1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
|
.. SPDX-License-Identifier: GPL-2.0+
.. sectionauthor:: Vlad Lungu <vlad.lungu@windriver.com>
QEMU MIPS
=========
Qemu is a full system emulator. See http://www.nongnu.org/qemu/
Limitations & comments
----------------------
Supports the "-M mips" configuration of qemu: serial,NE2000,IDE.
Supports little and big endian as well as 32 bit and 64 bit.
Derived from au1x00 with a lot of things cut out.
Supports emulated flash (patch Jean-Christophe PLAGNIOL-VILLARD) with
recent qemu versions. When using emulated flash, launch with
-pflash <filename> and erase mips_bios.bin.
Notes for the Qemu MIPS port
----------------------------
Example usage
^^^^^^^^^^^^^
Using u-boot.bin as ROM (replaces Qemu monitor):
32 bit, big endian
.. code-block:: bash
make qemu_mips
qemu-system-mips -M mips -bios u-boot.bin -nographic
32 bit, little endian
.. code-block:: bash
make qemu_mipsel
qemu-system-mipsel -M mips -bios u-boot.bin -nographic
64 bit, big endian
.. code-block:: bash
make qemu_mips64
qemu-system-mips64 -cpu MIPS64R2-generic -M mips -bios u-boot.bin -nographic
64 bit, little endian
.. code-block:: bash
make qemu_mips64el
qemu-system-mips64el -cpu MIPS64R2-generic -M mips -bios u-boot.bin -nographic
or using u-boot.bin from emulated flash:
if you use a QEMU version after commit 4224
.. code-block:: bash
# create image:
dd of=flash bs=1k count=4k if=/dev/zero
dd of=flash bs=1k conv=notrunc if=u-boot.bin
# start it (see above):
qemu-system-mips[64][el] [-cpu MIPS64R2-generic] -M mips -pflash flash -nographic
Download kernel + initrd
^^^^^^^^^^^^^^^^^^^^^^^^
On ftp://ftp.denx.de/pub/contrib/Jean-Christophe_Plagniol-Villard/qemu_mips/
you can downland::
#config to build the kernel
qemu_mips_defconfig
#patch to fix mips interrupt init on 2.6.24.y kernel
qemu_mips_kernel.patch
initrd.gz
vmlinux
vmlinux.bin
System.map
Generate uImage
^^^^^^^^^^^^^^^
.. code-block:: bash
tools/mkimage -A mips -O linux -T kernel -C gzip -a 0x80010000 -e 0x80245650 -n "Linux 2.6.24.y" -d vmlinux.bin.gz uImage
Copy uImage to Flash
^^^^^^^^^^^^^^^^^^^^
.. code-block:: bash
dd if=uImage bs=1k conv=notrunc seek=224 of=flash
Generate Ide Disk
^^^^^^^^^^^^^^^^^
.. code-block:: bash
dd of=ide bs=1k count=100k if=/dev/zero
# Create partion table
sudo sfdisk ide << EOF
label: dos
label-id: 0x6fe3a999
device: image
unit: sectors
image1 : start= 63, size= 32067, Id=83
image2 : start= 32130, size= 32130, Id=83
image3 : start= 64260, size= 4128705, Id=83
EOF
Copy to ide
^^^^^^^^^^^
.. code-block:: bash
dd if=uImage bs=512 conv=notrunc seek=63 of=ide
Generate ext2 on part 2 on Copy uImage and initrd.gz
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. code-block:: bash
# Attached as loop device ide offset = 32130 * 512
sudo losetup -o 16450560 /dev/loop0 ide
# Format as ext2 ( arg2 : nb blocks)
sudo mkfs.ext2 /dev/loop0 16065
sudo losetup -d /dev/loop0
# Mount and copy uImage and initrd.gz to it
sudo mount -o loop,offset=16450560 -t ext2 ide /mnt
sudo mkdir /mnt/boot
cp {initrd.gz,uImage} /mnt/boot/
# Umount it
sudo umount /mnt
Set Environment
^^^^^^^^^^^^^^^
.. code-block:: bash
setenv rd_start 0x80800000
setenv rd_size 2663940
setenv kernel BFC38000
setenv oad_addr 80500000
setenv load_addr2 80F00000
setenv kernel_flash BFC38000
setenv load_addr_hello 80200000
setenv bootargs 'root=/dev/ram0 init=/bin/sh'
setenv load_rd_ext2 'ide res; ext2load ide 0:2 ${rd_start} /boot/initrd.gz'
setenv load_rd_tftp 'tftp ${rd_start} /initrd.gz'
setenv load_kernel_hda 'ide res; diskboot ${load_addr} 0:2'
setenv load_kernel_ext2 'ide res; ext2load ide 0:2 ${load_addr} /boot/uImage'
setenv load_kernel_tftp 'tftp ${load_addr} /qemu_mips/uImage'
setenv boot_ext2_ext2 'run load_rd_ext2; run load_kernel_ext2; run addmisc; bootm ${load_addr}'
setenv boot_ext2_flash 'run load_rd_ext2; run addmisc; bootm ${kernel_flash}'
setenv boot_ext2_hda 'run load_rd_ext2; run load_kernel_hda; run addmisc; bootm ${load_addr}'
setenv boot_ext2_tftp 'run load_rd_ext2; run load_kernel_tftp; run addmisc; bootm ${load_addr}'
setenv boot_tftp_hda 'run load_rd_tftp; run load_kernel_hda; run addmisc; bootm ${load_addr}'
setenv boot_tftp_ext2 'run load_rd_tftp; run load_kernel_ext2; run addmisc; bootm ${load_addr}'
setenv boot_tftp_flash 'run load_rd_tftp; run addmisc; bootm ${kernel_flash}'
setenv boot_tftp_tftp 'run load_rd_tftp; run load_kernel_tftp; run addmisc; bootm ${load_addr}'
setenv load_hello_tftp 'tftp ${load_addr_hello} /examples/hello_world.bin'
setenv go_tftp 'run load_hello_tftp; go ${load_addr_hello}'
setenv addmisc 'setenv bootargs ${bootargs} console=ttyS0,${baudrate} rd_start=${rd_start} rd_size=${rd_size} ethaddr=${ethaddr}'
setenv bootcmd 'run boot_tftp_flash'
Now you can boot from flash, ide, ide+ext2 and tfp
.. code-block:: bash
qemu-system-mips -M mips -pflash flash -monitor null -nographic -net nic -net user -tftp `pwd` -hda ide
How to debug U-Boot
-------------------
In order to debug U-Boot you need to start qemu with gdb server support (-s)
and waiting the connection to start the CPU (-S)
.. code-block:: bash
qemu-system-mips -S -s -M mips -pflash flash -monitor null -nographic -net nic -net user -tftp `pwd` -hda ide
in an other console you start gdb
Debugging of U-Boot Before Relocation
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Before relocation, the addresses in the ELF file can be used without any problems
by connecting to the gdb server localhost:1234
.. code-block:: none
$ mipsel-unknown-linux-gnu-gdb u-boot
GNU gdb 6.6
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "--host=i486-linux-gnu --target=mipsel-unknown-linux-gnu"...
(gdb) target remote localhost:1234
Remote debugging using localhost:1234
_start () at start.S:64
64 RVECENT(reset,0) /* U-Boot entry point */
Current language: auto; currently asm
(gdb) b board.c:289
Breakpoint 1 at 0xbfc00cc8: file board.c, line 289.
(gdb) c
Continuing.
Breakpoint 1, board_init_f (bootflag=<value optimized out>) at board.c:290
290 relocate_code (addr_sp, id, addr);
Current language: auto; currently c
(gdb) p/x addr
$1 = 0x87fa0000
Debugging of U-Boot After Relocation
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
For debugging U-Boot after relocation we need to know the address to which
U-Boot relocates itself to 0x87fa0000 by default.
And replace the symbol table to this offset.
.. code-block:: none
(gdb) symbol-file
Discard symbol table from `/private/u-boot-arm/u-boot'? (y or n) y
Error in re-setting breakpoint 1:
No symbol table is loaded. Use the "file" command.
No symbol file now.
(gdb) add-symbol-file u-boot 0x87fa0000
add symbol table from file "u-boot" at
.text_addr = 0x87fa0000
(y or n) y
Reading symbols from /private/u-boot-arm/u-boot...done.
Breakpoint 1 at 0x87fa0cc8: file board.c, line 289.
(gdb) c
Continuing.
Program received signal SIGINT, Interrupt.
0xffffffff87fa0de4 in udelay (usec=<value optimized out>) at time.c:78
78 while ((tmo - read_c0_count()) < 0x7fffffff)
|
