Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
toh:meraki:mr18:jtag [2020/09/10 02:39] – [Uploading a kernel] k4my4btoh:meraki:mr18:jtag [2021/09/06 23:21] – [Uploading a kernel] dddamion
Line 180: Line 180:
 Our plan to upload this code into the RAM of the device, and then point the CPU at it to execute, much like a bootloader would. Our plan to upload this code into the RAM of the device, and then point the CPU at it to execute, much like a bootloader would.
  
-Firstly, we need to catch the boot process early. This is important, as we need to boot our own kernel before any hardware peripherals in the device have begun to initialise.+Firstly, we need to catch the boot process early. This is important, as we need to boot our own kernel before any hardware peripherals in the device have begun to initialize, but late enough that the processor has been set up correctly by the existing Meraki bootloader. 
 + 
 +On some devices this time window is very small.  Too early or too late will result in openocd failing to communicate properly with the processor.\\ 
 +Reports show the place to interrupt the boot process is during ''part1'' of the Meraki bootloader ''Copying image to memory ... ...'' as shown below: 
 + 
 +[[https://forum.openwrt.org/t/meraki-mr18-installation-using-jtag-and-openocd/77900/15|{{https://forum.openwrt.org/uploads/default/optimized/3X/e/4/e482bb3d5ef79abfa94e003eb19e224f0aef064a_2_690x394.png}}]] 
 +Note: It appears to be impossible to get the correct timing if using POE.
  
 Provide power to the MR18 and at that exact moment, run OpenOCD: Provide power to the MR18 and at that exact moment, run OpenOCD:
Line 190: Line 196:
 We're looking to interrupt the device very early in its boot sequence. You should be able to 'catch' it during the second stage bootloader, and certainly before of the Cisco's Linux code has run. We're looking to interrupt the device very early in its boot sequence. You should be able to 'catch' it during the second stage bootloader, and certainly before of the Cisco's Linux code has run.
  
-Now execute the following commands, one by one, by hand on the OpenOCD command line which is started by connecting in to the running openocd process:+Now execute the following commands, one by one, by hand on the OpenOCD command line which is started by connecting into the running OpenOCD process:
  
 <code> <code>
Line 230: Line 236:
 === Troubleshooting === === Troubleshooting ===
  
-I found the process above can be someone unreliable, not working 100% of the time. The result is that the serial console either shows nothing, or perhaps some garbled characters. Mainly this can be resolved by doing the final steps again soon after:+I found the process above can be somewhat unreliable, not working 100% of the time. The result is that the serial console either shows nothing, or perhaps some garbled characters. Mainly this can be resolved by doing the final steps again soon after:
  
 <code> <code>
  • Last modified: 2023/10/15 16:53
  • by mh