[openfirmware] Making Open Firmware look like CE

Mark Morgan Lloyd markMLl.openfirmware at telemetry.co.uk
Tue May 31 10:55:04 CEST 2011 

Mitch Bradley wrote:
> The NK.bin file makes sense in light of the .bin format description and tool that I posted in my last message.
> 
> The first few segment records:
> 
> a) (offset 0x0f) Insert a branch instruction (0xea0003fe) at location 0x80100000
> 
> b) (offset 0x1f) Insert a CECE + pointer block at location 0x80100040.  The pointer value is 0x81c61460.  It is a pointer to a "romhdr" structure as described at http://msdn.microsoft.com/en-us/library/aa908726.aspx
> 
> c) (offset 0x33) Insert a TOC pointer at location 0x80100048.  TOC is "Table of Contents", which is a data structure that WinCE uses when it is starting up.  It helps WinCE find various parts of itself.  The TOC pointer value is 0x01b61460.
> 
> d) (offset 0x43) Copy the kernel image (of size 0x0004292c) to location 0x80101000.  The data in that section is clearly a bunch of ARM instructions. ARM opcodes have a very high probability of having an "e" in the high nibble (which means the instruction is not conditional).
> 
> The rest of the file is almost certainly a bunch of sections for copying various DLLs into memory.
> 
> "XIP" just means that the code has been prelinked and the addresses have been resolved to the absolute address at which the code is expected to execute, so relocation information is unnecessary and not present.
> 
> Here is what you should do:
> 
> 1) Try the makecebin.fth program.  Use it to wrap an OFW image file - or any other file for that matter - into a .bin format file.  Then see if BLDR will try to load that file.  If BLDR will load it, then we have solved the file format problem and it is then a matter of modifying OFW to work on your board in that environment.
> 
> 2) If BLDR will not load it, we then need to work out what needs to be added.  The first thing to try would be to add an ECEC section.  It might be sufficient to have the ECEC section refer to a dummy address.  I doubt that the bootloader actually follows the ECEC pointer, because that would require sophisticated parsing of the .bin section information to find data that is much later in the file.  Instead, what I think happens is that the bootloader just uses the section information to place stuff in memory, and then the WinCE kernel/BSP code follows the pointer.  But it is possible that the bootloader might do a quick check to see if an ECEC section exists.  We shouldn't worry about this step (2) until we are sure that it is necessary.

Thanks Mitch, I'll investigate. I'll be back, but possibly not 
immediately due to other commitments.

-- 
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk

[Opinions above are the author's, not those of his employers or colleagues]

More information about the openfirmware mailing list