Subject: Re: VAXstation 4000/90 Success!
To: Matt <matt@bodgit-n-scarper.com>
From: Hugh Graham <hugh@openbsd.org>
List: port-vax
Date: 07/14/2002 11:46:33
On Sun, Jul 14, 2002 at 06:32:48PM +0100, Matt wrote:
> I finally managed to get the firmware dump out of the VAX. It turns out
> the WYSE terminal has an MMJ printer port, and I can set a session to
> autoprint everything to the printer, so I primed the DEC 3000 with "cat
> > console.dump", plugged it up to the printer port, and ran the dump on
> the VAX with it autoprinting.
> 
> The only downer, (and I can now see why the NetBSD/alpha port lists the
> serial driver for these machines as buggy), is that occasionally I get
> duplicate characters, so I've done the dump twice, (how long? ;-), and
> done a bit of perl data-munging to get the best of both runs. This
> seems to have worked, save for 60-odd entries that got caught in both
> files, so I've corrected them by hand.

> My version, (if you can't ascertain it from the image), of firmware and
> whatnot is:
> 
> KA49-A V1.1-06B-V4.2

Ok, so I now have a corrupted version 1.1, to go with my uncorrupted
version 1.3 and 1.4 images.

> 
> I sincerely hope you can do something with this ;-)

There are *substantial* differences between versions, but checking out
just the area where I suspected corruption to occur may have shed clues:

Your firmware:

2009FFF0: 2073 6f63 6b65 7420 7368 7574 646f 776e   socket shutdown
200A0000: 2020 0020 746f 6f20 6d00 6e79 2072 6566    . too m.ny ref
200A0010: 6572 656e 6365 733a 2063 616e 2774 2073  erences: can't s

I think you may have lucked out, this being in the middle of some
printable strings rather than code, and because we can even compare
with Version 1.3 from Chuck McManis:

200A01F0: 2073 6f63 6b65 7420 7368 7574 646f 776e   socket shutdown
200A0200: 2020 0020 746f 6f20 6d61 6e79 2072 6566    . too many ref
200A0210: 6572 656e 6365 733a 2063 616e 2774 2073  erences: can't s

I don't own a vaxstation 4000/90 myself, so you're going to have to
do some testing to see if it'll let us fix that byte.

First, E/P/B/N:2 200A0009 and make sure you get the sequence:

  P 200A0009 00
  P 200A000A 6e
  P 200A000B 79

I just want to confirm we're in the right spot, and that your hand
patched dump is good.

Assuming things look correct, enter: D/P/B 200A0009 61

Then: E/P/B 200A0009 and see if it changed. If it didn't change, we
may have to fix this from kernel mode since the monitor would appear
to have a sanity check that the os isn't subject to. A hacked version
of the dz probe itself should do the trick.

BTW, if anyone else has corruption and wants to play, here's the area
around that address from a couple pristine machines:

Version 1.3:
200A0000: 6420 0020 2020 2020 2020 2020 6f70 6572  d .         oper

Version 1.4:
200A0000: 7edd 06e9 adb1 04d0 adf8 6edf ada0 7e89  ~.........n...~.

If I had a pristine version of 1.1, or a corrupt version of 1.3 or 1.4
it would be possible to look for other corruption, but it seems like
we're on the right track so far. Probably that POST error is due to a
failed firmware checksum.

Good luck,

/Hugh