[OpenPower-Firmware] A few questions about early hostboot

Dean Sanner dsanner at us.ibm.com
Thu Sep 26 21:55:26 AEST 2019 

> From: "Marty E. Plummer" <hanetzer at startmail.com>
> To: Alistair Popple <apopple at linux.ibm.com>
> Cc: Amit J Tendolkar <amit.tendolkar at in.ibm.com>, Dean Sanner
> <dsanner at us.ibm.com>, openpower-firmware at lists.ozlabs.org, Raja Das1
> <rajadas2 at in.ibm.com>, Sachin Gupta24 <sgupta2m at in.ibm.com>
> Date: 09/25/2019 11:40 PM
> Subject: [EXTERNAL] Re: A few questions about early hostboot
>
> > Holy crap. Think I finally got it at least loading the faked hbb.
> > I managed to (probably) dump the 64b you mentioned, assuming that
> > 0x8208000 is the correct address. I was getting consistently:
> >
> > 00000000  10 30 24 31 41 42 43 e0  e1 e2 e4 f4 34 24 31 41  |.
> 0$1ABC.....4$1A|
> > 00000010  42 43 e0 e1 e2 e4 f4 00  00 00 00 00 00 00 00 00  |
> BC..............|
> > 00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
> |................|
> >
> > which is a series of ffs toc errors. So, I moved the backup toc
> > from 0x3ff8000 to 0x3ff7000 (which is consistent with the 'stock'
> > firmware and src/include/usr/pnor/pnor_const.H:171; I only used
> > 0x3ff8000 because it made for easy maths) and I get an entirely
> > different result:
> >
> > 00000000  10 30 24 31 41 42 43 44  45 32 35 11 24 12 16 00  |.
> 0$1ABCDE25.$...|
> > 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
> |................|
> >
> > which is as far as 'ok, we copied it'. It may have stopped
> > here because _start is 'b .', more testing is required, but
> > sbe and hbbl are unmodified
> >
> > I still can't consistently get all the threads to stop or read
> > spr 313, but this is at least some form of progress (I think).
>
> Further developments! getmem 0x8300000 $((128 * 1024)) > log.bin
> and strings/hexdump log.bin shows it to be full of my code and
> references to coreboot strings! Now I just need to figure out where
> this MMIO_SCRATCH_HOSTBOOT_ACTIVE register is and how to read it.

Definitely progress -- cool!

The MMIO_SCRATCH_HOSTBOOT_ACTIVE  is a core accessible SCOM register
via SPRs.  It is accessible via getscom via pdbg.  Something like
"pdbg -p0 getscom 0x20010A89"   (this is the absolute address to
core 0 -- since you are on core 0 it will just work)

This is the output from Cronus when Hostboot is running:
p9n.c   k0:n0:s0:p00:c2    0000000000000000: 686F7374 626F6F74  [hostboot]

>
> Further, at this point reading r0 yeilds 0x8200000 (which should be
> the hrmor if line 366 of bl_start.S has executed [mfspr r0, HRMOR])
> and r9 has 0x8000000008203394, EA[0]=1+HRMOR+switchToHBB from the
> hbibl.syms file.

On a successful switch your code should be at 0x08000000 (the copy in
0x08300000 is pre secureboot verification). The HBBL runs at an HRMOR
of 0x08200000 and then switches to 08000000 when HBB starts executing.

Note that during HBBL only the first core, thread 0 is active.  During
early HBB it is still one core, one thread.  After the extended image
is loaded then a HWP is used to start threads 1,2,3 of the first core.
Hostboot will then run like that until istep 16 when all the rest of the
cores/threads are activated.


Dean Sanner
dsanner at us.ibm.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openpower-firmware/attachments/20190926/5f2f9b63/attachment.htm>

More information about the OpenPower-Firmware mailing list