Re: [Qemu-devel] [RFC v5 2/5] hw/arm/digic: prepare DIGIC-based boards s

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC v5 2/5] hw/arm/digic: prepare DIGIC-based boards s

From:	Antony Pavlov
Subject:	Re: [Qemu-devel] [RFC v5 2/5] hw/arm/digic: prepare DIGIC-based boards support
Date:	Tue, 22 Oct 2013 15:26:55 +0400

On Thu, 17 Oct 2013 20:17:15 +0100
Peter Maydell <address@hidden> wrote:

> On 17 October 2013 19:51, Georg Hofstetter <address@hidden> wrote:
> > flash (ROM1) on these cameras starts at 0xF8000000 and is either
> > 0x00800000, 0x01000000 ox 0x02000000 large. just like with every
> > chip-selected memory, where the CS/EN line is selected by address masks,
> > addressing beyond the size memory repeats the content over and over.
> >
> > ROM0 (0xF0000000) is rarely used.
> >
> > The ARM in DIGIC has the high vectors selected by hardware and so the
> > reset vector is 0xFFFF0000. There you will find a bootloader.
> > Due to the memories repeating over and over starting from 0xF8000000,
> > the CPU will read from 0xF87F0000, 0xF8FF0000 or 0xF9FF0000, depending
> > on flash size (see above).
> >
> > This kind of addressing beyond real flash end and wrapping over is
> > intentionally used by canon in multiple places - even in the main
> > firmware and when reflashing.
> > Some blocks are reflashed on a regular basis. They are used for
> > properties, which are the configuration area.
> 
> Thanks for this explanation of the hardware.
> 
> > If you want to make the emulator behave like the real hardware, then you
> > have to:
> >
> >  - reset to 0xFFFF0000
> 
> Yep. This implies having a cpu property corresponding to "enable
> hivecs from bootup" (matching the h/w config signal), and making
> sure cpu reset honours it; that's fairly easy.
> 
> >  - place ROM0 at 0xF0000000
> >  - place ROM1 at 0xF8000000
> >  - make the memory subsystem address correctly: (pseudocode)
> >      if((virt_addr & 0xF8000000) == 0xF0000000)
> >      {
> >          real_addr = 0xF0000000 | (virt_addr & (rom0_size - 1));
> >      }
> >      if((virt_addr & 0xF8000000) == 0xF8000000)
> >      {
> >          real_addr = 0xF8000000 | (virt_addr & (rom1_size - 1));
> >      }
> 
> The easy way to do this is just to use memory region aliases
> to repeat the ROM through the whole area; you can do that
> in the board model without having to mess with the memory
> subsystem itself.

Hmm. The current DIGIC patchseries already has the functionality like this!
Here is my console log:

$ xxd -g 1 -l 0x40 ./canon-a1100-rom1.bin 
0000000: 12 00 00 ea fe ff ff ea fe ff ff ea fe ff ff ea  ................
0000010: fe ff ff ea fe ff ff ea fe ff ff ea fe ff ff ea  ................
0000020: 62 61 72 65 62 6f 78 00 00 00 10 00 84 5e 01 00  barebox......^..
0000030: 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55  UUUUUUUUUUUUUUUU

$ ./arm-softmmu/qemu-system-arm -M canon-a1100 -bios ./canon-a1100-rom1.bin 
-serial stdio

Switch to console [cs0]


barebox 2013.08.0-00267-g85b83fb #125 Thu Aug 29 07:58:57 MSK 2013


Board: Canon PowerShot A1100 IS
digic-gpio c0220000.gpio: probed gpiochip-1 with base 0
cfi_flash f8000000.flash: found cfi flash at f8000000, size 4194304
malloc space: 0x00100000 -> 0x002fffff (size 2 MiB)
Open /dev/env0 No such file or directory
no valid environment found on /dev/env0. Using default environment
running /env/bin/init...
canon> /
canon> / md -b 0xf8000000+0x40
f8000000: 12 00 00 ea fe ff ff ea fe ff ff ea fe ff ff ea    ................
f8000010: fe ff ff ea fe ff ff ea fe ff ff ea fe ff ff ea    ................
f8000020: 62 61 72 65 62 6f 78 00 00 00 10 00 84 5e 01 00    barebox......^..
f8000030: 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55    UUUUUUUUUUUUUUUU
canon> / md -b 0xf8400000+0x40
f8400000: 12 00 00 ea fe ff ff ea fe ff ff ea fe ff ff ea    ................
f8400010: fe ff ff ea fe ff ff ea fe ff ff ea fe ff ff ea    ................
f8400020: 62 61 72 65 62 6f 78 00 00 00 10 00 84 5e 01 00    barebox......^..
f8400030: 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55    UUUUUUUUUUUUUUUU
canon> / md -b 0xf9000000+0x40
f9000000: 12 00 00 ea fe ff ff ea fe ff ff ea fe ff ff ea    ................
f9000010: fe ff ff ea fe ff ff ea fe ff ff ea fe ff ff ea    ................
f9000020: 62 61 72 65 62 6f 78 00 00 00 10 00 84 5e 01 00    barebox......^..
f9000030: 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55    UUUUUUUUUUUUUUUU
canon> / 

-- 
Best regards,
  Antony Pavlov

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [RFC v5 2/5] hw/arm/digic: prepare DIGIC-based boards support, Peter Maydell, 2013/10/17
- Re: [Qemu-devel] [RFC v5 2/5] hw/arm/digic: prepare DIGIC-based boards support, Georg Hofstetter, 2013/10/17
  - Re: [Qemu-devel] [RFC v5 2/5] hw/arm/digic: prepare DIGIC-based boards support, Peter Maydell, 2013/10/17
    - Re: [Qemu-devel] [RFC v5 2/5] hw/arm/digic: prepare DIGIC-based boards support, Georg Hofstetter, 2013/10/19
    - Re: [Qemu-devel] [RFC v5 2/5] hw/arm/digic: prepare DIGIC-based boards support, Antony Pavlov <=

Prev by Date: [Qemu-devel] [PATCH for-1.7] seccomp: setting "-sandbox on" by default
Next by Date: [Qemu-devel] [PATCH] save_page: replace block_offset with MemoryRegion
Previous by thread: Re: [Qemu-devel] [RFC v5 2/5] hw/arm/digic: prepare DIGIC-based boards support
Next by thread: [Qemu-devel] virtio-blk wierd memcpy
Index(es):
- Date
- Thread