FreeCalypso > hg > freecalypso-reveng

changeset 11:a51729642295

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
boot ROM re: got to the 0x1090 routine
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Sun, 21 Apr 2013 21:48:50 +0000
parents b0f7481efc8b
children 25b016d16602
files bootrom.disasm
diffstat 1 files changed, 33 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/bootrom.disasm	Sat Apr 20 00:56:45 2013 +0000
+++ b/bootrom.disasm	Sun Apr 21 21:48:50 2013 +0000
@@ -1020,6 +1020,11 @@
 ; The routine at 0xef4 gets called from main() after a '<' character
 ; has been received and autoboot thereby interrupted in the
 ; autoboot-enabled flash state.
+;
+; Called with:
+;   R0 = the byte from 800524
+;   R1 = 1 (value for the PLL_DIV field)
+;   R2 = 2 (value for the PLL_MULT field)
 
      ef4:	e92d4070 	stmdb	sp!, {r4, r5, r6, lr}
      ef8:	e59fc3e4 	ldr	r12, =0xFFFFF900	; via 0x12e4
@@ -1035,40 +1040,56 @@
      f14:	e59f63c0 	ldr	r6, =0xFFFF9800	; via 0x12dc
      f18:	e59fc3c0 	ldr	r12, =0x2002	; via 0x12e0
      f1c:	e1c6c0b0 	strh	r12, [r6]
+; the following 2 instructions would cause this code to hang
+; in a tight loop if the least significant bit of the above constant (0x2002)
+; were 1 - but it is 0...
      f20:	e1b05f8c 	movs	r5, r12, lsl #31
      f24:	1afffffd 	bne	0xf20
+; now write the same thing into FFFF:9800, but with the PLL_DIV and
+; PLL_MULT values from the function arguments ORed in
      f28:	e181c102 	orr	r12, r1, r2, lsl #2
      f2c:	e1a0c28c 	mov	r12, r12, lsl #5
      f30:	e38cc002 	orr	r12, r12, #2	; 0x2
      f34:	e38cca02 	orr	r12, r12, #8192	; 0x2000
      f38:	e1c6c0b0 	strh	r12, [r6]
+; now look if we are fed with 13 or 26 MHz
      f3c:	e3500001 	cmp	r0, #1	; 0x1
      f40:	0a000009 	beq	0xf6c
      f44:	e3500000 	cmp	r0, #0	; 0x0
      f48:	1a000006 	bne	0xf68
+; 0 in R0, meaning 26 MHz in - set bit 6 in FFFF:FD02, selecting /2
      f4c:	e1d3c0b2 	ldrh	r12, [r3, #2]
      f50:	e38cc040 	orr	r12, r12, #64	; 0x40
      f54:	e1c3c0b2 	strh	r12, [r3, #2]
+; write 10A1 into FFFF:FD00, setting ARM clock to DPLL_CLKOUT/2
      f58:	e3a0c0a1 	mov	r12, #161	; 0xa1
      f5c:	e28cca01 	add	r12, r12, #4096	; 0x1000
      f60:	e1c3c0b0 	strh	r12, [r3]
      f64:	ea000008 	b	0xf8c
      f68:	eafffffe 	b	0xf68
+; 1 in R0, meaning 13 MHz in - clear bit 6 in FFFF:FD02, selecting /1
      f6c:	e1d3c0b2 	ldrh	r12, [r3, #2]
      f70:	e20c00bf 	and	r0, r12, #191	; 0xbf
      f74:	e20cccff 	and	r12, r12, #65280	; 0xff00
      f78:	e180c00c 	orr	r12, r0, r12
      f7c:	e1c3c0b2 	strh	r12, [r3, #2]
+; write 1081 into FFFF:FD00, setting ARM clock to DPLL_CLKOUT/1
      f80:	e3a0c081 	mov	r12, #129	; 0x81
      f84:	e28cca01 	add	r12, r12, #4096	; 0x1000
      f88:	e1c3c0b0 	strh	r12, [r3]
+; the two branches rejoin
+; set bit 4 in FFFF:9800 - enable PLL
      f8c:	e1d6c0b0 	ldrh	r12, [r6]
      f90:	e38cc010 	orr	r12, r12, #16	; 0x10
      f94:	e1a0c80c 	mov	r12, r12, lsl #16
      f98:	e1a0c82c 	mov	r12, r12, lsr #16
      f9c:	e1c6c0b0 	strh	r12, [r6]
+; the following 2 instructions would cause a dead hang if
+; bit 0 were already set in FFFF:9800, i.e., if the PLL were
+; already locked
      fa0:	e1b00f8c 	movs	r0, r12, lsl #31
      fa4:	1afffffd 	bne	0xfa0
+; restore saved value of FFFF:F900
      fa8:	e3a0cb01 	mov	r12, #1024	; 0x400
      fac:	e10340bc 	strh	r4, [r3, -r12]
      fb0:	e8bd8070 	ldmia	sp!, {r4, r5, r6, pc}
@@ -1160,16 +1181,23 @@
     1088:	e3a00001 	mov	r0, #1	; 0x1
     108c:	e12fff1e 	bx	lr
 
+; 0x1090 - the main routine for the UART download mode.  Called with R0=0
+; if there is no valid image in flash, or with R0=1 if a valid image is
+; present, but the autoboot was interrupted by '<' coming in on a UART.
+
     1090:	e92d4070 	stmdb	sp!, {r4, r5, r6, lr}
     1094:	e24dd00c 	sub	sp, sp, #12	; 0xc
     1098:	e1a05000 	mov	r5, r0
-    109c:	e59f4250 	ldr	r4, [pc, #592]	; 0x12f4
-    10a0:	e2846008 	add	r6, r4, #8	; 0x8
+    109c:	e59f4250 	ldr	r4, =0x800518	; via 0x12f4
+    10a0:	e2846008 	add	r6, r4, #8	; R6=0x800520
     10a4:	e3a0c000 	mov	r12, #0	; 0x0
     10a8:	e5cdc008 	strb	r12, [sp, #8]
+; If the argument was 0, meaning that no valid image was found in the
+; flash and no wait for '<' was done, that logic is repeated here,
+; exactly as in main() when the flash does contain a bootable image.
     10ac:	e3550000 	cmp	r5, #0	; 0x0
     10b0:	1a000009 	bne	0x10dc
-    10b4:	e59f123c 	ldr	r1, [pc, #572]	; 0x12f8
+    10b4:	e59f123c 	ldr	r1, =0x800524	; via 0x12f8
     10b8:	e1a00006 	mov	r0, r6
     10bc:	ebffffbc 	bl	0xfb4
     10c0:	e3500001 	cmp	r0, #1	; 0x1
@@ -1181,6 +1209,7 @@
     10d8:	ea000001 	b	0x10e4
     10dc:	e3550001 	cmp	r5, #1	; 0x1
     10e0:	1afffff1 	bne	0x10ac
+; no-image and interrupt-boot code paths merge here
     10e4:	e28d0008 	add	r0, sp, #8	; 0x8
     10e8:	ebfffc76 	bl	0x2c8
     10ec:	e5ddc008 	ldrb	r12, [sp, #8]
@@ -1201,7 +1230,7 @@
     1128:	e3a03002 	mov	r3, #2	; 0x2
     112c:	ebffff3e 	bl	0xe2c
     1130:	e5d40008 	ldrb	r0, [r4, #8]
-    1134:	e59fc1c0 	ldr	r12, [pc, #448]	; 0x12fc
+    1134:	e59fc1c0 	ldr	r12, =0x800104	; via 0x12fc
     1138:	e59c1000 	ldr	r1, [r12]
     113c:	e28d2009 	add	r2, sp, #9	; 0x9
     1140:	eb0000b8 	bl	0x1428