Skip to content

Bootloader

Jump to bottom
Jonathan Neuschäfer edited this page Feb 17, 2022 · 18 revisions

The ATEN firmware for WPCM450 on Supermicro boards comes with a custom bootloader that has some interactive commands.

WARNING: When the bootloader is running (and showing its prompt) while the host is booting, the bootloader may hang for unknown reasons. Make sure not to have a flash command (e.g. FT or ATTRIB) in progress at that moment, because it may be difficult to recover from.

bootloader > h

W90P710 Command Shell v1.0 Rebuilt on Mar 23 2012 at 17:48:54

H        Display the available commands
B        Set Baud Rate
D        Display memory. D -? for help
E        Edit memory. E -? for help
G        Goto address
I        information
MX       Xmodem download
MT       TFTP download
FT       Program the flash by TFTP. FT -? for help
FX       Program the flash by Xmodem. FX -? for help
CP       Memory copy
LS       List the images in the flash
SET      Setting boot loader configuration. SET -? for help
CHK      Check the flash
RUN      Execute image
DEL      DEL the image or flash block
MSET     Fill memory
TERM     Change the terminal output port
BOOT     Reboot the system
CACHE    Cache setting
UNZIP    Unzip image
ATTRIB   Change the image attribution
MEMREAD  Upload Read from memory
MEMWRITE Download write to memory sequence of values

bootloader >

E - edit memory

This command lets you interactively change memory. To change the presented value, it must first be removed with backspace (which in this case must be entered as ^H)

bootloader > e 0x00010000
[10000]  E3A0020B --> E3A0020B
[10004]  4001DD78 --> E3A01041
[10008]  e5c010_

Once you're done inputting values, press the ESC key.

DEL - delete an image

WARNING: Do not invoke DEL without any parameters, it will erase image 0 (BOOT INFO)!

bootloader > DEL -h
Usage: DEL [ImageNo.] [b{blockNo.}] [-all]
       [ImageNo.]       Delete the image
       [b{blockNo.}]    Delete the block
       -all             Delete all blocks

ATTRIB - change image attributes

The ATTRIB command lets you change the attributes of an image. See below for a list of attributes.

bootloader > ATTRIB 3 -cxza
Image attribution changed successfully.

It can be quite useful to add/remove the active attribute (-a) to/from different images to influence which one is the first active image and will thus be booted.

Flash partition format

The bootloader keeps track of flash partitions through their footers.

The ATEN SDK includes a tool to write such footers.

Image: 0 name:BOOT INFO base:0x40010000 size:0x0000FFC8 exec:0x40010000 -f
Image: 2 name:1stFS base:0x40180000 size:0x007FC000 exec:0x00D00000 -f
Image: 3 name:kernel base:0x40980000 size:0x00112AA8 exec:0x00008000 -acxz
Image: 4 name:2ndFS base:0x40B80000 size:0x00255000 exec:0x00D00000 -f

00a9ffc0  ff ff ff ff ff ff ff ff  ff ff ff ff 03 00 00 00  |................|
00a9ffd0  00 00 98 40 a8 2a 11 00  00 80 00 00 00 80 00 00  |...@.*..........|
00a9ffe0  6b 65 72 6e 65 6c 00 00  00 00 00 00 00 00 00 00  |kernel..........|
00a9fff0  0a 78 dd 57 9f ff ff a0  17 00 00 00 c3 8b 05 58  |.x.W...........X|

Footers are at offset 0xffc0 after 64 KiB alignment and have the following format:

offset type description
0x0c u32 image number
0x10 u32 base
0x14 u32 size
0x18 u32 load address
0x1c u32 exec address
0x20 string image name
0x30 u32 some kind of checksum over the content
0x34 u32 magic number (0xA0FFFF9F)
0x38 u8 attributes
0x3c u32 some kind of checksum over the footer

Attributes

bitmask ATTRIB command flag description
1 -a active image
2 -c copy image to RAM
4 -x executable image
8 -f filesystem image
16 -z the image is ZIP compressed

ATEN symbol

To indicate that the flash is complete, the last 64 KiB block of the last image (2ndFS) includes a signature, the ATEN SYMBOL:

00ddffb0  ff ff ff 41 54 45 4e 73  5f 46 57 03 38 71 ac 28  |...ATENs_FW.8q.(|
00ddffc0  dd 95 17 ff ff ff ff ff  ff ff ff ff 04 00 00 00  |................|
offset type description
0xffb3 u8[8] "ATENs_FW"
0xffbb u8 unknown
0xffbc u8 unknown
0xffbd u32 a CRC32 checksum over an unknown area
0xffc0 -- there should be an image footer here

TFTP

New flash partitions (aka. images) can be installed over the network with the FT command:

bootloader > ft 7 scream 0x40e00000 0x40e00000 -x
Find image 7 existed!
Do you want to delete it?[y/N]
Deleting image 7 ...
.Waiting for download ...
TFTP client: 192.168.2.18
Download OK, file size:16

Flash programming ...
.
bootloader >

Things to note:

  • If you delete or overwrite image 4 (2ndFS), the ATEN symbol is also deleted. Without the bootloader enters a recovery mode instead of booting the kernel. You can, however, move the ATEN symbol into another image (for example, the kernel).
  • Make sure that you configure your TFTP client to use binary mode. Netascii mode causes all 0a bytes to be replaced by 0d 0a!
  • If the FT command detects that the image that you're trying to overwrite currently exists, it will offer to erase it first.
  • If the FT command encounters a unerased block, it will fail to write the image, because it assumes that there can't be unerased space outside of an image. This creates a problem when an image footer has been erased/corrupted, because FT won't try to erase the image, but also won't be able to reprogram it.

Installing custom code

  • The 2ndFS partition (at 0x40b80000) can be removed without making the original kernel and userspace unusable (it will just lack the web UI)
  • By placing the new kernel at 0x40b80000, it can be accessed from the original kernel (through the right /dev/mtd partition)
  • There is enough free space between the original kernel and 0x40b80000 to install something else there, such as a monitor program (see src/)
  • To install the monitor, run ft 6 monitor 0x40b00000 0x8000 -acx and send src/bare-metal/monitor.bin via TFTP
  • To install a custom kernel, run ft 7 newkern 0x40b80000 0x8000 -acx and send the zImage via TFTP

Overview:

Basics:

Peripherals:

Board specifics:

Clone this wiki locally