nesdev.org

nocash wrote:Ooops, yes, I didn't have the .fix directive in diag3ds for fixing the sha256's, thanks.
Immeditialy powering down in diag3ds happens if you have button a/b pressed (I guess you did so in fastboot menu).
Well, at least you do now know how immediately powering off looks like, without the led fade-out delay.

nocash wrote:I've spent the whole day on trying to figure out why wifiboot doesn't work with fastboot. I didn't found the problem. But noticed some other issues.

Fastboot seems to destroy the "LDR PC,[$+4]" opcodes in the exception handlers. That's causing diag3ds to hang upon data aborts (in the memdump screens) (because it's setting only vector at address $+4, but not the LDR opcode in the preceeding word).

nocash wrote:Fastboot seems to have some of the New3DS-only CFG11 registers set to nonzero values (unlike when booting from bootrom).
For example, reading 10141300h (CFG11_MPCORE_CLKCNT) returns 00018001h. That would be bit16=unknown?, bit15=busy???, bit0=enable something.
I've tried to reset the New3DS-related CFG11 registers to zero, but that didn't help (but I don't know if it's that easy, or if one must reset them in a specfic order).

nocash wrote:Running out of ideas, I've tried to add a huge wait-by-loop delay in wifiboot (to see how fast the arm11 cpu is running; with code cache enabled). The delay takes 10s when booted from bootrom, but with fastboot it comes out as 15 second delay.

If you have hardmod, then you could simply install wifiboot as firm0, I am quite optimistic that it will boot perfectly (or if it doesn't work then you would need the hardmod to uninstall it).

nocash wrote:I've made a database with some of the most important initial bootrom register values, mostly AMR9 registers, plus ARM11 IRQ registers. And a selftest function that displays all mis-initialized registers (ie. showing addresss, correct, incorrect values):

diag3ds.ZIP

The main issue that breaks wifiboot seems to be that fastboot is routing all ARM11 IRQs to "target=nowhere" (instead of "target=CPU0"). The IRQ priorities are also set to non-default values (but that shouldn't disturb in case of wifiboot).

nocash wrote:Okay, if wifiboot is working when you boot it as firm0 (or change the IRQ targets mentioned above)... what is working exactly?

Uploading and starting .firm files is working, right?

nocash wrote:Are the display glitches still occurring?
And if yes, does the bootrom's blue-screen have those glitches, too?
Asking because my code is based on the bootrom screen output.

nocash wrote:The hexdump error is from an unexpected WMI_DISCONNECT_EVENT (with reason value AUTH_FAILED). I have never experienced that with my APs (except perhaps on bad WEP passwords, but not on simple re-connections) (well, and I do occassionally get disconnected after several minutes of inactivity, not sure why, the code should send dummy messages every once and then to prevent that).

I'll add a WMI_DISCONNECT_CMD after successful upload in next version, maybe that will convince your AP that it may process new re-connections thereafter.
Of course, I can't do that if wifiboot has crashed (that will hopefully no longer happen, when fixing the IRQ targets).
And, the very nature of mobile wifi is that connections can get lost without proper disconnection. If your AP is really insisting on disconnections, and refusing re-connection otherwise - that might be a bit frustating.

I could also add retries in the connect function, but if that works depends on how often or long your AP is refusing connections...
Does the hexdump error occur only ONCE, on the first reboot after the upload?
Or does it occur REPEATEDLY upon each and every reboot, until some timeout has ellapsed after some minute(s)?

In the latter case, automatic retries won't help too much.

nocash wrote:The ARM datasheet has this sentence -One consequence of the strict comparison is that a Pending interrupt with the lowest possible priority, 0xF, never causes the assertion of an interrupt request to MP11 CPUs, permitting an extra level of interrupt enabling
It isn't quite clear what they are trying to say about which strict comparision, but it might mean that priority 0Fh is disabling the interrupt. The default priority setting when booting firm files is 08h, so you must use that, too, for booting firm files. After all, you do already have code for cleaning up things, you just need to change that code to use the correct values in the cleanup. There are several good reasons for maintaining compatibility with the original bootrom.

profi200 wrote:CARDSPI has been fully figured out by the way and 3dbrew has been updated with all details including a little bug.

Common FIRM Load areas are:
  08006000h 0.9M  ARM9-WRAM  (common for ARM9 code) (not first/last some bytes)
  18000000h 6.0M  VRAM       (eg. used by GBA/DSi firmwares)
  1FF00000h 0.5M  DSP Memory (eg. used by FIRM0, initially mapped to ARM9 side)
  1FF80000h 0.5M  AXI RAM    (common for ARM11 code)
With that areas, a FIRM file can be max 7.9Mbyte (if it is loaded as file, the
default size of the firm0/firm1 partitions is only 4Mbyte each).
There is a blacklist in bootrom preventing some memory regions:
  07FFB800h..07FFFBFFh  ARM9 ITCM part (otp, mbr, keys...)
  FFF00000h..FFF02FFFh  ARM9 DTCM (first 3000h) (arm9 data)
  FFF03000h..FFF03FFFh  ARM9 DTCM (last 1000h) (arm9 stack)
  080F8000h..080FFFFFh  ARM9 WRAM (last 8000h) (rom card related?)
  08000000h..0800003Fh  ARM9 WRAM (first 40h) (exception vectors, etc)
  20000000h..27FFFFFFh  FCRAM (whole 128MB)
  FFF00000h..1FFFFFFFh  Bugged (size of that area is negative/nonsense)
Moreover, the bootrom doesn't have Main RAM and New3DS memory enabled. And, the
bootrom PU has also disabled some memory areas (though those might pass when
using DMA for loading?).

DDI_0597_ARM_a32_t32_instruction_set_architecture.pdf wrote: CPS, CPSID, CPSIE
Change PE State changes one or more of the PSTATE.{A, I, F} interrupt mask bits and, optionally, the PSTATE.M mode field, without changing any
other PSTATE bits.
CPS is treated as NOP if executed in User mode unless it is defined as being CONSTRAINED UNPREDICTABLE elsewhere in this section.
The PE checks whether the value being written to PSTATE.M is legal. See Illegal changes to PSTATE.M.
It has encodings from the following instruction sets: A32 ( A1 ) and T32 ( T1 and T2 ) .
A1
31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
1 1 1 1 0 0 0 1 0 0 0 0 imod M 0 (0) (0) (0) (0) (0) (0) (0) A I F 0 mode
CPS (imod == 00 && M == 1)
CPS{<q>} #<mode> // (Cannot be conditional)
CPSID (imod == 11 && M == 0)
CPSID{<q>} <iflags> // (Cannot be conditional)
CPSID (imod == 11 && M == 1)
CPSID{<q>} <iflags> , #<mode> // (Cannot be conditional)
CPSIE (imod == 10 && M == 0)
CPSIE{<q>} <iflags> // (Cannot be conditional)
CPSIE (imod == 10 && M == 1)
CPSIE{<q>} <iflags> , #<mode> // (Cannot be conditional)
if mode != '00000' && M == '0' then UNPREDICTABLE;
if (imod<1> == '1' && A:I:F == '000') || (imod<1> == '0' && A:I:F != '000') then UNPREDICTABLE;
enable = (imod == '10'); disable = (imod == '11'); changemode = (M == '1');
affectA = (A == '1'); affectI = (I == '1'); affectF = (F == '1');
if (imod == '00' && M == '0') || imod == '01' then UNPREDICTABLE;

nocash wrote:I would have thought that WMI_SYNCHRONIZE would occur a bit later than WMI_READY_EVENT, but that might be timed a bit differently in NWM versus DSi Launcher (which doesn't use SYNCHRONIZE at all as it's only uploading the firmware). Anyways, the initialization should look as so: BMI commands, then a handful of "weird" handshakes (that are neither BMI nor WMI commands), and then the WMI stuff, with WMI_READY_EVENT and WMI_REGDOMAIN_EVENT, and then (I think thereafter?) WMI_BITRATE, WMI_FRAMERATES and WMI_SYNCHRONIZE etc.
Btw. There are also SDIO logs from DSi browser (in the "DSi Wifi rev-engineering" thread), maybe some of that data is helpful for 3DS, too. Ah, and the DSi wifi-firmware upload... that can be logged in no$gba when having SD/MMC(=and SDIO) logging enabled in the TTY Debug Message window.