Broadcom63xx SoC integrates ADSL/ADSL2+ features, routing, and external Wireless NIC.
This SoC is widely used by most xDSL platforms in the world. It is one of the most successful xDSL platforms due to the simplicity of migrating old platforms (e.g: BCM6345) to new ones without much software impact.
The Architecture is based on a standard MIPS32 Big Endian Instruction Set, and shares some features with the R4000 microprocessor.
- The OpenWrt support for the Broadcom BCM63xx SoC family currently only works with following models:
- 6358 / 6359
- 6361 / 6362
- 6368 / 6369
- 63168 / 63169 / 63268 / 63269
- There are working drivers for USB Host (OHCI and EHCI) and Ethernet under the GPL. USB Device drivers are also supported but only for BCM6368 and newer SoCs.
Some SoCs like BCM6358 or BCM6368 have two cores, however OpenWrt only uses 1 core. Spite there being SMP code for using two cores in the kernel (see smp-bmips.c), it seems hard to use both cores: it is needed to initialize the second cpu; also the irq code code currently only enables irqs on the first cpu, so only userspace can use the second core, all interrupt handlers will use the first one.
The support for Broadcom 63xx is at this state :
- Full Linux support for BCM63xx with runtime detection of the SoC on which the kernel is running.
- GPL drivers for Ethernet/switch, OHCI, EHCI, SPI, Watchdog
- Dual core partially supported in BM6362/6368 and no support in BCM6358.
- No available drivers (neither binary, nor GPL) for DSL, ATM, VoIP, on-board SLIC/SLAC
- Still not ported to OpenWrt but with available drivers under the GPL:
- Dual core SMP/CMT still needs further work, specially for BCM6358 with a shared TLB. If you know how to get rid of the problem of having a shared TLB between 2 cores, with working code, please contact with developers
see → TLB exception handlers
|SoC||CPU MHz||Dual Core||RAM||USB Device||USB Host||PCMCIA/PCCARD||PCI||PCIe||Wireless NIC||ADSL2||ADSL2+||VDSL||VDSL2||Fiber||OpenWrt|
- The third digit, when set to 3 (like in BCM6335, BCM6338) denotes a single-chip and cost-reduction oriented design.
- There are also some other variants like bcm6341, which is a DSP used in VoIP products in conjunction with a BCM6348 SoC.
|SoC||CPU version||Core||Size (kB)||Associativity||Linesize (bytes)||Cache policy||Size (kB)||Associativity||Aliases||Linesize (bytes)||Cache policy|
VIPT = Virtually indexed, physically tagged
|To take advantage of this hardware feature rng-tools should be installed.|
BCM63xx SoCs have cryptographic hardware accelerators. The Cipher engine accelerates the IPSec protocol by using dedicated hardware blocks. BCM63XX SoCs (all family? ) are implemented with the Encapsulating Security Payload (ESP) and Authentication Header (AH) IPSec protocols:
- AES and DES/3DES hardware encryption and decryption.
- AES in both Cipher Block Chaining (CBC) mode and Counter (CTR) mode. Can be performed in 128-, 192-, and 256-bit modes.
- DES, 3DES in Cipher Block Chaining (CBC) mode
- HMAC-SHA1 and HMAC-MD5 authentication in hardware.
This what Broadcom calls SPU. The driver is available with GPL
this code isn't still ported to OpenWRT, thus no crypto acceleration available
Two types of SPI controllers are present in BCM63xx:
- HSSPI: High speed SPI, only available in BCM6328/BCM6362 SoCs
By default only one Slave Select is available. Additional Slave Selects are at GPIO lines, but they need to be activated.
|SPI Slave Select (GPIOs)|
|Slave Select 1||Slave Select 2||Slave Select 3||Slave Select 4||Slave Select 5|
Snippet code example for converting these GPIOs to SPI-SS#:
BCM63xx GPIO lines aren't capable of generating interrupts, they use the polling method when configured as inputs (buttons). As a result of this, some input drivers using GPIO interrupts won't work.
Bootloader: Some devices use RedBoot such as Inventel Liveboxes. Most of the others use CFE with a built-in LZMA decompressor. CFE is not using standard LZMA compression arguments, and most noticeably, changes the dictionary size, so beware. Thomson routers have their own bootloader.
There is source code released for redboot (Inventel Livebox), and probably can be modified to work with other routers. Also there is some source code for Uboot (aka TBSBOOT).
|Here the uboot/TBSBOOT source code with the toolchain included for vx160 SoCs but with some code for bcm6338, bcm6348 and bcm6358:
And the Redboot source code for Inventel Liveboxes (bcm6348)
On several CPE (Customer-premises equipment) hardware devices and especially on smart phones, the OEM bootloaders are feature poor (no netboot, no booting from a USB stick, etc.), obfuscated (require some magic values to be correct) or completely messed up and make it cumbersome, difficult or impossible to install free software on the device. It is thus paramount to always have at least some products available, that have OEM bootloaders that keep installing free software easy (cf. generic.flashing). And it could be interesting to port such bootloaders to devices, which happen to come with a restricted bootloader. Compare the available bootloader out there, their license, available code and feature sets. Please also remember that available source code it NOT enough, it has to be under some license, that allow for modification and redistribution.
There exists an utility to backup the entire flash:
You must connect your PC with the bcm63xx router via serial TTL port while CFE is running. Then execute cfetool with a command like this, maybe different with different boot address / flash sizes.
./cfetool.py --read=dump.bin --addr=0xB8000000 --size=0x1000000 --block=0x10000 --addr=0xB8000000 -> Flash Memory Address (see CFE bootlog --> Boot Address) --size=0x1000000 -> 16Mb Flash --block=0x10000 -> Memory dumped each iteration (default is 10Kb 0x2800)cfetool expects the serial port used is /dev/ttyUSB0 in your PC, but you can change it with "–serial=/dev/ttyUSB1".
Note: not all CFEs have internally the dm/sm command, as a result of this cfetool may not work with some devices. Alternatively you can dump the flash via traditional methods like JTAG or with an OpenWrt ramdisk firmware version.
|BT Voyager 2100|
|ZTE ZXDSL 831A|
|US Robotics USR9105|
|US Robotics USR9106|
|Belkin F5D7632 v2|
|Huawei EchoLife HG510|
|Dynalink RTA1320 (Nateks Unispot21)|
|Siemens CL 110|
|Thomson SpeedTouch ST516 v6|
|Thomson SpeedTouch ST530 v6 (same as above with USB port)|
|D-Link DSL-2740B hw C2, C3|
|Neuf Box 4|
|ALICE GATE VoIP 2 Plus Wi-Fi Business|
|US Robotics USR9113|
|BT Homehub 2 Type A|
|Motorola NVG510 Commonly used with AT&T copper Uverse, which supports VOIP but not TV. (Motorola GPL source). Also on WikiDevi|
|Netgear DGND3700 (v2)|
|ZyXEL P-870HN-51b (commonly shipped to VDSL2 customers by Sonera in Finland)|
|ZyXEL P-870HN-53b (commonly shipped to ADSL/VDSL customers by T-Mobile in Czech Republic)|
|NETGEAR VVG2000 (sold to VDSL2 customers by Bezeq in Israel)|
|D-Link DSL-6740U (sold to VDSL2 customers by Bezeq in Israel)|
|Netgear DGND3700 (v1)|
|Actiontec Q2000 (commonly shipped to VDSL2 customers of Centurylink/Qwest)|
|Inteno DG301 (commonly shipped to Sonera customers in Finland)|
doc/hardware/soc/soc.broadcom.bcm63xx.txt · Last modified: 2014/09/09 10:44 by comixf1