coreboot for vexpress-v9 qemu failed - coreboot

28 Jul 2015


      Hi,
I am using QEMU from Arch Linux x86_64 official repo. I need to test my
built u-boot payload, so I tried to build a QEMU ARM coreboot image.
However, it failed to run and had the following output.
qemu: fatal: Trying to execute code outside RAM or ROM at 0xfffffffe
R00=00000000 R01=00011b70 R02=00000000 R03=ffffffff
R04=00c51878 R05=00000147 R06=00000000 R07=00000000
R08=00000000 R09=00000000 R10=00000000 R11=00000000
R12=00000002 R13=000fffd8 R14=ffffffff R15=fffffffe
PSR=600000ff -ZC- T sys32
s00=00000000 s01=00000000 d00=0000000000000000
s02=00000000 s03=00000000 d01=0000000000000000
s04=00000000 s05=00000000 d02=0000000000000000
s06=00000000 s07=00000000 d03=0000000000000000
s08=00000000 s09=00000000 d04=0000000000000000
s10=00000000 s11=00000000 d05=0000000000000000
s12=00000000 s13=00000000 d06=0000000000000000
s14=00000000 s15=00000000 d07=0000000000000000
s16=00000000 s17=00000000 d08=0000000000000000
s18=00000000 s19=00000000 d09=0000000000000000
s20=00000000 s21=00000000 d10=0000000000000000
s22=00000000 s23=00000000 d11=0000000000000000
s24=00000000 s25=00000000 d12=0000000000000000
s26=00000000 s27=00000000 d13=0000000000000000
s28=00000000 s29=00000000 d14=0000000000000000
s30=00000000 s31=00000000 d15=0000000000000000
s32=00000000 s33=00000000 d16=0000000000000000
s34=00000000 s35=00000000 d17=0000000000000000
s36=00000000 s37=00000000 d18=0000000000000000
s38=00000000 s39=00000000 d19=0000000000000000
s40=00000000 s41=00000000 d20=0000000000000000
s42=00000000 s43=00000000 d21=0000000000000000
s44=00000000 s45=00000000 d22=0000000000000000
s46=00000000 s47=00000000 d23=0000000000000000
s48=00000000 s49=00000000 d24=0000000000000000
s50=00000000 s51=00000000 d25=0000000000000000
s52=00000000 s53=00000000 d26=0000000000000000
s54=00000000 s55=00000000 d27=0000000000000000
s56=00000000 s57=00000000 d28=0000000000000000
s58=00000000 s59=00000000 d29=0000000000000000
s60=00000000 s61=00000000 d30=0000000000000000
s62=00000000 s63=00000000 d31=0000000000000000
FPSCR: 00000000
After I add '-S -s' option to QEMU, I found the problem is in
bootblock_simple.c, and the `main()' function in gdb is:
0x00000192 in ?? ()
=> 0x00000192:    08 b5    push    {r3, lr}
(gdb) disas $pc,+50
Dump of assembler code from 0x192 to 0x1c4:
=> 0x00000192:    push    {r3, lr}
   0x00000194:    bl    0x1704
   0x00000198:    bl    0x18c
   0x0000019c:    bl    0xd10
   0x000001a0:    bl    0x634
   0x000001a4:    bl    0x18e
   0x000001a8:    bl    0x190
   0x000001ac:    ldmia.w    sp!, {r3, lr}
   0x000001b0:    b.w    0x159c
   0x000001b4:    push    {r3, lr}
   0x000001b6:    mrc    15, 0, r3, cr1, cr0, {0}
   0x000001ba:    lsls    r2, r3, #29
   0x000001bc:    bpl.n    0x1c4
   0x000001be:    bl    0x2ac
   0x000001c2:    b.n    0x1cc
End of assembler dump.
(gdb) si
0x00000194 in ?? ()
=> 0x00000194:    01 f0 b6 fa    bl    0x1704
(gdb) b *0x198
Breakpoint 3 at 0x198
(gdb) c
Continuing.
Breakpoint 3, 0x00000198 in ?? ()
=> 0x00000198:    ff f7 f8 ff    bl    0x18c
(gdb) b *0x19c
Breakpoint 4 at 0x19c
(gdb) c
Continuing.
Breakpoint 4, 0x0000019c in ?? ()
=> 0x0000019c:    00 f0 b8 fd    bl    0xd10
(gdb) b *0x1a0
Breakpoint 5 at 0x1a0
(gdb) c
Continuing.
Remote connection closed
So there may be something wrong when setting up the console, however I'm
not so familiar with debugging the ROM so I don't know which function call
raise the problem.
Thanks,
Iru