Calypso JTAG documented

Mychaela Falconia mychaela.falconia at gmail.com
Sun Jun 30 06:18:23 UTC 2019


Hello FC community,

I just finished writing documentation for Calypso JTAG.  This new
documentation is split between two repositories: freecalypso-docs has
the Calypso-JTAG-notes document which describes Calypso JTAG in
generic (non-OpenOCD-specific) terms, whereas the working config and
notes for OpenOCD on Calypso reside in the freecalypso-hwlab
repository.

To put the matter in context, there is very little practical need for
JTAG in FreeCalypso.  We first gained the ability to use JTAG when we
built our first FCDEV3B boards in 2017-04; prior to that time our
primary target platform was the Calypso modem in Openmoko devices, and
that Calypso modem has no accessible JTAG.  Yet in the two years that
we've had readily accessible ability to use JTAG on Calypso, I never
had a need to use it for any of my FC development work.

However, over the past few months one of our community members had a
strong interest in exploring JTAG on the FCDEV3B, and I got involved
too because I consider it my responsibility to provide top-notch
support for every aspect of the Calypso chip, just as if I were the
IP rights-owner to the chip itself.  (Which I should be, but that's a
subject for another day.)  So Das Signal and I spent a good bit of
time recreating TI's original JTAG setup with XDS hardware and CCS
software (needs a desktop PC running WinXP, yuck), and we both got it
working; DS got an XDS510 hw setup and I got one with XDS560, so we
know that both work with our dear Calypso.  We successfully recreated
the XDS+CCS setup that was used by someone in OsmocomBB camp almost a
decade ago to sniff TI's non-standard extension to the ARM7TDMI TAP
that is required to enable halts, but we haven't redone the sniffing
itself yet, as the "magic" irscan+drscan sequence checked into
mainline OpenOCD under tcl/target/ti_calypso.cfg works just fine so
far.

However, even though it does the halt-unlocking "magic" sequence
correctly, that target/ti_calypso.cfg config in the mainline OpenOCD
distribution is bogus in most other ways: it fails to account for the
reset architecture in the Calypso+Iota chipset being completely
different from the TRST+SRST model which OpenOCD thoroughly assumes
throughout, thus it won't correctly reset the chipset through the
XDS_RESET signal provided on TI/FC development boards, and of course
it can't do a "reset and hold still" maneuvre.  It also needlessly
limits the JTAG clock speed to 1 MHz, even though Calypso JTAG works
just fine with up to 10 MHz TCK regardless of the ARM clock, including
states in which the main clock is stopped altogether.  All of these
issues are covered in great detail in my new Calypso-JTAG-notes
document in freecalypso-docs.

It appears that the solution for JTAG on Calypso and its predecessors
used by TI's own engineers working in the GSM Skunkworks division
consisted of an XDS510 or XDS560 "emulator" (ISA or PCI adapter going
into a desktop PC, respectively), Code Composer Studio software, plus
some custom GSM-Skunkworks-specific scripts for the latter which
aren't shipped with standard CCS.  I reason that such custom scripts
must have existed because "stock" CCS can send a reset pulse to the
target and it can halt the Calypso ARM7 core in its normal running
state, but it can't do the special timing sequence that results in the
Calypso being halted before it executes the first instruction from the
reset vector.  TI's own developers most certainly needed the latter
maneuvre on earlier platforms that didn't have a boot ROM, hence I
reason that they must have had some special script for CCS that does
the trick.

I played a bit with TI's official way: I got a real TI-made XDS560 PCI
adapter (a very complex board, and completely undocumented) from ebay
along with the required active pod (also TI-made), I installed the PCI
board in an air-gapped WinXP machine, and I connected the pod to the
one original D-Sample board I have.  (Connecting the same pod to an
FCDEV3B would require a whole bunch of M2F jumper wires or a custom-
crimped interposer cable to get around the mechanical fitting problem,
and I was too lazy to do that.)  But connecting an original authentic
JTAG pod from TI themselves to TI's own D-Sample board felt incredible,
it was the *exact* physical setup which TI's own engineers had in
their offices or cubicles Back In The Day!  I ran CCS version 3.3 and
saw what it can and cannot do out of the box: halting the ARM7 core in
the Calypso in the middle of whatever code it happens to be running
works right out of the box, a "reset and halt" maneuvre does not seem
possible out of the box with simple GUI manipulations and probably
requires custom scripting, CCS also supports C54x DSP debugging, but
we would need to know a lot more black magic before we could use this
debug avenue on the Calypso.

Having satisfied myself with TI's official way, I switched my attention
to OpenOCD.  First I proved experimentally that the poorly documented
EMU0 and EMU1 signals don't do anything interesting to the ARM7 core
(don't halt it and don't alter its boot behaviour), hence they can be
ignored and left unconnected.  Then I figured out how to do the "reset
and halt" maneuvre, i.e., fully reset the board via Iota nTESTRESET,
and as the Calypso comes out of this superdeep reset, halt it before
it executes the first instruction from the reset vector.  Performing
this maneuvre does not require any extra hardware signals beyond the
standard JTAG scan chain plus the XDS_RESET line, but it does require
special timing, as detailed in my Calypso-JTAG-notes document.

Finally on the basis on all of these experiments and discoveries, I
put together an OpenOCD-on-Calypso config that operates correctly on
our chipset and allows all 3 possibilities: halting the Calypso without
a reset, resetting the chipset and the board without a halt, and doing
the "reset and hold still" maneuvre.  This OpenOCD config and
instructions for using it reside in the freecalypso-hwlab repository.

The point of this whole exercise?  The point was to acquire a sense of
ownership over this previously-underexercised function of the Calypso
chip, gaining the ability to exercise it as much as TI's own engineers
did Back In The Day, and gaining the ability to provide exactly the
same level and quality of support to FreeCalypso customers as TI
provided to their customers Back In The Day.  The laws of various
Western countries in which I don't hold any citizenship may disagree
with me, but I act as if all moral rights to the Calypso chipset
itself (along with its associated software) have been transferred from
TI to me, and in that case all support responsibilities and obligations
have been transferred as well - thus I have a *duty* to provide the
same level of support as TI once provided.

Hasta la Victoria, Siempre,
Mychaela aka The Mother


More information about the Community mailing list