Issue with custom firmware using ESP32
EleazarLibelium opened this issue · comments
Hi, we have a firmware that we deployed on some physical devices that we would like to virtualise for testing purposes.
For this, we have used version 4.1.1 of the esp-idf library by which we have generated the binary file used to flash our devices, indicating the correct memory addresses of each binary.
After this, we copied the final binary to the docker container using the -v option and when trying to run the command qemu-system-xtensa -nographic -M esp32 -m 4 -drive file=flash.bin,if=mtd,format=raw -nic user,model=open_eth,hostfwd=tcp::80-:80 it shows the following error:
root@33b6d4ca5ebf:~#qemu-system-xtensa -nographic -M esp32 -m 4 -drive file=/root/flash.bin,if=mtd,format=raw -nic user,model=open_eth,hostfwd=tcp::80-:80
Adding SPI flash device
qemu-system-xtensa: Error: only 2, 4, 8, 16 MB flash images are supported
qemu-system-xtensa: -drive file=/root/merged_flash/flash.bin,if=mtd,format=raw: machine type does not support if=mtd,bus=0,unit=0This error is when we remove the if=mtd part:
root@33b6d4ca5ebf:~# qemu-system-xtensa -nographic -M esp32 -m 4 -drive file=/root/flash.bin,format=raw -nic user,model=open_eth,hostfwd=tcp::80-:80
Not initializing SPI Flash
ets Jul 29 2019 12:21:46
rst:0x1 (POWERON_RESET),boot:0x12 (SPI_FAST_FLASH_BOOT)And get stuck there forever until we press Ctrl+A, X
This is the modified flash.sh to generate the final bin:
#!/bin/bash
if [ -z "$1" ]
then
echo "eg: flash.sh application.bin"
exit
fi
set -x
export FIRMWARE_PATH=$(dirname "$1")
dd if=/dev/zero bs=1M count=4 of=./flash.bin
dd if="$FIRMWARE_PATH/bootloader/bootloader.bin" bs=1 count=$(stat -c%s "$FIRMWARE_PATH/bootloader/bootloader.bin") seek=$((16#1000)) conv=notrunc of=./flash.bin
dd if="$FIRMWARE_PATH/partition_table/partition-table.bin" bs=1 count=$(stat -c%s "$FIRMWARE_PATH/partition_table/partition-table.bin") seek=$((16#8000)) conv=notrunc of=./flash.bin
dd if="$FIRMWARE_PATH/ota_data_initial.bin" bs=1 count=$(stat -c%s "$FIRMWARE_PATH/ota_data_initial.bin") seek=$((16#a000)) conv=notrunc of=./flash.bin
dd if="$FIRMWARE_PATH/custom-esp32.bin" bs=1 count=$(stat -c%s "$FIRMWARE_PATH/custom-esp32.bin") seek=$((16#870000)) conv=notrunc of=./flash.bin
dd if=$1 bs=1 count=$(stat -c%s "$1") seek=$((16#10000)) conv=notrunc of=./flash.binInitially, we thought the problem might be related to the binary file size, which was 10.1MB, so we generated a much smaller one of 2.2MB, but the problem is the same.
Thank you very much for your time
Hi.
Did you tried aligning your firmware image?
Another thing you might do is to check whether or not the QEMU compilation flags on the Dockerfile are suited for the requirements of your custom firmware.
Hi again, thanks for your reply.
Did you tried aligning your firmware image?
It was indeed a problem with the alignment of the firmware image, once we set the binary size to 16MB we got it to read and boot the emulation.
Another thing you might do is to check whether or not the QEMU compilation flags on the Dockerfile are suited for the requirements of your custom firmware.
I'm not sure if any changes are needed to the Qemu build parameters in the Dockerfile, what we did do was modify the sdkconfig file to match the firmware requirements.
The problem we now face is the following:
I (01:00:05.236) [connectivitymanager.c]: Event: ATTACH_TO_NETWORK (Heap: 71812 - MinHeap: 71808)
I (01:00:05.237) [connectivitymanager.c]: GSM is disabled. Searching WiFi Stations to connect
I (11917) wifi:wifi driver task: 3ffc928c, prio:23, stack:3584, core=0
I (01:00:05.443) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE
I (01:00:05.446) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE
I (14037) wifi:wifi firmware version: 96c2870
I (14037) wifi:config NVS flash: enabled
I (14037) wifi:config nano formating: disabled
I (14037) wifi:Init data frame dynamic rx buffer num: 32
I (14037) wifi:Init management frame dynamic rx buffer num: 32
I (14037) wifi:Init management short buffer num: 32
I (14037) wifi:Init static tx buffer num: 16
I (14047) wifi:Init static rx buffer size: 1600
I (14047) wifi:Init static rx buffer num: 10
I (14047) wifi:Init dynamic rx buffer num: 32
I (01:00:07.566) wifi_init: rx ba win: 16
I (01:00:07.571) wifi_init: tcpip mbox: 32
I (01:00:07.572) wifi_init: udp mbox: 6
I (01:00:07.572) wifi_init: tcp mbox: 6
I (01:00:07.573) wifi_init: tcp tx win: 5744
I (01:00:07.573) wifi_init: tcp rx win: 5744
I (01:00:07.573) wifi_init: tcp mss: 1440
I (14147) wifi:Set ps type: 2
I (01:00:07.668) phy_init: phy_version 4670,719f9f6,Feb 18 2021,17:07:07
W (01:00:07.669) phy_init: failed to load RF calibration data (0x1102), falling back to full calibration
Guru Meditation Error: Core 0 panic'ed (LoadStorePIFAddrError). Exception was unhandled.
Core 0 register dump:
PC : 0x40171c82 PS : 0x00060630 A0 : 0x8010da8c A1 : 0x3ffef560
A2 : 0x60033c00 A3 : 0x3fffa524 A4 : 0x00000002 A5 : 0x3ffb351c
A6 : 0x3f4207d8 A7 : 0x3fffac98 A8 : 0x00000000 A9 : 0x3ffef530
A10 : 0x00000000 A11 : 0x3ffef596 A12 : 0x00000008 A13 : 0x00000000
A14 : 0x3ffc32a4 A15 : 0x00000057 SAR : 0x00000000 EXCCAUSE: 0x0000000f
EXCVADDR: 0x60033c00 LBEG : 0x4000c46c LEND : 0x4000c477 LCOUNT : 0xffffffff
ELF file SHA256: e084d92e51ab802d
Backtrace: 0x40171c7f:0x3ffef560 0x4010da89:0x3ffef590 0x4010db5d:0x3ffef5c0 0x401527f5:0x3ffef5e0 0x40152ead:0x3ffef600 0x4015221b:0x3ffef620 0x40168375:0x3ffef640
Rebooting...We will have to put more effort into Wifi virtualisation, as our hardware does not have an Ethernet connection (I haven't found much information on this, but I think it is impossible to map the physical Wifi card to Qemu).
Thank you again for you time, regards
Ok. You might want to keep an eye on Ebiroll's repo for some news on that front.
If you feel the issue can be closed, please do.
Thank you.