Loaders: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 97: | Line 97: | ||
|u64 || *spu_module || SPU - address in ram | |u64 || *spu_module || SPU - address in ram | ||
|- | |- | ||
|u64 || *spu_module_arg1 || Profile - address in ram | |u64 || *spu_module_arg1 || Profile - address in ram | ||
|- | |- | ||
|u64 || spu_module_arg1_size || sizeof(profile) | |u64 || spu_module_arg1_size || sizeof(profile) | ||
|- | |- | ||
|u64 || *spu_module_arg2 || Not used | |u64 || *spu_module_arg2 || Not used | ||
|- | |- | ||
|u64 || spu_module_arg2_size || Not used | |u64 || spu_module_arg2_size || Not used | ||
|- | |- | ||
|u8 || res1[16] || Unknown | |u8 || res1[16] || Unknown | ||
| Line 122: | Line 122: | ||
|u64 || *spu_module || SPU - address in ram | |u64 || *spu_module || SPU - address in ram | ||
|- | |- | ||
|u64 || *spu_module_arg1 || | |u64 || *spu_module_arg1 || aim_spu_args - address in ram | ||
|- | |- | ||
|u64 || spu_module_arg1_size || 0x80 | |u64 || spu_module_arg1_size || 0x80 | ||
|- | |- | ||
|u64 || *spu_module_arg2 || eid0 - address in ram | |u64 || *spu_module_arg2 || eid0 - address in ram | ||
|- | |- | ||
|u64 || spu_module_arg2_size || sizeof(eid0) | |u64 || spu_module_arg2_size || sizeof(eid0) | ||
|- | |- | ||
|u64 || field48 || 3 | |u64 || field48 || 3 | ||
|} | |} | ||
< | <pre> | ||
union | union aim_spu_args { | ||
struct { | struct { | ||
void *buf; // debug_info buffer address | void *buf; // debug_info buffer address | ||
| Line 145: | Line 145: | ||
} out; | } out; | ||
}; | }; | ||
</ | </pre> | ||
Revision as of 10:09, 13 December 2011
Explaination
Loaders are used for loading other modules.
Commonly found in CoreOS and Flash.
Known loaders
| Loader | Location | Type | Remarks |
|---|---|---|---|
| bootldr | Flash | Boot Loader | primairy loader from chain of trust |
| metldr | Flash | Meta Loader | aka asecure_loader. Loads other loaders |
| appldr | CoreOS | Application Loader | loads vsh.self (Userspace Module) |
| isoldr | CoreOS | Isolation Loader | loading isolated SPU modules |
| lv1ldr | CoreOS | Hypervisor Loader | loads lv1.self (Hypervisor) |
| lv2ldr | CoreOS | Supervisor Loader | loads lv2_kernel.self (Supervisor kernel) |
Stop Codes
| Stop Code | Module | Remark |
|---|---|---|
| 0x30 | isoldr/appldr | Version mismatch (isoldr version differs from version returned by SPU channel 73). |
| 0x16 | isoldr | |
| 0x27 | appldr | SPU arg at 0x3E840 |
0x27
When booting, lv1ldr store its version in this region writing to ch_72.
isoldr asks for the version in two chuncks, if you want to pass version 3.41 (0x0003004100000000)
Note: this version check was recently added, maybe in fw 3.41
//for ch_73_round_0 data0 = 0x00030041; //for ch_73_round_1 data1 = 0x00000000;
lv1ldr
Used for loading the hypervisor (lv1.self)
LS Parameters Layout
| Address | Usage | Comments |
|---|---|---|
| 0x3E000 | Wait flag | If (flag==0){wait;} // use 0xFF00000000ULL |
| 0x3E800 | Arguments |
isoldr
Used for loading isolated SPU modules.
LS Parameters layout
| Address | Usage | Comments |
|---|---|---|
| 0x3E000 | Wait flag | If (flag==0){wait;} // use 0xFF00000000ULL |
| 0x3E400 | EID0 | |
| 0x3E800 | Arguments | |
| 0x3EC00 | QA-Token | If not used set to -1 |
| 0x3F000 | Program revoke list |
Arguments
Depending which isolated module you want to load, you would need to pass it different arguments.
| Size | Name | spp_verifier |
|---|---|---|
| u64 | prog_auth_id | 0x1050000003000001 |
| u64 | lpar_auth_id | 0x1070000002000001 |
| u64 | *spu_module | SPU - address in ram |
| u64 | *spu_module_arg1 | Profile - address in ram |
| u64 | spu_module_arg1_size | sizeof(profile) |
| u64 | *spu_module_arg2 | Not used |
| u64 | spu_module_arg2_size | Not used |
| u8 | res1[16] | Unknown |
| u64 | field48 | 3 |
| u8 res2[16] | Unknown |
| Size | Name | aim_spu_module |
|---|---|---|
| u64 | prog_auth_id | 0x1050000003000001 |
| u64 | lpar_auth_id | 0x1070000002000001 |
| u64 | *spu_module | SPU - address in ram |
| u64 | *spu_module_arg1 | aim_spu_args - address in ram |
| u64 | spu_module_arg1_size | 0x80 |
| u64 | *spu_module_arg2 | eid0 - address in ram |
| u64 | spu_module_arg2_size | sizeof(eid0) |
| u64 | field48 | 3 |
union aim_spu_args {
struct {
void *buf; // debug_info buffer address
u64 buf_size; // debug_info buffer size
u32 param; // 0x01 device type, 0x02 device id, 0x03 pscode, 0x04 psid
} in;
struct {
u8 result[0x10]; // no need to explain...
} out;
};