FreeCalypso > hg > freecalypso-sw
comparison loadtools/README @ 424:1ec83a5fa8b3
loadtools: README update
author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
---|---|
date | Thu, 19 Jun 2014 05:50:43 +0000 |
parents | 3275c8881cb7 |
children | e61eacecd319 |
comparison
equal
deleted
inserted
replaced
423:2e699aa67f03 | 424:1ec83a5fa8b3 |
---|---|
1 You are looking at the source for the FreeCalypso loadtools package. You may | 1 The set of host tools built in this directory consists of: |
2 have downloaded it either as a separate package or as part of the larger | |
3 freecalypso-sw suite. | |
4 | 2 |
5 The tools in this package are written to run on some Unix/Linux machine | 3 fc-loadtool The tool for operating on Calypso GSM devices at a low |
6 (normally a PC/Linux desktop or laptop) that acts as a host for operating on | 4 level. After "breaking" into the target GSM device in |
7 Calypso target devices. All of these tools communicate with the Calypso target | 5 its boot process and getting FreeCalypso loadagent |
8 through a serial port; each tool begins its operation by sending special byte | 6 running on the target (out of Calypso internal RAM, aka |
9 sequences to this serial port which are designed to interrupt the Calypso | 7 IRAM), loadtool presents an interactive command prompt |
10 device boot process in the ROM bootloader. | 8 with commands for peeking and poking registers and most |
11 | 9 importantly, reading and writing any part of the |
12 Three utilities are currently built as part of FreeCalypso loadtools: | 10 device's non-volatile flash memory. |
13 | 11 |
14 fc-iram & fc-xram These utilities are intended for FreeCalypso developers | 12 fc-iram & fc-xram These utilities are intended for FreeCalypso developers |
15 only. They load an S-record code image into IRAM or | 13 only. They load an S-record code image into IRAM or |
16 XRAM, respectively, induce a transfer of control to the | 14 XRAM, respectively, induce a transfer of control to the |
17 loaded code, and then drop into a serial line pass-thru | 15 loaded code, and then drop into a serial line pass-thru |
18 mode for the operator to interact with the thus loaded | 16 mode for the operator to interact with the thus loaded |
19 target code. | 17 target code. |
20 | 18 |
21 fc-loadtool This utility is intended for both developers and end | 19 The currently supported target devices are the Compal family of basic |
22 users. After establishing communication with the | 20 dumbphones, the Openmoko GTA0x GSM modem and the Pirelli DP-L10 feature phone. |
23 target, fc-loadtool drops into interactive operation. | |
24 Once at the loadtool> prompt, you can peek and poke | |
25 registers, and most importantly, dump (read) and load | |
26 (program) the flash memory of the target device. | |
27 | 21 |
28 Loadagent | 22 All tools in the FreeCalypso loadtools suite work by feeding pieces of code to |
29 ========= | 23 the target device as it boots, preventing the booting of its regular firmware |
24 and diverting control to these externally-loaded code pieces. These pieces of | |
25 ARM7 target code need to be installed on the host system running loadtools, | |
26 normally in /usr/local/share/freecalypso: | |
30 | 27 |
31 Both fc-loadtool and fc-xram work by first feeding a FreeCalypso-developed | 28 loadagent This is the "agent" code that runs on the target device when |
32 program called loadagent to the Calypso ROM bootloader; all further operations | 29 fc-loadtool is operating on it: loadtool carries out its |
33 (loading code into XRAM or flash) are done via this loadagent. An S-record | 30 operations by sending commands to loadagent. There is only one |
34 image of the loadagent program is required for fc-loadtool and fc-xram to work. | 31 version of loadagent for all currently supported Calypso |
35 That program is in turn built with the ARM7 toolchain. | 32 targets: loadagent does not access any resources outside of the |
33 Calypso chip itself unless commanded to do so, and loadtool | |
34 supports different target devices with different hardware | |
35 configurations by sending different commands to loadagent as | |
36 appropriate. | |
36 | 37 |
37 If you are working with the full freecalypso-sw suite, you presumably already | 38 compalstage For Compal phones only: a little piece of code that is fed to |
38 have the proper ARM7 toolchain built and installed. To build loadagent, simply | 39 the original fw's bootloader via the serial download protocol |
39 run 'make' in the ../target-utils tree. | 40 provided by the latter; it re-enables the Calypso chip boot ROM |
41 and jumps to it, allowing our loadagent to be loaded in the | |
42 same way as on freedom-enabled devices. | |
40 | 43 |
41 If you have downloaded a separately-packaged version of FreeCalypso loadtools, | 44 If you are working with a development snapshot of the freecalypso-sw source |
42 the package should have a prebuilt loadagent.srec image included, sparing | 45 tree, you will need to compile and install a GNU cross-compiler toolchain |
43 non-developer users the nontrivial hurdle of having to build and install a | 46 targeting ARM7 (see ../toolchain) and then use that toolchain to compile |
44 special cross-compilation toolchain. The same loadagent binary is designed to | 47 loadagent and compalstage (see ../target-utils) before you can successfully use |
45 work on all supported Calypso targets. | 48 loadtools to operate on a target device. End-user oriented releases of |
49 FreeCalypso host tools will include prebuilt loadagent and compalstage binaries | |
50 in the target-binaries subdirectory. | |
46 | 51 |
47 Building and installing loadtools | 52 Installing |
48 ================================= | 53 ========== |
49 | 54 |
50 Normally the machine on which you build and install fc-loadtools would be your | 55 Just run 'make' and 'make install' as usual. If the target-binaries directory |
51 PC/Linux desktop or laptop, the system you would use to program or otherwise | 56 is present, your installation will be complete and ready to use. If you are |
52 interact with Calypso phones by way of appropriate USB-to-phone cables. Just | 57 building these pieces yourself from source, do a 'make' and 'make install' in |
53 like loadagent, the host utilities you are going to build and install aren't | 58 ../target-utils, after you have the ARM7 gcc toolchain installed and working. |
54 specific to a particular target device; instead you will select the target | |
55 device at run time via a command line option. Hence you can build and install | |
56 the host utilities (usual 'make' and 'make install') without limiting your | |
57 setup to just one target phone type. | |
58 | 59 |
59 However, if your intended target device is an Openmoko GTA02 (or GTA01) | 60 Basic usage |
60 smartphone, there is one additional complication: one cannot directly access | 61 =========== |
61 the Calypso part of these phones from the outside without going through the | |
62 phone's application processor first. If you would like to use fc-loadtool to | |
63 read or write the GSM flash memory of your GTA0x (load a different firmware | |
64 image, dump the flash file system for backup or examination, restore a previous | |
65 backup etc), there are two ways to do it: | |
66 | 62 |
67 1. The recommended way for FreeCalypso developers is to get a special serial | 63 The steps for bringing up fc-loadtool to operate on a target Calypso device are |
68 cable (low voltage, as in 3.3V or lower - *NOT* RS-232 levels - please don't | 64 as follows: |
69 fry your precious phone!) that would plug into the 2.5mm jack on the left | |
70 side of the phone that is normally intended for a wired headset. This way | |
71 you can use your regular build of fc-loadtool (and fc-iram & fc-xram) on | |
72 your PC/Linux (or other) development host, no need to build anything for | |
73 GTA0x AP, and all communication happens directly between your development | |
74 host and the Calypso part of your target phone - not going through the AP | |
75 at all. You still need working software on the GTA0x AP to do battery | |
76 management, to power the Calypso block on and off, and to enable the headset | |
77 jack "download" path, but it is much less burdensome than having to do the | |
78 actual FreeCalypso work from the AP. | |
79 | 65 |
80 Having the headset jack do double duty as a programming port is actually a | 66 1. If you are using a USB serial adapter, or operating on a Pirelli phone that |
81 standard practice in the world of basic (non-smart) cellular phones, and | 67 has one built in, connect the USB side first so that the necessary |
82 furthermore, the pinout used by FIC on the GTA0x phones just happens to be | 68 /dev/ttyUSB* device node appears. |
83 exactly the same as that used by Compal/Motorola - hence the same headset jack | |
84 serial cables that are used by OsmocomBB with the latter phones (the famous | |
85 "T191 unlock cable") will also work for connecting from an external host | |
86 directly to the Calypso part of GTA0x phones. | |
87 | 69 |
88 2. If you are an end user who simply wishes to reflash a different GSM firmware | 70 2. Run fc-loadtool like this: |
89 image, it can be done from inside the phone (from the AP) without having to | |
90 acquire special hardware (as in the cable described above). However, the | |
91 trade-off is that in return for saving on the special hardware, you have to | |
92 do more work on the software. You will have to use a cross-compiler | |
93 targeting the ARM/Linux AP environment (*not* the ARM7 cross-compiler used | |
94 for the GSM firmware itself!) to build fc-loadtools to run on the GTA0x AP. | |
95 | 71 |
96 Building loadtools for GTA0x AP | 72 fc-loadtool $TARGETOPT /dev/ttyXXX |
97 =============================== | |
98 | 73 |
99 If you've decided to build loadtools for the GTA0x AP, you'll need to make the | 74 Change /dev/ttyXXX to the actual serial port you are using, and change |
100 following modifications to the Makefile: | 75 $TARGETOPT to: |
76 | |
77 Device Needed options | |
78 ----------------------------------- | |
79 Mot C11x/123 -h compal | |
80 Mot C139/140 -h compal -c 1003 | |
81 Mot C155/156 -h c155 | |
82 Openmoko GTA02 -h gta02 | |
83 Pirelli DP-L10 -h pirelli | |
84 | |
85 3. Cause the target device to execute its boot path. Openmoko GTA0x and | |
86 Pirelli DP-L10 targets have the Calypso boot ROM enabled, and will interrupt | |
87 and divert their normal boot path when they "hear" the beacons which | |
88 fc-loadtool will be sending down the serial line. Compal phones have this | |
89 boot ROM disabled at the board level, but their standard firmware includes a | |
90 flash-resident bootloader that offers a different way of interrupting the | |
91 boot path and loading code over the serial line; fc-loadtool will be set up | |
92 to speak the latter protocol when run with the corresponding options from | |
93 the table above. | |
94 | |
95 You will see messages showing fc-loadtool's progress with feeding first | |
96 compalstage (if needed), then loadagent (always needed) to the target device, | |
97 followed by some target-specific initialization done via loadagent commands. | |
98 If all of the above succeeds, you will land at a loadtool> prompt. Type | |
99 'help', and it will guide you from there. Alternatively, you can familiarize | |
100 yourself with loadtool commands and operations without actually running it by | |
101 reading the loadtool.help text file. | |
102 | |
103 For other fc-loadtool options and fc-[ix]ram usage details, see the slightly | |
104 outdated README.old file. For newer options added since that file was written, | |
105 see the source code. I hope to write some real man pages eventually. | |
106 | |
107 Openmoko GTA0x | |
108 ============== | |
109 | |
110 All of the above instructions assume that you are running these loadtools on a | |
111 general-purpose host system such as a GNU/Linux PC or laptop, and will | |
112 potentially use them to operate on multiple Calypso targets of different kinds. | |
113 If instead you are building loadtools to run on the application processor of a | |
114 smartphone such as Openmoko GTA0x, then it makes no sense for that special build | |
115 of loadtools to support any target other than the specific modem in that | |
116 smartphone. Loadtools can be built with compalstage support excluded and with | |
117 GTA0x-specific modem power control included instead. This build will still | |
118 include a bunch of functions of no relevance to GTA0x, but oh well.. | |
119 | |
120 To build loadtools for the GTA0x AP, you'll need to make the following | |
121 modifications to the Makefile: | |
101 | 122 |
102 * Change the CC= line to point to the appropriate cross-compiler (which you'll | 123 * Change the CC= line to point to the appropriate cross-compiler (which you'll |
103 need to provide yourself); | 124 need to provide yourself); |
104 | 125 |
105 * Change the CFLAGS= line: add the right options to target the ARM920T core in | 126 * Change the CFLAGS= line: add the right options to target the ARM920T core in |
106 the GTA0x AP (e.g., -march=armv4t -mtune=arm920t), and add -DGTA0x_AP_BUILD | 127 the GTA0x AP (e.g., -march=armv4t -mtune=arm920t), and add -DGTA0x_AP_BUILD |
107 to enable some code that makes sense only when running on the GTA0x AP. | 128 to enable some code that makes sense only when running on the GTA0x AP. |
108 | 129 |
109 * Change EXTRA_OBJ= to EXTRA_OBJ=gtapower.o, i.e., add gtapower.c (compiling | 130 * Change EXTRA_OBJ= from listing compalload.o to listing compaldummy.o and |
110 into gtapower.o) to the build. | 131 gtapower.o instead. |
111 | 132 |
112 See gta-ap-build.sed for an example. | 133 See gta-ap-build.sed for an example. |
113 | |
114 Running fc-loadtool | |
115 =================== | |
116 | |
117 Once you've got loadtools built and installed, you can run fc-loadtool | |
118 as follows: | |
119 | |
120 To operate on a Pirelli DP-L10 that appears as /dev/ttyUSB0: | |
121 | |
122 fc-loadtool -h pirelli /dev/ttyUSB0 | |
123 | |
124 The usb2serial chip inside the phone is bus-powered and will be visible as | |
125 /dev/ttyUSBx whether the phone battery is present or not. There are two ways | |
126 to break into the bootloader: | |
127 | |
128 1. Run the fc-loadtool command given above with the USB cable connected, but no | |
129 battery present. Once loadtool says "Sending beacons to <port>", insert the | |
130 battery. | |
131 | |
132 2. Connect the USB cable to a powered-on phone running its original factory | |
133 firmware. (If the phone was off, it will power up and boot in the "charging | |
134 only" mode - it is not possible for a Calypso/Iota phone to be completely | |
135 off when both the battery and the charging voltage are present.) Run | |
136 fc-loadtool as above - it will start sending its beacons, which will be | |
137 ignored by the running fw. Then execute the "power off" operation from the | |
138 UI (unlock the keypad, then press and hold the red button). The presence of | |
139 USB VBUS (used as the charging power source on this phone) will turn the | |
140 power-off into a reboot, and you'll break into the bootloader. | |
141 | |
142 To operate on the Calypso block of a GTA02, accessing it from an external | |
143 PC/Linux host via a USB-to-headset-jack serial cable that appears as | |
144 /dev/ttyUSB0: | |
145 | |
146 fc-loadtool -h gta02 /dev/ttyUSB0 | |
147 | |
148 Run the above command first, then power on the GSM modem from the AP - or power | |
149 it off, then on if it was on already. The "download" path needs to be enabled | |
150 (controlled from the AP) and fc-loadtool needs to be running on the external | |
151 host when the modem is powered on. | |
152 | |
153 To operate on the Calypso block of a GTA02, running fc-loadtool from inside the | |
154 phone, i.e., from the AP of the same GTA02: | |
155 | |
156 fc-loadtool -h gta02 /dev/ttySAC0 | |
157 | |
158 In this last scenario the specially built version of fc-loadtool running on the | |
159 AP takes care of manipulating the modem power to induce entry into the | |
160 bootloader, thus no extra manual steps are needed. | |
161 | |
162 See loadtool.help for a detailed description of the functionality and commands | |
163 that are available once loadtool is running and communicating with loadagent on | |
164 the target device. | |
165 | |
166 Command line options | |
167 ==================== | |
168 | |
169 The fc-loadtool command lines shown above will usually be sufficient. However, | |
170 here is the complete command line description for all 3 tools: | |
171 | |
172 fc-iram [options] ttyport iramimage.srec | |
173 fc-xram [options] ttyport xramimage.srec [2ndprog] | |
174 fc-loadtool [options] ttyport | |
175 | |
176 The available options are common for all 3 utilities, with a few noted | |
177 exceptions: | |
178 | |
179 -a /path/to/loadagent | |
180 | |
181 This option applies only to fc-loadtool and fc-xram. It specifies the | |
182 pathname at which the required loadagent.srec image should be sought, | |
183 overriding the compiled-in default. | |
184 | |
185 -b baud | |
186 | |
187 This option is common for all 3 utilities. It selects the baud rate | |
188 to be used when pushing the IRAM image to the Calypso boot ROM. In the | |
189 case of fc-iram, the selected baud rate will be in effect when the | |
190 loaded IRAM image is jumped to and fc-iram drops into the serial tty | |
191 pass-thru mode; in the case of fc-loadtool, it will be the initial baud | |
192 rate for communicating with loadagent, which can be switched later with | |
193 the baud command. The default is 115200 baud. | |
194 | |
195 -B baud | |
196 | |
197 This option is specific to fc-xram. It selects the baud rate to be | |
198 used when pushing the XRAM image to loadagent. If no -B option is | |
199 specified, fc-xram will communicate with loadagent at the same baud | |
200 rate that was used to load loadagent itself via the Calypso boot ROM | |
201 download protocol, i.e., the rate selected with -b, defaulting to | |
202 115200 baud if no -b option was given either. Neither -b nor -B | |
203 affects the baud rate that will be in effect when the loaded XRAM image | |
204 is jumped to and fc-xram drops into the serial tty pass-thru mode: that | |
205 baud rate independently defaults to 115200 baud and can only be changed | |
206 with the -r option. | |
207 | |
208 -h hwtype | |
209 | |
210 This option is common for all 3 utilities. It selects the specific | |
211 target device configuration to be used. More precisely, it constructs | |
212 a pathname of the form /usr/local/share/freecalypso/%s.config, where %s | |
213 is the argument given to this option, and uses that file as the hardware | |
214 parameters file. | |
215 | |
216 The hardware configurations known to the present release of FreeCalypso | |
217 loadtools are gta02 and pirelli. | |
218 | |
219 -H /path/to/hwparam-file | |
220 | |
221 This option is just like -h, except that the given argument is used | |
222 directly as the hardware parameter file pathname (absolute or relative) | |
223 without alteration. | |
224 | |
225 -i num | |
226 | |
227 This option is common for all 3 utilities. It specifies the interval | |
228 in milliseconds at which the tool will send "please interrupt the boot | |
229 process" beacons out the serial port, hoping to catch the Calypso | |
230 internal boot ROM. The default is 13 ms. | |
231 | |
232 -n | |
233 | |
234 This option does anything only when loadtools have been compiled to run | |
235 on GTA0x AP. If you've compiled loadtools with the -DGTA0x_AP_BUILD | |
236 option, it has an effect of making each tool automatically toggle the | |
237 modem power control upon startup, removing the need for manual | |
238 sequencing of the Calypso boot process. This -n option suppresses that | |
239 action, making the AP build behave like the standard build in this | |
240 regard. | |
241 | |
242 -r baud | |
243 | |
244 This option is specific to fc-xram. It selects the serial line baud | |
245 rate which should be set just before the loaded XRAM image is jumped | |
246 to; the default is 115200 baud. | |
247 | |
248 fc-xram 2nd program invokation | |
249 ============================== | |
250 | |
251 The fc-xram utility can take two possible actions after it has loaded the | |
252 specified S-record image into XRAM: | |
253 | |
254 * The default action, in the absence of additional command line arguments, is | |
255 to drop into a serial tty pass-thru mode, just like fc-iram. | |
256 | |
257 * The alternative action is to invoke a 2nd program and pass the serial | |
258 communication channel to it. This 2nd program invokation facility is intended | |
259 primarily for passing the serial communication channel to rvinterf or rvtdump | |
260 from the FreeCalypso software suite, not for launching any arbitrary 3rd-party | |
261 programs from fc-xram. | |
262 | |
263 The intended usage scenario is that one builds a version of the FreeCalypso GSM | |
264 firmware (or some subset thereof, such as an "in vivo" FFS editing agent) in the | |
265 ramImage configuration, fc-xram is used to load that ramImage into the target | |
266 device, and then the serial communication channel (RVTMUX) is immediately taken | |
267 over by rvinterf or rvtdump. | |
268 | |
269 More detailed usage instructions will be written when the rvinterf tools reach | |
270 a point of being usable by more than just the original developer; until then, | |
271 read the source code. |