--- a/pirelli/preboot.notes	Sun Feb 09 09:36:42 2014 +0000
+++ b/pirelli/preboot.notes	Mon Feb 10 02:33:17 2014 +0000
@@ -3,12 +3,39 @@
 IRAM usage:
 
 800000:	everything from here to 81047C is zeroed out
+800000: byte var, init to 0
 800004: 1 written here
 800008: var set to bottom of SVC stack
 80000C: var set to top of SVC stack
 800010: 16-bit checksum of copy-to-RAM block, before copy
 800012: 16-bit checksum of copy-to-RAM block, after copy
+810014:	16-bit var, init to 0
+810016:	16-bit var, init to 0
+810018: byte var, init to 0x00
+810019: byte var, init to 0xBC
+81001C: 32-bit var, init to 0
+810020:	byte var, init to 0x00, apparently flag indicating that the array
+	at 0x810024 has been initialized
+810021:	byte var, init to 0x00
+810024: 32-bit var, init to 0
+810024: array of 3 structs, 24 (0x18) bytes each, one for each flash region
+	init by routine at 0xb3a8
+	offset 00: ptr to start of flash region
+	offset 04: 32-bit init to 0, appears to be a state in the [0,2] range:
+		0: initial
+		1: checked and found to contain an image
+		2: result of calling 0xb0c2 in mode 2
+	offset 08: byte init to 0, incremented each time 0xb0c2 in mode 1
+			succeeds
+	offset 09: byte init to 0
+	offset 0C: init to 0x12345678
+	offset 10: 32-bit init to 0
+	offset 14: 16-bit init to 0
+81006C:	table of 3 32-bit words, pointers to structures describing
+	3 flash2 regions, init to {0081a4d0, 0081a768, 0081aa00}
+810078: 32-bit var, init to 0
 81047C:	bottom of init stack (0x400 bytes)
+81047C: byte var, init to 0
 810484: first byte used by copied code block
 81AF0B: last byte ""
 81AF60: initial SP for abort and undef