‎

qemu mt7628 emulation

before using

I’m add mt7628 support in qemu, some deivce is not working.

you maybe need review source code.

build qemu with patch

git clone https://gitlab.com/qemu-project/qemu
git clone https://github.com/newluhux/qemu-mt7628
cd ./qemu/
git branch mt7628
git switch mt7628
for i in ../qemu-mt7628/000*.patch
do
    git am < $i
done
./configure --cc=gcc --cxx=g++ --target-list=mipsel-softmmu
make -j$(nproc)
make check

bootup mainline uboot

wget http://musl.cc/mipsel-linux-muslsf-cross.tgz
tar xf mipsel-linux-muslsf-cross.tgz
cd mipsel-linux-muslsf-cross/bin/
export PATH=$PATH:$(pwd)
cd -
git clone https://github.com/u-boot/u-boot
cd u-boot
cp ./configs/linkit-smart-7688_defconfig ./.config
make ARCH=mips CROSS_COMPILE=mipsel-linux-musl- menuconfig
# you need select:
# CONFIG_REMAKE_ELF=y
make ARCH=mips CROSS_COMPILE=mipsel-linux-musl- -j$(nproc)
# create a blank flash image
dd if=/dev/zero of=flash_16M.bin count=16 bs=1M
../qemu/qemu-system-mipsel -M mt7628 \
			   -serial telnet:localhost:4000,server \
			   -serial telnet:localhost:4001,server \
			   -serial telnet:localhost:4002,server \
			   -drive if=mtd,file=flash_16M.bin,type=raw \
			   -usb \
			   -kernel ./u-boot.elf

telnet to localhost:4002, you will get uboot prompt:

$ telnet localhost 4002
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.


U-Boot 2022.04 (Feb 14 2023 - 15:32:34 +0000)

CPU:   MediaTek MT7628A ver:1 eco:2
Boot:  DDR2, SPI-NOR 3-Byte Addr, CPU clock from XTAL
Clock: CPU: 575MHz, Bus: 191MHz, XTAL: 25MHz
Model: LinkIt-Smart-7688
DRAM:  256 MiB
Core:  54 devices, 15 uclasses, devicetree: separate
Loading Environment from SPIFlash... SF: Detected w25q128 with page size 256 Bytes, erase size 4 KiB, total 16 MiB

Net:   
Warning: eth@10110000 (eth0) using random MAC address - 96:0d:9e:0d:3f:ea
eth0: eth@10110000
=>

Now, you can use ’tftp’ or ’fatload’ command to load a kernel image into memory.

you also can write firmware to spi nor flash use ’sf’ command.

after image load, use ’bootm’ bootup it.

bootup openwrt firmware

you need build a mainline uboot for mt7628 soc.

cp /path/to/uboot/uboot.elf ./uboot.elf
wget https://downloads.openwrt.org/releases/22.03.3/targets/ramips/mt76x8/openwrt-22.03.3-ramips-mt76x8-vocore_vocore2-squashfs-sysupgrade.bin
dd if=/path/to/uboot/uboot-with-spl.bin of=flash.bin
dd if=/dev/zero bs=1M count=1 >> flash.bin
truncate -s 327680 flash.bin
dd if=./openwrt-22.03.3-ramips-mt76x8-vocore_vocore2-squashfs-sysupgrade.bin >> flash.bin
dd if=/dev/zero bs=1M count=16 >> flash.bin
truncate -s 16M flash.bin
/path/to/qemu-build/qemu-system-mipsel -M mt7628 \
			   -serial telnet:localhost:4000,server,nowait \
			   -serial telnet:localhost:4001,server,nowait \
			   -serial telnet:localhost:4002,server \
			   -kernel ./uboot.elf \
			   -drive if=mtd,file=flash_16M.bin,type=raw \
			   -usb

telnet to localhost:4002, you will get uboot prompt:

$ telnet localhost 4002
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.


U-Boot 2022.04 (Feb 14 2023 - 15:32:34 +0000)

CPU:   MediaTek MT7628A ver:1 eco:2
Boot:  DDR2, SPI-NOR 3-Byte Addr, CPU clock from XTAL
Clock: CPU: 575MHz, Bus: 191MHz, XTAL: 25MHz
Model: LinkIt-Smart-7688
DRAM:  256 MiB
Core:  54 devices, 15 uclasses, devicetree: separate
Loading Environment from SPIFlash... SF: Detected w25q128 with page size 256 Bytes, erase size 4 KiB, total 16 MiB

Net:   
Warning: eth@10110000 (eth0) using random MAC address - 96:0d:9e:0d:3f:ea
eth0: eth@10110000
=>

use command ’bootm 0x1c050000’ bootup openwrt.

bootup mainline linux kernel

TODO

bootup mainline NetBSD kernel

ref: https://www.netbsd.org/docs/guide/en/chap-build.html

NetBSD have mt7628 support after NetBSD 8.0

You can use Linux / NetBSD / Other OS cross build a NetBSD

build NetBSD kernel is easy (on my slackware linux machine):

mkdir ./netbsd/
cd ./netbsd/
wget https://ftp.NetBSD.org/pub/NetBSD/NetBSD-release-9/tar_files/src.tar.gz
tar -zxf src.tar.gz
cd ./src/
./build.sh -U -O ~/obj -j$(nproc) -m evbmips -a mipsel tools
cd sys/arch/evbmips/conf/
~/obj/tooldir.HOST/bin/nbconfig LINKITSMART7688
cd ../compile/LINKITSMART7688/
~/obj/tooldir.HOST/bin/nbmake-evbmips depend
~/obj/tooldir.HOST/bin/nbmake-evbmips

if it success, You will get a ’./netbsd’ file

file ./netbsd
netbsd: ELF 32-bit LSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), statically linked, for NetBSD 9.3, with debug_info, not stripped

run it:

/path/to/qemu-build/qemu-system-mipsel -M mt7628 \
			    -serial telnet:localhost:4000,server,nowait \
			    -serial telnet:localhost:4001,server,nowait \
			    -serial telnet:localhost:4002,server \
			    -kernel ./netbsd

connect serial port, you will see netbsd bootup log:

telnet localhost 4002
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
[   1.0000000] MIPS32/64 params: cpu arch: 128
[   1.0000000] MIPS32/64 params: TLB entries: 16
[   1.0000000] MIPS32/64 params: Icache: line=16, total=2048, ways=2, sets=64, colors=0
[   1.0000000] MIPS32/64 params: Dcache: line=16, total=2048, ways=2, sets=64, colors=0
[   1.0000000] phys segment: 0x8000000 @ 0
[   1.0000000] adding 0xe000 @ 0x2000 to freelist 0
[   1.0000000] adding 0x797e000 @ 0x682000 to freelist 0
[   1.0000000] Enabled early console
[   1.0000000] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
[   1.0000000]     2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,
[   1.0000000]     2018, 2019, 2020, 2021, 2022
[   1.0000000]     The NetBSD Foundation, Inc.  All rights reserved.
[   1.0000000] Copyright (c) 1982, 1986, 1989, 1991, 1993
[   1.0000000]     The Regents of the University of California.  All rights reserved.
[   1.0000000] NetBSD 9.3 (LINKITSMART7688) #0: Wed Mar 15 20:37:27 HKT 2023
[   1.0000000]  luhui@x230.luhui:/home/luhui/pub/netbsd/src/sys/arch/evbmips/compile/LINKITSMART7688
[   1.0000000] MT7628
[   1.0000000] total memory = 128 MB
[   1.0000000] avail memory = 120 MB
[   1.0000000] mainbus0 (root): Mediatek MT7628 System Bus
[   1.0000000] cpu0 at mainbus0: 580.00MHz (hz cycles = 2900000, delay divisor = 290)
[   1.0000000] cpu0: MIPS 24KE (0x19600) Rev. 0 with software emulated floating point

bootup plan9 kernel

TODO

bootup from flash image

Now, you can bootup from flash.

But it will take a lot of time to run memory test, wait it, or modify flash image to skip it.

You need dump flash image from real mt7628 board, then:

./qemu/qemu-system-mipsel -M mt7628 \
			   -serial telnet:localhost:4000,server \
			   -serial telnet:localhost:4001,server \
			   -serial telnet:localhost:4002,server \
			   -drive if=mtd,file=flash_16M.bin,type=raw \
			   -usb