This is a kernel plugin that lets you run bare-metal (i.e. without an OS beneath) payloads in ARMv7 non-secure System mode.
At first, the plugin allocates a physically contiguous buffer where it loads the payload (PAYLOAD_PATH
in config.h
).
Then it triggers a power standby request and when PSVita OS is about to send the Syscon
command to actually perform the standby, it changes the request type into a soft-reset and the resume routine address to a custom one (resume.S
).
Once the PSVita wakes from the soft-reset, the custom resume routine identity maps the scratchpad (address 0x1F000000) using a 1MiB section.
Then the payload bootstrap code (payload_bootstrap.S
) is copied to the scratchpad and a jump is done to that location afterwards (passing some parameters such the payload physical address).
Since the payload bootstrap code is now in an identity-mapped location, it can proceed to disable the MMU and copy the payload from the previously allocated physically contiguous buffer to its destination address
(PAYLOAD_PADDR
in config.h
), to finally jump to it.
-
Make sure you have VitaSDK installed and configured (try vdpm);
-
Change the path for the
payload.bin
download if you need it (config.h:1
); -
Depending on the firmware version on your PSVita, change the libraries you use (
Makefile:5-9
) (source):If you have firmware version < 3.63 (not verified, because I do not have such firmware):
LIBS = -ltaihenForKernel_stub -lSceSysclibForDriver_stub -lSceSysmemForDriver_stub \ -lSceSysmemForKernel_stub -lSceThreadmgrForDriver_stub -lSceCpuForKernel_stub \ -lSceCpuForDriver_stub -lSceUartForKernel_stub -lScePervasiveForDriver_stub \ -lSceSysconForDriver_stub -lScePowerForDriver_stub -lSceIofilemgrForDriver_stub \ -lSceSysrootForKernel_stub
If you have firmware version >= 3.63:
LIBS = -ltaihenForKernel_stub -lSceSysclibForDriver_stub -lSceSysmemForDriver_stub \ -lSceSysmemForKernel_363_stub -lSceThreadmgrForDriver_stub -lSceCpuForKernel_363_stub \ -lSceCpuForDriver_stub -lSceUartForKernel_363_stub -lScePervasiveForDriver_stub \ -lSceSysconForDriver_stub -lScePowerForDriver_stub -lSceIofilemgrForDriver_stub \ -lSceSysrootForKernel_stub
-
Build the project with the following commands:
make
.
- Copy your payload to your PSVita (default path is
ux0:linux/payload.bin
); - Copy
baremetal-loader.skprx
to your PSVita; - Load the plugin.
Check vita-baremetal-sample as sample payload to be loaded with this plugin.
Thanks to everybody, who contributed to the launch of the Linux kernel on PS Vita:
- xerpi;
- Team Molecule (formed by Davee, Proxima, xyz, and YifanLu);
- TheFloW
- motoharu
- everybody at the HENkaku Discord channel;
- everybody who contributes to wiki.henkaku.xyz and helps reverse engineering the PSVita OS;
- CreepNT for improvements to this app.