Initial Program Loader

From PSPWiki

There are two separate ipl's, the pre-ipl and the ipl. The pre-ipl is on the main CPU and cannot be reflashed. The pre-ipl loads the ipl off the nand chip or the memory stick (see Pandora's Battery).

Contents 1 Pre-Ipl 1.1 Part 1 (the loader) 1.2 Part 2 (the payload) 2 Ipl 2.1 Part 1 (the loader) 2.2 Part 2 (main.bin) 2.3 Part 3 (the payload) 3 Custom Ipl 3.1 Flashing the ipl 3.2 Running the Unencrypted ipl

Pre-Ipl

The pre-ipl loads and decrypts the encrypted IPL by sending it to the psp's hardware decryption chip (kirk).

Part 1 (the loader)

Part1 copies the Part2 of the pre-ipl to the CPU's scratchpad RAM. This is mapped to physical address 0x00010000. After the part1 pre-ipl copy's the second part of the pre-ipl to 0x00010000 it jumps to this address.

Part 2 (the payload)

This part of the pre-ipl inits the nand hardware and reads the IPL nand-block-table or the memory stick if the battery's serial number is set to 0xFFFFFFFF. This table is located at the 4th physical block of the nand.

To be finished.

Ipl

Part 1 (the loader)

Part 2 (main.bin)

Part 3 (the payload)

Custom Ipl

Flashing the ipl

Running the Unencrypted ipl