abhas
/
esphome-xiaomi_bslamp2
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 16 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
192 Commits
11 Branches
67 MiB
Tree: ed506137f0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ed506137f0'
${ noResults }
esphome-xiaomi_bslamp2/doc/technical_details.md

365 lines
16 KiB
Raw Normal View History

Added hardware information docs.
3 years ago
'Technical details' is better than 'Hardware information'.
3 years ago
Added hardware information docs.
3 years ago
Add platform package requirement info Explained the need for a custom platform package for arduino-esp32 in the technical information.
3 years ago
Added boot messages from the original firmware.
3 years ago
Added hardware information docs.
3 years ago
Helping my OCD-inflicted colleagues.
3 years ago
Added hardware information docs.
3 years ago
Helping my OCD-inflicted colleagues.
3 years ago
Added hardware information docs.
3 years ago
Helping my OCD-inflicted colleagues.
3 years ago
Added hardware information docs.
3 years ago
Helping my OCD-inflicted colleagues.
3 years ago
Added hardware information docs.
3 years ago
Helping my OCD-inflicted colleagues.
3 years ago
Added hardware information docs.
3 years ago
Update hardware.md
3 years ago
Added hardware information docs.
3 years ago
Update hardware.md
3 years ago
Added hardware information docs.
3 years ago
Update hardware.md
3 years ago
Added hardware information docs.
3 years ago
Update hardware.md
3 years ago
Added hardware information docs.
3 years ago
Update hardware.md
3 years ago
Added hardware information docs.
3 years ago
Update hardware.md
3 years ago
Added hardware information docs.
3 years ago
Update hardware.md
3 years ago
Added hardware information docs.
3 years ago
Update hardware.md
3 years ago
Added hardware information docs.
3 years ago
Added boot messages from the original firmware.
3 years ago
Add platform package requirement info Explained the need for a custom platform package for arduino-esp32 in the technical information.
3 years ago
Added boot messages from the original firmware.
3 years ago
Added hardware information docs.
3 years ago
 
  1. < [Known issues](known_issues.md) | [Index](../README.md) | [Sponsoring](sponsoring.md) >
  2. 

  3. # Technical details

  4. 

  5. In this section, you can find some of the information that was gathered
  6. during the reverse engineering of the Bedside Lamp 2 hardware.
  7. 

  8. Table of contents:
  9. 

  10. * [High level overview](#high-level-overview)
  11. * [ESP32 pinout](#esp32-pinout)
  12. * [Front panel](#front-panel)
  13. * [Build requirements](#build-requirements)
  14. * [Original firmware](#original-firmware)
  15. 

  16. 

  17. ## High level overview

  18. 

  19. No documentation is complete without some ASCII art schematics.
  20. 

  21. ```
  22.                                     RX/TX/GND for
  23.    12V power supply                 flashing and logs
  24.          |                               |           
  25.          v                               |                 Front panel
  26.  +---------------+                  +---------------+         .---.
  27.  | Power supply  |---- 3.3V -.----->| ESP-WROOM-32D |<- I2C ->| O | -- color
  28.  +---------------+            \     | single core   |         |   |    button
  29.          |                     \    | 4 MB flash    |<- IRQ --| | |
  30.         12V                     \   +---------------+         | | |
  31.          |                       `-------|------------------->| | | -- slider
  32.          v                               |                    | | |
  33.  +---------------+                       |                    | | |
  34.  | RGB and white |<---- RGBW + master ---+                    |   |    power
  35.  | LED circuitry |      PWM    on/off                         | O | -- button
  36.  +---------------+                                            `---`
  37. ```
  38. 

  39. The LED circuitry provides two light modes:
  40. 

  41. * Colored RGB light;
  42. * Warm to cool white light.
  43. 

  44. The front panel of the device contains a two touch buttons (power on/off and
  45. color selection) and a touch slider (for setting the brightness level). This
  46. panel is lit when the device is turned on. The light behind the slider will
  47. represent the actual brightness setting of the device.
  48. 

  49. 

  50. ## ESP32 pinout

  51. 

  52. In the following image, you can find the pinout as used for the ESP32:
  53. 

  54. <img src="images/hardware/ESP32_pinout.jpg" width="600">
  55. 

  56. Here's an overview of all exposed pins of the chip, starting at the GND +
  57. 3.3V pins, and going anti-clockwise. The table shows not only the functions
  58. of the pins that are actually in use by the lamp's circuitry, but also the
  59. pins that are not in use and their possible use.
  60. 

  61. | PIN  | GPIO#  | Function  | Description                    | Possible use |
  62. |------|--------|-----------|--------------------------------|--------------|
  63. | GND  |        | Ground    | Connected to ground            | -            |
  64. | 3.3V |        | Power     | Power supply input             | -            |
  65. | 9    |        | Reset     | Can be pulled to GND to reset  | -            |
  66. | 5    | GPIO36 | -         |                                | IN           |
  67. | 8    | GPIO39 | -         |                                | IN           |
  68. | 10   | GPIO34 | -         |                                | IN           |
  69. | 11   | GPIO35 | -         |                                | IN           |
  70. | 12   | GPIO32 | -         |                                | IN/OUT       |
  71. | 13   | GPIO33 | LEDs      | LEDs, master switch 1          | -            |
  72. | 14   | GPIO25 | ???       | 10k pull up, unknown function  | IN/OUT (1)   |
  73. | 15   | GPIO26 | -         |                                | IN/OUT       |
  74. | 16   | GPIO27 | -         |                                | IN/OUT       |
  75. | 17   | GPIO14 | LEDs      | LEDs, green PWM channel        | -            |
  76. | 18   | GPIO12 | LEDs      | LEDs, white PWM channel        | -            |
  77. | GND  |        | Ground    | Connected to ground            | -            |
  78. | 20   | GPIO13 | LEDs      | LEDs, red PWM channel          | -            |
  79. | 28   | GPIO9  | SPI       | SPI flash memory               | -            |
  80. | 29   | GPIO10 | SPI       | SPI flash memory               | -            |
  81. | 30   | GPIO11 | SPI       | SPI flash memory               | -            |
  82. | 31   | GPIO6  | SPI       | SPI flash memory               | -            |
  83. | 32   | GPIO7  | SPI       | SPI flash memory               | -            |
  84. | 33   | GPIO8  | SPI       | SPI flash memory               | -            |
  85. | 21   | GPIO15 | -         |                                | IN/OUT (2)   |
  86. | 22   | GPIO2  | ???       | Debug pad, unknown function    | IN/OUT (3)   |
  87. | 23   | GPIO0  | Boot mode | Pull to GND for flashing mode  | -            |
  88. | 24   | GPIO4  | LEDs      | LEDs, master switch 2          | -            |
  89. | 25   | GPIO16 | Front pnl | Front panel interrupt          | -            |
  90. | 27   | GPIO17 | EEPROM    | EEPROM I2C SDA (4)             | -            |
  91. | 34   | GPIO5  | LEDs      | LEDs, blue PWM channel         | -            |
  92. | 35   | GPIO18 | EEPROM    | EEPROM I2C CLK (4)             | -            |
  93. | 38   | GPIO19 | Front pnl | Front panel I2C SCL            | -            |
  94. | N/C  |        |           |                                |              |
  95. | 42   | GPIO21 | Front pnl | Front panel I2C SDA            | -            |
  96. | 40   | GPIO3  | Serial    | Debug pad, RX (flashing, logs) | -            |
  97. | 41   | GPIO1  | Serial    | Debug pad, TX (flashing, logs) | -            |
  98. | 39   | GPIO22 | -         |                                | IN/OUT       |
  99. | 36   | GPIO23 | -         |                                | IN/OUT       |
  100. | GND  |        | Ground    | Connected to ground            | -            |
  101. 

  102. 1. GPIO25 is connected to a 10k pull up resistor. This suggests that it
  103.    might have some function in the lamp, but I have not found that function
  104.    yet. If you find the actual use for this pin, or find that you can indeed
  105.    repurpose it, then please let me know.
  106. 1. Beware that GPIO15 outputs a PWM signal at boot. This might make the pin
  107.    less useful for your use case.
  108. 1. Often, GPIO2 is used for an on-board LED, but it looks like it is only
  109.    connected to the debug pad here. I think the pin is usable, and that it 
  110.    might only be used for testing purposes in the original firmware.
  111. 1. The connected IC, using I2C address 0x10, looks a lot like an EEPROM,
  112.    but this has yet to be confirmed. It uses a decicated I2C bus, separate
  113.    from the I2C bus of the front panel.
  114.    [This picture](images/hardware/IC_on_I2C_GPIO1718.jpg) shows the IC.
  115. 

  116. For more information on the use of pins on the ESP32 chip, please check out
  117. this [ESP32 pinout reference information](https://randomnerdtutorials.com/esp32-pinout-reference-gpios/).
  118. 

  119. 

  120. ## Front panel

  121. 

  122. <img src="images/hardware/front_panel.jpg" width="150">
  123. 

  124. The front panel is a stand-alone component, with its own control chip
  125. (KungFu KF8TS2716). Communication between the ESP32 and the front panel
  126. is done using:
  127. 

  128. - **An I2C bus**
  129.   - the front panel is the I2C slave, the ESP32 is the I2C master
  130.     (pardon the standard terminology, I am aware of the controversy)
  131.   - the front panel device ID is 0x2C
  132.   - SDA is connected to ESP32 pin GPIO21
  133.   - SCL is connected to ESP32 pin GPIO19
  134. - **An interrupt data line to signal the ESP32 about new events**
  135.   - this line is connected to ESP32 pin GPIO16
  136.   - the default state is HIGH
  137.   - line is pulled LOW for at least 6 ms when a new event is available
  138. 

  139. Commands can be written to and data can be read from the front panel
  140. component using I2C. The I2C protocol is fairly simple. All read and write
  141. operations uses 6 bytes of data. No register selection is done before
  142. reading or writing.
  143. 

  144. The interrupt data line is used by the front panel, to signal the ESP32 that
  145. a new button or slider event is available. Further details on this can be
  146. found below.
  147. 

  148. **Connection to the main board**
  149. 

  150. The front panel is connected to the main board using a flat cable.
  151. The picture below shows the connector on the main board, including the
  152. functions of the cable pins:
  153. 

  154. <img src="images/hardware/front_panel_flat_cable_connection.jpg" width="400">
  155. 

  156. **Writing commands to the front panel**
  157. 

  158. Commands can be written to the front panel at any time.
  159. 

  160. The available commands are:
  161. 

  162. | Command         | Byte sequence to send |
  163. |-----------------|-----------------------|
  164. | TURN PANEL ON   | 02 03 5E 00 64 00 00  |
  165. | TURN PANEL OFF  | 02 03 0C 00 64 00 00  |
  166. | SET LEVEL 1     | 02 03 5E 00 64 00 00  |
  167. | SET LEVEL 2     | 02 03 5F 00 64 00 00  |
  168. | SET LEVEL 3     | 02 03 5F 80 64 00 00  |
  169. | SET LEVEL 4     | 02 03 5F C0 64 00 00  |
  170. | SET LEVEL 5     | 02 03 5F E0 64 00 00  |
  171. | SET LEVEL 6     | 02 03 5F F0 64 00 00  |
  172. | SET LEVEL 7     | 02 03 5F F8 64 00 00  |
  173. | SET LEVEL 8     | 02 03 5F FC 64 00 00  |
  174. | SET LEVEL 9     | 02 03 5F FE 64 00 00  |
  175. | SET LEVEL 10    | 02 03 5F FF 64 00 00  |
  176. | READY FOR EVENT | 01 00 00 00 00 00 01  |
  177. 

  178. *Note: The `READY FOR EVENT` command is only used when a new event is provided
  179. by the front panel. Information about this command can be found in the next
  180. section.*
  181. 

  182. **Reading events from the front panel**
  183. 

  184. The types of events that can occur can be summarized as:
  185. 

  186. - Touch or release the power button
  187. - Touch or release the color button
  188. - Touch or release the slider at a certain level
  189. 

  190. Because the front panel is an I2C slave device, it cannot contact the ESP32 via
  191. I2C. Only an I2C master device can initiate communication. Therefore, when the
  192. front panel has a new event available, it will pull down the interrupt line for
  193. a short period of time, to signal the ESP32 about this new event.
  194. 

  195. *Note that the ESP32 needs to poll the interrupt line at least at 667 Hz to be
  196. able to trustworthy detect the 6 ms signal. Unfortunately, the interrupt line
  197. does not wait for the ESP32 to respond to its signalling. The best way to
  198. handle signals from this line, is to use an actual interrupt handler.*
  199. 

  200. After detecting this signal, the ESP32 must first write the "READY FOR EVENT"
  201. command (`01 00 00 00 00 00 01`) via I2C to the front panel.
  202. 

  203. After the front panel has ACK'ed this command, the ESP32 can read 6 bytes,
  204. which will represent the event that occurred.
  205. 

  206. Here's the mapping for the events and their corresponding byte sequences:
  207. 

  208. |                 | Touch event          | Release event        |
  209. |-----------------|----------------------|----------------------|
  210. | POWER BUTTON    | 04 04 01 00 01 01 03 | 04 04 01 00 01 02 04 |
  211. | COLOR BUTTON    | 04 04 01 00 02 01 04 | 04 04 01 00 02 02 05 |
  212. | SLIDER LEVEL 1  | 04 04 01 00 03 16 1A | 04 04 01 00 04 16 1B |
  213. | SLIDER LEVEL 2  | 04 04 01 00 03 15 19 | 04 04 01 00 04 15 1A |
  214. | SLIDER LEVEL 3  | 04 04 01 00 03 14 18 | 04 04 01 00 04 14 19 |
  215. | SLIDER LEVEL 4  | 04 04 01 00 03 13 17 | 04 04 01 00 04 13 18 |
  216. | SLIDER LEVEL 5  | 04 04 01 00 03 12 16 | 04 04 01 00 04 12 17 |
  217. | SLIDER LEVEL 6  | 04 04 01 00 03 11 15 | 04 04 01 00 04 11 16 |
  218. | SLIDER LEVEL 7  | 04 04 01 00 03 10 14 | 04 04 01 00 04 10 15 |
  219. | SLIDER LEVEL 8  | 04 04 01 00 03 0F 13 | 04 04 01 00 04 0F 14 |
  220. | SLIDER LEVEL 9  | 04 04 01 00 03 0E 12 | 04 04 01 00 04 0E 13 |
  221. | SLIDER LEVEL 10 | 04 04 01 00 03 0D 11 | 04 04 01 00 04 0D 12 |
  222. | SLIDER LEVEL 11 | 04 04 01 00 03 0C 10 | 04 04 01 00 04 0C 11 |
  223. | SLIDER LEVEL 12 | 04 04 01 00 03 0B 0F | 04 04 01 00 04 0B 10 |
  224. | SLIDER LEVEL 13 | 04 04 01 00 03 0A 0E | 04 04 01 00 04 0A 0F |
  225. | SLIDER LEVEL 14 | 04 04 01 00 03 09 0D | 04 04 01 00 04 09 0E |
  226. | SLIDER LEVEL 15 | 04 04 01 00 03 08 0C | 04 04 01 00 04 08 0D |
  227. | SLIDER LEVEL 16 | 04 04 01 00 03 07 0B | 04 04 01 00 04 07 0C |
  228. | SLIDER LEVEL 17 | 04 04 01 00 03 06 0A | 04 04 01 00 04 06 0B |
  229. | SLIDER LEVEL 18 | 04 04 01 00 03 05 09 | 04 04 01 00 04 05 0A |
  230. | SLIDER LEVEL 19 | 04 04 01 00 03 04 08 | 04 04 01 00 04 04 09 |
  231. | SLIDER LEVEL 20 | 04 04 01 00 03 03 07 | 04 04 01 00 04 03 08 |
  232. | SLIDER LEVEL 21 | 04 04 01 00 03 02 06 | 04 04 01 00 04 02 07 |
  233. | SLIDER LEVEL 22 | 04 04 01 00 03 01 05 | 04 04 01 00 04 01 06 |
  234. 

  235. **Behavior when more events come in than can be handled**
  236. 

  237. The front panel does not queue events. When a new event occurs, before the
  238. previous event has be read by the ESP32, the new event will replace the old
  239. event and a new signal is sent over the interrupt line.
  240. 

  241. The ESP32 can read the last event multiple times. It will not be cleared
  242. by the front panel after reading it.
  243. 

  244. 

  245. ## Build requirements

  246. 

  247. The ESP-WROOM-32D that is used for this lamp (and for various other Xiaomi devices),
  248. contains a single core CPU, even though the data sheet for ESP-WROOM-32D specifies
  249. a dual core CPU. Therefore, when flashing the device with a generic ESP32 build,
  250. you will end up with the following boot error:
  251. 

  252. ```
  253. E (459) cpu_start: Running on single core chip, but application is built with dual core support.
  254. E (459) cpu_start: Please enable CONFIG_FREERTOS_UNICORE option in menuconfig.
  255. ```
  256. 

  257. Another issue with a lot of these devices, is that the MAC address that is burnt into
  258. EFUSE does not match the CRC checksum that is also burnt into EFUSE. Using a generic
  259. ESP32 build, you will end up with the boot error:
  260. 

  261. ```
  262. Base MAC address from BLK0 of EFUSE CRC error
  263. ```
  264. 

  265. For these reasons, you must build the firmware using a taylored version of arduino-esp32.
  266. You can make use of the version [created by @pauln](https://github.com/pauln/arduino-esp32)
  267. or the version [created by @mmakaay](https://github.com/mmakaay/arduino-esp32-unicore-no-mac-crc).
  268. 

  269. To make use of one of these in an ESPHome build, you'll have to provide a platform package
  270. definition for the PlatformIO build. Here's an example configuration that will work for
  271. these Xiaomi devices:
  272. 

  273. ```yaml
  274. esphome:
  275.   name: my_device_name
  276.   platform: ESP32
  277.   board: esp32doit-devkit-v1
  278.   platformio_options:
  279.     platform: espressif32@3.2.0
  280.     platform_packages: |-
  281.       framework-arduinoespressif32 @ https://github.com/mmakaay/arduino-esp32-unicore-no-mac-crc
  282. ```
  283. 

  284. If you want to build your own platform package, then you can checkout
  285. the build scripts [by @mmakaay here](https://github.com/mmakaay/arduino-esp32-unicore-no-mac-crc-builder).
  286. 

  287. 

  288. ## Original firmware

  289. 

  290. Below, I have gathered some of the interesting boot messages from the
  291. original firmware. These messages are logged via the serial interface.
  292. 

  293. **SPI Flash memory:**
  294. ```
  295. boot: SPI Flash RID  : 0xB20B4
  296. boot: SPI Flash  MF  : 0xB4
  297. boot: SPI Flash  ID  : 0x200B
  298. boot: SPI Speed      : 40MHz
  299. boot: SPI Mode       : DIO
  300. boot: SPI Flash Size : 4MB
  301. ```
  302. 

  303. **Partition table:**
  304. ```
  305. boot: Partition Table:
  306. boot: ## Label            Usage          Type ST Offset   Length
  307. boot:  0 nvs              WiFi data        01 02 00009000 00004000
  308. boot:  1 otadata          OTA data         01 00 0000d000 00002000
  309. boot:  2 phy_init         RF data          01 01 0000f000 00001000
  310. boot:  3 miio_fw1         OTA app          00 10 00010000 001e0000
  311. boot:  4 miio_fw2         OTA app          00 11 001f0000 001e0000
  312. boot:  5 test             test app         00 20 003d0000 00013000
  313. boot:  6 mfi_p            Unknown data     01 82 003e3000 00001000
  314. boot:  7 factory_nvs      WiFi data        01 02 003e4000 00004000
  315. boot:  8 coredump         Unknown data     01 03 003e8000 00010000
  316. boot:  9 minvs            Unknown data     01 fe 003f8000 00004000
  317. boot: End of partition table
  318. ```
  319. 

  320. **MIIO initialization:**
  321. ```
  322. _|      _|  _|_|_|  _|_|_|    _|_|  
  323. _|_|  _|_|    _|      _|    _|    _|
  324. _|  _|  _|    _|      _|    _|    _|
  325. _|      _|    _|      _|    _|    _|
  326. _|      _|  _|_|_|  _|_|_|    _|_|  
  327. 08:00:00.200 [I] did=332985470 hostname=MiBedsideLamp2-7651
  328. 

  329. JENKINS BUILD NUMBER: N/A
  330. BUILD TIME: Sep  5 2019,07:12:39
  331. BUILT BY: N/A
  332. MIIO APP VER: 2.0.6_0030
  333. Setup ID: 95XJ
  334. Getting setup info from factory NVS
  335. MIIO MCU VER: 
  336. MIIO DID: *********
  337. MIIO WIFI MAC: ************
  338. MIIO MODEL: yeelink.light.bslamp2
  339. ARCH TYPE: esp32,0x0000a601
  340. ARCH VER: d178b9b
  341. ```
  342. 

  343. **Network initialized:**
  344. ```
  345. [20:27:05]08:00:04.180 [I] miio_net: Wifi station connected
  346. [20:27:05]Registering HomeKit web handlers
  347. [20:27:05]Announcing _hap._tcp mDNS service
  348. ```
  349. 

  350. **Phoning home to the Mijia cloud:**
  351. ```
  352. ots: httpdns resolve start failed, -12 (ots_cloud_host_update,850)
  353. otu: Opened.
  354. ots: de.ots.io.mi.com resolved to 3.126.247.75.
  355. ots: ots connect 3.126.247.75::443...
  356. tls: connect to server Mijia Cloud, domain is 3.126.247.75, port is 443.
  357. tls: timeout[100]! mbedtls_ssl_handshake returned -0x6800 (d0_tls_open,369)
  358. tls: timeout[200]! mbedtls_ssl_handshake returned -0x6800 (d0_tls_open,369)
  359. tls: timeout[300]! mbedtls_ssl_handshake returned -0x6800 (d0_tls_open,369)
  360. tls: timeout[400]! mbedtls_ssl_handshake returned -0x6800 (d0_tls_open,369)
  361. ots: Connected.
  362. ```
  363. 

  364. 

  365. < [Known issues](known_issues.md) | [Index](../README.md) | [Sponsoring](sponsoring.md) >