Non Volatile Storage: Difference between revisions

From PS5 Developer wiki
Jump to navigation Jump to search
No edit summary
 
(23 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Short for NVS, holds some information about the console, including console unique identifiers, tokens, flags, and registry flags, as well as some semi-permanent ones.
Short for NVS, holds some information about the console, including console unique identifiers, tokens, flags, and registry flags, as well as some semi-permanent ones.
See also [https://www.psdevwiki.com/ps4/Non_Volatile_Storage PS4 Non Volatile Storage].


{| class="wikitable sortable"
{| class="wikitable sortable"
Line 5: Line 7:
! Bank # !! Block # !! Start Offset in /dev/sflash0s0x34 !! Start Offset in Sflash !! Size !! Notes
! Bank # !! Block # !! Start Offset in /dev/sflash0s0x34 !! Start Offset in Sflash !! Size !! Notes
|-
|-
| 0 || 0 || 0x0000 || 0x1C4000  || 0x3000 || ??????????
| 0 || 0 || 0x0000 || 0x1C4000  || 0x3000 || Unknown region. Probably EMC area like on PS4.
|-
|-
| 0 || 1 || 0x3000 || 0x1C7000  || 0x0200 || ??????????
| 0 || 1 || 0x3000 || 0x1C7000  || 0x0200 || Unknown region
|-
|-
| 0 || 2 || 0x3200 || 0x1C7200  || 0x0200 || pdcs region
| 0 || 2 || 0x3200 || 0x1C7200  || 0x0200 || pdcs region
|-
|-
| 0 || 3 || 0x3400 || 0x1C7400  || 0x0C00 || ??????????
| 0 || 3 || 0x3400 || 0x1C7400  || 0x0C00 || Unknown region
|-
|-
| 0 || 4 || 0x4000 || 0x1C8000  || 0x2000 || ??????????
| 0 || 4 || 0x4000 || 0x1C8000  || 0x3000 || os region
|-
|-
| 0 || 5 || 0x6000 || 0x1CA000 || 0x3000 || ???
| 1 || 0 || 0x7000 || 0x1CB000  || 0x3000 || backup of os region
|-
| 1 || 1 || 0xA000 || 0x1CE000 || 0x2000 || Partial backup of 0/0 Region (+0x1000)
|-
|-
| 0 || 6 || 0x9000 || 0x1CD000  || 0x1000 || ???
|}
|}


= Mapping of the detailed area (NVS service) =
= Mapping of the detailed area (NVS service) 0/0 - Unknown Area =


{| class="wikitable sortable"
{| class="wikitable sortable"
Line 26: Line 29:
! Bank # !! Block # !! Start Offset !! Start Offset in Sflash !! Size !! Notes
! Bank # !! Block # !! Start Offset !! Start Offset in Sflash !! Size !! Notes
|-
|-
| 0 || 0 || 0x0 || 0x1C4000 || 0x8 || board id (e.g 30 02 01 01 04 01 05 01)
| 0 || 0 || 0x0 || 0x1C4000 || 0x8 || Platform ID (e.g 30 02 01 01 04 01 05 01)
 
* '''04 01 01 01 01 01 04 01''' = a PS4 (for comparison)
* '''30 02 01 01 04 01 05 01''' = CFI-1014A 01X EDM-010
* '''30 02 01 01 04 01 05 01''' = CFI-1014A 01X EDM-010
* '''30 02 01 01 04 01 05 01''' = DFI-T1000AA EDM-010
* '''30 02 01 01 04 01 05 01''' = DFI-T1000AA EDM-010
* '''30 02 02 01 01 01 05 01''' = CFI-1115A 01X EDM-020
* '''30 02 02 01 01 01 05 01''' = CFI-1115A 01X EDM-020
* '''30 02 03 01 01 01 05 01''' = CFI-1215A 01X EDM-030
* '''30 02 03 01 01 01 05 01''' = CFI-1215A 01X EDM-030
|-
| 0 || 0 || 0x1900 || 0x1C5900 || 0x700 || ??? (encrypted garbage in prototype PS5 DevKit dump)
|-
|}
= Mapping of the detailed area (NVS service) 0/2 - PDCSAREA =


{| class="wikitable sortable"
|-
! Bank # !! Block # !! Start Offset !! Start Offset in Sflash !! Size !! Notes
|-
|-
| 0 || 2 || 0x0 || 0x1C7200 || 0x10 || Kiban ID (e.g 40002B02184672A0)
| 0 || 2 || 0x0 || 0x1C7200 || 0x10 || Kiban ID (e.g 40002B02184672A0)
Line 45: Line 57:
|-
|-
| 0 || 2 || 0x70 || 0x1C7270 || 0x12 || Viop Data (Split into Multiples of 2)
| 0 || 2 || 0x70 || 0x1C7270 || 0x12 || Viop Data (Split into Multiples of 2)
|-
| 0 || 2 || 0x90 || 0x1C7290 || 0x?? || SSD Diag Done State
|-
|-
| 0 || 2 || 0x1B0 || 0x1C73B0 || 0x8 || CARLO Board ID (DEV Only) / Sub Kiban ID
| 0 || 2 || 0x1B0 || 0x1C73B0 || 0x8 || CARLO Board ID (DEV Only) / Sub Kiban ID
Line 54: Line 68:
| 0 || 2 || 0x1CC || 0x1C73CC || 0x6 || BD Address 2
| 0 || 2 || 0x1CC || 0x1C73CC || 0x6 || BD Address 2
|-
|-
| 0 || 2 || 0x1E0 || 0x1C73E0 || 0x8 || ImageId
| 0 || 2 || 0x1E0 || 0x1C73E0 || 0x8 || ImagePackageId (this determines which firmware is going to be installed at factory)
 
* '''PKG-0384''' = DFI-T1000AA
* '''PKG-0384''' = DFI-T1000AA
* '''PKG-0711''' = CFI-1015B 01X
* '''PKG-0711''' = CFI-1015B 01X
Line 66: Line 79:
* '''PKG-1590''' = CFI-1215A 01X
* '''PKG-1590''' = CFI-1215A 01X
* '''PKG-1591''' = CFI-1215B 01X
* '''PKG-1591''' = CFI-1215B 01X
|-
|-
| 0 || 2 || 0x1F0 || 0x1C73F0 || 0x10 || Manufacturing Process Flags (01 is enabled, 00 is disabled) (e.g 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00)
| 0 || 2 || 0x1F0 || 0x1C73F0 || 0x10 || Manufacturing Process Flags (01 is enabled, 00 is disabled) (e.g 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00)
|-
| 0 || 2 || 0x1F1 || 0x1C73F1 || 0x1 || KouteiFlagPI2
|-
|-
| 0 || 2 || 0x3FC || 0x1C75FC || 4 || EAP Magic (e.g. E5 E5 E5 01)
| 0 || 2 || 0x3FC || 0x1C75FC || 4 || EAP Magic (e.g. E5 E5 E5 01)
|-
|-
| 0 || 4 || 0x20  || 0x1C8020 || 1 || FirstImageWriteModeOn 0xFF FirstImageWriteModeOff 0x00
|}
 
= Mapping of the detailed area (NVS service) 0/4 - OSAREA =
 
{| class="wikitable sortable"
|-
! Bank # !! Block # !! Start Offset !! Start Offset in Sflash !! Size !! Notes
|-
|-
| 0 || 4 || 0x17 || 0x1C8017 || 1 || GpuPacket Off 0xFE
| 0 || 4 || 0x11 || 0x1C8011 || 1 || Coldboot (0x01 ON, 0xFF OFF)
|-
|-
| 0 || 4 || 0x22  || 0x1C8022 || 1 || HddKernel On 0xFF
| 0 || 4 || 0x12  || 0x1C8012 || 1 || EAP UART (0xEF ON, 0xFF OFF)
|-
| 0 || 4 || 0x17  || 0x1C8017 || 1 || GpuPacket (0xFE OFF, 0xFF ON)
|-
| 0 || 4 || 0x20  || 0x1C8020 || 1 || FirstImageWriteMode (0xFF ON, 0x00 OFF)
|-
| 0 || 4 || 0x22  || 0x1C8022 || 1 || HddKernel (0xFF ON)
|-
|-
| 0 || 4 || 0x30 || 0x1C8030 || 4 || Controller USB Connection / Wlan BT Related
| 0 || 4 || 0x30 || 0x1C8030 || 4 || Controller USB Connection / Wlan BT Related
|-
|-
| 0 || 4 || 0x34 || 0x1C8034 || 1 || Wlan BT Related
| 0 || 4 || 0x34 || 0x1C8034 || 1 || Wlan BT related
|-
|-
| 0 || 4 || 0x66 || 0x1C8066 || 1 || ???
| 0 || 4 || 0x66 || 0x1C8066 || 1 || Unknown
|-
|-
| 0 || 4 || 0x68  || 0x1C8068 || 4 || Current Firmware Version ??? (little endian) (upper half)
| 0 || 4 || 0x68  || 0x1C8068 || 4 || Current Firmware Version? (little endian, upper half)
|-
|-
| 0 || 4 || 0xF0 || 0x1C80F0 || 0x10 || PasscodeStatus
| 0 || 4 || 0xF0 || 0x1C80F0 || 0x10 || PasscodeStatus
Line 96: Line 122:
| 0 || 4 || 0x1FC || 0x1C81FC || 4 || EAP Magic (e.g. E5 E5 E5 01)
| 0 || 4 || 0x1FC || 0x1C81FC || 4 || EAP Magic (e.g. E5 E5 E5 01)
|-
|-
| 0 || 4 || 0x300 || 0x1C8300 || 1 || BootMessageDebugMode 0x02 BootMessageDefaultMode 0xFF
| 0 || 4 || 0x300 || 0x1C8300 || 1 || BootMessageMode (0x02 Debug, 0xFF Default)
|-
| 0 || 4 || 0x301 || 0x1C8301 || 1 || Mp0MemoryTest (0x01 ON, 0xFF OFF)
|-
| 0 || 4 || 0x304 || 0x1C8304 || 1 || AblDebugPrint (0x01 ON, 0xFF OFF)
|-
|-
| 0 || 4 || 0x301 || 0x1C8301 || 1 || Mp0MemoryTestOn 0x01 Mp0MemoryTestOff 0xFF
| 0 || 4 || 0x310 || 0x1C8310 || 1 || BiosMemoryTest (0x50 CachedAndUncached, 0xFF Default)
|-
|-
| 0 || 4 || 0x304 || 0x1C8304 || 1 || AblDebugPrintOn 0x01 AblDebugPrintOff  0xFF  
| 0 || 4 || 0x321 || 0x1C8321 || 1 || UmaSize (0x10 4GiB, 0xFF Default)
|-
|-
| 0 || 4 || 0x310 || 0x1C8310 || 1 || BiosMemoryTestCachedAndUncached 0x50 BiosMemoryTestDefault 0xFF  
| 0 || 4 || 0x322 || 0x1C8322 || 1 || CpuClock (0x01 ON, 0xFF OFF)
|-
|-
| 0 || 4 || 0x321 || 0x1C8321 || 1 || UmaSize4GiB 0x10 UmaSizeDefault 0xFF
| 0 || 4 || 0x3C7 || 0x1C83C7 || 1 || GfxClkDfllDeterminism (0xFF Default)
|-
|-
| 0 || 4 || 0x322 || 0x1C8322 || 1 || CpuClockOn 0x01 CpuClockOff 0xFF
| 0 || 4 || 0x400 || 0x1C8400 || 0x300 || QA FLAG TOKEN (see sample here -> https://pastebin.com/fvA8iKWq)
|-
|-
| 0 || 4 || 0xC10 || 0x1C8C10 || 8 || Factory Firmware Version ??? (little endian)
| 0 || 4 || 0xC10 || 0x1C8C10 || 8 || Factory Firmware Version? (little endian)
|-
|-
| 0 || 4 || 0xC18 || 0x1C8C18 || 8 || Factory Firmware Version TimeStamp ??? (little endian)
| 0 || 4 || 0xC18 || 0x1C8C18 || 8 || Factory Firmware Version TimeStamp? (little endian)
|-
|-
| 0 || 4 || 0xC20 || 0x1C8C20 || 8 || Minimum Firmware Version ??? (little endian)
| 0 || 4 || 0xC20 || 0x1C8C20 || 8 || Minimum Firmware Version? (little endian)
|-
|-
| 0 || 4 || 0xC28 || 0x1C8C28 || 8 || Minimum Firmware Version TimeStamp ??? (little endian)
| 0 || 4 || 0xC28 || 0x1C8C28 || 8 || Minimum Firmware Version TimeStamp? (little endian)
|-
|-
| 0 || 4 || 0xC30 || 0x1C8C30 || 8 || Current Firmware Version ??? (little endian)
| 0 || 4 || 0xC30 || 0x1C8C30 || 8 || Current Firmware Version? (little endian)
|-
|-
| 0 || 4 || 0xC38 || 0x1C8C38 || 4 || rtc related ???
| 0 || 4 || 0xC38 || 0x1C8C38 || 4 || rtc related?
|-
|-
| 0 || 4 || 0xC70 || 0x1C8C70 || 0x20 || ??? (related with otprsrvaccess)
| 0 || 4 || 0xC70 || 0x1C8C70 || 0x20 || Unknown (related to otprsrvaccess)
|-
|-
| 0 || 4 || 0xD72 || 0x1C8D72 || 1 || ???
| 0 || 4 || 0xD72 || 0x1C8D72 || 1 || Unknown
|-
|-
| 0 || 4 || 0xF80 || 0x1C8F80 || 1 || ManufacturingOn 0x00 ManufacturingOff 0xFF
| 0 || 4 || 0xF80 || 0x1C8F80 || 1 || Manufacturing (0x00 ON, 0xFF OFF)
|-
|-
| 0 || 4 || 0x1000 || 0x1C9000 || 0x300 || regmgr_readynvs
| 0 || 4 || 0x1000 || 0x1C9000 || 0x300 || regmgr_readynvs
Line 130: Line 160:
| 0 || 4 || 0x1300 || 0x1C9300 || 0x300 || regmgr_readynvs
| 0 || 4 || 0x1300 || 0x1C9300 || 0x300 || regmgr_readynvs
|-
|-
| 0 || 4 || 0x1600 || 0x1C9600 || 0x1 || IDU MODE (0x00 OFF 0x01 ON)
| 0 || 4 || 0x1600 || 0x1C9600 || 0x1 || IDU MODE (0x00 OFF, 0x01 ON)
|-
|-
| 0 || 4 || 0x1620 || 0x1C9620 || 0x300 || regmgr_readynvs
| 0 || 4 || 0x1620 || 0x1C9620 || 0x300 || regmgr_readynvs
Line 138: Line 168:
| 0 || 4 || 0x1C20 || 0x1C9C20 || 0x20 || regmgr_readynvs_manumode
| 0 || 4 || 0x1C20 || 0x1C9C20 || 0x20 || regmgr_readynvs_manumode
|-
|-
| 1 || 0 || 0x68  || 0x1CB068 || 4 || Current Firmware Version ??? (little endian) (upper half)
|}
 
= Mapping of the detailed area (NVS service) 1/0 - BACKUPAREA =
 
{| class="wikitable sortable"
|-
|-
| 1 || 0 || 0x1FC || 0x1CB1FC || 4 || EAP Magic
! Bank # !! Block # !! Start Offset !! Start Offset in Sflash !! Size !! Notes
|-
| 1 || 0 || 0xC10 || 0x1CBC10 || 8 || Factory Firmware Version ??? (little endian)
|-
| 1 || 0 || 0xC18 || 0x1CBC18 || 8 || Factory Firmware Version TimeStamp ??? (little endian)
|-
| 1 || 0 || 0xC20 || 0x1CBC20 || 8 || Minimum Firmware Version ??? (little endian)
|-
| 1 || 0 || 0xC28 || 0x1CBC28 || 8 || Minimum Firmware Version TimeStamp ??? (little endian)
|-
|-
| 1 || 0 || 0xC30 || 0x1CBC30 || 8 || Current Firmware Version ??? (little endian)
| 1 || 0 || 0x0 || 0x1CB000 || 0x1000 || Equivalent (active/inactive bank) of NVS area 0x4000-0x4FFF (part of OSAREA).
|-
|-
| 1 || 0 || 0x1000 || 0x1CC000 || 0x2000 || Maybe equivalent to another NVS area.
|}
|}

Latest revision as of 02:32, 30 December 2024

Short for NVS, holds some information about the console, including console unique identifiers, tokens, flags, and registry flags, as well as some semi-permanent ones.

See also PS4 Non Volatile Storage.

Bank # Block # Start Offset in /dev/sflash0s0x34 Start Offset in Sflash Size Notes
0 0 0x0000 0x1C4000 0x3000 Unknown region. Probably EMC area like on PS4.
0 1 0x3000 0x1C7000 0x0200 Unknown region
0 2 0x3200 0x1C7200 0x0200 pdcs region
0 3 0x3400 0x1C7400 0x0C00 Unknown region
0 4 0x4000 0x1C8000 0x3000 os region
1 0 0x7000 0x1CB000 0x3000 backup of os region
1 1 0xA000 0x1CE000 0x2000 Partial backup of 0/0 Region (+0x1000)

Mapping of the detailed area (NVS service) 0/0 - Unknown Area[edit | edit source]

Bank # Block # Start Offset Start Offset in Sflash Size Notes
0 0 0x0 0x1C4000 0x8 Platform ID (e.g 30 02 01 01 04 01 05 01)
  • 04 01 01 01 01 01 04 01 = a PS4 (for comparison)
  • 30 02 01 01 04 01 05 01 = CFI-1014A 01X EDM-010
  • 30 02 01 01 04 01 05 01 = DFI-T1000AA EDM-010
  • 30 02 02 01 01 01 05 01 = CFI-1115A 01X EDM-020
  • 30 02 03 01 01 01 05 01 = CFI-1215A 01X EDM-030
0 0 0x1900 0x1C5900 0x700 ??? (encrypted garbage in prototype PS5 DevKit dump)

Mapping of the detailed area (NVS service) 0/2 - PDCSAREA[edit | edit source]

Bank # Block # Start Offset Start Offset in Sflash Size Notes
0 2 0x0 0x1C7200 0x10 Kiban ID (e.g 40002B02184672A0)
0 2 0x10 0x1C7210 0x11 hw_info (padded with 0xF FFs) (e.g. AI81376321) aka Product Serial
0 2 0x30 0x1C7230 0x20 hw_model (e.g CFI-1014A 01X) aka Product Name
0 2 0x50 0x1C7250 0x13 Model Code (e.g 0000027418886) aka Product Code (first 5 zeroes are Product Code Branch Number)
0 2 0x60 0x1C7260 0x10 "SocCuid" (e.g 36 62 27 2D 9B 6C D2 B9 F8 CC 23 52 AB 65 8D D3) Soc Unique ID
0 2 0x70 0x1C7270 0x12 Viop Data (Split into Multiples of 2)
0 2 0x90 0x1C7290 0x?? SSD Diag Done State
0 2 0x1B0 0x1C73B0 0x8 CARLO Board ID (DEV Only) / Sub Kiban ID
0 2 0x1C0 0x1C73C0 0x6 WLAN Mac Address
0 2 0x1C6 0x1C73C6 0x6 BD Address 1
0 2 0x1CC 0x1C73CC 0x6 BD Address 2
0 2 0x1E0 0x1C73E0 0x8 ImagePackageId (this determines which firmware is going to be installed at factory)
  • PKG-0384 = DFI-T1000AA
  • PKG-0711 = CFI-1015B 01X
  • PKG-0911 = CFI-1014A 01X
  • PKG-1246 = CFI-1115A 01X
  • PKG-1407 = CFI-1115A 01X
  • PKG-1459 = CFI-1115B 01X
  • PKG-1146 = CFI-1116A 01Y
  • PKG-1590 = CFI-1215A 01X
  • PKG-1590 = CFI-1215A 01X
  • PKG-1591 = CFI-1215B 01X
0 2 0x1F0 0x1C73F0 0x10 Manufacturing Process Flags (01 is enabled, 00 is disabled) (e.g 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00)
0 2 0x1F1 0x1C73F1 0x1 KouteiFlagPI2
0 2 0x3FC 0x1C75FC 4 EAP Magic (e.g. E5 E5 E5 01)

Mapping of the detailed area (NVS service) 0/4 - OSAREA[edit | edit source]

Bank # Block # Start Offset Start Offset in Sflash Size Notes
0 4 0x11 0x1C8011 1 Coldboot (0x01 ON, 0xFF OFF)
0 4 0x12 0x1C8012 1 EAP UART (0xEF ON, 0xFF OFF)
0 4 0x17 0x1C8017 1 GpuPacket (0xFE OFF, 0xFF ON)
0 4 0x20 0x1C8020 1 FirstImageWriteMode (0xFF ON, 0x00 OFF)
0 4 0x22 0x1C8022 1 HddKernel (0xFF ON)
0 4 0x30 0x1C8030 4 Controller USB Connection / Wlan BT Related
0 4 0x34 0x1C8034 1 Wlan BT related
0 4 0x66 0x1C8066 1 Unknown
0 4 0x68 0x1C8068 4 Current Firmware Version? (little endian, upper half)
0 4 0xF0 0x1C80F0 0x10 PasscodeStatus
0 4 0x140 0x1C8140 1 bapm table
0 4 0x141 0x1C8141 2 bapm table
0 4 0x143 0x1C8143 2 bapm table
0 4 0x1FC 0x1C81FC 4 EAP Magic (e.g. E5 E5 E5 01)
0 4 0x300 0x1C8300 1 BootMessageMode (0x02 Debug, 0xFF Default)
0 4 0x301 0x1C8301 1 Mp0MemoryTest (0x01 ON, 0xFF OFF)
0 4 0x304 0x1C8304 1 AblDebugPrint (0x01 ON, 0xFF OFF)
0 4 0x310 0x1C8310 1 BiosMemoryTest (0x50 CachedAndUncached, 0xFF Default)
0 4 0x321 0x1C8321 1 UmaSize (0x10 4GiB, 0xFF Default)
0 4 0x322 0x1C8322 1 CpuClock (0x01 ON, 0xFF OFF)
0 4 0x3C7 0x1C83C7 1 GfxClkDfllDeterminism (0xFF Default)
0 4 0x400 0x1C8400 0x300 QA FLAG TOKEN (see sample here -> https://pastebin.com/fvA8iKWq)
0 4 0xC10 0x1C8C10 8 Factory Firmware Version? (little endian)
0 4 0xC18 0x1C8C18 8 Factory Firmware Version TimeStamp? (little endian)
0 4 0xC20 0x1C8C20 8 Minimum Firmware Version? (little endian)
0 4 0xC28 0x1C8C28 8 Minimum Firmware Version TimeStamp? (little endian)
0 4 0xC30 0x1C8C30 8 Current Firmware Version? (little endian)
0 4 0xC38 0x1C8C38 4 rtc related?
0 4 0xC70 0x1C8C70 0x20 Unknown (related to otprsrvaccess)
0 4 0xD72 0x1C8D72 1 Unknown
0 4 0xF80 0x1C8F80 1 Manufacturing (0x00 ON, 0xFF OFF)
0 4 0x1000 0x1C9000 0x300 regmgr_readynvs
0 4 0x1300 0x1C9300 0x300 regmgr_readynvs
0 4 0x1600 0x1C9600 0x1 IDU MODE (0x00 OFF, 0x01 ON)
0 4 0x1620 0x1C9620 0x300 regmgr_readynvs
0 4 0x1920 0x1C9920 0x300 regmgr_readynvs
0 4 0x1C20 0x1C9C20 0x20 regmgr_readynvs_manumode

Mapping of the detailed area (NVS service) 1/0 - BACKUPAREA[edit | edit source]

Bank # Block # Start Offset Start Offset in Sflash Size Notes
1 0 0x0 0x1CB000 0x1000 Equivalent (active/inactive bank) of NVS area 0x4000-0x4FFF (part of OSAREA).
1 0 0x1000 0x1CC000 0x2000 Maybe equivalent to another NVS area.
Retrieved from "http://www.psdevwiki.com/ps5/index.php?title=Non_Volatile_Storage&oldid=3259"