Writing to NVRAM

[qkaiser]

Hi !

I'm currently working with a Siligence TCG300. The device bootloader is unlocked but the CM console is. I worked out the right profile and have read access to both NAND via NandFlashRead and SPI with SpiFlashRead functions from the bootloader, thanks to the awesome interface definition your tool provides :fire:

./bcm2dump -v info /dev/ttyUSB0,115200                                            
detected profile TCG300(bootloader), version 2.5.0beta8
TCG300: Siligence TCG300-D22F
=============================
pssig         0xd22f
blsig         0x0000

ram           0x00000000                            RW
------------------------------------------------------
(no partitions defined)

nvram         0x00000000 - 0x000fffff  (     1 MB)  RO
------------------------------------------------------
bootloader    0x00000000 - 0x0000ffff  (    64 KB)
permnv        0x00010000 - 0x0002ffff  (   128 KB)
dynnv         0x000c0000 - 0x000fffff  (   256 KB)

flash         0x00000000 - 0x07ffffff  (   128 MB)  RO
------------------------------------------------------
linuxapps     0x00100000 - 0x026fffff  (    38 MB)
image1        0x02700000 - 0x036fffff  (    16 MB)
image2        0x03700000 - 0x046fffff  (    16 MB)
linux         0x04700000 - 0x04efffff  (     8 MB)
linuxkfs      0x04f00000 - 0x06efffff  (    32 MB)

I dumped dynnv from nvram, and modified the serial console settings:

./bcm2cfg get /tmp/dynnv.bin bfc
bfc = {
  serial_console_mode = disabled
}

./bcm2cfg set /tmp/dynnv.bin bfc.serial_console_mode 3 /tmp/dynnv.modified.bin         
bfc.serial_console_mode = factory

What I would like to do now is write the modified dynnv back to nvram using SpiFlashWrite, but I'm getting the following output from bcm2dump:

./bcm2dump -v write /dev/ttyUSB0,115200 nvram dynnv /tmp/dynnv.modified.bin    
error: writing to non-ram address space nvram is dangerous; specify -FF to continue

./bcm2dump -FF -v write /dev/ttyUSB0,115200 nvram dynnv /tmp/dynnv.modified.bin
detected profile TCG300(bootloader), version 2.5.0beta8
error: profile TCG300 does not support fast write mode; use -s flag

./bcm2dump -s -FF -v write /dev/ttyUSB0,115200 nvram dynnv /tmp/dynnv.modified.bin
detected profile TCG300(bootloader), version 2.5.0beta8
error: no such rwx: bootloader,nvram,safe

My understanding is that this feature is something that's planned for bcm2util given the references to .write and .erase in some profiles (Cisco EPC3008 and TC7200). Do you have some information on the subject ? Is it something you're working on ?

I haven't looked in the code yet but I'll be happy to assist you in implementing that feature if you'd like.

[qkaiser]

I ended up flashing the SPI flash with SOIC clips and flashrom so implementing that feature for bcm2dump is no longer on the top of my todo list, but happy to help you with this at some point :)

[jclehner]

Hi Quentin! R/W support is for NVRAM implemented in the current master branch, given .write and .erase functions. Since this isn't exactly a safe procedure, it won't work with the -s flag.

For this to work, you'll also have to define:

• .buffer: An address that can be used as a buffer for the NVRAM data.
• .rwcode: An address for the read/write code. Must be aligned to 64k.
• .printf, and either .scanf or .getline and .sscanf

[qkaiser]

Understood :) This should be sufficient so I'm closing the issue.