|
本帖最后由 jiuweiljp 于 2022-12-8 17:12 编辑
好久没有发帖,今天水一文,什么叫水文,因为实用性不高,目前在论坛上的讨论的设备绝大部分没有jtag接口,为了该文我翻了一下我的老存货,
就moto 850G(CPU BCM4712)和一个CPU 为RTL 8186的设备上有现成的JTAG接口,其它的要改装下也较麻烦。
另外会使用jtag的人也不多,openocd门槛较高(它的配置文件写起来那叫一个费劲,简单刷固件到还行,但是玩转设备,要查一些资料。)
弄不好就像坛友 @csersoft 他在没有海思cpu datasheet的情况下,做了bootload的逆向工作。(参看 华为HG8245H救砖番外篇之利用JTAG完成硬件初始化 )
闲话到此下面正文。
一、主要特性
1、优点:
便宜、省事(淘宝上也就10来元钱,再弄几根杜邦线就ok了,有人说用电脑并口加几个电阻不更便宜吗,现在电脑有几个还有这玩意,并且FT232R还可以当TTL适配器用)
2、缺点:
速度慢(我试过刷写CFI接口的nor falsh,速度简直叫人无法忍受,在windows 7 sp1下目前每秒也就3-4个字节吧,也许openocd升级了能快点,linux下没有测试,也许能快点。
另外 @hackpascal 写的 另类方法制作 JTAG 调试器,AR9341 JTAG 救砖方法 使用的sysfsgpio 速度能快点,写nor flash 每秒9-10个字节)。
二、注意事项
是不是TB上所有的FTDI FT232R(FT232RL、FT232RQ )都能用呢,原则上是的,但为了省事最好用将FT232R引脚引出电路板的最好了,注意最好有电压的(3.3V 5V)跳线的
1、下面这种就很省事了它吧所有引脚都引出来了(后面的小标签是我自己用标签打印机打的,印刷电路板的字太小了并且在正面不方便)
2、下面这种也就引出了部分引脚,不建议使用
三、所用的软件
1、FT232驱动(这个windows 自带,如果没有在FTDI上自行下载)
2、WinUSB 驱动推荐zadig 目前最新版本2.7。下载地址(https://zadig.akeo.ie/ )
2.1 安装方法-打开软件
2.1 选择List all devices
2.2 选择FT232 usb uart
2.3 选择 WinUSB 驱动,并点击 Replace Driver 替换默认驱动为WinUSB
2.4 成功替换winusb驱动后在设备管理器中如下图
2.5 查看FT232R PID和VID 接口配置文件会用上,默认的VID是0403,PID是6001
2.6 以上完成后建议重新插拔下FT232R。
3、目前能支持FT232R的openocd版本为0.11.0-5(0.11之前都不支持FT232R)在发文的时候0.12出来了暂时没有发现windows 的版本。
3.1下载地址 (https://github.com/xpack-dev-tools/openocd-xpack/releases)
可能需要特殊上网方式才能下载 我在下面提供个:
3.2 openocd FT232R 适配器的配置文件
3.2.1 在bin目录建立一个run.bat 批处理文件内容如下,以后运行openocd 双击该bat文件就可以
- .\openocd.exe -f rt232rl.cfg
复制代码 3.2.2 在bin目录建立一个rt232rl.cfg 文件内容如下(论坛吃我的字,把我的解释说明都弄丢了,不愿意再打字了,看的懂就自己看吧)- adapter driver ft232r
- #调高了没用,tck的频率在读写数据是时候也就9KHz
- adapter speed 18
- ft232r vid_pid 0x0403 0x6001
- # TXD CTS RXD RTS
- # tck tms tdi tdo
- ft232r jtag_nums 0 3 1 2
- # DTR
- ft232r trst_num 4
- # DCD
- ft232r srst_num 6
- jtag_ntrst_delay 200
- #jtag_ntrst_assert_width 3000
- adapter srst delay 200
- reset_config trst_and_srst
- ft232r restore_serial 0x585b
- # *****my chip
- #ft232r tdi_num DTR
- #ft232r tdo_num RTS
- #ft232r tms_num RXD
- #ft232r tck_num RI
- #ft232r trst_num TXD
- #ft232r srst_num DSR
- source [find test_4712.cfg]
复制代码 3.2.3 简单例子test_4712.cfg- set _CHIPNAME bcm4712
- set _CPUID 0x1471217F
- jtag newtap $_CHIPNAME cpu -irlen 8 -ircapture 0x1 -irmask 0x1f -expected-id $_CPUID
- set _TARGETNAME $_CHIPNAME.cpu
- target create $_TARGETNAME mips_m4k -endian little -chain-position $_TARGETNAME
- # falsh setup
- set _FLASHNAME $_CHIPNAME.flash
- flash bank $_FLASHNAME cfi 0xbfc00000 0x00400000 2 2 $_TARGETNAME
复制代码
3.2.4 服务端启动后如下,如果有什么error啥的,那就需要排错了(需要有点耐心,常见错误如下)
1、jtag电缆没有接牢固。
2、线缆线过长,杜邦线控制在30CM左右为宜。
3、目标板的配置文件没有写对(3.2.3是一个简单例子)。
4、目标板jtag口找的不对(这个很常见)
5、目标板jtag口没有开启(有一些MCU 需要将特定脚拉倒高电平(3.3V)才能开启jtag口,这个情况也不少,我的Rtl8186就是这个情况,需要查datasheet才知道)
6、目标板bootload是正常的,bootload上电启动后关闭了jtag口。
各种情况都有,需要自己分析了。
- xpack-openocd-0.11.0-5\bin>.\openocd.exe -f rt232rl.cfg
- xPack OpenOCD x86_64 Open On-Chip Debugger 0.11.0+dev (2022-09-01-17:58)
- Licensed under GNU GPL v2
- For bug reports, read
- http://openocd.org/doc/doxygen/bugs.html
- Info : only one transport option; autoselect 'jtag'
- Info : Listening on port 6666 for tcl connections
- Info : Listening on port 4444 for telnet connections
- Info : clock speed 3000 kHz
- Info : JTAG tap: bcm4712.cpu tap/device found: 0x1471217f (mfg: 0x0bf (Broadcom), part: 0x4712, ver: 0x1)
- Info : starting gdb server for bcm4712.cpu on 3333
- Info : Listening on port 3333 for gdb connections
复制代码 3.2.5 最后telnet到127.0.0.1:4444 就可以了
- Open On-Chip Debugger
- > debug_level 3
- debug_level: 3
- > flash probe 0
- Target not halted
- > halt
- MIPS32 only implemented
- target halted in MIPS32 mode due to debug-request, pc: 0xbfc00384
- > flash probe 0
- Flash Manufacturer/Device: 0x00c2 0x22a8
- flash 'cfi' found at 0xbfc00000
- > flash info 0
- #0 : cfi at 0xbfc00000, size 0x00400000, buswidth 2, chipwidth 2
- # 0: 0x00000000 (0x2000 8kB) not protected
- # 1: 0x00002000 (0x2000 8kB) not protected
- # 2: 0x00004000 (0x2000 8kB) not protected
- # 3: 0x00006000 (0x2000 8kB) not protected
- # 4: 0x00008000 (0x2000 8kB) not protected
- # 5: 0x0000a000 (0x2000 8kB) not protected
- # 6: 0x0000c000 (0x2000 8kB) not protected
- # 7: 0x0000e000 (0x2000 8kB) not protected
- # 8: 0x00010000 (0x10000 64kB) not protected
- # 9: 0x00020000 (0x10000 64kB) not protected
- # 10: 0x00030000 (0x10000 64kB) not protected
- # 11: 0x00040000 (0x10000 64kB) not protected
- # 12: 0x00050000 (0x10000 64kB) not protected
- # 13: 0x00060000 (0x10000 64kB) not protected
- # 14: 0x00070000 (0x10000 64kB) not protected
- # 15: 0x00080000 (0x10000 64kB) not protected
- # 16: 0x00090000 (0x10000 64kB) not protected
- # 17: 0x000a0000 (0x10000 64kB) not protected
- # 18: 0x000b0000 (0x10000 64kB) not protected
- # 19: 0x000c0000 (0x10000 64kB) not protected
- # 20: 0x000d0000 (0x10000 64kB) not protected
- # 21: 0x000e0000 (0x10000 64kB) not protected
- # 22: 0x000f0000 (0x10000 64kB) not protected
- # 23: 0x00100000 (0x10000 64kB) not protected
- # 24: 0x00110000 (0x10000 64kB) not protected
- # 25: 0x00120000 (0x10000 64kB) not protected
- # 26: 0x00130000 (0x10000 64kB) not protected
- # 27: 0x00140000 (0x10000 64kB) not protected
- # 28: 0x00150000 (0x10000 64kB) not protected
- # 29: 0x00160000 (0x10000 64kB) not protected
- # 30: 0x00170000 (0x10000 64kB) not protected
- # 31: 0x00180000 (0x10000 64kB) not protected
- # 32: 0x00190000 (0x10000 64kB) not protected
- # 33: 0x001a0000 (0x10000 64kB) not protected
- # 34: 0x001b0000 (0x10000 64kB) not protected
- # 35: 0x001c0000 (0x10000 64kB) not protected
- # 36: 0x001d0000 (0x10000 64kB) not protected
- # 37: 0x001e0000 (0x10000 64kB) not protected
- # 38: 0x001f0000 (0x10000 64kB) not protected
- # 39: 0x00200000 (0x10000 64kB) not protected
- # 40: 0x00210000 (0x10000 64kB) not protected
- # 41: 0x00220000 (0x10000 64kB) not protected
- # 42: 0x00230000 (0x10000 64kB) not protected
- # 43: 0x00240000 (0x10000 64kB) not protected
- # 44: 0x00250000 (0x10000 64kB) not protected
- # 45: 0x00260000 (0x10000 64kB) not protected
- # 46: 0x00270000 (0x10000 64kB) not protected
- # 47: 0x00280000 (0x10000 64kB) not protected
- # 48: 0x00290000 (0x10000 64kB) not protected
- # 49: 0x002a0000 (0x10000 64kB) not protected
- # 50: 0x002b0000 (0x10000 64kB) not protected
- # 51: 0x002c0000 (0x10000 64kB) not protected
- # 52: 0x002d0000 (0x10000 64kB) not protected
- # 53: 0x002e0000 (0x10000 64kB) not protected
- # 54: 0x002f0000 (0x10000 64kB) not protected
- # 55: 0x00300000 (0x10000 64kB) not protected
- # 56: 0x00310000 (0x10000 64kB) not protected
- # 57: 0x00320000 (0x10000 64kB) not protected
- # 58: 0x00330000 (0x10000 64kB) not protected
- # 59: 0x00340000 (0x10000 64kB) not protected
- # 60: 0x00350000 (0x10000 64kB) not protected
- # 61: 0x00360000 (0x10000 64kB) not protected
- # 62: 0x00370000 (0x10000 64kB) not protected
- # 63: 0x00380000 (0x10000 64kB) not protected
- # 64: 0x00390000 (0x10000 64kB) not protected
- # 65: 0x003a0000 (0x10000 64kB) not protected
- # 66: 0x003b0000 (0x10000 64kB) not protected
- # 67: 0x003c0000 (0x10000 64kB) not protected
- # 68: 0x003d0000 (0x10000 64kB) not protected
- # 69: 0x003e0000 (0x10000 64kB) not protected
- # 70: 0x003f0000 (0x10000 64kB) not protected
- CFI flash: mfr: 0x00c2, id:0x22a8
- qry: 'QRY', pri_id: 0x0002, pri_addr: 0x0040, alt_id: 0x0000, alt_addr: 0x0000
- Vcc min: 2.7, Vcc max: 3.6, Vpp min: 0.0, Vpp max: 0.0
- typ. word write timeout: 16 us, typ. buf write timeout: 1 us, typ. block erase timeout: 1024 ms, typ. chip erase timeout: 1 ms
- max. word write timeout: 512 us, max. buf write timeout: 1 us, max. block erase timeout: 16384 ms, max. chip erase timeout: 1 ms
- size: 0x400000, interface desc: 2, max buffer write size: 0x1
- Spansion primary algorithm extend information:
- pri: 'PRI', version: 1.1
- Silicon Rev.: 0x0, Address Sensitive unlock: 0x0
- Erase Suspend: 0x2, Sector Protect: 0x4
- VppMin: 11.5, VppMax: 12.5
复制代码- > scan_chain
- TapName Enabled IdCode Expected IrLen IrCap IrMask
- -- ------------------- -------- ---------- ---------- ----- ----- ------
- 0 bcm4712.cpu Y 0x1471217f 0x1471217f 8 0x01 0x1f
- > targets
- TargetName Type Endian TapName State
- -- ------------------ ---------- ------ ------------------ ------------
- 0* bcm4712.cpu mips_m4k little bcm4712.cpu halted
- >
复制代码
再后面的我也帮不了你了,我也对openocd 不熟悉。并且不同的MCU要相应的配置文件。网上也能搜到很多的常用MCU配置文件。
上手简单入门就不简单了。
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?立即注册
×
|