FreeCalypso > hg > freecalypso-reveng

changeset 5:9db4dcf94128

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
boot ROM re: making inroads into the flash image validity criteria
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Tue, 16 Apr 2013 06:23:14 +0000
parents a821df9c4457
children 8c2621b2ed37
files bootrom.disasm
diffstat 1 files changed, 31 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/bootrom.disasm	Tue Apr 16 05:36:59 2013 +0000
+++ b/bootrom.disasm	Tue Apr 16 06:23:14 2013 +0000
@@ -1165,18 +1165,35 @@
     116c:	e35c0000 	cmp	r12, #0	; 0x0
     1170:	1affffe0 	bne	0x10f8
     1174:	eaffffed 	b	0x1130
+
+; This function takes a few peeks at the external boot memory on nCS0.
+; It appears that the intent is to return 1 if a valid image is present
+; in the external flash, or 0 otherwise.
+;
+; The first check is the 32-bit word at 0x2000.  If that word equals 0,
+; the function returns 1.  Otherwise, that word is expected to equal 1:
+; if it doesn't, the function returns 0.
+;
+; If the word at 2000 is 00000001 (like it is on Closedmoko phones,
+; for example), the IRQ vector in the flash image (where the ARM core
+; would vector if the Calypso register were flipped to put nCS0 at 0x0)
+; is checked.  If the vector location contains an unconditional branch
+; instruction (0xEAxxxxxx) and the 32-bit instruction word at the target
+; of that branch is something other than 0xFFFFFFFF, the function
+; returns 1; otherwise it returns 0.
+
     1178:	e3a0ca02 	mov	r12, #8192	; 0x2000
     117c:	e59cc000 	ldr	r12, [r12]
     1180:	e35c0000 	cmp	r12, #0	; 0x0
-    1184:	0a000011 	beq	0x11d0
+    1184:	0a000011 	beq	0x11d0	; return 1
     1188:	e35c0001 	cmp	r12, #1	; 0x1
-    118c:	1a00000d 	bne	0x11c8
+    118c:	1a00000d 	bne	0x11c8	; return 0
     1190:	e3a0c018 	mov	r12, #24	; 0x18
     1194:	e28cc403 	add	r12, r12, #50331648	; 0x3000000
     1198:	e59cc000 	ldr	r12, [r12]
     119c:	e20c04ff 	and	r0, r12, #-16777216	; 0xff000000
     11a0:	e3700416 	cmn	r0, #369098752	; 0x16000000
-    11a4:	1a000007 	bne	0x11c8
+    11a4:	1a000007 	bne	0x11c8	; return 0
     11a8:	e3a00018 	mov	r0, #24	; 0x18
     11ac:	e2800403 	add	r0, r0, #50331648	; 0x3000000
     11b0:	e28cc002 	add	r12, r12, #2	; 0x2
@@ -1184,7 +1201,7 @@
     11b8:	e3ccc4ff 	bic	r12, r12, #-16777216	; 0xff000000
     11bc:	e790c00c 	ldr	r12, [r0, r12]
     11c0:	e37c0001 	cmn	r12, #1	; 0x1
-    11c4:	1a000001 	bne	0x11d0
+    11c4:	1a000001 	bne	0x11d0	; return 1
     11c8:	e3a00000 	mov	r0, #0	; 0x0
     11cc:	e1a0f00e 	mov	pc, lr
     11d0:	e3a00001 	mov	r0, #1	; 0x1
@@ -1203,19 +1220,26 @@
     11f4:	e3a03002 	mov	r3, #2	; 0x2
     11f8:	ebffff0b 	bl	0xe2c
     11fc:	eb00004f 	bl	0x1340	; init UARTs
-    1200:	e59f00f4 	ldr	r0, [pc, #244]	; 0x12fc
+; write 0x1D4C0 into 800104 - even though it was already done by the
+; bulk RAM init routine at 0x1500
+    1200:	e59f00f4 	ldr	r0, =0x800104	; via 0x12fc
     1204:	e3a0c802 	mov	r12, #131072	; 0x20000
     1208:	e24ccdad 	sub	r12, r12, #11072	; 0x2b40
     120c:	e580c000 	str	r12, [r0]
-    1210:	e59f60d8 	ldr	r6, [pc, #216]	; 0x12f0
+; set bit 6 in FFFF:FD02 (set VCLKOUT-FR to /2)
+    1210:	e59f60d8 	ldr	r6, =0xFFFFFD02	; via 0x12f0
     1214:	e1d6c0b0 	ldrh	r12, [r6]
     1218:	e38cc040 	orr	r12, r12, #64	; 0x40
     121c:	e1c6c0b0 	strh	r12, [r6]
-    1220:	ebffffd4 	bl	0x1178
+; Check for a valid image in flash.  If there doesn't seem to be one,
+; call the 0x1090 routine.  The latter seems to never return, so it is
+; probably the endless wait for UART download function.
+    1220:	ebffffd4 	bl	0x1178	; check for valid img in flash
     1224:	e3500000 	cmp	r0, #0	; 0x0
     1228:	1a000001 	bne	0x1234
     122c:	e3a00000 	mov	r0, #0	; 0x0
     1230:	ebffff96 	bl	0x1090
+; A valid image is present.
     1234:	e1d6c0b0 	ldrh	r12, [r6]
     1238:	e38cc040 	orr	r12, r12, #64	; 0x40
     123c:	e1c6c0b0 	strh	r12, [r6]