I have no simple method yet, but I think I'm on the right path to it, so let me share so that others can chip in and help us crack this -c one also.
The TDS3000 series all have the 100 pin expansion port on the back side. On there not only a PCMICIA type of port with the PowerPC XC860 CPU address and data bus, a half-way pre-DAC VGA video out, two TTL level serial ports, pre-PHY Ethernet (early models) but also the legacy Motorola/Freescale/NXP BDM port. That's some 7 TTL level i/o pins for the Background Debugger Mode.
The BDM port gave me debugger access into my older -nothing TDS3034 internal computer and enables r/w access to the flash roms on the mainboard. With the right tools (I used a legacy Abatron BDM2000) one can upload the entire rom image. And download a different image. The image can then be further analysed, decoded, disassembled. One can see the ascii text that explains e.g. why a FW3.39 does support the MCONFIG trick, while the FW3.34 does not. Or why the -c models don't do BULLDOG, while -b and -nothing does. Or why -b can go up to 3064 while -nothing stops at 500 MHz max bandwidth.
The ROM images are more I think than what's on the firmware floppy disks. I think the floppy disks don't have boot rom parts, and also it looks like the flash rom has some partitions for disk / file system emulation. Likely a file with settings in there that specifies the model / bandwidth. Maybe a file for the Ethernet MAC address. It's VxWorks technology, Wind River, inside. All that's in their BSP Developer Guide user manual seems to fit in.
So I have binary files now for firmware 3.39 and 3.41, and versions of that before and after letting BULLDOG bark MCONFIG TDS3034 / TDS3054 etc.
Although not yet 100% confirmed, it looks pretty much like the only difference between 3034 and 3054 is just what's inside the flash roms. So nothing in the NVRAM, nothing flashed internally in the CPU or elsewhere on the main board.
I am thus inclined to believe that also for the 3.41 firmware and also with the -c models, all that's needed is to reflash (or physically desolder and swap two rom chips).
But I don't have any -c tds3000 scopes, so i cannot test this.
Anyone out there willing to try and share uploaded tds30xx-c rom images? So willing to read & share the flash rom images for a -c with the different bandwidths? All it takes is willingness to plug in a module in the back of the scope, one that has the BDM signals from he 100 pin connector wired to a 10 or 26 pin header, and then something like a BDM2000 or BDM3000 or maybe something more modern like one of those USB BDM adapters? See posts elsewhere in forum on TDS3000 and which signals, which connector type, naked connectors with flying leads or full prototyping boards etc.
Home
Help
Search
Login
Register
