CompalRamloader » History » Version 1
laforge, 02/19/2016 10:48 PM
add page on Compal RAM Loader
1 | 1 | laforge | [[PageOutline]] |
---|---|---|---|
2 | = The Compal RAM Loader = |
||
3 | |||
4 | The Compal Ramloader is what is executed first when a Compal phone like the [wiki:MotorolaC123] boots. |
||
5 | |||
6 | It is flashed to the first block[s] of the NOR flash, which in turn is mapped to address 0x0000'0000 |
||
7 | |||
8 | The tasks of the Ramloader are as follows: |
||
9 | * Initialize the minimally neccessary hardware (PLL, clock, GPIO, UART, ...) |
||
10 | * Check if a program on a PC is interested in downloading code into the phone |
||
11 | * if yes, actually perform the serial download into RAM and execute that code |
||
12 | * if no, continue booting the OS stored in the NOR flash |
||
13 | |||
14 | == Download Protocol == |
||
15 | |||
16 | The download protocol is relatively simple, although device-specific quirks complicate it: |
||
17 | |||
18 | === Negotiating the existance of a PC download software === |
||
19 | |||
20 | * The phone sends the PROMPT1 message (0x1b, 0xf6, 0x02, 0x00, 0x41, 0x01, 0x40) |
||
21 | * The PC responds with DNLOAD_CMD messge (0x1b, 0xf6, 0x02, 0x00, 0x52, 0x01, 0x53) |
||
22 | * The phone responds with the PROMPT2 message (0x1b, 0xf6, 0x02, 0x00, 0x41, 0x02, 0x43) |
||
23 | |||
24 | === Actual download of the executable code === |
||
25 | * The PC downloads the software |
||
26 | * Optionally (C155) by starting with the byte 0x02 (the XOR initialization value) |
||
27 | * Sending two bytes length, containing the length of the code to be downloaded |
||
28 | * Sending the actual download data |
||
29 | * Sending a single byte containing the XOR sum of all characters sent, including the length bytes |
||
30 | * The phone responds with a DNLOAD_ACK message (0x1b, 0xf6, 0x02, 0x00, 0x41, 0x03, 0x42) |
||
31 | |||
32 | ==== Error cases ==== |
||
33 | If something goes wrong, you will get |
||
34 | * DNLOAD_NACK (0x1b, 0xf6, 0x02, 0x00, 0x45, 0x53, 0x16) |
||
35 | * DNLOAD_NACK_MAGIC (0x1b, 0xf6, 0x02, 0x00, 0x41, 0x03, 0x57) |
||
36 | |||
37 | == Execution Environment == |
||
38 | |||
39 | All the downloaded data (excluding the length bytes) is stored at the base address {{{0x0080'0100}}}. |
||
40 | |||
41 | '''However, since there is a 4byte header prepended by compal_dnload, use 0x0080'0104 as linker base address!''' |
||
42 | |||
43 | The RAM loader already initializes the stack pointer. It points to a 1020 bytes large location in memory. |
||
44 | |||
45 | On the C118, C121, C123 and C140, the CPU runs in ARM mode when jumping to the base address. |
||
46 | |||
47 | On the C155, the CPU runs in THUMB mode when jumping to the base address. This is why the ramloader |
||
48 | automatically prefixes your payload with a 4-byte header that switches to ARM mode. |
||
49 | |||
50 | == Restrictions == |
||
51 | |||
52 | * Since the length field is only 16 bits, you cannot download more than 64kBytes of code |
||
53 | * Since the exception vectors point to NOR flash, you cannot use Interrupts from your RAM-loaded code |