FreeCalypso > hg > freecalypso-reveng
view pirelli/flash2-chksum @ 306:ce8a9d77ddd2
dsample-fw-disasm: one more cinit record
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sun, 06 Oct 2019 02:27:52 +0000 |
parents | d69f7512e3c1 |
children |
line wrap: on
line source
Pirelli's flash usage scheme allocates 3 "magic" areas in the flash2 bank: offset 0x480000 thru 0x7DFFFF: staging area for high-level fw updates offset 0x7E0000 thru 0x7EFFFF: fw update control/state structure offset 0x7F0000 thru 0x7FFFFF: factory record with IMEI and RF calibration The image or record stored in each of these "magic" areas ends with the following 12-byte signature and checksum structure: Offset[1] Type[2] Contains xxFFF4 32-bit word 0x12345678 xxFFF8 32-bit word Length of the fw update image or factory or fw update state record xxFFFC 16-bit word Checksum 1 xxFFFE 16-bit word Checksum 2 [1] The offset is from the beginning of the flash partition in question, the xx digits will be 35 in the case of the 0x360000 byte fw update staging area partition or 00 in the case of the two 64 KiB sectors. [2] All 16-bit and 32-bit values are in little-endian byte order. Checksum computation ==================== The checksum is computed in two stages. First all 16-bit words in the main body of the image (using the image length from the xxFFF8 word) are added together as a ripple-carry sum, and this 16-bit sum is written into the 0xFFFC word. Then the 5 16-bit words from xxFFF4 through xxFFFC (inclusive) are added together (again as a ripple-carry sum), and this sum is written into the xxFFFE word. Remember the little-endian byte order throughout! The ../miscprog/pircksum2.c program verifies this checksum computation scheme.