I saw the presentation on “Custom Hardware Modeling for FPGAs and Embedded Linux Platforms with QEMU” via
http://free-electrons.com/pub/video/2010/elc/elc2010-williams-iglesias-fpga-qemu.ogv and was trying to apply the concepts described against our custom board design, and defining the board using dts. I haven't been able to really get far and was looking for some guidance if this is the right direction.
The mcu is a cortex-m4 (Atmel)
The target firmware is running an RTOS (not Linux)
QEMU emulator version 2.7.50 (v2.7.0-1890-g83c83f9-dirty)
Copyright (c) 2003-2016 Fabrice Bellard and the QEMU Project developers
It's my understanding that the dtb option passes a file that includes details of the machine that qemu can use to map out peripherals for it without having to compile the machine into qemu - is this a misunderstanding?
When attempting to boot the image with QEMU:
qemu-system-arm \
-M none \
-m 2 \
-cpu cortex-m4 \
-dtb ourBoardDesignAsDeviceTree.dtb \
-kernel ourFirmwareBoorLoader.bin \
-no-reboot \
-nographic \
-S \
-singlestep \
-gdb tcp::4445 \
-serial tcp::4444,server \
-d out_asm,in_asm,op,op_opt,op_ind,int,exec,cpu,mmu,pcall,cpu_reset,unimp,guest_errors,page,nochain,trace:cpu_set_state,trace:cpu_halt,trace:cpu_unhalt,trace:arm_gt_recalc,trace:arm_gt_recalc_disabled,trace:arm_gt_cval_write,trace:arm_gt_tval_write,trace:arm_gt_ctl_write,trace:arm_gt_imask_toggle,trace:arm_gt_cntvoff_write \
-D qemu-debug.log \
-monitor none
When I attempt to connect to qemu from gdb the qemu instance segfaults.
Is there additional debug that would help me in getting our firmware to run under qemu? Is this not feasible without code changes to QEMU? How do I map serial flash to a file?
My goal is to intercept interaction from the MCU to our transceiver and simulate communication from and to multiple instances of our firmware.
Thanks in advance for any assistance.