[OpenPower-Firmware] SBE questions
Dean Sanner
dsanner at us.ibm.com
Fri Jul 26 04:27:57 AEST 2019
Hi Marty,
> Very cool tricks, thanks. One(?) more question: I assume that
> Kernel Address : 0xfffe8998
> is where jump_to_kernel executes; I can't quite locate this entry point
> in the disassembly (obviously this address exists but it doesn't appear
> to be an entry point/function start). I'm interested in this bit as it
The OTPROM (burnt into the chip, can't change -- src/boot/otprom_init.S)
will read the start of the XIP image, check the magic and jump to the
address listed in next 8 bytes (here it is 0xFF800244):
00000000 58 49 50 20 53 45 50 4d 00 00 00 00 ff 80 02 44 |XIP
SEPM.......D|
This lines up with the L1 loader:
> L1 Loader Address : 0xff800244
> .loader_text 4 0 0x00000200 0x0000039b 0x0000019c
(412)
==========
The L1 loader (src/boot/loader_l1.S) will load the PIBMEM (SBE RAM) repairs
and then copies the L2 Loader from seeprom into PIBMEM. Note that this
runs without a stack. The load address is hardcoded:
_liw %r3, SBE_LOADER_BASE_SECTION # Source on SEEPROM: 0xF80000B8
_liw %r4, SBE_LOADER_BASE_ORIGIN # dest in PIBMEM
/// Each section table entry is 12 bytes(SIZE_OF_SBE_XIP_SECTION) size,
// Base Loader is 10 th (P9_XIP_SECTION_BASELOADER) section
#define SBE_LOADER_BASE_SECTION SBE_SEEPROM_BASE_ORIGIN +
SBE_XIP_TOC_OFFSET \
+ 120
#define SBE_LOADER_BASE_ORIGIN 0xFFFFE400
> L2 Loader Address : 0xffffe400
> .baseloader 8 0 0x0001f820 0x0001fb2f 0x00000310
(784)
000000b0 00 01 03 b3 04 00 00 00 00 01 f8 20 00 00 03 10
|........... ....|
===========
The L2 loader (src/boot/loader_l2_setup.S, src/boot/loader_l2.c) then loads
the SBE kernel/payload proper while running in PIBMEM, where it can have
a stack.
loadSection(&(hdr->iv_section[P9_XIP_SECTION_SBE_BASE]), pibMemAddr);
// Set the IVPR register. This is required so that interrupt vector
table
// points to pk interfaces.
uint64_t data = (uint64_t)(SBE_BASE_ORIGIN) << 32;
PPE_STVD(g_ivprLoc, data);
// Jump to pk boot function
uint32_t addr = hdr->iv_kernelAddr;
JUMP_TO_ADDR(addr);
000000a0 00 00 00 00 00 00 00 00 08 00 00 00 00 01 fb 30
|...............0|
000000b0 00 01 03 b3 04 00 00 00 00 01 f8 20 00 00 03 10
|........... ....|
> .base 4 0 0x0001fb30 0x0002fee2 0x000103b3
(66483)
The hdr is the XIP TOC header so the jump point is here:
> Kernel Address : 0xfffe8998
which can be found in output/build/sbe-<commit
number>/images/sbe_seeprom_DD2.dis
as fffe8998 <__pk_boot>:
this is added to the sbe.bin xip file with:
output/build/sbe-<commit>/src/build/Makefile: $(P9_XIP_TOOL) $(IMG_DIR)/$
(IMAGE_NAME).bin \
set kernelAddr 0x`nm $(IMG_DIR)/$(IMAGE_NAME).out | grep __pk_boot
| cut -f 1 -d " "`
> (if I understand correctly) is the actual sbe code running (the stuff
> prior is just setting up stuff for it to run) and contains the meat of
> the code which I'd have to understand for a coreboot port.
I think we might be talking past each other :) The above information goes
into details on how the SBE operates, but from what I understand you want
to
put the coreboot file system on the PNOR? The SBE proper _never_ accesses
the
PNOR directly. The first thing that touches the PNOR is the Hostboot boot
loader
(which is loaded by the SBE into the P9 cache and is executed by the P9
core itself).
Unless you want to run coreboot _from_ the SBE (limited environment and I
don't see
the value?) I would recommend focusing on modifications to the Hostboot
bootloader.
The Hostboot bootloader (HBBL) is part of the SBE SEEPROM customized in by
Hostboot --
but it doesn't execute on the SBE. It is the first thing the P9 core
executes.
That seems like the logical hook point to me?
Dean Sanner
dsanner at us.ibm.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openpower-firmware/attachments/20190725/69e632b9/attachment-0001.htm>
More information about the OpenPower-Firmware
mailing list