free firmware for 88W8388

Dan Williams dcbw at
Wed Jan 23 11:37:25 EST 2008

On Wed, 2008-01-23 at 16:53 +0100, stefano.brivio at wrote:
> Citando Rózsás Gödény <rozsas.godeny at>:
> > I started to modify qemu to emulate 88W8388. Now it can load the firmware (
> > usb8388.bin) into ram and starts the firmware, albeit it drops an error
> > after some time. So it is very simple so far, I worked on it for a couple of
> > hours so far.
> > My short term goals:
> > - emulate the usb device of the 8388 and create a connection between the
> > linux kernel driver and the emulator so from linux pow starting the emulator
> > looks as plugging in the usb device
> > - modify qemu so that i/o ports of 8388 could be accessed from outside of
> > the emulator. I guess that the arm core of 8388 communicates with the other
> > parts (the radio interface) via io ports so if we can see which ports are
> > read/written by the arm core we can do the same from the free firmware.
> >
> > Anyway, if we want to write the free firmware, a good emulator of 8388 is
> > handy.
> >
> > Anybody interested ?
> I am. I'm currently analyzing the firmware, I didn't try the emulation  
> approach so far. Are you committing your work to some repository? I  
> think we can't disclose details about reverse engineering work,  
> though, if we are interested in a clean-room approach. So I'd rather  

No, you can't.  One team reverse engineers the hardware and creates a
specifications document, the second team implements (from scratch or
from unencumbered FOSS sources) the firmware that conforms to that
specification.  The two teams cannot talk about anything that deals with
the hardware/firmware other than creating the specification document.
For an example of this, see the b43 driver effort for enabling broadcom
hardware in Linux.

So one of you finds out the hardware details of the OLPC's libertas chip
(registers, IO ports, how to control the MAC, etc) and the other one of
you writes the bits necessary for emulating that hardware in QEMU.  Then
somebody else (or the person doing the QEMU bits) can go on to write the
open firmware.  But the person who reverse engineered the hardware
_cannot_ ever work on the open firmware or the QEMU emulation bits if
you want to preserve the cleanroom setup.


More information about the Devel mailing list