IOS
IOSU is the operating system running on the ARM in Wii U mode. It is the Wii U equivalent of IOS on the Wii, and similar in some regards, but it is a complete rewrite with many changes. IOSU implements the Wii U's security policy, which includes titles and hardware access. One of its primary responsibilities is enforcing code signing, verifying all titles before installation and launch. Another one of its jobs is managing access to most hardware, such as storage, network, USB, and the Gamepad. The PowerPC can talk to IOSU through an IPC interface, and make security and hardware requests.
Architecture
IOSU is an embedded operating system written by Nintendo, with a microkernel architecture. It contains a simple kernel that implements memory management and process and thread management. Device drivers and security handlers run as processes in the ARM user mode. These processes, called resource managers (RMs), can register as request handlers for resources, which are represented as nodes under /dev in a virtual filesystem. They communicate with each other through the kernel, using standard Unix file operations (open/close/read/write/seek/ioctl/ioctlv).
IPC
PowerPC code is able to call IOSU drivers through an IPC interface. It uses the same call interface as IOSU does internally. Userspace code submits IOSU requests with the IPCKDriver_SubmitRequest() syscall in the Cafe OS kernel. The kernel includes information to identify which Cafe OS process sent the request, allowing IOSU to check permissions on a per-app basis. Requests are contained in a struct, sent to a memory area, and marshalled by a special IOSU process that makes syscalls on behalf of the PowerPC.
ipc struct size = 0x48, aligned to 0x20 0x00: cmd // 1=open, 2=close, 3=read, 4=write, 5=seek, 6=ioctl, 7=ioctlv 0x04: UNKNOWN (return value?) 0x08: fd 0x0C: UNKNOWN (always 0?) 0x10: CPU number (0 = ARM?, 1-3 = CPU0-2) 0x14: et_store 0x18: some_proc_struct->off0 (identifies app?) 0x1C: some_proc_struct->off4 (identifies app?) 0x20: UNKNOWN 0x24: args[5] (after virtual->physical translation) 0x38: cmd (copy) 0x3C: fd (copy) 0x40: virts[2]
Modules
Security
- /dev/mcp - Title launching (similar to ES on Wii?)
- /dev/crypto - Cryptographic services?
Network
Socket-level network API
USB
Low-level and peripheral access
- /dev/uhs - Low-level API
- /dev/usb_hid - USB HID driver
- /dev/usb/btrm - Bluetooth module (for Wii Remote and Pro Controller)
DRH
Wii U communication with the Gamepad
- /dev/ccr_cdc - RPC (Console-DRC Communication?)
- /dev/ccr_hid - Input
- /dev/ccr_uvc - Camera
- /dev/ccr_uac - Microphone