Boot Order

From PS3 Developer wiki
Revision as of 03:40, 13 April 2011 by Defyboy (talk | contribs) (added data on Cell Configuration Ring)
Jump to navigation Jump to search

Boot Sequence

Power on : syscon boots from it's internal (non-encrypted / dual banked) ROM *1 *2

+ syscon powers up various power subsystems
+ syscon powers up cell and checks status
+ syscon sends Cell configuration ring to Cell
+ syscon pulls the reset of Cell high -> Cell INIT

Cell INIT: CELL boots from it's internal ROM *2

+ Initialises RAM & I/O
+ fetches encrypted bootldr off NAND/NOR flash (at address 0xF00000)
+ loads bootldr into Isolated SPU (SPE0)
+ Isolated SPU decrypts bootldr
+ bootldr decrypts lv0 which runs on PPU -> loaders INIT

loaders INIT: lv0 loads metldr (SPE2)

+ passes lv1ldr (which loads lv1) to metldr
+ passes lv2ldr (which loads lv2) to metldr
+ passes appldr (which loads vsh) to metldr
+ passes isoldr (which loads *.iso_spu_module) to metldr
+ passes rvkldr (which loads rvkprg / rvklist) to metldr
  • 1) Read/Writeable with undocumented / should also be read/writeable through serial port and possible to switch it to the backup bank1 with backup_mode pulled high
  • 2) CEX/Retail consoles go to standby with red light. SEX/SHOP/SECH will not standby, but instead boot through without waiting for powerbutton. Also check is done on all models if update is flagged to set it into firmware updating procedure
  • 3) Partialy Read/Writeable

about the disabled SPE: syscon reads it’s internal (non-encrypted) eeprom @ 0x48C30 which is value 0×06 on all CEX/Retail consoles and will set the cell config ring accordingly for 7 SPE’s. SPE0 and SPE2 are reserved for bootldr and metldr for isolation respectively. Setting the value to a nonworking state (e.g. 0×00, 0xFF, enabling a defective SPE or disabling a needed SPE for proper boot) might brick the console, locking you out from restoring the correct value to the syscon eeprom.

Chain of Trust

Name Location Processor Encryption Updateable Revokable Usage Exploited
Cell ROM Cell ROM PPU None No No Initialise SPR, SPI, Isolation No
bootldr (Boot Loader) NAND/NOR (asecure_loader) SPE(0) Per Console Encrypted at factory No No Boot lv0 No
lv0 (Level 0) NAND/NOR (COREOS) PPU Static Encryption / Signed Yes No Setup Hardware No
metldr (Meta Loader) NAND/NOR (asecure_loader) SPE(2) Per Console Encrypted at factory No No Run loaders Yes
lv1ldr (Level 1 (Hypervisor) Loader) NAND/NOR (COREOS) SPE(2) Static Encryption / Signed Yes No Decrypt lv1 (Hypervisor) Yes
lv2ldr (Level 2 (GameOS) Loader) NAND/NOR (COREOS) SPE(2) Static Encryption / Signed Yes No Decrypt lv2 (GameOS) Yes
appldr (Application Loader) NAND/NOR (COREOS) SPE(2) Static Encryption / Signed Yes Yes Decrypt games Yes
isoldr (Isolation Loader) NAND/NOR (COREOS) SPE(2) Static Encryption / Signed Yes No Decrypt modules Yes
rvkldr (Revokation Loader) NAND/NOR (COREOS) SPE(2) Static Encryption / Signed Yes No decrypt revoke list Yes

Chain of trust Diagram

Ps3-cryptochain.png

Cell BE Configuration Ring

This data was captured from the SPI bus connecting CELL to SYSCON

Offset Length IBM Default Value PS3 Value Description
Pervasive Logic (PRV) Bits
0 2 00 00 Reserved
SPE_1 Bits
2 10 0x000 0x000 Reserved
12 15 0x0000 0x0000 SPE1 MC_BASE
27 15 0x4000 0x4000 SPE1 MC_COMP_EN
42 10 0x380 0x380 SPE1 IOIF1_COMP_EN
52 139 0x40000000000000000000000000000000802 0x800000002401FC000000000000000000802 reserved
191 19 0x40000 0x40000 SPE1 BE_MMIO_Base
210 4 0x0 0x0 SPE1 Cell BE node ID
210 3 001 001 SPE1 SPE ID
213 11 0x1B0 0x1B0 Reserved
SPE_3 Bits
228 10 0x000 0x000 Reserved
238 15 0x0000 0x0000 SPE3 MC_BASE
253 15 0x4000 0x4000 SPE3 MC_COMP_EN
268 10 0x380 0x380 SPE3 IOIF1_COMP_EN
278 139 0x40000000000000000000000000000000802 0x800000002401FC000000000000000000802 reserved
417 19 0x40000 0x40000 SPE3 BE_MMIO_Base
436 4 0x0 0x0 SPE3 Cell BE node ID
440 3 011 011 SPE3 SPE ID
443 11 0x1B0 0x1B0 Reserved
SPE_5 Bits
454 10 0x000 0x000 Reserved
464 15 0x0000 0x0000 SPE5 MC_BASE
479 15 0x4000 0x4000 SPE5 MC_COMP_EN
494 10 0x380 0x380 SPE5 IOIF1_COMP_EN
504 139 0x40000000000000000000000000000000802 0x800000002401FC000000000000000000802 reserved
643 19 0x40000 0x40000 SPE5 BE_MMIO_Base
662 4 0x0 0x0 SPE5 Cell BE node ID
666 3 101 101 SPE5 SPE ID
669 11 0x1B0 0x1B0 Reserved
SPE_7 Bits
680 10 0x000 0x000 Reserved
690 15 0x0000 0x0000 SPE7 MC_BASE
705 15 0x4000 0x4000 SPE7 MC_COMP_EN
720 10 0x380 0x380 SPE7 IOIF1_COMP_EN
730 139 0x40000000000000000000000000000000802 0x800000002401FC000000000000000000802 reserved
869 19 0x40000 0x40000 SPE7 BE_MMIO_Base
888 4 0x0 0x0 SPE7 Cell BE node ID
892 3 111 111 SPE7 SPE ID
895 11 0x1B0 0x1B0 Reserved
Cell Broadband Engine Interface (BEI) Unit Bits
907 2 00 00 reserved
911 4 0x0 0x0 BIF Cell BE node ID
933 22 0x200005 0x200005 BEI ME_MMIO_Base
936 3 110 110 Reserved
939 3 011 011 Reserved
951 12 0xF80 0xF80 IOIF1 Base address mask
973 22 0x240000 0x240000 IOIF1 base address and replacement
985 12 0xF80 0xF80 IOIF0 base address mask
1007 22 0x280000 0x280000 IOIF1 base address and replacement
1009 2 00 00 Reserved
1011 2 10 10 AC0 cofiguration
1016 5 00100 00100 BIF/IOIF0 receive (RX) configuration
1022 6 000100 000100 BIF/IOIF0 transmit (TX) configuration
1028 6 000000 000000 Reserved
1029 1 1 1 BIF/IOIF0 coherency mode
1032 3 000 000 Reserved
1035 3 100 100 BIF/IOIF I/O reorder mode for transmit
1051 16 0x000 0x000 Reserved
1054 3 100 100 IOIF1 I/O reorder mode for transmit
1055 1 1 1 Reserved
1057 2 10 10 IOIF1 RX configuration
1059 2 10 10 IOIF1 TX configuration
1091 32 0x00800000 0x00000200 FlexIO phase-locked loop (PLL) configuration
1093 2 00 00 Reserved
EIB Unit Bits
1094 2 00 00 Reserved
1096 1 0 0 AC0 livelock response control
1100 4 0x0 0x0 EIB unit Cell BE node ID
1101 1 0 0 AC1 configuration
1102 1 1 1 AC0 configuration
1103 4 0010 0010 AC0 command credits
1107 22 0x200000 0x200000 LBAR0_cfg
1129 22 0x3FFFF8 0x3FFFF8 LBAMR0_cfg
1151 3 011 011 Reserved
1154 1 0 0 AC1 livelock response control
1156 2 00 00 Reserved
SPE_6 Bits
1157 10 0x000 0x000 Reserved
1167 15 0x0000 0x0000 SPE6 MC_BASE
1182 15 0x4000 0x4000 SPE6 MC_COMP_EN
1197 10 0x380 0x380 SPE6 IOIF1_COMP_EN
1207 139 0x40000000000000000000000000000000802 0x800000002401FC000000000000000000802 reserved
1346 19 0x40000 0x40000 SPE6 BE_MMIO_Base
1365 4 0x0 0x0 SPE6 unit Cell BE node ID
1369 3 0x7 0x7 SPE6 SPE ID
1372 11 0x1B0 0x1B0 Reserved
SPE_4 Bits
1383 10 0x000 0x000 Reserved
1393 15 0x0000 0x0000 SPE4 MC_BASE
1408 15 0x4000 0x4000 SPE4 MC_COMP_EN
1423 10 0x380 0x380 SPE4 IOIF1_COMP_EN
1433 139 0x40000000000000000000000000000000802 0x800000002401FC000000000000000000802 reserved
1572 19 0x40000 0x40000 SPE4 BE_MMIO_Base
1594 4 0x0 0x0 SPE4 unit Cell BE node ID
1595 3 0x7 0x7 SPE4 SPE ID
1598 11 0x1B0 0x1B0 Reserved
SPE_2 Bits
1609 10 0x000 0x000 Reserved
1619 15 0x0000 0x0000 SPE2 MC_BASE
1634 15 0x4000 0x4000 SPE2 MC_COMP_EN
1649 10 0x380 0x380 SPE2 IOIF1_COMP_EN
1659 139 0x40000000000000000000000000000000802 0x800000002401FC000000000000000000802 reserved
1817 19 0x40000 0x40000 SPE2 BE_MMIO_Base
1821 4 0x0 0x0 SPE2 unit Cell BE node ID
1824 3 010 010 SPE2 SPE ID
1372 11 0x1B0 0x1B0 Reserved
SPE_0 Bits
1835 10 0x000 0x000 Reserved
1835 15 0x0000 0x0000 SPE0 MC_BASE
1860 15 0x4000 0x4000 SPE0 MC_COMP_EN
1875 10 0x380 0x380 SPE0 IOIF1_COMP_EN
1885 139 0x40000000000000000000000000000000802 0x800000002401FC000000000000000000802 reserved
2024 19 0x40000 0x40000 SPE0 BE_MMIO_Base
2043 4 0x0 0x0 SPE0 unit Cell BE node ID
2047 3 000 000 SPE0 SPE ID
2050 11 0x1B0 0x1B0 Reserved
MIC Bus Logic Bits
2061 4 0x8 0x8 Reserved
2065 16 0x0000 0x0000 MIC address space start
2081 16 0xFFF8 0xFFFC MIC address space end
2097 30 0x20000509 0x20000509 PRV BE_MMIO_Base
2127 30 0x2000050A 0x2000050A MIC BE_MMIO_Base
2157 4 0x3 0x3 Reserved
2161 4 0x0 0x0 MIC unit Cell BE node ID
2165 2 00 00 Reserved
PowerPC Processor Unit Bits
2167 9 0x000 0x000 Reserved
2176 8 0x00 0x00 PIR_defn
2184 13 0x0000 0x0000 Reserved
2197 40 0x0000000000 0x2401fc00000 PPE SReset vector
2237 224 0x00000000000000000000000000800000000000000000000000000000 0x000000000000000000000000008000000000000000000000000003c0 Reserved
PowerPC Processor Storage Subsystem (PPSS) Bits
2461 61 0x0010000000000800 0x0010000000000800 Reserved
2522 1 1 L2 livelock indication enable
2523 44 0x000000F8000 0x000000F8000 Reserved
2567 4 0x0 0x0 PPE unit Cell BE node ID
2571 9 0x0D8 0x0D8 Reserved
2580 30 0x20000500 0x20000500 PPE BE_MMIO_Base
2610 7 0x47 0x47 Reserved
2617 1 1 1 Two-token decode for noncacheable unit (NCU) store
2618 16 0x0000 0x0000 Reserved
2634 1 1 1 NCU livelock indication enable
2635 1 1 1 PPE livelock indication enable
2636 2 00 00 Reserved
MIC Bits
2653 16 0x05A0 0x0000 XIO PLL (Y0+RQ_CTM) configuration lower half
2669 16 0x9C20 0x9CFC XIO PLL (Y0+RQ_CTM) configuration upper half
2670 4 0x0 0x0 Reserved
PRV Bits
2674 6 0x3F 0x1F Thermal overload temperature (cfg_TO)
2680 27 0x0288018 0x0288018 Reserved
2707 1 1 1 Perfasive logic livelock indication enable
2708 10 0x000 0x000 Reserved
2725 8 00000000 00001000 SPE disable
2694 3 000 011 Reserved

Changes in firmware 3.60

Lv0 has now been changed, LV0 now appears to encapsulate all of the loaders (lv1ldr, lv2ldr, appldr, isoldr, rvkldr). Now in order to break the chain of trust we need to be able to decrypt/exploit LV0 which at this time has not been done.