Project

General

Profile

Actions

BCM4751 » History » Revision 8

« Previous | Revision 8/33 (diff) | Next »
Denis 'GNUtoo' Carikli, 08/13/2012 01:28 AM


Broadcom4751GPS

Files

The non-free files holding the GPS infos/code are the following:

/system/vendor/bin/gpsd
/system/vendor/lib/hw/gps.s5pc110.so
/system/vendor/etc/gps.xml
/system/etc/gps.conf

Protocol

Apparently, the protocol that is used by the chip to provide the GPS infos is MEIF. The GPSD component is in charge of translating that to standard NMEA that is sent to the gps.s5pc110.so lib via the /dev/socket/gps Unix socket, created by GPSD.

Attempts

We have written code to read data from the correct serial interface: https://gitorious.org/replicant/crespo-gps-utils

It currently doesn't work: it fails to somehow boot the chip. Though, it works after starting gpsd once and stopping it. It must be doing some kind of magic code to start the chip.

Related gps.xml parameters

We have tried to change some parameters in gps.xml to see how it behaves:

Parameter Original Changed to Result
acPortName /dev/s3c2410_serial1 /dev/s3c2410_serial42 The chip wasn't "booted"
gpioNStdbyPath /sys/class/sec/gps/GPS_PWR_EN/value /sys/class/sec/gps/GPS_PWR_EN/value2 The chip was booted
gpioNResetPath /sys/class/sec/gps/GPS_nRST/value /sys/class/sec/gps/GPS_nRST/value2 The chip was booted

After all, it seems that when the gpsd binary is running without the gps.s5pc110.so library, the chip isn't started (our test utility doesn't work) whereas when the library is running and connects to the socket when it is created by starting gpsd, the chip is booted. The init code is probably in gps.s5pc110.so then.

Things to try:
  • intercept what is going on through the /dev/socket/gps socket
  • emulate gpsd to the lib

Tracing the HAL that will run the library

Piece of the trace that actually makes the gps chip available:

536   syscall_983045(0x100fff00, 0xa798, 0, 0x40, 0x100fff00, 0x80003b51, 0x800082e0, 0xf0005, 0x10000000, 0x80003b51, 0x100000, 0x1, 0, 0x100ffee8, 0xafd11e24, 0xafd0c81c, 0x60000010, 0x100fff00, 0x2f028, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) = 0
536   ipc_subcall(0x2, 0xa798, 0, 0x40) = 12
536   fcntl64(5, F_GETFL)               = 0x2 (flags O_RDWR)
536   fcntl64(5, F_SETFL, O_RDWR|O_NONBLOCK) = 0
536   semop(0xc, 0x1, 0x5, 0x100ffe70)  = 0
536   fcntl64(3, F_GETFL)               = 0x2 (flags O_RDWR)
536   fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
536   semop(0xc, 0x1, 0x3, 0x100ffe70)  = 0
536   semget(0xc, 0x100ffea0, 0x2, 0xffffffff <unfinished ...>

syscall_983045 = __NR_ARM_set_tls
the function to use is: __set_tls

Random notes with the new utility program

echo -n "ab" > /dev/s3c2410_serial1

produces:
Read 14 bytes:
[0000]   49 27 01 00 10 00 40 00   07 00 58 00 49 D0         I....... ..X.I.
Read 14 bytes:
[0000]   49 27 01 00 10 00 41 00   07 00 59 00 49 D0         I.....A. ..Y.I.
* The only thing that changes seem to be the 40->41 and the 58->59, so theses seem to be something like a sequence number....

Updated by Denis 'GNUtoo' Carikli over 11 years ago · 8 revisions

Also available in: PDF HTML TXT