[OpenPower-Firmware] SBE questions

Marty E. Plummer hanetzer at startmail.com
Fri Jul 26 03:11:07 AEST 2019


On Mon, Jul 22, 2019 at 12:25:55PM -0500, Dean Sanner wrote:
> Hi Marty,
> 
> > Ok, and one more thing (probably not, but I've managed to get a proper
> > full seeprom dumped and un-ecc'd): does ppe42-binutils currently have
> 
> I take it that I don't need to go into iicmaster details?  (It is an
> IBM service processor specific IBM tool -- I was just trying show how
> to suck the images off the PROM and reconstruct)
> 
> > the guts to disassemble flat binary (not elf) targets. There's a -M ppe42
> > switch but no -m switch equivalent (you apparently need a -M -m and -b
> binary
> > flag to dissassemble flat binaries), and I can't seem to get
> > powerpc-eabi-objdump
> > to make disassembling sbe_seeprom_DD2.bin look like sbe_seeprom_DD2.dis
> > (this is mostly just a run against a known set of binaries and
> > disassembly to verify against; both were produced from sbe_seeprom_DD2.out,
> > an elf file, or at least I assume so).
> 
I have figured the issue. Apparently ppe42-binutils disassembles in
little endian rules mode by default, using the -EB flag give me 'correct'
results, as far as I can tell.
> Once you have the image off and ECC removed -- you can then use the
> p9_xip_tool
> to extract various sections.  This is the output of "report"
> 
> output/build/hcode-hw071319a.940/output/bin/p9_xip_tool.exe
> output/host/powerpc64le-buildroot-linux-gnu/sysroot/openpower_pnor_scratch/p9n_23.sbe_seeprom.bin
>  report
> 
> Image section type : 0x00 "XIP image"
> Magic number       : 0x584950205345504d "XIP SEPM"
> Header version     : 0x09
> Link Address       : 0x00000000ff800000
> L1 Loader Address  : 0xff800244
> L2 Loader Address  : 0xffffe400
> Kernel Address     : 0xfffe8998
> Image size         : 0x00031c58 (203864)
> Normalized         : Yes
> TOC Sorted         : Yes
> Build Date         : 07/22/2019
> Build Time         : 10:33
> Build User         : dsanner
> Build Host         : gfwr609.rchland.ibm.com
> Build Tag          : 07595bbf345cb9a1b
> 
> Section Table      :
> 
>     Name            Align   DD   Start        End          Size
> 
>    .header          1       0    0x00000000   0x0000015b   0x0000015c (348)
>    .fixed           8       0    0x00000400   0x00000547   0x00000148 (328)
>    .fixedtoc        8       0    0x0001e930   0x0001ebb7   0x00000288 (648)
>    .toc             4       0    0x0001ebb8   0x0001f02b   0x00000474 (1140)
>    .strings         1       0    0x0001f02c   0x0001f81c   0x000007f1 (2033)
>    .loader_text     4       0    0x00000200   0x0000039b   0x0000019c (412)
>    .pibrepr_data    8       0    0x00000000                0x00000000 (0)
>    .text            4       0    0x00000548   0x0001e92f   0x0001e3e8 (123880)
>    .data            8       0    0x00000000                0x00000000 (0)
>    .base            4       0    0x0001fb30   0x0002fee2   0x000103b3 (66483)
>    .baseloader      8       0    0x0001f820   0x0001fb2f   0x00000310 (784)
>    .overrides       8       0    0x00000000                0x00000000 (0)
>    .rings           8       0    0x0002fee8   0x00031c53   0x00001d6c (7532)
>    .overlays        8       0    0x00000000                0x00000000 (0)
>    .hbbl            8       0    0x00000000                0x00000000 (0)
> 
> 
> to extract the actual "code" you want to suck off the .text portion and
> then examine:
> 
> p9_xip_tool.exe p9n_23.sbe_seeprom.bin extract .text sbe.code.bin
> 
> If you want to add/remove sections you can do it like this:
> 
> p9_xip_tool.exe p9n_10.sbe_seeprom.bin delete .hbbl
> p9_xip_tool.exe p9n_10.sbe_seeprom.bin append .hbbl ../hbbl_test.bin
> 
> Hope that helps accomplish what you want
Very cool tricks, thanks. One(?) more question: I assume that
Kernel Address     : 0xfffe8998
is where jump_to_kernel executes; I can't quite locate this entry point
in the disassembly (obviously this address exists but it doesn't appear
to be an entry point/function start). I'm interested in this bit as it
(if I understand correctly) is the actual sbe code running (the stuff
prior is just setting up stuff for it to run) and contains the meat of
the code which I'd have to understand for a coreboot port.

If I'm missing something here please do tell.

Regards,
Marty


More information about the OpenPower-Firmware mailing list