comparison doc/Flash-boot-modes @ 205:de8f75783b3b

Flash-boot-defect and Flash-boot-modes documentation
author Mychaela Falconia <falcon@freecalypso.org>
date Tue, 02 May 2017 03:24:30 +0000
parents
children
comparison
equal deleted inserted replaced
204:064d4eedb3a6 205:de8f75783b3b
1 The Calypso chip includes an on-die boot ROM that allows the boot process to be
2 interrupted and diverted by an external host sending some special characters
3 into either of the two UARTs; this mechanism is what allows us to load code into
4 RAM and to reload the flash on Calypso GSM devices without having to resort to
5 JTAG or chip desoldering or other extreme measures. In normal operation, when
6 the boot path is NOT being diverted by an external serial download, the boot ROM
7 transfers control to the regular firmware in the flash - but there are two
8 different modes in which the flash fw image may be booted.
9
10 In order for the flash fw image to be considered bootable by the Calypso boot
11 ROM, the 32-bit word at flash address 0x2000 must equal either 0 or 1; if it
12 equals any other value, the boot ROM will consider the flash fw image to be
13 invalid (e.g., blank flash) and will wait forever for a serial download instead
14 of proceeding with flash boot. Depending on whether this word at 0x2000 equals
15 0 or 1, the flash fw image will be booted in one of two very different ways;
16 we shall call them flash boot mode 0 and flash boot mode 1, respectively.
17
18 In flash boot mode 0 the following 32-bit word at flash address 0x2004 must
19 contain the address of the flash fw image entry point (ARM/Thumb selection in
20 the least-significant bit); the boot ROM will simply jump to this address with
21 a BX instruction. When the flash fw image is booted in this manner, the boot
22 ROM is still mapped at address 0 and the first 8 KiB of flash are inaccessible
23 except via the 0x03000000 alternate mapping, unless the firmware later changes
24 the 0xFFFFFB10 register. This boot mode is intended for flash fw images that
25 use the interrupt and exception vectors in the ROM (branching to IRAM addresses
26 0x80001C-0x800034) for their interrupt and exception handling.
27
28 Flash boot mode 1 is different: instead of jumping directly to the flash fw
29 image, the boot ROM copies a small piece of its code into IRAM and jumps to that
30 code; the copied code disables the boot ROM via the 0xFFFFFB10 register (puts
31 the external flash at address 0) and induces a processor reset through the
32 watchdog timer. It is not clear to us exactly what blocks are affected by the
33 watchdog reset, but bits 9:8 of the 0xFFFFFB10 register are not reset, hence
34 the ARM processor now boots from the reset vector in the flash as if the boot
35 ROM weren't there - and the latter really is not there after having disabled
36 itself.
37
38 Flash boot mode 0 is only usable on Calypso C035 silicon (the "new" kind);
39 while all commercial Calypso GSM devices targeted by FreeCalypso feature Calypso
40 chips of the correct "new" kind, the people at TI who wrote and maintained their
41 official firmware also had to work with older Calypso C05 chips featured on the
42 early D-Sample and Leonardo boards. The earlier boot ROM code version in those
43 early Calypso chips also implements the two boot modes which we call mode 0 and
44 mode 1, but its implementation of mode 0 is broken and unusable, therefore TI's
45 firmware people only used flash boot mode 1. On the other hand, newer firmware
46 designs made for current rather than historical hardware will probably find
47 mode 0 to be cleaner, more intuitive and more convenient.
48
49 All TI official firmwares use flash boot mode 1, our FreeCalypso Magnetite
50 firmware does likewise, being a direct derivative of TI's TCS211 fw, but our
51 FC Citrine firmware uses flash boot mode 0, as that part of the Citrine fw is
52 our own original design.