• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Want to organize your cloud files? Sign up for a free webinar to see how Dokkio (a new product from PBworks) can help you find, organize, and collaborate on your Drive, Gmail, Dropbox, and Slack files: Weds, May 27 at 2PM Eastern / 11AM Pacific


Page history last edited by Vasile 11 years, 1 month ago



bootloader is the very first program executed at startup.The problem is that the stock bootloader does not come with source code. As it has a number of missing features (netcat, ata/atapi boot, auto tftp-boot, variable startup delay, auto-reflash), binary patches just won't do it. John started to rewrite it, including basic HW hooks for X86 testing. C coders/contributions welcome.

Version: 2.0.0

Status: 50% complete





This is the first piece of code which gets executed at startup, since it is located at 0x00000000. It will:

  • initialize the hardware
    • initialize the static RAM
    • setup the PLL, flash and SDRAM, cache parameters
    • initialize the serial port (UART0/PIO0)
  • display bootloader welcome message to the console
  • set the GPIO LED status (Power=Blink, others (unused)=off) to indicate valid bootloader
  • check the serial console for input.
    • if any char received, wait for the passphrase. When the correct passphrase was received, go to the console program.
  • identify the flash chips
  • load the current config from NVRAM into the global config buffer in SDRAM at 0x01FF-F000.
    • if the current config does not have a valid magic number (0xCAFE2004), request a MAC address from the serial console, and save the new config to flash. Then wait for a reset keypress.
  • run the "boot flash" command
    • inflate the kernel from flash (0x00040004 ) to RAM at 0x01008000.
      • if inflation fails, wait for the passphrase, and then go to the console program. Reboot when complete.
    • run the inflated kernel


Just some ideas:

The cramfs is at 0xE2809 (as reported by the kernel boot) This suggests that the maximum size of the cramfs is 0x31D7F7, or just over 3MBytes. Loads of room!

The compressed kernel is in the ROM at 0x40004 and is 0xA27FD long

The flash-kernel loader is at 0x6000 (execute this with "boot flash")

The kernel is loaded to 0x01008000 to be executed.


There are commands to download code and jump to an address - we could try new kernels by using "download serial 0x01008000" and then "boot kernel".



Format Location
.bin SourceForge - utility binaries
.bin SourceForge - test binaries
.ipk SourceForge - packages
.ipk PigsInSpace - standard packages

If you do not have ipkg already installed, put the .bin format tool command (above) into your /usr/bin directory .









  • Needs microline integration
  • Needs network functionality
  • Needs serial functionality



Version 2.0.0 - [John, 2008-01]

  • Port started
  • Working command line


Version 1.0.0 - [Flyduck, 2004]

  • Initial release




VB: replacing bootloader seems to me a little dangerous :-) especially if one is going back and forth between stock and our firmware.


Comments (0)

You don't have permission to comment on this page.