00:27
bonda_000 has joined ##raspberrypi-internals
00:50
<
bonda_000 >
this seems to load camera_func_table using dlshared_vll_load()
00:50
<
bonda_000 >
undefined ** camera_driver_load(undefined4 param_1,undefined4 param_2,int *param_3)
00:51
<
bonda_000 >
I'm not exactly sure where it is loading it from
00:52
<
bonda_000 >
from some hidden place within the start_x.elf?
01:06
<
bonda_000 >
it uses open() and read() assumes there is some sort of filesystem
01:06
<
bonda_000 >
so these drivers must be somewhere within start_x.elf or fixup_x.dat
01:43
<
bonda_000 >
all I can say so far is
01:43
<
bonda_000 >
void * cdi_camera_open(int *param_1,int *param_2)
01:44
<
bonda_000 >
calls open_camera_driver() which initializes separately camera_subsystem (CSI unicam block) and loads camera_driver by dloading some vll with camera_func_table
01:44
<
bonda_000 >
this cdi_camera_open itself has input arguments and no xrefs so will have to look for that now
01:45
<
bonda_000 >
it runs some internal filesystem probably derived from the .elf / fixup files
01:46
<
clever >
bonda_000: the fixup file is purely a binary patch, that modifies the elf to run from some other address
01:46
<
clever >
the pi can boot just fine without the fixup
01:46
<
clever >
but it will act like it has 256mb of ram
01:47
<
bonda_000 >
any clue where those vll patches are?
01:47
<
bonda_000 >
the symbol table is full of these
01:48
<
clever >
none currently
01:48
<
clever >
but i did find a big table, with names and function pointers
01:48
<
bonda_000 >
camplus_open loads some vll symbol to get the function table but we can see it in the decompile
01:48
<
clever >
look at the xref's of isp_module, you should see a function
01:49
<
clever >
what was the function called? (i dont have ghidra open right no)
01:50
<
bonda_000 >
absolutely zero xrefs
01:50
<
bonda_000 >
when there should have been at least one (see right side)
01:50
<
clever >
then what is get_isp_module ?
01:51
<
clever >
change get_isp_module to return the isp_function_table struct from before
01:51
<
clever >
the fact that you tagged it as int, means its not an address, so it cant be an xref
01:51
<
clever >
ghidra is beliving that lie
01:52
<
clever >
ah yes, its gp based, thats why
01:52
<
clever >
setting gp doesnt create an xref
01:52
<
clever >
now search for the address of get_isp_module, youll find it in a big undefined1 array
01:52
<
clever >
how many bytes is that array? what is the symbol?
01:53
<
bonda_000 >
it looks a bit nicer now but still no xrefs
01:53
<
clever >
yeah, gp doesnt make an xref, even when you set gp like you discovered
01:54
<
bonda_000 >
388 bytes
01:54
<
clever >
wrong direction
01:54
<
clever >
you want to search for ed0fdd8
01:54
<
clever >
2024-05-09 22:52:48 < clever> now search for the address of get_isp_module, youll find it in a big undefined1 array
01:55
<
bonda_000 >
_dummy_functab?
01:55
<
clever >
thats the one
01:55
<
clever >
how big is it?
01:56
<
bonda_000 >
undefined1[1320]
01:56
<
clever >
and 1320/4 is?
01:56
<
clever >
now make _dummy_functab a `void*[330]`
01:57
<
clever >
ah, didnt see the typo, i did the same math on my end
01:57
<
clever >
then search for ed0fdd8 again, and youll find its element [164]
01:57
<
clever >
and there is a "isp.vll" and "get_isp_func_table" right before it
01:58
<
clever >
and camplus_open called dlshared_get_vll_symbol(handle,"get_isp_func_table");
02:01
<
bonda_000 >
yeah I see
02:01
<
clever >
and on closer inspection, _dummy_func is a repeating array of 3 pointers, `struct { char*vll; char*symbol; void*function;}`
02:01
<
clever >
and it has 110 of those
02:01
<
clever >
thats your missing xref
02:01
<
clever >
i think at one time, isp.vll was a file on the disk
02:02
<
clever >
and it only got loaded into ram when camplus_open calls for it
02:02
<
bonda_000 >
now its just a part of .elf?
02:02
<
clever >
but the rpi firmware isnt allowed disk access, after linux has booted
02:02
<
clever >
so the _dummy_func table redirects the whole vll subsystem, to something already in the elf
02:03
<
bonda_000 >
I thought it was filled with new pointers from the file we read
02:03
<
clever >
there is also a camplus.vll with a get_camplus_func_table symbol
02:05
<
bonda_000 >
and get_camera_func_table is gonna be one of the two supported ones at that moment in time
02:05
<
bonda_000 >
toshh2c or ov5647
02:05
<
clever >
and bingo, camera_info_parameter_get will try to load camplus.vll and call get_camplus_func_table
02:06
<
clever >
and that perfectly leads over to mmal_component_create_camera_info!
02:07
<
bonda_000 >
camera_info_parameter_get as a function?
02:08
<
bonda_000 >
I don't know if you read everything
02:08
<
bonda_000 >
I wrote
02:08
<
bonda_000 >
take a look at start_camplus()
02:08
<
clever >
which part of it?
02:08
<
bonda_000 >
its same as the camplus_ block was passing around the isp_func_table within a struct
02:09
<
clever >
let me finish tagging this function first...
02:09
<
bonda_000 >
start_camplus'es param_1 carries the camplus_func_table within a struct
02:10
<
bonda_000 >
so its like one level above camplus
02:10
<
bonda_000 >
it seems to be important, yet it doesn't seem to be a part of any particular block
02:11
<
bonda_000 >
it goes together with try_ that is also not a member of any particular block, but has "cameraRIL" debug messages
02:13
<
bonda_000 >
(**(code **)(*(int *)(param_1 + 0x1b6c) + offset) that's the camplus_func_table
02:13
<
bonda_000 >
when it does *
02:15
<
bonda_000 >
so is camera_info that huge struct that's being passed around?
02:15
<
clever >
cant make much sense of start_camplus yet
02:15
<
clever >
but mmal_component_create_camera_info is huge, because that looks like what mmal exposes to userland
02:16
<
clever >
if you then look at the symbol tree, under mmal_component_create
02:17
<
bonda_000 >
start_camplus does to camplus_module exactly the same what camplus_module did to isp_module
02:17
<
clever >
youll find aggregator, camra_info, copy, miracast, null_sink, passthru, scheduler, splitter, video_convert
02:17
<
clever >
all of the things the video pipeline does
02:18
<
clever >
have you seen the old openmax docs?
02:18
<
bonda_000 >
I just looked at some openmax stuff today
02:18
<
clever >
let me find the link...
02:19
<
clever >
yep, thats the one
02:19
<
bonda_000 >
it says
02:19
<
clever >
and here, you can see a list of components
02:19
<
bonda_000 >
don't use any of this with IL
02:19
<
clever >
over the openmax api, you can create an instance of each thing in here
02:20
<
clever >
and you can take any numbered port of the same color, and create a connection
02:20
<
clever >
so if you wanted to record the camera, you would create an instance of camera and video_encode, and then link port 70 of the camera to port 200 of encode
02:20
<
clever >
and then route encode's port 201 back to linux
02:21
<
clever >
and boom, you get an h264 stream
02:21
<
bonda_000 >
it says
02:21
<
bonda_000 >
dont use OMX with IL
02:21
<
bonda_000 >
and IL is all over the vpu code that we were looking at
02:21
<
clever >
the whole omx interface has been replaced by mmal, and then replaced again by v4l
02:21
<
bonda_000 >
IL or RIL I know that IL stands for interface layer
02:21
<
clever >
mmal was meant to be a simpler interface
02:22
<
clever >
but v4l is a standardized interface, that works outside of the rpi ecosystem
02:22
<
clever >
but if you then look at the camera component, youll see it has a bunch of properties on each port, like OMX_IndexConfigCameraISPOutputPoolHeight
02:28
<
bonda_000 >
the whole things seems to be built to the OpenMAX standard
02:28
<
bonda_000 >
and that has three layers
02:28
<
bonda_000 >
AL IL HL
02:28
<
bonda_000 >
but mmal I thought was "access layer" but OpenMAX talks about "abstraction layer"
02:29
<
bonda_000 >
maybe they are the same thing
02:31
<
clever >
this seems to say that mmal runs over the vchi protocol
02:31
<
clever >
and i believe vcgencmd, openmax, and the broadcom gl, also run over vchi(q)
02:32
<
clever >
> Use MMAL instead of OpenMAX - it's simpler in the RPC calls, and in the client interface.
02:32
<
clever >
> They both go over VCHIQ, it's just the state machine that has to be maintained on the client side is simpler with MMAL.
02:32
<
clever >
yeah, and this post says that both omx and mmal go over vchiq
02:33
<
clever >
this is where i was saving those notes
02:39
<
clever >
and checking mmal_component_supplier_register, its very clearly just a singly linked list
02:39
<
bonda_000 >
but if we are on VPU side we can ditch all the access layer
02:39
<
clever >
each entry has a next pointer, a pointer to the mmal_component_create_camera_info function, and a char[0x20] for a name
02:40
<
clever >
so when mmal asks for a certain component, you can walk this singly linked list, and then call mmal_component_create_camera_info
02:41
<
bonda_000 >
what does this function look to you like
02:41
<
bonda_000 >
void * try_update_and_start_capture(int param_1)
02:41
<
clever >
and bingo, mmal_component_supplier_create, will walk that list
02:44
<
clever >
it looks like try_update_and_start_capture just starts the capture on a camera
02:45
<
bonda_000 >
is it calling the unlabeled (void *)FUN_0ee2cf76(); and (void *)FUN_0ee2cf76();?
02:45
<
bonda_000 >
those seem to be hickups because of the switch statement within that function
02:45
<
clever >
that is just a label within the function for me
02:46
<
clever >
i think you need to recreate the function, because the $c's broke it
02:46
<
bonda_000 >
pcVar8 = *(code **)(*(int *)(param_1 + 0x1b6c) + 0x40);
02:46
<
bonda_000 >
remember how the isp_func_table was an offset within that huge 0x70000 byte struct?
02:47
<
bonda_000 >
this is the same, but the camplus_func_table is at offset 0x1b6c
02:48
<
bonda_000 >
wasn't too difficult to deduce after you showed me the trick
02:49
<
clever >
aha, found some more stuff
02:49
<
bonda_000 >
so this one is calling camplus_get_ctrl entry number 16
02:50
<
clever >
the miracast code, is calling back into the mmal core, to create a miracast_camera, ril.video_encode and miracast_frame_ctl
02:50
<
clever >
so one larger component, is then reusing other smaller components
02:51
<
clever >
and there, i found the top
02:51
<
clever >
a simply worker() function, that calls vchiu_queue_pop, and has a switch-case on it
02:51
<
clever >
that then calls into the various things
02:52
<
bonda_000 >
I don't think I can understand what mmal is doing until I figure out where the level below it, ril, resides
02:53
<
bonda_000 >
for me, it's mostly working my way to the top to figure out the contents of that param_1 that always seems to be a large control structure
02:53
<
clever >
starting at worker() looks like a great place to me
02:54
<
bonda_000 >
a worker() if I remember correctly is what reads the messages from Linux side
02:55
<
bonda_000 >
but aren't we already relieved of that if we have pure VPU at our hands
02:55
<
clever >
but starting at the worker, will show you how linux gets to the various things
02:55
<
bonda_000 >
so we can get rid of that top level messaging system
02:56
<
clever >
let me cross-reference to linux now...
02:56
<
bonda_000 >
no, I do look up the camera driver to get hints where to look at
02:57
<
clever >
[clever@amd-nixos:~/apps/rpi/linux-pi5/drivers/staging/vc04_services/bcm2835-isp]$ ls
02:57
<
clever >
so if i start here, i think
02:57
<
clever >
in bcm2835-v4l2-isp.c
02:58
<
clever >
we have a vchiq_mmal_component_init(dev->mmal_instance, "ril.isp",
02:58
<
bonda_000 >
on VPU side all it's gonna do is call a few RTOS functions and return I'm pretty sure
02:58
<
clever >
then in vchiq-mmal/mmal-vchiq.c
02:59
<
clever >
it calls create_component
02:59
<
clever >
m.h.type = MMAL_MSG_TYPE_COMPONENT_CREATE;
02:59
<
clever >
which sets the message type like so
03:00
<
clever >
and in mmal-msg.h, we can see that MMAL_MSG_TYPE_COMPONENT_CREATE is 4
03:00
<
clever >
and there is a `case 4` in worker(), tht does mmal_server_do_component_create()!
03:00
<
bonda_000 >
piVar3 = (int *)rtos_calloc_priority(sVar2 + 0x215,4,1,0xedb4ad0); is the gist of the mmal_component_create_core on the VPU side
03:00
<
clever >
so now we can seamlessly trace the references in linux, all the way into the mmal core
03:00
<
clever >
and then keep tracing them down into camplus
03:02
<
bonda_000 >
my bad it's alway truncating my functions because of mem_ ops
03:05
<
bonda_000 >
I do see set and get in the mmal_init_port function
03:05
<
bonda_000 >
void mmal_component_init_control_port(int *param_1)
03:06
<
bonda_000 >
that's what mmal_component_create_core is calling
03:06
<
bonda_000 >
it writes 4 function pointers
03:06
<
bonda_000 >
into the param_1 struct
03:07
<
bonda_000 >
mmal_component_enable_control_port; mmal_component_disable_control_port; mmal_component_parameter_set; mmal_component_parameter_get;
03:07
<
bonda_000 >
enable and disable do nothing, just return
03:08
<
bonda_000 >
yeah the only good thing is that mmal functions and input parameters are probably documented somewhere since it has almost one-to-one syntax on the Linux side
03:09
<
bonda_000 >
only with a vchiq_ prefix on the Linux side
03:09
<
bonda_000 >
so that means send a vchiq request to call the similar function on the vpu side
03:10
<
clever >
so you can now trace things backwards to linux and other mmal clients (libcamera, vlc), and see what they mean
03:10
<
bonda_000 >
once I get ril
03:11
<
bonda_000 >
If mmal uses ril
03:11
<
bonda_000 >
I need to know what arguments it passes to it
03:12
<
clever >
aha, param_2 from mmal_server_do_component_create, is a `struct mmal_msg` from linux
03:13
bonda_000 has quit [Read error: Connection reset by peer]
03:14
bonda_000 has joined ##raspberrypi-internals
03:14
<
clever >
aha, param_2 from mmal_server_do_component_create, is a `struct mmal_msg` from linux
03:27
bonda_000 has quit [Quit: Leaving]
08:10
fury999io has quit [Ping timeout: 264 seconds]
08:23
fury999io has joined ##raspberrypi-internals
08:58
f_ has joined ##raspberrypi-internals
10:31
bonda_000 has joined ##raspberrypi-internals
11:33
<
bonda_000 >
Does vcos_sprintf need all this at the input?
11:33
<
bonda_000 >
void vcos_snprintf(char *param_1,size_t param_2,char *param_3,undefined4 param_4,undefined4 param_5,
11:33
<
bonda_000 >
undefined4 param_6)
11:34
<
bonda_000 >
it calls
11:34
<
bonda_000 >
int vsnprintf(char *__s,size_t __maxlen,char *__format,__gnuc_va_list __arg)
11:36
<
bonda_000 >
I need to fix this I think
11:36
<
bonda_000 >
int _doprint(undefined *param_1,undefined4 param_2,int *param_3,int **param_4,undefined4 param_5,
11:36
<
bonda_000 >
undefined4 param_6,undefined param_7 [172])
11:43
<
bonda_000 >
this is still a part of _doprint and converting those byte to code did not make any more sense
11:48
<
bonda_000 >
I think this one just needs varargs
14:07
<
bonda_000 >
:clever
14:08
<
bonda_000 >
but it's still weird these functions start_camplus and try_ are not a part of any particular block
14:09
<
bonda_000 >
every block seems to have all it's functions listed in some function table
14:09
<
bonda_000 >
except this one
14:11
<
bonda_000 >
my only suspicion is that it may be internal functions of the cdi block
14:12
<
bonda_000 >
which is also camera related, I haven't found what cdi stands for
14:13
<
bonda_000 >
Camera Device Interface it could be
15:03
<
bonda_000 >
this looks like the top function of the Interface Laye
15:03
<
bonda_000 >
uint * camera_ril_create(uint **param_1,void *param_2)
15:04
<
bonda_000 >
allocates memory at line 21 puVar3 = (uint *)rtos_calloc_priority(0x408c,4,1,0);
15:04
<
bonda_000 >
sets up 4 ports
15:04
<
bonda_000 >
writes a lot of magic values
15:07
<
bonda_000 >
then actually writes to the param_1 pointer *param_1 = puVar3 + 0xdce;
15:11
<
bonda_000 >
creates a "ca_process_thread"
15:11
<
bonda_000 >
iVar4 = vcos_thread_create_classic
15:11
<
bonda_000 >
((int)(puVar3 + 1),"ILCamera",ca_process_thread,puVar3,
15:11
<
bonda_000 >
(int)(puVar3 + 0x73),6000,10);
15:12
<
clever >
bonda_000: its a varargs function, so it only consomes what the format string needed
15:32
<
bonda_000 >
Was thinking today of doing a VGA
15:32
<
bonda_000 >
but I only have one DAC at the moment
15:32
<
bonda_000 >
maybe I could drive it at triple the pixel clock and do switched capacitors thing?
15:33
<
bonda_000 >
yeah I've already seen it
15:33
<
bonda_000 >
its pricey too
15:33
<
bonda_000 >
takes 8 weeks to get it here
15:33
<
clever >
its just a bunch of resistors
15:33
<
clever >
you can find the schematic online and just make it on a breadboard
15:35
<
bonda_000 >
I have a ton of capacitors, some relatively high-speed BJTs
15:35
<
bonda_000 >
you know how these switched power supplies work
15:35
<
clever >
the bcm2835 even has one right in the SoC
15:36
<
bonda_000 >
it's off half the time but the charge is stored on the capacitor, the oscillator is picked so that it flip the switch back on before the capacitor discharges way too much
15:36
<
clever >
VDD_OUT is a 5v PWM signal
15:36
<
clever >
L5 and the capacitors smooth it out
15:36
<
clever >
VDD_FB is the feedback
15:36
<
bonda_000 >
yeah so by the same principle
15:36
<
clever >
from a single register write, you can change the target that it tries to keep FB at
15:37
<
bonda_000 >
if I need three analog signals and have only one dac
15:37
<
clever >
and the input of VDD_BAT, implies this SoC was designed for battery use at one time
15:37
<
clever >
why convert lipo->5v->1.1v when you can do lipo->1.1v direct
15:38
<
clever >
i think composite video would be simpler then vga
15:38
<
clever >
its a single signal, using a dac that already exists in the chip
15:39
<
bonda_000 >
a dac is in the bcm2835?
15:39
<
bonda_000 >
never knew of it
15:39
<
bonda_000 >
I know there's an adc within the tempctrl
15:40
<
clever >
that dac is how it generates pal and ntsc video
15:40
<
bonda_000 >
well my current options are a VGA and HDMI
15:40
<
clever >
with the proper adapter cable, you can get video and audio out of the phone port
15:40
<
clever >
and if shipping is too bad, just solder a wire to the right pin of the port
15:41
<
clever >
i have yet to get hdmi working on the open firmware
15:41
<
bonda_000 >
yeah I remember these from PlayStation 1 days
15:42
<
bonda_000 >
I have an EXT RGB in my flat screen TV
15:42
<
bonda_000 >
has a lot of pins
15:43
<
bonda_000 >
but sadly none of these three jacks PAL/NTSC connectors
15:43
<
clever >
that sounds like scart
15:45
<
bonda_000 >
yeah 20 pin rgb
15:45
<
bonda_000 >
ext rgb
15:53
<
bonda_000 >
he is doing RGB444
15:54
<
bonda_000 >
is that DAC within the BCM2835 documented anywhere?
15:55
<
clever >
these are my own docs on it
15:55
<
clever >
and the 1st one links to the linux source, where i got most of the info
15:55
<
clever >
internally, it can run in 3, 2, or 1 channel mode
15:56
<
clever >
3 channel mode can produce rgb or component
15:56
<
clever >
2 channel mode can produce s-video
15:56
<
clever >
1 channel mode can do composite
15:56
<
clever >
but only 1 dac has ever been wired to an external pin
15:58
<
bonda_000 >
what pin is that
15:58
<
bonda_000 >
I don't see anything on the datasheet
15:58
<
clever >
which datasheet?
15:59
<
bonda_000 >
bcm2835 the table with alt functions
15:59
<
clever >
its not on the gpio array
15:59
<
clever >
there is a dedicated pin just for the dac
15:59
<
bonda_000 >
46 through 53 are internal
16:00
<
clever >
its on pin P14
16:01
<
clever >
bottom right corner of page 1
16:02
<
bonda_000 >
dac2b5?
16:02
<
clever >
dac_2v5, is just a 2.5v supply for the dac
16:03
<
bonda_000 >
VID_DAC
16:03
<
bonda_000 >
found it
16:04
f_[xmpp] has quit [Changing host]
16:04
f_[xmpp] has joined ##raspberrypi-internals
16:04
f_ has joined ##raspberrypi-internals
16:04
f_ has quit [Changing host]
16:05
<
bonda_000 >
so if only one has a wire then its only a 1 channel mode?
16:05
<
clever >
and because only 1 channel mode works, they never released source for configuring the other modes
16:06
<
clever >
so all we have to go on, is a mode enum that leaked in a header
16:07
<
bonda_000 >
I think switching R,G,B at triple speed with capacitors isn't a bad idea and hooking it up to the VGA
16:07
<
bonda_000 >
so if pixel clock is 30MHz, say
16:08
<
bonda_000 >
a pixel comes in, software put red component on the dac, flip the switch
16:08
<
clever >
but the hardware isnt able to interleave the subpixels like that
16:08
<
bonda_000 >
now the capacitor is charged to the red component
16:10
<
bonda_000 >
can do it is software
16:10
<
clever >
timing would be far more unstable
16:10
<
clever >
and it would use a lot of cpu
16:11
<
bonda_000 >
its like a demux in a sense
16:11
<
bonda_000 >
1 to 3 demux
16:11
<
bonda_000 >
my prof was laughing in University at this term
16:17
<
clever >
gotta run now, lunch time!
16:35
bonda_000 has quit [Ping timeout: 246 seconds]
17:36
bonda_000 has joined ##raspberrypi-internals
17:53
<
bonda_000 >
uint rtos_malloc_priority(uint param_1,uint param_2,uint param_3,uint param_4)
17:53
<
bonda_000 >
Do you also have this function with 4 params?
17:53
<
bonda_000 >
trying to figure out what camera ril is allocating with this call
17:54
<
bonda_000 >
puVar3 = (uint *)rtos_calloc_priority(0x408c,4,1,0);
17:54
<
bonda_000 >
beacuse this is later on is passed downward to camplus_block and somehow becomes 0x70000 byte struct
18:42
dolphinana has joined ##raspberrypi-internals
21:48
arsenijs has joined ##raspberrypi-internals
22:47
<
bonda_000 >
This is where both cores are trapped in the beginning
22:48
<
bonda_000 >
also the boot sequency is tricky. I had to alter the Ghidra a little bit. It sneaks the address where a piece of code is in the midst of data into the lr and it looks like a simple "return" statement
22:51
<
bonda_000 >
so from vccrypt_start it doesn't go back to main, but goes to one of the two FUN's instead, depending on which core I am
22:52
<
bonda_000 >
it was cluttered in that area for me and it didn't label that as a function, I had to do that manually
22:53
<
bonda_000 >
this is the full sequence for the primary core
22:54
<
bonda_000 >
the secondary core goes to the last piece of it, _os_main_hook which starts the rtos on the secondary core and also ends up in an infinite loop
23:18
<
bonda_000 >
is there a way to redirect VPU log messages to the uart?
23:19
<
clever >
bonda_000: uart_2ndstage=1 in config.txt should do that
23:28
<
bonda_000 >
is it going to hurt the VPU if there are no device tree files?
23:28
<
bonda_000 >
it's where the hardware is described isn't it
23:29
<
clever >
bonda_000: the firmware knows where all of the hardware is and doesnt need dtb
23:29
<
clever >
the dtb is only there to help linux understand things
23:30
<
bonda_000 >
I'll just give it a try see if I can get any messages
23:30
<
bonda_000 >
is it a 115200 baud?
23:38
bonda_000 has quit [Read error: Connection reset by peer]
23:38
bonda_000 has joined ##raspberrypi-internals
23:39
<
bonda_000 >
but now since I'm going to the second stage my tftp folder should also contain config.txt
23:50
dolphinana has quit [Quit: Leaving]
23:56
<
bonda_000 >
<clever> add program_usb_boot_mode=1 to config.txt, reboot, then check vcgen again
23:56
<
bonda_000 >
<clever> it just enables booting from usb when SD cant be found
23:57
<
bonda_000 >
so where is going to get the config.txt with this param if the SD isn't inserted
23:57
<
bonda_000 >
or were we just checking if my board is capable of USB/Ethernet booting?
23:57
<
bonda_000 >
that's when you asked me to tell you my OTP value
23:58
<
bonda_000 >
<clever> bonda_000_: if you boot normal raspi-os and run `vcgencmd otp_dump | grep 17:`, what does it report?
23:58
<
bonda_000 >
<bonda_000_> 1020000a
23:58
<
bonda_000 >
<clever> usb is not enabled
23:58
<
bonda_000 >
<clever> add program_usb_boot_mode=1 to config.txt, reboot, then check vcgen again
23:59
<
bonda_000 >
I was booting without config.txt when I tried lk
23:59
<
bonda_000 >
just fine