Hi guys,
I'm trying add support for writing to RAM (and then jump & execute). However, when I run the command I always get a NAK :-(. I'm sure I'm being stupid, but I can't see what I'm doing wrong, please could someone else try this code (I'm talking to an E3) and give it a look over and point out my mistake ;-).
Does anyone know the memory layout of the E3? It could be that I'm telling it to write to the wrong place!
Cheers,
Mark
___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com
On Fri, Jan 27, 2006 at 09:55:10PM +0000, Mark Underwood wrote:
I'm trying add support for writing to RAM (and then jump & execute). However, when I run the command I always get a NAK :-(. I'm sure I'm being stupid, but I can't see what I'm doing wrong, please could someone else try this code (I'm talking to an E3) and give it a look over and point out my mistake ;-).
Does anyone know the memory layout of the E3? It could be that I'm telling it to write to the wrong place!
I haven't looked at the code, but my notes say NOR flash is at 0x0, SDRAM is at 0x10000000 and SRAM is at 0x20000000.
J.
On Friday 27 January 2006 23:16, Jonathan McDowell wrote: [...]
I haven't looked at the code, but my notes say NOR flash is at 0x0, SDRAM is at 0x10000000 and SRAM is at 0x20000000.
That's different from the E2. Do you know if the jump-to opcode works on the E2's version of pbl? Because while pblq can write to RAM and flash, it can't execute anything.
On Sat, Jan 28, 2006 at 01:09:06AM +0000, David Given wrote:
On Friday 27 January 2006 23:16, Jonathan McDowell wrote: [...]
I haven't looked at the code, but my notes say NOR flash is at 0x0, SDRAM is at 0x10000000 and SRAM is at 0x20000000.
That's different from the E2. Do you know if the jump-to opcode works on the E2's version of pbl? Because while pblq can write to RAM and flash, it can't execute anything.
I believe you can jump to code in SRAM, but not SDRAM. So you'd load your kernel into SDRAM, load a small piece of setup code into SRAM and jump to that. It would setup registers as appropriate and jump to the kernel.
J.
--- Jonathan McDowell noodles@earth.li wrote:
On Sat, Jan 28, 2006 at 01:09:06AM +0000, David Given wrote:
On Friday 27 January 2006 23:16, Jonathan McDowell wrote: [...]
I haven't looked at the code, but my notes say NOR flash is at 0x0, SDRAM is at 0x10000000 and SRAM is at 0x20000000.
That's different from the E2. Do you know if the jump-to opcode works on the E2's version of pbl? Because while pblq can write to RAM and flash, it can't execute anything.
I believe you can jump to code in SRAM, but not SDRAM. So you'd load your kernel into SDRAM, load a small piece of setup code into SRAM and jump to that. It would setup registers as appropriate and jump to the kernel.
J.
Thanks for the help. I can now write my program to my RAM (both SRAM & SDRAM) and have read back the contents and it match's what I have written :-). I have implemented the exec function so I _should_ now be able to run my own program on my E3. However, I have written a few simple assember programs and haven't seen any life from them (no UART output). I have tested the exec code by reading some data from the E3 and then running pbl exec 0x00000000 which starts the unit booting, so unless the have changed to byte order of the address that you need to pass to pbl for the exec the only thing I can think is wrong is my test program (my ARM assembly is a bit rusty :-( ).
I have attached both my modifed pbltool and my latest test program. Any pointers would be great. If anyone has got some standalone code to run on the E3 please could you send me it so I can try it out.
Mark
-- Ever notice how fast Windows runs? Neither did I...
e3-hacking mailing list e3-hacking@earth.li http://www.earth.li/cgi-bin/mailman/listinfo/e3-hacking
___________________________________________________________ Yahoo! Photos NEW, now offering a quality print service from just 8p a photo http://uk.photos.yahoo.com
On 28 Jan 2006, at 17:24, Mark Underwood wrote:
However, I have written a few simple assember programs and haven't seen any life from them (no UART output).
Why have you used MVN (MoVe Negated) here instead of MOV? MVN inverts the value you have specified. I think that's where you're going wrong.
-J.
Mark Underwood wrote:
--- Jonathan McDowell noodles@earth.li wrote:
On Sat, Jan 28, 2006 at 01:09:06AM +0000, David Given wrote:
On Friday 27 January 2006 23:16, Jonathan McDowell wrote: [...]
I haven't looked at the code, but my notes say NOR flash is at 0x0, SDRAM is at 0x10000000 and SRAM is at 0x20000000.
That's different from the E2. Do you know if the jump-to opcode works on the E2's version of pbl? Because while pblq can write to RAM and flash, it can't execute anything.
I believe you can jump to code in SRAM, but not SDRAM. So you'd load your kernel into SDRAM, load a small piece of setup code into SRAM and jump to that. It would setup registers as appropriate and jump to the kernel.
J.
Thanks for the help. I can now write my program to my RAM (both SRAM & SDRAM) and have read back the contents and it match's what I have written :-). I have implemented the exec function so I _should_ now be able to run my own program on my E3. However, I have written a few simple assember programs and haven't seen any life from them (no UART output). I have tested the exec code by reading some data from the E3 and then running pbl exec 0x00000000 which starts the unit booting, so unless the have changed to byte order of the address that you need to pass to pbl for the exec the only thing I can think is wrong is my test program (my ARM assembly is a bit rusty :-( ).
I have attached both my modifed pbltool and my latest test program. Any pointers would be great. If anyone has got some standalone code to run on the E3 please could you send me it so I can try it out.
Mark
Hi,
After making a minor change to your source I get the following output :
(/mnt/usr3/src/ckermit/) C-Kermit>c Connecting to /dev/ttyS0, speed 9600 Escape character: Ctrl-\ (ASCII 28, FS): enabled Type the escape character followed by C to get back, or followed by ? to see other options. ---------------------------------------------------- ?îîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîî < many lines snipped> ?îîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîîî (Back at here) ---------------------------------------------------- (/mnt/usr3/src/ckermit/) C-Kermit>
So I think the code is executing now
Here is your (modified) source code ...
.text
_start: .global _start
entry: ldr r1, uart0_base @ Load R1 with the base address of UART0 mov r0, #0 @ R0 = 0 strb r0, [r1, #0x04] @ Store 0 in in IER of UART0 ldr r1, uart1_base @ Load R1 with the base address of UART1 strb r0, [r1, #0x04] @ Store 0 in in IER of UART1 ldr r1, uart2_base @ Load R1 with the base address of UART2 strb r0, [r1, #0x04] @ Store 0 in in IER of UART2
loop: mvn r0, #0x30 @ Store '0' in r0 ldr r1, uart0_base @ Load R1 with the base address of UART0 strb r0, [r1] @ Store 0 in the TX of UART0
mvn r0, #0x31 @ Store '1' in r0 ldr r1, uart1_base @ Load R1 with the base address of UART1 strb r0, [r1] @ Store 0 in the TX of UART1
mvn r0, #0x32 @ Store '2' in r0 ldr r1, uart2_base @ Load R1 with the base address of UART2 strb r0, [r1] @ Store 0 in the TX of UART2 b loop @ Carry on forever
uart0_base: .word 0xfffb0000 uart1_base: .word 0xfffb0800 uart2_base: .word 0xfffb9800 _end:
By the way, I got errors when I tried to write to 0x20000000 so I tried 0x20010000 just as a test and it worked.
assembled as ... /opt/cross/arm/bin/arm-linux-gnu-as -marm9tdmi --gdwarf2 uart_hi.S
linked as /opt/cross/arm/bin/arm-linux-gnu-ld -o dummy a.out
I'm completely new to ARM so if the above is wrong I welcome corrections.
Regards, Mark.
Mark Underwood wrote:
--- Jonathan McDowell noodles@earth.li wrote:
On Sat, Jan 28, 2006 at 01:09:06AM +0000, David Given wrote:
On Friday 27 January 2006 23:16, Jonathan McDowell wrote: [...]
I haven't looked at the code, but my notes say NOR flash is at 0x0, SDRAM is at 0x10000000 and SRAM is at 0x20000000.
That's different from the E2. Do you know if the jump-to opcode works on the E2's version of pbl? Because while pblq can write to RAM and flash, it can't execute anything.
I believe you can jump to code in SRAM, but not SDRAM. So you'd load your kernel into SDRAM, load a small piece of setup code into SRAM and jump to that. It would setup registers as appropriate and jump to the kernel.
J.
Thanks for the help. I can now write my program to my RAM (both SRAM & SDRAM) and have read back the contents and it match's what I have written :-). I have implemented the exec function so I _should_ now be able to run my own program on my E3. However, I have written a few simple assember programs and haven't seen any life from them (no UART output). I have tested the exec code by reading some data from the E3 and then running pbl exec 0x00000000 which starts the unit booting, so unless the have changed to byte order of the address that you need to pass to pbl for the exec the only thing I can think is wrong is my test program (my ARM assembly is a bit rusty :-( ).
I have attached both my modifed pbltool and my latest test program. Any pointers would be great. If anyone has got some standalone code to run on the E3 please could you send me it so I can try it out.
Mark
Hi Again,
Ok,
I tried to figure out why the output was not 0, 1 or 2 and noticed Jasmines email about the mvn so I changed the mvn to mov and now I get '0' written out at 115200 baud, cool!
I also noticed you are running pbl exec 0x00000000 whereas I am running ./pbltool exec 0x20010000.
But it is running.
Heres the output from writing/execing with pbltool.
Prodding... Handshaking... Got 4 of 14 bytes. Got 8 of 10 bytes. Got 2 of 2 bytes. Checksum = 0x9A Talking to PBL v4.9 Build 1311 Got 4 of 4 bytes. Checksum = 0x91 Got 4 of 22 bytes. Got 8 of 18 bytes. Got 8 of 10 bytes. Got 2 of 2 bytes. Checksum = 0x4C 0 0x00000000 0x00020000 0x00000000 0x00020000 0x001F 0x0087 Got 4 of 22 bytes. Got 8 of 18 bytes. Got 8 of 10 bytes. Got 2 of 2 bytes. Checksum = 0x23 1 0x00400000 0x01B40000 0x00000000 0x00000000 0x007F 0x9875 bash-3.1$ ./pbltool write 0x20010000 dummy
Got 4 of 14 bytes. Got 8 of 10 bytes. Got 2 of 2 bytes. Checksum = 0x9A Talking to PBL v4.9 Build 1311 Entering writeblock Got 4 of 4 bytes. Checksum = 0xDB sendpacket: 0 424 bytes transfered so far (0 KB) bash-3.1$ ./pbltool exec 0x20010000 Got 4 of 14 bytes. Got 8 of 10 bytes. Got 2 of 2 bytes. Checksum = 0x9A Talking to PBL v4.9 Build 1311 Got 2 of 2 bytes. Checksum = 0x86
And heres the reply from the E3
Connecting to /dev/ttyS0, speed 115200 Escape character: Ctrl-\ (ASCII 28, FS): enabled Type the escape character followed by C to get back, or followed by ? to see other options. ---------------------------------------------------- 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 ---------------------------------------------------- (/mnt/usr3/src/ckermit/) C-Kermit>
Regards, Mark.
--- mark mark@xenon-computing.com wrote:
Mark Underwood wrote:
--- Jonathan McDowell noodles@earth.li wrote:
On Sat, Jan 28, 2006 at 01:09:06AM +0000, David Given wrote:
On Friday 27 January 2006 23:16, Jonathan McDowell wrote: [...]
I haven't looked at the code, but my notes say NOR flash is at 0x0, SDRAM is at 0x10000000 and SRAM is at 0x20000000.
That's different from the E2. Do you know if the jump-to opcode works on the E2's version of pbl? Because while pblq can write to RAM and flash, it can't execute anything.
I believe you can jump to code in SRAM, but not SDRAM. So you'd load your kernel into SDRAM, load a small piece of setup code into SRAM and jump to that. It would setup registers as appropriate and jump to the kernel.
J.
Thanks for the help. I can now write my program to my RAM (both SRAM & SDRAM) and have read
back
the contents and it match's what I have written :-). I have implemented the exec function so I _should_ now be able to run my own program on my E3. However, I have written a few simple
assember
programs and haven't seen any life from them (no UART output). I have tested the exec code by reading some data from the E3 and then running pbl exec 0x00000000 which starts the unit
booting,
so unless the have changed to byte order of the address that you need to pass to pbl for the
exec
the only thing I can think is wrong is my test program (my ARM assembly is a bit rusty :-( ).
I have attached both my modifed pbltool and my latest test program. Any pointers would be
great.
If anyone has got some standalone code to run on the E3 please could you send me it so I can
try
it out.
Mark
Hi Again,
Ok,
I tried to figure out why the output was not 0, 1 or 2 and noticed Jasmines email about the mvn so I changed the mvn to mov and now I get '0' written out at 115200 baud, cool!
I also noticed you are running pbl exec 0x00000000 whereas I am running ./pbltool exec 0x20010000.
But it is running.
Heres the output from writing/execing with pbltool.
Prodding... Handshaking... Got 4 of 14 bytes. Got 8 of 10 bytes. Got 2 of 2 bytes. Checksum = 0x9A Talking to PBL v4.9 Build 1311 Got 4 of 4 bytes. Checksum = 0x91 Got 4 of 22 bytes. Got 8 of 18 bytes. Got 8 of 10 bytes. Got 2 of 2 bytes. Checksum = 0x4C 0 0x00000000 0x00020000 0x00000000 0x00020000 0x001F 0x0087 Got 4 of 22 bytes. Got 8 of 18 bytes. Got 8 of 10 bytes. Got 2 of 2 bytes. Checksum = 0x23 1 0x00400000 0x01B40000 0x00000000 0x00000000 0x007F 0x9875 bash-3.1$ ./pbltool write 0x20010000 dummy
Got 4 of 14 bytes. Got 8 of 10 bytes. Got 2 of 2 bytes. Checksum = 0x9A Talking to PBL v4.9 Build 1311 Entering writeblock Got 4 of 4 bytes. Checksum = 0xDB sendpacket: 0 424 bytes transfered so far (0 KB) bash-3.1$ ./pbltool exec 0x20010000 Got 4 of 14 bytes. Got 8 of 10 bytes. Got 2 of 2 bytes. Checksum = 0x9A Talking to PBL v4.9 Build 1311 Got 2 of 2 bytes. Checksum = 0x86
And heres the reply from the E3
Connecting to /dev/ttyS0, speed 115200 Escape character: Ctrl-\ (ASCII 28, FS): enabled Type the escape character followed by C to get back, or followed by ? to see other options.
0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000
(/mnt/usr3/src/ckermit/) C-Kermit>
Regards, Mark.
That's great, I have modified my assembler program and compiled it as you did and now I have an E3 sending '0' to me :-D. I have a 2.6 kernel and rootfs ready to test and am uploading now (I think I need to add the command to change baud rate as upoading a 1.2 MB file at 9600 takes a while!).
B.T.W Once I have fully tested my modifications to pbltool is there a place that I can put it (CVS ideally) as I don't currently have a website :-(.
Mark
e3-hacking mailing list e3-hacking@earth.li http://www.earth.li/cgi-bin/mailman/listinfo/e3-hacking
___________________________________________________________ Win a BlackBerry device from O2 with Yahoo!. Enter now. http://www.yahoo.co.uk/blackberry
On Sun, Jan 29, 2006 at 11:46:11AM +0000, Mark Underwood wrote:
B.T.W Once I have fully tested my modifications to pbltool is there a place that I can put it (CVS ideally) as I don't currently have a website :-(.
Send me a unified patch (diff -u) and I'll update my copy. It's not in revision control at present, but if I find I'm getting loads of patches I'll happily consider doing so.
J.
On 28 Jan 2006, at 11:16, Jonathan McDowell wrote:
I believe you can jump to code in SRAM, but not SDRAM.
To clarify this: most bootloaders for the OMAP chips don't set up the SDRAM controller. For this reason, a small piece of 'trampoline' code is normally loaded into SRAM, which doesn't need SDRAM refresh cycles, which sets up the SDRAM and loads the rest of the image into it. (It also usually sets the clocks and stuff up.) You then jump into the (now, hopefully, stable) SDRAM.
-J., ex-OMAP architect, ex-Symbianite, ex-tremely interested in E3s...
--- Jasmine Strong jasmine@electronpusher.org wrote:
On 28 Jan 2006, at 11:16, Jonathan McDowell wrote:
I believe you can jump to code in SRAM, but not SDRAM.
To clarify this: most bootloaders for the OMAP chips don't set up the SDRAM controller. For this reason, a small piece of 'trampoline' code is normally loaded into SRAM, which doesn't need SDRAM refresh cycles, which sets up the SDRAM and loads the rest of the image into it. (It also usually sets the clocks and stuff up.) You then jump into the (now, hopefully, stable) SDRAM.
Good news guys!
I have managed to create an E3 config for u-boot and now have it up and running on my system. I have had to hack it a bit to remove the UART init code as I don't know what clock speed they are running at. (Just the basic's so far, no NAND flash support yet, I think I'll leave that to the kernel).
As PBL has kindly initialised the SDRAM I am running from that with no problems :-).
Next step Linux 2.6!
Mark
-J., ex-OMAP architect, ex-Symbianite, ex-tremely interested in E3s...
e3-hacking mailing list e3-hacking@earth.li http://www.earth.li/cgi-bin/mailman/listinfo/e3-hacking
___________________________________________________________ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com
Tesco clearing at a tenner ;O
Seeing as looks impossible to get them for that low 2nd hand on ebay, I'd say that was a bargain!
Question is: is it worth getting one when I haven't even managed to acheive use of my E3 as a plain old phone yet? ;)
Cheers, James
James Tinmouth wrote:
Tesco clearing at a tenner ;O
Seeing as looks impossible to get them for that low 2nd hand on ebay, I'd say that was a bargain!
Question is: is it worth getting one when I haven't even managed to acheive use of my E3 as a plain old phone yet? ;)
Cheers, James
e3-hacking mailing list e3-hacking@earth.li http://www.earth.li/cgi-bin/mailman/listinfo/e3-hacking
Hi,
I nearly bought two from ebay today, but as you say, they are asking too much for them.
They don't have any at the local Tesco here, shame.
Regards, Mark.
Damn, i payed 30 - ill see if i can get one from tesco and take that one back to argos!
On 31 Jan 2006, at 01:06, mark wrote:
James Tinmouth wrote:
Tesco clearing at a tenner ;O
Seeing as looks impossible to get them for that low 2nd hand on ebay, I'd say that was a bargain!
Question is: is it worth getting one when I haven't even managed to acheive use of my E3 as a plain old phone yet? ;)
Cheers, James
e3-hacking mailing list e3-hacking@earth.li http://www.earth.li/cgi-bin/mailman/listinfo/e3-hacking
Hi,
I nearly bought two from ebay today, but as you say, they are asking too much for them.
They don't have any at the local Tesco here, shame.
Regards, Mark.
e3-hacking mailing list e3-hacking@earth.li http://www.earth.li/cgi-bin/mailman/listinfo/e3-hacking
Regards, Chris Tingley
email: chris@etingley.com mob: 07967 602326 (Orange) tel: 01189 756235
Bugger, I've now got 3 useless emailers. Must say the E3 much nicer than the +.
BTW that one you bought from argos? presumably that was the E3? Tescos are only clearing the + at teh moment.
Cheers James
Damn, i payed 30 - ill see if i can get one from tesco and take that one back to argos!
On 31 Jan 2006, at 01:06, mark wrote:
James Tinmouth wrote:
Tesco clearing at a tenner ;O
Seeing as looks impossible to get them for that low 2nd hand on ebay, I'd say that was a bargain!
Question is: is it worth getting one when I haven't even managed to acheive use of my E3 as a plain old phone yet? ;)
Cheers, James
e3-hacking mailing list e3-hacking@earth.li http://www.earth.li/cgi-bin/mailman/listinfo/e3-hacking
Hi,
I nearly bought two from ebay today, but as you say, they are asking too much for them.
They don't have any at the local Tesco here, shame.
Regards, Mark.
e3-hacking mailing list e3-hacking@earth.li http://www.earth.li/cgi-bin/mailman/listinfo/e3-hacking
Regards, Chris Tingley
email: chris@etingley.com mob: 07967 602326 (Orange) tel: 01189 756235
e3-hacking mailing list e3-hacking@earth.li http://www.earth.li/cgi-bin/mailman/listinfo/e3-hacking
Evening,
Just a hi first of all, just got my e2 and I'm happily hacking away an ipod project. I don't know if you are specifically looking for write-jump-execute in PBL or not but Matt Evans' E2 monitor can do just that. Some relevant links:
http://axio.ms/projects/e2/ http://scimitar.consultmatt.co.uk/e2wiki/LoadingYourCode http://scimitar.consultmatt.co.uk/e2wiki/InstallMonitor
Ta,
Matt
On 27 Jan 2006, at 21:55, Mark Underwood wrote:
Hi guys,
I'm trying add support for writing to RAM (and then jump & execute). However, when I run the command I always get a NAK :-(. I'm sure I'm being stupid, but I can't see what I'm doing wrong, please could someone else try this code (I'm talking to an E3) and give it a look over and point out my mistake ;-).
Does anyone know the memory layout of the E3? It could be that I'm telling it to write to the wrong place!
Cheers,
Mark
___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com/*
- pbltool.c - Talks to the PBL of the Amstrad E3 (Delta)
- Copyright 2005 Jonathan McDowell noodles@earth.li
- This program is free software; you can redistribute it and/or
modify
- it under the terms of the GNU General Public License as
published by
- the Free Software Foundation; version 2 of the License.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA */
#include <fcntl.h> #include <stdbool.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <sys/poll.h> #include <sys/types.h> #include <sys/stat.h> #include <termios.h> #include <unistd.h>
int debug = 1;
int sendpacket(int fd, unsigned char *buf, size_t len, size_t max) { struct pollfd p; unsigned char c; uint8_t checksum; int i; int ret; size_t replylen;
/* Start byte */ c = 2; write(fd, &c, 1); printf("%x, ",c); /* Not compressed */ c = 0; write(fd, &c, 1); printf("%x, ",c); /* Length */ checksum = 0; c = len & 0xFF; checksum += c; write(fd, &c, 1); printf("%x, ",c); c = (len >> 8) & 0xFF; checksum += c; write(fd, &c, 1); printf("%x, ",c);
write(fd, buf, len); for (i=0;i<len;i++) printf("%x, ",buf[i]);
/* Write checksum */ for (i = 0; i < len; i++) { checksum += buf[i]; } c = checksum; write(fd, &c, 1); printf("%x\n",c);
ret = 0; p.fd = fd; p.events = POLLIN; if (poll(&p, 1, 10000) == 0) { /* Timed out */ ret = 1; }
if (!ret) { i = read(fd, &c, 1); if (i != 1 || c != 2) { printf("Didn't get expected 0x02 header -- 0x%02X.\n", c); ret = 2; } } if (!ret) { i = read(fd, &c, 1); if (i != 1 || c != 0) { printf("Compressed return block?\n"); ret = 2; } }
if (!ret) { i = read(fd, &c, 1); if (i != 1) { printf("Couldn't read low byte of reply len.\n"); ret = 2; } replylen = c; checksum = c; }
if (!ret) { i = read(fd, &c, 1); if (i != 1) { printf("Couldn't read high byte of reply len.\n"); ret = 2; } replylen += (c << 8); checksum += c; }
if (!ret) { if (replylen < max) { while (replylen > 0) { i = read(fd, buf, replylen); if (i > 0) { if (debug) { printf("Got %d of %d bytes.\n", i, replylen); } replylen -= i; buf += i; } } } while (read(fd, &c, 1) != 1) ; if (debug) { printf("Checksum = 0x%02X\n", c); } }
/* * Flush input if error. */ if (ret > 1) { while (poll(&p, 1, 1000) != 0) { while (read(fd, &c, 1) > 0) { printf("Flushing: 0x%02X\n", c); } } }
return ret; }
int writeblock(int fd, uint32_t start, char *file) { unsigned char buf[16384 + 8]; int imgfd; uint16_t blocklen; size_t count; printf("Entering writeblock\n"); count = 0; imgfd = open(file, O_RDONLY);
if (imgfd != -1) { while ((blocklen = read(imgfd, buf + 8, 1024)) > 0) { buf[0] = 5; buf[1] = 0; *(uint32_t *) (buf + 2) = start + count; //buf[6] = 1; //buf[7] = 0; *(uint16_t *) (buf + 6) = blocklen; printf("Trying to write %d bytes starting %02X " "at 0x%08X.\n", blocklen, buf[8], start + count); printf("sendpacket: %d ", sendpacket(fd, buf, blocklen + 8, sizeof(buf))); printf("%02X %02X %02X %02X\n", buf[0], buf[1], buf[2], buf[3]); count += blocklen; } } close(imgfd);
return 0; }
int readblock(int fd, uint32_t start, size_t len, char *file) { uint32_t checksum; unsigned char buf[10]; unsigned char c; int i; int fdout;
fdout = open(file, O_CREAT | O_WRONLY, 0644);
for (i = 0; i < len; i++) { if ((i % 16) == 0) { printf("\n0x%08X ", start + i); } buf[0] = 3; buf[1] = 0; *(uint32_t *) (buf + 2) = start + i; *(uint32_t *) (buf + 6) = 1; if (sendpacket(fd, buf, 10, sizeof(buf)) == 0) { c = *(uint32_t *)(buf + 2); printf("%02X ", c); write(fdout, &c, 1); } }
close(fdout); }
int readflashblock(int fd, uint32_t start, size_t len, char *file) { uint32_t checksum; unsigned char buf[10]; unsigned char c; int i; int fdout;
fdout = open(file, O_CREAT | O_WRONLY, 0644);
if (start > 0x00400000) { buf[0] = 3; buf[1] = 0; buf[2] = 0x00; buf[3] = 0x00; buf[4] = 0x40; buf[5] = 0x00; *(uint32_t *) (buf + 6) = start - 0x00400000; sendpacket(fd, buf, 10, sizeof(buf)); checksum = *(uint32_t *)(buf + 2); } else { checksum = 0; }
for (i = 0; i < len; i++) { if ((i % 16) == 0) { printf("\n0x%08X ", start + i); } buf[0] = 3; buf[1] = 0; buf[2] = 0x00; buf[3] = 0x00; buf[4] = 0x40; buf[5] = 0x00; *(uint32_t *) (buf + 6) = start - 0x00400000 + i + 1; if (sendpacket(fd, buf, 10, sizeof(buf)) == 0) { c = *(uint32_t *)(buf + 2) - checksum; printf("%02X ", c); checksum = *(uint32_t *)(buf + 2); write(fdout, &c, 1); } }
close(fdout); }
int eraseflash(int fd, uint32_t start, size_t size) { unsigned char buf[10];
buf[0] = 6; buf[1] = 0; *(uint32_t *) (buf + 2) = start; *(uint32_t *) (buf + 6) = size; *(uint16_t *) (buf + 10) = 1; return sendpacket(fd, buf, 12, sizeof(buf)); }
int programflash(int fd, uint32_t start, char *file) { unsigned char buf[16384 + 10]; int imgfd; uint16_t blocklen; size_t count;
count = 0; imgfd = open(file, O_RDONLY);
if (imgfd != -1) { while ((blocklen = read(imgfd, buf + 10, 1024)) > 0) { buf[0] = 14; buf[1] = 0; *(uint32_t *) (buf + 2) = start + count; buf[6] = 1; buf[7] = 0; *(uint16_t *) (buf + 8) = blocklen; printf("Trying to program %d bytes starting %02X " "at 0x%08X.\n", blocklen, buf[10], start + count); printf("sendpacket: %d ", sendpacket(fd, buf, blocklen + 10, sizeof(buf))); printf("%02X %02X %02X %02X\n", buf[0], buf[1], buf[2], buf[3]); count += blocklen; } } close(imgfd);
return 0;
}
void help(void) { printf("pbltool v0.1\n"); exit(EXIT_FAILURE); }
int main(int argc, char *argv[]) { int fd; struct termios serialterm; struct pollfd p; unsigned char c; unsigned char buf[128]; int i; int count; bool gotver;
if (argc < 2) { help(); }
fd = open("/dev/ttyS0", O_RDWR | O_NOCTTY | O_NDELAY); tcgetattr(fd, &serialterm); serialterm.c_cflag = CS8 | CLOCAL | CREAD; serialterm.c_lflag = 0; serialterm.c_oflag = 0; serialterm.c_iflag = IGNPAR; cfsetspeed(&serialterm, B9600); tcsetattr(fd, TCSANOW, &serialterm); tcflush(fd, TCIOFLUSH);
gotver = false;
buf[0] = 2; buf[1] = 0; if (sendpacket(fd, buf, 2, sizeof(buf)) == 0) { gotver = true; printf("Talking to PBL v%d.%d Build %d\n", buf[4], buf[5], buf[6] + (buf[7] << 8)); }
if (!gotver) { printf("Prodding...\n");
while (c != 0x06) { c = 0x1B; write(fd, &c, 1); p.fd = fd; p.events = POLLIN; if (poll(&p, 1, 100) == 1) { do { i = read(fd, &c, 1); if ((i == 1) && (c == 0x06)) { break; } } while (i == 1); } } printf("Handshaking...\n"); for (;;) { p.fd = fd; p.events = POLLIN; if (poll(&p, 1, 100) == 0) break; do { i = read(fd, &c, 1); if ((i == 1) && (c != 0x06)) { printf("Error: Got 0x%02X instead of expected" " 0x06.\n", c); } } while (i == 1); }
}
while (!gotver) { buf[0] = 2; buf[1] = 0; if (sendpacket(fd, buf, 2, sizeof(buf)) == 0) { gotver = true; printf("Talking to PBL v%d.%d Build %d\n", buf[4], buf[5], buf[6] + (buf[7] << 8)); } }
sleep(1);
if (strcmp(argv[1], "meminfo") == 0) { buf[0] = 0x0B; buf[1] = 0; if (sendpacket(fd, buf, 2, sizeof(buf)) == 0) { count = buf[2]; }
for (i = 0; i < count; i++) { buf[0] = 12; buf[1] = 0; buf[2] = i; buf[3] = 0; if (sendpacket(fd, buf, 4, sizeof(buf)) == 0) { printf("%d 0x%08X 0x%08X 0x%08X 0x%08X " "0x%04X 0x%04X\n", i, *(uint32_t *)(buf + 2), *(uint32_t *)(buf + 6), *(uint32_t *)(buf + 10), *(uint32_t *)(buf + 14), *(uint16_t *)(buf + 18), *(uint16_t *)(buf + 20)); } }
} else if (strcmp(argv[1], "read") == 0) { if (argc < 5) { printf("\nUsage: pbltool read <start addr> <len> " "<file>\n"); exit(EXIT_FAILURE); } readblock(fd, strtol(argv[2], NULL, 0), strtol(argv[3], NULL, 0), argv[4]); } else if (strcmp(argv[1], "write") == 0) { if (argc < 4) { printf("\nUsage: pbltool write <start addr> " "<file>\n"); exit(EXIT_FAILURE); } writeblock(fd, strtol(argv[2], NULL, 0), argv[3]); } else if (strcmp(argv[1], "readflash") == 0) { if (argc < 5) { printf("\nUsage: pbltool readflash <start addr> <len> " "<file>\n"); exit(EXIT_FAILURE); } readflashblock(fd, strtol(argv[2], NULL, 0) + 0x400000, strtol(argv[3], NULL, 0), argv[4]); } else if (strcmp(argv[1], "writeflash") == 0) { if (argc < 4) { printf("\nUsage: pbltool writeflash <start addr> " "<file>\n"); exit(EXIT_FAILURE); } programflash(fd, strtol(argv[2], NULL, 0) + 0x400000, argv[3]); } else if (strcmp(argv[1], "eraseflash") == 0) { if (argc < 4) { printf("\nUsage: pbltool eraseflash <start addr> " "<number of 16k pages>\n"); exit(EXIT_FAILURE); } eraseflash(fd, strtol(argv[2], NULL, 0), strtol(argv[3], NULL, 0) * 0x4000);
} else { printf("Unknown command!\n"); exit(EXIT_FAILURE); }
close(fd); exit(EXIT_SUCCESS); } _______________________________________________ e3-hacking mailing list e3-hacking@earth.li http://www.earth.li/cgi-bin/mailman/listinfo/e3-hacking