Unknown memory area 0x3ff5C000

Question

Unknown memory area 0x3ff5C000

redfast00 opened this issue a year ago · 6 comments

In esp32_reg.h, there's a line:

#define DR_REG_NRX_BASE                         0x3ff5CC00

Is this correct, or should this be 0x3ff5C000 instead?

Additionally, what does NRX and BB stand for?

Answer 1 · 2023-06-28T12:48:51.000Z

Probably not a typo, it's the same value in ESP-IDF:
https://github.com/espressif/esp-idf/blob/67552c31dac8cd94fb0d63192a538f4f984c5b6e/components/soc/esp32/include/soc/reg_base.h#L40
https://github.com/espressif/esp-idf/blob/67552c31dac8cd94fb0d63192a538f4f984c5b6e/components/soc/esp32/include/soc/nrx_reg.h#L23

According to the comment in nrx_reg.h, these are "Some of the WiFi RX control registers. PU/PD fields defined here are used in sleep related functions". I don't know what "N" in RX stands for, sorry.

BB probably stands for "baseband".

Answer 2 · 2023-06-28T13:11:16.000Z

Alright, thank you :)

Answer 3 · 2023-06-28T19:38:57.000Z

Forgot to ask, if not NRX, what is in the memory between 0x3ff5C000 and 0x3ff5CC00 then?

Answer 4 · 2023-06-29T13:51:50.000Z

Probably some other part of Wi-Fi, I'm afraid I don't have any more information about this.

Just in case, if you are trying to emulate Wi-Fi, there is a fork which has this functionality. In that fork the NRX_BASE has been indeed changed to 0x3ff5c000 so that emulation doesn't hit a PIF exception when the Wi-Fi driver is trying to access that area: https://github.com/a159x36/qemu/blame/esp-dev/include/hw/misc/esp32_reg.h#L40.

Answer 5 · 2023-06-29T22:19:08.000Z

Yes, I am trying to emulate wifi :) I used that fork and ported the changes over to the current QEMU, which mostly works (except for receiving packets, but I haven't looked into that). I've cleaned up the changes a bit, I'll open up a PR when it's ready.

My eventual end goal is to get 802.11s mesh networking working on the ESP32. I'd like to accomplish this by writing/porting an open source MAC layer, for that I need to know how the hardware registers work. To help reverse engineer them, I'm using QEMU :)

Is there any chance to get some more documentation about the undocumented wifi registers without having to sign an NDA? I know it's not entirely up to Espressif to release this (apparently contains IP of a third party), so no worries if not, I'm happy with every little scrap

Answer 6 · 2023-06-30T05:29:50.000Z

I've cleaned up the changes a bit, I'll open up a PR when it's ready.

That's fantastic, thank you!

Is there any chance to get some more documentation about the undocumented wifi registers without having to sign an NDA?

I'm sorry, I don't think this would have been possible even if you had an NDA with Espressif in place.
If there's something related to QEMU I can help you with in order to get closer to your goal, though, don't hesitate to open an issue!