With the collaboration of TheFloW, we have been reverse-engineering the protocol ARM and MIPS use to communicate and boot. I pretty much focused on the ARM side (implemented in
SceCompat), whereas TheFlow has mostly focused on the
MIPS side.
The protocol is based on interrupts and a shared SRAM, which is accessible by both.
Here's a sequence diagram of it:
Initial state:
MIPS ARM
Consumer ready = true Producer ready = true
Response ready = false Command ready = false
Sequence diagram:
MIPS ARM
| | compat_wait_and_get_request()
| |<-----------------------------------------
| | - Wait command ready
| | (blocked)
Send command | |
--------------------------------->| |
- Wait consumer ready | |
- Write command to SRAM | |
- Send interrupt [68-70] |-------Interrupt-------->|************************
- Wait response ready (blocked) | | Push command to CQ *
*************************|<------Interrupt---------| Send interrupt [4-6] *
* Signal consumer ready | | Signal command ready *
*************************| |************************
| | - Wake from command ready
| | - Pop command from CQ and return
| | ---------------------------------------->
| |
| | compat_wait_intr()
| |<-----------------------------------------
| | - Wait producer ready
| |----------------------------------------->
| |
| | compat_return_value_ex()
| |<-----------------------------------------
| | - Write response to SRAM
**************************|<------Interrupt---------| - Send interrupt [7-9]
* Read response value | |----------------------------------------->
* Signal response ready | |
* Send interrupt [71-73] |-------Interrupt-------->|************************
**************************| | Signal producer ready *
- Wake from response ready | |************************
- Return response | |
<---------------------------------| |
| |
| |
I have also documented the registers used to trigger those interrupts to the Henkaku wiki:
The C re-implementation of SceCompat functions can be found here:
https://gist.github.com/xerpi/0e682d594c5def602750c523ee491098/