Bootloader FAQ

From PhatHack Wiki
Jump to navigation Jump to search

When the EP7312 chip boots up, it starts executing code at 0x00000000, which is where the Flash ROM is located in memory. The bootloader is a custom piece of code that handles verifying the signatures of the hard drive as well as several files on the PHTSYS partition, and then it loads the linux kernel and ramdisk and continues on with the boot process.

code outline

In more detail, here is an outline of what the bootloader does:

error(n) will be shorthand for "flash green LED n times and then start flashing it forever and hang"
code begins at 0x00000000 (flashrom start)
Initialize CPU state (enable MMU, enter supervisor mode)
copy first 0x5000 (20K) of code into external SDRAM, starting at 0xC0005000
jump to 0xC0005000

initialize UART1, set to 115200 8N1
initialize system registers: SYSCON[123], MEMCFG[12], PADDR, PADR, PEDDR, PEDR
intialize beginning of ram (0xC0000000+0x4000) to some bizzarro table of unknown purpose :)

Turn on green LED

Reset IDE drive 0, enable read look-ahead (caching)
Read partition table, or error(6)

Check partition table for 0xAA55 magic code, or error(7)

Check partition 1's drive type and make sure it's either 0x1B or <= 0x11 (?), or error(8)

Read partition 1 boot sector, or error(9)

Check bootsector  for 0xAA55 magic code, or error(10)
Read in info from bootsector

BOOT0:
Read drive model and serial (using ATA IDENTIFY command)
Write "BOOT0-0 OK" to bootloadlog
Read drive signature from last sector before partition 1 starts
Log "BOOT0-1 OK" if this succeeds, otherwise write "BOOT0-1 Failed" and error(11)
  
Verify drive model and serial against drive signature sector
Log "BOOT0 Successful" if this succeeds, otherwise write "BOOT0-2 Failed" and jump back to start of BOOT0
 
BOOT9:
Verify signature of "rc.sh" against "rc.sig"
Log "BOOT9 Successful" or "BOOT9-X Failed" and jump back to BOOT0
 
BOOTB:
Verify signature of "phatd" against "phatd.sig"
Log "BOOTB Successful" or "BOOTB-X Failed" and jump back to BOOT0

BOOTF:
Load "linux" (kernel) into memory at 0xC0038000
Verify kernel against "linux.sig"
Log "BOOTF Successful" or "BOOTF-X Failed" and jump back to BOOT0

BOOT*:
Load "ramdisk" into memory at 0xC0C00000
Verify ramdisk against "ramdisk.sig"
Log "BOOT* Successful" or "BOOT*-X Failed" and jump back to BOOT0
 
Turn off green LED

Clear out memory at 0xC0023000  + 0x4000
Write kernel boot param struct at 0xC0023000
(command line = "init=/bin/bash")

Jump to kernel!

bootload.log

If you are having trouble with your PhatBox refusing to boot, PhatNoise kindly provided an undocumented way for us to gain insight into the booting process.

Create a non-empty file called "bootload.log" on the PHTSYS partition of the drive; copying over my 90k phatbox.ini file worked for me. The contents are not important; they will be erased.

When the device boots (or tries to boot), if it finds this file it will write out status information to this file.

A successful boot looks like this:

BOOT0-0: OK
BOOT0-1: OK
BOOT0: Successful
BOOT9: Successful
BOOTB: Successful
BOOTF: Successful
BOOT*: Successful 

This indicates:

  • BOOT0-0: OK - successfully executed IDE IDENTIFY to read serial and model from drive hardware - if this fails, you get no bootload.log at all
  • BOOT0-1: OK - Read in the drive signature sector , Failed: Could not read sector from drive
  • BOOT0: Successful - signature verified with drive serial and model, or BOOT0-2: Failed
  • BOOT9: verified rc.sh
  • BOOTB: verified phatd
  • BOOTF: loaded/verified linux (kernel)
  • BOOT*: loaded/verified ramdisk

An example of a failed boot attempt:

BOOT0-0: OK
BOOT0-1: OK
BOOT0-2: Failed 

That occurred when I tried to replace my drive's signature, and the signature check failed. At this point, that is what you should expect to see on any other hard drive placed into the system.