Project

General

Profile

CompalRamloader » History » Version 1

laforge, 02/19/2016 10:48 PM
add page on Compal RAM Loader

1 1 laforge
[[PageOutline]]
2
= The Compal RAM Loader =
3
4
The Compal Ramloader is what is executed first when a Compal phone like the [wiki:MotorolaC123] boots.
5
6
It is flashed to the first block[s] of the NOR flash, which in turn is mapped to address 0x0000'0000
7
8
The tasks of the Ramloader are as follows:
9
 * Initialize the minimally neccessary hardware (PLL, clock, GPIO, UART, ...)
10
 * Check if a program on a PC is interested in downloading code into the phone
11
  * if yes, actually perform the serial download into RAM and execute that code
12
  * if no, continue booting the OS stored in the NOR flash
13
14
== Download Protocol ==
15
16
The download protocol is relatively simple, although device-specific quirks complicate it:
17
18
=== Negotiating the existance of a PC download software ===
19
20
 * The phone sends the PROMPT1 message (0x1b, 0xf6, 0x02, 0x00, 0x41, 0x01, 0x40)
21
 * The PC responds with DNLOAD_CMD messge (0x1b, 0xf6, 0x02, 0x00, 0x52, 0x01, 0x53)
22
 * The phone responds with the PROMPT2 message (0x1b, 0xf6, 0x02, 0x00, 0x41, 0x02, 0x43)
23
24
=== Actual download of the executable code ===
25
 * The PC downloads the software
26
  * Optionally (C155) by starting with the byte 0x02 (the XOR initialization value)
27
  * Sending two bytes length, containing the length of the code to be downloaded
28
  * Sending the actual download data
29
  * Sending a single byte containing the XOR sum of all characters sent, including the length bytes
30
 * The phone responds with a DNLOAD_ACK message (0x1b, 0xf6, 0x02, 0x00, 0x41, 0x03, 0x42)
31
32
==== Error cases ====
33
If something goes wrong, you will get
34
 * DNLOAD_NACK (0x1b, 0xf6, 0x02, 0x00, 0x45, 0x53, 0x16)
35
 * DNLOAD_NACK_MAGIC (0x1b, 0xf6, 0x02, 0x00, 0x41, 0x03, 0x57)
36
37
== Execution Environment ==
38
39
All the downloaded data (excluding the length bytes) is stored at the base address {{{0x0080'0100}}}.
40
41
'''However, since there is a 4byte header prepended by compal_dnload, use 0x0080'0104 as linker base address!'''
42
43
The RAM loader already initializes the stack pointer.  It points to a 1020 bytes large location in memory.
44
45
On the C118, C121, C123 and C140, the CPU runs in ARM mode when jumping to the base address.
46
47
On the C155, the CPU runs in THUMB mode when jumping to the base address.  This is why the ramloader
48
automatically prefixes your payload with a 4-byte header that switches to ARM mode.
49
50
== Restrictions ==
51
52
* Since the length field is only 16 bits, you cannot download more than 64kBytes of code
53
* Since the exception vectors point to NOR flash, you cannot use Interrupts from your RAM-loaded code
Add picture from clipboard (Maximum size: 48.8 MB)