I am using QEMU 6.2.0 for emulating Raspberry Pi 3B. I understand that in QEMU, Raspberry Pi firmware (bootcode.bin,loader.bin, fixup.dat, startup.elf) emulation is not performed at the boot time.
In real HW board, isn't firmware supposed to load the Flattened Device Tree (FDT) to a designated physical address? Does this happen in QEMU? If so, may I know the FDT load address? I couldn't find any authentic document describing to which address the DTB is loaded. In one Internet source, I found that it is loaded at 0x100. Inspecting the memory address 0x100 through gdb indicates that FDT is not loaded there (The memory inspection is performed shortly after the execution of the first assembly instruction).
This is the QEMU command line used for booting.
$qemu-system-aarch64 -machine raspi3b -nographic -kernel myhypervisor.elf -device loader,file=linux-5.10.155/arch/arm64/boot/Image,addr=0x90000
'myhypervisor.elf' is compiled to load at the address 0x80000. In my case, raspi3b boots into EL3.
Thanks a lot,
Little