david.evans@canremote.uucp (DAVID EVANS) (01/20/90)
I realise this falls into the "weird stuff", and probably "heavy
magic" catagory, but how do you enable the WCS on the A1000 for writing?
I assume it has something to do with the RESET instruction, but when
you do that, all RAM gets unconfigured. Dragon's Lair does it, so I
know it *can* be done.
Also, on a related note, is the tiny bit of ROM the A1000 executes
before being Kicked accessable? Or is it hidden under the PAL logic?
---->Dave
DAVID.EVANS@CANREMOTE.UUCP
---
* Via ProDoor 3.1R mwandel@tiger.waterloo.edu (Markus Wandel) (01/21/90)
In article <90012003501244@masnet.uucp> david.evans@canremote.uucp (DAVID EVANS) writes: > > I realise this falls into the "weird stuff", and probably "heavy >magic" catagory, but how do you enable the WCS on the A1000 for writing? Run the following through any assembler and Blink: lea bootcont,a0 move.l a0,$80 trap #0 bootcont: move.l $fc0004,a0 jmp -2(a0) end Then wait for all disk updates to complete and run it. Poof, Amiga reboots with WCS accessible for writing. Works by kicking the CPU into supervisor mode (using the TRAP instruction), then fetching the address where the CPU would normally begin running the kickstart code at. Like magic, in both 1.2 and 1.3 there is a "RESET" instruction directly before this code, so that's where we jump to. What happens is that all hardware in the machine gets reset except the CPU. Autoconfigured memory vanishes, chip memory goes poof, but the WCS stays around and so the 68000 goes on running. It goes through a standard boot up, reconfiguring autoconfig memory and all other hardware, but *not* write-protecting the WCS, as this apparently gets done by the ROMs which do powerup diagnostics and load the Kickstart disk, which have been bypassed in this case. If you boot from floppy anyway, just find someone who has AMAX and get them to run the "BootBlockRestore" program on your boot disk. This creates a boot block which does the same thing, so your machine *always* has the WCS enabled when booted from that disk. Disclaimer: The above is not BY ANY MEANS a supported standard programming practice on the Amiga. It works now. It depends on the "RESET" instruction in Kickstart. If it goes away with 1.4, it won't work any more. Markus Wandel mwandel@tiger.waterloo.edu (519) 884-9547
ridder@elvira.enet.dec.com (Hans Ridder) (01/23/90)
In article <20011@watdragon.waterloo.edu> mwandel@tiger.waterloo.edu (Markus Wandel) writes: >In article <90012003501244@masnet.uucp> david.evans@canremote.uucp (DAVID EVANS) writes: >> >> I realise this falls into the "weird stuff", and probably "heavy >>magic" catagory, but how do you enable the WCS on the A1000 for writing? > >Run the following through any assembler and Blink: > > lea bootcont,a0 > move.l a0,$80 ^^^-----------Ack! Pounding the autovectors! > trap #0 >bootcont: > move.l $fc0004,a0 ^^^^^^----------Cough! Jumping to ROM! > jmp -2(a0) > end > I'm not trying to flame you, and I know you said it was unsupported, but there is a supported way to do this. The *new* Hardware Reference Manual, page 219 says that the only supported way to reset the Amiga (and thus write enable the KickStart RAM on the 1000) is: _ColdReboot: MOVE.L 4,(A6) ; Get pointer to ExecBase LEA.L MagicResetCode(PC),A5 ; Location of reset code JSR _LVOSupervisor(A6) ; Start code in supervisor mode ; The *only* supported reboot code CNOP 0,4 ; IMPORTANT: Must be longword aligned MagicResetCode: LEA.L 2,A0 ; Point to JMP instruction at start of ROM RESET ; All RAM goes away now! JMP (A0) ; Rely on prefetch to execute this instruction Apparently, you only need the first riff (_ColdReboot) if you are in user mode. If you are already in supervisor mode, just use the second part. I have never done this. It's just documented in the book this way! >Markus Wandel >mwandel@tiger.waterloo.edu -hans ======================================================================== Hans-Gabriel Ridder Digital Equipment Corporation ridder@elvira.enet.dec.com Customer Support Center ...decwrl!elvira.enet!ridder Colorado Springs, CO
mwandel@tiger.waterloo.edu (Markus Wandel) (01/24/90)
In article <629@shodha.dec.com> ridder@elvira.enet.dec.com (Hans Ridder) writes: >> >> lea bootcont,a0 >> move.l a0,$80 > ^^^-----------Ack! Pounding the autovectors! >> trap #0 >>bootcont: >> move.l $fc0004,a0 > ^^^^^^----------Cough! Jumping to ROM! >> jmp -2(a0) >> end >> And proceeds to give the official, supported way to reboot an Amiga. Fine and good, except the official, supported way, won't leave the WCS enabled, which was the goal of the whole exercise. Try it. I did, just to make sure. You see, when you jump to location 2 after doing a RESET instruction, you are jumping to the A1000's boot ROM. This ROM will merrily proceed to checksum the kickstart RAM, find it valid, write-protect it again, and go through a 100% normal reboot. What else would you expect, that Commodore's official way to reboot all Amigas will leave an A1000 with its WCS enabled and prone to all-the-way-back-to-kickstart crashes? But to make you happy, here is another WCS enabler which is similar to the Commodore reboot code. All I do is jump to $FC0002 after the RESET, instead of $000002. This gets me the WCS code instead of the boot ROM. I also move the CNOP 0,4 to preserve the longword alignment of the RESET instruction. _ColdReboot: MOVE.L 4,(A6) ; Get pointer to ExecBase LEA.L MagicResetCode(PC),A5 ; Location of reset code JSR _LVOSupervisor(A6) ; Start code in supervisor mode MagicResetCode: LEA.L $FC0002,A0 ; Point to JMP instruction at start of WCS ^^^^^^ ^^^ CNOP 0,4 ; IMPORTANT: Must be longword aligned RESET ; All RAM goes away now! JMP (A0) ; Rely on prefetch to execute this instruction Oh, this code is also slightly more future-proof as it no longer depends on that RESET instruction at the start of the WCS code. Markus Wandel mwandel@tiger.waterloo.edu (519) 884-9547
puhuri@niksula.hut.fi (Markus Peuhkuri) (01/24/90)
In article <629@shodha.dec.com> ridder@elvira.enet.dec.com (Hans Ridder) writes: >[Suported way to make reboot] > _ColdReboot: > MOVE.L 4,(A6) ; Get pointer to ExecBase ^--^ I think here is an error. This code moves address of ExecBase to some address that was in a6. You should leave those parenthesis off. So, right code is: MOVE.L 4,a6 ; Get ExecBase in a6 > LEA.L MagicResetCode(PC),A5 ; Location of reset code > JSR _LVOSupervisor(A6) ; Start code in supervisor mode >[code cont.] > I have never done this. It's just documented in the book this way! > -hans > ======================================================================== > Hans-Gabriel Ridder Digital Equipment Corporation > ridder@elvira.enet.dec.com Customer Support Center > ...decwrl!elvira.enet!ridder Colorado Springs, CO -- Markus Peuhkuri ! Ti 1 ! puhuri@niksula.hut.fi !------! V{in| Auerinkatu 1 A 3 ! Helsinki !-----------------------! // ! SF-00560 Helsinki ! University ! Erratum politucus est ! \X/ ! tel. +358-0-7570762 ! of Tecnology !-----------------------!------!
ridder@elvira.enet.dec.com (Hans Ridder) (01/24/90)
In article <20080@watdragon.waterloo.edu> mwandel@tiger.waterloo.edu (Markus Wandel) writes: >Fine and good, except the official, supported way, won't leave the WCS >enabled, which was the goal of the whole exercise. Try it. I did, >just to make sure. Of course you're right! (he says, whacking his forehead with the palm of his hand) How embarassing.... Sorry I made the lame assumption that the KickStart RAM would be left enabled. I jumped to that conclusion myself, it didn't say that in the hardware manual. Thanks for clearing it up. But your code brought up a question in my mind (such as it is :-). Is CNOP really a no-op? (i.e. can it be executed without any side effects?) You used it inline, so I guess it is. I have never seen that done before. Most of the code I have seen uses it to align labels and such to longwords, etc. I'm learning all the time.... >Markus Wandel >mwandel@tiger.waterloo.edu -hans ======================================================================== Hans-Gabriel Ridder Digital Equipment Corporation ridder@elvira.enet.dec.com Customer Support Center ...decwrl!elvira.enet!ridder Colorado Springs, CO
d87-khd@sm.luth.se (Karl-Gunnar Hultland) (01/24/90)
In article <20080@watdragon.waterloo.edu> mwandel@tiger.waterloo.edu (Markus Wandel) writes: >MagicResetCode: > LEA.L $FC0002,A0 ; Point to JMP instruction at start of WCS > ^^^^^^ ^^^ Is this address unchanged from kick 1.0 to kick 1.4 ? > CNOP 0,4 ; IMPORTANT: Must be longword aligned > RESET ; All RAM goes away now! > JMP (A0) ; Rely on prefetch to execute this instruction > >Oh, this code is also slightly more future-proof as it no longer depends on >that RESET instruction at the start of the WCS code. Well there's a jump instructin in my version of the kickstart(1.3) BUT is it GUARANTEED that it will be there in 1.4 ... 1.5 .... A3000 A4000 etc... Karl +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | Karl 'Dixie' Hultland | email: d87-khd@sm.luth.se | | University of Lulea | : {uunet,mcvax}!sunic.se!sm.luth.se!d87-khd| | Sweden | Snailmail: Mjolkuddsv. 63-5, S-95157 Lulea Sweden | |=======================| Voice nat: 0920-15479 | | Urbi et Orbi | Voice int: +46 920 15479 | |=============================================================================| | If two people agree on EVERYTHING , one of them is OBSOLETE!! | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
peter@sugar.hackercorp.com (Peter da Silva) (01/24/90)
> LEA.L 2,A0 ; Point to JMP instruction at start of ROM > RESET ; All RAM goes away now! > JMP (A0) ; Rely on prefetch to execute this instruction ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Argh! No complaints, but god this is some *scary* code. -- Peter "Have you hugged your wolf today" da Silva <peter@sugar.hackercorp.com> `-_-' 'U` "I haven't lost my mind, it's backed up on tape somewhere"
mwandel@tiger.waterloo.edu (Markus Wandel) (01/25/90)
In article <715@tau.sm.luth.se> Karl-Gunnar Hultland <d87-khd@tau.luth.se> writes: >>MagicResetCode: >> LEA.L $FC0002,A0 ; Point to JMP instruction at start of WCS >> ^^^^^^ ^^^ >Is this address unchanged from kick 1.0 to kick 1.4 ? ... >Well there's a jump instructin in my version of the kickstart(1.3) >BUT is it GUARANTEED that it will be there in 1.4 ... 1.5 .... A3000 >A4000 etc... The address $FC0000 is carved into stone, that is silicon, on an Amiga 1000. Don't anyone bother me about future versions of the OS moving to different places. If that ever happens on an A1000, then it will be through a ROM hack which does away with the WCS, and there won't be any more point in enabling it, will there. Same goes for all models of the Amiga after the A1000... they don't have a WCS. Markus Wandel mwandel@tiger.waterloo.edu (519) 884-9547