FreeCalypso > hg > freecalypso-docs
view Flash-boot-modes @ 69:c6dafe9f3ac2
FC-handset-spec: BCI header change on Venus
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sat, 03 Jul 2021 19:53:22 +0000 |
parents | dc0e9c91d54a |
children |
line wrap: on
line source
The Calypso chip includes an on-die boot ROM that allows the boot process to be interrupted and diverted by an external host sending some special characters into either of the two UARTs; this mechanism is what allows us to load code into RAM and to reload the flash on Calypso GSM devices without having to resort to JTAG or chip desoldering or other extreme measures. In normal operation, when the boot path is NOT being diverted by an external serial download, the boot ROM transfers control to the regular firmware in the flash - but there are two different modes in which the flash fw image may be booted. In order for the flash fw image to be considered bootable by the Calypso boot ROM, the 32-bit word at flash address 0x2000 must equal either 0 or 1; if it equals any other value, the boot ROM will consider the flash fw image to be invalid (e.g., blank flash) and will wait forever for a serial download instead of proceeding with flash boot. Depending on whether this word at 0x2000 equals 0 or 1, the flash fw image will be booted in one of two very different ways; we shall call them flash boot mode 0 and flash boot mode 1, respectively. In flash boot mode 0 the following 32-bit word at flash address 0x2004 must contain the address of the flash fw image entry point (ARM/Thumb selection in the least-significant bit); the boot ROM will simply jump to this address with a BX instruction. When the flash fw image is booted in this manner, the boot ROM is still mapped at address 0 and the first 8 KiB of flash are inaccessible except via the 0x03000000 alternate mapping, unless the firmware later changes the FFFF:FB10 register. This boot mode is intended for flash fw images that use the interrupt and exception vectors in the ROM (branching to IRAM addresses 0x80001C-0x800034) for their interrupt and exception handling. Flash boot mode 1 is different: instead of jumping directly to the flash fw image, the boot ROM copies a small piece of its code into IRAM and jumps to that code; the copied code disables the boot ROM via the FFFF:FB10 register (puts the external flash at address 0) and induces a processor reset through the watchdog timer. It is not clear to us exactly what blocks are affected by the watchdog reset, but bits 9:8 of the FFFF:FB10 register are not reset, hence the ARM processor now boots from the reset vector in the flash as if the boot ROM weren't there - and the latter really is not there after having disabled itself. Flash boot mode 0 is only usable on Calypso C035 silicon (the "new" kind); while all commercial Calypso GSM devices targeted by FreeCalypso feature Calypso chips of the correct "new" kind, the people at TI who wrote and maintained their official firmware also had to work with older Calypso C05 chips featured on the early D-Sample and Leonardo boards. The earlier boot ROM code version in those early Calypso chips also implements the two boot modes which we call mode 0 and mode 1, but its implementation of mode 0 is broken and unusable, therefore TI's firmware people only used flash boot mode 1. On the other hand, newer firmware designs made for current rather than historical hardware will probably find mode 0 to be cleaner, more intuitive and more convenient. All TI official firmwares use flash boot mode 1, our FreeCalypso Magnetite firmware does likewise, being a direct derivative of TI's TCS211 fw, but our gcc-built FC Selenite firmware uses flash boot mode 0, as the assembly code pieces and linker script magic are entirely new (our own original design) in the gcc-built version.