FreeCalypso > hg > freecalypso-reveng

comparison bootrom.notes @ 12:25b016d16602

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
boot ROM re: making inroads into the 0x2c8 routine
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Wed, 24 Apr 2013 19:32:45 +0000
parents a06573cacb6e
children e0ce45f043c0
comparison
equal deleted inserted replaced
11:a51729642295 12:25b016d16602
26 of code into the internal ROM and runs it there; this code sets the FFFF:FB10 26 of code into the internal ROM and runs it there; this code sets the FFFF:FB10
27 register to disable the internal boot ROM (map the external nCS0 memory at 0, 27 register to disable the internal boot ROM (map the external nCS0 memory at 0,
28 as if nIBOOT were high) and causes the watchdog timer to go off, resetting 28 as if nIBOOT were high) and causes the watchdog timer to go off, resetting
29 the ARM core and causing it to execute the external nCS0 reset vector. 29 the ARM core and causing it to execute the external nCS0 reset vector.
30 30
31 UART protocol
32
33 The external host initiates every operation by sending a command to the
34 Calypso target running the boot ROM code. Every command begins with '<' and
35 a lowercase ASCII letter; just the initial '<' is sufficient to interrupt
36 the flash image autoboot. The external host shound send these commands at
37 19200 baud, 8N1, and the boot ROM will intuit whether the Calypso is being
38 clocked with 13 or 26 MHz by trying the two possible clocking setups
39 alternately, with the UART baud rate registers set to /42 in both cases,
40 until a clean '<' is received.
41
42 Commands:
43
44 <a
45
46 <b
47
48 Followed by 4 bytes, giving a 32-bit value in MSB-first order. The value is
49 written to 800538, and the 0x2c8 function returns code 6.
50
51 <c
52
53 <i
54
55 <p
56
57 <w
58
31 RAM layout: 59 RAM layout:
32 60
33 800000 7 words: 61 800000 7 words:
34 soft-vector pointers: by default the following 7 words at 62 soft-vector pointers: by default the following 7 words at
35 80001C are filled with ldr-jump instructions, which read 63 80001C are filled with ldr-jump instructions, which read
38 hard vectors: the physical vector locations in the ROM 66 hard vectors: the physical vector locations in the ROM
39 contain branch instructions to these 7 RAM addresses 67 contain branch instructions to these 7 RAM addresses
40 800038: The helper routine for transferring control to type 1 flash images 68 800038: The helper routine for transferring control to type 1 flash images
41 is copied to and run here. 69 is copied to and run here.
42 800100: the last word of the above routine 70 800100: the last word of the above routine
43 800104: word initialized to 0x0001D4C0 71 800104: word initialized to 0x0001D4C0 - tells the 0x2c8 routine
72 how long to wait for a character
44 800108: byte initialized to 0x01 73 800108: byte initialized to 0x01
45 74
46 800520: byte variable filled every time the 0xfb4 routine is called 75 800520: byte variable filled every time the 0xfb4 routine is called
47 holds the ID of the UART on which '<' came in, or FF if none 76 holds the ID of the UART on which '<' came in, or FF if none
48 800524: byte variable filled every time the 0xfb4 routine is called 77 800524: byte variable filled every time the 0xfb4 routine is called
49 filled with a copy of 800534 78 filled with a copy of 800534
50 79
80 80052C: byte following the '<c' command is extended to a half-word and
81 written here
82
51 800534: byte initialized to 0x00, then may be set to 1 by the 0xfb4 83 800534: byte initialized to 0x00, then may be set to 1 by the 0xfb4
52 routine if it selects /1 clock mode. 84 routine if it selects /1 clock mode.
85 800538: word holds the argument of the '<b' command
53 86
54 8005C0: appears to be the intended low address (bottom) of the stack 87 8005C0: appears to be the intended low address (bottom) of the stack
55 80074C: top of the stack (initial value loaded into SP) 88 80074C: top of the stack (initial value loaded into SP)