On 25 Feb 2002 13:49:52 GMT, Dave Green <dgreen@qnx.com> wrote:
Hi Charlie,
I think the problem is that you built your image to be 2M in
size, then over-wrote the 256k at the beginning of the flash
(the part which the Commander software won’t overwrite). By
using the mkrec command as you did, you generated a 2M image,
but the OS image is offset to 256k into the image.
The problem is that the devf driver doesn’t recognize that the
first 2M consists of some unknown 256k chunk, then the OS image;
it just sees a 2M partition. What you need to do when you want
to copy in a new OS image is to use the flashctl command to
erase the old OS image. Then you need to somehow copy the new
one in at the proper offset, for which I would recommend the dd
command. So:
to erase the old OS image:
flashctl -p/dev/fs0 -o256k -l1792k -e
this will erase the raw device, starting at offset 256k, up to
a limit of 2M - 256k (1792k), and leave the first 256k alone.
now, ftp the original, un-padded boot image over, and use dd to
copy it to the desired 256k offset;
dd if=8260ads.bin of=/dev/fs0 bs=1k seek=256k
Dave,
Thanks for the quick response on this. I’ve tried your suggestions
but the result is the same. Once the new OS image is on the flash and
the board is rebooted, the board is more or less dead. “More or less”
I say because stuff does come out on serial port 1 but it’s just
gibberish. This same kind of thing happens when we first boot a board
that’s been loaded with the OCD Commander softare. There is a few
lines of garbage followed by the ‘Welcome…’ message from the build
script followed by a shell prompt. When we try to load the board
using ‘flashctl’ and ‘dd’ we get the few lines of garbage after a
reboot but we don’t get the welcome message or the shell prompt. The
garbage repeats itself over and over every few seconds. My theory has
been the board is rebooting every few seconds and spraying a fresh
round of garbage.
Anyway, I’m not sure I’m loading the new image into the right
place. Below I’ve included copies of our build script as well as the
shell script that builds the 8MB ‘flash_img’ file we push down with
OCD Commander. Maybe you’ll be able to spot something that I’m
missing that indicates I’m using the wrong offsets or something.
======================================================================
8260ads.build file
[image=0x10000]
[virtual=ppcbe,binary] .bootstrap = {
startup-8260ads
PATH=/proc/boot procnto-600
}
[+script] startup.script = {
devf-8260ads &
devc-serppc8260 -e -b57600 -c16625000 scc1 scc2 &
reopen /dev/ser1
display_msg .
display_msg **********************************
display_msg Welcome to Neutrino on the 8260ADS
display_msg **********************************
io-net -dppc8260-ads channel=2 -pttcpip
if=en0:172.23.11.207:255.255.248.0 &
These env variables inherited by all the programs which
follow
SYSNAME=nto
TERM=qansi
run startup.bat out of the flash filesystem
/fs0p1/startup.bat
[+session] PATH=:/proc/boot:/fs0p1:/fs0p1/bin esh
[+session] login -p
}
[type=link] /dev/console=/dev/ser1
[type=link] /usr/lib/ldqnx.so.2=/proc/boot/libc.so
[type=link] /tmp=/dev/shmem
libc.so
The networking shared libraries
devn-ppc8260-ads.so
libsocket.so
npm-ttcpip.so
[data=c]
Generic components
devc-serppc8260
esh
pidin
ls
cat
pdebug
uname
cp
chmod
mkdir
rm
echo
sin
dd
io-net and networking utilities
io-net
ping
ftp
fs-nfs2
Flash filesystem driver
devf-8260ads
flashctl
\
make_flash_img shell script
if [ x"$1" = x ]
then
echo “You must specify a name of a Neutrino image”
exit 1
fi
Start with the boot image. The boot image is specified as
an argument to the script (max size 1792k)
mkrec -s1792k -ffull -r $1 > flash_img
Create an empty 5MB flash partition and append it to our image
mkefs …/src/hardware/ipl/boards/8260ads/8260ads.ffs flash.tmp
cat flash.tmp >>flash_img
Generate a binary image of the IPL code
objcopy --input-format=elf32-powerpc --output-format=binary -R.data
…/src/hardware/ipl/boards/8260ads/ppc/be/ipl-8260ads ipl-8260ads.bin
mkrec -s1M -ffull -r ipl-8260ads.bin >> flash_img
rm ipl-8260ads.bin
rm flash.tmp
create s-record version of flash image
objcopy --input-format=binary --output-format=srec
–adjust-vma=0xff840000 flash_img flash_img.s19
======================================================================
The final line in the shell script generates the file ‘flash_img.s19’.
It is this image that I download to the development board through the
JTAG pod. The JTAG software reads the file and sees that it spans
from 0xff840000 to 0xffffffff (8M - 256k). I write this image starting
at 0xff840000, which is the start of the second flash sector.
Now here is something interesting. When I do a ‘df -kP’ on a working
development board I get the following report…
Filesystem 1024-blocks Used Available Capacity Mounted on
/dev/fs 1024 1024 0 100% /dev/fs0p2
/dev/fs0p1 4864 28 4835 1% /fs0p1
/dev/fs0 2048 2048 0 100% /dev/fs0p0
/dev/fs0 8192 8192 0 100%
Because /dev/fs0p0 is 2M in size, I assumed it was into this area that
the OS boot image was being written. I assumed it was 256k of unused
area (the first flash sector) followed by the boot image in the
remaining 1792k. That would make 2M total for the partition and
mirror what I thought I wrote through the JTAG programmer. So, out of
curiosity I used FTP to copy /dev/fs0p0 to a windows machine so I
could have a look. Here is a snippet of what I found…
00008740: 0a4c 6f61 6469 6e67 2051 4e58 362e 2e2e .Loading QNX6…
00008750: 2e0a 0a00 6b65 726e 656c 5f64 6576 6963 …kernel_devic
00008760: 6500 0000 726f 6d00 0000 0000 0000 0040 e…rom…@
00008770: 7fff ffff 0000 0140 0000 0000 0000 0000 …@…
00008780: 0001 0ba4 1000 0000 0001 0c60 0001 0dfc …`…
00008790: 0001 0d48 0000 0000 8000 0000 0000 0001 …H…
000087a0: 7fff ffff 0000 0240 0000 0000 0000 0000 …@…
000087b0: 0001 0eb0 0000 0000 0001 0ec0 0001 0ee0 …
000087c0: 0001 0ecc 0000 0000 0000 0000 0001 0ef4 …
000087d0: 0001 8828 0001 880c 0001 87f0 0001 3504 …(…5.
000087e0: 0001 3c0c 0001 0a28 0001 0aa4 0001 0b28 …<…(…(
000087f0: 7363 6332 5e31 2e35 3736 3030 2e31 3636 scc2^1.57600.166
00008800: 3235 3030 302e 3136 0000 0000 7363 6331 25000.16…scc1
00008810: 5e31 2e35 3736 3030 2e31 3636 3235 3030 ^1.57600.1662500
00008820: 302e 3136 0000 0000 3832 3630 0000 0000 0.16…8260…
00008830: 4144 3a66 3a4b 3a4d 3a4e 3a50 3a52 3a53 AD:f:K:M:N:P:R:S
00008840: 3a76 0000 3832 3630 4144 5300 1820 2428 :v…8260ADS… $(
00008850: 2c00 0000 696f 0000 0000 0000 0000 0000 ,…io…
00008860: ffff 8a8c ffff 8a9c ffff 8a9c ffff 8a78 …x
The scc1, scc2, 57600, etc., appears to be serial port setup stuff
taken from my build script. Anyway, what surprises me is here is
recognizable QNX stuff at address 0x00008740! I really didn’t expect
to see any QNX stuff until after 0x00040000 (256k). Clearly I don’t
understand how /dev/fs0p0 maps onto the physical memory. But I’m
curious, if it doesn’t include the first 256k, why does it span 2MB?
Anyway, I took the new boot image I wanted to load and padded it to 2M
with no starting offset and looked at its hex dump to see how they
compared…
00008670: 2c00 0000 4082 fff8 7c69 1850 4e80 0020 ,…@…|i.PN…
00008680: 0000 0000 0000 0000 0000 0000 0000 0000 …
00008690: 6b65 726e 656c 5f64 6576 6963 6500 0000 kernel_device…
000086a0: 726f 6d00 0000 0000 0000 0040 7fff ffff rom…@…
000086b0: 0000 0140 0000 0000 0000 0000 0001 0afc …@…
000086c0: 1000 0000 0001 0bb8 0001 0d54 0001 0ca0 …T…
000086d0: 0000 0000 8000 0000 0000 0001 7fff ffff …
000086e0: 0000 0240 0000 0000 0000 0000 0001 0e08 …@…
000086f0: 0000 0000 0001 0e18 0001 0e38 0001 0e24 …8…$
00008700: 0000 0000 0000 0000 0001 0e4c 0001 8764 …L…d
00008710: 0001 8748 0001 872c 0001 345c 0001 3b64 …H…,…4…;d
00008720: 0001 0980 0001 09fc 0001 0a80 7363 6332 …scc2
00008730: 5e31 2e35 3736 3030 2e31 3636 3235 3030 ^1.57600.1662500
00008740: 302e 3136 0000 0000 7363 6331 5e31 2e35 0.16…scc1^1.5
00008750: 3736 3030 2e31 3636 3235 3030 302e 3136 7600.16625000.16
00008760: 0000 0000 3832 3630 0000 0000 4144 3a66 …8260…AD:f
00008770: 3a4b 3a4d 3a4e 3a50 3a52 3a53 3a76 0000 :K:M:N:P:R:S:v…
00008780: 3832 3630 4144 5300 1820 2428 2c00 0000 8260ADS… $(,…
00008790: 696f 0000 0000 0000 0000 0000 0000 0000 io…
000087a0: ffff 8aa4 ffff 8ab4 ffff 8ab4 ffff 8a90 …
As you can see, things are not exactly the same but they seem pretty
close both in address and content so I thought maybe I could take my
new image and write it over the top of /dev/fs0p0. I FTPed the image
to the dev board and used ‘cp boot_img /dev/fs0p0’ to copy it to
flash. I didn’t use ‘flashctl’ to erase the partition first. Was
this my problem? At any rate the end result was much the same as
before. Once rebooted, the dev board would spew a couple lines of
garbage characters out the serial port every few seconds but that was
all.
I’m sure there is some key piece or pieces of how this all works that
I’m just not understanding correctly. What am I missing?
Charlie Hubbard
charlieh@innovsys.com