Difference between revisions of "Category:83Plus:Ports:By Address:Protected"

From WikiTI
Jump to: navigation, search
m
m (Whoops)
 
(5 intermediate revisions by 4 users not shown)
Line 1: Line 1:
[[Category:83Plus:Ports:By_Address|Protected]]
+
[[Category:83Plus:Ports:By_Address|Protected Ports]]
 
== Protected Ports ==
 
== Protected Ports ==
Some of the I/O ports on the 83+ have been "protected" to prevent them from being written accidentally (in addition to preventing user programs from writing to them.)
+
Some of the I/O ports on the 83+ have been "protected" to prevent them from being written accidentally (in addition to preventing user programs from writing to them.) Most of these ports require Flash to be unlocked via port [[83Plus:Ports:14|14]] to respond to write commands.  It was previously thought that all protected ports must be written to with the protected sequence from a protected page, but you may instead use them from anywhere with no sequence if Flash is unlocked.  Port [[83Plus:Ports:14|14]] itself has special requirements that must be met before it will respond:
  
The following restrictions are believed to apply to all protected ports:
+
* Port [[83Plus:Ports:14|14]] can only be written to from privileged ROM pages. The privileged ROM pages are two utility code pages and one or two boot code pages. On the normal 83+ the pages are 1Ch, 1Dh, and 1Fh. On the normal 84+ the pages are 3Ch, 3Dh, and 3Fh. On the 83+ SE the pages are 7Ch, 7Dh, and 7Fh. On the 84+ SE the pages are 6Fh, 7Ch, 7Dh, and 7Fh.  (Pages 2C-2E/6C-6E on the 84+, and page 1E/3E/7E, may also qualify, but no code is currently placed on those pages.)
 
+
* These ports can only be written to from privileged ROM pages. The privileged ROM pages are two utility code pages and one or two boot code pages. On the normal 83+ the pages are 1Ch, 1Dh, and 1Fh. On the normal 84+ the pages are 3Ch, 3Dh, and 3Fh. On the 83+ SE the pages are 7Ch, 7Dh, and 7Fh. On the 84+ the pages are 6Fh, 7Ch, 7Dh, and 7Fh.  (Pages 3C-3E/6C-6E on the 84+, and page 1E/3E/7E, may also qualify, but no code is currently placed on those pages.)
+
  
 
* A specific sequence of instructions must be executed (all of them from a privileged page, with no interruptions) before the port will finally "listen." The sequence is:
 
* A specific sequence of instructions must be executed (all of them from a privileged page, with no interruptions) before the port will finally "listen." The sequence is:
Line 14: Line 12:
 
  out (...),a
 
  out (...),a
 
: A 'di' often precedes this sequence so that it cannot be broken by an interrupt, and a 'di' often follows it, after which the output value is re-checked, to prevent user programs from sneakily inserting their own output values.
 
: A 'di' often precedes this sequence so that it cannot be broken by an interrupt, and a 'di' often follows it, after which the output value is re-checked, to prevent user programs from sneakily inserting their own output values.
 +
: Because the hardware only checks what bytes are read, and whether they are read from a privileged page, but not whether they are actually executed, certain variants on this sequence are also permissible; for example:
 +
ld hl,0
 +
im 1
 +
di
 +
out (...),a
  
The canonical protected port is, of course, the Flash write-enable port, [[83Plus:Ports:14|port 14]].  Some of the other protected ports also appear to function only when Flash is write-enabled.
+
ld hl,(word_0000) ; where word_0000 is the address of two zero
 +
                  ; bytes stored on a privileged page
 +
im 1
 +
di
 +
out (...),a
 +
 
 +
ld ix,byte_ed ; where byte_ed is the address of an ED byte
 +
ld hl,byte_f3 ; and byte_f3 is the address of an F3 byte
 +
              ; both stored on a privileged page
 +
rlc b,(ix+0)
 +
ld d,(hl)
 +
out (...),a
 +
: The last works because the opcode for RLC B,(IX+0) is DD CB 00 00, the byte read from (ix) is ED, then the opcode for LD D,(HL) is 56, and the byte read from (hl) is F3.  This could be useful since it allows port [[83Plus:Ports:14|port 14]] to be written without destroying the interrupt mode.

Latest revision as of 13:35, 15 October 2012

Protected Ports

Some of the I/O ports on the 83+ have been "protected" to prevent them from being written accidentally (in addition to preventing user programs from writing to them.) Most of these ports require Flash to be unlocked via port 14 to respond to write commands. It was previously thought that all protected ports must be written to with the protected sequence from a protected page, but you may instead use them from anywhere with no sequence if Flash is unlocked. Port 14 itself has special requirements that must be met before it will respond:

  • Port 14 can only be written to from privileged ROM pages. The privileged ROM pages are two utility code pages and one or two boot code pages. On the normal 83+ the pages are 1Ch, 1Dh, and 1Fh. On the normal 84+ the pages are 3Ch, 3Dh, and 3Fh. On the 83+ SE the pages are 7Ch, 7Dh, and 7Fh. On the 84+ SE the pages are 6Fh, 7Ch, 7Dh, and 7Fh. (Pages 2C-2E/6C-6E on the 84+, and page 1E/3E/7E, may also qualify, but no code is currently placed on those pages.)
  • A specific sequence of instructions must be executed (all of them from a privileged page, with no interruptions) before the port will finally "listen." The sequence is:
nop
nop
im 1
di
out (...),a
A 'di' often precedes this sequence so that it cannot be broken by an interrupt, and a 'di' often follows it, after which the output value is re-checked, to prevent user programs from sneakily inserting their own output values.
Because the hardware only checks what bytes are read, and whether they are read from a privileged page, but not whether they are actually executed, certain variants on this sequence are also permissible; for example:
ld hl,0
im 1
di
out (...),a
ld hl,(word_0000) ; where word_0000 is the address of two zero
                  ; bytes stored on a privileged page
im 1
di
out (...),a
ld ix,byte_ed ; where byte_ed is the address of an ED byte
ld hl,byte_f3 ; and byte_f3 is the address of an F3 byte
              ; both stored on a privileged page
rlc b,(ix+0)
ld d,(hl)
out (...),a
The last works because the opcode for RLC B,(IX+0) is DD CB 00 00, the byte read from (ix) is ED, then the opcode for LD D,(HL) is 56, and the byte read from (hl) is F3. This could be useful since it allows port port 14 to be written without destroying the interrupt mode.

Pages in category "83Plus:Ports:By Address:Protected"

The following 8 pages are in this category, out of 8 total.