[E3-hacking] Shell

Matt Evans matt at axio.ms
Mon Jul 11 10:39:36 BST 2005 

Hi Jonathan,

On 1 May 2005, at 15:48, Jonathan McDowell wrote:

> On Sun, May 01, 2005 at 01:49:34PM +0100, Matt Evans wrote:
>>> Turns out the E3 does obey the same sort of PBL format as the E2, but
>>> there's some sort of timing issue with pblq I think. I've hacked up
>>> something that does the job and rewritten my boot parameters to drop 
>>> to
>>> /bin/sh and I'm in! Some files from /proc can be seen at:
>>>
>>> http://www.earth.li/~noodles/files/delta-proc.txt
>>
>> What good news :)  Is there a certain flash offset that contains just
>> the boot string?  Or is that wrapped into a block of a certain format?
>> Could you share any specific info on this?  I'd like to give it a try.
>
> In my flash there's a PARMS "Q;Q;" block at 0x4400 into NAND, so I
> changed that.

Yesterday I had a play with pbltool and the E3 for the first time, and 
tried to re-create your shell joy.  :)

I've some changes to pbltool, if you're interested - making it work on 
my big-endian machine; also the serial fd needs to be mostly* 
non-blocking.  (Also changes speed to 115200.)  I'll tidy it up and 
send a patch IYL.

So I was eventually able to read bits of stuff... it seems my E3 is 
peculiar in that LDR reports that it finds two PARMS chunks, and two 
LINUXes; the second of each is used to boot, normally.  So I've read 
out the second PARMS and altered the command line; I was unsure what to 
do about checksums (whether it's checked or not?) but used pblq's 
'bless' function, hoping it'd be the same checksum as the E2...  But 
the problems start earlier than this - I can erase the flash but my E3 
doesn't appear to respond to 'writeflash':

$ ./pbltool eraseflash 0x14000 1
Talking to PBL v4.9 Build 1311
Switching baudrate to 115200:
Now re-getting version:
Talking to PBL v4.9 Build 1311, quickly

$ ./pbltool writeflash 0x14400 args-custom2
Talking to PBL v4.9 Build 1311
Switching baudrate to 115200:
Now re-getting version:
Talking to PBL v4.9 Build 1311, quickly
Trying to program 1024 bytes starting 51 at 0x00414400.
sendpacket: 0 8E 00 01 00

$ ./pbltool readflash 0x14400 0x400 foo
Talking to PBL v4.9 Build 1311
Switching baudrate to 115200:
Now re-getting version:
Talking to PBL v4.9 Build 1311, quickly
readflashblock: 0x414400 +0x400

0x00414400 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0x00414410 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0x00414420 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  .... etc.


Have you any ideas why this doesn't write?  (The result code for the 
command 0E is '01' - does this indicate good or bad, do you know?)

(I'm wondering if there's some sort of block read-only flagging or 
something I may need to undo first..)

Will start having a look at LDR;  am intrigued by the "Linux start-up 
params (Any key to edit)" line, and want to see if this is telling the 
truth (i.e. the params could be edited without requiring a PARMS 
reflash).


Cheers,


Matt

More information about the e3-hacking mailing list