[U-Boot] BDIxxxx and others...

[David Hawkins]

Hi Jerry,

>> That being said, a weekend with a logic analyzer on a
>> BDI2000 JTAG connection would probably give you all the
>> info you need to figure out the appropriate JTAG
>> commands.
> 
> The problem is that it is going to be different for every processor 
> family and it may even change between processor revisions.  There is a 
> risk that, if you send the wrong sequence, you will damage your target 
> processor (JTAG+BSDL can burn up chips too if you set outputs to 
> fighting - DAMHIKT).

Yeah, that doesn't sound like something I'd want to do ... again.

> With a large number of internal registers (many unknown) all hooked 
> together into a single scan chain, it will take quite a bit of effort to 
> hit each register individually to correlate the scan chain to the register.
> 
> Oh, and you need to purchase a commercial debugger to do this, at which 
> point you've already spent your money, got your functionality, and lost 
> your incentive.

Indeed - my case exactly.

>> I've wired up the COP connection on my board via an FPGA,
>> so that I could conceivably use the PowerPC JTAG via
>> PCI. However, its the lack of open documentation on the
>> JTAG commands that has limited my interest in pursuing
>> this. However, it would be simple to use that interface
>> to log all JTAG transactions, to figure out all the
>> JTAG TAP instructions.
> 
> The *JTAG* commands *ARE* documented and you can download the BSDL 
> (Boundary Scan Description Language) files for all chips that I've 
> looked at.  This is *NOT* the internal proprietary "COP" scan chain - 
> that just piggybacks on the JTAG/BSDL documented scan chain.  The 
> boundary scan allows you to wiggle the external pins on the processor... 
> e.g. you can drive an address + data + CS*, toggle the WR* pin, and 
> viola, you are programming flash (lots of pain glossed over).

Yeah, I was really referring to COP commands ... so many
acronyms ...

> I've looked at UrJTAG
>   <http://www.urjtag.org/>
> but have not gone further because I already spent the money for a BDI 
> ;-).  I typically use the BDI for debugging for a few hours on board 
> bring up (requires a good board design to start with - thanks, hardware 
> guys!).  After that, the only reason I need the BDI is to recover from 
> loading bad bits into flash.

Yep, same here. Once I figure out how to brick the hardware,
I tend to avoid repeating the same mistake - however I
can generally find more than one way to do it.

> The UrJTAG software + JTAG hardware + BSDL file would allow me to 
> reprogram my flash for a lot less than the cost of a full JTAG debugger. 
>  This is where the USB-TAP support would be Really Nice.

Right. I have the Flash hanging off an FPGA, so can use
the FPGA JTAG to program it too.

Ah well, if some intrepid soul wants to reverse engineer,
and possibly scorch their hardware, they're welcome to
ask here for a USB-TAP, and they can have one of mine :)

Cheers,
Dave