Hello,
I am targeting the i.MX25. I am writing a Linux driver to replace the unsupported advanced toolkit flash tool (Serial Downloader Protocol/USB).
I have the old scripts available to successfully erase and flash an in-field unit on Windows XP only. In an attempt to better understand the sequences of commands to erase and write flash, I put a packet sniffer on the bus. I was surprised to find the use of an undocumented command (starting with 0x0606). Without it, the command sequences fail.
These commands appear to be formatted differently after the first two command bytes. For example, the process of writing a rom file to flash starts out with a sequences of 16 bytes commands that appear to start the process.
The last of which is 06 06 00 05 00 00 00 00 00 20 00 00 00 01 00 00. I believe bytes 4-7 are the image offset (the image is sent in 0x20_0000 chunks), and bytes 8-11 the number of bytes the target device should expect, and byte 13 has something to do with device-side image verification.
This varies from the SDP, where the target address is bytes 2-5, and size is bytes 7-10. Perhaps these 0x0606 commands are legacy commands that exist in older documentation? If so, I haven't been able to find it.
I have an idea of how some of these command are used. I'm still clueless with most. I don't understand the details of what each are, and how to determine success/failure, etc. I will feel much more confident in this new driver if I could find the documentation for these commands starting with 0x0606. I don't know where else to look. So...what do you know that I don't?
Thanks in advanced!
Stephen
