Proceeding his Exploring the PS5 Security Landscape Hardwear.io 2023 presentation and Slideshow, @SpecterDev (Twitter) recently updated PSDevWiki with details on the PS5 In-Kernel Hypervisor present in PlayStation 5 Firmware 2.50 and below for PS5Scene developers to examine.
According to @zecoxao on Twitter, "he only has a full dump from a version from those ranges, so it's normal."
Here's further details on the In-Kernel PS5 Hypervisor from the PS5 Developer Wiki, as follows: In-Kernel Hypervisor (<= 2.50)
On 2.50 and lower, the hypervisor is integrated as part of the kernel binary. This is the "first iteration" of the hypervisor, later versions have the hypervisor as a separately loaded component. The hypervisor's main goals are to protect kernel code integrity and enforce xotext (aka. eXecute Only Memory or "XOM") on the kernel.
To accomplish this, Sony takes advantage of various features provided by AMD Secure Virtual Machine (SVM), such as; Nested Page Tables (NPT), Guest Mode Execute Trap (GMET), and intercepting reads/writes to Control Registers (CRs) as well as Machine State Registers (MSRs).
Furthermore, xotext seems to be hardware-backed as a collaboration with AMD, named "nda feature". The hypervisor also manages the I/O Memory Management Unit (IOMMU), as hinted by the fact that it exposes various hypercalls for configuring it.
It's worth noting the hypervisor is very small, especially when compared to that of the PS3. It only supports a handful of hypercalls and mainly exists to protect the kernel. It doesn't run multiple VMs or use nested virtualization, it only virtualizes the kernel/userspace, which Sony calls "GameOS".
SpecterDev has documented information regarding PS5 ioctls and device codenames.
According to @zecoxao on Twitter, "he only has a full dump from a version from those ranges, so it's normal."
Here's further details on the In-Kernel PS5 Hypervisor from the PS5 Developer Wiki, as follows: In-Kernel Hypervisor (<= 2.50)
On 2.50 and lower, the hypervisor is integrated as part of the kernel binary. This is the "first iteration" of the hypervisor, later versions have the hypervisor as a separately loaded component. The hypervisor's main goals are to protect kernel code integrity and enforce xotext (aka. eXecute Only Memory or "XOM") on the kernel.
To accomplish this, Sony takes advantage of various features provided by AMD Secure Virtual Machine (SVM), such as; Nested Page Tables (NPT), Guest Mode Execute Trap (GMET), and intercepting reads/writes to Control Registers (CRs) as well as Machine State Registers (MSRs).
Furthermore, xotext seems to be hardware-backed as a collaboration with AMD, named "nda feature". The hypervisor also manages the I/O Memory Management Unit (IOMMU), as hinted by the fact that it exposes various hypercalls for configuring it.
It's worth noting the hypervisor is very small, especially when compared to that of the PS3. It only supports a handful of hypercalls and mainly exists to protect the kernel. It doesn't run multiple VMs or use nested virtualization, it only virtualizes the kernel/userspace, which Sony calls "GameOS".
SpecterDev has documented information regarding PS5 ioctls and device codenames.