[Prism54-devel] Prism54 development update

Denis Vlasenko vda at ilport.com.ua
Wed Aug 31 13:32:12 UTC 2005


[resend after subscribe to ml]

On Wednesday 31 August 2005 15:37, Sebastien wrote:
> Hello list!
> 
> First, Jean Baptiste and I are working on low-level hardware reverse 
> engineering, in order to write a new firmware from scratch. The project is 
> named "FreeMAC" ; the motivations are:
> - having high quality wireless hardware, with high quality drivers, running on 
> 100%-free software
> - making the firmware compatible with all the chipsets, regardless the chipset 
> was designed for FullMAC or SoftMAC (including GW3887 and ISL3886 with the 
> NET2280 hack). As far as I know, the only hardware difference between a 
> FullMAC and a SoftMAC chipset is that a SoftMAC chipset has half the memory 
> capacity of a FullMAC chipset. The other differences - that made the Prism54 
> driver unusable - seem only because the SoftMAC firmware protocol is 
> radically different than the FullMAC protocol.
> - implementing new wireless protocols, such as WDS and WPA, with no further 
> protocol reverse engineering

This could (should) be achieved with...

> - being more resistant to possible future protocol and hardware changes - if 
> Prism54 didn't rely on FullMAC that much, support for the 3886 and 3887 would 
> have been much more easy (probably as simple as cutting down the firmware 
> code and offloading operations to the host).
           ^^^^^^^^^^^^^^^^^^^^^
exactly this!

Actually, what is the minimum needed from a wireless card?

* ability to tx an arbitrary packet at given rate/modulation
  (automatic retry and/or rate fallback is nice but not 100% reqd)
* ability to autonomously tx very low level control stuff
  like sending ACKs (it's time critical)
* tune into given channel
* rx packets
* DMA packets to/from host via PCI / transfer data over USB / whatever
* anything else?

Beacons, association, even WEP and scanning - all can be done by host OS.
This also will give us nice well debugged common 802.11 stack.

Thus bare minimum firmware can be rather dumb (and thus easier to write/debug).
Maybe we (wireless crowd, not just Prism54 project) should aim
exactly to such "bare minimum fw" approach?

> - official information suggests that the radio interface of these chipsets is 
> very flexible, making them wonderful devices for tinkering with the ISM 
> bands. I don't know how far we could go with this (I don't have a lot of info 
> about the radio for now), but for instance making a 802.11/Bluetooth combo 
> out of an unmodified Conexant wireless card might not be impossible.
> - wireless cards are cheap and nice ARM developement boards, featuring a 
> powerful ARM9 core clocked at 30MHz.
> - I find learning how the device works very instructive.
> 
> It can be argued that "by the time this happens the technology these cards use 
> will probably be extremely outdated since guessing how > 2000 
> registers/instructions work by trial and error is pretty 
> painful" (http://prism54.org/~mcgrof/firmware/). But :
> - No major hardware changes seem to have been made between the first Prism 
> Indigo (3877) and the latest Prism Cohiba (3887).
> - There aren't 2000 registers. They are less than 100, and organized by blocks 
> according to their purpose, which makes guessing easier. Moreover, the 3886 
> has mechanisms (PCI memory window, ...) which eases reverse engineering. 
> Finally, trial and error is not the only solution, we can run the official 
> firmware in an ARM emulator with the hardware registers mapped to the 
> physical device, and their access logged. We have enough knowledge about the 
> chipset for acheiving this by now.
> - The instruction set and coprocessor interface are those of the ARM 946E, 
> which is heavily documented. The GNU ARM toolchain supports it very well - by 
> the time I'm writing this, the FreeMAC firmware compiles with GCC without any 
> problem. It's still far for being usable by normal users, though (for now, 
> this is mainly a command line interface giving access to the hardware and 
> other developer stuff).
>
> That's pretty much my opinion, of course ; comments and criticism are welcome.
> 
> Everyone's invited to join and contribute to this project. We've set up wiki 
> pages at the temporary adress http://jbnote.free.fr/islsm/. I'll port ISLLDR 
> - a quickhack driver for FreeBSD giving access to the FreeMAC command line, 
> which will be eventually merged in p54u - to Linux, so that everyone can 
> tinker with his device. Please note that the hardware is very robust, it it 
> very unlikely that you fry something - my Siemens Gigaset has already been 
> written almost everything to every hardware register, and it's still working.
> 
> Another good news is that we've learnt a lot from hardware reverse 
> engineering, allowing us to understand better how the SoftMAC firmware works.
> I will spare you the technical details for now unless anyone's interested - 
> this concerns mainly the "SoftMAC addresses" and the interrupt system.
> At short term, this will allow us to fix most failures of the SoftMAC drivers.
> 
> Finally, we may take the management of the prism54.org website and use it as a 
> home page for the SoftMAC drivers and the FreeMAC project. The FullMAC 
> section will still be available, of course. This is going on with Luis.

I will try to look into it when (if?) I'll get bored with acx project.

Cheers!
--
vda


More information about the Prism54-devel mailing list