View attachment 8481600
NAND support has been improved greatly and I can comfirm some great news.
QEMU can successfully now emulate this TV so well that the EXTRACTED Linux kernel from the bootloader can get ALOT further now.
View attachment 8481606
Sure it fails to mount but im pretty sure its because the BOOTLOADER gives it custom command line options. As opposed to a WEEK ago
View attachment 8481611
(IGNORE IT SAYING [BOOTLOADER] this is the LINUX kernel talking not the bootloader via uart.)
Its able to properly SCAN the "NAND" and detect bad blocks compared to before failing and saying all blocks were bad because of INCORRECT my incorrect read implementation for NAND.
Again not a SINGLE thing in this kernel has been tampered with to make it work better. All RAW extracted and done.
And now HERE
View attachment 8481614
Oh the bootloader? That has gotten further now.
View attachment 8481617
Just for new readers this is the extracted LOW level bootloader of this TV extracted and running in QEMU, it fails yeah but see that? It detects the partitions and labels them and also gets the start and end addresses of the partitions(How nice of it). Detecting the NAND device and properly doing things. I can say that I FINALLY think that its PAST that "Searching for boot.TDF error"
Hey im back just want to say i found a USER guide for this family of processors meant to be given out to customers(companys) and this processor is acutally INSANE. It does things that puts MODERN x86 and ARM to SHAME all while being from 2008!!!.
First off it has the ability to do MULTIPLE ram operation at once.
Ignore the yellow text I just messed up using the digital highlighter tool by accident
You can give it MULTIPLE COMMANDS. or "hey store this in ram" or "Hey read this" and the memory controller will store it as a LIST of operations that need to be done. Then a "Arbiter" will decide what is the MOST important and do it sending it back. Its like having MULTIPLE drive through to take orders at a restaurant. Allowing the CPU to keep doing operations while it waits for the memory operation to complete. Kind of like if ram was multicore.
The possibility of this are insane but its also EXTREMELY efficient. ARM or x86 has NOTHING like this this. A literal 2008 TV chip does something so ahead of the curve that it beats both of them in efficiency.
And this is not done via software but HARDWARE, as this entire system is built into the CIRCUITRY similar to pong(If you do not know the original atari pong was not made in assembly but rather the games logic was using JUST hardware circuitry. Meaning the game is just a circuit.). being accessed and communicated by the software.
Along with that instead of on x86 with everything running at ONE clockspeed the CPU can have DIFFERENT parts of it set to DIFFERENT speeds.
(Im not electrical engineer. Only electrical degree I have is basic arudino stuff.)
you can have the MEMORY controller part of the CPU run at a different speed and then have the m2C module clock run at a different speed (I have no idea what a m2c clock means)
Stuff as little as the "Timestamp clock" can be changed so for example you can turn DOWN the voltage of something like the "Timestamp clock" and reroute it to something MORE important during non IO reads. Allowing you to not only save power but also reduce heat, all from just the software at ANY time.
Or imagine for example when power is low like if the chip was used in a phone and the battery was low it downclocked clocks like the timestamp clock or the I2c clock in order to increase battery life while still keeping the MAIN cpu clockspeed the same.
x86 sure as hell doesn't have this and neither does the "Power efficient" ARM. Yet this 2008 TV chip has these ABSURDLY useful features that have been completely forgotten about.
Also the thing is split into 2 CHIPS, the PNX 8500(The main processor) and the PNX5100(the video controller and more). So for example if this was used in a PHONE, when you tap the little power button to standby your phone you can turn off the PNX5100 turning off video directly and saving cpu cycles and MORE power than something on MODERN phones today.
The BOOT speeds are insane. I can confidently say what happens every boot. This takes less than 12 ish seconds to BOOT up. this is everything that happens in those 12 ish seconds
- Setup UART for debugging logs
- Scan NAND for partition table
- Check if should wait for memory bit to flip or directly boot
- do several timeouts to wait for the NAND to return statuses
- Find boot.bat and load it
- setup a BATCH scripting enviroment where things get setup with complex commands like "tdfload Kernel.tdf"
- load linux kernel
- Scan for bad blocks all 2046 of them
- Then RESCAN for BFFS partition table
- Find that and then mount everything then put everything in /dev/ and register the seperate PNX chip for seperate video processing in /dev/
- wait for that to load and register "shmem" and a bunch more in /dev/, Register the speakers and display.
- Then after all of that then start the MAIN Binary(The TVS "operating system/interface") and everything there
- The main binary boots and then SETS up the seperate pnx chip communicating via /dev/
- Have it also scan stuff as well and give it a memory layout to the UART(everything also gets debugged adding extra time)
- Finally Display the BASIC bootlogo
- And then bootup
All on 200mhz RAM and similar CPU clockspeed in ONLY 13 SECONDS!
Here is the thing in case you want to read/see it
https://www.nxp.com/docs/en/user-guide/UM10113.pdf
Oh yeah THIS.
Bootloader has been FULLY implemented to stand on its knees.
Current thing its doing? Waiting for the IR remote to register a POWER button being pressed on a remote to then transition to starting the vmlinux and then move forward. Yes its gotten THAT far.
Remember when I was wrong about this?
Good times right.
Well what I actually activated during that time was a secret FLASHING mode. Its not waiting for a power button its waiting for a debugging device to change a bit in memory to say "its safe to start up". Since everything's loaded in RAM you can DIRECTLY program the NAND controller, so for example instead of desoldering and then reprogramming the NAND and then resoldering you can just DIRECTLY porgram the NAND using a EPPROM programmer clipped to the NAND similar to something like this(Example is from a BIOS programmer on a laptop)
Where it would CLIP onto the nand chip directly.
So if you were a Dev working on the system, you would boot. See general partition info
and if you made a mistake or want to test a new version of the TV's binary or kernel or whatever. you would simply using your clipper and other debugging tool DIRECTLY flash the NAND while running. Most likely communicating with the nand officially using signals to reflash it. Because everything is already loaded in RAM and is prepared to handle it you could erase EVERYTHING and as long as you do not reboot nothing in the bootloader would break. It would just fail to find anything to boot from.
Once your done reflashing your debugging tool would change a BIT in memory telling it "Its ok to boot now, RESCAN and try again bootloader" and it will then boot. OR you could just tell it to "just continue booting" without flashing anything new by changing that piece of memory its scanning for directly.
It appears I accidentally found this while making it and incorrectly assumed it was the TV waiting for a power button press from the remote. So that's cool I guess
