u) {
1799 /*
1800 * Kermit 1.0: extra TOOL LPDDR2 available
1801 * when the top bit of revision0 is CLEAR
1802 */
1803 if ((gKernelBootParam.revision0 & 0x80000000u) == 0u) {
1804 sceKernelSetDipsw(SCE_DIPSW_ENABLE_TOOL_PHYMEMPART);
1805 } else {
1806 sceKernelClearDipsw(SCE_DIPSW_ENABLE_TOOL_PHYMEMPART);
1807 }
1808 } else {
1809 /*
1810 * Kermit 1.5: bits [31:30] of revision0
1811 * indicate amount of LPDDR2 banks (???)
1812 *
1813 * 0b00/01/10 = 2/1/4 banks | 0b11 = illegal?
1814 */
1815 if ((gKernelBootParam.revision0 & 0x30000000) == 0x20000000u) {
1816 /* 0b10: four banks => TOOL LPDDR2 available */
1817 sceKernelSetDipsw(SCE_DIPSW_ENABLE_TOOL_PHYMEMPART);
1818 } else {
1819 /* Not 0b10 (1/2 banks) => TOOL LPDDR2 not available */
1820 sceKernelClearDipsw(SCE_DIPSW_ENABLE_TOOL_PHYMEMPART);
1821 }
1822 }
1823
1824 if (((gKernelBootParam.revision0 & 0x1FF00u) == 0x100u)
1825 && ((gKernelBootParam.revision0 & 0x80000000u) != 0u)
1826 && ((gKernelBootParam.revision0 & 0x30000000u) == 0x20000000u))
1827 {
1828 /*
1829 * Kermit 1.5 with 4 LPDDR banks + revision0 top bit
1830 * => enable alternate PA RAM mapping
1831 */
1832 sceKernelSetDipsw(SCx_DIPSW__D5);
1833 } else {
1834 /* use normal PA RAM mapping */
1835 sceKernelClearDipsw(SCx_DIPSW__D5);
1836 }
1837
1838 if (gKernelBootParam.pKblParam->powerInfo & 0x40)
1839 { //TODO: what is 0x40?
1840 sceKernelClearDipsw(SCx_DIPSW__C8);
1841 }
1842 }
1843
1844 sceKernelSetDipsw(SCx_DIPSW__FD);
1845
1846 if (sceKernelCheckDipsw(SCx_DIPSW__C4)) {
1847 /*
1848 * Disable Deci4pSTtyp (System TTY)
1849 * if UART0 logging is enabled
1850 */
1851 sceKernelClearDipsw(SCx_DIPSW__C6);
1852 }
1853 }
1854#endif /* __SCx_KBL_SECURE_BUILD */
1855
1856 FUN_5101c6e8(); // set gAssertLevel - 4003EB58 in SKBL
1857 FUN_5101c750(); // memset(0) something - 4003EBC0 in SKBL
1858
1859 if (sceKernelCheckDipsw(SCx_DIPSW__C5) ||
1860 sceKernelCheckDipsw(SCx_DIPSW__C4) ||
1861 sceKernelCheckDipsw(SCx_DIPSW__FD))
1862 {
1863 FUN_51020cb4(sceKernelCheckDipsw(SCx_DIPSW__C4)); // 40041A84 in SKBL
1864 sceKernelSetGPO(SCx_GPO_CODE_KBL_02);
1865 FUN_5101c43c(&FUN_51020c75, 0); // register putchar() callback - resp. 4003E8AC / 400419E9 in SKBL
1866 }
1867
1868 DBG_KMC_PRINT(0, "===================================================\n"); // boot.c:1868
1869#if __SCx_KBL_SECURE_BUILD
1870 const SceUInt32 xxx = FUN_40020430();
1871 DBG_KMC_PRINT(0, "Starting PSP2 Kernel Boot Loader [0x%08X]: %d\n", //boot.c:1871
1872 SCE_PSP2_SDK_VERSION, xxx);
1873 DBG_KMC_PRINT(0, "revision : %s\nbuild date : %s\n", //boot.c:1873
1874 KBL_REVISION_STR, KBL_BUILD_DATE_STR);
1875
1876 const SceUInt32 cp_bid_ver = gKblParam.bootsw[BOOTSW_CP_INFO];
1877
1878 if (cp_bid_ver != 0) {
1879 const SceUInt16 bid = (cp_bid_ver >> 16) & 0xFFFFu;
1880 const SceUInt16 ver = (cp_bid_ver >> 0) & 0xFFFFu;
1881
1882 DBG_KMC_PRINT(0, "cp info. : bid.%x ver.%04x\n", bid, ver); //boot.c:1882
1883 } else {
1884 DBG_KMC_PRINT(0, "cp info. : (N/A)\n"); //boot.c:1884
1885 }
1886
1887 const bool is_product_mode = (gKblParam.BootTypeIndicator1 & 0x4) != 0;
1888 if (is_product_mode) {
1889 DBG_KMC_PRINT_LVL(1, 0, "\tProduct Mode : [ YES ]\n"); //boot.c:1889
1890 }
1891
1892 if ((is_product_mode || !!(gKblParam.qaf[0xD] & 0x1)) && (gKblParam.BootTypeIndicator1 & 0x8) != 0) {
1893 FUN_400207F0(); // secure DRAM KblSimpleMemoryTest()
1894 }
1895#else
1896 DBG_PRINT_sensitive_lvl0("Starting PSP2 Kernel Boot Loader (Non-secure) [0x%08x]: %d\n", SCE_PSP2_SDK_VERSION, FUN_510013f8());
1897 DBG_KMC_PRINT_LVL(SCx_LOG_LVL_1, 0, "\n"); //boot.c:1897
1898#endif /* __SCx_KBL_SECURE_BUILD */
1899
1900 gpKernelBootParam = &gKernelBootParam;
1901
1902 const SceUInt32 kermitRevision = gKernelBootParam.revision0 & KERMIT_REVISION_MASK;
1903 gKernelBootParam.KermitRevision = kermitRevision;
1904 gKernelBootParam.size = sizeof(SceKernelBootParam);
1905 gKernelBootParam.secure = __SCx_KBL_SECURE_BUILD;
1906 gKernelBootParam.pCorelock = &kbp_corelock;
1907 gKernelBootParam.magic = KERNEL_BOOT_PARAM_MAGIC;
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932 __ASSERT_LVL(SCx_ASSERT_LVL_1, gKernelBootParam.KermitRevision != 0); // boot.c:1932
1933
1934#if __SCx_KBL_SECURE_BUILD
1935 const char *soc_name;
1936 if (gKblParam.qaf[0xD] & 0x1) {
1937 soc_name = ((kermitRevision & 0x1FF00u) == 0) ? "Kermit1.0" : "Kermit1.5";
1938 } else {
1939 soc_name = "SoC";
1940 }
1941 DBG_KMC_PRINT_LVL(1, 0, "\t%s Revision=%d.%d\n", soc_name, // boot.c:1941
1942 (kermitRevision & 0xF0u) >> 4, kermitRevision & 0xFu);
1943
1944 const SceUInt32 rev = gpKernelBootParam->kermitRevision;
1945 if ((rev == 0)
1946 || (rev == 0x11)
1947 || (rev == 0x20)
1948 || (rev == 0x30)
1949 || (rev == 0x32)) {
1950 __ASSERT_LVL(1, SCE_FALSE); // boot.c:1950
1951 } else if ((rev == 0x40)
1952 || (rev == 0x42)
1953 || (rev == 0x110)
1954 || (rev == 0x111)
1955 || (rev == 0x112)
1956 || (rev == 0x113)
1957 || (rev == 0x114)
1958 || (rev == 0x115)) {
1959 const SceUInt32 revision1 = gpKernelBootParam->revision1;
1960 const bool bad_l2_cache = !!(revision1 & 0x2);
1961
1962 if (bad_l2_cache) {
1963 DBG_PRINT_sensitive_lvl0("\tL2 Cache is defective\n");
1964 }
1965 } else {
1966
1967
1968 DBG_KMC_PRINT_LVL(1, 0, "\tUnknown chip revision [rev=%x]\n", rev); //boot.c:1968
1969 }
1970
1971 DBG_PRINT_sensitive_lvl1("\tASLR: 0x%08x\n", gKblParam.bootsw[BOOTSW_ASLR_SEED]);
1972#else /* __SCx_KBL_SECURE_BUILD */
1973 DBG_PRINT_sensitive_lvl1("\tBOOTSW\n");
1974 for (int i = 0; i < ARRAY_SIZE(gKblParam.bootsw); i++) {
1975 DBG_PRINT_sensitive_lvl1("\t\t%d: 0x%08x", i, gKblParam.bootsw[i]);
1976 switch (i) {
1977 case 0: DBG_PRINT_sensitive_lvl1(": CP time\n"); break;
1978 case 1: DBG_PRINT_sensitive_lvl1(": CP bid & version\n"); break;
1979 case 2: DBG_PRINT_sensitive_lvl1(": CP time\n"); break;
1980 case 3: DBG_PRINT_sensitive_lvl1(": ASLR\n"); break;
1981 case 4: DBG_PRINT_sensitive_lvl1(": SDK(SCE)\n"); break;
1982 case 5: DBG_PRINT_sensitive_lvl1(": SHELL\n"); break;
1983 case 6: DBG_PRINT_sensitive_lvl1(": debug control\n"); break;
1984 case 7: DBG_PRINT_sensitive_lvl1(": system control\n"); break;
1985 };
1986 }
1987#endif /* __SCx_KBL_SECURE_BUILD */
1988
1989#if __SCx_KBL_SECURE_BUILD
1990 const SceUInt8 *pSessionId = gKblParam.session_id;
1991
1992
1993 DBG_KMC_PRINT(0, "session ID : %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X\n", // boot.c:1993
1994 pSessionId[0], pSessionId[1], pSessionId[2], pSessionId[3],
1995 pSessionId[4], pSessionId[5], pSessionId[6], pSessionId[7],
1996 pSessionId[8], pSessionId[9], pSessionId[10], pSessionId[11],
1997 pSessionId[12], pSessionId[13], pSessionId[14], pSessionId[15]);
1998#endif /* __SCx_KBL_SECURE_BUILD */
1999
2000
2001#if __SCx_KBL_SECURE_BUILD
2002 //TODO: take these values from #defines/...
2003 gpKernelBootParam->num_memory = 1;
2004 gpKernelBootParam->memory[0].addr = 0x40000000;
2005 gpKernelBootParam->memory[0].size = 0x02000000; // 2 MiB
2006#else /* __SCx_KBL_SECURE_BUILD */
2007 //TODO: take these values from #defines/...
2008 gpKernelBootParam->num_memory = 3;
2009 gpKernelBootParam->memory[0].addr = 0x40200000;
2010 if (sceKernelCheckDipsw(SCE_DIPSW_ENABLE_TOOL_PHYMEMPART)) {
2011 gpKernelBootParam->memory[0].size = 0x3fe00000; //1 GiB (-2 MiB for TZS)
2012 } else {
2013 gpKernelBootParam->memory[0].size = 0x1fe00000; //512 MiB (-2 MiB for TZS)
2014 }
2015
2016 gpKernelBootParam->memory[1].addr = 0x20000000;
2017 gpKernelBootParam->memory[1].size = 0x08000000; //128 MiB
2018 gpKernelBootParam->memory[2].addr = 0x80000000;
2019 gpKernelBootParam->memory[2].size = 0x40000000; //1 GiB
2020#endif /* __SCx_KBL_SECURE_BUILD */
2021
2022 for (int i = 0; i < gpKernelBootParam->num_memory; i++) {
2023 SceKernelPARange *mem = &gpKernelBootParam->memory[i];
2024 SceUIntPAddr endAddr = mem->addr + mem->size - 1;
2025 DBG_PRINT_sensitive_lvl1("\tmemory[%d] base: 0x%08x-0x%08x [0x%08x]\n",
2026 i, mem->addr, endAddr, mem->size);
2027 }
2028
2029 DBG_PRINT_sensitive_lvl1("\twakeupFactor: 0x%08x\n", gKblParam.wakeupFactor);
2030 DBG_PRINT_sensitive_lvl1("\thardwareInfo: 0x%08x\n", gKblParam.hardwareInfo);
2031
2032 //TODO: something sets gKernelBootParam.unk50[0/1] based on hardwareInfo
2033 //TODO: print "model: VITA" or "model: DOLCE"
2034
2035 if ((gKernelBootParam.pKblParam->boot_flags[0] != 0xFF)
2036 || sceKernelSysrootIsSafeMode()) { // SKBL: FUN_40020C0C | NSKBL:
2037 sceKernelClearDipsw(SCx_DIPSW_platform_emulation_dolce);
2038 }
2039
2040 if (sceKernelCheckDipsw(SCx_DIPSW_platform_emulation_dolce)) {
2041 //TODO
2042 } else {
2043 //TODO
2044 }
2045
2046 sceKernelSetGPO(SCx_GPO_CODE_KBL_03);
2047
2048 FUN_5102bcb8(); //pervasive_init() - 40041bf4 in SKBL
2049
2050#if __SCx_KBL_SECURE_BUILD
2051 FUN_40042124(); // pervClk_ena_dev0x170()
2052 FUN_40041ee4(); // pervRst_dis_dev0x170()
2053
2054 // MMIO:LPDDR CH0 I/F stuff
2055 *(SceUInt32*)0xE6000090 = 0x7000001;
2056 *(SceUInt32*)0xE6000094 = 0xEC0004;
2057 __DMB();
2058
2059 FUN_400421a0();
2060 FUN_400421d4();
2061
2062 // MMIO:SceSonyRegbus stuff
2063 *(SceUInt32*)0xE8000010 = 0xA;
2064 __DMB();
2065
2066 if ((gpKernelBootParam->KermitRevision & 0x1FFF0) == 0x30) {
2067 /* Workaround for Kermit1.0 ES3.0 - what's the problem? */
2068 // MMIO:PERVASIVE_MISC stuff
2069 (*(SceUInt32*)0xE3100228) |= 0x8;
2070 }
2071
2072 FUN_40042100(); // pervClk_ena_dev0x158()
2073 FUN_40041eb8(); // pervRst_dis_dev0x158() - also clears PERV_MISC + 0x2F0!
2074
2075 if (sceKernelCheckDipsw(SCx_DIPSW_development_mode)
2076 || sceKernelCheckDipsw(SCx_DIPSW__C0)
2077 || sceKernelCheckDipsw(SCx_DIPSW__C1)
2078 || sceKernelCheckDipsw(SCx_DIPSW__C2)) {
2079 FUN_400420f0(); // pervClk_ena_dev0x154() - DebugBus
2080 FUN_40041ea8(); // pervRst_dis_dev0x154() - DebugBus
2081 }
2082
2083 if (sceKernelCheckDipsw(SCx_DIPSW_development_mode)) {
2084 FUN_40042134(); // pervClk_ena_dev0x174()
2085 FUN_40041ef4(); // pervRst_dis_dev0x174()
2086 FUN_400420a4(); // pervClk_ena_dev0x048() - DebugPA
2087 FUN_40041e48(); // pervRst_dis_dev0x048() - DebugPA
2088 }
2089
2090 if (sceKernelCheckDipsw(SCx_DIPSW__C0) || sceKernelCheckDipsw(SCx_DIPSW__C1)) {
2091 FUN_40042090(0); // pervClk_ena_devs0x40(0) - SDIO0
2092 FUN_40041E34(0); // pervRst_dis_devs0x40(0) - SDIO0
2093 }
2094
2095 if (sceKernelCheckDipsw(SCx_DIPSW__E4)) {
2096 FUN_40042038(0xC0000); // pervClk_ena_dev0_invertBit16_17(0xC0000) - enable ARM CPUs (?!?!)
2097 FUN_40042050(); // pervClk_ena_dev0x4() - ARM debug logic?
2098 FUN_40041de4(); // pervRst_dis_dev0x4()
2099 }
2100
2101 if (sceKernelCheckDipsw(SCx_DIPSW_development_mode)) {
2102 if (gpKernelBootParam->revision0 & 0x80000000u) {
2103 DBG_PRINT_sensitive_lvl0("Disabled LPDDR2SUB\n");
2104 } else {
2105 // TODO: turn on lpddr2 sub
2106 // MMIO:ScePervasiveBaseClk
2107 *(SceUInt32*)0xE3103094 = 1;
2108
2109 FUN_40041f34(1); // perv_misc_devs0x44_set_to_0(1)
2110 FUN_40042110(1); // perv_clk_ena_devs0x160(1)
2111 FUN_40041ed0(1); // perv_res_dis_devs0x160(1)
2112
2113 // MMIO:DDRIF1
2114 SceUInt32 tmp = *(volatile SceUInt32*)0xe5880000u;
2115 *(SceUInt32*)0xe5880000 = 0x130b0011u;
2116 *(SceUInt32*)0xe58880c8 = 0x1fff;
2117 *(SceUInt32*)0xe5888030 = 0xa28;
2118 *(SceUInt32*)0xe5888038 = 5;
2119 *(SceUInt32*)0xe5888040 = 4;
2120 *(SceUInt32*)0xe5888048 = 0x2b;
2121 *(SceUInt32*)0xe5888050 = 5;
2122 *(SceUInt32*)0xe5888058 = 3;
2123 *(SceUInt32*)0xe5888070 = 7;
2124 *(SceUInt32*)0xe5888060 = 0x18;
2125 *(SceUInt32*)0xe5888068 = 3;
2126 *(SceUInt32*)0xe5888088 = 0xc;
2127 *(SceUInt32*)0xe5888090 = 0xc;
2128 *(SceUInt32*)0xe5888098 = 0x10;
2129 *(SceUInt32*)0xe58880b0 = 6;
2130 *(SceUInt32*)0xe58880e0 = 0x2e;
2131 *(SceUInt32*)0xe58880e8 = 0x2e;
2132 *(SceUInt32*)0xe58880f0 = 2;
2133 *(SceUInt32*)0xe5888140 = 4;
2134 *(SceUInt32*)0xe5888150 = 2;
2135 *(SceUInt32*)0xe5888158 = 2;
2136 *(SceUInt32*)0xe5888160 = 0xb;
2137 *(SceUInt32*)0xe5888168 = 5;
2138 *(SceUInt32*)0xe5888178 = 6;
2139 *(SceUInt32*)0xe58880a8 = 0x2475;
2140 *(SceUInt32*)0xe58881a8 = 3;
2141 *(SceUInt32*)0xe58881b8 = 3;
2142 *(SceUInt32*)0xe5888200 = 0x72;
2143 *(SceUInt32*)0xe5888228 = 0x60;
2144 *(SceUInt32*)0xe5888260 = 0x70;
2145
2146 //TODO: use adefine for 0x80
2147 if (gKblParam.wakeupFactor & 0x80) { //0x80 = resume from suspend
2148 *(SceUInt32*)0xe5888000 = 5;
2149 *(SceUInt32*)0xe5888008 = 5;
2150 while ((*(volatile SceUInt32*)0xe5888020) != 0x44) {
2151 // ...
2152 }
2153 }
2154
2155 *(SceUInt32*)0xe5888000 = 1;
2156 *(SceUInt32*)0xe5888008 = 1;
2157 while ((*(volatile SceUInt32*)0xe5888020) != 0x11) {
2158 // ...
2159 }
2160
2161 *(SceUInt32*)0xe5888180 = 1;
2162 *(SceUInt32*)0xe5888100 = 0x302;
2163 *(SceUInt32*)0xe5888108 = 0x302;
2164
2165 // test write to LPDDR2SUB (???)
2166 *(SceUInt32*)0x80000000 = 0xdeadcafe;
2167 }
2168 }
2169
2170 if (sceKernelCheckDipsw(SCx_DIPSW_development_mode)) {
2171 // MMIO:SceGrab
2172 *(SceUInt32*)0xE8301210 = 0x1;
2173 }
2174
2175 // MMIO: PervasiveMisc
2176 *(SceUInt32*)0xE31000B0 = 0x1F3DAu;
2177 *(SceUInt32*)0xE31000B4 = 0xFFu;
2178
2179 // MMIO: Pervasive2
2180 *(SceUInt32*)0xE3110FC0 = 0x7FFFFu;
2181
2182 // MMIO: SceLT5
2183 LongTimer *lt5 = (void *)0xE20B6000u;
2184 lt5->configuration = 0x2F345008u; //TODO: decompose
2185 lt5->current.u.lo = 0u;
2186 lt5->current.u.hi = 0u;
2187 lt5->compare.u.lo = 0xFFFFFFFFu;
2188 lt5->compare.u.hi = 0xFFFFFFFFu;
2189 lt5->configuration = 0x2F34500Du; //TODO: decompose
2190#endif /* __SCx_KBL_SECURE_BUILD */
2191
2192 sceKernelSetGPO(SCx_GPO_CODE_KBL_04);
2193
2194#if __SCx_KBL_SECURE_BUILD
2195 if (DAT_4007a800 == 0) {
2196 /*
2197 * When coldbooting, copy KBL Param
2198 * to non-secure DRAM for NSKBL.
2199 *
2200 * TODO: use a define for the dst address
2201 */
2202 memcpy((void *)0x40200100, &gKblParam, sizeof(gKblParam));
2203 }
2204#endif /* __SCx_KBL_SECURE_BUILD */
2205 }
2206
2207//LAB_5100044c: | LAB_40020cce:
2208 __set_CSSELR(0); //p15,0x2,r3,cr0,cr0,0x0
2209 __set_TEECR(1); //p14,0x6,r3,cr0,cr0,0x0
2210 __set_TEEHBR(8); //p14,0x6,r3,cr1,cr0,0x0
2211 __set_JOSCR(1); //p14,0x7,r3,cr1,cr0,0x0
2212
2213 // Also this is saved on the stack...
2214 __set_VBAR(VECTOR_TABLE); //p15,0x0,r7,cr12,cr0,0x0
2215
2216 __set_TPIDRURW(0); //p15,0x0,r3,cr13,cr0,0x2
2217 __set_TPIDRURO(0); //p15,0x0,r3,cr13,cr0,0x3
2218 __set_TPIDRPRW(0); //p15,0x0,r3,cr13,cr0,0x4
2219
2220 sceKernelCorelockUnlock(&g_boot_corelock);
2221
2222 sceKernelSetGPO(SCx_GPO_CODE_KBL_05);
2223
2224 //Note that "TTBR1" is used to actually hold a TTBCR value here!
2225 SceUInt32 cpuId = sceKernelCpuId();
2226 gpKernelBootParam->bootCpu[cpuId].mmuContext.TTBR1 = 2; //TODO: #define
2227 gpKernelBootParam->bootCpu[cpuId].mmuContext.DACR = 0x55555555; //TODO: #define
2228 gpKernelBootParam->bootCpu[cpuId].mmuContext.contextid = 0xf7; //TODO: #define | for SKBL this is 0xF0
2229 sceArmSetDACR(0x55555555); //TODO: #define (for 0x55...)
2230
2231 sceKernelCorelockLock(&g_boot_corelock, 0);
2232 if (cpuId == 0) {
2233 /* ... */
2234
2235 /* Initialize ASLR bitmaps */
2236 for (int i = 0; i < ARRAY_SIZE(aslr_bitmap); i++) {
2237 aslr_bitmap[i] = 0;
2238 }
2239 for (int i = 0; i < ARRAY_SIZE(mega_aslr_bitmap); i++) {
2240 mega_aslr_bitmap[i] = 0;
2241 }
2242
2243 /* Reserve bottom 16 KiB of L2PT000 for NULL guard page */
2244 aslr_bitmap_alloc(0, 4 * SCE_KERNEL_4KiB);
2245
2246 /* Mark first 1MiB as used (for L2PT000) in MegaASLR bitmap */
2247 //OPTIMIZED TO
2248 //if (MegaASLR_bitmap[0] != 0x1)
2249 // MegaASLR_bitmap[0] = 0x1;
2250
2251 /* ...TODO... */
2252 }
2253 sceKernelCorelockUnlock(&g_boot_corelock);
2254
2255 // Configure paging registers
2256 __set_TTBR0(l1pt_to_ttbr(gpKernelBootParam->ttbr0.pbase));
2257 __set_TTBR1(l1pt_to_ttbr(gpKernelBootParam->ttbr1.pbase));
2258 __set_TTBCR(gpKernelBootParam->bootCpu[cpuId].mmuContext.TTBR1);
2259 __set_DACR(0x55555555);
2260 __set_CONTEXTIDR(gpKernelBootParam->bootCpu[cpuId].mmuContext.contextid);
2261
2262 sceKernelCorelockLock(&g_boot_corelock, 0);
2263 if (sceKernelCpuId() == 0) {
2264 /*
2265 * Copy vector table to SceExceptionEntry (why?!)
2266 * and to SceExceptionEntry+0x100 (used as VBAR)
2267 */
2268 char *p = memcpy((void *)gpKernelBootParam->memory[0].addr, VECTOR_TABLE, VECTOR_TABLE_SIZE);
2269 memcpy(p + VECTOR_TABLE_SIZE, VECTOR_TABLE, VECTOR_TABLE_SIZE);
2270 gpKernelBootParam->resetVector = gpKernelBootParam->excpEntry.vbase + 0x100;
2271
2272#if __SCx_KBL_SECURE_BUILD
2273 extern char MONITOR_TABLE[];
2274 const SceSize MONITOR_TABLE_SIZE = 0x34;
2275
2276 /*
2277 * Copy monitor table to SceExceptionEntry+0x03C
2278 * (aligned up to 0x20 boundary as required for MVBAR)
2279 * => In practice, MVBAR = SceExceptionEntry+0x40 (?)
2280 *
2281 * TODO: use a define for MVBAR alignement (0x20)
2282 */
2283 memcpy(ALIGN_UP(gpKernelBootParam->memory[0].addr, 0x20), MONITOR_TABLE, MONITOR_TABLE_SIZE);
2284
2285 //wtf?
2286 *(SceUInt32*)(gpKernelBootParam->memory[0].addr + 0xA0) = 0x9E3199B7;
2287#endif /* __SCx_KBL_SECURE_BUILD */
2288 }
2289 sceKernelCorelockUnlock(&g_boot_corelock);
2290
2291#if __SCx_KBL_SECURE_BUILD
2292 if (sceKernelCpuId() == 0) {
2293 FUN_40040514(L2C_BASE); // disable L2C and apply proper configuration
2294 }
2295#endif /* __SCx_KBL_SECURE_BUILD */
2296
2297 sceKernelCorelockLock(&g_boot_corelock, 0);
2298 /* TODO: old FW has something here? */
2299 sceKernelCorelockUnlock(&g_boot_corelock);
2300
2301#if __SCx_KBL_SECURE_BUILD
2302 if (sceKernelCpuId() == 0) {
2303 FUN_40040514(L2C_BASE); //l2cache_init() - disable + configure
2304
2305 if (sceKernelCheckDipsw(SCx_DIPSW_development_mode)) {
2306 FUN_4003fe3c(1); // l2cache_evt_monitor_bus_enable()
2307 }
2308
2309 FUN_4003fee8(); // l2cache_inv_all();
2310 }
2311
2312 FUN_4003f9fc(); // d$ inv all (PoU)
2313 FUN_4003f9d0(); // i$ inv all PoU
2314
2315 if (sceKernelCpuId() == 0) {
2316 FUN_4003fe60(); // l2cache_enable();
2317 }
2318#endif /* __SCx_KBL_SECURE_BUILD */
2319
2320 FUN_5101d6d4(); //set SCTLR / enable MMU - FUN_4003fad0 in SKBL
2321
2322#if __SCx_KBL_SECURE_BUILD
2323 FUN_4003fb0c(); //set ACTLR stuff
2324#endif /* __SCx_KBL_SECURE_BUILD */
2325
2326 sceKernelCorelockLock(&g_boot_corelock, 0);
2327 /* TODO: old FW has something here? */
2328 sceKernelCorelockUnlock(&g_boot_corelock);
2329
2330 sceKernelCorelockLock(&kbp_corelock, 0);
2331 /* TODO: old FW has something here? */
2332 sceKernelCorelockUnlock(&kbp_corelock);
2333
2334 __set_VBAR(gpKernelBootParam->resetVector);
2335#if __SCx_KBL_SECURE_BUILD
2336 __set_MVBAR(ROUND_UP((SceUIntPtr)gpKernelBootParam->resetVector + 0x5B, 0x20u));
2337#endif /* __SCx_KBL_SECURE_BUILD */
2338
2339 FUN_5101ee30(); //set some global to 1 - FUN_400418d8 in skbl
2340
2341 sceKernelCorelockLock(&kbp_corelock, 0);
2342 (void)sceKernelCpuId();
2343 /* TODO: old FW has something here? */
2344 sceKernelCorelockUnlock(&kbp_corelock);
2345
2346 sceKernelSetGPO(SCx_GPO_CODE_KBL_06);
2347
2348 /* TODO: old FW has something here? */
2349
2350 sceKernelSetGPO(SCx_GPO_CODE_KBL_07);
2351
2352 if (sceKernelCpuId() == 0) {
2353 SceUIntPAddr pa;
2354 sceKernelVAtoPA((void *)0x8000, &pa);
2355 sceKernelVAtoPA((void *)0x40100000, &pa);
2356 sceKernelVAtoPA((void *)0x47000000, &pa);
2357 sceKernelVAtoPA((void *)0xe0000000, &pa);
2358 }
2359
2360 /* Jump to KBL main function */
2361 sceKblMain(gpKernelBootParam);
2362
2363 sceKernelCorelockLock(&kbp_corelock, 0);
2364 (void)sceKernelCpuId();
2365 /* TODO: old FW has something here? */
2366 sceKernelCorelockUnlock(&kbp_corelock);
2367
2368 for (;;) {
2369 /* Halt processor */
2370 }
2371}
sceKernelCorelockUnlock
void sceKernelCorelockUnlock(SceKernelCorelock *corelock)
VECTOR_TABLE_SIZE
const SceSize VECTOR_TABLE_SIZE
Definition boot.c:188
memcpy
void * memcpy(void *, const void *, SceSize)
smc_0x103
int smc_0x103(void)
FUN_5101c56c
void FUN_5101c56c(SceUInt32 flags, void *kmc, char *fmt,...)
BOOTSW_CP_INFO
#define BOOTSW_CP_INFO
Definition boot.c:50
MapASLR
SceUInt32 MapASLR(SceSize size, SceUInt32 seed)
Definition boot.c:683
DBG_PRINT_sensitive_lvl1
#define DBG_PRINT_sensitive_lvl1(fmt,...)
Definition boot.c:232
DBG_KMC_PRINT_LVL
#define DBG_KMC_PRINT_LVL(lvl, flags, fmt,...)
Definition boot.c:228
sceKernelCpuId
SceUInt32 sceKernelCpuId(void)
FUN_510013f8
SceInt32 FUN_510013f8(void)
Definition boot.c:273
l1pt_to_ttbr
SceUInt32 l1pt_to_ttbr(SceUIntPAddr l1pt_paddr)
Definition boot.c:207
_fbss
void _fbss
KBL_REVISION_STR
#define KBL_REVISION_STR
Definition boot.c:17
mega_aslr_bitmap_alloc
SceInt32 mega_aslr_bitmap_alloc(SceUInt32 index)
Definition boot.c:608
sceKernelGetAssertLevel
SceInt32 sceKernelGetAssertLevel(void)
sceKblMain
void sceKblMain(SceKernelBootParam *pBoot)
KBL_BUILD_DATE_STR
#define KBL_BUILD_DATE_STR
Definition boot.c:18
MapMegaASLR
SceUInt32 MapMegaASLR(SceSize size, SceUInt32 seed)
Definition boot.c:613
KERMIT_REVISION_MASK
#define KERMIT_REVISION_MASK
Definition boot.c:240
BOOTSW_ASLR_SEED
#define BOOTSW_ASLR_SEED
Definition boot.c:51
__ASSERT_LVL
#define __ASSERT_LVL(lvl, cond)
Definition boot.c:235
_end
void _end
aslr_bitmap_alloc
SceInt32 aslr_bitmap_alloc(SceUInt32 offset, SceSize size)
Definition boot.c:650
sceKernelVAtoPA
SceInt32 sceKernelVAtoPA(const void *va, SceUIntPAddr *pPA)
KBL_PARAM_MAGIC
#define KBL_PARAM_MAGIC
Definition boot.c:76
DBG_KMC_PRINT
#define DBG_KMC_PRINT(flags, fmt,...)
Definition boot.c:225
ALIGN_UP
#define ALIGN_UP(ptr, align)
Definition boot.c:184
sceKernelAssertLevel
void sceKernelAssertLevel(SceInt32 lvl, _Bool cond, const void *kmc)
ASLR_BITMAP_SIZE
#define ASLR_BITMAP_SIZE
Definition boot.c:647
sceKernelPrintfLevel
void sceKernelPrintfLevel(SceInt32 lvl, const char *fmt,...)
VECTOR_TABLE
char VECTOR_TABLE[]
KERNEL_BOOT_PARAM_MAGIC
#define KERNEL_BOOT_PARAM_MAGIC
Definition boot.c:181
__set_dipsw_source
void __set_dipsw_source(const void *pDipsw)
boot
void boot(void)
Definition boot.c:1693
MEGA_ASLR_BITMAP_SIZE
#define MEGA_ASLR_BITMAP_SIZE
Definition boot.c:605
sceKernelCorelockLock
void sceKernelCorelockLock(SceKernelCorelock *corelock, SceUInt32 firstcpu)
__SCx_KBL_SECURE_BUILD
#define __SCx_KBL_SECURE_BUILD
Definition boot.c:245
FUN_5101c5dc
void FUN_5101c5dc(SceInt32 lvl, SceUInt32 flags, void *kmc, char *fmt,...)
KBL_PARAM_LOCATION
#define KBL_PARAM_LOCATION
Definition boot.c:252
DBG_PRINT_sensitive_lvl0
#define DBG_PRINT_sensitive_lvl0(fmt,...)
Definition boot.c:230
SCx_GPO_CODE_KBL_01
#define SCx_GPO_CODE_KBL_01
Definition debug.h:24
SCx_GPO_CODE_KBL_04
#define SCx_GPO_CODE_KBL_04
Definition debug.h:27
SCx_GPO_CODE_KBL_05
#define SCx_GPO_CODE_KBL_05
Definition debug.h:28
SCx_GPO_CODE_KBL_07
#define SCx_GPO_CODE_KBL_07
Definition debug.h:30
sceKernelSetGPO
SceInt32 sceKernelSetGPO(SceUInt32 uiBits)
Set pattern to display on GPO LEDs.
SCx_GPO_CODE_KBL_03
#define SCx_GPO_CODE_KBL_03
Definition debug.h:26
SCx_GPO_CODE_KBL_06
#define SCx_GPO_CODE_KBL_06
Definition debug.h:29
SCx_GPO_CODE_KBL_02
#define SCx_GPO_CODE_KBL_02
Definition debug.h:25
SCE_KERNEL_ERROR_ERROR
#define SCE_KERNEL_ERROR_ERROR
Definition error.h:9
SCx_DIPSW__C8
#define SCx_DIPSW__C8
Definition dipsw.h:106
SCx_DIPSW__C9
#define SCx_DIPSW__C9
Definition dipsw.h:107
SCx_DIPSW__CC
#define SCx_DIPSW__CC
Definition dipsw.h:110
SCx_DIPSW__C1
#define SCx_DIPSW__C1
Definition dipsw.h:99
SCx_DIPSW__C7
#define SCx_DIPSW__C7
Definition dipsw.h:105
SCx_DIPSW__C5
#define SCx_DIPSW__C5
Definition dipsw.h:103
SCx_DIPSW__D4
#define SCx_DIPSW__D4
Definition dipsw.h:125
SCx_DIPSW__C6
#define SCx_DIPSW__C6
Definition dipsw.h:104
SCx_DIPSW__CB
#define SCx_DIPSW__CB
Definition dipsw.h:109
SCE_DIPSW_ENABLE_TOOL_PHYMEMPART
#define SCE_DIPSW_ENABLE_TOOL_PHYMEMPART
Enable TOOL physical memory partition.
Definition dipsw.h:122
SCx_DIPSW__CE
#define SCx_DIPSW__CE
Definition dipsw.h:112
SCx_DIPSW__D5
#define SCx_DIPSW__D5
Definition dipsw.h:132
SCx_DIPSW__D3
#define SCx_DIPSW__D3
Definition dipsw.h:124
SCx_DIPSW__C0
#define SCx_DIPSW__C0
Definition dipsw.h:98
SCx_DIPSW__C2
#define SCx_DIPSW__C2
Definition dipsw.h:100
SCx_DIPSW__C4
#define SCx_DIPSW__C4
Definition dipsw.h:102
SCx_DIPSW_platform_emulation_dolce
#define SCx_DIPSW_platform_emulation_dolce
Definition dipsw.h:44
SCx_DIPSW_development_mode
#define SCx_DIPSW_development_mode
Definition dipsw.h:51
SCx_DIPSW__BA
#define SCx_DIPSW__BA
Definition dipsw.h:85
SCx_DIPSW__E4
#define SCx_DIPSW__E4
Definition dipsw.h:164
SCx_DIPSW__FD
#define SCx_DIPSW__FD
Definition dipsw.h:189
sceKernelClearDipsw
void sceKernelClearDipsw(SceUInt32 no)
Clear DIP switch.
sceKernelSetDipsw
void sceKernelSetDipsw(SceUInt32 no)
Set DIP switch.
sceKernelCheckDipsw
SceBool sceKernelCheckDipsw(SceUInt32 no)
Check state of a DIP switch.
SCE_OK
#define SCE_OK
Definition sceerror.h:2
SceUInt16
unsigned short SceUInt16
Definition scetypes.h:11
SCE_FALSE
#define SCE_FALSE
Definition scetypes.h:41
SceUInt32
unsigned int SceUInt32
Definition scetypes.h:13
SceBool
int SceBool
Definition scetypes.h:39
SceUIntPtr
unsigned int SceUIntPtr
Definition scetypes.h:45
SceSize
unsigned int SceSize
Definition scetypes.h:228
SceUID
int SceUID
Definition scetypes.h:237
SceInt32
signed int SceInt32
Definition scetypes.h:12
SceUInt8
unsigned char SceUInt8
Definition scetypes.h:7
SceUIntVAddr
unsigned int SceUIntVAddr
Definition scetypes.h:234
SceUIntPAddr
unsigned int SceUIntPAddr
Definition scetypes.h:235
sdk_version.h
SCE_PSP2_SDK_VERSION
#define SCE_PSP2_SDK_VERSION
Definition sdk_version.h:5
SceKBLParam::stack_canary
SceUInt32 stack_canary
Definition boot.c:60
SceKBLParam::cached_secure_modules
SceKernelPARange cached_secure_modules[4]
Definition boot.c:58
SceKBLParam::magic
SceUInt32 magic
Definition boot.c:74
SceKBLParam::dram_size
SceSize dram_size
Definition boot.c:54
SceKBLParam::wakeupFactor
SceUInt32 wakeupFactor
Definition boot.c:64
SceKBLParam::minimal_fw
SceUInt32 minimal_fw
Definition boot.c:42
SceKBLParam::powerInfo
SceUInt32 powerInfo
Definition boot.c:69
SceKBLParam::sleepFactor
SceUInt32 sleepFactor
Definition boot.c:63
SceKBLParam::hwInfo2
SceUInt8 hwInfo2[16]
Definition boot.c:72
SceKBLParam::bootControlsInfo
SceUInt32 bootControlsInfo
Definition boot.c:66
SceKBLParam::session_id
SceUInt8 session_id[16]
Definition boot.c:62
SceKBLParam::current_fw
SceUInt32 current_fw
Definition boot.c:41
SceKBLParam::bootsw
SceUInt32 bootsw[8]
Definition boot.c:49
SceKBLParam::size
SceUInt16 size
Definition boot.c:40
SceKBLParam::version
SceUInt16 version
Definition boot.c:39
SceKBLParam::unk_10
SceUInt32 unk_10
Definition boot.c:44
SceKBLParam::kbl_load_time
SceUInt32 kbl_load_time
Definition boot.c:71
SceKBLParam::openpsid
SceUInt8 openpsid[16]
Definition boot.c:57
SceKBLParam::unused_68
SceUInt32 unused_68
Definition boot.c:55
SceKBLParam::suspendinfo_adr
SceUIntPAddr suspendinfo_adr
Definition boot.c:67
SceKBLParam::random_AC
SceUInt32 random_AC
Definition boot.c:61
SceKBLParam::unk_DC
SceUInt32 unk_DC
Definition boot.c:70
SceKBLParam::qaf
SceUInt8 qaf[16]
Definition boot.c:46
SceKBLParam::sbl_revision
SceUInt32 sbl_revision
Definition boot.c:73
SceKBLParam::dram_base
SceUIntPAddr dram_base
Definition boot.c:53
SceKBLParam::BootTypeIndicator1
SceUInt32 BootTypeIndicator1
Definition boot.c:56
SceKBLParam::unused_C
SceUInt32 unused_C
Definition boot.c:43
SceKBLParam::boot_flags
SceUInt8 boot_flags[16]
Definition boot.c:47
SceKBLParam::unused_14
SceUInt32 unused_14[3]
Definition boot.c:45
SceKBLParam::connInfo
SceUInt32 connInfo
Definition boot.c:65
SceKBLParam::hardwareInfo
SceUInt32 hardwareInfo
Definition boot.c:68
SceKBLParam::pscode
ScePSCode pscode
Definition boot.c:59
SceKernelBootParam::phyMemPartKD
void * phyMemPartKD
Definition boot.c:140
SceKernelBootParam::pPageKernelReset
void * pPageKernelReset
Definition boot.c:143
SceKernelBootParam::pGUIDEntryHeap
void * pGUIDEntryHeap
Definition boot.c:163
SceKernelBootParam::pPageL2PageTable000
void * pPageL2PageTable000
Definition boot.c:144
SceKernelBootParam::fh32b
kbp_boot_block fh32b
Definition boot.c:115
SceKernelBootParam::magic
SceUInt32 magic
Definition boot.c:179
SceKernelBootParam::num_memory
SceSize num_memory
Definition boot.c:96
SceKernelBootParam::pL2PageTable_for_SceKernelL2PageTable000
void * pL2PageTable_for_SceKernelL2PageTable000
Definition boot.c:165
SceKernelBootParam::pPageSysroot
void * pPageSysroot
Definition boot.c:145
SceKernelBootParam::mmuContext
SceKernelMMUContext mmuContext
Definition boot.c:129
SceKernelBootParam::size
SceSize size
Definition boot.c:94
SceKernelBootParam::pPageFixedHeapForL2Object
void * pPageFixedHeapForL2Object
Definition boot.c:155
SceKernelBootParam::pPageL2Vector
void * pPageL2Vector
Definition boot.c:148
SceKernelBootParam::pPartitionKernel
void * pPartitionKernel
Definition boot.c:168
SceKernelBootParam::ttbr0_max_addr
SceUIntVAddr ttbr0_max_addr
Definition boot.c:105
SceKernelBootParam::sizeTTBR0Address
SceSize sizeTTBR0Address
Definition boot.c:106
SceKernelBootParam::pSysroot
void * pSysroot
Definition boot.c:135
SceKernelBootParam::pPagePhypage
void * pPagePhypage
Definition boot.c:149
SceKernelBootParam::bootkernimg
kbp_boot_block bootkernimg
Definition boot.c:123
SceKernelBootParam::hwreg
kbp_boot_block hwreg
Definition boot.c:124
SceKernelBootParam::minimum_log_level
SceUInt32 minimum_log_level
Definition boot.c:177
SceKernelBootParam::stackBottom
void * stackBottom
Definition boot.c:132
SceKernelBootParam::pPageFixedHeap48B
void * pPageFixedHeap48B
Definition boot.c:153
SceKernelBootParam::l2v
kbp_boot_block l2v
Definition boot.c:113
SceKernelBootParam::sysroot
kbp_boot_block sysroot
Definition boot.c:114
SceKernelBootParam::unk_50
SceUInt32 unk_50[2]
Definition boot.c:103
SceKernelBootParam::fh64b
kbp_boot_block fh64b
Definition boot.c:117
SceKernelBootParam::pFixedHeap64B
void * pFixedHeap64B
Definition boot.c:159
SceKernelBootParam::l2pt000_map_base
SceUIntVAddr l2pt000_map_base
Definition boot.c:109
SceKernelBootParam::pPageBootKernelImage
void * pPageBootKernelImage
Definition boot.c:151
SceKernelBootParam::pKernelAddressSpace
void * pKernelAddressSpace
Definition boot.c:171
SceKernelBootParam::unk_300
void * unk_300
Definition boot.c:174
SceKernelBootParam::secure
SceBool secure
Definition boot.c:95
SceKernelBootParam::pKblParam
SceKBLParam * pKblParam
Definition boot.c:98
SceKernelBootParam::fh48b
kbp_boot_block fh48b
Definition boot.c:116
SceKernelBootParam::pPageFixedHeap32B
void * pPageFixedHeap32B
Definition boot.c:152
SceKernelBootParam::pFixedHeapForL2Object
void * pFixedHeapForL2Object
Definition boot.c:160
SceKernelBootParam::phypageHigh
kbp_boot_block phypageHigh
Definition boot.c:122
SceKernelBootParam::memory
SceKernelPARange memory[4]
Definition boot.c:97
SceKernelBootParam::sizeTTBR1Address
SceSize sizeTTBR1Address
Definition boot.c:108
SceKernelBootParam::l2pt000
kbp_boot_block l2pt000
Definition boot.c:112
SceKernelBootParam::phypage
kbp_boot_block phypage
Definition boot.c:121
SceKernelBootParam::fhL2Object
kbp_boot_block fhL2Object
Definition boot.c:119
SceKernelBootParam::putchar_handler
void * putchar_handler
Definition boot.c:176
SceKernelBootParam::unused_30
SceUInt32 unused_30[5]
Definition boot.c:99
SceKernelBootParam::unk188
kbp_boot_block unk188
Definition boot.c:120
SceKernelBootParam::pPagePhypageHigh
void * pPagePhypageHigh
Definition boot.c:150
SceKernelBootParam::l2pt000_map_base__again
SceUInt32 l2pt000_map_base__again
Definition boot.c:136
SceKernelBootParam::excpEntry
kbp_boot_block excpEntry
Definition boot.c:111
SceKernelBootParam::pL2PageTable000
SceUInt32 * pL2PageTable000
Definition boot.c:137
SceKernelBootParam::resetVector
void * resetVector
Definition boot.c:138
SceKernelBootParam::KermitRevision
SceUInt32 KermitRevision
Definition boot.c:102
SceKernelBootParam::pPageTTBR0
void * pPageTTBR0
Definition boot.c:146
SceKernelBootParam::ttbr0
kbp_boot_block ttbr0
Definition boot.c:104
SceKernelBootParam::reset
kbp_boot_block reset
Definition boot.c:110
SceKernelBootParam::revision1
SceUInt32 revision1
Definition boot.c:101
SceKernelBootParam::phyMemPartTool
void * phyMemPartTool
Definition boot.c:141
SceKernelBootParam::pCorelock
SceKernelCorelock * pCorelock
Definition boot.c:125
SceKernelBootParam::pFixedHeap32B
void * pFixedHeap32B
Definition boot.c:157
SceKernelBootParam::pPageTTBR1
void * pPageTTBR1
Definition boot.c:147
SceKernelBootParam::unk_2fc
SceUInt32 unk_2fc
Definition boot.c:173
SceKernelBootParam::pFixedHeap48B
void * pFixedHeap48B
Definition boot.c:158
SceKernelBootParam::uidPartitionKernel
SceUID uidPartitionKernel
Definition boot.c:169
SceKernelBootParam::pPageFixedHeap64B
void * pPageFixedHeap64B
Definition boot.c:154
SceKernelBootParam::pPageUIDHeap
void * pPageUIDHeap
Definition boot.c:162
SceKernelBootParam::ttbr1
kbp_boot_block ttbr1
Definition boot.c:107
SceKernelBootParam::unk_00
SceUInt32 unk_00[2]
Definition boot.c:128
SceKernelBootParam::pL2PageTable_for_PhyPage
void * pL2PageTable_for_PhyPage
Definition boot.c:166
SceKernelBootParam::revision0
SceUInt32 revision0
Definition boot.c:100
SceKernelBootParam::fhUIDEntry
kbp_boot_block fhUIDEntry
Definition boot.c:118
SceKernelCorelock::owner
SceUInt16 owner
Definition boot.c:23
SceKernelCorelock::unk4
SceUInt16 unk4
Definition boot.c:22
SceKernelCorelock::spin
SceUInt32 spin
Definition boot.c:21
SceKernelMMUContext::contextid
SceUInt32 contextid
Definition boot.c:90
SceKernelMMUContext::DACR
SceUInt32 DACR
Definition boot.c:89
SceKernelMMUContext::TTBR1
SceUInt32 TTBR1
Definition boot.c:88
SceKernelPARange::addr
SceUIntPAddr addr
Definition boot.c:27
SceKernelPARange::size
SceSize size
Definition boot.c:28
ScePSCode::product_code
SceUInt16 product_code
Definition boot.c:33
ScePSCode::company_code
SceUInt16 company_code
Definition boot.c:32
ScePSCode::product_subcode
SceUInt16 product_subcode
Definition boot.c:34
ScePSCode::factory_code
SceUInt16 factory_code
Definition boot.c:35
kbp_boot_block
Definition boot.c:78
kbp_boot_block::vbase
SceUIntVAddr vbase
Definition boot.c:81
kbp_boot_block::vsize
SceSize vsize
Definition boot.c:83
kbp_boot_block::extraHigh
SceSize extraHigh
Definition boot.c:84
kbp_boot_block::name
const char * name
Definition boot.c:79
kbp_boot_block::pbase
SceUIntPAddr pbase
Definition boot.c:80
kbp_boot_block::psize
SceSize psize
Definition boot.c:82