[OpenPower-Firmware] SBE questions
Marty E. Plummer
hanetzer at startmail.com
Fri Jul 26 03:11:07 AEST 2019
On Mon, Jul 22, 2019 at 12:25:55PM -0500, Dean Sanner wrote:
> Hi Marty,
>
> > Ok, and one more thing (probably not, but I've managed to get a proper
> > full seeprom dumped and un-ecc'd): does ppe42-binutils currently have
>
> I take it that I don't need to go into iicmaster details? (It is an
> IBM service processor specific IBM tool -- I was just trying show how
> to suck the images off the PROM and reconstruct)
>
> > the guts to disassemble flat binary (not elf) targets. There's a -M ppe42
> > switch but no -m switch equivalent (you apparently need a -M -m and -b
> binary
> > flag to dissassemble flat binaries), and I can't seem to get
> > powerpc-eabi-objdump
> > to make disassembling sbe_seeprom_DD2.bin look like sbe_seeprom_DD2.dis
> > (this is mostly just a run against a known set of binaries and
> > disassembly to verify against; both were produced from sbe_seeprom_DD2.out,
> > an elf file, or at least I assume so).
>
I have figured the issue. Apparently ppe42-binutils disassembles in
little endian rules mode by default, using the -EB flag give me 'correct'
results, as far as I can tell.
> Once you have the image off and ECC removed -- you can then use the
> p9_xip_tool
> to extract various sections. This is the output of "report"
>
> output/build/hcode-hw071319a.940/output/bin/p9_xip_tool.exe
> output/host/powerpc64le-buildroot-linux-gnu/sysroot/openpower_pnor_scratch/p9n_23.sbe_seeprom.bin
> report
>
> Image section type : 0x00 "XIP image"
> Magic number : 0x584950205345504d "XIP SEPM"
> Header version : 0x09
> Link Address : 0x00000000ff800000
> L1 Loader Address : 0xff800244
> L2 Loader Address : 0xffffe400
> Kernel Address : 0xfffe8998
> Image size : 0x00031c58 (203864)
> Normalized : Yes
> TOC Sorted : Yes
> Build Date : 07/22/2019
> Build Time : 10:33
> Build User : dsanner
> Build Host : gfwr609.rchland.ibm.com
> Build Tag : 07595bbf345cb9a1b
>
> Section Table :
>
> Name Align DD Start End Size
>
> .header 1 0 0x00000000 0x0000015b 0x0000015c (348)
> .fixed 8 0 0x00000400 0x00000547 0x00000148 (328)
> .fixedtoc 8 0 0x0001e930 0x0001ebb7 0x00000288 (648)
> .toc 4 0 0x0001ebb8 0x0001f02b 0x00000474 (1140)
> .strings 1 0 0x0001f02c 0x0001f81c 0x000007f1 (2033)
> .loader_text 4 0 0x00000200 0x0000039b 0x0000019c (412)
> .pibrepr_data 8 0 0x00000000 0x00000000 (0)
> .text 4 0 0x00000548 0x0001e92f 0x0001e3e8 (123880)
> .data 8 0 0x00000000 0x00000000 (0)
> .base 4 0 0x0001fb30 0x0002fee2 0x000103b3 (66483)
> .baseloader 8 0 0x0001f820 0x0001fb2f 0x00000310 (784)
> .overrides 8 0 0x00000000 0x00000000 (0)
> .rings 8 0 0x0002fee8 0x00031c53 0x00001d6c (7532)
> .overlays 8 0 0x00000000 0x00000000 (0)
> .hbbl 8 0 0x00000000 0x00000000 (0)
>
>
> to extract the actual "code" you want to suck off the .text portion and
> then examine:
>
> p9_xip_tool.exe p9n_23.sbe_seeprom.bin extract .text sbe.code.bin
>
> If you want to add/remove sections you can do it like this:
>
> p9_xip_tool.exe p9n_10.sbe_seeprom.bin delete .hbbl
> p9_xip_tool.exe p9n_10.sbe_seeprom.bin append .hbbl ../hbbl_test.bin
>
> Hope that helps accomplish what you want
Very cool tricks, thanks. One(?) more question: I assume that
Kernel Address : 0xfffe8998
is where jump_to_kernel executes; I can't quite locate this entry point
in the disassembly (obviously this address exists but it doesn't appear
to be an entry point/function start). I'm interested in this bit as it
(if I understand correctly) is the actual sbe code running (the stuff
prior is just setting up stuff for it to run) and contains the meat of
the code which I'd have to understand for a coreboot port.
If I'm missing something here please do tell.
Regards,
Marty
More information about the OpenPower-Firmware
mailing list