annotate pirelli/preboot.notes @ 262:db000ea183a5

pirelli/fw-disasm: CV charging analyzed
author Mychaela Falconia <falcon@freecalypso.org>
date Tue, 26 Dec 2017 12:26:23 +0000
parents 6a136554378e
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
67
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
1 0xAA88 bytes are copied from 0x2508 to 0x810484
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
2
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
3 IRAM usage:
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
4
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
5 800000: everything from here to 81047C is zeroed out
68
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
6 800000: byte var, init to 0
67
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
7 800004: 1 written here
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
8 800008: var set to bottom of SVC stack
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
9 80000C: var set to top of SVC stack
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
10 800010: 16-bit checksum of copy-to-RAM block, before copy
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
11 800012: 16-bit checksum of copy-to-RAM block, after copy
68
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
12 810014: 16-bit var, init to 0
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
13 810016: 16-bit var, init to 0
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
14 810018: byte var, init to 0x00
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
15 810019: byte var, init to 0xBC
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
16 81001C: 32-bit var, init to 0
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
17 810020: byte var, init to 0x00, apparently flag indicating that the array
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
18 at 0x810024 has been initialized
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
19 810021: byte var, init to 0x00
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
20 810024: 32-bit var, init to 0
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
21 810024: array of 3 structs, 24 (0x18) bytes each, one for each flash region
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
22 init by routine at 0xb3a8
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
23 offset 00: ptr to start of flash region
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
24 offset 04: 32-bit init to 0, appears to be a state in the [0,2] range:
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
25 0: initial
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
26 1: checked and found to contain an image
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
27 2: result of calling 0xb0c2 in mode 2
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
28 offset 08: byte init to 0, incremented each time 0xb0c2 in mode 1
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
29 succeeds
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
30 offset 09: byte init to 0
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
31 offset 0C: init to 0x12345678
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
32 offset 10: 32-bit init to 0
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
33 offset 14: 16-bit init to 0
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
34 81006C: table of 3 32-bit words, pointers to structures describing
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
35 3 flash2 regions, init to {0081a4d0, 0081a768, 0081aa00}
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
36 810078: 32-bit var, init to 0
67
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
37 81047C: bottom of init stack (0x400 bytes)
68
6a136554378e pirelli preboot re: figured out the triggering condition
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents: 67
diff changeset
38 81047C: byte var, init to 0
67
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
39 810484: first byte used by copied code block
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
40 81AF0B: last byte ""
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
41 81AF60: initial SP for abort and undef
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
42 81AFF8: bottom of SVC stack
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
43 81B454: initial SVC SP
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
44 81B4D4: initial IRQ SP
88cf9811f97c started disassembly of Pirelli's boot code
Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
parents:
diff changeset
45 81B6D4: initial FIQ SP