FreeCalypso > hg > freecalypso-reveng
diff compal/boot/c156-boot.disasm @ 399:81cda18b0487
compal: move all bootloader analysis work into boot subdir
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sat, 14 Jan 2023 06:17:56 +0000 |
parents | compal/c156-boot.disasm@5c47d916255e |
children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/compal/boot/c156-boot.disasm Sat Jan 14 06:17:56 2023 +0000 @@ -0,0 +1,543 @@ +RESET entry and exception vectors: + 0: ea000011 b 0x4c + 4: ea008036 b 0x200e4 + 8: ea008036 b 0x200e8 + c: ea008036 b 0x200ec + 10: ea008036 b 0x200f0 + 14: ea008036 b 0x200f4 + 18: ea008036 b 0x200f8 + 1c: ea008036 b 0x200fc + + 20: 02a102a1 + 24: 02a302a1 + 28: 00000040 + 2c: fffffd00 + 30: ffff9800 + 34: fffffb10 + 38: ffffff08 + 3c: 20021081 + 40: 00000800 + 44: 004000c0 + 48: 00000e85 + +; RESET entry point +; same init as in the C139 version + 4c: e51f1028 ldr r1, =0xfffffd00 ; via 0x2c + 50: e1d120b2 ldrh r2, [r1, #2] + 54: e51f0034 ldr r0, =0x40 ; via 0x28 + 58: e1800002 orr r0, r0, r2 + 5c: e1c100b2 strh r0, [r1, #2] +; disable PLL +; diff from C139 version: writing 2002 into FFFF:9800 instead of 2006 +; diff in the BYPASS_DIV field + 60: e51f1038 ldr r1, =0xffff9800 ; via 0x30 + 64: e15f22be ldrh r2, =0x2002 ; via 0x3e + 68: e1c120b0 strh r2, [r1] + 6c: e5912000 ldr r2, [r1] + 70: e2022001 and r2, r2, #1 + 74: e3520001 cmp r2, #1 + 78: 0afffffb beq 0x6c +; FFFF:FD00 write same as C139 + 7c: e51f1058 ldr r1, =0xfffffd00 ; via 0x2c + 80: e15f24bc ldrh r2, =0x1081 ; via 0x3c + 84: e1c120b0 strh r2, [r1] +; disable DU like C139 + 88: e51f105c ldr r1, =0xfffffb10 ; via 0x34 + 8c: e15f25b4 ldrh r2, =0x800 ; via 0x40 + 90: e1d100b0 ldrh r0, [r1] + 94: e1800002 orr r0, r0, r2 + 98: e1c100b0 strh r0, [r1] +; ditto for MPU + 9c: e51f106c ldr r1, =0xffffff08 ; via 0x38 + a0: e15f26b6 ldrh r2, =0x0 ; via 0x42 + a4: e1c120b0 strh r2, [r1] +; Memory timings + a8: e59f1640 ldr r1, =0xfffffb00 ; via 0x6f0 + ac: e15f29b4 ldrh r2, =0x2a1 ; via 0x20 + b0: e1c120b0 strh r2, [r1] + b4: e15f29ba ldrh r2, =0x2a1 ; via 0x22 + b8: e1c120b2 strh r2, [r1, #2] + bc: e15f2ab0 ldrh r2, =0x2a1 ; via 0x24 + c0: e1c120b4 strh r2, [r1, #4] + c4: e15f2ab6 ldrh r2, =0x2a3 ; via 0x26 + c8: e1c120b6 strh r2, [r1, #6] + cc: e15f28bc ldrh r2, =0xe85 ; via 0x48 + d0: e1c120ba strh r2, [r1, #10] ; 0xa + d4: e15f29b8 ldrh r2, =0xc0 ; via 0x44 + d8: e1c120bc strh r2, [r1, #12] ; 0xc + dc: e15f29be ldrh r2, =0x40 ; via 0x46 + e0: e1c120b8 strh r2, [r1, #8] +; enable 8 MiB chip select regions + e4: e59f3630 ldr r3, =0xfffef006 ; via 0x71c + e8: e1d310b0 ldrh r1, [r3] + ec: e3a02008 mov r2, #8 + f0: e1811002 orr r1, r1, r2 + f4: e1c310b0 strh r1, [r3] +; write 0x0110 into FFFE:F00A +; enable I/O(8) and I/O(12) + f8: e59f3604 ldr r3, =0xfffef000 ; via 0x704 + fc: e3a01e11 mov r1, #272 ; 0x110 + 100: e1c310ba strh r1, [r3, #10] ; 0xa +; FFFE:4804: set GPIOs 8 and 12 as outputs + 104: e59f3604 ldr r3, =0xfffe4804 ; via 0x710 + 108: e5931000 ldr r1, [r3] + 10c: e3a030ff mov r3, #255 ; 0xff + 110: e3a02cee mov r2, #60928 ; 0xee00 + 114: e1822003 orr r2, r2, r3 + 118: e0011002 and r1, r1, r2 + 11c: e59f35e4 ldr r3, =0xfffe4800 ; via 0x708 + 120: e1c310b4 strh r1, [r3, #4] +; ARMIO_LATCH_OUT: GPIO 8 set to 0 + 124: e59f35e0 ldr r3, =0xfffe4802 ; via 0x70c + 128: e5931000 ldr r1, [r3] + 12c: e3a030ff mov r3, #255 ; 0xff + 130: e3a02cfe mov r2, #65024 ; 0xfe00 + 134: e1822003 orr r2, r2, r3 + 138: e0011002 and r1, r1, r2 + 13c: e59f35c4 ldr r3, =0xfffe4800 ; via 0x708 + 140: e1c310b2 strh r1, [r3, #2] +; ... and then reset it to 0xF400 + 144: e3a01b3d mov r1, #62464 ; 0xf400 + 148: e59f35b8 ldr r3, =0xfffe4800 ; via 0x708 + 14c: e1c310b2 strh r1, [r3, #2] +; SVC mode, IRQ and FIQ disabled + 150: e10f0000 mrs r0, CPSR + 154: e3c0001f bic r0, r0, #31 ; 0x1f + 158: e3800013 orr r0, r0, #19 ; 0x13 + 15c: e38000c0 orr r0, r0, #192 ; 0xc0 + 160: e129f000 msr CPSR_fc, r0 +; zero all 256 KiB IRAM except last 128 bytes + 164: e3a00502 mov r0, #8388608 ; 0x800000 + 168: e3a02000 mov r2, #0 + 16c: e3a01721 mov r1, #8650752 ; 0x840000 + 170: e2411080 sub r1, r1, #128 ; 0x80 + 174: e4802004 str r2, [r0], #4 + 178: e1500001 cmp r0, r1 + 17c: 1afffffc bne 0x174 +; ditto for 2 MiB XRAM + 180: e3a00401 mov r0, #16777216 ; 0x1000000 + 184: e3a02000 mov r2, #0 + 188: e3a01612 mov r1, #18874368 ; 0x1200000 + 18c: e2411080 sub r1, r1, #128 ; 0x80 + 190: e4802004 str r2, [r0], #4 + 194: e1500001 cmp r0, r1 + 198: 1afffffc bne 0x190 +; MODEM UART + 19c: e59f0550 ldr r0, =0xffff5800 ; via 0x6f4 +; 0 into LCR for IER access + 1a0: e3a01000 mov r1, #0 + 1a4: e5c01003 strb r1, [r0, #3] +; clear IER + 1a8: e3a01000 mov r1, #0 + 1ac: e5c01001 strb r1, [r0, #1] +; BF into LCR + 1b0: e3a010bf mov r1, #191 ; 0xbf + 1b4: e5c01003 strb r1, [r0, #3] +; 0x10 into EFR + 1b8: e3a01010 mov r1, #16 ; 0x10 + 1bc: e5c01002 strb r1, [r0, #2] +; set 115200 baud + 1c0: e59f3534 ldr r3, =0xffff5803 ; via 0x6fc + 1c4: e5931000 ldr r1, [r3] + 1c8: e3811080 orr r1, r1, #128 ; 0x80 + 1cc: e5c31000 strb r1, [r3] + 1d0: e3a01007 mov r1, #7 + 1d4: e5c01000 strb r1, [r0] + 1d8: e3a01000 mov r1, #0 + 1dc: e5c01001 strb r1, [r0, #1] +; LCR will eventually get back to 03 + 1e0: e59f3514 ldr r3, =0xffff5803 ; via 0x6fc + 1e4: e5931000 ldr r1, [r3] + 1e8: e201107f and r1, r1, #127 ; 0x7f + 1ec: e5c31000 strb r1, [r3] + 1f0: e5931000 ldr r1, [r3] + 1f4: e3811003 orr r1, r1, #3 + 1f8: e5c31000 strb r1, [r3] +; 0x40 into MCR: TCR/TLR access + 1fc: e3a01040 mov r1, #64 ; 0x40 + 200: e5c01004 strb r1, [r0, #4] +; TCR=0x0F (same as default) + 204: e3a0100f mov r1, #15 ; 0xf + 208: e5c01006 strb r1, [r0, #6] +; BF into LCR again + 20c: e3a010bf mov r1, #191 ; 0xbf + 210: e5c01003 strb r1, [r0, #3] +; 0x10 into EFR again + 214: e3a01010 mov r1, #16 ; 0x10 + 218: e5c01002 strb r1, [r0, #2] +; finally 03 into LCR + 21c: e3a01003 mov r1, #3 + 220: e5c01003 strb r1, [r0, #3] +; clear SCR (default, all weird stuff disabled) + 224: e3a01000 mov r1, #0 + 228: e5c01010 strb r1, [r0, #16] ; 0x10 +; FCR=06: FIFOs cleared and *disabled* + 22c: e3a01006 mov r1, #6 + 230: e5c01002 strb r1, [r0, #2] +; MCR=0F + 234: e3a0100f mov r1, #15 ; 0xf + 238: e5c01004 strb r1, [r0, #4] +; FCR=F1: enable FIFOs with max trigger levels + 23c: e3a010f1 mov r1, #241 ; 0xf1 + 240: e5c01002 strb r1, [r0, #2] +; MDR1: write 7 for reset, then 0 for UART mode + 244: e3a01007 mov r1, #7 + 248: e5c01008 strb r1, [r0, #8] + 24c: e3a01000 mov r1, #0 + 250: e5c01008 strb r1, [r0, #8] +; IER: enable Rx interrupt + 254: e59f349c ldr r3, =0xffff5801 ; via 0x6f8 + 258: e5931000 ldr r1, [r3] + 25c: e3811001 orr r1, r1, #1 + 260: e5c31000 strb r1, [r3] +; nCS0: WS=3, write enable, DC=1 + 264: e59f1484 ldr r1, =0xfffffb00 ; via 0x6f0 + 268: e59f247c ldr r2, =0x2a3 ; via 0x6ec + 26c: e1c120b0 strh r2, [r1] +; FFFF:FB0E = 0x6A: adapt enabled for RHEA and API, +; all ARM7 cycles visible externally + 270: e59f3488 ldr r3, =0xfffffb00 ; via 0x700 + 274: e3a0106a mov r1, #106 ; 0x6a + 278: e1c310be strh r1, [r3, #14] ; 0xe +; dingle UART FIFOs again, same settings + 27c: e59f0470 ldr r0, =0xffff5800 ; via 0x6f4 + 280: e3a010f7 mov r1, #247 ; 0xf7 + 284: e5c01002 strb r1, [r0, #2] + 288: e3a010f1 mov r1, #241 ; 0xf1 + 28c: e5c01002 strb r1, [r0, #2] +; short delay loop + 290: e3a01f4b mov r1, #300 ; 0x12c + 294: e2411001 sub r1, r1, #1 + 298: e3510000 cmp r1, #0 + 29c: 1afffffc bne 0x294 +; check UART for unsolicited input? + 2a0: e59f044c ldr r0, =0xffff5800 ; via 0x6f4 + 2a4: e3a02064 mov r2, #100 ; 0x64 + 2a8: e3a08801 mov r8, #65536 ; 0x10000 + 2ac: e2488001 sub r8, r8, #1 + 2b0: e3580000 cmp r8, #0 + 2b4: 0a000040 beq 0x3bc + 2b8: e5d01005 ldrb r1, [r0, #5] + 2bc: e2011001 and r1, r1, #1 + 2c0: e3510001 cmp r1, #1 + 2c4: 1afffff8 bne 0x2ac + 2c8: e5d01000 ldrb r1, [r0] +; unsolicited input received +; repeats the whole UART init, but with /2 div for 406250 baud + 2cc: e59f0420 ldr r0, =0xffff5800 ; via 0x6f4 + 2d0: e3a01000 mov r1, #0 + 2d4: e5c01003 strb r1, [r0, #3] + 2d8: e3a01000 mov r1, #0 + 2dc: e5c01001 strb r1, [r0, #1] + 2e0: e3a010bf mov r1, #191 ; 0xbf + 2e4: e5c01003 strb r1, [r0, #3] + 2e8: e3a01010 mov r1, #16 ; 0x10 + 2ec: e5c01002 strb r1, [r0, #2] + 2f0: e59f3404 ldr r3, =0xffff5803 ; via 0x6fc + 2f4: e5931000 ldr r1, [r3] + 2f8: e3811080 orr r1, r1, #128 ; 0x80 + 2fc: e5c31000 strb r1, [r3] + 300: e3a01002 mov r1, #2 + 304: e5c01000 strb r1, [r0] + 308: e3a01000 mov r1, #0 + 30c: e5c01001 strb r1, [r0, #1] + 310: e59f33e4 ldr r3, =0xffff5803 ; via 0x6fc + 314: e5931000 ldr r1, [r3] + 318: e201107f and r1, r1, #127 ; 0x7f + 31c: e5c31000 strb r1, [r3] + 320: e5931000 ldr r1, [r3] + 324: e3811003 orr r1, r1, #3 + 328: e5c31000 strb r1, [r3] + 32c: e3a01040 mov r1, #64 ; 0x40 + 330: e5c01004 strb r1, [r0, #4] + 334: e3a0100f mov r1, #15 ; 0xf + 338: e5c01006 strb r1, [r0, #6] + 33c: e3a010bf mov r1, #191 ; 0xbf + 340: e5c01003 strb r1, [r0, #3] + 344: e3a01010 mov r1, #16 ; 0x10 + 348: e5c01002 strb r1, [r0, #2] + 34c: e3a01003 mov r1, #3 + 350: e5c01003 strb r1, [r0, #3] + 354: e3a01000 mov r1, #0 + 358: e5c01010 strb r1, [r0, #16] ; 0x10 + 35c: e3a01006 mov r1, #6 + 360: e5c01002 strb r1, [r0, #2] + 364: e3a0100f mov r1, #15 ; 0xf + 368: e5c01004 strb r1, [r0, #4] + 36c: e3a010f1 mov r1, #241 ; 0xf1 + 370: e5c01002 strb r1, [r0, #2] + 374: e3a01007 mov r1, #7 + 378: e5c01008 strb r1, [r0, #8] + 37c: e3a01000 mov r1, #0 + 380: e5c01008 strb r1, [r0, #8] + 384: e59f336c ldr r3, =0xffff5801 ; via 0x6f8 + 388: e5931000 ldr r1, [r3] + 38c: e3811001 orr r1, r1, #1 + 390: e5c31000 strb r1, [r3] + 394: e59f0358 ldr r0, =0xffff5800 ; via 0x6f4 + 398: e3a010f7 mov r1, #247 ; 0xf7 + 39c: e5c01002 strb r1, [r0, #2] + 3a0: e3a010f1 mov r1, #241 ; 0xf1 + 3a4: e5c01002 strb r1, [r0, #2] + 3a8: e3a01f4b mov r1, #300 ; 0x12c + 3ac: e2411001 sub r1, r1, #1 + 3b0: e3510000 cmp r1, #0 + 3b4: 1afffffc bne 0x3ac + 3b8: e59f0334 ldr r0, =0xffff5800 ; via 0x6f4 +; normal path continues +; emit 1B F6 02 00 41 01 40 + 3bc: e3a0101b mov r1, #27 ; 0x1b + 3c0: e5c01000 strb r1, [r0] + 3c4: e3a010f6 mov r1, #246 ; 0xf6 + 3c8: e5c01000 strb r1, [r0] + 3cc: e3a01002 mov r1, #2 + 3d0: e5c01000 strb r1, [r0] + 3d4: e3a01000 mov r1, #0 + 3d8: e5c01000 strb r1, [r0] + 3dc: e3a01041 mov r1, #65 ; 0x41 + 3e0: e5c01000 strb r1, [r0] + 3e4: e3a01001 mov r1, #1 + 3e8: e5c01000 strb r1, [r0] + 3ec: e3a01040 mov r1, #64 ; 0x40 + 3f0: e5c01000 strb r1, [r0] +; wait for UART input + 3f4: e3a02064 mov r2, #100 ; 0x64 + 3f8: e3a08701 mov r8, #262144 ; 0x40000 + 3fc: e2488001 sub r8, r8, #1 + 400: e3580000 cmp r8, #0 + 404: 0a0000aa beq 0x6b4 + 408: e5d01005 ldrb r1, [r0, #5] + 40c: e2011001 and r1, r1, #1 + 410: e3510001 cmp r1, #1 + 414: 1afffff8 bne 0x3fc + 418: e5d01000 ldrb r1, [r0] + 41c: e3510000 cmp r1, #0 + 420: 1a000003 bne 0x434 + 424: e2422001 sub r2, r2, #1 + 428: e3520000 cmp r2, #0 + 42c: 0a0000a0 beq 0x6b4 + 430: eafffff1 b 0x3fc + 434: e351001b cmp r1, #27 ; 0x1b + 438: 1affffef bne 0x3fc +; got 1B + 43c: e3a08701 mov r8, #262144 ; 0x40000 + 440: e2488001 sub r8, r8, #1 + 444: e3580000 cmp r8, #0 + 448: 0a000099 beq 0x6b4 + 44c: e5d01005 ldrb r1, [r0, #5] + 450: e2011001 and r1, r1, #1 + 454: e3510001 cmp r1, #1 + 458: 1afffff8 bne 0x440 + 45c: e5d01000 ldrb r1, [r0] + 460: e35100f6 cmp r1, #246 ; 0xf6 + 464: 1a000092 bne 0x6b4 +; got F6 + 468: e3a08801 mov r8, #65536 ; 0x10000 + 46c: e2488001 sub r8, r8, #1 + 470: e3580000 cmp r8, #0 + 474: 0a00008e beq 0x6b4 + 478: e5d01005 ldrb r1, [r0, #5] + 47c: e2011001 and r1, r1, #1 + 480: e3510001 cmp r1, #1 + 484: 1afffff8 bne 0x46c + 488: e5d01000 ldrb r1, [r0] + 48c: e3510002 cmp r1, #2 + 490: 1a000087 bne 0x6b4 +; got 02 + 494: e3a08801 mov r8, #65536 ; 0x10000 + 498: e2488001 sub r8, r8, #1 + 49c: e3580000 cmp r8, #0 + 4a0: 0a000083 beq 0x6b4 + 4a4: e5d01005 ldrb r1, [r0, #5] + 4a8: e2011001 and r1, r1, #1 + 4ac: e3510001 cmp r1, #1 + 4b0: 1afffff8 bne 0x498 + 4b4: e5d01000 ldrb r1, [r0] + 4b8: e3510000 cmp r1, #0 + 4bc: 1a00007c bne 0x6b4 +; got 00 + 4c0: e3a08801 mov r8, #65536 ; 0x10000 + 4c4: e2488001 sub r8, r8, #1 + 4c8: e3580000 cmp r8, #0 + 4cc: 0a000078 beq 0x6b4 + 4d0: e5d01005 ldrb r1, [r0, #5] + 4d4: e2011001 and r1, r1, #1 + 4d8: e3510001 cmp r1, #1 + 4dc: 1afffff8 bne 0x4c4 + 4e0: e5d01000 ldrb r1, [r0] + 4e4: e3510052 cmp r1, #82 ; 0x52 + 4e8: 1a000071 bne 0x6b4 +; got 52 + 4ec: e3a08801 mov r8, #65536 ; 0x10000 + 4f0: e2488001 sub r8, r8, #1 + 4f4: e3580000 cmp r8, #0 + 4f8: 0a00006d beq 0x6b4 + 4fc: e5d01005 ldrb r1, [r0, #5] + 500: e2011001 and r1, r1, #1 + 504: e3510001 cmp r1, #1 + 508: 1afffff8 bne 0x4f0 + 50c: e5d01000 ldrb r1, [r0] + 510: e3510001 cmp r1, #1 + 514: 1a000066 bne 0x6b4 +; got 01 + 518: e3a08801 mov r8, #65536 ; 0x10000 + 51c: e2488001 sub r8, r8, #1 + 520: e3580000 cmp r8, #0 + 524: 0a000062 beq 0x6b4 + 528: e5d01005 ldrb r1, [r0, #5] + 52c: e2011001 and r1, r1, #1 + 530: e3510001 cmp r1, #1 + 534: 1afffff8 bne 0x51c + 538: e59f01b4 ldr r0, =0xffff5800 ; via 0x6f4 + 53c: e5d01000 ldrb r1, [r0] +; emit 1B F6 02 00 41 02 43 before checking the last Rx char! + 540: e3a0201b mov r2, #27 ; 0x1b + 544: e5c02000 strb r2, [r0] + 548: e3a020f6 mov r2, #246 ; 0xf6 + 54c: e5c02000 strb r2, [r0] + 550: e3a02002 mov r2, #2 + 554: e5c02000 strb r2, [r0] + 558: e3a02000 mov r2, #0 + 55c: e5c02000 strb r2, [r0] + 560: e3a02041 mov r2, #65 ; 0x41 + 564: e5c02000 strb r2, [r0] + 568: e3a02002 mov r2, #2 + 56c: e5c02000 strb r2, [r0] + 570: e3a02043 mov r2, #67 ; 0x43 + 574: e5c02000 strb r2, [r0] +; now check for 53 +; if not 53, go back to wait for 01-53 + 578: e3510053 cmp r1, #83 ; 0x53 + 57c: 0a000000 beq 0x584 + 580: eaffffda b 0x4f0 +; got 53 + 584: e3a02000 mov r2, #0 + 588: e59f3190 ldr r3, =0x800100 ; via 0x720 + 58c: e3a04000 mov r4, #0 + 590: e3a05001 mov r5, #1 +; endless wait for Rx byte + 594: e5d01005 ldrb r1, [r0, #5] + 598: e2011001 and r1, r1, #1 + 59c: e3510001 cmp r1, #1 + 5a0: 1afffffb bne 0x594 + 5a4: e5d01000 ldrb r1, [r0] +; state machine dispatch + 5a8: e3520000 cmp r2, #0 + 5ac: 0a000008 beq 0x5d4 + 5b0: e3520001 cmp r2, #1 + 5b4: 0a00000b beq 0x5e8 + 5b8: e3520002 cmp r2, #2 + 5bc: 0a00000d beq 0x5f8 + 5c0: e3520003 cmp r2, #3 + 5c4: 0a00000f beq 0x608 + 5c8: e3520004 cmp r2, #4 + 5cc: 0a000015 beq 0x628 + 5d0: ea000037 b 0x6b4 +; R2=0: must receive 02 first + 5d4: e3510002 cmp r1, #2 + 5d8: 1affffed bne 0x594 + 5dc: e1a06001 mov r6, r1 + 5e0: e2822001 add r2, r2, #1 + 5e4: eaffffea b 0x594 +; R2=1: got MSB of length + 5e8: e1a04401 mov r4, r1, lsl #8 + 5ec: e0266001 eor r6, r6, r1 + 5f0: e2822001 add r2, r2, #1 + 5f4: eaffffe6 b 0x594 +; R2=2: got LSB of length + 5f8: e0844001 add r4, r4, r1 + 5fc: e0266001 eor r6, r6, r1 + 600: e2822001 add r2, r2, #1 + 604: eaffffe2 b 0x594 +; R2=3: payload + 608: e5c31000 strb r1, [r3] + 60c: e0266001 eor r6, r6, r1 + 610: e2833001 add r3, r3, #1 + 614: e2444001 sub r4, r4, #1 + 618: e3540000 cmp r4, #0 + 61c: 1affffdc bne 0x594 + 620: e2822001 add r2, r2, #1 + 624: eaffffda b 0x594 +; R2=4: checksum expected + 628: e1560001 cmp r6, r1 + 62c: 1a000012 bne 0x67c +; checksum good +; emit 1B F6 02 00 41 03 42 + 630: e3a0101b mov r1, #27 ; 0x1b + 634: e5c01000 strb r1, [r0] + 638: e3a010f6 mov r1, #246 ; 0xf6 + 63c: e5c01000 strb r1, [r0] + 640: e3a01002 mov r1, #2 + 644: e5c01000 strb r1, [r0] + 648: e3a01000 mov r1, #0 + 64c: e5c01000 strb r1, [r0] + 650: e3a01041 mov r1, #65 ; 0x41 + 654: e5c01000 strb r1, [r0] + 658: e3a01003 mov r1, #3 + 65c: e5c01000 strb r1, [r0] + 660: e3a01042 mov r1, #66 ; 0x42 + 664: e5c01000 strb r1, [r0] +; SP=0x803FFC + 668: e59f00b4 ldr r0, =0x803ffc ; via 0x724 + 66c: e1a0d000 mov sp, r0 +; jump to 0x800100 in Thumb state + 670: e59f00a8 ldr r0, =0x800100 ; via 0x720 + 674: e280e001 add lr, r0, #1 + 678: e12fff1e bx lr +; checksum mismatch +; emit 1B F6 02 00 45 53 16 + 67c: e3a0101b mov r1, #27 ; 0x1b + 680: e5c01000 strb r1, [r0] + 684: e3a010f6 mov r1, #246 ; 0xf6 + 688: e5c01000 strb r1, [r0] + 68c: e3a01002 mov r1, #2 + 690: e5c01000 strb r1, [r0] + 694: e3a01000 mov r1, #0 + 698: e5c01000 strb r1, [r0] + 69c: e3a01045 mov r1, #69 ; 0x45 + 6a0: e5c01000 strb r1, [r0] + 6a4: e3a01053 mov r1, #83 ; 0x53 + 6a8: e5c01000 strb r1, [r0] + 6ac: e3a01016 mov r1, #22 ; 0x16 + 6b0: e5c01000 strb r1, [r0] +; bail out path +; ARMIO_LATCH_OUT: set GPIO 9 low + 6b4: e59f3050 ldr r3, =0xfffe4802 ; via 0x70c + 6b8: e5931000 ldr r1, [r3] + 6bc: e3a030ff mov r3, #255 ; 0xff + 6c0: e3a02cfd mov r2, #64768 ; 0xfd00 + 6c4: e1822003 orr r2, r2, r3 + 6c8: e0011002 and r1, r1, r2 + 6cc: e59f3034 ldr r3, =0xfffe4800 ; via 0x708 + 6d0: e1c310b2 strh r1, [r3, #2] +; switch GPIO12 back to input + 6d4: e59f3034 ldr r3, =0xfffe4804 ; via 0x710 + 6d8: e5931000 ldr r1, [r3] + 6dc: e3811a01 orr r1, r1, #4096 ; 0x1000 + 6e0: e59f3020 ldr r3, =0xfffe4800 ; via 0x708 + 6e4: e1c310b4 strh r1, [r3, #4] + 6e8: ea007e7c b 0x200e0 + + 6ec: 000002a3 + 6f0: fffffb00 + 6f4: ffff5800 + 6f8: ffff5801 + 6fc: ffff5803 + 700: fffffb00 + 704: fffef000 + 708: fffe4800 + 70c: fffe4802 + 710: fffe4804 + 714: fffe480c + 718: fffe480a + 71c: fffef006 + 720: 00800100 + 724: 00803ffc + +<728-7FF: all FFs> + +00000800: 42 4F 4F 54 2E 39 30 2E 30 35 00 00 00 00 00 00 BOOT.90.05...... +00000810: 31 30 30 33 01 02 00 00 FF FF FF FF FF FF FF FF 1003............ +00000820: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ + +blank flash from here onward, until the main fw image starts at 0x20000