NAND Memory Layout: Difference between revisions

From Hackspire
Jump to navigation Jump to search
(clarify bootdata, separate diags from its results)
(document TI-84+ stuff and default LCD contrast in bootdata)
Line 10: Line 10:
** Offset 08-0F: Seems to hold the press-to-test status (word, word, long word)
** Offset 08-0F: Seems to hold the press-to-test status (word, word, long word)
** Offset 10-13: If nonzero, BOOT1 will attempt to run DIAGS by default; if zero, it will skip straight to BOOT2. (Either behavior can be overridden with the Esc+Menu+G key combination.)
** Offset 10-13: If nonzero, BOOT1 will attempt to run DIAGS by default; if zero, it will skip straight to BOOT2. (Either behavior can be overridden with the Esc+Menu+G key combination.)
** Offset 14-1A: TI-84 Plus emulator 0A1 certificate field
** Offset 1B-1E: TI-84 Plus emulator 041 certificate field
** Offset 1F-61: TI-84 Plus emulator 0A2 certificate field
** Offset 64-67: (OS 1.6+) Default LCD contrast (if not in range from 0x76 to 0x8A, assumed to be 0x80)
* pages 0B00 to 0F7F: diags software
* pages 0B00 to 0F7F: diags software
* pages 0F80 to 0FFF: diags test results
* pages 0F80 to 0FFF: diags test results

Revision as of 01:04, 4 April 2011

NAND Flash

NAND pages are 528-bytes long (512 + 16-bytes header)

  • pages 0000 to 001F: written to /phoenix/manuf.dat at each boot
  • pages 0020 to 0A7F: boot2 image
  • pages 0A80 to 0AFF: "bootdata" (every time this is modified, the next available page is used; if all 128 pages are in use, then the whole area is erased first)
    • Offset 00-03: Marker AA C6 8C 92
    • Offset 04-07: Downgrade protection: minimum OS version allowed as a 4-bytes word (major-minor-lower1-lower2). Written during OS installation with the value found in the second field 8020 of the OS upgrade file
    • Offset 08-0F: Seems to hold the press-to-test status (word, word, long word)
    • Offset 10-13: If nonzero, BOOT1 will attempt to run DIAGS by default; if zero, it will skip straight to BOOT2. (Either behavior can be overridden with the Esc+Menu+G key combination.)
    • Offset 14-1A: TI-84 Plus emulator 0A1 certificate field
    • Offset 1B-1E: TI-84 Plus emulator 041 certificate field
    • Offset 1F-61: TI-84 Plus emulator 0A2 certificate field
    • Offset 64-67: (OS 1.6+) Default LCD contrast (if not in range from 0x76 to 0x8A, assumed to be 0x80)
  • pages 0B00 to 0F7F: diags software
  • pages 0F80 to 0FFF: diags test results
  • pages from 1000: factory images or filesystem

Factory images

At startup, boot2 checks the NAND flash for a pre-loaded factory image. The format is a 32-byte header followed by the .tnc/.tno file contents:

  • Offset 00-13: String "***PRELOAD_IMAGE***"
  • Offset 14-17: 55 F0 01 55
  • Offset 18-1B: (unknown)
  • Offset 1C-1F: Size of image (in big-endian)

If boot2 finds this header, the user is prompted to press 'I' on the keypad. After that, the image is copied to RAM before creating the filesystem (The filesystem also starts at page 0x1000, so it cannot co-exist with a factory image), and is installed the same as if it had been received from the serial port.

Misc notes

32MB are available in the flash memory used for storage. As in other TI calculator models with flash memory, it is used to store both the Operating System and what was called the "archive memory" on the previous models (this term loses its sense with the TI-Nspire as we'll see).

The TI-Nspire OS advertises 27.8MB of what it calls "storage capacity", which is the flash memory which can be filled with TI-Nspire documents. The storage capacity of the TI-Nspire CAS is 24.4MB. Saved documents are always stored in the storage memory. Documents being edited probably have a working copy in RAM, copied to the storage memory when the document is saved. In the ~4300KB left on the TI-Nspire, we find the OS image (3020KB for the .tno), and 1280KB of perhaps certificates, parts of the boot code which wouldn't be stored in the NOR flash (although 512KB seems more than enough for a boot code), and more... On the TI-NSspire CAS, ~7782KB are left for this. The OS image (.tnc) is 2577.5KB, which leaves 5204.5KB for the unknown part.

The Handheld Status dialog shows 5.7MB of "spaced used" on the TI-Nspire after a reset (i.e without any documents in memory), and 3.4MB on the TI-Nspire CAS. The system space of the TI-Nspire contains at least 1.57MB of archive memory + 24KB of RAM for the TI-84 Plus emulation, or even the whole ROM image (certificates, boot code, OS code and archive memory, 2MB + 24KB of RAM). This last option seems possible since the difference between the "spaced used" of the TI-NSpire and the TI-Nspire CAS is 2.3MB. We are not sure about the remaining 4.11MB/3.68MB. It is clear that the archive memory and the RAM of the TI-84 Plus is stored in flash memory at shutdown and not kept in RAM because they survive a keypad swap and battery replacement.

Since 32MB of RAM is available, which is quite a lot, the whole OS code is decrypted from the OS image and copied to RAM at boot time, when the message "Loading Operating System..." is displayed during ~8 seconds. The RAM is also used as temporary storage transparently for the user as described above.