<div dir="ltr">Hi,<br><div><br>I am using QEMU from Arch Linux x86_64 official repo. I need to test my built u-boot payload, so I tried to build a QEMU ARM coreboot image. However, it failed to run and had the following output.<br><div><br>qemu: fatal: Trying to execute code outside RAM or ROM at 0xfffffffe<br><br>R00=00000000 R01=00011b70 R02=00000000 R03=ffffffff<br>R04=00c51878 R05=00000147 R06=00000000 R07=00000000<br>R08=00000000 R09=00000000 R10=00000000 R11=00000000<br>R12=00000002 R13=000fffd8 R14=ffffffff R15=fffffffe<br>PSR=600000ff -ZC- T sys32<br>s00=00000000 s01=00000000 d00=0000000000000000<br>s02=00000000 s03=00000000 d01=0000000000000000<br>s04=00000000 s05=00000000 d02=0000000000000000<br>s06=00000000 s07=00000000 d03=0000000000000000<br>s08=00000000 s09=00000000 d04=0000000000000000<br>s10=00000000 s11=00000000 d05=0000000000000000<br>s12=00000000 s13=00000000 d06=0000000000000000<br>s14=00000000 s15=00000000 d07=0000000000000000<br>s16=00000000 s17=00000000 d08=0000000000000000<br>s18=00000000 s19=00000000 d09=0000000000000000<br>s20=00000000 s21=00000000 d10=0000000000000000<br>s22=00000000 s23=00000000 d11=0000000000000000<br>s24=00000000 s25=00000000 d12=0000000000000000<br>s26=00000000 s27=00000000 d13=0000000000000000<br>s28=00000000 s29=00000000 d14=0000000000000000<br>s30=00000000 s31=00000000 d15=0000000000000000<br>s32=00000000 s33=00000000 d16=0000000000000000<br>s34=00000000 s35=00000000 d17=0000000000000000<br>s36=00000000 s37=00000000 d18=0000000000000000<br>s38=00000000 s39=00000000 d19=0000000000000000<br>s40=00000000 s41=00000000 d20=0000000000000000<br>s42=00000000 s43=00000000 d21=0000000000000000<br>s44=00000000 s45=00000000 d22=0000000000000000<br>s46=00000000 s47=00000000 d23=0000000000000000<br>s48=00000000 s49=00000000 d24=0000000000000000<br>s50=00000000 s51=00000000 d25=0000000000000000<br>s52=00000000 s53=00000000 d26=0000000000000000<br>s54=00000000 s55=00000000 d27=0000000000000000<br>s56=00000000 s57=00000000 d28=0000000000000000<br>s58=00000000 s59=00000000 d29=0000000000000000<br>s60=00000000 s61=00000000 d30=0000000000000000<br>s62=00000000 s63=00000000 d31=0000000000000000<br>FPSCR: 00000000<br><br></div><div>After I add '-S -s' option to QEMU, I found the problem is in bootblock_simple.c, and the `main()' function in gdb is:<br><br>0x00000192 in ?? ()<br>=> 0x00000192:    08 b5    push    {r3, lr}<br>(gdb) disas $pc,+50<br>Dump of assembler code from 0x192 to 0x1c4:<br>=> 0x00000192:    push    {r3, lr}<br>   0x00000194:    bl    0x1704<br>   0x00000198:    bl    0x18c<br>   0x0000019c:    bl    0xd10<br>   0x000001a0:    bl    0x634<br>   0x000001a4:    bl    0x18e<br>   0x000001a8:    bl    0x190<br>   0x000001ac:    ldmia.w    sp!, {r3, lr}<br>   0x000001b0:    b.w    0x159c<br>   0x000001b4:    push    {r3, lr}<br>   0x000001b6:    mrc    15, 0, r3, cr1, cr0, {0}<br>   0x000001ba:    lsls    r2, r3, #29<br>   0x000001bc:    bpl.n    0x1c4<br>   0x000001be:    bl    0x2ac<br>   0x000001c2:    b.n    0x1cc<br>End of assembler dump.<br>(gdb) si<br>0x00000194 in ?? ()<br>=> 0x00000194:    01 f0 b6 fa    bl    0x1704<br>(gdb) b *0x198<br>Breakpoint 3 at 0x198<br>(gdb) c<br>Continuing.<br><br>Breakpoint 3, 0x00000198 in ?? ()<br>=> 0x00000198:    ff f7 f8 ff    bl    0x18c<br>(gdb) b *0x19c<br>Breakpoint 4 at 0x19c<br>(gdb) c<br>Continuing.<br><br>Breakpoint 4, 0x0000019c in ?? ()<br>=> 0x0000019c:    00 f0 b8 fd    bl    0xd10<br>(gdb) b *0x1a0<br>Breakpoint 5 at 0x1a0<br>(gdb) c<br>Continuing.<br>Remote connection closed<br><br></div><div>So there may be something wrong when setting up the console, however I'm not so familiar with debugging the ROM so I don't know which function call raise the problem.<br><br></div><div>Thanks,<br></div><div>Iru<br><br></div></div></div>