n64-pif-cic.email
4.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
FYI -
----- Original Message -----
From: Atsushi Watanabe
To: wyen@wyen.com ; jprincen@routefree.com
Cc: takeda@nintendo.co.jp ; shio@nintendo.co.jp
Sent: Wednesday, April 24, 2002 5:24 AM
Subject: Information for AD16 BUS, PIf function and PIf security
This mail is information for AD16 BUS, PIf function (Pre-NMI), and PIf security.
My name is Atsushi Watanabe.
I take charge of this project (new game system for china) recently.
About Nintendo64, I took charge of boot sequence, security code, some AD16 BUS
device libraries and so on.
Then I think that I can help you with AD16 BUS and PIf security.
If there are any questions about this mail, would you send me mail, please?
-------------------------------------------------------------------------------------------
1. AD16BUS Device
About N64, there are some AD16BUS Device.
The following two AD16 BUS devices are often used.
We think that it is important to support these devices except MASK-ROM.
1) SRAM
This is used some games for back up memory.
SRAM chip supports DMA READ/WRITE and single IO READ/WRITE.
Game program can freely access SRAM chip (DMA or IO).
About IO READ/WRITE, CPU can access this chip as memory mapped area.
There is little dependence of speed for game program.
SRAM chip support multi chip construction.
But, almost game use only one SRAM chip.
Only one game "Dezaemon 3D"(3D shooing construction game) used 3 SRAM chip.
2) Flash memory
This is used some games for back up memory too.
Flash memory chip supports DMA READ/WRITE and single IO READ/WRITE too.
About IO READ/WRITE, CPU can access this chip as memory mapped area.
There is little dependence of speed for game program.
And Flash memory chip has some functions to READ/WRITE.
Unfortunately, there are some hardware bugs in flash memory chip.
Then flash libraries strangely access this chip to avoid bug.
(Ex. It changes access pattern between old flash and new Flash.)
About Flash memory, we send you the data later.
Just for your Info.
AD16 BUS was rarely used by other devices (RTC, modem chip, capture board and 64DD).
But it is a rare usage.
Then, we think that there is no need to support those devices.
-------------------------------------------------------------------------------------------
2.NMI/Pre-NMI problem
PIf has some functions.
There is luck of function in your document ("Summary of impacts of Design Changes in
Eliminating
AD16 BUS and PIF Chip"). It is Pre-NMI.
In N64, CPU can receive NMI signal, but RCP cannot receive it.
Then we prepare Pri-NMI (NMI warning) for PIf function.
If CPU receive Pri-NMI, CPU stop running RCP, avoid reset trouble.
The following is Pre-NMI sequence.
1) Game player push reset button
2) PIf send a Pre-NMI signal to CPU
3) CPU receives the Pre-NMI signal, and start Pre-NMI transaction
3-1) Stop GFX task for RCP
3-2) Stop audio task for RCP
3-3) Don't start new PI DMA
3-4) Set YScale to 1(This is to avoid VI HARD bug)
4) PIf send a NMI signal to CPU
The time between 2) and 4) is more than 0.5 sec.
PIf counts this wait time.
About reference of this timing, I append a file "NMI.doc".
-------------------------------------------------------------------------------------------
3. PIf security problem
N64 security is based on PIf and CIC that is security chip in cartridge.
The following is N64 sequrity sequence.
1) CPU starts boot code in PIf (we call it to IPL1, IPL2).
2) CPU load additional boot code (IPL3) from cartridge.
3) CPU calculates for IPL3, sends calculate result to PIf.
(We make some kinds of CIC. Each kinds of CIC have different code.)
-> PIf compare this result with CIC code.
If these are differing, PIf send NMI to CPU.
If these are same, PIf start communication with CIC (if the communication stopped,
PIf send NMI to CPU).
4) CPU set some code to memory and register at IPL3.
5) CPU checks the code at GAME program.
6) At only a little game, CPU send a code to CIC through PIf, receive the result at game
program. Then CPU checks the result.
This is use of CIC calculate function.
About new hard, PIf reset in 3) is not existence.
Then, check of 3) and 5) are invalid.
Only check of 6) is problem.
Fortunately, only a little game uses this check.
So we will change game program by removing check code.
Then there is no problem about this.
About reference of boot sequence, I append a file "boot.doc".
-------------------------------------------------------------------------------------------
Thanks.
----------------------------------------------------------------------
$BG$E7F23t<02q<R(B $BAm9g3+H/K\It3+H/It(B
$BEOJU(B $B=_;V(B(Watanabe Atsushi) E-mail : wata@nintendo.co.jp
PHONE : 075-662-9680 FAX : 075-662-9630