Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I543e405bf75868d0f7509a35e08fe31ed253e0e6
|
|
Use make V=1 to print all commands
Change-Id: I28bd4151178413f10ddab292f1d582a9d019f5ea
|
|
libusb limits control transfer sizes to 4k, see diff for details.
Change-Id: Id2e638010274009ea641d06e9040a8b9ab9d54a9
|
|
Change-Id: I886b8dc28e306f631389dbed41451eb086fea4fc
|
|
Change-Id: I76f7cffc700e8051d02936c24e8a70a0f8925edf
|
|
Change-Id: I14987d9783dd371f4990a5bcfbfb2d1c0c9be213
|
|
The JZ misc allows to enable and test SRAM.
The XBurst code uses the coprocessor interface to analyse the cpu. It also
provides a test platform for various features like EBASE and exceptions.
I was able to test and confirm that on jz4760b (thus xburst), EBASE works
(but top 2 bits are not controllable and always 01). The processor claims
to support vector interrupts but this is untested. The values in ConfigX
are not to be trusted blindly, clearly some are wrong. I tried to use the
JZ4780 Config7 "ebase gate" to change bit 30 of EBASE but it does not work,
which suggests that JZ480 uses a newer version of XBurst. Detailled log below:
> ./hwstub_shell -q -f lua/xburst.lua -e "XBURST.init()"
[...]
XBurst:
PRId: 0x2ed0024f
CPU: JZ4760(B)
Config: 0x80000483
Architecture Type: MIPS32
Architecture Level: Release 2 (or more)
MMU Type: Standard TLB
Config1: 0x3e63318a
MMU Size: 32
ICache
Sets per way: 128
Ways: 4
Line size: 32
DCache
Sets per way: 128
Ways: 4
Line size: 32
FPU: no
Config2: 0x80000000
Config3: 0x20
Vectored interrupt: yes
Config7: 0x0
> ./hwstub_shell -q -e 'require("jz/misc"); JZ.misc.enable_sram()' \
-f lua/xburst.lua -e "XBURST.test_ebase(0x80000000);XBURST.test_ebase(0xb32d0000)
[...]
Testing EBASE...
Disable BEV
SR value: 0x2000fc00
EBASE value: 0x80000000
Value after writing 0x80000000: 0x80000000
Value after writing 0x80040000: 0x80040000
Test result: EBase seems to work
Disable config7 gate: write 0x0 to Config7
Value after writing 0xfffff000: 0xbffff000
Enable config7 gate: write 0x80 to Config7
Value after writing 0xc0000000: 0x80000000
Config7 result: Config7 gate does not work
Exception test with EBASE at 0x80000000...
Writing instructions to memory
Old SR: 0x2000fc00
New SR: 0xfc00
EBASE: 80000000
Before: cafebabe
After: deadbeef
Exception result: Exception and EBASE are working
Testing EBASE...
Disable BEV
SR value: 0x2000fc00
EBASE value: 0x80000000
Value after writing 0x80000000: 0x80000000
Value after writing 0x80040000: 0x80040000
Test result: EBase seems to work
Disable config7 gate: write 0x0 to Config7
Value after writing 0xfffff000: 0xbffff000
Enable config7 gate: write 0x80 to Config7
Value after writing 0xc0000000: 0x80000000
Config7 result: Config7 gate does not work
Exception test with EBASE at 0xb32d0000...
Writing instructions to memory
Old SR: 0x2000fc00
New SR: 0xfc00
EBASE: b32d0000
Before: cafebabe
After: deadbeef
Exception result: Exception and EBASE are working
Change-Id: I894227981a141a8c14419b36ed9f519baf145ad1
|
|
Change-Id: Idb2b3b3903d88c8f6b494d5c9f04778daf3aaed0
|
|
At the moment the stub only implement them for MIPS.
Change-Id: Ica835a0e9c70fa5675c3d655eae986e812a47de8
|
|
Change-Id: I196414d6e4fc18c00b77903e334b7e6adfb7debc
|
|
These macros are like jz_setf but instead of writing fields, they write a
raw value directly: jz_set(REG, value) and jz_clr(REG, value).
Change-Id: I660f20dd691b26d367533877875fc3226a26c992
|
|
Apparently I completely forgot to implement it so using hwstub over net would
just fail all EXEC commands :-s
Change-Id: I0d0506cbbce9b86c9a4f19036dacc922d1e51338
|
|
This is needed on the jz4760b because if some data is loaded to DRAM, then it
is cached and a disaster lurks if dcaches/icache are not flushed. Targets that
needs this must define CONFIG_FLUSH_CACHES in target-config.h and implement
target_flush_caches(). Currently MIPS has some generic code for mips32r1 that
requires to define {D,I}CACHE_SIZE and {D,I}CACHE_LINE_SIZE in target-config.h
Change-Id: I5a3fc085de9445d8c8a2eb61ae4e2dc9bb6b4e8e
|
|
Change-Id: I21b61a3f56d718bef3aa0cf5096359c463c1f93a
|
|
Change-Id: Ie46ec293fcd5a16143818e77cd6c79cc08620fb5
|
|
The stub is quite versatile: it can be loaded using bootrom or another other
means (like factory boot on Fiio X1). It relocates itself to TCSM0 and provides
basic functionality (it does not recover from failed read/writes at the moment).
Change-Id: Ib646a4b43fba9358d6f93f0f73a5c2e9bcd775a7
|
|
Change-Id: Id0a071528eca08fe512941be9c8091819e817e4c
|
|
The jz code can do several useful things like dumping the IPL and SPL.
The Fiio code can play with backlight and has code do dump the IPL
and SPL with the correct parameters (extracted by reverse engineering).
Change-Id: I317b3174f5db8d38c9a56670c1d45565142ec208
|
|
This is a register description file for the JZ4760B. There are several
details worth noticing:
- it was obtained by gathering information from several sources/headers, but
since there are inconsistencies between them about the exact differences
between JZ4760 and JZ4760B, this file probably contains some errors
- the register names are not the same as the manual ones (which are not the
same as the one in the headers anyway): I dropped the "R" suffix on most
registers because it's redundant
- Ingenic likes to have read-only registers and then set/clr registers, with
very confusing names like DIR/DIRS/DIRC: in the file, the set/clr registers
are described as set/clr variants of the original register
- Parts of the description were obtained programmatically, which explains why
there are empty nodes or partially undocumented registers
Change-Id: I8da1d61e172e932e1a4a58ac0a5008f02b1751be
|
|
The code was not updated when I added support for list and other stuff, and thus
it did not properly sort by addresses.
Change-Id: Iaed0717b607beedfb2856c020c2a760e7a5667c5
|
|
Change-Id: Ib496eb5d47adb75479ce94a203d4a93524700843
|
|
The current implementation was custom and super slow. Since we use Crypto++
anyway, we might as well get use a good implementation.
Change-Id: I761ad7401653471e54000e1c2bc3d9882378112f
|
|
Instead of having our own copy of the AES code, use a good library to do that.
Crypto++ is well-maintained, supports a lot of ciphers, works on many OSes, and
is optimized for many architectures.
Change-Id: I7d7d24b47993206d7338c5f9bac8bbdd3915a667
|
|
Change bug() macro, fix memory leaks, always use -h for help, fix usage(),
fix comment, remove useless macro
Change-Id: I30554b5e07e6f2845560a570808603cf8c4da5ad
|
|
It was a mess, a mix of crypto_* and cbc_mac calls. I made everything call crypto
functions, and also separate key setup from cryptographic operations, this will
be useful to speed up the code in the upcoming commits. Drop support for "usbotp"
key, since the crypto code for that was never mainlined and we can always get the
keys from a device as long as we have code execution (using the DCP debug registers).
Change-Id: I7aa24d12207ffb744225d1b9cc7cb1dc7281dd22
|
|
Change-Id: I87830b81a017f36d2887d9c289d09812f227b157
|
|
The overriding of the IV and real key should be the exception, there is no
need to manually set them to false.
Change-Id: Id66754f20a79aa5c1a991839345d1242e0aa587d
|
|
The old code had some annoying way of dealing with padding by adding explicit
instructions to the stream, which is 1) ugly 2) not in par with freescale
tools. The trick, which this new version implements, is to put the useful length
of the section in the section header, and the actual (with padding) length in
the boot tag. This way the tools can just ignore padding instruction by
reading the section header, and the bootloader can still load the image because
it uses the boot tags.
Also correctly handle the case where the first section does not start right
after the header (there is a bug in freescale tools for this case by the way).
There is an ambiguity in the way the padding instructions should be encrypted:
the bootloader should logically treat them as regular instruction of the section
stream, but it appears the freescale tools do not generate them as part of the
stream and instead encrypt them like boot tags, which is stupid because there
is no way the bootloader could decrypt them, and anyway we don't care because
the bootloader doesn't decrypt them at all.
Change-Id: Iabdc1d1f9f82d374779bf03efb75c2c3998f5b5d
|
|
Change-Id: I4e4679d6e92c1c0fc8a03db5201aee39d82b24b2
|
|
Users can't read the wiki instructions, hopefully they can read this...
Change-Id: I3840879fdc663fb6e7f9234f352eea04a556256a
|
|
Also now gen_db.py can check for such mismatch
Change-Id: I4d91aae0dde08c866eda2ed5da3c11431c46e06a
|
|
Change-Id: I2cc887ce2824a2d0b9aeb2a89df662c621c28750
|
|
Change-Id: I4341f2af71675cb795987ecc5ce12104445a9d97
|
|
Change-Id: I88fb2aefafbc7820a49847fbf0888de9cf81bd3f
|
|
Change-Id: I69b8b81d357553c979682d42097eba864c951512
|
|
The cool now takes the database as a hint and will not complain if the device
returns less data. The tool also supports user provided size and raw node numbers
that are not in the database (advanced usage).
Change-Id: I8cec536718d7eff01c7803bea648d6122b82377a
|
|
Like the NW-A30, we don't know how to use it, but record it anyway.
Change-Id: Iebd26637253613625a4885afe88695ad3ffb0605
|
|
We don't know the encryption method, the KAS is completely different but it
might be useful to record it anyway for future purposes. MID extracted from
device, Japanese NW-A35.
Change-Id: I4c4bb5b063da99003b5c316061d8c490b77428a4
|
|
Extracted from a target.
Change-Id: Ieb4aff15f332a681142a7079c1adf3b1da31de24
|
|
Change-Id: I88ae7391732c6f41c3c4adccce2ddf0a92142067
|
|
It is Android based and despite the fact that Sony wrote an NVP driver for it,
experiments suggest it is unused because it returns ff all the time...
Change-Id: I37750b659e341b21bed5ebaccf60f9f5fe569f64
|
|
Also fix code that was supposed to sort things deterministically and was a
massive failure.
Change-Id: Iedf25f05a94ef51421710a283eb60f33ee977de1
|
|
Change-Id: I1b5688ba7ad99c7a22ba4532c8237b4563e4a9e4
|
|
Change-Id: I0a139eb236f825368ae627fdbb2f75286f747f10
|
|
Don't use colors since the terminal doesn't support it. Also packing is broken
on MinGW so use #pragma pack when compiling for windows, this is also supported
by MSCV.
Change-Id: I635649d52ed5f2e0af46cb9ca2ec325955b2ddb2
|
|
Split the ugly firmware read/write into a API function and a much simplified code.
Also the code can now report progress.
Change-Id: I3f998eaf0c067c6da42b1d2dd9c5a5bf43c6915d
|
|
No code modification code, just moving code around.
Change-Id: I30744d3994aa7540f4b5b158f31b51959d5d8586
|
|
Sanitize the whole library by hiding most of the horrible details of the
implementation. This means that all logical/drive/table attributes are exported
in structures that are internally filled by higher-level API functions. This makes
the code much more readable and prepares for a split between scsitool and the stmp
scsi library.
Change-Id: Id85d450b25cf99cd7c0896c6fc35bcd00babe9e1
|
|
The function names and prototypes are also normalized so make subsequent reworks
easier.
Change-Id: Ifa5d64aa144b11f8c087517ddc904744e3037361
|
|
Several tools need to perform raw SCSI commands, and we need to support Linux,
Windows and Mac OS, without pulling tons of dependencies to build it easily.
This very simple library has no dependency and supports Linux.
TODO:
- windows
- mac os
Change-Id: I496f5ad2490bd3e96ad962d31cce4e511a523c3a
|