1By Vlad Lungu vlad.lungu@windriver.com 2007-Oct-01 2---------------------------------------- 3Qemu is a full system emulator. See 4 5http://www.nongnu.org/qemu/ 6 7Limitations & comments 8---------------------- 9Supports the "-M mips" configuration of qemu: serial,NE2000,IDE. 10Supports little and big endian as well as 32 bit and 64 bit. 11Derived from au1x00 with a lot of things cut out. 12 13Supports emulated flash (patch Jean-Christophe PLAGNIOL-VILLARD) with 14recent qemu versions. When using emulated flash, launch with 15-pflash <filename> and erase mips_bios.bin. 16 17 18Notes for the Qemu MIPS port 19---------------------------- 20 21I) Example usage: 22 23Using u-boot.bin as ROM (replaces Qemu monitor): 24 2532 bit, big endian: 26# make qemu_mips 27# qemu-system-mips -M mips -bios u-boot.bin -nographic 28 2932 bit, little endian: 30# make qemu_mipsel 31# qemu-system-mipsel -M mips -bios u-boot.bin -nographic 32 3364 bit, big endian: 34# make qemu_mips64 35# qemu-system-mips64 -cpu MIPS64R2-generic -M mips -bios u-boot.bin -nographic 36 3764 bit, little endian: 38# make qemu_mips64el 39# qemu-system-mips64el -cpu MIPS64R2-generic -M mips -bios u-boot.bin -nographic 40 41or using u-boot.bin from emulated flash: 42 43if you use a qemu version after commit 4224 44 45create image: 46# dd of=flash bs=1k count=4k if=/dev/zero 47# dd of=flash bs=1k conv=notrunc if=u-boot.bin 48start it (see above): 49# qemu-system-mips[64][el] [-cpu MIPS64R2-generic] -M mips -pflash flash -nographic 50 512) Download kernel + initrd 52 53On ftp://ftp.denx.de/pub/contrib/Jean-Christophe_Plagniol-Villard/qemu_mips/ 54you can downland 55 56#config to build the kernel 57qemu_mips_defconfig 58#patch to fix mips interrupt init on 2.6.24.y kernel 59qemu_mips_kernel.patch 60initrd.gz 61vmlinux 62vmlinux.bin 63System.map 64 654) Generate uImage 66 67# tools/mkimage -A mips -O linux -T kernel -C gzip -a 0x80010000 -e 0x80245650 -n "Linux 2.6.24.y" -d vmlinux.bin.gz uImage 68 695) Copy uImage to Flash 70# dd if=uImage bs=1k conv=notrunc seek=224 of=flash 71 726) Generate Ide Disk 73 74# dd of=ide bs=1k cout=100k if=/dev/zero 75 76# sfdisk -C 261 -d ide 77# partition table of ide 78unit: sectors 79 80 ide1 : start= 63, size= 32067, Id=83 81 ide2 : start= 32130, size= 32130, Id=83 82 ide3 : start= 64260, size= 4128705, Id=83 83 ide4 : start= 0, size= 0, Id= 0 84 857) Copy to ide 86 87# dd if=uImage bs=512 conv=notrunc seek=63 of=ide 88 898) Generate ext2 on part 2 on Copy uImage and initrd.gz 90 91# Attached as loop device ide offset = 32130 * 512 92# losetup -o 16450560 -f ide 93# Format as ext2 ( arg2 : nb blocks) 94# mke2fs /dev/loop0 16065 95# losetup -d /dev/loop0 96# Mount and copy uImage and initrd.gz to it 97# mount -o loop,offset=16450560 -t ext2 ide /mnt 98# mkdir /mnt/boot 99# cp {initrd.gz,uImage} /mnt/boot/ 100# Umount it 101# umount /mnt 102 1039) Set Environment 104 105setenv rd_start 0x80800000 106setenv rd_size 2663940 107setenv kernel BFC38000 108setenv oad_addr 80500000 109setenv load_addr2 80F00000 110setenv kernel_flash BFC38000 111setenv load_addr_hello 80200000 112setenv bootargs 'root=/dev/ram0 init=/bin/sh' 113setenv load_rd_ext2 'ide res; ext2load ide 0:2 ${rd_start} /boot/initrd.gz' 114setenv load_rd_tftp 'tftp ${rd_start} /initrd.gz' 115setenv load_kernel_hda 'ide res; diskboot ${load_addr} 0:2' 116setenv load_kernel_ext2 'ide res; ext2load ide 0:2 ${load_addr} /boot/uImage' 117setenv load_kernel_tftp 'tftp ${load_addr} /qemu_mips/uImage' 118setenv boot_ext2_ext2 'run load_rd_ext2; run load_kernel_ext2; run addmisc; bootm ${load_addr}' 119setenv boot_ext2_flash 'run load_rd_ext2; run addmisc; bootm ${kernel_flash}' 120setenv boot_ext2_hda 'run load_rd_ext2; run load_kernel_hda; run addmisc; bootm ${load_addr}' 121setenv boot_ext2_tftp 'run load_rd_ext2; run load_kernel_tftp; run addmisc; bootm ${load_addr}' 122setenv boot_tftp_hda 'run load_rd_tftp; run load_kernel_hda; run addmisc; bootm ${load_addr}' 123setenv boot_tftp_ext2 'run load_rd_tftp; run load_kernel_ext2; run addmisc; bootm ${load_addr}' 124setenv boot_tftp_flash 'run load_rd_tftp; run addmisc; bootm ${kernel_flash}' 125setenv boot_tftp_tftp 'run load_rd_tftp; run load_kernel_tftp; run addmisc; bootm ${load_addr}' 126setenv load_hello_tftp 'tftp ${load_addr_hello} /examples/hello_world.bin' 127setenv go_tftp 'run load_hello_tftp; go ${load_addr_hello}' 128setenv addmisc 'setenv bootargs ${bootargs} console=ttyS0,${baudrate} rd_start=${rd_start} rd_size=${rd_size} ethaddr=${ethaddr}' 129setenv bootcmd 'run boot_tftp_flash' 130 13110) Now you can boot from flash, ide, ide+ext2 and tfp 132 133# qemu-system-mips -M mips -pflash flash -monitor null -nographic -net nic -net user -tftp `pwd` -hda ide 134 135II) How to debug U-Boot 136 137In order to debug U-Boot you need to start qemu with gdb server support (-s) 138and waiting the connection to start the CPU (-S) 139 140# qemu-system-mips -S -s -M mips -pflash flash -monitor null -nographic -net nic -net user -tftp `pwd` -hda ide 141 142in an other console you start gdb 143 1441) Debugging of U-Boot Before Relocation 145 146Before relocation, the addresses in the ELF file can be used without any problems 147by connecting to the gdb server localhost:1234 148 149# mipsel-unknown-linux-gnu-gdb u-boot 150GNU gdb 6.6 151Copyright (C) 2006 Free Software Foundation, Inc. 152GDB is free software, covered by the GNU General Public License, and you are 153welcome to change it and/or distribute copies of it under certain conditions. 154Type "show copying" to see the conditions. 155There is absolutely no warranty for GDB. Type "show warranty" for details. 156This GDB was configured as "--host=i486-linux-gnu --target=mipsel-unknown-linux-gnu"... 157(gdb) target remote localhost:1234 158Remote debugging using localhost:1234 159_start () at start.S:64 16064 RVECENT(reset,0) /* U-Boot entry point */ 161Current language: auto; currently asm 162(gdb) b board.c:289 163Breakpoint 1 at 0xbfc00cc8: file board.c, line 289. 164(gdb) c 165Continuing. 166 167Breakpoint 1, board_init_f (bootflag=<value optimized out>) at board.c:290 168290 relocate_code (addr_sp, id, addr); 169Current language: auto; currently c 170(gdb) p/x addr 171$1 = 0x87fa0000 172 1732) Debugging of U-Boot After Relocation 174 175For debugging U-Boot after relocation we need to know the address to which 176U-Boot relocates itself to 0x87fa0000 by default. 177And replace the symbol table to this offset. 178 179(gdb) symbol-file 180Discard symbol table from `/private/u-boot-arm/u-boot'? (y or n) y 181Error in re-setting breakpoint 1: 182No symbol table is loaded. Use the "file" command. 183No symbol file now. 184(gdb) add-symbol-file u-boot 0x87fa0000 185add symbol table from file "u-boot" at 186 .text_addr = 0x87fa0000 187(y or n) y 188Reading symbols from /private/u-boot-arm/u-boot...done. 189Breakpoint 1 at 0x87fa0cc8: file board.c, line 289. 190(gdb) c 191Continuing. 192 193Program received signal SIGINT, Interrupt. 1940xffffffff87fa0de4 in udelay (usec=<value optimized out>) at time.c:78 19578 while ((tmo - read_c0_count()) < 0x7fffffff) 196