Nike CPLD Info

跳转至: 导航搜索

Nike CPLD Info

CPLD info 
CPLD Group A --- Addr=0xBD000000, Val=0xFFF0. 
CPLD Group B --- Addr=0xBD000002, Val=0xFFF0. 
CPLD Group C --- Addr=0xBD000004, Val=0xFFF0. 
CPLD Group D --- Addr=0xBD000006, Val=0xFFF0. 
CPLD Group E --- Addr=0xBD000008, Val=0xFFF0. 
CPLD Group F --- Addr=0xBD00000A, Val=0xFFF1. 
CPLD Group G --- Addr=0xBD00000C, Val=0xFFF1. 
CPLD Group H --- Addr=0xBD00000E, Val=0xFFF4. 
CPLD Group I --- Addr=0xBD000010, Val=0xFFF0. 
Nike CPLD is located at 0x98000000 
The chip is accessed in 16bit mode. 

Known GPIOs:

Apin + 0x0 bit Description 0
GPIOA0 0x0001 .
GPIOA1 0x0002 .
GPIOA2 0x0004 .
GPIOA3 0x0008 .
GPIOA4 0x0010 .
GPIOA5 0x0020 .
GPIOA6 0x0040 .
GPIOA7 0x0080 .

Bpin+ 0x2 bit Description 1
GPIOB0 0x0001 LED related
GPIOB1 0x0002 LED related
GPIOB2 0x0004 LED related
GPIOB3 0x0008 Bluetooth 32K clock enable
GPIOB4 0x0010 .
GPIOB5 0x0020 .
GPIOB6 0x0040 .
GPIOB7 0x0080 .

Cpin + 0x4 bit Description 2
GPIOC0 0x0001 Bluetooth enable
GPIOC1 0x0002 Blue LED
GPIOC2 0x0004 .
GPIOC3 0x0008 .
GPIOC4 0x0010 Display related
GPIOC5 0x0020 .
GPIOC6 0x0040 .
GPIOC7 0x0080 .

Dpin + 0x6 bit Description 3
GPIOD0 0x0001 .
GPIOD1 0x0002 .
GPIOD2 0x0004 BT router related
GPIOD3 0x0008 H2W related? unsure
GPIOD4 0x0010 .
GPIOD5 0x0020 .
GPIOD6 0x0040 .
GPIOD7 0x0080 .

Epin + 0x8 bit Description 4
GPIOE0 0x0001 .
GPIOE1 0x0002 .
GPIOE2 0x0004 .
GPIOE3 0x0008 .
GPIOE4 0x0010 .
GPIOE5 0x0020 .
GPIOE6 0x0040 .
GPIOE7 0x0080 .

Fpin + 0xa bit Description 5
GPIOF0 0x0001 USB related - it's set to 0 before checking status -maybe USB reset?
GPIOF1 0x0002 .
GPIOF2 0x0004 .
GPIOF3 0x0008 .
GPIOF4 0x0010 .
GPIOF5 0x0020 .
GPIOF6 0x0040 .
GPIOF7 0x0080 .

Gpin + 0xc bit Description 6
GPIOG0 0x0001 USB detected
GPIOG1 0x0002 GPIOG0 should be high too)
GPIOG2 0x0004 .
GPIOG3 0x0008 .
GPIOG4 0x0010 .
GPIOG5 0x0020 .
GPIOG6 0x0040 .
GPIOG7 0x0080 .

Hpin + 0xe bit Description 7
GPIOH4 0x0010 .
GPIOH5 0x0020 .
GPIOH6 0x0040 .
GPIOH7 0x0080 .

Some information from LiquidSilver:

The CPLD is accessed at virtual addres 0xbd000000

This is turning bluetooth on: 
001.251 0b6840c4: e1c230b2(strh) # bd000002=0000fff7 
007.004 781e9278: e1d230b2(ldrh) # bd000002==000000f7 
007.004 781e9280: e1c230b2(strh) # bd000002=000000ff 
007.044 781e9298: e1d400b6(ldrh) # bd000006==000000f4 
007.044 781e92ac: e1c400b6(strh) # bd000006=000000f4 
008.470 781e933c: e1d230b2(ldrh) # bd000002==0000ffff 
008.470 781e9348: e1c230b2(strh) # bd000002=0000fff7 
008.519 781e9278: e1d230b2(ldrh) # bd000002==0000fff7 
008.519 781e9280: e1c230b2(strh) # bd000002=0000ffff 
008.540 781e9298: e1d400b6(ldrh) # bd000006==0000fff4 
008.540 781e92ac: e1c400b6(strh) # bd000006=0000fff4 
009.345 0b6842bc: e1d130b4(ldrh) # bd000004==000000f0 
009.345 0b6842c4: e1c130b4(strh) # bd000004=000000f0 
009.345 0b683fd8: 11d130b4(ldrh) # bd000004==000000f0 
009.345 0b683fe4: 11c130b4(strh) # bd000004=000000f1 
009.938 IRQS IRQ0: M2A_1(1)=1 
009.938 IRQS IRQ0: M2A_2(2)=1 
011.256 0b665c38: e1de30bc(ldrh) # bd00000c==0000fff1 
011.256 0b6653c4: e1d330bc(ldrh) # bd00000c==0000fff1 
011.256 0b665c38: e1de30bc(ldrh) # bd00000c==0000fff1 
and this is turning bluetooth off: 
009.037 0b6840bc: e1d230b2(ldrh) # bd000002==0000ffff 
009.037 0b6840c4: e1c230b2(strh) # bd000002=0000ffff 
009.651 781e933c: e1d230b2(ldrh) # bd000002==0000ffff 
009.651 781e9348: e1c230b2(strh) # bd000002=0000fff7 
009.718 0b6842bc: e1d130b4(ldrh) # bd000004==0000fff1 
009.718 0b6842c4: e1c130b4(strh) # bd000004=0000fff0 
010.073 IRQS IRQ0: M2A_2(2)=1 
017.451 IRQS IRQ0: M2A_1(1)=1 
017.451 IRQS IRQ0: M2A_2(2)=1 
017.451 IRQS IRQ0: M2A_2(2)=1 
019.042 0b665c38: e1de30bc(ldrh) # bd00000c==0000fff1 
019.042 0b6653c4: e1d330bc(ldrh) # bd00000c==0000fff1 
019.042 0b665c38: e1de30bc(ldrh) # bd00000c==0000fff1 

0xbd000002 is the CPLD group B register -bits 0-2 are the led control bit bit 3 is the bluetooth 32k clock. 
0xbd000004 is the CPLD group C register bit 0 is the bluetooth enable 
0xbd000000 is a virtual address the real address is 0x98000000 
0xbd00000c bit 0 is a charging bit I think. 
I think on Nike only the first 4 bits of each CPLD group are really used. 
Haret incorrectly reports the GPIO pin numbers for example 
010.296 GPIOS out3: out3-8(104)=1 
010.296 GPIOS in3: in3-8(264)=1 
are the same pin. Haret thinks every bit from the base of an address is a GPIO pin. Thus out3-8 is (3*32)* 8 = 104. 
 This is not the mapping but you can find the mapping in GPIO.c in the android source. For the record out3-8 is GPIO pin 76. 
Haret GPIO tracing is only tracing the MSM7200 GPIOs. The CPLD GPIOs have to be traced by watching accesses to address 0xbd000000 - 0xbd000014. 
Android labels the first CPLD GPIO as GPIO 128. The cpld GPIO numbers are linearly mapped to the bits in the address. Thus 0xbd000002 is GPIO 136. 
The haret documentation details how to get haret running and make traces. 
I used the package in the obtaining haretconsole section connect to haret. 

Back to the Niki main page or Back to Niki Android