Open fxsheep opened 1 year ago
stephan-gh
commented
1 year ago Nice work figuring this out!
This may deserve a project on its own(adapters & devices list, openocd configurations), but it would also be great to have an 'enabler' implemented in lk2nd as a oneliner oem command.
I guess you can use fastboot oem writel 0x0119e000 0x3c5 as one liner? :D
It would be great to document this properly somewhere, also together with instructions for OpenOCD etc.
fxsheep
commented
1 year ago Yeah, the actual part of toggling QDSD registers can be done easily, but since QDSD documentation in the TRM is rather scarce, how it actually works is still not clear. I've got varying successibility on different devices. My assumption is that SDC2 power has to be enabled(which means this can be device specific), along with some clocks. Meanwhile, a look at CoreSight driver in downstream kernel seems to imply that NIDnT actually support automatic switching(maybe with a special GPIO like card detect?), but again there's no clear document about this.
I'm going to document this once I got stuff clearer.
stephan-gh
commented
1 year ago My assumption is that SDC2 power has to be enabled(which means this can be device specific)
FWIW: The regulators for SDC2 are typically powered up by default during boot on MSM8916. We have SD card support in lk2nd without turning on any regulators. The regulators may turn off any time though once Linux is started (if no SD card is inserted).
along with some clocks
Not sure about the boot up state for those, they are probably off by default. But it seems a bit strange that the debug logic would receive the clock intended for the SDC2 SDHCI controller. Looks like downstream references the regulators typically used for SDC2 and the QDSS clocks managed by RPM: https://github.com/msm8916-mainline/linux-downstream/blob/b20608408caff817ec874f325127b07609fbaeb8/arch/arm/boot/dts/qcom/msm8916-coresight.dtsi#L55-L64
There is also pinctrl (mainly configuring pull up or pull down on the SDC pins). Downstream suggests this should be set depending on the selected mode: https://github.com/msm8916-mainline/linux-downstream/blob/b20608408caff817ec874f325127b07609fbaeb8/arch/arm/boot/dts/qcom/msm8916-qrd.dtsi#L184-L205
According to the TRM(
lm80-p0436-100_d_snapdragon_410e_apq8016e_tech_reference_manual_revd.pdf, page 3357), msm8916 supports NIDnT(Narrow Interface for Debug and Test) feature, implemented in a QDSD(Qualcomm Debug over SD?) block inside TLMM.Basically, this means that SWD, UART and Trace signals can be routed to microSD slot. On an unfused device, SWD is especially useful for debugging purposes. This is potentionally quite helpful for people who want to contribute msm8916-mainline and relevant low-level projects, but only have a regular OEM device(which normally doesn't have convenient access to JTAG and UART) that has secure boot disabled.
After some trial and error I found the following procedure work for me:
TLMM_QDSD_CONFIG_CTL) , e.g.devmem 0x0119e000 32 0x3c5. (This switches to SWD+UART mode)and I've got Debug ROM table via openocd:
QDSS needs some weird options to work, but with current mainline OpenOCD support, it's possible to debug:
While it's not yet possible to debug:
This may deserve a project on its own(adapters & devices list, openocd configurations), but it would also be great to have an 'enabler' implemented in lk2nd as a oneliner
oemcommand. ~(Requires TZ to have no memory protection enabled, e.g. using ATF)~The usage of QDSD/NIDnT registers are documented in downstream kernel: https://github.com/LineageOS/android_kernel_wingtech_msm8916/blob/beb5692ed25808aebce7b57e318cf8bd33e645d8/drivers/coresight/coresight-nidnt.h#L21 https://github.com/LineageOS/android_kernel_wingtech_msm8916/blob/beb5692ed25808aebce7b57e318cf8bd33e645d8/drivers/coresight/coresight-nidnt.c#L155