2 * QEMU PPC PREP hardware System Emulator
4 * Copyright (c) 2003-2004 Jocelyn Mayer
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 /* XXX: move all TB related stuff in ppc_prep.c and suppress ppc.c ? */
28 ppc_tb_t *cpu_ppc_tb_init (CPUPPCState *env, uint32_t freq);
30 //#define HARD_DEBUG_PPC_IO
31 //#define DEBUG_PPC_IO
36 #if defined (HARD_DEBUG_PPC_IO) && !defined (DEBUG_PPC_IO)
40 #if defined (HARD_DEBUG_PPC_IO)
41 #define PPC_IO_DPRINTF(fmt, args...) \
44 fprintf(logfile, "%s: " fmt, __func__ , ##args); \
46 printf("%s : " fmt, __func__ , ##args); \
49 #elif defined (DEBUG_PPC_IO)
50 #define PPC_IO_DPRINTF(fmt, args...) \
53 fprintf(logfile, "%s: " fmt, __func__ , ##args); \
57 #define PPC_IO_DPRINTF(fmt, args...) do { } while (0)
60 #define BIOS_FILENAME "ppc_rom.bin"
62 #define KERNEL_LOAD_ADDR 0x00000000
63 #define KERNEL_STACK_ADDR 0x00400000
64 #define INITRD_LOAD_ADDR 0x00800000
66 int load_kernel(const char *filename, uint8_t *addr,
72 fd = open(filename, O_RDONLY);
76 /* load 16 bit code */
77 if (read(fd, real_addr, 512) != 512)
79 setup_sects = real_addr[0x1F1];
82 if (read(fd, real_addr + 512, setup_sects * 512) !=
86 /* load 32 bit code */
87 size = read(fd, addr, 16 * 1024 * 1024);
97 static const int ide_iobase[2] = { 0x1f0, 0x170 };
98 static const int ide_iobase2[2] = { 0x3f6, 0x376 };
99 static const int ide_irq[2] = { 13, 13 };
101 #define NE2000_NB_MAX 6
103 static uint32_t ne2000_io[NE2000_NB_MAX] = { 0x300, 0x320, 0x340, 0x360, 0x280, 0x380 };
104 static int ne2000_irq[NE2000_NB_MAX] = { 9, 10, 11, 3, 4, 5 };
106 /* IO ports emulation */
107 #define PPC_IO_BASE 0x80000000
109 static void PPC_io_writeb (target_phys_addr_t addr, uint32_t value)
111 /* Don't polute serial port output */
113 if ((addr < 0x800003F0 || addr > 0x80000400) &&
114 (addr < 0x80000074 || addr > 0x80000077) &&
115 (addr < 0x80000020 || addr > 0x80000021) &&
116 (addr < 0x800000a0 || addr > 0x800000a1) &&
117 (addr < 0x800001f0 || addr > 0x800001f7) &&
118 (addr < 0x80000170 || addr > 0x80000177))
121 PPC_IO_DPRINTF("0x%08x => 0x%02x\n", addr - PPC_IO_BASE, value);
123 cpu_outb(NULL, addr - PPC_IO_BASE, value);
126 static uint32_t PPC_io_readb (target_phys_addr_t addr)
128 uint32_t ret = cpu_inb(NULL, addr - PPC_IO_BASE);
131 if ((addr < 0x800003F0 || addr > 0x80000400) &&
132 (addr < 0x80000074 || addr > 0x80000077) &&
133 (addr < 0x80000020 || addr > 0x80000021) &&
134 (addr < 0x800000a0 || addr > 0x800000a1) &&
135 (addr < 0x800001f0 || addr > 0x800001f7) &&
136 (addr < 0x80000170 || addr > 0x80000177) &&
137 (addr < 0x8000060 || addr > 0x8000064))
140 PPC_IO_DPRINTF("0x%08x <= 0x%02x\n", addr - PPC_IO_BASE, ret);
145 static void PPC_io_writew (target_phys_addr_t addr, uint32_t value)
147 if ((addr < 0x800001f0 || addr > 0x800001f7) &&
148 (addr < 0x80000170 || addr > 0x80000177)) {
149 PPC_IO_DPRINTF("0x%08x => 0x%04x\n", addr - PPC_IO_BASE, value);
151 #ifdef TARGET_WORDS_BIGENDIAN
152 value = bswap16(value);
154 cpu_outw(NULL, addr - PPC_IO_BASE, value);
157 static uint32_t PPC_io_readw (target_phys_addr_t addr)
159 uint32_t ret = cpu_inw(NULL, addr - PPC_IO_BASE);
160 #ifdef TARGET_WORDS_BIGENDIAN
163 if ((addr < 0x800001f0 || addr > 0x800001f7) &&
164 (addr < 0x80000170 || addr > 0x80000177)) {
165 PPC_IO_DPRINTF("0x%08x <= 0x%04x\n", addr - PPC_IO_BASE, ret);
170 static void PPC_io_writel (target_phys_addr_t addr, uint32_t value)
172 PPC_IO_DPRINTF("0x%08x => 0x%08x\n", addr - PPC_IO_BASE, value);
173 #ifdef TARGET_WORDS_BIGENDIAN
174 value = bswap32(value);
176 cpu_outl(NULL, addr - PPC_IO_BASE, value);
179 static uint32_t PPC_io_readl (target_phys_addr_t addr)
181 uint32_t ret = cpu_inl(NULL, addr - PPC_IO_BASE);
183 #ifdef TARGET_WORDS_BIGENDIAN
186 PPC_IO_DPRINTF("0x%08x <= 0x%08x\n", addr - PPC_IO_BASE, ret);
190 static CPUWriteMemoryFunc *PPC_io_write[] = {
196 static CPUReadMemoryFunc *PPC_io_read[] = {
202 /* Read-only register (?) */
203 static void _PPC_ioB_write (target_phys_addr_t addr, uint32_t value)
205 // printf("%s: 0x%08x => 0x%08x\n", __func__, addr, value);
208 static uint32_t _PPC_ioB_read (target_phys_addr_t addr)
212 if (addr == 0xBFFFFFF0)
213 retval = pic_intack_read(NULL);
214 // printf("%s: 0x%08x <= %d\n", __func__, addr, retval);
219 static CPUWriteMemoryFunc *PPC_ioB_write[] = {
225 static CPUReadMemoryFunc *PPC_ioB_read[] = {
232 static CPUWriteMemoryFunc *PPC_io3_write[] = {
238 static CPUReadMemoryFunc *PPC_io3_read[] = {
245 /* Fake super-io ports for PREP platform (Intel 82378ZB) */
246 static uint8_t PREP_fake_io[2];
247 static uint8_t NVRAM_lock;
249 static void PREP_io_write (void *opaque, uint32_t addr, uint32_t val)
251 PPC_IO_DPRINTF("0x%08x => 0x%08x\n", addr - PPC_IO_BASE, val);
252 PREP_fake_io[addr - 0x0398] = val;
255 static uint32_t PREP_io_read (void *opaque, uint32_t addr)
257 PPC_IO_DPRINTF("0x%08x <= 0x%08x\n", addr - PPC_IO_BASE, PREP_fake_io[addr - 0x0398]);
258 return PREP_fake_io[addr - 0x0398];
261 static uint8_t syscontrol;
263 static void PREP_io_800_writeb (void *opaque, uint32_t addr, uint32_t val)
265 PPC_IO_DPRINTF("0x%08x => 0x%08x\n", addr - PPC_IO_BASE, val);
268 /* Special port 92 */
269 /* Check soft reset asked */
271 printf("Soft reset asked... Stop emulation\n");
276 printf("Little Endian mode isn't supported (yet ?)\n");
281 /* Hardfile light register: don't care */
284 /* Password protect 1 register */
288 /* Password protect 2 register */
292 /* L2 invalidate register: don't care */
295 /* system control register */
299 /* I/O map type register */
301 printf("No support for non-continuous I/O map mode\n");
310 static uint32_t PREP_io_800_readb (void *opaque, uint32_t addr)
312 uint32_t retval = 0xFF;
316 /* Special port 92 */
320 /* Equipment present register:
322 * no upgrade processor
323 * no cards in PCI slots
333 /* system control register
334 * 7 - 6 / 1 - 0: L2 cache enable
340 retval = 0x03; /* no L2 cache */
343 /* I/O map type register */
349 PPC_IO_DPRINTF("0x%08x <= 0x%08x\n", addr - PPC_IO_BASE, retval);
354 #define NVRAM_SIZE 0x2000
355 #define NVRAM_END 0x1FF0
356 #define NVRAM_OSAREA_SIZE 512
357 #define NVRAM_CONFSIZE 1024
359 static inline void NVRAM_set_byte (m48t59_t *nvram, uint32_t addr, uint8_t value)
361 m48t59_set_addr(nvram, addr);
362 m48t59_write(nvram, value);
365 static inline uint8_t NVRAM_get_byte (m48t59_t *nvram, uint32_t addr)
367 m48t59_set_addr(nvram, addr);
368 return m48t59_read(nvram);
371 static inline void NVRAM_set_word (m48t59_t *nvram, uint32_t addr, uint16_t value)
373 m48t59_set_addr(nvram, addr);
374 m48t59_write(nvram, value >> 8);
375 m48t59_set_addr(nvram, addr + 1);
376 m48t59_write(nvram, value & 0xFF);
379 static inline uint16_t NVRAM_get_word (m48t59_t *nvram, uint32_t addr)
383 m48t59_set_addr(nvram, addr);
384 tmp = m48t59_read(nvram) << 8;
385 m48t59_set_addr(nvram, addr + 1);
386 tmp |= m48t59_read(nvram);
391 static inline void NVRAM_set_lword (m48t59_t *nvram, uint32_t addr,
394 m48t59_set_addr(nvram, addr);
395 m48t59_write(nvram, value >> 24);
396 m48t59_set_addr(nvram, addr + 1);
397 m48t59_write(nvram, (value >> 16) & 0xFF);
398 m48t59_set_addr(nvram, addr + 2);
399 m48t59_write(nvram, (value >> 8) & 0xFF);
400 m48t59_set_addr(nvram, addr + 3);
401 m48t59_write(nvram, value & 0xFF);
404 static inline uint32_t NVRAM_get_lword (m48t59_t *nvram, uint32_t addr)
408 m48t59_set_addr(nvram, addr);
409 tmp = m48t59_read(nvram) << 24;
410 m48t59_set_addr(nvram, addr + 1);
411 tmp |= m48t59_read(nvram) << 16;
412 m48t59_set_addr(nvram, addr + 2);
413 tmp |= m48t59_read(nvram) << 8;
414 m48t59_set_addr(nvram, addr + 3);
415 tmp |= m48t59_read(nvram);
420 static uint16_t NVRAM_crc_update (uint16_t prev, uint16_t value)
423 uint16_t pd, pd1, pd2;
428 pd2 = ((pd >> 4) & 0x000F) ^ pd1;
429 tmp ^= (pd1 << 3) | (pd1 << 8);
430 tmp ^= pd2 | (pd2 << 7) | (pd2 << 12);
435 static void NVRAM_set_crc (m48t59_t *nvram, uint32_t addr,
436 uint32_t start, uint32_t count)
439 uint16_t crc = 0xFFFF;
445 for (i = 0; i != count; i++) {
446 crc = NVRAM_crc_update(crc, NVRAM_get_word(nvram, start + i));
449 crc = NVRAM_crc_update(crc, NVRAM_get_byte(nvram, start + i) << 8);
451 NVRAM_set_word(nvram, addr, crc);
454 static void prep_NVRAM_init (void)
458 nvram = m48t59_init(8, 0x0074, NVRAM_SIZE);
460 /* 0x00: NVRAM size in kB */
461 NVRAM_set_word(nvram, 0x00, NVRAM_SIZE >> 10);
462 /* 0x02: NVRAM version */
463 NVRAM_set_byte(nvram, 0x02, 0x01);
464 /* 0x03: NVRAM revision */
465 NVRAM_set_byte(nvram, 0x03, 0x01);
467 NVRAM_set_byte(nvram, 0x08, 0x00); /* Unknown */
469 NVRAM_set_byte(nvram, 0x09, 'B'); /* Big-endian */
470 /* 0x0A: OSArea usage */
471 NVRAM_set_byte(nvram, 0x0A, 0x00); /* Empty */
473 NVRAM_set_byte(nvram, 0x0B, 0x00); /* Normal */
474 /* Restart block description record */
475 /* 0x0C: restart block version */
476 NVRAM_set_word(nvram, 0x0C, 0x01);
477 /* 0x0E: restart block revision */
478 NVRAM_set_word(nvram, 0x0E, 0x01);
479 /* 0x20: restart address */
480 NVRAM_set_lword(nvram, 0x20, 0x00);
481 /* 0x24: save area address */
482 NVRAM_set_lword(nvram, 0x24, 0x00);
483 /* 0x28: save area length */
484 NVRAM_set_lword(nvram, 0x28, 0x00);
485 /* 0x1C: checksum of restart block */
486 NVRAM_set_crc(nvram, 0x1C, 0x0C, 32);
488 /* Security section */
489 /* Set all to zero */
490 /* 0xC4: pointer to global environment area */
491 NVRAM_set_lword(nvram, 0xC4, 0x0100);
492 /* 0xC8: size of global environment area */
493 NVRAM_set_lword(nvram, 0xC8,
494 NVRAM_END - NVRAM_OSAREA_SIZE - NVRAM_CONFSIZE - 0x0100);
495 /* 0xD4: pointer to configuration area */
496 NVRAM_set_lword(nvram, 0xD4, NVRAM_END - NVRAM_CONFSIZE);
497 /* 0xD8: size of configuration area */
498 NVRAM_set_lword(nvram, 0xD8, NVRAM_CONFSIZE);
499 /* 0xE8: pointer to OS specific area */
500 NVRAM_set_lword(nvram, 0xE8,
501 NVRAM_END - NVRAM_CONFSIZE - NVRAM_OSAREA_SIZE);
502 /* 0xD8: size of OS specific area */
503 NVRAM_set_lword(nvram, 0xEC, NVRAM_OSAREA_SIZE);
505 /* Configuration area */
507 // NVRAM_set_lword(nvram, 0x1FFC, 0x50);
509 /* 0x04: checksum 0 => OS area */
510 NVRAM_set_crc(nvram, 0x04, 0x00,
511 NVRAM_END - NVRAM_CONFSIZE - NVRAM_OSAREA_SIZE);
512 /* 0x06: checksum of config area */
513 NVRAM_set_crc(nvram, 0x06, NVRAM_END - NVRAM_CONFSIZE, NVRAM_CONFSIZE);
516 int load_initrd (const char *filename, uint8_t *addr)
520 printf("Load initrd\n");
521 fd = open(filename, O_RDONLY);
524 size = read(fd, addr, 16 * 1024 * 1024);
528 printf("Load initrd: %d\n", size);
532 printf("Load initrd failed\n");
536 /* Quick hack for PPC memory infos... */
537 static void put_long (void *addr, uint32_t l)
540 pos[0] = (l >> 24) & 0xFF;
541 pos[1] = (l >> 16) & 0xFF;
542 pos[2] = (l >> 8) & 0xFF;
546 /* bootloader infos are in the form:
548 * uint32_t TAG_size (from TAG to next TAG).
552 #if !defined (USE_OPEN_FIRMWARE)
553 static void *set_bootinfo_tag (void *addr, uint32_t tag, uint32_t size,
560 put_long(pos, size + 8);
562 memcpy(pos, data, size);
569 typedef struct boot_dev_t {
570 const unsigned char *name;
575 static boot_dev_t boot_devs[] =
577 { "/dev/fd0", 2, 0, },
578 { "/dev/fd1", 2, 1, },
579 { "/dev/hda", 3, 1, },
580 // { "/dev/ide/host0/bus0/target0/lun0/part1", 3, 1, },
581 // { "/dev/hdc", 22, 0, },
582 { "/dev/hdc", 22, 1, },
583 { "/dev/ram0 init=/linuxrc", 1, 0, },
587 * BEPI : bloc virtual address
588 * BL : area size bits (128 kB is 0, 256 1, 512 3, ...
591 * BPRN : bloc real address align on 4MB boundary
592 * WIMG : cache access mode : not used
593 * PP : protection bits
595 static void setup_BAT (CPUPPCState *env, int BAT,
596 uint32_t virtual, uint32_t physical,
597 uint32_t size, int Vs, int Vp, int PP)
599 uint32_t sz_bits, tmp_sz, align, tmp;
603 for (tmp_sz = size / 131072; tmp_sz != 1; tmp_sz = tmp_sz >> 1) {
604 sz_bits = (sz_bits << 1) + 1;
607 tmp = virtual & ~(align - 1); /* Align virtual area start */
608 tmp |= sz_bits << 2; /* Fix BAT size */
609 tmp |= Vs << 1; /* Supervisor access */
610 tmp |= Vp; /* User access */
611 env->DBAT[0][BAT] = tmp;
612 env->IBAT[0][BAT] = tmp;
613 tmp = physical & ~(align - 1); /* Align physical area start */
614 tmp |= 0; /* Don't care about WIMG */
615 tmp |= PP; /* Protection */
616 env->DBAT[1][BAT] = tmp;
617 env->IBAT[1][BAT] = tmp;
618 printf("Set BATU0 to 0x%08x BATL0 to 0x%08x\n",
619 env->DBAT[0][BAT], env->DBAT[1][BAT]);
622 static void VGA_printf (uint8_t *s)
625 unsigned int format_width, i;
627 uint16_t arg, digit, nibble;
630 arg_ptr = (uint16_t *)((void *)&s);
633 while ((c = *s) != '\0') {
637 } else if (in_format) {
638 if ((c >= '0') && (c <= '9')) {
639 format_width = (format_width * 10) + (c - '0');
640 } else if (c == 'x') {
641 arg_ptr++; // increment to next arg
643 if (format_width == 0)
645 digit = format_width - 1;
646 for (i = 0; i < format_width; i++) {
647 nibble = (arg >> (4 * digit)) & 0x000f;
649 PPC_io_writeb(PPC_IO_BASE + 0x500, nibble + '0');
651 PPC_io_writeb(PPC_IO_BASE + 0x500, nibble + 'A');
656 //else if (c == 'd') {
660 PPC_io_writeb(PPC_IO_BASE + 0x500, c);
666 static void VGA_init (void)
668 /* Basic VGA init, inspired by plex86 VGAbios */
670 /* switch to color mode and enable CPU access 480 lines */
671 PPC_io_writeb(PPC_IO_BASE + 0x3C2, 0xC3);
672 /* more than 64k 3C4/04 */
673 PPC_io_writeb(PPC_IO_BASE + 0x3C4, 0x04);
674 PPC_io_writeb(PPC_IO_BASE + 0x3C5, 0x02);
676 VGA_printf("PPC VGA BIOS...\n");
679 extern CPUPPCState *global_env;
681 static uint32_t get_le32 (void *addr)
683 return le32_to_cpu(*((uint32_t *)addr));
686 void PPC_init_hw (/*CPUPPCState *env,*/ uint32_t mem_size,
687 uint32_t kernel_addr, uint32_t kernel_size,
688 uint32_t stack_addr, int boot_device,
689 const unsigned char *initrd_file)
691 CPUPPCState *env = global_env;
693 #if !defined (USE_OPEN_FIRMWARE)
698 printf("RAM size: %u 0x%08x (%u)\n", mem_size, mem_size, mem_size >> 20);
699 #if defined (USE_OPEN_FIRMWARE)
700 setup_memory(env, mem_size);
703 /* Fake bootloader */
706 uint32_t offset = get_le32(phys_ram_base + kernel_addr);
708 uint32_t offset = 12;
710 env->nip = kernel_addr + offset;
711 printf("Start address: 0x%08x\n", env->nip);
713 /* Set up msr according to PREP specification */
716 msr_pr = 0; /* Start in supervisor mode */
718 msr_fe0 = msr_fe1 = 0;
722 msr_le = msr_ile = 0;
723 env->gpr[1] = stack_addr; /* Let's have a stack */
725 env->gpr[8] = kernel_addr;
726 /* There is a bug in 2.4 kernels:
727 * if a decrementer exception is pending when it enables msr_ee,
728 * it's not ready to handle it...
730 p = phys_ram_base + kernel_addr;
731 #if !defined (USE_OPEN_FIRMWARE)
732 /* Let's register the whole memory available only in supervisor mode */
733 setup_BAT(env, 0, 0x00000000, 0x00000000, mem_size, 1, 0, 2);
734 /* Avoid open firmware init call (to get a console)
735 * This will make the kernel think we are a PREP machine...
737 put_long(p, 0xdeadc0de);
738 /* Build a real stack room */
739 p = phys_ram_base + stack_addr;
740 put_long(p, stack_addr);
743 /* Pretend there are no residual data */
745 if (initrd_file != NULL) {
747 env->gpr[4] = (kernel_addr + kernel_size + 4095) & ~4095;
748 size = load_initrd(initrd_file,
749 phys_ram_base + env->gpr[4]);
752 env->gpr[4] = env->gpr[5] = 0;
757 printf("Initrd loaded at 0x%08x (%d) (0x%08x 0x%08x)\n",
758 env->gpr[4], env->gpr[5], kernel_addr, kernel_size);
760 env->gpr[4] = env->gpr[5] = 0;
762 /* We have to put bootinfos after the BSS
763 * The BSS starts after the kernel end.
766 p = phys_ram_base + kernel_addr +
767 kernel_size + (1 << 20) - 1) & ~((1 << 20) - 1);
769 p = phys_ram_base + kernel_addr + 0x400000;
772 fprintf(logfile, "bootinfos: %p 0x%08x\n",
773 p, (int)(p - phys_ram_base));
775 printf("bootinfos: %p 0x%08x\n",
776 p, (int)(p - phys_ram_base));
778 /* Command line: let's put it after bootinfos */
780 sprintf(p + 0x1000, "console=ttyS0,9600 root=%02x%02x mem=%dM",
781 boot_devs[boot_device - 'a'].major,
782 boot_devs[boot_device - 'a'].minor,
785 sprintf(p + 0x1000, "console=ttyS0,9600 console=tty0 root=%s mem=%dM",
786 boot_devs[boot_device - 'a'].name,
789 env->gpr[6] = p + 0x1000 - phys_ram_base;
790 env->gpr[7] = env->gpr[6] + strlen(p + 0x1000);
792 fprintf(logfile, "cmdline: %p 0x%08x [%s]\n",
793 p + 0x1000, env->gpr[6], p + 0x1000);
795 printf("cmdline: %p 0x%08x [%s]\n",
796 p + 0x1000, env->gpr[6], p + 0x1000);
799 p = set_bootinfo_tag(p, 0x1010, 0, 0);
801 p = set_bootinfo_tag(p, 0x1012, env->gpr[7] - env->gpr[6],
802 env->gpr[6] + phys_ram_base);
805 tmp[0] = (mem_size >> 24) & 0xFF;
806 tmp[1] = (mem_size >> 16) & 0xFF;
807 tmp[2] = (mem_size >> 8) & 0xFF;
808 tmp[3] = mem_size & 0xFF;
809 p = set_bootinfo_tag(p, 0x1017, 4, tmpi);
811 tmp[0] = (env->gpr[4] >> 24) & 0xFF;
812 tmp[1] = (env->gpr[4] >> 16) & 0xFF;
813 tmp[2] = (env->gpr[4] >> 8) & 0xFF;
814 tmp[3] = env->gpr[4] & 0xFF;
815 tmp[4] = (env->gpr[5] >> 24) & 0xFF;
816 tmp[5] = (env->gpr[5] >> 16) & 0xFF;
817 tmp[6] = (env->gpr[5] >> 8) & 0xFF;
818 tmp[7] = env->gpr[5] & 0xFF;
819 p = set_bootinfo_tag(p, 0x1014, 8, tmpi);
820 env->gpr[4] = env->gpr[5] = 0;
822 p = set_bootinfo_tag(p, 0x1011, 0, 0);
825 * kernel is loaded at kernel_addr and wants to be seen at 0x01000000
827 setup_BAT(env, 0, 0x01000000, kernel_addr, 0x00400000, 1, 0, 2);
830 uint32_t offset = get_le32(phys_ram_base + kernel_addr);
832 uint32_t offset = 12;
834 env->nip = 0x01000000 | (kernel_addr + offset);
835 printf("Start address: 0x%08x\n", env->nip);
837 env->gpr[1] = env->nip + (1 << 22);
838 p = phys_ram_base + stack_addr;
839 put_long(p - 32, stack_addr);
841 printf("Kernel starts at 0x%08x stack 0x%08x\n", env->nip, env->gpr[1]);
842 /* We want all lower address not to be translated */
843 setup_BAT(env, 1, 0x00000000, 0x00000000, 0x010000000, 1, 1, 2);
844 /* We also need a BAT to access OF */
845 setup_BAT(env, 2, 0xFFFE0000, mem_size - 131072, 131072, 1, 0, 1);
846 /* Setup OF entry point */
849 p = (char *)phys_ram_base + mem_size - 131072;
850 /* Special opcode to call OF */
851 *p++ = 0x18; *p++ = 0x00; *p++ = 0x00; *p++ = 0x02;
853 *p++ = 0x4E; *p++ = 0x80; *p++ = 0x00; *p++ = 0x20;
855 env->gpr[5] = 0xFFFE0000;
856 /* Register translations */
858 OF_transl_t translations[3] = {
859 { 0x01000000, 0x00400000, kernel_addr, 0x00000002, },
860 { 0x00000000, 0x01000000, 0x00000000, 0x00000002, },
861 { 0xFFFE0000, 0x00020000, mem_size - (128 * 1024),
864 OF_register_translations(3, translations);
866 /* Quite artificial, for now */
867 OF_register_bus("isa", "isa");
868 OF_register_serial("isa", "serial", 4, 0x3f8);
869 OF_register_stdio("serial", "serial");
870 /* Set up RTAS service */
872 /* Command line: let's put it just over the stack */
875 p = phys_ram_base + kernel_addr +
876 kernel_size + (1 << 20) - 1) & ~((1 << 20) - 1);
878 p = phys_ram_base + kernel_addr + 0x400000;
881 sprintf(p, "console=ttyS0,9600 root=%02x%02x mem=%dM",
882 boot_devs[boot_device - 'a'].major,
883 boot_devs[boot_device - 'a'].minor,
886 sprintf(p, "console=ttyS0,9600 root=%s mem=%dM ne2000=0x300,9",
887 boot_devs[boot_device - 'a'].name,
890 OF_register_bootargs(p);
895 void PPC_end_init (void)
900 /* PowerPC PREP hardware initialisation */
901 void ppc_prep_init(int ram_size, int vga_ram_size, int boot_device,
902 DisplayState *ds, const char **fd_filename, int snapshot,
903 const char *kernel_filename, const char *kernel_cmdline,
904 const char *initrd_filename)
908 int ret, linux_boot, initrd_size, i, nb_nics1, fd;
910 linux_boot = (kernel_filename != NULL);
913 cpu_register_physical_memory(0, ram_size, 0);
915 isa_mem_base = 0xc0000000;
918 /* now we can load the kernel */
919 ret = load_image(kernel_filename, phys_ram_base + KERNEL_LOAD_ADDR);
921 fprintf(stderr, "qemu: could not load kernel '%s'\n",
928 if (initrd_filename) {
929 initrd_size = load_image(initrd_filename, phys_ram_base + INITRD_LOAD_ADDR);
930 if (initrd_size < 0) {
931 fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
937 PPC_init_hw(/*env,*/ ram_size, KERNEL_LOAD_ADDR, ret,
938 KERNEL_STACK_ADDR, boot_device, initrd_filename);
942 #define BIOS_START 0x00800000
945 snprintf(buf, sizeof(buf), "%s/%s", bios_dir, BIOS_FILENAME);
946 bios_ram_offset = ram_size + vga_ram_size;
947 printf("load BIOS at 0x%08x\n", BIOS_START);
948 ret = load_image(buf, phys_ram_base + bios_ram_offset);
949 if (ret != BIOS_SIZE) {
950 fprintf(stderr, "qemu: could not load PPC bios '%s' (%d)\n%m\n",
954 global_env->nip = BIOS_START + BIOS_SIZE - 4;
955 cpu_register_physical_memory(BIOS_START, BIOS_SIZE,
956 IO_MEM_ROM | bios_ram_offset);
959 /* Register CPU as a 74x/75x */
960 cpu_ppc_register(cpu_single_env, 0x00080000);
961 /* Set time-base frequency to 100 Mhz */
962 cpu_ppc_tb_init(cpu_single_env, 100UL * 1000UL * 1000UL);
964 /* init basic PC hardware */
965 vga_initialize(ds, phys_ram_base + ram_size, ram_size,
969 // pit_init(0x40, 0);
971 fd = serial_open_device();
972 serial_init(0x3f8, 4, fd);
975 if (nb_nics1 > NE2000_NB_MAX)
976 nb_nics1 = NE2000_NB_MAX;
977 for(i = 0; i < nb_nics1; i++) {
978 isa_ne2000_init(ne2000_io[i], ne2000_irq[i], &nd_table[i]);
982 for(i = 0; i < 2; i++) {
983 isa_ide_init(ide_iobase[i], ide_iobase2[i], ide_irq[i],
984 bs_table[2 * i], bs_table[2 * i + 1]);
991 fdctrl_init(6, 2, 0, 0x3f0, fd_table);
993 /* Register 64 kB of IO space */
994 PPC_io_memory = cpu_register_io_memory(0, PPC_io_read, PPC_io_write);
995 cpu_register_physical_memory(0x80000000, 0x10000, PPC_io_memory);
996 /* Register fake IO ports for PREP */
997 register_ioport_read(0x398, 2, 1, &PREP_io_read, NULL);
998 register_ioport_write(0x398, 2, 1, &PREP_io_write, NULL);
999 /* System control ports */
1000 register_ioport_write(0x0092, 0x1, 1, &PREP_io_800_writeb, NULL);
1001 register_ioport_read(0x0800, 0x52, 1, &PREP_io_800_readb, NULL);
1002 register_ioport_write(0x0800, 0x52, 1, &PREP_io_800_writeb, NULL);
1003 /* PCI intack location (0xfef00000 / 0xbffffff0) */
1004 PPC_io_memory = cpu_register_io_memory(0, PPC_ioB_read, PPC_ioB_write);
1005 cpu_register_physical_memory(0xBFFFFFF0, 0x4, PPC_io_memory);
1006 // cpu_register_physical_memory(0xFEF00000, 0x4, PPC_io_memory);
projects / qemu / blob