Le Blog de Thomas

Logiciels libres, Linux embarqué, et autres ...

Using U-Boot and Flash emulation in Qemu

For the embedded Linux trainings of Free-Electrons, we use virtual machine environments for the practical labs, because we haven't found yet a nice board that matches all our criterias. Qemu, of course, is used in all our labs, and provides a very nice emulation environment since it emulates several CPU architectures often used in embedded systems (ARM, MIPS and PowerPC).

However, until recently, there was no emulation of flash memory in Qemu, which is sad because flash memory is very common in embedded systems, and is handled by different tools, different filesystems than normal block devices, and we wanted our training participants to get used to these tools. We also wanted to allow the training participants to configure, compile and use an embedded bootloader, the famous U-Boot. Now, the emulation of Intel flashes is present in Qemu (in hw/pflash_cfi01.c) and this emulation is already used in some emulated ARM platforms, but not the Versatile PB platform that we use for our trainings (this platform is nice because it has Ethernet, serial ports, LCD, etc.). So, I decided to add flash emulation to the Versatile PB platform. It turned out not to be so easy, even if the patches are in the end relatively small.

I've written four small patches for Qemu, which have been written and tested for Qemu revision 5391 from the Subversion repository (I don't think the Flash emulation has yet been part of an official stable Qemu release). They have all been submitted to the Qemu mailing-list. Here are the patches :

Of course, the goal of all this is to run something on the Flash, basically U-Boot to start with. I've used U-Boot 1.3.4, which also requires a patch, which changes the following things :

With all these patches in place, one can run U-Boot, download a Linux kernel, flash it from U-Boot and run it. Basically, the 128 MB RAM is mapped from 0x0 to 128 MB, and the 64 MB Flash is mapped from 0x34000000 to 0x38000000, with 256 KB sectors. U-Boot is stored at the beginning of the Flash, at address 0x34000000 where the CPU starts its execution. The U-Boot environment is stored in the next sector, at 0x34040000, which leaves the flash free starting at 0x34080000. This is the place where I flash the kernel. To load the kernel from TFTP, I use the RAM address 0x200000 (2 MB), because U-Boot is loaded at address 0x100000 (1 MB).

To create the Flash file, I use :
dd if=/dev/zero of=flash.img bs=1M count=64
dd if=/path/to/u-boot-1.3.4/u-boot.bin of=flash.img conv=notrunc

Then, to run Qemu, I use :
sudo qemu-system-arm -M versatilepb -m 192 -serial stdio -net nic,model=smc91c111 -net tap -pflash flash.img

I get into the U-Boot prompt, and do :
setenv ipaddr
setenv serverip
setenv bootfile /uImage
setenv bootcmd bootm 34080000
setenv bootargs console=ttyAMA mem=128M
tftpboot 200000
protect off 1:2-32
erase 1:2-32
cp.b 200000 34080000 ${filesize}
protect on 1:2-32
boom 34080000

Which basically does :

Next steps: play with the kernel MTD layer, JFFS2 and other flash filesystems on one hand, and implement the Versatile sound emulation in the other hand.
Il y a 5 commentaires sur cette page. [Afficher commentaires/formulaire]