FreeCalypso > hg > freecalypso-reveng
annotate bootrom.notes @ 11:a51729642295
boot ROM re: got to the 0x1090 routine
author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
---|---|
date | Sun, 21 Apr 2013 21:48:50 +0000 |
parents | a06573cacb6e |
children | 25b016d16602 |
rev | line source |
---|---|
7
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
1 Application images in flash: |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
2 |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
3 In order for the nCS0 flash content to be considered a valid bootable image |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
4 (i.e., for the boot ROM to transfer control to it, rather than wait forever |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
5 for a UART download), the 32-bit word at address 0x2000 (the first word |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
6 after the ROM-overlaid portion) must contain either 0 or 1, corresponding |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
7 to two supported environment options: |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
8 |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
9 * If the word at 0x2000 equals 0, it signifies an application image that is |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
10 designed to run with the boot ROM still mapped at 0, with ARM exceptions |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
11 vectoring through the 7 magic RAM locations at 0x80001C, and possibly |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
12 through the 2nd level ("user-friendly") vector table at 0x800000 as well. |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
13 |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
14 If the word at 0x2000 equals 0, the following word at 0x2004 must contain |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
15 the absolute address of the boot entry point; the boot ROM will transfer |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
16 control to that address with the FFFF:FB10 register set to explicitly map |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
17 the internal boot ROM at 0. It is a BX-style address: setting the least |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
18 significant bit will result in control being transferred in the Thumb state. |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
19 |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
20 * If the word at 0x2000 equals 1, it signifies an application image that is |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
21 at least conceptually independent of the Calypso boot ROM - one that would, |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
22 at least in theory, function correctly with nIBOOT tied/pulled/driven HIGH, |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
23 or even on an older DBB chip with no internal boot ROM. |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
24 |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
25 When the boot ROM code sees a 1 in the 0x2000 word, it copies a little piece |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
26 of code into the internal ROM and runs it there; this code sets the FFFF:FB10 |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
27 register to disable the internal boot ROM (map the external nCS0 memory at 0, |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
28 as if nIBOOT were high) and causes the watchdog timer to go off, resetting |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
29 the ARM core and causing it to execute the external nCS0 reset vector. |
a445735685ba
boot ROM re: flash application image interface documented
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
3
diff
changeset
|
30 |
3
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
31 RAM layout: |
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
32 |
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
33 800000 7 words: |
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
34 soft-vector pointers: by default the following 7 words at |
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
35 80001C are filled with ldr-jump instructions, which read |
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
36 from these 7 words and load them into PC |
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
37 80001C 7 words: |
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
38 hard vectors: the physical vector locations in the ROM |
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
39 contain branch instructions to these 7 RAM addresses |
8
a06573cacb6e
boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
7
diff
changeset
|
40 800038: The helper routine for transferring control to type 1 flash images |
a06573cacb6e
boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
7
diff
changeset
|
41 is copied to and run here. |
a06573cacb6e
boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
7
diff
changeset
|
42 800100: the last word of the above routine |
3
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
43 800104: word initialized to 0x0001D4C0 |
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
44 800108: byte initialized to 0x01 |
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
45 |
8
a06573cacb6e
boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
7
diff
changeset
|
46 800520: byte variable filled every time the 0xfb4 routine is called |
a06573cacb6e
boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
7
diff
changeset
|
47 holds the ID of the UART on which '<' came in, or FF if none |
a06573cacb6e
boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
7
diff
changeset
|
48 800524: byte variable filled every time the 0xfb4 routine is called |
a06573cacb6e
boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
7
diff
changeset
|
49 filled with a copy of 800534 |
a06573cacb6e
boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
7
diff
changeset
|
50 |
a06573cacb6e
boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
7
diff
changeset
|
51 800534: byte initialized to 0x00, then may be set to 1 by the 0xfb4 |
a06573cacb6e
boot ROM re: trying to understand the code that runs after '<' received
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
7
diff
changeset
|
52 routine if it selects /1 clock mode. |
3
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
53 |
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
54 8005C0: appears to be the intended low address (bottom) of the stack |
e3f8fe6a848e
boot ROM re: started on main() and the 0xe2c routine
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff
changeset
|
55 80074C: top of the stack (initial value loaded into SP) |