diff loadtools/README @ 424:1ec83a5fa8b3

loadtools: README update
author Michael Spacefalcon <msokolov@ivan.Harhan.ORG>
date Thu, 19 Jun 2014 05:50:43 +0000
parents 3275c8881cb7
children e61eacecd319
line wrap: on
line diff
--- a/loadtools/README	Thu Jun 19 03:27:16 2014 +0000
+++ b/loadtools/README	Thu Jun 19 05:50:43 2014 +0000
@@ -1,15 +1,13 @@
-You are looking at the source for the FreeCalypso loadtools package.  You may
-have downloaded it either as a separate package or as part of the larger
-freecalypso-sw suite.
+The set of host tools built in this directory consists of:
 
-The tools in this package are written to run on some Unix/Linux machine
-(normally a PC/Linux desktop or laptop) that acts as a host for operating on
-Calypso target devices.  All of these tools communicate with the Calypso target
-through a serial port; each tool begins its operation by sending special byte
-sequences to this serial port which are designed to interrupt the Calypso
-device boot process in the ROM bootloader.
-
-Three utilities are currently built as part of FreeCalypso loadtools:
+fc-loadtool		The tool for operating on Calypso GSM devices at a low
+			level.  After "breaking" into the target GSM device in
+			its boot process and getting FreeCalypso loadagent
+			running on the target (out of Calypso internal RAM, aka
+			IRAM), loadtool presents an interactive command prompt
+			with commands for peeking and poking registers and most
+			importantly, reading and writing any part of the
+			device's non-volatile flash memory.
 
 fc-iram & fc-xram	These utilities are intended for FreeCalypso developers
 			only.  They load an S-record code image into IRAM or
@@ -18,86 +16,109 @@
 			mode for the operator to interact with the thus loaded
 			target code.
 
-fc-loadtool		This utility is intended for both developers and end
-			users.  After establishing communication with the
-			target, fc-loadtool drops into interactive operation.
-			Once at the loadtool> prompt, you can peek and poke
-			registers, and most importantly, dump (read) and load
-			(program) the flash memory of the target device.
+The currently supported target devices are the Compal family of basic
+dumbphones, the Openmoko GTA0x GSM modem and the Pirelli DP-L10 feature phone.
+
+All tools in the FreeCalypso loadtools suite work by feeding pieces of code to
+the target device as it boots, preventing the booting of its regular firmware
+and diverting control to these externally-loaded code pieces.  These pieces of
+ARM7 target code need to be installed on the host system running loadtools,
+normally in /usr/local/share/freecalypso:
 
-Loadagent
-=========
+loadagent	This is the "agent" code that runs on the target device when
+		fc-loadtool is operating on it: loadtool carries out its
+		operations by sending commands to loadagent.  There is only one
+		version of loadagent for all currently supported Calypso
+		targets: loadagent does not access any resources outside of the
+		Calypso chip itself unless commanded to do so, and loadtool
+		supports different target devices with different hardware
+		configurations by sending different commands to loadagent as
+		appropriate.
 
-Both fc-loadtool and fc-xram work by first feeding a FreeCalypso-developed
-program called loadagent to the Calypso ROM bootloader; all further operations
-(loading code into XRAM or flash) are done via this loadagent.  An S-record
-image of the loadagent program is required for fc-loadtool and fc-xram to work.
-That program is in turn built with the ARM7 toolchain.
+compalstage	For Compal phones only: a little piece of code that is fed to
+		the original fw's bootloader via the serial download protocol
+		provided by the latter; it re-enables the Calypso chip boot ROM
+		and jumps to it, allowing our loadagent to be loaded in the
+		same way as on freedom-enabled devices.
 
-If you are working with the full freecalypso-sw suite, you presumably already
-have the proper ARM7 toolchain built and installed.  To build loadagent, simply
-run 'make' in the ../target-utils tree.
+If you are working with a development snapshot of the freecalypso-sw source
+tree, you will need to compile and install a GNU cross-compiler toolchain
+targeting ARM7 (see ../toolchain) and then use that toolchain to compile
+loadagent and compalstage (see ../target-utils) before you can successfully use
+loadtools to operate on a target device.  End-user oriented releases of
+FreeCalypso host tools will include prebuilt loadagent and compalstage binaries
+in the target-binaries subdirectory.
 
-If you have downloaded a separately-packaged version of FreeCalypso loadtools,
-the package should have a prebuilt loadagent.srec image included, sparing
-non-developer users the nontrivial hurdle of having to build and install a
-special cross-compilation toolchain.  The same loadagent binary is designed to
-work on all supported Calypso targets.
+Installing
+==========
 
-Building and installing loadtools
-=================================
+Just run 'make' and 'make install' as usual.  If the target-binaries directory
+is present, your installation will be complete and ready to use.  If you are
+building these pieces yourself from source, do a 'make' and 'make install' in
+../target-utils, after you have the ARM7 gcc toolchain installed and working.
 
-Normally the machine on which you build and install fc-loadtools would be your
-PC/Linux desktop or laptop, the system you would use to program or otherwise
-interact with Calypso phones by way of appropriate USB-to-phone cables.  Just
-like loadagent, the host utilities you are going to build and install aren't
-specific to a particular target device; instead you will select the target
-device at run time via a command line option.  Hence you can build and install
-the host utilities (usual 'make' and 'make install') without limiting your
-setup to just one target phone type.
+Basic usage
+===========
+
+The steps for bringing up fc-loadtool to operate on a target Calypso device are
+as follows:
+
+1. If you are using a USB serial adapter, or operating on a Pirelli phone that
+   has one built in, connect the USB side first so that the necessary
+   /dev/ttyUSB* device node appears.
 
-However, if your intended target device is an Openmoko GTA02 (or GTA01)
-smartphone, there is one additional complication: one cannot directly access
-the Calypso part of these phones from the outside without going through the
-phone's application processor first.  If you would like to use fc-loadtool to
-read or write the GSM flash memory of your GTA0x (load a different firmware
-image, dump the flash file system for backup or examination, restore a previous
-backup etc), there are two ways to do it:
+2. Run fc-loadtool like this:
+
+   fc-loadtool $TARGETOPT /dev/ttyXXX
+
+   Change /dev/ttyXXX to the actual serial port you are using, and change
+   $TARGETOPT to:
 
-1. The recommended way for FreeCalypso developers is to get a special serial
-   cable (low voltage, as in 3.3V or lower - *NOT* RS-232 levels - please don't
-   fry your precious phone!) that would plug into the 2.5mm jack on the left
-   side of the phone that is normally intended for a wired headset.  This way
-   you can use your regular build of fc-loadtool (and fc-iram & fc-xram) on
-   your PC/Linux (or other) development host, no need to build anything for
-   GTA0x AP, and all communication happens directly between your development
-   host and the Calypso part of your target phone - not going through the AP
-   at all.  You still need working software on the GTA0x AP to do battery
-   management, to power the Calypso block on and off, and to enable the headset
-   jack "download" path, but it is much less burdensome than having to do the
-   actual FreeCalypso work from the AP.
+   Device		Needed options
+   -----------------------------------
+   Mot C11x/123		-h compal
+   Mot C139/140		-h compal -c 1003
+   Mot C155/156		-h c155
+   Openmoko GTA02	-h gta02
+   Pirelli DP-L10	-h pirelli
+
+3. Cause the target device to execute its boot path.  Openmoko GTA0x and
+   Pirelli DP-L10 targets have the Calypso boot ROM enabled, and will interrupt
+   and divert their normal boot path when they "hear" the beacons which
+   fc-loadtool will be sending down the serial line.  Compal phones have this
+   boot ROM disabled at the board level, but their standard firmware includes a
+   flash-resident bootloader that offers a different way of interrupting the
+   boot path and loading code over the serial line; fc-loadtool will be set up
+   to speak the latter protocol when run with the corresponding options from
+   the table above.
 
-Having the headset jack do double duty as a programming port is actually a
-standard practice in the world of basic (non-smart) cellular phones, and
-furthermore, the pinout used by FIC on the GTA0x phones just happens to be
-exactly the same as that used by Compal/Motorola - hence the same headset jack
-serial cables that are used by OsmocomBB with the latter phones (the famous
-"T191 unlock cable") will also work for connecting from an external host
-directly to the Calypso part of GTA0x phones.
+You will see messages showing fc-loadtool's progress with feeding first
+compalstage (if needed), then loadagent (always needed) to the target device,
+followed by some target-specific initialization done via loadagent commands.
+If all of the above succeeds, you will land at a loadtool> prompt.  Type
+'help', and it will guide you from there.  Alternatively, you can familiarize
+yourself with loadtool commands and operations without actually running it by
+reading the loadtool.help text file.
+
+For other fc-loadtool options and fc-[ix]ram usage details, see the slightly
+outdated README.old file.  For newer options added since that file was written,
+see the source code.  I hope to write some real man pages eventually.
 
-2. If you are an end user who simply wishes to reflash a different GSM firmware
-   image, it can be done from inside the phone (from the AP) without having to
-   acquire special hardware (as in the cable described above).  However, the
-   trade-off is that in return for saving on the special hardware, you have to
-   do more work on the software.  You will have to use a cross-compiler
-   targeting the ARM/Linux AP environment (*not* the ARM7 cross-compiler used
-   for the GSM firmware itself!) to build fc-loadtools to run on the GTA0x AP.
+Openmoko GTA0x
+==============
 
-Building loadtools for GTA0x AP
-===============================
+All of the above instructions assume that you are running these loadtools on a
+general-purpose host system such as a GNU/Linux PC or laptop, and will
+potentially use them to operate on multiple Calypso targets of different kinds.
+If instead you are building loadtools to run on the application processor of a
+smartphone such as Openmoko GTA0x, then it makes no sense for that special build
+of loadtools to support any target other than the specific modem in that
+smartphone.  Loadtools can be built with compalstage support excluded and with
+GTA0x-specific modem power control included instead.  This build will still
+include a bunch of functions of no relevance to GTA0x, but oh well..
 
-If you've decided to build loadtools for the GTA0x AP, you'll need to make the
-following modifications to the Makefile:
+To build loadtools for the GTA0x AP, you'll need to make the following
+modifications to the Makefile:
 
 * Change the CC= line to point to the appropriate cross-compiler (which you'll
   need to provide yourself);
@@ -106,166 +127,7 @@
   the GTA0x AP (e.g., -march=armv4t -mtune=arm920t), and add -DGTA0x_AP_BUILD
   to enable some code that makes sense only when running on the GTA0x AP.
 
-* Change EXTRA_OBJ= to EXTRA_OBJ=gtapower.o, i.e., add gtapower.c (compiling
-  into gtapower.o) to the build.
+* Change EXTRA_OBJ= from listing compalload.o to listing compaldummy.o and
+  gtapower.o instead.
 
 See gta-ap-build.sed for an example.
-
-Running fc-loadtool
-===================
-
-Once you've got loadtools built and installed, you can run fc-loadtool
-as follows:
-
-To operate on a Pirelli DP-L10 that appears as /dev/ttyUSB0:
-
-fc-loadtool -h pirelli /dev/ttyUSB0
-
-The usb2serial chip inside the phone is bus-powered and will be visible as
-/dev/ttyUSBx whether the phone battery is present or not.  There are two ways
-to break into the bootloader:
-
-1. Run the fc-loadtool command given above with the USB cable connected, but no
-   battery present.  Once loadtool says "Sending beacons to <port>", insert the
-   battery.
-
-2. Connect the USB cable to a powered-on phone running its original factory
-   firmware.  (If the phone was off, it will power up and boot in the "charging
-   only" mode - it is not possible for a Calypso/Iota phone to be completely
-   off when both the battery and the charging voltage are present.)  Run
-   fc-loadtool as above - it will start sending its beacons, which will be
-   ignored by the running fw.  Then execute the "power off" operation from the
-   UI (unlock the keypad, then press and hold the red button).  The presence of
-   USB VBUS (used as the charging power source on this phone) will turn the
-   power-off into a reboot, and you'll break into the bootloader.
-
-To operate on the Calypso block of a GTA02, accessing it from an external
-PC/Linux host via a USB-to-headset-jack serial cable that appears as
-/dev/ttyUSB0:
-
-fc-loadtool -h gta02 /dev/ttyUSB0
-
-Run the above command first, then power on the GSM modem from the AP - or power
-it off, then on if it was on already.  The "download" path needs to be enabled
-(controlled from the AP) and fc-loadtool needs to be running on the external
-host when the modem is powered on.
-
-To operate on the Calypso block of a GTA02, running fc-loadtool from inside the
-phone, i.e., from the AP of the same GTA02:
-
-fc-loadtool -h gta02 /dev/ttySAC0
-
-In this last scenario the specially built version of fc-loadtool running on the
-AP takes care of manipulating the modem power to induce entry into the
-bootloader, thus no extra manual steps are needed.
-
-See loadtool.help for a detailed description of the functionality and commands
-that are available once loadtool is running and communicating with loadagent on
-the target device.
-
-Command line options
-====================
-
-The fc-loadtool command lines shown above will usually be sufficient.  However,
-here is the complete command line description for all 3 tools:
-
-fc-iram [options] ttyport iramimage.srec
-fc-xram [options] ttyport xramimage.srec [2ndprog]
-fc-loadtool [options] ttyport
-
-The available options are common for all 3 utilities, with a few noted
-exceptions:
-
--a /path/to/loadagent
-
-	This option applies only to fc-loadtool and fc-xram.  It specifies the
-	pathname at which the required loadagent.srec image should be sought,
-	overriding the compiled-in default.
-
--b baud
-
-	This option is common for all 3 utilities.  It selects the baud rate
-	to be used when pushing the IRAM image to the Calypso boot ROM.  In the
-	case of fc-iram, the selected baud rate will be in effect when the
-	loaded IRAM image is jumped to and fc-iram drops into the serial tty
-	pass-thru mode; in the case of fc-loadtool, it will be the initial baud
-	rate for communicating with loadagent, which can be switched later with
-	the baud command.  The default is 115200 baud.
-
--B baud
-
-	This option is specific to fc-xram.  It selects the baud rate to be
-	used when pushing the XRAM image to loadagent.  If no -B option is
-	specified, fc-xram will communicate with loadagent at the same baud
-	rate that was used to load loadagent itself via the Calypso boot ROM
-	download protocol, i.e., the rate selected with -b, defaulting to
-	115200 baud if no -b option was given either.  Neither -b nor -B
-	affects the baud rate that will be in effect when the loaded XRAM image
-	is jumped to and fc-xram drops into the serial tty pass-thru mode: that
-	baud rate independently defaults to 115200 baud and can only be changed
-	with the -r option.
-
--h hwtype
-
-	This option is common for all 3 utilities.  It selects the specific
-	target device configuration to be used.  More precisely, it constructs
-	a pathname of the form /usr/local/share/freecalypso/%s.config, where %s
-	is the argument given to this option, and uses that file as the hardware
-	parameters file.
-
-	The hardware configurations known to the present release of FreeCalypso
-	loadtools are gta02 and pirelli.
-
--H /path/to/hwparam-file
-
-	This option is just like -h, except that the given argument is used
-	directly as the hardware parameter file pathname (absolute or relative)
-	without alteration.
-
--i num
-
-	This option is common for all 3 utilities.  It specifies the interval
-	in milliseconds at which the tool will send "please interrupt the boot
-	process" beacons out the serial port, hoping to catch the Calypso
-	internal boot ROM.  The default is 13 ms.
-
--n
-
-	This option does anything only when loadtools have been compiled to run
-	on GTA0x AP.  If you've compiled loadtools with the -DGTA0x_AP_BUILD
-	option, it has an effect of making each tool automatically toggle the
-	modem power control upon startup, removing the need for manual
-	sequencing of the Calypso boot process.  This -n option suppresses that
-	action, making the AP build behave like the standard build in this
-	regard.
-
--r baud
-
-	This option is specific to fc-xram.  It selects the serial line baud
-	rate which should be set just before the loaded XRAM image is jumped
-	to; the default is 115200 baud.
-
-fc-xram 2nd program invokation
-==============================
-
-The fc-xram utility can take two possible actions after it has loaded the
-specified S-record image into XRAM:
-
-* The default action, in the absence of additional command line arguments, is
-  to drop into a serial tty pass-thru mode, just like fc-iram.
-
-* The alternative action is to invoke a 2nd program and pass the serial
-  communication channel to it.  This 2nd program invokation facility is intended
-  primarily for passing the serial communication channel to rvinterf or rvtdump
-  from the FreeCalypso software suite, not for launching any arbitrary 3rd-party
-  programs from fc-xram.
-
-The intended usage scenario is that one builds a version of the FreeCalypso GSM
-firmware (or some subset thereof, such as an "in vivo" FFS editing agent) in the
-ramImage configuration, fc-xram is used to load that ramImage into the target
-device, and then the serial communication channel (RVTMUX) is immediately taken
-over by rvinterf or rvtdump.
-
-More detailed usage instructions will be written when the rvinterf tools reach
-a point of being usable by more than just the original developer; until then,
-read the source code.