Tiny4412 bare metal program code relocation first experience

From the previous section on the analysis of the boot process of Exynos 4412, we know that upon power-on, exynos4412 first executes the code solidified in IROM. iROM first sets up the program running environment (such as turning off the watchdog, interrupt, MMU, stack, PLL, etc.), then determines the boot device (NAND Flash/SD card/other) based on the OM pin, reads BL1 from it and stores it at the address 0x02021400 of iRAM, and finally starts BL1; BL1 reads 14K bytes of data from the appropriate location of the SD card and stores it at the iRAM address 0x02023400, so BL2 cannot be larger than (14K – 4) bytes. This leads to the reason why this section is written: What if our program is very large and larger than 14K? ? ? ?

Let us first introduce two concepts:

The first is the current address of the program, that is, the current address of the program when it is running; the second is the link address of the program, that is, the running address where the program should be located when it is running. When compiling a program, you can specify the link address of the program.

What is relocation?

As for Tiny4412, we have already said that when booting, BL1 will only copy 14K code from the boot device such as SD to IRAM. So what should we do when our program exceeds 14K? Then we need to copy the entire program in the first 14K code to other larger storage spaces such as DRAM, and then jump to DRAM to continue running our code. This process of copying and jumping is called relocation.

In this chapter, we mainly learn how to relocate, but we will not involve how to use DRAM. Instead, we will simply copy the code from 0x02023400 of IRAM to 0x0202a000 of IRAM, and then jump to 0x0202a000 to continue running our code.

1. Program Description

Based on the code of the previous experiment, the start, S files and link script files were modified:

Add the following code to the start.S file:

.text

.globl _start

_start:

/* Disable watchdog */

ldr r0, =0x10060000

mov r1, #0x0

str r1, [r0]

/* Start Icache */

mrc p15, 0, r0, c1, c0, 0

orr r0, r0, #0x00001000 //Open ICache

//bic r0, r0, #0x00001000 //Close ICache

mcr p15, 0, r0, c1, c0, 0

/* Relocation - copy the code from 0x02023400 to the link address 0x0202a000 (specified in the link script) and jump to this address to execute*/

adr r0, _start /* The adr instruction is used to read the physical address of _start in the current run, which is 0x02023400 */

ldr r1, =_start /* Read the link address of _start, which is 0x0202a000 */

ldr r2, =bss_start /* Read the starting address of the bss segment to calculate the number of bytes to be copied*/

cmp r0, r1

beq clean_bss /* If r0=r1, jump to clean_bss, indicating that it is already at the link address*/

/* If r0!=r1, copy as follows*/

copy_loop:

ldr r3, [r0], #4 /* source */

str r3, [r1], #4 /* purpose */

cmp r1, r2 /* Check if the copy is complete*/

bne copy_loop /* If the copy is not complete, continue copying*/

/* Clear bss segment*/

clean_bss:

ldr r0, =bss_start /* r0 stores the starting address of the bss segment*/

ldr r1, =bss_end /* r1 stores the starting address of the bss segment*/

cmp r0, r1

beq run_on_dram /* If r0=r1, jump to run_on_dram, indicating that there is no variable in the bss segment*/

mov r2, #0

clear_loop:

str r2, [r0], #4

cmp r0, r1

bne clear_loop

ldr sp, =0x02060000 

/* Jump */

run_on_dram:

ldr pc, =main /* After executing this sentence, PC points to the link address of main*/

This code mainly implements code relocation, clearing the BSS segment, and jumping to the link address to continue running. The comments are very clear. If there is anything you are not familiar with, you can leave a message to discuss it together.

The link script reload.lds is modified as follows:

SECTIONS {

. = 0x0202A000;

.text : { 

*(.text) 

}

.rodata ALIGN(4) : {

*(.rodata*)

}

.data ALIGN(4) : { 

*(.data*) 

}

bss_start = . ;

.bss ALIGN(4) : { 

*(.bss) *(COMMON) 

}

bss_end = . ;

}

The main additions are the definitions of the starting bss_start and ending bss_end of the bss segment. These two labels are used in start.S.

2. Compile, burn and run

1. Compile

Upload the file to the server via FTP or other tools, and enter the make command to compile it to get the reload.bin file.

2. Burn

Insert the SD card into the computer and let Ubuntu in VmWare recognize it, then execute the following command:

sudo ./sd_fusing.sh /dev/sdb ../8_reload/reload.bin

Insert the SD card into the Tiny4412 development board and power it on. You will see the same running effect as in the previous section (because we did not modify the LED display effect, but only modified the program's running address, which is invisible to the outside world).

3. Disassembly file analysis

Download the disassembled file reload.dis from the server and analyze it briefly:

As can be seen from the figure above, the link address of the program is indeed 0x0202a000 that we specified in the link script

Let's look at the jump instruction again;

202a060: e59ff010 ldr pc, [pc, #16] ; 202a078

Assign the content of the address after adding 24 to the current PC value to PC, that is:

0x202a060 + 8 + 16 = 0x0202a078

Assign the value of address 0x0202a078 to PC

The address 0x0202a0b0 is exactly the entry address of the main function.

I have successfully tested it on my own development board. Interested friends can try it on their own.