FreeCalypso > hg > freecalypso-reveng
comparison frbl/README @ 336:9805020b6834
frbl/README added
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Sat, 07 Mar 2020 06:54:17 +0000 |
| parents | |
| children | 814d3f24bed6 |
comparison
equal
deleted
inserted
replaced
| 335:10d62a3bfeec | 336:9805020b6834 |
|---|---|
| 1 TI's TCS211 firmware and its predecessors contain a flash-resident bootloader | |
| 2 stage which we call FRBL. This FRBL implements not one but two different | |
| 3 protocols for interrupting the normal fw boot process, downloading a code image | |
| 4 into RAM and jumping to it; we call these two protocols FRBL1 and FRBL2. The | |
| 5 reasons for this oddity are historical: the original FRBL (TI GSM bootloader or | |
| 6 TI GSM monitor or whatever it was called officially) consisted of cmdboot.c, | |
| 7 command.c, convert.c, optboot.c, serial.c and start.c source modules and | |
| 8 implemented the protocol we call FRBL1, then came MMJ and other TIDK people | |
| 9 with their new FLUID idea, they decided on a different protocol which we call | |
| 10 FRBL2, and they jerry-rigged their new FLUID bootloader into the firmware's | |
| 11 FRBL code. | |
| 12 | |
| 13 The original source for FRBL1 C modules appears to have been lost (it is not | |
| 14 present in what we presume to be the world's last surviving copy of TCS211 from | |
| 15 OM), all we have are COFF objects from TI-OM's 20070608 build. The reconst | |
| 16 subdirectory contains our reconstruction attempt; this reconstruction is of | |
| 17 poor quality because these particular COFF objects have only minimal symbolic | |
| 18 information required for linking, as opposed to the much richer -g kind we got | |
| 19 for L1 and GPF. | |
| 20 | |
| 21 The test subdirectory is intended to contain our frbl1test and frbl2test | |
| 22 programs; only frbl2test has been written so far. | |
| 23 | |
| 24 Aside from implementing two different serial protocols, TI's FRBL as featured | |
| 25 in their Calypso firmwares has one other major quirk: both FRBL1 and FRBL2 were | |
| 26 implemented on 13 MHz platforms (the original purpose was to facilitate fw | |
| 27 loading on TI's earlier DBB chips before Calypso that didn't have the boot ROM | |
| 28 which we are so used to), on TI's D-Sample board (Calypso chip, 13 MHz CLKTCXO | |
| 29 input) both the old way (fluid -oO via FRBL or via JTAG) and the new way | |
| 30 (fluid -oo via the boot ROM) work well, but FRBL was never updated for 26 MHz | |
| 31 platforms, thus on all practical Calypso platforms (Leonardo derivatives) one | |
| 32 must use the boot ROM, not FRBL. | |
| 33 | |
| 34 TI's TCS211 builds for Leonardo and all vendor firmwares (Openmoko etc) derived | |
| 35 from this reference do include FRBL which was never updated for 26 MHz CLKTCXO | |
| 36 input on these platforms. The result is that FRBL will only work if you talk | |
| 37 to it at 230400 baud instead of TI's intended 115200 baud. TI's official | |
| 38 version of FLUID does not support FRBL entry at 230400 baud and such operation | |
| 39 was clearly never intended or officially supported - instead the officially | |
| 40 supported way for Leonardo and Leonardo-based customer designs was to use | |
| 41 fluid -oo mode, which works through the boot ROM just like fc-loadtool. | |
| 42 However, there is a possibility that Openmoko may have tried to turn this FRBL | |
| 43 bug into a feature - we are still investigating. |