1997 F-Body Tools

**Tom H** · 01-17-2024

Originally Posted by steveo

using the eeprom is another option if you could write a compact enough kernel to fit in there, however that eeprom (at least in EE) was locked via the config register by GM, so during the first flash it is impossible to write. you would need to patch the bin's init code to alter the config register, write the bin fully, then reboot the ecm to have write access to that area (which i have done successfully, but it means your first write would always be at risk, right?) my flash tool writes that entire area as well, i figured one day someone might want to relocate a table there and allow really quick and safe updates to it

Interesting that locking of the register... I think we can get around that.

Writing the config register is locked into it's state once 64 eclocks have been run. Looking at the software (at least for '97) the code does this:

Code:

; VECTOR TO $4C46

		ORG $4C46

LOC_4C46:	JMP	$6621

		ORG $6621

LOC_6621:	LDS	#$1FFF		;  SET STACK AT TOP OF EXTERNAL RAM

		LDAA	#$01		;  INTERNAL RAM AT $0000, REGISTERS AT $1000
		STAA	$103D		;  CPU INIT

		LDAA	#$99		;  CONFIGURATION OPTIONS
		STAA	$1039		;  CPU OPTION

		LDAA	#$03		; TIMER CONFIGURATION OPTIONS
		STAA	$1024		; CPU TMSK2

		CLR	$1035		; BPROT: PERMISSIONS TO WRITE EEPROM/CONFIG REG

		LDD	$201F		; $0A02

		LDAB	$0200		; EEPROM PROGRAMMING TIMER
		CMPB	#$55		; LOOK FOR TAG: $55
		BEQ	$664B		; FOUND, NO BLOCK PROTECTION

		LDAA	#$10
		CMPB	#$AA		; LOOK FOR TAG: $AA
		BEQ	$6648		; OVERWRITE PROTECTING BPROT

		LDAA	#$11		; OVERWRITE PROTECTING PTCON, BLOCK 0

LOC_6648	STAA	$1035		; WRITE BPROT

LOC_664B	LDAA	#$15		; CONTINUE WITH BOOT

Downloading to ram a small routine that sets location $0200 to $55 will make the next run un-protected. The normal case is protected as you suggest. The download software need be only a few instructions. First set the tag location to $55, then a tight loop with no COP resetting. Once the COP expires (some nominal delay) a second routine can be run to program the EEPROM and OPTION registers. From then on all resets should go to the vector stored in EEPROM.

I think the programming can be done with no exposure to brickage. Still the problem of writing a kernel, but it need only be a boot loader for the programming software.

What have I missed? I hope to test this out v soon.

-Tom