contiki/doc/radioinit
2009-04-13 08:09:36 -04:00

174 lines
7.4 KiB
Plaintext

Entries in ram are processed by SMACinitfrommemory and executeentry
(which does the work). I suspect that these entries are loaded in from
the rom from the rom_data_init call in the beginning stub. For now
we'll do the simple thing of performing the actions they do, but for
real it would be better to load out from ROM and execute the entries
in a similar way. That way, if the cal data changes in the ROM, our
code should still work.
When radioinit first starts it seems to do checks for a 24MHZ clock
and if the buck should be enabled. Assuming 24MHZ and no buck the next
things it does is 5 entries in cal1 (40 bytes, 4 bytes per word, = 10
words, 2 words per entry = 5 entrys)
0x80003048
0x00000f78
0x8000304c
0x00607707
the next entry is zero addr with val 0x000161a8... this is a delay
entry. Loop here 0x000161a8 times. then return.
0x00000000
0x000161a8
Then two more memory stuffs:
0x8000a050
0x0000047b
0x8000a054
0x0000007b
then it seems like the emulator dies on the stack munging they do at
the end of InitFromMemory... but I think I've decoded the entry
enough to figure out the rest.
then they do one entry of r4 base + 48 (gRadioTOCCal2_24MHz_c[0])
0x80009000
0x80050100
then they do 11 entries in cal3 and reg replacment (first two have delays)
0x402b8c <gRadioTOCCal3_c>: 0x80009400 0x00020017 0x80009a04 0x8185a0a4
0x402b9c <gRadioTOCCal3_c+16>: 0x80009a00 0x8c900025 0x00000000 0x00011194
0x402bac <gRadioTOCCal3_c+32>: 0x80009a00 0x8c900021 0x80009a00 0x8c900027
0x402bbc <gRadioTOCCal3_c+48>: 0x00000000 0x00011194 0x80009a00 0x8c90002b
0x402bcc <gRadioTOCCal3_c+64>: 0x80009a00 0x8c90002f 0x00000000 0x00011194
0x402bdc <gRadioTOCCal3_c+80>: 0x80009a00 0x8c900000
then 4 entries from r5+24 (buffer_radio_init and cal5)
0x80009400 0x00000017
0x405230 <gRadioTOCCal5+8>: 0x8000a050 0x00000000 0x8000a054 0x00000000
0x405240 <gRadioTOCCal5+24>: 0x80003048 0x00000f00
then 43 entries from r4+152 (reg replacement)
0x402bec <gRadioInit_RegReplacement_c>: 0x80004118 0x00180012 0x80009204 0x00000605
0x402bfc <gRadioInit_RegReplacement_c+16>: 0x80009208 0x00000504 0x8000920c 0x00001111
0x402c0c <gRadioInit_RegReplacement_c+32>: 0x80009210 0x0fc40000 0x80009300 0x20046000
0x402c1c <gRadioInit_RegReplacement_c+48>: 0x80009304 0x4005580c 0x80009308 0x40075801
0x402c2c <gRadioInit_RegReplacement_c+64>: 0x8000930c 0x4005d801 0x80009310 0x5a45d800
0x402c3c <gRadioInit_RegReplacement_c+80>: 0x80009314 0x4a45d800 0x80009318 0x40044000
0x402c4c <gRadioInit_RegReplacement_c+96>: 0x80009380 0x00106000 0x80009384 0x00083806
0x402c5c <gRadioInit_RegReplacement_c+112>: 0x80009388 0x00093807 0x8000938c 0x0009b804
0x402c6c <gRadioInit_RegReplacement_c+128>: 0x80009390 0x000db800 0x80009394 0x00093802
0x402c7c <gRadioInit_RegReplacement_c+144>: 0x8000a008 0x00000015 0x8000a018 0x00000002
0x402c8c <gRadioInit_RegReplacement_c+160>: 0x8000a01c 0x0000000f 0x80009424 0x0000aaa0
0x402c9c <gRadioInit_RegReplacement_c+176>: 0x80009434 0x01002020 0x80009438 0x016800fe
0x402cac <gRadioInit_RegReplacement_c+192>: 0x8000943c 0x8e578248 0x80009440 0x000000dd
0x402cbc <gRadioInit_RegReplacement_c+208>: 0x80009444 0x00000946 0x80009448 0x0000035a
0x402ccc <gRadioInit_RegReplacement_c+224>: 0x8000944c 0x00100010 0x80009450 0x00000515
0x402cdc <gRadioInit_RegReplacement_c+240>: 0x80009460 0x00397feb 0x80009464 0x00180358
0x402cec <gRadioInit_RegReplacement_c+256>: 0x8000947c 0x00000455 0x800094e0 0x00000001
0x402cfc <gRadioInit_RegReplacement_c+272>: 0x800094e4 0x00020003 0x800094e8 0x00040014
0x402d0c <gRadioInit_RegReplacement_c+288>: 0x800094ec 0x00240034 0x800094f0 0x00440144
0x402d1c <gRadioInit_RegReplacement_c+304>: 0x800094f4 0x02440344 0x800094f8 0x04440544
0x402d2c <gRadioInit_RegReplacement_c+320>: 0x80009470 0x0ee7fc00 0x8000981c 0x00000082
0x402d3c <gRadioInit_RegReplacement_c+336>: 0x80009828 0x0000002a
then flash init. (hrmm.. this might be important)
then flyback init.
then maybe buckbypass sequence... 4 entries from r4+16
0x402b64 <gBuckByPass_c>: 0x80003000 0x00000018 0x80003048 0x00000f04
0x402b74 <gBuckByPass_c+16>: 0x00000000 0x000161a8 0x80003048 0x00000ffc
RadioInit is (roughly):
SMAC_InitFromMemory(gRadioTOCCal1,40);
SMAC_InitFromMemory(gRadioTOCCal2_24MHz_c,8);
SMAC_InitFromMemory(gRadioTOCCal3_c,88);
SMAC_InitFromMemory(gRadioTOCCal5,32);
SMAC_InitFromMemory(gRadioInit_RegReplacement_c,344);
SMAC_InitFromFlash(0x1F000);
SMAC_InitFlybackSettings();
SMAC_InitFromMemory(gBuckByPass_c,16);
fill_ram_struct(&u8RamValues);
uint8_t i;
uint8_t buffer_radio_init[16];
for(i=0; i<16; i++) {
buffer_radio_init[i] = get_ctov(i,u8RamValues[3]);
}
Some kind of success!
This replacment works:
// RadioInit(PLATFORM_CLOCK, gDigitalClock_PN_c, u32LoopDiv); // need this to work
/* my replacment for RadioInit, flyback and vreg have been separated out */
radio_init();
// SMAC_InitFromMemory(gRadioTOCCal1,40);
// *(volatile uint32_t *)0x80009000 = 0x80050100;
// SMAC_InitFromMemory(gRadioTOCCal2_24MHz_c,8);
// SMAC_InitFromMemory(gRadioTOCCal3_c,88);
// SMAC_InitFromMemory(gRadioTOCCal5,32);
// SMAC_InitFromMemory(gRadioInit_RegReplacement_c,344);
SMAC_InitFromFlash(0x1F000);
// SMAC_InitFlybackSettings();
flyback_init();
// SMAC_InitFromMemory(gBuckByPass_c,16);
vreg_init();
*((uint32_t *)&u8RamValues) = 0x4c20030a;
fill_ram_struct(&u8RamValues);
for(j=0; j<16; j++) {
// buffer_radio_init[j] = get_ctov(j,u8RamValues[3]);
buffer_radio_init[j] = get_ctov(j,0x4c); //0x4c loads the right values into buffer_radio_init... but why isn't RamValues correct?
}
Which means my radio_init, and vreg_init are good. It also means that
my intreprtation of buffer_radio_init is correct. It may also mean
that u8RamValues isn't important since I just set it's value.
That means I only have InitFromFlash to replace now!
Actually, I should test if that is necessary --- I still find it a
little hard to believe that they put essential data on NVM --- except
they could set codeprotect so that clods won't erase it on accident.
See PLM/LibInterface/NVM.h for some docs. Looks like they put a
standard SST, ST, or Atmel spi flash in there (note the comment about
continuous read mode).
MACPHY.a might use a ROM service for the flash init:
0000f97c g F *ABS* 00000000 InitFromFlash
ac: 4668 mov r0, sp
ae: f7ff fffe bl 0 <GetInitTranslationTablePtr>
b2: 4669 mov r1, sp
b4: 780a ldrb r2, [r1, #0]
b6: 0001 lsls r1, r0, #0
b8: 20f8 movs r0, #248
ba: 0240 lsls r0, r0, #9
bc: f7ff fffe bl 0 <InitFromFlash>
uint32_t InitFromFlash(uint32_t nvmAddress, uint32_t nLength);
Which looks like InitFromFlash(0x1F00,?);