OpenWrt Forum Archive

Topic: Original Atheros AP30/35 with broken bootloader/flash JTAG questions

The content of this topic has been archived on 20 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
athap30
5 Nov 2007, 01:07

Hi,
first of all i want to say thanks to everybody who is contributing to the OpenWRT Projekt. Now my problem:

Some time ago i got an original Atheros AP30 (AR5BAP) reference design device (don't ask where i got it from).
It has a AR5312A, an SST 39VF1601 and some Marvell Chip for the switch on board. The EJtag Pins are also populated. When i try to power it on it seems to do some self testing and then it ends up with a flashing power led.
I tried to connect via some common ip's, but this didn't work.
So I decided to connect via self made parallel port JTAG cable.
After some fails i got the jtag tools working - at least to the point when i want to read or write something.
Here is my JTAG Script (including definintions from ar2312):

cable parallel 0x378 DLC5
detect
register BR 1
register BSR 1
register DIR 32
register EJIMPCODE 32
register EJADDRESS 32
register EJDATA 32
register EJCONTROL 32
register EJALL 96
register EJFASTDATA 33
instruction length 5
instruction BYPASS 11111 BR
instruction SAMPLE/PRELOAD 00010 BSR
instruction IDCODE 00001 DIR
instruction EJTAG_IMPCODE 00011 EJIMPCODE
instruction EJTAG_ADDRESS 01000 EJADDRESS
instruction EJTAG_DATA 01001 EJDATA
instruction EJTAG_CONTROL 01010 EJCONTROL
instruction EJTAG_ALL 01011 EJALL
instruction EJTAGBOOT 01100 BR
instruction NORMALBOOT 01101 BR
instruction EJTAG_FASTDATA 01110 EJFASTDATA
initbus ejtag
endian big
poke 0x58400000 0x100e3ce1        <-- everything works untill this point

First jtag tools complained about "Failed to enter debug mode" which i could compensate when trying to connect shortly after hard resetting the device.
Now it shows "No processor access, ctrl=00000000011000001100000000001000" after every command (the values after ctrl change from time to time). detectflash won't work either.

Now my questions are: What i have to poke/peek to get to the flash through the AR5312? Which are the addresses and ranges for the bootloader and normal flash?

I also tried Hairydairymaid's unbrick tools, but it gets stuck at "probing flash at 0x1f...." or "manual flash selection" when selecting the flash with /fc:47. Also setting the window to 0xbe... doesn't work out.

thx in advance

Thomas

Post #2
athap30
6 Nov 2007, 19:19

Nobody with some JTAG knowledge ??

Post #3
okulski
28 Jan 2008, 16:58

I have the same problem.
You have solved this problem?
If yes, how?

Post #4
brat002
25 Apr 2009, 13:46

i have some problem. do you have solution?

The discussion might have continued from here.