usb-loader.S

.text

.global _start
_start:
disable_interrupts:
	mrs	r0, cpsr
	mov	r1, #0xc0
	orr	r0, r0, r1
	msr	cpsr_cxsf, r0

relocate_stack:
        ldr     r0, =0x7000bffc // stack_start
	mov     sp, r0

print_welcome_banner:
	adr	r0, welcome_banner
	bl	uart_puts

load_program:
	adr	r0, size_buffer
	mov	r1, #4
	mvn	r2, #0
# This function address was discovered by disassembling the ROM, which
# begins around offset 0xfff00000.  When the MTK Flash Tool loads code into
# an unflashed MTK chip, it makes calls to a few well-defined positions that
# contain pointers to read a buffer, write a buffer, and flush the current
# write buffer.  The programming interface is the same for both USB and
# serial.  However, since the MT6260 series of parts primarily boots
# off of USB, we are only interested in the USB thunks.
# The prototype for this function is:
#	void usb_uart_read(void *buffer, int bytes, int timeout)
	ldr	r3, =0xfff03639
	blx	r3

	ldr	r1, size_buffer

# r1 now contains the number of bytes to load.
# r0 contains the current offset to write to.
# Load bytes from the serial port into RAM.
	mov	r0, #0x70000000
	orr	r0, r0, #0x6000
	mvn	r2, #0
	ldr	r3, =0xfff03639
	blx	r3

jump_to_new_program:
	adr	r0, launch_message
	bl	uart_puts
	mov	r0, #0x70000000
	orr	r0, r0, #0x6000
	mov	pc, r0

.align	4
welcome_banner: .ascii	"Fernvale bootloader\r\nWrite four bytes of program "
		.asciz	"size, then write program data...\r\n>"
launch_message: .asciz	"Launching program...\r\n"
size_buffer:	.long	0
.align	4

uart_puts:
	push	{lr}
	mov	r3, r0
	mov	r1, #0

uart_puts_count_chars_loop:
	ldrb	r2, [r3], #1
	cmp	r2, #0
	beq	uart_puts_print
	add	r1, r1, #1
	b	uart_puts_count_chars_loop
uart_puts_print:
	mvn	r2, #0

# Call:
# void usb_uart_write(char *data, int bytes, int timeout)
	ldr	r3, =0xfff03653
	blx	r3

# Call:
# void usb_uart_flush(void)
	ldr	r3, =0xfff04845
	blx	r3

uart_puts_exit:
	pop	{pc}
	.text

	.global _start
	_start:
	disable_interrupts:
	mrs r0, cpsr
	mov r1, #0xc0
	orr r0, r0, r1
	msr cpsr_cxsf, r0

	relocate_stack:
	ldr r0, =0x7000bffc // stack_start
	mov sp, r0

	print_welcome_banner:
	adr r0, welcome_banner
	bl uart_puts

	load_program:
	adr r0, size_buffer
	mov r1, #4
	mvn r2, #0
	# This function address was discovered by disassembling the ROM, which
	# begins around offset 0xfff00000. When the MTK Flash Tool loads code into
	# an unflashed MTK chip, it makes calls to a few well-defined positions that
	# contain pointers to read a buffer, write a buffer, and flush the current
	# write buffer. The programming interface is the same for both USB and
	# serial. However, since the MT6260 series of parts primarily boots
	# off of USB, we are only interested in the USB thunks.
	# The prototype for this function is:
	# void usb_uart_read(void *buffer, int bytes, int timeout)
	ldr r3, =0xfff03639
	blx r3

	ldr r1, size_buffer

	# r1 now contains the number of bytes to load.
	# r0 contains the current offset to write to.
	# Load bytes from the serial port into RAM.
	mov r0, #0x70000000
	orr r0, r0, #0x6000
	mvn r2, #0
	ldr r3, =0xfff03639
	blx r3

	jump_to_new_program:
	adr r0, launch_message
	bl uart_puts
	mov r0, #0x70000000
	orr r0, r0, #0x6000
	mov pc, r0

	.align 4
	welcome_banner: .ascii "Fernvale bootloader\r\nWrite four bytes of program "
	.asciz "size, then write program data...\r\n>"
	launch_message: .asciz "Launching program...\r\n"
	size_buffer: .long 0
	.align 4

	uart_puts:
	push {lr}
	mov r3, r0
	mov r1, #0

	uart_puts_count_chars_loop:
	ldrb r2, [r3], #1
	cmp r2, #0
	beq uart_puts_print
	add r1, r1, #1
	b uart_puts_count_chars_loop
	uart_puts_print:
	mvn r2, #0

	# Call:
	# void usb_uart_write(char *data, int bytes, int timeout)
	ldr r3, =0xfff03653
	blx r3

	# Call:
	# void usb_uart_flush(void)
	ldr r3, =0xfff04845
	blx r3

	uart_puts_exit:
	pop {pc}