This is a kernel plugin that lets you run bare-metal (i.e. without an OS beneath) payloads in ARMv7 non-secure System mode.

At first, the plugin allocates a physically contiguous buffer where it loads the payload (PAYLOAD_PATH in config.h). Then it triggers a power standby request and when PSVita OS is about to send the Syscon command to actually perform the standby, it changes the request type into a soft-reset and the resume routine address to a custom one (resume.S).

Once the PSVita wakes from the soft-reset, the custom resume routine identity maps the scratchpad (address 0x1F000000) using a 1MiB section. Then the payload bootstrap code (payload_bootstrap.S) is copied to the scratchpad and a jump is done to that location afterwards (passing some parameters such the payload physical address).

Since the payload bootstrap code is now in an identity-mapped location, it can proceed to disable the MMU and copy the payload from the previously allocated physically contiguous buffer to its destination address (PAYLOAD_PADDR in config.h), to finally jump to it.

1. Make sure you have VitaSDK installed and configured (try vdpm);

2. Change the path for the payload.bin download if you need it (config.h:1);

3. Depending on the firmware version on your PSVita, change the libraries you use (Makefile:5-9) (source):

   If you have firmware version < 3.63 (not verified, because I do not have such firmware):

   LIBS =	-ltaihenForKernel_stub -lSceSysclibForDriver_stub -lSceSysmemForDriver_stub \
    -lSceSysmemForKernel_stub -lSceThreadmgrForDriver_stub -lSceCpuForKernel_stub \
    -lSceCpuForDriver_stub -lSceUartForKernel_stub -lScePervasiveForDriver_stub \
    -lSceSysconForDriver_stub -lScePowerForDriver_stub -lSceIofilemgrForDriver_stub \
    -lSceSysrootForKernel_stub

   If you have firmware version >= 3.63:

   LIBS =	-ltaihenForKernel_stub -lSceSysclibForDriver_stub -lSceSysmemForDriver_stub \
    -lSceSysmemForKernel_363_stub -lSceThreadmgrForDriver_stub -lSceCpuForKernel_363_stub \
    -lSceCpuForDriver_stub -lSceUartForKernel_363_stub -lScePervasiveForDriver_stub \
    -lSceSysconForDriver_stub -lScePowerForDriver_stub -lSceIofilemgrForDriver_stub \
    -lSceSysrootForKernel_stub

4. Build the project with the following commands: make.

1. Copy your payload to your PSVita (default path is ux0:linux/payload.bin);
2. Copy baremetal-loader.skprx to your PSVita;
3. Load the plugin.

Check vita-baremetal-sample as sample payload to be loaded with this plugin.

Thanks to everybody, who contributed to the launch of the Linux kernel on PS Vita:

• xerpi;
• Team Molecule (formed by Davee, Proxima, xyz, and YifanLu);
• TheFloW
• motoharu
• everybody at the HENkaku Discord channel;
• everybody who contributes to wiki.henkaku.xyz and helps reverse engineering the PSVita OS;
• CreepNT for improvements to this app.