How to debug UEFI app via JTAG on RPi4B?

[xiongyw]

My current status:

• I can boot into UEFI Shell and then directly boot vmlinux (which comes with EFI_STUB), using a USB stick: FS0:\> vmlinux-5.11.0-38 initrd=\initrd.img-5.11.0-38 root=/dev/sda2 . The kernel and initrd are copied from a ubuntu 21.04 installation on QEMU VM.
• I enabled PcdDebugEnableJTAB at build command line (--pcd gRaspberryPiTokenSpaceGuid.PcdDebugEnableJTAG=1). Using the RPI_EFI.fd built, OpenOCD can connect to RPi4B via JTAG successfully. (I also added enable_jtag_gpio=1 and gpio=22-27=np in config.txt).

Now I am wondering if there is a guide on how to debug the firmware drivers/apps? For example, after entering UEFI Shell, I want to step through the EFI_STUB to inspect the kernel boot sequence, but I don't know where to set the break point since the load address of vmlinux is unknown to me.

Any pointer will be appreciated.

Thanks!

[jlinton]

So, I had hoped someone else would answer this, because I tend to do most of my development via printfs, only reaching for the jtag probe when I think its really going to allow me to catch something I can't dump.

So, you are asking about debugging UEFI with jtag, and it sounds like you have the jtag probe working, so the one remaining bit is actually getting useful information out of it. But there is a bit of confusion about vmlinux, which will require slightly different debugging procedures, and probably isn't really a topic here, rather on a kernel/etc forum.

So, to debug uefi with openocd/gdb probably the easiest way is to build a debug build of the firmware, attach a serial port to the rpi and capture all the "add-symbol-file" messages that appear. Then redirect them into your GDB session. Adding set confirm off at the top of your gdb init helps to avoid all the yes/no prompting.

(gdb) add-symbol-file /home/jlinton/rpi2/Build/RPi4/DEBUG_GCC5/AARCH64/MdeModulePkg/Application/UiApp/UiApp/DEBUG/UiApp.dll 0x3394F000
 add symbol table from file "/home/jlinton/rpi2/Build/RPi4/DEBUG_GCC5/AARCH64/MdeModulePkg/Application/UiApp/UiApp/DEBUG/UiApp.dll" at
        .text_addr = 0x3394f000
 Reading symbols from /home/jlinton/rpi2/Build/RPi4/DEBUG_GCC5/AARCH64/MdeModulePkg/Application/UiApp/UiApp/DEBUG/UiApp.dll...

Then you can set breakpoints/etc by the symbols, or look at backtraces. ex:

^C
Program received signal SIGINT, Interrupt.
0x0000000036f4c2a4 in CpuSleep ()
(gdb) bt
#0  0x0000000036f4c2a4 in CpuSleep ()
#1  0x0000000039f8fe5c in CoreDispatchEventNotifies (Priority=16) at /home/jlinton/rpi2/edk2/MdeModulePkg/Core/Dxe/Event/Event.c:186
#2  CoreRestoreTpl (NewTpl=4) at /home/jlinton/rpi2/edk2/MdeModulePkg/Core/Dxe/Event/Tpl.c:133
#3  0x0000000039f9097c in CoreSignalEvent (UserEvent=0x36a22a98) at /home/jlinton/rpi2/edk2/MdeModulePkg/Core/Dxe/Event/Event.c:549
#4  0x0000000039f90afc in CoreWaitForEvent (NumberOfEvents=1, UserEvents=0x3b3ff5b8, UserIndex=0x3b3ff5a8) at /home/jlinton/rpi2/edk2/MdeModulePkg/Core/Dxe/Event/Event.c:685
#5  0x0000000036d50ec0 in UiWaitForEvent (Event=<optimized out>) at /home/jlinton/rpi2/edk2/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c:1459
#6  UiDisplayMenu (FormData=<optimized out>) at /home/jlinton/rpi2/edk2/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c:3217
#7  FormDisplay (FormData=<optimized out>, UserInputData=<optimized out>, FormData=<optimized out>) at /home/jlinton/rpi2/edk2/MdeModulePkg/Universal/DisplayEngineDxe/FormDisplay.c:4170
#8  0x0000000036ea8c34 in DisplayForm () at /home/jlinton/rpi2/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Presentation.c:1744
#9  SetupBrowser (Selection=0x34cca718) at /home/jlinton/rpi2/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Presentation.c:2540
#10 SendForm (This=<optimized out>, Handles=<optimized out>, HandleCount=<optimized out>, FormSetGuid=<optimized out>, FormId=<optimized out>, ScreenDimensions=<optimized out>, 
    ActionRequest=<optimized out>, ActionRequest=<optimized out>, FormId=<optimized out>, FormSetGuid=<optimized out>, HandleCount=<optimized out>, Handles=<optimized out>)
    at /home/jlinton/rpi2/edk2/MdeModulePkg/Universal/SetupBrowserDxe/Setup.c:549
#11 0x0000000033958e24 in CallFrontPage () at /home/jlinton/rpi2/edk2/MdeModulePkg/Application/UiApp/FrontPage.c:330
#12 UiEntry (ConnectAllHappened=0 '\000') at /home/jlinton/rpi2/edk2/MdeModulePkg/Application/UiApp/FrontPage.c:1031
#13 InitializeUserInterface (ImageHandle=<optimized out>, SystemTable=<optimized out>) at /home/jlinton/rpi2/edk2/MdeModulePkg/Application/UiApp/FrontPage.c:975
#14 ProcessModuleEntryPointList (SystemTable=<optimized out>, ImageHandle=<optimized out>) at /home/jlinton/rpi2/Build/RPi4/DEBUG_GCC5/AARCH64/MdeModulePkg/Application/UiApp/UiApp/DEBUG/AutoGen.c:683
#15 _ModuleEntryPoint (ImageHandle=<optimized out>, SystemTable=<optimized out>) at /home/jlinton/rpi2/edk2/MdePkg/Library/UefiApplicationEntryPoint/ApplicationEntryPoint.c:58
#16 0x0000000039f88d78 in CoreStartImage (ImageHandle=0x0, ExitDataSize=0x0, ExitData=0x1) at /home/jlinton/rpi2/edk2/MdeModulePkg/Core/Dxe/Image/Image.c:1691
#17 0x0000000036d11914 in EfiBootManagerBoot (BootOption=BootOption@entry=0x36d23350) at /home/jlinton/rpi2/edk2/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c:2039
#18 0x0000000036d13930 in EfiBootManagerHotkeyBoot () at /home/jlinton/rpi2/edk2/MdeModulePkg/Library/UefiBootManagerLib/BmHotkey.c:333
#19 BdsEntry (This=<optimized out>) at /home/jlinton/rpi2/edk2/MdeModulePkg/Universal/BdsDxe/BdsEntry.c:1049
#20 0x0000000039f8cb0c in DxeMain (HobStart=<optimized out>) at /home/jlinton/rpi2/edk2/MdeModulePkg/Core/Dxe/DxeMain/DxeMain.c:567
#21 ProcessModuleEntryPointList (HobStart=<optimized out>) at /home/jlinton/rpi2/Build/RPi4/DEBUG_GCC5/AARCH64/MdeModulePkg/Core/Dxe/DxeMain/DEBUG/AutoGen.c:562
#22 _ModuleEntryPoint (HobStart=<optimized out>) at /home/jlinton/rpi2/edk2/MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.c:46
#23 0x0000000000027518 in mFontBin ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) c
Continuing.

You should see add-symbol-file outputs for most things that get run, and have debugging information, including the uefi shell itself. From there a good place to start tends to be the module entrypoints/etc.