view frbl/README @ 388:b99663e66660

pirelli/chg-circuit: traced the current path to the battery
author Mychaela Falconia <falcon@freecalypso.org>
date Wed, 23 Mar 2022 21:55:57 +0000
parents 814d3f24bed6
children
line wrap: on
line source

TI's TCS211 firmware and its predecessors contain a flash-resident bootloader
stage which we call FRBL.  This FRBL implements not one but two different
protocols for interrupting the normal fw boot process, downloading a code image
into RAM and jumping to it; we call these two protocols FRBL1 and FRBL2.  The
reasons for this oddity are historical: the original FRBL (TI GSM bootloader or
TI GSM monitor or whatever it was called officially) consisted of cmdboot.c,
command.c, convert.c, optboot.c, serial.c and start.c source modules and
implemented the protocol we call FRBL1, then came MMJ and other TIDK people
with their new FLUID idea, they decided on a different protocol which we call
FRBL2, and they jerry-rigged their new FLUID bootloader into the firmware's
FRBL code.

The original source for FRBL1 C modules appears to have been lost (it is not
present in what we presume to be the world's last surviving copy of TCS211 from
OM), all we have are COFF objects from TI-OM's 20070608 build.  The reconst
subdirectory contains our reconstruction attempt; this reconstruction is of
poor quality because these particular COFF objects have only minimal symbolic
information required for linking, as opposed to the much richer -g kind we got
for L1 and GPF.

The test subdirectory is intended to contain our frbl1test and frbl2test
programs; only frbl2test has been written so far.  frbl2test implements the
host downloader side of the protocol we call FRBL2 in the same way how FLUID
(the PC-side application) implements it, allowing tests at both 115200 and
230400 baud as explained below.  You need to provide a FreeCalypso-style (not
TI-style) S-record image to be fed to the target bootloader; helloapp from
freecalypso-tools/target-utils works ideally for this purpose.  Because this
boot path does not go through the Calypso boot ROM, you will need to manually
select helloapp-irda.srec or helloapp-modem.srec, matching the Calypso UART you
are going through.  frbl1test will work the same way if I ever get around to
writing it.

230400 baud bogosity
====================

Aside from implementing two different serial protocols, TI's FRBL as featured
in their Calypso firmwares has one other major quirk: both FRBL1 and FRBL2 were
implemented on 13 MHz platforms (the original purpose was to facilitate fw
loading on TI's earlier DBB chips before Calypso that didn't have the boot ROM
which we are so used to), on TI's D-Sample board (Calypso chip, 13 MHz CLKTCXO
input) both the old way (fluid -oO via FRBL or via JTAG) and the new way
(fluid -oo via the boot ROM) work well, but FRBL was never updated for 26 MHz
platforms, thus on all practical Calypso platforms (Leonardo derivatives) one
must use the boot ROM, not FRBL.

TI's TCS211 builds for Leonardo and all vendor firmwares (Openmoko etc) derived
from this reference do include FRBL which was never updated for 26 MHz CLKTCXO
input on these platforms.  The result is that FRBL will only work if you talk
to it at 230400 baud instead of TI's intended 115200 baud.  TI's official
version of FLUID does not support FRBL entry at 230400 baud and such operation
was clearly never intended or officially supported - instead the officially
supported way for Leonardo and Leonardo-based customer designs was to use
fluid -oo mode, which works through the boot ROM just like fc-loadtool.

There is, however, an inexplicable mystery in that Openmoko seem to have used
fluid -oO mode somehow (at least with their version of FLUID that may have
unknown changes relative to TI's original) even though it should have never
worked at all.  See this FreeCalypso community mailing list thread:

https://www.freecalypso.org/pipermail/community/2020-March/000743.html