1 /***************************************************************************
2 * Copyright (C) 2009 by *
3 * Rolf Meeser <rolfm_9dq@yahoo.de> *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
29 #include "binarybuffer.h"
36 /* Some flash constants */
37 #define FLASH_PAGE_SIZE 512 /* bytes */
38 #define FLASH_ERASE_TIME 100000 /* microseconds */
39 #define FLASH_PROGRAM_TIME 1000 /* microseconds */
41 /* Chip ID / Feature Registers */
42 #define CHIPID 0xE0000000 /* Chip ID */
43 #define FEAT0 0xE0000100 /* Chip feature 0 */
44 #define FEAT1 0xE0000104 /* Chip feature 1 */
45 #define FEAT2 0xE0000108 /* Chip feature 2 (contains flash size indicator) */
46 #define FEAT3 0xE000010C /* Chip feature 3 */
48 #define EXPECTED_CHIPID 0x209CE02B /* Chip ID of all LPC2900 devices */
50 /* Flash/EEPROM Control Registers */
51 #define FCTR 0x20200000 /* Flash control */
52 #define FPTR 0x20200008 /* Flash program-time */
53 #define FTCTR 0x2020000C /* Flash test control */
54 #define FBWST 0x20200010 /* Flash bridge wait-state */
55 #define FCRA 0x2020001C /* Flash clock divider */
56 #define FMSSTART 0x20200020 /* Flash Built-In Selft Test start address */
57 #define FMSSTOP 0x20200024 /* Flash Built-In Selft Test stop address */
58 #define FMS16 0x20200028 /* Flash 16-bit signature */
59 #define FMSW0 0x2020002C /* Flash 128-bit signature Word 0 */
60 #define FMSW1 0x20200030 /* Flash 128-bit signature Word 1 */
61 #define FMSW2 0x20200034 /* Flash 128-bit signature Word 2 */
62 #define FMSW3 0x20200038 /* Flash 128-bit signature Word 3 */
64 #define EECMD 0x20200080 /* EEPROM command */
65 #define EEADDR 0x20200084 /* EEPROM address */
66 #define EEWDATA 0x20200088 /* EEPROM write data */
67 #define EERDATA 0x2020008C /* EEPROM read data */
68 #define EEWSTATE 0x20200090 /* EEPROM wait state */
69 #define EECLKDIV 0x20200094 /* EEPROM clock divider */
70 #define EEPWRDWN 0x20200098 /* EEPROM power-down/start */
71 #define EEMSSTART 0x2020009C /* EEPROM BIST start address */
72 #define EEMSSTOP 0x202000A0 /* EEPROM BIST stop address */
73 #define EEMSSIG 0x202000A4 /* EEPROM 24-bit BIST signature */
75 #define INT_CLR_ENABLE 0x20200FD8 /* Flash/EEPROM interrupt clear enable */
76 #define INT_SET_ENABLE 0x20200FDC /* Flash/EEPROM interrupt set enable */
77 #define INT_STATUS 0x20200FE0 /* Flash/EEPROM interrupt status */
78 #define INT_ENABLE 0x20200FE4 /* Flash/EEPROM interrupt enable */
79 #define INT_CLR_STATUS 0x20200FE8 /* Flash/EEPROM interrupt clear status */
80 #define INT_SET_STATUS 0x20200FEC /* Flash/EEPROM interrupt set status */
82 /* Interrupt sources */
83 #define INTSRC_END_OF_PROG (1 << 28)
84 #define INTSRC_END_OF_BIST (1 << 27)
85 #define INTSRC_END_OF_RDWR (1 << 26)
86 #define INTSRC_END_OF_MISR (1 << 2)
87 #define INTSRC_END_OF_BURN (1 << 1)
88 #define INTSRC_END_OF_ERASE (1 << 0)
92 #define FCTR_FS_LOADREQ (1 << 15)
93 #define FCTR_FS_CACHECLR (1 << 14)
94 #define FCTR_FS_CACHEBYP (1 << 13)
95 #define FCTR_FS_PROGREQ (1 << 12)
96 #define FCTR_FS_RLS (1 << 11)
97 #define FCTR_FS_PDL (1 << 10)
98 #define FCTR_FS_PD (1 << 9)
99 #define FCTR_FS_WPB (1 << 7)
100 #define FCTR_FS_ISS (1 << 6)
101 #define FCTR_FS_RLD (1 << 5)
102 #define FCTR_FS_DCR (1 << 4)
103 #define FCTR_FS_WEB (1 << 2)
104 #define FCTR_FS_WRE (1 << 1)
105 #define FCTR_FS_CS (1 << 0)
107 #define FPTR_EN_T (1 << 15)
109 #define FTCTR_FS_BYPASS_R (1 << 29)
110 #define FTCTR_FS_BYPASS_W (1 << 28)
112 #define FMSSTOP_MISR_START (1 << 17)
114 #define EEMSSTOP_STRTBIST (1 << 31)
117 #define ISS_CUSTOMER_START1 (0x830)
118 #define ISS_CUSTOMER_END1 (0xA00)
119 #define ISS_CUSTOMER_SIZE1 (ISS_CUSTOMER_END1 - ISS_CUSTOMER_START1)
120 #define ISS_CUSTOMER_NWORDS1 (ISS_CUSTOMER_SIZE1 / 4)
121 #define ISS_CUSTOMER_START2 (0xA40)
122 #define ISS_CUSTOMER_END2 (0xC00)
123 #define ISS_CUSTOMER_SIZE2 (ISS_CUSTOMER_END2 - ISS_CUSTOMER_START2)
124 #define ISS_CUSTOMER_NWORDS2 (ISS_CUSTOMER_SIZE2 / 4)
125 #define ISS_CUSTOMER_SIZE (ISS_CUSTOMER_SIZE1 + ISS_CUSTOMER_SIZE2)
130 * Private data for \c lpc2900 flash driver.
132 typedef struct lpc2900_flash_bank_s
135 * Holds the value read from CHIPID register.
136 * The driver will not load if the chipid doesn't match the expected
137 * value of 0x209CE02B of the LPC2900 family. A probe will only be done
138 * if the chipid does not yet contain the expected value.
143 * String holding device name.
144 * This string is set by the probe function to the type number of the
145 * device. It takes the form "LPC29xx".
150 * System clock frequency.
151 * Holds the clock frequency in Hz, as passed by the configuration file
152 * to the <tt>flash bank</tt> command.
154 uint32_t clk_sys_fmc;
157 * Flag to indicate that dangerous operations are possible.
158 * This flag can be set by passing the correct password to the
159 * <tt>lpc2900 password</tt> command. If set, other dangerous commands,
160 * which operate on the index sector, can be executed.
165 * Maximum contiguous block of internal SRAM (bytes).
166 * Autodetected by the driver. Not the total amount of SRAM, only the
167 * the largest \em contiguous block!
169 uint32_t max_ram_block;
171 } lpc2900_flash_bank_t;
176 static int lpc2900_register_commands(struct command_context_s *cmd_ctx);
177 static int lpc2900_flash_bank_command(struct command_context_s *cmd_ctx,
178 char *cmd, char **args, int argc,
179 struct flash_bank_s *bank);
180 static int lpc2900_erase(struct flash_bank_s *bank, int first, int last);
181 static int lpc2900_protect(struct flash_bank_s *bank, int set, int first, int last);
182 static int lpc2900_write(struct flash_bank_s *bank,
183 uint8_t *buffer, uint32_t offset, uint32_t count);
184 static int lpc2900_probe(struct flash_bank_s *bank);
185 static int lpc2900_erase_check(struct flash_bank_s *bank);
186 static int lpc2900_protect_check(struct flash_bank_s *bank);
187 static int lpc2900_info(struct flash_bank_s *bank, char *buf, int buf_size);
189 static uint32_t lpc2900_wait_status(flash_bank_t *bank, uint32_t mask, int timeout);
190 static void lpc2900_setup(struct flash_bank_s *bank);
191 static uint32_t lpc2900_is_ready(struct flash_bank_s *bank);
192 static uint32_t lpc2900_read_security_status(struct flash_bank_s *bank);
193 static uint32_t lpc2900_run_bist128(struct flash_bank_s *bank,
194 uint32_t addr_from, uint32_t addr_to,
195 uint32_t (*signature)[4] );
196 static uint32_t lpc2900_address2sector(struct flash_bank_s *bank, uint32_t offset);
197 static uint32_t lpc2900_calc_tr( uint32_t clock, uint32_t time );
200 /*********************** Helper functions **************************/
204 * Wait for an event in mask to occur in INT_STATUS.
206 * Return when an event occurs, or after a timeout.
208 * @param[in] bank Pointer to the flash bank descriptor
209 * @param[in] mask Mask to be used for INT_STATUS
210 * @param[in] timeout Timeout in ms
212 static uint32_t lpc2900_wait_status( flash_bank_t *bank,
217 target_t *target = bank->target;
224 target_read_u32(target, INT_STATUS, &int_status);
226 while( ((int_status & mask) == 0) && (timeout != 0) );
230 LOG_DEBUG("Timeout!");
231 return ERROR_FLASH_OPERATION_FAILED;
240 * Set up the flash for erase/program operations.
242 * Enable the flash, and set the correct CRA clock of 66 kHz.
244 * @param bank Pointer to the flash bank descriptor
246 static void lpc2900_setup( struct flash_bank_s *bank )
249 lpc2900_flash_bank_t *lpc2900_info = bank->driver_priv;
252 /* Power up the flash block */
253 target_write_u32( bank->target, FCTR, FCTR_FS_WEB | FCTR_FS_CS );
256 fcra = (lpc2900_info->clk_sys_fmc / (3 * 66000)) - 1;
257 target_write_u32( bank->target, FCRA, fcra );
263 * Check if device is ready.
265 * Check if device is ready for flash operation:
266 * Must have been successfully probed.
269 static uint32_t lpc2900_is_ready( struct flash_bank_s *bank )
271 lpc2900_flash_bank_t *lpc2900_info = bank->driver_priv;
273 if( lpc2900_info->chipid != EXPECTED_CHIPID )
275 return ERROR_FLASH_BANK_NOT_PROBED;
278 if( bank->target->state != TARGET_HALTED )
280 LOG_ERROR( "Target not halted" );
281 return ERROR_TARGET_NOT_HALTED;
289 * Read the status of sector security from the index sector.
291 * @param bank Pointer to the flash bank descriptor
293 static uint32_t lpc2900_read_security_status( struct flash_bank_s *bank )
296 if( (status = lpc2900_is_ready( bank )) != ERROR_OK )
301 target_t *target = bank->target;
303 /* Enable ISS access */
304 target_write_u32(target, FCTR, FCTR_FS_CS | FCTR_FS_WEB | FCTR_FS_ISS);
306 /* Read the relevant block of memory from the ISS sector */
307 uint32_t iss_secured_field[ 0x230/16 ][ 4 ];
308 target_read_memory(target, bank->base + 0xC00, 4, 0x230/4,
309 (uint8_t *)iss_secured_field);
311 /* Disable ISS access */
312 target_write_u32(target, FCTR, FCTR_FS_CS | FCTR_FS_WEB);
314 /* Check status of each sector. Note that the sector numbering in the LPC2900
315 * is different from the logical sector numbers used in OpenOCD!
316 * Refer to the user manual for details.
318 * All zeros (16x 0x00) are treated as a secured sector (is_protected = 1)
319 * All ones (16x 0xFF) are treated as a non-secured sector (is_protected = 0)
320 * Anything else is undefined (is_protected = -1). This is treated as
321 * a protected sector!
325 for( sector = 0; sector < bank->num_sectors; sector++ )
327 /* Convert logical sector number to physical sector number */
332 else if( sector <= 7 )
341 bank->sectors[sector].is_protected = -1;
344 (iss_secured_field[index][0] == 0x00000000) &&
345 (iss_secured_field[index][1] == 0x00000000) &&
346 (iss_secured_field[index][2] == 0x00000000) &&
347 (iss_secured_field[index][3] == 0x00000000) )
349 bank->sectors[sector].is_protected = 1;
353 (iss_secured_field[index][0] == 0xFFFFFFFF) &&
354 (iss_secured_field[index][1] == 0xFFFFFFFF) &&
355 (iss_secured_field[index][2] == 0xFFFFFFFF) &&
356 (iss_secured_field[index][3] == 0xFFFFFFFF) )
358 bank->sectors[sector].is_protected = 0;
367 * Use BIST to calculate a 128-bit hash value over a range of flash.
369 * @param bank Pointer to the flash bank descriptor
374 static uint32_t lpc2900_run_bist128(struct flash_bank_s *bank,
377 uint32_t (*signature)[4] )
379 target_t *target = bank->target;
381 /* Clear END_OF_MISR interrupt status */
382 target_write_u32( target, INT_CLR_STATUS, INTSRC_END_OF_MISR );
385 target_write_u32( target, FMSSTART, addr_from >> 4);
386 /* End address, and issue start command */
387 target_write_u32( target, FMSSTOP, (addr_to >> 4) | FMSSTOP_MISR_START );
389 /* Poll for end of operation. Calculate a reasonable timeout. */
390 if( lpc2900_wait_status( bank, INTSRC_END_OF_MISR, 1000 ) != ERROR_OK )
392 return ERROR_FLASH_OPERATION_FAILED;
395 /* Return the signature */
396 target_read_memory( target, FMSW0, 4, 4, (uint8_t *)signature );
403 * Return sector number for given address.
405 * Return the (logical) sector number for a given relative address.
406 * No sanity check is done. It assumed that the address is valid.
408 * @param bank Pointer to the flash bank descriptor
409 * @param offset Offset address relative to bank start
411 static uint32_t lpc2900_address2sector( struct flash_bank_s *bank,
414 uint32_t address = bank->base + offset;
417 /* Run through all sectors of this bank */
419 for( sector = 0; sector < bank->num_sectors; sector++ )
421 /* Return immediately if address is within the current sector */
422 if( address < (bank->sectors[sector].offset + bank->sectors[sector].size) )
428 /* We should never come here. If we do, return an arbitrary sector number. */
436 * Write one page to the index sector.
438 * @param bank Pointer to the flash bank descriptor
439 * @param pagenum Page number (0...7)
440 * @param page Page array (FLASH_PAGE_SIZE bytes)
442 static int lpc2900_write_index_page( struct flash_bank_s *bank,
444 uint8_t (*page)[FLASH_PAGE_SIZE] )
446 /* Only pages 4...7 are user writable */
447 if( (pagenum < 4) || (pagenum > 7) )
449 LOG_ERROR( "Refuse to burn index sector page %" PRIu32, pagenum );
450 return ERROR_COMMAND_ARGUMENT_INVALID;
453 /* Get target, and check if it's halted */
454 target_t *target = bank->target;
455 if( target->state != TARGET_HALTED )
457 LOG_ERROR( "Target not halted" );
458 return ERROR_TARGET_NOT_HALTED;
462 lpc2900_flash_bank_t *lpc2900_info = bank->driver_priv;
464 /* Enable flash block and set the correct CRA clock of 66 kHz */
465 lpc2900_setup( bank );
467 /* Un-protect the index sector */
468 target_write_u32( target, bank->base, 0 );
469 target_write_u32( target, FCTR,
470 FCTR_FS_LOADREQ | FCTR_FS_WPB | FCTR_FS_ISS |
471 FCTR_FS_WEB | FCTR_FS_WRE | FCTR_FS_CS );
473 /* Set latch load mode */
474 target_write_u32( target, FCTR,
475 FCTR_FS_ISS | FCTR_FS_WEB | FCTR_FS_WRE | FCTR_FS_CS );
477 /* Write whole page to flash data latches */
478 if( target_write_memory( target,
479 bank->base + pagenum * FLASH_PAGE_SIZE,
480 4, FLASH_PAGE_SIZE / 4, (uint8_t *)page) != ERROR_OK )
482 LOG_ERROR( "Index sector write failed @ page %" PRIu32, pagenum );
483 target_write_u32( target, FCTR, FCTR_FS_CS | FCTR_FS_WEB );
485 return ERROR_FLASH_OPERATION_FAILED;
488 /* Clear END_OF_BURN interrupt status */
489 target_write_u32( target, INT_CLR_STATUS, INTSRC_END_OF_BURN );
491 /* Set the program/erase time to FLASH_PROGRAM_TIME */
492 target_write_u32(target, FPTR,
493 FPTR_EN_T | lpc2900_calc_tr( lpc2900_info->clk_sys_fmc,
494 FLASH_PROGRAM_TIME ));
496 /* Trigger flash write */
497 target_write_u32( target, FCTR,
498 FCTR_FS_PROGREQ | FCTR_FS_ISS |
499 FCTR_FS_WPB | FCTR_FS_WRE | FCTR_FS_CS );
501 /* Wait for the end of the write operation. If it's not over after one
502 * second, something went dreadfully wrong... :-(
504 if( lpc2900_wait_status( bank, INTSRC_END_OF_BURN, 1000 ) != ERROR_OK )
506 LOG_ERROR( "Index sector write failed @ page %" PRIu32, pagenum );
507 target_write_u32( target, FCTR, FCTR_FS_CS | FCTR_FS_WEB );
509 return ERROR_FLASH_OPERATION_FAILED;
512 target_write_u32( target, FCTR, FCTR_FS_CS | FCTR_FS_WEB );
520 * Calculate FPTR.TR register value for desired program/erase time.
522 * @param clock System clock in Hz
523 * @param time Program/erase time in µs
525 static uint32_t lpc2900_calc_tr( uint32_t clock, uint32_t time )
527 /* ((time[µs]/1e6) * f[Hz]) + 511
528 * FPTR.TR = -------------------------------
534 uint32_t tr_val = (uint32_t)((((time / 1e6) * clock) + 511.0) / 512.0);
540 /*********************** Private flash commands **************************/
544 * Command to determine the signature of the whole flash.
546 * Uses the Built-In-Self-Test (BIST) to generate a 128-bit hash value
547 * of the flash content.
554 static int lpc2900_handle_signature_command( struct command_context_s *cmd_ctx,
555 char *cmd, char **args, int argc )
559 uint32_t signature[4];
564 LOG_WARNING( "Too few arguments. Call: lpc2900 signature <bank#>" );
565 return ERROR_FLASH_BANK_INVALID;
568 /* Get the bank descriptor */
569 bank = get_flash_bank_by_num( strtoul(args[0], NULL, 0) );
572 command_print( cmd_ctx, "flash bank '#%s' is out of bounds", args[0] );
576 if( bank->target->state != TARGET_HALTED )
578 LOG_ERROR( "Target not halted" );
579 return ERROR_TARGET_NOT_HALTED;
582 /* Run BIST over whole flash range */
583 if( (status = lpc2900_run_bist128( bank,
585 bank->base + (bank->size - 1),
592 command_print( cmd_ctx, "signature: 0x%8.8" PRIx32
596 signature[3], signature[2], signature[1], signature[0] );
604 * Store customer info in file.
606 * Read customer info from index sector, and store that block of data into
607 * a disk file. The format is binary.
614 static int lpc2900_handle_read_custom_command( struct command_context_s *cmd_ctx,
615 char *cmd, char **args, int argc )
622 return ERROR_COMMAND_SYNTAX_ERROR;
625 /* Get the bank descriptor */
626 bank = get_flash_bank_by_num( strtoul(args[0], NULL, 0) );
629 command_print( cmd_ctx, "flash bank '#%s' is out of bounds", args[0] );
632 lpc2900_flash_bank_t *lpc2900_info = bank->driver_priv;
633 lpc2900_info->risky = 0;
635 /* Get target, and check if it's halted */
636 target_t *target = bank->target;
637 if( target->state != TARGET_HALTED )
639 LOG_ERROR( "Target not halted" );
640 return ERROR_TARGET_NOT_HALTED;
643 /* Storage for customer info. Read in two parts */
644 uint32_t customer[ ISS_CUSTOMER_NWORDS1 + ISS_CUSTOMER_NWORDS2 ];
646 /* Enable access to index sector */
647 target_write_u32( target, FCTR, FCTR_FS_CS | FCTR_FS_WEB | FCTR_FS_ISS );
650 target_read_memory( target, bank->base+ISS_CUSTOMER_START1, 4,
651 ISS_CUSTOMER_NWORDS1,
652 (uint8_t *)&customer[0] );
653 target_read_memory( target, bank->base+ISS_CUSTOMER_START2, 4,
654 ISS_CUSTOMER_NWORDS2,
655 (uint8_t *)&customer[ISS_CUSTOMER_NWORDS1] );
657 /* Deactivate access to index sector */
658 target_write_u32( target, FCTR, FCTR_FS_CS | FCTR_FS_WEB );
660 /* Try and open the file */
662 char *filename = args[1];
663 int ret = fileio_open( &fileio, filename, FILEIO_WRITE, FILEIO_BINARY );
664 if( ret != ERROR_OK )
666 LOG_WARNING( "Could not open file %s", filename );
671 ret = fileio_write( &fileio, sizeof(customer),
672 (const uint8_t *)customer, &nwritten );
673 if( ret != ERROR_OK )
675 LOG_ERROR( "Write operation to file %s failed", filename );
676 fileio_close( &fileio );
680 fileio_close( &fileio );
689 * Enter password to enable potentially dangerous options.
696 static int lpc2900_handle_password_command(struct command_context_s *cmd_ctx,
697 char *cmd, char **args, int argc)
704 return ERROR_COMMAND_SYNTAX_ERROR;
707 /* Get the bank descriptor */
708 bank = get_flash_bank_by_num(strtoul(args[0], NULL, 0));
711 command_print(cmd_ctx, "flash bank '#%s' is out of bounds", args[0]);
714 lpc2900_flash_bank_t *lpc2900_info = bank->driver_priv;
716 #define ISS_PASSWORD "I_know_what_I_am_doing"
718 lpc2900_info->risky = !strcmp( args[1], ISS_PASSWORD );
720 if( !lpc2900_info->risky )
722 command_print(cmd_ctx, "Wrong password (use '%s')", ISS_PASSWORD);
723 return ERROR_COMMAND_ARGUMENT_INVALID;
726 command_print(cmd_ctx,
727 "Potentially dangerous operation allowed in next command!");
735 * Write customer info from file to the index sector.
742 static int lpc2900_handle_write_custom_command( struct command_context_s *cmd_ctx,
743 char *cmd, char **args, int argc )
747 return ERROR_COMMAND_SYNTAX_ERROR;
750 /* Get the bank descriptor */
751 flash_bank_t *bank = get_flash_bank_by_num(strtoul(args[0], NULL, 0));
754 command_print(cmd_ctx, "flash bank '#%s' is out of bounds", args[0]);
757 lpc2900_flash_bank_t *lpc2900_info = bank->driver_priv;
759 /* Check if command execution is allowed. */
760 if( !lpc2900_info->risky )
762 command_print( cmd_ctx, "Command execution not allowed!" );
763 return ERROR_COMMAND_ARGUMENT_INVALID;
765 lpc2900_info->risky = 0;
767 /* Get target, and check if it's halted */
768 target_t *target = bank->target;
769 if (target->state != TARGET_HALTED)
771 LOG_ERROR("Target not halted");
772 return ERROR_TARGET_NOT_HALTED;
775 /* The image will always start at offset 0 */
777 image.base_address_set = 1;
778 image.base_address = 0;
779 image.start_address_set = 0;
781 char *filename = args[1];
782 char *type = (argc >= 3) ? args[2] : NULL;
783 int retval = image_open(&image, filename, type);
784 if (retval != ERROR_OK)
789 /* Do a sanity check: The image must be exactly the size of the customer
790 programmable area. Any other size is rejected. */
791 if( image.num_sections != 1 )
793 LOG_ERROR("Only one section allowed in image file.");
794 return ERROR_COMMAND_SYNTAX_ERROR;
796 if( (image.sections[0].base_address != 0) ||
797 (image.sections[0].size != ISS_CUSTOMER_SIZE) )
799 LOG_ERROR("Incorrect image file size. Expected %" PRIu32 ", got %" PRIu32,
800 ISS_CUSTOMER_SIZE, image.sections[0].size);
801 return ERROR_COMMAND_SYNTAX_ERROR;
804 /* Well boys, I reckon this is it... */
806 /* Customer info is split into two blocks in pages 4 and 5. */
807 uint8_t page[FLASH_PAGE_SIZE];
810 uint32_t offset = ISS_CUSTOMER_START1 % FLASH_PAGE_SIZE;
811 memset( page, 0xff, FLASH_PAGE_SIZE );
813 retval = image_read_section( &image, 0, 0,
814 ISS_CUSTOMER_SIZE1, &page[offset], &size_read);
815 if( retval != ERROR_OK )
817 LOG_ERROR("couldn't read from file '%s'", filename);
821 if( (retval = lpc2900_write_index_page( bank, 4, &page )) != ERROR_OK )
828 offset = ISS_CUSTOMER_START2 % FLASH_PAGE_SIZE;
829 memset( page, 0xff, FLASH_PAGE_SIZE );
830 retval = image_read_section( &image, 0, ISS_CUSTOMER_SIZE1,
831 ISS_CUSTOMER_SIZE2, &page[offset], &size_read);
832 if( retval != ERROR_OK )
834 LOG_ERROR("couldn't read from file '%s'", filename);
838 if( (retval = lpc2900_write_index_page( bank, 5, &page )) != ERROR_OK )
852 * Activate 'sector security' for a range of sectors.
859 static int lpc2900_handle_secure_sector_command(struct command_context_s *cmd_ctx,
860 char *cmd, char **args, int argc)
864 return ERROR_COMMAND_SYNTAX_ERROR;
867 /* Get the bank descriptor */
868 flash_bank_t *bank = get_flash_bank_by_num(strtoul(args[0], NULL, 0));
871 command_print(cmd_ctx, "flash bank '#%s' is out of bounds", args[0]);
874 lpc2900_flash_bank_t *lpc2900_info = bank->driver_priv;
876 /* Check if command execution is allowed. */
877 if( !lpc2900_info->risky )
879 command_print( cmd_ctx, "Command execution not allowed! "
880 "(use 'password' command first)");
881 return ERROR_COMMAND_ARGUMENT_INVALID;
883 lpc2900_info->risky = 0;
885 /* Read sector range, and do a sanity check. */
886 int first = strtoul(args[1], NULL, 0);
887 int last = strtoul(args[2], NULL, 0);
888 if( (first >= bank->num_sectors) ||
889 (last >= bank->num_sectors) ||
892 command_print( cmd_ctx, "Illegal sector range" );
893 return ERROR_COMMAND_ARGUMENT_INVALID;
896 uint8_t page[FLASH_PAGE_SIZE];
900 /* Sectors in page 6 */
901 if( (first <= 4) || (last >= 8) )
903 memset( &page, 0xff, FLASH_PAGE_SIZE );
904 for( sector = first; sector <= last; sector++ )
908 memset( &page[0xB0 + 16*sector], 0, 16 );
910 else if( sector >= 8 )
912 memset( &page[0x00 + 16*(sector - 8)], 0, 16 );
916 if( (retval = lpc2900_write_index_page( bank, 6, &page )) != ERROR_OK )
918 LOG_ERROR("failed to update index sector page 6");
923 /* Sectors in page 7 */
924 if( (first <= 7) && (last >= 5) )
926 memset( &page, 0xff, FLASH_PAGE_SIZE );
927 for( sector = first; sector <= last; sector++ )
929 if( (sector >= 5) && (sector <= 7) )
931 memset( &page[0x00 + 16*(sector - 5)], 0, 16 );
935 if( (retval = lpc2900_write_index_page( bank, 7, &page )) != ERROR_OK )
937 LOG_ERROR("failed to update index sector page 7");
942 command_print( cmd_ctx,
943 "Sectors security will become effective after next power cycle");
945 /* Update the sector security status */
946 if ( lpc2900_read_security_status(bank) != ERROR_OK )
948 LOG_ERROR( "Cannot determine sector security status" );
949 return ERROR_FLASH_OPERATION_FAILED;
958 * Activate JTAG protection.
965 static int lpc2900_handle_secure_jtag_command(struct command_context_s *cmd_ctx,
966 char *cmd, char **args, int argc)
970 return ERROR_COMMAND_SYNTAX_ERROR;
973 /* Get the bank descriptor */
974 flash_bank_t *bank = get_flash_bank_by_num(strtoul(args[0], NULL, 0));
977 command_print(cmd_ctx, "flash bank '#%s' is out of bounds", args[0]);
980 lpc2900_flash_bank_t *lpc2900_info = bank->driver_priv;
982 /* Check if command execution is allowed. */
983 if( !lpc2900_info->risky )
985 command_print( cmd_ctx, "Command execution not allowed! "
986 "(use 'password' command first)");
987 return ERROR_COMMAND_ARGUMENT_INVALID;
989 lpc2900_info->risky = 0;
992 uint8_t page[FLASH_PAGE_SIZE];
993 memset( &page, 0xff, FLASH_PAGE_SIZE );
996 /* Insert "soft" protection word */
997 page[0x30 + 15] = 0x7F;
998 page[0x30 + 11] = 0x7F;
999 page[0x30 + 7] = 0x7F;
1000 page[0x30 + 3] = 0x7F;
1002 /* Write to page 5 */
1004 if( (retval = lpc2900_write_index_page( bank, 5, &page ))
1007 LOG_ERROR("failed to update index sector page 5");
1011 LOG_INFO("JTAG security set. Good bye!");
1018 /*********************** Flash interface functions **************************/
1022 * Register private command handlers.
1026 static int lpc2900_register_commands(struct command_context_s *cmd_ctx)
1028 command_t *lpc2900_cmd = register_command(cmd_ctx, NULL, "lpc2900",
1029 NULL, COMMAND_ANY, NULL);
1035 lpc2900_handle_signature_command,
1038 "print device signature of flash bank");
1044 lpc2900_handle_read_custom_command,
1046 "<bank> <filename> | "
1047 "read customer information from index sector to file");
1053 lpc2900_handle_password_command,
1055 "<bank> <password> | "
1056 "enter password to enable 'dangerous' options");
1062 lpc2900_handle_write_custom_command,
1064 "<bank> <filename> [<type>] | "
1065 "write customer info from file to index sector");
1071 lpc2900_handle_secure_sector_command,
1073 "<bank> <first> <last> | "
1074 "activate sector security for a range of sectors");
1080 lpc2900_handle_secure_jtag_command,
1083 "activate JTAG security");
1090 * Evaluate flash bank command.
1092 * Syntax: flash bank lpc2900 0 0 0 0 target# system_base_clock
1098 * @param bank Pointer to the flash bank descriptor
1100 static int lpc2900_flash_bank_command(struct command_context_s *cmd_ctx,
1101 char *cmd, char **args, int argc,
1102 struct flash_bank_s *bank)
1104 lpc2900_flash_bank_t *lpc2900_info;
1108 LOG_WARNING("incomplete flash_bank LPC2900 configuration");
1109 return ERROR_FLASH_BANK_INVALID;
1112 lpc2900_info = malloc(sizeof(lpc2900_flash_bank_t));
1113 bank->driver_priv = lpc2900_info;
1116 * Reject it if we can't meet the requirements for program time
1117 * (if clock too slow), or for erase time (clock too fast).
1119 lpc2900_info->clk_sys_fmc = strtoul(args[6], NULL, 0) * 1000;
1121 uint32_t clock_limit;
1122 /* Check program time limit */
1123 clock_limit = 512000000l / FLASH_PROGRAM_TIME;
1124 if (lpc2900_info->clk_sys_fmc < clock_limit)
1126 LOG_WARNING("flash clock must be at least %" PRIu32 " kHz",
1127 (clock_limit / 1000));
1128 return ERROR_FLASH_BANK_INVALID;
1131 /* Check erase time limit */
1132 clock_limit = (uint32_t)((32767.0 * 512.0 * 1e6) / FLASH_ERASE_TIME);
1133 if (lpc2900_info->clk_sys_fmc > clock_limit)
1135 LOG_WARNING("flash clock must be a maximum of %" PRIu32" kHz",
1136 (clock_limit / 1000));
1137 return ERROR_FLASH_BANK_INVALID;
1140 /* Chip ID will be obtained by probing the device later */
1141 lpc2900_info->chipid = 0;
1150 * @param bank Pointer to the flash bank descriptor
1151 * @param first First sector to be erased
1152 * @param last Last sector (including) to be erased
1154 static int lpc2900_erase(struct flash_bank_s *bank, int first, int last)
1158 int last_unsecured_sector;
1159 target_t *target = bank->target;
1160 lpc2900_flash_bank_t *lpc2900_info = bank->driver_priv;
1163 status = lpc2900_is_ready(bank);
1164 if (status != ERROR_OK)
1169 /* Sanity check on sector range */
1170 if ((first < 0) || (last < first) || (last >= bank->num_sectors))
1172 LOG_INFO("Bad sector range");
1173 return ERROR_FLASH_SECTOR_INVALID;
1176 /* Update the info about secured sectors */
1177 lpc2900_read_security_status( bank );
1179 /* The selected sector range might include secured sectors. An attempt
1180 * to erase such a sector will cause the erase to fail also for unsecured
1181 * sectors. It is necessary to determine the last unsecured sector now,
1182 * because we have to treat the last relevant sector in the list in
1185 last_unsecured_sector = -1;
1186 for (sector = first; sector <= last; sector++)
1188 if ( !bank->sectors[sector].is_protected )
1190 last_unsecured_sector = sector;
1194 /* Exit now, in case of the rare constellation where all sectors in range
1195 * are secured. This is regarded a success, since erasing/programming of
1196 * secured sectors shall be handled transparently.
1198 if ( last_unsecured_sector == -1 )
1203 /* Enable flash block and set the correct CRA clock of 66 kHz */
1204 lpc2900_setup(bank);
1206 /* Clear END_OF_ERASE interrupt status */
1207 target_write_u32(target, INT_CLR_STATUS, INTSRC_END_OF_ERASE);
1209 /* Set the program/erase timer to FLASH_ERASE_TIME */
1210 target_write_u32(target, FPTR,
1211 FPTR_EN_T | lpc2900_calc_tr( lpc2900_info->clk_sys_fmc,
1212 FLASH_ERASE_TIME ));
1214 /* Sectors are marked for erasure, then erased all together */
1215 for (sector = first; sector <= last_unsecured_sector; sector++)
1217 /* Only mark sectors that aren't secured. Any attempt to erase a group
1218 * of sectors will fail if any single one of them is secured!
1220 if ( !bank->sectors[sector].is_protected )
1222 /* Unprotect the sector */
1223 target_write_u32(target, bank->sectors[sector].offset, 0);
1224 target_write_u32(target, FCTR,
1225 FCTR_FS_LOADREQ | FCTR_FS_WPB |
1226 FCTR_FS_WEB | FCTR_FS_WRE | FCTR_FS_CS);
1228 /* Mark the sector for erasure. The last sector in the list
1229 triggers the erasure. */
1230 target_write_u32(target, bank->sectors[sector].offset, 0);
1231 if ( sector == last_unsecured_sector )
1233 target_write_u32(target, FCTR,
1234 FCTR_FS_PROGREQ | FCTR_FS_WPB | FCTR_FS_CS);
1238 target_write_u32(target, FCTR,
1239 FCTR_FS_LOADREQ | FCTR_FS_WPB |
1240 FCTR_FS_WEB | FCTR_FS_CS);
1245 /* Wait for the end of the erase operation. If it's not over after two seconds,
1246 * something went dreadfully wrong... :-(
1248 if( lpc2900_wait_status(bank, INTSRC_END_OF_ERASE, 2000) != ERROR_OK )
1250 return ERROR_FLASH_OPERATION_FAILED;
1253 /* Normal flash operating mode */
1254 target_write_u32(target, FCTR, FCTR_FS_CS | FCTR_FS_WEB);
1261 static int lpc2900_protect(struct flash_bank_s *bank, int set, int first, int last)
1263 /* This command is not supported.
1264 * "Protection" in LPC2900 terms is handled transparently. Sectors will
1265 * automatically be unprotected as needed.
1266 * Instead we use the concept of sector security. A secured sector is shown
1267 * as "protected" in OpenOCD. Sector security is a permanent feature, and
1268 * cannot be disabled once activated.
1276 * Write data to flash.
1278 * @param bank Pointer to the flash bank descriptor
1279 * @param buffer Buffer with data
1280 * @param offset Start address (relative to bank start)
1281 * @param count Number of bytes to be programmed
1283 static int lpc2900_write(struct flash_bank_s *bank, uint8_t *buffer,
1284 uint32_t offset, uint32_t count)
1286 uint8_t page[FLASH_PAGE_SIZE];
1289 target_t *target = bank->target;
1290 lpc2900_flash_bank_t *lpc2900_info = bank->driver_priv;
1294 static const uint32_t write_target_code[] = {
1295 /* Set auto latch mode: FCTR=CS|WRE|WEB */
1296 0xe3a0a007, /* loop mov r10, #0x007 */
1297 0xe583a000, /* str r10,[r3,#0] */
1299 /* Load complete page into latches */
1300 0xe3a06020, /* mov r6,#(512/16) */
1301 0xe8b00f00, /* next ldmia r0!,{r8-r11} */
1302 0xe8a10f00, /* stmia r1!,{r8-r11} */
1303 0xe2566001, /* subs r6,#1 */
1304 0x1afffffb, /* bne next */
1306 /* Clear END_OF_BURN interrupt status */
1307 0xe3a0a002, /* mov r10,#(1 << 1) */
1308 0xe583afe8, /* str r10,[r3,#0xfe8] */
1310 /* Set the erase time to FLASH_PROGRAM_TIME */
1311 0xe5834008, /* str r4,[r3,#8] */
1313 /* Trigger flash write
1314 FCTR = CS | WRE | WPB | PROGREQ */
1315 0xe3a0a083, /* mov r10,#0x83 */
1316 0xe38aaa01, /* orr r10,#0x1000 */
1317 0xe583a000, /* str r10,[r3,#0] */
1319 /* Wait for end of burn */
1320 0xe593afe0, /* wait ldr r10,[r3,#0xfe0] */
1321 0xe21aa002, /* ands r10,#(1 << 1) */
1322 0x0afffffc, /* beq wait */
1325 0xe2522001, /* subs r2,#1 */
1326 0x1affffed, /* bne loop */
1328 0xeafffffe /* done b done */
1332 status = lpc2900_is_ready(bank);
1333 if (status != ERROR_OK)
1338 /* Enable flash block and set the correct CRA clock of 66 kHz */
1339 lpc2900_setup(bank);
1341 /* Update the info about secured sectors */
1342 lpc2900_read_security_status( bank );
1344 /* Unprotect all involved sectors */
1345 for (sector = 0; sector < bank->num_sectors; sector++)
1347 /* Start address in or before this sector? */
1348 /* End address in or behind this sector? */
1349 if ( ((bank->base + offset) <
1350 (bank->sectors[sector].offset + bank->sectors[sector].size)) &&
1351 ((bank->base + (offset + count - 1)) >= bank->sectors[sector].offset) )
1353 /* This sector is involved and needs to be unprotected.
1354 * Don't do it for secured sectors.
1356 if ( !bank->sectors[sector].is_protected )
1358 target_write_u32(target, bank->sectors[sector].offset, 0);
1359 target_write_u32(target, FCTR,
1360 FCTR_FS_LOADREQ | FCTR_FS_WPB |
1361 FCTR_FS_WEB | FCTR_FS_WRE | FCTR_FS_CS);
1366 /* Set the program/erase time to FLASH_PROGRAM_TIME */
1367 uint32_t prog_time = FPTR_EN_T | lpc2900_calc_tr( lpc2900_info->clk_sys_fmc,
1368 FLASH_PROGRAM_TIME );
1370 /* If there is a working area of reasonable size, use it to program via
1371 a target algorithm. If not, fall back to host programming. */
1373 /* We need some room for target code. */
1374 uint32_t target_code_size = sizeof(write_target_code);
1376 /* Try working area allocation. Start with a large buffer, and try with
1377 reduced size if that fails. */
1378 working_area_t *warea;
1379 uint32_t buffer_size = lpc2900_info->max_ram_block - 1 * KiB;
1380 while( (retval = target_alloc_working_area(target,
1381 buffer_size + target_code_size,
1382 &warea)) != ERROR_OK )
1384 /* Try a smaller buffer now, and stop if it's too small. */
1385 buffer_size -= 1 * KiB;
1386 if (buffer_size < 2 * KiB)
1388 LOG_INFO( "no (large enough) working area"
1389 ", falling back to host mode" );
1397 reg_param_t reg_params[5];
1398 armv4_5_algorithm_t armv4_5_info;
1400 /* We can use target mode. Download the algorithm. */
1401 retval = target_write_buffer( target,
1402 (warea->address)+buffer_size,
1404 (uint8_t *)write_target_code);
1405 if (retval != ERROR_OK)
1407 LOG_ERROR("Unable to write block write code to target");
1408 target_free_all_working_areas(target);
1409 return ERROR_FLASH_OPERATION_FAILED;
1412 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
1413 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
1414 init_reg_param(®_params[2], "r2", 32, PARAM_OUT);
1415 init_reg_param(®_params[3], "r3", 32, PARAM_OUT);
1416 init_reg_param(®_params[4], "r4", 32, PARAM_OUT);
1418 /* Write to flash in large blocks */
1419 while ( count != 0 )
1421 uint32_t this_npages;
1422 uint8_t *this_buffer;
1423 int start_sector = lpc2900_address2sector( bank, offset );
1425 /* First page / last page / rest */
1426 if( offset % FLASH_PAGE_SIZE )
1428 /* Block doesn't start on page boundary.
1429 Burn first partial page separately. */
1430 memset( &page, 0xff, sizeof(page) );
1431 memcpy( &page[offset % FLASH_PAGE_SIZE],
1433 FLASH_PAGE_SIZE - (offset % FLASH_PAGE_SIZE) );
1435 this_buffer = &page[0];
1436 count = count + (offset % FLASH_PAGE_SIZE);
1437 offset = offset - (offset % FLASH_PAGE_SIZE);
1439 else if( count < FLASH_PAGE_SIZE )
1441 /* Download last incomplete page separately. */
1442 memset( &page, 0xff, sizeof(page) );
1443 memcpy( &page, buffer, count );
1445 this_buffer = &page[0];
1446 count = FLASH_PAGE_SIZE;
1450 /* Download as many full pages as possible */
1451 this_npages = (count < buffer_size) ?
1452 count / FLASH_PAGE_SIZE :
1453 buffer_size / FLASH_PAGE_SIZE;
1454 this_buffer = buffer;
1456 /* Make sure we stop at the next secured sector */
1457 int sector = start_sector + 1;
1458 while( sector < bank->num_sectors )
1461 if( bank->sectors[sector].is_protected )
1463 /* Is that next sector within the current block? */
1464 if( (bank->sectors[sector].offset - bank->base) <
1465 (offset + (this_npages * FLASH_PAGE_SIZE)) )
1467 /* Yes! Split the block */
1469 (bank->sectors[sector].offset - bank->base - offset)
1479 /* Skip the current sector if it is secured */
1480 if( bank->sectors[start_sector].is_protected )
1482 LOG_DEBUG( "Skip secured sector %" PRIu32, start_sector );
1484 /* Stop if this is the last sector */
1485 if( start_sector == bank->num_sectors - 1 )
1491 uint32_t nskip = bank->sectors[start_sector].size -
1492 (offset % bank->sectors[start_sector].size);
1495 count = (count >= nskip) ? (count - nskip) : 0;
1499 /* Execute buffer download */
1500 if ((retval = target_write_buffer(target,
1502 this_npages * FLASH_PAGE_SIZE,
1503 this_buffer)) != ERROR_OK)
1505 LOG_ERROR("Unable to write data to target");
1506 target_free_all_working_areas(target);
1507 return ERROR_FLASH_OPERATION_FAILED;
1510 /* Prepare registers */
1511 buf_set_u32(reg_params[0].value, 0, 32, warea->address);
1512 buf_set_u32(reg_params[1].value, 0, 32, offset);
1513 buf_set_u32(reg_params[2].value, 0, 32, this_npages);
1514 buf_set_u32(reg_params[3].value, 0, 32, FCTR);
1515 buf_set_u32(reg_params[4].value, 0, 32, FPTR_EN_T | prog_time);
1517 /* Execute algorithm, assume breakpoint for last instruction */
1518 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
1519 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
1520 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
1522 retval = target_run_algorithm(target, 0, NULL, 5, reg_params,
1523 (warea->address) + buffer_size,
1524 (warea->address) + buffer_size + target_code_size - 4,
1525 10000, /* 10s should be enough for max. 16 KiB of data */
1528 if (retval != ERROR_OK)
1530 LOG_ERROR("Execution of flash algorithm failed.");
1531 target_free_all_working_areas(target);
1532 retval = ERROR_FLASH_OPERATION_FAILED;
1536 count -= this_npages * FLASH_PAGE_SIZE;
1537 buffer += this_npages * FLASH_PAGE_SIZE;
1538 offset += this_npages * FLASH_PAGE_SIZE;
1541 /* Free all resources */
1542 destroy_reg_param(®_params[0]);
1543 destroy_reg_param(®_params[1]);
1544 destroy_reg_param(®_params[2]);
1545 destroy_reg_param(®_params[3]);
1546 destroy_reg_param(®_params[4]);
1547 target_free_all_working_areas(target);
1551 /* Write to flash memory page-wise */
1552 while ( count != 0 )
1554 /* How many bytes do we copy this time? */
1555 num_bytes = (count >= FLASH_PAGE_SIZE) ?
1556 FLASH_PAGE_SIZE - (offset % FLASH_PAGE_SIZE) :
1559 /* Don't do anything with it if the page is in a secured sector. */
1560 if ( !bank->sectors[lpc2900_address2sector(bank, offset)].is_protected )
1562 /* Set latch load mode */
1563 target_write_u32(target, FCTR,
1564 FCTR_FS_CS | FCTR_FS_WRE | FCTR_FS_WEB);
1566 /* Always clear the buffer (a little overhead, but who cares) */
1567 memset(page, 0xFF, FLASH_PAGE_SIZE);
1569 /* Copy them to the buffer */
1570 memcpy( &page[offset % FLASH_PAGE_SIZE],
1571 &buffer[offset % FLASH_PAGE_SIZE],
1574 /* Write whole page to flash data latches */
1575 if (target_write_memory(
1577 bank->base + (offset - (offset % FLASH_PAGE_SIZE)),
1578 4, FLASH_PAGE_SIZE / 4, page) != ERROR_OK)
1580 LOG_ERROR("Write failed @ 0x%8.8" PRIx32, offset);
1581 target_write_u32(target, FCTR, FCTR_FS_CS | FCTR_FS_WEB);
1583 return ERROR_FLASH_OPERATION_FAILED;
1586 /* Clear END_OF_BURN interrupt status */
1587 target_write_u32(target, INT_CLR_STATUS, INTSRC_END_OF_BURN);
1589 /* Set the programming time */
1590 target_write_u32(target, FPTR, FPTR_EN_T | prog_time);
1592 /* Trigger flash write */
1593 target_write_u32(target, FCTR,
1594 FCTR_FS_CS | FCTR_FS_WRE | FCTR_FS_WPB | FCTR_FS_PROGREQ);
1596 /* Wait for the end of the write operation. If it's not over
1597 * after one second, something went dreadfully wrong... :-(
1599 if (lpc2900_wait_status(bank, INTSRC_END_OF_BURN, 1000) != ERROR_OK)
1601 LOG_ERROR("Write failed @ 0x%8.8" PRIx32, offset);
1602 target_write_u32(target, FCTR, FCTR_FS_CS | FCTR_FS_WEB);
1604 return ERROR_FLASH_OPERATION_FAILED;
1608 /* Update pointers and counters */
1609 offset += num_bytes;
1610 buffer += num_bytes;
1617 /* Normal flash operating mode */
1618 target_write_u32(target, FCTR, FCTR_FS_CS | FCTR_FS_WEB);
1625 * Try and identify the device.
1627 * Determine type number and its memory layout.
1629 * @param bank Pointer to the flash bank descriptor
1631 static int lpc2900_probe(struct flash_bank_s *bank)
1633 lpc2900_flash_bank_t *lpc2900_info = bank->driver_priv;
1634 target_t *target = bank->target;
1639 if (target->state != TARGET_HALTED)
1641 LOG_ERROR("Target not halted");
1642 return ERROR_TARGET_NOT_HALTED;
1645 /* We want to do this only once. Check if we already have a valid CHIPID,
1646 * because then we will have already successfully probed the device.
1648 if (lpc2900_info->chipid == EXPECTED_CHIPID)
1653 /* Probing starts with reading the CHIPID register. We will continue only
1654 * if this identifies as an LPC2900 device.
1656 target_read_u32(target, CHIPID, &lpc2900_info->chipid);
1658 if (lpc2900_info->chipid != EXPECTED_CHIPID)
1660 LOG_WARNING("Device is not an LPC29xx");
1661 return ERROR_FLASH_OPERATION_FAILED;
1664 /* It's an LPC29xx device. Now read the feature register FEAT0...FEAT3. */
1665 uint32_t feat0, feat1, feat2, feat3;
1666 target_read_u32(target, FEAT0, &feat0);
1667 target_read_u32(target, FEAT1, &feat1);
1668 target_read_u32(target, FEAT2, &feat2);
1669 target_read_u32(target, FEAT3, &feat3);
1672 bank->base = 0x20000000;
1674 /* Determine flash layout from FEAT2 register */
1675 uint32_t num_64k_sectors = (feat2 >> 16) & 0xFF;
1676 uint32_t num_8k_sectors = (feat2 >> 0) & 0xFF;
1677 bank->num_sectors = num_64k_sectors + num_8k_sectors;
1678 bank->size = KiB * (64 * num_64k_sectors + 8 * num_8k_sectors);
1680 /* Determine maximum contiguous RAM block */
1681 lpc2900_info->max_ram_block = 16 * KiB;
1682 if( (feat1 & 0x30) == 0x30 )
1684 lpc2900_info->max_ram_block = 32 * KiB;
1685 if( (feat1 & 0x0C) == 0x0C )
1687 lpc2900_info->max_ram_block = 48 * KiB;
1691 /* Determine package code and ITCM size */
1692 uint32_t package_code = feat0 & 0x0F;
1693 uint32_t itcm_code = (feat1 >> 16) & 0x1F;
1695 /* Determine the exact type number. */
1697 if ( (package_code == 4) && (itcm_code == 5) )
1699 /* Old LPC2917 or LPC2919 (non-/01 devices) */
1700 lpc2900_info->target_name = (bank->size == 768*KiB) ? "LPC2919" : "LPC2917";
1704 if ( package_code == 2 )
1706 /* 100-pin package */
1707 if ( bank->size == 128*KiB )
1709 lpc2900_info->target_name = "LPC2921";
1711 else if ( bank->size == 256*KiB )
1713 lpc2900_info->target_name = "LPC2923";
1715 else if ( bank->size == 512*KiB )
1717 lpc2900_info->target_name = "LPC2925";
1724 else if ( package_code == 4 )
1726 /* 144-pin package */
1727 if ( (bank->size == 512*KiB) && (feat3 == 0xFFFFFCF0) )
1729 lpc2900_info->target_name = "LPC2917/01";
1731 else if ( (bank->size == 512*KiB) && (feat3 == 0xFFFFFFF1) )
1733 lpc2900_info->target_name = "LPC2927";
1735 else if ( (bank->size == 768*KiB) && (feat3 == 0xFFFFFCF8) )
1737 lpc2900_info->target_name = "LPC2919/01";
1739 else if ( (bank->size == 768*KiB) && (feat3 == 0xFFFFFFF9) )
1741 lpc2900_info->target_name = "LPC2929";
1748 else if ( package_code == 5 )
1750 /* 208-pin package */
1751 lpc2900_info->target_name = (bank->size == 0) ? "LPC2930" : "LPC2939";
1761 LOG_WARNING("Unknown LPC29xx derivative");
1762 return ERROR_FLASH_OPERATION_FAILED;
1765 /* Show detected device */
1766 LOG_INFO("Flash bank %" PRIu32
1767 ": Device %s, %" PRIu32
1768 " KiB in %" PRIu32 " sectors",
1770 lpc2900_info->target_name, bank->size / KiB,
1773 /* Flashless devices cannot be handled */
1774 if ( bank->num_sectors == 0 )
1776 LOG_WARNING("Flashless device cannot be handled");
1777 return ERROR_FLASH_OPERATION_FAILED;
1781 * These are logical sector numbers. When doing real flash operations,
1782 * the logical flash number are translated into the physical flash numbers
1785 bank->sectors = malloc(sizeof(flash_sector_t) * bank->num_sectors);
1788 for (i = 0; i < bank->num_sectors; i++)
1790 bank->sectors[i].offset = offset;
1791 bank->sectors[i].is_erased = -1;
1792 bank->sectors[i].is_protected = -1;
1796 bank->sectors[i].size = 8 * KiB;
1800 bank->sectors[i].size = 64 * KiB;
1804 /* We shouldn't come here. But there might be a new part out there
1805 * that has more than 19 sectors. Politely ask for a fix then.
1807 bank->sectors[i].size = 0;
1808 LOG_ERROR("Never heard about sector %" PRIu32 " (FIXME please)", i);
1811 offset += bank->sectors[i].size;
1814 /* Read sector security status */
1815 if ( lpc2900_read_security_status(bank) != ERROR_OK )
1817 LOG_ERROR("Cannot determine sector security status");
1818 return ERROR_FLASH_OPERATION_FAILED;
1826 * Run a blank check for each sector.
1828 * For speed reasons, the device isn't read word by word.
1829 * A hash value is calculated by the hardware ("BIST") for each sector.
1830 * This value is then compared against the known hash of an empty sector.
1832 * @param bank Pointer to the flash bank descriptor
1834 static int lpc2900_erase_check(struct flash_bank_s *bank)
1836 uint32_t status = lpc2900_is_ready(bank);
1837 if (status != ERROR_OK)
1839 LOG_INFO("Processor not halted/not probed");
1843 /* Use the BIST (Built-In Selft Test) to generate a signature of each flash
1844 * sector. Compare against the expected signature of an empty sector.
1847 for ( sector = 0; sector < bank->num_sectors; sector++ )
1849 uint32_t signature[4];
1850 if ( (status = lpc2900_run_bist128( bank,
1851 bank->sectors[sector].offset,
1852 bank->sectors[sector].offset +
1853 (bank->sectors[sector].size - 1),
1854 &signature)) != ERROR_OK )
1859 /* The expected signatures for an empty sector are different
1860 * for 8 KiB and 64 KiB sectors.
1862 if ( bank->sectors[sector].size == 8*KiB )
1864 bank->sectors[sector].is_erased =
1865 (signature[3] == 0x01ABAAAA) &&
1866 (signature[2] == 0xAAAAAAAA) &&
1867 (signature[1] == 0xAAAAAAAA) &&
1868 (signature[0] == 0xAAA00AAA);
1870 if ( bank->sectors[sector].size == 64*KiB )
1872 bank->sectors[sector].is_erased =
1873 (signature[3] == 0x11801222) &&
1874 (signature[2] == 0xB88844FF) &&
1875 (signature[1] == 0x11A22008) &&
1876 (signature[0] == 0x2B1BFE44);
1885 * Get protection (sector security) status.
1887 * Determine the status of "sector security" for each sector.
1888 * A secured sector is one that can never be erased/programmed again.
1890 * @param bank Pointer to the flash bank descriptor
1892 static int lpc2900_protect_check(struct flash_bank_s *bank)
1894 return lpc2900_read_security_status(bank);
1899 * Print info about the driver (not the device).
1901 * @param bank Pointer to the flash bank descriptor
1902 * @param buf Buffer to take the string
1903 * @param buf_size Maximum number of characters that the buffer can take
1905 static int lpc2900_info(struct flash_bank_s *bank, char *buf, int buf_size)
1907 snprintf(buf, buf_size, "lpc2900 flash driver");
1913 flash_driver_t lpc2900_flash =
1916 .register_commands = lpc2900_register_commands,
1917 .flash_bank_command = lpc2900_flash_bank_command,
1918 .erase = lpc2900_erase,
1919 .protect = lpc2900_protect,
1920 .write = lpc2900_write,
1921 .probe = lpc2900_probe,
1922 .auto_probe = lpc2900_probe,
1923 .erase_check = lpc2900_erase_check,
1924 .protect_check = lpc2900_protect_check,
1925 .info = lpc2900_info
projects / fw / openocd / blob