Hi David (Given),
I'm new to the list too (this week) so should also say a hello.
It sounds like your aims are the same as mine - and those of Ralph to whom I have been talking this week about booting stuff on the E2. I have an E2 at the moment because it was 20 quid instead of 100 ;-)
So Ralph (and myself independently) has found that PBL sits waiting for a character 27 for 'a little bit' when it boots, then sends back a header (6, 6, 6, 6, 6, 6 ..) to say hello; and /then/ drops into the FSM for the EXP protocol Ralph has decyphered (!).
Last night I bodged an old USB mobile phone serial cable onto my EXP port - I'm pretty sure the E3 and the E2 differ with regard to the voltages on the EXP port. That is, that webpage suggests that E3 is at RS232 levels and doesn't need any line drivers. The E2 appears to be at TTL levels (0V and 5V) and as such won't work when connected straight to an RS232 port. (I tried this too ;) I connected the USB-serial (which didn't have linedrivers to RS232 levels) to the EXP port and by sending ESC characters I was able to interrupt the E2 from its normal boot routine. I didn't see the expected reply but I'm having all sorts of minicom/serial weirdness on OS X so I'm still hopeful.
Does anyone know if it's possible to use PBL to download and run arbitrary code on the device?
Directive 05 would seem to allow data to be written to memory, but there doesn't seem to be any way of getting it to be executed. Does anyone know of such a thing? Would 05 allow you to overwrite PBL's stack (the dodgy way of doing this?)
Yes :-) It appears that all should be possible though I don't think it's been done yet - Ralph will know in more detail but it should be poss. to do exactly that since the stack pointer will be in a relatively predictable place.
(I suppose the easiest way of running your own code is to write it into the flash and then do a normal boot, but I'd rather not brick it immediately. Heaven forbid, the standard software might turn out to be useful.)
Yes this sounds sensible - if there's an Easy Enough way to get bootstrap code in there via serial/EXP then we don't need any horrible JTAG stuff. Ideally something like loading our own loader through PBL - our loader takes over and then we can download a DRAM image, or get it to reflash the NAND in such a way that PBL will later load our own code.
-Matt