Tom's computer pages

April 30, 2024

A hobos guide to OpenOCD, part 3

In part 2, we had success with our Zynq based Ebaz-4205 board and the Segger J-link clone I built a cable for.

I decided to use just a touch of Tcl to generate an ebaz.cfg file:

# Startup/config script for the Ebaz-4205
# Tom Trebisky  4-30-2024

#openocd -f /usr/share/openocd/scripts/interface/jlink.cfg

source [find interface/jlink.cfg]

transport select jtag

jtag newtap zynq_pl bs -irlen 6 -ircapture 0x1 -irmask 0x03 \
    -expected-id 0x23727093 \
    -expected-id 0x13722093 \
    -expected-id 0x03727093 \
    -expected-id 0x03736093

jtag newtap zynq cpu -irlen 4 -ircapture 0x1 -irmask 0xf -expected-id 0x4ba00477

dap create zynq.dap -chain-position zynq.cpu

target create zynq.cpu0 cortex_a -dap zynq.dap \
    -coreid 0 -dbgbase 0x80090000
target create zynq.cpu1 cortex_a -dap zynq.dap \
    -coreid 1 -dbgbase 0x80092000

targets zynq.cpu0

This allows us to start openocd with just this:

openocd -f ebaz.cfg

Of course I have to be in a project directory that contains that file. In general I have a Makefile in that directory and just use "make ocd". It has long been my practie to use "make" to make my life nicer and simpler.

What about a "script" full of handy commands

Inside the telnet window to port 4444, I type this:

source break.cfg

This runs the commands in the file "break.cfg" which looks like this:

targets zynq.cpu0
halt
rbp all
bp 0x200 8 hw
bp 0x1200 8 hw
bp 0x2200 8 hw
bp 0xffff0200 8 hw
resume

I also put these commands into "dump.cfg" --

dump_image ocm_lo.bin 0 0x30000
dump_image ocm_hi.bin 0xffff0000 0x10000

I type "source dump.cfg" in the telnet window. It takes quite a while, but it finishes and I see:

ls -l *.bin
-rw-r--r-- 1 tom tom  65536 Apr 30 17:39 ocm_hi.bin
-rw-r--r-- 1 tom tom 196608 Apr 30 17:38 ocm_lo.bin

So, why make scripts like this? They are clearly a win if you are going to do the same thing over and over. I also find it much "nicer" to use an editor and put complex commands into a script than to type them into some kind of interactive prompt. And they end up being a record of things you did for later days.

Note that we can load images to target memory also using the "load_image" command. OpenOCD supports various file formats: bin, elf, intel-hex, s19.

load_image addr filename format
load_image 0xffff0000 test.bin bin

This command has other options and there are other variants.

Is this the bootrom?

Maybe. How can we know? Maybe it is the FSBL. We can find the FSBL and compare it to this. We can also disassemble this and study it a bit.

The TRM says that the bootrom code is 128K in size, and that there is also 256K of sram as OCM (on chip memory).

How does an ARM processor come out of reset? As I remember this can vary with different SoC. We generally expect an 8 byte reset "vector" with the first 4 bytes the initial stack and the next 4 the initial PC. Likely it will be at 0x0 or 0xffff0000.

Feedback? Questions? Drop me a line!

Tom's Computer Info / [email protected]