PalmT|T3, T|C, T|E2: Suspend-to-mem without reflashing bootloader (UPDATED #2)
It's now possible to use suspend-to-mem without reflashing FlashROM on Palm Tungsten T3. How it's done after the break. Also, PalmTC and PalmTE2 have similar loaders so it might not take too long to see suspend on them as well.
A little bit of theory and notes on T3 loader:
1) The bootloader sets up TTB at PA 0xa0004000 and starts MMU with mapping 0x0 VA <-> 0xa0000000 PA
2) The bootloader checks if there is already TTB in RAM (?) by verifying if there is 0x0a at 0xa0004800 (this might not be absolutely correct, but it works with that).
3) The bootloader checks if RCSR = 0x04 (CPU was put to sleep)
If above conditions are met, lots of things happen and you end up at 0x10 VA and do what you can. Basically we load our wakeup code there from linux before we go to sleep.
OK, so here you are at 0x10 VA, MMU running, what now? Well what else, set up mapping between 0x00 and 0xa0000000 and jump to 0xa0000000 + previously calculated jump offset. Now you are at 0xa0000000* VA, that's good so shut down the MMU. After that, you are still at 0xa0000000*, but it became PA. Well this is even better, but the bootloader set TTB at 0xa0004000 (and overwrote linux's one). This can be solved by reserving a page at 0xa0008000, 0x4000 bytes big and before going ZzZ we just copy linux's TTB there from the backup. Once we cut off the MMU, we copy it back from undamaged location. Now the only thing that remains is to jump to contents of PSPR and enter back into linux.
The wakeup loader source is here: http://marex.hackndev.com/palmtt3-wakeloader.S
As for the platform code, you'll have to wait a while till I clean it up.
UPDATE: here is reference implementation for PalmTE2, it's the same on T3: http://marex.hackndev.com/palmte2-reference-pm.patch
UPDATE2: PalmTE2 and PalmTC can wake up using this mechanism as well.
* + calculated jump offset + a few instructions further
PA = physical address
VA = virtual address