[E3-hacking] Re: The boot process, revealed!

Matt Evans e3-hacking@earth.li
Sat, 19 Mar 2005 15:02:51 +0000

Hey David,

Well done with your hacking!  Sounds like you're making great progress.

My $0.02:

> The next stage is to figure out how to reflash the firmware, so I can
> upload a custom image.
> ...
> Oh, yeah, I pblq will now write data into the E2's SDRAM. Speed: 11000
> Bps, which is a slight improvement to the download speed...

It sounds like this might be more of a convenient avenue:  
downloading/uploading things from flash can be slow as you say...  I 
think having a route to getting a tiny loader of our own into DRAM via 
serial would make the flashing things much easier - e.g. if we can 
download a tiny routine via the slow route (PBL) we can use that to 
download stuff into DRAM (or reflash NAND) much quicker since it's in 
our control.

It's possible that getting PBL to execute something that it hasn't 
loaded from NAND (e.g. stuff we've poked into RAM) is completely 
impossible.  But surely it must have an overflow somewhere.. maybe even 
a function to do so.. ;)

Also something that might be worth further investigation is the inbuilt 
recovery procedure;  I've seen some code that checks the loaded DRAM 
image (from flash) with the magic numbers in the header, and tootles 
about picking 0800 numbers... Possible that if the header isn't tip-top 
it decides it's corrupt and will only try to dial the 1-800-FLASHME 
number.  MAybe something to be careful of </paranoia>