summaryrefslogtreecommitdiffstats
path: root/Src/osmoconbb/src/target/firmware/board/compal_e88
diff options
context:
space:
mode:
authorTom2011-08-16 15:41:46 +0200
committerTom2011-08-16 15:41:46 +0200
commitf910171deda0933e506cf3ffc216ee8daa418c24 (patch)
treedddee7cdad41fc4f3d8c1de95148d0a2daac1193 /Src/osmoconbb/src/target/firmware/board/compal_e88
parentanother system info 2 description (diff)
downloadimsi-catcher-detection-f910171deda0933e506cf3ffc216ee8daa418c24.tar.gz
imsi-catcher-detection-f910171deda0933e506cf3ffc216ee8daa418c24.tar.xz
imsi-catcher-detection-f910171deda0933e506cf3ffc216ee8daa418c24.zip
corrected spelling mistake and added 2 new papers for gsm specs
Diffstat (limited to 'Src/osmoconbb/src/target/firmware/board/compal_e88')
-rw-r--r--Src/osmoconbb/src/target/firmware/board/compal_e88/LINKAGE.txt33
-rw-r--r--Src/osmoconbb/src/target/firmware/board/compal_e88/MEMORY_MAP.txt21
-rw-r--r--Src/osmoconbb/src/target/firmware/board/compal_e88/flash.lds134
-rw-r--r--Src/osmoconbb/src/target/firmware/board/compal_e88/init.c136
-rw-r--r--Src/osmoconbb/src/target/firmware/board/compal_e88/loader.lds147
5 files changed, 471 insertions, 0 deletions
diff --git a/Src/osmoconbb/src/target/firmware/board/compal_e88/LINKAGE.txt b/Src/osmoconbb/src/target/firmware/board/compal_e88/LINKAGE.txt
new file mode 100644
index 0000000..8adaf86
--- /dev/null
+++ b/Src/osmoconbb/src/target/firmware/board/compal_e88/LINKAGE.txt
@@ -0,0 +1,33 @@
+
+The Compal E88 supports the common Compal RAM linkages.
+These operate entirely from the Calypso internal RAM.
+
+Flash linkages are structured as follows:
+
+ e88loader:
+ Linked at address of original compal application (0x2000).
+ Provides interrupt vectors as expected by compal loader.
+ Allows interrupt redirection (XXX to where?).
+
+ We introduce this for the following reasons:
+ 1. We want to start our app at 0x10000, because that
+ is the first flash page after the loader page, allowing
+ us a higher degree of "unbrickability" by never reflashing
+ the bootloader.
+ 2. We want to keep the compal loader so we do not need even
+ more boot options and to allow recovery of original firmware.
+ 3. When there is a custom app in flash at 0xFFFF, just turning
+ the phone on with the compal loader would jump into an incomplete
+ motorola app. That might not even allow turning the phone off.
+ The loader provides this functionality.
+ 4. We do not want to patch the compal loader for interrupt
+ redirect and entry vectors. So we need to place something between
+ 0x2000 and 0x10000 anyway. And since there is space, why not put
+ the whole loader in there.
+ 5. This loader has a good chance of being able to read crash buffers.
+ and examining RAM without it being clobbered by a ram upload.
+
+ e88flash:
+ Our main application linkage, starting at 0x10000 and going through
+ all of flash. Data storage locations are still to be determined.
+
diff --git a/Src/osmoconbb/src/target/firmware/board/compal_e88/MEMORY_MAP.txt b/Src/osmoconbb/src/target/firmware/board/compal_e88/MEMORY_MAP.txt
new file mode 100644
index 0000000..6094aa9
--- /dev/null
+++ b/Src/osmoconbb/src/target/firmware/board/compal_e88/MEMORY_MAP.txt
@@ -0,0 +1,21 @@
+The Compal E88 has the following physical memory map:
+
+ /* 2 MBytes of external flash memory */
+ FLASH (rx) : ORIGIN = 0x00000000, LENGTH = 0x200000
+ /* 256 kBytes of internal zero-waitstate sram */
+ IRAM (rw) : ORIGIN = 0x00800000, LENGTH = 0x040000
+ /* 256 kBytes of external slow sram */
+ ERAM (rw) : ORIGIN = 0x01000000, LENGTH = 0x040000
+
+The flash layout, as distributed, is:
+
+ 0x00000000 0x2000 Compal loader
+ 0x00002000 >>>>>> Compal application and storage
+
+Our flash layout is:
+
+ 0x00000000 0x2000 Compal loader
+ 0x00002000 0xE000 OSMOCOM loader (see LINKAGE.txt for reasoning)
+ 0x00010000 >>>>>> OSMOCOM application and storage
+
+(XXX: determine storage location / storage descriptor location)
diff --git a/Src/osmoconbb/src/target/firmware/board/compal_e88/flash.lds b/Src/osmoconbb/src/target/firmware/board/compal_e88/flash.lds
new file mode 100644
index 0000000..cf0f6a4
--- /dev/null
+++ b/Src/osmoconbb/src/target/firmware/board/compal_e88/flash.lds
@@ -0,0 +1,134 @@
+/*
+ * Linker script for flashed applications on the Compal E88
+ *
+ * This script creates a binary that can be linked at 0xFFFF, starting
+ * with the second flash page. This is what a phone application or
+ * pure layer1 device uses.
+ *
+ * XXX: interrupts?
+ *
+ */
+OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm")
+OUTPUT_ARCH(arm)
+ENTRY(_start)
+MEMORY
+{
+ LOADR (rx) : ORIGIN = 0x00000000, LENGTH = 0x10000
+ /* 2 MBytes of external flash memory (minus loader) */
+ FLASH (rx) : ORIGIN = 0x00010000, LENGTH = 0x1F0000
+ /* 256 kBytes of internal zero-waitstate sram */
+ IRAM (rw) : ORIGIN = 0x00800000, LENGTH = 0x040000
+ /* 256 kBytes of external slow sram */
+ ERAM (rw) : ORIGIN = 0x01000000, LENGTH = 0x040000
+}
+SECTIONS
+{
+ /* entrypoint */
+ .text.start : {
+ PROVIDE(_start = .);
+ KEEP(*(.text.start))
+ *(.text.start)
+ } > FLASH
+
+ /* exception vectors from 0x80001c to 0x800034 */
+ .text.exceptions 0x80001c : {
+ KEEP(*(.text.exceptions))
+ * (.text.exceptions)
+ . = ALIGN(4);
+ } > IRAM AT> FLASH
+ PROVIDE(_exceptions = LOADADDR(.text.exceptions));
+
+ /* code */
+ .text : {
+ /* regular code */
+ *(.text*)
+ /* gcc voodoo */
+ *(.glue_7t) *(.glue_7) *(.vfp11_veneer) *(.v4_bx)
+ } > FLASH
+ PROVIDE(_text_start = ADDR(.text));
+ PROVIDE(_text_end = ADDR(.text) + SIZEOF(.text));
+
+ /* constructor pointers */
+ .ctors : {
+ /* ctor count */
+ LONG(SIZEOF(.ctors) / 4 - 2)
+ /* ctor pointers */
+ KEEP(*(SORT(.ctors)))
+ /* end of list */
+ LONG(0)
+ } > FLASH
+ PROVIDE(_ctor_start = LOADADDR(.ctors));
+ PROVIDE(_ctor_end = LOADADDR(.ctors) + SIZEOF(.ctors));
+
+ /* destructor pointers */
+ .dtors : {
+ /* dtor count */
+ LONG(SIZEOF(.dtors) / 4 - 2)
+ /* dtor pointers */
+ KEEP(*(SORT(.dtors)))
+ /* end of list */
+ LONG(0)
+ } > FLASH
+ PROVIDE(_dtor_start = LOADADDR(.dtors));
+ PROVIDE(_dtor_end = LOADADDR(.dtors) + SIZEOF(.dtors));
+
+ /* read-only data */
+ .rodata : {
+ *(.rodata*)
+ } > FLASH
+ PROVIDE(_rodata_start = ADDR(.rodata));
+ PROVIDE(_rodata_end = ADDR(.rodata) + SIZEOF(.rodata));
+
+ /* pic offset tables */
+ .got : {
+ . = ALIGN(4);
+ *(.got)
+ *(.got.plt) *(.igot.plt) *(.got) *(.igot)
+ . = ALIGN(4);
+ } > FLASH
+ PROVIDE(_got_start = ADDR(.got));
+ PROVIDE(_got_end = ADDR(.got) + SIZEOF(.got));
+
+ /* reserved ram */
+ .compal.reservedram 0x800000 (NOLOAD) : {
+ . = 0xff;
+ } > IRAM
+
+ /* initialized data */
+ .data : AT (LOADADDR(.got) + SIZEOF(.got)) {
+ . = ALIGN(4);
+ *(.data)
+ . = ALIGN(4);
+ } > IRAM
+ PROVIDE(__data_start = LOADADDR(.data));
+ PROVIDE(__data_end = LOADADDR(.data) + SIZEOF(.data));
+ PROVIDE(_data_start = ADDR(.data));
+ PROVIDE(_data_end = ADDR(.data) + SIZEOF(.data));
+
+ /* ram code */
+ .ramtext : AT (LOADADDR(.data) + SIZEOF(.data)) {
+ . = ALIGN(4);
+ *(.ramtext)
+ . = ALIGN(4);
+ } > IRAM
+ PROVIDE(__ramtext_start = LOADADDR(.ramtext));
+ PROVIDE(__ramtext_end = LOADADDR(.ramtext) + SIZEOF(.ramtext));
+ PROVIDE(_ramtext_start = ADDR(.ramtext));
+ PROVIDE(_ramtext_end = ADDR(.ramtext) + SIZEOF(.ramtext));
+
+ /* uninitialized data */
+ .bss (NOLOAD) : {
+ . = ALIGN(4);
+ *(.bss)
+ . = ALIGN(4);
+ } > IRAM
+ PROVIDE(__bss_start = ADDR(.bss));
+ PROVIDE(__bss_end = ADDR(.bss) + SIZEOF(.bss));
+ PROVIDE(_bss_start = __bss_start);
+ PROVIDE(_bss_end = __bss_end);
+
+ /* end of image */
+ . = ALIGN(4);
+ _end = .;
+ PROVIDE(end = .);
+}
diff --git a/Src/osmoconbb/src/target/firmware/board/compal_e88/init.c b/Src/osmoconbb/src/target/firmware/board/compal_e88/init.c
new file mode 100644
index 0000000..a5bf880
--- /dev/null
+++ b/Src/osmoconbb/src/target/firmware/board/compal_e88/init.c
@@ -0,0 +1,136 @@
+/* Initialization for the Compal E88 (Motorola C115...C123) */
+
+/* (C) 2010 by Harald Welte <laforge@gnumonks.org>
+ *
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+
+#include <debug.h>
+#include <ctors.h>
+#include <memory.h>
+#include <board.h>
+#include <keypad.h>
+#include <console.h>
+#include <flash/cfi_flash.h>
+
+#include <calypso/irq.h>
+#include <calypso/clock.h>
+#include <calypso/dma.h>
+#include <calypso/rtc.h>
+#include <calypso/timer.h>
+#include <uart.h>
+#include <calypso/backlight.h>
+
+#include <comm/sercomm.h>
+#include <comm/timer.h>
+
+#include <abb/twl3025.h>
+#include <rf/trf6151.h>
+#include <display.h>
+
+#define ARMIO_LATCH_OUT 0xfffe4802
+#define IO_CNTL_REG 0xfffe4804
+#define ASIC_CONF_REG 0xfffef008
+
+static void board_io_init(void)
+{
+ uint16_t reg;
+
+ reg = readw(ASIC_CONF_REG);
+ /* LCD Set I/O(3) / SA0 to I/O(3) mode */
+ reg &= ~(1 << 10);
+ /* Set function pins to I2C Mode */
+ reg |= ((1 << 12) | (1 << 7)); /* SCL / SDA */
+ /* TWL3025: Set SPI+RIF RX clock to rising edge */
+ reg |= (1 << 13) | (1 << 14);
+ writew(reg, ASIC_CONF_REG);
+
+ /* LCD Set I/O(3) to output mode */
+ reg = readw(IO_CNTL_REG);
+ reg &= ~(1 << 3);
+ writew(reg, IO_CNTL_REG);
+
+ /* LCD Set I/O(3) output low */
+ reg = readw(ARMIO_LATCH_OUT);
+ reg &= ~(1 << 3);
+ writew(reg, ARMIO_LATCH_OUT);
+}
+
+void board_init(void)
+{
+ /* Configure the memory interface */
+ calypso_mem_cfg(CALYPSO_nCS0, 3, CALYPSO_MEM_16bit, 1);
+ calypso_mem_cfg(CALYPSO_nCS1, 3, CALYPSO_MEM_16bit, 1);
+ calypso_mem_cfg(CALYPSO_nCS2, 5, CALYPSO_MEM_16bit, 1);
+ calypso_mem_cfg(CALYPSO_nCS3, 5, CALYPSO_MEM_16bit, 1);
+ calypso_mem_cfg(CALYPSO_CS4, 0, CALYPSO_MEM_8bit, 1);
+ calypso_mem_cfg(CALYPSO_nCS6, 0, CALYPSO_MEM_32bit, 1);
+ calypso_mem_cfg(CALYPSO_nCS7, 0, CALYPSO_MEM_32bit, 0);
+
+ /* Set VTCXO_DIV2 = 1, configure PLL for 104 MHz and give ARM half of that */
+ calypso_clock_set(2, CALYPSO_PLL13_104_MHZ, ARM_MCLK_DIV_2);
+
+ /* Configure the RHEA bridge with some sane default values */
+ calypso_rhea_cfg(0, 0, 0xff, 0, 1, 0, 0);
+
+ /* Initialize board-specific GPIO */
+ board_io_init();
+
+ /* Enable bootrom mapping to route exception vectors to RAM */
+ calypso_bootrom(1);
+ calypso_exceptions_install();
+
+ /* Initialize interrupt controller */
+ irq_init();
+
+ /* initialize MODEM UART to be used for sercomm*/
+ uart_init(SERCOMM_UART_NR, 1);
+ uart_baudrate(SERCOMM_UART_NR, UART_115200);
+
+ /* Initialize IRDA UART to be used for old-school console code.
+ * note: IRDA uart only accessible on C115 and C117 PCB */
+ uart_init(CONS_UART_NR, 1);
+ uart_baudrate(CONS_UART_NR, UART_115200);
+
+ /* Initialize hardware timers */
+ hwtimer_init();
+
+ /* Initialize DMA controller */
+ dma_init();
+
+ /* Initialize real time clock */
+ rtc_init();
+
+ /* Initialize system timers (uses hwtimer 2) */
+ timer_init();
+
+ /* Initialize LCD driver (uses I2C) and backlight */
+ display = &st7558_display;
+ display_init();
+ bl_mode_pwl(1);
+ bl_level(50);
+
+ /* Initialize keypad driver */
+ keypad_init(1);
+
+ /* Initialize ABB driver (uses SPI) */
+ twl3025_init();
+}
diff --git a/Src/osmoconbb/src/target/firmware/board/compal_e88/loader.lds b/Src/osmoconbb/src/target/firmware/board/compal_e88/loader.lds
new file mode 100644
index 0000000..a7a001f
--- /dev/null
+++ b/Src/osmoconbb/src/target/firmware/board/compal_e88/loader.lds
@@ -0,0 +1,147 @@
+/*
+ * Linker script for flashed loader on the Compal E88
+ *
+ * This script creates a binary that can replace a standard firmware
+ * located at 0x2000. It works in conjunction with the compal ramloader.
+ *
+ * The interrupt vectors and start address are at known, fixed offsets.
+ *
+ */
+OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm")
+OUTPUT_ARCH(arm)
+ENTRY(_start)
+MEMORY
+{
+ /* 2 MBytes of external flash memory */
+ FLASH (rx) : ORIGIN = 0x00000000, LENGTH = 0x200000
+ /* 256 kBytes of internal zero-waitstate sram */
+ IRAM (rw) : ORIGIN = 0x00800000, LENGTH = 0x040000
+ /* 256 kBytes of external slow sram */
+ ERAM (rw) : ORIGIN = 0x01000000, LENGTH = 0x040000
+}
+SECTIONS
+{
+ /* Provide symbols for the compal loader */
+ .compal.loader 0x00000000 (NOLOAD) : {
+ _compal_loader_start = .;
+ . = 0x2000;
+ _compal_loader_end = .;
+ } > FLASH
+
+ /* Compal-style image header */
+ .compal.header 0x00002000 : {
+ _compal_header_start = .;
+ KEEP(*(.compal.header))
+ *(.compal.header)
+ . = 0xA0;
+ _compal_header_end = .;
+ } > FLASH
+
+ /* Compal-style vector table */
+ .compal.vectors 0x000020A0 : {
+ PROVIDE(_exceptions = .);
+ KEEP(*(.text.exceptions))
+ *(.text.exceptions)
+ } > FLASH
+
+ /* Compal-style entry point */
+ .text.start 0x000020F8 : {
+ PROVIDE(_start = .);
+ KEEP(*(.text.start))
+ *(.text.start)
+ } > FLASH
+
+ /* code */
+ .text : {
+ /* regular code */
+ *(.text*)
+ /* gcc voodoo */
+ *(.glue_7t) *(.glue_7) *(.vfp11_veneer) *(.v4_bx)
+ } > FLASH
+ PROVIDE(_text_start = ADDR(.text));
+ PROVIDE(_text_end = ADDR(.text) + SIZEOF(.text));
+
+ /* constructor pointers */
+ .ctors : {
+ /* ctor count */
+ LONG(SIZEOF(.ctors) / 4 - 2)
+ /* ctor pointers */
+ KEEP(*(SORT(.ctors)))
+ /* end of list */
+ LONG(0)
+ } > FLASH
+ PROVIDE(_ctor_start = LOADADDR(.ctors));
+ PROVIDE(_ctor_end = LOADADDR(.ctors) + SIZEOF(.ctors));
+
+ /* destructor pointers */
+ .dtors : {
+ /* dtor count */
+ LONG(SIZEOF(.dtors) / 4 - 2)
+ /* dtor pointers */
+ KEEP(*(SORT(.dtors)))
+ /* end of list */
+ LONG(0)
+ } > FLASH
+ PROVIDE(_dtor_start = LOADADDR(.dtors));
+ PROVIDE(_dtor_end = LOADADDR(.dtors) + SIZEOF(.dtors));
+
+ /* read-only data */
+ .rodata : {
+ *(.rodata*)
+ } > FLASH
+ PROVIDE(_rodata_start = ADDR(.rodata));
+ PROVIDE(_rodata_end = ADDR(.rodata) + SIZEOF(.rodata));
+
+ /* pic offset tables */
+ .got : {
+ . = ALIGN(4);
+ *(.got)
+ *(.got.plt) *(.igot.plt) *(.got) *(.igot)
+ . = ALIGN(4);
+ } > FLASH
+ PROVIDE(_got_start = ADDR(.got));
+ PROVIDE(_got_end = ADDR(.got) + SIZEOF(.got));
+
+ /* reserved ram */
+ .compal.reservedram 0x800000 (NOLOAD) : {
+ . = 0xff;
+ } > IRAM
+
+ /* initialized data */
+ .data : AT (LOADADDR(.got) + SIZEOF(.got)) {
+ . = ALIGN(4);
+ *(.data)
+ . = ALIGN(4);
+ } > IRAM
+ PROVIDE(__data_start = LOADADDR(.data));
+ PROVIDE(__data_end = LOADADDR(.data) + SIZEOF(.data));
+ PROVIDE(_data_start = ADDR(.data));
+ PROVIDE(_data_end = ADDR(.data) + SIZEOF(.data));
+
+ /* ram code */
+ .ramtext : AT (LOADADDR(.data) + SIZEOF(.data)) {
+ . = ALIGN(4);
+ *(.ramtext)
+ . = ALIGN(4);
+ } > IRAM
+ PROVIDE(__ramtext_start = LOADADDR(.ramtext));
+ PROVIDE(__ramtext_end = LOADADDR(.ramtext) + SIZEOF(.ramtext));
+ PROVIDE(_ramtext_start = ADDR(.ramtext));
+ PROVIDE(_ramtext_end = ADDR(.ramtext) + SIZEOF(.ramtext));
+
+ /* uninitialized data */
+ .bss (NOLOAD) : {
+ . = ALIGN(4);
+ *(.bss)
+ . = ALIGN(4);
+ } > IRAM
+ PROVIDE(__bss_start = ADDR(.bss));
+ PROVIDE(__bss_end = ADDR(.bss) + SIZEOF(.bss));
+ PROVIDE(_bss_start = __bss_start);
+ PROVIDE(_bss_end = __bss_end);
+
+ /* end of image */
+ . = ALIGN(4);
+ _end = .;
+ PROVIDE(end = .);
+}