The ISP doesn't have a programmable processing core, it just takes parameters. It's controlled by either the VPU or ARMs.the first 0x200 bytes are the interrupt vector table, not actual codeCode:
00000000: 0000000000000000: .. :0000 ; bkpt...000001fe: 0000000000000000: .. :0000 ; bkpt00000200: 0000000011100000: .. :00e0 ; version r0
so it makes sense that it would all show up as nulls
when the rom loads that binary, it will jump to 0x8000_0200, after loading it to 0x8000_0000that looks like you ran a QPU disssembler on a VPU binarythe other disassembler (vc4dis) from https://maazl.de/project/vc4asm/doc/index.html ran on the same stock bootcode.bin:Code:
nop.never ra0; mnop.never rb0; read ra0; read rb0; bkpt
the pi3 supports at least 6-7 different instruction sets
the ARM complex can run thumb, arm32, and aarch64
the VPU can run VPU assembly
the QPU can run QPU assembly
the ISP runs some unknown assembly
the VCE also runs another unknown assembly languageyeah, the QPU always uses 64bit opcodes, and each opcode specifies 2 actions to run, with a total of 4 inputs and 2 outputs, plus some control flagsAlso he treats all instructions as 64-bit as stated in the VideoCore QPU document but the first guy actually found there are 16-bit, 32-bit and 48-bit instructions and these apparently are the "general purpose" ones like mov, load, store, etc
the VPU opcodes are 16/32/48/80 bit in size, and always specify a single action to perform
the QPU only gets involved when your using shaders on the v3d coresomebody else already RE'd the dram init codeAnother advice I found is get a very old boot firmware where bootcode.bin loaded the loader.bin and bootcode initialized the SRAM. No clue if that even is gonna work on Pi3B as it is like 2012 or something version.
it was originally over here
and ive since ported it to here
ive not gotten around to digging into the ISP, there are still a lot of unknowns for me
Statistics: Posted by jamesh — Tue Apr 23, 2024 12:33 pm