Home » Blogs » Nocturnal's blog

Pieces of Bootloader

Posted September 3rd, 2007 by Nocturnal

Well, I managed to get the EEPROM initialized correctly, or so I thought. After writing b-code to initialize the EEPROM and extract the bootloader, I then wrote a program to convert the output b-code version of the bootloader back into an actual image of the bootloader. I was starting to have suspicions that something was not quite right almost from the begining. Below you can see a chunk of the image I ended up with.

00003560  20 66 6f 72 20 52 53 6d  30 36 2d 30 39 2d 31 32  | for RSm06-09-12|
00003570  75 66 61 63 74 75 72 65  0a 44 65 76 69 63 65 20  |ufacture.Device |
00003580  73 20 61 6e 79 20 6b 65  74 65 72 6e 61 74 65 20  |s any keternate |
00003590  6f 70 74 69 6f 6e 73 20  08 08 00 00 0a 0a 00 00  |options ........|
000035a0  61 6d 20 62 6f 6f 74 6c  31 2e 20 50 72 6f 67 72  |am bootl1. Progr|
000035b0  6c 20 28 38 4d 42 20 6e  6f 6e 6c 79 29 0a 00 00  |l (8MB nonly)...|
000035c0  61 6d 20 72 6f 6f 74 2d  67 65 20 28 38 4d 42 20  |am root-ge (8MB |
000035d0  20 6f 6e 6c 79 29 0a 00  6e 61 6e 64 20 66 6c 61  | only)..nand fla|
000035e0  72 6f 67 72 61 6d 20 6e  65 6c 20 69 6d 61 67 65  |rogram nel image|
000035f0  72 6f 67 72 61 6d 20 6e  64 69 73 6b 20 69 6d 61  |rogram ndisk ima|
00003600  72 6f 67 72 61 6d 20 72  79 73 74 65 6d 20 69 6d  |rogram rystem im|
00003610  0a 20 20 20 50 6c 65 61  20 73 65 6c 65 63 74 69  |.   Plea selecti|
00003620  57 41 52 4e 49 4e 47 21  6c 6c 20 65 72 61 73 65  |WARNING!ll erase|
00003630  61 6e 64 20 66 6c 61 73  20 74 6f 20 63 6f 6e 74  |and flas to cont|
00003640  77 65 72 20 64 6f 77 6e  74 0a 00 00 46 69 6c 65  |wer downt...File|
00003650  0a 50 72 65 73 73 20 52  74 6f 6e 20 6f 6e 20 41  |.Press Rton on A|
00003660  20 2e 2e 2e 00 00 00 00  6b 65 72 6e 65 6c 20 66  | .......kernel f|
00003670  20 46 6c 61 73 68 20 74  2e 0a 00 00 42 6f 6f 74  | Flash t....Boot|
00003680  65 6c 20 2e 2e 2e 0a 0a  08 00 00 00 00 00 07 c4  |el .............|
00003690  00 20 02 09 c0 00 01 01  05 07 04 50 00 20 02 81  |. .........P. ..|
000036a0  55 6e 6b 6e 6f 77 6e 20  3a 20 30 78 00 00 00 00  |Unknown : 0x....|
000036b0  69 61 6c 69 7a 65 20 55  2e 0a 00 00 55 53 42 20  |ialize U....USB |
000036c0  61 64 79 20 66 6f 72 20  2e 0a 00 00 45 72 72 6f  |ady for ....Erro|
000036d0  73 20 77 68 65 6e 20 70  6c 61 73 68 0a 00 00 00  |s when plash....|
000036e0  53 44 52 41 4d 20 64 61  41 53 48 0a 00 00 00 00  |SDRAM daASH.....|
000036f0  6d 69 6e 67 20 2e 2e 2e  69 66 79 69 6e 67 20 2e  |ming ...ifying .|
00003700  20 56 65 72 69 66 79 20  0a 00 00 00 0a 2a 2a 2a  | Verify .....***|
00003710  4f 4b 20 2a 2a 2a 0a 00  5a 0f 0c 59 03 56 55 00  |OK ***..Z..Y.VU.|
00003720  3f 6a 69 3c 66 33 30 65  3c 69 6a 3f 65 30 33 66  |?ji

If you look closely, you will notice that chunks are missing. Which explains why I had a file much smaller than I thought I should end up with. It looks approximately like I am missing every second 16bit block. That leaves me with only two explainations. Either the Flash EEPROM datasheet is wrong, and it does support 32 bit addressing, or I have stuffed up the addressing somehow when I wrote the b-code.


Fortunately, both are easy to check, and easy to fix. The only problem is, it takes so damn LONG. Using b-code I will eventually extract a bootloader image, but it does have the downside that actually transfering and reading back the bootloader in b-code over the serial link takes a LONG time, over an hour. One of the things I tried, I estimated it would take over 4 hours if I let it run all the way through.


Hopefully, I'll get everything right, and won't spend hours waiting only to discover I'm barking up the wrong tree.