W1SS wrote:
I've come up with a workaround for non-supported flash chips, at least for spansion chips; could work for other chips too.
After going through the source code of several jtag software, I noticed that the flash regions for cfe, nvram, kernel etc., are identical across the jtag software I analyzed, ie:
Code:
//--------- ---------- ----------- ------------
//chip_size area_name area_start area_length
// offset
//--------- ---------- ----------- ------------
{ size1MB, "CFE", 0x00000000, 0x40000 },
{ size2MB, "CFE", 0x00000000, 0x40000 },
{ size4MB, "CFE", 0x00000000, 0x40000 },
{ size8MB, "CFE", 0x00000000, 0x40000 },
{ size16MB, "CFE", 0x00000000, 0x40000 },
// for tiny CFE
{ size1MB, "TFE", 0x00000000, 0x10000 },
{ size2MB, "TFE", 0x00000000, 0x10000 }, //Tiny CFE usually for BCM ADSL device
{ size4MB, "TFE", 0x00000000, 0x10000 }, //keep at least 64KB in size,
{ size8MB, "TFE", 0x00000000, 0x10000 }, //Tiny CFE also need keep 1 bottom flash sector size.
{ size16MB, "TFE", 0x00000000, 0x10000 },
{ size1MB, "KERNEL", 0x00040000, 0x0B0000 },
{ size2MB, "KERNEL", 0x00040000, 0x1B0000 },
{ size4MB, "KERNEL", 0x00040000, 0x3B0000 },
{ size8MB, "KERNEL", 0x00040000, 0x7A0000 },
{ size16MB, "KERNEL", 0x00040000, 0x7A0000 },
{ size1MB, "NVRAM", 0x000F0000, 0x10000 },
{ size2MB, "NVRAM", 0x001F0000, 0x10000 },
{ size4MB, "NVRAM", 0x003F0000, 0x10000 }, //default NVRAM size 64KB
{ size8MB, "NVRAM", 0x007E0000, 0x20000 }, //NVRAM need keep at least 1 top flash sector size
{ size16MB, "NVRAM", 0x007E0000, 0x20000 },
{ size1MB, "WHOLEFLASH", 0x00000000, 0x100000 },
{ size2MB, "WHOLEFLASH", 0x00000000, 0x200000 },
{ size4MB, "WHOLEFLASH", 0x00000000, 0x400000 },
{ size8MB, "WHOLEFLASH", 0x00000000, 0x800000 },
{ size16MB, "WHOLEFLASH", 0x00000000, 0x1000000 },
{ size1MB, "BSP", 0x00000000, 0x50000 },
{ size2MB, "BSP", 0x00000000, 0x50000 },
{ size4MB, "BSP", 0x00000000, 0x50000 },
{ size8MB, "BSP", 0x00000000, 0x50000 },
{ size16MB, "BSP", 0x00000000, 0x50000 },
Therefore, using the flash identification operand /fc:115 for 16MB Spansion chips, which are fully supported, would work for 32/64/128Mb spansion chips which are yet to be 'fully' supported in zjtag, brjtag, tjtag, xjtag and others. This also applies to flash chips made by other flash chip manufactures ie. Macronix, SST, ATMEL, EON, etc. We simply need to identify the nearest supported 8/16MB chip for the chip we have.
The only limitation to this workaround is in attempting to delete / wipe the entire flash chip.
As we can see in the code above, a -erase:WHOLEFLASH for a 16MB chip ends with flash region 0x1000000. To fully erase a >= 32MB flash chip, we will need to identify the flash end region (length) for the flash chip we are working with and use the /window: /start: /length: operands with /erasechip.
The real work lies in carrying out a '2-step initialization' of non-supported CPUs, which in my case was the BRCM 0x4706, so that we're able to effectively read/write to supported/non-supported flash chips. This hack 'could potentially' put an end to non-supported CPUs in jtag software.
The guide is still WIP.. I am planning on releasing it as soon as I am done going over my notes and replicating the hack on parallel jtag boards.
V
