FreeCalypso > hg > freecalypso-docs

annotate Calypso-JTAG-notes @ 18:7ba5c951803c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Calypso-JTAG-notes article written
author Mychaela Falconia <falcon@freecalypso.org>
date Mon, 24 Jun 2019 20:01:53 +0000
parents
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
18
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
1 This document describes the quirks of Calypso JTAG in an abstract, tool-
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
2 independent sense, and also covers the little bit of experience we've had with
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
3 TI's original official tools, but does not delve into OpenOCD specifics.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
4 For OpenOCD-on-Calypso custom config and instructions, please refer to the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
5 freecalyps-hwlab repository - but the present document should still be read
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
6 first.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
7
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
8 Unconventional reset structure
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
9 ==============================
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
10
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
11 The first major way in which the JTAG interface on Calypso development boards
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
12 (or more generally, what is available in the Calypso+Iota chipset) differs from
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
13 "canonical" JTAG is that this chipset does NOT have reset signals that are
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
14 anything like classic TRST or SRST. Instead there is only one bundled-with-JTAG
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
15 reset signal (we call it XDS_RESET) which is turned into Iota nTESTRESET through
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
16 a transistor circuit - please refer to the Calypso-test-reset article. Aside
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
17 from its effects on the VRPC state machine described in that article, this test
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
18 reset can be thought of as a simultaneous combination of an equivalent of TRST
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
19 (all JTAG logic is hard-reset), an equivalent of SRST (the Calypso is fully
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
20 reset and proceeds with a cold boot) and more (all hardware is reset at a very
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
21 deep level), but comparisons to classic TRST and SRST aren't really appropriate
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
22 as the latter signals simply don't exist in our chipset.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
23
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
24 However, despite its highly unconventional nature, this XDS_RESET signal
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
25 provided along with JTAG on TI's development boards performs a very important
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
26 function: this combination of JTAG and test reset allows a "reset and hold
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
27 still" maneuvre where all hardware is put into its pristine state with a very
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
28 deep reset, but the ARM7 CPU is halted before it gets a chance to execute any
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
29 instructions from the reset vector. This ability is not particularly important
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
30 on current Calypso hardware with a working and enabled boot ROM, but it was
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
31 vital on earlier platforms without this boot ROM: if the flash is blank or
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
32 contains a bad code image, or if RAM is mapped onto the boot chip select
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
33 instead of flash, allowing the ARM7 core to execute garbage out of reset is
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
34 bad, whereas having a "reset and hold still" ability allows guaranteed reliable
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
35 recovery and bootstrapping from a blank or bricked state. As explained later
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
36 in this article, this "reset and hold still" maneuvre is executed by first
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
37 giving the target a test reset pulse (which unstoppably blows away all prior hw
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
38 state), then immediately (the timing is critical) performing certain
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
39 manipulations via the JTAG scan chain - thus the bundling of the XDS_RESET
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
40 signal with JTAG is important.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
41
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
42 EMU0 and EMU1 signals
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
43 =====================
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
44
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
45 In addition to the 4 standard JTAG signals TCK, TDI, TDO and TMS, the Calypso
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
46 provides two TI-proprietary signals called EMU0 and EMU1. (The test reset goes
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
47 to the Iota ABB, not to the Calypso.) These EMU0 and EMU1 signals are brought
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
48 out to the 14-pin JTAG connector on TI's D-Sample and E-Sample boards, and also
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
49 on our FCDEV3B.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
50
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
51 The function of these two signals is completely unknown: all we know is that
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
52 they are listed as "bidirectional in/out" in the cal000.pdf document, and that
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
53 same-named signals also exist on TI's general-purpose DSP chips, both C54x and
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
54 the newer families, where they are also very poorly documented. We don't know
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
55 what these EMU0/1 signals do on the Calypso, and it is a particular unknown
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
56 whether they are specific to the DSP part or if the ARM7 part can also make use
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
57 of them somehow.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
58
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
59 I (Mother Mychaela) previously thought that these signals might facilitate a
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
60 way to halt the ARM7 core without going through the scan chain, or a different
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
61 way to halt directly out of reset than the one we ultimately found, but a
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
62 recent experiment has shown that pulling either or both of these signals low
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
63 (they are pulled up on target boards) has absolutely no visible effect on ARM7
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
64 code execution, whether they are pulled low coming out of test reset or while
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
65 running. Thus until we recover more understanding of what is going on inside
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
66 the chip, we are going to ignore these two signals and leave them unconnected.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
67
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
68 Iota not included in the JTAG scan chain
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
69 ========================================
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
70
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
71 In addition to the Calypso chip itself (the DBB), the Iota ABB chip also has
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
72 JTAG pins and could potentially be included in the scan chain. However, this
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
73 wiring arrangement is not typically used: both on TI's D-Sample board and on
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
74 our own FCDEV3B (based on Leonardo schematics) the JTAG interface is wired only
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
75 to the Calypso and not to Iota. The same arrangement has also been found in
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
76 all historical commercial phones and modems that provide a JTAG interface.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
77
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
78 We don't have any plans to change this arrangement in any of our future designs:
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
79 in the absence of 100% complete understanding of the internals of both chips,
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
80 there is no telling what unexpected gotcha may occur if the Iota chip is
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
81 included in the same scan chain as the Calypso, hence we are not doing that.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
82
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
83 ARM7 and C54x DSP cores
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
84 =======================
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
85
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
86 The regular JTAG scan chain inside the Calypso goes through two TAPs
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
87 corresponding to the two processor cores. The ARM7 TAP with a 4-bit IR is
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
88 closer to TDI, and the C54x DSP TAP with an 8-bit IR is closer to TDO. The
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
89 debug interface to the ARM7 core through its respective TAP is consistent with
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
90 public ARM7TDMI documentation from ARM except for one important quirk described
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
91 below, but we know absolutely nothing about the DSP TAP and its debug protocol
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
92 other than how to put it into BYPASS so we can operate on the ARM.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
93
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
94 It appears from passing references in some TI documents that they did intend to
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
95 have an ability to debug the Calypso DSP via JTAG "emulation", and TI's CCS
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
96 software working through TI's XDS510 or XDS560 hardware (the same setup that
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
97 successfully connects to the ARM7 part of the Calypso) supports C54x targets.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
98 However, we have no idea how any potential JTAG access to the DSP would interact
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
99 with its reset control coming from the ARM or with its power saving modes, and
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
100 it is very likely that there are some security mechanisms restricting debug
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
101 access to the DSP (perhaps needing some secret key to unlock it), thus being
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
102 able to debug the DSP via JTAG is not something we can realistically hope for
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
103 unless we either buy out the complete chip design from TI or physically
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
104 reverse-engineer the chip transistor by transistor, both options being equally
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
105 cost-prohibitive. At our current level of budgetary means, our ability to use
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
106 the JTAG interface on the Calypso is limited to the ARM7 part, not the DSP.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
107
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
108 Non-standard extension to the ARM7TDMI TAP
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
109 ==========================================
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
110
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
111 We know that TI made at least one non-standard extension to the ARM7TDMI TAP in
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
112 the Calypso because it implements at least one additional opcode that does not
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
113 appear in any public documentation from ARM. When connecting to this ARM7
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
114 target, TI's CCS software working through XDS510 or XDS560 hardware apparently
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
115 scans a 0xB opcode (4'b1011) through the IR, and then apparently scans 2'b10
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
116 through the 2-bit DR selected by this opcode. (I said "apparently" because so
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
117 far the only people who have actually sniffed the JTAG communications produced
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
118 by the XDS+CCS combo were OsmocomBB people, not anyone from the FreeCalypso
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
119 team, hence we don't have any authentic knowledge currently.) Experiments with
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
120 OpenOCD show that the just-described sequence of IR and DR scans with an
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
121 unknown instruction and an unknown data register is necessary in order to allow
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
122 halting the ARM7 core: if we try to halt it in the standard ARM7TDMI way (either
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
123 via DBGRQ or via a catch-all breakpoint unit setup) without doing the magic
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
124 sequence first, no halt is effected.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
125
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
126 Fortunately though, after we issue the non-understood magic sequence once, all
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
127 subsequent ARM7TDMI halt/resume manipulations done in the standard way appear
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
128 to work just fine, no more quirks. The only time when the "halt unlock" magic
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
129 sequence needs to be repeated is after a reset, which is expected.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
130
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
131 Interaction with the watchdog timer
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
132 ===================================
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
133
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
134 The Calypso chip includes a watchdog timer feature; if this watchdog timer is
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
135 enabled and allowed to expire, it effects a fairly deep reset of the chip. The
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
136 Calypso boot ROM code and most firmware designs do a step early on to disable
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
137 this watchdog, and it is not subsequently re-enabled except to effect a reboot
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
138 when so desired, but as the ARM7 core first comes out of reset and starts
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
139 executing instructions from the reset vector (whether ROM or external memory),
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
140 the watchdog timer is enabled and ticking. This watchdog timer interacts with
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
141 JTAG as follows:
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
142
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
143 1) When the ARM7 core is halted via JTAG, the watchdog timer (if enabled) is
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
144 NOT stopped or paused, but keeps ticking.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
145
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
146 2) If a watchdog reset occurs while the ARM7 core is halted, everything goes
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
147 out of whack, consistent with the note in standard ARM7TDMI documentation
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
148 which says that a reset must not be applied to the core while it is in debug
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
149 halt state.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
150
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
151 Therefore, if the ARM7 core is to be halted at a time when the watchdog timer
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
152 is enabled and ticking, the halt operation must be quickly followed by two
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
153 system bus write operations (mwh command in OpenOCD) to the WATCHDOG_TIM_MODE
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
154 register, executing the watchdog disable sequence before the timer is allowed
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
155 to expire while halted.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
156
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
157 JTAG clock speed
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
158 ================
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
159
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
160 It is often stated that the JTAG clock speed must be no greater than 1/6 of the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
161 system clock speed when talking to ARM cores, and that JTAG access is blocked
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
162 when the core goes into a power saving mode with the clock stopped. Neither of
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
163 these constraints applies to our beloved Calypso though: the stated issues occur
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
164 in chip designs which internally synchronize JTAG signals including TCK to their
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
165 system clock, but Calypso and its predecessors don't do that, they use the hard
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
166 macrocell version of the ARM7TDMI core instead, use TCK directly to clock JTAG-
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
167 specific logic and perform "hard" clock switching for debug mode.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
168
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
169 According to the available cal000_a.pdf document, the maximum TCK frequency
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
170 supported by the Calypso is 10 MHz, which also appears to be the only TCK
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
171 frequency which TI's older XDS510 "emulator" pods can produce without hardware
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
172 modifications. This 10 MHz TCK frequency can be used no matter what frequency
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
173 is fed to Calypso's main CLKTCXO clock input or what frequency the ARM7 core is
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
174 configured to run at, and JTAG keeps working even when the main clock is
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
175 completely stopped.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
176
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
177 It is possible to halt the Calypso ARM7 core when it is in a sleep mode, even
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
178 in deep sleep: manipulation of internal scan chain 2 to set DBGRQ is a JTAG-only
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
179 operation, contained entirely in the TCK clock domain, thus it works even with
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
180 the main VCXO stopped, and the actual halt occurs on wakeup when the ARM7 core
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
181 regains its regular clock and sees the internal DBGRQ signal asserted.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
182
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
183 Halting immediately out of reset
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
184 ================================
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
185
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
186 To me (Mother Mychaela) it always seemed evident that the Calypso and its
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
187 predecessors had to have some way to perform a "reset and hold still" maneuvre,
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
188 as this capability was absolutely essential for deterministic bootstrapping and
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
189 recovery of boards before the Calypso boot ROM subsumed that function. However,
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
190 the exact manipulations required to achieve this effect have remained elusive
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
191 for a long time until I found the answer in May-June of 2019. The trick is NOT
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
192 done through EMU0/1 pins like I once thought, and the method used on many other
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
193 chips involving classic TRST and SRST signals is clearly not applicable to the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
194 Calypso given its very different reset structure.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
195
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
196 The answer lies in the clocking architecture of TI GSM chipsets, involving a
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
197 VCXO that is started and stopped and a 32.768 kHz clock which is always running.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
198 When the Calypso starts its boot process in response to the ON_nOFF signal
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
199 going from low to high (in the XDS-triggered test reset scenario this event
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
200 immediately follows the release of external reset), the main VCXO is off (i.e.,
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
201 it hasn't been started yet) and only the 32.768 kHz clock is running. At this
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
202 point the ARM7 core receives no clock at all (the 32.768 kHz clock is never fed
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
203 to the ARM7), and the ULPD block (the same block that handles deep sleep) goes
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
204 through the sequence of first enabling the main VCXO, then waiting for it to
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
205 stabilize. This sequence takes about 8192 cycles of the slow clock (about
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
206 250 ms), and only at the completion of this sequence the ARM7 core gets its
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
207 first clock. But during that 250 ms time window the JTAG logic is out of its
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
208 reset and functioning, and it can be operated because Calypso JTAG does not
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
209 depend on the main ARM clock which is stopped.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
210
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
211 The following sequence of steps successfully achieves the effect of resetting
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
212 the Calypso+Iota chipset and all board-level peripherals that are subservient
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
213 to it, and halting the Calypso directly at the reset vector before the first
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
214 instruction is executed:
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
215
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
216 1) Give the chipset a test reset pulse via the XDS_RESET line; the exact
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
217 required duration is not known, but my OpenOCD-based proof of concept gives
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
218 a 50 ms pulse.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
219
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
220 2) Immediately after releasing the reset or after a short delay (my PoC does a
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
221 10 ms delay), start exercising the JTAG scan chain, which has been fully
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
222 reset - it will be responsive at this point.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
223
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
224 3) Perform the "magic" IR and DR scans to enable halting ability, just like we
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
225 do when we wish to halt an already-running Calypso.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
226
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
227 4) Going through scan chain 2 inside the ARM7TDMI TAP, set the DBGRQ bit.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
228 All steps up to this one must happen before Calypso ULPD enables the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
229 VCXO-derived clock to the ARM7.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
230
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
231 5) Also going through scan chain 2, poll and wait for DBGACK to get set,
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
232 indicating that the ARM7TDMI core halted - this event will happen when the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
233 core gets its first clocks.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
234
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
235 6) Once the ARM7TDMI core is halted, perform the two mwh operations to the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
236 0xFFFFF804 register (WATCHDOG_TIM_MODE) to disable the watchdog, otherwise
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
237 it will generate another internal reset and mess up the system state.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
238
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
239 We never found any built-in provision in TI's CCS (see below) or any script for
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
240 CCS that does the above, instead I (Mother Mychaela) found it on my own by
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
241 thinking about how it could possibly be done, and proved the idea working
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
242 with an OpenOCD setup presented in the freecalypso-hwlab repository.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
243
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
244 Original official TI tools
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
245 ==========================
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
246
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
247 TI's original and official tool for operating on Calypso JTAG was their Code
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
248 Composer Studio (CCS) software, working through TI's XDS510 and XDS560
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
249 "emulator" hardware. The original hardware solution was the XDS510, and I mean
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
250 the original XDS510 which was an ISA card made by TI themselves, not any of the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
251 later "XDS510-class" "emulators" made by companies acting as TI's 3rd-party
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
252 partners. The next successor to this original XDS510 was the original XDS560,
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
253 also made by TI themselves and distinct from the later "XDS560-class" devices
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
254 by TI's 3rd-party partner companies. The original XDS560 is a PCI card rather
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
255 than ISA, thus a little easier to get working in 2019, and also more readily
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
256 available on ebay. Both XDS510 and XDS560 consist of a desktop PC card (ISA or
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
257 PCI) and an active pod, and the pod has a non-detachable target connection cable
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
258 coming out of it, terminating in a female connector mating with the TI-style
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
259 14-pin JTAG header. The pod connector fits perfectly to TI's original D-Sample
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
260 board, but on our FCDEV3B it fails to fit because the JTAG and dual UART headers
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
261 are too close together. Therefore, anyone who is interested in connecting TI's
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
262 original XDS510 or XDS560 to an FCDEV3B would need to get some male-to-female
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
263 jumper wires or make a custom-crimped interposer cable.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
264
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
265 The version of CCS which we found to work with these "emulator" adapters (both
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
266 XDS510 and XDS560) and with Calypso targets is this one:
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
267
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
268 ftp://ftp.freecalypso.org/pub/GSM/TI_tools/CCS/CCS_3.3.83.20_win32.zip
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
269
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
270 In order to get this CCS to work with a Calypso target, you will need to create
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
271 a "custom board" configuration in CCS setup - none of the predefined board
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
272 configs shipped with CCS will work. To create the needed "custom board" config,
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
273 select your "emulator" (XDS510 or XDS560), then add an ARM7 target and a
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
274 TMS320C5400 target in this order, which is the order from TDI to TDO. With this
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
275 custom config saved, running CCS brings up what they call the Parallel Debug
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
276 Manager, which supposedly supports coordinated debugging of both ARM and DSP
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
277 cores. However, I (Mother Mychaela) have not tried connecting to the DSP part,
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
278 only ARM7; another FreeCalypso community member who also got a working XDS510
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
279 setup talking to an FCDEV3B did try it, but saw what appears to be garbage. As
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
280 discussed earlier in this article, we are completely in the blind here, hence
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
281 this direction is not being seriously explored at the present.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
282
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
283 In order to play with just the ARM7 core, leaving the DSP alone, select the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
284 ARM7 target in the Open menu in Parallel Debug Manager - the main CCS debug
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
285 window will then open, and it will be specific to the ARM7 target. In my own
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
286 testing all further operations were done from the latter window and its menus.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
287
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
288 Reset with TI's tools
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
289 ---------------------
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
290
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
291 Both XDS510 and XDS560 "emulators" have only one reset output; on TI's general-
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
292 purpose DSP development boards outside of the GSM Skunkworks division this one
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
293 reset line was TRST, whereas on D-Sample and Leonardo boards (and on our
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
294 FCDEV3B) this signal is repurposed to drive Iota nTESTRESET through a clever
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
295 transistor circuit. TI's general-purpose (non-GSM) DSP chips and boards have
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
296 internal pull-downs on TRST rather than pull-ups (JTAG logic permanently held
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
297 down in reset when no "emulator" is connected), hence both XDS510 and XDS560
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
298 pods drive this signal with an active push-pull driver - which is why Calypso
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
299 development boards include the special transistor circuit rather than connect
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
300 the XDS_RESET line (as we call it) directly to internal nTESTRESET.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
301
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
302 Prior to initialization, a "cold" XDS560 pod has its reset output held low,
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
303 thus the target board will be held down in test reset and will appear completely
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
304 unresponsive. To initialize the XDS560 and release it from reset, select
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
305 "Emulator Reset" from the Debug menu. For this operation to succeed, the LDO
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
306 regulators in the Iota ABB need to be turned on, putting out 2.8 V on the V-IO
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
307 rail which is used as the target voltage reference by the XDS560 pod, so you
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
308 will probably need to press either the PWON button or the RESET button on the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
309 FCDEV3B initially - and if the green LED stays off after that button press, you
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
310 know that the board is being held down in test reset by the XDS560 pod. Then
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
311 do the "Emulator Reset" operation, at which point the green LED will turn on
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
312 and the board will boot normally. From this point onward, doing a repeated
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
313 "Emulator Reset" operation causes a low-then-high pulse to be put out on the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
314 XDS_RESET line, resetting the board and once again causing it to go through a
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
315 fresh boot.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
316
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
317 Connecting to the ARM7 core and halting it
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
318 ------------------------------------------
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
319
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
320 Once the XDS560 has been initialized and the target board has been lifted out
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
321 of test reset with the "Emulator Reset" operation, you can execute the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
322 "Connect target" operation, also in the Debug menu. This operation produces a
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
323 successful halt (I can only guess that this step is the point at which the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
324 mysterious 0xB JTAG instruction and the unknown 2-bit register scan are issued,
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
325 unlocking the halting ability on this modified ARM7TDMI core), but the halt
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
326 happens at whichever point the ARM7 core happens to be in its code execution,
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
327 i.e., the generic, non-GSM-specific CCS has no knowledge of the peculiar timing
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
328 sequence that is required to achieve a halt directly out of reset on the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
329 Calypso. It is my (Mychaela's) guess that CCS probably has some scripting
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
330 ability for more advanced users, and that TI's GSM Skunkworks division used
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
331 this custom scripting mechanism to do a sequence of {Emulator reset, then
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
332 connect to target and halt, then execute two register writes to disable the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
333 watchdog} with machine rather human timing between the steps. Machine rather
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
334 than human timing is required in order to hit the 250 ms window between the
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
335 release of reset and the beginning of ARM core execution, and also to disable
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
336 the watchdog after the halt via two register writes before it goes off.
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
337
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
338 Using OpenOCD on Calypso targets
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
339 ================================
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
340
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
341 Building on top of the work that was done almost a decade earlier by some people
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
342 in the OsmocomBB camp (they sniffed the magic "halt unlock" sequence from an
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
343 XDS+CCS setup and gained the ability to halt an already-running Calypso with
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
344 OpenOCD, albeit without the reset magic) and adding the more in-depth
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
345 understanding provided by Mother Mychaela, we now have the ability to use
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
346 OpenOCD with a simple FT2232D adapter (instead of TI's XDS+CCS) to connect to
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
347 JTAG on TI/FC development boards, both D-Sample and FCDEV3B, gaining the power
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
348 of Free Software instead of proprietary tools. For the details, please refer
7ba5c951803c Calypso-JTAG-notes article written
Mychaela Falconia <falcon@freecalypso.org>
parents:
diff changeset
349 to the freecalypso-hwlab repository.