Wakeup for Master and Slave firmwares[]
Master[]
ROM:FF811CC4 MOV R3, #0 ROM:FF811CC8 STR R3, [SP,#0x40+var_40] ROM:FF811CCC LDR R3, =DefaultRPCHandler ROM:FF811CD0 MOV R2, #0x50 ROM:FF811CD4 MOV R1, #0x51 ROM:FF811CD8 MOV R0, #0x12 ROM:FF811CDC BL InitializeIPCMasterTask ROM:FF811CE0 LDR R0, =0xC0220044 ROM:FF811CE4 MOV R10, R0 ROM:FF811CE8 BL AJ_deref_R0_n_check_bit_0 ROM:FF811CEC CMP R0, #0 ROM:FF811CF0 BNE loc_FF811F88 ROM:FF811CF4 ADR R2, aWaitSlaveWakeu ; "Wait Slave Wakeup" ROM:FF811CF8 MOV R1, #0x16 ROM:FF811CFC MOV R0, #0x8B ROM:FF811D00 BL DebugMsg ROM:FF811D04 LDR R9, =0x7A120 ROM:FF811D08 B loc_FF811F68 ROM:FF811F88 MOV R2, #1 ROM:FF811F8C MOV R1, #0x11 ROM:FF811F90 MOV R0, #0xA3 ROM:FF811F94 BL EM_Initialize
Slave[]
ROM:FF0126C8 MOV R2, #0 ROM:FF0126CC MOV R1, #0x11 ROM:FF0126D0 MOV R0, #0xA3 ROM:FF0126D4 BL EM_Initialize ROM:FF0126D8 CMP R0, #0 ROM:FF0126DC MOVNE R3, R0 ROM:FF0126E0 MOVNE R0, #0x8B ROM:FF0126E4 ADRNE R2, aEm_initializeX ; "EM_Initialize (%#x)" ROM:FF0126E8 MOVNE R1, #6 ROM:FF0126EC BLNE DebugMsg ROM:FF0126F0 LDR R0, =0xC0220024 ROM:FF0126F4 MOV R6, R0 ROM:FF0126F8 BL AJ_deref_R0_n_check_bit_0 ROM:FF0126FC CMP R0, #0 ROM:FF012700 BNE loc_FF012750 ROM:FF012704 ADR R2, aWaitMasterWake ; "Wait Master Wakeup" ROM:FF012708 MOV R1, #0x16 ROM:FF01270C MOV R0, #0x8B ROM:FF012710 BL DebugMsg ROM:FF012714 LDR R5, =0x2710 ROM:FF012718 B loc_FF012740 ROM:FF01271C ; ---------------------------------------------------------------------------
RPC requests examples[]
R0 seems to be the command and r1, r2, r3, SP params
Master[]
ROM:FF811FC0 MOV R3, #0 ROM:FF811FC4 LDR R1, [SP,#0x40+var_24] ROM:FF811FC8 LDR R2, [SP,#0x40+var_28] ROM:FF811FCC LDR R0, =0x4802 ROM:FF811FD0 STR R3, [SP,#0x40+var_40] ROM:FF811FD4 BL RequestRPC
Slave[]
ask for firmware out version maybe:
ROM:FF012930 ADR R0, dword_FF012C1C ROM:FF012934 LDR R0, [R0] ROM:FF012938 MOV R3, #0 ROM:FF01293C STR R0, [SP,#0x48+var_24] ROM:FF012940 LDR R0, =0x2011 ROM:FF012944 MOV R2, #4 ROM:FF012948 ADD R1, SP, #0x48+var_24 ROM:FF01294C STR R3, [SP,#0x48+var_48] ROM:FF012950 BL RequestRPC
system Log[]
See [IPCT] inter process communication task: ipcsRequest from Slave and ipcmResponse from Master.
Master log[]
(call 'dumpfall' from slave)
0: 7.264 [STARTUP] K250M ICU Firmware Version 1.2.3 ( 5.1.3 ) 1: 7.326 [STARTUP] ICU Release DateTime 2010.09.13 18:21:31 2: 7.582 [SEQ] CreateSequencer (Startup, Num = 5) 3: 7.850 [SEQ] NotifyComplete (Cur = 0, 0x10000, Flag = 0x10000) 4: 8.859 [SEQ] seqEventDispatch (Startup, 0) 5: 8.881 [STARTUP] startupEntry 6: 35.886 [HPD] TOEDetectISR 0 7: 35.966 [HPD] CreateTask Master End 8: 36.471 [HPC] ReserveHPCopyChannel (1, 116) 9: 37.513 [EM] emSlaveChangeCBR : AUTO_POWEROFF (1) 10: 37.645 [EM] emSlaveChangeCBR : UILOCK (0x0) 11: 38.102 [IPCT] ipcStartBulk (MAddr = 0x406d3300, Size = 0xa94) 12: 38.566 [IPCT] ipcmQueueBulk 13: 38.717 [IPCT] ipcmQueueBulk 14: 38.913 [IPCT] ipcmQueueBulk 15: 39.015 [IPCT] ipcmResponse (SAddr = 0x406d44d0) 16: 39.079 [IPCT] ipcmResponse (0x6d44d0, 0x406d3300 -> 0x406d44d0, 0xa94) 17: 39.633 [STARTUP] LockStatus: 1(4) 18: 39.824 [IPCT] ipcmBltDone (Cur = 0xa94, Size = 0xa94) 19: 40.488 [IPCT] ipcStartBulk (MAddr = 0x406d4500, Size = 0xf6a0) 20: 41.310 [IPCT] ipcmResponse (SAddr = 0x406d519c) 21: 41.375 [IPCT] ipcmResponse (0x6d519c, 0x406d4500 -> 0x406d519c, 0xf6a0) 22: 46.378 [IPCT] ipcmBltDone (Cur = 0xf6a0, Size = 0xf6a0) 23: 46.970 [IPCT] ipcStartBulk (MAddr = 0x406e4700, Size = 0x8ddc) 24: 47.683 [IPCT] ipcmResponse (SAddr = 0x406e4a7c) 25: 47.753 [IPCT] ipcmResponse (0x6e4a7c, 0x406e4700 -> 0x406e4a7c, 0x8ddc) 26: 50.636 [IPCT] ipcmBltDone (Cur = 0x8ddc, Size = 0x8ddc) 27: 51.234 [IPCT] ipcStartBulk (MAddr = 0x406f4900, Size = 0x774) 28: 51.938 [IPCT] ipcmResponse (SAddr = 0x406ed9e4) 29: 52.001 [IPCT] ipcmResponse (0x6ed9e4, 0x406f4900 -> 0x406ed9e4, 0x774) 30: 52.302 [IPCT] ipcmBltDone (Cur = 0x774, Size = 0x774) 31: 63.456 [PROPST] dwNewAeModeDial = 0 32: 64.529 [SEQ] NotifyComplete (Cur = 1, 0x60000002, Flag = 0x2) 33: 65.207 [PROPST] dwNewAeModeDial = 0 34: 66.549 [PRP] Complete WaitID = 0x80000001, 0x00000000(0) 35: 66.655 [PRP] SpecialComplete ID = 0x80000001, 0x80000001 1033 36: 67.779 [PRP] MovieParamData 37: 67.874 [PRP] mode 0 size 0x0 , framerate 0x19 , type 0xc 38: 91.589 [STARTUP] StartupCompleteFromPartner 39: 91.694 [SEQ] NotifyComplete (Cur = 1, 0x60000000, Flag = 0x40000000) 40: 97.633 [STARTUP] startupPropAdminMain : End 41: 97.691 [SEQ] NotifyComplete (Cur = 1, 0x20000000, Flag = 0x20000000) 42: 97.853 [EM] emRegisterMulticastCallback : EventID = 13, ClassID = 163 43: 97.932 [SEQ] seqEventDispatch (Startup, 1) 44: 98.261 [STARTUP] LockStatus: 1(4) 45: 98.313 [STARTUP] startupPrepareProperty 46: 99.284 [IPCT] ipcStartBulk : Alloc (MAddr = 0x406fd9dc, Size = 0x1c) 47: 99.788 [IPCT] ipcmResponse (0x80f0fc, 0x406fd9dc <- 0x4080f0fc, 0x1c) 48: 99.940 [IPCT] ipcmBltDone (Cur = 0x1c, Size = 0x1c) 49: 103.008 [IPCT] ipcStartBulk (MAddr = 0x406ff248, Size = 0x10c4) 50: 103.505 [IPCT] ipcmResponse (SAddr = 0x4080f0c4) 51: 103.563 [IPCT] ipcmResponse (0x80f0c4, 0x406ff248 -> 0x4080f0c4, 0x10c4) 52: 103.931 [STARTUP] StartupCompleteFromPartner 53: 103.998 [SEQ] NotifyComplete (Cur = 2, 0x40000000, Flag = 0x40000000) 54: 104.116 [IPCT] ipcmBltDone (Cur = 0x10c4, Size = 0x10c4) 55: 105.009 [SEQ] seqEventDispatch (Startup, 2) 56: 105.036 [STARTUP] startupPrepareCapture 57: 105.437 [RSC] hMemoryQueue (0x6A0010) hStorageQueue (0x6C0012) 58: 110.104 [RSC] AllocateMemoryUnit For ExMem1 59: 110.124 [RSC] AllocateMemoryUnit For ExMem1 60: 110.138 [RSC] AllocateMemoryUnit For ExMem1_2 61: 110.732 [RSC] MemMgr 0 2
Slave log[]
0: 11.150 [STARTUP] K250S ICU Firmware Version 1.2.3 ( 5.1.3 ) 1: 11.207 [STARTUP] ICU Release DateTime 2010.09.13 18:21:31 2: 11.475 [SEQ] CreateSequencer (Startup, Num = 6) 3: 11.724 [SEQ] NotifyComplete (Cur = 0, 0x10000, Flag = 0x10000) 4: 13.259 [SEQ] seqEventDispatch (Startup, 0) 5: 13.281 [STARTUP] startupEntry 6: 27.200 [SEQ] NotifyComplete (Cur = 1, 0x60000002, Flag = 0x2) 7: 28.255 [HPD] CreateTask Master End 8: 29.025 [STARTUP] Master Wakeup 9: 29.166 [HPD] FUNC SW OFF 10: 29.193 [HPD] ERASE SW OFF 11: 38.585 [IPCT] ipcsRequest : Alloc (SAddr = 0x406d44d0, Size = 0xa94) 12: 39.353 [STARTUP] LockStatus0: 1 13: 40.463 [IPCT] ipcsComplete (0x406d3300 -> 0x406d44d0, 0xa94) 14: 40.637 [STARTUP] startupCreateRingHandle 15: 40.852 [IPCT] ipcsRequest : Alloc (SAddr = 0x406d519c, Size = 0xf6a0) 16: 47.051 [IPCT] ipcsComplete (0x406d4500 -> 0x406d519c, 0xf6a0) 17: 47.220 [STARTUP] startupCreateRasenHandle 18: 47.387 [IPCT] ipcsRequest : Alloc (SAddr = 0x406e4a60, Size = 0x8ddc) 19: 51.583 [IPCT] ipcsComplete (0x406e4700 -> 0x406e4a60, 0x8ddc) 20: 51.647 [STARTUP] startupCreateLensHandle 21: 52.014 [IPCT] ipcsRequest : Alloc (SAddr = 0x406ed9c8, Size = 0x774) 22: 54.331 [IPCT] ipcsComplete (0x406f4900 -> 0x406ed9c8, 0x774) 23: 54.443 [SEQ] NotifyComplete (Cur = 1, 0x60000000, Flag = 0x40000000) 24: 54.467 [STARTUP] startupCreateCustomHandle 25: 91.249 [STARTUP] startupPropAdminMain : End 26: 91.309 [SEQ] NotifyComplete (Cur = 1, 0x20000000, Flag = 0x20000000) 27: 91.382 [SEQ] seqEventDispatch (Startup, 1) 28: 91.406 [STARTUP] startupPrepareProperty 29: 91.826 [FM] FM_Initialize (1, 0, 1) 30: 92.192 [FM] fmResultCBR (0x6ee770) 31: 92.742 [FM] PROP_HDD_DCIM_PATH (/) 32: 92.875 [FC] FC_Initialize [drive:3][ClassID:39] 33: 93.023 [FM] PROP_CARD1_FOLDER_NUMBER = 100 34: 93.130 [FM] PROP_CARD1_FILE_NUMBER = 80 35: 93.229 [FM] PROP_CARD2_FOLDER_NUMBER = 100 36: 93.299 [FM] PROP_CARD2_FILE_NUMBER = 0 37: 93.383 [FM] PROP_CARD3_FOLDER_NUMBER = 100 38: 93.442 [FM] PROP_CARD3_FILE_NUMBER = 0 39: 93.527 [FM] PROP_FILE_NUMBERING_MODE = 1, 0 40: 93.577 [FM] PROP_USBDEVICE_CONNECT = -1 41: 93.627 [FM] PROP_NUMBER_OF_CONTINUOUS_MODE = 80 42: 93.679 [SEQ] NotifyComplete (Cur = 2, 0x40000010, Flag = 0x10) 43: 98.345 [STARTUP] LockStatus0: 1 44: 99.046 [IPCT] ipcsPostBulk 45: 99.779 [IPCT] ipcsRequest (SAddr = 0x4080f0e0) 46: 100.615 [IPCT] ipcsComplete (0x406fdb08 -> 0x4080f0e0, 0x1c) 47: 103.528 [IPCT] ipcsRequest : Alloc (SAddr = 0x4080f0a8, Size = 0x10c4) 48: 103.657 [STARTUP] StartupCompleteFromPartner 49: 103.716 [SEQ] NotifyComplete (Cur = 2, 0x40000000, Flag = 0x40000000) 50: 103.855 [SEQ] seqEventDispatch (Startup, 2) 51: 103.875 [STARTUP] startupPrepareCapture 52: 104.486 [RSC] hMemoryQueue (0x780014) hStorageQueue (0x7A0016) 53: 105.095 [IPCT] ipcsComplete (0x406ff26c -> 0x4080f0a8, 0x10c4) 54: 108.082 [STARTUP] startupChangeAckCBR (PROP_CARD_EXTENSION = 0) 55: 114.172 [STARTUP] startupChangeAckCBR (Ceres = 0, USB = -1) 56: 114.189 [STARTUP] Ceres Disappeared 57: 114.634 [STARTUP] LockStatus2: 1 58: 121.675 [RSC] AllocateMemoryUnit For ExMem1 59: 121.697 [RSC] AllocateMemoryUnit For ExMem1_2
compared to 60D[]
Sun Dec 19 18:31:21 2010 0: 11.698 [STARTUP] K287 ICU Firmware Version 1.0.8 ( 3.3.1 ) 1: 11.763 [STARTUP] ICU Release DateTime 2010.11.08 08:40:51 2: 12.023 [SEQ] CreateSequencer (Startup, Num = 6) 3: 12.280 [SEQ] NotifyComplete (Cur = 0, 0x10000, Flag = 0x10000) 4: 13.444 [PTPCOM] Magic Lantern 0.1-letstry1-60d_fw108 (dc1bd2d14e62+ (550d) tip) 5: 13.465 [PTPCOM] Built on 2010-12-19 17:17:28 by user@ubuntu1004desktop 6: 13.566 [SEQ] seqEventDispatch (Startup, 0) 7: 13.584 [STARTUP] startupEntry 8: 50.092 [PROPST] Initialize Adjective & Situation 9: 50.937 [HPD] # 1 0 1 10: 53.737 [PROPST] Clear Adjective & Situation (StartupCondition) 11: 54.208 [PROPST] dwNewAeModeDial = 2 12: 54.252 [PROPST] Active Adjective & Situation 13: 54.365 [PROPST] ReqChangeCBR : Adjective 0, 0 14: 54.390 [PROPST] Not ExecMultiConvert Already None : Adjective 0, 0 15: 54.460 [PROPST] Not ExecMultiConvert : Situation 0 16: 55.597 [HPD] CreateTask Master End 17: 56.945 [SEQ] NotifyComplete (Cur = 1, 0x20000002, Flag = 0x2) 18: 57.868 [PROPST] dwNewAeModeDial = 2 19: 58.428 [PRP] Deliv WaitID = 0x80000001, 0xFF1B9248(1) 20: 59.406 [PRP] Complete WaitID = 0x80000001, 0xFF1B9248(0) 21: 59.610 [PRP] SpecialComplete ID = 0x80000001, 0x80000001 1034 22: 60.687 [PRP] MovieParamData 23: 60.857 [PRP] mode 0 size 0x0 , framerate 0x18 , type 0xc zoom 0x0 24: 63.185 [EM] emSlaveChangeCBR : AUTO_POWEROFF (1) 25: 63.374 [EM] emSlaveChangeCBR : UILOCK (0x0) 26: 64.396 [HPD] ERASE SW OFF 27: 82.819 [PRP] Complete WaitID = 0x8000003F, 0x00000000(0) 28: 111.938 [STARTUP] startupPropAdminMain : End 29: 112.000 [SEQ] NotifyComplete (Cur = 1, 0x20000000, Flag = 0x20000000) 30: 112.091 [SEQ] seqEventDispatch (Startup, 1) 31: 112.116 [STARTUP] startupPrepareProperty 32: 112.478 [FM] FM_Initialize (0, 1, 0) 33: 112.846 [FM] fmResultCBR (0x80e2c8) 34: 113.402 [FM] PROP_HDD_DCIM_PATH (/) 35: 113.577 [FC] FC_Initialize [drive:3][ClassID:39] 36: 113.774 [FM] PROP_CARD1_STATUS = 0x1 37: 113.870 [FM] PROP_CARD1_FOLDER_NUMBER = 142 38: 113.954 [FM] PROP_CARD1_FILE_NUMBER = 0 39: 114.045 [FM] PROP_CARD2_STATUS = 0x0 40: 114.130 [FM] PROP_CARD2_FOLDER_NUMBER = 100 41: 114.194 [FM] PROP_CARD2_FILE_NUMBER = 685 42: 114.261 [FM] PROP_CARD3_EXIST = 0 43: 114.299 [FM] PROP_CARD3_STATUS = 0x1 44: 114.337 [FM] PROP_CARD3_RECORD = 0 => 1 45: 114.381 [FM] PROP_CARD3_FOLDER_NUMBER = 100 46: 114.434 [FM] PROP_CARD3_FILE_NUMBER = 0 47: 114.498 [FM] PROP_FILE_NUMBERING_MODE = 1, 0 48: 114.538 [FM] PROP_CARD_EXTENSION = 0 49: 114.577 [FM] PROP_CURRENT_MEDIA = 2 50: 114.615 [FM] PROP_USBDEVICE_CONNECT = -1 51: 114.659 [FM] PROP_NUMBER_OF_CONTINUOUS_MODE = 685 52: 114.691 [SEQ] NotifyComplete (Cur = 2, 0x10, Flag = 0x10) 53: 114.795 [FM] PROP_DSDEFINE ModelId 80000287 54: 114.851 [SEQ] seqEventDispatch (Startup, 2) 55: 114.869 [STARTUP] startupPrepareCapture 56: 115.448 [RSC] hMemoryQueue (0x620010) hStorageQueue (0x640012) 57: 116.725 [RSC] AllocateMemoryUnit For ExMem1 58: 116.745 [RSC] AllocateMemoryUnit For ExMem1_2
Control registers[]
This is reverse engineered from FROM code, executed in slave digic:
"wait WakeUp Slave"
0xC022D000 +0xD0 <- 0x00238000 +0xF8 <- 0x00038C00 <- enable master digic reset line? 0xC0A00000 (IPC comm) +0x24 <- 0x80000052 <- also called SSTAT register 0xC0220000 (GPIO) +0x24 -> wait until bit 0 is set <- I/O on pull-up is high due to floating I/O
"WakeUp Master"
0xC022D000 +0xF8 <- 0x00138800 <- release master digic reset line?
0xC0220000 (GPIO) +0x24 -> wait until bit 0 is cleared <- I/O is driven low by other digic (guess: master-side register 0xC0220040)
0xC022D000 +0xD0 <- 0x0E000000 +0xF8 <- 0x0E000000
notes[]
0xF8010000 - 0xF8F4FFFF TORNADO and Command area 0xF8010000 - 0xF8E2FFFF Program area
0xC0A00000 (IPC comm)
+0x08 some bitmask. interrupt reason? --1----- IPC read interrupt (command is in SSTAT instead of CMD) ---1---- IPC recv command ----1--- INT TOUTErr -----1-- INT WrBusErr ------1- INT RdBusErr -------1 INT IDEVErr +0x0C slave writes 0x1FF. confirmation? +0x1C CMD +0x24 SSTAT
CMD for slave:
0x80000000 0x80000035 0x80000036 0x80000037 0x88xxxxxx IPC Fir File Request (answers with 0xC8000000 to SSTAT) 0x89000010 0x89000018 0x89000020 0x89000022 0xC0000000 0xF800000x IPC File Request
Master:
RPC Command IDs passed to RegisterRPCHandler have this format: 0xTIII T = Type (1 = direct command, 2 = control command, 4 = bulk command) I = ID