FreeCalypso > hg > freecalypso-reveng
changeset 5:9db4dcf94128
boot ROM re: making inroads into the flash image validity criteria
author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
---|---|
date | Tue, 16 Apr 2013 06:23:14 +0000 |
parents | a821df9c4457 |
children | 8c2621b2ed37 |
files | bootrom.disasm |
diffstat | 1 files changed, 31 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/bootrom.disasm Tue Apr 16 05:36:59 2013 +0000 +++ b/bootrom.disasm Tue Apr 16 06:23:14 2013 +0000 @@ -1165,18 +1165,35 @@ 116c: e35c0000 cmp r12, #0 ; 0x0 1170: 1affffe0 bne 0x10f8 1174: eaffffed b 0x1130 + +; This function takes a few peeks at the external boot memory on nCS0. +; It appears that the intent is to return 1 if a valid image is present +; in the external flash, or 0 otherwise. +; +; The first check is the 32-bit word at 0x2000. If that word equals 0, +; the function returns 1. Otherwise, that word is expected to equal 1: +; if it doesn't, the function returns 0. +; +; If the word at 2000 is 00000001 (like it is on Closedmoko phones, +; for example), the IRQ vector in the flash image (where the ARM core +; would vector if the Calypso register were flipped to put nCS0 at 0x0) +; is checked. If the vector location contains an unconditional branch +; instruction (0xEAxxxxxx) and the 32-bit instruction word at the target +; of that branch is something other than 0xFFFFFFFF, the function +; returns 1; otherwise it returns 0. + 1178: e3a0ca02 mov r12, #8192 ; 0x2000 117c: e59cc000 ldr r12, [r12] 1180: e35c0000 cmp r12, #0 ; 0x0 - 1184: 0a000011 beq 0x11d0 + 1184: 0a000011 beq 0x11d0 ; return 1 1188: e35c0001 cmp r12, #1 ; 0x1 - 118c: 1a00000d bne 0x11c8 + 118c: 1a00000d bne 0x11c8 ; return 0 1190: e3a0c018 mov r12, #24 ; 0x18 1194: e28cc403 add r12, r12, #50331648 ; 0x3000000 1198: e59cc000 ldr r12, [r12] 119c: e20c04ff and r0, r12, #-16777216 ; 0xff000000 11a0: e3700416 cmn r0, #369098752 ; 0x16000000 - 11a4: 1a000007 bne 0x11c8 + 11a4: 1a000007 bne 0x11c8 ; return 0 11a8: e3a00018 mov r0, #24 ; 0x18 11ac: e2800403 add r0, r0, #50331648 ; 0x3000000 11b0: e28cc002 add r12, r12, #2 ; 0x2 @@ -1184,7 +1201,7 @@ 11b8: e3ccc4ff bic r12, r12, #-16777216 ; 0xff000000 11bc: e790c00c ldr r12, [r0, r12] 11c0: e37c0001 cmn r12, #1 ; 0x1 - 11c4: 1a000001 bne 0x11d0 + 11c4: 1a000001 bne 0x11d0 ; return 1 11c8: e3a00000 mov r0, #0 ; 0x0 11cc: e1a0f00e mov pc, lr 11d0: e3a00001 mov r0, #1 ; 0x1 @@ -1203,19 +1220,26 @@ 11f4: e3a03002 mov r3, #2 ; 0x2 11f8: ebffff0b bl 0xe2c 11fc: eb00004f bl 0x1340 ; init UARTs - 1200: e59f00f4 ldr r0, [pc, #244] ; 0x12fc +; write 0x1D4C0 into 800104 - even though it was already done by the +; bulk RAM init routine at 0x1500 + 1200: e59f00f4 ldr r0, =0x800104 ; via 0x12fc 1204: e3a0c802 mov r12, #131072 ; 0x20000 1208: e24ccdad sub r12, r12, #11072 ; 0x2b40 120c: e580c000 str r12, [r0] - 1210: e59f60d8 ldr r6, [pc, #216] ; 0x12f0 +; set bit 6 in FFFF:FD02 (set VCLKOUT-FR to /2) + 1210: e59f60d8 ldr r6, =0xFFFFFD02 ; via 0x12f0 1214: e1d6c0b0 ldrh r12, [r6] 1218: e38cc040 orr r12, r12, #64 ; 0x40 121c: e1c6c0b0 strh r12, [r6] - 1220: ebffffd4 bl 0x1178 +; Check for a valid image in flash. If there doesn't seem to be one, +; call the 0x1090 routine. The latter seems to never return, so it is +; probably the endless wait for UART download function. + 1220: ebffffd4 bl 0x1178 ; check for valid img in flash 1224: e3500000 cmp r0, #0 ; 0x0 1228: 1a000001 bne 0x1234 122c: e3a00000 mov r0, #0 ; 0x0 1230: ebffff96 bl 0x1090 +; A valid image is present. 1234: e1d6c0b0 ldrh r12, [r6] 1238: e38cc040 orr r12, r12, #64 ; 0x40 123c: e1c6c0b0 strh r12, [r6]