Our Resident DEVS have revised the PS3 Bootup procedure, with some more interesting information.
asecure_loader is not at start of the NAND. The first 512KB also is skipped, or actually any 512 block of FF is skipped.
Furthermore, the asecure_loader differs per box, possibly encrypted with a per-box key. Files of course are not in clear, that suggests that at every step an encryption/decryption is done.
The boot loader in IDA does not look microcode for IDL, maybe it's encrypted with cpu key (the IBM secure boot/asecure_loader), that can explain also why a NAND dump can be restored only on the PS3 from which it was taken.
asecure_loader ----> lv0 which start lv1ldr or lv2ldr depending on 0 or other number in NAND FS
lvldr ----> lv1.self ----> cell_ext_area partition NAND, boot compressed linux kernel for example
spu_pkg_rvk_verifier.self load trvk_pkg
lv2ldr load lv2_kernel.self
spp_verifier.self load default.spp (bluetooth ?)
LV2 KERNEL MODULE ----> spu_token_processor.self
LV2 KERNEL MODULE ----> aim_spu_module.self
LV2 KERNEL MODULE ----> mc_iso_spu_module.self
LV2 KERNEL MODULE ----> me_iso_spu_module.self
LV2 KERNEL MODULE ----> sv_iso_spu_module.self
LV2 KERNEL MODULE ----> sb_iso_spu_module.self
That is just a taste of some interesting information, expect more soon!
More PlayStation 3 News...