Scott, Thanks for the understanding... it is appreciated. I am a large proponent (tech-vangelist) of IBM's 64-bit technology, from POWER4 through CELL, as I really do believe it is the best thing since sliced-bread.
There are some extreme sensitivities to some of the information... as anything that can affect stock price tends to send folks to jail. I don't want to go to jail. 'nuff said. For a 970 primer, you can go to www.970Eval.com and either download data sheets and/or go to the online forums (sorry, you have to register to see them) for some discussion on how 970 boots. I will briefly describe it here. This is from memory at 10:30 at night... so don't sue me if it's not completely correct. 1. Power-on, set PLL pins, set input clock speed, wait for PLL lock. 2. Send mode-ring. This is 1700+ bits, sent serially over I2C, that do things like set the boot-address, HID register bits, hypervisor mode, etc... 3. Let the Tx & Rx Bus Interface Units train and converge. 4. Set special bits that speak to erratum and processor ID. 5. Setup SDRAM memory controller 6. Enumerate boot path 7. Lift RESET and let processor assert boot-vector that was set in mode-ring. My thoughts with the '360 are that there is a Service Processor microcontroller on-board the silicon, and that it, Digital ID Tags, the Mode Ring as well as the Boot Flash are programmed over JTAG at manufacturing, using those soldered-in holes next to the processor... Could someone look at these holes with a microscope to see if maybe it was done by flying-probe? They leave small pin-like indentations in the solder. There are a few ways to skin this cat if this is indeed the case, and the key resides in either R.E. the mode ring to redirect the boot vector, or figuring out the correct sequence of accesses to be able to R/W Boot Flash over JTAG. MMU - There would be no cache and subsequently no threading if there were no MMU present. If my assumption is correct, that this is indeed a POWER4 core with a custom bus interface unit, than full MMU capabilities would be present... 42-bits physical address, 64-bit virtual address, etc... I can forsee no reasons for disabling this built-in feature of the architecture... Interrupt Vectors - Boot Vector is set through Mode-Ring. It can point anywhere in 64-bit space. All other vectors are set (usually) in either the head or tail of the binary... look at PowerPC GNU for 64-bit. I am unsure of where the memory controller resides... If it is off the CPU, then the BIU is modified to do cache coherency across 3 CPUs (no simple feat in 970 speak...), something normally done in the 'North-Bridge'. I ask because there are potential exploits here, if the memory controller is separate from the CPU. Regards, Bruce Boettjer Sr Hardware Design Engineer Momentum Computer 1815 Aston Ave Suite 107 Carlsbad, CA 92008 (760)-431-8663 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Tillman Sent: Monday, November 28, 2005 9:37 PM To: free60-devel@lists.sourceforge.net Subject: Re: [Free60-Devel] Hello >Bruce Boettjer wrote: > >Just a quick note to introduce myself and say 'Hi' to folks already here. >It is my understanding that the '360 uses 970FX cores licensed from IBM. I >designed and implemented IBM's reference design for the 970FX (Maple) [<SNIP>] Hello Bruce, thanks for stopping by. Previous experience with this chipset cannot hurt. My understanding is that the XBOX360's cores are custom, but I would imagine that the changes were as minimal as possible, to save both engineering and debugging time. Since most of us know very little about the internals of the core processors, can you give us a basic overview of the boot process? Details like where code execution starts and how interrupts vectors are located can be of great assistance. I'm also interested to find out whether this processor has an integrated MMU and, if so, what its capabilities are. I believe there is a version of linux built for platforms not supporting virtual memory, but most standard versions rely on paging hardware for a number of features. Again, thanks for any details that you can provide. >Segin wrote: >Who cares for NDAs? We'll just pretend we got it from an "outside source" >;) Reverse Engineering is a fact of life. Another fact is that businesses invest money bringing a product to market in the hope that it will make more money than it cost to develop. R.E. virtually garantees that the lifetime of a product is fairly short (18 months at best). Businesses *must* make every effort to protect the investment for as long as possible. I can single handedly ruin a products chances of success by leaking detailed designs and/or prototypes at the right time. I like the open source model. I think its a brave way to go about doing your business...the extension of the "publish or parish" methodology from most universities. However, that isn't the only valid way. I only bring this up because when someone like Bruce offers to help with a project like this it can be somewhat intimidating. It is difficult separating the protected information from the unprotected information. It is worse when he feels like any slip up will be taken advantage of without any regard to his career. So, the point is this: comments like "Who cares for NDAs?" are just like saying "Who cares about your career?" Is that really what you wanted to say to Bruce after such a kind offer of assistance? -SpeedBump _________________________________________________________________ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ free60-devel mailing list free60-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/free60-devel ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ free60-devel mailing list free60-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/free60-devel
