帮同学宣传一下http://shop57644665.taobao.com/

协议栈原语（primitive）与消息（message）的区别如下：

原语是上下层协议栈实体用来交换信息的，而消息是对等实体之间交换信息的。

如设备端mm与rr之间是原语，而设备与网络端rr之间则是消息。



帮同学宣传一下http://shop57644665.taobao.com/

本节描述了SIM向GSM的MM和GMM提供的信息。

在GSM协议11.11中对GSM操作的前提有如下描述

For a SIM of Phase 2 or greater, GSM operation shall only start if one of the two following conditions is

fulfilled:

- if EFIMSI and EFLOCI are not invalidated, the GSM operation shall start immediately;

- if EFIMSI and EFLOCI are invalidated, the ME rehabilitates these two EFs.

那么SIM应该提供哪些信息呢？流程是什么样的呢？

Afterwards, the ME runs the following procedures:

- Administrative Information request;

- SIM Service Table request;

- IMSI request;

- Access Control request;

- HPLMN Search Period request;

- PLMN selector request;

- Location Information request;

- Cipher Key request;

- BCCH information request;

- Forbidden PLMN request;

- CBMID request;

- Depersonalisation Control Keys request

- Network’s indication of alerting request (if $(NIA)$ is supported)

好了，我们来看看TI是如何实现这部分协议栈的代码的吧。

总的流程如下（app_sim_read_parameters函数中）

result = app_fdn_bdn_procedures (sim_mmi_insert_ind);

if ((result EQ SIM_NO_OPERATION) OR

!app_sim_mm_insert_ind (sim_mmi_insert_ind))

app_sim_mmi_insert_ind (sim_mmi_insert_ind, SIM_NO_OPERATION);

else

app_sim_mmi_insert_ind (sim_mmi_insert_ind, result);

PSENDX (MMI, sim_mmi_insert_ind);

if (result NEQ SIM_NO_OPERATION)

app_sim_sms_insert_ind ();

在app_fdn_bdn_procedures函数中会对SIM的IMSI和LOCI是否支持进行判断，同时对bdn和fdn进行判断。

当然一般的SIM卡肯定不会是SIM_NO_OPERATION的，所以必然会进行app_sim_mm_insert_ind (sim_mmi_insert_ind)。

GLOBAL UBYTE app_sim_mm_insert_ind (T_SIM_MMI_INSERT_IND * sim_mmi_insert_ind)

{

//首先分配一个SIMMM协议原语

PALLOC (sim_mm_insert_ind, SIM_MM_INSERT_IND);

SIM_CLEAR_FLAG (TEST_SIM_INSERTED);

//读取administrative data

if (FKT_Select (SIM_AD, response, SIM_MIN_EF_ST_LEN) EQ SIM_NO_ERROR)

sim_mm_insert_ind->c_ad = (UBYTE)length;

if(FKT_ReadBinary ((UBYTE *)&sim_mm_insert_ind->ad, 0, length) EQ SIM_NO_ERROR)

//如果ad[0]&0x80为真表示这是一张测试卡

if(sim_mm_insert_ind->ad[0] & 0x80)

{

SIM_SET_FLAG (TEST_SIM_INSERTED);

#if defined SIM_TOOLKIT

SIM_SET_FLAG (TEST_MODE_POLLING);

#endif

}

/*

* read IMSI (set to zero in case of error)

*/

memset (&sim_mmi_insert_ind->imsi_field, 0, sizeof (T_imsi_field));

if (FKT_Select (SIM_IMSI, NULL, 0) EQ SIM_NO_ERROR)

{

if (FKT_ReadBinary ((UBYTE *)&sim_mm_insert_ind->imsi_field, 0, MAX_IMSI)

…………..

}

/*

* Modify polling algorithm in case of HPLMN == Test Network

*/

if ((sim_mm_insert_ind->imsi_field.c_field >= 3) AND

((sim_mm_insert_ind->imsi_field.field[0] & 0xF7) EQ 0x01) AND

(sim_mm_insert_ind->imsi_field.field[1] EQ 0x10) AND

(sim_mm_insert_ind->imsi_field.field[2] EQ 0x10))

{

SIM_SET_FLAG (TEST_SIM_INSERTED);

#if defined SIM_TOOLKIT

SIM_SET_FLAG (TEST_MODE_POLLING);

#endif

}

/*

* read location information

*/

if (FKT_Select (SIM_LOCI, NULL, 0) EQ SIM_NO_ERROR)

/*

* Access control classes

*/

if (FKT_Select (SIM_ACC, NULL, 0) EQ SIM_NO_ERROR)

/*

* BCCH information

*/

if (FKT_Select (SIM_BCCH, NULL, 0) EQ SIM_NO_ERROR)

/*

* KC and cipher key sequence number

*/

if (FKT_Select (SIM_KC, NULL, 0) EQ SIM_NO_ERROR)

/*

* Read Preferred PLMNs

*/

if (SIM_IS_FLAG_SET (SERVICE_7_SUPPORT))

{

if (FKT_Select (SIM_PLMNSEL, response, SIM_MIN_EF_ST_LEN) EQ SIM_NO_ERROR)

/*

* Read forbidden PLMNs

*/

if (FKT_Select (SIM_FPLMN, NULL, 0) EQ SIM_NO_ERROR)

/*

* Read Acting HPLMN 

*/

FileSelRes = FKT_Select(SIM_CING_AHPLMN, NULL, 0);

#if defined (GPRS)

gprs_gmm_insert_ind (sim_mm_insert_ind);

#endif

/*

* send information to mobility management

*/

PSENDX (MM, sim_mm_insert_ind);

SIM_SET_FLAG (MM_KNOWS_FROM_SIM);

}



帮同学宣传一下http://shop57644665.taobao.com/

SIM协议栈实体在系统启动时会进行什么样的初始化步骤呢？以下以TI的协议栈实现来分析。

在app_init_sim_data这个函数中注册了SIM的insert和remove的hook函数。

simdrv_register(app_sim_insert, app_sim_remove);

GLOBAL void app_sim_insert( T_SIMDRV_atr_string_info *atr_string_info,

U8 config_requested,

T_SIMDRV_config_characteristics *config_characteristics)

{

//在ATR处理完成后，首先将当前dir设为MF

sim_data.act_directory = SIM_MF;

//首先选择DFgsm

error = FKT_Select (SIM_DF_GSM, response, SIM_MIN_DMF_ST_LEN);

//如果成功选择将返回信息存入dir_status中，并设置标识

SIM_SET_FLAG (GSM_DATAFIELD);

//否则选择DF1800

error = FKT_Select (SIM_DF_1800, response, SIM_MIN_DMF_ST_LEN);

SIM_CLEAR_FLAG (GSM_DATAFIELD);

然后分配一个协议原语

T_SIM_ACTIVATE_CNF * sim_activate_cnf;

if (SIM_IS_FLAG_SET (ACTIVATION_STARTED))

{

PALLOC (sim_activate, SIM_ACTIVATE_CNF);

sim_activate_cnf = sim_activate;

}

else

{

PALLOC (sim_activate, SIM_ACTIVATE_IND);

sim_activate_cnf = (T_SIM_ACTIVATE_CNF *)sim_activate;

}

//然后读取ECC

if (FKT_Select (SIM_ECC, response, SIM_MIN_EF_ST_LEN) EQ SIM_NO_ERROR)

FKT_ReadBinary (sim_activate_cnf->ec_code, 0, length);

//然后读取LP

if (FKT_Select (SIM_LP, response, SIM_MIN_EF_ST_LEN) EQ SIM_NO_ERROR)

FKT_ReadBinary (sim_activate_cnf->pref_lang, 0, length);

//将atr也放入协议原语中

memcpy (sim_activate_cnf->atr, atr_string_info->atr_string, length);

//接着检查PIN与PUk的状态

SIM_CLEAR_FLAG (SIM_PIN_FLAG);

sim_activate_cnf->pin_cnt = FKT_check_pin_count (dir_status.pinstatus);

sim_activate_cnf->puk_cnt = FKT_check_pin_count (dir_status.unbstatus);

sim_activate_cnf->pin2_cnt = FKT_check_pin_count (dir_status.pin2status);

sim_activate_cnf->puk2_cnt = FKT_check_pin_count (dir_status.unb2status);

//然后根据pin与puk的状态设置

sim_activate_cnf->cause = SIM_CAUSE_PIN1_EXPECT/SIM_CAUSE_PIN1_EXPECT;

//如果是SIM_CAUSE_PUK1_BLOCKED则向mmi发送消息后直接返回，不在继续向MM和GMM发送消息的过程。

TRACE_EVENT (”Card blocked”);

sim_activate_cnf->cause = SIM_CAUSE_PUK1_BLOCKED;

SIM_EM_SIM_ACTIVATION_RESULT;

PSENDX (MMI, sim_activate_cnf);

SIM_CLEAR_FLAG (ACTIVATION_STARTED);

return;

//如果pin与puk不需要则继续向下执行，否则等待pin与puk的验证。

if (SIM_IS_FLAG_CLEARED (SIM_PIN_FLAG))

/*

* PIN entering is not necessary

*/

{

SIM_SET_FLAG(PIN1_VERIFIED);

TRACE_EVENT (”Read the rest of Parameters”);

app_sim_read_parameters ();

app_start_status_timer (TRUE);

}

else

{

TRACE_EVENT (”Wait for PIN/PUK entering”);

SIM_CLEAR_FLAG (MM_KNOWS_FROM_SIM);

vsi_t_stop (VSI_CALLER SIM_TIMER);

}

app_sim_read_parameters ()

{

//分配SIM_MMI_INSERT_IND协议原语

PALLOC (sim_mmi_insert_ind, SIM_MMI_INSERT_IND);

接着读取SIM的Phase

error = FKT_Select (SIM_PHASE, NULL, 0);

if (error EQ SIM_NO_ERROR)

error = FKT_ReadBinary (&sim_data.sim_phase, 0, 1);

if (sim_data.sim_phase EQ 0)

sim_data.sim_phase = 1;

if (sim_data.sim_phase > 3)

sim_data.sim_phase = 3;

Phase为1的情况下会进行如下操作

// try to read the SIM service table

if (!app_read_sim_service_table(sim_mmi_insert_ind))

{

app_sim_mmi_insert_ind (sim_mmi_insert_ind, SIM_NO_OPERATION);

return;

}

if (app_sim_mm_insert_ind (sim_mmi_insert_ind) EQ FALSE)

app_sim_mmi_insert_ind (sim_mmi_insert_ind, SIM_NO_OPERATION);

else

app_sim_mmi_insert_ind (sim_mmi_insert_ind, SIM_ADN_ENABLED) ;

PSENDX (MMI, sim_mmi_insert_ind);

app_sim_sms_insert_ind ();

Phase为2+的情况说明该sim卡支持STK服务。

stk_perform_profile_download ();

/* Update the Terminal Support table*/

if(FKT_Select(SIM_CING_TRMST, NULL, 0) EQ SIM_NO_ERROR)

{

FKT_UpdateBinary (sim_data.trmst, MAX_TRMST, 0);

}

Phase 2和2+会接着进行如下的操作

result = app_fdn_bdn_procedures (sim_mmi_insert_ind);

if ((result EQ SIM_NO_OPERATION) OR

!app_sim_mm_insert_ind (sim_mmi_insert_ind))

app_sim_mmi_insert_ind (sim_mmi_insert_ind, SIM_NO_OPERATION);

else

app_sim_mmi_insert_ind (sim_mmi_insert_ind, result);

PSENDX (MMI, sim_mmi_insert_ind);

if (result NEQ SIM_NO_OPERATION)

app_sim_sms_insert_ind ();

}

}



帮同学宣传一下http://shop57644665.taobao.com/

以data abort 为例

Data_Abort_ISR
MOV      a1,#DATA_EXCEPTION_TYPE         ; Set type DATA_ABORT (4)
MOV      a2,lr

saveException
MRS     a3,CPSR                          ; Pickup current CPSR
BIC     a3,a3,#MODE_MASK                 ; Clear the mode bits
ORR     a3,a3,#SUP_MODE                  ; Prepare to switch to supervisor mode (SVC)
MSR     CPSR_cxsf,a3                     ; Switch to supervisor mode (SVC)

LDR     a4, SYSTEM_FATAL_ERROR
BX      a4

SYSTEM_FATAL_ERROR实际是函数stack_system_error的地址
在stack_system_error函数中，首先会切换sp到一个专门为异常处理预留的内存地址上，然后根据异常传入的类型填充必要的参数后调用fatal_error_handler。

kal_fatal_error_handler(kal_char *error_message_ptr, kal_uint32 error_code, kal_uint32 os_error_code)
{
DisableIRQ();
error_param_g.param1 = (kal_uint32)error_message_ptr;
error_param_g.param2 = (kal_uint32)error_code;
error_param_g.param3 = (kal_uint32)os_error_code;
fatal_error_handler((kal_uint8 *)error_param_g.param1, error_param_g.param2, error_param_g.param3);

}
在fatal_error_handler中
{

/* lockout all interrupts */
DisableIRQ();

/* mask all interrupts */
IRQDirectMaskAll();

/*
* NoteXXX: To avoid system hang in the exception handler,
*          watchdog remains active while handling exception (if it is enabled).
*/
WDT_Restart2();

/* increase the coutner */
INT_Exception_Enter++;

/* determine if multi-level exception*/
if (INT_Exception_Enter >= 2) {

tst_sysfatal_trace((kal_uint8 *)"Caution: Possibly Endless Nested Exceptions!");

ex_reboot();
}

//以下开始准备得到reset时的系统状态。
/*
* I. Initialize the exception log.
*/
/* reset hardware */
ex_reset_hw();//dma_recover_all，L1Audio_ResetDevice，L1D_PauseDSP
/* re-start WDT again */
WDT_Restart2();

然后得到当前task，并将其优先级设为0，最高
/* get the current thread id */
current_thread = kal_get_current_thread_ID();

/* determine if the current executed task is a TASK, not a HISR */
if ((current_thread != NULL) && (kal_if_hisr() == KAL_FALSE)) {

/* raise the task priority level to the highest */
kal_change_priority((NU_TASK *)current_thread, 0);
}

/* setup param */
param.ext = KAL_FALSE;
param.e1 = param.e2 = param.e3 = 0;
param.dump_param = NULL;

/* initialize the exception log */

/* determine if ARM pre-defined exceptions */
if (err_code < ASSERT_FAIL_EXCEPTION) {

param.type = (exception_type)err_code;

param.code1 = (kal_uint32 *)&os_err_code;

param.code2 = 0;

ex_init_log(&param);

} else
//在ex_init_log中会取得当前版本信息，当前时间，当前系统堆栈信息，当前task状态，hisr状态

然后
/* output the exception log */
ex_output_log();
最后重启系统
/* reboot silently */
ex_reboot();  //使用watchdog来重启系统。

}

在系统重启后有如下一段代码
;  /* Check if abnormal reset */
LDR   a1,ABN_RST_PTR
BL    INT_SystemReset_Check
在INT_SystemReset_Check中会读取地址为0×80040018 的寄存器的值并且同0×0ffa进行比较不相等就返回否则进入kal_fatal_error_handler

关于0×80040018的这个寄存器，datasheet上如下描述Watchdog Timer Reset Signal Duration Register。This register indicates the reset duration
When Watchdog timer times out

关于这段代码，猜测是因为有可能是系统因为挂起而没有reset watchdog寄存器导致重启，这里就可以进行log的抓取。



帮同学宣传一下http://shop57644665.taobao.com/

在code已经优化的情况下的做法,其他系统类似也应该可用。

1.code放到internal ram中去执行

2.code中使用的全局变量或动态分配的内存放到internal ram中。

3.执行该code时将系统堆栈设置到internal ram中。



帮同学宣传一下http://shop57644665.taobao.com/

SELECT

COMMAND	CLASS	INS	P1	P2	P3
SELECT	‘A0′	‘A4′	‘00′	‘00′	‘02′

Command parameters/data:

Byte(s)	Description	Length
1-2	File ID	2

Response parameters/data in case of an MF or DF:

Byte(s)	Description	Length
1-2	- RFU	2
3 - 4	Total amount of memory of the selected directory which is not allocated to any of the DFs or EFs under the selected directory	2
5 – 6	File ID	2
7	Type of file	1
8 - 12	RFU	5
13	Length of the following data (byte 14 to the end)	1
14 - 34	GSM specific data	21

GSM specific data:

Byte(s)	Description	Length
14	File characteristics	1
15	Number of DFs which are a direct child of the current directory	1
16	Number of EFs which are a direct child of the current directory	1
17	Number of CHVs, UNBLOCK CHVs andadministrative codes	1
18	RFU	1
19	CHV1 status	1
20	UNBLOCK CHV1 status	1
21	CHV2 status	1
22	UNBLOCK CHV2 status	1
23	RFU	1
24 - 34	Reserved for the administrative management 0 . lgth	11

Response parameters/data in case of an EF:

Byte(s)	Description	Length
1-2	RFU	2
3 -4	File size(for transparent EF: the length of the body part of the EF)(for linear fixed or cyclic EF: record length multiplied by the number of records of the EF)	2
5 - 6	File ID	2
7	Type of file	1
8	For transparent and linear fixed EFs this byte is RFU. For a cyclic EF all bits except bit 7 are RFU;b7=1 indicates that the INCREASE command is allowed on the selected cyclic file.	1
9 - 11	Access conditions	3
12	File status	1
13	Length of the following data (byte 14 to the end)	1
14	Structure of EF	1
15	Length of a record	1
16 and following	RFU	-

Read the rest of this post »



帮同学宣传一下http://shop57644665.taobao.com/

对SIM卡的操作必须严格按照GSM规范规定的协议进行。其格式如下：

•CLA •INS • P1 • P2 • P3 • Data
SIM卡返回数据格式如下：
Data •               SW1 • SW2

CLA：指令的类型
INS:指令代码。
P1,P2,P3：指令参数，其中P3表示data的长度。P3=00表示返回256字节长度的data。
SW1，SW2表示命令成功与否的状态。

在T=0的情况下，一些函数在使用select指令后需要使用get response指令并使用参数来得到对应的数据。
如果事先并不知道返回数据的长度，那么在第一个命令的返回状态中将会包括对应的长度。

SIM卡操作指令表如下
Read the rest of this post »



帮同学宣传一下http://shop57644665.taobao.com/

以下是一些比较重要的SIM卡中包含的EF信息。
EFLP (Language preference)
包含一个或多个语言的代码。
Identifier: ‘6F05′    Structure: transparent    Mandatory
File size: 1-n bytes                Update activity: low
Access Conditions:
READ           ALW
UPDATE        CHV1
INVALIDATE     ADM
REHABILITATE  ADM
Bytes Description                   M/O      Length
1 1st language code (highest prior.)    M        1 byte
2 2nd language code                 O           1 byte
n nth language code (lowest prior.)    O           1 byte

EFIMSI (IMSI)
包含IMSI(International Mobile Subscriber Identity)信息
Identifier: ‘6F07′ Structure: transparent Mandatory
File size: 9 bytes Update activity: low
Access Conditions:
READ CHV1
UPDATE ADM
INVALIDATE ADM
REHABILITATE CHV1
Bytes Description M/O Length
1 length of IMSI M 1 byte
2 - 9 IMSI M 8 bytes

EFKc (Ciphering key Kc)
包含用来加密的信息
Identifier: ‘6F20′ Structure: transparent Mandatory
File size: 9 bytes Update activity: high
Access Conditions:
READ CHV1
UPDATE CHV1
INVALIDATE ADM
REHABILITATE ADM
Bytes Description M/O Length
1 - 8 Ciphering key Kc M 8 bytes
9 Ciphering key sequence number n M 1 byte

EFPLMNsel (PLMN selector)
包含Mobile Network Code (MNC).和Mobile Country Code (MCC)信息
Identifier: ‘6F30′ Structure: transparent Optional
File size: 3n (n . bytes Update activity: low
Access Conditions:
READ CHV1
UPDATE CHV1
INVALIDATE ADM
REHABILITATE ADM
Bytes Description M/O Length
1 - 3 1st PLMN (highest priority) M 3 bytes
22 - 24 8th PLMN M 3 bytes
25 - 27 9th PLMN O 3 bytes
(3n-2)-3n nth PLMN (lowest priority) O 3 bytes
Read the rest of this post »