83Plus:State of the calculator at boot

From WikiTI
Revision as of 08:51, 28 November 2011 by Sircmpwn (Talk | contribs)

Jump to: navigation, search

This page is dedicated to what happens right when the calculator begins to execute code.

For now, all the information is about the 84+. When someone does some boot code work with the 83+, this page will have to be updated.

Registers

All registers are 00h. However, if you are writing a boot code, you should still initialize the variables on the off chance that one is not 00h, or if someone jumps to your boot code.

Port Values

These port values were all found on an 84+SE hardware revision M with a port 15 value of 55h.

Port Value
00h 03h
01h FFh
02h E3h
03h 00h
04h 08h
05h 00h
06h 00h
07h 00h
08h 00h
09h 20h
0Ah 00h
0Bh 00h
0Ch 00h
0Dh 00h
0Eh 00h
0Fh 00h
Port Value
10h FFh
11h FFh
12h FFh
13h FFh
14h 00h
15h 55h
16h 00h
17h 00h
18h 00h
19h 00h
1Ah 00h
1Bh 00h
1Ch 00h
1Dh 00h
1Eh 00h
1Fh 00h
Port Value
20h 00h
21h 33h
22h 00h
23h 00h
24h 00h
25h 00h
26h 00h
27h 00h
28h 00h
29h 00h
2Ah 00h
2Bh 00h
2Ch 00h
2Dh 00h
2Eh 00h
2Fh 00h
Port Value
30h 00h
31h 00h
32h 00h
33h 00h
34h 00h
35h 00h
36h 00h
37h 00h
38h 00h
39h 00h
3Ah 00h
3Bh 00h
3Ch FFh
3Dh FFh
3Eh FFh
3Fh FFh
Port Value
40h 00h
41h 00h
42h 00h
43h 00h
44h 00h
45h 00h
46h 00h
47h 00h
48h 00h
49h 18h
4Ah 06h
4Bh 00h
4Ch 22h
4Dh A9h
4Eh 00h
4Fh 00h
Port Value
50h 00h
51h 00h
52h 00h
53h 00h
54h 02h
55h 1Fh
56h 00h
57h 00h
58h 00h
59h 00h
5Ah 00h
5Bh 00h
5Ch 00h
5Dh 00h
5Eh 00h
5Fh 00h
Port Value
60h 00h
61h 00h
62h 00h
63h 00h
64h 00h
65h 00h
66h 00h
67h 00h
68h 00h
69h 18h
6Ah 06h
6Bh 00h
6Ch 22h
6Dh A9h
6Eh 00h
6Fh 00h
Port Value
70h 00h
71h 00h
72h 00h
73h 00h
74h 02h
75h 1Fh
76h 00h
77h 00h
78h 00h
79h 00h
7Ah 00h
7Bh 00h
7Ch 00h
7Dh 00h
7Eh 00h
7Fh 00h


Interesting points:

  • Flash is locked
  • 4000h contains flash page 00h
  • 8000h contains flash page 00h
  • C000h contains ram page 00h
  • The LCD driver is disconnected (port 29 causes this)
  • The boot code is unlocked
  • 84+BE/SE cannot be determined from port 21 as it reads 33h
  • All parts of flash except privileged pages are non-executable (2C-2F, 3F, 6C-6F, and 7F)
  • All of ram is non-executable except the first 1024 bytes of ram page 00h
  • None of the LCD delay ports are set
  • The clock is off
  • The USB driver is off

Memory Mapping

Here's where the boot code gets fun. Since on boot all variables and ports have been reset, it would logically follow that execution should start at 0000h. There's a problem though, 0000h is always flash page 00h. In order to beat this, TI actually had to add a hack to put the boot code into the 0000h region.

  • The calculator is in memory map mode 0
  • 0000h contains the boot code (3Fh / 7Fh) and behaves normally
  • 4000h contains flash page 00h
  • 8000h contains flash page 00h
  • C000h contains ram page 00h
  • Page 00h is restored to 0000h when and only when a byte is executed in a memory bank controlled by port 06. This means that in memory map mode 0, a byte must be executed in the 4000h-7FFFh range, and in memory map mode 1, a byte must be executed in the 4000-BFFFh range. When this byte is executed, 00h instantly goes back to 0000h.

It has also been determined that ports 0E and 0F play no part in this behavior on the 84+.

Gathering this Information

This information could only be gathered by replacing the boot code. This was a very dangerous operation as one mistake will brick the calculator. You should not attempt to recreate anything on this page or write your own boot code unless you are a master at z80 assembly.