[E3-hacking] Re: The boot process, revealed!
Sat, 19 Mar 2005 15:02:51 +0000
Well done with your hacking! Sounds like you're making great progress.
> The next stage is to figure out how to reflash the firmware, so I can
> upload a custom image.
> Oh, yeah, I pblq will now write data into the E2's SDRAM. Speed: 11000
> Bps, which is a slight improvement to the download speed...
It sounds like this might be more of a convenient avenue:
downloading/uploading things from flash can be slow as you say... I
think having a route to getting a tiny loader of our own into DRAM via
serial would make the flashing things much easier - e.g. if we can
download a tiny routine via the slow route (PBL) we can use that to
download stuff into DRAM (or reflash NAND) much quicker since it's in
It's possible that getting PBL to execute something that it hasn't
loaded from NAND (e.g. stuff we've poked into RAM) is completely
impossible. But surely it must have an overflow somewhere.. maybe even
a function to do so.. ;)
Also something that might be worth further investigation is the inbuilt
recovery procedure; I've seen some code that checks the loaded DRAM
image (from flash) with the magic numbers in the header, and tootles
about picking 0800 numbers... Possible that if the header isn't tip-top
it decides it's corrupt and will only try to dial the 1-800-FLASHME
number. MAybe something to be careful of </paranoia>