Can Missing mpk Code be added via NVRAM

forjack842 · February 16, 2016, 2:47am

Guys, I'm fighting a real bitch of a problem. I've got 2 Tadpole Bullfrog sun4u laptops. One just lost is NVRAM battery - invalid IDPROM. The idprom is virtually all zeros. Clock ticks, NVRAM appears good...testing with and with battery out. Our damn Tadpole boys removed virtually every method of writing back (using mpk, mpkl, eeprom, pgmap), the format/type, hostid, ether addr, etc. After days searching/trying everything including "set-host-id" I'm wondering if the f-code for the function mkp could be written to the nvram allowing the idprom area to be restored. I haven't been able to find a Open Boot source to maybe retrieve the mkp code and recompile.
Any ideas?
Thanks
Jack KG6INX

gull04 · February 16, 2016, 2:51am

Hi,

Is this just to restore the hostid or is there more required here, re-writing the prom is pretty long winded if you have to do it.

Regards

Gull04

forjack842 · February 16, 2016, 3:10am

Hi Man,
Well there's about 16 bytes plus/minus that holds the data and a command line computed checksum. Looks that even Sun removed the mkp in later firmware; typical!
Like this:

1 0 mkp
real-machine-type 1 mkp
8 2 mkp
0 3 mkp
20 4 mkp
c0 5 mkp
ff 6 mkp
ee 7 mkp
0 8 mkp
0 9 mkp
0 a mkp
0 b mkp
c0 c mkp
ff d mkp
ee e mkp
0 f 0 do i idprom@ xor loop f mkp

gull04 · February 16, 2016, 3:38am

Hi,

Are these SPARC II or III, also can you get to the obp?

Regards

Gull04

forjack842 · February 17, 2016, 2:37am

Morning,
These are both Ultra Sparc 3's, with Solaris 10U13 set up as a home IPF/NAT servers. One operational/one backup. These Bullfrog laptops are expanded to virtual desktop configuration having the bottom added cardcage installed to permit one full size board to be added.Uses a M48T59Y NVRAM chip with battery tophat snap on.
I ave full root access to both, and full access to OBP to do the usual boot params and the like. Units are both fully operational. The one with the "invalid IDPROM" will manually boot and function fine. Auto-boot fails due to IDPROM issue.

The OBP fcode is further limited missing idprom@, mkp, mkpl, attributes/properties, pgmap, mappg, commands, also eeprom access via within Solaris is not implemented, c! dump works. There maybe more fcode commands that work/or are missing. These are what I've come across so far.

My possible resolution thoughts:
1)With the eeprom access not implemented, is there a Solaris freeware like utility that can access NVRAM directly? Like a command line software tool that can search all memory, including NVRAM, for a set of bytes and allow those memory locations to be altered?

2) Is there an OBP source around that the mkp source can be used to manually fcode up in NVRAM

3)I thought of installing the earliest firmware hoping the mkp, eeprom, etc are available like the earlier Sun OBPs. Have not found any of the earlier firmwares so far.

4) I can remove/install the invalid NVRAM chip with battery externally attached allowing me to program in those corrupt 16 bytes and reinstalling. This is a pain in the ass though! I still need to find the exact physical locations.

---------- Post updated at 11:37 PM ---------- Previous update was at 09:37 AM ----------

Figured it out finally! BAM!

IDProm locations:
Bullfrog-1

FFF17A58 = 01	 Format
FFF17A59 = 80	 Type
FFF17A5A = 00	 Ethernet Addr
FFF17A5B = 00	 Ethernet Addr
FFF17A5C = 83	 EthernetAddr
FFF17A5D = D1 Ethernet Addr
FFF17A5E = 00	 Ethernet Addr
FFF17A5F = 8D	 Ethernet Addr
FFF17A60 = 00	 Date
FFF17A61 = 00	 Date
FFF17A62 = 00  Date
FFF17A63 = 00	 Date
FFF17A64 = D1	 Serial
FFF17A65 = 00	 Serial
FFF17A66 = F0	 Serial
FFF17A67 = 7F	 Checksum

OBP Commands:

FFF17A58 10 dump		displays 16 bytes
FFF17A58 C?  	                Displays content of address (is 01)
n FFF17A58 C!	 	        Store byte "n" in address
show-devices		        Find address of eeprom
			                IDProm 1000h below that

Calculate Checksum using Windows calculator in Programmer mode:
B is for Byte.

B1 xor B2 xor B3 xor B4 xor B5 xor B6 xor B7 xor B8 xor B9 xor B10 xor B11 xor B12.....B15 = B16

gull04 · February 17, 2016, 3:12am

Hi,

I'm pretty sure that you should be able to repair this using "nvedit", to start the session you will need to run.

ok setenv use-nvramrc? true

Then at the end of the edit session, you'll have to run the nvstore command. You may be able to get some guidance from the Oracle site on exactly what you have to change to action the changes that you need.

Regards

Gull04

forjack842 · February 18, 2016, 1:04am

Morning,
Finally located the memory locations that hold the Ethernet Addr, Serial, Date, and Checksum which make up the IDPROM. What's so damn time consuming is taking what information is available and getting it to work on your system. In the last 10 or years vendors have removed some to most of the commands used in the documentation. Both versions of the Sun OBP Ref Manual are good but a command syntax example is worth its weight in gold.
In any case there's the How to:
IDProm locations:
Bullfrog-1

FFF17A58 = 01	Format
FFF17A59 = 80	Type
FFF17A5A = 00	Ethernet Addr
FFF17A5B = 00	Ethernet Addr
FFF17A5C = 83	EthernetAddr
FFF17A5D = D1 Ethernet Addr
FFF17A5E = 00	Ethernet Addr
FFF17A5F = 8D	Ethernet Addr
FFF17A60 = 00	Date
FFF17A61 = 00	Date
FFF17A62 = 00 Date
FFF17A63 = 00	Date
FFF17A64 = D1	Serial
FFF17A65 = 00	Serial
FFF17A66 = F0	Serial
FFF17A67 = 7F	Checksum

OBP Commands:

FFF17A58 10 dump	displays 16 bytes
FFF17A58 C? Displays content of a single address (is 01)
n FFF17A58 C!	Store byte "n" in address
show-devices	Find address of eeprom

IDProm is within 1000h below that
Calculate Checksum using Windows calculator in Programmer mode:

B is for Byte.
B1 xor B2 xor B3 xor B4 xor B5 xor B6 xor B7 xor B8 xor B9 xor B10 xor B11 xor B12.....B15 = B16

Regarding "nvedit" as much as I have read, this utility can't be used to edit a specific address, rather is designed to use a specific area NVRAM space for commands.

Thanks for your help,
Jack KG6INX

---------- Post updated at 09:44 PM ---------- Previous update was at 09:43 AM ----------

To my amazement, when I entered the new 16 bytes of data, the banner was correct. Resetting and BAM! everything was invalid again. Come to find that the OBP copies the 16 bytes out of battery backed memory to a non battery backed up buffer. Further digging found the "IDPROM" string in battery backed memory. Input the 16 bytes there and whalla everything is valid even after a complete power cycle. Use the commands and checksum calculations I posted previously below.

FFF19FD8 = 01	Type
FFF19FD9 = 80	Type
FFF19FDA = 00	Ethernet Addr
FFF19FDB = 00	Ethernet Addr
FFF19FDC = 83	EthernetAddr
FFF19FDD = D1 Ethernet Addr
FFF19FDE = 00	Ethernet Addr
FFF19FDF = 8D	Ethernet Addr
FFF19FD0 = 00	Date
FFF19FE1 = 00	Date
FFF19FE2 = 00 Date
FFF19FE3 = 00	Date
FFF19FE4 = D1	Serial
FFF19FE5 = 00	Serial
FFF19FE6 = F0	Serial
FFF19FE7 = 7F	Checksum

---------- Post updated at 10:04 PM ---------- Previous update was at 09:44 PM ----------

Well after burning a bunch of hours finally getting my invalid IDPROM restored the hard way, Flextronics Support surprised me tonight with the correct "passphrase" to restore the host-id easily. This process correctly restores the entire 16 bytes of the battery backed IDPROM data.

So for all to find and use, the Tadpole Bullfrog-1 host-id restore is as follows:

After restart:
ok
set-defaults
ok your host-id
ok set-host-id
Entering an invalid code.....bla bla bla

Enter passphrase: 9301984
Please reset the board.....bla bla

Any other response after entering the passphrase means is was the wrong code.

SPARCLE:

 passphrase is 930984

Hope this helps all the Tadpole SPARC Laptop owners.

Jack KG6INX