Dual Firmware

From PS3 Developer wiki
Revision as of 03:53, 21 May 2011 by Defyboy (talk | contribs)
Jump to navigation Jump to search

These methods are currently theoretical and have not been tested as of yet.

NOR/Nand Piggybacking

This method involves physically soldering another flash chip ontop of the existing flash packages, soldering the legs pin for pin (piggybacking). You will lift both #CE pins and provide a switch between them to select the appropriate flash chip, of which each will have a different firmware.

Dual-Banking

This method relies on the fact that SYSCON has 2 EEPROM banks, and a "recovery mode" flag that can be set to load a recovery firmware located in the ros1 region of the flash.

By pulling the backup_mode pin low or high, you can aparently switch eeprom banks in the SYSCON EEPROM. In the second bank, you would have the recovery mode flag set, thus loading firmware from the ros1 region on flash.

Limitations

Firmware hash checks

Firmware hash checks are located on SYSCON EEPROM, aparently these checks are run within Indi info manager on LV1. These compare the hashes stored in syscon with the files stored on flash. If the checks fail, the console does not boot. We could get around this by using dual-banking on SYSCON or by patching the checks out.

VFlash

Only a single version of VFlash is stored on flash in NAND consoles, and a single copy is stored at the beginning of the PS3 hard drive on NOR consoles. Because the firmware stored here doesn't match that stored on flash, you would have to reinstall the rest of firmware everytime you switch. We could possibly overcome this limitation by patching the storage manager to redirect vflash to another region of the hard disk.