Bost - Built-in Onboard Self Test Options

[fladda]

The original Siemens bootlader contains the code for BOST - the Simpad's Built-in Onboard Self Test routines. BOST even has an option to programme the fabdata string(s) - in answer to Digi's question this is how it can be done !

Not sure if you can access BOST using the standard Siemens 2.4 or 2.5.3 bootloaders. I managed to get BOST running by simply changing one byte of the 2.4 bootloader code, and then reflashing the modified 2.4 bootloader into my Simpad.

Instructions to follow (first I want to have a look at the test commands:-)

Ralph

BOST Commands:
a,A b,B : Connect Audio Path Mike => Speaker and Headset, exit with 'e'
a,A h,H or s,S : Audio Path Mike => Headset or Speaker, exit with 'e'
a,A t,T : Short Tone burst to Speaker and Headset
b,B 1..6 : Control Backlight brightness
c,C i,I : Init and Accesstest CODEC UCB1200 / UCB1300
c,C j,J 1..3 : Get CODEC AD1: BL_POWER, AD2: DC_IN_FUSED, AD3: ICHARGE
c,C k,K : Get P and X,Y-Coordinates from Touch Panel
c,C l,L : Loop Get P and X,Y-Coordinates, exit with 'e'
d,D a,A : ATM commands to DECT Modul MD34
d,D b,B : Set DIV_BAUD for UART1 (default = 0x01)
d,D c,C : Connect MD34 to DECT Base Station BS3070
d,D d,D or i,I : DECT Module Power Down or Init DECT Modul MD34
d,D e,E : Escape Command +++ to DECT Modul
d,D f,F : Back to Factory settings DECT Modul
f,F d,D or r,R : Display Fabdata Magic or Read Fabdata buffer
f,F s,S : Write Serial number to Fabdata buffer
f,F t,T or l,L : Write Test Date Ttt.mm.jj or Load Date Ltt.mm.jj
g,G b,B or w,W : Fill Background with Black or White
g,G h,H or v,V : Fill Color Pattern horizontal or vertical
g,G l,L or n,N : Write White or Black Lines
h,H,? : Help text
i,I b,B : Set DIV_BAUD for UART2 (default = 0x01)
i,I r,R or t,T : Receive or Transmit 20 Bytes from/to IrDA
l,L 2 or 0 : Set LED2 on or off
m,M a,A : Set ACCESS to RAM (default = 0x32)
m,M b,B or e,E : Set RAM BEGIN-ADR or END-ADR (default = 0)
m,M d,D or m,M : RAM Data Test or RAM Memory Test
n,N c,C or g,G or s,S : Get CODEC or GPIO or CS3 DIN Port
n,N k,K or m,M : Alternate Output 32kHz or 3.6MHz at GPIO_27
o,O h,H or l,L : High or Low to CS3 Latch Pins
o,O i,I or o,O : In or Out in GPIO Pin Direction Register (GPDR)
o,O c,C or s,S : Clear or Set GPIO Output Register (GPCR or GPSR)
p,P 0 or 3 or 5 : PCMCIA Vcc/Vpp to 0V or 3.3V or 5V
p,P a,A or s,S : Set ACCESS Variable or DOUT Variable
p,P d,D or m,M : PCMCIA RAM Data Test or PCMCIA Memory Test
p,P r,R or w,W : Read DIN from or write DOUT to PCMCIA Address
r,R : Soft Reset
s,S a,A or s,S or i,I : Smart Card Answer to Reset (ATR) or Init TDA8007
u,U d,D or e,E : Disable or Enable USB Device Controller
u,U s,S : Get UDC Status Register
v,V : BOST Version
x,X : Power Off
y,Y : FLASH Burst Test
z,Z : Memory Dump
(Textlen 2297 Bytes)

[Digi]

These items look very familiar!!! I saw most of them looking at the bootloaders with a hex-editor, and thats what made me post the question with the extended commands. Veeery interesting!

Digi

The original Siemens bootlader contains the code for BOST - the Simpad's Built-in Onboard Self Test routines. BOST even has an option to programme the fabdata string(s) - in answer to Digi's question this is how it can be done !

Not sure if you can access BOST using the standard Siemens 2.4 or 2.5.3 bootloaders. I managed to get BOST running by simply changing one byte of the 2.4 bootloader code, and then reflashing the modified 2.4 bootloader into my Simpad.

Instructions to follow (first I want to have a look at the test commands:-)

Ralph

BOST Commands:
a,A b,B  : Connect Audio Path Mike => Speaker and Headset, exit with 'e'
a,A h,H or s,S : Audio Path Mike => Headset or Speaker, exit with 'e'
a,A t,T  : Short Tone burst to Speaker and Headset
b,B 1..6 : Control Backlight brightness
c,C i,I  : Init and Accesstest CODEC UCB1200 / UCB1300
c,C j,J 1..3 : Get CODEC AD1: BL_POWER, AD2: DC_IN_FUSED, AD3: ICHARGE
c,C k,K  : Get P and X,Y-Coordinates from Touch Panel
c,C l,L  : Loop Get P and X,Y-Coordinates, exit with 'e'
d,D a,A  : ATM commands to DECT Modul MD34
d,D b,B  : Set DIV_BAUD for UART1 (default = 0x01)
d,D c,C  : Connect MD34 to DECT Base Station BS3070
d,D d,D or i,I : DECT Module Power Down or Init DECT Modul MD34
d,D e,E  : Escape Command +++ to DECT Modul
d,D f,F  : Back to Factory settings DECT Modul
f,F d,D or r,R : Display Fabdata Magic or Read Fabdata buffer
f,F s,S  : Write Serial number to Fabdata buffer
f,F t,T or l,L : Write Test Date Ttt.mm.jj or Load Date Ltt.mm.jj
g,G b,B or w,W : Fill Background with Black or White
g,G h,H or v,V : Fill Color Pattern horizontal or vertical
g,G l,L or n,N : Write White or Black Lines
h,H,?    : Help text
i,I b,B  : Set DIV_BAUD for UART2 (default = 0x01)
i,I r,R or t,T : Receive or Transmit 20 Bytes from/to IrDA
l,L 2 or 0 : Set LED2 on or off
m,M a,A  : Set ACCESS to RAM (default = 0x32)
m,M b,B or e,E : Set RAM BEGIN-ADR or END-ADR (default = 0)
m,M d,D or m,M : RAM Data Test or RAM Memory Test
n,N c,C or g,G or s,S : Get CODEC or GPIO or CS3 DIN Port
n,N k,K or m,M : Alternate Output 32kHz or 3.6MHz at GPIO_27
o,O h,H or l,L : High or Low to CS3 Latch Pins
o,O i,I or o,O : In or Out in GPIO Pin Direction Register (GPDR)
o,O c,C or s,S : Clear or Set GPIO Output Register (GPCR or GPSR)
p,P 0 or 3 or 5 : PCMCIA Vcc/Vpp to 0V or 3.3V or 5V
p,P a,A or s,S : Set ACCESS Variable or DOUT Variable
p,P d,D or m,M : PCMCIA RAM Data Test or PCMCIA Memory Test
p,P r,R or w,W : Read DIN from or write DOUT to PCMCIA Address
r,R      : Soft Reset
s,S a,A or s,S or i,I : Smart Card Answer to Reset (ATR) or Init TDA8007
u,U d,D or e,E : Disable or Enable USB Device Controller
u,U s,S  : Get UDC Status Register
v,V      : BOST Version
x,X      : Power Off
y,Y      : FLASH Burst Test
z,Z      : Memory Dump
(Textlen 2297 Bytes)

[fladda]

I also found the BOST stuff whilst I was having a look at the bootloader code using my old Acorn RiscPC (which comes complete with a built in ARM dissassembler;-)

I had a very lucky guess that the BOST code was disabled by Siemens by removing the 'b' option in the Monitor menu. I just changed one of the other letters in the menu assembler code to a 'b'.

=====================
Monitor:
=====================
Boot from Flash 'f'
Boot from Net 'n'
Power Off 'o'
Erase PSM+Registry'p'
Exit 'q'
Erase Registry 'r'
Soft Reset 's'
Print Fab-String 'w'
->

Would make sense to change the 'q' to a 'b'. Then exiting from the monitor menu would take you straight into the BOST routines.

I will re-modify the code just to be sure, and then post the instructions how to modify the Siemens bootloader...

Ralph

These items look very familiar!!! I saw most of them looking at the bootloaders with a hex-editor, and thats what made me post the question with the extended commands. Veeery interesting!

Digi

[fladda]

WARNING - THIS MODIFICATION MIGHT 'BRICK' YOUR SIMPAD. UNTIL THIS HAS BEEN VERIFIED I WOULD STRONGLY RECOMMEND THAT LOADING A MODIFIED BOOTLOADER INTO YOUR SIMPAD SHOULD ONLY BE UNDERTAKEN BY PEOPLE WHO KNOW HOW TO USE JTAG TO RECOVER THE BOOT LOADER.

OK to get the BOST code to run from the Siemens monitor menu.

1. Find a copy of the original Siemens bootloader version 2.4 "loader_bl".

2. Change the byte at offset address:-

0x0016b4 from 0x71 ("q") to 0x62 ("b") (this is the important bit)

000016B4 CMPNE R0,#&71 changes to CMPNE R0,#&62

3. Then change the string at offset 0x01d820 (in the text near the end of the file)

From Exit ... 'q' to BOST ... 'b'

This is just a cosmetic change to alter the menu string, as below:-

=====================
Monitor:
=====================
Boot from Flash 'f'
Boot from Net 'n'
Power Off 'o'
Erase PSM+Registry'p'
BOST 'b'
Erase Registry 'r'
Soft Reset 's'
Print Fab-String 'w'

5. Save the modified bootloader file - I used the filename 'bootmod'.

6. Assuming that the Simpad already had the Siemens 2.4 or 2.5.3 bootloader installed. Connect up the serial cable to a terminal (I use Hyperterminal on a win98 PC) at 38.4kb 8N1 hardware handshaking.

7. Reset the Simpad and get the monitor menu. If monitor menu does not appear, then continuously press the 'escape' key on the PC keyboard whilst you reset the Simpad. Alternatively hold the lower key down on the Simpad whilst you press the reset key - this will bring up the monitor menu.

8. Enter the extended command 'x'.

9. Type 'e' and then 'b' which should being up the menu to erase the existing boot image. Type 'y' to erase. Note that this does not appear to erase the master boot file from the 16-bit part of the Simpad's flash. When you reset the Simpad, it will re-load the boot image.

=====================
Monitor:
=====================
Boot from Flash 'f'
Boot from Net 'n'
Power Off 'o'
Erase PSM+Registry'p'
Exit 'q'
Erase Registry 'r'
Soft Reset 's'
Print Fab-String 'w'
-> x

Extended Command
Enter hexcode to execute:eb
Erasing Bootstrap. Please Wait
[***************************************-]

Bootstrap Erased.
You will see me never again.
ByeBye !

10. Rest the Simpad again. The following test should appear:-

PBL V2.4 20.07.2001
Booting internal PBL image...
================================================
Siemens Switzerland Bootloader V2.4 20.07.2001
Running @206Mhz Processor ID 0x6901b118
Press ESC for monitor
Occupied Memory: [0x00004000-0x00008000],[0x01f00014-0x01f74b9c]
Flash Id 0x00000018 at virt adr 0x05000000 Size 0x01000000
No 32Bit Flash detected 0x00000000
FlashImage Checksum 0x05040014-0x05061ab0=0xffff7959 Image Update, Old Image unchecked
Fabdata Flash @0x05040014 Ram @0x01f21ab4 Init Fabdata... Done
[***************************************\]
Firmware Update Successfully Finished
Press Button to restart
Firmware Update Successfully Finished
Press Button to restart
Firmware Update Successfully Finished
Press Button to restart
etc.

11. Close the terminal session to release the serial port.

12. Use serial load programme to load in the modified bootloader.

C:\simpad> serload <filename>

13. When completed, reset the Simpad and you should now get the monitor option to enter BOST. Type 'h' for a list of the commands.

=====================
Monitor:
=====================
Boot from Flash 'f'
Boot from Net 'n'
Power Off 'o'
Erase PSM+Registry'p'
BOST 'b'
Erase Registry 'r'
Soft Reset 's'
Print Fab-String 'w'
-> b

Start BOST Siemens

BOST SIMPAD V1.01

etc...

e.g. memory monitor allows you to look as memory locations:-


z(b)yte,(w)ord,(l)ong :Adr: $00080000
00080000 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00080010 ff bf ff ff ff ff ff ff ff ff ff ff bf ff ff ff ................
00080020 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00080030 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00080040 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00080050 ff ff ff ff ff ff ff ff ff ff ff ff fe ff ff ff ................
00080060 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00080070 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00080080 ff bf ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00080090 ff ff ff ff ff ff ff ff fd ff ff ff df ff ff ff ................
000800a0 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000800b0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000800c0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000800d0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000800e0 ff ff ff ff ff ff ff ff fe ff ff ff ff ff ff ff ................
000800f0 ff ff ff ff ff ff ff ff ff ff ff ff ff ef ff ff ................

Some of the commands appear to be vaguely useful, especially if you have a Simpad that has an unresolved problem (like one of mine:-().

A similar 'modification' will probably also work for the Siemens 2.5.3 bootloader, although I've not tried this yet. Note that I've found that the original Siemens rev. 2.4 bootloader to be easier to use for loading images, as the 2.4 bootloader never has a problem 'seeing' the incoming serial data. I often have to do 20-30 resets in succession with the 2.5.3 loader before it 'sees' that there is a serload 'in progress'. I suspect that this has caused many people to believe that their Simpad is 'bricked' !

And for all I know you can enter BOST directly without modifying the bootloader. If anybody knows how to do this, then please do let us know...

Hope that somebody out there finds this useful...

Ralph