SlideShare ist ein Scribd-Unternehmen logo

UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap

Als ODP, PDF herunterladen
E
edlangley

The document discusses hacking an embedded Linux system called the Mattel Juicebox, a children's video and MP3 player, by taking advantage of unused debugging interfaces. It covers setting up a toolchain and memory management for systems without an MMU, programming the target system over JTAG, and challenges faced getting uCLinux running on the Juicebox such as modifying its boot process.

Technologie
1 von 28
Hacking embedded Linux on the cheap with an example system Ed Langley
Introduction to the target system ● Mattel Juicebox – Childrens video and MP3 player – Only plays video from OTP ROM cartridges ● Proprietary player and format ● Low compression ● No OS – Plays MP3s from MMC socket cartridge ● Running uCLinux
Target system specification ● Samsung S3C440BX micro controller – ARM7TDMI core – 8KB cache/SRAM – 2 channel UART – 2 channel DMA – 1 channel I2C – 5 channel PWM – 8 channel 10 bit ADC – RTC with calendar – 71 input/output pins – LCD controller with 1 dedicated DMA channel ● 2MB SDRAM ● 8MB ROM ● Audio: Cirrus Logic CS43L43 ● LCD: 2.7 inch color 240x160 ● JTAG – pads on PCB left behind in production boards ● As are serial port Tx/Rx lines
Picking your own target system ● Traditional industry method: – price Vs package size Vs power consumption – All of above Vs features: ● Speed ● Number of external interrupts ● Supported memory range ● Memory management ● Number of GPIO pins ● Assemblers/compilers/programming languages supported ● Operating systems supported
Picking your own target system ● “On a shoestring” method – Take what you can get – Mass produced gadget/appliance – Contains CPU with architecture supported by Linux ● How much work/research/porting/hacking do you want to do yourself? – E.G. Low budget: ● PDAs MP4 video players (from China off Ebay for £20) ● Older games consoles (Dreamcast, PS2, Game Cube) – E.G. Higher budget: ● Handheld games consoles (PSP, GP2X) ● Set top boxes/routers (Dreambox, Linksys routers)
Get your build environment together ● Toolchain – GCC – Binutils (ar, as, ld, objdump, objcopy, readelf) – Debugger ● If the target system has in circuit debugging ability ● GDB ● Interface from GDB to target – OpenOCD for JTAG, BDM patches for FreeScale MCUs ● Above will have “arch-binaryformat-” prefix – E.G. arm-elf-gcc, m68k-linux-objdump
Test the tool chain ● If system doesn't come with Linux on it already, best to start with some bare board code – C run time (assembly code to prepare CPU configuration and stack to run C code, then call main()) – Linker script ● Tells code what memory address it will be running from, so function calls are compiled to JMP instructions to the correct addresses – Makefile ● Sets compile/linker commands to use the cross compiling tool chain, passes linker script to linker
Memory management ● Process memory map on typical Linux system with an MMU: .text 0x00000000 .data .bss Dynamic memory 0x40000000 Stack0xC0000000 Kernel .text Kernel .data Kernel .bss Kernel dynamic memory Hardware access ranges Physical memory Page table Linear mapping
Memory Management ● Process memory map created by default linker script, included with tool chain ● When building “Bare board” code, or an operating system kernel, need to specify custom linker script ● Script specifies where code is in output file (ELF) and what address it will be at when MMU is enabled and page tables configured
Lack of memory management ● Low end micro controllers often don't have memory management units – Less complexity in silicon ● Cheaper ● Lower power consumption ● Simpler for writing bare board software from scratch ● Not so easy for running Linux – No virtual memory addresses ● Processes can't all have the same memory map ● Can't “grow” process address space with sbrk()
Lack of memory management ● Solution: uCLinux – All processes loaded to different physical addresses ● New binary format (FLAT) to handle this – Different memory allocator ● No brk()/sbrk() system call ● Power of 2 – No fork() system call ● Can't duplicate process memory map because physical addresses must all be different ● Forces application modification to use vfork()
Benefits of no MMU ● Cheaper development tool setup – Was developing a Linux driver on a v4 Coldfire board (with MMU) at work – Tried to debug kernel with m68k-linux-bdm-gdb – GDB has no concept of virtual addresses ● Written to debug user mode processes – As soon as GDB tried to read a kernel variable at a virtual address – Bus error ● Wasn't translating virtual address to physical address – Never had a problem on previous board (with no MMU) because virtual address=physical address
Benefits of no MMU ● Used one of these: Lauterbauch Trace32 ● Could have used KGDB – Architecture specific code needs porting
Getting the code onto the target ● Plug and prey – Can take a few goes to get right – Becomes tiresome trying out changes ● Program the flash/RAM in target – Requires either: ● Boot loader/monitor preprogrammed into boot ROM – Not likely on a retail product ● Debug interface hardware and connector on target – This can be very slow with cheaper debug interface – Very very slow for programming flash in target
Getting code onto the Juicebox ● The S3C44B0X has JTAG interface, connector pads are present on JB board
Joint Test Action Group overview ● Serial data In, Out and Clock lines allow data bits to be clocked in and out of the Test Access Port (TAP) on the device ● TMS controls state machine in TAP ● Devices may be chained:
Joint Test Action Group overview ● Serial bits clocked in control device pins through a path of cells known as the Boundary Scan Register:
Joint Test Action Group overview ● Toggling TMS signal cycles TAP through a state machine ● This allows the device pins to be set to the data clocked in via TDI ● Or to capture the device pin state and clock it out via TDO ● Control of the pins on the device give control of the device itself, and RAM/flash connected to the device ● So JTAG can be used to program memory in target
The JTAG Wiggler ● Macraigor is a company making hardware and software for embedded development ● They created the standard “Wiggler” design for connecting PC to target via JTAG:
The JTAG Wiggler ● Everyone soon realised the Wiggler is just a buffer chip on the end of a parallel cable ● Olimex clone:
The JTAG Wiggler ● Home made version:
It doesn't work- now what? ● Systematic approach ● Start at one end (I.E. Bottom of hardware/ top of software) and work to the other ● The JTAG connection to the Juicebox wouldn't work – Started with the software ● Check permissions – retry as root ● Check parport_pc kernel module not loaded, interferes with direct port access – Then moved down to parallel port setup in BIOS
Juicebox JTAG not working ● Then checked cable wired correctly – ensure board schematic drawn with same connector gender as actually used ● Then checked the schematic:
Juicebox JTAG not working ● Result: schematic incorrect ● Amendments made to the website where I copied it from 5 days later ● Used that schematic because it was in Eagle CAD format ● Moral of the story – The less work you do yourself, the more susceptible you are to mistakes made by others doing the work for you
Getting Linux running on a target system ● Retail gadgets – Usually some kind of kludge/hack to get own code running – Boot loader often runs checksum calculation over a range of the code – Games consoles/handhelds ● Generally require a massive exploit to be found before any progress is made
Getting uCLinux running on the Juice Box ● Can run home brew code relatively easy – Can download binary to RAM/flash using Jtager – Can download ELF using GDB+OpenOCD ● Running code from a fresh boot, not so easy – Need to steal first 512 bytes from a “Juiceware” video cartridge and patch with some hex to add a branch instruction to the custom code
Getting uCLinux running on the Juice Box ● Not actually done this yet ● Have built a “cartridge” to interface some programmable NAND flash to the S3C44B0X:
Getting uCLinux running on the Juice Box ● Downloading even a minimal Kernel to RAM or flash over JTAG takes forever – Have built the kernel to run from RAM as configured by Emsoft – Will write this to flash once ● Currently crafting a boot loader to prepare the CPU, then dump the kernel from flash to RAM and run it

Empfohlen

UKUUG presentation about µCLinux on Pluto 6
UKUUG presentation about µCLinux on Pluto 6UKUUG presentation about µCLinux on Pluto 6
UKUUG presentation about µCLinux on Pluto 6edlangley
 
µCLinux on Pluto 6 Project presentation
µCLinux on Pluto 6 Project presentationµCLinux on Pluto 6 Project presentation
µCLinux on Pluto 6 Project presentationedlangley
 
GCMA: Guaranteed Contiguous Memory Allocator
GCMA: Guaranteed Contiguous Memory AllocatorGCMA: Guaranteed Contiguous Memory Allocator
GCMA: Guaranteed Contiguous Memory AllocatorSeongJae Park
 
Linux Kernel Memory Model
Linux Kernel Memory ModelLinux Kernel Memory Model
Linux Kernel Memory ModelSeongJae Park
 
An Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux KernelAn Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux KernelSeongJae Park
 
Performance: Observe and Tune
Performance: Observe and TunePerformance: Observe and Tune
Performance: Observe and TunePaul V. Novarese
 
Understanding of linux kernel memory model
Understanding of linux kernel memory modelUnderstanding of linux kernel memory model
Understanding of linux kernel memory modelSeongJae Park
 
Rendering Battlefield 4 with Mantle by Yuriy ODonnell
Rendering Battlefield 4 with Mantle by Yuriy ODonnellRendering Battlefield 4 with Mantle by Yuriy ODonnell
Rendering Battlefield 4 with Mantle by Yuriy ODonnellAMD Developer Central
 

Empfohlen

UKUUG presentation about µCLinux on Pluto 6
UKUUG presentation about µCLinux on Pluto 6UKUUG presentation about µCLinux on Pluto 6
UKUUG presentation about µCLinux on Pluto 6edlangley
 
µCLinux on Pluto 6 Project presentation
µCLinux on Pluto 6 Project presentationµCLinux on Pluto 6 Project presentation
µCLinux on Pluto 6 Project presentationedlangley
 
GCMA: Guaranteed Contiguous Memory Allocator
GCMA: Guaranteed Contiguous Memory AllocatorGCMA: Guaranteed Contiguous Memory Allocator
GCMA: Guaranteed Contiguous Memory AllocatorSeongJae Park
 
Linux Kernel Memory Model
Linux Kernel Memory ModelLinux Kernel Memory Model
Linux Kernel Memory ModelSeongJae Park
 
An Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux KernelAn Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux KernelSeongJae Park
 
Performance: Observe and Tune
Performance: Observe and TunePerformance: Observe and Tune
Performance: Observe and TunePaul V. Novarese
 
Understanding of linux kernel memory model
Understanding of linux kernel memory modelUnderstanding of linux kernel memory model
Understanding of linux kernel memory modelSeongJae Park
 
Rendering Battlefield 4 with Mantle by Yuriy ODonnell
Rendering Battlefield 4 with Mantle by Yuriy ODonnellRendering Battlefield 4 with Mantle by Yuriy ODonnell
Rendering Battlefield 4 with Mantle by Yuriy ODonnellAMD Developer Central
 
Kernel Recipes 2017 - Build farm again - Willy Tarreau
Kernel Recipes 2017 - Build farm again - Willy TarreauKernel Recipes 2017 - Build farm again - Willy Tarreau
Kernel Recipes 2017 - Build farm again - Willy TarreauAnne Nicolas
 
Cat @ scale
Cat @ scaleCat @ scale
Cat @ scaleRohit Jnagal
 
Memory Bandwidth QoS
Memory Bandwidth QoSMemory Bandwidth QoS
Memory Bandwidth QoSRohit Jnagal
 
Current and Future of Non-Volatile Memory on Linux
Current and Future of Non-Volatile Memory on LinuxCurrent and Future of Non-Volatile Memory on Linux
Current and Future of Non-Volatile Memory on Linuxmountpoint.io
 
R&D work on pre exascale HPC systems
R&D work on pre exascale HPC systemsR&D work on pre exascale HPC systems
R&D work on pre exascale HPC systemsJoshua Mora
 
Continguous Memory Allocator in the Linux Kernel
Continguous Memory Allocator in the Linux KernelContinguous Memory Allocator in the Linux Kernel
Continguous Memory Allocator in the Linux KernelKernel TLV
 
Task migration using CRIU
Task migration using CRIUTask migration using CRIU
Task migration using CRIURohit Jnagal
 
eBPF in the view of a storage developer
eBPF in the view of a storage developereBPF in the view of a storage developer
eBPF in the view of a storage developerRichárd Kovács
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingThe Linux Foundation
 
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)Anne Nicolas
 
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...ScyllaDB
 
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farmKernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farmAnne Nicolas
 
Linux rt in financial markets
Linux rt in financial marketsLinux rt in financial markets
Linux rt in financial marketsAdrien Mahieux
 
Getting Started with Performance Co-Pilot
Getting Started with Performance Co-PilotGetting Started with Performance Co-Pilot
Getting Started with Performance Co-PilotPaul V. Novarese
 
Memory management
Memory managementMemory management
Memory managementAdrien Mahieux
 
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens AxboeKernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens AxboeAnne Nicolas
 
Asymmetric Multiprocessing - Kynetics ELC 2018 portland
Asymmetric Multiprocessing - Kynetics ELC 2018 portlandAsymmetric Multiprocessing - Kynetics ELC 2018 portland
Asymmetric Multiprocessing - Kynetics ELC 2018 portlandNicola La Gloria
 
BKK16-317 How to generate power models for EAS and IPA
BKK16-317 How to generate power models for EAS and IPABKK16-317 How to generate power models for EAS and IPA
BKK16-317 How to generate power models for EAS and IPALinaro
 
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...Bruno Castelucci
 
Lect18
Lect18Lect18
Lect18Vin Voro
 
One Year of Porting - Post-mortem of two Linux/SteamOS launches
One Year of Porting - Post-mortem of two Linux/SteamOS launchesOne Year of Porting - Post-mortem of two Linux/SteamOS launches
One Year of Porting - Post-mortem of two Linux/SteamOS launchesLeszek Godlewski
 
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...The Linux Foundation
 

Weitere ähnliche Inhalte

Was ist angesagt?

Kernel Recipes 2017 - Build farm again - Willy Tarreau
Kernel Recipes 2017 - Build farm again - Willy TarreauKernel Recipes 2017 - Build farm again - Willy Tarreau
Kernel Recipes 2017 - Build farm again - Willy TarreauAnne Nicolas
 
Memory Bandwidth QoS
Memory Bandwidth QoSMemory Bandwidth QoS
Memory Bandwidth QoSRohit Jnagal
 
Current and Future of Non-Volatile Memory on Linux
Current and Future of Non-Volatile Memory on LinuxCurrent and Future of Non-Volatile Memory on Linux
Current and Future of Non-Volatile Memory on Linuxmountpoint.io
 
R&D work on pre exascale HPC systems
R&D work on pre exascale HPC systemsR&D work on pre exascale HPC systems
R&D work on pre exascale HPC systemsJoshua Mora
 
Continguous Memory Allocator in the Linux Kernel
Continguous Memory Allocator in the Linux KernelContinguous Memory Allocator in the Linux Kernel
Continguous Memory Allocator in the Linux KernelKernel TLV
 
Task migration using CRIU
Task migration using CRIUTask migration using CRIU
Task migration using CRIURohit Jnagal
 
eBPF in the view of a storage developer
eBPF in the view of a storage developereBPF in the view of a storage developer
eBPF in the view of a storage developerRichárd Kovács
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingThe Linux Foundation
 
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)Anne Nicolas
 
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...ScyllaDB
 
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farmKernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farmAnne Nicolas
 
Linux rt in financial markets
Linux rt in financial marketsLinux rt in financial markets
Linux rt in financial marketsAdrien Mahieux
 
Getting Started with Performance Co-Pilot
Getting Started with Performance Co-PilotGetting Started with Performance Co-Pilot
Getting Started with Performance Co-PilotPaul V. Novarese
 
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens AxboeKernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens AxboeAnne Nicolas
 
Asymmetric Multiprocessing - Kynetics ELC 2018 portland
Asymmetric Multiprocessing - Kynetics ELC 2018 portlandAsymmetric Multiprocessing - Kynetics ELC 2018 portland
Asymmetric Multiprocessing - Kynetics ELC 2018 portlandNicola La Gloria
 
BKK16-317 How to generate power models for EAS and IPA
BKK16-317 How to generate power models for EAS and IPABKK16-317 How to generate power models for EAS and IPA
BKK16-317 How to generate power models for EAS and IPALinaro
 
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...Bruno Castelucci
 

Was ist angesagt? (20)

Kernel Recipes 2017 - Build farm again - Willy Tarreau
Kernel Recipes 2017 - Build farm again - Willy TarreauKernel Recipes 2017 - Build farm again - Willy Tarreau
Kernel Recipes 2017 - Build farm again - Willy Tarreau
 
Cat @ scale
Cat @ scaleCat @ scale
Cat @ scale
 
Memory Bandwidth QoS
Memory Bandwidth QoSMemory Bandwidth QoS
Memory Bandwidth QoS
 
Current and Future of Non-Volatile Memory on Linux
Current and Future of Non-Volatile Memory on LinuxCurrent and Future of Non-Volatile Memory on Linux
Current and Future of Non-Volatile Memory on Linux
 
R&D work on pre exascale HPC systems
R&D work on pre exascale HPC systemsR&D work on pre exascale HPC systems
R&D work on pre exascale HPC systems
 
Continguous Memory Allocator in the Linux Kernel
Continguous Memory Allocator in the Linux KernelContinguous Memory Allocator in the Linux Kernel
Continguous Memory Allocator in the Linux Kernel
 
Task migration using CRIU
Task migration using CRIUTask migration using CRIU
Task migration using CRIU
 
eBPF in the view of a storage developer
eBPF in the view of a storage developereBPF in the view of a storage developer
eBPF in the view of a storage developer
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debugging
 
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
 
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
 
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farmKernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farm
 
Linux rt in financial markets
Linux rt in financial marketsLinux rt in financial markets
Linux rt in financial markets
 
Getting Started with Performance Co-Pilot
Getting Started with Performance Co-PilotGetting Started with Performance Co-Pilot
Getting Started with Performance Co-Pilot
 
Memory management
Memory managementMemory management
Memory management
 
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens AxboeKernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
 
Asymmetric Multiprocessing - Kynetics ELC 2018 portland
Asymmetric Multiprocessing - Kynetics ELC 2018 portlandAsymmetric Multiprocessing - Kynetics ELC 2018 portland
Asymmetric Multiprocessing - Kynetics ELC 2018 portland
 
BKK16-317 How to generate power models for EAS and IPA
BKK16-317 How to generate power models for EAS and IPABKK16-317 How to generate power models for EAS and IPA
BKK16-317 How to generate power models for EAS and IPA
 
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
 
Lect18
Lect18Lect18
Lect18
 

Ähnlich wie UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap

One Year of Porting - Post-mortem of two Linux/SteamOS launches
One Year of Porting - Post-mortem of two Linux/SteamOS launchesOne Year of Porting - Post-mortem of two Linux/SteamOS launches
One Year of Porting - Post-mortem of two Linux/SteamOS launchesLeszek Godlewski
 
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...The Linux Foundation
 
Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and InsightsGlobalLogic Ukraine
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
 
Rapid SPi Device Driver Development over USB
Rapid SPi Device Driver Development over USBRapid SPi Device Driver Development over USB
Rapid SPi Device Driver Development over USBSamsung Open Source Group
 
Tech Days 2015: ARM Programming with GNAT and Ada 2012
Tech Days 2015: ARM Programming with GNAT and Ada 2012Tech Days 2015: ARM Programming with GNAT and Ada 2012
Tech Days 2015: ARM Programming with GNAT and Ada 2012AdaCore
 
lecture_GPUArchCUDA02-CUDAMem.pdf
lecture_GPUArchCUDA02-CUDAMem.pdflecture_GPUArchCUDA02-CUDAMem.pdf
lecture_GPUArchCUDA02-CUDAMem.pdfTigabu Yaya
 
Embedded Erlang, Nerves, and SumoBots
Embedded Erlang, Nerves, and SumoBotsEmbedded Erlang, Nerves, and SumoBots
Embedded Erlang, Nerves, and SumoBotsFrank Hunleth
 
Embedded platform choices
Embedded platform choicesEmbedded platform choices
Embedded platform choicesTavish Naruka
 
Utilizing AMD GPUs: Tuning, programming models, and roadmap
Utilizing AMD GPUs: Tuning, programming models, and roadmapUtilizing AMD GPUs: Tuning, programming models, and roadmap
Utilizing AMD GPUs: Tuning, programming models, and roadmapGeorge Markomanolis
 
Advanced Diagnostics 2
Advanced Diagnostics 2Advanced Diagnostics 2
Advanced Diagnostics 2Aero Plane
 
Add sale davinci
Add sale davinciAdd sale davinci
Add sale davinciAkash Sahoo
 
Lcu14 101- coresight overview
Lcu14 101- coresight overviewLcu14 101- coresight overview
Lcu14 101- coresight overviewLinaro
 
"Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese...
"Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese..."Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese...
"Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese...Edge AI and Vision Alliance
 
SoC Idling for unconf COSCUP 2016
SoC Idling for unconf COSCUP 2016SoC Idling for unconf COSCUP 2016
SoC Idling for unconf COSCUP 2016Koan-Sin Tan
 
HKG15-409: ARM Hibernation enablement on SoCs - a case study
HKG15-409: ARM Hibernation enablement on SoCs - a case studyHKG15-409: ARM Hibernation enablement on SoCs - a case study
HKG15-409: ARM Hibernation enablement on SoCs - a case studyLinaro
 

Ähnlich wie UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap (20)

One Year of Porting - Post-mortem of two Linux/SteamOS launches
One Year of Porting - Post-mortem of two Linux/SteamOS launchesOne Year of Porting - Post-mortem of two Linux/SteamOS launches
One Year of Porting - Post-mortem of two Linux/SteamOS launches
 
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
 
Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021
 
Rapid SPi Device Driver Development over USB
Rapid SPi Device Driver Development over USBRapid SPi Device Driver Development over USB
Rapid SPi Device Driver Development over USB
 
Porting Android
Porting AndroidPorting Android
Porting Android
 
Tech Days 2015: ARM Programming with GNAT and Ada 2012
Tech Days 2015: ARM Programming with GNAT and Ada 2012Tech Days 2015: ARM Programming with GNAT and Ada 2012
Tech Days 2015: ARM Programming with GNAT and Ada 2012
 
5120224.ppt
5120224.ppt5120224.ppt
5120224.ppt
 
lecture_GPUArchCUDA02-CUDAMem.pdf
lecture_GPUArchCUDA02-CUDAMem.pdflecture_GPUArchCUDA02-CUDAMem.pdf
lecture_GPUArchCUDA02-CUDAMem.pdf
 
Embedded Erlang, Nerves, and SumoBots
Embedded Erlang, Nerves, and SumoBotsEmbedded Erlang, Nerves, and SumoBots
Embedded Erlang, Nerves, and SumoBots
 
Micro-controllers (PIC) based Application Development
Micro-controllers (PIC) based Application DevelopmentMicro-controllers (PIC) based Application Development
Micro-controllers (PIC) based Application Development
 
Embedded platform choices
Embedded platform choicesEmbedded platform choices
Embedded platform choices
 
Utilizing AMD GPUs: Tuning, programming models, and roadmap
Utilizing AMD GPUs: Tuning, programming models, and roadmapUtilizing AMD GPUs: Tuning, programming models, and roadmap
Utilizing AMD GPUs: Tuning, programming models, and roadmap
 
TMS320C5x
TMS320C5xTMS320C5x
TMS320C5x
 
Advanced Diagnostics 2
Advanced Diagnostics 2Advanced Diagnostics 2
Advanced Diagnostics 2
 
Add sale davinci
Add sale davinciAdd sale davinci
Add sale davinci
 
Lcu14 101- coresight overview
Lcu14 101- coresight overviewLcu14 101- coresight overview
Lcu14 101- coresight overview
 
"Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese...
"Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese..."Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese...
"Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese...
 
SoC Idling for unconf COSCUP 2016
SoC Idling for unconf COSCUP 2016SoC Idling for unconf COSCUP 2016
SoC Idling for unconf COSCUP 2016
 
HKG15-409: ARM Hibernation enablement on SoCs - a case study
HKG15-409: ARM Hibernation enablement on SoCs - a case studyHKG15-409: ARM Hibernation enablement on SoCs - a case study
HKG15-409: ARM Hibernation enablement on SoCs - a case study
 

Kürzlich hochgeladen

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Kürzlich hochgeladen (20)

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap

  • 1. Hacking embedded Linux on the cheap with an example system Ed Langley
  • 2. Introduction to the target system ● Mattel Juicebox – Childrens video and MP3 player – Only plays video from OTP ROM cartridges ● Proprietary player and format ● Low compression ● No OS – Plays MP3s from MMC socket cartridge ● Running uCLinux
  • 3. Target system specification ● Samsung S3C440BX micro controller – ARM7TDMI core – 8KB cache/SRAM – 2 channel UART – 2 channel DMA – 1 channel I2C – 5 channel PWM – 8 channel 10 bit ADC – RTC with calendar – 71 input/output pins – LCD controller with 1 dedicated DMA channel ● 2MB SDRAM ● 8MB ROM ● Audio: Cirrus Logic CS43L43 ● LCD: 2.7 inch color 240x160 ● JTAG – pads on PCB left behind in production boards ● As are serial port Tx/Rx lines
  • 4. Picking your own target system ● Traditional industry method: – price Vs package size Vs power consumption – All of above Vs features: ● Speed ● Number of external interrupts ● Supported memory range ● Memory management ● Number of GPIO pins ● Assemblers/compilers/programming languages supported ● Operating systems supported
  • 5. Picking your own target system ● “On a shoestring” method – Take what you can get – Mass produced gadget/appliance – Contains CPU with architecture supported by Linux ● How much work/research/porting/hacking do you want to do yourself? – E.G. Low budget: ● PDAs MP4 video players (from China off Ebay for £20) ● Older games consoles (Dreamcast, PS2, Game Cube) – E.G. Higher budget: ● Handheld games consoles (PSP, GP2X) ● Set top boxes/routers (Dreambox, Linksys routers)
  • 6. Get your build environment together ● Toolchain – GCC – Binutils (ar, as, ld, objdump, objcopy, readelf) – Debugger ● If the target system has in circuit debugging ability ● GDB ● Interface from GDB to target – OpenOCD for JTAG, BDM patches for FreeScale MCUs ● Above will have “arch-binaryformat-” prefix – E.G. arm-elf-gcc, m68k-linux-objdump
  • 7. Test the tool chain ● If system doesn't come with Linux on it already, best to start with some bare board code – C run time (assembly code to prepare CPU configuration and stack to run C code, then call main()) – Linker script ● Tells code what memory address it will be running from, so function calls are compiled to JMP instructions to the correct addresses – Makefile ● Sets compile/linker commands to use the cross compiling tool chain, passes linker script to linker
  • 8. Memory management ● Process memory map on typical Linux system with an MMU: .text 0x00000000 .data .bss Dynamic memory 0x40000000 Stack0xC0000000 Kernel .text Kernel .data Kernel .bss Kernel dynamic memory Hardware access ranges Physical memory Page table Linear mapping
  • 9. Memory Management ● Process memory map created by default linker script, included with tool chain ● When building “Bare board” code, or an operating system kernel, need to specify custom linker script ● Script specifies where code is in output file (ELF) and what address it will be at when MMU is enabled and page tables configured
  • 10. Lack of memory management ● Low end micro controllers often don't have memory management units – Less complexity in silicon ● Cheaper ● Lower power consumption ● Simpler for writing bare board software from scratch ● Not so easy for running Linux – No virtual memory addresses ● Processes can't all have the same memory map ● Can't “grow” process address space with sbrk()
  • 11. Lack of memory management ● Solution: uCLinux – All processes loaded to different physical addresses ● New binary format (FLAT) to handle this – Different memory allocator ● No brk()/sbrk() system call ● Power of 2 – No fork() system call ● Can't duplicate process memory map because physical addresses must all be different ● Forces application modification to use vfork()
  • 12. Benefits of no MMU ● Cheaper development tool setup – Was developing a Linux driver on a v4 Coldfire board (with MMU) at work – Tried to debug kernel with m68k-linux-bdm-gdb – GDB has no concept of virtual addresses ● Written to debug user mode processes – As soon as GDB tried to read a kernel variable at a virtual address – Bus error ● Wasn't translating virtual address to physical address – Never had a problem on previous board (with no MMU) because virtual address=physical address
  • 13. Benefits of no MMU ● Used one of these: Lauterbauch Trace32 ● Could have used KGDB – Architecture specific code needs porting
  • 14. Getting the code onto the target ● Plug and prey – Can take a few goes to get right – Becomes tiresome trying out changes ● Program the flash/RAM in target – Requires either: ● Boot loader/monitor preprogrammed into boot ROM – Not likely on a retail product ● Debug interface hardware and connector on target – This can be very slow with cheaper debug interface – Very very slow for programming flash in target
  • 15. Getting code onto the Juicebox ● The S3C44B0X has JTAG interface, connector pads are present on JB board
  • 16. Joint Test Action Group overview ● Serial data In, Out and Clock lines allow data bits to be clocked in and out of the Test Access Port (TAP) on the device ● TMS controls state machine in TAP ● Devices may be chained:
  • 17. Joint Test Action Group overview ● Serial bits clocked in control device pins through a path of cells known as the Boundary Scan Register:
  • 18. Joint Test Action Group overview ● Toggling TMS signal cycles TAP through a state machine ● This allows the device pins to be set to the data clocked in via TDI ● Or to capture the device pin state and clock it out via TDO ● Control of the pins on the device give control of the device itself, and RAM/flash connected to the device ● So JTAG can be used to program memory in target
  • 19. The JTAG Wiggler ● Macraigor is a company making hardware and software for embedded development ● They created the standard “Wiggler” design for connecting PC to target via JTAG:
  • 20. The JTAG Wiggler ● Everyone soon realised the Wiggler is just a buffer chip on the end of a parallel cable ● Olimex clone:
  • 21. The JTAG Wiggler ● Home made version:
  • 22. It doesn't work- now what? ● Systematic approach ● Start at one end (I.E. Bottom of hardware/ top of software) and work to the other ● The JTAG connection to the Juicebox wouldn't work – Started with the software ● Check permissions – retry as root ● Check parport_pc kernel module not loaded, interferes with direct port access – Then moved down to parallel port setup in BIOS
  • 23. Juicebox JTAG not working ● Then checked cable wired correctly – ensure board schematic drawn with same connector gender as actually used ● Then checked the schematic:
  • 24. Juicebox JTAG not working ● Result: schematic incorrect ● Amendments made to the website where I copied it from 5 days later ● Used that schematic because it was in Eagle CAD format ● Moral of the story – The less work you do yourself, the more susceptible you are to mistakes made by others doing the work for you
  • 25. Getting Linux running on a target system ● Retail gadgets – Usually some kind of kludge/hack to get own code running – Boot loader often runs checksum calculation over a range of the code – Games consoles/handhelds ● Generally require a massive exploit to be found before any progress is made
  • 26. Getting uCLinux running on the Juice Box ● Can run home brew code relatively easy – Can download binary to RAM/flash using Jtager – Can download ELF using GDB+OpenOCD ● Running code from a fresh boot, not so easy – Need to steal first 512 bytes from a “Juiceware” video cartridge and patch with some hex to add a branch instruction to the custom code
  • 27. Getting uCLinux running on the Juice Box ● Not actually done this yet ● Have built a “cartridge” to interface some programmable NAND flash to the S3C44B0X:
  • 28. Getting uCLinux running on the Juice Box ● Downloading even a minimal Kernel to RAM or flash over JTAG takes forever – Have built the kernel to run from RAM as configured by Emsoft – Will write this to flash once ● Currently crafting a boot loader to prepare the CPU, then dump the kernel from flash to RAM and run it