FreeCalypso > hg > freecalypso-reveng

annotate bootrom.notes @ 12:25b016d16602

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
boot ROM re: making inroads into the 0x2c8 routine
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Wed, 24 Apr 2013 19:32:45 +0000
parents a06573cacb6e
children e0ce45f043c0
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
7
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
1 Application images in flash:
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
2
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
3 In order for the nCS0 flash content to be considered a valid bootable image
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
4 (i.e., for the boot ROM to transfer control to it, rather than wait forever
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
5 for a UART download), the 32-bit word at address 0x2000 (the first word
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
6 after the ROM-overlaid portion) must contain either 0 or 1, corresponding
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
7 to two supported environment options:
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
8
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
9 * If the word at 0x2000 equals 0, it signifies an application image that is
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
10 designed to run with the boot ROM still mapped at 0, with ARM exceptions
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
11 vectoring through the 7 magic RAM locations at 0x80001C, and possibly
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
12 through the 2nd level ("user-friendly") vector table at 0x800000 as well.
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
13
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
14 If the word at 0x2000 equals 0, the following word at 0x2004 must contain
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
15 the absolute address of the boot entry point; the boot ROM will transfer
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
16 control to that address with the FFFF:FB10 register set to explicitly map
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
17 the internal boot ROM at 0. It is a BX-style address: setting the least
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
18 significant bit will result in control being transferred in the Thumb state.
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
19
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
20 * If the word at 0x2000 equals 1, it signifies an application image that is
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
21 at least conceptually independent of the Calypso boot ROM - one that would,
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
22 at least in theory, function correctly with nIBOOT tied/pulled/driven HIGH,
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
23 or even on an older DBB chip with no internal boot ROM.
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
24
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
25 When the boot ROM code sees a 1 in the 0x2000 word, it copies a little piece
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
26 of code into the internal ROM and runs it there; this code sets the FFFF:FB10
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
27 register to disable the internal boot ROM (map the external nCS0 memory at 0,
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
28 as if nIBOOT were high) and causes the watchdog timer to go off, resetting
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
29 the ARM core and causing it to execute the external nCS0 reset vector.
a445735685ba boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 3
diff changeset
30
12
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
31 UART protocol
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
32
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
33 The external host initiates every operation by sending a command to the
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
34 Calypso target running the boot ROM code. Every command begins with '<' and
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
35 a lowercase ASCII letter; just the initial '<' is sufficient to interrupt
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
36 the flash image autoboot. The external host shound send these commands at
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
37 19200 baud, 8N1, and the boot ROM will intuit whether the Calypso is being
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
38 clocked with 13 or 26 MHz by trying the two possible clocking setups
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
39 alternately, with the UART baud rate registers set to /42 in both cases,
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
40 until a clean '<' is received.
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
41
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
42 Commands:
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
43
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
44 <a
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
45
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
46 <b
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
47
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
48 Followed by 4 bytes, giving a 32-bit value in MSB-first order. The value is
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
49 written to 800538, and the 0x2c8 function returns code 6.
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
50
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
51 <c
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
52
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
53 <i
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
54
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
55 <p
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
56
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
57 <w
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
58
3
e3f8fe6a848e boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
59 RAM layout:
e3f8fe6a848e boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
60
e3f8fe6a848e boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
61 800000 7 words:
e3f8fe6a848e boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
62 soft-vector pointers: by default the following 7 words at
e3f8fe6a848e boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
63 80001C are filled with ldr-jump instructions, which read
e3f8fe6a848e boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
64 from these 7 words and load them into PC
e3f8fe6a848e boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
65 80001C 7 words:
e3f8fe6a848e boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
66 hard vectors: the physical vector locations in the ROM
e3f8fe6a848e boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
67 contain branch instructions to these 7 RAM addresses
8
a06573cacb6e boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 7
diff changeset
68 800038: The helper routine for transferring control to type 1 flash images
a06573cacb6e boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 7
diff changeset
69 is copied to and run here.
a06573cacb6e boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 7
diff changeset
70 800100: the last word of the above routine
12
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
71 800104: word initialized to 0x0001D4C0 - tells the 0x2c8 routine
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
72 how long to wait for a character
3
e3f8fe6a848e boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
73 800108: byte initialized to 0x01
e3f8fe6a848e boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
74
8
a06573cacb6e boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 7
diff changeset
75 800520: byte variable filled every time the 0xfb4 routine is called
a06573cacb6e boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 7
diff changeset
76 holds the ID of the UART on which '<' came in, or FF if none
a06573cacb6e boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 7
diff changeset
77 800524: byte variable filled every time the 0xfb4 routine is called
a06573cacb6e boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 7
diff changeset
78 filled with a copy of 800534
a06573cacb6e boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 7
diff changeset
79
12
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
80 80052C: byte following the '<c' command is extended to a half-word and
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
81 written here
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
82
8
a06573cacb6e boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 7
diff changeset
83 800534: byte initialized to 0x00, then may be set to 1 by the 0xfb4
a06573cacb6e boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 7
diff changeset
84 routine if it selects /1 clock mode.
12
25b016d16602 boot ROM re: making inroads into the 0x2c8 routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 8
diff changeset
85 800538: word holds the argument of the '<b' command
3
e3f8fe6a848e boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
86
e3f8fe6a848e boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
87 8005C0: appears to be the intended low address (bottom) of the stack
e3f8fe6a848e boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
88 80074C: top of the stack (initial value loaded into SP)