In the bootloader of an old android tablet, I found a block of code that disables the mmu, then remaps the peripheral port (a transfer to supervisor mode occurs, but isn't shown).
ROM:00000064 MOV R0, #0 ; r0 = 0
ROM:00000068 MCR p15, 0, R0,c7,c7, 0 ; invalidate instruction and data cache
ROM:0000006C MCR p15, 0, R0,c8,c7, 0 ; invalidate tlb
ROM:00000070 MRC p15, 0, R0,c1,c0, 0 ; load the control register
ROM:00000074 BIC R0, R0, #0x2300 ; clear s, r, and v bits (mmu protection disabled, rom protection disabled, select normal exception vector location)
ROM:00000078 BIC R0, R0, #0x87 ; clear m, a, c, and b bits (disable mmu, disable strict alignment fault checking, disable data cache, little endian operation)
ROM:0000007C ORR R0, R0, #2 ; set bit a (enable strict alignment fault checking)
ROM:00000080 ORR R0, R0, #0x1000 ; set bit I (enable level one instruction cache)
ROM:00000084 MCR p15, 0, R0,c1,c0, 0 ; update control register
ROM:00000088 MOV R0, #0x70000013 ; physical address = 0x70000, region size = 256M
ROM:00000090 MCR p15, 0, R0,c15,c2, 4 ; peripheral port remapped
I don't really understand how remapping the peripheral port works.
Page 3-131 of the ARM1176JZF-S Technical Reference Manual explains how the register works.
Bits [31:12] set the physical address of the peripheral port (if the mmu is disabled) and bits [4:0] determine the region size.
The selected physical address has to be aligned to region size. I don't really understand what this means.
Given only 20 bits of address space ([31:12]), how do you align to a region size of 256M?
In the case of the above code, what is the actual physical address of the peripheral port after the command has been executed?
