From Sharpfin
Jump to: navigation, search

Barracuda module debug over JTAG using OpenOCD

It was tested on Ubuntu 10.04 LTS and reciva-kernel-v24080215+00.tar.bz2 kernel pack.

OpenOCD installation and testing

To install openocd in Ubuntu enter command

sudo apt-get install openocd 

Create openocd config file JTAGdebug.cfg with this contents:

# Parallel port wiggler (many clones available) on port 0xc8b8
telnet_port 4444
gdb_port 3333
interface parport
parport_port 0
parport_cable wiggler
# Found on the 'TinCanTools' Hammer board.
if { [info exists CHIPNAME] } {
  } else {
  set  _CHIPNAME s3c2410
 if { [info exists ENDIAN] } {
 } else {
 # This config file was defaulting to big endian..
  set  _ENDIAN little
if { [info exists CPUTAPID] } {
} else {
  set  _CPUTAPID 0xffffffff
#use combined on interfaces or targets that cannot set TRST/SRST separately
reset_config trst_and_srst
#jtag scan chain
jtag newtap $_CHIPNAME cpu -irlen 4 -ircapture 0x1 -irmask 0xf -expected-id $_CPUTAPID
target create $_TARGETNAME arm920t -endian $_ENDIAN -chain-position $_TARGETNAME -variant arm920t
$_TARGETNAME configure -work-area-virt 0 -work-area-phys 0x30800000 -work-area-size  0x20000 -work-area-backup 0
# speed up memory downloads
arm7_9 fast_memory_access enable
arm7_9 dcc_downloads enable
nand device s3c2410 s3c2410.cpu

Now it's possible to test OpenOCD. Connect JTAG cable to pc, power on radio and execute command in a shell

sudo openocd -f JTAGdebug.cfg 

You should see the output

Open On-Chip Debugger 0.3.1 (2010-01-18-14:21)
For bug reports, read
parport port = 0
trst_and_srst separate srst_gates_jtag trst_push_pull srst_open_drain
fast memory access is enabled
dcc downloads are enabled
Error: Translation from jtag_speed to khz not implemented
Info : interface specific clock speed value 0
Info : JTAG tap: s3c2410.cpu tap/device found: 0x0032409d (mfg: 0x04e, part: 0x0324, ver: 0x0)
Warn : JTAG tap: s3c2410.cpu       UNEXPECTED: 0x0032409d (mfg: 0x04e, part: 0x0324, ver: 0x0)
Error: JTAG tap: s3c2410.cpu  expected 1 of 1: 0xffffffff (mfg: 0x7ff, part: 0xffff, ver: 0xf)
Error: Trying to use configured scan chain anyway...
Warn : Bypassing JTAG setup events due to errors
Info : Embedded ICE version 2

Now you can halt radio connecting to OpenOCD with telnet in a new shell window

telnet localhost 4444 

Telnet output :

Code: [Select]
Trying ::1...
Connected to localhost.
Escape character is '^]'.
Open On-Chip Debugger

In telnet terminal enter command halt and terminal writes

> halt
target state: halted
target halted in ARM state due to debug-request, current mode: Supervisor
cpsr: 0x20000093 pc: 0xc0015c74
MMU: enabled, D-Cache: enabled, I-Cache: enabled

Now we can power off radio and go to second part.

Kernel with debug options compiling

To see debugging symbols in gdb shell you need compiled kernel with debug option enabled. In reciva kernel Makefile you need to add -g option after -Wall in these 2 lines:

HOSTCFLAGS	= -Wall -g -Wstrict-prototypes -O2 -fomit-frame-pointer
CFLAGS := $(CPPFLAGS) -Wall -g -Wstrict-prototypes -Wno-trigraphs -O2 \

Now you can rebuild kernel. After build you need a file vmlinux from reciva kernel root dir it's about 32M size.

If your radio kernel version is the same like kernel source you can skip information below how to flash new kernel to radio.

New kernel flashing

The kernel file zImage could be found in folder /arch/arm/boot

To be suitable for sharpflash you need to use getpart utility

getpart zImage 0 fc000

After this size must be the same like kernel-mtd.bin from backups.

Before doing this be sure you have backup of your radio working kernel partition.

Now turn on radio and sharpflash the new kernel.

sharpflash -w 4000 fc000 

When flashing is finished restart radio. If you have changed in kernel source something, for debugging must use apropriate vmlinux file.

Debugging with gdb

Turn on radio. Run OpenOCD and telnet. Enter halt command in telnet window when radio display lights up. Now we need to run gdb in a new shell window.

root@reciva-dev:/home/shared# gdb

Gdb output screen

 GNU gdb (GDB) 7.1-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:

to load debug symbols in gdb environment execute file vmlinux.(I have copied vmlinux file to the place where execute gdb in my case /home/shared)

(gdb)file vmlinux 


Reading symbols from /home/shared/gdb/vmlinux...done.

Now connect to OpenOCD enter in gdb this command

target remote localhost:3333 

Output :

Remote debugging using localhost:3333
0xc01b8d28 in cr_alignment ()

Now i'ts possible to get kernel variable values.

Below it's shown method how to get dmesg printout using log_buf variable.

Gdb script for dmesg

You can simply copy paste this script to gdb environment

define dmesg
set $i=0
set $end_idx=(log_end -1)
 while($i< logged_chars)
 set $i=$i+1

At the end you need to press enter. Output :

(gdb) define dmesg
Type commands for definition of "dmesg".
End with a line saying just "end".
>set $i=0
>set $end_idx=(log_end -1)
 >while($i< logged_chars)
 >set $i=$i+1

Now execute dmesg command in gdb shell

(gdb) dmesg
<4>Linux version 2.4.26-vrs1-bast2 ( (gcc version 3.3.4) v24080215+00 #1 Fri Feb 15 17:33:14 GMT 2008
<4>CPU: Arm920Tid(wb) revision 0
<4>Machine: Reciva-IR2
<4>HWCONFIG values are: 15 1f (1013)
<4>S3C2410: 202.800000 MHz, memory 101.400000 MHz, pclk 50.700000 MHz
<4>On node 0 totalpages: 8192
<4>zone(0): 8192 pages.
<4>zone(1): 0 pages.
<4>zone(2): 0 pages.
<4>Kernel command line: root=/dev/mtdblock2 ro init=/linuxrc
<7>Relocating machine vectors to 0xffff0000
<4>irq: clearing subpending status 00000402
<4>setup_timer: TCNTB4 at d890003c
<4>setup_timer: tcon=00000000, tcnt should be f799
<4>setup_timer: about to configure timer4
<4>setup_timer: stopping timer
<4>setup_timer: adding interrupt
<4>setup_timer: starting timer
<4>Calibrating delay loop (skipped)... 101.17 BogoMIPS
<6>Memory: 32MB = 32MB total
---Type <return> to continue, or q <return> to quit---

Pressing enter you can read all dmesg.