after payload sent white light no picture...

[natron4battles]

I put everything on the usb corectly here is my klog for ps4 slim cuh-2015a

kernel_init()
Kernel base = ffffffff8a628000
Direct map base = ffffc19c00000000
pmap_protect patch successful (found at 0xffffffff8a90b0ca)
pmap_protect(pmap, 0xffffffff8b184000, 0xffffffff8b18c000, 7)
Testing global variable access (write protection)...
OK.
Kernel interface initialized
Installing sys_kexec to system call #153
kexec_init() successful

PS4 Linux Loader for 5.05 by valentinbreiz
kernel base is:0xffffffff8a628000
uaddr is:0x0000000200bc8000
sys_kexec invoked
sys_kexec(0x888230020, 5984464, 0x8887f0020, 3066375, "panic=0 clocksource=tsc radeon.dpm=0 console=tty0 console=ttyS0,115200n8 console=uart8250,mmio32,0xd0340000 video=HDMI-A-1:1920x1080-24@60 consoleblank=0 net.ifnames=0 drm.debug=0")
Copying PFP firmware
NOP handler at 0xff0
Copying ME firmware
Copying CE firmware
NOP handler at 0x7f0
Copying MEC firmware
NOP handler at 0xff0
Copying MEC2 firmware
NOP handler at 0xff0
Copying RLC firmware
Copying SDMA firmware
Copying SDMA1 firmware

kexec parameters:
Kernel image size: 5984464 bytes
Initramfs size: 3160431 bytes (3066375 from user)
Kernel command line: panic=0 clocksource=tsc radeon.dpm=0 console=tty0 console=ttyS0,115200n8 console=uart8250,mmio32,0xd0340000 video=HDMI-A-1:1920x1080-24@60 consoleblank=0 net.ifnames=0 drm.debug=0
Kernel image buffer: 0xffffc19c23800000
Initramfs buffer: 0xffffc19c4a400000
kernel_hook_install(0xffffffff8b187f08, 0xffffffff8a66c020)
Using 64bit absolute jump

---

kexec successfully armed. Please shut down the system.

---

[KERNEL] dmem_handle_vmspace_exited pid: 65, ptype=2, 0xffffc19c0429b840->pt_loaded is TRUE
[KERNEL] dmem_handle_vmspace_exited map #0 0xffffc19c0429b840
[KERNEL] dmem_handle_vmspace_exited map #1 0xffffc19c18774bb8
[KERNEL] dmem_handle_vmspace_exited pid: 65, app_maps_count[2], 2 -> 1
[KERNEL] dmem_handle_vmspace_exited pid: 66, ptype=2, 0xffffc19c18774bb8->pt_loaded is TRUE
[KERNEL] dmem_handle_vmspace_exited map #0 0xffffc19c18774bb8
[KERNEL] dmem_handle_vmspace_exited pid: 66, app_maps_count[2], 1 -> 0
Context.cc:189 (ajmContextCleanup) - Codec Opus CELT Encoder was not properly unregistered.
Context.cc:189 (ajmContextCleanup) - Codec CELP8 Decoder was not properly unregistered.
Context.cc:189 (ajmContextCleanup) - Codec CELP8 Encoder was not properly unregistered.
Context.cc:189 (ajmContextCleanup) - Codec MPEG4 AAC Encoder was not properly unregistered.
Context.cc:189 (ajmContextCleanup) - Codec CELP(16) Decoder was not properly unregistered.
[KE]sceCameraDevKill::2775 ERROR: sceCameraProcConfigStop 0x802e0006 i=0 handle=257 pid=44
Context.cc:191 (ajmContextCleanup) - More codecs were not properly unregistered...
Context.cc:174 (ajmContextCleanup) - Instance 16389 was not properly destroyed.
Context.cc:189 (ajmContextCleanup) - Codec MP3 Decoder was not properly unregistered.
Context.cc:174 (ajmContextCleanup) - Instance 114689 was not properly destroyed.
Context.cc:189 (ajmContextCleanup) - Codec ATRAC9 Decoder was not properly unregistered.
Context.cc:189 (ajmContextCleanup) - Codec AC3 Encoder was not properly unregistered.
Context.cc:174 (ajmContextCleanup) - Instance 163842 was not properly destroyed.
Context.cc:189 (ajmContextCleanup) - Codec Opus CELT Decoder was not properly unregistered.
Context.cc:189 (ajmContextCleanup) - Codec DTS Encoder was not properly unregistered.
<118>[SceSysCore mini] forcibly unmount 1 nullfses
<118>[SceSysCore mini] forcibly unmount /mnt/usb0
<118>[SceSysCore mini] sceKernelPollEventFlag(reboot_flag): failed 80020010
<118>[SceSysCore mini] call reboot(4000)
[REGMGR] 000006 ...
[REGMGR] ( 1423.131 sec) 010006 ...
[REGMGR] ( 0.011435 sec) 010007 ...
[REGMGR] 000108 ...
Waiting (max 60 seconds) for system process SceVnlru' to stop...done Waiting (max 60 seconds) for system process SceBufdaemon0' to stop...SD Manual Tuning done. MaxPassWindowSize=23, TunePoint=11 CORE_CTRL=0x58408b
done
Waiting (max 60 seconds) for system process SceBufdaemon2' to stop... done Waiting (max 60 seconds) for system process SceSyncer' to stop...
Syncing disks, vnodes remaining...0 0 sched_sync: flush softdep (iter=2)
sched_sync: flush softdep (iter=1)
done
Waiting (max 60 seconds) for system process `SceBufdaemon1' to stop...done
All buffers synced.
Uptime: 23m48s
icc post sync:Thermal alert LED off

so im think it might be [SceSysCore mini] sceKernelPollEventFlag(reboot_flag): failed 80020010

[ghost]

@natron4battles

I just recompiled a 5.05 Linux Loader based on this code, but for 720p
because I was just experiencing the same problem in the last few days trying to load Fedora,

^ this is for the Linux Loader for 5.05 in 720p for CUH-1215A models, probably most CUH-12XX models,
you have to switch your PS4 video resolution from 1080p to 720p
its working for me, using the same initrd and bzImage for 5.05

PS4-Linux-Loader-5.05.720p.bin
https://mega.nz/#!P3wEWCLL!fGI_LSwbNo7qwW7X_didKKs59XTp_6qkVnkF79eSIzo

bzImage and initrd

5.05-fat32-files-for-720p-1080p-loader.zip
https://mega.nz/#!Sixg1aBD!HDtq6qDA8NR-Ta3Rpukt1mB6GNx-euTQnXUipG3YH70

[tonyyoyo]

I tried c4pt00's links, and still the same. Perhaps CUH-20* models need a different fix.

[ghost]

@tonyyoyo
did you set the PS4's actual display resolution to 720p ? in the system settings? before loading the Payload?

https://www.youtube.com/watch?v=SBEP-XKynWc

[tonyyoyo]

Yep, sure did. No luck. 🎲

Resolution: 720p
TV Size: Automatic
RGB Range: Limited
HDR: Off
Deep Color Output: Off

[ghost]

@tonyyoyo
when you load the Payload can you describe what actually takes place with the PS4 as it attempts to load? on the monitor, or the LEDs on the console?

[tonyyoyo]

1. Indicator light on the USB flashes.
2. Screen goes black.
3. No signal error message.
4. White light on power button stays on.

The only way to restart is to do a force shutdown by holding down the power button.

[ghost]

if you think the system is loaded with no response on your monitor you should try to switch between active ttys using Crtl-Alt-F1, Crtl-Alt-F2, Crtl-Alt-F3 I have to do this sometimes to be able to refresh and see the login screen
what type of Linux are you trying to load?
which bzImage and initramfs.cpio.gz are you using?
if the LED on the console turns dark blue/purple then you know the system is actively reading the USB device
also the boot process from the time the Payload executes to login screen should take a maximum of 5-10 minutes to be able to login (usually less than 5 minutes to login but more than 2 or 3 minutes up to 10 minutes)

[ghost]

the files I uploaded here
bzImage and initramfs.cpio.gz definitely 100% work with Fedora 23
https://mega.nz/#!Sixg1aBD!HDtq6qDA8NR-Ta3Rpukt1mB6GNx-euTQnXUipG3YH70
using this Payload
https://mega.nz/#!P3wEWCLL!fGI_LSwbNo7qwW7X_didKKs59XTp_6qkVnkF79eSIzo
I have been experimenting with trying to load Fedora 28 for over the last week having a lot of problems, but Fedora 23 definitely loads, the Fedora 23 image I am using I suspect to be compromised, either case I seek to upgrade to Fedora 28 for newer features,

[ghost]

seems like the regular PS4-Linux-Loader-5.05.bin Payload works for me on 5.05 using 1080p with a CUH-1215A system, before I was experiencing problems getting graphics to load, from further experimentation I am able to see a login prompt, and almost get a GUI working using 1080p with this Payload

[tonyyoyo]

I've tried everything: Manjaro, PSXITArch, Fedora. And it's always the same: no signal!

Thanks for all your help, c4pt00, but I'm signing off until there's some official updates.

Console: CUH-2015A
Firmware: 5.05

[natron4battles]

Try with this just for testing with your linux builds cuh 2015a
https://cdn.discordapp.com/attachments/441699058046992396/461929879839965204/PS4-Linux-Loader_normal.bin

[tonyyoyo]

Natron, it's working for you on 5.05/2015A with that discord version?

[natron4battles]

still no signal

[tonyyoyo]

Goddammit, I've had enough! 😠

Can we get some more people to confirm this, so it can be labeled as an official bug!?

[tonyyoyo]

I forgot to mention there's no USB power, so doing that Ctrl-Alt-F* trick is out of the question. It's like the PS4 goes into standby mode.

[DragonLord7791]

same for me no video,i have model slim CUH-2015A

[tonyyoyo]

I've tested the new Psxitarch v2 on my brother's TV, and you guessed it: nada. I think it's safe to rule out the TV as the issue, as I've tested 3 so far.

[samyaditya]

I'm having same issue as @tonyyoyo, no display after loading the payload and PS4 LED stays white. Model: Slim CUH-2008B

[Valeryy]

tonyyoyo I forgot to mention there's no USB power, so doing that Ctrl-Alt-F* trick is out of the question. It's like the PS4 goes into standby mode.

I have the same symptoms but with CUH-7116B.I have suggestion: I used two different USB3 flash drives and no luck. But both have no separate power supplier, so they relay on power supplier from PS4. What might happen is after linux-payload start working and reboots the PS4, the power is interrupted for some short period of time which makes USB flash drive to hang or something. So what I want to try is to use USB hub or dongle with independent power supplier.
Try it also if you want.

[tonyyoyo]

Interesting, but still not working. I tried a USB hard drive dock and USB hub, both with their own power supply.

After doing some further testing, It turns out there is actually USB power. The problem is the keyboard doesn't register. How do I know this when there's no signal? The indicator lights for caps lock and num lock don't respond.

[Valeryy]

tonyyoyo, this was just a hypothesis about interrupted power. My experiments also show that separate power supply does not help.
I tried it with dock-station which apparently was not recognized as USB 3.0.
So the next step I want to try external USB 3 HDD 1TB. Maybe it is important it must be USB 3.0, not 2.0.
Also I want to try to compile linux-loader.bin with some additional logging to understand what really happens.

For now I do not care too much about keyboard/mouse since first I want to see it boots from bzimage.
I also use projector Benq w1070, which supports both 1080p60Hz and 720p. Anyway it also can be the reason of failure. For my projector, in safe mode PS4 uses 720x576 120Hz mode for some reason

[jersonjunior]

We need someone using UART in SLIM to intercept the logs after Payload, someone could verify what this error means [SceSysCore mini] sceKernelPollEventFlag (reboot_flag): failed 80020010, I believe it is important to solve the problem we are facing.

[Valeryy]

According to https://www.psdevwiki.com/ps4/CE 80020010 means "SCE_KERNEL_ERROR_EBUSY" = Device busy, Interesting, where you see this error? I mean how you know that it is exactly this error?

[jersonjunior]

Using the mira-hen after the payload always gets this error, I do not know if that's exactly what's causing something just suspicious.

[MrAnonn]

I have a really weird problem. i have a 4k tv and ps4 pro that is currently set to display 4k. i run the payload and i can enter linux just fine. however as soon as linux loads the entire screen goes tainted green. I imagine this is because the resolution in linux in 1920x1080 and when i close linux and set the ps4 pro resolution to 1080p and load linux i get the black screen error and nothing happens after that.

[steffen83]

i also have a CUH-7116b and i never seen the rescueshell.
Only the white light and nothing more happened. When the USB-Stick is pulled out, the console
shuts down after a few seconds. then i have to power it on by pressing the powerbutton more than 1 time
what can i do, is some kind of a log helpful ?

[Valeryy]

Hello,
I have CUH-7116b and I want to describe my observations.

1. I am exprerimenting with Ps3itaTeam fork of PS4-Linux-Loader and ps4-kexec https://github.com/Ps3itaTeam/
2. For experiments I modify source code, re-build and execute Linux payload using ps4-exploit-host. First I load Mira+Hen to be able to see kernel log and make sure shutdown hook is installed. Then I load linux-loader with 'Original'.
3. With Mira I can see kernel log only before linux loader shutdown the system.
   Then shutdown hook start working and I cannot see klog and I cannot read uart, further experiments I did blindly.

Shot story: I see ps4-kexec works fine and jmp_to_linux bootloader (linux_thunk.S) was called with correct bzImage, initramfs, boot-params and GDT pointer.

So further, I will try to find out whether asm linux loader works correctly and if yes, where linux kernel code hangs.

Long story:

I "debug" the following way:

I wrote panic function like this (inside linux_boot.c):

static void panic(void)
{
cr0_write(cr0_read() & ~CR0_WP);
u64 *pml4_base = (u64 *)PA_TO_DM(cr3_read() & 0x000ffffffffff000ull);
u64 *pdp_base = (u64 *)PA_TO_DM(*pml4_base & 0x000ffffffffff000ull);

for (u64 i = 0; i < 4; i++) {
        pdp_base[i] = (i << 30) | PG_V | PG_U | PG_PS;
}

cr0_write(cr0_read() | CR0_WP);
memset((void *)0, 0, 0x2000);

udelay(150);

}

It forces CPU to violate memory write protection. And when it happens PS4 powers off (light switches off).

Calling this function from different places of cpu_quiesce_gate, I figured out it works well up to jmp_to_linux.

I also assured the memory pointed by DM_TO_ID(nix_info.linux_image) and DM_TO_ID(nix_info.initramfs) contains bzImage and initramfs which were read from USB HDD.

[jh-reyn]

Any updates on the 2015A model? I've also got the same issues of no tv output.

[mirh]

Give a try to this I guess?
#3 (comment)

[tonyyoyo]

^ Doesn't work.

I have one last observation regarding the keyboard. Like I said earlier, the indicator lights are unresponsive during the white light. But that's only if you plug in the keyboard after the boot. If, on the other hand, you plug in the keyboard before the boot, you can get one key press in, and then the PS4 shuts down completely. 🔌

[Valeryy]

Hello,
I have something. I posted it here: https://www.psxita.it/forum/linux-kernel-t6118-60.html#p43384

It actually means we have newer Baikal Glue Device Southbridge (vendorId: 104D, deviceId: 90DB, subsystemVendorId: 104D, subsystemId: 90DF) which is not compatible with Aeolia and Belize. Either new or fixed linux driver needed.
And maybe the only way is reverse engineering of PS4 firmware.

It seems our southbridge is not even mentioned in PS4 dev wiki and subsystemId: 90DF is not mentioned in online database.
Maybe this is South Bridge chip SCEI CXD90042GG or CXD90046GG.

In dev wiki they say: Aeolia and Belize are custom chips from Marvell.
So I would also try to find Marvell's specs from similar devices online. The chances are low.
Reverse engineering is quite complicated task for me.
So to progress we need help from Guru(s).

[tonyyoyo]

Resolved here.