Code Review / openocd.git / blob
? search:


2d75ff4480577f89fb5b6a8d586d5c172293581b
[openocd.git] / src / flash / cfi.c
1 /***************************************************************************
2 * Copyright (C) 2005, 2007 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * Copyright (C) 2009 Michael Schwingen *
5 * michael@schwingen.org *
6 * *
7 * This program is free software; you can redistribute it and/or modify *
8 * it under the terms of the GNU General Public License as published by *
9 * the Free Software Foundation; either version 2 of the License, or *
10 * (at your option) any later version. *
11 * *
12 * This program is distributed in the hope that it will be useful, *
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
15 * GNU General Public License for more details. *
16 * *
17 * You should have received a copy of the GNU General Public License *
18 * along with this program; if not, write to the *
19 * Free Software Foundation, Inc., *
20 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
21 ***************************************************************************/
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25
26 #include "cfi.h"
27 #include "non_cfi.h"
28 #include "armv4_5.h"
29 #include "binarybuffer.h"
30
31
32 static int cfi_register_commands(struct command_context_s *cmd_ctx);
33 static int cfi_flash_bank_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc, struct flash_bank_s *bank);
34 static int cfi_erase(struct flash_bank_s *bank, int first, int last);
35 static int cfi_protect(struct flash_bank_s *bank, int set, int first, int last);
36 static int cfi_write(struct flash_bank_s *bank, uint8_t *buffer, uint32_t offset, uint32_t count);
37 static int cfi_probe(struct flash_bank_s *bank);
38 static int cfi_auto_probe(struct flash_bank_s *bank);
39 static int cfi_protect_check(struct flash_bank_s *bank);
40 static int cfi_info(struct flash_bank_s *bank, char *buf, int buf_size);
41
42 //static int cfi_handle_part_id_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
43
44 #define CFI_MAX_BUS_WIDTH 4
45 #define CFI_MAX_CHIP_WIDTH 4
46
47 /* defines internal maximum size for code fragment in cfi_intel_write_block() */
48 #define CFI_MAX_INTEL_CODESIZE 256
49
50 flash_driver_t cfi_flash =
51 {
52 .name = "cfi",
53 .register_commands = cfi_register_commands,
54 .flash_bank_command = cfi_flash_bank_command,
55 .erase = cfi_erase,
56 .protect = cfi_protect,
57 .write = cfi_write,
58 .probe = cfi_probe,
59 .auto_probe = cfi_auto_probe,
60 .erase_check = default_flash_blank_check,
61 .protect_check = cfi_protect_check,
62 .info = cfi_info
63 };
64
65 static cfi_unlock_addresses_t cfi_unlock_addresses[] =
66 {
67 [CFI_UNLOCK_555_2AA] = { .unlock1 = 0x555, .unlock2 = 0x2aa },
68 [CFI_UNLOCK_5555_2AAA] = { .unlock1 = 0x5555, .unlock2 = 0x2aaa },
69 };
70
71 /* CFI fixups foward declarations */
72 static void cfi_fixup_0002_erase_regions(flash_bank_t *flash, void *param);
73 static void cfi_fixup_0002_unlock_addresses(flash_bank_t *flash, void *param);
74 static void cfi_fixup_atmel_reversed_erase_regions(flash_bank_t *flash, void *param);
75
76 /* fixup after reading cmdset 0002 primary query table */
77 static const cfi_fixup_t cfi_0002_fixups[] = {
78 {CFI_MFR_SST, 0x00D4, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
79 {CFI_MFR_SST, 0x00D5, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
80 {CFI_MFR_SST, 0x00D6, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
81 {CFI_MFR_SST, 0x00D7, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
82 {CFI_MFR_SST, 0x2780, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
83 {CFI_MFR_ATMEL, 0x00C8, cfi_fixup_atmel_reversed_erase_regions, NULL},
84 {CFI_MFR_FUJITSU, 0x226b, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
85 {CFI_MFR_AMIC, 0xb31a, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
86 {CFI_MFR_MX, 0x225b, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
87 {CFI_MFR_AMD, 0x225b, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
88 {CFI_MFR_ANY, CFI_ID_ANY, cfi_fixup_0002_erase_regions, NULL},
89 {0, 0, NULL, NULL}
90 };
91
92 /* fixup after reading cmdset 0001 primary query table */
93 static const cfi_fixup_t cfi_0001_fixups[] = {
94 {0, 0, NULL, NULL}
95 };
96
97 static void cfi_fixup(flash_bank_t *bank, const cfi_fixup_t *fixups)
98 {
99 cfi_flash_bank_t *cfi_info = bank->driver_priv;
100 const cfi_fixup_t *f;
101
102 for (f = fixups; f->fixup; f++)
103 {
104 if (((f->mfr == CFI_MFR_ANY) || (f->mfr == cfi_info->manufacturer)) &&
105 ((f->id == CFI_ID_ANY) || (f->id == cfi_info->device_id)))
106 {
107 f->fixup(bank, f->param);
108 }
109 }
110 }
111
112 /* inline uint32_t flash_address(flash_bank_t *bank, int sector, uint32_t offset) */
113 static __inline__ uint32_t flash_address(flash_bank_t *bank, int sector, uint32_t offset)
114 {
115 cfi_flash_bank_t *cfi_info = bank->driver_priv;
116
117 if (cfi_info->x16_as_x8) offset *= 2;
118
119 /* while the sector list isn't built, only accesses to sector 0 work */
120 if (sector == 0)
121 return bank->base + offset * bank->bus_width;
122 else
123 {
124 if (!bank->sectors)
125 {
126 LOG_ERROR("BUG: sector list not yet built");
127 exit(-1);
128 }
129 return bank->base + bank->sectors[sector].offset + offset * bank->bus_width;
130 }
131
132 }
133
134 static void cfi_command(flash_bank_t *bank, uint8_t cmd, uint8_t *cmd_buf)
135 {
136 int i;
137
138 /* clear whole buffer, to ensure bits that exceed the bus_width
139 * are set to zero
140 */
141 for (i = 0; i < CFI_MAX_BUS_WIDTH; i++)
142 cmd_buf[i] = 0;
143
144 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
145 {
146 for (i = bank->bus_width; i > 0; i--)
147 {
148 *cmd_buf++ = (i & (bank->chip_width - 1)) ? 0x0 : cmd;
149 }
150 }
151 else
152 {
153 for (i = 1; i <= bank->bus_width; i++)
154 {
155 *cmd_buf++ = (i & (bank->chip_width - 1)) ? 0x0 : cmd;
156 }
157 }
158 }
159
160 /* read unsigned 8-bit value from the bank
161 * flash banks are expected to be made of similar chips
162 * the query result should be the same for all
163 */
164 static uint8_t cfi_query_u8(flash_bank_t *bank, int sector, uint32_t offset)
165 {
166 target_t *target = bank->target;
167 uint8_t data[CFI_MAX_BUS_WIDTH];
168
169 target_read_memory(target, flash_address(bank, sector, offset), bank->bus_width, 1, data);
170
171 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
172 return data[0];
173 else
174 return data[bank->bus_width - 1];
175 }
176
177 /* read unsigned 8-bit value from the bank
178 * in case of a bank made of multiple chips,
179 * the individual values are ORed
180 */
181 static uint8_t cfi_get_u8(flash_bank_t *bank, int sector, uint32_t offset)
182 {
183 target_t *target = bank->target;
184 uint8_t data[CFI_MAX_BUS_WIDTH];
185 int i;
186
187 target_read_memory(target, flash_address(bank, sector, offset), bank->bus_width, 1, data);
188
189 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
190 {
191 for (i = 0; i < bank->bus_width / bank->chip_width; i++)
192 data[0] |= data[i];
193
194 return data[0];
195 }
196 else
197 {
198 uint8_t value = 0;
199 for (i = 0; i < bank->bus_width / bank->chip_width; i++)
200 value |= data[bank->bus_width - 1 - i];
201
202 return value;
203 }
204 }
205
206 static uint16_t cfi_query_u16(flash_bank_t *bank, int sector, uint32_t offset)
207 {
208 target_t *target = bank->target;
209 cfi_flash_bank_t *cfi_info = bank->driver_priv;
210 uint8_t data[CFI_MAX_BUS_WIDTH * 2];
211
212 if (cfi_info->x16_as_x8)
213 {
214 uint8_t i;
215 for (i = 0;i < 2;i++)
216 target_read_memory(target, flash_address(bank, sector, offset + i), bank->bus_width, 1,
217 &data[i*bank->bus_width]);
218 }
219 else
220 target_read_memory(target, flash_address(bank, sector, offset), bank->bus_width, 2, data);
221
222 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
223 return data[0] | data[bank->bus_width] << 8;
224 else
225 return data[bank->bus_width - 1] | data[(2 * bank->bus_width) - 1] << 8;
226 }
227
228 static uint32_t cfi_query_u32(flash_bank_t *bank, int sector, uint32_t offset)
229 {
230 target_t *target = bank->target;
231 cfi_flash_bank_t *cfi_info = bank->driver_priv;
232 uint8_t data[CFI_MAX_BUS_WIDTH * 4];
233
234 if (cfi_info->x16_as_x8)
235 {
236 uint8_t i;
237 for (i = 0;i < 4;i++)
238 target_read_memory(target, flash_address(bank, sector, offset + i), bank->bus_width, 1,
239 &data[i*bank->bus_width]);
240 }
241 else
242 target_read_memory(target, flash_address(bank, sector, offset), bank->bus_width, 4, data);
243
244 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
245 return data[0] | data[bank->bus_width] << 8 | data[bank->bus_width * 2] << 16 | data[bank->bus_width * 3] << 24;
246 else
247 return data[bank->bus_width - 1] | data[(2* bank->bus_width) - 1] << 8 |
248 data[(3 * bank->bus_width) - 1] << 16 | data[(4 * bank->bus_width) - 1] << 24;
249 }
250
251 static void cfi_intel_clear_status_register(flash_bank_t *bank)
252 {
253 target_t *target = bank->target;
254 uint8_t command[8];
255
256 if (target->state != TARGET_HALTED)
257 {
258 LOG_ERROR("BUG: attempted to clear status register while target wasn't halted");
259 exit(-1);
260 }
261
262 cfi_command(bank, 0x50, command);
263 target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command);
264 }
265
266 uint8_t cfi_intel_wait_status_busy(flash_bank_t *bank, int timeout)
267 {
268 uint8_t status;
269
270 while ((!((status = cfi_get_u8(bank, 0, 0x0)) & 0x80)) && (timeout-- > 0))
271 {
272 LOG_DEBUG("status: 0x%x", status);
273 alive_sleep(1);
274 }
275
276 /* mask out bit 0 (reserved) */
277 status = status & 0xfe;
278
279 LOG_DEBUG("status: 0x%x", status);
280
281 if ((status & 0x80) != 0x80)
282 {
283 LOG_ERROR("timeout while waiting for WSM to become ready");
284 }
285 else if (status != 0x80)
286 {
287 LOG_ERROR("status register: 0x%x", status);
288 if (status & 0x2)
289 LOG_ERROR("Block Lock-Bit Detected, Operation Abort");
290 if (status & 0x4)
291 LOG_ERROR("Program suspended");
292 if (status & 0x8)
293 LOG_ERROR("Low Programming Voltage Detected, Operation Aborted");
294 if (status & 0x10)
295 LOG_ERROR("Program Error / Error in Setting Lock-Bit");
296 if (status & 0x20)
297 LOG_ERROR("Error in Block Erasure or Clear Lock-Bits");
298 if (status & 0x40)
299 LOG_ERROR("Block Erase Suspended");
300
301 cfi_intel_clear_status_register(bank);
302 }
303
304 return status;
305 }
306
307 int cfi_spansion_wait_status_busy(flash_bank_t *bank, int timeout)
308 {
309 uint8_t status, oldstatus;
310 cfi_flash_bank_t *cfi_info = bank->driver_priv;
311
312 oldstatus = cfi_get_u8(bank, 0, 0x0);
313
314 do {
315 status = cfi_get_u8(bank, 0, 0x0);
316 if ((status ^ oldstatus) & 0x40) {
317 if (status & cfi_info->status_poll_mask & 0x20) {
318 oldstatus = cfi_get_u8(bank, 0, 0x0);
319 status = cfi_get_u8(bank, 0, 0x0);
320 if ((status ^ oldstatus) & 0x40) {
321 LOG_ERROR("dq5 timeout, status: 0x%x", status);
322 return(ERROR_FLASH_OPERATION_FAILED);
323 } else {
324 LOG_DEBUG("status: 0x%x", status);
325 return(ERROR_OK);
326 }
327 }
328 } else { /* no toggle: finished, OK */
329 LOG_DEBUG("status: 0x%x", status);
330 return(ERROR_OK);
331 }
332
333 oldstatus = status;
334 alive_sleep(1);
335 } while (timeout-- > 0);
336
337 LOG_ERROR("timeout, status: 0x%x", status);
338
339 return(ERROR_FLASH_BUSY);
340 }
341
342 static int cfi_read_intel_pri_ext(flash_bank_t *bank)
343 {
344 int retval;
345 cfi_flash_bank_t *cfi_info = bank->driver_priv;
346 cfi_intel_pri_ext_t *pri_ext = malloc(sizeof(cfi_intel_pri_ext_t));
347 target_t *target = bank->target;
348 uint8_t command[8];
349
350 cfi_info->pri_ext = pri_ext;
351
352 pri_ext->pri[0] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0);
353 pri_ext->pri[1] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1);
354 pri_ext->pri[2] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2);
355
356 if ((pri_ext->pri[0] != 'P') || (pri_ext->pri[1] != 'R') || (pri_ext->pri[2] != 'I'))
357 {
358 cfi_command(bank, 0xf0, command);
359 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
360 {
361 return retval;
362 }
363 cfi_command(bank, 0xff, command);
364 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
365 {
366 return retval;
367 }
368 LOG_ERROR("Could not read bank flash bank information");
369 return ERROR_FLASH_BANK_INVALID;
370 }
371
372 pri_ext->major_version = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3);
373 pri_ext->minor_version = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4);
374
375 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", pri_ext->pri[0], pri_ext->pri[1], pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
376
377 pri_ext->feature_support = cfi_query_u32(bank, 0, cfi_info->pri_addr + 5);
378 pri_ext->suspend_cmd_support = cfi_query_u8(bank, 0, cfi_info->pri_addr + 9);
379 pri_ext->blk_status_reg_mask = cfi_query_u16(bank, 0, cfi_info->pri_addr + 0xa);
380
381 LOG_DEBUG("feature_support: 0x%" PRIx32 ", suspend_cmd_support: 0x%x, blk_status_reg_mask: 0x%x",
382 pri_ext->feature_support,
383 pri_ext->suspend_cmd_support,
384 pri_ext->blk_status_reg_mask);
385
386 pri_ext->vcc_optimal = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xc);
387 pri_ext->vpp_optimal = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xd);
388
389 LOG_DEBUG("Vcc opt: %1.1x.%1.1x, Vpp opt: %1.1x.%1.1x",
390 (pri_ext->vcc_optimal & 0xf0) >> 4, pri_ext->vcc_optimal & 0x0f,
391 (pri_ext->vpp_optimal & 0xf0) >> 4, pri_ext->vpp_optimal & 0x0f);
392
393 pri_ext->num_protection_fields = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xe);
394 if (pri_ext->num_protection_fields != 1)
395 {
396 LOG_WARNING("expected one protection register field, but found %i", pri_ext->num_protection_fields);
397 }
398
399 pri_ext->prot_reg_addr = cfi_query_u16(bank, 0, cfi_info->pri_addr + 0xf);
400 pri_ext->fact_prot_reg_size = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0x11);
401 pri_ext->user_prot_reg_size = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0x12);
402
403 LOG_DEBUG("protection_fields: %i, prot_reg_addr: 0x%x, factory pre-programmed: %i, user programmable: %i", pri_ext->num_protection_fields, pri_ext->prot_reg_addr, 1 << pri_ext->fact_prot_reg_size, 1 << pri_ext->user_prot_reg_size);
404
405 return ERROR_OK;
406 }
407
408 static int cfi_read_spansion_pri_ext(flash_bank_t *bank)
409 {
410 int retval;
411 cfi_flash_bank_t *cfi_info = bank->driver_priv;
412 cfi_spansion_pri_ext_t *pri_ext = malloc(sizeof(cfi_spansion_pri_ext_t));
413 target_t *target = bank->target;
414 uint8_t command[8];
415
416 cfi_info->pri_ext = pri_ext;
417
418 pri_ext->pri[0] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0);
419 pri_ext->pri[1] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1);
420 pri_ext->pri[2] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2);
421
422 if ((pri_ext->pri[0] != 'P') || (pri_ext->pri[1] != 'R') || (pri_ext->pri[2] != 'I'))
423 {
424 cfi_command(bank, 0xf0, command);
425 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
426 {
427 return retval;
428 }
429 LOG_ERROR("Could not read spansion bank information");
430 return ERROR_FLASH_BANK_INVALID;
431 }
432
433 pri_ext->major_version = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3);
434 pri_ext->minor_version = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4);
435
436 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", pri_ext->pri[0], pri_ext->pri[1], pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
437
438 pri_ext->SiliconRevision = cfi_query_u8(bank, 0, cfi_info->pri_addr + 5);
439 pri_ext->EraseSuspend = cfi_query_u8(bank, 0, cfi_info->pri_addr + 6);
440 pri_ext->BlkProt = cfi_query_u8(bank, 0, cfi_info->pri_addr + 7);
441 pri_ext->TmpBlkUnprotect = cfi_query_u8(bank, 0, cfi_info->pri_addr + 8);
442 pri_ext->BlkProtUnprot = cfi_query_u8(bank, 0, cfi_info->pri_addr + 9);
443 pri_ext->SimultaneousOps = cfi_query_u8(bank, 0, cfi_info->pri_addr + 10);
444 pri_ext->BurstMode = cfi_query_u8(bank, 0, cfi_info->pri_addr + 11);
445 pri_ext->PageMode = cfi_query_u8(bank, 0, cfi_info->pri_addr + 12);
446 pri_ext->VppMin = cfi_query_u8(bank, 0, cfi_info->pri_addr + 13);
447 pri_ext->VppMax = cfi_query_u8(bank, 0, cfi_info->pri_addr + 14);
448 pri_ext->TopBottom = cfi_query_u8(bank, 0, cfi_info->pri_addr + 15);
449
450 LOG_DEBUG("Silicon Revision: 0x%x, Erase Suspend: 0x%x, Block protect: 0x%x", pri_ext->SiliconRevision,
451 pri_ext->EraseSuspend, pri_ext->BlkProt);
452
453 LOG_DEBUG("Temporary Unprotect: 0x%x, Block Protect Scheme: 0x%x, Simultaneous Ops: 0x%x", pri_ext->TmpBlkUnprotect,
454 pri_ext->BlkProtUnprot, pri_ext->SimultaneousOps);
455
456 LOG_DEBUG("Burst Mode: 0x%x, Page Mode: 0x%x, ", pri_ext->BurstMode, pri_ext->PageMode);
457
458
459 LOG_DEBUG("Vpp min: %2.2d.%1.1d, Vpp max: %2.2d.%1.1x",
460 (pri_ext->VppMin & 0xf0) >> 4, pri_ext->VppMin & 0x0f,
461 (pri_ext->VppMax & 0xf0) >> 4, pri_ext->VppMax & 0x0f);
462
463 LOG_DEBUG("WP# protection 0x%x", pri_ext->TopBottom);
464
465 /* default values for implementation specific workarounds */
466 pri_ext->_unlock1 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock1;
467 pri_ext->_unlock2 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock2;
468 pri_ext->_reversed_geometry = 0;
469
470 return ERROR_OK;
471 }
472
473 static int cfi_read_atmel_pri_ext(flash_bank_t *bank)
474 {
475 int retval;
476 cfi_atmel_pri_ext_t atmel_pri_ext;
477 cfi_flash_bank_t *cfi_info = bank->driver_priv;
478 cfi_spansion_pri_ext_t *pri_ext = malloc(sizeof(cfi_spansion_pri_ext_t));
479 target_t *target = bank->target;
480 uint8_t command[8];
481
482 /* ATMEL devices use the same CFI primary command set (0x2) as AMD/Spansion,
483 * but a different primary extended query table.
484 * We read the atmel table, and prepare a valid AMD/Spansion query table.
485 */
486
487 memset(pri_ext, 0, sizeof(cfi_spansion_pri_ext_t));
488
489 cfi_info->pri_ext = pri_ext;
490
491 atmel_pri_ext.pri[0] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0);
492 atmel_pri_ext.pri[1] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1);
493 atmel_pri_ext.pri[2] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2);
494
495 if ((atmel_pri_ext.pri[0] != 'P') || (atmel_pri_ext.pri[1] != 'R') || (atmel_pri_ext.pri[2] != 'I'))
496 {
497 cfi_command(bank, 0xf0, command);
498 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
499 {
500 return retval;
501 }
502 LOG_ERROR("Could not read atmel bank information");
503 return ERROR_FLASH_BANK_INVALID;
504 }
505
506 pri_ext->pri[0] = atmel_pri_ext.pri[0];
507 pri_ext->pri[1] = atmel_pri_ext.pri[1];
508 pri_ext->pri[2] = atmel_pri_ext.pri[2];
509
510 atmel_pri_ext.major_version = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3);
511 atmel_pri_ext.minor_version = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4);
512
513 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", atmel_pri_ext.pri[0], atmel_pri_ext.pri[1], atmel_pri_ext.pri[2], atmel_pri_ext.major_version, atmel_pri_ext.minor_version);
514
515 pri_ext->major_version = atmel_pri_ext.major_version;
516 pri_ext->minor_version = atmel_pri_ext.minor_version;
517
518 atmel_pri_ext.features = cfi_query_u8(bank, 0, cfi_info->pri_addr + 5);
519 atmel_pri_ext.bottom_boot = cfi_query_u8(bank, 0, cfi_info->pri_addr + 6);
520 atmel_pri_ext.burst_mode = cfi_query_u8(bank, 0, cfi_info->pri_addr + 7);
521 atmel_pri_ext.page_mode = cfi_query_u8(bank, 0, cfi_info->pri_addr + 8);
522
523 LOG_DEBUG("features: 0x%2.2x, bottom_boot: 0x%2.2x, burst_mode: 0x%2.2x, page_mode: 0x%2.2x",
524 atmel_pri_ext.features, atmel_pri_ext.bottom_boot, atmel_pri_ext.burst_mode, atmel_pri_ext.page_mode);
525
526 if (atmel_pri_ext.features & 0x02)
527 pri_ext->EraseSuspend = 2;
528
529 if (atmel_pri_ext.bottom_boot)
530 pri_ext->TopBottom = 2;
531 else
532 pri_ext->TopBottom = 3;
533
534 pri_ext->_unlock1 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock1;
535 pri_ext->_unlock2 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock2;
536
537 return ERROR_OK;
538 }
539
540 static int cfi_read_0002_pri_ext(flash_bank_t *bank)
541 {
542 cfi_flash_bank_t *cfi_info = bank->driver_priv;
543
544 if (cfi_info->manufacturer == CFI_MFR_ATMEL)
545 {
546 return cfi_read_atmel_pri_ext(bank);
547 }
548 else
549 {
550 return cfi_read_spansion_pri_ext(bank);
551 }
552 }
553
554 static int cfi_spansion_info(struct flash_bank_s *bank, char *buf, int buf_size)
555 {
556 int printed;
557 cfi_flash_bank_t *cfi_info = bank->driver_priv;
558 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
559
560 printed = snprintf(buf, buf_size, "\nSpansion primary algorithm extend information:\n");
561 buf += printed;
562 buf_size -= printed;
563
564 printed = snprintf(buf, buf_size, "pri: '%c%c%c', version: %c.%c\n", pri_ext->pri[0],
565 pri_ext->pri[1], pri_ext->pri[2],
566 pri_ext->major_version, pri_ext->minor_version);
567 buf += printed;
568 buf_size -= printed;
569
570 printed = snprintf(buf, buf_size, "Silicon Rev.: 0x%x, Address Sensitive unlock: 0x%x\n",
571 (pri_ext->SiliconRevision) >> 2,
572 (pri_ext->SiliconRevision) & 0x03);
573 buf += printed;
574 buf_size -= printed;
575
576 printed = snprintf(buf, buf_size, "Erase Suspend: 0x%x, Sector Protect: 0x%x\n",
577 pri_ext->EraseSuspend,
578 pri_ext->BlkProt);
579 buf += printed;
580 buf_size -= printed;
581
582 printed = snprintf(buf, buf_size, "VppMin: %2.2d.%1.1x, VppMax: %2.2d.%1.1x\n",
583 (pri_ext->VppMin & 0xf0) >> 4, pri_ext->VppMin & 0x0f,
584 (pri_ext->VppMax & 0xf0) >> 4, pri_ext->VppMax & 0x0f);
585
586 return ERROR_OK;
587 }
588
589 static int cfi_intel_info(struct flash_bank_s *bank, char *buf, int buf_size)
590 {
591 int printed;
592 cfi_flash_bank_t *cfi_info = bank->driver_priv;
593 cfi_intel_pri_ext_t *pri_ext = cfi_info->pri_ext;
594
595 printed = snprintf(buf, buf_size, "\nintel primary algorithm extend information:\n");
596 buf += printed;
597 buf_size -= printed;
598
599 printed = snprintf(buf, buf_size, "pri: '%c%c%c', version: %c.%c\n", pri_ext->pri[0], pri_ext->pri[1], pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
600 buf += printed;
601 buf_size -= printed;
602
603 printed = snprintf(buf, buf_size, "feature_support: 0x%" PRIx32 ", suspend_cmd_support: 0x%x, blk_status_reg_mask: 0x%x\n", pri_ext->feature_support, pri_ext->suspend_cmd_support, pri_ext->blk_status_reg_mask);
604 buf += printed;
605 buf_size -= printed;
606
607 printed = snprintf(buf, buf_size, "Vcc opt: %1.1x.%1.1x, Vpp opt: %1.1x.%1.1x\n",
608 (pri_ext->vcc_optimal & 0xf0) >> 4, pri_ext->vcc_optimal & 0x0f,
609 (pri_ext->vpp_optimal & 0xf0) >> 4, pri_ext->vpp_optimal & 0x0f);
610 buf += printed;
611 buf_size -= printed;
612
613 printed = snprintf(buf, buf_size, "protection_fields: %i, prot_reg_addr: 0x%x, factory pre-programmed: %i, user programmable: %i\n", pri_ext->num_protection_fields, pri_ext->prot_reg_addr, 1 << pri_ext->fact_prot_reg_size, 1 << pri_ext->user_prot_reg_size);
614
615 return ERROR_OK;
616 }
617
618 static int cfi_register_commands(struct command_context_s *cmd_ctx)
619 {
620 /*command_t *cfi_cmd = */
621 register_command(cmd_ctx, NULL, "cfi", NULL, COMMAND_ANY, "flash bank cfi <base> <size> <chip_width> <bus_width> <targetNum> [jedec_probe/x16_as_x8]");
622 /*
623 register_command(cmd_ctx, cfi_cmd, "part_id", cfi_handle_part_id_command, COMMAND_EXEC,
624 "print part id of cfi flash bank <num>");
625 */
626 return ERROR_OK;
627 }
628
629 /* flash_bank cfi <base> <size> <chip_width> <bus_width> <target#> [options]
630 */
631 static int cfi_flash_bank_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc, struct flash_bank_s *bank)
632 {
633 cfi_flash_bank_t *cfi_info;
634 int i;
635 (void) cmd_ctx;
636 (void) cmd;
637
638 if (argc < 6)
639 {
640 LOG_WARNING("incomplete flash_bank cfi configuration");
641 return ERROR_FLASH_BANK_INVALID;
642 }
643
644 if ((strtoul(args[4], NULL, 0) > CFI_MAX_CHIP_WIDTH)
645 || (strtoul(args[3], NULL, 0) > CFI_MAX_BUS_WIDTH))
646 {
647 LOG_ERROR("chip and bus width have to specified in bytes");
648 return ERROR_FLASH_BANK_INVALID;
649 }
650
651 cfi_info = malloc(sizeof(cfi_flash_bank_t));
652 cfi_info->probed = 0;
653 bank->driver_priv = cfi_info;
654
655 cfi_info->write_algorithm = NULL;
656
657 cfi_info->x16_as_x8 = 0;
658 cfi_info->jedec_probe = 0;
659 cfi_info->not_cfi = 0;
660
661 for (i = 6; i < argc; i++)
662 {
663 if (strcmp(args[i], "x16_as_x8") == 0)
664 {
665 cfi_info->x16_as_x8 = 1;
666 }
667 else if (strcmp(args[i], "jedec_probe") == 0)
668 {
669 cfi_info->jedec_probe = 1;
670 }
671 }
672
673 cfi_info->write_algorithm = NULL;
674
675 /* bank wasn't probed yet */
676 cfi_info->qry[0] = -1;
677
678 return ERROR_OK;
679 }
680
681 static int cfi_intel_erase(struct flash_bank_s *bank, int first, int last)
682 {
683 int retval;
684 cfi_flash_bank_t *cfi_info = bank->driver_priv;
685 target_t *target = bank->target;
686 uint8_t command[8];
687 int i;
688
689 cfi_intel_clear_status_register(bank);
690
691 for (i = first; i <= last; i++)
692 {
693 cfi_command(bank, 0x20, command);
694 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
695 {
696 return retval;
697 }
698
699 cfi_command(bank, 0xd0, command);
700 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
701 {
702 return retval;
703 }
704
705 if (cfi_intel_wait_status_busy(bank, 1000 * (1 << cfi_info->block_erase_timeout_typ)) == 0x80)
706 bank->sectors[i].is_erased = 1;
707 else
708 {
709 cfi_command(bank, 0xff, command);
710 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
711 {
712 return retval;
713 }
714
715 LOG_ERROR("couldn't erase block %i of flash bank at base 0x%" PRIx32 , i, bank->base);
716 return ERROR_FLASH_OPERATION_FAILED;
717 }
718 }
719
720 cfi_command(bank, 0xff, command);
721 return target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command);
722
723 }
724
725 static int cfi_spansion_erase(struct flash_bank_s *bank, int first, int last)
726 {
727 int retval;
728 cfi_flash_bank_t *cfi_info = bank->driver_priv;
729 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
730 target_t *target = bank->target;
731 uint8_t command[8];
732 int i;
733
734 for (i = first; i <= last; i++)
735 {
736 cfi_command(bank, 0xaa, command);
737 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
738 {
739 return retval;
740 }
741
742 cfi_command(bank, 0x55, command);
743 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock2), bank->bus_width, 1, command)) != ERROR_OK)
744 {
745 return retval;
746 }
747
748 cfi_command(bank, 0x80, command);
749 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
750 {
751 return retval;
752 }
753
754 cfi_command(bank, 0xaa, command);
755 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
756 {
757 return retval;
758 }
759
760 cfi_command(bank, 0x55, command);
761 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock2), bank->bus_width, 1, command)) != ERROR_OK)
762 {
763 return retval;
764 }
765
766 cfi_command(bank, 0x30, command);
767 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
768 {
769 return retval;
770 }
771
772 if (cfi_spansion_wait_status_busy(bank, 1000 * (1 << cfi_info->block_erase_timeout_typ)) == ERROR_OK)
773 bank->sectors[i].is_erased = 1;
774 else
775 {
776 cfi_command(bank, 0xf0, command);
777 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
778 {
779 return retval;
780 }
781
782 LOG_ERROR("couldn't erase block %i of flash bank at base 0x%" PRIx32, i, bank->base);
783 return ERROR_FLASH_OPERATION_FAILED;
784 }
785 }
786
787 cfi_command(bank, 0xf0, command);
788 return target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command);
789 }
790
791 static int cfi_erase(struct flash_bank_s *bank, int first, int last)
792 {
793 cfi_flash_bank_t *cfi_info = bank->driver_priv;
794
795 if (bank->target->state != TARGET_HALTED)
796 {
797 LOG_ERROR("Target not halted");
798 return ERROR_TARGET_NOT_HALTED;
799 }
800
801 if ((first < 0) || (last < first) || (last >= bank->num_sectors))
802 {
803 return ERROR_FLASH_SECTOR_INVALID;
804 }
805
806 if (cfi_info->qry[0] != 'Q')
807 return ERROR_FLASH_BANK_NOT_PROBED;
808
809 switch (cfi_info->pri_id)
810 {
811 case 1:
812 case 3:
813 return cfi_intel_erase(bank, first, last);
814 break;
815 case 2:
816 return cfi_spansion_erase(bank, first, last);
817 break;
818 default:
819 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
820 break;
821 }
822
823 return ERROR_OK;
824 }
825
826 static int cfi_intel_protect(struct flash_bank_s *bank, int set, int first, int last)
827 {
828 int retval;
829 cfi_flash_bank_t *cfi_info = bank->driver_priv;
830 cfi_intel_pri_ext_t *pri_ext = cfi_info->pri_ext;
831 target_t *target = bank->target;
832 uint8_t command[8];
833 int retry = 0;
834 int i;
835
836 /* if the device supports neither legacy lock/unlock (bit 3) nor
837 * instant individual block locking (bit 5).
838 */
839 if (!(pri_ext->feature_support & 0x28))
840 return ERROR_FLASH_OPERATION_FAILED;
841
842 cfi_intel_clear_status_register(bank);
843
844 for (i = first; i <= last; i++)
845 {
846 cfi_command(bank, 0x60, command);
847 LOG_DEBUG("address: 0x%4.4" PRIx32 ", command: 0x%4.4" PRIx32, flash_address(bank, i, 0x0), target_buffer_get_u32(target, command));
848 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
849 {
850 return retval;
851 }
852 if (set)
853 {
854 cfi_command(bank, 0x01, command);
855 LOG_DEBUG("address: 0x%4.4" PRIx32 ", command: 0x%4.4" PRIx32 , flash_address(bank, i, 0x0), target_buffer_get_u32(target, command));
856 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
857 {
858 return retval;
859 }
860 bank->sectors[i].is_protected = 1;
861 }
862 else
863 {
864 cfi_command(bank, 0xd0, command);
865 LOG_DEBUG("address: 0x%4.4" PRIx32 ", command: 0x%4.4" PRIx32, flash_address(bank, i, 0x0), target_buffer_get_u32(target, command));
866 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
867 {
868 return retval;
869 }
870 bank->sectors[i].is_protected = 0;
871 }
872
873 /* instant individual block locking doesn't require reading of the status register */
874 if (!(pri_ext->feature_support & 0x20))
875 {
876 /* Clear lock bits operation may take up to 1.4s */
877 cfi_intel_wait_status_busy(bank, 1400);
878 }
879 else
880 {
881 uint8_t block_status;
882 /* read block lock bit, to verify status */
883 cfi_command(bank, 0x90, command);
884 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x55), bank->bus_width, 1, command)) != ERROR_OK)
885 {
886 return retval;
887 }
888 block_status = cfi_get_u8(bank, i, 0x2);
889
890 if ((block_status & 0x1) != set)
891 {
892 LOG_ERROR("couldn't change block lock status (set = %i, block_status = 0x%2.2x)", set, block_status);
893 cfi_command(bank, 0x70, command);
894 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x55), bank->bus_width, 1, command)) != ERROR_OK)
895 {
896 return retval;
897 }
898 cfi_intel_wait_status_busy(bank, 10);
899
900 if (retry > 10)
901 return ERROR_FLASH_OPERATION_FAILED;
902 else
903 {
904 i--;
905 retry++;
906 }
907 }
908 }
909 }
910
911 /* if the device doesn't support individual block lock bits set/clear,
912 * all blocks have been unlocked in parallel, so we set those that should be protected
913 */
914 if ((!set) && (!(pri_ext->feature_support & 0x20)))
915 {
916 for (i = 0; i < bank->num_sectors; i++)
917 {
918 if (bank->sectors[i].is_protected == 1)
919 {
920 cfi_intel_clear_status_register(bank);
921
922 cfi_command(bank, 0x60, command);
923 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
924 {
925 return retval;
926 }
927
928 cfi_command(bank, 0x01, command);
929 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
930 {
931 return retval;
932 }
933
934 cfi_intel_wait_status_busy(bank, 100);
935 }
936 }
937 }
938
939 cfi_command(bank, 0xff, command);
940 return target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command);
941 }
942
943 static int cfi_protect(struct flash_bank_s *bank, int set, int first, int last)
944 {
945 cfi_flash_bank_t *cfi_info = bank->driver_priv;
946
947 if (bank->target->state != TARGET_HALTED)
948 {
949 LOG_ERROR("Target not halted");
950 return ERROR_TARGET_NOT_HALTED;
951 }
952
953 if ((first < 0) || (last < first) || (last >= bank->num_sectors))
954 {
955 return ERROR_FLASH_SECTOR_INVALID;
956 }
957
958 if (cfi_info->qry[0] != 'Q')
959 return ERROR_FLASH_BANK_NOT_PROBED;
960
961 switch (cfi_info->pri_id)
962 {
963 case 1:
964 case 3:
965 cfi_intel_protect(bank, set, first, last);
966 break;
967 default:
968 LOG_ERROR("protect: cfi primary command set %i unsupported", cfi_info->pri_id);
969 break;
970 }
971
972 return ERROR_OK;
973 }
974
975 /* FIXME Replace this by a simple memcpy() - still unsure about sideeffects */
976 static void cfi_add_byte(struct flash_bank_s *bank, uint8_t *word, uint8_t byte)
977 {
978 /* target_t *target = bank->target; */
979
980 int i;
981
982 /* NOTE:
983 * The data to flash must not be changed in endian! We write a bytestrem in
984 * target byte order already. Only the control and status byte lane of the flash
985 * WSM is interpreted by the CPU in different ways, when read a uint16_t or uint32_t
986 * word (data seems to be in the upper or lower byte lane for uint16_t accesses).
987 */
988
989 #if 0
990 if (target->endianness == TARGET_LITTLE_ENDIAN)
991 {
992 #endif
993 /* shift bytes */
994 for (i = 0; i < bank->bus_width - 1; i++)
995 word[i] = word[i + 1];
996 word[bank->bus_width - 1] = byte;
997 #if 0
998 }
999 else
1000 {
1001 /* shift bytes */
1002 for (i = bank->bus_width - 1; i > 0; i--)
1003 word[i] = word[i - 1];
1004 word[0] = byte;
1005 }
1006 #endif
1007 }
1008
1009 /* Convert code image to target endian */
1010 /* FIXME create general block conversion fcts in target.c?) */
1011 static void cfi_fix_code_endian(target_t *target, uint8_t *dest, const uint32_t *src, uint32_t count)
1012 {
1013 uint32_t i;
1014 for (i = 0; i< count; i++)
1015 {
1016 target_buffer_set_u32(target, dest, *src);
1017 dest += 4;
1018 src++;
1019 }
1020 }
1021
1022 static uint32_t cfi_command_val(flash_bank_t *bank, uint8_t cmd)
1023 {
1024 target_t *target = bank->target;
1025
1026 uint8_t buf[CFI_MAX_BUS_WIDTH];
1027 cfi_command(bank, cmd, buf);
1028 switch (bank->bus_width)
1029 {
1030 case 1 :
1031 return buf[0];
1032 break;
1033 case 2 :
1034 return target_buffer_get_u16(target, buf);
1035 break;
1036 case 4 :
1037 return target_buffer_get_u32(target, buf);
1038 break;
1039 default :
1040 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes", bank->bus_width);
1041 return 0;
1042 }
1043 }
1044
1045 static int cfi_intel_write_block(struct flash_bank_s *bank, uint8_t *buffer, uint32_t address, uint32_t count)
1046 {
1047 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1048 target_t *target = bank->target;
1049 reg_param_t reg_params[7];
1050 armv4_5_algorithm_t armv4_5_info;
1051 working_area_t *source;
1052 uint32_t buffer_size = 32768;
1053 uint32_t write_command_val, busy_pattern_val, error_pattern_val;
1054
1055 /* algorithm register usage:
1056 * r0: source address (in RAM)
1057 * r1: target address (in Flash)
1058 * r2: count
1059 * r3: flash write command
1060 * r4: status byte (returned to host)
1061 * r5: busy test pattern
1062 * r6: error test pattern
1063 */
1064
1065 static const uint32_t word_32_code[] = {
1066 0xe4904004, /* loop: ldr r4, [r0], #4 */
1067 0xe5813000, /* str r3, [r1] */
1068 0xe5814000, /* str r4, [r1] */
1069 0xe5914000, /* busy: ldr r4, [r1] */
1070 0xe0047005, /* and r7, r4, r5 */
1071 0xe1570005, /* cmp r7, r5 */
1072 0x1afffffb, /* bne busy */
1073 0xe1140006, /* tst r4, r6 */
1074 0x1a000003, /* bne done */
1075 0xe2522001, /* subs r2, r2, #1 */
1076 0x0a000001, /* beq done */
1077 0xe2811004, /* add r1, r1 #4 */
1078 0xeafffff2, /* b loop */
1079 0xeafffffe /* done: b -2 */
1080 };
1081
1082 static const uint32_t word_16_code[] = {
1083 0xe0d040b2, /* loop: ldrh r4, [r0], #2 */
1084 0xe1c130b0, /* strh r3, [r1] */
1085 0xe1c140b0, /* strh r4, [r1] */
1086 0xe1d140b0, /* busy ldrh r4, [r1] */
1087 0xe0047005, /* and r7, r4, r5 */
1088 0xe1570005, /* cmp r7, r5 */
1089 0x1afffffb, /* bne busy */
1090 0xe1140006, /* tst r4, r6 */
1091 0x1a000003, /* bne done */
1092 0xe2522001, /* subs r2, r2, #1 */
1093 0x0a000001, /* beq done */
1094 0xe2811002, /* add r1, r1 #2 */
1095 0xeafffff2, /* b loop */
1096 0xeafffffe /* done: b -2 */
1097 };
1098
1099 static const uint32_t word_8_code[] = {
1100 0xe4d04001, /* loop: ldrb r4, [r0], #1 */
1101 0xe5c13000, /* strb r3, [r1] */
1102 0xe5c14000, /* strb r4, [r1] */
1103 0xe5d14000, /* busy ldrb r4, [r1] */
1104 0xe0047005, /* and r7, r4, r5 */
1105 0xe1570005, /* cmp r7, r5 */
1106 0x1afffffb, /* bne busy */
1107 0xe1140006, /* tst r4, r6 */
1108 0x1a000003, /* bne done */
1109 0xe2522001, /* subs r2, r2, #1 */
1110 0x0a000001, /* beq done */
1111 0xe2811001, /* add r1, r1 #1 */
1112 0xeafffff2, /* b loop */
1113 0xeafffffe /* done: b -2 */
1114 };
1115 uint8_t target_code[4*CFI_MAX_INTEL_CODESIZE];
1116 const uint32_t *target_code_src;
1117 uint32_t target_code_size;
1118 int retval = ERROR_OK;
1119
1120
1121 cfi_intel_clear_status_register(bank);
1122
1123 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
1124 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
1125 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
1126
1127 /* If we are setting up the write_algorith, we need target_code_src */
1128 /* if not we only need target_code_size. */
1129
1130 /* However, we don't want to create multiple code paths, so we */
1131 /* do the unecessary evaluation of target_code_src, which the */
1132 /* compiler will probably nicely optimize away if not needed */
1133
1134 /* prepare algorithm code for target endian */
1135 switch (bank->bus_width)
1136 {
1137 case 1 :
1138 target_code_src = word_8_code;
1139 target_code_size = sizeof(word_8_code);
1140 break;
1141 case 2 :
1142 target_code_src = word_16_code;
1143 target_code_size = sizeof(word_16_code);
1144 break;
1145 case 4 :
1146 target_code_src = word_32_code;
1147 target_code_size = sizeof(word_32_code);
1148 break;
1149 default:
1150 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes", bank->bus_width);
1151 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1152 }
1153
1154 /* flash write code */
1155 if (!cfi_info->write_algorithm)
1156 {
1157 if (target_code_size > sizeof(target_code))
1158 {
1159 LOG_WARNING("Internal error - target code buffer to small. Increase CFI_MAX_INTEL_CODESIZE and recompile.");
1160 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1161 }
1162 cfi_fix_code_endian(target, target_code, target_code_src, target_code_size / 4);
1163
1164 /* Get memory for block write handler */
1165 retval = target_alloc_working_area(target, target_code_size, &cfi_info->write_algorithm);
1166 if (retval != ERROR_OK)
1167 {
1168 LOG_WARNING("No working area available, can't do block memory writes");
1169 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1170 };
1171
1172 /* write algorithm code to working area */
1173 retval = target_write_buffer(target, cfi_info->write_algorithm->address, target_code_size, target_code);
1174 if (retval != ERROR_OK)
1175 {
1176 LOG_ERROR("Unable to write block write code to target");
1177 goto cleanup;
1178 }
1179 }
1180
1181 /* Get a workspace buffer for the data to flash starting with 32k size.
1182 Half size until buffer would be smaller 256 Bytem then fail back */
1183 /* FIXME Why 256 bytes, why not 32 bytes (smallest flash write page */
1184 while (target_alloc_working_area(target, buffer_size, &source) != ERROR_OK)
1185 {
1186 buffer_size /= 2;
1187 if (buffer_size <= 256)
1188 {
1189 LOG_WARNING("no large enough working area available, can't do block memory writes");
1190 retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1191 goto cleanup;
1192 }
1193 };
1194
1195 /* setup algo registers */
1196 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
1197 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
1198 init_reg_param(&reg_params[2], "r2", 32, PARAM_OUT);
1199 init_reg_param(&reg_params[3], "r3", 32, PARAM_OUT);
1200 init_reg_param(&reg_params[4], "r4", 32, PARAM_IN);
1201 init_reg_param(&reg_params[5], "r5", 32, PARAM_OUT);
1202 init_reg_param(&reg_params[6], "r6", 32, PARAM_OUT);
1203
1204 /* prepare command and status register patterns */
1205 write_command_val = cfi_command_val(bank, 0x40);
1206 busy_pattern_val = cfi_command_val(bank, 0x80);
1207 error_pattern_val = cfi_command_val(bank, 0x7e);
1208
1209 LOG_INFO("Using target buffer at 0x%08" PRIx32 " and of size 0x%04" PRIx32, source->address, buffer_size);
1210
1211 /* Programming main loop */
1212 while (count > 0)
1213 {
1214 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1215 uint32_t wsm_error;
1216
1217 if ((retval = target_write_buffer(target, source->address, thisrun_count, buffer)) != ERROR_OK)
1218 {
1219 goto cleanup;
1220 }
1221
1222 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1223 buf_set_u32(reg_params[1].value, 0, 32, address);
1224 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1225
1226 buf_set_u32(reg_params[3].value, 0, 32, write_command_val);
1227 buf_set_u32(reg_params[5].value, 0, 32, busy_pattern_val);
1228 buf_set_u32(reg_params[6].value, 0, 32, error_pattern_val);
1229
1230 LOG_INFO("Write 0x%04" PRIx32 " bytes to flash at 0x%08" PRIx32 , thisrun_count, address);
1231
1232 /* Execute algorithm, assume breakpoint for last instruction */
1233 retval = target_run_algorithm(target, 0, NULL, 7, reg_params,
1234 cfi_info->write_algorithm->address,
1235 cfi_info->write_algorithm->address + target_code_size - sizeof(uint32_t),
1236 10000, /* 10s should be enough for max. 32k of data */
1237 &armv4_5_info);
1238
1239 /* On failure try a fall back to direct word writes */
1240 if (retval != ERROR_OK)
1241 {
1242 cfi_intel_clear_status_register(bank);
1243 LOG_ERROR("Execution of flash algorythm failed. Can't fall back. Please report.");
1244 retval = ERROR_FLASH_OPERATION_FAILED;
1245 /* retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE; */
1246 /* FIXME To allow fall back or recovery, we must save the actual status
1247 somewhere, so that a higher level code can start recovery. */
1248 goto cleanup;
1249 }
1250
1251 /* Check return value from algo code */
1252 wsm_error = buf_get_u32(reg_params[4].value, 0, 32) & error_pattern_val;
1253 if (wsm_error)
1254 {
1255 /* read status register (outputs debug inforation) */
1256 cfi_intel_wait_status_busy(bank, 100);
1257 cfi_intel_clear_status_register(bank);
1258 retval = ERROR_FLASH_OPERATION_FAILED;
1259 goto cleanup;
1260 }
1261
1262 buffer += thisrun_count;
1263 address += thisrun_count;
1264 count -= thisrun_count;
1265 }
1266
1267 /* free up resources */
1268 cleanup:
1269 if (source)
1270 target_free_working_area(target, source);
1271
1272 if (cfi_info->write_algorithm)
1273 {
1274 target_free_working_area(target, cfi_info->write_algorithm);
1275 cfi_info->write_algorithm = NULL;
1276 }
1277
1278 destroy_reg_param(&reg_params[0]);
1279 destroy_reg_param(&reg_params[1]);
1280 destroy_reg_param(&reg_params[2]);
1281 destroy_reg_param(&reg_params[3]);
1282 destroy_reg_param(&reg_params[4]);
1283 destroy_reg_param(&reg_params[5]);
1284 destroy_reg_param(&reg_params[6]);
1285
1286 return retval;
1287 }
1288
1289 static int cfi_spansion_write_block(struct flash_bank_s *bank, uint8_t *buffer, uint32_t address, uint32_t count)
1290 {
1291 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1292 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
1293 target_t *target = bank->target;
1294 reg_param_t reg_params[10];
1295 armv4_5_algorithm_t armv4_5_info;
1296 working_area_t *source;
1297 uint32_t buffer_size = 32768;
1298 uint32_t status;
1299 int retval, retvaltemp;
1300 int exit_code = ERROR_OK;
1301
1302 /* input parameters - */
1303 /* R0 = source address */
1304 /* R1 = destination address */
1305 /* R2 = number of writes */
1306 /* R3 = flash write command */
1307 /* R4 = constant to mask DQ7 bits (also used for Dq5 with shift) */
1308 /* output parameters - */
1309 /* R5 = 0x80 ok 0x00 bad */
1310 /* temp registers - */
1311 /* R6 = value read from flash to test status */
1312 /* R7 = holding register */
1313 /* unlock registers - */
1314 /* R8 = unlock1_addr */
1315 /* R9 = unlock1_cmd */
1316 /* R10 = unlock2_addr */
1317 /* R11 = unlock2_cmd */
1318
1319 static const uint32_t word_32_code[] = {
1320 /* 00008100 <sp_32_code>: */
1321 0xe4905004, /* ldr r5, [r0], #4 */
1322 0xe5889000, /* str r9, [r8] */
1323 0xe58ab000, /* str r11, [r10] */
1324 0xe5883000, /* str r3, [r8] */
1325 0xe5815000, /* str r5, [r1] */
1326 0xe1a00000, /* nop */
1327 /* */
1328 /* 00008110 <sp_32_busy>: */
1329 0xe5916000, /* ldr r6, [r1] */
1330 0xe0257006, /* eor r7, r5, r6 */
1331 0xe0147007, /* ands r7, r4, r7 */
1332 0x0a000007, /* beq 8140 <sp_32_cont> ; b if DQ7 == Data7 */
1333 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1334 0x0afffff9, /* beq 8110 <sp_32_busy> ; b if DQ5 low */
1335 0xe5916000, /* ldr r6, [r1] */
1336 0xe0257006, /* eor r7, r5, r6 */
1337 0xe0147007, /* ands r7, r4, r7 */
1338 0x0a000001, /* beq 8140 <sp_32_cont> ; b if DQ7 == Data7 */
1339 0xe3a05000, /* mov r5, #0 ; 0x0 - return 0x00, error */
1340 0x1a000004, /* bne 8154 <sp_32_done> */
1341 /* */
1342 /* 00008140 <sp_32_cont>: */
1343 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1344 0x03a05080, /* moveq r5, #128 ; 0x80 */
1345 0x0a000001, /* beq 8154 <sp_32_done> */
1346 0xe2811004, /* add r1, r1, #4 ; 0x4 */
1347 0xeaffffe8, /* b 8100 <sp_32_code> */
1348 /* */
1349 /* 00008154 <sp_32_done>: */
1350 0xeafffffe /* b 8154 <sp_32_done> */
1351 };
1352
1353 static const uint32_t word_16_code[] = {
1354 /* 00008158 <sp_16_code>: */
1355 0xe0d050b2, /* ldrh r5, [r0], #2 */
1356 0xe1c890b0, /* strh r9, [r8] */
1357 0xe1cab0b0, /* strh r11, [r10] */
1358 0xe1c830b0, /* strh r3, [r8] */
1359 0xe1c150b0, /* strh r5, [r1] */
1360 0xe1a00000, /* nop (mov r0,r0) */
1361 /* */
1362 /* 00008168 <sp_16_busy>: */
1363 0xe1d160b0, /* ldrh r6, [r1] */
1364 0xe0257006, /* eor r7, r5, r6 */
1365 0xe0147007, /* ands r7, r4, r7 */
1366 0x0a000007, /* beq 8198 <sp_16_cont> */
1367 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1368 0x0afffff9, /* beq 8168 <sp_16_busy> */
1369 0xe1d160b0, /* ldrh r6, [r1] */
1370 0xe0257006, /* eor r7, r5, r6 */
1371 0xe0147007, /* ands r7, r4, r7 */
1372 0x0a000001, /* beq 8198 <sp_16_cont> */
1373 0xe3a05000, /* mov r5, #0 ; 0x0 */
1374 0x1a000004, /* bne 81ac <sp_16_done> */
1375 /* */
1376 /* 00008198 <sp_16_cont>: */
1377 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1378 0x03a05080, /* moveq r5, #128 ; 0x80 */
1379 0x0a000001, /* beq 81ac <sp_16_done> */
1380 0xe2811002, /* add r1, r1, #2 ; 0x2 */
1381 0xeaffffe8, /* b 8158 <sp_16_code> */
1382 /* */
1383 /* 000081ac <sp_16_done>: */
1384 0xeafffffe /* b 81ac <sp_16_done> */
1385 };
1386
1387 static const uint32_t word_16_code_dq7only[] = {
1388 /* <sp_16_code>: */
1389 0xe0d050b2, /* ldrh r5, [r0], #2 */
1390 0xe1c890b0, /* strh r9, [r8] */
1391 0xe1cab0b0, /* strh r11, [r10] */
1392 0xe1c830b0, /* strh r3, [r8] */
1393 0xe1c150b0, /* strh r5, [r1] */
1394 0xe1a00000, /* nop (mov r0,r0) */
1395 /* */
1396 /* <sp_16_busy>: */
1397 0xe1d160b0, /* ldrh r6, [r1] */
1398 0xe0257006, /* eor r7, r5, r6 */
1399 0xe2177080, /* ands r7, #0x80 */
1400 0x1afffffb, /* bne 8168 <sp_16_busy> */
1401 /* */
1402 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1403 0x03a05080, /* moveq r5, #128 ; 0x80 */
1404 0x0a000001, /* beq 81ac <sp_16_done> */
1405 0xe2811002, /* add r1, r1, #2 ; 0x2 */
1406 0xeafffff0, /* b 8158 <sp_16_code> */
1407 /* */
1408 /* 000081ac <sp_16_done>: */
1409 0xeafffffe /* b 81ac <sp_16_done> */
1410 };
1411
1412 static const uint32_t word_8_code[] = {
1413 /* 000081b0 <sp_16_code_end>: */
1414 0xe4d05001, /* ldrb r5, [r0], #1 */
1415 0xe5c89000, /* strb r9, [r8] */
1416 0xe5cab000, /* strb r11, [r10] */
1417 0xe5c83000, /* strb r3, [r8] */
1418 0xe5c15000, /* strb r5, [r1] */
1419 0xe1a00000, /* nop (mov r0,r0) */
1420 /* */
1421 /* 000081c0 <sp_8_busy>: */
1422 0xe5d16000, /* ldrb r6, [r1] */
1423 0xe0257006, /* eor r7, r5, r6 */
1424 0xe0147007, /* ands r7, r4, r7 */
1425 0x0a000007, /* beq 81f0 <sp_8_cont> */
1426 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1427 0x0afffff9, /* beq 81c0 <sp_8_busy> */
1428 0xe5d16000, /* ldrb r6, [r1] */
1429 0xe0257006, /* eor r7, r5, r6 */
1430 0xe0147007, /* ands r7, r4, r7 */
1431 0x0a000001, /* beq 81f0 <sp_8_cont> */
1432 0xe3a05000, /* mov r5, #0 ; 0x0 */
1433 0x1a000004, /* bne 8204 <sp_8_done> */
1434 /* */
1435 /* 000081f0 <sp_8_cont>: */
1436 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1437 0x03a05080, /* moveq r5, #128 ; 0x80 */
1438 0x0a000001, /* beq 8204 <sp_8_done> */
1439 0xe2811001, /* add r1, r1, #1 ; 0x1 */
1440 0xeaffffe8, /* b 81b0 <sp_16_code_end> */
1441 /* */
1442 /* 00008204 <sp_8_done>: */
1443 0xeafffffe /* b 8204 <sp_8_done> */
1444 };
1445
1446 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
1447 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
1448 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
1449
1450 int target_code_size;
1451 const uint32_t *target_code_src;
1452
1453 switch (bank->bus_width)
1454 {
1455 case 1 :
1456 target_code_src = word_8_code;
1457 target_code_size = sizeof(word_8_code);
1458 break;
1459 case 2 :
1460 /* Check for DQ5 support */
1461 if( cfi_info->status_poll_mask & (1 << 5) )
1462 {
1463 target_code_src = word_16_code;
1464 target_code_size = sizeof(word_16_code);
1465 }
1466 else
1467 {
1468 /* No DQ5 support. Use DQ7 DATA# polling only. */
1469 target_code_src = word_16_code_dq7only;
1470 target_code_size = sizeof(word_16_code_dq7only);
1471 }
1472 break;
1473 case 4 :
1474 target_code_src = word_32_code;
1475 target_code_size = sizeof(word_32_code);
1476 break;
1477 default:
1478 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes", bank->bus_width);
1479 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1480 }
1481
1482 /* flash write code */
1483 if (!cfi_info->write_algorithm)
1484 {
1485 uint8_t *target_code;
1486
1487 /* convert bus-width dependent algorithm code to correct endiannes */
1488 target_code = malloc(target_code_size);
1489 cfi_fix_code_endian(target, target_code, target_code_src, target_code_size / 4);
1490
1491 /* allocate working area */
1492 retval = target_alloc_working_area(target, target_code_size,
1493 &cfi_info->write_algorithm);
1494 if (retval != ERROR_OK)
1495 {
1496 free(target_code);
1497 return retval;
1498 }
1499
1500 /* write algorithm code to working area */
1501 if ((retval = target_write_buffer(target, cfi_info->write_algorithm->address,
1502 target_code_size, target_code)) != ERROR_OK)
1503 {
1504 free(target_code);
1505 return retval;
1506 }
1507
1508 free(target_code);
1509 }
1510 /* the following code still assumes target code is fixed 24*4 bytes */
1511
1512 while (target_alloc_working_area(target, buffer_size, &source) != ERROR_OK)
1513 {
1514 buffer_size /= 2;
1515 if (buffer_size <= 256)
1516 {
1517 /* if we already allocated the writing code, but failed to get a buffer, free the algorithm */
1518 if (cfi_info->write_algorithm)
1519 target_free_working_area(target, cfi_info->write_algorithm);
1520
1521 LOG_WARNING("not enough working area available, can't do block memory writes");
1522 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1523 }
1524 };
1525
1526 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
1527 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
1528 init_reg_param(&reg_params[2], "r2", 32, PARAM_OUT);
1529 init_reg_param(&reg_params[3], "r3", 32, PARAM_OUT);
1530 init_reg_param(&reg_params[4], "r4", 32, PARAM_OUT);
1531 init_reg_param(&reg_params[5], "r5", 32, PARAM_IN);
1532 init_reg_param(&reg_params[6], "r8", 32, PARAM_OUT);
1533 init_reg_param(&reg_params[7], "r9", 32, PARAM_OUT);
1534 init_reg_param(&reg_params[8], "r10", 32, PARAM_OUT);
1535 init_reg_param(&reg_params[9], "r11", 32, PARAM_OUT);
1536
1537 while (count > 0)
1538 {
1539 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1540
1541 retvaltemp = target_write_buffer(target, source->address, thisrun_count, buffer);
1542
1543 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1544 buf_set_u32(reg_params[1].value, 0, 32, address);
1545 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1546 buf_set_u32(reg_params[3].value, 0, 32, cfi_command_val(bank, 0xA0));
1547 buf_set_u32(reg_params[4].value, 0, 32, cfi_command_val(bank, 0x80));
1548 buf_set_u32(reg_params[6].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock1));
1549 buf_set_u32(reg_params[7].value, 0, 32, 0xaaaaaaaa);
1550 buf_set_u32(reg_params[8].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock2));
1551 buf_set_u32(reg_params[9].value, 0, 32, 0x55555555);
1552
1553 retval = target_run_algorithm(target, 0, NULL, 10, reg_params,
1554 cfi_info->write_algorithm->address,
1555 cfi_info->write_algorithm->address + ((target_code_size) - 4),
1556 10000, &armv4_5_info);
1557
1558 status = buf_get_u32(reg_params[5].value, 0, 32);
1559
1560 if ((retval != ERROR_OK) || (retvaltemp != ERROR_OK) || status != 0x80)
1561 {
1562 LOG_DEBUG("status: 0x%" PRIx32 , status);
1563 exit_code = ERROR_FLASH_OPERATION_FAILED;
1564 break;
1565 }
1566
1567 buffer += thisrun_count;
1568 address += thisrun_count;
1569 count -= thisrun_count;
1570 }
1571
1572 target_free_all_working_areas(target);
1573
1574 destroy_reg_param(&reg_params[0]);
1575 destroy_reg_param(&reg_params[1]);
1576 destroy_reg_param(&reg_params[2]);
1577 destroy_reg_param(&reg_params[3]);
1578 destroy_reg_param(&reg_params[4]);
1579 destroy_reg_param(&reg_params[5]);
1580 destroy_reg_param(&reg_params[6]);
1581 destroy_reg_param(&reg_params[7]);
1582 destroy_reg_param(&reg_params[8]);
1583 destroy_reg_param(&reg_params[9]);
1584
1585 return exit_code;
1586 }
1587
1588 static int cfi_intel_write_word(struct flash_bank_s *bank, uint8_t *word, uint32_t address)
1589 {
1590 int retval;
1591 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1592 target_t *target = bank->target;
1593 uint8_t command[8];
1594
1595 cfi_intel_clear_status_register(bank);
1596 cfi_command(bank, 0x40, command);
1597 if ((retval = target_write_memory(target, address, bank->bus_width, 1, command)) != ERROR_OK)
1598 {
1599 return retval;
1600 }
1601
1602 if ((retval = target_write_memory(target, address, bank->bus_width, 1, word)) != ERROR_OK)
1603 {
1604 return retval;
1605 }
1606
1607 if (cfi_intel_wait_status_busy(bank, 1000 * (1 << cfi_info->word_write_timeout_max)) != 0x80)
1608 {
1609 cfi_command(bank, 0xff, command);
1610 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
1611 {
1612 return retval;
1613 }
1614
1615 LOG_ERROR("couldn't write word at base 0x%" PRIx32 ", address %" PRIx32 , bank->base, address);
1616 return ERROR_FLASH_OPERATION_FAILED;
1617 }
1618
1619 return ERROR_OK;
1620 }
1621
1622 static int cfi_intel_write_words(struct flash_bank_s *bank, uint8_t *word, uint32_t wordcount, uint32_t address)
1623 {
1624 int retval;
1625 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1626 target_t *target = bank->target;
1627 uint8_t command[8];
1628
1629 /* Calculate buffer size and boundary mask */
1630 uint32_t buffersize = (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
1631 uint32_t buffermask = buffersize-1;
1632 uint32_t bufferwsize;
1633
1634 /* Check for valid range */
1635 if (address & buffermask)
1636 {
1637 LOG_ERROR("Write address at base 0x%" PRIx32 ", address %" PRIx32 " not aligned to 2^%d boundary",
1638 bank->base, address, cfi_info->max_buf_write_size);
1639 return ERROR_FLASH_OPERATION_FAILED;
1640 }
1641 switch (bank->chip_width)
1642 {
1643 case 4 : bufferwsize = buffersize / 4; break;
1644 case 2 : bufferwsize = buffersize / 2; break;
1645 case 1 : bufferwsize = buffersize; break;
1646 default:
1647 LOG_ERROR("Unsupported chip width %d", bank->chip_width);
1648 return ERROR_FLASH_OPERATION_FAILED;
1649 }
1650
1651 bufferwsize/=(bank->bus_width / bank->chip_width);
1652
1653
1654 /* Check for valid size */
1655 if (wordcount > bufferwsize)
1656 {
1657 LOG_ERROR("Number of data words %" PRId32 " exceeds available buffersize %" PRId32 , wordcount, buffersize);
1658 return ERROR_FLASH_OPERATION_FAILED;
1659 }
1660
1661 /* Write to flash buffer */
1662 cfi_intel_clear_status_register(bank);
1663
1664 /* Initiate buffer operation _*/
1665 cfi_command(bank, 0xE8, command);
1666 if ((retval = target_write_memory(target, address, bank->bus_width, 1, command)) != ERROR_OK)
1667 {
1668 return retval;
1669 }
1670 if (cfi_intel_wait_status_busy(bank, 1000 * (1 << cfi_info->buf_write_timeout_max)) != 0x80)
1671 {
1672 cfi_command(bank, 0xff, command);
1673 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
1674 {
1675 return retval;
1676 }
1677
1678 LOG_ERROR("couldn't start buffer write operation at base 0x%" PRIx32 ", address %" PRIx32 , bank->base, address);
1679 return ERROR_FLASH_OPERATION_FAILED;
1680 }
1681
1682 /* Write buffer wordcount-1 and data words */
1683 cfi_command(bank, bufferwsize-1, command);
1684 if ((retval = target_write_memory(target, address, bank->bus_width, 1, command)) != ERROR_OK)
1685 {
1686 return retval;
1687 }
1688
1689 if ((retval = target_write_memory(target, address, bank->bus_width, bufferwsize, word)) != ERROR_OK)
1690 {
1691 return retval;
1692 }
1693
1694 /* Commit write operation */
1695 cfi_command(bank, 0xd0, command);
1696 if ((retval = target_write_memory(target, address, bank->bus_width, 1, command)) != ERROR_OK)
1697 {
1698 return retval;
1699 }
1700 if (cfi_intel_wait_status_busy(bank, 1000 * (1 << cfi_info->buf_write_timeout_max)) != 0x80)
1701 {
1702 cfi_command(bank, 0xff, command);
1703 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
1704 {
1705 return retval;
1706 }
1707
1708 LOG_ERROR("Buffer write at base 0x%" PRIx32 ", address %" PRIx32 " failed.", bank->base, address);
1709 return ERROR_FLASH_OPERATION_FAILED;
1710 }
1711
1712 return ERROR_OK;
1713 }
1714
1715 static int cfi_spansion_write_word(struct flash_bank_s *bank, uint8_t *word, uint32_t address)
1716 {
1717 int retval;
1718 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1719 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
1720 target_t *target = bank->target;
1721 uint8_t command[8];
1722
1723 cfi_command(bank, 0xaa, command);
1724 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
1725 {
1726 return retval;
1727 }
1728
1729 cfi_command(bank, 0x55, command);
1730 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock2), bank->bus_width, 1, command)) != ERROR_OK)
1731 {
1732 return retval;
1733 }
1734
1735 cfi_command(bank, 0xa0, command);
1736 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
1737 {
1738 return retval;
1739 }
1740
1741 if ((retval = target_write_memory(target, address, bank->bus_width, 1, word)) != ERROR_OK)
1742 {
1743 return retval;
1744 }
1745
1746 if (cfi_spansion_wait_status_busy(bank, 1000 * (1 << cfi_info->word_write_timeout_max)) != ERROR_OK)
1747 {
1748 cfi_command(bank, 0xf0, command);
1749 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
1750 {
1751 return retval;
1752 }
1753
1754 LOG_ERROR("couldn't write word at base 0x%" PRIx32 ", address %" PRIx32 , bank->base, address);
1755 return ERROR_FLASH_OPERATION_FAILED;
1756 }
1757
1758 return ERROR_OK;
1759 }
1760
1761 static int cfi_spansion_write_words(struct flash_bank_s *bank, uint8_t *word, uint32_t wordcount, uint32_t address)
1762 {
1763 int retval;
1764 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1765 target_t *target = bank->target;
1766 uint8_t command[8];
1767 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
1768
1769 /* Calculate buffer size and boundary mask */
1770 uint32_t buffersize = (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
1771 uint32_t buffermask = buffersize-1;
1772 uint32_t bufferwsize;
1773
1774 /* Check for valid range */
1775 if (address & buffermask)
1776 {
1777 LOG_ERROR("Write address at base 0x%" PRIx32 ", address %" PRIx32 " not aligned to 2^%d boundary", bank->base, address, cfi_info->max_buf_write_size);
1778 return ERROR_FLASH_OPERATION_FAILED;
1779 }
1780 switch (bank->chip_width)
1781 {
1782 case 4 : bufferwsize = buffersize / 4; break;
1783 case 2 : bufferwsize = buffersize / 2; break;
1784 case 1 : bufferwsize = buffersize; break;
1785 default:
1786 LOG_ERROR("Unsupported chip width %d", bank->chip_width);
1787 return ERROR_FLASH_OPERATION_FAILED;
1788 }
1789
1790 bufferwsize/=(bank->bus_width / bank->chip_width);
1791
1792 /* Check for valid size */
1793 if (wordcount > bufferwsize)
1794 {
1795 LOG_ERROR("Number of data words %" PRId32 " exceeds available buffersize %" PRId32, wordcount, buffersize);
1796 return ERROR_FLASH_OPERATION_FAILED;
1797 }
1798
1799 // Unlock
1800 cfi_command(bank, 0xaa, command);
1801 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
1802 {
1803 return retval;
1804 }
1805
1806 cfi_command(bank, 0x55, command);
1807 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock2), bank->bus_width, 1, command)) != ERROR_OK)
1808 {
1809 return retval;
1810 }
1811
1812 // Buffer load command
1813 cfi_command(bank, 0x25, command);
1814 if ((retval = target_write_memory(target, address, bank->bus_width, 1, command)) != ERROR_OK)
1815 {
1816 return retval;
1817 }
1818
1819 /* Write buffer wordcount-1 and data words */
1820 cfi_command(bank, bufferwsize-1, command);
1821 if ((retval = target_write_memory(target, address, bank->bus_width, 1, command)) != ERROR_OK)
1822 {
1823 return retval;
1824 }
1825
1826 if ((retval = target_write_memory(target, address, bank->bus_width, bufferwsize, word)) != ERROR_OK)
1827 {
1828 return retval;
1829 }
1830
1831 /* Commit write operation */
1832 cfi_command(bank, 0x29, command);
1833 if ((retval = target_write_memory(target, address, bank->bus_width, 1, command)) != ERROR_OK)
1834 {
1835 return retval;
1836 }
1837
1838 if (cfi_spansion_wait_status_busy(bank, 1000 * (1 << cfi_info->word_write_timeout_max)) != ERROR_OK)
1839 {
1840 cfi_command(bank, 0xf0, command);
1841 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
1842 {
1843 return retval;
1844 }
1845
1846 LOG_ERROR("couldn't write block at base 0x%" PRIx32 ", address %" PRIx32 ", size %" PRIx32 , bank->base, address, bufferwsize);
1847 return ERROR_FLASH_OPERATION_FAILED;
1848 }
1849
1850 return ERROR_OK;
1851 }
1852
1853 static int cfi_write_word(struct flash_bank_s *bank, uint8_t *word, uint32_t address)
1854 {
1855 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1856
1857 switch (cfi_info->pri_id)
1858 {
1859 case 1:
1860 case 3:
1861 return cfi_intel_write_word(bank, word, address);
1862 break;
1863 case 2:
1864 return cfi_spansion_write_word(bank, word, address);
1865 break;
1866 default:
1867 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
1868 break;
1869 }
1870
1871 return ERROR_FLASH_OPERATION_FAILED;
1872 }
1873
1874 static int cfi_write_words(struct flash_bank_s *bank, uint8_t *word, uint32_t wordcount, uint32_t address)
1875 {
1876 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1877
1878 switch (cfi_info->pri_id)
1879 {
1880 case 1:
1881 case 3:
1882 return cfi_intel_write_words(bank, word, wordcount, address);
1883 break;
1884 case 2:
1885 return cfi_spansion_write_words(bank, word, wordcount, address);
1886 break;
1887 default:
1888 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
1889 break;
1890 }
1891
1892 return ERROR_FLASH_OPERATION_FAILED;
1893 }
1894
1895 int cfi_write(struct flash_bank_s *bank, uint8_t *buffer, uint32_t offset, uint32_t count)
1896 {
1897 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1898 target_t *target = bank->target;
1899 uint32_t address = bank->base + offset; /* address of first byte to be programmed */
1900 uint32_t write_p, copy_p;
1901 int align; /* number of unaligned bytes */
1902 int blk_count; /* number of bus_width bytes for block copy */
1903 uint8_t current_word[CFI_MAX_BUS_WIDTH * 4]; /* word (bus_width size) currently being programmed */
1904 int i;
1905 int retval;
1906
1907 if (bank->target->state != TARGET_HALTED)
1908 {
1909 LOG_ERROR("Target not halted");
1910 return ERROR_TARGET_NOT_HALTED;
1911 }
1912
1913 if (offset + count > bank->size)
1914 return ERROR_FLASH_DST_OUT_OF_BANK;
1915
1916 if (cfi_info->qry[0] != 'Q')
1917 return ERROR_FLASH_BANK_NOT_PROBED;
1918
1919 /* start at the first byte of the first word (bus_width size) */
1920 write_p = address & ~(bank->bus_width - 1);
1921 if ((align = address - write_p) != 0)
1922 {
1923 LOG_INFO("Fixup %d unaligned head bytes", align);
1924
1925 for (i = 0; i < bank->bus_width; i++)
1926 current_word[i] = 0;
1927 copy_p = write_p;
1928
1929 /* copy bytes before the first write address */
1930 for (i = 0; i < align; ++i, ++copy_p)
1931 {
1932 uint8_t byte;
1933 if ((retval = target_read_memory(target, copy_p, 1, 1, &byte)) != ERROR_OK)
1934 {
1935 return retval;
1936 }
1937 cfi_add_byte(bank, current_word, byte);
1938 }
1939
1940 /* add bytes from the buffer */
1941 for (; (i < bank->bus_width) && (count > 0); i++)
1942 {
1943 cfi_add_byte(bank, current_word, *buffer++);
1944 count--;
1945 copy_p++;
1946 }
1947
1948 /* if the buffer is already finished, copy bytes after the last write address */
1949 for (; (count == 0) && (i < bank->bus_width); ++i, ++copy_p)
1950 {
1951 uint8_t byte;
1952 if ((retval = target_read_memory(target, copy_p, 1, 1, &byte)) != ERROR_OK)
1953 {
1954 return retval;
1955 }
1956 cfi_add_byte(bank, current_word, byte);
1957 }
1958
1959 retval = cfi_write_word(bank, current_word, write_p);
1960 if (retval != ERROR_OK)
1961 return retval;
1962 write_p = copy_p;
1963 }
1964
1965 /* handle blocks of bus_size aligned bytes */
1966 blk_count = count & ~(bank->bus_width - 1); /* round down, leave tail bytes */
1967 switch (cfi_info->pri_id)
1968 {
1969 /* try block writes (fails without working area) */
1970 case 1:
1971 case 3:
1972 retval = cfi_intel_write_block(bank, buffer, write_p, blk_count);
1973 break;
1974 case 2:
1975 retval = cfi_spansion_write_block(bank, buffer, write_p, blk_count);
1976 break;
1977 default:
1978 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
1979 retval = ERROR_FLASH_OPERATION_FAILED;
1980 break;
1981 }
1982 if (retval == ERROR_OK)
1983 {
1984 /* Increment pointers and decrease count on succesful block write */
1985 buffer += blk_count;
1986 write_p += blk_count;
1987 count -= blk_count;
1988 }
1989 else
1990 {
1991 if (retval == ERROR_TARGET_RESOURCE_NOT_AVAILABLE)
1992 {
1993 //adjust buffersize for chip width
1994 uint32_t buffersize = (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
1995 uint32_t buffermask = buffersize-1;
1996 uint32_t bufferwsize;
1997
1998 switch (bank->chip_width)
1999 {
2000 case 4 : bufferwsize = buffersize / 4; break;
2001 case 2 : bufferwsize = buffersize / 2; break;
2002 case 1 : bufferwsize = buffersize; break;
2003 default:
2004 LOG_ERROR("Unsupported chip width %d", bank->chip_width);
2005 return ERROR_FLASH_OPERATION_FAILED;
2006 }
2007
2008 bufferwsize/=(bank->bus_width / bank->chip_width);
2009
2010 /* fall back to memory writes */
2011 while (count >= (uint32_t)bank->bus_width)
2012 {
2013 int fallback;
2014 if ((write_p & 0xff) == 0)
2015 {
2016 LOG_INFO("Programming at %08" PRIx32 ", count %08" PRIx32 " bytes remaining", write_p, count);
2017 }
2018 fallback = 1;
2019 if ((bufferwsize > 0) && (count >= buffersize) && !(write_p & buffermask))
2020 {
2021 retval = cfi_write_words(bank, buffer, bufferwsize, write_p);
2022 if (retval == ERROR_OK)
2023 {
2024 buffer += buffersize;
2025 write_p += buffersize;
2026 count -= buffersize;
2027 fallback = 0;
2028 }
2029 }
2030 /* try the slow way? */
2031 if (fallback)
2032 {
2033 for (i = 0; i < bank->bus_width; i++)
2034 current_word[i] = 0;
2035
2036 for (i = 0; i < bank->bus_width; i++)
2037 {
2038 cfi_add_byte(bank, current_word, *buffer++);
2039 }
2040
2041 retval = cfi_write_word(bank, current_word, write_p);
2042 if (retval != ERROR_OK)
2043 return retval;
2044
2045 write_p += bank->bus_width;
2046 count -= bank->bus_width;
2047 }
2048 }
2049 }
2050 else
2051 return retval;
2052 }
2053
2054 /* return to read array mode, so we can read from flash again for padding */
2055 cfi_command(bank, 0xf0, current_word);
2056 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, current_word)) != ERROR_OK)
2057 {
2058 return retval;
2059 }
2060 cfi_command(bank, 0xff, current_word);
2061 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, current_word)) != ERROR_OK)
2062 {
2063 return retval;
2064 }
2065
2066 /* handle unaligned tail bytes */
2067 if (count > 0)
2068 {
2069 LOG_INFO("Fixup %" PRId32 " unaligned tail bytes", count);
2070
2071 copy_p = write_p;
2072 for (i = 0; i < bank->bus_width; i++)
2073 current_word[i] = 0;
2074
2075 for (i = 0; (i < bank->bus_width) && (count > 0); ++i, ++copy_p)
2076 {
2077 cfi_add_byte(bank, current_word, *buffer++);
2078 count--;
2079 }
2080 for (; i < bank->bus_width; ++i, ++copy_p)
2081 {
2082 uint8_t byte;
2083 if ((retval = target_read_memory(target, copy_p, 1, 1, &byte)) != ERROR_OK)
2084 {
2085 return retval;
2086 }
2087 cfi_add_byte(bank, current_word, byte);
2088 }
2089 retval = cfi_write_word(bank, current_word, write_p);
2090 if (retval != ERROR_OK)
2091 return retval;
2092 }
2093
2094 /* return to read array mode */
2095 cfi_command(bank, 0xf0, current_word);
2096 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, current_word)) != ERROR_OK)
2097 {
2098 return retval;
2099 }
2100 cfi_command(bank, 0xff, current_word);
2101 return target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, current_word);
2102 }
2103
2104 static void cfi_fixup_atmel_reversed_erase_regions(flash_bank_t *bank, void *param)
2105 {
2106 (void) param;
2107 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2108 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
2109
2110 pri_ext->_reversed_geometry = 1;
2111 }
2112
2113 static void cfi_fixup_0002_erase_regions(flash_bank_t *bank, void *param)
2114 {
2115 int i;
2116 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2117 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
2118 (void) param;
2119
2120 if ((pri_ext->_reversed_geometry) || (pri_ext->TopBottom == 3))
2121 {
2122 LOG_DEBUG("swapping reversed erase region information on cmdset 0002 device");
2123
2124 for (i = 0; i < cfi_info->num_erase_regions / 2; i++)
2125 {
2126 int j = (cfi_info->num_erase_regions - 1) - i;
2127 uint32_t swap;
2128
2129 swap = cfi_info->erase_region_info[i];
2130 cfi_info->erase_region_info[i] = cfi_info->erase_region_info[j];
2131 cfi_info->erase_region_info[j] = swap;
2132 }
2133 }
2134 }
2135
2136 static void cfi_fixup_0002_unlock_addresses(flash_bank_t *bank, void *param)
2137 {
2138 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2139 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
2140 cfi_unlock_addresses_t *unlock_addresses = param;
2141
2142 pri_ext->_unlock1 = unlock_addresses->unlock1;
2143 pri_ext->_unlock2 = unlock_addresses->unlock2;
2144 }
2145
2146
2147 static int cfi_query_string(struct flash_bank_s *bank, int address)
2148 {
2149 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2150 target_t *target = bank->target;
2151 int retval;
2152 uint8_t command[8];
2153
2154 cfi_command(bank, 0x98, command);
2155 if ((retval = target_write_memory(target, flash_address(bank, 0, address), bank->bus_width, 1, command)) != ERROR_OK)
2156 {
2157 return retval;
2158 }
2159
2160 cfi_info->qry[0] = cfi_query_u8(bank, 0, 0x10);
2161 cfi_info->qry[1] = cfi_query_u8(bank, 0, 0x11);
2162 cfi_info->qry[2] = cfi_query_u8(bank, 0, 0x12);
2163
2164 LOG_DEBUG("CFI qry returned: 0x%2.2x 0x%2.2x 0x%2.2x", cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2]);
2165
2166 if ((cfi_info->qry[0] != 'Q') || (cfi_info->qry[1] != 'R') || (cfi_info->qry[2] != 'Y'))
2167 {
2168 cfi_command(bank, 0xf0, command);
2169 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
2170 {
2171 return retval;
2172 }
2173 cfi_command(bank, 0xff, command);
2174 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
2175 {
2176 return retval;
2177 }
2178 LOG_ERROR("Could not probe bank: no QRY");
2179 return ERROR_FLASH_BANK_INVALID;
2180 }
2181
2182 return ERROR_OK;
2183 }
2184
2185 static int cfi_probe(struct flash_bank_s *bank)
2186 {
2187 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2188 target_t *target = bank->target;
2189 uint8_t command[8];
2190 int num_sectors = 0;
2191 int i;
2192 int sector = 0;
2193 uint32_t unlock1 = 0x555;
2194 uint32_t unlock2 = 0x2aa;
2195 int retval;
2196
2197 if (bank->target->state != TARGET_HALTED)
2198 {
2199 LOG_ERROR("Target not halted");
2200 return ERROR_TARGET_NOT_HALTED;
2201 }
2202
2203 cfi_info->probed = 0;
2204
2205 /* JEDEC standard JESD21C uses 0x5555 and 0x2aaa as unlock addresses,
2206 * while CFI compatible AMD/Spansion flashes use 0x555 and 0x2aa
2207 */
2208 if (cfi_info->jedec_probe)
2209 {
2210 unlock1 = 0x5555;
2211 unlock2 = 0x2aaa;
2212 }
2213
2214 /* switch to read identifier codes mode ("AUTOSELECT") */
2215 cfi_command(bank, 0xaa, command);
2216 if ((retval = target_write_memory(target, flash_address(bank, 0, unlock1), bank->bus_width, 1, command)) != ERROR_OK)
2217 {
2218 return retval;
2219 }
2220 cfi_command(bank, 0x55, command);
2221 if ((retval = target_write_memory(target, flash_address(bank, 0, unlock2), bank->bus_width, 1, command)) != ERROR_OK)
2222 {
2223 return retval;
2224 }
2225 cfi_command(bank, 0x90, command);
2226 if ((retval = target_write_memory(target, flash_address(bank, 0, unlock1), bank->bus_width, 1, command)) != ERROR_OK)
2227 {
2228 return retval;
2229 }
2230
2231 if (bank->chip_width == 1)
2232 {
2233 uint8_t manufacturer, device_id;
2234 if ((retval = target_read_u8(target, flash_address(bank, 0, 0x00), &manufacturer)) != ERROR_OK)
2235 {
2236 return retval;
2237 }
2238 if ((retval = target_read_u8(target, flash_address(bank, 0, 0x01), &device_id)) != ERROR_OK)
2239 {
2240 return retval;
2241 }
2242 cfi_info->manufacturer = manufacturer;
2243 cfi_info->device_id = device_id;
2244 }
2245 else if (bank->chip_width == 2)
2246 {
2247 if ((retval = target_read_u16(target, flash_address(bank, 0, 0x00), &cfi_info->manufacturer)) != ERROR_OK)
2248 {
2249 return retval;
2250 }
2251 if ((retval = target_read_u16(target, flash_address(bank, 0, 0x01), &cfi_info->device_id)) != ERROR_OK)
2252 {
2253 return retval;
2254 }
2255 }
2256
2257 LOG_INFO("Flash Manufacturer/Device: 0x%04x 0x%04x", cfi_info->manufacturer, cfi_info->device_id);
2258 /* switch back to read array mode */
2259 cfi_command(bank, 0xf0, command);
2260 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x00), bank->bus_width, 1, command)) != ERROR_OK)
2261 {
2262 return retval;
2263 }
2264 cfi_command(bank, 0xff, command);
2265 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x00), bank->bus_width, 1, command)) != ERROR_OK)
2266 {
2267 return retval;
2268 }
2269
2270 /* check device/manufacturer ID for known non-CFI flashes. */
2271 cfi_fixup_non_cfi(bank);
2272
2273 /* query only if this is a CFI compatible flash,
2274 * otherwise the relevant info has already been filled in
2275 */
2276 if (cfi_info->not_cfi == 0)
2277 {
2278 int retval;
2279
2280 /* enter CFI query mode
2281 * according to JEDEC Standard No. 68.01,
2282 * a single bus sequence with address = 0x55, data = 0x98 should put
2283 * the device into CFI query mode.
2284 *
2285 * SST flashes clearly violate this, and we will consider them incompatbile for now
2286 */
2287
2288 retval = cfi_query_string(bank, 0x55);
2289 if (retval != ERROR_OK)
2290 {
2291 /*
2292 * Spansion S29WS-N CFI query fix is to try 0x555 if 0x55 fails. Should
2293 * be harmless enough:
2294 *
2295 * http://www.infradead.org/pipermail/linux-mtd/2005-September/013618.html
2296 */
2297 LOG_USER("Try workaround w/0x555 instead of 0x55 to get QRY.");
2298 retval = cfi_query_string(bank, 0x555);
2299 }
2300 if (retval != ERROR_OK)
2301 return retval;
2302
2303 cfi_info->pri_id = cfi_query_u16(bank, 0, 0x13);
2304 cfi_info->pri_addr = cfi_query_u16(bank, 0, 0x15);
2305 cfi_info->alt_id = cfi_query_u16(bank, 0, 0x17);
2306 cfi_info->alt_addr = cfi_query_u16(bank, 0, 0x19);
2307
2308 LOG_DEBUG("qry: '%c%c%c', pri_id: 0x%4.4x, pri_addr: 0x%4.4x, alt_id: 0x%4.4x, alt_addr: 0x%4.4x", cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2], cfi_info->pri_id, cfi_info->pri_addr, cfi_info->alt_id, cfi_info->alt_addr);
2309
2310 cfi_info->vcc_min = cfi_query_u8(bank, 0, 0x1b);
2311 cfi_info->vcc_max = cfi_query_u8(bank, 0, 0x1c);
2312 cfi_info->vpp_min = cfi_query_u8(bank, 0, 0x1d);
2313 cfi_info->vpp_max = cfi_query_u8(bank, 0, 0x1e);
2314 cfi_info->word_write_timeout_typ = cfi_query_u8(bank, 0, 0x1f);
2315 cfi_info->buf_write_timeout_typ = cfi_query_u8(bank, 0, 0x20);
2316 cfi_info->block_erase_timeout_typ = cfi_query_u8(bank, 0, 0x21);
2317 cfi_info->chip_erase_timeout_typ = cfi_query_u8(bank, 0, 0x22);
2318 cfi_info->word_write_timeout_max = cfi_query_u8(bank, 0, 0x23);
2319 cfi_info->buf_write_timeout_max = cfi_query_u8(bank, 0, 0x24);
2320 cfi_info->block_erase_timeout_max = cfi_query_u8(bank, 0, 0x25);
2321 cfi_info->chip_erase_timeout_max = cfi_query_u8(bank, 0, 0x26);
2322
2323 LOG_DEBUG("Vcc min: %1.1x.%1.1x, Vcc max: %1.1x.%1.1x, Vpp min: %1.1x.%1.1x, Vpp max: %1.1x.%1.1x",
2324 (cfi_info->vcc_min & 0xf0) >> 4, cfi_info->vcc_min & 0x0f,
2325 (cfi_info->vcc_max & 0xf0) >> 4, cfi_info->vcc_max & 0x0f,
2326 (cfi_info->vpp_min & 0xf0) >> 4, cfi_info->vpp_min & 0x0f,
2327 (cfi_info->vpp_max & 0xf0) >> 4, cfi_info->vpp_max & 0x0f);
2328 LOG_DEBUG("typ. word write timeout: %u, typ. buf write timeout: %u, typ. block erase timeout: %u, typ. chip erase timeout: %u", 1 << cfi_info->word_write_timeout_typ, 1 << cfi_info->buf_write_timeout_typ,
2329 1 << cfi_info->block_erase_timeout_typ, 1 << cfi_info->chip_erase_timeout_typ);
2330 LOG_DEBUG("max. word write timeout: %u, max. buf write timeout: %u, max. block erase timeout: %u, max. chip erase timeout: %u", (1 << cfi_info->word_write_timeout_max) * (1 << cfi_info->word_write_timeout_typ),
2331 (1 << cfi_info->buf_write_timeout_max) * (1 << cfi_info->buf_write_timeout_typ),
2332 (1 << cfi_info->block_erase_timeout_max) * (1 << cfi_info->block_erase_timeout_typ),
2333 (1 << cfi_info->chip_erase_timeout_max) * (1 << cfi_info->chip_erase_timeout_typ));
2334
2335 cfi_info->dev_size = 1 << cfi_query_u8(bank, 0, 0x27);
2336 cfi_info->interface_desc = cfi_query_u16(bank, 0, 0x28);
2337 cfi_info->max_buf_write_size = cfi_query_u16(bank, 0, 0x2a);
2338 cfi_info->num_erase_regions = cfi_query_u8(bank, 0, 0x2c);
2339
2340 LOG_DEBUG("size: 0x%" PRIx32 ", interface desc: %i, max buffer write size: %x", cfi_info->dev_size, cfi_info->interface_desc, (1 << cfi_info->max_buf_write_size));
2341
2342 if (cfi_info->num_erase_regions)
2343 {
2344 cfi_info->erase_region_info = malloc(4 * cfi_info->num_erase_regions);
2345 for (i = 0; i < cfi_info->num_erase_regions; i++)
2346 {
2347 cfi_info->erase_region_info[i] = cfi_query_u32(bank, 0, 0x2d + (4 * i));
2348 LOG_DEBUG("erase region[%i]: %" PRIu32 " blocks of size 0x%" PRIx32 "",
2349 i,
2350 (cfi_info->erase_region_info[i] & 0xffff) + 1,
2351 (cfi_info->erase_region_info[i] >> 16) * 256);
2352 }
2353 }
2354 else
2355 {
2356 cfi_info->erase_region_info = NULL;
2357 }
2358
2359 /* We need to read the primary algorithm extended query table before calculating
2360 * the sector layout to be able to apply fixups
2361 */
2362 switch (cfi_info->pri_id)
2363 {
2364 /* Intel command set (standard and extended) */
2365 case 0x0001:
2366 case 0x0003:
2367 cfi_read_intel_pri_ext(bank);
2368 break;
2369 /* AMD/Spansion, Atmel, ... command set */
2370 case 0x0002:
2371 cfi_info->status_poll_mask = CFI_STATUS_POLL_MASK_DQ5_DQ6_DQ7; /* default for all CFI flashs */
2372 cfi_read_0002_pri_ext(bank);
2373 break;
2374 default:
2375 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2376 break;
2377 }
2378
2379 /* return to read array mode
2380 * we use both reset commands, as some Intel flashes fail to recognize the 0xF0 command
2381 */
2382 cfi_command(bank, 0xf0, command);
2383 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
2384 {
2385 return retval;
2386 }
2387 cfi_command(bank, 0xff, command);
2388 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
2389 {
2390 return retval;
2391 }
2392 } /* end CFI case */
2393
2394 /* apply fixups depending on the primary command set */
2395 switch (cfi_info->pri_id)
2396 {
2397 /* Intel command set (standard and extended) */
2398 case 0x0001:
2399 case 0x0003:
2400 cfi_fixup(bank, cfi_0001_fixups);
2401 break;
2402 /* AMD/Spansion, Atmel, ... command set */
2403 case 0x0002:
2404 cfi_fixup(bank, cfi_0002_fixups);
2405 break;
2406 default:
2407 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2408 break;
2409 }
2410
2411 if ((cfi_info->dev_size * bank->bus_width / bank->chip_width) != bank->size)
2412 {
2413 LOG_WARNING("configuration specifies 0x%" PRIx32 " size, but a 0x%" PRIx32 " size flash was found", bank->size, cfi_info->dev_size);
2414 }
2415
2416 if (cfi_info->num_erase_regions == 0)
2417 {
2418 /* a device might have only one erase block, spanning the whole device */
2419 bank->num_sectors = 1;
2420 bank->sectors = malloc(sizeof(flash_sector_t));
2421
2422 bank->sectors[sector].offset = 0x0;
2423 bank->sectors[sector].size = bank->size;
2424 bank->sectors[sector].is_erased = -1;
2425 bank->sectors[sector].is_protected = -1;
2426 }
2427 else
2428 {
2429 uint32_t offset = 0;
2430
2431 for (i = 0; i < cfi_info->num_erase_regions; i++)
2432 {
2433 num_sectors += (cfi_info->erase_region_info[i] & 0xffff) + 1;
2434 }
2435
2436 bank->num_sectors = num_sectors;
2437 bank->sectors = malloc(sizeof(flash_sector_t) * num_sectors);
2438
2439 for (i = 0; i < cfi_info->num_erase_regions; i++)
2440 {
2441 uint32_t j;
2442 for (j = 0; j < (cfi_info->erase_region_info[i] & 0xffff) + 1; j++)
2443 {
2444 bank->sectors[sector].offset = offset;
2445 bank->sectors[sector].size = ((cfi_info->erase_region_info[i] >> 16) * 256) * bank->bus_width / bank->chip_width;
2446 offset += bank->sectors[sector].size;
2447 bank->sectors[sector].is_erased = -1;
2448 bank->sectors[sector].is_protected = -1;
2449 sector++;
2450 }
2451 }
2452 if (offset != (cfi_info->dev_size * bank->bus_width / bank->chip_width))
2453 {
2454 LOG_WARNING("CFI size is 0x%" PRIx32 ", but total sector size is 0x%" PRIx32 "", \
2455 (cfi_info->dev_size * bank->bus_width / bank->chip_width), offset);
2456 }
2457 }
2458
2459 cfi_info->probed = 1;
2460
2461 return ERROR_OK;
2462 }
2463
2464 static int cfi_auto_probe(struct flash_bank_s *bank)
2465 {
2466 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2467 if (cfi_info->probed)
2468 return ERROR_OK;
2469 return cfi_probe(bank);
2470 }
2471
2472
2473 static int cfi_intel_protect_check(struct flash_bank_s *bank)
2474 {
2475 int retval;
2476 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2477 cfi_intel_pri_ext_t *pri_ext = cfi_info->pri_ext;
2478 target_t *target = bank->target;
2479 uint8_t command[CFI_MAX_BUS_WIDTH];
2480 int i;
2481
2482 /* check if block lock bits are supported on this device */
2483 if (!(pri_ext->blk_status_reg_mask & 0x1))
2484 return ERROR_FLASH_OPERATION_FAILED;
2485
2486 cfi_command(bank, 0x90, command);
2487 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x55), bank->bus_width, 1, command)) != ERROR_OK)
2488 {
2489 return retval;
2490 }
2491
2492 for (i = 0; i < bank->num_sectors; i++)
2493 {
2494 uint8_t block_status = cfi_get_u8(bank, i, 0x2);
2495
2496 if (block_status & 1)
2497 bank->sectors[i].is_protected = 1;
2498 else
2499 bank->sectors[i].is_protected = 0;
2500 }
2501
2502 cfi_command(bank, 0xff, command);
2503 return target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command);
2504 }
2505
2506 static int cfi_spansion_protect_check(struct flash_bank_s *bank)
2507 {
2508 int retval;
2509 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2510 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
2511 target_t *target = bank->target;
2512 uint8_t command[8];
2513 int i;
2514
2515 cfi_command(bank, 0xaa, command);
2516 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
2517 {
2518 return retval;
2519 }
2520
2521 cfi_command(bank, 0x55, command);
2522 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock2), bank->bus_width, 1, command)) != ERROR_OK)
2523 {
2524 return retval;
2525 }
2526
2527 cfi_command(bank, 0x90, command);
2528 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
2529 {
2530 return retval;
2531 }
2532
2533 for (i = 0; i < bank->num_sectors; i++)
2534 {
2535 uint8_t block_status = cfi_get_u8(bank, i, 0x2);
2536
2537 if (block_status & 1)
2538 bank->sectors[i].is_protected = 1;
2539 else
2540 bank->sectors[i].is_protected = 0;
2541 }
2542
2543 cfi_command(bank, 0xf0, command);
2544 return target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command);
2545 }
2546
2547 static int cfi_protect_check(struct flash_bank_s *bank)
2548 {
2549 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2550
2551 if (bank->target->state != TARGET_HALTED)
2552 {
2553 LOG_ERROR("Target not halted");
2554 return ERROR_TARGET_NOT_HALTED;
2555 }
2556
2557 if (cfi_info->qry[0] != 'Q')
2558 return ERROR_FLASH_BANK_NOT_PROBED;
2559
2560 switch (cfi_info->pri_id)
2561 {
2562 case 1:
2563 case 3:
2564 return cfi_intel_protect_check(bank);
2565 break;
2566 case 2:
2567 return cfi_spansion_protect_check(bank);
2568 break;
2569 default:
2570 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2571 break;
2572 }
2573
2574 return ERROR_OK;
2575 }
2576
2577 static int cfi_info(struct flash_bank_s *bank, char *buf, int buf_size)
2578 {
2579 int printed;
2580 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2581
2582 if (cfi_info->qry[0] == (char)-1)
2583 {
2584 printed = snprintf(buf, buf_size, "\ncfi flash bank not probed yet\n");
2585 return ERROR_OK;
2586 }
2587
2588 if (cfi_info->not_cfi == 0)
2589 printed = snprintf(buf, buf_size, "\ncfi information:\n");
2590 else
2591 printed = snprintf(buf, buf_size, "\nnon-cfi flash:\n");
2592 buf += printed;
2593 buf_size -= printed;
2594
2595 printed = snprintf(buf, buf_size, "\nmfr: 0x%4.4x, id:0x%4.4x\n",
2596 cfi_info->manufacturer, cfi_info->device_id);
2597 buf += printed;
2598 buf_size -= printed;
2599
2600 if (cfi_info->not_cfi == 0)
2601 {
2602 printed = snprintf(buf, buf_size, "qry: '%c%c%c', pri_id: 0x%4.4x, pri_addr: 0x%4.4x, alt_id: 0x%4.4x, alt_addr: 0x%4.4x\n", cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2], cfi_info->pri_id, cfi_info->pri_addr, cfi_info->alt_id, cfi_info->alt_addr);
2603 buf += printed;
2604 buf_size -= printed;
2605
2606 printed = snprintf(buf, buf_size, "Vcc min: %1.1x.%1.1x, Vcc max: %1.1x.%1.1x, Vpp min: %1.1x.%1.1x, Vpp max: %1.1x.%1.1x\n",
2607 (cfi_info->vcc_min & 0xf0) >> 4, cfi_info->vcc_min & 0x0f,
2608 (cfi_info->vcc_max & 0xf0) >> 4, cfi_info->vcc_max & 0x0f,
2609 (cfi_info->vpp_min & 0xf0) >> 4, cfi_info->vpp_min & 0x0f,
2610 (cfi_info->vpp_max & 0xf0) >> 4, cfi_info->vpp_max & 0x0f);
2611 buf += printed;
2612 buf_size -= printed;
2613
2614 printed = snprintf(buf, buf_size, "typ. word write timeout: %u, typ. buf write timeout: %u, typ. block erase timeout: %u, typ. chip erase timeout: %u\n",
2615 1 << cfi_info->word_write_timeout_typ,
2616 1 << cfi_info->buf_write_timeout_typ,
2617 1 << cfi_info->block_erase_timeout_typ,
2618 1 << cfi_info->chip_erase_timeout_typ);
2619 buf += printed;
2620 buf_size -= printed;
2621
2622 printed = snprintf(buf, buf_size, "max. word write timeout: %u, max. buf write timeout: %u, max. block erase timeout: %u, max. chip erase timeout: %u\n",
2623 (1 << cfi_info->word_write_timeout_max) * (1 << cfi_info->word_write_timeout_typ),
2624 (1 << cfi_info->buf_write_timeout_max) * (1 << cfi_info->buf_write_timeout_typ),
2625 (1 << cfi_info->block_erase_timeout_max) * (1 << cfi_info->block_erase_timeout_typ),
2626 (1 << cfi_info->chip_erase_timeout_max) * (1 << cfi_info->chip_erase_timeout_typ));
2627 buf += printed;
2628 buf_size -= printed;
2629
2630 printed = snprintf(buf, buf_size, "size: 0x%" PRIx32 ", interface desc: %i, max buffer write size: %x\n",
2631 cfi_info->dev_size,
2632 cfi_info->interface_desc,
2633 1 << cfi_info->max_buf_write_size);
2634 buf += printed;
2635 buf_size -= printed;
2636
2637 switch (cfi_info->pri_id)
2638 {
2639 case 1:
2640 case 3:
2641 cfi_intel_info(bank, buf, buf_size);
2642 break;
2643 case 2:
2644 cfi_spansion_info(bank, buf, buf_size);
2645 break;
2646 default:
2647 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2648 break;
2649 }
2650 }
2651
2652 return ERROR_OK;
2653 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)