View Single Post
Old 02 August 2014, 16:10   #1
Toni Wilen
WinUAE developer
Join Date: Aug 2001
Location: Hämeenlinna/Finland
Age: 43
Posts: 20,650
CyberStormPPC/BlizzardPPC register information reversing

I am still stuck with undocumented register bits..

PPC code first does something (reads and writes to FFF0xxxx memory which appears to work correctly), then it does following CyberstormPPC/BlizzardPPC register writes:

Write 0x85 to F60030 (IPL EMU)
Write 0x85 to F60030
Write 0x85 to F60030
Write 0x85 to F60030
Write 0x01 to F60020 (LOCK)

Above PPC code looks very boring, all written values are hardcoded: (Yes, PPC disassembler has been added. Unfortunately.)
FFF04964  38000085  li          r0, 133
FFF04968  98040030  stb         r0, 48 (r4)
FFF0496C  7C0004AC  sync
FFF04970  98040030  stb         r0, 48 (r4)
FFF04974  7C0004AC  sync
FFF04978  98040030  stb         r0, 48 (r4)
FFF0497C  7C0004AC  sync
FFF04980  98040030  stb         r0, 48 (r4)
FFF04984  7C0004AC  sync
FFF04988  38000001  li          r0, 1
FFF0498C  98040020  stb         r0, 32 (r4)
FFF04990  4C00012C  isync
FFF04994  7C0004AC  sync
FFF04998  4E800020  blr
Write to IPL EMU makes no sense, bit 7 is set so it is "set" mode, but IPL EMU already has all 3 low bits set by earlier boot code. There has to be some unknown side-effect.

LOCK bit 0 is totally undocumented. I assume it is some kind of strobe bit for triggering interrupt. But what kind of interrupt? I tried to trigger m68k level 2 interrupt (m68k has PPC related interrupt added), setting correct bits in F60008 so that interrupt handler accepts it but unfortunately interrupt handler only gets confused and accesses uninitialized memory. So apparently it isn't expecting interrupt, at least not yet.

BPPC boot PPC code and ppctest.dms PowerUP test run identical code sequence.

Last edited by Toni Wilen; 06 August 2014 at 09:36.
Toni Wilen is online now  
AdSense AdSense  
Page generated in 0.09774 seconds with 9 queries