summaryrefslogtreecommitdiffstats
path: root/utils
AgeCommit message (Collapse)AuthorFilesLines
2017-01-24hwstub/jz4760b: build packtools automatically if neeededAmaury Pouly1-0/+7
Change-Id: I543e405bf75868d0f7509a35e08fe31ed253e0e6
2017-01-24hwstub: add verbose mode to makeAmaury Pouly1-1/+3
Use make V=1 to print all commands Change-Id: I28bd4151178413f10ddab292f1d582a9d019f5ea
2017-01-24hwstub: fix long transfers failing because of control xfer size of libusbAmaury Pouly2-2/+23
libusb limits control transfer sizes to 4k, see diff for details. Change-Id: Id2e638010274009ea641d06e9040a8b9ab9d54a9
2017-01-24hwstub: fix library sending wrong data on long transfersAmaury Pouly1-1/+1
Change-Id: I886b8dc28e306f631389dbed41451eb086fea4fc
2017-01-24hwstub: add Fiio X3II IPL/SPL dumping codeAmaury Pouly1-0/+50
Change-Id: I76f7cffc700e8051d02936c24e8a70a0f8925edf
2017-01-24hwstub: add Shanling M2 IPL/SPL dumping codeAmaury Pouly1-0/+50
Change-Id: I14987d9783dd371f4990a5bcfbfb2d1c0c9be213
2017-01-24hwstub: add various jz stuff and xburst testsAmaury Pouly2-0/+281
The JZ misc allows to enable and test SRAM. The XBurst code uses the coprocessor interface to analyse the cpu. It also provides a test platform for various features like EBASE and exceptions. I was able to test and confirm that on jz4760b (thus xburst), EBASE works (but top 2 bits are not controllable and always 01). The processor claims to support vector interrupts but this is untested. The values in ConfigX are not to be trusted blindly, clearly some are wrong. I tried to use the JZ4780 Config7 "ebase gate" to change bit 30 of EBASE but it does not work, which suggests that JZ480 uses a newer version of XBurst. Detailled log below: > ./hwstub_shell -q -f lua/xburst.lua -e "XBURST.init()" [...] XBurst: PRId: 0x2ed0024f CPU: JZ4760(B) Config: 0x80000483 Architecture Type: MIPS32 Architecture Level: Release 2 (or more) MMU Type: Standard TLB Config1: 0x3e63318a MMU Size: 32 ICache Sets per way: 128 Ways: 4 Line size: 32 DCache Sets per way: 128 Ways: 4 Line size: 32 FPU: no Config2: 0x80000000 Config3: 0x20 Vectored interrupt: yes Config7: 0x0 > ./hwstub_shell -q -e 'require("jz/misc"); JZ.misc.enable_sram()' \ -f lua/xburst.lua -e "XBURST.test_ebase(0x80000000);XBURST.test_ebase(0xb32d0000) [...] Testing EBASE... Disable BEV SR value: 0x2000fc00 EBASE value: 0x80000000 Value after writing 0x80000000: 0x80000000 Value after writing 0x80040000: 0x80040000 Test result: EBase seems to work Disable config7 gate: write 0x0 to Config7 Value after writing 0xfffff000: 0xbffff000 Enable config7 gate: write 0x80 to Config7 Value after writing 0xc0000000: 0x80000000 Config7 result: Config7 gate does not work Exception test with EBASE at 0x80000000... Writing instructions to memory Old SR: 0x2000fc00 New SR: 0xfc00 EBASE: 80000000 Before: cafebabe After: deadbeef Exception result: Exception and EBASE are working Testing EBASE... Disable BEV SR value: 0x2000fc00 EBASE value: 0x80000000 Value after writing 0x80000000: 0x80000000 Value after writing 0x80040000: 0x80040000 Test result: EBase seems to work Disable config7 gate: write 0x0 to Config7 Value after writing 0xfffff000: 0xbffff000 Enable config7 gate: write 0x80 to Config7 Value after writing 0xc0000000: 0x80000000 Config7 result: Config7 gate does not work Exception test with EBASE at 0xb32d0000... Writing instructions to memory Old SR: 0x2000fc00 New SR: 0xfc00 EBASE: b32d0000 Before: cafebabe After: deadbeef Exception result: Exception and EBASE are working Change-Id: I894227981a141a8c14419b36ed9f519baf145ad1
2017-01-24hwstub: fix bug in jz4760B boot rom backend probeAmaury Pouly1-1/+3
Change-Id: Idb2b3b3903d88c8f6b494d5c9f04778daf3aaed0
2017-01-24hwstub: add support for coprocessor operationsAmaury Pouly11-17/+423
At the moment the stub only implement them for MIPS. Change-Id: Ica835a0e9c70fa5675c3d655eae986e812a47de8
2017-01-24jz4760b/regtools: fix/rename some register fields, add clock analyzer to qeditorAmaury Pouly3-6/+87
Change-Id: I196414d6e4fc18c00b77903e334b7e6adfb7debc
2017-01-24headergen_v2: add two new macros to write a raw write to set/clr variantsAmaury Pouly1-1/+48
These macros are like jz_setf but instead of writing fields, they write a raw value directly: jz_set(REG, value) and jz_clr(REG, value). Change-Id: I660f20dd691b26d367533877875fc3226a26c992
2017-01-24hwstub: implement EXEC command over netAmaury Pouly3-12/+90
Apparently I completely forgot to implement it so using hwstub over net would just fail all EXEC commands :-s Change-Id: I0d0506cbbce9b86c9a4f19036dacc922d1e51338
2017-01-24hwstub: add the possibility to flush caches before execAmaury Pouly4-1/+45
This is needed on the jz4760b because if some data is loaded to DRAM, then it is cached and a disaster lurks if dcaches/icache are not flushed. Targets that needs this must define CONFIG_FLUSH_CACHES in target-config.h and implement target_flush_caches(). Currently MIPS has some generic code for mips32r1 that requires to define {D,I}CACHE_SIZE and {D,I}CACHE_LINE_SIZE in target-config.h Change-Id: I5a3fc085de9445d8c8a2eb61ae4e2dc9bb6b4e8e
2017-01-24jz4760b_tools: improve usbboot toolAmaury Pouly1-3/+27
Change-Id: I21b61a3f56d718bef3aa0cf5096359c463c1f93a
2017-01-24hwstub/jz4760b: fix some typos in lua script after register name changesAmaury Pouly2-9/+10
Change-Id: Ie46ec293fcd5a16143818e77cd6c79cc08620fb5
2017-01-24hwstub: add jz4760b stubAmaury Pouly11-0/+13307
The stub is quite versatile: it can be loaded using bootrom or another other means (like factory boot on Fiio X1). It relocates itself to TCSM0 and provides basic functionality (it does not recover from failed read/writes at the moment). Change-Id: Ib646a4b43fba9358d6f93f0f73a5c2e9bcd775a7
2017-01-24update jz4760b register descAmaury Pouly1-250/+582
Change-Id: Id0a071528eca08fe512941be9c8091819e817e4c
2017-01-24hwstub/tools/shell: add JZ4760B and Fiio X1 codeAmaury Pouly5-0/+686
The jz code can do several useful things like dumping the IPL and SPL. The Fiio code can play with backlight and has code do dump the IPL and SPL with the correct parameters (extracted by reverse engineering). Change-Id: I317b3174f5db8d38c9a56670c1d45565142ec208
2017-01-24regtools: add JZ4760B descriptionAmaury Pouly1-0/+13645
This is a register description file for the JZ4760B. There are several details worth noticing: - it was obtained by gathering information from several sources/headers, but since there are inconsistencies between them about the exact differences between JZ4760 and JZ4760B, this file probably contains some errors - the register names are not the same as the manual ones (which are not the same as the one in the headers anyway): I dropped the "R" suffix on most registers because it's redundant - Ingenic likes to have read-only registers and then set/clr registers, with very confusing names like DIR/DIRS/DIRC: in the file, the set/clr registers are described as set/clr variants of the original register - Parts of the description were obtained programmatically, which explains why there are empty nodes or partially undocumented registers Change-Id: I8da1d61e172e932e1a4a58ac0a5008f02b1751be
2017-01-24regtools: fix normalization procedureAmaury Pouly1-16/+57
The code was not updated when I added support for list and other stuff, and thus it did not properly sort by addresses. Change-Id: Iaed0717b607beedfb2856c020c2a760e7a5667c5
2017-01-16regtools: convert all reg dumps to v2. keep v1 for referenceAmaury Pouly30-12561/+23874
Change-Id: Ib496eb5d47adb75479ce94a203d4a93524700843
2017-01-16imxtools/sbtools: switch SHA1 implementation to Crypto++Amaury Pouly4-156/+27
The current implementation was custom and super slow. Since we use Crypto++ anyway, we might as well get use a good implementation. Change-Id: I761ad7401653471e54000e1c2bc3d9882378112f
2017-01-16imxtools/sbtools: switch AES implementation to Crypto++Amaury Pouly4-311/+82
Instead of having our own copy of the AES code, use a good library to do that. Crypto++ is well-maintained, supports a lot of ciphers, works on many OSes, and is optimized for many architectures. Change-Id: I7d7d24b47993206d7338c5f9bac8bbdd3915a667
2017-01-16imxtools/sbtools: various fixesAmaury Pouly6-24/+39
Change bug() macro, fix memory leaks, always use -h for help, fix usage(), fix comment, remove useless macro Change-Id: I30554b5e07e6f2845560a570808603cf8c4da5ad
2017-01-16imxtools/sbtools: rework cryptographyAmaury Pouly9-318/+171
It was a mess, a mix of crypto_* and cbc_mac calls. I made everything call crypto functions, and also separate key setup from cryptographic operations, this will be useful to speed up the code in the upcoming commits. Drop support for "usbotp" key, since the crypto code for that was never mainlined and we can always get the keys from a device as long as we have code execution (using the DCP debug registers). Change-Id: I7aa24d12207ffb744225d1b9cc7cb1dc7281dd22
2017-01-16imxtools: correctly read unencrypted images in raw modeAmaury Pouly1-0/+2
Change-Id: I87830b81a017f36d2887d9c289d09812f227b157
2017-01-16imxtools: rework key/IV overriding logicAmaury Pouly2-9/+0
The overriding of the IV and real key should be the exception, there is no need to manually set them to false. Change-Id: Id66754f20a79aa5c1a991839345d1242e0aa587d
2017-01-16imxtools: rework sb file productionAmaury Pouly2-73/+82
The old code had some annoying way of dealing with padding by adding explicit instructions to the stream, which is 1) ugly 2) not in par with freescale tools. The trick, which this new version implements, is to put the useful length of the section in the section header, and the actual (with padding) length in the boot tag. This way the tools can just ignore padding instruction by reading the section header, and the bootloader can still load the image because it uses the boot tags. Also correctly handle the case where the first section does not start right after the header (there is a bug in freescale tools for this case by the way). There is an ambiguity in the way the padding instructions should be encrypted: the bootloader should logically treat them as regular instruction of the section stream, but it appears the freescale tools do not generate them as part of the stream and instead encrypt them like boot tags, which is stupid because there is no way the bootloader could decrypt them, and anyway we don't care because the bootloader doesn't decrypt them at all. Change-Id: Iabdc1d1f9f82d374779bf03efb75c2c3998f5b5d
2017-01-14nwztools/upgtools: add real KAS for NW-ZX100 and fix typoAmaury Pouly1-1/+1
Change-Id: I4e4679d6e92c1c0fc8a03db5201aee39d82b24b2
2017-01-09nwztools: add a "reset all settings" message in dest_toolAmaury Pouly1-0/+4
Users can't read the wiki instructions, hopefully they can read this... Change-Id: I3840879fdc663fb6e7f9234f352eea04a556256a
2017-01-09nwztools: fix typo (nwz-zx100 -> nw-zx100)Amaury Pouly4-1/+6
Also now gen_db.py can check for such mismatch Change-Id: I4d91aae0dde08c866eda2ed5da3c11431c46e06a
2017-01-08nwztools: add various info about S740, S750, S640, E050Amaury Pouly8-8/+404
Change-Id: I2cc887ce2824a2d0b9aeb2a89df662c621c28750
2017-01-08nwztools: forgot fileAmaury Pouly1-0/+175
Change-Id: I4341f2af71675cb795987ecc5ce12104445a9d97
2017-01-08nwztools/upgtools: add real NW-A20 kasAmaury Pouly1-1/+1
Change-Id: I88fb2aefafbc7820a49847fbf0888de9cf81bd3f
2017-01-08Makefile cleanupsAmaury Pouly4-6/+6
Change-Id: I69b8b81d357553c979682d42097eba864c951512
2017-01-08nwztools/scitool: rework node size, remove relaxed modeAmaury Pouly1-44/+69
The cool now takes the database as a hint and will not complain if the device returns less data. The tool also supports user provided size and raw node numbers that are not in the database (advanced usage). Change-Id: I8cec536718d7eff01c7803bea648d6122b82377a
2017-01-08nwztools: add NW-WM1 kasAmaury Pouly1-0/+1
Like the NW-A30, we don't know how to use it, but record it anyway. Change-Id: Iebd26637253613625a4885afe88695ad3ffb0605
2017-01-08nwztools: add A35 model and KASAmaury Pouly5-4/+9
We don't know the encryption method, the KAS is completely different but it might be useful to record it anyway for future purposes. MID extracted from device, Japanese NW-A35. Change-Id: I4c4bb5b063da99003b5c316061d8c490b77428a4
2017-01-08nwztool/upgtools: replace NWZ-A10 kas by the real oneAmaury Pouly1-1/+1
Extracted from a target. Change-Id: Ieb4aff15f332a681142a7079c1adf3b1da31de24
2017-01-08nwztools: rename nwz-a20 to nw-a20, that was a typoAmaury Pouly5-4/+4
Change-Id: I88ae7391732c6f41c3c4adccce2ddf0a92142067
2017-01-07nwztools: remove NW-ZX2Amaury Pouly4-218/+1
It is Android based and despite the fact that Sony wrote an NVP driver for it, experiments suggest it is unused because it returns ff all the time... Change-Id: I37750b659e341b21bed5ebaccf60f9f5fe569f64
2017-01-07nwztools: add NW-WM1A/Z model IDsAmaury Pouly5-12/+16
Also fix code that was supposed to sort things deterministically and was a massive failure. Change-Id: Iedf25f05a94ef51421710a283eb60f33ee977de1
2017-01-07nwztools/scsitools: use new SCSI libraryAmaury Pouly2-95/+45
Change-Id: I1b5688ba7ad99c7a22ba4532c8237b4563e4a9e4
2017-01-07nwztools/scsitool: add relaxed mode for nvpAmaury Pouly1-13/+24
Change-Id: I0a139eb236f825368ae627fdbb2f75286f747f10
2017-01-07imxtools: various fixes for WindowsAmaury Pouly6-15/+81
Don't use colors since the terminal doesn't support it. Also packing is broken on MinGW so use #pragma pack when compiling for windows, this is also supported by MSCV. Change-Id: I635649d52ed5f2e0af46cb9ca2ec325955b2ddb2
2017-01-07imxtools: move firmware read/write to libraryAmaury Pouly3-188/+259
Split the ugly firmware read/write into a API function and a much simplified code. Also the code can now report progress. Change-Id: I3f998eaf0c067c6da42b1d2dd9c5a5bf43c6915d
2017-01-07imxtools/scsitools: move stmp scsi api to its own fileAmaury Pouly3-587/+618
No code modification code, just moving code around. Change-Id: I30744d3994aa7540f4b5b158f31b51959d5d8586
2017-01-07imxtools/scsitools: rework stmp scsi APIAmaury Pouly2-375/+604
Sanitize the whole library by hiding most of the horrible details of the implementation. This means that all logical/drive/table attributes are exported in structures that are internally filled by higher-level API functions. This makes the code much more readable and prepares for a split between scsitool and the stmp scsi library. Change-Id: Id85d450b25cf99cd7c0896c6fc35bcd00babe9e1
2017-01-07imxtools/scsitools: use new SCSI libraryAmaury Pouly3-313/+261
The function names and prototypes are also normalized so make subsequent reworks easier. Change-Id: Ifa5d64aa144b11f8c087517ddc904744e3037361
2017-01-07Add multiplatform library for raw SCSI commandsAmaury Pouly4-2/+415
Several tools need to perform raw SCSI commands, and we need to support Linux, Windows and Mac OS, without pulling tons of dependencies to build it easily. This very simple library has no dependency and supports Linux. TODO: - windows - mac os Change-Id: I496f5ad2490bd3e96ad962d31cce4e511a523c3a