Having set about wanting to dump the flash of the bt vision board - if only to wonder why they covered it in a rather nasty epoxy which isnt coming off in a hurry.
I was running yamon by renaming ya.bin to nk.bin and had connected via serial to pins 3+4.
It appears the flash is write protected as trying to set xenv variables in yamon fails
Anyway, the flash is mapped by the cpu to 0xac000000 and a pflash probe tells me it is 16 MB therefore 0x1000000
I set teraterm to log the screen then proceeded to issue
dump 0xac000000 0x1000000
which then spewed data for well over an hour which i logged to disk
Review of this log shows the flash has the following data in it.
Data exists from
0x0 - 0x7f which appears to be an xenv block(s)
0x8000 0xd8434 = bootblock as specifiec in xenv and common bootloader start
0xf0000 - 0xfffff = recovery partition ? shows come id values in 0x1000 blocks with plain text refs to ftp site and philips info. also ftp to philips for crl files
0x100000 - end = 0xff
just found this
* 0x00-0x03: Size of the xenv datastrcutre (including this 4 bytes and the sha1 hash)
* 0x04-0x17: SHA1 hash value (20 bytes length)
* 0x18- : XEN records and values in the following format:
o first byte is allways 0x00
o second byte is the size of the record (including this and the first bytes)
o Name of the record (0 terminated string)
o Value of the record
from
http://forum.opentvix.com/viewtopic.php?f=6&t=53