annotate doc/Flash-boot-modes @ 412:a5dab452be0d

mokosrec2bin utility imported from the old freecalypso-reveng tree, header comments changed for new understanding and new usage in forward rather than reverse engineering
author Mychaela Falconia <falcon@freecalypso.org>
date Thu, 25 Oct 2018 19:23:35 +0000
parents de8f75783b3b
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
205
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
1 The Calypso chip includes an on-die boot ROM that allows the boot process to be
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
2 interrupted and diverted by an external host sending some special characters
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
3 into either of the two UARTs; this mechanism is what allows us to load code into
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
4 RAM and to reload the flash on Calypso GSM devices without having to resort to
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
5 JTAG or chip desoldering or other extreme measures. In normal operation, when
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
6 the boot path is NOT being diverted by an external serial download, the boot ROM
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
7 transfers control to the regular firmware in the flash - but there are two
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
8 different modes in which the flash fw image may be booted.
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
9
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
10 In order for the flash fw image to be considered bootable by the Calypso boot
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
11 ROM, the 32-bit word at flash address 0x2000 must equal either 0 or 1; if it
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
12 equals any other value, the boot ROM will consider the flash fw image to be
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
13 invalid (e.g., blank flash) and will wait forever for a serial download instead
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
14 of proceeding with flash boot. Depending on whether this word at 0x2000 equals
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
15 0 or 1, the flash fw image will be booted in one of two very different ways;
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
16 we shall call them flash boot mode 0 and flash boot mode 1, respectively.
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
17
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
18 In flash boot mode 0 the following 32-bit word at flash address 0x2004 must
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
19 contain the address of the flash fw image entry point (ARM/Thumb selection in
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
20 the least-significant bit); the boot ROM will simply jump to this address with
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
21 a BX instruction. When the flash fw image is booted in this manner, the boot
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
22 ROM is still mapped at address 0 and the first 8 KiB of flash are inaccessible
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
23 except via the 0x03000000 alternate mapping, unless the firmware later changes
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
24 the 0xFFFFFB10 register. This boot mode is intended for flash fw images that
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
25 use the interrupt and exception vectors in the ROM (branching to IRAM addresses
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
26 0x80001C-0x800034) for their interrupt and exception handling.
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
27
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
28 Flash boot mode 1 is different: instead of jumping directly to the flash fw
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
29 image, the boot ROM copies a small piece of its code into IRAM and jumps to that
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
30 code; the copied code disables the boot ROM via the 0xFFFFFB10 register (puts
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
31 the external flash at address 0) and induces a processor reset through the
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
32 watchdog timer. It is not clear to us exactly what blocks are affected by the
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
33 watchdog reset, but bits 9:8 of the 0xFFFFFB10 register are not reset, hence
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
34 the ARM processor now boots from the reset vector in the flash as if the boot
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
35 ROM weren't there - and the latter really is not there after having disabled
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
36 itself.
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
37
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
38 Flash boot mode 0 is only usable on Calypso C035 silicon (the "new" kind);
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
39 while all commercial Calypso GSM devices targeted by FreeCalypso feature Calypso
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
40 chips of the correct "new" kind, the people at TI who wrote and maintained their
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
41 official firmware also had to work with older Calypso C05 chips featured on the
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
42 early D-Sample and Leonardo boards. The earlier boot ROM code version in those
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
43 early Calypso chips also implements the two boot modes which we call mode 0 and
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
44 mode 1, but its implementation of mode 0 is broken and unusable, therefore TI's
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
45 firmware people only used flash boot mode 1. On the other hand, newer firmware
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
46 designs made for current rather than historical hardware will probably find
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
47 mode 0 to be cleaner, more intuitive and more convenient.
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
48
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
49 All TI official firmwares use flash boot mode 1, our FreeCalypso Magnetite
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
50 firmware does likewise, being a direct derivative of TI's TCS211 fw, but our
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
51 FC Citrine firmware uses flash boot mode 0, as that part of the Citrine fw is
de8f75783b3b Flash-boot-defect and Flash-boot-modes documentation
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
52 our own original design.