view fluid-mnf/README @ 363:6cff3ee315e0

fluid-mnf/README: work in progress
author Mychaela Falconia <falcon@freecalypso.org>
date Sun, 15 Mar 2020 03:02:13 +0000
parents 1f13f0e43e43
children 37d647dfb920
line wrap: on
line source

In the summer of 2019 we (FreeCalypso) had recovered a copy of TI's original
FLUID package including source, but this TI original FLUID source targets only
Windows, no Unix or Linux support included.  Back in 2007 or earlier Openmoko
had made their own port of FLUID to Linux and we have their Linux/ARM binary,
but the source for that Linux port appears to have been lost.

The present work is an independent (non-Openmoko) port of TI's FLUID to Linux
(can be further ported to other Unixes with some additional work, see below)
made by Mother Mychaela N. Falconia of FreeCalypso, named fluid-mnf in order to
distinguish it from any other Unix/Linux ports of FLUID that may have been made
by unknown other parties.

Purpose and scope
=================

The present fluid-mnf port has been produced as an act of restorative justice,
righting the wrong of Closedmoko not releasing theirs when they made it in 2007
or earlier.  The present fluid-mnf port is NOT intended to replace fc-loadtool,
thus a strict limit was put on the extent of work that was done on fluid-mnf:
just enough to right Moko's wrong, plus the minimum extra work that was needed
in order to satisfy my natural curiosity in the area of FLUID working with TI's
own D-Sample board, but no more.

As a result of these strict limits on the scope of the work, neither this
fluid-mnf nor any other known version of FLUID will work on FCDEV3B boards with
Spansion S71PL129N flash - instead our boards with this flash are supported only
by our own fc-loadtool, not FLUID.  The ONLY Calypso targets that are expected
to be supported by fluid-mnf (same as TI's original FLUID for Windows) are:

* TI's own D-Sample and Leonardo boards;
* A certain non-TI development board nicknamed Caramel which has a Leonardo
  clone as its core but has a D-Sample-like physical form factor;
* Openmoko GTA01 and GTA02 modems.

The present fluid-mnf release has been tested and confirmed to work on the
Mother's D-Sample C05 and Caramel boards, as well as on Openmoko GTA02.  It is
NOT expected to work on most other Calypso devices out in the wild.

What is FLUID
=============

FLUID stands for Flash Loader Utility Independent of Device.  It is not totally
clear to us (FreeCalypso) exactly what the "independent of device" part is
referring to; it can refer to any or all of the following:

* One can run FLUID, often with the exact same command line, against several
  different TI-based GSM device targets, specifically against three different
  DBB chip generations (ancient pre-Calypso chips, our familiar Calypso, and
  Calypso+), using either the boot ROM protocol on Calypso and Calypso+ or
  FLUID's own bootloader (either flash-resident or loaded via JTAG) with its
  own protocol, and FLUID goes out of its way to try to autodetect and
  automagically support all these target chip and boot entry method variations.

* The flash chip type is autodetected and does not need to be manually selected
  by the user.  If multiple variations exist of a given product where the
  factory has populated different flash chips for whatever part availability
  and pricing reasons, but it is otherwise the same product running the same
  firmware, one can use FLUID to flash fw updates without worrying about the
  flash chip type.  Our recent versions of fc-loadtool (since fc-host-tools-r11)
  feature the same quality.

* Whenever someone needs to add support for a new flash chip, this addition is
  done by editing an ASCII text configuration file (devices.txt) that is read
  by FLUID at run time, as opposed to needing to edit the source code and
  recompile the program.  This distinction was significant in the Windows world,
  a culture of software in binary form, but makes absolutely no practical
  difference for our fluid-mnf port for the Unix/Linux culture, a much healthier
  culture where all software is distributed in source code form and where
  compiling from source is a standard part of end user duties.

TI's internal reference platforms on which FLUID was developed and which FLUID
supports as its most native targets are B-Sample through E-Sample:

B-Sample: seems to be Ulysse(s) chipset, very little known
C-Sample: seems to be early Calypso C05 rev A, little known
D-Sample: Calypso C05 rev B or Calypso C035, Iota ABB, Clara RF
E-Sample: Calypso+, apparently existed in both "secure" and "non-secure"
variants

FLUID supports Hercules/Ulysse(s), Calypso and Calypso+ chipsets as follows:

* Hercules and Ulysse(s) predate our familiar Calypso and have no boot ROM.
  The standard supported way to recover from blank or bricked flash was to use
  JTAG: TI's original FLUID package (fluid-2.27.zip) contains an ulyboot.out
  COFF image which you load via JTAG using TI's XDS510 or XDS560 hardware and
  CCS software, then FLUID makes its entry via the protocol provided by this
  bootloader.  Standard firmwares included a flash-resident version of the same
  bootloader; as long as you don't brick sector 0, you can then reload newer fw
  versions without JTAG.

* On our familiar Calypso, both the old way (JTAG for cold loading, flash-
  resident bootloader for warm reloads) and the new way (Calypso boot ROM) are
  supported.  However, the old way (FLUID bootloader) is supported ONLY on
  13 MHz platforms like D-Sample (Clara RF), and is NOT supported on the more
  common Calypso+Iota+Rita platforms with 26 MHz clock input to the Calypso.

* We know very little about Calypso+, but apparently it does not offer a
  sensible boot ROM protocol like plain Calypso does: instead the choices are
  either anti-user-freedom cryptographically restricted boot ("secure" E-Sample
  boards) or no boot ROM at all, going back to brickable flash and needing JTAG
  for cold loading on "non-secure" E-Sample boards.  FLUID (the tool) supports
  the old FLUID bootloader on those "non-secure" E-Sample boards, and that
  Calypso+ version of the JTAG-loadable FLUID bootloader (calpboot.out) includes
  the fix for 26 MHz clock input (E-Sample has Rita RF) - but the plain Calypso
  version (calboot.out) does NOT support 26 MHz platforms.

What we have done in fluid-mnf
==============================

Almost no change in functionality has been made - the objective was to port TI's
tool from Windows to Linux with as little change as possible, changing only
those parts where the Unix/Linux way of life is strictly different from the
Windows way.

The most principal change made in fluid-mnf is the way you specify the serial
port to use to connect to the target.  The command line interface design in TI's
original version was thoroughly tied to the Windows model of numbered COM ports:
there was a -p option to select the serial port by number (defaulting to COM1),
but absolutely no provision to specify the serial port by name.  Examining
Closedmoko's sans-source ARM/Linux fluid.exe version through a combination of
static analysis and running under strace, we see that they did two things:

1) They changed the numbered "COM" port name generation from "COM%d" to
   "/dev/ttySAC%d" - but the command line parser still restricts -p numbers to
   the range of [1,24], thus the correct modem tty port /dev/ttySAC0 still
   cannot be specified in this manner.  The default with no -p option and no
   FLUID_PORT= environment variable is /dev/ttySAC1, which is garbage because
   that port has the GPS receiver connected to it, not the GSM modem.

2) They added a hack whereby if a FLUID_PORT= environment variable is defined,
   its value overrides the sprintf-constructed numbered "COM" port name.
   Setting FLUID_PORT=/dev/ttySAC0 is the only way to select the correct modem
   tty port with their stupid version.

The following approach has been implemented in fluid-mnf, seeking to be both
forward-looking in the Unix/Linux culture way and backward-compatible with OM's
version:

* -p option in fluid-mnf takes a string argument instead of a number, and this
  string argument is the tty port name.

* If no -p option is given, the FLUID_PORT= environment variable is consulted.

* If both -p and FLUID_PORT= are given, the -p option takes precedence.

* If neither -p nor FLUID_PORT= is specified, it is a hard error - there is no
  default tty port.

The present port uses Linux-specific tty ioctl calls instead of generic termios
for serial port control, thus it won't compile or run under any other Unixes
without further porting.  It was done this way because of non-standard baud
rates: FLUID supports Calypso high baud rates of 203125, 406250 and 812500 bps,
as well as D-Sample XXO (eXternal Xtal Oscillator) baud rates of 230400, 460800
and 921600 bps, and because of POSIX stupidity, supporting all of these baud
rates in a Unix application requires non-portable hacks.

All original FLUID code that supports targets other than our familiar Calypso
(namely, Hercules/Ulysse(s) and Calypso+) has been left completely unchanged;
while none of this code exhibited any problems compiling for Linux, it is
completely untested: we have neither the hardware nor any real knowledge of
what it is and how it is supposed to work.  For this reason, Calypso is the
only target platform which we can really vouch for as being supported by
fluid-mnf.  See below regarding what works on D-Sample and what works on the
more common Calypso+Iota+Rita platforms.

Target-side components of FLUID
===============================

Like any other tool performing the same function, FLUID consists of not only
the PC or Unix/Linux application, but also target-side code pieces which are
fed either to the Calypso boot ROM or to FLUID's other bootloader
(flash-resident or loaded via JTAG) and which run on the target during the
flash programming or reading process.  In the case of FLUID, these target-side
components are cmd.m0 and flash "method" drivers (amd.m0, intel.m0 etc),
performing essentially the same function as loadagent.srec does for our own
fc-loadtool.

TI's original FLUID package fluid-2.27.zip contains both the sources for these
components and the deployable *.m0 target binaries.  Openmoko left these *.m0
target components of FLUID completely unchanged in their port, and we are doing
likewise in fluid-mnf: aside from our cmd39.m0 concoction explained further
below, all *.m0 files in the target-bin subdirectory in this fluid-mnf release
are unchanged from TI's original delivery.  I did not even bother with setting
up an environment to recompile them from source with TI's TMS470 toolchain.

Search path for helper files
============================

FLUID needs to find the just-mentioned *.m0 target binaries as well as the
devices.txt file as helper files.  TI's original code looks in the current
directory, and also tries to look in the directory where the fluid.exe binary
is located by extracting the path from argv[0] - but the latter method works
only in the Windows culture, not Unix/Linux.

Openmoko kept this helper file search logic completely unchanged in their
version, and they installed both their fluid.exe binary and the helper files in
/usr/sbin.  But simply running OM's fluid.exe (never mind the non-sensical .exe
suffix on a Linux binary) from whatever current directory relying on the shell's
PATH search does not work: argv[0] will be equal to just "fluid.exe" without
any path, and TI's Windows-minded code unchanged by OM won't ever figure out
that it needs to look in /usr/sbin for the needed helper files.  OM's official
instructions were to cd to /usr/sbin and run fluid.exe from there - unbelievable
bogosity.

The present fluid-mnf port is made more Unix-proper in this regard: we put all
needed helper files in a designated installation directory
(/opt/freecalypso/fluid), and the code has been modified to look there instead
of the usually-null path extracted from argv[0].  The tool still looks in the
current directory first for every file: changes to TI's FLUID code architecture
have been kept to a minimum.

Calypso C05 vs. C035
====================

For all of its claims of device-independence and automagically supporting all
of various targets, TI's original FLUID as we got it in fluid-2.27.zip fails to
correctly support older Calypso boards with early Calypso C05 chips on them.
First Calypso generations (C05 rev A and C05 rev B) have a maximum ARM7 clock
frequency of 39 MHz, while on the later Calypso C035 (found in most mass-
produced phones and modems) this maximum frequency has been lifted to 52 MHz.

In TI's FLUID architecture, the target component 'cmd' (cmd.m0 built from cmd.c)
configures and enables the Calypso DPLL as soon as the host tool tells it that
the active target is Calypso rather than Ulysse(s).  The responsible function
hardware_init_calypso() in target/cmd.c originally had code that configured
this DPLL at 39 MHz - then Calypso C035 came along, and someone at TI merrily
changed that DPLL setup constant from 39 MHz to 52 MHz.  So what happens then
if someone runs TI's FLUID version 2.27 on an older C-Sample, D-Sample or
Leonardo board that has a Calypso C05 chip on it?  Answer: it will produce an
overclocked chip with unknown consequences - I am not willing to try it on our
one and only D-Sample C05 board.

Trying to improve the architecture of FLUID is strictly beyond the scope of what
I set out to do in this fluid-mnf port, instead I just needed a way to safely
run it on our D-Sample C05 board with minimal changes.  So I went for the
minimally-invasive surgical approach:

* cmd39.m0 is a modified version of cmd.m0, produced by copying cmd.m0 and
  manually patching the one offending DPLL setup constant, restoring the older
  39 MHz config.

* fluid-mnf has an added option -oC that causes it to use cmd39.m0 instead of
  regular cmd.m0.

FLUID operating on D-Sample
===========================

For anyone lucky to have an original TI D-Sample board (either C05 or C035),
the way FLUID works on it is really awesome:

* Both boot entry methods work: fluid-mnf -oo goes through the Calypso boot ROM
  (the older boot ROM version present in Calypso C05 is good enough), whereas
  fluid-mnf -oO goes through the other FLUID bootloader, either flash-resident
  or loaded via JTAG.  (I haven't tried the JTAG way, but fluid-mnf -oO works
  on the D-Sample when the flash contains a build of our FC Magnetite
  l1reconst-bl configuration.)  The extra -oC option is needed for D-Sample C05,
  but won't be needed for D-Sample C035, if anyone has one.

* FLUID (both TI's original and our fluid-mnf port) supports Calypso high baud
  rates of 203125, 406250 and 812500 bps: just select the desired baud rate with
  the -b option.  The baud rate switch is effected when the command interpreter
  ('cmd' target code piece) is running on the target, which is itself loaded at
  115200 baud.

* The D-Sample board has an extra 14.745600 MHz crystal oscillator and a special
  circuit (controlled by bits in a register mapped into Calypso nCS3 address
  space) that can switch the Calypso clock input from the regular 13 MHz coming
  from the RF section to this special 14.745600 clock.  Of course no GSM
  functions can work in this state, but feeding this special clock to Calypso
  allows its UARTs to produce "standard" baud rates of 230400, 460800 and 921600
  bps!  This feature is apparently called XXO for eXternal Xtal Oscillator, and
  is supported by FLUID, including our fluid-mnf port: just select the desired
  baud rate with the -b option, and if the target is D-Sample, it will just
  magically work.  (On more "mere mortal" Calypso targets the result will be a
  spectacular failure instead.)

* The D-Sample board also has a block of 16 debug LEDs controlled by another
  register mapped into Calypso nCS3 address space, and FLUID's target-side
  component (which we haven't modified except for the 39 MHz fix) displays
  pretty dancing patterns on these LEDs as it does its work.