This document describes the basic usage principles for our rvinterf suite oftools, which is the subset of FC host tools for talking to TI-based GSM devicesvia the RVTMUX binary packet interface.rvtdump=======Rvtdump is a utility that listens on a serial port, receives traces or any otherpackets emitted by the running firmware of a GSM device in TI's RVTMUX format,decodes them into readable ASCII and emits them to stdout and/or to a log file.It is to be invoked as follows:rvtdump [options] /dev/ttyXXXwhere the sole non-option argument is the serial port it should open and listenon.The available options are:-b Normally the rvtdump process remains in the foreground and emits its output on stdout. The -b option suppresses the normal output and causes rvtdump to put itself in the background: fork at startup, then have the parent exit while the child remains running. -b is not useful and not allowed without -l.-B baud Selects which RVTMUX serial channel baud rate our tool should listen for. Defaults to 115200 baud, which is TI's default and is correct for our standard FreeCalypso firmwares, for Openmoko's legacy firmwares and for Pirelli's proprietary fw. Use -B 57600 for Compal's RVTMUX, the one accessible via **16379#.-d <file descriptor number> This option is not meant for direct use by human users. It is inserted automatically when rvtdump is launched from fc-xram as the secondary program that immediately takes over the serial channel.-l logfile Log all received and decoded packets into the specified file in addition to (without -b) or instead of (with -b) dumping them on stdout. Each line in the log file is also time-stamped; the timestamps are in GMT (gmtime(3)) instead of local time - Spacefalcon the Outlaw dislikes local times.rvinterf========Rvinterf (the specific program by this name) is an extended version of rvtdump(see above) that decodes and dumps and/or logs any and all output generated bythe firmware running on the target just like rvtdump, but also creates a localUNIX domain socket on the host machine to which "client" programs can connect."Client" programs connecting to rvinterf via this local socket interface can:1. Receive copies of selected RVTMUX packets coming from the target;2. Send arbitrary RVTMUX packets toward the target.Rvinterf is invoked just like rvtdump:rvinterf [options] /dev/ttyXXXThe following options have the same meaning as in rvtdump, see the rvtdumpsection above for the details: -b, -B, -d and -l. The only difference is that-b without -l is potentially useful and thus allowed.Additional rvinterf options which don't exist in rvtdump are:-n Suppress the output on stdout like -b, but don't fork into background. This option is passed by "client" programs when they invoke rvinterf behind the scenes instead of connecting to an already-running rvinterf instance.-P <boot control name> See Target-boot-control article.-s pathname_for_socket By default the local UNIX domain socket created by rvinterf is bound to /tmp/rvinterf_socket; this option allows any other pathname to be specified.-S <file descriptor number> This option is not meant for direct use by human users. It is passed by "client" programs when they invoke rvinterf behind the scenes with an unnamed and unbound socket pair instead of conecting to an already- running rvinterf instance.-w number_in_seconds Reliable UART communication with a Calypso GSM device that can potentially enter the so-called "deep sleep" mode requires certain special workarounds that could be described as a bit of an ugly hack: see the Deep-sleep-support article for the gory details. The hack implemented in rvinterf is as follows: if a packet is to be sent to the target and more than a set time has elapsed since the last transmitted packet, the packet is preceded by a "wake-up shot" of 64 0 bytes (outside of a packet, ignored by the fw) and a 100 ms pause. The -w option changes the elapsed time threshold at which the "wake-up shot" is sent; the default is 7 s. Specify -w 0 to disable this hack altogether.Client programs===============We have an entire family of so-called "client" programs which connect torvinterf via the local socket interface and use rvinterf as the back-end enginefor communicating with GSM device firmwares. The main ones are fc-fsio,fc-shell and fc-tmsh described in the RVTMUX article, and the less importantones are fc-memdump, fc-dspapidump, fc-readcal and fc-tmsync listed inHost-tools-overview. There is also the fcup-rvtat program which is invokedbehind the scenes by fcup-* tools (see User-phone-tools) when they are usedwith the -R option.All of these client programs can work in one of two ways: they can connect toan already running rvinterf process through the UNIX domain socket mechanism,or they can launch their own private instance of rvinterf behind the scenes,using an unnamed and unbound socket pair. (Don't try to have two or morervinterf instances running on the same serial port, it won't work.) Thefollowing command line options are standardized across all of our rvinterfclient programs:-p /dev/ttyXXX Don't connect to an already running rvinterf process, instead launch a private instance of rvinterf on the named serial port.-B baud-l logfile-w number_in_seconds These options are valid only when -p is used, and are passed through to rvinterf.-s pathname_for_socket Connect to a different local UNIX domain socket pathname instead of the default /tmp/rvinterf_socket. This option is valid only when -p is not used.Interactive vs. one-shot operation==================================Our main client programs fc-fsio, fc-shell, fc-tmsh and fc-tmsync can operatein both interactive and one-shot modes. If there is a specific command givenon the invokation command line, that command is executed in the one-shot mode(the program executes that one command, waits for the response from the targetif appropriate, and exits), otherwise each of the listed programs enters itsown interactive mode with its own prompt. The more specialized client programsfc-memdump, fc-dspapidump and fc-readcal always operate in the one-shot manner.fc-fsio, fc-tmsync and the just-listed specialized client programs aresynchronous in nature: whether they are used interactively or in a one-shotmanner (single command per program invokation), all of their operations arebuilt from command-response primitives: each internal low-level function sendsa command packet to the target via rvinterf and waits for a response from thetarget; not getting a response or getting a wrong or unexpected response is afatal error. There is no such thing as a no-wait mode (one-shot or otherwise)with these synchronous programs. Furthermore, what appears to be a singlecommand at the high level may consist of a large number of command-responsepacket exchanges under the hood, and the one-shot mode can be used equallyeasily to run a simple command or a script consisting of many commands. Thefcup-* -R mechanism (implemented by way of the fcup-rvtat back-end program) isalso synchronous like the fc-fsio and fc-tmsync family.In contrast, fc-shell and fc-tmsh are asynchronous, and they work most naturallyin their interactive mode. An interactive fc-shell or fc-tmsh session is aselect loop that listens simultaneously for both user command input on theterminal and packets from the target on the rvinterf socket; user commands causecommand packets to be sent to the target and any response packets received fromthe target are decoded and displayed on the terminal, but these two directionsare completely decoupled from each other. The one-shot mode of operation isinherently less natural with these programs, and constitutes a bit of a hack.fc-tmsh offers the same repertoire of commands in both interactive and one-shotmodes, and each of these commands sends a Test Mode command packet to thetarget. The one-shot mode is actually two modes: one-shot with a wait for atarget response (default) and one-shot with no wait (-n option). One-shot withno wait is straighforward: fc-tmsh constructs the requested TM command packet,sends it to the target via rvinterf and exits. In the other one-shot modewithout -n, fc-tmsh sends the command packet to the target and falls into a loopprocessing input from rvinterf; as soon as some (any) packet is received fromthe target on the TM channel, that packet (which is decoded and displayed) isconsidered to be the response and the program exits with a success indication.fc-shell is the oddest of the bunch: the set of one-shot commands is a subsetof those available in the interactive mode, as some of the commands cannot workoutside of the interactive mode select loop environment. Furthermore, almostall of the one-shot commands in fc-shell always operate in the no-wait mannerwhether -n is given or not. The only fc-shell one-shot commands which wait fora target response in the absence of -n (similarly to fc-tmsh) are AT commands.Startup synchronization hack============================There is one annoying issue that has been seen with FTDI USB-serial adapters:when the serial port served by an FTDI adapter has been receiving serial trafficfrom the target while no host program is running with the port open to read it,and then a host program is started, that newly started host program will oftenget some stale or total garbage input from the freshly opened ttyUSBx port onstartup. In most usage scenarios this issue is not a killer for our rvinterfsuite, only an annoyance: if rvinterf is started on a serial port with thisinitial garbage, there will be some garbage displayed by rvinterf initially,but then it will quickly regain synchronization with the running firmwaretarget. If there is any delay between the starting of rvinterf and command-response packet exchanges with the target (if rvinterf is run explicitly by theoperator first and then the client program, or if the client program thatlaunches rvinterf is an interactive one), no problems occur: rvinterf will bein sync with the target with all initial garbage flushed by the time it needsto do the first command-response packet exchange.There is one potentially problematic usage scenario, though: consider whathappens when a one-shot operation is commanded, it is a type of one-shotoperation that includes waiting for a response from the target, and rvinterf isbeing launched from the client program with -p. In this scenario there will bea command packet sent to the target as soon as rvinterf starts up, and theclient program will expect rvinterf to capture and deliver the target fw'sresponse correctly, but there may not be enough time for rvinterf to clear theinitial garbage presented by the imperfect serial port hardware+drivercombination.Our solution to this potential trouble source is a hack: in the special casewhen rvinterf is being launched by the client program with -p and when theclient operation to be performed falls into the category of one-shot with a waitfor the target fw response, a 30 ms delay is inserted after the return from thevfork call that launches rvinterf and before any actual operations. This hackhas been deemed to be acceptable because this combination of doing one-shotoperations while launching rvinterf with -p is not a very sensible way of usingour rvinterf tools generally, hence it has been deemed acceptable to add a bitof slowdown to this rather contrived use case.
