FreeCalypso > hg > freecalypso-tools
diff loadtools/loadtool.help @ 0:e7502631a0f9
initial import from freecalypso-sw rev 1033:5ab737ac3ad7
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Sat, 11 Jun 2016 00:13:35 +0000 |
parents | |
children | 6178a3d3cf74 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/loadtools/loadtool.help Sat Jun 11 00:13:35 2016 +0000 @@ -0,0 +1,348 @@ +This is the help file for fc-loadtool. See lthelp.c for the code +that parses and displays it. The parsing code is the only +documentation for the format of this help file - if you are going to +edit this help text, read the parsing code first. + +=== main +This utility allows you to perform the following operations +on your Calypso GSM device: + +* Peek and poke registers +* Dump any part of memory +* Read and program flash + +See the following help topics for more information: + +help peekpoke Register peek and poke commands +help flash Flash operation commands +help all List of all implemented commands +help exit Controlling the cleanup on exit + +=== all +abbr Read an ABB register +abbw Write an ABB register +baud Switch the serial comm with loadagent to a different baud rate +crc32 Get CRC-32 of a memory area on the target +dieid Read the Calypso die ID +dump Dump a target memory region in hex and ASCII +dump2bin Dump a target memory region to a file in binary format +dump2srec Dump a target memory region to a file in S-record format +exec Execute a command script +exit Exit from loadtool and clean up the target device state +flash Flash operations +flash2 Operations on the 2nd flash bank (Pirelli phone only) +quit Alias for exit +r8 Read an 8-bit register or memory location +r16 Read a 16-bit register or memory location +r32 Read a 32-bit register or memory location +w8 Write an 8-bit register or memory location +w16 Write a 16-bit register or memory location +w32 Write a 32-bit register or memory location + +To get help on any command, type help and the command keyword. + +=== abbr +=== abbw +abbr pg reg Read ABB register <reg> on page <pg> +abbw pg reg val Write <val> into register <reg> on page <pg> + +The <pg> and <reg> arguments default to decimal unless prefixed with 0x; +the <val> argument to abbw is always hexadecimal. + +=== baud +baud Display the current baud rate +baud <rate> Switch the baud rate to <rate> (number in bps) + +The supported baud rates are: + +Standard: 19200, 38400, 57600, 115200 +Calypso special: 203125, 406250, 812500 + +The baud command coordinates the necessary simultaneous switching of the +baud rate on both the host and the target (loadagent). Loadagent always +supports all of the listed rates and will switch happily, but in the case +of the higher non-standard baud rates fc-loadtool has no way of knowing +ahead of time whether or not the requested baud rate is supported by your +usb2serial adapter or whatever other serial port hardware and driver +you are using. If the baud rate switch fails, the communication link with +the target will be broken and fc-loadtool will exit ungracefully. + +=== crc32 +crc32 hex-start hex-len + +The first argument is the starting target memory address in hex; the second +argument is the length of the area to CRC, also in hex. The command will be +sent to loadagent; CRC-32 of the requested range will be computed on the target +and displayed in hex. + +=== dieid +dieid Display the Calypso die ID +dieid <filename> Display the Calypso die ID, and also save it in the + named file + +The Calypso die ID resides in 4 16-bit registers at target addresses +0xFFFEF010 through 0xFFFEF016. It is displayed on the terminal and optionally +saved to a file in this simple form: + +FFFEF010: xxxx +FFFEF012: xxxx +FFFEF014: xxxx +FFFEF016: xxxx + +=== dump +dump hex-start hex-len + +The first argument is the starting target memory address in hex; the second +argument is the length of the area to dump, also in hex. The dump will be +displayed on the terminal in hex and ASCII. + +=== dump2bin +=== dump2srec +dump2bin hex-start hex-len outfile +dump2srec hex-start hex-len outfile + +The first argument is the starting target memory address in hex; the second +argument is the length of the area to dump, also in hex; the third argument +is the name of the output file to be created/written. The dump will be saved +in binary or S-records as per the chosen command, always in the native byte +order of the Calypso ARM7 target (little-endian). + +=== exec +exec <script-file> + +Read and execute commands from the named file. If the given file name contains +no slashes, the script file is sought in the default directory (normally +/usr/local/share/freecalypso unless changed in the code); otherwise the given +name is used directly as the pathname. + +=== exit +=== quit +exit Clean up the target in the default manner and exit +exit bare Exit loadtool without doing anything to the target +exit iota-off Exit loadtool and command an ABB power-off on the target +exit jump0 Exit loadtool and command the target to reboot via jump to 0 + +The default method of cleaning up the target device state upon exit is set +in the hardware parameters file selected with the -h or -H command line +option; it is the exit-mode setting. On the Pirelli phone the default exit +mode is jump0: it causes the phone to reboot and enter the "charging boot" +mode, as the USB cable is connected and VBUS is present. On Compal phones the +default exit mode is iota-off. + +If your device is a GTA02 and you are running fc-loadtool from inside the phone +(from the AP), the exit command will power off the modem from the AP. If you +are talking to GTA02 Calypso from an external host via the headset jack, there +is nothing that fc-loadtool can currently do to power the modem off (exit is +the same as exit bare in this case) - power it off yourself from the AP. + +If you do an exit bare without powering the target device off in some other +way, the device will still be running loadagent, which is probably not what you +want. However, it is the proper exit mode if you have powered off or reset the +target device by brute force (yanking the battery). + +=== flash +=== flash2 +The primary end use of fc-loadtool is for reading and writing the NOR flash +memories of the supported GSM devices. Compal phones and the GTA0x GSM modem +have only one flash bank (as in chip select), and are manipulated with the +flash command. The Pirelli phone has two flash banks (as in chip selects) of +8 MiB each; they are manipulated with the flash and flash2 commands. + +The following flash operations are available on all target devices: + +flash blankchk Blank-check a region of flash +flash dump2bin Dump flash content to a file in binary format +flash dump2srec Dump flash content to a file in S-record format +flash erase Erase a region of flash +flash info Display flash configuration info +flash program-bin Program flash with a binary file +flash program-m0 Program flash with an image in TI's *.m0 format +flash program-srec Program flash with an image in standard S-record format +flash quickprog Program a few flash words from the command line +flash reset Reset flash chip to read array mode +flash sectors Display the list of flash sector addresses and sizes + +Substitute flash2 instead of flash when operating on the 2nd flash chip select +of Pirelli-style flash memory configurations. Prepend help before a command to +get usage information, e.g., help flash program-bin. See help compal for some +additional info specific to Compal targets. + +=== compal +=== compalflash +=== flash:compal +Compal phones have Intel or Intel-style flash chips; other Calypso targets for +which loadtool was originally designed have AMD-style flash chips. The author +of the present software has a personal bias toward AMD-style flash, hence the +support for Intel-style flash is not as clean. Compal phones also have the +Calypso boot ROM disabled, and depend on flash-resident boot code instead. +This property makes them brickable. + +The following additional loadtool commands apply only to Compal targets with +Intel-style flash: + +flash erase-program-boot Erase and reprogram the boot sector +flash status Read Intel flash Status Register +flash unlock Unlock flash sectors + +=== flash:blankchk +flash[2] blankchk hex-start-offset hex-length + +Blank-checks an area of flash starting at the specified hex offset (from the +base address of the flash bank) and extending for the specified hex length. +Reports whether the checked region is blank or not. Flash must be blank (FF in +all bytes) before it can be programmed. + +=== flash:dump2bin +flash[2] dump2bin outfile [offset [length]] + +Read device flash content and save it to a file. If only a filename is +specified, the full flash bank is dumped; one can optionally specify a starting +offset and an explicit length, both in hex. + +This command is merely a user-friendly front-end to the plain dump2bin command; +see help dump2bin. + +=== flash:dump2srec +flash[2] dump2srec outfile [offset [length]] + +Read device flash content and save it to a file. If only a filename is +specified, the full flash bank is dumped; one can optionally specify a starting +offset and an explicit length, both in hex. + +This command is merely a user-friendly front-end to the plain dump2srec command; +see help dump2srec. + +=== flash:erase +flash[2] erase hex-start-offset hex-length + +Erases an area of flash starting at the specified hex offset (from the base +address of the flash bank) and extending for the specified hex length. + +Flash memory can only be erased (turning 0 bits back to 1s) in units of +sectors, as set in stone by the design of the flash chip in use. Loadtool +knows the sector layout of the flash chip in your device from CFI or from the +hardware parameters file (you can display it with the flash[2] sectors +command), and enforces that both arguments to the flash[2] erase command lie +on sector boundaries. + +=== flash:erase-program-boot +flash erase-program-boot binfile [length] + +This operation is applicable to Compal targets only. This command erases and +reprograms flash sector 0 (the boot sector) with minimized vulnerability to +bricking by loading the new boot code into a scratchpad RAM area on the target, +then commanding loadagent (running on the target) to erase and reprogram the +dangerous flash sector without requiring further interaction with loadtool. +(In contrast, loadtool's "regular" flash erase and program operations are +driven primarily by loadtool, with loadagent providing only low-level +functions.) + +The new bits to be programmed are taken from the specified binary file. Byte 0 +of the file goes into byte 0 of the flash and so on, for the specified length. +If no length argument is given, it defaults to the length of the file, which +must not exceed the length of flash sector 0: 64 KiB on the "basic" Compal +phones or 8 KiB on C155/156. + +=== flash:info +This command displays summary information about the flash memory configuration +of the Calypso target device loadtool thinks it's talking to. + +=== flash:program-bin +flash[2] program-bin flash-offset binfile [file-offset [length]] + +This command programs flash, using a binary file as the data source. One must +always specify the starting flash offset (from the base address of the flash +bank), but the starting file offset and length are optional, defaulting to the +whole file. + +The binary file must be in the native byte order of the Calypso ARM7 processor, +which is little-endian. Images produced by flash[2] dump2bin are suitable. + +=== flash:program-m0 +flash[2] program-m0 image.m0 + +*.m0 is the format that has been used by companies like TI and Closedmoko for +their proprietary firmware images. It is emitted by TI's hex470 tool, and in +the proprietary environment it is fed as an input to FLUID. (The latter is +TI's Flash Loader Utility Independent of Device, and fc-loadtool can be seen as +an independent reimplementation thereof - although it doesn't have the same +level of device-independence.) The *.m0 format is actually a variant of +Motorola's SREC, but with a different byte order: each 16-bit word is +byte-reversed relative to the native byte order of the ARM7 processor. +(This strange byte order actually makes some sense if one views the image as a +long array of 16-bit hex values; 16 bits is the width of the flash memory on +Calypso GSM devices and thus the natural unit size for flash programming.) + +Because each S-record contains an address, no addresses or offsets need to be +specified in the flash[2] program-m0 command, only the image file. + +=== flash:program-srec +flash[2] program-srec image.srec + +This command programs the flash with an image in the standard S-record format, +in the native little-endian byte order of the Calypso ARM7 processor. It is +the opposite byte order from that used by TI's *.m0 files - +see help flash program-m0. Images produced by flash[2] dump2srec are suitable +for flash[2] program-srec. + +Because each S-record contains an address, no addresses or offsets need to be +specified in the flash[2] program-srec command, only the image file. + +=== flash:quickprog +flash[2] quickprog hex-offset hex-data-string + +This command is intended only for developers; it provides raw access to +loadagent's basic flash write primitive. Read the source code for more +information. + +=== flash:reset +Intel-style flash memory chips (found in Compal phones) have two "stable" or +"quiescent" states: reading array data and reading the status register (SR). +After an erase or program operation the flash chip is "parked" in the Read SR +state; the flash reset command switches it back to reading array data. + +This command works for AMD-style flash as well (found in Openmoko and Pirelli +phones), but it is normally not needed, as AMD-style flash chips automatically +return to the read-array-data state after every erase or program operation. + +=== flash:sectors +This command displays the list of sector offsets and sizes for the flash chip +in the Calypso target device loadtool thinks it's talking to. + +=== flash:status +This command is only applicable to Intel-style flash as found in Compal phones. +It reads the flash chip's Status Register, which can be used to diagnose errors +incurred by previous erase or program operations. + +=== flash:unlock +flash unlock hex-start-offset hex-length + +This command is only applicable to Intel-style flash as found in Compal phones. +These flash chips power up with each sector (erase block) in the "locked" state; +each sector needs to be unlocked before it can be erased or programmed. + +This command is normally not needed, as the flash erase command unlocks each +sector before erasing it. However, if you are going to perform program +operations in some sectors without erasing them, you will need to unlock them +explicitly first. + +This command operates only on sector boundaries just like flash erase. + +=== r8 +=== r16 +=== r32 +=== w8 +=== w16 +=== w32 +=== peekpoke +The register peek and poke commands are: + +r8 addr Read an 8-bit register or memory location +r16 addr Read a 16-bit register or memory location +r32 addr Read a 32-bit register or memory location +w8 addr data Write an 8-bit register or memory location +w16 addr data Write a 16-bit register or memory location +w32 addr data Write a 32-bit register or memory location + +All addresses and data values are in hex. +