Custom soc on ARM64, failed to load the firmware properly

[Alyosha Shevandin]

I'm building the custom SoC emulation that is based on the Cortext-a55.

During the runtime $pc register contains 0 instead the address that is provided in means of arm_boot_info.loader_start :

(gdb) p $pc

$1 = (void (*)()) 0x0

x/3i 0xFF00000000

0xff00000000 <_start>: .inst 0x464c457f ; undefined

0xff00000004 <_start+4>: .inst 0x00010102 ; undefined

0xff00000008 <_start+8>: udf #0

During the runtime the memory area where the firmware should be loaded contains junk. I’m trying to understand what’s wrong.

The SoC supports the custom memory layout which means that ROM starts at some specific address. The relevant memory region is initialized and add as a subregion to the main memory:

memory_region_init_rom(&s->rom, obj,”rom",memmap[ROM].size, &error_abort);

memory_region_add_subregion(get_system_memory(),memmap[ROM].base,&s→rom);

The firmware is then loaded to the ROM:

load_image_mr(fname, &soc_state→rom)

The arm_boot_info object is created and initialized as follow:

static struct arm_boot_info bootinfo = {

.ram_size = memmap[SRAM].size,

.board_id = -1,

.loader_start = memmap[ROM].base,

.get_dtb = NULL,

/*

* Do not load DTB, it will be loaded by bootloader code

*/

.skip_dtb_autoload = true,

/*

* The current machine initialization code will load BL1,

*

*/

.firmware_loaded = true,

};

Then there is this call:

arm_load_kernel(&soc_state->cpu, machine, &bootinfo);

Then the quemu is started:

qemu-system-aarch64 -s -S -nographic -machine custom-soc-machine -bios bl1.elf

Regars