changeset 3:e3f8fe6a848e

boot ROM re: started on main() and the 0xe2c routine
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Mon, 15 Apr 2013 16:18:53 +0000 (2013-04-15)
parents 979d97fe75eb
children a821df9c4457
files bootrom.disasm bootrom.notes
diffstat 2 files changed, 80 insertions(+), 32 deletions(-) [+]
line wrap: on
line diff
--- a/bootrom.disasm	Mon Apr 15 04:51:12 2013 +0000
+++ b/bootrom.disasm	Mon Apr 15 16:18:53 2013 +0000
@@ -928,37 +928,48 @@
 
      e2c:	e92d4070 	stmdb	sp!, {r4, r5, r6, lr}
      e30:	e5dd5010 	ldrb	r5, [sp, #16]
-     e34:	e59fc48c 	ldr	r12, [pc, #1164]	; 0x12c8
-     e38:	e59f4484 	ldr	r4, [pc, #1156]	; 0x12c4
-     e3c:	e1c4c0b0 	strh	r12, [r4]
-     e40:	e59f4484 	ldr	r4, [pc, #1156]	; 0x12cc
-     e44:	e1c4c0b0 	strh	r12, [r4]
-     e48:	e59f4480 	ldr	r4, [pc, #1152]	; 0x12d0
+; mask all interrupts
+     e34:	e59fc48c 	ldr	r12, =0xFFFF	; via 0x12c8
+     e38:	e59f4484 	ldr	r4, =0xFFFFFA08	; via 0x12c4
+     e3c:	e1c4c0b0 	strh	r12, [r4]	; 1st reg
+     e40:	e59f4484 	ldr	r4, =0xFFFFFA0A	; via 0x12cc
+     e44:	e1c4c0b0 	strh	r12, [r4]	; 2nd reg
+; disable the watchdog
+     e48:	e59f4480 	ldr	r4, =0xFFFFF804	; via 0x12d0
      e4c:	e3a0c0f5 	mov	r12, #245	; 0xf5
-     e50:	e1c4c0b0 	strh	r12, [r4]
+     e50:	e1c4c0b0 	strh	r12, [r4]	; 1st write
      e54:	e3a0c0a0 	mov	r12, #160	; 0xa0
-     e58:	e1c4c0b0 	strh	r12, [r4]
-     e5c:	e59f4470 	ldr	r4, [pc, #1136]	; 0x12d4
+     e58:	e1c4c0b0 	strh	r12, [r4]	; 2nd write
+; write 0x100 into the MCU memory map EXTRA_CONF register (FFFF:FB10)
+; forces the memory map to internal ROM, all other bits at
+; listed reset default values
+     e5c:	e59f4470 	ldr	r4, =0xFFFFFB10	; via 0x12d4
      e60:	e3a0cc01 	mov	r12, #256	; 0x100
      e64:	e1c4c0b0 	strh	r12, [r4]
-     e68:	e59f6468 	ldr	r6, [pc, #1128]	; 0x12d8
+; write 0xFF22 into FFFF:F900 in a convoluted way
+     e68:	e59f6468 	ldr	r6, =0xFFFFFD00	; via 0x12d8
      e6c:	e3a04b01 	mov	r4, #1024	; 0x400
      e70:	e3a0c801 	mov	r12, #65536	; 0x10000
      e74:	e24cc0de 	sub	r12, r12, #222	; 0xde
      e78:	e106c0b4 	strh	r12, [r6, -r4]
-     e7c:	e59fc45c 	ldr	r12, [pc, #1116]	; 0x12e0
-     e80:	e59f4454 	ldr	r4, [pc, #1108]	; 0x12dc
+; DPLL control register written with what looks like the reset default value
+     e7c:	e59fc45c 	ldr	r12, 0x2002	; via 0x12e0
+     e80:	e59f4454 	ldr	r4, =0xFFFF9800	; via 0x12dc
      e84:	e1c4c0b0 	strh	r12, [r4]
      e88:	e1b04f8c 	movs	r4, r12, lsl #31
      e8c:	1afffffd 	bne	0xe88
+; write 0x1083 into FFFF:FD00
+; sets the MCU clock to come directly from VTCXO, bypassing DPLL
      e90:	e3a0c083 	mov	r12, #131	; 0x83
      e94:	e28cca01 	add	r12, r12, #4096	; 0x1000
      e98:	e1c6c0b0 	strh	r12, [r6]
+; clear bit 6 of FFFF:FD02 (set VCLKOUT-FR to /1)
      e9c:	e1d6c0b2 	ldrh	r12, [r6, #2]
      ea0:	e20c40bf 	and	r4, r12, #191	; 0xbf
      ea4:	e20cccff 	and	r12, r12, #65280	; 0xff00
      ea8:	e184c00c 	orr	r12, r4, r12
      eac:	e1c6c0b2 	strh	r12, [r6, #2]
+
      eb0:	e3a0cc02 	mov	r12, #512	; 0x200
      eb4:	e200001f 	and	r0, r0, #31	; 0x1f
      eb8:	e3800e2a 	orr	r0, r0, #672	; 0x2a0
@@ -1166,6 +1177,7 @@
     11d0:	e3a00001 	mov	r0, #1	; 0x1
     11d4:	e1a0f00e 	mov	pc, lr
 
+; main() entry point
     11d8:	e92d4070 	stmdb	sp!, {r4, r5, r6, lr}
     11dc:	e24dd008 	sub	sp, sp, #8	; 0x8
     11e0:	e3a0c002 	mov	r12, #2	; 0x2
@@ -1226,22 +1238,23 @@
     12bc:	e28dd008 	add	sp, sp, #8	; 0x8
     12c0:	e8bd8070 	ldmia	sp!, {r4, r5, r6, pc}
 
-    12c4:	fffffa08 	swinv	0x00fffa08
-    12c8:	0000ffff 	streqd	pc, [r0], -pc
-    12cc:	fffffa0a 	swinv	0x00fffa0a
-    12d0:	fffff804 	swinv	0x00fff804
-    12d4:	fffffb10 	swinv	0x00fffb10
-    12d8:	fffffd00 	swinv	0x00fffd00
-    12dc:	ffff9800 	swinv	0x00ff9800
-    12e0:	00002002 	andeq	r2, r0, r2
-    12e4:	fffff900 	swinv	0x00fff900
-    12e8:	ffff5000 	swinv	0x00ff5000
-    12ec:	00800534 	addeq	r0, r0, r4, lsr r5
-    12f0:	fffffd02 	swinv	0x00fffd02
-    12f4:	00800518 	addeq	r0, r0, r8, lsl r5
-    12f8:	00800524 	addeq	r0, r0, r4, lsr #10
-    12fc:	00800104 	addeq	r0, r0, r4, lsl #2
-    1300:	0000373c 	andeq	r3, r0, r12, lsr r7
+; literal pool
+    12c4:	fffffa08
+    12c8:	0000ffff
+    12cc:	fffffa0a
+    12d0:	fffff804
+    12d4:	fffffb10
+    12d8:	fffffd00
+    12dc:	ffff9800
+    12e0:	00002002
+    12e4:	fffff900
+    12e8:	ffff5000
+    12ec:	00800534
+    12f0:	fffffd02
+    12f4:	00800518
+    12f8:	00800524
+    12fc:	00800104
+    1300:	0000373c
 
     1304:	e3510000 	cmp	r1, #0	; 0x0
     1308:	012fff1e 	bxeq	lr
@@ -1380,7 +1393,8 @@
     14e4:	e59f0078 	ldr	r0, =0x1694	; via 0x1564
     14e8:	e3700001 	cmn	r0, #1	; 0x1
     14ec:	1b000003 	blne	0x1500
-    14f0:	ebffff38 	bl	0x11d8
+    14f0:	ebffff38 	bl	0x11d8		; main()
+; only tight-loop halts from here on
     14f4:	e3a00001 	mov	r0, #1	; 0x1
     14f8:	eb000022 	bl	0x1588
     14fc:	eafffffe 	b	0x14fc
@@ -1428,6 +1442,8 @@
     1560:	00000190	; size of the stack - ditto
     1564:	00001694
 
+; The following looks like the TI compiler's IND_CALL library helper
+
     1568:	e3140001 	tst	r4, #1	; 0x1
     156c:	1a000000 	bne	0x1574
     1570:	e12fff14 	bx	r4
@@ -1435,7 +1451,8 @@
     1578:	e1a0400e 	mov	r4, lr
     157c:	e28fe001 	add	lr, pc, #1	; 0x1
     1580:	e12fff1c 	bx	r12
-    1584:	46c04720 	strmib	r4, [r0], r0, lsr #14
+    1584:	4720      	bx	r4
+    1586:	46c0      	nop			(mov r8, r8)
 
     1588:	eafffffe 	b	0x1588
 
@@ -1468,8 +1485,11 @@
     15f4:	e1a00004 	mov	r0, r4
     15f8:	eb1ffa8e 	bl	0x800038
     15fc:	e8bd8010 	ldmia	sp!, {r4, pc}
-    1600:	fffffb10 	swinv	0x00fffb10
-    1604:	00800038 	addeq	r0, r0, r8, lsr r0
+
+; literal pool
+    1600:	fffffb10
+    1604:	00800038
+
     1608:	e92d4000 	stmdb	sp!, {lr}
     160c:	e24dd008 	sub	sp, sp, #8	; 0x8
     1610:	e3500001 	cmp	r0, #1	; 0x1
@@ -1491,6 +1511,17 @@
     1650:	3afffff9 	bcc	0x163c
     1654:	e28dd008 	add	sp, sp, #8	; 0x8
     1658:	e8bd8000 	ldmia	sp!, {pc}
+
+; The following is a bcopy/memcpy-like routine, but with arguments
+; in the wrong order (matching neither bcopy nor memcpy):
+;
+; R0: source address
+; R1: # of bytes to copy
+; R2: dest address
+;
+; The addresses must be word-aligned, the length must be a multiple of 4.
+; Zero length is OK (no-op).
+
     165c:	e3510000 	cmp	r1, #0	; 0x0
     1660:	012fff1e 	bxeq	lr
     1664:	e490c004 	ldr	r12, [r0], #4
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/bootrom.notes	Mon Apr 15 16:18:53 2013 +0000
@@ -0,0 +1,17 @@
+RAM layout:
+
+800000 7 words:
+	soft-vector pointers: by default the following 7 words at
+	80001C are filled with ldr-jump instructions, which read
+	from these 7 words and load them into PC
+80001C 7 words:
+	hard vectors: the physical vector locations in the ROM
+	contain branch instructions to these 7 RAM addresses
+
+800104: word initialized to 0x0001D4C0
+800108: byte initialized to 0x01
+
+800534: byte initialized to 0x00
+
+8005C0: appears to be the intended low address (bottom) of the stack
+80074C: top of the stack (initial value loaded into SP)