On Thu, 17 Oct 2013 20:17:15 +0100
Peter Maydell <peter.mayd...@linaro.org> wrote:
> On 17 October 2013 19:51, Georg Hofstetter <q...@g3gg0.de> wrote:
> > flash (ROM1) on these cameras starts at 0xF8000000 and is either
> > 0x00800000, 0x01000000 ox 0x02000000 large. just like with every
> > chip-selected memory, where the CS/EN line is selected by address masks,
> > addressing beyond the size memory repeats the content over and over.
> >
> > ROM0 (0xF0000000) is rarely used.
> >
> > The ARM in DIGIC has the high vectors selected by hardware and so the
> > reset vector is 0xFFFF0000. There you will find a bootloader.
> > Due to the memories repeating over and over starting from 0xF8000000,
> > the CPU will read from 0xF87F0000, 0xF8FF0000 or 0xF9FF0000, depending
> > on flash size (see above).
> >
> > This kind of addressing beyond real flash end and wrapping over is
> > intentionally used by canon in multiple places - even in the main
> > firmware and when reflashing.
> > Some blocks are reflashed on a regular basis. They are used for
> > properties, which are the configuration area.
>
> Thanks for this explanation of the hardware.
>
> > If you want to make the emulator behave like the real hardware, then you
> > have to:
> >
> > - reset to 0xFFFF0000
>
> Yep. This implies having a cpu property corresponding to "enable
> hivecs from bootup" (matching the h/w config signal), and making
> sure cpu reset honours it; that's fairly easy.
>
> > - place ROM0 at 0xF0000000
> > - place ROM1 at 0xF8000000
> > - make the memory subsystem address correctly: (pseudocode)
> > if((virt_addr & 0xF8000000) == 0xF0000000)
> > {
> > real_addr = 0xF0000000 | (virt_addr & (rom0_size - 1));
> > }
> > if((virt_addr & 0xF8000000) == 0xF8000000)
> > {
> > real_addr = 0xF8000000 | (virt_addr & (rom1_size - 1));
> > }
>
> The easy way to do this is just to use memory region aliases
> to repeat the ROM through the whole area; you can do that
> in the board model without having to mess with the memory
> subsystem itself.
Hmm. The current DIGIC patchseries already has the functionality like this!
Here is my console log:
$ xxd -g 1 -l 0x40 ./canon-a1100-rom1.bin
0000000: 12 00 00 ea fe ff ff ea fe ff ff ea fe ff ff ea ................
0000010: fe ff ff ea fe ff ff ea fe ff ff ea fe ff ff ea ................
0000020: 62 61 72 65 62 6f 78 00 00 00 10 00 84 5e 01 00 barebox......^..
0000030: 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 UUUUUUUUUUUUUUUU
$ ./arm-softmmu/qemu-system-arm -M canon-a1100 -bios ./canon-a1100-rom1.bin
-serial stdio
Switch to console [cs0]
barebox 2013.08.0-00267-g85b83fb #125 Thu Aug 29 07:58:57 MSK 2013
Board: Canon PowerShot A1100 IS
digic-gpio c0220000.gpio: probed gpiochip-1 with base 0
cfi_flash f8000000.flash: found cfi flash at f8000000, size 4194304
malloc space: 0x00100000 -> 0x002fffff (size 2 MiB)
Open /dev/env0 No such file or directory
no valid environment found on /dev/env0. Using default environment
running /env/bin/init...
canon> /
canon> / md -b 0xf8000000+0x40
f8000000: 12 00 00 ea fe ff ff ea fe ff ff ea fe ff ff ea ................
f8000010: fe ff ff ea fe ff ff ea fe ff ff ea fe ff ff ea ................
f8000020: 62 61 72 65 62 6f 78 00 00 00 10 00 84 5e 01 00 barebox......^..
f8000030: 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 UUUUUUUUUUUUUUUU
canon> / md -b 0xf8400000+0x40
f8400000: 12 00 00 ea fe ff ff ea fe ff ff ea fe ff ff ea ................
f8400010: fe ff ff ea fe ff ff ea fe ff ff ea fe ff ff ea ................
f8400020: 62 61 72 65 62 6f 78 00 00 00 10 00 84 5e 01 00 barebox......^..
f8400030: 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 UUUUUUUUUUUUUUUU
canon> / md -b 0xf9000000+0x40
f9000000: 12 00 00 ea fe ff ff ea fe ff ff ea fe ff ff ea ................
f9000010: fe ff ff ea fe ff ff ea fe ff ff ea fe ff ff ea ................
f9000020: 62 61 72 65 62 6f 78 00 00 00 10 00 84 5e 01 00 barebox......^..
f9000030: 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 UUUUUUUUUUUUUUUU
canon> /
--
Best regards,
Antony Pavlov
