1By Vlad Lungu vlad.lungu@windriver.com 2007-Oct-01 2---------------------------------------- 3Qemu is a full system emulator. See 4 5http://www.nongnu.org/qemu/ 6 7Limitations & comments 8---------------------- 9Supports the "-M mips" configuration of qemu: serial,NE2000,IDE. 10Supports little and big endian as well as 32 bit and 64 bit. 11Derived from au1x00 with a lot of things cut out. 12 13Supports emulated flash (patch Jean-Christophe PLAGNIOL-VILLARD) with 14recent qemu versions. When using emulated flash, launch with 15-pflash <filename> and erase mips_bios.bin. 16 17 18 19Notes for the Qemu MIPS port 20---------------------------- 21 22I) Example usage: 23 24Using u-boot.bin as ROM (replaces Qemu monitor): 25 2632 bit, big endian: 27# make qemu_mips 28# qemu-system-mips -M mips -bios u-boot.bin -nographic 29 3032 bit, little endian: 31# make qemu_mipsel 32# qemu-system-mipsel -M mips -bios u-boot.bin -nographic 33 3464 bit, big endian: 35# make qemu_mips64 36# qemu-system-mips64 -cpu MIPS64R2-generic -M mips -bios u-boot.bin -nographic 37 3864 bit, little endian: 39# make qemu_mips64el 40# qemu-system-mips64el -cpu MIPS64R2-generic -M mips -bios u-boot.bin -nographic 41 42or using u-boot.bin from emulated flash: 43 44if you use a qemu version after commit 4224 45 46create image: 47# dd of=flash bs=1k count=4k if=/dev/zero 48# dd of=flash bs=1k conv=notrunc if=u-boot.bin 49start it (see above): 50# qemu-system-mips[64][el] [-cpu MIPS64R2-generic] -M mips -pflash flash -nographic 51 522) Download kernel + initrd 53 54On ftp://ftp.denx.de/pub/contrib/Jean-Christophe_Plagniol-Villard/qemu_mips/ 55you can downland 56 57#config to build the kernel 58qemu_mips_defconfig 59#patch to fix mips interrupt init on 2.6.24.y kernel 60qemu_mips_kernel.patch 61initrd.gz 62vmlinux 63vmlinux.bin 64System.map 65 664) Generate uImage 67 68# tools/mkimage -A mips -O linux -T kernel -C gzip -a 0x80010000 -e 0x80245650 -n "Linux 2.6.24.y" -d vmlinux.bin.gz uImage 69 705) Copy uImage to Flash 71# dd if=uImage bs=1k conv=notrunc seek=224 of=flash 72 736) Generate Ide Disk 74 75# dd of=ide bs=1k cout=100k if=/dev/zero 76 77# sfdisk -C 261 -d ide 78# partition table of ide 79unit: sectors 80 81 ide1 : start= 63, size= 32067, Id=83 82 ide2 : start= 32130, size= 32130, Id=83 83 ide3 : start= 64260, size= 4128705, Id=83 84 ide4 : start= 0, size= 0, Id= 0 85 867) Copy to ide 87 88# dd if=uImage bs=512 conv=notrunc seek=63 of=ide 89 908) Generate ext2 on part 2 on Copy uImage and initrd.gz 91 92# Attached as loop device ide offset = 32130 * 512 93# losetup -o 16450560 -f ide 94# Format as ext2 ( arg2 : nb blocks) 95# mke2fs /dev/loop0 16065 96# losetup -d /dev/loop0 97# Mount and copy uImage and initrd.gz to it 98# mount -o loop,offset=16450560 -t ext2 ide /mnt 99# mkdir /mnt/boot 100# cp {initrd.gz,uImage} /mnt/boot/ 101# Umount it 102# umount /mnt 103 1049) Set Environment 105 106setenv rd_start 0x80800000 107setenv rd_size 2663940 108setenv kernel BFC38000 109setenv oad_addr 80500000 110setenv load_addr2 80F00000 111setenv kernel_flash BFC38000 112setenv load_addr_hello 80200000 113setenv bootargs 'root=/dev/ram0 init=/bin/sh' 114setenv load_rd_ext2 'ide res; ext2load ide 0:2 ${rd_start} /boot/initrd.gz' 115setenv load_rd_tftp 'tftp ${rd_start} /initrd.gz' 116setenv load_kernel_hda 'ide res; diskboot ${load_addr} 0:2' 117setenv load_kernel_ext2 'ide res; ext2load ide 0:2 ${load_addr} /boot/uImage' 118setenv load_kernel_tftp 'tftp ${load_addr} /qemu_mips/uImage' 119setenv boot_ext2_ext2 'run load_rd_ext2; run load_kernel_ext2; run addmisc; bootm ${load_addr}' 120setenv boot_ext2_flash 'run load_rd_ext2; run addmisc; bootm ${kernel_flash}' 121setenv boot_ext2_hda 'run load_rd_ext2; run load_kernel_hda; run addmisc; bootm ${load_addr}' 122setenv boot_ext2_tftp 'run load_rd_ext2; run load_kernel_tftp; run addmisc; bootm ${load_addr}' 123setenv boot_tftp_hda 'run load_rd_tftp; run load_kernel_hda; run addmisc; bootm ${load_addr}' 124setenv boot_tftp_ext2 'run load_rd_tftp; run load_kernel_ext2; run addmisc; bootm ${load_addr}' 125setenv boot_tftp_flash 'run load_rd_tftp; run addmisc; bootm ${kernel_flash}' 126setenv boot_tftp_tftp 'run load_rd_tftp; run load_kernel_tftp; run addmisc; bootm ${load_addr}' 127setenv load_hello_tftp 'tftp ${load_addr_hello} /examples/hello_world.bin' 128setenv go_tftp 'run load_hello_tftp; go ${load_addr_hello}' 129setenv addmisc 'setenv bootargs ${bootargs} console=ttyS0,${baudrate} rd_start=${rd_start} rd_size=${rd_size} ethaddr=${ethaddr}' 130setenv bootcmd 'run boot_tftp_flash' 131 13210) Now you can boot from flash, ide, ide+ext2 and tfp 133 134# qemu-system-mips -M mips -pflash flash -monitor null -nographic -net nic -net user -tftp `pwd` -hda ide 135 136II) How to debug U-Boot 137 138In order to debug U-Boot you need to start qemu with gdb server support (-s) 139and waiting the connection to start the CPU (-S) 140 141# qemu-system-mips -S -s -M mips -pflash flash -monitor null -nographic -net nic -net user -tftp `pwd` -hda ide 142 143in an other console you start gdb 144 1451) Debugging of U-Boot Before Relocation 146 147Before relocation, the addresses in the ELF file can be used without any problems 148by connecting to the gdb server localhost:1234 149 150# mipsel-unknown-linux-gnu-gdb u-boot 151GNU gdb 6.6 152Copyright (C) 2006 Free Software Foundation, Inc. 153GDB is free software, covered by the GNU General Public License, and you are 154welcome to change it and/or distribute copies of it under certain conditions. 155Type "show copying" to see the conditions. 156There is absolutely no warranty for GDB. Type "show warranty" for details. 157This GDB was configured as "--host=i486-linux-gnu --target=mipsel-unknown-linux-gnu"... 158(gdb) target remote localhost:1234 159Remote debugging using localhost:1234 160_start () at start.S:64 16164 RVECENT(reset,0) /* U-boot entry point */ 162Current language: auto; currently asm 163(gdb) b board.c:289 164Breakpoint 1 at 0xbfc00cc8: file board.c, line 289. 165(gdb) c 166Continuing. 167 168Breakpoint 1, board_init_f (bootflag=<value optimized out>) at board.c:290 169290 relocate_code (addr_sp, id, addr); 170Current language: auto; currently c 171(gdb) p/x addr 172$1 = 0x87fa0000 173 1742) Debugging of U-Boot After Relocation 175 176For debugging U-Boot after relocation we need to know the address to which 177U-Boot relocates itself to 0x87fa0000 by default. 178And replace the symbol table to this offset. 179 180(gdb) symbol-file 181Discard symbol table from `/private/u-boot-arm/u-boot'? (y or n) y 182Error in re-setting breakpoint 1: 183No symbol table is loaded. Use the "file" command. 184No symbol file now. 185(gdb) add-symbol-file u-boot 0x87fa0000 186add symbol table from file "u-boot" at 187 .text_addr = 0x87fa0000 188(y or n) y 189Reading symbols from /private/u-boot-arm/u-boot...done. 190Breakpoint 1 at 0x87fa0cc8: file board.c, line 289. 191(gdb) c 192Continuing. 193 194Program received signal SIGINT, Interrupt. 1950xffffffff87fa0de4 in udelay (usec=<value optimized out>) at time.c:78 19678 while ((tmo - read_c0_count()) < 0x7fffffff) 197