Platform ALT3800 as good target?

Elias Devoldere eldevoldere at gmail.com
Tue Jan 28 23:28:37 UTC 2020


Hello,
I was playing with LTE modem R11e-4G based on ALT3800-B0 chipset.
I was amazed when I got a U-Boot console after command at+cfun=1,1 and
sending several random characters. I assume it's not news for seasoned
wolves who hunt here.
As a modem rookie I did not find a relevant link to this topic during
Google's fast search.

My questions.
Is this behavior generally known?
Can this be a one-piece property (I have only one piece)?
Could it be useful for interesting research?
Is there anyone who cares about it?

I will try to extract parts of the memory using U-boot.

Below you find pieces of the listing.

Best,
Elias

# help
help
?       - alias for 'help'
base    - print or set address offset
bdinfo  - print Board Info structure
boot    - boot default, i.e., run 'bootcmd'
bootd   - boot default, i.e., run 'bootcmd'
bootelf - Boot from an ELF image in memory
bootfw  - Load and boot FW from ELF image in memory
bootm   - boot application image from memory
bootp   - boot image via network using BOOTP/TFTP protocol
bootvx  - Boot vxWorks from an ELF image
chpart  - change active partition
clocks  - print clock configuration
cmp     - memory compare
coninfo - print console devices and information
cp      - memory copy
crc32   - checksum calculation
create_bdinfo- Create Board info
dhcp    - boot image via network using DHCP/TFTP protocol
dip     - show the Boot mode configuration options
echo    - echo args to console
editenv - edit environment variable
env     - environment handling commands
exit    - exit script
false   - do nothing, unsuccessfully
fdt     - flattened device tree utility commands
fsinfo  - print information about filesystems
fsload  - load binary file from a filesystem image
fsloadbsp- load bsp binary files from a filesystem image
fstest  - testing filesystems
go      - start application at address '[*]addr' (possibly be indirect
address)
gpio    - input/set/clear/toggle gpio pins
help    - print command description/usage
i2c     - I2C sub-system
iminfo  - print header information for application image
imxtract- extract a part of a multi-image
initfw  - Init FW PLLs
itest   - return true/false on integer compare
kermit_stat- Show statistics of the last Kermit session
kermit_stat_print- print kermit statistics at the end of session
loadb   - load binary file over serial line (kermit mode)
loads   - load S-Record file over serial line
loady   - load binary file over serial line (ymodem mode)
loop    - infinite loop on address range
loopw   - infinite write loop on address range
ls      - list files in a directory (default /)
md      - memory display
md5sum  - compute MD5 message digest
mdc     - memory display cyclic
mii     - MII utility commands
mm      - memory modify (auto-incrementing address)
mtdparts- define flash/nand partitions
mtest   - simple RAM read/write test
mw      - memory write (fill)
mwc     - memory write cyclic
nand    - NAND sub-system
nandotp - NAND OTP sub-system
nboot   - boot from NAND device
nfs     - boot image via network using NFS protocol
nm      - memory modify (constant address)
ping    - send ICMP ECHO_REQUEST to network host
printenv- print environment variables
rarpboot- boot image via network using RARP/TFTP protocol
reginfo - print register information
reset   - Perform RESET of the CPU
reset_cause- print reset cause
run     - run commands in an environment variable
saveenv - save environment variables to persistent storage
setenv  - set environment variables
show_bdinfo- Show board info
showvar - print local hushshell variables
sleep   - delay execution for some time
source  - run script from memory
test    - minimal test like /bin/sh
tftpboot- boot image via network using TFTP protocol
true    - do nothing, successfully
unlzo   - decopress a lzo memory region
unzip   - unzip a memory region
version - print monitor, compiler and linker version

U-Boot 2012.10 (Aug 09 2018 - 10:17:38)
mips-fourgee3100-linux-uclibc-gcc (0.1) 4.5.3
GNU ld (GNU Binutils) 2.21

#
baudrate=115200
boot_default=run flash_boot
boot_nand_mtd=run nand_choose_rootfs; run flash_set_bootargs; nboot
kernel${boot_number}; nand read ${dtb_addr} dtb${boot_number} ${dtb_size};
bootm ${loadaddr} - ${dtb_addr}
boot_nand_ramfs=run ram_set_bootargs; nboot kernel${boot_number}; bootm
boot_number=2
boot_option=boot_default
boot_tftp_ramfs=run ram_set_bootargs; ${tftpbootcmd} vmlinux.uboot; bootm
${loadaddr}
bootcmd=if itest.b 0 == *a00d001b; then run ${boot_option}; else echo
'GUESS MODE - NO BOOT ALLOWED !!!'; fi
bootdelay=6
bootm_low=0x82100000
bootm_size=0x6000000
cdc_connect_timeout=10
consoledev=ttyS0
dtb_addr=0x84000000
dtb_file=alt3802.dtb
dtb_size=0x4000
env_check=if test ${env_saved} = 0; then setenv env_saved 1; saveenv; fi
env_configured_size=0x4000
env_saved=1
erase_env_nand=nand erase.part env; nand erase.part backup_env
eth_phy_mode=rmii
ethact=usb_ether
ethaddr=00:E0:0C:00:11:A0
fastboot=setenv loadaddr ${fastboot_loadaddr};run loadfw; if test $? -eq 0;
then bootfw ${unziped_fwaddr} 1; fi; run loadotp; if run loadbsp;then run
process_fw; fi;
fastboot_loadaddr=0x82800000
fdt_high=0x83000000
fdtdbg=no
flash_boot=run nand_choose_rootfs; run flash_set_bootargs; run fastboot;
nboot kernel${boot_number}; nand read ${dtb_addr} dtb${boot_number}
${dtb_size}; bootm ${loadaddr} - ${dtb_addr}
flash_set_bootargs=setenv bootargs $ip root=${root} rw rootfstype=jffs2
console=$consoledev,$kernel_baudrate $othbootargs $kernellog
gatewayip=0.0.0.0
hostname=alt3800
initrd_high=0x83000000
ipaddr=10.0.0.1
kernel_baudrate=115200
kernel_file=uImage
kernellog=quiet
load_fw=run load_phy_fw; run load_lte_fw
load_lte_fw=${tftpbootcmd} $lte_fw; setenv fw_type LTE; bootelf
load_phy_fw=${tftpbootcmd} $phy_fw; setenv fw_type PHY; bootelf
loadaddr=0x80100000
loadbsp=chpart nvm; fsloadbsp 1 ${ramFilesShAddr} band_list bandbp
file_list bspfilesbp
loadfw= nand read.jffs2 ${loadaddr} modem_fw${boot_number}; unlzo
${loadaddr} ${unziped_fwaddr};
loadotp=nandotp read ${ramOtpShAddr} spl 20
lte_fw=PS100_RealPHY.elf
mtdparts=mtdparts=alt3800_nfc:512k(spl),768k(uboot1),768k(uboot2),256k(env),256k(backup_env),3m(nvm),3m(kernel1),256k(dtb1),37m(rootfs1),3m(kernel2),256k(dtb2),37m(rootfs2),4m(modem_fw1),4m(modem_fw2),-(tstorage)
nand128_mtdparts=mtdparts=alt3800_nfc:512k(spl),768k(uboot1),768k(uboot2),256k(env),256k(backup_env),3m(nvm),3m(kernel1),256k(dtb1),37m(rootfs1),3m(kernel2),256k(dtb2),37m(rootfs2),4m(modem_fw1),4m(modem_fw2),-(tstorage)
nand128_scheme2_mtdparts=mtdparts=alt3800_nfc:512k(spl),768k(uboot1),768k(uboot2),256k(env),256k(backup_env),3m(nvm),4m(kernel1),256k(dtb1),53m(rootfs1),4m(kernel2),256k(dtb2),53m(rootfs2),4m(modem_fw1),4m(modem_fw2)
nand256_mtdparts=mtdparts=alt3800_nfc:512k(spl),768k(uboot1),768k(uboot2),256k(env),256k(backup_env),3m(nvm),4m(kernel1),256k(dtb1),40m(rootfs1),4m(kernel2),256k(dtb2),40m(rootfs2),4m(modem_fw1),4m(modem_fw2),10m(ua),-(tstorage)
nand_choose_rootfs=if test 1 = ${boot_number}; then setenv root
/dev/mtdblock8;else setenv root /dev/mtdblock11; fi
nand_erasesize=20000
nand_oobsize=40
nand_uboot_file=u-boot.bin
nand_uboot_spl_file=u-boot-spl.bin.alt3800
nand_writesize=800
nc=run nchelp; setenv stdin nc;setenv stdout nc;setenv stderr nc
nchelp=echo On the host side run the script: ./netconsole $ipaddr $ncinport
ncinport=6665
ncip=10.0.0.10
ncmux=run nchelp; setenv stdout ${stdout},nc; setenv stdin ${stdin},nc;
setenv stderr ${stderr},nc
ncoutport=6665
netdev=eth0
netmask=255.255.0.0
nvm_file=nvm.jffs2.img
phy_dbgstreamer=0
phy_fw=Lte.out
phy_sniffer=0
preboot=run env_check; if test -n $prebootcmd; then echo; echo Running
pre-boot command; run prebootcmd;fi;
process_fw=initfw; bootfw ${unziped_fwaddr} 0
ramFilesShAddr=0xA030004c
ramOtpShAddr=0xA0300000
ram_set_bootargs=setenv bootargs $ip root=/dev/ram rw
console=$consoledev,$kernel_baudrate $othbootargs $kernellog
rootfs_file=rootfs.jffs2.img
ser=setenv stdin serial;setenv stdout serial;setenv stderr serial
serverip=10.0.0.10
set_ip=setenv ip
ip=$ipaddr:$serverip:$gatewayip:$netmask:$hostname:$netdev:off
stderr=serial,usbtty
stdin=serial,usbtty
stdout=serial,usbtty
testdramaddress=no
testdramcache=yes
testdramcount=1
testdramdata=no
testdramsize=0x08000000
testdramstart=0x80100000
testdramwalk=no
tftpbootcmd=tftpboot
toggle_boot_number=if test 1 = ${boot_number}; then set boot_number 2; else
set boot_number 1; fi; saveenv
unziped_fwaddr=0x83000000
update_all=run update_all_nand
update_all_nand=run update_kernel_nand update_dtb_nand update_rootfs_nand
update_dtb=run update_dtb_nand
update_dtb_nand=if ${tftpbootcmd} ${dtb_file}; then nand erase.part
dtb${boot_number}; nand write ${loadaddr} dtb${boot_number} ${filesize}; fi
update_kernel=run update_kernel_nand
update_kernel_nand=if ${tftpbootcmd} ${kernel_file}; then nand erase.part
kernel${boot_number}; nand write ${loadaddr} kernel${boot_number}
${filesize}; fi
update_linux=${tftpbootcmd} uImage
update_multi_img=run update_multi_img_nand
update_multi_img_nand=setenv kernel_file vmlinux.uboot; run
update_kernel_nand
update_nvm=run update_nvm_nand
update_nvm_nand=if ${tftpbootcmd} ${nvm_file}; then  nand erase.part nvm;
nand write ${loadaddr} nvm ${filesize}; fi
update_ramdisk=${tftpbootcmd} $ramdiskaddr ramdisk.gz.uboot
update_rootfs=run update_rootfs_nand
update_rootfs_nand=if ${tftpbootcmd} ${rootfs_file}; then nand erase.part
rootfs${boot_number}; nand write ${loadaddr} rootfs${boot_number}
${filesize}; fi
update_uboot=run update_uboot_nand
update_uboot_nand=run update_uboot_nand_spl update_uboot_nand_non_spl
erase_env_nand
update_uboot_nand_non_spl=if ${tftpbootcmd} ${nand_uboot_file}; then nand
erase.part uboot1; nand write ${loadaddr} uboot1 ${filesize}; nand
erase.part uboot2; nand write ${loadaddr} uboot2 ${filesize}; fi
update_uboot_nand_spl=if ${tftpbootcmd} ${nand_uboot_spl_file}; then nand
erase.part spl; nand write ${loadaddr} spl ${filesize}; fi
usbphymode=0
usbtty=cdc_acm
ver=U-Boot 2012.10 (Aug 09 2018 - 10:17:38)

Environment size: 6184/16379 bytes

mtdparts

device nand0 <alt3800_nfc>, # parts = 15
 #: name    size    offset    mask_flags
 0: spl                 0x00080000  0x00000000  0
 1: uboot1              0x000c0000  0x00080000  0
 2: uboot2              0x000c0000  0x00140000  0
 3: env                 0x00040000  0x00200000  0
 4: backup_env          0x00040000  0x00240000  0
 5: nvm                 0x00300000  0x00280000  0
 6: kernel1             0x00300000  0x00580000  0
 7: dtb1                0x00040000  0x00880000  0
 8: rootfs1             0x02500000  0x008c0000  0
 9: kernel2             0x00300000  0x02dc0000  0
10: dtb2                0x00040000  0x030c0000  0
11: rootfs2             0x02500000  0x03100000  0
12: modem_fw1           0x00400000  0x05600000  0
13: modem_fw2           0x00400000  0x05a00000  0
14: tstorage            0x02200000  0x05e00000  0

active partition: nand0,0 - (spl) 0x00080000 @ 0x00000000

defaults:
mtdids  : nand0=alt3800_nfc
mtdparts: uninitialized
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/qc-linux-modems/attachments/20200129/fcc87728/attachment-0001.htm>


More information about the qc-linux-modems mailing list