release
dev builds
extras
themes manual
wiki
device status forums
mailing lists
IRC bugs
patches
dev guide



Wiki > Main > SansaFuzePlusFirmware (compare)

Difference: SansaFuzePlusFirmware (r6 vs. r5)

Sansa Fuze+


This page will summarize important things about the Sans Fuze+ firmware. See SansaFuzePlus for more information about the device and SbFileFormat for more information about the format of the firmware.

All the content of this page specifically applies to the 1.30.01 firmware, although the majority of the information should apply to any firmware revision. This page uses a hierarchical structure: it is first divide in boot sections as extracted by the sbinfo tools. Then his section is divide in several subsection which correspond to the different elf files generated by the sbinfo tool.

Boot process

An important side note is about the firmware.sb file. It is, indeed split into three sections. However, one can notice that each section ends with a "jump" (See SbFileFormat). This means that there is no apparent way of executable a section which the first boot section. Disassembly of the last part of the boot section suggest that it loads something from the disk so perhaps the "play" and "host" section of firmware.sb are written on the disk and later loaded by the boot code depending on the usb connection. This would explain why the last part of the boot section shares so much code with "play" and "host" like SSP, threading, interrupt, ... (this is the exact same code). This code might also be involved in firmware updates.

To summarize, the boot process of the fuze+ is rather unclear for now.

First boot section ("____")

This section seems to be a kind of bootloader, in the sense that it does lots of initialisation. In the code seems quite generic, having support for several kinds of drams, lcds, ...

First elf file

This first elf file mainly contains power initilisation routines, probably to find the best power source. It also setup things like battery monitoring, brownout paths, ...

Second elf file

This second elf file mainly contains dram intialisation routines. It probably detects the kind of dram attached, setup clocks, EMI, ...

Third elf file

This third elf file also does some dram initialisation, as well as enable various clocks for peripheral likes CPU, SSP, GPMI, ...

Fourth elf file

The content of this file has been partially examined.

Fifth elf file

The content of this file has been partially examined. It seems to deal with lcd, debug uart, perhaps some ssp and peripheral (clocks, dram, emi, ...). It probably has to do with the actual loading of the fuze+ OF. It might also been involved in firmware updates.

Second boot section ("host")

First elf file

This part of the firmware seems to handle the connection to the host, in either USB MSC or MTP mode.

Third boot section ("play")

First elf file

The content of this file is still unknown.

Second elf file

The content of this file is still unknown.

Disassembly

The Fuze+ firmware is based on the ThreadX? RTOS. As such, it implements the ThreadX?API. As far as I have checked, this document perfect perfectly matches the code found in the firmware: ThreadX User Guide. The firmware also happen to be particularly complicated, involving lots of threading, DPC (deferred procedure code), lots of indirect layers and callbacks, which suggest that the code is a complete RTOS and has not been developed for the Fuze+.

-- AmauryPouly - 03 Dec 2010

r8 - 09 Jul 2011 - 00:33:33 - AmauryPouly

Revision r6 - 10 Mar 2011 - 12:02 - AmauryPouly
Revision r5 - 28 Dec 2010 - 22:32 - AmauryPouly
Copyright by the contributing authors.