[people/ms/u-boot.git] / board / qemu-mips / README

By Vlad Lungu vlad.lungu@windriver.com 2007-Oct-01
----------------------------------------
Qemu is a full system emulator. See

http://www.nongnu.org/qemu/

Limitations & comments
----------------------
Supports the "-M mips" configuration of qemu: serial,NE2000,IDE.
Supports little and big endian as well as 32 bit and 64 bit.
Derived from au1x00 with a lot of things cut out.

Supports emulated flash (patch Jean-Christophe PLAGNIOL-VILLARD) with
recent qemu versions. When using emulated flash, launch with
-pflash <filename> and erase mips_bios.bin.


Notes for the Qemu MIPS port
----------------------------

I) Example usage:

Using u-boot.bin as ROM (replaces Qemu monitor):

32 bit, big endian:
# make qemu_mips
# qemu-system-mips -M mips -bios u-boot.bin -nographic

32 bit, little endian:
# make qemu_mipsel
# qemu-system-mipsel -M mips -bios u-boot.bin -nographic

64 bit, big endian:
# make qemu_mips64
# qemu-system-mips64 -cpu MIPS64R2-generic -M mips -bios u-boot.bin -nographic

64 bit, little endian:
# make qemu_mips64el
# qemu-system-mips64el -cpu MIPS64R2-generic -M mips -bios u-boot.bin -nographic

or using u-boot.bin from emulated flash:

if you use a qemu version after commit 4224

create image:
# dd of=flash bs=1k count=4k if=/dev/zero
# dd of=flash bs=1k conv=notrunc if=u-boot.bin
start it (see above):
# qemu-system-mips[64][el] [-cpu MIPS64R2-generic] -M mips -pflash flash -nographic

2) Download kernel + initrd

On ftp://ftp.denx.de/pub/contrib/Jean-Christophe_Plagniol-Villard/qemu_mips/
you can downland

#config to build the kernel
qemu_mips_defconfig
#patch to fix mips interrupt init on 2.6.24.y kernel
qemu_mips_kernel.patch
initrd.gz
vmlinux
vmlinux.bin
System.map

4) Generate uImage

# tools/mkimage -A mips -O linux -T kernel -C gzip -a 0x80010000 -e 0x80245650 -n "Linux 2.6.24.y" -d vmlinux.bin.gz uImage

5) Copy uImage to Flash
# dd if=uImage bs=1k conv=notrunc seek=224 of=flash

6) Generate Ide Disk

# dd of=ide bs=1k cout=100k if=/dev/zero

# sfdisk -C 261 -d ide
# partition table of ide
unit: sectors

     ide1 : start=       63, size=    32067, Id=83
     ide2 : start=    32130, size=    32130, Id=83
     ide3 : start=    64260, size=  4128705, Id=83
     ide4 : start=        0, size=        0, Id= 0

7) Copy to ide

# dd if=uImage bs=512 conv=notrunc seek=63 of=ide

8) Generate ext2 on part 2 on Copy uImage and initrd.gz

# Attached as loop device ide offset = 32130 * 512
# losetup -o 16450560 -f ide
# Format as ext2 ( arg2 : nb blocks)
# mke2fs /dev/loop0 16065
# losetup -d /dev/loop0
# Mount and copy uImage and initrd.gz to it
# mount -o loop,offset=16450560 -t ext2 ide /mnt
# mkdir /mnt/boot
# cp {initrd.gz,uImage} /mnt/boot/
# Umount it
# umount /mnt

9) Set Environment

setenv rd_start 0x80800000
setenv rd_size 2663940
setenv kernel BFC38000
setenv oad_addr 80500000
setenv load_addr2 80F00000
setenv kernel_flash BFC38000
setenv load_addr_hello 80200000
setenv bootargs 'root=/dev/ram0 init=/bin/sh'
setenv load_rd_ext2 'ide res; ext2load ide 0:2 ${rd_start} /boot/initrd.gz'
setenv load_rd_tftp 'tftp ${rd_start} /initrd.gz'
setenv load_kernel_hda 'ide res; diskboot ${load_addr} 0:2'
setenv load_kernel_ext2 'ide res; ext2load ide 0:2 ${load_addr} /boot/uImage'
setenv load_kernel_tftp 'tftp ${load_addr} /qemu_mips/uImage'
setenv boot_ext2_ext2 'run load_rd_ext2; run load_kernel_ext2; run addmisc; bootm ${load_addr}'
setenv boot_ext2_flash 'run load_rd_ext2; run addmisc; bootm ${kernel_flash}'
setenv boot_ext2_hda 'run load_rd_ext2; run load_kernel_hda; run addmisc; bootm ${load_addr}'
setenv boot_ext2_tftp 'run load_rd_ext2; run load_kernel_tftp; run addmisc; bootm ${load_addr}'
setenv boot_tftp_hda 'run load_rd_tftp; run load_kernel_hda; run addmisc; bootm ${load_addr}'
setenv boot_tftp_ext2 'run load_rd_tftp; run load_kernel_ext2; run addmisc; bootm ${load_addr}'
setenv boot_tftp_flash 'run load_rd_tftp; run addmisc; bootm ${kernel_flash}'
setenv boot_tftp_tftp 'run load_rd_tftp; run load_kernel_tftp; run addmisc; bootm ${load_addr}'
setenv load_hello_tftp 'tftp ${load_addr_hello} /examples/hello_world.bin'
setenv go_tftp 'run load_hello_tftp; go ${load_addr_hello}'
setenv addmisc 'setenv bootargs ${bootargs} console=ttyS0,${baudrate} rd_start=${rd_start} rd_size=${rd_size} ethaddr=${ethaddr}'
setenv bootcmd 'run boot_tftp_flash'

10) Now you can boot from flash, ide, ide+ext2 and tfp

# qemu-system-mips -M mips -pflash flash -monitor null -nographic -net nic -net user -tftp `pwd` -hda ide

II) How to debug U-Boot

In order to debug U-Boot you need to start qemu with gdb server support (-s)
and waiting the connection to start the CPU (-S)

# qemu-system-mips -S -s -M mips -pflash flash -monitor null -nographic -net nic -net user -tftp `pwd` -hda ide

in an other console you start gdb

1) Debugging of U-Boot Before Relocation

Before relocation, the addresses in the ELF file can be used without any problems
by connecting to the gdb server localhost:1234

# mipsel-unknown-linux-gnu-gdb u-boot
GNU gdb 6.6
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "--host=i486-linux-gnu --target=mipsel-unknown-linux-gnu"...
(gdb)  target remote localhost:1234
Remote debugging using localhost:1234
_start () at start.S:64
64		RVECENT(reset,0)	/* U-boot entry point */
Current language:  auto; currently asm
(gdb)  b board.c:289
Breakpoint 1 at 0xbfc00cc8: file board.c, line 289.
(gdb) c
Continuing.

Breakpoint 1, board_init_f (bootflag=<value optimized out>) at board.c:290
290		relocate_code (addr_sp, id, addr);
Current language:  auto; currently c
(gdb) p/x addr
$1 = 0x87fa0000

2) Debugging of U-Boot After Relocation

For debugging U-Boot after relocation we need to know the address to which
U-Boot relocates itself to 0x87fa0000 by default.
And replace the symbol table to this offset.

(gdb) symbol-file
Discard symbol table from `/private/u-boot-arm/u-boot'? (y or n) y
Error in re-setting breakpoint 1:
No symbol table is loaded.  Use the "file" command.
No symbol file now.
(gdb) add-symbol-file u-boot 0x87fa0000
add symbol table from file "u-boot" at
	.text_addr = 0x87fa0000
(y or n) y
Reading symbols from /private/u-boot-arm/u-boot...done.
Breakpoint 1 at 0x87fa0cc8: file board.c, line 289.
(gdb) c
Continuing.

Program received signal SIGINT, Interrupt.
0xffffffff87fa0de4 in udelay (usec=<value optimized out>) at time.c:78
78		while ((tmo - read_c0_count()) < 0x7fffffff)
Commit	Line	Data
045b4d2d	1	By Vlad Lungu vlad.lungu@windriver.com 2007-Oct-01
0764c164 VL	2	----------------------------------------
	3	Qemu is a full system emulator. See
	4
5b2da6a3	5	http://www.nongnu.org/qemu/
0764c164 VL	6
	7	Limitations & comments
	8	----------------------
0f17f59c	9	Supports the "-M mips" configuration of qemu: serial,NE2000,IDE.
2b086ce4	10	Supports little and big endian as well as 32 bit and 64 bit.
0764c164	11	Derived from au1x00 with a lot of things cut out.
045b4d2d VL	12
	13	Supports emulated flash (patch Jean-Christophe PLAGNIOL-VILLARD) with
	14	recent qemu versions. When using emulated flash, launch with
	15	-pflash <filename> and erase mips_bios.bin.
702e6014 WD	16
	17
	18
	19	Notes for the Qemu MIPS port
	20	----------------------------
	21
	22	I) Example usage:
	23
2b086ce4	24	Using u-boot.bin as ROM (replaces Qemu monitor):
702e6014	25
2b086ce4 DS	26	32 bit, big endian:
	27	# make qemu_mips
	28	# qemu-system-mips -M mips -bios u-boot.bin -nographic
	29
	30	32 bit, little endian:
	31	# make qemu_mipsel
	32	# qemu-system-mipsel -M mips -bios u-boot.bin -nographic
	33
	34	64 bit, big endian:
	35	# make qemu_mips64
	36	# qemu-system-mips64 -cpu MIPS64R2-generic -M mips -bios u-boot.bin -nographic
	37
	38	64 bit, little endian:
	39	# make qemu_mips64el
	40	# qemu-system-mips64el -cpu MIPS64R2-generic -M mips -bios u-boot.bin -nographic
	41
	42	or using u-boot.bin from emulated flash:
702e6014 WD	43
	44	if you use a qemu version after commit 4224
	45
	46	create image:
	47	# dd of=flash bs=1k count=4k if=/dev/zero
	48	# dd of=flash bs=1k conv=notrunc if=u-boot.bin
2b086ce4 DS	49	start it (see above):
2b086ce4 DS	50	# qemu-system-mips[64][el] [-cpu MIPS64R2-generic] -M mips -pflash flash -nographic
702e6014 WD	51
	52	2) Download kernel + initrd
	53
	54	On ftp://ftp.denx.de/pub/contrib/Jean-Christophe_Plagniol-Villard/qemu_mips/
	55	you can downland
	56
	57	#config to build the kernel
	58	qemu_mips_defconfig
	59	#patch to fix mips interrupt init on 2.6.24.y kernel
	60	qemu_mips_kernel.patch
	61	initrd.gz
	62	vmlinux
	63	vmlinux.bin
	64	System.map
	65
	66	4) Generate uImage
	67
	68	# tools/mkimage -A mips -O linux -T kernel -C gzip -a 0x80010000 -e 0x80245650 -n "Linux 2.6.24.y" -d vmlinux.bin.gz uImage
	69
	70	5) Copy uImage to Flash
	71	# dd if=uImage bs=1k conv=notrunc seek=224 of=flash
	72
	73	6) Generate Ide Disk
	74
	75	# dd of=ide bs=1k cout=100k if=/dev/zero
	76
	77	# sfdisk -C 261 -d ide
	78	# partition table of ide
	79	unit: sectors
	80
	81	ide1 : start= 63, size= 32067, Id=83
	82	ide2 : start= 32130, size= 32130, Id=83
	83	ide3 : start= 64260, size= 4128705, Id=83
	84	ide4 : start= 0, size= 0, Id= 0
	85
	86	7) Copy to ide
	87
	88	# dd if=uImage bs=512 conv=notrunc seek=63 of=ide
	89
	90	8) Generate ext2 on part 2 on Copy uImage and initrd.gz
	91
	92	# Attached as loop device ide offset = 32130 * 512
	93	# losetup -o 16450560 -f ide
	94	# Format as ext2 ( arg2 : nb blocks)
	95	# mke2fs /dev/loop0 16065
	96	# losetup -d /dev/loop0
	97	# Mount and copy uImage and initrd.gz to it
	98	# mount -o loop,offset=16450560 -t ext2 ide /mnt
	99	# mkdir /mnt/boot
	100	# cp {initrd.gz,uImage} /mnt/boot/
	101	# Umount it
	102	# umount /mnt
	103
	104	9) Set Environment
	105
	106	setenv rd_start 0x80800000
	107	setenv rd_size 2663940
	108	setenv kernel BFC38000
	109	setenv oad_addr 80500000
	110	setenv load_addr2 80F00000
	111	setenv kernel_flash BFC38000
	112	setenv load_addr_hello 80200000
	113	setenv bootargs 'root=/dev/ram0 init=/bin/sh'
	114	setenv load_rd_ext2 'ide res; ext2load ide 0:2 ${rd_start} /boot/initrd.gz'
115	setenv load_rd_tftp 'tftp ${rd_start} /initrd.gz'
116	setenv load_kernel_hda 'ide res; diskboot ${load_addr} 0:2'
117	setenv load_kernel_ext2 'ide res; ext2load ide 0:2 ${load_addr} /boot/uImage'
118	setenv load_kernel_tftp 'tftp ${load_addr} /qemu_mips/uImage'
119	setenv boot_ext2_ext2 'run load_rd_ext2; run load_kernel_ext2; run addmisc; bootm ${load_addr}'
120	setenv boot_ext2_flash 'run load_rd_ext2; run addmisc; bootm ${kernel_flash}'
121	setenv boot_ext2_hda 'run load_rd_ext2; run load_kernel_hda; run addmisc; bootm ${load_addr}'
122	setenv boot_ext2_tftp 'run load_rd_ext2; run load_kernel_tftp; run addmisc; bootm ${load_addr}'
123	setenv boot_tftp_hda 'run load_rd_tftp; run load_kernel_hda; run addmisc; bootm ${load_addr}'
124	setenv boot_tftp_ext2 'run load_rd_tftp; run load_kernel_ext2; run addmisc; bootm ${load_addr}'
125	setenv boot_tftp_flash 'run load_rd_tftp; run addmisc; bootm ${kernel_flash}'
126	setenv boot_tftp_tftp 'run load_rd_tftp; run load_kernel_tftp; run addmisc; bootm ${load_addr}'
127	setenv load_hello_tftp 'tftp ${load_addr_hello} /examples/hello_world.bin'
128	setenv go_tftp 'run load_hello_tftp; go ${load_addr_hello}'
129	setenv addmisc 'setenv bootargs ${bootargs} console=ttyS0,${baudrate} rd_start=${rd_start} rd_size=${rd_size} ethaddr=${ethaddr}'
130	setenv bootcmd 'run boot_tftp_flash'
131
132	10) Now you can boot from flash, ide, ide+ext2 and tfp
133
134	# qemu-system-mips -M mips -pflash flash -monitor null -nographic -net nic -net user -tftp `pwd` -hda ide
135
136	II) How to debug U-Boot
137
138	In order to debug U-Boot you need to start qemu with gdb server support (-s)
139	and waiting the connection to start the CPU (-S)
140
141	# qemu-system-mips -S -s -M mips -pflash flash -monitor null -nographic -net nic -net user -tftp `pwd` -hda ide
142
143	in an other console you start gdb
144
145	1) Debugging of U-Boot Before Relocation
146
147	Before relocation, the addresses in the ELF file can be used without any problems
148	by connecting to the gdb server localhost:1234
149
150	# mipsel-unknown-linux-gnu-gdb u-boot
151	GNU gdb 6.6
152	Copyright (C) 2006 Free Software Foundation, Inc.
153	GDB is free software, covered by the GNU General Public License, and you are
154	welcome to change it and/or distribute copies of it under certain conditions.
155	Type "show copying" to see the conditions.
156	There is absolutely no warranty for GDB. Type "show warranty" for details.
157	This GDB was configured as "--host=i486-linux-gnu --target=mipsel-unknown-linux-gnu"...
158	(gdb) target remote localhost:1234
159	Remote debugging using localhost:1234
160	_start () at start.S:64
161	64 RVECENT(reset,0) /* U-boot entry point */
162	Current language: auto; currently asm
163	(gdb) b board.c:289
164	Breakpoint 1 at 0xbfc00cc8: file board.c, line 289.
165	(gdb) c
166	Continuing.
167
168	Breakpoint 1, board_init_f (bootflag=<value optimized out>) at board.c:290
169	290 relocate_code (addr_sp, id, addr);
170	Current language: auto; currently c
171	(gdb) p/x addr
172	$1 = 0x87fa0000
173
174	2) Debugging of U-Boot After Relocation
175
176	For debugging U-Boot after relocation we need to know the address to which
177	U-Boot relocates itself to 0x87fa0000 by default.
178	And replace the symbol table to this offset.
179
180	(gdb) symbol-file
181	Discard symbol table from `/private/u-boot-arm/u-boot'? (y or n) y
182	Error in re-setting breakpoint 1:
183	No symbol table is loaded. Use the "file" command.
184	No symbol file now.
185	(gdb) add-symbol-file u-boot 0x87fa0000
186	add symbol table from file "u-boot" at
187	.text_addr = 0x87fa0000
188	(y or n) y
189	Reading symbols from /private/u-boot-arm/u-boot...done.
190	Breakpoint 1 at 0x87fa0cc8: file board.c, line 289.
191	(gdb) c
192	Continuing.
193
194	Program received signal SIGINT, Interrupt.
195	0xffffffff87fa0de4 in udelay (usec=<value optimized out>) at time.c:78
196	78 while ((tmo - read_c0_count()) < 0x7fffffff)