Non Volatile Storage: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Short for NVS, holds some information about the console, including console unique identifiers, tokens, flags, and registry flags, as well as some semi-permanent ones. {| clas...") |
CelesteBlue (talk | contribs) No edit summary |
||
| (93 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
Short for NVS, holds some information about the console, including console unique identifiers, tokens, flags, and registry flags, as well as some semi-permanent ones. | Short for NVS, holds some information about the console, including console unique identifiers, tokens, flags, and registry flags, as well as some semi-permanent ones. | ||
See also [https://www.psdevwiki.com/ps4/Non_Volatile_Storage PS4 Non Volatile Storage]. | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
| Line 5: | Line 7: | ||
! Bank # !! Block # !! Start Offset in /dev/sflash0s0x34 !! Start Offset in Sflash !! Size !! Notes | ! Bank # !! Block # !! Start Offset in /dev/sflash0s0x34 !! Start Offset in Sflash !! Size !! Notes | ||
|- | |- | ||
| 0 || 0 || | | 0 || 0 || 0x0000 || 0x1C4000 || 0x3000 || Unknown region. Probably EMC area like on PS4. | ||
|- | |- | ||
| 0 || 1 || | | 0 || 1 || 0x3000 || 0x1C7000 || 0x0200 || Unknown region | ||
|- | |- | ||
| 0 || 2 || | | 0 || 2 || 0x3200 || 0x1C7200 || 0x0200 || pdcs region | ||
|- | |- | ||
| 0 || 3 || | | 0 || 3 || 0x3400 || 0x1C7400 || 0x0C00 || Unknown region | ||
|- | |- | ||
| 0 || 4 || 0x4000 || 0x1C8000 || 0x3000 || | | 0 || 4 || 0x4000 || 0x1C8000 || 0x3000 || os region | ||
|- | |- | ||
| 1 || 0 || 0x7000 || 0x1CB000 || 0x3000 || | | 1 || 0 || 0x7000 || 0x1CB000 || 0x3000 || backup of os region | ||
|- | |- | ||
| 1 || 1 || 0xA000 || 0x1CE000 || 0x1000 || | | 1 || 1 || 0xA000 || 0x1CE000 || 0x2000 || Partial backup of 0/0 Region (+0x1000) | ||
|- | |||
|} | |||
= Mapping of the detailed area (NVS service) 0/0 - Unknown Area = | |||
{| class="wikitable sortable" | |||
|- | |||
! Bank # !! Block # !! Start Offset !! Start Offset in Sflash !! Size !! Notes | |||
|- | |||
| 0 || 0 || 0x0 || 0x1C4000 || 0x8 || Platform ID (e.g 30 02 01 01 04 01 05 01) | |||
* '''04 01 01 01 01 01 04 01''' = a PS4 (for comparison) | |||
* '''30 02 01 01 04 01 05 01''' = CFI-1014A 01X EDM-010 | |||
* '''30 02 01 01 04 01 05 01''' = DFI-T1000AA EDM-010 | |||
* '''30 02 02 01 01 01 05 01''' = CFI-1115A 01X EDM-020 | |||
* '''30 02 03 01 01 01 05 01''' = CFI-1215A 01X EDM-030 | |||
|- | |||
| 0 || 0 || 0x1900 || 0x1C5900 || 0x700 || ??? (encrypted garbage in prototype PS5 DevKit dump) | |||
|- | |||
|} | |||
= Mapping of the detailed area (NVS service) 0/2 - PDCSAREA = | |||
{| class="wikitable sortable" | |||
|- | |||
! Bank # !! Block # !! Start Offset !! Start Offset in Sflash !! Size !! Notes | |||
|- | |||
| 0 || 2 || 0x0 || 0x1C7200 || 0x10 || Kiban ID (e.g 40002B02184672A0) | |||
|- | |||
| 0 || 2 || 0x10 || 0x1C7210 || 0x11 || hw_info (padded with 0xF FFs) (e.g. AI81376321) aka Product Serial | |||
|- | |||
| 0 || 2 || 0x30 || 0x1C7230 || 0x20 || hw_model (e.g CFI-1014A 01X) aka Product Name | |||
|- | |||
| 0 || 2 || 0x50 || 0x1C7250 || 0x13 || Model Code (e.g 0000027418886) aka Product Code (first 5 zeroes are Product Code Branch Number) | |||
|- | |||
| 0 || 2 || 0x60 || 0x1C7260 || 0x10 || "SocCuid" (e.g 36 62 27 2D 9B 6C D2 B9 F8 CC 23 52 AB 65 8D D3) Soc Unique ID | |||
|- | |||
| 0 || 2 || 0x70 || 0x1C7270 || 0x12 || Viop Data (Split into Multiples of 2) | |||
|- | |||
| 0 || 2 || 0x90 || 0x1C7290 || 0x?? || SSD Diag Done State | |||
|- | |||
| 0 || 2 || 0x1B0 || 0x1C73B0 || 0x8 || CARLO Board ID (DEV Only) / Sub Kiban ID | |||
|- | |||
| 0 || 2 || 0x1C0 || 0x1C73C0 || 0x6 || WLAN Mac Address | |||
|- | |||
| 0 || 2 || 0x1C6 || 0x1C73C6 || 0x6 || BD Address 1 | |||
|- | |||
| 0 || 2 || 0x1CC || 0x1C73CC || 0x6 || BD Address 2 | |||
|- | |||
| 0 || 2 || 0x1E0 || 0x1C73E0 || 0x8 || ImagePackageId (this determines which firmware is going to be installed at factory) | |||
* '''PKG-0384''' = DFI-T1000AA | |||
* '''PKG-0711''' = CFI-1015B 01X | |||
* '''PKG-0911''' = CFI-1014A 01X | |||
* '''PKG-1246''' = CFI-1115A 01X | |||
* '''PKG-1407''' = CFI-1115A 01X | |||
* '''PKG-1459''' = CFI-1115B 01X | |||
* '''PKG-1146''' = CFI-1116A 01Y | |||
* '''PKG-1590''' = CFI-1215A 01X | |||
* '''PKG-1590''' = CFI-1215A 01X | |||
* '''PKG-1591''' = CFI-1215B 01X | |||
|- | |||
| 0 || 2 || 0x1F0 || 0x1C73F0 || 0x10 || Manufacturing Process Flags (01 is enabled, 00 is disabled) (e.g 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00) | |||
|- | |||
| 0 || 2 || 0x1F1 || 0x1C73F1 || 0x1 || KouteiFlagPI2 | |||
|- | |||
| 0 || 2 || 0x3FC || 0x1C75FC || 4 || EAP Magic (e.g. E5 E5 E5 01) | |||
|- | |||
|} | |||
= Mapping of the detailed area (NVS service) 0/4 - OSAREA = | |||
{| class="wikitable sortable" | |||
|- | |||
! Bank # !! Block # !! Start Offset !! Start Offset in Sflash !! Size !! Notes | |||
|- | |||
| 0 || 4 || 0x11 || 0x1C8011 || 1 || Coldboot (0x01 ON, 0xFF OFF) | |||
|- | |||
| 0 || 4 || 0x12 || 0x1C8012 || 1 || EAP UART (0xEF ON, 0xFF OFF) | |||
|- | |||
| 0 || 4 || 0x17 || 0x1C8017 || 1 || GpuPacket (0xFE OFF, 0xFF ON) | |||
|- | |||
| 0 || 4 || 0x20 || 0x1C8020 || 1 || FirstImageWriteMode (0xFF ON, 0x00 OFF) | |||
|- | |||
| 0 || 4 || 0x22 || 0x1C8022 || 1 || HddKernel (0xFF ON) | |||
|- | |||
| 0 || 4 || 0x30 || 0x1C8030 || 4 || Controller USB Connection / Wlan BT Related | |||
|- | |||
| 0 || 4 || 0x34 || 0x1C8034 || 1 || Wlan BT related | |||
|- | |||
| 0 || 4 || 0x66 || 0x1C8066 || 1 || Unknown | |||
|- | |||
| 0 || 4 || 0x68 || 0x1C8068 || 4 || Current Firmware Version? (little endian, upper half) | |||
|- | |||
| 0 || 4 || 0xF0 || 0x1C80F0 || 0x10 || PasscodeStatus | |||
|- | |||
| 0 || 4 || 0x140 || 0x1C8140 || 1 || bapm table | |||
|- | |||
| 0 || 4 || 0x141 || 0x1C8141 || 2 || bapm table | |||
|- | |||
| 0 || 4 || 0x143 || 0x1C8143 || 2 || bapm table | |||
|- | |||
| 0 || 4 || 0x1FC || 0x1C81FC || 4 || EAP Magic (e.g. E5 E5 E5 01) | |||
|- | |||
| 0 || 4 || 0x300 || 0x1C8300 || 1 || BootMessageMode (0x02 Debug, 0xFF Default) | |||
|- | |||
| 0 || 4 || 0x301 || 0x1C8301 || 1 || Mp0MemoryTest (0x01 ON, 0xFF OFF) | |||
|- | |||
| 0 || 4 || 0x304 || 0x1C8304 || 1 || AblDebugPrint (0x01 ON, 0xFF OFF) | |||
|- | |||
| 0 || 4 || 0x310 || 0x1C8310 || 1 || BiosMemoryTest (0x50 CachedAndUncached, 0xFF Default) | |||
|- | |||
| 0 || 4 || 0x321 || 0x1C8321 || 1 || UmaSize (0x10 4GiB, 0xFF Default) | |||
|- | |||
| 0 || 4 || 0x322 || 0x1C8322 || 1 || CpuClock (0x01 ON, 0xFF OFF) | |||
|- | |||
| 0 || 4 || 0x3C7 || 0x1C83C7 || 1 || GfxClkDfllDeterminism (0xFF Default) | |||
|- | |||
| 0 || 4 || 0x400 || 0x1C8400 || 0x300 || QA FLAG TOKEN (see sample here -> https://pastebin.com/fvA8iKWq) | |||
|- | |||
| 0 || 4 || 0xC10 || 0x1C8C10 || 8 || Factory Firmware Version? (little endian) | |||
|- | |||
| 0 || 4 || 0xC18 || 0x1C8C18 || 8 || Factory Firmware Version TimeStamp? (little endian) | |||
|- | |||
| 0 || 4 || 0xC20 || 0x1C8C20 || 8 || Minimum Firmware Version? (little endian) | |||
|- | |||
| 0 || 4 || 0xC28 || 0x1C8C28 || 8 || Minimum Firmware Version TimeStamp? (little endian) | |||
|- | |||
| 0 || 4 || 0xC30 || 0x1C8C30 || 8 || Current Firmware Version? (little endian) | |||
|- | |||
| 0 || 4 || 0xC38 || 0x1C8C38 || 4 || rtc related? | |||
|- | |||
| 0 || 4 || 0xC70 || 0x1C8C70 || 0x20 || Unknown (related to otprsrvaccess) | |||
|- | |||
| 0 || 4 || 0xD72 || 0x1C8D72 || 1 || Unknown | |||
|- | |||
| 0 || 4 || 0xF80 || 0x1C8F80 || 1 || Manufacturing (0x00 ON, 0xFF OFF) | |||
|- | |||
| 0 || 4 || 0x1000 || 0x1C9000 || 0x300 || regmgr_readynvs | |||
|- | |||
| 0 || 4 || 0x1300 || 0x1C9300 || 0x300 || regmgr_readynvs | |||
|- | |||
| 0 || 4 || 0x1600 || 0x1C9600 || 0x1 || IDU MODE (0x00 OFF, 0x01 ON) | |||
|- | |||
| 0 || 4 || 0x1620 || 0x1C9620 || 0x300 || regmgr_readynvs | |||
|- | |||
| 0 || 4 || 0x1920 || 0x1C9920 || 0x300 || regmgr_readynvs | |||
|- | |||
| 0 || 4 || 0x1C20 || 0x1C9C20 || 0x20 || regmgr_readynvs_manumode | |||
|- | |||
|} | |||
= Mapping of the detailed area (NVS service) 1/0 - BACKUPAREA = | |||
{| class="wikitable sortable" | |||
|- | |||
! Bank # !! Block # !! Start Offset !! Start Offset in Sflash !! Size !! Notes | |||
|- | |||
| 1 || 0 || 0x0 || 0x1CB000 || 0x1000 || Equivalent (active/inactive bank) of NVS area 0x4000-0x4FFF (part of OSAREA). | |||
|- | |||
| 1 || 0 || 0x1000 || 0x1CC000 || 0x2000 || Maybe equivalent to another NVS area. | |||
|} | |} | ||
Revision as of 02:32, 30 December 2024
Short for NVS, holds some information about the console, including console unique identifiers, tokens, flags, and registry flags, as well as some semi-permanent ones.
See also PS4 Non Volatile Storage.
| Bank # | Block # | Start Offset in /dev/sflash0s0x34 | Start Offset in Sflash | Size | Notes |
|---|---|---|---|---|---|
| 0 | 0 | 0x0000 | 0x1C4000 | 0x3000 | Unknown region. Probably EMC area like on PS4. |
| 0 | 1 | 0x3000 | 0x1C7000 | 0x0200 | Unknown region |
| 0 | 2 | 0x3200 | 0x1C7200 | 0x0200 | pdcs region |
| 0 | 3 | 0x3400 | 0x1C7400 | 0x0C00 | Unknown region |
| 0 | 4 | 0x4000 | 0x1C8000 | 0x3000 | os region |
| 1 | 0 | 0x7000 | 0x1CB000 | 0x3000 | backup of os region |
| 1 | 1 | 0xA000 | 0x1CE000 | 0x2000 | Partial backup of 0/0 Region (+0x1000) |
Mapping of the detailed area (NVS service) 0/0 - Unknown Area
| Bank # | Block # | Start Offset | Start Offset in Sflash | Size | Notes |
|---|---|---|---|---|---|
| 0 | 0 | 0x0 | 0x1C4000 | 0x8 | Platform ID (e.g 30 02 01 01 04 01 05 01)
|
| 0 | 0 | 0x1900 | 0x1C5900 | 0x700 | ??? (encrypted garbage in prototype PS5 DevKit dump) |
Mapping of the detailed area (NVS service) 0/2 - PDCSAREA
| Bank # | Block # | Start Offset | Start Offset in Sflash | Size | Notes |
|---|---|---|---|---|---|
| 0 | 2 | 0x0 | 0x1C7200 | 0x10 | Kiban ID (e.g 40002B02184672A0) |
| 0 | 2 | 0x10 | 0x1C7210 | 0x11 | hw_info (padded with 0xF FFs) (e.g. AI81376321) aka Product Serial |
| 0 | 2 | 0x30 | 0x1C7230 | 0x20 | hw_model (e.g CFI-1014A 01X) aka Product Name |
| 0 | 2 | 0x50 | 0x1C7250 | 0x13 | Model Code (e.g 0000027418886) aka Product Code (first 5 zeroes are Product Code Branch Number) |
| 0 | 2 | 0x60 | 0x1C7260 | 0x10 | "SocCuid" (e.g 36 62 27 2D 9B 6C D2 B9 F8 CC 23 52 AB 65 8D D3) Soc Unique ID |
| 0 | 2 | 0x70 | 0x1C7270 | 0x12 | Viop Data (Split into Multiples of 2) |
| 0 | 2 | 0x90 | 0x1C7290 | 0x?? | SSD Diag Done State |
| 0 | 2 | 0x1B0 | 0x1C73B0 | 0x8 | CARLO Board ID (DEV Only) / Sub Kiban ID |
| 0 | 2 | 0x1C0 | 0x1C73C0 | 0x6 | WLAN Mac Address |
| 0 | 2 | 0x1C6 | 0x1C73C6 | 0x6 | BD Address 1 |
| 0 | 2 | 0x1CC | 0x1C73CC | 0x6 | BD Address 2 |
| 0 | 2 | 0x1E0 | 0x1C73E0 | 0x8 | ImagePackageId (this determines which firmware is going to be installed at factory)
|
| 0 | 2 | 0x1F0 | 0x1C73F0 | 0x10 | Manufacturing Process Flags (01 is enabled, 00 is disabled) (e.g 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00) |
| 0 | 2 | 0x1F1 | 0x1C73F1 | 0x1 | KouteiFlagPI2 |
| 0 | 2 | 0x3FC | 0x1C75FC | 4 | EAP Magic (e.g. E5 E5 E5 01) |
Mapping of the detailed area (NVS service) 0/4 - OSAREA
| Bank # | Block # | Start Offset | Start Offset in Sflash | Size | Notes |
|---|---|---|---|---|---|
| 0 | 4 | 0x11 | 0x1C8011 | 1 | Coldboot (0x01 ON, 0xFF OFF) |
| 0 | 4 | 0x12 | 0x1C8012 | 1 | EAP UART (0xEF ON, 0xFF OFF) |
| 0 | 4 | 0x17 | 0x1C8017 | 1 | GpuPacket (0xFE OFF, 0xFF ON) |
| 0 | 4 | 0x20 | 0x1C8020 | 1 | FirstImageWriteMode (0xFF ON, 0x00 OFF) |
| 0 | 4 | 0x22 | 0x1C8022 | 1 | HddKernel (0xFF ON) |
| 0 | 4 | 0x30 | 0x1C8030 | 4 | Controller USB Connection / Wlan BT Related |
| 0 | 4 | 0x34 | 0x1C8034 | 1 | Wlan BT related |
| 0 | 4 | 0x66 | 0x1C8066 | 1 | Unknown |
| 0 | 4 | 0x68 | 0x1C8068 | 4 | Current Firmware Version? (little endian, upper half) |
| 0 | 4 | 0xF0 | 0x1C80F0 | 0x10 | PasscodeStatus |
| 0 | 4 | 0x140 | 0x1C8140 | 1 | bapm table |
| 0 | 4 | 0x141 | 0x1C8141 | 2 | bapm table |
| 0 | 4 | 0x143 | 0x1C8143 | 2 | bapm table |
| 0 | 4 | 0x1FC | 0x1C81FC | 4 | EAP Magic (e.g. E5 E5 E5 01) |
| 0 | 4 | 0x300 | 0x1C8300 | 1 | BootMessageMode (0x02 Debug, 0xFF Default) |
| 0 | 4 | 0x301 | 0x1C8301 | 1 | Mp0MemoryTest (0x01 ON, 0xFF OFF) |
| 0 | 4 | 0x304 | 0x1C8304 | 1 | AblDebugPrint (0x01 ON, 0xFF OFF) |
| 0 | 4 | 0x310 | 0x1C8310 | 1 | BiosMemoryTest (0x50 CachedAndUncached, 0xFF Default) |
| 0 | 4 | 0x321 | 0x1C8321 | 1 | UmaSize (0x10 4GiB, 0xFF Default) |
| 0 | 4 | 0x322 | 0x1C8322 | 1 | CpuClock (0x01 ON, 0xFF OFF) |
| 0 | 4 | 0x3C7 | 0x1C83C7 | 1 | GfxClkDfllDeterminism (0xFF Default) |
| 0 | 4 | 0x400 | 0x1C8400 | 0x300 | QA FLAG TOKEN (see sample here -> https://pastebin.com/fvA8iKWq) |
| 0 | 4 | 0xC10 | 0x1C8C10 | 8 | Factory Firmware Version? (little endian) |
| 0 | 4 | 0xC18 | 0x1C8C18 | 8 | Factory Firmware Version TimeStamp? (little endian) |
| 0 | 4 | 0xC20 | 0x1C8C20 | 8 | Minimum Firmware Version? (little endian) |
| 0 | 4 | 0xC28 | 0x1C8C28 | 8 | Minimum Firmware Version TimeStamp? (little endian) |
| 0 | 4 | 0xC30 | 0x1C8C30 | 8 | Current Firmware Version? (little endian) |
| 0 | 4 | 0xC38 | 0x1C8C38 | 4 | rtc related? |
| 0 | 4 | 0xC70 | 0x1C8C70 | 0x20 | Unknown (related to otprsrvaccess) |
| 0 | 4 | 0xD72 | 0x1C8D72 | 1 | Unknown |
| 0 | 4 | 0xF80 | 0x1C8F80 | 1 | Manufacturing (0x00 ON, 0xFF OFF) |
| 0 | 4 | 0x1000 | 0x1C9000 | 0x300 | regmgr_readynvs |
| 0 | 4 | 0x1300 | 0x1C9300 | 0x300 | regmgr_readynvs |
| 0 | 4 | 0x1600 | 0x1C9600 | 0x1 | IDU MODE (0x00 OFF, 0x01 ON) |
| 0 | 4 | 0x1620 | 0x1C9620 | 0x300 | regmgr_readynvs |
| 0 | 4 | 0x1920 | 0x1C9920 | 0x300 | regmgr_readynvs |
| 0 | 4 | 0x1C20 | 0x1C9C20 | 0x20 | regmgr_readynvs_manumode |
Mapping of the detailed area (NVS service) 1/0 - BACKUPAREA
| Bank # | Block # | Start Offset | Start Offset in Sflash | Size | Notes |
|---|---|---|---|---|---|
| 1 | 0 | 0x0 | 0x1CB000 | 0x1000 | Equivalent (active/inactive bank) of NVS area 0x4000-0x4FFF (part of OSAREA). |
| 1 | 0 | 0x1000 | 0x1CC000 | 0x2000 | Maybe equivalent to another NVS area. |