Where does Open Firmware "live"?

[darthnVader]

I appear to have finally succeeded at getting a OF rom from a device. Here is this one from my main Mac OS 9 machine (a Pismo). I should probably try this on my Mac Mini sometime because the later models tend to have less bugs and more features. It looks like the Mini might even be able to write to files from an OF prompt, which I have never been able to do on any other OF machine.

The ROM image starts at phys address 0xFFF00000, and begins with the PPC vector table. I think offset 0x100 is the reset vector where the rom boots up. I haven't bothered tracing the execution path yet.

What were the exact commands you used to dump the BootROM, that never was clear?

[Daniel]

I have no idea what I actually did back then, but my first attempt to do it worked. Just copy and paste this into the console after you get telnet working.

Code: [Select]

dev /cpus/@0
100000 4 claim dup fff00000 swap 100000 10 map 100000 dump

This only works on NewWorld machines. On OldWorld ones, phys 0xFFF00000 is already mapped in as part of the rom chip. It's even easier for them (except that you have to use serial):

Code: [Select]

fff00000 100000 dump