| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | Debugging hardware can be tricky especially when doing kernel and drivers |
| 2 | development. It might become handy for you to add serial console to your |
| 3 | device as well as using JTAG to debug your code. |
| 4 | |
| 5 | \subsection{Adding a serial port} |
| 6 | |
| 7 | Most routers come with an UART integrated into the System-on-chip |
| 8 | and its pins are routed on the Printed Circuit Board to allow |
| 9 | debugging, firmware replacement or serial device connection (like |
| 10 | modems). |
| 11 | |
| 12 | Finding an UART on a router is fairly easy since it only needs at |
| 13 | least 4 signals (without modem signaling) to work : VCC, GND, TX and |
| 14 | RX. Since your router is very likely to have its I/O pins working at |
| 15 | 3.3V (TTL level), you will need a level shifter such as a Maxim MAX232 |
| 16 | to change the level from 3.3V to your computer level which is usually |
| 17 | at 12V. |
| 18 | |
| 19 | To find out the serial console pins on the PCB, you will be looking |
| 20 | for a populated or unpopulated 4-pin header, which can be far from |
| 21 | the SoC (signals are relatively slow) and usually with tracks on |
| 22 | the top or bottom layer of the PCB, and connected to the TX and RX. |
| 23 | |
| 24 | Once found, you can easily check where is GND, which is connected to |
| 25 | the same ground layer than the power connector. VCC should be fixed |
| 26 | at 3.3V and connected to the supply layer, TX is also at 3.3V level |
| 27 | but using a multimeter as an ohm-meter and showing an infinite |
| 28 | value between TX and VCC pins will tell you about them being different |
| 29 | signals (or not). RX and GND are by default at 0V, so using the same |
| 30 | technique you can determine the remaining pins like this. |
| 31 | |
| 32 | If you do not have a multimeter a simple trick that usually works is |
| 33 | using a speaker or a LED to determine the 3.3V signals. Additionnaly |
| 34 | most PCB designer will draw a square pad to indicate ping number 1. |
| 35 | |
| 36 | Once found, just interface your level shifter with the device and the |
| 37 | serial port on the PC on the other side. Most common baudrates for the |
| 38 | off-the-shelf devices are 9600, 38400 and 115200 with 8-bits data, no |
| 39 | parity, 1-bit stop. |
| 40 | |
| 41 | \subsection{JTAG} |
| 42 | |
| 43 | JTAG stands for Joint Test Action Group, which is an IEEE workgroup |
| 44 | defining an electrical interface for integrated circuit testing and |
| 45 | programming. |
| 46 | |
| 47 | There is usually a JTAG automate integrated into your System-on-Chip |
| 48 | or CPU which allows an external software, controlling the JTAG adapter |
| 49 | to make it perform commands like reads and writes at arbitray locations. |
| 50 | Additionnaly it can be useful to recover your devices if you erased the |
| 51 | bootloader resident on the flash. |
| 52 | |
| 53 | Different CPUs have different automates behavior and reset sequence, |
| 54 | most likely you will find ARM and MIPS CPUs, both having their standard |
| 55 | to allow controlling the CPU behavior using JTAG. |
| 56 | |
| 57 | Finding JTAG connector on a PCB can be a little easier than finding the |
| 58 | UART since most vendors leave those headers unpopulated after production. |
| 59 | JTAG connectors are usually 12, 14, or 20-pins headers with one side of |
| 60 | the connector having some signals at 3.3V and the other side being |
| 61 | connected to GND. |