Difference between revisions of "JTAG instructions and hints"

From NAS-Central Buffalo - The Linkstation Wiki
Jump to: navigation, search
(Setting Up OpenOCD)
(Setting Up OpenOCD)
Line 78: Line 78:
 
             statemove    move to current endstate or [tap_state]
 
             statemove    move to current endstate or [tap_state]
 
               irscan    execute IR scan <device> <instr> [dev2] [instr2] ...
 
               irscan    execute IR scan <device> <instr> [dev2] [instr2] ...
               drscan    execute DR scan <device> <var> [dev2] [var2] ...
+
               drscan    execute DR scan <device> <var> [ dev2 ] [var2] ...
 
     verify_ircapture    verify value captured during Capture-IR <enable|disable>
 
     verify_ircapture    verify value captured during Capture-IR <enable|disable>
                   var    allocate, display or delete variable <name> [num_fields|'del'] [size1] ...
+
                   var    allocate, display or delete variable <name> [num_fields|"del"] [size1] ...
                 field    display/modify variable field <var> <field> [value|'flip']
+
                 field    display/modify variable field <var> <field> [value|"flip"]
 
               script    execute commands from <file>
 
               script    execute commands from <file>
 
                 xsvf    run xsvf <file>
 
                 xsvf    run xsvf <file>
Line 110: Line 110:
 
                 reg -    display ARM core registers
 
                 reg -    display ARM core registers
 
         core_state -    display/change ARM core state <arm|thumb>
 
         core_state -    display/change ARM core state <arm|thumb>
         disassemble -    disassemble instructions <address> <count> ['thumb']
+
         disassemble -    disassemble instructions <address> <count> ["thumb"]
 
             arm9tdmi    arm9tdmi specific commands
 
             arm9tdmi    arm9tdmi specific commands
       vector_catch -    catch arm920t vectors ['all'|'none'|'<vec1 vec2 ...>']
+
       vector_catch -    catch arm920t vectors ["all"|"none"|"<vec1 vec2 ...>"]
 
             arm926ejs    arm926ejs specific commands
 
             arm926ejs    arm926ejs specific commands
 
               cp15 -    display/modify cp15 register <opcode_1> <opcode_2> <CRn> <CRm> [value]
 
               cp15 -    display/modify cp15 register <opcode_1> <opcode_2> <CRn> <CRm> [value]
Line 142: Line 142:
 
                   wp    set watchpoint <address> <length> <r/w/a> [value] [mask]
 
                   wp    set watchpoint <address> <length> <r/w/a> [value] [mask]
 
                   rwp    remove watchpoint <adress>
 
                   rwp    remove watchpoint <adress>
           load_image    load_image <file> <address> ['bin'|'ihex']
+
           load_image    load_image <file> <address> ["bin"|"ihex"]
 
           dump_image    dump_image <file> <address> <size>
 
           dump_image    dump_image <file> <address> <size>
 
           load_binary    [DEPRECATED] load_binary <file> <address>
 
           load_binary    [DEPRECATED] load_binary <file> <address>

Revision as of 12:24, 18 February 2008

Link.png This article is currently a stub. You can help this Wiki by expanding it

. This template will categorize articles that include it into Category:Stubs.

Contents

Introduction

TODO: Add generic info about JTAG and why it safes ones ass if he messes with the flash

Hardware

PPC-based-boxes

JTAG-cable from tampakuro/kuroguy

JTAG10-jtag-cable from http://www.soc-machines.com/

LS1

TODO: Add info about the additional Hardware mods needed to make JTAG working. Hint: bridge! + needed info about Flash structure

HG/HS

1) Installing headers TODO: what needs to be bridged?

Terastation

TODO: add specific Info if additional hardware mods are needed. + needed info about Flash structure

Terastation Pro v1

TODO: add specific Info if additional hardware mods are needed. + needed info about Flash structure

Mipsel-based boxes

TODO: Add info about the JTAG cable that works on the + needed info about Flash structure

LS2

Arm-based boxes

Currently we do not know if there are JTAG-Ports anywhere on the board. Tampakuro is tries to find out the JTAG Port of the LS Pro.

LS Pro/LS Live (arm9)

Flash structure

For the LSProV2, here is the output of flinfo while in u-boot:


Marvell>> flinfo                                                                
                                                                                
Bank # 1: SST SST39VF020 (2 Mbit)                                               
Size: 256 kB,Bus Width: 1, device Width: 1.                                     
Flash base: 0xfffc0000,Number of Sectors: 64 Type: REGULAR.                     
  Sector Start Addresses:                                                       
    00000000 (RO) 00001000 (RO) 00002000 (RO) 00003000 (RO) 00004000 (RO)       
    00005000 (RO) 00006000 (RO) 00007000 (RO) 00008000 (RO) 00009000 (RO)       
    0000a000 (RO) 0000b000 (RO) 0000c000 (RO) 0000d000 (RO) 0000e000 (RO)       
    0000f000 (RO) 00010000 (RO) 00011000 (RO) 00012000 (RO) 00013000 (RO)       
    00014000 (RO) 00015000 (RO) 00016000 (RO) 00017000 (RO) 00018000 (RO)       
    00019000 (RO) 0001a000 (RO) 0001b000 (RO) 0001c000 (RO) 0001d000 (RO)       
    0001e000 (RO) 0001f000 (RO) 00020000 (RO) 00021000 (RO) 00022000 (RO)       
    00023000 (RO) 00024000 (RO) 00025000 (RO) 00026000 (RO) 00027000 (RO)       
    00028000 (RO) 00029000 (RO) 0002a000 (RO) 0002b000 (RO) 0002c000 (RO)       
    0002d000 (RO) 0002e000 (RO) 0002f000 (RO) 00030000 (RO) 00031000 (RO)       
    00032000 (RO) 00033000 (RO) 00034000 (RO) 00035000 (RO) 00036000 (RO)       
    00037000 (RO) 00038000 (RO) 00039000 (RO) 0003a000 (RO) 0003b000 (RO)       
    0003c000 (RO) 0003d000 (RO) 0003e000 (RO) 0003f000


Background and Equipment

INCOMPLETE - Do Not Attempt At This Time

  • These directions have been tested and checked on a LSProV2, with a Ubuntu 7.10 box (x86) and an Olimex ARM-USB-TINY jtag/usb programmer/debugger. Parallel port debuggers are certainly an option, but will probably yield lower speeds.

Setting Up OpenOCD

  • Compiling
  • Configuring and Starting OpenOCD


  • Available Commands in OpenOCD

While in OpenOCD, entering the command help will yield a list of available commands and summary of help.

> help
                help    display this help
               sleep    sleep for <n> milliseconds
             version    show OpenOCD version
            shutdown    shut the server down
                exit    exit telnet session
          log_output    redirect logging to <file> (default: stderr)
         debug_level    adjust debug level <0-3>
          jtag_speed    set jtag speed (if supported) <speed>
          scan_chain    print current scan chain configuration
            endstate    finish JTAG operations in <tap_state>
          jtag_reset    toggle reset lines <trst> <srst>
             runtest    move to Run-Test/Idle, and execute <num_cycles>
           statemove    move to current endstate or [tap_state]
              irscan    execute IR scan <device> <instr> [dev2] [instr2] ...
              drscan    execute DR scan <device>  [ dev2 ]  [var2] ...
    verify_ircapture    verify value captured during Capture-IR <enable|disable>
                 var    allocate, display or delete variable <name> [num_fields|"del"] [size1] ...
               field    display/modify variable field <var> <field> [value|"flip"]
              script    execute commands from <file>
                xsvf    run xsvf <file>
             targets    no help available
               flash    no help available
             banks -    list configured flash banks 
              info -    print info about flash bank <num>
             probe -    identify flash bank <num>
       erase_check -    check erase state of sectors in flash bank <num>
     protect_check -    check protection state of sectors in flash bank <num>
             erase -    erase sectors at <bank> <first> <last>
             write -    write binary <bank> <file> <offset>
           protect -    set protection of sectors at <bank> <first> <last> <on|off>
                nand    no help available
                 pld    programmable logic device commands
              arm7_9    arm7/9 specific commands
        write_xpsr -    write program status register <value> <not cpsr|spsr>
    write_xpsr_im8 -    write program status register <8bit immediate> <rotate> <not cpsr|spsr>
    write_core_reg -    write core register <num> <mode> <value>
          sw_bkpts -    support for software breakpoints <enable|disable>
    force_hw_bkpts -    use hardware breakpoints for all breakpoints (disables sw breakpoint support) <enable|disable>
             dbgrq -    use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable|disable>
       fast_writes -    (deprecated, see: arm7_9 fast_memory_access)
fast_memory_access -    use fast memory accesses instead of slower but potentially unsafe slow accesses <enable|disable>
     dcc_downloads -    use DCC downloads for larger memory writes <enable|disable>
          etb_dump -    dump current ETB content
             armv4_5    armv4/5 specific commands
               reg -    display ARM core registers
        core_state -    display/change ARM core state <arm|thumb>
       disassemble -    disassemble instructions <address> <count> ["thumb"]
            arm9tdmi    arm9tdmi specific commands
      vector_catch -    catch arm920t vectors ["all"|"none"|"<vec1 vec2 ...>"]
           arm926ejs    arm926ejs specific commands
              cp15 -    display/modify cp15 register <opcode_1> <opcode_2> <CRn> <CRm> [value]
        cache_info -    display information about target caches
         virt2phys -    translate va to pa <va>
          mdw_phys -    display memory words <physical addr> [count]
          mdh_phys -    display memory half-words <physical addr> [count]
          mdb_phys -    display memory bytes <physical addr> [count]
          mww_phys -    write memory word <physical addr> <value>
          mwh_phys -    write memory half-word <physical addr> <value>
          mwb_phys -    write memory byte <physical addr> <value>
                 cfi    no help available
                 reg    no help available
                poll    poll target state
           wait_halt    wait for target halt [time (s)]
                halt    halt target
              resume    resume target [addr]
                step    step one instruction
               reset    reset target [run|halt|init|run_and_halt|run_and_init]
     soft_reset_halt    halt the target and do a soft reset
                 mdw    display memory words <addr> [count]
                 mdh    display memory half-words <addr> [count]
                 mdb    display memory bytes <addr> [count]
                 mww    write memory word <addr> <value>
                 mwh    write memory half-word <addr> <value>
                 mwb    write memory byte <addr> <value>
                  bp    set breakpoint <address> <length> [hw]
                 rbp    remove breakpoint <adress>
                  wp    set watchpoint <address> <length> <r/w/a> [value] [mask]
                 rwp    remove watchpoint <adress>
          load_image    load_image <file> <address> ["bin"|"ihex"]
          dump_image    dump_image <file> <address> <size>
         load_binary    [DEPRECATED] load_binary <file> <address>
         dump_binary    [DEPRECATED] dump_binary <file> <address> <size>

Starting OpenOCD and Connecting with Telnet

Verifying Flash and Flashing

Notes and Special Situations

Terastation Pro v2/Terastation Live (arm9)

Similar to the other arm9-based boxes from buffalo these 2 only have uboot in flash. everything else is read and executed from harddisc.

Software

See JTAG Software

PPC-based-boxes

How to use the JTAG-Tools

TODO: we need to link + describe either how to compile the tools and how to use the precompiled tools from the download-section

LS2 (mipsel-based)

How to use HairyDairyMaids debrick

TODO: adding info about how to use it

TIPS

Flashing the bootloader only

Updating via JTAG is very slow. This is not really surprising as the JTAG protocol is a bit-level serial protocol. Writing the firmimg.bin file can easily take 24 hours or longer.

TODO: because we can flash the firmimg.bin much faster from UBoot

Link.png This article is currently a stub. You can help this Wiki by expanding it

. This template will categorize articles that include it into Category:Stubs.