FreeCalypso > hg > freecalypso-docs
comparison Flash-boot-modes @ 8:dc0e9c91d54a
Flash-boot-modes article added (migrated from freecalypso-tools)
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Fri, 26 Oct 2018 06:41:47 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 7:43829da82312 | 8:dc0e9c91d54a |
|---|---|
| 1 The Calypso chip includes an on-die boot ROM that allows the boot process to be | |
| 2 interrupted and diverted by an external host sending some special characters | |
| 3 into either of the two UARTs; this mechanism is what allows us to load code into | |
| 4 RAM and to reload the flash on Calypso GSM devices without having to resort to | |
| 5 JTAG or chip desoldering or other extreme measures. In normal operation, when | |
| 6 the boot path is NOT being diverted by an external serial download, the boot ROM | |
| 7 transfers control to the regular firmware in the flash - but there are two | |
| 8 different modes in which the flash fw image may be booted. | |
| 9 | |
| 10 In order for the flash fw image to be considered bootable by the Calypso boot | |
| 11 ROM, the 32-bit word at flash address 0x2000 must equal either 0 or 1; if it | |
| 12 equals any other value, the boot ROM will consider the flash fw image to be | |
| 13 invalid (e.g., blank flash) and will wait forever for a serial download instead | |
| 14 of proceeding with flash boot. Depending on whether this word at 0x2000 equals | |
| 15 0 or 1, the flash fw image will be booted in one of two very different ways; | |
| 16 we shall call them flash boot mode 0 and flash boot mode 1, respectively. | |
| 17 | |
| 18 In flash boot mode 0 the following 32-bit word at flash address 0x2004 must | |
| 19 contain the address of the flash fw image entry point (ARM/Thumb selection in | |
| 20 the least-significant bit); the boot ROM will simply jump to this address with | |
| 21 a BX instruction. When the flash fw image is booted in this manner, the boot | |
| 22 ROM is still mapped at address 0 and the first 8 KiB of flash are inaccessible | |
| 23 except via the 0x03000000 alternate mapping, unless the firmware later changes | |
| 24 the FFFF:FB10 register. This boot mode is intended for flash fw images that | |
| 25 use the interrupt and exception vectors in the ROM (branching to IRAM addresses | |
| 26 0x80001C-0x800034) for their interrupt and exception handling. | |
| 27 | |
| 28 Flash boot mode 1 is different: instead of jumping directly to the flash fw | |
| 29 image, the boot ROM copies a small piece of its code into IRAM and jumps to that | |
| 30 code; the copied code disables the boot ROM via the FFFF:FB10 register (puts | |
| 31 the external flash at address 0) and induces a processor reset through the | |
| 32 watchdog timer. It is not clear to us exactly what blocks are affected by the | |
| 33 watchdog reset, but bits 9:8 of the FFFF:FB10 register are not reset, hence | |
| 34 the ARM processor now boots from the reset vector in the flash as if the boot | |
| 35 ROM weren't there - and the latter really is not there after having disabled | |
| 36 itself. | |
| 37 | |
| 38 Flash boot mode 0 is only usable on Calypso C035 silicon (the "new" kind); | |
| 39 while all commercial Calypso GSM devices targeted by FreeCalypso feature Calypso | |
| 40 chips of the correct "new" kind, the people at TI who wrote and maintained their | |
| 41 official firmware also had to work with older Calypso C05 chips featured on the | |
| 42 early D-Sample and Leonardo boards. The earlier boot ROM code version in those | |
| 43 early Calypso chips also implements the two boot modes which we call mode 0 and | |
| 44 mode 1, but its implementation of mode 0 is broken and unusable, therefore TI's | |
| 45 firmware people only used flash boot mode 1. On the other hand, newer firmware | |
| 46 designs made for current rather than historical hardware will probably find | |
| 47 mode 0 to be cleaner, more intuitive and more convenient. | |
| 48 | |
| 49 All TI official firmwares use flash boot mode 1, our FreeCalypso Magnetite | |
| 50 firmware does likewise, being a direct derivative of TI's TCS211 fw, but our | |
| 51 gcc-built FC Selenite firmware uses flash boot mode 0, as the assembly code | |
| 52 pieces and linker script magic are entirely new (our own original design) in | |
| 53 the gcc-built version. |