1 By Vlad Lungu vlad.lungu (a] windriver.com 2007-Oct-01 2 ---------------------------------------- 3 Qemu is a full system emulator. See 4 5 http://www.nongnu.org/qemu/ 6 7 Limitations & comments 8 ---------------------- 9 Supports the "-M mips" configuration of qemu: serial,NE2000,IDE. 10 Supports little and big endian as well as 32 bit and 64 bit. 11 Derived from au1x00 with a lot of things cut out. 12 13 Supports emulated flash (patch Jean-Christophe PLAGNIOL-VILLARD) with 14 recent qemu versions. When using emulated flash, launch with 15 -pflash <filename> and erase mips_bios.bin. 16 17 18 Notes for the Qemu MIPS port 19 ---------------------------- 20 21 I) Example usage: 22 23 Using u-boot.bin as ROM (replaces Qemu monitor): 24 25 32 bit, big endian: 26 # make qemu_mips 27 # qemu-system-mips -M mips -bios u-boot.bin -nographic 28 29 32 bit, little endian: 30 # make qemu_mipsel 31 # qemu-system-mipsel -M mips -bios u-boot.bin -nographic 32 33 64 bit, big endian: 34 # make qemu_mips64 35 # qemu-system-mips64 -cpu MIPS64R2-generic -M mips -bios u-boot.bin -nographic 36 37 64 bit, little endian: 38 # make qemu_mips64el 39 # qemu-system-mips64el -cpu MIPS64R2-generic -M mips -bios u-boot.bin -nographic 40 41 or using u-boot.bin from emulated flash: 42 43 if you use a qemu version after commit 4224 44 45 create image: 46 # dd of=flash bs=1k count=4k if=/dev/zero 47 # dd of=flash bs=1k conv=notrunc if=u-boot.bin 48 start it (see above): 49 # qemu-system-mips[64][el] [-cpu MIPS64R2-generic] -M mips -pflash flash -nographic 50 51 2) Download kernel + initrd 52 53 On ftp://ftp.denx.de/pub/contrib/Jean-Christophe_Plagniol-Villard/qemu_mips/ 54 you can downland 55 56 #config to build the kernel 57 qemu_mips_defconfig 58 #patch to fix mips interrupt init on 2.6.24.y kernel 59 qemu_mips_kernel.patch 60 initrd.gz 61 vmlinux 62 vmlinux.bin 63 System.map 64 65 4) Generate uImage 66 67 # tools/mkimage -A mips -O linux -T kernel -C gzip -a 0x80010000 -e 0x80245650 -n "Linux 2.6.24.y" -d vmlinux.bin.gz uImage 68 69 5) Copy uImage to Flash 70 # dd if=uImage bs=1k conv=notrunc seek=224 of=flash 71 72 6) Generate Ide Disk 73 74 # dd of=ide bs=1k cout=100k if=/dev/zero 75 76 # sfdisk -C 261 -d ide 77 # partition table of ide 78 unit: sectors 79 80 ide1 : start= 63, size= 32067, Id=83 81 ide2 : start= 32130, size= 32130, Id=83 82 ide3 : start= 64260, size= 4128705, Id=83 83 ide4 : start= 0, size= 0, Id= 0 84 85 7) Copy to ide 86 87 # dd if=uImage bs=512 conv=notrunc seek=63 of=ide 88 89 8) Generate ext2 on part 2 on Copy uImage and initrd.gz 90 91 # Attached as loop device ide offset = 32130 * 512 92 # losetup -o 16450560 -f ide 93 # Format as ext2 ( arg2 : nb blocks) 94 # mke2fs /dev/loop0 16065 95 # losetup -d /dev/loop0 96 # Mount and copy uImage and initrd.gz to it 97 # mount -o loop,offset=16450560 -t ext2 ide /mnt 98 # mkdir /mnt/boot 99 # cp {initrd.gz,uImage} /mnt/boot/ 100 # Umount it 101 # umount /mnt 102 103 9) Set Environment 104 105 setenv rd_start 0x80800000 106 setenv rd_size 2663940 107 setenv kernel BFC38000 108 setenv oad_addr 80500000 109 setenv load_addr2 80F00000 110 setenv kernel_flash BFC38000 111 setenv load_addr_hello 80200000 112 setenv bootargs 'root=/dev/ram0 init=/bin/sh' 113 setenv load_rd_ext2 'ide res; ext2load ide 0:2 ${rd_start} /boot/initrd.gz' 114 setenv load_rd_tftp 'tftp ${rd_start} /initrd.gz' 115 setenv load_kernel_hda 'ide res; diskboot ${load_addr} 0:2' 116 setenv load_kernel_ext2 'ide res; ext2load ide 0:2 ${load_addr} /boot/uImage' 117 setenv load_kernel_tftp 'tftp ${load_addr} /qemu_mips/uImage' 118 setenv boot_ext2_ext2 'run load_rd_ext2; run load_kernel_ext2; run addmisc; bootm ${load_addr}' 119 setenv boot_ext2_flash 'run load_rd_ext2; run addmisc; bootm ${kernel_flash}' 120 setenv boot_ext2_hda 'run load_rd_ext2; run load_kernel_hda; run addmisc; bootm ${load_addr}' 121 setenv boot_ext2_tftp 'run load_rd_ext2; run load_kernel_tftp; run addmisc; bootm ${load_addr}' 122 setenv boot_tftp_hda 'run load_rd_tftp; run load_kernel_hda; run addmisc; bootm ${load_addr}' 123 setenv boot_tftp_ext2 'run load_rd_tftp; run load_kernel_ext2; run addmisc; bootm ${load_addr}' 124 setenv boot_tftp_flash 'run load_rd_tftp; run addmisc; bootm ${kernel_flash}' 125 setenv boot_tftp_tftp 'run load_rd_tftp; run load_kernel_tftp; run addmisc; bootm ${load_addr}' 126 setenv load_hello_tftp 'tftp ${load_addr_hello} /examples/hello_world.bin' 127 setenv go_tftp 'run load_hello_tftp; go ${load_addr_hello}' 128 setenv addmisc 'setenv bootargs ${bootargs} console=ttyS0,${baudrate} rd_start=${rd_start} rd_size=${rd_size} ethaddr=${ethaddr}' 129 setenv bootcmd 'run boot_tftp_flash' 130 131 10) Now you can boot from flash, ide, ide+ext2 and tfp 132 133 # qemu-system-mips -M mips -pflash flash -monitor null -nographic -net nic -net user -tftp `pwd` -hda ide 134 135 II) How to debug U-Boot 136 137 In order to debug U-Boot you need to start qemu with gdb server support (-s) 138 and waiting the connection to start the CPU (-S) 139 140 # qemu-system-mips -S -s -M mips -pflash flash -monitor null -nographic -net nic -net user -tftp `pwd` -hda ide 141 142 in an other console you start gdb 143 144 1) Debugging of U-Boot Before Relocation 145 146 Before relocation, the addresses in the ELF file can be used without any problems 147 by connecting to the gdb server localhost:1234 148 149 # mipsel-unknown-linux-gnu-gdb u-boot 150 GNU gdb 6.6 151 Copyright (C) 2006 Free Software Foundation, Inc. 152 GDB is free software, covered by the GNU General Public License, and you are 153 welcome to change it and/or distribute copies of it under certain conditions. 154 Type "show copying" to see the conditions. 155 There is absolutely no warranty for GDB. Type "show warranty" for details. 156 This GDB was configured as "--host=i486-linux-gnu --target=mipsel-unknown-linux-gnu"... 157 (gdb) target remote localhost:1234 158 Remote debugging using localhost:1234 159 _start () at start.S:64 160 64 RVECENT(reset,0) /* U-Boot entry point */ 161 Current language: auto; currently asm 162 (gdb) b board.c:289 163 Breakpoint 1 at 0xbfc00cc8: file board.c, line 289. 164 (gdb) c 165 Continuing. 166 167 Breakpoint 1, board_init_f (bootflag=<value optimized out>) at board.c:290 168 290 relocate_code (addr_sp, id, addr); 169 Current language: auto; currently c 170 (gdb) p/x addr 171 $1 = 0x87fa0000 172 173 2) Debugging of U-Boot After Relocation 174 175 For debugging U-Boot after relocation we need to know the address to which 176 U-Boot relocates itself to 0x87fa0000 by default. 177 And replace the symbol table to this offset. 178 179 (gdb) symbol-file 180 Discard symbol table from `/private/u-boot-arm/u-boot'? (y or n) y 181 Error in re-setting breakpoint 1: 182 No symbol table is loaded. Use the "file" command. 183 No symbol file now. 184 (gdb) add-symbol-file u-boot 0x87fa0000 185 add symbol table from file "u-boot" at 186 .text_addr = 0x87fa0000 187 (y or n) y 188 Reading symbols from /private/u-boot-arm/u-boot...done. 189 Breakpoint 1 at 0x87fa0cc8: file board.c, line 289. 190 (gdb) c 191 Continuing. 192 193 Program received signal SIGINT, Interrupt. 194 0xffffffff87fa0de4 in udelay (usec=<value optimized out>) at time.c:78 195 78 while ((tmo - read_c0_count()) < 0x7fffffff) 196
