> On Jun 23, 2022, at 8:09 AM, Cédric Le Goater <clg@xxxxxxxx> wrote:
>
> On 6/23/22 12:26, Peter Delevoryas wrote:
>> Signed-off-by: Peter Delevoryas <pdel@xxxxxx>
>
> Let's start simple without flash support. We should be able to
> load FW blobs in each CPU address space using loader devices.
Actually, I was unable to do this, perhaps because the fb OpenBMC
boot sequence is a little weird. I specifically _needed_ to have
a flash device which maps the firmware in at 0x2000_0000, because
the fb OpenBMC U-Boot SPL jumps to that address to start executing
from flash? I think this is also why fb OpenBMC machines can be so slow.
$ ./build/qemu-system-arm -machine fby35 \
-device loader,file=fby35.mtd,addr=0,cpu-num=0 -nographic \
-d int -drive file=fby35.mtd,format=raw,if=mtd
U-Boot SPL 2019.04 fby35-e2294ff5d3 (Apr 15 2022 - 19:25:25 +0000)
SYS_INIT_RAM_END=10016000
CONFIG_SYS_INIT_SP_ADDR=10015000
CONFIG_MALLOC_F_ADDR=10012000
gd = sp = 10011f10
fdt=000182b4
Setup flash: write enable, addr4B, CE1 AHB 64MB window
Setup FMC_CE_CTRL = 0x00000033
Watchdog: 300s
hwstrap write protect SCU508=0x00000000, SCU518=0x00000000
Before: CE0_CTRL=0x00000600, CE1_CTRL=0x00000004
cs0_status = 1, cs1_status = 1
After: CE0_CTRL=0x00000400, CE1_CTRL=0x00000400
vboot_reset 504
SPL Could not find TPM (ret=-5)
Booting recovery U-Boot.
Blindly jumping to 0x20040000
QEMU 7.0.50 monitor - type 'help' for more information
(qemu) xp /x 0x20040000
0000000020040000: 0xea0000c0
(qemu) xp /x 0x00040000
0000000000040000: 0xea0000c0
(qemu) xp /x 0x00000000
0000000000000000: 0xea00001f
(qemu) xp /x 0x20000000
0000000020000000: 0xea00001f
(qemu) q
pdel@devvm9194:~/local/qemu ((79c196b...))
$ ./build/qemu-system-arm -machine fby35 -device loader,file=fby35.mtd,addr=0,cpu-num=0 -nographic -d int
U-Boot SPL 2019.04 fby35-e2294ff5d3 (Apr 15 2022 - 19:25:25 +0000)
SYS_INIT_RAM_END=10016000
CONFIG_SYS_INIT_SP_ADDR=10015000
CONFIG_MALLOC_F_ADDR=10012000
gd = sp = 10011f10
fdt=000182b4
Setup flash: write enable, addr4B, CE1 AHB 64MB window
Setup FMC_CE_CTRL = 0x00000033
Watchdog: 300s
hwstrap write protect SCU508=0x00000000, SCU518=0x00000000
Before: CE0_CTRL=0x00000600, CE1_CTRL=0x00000004
cs0_status = 1, cs1_status = 1
After: CE0_CTRL=0x00000400, CE1_CTRL=0x00000400
vboot_reset 504
SPL Could not find TPM (ret=-5)
Booting recovery U-Boot.
Blindly jumping to 0x20040000
Taking exception 1 [Undefined Instruction] on CPU 0
...from EL3 to EL3
...with ESR 0x0/0x2000000
QEMU 7.0.50 monitor - type 'help' for more information
(qemu) xp /x 0x20000000
0000000020000000: 0xffffffff
(qemu) xp /x 0x20040000
0000000020040000: 0xffffffff
>
> Thanks,
>
> C.
>
>> ---
>> hw/arm/aspeed.c | 25 -------------------------
>> hw/arm/aspeed_soc.c | 26 ++++++++++++++++++++++++++
>> include/hw/arm/aspeed_soc.h | 2 ++
>> 3 files changed, 28 insertions(+), 25 deletions(-)
>> diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
>> index 3aa74e88fb..c893ce84d7 100644
>> --- a/hw/arm/aspeed.c
>> +++ b/hw/arm/aspeed.c
>> @@ -278,31 +278,6 @@ static void write_boot_rom(DriveInfo *dinfo, hwaddr addr, size_t rom_size,
>> rom_add_blob_fixed("aspeed.boot_rom", storage, rom_size, addr);
>> }
>> -static void aspeed_board_init_flashes(AspeedSMCState *s, const char *flashtype,
>> - unsigned int count, int unit0)
>> -{
>> - int i;
>> -
>> - if (!flashtype) {
>> - return;
>> - }
>> -
>> - for (i = 0; i < count; ++i) {
>> - DriveInfo *dinfo = drive_get(IF_MTD, 0, unit0 + i);
>> - qemu_irq cs_line;
>> - DeviceState *dev;
>> -
>> - dev = qdev_new(flashtype);
>> - if (dinfo) {
>> - qdev_prop_set_drive(dev, "drive", blk_by_legacy_dinfo(dinfo));
>> - }
>> - qdev_realize_and_unref(dev, BUS(s->spi), &error_fatal);
>> -
>> - cs_line = qdev_get_gpio_in_named(dev, SSI_GPIO_CS, 0);
>> - sysbus_connect_irq(SYS_BUS_DEVICE(s), i + 1, cs_line);
>> - }
>> -}
>> -
>> static void sdhci_attach_drive(SDHCIState *sdhci, DriveInfo *dinfo)
>> {
>> DeviceState *card;
>> diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
>> index b7e8506f28..33bfc06ed8 100644
>> --- a/hw/arm/aspeed_soc.c
>> +++ b/hw/arm/aspeed_soc.c
>> @@ -20,6 +20,7 @@
>> #include "hw/i2c/aspeed_i2c.h"
>> #include "net/net.h"
>> #include "sysemu/sysemu.h"
>> +#include "sysemu/blockdev.h"
>> #define ASPEED_SOC_IOMEM_SIZE 0x00200000
>> @@ -579,3 +580,28 @@ void aspeed_soc_uart_init(AspeedSoCState *s)
>> serial_hd(i), DEVICE_LITTLE_ENDIAN);
>> }
>> }
>> +
>> +void aspeed_board_init_flashes(AspeedSMCState *s, const char *flashtype,
>> + unsigned int count, int unit0)
>> +{
>> + int i;
>> +
>> + if (!flashtype) {
>> + return;
>> + }
>> +
>> + for (i = 0; i < count; ++i) {
>> + DriveInfo *dinfo = drive_get(IF_MTD, 0, unit0 + i);
>> + qemu_irq cs_line;
>> + DeviceState *dev;
>> +
>> + dev = qdev_new(flashtype);
>> + if (dinfo) {
>> + qdev_prop_set_drive(dev, "drive", blk_by_legacy_dinfo(dinfo));
>> + }
>> + qdev_realize_and_unref(dev, BUS(s->spi), &error_fatal);
>> +
>> + cs_line = qdev_get_gpio_in_named(dev, SSI_GPIO_CS, 0);
>> + sysbus_connect_irq(SYS_BUS_DEVICE(s), i + 1, cs_line);
>> + }
>> +}
>> diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspeed_soc.h
>> index c68395ddbb..270d85d5de 100644
>> --- a/include/hw/arm/aspeed_soc.h
>> +++ b/include/hw/arm/aspeed_soc.h
>> @@ -166,5 +166,7 @@ enum {
>> qemu_irq aspeed_soc_get_irq(AspeedSoCState *s, int dev);
>> void aspeed_soc_uart_init(AspeedSoCState *s);
>> +void aspeed_board_init_flashes(AspeedSMCState *s, const char *flashtype,
>> + unsigned int count, int unit0);
>> #endif /* ASPEED_SOC_H */
>
