 | | | | | | |
| |
|
On Sun, 4 Feb 2007, Steve Hassenplug wrote:
> What software did you use to load V1.04?
The Atmel SAM-BA downloader, included in their In-system Programmer
package: http://www.atmel.com/dyn/products/tools_card.asp?tool_id=3883
I was using an older version than the one currently available on their
site, though (1.7 vs. 1.8).
> It sounds like there is something in there that set the firmware to
> read-only after it loaded it. Can you find any settings like that in that
> software?
Well, it would be nice to be able to get back IN to the software to check
for such an option. I can't bring up the software because it can't find
the Atmel chip to talk to (main screen doesn't display until the software
makes the connection), and it can't find the Atmel chip because the NXT
brick won't go into download mode, and it won't go into download mode
because the stupid flash chip won't allow me to write to it! Argh!!
Sorry; not mad at you, just a bit frustrated is all.
Even if such an option were present, I don't know how I'm supposed to undo
it if the NXT can't go back into download mode in the first place.
I do recall it prompting me, during the upload of 1.04, to "unlock" (I
think that was the verbiage used) some pages of the flash, and I said
"okay." I figured this was normal as I remembered reading something about
how there was some sort of "lock" or "security" bit(s) that needed to be
toggled every time the flash procedure was attempted on the NXT (doesn't
putting the unit into download/SAM-BA mode either lock or unlock these
bits?).
Thanks for responding,
--
Nathan Anderson
nathan@anderson-net.com
| | | | | | | | | | | | | | | |
| |
|
Nathan Anderson wrote:
> On Sun, 4 Feb 2007, Steve Hassenplug wrote:
>
> > What software did you use to load V1.04?
>
> The Atmel SAM-BA downloader, included in their In-system Programmer
> package: http://www.atmel.com/dyn/products/tools_card.asp?tool_id=3883
>
> I was using an older version than the one currently available on their
> site, though (1.7 vs. 1.8).
> > It sounds like there is something in there that set the firmware to
> > read-only after it loaded it. Can you find any settings like that in that
> > software?
OK, everybody take a deep breath and slow down. first of all, the SAMBA
version I'm using is 1.11, available here:
<http://www.atmel.com/dyn/products/tools_card.asp?tool_id=3894>
And for anyone that's going to get busy hacking firmware, this is
a great place to start:
<http://www.at91.com>
Yes, there is a script that will set the security bit in the FLASH
firmware, and yes, if you set it, your brick is "bricked"
However, unlocking and locking the FLASH does NOT set the security
bit it merely locks the sectors, which can be unlocked again.
> Well, it would be nice to be able to get back IN to the software to check
> for such an option. I can't bring up the software because it can't find
> the Atmel chip to talk to (main screen doesn't display until the software
> makes the connection), and it can't find the Atmel chip because the NXT
> brick won't go into download mode, and it won't go into download mode
> because the stupid flash chip won't allow me to write to it! Argh!!
>
> Sorry; not mad at you, just a bit frustrated is all.
>
> Even if such an option were present, I don't know how I'm supposed to undo
> it if the NXT can't go back into download mode in the first place.
>
> I do recall it prompting me, during the upload of 1.04, to "unlock" (I
> think that was the verbiage used) some pages of the flash, and I said
> "okay." I figured this was normal as I remembered reading something about
> how there was some sort of "lock" or "security" bit(s) that needed to be
> toggled every time the flash procedure was attempted on the NXT (doesn't
> putting the unit into download/SAM-BA mode either lock or unlock these
> bits?).
Like I said before, locking is normal, but setting security bit prevents
and subsequent access to the FLASH.
Can you please make sure that you press the reset button in the hole
under the USB connector for a full 5 seconds until you hear a big CLICK
from the speaker?
If you don't hear the big click, then you've got other issues.
After the click, it goes quiet for 2 or 3 seconds and then starts
ticking. It should then enumerate as a new device.
You may want to do this on another PC just in case your USB config
is hosed and you are actually just misreading the chip.
Hope this helps,
Ralph
connector
| | | | | | | | | | | | | | | | |
Hi Nathan, hi Ralph,
Ralph Hempel <rhempel@bmts.com> writes:
>
> Yes, there is a script that will set the security bit in the FLASH
> firmware, and yes, if you set it, your brick is "bricked"
>
> Like I said before, locking is normal, but setting security bit prevents
> and subsequent access to the FLASH.
actually for the adventurous hardware hacker
it might be possible to revive it using the ERASE pin.
Though in this case, and if you are sure you didn't run the script
for setting the security bit, I'd ask LEGO for a replacement.
They are usually very nice about it (the nicest I know on this planet).
Jürgen
--
Jürgen Stuber <juergen@jstuber.net>
http://www.jstuber.net/
gnupg key fingerprint = 2767 CA3C 5680 58BA 9A91 23D9 BED6 9A7A AF9E 68B4
| | | | | | | | | | | | | | | | | |
| |
|
On Sun, 4 Feb 2007, Juergen Stuber wrote:
> actually for the adventurous hardware hacker
> it might be possible to revive it using the ERASE pin.
>
> Though in this case, and if you are sure you didn't run the script
> for setting the security bit, I'd ask LEGO for a replacement.
Juergen et al.,
Good news, everyone! The nightmare is over. :-) And I got to learn a few
things in the process, too!
Setting the security bit must have been what I did, although I don't
specifically recall it...I do remember that, before I fully understood
exactly how going to SAM-BA mode worked, I was trying to determine if
there was some way to make it boot up the standard LEGO firmware again,
and I may indeed have run that script inadvertantly whilst poking around
(I can now see that this script exists in the SAM-BA program). I now
realize that what I was trying to do at the time is not possible. The
SAM-BA bootloader exists in ROM, and yet even so the bootloader design for
the NXT firmware remains a single-stage one; for some reason, SAM-BA
cannot be booted directly off of ROM, so setting the NXT to SAM-BA/
downloader mode copies the SAM-BA bootloader out of ROM and into flash, in
effect overwriting the first 4K bytes of flash (previously containing NXT
firmware boot code) with the SAM-BA code. (Is it just me, or isn't this a
slightly silly design? Why not a two-stage loader?)
After your mention of the ERASE pin, Juergen, I downloaded copies of the
ATMEL AT91 technical manual as well as the LEGO NXT HDK docs (w/
schematics), and found that what you and Ralph were telling me is true:
you set that security bit, and you aren't *ever* going to be let into the
flash again. Unless you wipe it, that is, which, after setting that bit,
is not possible to do in software.
Fortunately, it looks like Atmel provided a back-door in hardware to reset
it. I (carefully) opened up the NXT brick and (equally as carefully)
shorted VCC_OUT (pin 8) with ERASE (pin 55), which LEGO thoughtfully
traced to a nice open pad (J10)! :-) IIRC, this had to be done and held
steadily in place before applying power. Voila, as they say: I was
greeted with the warm sound of steady clicking from the tiny NXT speaker.
I never thought I'd be SO glad to hear that sound again. Of course, in
its empty state, nothing was booting off the flash, and so there was no
USB link...you need to hold in the reset button to force writing of SAM-BA
to flash, and then off you go.
You all probably already knew this and are silently laughing at me (heh),
but I also discovered that when flashing firmware using the Atmel
software, it is best not to answer "Yes" impulsively at the end of the
flashing session when it asks you if it should re-lock the sections of
flash that it prompted you to unlock before it began to write to it. It
doesn't just lock down the first 4KB (where the bootloader lives) as I had
initially assumed it would, but instead locks down every sector, which
left me with the same problem I had before: namely, that I was unable to
upload RXE code without it locking up. Thankfully, though, it didn't have
the same effect as setting the security bit did, so I was able to re-load
SAM-BA without difficulty and flash it properly without resorting to
cracking the NXT open again. :-)
THANK you ALL for your help and patience!
--
Nathan Anderson
nathan@anderson-net.com
| | | | | | | | | | | | | | | | |
Hi Nathan,
Nathan Anderson <nathan@anderson-net.com> writes:
> On Sun, 4 Feb 2007, Juergen Stuber wrote:
> >
> > actually for the adventurous hardware hacker
> > it might be possible to revive it using the ERASE pin.
>
> Fortunately, it looks like Atmel provided a back-door in hardware to reset
> it. I (carefully) opened up the NXT brick and (equally as carefully)
> shorted VCC_OUT (pin 8) with ERASE (pin 55), which LEGO thoughtfully
> traced to a nice open pad (J10)! :-) IIRC, this had to be done and held
> steadily in place before applying power.
clever solution.
I actually wondered how to do the debouncing,
to get the required (in bold face!) pulse of at least 50ms.
> Voila, as they say: I was greeted with the warm sound of
> steady clicking from the tiny NXT speaker.
:-)
Jürgen
--
Jürgen Stuber <juergen@jstuber.net>
http://www.jstuber.net/
gnupg key fingerprint = 2767 CA3C 5680 58BA 9A91 23D9 BED6 9A7A AF9E 68B4
| | | | | | |
