FreeCalypso > hg > freecalypso-reveng
changeset 17:d2206cb5f8b4
boot ROM re: got through the <w handler
author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
---|---|
date | Thu, 25 Apr 2013 04:07:10 +0000 |
parents | 383a4ef12551 |
children | 123cb5021b64 |
files | bootrom.disasm bootrom.notes |
diffstat | 2 files changed, 39 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/bootrom.disasm Thu Apr 25 03:16:17 2013 +0000 +++ b/bootrom.disasm Thu Apr 25 04:07:10 2013 +0000 @@ -539,13 +539,16 @@ 728: e28dd004 add sp, sp, #4 ; 0x4 72c: e8bd8ff0 ldmia sp!, {r4, r5, r6, r7, r8, r9, r10, r11, pc} +; The routine at 0x730 is called from the 0x8b4 routine and handles +; '<w' commands. + 730: e92d43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} - 734: e59f46c8 ldr r4, [pc, #1736] ; 0xe04 - 738: e5d4c018 ldrb r12, [r4, #24] + 734: e59f46c8 ldr r4, =0x800518 ; via 0xe04 + 738: e5d4c018 ldrb r12, [r4, #24] ; 800530 73c: e35c0001 cmp r12, #1 ; 0x1 740: 0a00004a beq 0x870 - 744: e59f56c0 ldr r5, [pc, #1728] ; 0xe0c - 748: e59f66c8 ldr r6, [pc, #1736] ; 0xe18 + 744: e59f56c0 ldr r5, =0x80010C ; via 0xe0c + 748: e59f66c8 ldr r6, =0x800750 ; via 0xe18 74c: e3a07000 mov r7, #0 ; 0x0 750: e3a00000 mov r0, #0 ; 0x0 754: e080c005 add r12, r0, r5 @@ -582,14 +585,16 @@ 7d0: e3a03000 mov r3, #0 ; 0x0 7d4: e1520006 cmp r2, r6 7d8: 3a000003 bcc 0x7ec - 7dc: e59fc638 ldr r12, [pc, #1592] ; 0xe1c + 7dc: e59fc638 ldr r12, =0x7F8AF ; via 0xe1c 7e0: e08cc006 add r12, r12, r6 7e4: e152000c cmp r2, r12 7e8: 9a000001 bls 0x7f4 +; error: bad load address 7ec: e383c001 orr r12, r3, #1 ; 0x1 7f0: e20c30ff and r3, r12, #255 ; 0xff 7f4: e3530000 cmp r3, #0 ; 0x0 7f8: 1a00001d bne 0x874 +; address OK 7fc: e3a09000 mov r9, #0 ; 0x0 800: e3510000 cmp r1, #0 ; 0x0 804: 0a00000b beq 0x838 @@ -619,20 +624,26 @@ 864: e3570000 cmp r7, #0 ; 0x0 868: 0affffb9 beq 0x754 86c: ea000000 b 0x874 +; 800530 flag was set to 01 +; return error 02 870: e3a03002 mov r3, #2 ; 0x2 +; common exit path: good or bad? 874: e5c43019 strb r3, [r4, #25] 878: e3530000 cmp r3, #0 ; 0x0 - 87c: 0a000008 beq 0x8a4 + 87c: 0a000008 beq 0x8a4 ; good return +; nope, bad: send >W 880: e3a00004 mov r0, #4 ; 0x4 884: ebfffe2c bl 0x13c +; reset baud rate to 19200 888: e5d41008 ldrb r1, [r4, #8] 88c: e3a00004 mov r0, #4 ; 0x4 890: eb0002d0 bl 0x13d8 +; var init 894: e1a00004 mov r0, r4 898: ebfffe1f bl 0x11c 89c: e3a00001 mov r0, #1 ; 0x1 8a0: e8bd83f0 ldmia sp!, {r4, r5, r6, r7, r8, r9, pc} - +; good return: send >w to host 8a4: e3a00003 mov r0, #3 ; 0x3 8a8: ebfffe23 bl 0x13c 8ac: e3a00000 mov r0, #0 ; 0x0
--- a/bootrom.notes Thu Apr 25 03:16:17 2013 +0000 +++ b/bootrom.notes Thu Apr 25 04:07:10 2013 +0000 @@ -48,6 +48,9 @@ <a +Seems to be a reset command that throws everything back to the initial state. +Does not seem to produce a response. + <b Followed by 4 bytes, giving a 32-bit value in MSB-first order. The value is @@ -101,6 +104,20 @@ for a single block (both bytes after <w set to 01), the maximum allowed payload length is 1015 (0x3F7) bytes. +The checksum of each block is computed as a simple ripple-carry sum +(in a 32-bit ARM register) of: + + the word-sized payload byte count from the command + + each of the 4 bytes of the load address + + constant 5 + + each byte of the payload data + +The code then takes a one's complement of the least significant byte +of the above sum, and adds that (plain ripple-carry addition) +to the accum in 800528 (a 16-bit variable). + +Good response: >w +Error response: >W <err code byte from 800531> + RAM layout: 800000 7 words: @@ -155,6 +172,10 @@ 800530: byte indicates validity of the received '<w' command: 0 means valid, 1 means something bad init to 0 by 0x11c +800531: byte error code to return to host as the 3rd (and last) byte + of the >W message + set to 02 if the 800530 flag was set + set to 01 if the 0x730 routine detects bad address 800534: byte initialized to 0x00, then may be set to 1 by the 0xfb4 routine if it selects /1 clock mode.