yetangitu/fernly
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
Fernvale research OS
15 commits 2 branches 0 tags 416 KiB
Find a file
Sean Cross 8f18cfd58b fernvale: Get IRQs to at least do something 
IRQs now do something.  They still don't work, though.
2014-08-26 17:09:42 +08:00
include fernvale: Get IRQs to at least do something 2014-08-26 17:09:42 +08:00
.gitignore fernly: Initial commit 2014-06-12 12:58:06 +08:00
bionic.c LAst commit before a complete refactoring 2014-07-18 16:21:28 +08:00
cmd-irq.c fernvale: Get IRQs to at least do something 2014-08-26 17:09:42 +08:00
fernvale.ld fernvale: Get IRQs to at least do something 2014-08-26 17:09:42 +08:00
irq.c fernvale: Get IRQs to at least do something 2014-08-26 17:09:42 +08:00
irqasm.S fernvale: Get IRQs to at least do something 2014-08-26 17:09:42 +08:00
magic.mk fernly: Initial commit 2014-06-12 12:58:06 +08:00
main.c fernvale: Get IRQs to at least do something 2014-08-26 17:09:42 +08:00
Makefile fernvale: Get IRQs to at least do something 2014-08-26 17:09:42 +08:00
memio.c fernvale: Get IRQs to at least do something 2014-08-26 17:09:42 +08:00
mkenv.mk fernly: Initial commit 2014-06-12 12:58:06 +08:00
README.md README: Update a bunch of blocks, based on reversing 2014-08-19 13:38:14 +08:00
serial.c serial: Use const void * everywhere 2014-08-19 15:54:15 +08:00
spin.sh fernly: wip 2014-07-04 17:31:32 +08:00
start.S fernvale: Get IRQs to at least do something 2014-08-26 17:09:42 +08:00
utils.c serial: Use const void * everywhere 2014-08-19 15:54:15 +08:00
vectors.c fernvale: Get IRQs to at least do something 2014-08-26 17:09:42 +08:00
vsprintf.c fernly: wip 2014-07-04 17:31:32 +08:00

README.md

Fernly - Fernvale Reversing OS

Fernly is a simple operating system designed for use in the reverse engineering of the Fernvale CPU. It will likely be disposed of when the system has been understood well enough to implement a full operating system.

Usage

To compile, simply run "make".

To install, use radare2:

$ sudo radare2 fv://
[0x00000000]> s 0x3460
[0x00003460]> wf .//build/firmware.bin

Chip notes

The chip memory-maps SPI at offset 0x10000000.

Memory Map

+------------+------------+------------+-------------------------------------+ | 0x00000000 | 0x0fffffff | 0x0fffffff | PSRAM map, repeated and mirrored | | | | | at 0x00800000 offsets | +------------+------------+------------+-------------------------------------+ | 0x10000000 | 0x1fffffff | 0x0fffffff | Memory-mapped SPI chip | +------------+------------+------------+-------------------------------------+ | ?????????? | ?????????? | ?????????? | ??????????????????????????????????? | +------------+------------+------------+-------------------------------------+ | 0x70000000 | 0x7000cfff | 0xcfff | On-chip SRAM (maybe cache?) | +------------+------------+------------+-------------------------------------+ | ?????????? | ?????????? | ?????????? | ??????????????????????????????????? | +------------+------------+------------+-------------------------------------+ | 0x80000000 | 0x80000008 | 0x08 | Config block (chip version, etc.) | +------------+------------+------------+-------------------------------------+ | 0x82000000 | 0x82d00000 | ?????????? | Modem system stuff | +------------+------------+------------+-------------------------------------+ | 0x83000000 | 0xa3090000 | ?????????? | Modem peripheral stuff | +------------+------------+------------+-------------------------------------+ | 0xa0000000 | 0xa0000008 | 0x08 | Config block (mirror?) | +------------+------------+------------+-------------------------------------+ | 0xa0010000 | ?????????? | ?????????? | Power, config block | +------------+------------+------------+-------------------------------------+ | 0xa0020000 | 0xa0020e10 | 0x0e10 | GPIO control block | +------------+------------+------------+-------------------------------------+ | 0xa0030000 | 0xa0030040 | 0x40 | WDT block | | | | | + 0x08 -> WDT register (?) | | | | | + 0x18 -> Boot src (?) | +------------+------------+------------+-------------------------------------+ | 0xa0030800 | ?????????? | ?????????? | ???????????????????????????? | +------------+------------+------------+-------------------------------------+ | 0xa0040000 | ?????????? | ?????????? | ??????????????????????????????????? | +------------+------------+------------+-------------------------------------+ | 0xa0050000 | ?????????? | ?????????? | External memory block | +------------+------------+------------+-------------------------------------+ | 0xa0060000 | ?????????? | ?????????? | IRQ Controller block | +------------+------------+------------+-------------------------------------+ | 0xa0070000 | ========== | ========== | DMA Controller block | +------------+------------+------------+-------------------------------------+ | 0xa0080000 | 0xa008005c | 0x5c | UART1 block | +------------+------------+------------+-------------------------------------+ | 0xa0090000 | 0xa009005c | 0x5c | UART2 block | +------------+------------+------------+-------------------------------------+ | 0xa00a0000 | ?????????? | ?????????? | ??????????????????????????????????? | +------------+------------+------------+-------------------------------------+ | 0xa00b0000 | 0xa00b006c | 0x6c | Bluetooth interface block | +------------+------------+------------+-------------------------------------+ | 0xa00c0000 | 0xa00c002c | 0x2c | General purpose timer block | +------------+------------+------------+-------------------------------------+ | 0xa00d0000 | 0xa00d0024 | 0x24 | Keypad scanner block | +------------+------------+------------+-------------------------------------+ | 0xa00e0000 | 0xa00e0008 | 0x0c | PWM1 block | +------------+------------+------------+-------------------------------------+ | 0xa00f0000 | 0xa00f00b0 | 0xb0 | SIM1 interface block | +------------+------------+------------+-------------------------------------+ | 0xa0100000 | 0xa01000b0 | 0xb0 | SIM2 interface block | +------------+------------+------------+-------------------------------------+ | 0xa0110000 | ?????????? | ?????????? | ??????????????????????????????????? | +------------+------------+------------+-------------------------------------+ | 0xa0120000 | 0xa0120074 | 0x74 | I2C block | +------------+------------+------------+-------------------------------------+ | 0xa0130000 | 0xa0130098 | 0x98 | SD1 block (MSDC) | +------------+------------+------------+-------------------------------------+ | 0xa0140000 | ?????????? | ?????????? | Serial flash block | +------------+------------+------------+-------------------------------------+ | 0xa0150000 | ?????????? | ?????????? | ?? MAYBE also SPI ????????????????? | +------------+------------+------------+-------------------------------------+ | 0xa0160000 | ?????????? | ?????????? | Die-to-die master interface | +------------+------------+------------+-------------------------------------+ | 0xa0170000 | ?????????? | ?????????? | Analogue chip controller block | +------------+------------+------------+-------------------------------------+ | 0xa0180000 | ?????????? | ?????????? | TOPSM block | +------------+------------+------------+-------------------------------------+ | 0xa0190000 | 0xa0190310 | 0x58 | HIF (DMA?) interface block | +------------+------------+------------+-------------------------------------+ | 0xa01b0000 | 0xa01b0058 | 0x58 | NLI (arbiter) interface block | +------------+------------+------------+-------------------------------------+ | 0xa01c0000 | ?????????? | ?????????? | EFuse block | +------------+------------+------------+-------------------------------------+ | 0xa01e0000 | ?????????? | ?????????? | SPI block | +------------+------------+------------+-------------------------------------+ | 0xa01f0000 | 0xa01f0060 | 0x60 | OS timer block | +------------+------------+------------+-------------------------------------+ | 0xa0210000 | ?????????? | ?????????? | More analog bits | +------------+------------+------------+-------------------------------------+ | 0xa0220000 | ?????????? | ?????????? | MBist block | +------------+------------+------------+-------------------------------------+ | 0xa0240000 | ?????????? | ?????????? | NAND flash block | +------------+------------+------------+-------------------------------------+ | 0xa0260000 | 0xa0260058 | 0x58 | FSPI (internal FM radio) block | +------------+------------+------------+-------------------------------------+ | 0xa0270000 | 0xa0270098 | 0x98 | SD2 block | +------------+------------+------------+-------------------------------------+ | 0xa0400000 | ?????????? | ?????????? | IMGDMA block | +------------+------------+------------+-------------------------------------+ | 0xa0410000 | ?????????? | ?????????? | IDP RESZ CR2 | +------------+------------+------------+-------------------------------------+ | 0xa0420000 | 0xa04201d8 | 0x01d8 | CAM interface block | +------------+------------+------------+-------------------------------------+ | 0xa0430000 | ?????????? | ?????????? | Serial camera block | +------------+------------+------------+-------------------------------------+ | 0xa0440000 | ?????????? | ?????????? | 2D graphics block | +------------+------------+------------+-------------------------------------+ | 0xa0450000 | ?????????? | ?????????? | LCD interface block | +------------+------------+------------+-------------------------------------+ | 0xa0460000 | ?????????? | ?????????? | Multimedia system BIST block | +------------+------------+------------+-------------------------------------+ | 0xa0470000 | ?????????? | ?????????? | Multimedia colour config block | +------------+------------+------------+-------------------------------------+ | 0xa0480000 | ?????????? | ?????????? | Multimedia system config block | +------------+------------+------------+-------------------------------------+ | 0xa0500000 | ?????????? | ?????????? | ARM configuration block | +------------+------------+------------+-------------------------------------+ | 0xa0510000 | ?????????? | ?????????? | Boot configuration block | +------------+------------+------------+-------------------------------------+ | 0xa0520000 | ?????????? | ?????????? | Code decompression engine block | +------------+------------+------------+-------------------------------------+ | 0xa0530000 | ?????????? | ?????????? | Level 1 cache block | +------------+------------+------------+-------------------------------------+ | 0xa0540000 | ?????????? | ?????????? | MPU config block | +------------+------------+------------+-------------------------------------+ | 0xa0700000 | ?????????? | ?????????? | Power management block | | | | | Write (val & 0xfe0f | 0x140) to | | | | | 0xa0700230 to power off. | +------------+------------+------------+-------------------------------------+ | 0xa0710000 | 0xa0710078 | 0x78 | RTC block | +------------+------------+------------+-------------------------------------+ | 0xa0720000 | ?????????? | ?????????? | Analogue baseband config block | +------------+------------+------------+-------------------------------------+ | 0xa0730000 | 0xa0730100 | ?????? | Analogue die config | +------------+------------+------------+-------------------------------------+ | 0xa0730104 | 0xa073104c | ?????? | GPIO mode / pull control blocks | +------------+------------+------------+-------------------------------------+ | 0xa074000c | 0xa0740014 | 0x0c | PWM2 block | +------------+------------+------------+-------------------------------------+ | 0xa0740018 | 0xa0740020 | 0x0c | PWM3 block | +------------+------------+------------+-------------------------------------+ | 0xa0750000 | 0xa075005c | 0x5c | ADCDET block | +------------+------------+------------+-------------------------------------+ | 0xa0760000 | ?????????? | ?????????? | Analogue IRQ controller | +------------+------------+------------+-------------------------------------+ | 0xa0790000 | 0xa07900d8 | 0xd8 | ADC block | +------------+------------+------------+-------------------------------------+ | 0xa07a0000 | ?????????? | ?????????? | Analogue Die-to-die block | +------------+------------+------------+-------------------------------------+ | 0xa0900000 | 0xa0900240 | ?????????? | USB block | +------------+------------+------------+-------------------------------------+ | 0xa0910000 | ?????????? | ?????????? | ??????????????????????????????????? | +------------+------------+------------+-------------------------------------+ | 0xa0920000 | ?????????? | ?????????? | AHB DMA block | +------------+------------+------------+-------------------------------------+ | 0xa3300000 | 0xa33a0000 | ?????????? | Bluetooth things | +------------+------------+------------+-------------------------------------+