- probe device: Olimex ARM-USB-OCD-H
- target device: Raspberry Pi 2
- host machine: Ubuntu 15.04
openocd-0.9.0
as debugger host:- probe device driver:
libftd2xx1.1.12
- probe device configuration:
olimex-arm-usb-ocd-h.cfg
(@see below) - target device configuration:
openocd-rpi2.cfg
(@see below)
- probe device driver:
- debug client:
telnet
orgdb
- pin assign between
Olimex ARM-USB-OCD-H
andRaspberry Pi 2
This method is obsolete. By openocd warning message, you should use libftdi.
- download FTDI proprietary D2XX driver for linux from here
- installation guide is here
- extract to ./libftd2xx1.1.12/
- (optional) locate libraries to /usr/local/lib/
sudo cp libftd2xx1.1.12/build/x86_64/libftd2xx.a /usr/local/lib/
sudo cp libftd2xx1.1.12/build/x86_64/libtd2xx.so.1.1.12 /usr/local/lib/
sudo ln -s /usr/local/lib/libtd2xx.so.1.1.12 /usr/local/lib/libftd2xx.so
sudo chmod 0755 /usr/local/lib/libtd2xx.so.1.1.12
Download "openocd-0.9.0 release" from here
$ cd openocd-0.9.0
$ ./configure --enable-maintainer-mode --enable-legacy-ft2232_ftd2xx --with-ftd2xx-lib=static --with-ftd2xx-linux-tardir=../libftd2xx1.1.12
--- src/Makefile.org 2015-07-16 17:51:11.333497970 +0900
+++ src/Makefile 2015-07-16 17:52:06.797236301 +0900
@@ -275,11 +275,11 @@
INSTALL_SCRIPT = ${INSTALL}
INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
LD = /usr/bin/ld -m elf_x86_64
-LDFLAGS = -L/home/tono/OpenOCD/libftd2xx1.1.12/build/x86_64
+LDFLAGS = -L/home/tono/OpenOCD/libftd2xx1.1.12/build/x86_64 -L/lib64
LIBFTDI_CFLAGS =
LIBFTDI_LIBS =
LIBOBJS =
-LIBS = -lftd2xx -lrt -ldl
+LIBS = -lftd2xx -lrt -ldl -lpthread
LIBTOOL = $(SHELL) $(top_builddir)/libtool
LIBTOOL_DEPS = ./ltmain.sh
LIBUSB0_CFLAGS =
$ ldd openocd-0.9.0/src/openocd
linux-vdso.so.1 => (0x00007ffc599bc000)
libusb-0.1.so.4 => /lib/x86_64-linux-gnu/libusb-0.1.so.4 (0x00007f5dace03000)
libusb-1.0.so.0 => /lib/x86_64-linux-gnu/libusb-1.0.so.0 (0x00007f5dacbeb000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f5dac8e3000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f5dac6df000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f5dac4c1000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f5dac0f7000)
libudev.so.1 => /lib/x86_64-linux-gnu/libudev.so.1 (0x00007f5dabee4000)
/lib64/ld-linux-x86-64.so.2 (0x00007f5dad00c000)
# Olimex ARM-USB-OCD-H
# http://www.olimex.com/dev/arm-usb-ocd-h.html
interface ft2232
ft2232_device_desc "Olimex OpenOCD JTAG ARM-USB-OCD-H"
ft2232_layout olimex-jtag
ft2232_vid_pid 0x15ba 0x002b
from here Thanks jitomesky! I bought your book!
# ref: http://www.raspberrypi.org/forums/viewtopic.php?f=72&t=100268
# : http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0464f/ch10s06s01.html
adapter_khz 1000
adapter_nsrst_delay 400
reset_config none
gdb_breakpoint_override hard
if { [info exists CHIPNAME] } {
set _CHIPNAME $CHIPNAME
} else {
set _CHIPNAME rpi2
}
#
# Main DAP
#
if { [info exists DAP_TAPID] } {
set _DAP_TAPID $DAP_TAPID
} else {
set _DAP_TAPID 0x4ba00477
}
jtag newtap $_CHIPNAME dap -irlen 4 -ircapture 0x01 -irmask 0xf -expected-id $_DAP_TAPID
set _TARGETNAME $_CHIPNAME.cpu.0
target create $_TARGETNAME cortex_a -chain-position $_CHIPNAME.dap -coreid 0 -dbgbase 0x80010000
set _TARGETNAME $_CHIPNAME.cpu.1
target create $_TARGETNAME cortex_a -chain-position $_CHIPNAME.dap -coreid 1 -dbgbase 0x80012000
set _TARGETNAME $_CHIPNAME.cpu.2
target create $_TARGETNAME cortex_a -chain-position $_CHIPNAME.dap -coreid 2 -dbgbase 0x80014000
set _TARGETNAME $_CHIPNAME.cpu.3
target create $_TARGETNAME cortex_a -chain-position $_CHIPNAME.dap -coreid 3 -dbgbase 0x80016000
$_TARGETNAME configure -event reset-assert-post "cortex_a dbginit"
$_TARGETNAME configure -event gdb-attach { halt }
$ rmmod ftdi_sio usbserial
$ sudo src/openocd -f olimex-arm-usb-ocd-h.cfg -f openocd-rpi2.cfg
[sudo] password for tono:
Open On-Chip Debugger 0.9.0 (2015-07-16-17:40)
Licensed under GNU GPL v2
For bug reports, read
http://openocd.org/doc/doxygen/bugs.html
Info : only one transport option; autoselect 'jtag'
adapter speed: 1000 kHz
adapter_nsrst_delay: 400
none separate
Warn : Using DEPRECATED interface driver 'ft2232'
Info : Consider using the 'ftdi' interface driver, with configuration files in interface/ftdi/...
Info : device: 6 "2232H"
Info : deviceID: 364511275
Info : SerialNumber: OLYPBH2QA
Info : Description: Olimex OpenOCD JTAG ARM-USB-OCD-H A
Info : max TCK change to: 30000 kHz
Info : clock speed 1000 kHz
Info : JTAG tap: rpi2.dap tap/device found: 0x4ba00477 (mfg: 0x23b, part: 0xba00, ver: 0x4)
Info : rpi2.cpu.0: hardware has 6 breakpoints, 4 watchpoints
Info : rpi2.cpu.1: hardware has 6 breakpoints, 4 watchpoints
Info : rpi2.cpu.2: hardware has 6 breakpoints, 4 watchpoints
Info : rpi2.cpu.3: hardware has 6 breakpoints, 4 watchpoints
Now connection established, you can see the brinking LED on top of ARM-USB-OCD-H.
open another terminal
$ telnet localhost 4444
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Open On-Chip Debugger
> halt
ttbcr 0ttbr0 ca5eaa5attbr1 fd7c7f73
rpi2.cpu.3 rev 5, partnum c07, arch f, variant 0, implementor 41
number of cache level 2
cache l2 present :not supported
rpi2.cpu.3 cluster f core 3 multi core
target state: halted
target halted in ARM state due to debug-request, current mode: Supervisor
cpsr: 0x600001d3 pc: 0x000000c4
MMU: disabled, D-Cache: disabled, I-Cache: disabled
Download gcc-arm-none-eabi-4_9-2015q1-20150306-linux.tar.bz2 or later from here .
How to enable debugging in HYP-mode
Vanilla OpenOCD-0.9.0 failed to break
Can't break in HYP mode. (Supervisor is breakable. So, my JTAG architecture is works fine.)
What's wrong?
OpenOCD v0.9.0 (released at 2015-05-17)
I could not find useful information.
I have to learn more about breakpoint management under HYP.
10.4.6. Breakpoint Control Registers > DBGBCR
C11.11.2 DBGBCR, Breakpoint Control Registers (page C11-2233)
SC, bits[15:14], Implementation includes the Security Extensions
Security state control. In an implementation that includes the Security Extensions, this field enables
the breakpoint to be conditional on the security state of the processor.
This field is used with the HMC, Hyp mode control, and PMC, Privileged mode control, fields. See
Breakpoint state control fields on page C11-2217 for possible values.
This field must be programmed to 0b00 if DBGBCR.BT is programmed for Linked Context match.
If this is not done, the generation of debug events by this breakpoint is UNPREDICTABLE .
Note
When this field is set to a value other than 0b00 , the SSC field controls the processor security state
in which the access matches, not the required security attribute of the access.
See also Generation of debug events on page C3-2076.
HMC, bit[13], Implementation includes the Virtualization Extensions
Hyp mode control bit.
This field is used with the SSC, Security state control, and PMC, Privileged mode control, fields.
See Breakpoint state control fields on page C11-2217 for possible values.
This field must be programmed to 0 if DBGBCR.BT is programmed for Linked Context match. If
this is not done, the generation of debug events by this breakpoint is UNPREDICTABLE .
PMC, bits[2:1], Privileged mode control.
This field enables breakpoint matching conditional on the mode of the
processor.
This field is used with the SSC, Security state control, and HMC, Hyp mode control, fields. See
Breakpoint state control fields on page C11-2217 for possible values.
This field must be programmed to 0b11 if DBGBCR.BT is programmed for Linked Context match.
If this is not done, the generation of debug events by this breakpoint is UNPREDICTABLE .
E, bit[0], Breakpoint enable.
The meaning of this bit is: 1 = Breakpoint enabled.
A breakpoint never generates debug events when it is disabled.
BAS, bits[8:5], Byte address select.
This field enables match or mismatch comparisons on only certain bytes of the word address held in the DBGBVR.
1111 ... Breakpoint programmed for Match by Hit
Table C11-15 Breakpoint state control
value for DBGBCR to hit HYP
0b 0010.0001.1110.0111
=0x21E7
Table C11-5 Software debug event registers
C6.4.1 Using CP14 to access debug registers (page C6-2122)
The form of the MRC and MCR instructions used for accessing debug registers through the CP14 interface is:
Where
<Rt>
refers to any of the ARM core registersR0-R14
. Use ofR13
is UNPREDICTABLE in Thumb and ThumbEE states, and is deprecated in ARM state.<CRn> , <CRm> , and <opc2>
are mapped from the debug register number as shown in Figure C6-1Table C6-3 Mapping of CP14 MCR and MRC instruction arguments to registers
OpenOCD command
MRC p14, 0, r2, c0, c3, 5
rpi2.cpu3 arm mrc 14 0 0 3 5
MRC p14, 0, r2, c0, c3, 4
rpi2.cpu3 arm mrc 14 0 0 3 4
16 Architecture and Core Commands > 16.2 Generic ARM > mrc
rpi2.cpu3 arm mrc <cpnum> <opc1> <CRn> <CRm> <opc2>
<cpnum>
... 14 (fixed)<opc1>
... 0 (fixed)<CRn>
... 0 (fixed)<CRm>
... 0-5 (byInfo : rpi2.cpu3: hardware has 6 breakpoints, 4 watchpoints
)<opc2>
... 4-5 (4...DBGBVRn, 5...DBGBCR3)16 Architecture and Core Commands > 16.2 Generic ARM > mcr
rpi2.cpu3 arm mcr <cpnum> <opc1> <CRn> <CRm> <opc2> <value>
<value>
... 0x21E7 (SSC[15:14]=0b00, HMC[13]=0b1, BAS[8:5]=0b1111, PMC[2:1]=0b11, E[0]=0b1)Hyp debugging by hand
Success!
Patch to openocd-0.9.0
To examine
Load
vmm.elf
via JTAG and step into _startWhen halted at first, rpi2.cpu0 is in infinite loop at armjtag.c#L78