[U-Boot] mystery boot code in MPC8247-based device

Ben Gelb ben.gelb at gmail.com
Tue Dec 23 23:25:57 CET 2014 

I am working on a MPC8247-based device that is not booting. I can see
that the CPU is properly powered and gets out of reset, but that the
software watchdog is timing out every ~1.3 sec and sending the device
back into reset again.

The board has a 1Mbit flash EEPROM used for booting, and a larger
32Mbit NAND device that contains the full OS and firmware. I can see
that the boot ROM is being accessed, and that the flash is never
accessed. Also, the serial port on the board never has any output.

I managed to dump the boot EEPROM using JTAG boundary scan, and so
have been poking around inside to see if it has any obvious
corruption.

The boot code is indeed based on U-Boot, and inspecting the first few
instructions I can see that the reset vector routine (located at
0x100) is pretty much an exact match with the mpc8260/start.S from the
U-Boot tree. There is one major exception though - there are 6 dwords,
starting from 0x100, that are not found in U-Boot (The U-Boot start.S
code actually begins at 0x118). The first dword does not appear to
actually be an instruction. See below:

(omitting HRCW)

// what is this first part???
     100:       04 a0 00 01     .long 0x4a00001
     104:       60 00 00 00     nop
     108:       48 00 00 10     b       0x118
     10c:       00 00 00 00     .long 0x0
     110:       3a a0 00 02     li      r21,2
     114:       48 00 00 04     b       0x118

// below matches _start: in mpc8260/start.S

     118:       7c a0 00 a6     mfmsr   r5
     11c:       3c 60 f0 00     lis     r3,-4096 // r3 <- 0xf0000000
     120:       60 63 00 00     ori     r3,r3,0
     124:       3c 80 0f 01     lis     r4,3841 // r4 <- 0x0f010000
     128:       90 64 01 a8     stw     r3,424(r4) // MEM(0x0f0101a8)
<- 0xf0000000 (load new IMMR base addr)

.... and so on.

(compare to http://git.denx.de/cgi-bin/gitweb.cgi?p=u-boot.git;a=blob;f=arch/powerpc/cpu/mpc8260/start.S,
line 137)

Does anybody have any thoughts on what the first "instruction"
0x04a00001 would cause the CPU to do when it is sent to 0x100 on
reset? I'm not much of a PPC expert, but that doesn't seem to
correspond to a legal instruction.

Seems like it was probably put there for a reason, but I'd be
interested to know how its supposed to work.

Thanks,
Ben

More information about the U-Boot mailing list