Well, I've finally worked out how to bend the E2's flash to my will.
The secret to reflashing it is directive 06, which erases the flash chip. It took a while to find because the parameters are different.
0600AAAA AAAABBBB BBBBCCCC AAAAAAAA = offset of start of area BBBBBBBB = length of area CCCC = flash chip to erase
Unlike directive 0E, which reprograms the flash, 06 *doesn't* want a pseudoaddress in the range 80010000 and up. So, to reprogram the first 8kB page, you need:
06000000 00000020 00000100
It might be possible to use this directive to erase the NOR flash, but I don't even want to go *near* that --- JTAGless as I am, if I trash that I've bricked the whole thing.
Once the flash has been erased it can be reprogrammed with 0E.
I've added flash erasure to pblq; it happens automatically when you try to write to the flash. The average speed of the combined operation, at 115200 bps using 8kB data packets, is 6400 Bps. Not brilliant, but better than some dev boards I've had to deal with. (Gen 2 M-Core development board. 150 Bps, with a 2/5 chance of it crashing half-way through a 4MB download, DIEDIEDIEDIE. Cough.)
Incidentally, as part of my test procedure, I erased the first megabyte of flash --- the Amstrad firmware no longer boots. Hurray. When you boot it, it fails to find the initial boot block (that I trashed last time), blinks its lights rapidly at me, sit there for about ten seconds as it tried to find another boot block, and then gives up and repeats.
...
The next step is to (a) create an image, (b) fix the checksum, (c) persuade the E2 to run it, and (d) port a reasonable OS. Well, (a), (b) and some of (c) are done.
It turns out that PBL *does* check the checksum of the boot chunk after all (I'd mistaken a bne for a beq), and doing the maths to find out the magic value to force the checksum to be zero is... slightly more complex than I thought! When I'm less tired I'll try and do it properly, but for now I'm brute-forcing it. As a result, PBL now sees my image as being valid and tries to run it... and falls over:
PBL V3.1 Build:1277 PBL Exception at PC=EAFFFFFAh CPSR=600000D7h(Abort) SPSR=600000D3h(SVC) R0=00040074h R1=00410090h R2=00040090h R3=FFFFFFFFh R4=00550000h R5=00410000h R6=00030000h R7=00040000h R8=FFFF4C00h R9=000141CCh R10=00000000h R11=FFFF4000h R12=00000000h
That program counter looks awfully strange.
But, anyway, this means that I'm *this close* to running code. This current bug is probably really simple, but I'm amazingly tired and need to go to bed, and so I'll tackle it tomorrow.
Do we have anywhere where I can upload my shiny new version of pblq (v0.2), which now has the ability to write to DRAM and flash, and has a built-in serial terminal?