[OpenPower-Firmware] A few questions about early hostboot

[Marty E. Plummer]

> Holy crap. Think I finally got it at least loading the faked hbb.
> I managed to (probably) dump the 64b you mentioned, assuming that
> 0x8208000 is the correct address. I was getting consistently:
> 
> 00000000  10 30 24 31 41 42 43 e0  e1 e2 e4 f4 34 24 31 41  |.0$1ABC.....4$1A|   
> 00000010  42 43 e0 e1 e2 e4 f4 00  00 00 00 00 00 00 00 00  |BC..............|   
> 00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> 
> which is a series of ffs toc errors. So, I moved the backup toc
> from 0x3ff8000 to 0x3ff7000 (which is consistent with the 'stock'
> firmware and src/include/usr/pnor/pnor_const.H:171; I only used
> 0x3ff8000 because it made for easy maths) and I get an entirely
> different result:
> 
> 00000000  10 30 24 31 41 42 43 44  45 32 35 11 24 12 16 00  |.0$1ABCDE25.$...|   
> 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> 
> which is as far as 'ok, we copied it'. It may have stopped
> here because _start is 'b .', more testing is required, but
> sbe and hbbl are unmodified
> 
> I still can't consistently get all the threads to stop or read
> spr 313, but this is at least some form of progress (I think).

Further developments! getmem 0x8300000 $((128 * 1024)) > log.bin
and strings/hexdump log.bin shows it to be full of my code and
references to coreboot strings! Now I just need to figure out where
this MMIO_SCRATCH_HOSTBOOT_ACTIVE register is and how to read it.

Further, at this point reading r0 yeilds 0x8200000 (which should be
the hrmor if line 366 of bl_start.S has executed [mfspr r0, HRMOR])
and r9 has 0x8000000008203394, EA[0]=1+HRMOR+switchToHBB from the
hbibl.syms file.