diff --git a/doc/rpi3_jlink.cfg b/doc/rpi3_jlink.cfg new file mode 100644 index 0000000..bd63aee --- /dev/null +++ b/doc/rpi3_jlink.cfg @@ -0,0 +1,45 @@ +transport select jtag + +# we need to enable srst even though we don't connect it +reset_config trst_and_srst + +adapter_khz 1000 +jtag_ntrst_delay 500 + +if { [info exists CHIPNAME] } { + set _CHIPNAME $CHIPNAME +} else { + set _CHIPNAME rpi3 +} + +# +# Main DAP +# +if { [info exists DAP_TAPID] } { + set _DAP_TAPID $DAP_TAPID +} else { + set _DAP_TAPID 0x4ba00477 +} + +jtag newtap $_CHIPNAME tap -irlen 4 -ircapture 0x1 -irmask 0xf -expected-id $_DAP_TAPID -enable +dap create $_CHIPNAME.dap -chain-position $_CHIPNAME.tap + +set _TARGETNAME $_CHIPNAME.a53 +set _CTINAME $_CHIPNAME.cti + +set DBGBASE {0x80010000 0x80012000 0x80014000 0x80016000} +set CTIBASE {0x80018000 0x80019000 0x8001a000 0x8001b000} +set _cores 4 + +for { set _core 0 } { $_core < $_cores } { incr _core } { + + cti create $_CTINAME.$_core -dap $_CHIPNAME.dap -ap-num 0 \ + -ctibase [lindex $CTIBASE $_core] + + target create $_TARGETNAME.$_core aarch64 \ + -dap $_CHIPNAME.dap -coreid $_core \ + -dbgbase [lindex $DBGBASE $_core] -cti $_CTINAME.$_core + + $_TARGETNAME.$_core configure -event reset-assert-post "aarch64 dbginit" + $_TARGETNAME.$_core configure -event gdb-attach { halt } +} diff --git a/doc/rpi3_jtag.md b/doc/rpi3_jtag.md index e559c3c..815126f 100644 --- a/doc/rpi3_jtag.md +++ b/doc/rpi3_jtag.md @@ -40,6 +40,7 @@ TMS | GPIO27 | 13 | Alt4 TDI | GPIO26 | 37 | Alt4 TDO | GPIO24 | 18 | Alt4 TRST | GPIO22 | 15 | Alt4 +RTCK | GPIO23 | 16 | Alt4 GND | GND | 20 | ``` @@ -111,7 +112,44 @@ If `stepi` command causes CPU to make one instruction step, everything is workin [Source](https://sysprogs.com/tutorials/preparing-raspberry-pi-for-jtag-debugging/), [source #2](https://www.op-tee.org/docs/rpi3/#6-openocd-and-jtag), [source #3 - monitor reset halt](http://www.openstm32.org/forumthread823) + +I got RPi3-to-RPi3 JTAG working and even debugged a bit directly on the CPU, but a few things impeded my happiness: + +* RPi is a bit too slow for bitbanging and oftentimes opening a browser window, or running some other command caused OpenOCD to spew JTAG synchronization errors. +* To properly debug my kernel from RPi I would need to compile it locally (otherwise all the paths in the debug info are wrong and GDB will not find the source files, I did not want to mess around with symlinks). + +Fortunately, at this point a Segger J-Link 9 arrived and I went to use it. + # J-Link to RPi3 jtag https://www.segger.com/downloads/jlink/ https://habr.com/ru/post/259205/ + +JTAG pinout on segger is in UM08001_JLink.pdf distributed with the J-Link software kit, in section 17.1.1. + +This adds VTref for target voltage detection. + +Pinout: + +J-Link and connection to Raspi3: + +``` +Func | J-Link Pin | Wire color | Target pin +------+--------------+-------------+----------- +VTref | 1 | white | 1 +TCK | 9 | yellow | 22 +TMS | 7 | brown | 13 +TDI | 5 | green | 37 +TDO | 13 | orange | 18 +nTRST | 3 | red | 15 +RTCK | 11 | magenta | 16 +GND | 4 | black | 20 +``` + + +[Useful article](https://www.suse.com/c/debugging-raspberry-pi-3-with-jtag/) + + +Rebuild openocd from git and voila, it works with + +`openocd -f interface/jlink.cfg -f rpi3_jtag.cfg` diff --git a/doc/rpi3_target.cfg b/doc/rpi3_target.cfg index 6225e33..0f1ef0c 100644 --- a/doc/rpi3_target.cfg +++ b/doc/rpi3_target.cfg @@ -6,11 +6,11 @@ gdb_port 5555 transport select jtag -reset_config trst_only +#reset_config trst_only -adapter_khz 500 -adapter_nsrst_delay 100 -jtag_ntrst_delay 100 +#adapter_khz 500 +#adapter_nsrst_delay 100 +#jtag_ntrst_delay 100 if { [info exists CHIPNAME] } { set _CHIPNAME $CHIPNAME