Accessing Linksys E4200 SPI Flash via JTAG

Development Boards MicroMod
1

Hi,

I bricked my Linksys E4200 v1.0 router and bought the Tumpa Lite adapter to try to un-brick the router via JTAG. I managed to connect to the router via JTAG and OpenOCD v0.8 managed to detect the router’s BCM4718 router.

I need to erase the route’s NVRAM stored in the router’s flash memory (I think) but OpenOCD does not seem to be able to detect the SPI flash (it’s a Winbond W25Q128BV flash chip) that the router is using.

I’ve created a board config file in the ‘scripts/board’ directory as below:

Linksys E4200 v1.0

source [find target/bcm4718.cfg]

set partition_list {

CFE { Bootloader 0x1c000000 0x00040000 }

firmware { “Kernel+rootfs” 0x1c040000 0x00fb0000 }

nvram { “Config space” 0x1cff0000 0x00010000 }

}

External 16MB SPI Flash (WinBond W25Q128BV)

set _FLASHNAME $_CHIPNAME.flash

flash bank $_FLASHNAME stmsmi 0x1c000000 0 0 0 $_TARGETNAME

I’ve also created a openocd.cfg file as below:

adapter_khz 10

source [find interface/ftdi/tumpa-lite.cfg]

source [find board/linksys-e4200.cfg]

I’ve tried the ‘cfi’ and ‘smtsmi’ drivers but both does not seem to be able to detect the flash chip.

Below are outputs of what I’ve tried using the ‘stmsmi’ driver:

Open On-Chip Debugger 0.8.0 (2014-04-28-08:39)

Licensed under GNU GPL v2

For bug reports, read

http://openocd.sourceforge.net/doc/doxygen/bugs.html

adapter speed: 10 kHz

Info : only one transport option; autoselect ‘jtag’

Forcing reset_config to none to prevent OpenOCD from pulling SRST after the switch from LV is already performed

none separate

Info : clock speed 10 kHz

Info : JTAG tap: bcm4718-lv.tap tap/device found: 0x1471617f (mfg: 0x0bf, part: 0x4716, ver: 0x1)

Info : JTAG tap: bcm4718-lv.tap disabled

Info : JTAG tap: bcm4718.cpu enabled

Info : accepting ‘telnet’ connection from 4444

#0 : bcm4718.flash (stmsmi) at 0x1c000000, size 0x00000000, buswidth 0, chipwidth 0

{name stmsmi base 469762048 size 0 bus_width 0 chip_width 0}

Would appreciate if anyone who have experience using OpenOCD on a Linksys E4200 can help provide some pointers to move me along in the right direction.

Is SPI flash chip even supported by OpenOCD?

Thanks.

Regards,

Hong Hui