FreeCalypso > hg > freecalypso-sw
view loadtools/README @ 952:15b1b396ad23
c139explore: OsmocomBB morons got uwire wrong, TI got it right
author | Mychaela Falconia <falcon@ivan.Harhan.ORG> |
---|---|
date | Wed, 04 Nov 2015 03:51:00 +0000 |
parents | e61eacecd319 |
children | 5e73df562a7d |
line wrap: on
line source
The set of host tools built in this directory consists of: fc-loadtool The tool for operating on Calypso GSM devices at a low level. After "breaking" into the target GSM device in its boot process and getting FreeCalypso loadagent running on the target (out of Calypso internal RAM, aka IRAM), loadtool presents an interactive command prompt with commands for peeking and poking registers and most importantly, reading and writing any part of the device's non-volatile flash memory. fc-iram & fc-xram These utilities are intended for FreeCalypso developers only. They load an S-record code image into IRAM or XRAM, respectively, induce a transfer of control to the loaded code, and then drop into a serial line pass-thru mode for the operator to interact with the thus loaded target code. The currently supported target devices are the Compal family of basic dumbphones, the Openmoko GTA0x GSM modem and the Pirelli DP-L10 feature phone. All tools in the FreeCalypso loadtools suite work by feeding pieces of code to the target device as it boots, preventing the booting of its regular firmware and diverting control to these externally-loaded code pieces. These pieces of ARM7 target code need to be installed on the host system running loadtools, normally in /usr/local/share/freecalypso: loadagent This is the "agent" code that runs on the target device when fc-loadtool is operating on it: loadtool carries out its operations by sending commands to loadagent. There is only one version of loadagent for all currently supported Calypso targets: loadagent does not access any resources outside of the Calypso chip itself unless commanded to do so, and loadtool supports different target devices with different hardware configurations by sending different commands to loadagent as appropriate. compalstage For Compal phones only: a little piece of code that is fed to the original fw's bootloader via the serial download protocol provided by the latter; it re-enables the Calypso chip boot ROM and jumps to it, allowing our loadagent to be loaded in the same way as on freedom-enabled devices. If you are working with a development snapshot of the freecalypso-sw source tree, you will need to compile and install a GNU cross-compiler toolchain targeting ARM7 (see ../toolchain) and then use that toolchain to compile loadagent and compalstage (see ../target-utils) before you can successfully use loadtools to operate on a target device. End-user oriented releases of FreeCalypso host tools will include prebuilt loadagent and compalstage binaries in the target-binaries subdirectory. Installing ========== Just run 'make' and 'make install' as usual. If the target-binaries directory is present, your installation will be complete and ready to use. If you are building these pieces yourself from source, do a 'make' and 'make install' in ../target-utils, after you have the ARM7 gcc toolchain installed and working. Basic usage =========== The steps for bringing up fc-loadtool to operate on a target Calypso device are as follows: 1. If you are using a USB serial adapter, or operating on a Pirelli phone that has one built in, connect the USB side first so that the necessary /dev/ttyUSB* device node appears. 2. Run fc-loadtool like this: fc-loadtool $TARGETOPT /dev/ttyXXX Change /dev/ttyXXX to the actual serial port you are using, and change $TARGETOPT to: Device Needed options ----------------------------------- Mot C11x/123 -h compal Mot C139/140 -h compal -c 1003 Mot C155/156 -h c155 Openmoko GTA02 -h gta02 Pirelli DP-L10 -h pirelli 3. Cause the target device to execute its boot path. Openmoko GTA0x and Pirelli DP-L10 targets have the Calypso boot ROM enabled, and will interrupt and divert their normal boot path when they "hear" the beacons which fc-loadtool will be sending down the serial line. Compal phones have this boot ROM disabled at the board level, but their standard firmware includes a flash-resident bootloader that offers a different way of interrupting the boot path and loading code over the serial line; fc-loadtool will be set up to speak the latter protocol when run with the corresponding options from the table above. You will see messages showing fc-loadtool's progress with feeding first compalstage (if needed), then loadagent (always needed) to the target device, followed by some target-specific initialization done via loadagent commands. If all of the above succeeds, you will land at a loadtool> prompt. Type 'help', and it will guide you from there. Alternatively, you can familiarize yourself with loadtool commands and operations without actually running it by reading the loadtool.help text file. Command line options ==================== The fc-loadtool command lines shown above will usually be sufficient. However, here is the complete command line description for all 3 tools: fc-iram [options] ttyport iramimage.srec fc-xram [options] ttyport xramimage.srec [2ndprog] fc-loadtool [options] ttyport The available options are common for all 3 utilities, with a few noted exceptions: -a /path/to/loadagent This option applies only to fc-loadtool and fc-xram. It specifies the pathname at which the required loadagent.srec image should be sought, overriding the compiled-in default. -b baud This option is common for all 3 utilities. It selects the baud rate to be used when pushing the IRAM image to the Calypso boot ROM. In the case of fc-iram, the selected baud rate will be in effect when the loaded IRAM image is jumped to and fc-iram drops into the serial tty pass-thru mode; in the case of fc-loadtool, it will be the initial baud rate for communicating with loadagent, which can be switched later with the baud command. The default is 115200 baud. -B baud This option is specific to fc-xram. It selects the baud rate to be used when pushing the XRAM image to loadagent. If no -B option is specified, fc-xram will communicate with loadagent at the same baud rate that was used to load loadagent itself via the Calypso boot ROM download protocol, i.e., the rate selected with -b, defaulting to 115200 baud if no -b option was given either. Neither -b nor -B affects the baud rate that will be in effect when the loaded XRAM image is jumped to and fc-xram drops into the serial tty pass-thru mode: that baud rate independently defaults to 115200 baud and can only be changed with the -r option. -c <compalstage flavor> This option is common for all 3 utilities. It directs the tools to perform the Compal loading stage before proceeding with the Calypso boot ROM serial protocol, and selects the "flavor" of compalstage to use. As you can see in the source, compalstage is built in 3 different versions, for different C1xx models which exhibit different quirks. This option overrides the compal-stage setting given in the hardware parameter file selected with -h or -H; the -c or -C option must be given after -h or -H in order to take effect. -c none disables the Compal stage and causes the tools to proceed directly to the Calypso boot ROM phase, even on targets for which the hardware parameter file specifies compal-stage. -C /path/to/compalstage-binary This option is just like -c, except that the given argument is used directly as the compalstage binary file pathname (absolute or relative) without checking or alteration. -h hwtype This option is common for all 3 utilities. It selects the specific target device configuration to be used. More precisely, it constructs a pathname of the form /usr/local/share/freecalypso/%s.config, where %s is the argument given to this option, and uses that file as the hardware parameter file. The hardware configurations known to the present release of FreeCalypso loadtools are listed in the "Basic usage" section above. -H /path/to/hwparam-file This option is just like -h, except that the given argument is used directly as the hardware parameter file pathname (absolute or relative) without alteration. -i num This option is common for all 3 utilities. It specifies the interval in milliseconds at which the tool will send "please interrupt the boot process" beacons out the serial port, hoping to catch the Calypso internal boot ROM. The default is 13 ms. -n This option does anything only when loadtools have been compiled to run on GTA0x AP (see the corresponding section below). If you've compiled loadtools with the -DGTA0x_AP_BUILD option, it has an effect of making each tool automatically toggle the modem power control upon startup, removing the need for manual sequencing of the Calypso boot process. This -n option suppresses that action, making the AP build behave like the standard build in this regard. -r baud (fc-loadtool) This optoin is specific to fc-loadtool. It causes the tool to skip its normal steps of feeding loadagent and possibly compalstage to the target via special serial protocols, and instead assume that the target is already running loadagent, communicating at the specified baud rate. In other words, reattach to an already running loadagent. Use this option if your fc-loadtool session has been terminated ungracefully and you would like to reattach and resume, rather than forcibly reset the target by yanking and reinserting the battery and restart from the beginning. -r baud (fc-xram) This option is specific to fc-xram. It selects the serial line baud rate which should be set just before the loaded XRAM image is jumped to; the default is 115200 baud. fc-xram 2nd program invokation ============================== The fc-xram utility can take two possible actions after it has loaded the specified S-record image into XRAM: * The default action, in the absence of additional command line arguments, is to drop into a serial tty pass-thru mode, just like fc-iram. * The alternative action is to invoke a 2nd program and pass the serial communication channel to it. This 2nd program invokation facility is intended primarily for passing the serial communication channel to rvinterf or rvtdump from the FreeCalypso software suite, not for launching any arbitrary 3rd-party programs from fc-xram. The intended usage scenario is that one builds a version of the FreeCalypso GSM firmware (or some subset thereof, such as an "in vivo" FFS editing agent) in the ramImage configuration, fc-xram is used to load that ramImage into the target device, and then the serial communication channel (RVTMUX) is immediately taken over by rvinterf or rvtdump. Openmoko GTA0x ============== All of the above instructions assume that you are running these loadtools on a general-purpose host system such as a GNU/Linux PC or laptop, and will potentially use them to operate on multiple Calypso targets of different kinds. If instead you are building loadtools to run on the application processor of a smartphone such as Openmoko GTA0x, then it makes no sense for that special build of loadtools to support any target other than the specific modem in that smartphone. Loadtools can be built with compalstage support excluded and with GTA0x-specific modem power control included instead. This build will still include a bunch of functions of no relevance to GTA0x, but oh well.. To build loadtools for the GTA0x AP, you'll need to make the following modifications to the Makefile: * Change the CC= line to point to the appropriate cross-compiler (which you'll need to provide yourself); * Change the CFLAGS= line: add the right options to target the ARM920T core in the GTA0x AP (e.g., -march=armv4t -mtune=arm920t), and add -DGTA0x_AP_BUILD to enable some code that makes sense only when running on the GTA0x AP. * Change EXTRA_OBJ= from listing compalload.o to listing compaldummy.o and gtapower.o instead. See gta-ap-build.sed for an example.