FreeCalypso > hg > freecalypso-reveng

comparison bootrom.disasm @ 2:979d97fe75eb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
boot ROM rev eng: progressing on the RESET code
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Mon, 15 Apr 2013 04:51:12 +0000
parents 4b5e22875181
children e3f8fe6a848e
comparison
equal deleted inserted replaced
1:4b5e22875181 2:979d97fe75eb
1347 1347
1348 148c: 00001fcc andeq r1, r0, r12, asr #31 1348 148c: 00001fcc andeq r1, r0, r12, asr #31
1349 1490: ffff6000 swinv 0x00ff6000 1349 1490: ffff6000 swinv 0x00ff6000
1350 1494: 00001fd4 ldreqd r1, [r0], -r4 1350 1494: 00001fd4 ldreqd r1, [r0], -r4
1351 1351
1352 The RESET entry point branches here: 1352 ; The RESET entry point branches here
1353 1498: e59f003c ldr r0, [pc, #60] ; 0x14dc 1353 ;
1354 149c: e59f103c ldr r1, [pc, #60] ; 0x14e0 1354 ; First order of business: copy the 7 vector instructions from
1355 ; 0x1FE0 to 0x80001C.
1356 1498: e59f003c ldr r0, =0x1FE0 ; via 0x14dc
1357 149c: e59f103c ldr r1, =0x80001C ; via 0x14e0
1355 14a0: e3a02000 mov r2, #0 ; 0x0 1358 14a0: e3a02000 mov r2, #0 ; 0x0
1356 14a4: e7903002 ldr r3, [r0, r2] 1359 14a4: e7903002 ldr r3, [r0, r2]
1357 14a8: e7813002 str r3, [r1, r2] 1360 14a8: e7813002 str r3, [r1, r2]
1358 14ac: e2822004 add r2, r2, #4 ; 0x4 1361 14ac: e2822004 add r2, r2, #4 ; 0x4
1359 14b0: e352001c cmp r2, #28 ; 0x1c 1362 14b0: e352001c cmp r2, #28 ; 0x1c
1360 14b4: 1afffffa bne 0x14a4 1363 14b4: 1afffffa bne 0x14a4
1361 14b8: e59f0014 ldr r0, [pc, #20] ; 0x14d4 1364 ; done with that; now set up the stack
1362 14bc: e59f1014 ldr r1, [pc, #20] ; 0x14d8 1365 14b8: e59f0014 ldr r0, =0x8005C0 ; via 0x14d4
1366 14bc: e59f1014 ldr r1, =0x190 ; via 0x14d8
1363 14c0: e2411004 sub r1, r1, #4 ; 0x4 1367 14c0: e2411004 sub r1, r1, #4 ; 0x4
1364 14c4: e0802001 add r2, r0, r1 1368 14c4: e0802001 add r2, r0, r1
1365 14c8: e3c22003 bic r2, r2, #3 ; 0x3 1369 14c8: e3c22003 bic r2, r2, #3 ; 0x3
1366 14cc: e1a0d002 mov sp, r2 1370 14cc: e1a0d002 mov sp, r2
1367 14d0: ea000003 b 0x14e4 1371 14d0: ea000003 b 0x14e4
1368 1372
1369 14d4: 008005c0 addeq r0, r0, r0, asr #11 1373 ; literals for the above code
1370 14d8: 00000190 muleq r0, r0, r1 1374 14d4: 008005c0
1371 14dc: 00001fe0 andeq r1, r0, r0, ror #31 1375 14d8: 00000190
1372 14e0: 0080001c addeq r0, r0, r12, lsl r0 1376 14dc: 00001fe0
1373 1377 14e0: 0080001c
1374 14e4: e59f0078 ldr r0, [pc, #120] ; 0x1564 1378
1379 ; continuation of the RESET entry code
1380 14e4: e59f0078 ldr r0, =0x1694 ; via 0x1564
1375 14e8: e3700001 cmn r0, #1 ; 0x1 1381 14e8: e3700001 cmn r0, #1 ; 0x1
1376 14ec: 1b000003 blne 0x1500 1382 14ec: 1b000003 blne 0x1500
1377 14f0: ebffff38 bl 0x11d8 1383 14f0: ebffff38 bl 0x11d8
1378 14f4: e3a00001 mov r0, #1 ; 0x1 1384 14f4: e3a00001 mov r0, #1 ; 0x1
1379 14f8: eb000022 bl 0x1588 1385 14f8: eb000022 bl 0x1588
1380 14fc: eafffffe b 0x14fc 1386 14fc: eafffffe b 0x14fc
1387
1388 ; 0x1500: Subroutine entry
1389 ;
1390 ; This routine initializes multiple RAM areas from a single ROM init data
1391 ; table. Takes one argument in R0, which points to the ROM table.
1392 ; The ROM table consists of one or more abutted variable-length records,
1393 ; each of the following format:
1394 ;
1395 ; 1 word: number of bytes to copy (may or may not be word-aligned)
1396 ; 1 word: copy destination address (ditto)
1397 ; variable length: data to be copied
1398 ; 0 to 3 bytes of padding to put the next record on a word boundary
1399 ;
1400 ; The list is terminated by a zero word.
1401
1381 1500: ea000011 b 0x154c 1402 1500: ea000011 b 0x154c
1382 1504: e4901004 ldr r1, [r0], #4 1403 1504: e4901004 ldr r1, [r0], #4
1383 1508: e3110003 tst r1, #3 ; 0x3 1404 1508: e3110003 tst r1, #3 ; 0x3
1384 150c: 1a000007 bne 0x1530 1405 150c: 1a000007 bne 0x1530
1385 1510: e2522004 subs r2, r2, #4 ; 0x4 1406 1510: e2522004 subs r2, r2, #4 ; 0x4
1400 154c: e4902004 ldr r2, [r0], #4 1421 154c: e4902004 ldr r2, [r0], #4
1401 1550: e3520000 cmp r2, #0 ; 0x0 1422 1550: e3520000 cmp r2, #0 ; 0x0
1402 1554: 1affffea bne 0x1504 1423 1554: 1affffea bne 0x1504
1403 1558: e1a0f00e mov pc, lr 1424 1558: e1a0f00e mov pc, lr
1404 1425
1405 155c: 008005c0 addeq r0, r0, r0, asr #11 1426 ; literal pool
1406 1560: 00000190 muleq r0, r0, r1 1427 155c: 008005c0 ; low address of the stack - unused duplicate?
1407 1564: 00001694 muleq r0, r4, r6 1428 1560: 00000190 ; size of the stack - ditto
1429 1564: 00001694
1408 1430
1409 1568: e3140001 tst r4, #1 ; 0x1 1431 1568: e3140001 tst r4, #1 ; 0x1
1410 156c: 1a000000 bne 0x1574 1432 156c: 1a000000 bne 0x1574
1411 1570: e12fff14 bx r4 1433 1570: e12fff14 bx r4
1412 1574: e1a0c004 mov r12, r4 1434 1574: e1a0c004 mov r12, r4
1413 1578: e1a0400e mov r4, lr 1435 1578: e1a0400e mov r4, lr
1414 157c: e28fe001 add lr, pc, #1 ; 0x1 1436 157c: e28fe001 add lr, pc, #1 ; 0x1
1415 1580: e12fff1c bx r12 1437 1580: e12fff1c bx r12
1416 1584: 46c04720 strmib r4, [r0], r0, lsr #14 1438 1584: 46c04720 strmib r4, [r0], r0, lsr #14
1439
1417 1588: eafffffe b 0x1588 1440 1588: eafffffe b 0x1588
1441
1418 158c: e92d4010 stmdb sp!, {r4, lr} 1442 158c: e92d4010 stmdb sp!, {r4, lr}
1419 1590: e1a04000 mov r4, r0 1443 1590: e1a04000 mov r4, r0
1420 1594: e1b0c0a4 movs r12, r4, lsr #1 1444 1594: e1b0c0a4 movs r12, r4, lsr #1
1421 1598: 0a000001 beq 0x15a4 1445 1598: 0a000001 beq 0x15a4
1422 159c: e3a00001 mov r0, #1 ; 0x1 1446 159c: e3a00001 mov r0, #1 ; 0x1
1472 1664: e490c004 ldr r12, [r0], #4 1496 1664: e490c004 ldr r12, [r0], #4
1473 1668: e482c004 str r12, [r2], #4 1497 1668: e482c004 str r12, [r2], #4
1474 166c: e2511004 subs r1, r1, #4 ; 0x4 1498 166c: e2511004 subs r1, r1, #4 ; 0x4
1475 1670: 1afffffb bne 0x1664 1499 1670: 1afffffb bne 0x1664
1476 1674: e12fff1e bx lr 1500 1674: e12fff1e bx lr
1501
1502 ; The soft-vector pointers at 0x800000 are initially set to point
1503 ; to the ROM addresses of the following 7 tight-loop branch instructions:
1477 1678: eafffffe b 0x1678 1504 1678: eafffffe b 0x1678
1478 167c: eafffffe b 0x167c 1505 167c: eafffffe b 0x167c
1479 1680: eafffffe b 0x1680 1506 1680: eafffffe b 0x1680
1480 1684: eafffffe b 0x1684 1507 1684: eafffffe b 0x1684
1481 1688: eafffffe b 0x1688 1508 1688: eafffffe b 0x1688
1482 168c: eafffffe b 0x168c 1509 168c: eafffffe b 0x168c
1483 1690: eafffffe b 0x1690 1510 1690: eafffffe b 0x1690
1484 1694: 0000001c andeq r0, r0, r12, lsl r0 1511
1485 1698: 00800000 addeq r0, r0, r0 1512 ; RAM init table for the 0x1500 subroutine
1486 169c: 00001678 andeq r1, r0, r8, ror r6 1513 ; vector init
1487 16a0: 0000167c andeq r1, r0, r12, ror r6 1514 1694: 0000001c
1488 16a4: 00001680 andeq r1, r0, r0, lsl #13 1515 1698: 00800000
1489 16a8: 00001684 andeq r1, r0, r4, lsl #13 1516 169c: 00001678
1490 16ac: 00001688 andeq r1, r0, r8, lsl #13 1517 16a0: 0000167c
1491 16b0: 0000168c andeq r1, r0, r12, lsl #13 1518 16a4: 00001680
1492 16b4: 00001690 muleq r0, r0, r6 1519 16a8: 00001684
1493 16b8: 00000004 andeq r0, r0, r4 1520 16ac: 00001688
1494 16bc: 00800104 addeq r0, r0, r4, lsl #2 1521 16b0: 0000168c
1495 16c0: 0001d4c0 andeq sp, r1, r0, asr #9 1522 16b4: 00001690
1496 16c4: 00000001 andeq r0, r0, r1 1523 ; another record
1497 16c8: 00800108 addeq r0, r0, r8, lsl #2 1524 16b8: 00000004
1498 16cc: 00000001 andeq r0, r0, r1 1525 16bc: 00800104
1499 16d0: 00000001 andeq r0, r0, r1 1526 16c0: 0001d4c0
1500 16d4: 00800534 addeq r0, r0, r4, lsr r5 1527 ; another record
1501 1528 16c4: 00000001
1502 ; The word at 0x16D4 appears to be the last word of the actual boot 1529 16c8: 00800108
1530 16cc: 00000001
1531 ; another record
1532 16d0: 00000001
1533 16d4: 00800534
1534 16d8: 00000000
1535 ; end marker
1536 16dc: 00000000
1537
1538 ; The word at 0x16DC appears to be the last word of the actual boot
1503 ; code + data. Between here and 0x1FCC we've got what looks like 1539 ; code + data. Between here and 0x1FCC we've got what looks like
1504 ; filler: 1540 ; filler:
1505 1541
1506 000016C0: C0 D4 01 00 01 00 00 00 08 01 80 00 01 00 00 00 ................ 1542 000016C0: C0 D4 01 00 01 00 00 00 08 01 80 00 01 00 00 00 ................
1507 000016D0: 01 00 00 00 34 05 80 00 00 00 00 00 00 00 00 00 ....4........... 1543 000016D0: 01 00 00 00 34 05 80 00 00 00 00 00 00 00 00 00 ....4...........