Booting process & memory layout.

Oleg Gusev oleg@usm.uni-muenchen.de
Fri Mar 12 13:55:52 CET 2004


>You forgot to add 0xc0000000 to the address!

Feel really dumb :)) One always learns something new.
Makes sense after all. 

>What is surprising is that you can access the skipped address at all.
>What does the CPU map at this place?

The dynamic linker. I was confused by being able to see something at
the ninth page and further.

> At least it exists when hpcboot loads blob without linux
> (that's how I discovered it, to begin with).

Yes, i remember. So it exists when something is loaded
with hpcboot. hpcboot tries very hard not to destroy anything,
so it is quite likely that it has reset only some settings.
It doesn't even clear the PID processor register.

>What do you mean? That it is not hardwired but configured in software?

This is the 5c000 page in wince:

c005c000 : c005c2f0
c005c004 : c005c3f0
c005c008 : c005c370
c005c00c : c005c470
c005c010 : c005c330
c005c014 : c005c430
c005c018 : c005c3b0
c005c01c : c005c4b0
c005c020 : c005c310
c005c024 : c005c410
c005c028 : c005c390
c005c02c : c005c490
c005c030 : c005c350
c005c034 : c005c450
c005c038 : c005c3d0
c005c03c : c005c4d0
c005c040 : c005c300
c005c044 : c005c400
c005c048 : c005c380
c005c04c : c005c480
c005c050 : c005c340
c005c054 : c005c440
c005c058 : c005c3c0
c005c05c : c005c4c0
c005c060 : c005c320
c005c064 : c005c420
c005c068 : c005c3a0
c005c06c : c005c4a0
c005c070 : c005c360
c005c074 : c005c460
c005c078 : c005c3e0
c005c07c : c005c4e0
c005c080 : 00000025
c005c084 : 00000000
...

32 entries followed by c005c080 value (which can be 0x25, 0x30,
or some bigger value like 0x2ff - but i don't remember this one exactly).
In wince this value does _not_ change when the computer is running.
In linux the 32 entries remain untouched, but the  value in c005c080 
is spinning up.
The entries are the pointers to the table beginning at 5c100,
which also looks as a data segment. At least
'objdump -D -b binary -m armv4' doesn't make much sense.

Interesting is also the page 5a000. Dumping /dev/mem shows that
hpcboot puts there its
\r\n------------HPCBOOT------------\r\n
message and the rest up to 5c000 is zeroed.
It comes from here:

        const char msg[] = "\r\n--------HPCBOOT--------\r\n";
        HANDLE h;

        h = CreateFile(TEXT("COM1:"),
            GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0,
            NULL);

        // Print banner on serial console.
        WriteFile(h, msg, sizeof msg, &wrote, 0);

It seems that 5a000 was used as a buffer for COM1.
One can only guess if 5b000 will be a buffer for COM2 ?

> Isn't there a hazard for the computer if you do it while the power is on?

Only the electrical hazard, it is also not advised to plug the 
ps2 mouse/keyboard while powered. I have done the last countless times,
and nothing happened :)

 Oleg.



More information about the Jornada820 mailing list