Add radare2 boot ROM annotations

README.md

@@ -47,6 +47,11 @@ serial output in Intel HEX format.
 
 [README](src/dump_otp/README.md)
 
+ROM re'ing
+===========
+
+Annotated radare2 config files for the Boot ROM and OTP can be found under [r2](r2/README.md).
+
 Other projects
 ==============
 
@@ -54,6 +59,6 @@ Some other interesting K210-based projects and demos:
 
 - [accelerometer](https://github.com/GitJer/Some-Sipeed-MAIX-GO-k210-stuff/tree/master/src/accelerometer) - Example of using the MSA300 accelerometer on the MAIX Go board, by GitJer
 
-- [quake1](https://github.com/elect-gombe/quake-k210) - Quake 1 on K210
+- [quake1](https://github.com/elect-gombe/quake-k210) - Quake 1 on K210. Requires [wiring up a PS2 controller](https://robotzero.one/quake-kendryte-k210-risc-v/).
 
 - [doom1](https://github.com/elect-gombe/k210-doom) - Doom 1 on K210

r2/README.md

@@ -0,0 +1,30 @@
+K210 Boot ROM re'ing
+====================
+
+This directory contains annotations (comments, function names, some
+cross-referencing) for the K210 boot process. The [radare2](https://rada.re/r/)
+reverse-engineering tool was used.
+
+Where there were clear matches I've tried to use function names from the SDK. When not,
+I've tried to think of an appropriate name. Some functions are unknown and still named
+after the broad category `fcnXXXXXXXX._flash`, `fcnXXXXXXXX._otp`.
+
+You need a dump of the K210 ROM (address 0x88000000..0x8801ffff) as `kendryte_rom.dat`
+in the current directory.
+
+To use the radare2 projects the straightforward way is to link them to the user projects
+directory. I had no luck overriding `R2_RDATAHOME`.
+
+```bash
+ln -sf $PWD/k210_* $HOME/.local/share/radare2/projects
+```
+
+```bash
+stat kendryte_rom.dat # must be 131072 bytes
+r2 -p k210_rom
+```
+
+```bash
+stat kendryte_otp.dat # must be 16384 bytes
+r2 -p k210_otp
+```