Table of Contents
JTAG access
Overview
As detailed on the Schematic (released in the FCC documents), the Nabaztag:tag board breaks out the JTAG port. Let's see how to use it to access the CPU to be able to flash and debug some code !
Hardware
JTAG probe: BusBlaster
I think you can use any JTAG probe that's 3.3v compatible, if you have one. If you don't, I recommend the BusBlaster v3. It's a great board, versatile and cheap; oh ! and it's also open hardware and open source !
One of the best features of the BusBlaster is you can reconfigure the CPLD to emulate any FT2232 JTAG probe. I think it comes pre-programmed with a JTAGkey buffer logic, which should work fine for this application.
Note: My BusBlaster (a v4 !) uses a KT-link buffer logic, because I needed the SWD capabilities for another application. If the following steps don't work, try to reprogram the CPLD with a KT-link buffer and try again !
You also need some jumper wires (also called Dupont wire sometimes) F/F to connect the BusBlaster to the Nabaztag
Nabaztag:tag
Well, of course you need a Nabaztag:tag ( a version 2 ). You also must be ready to open it.
Grab a small flat screwdriver and remove the four screws on the base. You can also use a triangle screwdriver if you happen to have one, I don't.
And this is about it. the JTAG header is on the top left corner of the board.
Pinout is the following (top to bottom):
Nabaztag Pin | Function | BusBlaster pin | 1 | 3.3v | VTG (or NC) | 2 | Gnd | GND | 3 | nTRST | TRST | 4 | TDI | TDI | 5 | TMS | TMS | 6 | TCK | TCK | 7 | TDO | TDO | 8 | RESETN | TSRST |
---|
Software: OpenOCD
Patch and compile OpenOCD
The Nabaztag:tag uses a ML67Q4051 micro-controller which is not on the supported hardware list of OpenOCD. It's an ARM7TDMI variant, so I thought it should be possible to use it. I spent some time hacking code and I eventually ended up with a patch good enough to:
- access the CPU registers, which means debug is possible !
- read and write the Internal flash
- First version was slow as hell: 5 to 10 minutes to read/write the whole flash
- Second version is much better: under 5 seconds. I had to write ARM assembler code to be run from RAM to write the Flash, which was a rather painful but interesting experience…
So ! Download OpenOCD 0.8.0 from their website, or here (mirror): openocd 0.8.0
Download the patch: openocd_0.8.0_oki
Prepare
sudo aptitude install libtool autoconf automake libusb-1.0-0-dev gzip -d openocd_0.8.0_oki.patch.gz tar xzvf ./openocd-0.8.0.tar.gz
Patch
cd openocd-0.8.0/ patch -p1 < ../openocd_0.8.0_oki.patch
Compile
autoreconf -fi ./configure make
When it's done, you should have a binary named openocd in the src/
folder
Usage
Now that you have a patched version of OpenOCD capable of debugging the OKI chip, you need some configuration files. Here are mine: openocd_nab
Note: You might need to tweak them a little bit, especially the interface/ftdi/dp_busblaster.cfg
to get you BusBlaster recognized by OpenOCD. I think I renamed my BusBlaster, and OpenOCD checks the name… Shoot me an email if ou need some help.
Once you have the config files, just copy the openocd binary in the same folder and then it's as easy as:
./openocd -f nabaztagv2.cfg
GDB
I think you can use telnet to interact with OpenOCD, but I use GDB… Here are a few notes:
Launch and connect
arm-none-eabi-gdb
or, if you have an .elf file to debug/flash
arm-none-eabi-gdb ./path/to/file.elf
Once in GDB
tar ext :3333
The Nabaztag should have “frozen”. you can (always) restart it with
mon reset run
Dump the flash
mon reset init dump ihex memory dump.hex 0x08000000 0x08020000 # Get an hex file, useful for analyzing it dump binary memory dump.bin 0x08000000 0x08020000 # Get a bin file, useful for backup and restore
Note: The files end up in the same folder as the openocd binary (or the folder from where you run it)
Write an image
mon reset init mon flash write_image erase ./dump.bin 0x08000000
Note: The files should be in the same folder as the openocd binary (or the folder from where you run it)
Pictures
Flash an elf file
If you started GDB with an elf file (or if you loaded one), you can flash it on the Nabaztag by simply running:
load