Early in the startup (just after stdio setup) it calls a function at 0xe051e07c which calls 0xe04f0d9c (this is FW 1.01a).
(...)
The store operation to 0xc1001f00 hangs the camera - I can blink the LED before this instruction; but not after.
Newest theory about this.
sub_e051e07c takes the second core from "parking" state. If I'm not wrong, it is set to resume running at the address of the diskboot (0x8000), as thumb.
This address is stored on stack (could be normal stack) of the previously running OS. edit2:
Doesn't matter, it is already in a register while the cpu waits.And guess what happened to the code at 0x8000 by the time this happens...
edit:
The updater obviously doesn't overwrite itself, so this method works there.
edit3:
Unblocking core1 works from loader (both cores blink), but not from platform (with ldr pc written to 0x8000 for core1). Todo: why? edit: Cause was an unnoticed indirect jump in boot().
edit4:
Core1 seems correctly freed when
- it is unlocked in loader,
- redirected to a temporary loop copied into a free spot in TCM
- and later freed again.
That core is then available (it can start the Startup task if the CreateTask is replaced with the core-specific CreateTask variant). Cam still powers off later (worth to mention that I have a different camera, so YMMV).