usb-loader: Explain a little more about magic calls
These calls enter into the MT6260 ROM. Explain a bit more about where they come from and what their function prototypes are. Signed-off-by: Sean Cross <xobs@kosagi.com>
This commit is contained in:
Sean Cross
parent
91d05709fc
commit
8a4f98b5b1
1 changed files with 13 additions and 2 deletions
15
usb-loader.S
15
usb-loader.S
|
|
@ -20,6 +20,15 @@ load_program:
|
||||||
adr r0, size_buffer
|
adr r0, size_buffer
|
||||||
mov r1, #4
|
mov r1, #4
|
||||||
mvn r2, #0
|
mvn r2, #0
|
||||||
|
# This function address was discovered by disassembling the ROM, which
|
||||||
|
# begins around offset 0xfff00000. When the MTK Flash Tool loads code into
|
||||||
|
# an unflashed MTK chip, it makes calls to a few well-defined positions that
|
||||||
|
# contain pointers to read a buffer, write a buffer, and flush the current
|
||||||
|
# write buffer. The programming interface is the same for both USB and
|
||||||
|
# serial. However, since the MT6260 series of parts primarily boots
|
||||||
|
# off of USB, we are only interested in the USB thunks.
|
||||||
|
# The prototype for this function is:
|
||||||
|
# void usb_uart_read(void *buffer, int bytes, int timeout)
|
||||||
ldr r3, =0xfff03639
|
ldr r3, =0xfff03639
|
||||||
blx r3
|
blx r3
|
||||||
|
|
||||||
|
|
@ -62,11 +71,13 @@ uart_puts_count_chars_loop:
|
||||||
uart_puts_print:
|
uart_puts_print:
|
||||||
mvn r2, #0
|
mvn r2, #0
|
||||||
|
|
||||||
// Call usb_uart_write(char *data, int bytes, int timeout)
|
# Call:
|
||||||
|
# void usb_uart_write(char *data, int bytes, int timeout)
|
||||||
ldr r3, =0xfff03653
|
ldr r3, =0xfff03653
|
||||||
blx r3
|
blx r3
|
||||||
|
|
||||||
// Call usb_uart_flush
|
# Call:
|
||||||
|
# void usb_uart_flush(void)
|
||||||
ldr r3, =0xfff04845
|
ldr r3, =0xfff04845
|
||||||
blx r3
|
blx r3
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue