FreeCalypso > hg > tcs211-l1-reconst
comparison README @ 290:95f308ba55c7
README for the almost fully reconstructed state
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Mon, 20 Mar 2017 00:37:25 +0000 |
| parents | 53d8cb470dc7 |
| children | ed3e588600c1 |
comparison
equal
deleted
inserted
replaced
| 289:f2f7f4dff6d7 | 290:95f308ba55c7 |
|---|---|
| 1 The purpose of this Hg tree (derived from leo2moko-debug) is to facilitate an | 1 This Hg repository contains a version of TI's TCS211 firmware based on our sole |
| 2 attempt at reconstructing an L1 source that would match the binary object | 2 available TCS211 semi-src with the L1 component almost fully deblobbed. |
| 3 version we got with our TCS211 semi-src delivery from Sotovik. | 3 Specifically, we have deblobbed all of L1 with the exception of GPRS-specific |
| 4 l1p_*, macs and p_tpudr12 modules - all other L1 modules are recompiled from | |
| 5 reconstructed C sources, producing objects that work in the place of the | |
| 6 original blobs - sometimes matching bit for bit, in other cases differing in | |
| 7 the bits, but matching in logic. See STATUS for a detailed analysis of the | |
| 8 reconstruction matches and differences. | |
| 4 | 9 |
| 5 The idea is to deblob TCS211 L1 one module or small group of modules at a time. | 10 Building the firmware in this tree requires a trick because of the not-yet- |
| 6 Take individual C modules from the LoCosto L1 source and get them to compile | 11 deblobbed L1_GPRS modules - see README.old for the details. This tree only |
| 7 in the TCS211 environment with TCS211 versions of all include files, producing | 12 supports the original gtamodem target; see FreeCalypso Magnetite for other |
| 8 new from-source objects that would serve as candidate replacements for the ones | 13 target support. |
| 9 we got as blobs. An absolutely essential aspect of this approach is | |
| 10 incrementality: we should be able to deblob just a few L1 objects (replace them | |
| 11 with build-from-source versions) while keeping the original blobs for all other | |
| 12 parts of L1 we haven't reached yet, and regression-test at each step to ensure | |
| 13 that the firmware still works. | |
| 14 | 14 |
| 15 TI's build system for this fw does not provide very fine granularity as far as | 15 Choice of version for reconstruction |
| 16 compiling each individual module from source or taking it as a delivered blob. | 16 ==================================== |
| 17 Instead it operates on the granularity of libs, or sometimes (as in the case of | |
| 18 L1) groups of libs. In the case of L1, this tree has the build system set up | |
| 19 to rebuild l1_ext.lib and l1_int.lib from source, which necessarily includes | |
| 20 _everything_ that goes into these libs. We are nowhere close to having a | |
| 21 working reconstructed source for every module in these two libs, thus we have | |
| 22 dummies in the place of most of them to appease BuSyB. Therefore, if you | |
| 23 simply run ./winebuild.sh to build this fw version, the link step will fail. | |
| 24 | 17 |
| 25 Instead this fw has to be built in a somewhat convoluted way: | 18 For some of the L1 objects (those packaged in l1_ext.lib and l1_int.lib) we |
| 19 have two versions: the original from 20070608 (the same date as the rest of our | |
| 20 TCS211 semi-src) and an updated version of the l1_{ext,int}.lib set from | |
| 21 20080421. To the best of our knowledge, this 20080421 update was provided by | |
| 22 TI-Taiwan while engaged in a wild goose chase after the infamous bug #1024, | |
| 23 which later turned out to be a pure hardware problem, not involving the firmware | |
| 24 at all. | |
| 26 | 25 |
| 27 1. Run ./winebuild.sh initially to compile everything leading up to the link | 26 The differences between the two versions are limited to just 3 objects: |
| 28 step, and let it fail. | 27 l1_cmplx.obj and l1p_cmpl.obj in l1_ext.lib, and l1_ctl.obj in l1_int.lib. |
| 29 | 28 |
| 30 2. Go into g23m/__out__/gsm*/obj/l1_ext, and copy in original blob objects for | 29 When we were reconstructing l1_cmplx.c and l1_ctl.c from the available LoCosto |
| 31 all those modules which have not been source-reconstructed yet. Do likewise | 30 source, the reconstruction of the original 20070608 version came more easily |
| 32 for l1_int. | 31 than the 20080421 update, and our reconstruction of these two modules matches |
| 32 the 20070608 objects bit for bit. It thus appears that whatever changes TI's | |
| 33 customer support group made in that 20080421 version were not on TI's internal | |
| 34 mainline. | |
| 33 | 35 |
| 34 [Update: the copyblobs.sh script does this job now.] | 36 Because the 20080421 L1 libs update was made for no other purpose except an |
| 37 attempt to debug or fix what was erroneously believed to be a firmware problem | |
| 38 but turned out to be hw instead, we have every reason to believe that it does | |
| 39 not improve anything and is ultimately unnecessary. And because the original | |
| 40 20070608 version was easier to source-reconstruct than the other, we are | |
| 41 adopting the original 20070608 version and our reconstruction of its C source | |
| 42 form as the canonical version of TCS211 L1 for FreeCalypso. | |
| 35 | 43 |
| 36 3. Run ./winebuild.sh again. As long as the dummy C files have not been | 44 Note that because we have not source-reconstructed the GPRS-specific l1p_* |
| 37 touched and the copied-in objects have newer timestamps, the dummies won't | 45 modules yet, we haven't looked at the l1p_cmpl.obj differences yet. However, |
| 38 be recompiled and the copied-in objects won't get blown away. TI's make | 46 when building a complete fw image with GPRS included using our partially |
| 39 will rerun the ar packaging step to produce l1_ext.lib and l1_int.lib from | 47 reconstructed L1, one should use the 20070608 version of the l1p_cmpl.obj blob |
| 40 the mix of objects (some compiled from source, others copied-in blobs) in | 48 for consistency, like we do in FreeCalypso Magnetite. |
| 41 the obj directories, and then the final link should succeed. | |
| 42 | |
| 43 The development process is as follows: | |
| 44 | |
| 45 1. Choose an individual L1 C module to work on. | |
| 46 | |
| 47 2. Copy the source for the chosen module from the LoCosto source in the place | |
| 48 of the dummy in this tree. | |
| 49 | |
| 50 3. Run ./winebuild.sh in the g23m directory and examine the output in | |
| 51 report.txt. If the imported C module fails to compile, massage it until it | |
| 52 passes compilation. | |
| 53 | |
| 54 4. Once compilation passes, look at the generated COFF object in | |
| 55 g23m/__out__/gsm*/obj/l1_{ext,int}. Disassemble it with the tiobjd tool | |
| 56 from freecalypso-reveng, and compare against the disassembly of the | |
| 57 original ("official") binary blob version we got. Massage the reconstructed | |
| 58 source until it compiles into object code that matches the original. | |
| 59 | |
| 60 [Update: use the scripts under g23m/objdiff to facilitate the disassembly | |
| 61 and diffing.] |