Changes

807 bytes added ,  20:31, 15 June 2016
Fixed up the formatting
Line 1: Line 1: −
The 3DS utilizes an onboard ARM7 core to handle TWL_FIRM and AGB_FIRM's ARM7 requirements. This is due to the fact that much of the hardware used by both ARM7 and ARM9 is (evidently) not physically hooked up to ARM11. Thus, ARM11 cannot simply emulate ARM7.
+
The 3DS utilizes an onboard ARM7 core to handle <code>TWL_FIRM</code> and <code>AGB_FIRM</code>'s ARM7 requirements. This is due to the fact that much of the hardware used by both ARM7 and ARM9 is (evidently) not physically hooked up to ARM11. Thus, ARM11 cannot simply emulate ARM7.
   −
ARM7 has the AGB BIOS implemented in hardware. The BIOS is completely identical to the original AGB BIOS. The system is booted silently by calling SWI 0x1 (RegisterRamReset), followed by jumping to the code that does SWI 0x0 (SoftReset) to finish booting. The boot splash is still in BIOS, however, and can be seen by calling (or replacing one of the previous interrupts with) SWI 0x26 (HardReset).
+
ARM7 has the GBA BIOS implemented in hardware. The BIOS is completely identical to the original GBA BIOS. The system is booted silently by calling <code>SWI 0x1</code> (a.k.a. <code>RegisterRamReset</code>), followed by jumping to the code that does <code>SWI 0x0</code> (a.k.a. <code>SoftReset</code>) to finish booting. The boot splash is still in BIOS, however, and can be seen by calling or replacing one of the previous interrupts with <code>SWI 0x26</code> (a.k.a. <code>HardReset</code>).
= Registers =
+
 
 +
==Registers==
 
ARM9 interfaces with the ARM7 through the following registers:
 
ARM9 interfaces with the ARM7 through the following registers:
{| class="wikitable" border="1"
+
 
 +
{| class="wikitable"
 
|-
 
|-
! Name
+
! Type
! Address
+
! Address
! Width
+
! Name
 +
! Size (bytes)
 
|-
 
|-
| ARM7_CNT
+
| <code>u8</code>
| 0x10018000
+
| <code>0x10018000</code>
| 0x1
+
| <code>ARM7_CNT</code>
 +
| 1
 
|-
 
|-
| ARM7_CODE
+
| ''Unknown''
| 0x10018080
+
| <code>0x10018080</code>
| ?
+
| <code>ARM7_CODE</code>
 +
| ''?''
 
|-
 
|-
| ARM7_SAVE_MODE
+
| <code>u16</code>
| 0x10018100
+
| <code>0x10018100</code>
| 0x2
+
| <code>ARM7_SAVE_MODE</code>
 +
| 2
 
|-
 
|-
| ARM7_?_CNT
+
| <code>u16</code>
| 0x10018104
+
| <code>0x10018104</code>
| 0x2
+
| <code>ARM7_?_CNT</code>
 +
| 2
 
|-
 
|-
| ARM7_RTC_CNT?
+
| <code>u16</code>
| 0x10018108
+
| <code>0x10018108</code>
| 0x2
+
| <code>ARM7_RTC_CNT?</code>
 +
| 2
 
|-
 
|-
| ?
+
| <code>u32</code>
| 0x10018110
+
| <code>0x10018110</code>
| 0x4
+
| <code>?</code>
 +
| 4
 
|-
 
|-
| ?
+
| <code>u32</code>
| 0x10018114
+
| <code>0x10018114</code>
| 0x4
+
| <code>?</code>
 +
| 4
 
|-
 
|-
| ARM7_RTC_LO?
+
| <code>u32</code>
| 0x10018118
+
| <code>0x10018118</code>
| 0x4
+
| <code>ARM7_RTC_LO?</code>
 +
| 4
 
|-
 
|-
| ARM7_RTC_HI?
+
| <code>u32</code>
| 0x1001811C
+
| <code>0x1001811C</code>
| 0x4
+
| <code>ARM7_RTC_HI?</code>
 +
| 4
 
|-
 
|-
| ARM7_SAVE_CFG
+
| <code>arm7_save_cfg_t</code>
| 0x10018120
+
| <code>0x10018120</code>
| 0x10
+
| <code>ARM7_SAVE_CFG</code>
 +
| 16
 
|}
 
|}
   −
== ARM7_CNT ==
+
===ARM7_CNT===
This seems to control the mode of the ARM7. 1 = TWL, 2 = AGB.
+
This seems to control the mode of the ARM7. 1 = TWL, 2 = GBA.
   −
== ARM7_CODE ==
+
===ARM7_CODE===
This is the first code that will be run after execution begins. TwlProcess9 uses this to put ARM7 in a loop (TWL), and to set the POSTFLG and branch to more copied code (AGB).This doesn't seem to start execution by itself.
+
This is the first code that will be run after execution begins. <code>TwlProcess9</code> uses this to put ARM7 in a loop (TWL), and to set the <code>POSTFLG</code> and branch to more copied code (GBA).This doesn't seem to start execution by itself.
   −
== ARM7_SAVE_MODE ==
+
===ARM7_SAVE_MODE===
 
This tells the save storage emulation hardware which device type to emulate (EEPROM, 512k flash, and SRAM are all that have been spotted). This comes directly from the [[3DS_Virtual_Console#Footer|ROM footer]].
 
This tells the save storage emulation hardware which device type to emulate (EEPROM, 512k flash, and SRAM are all that have been spotted). This comes directly from the [[3DS_Virtual_Console#Footer|ROM footer]].
   −
== ARM7_RTC(?) ==
+
===ARM7_RTC ''?''===
These registers may be used to control a realtime clock. To set or read the data here, first ARM7_RTC_CNT's bit 15 is waited on. Next ARM7_RTC_CNT is set to zero.  
+
These registers may be used to control a real-time clock. To set or read the data here, first <code>ARM7_RTC_CNT</code>'s bit 15 is waited on. Next <code>ARM7_RTC_CNT</code> is set to zero.
 +
 
 +
For a write: the two registers are written, a 1 is written to <code>ARM7_RTC_CNT</code>, and it is waited on the same as before. Afterwards if bit 14 is not set in <code>ARM7_RTC_CNT</code>, the value was set successfully.
   −
For a write: the two registers are written, a 1 is written to ARM7_RTC_CNT, and it is waited on the same as before. Afterwards if bit 14 is not set in ARM7_RTC_CNT, the value was set successfully.
+
For a read: a 2 is written to <code>ARM7_RTC_CNT</code>, it's waited on again. Afterwards, if bit 14 is not set, the RTC can be read. Presumably the hardware can be re-enabled by writing a zero to <code>ARM7_RTC_CNT</code> at this point, but <code>AGB_FIRM</code> does not.
   −
For a read: a 2 is written to ARM7_RTC_CNT, it's waited on again. Afterwards, if bit 14 is not set, the RTC can be read. Presumably the hardware can be re-enabled by writing a zero to ARM7_RTC_CNT at this point, but AGB_FIRM does not.
+
===ARM7_SAVE_CFG===
 +
This is copied from rom footer + <code>0x10</code>. It presumably configures details about storage, such as IDs, and likely allows enabling the RTC for games which need it. Format of this data is unknown, and slightly difficult to determine without some hardware poking.
   −
== ARM7_SAVE_CFG ==
+
==Memory map==
This is copied from rom footer + 0x10. It presumably configures details about storage, such as IDs, and likely allows enabling the RTC for games which need it. Format of this data is unknown, and slightly difficult to determine without some hardware poking.
+
The virtual memory mapping for the ARM7 is the same as for the [[Memory_layout#TWL_FIRM_Userland_Memory|other core]]. However, it has additional internal memory mapped to it. Interestingly enough, much of this memory seems to lie within ARM9's own internal memory.
   −
= Memory map =
+
* <code>0x08060000</code> → <code>0x03800000</code>, ARM7 WRAM (64KiB)
The virtual memory mapping for the ARM7 is the same as for the [[Memory_layout#TWL_FIRM_Userland_Memory|other core]]. However, it has additional internal memory mapped to it. Interestingly enough, much of this memory seems to lie within ARM9's own "internal memory."
+
* <code>0x080B0000</code> → <code>0x03000000</code>, GBA IWRAM (32KiB)
*0x08060000 -> 0x03800000, ARM7-WRAM (64KB)
+
* <code>0x080C0000</code> EEPROM/SRAM/Flash (<code>0x10018104</code> must be set to 1 before reading memory here, and restored to its previous value afterwards)
*0x080B0000 -> 0x03000000, GBA on-chip WRAM (32KB)
+
* <code>0x01FFC000</code> → <code>0x01000000</code>, ARM9 ITCM under TWL (16KiB)
*0x080C0000 -> EEPROM/SRAM/Flash (0x10018104 must be set to 1 before reading memory here, and restored to its previous value afterwards)
  −
*0x01FFC000 -> 0x01000000, ARM9 ITCM under TWL (16KB)