It looks like the reason I couldn't figure out what I'd done to break this is that I hadn't: the IXUS 240 port this is based on has the exact same crash when booted using firmware update.
It won't help much, but it's now known what Eeko is: a secondary ARM CPU in the DIGIC, that (when it's activated) can access (approximately) the same memory (RAM, ROM) as the main ARM core. Source of information is the
ML forum.
In this camera it appears to be used for some touchscreen related calculations, firmware blobs start at offset 0xda0000 in the dump.
It's possible that the firmware does not expect that core to be active and does not initialize it properly (there are similar problems on several DIGIC 6 ports).
- I need to override the SD card door open check somehow to make diskboot usable.
- finsig didn't find the keytable entries for zoom in/out for some reason.
Locate this section in core/gui_osd.c
// debug keymap, KEYS_MASKx, SD_READONLY_FLAG, USB_MASK and uncomment it to get a permanent display of physw_status words.Then, write down their values when cam is idle (some bits can fluctuate, it's normal), then press the missing buttons and move the card door to find the missing bits.
*- The overlay seems to clash with the one used by the native firmware to show the current focus spot. CHDK-overlaid content glitches and doesn't show up properly in the area where it appears.
This one's "normal", we still can't integrate into the firmware's display routines.
edit:
* I think the card door bit/index is found by sigfinder as
//#define BATTCOVER_FLAG 0x00400000 // Found @0xff5bb4a4, levent 0x205
//#define BATTCOVER_IDX 1
