Originally Posted by
steveo
using the eeprom is another option if you could write a compact enough kernel to fit in there, however that eeprom (at least in EE) was locked via the config register by GM, so during the first flash it is impossible to write. you would need to patch the bin's init code to alter the config register, write the bin fully, then reboot the ecm to have write access to that area (which i have done successfully, but it means your first write would always be at risk, right?) my flash tool writes that entire area as well, i figured one day someone might want to relocate a table there and allow really quick and safe updates to it
Interesting that locking of the register... I think we can get around that.
Writing the config register is locked into it's state once 64 eclocks have been run. Looking at the software (at least for '97) the code does this:
Code:
; VECTOR TO $4C46
ORG $4C46
LOC_4C46: JMP $6621
ORG $6621
LOC_6621: LDS #$1FFF ; SET STACK AT TOP OF EXTERNAL RAM
LDAA #$01 ; INTERNAL RAM AT $0000, REGISTERS AT $1000
STAA $103D ; CPU INIT
LDAA #$99 ; CONFIGURATION OPTIONS
STAA $1039 ; CPU OPTION
LDAA #$03 ; TIMER CONFIGURATION OPTIONS
STAA $1024 ; CPU TMSK2
CLR $1035 ; BPROT: PERMISSIONS TO WRITE EEPROM/CONFIG REG
LDD $201F ; $0A02
LDAB $0200 ; EEPROM PROGRAMMING TIMER
CMPB #$55 ; LOOK FOR TAG: $55
BEQ $664B ; FOUND, NO BLOCK PROTECTION
LDAA #$10
CMPB #$AA ; LOOK FOR TAG: $AA
BEQ $6648 ; OVERWRITE PROTECTING BPROT
LDAA #$11 ; OVERWRITE PROTECTING PTCON, BLOCK 0
LOC_6648 STAA $1035 ; WRITE BPROT
LOC_664B LDAA #$15 ; CONTINUE WITH BOOT
Downloading to ram a small routine that sets location $0200 to $55 will make the next run un-protected. The normal case is protected as you suggest. The download software need be only a few instructions. First set the tag location to $55, then a tight loop with no COP resetting. Once the COP expires (some nominal delay) a second routine can be run to program the EEPROM and OPTION registers. From then on all resets should go to the vector stored in EEPROM.
I think the programming can be done with no exposure to brickage. Still the problem of writing a kernel, but it need only be a boot loader for the programming software.
What have I missed? I hope to test this out v soon.
-Tom
Bookmarks