How to execute ROM Basic after it was disabled via efuse?

[HermannSW]

Hi,

I am new to this forum, but used ESP32 dev board with built in OLED a lot (via Arduino IDE):
https://forum.arduino.cc/index.php?topic=495555.0

From this Hackaday posting I learned about ESP32 ROM Basic:
https://hackaday.com/2016/10/27/basic-i ... 2-silicon/

I tried what was described there, GPIO12 to high and Reset, but this did not start ROM Basic.
Searching for a reason I found this recent forum thread that ROM Basic is planned to be disabled via efuse:
viewtopic.php?t=2799

I tried the mentioned TinyBasic where ESP32 Basic seems to be derived from, and it works on my ESP32.
But it misses all the cool IODIR, IOGET, IOSET, ... commands.

Some questions:

• I bought my first ESP32 dev boards back in July, is the efuse change already done on them?
• if not, what can be reason for not being able to get into ROM Basic?
  (tried with Arduino IDE Serial monitor as well as minicom)
• what is the ROM entry address of Basic interpreter?
  Back in 1982 on ZX81 we did sys calls into ROM, or "sys 16514" to call machine code in first Basic REM line.
• is it possible to call into ROM Basic say from an Arduino sketch, or otherwise?
• is ROM Basic source code accessible somewhere?

Reason I want ROM Basic is to use it as kind of a (HW) debugging shell:

• on Arduinos I use http://bitlash.net/
• for Raspberry Pi Zero I use my Android as Terminal https://www.raspberrypi.org/forums/view ... 6&t=196057 for shell
• for ESP32 I would like to use ROM Basic (regardless how, GPIO12+reset or called from an application) as shell

Hermann.

[ESP_Sprite]

GPIO12 actually isn't that great of a way to get into Basic... it sets the flash voltage to 1.8V which usually makes the flash malfunction, which makes the bootloader read the program wrong and fall through to BASIC. You may have more success grounding e.g. the CMD pin. But you are also right in that the BASIC console is disabled in ATE or when you first boot an ESP-IDF program and haven't explicitly disabled the burning of this fuse in ESP-IDF, making this all fail.

Unfortunately, it is quite impossible to just call the basic interpreter in ROM when the fuse is blown: to stop people trying to glitch the chip from using it as a springboard to read out protected flash, the code itself also checks the fuse and refuse to work if it is. (You can check this out yourself: the entry point for the interpreter is at 0x4005a980)

If there's more interest in this, I can see if I can dig up the sources to the thing and ask around if it's okay to release it. Don't hold your breath for anything soon, however.

[WiFive]

If you don't mind flashing a firmware you could try (one of the) micropython ports with REPL.

It might be fun to have a rom basic stub for esptool though (weekend project for Sprite).

[HermannSW]

Thanks for your detailed response.

GPIO12 actually isn't that great of a way to get into Basic...

Good to know.

You may have more success grounding e.g. the CMD pin.

Which CMD pin do you refer to, SD_CMD?


May it be the CM pin on left middle of ESP32 CPU?
https://www.banggood.com/Wemos-Lolin-ES ... 48119.html

If there's more interest in this, I can see if I can dig up the sources to the thing and ask around if it's okay to release it. Don't hold your breath for anything soon, however.

That would be great!

[HermannSW]

If you don't mind flashing a firmware you could try (one of the) micropython ports with REPL.

Do you have a link?
Will it be possible after flashing micropython firmware, to use that board with Arduino IDE/arduino-esp32 afterwards?
Do I have to flash with esptool? (I did that long ago when I played with ESP-8266s)

[WiFive]

https://micropython.org/download/#esp32

Yes you can flash Arduino firmware afterwards.

Gpio11 is cmd
http://www.pighixxx.com/test/wp-content ... pinout.png
It does seem like it is routed to cm pin on that board for whatever reason

[HermannSW]

I tried CM pin and was not able to start Basic.
When I connect GND and CM pin, the currently running application stops sending output
(GetChipID sketch with esp32-arduino, with change of '\n' to '\r\n' for minicom).
Then, when I trigger reset pi, endless reboot messages happen (in minicom).
I tried pressing Enter key, but nothing happened, endless reboot messages.
When I disconnected CM and GND, the Ardunio sketch started to run again:

Code: Select all

...
ets Jun  8 2016 00:22:57                                                       
                                                                               
rst:0x10 (RTCWDT_RTC_RESET),boot:0x17 (SPI_FAST_FLASH_BOOT)                    
flash read err, 1000                                                           
ets_main.c 371                                                                 
ets Jun  8 2016 00:22:57                                                       
                                                                               
rst:0x10 (RTCWDT_RTC_RESET),boot:0x17 (SPI_FAST_FLASH_BOOT)                    
configsip: 0, SPIWP:0xee                                                       
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00        
mode:DIO, clock div:1                                                          
load:0x3fff0010,len:4                                                          
load:0x3fff0014,len:588                                                        
load:0x40078000,len:0                                                          
load:0x40078000,len:10472                                                      
entry 0x40078a28                                                               
ESP32 Chip ID = 40980BA4AE30                                                   
ESP32 Chip ID = 40980BA4AE30                                                   
ESP32 Chip ID = 40980BA4AE30                                                   
ESP32 Chip ID = 40980BA4AE30                                                   
ESP32 Chip ID = 40980BA4AE30  
...

So what are the steps to enter ROM Basic after flushing micropython?

[WiFive]

No what I meant was use the micropython shell to run your debug commands instead of using rombasic

[HermannSW]

No what I meant was use the micropython shell to run your debug commands instead of using rombasic

Thanks, I will try micropython shell later after having success with ROM Basic.

(You can check this out yourself: the entry point for the interpreter is at 0x4005a980)

Thanks for the ROM entry address. I have done assembler programming in the past, but never for ESP8366 or ESP32. So I created an Arduino sketch with simple Serial output, compiled and run it with Arduino IDE, then looked up the gcc line compiling the sketch in Arduino IDE, and executed again with "-c" replaced with "-S" for generating assembly. Looking up the assembly for my sketch below shows this in text section:

Code: Select all

...
.Ltext0:
        .section        .text._Z5setupv,"ax",@progbits
        .literal_position
        .literal .LC0, 134217756
        .literal .LC1, 115200
        .literal .LC2, Serial
        .literal .LC3, 1074112896
        .align  4
        .global _Z5setupv
        .type   _Z5setupv, @function
_Z5setupv:
...

.LC3 is the constant I printed in the sketch (the entry point of ROM Basic):

Code: Select all

void setup() {
  Serial.begin(115200);
  Serial.println(0x4005a980); // .LC3
  asm("l32r a13, .LC3");
  asm("jx a13");
}

void loop() {
}

The first asm line copies ROM Basic entry address into register a13, the second asm line just jumps there. And it partially works!


But if I enter any command (like PRINT) and click send, 6 Ps get added to output.
So Arduino IDE Serial Monitor seems to have a problem.

Next I tried minicom, but with that I only see initial message, any input I did had no response:

Code: Select all

Welcome to minicom 2.3

OPTIONS: I18n 
Compiled on Oct  7 2016, 03:07:56.
Port /dev/ttyUSB0

                 Press CTRL-A Z for help on special keys
                                                    
ets Jun  8 2016 00:22:57                            
                                                    
rst:0x1 (POWERON_RESET),boot:0x17 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:1
load:0x3fff0010,len:4
load:0x3fff0014,len:588
load:0x40078000,len:0
load:0x40078000,len:10472
entry 0x40078a28
1074112896
Falling back to built-in command interpreter.
OK
>

I think I am nearly done. In hackaday article it was stated:

Set your terminal program up to send only a linefeed at the end of each line and you’re off!

So maybe I have incorrect settings wrt with minicom?
I tried all 4 possibilites (nothing, CR only, LF only, both) in Arduino IDE Serial monitor, that made no difference.
Or is there a principal problem entering ROM Basic from sketch with "jx" command?

[ESP_Sprite]

The thing is that esp-idf massages the UART in such a way that ROM BASIC has problems using it.

You can work around this by starting a new esp-idf project, and add in your app_main.c this:

Code: Select all

typedef void(*start_tb_console_fn)();

void IRAM_ATTR start_cpu0() {
	start_tb_console_fn start_tb_console=(start_tb_console_fn)0x4005a980;
	start_tb_console();
}

void app_main() {
}

What you will get, however, is that ROM BASIC accepts one command, but then hangs because the check for the BASIC-disable-fuse fails.