Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Make it easier to erase or protect through to the end
[openocd.git] / src / flash / cfi.c
1 /***************************************************************************
2 * Copyright (C) 2005, 2007 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * Copyright (C) 2009 Michael Schwingen *
5 * michael@schwingen.org *
6 * *
7 * This program is free software; you can redistribute it and/or modify *
8 * it under the terms of the GNU General Public License as published by *
9 * the Free Software Foundation; either version 2 of the License, or *
10 * (at your option) any later version. *
11 * *
12 * This program is distributed in the hope that it will be useful, *
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
15 * GNU General Public License for more details. *
16 * *
17 * You should have received a copy of the GNU General Public License *
18 * along with this program; if not, write to the *
19 * Free Software Foundation, Inc., *
20 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
21 ***************************************************************************/
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25
26 #include "cfi.h"
27 #include "non_cfi.h"
28 #include "armv4_5.h"
29 #include "binarybuffer.h"
30
31
32 static int cfi_register_commands(struct command_context_s *cmd_ctx);
33 static int cfi_flash_bank_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc, struct flash_bank_s *bank);
34 static int cfi_erase(struct flash_bank_s *bank, int first, int last);
35 static int cfi_protect(struct flash_bank_s *bank, int set, int first, int last);
36 static int cfi_write(struct flash_bank_s *bank, uint8_t *buffer, uint32_t offset, uint32_t count);
37 static int cfi_probe(struct flash_bank_s *bank);
38 static int cfi_auto_probe(struct flash_bank_s *bank);
39 static int cfi_protect_check(struct flash_bank_s *bank);
40 static int cfi_info(struct flash_bank_s *bank, char *buf, int buf_size);
41
42 //static int cfi_handle_part_id_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
43
44 #define CFI_MAX_BUS_WIDTH 4
45 #define CFI_MAX_CHIP_WIDTH 4
46
47 /* defines internal maximum size for code fragment in cfi_intel_write_block() */
48 #define CFI_MAX_INTEL_CODESIZE 256
49
50 flash_driver_t cfi_flash =
51 {
52 .name = "cfi",
53 .register_commands = cfi_register_commands,
54 .flash_bank_command = cfi_flash_bank_command,
55 .erase = cfi_erase,
56 .protect = cfi_protect,
57 .write = cfi_write,
58 .probe = cfi_probe,
59 .auto_probe = cfi_auto_probe,
60 .erase_check = default_flash_blank_check,
61 .protect_check = cfi_protect_check,
62 .info = cfi_info
63 };
64
65 static cfi_unlock_addresses_t cfi_unlock_addresses[] =
66 {
67 [CFI_UNLOCK_555_2AA] = { .unlock1 = 0x555, .unlock2 = 0x2aa },
68 [CFI_UNLOCK_5555_2AAA] = { .unlock1 = 0x5555, .unlock2 = 0x2aaa },
69 };
70
71 /* CFI fixups foward declarations */
72 static void cfi_fixup_0002_erase_regions(flash_bank_t *flash, void *param);
73 static void cfi_fixup_0002_unlock_addresses(flash_bank_t *flash, void *param);
74 static void cfi_fixup_atmel_reversed_erase_regions(flash_bank_t *flash, void *param);
75
76 /* fixup after reading cmdset 0002 primary query table */
77 static const cfi_fixup_t cfi_0002_fixups[] = {
78 {CFI_MFR_SST, 0x00D4, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
79 {CFI_MFR_SST, 0x00D5, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
80 {CFI_MFR_SST, 0x00D6, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
81 {CFI_MFR_SST, 0x00D7, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
82 {CFI_MFR_SST, 0x2780, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
83 {CFI_MFR_ATMEL, 0x00C8, cfi_fixup_atmel_reversed_erase_regions, NULL},
84 {CFI_MFR_FUJITSU, 0x226b, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
85 {CFI_MFR_AMIC, 0xb31a, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
86 {CFI_MFR_MX, 0x225b, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
87 {CFI_MFR_AMD, 0x225b, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
88 {CFI_MFR_ANY, CFI_ID_ANY, cfi_fixup_0002_erase_regions, NULL},
89 {0, 0, NULL, NULL}
90 };
91
92 /* fixup after reading cmdset 0001 primary query table */
93 static const cfi_fixup_t cfi_0001_fixups[] = {
94 {0, 0, NULL, NULL}
95 };
96
97 static void cfi_fixup(flash_bank_t *bank, const cfi_fixup_t *fixups)
98 {
99 cfi_flash_bank_t *cfi_info = bank->driver_priv;
100 const cfi_fixup_t *f;
101
102 for (f = fixups; f->fixup; f++)
103 {
104 if (((f->mfr == CFI_MFR_ANY) || (f->mfr == cfi_info->manufacturer)) &&
105 ((f->id == CFI_ID_ANY) || (f->id == cfi_info->device_id)))
106 {
107 f->fixup(bank, f->param);
108 }
109 }
110 }
111
112 /* inline uint32_t flash_address(flash_bank_t *bank, int sector, uint32_t offset) */
113 static __inline__ uint32_t flash_address(flash_bank_t *bank, int sector, uint32_t offset)
114 {
115 cfi_flash_bank_t *cfi_info = bank->driver_priv;
116
117 if (cfi_info->x16_as_x8) offset *= 2;
118
119 /* while the sector list isn't built, only accesses to sector 0 work */
120 if (sector == 0)
121 return bank->base + offset * bank->bus_width;
122 else
123 {
124 if (!bank->sectors)
125 {
126 LOG_ERROR("BUG: sector list not yet built");
127 exit(-1);
128 }
129 return bank->base + bank->sectors[sector].offset + offset * bank->bus_width;
130 }
131
132 }
133
134 static void cfi_command(flash_bank_t *bank, uint8_t cmd, uint8_t *cmd_buf)
135 {
136 int i;
137
138 /* clear whole buffer, to ensure bits that exceed the bus_width
139 * are set to zero
140 */
141 for (i = 0; i < CFI_MAX_BUS_WIDTH; i++)
142 cmd_buf[i] = 0;
143
144 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
145 {
146 for (i = bank->bus_width; i > 0; i--)
147 {
148 *cmd_buf++ = (i & (bank->chip_width - 1)) ? 0x0 : cmd;
149 }
150 }
151 else
152 {
153 for (i = 1; i <= bank->bus_width; i++)
154 {
155 *cmd_buf++ = (i & (bank->chip_width - 1)) ? 0x0 : cmd;
156 }
157 }
158 }
159
160 /* read unsigned 8-bit value from the bank
161 * flash banks are expected to be made of similar chips
162 * the query result should be the same for all
163 */
164 static uint8_t cfi_query_u8(flash_bank_t *bank, int sector, uint32_t offset)
165 {
166 target_t *target = bank->target;
167 uint8_t data[CFI_MAX_BUS_WIDTH];
168
169 target_read_memory(target, flash_address(bank, sector, offset), bank->bus_width, 1, data);
170
171 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
172 return data[0];
173 else
174 return data[bank->bus_width - 1];
175 }
176
177 /* read unsigned 8-bit value from the bank
178 * in case of a bank made of multiple chips,
179 * the individual values are ORed
180 */
181 static uint8_t cfi_get_u8(flash_bank_t *bank, int sector, uint32_t offset)
182 {
183 target_t *target = bank->target;
184 uint8_t data[CFI_MAX_BUS_WIDTH];
185 int i;
186
187 target_read_memory(target, flash_address(bank, sector, offset), bank->bus_width, 1, data);
188
189 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
190 {
191 for (i = 0; i < bank->bus_width / bank->chip_width; i++)
192 data[0] |= data[i];
193
194 return data[0];
195 }
196 else
197 {
198 uint8_t value = 0;
199 for (i = 0; i < bank->bus_width / bank->chip_width; i++)
200 value |= data[bank->bus_width - 1 - i];
201
202 return value;
203 }
204 }
205
206 static uint16_t cfi_query_u16(flash_bank_t *bank, int sector, uint32_t offset)
207 {
208 target_t *target = bank->target;
209 cfi_flash_bank_t *cfi_info = bank->driver_priv;
210 uint8_t data[CFI_MAX_BUS_WIDTH * 2];
211
212 if (cfi_info->x16_as_x8)
213 {
214 uint8_t i;
215 for (i = 0;i < 2;i++)
216 target_read_memory(target, flash_address(bank, sector, offset + i), bank->bus_width, 1,
217 &data[i*bank->bus_width]);
218 }
219 else
220 target_read_memory(target, flash_address(bank, sector, offset), bank->bus_width, 2, data);
221
222 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
223 return data[0] | data[bank->bus_width] << 8;
224 else
225 return data[bank->bus_width - 1] | data[(2 * bank->bus_width) - 1] << 8;
226 }
227
228 static uint32_t cfi_query_u32(flash_bank_t *bank, int sector, uint32_t offset)
229 {
230 target_t *target = bank->target;
231 cfi_flash_bank_t *cfi_info = bank->driver_priv;
232 uint8_t data[CFI_MAX_BUS_WIDTH * 4];
233
234 if (cfi_info->x16_as_x8)
235 {
236 uint8_t i;
237 for (i = 0;i < 4;i++)
238 target_read_memory(target, flash_address(bank, sector, offset + i), bank->bus_width, 1,
239 &data[i*bank->bus_width]);
240 }
241 else
242 target_read_memory(target, flash_address(bank, sector, offset), bank->bus_width, 4, data);
243
244 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
245 return data[0] | data[bank->bus_width] << 8 | data[bank->bus_width * 2] << 16 | data[bank->bus_width * 3] << 24;
246 else
247 return data[bank->bus_width - 1] | data[(2* bank->bus_width) - 1] << 8 |
248 data[(3 * bank->bus_width) - 1] << 16 | data[(4 * bank->bus_width) - 1] << 24;
249 }
250
251 static void cfi_intel_clear_status_register(flash_bank_t *bank)
252 {
253 target_t *target = bank->target;
254 uint8_t command[8];
255
256 if (target->state != TARGET_HALTED)
257 {
258 LOG_ERROR("BUG: attempted to clear status register while target wasn't halted");
259 exit(-1);
260 }
261
262 cfi_command(bank, 0x50, command);
263 target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command);
264 }
265
266 uint8_t cfi_intel_wait_status_busy(flash_bank_t *bank, int timeout)
267 {
268 uint8_t status;
269
270 while ((!((status = cfi_get_u8(bank, 0, 0x0)) & 0x80)) && (timeout-- > 0))
271 {
272 LOG_DEBUG("status: 0x%x", status);
273 alive_sleep(1);
274 }
275
276 /* mask out bit 0 (reserved) */
277 status = status & 0xfe;
278
279 LOG_DEBUG("status: 0x%x", status);
280
281 if ((status & 0x80) != 0x80)
282 {
283 LOG_ERROR("timeout while waiting for WSM to become ready");
284 }
285 else if (status != 0x80)
286 {
287 LOG_ERROR("status register: 0x%x", status);
288 if (status & 0x2)
289 LOG_ERROR("Block Lock-Bit Detected, Operation Abort");
290 if (status & 0x4)
291 LOG_ERROR("Program suspended");
292 if (status & 0x8)
293 LOG_ERROR("Low Programming Voltage Detected, Operation Aborted");
294 if (status & 0x10)
295 LOG_ERROR("Program Error / Error in Setting Lock-Bit");
296 if (status & 0x20)
297 LOG_ERROR("Error in Block Erasure or Clear Lock-Bits");
298 if (status & 0x40)
299 LOG_ERROR("Block Erase Suspended");
300
301 cfi_intel_clear_status_register(bank);
302 }
303
304 return status;
305 }
306
307 int cfi_spansion_wait_status_busy(flash_bank_t *bank, int timeout)
308 {
309 uint8_t status, oldstatus;
310 cfi_flash_bank_t *cfi_info = bank->driver_priv;
311
312 oldstatus = cfi_get_u8(bank, 0, 0x0);
313
314 do {
315 status = cfi_get_u8(bank, 0, 0x0);
316 if ((status ^ oldstatus) & 0x40) {
317 if (status & cfi_info->status_poll_mask & 0x20) {
318 oldstatus = cfi_get_u8(bank, 0, 0x0);
319 status = cfi_get_u8(bank, 0, 0x0);
320 if ((status ^ oldstatus) & 0x40) {
321 LOG_ERROR("dq5 timeout, status: 0x%x", status);
322 return(ERROR_FLASH_OPERATION_FAILED);
323 } else {
324 LOG_DEBUG("status: 0x%x", status);
325 return(ERROR_OK);
326 }
327 }
328 } else { /* no toggle: finished, OK */
329 LOG_DEBUG("status: 0x%x", status);
330 return(ERROR_OK);
331 }
332
333 oldstatus = status;
334 alive_sleep(1);
335 } while (timeout-- > 0);
336
337 LOG_ERROR("timeout, status: 0x%x", status);
338
339 return(ERROR_FLASH_BUSY);
340 }
341
342 static int cfi_read_intel_pri_ext(flash_bank_t *bank)
343 {
344 int retval;
345 cfi_flash_bank_t *cfi_info = bank->driver_priv;
346 cfi_intel_pri_ext_t *pri_ext = malloc(sizeof(cfi_intel_pri_ext_t));
347 target_t *target = bank->target;
348 uint8_t command[8];
349
350 cfi_info->pri_ext = pri_ext;
351
352 pri_ext->pri[0] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0);
353 pri_ext->pri[1] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1);
354 pri_ext->pri[2] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2);
355
356 if ((pri_ext->pri[0] != 'P') || (pri_ext->pri[1] != 'R') || (pri_ext->pri[2] != 'I'))
357 {
358 cfi_command(bank, 0xf0, command);
359 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
360 {
361 return retval;
362 }
363 cfi_command(bank, 0xff, command);
364 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
365 {
366 return retval;
367 }
368 LOG_ERROR("Could not read bank flash bank information");
369 return ERROR_FLASH_BANK_INVALID;
370 }
371
372 pri_ext->major_version = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3);
373 pri_ext->minor_version = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4);
374
375 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", pri_ext->pri[0], pri_ext->pri[1], pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
376
377 pri_ext->feature_support = cfi_query_u32(bank, 0, cfi_info->pri_addr + 5);
378 pri_ext->suspend_cmd_support = cfi_query_u8(bank, 0, cfi_info->pri_addr + 9);
379 pri_ext->blk_status_reg_mask = cfi_query_u16(bank, 0, cfi_info->pri_addr + 0xa);
380
381 LOG_DEBUG("feature_support: 0x%" PRIx32 ", suspend_cmd_support: 0x%x, blk_status_reg_mask: 0x%x",
382 pri_ext->feature_support,
383 pri_ext->suspend_cmd_support,
384 pri_ext->blk_status_reg_mask);
385
386 pri_ext->vcc_optimal = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xc);
387 pri_ext->vpp_optimal = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xd);
388
389 LOG_DEBUG("Vcc opt: %1.1x.%1.1x, Vpp opt: %1.1x.%1.1x",
390 (pri_ext->vcc_optimal & 0xf0) >> 4, pri_ext->vcc_optimal & 0x0f,
391 (pri_ext->vpp_optimal & 0xf0) >> 4, pri_ext->vpp_optimal & 0x0f);
392
393 pri_ext->num_protection_fields = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xe);
394 if (pri_ext->num_protection_fields != 1)
395 {
396 LOG_WARNING("expected one protection register field, but found %i", pri_ext->num_protection_fields);
397 }
398
399 pri_ext->prot_reg_addr = cfi_query_u16(bank, 0, cfi_info->pri_addr + 0xf);
400 pri_ext->fact_prot_reg_size = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0x11);
401 pri_ext->user_prot_reg_size = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0x12);
402
403 LOG_DEBUG("protection_fields: %i, prot_reg_addr: 0x%x, factory pre-programmed: %i, user programmable: %i", pri_ext->num_protection_fields, pri_ext->prot_reg_addr, 1 << pri_ext->fact_prot_reg_size, 1 << pri_ext->user_prot_reg_size);
404
405 return ERROR_OK;
406 }
407
408 static int cfi_read_spansion_pri_ext(flash_bank_t *bank)
409 {
410 int retval;
411 cfi_flash_bank_t *cfi_info = bank->driver_priv;
412 cfi_spansion_pri_ext_t *pri_ext = malloc(sizeof(cfi_spansion_pri_ext_t));
413 target_t *target = bank->target;
414 uint8_t command[8];
415
416 cfi_info->pri_ext = pri_ext;
417
418 pri_ext->pri[0] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0);
419 pri_ext->pri[1] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1);
420 pri_ext->pri[2] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2);
421
422 if ((pri_ext->pri[0] != 'P') || (pri_ext->pri[1] != 'R') || (pri_ext->pri[2] != 'I'))
423 {
424 cfi_command(bank, 0xf0, command);
425 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
426 {
427 return retval;
428 }
429 LOG_ERROR("Could not read spansion bank information");
430 return ERROR_FLASH_BANK_INVALID;
431 }
432
433 pri_ext->major_version = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3);
434 pri_ext->minor_version = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4);
435
436 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", pri_ext->pri[0], pri_ext->pri[1], pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
437
438 pri_ext->SiliconRevision = cfi_query_u8(bank, 0, cfi_info->pri_addr + 5);
439 pri_ext->EraseSuspend = cfi_query_u8(bank, 0, cfi_info->pri_addr + 6);
440 pri_ext->BlkProt = cfi_query_u8(bank, 0, cfi_info->pri_addr + 7);
441 pri_ext->TmpBlkUnprotect = cfi_query_u8(bank, 0, cfi_info->pri_addr + 8);
442 pri_ext->BlkProtUnprot = cfi_query_u8(bank, 0, cfi_info->pri_addr + 9);
443 pri_ext->SimultaneousOps = cfi_query_u8(bank, 0, cfi_info->pri_addr + 10);
444 pri_ext->BurstMode = cfi_query_u8(bank, 0, cfi_info->pri_addr + 11);
445 pri_ext->PageMode = cfi_query_u8(bank, 0, cfi_info->pri_addr + 12);
446 pri_ext->VppMin = cfi_query_u8(bank, 0, cfi_info->pri_addr + 13);
447 pri_ext->VppMax = cfi_query_u8(bank, 0, cfi_info->pri_addr + 14);
448 pri_ext->TopBottom = cfi_query_u8(bank, 0, cfi_info->pri_addr + 15);
449
450 LOG_DEBUG("Silicon Revision: 0x%x, Erase Suspend: 0x%x, Block protect: 0x%x", pri_ext->SiliconRevision,
451 pri_ext->EraseSuspend, pri_ext->BlkProt);
452
453 LOG_DEBUG("Temporary Unprotect: 0x%x, Block Protect Scheme: 0x%x, Simultaneous Ops: 0x%x", pri_ext->TmpBlkUnprotect,
454 pri_ext->BlkProtUnprot, pri_ext->SimultaneousOps);
455
456 LOG_DEBUG("Burst Mode: 0x%x, Page Mode: 0x%x, ", pri_ext->BurstMode, pri_ext->PageMode);
457
458
459 LOG_DEBUG("Vpp min: %2.2d.%1.1d, Vpp max: %2.2d.%1.1x",
460 (pri_ext->VppMin & 0xf0) >> 4, pri_ext->VppMin & 0x0f,
461 (pri_ext->VppMax & 0xf0) >> 4, pri_ext->VppMax & 0x0f);
462
463 LOG_DEBUG("WP# protection 0x%x", pri_ext->TopBottom);
464
465 /* default values for implementation specific workarounds */
466 pri_ext->_unlock1 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock1;
467 pri_ext->_unlock2 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock2;
468 pri_ext->_reversed_geometry = 0;
469
470 return ERROR_OK;
471 }
472
473 static int cfi_read_atmel_pri_ext(flash_bank_t *bank)
474 {
475 int retval;
476 cfi_atmel_pri_ext_t atmel_pri_ext;
477 cfi_flash_bank_t *cfi_info = bank->driver_priv;
478 cfi_spansion_pri_ext_t *pri_ext = malloc(sizeof(cfi_spansion_pri_ext_t));
479 target_t *target = bank->target;
480 uint8_t command[8];
481
482 /* ATMEL devices use the same CFI primary command set (0x2) as AMD/Spansion,
483 * but a different primary extended query table.
484 * We read the atmel table, and prepare a valid AMD/Spansion query table.
485 */
486
487 memset(pri_ext, 0, sizeof(cfi_spansion_pri_ext_t));
488
489 cfi_info->pri_ext = pri_ext;
490
491 atmel_pri_ext.pri[0] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0);
492 atmel_pri_ext.pri[1] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1);
493 atmel_pri_ext.pri[2] = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2);
494
495 if ((atmel_pri_ext.pri[0] != 'P') || (atmel_pri_ext.pri[1] != 'R') || (atmel_pri_ext.pri[2] != 'I'))
496 {
497 cfi_command(bank, 0xf0, command);
498 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
499 {
500 return retval;
501 }
502 LOG_ERROR("Could not read atmel bank information");
503 return ERROR_FLASH_BANK_INVALID;
504 }
505
506 pri_ext->pri[0] = atmel_pri_ext.pri[0];
507 pri_ext->pri[1] = atmel_pri_ext.pri[1];
508 pri_ext->pri[2] = atmel_pri_ext.pri[2];
509
510 atmel_pri_ext.major_version = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3);
511 atmel_pri_ext.minor_version = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4);
512
513 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", atmel_pri_ext.pri[0], atmel_pri_ext.pri[1], atmel_pri_ext.pri[2], atmel_pri_ext.major_version, atmel_pri_ext.minor_version);
514
515 pri_ext->major_version = atmel_pri_ext.major_version;
516 pri_ext->minor_version = atmel_pri_ext.minor_version;
517
518 atmel_pri_ext.features = cfi_query_u8(bank, 0, cfi_info->pri_addr + 5);
519 atmel_pri_ext.bottom_boot = cfi_query_u8(bank, 0, cfi_info->pri_addr + 6);
520 atmel_pri_ext.burst_mode = cfi_query_u8(bank, 0, cfi_info->pri_addr + 7);
521 atmel_pri_ext.page_mode = cfi_query_u8(bank, 0, cfi_info->pri_addr + 8);
522
523 LOG_DEBUG("features: 0x%2.2x, bottom_boot: 0x%2.2x, burst_mode: 0x%2.2x, page_mode: 0x%2.2x",
524 atmel_pri_ext.features, atmel_pri_ext.bottom_boot, atmel_pri_ext.burst_mode, atmel_pri_ext.page_mode);
525
526 if (atmel_pri_ext.features & 0x02)
527 pri_ext->EraseSuspend = 2;
528
529 if (atmel_pri_ext.bottom_boot)
530 pri_ext->TopBottom = 2;
531 else
532 pri_ext->TopBottom = 3;
533
534 pri_ext->_unlock1 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock1;
535 pri_ext->_unlock2 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock2;
536
537 return ERROR_OK;
538 }
539
540 static int cfi_read_0002_pri_ext(flash_bank_t *bank)
541 {
542 cfi_flash_bank_t *cfi_info = bank->driver_priv;
543
544 if (cfi_info->manufacturer == CFI_MFR_ATMEL)
545 {
546 return cfi_read_atmel_pri_ext(bank);
547 }
548 else
549 {
550 return cfi_read_spansion_pri_ext(bank);
551 }
552 }
553
554 static int cfi_spansion_info(struct flash_bank_s *bank, char *buf, int buf_size)
555 {
556 int printed;
557 cfi_flash_bank_t *cfi_info = bank->driver_priv;
558 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
559
560 printed = snprintf(buf, buf_size, "\nSpansion primary algorithm extend information:\n");
561 buf += printed;
562 buf_size -= printed;
563
564 printed = snprintf(buf, buf_size, "pri: '%c%c%c', version: %c.%c\n", pri_ext->pri[0],
565 pri_ext->pri[1], pri_ext->pri[2],
566 pri_ext->major_version, pri_ext->minor_version);
567 buf += printed;
568 buf_size -= printed;
569
570 printed = snprintf(buf, buf_size, "Silicon Rev.: 0x%x, Address Sensitive unlock: 0x%x\n",
571 (pri_ext->SiliconRevision) >> 2,
572 (pri_ext->SiliconRevision) & 0x03);
573 buf += printed;
574 buf_size -= printed;
575
576 printed = snprintf(buf, buf_size, "Erase Suspend: 0x%x, Sector Protect: 0x%x\n",
577 pri_ext->EraseSuspend,
578 pri_ext->BlkProt);
579 buf += printed;
580 buf_size -= printed;
581
582 printed = snprintf(buf, buf_size, "VppMin: %2.2d.%1.1x, VppMax: %2.2d.%1.1x\n",
583 (pri_ext->VppMin & 0xf0) >> 4, pri_ext->VppMin & 0x0f,
584 (pri_ext->VppMax & 0xf0) >> 4, pri_ext->VppMax & 0x0f);
585
586 return ERROR_OK;
587 }
588
589 static int cfi_intel_info(struct flash_bank_s *bank, char *buf, int buf_size)
590 {
591 int printed;
592 cfi_flash_bank_t *cfi_info = bank->driver_priv;
593 cfi_intel_pri_ext_t *pri_ext = cfi_info->pri_ext;
594
595 printed = snprintf(buf, buf_size, "\nintel primary algorithm extend information:\n");
596 buf += printed;
597 buf_size -= printed;
598
599 printed = snprintf(buf, buf_size, "pri: '%c%c%c', version: %c.%c\n", pri_ext->pri[0], pri_ext->pri[1], pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
600 buf += printed;
601 buf_size -= printed;
602
603 printed = snprintf(buf, buf_size, "feature_support: 0x%" PRIx32 ", suspend_cmd_support: 0x%x, blk_status_reg_mask: 0x%x\n", pri_ext->feature_support, pri_ext->suspend_cmd_support, pri_ext->blk_status_reg_mask);
604 buf += printed;
605 buf_size -= printed;
606
607 printed = snprintf(buf, buf_size, "Vcc opt: %1.1x.%1.1x, Vpp opt: %1.1x.%1.1x\n",
608 (pri_ext->vcc_optimal & 0xf0) >> 4, pri_ext->vcc_optimal & 0x0f,
609 (pri_ext->vpp_optimal & 0xf0) >> 4, pri_ext->vpp_optimal & 0x0f);
610 buf += printed;
611 buf_size -= printed;
612
613 printed = snprintf(buf, buf_size, "protection_fields: %i, prot_reg_addr: 0x%x, factory pre-programmed: %i, user programmable: %i\n", pri_ext->num_protection_fields, pri_ext->prot_reg_addr, 1 << pri_ext->fact_prot_reg_size, 1 << pri_ext->user_prot_reg_size);
614
615 return ERROR_OK;
616 }
617
618 static int cfi_register_commands(struct command_context_s *cmd_ctx)
619 {
620 /*command_t *cfi_cmd = */
621 register_command(cmd_ctx, NULL, "cfi", NULL, COMMAND_ANY, "flash bank cfi <base> <size> <chip_width> <bus_width> <targetNum> [jedec_probe/x16_as_x8]");
622 /*
623 register_command(cmd_ctx, cfi_cmd, "part_id", cfi_handle_part_id_command, COMMAND_EXEC,
624 "print part id of cfi flash bank <num>");
625 */
626 return ERROR_OK;
627 }
628
629 /* flash_bank cfi <base> <size> <chip_width> <bus_width> <target#> [options]
630 */
631 static int cfi_flash_bank_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc, struct flash_bank_s *bank)
632 {
633 cfi_flash_bank_t *cfi_info;
634 int i;
635 (void) cmd_ctx;
636 (void) cmd;
637
638 if (argc < 6)
639 {
640 LOG_WARNING("incomplete flash_bank cfi configuration");
641 return ERROR_FLASH_BANK_INVALID;
642 }
643
644 if ((strtoul(args[4], NULL, 0) > CFI_MAX_CHIP_WIDTH)
645 || (strtoul(args[3], NULL, 0) > CFI_MAX_BUS_WIDTH))
646 {
647 LOG_ERROR("chip and bus width have to specified in bytes");
648 return ERROR_FLASH_BANK_INVALID;
649 }
650
651 cfi_info = malloc(sizeof(cfi_flash_bank_t));
652 cfi_info->probed = 0;
653 bank->driver_priv = cfi_info;
654
655 cfi_info->write_algorithm = NULL;
656
657 cfi_info->x16_as_x8 = 0;
658 cfi_info->jedec_probe = 0;
659 cfi_info->not_cfi = 0;
660
661 for (i = 6; i < argc; i++)
662 {
663 if (strcmp(args[i], "x16_as_x8") == 0)
664 {
665 cfi_info->x16_as_x8 = 1;
666 }
667 else if (strcmp(args[i], "jedec_probe") == 0)
668 {
669 cfi_info->jedec_probe = 1;
670 }
671 }
672
673 cfi_info->write_algorithm = NULL;
674
675 /* bank wasn't probed yet */
676 cfi_info->qry[0] = -1;
677
678 return ERROR_OK;
679 }
680
681 static int cfi_intel_erase(struct flash_bank_s *bank, int first, int last)
682 {
683 int retval;
684 cfi_flash_bank_t *cfi_info = bank->driver_priv;
685 target_t *target = bank->target;
686 uint8_t command[8];
687 int i;
688
689 cfi_intel_clear_status_register(bank);
690
691 for (i = first; i <= last; i++)
692 {
693 cfi_command(bank, 0x20, command);
694 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
695 {
696 return retval;
697 }
698
699 cfi_command(bank, 0xd0, command);
700 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
701 {
702 return retval;
703 }
704
705 if (cfi_intel_wait_status_busy(bank, 1000 * (1 << cfi_info->block_erase_timeout_typ)) == 0x80)
706 bank->sectors[i].is_erased = 1;
707 else
708 {
709 cfi_command(bank, 0xff, command);
710 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
711 {
712 return retval;
713 }
714
715 LOG_ERROR("couldn't erase block %i of flash bank at base 0x%" PRIx32 , i, bank->base);
716 return ERROR_FLASH_OPERATION_FAILED;
717 }
718 }
719
720 cfi_command(bank, 0xff, command);
721 return target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command);
722
723 }
724
725 static int cfi_spansion_erase(struct flash_bank_s *bank, int first, int last)
726 {
727 int retval;
728 cfi_flash_bank_t *cfi_info = bank->driver_priv;
729 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
730 target_t *target = bank->target;
731 uint8_t command[8];
732 int i;
733
734 for (i = first; i <= last; i++)
735 {
736 cfi_command(bank, 0xaa, command);
737 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
738 {
739 return retval;
740 }
741
742 cfi_command(bank, 0x55, command);
743 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock2), bank->bus_width, 1, command)) != ERROR_OK)
744 {
745 return retval;
746 }
747
748 cfi_command(bank, 0x80, command);
749 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
750 {
751 return retval;
752 }
753
754 cfi_command(bank, 0xaa, command);
755 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
756 {
757 return retval;
758 }
759
760 cfi_command(bank, 0x55, command);
761 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock2), bank->bus_width, 1, command)) != ERROR_OK)
762 {
763 return retval;
764 }
765
766 cfi_command(bank, 0x30, command);
767 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
768 {
769 return retval;
770 }
771
772 if (cfi_spansion_wait_status_busy(bank, 1000 * (1 << cfi_info->block_erase_timeout_typ)) == ERROR_OK)
773 bank->sectors[i].is_erased = 1;
774 else
775 {
776 cfi_command(bank, 0xf0, command);
777 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
778 {
779 return retval;
780 }
781
782 LOG_ERROR("couldn't erase block %i of flash bank at base 0x%" PRIx32, i, bank->base);
783 return ERROR_FLASH_OPERATION_FAILED;
784 }
785 }
786
787 cfi_command(bank, 0xf0, command);
788 return target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command);
789 }
790
791 static int cfi_erase(struct flash_bank_s *bank, int first, int last)
792 {
793 cfi_flash_bank_t *cfi_info = bank->driver_priv;
794
795 if (bank->target->state != TARGET_HALTED)
796 {
797 LOG_ERROR("Target not halted");
798 return ERROR_TARGET_NOT_HALTED;
799 }
800
801 if ((first < 0) || (last < first) || (last >= bank->num_sectors))
802 {
803 return ERROR_FLASH_SECTOR_INVALID;
804 }
805
806 if (cfi_info->qry[0] != 'Q')
807 return ERROR_FLASH_BANK_NOT_PROBED;
808
809 switch (cfi_info->pri_id)
810 {
811 case 1:
812 case 3:
813 return cfi_intel_erase(bank, first, last);
814 break;
815 case 2:
816 return cfi_spansion_erase(bank, first, last);
817 break;
818 default:
819 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
820 break;
821 }
822
823 return ERROR_OK;
824 }
825
826 static int cfi_intel_protect(struct flash_bank_s *bank, int set, int first, int last)
827 {
828 int retval;
829 cfi_flash_bank_t *cfi_info = bank->driver_priv;
830 cfi_intel_pri_ext_t *pri_ext = cfi_info->pri_ext;
831 target_t *target = bank->target;
832 uint8_t command[8];
833 int retry = 0;
834 int i;
835
836 /* if the device supports neither legacy lock/unlock (bit 3) nor
837 * instant individual block locking (bit 5).
838 */
839 if (!(pri_ext->feature_support & 0x28))
840 return ERROR_FLASH_OPERATION_FAILED;
841
842 cfi_intel_clear_status_register(bank);
843
844 for (i = first; i <= last; i++)
845 {
846 cfi_command(bank, 0x60, command);
847 LOG_DEBUG("address: 0x%4.4" PRIx32 ", command: 0x%4.4" PRIx32, flash_address(bank, i, 0x0), target_buffer_get_u32(target, command));
848 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
849 {
850 return retval;
851 }
852 if (set)
853 {
854 cfi_command(bank, 0x01, command);
855 LOG_DEBUG("address: 0x%4.4" PRIx32 ", command: 0x%4.4" PRIx32 , flash_address(bank, i, 0x0), target_buffer_get_u32(target, command));
856 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
857 {
858 return retval;
859 }
860 bank->sectors[i].is_protected = 1;
861 }
862 else
863 {
864 cfi_command(bank, 0xd0, command);
865 LOG_DEBUG("address: 0x%4.4" PRIx32 ", command: 0x%4.4" PRIx32, flash_address(bank, i, 0x0), target_buffer_get_u32(target, command));
866 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
867 {
868 return retval;
869 }
870 bank->sectors[i].is_protected = 0;
871 }
872
873 /* instant individual block locking doesn't require reading of the status register */
874 if (!(pri_ext->feature_support & 0x20))
875 {
876 /* Clear lock bits operation may take up to 1.4s */
877 cfi_intel_wait_status_busy(bank, 1400);
878 }
879 else
880 {
881 uint8_t block_status;
882 /* read block lock bit, to verify status */
883 cfi_command(bank, 0x90, command);
884 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x55), bank->bus_width, 1, command)) != ERROR_OK)
885 {
886 return retval;
887 }
888 block_status = cfi_get_u8(bank, i, 0x2);
889
890 if ((block_status & 0x1) != set)
891 {
892 LOG_ERROR("couldn't change block lock status (set = %i, block_status = 0x%2.2x)", set, block_status);
893 cfi_command(bank, 0x70, command);
894 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x55), bank->bus_width, 1, command)) != ERROR_OK)
895 {
896 return retval;
897 }
898 cfi_intel_wait_status_busy(bank, 10);
899
900 if (retry > 10)
901 return ERROR_FLASH_OPERATION_FAILED;
902 else
903 {
904 i--;
905 retry++;
906 }
907 }
908 }
909 }
910
911 /* if the device doesn't support individual block lock bits set/clear,
912 * all blocks have been unlocked in parallel, so we set those that should be protected
913 */
914 if ((!set) && (!(pri_ext->feature_support & 0x20)))
915 {
916 for (i = 0; i < bank->num_sectors; i++)
917 {
918 if (bank->sectors[i].is_protected == 1)
919 {
920 cfi_intel_clear_status_register(bank);
921
922 cfi_command(bank, 0x60, command);
923 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
924 {
925 return retval;
926 }
927
928 cfi_command(bank, 0x01, command);
929 if ((retval = target_write_memory(target, flash_address(bank, i, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
930 {
931 return retval;
932 }
933
934 cfi_intel_wait_status_busy(bank, 100);
935 }
936 }
937 }
938
939 cfi_command(bank, 0xff, command);
940 return target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command);
941 }
942
943 static int cfi_protect(struct flash_bank_s *bank, int set, int first, int last)
944 {
945 cfi_flash_bank_t *cfi_info = bank->driver_priv;
946
947 if (bank->target->state != TARGET_HALTED)
948 {
949 LOG_ERROR("Target not halted");
950 return ERROR_TARGET_NOT_HALTED;
951 }
952
953 if ((first < 0) || (last < first) || (last >= bank->num_sectors))
954 {
955 return ERROR_FLASH_SECTOR_INVALID;
956 }
957
958 if (cfi_info->qry[0] != 'Q')
959 return ERROR_FLASH_BANK_NOT_PROBED;
960
961 switch (cfi_info->pri_id)
962 {
963 case 1:
964 case 3:
965 cfi_intel_protect(bank, set, first, last);
966 break;
967 default:
968 LOG_ERROR("protect: cfi primary command set %i unsupported", cfi_info->pri_id);
969 break;
970 }
971
972 return ERROR_OK;
973 }
974
975 /* FIXME Replace this by a simple memcpy() - still unsure about sideeffects */
976 static void cfi_add_byte(struct flash_bank_s *bank, uint8_t *word, uint8_t byte)
977 {
978 /* target_t *target = bank->target; */
979
980 int i;
981
982 /* NOTE:
983 * The data to flash must not be changed in endian! We write a bytestrem in
984 * target byte order already. Only the control and status byte lane of the flash
985 * WSM is interpreted by the CPU in different ways, when read a uint16_t or uint32_t
986 * word (data seems to be in the upper or lower byte lane for uint16_t accesses).
987 */
988
989 #if 0
990 if (target->endianness == TARGET_LITTLE_ENDIAN)
991 {
992 #endif
993 /* shift bytes */
994 for (i = 0; i < bank->bus_width - 1; i++)
995 word[i] = word[i + 1];
996 word[bank->bus_width - 1] = byte;
997 #if 0
998 }
999 else
1000 {
1001 /* shift bytes */
1002 for (i = bank->bus_width - 1; i > 0; i--)
1003 word[i] = word[i - 1];
1004 word[0] = byte;
1005 }
1006 #endif
1007 }
1008
1009 /* Convert code image to target endian */
1010 /* FIXME create general block conversion fcts in target.c?) */
1011 static void cfi_fix_code_endian(target_t *target, uint8_t *dest, const uint32_t *src, uint32_t count)
1012 {
1013 uint32_t i;
1014 for (i = 0; i< count; i++)
1015 {
1016 target_buffer_set_u32(target, dest, *src);
1017 dest += 4;
1018 src++;
1019 }
1020 }
1021
1022 static uint32_t cfi_command_val(flash_bank_t *bank, uint8_t cmd)
1023 {
1024 target_t *target = bank->target;
1025
1026 uint8_t buf[CFI_MAX_BUS_WIDTH];
1027 cfi_command(bank, cmd, buf);
1028 switch (bank->bus_width)
1029 {
1030 case 1 :
1031 return buf[0];
1032 break;
1033 case 2 :
1034 return target_buffer_get_u16(target, buf);
1035 break;
1036 case 4 :
1037 return target_buffer_get_u32(target, buf);
1038 break;
1039 default :
1040 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes", bank->bus_width);
1041 return 0;
1042 }
1043 }
1044
1045 static int cfi_intel_write_block(struct flash_bank_s *bank, uint8_t *buffer, uint32_t address, uint32_t count)
1046 {
1047 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1048 target_t *target = bank->target;
1049 reg_param_t reg_params[7];
1050 armv4_5_algorithm_t armv4_5_info;
1051 working_area_t *source;
1052 uint32_t buffer_size = 32768;
1053 uint32_t write_command_val, busy_pattern_val, error_pattern_val;
1054
1055 /* algorithm register usage:
1056 * r0: source address (in RAM)
1057 * r1: target address (in Flash)
1058 * r2: count
1059 * r3: flash write command
1060 * r4: status byte (returned to host)
1061 * r5: busy test pattern
1062 * r6: error test pattern
1063 */
1064
1065 static const uint32_t word_32_code[] = {
1066 0xe4904004, /* loop: ldr r4, [r0], #4 */
1067 0xe5813000, /* str r3, [r1] */
1068 0xe5814000, /* str r4, [r1] */
1069 0xe5914000, /* busy: ldr r4, [r1] */
1070 0xe0047005, /* and r7, r4, r5 */
1071 0xe1570005, /* cmp r7, r5 */
1072 0x1afffffb, /* bne busy */
1073 0xe1140006, /* tst r4, r6 */
1074 0x1a000003, /* bne done */
1075 0xe2522001, /* subs r2, r2, #1 */
1076 0x0a000001, /* beq done */
1077 0xe2811004, /* add r1, r1 #4 */
1078 0xeafffff2, /* b loop */
1079 0xeafffffe /* done: b -2 */
1080 };
1081
1082 static const uint32_t word_16_code[] = {
1083 0xe0d040b2, /* loop: ldrh r4, [r0], #2 */
1084 0xe1c130b0, /* strh r3, [r1] */
1085 0xe1c140b0, /* strh r4, [r1] */
1086 0xe1d140b0, /* busy ldrh r4, [r1] */
1087 0xe0047005, /* and r7, r4, r5 */
1088 0xe1570005, /* cmp r7, r5 */
1089 0x1afffffb, /* bne busy */
1090 0xe1140006, /* tst r4, r6 */
1091 0x1a000003, /* bne done */
1092 0xe2522001, /* subs r2, r2, #1 */
1093 0x0a000001, /* beq done */
1094 0xe2811002, /* add r1, r1 #2 */
1095 0xeafffff2, /* b loop */
1096 0xeafffffe /* done: b -2 */
1097 };
1098
1099 static const uint32_t word_8_code[] = {
1100 0xe4d04001, /* loop: ldrb r4, [r0], #1 */
1101 0xe5c13000, /* strb r3, [r1] */
1102 0xe5c14000, /* strb r4, [r1] */
1103 0xe5d14000, /* busy ldrb r4, [r1] */
1104 0xe0047005, /* and r7, r4, r5 */
1105 0xe1570005, /* cmp r7, r5 */
1106 0x1afffffb, /* bne busy */
1107 0xe1140006, /* tst r4, r6 */
1108 0x1a000003, /* bne done */
1109 0xe2522001, /* subs r2, r2, #1 */
1110 0x0a000001, /* beq done */
1111 0xe2811001, /* add r1, r1 #1 */
1112 0xeafffff2, /* b loop */
1113 0xeafffffe /* done: b -2 */
1114 };
1115 uint8_t target_code[4*CFI_MAX_INTEL_CODESIZE];
1116 const uint32_t *target_code_src;
1117 uint32_t target_code_size;
1118 int retval = ERROR_OK;
1119
1120
1121 cfi_intel_clear_status_register(bank);
1122
1123 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
1124 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
1125 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
1126
1127 /* If we are setting up the write_algorith, we need target_code_src */
1128 /* if not we only need target_code_size. */
1129
1130 /* However, we don't want to create multiple code paths, so we */
1131 /* do the unecessary evaluation of target_code_src, which the */
1132 /* compiler will probably nicely optimize away if not needed */
1133
1134 /* prepare algorithm code for target endian */
1135 switch (bank->bus_width)
1136 {
1137 case 1 :
1138 target_code_src = word_8_code;
1139 target_code_size = sizeof(word_8_code);
1140 break;
1141 case 2 :
1142 target_code_src = word_16_code;
1143 target_code_size = sizeof(word_16_code);
1144 break;
1145 case 4 :
1146 target_code_src = word_32_code;
1147 target_code_size = sizeof(word_32_code);
1148 break;
1149 default:
1150 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes", bank->bus_width);
1151 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1152 }
1153
1154 /* flash write code */
1155 if (!cfi_info->write_algorithm)
1156 {
1157 if (target_code_size > sizeof(target_code))
1158 {
1159 LOG_WARNING("Internal error - target code buffer to small. Increase CFI_MAX_INTEL_CODESIZE and recompile.");
1160 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1161 }
1162 cfi_fix_code_endian(target, target_code, target_code_src, target_code_size / 4);
1163
1164 /* Get memory for block write handler */
1165 retval = target_alloc_working_area(target, target_code_size, &cfi_info->write_algorithm);
1166 if (retval != ERROR_OK)
1167 {
1168 LOG_WARNING("No working area available, can't do block memory writes");
1169 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1170 };
1171
1172 /* write algorithm code to working area */
1173 retval = target_write_buffer(target, cfi_info->write_algorithm->address, target_code_size, target_code);
1174 if (retval != ERROR_OK)
1175 {
1176 LOG_ERROR("Unable to write block write code to target");
1177 goto cleanup;
1178 }
1179 }
1180
1181 /* Get a workspace buffer for the data to flash starting with 32k size.
1182 Half size until buffer would be smaller 256 Bytem then fail back */
1183 /* FIXME Why 256 bytes, why not 32 bytes (smallest flash write page */
1184 while (target_alloc_working_area(target, buffer_size, &source) != ERROR_OK)
1185 {
1186 buffer_size /= 2;
1187 if (buffer_size <= 256)
1188 {
1189 LOG_WARNING("no large enough working area available, can't do block memory writes");
1190 retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1191 goto cleanup;
1192 }
1193 };
1194
1195 /* setup algo registers */
1196 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
1197 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
1198 init_reg_param(&reg_params[2], "r2", 32, PARAM_OUT);
1199 init_reg_param(&reg_params[3], "r3", 32, PARAM_OUT);
1200 init_reg_param(&reg_params[4], "r4", 32, PARAM_IN);
1201 init_reg_param(&reg_params[5], "r5", 32, PARAM_OUT);
1202 init_reg_param(&reg_params[6], "r6", 32, PARAM_OUT);
1203
1204 /* prepare command and status register patterns */
1205 write_command_val = cfi_command_val(bank, 0x40);
1206 busy_pattern_val = cfi_command_val(bank, 0x80);
1207 error_pattern_val = cfi_command_val(bank, 0x7e);
1208
1209 LOG_INFO("Using target buffer at 0x%08" PRIx32 " and of size 0x%04" PRIx32, source->address, buffer_size);
1210
1211 /* Programming main loop */
1212 while (count > 0)
1213 {
1214 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1215 uint32_t wsm_error;
1216
1217 if ((retval = target_write_buffer(target, source->address, thisrun_count, buffer)) != ERROR_OK)
1218 {
1219 goto cleanup;
1220 }
1221
1222 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1223 buf_set_u32(reg_params[1].value, 0, 32, address);
1224 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1225
1226 buf_set_u32(reg_params[3].value, 0, 32, write_command_val);
1227 buf_set_u32(reg_params[5].value, 0, 32, busy_pattern_val);
1228 buf_set_u32(reg_params[6].value, 0, 32, error_pattern_val);
1229
1230 LOG_INFO("Write 0x%04" PRIx32 " bytes to flash at 0x%08" PRIx32 , thisrun_count, address);
1231
1232 /* Execute algorithm, assume breakpoint for last instruction */
1233 retval = target_run_algorithm(target, 0, NULL, 7, reg_params,
1234 cfi_info->write_algorithm->address,
1235 cfi_info->write_algorithm->address + target_code_size - sizeof(uint32_t),
1236 10000, /* 10s should be enough for max. 32k of data */
1237 &armv4_5_info);
1238
1239 /* On failure try a fall back to direct word writes */
1240 if (retval != ERROR_OK)
1241 {
1242 cfi_intel_clear_status_register(bank);
1243 LOG_ERROR("Execution of flash algorythm failed. Can't fall back. Please report.");
1244 retval = ERROR_FLASH_OPERATION_FAILED;
1245 /* retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE; */
1246 /* FIXME To allow fall back or recovery, we must save the actual status
1247 somewhere, so that a higher level code can start recovery. */
1248 goto cleanup;
1249 }
1250
1251 /* Check return value from algo code */
1252 wsm_error = buf_get_u32(reg_params[4].value, 0, 32) & error_pattern_val;
1253 if (wsm_error)
1254 {
1255 /* read status register (outputs debug inforation) */
1256 cfi_intel_wait_status_busy(bank, 100);
1257 cfi_intel_clear_status_register(bank);
1258 retval = ERROR_FLASH_OPERATION_FAILED;
1259 goto cleanup;
1260 }
1261
1262 buffer += thisrun_count;
1263 address += thisrun_count;
1264 count -= thisrun_count;
1265 }
1266
1267 /* free up resources */
1268 cleanup:
1269 if (source)
1270 target_free_working_area(target, source);
1271
1272 if (cfi_info->write_algorithm)
1273 {
1274 target_free_working_area(target, cfi_info->write_algorithm);
1275 cfi_info->write_algorithm = NULL;
1276 }
1277
1278 destroy_reg_param(&reg_params[0]);
1279 destroy_reg_param(&reg_params[1]);
1280 destroy_reg_param(&reg_params[2]);
1281 destroy_reg_param(&reg_params[3]);
1282 destroy_reg_param(&reg_params[4]);
1283 destroy_reg_param(&reg_params[5]);
1284 destroy_reg_param(&reg_params[6]);
1285
1286 return retval;
1287 }
1288
1289 static int cfi_spansion_write_block(struct flash_bank_s *bank, uint8_t *buffer, uint32_t address, uint32_t count)
1290 {
1291 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1292 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
1293 target_t *target = bank->target;
1294 reg_param_t reg_params[10];
1295 armv4_5_algorithm_t armv4_5_info;
1296 working_area_t *source;
1297 uint32_t buffer_size = 32768;
1298 uint32_t status;
1299 int retval, retvaltemp;
1300 int exit_code = ERROR_OK;
1301
1302 /* input parameters - */
1303 /* R0 = source address */
1304 /* R1 = destination address */
1305 /* R2 = number of writes */
1306 /* R3 = flash write command */
1307 /* R4 = constant to mask DQ7 bits (also used for Dq5 with shift) */
1308 /* output parameters - */
1309 /* R5 = 0x80 ok 0x00 bad */
1310 /* temp registers - */
1311 /* R6 = value read from flash to test status */
1312 /* R7 = holding register */
1313 /* unlock registers - */
1314 /* R8 = unlock1_addr */
1315 /* R9 = unlock1_cmd */
1316 /* R10 = unlock2_addr */
1317 /* R11 = unlock2_cmd */
1318
1319 static const uint32_t word_32_code[] = {
1320 /* 00008100 <sp_32_code>: */
1321 0xe4905004, /* ldr r5, [r0], #4 */
1322 0xe5889000, /* str r9, [r8] */
1323 0xe58ab000, /* str r11, [r10] */
1324 0xe5883000, /* str r3, [r8] */
1325 0xe5815000, /* str r5, [r1] */
1326 0xe1a00000, /* nop */
1327 /* */
1328 /* 00008110 <sp_32_busy>: */
1329 0xe5916000, /* ldr r6, [r1] */
1330 0xe0257006, /* eor r7, r5, r6 */
1331 0xe0147007, /* ands r7, r4, r7 */
1332 0x0a000007, /* beq 8140 <sp_32_cont> ; b if DQ7 == Data7 */
1333 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1334 0x0afffff9, /* beq 8110 <sp_32_busy> ; b if DQ5 low */
1335 0xe5916000, /* ldr r6, [r1] */
1336 0xe0257006, /* eor r7, r5, r6 */
1337 0xe0147007, /* ands r7, r4, r7 */
1338 0x0a000001, /* beq 8140 <sp_32_cont> ; b if DQ7 == Data7 */
1339 0xe3a05000, /* mov r5, #0 ; 0x0 - return 0x00, error */
1340 0x1a000004, /* bne 8154 <sp_32_done> */
1341 /* */
1342 /* 00008140 <sp_32_cont>: */
1343 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1344 0x03a05080, /* moveq r5, #128 ; 0x80 */
1345 0x0a000001, /* beq 8154 <sp_32_done> */
1346 0xe2811004, /* add r1, r1, #4 ; 0x4 */
1347 0xeaffffe8, /* b 8100 <sp_32_code> */
1348 /* */
1349 /* 00008154 <sp_32_done>: */
1350 0xeafffffe /* b 8154 <sp_32_done> */
1351 };
1352
1353 static const uint32_t word_16_code[] = {
1354 /* 00008158 <sp_16_code>: */
1355 0xe0d050b2, /* ldrh r5, [r0], #2 */
1356 0xe1c890b0, /* strh r9, [r8] */
1357 0xe1cab0b0, /* strh r11, [r10] */
1358 0xe1c830b0, /* strh r3, [r8] */
1359 0xe1c150b0, /* strh r5, [r1] */
1360 0xe1a00000, /* nop (mov r0,r0) */
1361 /* */
1362 /* 00008168 <sp_16_busy>: */
1363 0xe1d160b0, /* ldrh r6, [r1] */
1364 0xe0257006, /* eor r7, r5, r6 */
1365 0xe0147007, /* ands r7, r4, r7 */
1366 0x0a000007, /* beq 8198 <sp_16_cont> */
1367 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1368 0x0afffff9, /* beq 8168 <sp_16_busy> */
1369 0xe1d160b0, /* ldrh r6, [r1] */
1370 0xe0257006, /* eor r7, r5, r6 */
1371 0xe0147007, /* ands r7, r4, r7 */
1372 0x0a000001, /* beq 8198 <sp_16_cont> */
1373 0xe3a05000, /* mov r5, #0 ; 0x0 */
1374 0x1a000004, /* bne 81ac <sp_16_done> */
1375 /* */
1376 /* 00008198 <sp_16_cont>: */
1377 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1378 0x03a05080, /* moveq r5, #128 ; 0x80 */
1379 0x0a000001, /* beq 81ac <sp_16_done> */
1380 0xe2811002, /* add r1, r1, #2 ; 0x2 */
1381 0xeaffffe8, /* b 8158 <sp_16_code> */
1382 /* */
1383 /* 000081ac <sp_16_done>: */
1384 0xeafffffe /* b 81ac <sp_16_done> */
1385 };
1386
1387 static const uint32_t word_16_code_dq7only[] = {
1388 /* <sp_16_code>: */
1389 0xe0d050b2, /* ldrh r5, [r0], #2 */
1390 0xe1c890b0, /* strh r9, [r8] */
1391 0xe1cab0b0, /* strh r11, [r10] */
1392 0xe1c830b0, /* strh r3, [r8] */
1393 0xe1c150b0, /* strh r5, [r1] */
1394 0xe1a00000, /* nop (mov r0,r0) */
1395 /* */
1396 /* <sp_16_busy>: */
1397 0xe1d160b0, /* ldrh r6, [r1] */
1398 0xe0257006, /* eor r7, r5, r6 */
1399 0xe2177080, /* ands r7, #0x80 */
1400 0x1afffffb, /* bne 8168 <sp_16_busy> */
1401 /* */
1402 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1403 0x03a05080, /* moveq r5, #128 ; 0x80 */
1404 0x0a000001, /* beq 81ac <sp_16_done> */
1405 0xe2811002, /* add r1, r1, #2 ; 0x2 */
1406 0xeafffff0, /* b 8158 <sp_16_code> */
1407 /* */
1408 /* 000081ac <sp_16_done>: */
1409 0xeafffffe /* b 81ac <sp_16_done> */
1410 };
1411
1412 static const uint32_t word_8_code[] = {
1413 /* 000081b0 <sp_16_code_end>: */
1414 0xe4d05001, /* ldrb r5, [r0], #1 */
1415 0xe5c89000, /* strb r9, [r8] */
1416 0xe5cab000, /* strb r11, [r10] */
1417 0xe5c83000, /* strb r3, [r8] */
1418 0xe5c15000, /* strb r5, [r1] */
1419 0xe1a00000, /* nop (mov r0,r0) */
1420 /* */
1421 /* 000081c0 <sp_8_busy>: */
1422 0xe5d16000, /* ldrb r6, [r1] */
1423 0xe0257006, /* eor r7, r5, r6 */
1424 0xe0147007, /* ands r7, r4, r7 */
1425 0x0a000007, /* beq 81f0 <sp_8_cont> */
1426 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1427 0x0afffff9, /* beq 81c0 <sp_8_busy> */
1428 0xe5d16000, /* ldrb r6, [r1] */
1429 0xe0257006, /* eor r7, r5, r6 */
1430 0xe0147007, /* ands r7, r4, r7 */
1431 0x0a000001, /* beq 81f0 <sp_8_cont> */
1432 0xe3a05000, /* mov r5, #0 ; 0x0 */
1433 0x1a000004, /* bne 8204 <sp_8_done> */
1434 /* */
1435 /* 000081f0 <sp_8_cont>: */
1436 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1437 0x03a05080, /* moveq r5, #128 ; 0x80 */
1438 0x0a000001, /* beq 8204 <sp_8_done> */
1439 0xe2811001, /* add r1, r1, #1 ; 0x1 */
1440 0xeaffffe8, /* b 81b0 <sp_16_code_end> */
1441 /* */
1442 /* 00008204 <sp_8_done>: */
1443 0xeafffffe /* b 8204 <sp_8_done> */
1444 };
1445
1446 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
1447 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
1448 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
1449
1450 int target_code_size;
1451 const uint32_t *target_code_src;
1452
1453 switch (bank->bus_width)
1454 {
1455 case 1 :
1456 target_code_src = word_8_code;
1457 target_code_size = sizeof(word_8_code);
1458 break;
1459 case 2 :
1460 /* Check for DQ5 support */
1461 if( cfi_info->status_poll_mask & (1 << 5) )
1462 {
1463 target_code_src = word_16_code;
1464 target_code_size = sizeof(word_16_code);
1465 }
1466 else
1467 {
1468 /* No DQ5 support. Use DQ7 DATA# polling only. */
1469 target_code_src = word_16_code_dq7only;
1470 target_code_size = sizeof(word_16_code_dq7only);
1471 }
1472 break;
1473 case 4 :
1474 target_code_src = word_32_code;
1475 target_code_size = sizeof(word_32_code);
1476 break;
1477 default:
1478 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes", bank->bus_width);
1479 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1480 }
1481
1482 /* flash write code */
1483 if (!cfi_info->write_algorithm)
1484 {
1485 uint8_t *target_code;
1486
1487 /* convert bus-width dependent algorithm code to correct endiannes */
1488 target_code = malloc(target_code_size);
1489 cfi_fix_code_endian(target, target_code, target_code_src, target_code_size / 4);
1490
1491 /* allocate working area */
1492 retval = target_alloc_working_area(target, target_code_size,
1493 &cfi_info->write_algorithm);
1494 if (retval != ERROR_OK)
1495 {
1496 free(target_code);
1497 return retval;
1498 }
1499
1500 /* write algorithm code to working area */
1501 if ((retval = target_write_buffer(target, cfi_info->write_algorithm->address,
1502 target_code_size, target_code)) != ERROR_OK)
1503 {
1504 free(target_code);
1505 return retval;
1506 }
1507
1508 free(target_code);
1509 }
1510 /* the following code still assumes target code is fixed 24*4 bytes */
1511
1512 while (target_alloc_working_area(target, buffer_size, &source) != ERROR_OK)
1513 {
1514 buffer_size /= 2;
1515 if (buffer_size <= 256)
1516 {
1517 /* if we already allocated the writing code, but failed to get a buffer, free the algorithm */
1518 if (cfi_info->write_algorithm)
1519 target_free_working_area(target, cfi_info->write_algorithm);
1520
1521 LOG_WARNING("not enough working area available, can't do block memory writes");
1522 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1523 }
1524 };
1525
1526 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
1527 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
1528 init_reg_param(&reg_params[2], "r2", 32, PARAM_OUT);
1529 init_reg_param(&reg_params[3], "r3", 32, PARAM_OUT);
1530 init_reg_param(&reg_params[4], "r4", 32, PARAM_OUT);
1531 init_reg_param(&reg_params[5], "r5", 32, PARAM_IN);
1532 init_reg_param(&reg_params[6], "r8", 32, PARAM_OUT);
1533 init_reg_param(&reg_params[7], "r9", 32, PARAM_OUT);
1534 init_reg_param(&reg_params[8], "r10", 32, PARAM_OUT);
1535 init_reg_param(&reg_params[9], "r11", 32, PARAM_OUT);
1536
1537 while (count > 0)
1538 {
1539 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1540
1541 retvaltemp = target_write_buffer(target, source->address, thisrun_count, buffer);
1542
1543 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1544 buf_set_u32(reg_params[1].value, 0, 32, address);
1545 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1546 buf_set_u32(reg_params[3].value, 0, 32, cfi_command_val(bank, 0xA0));
1547 buf_set_u32(reg_params[4].value, 0, 32, cfi_command_val(bank, 0x80));
1548 buf_set_u32(reg_params[6].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock1));
1549 buf_set_u32(reg_params[7].value, 0, 32, 0xaaaaaaaa);
1550 buf_set_u32(reg_params[8].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock2));
1551 buf_set_u32(reg_params[9].value, 0, 32, 0x55555555);
1552
1553 retval = target_run_algorithm(target, 0, NULL, 10, reg_params,
1554 cfi_info->write_algorithm->address,
1555 cfi_info->write_algorithm->address + ((target_code_size) - 4),
1556 10000, &armv4_5_info);
1557
1558 status = buf_get_u32(reg_params[5].value, 0, 32);
1559
1560 if ((retval != ERROR_OK) || (retvaltemp != ERROR_OK) || status != 0x80)
1561 {
1562 LOG_DEBUG("status: 0x%" PRIx32 , status);
1563 exit_code = ERROR_FLASH_OPERATION_FAILED;
1564 break;
1565 }
1566
1567 buffer += thisrun_count;
1568 address += thisrun_count;
1569 count -= thisrun_count;
1570 }
1571
1572 target_free_all_working_areas(target);
1573
1574 destroy_reg_param(&reg_params[0]);
1575 destroy_reg_param(&reg_params[1]);
1576 destroy_reg_param(&reg_params[2]);
1577 destroy_reg_param(&reg_params[3]);
1578 destroy_reg_param(&reg_params[4]);
1579 destroy_reg_param(&reg_params[5]);
1580 destroy_reg_param(&reg_params[6]);
1581 destroy_reg_param(&reg_params[7]);
1582 destroy_reg_param(&reg_params[8]);
1583 destroy_reg_param(&reg_params[9]);
1584
1585 return exit_code;
1586 }
1587
1588 static int cfi_intel_write_word(struct flash_bank_s *bank, uint8_t *word, uint32_t address)
1589 {
1590 int retval;
1591 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1592 target_t *target = bank->target;
1593 uint8_t command[8];
1594
1595 cfi_intel_clear_status_register(bank);
1596 cfi_command(bank, 0x40, command);
1597 if ((retval = target_write_memory(target, address, bank->bus_width, 1, command)) != ERROR_OK)
1598 {
1599 return retval;
1600 }
1601
1602 if ((retval = target_write_memory(target, address, bank->bus_width, 1, word)) != ERROR_OK)
1603 {
1604 return retval;
1605 }
1606
1607 if (cfi_intel_wait_status_busy(bank, 1000 * (1 << cfi_info->word_write_timeout_max)) != 0x80)
1608 {
1609 cfi_command(bank, 0xff, command);
1610 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
1611 {
1612 return retval;
1613 }
1614
1615 LOG_ERROR("couldn't write word at base 0x%" PRIx32 ", address %" PRIx32 , bank->base, address);
1616 return ERROR_FLASH_OPERATION_FAILED;
1617 }
1618
1619 return ERROR_OK;
1620 }
1621
1622 static int cfi_intel_write_words(struct flash_bank_s *bank, uint8_t *word, uint32_t wordcount, uint32_t address)
1623 {
1624 int retval;
1625 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1626 target_t *target = bank->target;
1627 uint8_t command[8];
1628
1629 /* Calculate buffer size and boundary mask */
1630 uint32_t buffersize = (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
1631 uint32_t buffermask = buffersize-1;
1632 uint32_t bufferwsize;
1633
1634 /* Check for valid range */
1635 if (address & buffermask)
1636 {
1637 LOG_ERROR("Write address at base 0x%" PRIx32 ", address %" PRIx32 " not aligned to 2^%d boundary",
1638 bank->base, address, cfi_info->max_buf_write_size);
1639 return ERROR_FLASH_OPERATION_FAILED;
1640 }
1641 switch (bank->chip_width)
1642 {
1643 case 4 : bufferwsize = buffersize / 4; break;
1644 case 2 : bufferwsize = buffersize / 2; break;
1645 case 1 : bufferwsize = buffersize; break;
1646 default:
1647 LOG_ERROR("Unsupported chip width %d", bank->chip_width);
1648 return ERROR_FLASH_OPERATION_FAILED;
1649 }
1650
1651 bufferwsize/=(bank->bus_width / bank->chip_width);
1652
1653
1654 /* Check for valid size */
1655 if (wordcount > bufferwsize)
1656 {
1657 LOG_ERROR("Number of data words %" PRId32 " exceeds available buffersize %" PRId32 , wordcount, buffersize);
1658 return ERROR_FLASH_OPERATION_FAILED;
1659 }
1660
1661 /* Write to flash buffer */
1662 cfi_intel_clear_status_register(bank);
1663
1664 /* Initiate buffer operation _*/
1665 cfi_command(bank, 0xE8, command);
1666 if ((retval = target_write_memory(target, address, bank->bus_width, 1, command)) != ERROR_OK)
1667 {
1668 return retval;
1669 }
1670 if (cfi_intel_wait_status_busy(bank, 1000 * (1 << cfi_info->buf_write_timeout_max)) != 0x80)
1671 {
1672 cfi_command(bank, 0xff, command);
1673 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
1674 {
1675 return retval;
1676 }
1677
1678 LOG_ERROR("couldn't start buffer write operation at base 0x%" PRIx32 ", address %" PRIx32 , bank->base, address);
1679 return ERROR_FLASH_OPERATION_FAILED;
1680 }
1681
1682 /* Write buffer wordcount-1 and data words */
1683 cfi_command(bank, bufferwsize-1, command);
1684 if ((retval = target_write_memory(target, address, bank->bus_width, 1, command)) != ERROR_OK)
1685 {
1686 return retval;
1687 }
1688
1689 if ((retval = target_write_memory(target, address, bank->bus_width, bufferwsize, word)) != ERROR_OK)
1690 {
1691 return retval;
1692 }
1693
1694 /* Commit write operation */
1695 cfi_command(bank, 0xd0, command);
1696 if ((retval = target_write_memory(target, address, bank->bus_width, 1, command)) != ERROR_OK)
1697 {
1698 return retval;
1699 }
1700 if (cfi_intel_wait_status_busy(bank, 1000 * (1 << cfi_info->buf_write_timeout_max)) != 0x80)
1701 {
1702 cfi_command(bank, 0xff, command);
1703 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
1704 {
1705 return retval;
1706 }
1707
1708 LOG_ERROR("Buffer write at base 0x%" PRIx32 ", address %" PRIx32 " failed.", bank->base, address);
1709 return ERROR_FLASH_OPERATION_FAILED;
1710 }
1711
1712 return ERROR_OK;
1713 }
1714
1715 static int cfi_spansion_write_word(struct flash_bank_s *bank, uint8_t *word, uint32_t address)
1716 {
1717 int retval;
1718 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1719 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
1720 target_t *target = bank->target;
1721 uint8_t command[8];
1722
1723 cfi_command(bank, 0xaa, command);
1724 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
1725 {
1726 return retval;
1727 }
1728
1729 cfi_command(bank, 0x55, command);
1730 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock2), bank->bus_width, 1, command)) != ERROR_OK)
1731 {
1732 return retval;
1733 }
1734
1735 cfi_command(bank, 0xa0, command);
1736 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
1737 {
1738 return retval;
1739 }
1740
1741 if ((retval = target_write_memory(target, address, bank->bus_width, 1, word)) != ERROR_OK)
1742 {
1743 return retval;
1744 }
1745
1746 if (cfi_spansion_wait_status_busy(bank, 1000 * (1 << cfi_info->word_write_timeout_max)) != ERROR_OK)
1747 {
1748 cfi_command(bank, 0xf0, command);
1749 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
1750 {
1751 return retval;
1752 }
1753
1754 LOG_ERROR("couldn't write word at base 0x%" PRIx32 ", address %" PRIx32 , bank->base, address);
1755 return ERROR_FLASH_OPERATION_FAILED;
1756 }
1757
1758 return ERROR_OK;
1759 }
1760
1761 static int cfi_spansion_write_words(struct flash_bank_s *bank, uint8_t *word, uint32_t wordcount, uint32_t address)
1762 {
1763 int retval;
1764 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1765 target_t *target = bank->target;
1766 uint8_t command[8];
1767 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
1768
1769 /* Calculate buffer size and boundary mask */
1770 uint32_t buffersize = (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
1771 uint32_t buffermask = buffersize-1;
1772 uint32_t bufferwsize;
1773
1774 /* Check for valid range */
1775 if (address & buffermask)
1776 {
1777 LOG_ERROR("Write address at base 0x%" PRIx32 ", address %" PRIx32 " not aligned to 2^%d boundary", bank->base, address, cfi_info->max_buf_write_size);
1778 return ERROR_FLASH_OPERATION_FAILED;
1779 }
1780 switch (bank->chip_width)
1781 {
1782 case 4 : bufferwsize = buffersize / 4; break;
1783 case 2 : bufferwsize = buffersize / 2; break;
1784 case 1 : bufferwsize = buffersize; break;
1785 default:
1786 LOG_ERROR("Unsupported chip width %d", bank->chip_width);
1787 return ERROR_FLASH_OPERATION_FAILED;
1788 }
1789
1790 bufferwsize/=(bank->bus_width / bank->chip_width);
1791
1792 /* Check for valid size */
1793 if (wordcount > bufferwsize)
1794 {
1795 LOG_ERROR("Number of data words %" PRId32 " exceeds available buffersize %" PRId32, wordcount, buffersize);
1796 return ERROR_FLASH_OPERATION_FAILED;
1797 }
1798
1799 // Unlock
1800 cfi_command(bank, 0xaa, command);
1801 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
1802 {
1803 return retval;
1804 }
1805
1806 cfi_command(bank, 0x55, command);
1807 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock2), bank->bus_width, 1, command)) != ERROR_OK)
1808 {
1809 return retval;
1810 }
1811
1812 // Buffer load command
1813 cfi_command(bank, 0x25, command);
1814 if ((retval = target_write_memory(target, address, bank->bus_width, 1, command)) != ERROR_OK)
1815 {
1816 return retval;
1817 }
1818
1819 /* Write buffer wordcount-1 and data words */
1820 cfi_command(bank, bufferwsize-1, command);
1821 if ((retval = target_write_memory(target, address, bank->bus_width, 1, command)) != ERROR_OK)
1822 {
1823 return retval;
1824 }
1825
1826 if ((retval = target_write_memory(target, address, bank->bus_width, bufferwsize, word)) != ERROR_OK)
1827 {
1828 return retval;
1829 }
1830
1831 /* Commit write operation */
1832 cfi_command(bank, 0x29, command);
1833 if ((retval = target_write_memory(target, address, bank->bus_width, 1, command)) != ERROR_OK)
1834 {
1835 return retval;
1836 }
1837
1838 if (cfi_spansion_wait_status_busy(bank, 1000 * (1 << cfi_info->word_write_timeout_max)) != ERROR_OK)
1839 {
1840 cfi_command(bank, 0xf0, command);
1841 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
1842 {
1843 return retval;
1844 }
1845
1846 LOG_ERROR("couldn't write block at base 0x%" PRIx32 ", address %" PRIx32 ", size %" PRIx32 , bank->base, address, bufferwsize);
1847 return ERROR_FLASH_OPERATION_FAILED;
1848 }
1849
1850 return ERROR_OK;
1851 }
1852
1853 static int cfi_write_word(struct flash_bank_s *bank, uint8_t *word, uint32_t address)
1854 {
1855 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1856
1857 switch (cfi_info->pri_id)
1858 {
1859 case 1:
1860 case 3:
1861 return cfi_intel_write_word(bank, word, address);
1862 break;
1863 case 2:
1864 return cfi_spansion_write_word(bank, word, address);
1865 break;
1866 default:
1867 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
1868 break;
1869 }
1870
1871 return ERROR_FLASH_OPERATION_FAILED;
1872 }
1873
1874 static int cfi_write_words(struct flash_bank_s *bank, uint8_t *word, uint32_t wordcount, uint32_t address)
1875 {
1876 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1877
1878 switch (cfi_info->pri_id)
1879 {
1880 case 1:
1881 case 3:
1882 return cfi_intel_write_words(bank, word, wordcount, address);
1883 break;
1884 case 2:
1885 return cfi_spansion_write_words(bank, word, wordcount, address);
1886 break;
1887 default:
1888 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
1889 break;
1890 }
1891
1892 return ERROR_FLASH_OPERATION_FAILED;
1893 }
1894
1895 int cfi_write(struct flash_bank_s *bank, uint8_t *buffer, uint32_t offset, uint32_t count)
1896 {
1897 cfi_flash_bank_t *cfi_info = bank->driver_priv;
1898 target_t *target = bank->target;
1899 uint32_t address = bank->base + offset; /* address of first byte to be programmed */
1900 uint32_t write_p, copy_p;
1901 int align; /* number of unaligned bytes */
1902 int blk_count; /* number of bus_width bytes for block copy */
1903 uint8_t current_word[CFI_MAX_BUS_WIDTH * 4]; /* word (bus_width size) currently being programmed */
1904 int i;
1905 int retval;
1906
1907 if (bank->target->state != TARGET_HALTED)
1908 {
1909 LOG_ERROR("Target not halted");
1910 return ERROR_TARGET_NOT_HALTED;
1911 }
1912
1913 if (offset + count > bank->size)
1914 return ERROR_FLASH_DST_OUT_OF_BANK;
1915
1916 if (cfi_info->qry[0] != 'Q')
1917 return ERROR_FLASH_BANK_NOT_PROBED;
1918
1919 /* start at the first byte of the first word (bus_width size) */
1920 write_p = address & ~(bank->bus_width - 1);
1921 if ((align = address - write_p) != 0)
1922 {
1923 LOG_INFO("Fixup %d unaligned head bytes", align);
1924
1925 for (i = 0; i < bank->bus_width; i++)
1926 current_word[i] = 0;
1927 copy_p = write_p;
1928
1929 /* copy bytes before the first write address */
1930 for (i = 0; i < align; ++i, ++copy_p)
1931 {
1932 uint8_t byte;
1933 if ((retval = target_read_memory(target, copy_p, 1, 1, &byte)) != ERROR_OK)
1934 {
1935 return retval;
1936 }
1937 cfi_add_byte(bank, current_word, byte);
1938 }
1939
1940 /* add bytes from the buffer */
1941 for (; (i < bank->bus_width) && (count > 0); i++)
1942 {
1943 cfi_add_byte(bank, current_word, *buffer++);
1944 count--;
1945 copy_p++;
1946 }
1947
1948 /* if the buffer is already finished, copy bytes after the last write address */
1949 for (; (count == 0) && (i < bank->bus_width); ++i, ++copy_p)
1950 {
1951 uint8_t byte;
1952 if ((retval = target_read_memory(target, copy_p, 1, 1, &byte)) != ERROR_OK)
1953 {
1954 return retval;
1955 }
1956 cfi_add_byte(bank, current_word, byte);
1957 }
1958
1959 retval = cfi_write_word(bank, current_word, write_p);
1960 if (retval != ERROR_OK)
1961 return retval;
1962 write_p = copy_p;
1963 }
1964
1965 /* handle blocks of bus_size aligned bytes */
1966 blk_count = count & ~(bank->bus_width - 1); /* round down, leave tail bytes */
1967 switch (cfi_info->pri_id)
1968 {
1969 /* try block writes (fails without working area) */
1970 case 1:
1971 case 3:
1972 retval = cfi_intel_write_block(bank, buffer, write_p, blk_count);
1973 break;
1974 case 2:
1975 retval = cfi_spansion_write_block(bank, buffer, write_p, blk_count);
1976 break;
1977 default:
1978 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
1979 retval = ERROR_FLASH_OPERATION_FAILED;
1980 break;
1981 }
1982 if (retval == ERROR_OK)
1983 {
1984 /* Increment pointers and decrease count on succesful block write */
1985 buffer += blk_count;
1986 write_p += blk_count;
1987 count -= blk_count;
1988 }
1989 else
1990 {
1991 if (retval == ERROR_TARGET_RESOURCE_NOT_AVAILABLE)
1992 {
1993 //adjust buffersize for chip width
1994 uint32_t buffersize = (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
1995 uint32_t buffermask = buffersize-1;
1996 uint32_t bufferwsize;
1997
1998 switch (bank->chip_width)
1999 {
2000 case 4 : bufferwsize = buffersize / 4; break;
2001 case 2 : bufferwsize = buffersize / 2; break;
2002 case 1 : bufferwsize = buffersize; break;
2003 default:
2004 LOG_ERROR("Unsupported chip width %d", bank->chip_width);
2005 return ERROR_FLASH_OPERATION_FAILED;
2006 }
2007
2008 bufferwsize/=(bank->bus_width / bank->chip_width);
2009
2010 /* fall back to memory writes */
2011 while (count >= (uint32_t)bank->bus_width)
2012 {
2013 int fallback;
2014 if ((write_p & 0xff) == 0)
2015 {
2016 LOG_INFO("Programming at %08" PRIx32 ", count %08" PRIx32 " bytes remaining", write_p, count);
2017 }
2018 fallback = 1;
2019 if ((bufferwsize > 0) && (count >= buffersize) && !(write_p & buffermask))
2020 {
2021 retval = cfi_write_words(bank, buffer, bufferwsize, write_p);
2022 if (retval == ERROR_OK)
2023 {
2024 buffer += buffersize;
2025 write_p += buffersize;
2026 count -= buffersize;
2027 fallback = 0;
2028 }
2029 }
2030 /* try the slow way? */
2031 if (fallback)
2032 {
2033 for (i = 0; i < bank->bus_width; i++)
2034 current_word[i] = 0;
2035
2036 for (i = 0; i < bank->bus_width; i++)
2037 {
2038 cfi_add_byte(bank, current_word, *buffer++);
2039 }
2040
2041 retval = cfi_write_word(bank, current_word, write_p);
2042 if (retval != ERROR_OK)
2043 return retval;
2044
2045 write_p += bank->bus_width;
2046 count -= bank->bus_width;
2047 }
2048 }
2049 }
2050 else
2051 return retval;
2052 }
2053
2054 /* return to read array mode, so we can read from flash again for padding */
2055 cfi_command(bank, 0xf0, current_word);
2056 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, current_word)) != ERROR_OK)
2057 {
2058 return retval;
2059 }
2060 cfi_command(bank, 0xff, current_word);
2061 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, current_word)) != ERROR_OK)
2062 {
2063 return retval;
2064 }
2065
2066 /* handle unaligned tail bytes */
2067 if (count > 0)
2068 {
2069 LOG_INFO("Fixup %" PRId32 " unaligned tail bytes", count);
2070
2071 copy_p = write_p;
2072 for (i = 0; i < bank->bus_width; i++)
2073 current_word[i] = 0;
2074
2075 for (i = 0; (i < bank->bus_width) && (count > 0); ++i, ++copy_p)
2076 {
2077 cfi_add_byte(bank, current_word, *buffer++);
2078 count--;
2079 }
2080 for (; i < bank->bus_width; ++i, ++copy_p)
2081 {
2082 uint8_t byte;
2083 if ((retval = target_read_memory(target, copy_p, 1, 1, &byte)) != ERROR_OK)
2084 {
2085 return retval;
2086 }
2087 cfi_add_byte(bank, current_word, byte);
2088 }
2089 retval = cfi_write_word(bank, current_word, write_p);
2090 if (retval != ERROR_OK)
2091 return retval;
2092 }
2093
2094 /* return to read array mode */
2095 cfi_command(bank, 0xf0, current_word);
2096 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, current_word)) != ERROR_OK)
2097 {
2098 return retval;
2099 }
2100 cfi_command(bank, 0xff, current_word);
2101 return target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, current_word);
2102 }
2103
2104 static void cfi_fixup_atmel_reversed_erase_regions(flash_bank_t *bank, void *param)
2105 {
2106 (void) param;
2107 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2108 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
2109
2110 pri_ext->_reversed_geometry = 1;
2111 }
2112
2113 static void cfi_fixup_0002_erase_regions(flash_bank_t *bank, void *param)
2114 {
2115 int i;
2116 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2117 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
2118 (void) param;
2119
2120 if ((pri_ext->_reversed_geometry) || (pri_ext->TopBottom == 3))
2121 {
2122 LOG_DEBUG("swapping reversed erase region information on cmdset 0002 device");
2123
2124 for (i = 0; i < cfi_info->num_erase_regions / 2; i++)
2125 {
2126 int j = (cfi_info->num_erase_regions - 1) - i;
2127 uint32_t swap;
2128
2129 swap = cfi_info->erase_region_info[i];
2130 cfi_info->erase_region_info[i] = cfi_info->erase_region_info[j];
2131 cfi_info->erase_region_info[j] = swap;
2132 }
2133 }
2134 }
2135
2136 static void cfi_fixup_0002_unlock_addresses(flash_bank_t *bank, void *param)
2137 {
2138 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2139 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
2140 cfi_unlock_addresses_t *unlock_addresses = param;
2141
2142 pri_ext->_unlock1 = unlock_addresses->unlock1;
2143 pri_ext->_unlock2 = unlock_addresses->unlock2;
2144 }
2145
2146 static int cfi_probe(struct flash_bank_s *bank)
2147 {
2148 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2149 target_t *target = bank->target;
2150 uint8_t command[8];
2151 int num_sectors = 0;
2152 int i;
2153 int sector = 0;
2154 uint32_t unlock1 = 0x555;
2155 uint32_t unlock2 = 0x2aa;
2156 int retval;
2157
2158 if (bank->target->state != TARGET_HALTED)
2159 {
2160 LOG_ERROR("Target not halted");
2161 return ERROR_TARGET_NOT_HALTED;
2162 }
2163
2164 cfi_info->probed = 0;
2165
2166 /* JEDEC standard JESD21C uses 0x5555 and 0x2aaa as unlock addresses,
2167 * while CFI compatible AMD/Spansion flashes use 0x555 and 0x2aa
2168 */
2169 if (cfi_info->jedec_probe)
2170 {
2171 unlock1 = 0x5555;
2172 unlock2 = 0x2aaa;
2173 }
2174
2175 /* switch to read identifier codes mode ("AUTOSELECT") */
2176 cfi_command(bank, 0xaa, command);
2177 if ((retval = target_write_memory(target, flash_address(bank, 0, unlock1), bank->bus_width, 1, command)) != ERROR_OK)
2178 {
2179 return retval;
2180 }
2181 cfi_command(bank, 0x55, command);
2182 if ((retval = target_write_memory(target, flash_address(bank, 0, unlock2), bank->bus_width, 1, command)) != ERROR_OK)
2183 {
2184 return retval;
2185 }
2186 cfi_command(bank, 0x90, command);
2187 if ((retval = target_write_memory(target, flash_address(bank, 0, unlock1), bank->bus_width, 1, command)) != ERROR_OK)
2188 {
2189 return retval;
2190 }
2191
2192 if (bank->chip_width == 1)
2193 {
2194 uint8_t manufacturer, device_id;
2195 if ((retval = target_read_u8(target, flash_address(bank, 0, 0x00), &manufacturer)) != ERROR_OK)
2196 {
2197 return retval;
2198 }
2199 if ((retval = target_read_u8(target, flash_address(bank, 0, 0x01), &device_id)) != ERROR_OK)
2200 {
2201 return retval;
2202 }
2203 cfi_info->manufacturer = manufacturer;
2204 cfi_info->device_id = device_id;
2205 }
2206 else if (bank->chip_width == 2)
2207 {
2208 if ((retval = target_read_u16(target, flash_address(bank, 0, 0x00), &cfi_info->manufacturer)) != ERROR_OK)
2209 {
2210 return retval;
2211 }
2212 if ((retval = target_read_u16(target, flash_address(bank, 0, 0x01), &cfi_info->device_id)) != ERROR_OK)
2213 {
2214 return retval;
2215 }
2216 }
2217
2218 LOG_INFO("Flash Manufacturer/Device: 0x%04x 0x%04x", cfi_info->manufacturer, cfi_info->device_id);
2219 /* switch back to read array mode */
2220 cfi_command(bank, 0xf0, command);
2221 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x00), bank->bus_width, 1, command)) != ERROR_OK)
2222 {
2223 return retval;
2224 }
2225 cfi_command(bank, 0xff, command);
2226 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x00), bank->bus_width, 1, command)) != ERROR_OK)
2227 {
2228 return retval;
2229 }
2230
2231 /* check device/manufacturer ID for known non-CFI flashes. */
2232 cfi_fixup_non_cfi(bank);
2233
2234 /* query only if this is a CFI compatible flash,
2235 * otherwise the relevant info has already been filled in
2236 */
2237 if (cfi_info->not_cfi == 0)
2238 {
2239 /* enter CFI query mode
2240 * according to JEDEC Standard No. 68.01,
2241 * a single bus sequence with address = 0x55, data = 0x98 should put
2242 * the device into CFI query mode.
2243 *
2244 * SST flashes clearly violate this, and we will consider them incompatbile for now
2245 */
2246 cfi_command(bank, 0x98, command);
2247 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x55), bank->bus_width, 1, command)) != ERROR_OK)
2248 {
2249 return retval;
2250 }
2251
2252 cfi_info->qry[0] = cfi_query_u8(bank, 0, 0x10);
2253 cfi_info->qry[1] = cfi_query_u8(bank, 0, 0x11);
2254 cfi_info->qry[2] = cfi_query_u8(bank, 0, 0x12);
2255
2256 LOG_DEBUG("CFI qry returned: 0x%2.2x 0x%2.2x 0x%2.2x", cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2]);
2257
2258 if ((cfi_info->qry[0] != 'Q') || (cfi_info->qry[1] != 'R') || (cfi_info->qry[2] != 'Y'))
2259 {
2260 cfi_command(bank, 0xf0, command);
2261 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
2262 {
2263 return retval;
2264 }
2265 cfi_command(bank, 0xff, command);
2266 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
2267 {
2268 return retval;
2269 }
2270 LOG_ERROR("Could not probe bank: no QRY");
2271 return ERROR_FLASH_BANK_INVALID;
2272 }
2273
2274 cfi_info->pri_id = cfi_query_u16(bank, 0, 0x13);
2275 cfi_info->pri_addr = cfi_query_u16(bank, 0, 0x15);
2276 cfi_info->alt_id = cfi_query_u16(bank, 0, 0x17);
2277 cfi_info->alt_addr = cfi_query_u16(bank, 0, 0x19);
2278
2279 LOG_DEBUG("qry: '%c%c%c', pri_id: 0x%4.4x, pri_addr: 0x%4.4x, alt_id: 0x%4.4x, alt_addr: 0x%4.4x", cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2], cfi_info->pri_id, cfi_info->pri_addr, cfi_info->alt_id, cfi_info->alt_addr);
2280
2281 cfi_info->vcc_min = cfi_query_u8(bank, 0, 0x1b);
2282 cfi_info->vcc_max = cfi_query_u8(bank, 0, 0x1c);
2283 cfi_info->vpp_min = cfi_query_u8(bank, 0, 0x1d);
2284 cfi_info->vpp_max = cfi_query_u8(bank, 0, 0x1e);
2285 cfi_info->word_write_timeout_typ = cfi_query_u8(bank, 0, 0x1f);
2286 cfi_info->buf_write_timeout_typ = cfi_query_u8(bank, 0, 0x20);
2287 cfi_info->block_erase_timeout_typ = cfi_query_u8(bank, 0, 0x21);
2288 cfi_info->chip_erase_timeout_typ = cfi_query_u8(bank, 0, 0x22);
2289 cfi_info->word_write_timeout_max = cfi_query_u8(bank, 0, 0x23);
2290 cfi_info->buf_write_timeout_max = cfi_query_u8(bank, 0, 0x24);
2291 cfi_info->block_erase_timeout_max = cfi_query_u8(bank, 0, 0x25);
2292 cfi_info->chip_erase_timeout_max = cfi_query_u8(bank, 0, 0x26);
2293
2294 LOG_DEBUG("Vcc min: %1.1x.%1.1x, Vcc max: %1.1x.%1.1x, Vpp min: %1.1x.%1.1x, Vpp max: %1.1x.%1.1x",
2295 (cfi_info->vcc_min & 0xf0) >> 4, cfi_info->vcc_min & 0x0f,
2296 (cfi_info->vcc_max & 0xf0) >> 4, cfi_info->vcc_max & 0x0f,
2297 (cfi_info->vpp_min & 0xf0) >> 4, cfi_info->vpp_min & 0x0f,
2298 (cfi_info->vpp_max & 0xf0) >> 4, cfi_info->vpp_max & 0x0f);
2299 LOG_DEBUG("typ. word write timeout: %u, typ. buf write timeout: %u, typ. block erase timeout: %u, typ. chip erase timeout: %u", 1 << cfi_info->word_write_timeout_typ, 1 << cfi_info->buf_write_timeout_typ,
2300 1 << cfi_info->block_erase_timeout_typ, 1 << cfi_info->chip_erase_timeout_typ);
2301 LOG_DEBUG("max. word write timeout: %u, max. buf write timeout: %u, max. block erase timeout: %u, max. chip erase timeout: %u", (1 << cfi_info->word_write_timeout_max) * (1 << cfi_info->word_write_timeout_typ),
2302 (1 << cfi_info->buf_write_timeout_max) * (1 << cfi_info->buf_write_timeout_typ),
2303 (1 << cfi_info->block_erase_timeout_max) * (1 << cfi_info->block_erase_timeout_typ),
2304 (1 << cfi_info->chip_erase_timeout_max) * (1 << cfi_info->chip_erase_timeout_typ));
2305
2306 cfi_info->dev_size = 1 << cfi_query_u8(bank, 0, 0x27);
2307 cfi_info->interface_desc = cfi_query_u16(bank, 0, 0x28);
2308 cfi_info->max_buf_write_size = cfi_query_u16(bank, 0, 0x2a);
2309 cfi_info->num_erase_regions = cfi_query_u8(bank, 0, 0x2c);
2310
2311 LOG_DEBUG("size: 0x%" PRIx32 ", interface desc: %i, max buffer write size: %x", cfi_info->dev_size, cfi_info->interface_desc, (1 << cfi_info->max_buf_write_size));
2312
2313 if (cfi_info->num_erase_regions)
2314 {
2315 cfi_info->erase_region_info = malloc(4 * cfi_info->num_erase_regions);
2316 for (i = 0; i < cfi_info->num_erase_regions; i++)
2317 {
2318 cfi_info->erase_region_info[i] = cfi_query_u32(bank, 0, 0x2d + (4 * i));
2319 LOG_DEBUG("erase region[%i]: %" PRIu32 " blocks of size 0x%" PRIx32 "",
2320 i,
2321 (cfi_info->erase_region_info[i] & 0xffff) + 1,
2322 (cfi_info->erase_region_info[i] >> 16) * 256);
2323 }
2324 }
2325 else
2326 {
2327 cfi_info->erase_region_info = NULL;
2328 }
2329
2330 /* We need to read the primary algorithm extended query table before calculating
2331 * the sector layout to be able to apply fixups
2332 */
2333 switch (cfi_info->pri_id)
2334 {
2335 /* Intel command set (standard and extended) */
2336 case 0x0001:
2337 case 0x0003:
2338 cfi_read_intel_pri_ext(bank);
2339 break;
2340 /* AMD/Spansion, Atmel, ... command set */
2341 case 0x0002:
2342 cfi_info->status_poll_mask = CFI_STATUS_POLL_MASK_DQ5_DQ6_DQ7; /* default for all CFI flashs */
2343 cfi_read_0002_pri_ext(bank);
2344 break;
2345 default:
2346 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2347 break;
2348 }
2349
2350 /* return to read array mode
2351 * we use both reset commands, as some Intel flashes fail to recognize the 0xF0 command
2352 */
2353 cfi_command(bank, 0xf0, command);
2354 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
2355 {
2356 return retval;
2357 }
2358 cfi_command(bank, 0xff, command);
2359 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command)) != ERROR_OK)
2360 {
2361 return retval;
2362 }
2363 } /* end CFI case */
2364
2365 /* apply fixups depending on the primary command set */
2366 switch (cfi_info->pri_id)
2367 {
2368 /* Intel command set (standard and extended) */
2369 case 0x0001:
2370 case 0x0003:
2371 cfi_fixup(bank, cfi_0001_fixups);
2372 break;
2373 /* AMD/Spansion, Atmel, ... command set */
2374 case 0x0002:
2375 cfi_fixup(bank, cfi_0002_fixups);
2376 break;
2377 default:
2378 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2379 break;
2380 }
2381
2382 if ((cfi_info->dev_size * bank->bus_width / bank->chip_width) != bank->size)
2383 {
2384 LOG_WARNING("configuration specifies 0x%" PRIx32 " size, but a 0x%" PRIx32 " size flash was found", bank->size, cfi_info->dev_size);
2385 }
2386
2387 if (cfi_info->num_erase_regions == 0)
2388 {
2389 /* a device might have only one erase block, spanning the whole device */
2390 bank->num_sectors = 1;
2391 bank->sectors = malloc(sizeof(flash_sector_t));
2392
2393 bank->sectors[sector].offset = 0x0;
2394 bank->sectors[sector].size = bank->size;
2395 bank->sectors[sector].is_erased = -1;
2396 bank->sectors[sector].is_protected = -1;
2397 }
2398 else
2399 {
2400 uint32_t offset = 0;
2401
2402 for (i = 0; i < cfi_info->num_erase_regions; i++)
2403 {
2404 num_sectors += (cfi_info->erase_region_info[i] & 0xffff) + 1;
2405 }
2406
2407 bank->num_sectors = num_sectors;
2408 bank->sectors = malloc(sizeof(flash_sector_t) * num_sectors);
2409
2410 for (i = 0; i < cfi_info->num_erase_regions; i++)
2411 {
2412 uint32_t j;
2413 for (j = 0; j < (cfi_info->erase_region_info[i] & 0xffff) + 1; j++)
2414 {
2415 bank->sectors[sector].offset = offset;
2416 bank->sectors[sector].size = ((cfi_info->erase_region_info[i] >> 16) * 256) * bank->bus_width / bank->chip_width;
2417 offset += bank->sectors[sector].size;
2418 bank->sectors[sector].is_erased = -1;
2419 bank->sectors[sector].is_protected = -1;
2420 sector++;
2421 }
2422 }
2423 if (offset != (cfi_info->dev_size * bank->bus_width / bank->chip_width))
2424 {
2425 LOG_WARNING("CFI size is 0x%" PRIx32 ", but total sector size is 0x%" PRIx32 "", \
2426 (cfi_info->dev_size * bank->bus_width / bank->chip_width), offset);
2427 }
2428 }
2429
2430 cfi_info->probed = 1;
2431
2432 return ERROR_OK;
2433 }
2434
2435 static int cfi_auto_probe(struct flash_bank_s *bank)
2436 {
2437 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2438 if (cfi_info->probed)
2439 return ERROR_OK;
2440 return cfi_probe(bank);
2441 }
2442
2443
2444 static int cfi_intel_protect_check(struct flash_bank_s *bank)
2445 {
2446 int retval;
2447 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2448 cfi_intel_pri_ext_t *pri_ext = cfi_info->pri_ext;
2449 target_t *target = bank->target;
2450 uint8_t command[CFI_MAX_BUS_WIDTH];
2451 int i;
2452
2453 /* check if block lock bits are supported on this device */
2454 if (!(pri_ext->blk_status_reg_mask & 0x1))
2455 return ERROR_FLASH_OPERATION_FAILED;
2456
2457 cfi_command(bank, 0x90, command);
2458 if ((retval = target_write_memory(target, flash_address(bank, 0, 0x55), bank->bus_width, 1, command)) != ERROR_OK)
2459 {
2460 return retval;
2461 }
2462
2463 for (i = 0; i < bank->num_sectors; i++)
2464 {
2465 uint8_t block_status = cfi_get_u8(bank, i, 0x2);
2466
2467 if (block_status & 1)
2468 bank->sectors[i].is_protected = 1;
2469 else
2470 bank->sectors[i].is_protected = 0;
2471 }
2472
2473 cfi_command(bank, 0xff, command);
2474 return target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command);
2475 }
2476
2477 static int cfi_spansion_protect_check(struct flash_bank_s *bank)
2478 {
2479 int retval;
2480 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2481 cfi_spansion_pri_ext_t *pri_ext = cfi_info->pri_ext;
2482 target_t *target = bank->target;
2483 uint8_t command[8];
2484 int i;
2485
2486 cfi_command(bank, 0xaa, command);
2487 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
2488 {
2489 return retval;
2490 }
2491
2492 cfi_command(bank, 0x55, command);
2493 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock2), bank->bus_width, 1, command)) != ERROR_OK)
2494 {
2495 return retval;
2496 }
2497
2498 cfi_command(bank, 0x90, command);
2499 if ((retval = target_write_memory(target, flash_address(bank, 0, pri_ext->_unlock1), bank->bus_width, 1, command)) != ERROR_OK)
2500 {
2501 return retval;
2502 }
2503
2504 for (i = 0; i < bank->num_sectors; i++)
2505 {
2506 uint8_t block_status = cfi_get_u8(bank, i, 0x2);
2507
2508 if (block_status & 1)
2509 bank->sectors[i].is_protected = 1;
2510 else
2511 bank->sectors[i].is_protected = 0;
2512 }
2513
2514 cfi_command(bank, 0xf0, command);
2515 return target_write_memory(target, flash_address(bank, 0, 0x0), bank->bus_width, 1, command);
2516 }
2517
2518 static int cfi_protect_check(struct flash_bank_s *bank)
2519 {
2520 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2521
2522 if (bank->target->state != TARGET_HALTED)
2523 {
2524 LOG_ERROR("Target not halted");
2525 return ERROR_TARGET_NOT_HALTED;
2526 }
2527
2528 if (cfi_info->qry[0] != 'Q')
2529 return ERROR_FLASH_BANK_NOT_PROBED;
2530
2531 switch (cfi_info->pri_id)
2532 {
2533 case 1:
2534 case 3:
2535 return cfi_intel_protect_check(bank);
2536 break;
2537 case 2:
2538 return cfi_spansion_protect_check(bank);
2539 break;
2540 default:
2541 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2542 break;
2543 }
2544
2545 return ERROR_OK;
2546 }
2547
2548 static int cfi_info(struct flash_bank_s *bank, char *buf, int buf_size)
2549 {
2550 int printed;
2551 cfi_flash_bank_t *cfi_info = bank->driver_priv;
2552
2553 if (cfi_info->qry[0] == (char)-1)
2554 {
2555 printed = snprintf(buf, buf_size, "\ncfi flash bank not probed yet\n");
2556 return ERROR_OK;
2557 }
2558
2559 if (cfi_info->not_cfi == 0)
2560 printed = snprintf(buf, buf_size, "\ncfi information:\n");
2561 else
2562 printed = snprintf(buf, buf_size, "\nnon-cfi flash:\n");
2563 buf += printed;
2564 buf_size -= printed;
2565
2566 printed = snprintf(buf, buf_size, "\nmfr: 0x%4.4x, id:0x%4.4x\n",
2567 cfi_info->manufacturer, cfi_info->device_id);
2568 buf += printed;
2569 buf_size -= printed;
2570
2571 if (cfi_info->not_cfi == 0)
2572 {
2573 printed = snprintf(buf, buf_size, "qry: '%c%c%c', pri_id: 0x%4.4x, pri_addr: 0x%4.4x, alt_id: 0x%4.4x, alt_addr: 0x%4.4x\n", cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2], cfi_info->pri_id, cfi_info->pri_addr, cfi_info->alt_id, cfi_info->alt_addr);
2574 buf += printed;
2575 buf_size -= printed;
2576
2577 printed = snprintf(buf, buf_size, "Vcc min: %1.1x.%1.1x, Vcc max: %1.1x.%1.1x, Vpp min: %1.1x.%1.1x, Vpp max: %1.1x.%1.1x\n",
2578 (cfi_info->vcc_min & 0xf0) >> 4, cfi_info->vcc_min & 0x0f,
2579 (cfi_info->vcc_max & 0xf0) >> 4, cfi_info->vcc_max & 0x0f,
2580 (cfi_info->vpp_min & 0xf0) >> 4, cfi_info->vpp_min & 0x0f,
2581 (cfi_info->vpp_max & 0xf0) >> 4, cfi_info->vpp_max & 0x0f);
2582 buf += printed;
2583 buf_size -= printed;
2584
2585 printed = snprintf(buf, buf_size, "typ. word write timeout: %u, typ. buf write timeout: %u, typ. block erase timeout: %u, typ. chip erase timeout: %u\n",
2586 1 << cfi_info->word_write_timeout_typ,
2587 1 << cfi_info->buf_write_timeout_typ,
2588 1 << cfi_info->block_erase_timeout_typ,
2589 1 << cfi_info->chip_erase_timeout_typ);
2590 buf += printed;
2591 buf_size -= printed;
2592
2593 printed = snprintf(buf, buf_size, "max. word write timeout: %u, max. buf write timeout: %u, max. block erase timeout: %u, max. chip erase timeout: %u\n",
2594 (1 << cfi_info->word_write_timeout_max) * (1 << cfi_info->word_write_timeout_typ),
2595 (1 << cfi_info->buf_write_timeout_max) * (1 << cfi_info->buf_write_timeout_typ),
2596 (1 << cfi_info->block_erase_timeout_max) * (1 << cfi_info->block_erase_timeout_typ),
2597 (1 << cfi_info->chip_erase_timeout_max) * (1 << cfi_info->chip_erase_timeout_typ));
2598 buf += printed;
2599 buf_size -= printed;
2600
2601 printed = snprintf(buf, buf_size, "size: 0x%" PRIx32 ", interface desc: %i, max buffer write size: %x\n",
2602 cfi_info->dev_size,
2603 cfi_info->interface_desc,
2604 1 << cfi_info->max_buf_write_size);
2605 buf += printed;
2606 buf_size -= printed;
2607
2608 switch (cfi_info->pri_id)
2609 {
2610 case 1:
2611 case 3:
2612 cfi_intel_info(bank, buf, buf_size);
2613 break;
2614 case 2:
2615 cfi_spansion_info(bank, buf, buf_size);
2616 break;
2617 default:
2618 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2619 break;
2620 }
2621 }
2622
2623 return ERROR_OK;
2624 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)