On Sun, 17 Mar 2013 07:15:39 +1000 Adam Nielsen a.nielsen@shikadi.net wrote:
Hi all,
I have just purchased a network-connected video camera which runs Linux, and I would like to experiment with creating my own firmware for it. Since I am likely to brick the device a few times with this, I'd like to come up with a way of recovering it before I start.
Very thoughtful ;)
The firmware (bootloader + kernel) is stored inside a 4MB SPI flash chip supported by flashrom, however it is soldered onto the board, so presumably to reflash it I will have to desolder at least one of the pins to avoid the flashrom commands getting tangled up with those sent by the device itself when reading the chip.
Please take a look at http://flashrom.org/ISP
However I was thinking that instead of reflashing the entire chip every time something goes wrong, it would be a lot easier if I could produce my firmware image as a 4MB file, and emulate the chip so that the file is accessed directly every time the camera tries to read from the flash chip.
I see flashrom can already emulate some chips with the 'dummy' programmer, and as most (all?) programmers can both read and write data I am wondering whether it is possible to set flashrom up as a virtual flash chip connected to a real circuit, responding to read and write commands received from other chips in the device.
The emulation in the "dummy" programmer is completely virtual which allows trivially to do what it does. "Switching" the direction of communication on hardware is fundamentally different - just doing reads instead of writes and vice versa is not enough because of a number of aspects I can not explain in a simple email (clock, chip select and all the other tiny little details of digital communication :)
There are special devices that are able to emulate flash chips, but they are expensive (500 eur range). One could implement such a device using an FPGA but I am not aware of any free projects doing so...
I plan to use a Bus Pirate as a programmer, so if I remove the flash chip and connect the Bus Pirate to the circuit instead, being able to edit a file and reset the device without actually reflashing anything would be a huge time saver.
If this isn't currently possible, would it be a big job to add support for it?
It is just not possible with the hardware used to write flash chips and requires a completely new device.