SlideShare a Scribd company logo

UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap

Download as ODP, PDF
E
edlangley

The document discusses hacking an embedded Linux system called the Mattel Juicebox, a children's video and MP3 player, by taking advantage of unused debugging interfaces. It covers setting up a toolchain and memory management for systems without an MMU, programming the target system over JTAG, and challenges faced getting uCLinux running on the Juicebox such as modifying its boot process.

1 of 28
Downloaded 24 times
Hacking embedded Linux on the cheap with an example system Ed Langley
Introduction to the target system ● Mattel Juicebox – Childrens video and MP3 player – Only plays video from OTP ROM cartridges ● Proprietary player and format ● Low compression ● No OS – Plays MP3s from MMC socket cartridge ● Running uCLinux
Target system specification ● Samsung S3C440BX micro controller – ARM7TDMI core – 8KB cache/SRAM – 2 channel UART – 2 channel DMA – 1 channel I2C – 5 channel PWM – 8 channel 10 bit ADC – RTC with calendar – 71 input/output pins – LCD controller with 1 dedicated DMA channel ● 2MB SDRAM ● 8MB ROM ● Audio: Cirrus Logic CS43L43 ● LCD: 2.7 inch color 240x160 ● JTAG – pads on PCB left behind in production boards ● As are serial port Tx/Rx lines
Picking your own target system ● Traditional industry method: – price Vs package size Vs power consumption – All of above Vs features: ● Speed ● Number of external interrupts ● Supported memory range ● Memory management ● Number of GPIO pins ● Assemblers/compilers/programming languages supported ● Operating systems supported
Picking your own target system ● “On a shoestring” method – Take what you can get – Mass produced gadget/appliance – Contains CPU with architecture supported by Linux ● How much work/research/porting/hacking do you want to do yourself? – E.G. Low budget: ● PDAs MP4 video players (from China off Ebay for £20) ● Older games consoles (Dreamcast, PS2, Game Cube) – E.G. Higher budget: ● Handheld games consoles (PSP, GP2X) ● Set top boxes/routers (Dreambox, Linksys routers)
Get your build environment together ● Toolchain – GCC – Binutils (ar, as, ld, objdump, objcopy, readelf) – Debugger ● If the target system has in circuit debugging ability ● GDB ● Interface from GDB to target – OpenOCD for JTAG, BDM patches for FreeScale MCUs ● Above will have “arch-binaryformat-” prefix – E.G. arm-elf-gcc, m68k-linux-objdump
Test the tool chain ● If system doesn't come with Linux on it already, best to start with some bare board code – C run time (assembly code to prepare CPU configuration and stack to run C code, then call main()) – Linker script ● Tells code what memory address it will be running from, so function calls are compiled to JMP instructions to the correct addresses – Makefile ● Sets compile/linker commands to use the cross compiling tool chain, passes linker script to linker
Memory management ● Process memory map on typical Linux system with an MMU: .text 0x00000000 .data .bss Dynamic memory 0x40000000 Stack0xC0000000 Kernel .text Kernel .data Kernel .bss Kernel dynamic memory Hardware access ranges Physical memory Page table Linear mapping
Memory Management ● Process memory map created by default linker script, included with tool chain ● When building “Bare board” code, or an operating system kernel, need to specify custom linker script ● Script specifies where code is in output file (ELF) and what address it will be at when MMU is enabled and page tables configured
Lack of memory management ● Low end micro controllers often don't have memory management units – Less complexity in silicon ● Cheaper ● Lower power consumption ● Simpler for writing bare board software from scratch ● Not so easy for running Linux – No virtual memory addresses ● Processes can't all have the same memory map ● Can't “grow” process address space with sbrk()
Lack of memory management ● Solution: uCLinux – All processes loaded to different physical addresses ● New binary format (FLAT) to handle this – Different memory allocator ● No brk()/sbrk() system call ● Power of 2 – No fork() system call ● Can't duplicate process memory map because physical addresses must all be different ● Forces application modification to use vfork()
Benefits of no MMU ● Cheaper development tool setup – Was developing a Linux driver on a v4 Coldfire board (with MMU) at work – Tried to debug kernel with m68k-linux-bdm-gdb – GDB has no concept of virtual addresses ● Written to debug user mode processes – As soon as GDB tried to read a kernel variable at a virtual address – Bus error ● Wasn't translating virtual address to physical address – Never had a problem on previous board (with no MMU) because virtual address=physical address
Benefits of no MMU ● Used one of these: Lauterbauch Trace32 ● Could have used KGDB – Architecture specific code needs porting
Getting the code onto the target ● Plug and prey – Can take a few goes to get right – Becomes tiresome trying out changes ● Program the flash/RAM in target – Requires either: ● Boot loader/monitor preprogrammed into boot ROM – Not likely on a retail product ● Debug interface hardware and connector on target – This can be very slow with cheaper debug interface – Very very slow for programming flash in target
Getting code onto the Juicebox ● The S3C44B0X has JTAG interface, connector pads are present on JB board
Joint Test Action Group overview ● Serial data In, Out and Clock lines allow data bits to be clocked in and out of the Test Access Port (TAP) on the device ● TMS controls state machine in TAP ● Devices may be chained:
Joint Test Action Group overview ● Serial bits clocked in control device pins through a path of cells known as the Boundary Scan Register:
Joint Test Action Group overview ● Toggling TMS signal cycles TAP through a state machine ● This allows the device pins to be set to the data clocked in via TDI ● Or to capture the device pin state and clock it out via TDO ● Control of the pins on the device give control of the device itself, and RAM/flash connected to the device ● So JTAG can be used to program memory in target
The JTAG Wiggler ● Macraigor is a company making hardware and software for embedded development ● They created the standard “Wiggler” design for connecting PC to target via JTAG:
The JTAG Wiggler ● Everyone soon realised the Wiggler is just a buffer chip on the end of a parallel cable ● Olimex clone:
The JTAG Wiggler ● Home made version:
It doesn't work- now what? ● Systematic approach ● Start at one end (I.E. Bottom of hardware/ top of software) and work to the other ● The JTAG connection to the Juicebox wouldn't work – Started with the software ● Check permissions – retry as root ● Check parport_pc kernel module not loaded, interferes with direct port access – Then moved down to parallel port setup in BIOS
Juicebox JTAG not working ● Then checked cable wired correctly – ensure board schematic drawn with same connector gender as actually used ● Then checked the schematic:
Juicebox JTAG not working ● Result: schematic incorrect ● Amendments made to the website where I copied it from 5 days later ● Used that schematic because it was in Eagle CAD format ● Moral of the story – The less work you do yourself, the more susceptible you are to mistakes made by others doing the work for you
Getting Linux running on a target system ● Retail gadgets – Usually some kind of kludge/hack to get own code running – Boot loader often runs checksum calculation over a range of the code – Games consoles/handhelds ● Generally require a massive exploit to be found before any progress is made
Getting uCLinux running on the Juice Box ● Can run home brew code relatively easy – Can download binary to RAM/flash using Jtager – Can download ELF using GDB+OpenOCD ● Running code from a fresh boot, not so easy – Need to steal first 512 bytes from a “Juiceware” video cartridge and patch with some hex to add a branch instruction to the custom code
Getting uCLinux running on the Juice Box ● Not actually done this yet ● Have built a “cartridge” to interface some programmable NAND flash to the S3C44B0X:
Getting uCLinux running on the Juice Box ● Downloading even a minimal Kernel to RAM or flash over JTAG takes forever – Have built the kernel to run from RAM as configured by Emsoft – Will write this to flash once ● Currently crafting a boot loader to prepare the CPU, then dump the kernel from flash to RAM and run it

Recommended

UKUUG presentation about µCLinux on Pluto 6
UKUUG presentation about µCLinux on Pluto 6UKUUG presentation about µCLinux on Pluto 6
UKUUG presentation about µCLinux on Pluto 6
edlangley
 
µCLinux on Pluto 6 Project presentation
µCLinux on Pluto 6 Project presentationµCLinux on Pluto 6 Project presentation
µCLinux on Pluto 6 Project presentation
edlangley
 
GCMA: Guaranteed Contiguous Memory Allocator
GCMA: Guaranteed Contiguous Memory AllocatorGCMA: Guaranteed Contiguous Memory Allocator
GCMA: Guaranteed Contiguous Memory Allocator
SeongJae Park
 
Linux Kernel Memory Model
Linux Kernel Memory ModelLinux Kernel Memory Model
Linux Kernel Memory Model
SeongJae Park
 
An Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux KernelAn Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux Kernel
SeongJae Park
 
Performance: Observe and Tune
Performance: Observe and TunePerformance: Observe and Tune
Performance: Observe and Tune
Paul V. Novarese
 
Understanding of linux kernel memory model
Understanding of linux kernel memory modelUnderstanding of linux kernel memory model
Understanding of linux kernel memory model
SeongJae Park
 
Rendering Battlefield 4 with Mantle by Yuriy ODonnell
Rendering Battlefield 4 with Mantle by Yuriy ODonnellRendering Battlefield 4 with Mantle by Yuriy ODonnell
Rendering Battlefield 4 with Mantle by Yuriy ODonnell
AMD Developer Central
 
Kernel Recipes 2017 - Build farm again - Willy Tarreau
Kernel Recipes 2017 - Build farm again - Willy TarreauKernel Recipes 2017 - Build farm again - Willy Tarreau
Kernel Recipes 2017 - Build farm again - Willy Tarreau
Anne Nicolas
 
Cat @ scale
Cat @ scaleCat @ scale
Cat @ scale
Rohit Jnagal
 
Memory Bandwidth QoS
Memory Bandwidth QoSMemory Bandwidth QoS
Memory Bandwidth QoS
Rohit Jnagal
 
Current and Future of Non-Volatile Memory on Linux
Current and Future of Non-Volatile Memory on LinuxCurrent and Future of Non-Volatile Memory on Linux
Current and Future of Non-Volatile Memory on Linux
mountpoint.io
 
R&D work on pre exascale HPC systems
R&D work on pre exascale HPC systemsR&D work on pre exascale HPC systems
R&D work on pre exascale HPC systems
Joshua Mora
 
Continguous Memory Allocator in the Linux Kernel
Continguous Memory Allocator in the Linux KernelContinguous Memory Allocator in the Linux Kernel
Continguous Memory Allocator in the Linux Kernel
Kernel TLV
 
Task migration using CRIU
Task migration using CRIUTask migration using CRIU
Task migration using CRIU
Rohit Jnagal
 
eBPF in the view of a storage developer
eBPF in the view of a storage developereBPF in the view of a storage developer
eBPF in the view of a storage developer
Richárd Kovács
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debugging
The Linux Foundation
 
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Anne Nicolas
 
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
ScyllaDB
 
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farmKernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Anne Nicolas
 
Linux rt in financial markets
Linux rt in financial marketsLinux rt in financial markets
Linux rt in financial markets
Adrien Mahieux
 
Getting Started with Performance Co-Pilot
Getting Started with Performance Co-PilotGetting Started with Performance Co-Pilot
Getting Started with Performance Co-Pilot
Paul V. Novarese
 
Memory management
Memory managementMemory management
Memory management
Adrien Mahieux
 
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens AxboeKernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Anne Nicolas
 
Asymmetric Multiprocessing - Kynetics ELC 2018 portland
Asymmetric Multiprocessing - Kynetics ELC 2018 portlandAsymmetric Multiprocessing - Kynetics ELC 2018 portland
Asymmetric Multiprocessing - Kynetics ELC 2018 portland
Nicola La Gloria
 
BKK16-317 How to generate power models for EAS and IPA
BKK16-317 How to generate power models for EAS and IPABKK16-317 How to generate power models for EAS and IPA
BKK16-317 How to generate power models for EAS and IPA
Linaro
 
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Bruno Castelucci
 
Lect18
Lect18Lect18
Lect18
Vin Voro
 
One Year of Porting - Post-mortem of two Linux/SteamOS launches
One Year of Porting - Post-mortem of two Linux/SteamOS launchesOne Year of Porting - Post-mortem of two Linux/SteamOS launches
One Year of Porting - Post-mortem of two Linux/SteamOS launches
Leszek Godlewski
 
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
The Linux Foundation
 

More Related Content

What's hot (20)

Kernel Recipes 2017 - Build farm again - Willy Tarreau
Kernel Recipes 2017 - Build farm again - Willy TarreauKernel Recipes 2017 - Build farm again - Willy Tarreau
Kernel Recipes 2017 - Build farm again - Willy Tarreau
Anne Nicolas
 
Cat @ scale
Cat @ scaleCat @ scale
Cat @ scale
Rohit Jnagal
 
Memory Bandwidth QoS
Memory Bandwidth QoSMemory Bandwidth QoS
Memory Bandwidth QoS
Rohit Jnagal
 
Current and Future of Non-Volatile Memory on Linux
Current and Future of Non-Volatile Memory on LinuxCurrent and Future of Non-Volatile Memory on Linux
Current and Future of Non-Volatile Memory on Linux
mountpoint.io
 
R&D work on pre exascale HPC systems
R&D work on pre exascale HPC systemsR&D work on pre exascale HPC systems
R&D work on pre exascale HPC systems
Joshua Mora
 
Continguous Memory Allocator in the Linux Kernel
Continguous Memory Allocator in the Linux KernelContinguous Memory Allocator in the Linux Kernel
Continguous Memory Allocator in the Linux Kernel
Kernel TLV
 
Task migration using CRIU
Task migration using CRIUTask migration using CRIU
Task migration using CRIU
Rohit Jnagal
 
eBPF in the view of a storage developer
eBPF in the view of a storage developereBPF in the view of a storage developer
eBPF in the view of a storage developer
Richárd Kovács
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debugging
The Linux Foundation
 
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Anne Nicolas
 
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
ScyllaDB
 
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farmKernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Anne Nicolas
 
Linux rt in financial markets
Linux rt in financial marketsLinux rt in financial markets
Linux rt in financial markets
Adrien Mahieux
 
Getting Started with Performance Co-Pilot
Getting Started with Performance Co-PilotGetting Started with Performance Co-Pilot
Getting Started with Performance Co-Pilot
Paul V. Novarese
 
Memory management
Memory managementMemory management
Memory management
Adrien Mahieux
 
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens AxboeKernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Anne Nicolas
 
Asymmetric Multiprocessing - Kynetics ELC 2018 portland
Asymmetric Multiprocessing - Kynetics ELC 2018 portlandAsymmetric Multiprocessing - Kynetics ELC 2018 portland
Asymmetric Multiprocessing - Kynetics ELC 2018 portland
Nicola La Gloria
 
BKK16-317 How to generate power models for EAS and IPA
BKK16-317 How to generate power models for EAS and IPABKK16-317 How to generate power models for EAS and IPA
BKK16-317 How to generate power models for EAS and IPA
Linaro
 
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Bruno Castelucci
 
Lect18
Lect18Lect18
Lect18
Vin Voro
 
Kernel Recipes 2017 - Build farm again - Willy Tarreau
Kernel Recipes 2017 - Build farm again - Willy TarreauKernel Recipes 2017 - Build farm again - Willy Tarreau
Kernel Recipes 2017 - Build farm again - Willy Tarreau
Anne Nicolas
 
Cat @ scale
Cat @ scaleCat @ scale
Cat @ scale
Rohit Jnagal
 
Memory Bandwidth QoS
Memory Bandwidth QoSMemory Bandwidth QoS
Memory Bandwidth QoS
Rohit Jnagal
 
Current and Future of Non-Volatile Memory on Linux
Current and Future of Non-Volatile Memory on LinuxCurrent and Future of Non-Volatile Memory on Linux
Current and Future of Non-Volatile Memory on Linux
mountpoint.io
 
R&D work on pre exascale HPC systems
R&D work on pre exascale HPC systemsR&D work on pre exascale HPC systems
R&D work on pre exascale HPC systems
Joshua Mora
 
Continguous Memory Allocator in the Linux Kernel
Continguous Memory Allocator in the Linux KernelContinguous Memory Allocator in the Linux Kernel
Continguous Memory Allocator in the Linux Kernel
Kernel TLV
 
Task migration using CRIU
Task migration using CRIUTask migration using CRIU
Task migration using CRIU
Rohit Jnagal
 
eBPF in the view of a storage developer
eBPF in the view of a storage developereBPF in the view of a storage developer
eBPF in the view of a storage developer
Richárd Kovács
 
From printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debuggingFrom printk to QEMU: Xen/Linux Kernel debugging
From printk to QEMU: Xen/Linux Kernel debugging
The Linux Foundation
 
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Kernel Recipes 2016 - kernelci.org: 1.5 million kernel boots (and counting)
Anne Nicolas
 
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
Vanquishing Latency Outliers in the Lightbits LightOS Software Defined Storag...
ScyllaDB
 
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farmKernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Kernel Recipes 2016 - Speeding up development by setting up a kernel build farm
Anne Nicolas
 
Linux rt in financial markets
Linux rt in financial marketsLinux rt in financial markets
Linux rt in financial markets
Adrien Mahieux
 
Getting Started with Performance Co-Pilot
Getting Started with Performance Co-PilotGetting Started with Performance Co-Pilot
Getting Started with Performance Co-Pilot
Paul V. Novarese
 
Memory management
Memory managementMemory management
Memory management
Adrien Mahieux
 
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens AxboeKernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Kernel Recipes 2017 - What's new in the world of storage for Linux - Jens Axboe
Anne Nicolas
 
Asymmetric Multiprocessing - Kynetics ELC 2018 portland
Asymmetric Multiprocessing - Kynetics ELC 2018 portlandAsymmetric Multiprocessing - Kynetics ELC 2018 portland
Asymmetric Multiprocessing - Kynetics ELC 2018 portland
Nicola La Gloria
 
BKK16-317 How to generate power models for EAS and IPA
BKK16-317 How to generate power models for EAS and IPABKK16-317 How to generate power models for EAS and IPA
BKK16-317 How to generate power models for EAS and IPA
Linaro
 
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Revisão: Forwarding Metamorphosis: Fast Programmable Match-Action Processing ...
Bruno Castelucci
 
Lect18
Lect18Lect18
Lect18
Vin Voro
 

Similar to UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap (20)

One Year of Porting - Post-mortem of two Linux/SteamOS launches
One Year of Porting - Post-mortem of two Linux/SteamOS launchesOne Year of Porting - Post-mortem of two Linux/SteamOS launches
One Year of Porting - Post-mortem of two Linux/SteamOS launches
Leszek Godlewski
 
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
The Linux Foundation
 
Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights
GlobalLogic Ukraine
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Jian-Hong Pan
 
Rapid SPi Device Driver Development over USB
Rapid SPi Device Driver Development over USBRapid SPi Device Driver Development over USB
Rapid SPi Device Driver Development over USB
Samsung Open Source Group
 
Porting Android
Porting AndroidPorting Android
Porting Android
Opersys inc.
 
Tech Days 2015: ARM Programming with GNAT and Ada 2012
Tech Days 2015: ARM Programming with GNAT and Ada 2012Tech Days 2015: ARM Programming with GNAT and Ada 2012
Tech Days 2015: ARM Programming with GNAT and Ada 2012
AdaCore
 
5120224.ppt
5120224.ppt5120224.ppt
5120224.ppt
dedanndege
 
lecture_GPUArchCUDA02-CUDAMem.pdf
lecture_GPUArchCUDA02-CUDAMem.pdflecture_GPUArchCUDA02-CUDAMem.pdf
lecture_GPUArchCUDA02-CUDAMem.pdf
Tigabu Yaya
 
Embedded Erlang, Nerves, and SumoBots
Embedded Erlang, Nerves, and SumoBotsEmbedded Erlang, Nerves, and SumoBots
Embedded Erlang, Nerves, and SumoBots
Frank Hunleth
 
Micro-controllers (PIC) based Application Development
Micro-controllers (PIC) based Application DevelopmentMicro-controllers (PIC) based Application Development
Micro-controllers (PIC) based Application Development
Emertxe Information Technologies Pvt Ltd
 
Embedded platform choices
Embedded platform choicesEmbedded platform choices
Embedded platform choices
Tavish Naruka
 
Utilizing AMD GPUs: Tuning, programming models, and roadmap
Utilizing AMD GPUs: Tuning, programming models, and roadmapUtilizing AMD GPUs: Tuning, programming models, and roadmap
Utilizing AMD GPUs: Tuning, programming models, and roadmap
George Markomanolis
 
TMS320C5x
TMS320C5xTMS320C5x
TMS320C5x
DeekshithaReddy23
 
Advanced Diagnostics 2
Advanced Diagnostics 2Advanced Diagnostics 2
Advanced Diagnostics 2
Aero Plane
 
Add sale davinci
Add sale davinciAdd sale davinci
Add sale davinci
Akash Sahoo
 
Lcu14 101- coresight overview
Lcu14 101- coresight overviewLcu14 101- coresight overview
Lcu14 101- coresight overview
Linaro
 
"Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese...
"Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese..."Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese...
"Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese...
Edge AI and Vision Alliance
 
SoC Idling for unconf COSCUP 2016
SoC Idling for unconf COSCUP 2016SoC Idling for unconf COSCUP 2016
SoC Idling for unconf COSCUP 2016
Koan-Sin Tan
 
HKG15-409: ARM Hibernation enablement on SoCs - a case study
HKG15-409: ARM Hibernation enablement on SoCs - a case studyHKG15-409: ARM Hibernation enablement on SoCs - a case study
HKG15-409: ARM Hibernation enablement on SoCs - a case study
Linaro
 
One Year of Porting - Post-mortem of two Linux/SteamOS launches
One Year of Porting - Post-mortem of two Linux/SteamOS launchesOne Year of Porting - Post-mortem of two Linux/SteamOS launches
One Year of Porting - Post-mortem of two Linux/SteamOS launches
Leszek Godlewski
 
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
XPDDS17: Keynote: Shared Coprocessor Framework on ARM - Oleksandr Andrushchen...
The Linux Foundation
 
Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights Linux Kernel Platform Development: Challenges and Insights
Linux Kernel Platform Development: Challenges and Insights
GlobalLogic Ukraine
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Jian-Hong Pan
 
Rapid SPi Device Driver Development over USB
Rapid SPi Device Driver Development over USBRapid SPi Device Driver Development over USB
Rapid SPi Device Driver Development over USB
Samsung Open Source Group
 
Porting Android
Porting AndroidPorting Android
Porting Android
Opersys inc.
 
Tech Days 2015: ARM Programming with GNAT and Ada 2012
Tech Days 2015: ARM Programming with GNAT and Ada 2012Tech Days 2015: ARM Programming with GNAT and Ada 2012
Tech Days 2015: ARM Programming with GNAT and Ada 2012
AdaCore
 
5120224.ppt
5120224.ppt5120224.ppt
5120224.ppt
dedanndege
 
lecture_GPUArchCUDA02-CUDAMem.pdf
lecture_GPUArchCUDA02-CUDAMem.pdflecture_GPUArchCUDA02-CUDAMem.pdf
lecture_GPUArchCUDA02-CUDAMem.pdf
Tigabu Yaya
 
Embedded Erlang, Nerves, and SumoBots
Embedded Erlang, Nerves, and SumoBotsEmbedded Erlang, Nerves, and SumoBots
Embedded Erlang, Nerves, and SumoBots
Frank Hunleth
 
Micro-controllers (PIC) based Application Development
Micro-controllers (PIC) based Application DevelopmentMicro-controllers (PIC) based Application Development
Micro-controllers (PIC) based Application Development
Emertxe Information Technologies Pvt Ltd
 
Embedded platform choices
Embedded platform choicesEmbedded platform choices
Embedded platform choices
Tavish Naruka
 
Utilizing AMD GPUs: Tuning, programming models, and roadmap
Utilizing AMD GPUs: Tuning, programming models, and roadmapUtilizing AMD GPUs: Tuning, programming models, and roadmap
Utilizing AMD GPUs: Tuning, programming models, and roadmap
George Markomanolis
 
TMS320C5x
TMS320C5xTMS320C5x
TMS320C5x
DeekshithaReddy23
 
Advanced Diagnostics 2
Advanced Diagnostics 2Advanced Diagnostics 2
Advanced Diagnostics 2
Aero Plane
 
Add sale davinci
Add sale davinciAdd sale davinci
Add sale davinci
Akash Sahoo
 
Lcu14 101- coresight overview
Lcu14 101- coresight overviewLcu14 101- coresight overview
Lcu14 101- coresight overview
Linaro
 
"Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese...
"Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese..."Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese...
"Making Computer Vision Software Run Fast on Your Embedded Platform," a Prese...
Edge AI and Vision Alliance
 
SoC Idling for unconf COSCUP 2016
SoC Idling for unconf COSCUP 2016SoC Idling for unconf COSCUP 2016
SoC Idling for unconf COSCUP 2016
Koan-Sin Tan
 
HKG15-409: ARM Hibernation enablement on SoCs - a case study
HKG15-409: ARM Hibernation enablement on SoCs - a case studyHKG15-409: ARM Hibernation enablement on SoCs - a case study
HKG15-409: ARM Hibernation enablement on SoCs - a case study
Linaro
 

Recently uploaded (20)

Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 

UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap

  • 1. Hacking embedded Linux on the cheap with an example system Ed Langley
  • 2. Introduction to the target system ● Mattel Juicebox – Childrens video and MP3 player – Only plays video from OTP ROM cartridges ● Proprietary player and format ● Low compression ● No OS – Plays MP3s from MMC socket cartridge ● Running uCLinux
  • 3. Target system specification ● Samsung S3C440BX micro controller – ARM7TDMI core – 8KB cache/SRAM – 2 channel UART – 2 channel DMA – 1 channel I2C – 5 channel PWM – 8 channel 10 bit ADC – RTC with calendar – 71 input/output pins – LCD controller with 1 dedicated DMA channel ● 2MB SDRAM ● 8MB ROM ● Audio: Cirrus Logic CS43L43 ● LCD: 2.7 inch color 240x160 ● JTAG – pads on PCB left behind in production boards ● As are serial port Tx/Rx lines
  • 4. Picking your own target system ● Traditional industry method: – price Vs package size Vs power consumption – All of above Vs features: ● Speed ● Number of external interrupts ● Supported memory range ● Memory management ● Number of GPIO pins ● Assemblers/compilers/programming languages supported ● Operating systems supported
  • 5. Picking your own target system ● “On a shoestring” method – Take what you can get – Mass produced gadget/appliance – Contains CPU with architecture supported by Linux ● How much work/research/porting/hacking do you want to do yourself? – E.G. Low budget: ● PDAs MP4 video players (from China off Ebay for £20) ● Older games consoles (Dreamcast, PS2, Game Cube) – E.G. Higher budget: ● Handheld games consoles (PSP, GP2X) ● Set top boxes/routers (Dreambox, Linksys routers)
  • 6. Get your build environment together ● Toolchain – GCC – Binutils (ar, as, ld, objdump, objcopy, readelf) – Debugger ● If the target system has in circuit debugging ability ● GDB ● Interface from GDB to target – OpenOCD for JTAG, BDM patches for FreeScale MCUs ● Above will have “arch-binaryformat-” prefix – E.G. arm-elf-gcc, m68k-linux-objdump
  • 7. Test the tool chain ● If system doesn't come with Linux on it already, best to start with some bare board code – C run time (assembly code to prepare CPU configuration and stack to run C code, then call main()) – Linker script ● Tells code what memory address it will be running from, so function calls are compiled to JMP instructions to the correct addresses – Makefile ● Sets compile/linker commands to use the cross compiling tool chain, passes linker script to linker
  • 8. Memory management ● Process memory map on typical Linux system with an MMU: .text 0x00000000 .data .bss Dynamic memory 0x40000000 Stack0xC0000000 Kernel .text Kernel .data Kernel .bss Kernel dynamic memory Hardware access ranges Physical memory Page table Linear mapping
  • 9. Memory Management ● Process memory map created by default linker script, included with tool chain ● When building “Bare board” code, or an operating system kernel, need to specify custom linker script ● Script specifies where code is in output file (ELF) and what address it will be at when MMU is enabled and page tables configured
  • 10. Lack of memory management ● Low end micro controllers often don't have memory management units – Less complexity in silicon ● Cheaper ● Lower power consumption ● Simpler for writing bare board software from scratch ● Not so easy for running Linux – No virtual memory addresses ● Processes can't all have the same memory map ● Can't “grow” process address space with sbrk()
  • 11. Lack of memory management ● Solution: uCLinux – All processes loaded to different physical addresses ● New binary format (FLAT) to handle this – Different memory allocator ● No brk()/sbrk() system call ● Power of 2 – No fork() system call ● Can't duplicate process memory map because physical addresses must all be different ● Forces application modification to use vfork()
  • 12. Benefits of no MMU ● Cheaper development tool setup – Was developing a Linux driver on a v4 Coldfire board (with MMU) at work – Tried to debug kernel with m68k-linux-bdm-gdb – GDB has no concept of virtual addresses ● Written to debug user mode processes – As soon as GDB tried to read a kernel variable at a virtual address – Bus error ● Wasn't translating virtual address to physical address – Never had a problem on previous board (with no MMU) because virtual address=physical address
  • 13. Benefits of no MMU ● Used one of these: Lauterbauch Trace32 ● Could have used KGDB – Architecture specific code needs porting
  • 14. Getting the code onto the target ● Plug and prey – Can take a few goes to get right – Becomes tiresome trying out changes ● Program the flash/RAM in target – Requires either: ● Boot loader/monitor preprogrammed into boot ROM – Not likely on a retail product ● Debug interface hardware and connector on target – This can be very slow with cheaper debug interface – Very very slow for programming flash in target
  • 15. Getting code onto the Juicebox ● The S3C44B0X has JTAG interface, connector pads are present on JB board
  • 16. Joint Test Action Group overview ● Serial data In, Out and Clock lines allow data bits to be clocked in and out of the Test Access Port (TAP) on the device ● TMS controls state machine in TAP ● Devices may be chained:
  • 17. Joint Test Action Group overview ● Serial bits clocked in control device pins through a path of cells known as the Boundary Scan Register:
  • 18. Joint Test Action Group overview ● Toggling TMS signal cycles TAP through a state machine ● This allows the device pins to be set to the data clocked in via TDI ● Or to capture the device pin state and clock it out via TDO ● Control of the pins on the device give control of the device itself, and RAM/flash connected to the device ● So JTAG can be used to program memory in target
  • 19. The JTAG Wiggler ● Macraigor is a company making hardware and software for embedded development ● They created the standard “Wiggler” design for connecting PC to target via JTAG:
  • 20. The JTAG Wiggler ● Everyone soon realised the Wiggler is just a buffer chip on the end of a parallel cable ● Olimex clone:
  • 21. The JTAG Wiggler ● Home made version:
  • 22. It doesn't work- now what? ● Systematic approach ● Start at one end (I.E. Bottom of hardware/ top of software) and work to the other ● The JTAG connection to the Juicebox wouldn't work – Started with the software ● Check permissions – retry as root ● Check parport_pc kernel module not loaded, interferes with direct port access – Then moved down to parallel port setup in BIOS
  • 23. Juicebox JTAG not working ● Then checked cable wired correctly – ensure board schematic drawn with same connector gender as actually used ● Then checked the schematic:
  • 24. Juicebox JTAG not working ● Result: schematic incorrect ● Amendments made to the website where I copied it from 5 days later ● Used that schematic because it was in Eagle CAD format ● Moral of the story – The less work you do yourself, the more susceptible you are to mistakes made by others doing the work for you
  • 25. Getting Linux running on a target system ● Retail gadgets – Usually some kind of kludge/hack to get own code running – Boot loader often runs checksum calculation over a range of the code – Games consoles/handhelds ● Generally require a massive exploit to be found before any progress is made
  • 26. Getting uCLinux running on the Juice Box ● Can run home brew code relatively easy – Can download binary to RAM/flash using Jtager – Can download ELF using GDB+OpenOCD ● Running code from a fresh boot, not so easy – Need to steal first 512 bytes from a “Juiceware” video cartridge and patch with some hex to add a branch instruction to the custom code
  • 27. Getting uCLinux running on the Juice Box ● Not actually done this yet ● Have built a “cartridge” to interface some programmable NAND flash to the S3C44B0X:
  • 28. Getting uCLinux running on the Juice Box ● Downloading even a minimal Kernel to RAM or flash over JTAG takes forever – Have built the kernel to run from RAM as configured by Emsoft – Will write this to flash once ● Currently crafting a boot loader to prepare the CPU, then dump the kernel from flash to RAM and run it