[E3-hacking] ...and we're booting!

David Given e3-hacking@earth.li
Tue, 22 Mar 2005 20:27:13 +0000 

--=-ZWxU02c+cwwCJgL+vFNU
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hurrah! My E2 emailer is now printing 'Hello, world!' at roughly 20
second intervals, as the watchdog timer reboots it!

I attach the gas source that produces the bootable image. It turns out
I'd misread the disassembly of the boot process, again... here, for
reference, is the updated and corrected document of the boot image's
magic:

+0000: magic1, 0x3B513B51
+0008: length of chunk
+0014: magic2, 0x00544F42 ("BOT")
+0064: address of boot vector after relocation
+0068: magic3, 0xB513B513
+006c: relocation destination
+0070: image type:
        0 == plain
        2 == compressed (won't go into the details of this now)

The boot vector is:

+0000: unknown, unused
+0004: start address after relocation

The maximum length of the boot chunk is 0x30000 bytes, 192kB. The
standard firmware gets relocated to 0x40000, so that's the address I've
used.

To produce a bootable image from the attached source, do this:

    arm-linux-as -o test-e2.o test-e2.s 
    arm-linux-ld --section-start .text=0x40000 -o test-e2.img test-e2.o
    arm-linux-objcopy -O binary test-e2.img test-e2.pbl
    pblq bless test-e2.pbl

Yeah, it's a bit convoluted --- blame GNU. The last stage uses pblq to
fix the checksum in the boot image, without which PBL will refuse to
touch it.

You can then upload it with:

    pblq writeflash test-e2.pbl 0

And then do:

    pblq term

, power cycle it, and watch the fun!

You can get pblq from my Amstrad Hacking page here:

http://www.cowlark.com/amstrad.html

Be gentle to my web server --- it's not very big.

-- 
+- David Given --McQ-+ "Opportunity is missed by most people because it's
|  dg@cowlark.com    | dressed in overalls and looks like work." ---
| (dg@tao-group.com) | Thomas Edison
+- www.cowlark.com --+ 

--=-ZWxU02c+cwwCJgL+vFNU
Content-Disposition: attachment; filename=test-e2.s
Content-Type: text/plain; name=test-e2.s; charset=UTF-8
Content-Transfer-Encoding: 7bit

.global _start
.set tx_uart0_string, 0x7080

_start:
	.org 0x00
	.word 0x3B513B51
	.org 0x08
	.word _end - _start
	.org 0x14
	.word 0x00544F42
	.org 0x64
	.word entryvector
	.org 0x68
	.word 0xB513B513
	.org 0x6c
	.word 0x40000
	.org 0x70
	.word 0
	
entryvector:
	.word 0
	.word entry

entry:
	adr r0, message
	mov lr, pc
	ldr pc, tx_uart0_string_ptr
loop:	b loop

tx_uart0_string_ptr:
	.word tx_uart0_string
message:
	.asciz "Hello, world!\n\r"
_end:


--=-ZWxU02c+cwwCJgL+vFNU--