1 /***************************************************************************
2 * Copyright (C) 2005, 2007 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * Copyright (C) 2009 Michael Schwingen *
5 * michael@schwingen.org *
6 * Copyright (C) 2010 Øyvind Harboe <oyvind.harboe@zylin.com> *
7 * Copyright (C) 2010 by Antonio Borneo <borneo.antonio@gmail.com> *
9 * This program is free software; you can redistribute it and/or modify *
10 * it under the terms of the GNU General Public License as published by *
11 * the Free Software Foundation; either version 2 of the License, or *
12 * (at your option) any later version. *
14 * This program is distributed in the hope that it will be useful, *
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
17 * GNU General Public License for more details. *
19 * You should have received a copy of the GNU General Public License *
20 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
21 ***************************************************************************/
30 #include <target/arm.h>
31 #include <target/arm7_9_common.h>
32 #include <target/armv7m.h>
33 #include <target/mips32.h>
34 #include <helper/binarybuffer.h>
35 #include <target/algorithm.h>
37 /* defines internal maximum size for code fragment in cfi_intel_write_block() */
38 #define CFI_MAX_INTEL_CODESIZE 256
40 /* some id-types with specific handling */
41 #define AT49BV6416 0x00d6
42 #define AT49BV6416T 0x00d2
44 static const struct cfi_unlock_addresses cfi_unlock_addresses[] = {
45 [CFI_UNLOCK_555_2AA] = { .unlock1 = 0x555, .unlock2 = 0x2aa },
46 [CFI_UNLOCK_5555_2AAA] = { .unlock1 = 0x5555, .unlock2 = 0x2aaa },
49 static const int cfi_status_poll_mask_dq6_dq7 = CFI_STATUS_POLL_MASK_DQ6_DQ7;
51 /* CFI fixups forward declarations */
52 static void cfi_fixup_0002_erase_regions(struct flash_bank *bank, const void *param);
53 static void cfi_fixup_0002_unlock_addresses(struct flash_bank *bank, const void *param);
54 static void cfi_fixup_reversed_erase_regions(struct flash_bank *bank, const void *param);
55 static void cfi_fixup_0002_write_buffer(struct flash_bank *bank, const void *param);
56 static void cfi_fixup_0002_polling_bits(struct flash_bank *bank, const void *param);
58 /* fixup after reading cmdset 0002 primary query table */
59 static const struct cfi_fixup cfi_0002_fixups[] = {
60 {CFI_MFR_SST, 0x00D4, cfi_fixup_0002_unlock_addresses,
61 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
62 {CFI_MFR_SST, 0x00D5, cfi_fixup_0002_unlock_addresses,
63 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
64 {CFI_MFR_SST, 0x00D6, cfi_fixup_0002_unlock_addresses,
65 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
66 {CFI_MFR_SST, 0x00D7, cfi_fixup_0002_unlock_addresses,
67 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
68 {CFI_MFR_SST, 0x2780, cfi_fixup_0002_unlock_addresses,
69 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
70 {CFI_MFR_SST, 0x274b, cfi_fixup_0002_unlock_addresses,
71 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
72 {CFI_MFR_SST, 0x235f, cfi_fixup_0002_polling_bits, /* 39VF3201C */
73 &cfi_status_poll_mask_dq6_dq7},
74 {CFI_MFR_SST, 0x236d, cfi_fixup_0002_unlock_addresses,
75 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
76 {CFI_MFR_ATMEL, 0x00C8, cfi_fixup_reversed_erase_regions, NULL},
77 {CFI_MFR_ST, 0x22C4, cfi_fixup_reversed_erase_regions, NULL}, /* M29W160ET */
78 {CFI_MFR_FUJITSU, 0x22ea, cfi_fixup_0002_unlock_addresses,
79 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
80 {CFI_MFR_FUJITSU, 0x226b, cfi_fixup_0002_unlock_addresses,
81 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
82 {CFI_MFR_AMIC, 0xb31a, cfi_fixup_0002_unlock_addresses,
83 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
84 {CFI_MFR_MX, 0x225b, cfi_fixup_0002_unlock_addresses,
85 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
86 {CFI_MFR_EON, 0x225b, cfi_fixup_0002_unlock_addresses,
87 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
88 {CFI_MFR_AMD, 0x225b, cfi_fixup_0002_unlock_addresses,
89 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
90 {CFI_MFR_ANY, CFI_ID_ANY, cfi_fixup_0002_erase_regions, NULL},
91 {CFI_MFR_ST, 0x227E, cfi_fixup_0002_write_buffer, NULL},/* M29W128G */
95 /* fixup after reading cmdset 0001 primary query table */
96 static const struct cfi_fixup cfi_0001_fixups[] = {
100 static void cfi_fixup(struct flash_bank *bank, const struct cfi_fixup *fixups)
102 struct cfi_flash_bank *cfi_info = bank->driver_priv;
104 for (const struct cfi_fixup *f = fixups; f->fixup; f++) {
105 if (((f->mfr == CFI_MFR_ANY) || (f->mfr == cfi_info->manufacturer)) &&
106 ((f->id == CFI_ID_ANY) || (f->id == cfi_info->device_id)))
107 f->fixup(bank, f->param);
111 uint32_t cfi_flash_address(struct flash_bank *bank, int sector, uint32_t offset)
113 struct cfi_flash_bank *cfi_info = bank->driver_priv;
115 if (cfi_info->x16_as_x8)
118 /* while the sector list isn't built, only accesses to sector 0 work */
120 return bank->base + offset * bank->bus_width;
122 if (!bank->sectors) {
123 LOG_ERROR("BUG: sector list not yet built");
126 return bank->base + bank->sectors[sector].offset + offset * bank->bus_width;
130 static int cfi_target_write_memory(struct flash_bank *bank, target_addr_t addr,
131 uint32_t count, const uint8_t *buffer)
133 struct cfi_flash_bank *cfi_info = bank->driver_priv;
134 if (cfi_info->write_mem) {
135 return cfi_info->write_mem(bank, addr, count, buffer);
137 return target_write_memory(bank->target, addr, bank->bus_width,
142 int cfi_target_read_memory(struct flash_bank *bank, target_addr_t addr,
143 uint32_t count, uint8_t *buffer)
145 struct cfi_flash_bank *cfi_info = bank->driver_priv;
146 if (cfi_info->read_mem) {
147 return cfi_info->read_mem(bank, addr, count, buffer);
149 return target_read_memory(bank->target, addr, bank->bus_width,
154 static void cfi_command(struct flash_bank *bank, uint8_t cmd, uint8_t *cmd_buf)
156 struct cfi_flash_bank *cfi_info = bank->driver_priv;
158 /* clear whole buffer, to ensure bits that exceed the bus_width
161 for (size_t i = 0; i < CFI_MAX_BUS_WIDTH; i++)
164 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN) {
165 for (int i = bank->bus_width; i > 0; i--)
166 *cmd_buf++ = (i & (bank->chip_width - 1)) ? 0x0 : cmd;
168 for (int i = 1; i <= bank->bus_width; i++)
169 *cmd_buf++ = (i & (bank->chip_width - 1)) ? 0x0 : cmd;
173 int cfi_send_command(struct flash_bank *bank, uint8_t cmd, uint32_t address)
175 uint8_t command[CFI_MAX_BUS_WIDTH];
177 cfi_command(bank, cmd, command);
178 return cfi_target_write_memory(bank, address, 1, command);
181 /* read unsigned 8-bit value from the bank
182 * flash banks are expected to be made of similar chips
183 * the query result should be the same for all
185 static int cfi_query_u8(struct flash_bank *bank, int sector, uint32_t offset, uint8_t *val)
187 struct cfi_flash_bank *cfi_info = bank->driver_priv;
188 uint8_t data[CFI_MAX_BUS_WIDTH];
191 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, sector, offset),
193 if (retval != ERROR_OK)
196 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN)
199 *val = data[bank->bus_width - 1];
204 /* read unsigned 8-bit value from the bank
205 * in case of a bank made of multiple chips,
206 * the individual values are ORed
208 static int cfi_get_u8(struct flash_bank *bank, int sector, uint32_t offset, uint8_t *val)
210 struct cfi_flash_bank *cfi_info = bank->driver_priv;
211 uint8_t data[CFI_MAX_BUS_WIDTH];
214 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, sector, offset),
216 if (retval != ERROR_OK)
219 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN) {
220 for (int i = 0; i < bank->bus_width / bank->chip_width; i++)
226 for (int i = 0; i < bank->bus_width / bank->chip_width; i++)
227 value |= data[bank->bus_width - 1 - i];
234 static int cfi_query_u16(struct flash_bank *bank, int sector, uint32_t offset, uint16_t *val)
236 struct cfi_flash_bank *cfi_info = bank->driver_priv;
237 uint8_t data[CFI_MAX_BUS_WIDTH * 2];
240 if (cfi_info->x16_as_x8) {
241 for (uint8_t i = 0; i < 2; i++) {
242 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, sector, offset + i),
243 1, &data[i * bank->bus_width]);
244 if (retval != ERROR_OK)
248 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, sector, offset),
250 if (retval != ERROR_OK)
254 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN)
255 *val = data[0] | data[bank->bus_width] << 8;
257 *val = data[bank->bus_width - 1] | data[(2 * bank->bus_width) - 1] << 8;
262 static int cfi_query_u32(struct flash_bank *bank, int sector, uint32_t offset, uint32_t *val)
264 struct cfi_flash_bank *cfi_info = bank->driver_priv;
265 uint8_t data[CFI_MAX_BUS_WIDTH * 4];
268 if (cfi_info->x16_as_x8) {
269 for (uint8_t i = 0; i < 4; i++) {
270 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, sector, offset + i),
271 1, &data[i * bank->bus_width]);
272 if (retval != ERROR_OK)
276 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, sector, offset),
278 if (retval != ERROR_OK)
282 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN)
283 *val = data[0] | data[bank->bus_width] << 8 |
284 data[bank->bus_width * 2] << 16 | data[bank->bus_width * 3] << 24;
286 *val = data[bank->bus_width - 1] | data[(2 * bank->bus_width) - 1] << 8 |
287 data[(3 * bank->bus_width) - 1] << 16 |
288 data[(4 * bank->bus_width) - 1] << 24;
293 int cfi_reset(struct flash_bank *bank)
295 struct cfi_flash_bank *cfi_info = bank->driver_priv;
296 int retval = ERROR_OK;
298 retval = cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
299 if (retval != ERROR_OK)
302 retval = cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
303 if (retval != ERROR_OK)
306 if (cfi_info->manufacturer == 0x20 &&
307 (cfi_info->device_id == 0x227E || cfi_info->device_id == 0x7E)) {
308 /* Numonix M29W128G is cmd 0xFF intolerant - causes internal undefined state
309 * so we send an extra 0xF0 reset to fix the bug */
310 retval = cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x00));
311 if (retval != ERROR_OK)
318 static void cfi_intel_clear_status_register(struct flash_bank *bank)
320 cfi_send_command(bank, 0x50, cfi_flash_address(bank, 0, 0x0));
323 static int cfi_intel_wait_status_busy(struct flash_bank *bank, int timeout, uint8_t *val)
327 int retval = ERROR_OK;
331 LOG_ERROR("timeout while waiting for WSM to become ready");
335 retval = cfi_get_u8(bank, 0, 0x0, &status);
336 if (retval != ERROR_OK)
345 /* mask out bit 0 (reserved) */
346 status = status & 0xfe;
348 LOG_DEBUG("status: 0x%x", status);
350 if (status != 0x80) {
351 LOG_ERROR("status register: 0x%x", status);
353 LOG_ERROR("Block Lock-Bit Detected, Operation Abort");
355 LOG_ERROR("Program suspended");
357 LOG_ERROR("Low Programming Voltage Detected, Operation Aborted");
359 LOG_ERROR("Program Error / Error in Setting Lock-Bit");
361 LOG_ERROR("Error in Block Erasure or Clear Lock-Bits");
363 LOG_ERROR("Block Erase Suspended");
365 cfi_intel_clear_status_register(bank);
374 int cfi_spansion_wait_status_busy(struct flash_bank *bank, int timeout)
376 uint8_t status, oldstatus;
377 struct cfi_flash_bank *cfi_info = bank->driver_priv;
380 retval = cfi_get_u8(bank, 0, 0x0, &oldstatus);
381 if (retval != ERROR_OK)
385 retval = cfi_get_u8(bank, 0, 0x0, &status);
387 if (retval != ERROR_OK)
390 if ((status ^ oldstatus) & 0x40) {
391 if (status & cfi_info->status_poll_mask & 0x20) {
392 retval = cfi_get_u8(bank, 0, 0x0, &oldstatus);
393 if (retval != ERROR_OK)
395 retval = cfi_get_u8(bank, 0, 0x0, &status);
396 if (retval != ERROR_OK)
398 if ((status ^ oldstatus) & 0x40) {
399 LOG_ERROR("dq5 timeout, status: 0x%x", status);
400 return ERROR_FLASH_OPERATION_FAILED;
402 LOG_DEBUG("status: 0x%x", status);
406 } else {/* no toggle: finished, OK */
407 LOG_DEBUG("status: 0x%x", status);
413 } while (timeout-- > 0);
415 LOG_ERROR("timeout, status: 0x%x", status);
417 return ERROR_FLASH_BUSY;
420 static int cfi_read_intel_pri_ext(struct flash_bank *bank)
423 struct cfi_flash_bank *cfi_info = bank->driver_priv;
424 struct cfi_intel_pri_ext *pri_ext;
426 if (cfi_info->pri_ext)
427 free(cfi_info->pri_ext);
429 pri_ext = malloc(sizeof(struct cfi_intel_pri_ext));
430 if (pri_ext == NULL) {
431 LOG_ERROR("Out of memory");
434 cfi_info->pri_ext = pri_ext;
436 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &pri_ext->pri[0]);
437 if (retval != ERROR_OK)
439 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &pri_ext->pri[1]);
440 if (retval != ERROR_OK)
442 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &pri_ext->pri[2]);
443 if (retval != ERROR_OK)
446 if ((pri_ext->pri[0] != 'P') || (pri_ext->pri[1] != 'R') || (pri_ext->pri[2] != 'I')) {
447 retval = cfi_reset(bank);
448 if (retval != ERROR_OK)
450 LOG_ERROR("Could not read bank flash bank information");
451 return ERROR_FLASH_BANK_INVALID;
454 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &pri_ext->major_version);
455 if (retval != ERROR_OK)
457 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &pri_ext->minor_version);
458 if (retval != ERROR_OK)
461 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", pri_ext->pri[0], pri_ext->pri[1],
462 pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
464 retval = cfi_query_u32(bank, 0, cfi_info->pri_addr + 5, &pri_ext->feature_support);
465 if (retval != ERROR_OK)
467 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 9, &pri_ext->suspend_cmd_support);
468 if (retval != ERROR_OK)
470 retval = cfi_query_u16(bank, 0, cfi_info->pri_addr + 0xa, &pri_ext->blk_status_reg_mask);
471 if (retval != ERROR_OK)
474 LOG_DEBUG("feature_support: 0x%" PRIx32 ", suspend_cmd_support: "
475 "0x%x, blk_status_reg_mask: 0x%x",
476 pri_ext->feature_support,
477 pri_ext->suspend_cmd_support,
478 pri_ext->blk_status_reg_mask);
480 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xc, &pri_ext->vcc_optimal);
481 if (retval != ERROR_OK)
483 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xd, &pri_ext->vpp_optimal);
484 if (retval != ERROR_OK)
487 LOG_DEBUG("Vcc opt: %x.%x, Vpp opt: %u.%x",
488 (pri_ext->vcc_optimal & 0xf0) >> 4, pri_ext->vcc_optimal & 0x0f,
489 (pri_ext->vpp_optimal & 0xf0) >> 4, pri_ext->vpp_optimal & 0x0f);
491 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xe, &pri_ext->num_protection_fields);
492 if (retval != ERROR_OK)
494 if (pri_ext->num_protection_fields != 1) {
495 LOG_WARNING("expected one protection register field, but found %i",
496 pri_ext->num_protection_fields);
499 retval = cfi_query_u16(bank, 0, cfi_info->pri_addr + 0xf, &pri_ext->prot_reg_addr);
500 if (retval != ERROR_OK)
502 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0x11, &pri_ext->fact_prot_reg_size);
503 if (retval != ERROR_OK)
505 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0x12, &pri_ext->user_prot_reg_size);
506 if (retval != ERROR_OK)
509 LOG_DEBUG("protection_fields: %i, prot_reg_addr: 0x%x, "
510 "factory pre-programmed: %i, user programmable: %i",
511 pri_ext->num_protection_fields, pri_ext->prot_reg_addr,
512 1 << pri_ext->fact_prot_reg_size, 1 << pri_ext->user_prot_reg_size);
517 static int cfi_read_spansion_pri_ext(struct flash_bank *bank)
520 struct cfi_flash_bank *cfi_info = bank->driver_priv;
521 struct cfi_spansion_pri_ext *pri_ext;
523 if (cfi_info->pri_ext)
524 free(cfi_info->pri_ext);
526 pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext));
527 if (pri_ext == NULL) {
528 LOG_ERROR("Out of memory");
531 cfi_info->pri_ext = pri_ext;
533 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &pri_ext->pri[0]);
534 if (retval != ERROR_OK)
536 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &pri_ext->pri[1]);
537 if (retval != ERROR_OK)
539 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &pri_ext->pri[2]);
540 if (retval != ERROR_OK)
543 /* default values for implementation specific workarounds */
544 pri_ext->_unlock1 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock1;
545 pri_ext->_unlock2 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock2;
546 pri_ext->_reversed_geometry = 0;
548 if ((pri_ext->pri[0] != 'P') || (pri_ext->pri[1] != 'R') || (pri_ext->pri[2] != 'I')) {
549 retval = cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
550 if (retval != ERROR_OK)
552 LOG_ERROR("Could not read spansion bank information");
553 return ERROR_FLASH_BANK_INVALID;
556 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &pri_ext->major_version);
557 if (retval != ERROR_OK)
559 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &pri_ext->minor_version);
560 if (retval != ERROR_OK)
563 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", pri_ext->pri[0], pri_ext->pri[1],
564 pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
566 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 5, &pri_ext->SiliconRevision);
567 if (retval != ERROR_OK)
569 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 6, &pri_ext->EraseSuspend);
570 if (retval != ERROR_OK)
572 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 7, &pri_ext->BlkProt);
573 if (retval != ERROR_OK)
575 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 8, &pri_ext->TmpBlkUnprotect);
576 if (retval != ERROR_OK)
578 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 9, &pri_ext->BlkProtUnprot);
579 if (retval != ERROR_OK)
581 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 10, &pri_ext->SimultaneousOps);
582 if (retval != ERROR_OK)
584 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 11, &pri_ext->BurstMode);
585 if (retval != ERROR_OK)
587 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 12, &pri_ext->PageMode);
588 if (retval != ERROR_OK)
590 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 13, &pri_ext->VppMin);
591 if (retval != ERROR_OK)
593 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 14, &pri_ext->VppMax);
594 if (retval != ERROR_OK)
596 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 15, &pri_ext->TopBottom);
597 if (retval != ERROR_OK)
600 LOG_DEBUG("Silicon Revision: 0x%x, Erase Suspend: 0x%x, Block protect: 0x%x",
601 pri_ext->SiliconRevision, pri_ext->EraseSuspend, pri_ext->BlkProt);
603 LOG_DEBUG("Temporary Unprotect: 0x%x, Block Protect Scheme: 0x%x, "
604 "Simultaneous Ops: 0x%x", pri_ext->TmpBlkUnprotect,
605 pri_ext->BlkProtUnprot, pri_ext->SimultaneousOps);
607 LOG_DEBUG("Burst Mode: 0x%x, Page Mode: 0x%x, ", pri_ext->BurstMode, pri_ext->PageMode);
610 LOG_DEBUG("Vpp min: %u.%x, Vpp max: %u.%x",
611 (pri_ext->VppMin & 0xf0) >> 4, pri_ext->VppMin & 0x0f,
612 (pri_ext->VppMax & 0xf0) >> 4, pri_ext->VppMax & 0x0f);
614 LOG_DEBUG("WP# protection 0x%x", pri_ext->TopBottom);
619 static int cfi_read_atmel_pri_ext(struct flash_bank *bank)
622 struct cfi_atmel_pri_ext atmel_pri_ext;
623 struct cfi_flash_bank *cfi_info = bank->driver_priv;
624 struct cfi_spansion_pri_ext *pri_ext;
626 if (cfi_info->pri_ext)
627 free(cfi_info->pri_ext);
629 pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext));
630 if (pri_ext == NULL) {
631 LOG_ERROR("Out of memory");
635 /* ATMEL devices use the same CFI primary command set (0x2) as AMD/Spansion,
636 * but a different primary extended query table.
637 * We read the atmel table, and prepare a valid AMD/Spansion query table.
640 memset(pri_ext, 0, sizeof(struct cfi_spansion_pri_ext));
642 cfi_info->pri_ext = pri_ext;
644 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &atmel_pri_ext.pri[0]);
645 if (retval != ERROR_OK)
647 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &atmel_pri_ext.pri[1]);
648 if (retval != ERROR_OK)
650 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &atmel_pri_ext.pri[2]);
651 if (retval != ERROR_OK)
654 if ((atmel_pri_ext.pri[0] != 'P') || (atmel_pri_ext.pri[1] != 'R')
655 || (atmel_pri_ext.pri[2] != 'I')) {
656 retval = cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
657 if (retval != ERROR_OK)
659 LOG_ERROR("Could not read atmel bank information");
660 return ERROR_FLASH_BANK_INVALID;
663 pri_ext->pri[0] = atmel_pri_ext.pri[0];
664 pri_ext->pri[1] = atmel_pri_ext.pri[1];
665 pri_ext->pri[2] = atmel_pri_ext.pri[2];
667 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &atmel_pri_ext.major_version);
668 if (retval != ERROR_OK)
670 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &atmel_pri_ext.minor_version);
671 if (retval != ERROR_OK)
674 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", atmel_pri_ext.pri[0],
675 atmel_pri_ext.pri[1], atmel_pri_ext.pri[2],
676 atmel_pri_ext.major_version, atmel_pri_ext.minor_version);
678 pri_ext->major_version = atmel_pri_ext.major_version;
679 pri_ext->minor_version = atmel_pri_ext.minor_version;
681 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 5, &atmel_pri_ext.features);
682 if (retval != ERROR_OK)
684 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 6, &atmel_pri_ext.bottom_boot);
685 if (retval != ERROR_OK)
687 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 7, &atmel_pri_ext.burst_mode);
688 if (retval != ERROR_OK)
690 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 8, &atmel_pri_ext.page_mode);
691 if (retval != ERROR_OK)
695 "features: 0x%2.2x, bottom_boot: 0x%2.2x, burst_mode: 0x%2.2x, page_mode: 0x%2.2x",
696 atmel_pri_ext.features,
697 atmel_pri_ext.bottom_boot,
698 atmel_pri_ext.burst_mode,
699 atmel_pri_ext.page_mode);
701 if (atmel_pri_ext.features & 0x02)
702 pri_ext->EraseSuspend = 2;
704 /* some chips got it backwards... */
705 if (cfi_info->device_id == AT49BV6416 ||
706 cfi_info->device_id == AT49BV6416T) {
707 if (atmel_pri_ext.bottom_boot)
708 pri_ext->TopBottom = 3;
710 pri_ext->TopBottom = 2;
712 if (atmel_pri_ext.bottom_boot)
713 pri_ext->TopBottom = 2;
715 pri_ext->TopBottom = 3;
718 pri_ext->_unlock1 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock1;
719 pri_ext->_unlock2 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock2;
724 static int cfi_read_0002_pri_ext(struct flash_bank *bank)
726 struct cfi_flash_bank *cfi_info = bank->driver_priv;
728 if (cfi_info->manufacturer == CFI_MFR_ATMEL)
729 return cfi_read_atmel_pri_ext(bank);
731 return cfi_read_spansion_pri_ext(bank);
734 static int cfi_spansion_info(struct flash_bank *bank, char *buf, int buf_size)
737 struct cfi_flash_bank *cfi_info = bank->driver_priv;
738 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
740 printed = snprintf(buf, buf_size, "\nSpansion primary algorithm extend information:\n");
744 printed = snprintf(buf, buf_size, "pri: '%c%c%c', version: %c.%c\n", pri_ext->pri[0],
745 pri_ext->pri[1], pri_ext->pri[2],
746 pri_ext->major_version, pri_ext->minor_version);
750 printed = snprintf(buf, buf_size, "Silicon Rev.: 0x%x, Address Sensitive unlock: 0x%x\n",
751 (pri_ext->SiliconRevision) >> 2,
752 (pri_ext->SiliconRevision) & 0x03);
756 printed = snprintf(buf, buf_size, "Erase Suspend: 0x%x, Sector Protect: 0x%x\n",
757 pri_ext->EraseSuspend,
762 snprintf(buf, buf_size, "VppMin: %u.%x, VppMax: %u.%x\n",
763 (pri_ext->VppMin & 0xf0) >> 4, pri_ext->VppMin & 0x0f,
764 (pri_ext->VppMax & 0xf0) >> 4, pri_ext->VppMax & 0x0f);
769 static int cfi_intel_info(struct flash_bank *bank, char *buf, int buf_size)
772 struct cfi_flash_bank *cfi_info = bank->driver_priv;
773 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
775 printed = snprintf(buf, buf_size, "\nintel primary algorithm extend information:\n");
779 printed = snprintf(buf,
781 "pri: '%c%c%c', version: %c.%c\n",
785 pri_ext->major_version,
786 pri_ext->minor_version);
790 printed = snprintf(buf,
792 "feature_support: 0x%" PRIx32 ", "
793 "suspend_cmd_support: 0x%x, blk_status_reg_mask: 0x%x\n",
794 pri_ext->feature_support,
795 pri_ext->suspend_cmd_support,
796 pri_ext->blk_status_reg_mask);
800 printed = snprintf(buf, buf_size, "Vcc opt: %x.%x, Vpp opt: %u.%x\n",
801 (pri_ext->vcc_optimal & 0xf0) >> 4, pri_ext->vcc_optimal & 0x0f,
802 (pri_ext->vpp_optimal & 0xf0) >> 4, pri_ext->vpp_optimal & 0x0f);
806 snprintf(buf, buf_size, "protection_fields: %i, prot_reg_addr: 0x%x, "
807 "factory pre-programmed: %i, user programmable: %i\n",
808 pri_ext->num_protection_fields, pri_ext->prot_reg_addr,
809 1 << pri_ext->fact_prot_reg_size, 1 << pri_ext->user_prot_reg_size);
814 int cfi_flash_bank_cmd(struct flash_bank *bank, unsigned int argc, const char **argv)
816 struct cfi_flash_bank *cfi_info;
820 return ERROR_COMMAND_SYNTAX_ERROR;
823 * - not exceed max value;
825 * - be equal to a power of 2.
826 * bus must be wide enough to hold one chip */
827 if ((bank->chip_width > CFI_MAX_CHIP_WIDTH)
828 || (bank->bus_width > CFI_MAX_BUS_WIDTH)
829 || (bank->chip_width == 0)
830 || (bank->bus_width == 0)
831 || (bank->chip_width & (bank->chip_width - 1))
832 || (bank->bus_width & (bank->bus_width - 1))
833 || (bank->chip_width > bank->bus_width)) {
834 LOG_ERROR("chip and bus width have to specified in bytes");
835 return ERROR_FLASH_BANK_INVALID;
838 cfi_info = malloc(sizeof(struct cfi_flash_bank));
839 cfi_info->probed = false;
840 cfi_info->erase_region_info = NULL;
841 cfi_info->pri_ext = NULL;
842 bank->driver_priv = cfi_info;
844 cfi_info->x16_as_x8 = 0;
845 cfi_info->jedec_probe = 0;
846 cfi_info->not_cfi = 0;
847 cfi_info->data_swap = 0;
849 for (unsigned i = 6; i < argc; i++) {
850 if (strcmp(argv[i], "x16_as_x8") == 0)
851 cfi_info->x16_as_x8 = 1;
852 else if (strcmp(argv[i], "data_swap") == 0)
853 cfi_info->data_swap = 1;
854 else if (strcmp(argv[i], "bus_swap") == 0)
856 else if (strcmp(argv[i], "jedec_probe") == 0)
857 cfi_info->jedec_probe = 1;
861 cfi_info->endianness =
862 bank->target->endianness == TARGET_LITTLE_ENDIAN ?
863 TARGET_BIG_ENDIAN : TARGET_LITTLE_ENDIAN;
865 cfi_info->endianness = bank->target->endianness;
867 /* bank wasn't probed yet */
868 cfi_info->qry[0] = 0xff;
873 /* flash_bank cfi <base> <size> <chip_width> <bus_width> <target#> [options]
875 FLASH_BANK_COMMAND_HANDLER(cfi_flash_bank_command)
877 return cfi_flash_bank_cmd(bank, CMD_ARGC, CMD_ARGV);
880 static int cfi_intel_erase(struct flash_bank *bank, int first, int last)
883 struct cfi_flash_bank *cfi_info = bank->driver_priv;
885 cfi_intel_clear_status_register(bank);
887 for (int i = first; i <= last; i++) {
888 retval = cfi_send_command(bank, 0x20, cfi_flash_address(bank, i, 0x0));
889 if (retval != ERROR_OK)
892 retval = cfi_send_command(bank, 0xd0, cfi_flash_address(bank, i, 0x0));
893 if (retval != ERROR_OK)
897 retval = cfi_intel_wait_status_busy(bank, cfi_info->block_erase_timeout, &status);
898 if (retval != ERROR_OK)
902 bank->sectors[i].is_erased = 1;
904 retval = cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
905 if (retval != ERROR_OK)
908 LOG_ERROR("couldn't erase block %i of flash bank at base "
909 TARGET_ADDR_FMT, i, bank->base);
910 return ERROR_FLASH_OPERATION_FAILED;
914 return cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
917 int cfi_spansion_unlock_seq(struct flash_bank *bank)
920 struct cfi_flash_bank *cfi_info = bank->driver_priv;
921 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
923 retval = cfi_send_command(bank, 0xaa, cfi_flash_address(bank, 0, pri_ext->_unlock1));
924 if (retval != ERROR_OK)
927 retval = cfi_send_command(bank, 0x55, cfi_flash_address(bank, 0, pri_ext->_unlock2));
928 if (retval != ERROR_OK)
934 static int cfi_spansion_erase(struct flash_bank *bank, int first, int last)
937 struct cfi_flash_bank *cfi_info = bank->driver_priv;
938 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
940 for (int i = first; i <= last; i++) {
941 retval = cfi_spansion_unlock_seq(bank);
942 if (retval != ERROR_OK)
945 retval = cfi_send_command(bank, 0x80, cfi_flash_address(bank, 0, pri_ext->_unlock1));
946 if (retval != ERROR_OK)
949 retval = cfi_spansion_unlock_seq(bank);
950 if (retval != ERROR_OK)
953 retval = cfi_send_command(bank, 0x30, cfi_flash_address(bank, i, 0x0));
954 if (retval != ERROR_OK)
957 if (cfi_spansion_wait_status_busy(bank, cfi_info->block_erase_timeout) == ERROR_OK)
958 bank->sectors[i].is_erased = 1;
960 retval = cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
961 if (retval != ERROR_OK)
964 LOG_ERROR("couldn't erase block %i of flash bank at base "
965 TARGET_ADDR_FMT, i, bank->base);
966 return ERROR_FLASH_OPERATION_FAILED;
970 return cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
973 int cfi_erase(struct flash_bank *bank, int first, int last)
975 struct cfi_flash_bank *cfi_info = bank->driver_priv;
977 if (bank->target->state != TARGET_HALTED) {
978 LOG_ERROR("Target not halted");
979 return ERROR_TARGET_NOT_HALTED;
982 if ((first < 0) || (last < first) || (last >= bank->num_sectors))
983 return ERROR_FLASH_SECTOR_INVALID;
985 if (cfi_info->qry[0] != 'Q')
986 return ERROR_FLASH_BANK_NOT_PROBED;
988 switch (cfi_info->pri_id) {
991 return cfi_intel_erase(bank, first, last);
994 return cfi_spansion_erase(bank, first, last);
997 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
1004 static int cfi_intel_protect(struct flash_bank *bank, int set, int first, int last)
1007 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1008 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
1011 /* if the device supports neither legacy lock/unlock (bit 3) nor
1012 * instant individual block locking (bit 5).
1014 if (!(pri_ext->feature_support & 0x28)) {
1015 LOG_ERROR("lock/unlock not supported on flash");
1016 return ERROR_FLASH_OPERATION_FAILED;
1019 cfi_intel_clear_status_register(bank);
1021 for (int i = first; i <= last; i++) {
1022 retval = cfi_send_command(bank, 0x60, cfi_flash_address(bank, i, 0x0));
1023 if (retval != ERROR_OK)
1026 retval = cfi_send_command(bank, 0x01, cfi_flash_address(bank, i, 0x0));
1027 if (retval != ERROR_OK)
1029 bank->sectors[i].is_protected = 1;
1031 retval = cfi_send_command(bank, 0xd0, cfi_flash_address(bank, i, 0x0));
1032 if (retval != ERROR_OK)
1034 bank->sectors[i].is_protected = 0;
1037 /* instant individual block locking doesn't require reading of the status register
1039 if (!(pri_ext->feature_support & 0x20)) {
1040 /* Clear lock bits operation may take up to 1.4s */
1042 retval = cfi_intel_wait_status_busy(bank, 1400, &status);
1043 if (retval != ERROR_OK)
1046 uint8_t block_status;
1047 /* read block lock bit, to verify status */
1048 retval = cfi_send_command(bank, 0x90, cfi_flash_address(bank, 0, 0x55));
1049 if (retval != ERROR_OK)
1051 retval = cfi_get_u8(bank, i, 0x2, &block_status);
1052 if (retval != ERROR_OK)
1055 if ((block_status & 0x1) != set) {
1057 "couldn't change block lock status (set = %i, block_status = 0x%2.2x)",
1059 retval = cfi_send_command(bank, 0x70, cfi_flash_address(bank, 0, 0x55));
1060 if (retval != ERROR_OK)
1063 retval = cfi_intel_wait_status_busy(bank, 10, &status);
1064 if (retval != ERROR_OK)
1068 return ERROR_FLASH_OPERATION_FAILED;
1077 /* if the device doesn't support individual block lock bits set/clear,
1078 * all blocks have been unlocked in parallel, so we set those that should be protected
1080 if ((!set) && (!(pri_ext->feature_support & 0x20))) {
1081 /* FIX!!! this code path is broken!!!
1083 * The correct approach is:
1085 * 1. read out current protection status
1087 * 2. override read out protection status w/unprotected.
1089 * 3. re-protect what should be protected.
1092 for (int i = 0; i < bank->num_sectors; i++) {
1093 if (bank->sectors[i].is_protected == 1) {
1094 cfi_intel_clear_status_register(bank);
1096 retval = cfi_send_command(bank, 0x60, cfi_flash_address(bank, i, 0x0));
1097 if (retval != ERROR_OK)
1100 retval = cfi_send_command(bank, 0x01, cfi_flash_address(bank, i, 0x0));
1101 if (retval != ERROR_OK)
1105 retval = cfi_intel_wait_status_busy(bank, 100, &status);
1106 if (retval != ERROR_OK)
1112 return cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
1115 int cfi_protect(struct flash_bank *bank, int set, int first, int last)
1117 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1119 if (bank->target->state != TARGET_HALTED) {
1120 LOG_ERROR("Target not halted");
1121 return ERROR_TARGET_NOT_HALTED;
1124 if (cfi_info->qry[0] != 'Q')
1125 return ERROR_FLASH_BANK_NOT_PROBED;
1127 switch (cfi_info->pri_id) {
1130 return cfi_intel_protect(bank, set, first, last);
1133 LOG_WARNING("protect: cfi primary command set %i unsupported", cfi_info->pri_id);
1138 static uint32_t cfi_command_val(struct flash_bank *bank, uint8_t cmd)
1140 struct target *target = bank->target;
1142 uint8_t buf[CFI_MAX_BUS_WIDTH];
1143 cfi_command(bank, cmd, buf);
1144 switch (bank->bus_width) {
1149 return target_buffer_get_u16(target, buf);
1152 return target_buffer_get_u32(target, buf);
1155 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes",
1161 static int cfi_intel_write_block(struct flash_bank *bank, const uint8_t *buffer,
1162 uint32_t address, uint32_t count)
1164 struct target *target = bank->target;
1165 struct reg_param reg_params[7];
1166 struct arm_algorithm arm_algo;
1167 struct working_area *write_algorithm;
1168 struct working_area *source = NULL;
1169 uint32_t buffer_size = 32768;
1170 uint32_t write_command_val, busy_pattern_val, error_pattern_val;
1172 /* algorithm register usage:
1173 * r0: source address (in RAM)
1174 * r1: target address (in Flash)
1176 * r3: flash write command
1177 * r4: status byte (returned to host)
1178 * r5: busy test pattern
1179 * r6: error test pattern
1182 /* see contib/loaders/flash/armv4_5_cfi_intel_32.s for src */
1183 static const uint32_t word_32_code[] = {
1184 0xe4904004, /* loop: ldr r4, [r0], #4 */
1185 0xe5813000, /* str r3, [r1] */
1186 0xe5814000, /* str r4, [r1] */
1187 0xe5914000, /* busy: ldr r4, [r1] */
1188 0xe0047005, /* and r7, r4, r5 */
1189 0xe1570005, /* cmp r7, r5 */
1190 0x1afffffb, /* bne busy */
1191 0xe1140006, /* tst r4, r6 */
1192 0x1a000003, /* bne done */
1193 0xe2522001, /* subs r2, r2, #1 */
1194 0x0a000001, /* beq done */
1195 0xe2811004, /* add r1, r1 #4 */
1196 0xeafffff2, /* b loop */
1197 0xeafffffe /* done: b -2 */
1200 /* see contib/loaders/flash/armv4_5_cfi_intel_16.s for src */
1201 static const uint32_t word_16_code[] = {
1202 0xe0d040b2, /* loop: ldrh r4, [r0], #2 */
1203 0xe1c130b0, /* strh r3, [r1] */
1204 0xe1c140b0, /* strh r4, [r1] */
1205 0xe1d140b0, /* busy ldrh r4, [r1] */
1206 0xe0047005, /* and r7, r4, r5 */
1207 0xe1570005, /* cmp r7, r5 */
1208 0x1afffffb, /* bne busy */
1209 0xe1140006, /* tst r4, r6 */
1210 0x1a000003, /* bne done */
1211 0xe2522001, /* subs r2, r2, #1 */
1212 0x0a000001, /* beq done */
1213 0xe2811002, /* add r1, r1 #2 */
1214 0xeafffff2, /* b loop */
1215 0xeafffffe /* done: b -2 */
1218 /* see contib/loaders/flash/armv4_5_cfi_intel_8.s for src */
1219 static const uint32_t word_8_code[] = {
1220 0xe4d04001, /* loop: ldrb r4, [r0], #1 */
1221 0xe5c13000, /* strb r3, [r1] */
1222 0xe5c14000, /* strb r4, [r1] */
1223 0xe5d14000, /* busy ldrb r4, [r1] */
1224 0xe0047005, /* and r7, r4, r5 */
1225 0xe1570005, /* cmp r7, r5 */
1226 0x1afffffb, /* bne busy */
1227 0xe1140006, /* tst r4, r6 */
1228 0x1a000003, /* bne done */
1229 0xe2522001, /* subs r2, r2, #1 */
1230 0x0a000001, /* beq done */
1231 0xe2811001, /* add r1, r1 #1 */
1232 0xeafffff2, /* b loop */
1233 0xeafffffe /* done: b -2 */
1235 uint8_t target_code[4*CFI_MAX_INTEL_CODESIZE];
1236 const uint32_t *target_code_src;
1237 uint32_t target_code_size;
1238 int retval = ERROR_OK;
1240 /* check we have a supported arch */
1241 if (is_arm(target_to_arm(target))) {
1242 /* All other ARM CPUs have 32 bit instructions */
1243 arm_algo.common_magic = ARM_COMMON_MAGIC;
1244 arm_algo.core_mode = ARM_MODE_SVC;
1245 arm_algo.core_state = ARM_STATE_ARM;
1247 LOG_ERROR("Unknown architecture");
1248 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1251 cfi_intel_clear_status_register(bank);
1253 /* If we are setting up the write_algorith, we need target_code_src
1254 * if not we only need target_code_size. */
1256 /* However, we don't want to create multiple code paths, so we
1257 * do the unnecessary evaluation of target_code_src, which the
1258 * compiler will probably nicely optimize away if not needed */
1260 /* prepare algorithm code for target endian */
1261 switch (bank->bus_width) {
1263 target_code_src = word_8_code;
1264 target_code_size = sizeof(word_8_code);
1267 target_code_src = word_16_code;
1268 target_code_size = sizeof(word_16_code);
1271 target_code_src = word_32_code;
1272 target_code_size = sizeof(word_32_code);
1275 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes",
1277 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1280 /* flash write code */
1281 if (target_code_size > sizeof(target_code)) {
1282 LOG_WARNING("Internal error - target code buffer to small. "
1283 "Increase CFI_MAX_INTEL_CODESIZE and recompile.");
1284 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1287 target_buffer_set_u32_array(target, target_code, target_code_size / 4, target_code_src);
1289 /* Get memory for block write handler */
1290 retval = target_alloc_working_area(target,
1293 if (retval != ERROR_OK) {
1294 LOG_WARNING("No working area available, can't do block memory writes");
1295 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1298 /* write algorithm code to working area */
1299 retval = target_write_buffer(target, write_algorithm->address,
1300 target_code_size, target_code);
1301 if (retval != ERROR_OK) {
1302 LOG_ERROR("Unable to write block write code to target");
1306 /* Get a workspace buffer for the data to flash starting with 32k size.
1307 * Half size until buffer would be smaller 256 Bytes then fail back */
1308 /* FIXME Why 256 bytes, why not 32 bytes (smallest flash write page */
1309 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK) {
1311 if (buffer_size <= 256) {
1313 "no large enough working area available, can't do block memory writes");
1314 retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1319 /* setup algo registers */
1320 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
1321 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
1322 init_reg_param(®_params[2], "r2", 32, PARAM_OUT);
1323 init_reg_param(®_params[3], "r3", 32, PARAM_OUT);
1324 init_reg_param(®_params[4], "r4", 32, PARAM_IN);
1325 init_reg_param(®_params[5], "r5", 32, PARAM_OUT);
1326 init_reg_param(®_params[6], "r6", 32, PARAM_OUT);
1328 /* prepare command and status register patterns */
1329 write_command_val = cfi_command_val(bank, 0x40);
1330 busy_pattern_val = cfi_command_val(bank, 0x80);
1331 error_pattern_val = cfi_command_val(bank, 0x7e);
1333 LOG_DEBUG("Using target buffer at " TARGET_ADDR_FMT " and of size 0x%04" PRIx32,
1334 source->address, buffer_size);
1336 /* Programming main loop */
1338 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1341 retval = target_write_buffer(target, source->address, thisrun_count, buffer);
1342 if (retval != ERROR_OK)
1345 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1346 buf_set_u32(reg_params[1].value, 0, 32, address);
1347 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1349 buf_set_u32(reg_params[3].value, 0, 32, write_command_val);
1350 buf_set_u32(reg_params[5].value, 0, 32, busy_pattern_val);
1351 buf_set_u32(reg_params[6].value, 0, 32, error_pattern_val);
1353 LOG_DEBUG("Write 0x%04" PRIx32 " bytes to flash at 0x%08" PRIx32,
1354 thisrun_count, address);
1356 /* Execute algorithm, assume breakpoint for last instruction */
1357 retval = target_run_algorithm(target, 0, NULL, 7, reg_params,
1358 write_algorithm->address,
1359 write_algorithm->address + target_code_size -
1361 10000, /* 10s should be enough for max. 32k of data */
1364 /* On failure try a fall back to direct word writes */
1365 if (retval != ERROR_OK) {
1366 cfi_intel_clear_status_register(bank);
1368 "Execution of flash algorythm failed. Can't fall back. Please report.");
1369 retval = ERROR_FLASH_OPERATION_FAILED;
1370 /* retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE; */
1371 /* FIXME To allow fall back or recovery, we must save the actual status
1372 * somewhere, so that a higher level code can start recovery. */
1376 /* Check return value from algo code */
1377 wsm_error = buf_get_u32(reg_params[4].value, 0, 32) & error_pattern_val;
1379 /* read status register (outputs debug information) */
1381 cfi_intel_wait_status_busy(bank, 100, &status);
1382 cfi_intel_clear_status_register(bank);
1383 retval = ERROR_FLASH_OPERATION_FAILED;
1387 buffer += thisrun_count;
1388 address += thisrun_count;
1389 count -= thisrun_count;
1394 /* free up resources */
1397 target_free_working_area(target, source);
1399 target_free_working_area(target, write_algorithm);
1401 destroy_reg_param(®_params[0]);
1402 destroy_reg_param(®_params[1]);
1403 destroy_reg_param(®_params[2]);
1404 destroy_reg_param(®_params[3]);
1405 destroy_reg_param(®_params[4]);
1406 destroy_reg_param(®_params[5]);
1407 destroy_reg_param(®_params[6]);
1412 static int cfi_spansion_write_block_mips(struct flash_bank *bank, const uint8_t *buffer,
1413 uint32_t address, uint32_t count)
1415 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1416 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
1417 struct target *target = bank->target;
1418 struct reg_param reg_params[10];
1419 struct mips32_algorithm mips32_info;
1420 struct working_area *write_algorithm;
1421 struct working_area *source;
1422 uint32_t buffer_size = 32768;
1424 int retval = ERROR_OK;
1426 /* input parameters -
1427 * 4 A0 = source address
1428 * 5 A1 = destination address
1429 * 6 A2 = number of writes
1430 * 7 A3 = flash write command
1431 * 8 T0 = constant to mask DQ7 bits (also used for Dq5 with shift)
1432 * output parameters -
1433 * 9 T1 = 0x80 ok 0x00 bad
1435 * 10 T2 = value read from flash to test status
1436 * 11 T3 = holding register
1437 * unlock registers -
1438 * 12 T4 = unlock1_addr
1439 * 13 T5 = unlock1_cmd
1440 * 14 T6 = unlock2_addr
1441 * 15 T7 = unlock2_cmd */
1443 static const uint32_t mips_word_16_code[] = {
1445 MIPS32_LHU(0, 9, 0, 4), /* lhu $t1, ($a0) ; out = &saddr */
1446 MIPS32_ADDI(0, 4, 4, 2), /* addi $a0, $a0, 2 ; saddr += 2 */
1447 MIPS32_SH(0, 13, 0, 12), /* sh $t5, ($t4) ; *fl_unl_addr1 = fl_unl_cmd1 */
1448 MIPS32_SH(0, 15, 0, 14), /* sh $t7, ($t6) ; *fl_unl_addr2 = fl_unl_cmd2 */
1449 MIPS32_SH(0, 7, 0, 12), /* sh $a3, ($t4) ; *fl_unl_addr1 = fl_write_cmd */
1450 MIPS32_SH(0, 9, 0, 5), /* sh $t1, ($a1) ; *daddr = out */
1451 MIPS32_NOP, /* nop */
1453 MIPS32_LHU(0, 10, 0, 5), /* lhu $t2, ($a1) ; temp1 = *daddr */
1454 MIPS32_XOR(0, 11, 9, 10), /* xor $t3, $a0, $t2 ; temp2 = out ^ temp1; */
1455 MIPS32_AND(0, 11, 8, 11), /* and $t3, $t0, $t3 ; temp2 = temp2 & DQ7mask */
1456 MIPS32_BNE(0, 11, 8, 13), /* bne $t3, $t0, cont ; if (temp2 != DQ7mask) goto cont */
1457 MIPS32_NOP, /* nop */
1459 MIPS32_SRL(0, 10, 8, 2), /* srl $t2,$t0,2 ; temp1 = DQ7mask >> 2 */
1460 MIPS32_AND(0, 11, 10, 11), /* and $t3, $t2, $t3 ; temp2 = temp2 & temp1 */
1461 MIPS32_BNE(0, 11, 10, NEG16(8)), /* bne $t3, $t2, busy ; if (temp2 != temp1) goto busy */
1462 MIPS32_NOP, /* nop */
1464 MIPS32_LHU(0, 10, 0, 5), /* lhu $t2, ($a1) ; temp1 = *daddr */
1465 MIPS32_XOR(0, 11, 9, 10), /* xor $t3, $a0, $t2 ; temp2 = out ^ temp1; */
1466 MIPS32_AND(0, 11, 8, 11), /* and $t3, $t0, $t3 ; temp2 = temp2 & DQ7mask */
1467 MIPS32_BNE(0, 11, 8, 4), /* bne $t3, $t0, cont ; if (temp2 != DQ7mask) goto cont */
1468 MIPS32_NOP, /* nop */
1470 MIPS32_XOR(0, 9, 9, 9), /* xor $t1, $t1, $t1 ; out = 0 */
1471 MIPS32_BEQ(0, 9, 0, 11), /* beq $t1, $zero, done ; if (out == 0) goto done */
1472 MIPS32_NOP, /* nop */
1474 MIPS32_ADDI(0, 6, 6, NEG16(1)), /* addi, $a2, $a2, -1 ; numwrites-- */
1475 MIPS32_BNE(0, 6, 0, 5), /* bne $a2, $zero, cont2 ; if (numwrite != 0) goto cont2 */
1476 MIPS32_NOP, /* nop */
1478 MIPS32_LUI(0, 9, 0), /* lui $t1, 0 */
1479 MIPS32_ORI(0, 9, 9, 0x80), /* ori $t1, $t1, 0x80 ; out = 0x80 */
1481 MIPS32_B(0, 4), /* b done ; goto done */
1482 MIPS32_NOP, /* nop */
1484 MIPS32_ADDI(0, 5, 5, 2), /* addi $a0, $a0, 2 ; daddr += 2 */
1485 MIPS32_B(0, NEG16(33)), /* b start ; goto start */
1486 MIPS32_NOP, /* nop */
1488 MIPS32_SDBBP(0), /* sdbbp ; break(); */
1491 mips32_info.common_magic = MIPS32_COMMON_MAGIC;
1492 mips32_info.isa_mode = MIPS32_ISA_MIPS32;
1494 int target_code_size = 0;
1495 const uint32_t *target_code_src = NULL;
1497 switch (bank->bus_width) {
1499 /* Check for DQ5 support */
1500 if (cfi_info->status_poll_mask & (1 << 5)) {
1501 target_code_src = mips_word_16_code;
1502 target_code_size = sizeof(mips_word_16_code);
1504 LOG_ERROR("Need DQ5 support");
1505 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1506 /* target_code_src = mips_word_16_code_dq7only; */
1507 /* target_code_size = sizeof(mips_word_16_code_dq7only); */
1511 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes",
1513 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1516 /* flash write code */
1517 uint8_t *target_code;
1519 /* convert bus-width dependent algorithm code to correct endianness */
1520 target_code = malloc(target_code_size);
1521 if (target_code == NULL) {
1522 LOG_ERROR("Out of memory");
1526 target_buffer_set_u32_array(target, target_code, target_code_size / 4, target_code_src);
1528 /* allocate working area */
1529 retval = target_alloc_working_area(target, target_code_size,
1531 if (retval != ERROR_OK) {
1536 /* write algorithm code to working area */
1537 retval = target_write_buffer(target, write_algorithm->address,
1538 target_code_size, target_code);
1539 if (retval != ERROR_OK) {
1546 /* the following code still assumes target code is fixed 24*4 bytes */
1548 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK) {
1550 if (buffer_size <= 256) {
1551 /* we already allocated the writing code, but failed to get a
1552 * buffer, free the algorithm */
1553 target_free_working_area(target, write_algorithm);
1556 "not enough working area available, can't do block memory writes");
1557 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1561 init_reg_param(®_params[0], "r4", 32, PARAM_OUT);
1562 init_reg_param(®_params[1], "r5", 32, PARAM_OUT);
1563 init_reg_param(®_params[2], "r6", 32, PARAM_OUT);
1564 init_reg_param(®_params[3], "r7", 32, PARAM_OUT);
1565 init_reg_param(®_params[4], "r8", 32, PARAM_OUT);
1566 init_reg_param(®_params[5], "r9", 32, PARAM_IN);
1567 init_reg_param(®_params[6], "r12", 32, PARAM_OUT);
1568 init_reg_param(®_params[7], "r13", 32, PARAM_OUT);
1569 init_reg_param(®_params[8], "r14", 32, PARAM_OUT);
1570 init_reg_param(®_params[9], "r15", 32, PARAM_OUT);
1573 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1575 retval = target_write_buffer(target, source->address, thisrun_count, buffer);
1576 if (retval != ERROR_OK)
1579 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1580 buf_set_u32(reg_params[1].value, 0, 32, address);
1581 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1582 buf_set_u32(reg_params[3].value, 0, 32, cfi_command_val(bank, 0xA0));
1583 buf_set_u32(reg_params[4].value, 0, 32, cfi_command_val(bank, 0x80));
1584 buf_set_u32(reg_params[6].value, 0, 32, cfi_flash_address(bank, 0, pri_ext->_unlock1));
1585 buf_set_u32(reg_params[7].value, 0, 32, 0xaaaaaaaa);
1586 buf_set_u32(reg_params[8].value, 0, 32, cfi_flash_address(bank, 0, pri_ext->_unlock2));
1587 buf_set_u32(reg_params[9].value, 0, 32, 0x55555555);
1589 retval = target_run_algorithm(target, 0, NULL, 10, reg_params,
1590 write_algorithm->address,
1591 write_algorithm->address + ((target_code_size) - 4),
1592 10000, &mips32_info);
1593 if (retval != ERROR_OK)
1596 status = buf_get_u32(reg_params[5].value, 0, 32);
1597 if (status != 0x80) {
1598 LOG_ERROR("flash write block failed status: 0x%" PRIx32, status);
1599 retval = ERROR_FLASH_OPERATION_FAILED;
1603 buffer += thisrun_count;
1604 address += thisrun_count;
1605 count -= thisrun_count;
1608 target_free_all_working_areas(target);
1610 destroy_reg_param(®_params[0]);
1611 destroy_reg_param(®_params[1]);
1612 destroy_reg_param(®_params[2]);
1613 destroy_reg_param(®_params[3]);
1614 destroy_reg_param(®_params[4]);
1615 destroy_reg_param(®_params[5]);
1616 destroy_reg_param(®_params[6]);
1617 destroy_reg_param(®_params[7]);
1618 destroy_reg_param(®_params[8]);
1619 destroy_reg_param(®_params[9]);
1624 static int cfi_spansion_write_block(struct flash_bank *bank, const uint8_t *buffer,
1625 uint32_t address, uint32_t count)
1627 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1628 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
1629 struct target *target = bank->target;
1630 struct reg_param reg_params[10];
1632 struct arm_algorithm armv4_5_algo;
1633 struct armv7m_algorithm armv7m_algo;
1634 struct working_area *write_algorithm;
1635 struct working_area *source;
1636 uint32_t buffer_size = 32768;
1638 int retval = ERROR_OK;
1640 /* input parameters -
1641 * R0 = source address
1642 * R1 = destination address
1643 * R2 = number of writes
1644 * R3 = flash write command
1645 * R4 = constant to mask DQ7 bits (also used for Dq5 with shift)
1646 * output parameters -
1647 * R5 = 0x80 ok 0x00 bad
1649 * R6 = value read from flash to test status
1650 * R7 = holding register
1651 * unlock registers -
1654 * R10 = unlock2_addr
1655 * R11 = unlock2_cmd */
1657 /* see contib/loaders/flash/armv4_5_cfi_span_32.s for src */
1658 static const uint32_t armv4_5_word_32_code[] = {
1659 /* 00008100 <sp_32_code>: */
1660 0xe4905004, /* ldr r5, [r0], #4 */
1661 0xe5889000, /* str r9, [r8] */
1662 0xe58ab000, /* str r11, [r10] */
1663 0xe5883000, /* str r3, [r8] */
1664 0xe5815000, /* str r5, [r1] */
1665 0xe1a00000, /* nop */
1666 /* 00008110 <sp_32_busy>: */
1667 0xe5916000, /* ldr r6, [r1] */
1668 0xe0257006, /* eor r7, r5, r6 */
1669 0xe0147007, /* ands r7, r4, r7 */
1670 0x0a000007, /* beq 8140 <sp_32_cont> ; b if DQ7 == Data7 */
1671 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1672 0x0afffff9, /* beq 8110 <sp_32_busy> ; b if DQ5 low */
1673 0xe5916000, /* ldr r6, [r1] */
1674 0xe0257006, /* eor r7, r5, r6 */
1675 0xe0147007, /* ands r7, r4, r7 */
1676 0x0a000001, /* beq 8140 <sp_32_cont> ; b if DQ7 == Data7 */
1677 0xe3a05000, /* mov r5, #0 ; 0x0 - return 0x00, error */
1678 0x1a000004, /* bne 8154 <sp_32_done> */
1679 /* 00008140 <sp_32_cont>: */
1680 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1681 0x03a05080, /* moveq r5, #128 ; 0x80 */
1682 0x0a000001, /* beq 8154 <sp_32_done> */
1683 0xe2811004, /* add r1, r1, #4 ; 0x4 */
1684 0xeaffffe8, /* b 8100 <sp_32_code> */
1685 /* 00008154 <sp_32_done>: */
1686 0xeafffffe /* b 8154 <sp_32_done> */
1689 /* see contib/loaders/flash/armv4_5_cfi_span_16.s for src */
1690 static const uint32_t armv4_5_word_16_code[] = {
1691 /* 00008158 <sp_16_code>: */
1692 0xe0d050b2, /* ldrh r5, [r0], #2 */
1693 0xe1c890b0, /* strh r9, [r8] */
1694 0xe1cab0b0, /* strh r11, [r10] */
1695 0xe1c830b0, /* strh r3, [r8] */
1696 0xe1c150b0, /* strh r5, [r1] */
1697 0xe1a00000, /* nop (mov r0,r0) */
1698 /* 00008168 <sp_16_busy>: */
1699 0xe1d160b0, /* ldrh r6, [r1] */
1700 0xe0257006, /* eor r7, r5, r6 */
1701 0xe0147007, /* ands r7, r4, r7 */
1702 0x0a000007, /* beq 8198 <sp_16_cont> */
1703 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1704 0x0afffff9, /* beq 8168 <sp_16_busy> */
1705 0xe1d160b0, /* ldrh r6, [r1] */
1706 0xe0257006, /* eor r7, r5, r6 */
1707 0xe0147007, /* ands r7, r4, r7 */
1708 0x0a000001, /* beq 8198 <sp_16_cont> */
1709 0xe3a05000, /* mov r5, #0 ; 0x0 */
1710 0x1a000004, /* bne 81ac <sp_16_done> */
1711 /* 00008198 <sp_16_cont>: */
1712 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1713 0x03a05080, /* moveq r5, #128 ; 0x80 */
1714 0x0a000001, /* beq 81ac <sp_16_done> */
1715 0xe2811002, /* add r1, r1, #2 ; 0x2 */
1716 0xeaffffe8, /* b 8158 <sp_16_code> */
1717 /* 000081ac <sp_16_done>: */
1718 0xeafffffe /* b 81ac <sp_16_done> */
1721 /* see contrib/loaders/flash/armv7m_cfi_span_16.s for src */
1722 static const uint32_t armv7m_word_16_code[] = {
1743 /* see contrib/loaders/flash/armv7m_cfi_span_16_dq7.s for src */
1744 static const uint32_t armv7m_word_16_code_dq7only[] = {
1745 /* 00000000 <code>: */
1746 0x5B02F830, /* ldrh.w r5, [r0], #2 */
1747 0x9000F8A8, /* strh.w r9, [r8] */
1748 0xB000F8AA, /* strh.w fp, [sl] */
1749 0x3000F8A8, /* strh.w r3, [r8] */
1750 0xBF00800D, /* strh r5, [r1, #0] */
1753 /* 00000014 <busy>: */
1754 0xEA85880E, /* ldrh r6, [r1, #0] */
1755 /* eor.w r7, r5, r6 */
1756 0x40270706, /* ands r7, r4 */
1757 0x3A01D1FA, /* bne.n 14 <busy> */
1759 0xF101D002, /* beq.n 28 <success> */
1760 0xE7EB0102, /* add.w r1, r1, #2 */
1763 /* 00000028 <success>: */
1764 0x0580F04F, /* mov.w r5, #128 */
1765 0xBF00E7FF, /* b.n 30 <done> */
1766 /* nop (for alignment purposes) */
1768 /* 00000030 <done>: */
1769 0x0000BE00 /* bkpt 0x0000 */
1772 /* see contrib/loaders/flash/armv4_5_cfi_span_16_dq7.s for src */
1773 static const uint32_t armv4_5_word_16_code_dq7only[] = {
1775 0xe0d050b2, /* ldrh r5, [r0], #2 */
1776 0xe1c890b0, /* strh r9, [r8] */
1777 0xe1cab0b0, /* strh r11, [r10] */
1778 0xe1c830b0, /* strh r3, [r8] */
1779 0xe1c150b0, /* strh r5, [r1] */
1780 0xe1a00000, /* nop (mov r0,r0) */
1782 0xe1d160b0, /* ldrh r6, [r1] */
1783 0xe0257006, /* eor r7, r5, r6 */
1784 0xe2177080, /* ands r7, #0x80 */
1785 0x1afffffb, /* bne 8168 <sp_16_busy> */
1787 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1788 0x03a05080, /* moveq r5, #128 ; 0x80 */
1789 0x0a000001, /* beq 81ac <sp_16_done> */
1790 0xe2811002, /* add r1, r1, #2 ; 0x2 */
1791 0xeafffff0, /* b 8158 <sp_16_code> */
1792 /* 000081ac <sp_16_done>: */
1793 0xeafffffe /* b 81ac <sp_16_done> */
1796 /* see contrib/loaders/flash/armv4_5_cfi_span_8.s for src */
1797 static const uint32_t armv4_5_word_8_code[] = {
1798 /* 000081b0 <sp_16_code_end>: */
1799 0xe4d05001, /* ldrb r5, [r0], #1 */
1800 0xe5c89000, /* strb r9, [r8] */
1801 0xe5cab000, /* strb r11, [r10] */
1802 0xe5c83000, /* strb r3, [r8] */
1803 0xe5c15000, /* strb r5, [r1] */
1804 0xe1a00000, /* nop (mov r0,r0) */
1805 /* 000081c0 <sp_8_busy>: */
1806 0xe5d16000, /* ldrb r6, [r1] */
1807 0xe0257006, /* eor r7, r5, r6 */
1808 0xe0147007, /* ands r7, r4, r7 */
1809 0x0a000007, /* beq 81f0 <sp_8_cont> */
1810 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1811 0x0afffff9, /* beq 81c0 <sp_8_busy> */
1812 0xe5d16000, /* ldrb r6, [r1] */
1813 0xe0257006, /* eor r7, r5, r6 */
1814 0xe0147007, /* ands r7, r4, r7 */
1815 0x0a000001, /* beq 81f0 <sp_8_cont> */
1816 0xe3a05000, /* mov r5, #0 ; 0x0 */
1817 0x1a000004, /* bne 8204 <sp_8_done> */
1818 /* 000081f0 <sp_8_cont>: */
1819 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1820 0x03a05080, /* moveq r5, #128 ; 0x80 */
1821 0x0a000001, /* beq 8204 <sp_8_done> */
1822 0xe2811001, /* add r1, r1, #1 ; 0x1 */
1823 0xeaffffe8, /* b 81b0 <sp_16_code_end> */
1824 /* 00008204 <sp_8_done>: */
1825 0xeafffffe /* b 8204 <sp_8_done> */
1828 if (strncmp(target_type_name(target), "mips_m4k", 8) == 0)
1829 return cfi_spansion_write_block_mips(bank, buffer, address, count);
1831 if (is_armv7m(target_to_armv7m(target))) { /* armv7m target */
1832 armv7m_algo.common_magic = ARMV7M_COMMON_MAGIC;
1833 armv7m_algo.core_mode = ARM_MODE_THREAD;
1834 arm_algo = &armv7m_algo;
1835 } else if (is_arm(target_to_arm(target))) {
1836 /* All other ARM CPUs have 32 bit instructions */
1837 armv4_5_algo.common_magic = ARM_COMMON_MAGIC;
1838 armv4_5_algo.core_mode = ARM_MODE_SVC;
1839 armv4_5_algo.core_state = ARM_STATE_ARM;
1840 arm_algo = &armv4_5_algo;
1842 LOG_ERROR("Unknown architecture");
1843 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1846 int target_code_size = 0;
1847 const uint32_t *target_code_src = NULL;
1849 switch (bank->bus_width) {
1851 if (is_armv7m(target_to_armv7m(target))) {
1852 LOG_ERROR("Unknown ARM architecture");
1855 target_code_src = armv4_5_word_8_code;
1856 target_code_size = sizeof(armv4_5_word_8_code);
1859 /* Check for DQ5 support */
1860 if (cfi_info->status_poll_mask & (1 << 5)) {
1861 if (is_armv7m(target_to_armv7m(target))) {
1863 target_code_src = armv7m_word_16_code;
1864 target_code_size = sizeof(armv7m_word_16_code);
1865 } else { /* armv4_5 target */
1866 target_code_src = armv4_5_word_16_code;
1867 target_code_size = sizeof(armv4_5_word_16_code);
1870 /* No DQ5 support. Use DQ7 DATA# polling only. */
1871 if (is_armv7m(target_to_armv7m(target))) {
1873 target_code_src = armv7m_word_16_code_dq7only;
1874 target_code_size = sizeof(armv7m_word_16_code_dq7only);
1875 } else { /* armv4_5 target */
1876 target_code_src = armv4_5_word_16_code_dq7only;
1877 target_code_size = sizeof(armv4_5_word_16_code_dq7only);
1882 if (is_armv7m(target_to_armv7m(target))) {
1883 LOG_ERROR("Unknown ARM architecture");
1886 target_code_src = armv4_5_word_32_code;
1887 target_code_size = sizeof(armv4_5_word_32_code);
1890 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes",
1892 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1895 /* flash write code */
1896 uint8_t *target_code;
1898 /* convert bus-width dependent algorithm code to correct endianness */
1899 target_code = malloc(target_code_size);
1900 if (target_code == NULL) {
1901 LOG_ERROR("Out of memory");
1905 target_buffer_set_u32_array(target, target_code, target_code_size / 4, target_code_src);
1907 /* allocate working area */
1908 retval = target_alloc_working_area(target, target_code_size,
1910 if (retval != ERROR_OK) {
1915 /* write algorithm code to working area */
1916 retval = target_write_buffer(target, write_algorithm->address,
1917 target_code_size, target_code);
1918 if (retval != ERROR_OK) {
1925 /* the following code still assumes target code is fixed 24*4 bytes */
1927 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK) {
1929 if (buffer_size <= 256) {
1930 /* we already allocated the writing code, but failed to get a
1931 * buffer, free the algorithm */
1932 target_free_working_area(target, write_algorithm);
1935 "not enough working area available, can't do block memory writes");
1936 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1940 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
1941 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
1942 init_reg_param(®_params[2], "r2", 32, PARAM_OUT);
1943 init_reg_param(®_params[3], "r3", 32, PARAM_OUT);
1944 init_reg_param(®_params[4], "r4", 32, PARAM_OUT);
1945 init_reg_param(®_params[5], "r5", 32, PARAM_IN);
1946 init_reg_param(®_params[6], "r8", 32, PARAM_OUT);
1947 init_reg_param(®_params[7], "r9", 32, PARAM_OUT);
1948 init_reg_param(®_params[8], "r10", 32, PARAM_OUT);
1949 init_reg_param(®_params[9], "r11", 32, PARAM_OUT);
1952 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1954 retval = target_write_buffer(target, source->address, thisrun_count, buffer);
1955 if (retval != ERROR_OK)
1958 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1959 buf_set_u32(reg_params[1].value, 0, 32, address);
1960 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1961 buf_set_u32(reg_params[3].value, 0, 32, cfi_command_val(bank, 0xA0));
1962 buf_set_u32(reg_params[4].value, 0, 32, cfi_command_val(bank, 0x80));
1963 buf_set_u32(reg_params[6].value, 0, 32, cfi_flash_address(bank, 0, pri_ext->_unlock1));
1964 buf_set_u32(reg_params[7].value, 0, 32, 0xaaaaaaaa);
1965 buf_set_u32(reg_params[8].value, 0, 32, cfi_flash_address(bank, 0, pri_ext->_unlock2));
1966 buf_set_u32(reg_params[9].value, 0, 32, 0x55555555);
1968 retval = target_run_algorithm(target, 0, NULL, 10, reg_params,
1969 write_algorithm->address,
1970 write_algorithm->address + ((target_code_size) - 4),
1972 if (retval != ERROR_OK)
1975 status = buf_get_u32(reg_params[5].value, 0, 32);
1976 if (status != 0x80) {
1977 LOG_ERROR("flash write block failed status: 0x%" PRIx32, status);
1978 retval = ERROR_FLASH_OPERATION_FAILED;
1982 buffer += thisrun_count;
1983 address += thisrun_count;
1984 count -= thisrun_count;
1987 target_free_all_working_areas(target);
1989 destroy_reg_param(®_params[0]);
1990 destroy_reg_param(®_params[1]);
1991 destroy_reg_param(®_params[2]);
1992 destroy_reg_param(®_params[3]);
1993 destroy_reg_param(®_params[4]);
1994 destroy_reg_param(®_params[5]);
1995 destroy_reg_param(®_params[6]);
1996 destroy_reg_param(®_params[7]);
1997 destroy_reg_param(®_params[8]);
1998 destroy_reg_param(®_params[9]);
2003 static int cfi_intel_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
2006 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2008 cfi_intel_clear_status_register(bank);
2009 retval = cfi_send_command(bank, 0x40, address);
2010 if (retval != ERROR_OK)
2013 retval = cfi_target_write_memory(bank, address, 1, word);
2014 if (retval != ERROR_OK)
2018 retval = cfi_intel_wait_status_busy(bank, cfi_info->word_write_timeout, &status);
2019 if (retval != ERROR_OK)
2021 if (status != 0x80) {
2022 retval = cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
2023 if (retval != ERROR_OK)
2026 LOG_ERROR("couldn't write word at base " TARGET_ADDR_FMT
2027 ", address 0x%" PRIx32,
2028 bank->base, address);
2029 return ERROR_FLASH_OPERATION_FAILED;
2035 static int cfi_intel_write_words(struct flash_bank *bank, const uint8_t *word,
2036 uint32_t wordcount, uint32_t address)
2039 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2041 /* Calculate buffer size and boundary mask
2042 * buffersize is (buffer size per chip) * (number of chips)
2043 * bufferwsize is buffersize in words */
2044 uint32_t buffersize =
2045 (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
2046 uint32_t buffermask = buffersize-1;
2047 uint32_t bufferwsize = buffersize / bank->bus_width;
2049 /* Check for valid range */
2050 if (address & buffermask) {
2051 LOG_ERROR("Write address at base " TARGET_ADDR_FMT ", address 0x%"
2052 PRIx32 " not aligned to 2^%d boundary",
2053 bank->base, address, cfi_info->max_buf_write_size);
2054 return ERROR_FLASH_OPERATION_FAILED;
2057 /* Check for valid size */
2058 if (wordcount > bufferwsize) {
2059 LOG_ERROR("Number of data words %" PRId32 " exceeds available buffersize %" PRId32,
2060 wordcount, buffersize);
2061 return ERROR_FLASH_OPERATION_FAILED;
2064 /* Write to flash buffer */
2065 cfi_intel_clear_status_register(bank);
2067 /* Initiate buffer operation _*/
2068 retval = cfi_send_command(bank, 0xe8, address);
2069 if (retval != ERROR_OK)
2072 retval = cfi_intel_wait_status_busy(bank, cfi_info->buf_write_timeout, &status);
2073 if (retval != ERROR_OK)
2075 if (status != 0x80) {
2076 retval = cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
2077 if (retval != ERROR_OK)
2081 "couldn't start buffer write operation at base " TARGET_ADDR_FMT
2082 ", address 0x%" PRIx32,
2085 return ERROR_FLASH_OPERATION_FAILED;
2088 /* Write buffer wordcount-1 and data words */
2089 retval = cfi_send_command(bank, bufferwsize-1, address);
2090 if (retval != ERROR_OK)
2093 retval = cfi_target_write_memory(bank, address, bufferwsize, word);
2094 if (retval != ERROR_OK)
2097 /* Commit write operation */
2098 retval = cfi_send_command(bank, 0xd0, address);
2099 if (retval != ERROR_OK)
2102 retval = cfi_intel_wait_status_busy(bank, cfi_info->buf_write_timeout, &status);
2103 if (retval != ERROR_OK)
2106 if (status != 0x80) {
2107 retval = cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
2108 if (retval != ERROR_OK)
2111 LOG_ERROR("Buffer write at base " TARGET_ADDR_FMT
2112 ", address 0x%" PRIx32 " failed.", bank->base, address);
2113 return ERROR_FLASH_OPERATION_FAILED;
2119 static int cfi_spansion_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
2122 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2123 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2125 retval = cfi_spansion_unlock_seq(bank);
2126 if (retval != ERROR_OK)
2129 retval = cfi_send_command(bank, 0xa0, cfi_flash_address(bank, 0, pri_ext->_unlock1));
2130 if (retval != ERROR_OK)
2133 retval = cfi_target_write_memory(bank, address, 1, word);
2134 if (retval != ERROR_OK)
2137 if (cfi_spansion_wait_status_busy(bank, cfi_info->word_write_timeout) != ERROR_OK) {
2138 retval = cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
2139 if (retval != ERROR_OK)
2142 LOG_ERROR("couldn't write word at base " TARGET_ADDR_FMT
2143 ", address 0x%" PRIx32, bank->base, address);
2144 return ERROR_FLASH_OPERATION_FAILED;
2150 static int cfi_spansion_write_words(struct flash_bank *bank, const uint8_t *word,
2151 uint32_t wordcount, uint32_t address)
2154 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2156 /* Calculate buffer size and boundary mask
2157 * buffersize is (buffer size per chip) * (number of chips)
2158 * bufferwsize is buffersize in words */
2159 uint32_t buffersize =
2160 (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
2161 uint32_t buffermask = buffersize-1;
2162 uint32_t bufferwsize = buffersize / bank->bus_width;
2164 /* Check for valid range */
2165 if (address & buffermask) {
2166 LOG_ERROR("Write address at base " TARGET_ADDR_FMT
2167 ", address 0x%" PRIx32 " not aligned to 2^%d boundary",
2168 bank->base, address, cfi_info->max_buf_write_size);
2169 return ERROR_FLASH_OPERATION_FAILED;
2172 /* Check for valid size */
2173 if (wordcount > bufferwsize) {
2174 LOG_ERROR("Number of data words %" PRId32 " exceeds available buffersize %"
2175 PRId32, wordcount, buffersize);
2176 return ERROR_FLASH_OPERATION_FAILED;
2180 retval = cfi_spansion_unlock_seq(bank);
2181 if (retval != ERROR_OK)
2184 /* Buffer load command */
2185 retval = cfi_send_command(bank, 0x25, address);
2186 if (retval != ERROR_OK)
2189 /* Write buffer wordcount-1 and data words */
2190 retval = cfi_send_command(bank, bufferwsize-1, address);
2191 if (retval != ERROR_OK)
2194 retval = cfi_target_write_memory(bank, address, bufferwsize, word);
2195 if (retval != ERROR_OK)
2198 /* Commit write operation */
2199 retval = cfi_send_command(bank, 0x29, address);
2200 if (retval != ERROR_OK)
2203 if (cfi_spansion_wait_status_busy(bank, cfi_info->buf_write_timeout) != ERROR_OK) {
2204 retval = cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
2205 if (retval != ERROR_OK)
2208 LOG_ERROR("couldn't write block at base " TARGET_ADDR_FMT
2209 ", address 0x%" PRIx32 ", size 0x%" PRIx32, bank->base, address,
2211 return ERROR_FLASH_OPERATION_FAILED;
2217 int cfi_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
2219 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2221 switch (cfi_info->pri_id) {
2224 return cfi_intel_write_word(bank, word, address);
2227 return cfi_spansion_write_word(bank, word, address);
2230 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2234 return ERROR_FLASH_OPERATION_FAILED;
2237 static int cfi_write_words(struct flash_bank *bank, const uint8_t *word,
2238 uint32_t wordcount, uint32_t address)
2240 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2242 if (cfi_info->buf_write_timeout_typ == 0) {
2243 /* buffer writes are not supported */
2244 LOG_DEBUG("Buffer Writes Not Supported");
2245 return ERROR_FLASH_OPER_UNSUPPORTED;
2248 switch (cfi_info->pri_id) {
2251 return cfi_intel_write_words(bank, word, wordcount, address);
2254 return cfi_spansion_write_words(bank, word, wordcount, address);
2257 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2261 return ERROR_FLASH_OPERATION_FAILED;
2264 static int cfi_read(struct flash_bank *bank, uint8_t *buffer, uint32_t offset, uint32_t count)
2266 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2267 uint32_t address = bank->base + offset;
2269 int align; /* number of unaligned bytes */
2270 uint8_t current_word[CFI_MAX_BUS_WIDTH];
2273 LOG_DEBUG("reading buffer of %i byte at 0x%8.8x",
2274 (int)count, (unsigned)offset);
2276 if (bank->target->state != TARGET_HALTED) {
2277 LOG_ERROR("Target not halted");
2278 return ERROR_TARGET_NOT_HALTED;
2281 if (offset + count > bank->size)
2282 return ERROR_FLASH_DST_OUT_OF_BANK;
2284 if (cfi_info->qry[0] != 'Q')
2285 return ERROR_FLASH_BANK_NOT_PROBED;
2287 /* start at the first byte of the first word (bus_width size) */
2288 read_p = address & ~(bank->bus_width - 1);
2289 align = address - read_p;
2291 LOG_INFO("Fixup %d unaligned read head bytes", align);
2293 /* read a complete word from flash */
2294 retval = cfi_target_read_memory(bank, read_p, 1, current_word);
2295 if (retval != ERROR_OK)
2298 /* take only bytes we need */
2299 for (int i = align; (i < bank->bus_width) && (count > 0); i++, count--)
2300 *buffer++ = current_word[i];
2302 read_p += bank->bus_width;
2305 align = count / bank->bus_width;
2307 retval = cfi_target_read_memory(bank, read_p, align, buffer);
2308 if (retval != ERROR_OK)
2311 read_p += align * bank->bus_width;
2312 buffer += align * bank->bus_width;
2313 count -= align * bank->bus_width;
2317 LOG_INFO("Fixup %" PRIu32 " unaligned read tail bytes", count);
2319 /* read a complete word from flash */
2320 retval = cfi_target_read_memory(bank, read_p, 1, current_word);
2321 if (retval != ERROR_OK)
2324 /* take only bytes we need */
2325 for (int i = 0; (i < bank->bus_width) && (count > 0); i++, count--)
2326 *buffer++ = current_word[i];
2332 static int cfi_write(struct flash_bank *bank, const uint8_t *buffer, uint32_t offset, uint32_t count)
2334 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2335 uint32_t address = bank->base + offset; /* address of first byte to be programmed */
2337 int align; /* number of unaligned bytes */
2338 int blk_count; /* number of bus_width bytes for block copy */
2339 uint8_t current_word[CFI_MAX_BUS_WIDTH * 4]; /* word (bus_width size) currently being
2341 uint8_t *swapped_buffer = NULL;
2342 const uint8_t *real_buffer = NULL;
2345 if (bank->target->state != TARGET_HALTED) {
2346 LOG_ERROR("Target not halted");
2347 return ERROR_TARGET_NOT_HALTED;
2350 if (offset + count > bank->size)
2351 return ERROR_FLASH_DST_OUT_OF_BANK;
2353 if (cfi_info->qry[0] != 'Q')
2354 return ERROR_FLASH_BANK_NOT_PROBED;
2356 /* start at the first byte of the first word (bus_width size) */
2357 write_p = address & ~(bank->bus_width - 1);
2358 align = address - write_p;
2360 LOG_INFO("Fixup %d unaligned head bytes", align);
2362 /* read a complete word from flash */
2363 retval = cfi_target_read_memory(bank, write_p, 1, current_word);
2364 if (retval != ERROR_OK)
2367 /* replace only bytes that must be written */
2369 (i < bank->bus_width) && (count > 0);
2371 if (cfi_info->data_swap)
2372 /* data bytes are swapped (reverse endianness) */
2373 current_word[bank->bus_width - i] = *buffer++;
2375 current_word[i] = *buffer++;
2377 retval = cfi_write_word(bank, current_word, write_p);
2378 if (retval != ERROR_OK)
2380 write_p += bank->bus_width;
2383 if (cfi_info->data_swap && count) {
2384 swapped_buffer = malloc(count & ~(bank->bus_width - 1));
2385 switch (bank->bus_width) {
2387 buf_bswap16(swapped_buffer, buffer,
2388 count & ~(bank->bus_width - 1));
2391 buf_bswap32(swapped_buffer, buffer,
2392 count & ~(bank->bus_width - 1));
2395 real_buffer = buffer;
2396 buffer = swapped_buffer;
2399 /* handle blocks of bus_size aligned bytes */
2400 blk_count = count & ~(bank->bus_width - 1); /* round down, leave tail bytes */
2401 switch (cfi_info->pri_id) {
2402 /* try block writes (fails without working area) */
2405 retval = cfi_intel_write_block(bank, buffer, write_p, blk_count);
2408 retval = cfi_spansion_write_block(bank, buffer, write_p, blk_count);
2411 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2412 retval = ERROR_FLASH_OPERATION_FAILED;
2415 if (retval == ERROR_OK) {
2416 /* Increment pointers and decrease count on succesful block write */
2417 buffer += blk_count;
2418 write_p += blk_count;
2421 if (retval == ERROR_TARGET_RESOURCE_NOT_AVAILABLE) {
2422 /* Calculate buffer size and boundary mask
2423 * buffersize is (buffer size per chip) * (number of chips)
2424 * bufferwsize is buffersize in words */
2425 uint32_t buffersize =
2427 cfi_info->max_buf_write_size) *
2428 (bank->bus_width / bank->chip_width);
2429 uint32_t buffermask = buffersize-1;
2430 uint32_t bufferwsize = buffersize / bank->bus_width;
2432 /* fall back to memory writes */
2433 while (count >= (uint32_t)bank->bus_width) {
2435 if ((write_p & 0xff) == 0) {
2436 LOG_INFO("Programming at 0x%08" PRIx32 ", count 0x%08"
2437 PRIx32 " bytes remaining", write_p, count);
2440 if ((bufferwsize > 0) && (count >= buffersize) &&
2441 !(write_p & buffermask)) {
2442 retval = cfi_write_words(bank, buffer, bufferwsize, write_p);
2443 if (retval == ERROR_OK) {
2444 buffer += buffersize;
2445 write_p += buffersize;
2446 count -= buffersize;
2448 } else if (retval != ERROR_FLASH_OPER_UNSUPPORTED)
2451 /* try the slow way? */
2453 for (int i = 0; i < bank->bus_width; i++)
2454 current_word[i] = *buffer++;
2456 retval = cfi_write_word(bank, current_word, write_p);
2457 if (retval != ERROR_OK)
2460 write_p += bank->bus_width;
2461 count -= bank->bus_width;
2468 if (swapped_buffer) {
2469 buffer = real_buffer + (buffer - swapped_buffer);
2470 free(swapped_buffer);
2473 /* return to read array mode, so we can read from flash again for padding */
2474 retval = cfi_reset(bank);
2475 if (retval != ERROR_OK)
2478 /* handle unaligned tail bytes */
2480 LOG_INFO("Fixup %" PRId32 " unaligned tail bytes", count);
2482 /* read a complete word from flash */
2483 retval = cfi_target_read_memory(bank, write_p, 1, current_word);
2484 if (retval != ERROR_OK)
2487 /* replace only bytes that must be written */
2488 for (int i = 0; (i < bank->bus_width) && (count > 0); i++, count--)
2489 if (cfi_info->data_swap)
2490 /* data bytes are swapped (reverse endianness) */
2491 current_word[bank->bus_width - i] = *buffer++;
2493 current_word[i] = *buffer++;
2495 retval = cfi_write_word(bank, current_word, write_p);
2496 if (retval != ERROR_OK)
2500 /* return to read array mode */
2501 return cfi_reset(bank);
2504 static void cfi_fixup_reversed_erase_regions(struct flash_bank *bank, const void *param)
2507 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2508 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2510 pri_ext->_reversed_geometry = 1;
2513 static void cfi_fixup_0002_erase_regions(struct flash_bank *bank, const void *param)
2515 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2516 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2519 if ((pri_ext->_reversed_geometry) || (pri_ext->TopBottom == 3)) {
2520 LOG_DEBUG("swapping reversed erase region information on cmdset 0002 device");
2522 for (unsigned int i = 0; i < cfi_info->num_erase_regions / 2; i++) {
2523 int j = (cfi_info->num_erase_regions - 1) - i;
2526 swap = cfi_info->erase_region_info[i];
2527 cfi_info->erase_region_info[i] = cfi_info->erase_region_info[j];
2528 cfi_info->erase_region_info[j] = swap;
2533 static void cfi_fixup_0002_unlock_addresses(struct flash_bank *bank, const void *param)
2535 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2536 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2537 const struct cfi_unlock_addresses *unlock_addresses = param;
2539 pri_ext->_unlock1 = unlock_addresses->unlock1;
2540 pri_ext->_unlock2 = unlock_addresses->unlock2;
2543 static void cfi_fixup_0002_polling_bits(struct flash_bank *bank, const void *param)
2545 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2546 const int *status_poll_mask = param;
2548 cfi_info->status_poll_mask = *status_poll_mask;
2552 static int cfi_query_string(struct flash_bank *bank, int address)
2554 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2557 retval = cfi_send_command(bank, 0x98, cfi_flash_address(bank, 0, address));
2558 if (retval != ERROR_OK)
2561 retval = cfi_query_u8(bank, 0, 0x10, &cfi_info->qry[0]);
2562 if (retval != ERROR_OK)
2564 retval = cfi_query_u8(bank, 0, 0x11, &cfi_info->qry[1]);
2565 if (retval != ERROR_OK)
2567 retval = cfi_query_u8(bank, 0, 0x12, &cfi_info->qry[2]);
2568 if (retval != ERROR_OK)
2571 LOG_DEBUG("CFI qry returned: 0x%2.2x 0x%2.2x 0x%2.2x",
2572 cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2]);
2574 if ((cfi_info->qry[0] != 'Q') || (cfi_info->qry[1] != 'R') || (cfi_info->qry[2] != 'Y')) {
2575 retval = cfi_reset(bank);
2576 if (retval != ERROR_OK)
2578 LOG_ERROR("Could not probe bank: no QRY");
2579 return ERROR_FLASH_BANK_INVALID;
2585 int cfi_probe(struct flash_bank *bank)
2587 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2588 struct target *target = bank->target;
2589 int num_sectors = 0;
2591 uint32_t unlock1 = 0x555;
2592 uint32_t unlock2 = 0x2aa;
2594 uint8_t value_buf0[CFI_MAX_BUS_WIDTH], value_buf1[CFI_MAX_BUS_WIDTH];
2596 if (bank->target->state != TARGET_HALTED) {
2597 LOG_ERROR("Target not halted");
2598 return ERROR_TARGET_NOT_HALTED;
2601 cfi_info->probed = false;
2602 cfi_info->num_erase_regions = 0;
2603 if (bank->sectors) {
2604 free(bank->sectors);
2605 bank->sectors = NULL;
2607 if (cfi_info->erase_region_info) {
2608 free(cfi_info->erase_region_info);
2609 cfi_info->erase_region_info = NULL;
2612 /* JEDEC standard JESD21C uses 0x5555 and 0x2aaa as unlock addresses,
2613 * while CFI compatible AMD/Spansion flashes use 0x555 and 0x2aa
2615 if (cfi_info->jedec_probe) {
2620 /* switch to read identifier codes mode ("AUTOSELECT") */
2621 retval = cfi_send_command(bank, 0xaa, cfi_flash_address(bank, 0, unlock1));
2622 if (retval != ERROR_OK)
2624 retval = cfi_send_command(bank, 0x55, cfi_flash_address(bank, 0, unlock2));
2625 if (retval != ERROR_OK)
2627 retval = cfi_send_command(bank, 0x90, cfi_flash_address(bank, 0, unlock1));
2628 if (retval != ERROR_OK)
2631 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, 0, 0x00),
2633 if (retval != ERROR_OK)
2635 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, 0, 0x01),
2637 if (retval != ERROR_OK)
2639 switch (bank->chip_width) {
2641 cfi_info->manufacturer = *value_buf0;
2642 cfi_info->device_id = *value_buf1;
2645 cfi_info->manufacturer = target_buffer_get_u16(target, value_buf0);
2646 cfi_info->device_id = target_buffer_get_u16(target, value_buf1);
2649 cfi_info->manufacturer = target_buffer_get_u32(target, value_buf0);
2650 cfi_info->device_id = target_buffer_get_u32(target, value_buf1);
2653 LOG_ERROR("Unsupported bank chipwidth %d, can't probe memory",
2655 return ERROR_FLASH_OPERATION_FAILED;
2658 LOG_INFO("Flash Manufacturer/Device: 0x%04x 0x%04x",
2659 cfi_info->manufacturer, cfi_info->device_id);
2660 /* switch back to read array mode */
2661 retval = cfi_reset(bank);
2662 if (retval != ERROR_OK)
2665 /* check device/manufacturer ID for known non-CFI flashes. */
2666 cfi_fixup_non_cfi(bank);
2668 /* query only if this is a CFI compatible flash,
2669 * otherwise the relevant info has already been filled in
2671 if (cfi_info->not_cfi == 0) {
2672 /* enter CFI query mode
2673 * according to JEDEC Standard No. 68.01,
2674 * a single bus sequence with address = 0x55, data = 0x98 should put
2675 * the device into CFI query mode.
2677 * SST flashes clearly violate this, and we will consider them incompatible for now
2680 retval = cfi_query_string(bank, 0x55);
2681 if (retval != ERROR_OK) {
2683 * Spansion S29WS-N CFI query fix is to try 0x555 if 0x55 fails. Should
2684 * be harmless enough:
2686 * http://www.infradead.org/pipermail/linux-mtd/2005-September/013618.html
2688 LOG_USER("Try workaround w/0x555 instead of 0x55 to get QRY.");
2689 retval = cfi_query_string(bank, 0x555);
2691 if (retval != ERROR_OK)
2694 retval = cfi_query_u16(bank, 0, 0x13, &cfi_info->pri_id);
2695 if (retval != ERROR_OK)
2697 retval = cfi_query_u16(bank, 0, 0x15, &cfi_info->pri_addr);
2698 if (retval != ERROR_OK)
2700 retval = cfi_query_u16(bank, 0, 0x17, &cfi_info->alt_id);
2701 if (retval != ERROR_OK)
2703 retval = cfi_query_u16(bank, 0, 0x19, &cfi_info->alt_addr);
2704 if (retval != ERROR_OK)
2707 LOG_DEBUG("qry: '%c%c%c', pri_id: 0x%4.4x, pri_addr: 0x%4.4x, alt_id: "
2708 "0x%4.4x, alt_addr: 0x%4.4x", cfi_info->qry[0], cfi_info->qry[1],
2709 cfi_info->qry[2], cfi_info->pri_id, cfi_info->pri_addr,
2710 cfi_info->alt_id, cfi_info->alt_addr);
2712 retval = cfi_query_u8(bank, 0, 0x1b, &cfi_info->vcc_min);
2713 if (retval != ERROR_OK)
2715 retval = cfi_query_u8(bank, 0, 0x1c, &cfi_info->vcc_max);
2716 if (retval != ERROR_OK)
2718 retval = cfi_query_u8(bank, 0, 0x1d, &cfi_info->vpp_min);
2719 if (retval != ERROR_OK)
2721 retval = cfi_query_u8(bank, 0, 0x1e, &cfi_info->vpp_max);
2722 if (retval != ERROR_OK)
2725 retval = cfi_query_u8(bank, 0, 0x1f, &cfi_info->word_write_timeout_typ);
2726 if (retval != ERROR_OK)
2728 retval = cfi_query_u8(bank, 0, 0x20, &cfi_info->buf_write_timeout_typ);
2729 if (retval != ERROR_OK)
2731 retval = cfi_query_u8(bank, 0, 0x21, &cfi_info->block_erase_timeout_typ);
2732 if (retval != ERROR_OK)
2734 retval = cfi_query_u8(bank, 0, 0x22, &cfi_info->chip_erase_timeout_typ);
2735 if (retval != ERROR_OK)
2737 retval = cfi_query_u8(bank, 0, 0x23, &cfi_info->word_write_timeout_max);
2738 if (retval != ERROR_OK)
2740 retval = cfi_query_u8(bank, 0, 0x24, &cfi_info->buf_write_timeout_max);
2741 if (retval != ERROR_OK)
2743 retval = cfi_query_u8(bank, 0, 0x25, &cfi_info->block_erase_timeout_max);
2744 if (retval != ERROR_OK)
2746 retval = cfi_query_u8(bank, 0, 0x26, &cfi_info->chip_erase_timeout_max);
2747 if (retval != ERROR_OK)
2751 retval = cfi_query_u8(bank, 0, 0x27, &data);
2752 if (retval != ERROR_OK)
2754 cfi_info->dev_size = 1 << data;
2756 retval = cfi_query_u16(bank, 0, 0x28, &cfi_info->interface_desc);
2757 if (retval != ERROR_OK)
2759 retval = cfi_query_u16(bank, 0, 0x2a, &cfi_info->max_buf_write_size);
2760 if (retval != ERROR_OK)
2762 retval = cfi_query_u8(bank, 0, 0x2c, &cfi_info->num_erase_regions);
2763 if (retval != ERROR_OK)
2766 LOG_DEBUG("size: 0x%" PRIx32 ", interface desc: %i, max buffer write size: 0x%x",
2767 cfi_info->dev_size, cfi_info->interface_desc,
2768 (1 << cfi_info->max_buf_write_size));
2770 if (cfi_info->num_erase_regions) {
2771 cfi_info->erase_region_info = malloc(sizeof(*cfi_info->erase_region_info)
2772 * cfi_info->num_erase_regions);
2773 for (unsigned int i = 0; i < cfi_info->num_erase_regions; i++) {
2774 retval = cfi_query_u32(bank,
2777 &cfi_info->erase_region_info[i]);
2778 if (retval != ERROR_OK)
2781 "erase region[%i]: %" PRIu32 " blocks of size 0x%" PRIx32 "",
2783 (cfi_info->erase_region_info[i] & 0xffff) + 1,
2784 (cfi_info->erase_region_info[i] >> 16) * 256);
2787 cfi_info->erase_region_info = NULL;
2789 /* We need to read the primary algorithm extended query table before calculating
2790 * the sector layout to be able to apply fixups
2792 switch (cfi_info->pri_id) {
2793 /* Intel command set (standard and extended) */
2796 cfi_read_intel_pri_ext(bank);
2798 /* AMD/Spansion, Atmel, ... command set */
2800 cfi_info->status_poll_mask = CFI_STATUS_POLL_MASK_DQ5_DQ6_DQ7; /*
2807 cfi_read_0002_pri_ext(bank);
2810 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2814 /* return to read array mode
2815 * we use both reset commands, as some Intel flashes fail to recognize the 0xF0 command
2817 retval = cfi_reset(bank);
2818 if (retval != ERROR_OK)
2820 } /* end CFI case */
2822 LOG_DEBUG("Vcc min: %x.%x, Vcc max: %x.%x, Vpp min: %u.%x, Vpp max: %u.%x",
2823 (cfi_info->vcc_min & 0xf0) >> 4, cfi_info->vcc_min & 0x0f,
2824 (cfi_info->vcc_max & 0xf0) >> 4, cfi_info->vcc_max & 0x0f,
2825 (cfi_info->vpp_min & 0xf0) >> 4, cfi_info->vpp_min & 0x0f,
2826 (cfi_info->vpp_max & 0xf0) >> 4, cfi_info->vpp_max & 0x0f);
2828 LOG_DEBUG("typ. word write timeout: %u us, typ. buf write timeout: %u us, "
2829 "typ. block erase timeout: %u ms, typ. chip erase timeout: %u ms",
2830 1 << cfi_info->word_write_timeout_typ, 1 << cfi_info->buf_write_timeout_typ,
2831 1 << cfi_info->block_erase_timeout_typ, 1 << cfi_info->chip_erase_timeout_typ);
2833 LOG_DEBUG("max. word write timeout: %u us, max. buf write timeout: %u us, "
2834 "max. block erase timeout: %u ms, max. chip erase timeout: %u ms",
2835 (1 << cfi_info->word_write_timeout_max) * (1 << cfi_info->word_write_timeout_typ),
2836 (1 << cfi_info->buf_write_timeout_max) * (1 << cfi_info->buf_write_timeout_typ),
2837 (1 << cfi_info->block_erase_timeout_max) * (1 << cfi_info->block_erase_timeout_typ),
2838 (1 << cfi_info->chip_erase_timeout_max) * (1 << cfi_info->chip_erase_timeout_typ));
2840 /* convert timeouts to real values in ms */
2841 cfi_info->word_write_timeout = DIV_ROUND_UP((1L << cfi_info->word_write_timeout_typ) *
2842 (1L << cfi_info->word_write_timeout_max), 1000);
2843 cfi_info->buf_write_timeout = DIV_ROUND_UP((1L << cfi_info->buf_write_timeout_typ) *
2844 (1L << cfi_info->buf_write_timeout_max), 1000);
2845 cfi_info->block_erase_timeout = (1L << cfi_info->block_erase_timeout_typ) *
2846 (1L << cfi_info->block_erase_timeout_max);
2847 cfi_info->chip_erase_timeout = (1L << cfi_info->chip_erase_timeout_typ) *
2848 (1L << cfi_info->chip_erase_timeout_max);
2850 LOG_DEBUG("calculated word write timeout: %u ms, buf write timeout: %u ms, "
2851 "block erase timeout: %u ms, chip erase timeout: %u ms",
2852 cfi_info->word_write_timeout, cfi_info->buf_write_timeout,
2853 cfi_info->block_erase_timeout, cfi_info->chip_erase_timeout);
2855 /* apply fixups depending on the primary command set */
2856 switch (cfi_info->pri_id) {
2857 /* Intel command set (standard and extended) */
2860 cfi_fixup(bank, cfi_0001_fixups);
2862 /* AMD/Spansion, Atmel, ... command set */
2864 cfi_fixup(bank, cfi_0002_fixups);
2867 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2871 if ((cfi_info->dev_size * bank->bus_width / bank->chip_width) != bank->size) {
2872 LOG_WARNING("configuration specifies 0x%" PRIx32 " size, but a 0x%" PRIx32
2873 " size flash was found", bank->size, cfi_info->dev_size);
2876 if (cfi_info->num_erase_regions == 0) {
2877 /* a device might have only one erase block, spanning the whole device */
2878 bank->num_sectors = 1;
2879 bank->sectors = malloc(sizeof(struct flash_sector));
2881 bank->sectors[sector].offset = 0x0;
2882 bank->sectors[sector].size = bank->size;
2883 bank->sectors[sector].is_erased = -1;
2884 bank->sectors[sector].is_protected = -1;
2886 uint32_t offset = 0;
2888 for (unsigned int i = 0; i < cfi_info->num_erase_regions; i++)
2889 num_sectors += (cfi_info->erase_region_info[i] & 0xffff) + 1;
2891 bank->num_sectors = num_sectors;
2892 bank->sectors = malloc(sizeof(struct flash_sector) * num_sectors);
2894 for (unsigned int i = 0; i < cfi_info->num_erase_regions; i++) {
2895 for (uint32_t j = 0; j < (cfi_info->erase_region_info[i] & 0xffff) + 1; j++) {
2896 bank->sectors[sector].offset = offset;
2897 bank->sectors[sector].size =
2898 ((cfi_info->erase_region_info[i] >> 16) * 256)
2899 * bank->bus_width / bank->chip_width;
2900 offset += bank->sectors[sector].size;
2901 bank->sectors[sector].is_erased = -1;
2902 bank->sectors[sector].is_protected = -1;
2906 if (offset != (cfi_info->dev_size * bank->bus_width / bank->chip_width)) {
2908 "CFI size is 0x%" PRIx32 ", but total sector size is 0x%" PRIx32 "", \
2909 (cfi_info->dev_size * bank->bus_width / bank->chip_width),
2914 cfi_info->probed = true;
2919 int cfi_auto_probe(struct flash_bank *bank)
2921 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2922 if (cfi_info->probed)
2924 return cfi_probe(bank);
2927 static int cfi_intel_protect_check(struct flash_bank *bank)
2930 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2931 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
2933 /* check if block lock bits are supported on this device */
2934 if (!(pri_ext->blk_status_reg_mask & 0x1))
2935 return ERROR_FLASH_OPERATION_FAILED;
2937 retval = cfi_send_command(bank, 0x90, cfi_flash_address(bank, 0, 0x55));
2938 if (retval != ERROR_OK)
2941 for (int i = 0; i < bank->num_sectors; i++) {
2942 uint8_t block_status;
2943 retval = cfi_get_u8(bank, i, 0x2, &block_status);
2944 if (retval != ERROR_OK)
2947 if (block_status & 1)
2948 bank->sectors[i].is_protected = 1;
2950 bank->sectors[i].is_protected = 0;
2953 return cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
2956 static int cfi_spansion_protect_check(struct flash_bank *bank)
2959 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2960 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2962 retval = cfi_spansion_unlock_seq(bank);
2963 if (retval != ERROR_OK)
2966 retval = cfi_send_command(bank, 0x90, cfi_flash_address(bank, 0, pri_ext->_unlock1));
2967 if (retval != ERROR_OK)
2970 for (int i = 0; i < bank->num_sectors; i++) {
2971 uint8_t block_status;
2972 retval = cfi_get_u8(bank, i, 0x2, &block_status);
2973 if (retval != ERROR_OK)
2976 if (block_status & 1)
2977 bank->sectors[i].is_protected = 1;
2979 bank->sectors[i].is_protected = 0;
2982 return cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
2985 int cfi_protect_check(struct flash_bank *bank)
2987 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2989 if (bank->target->state != TARGET_HALTED) {
2990 LOG_ERROR("Target not halted");
2991 return ERROR_TARGET_NOT_HALTED;
2994 if (cfi_info->qry[0] != 'Q')
2995 return ERROR_FLASH_BANK_NOT_PROBED;
2997 switch (cfi_info->pri_id) {
3000 return cfi_intel_protect_check(bank);
3003 return cfi_spansion_protect_check(bank);
3006 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
3013 int cfi_get_info(struct flash_bank *bank, char *buf, int buf_size)
3016 struct cfi_flash_bank *cfi_info = bank->driver_priv;
3018 if (cfi_info->qry[0] == 0xff) {
3019 snprintf(buf, buf_size, "\ncfi flash bank not probed yet\n");
3023 if (cfi_info->not_cfi == 0)
3024 printed = snprintf(buf, buf_size, "\nCFI flash: ");
3026 printed = snprintf(buf, buf_size, "\nnon-CFI flash: ");
3028 buf_size -= printed;
3030 printed = snprintf(buf, buf_size, "mfr: 0x%4.4x, id:0x%4.4x\n\n",
3031 cfi_info->manufacturer, cfi_info->device_id);
3033 buf_size -= printed;
3035 printed = snprintf(buf, buf_size, "qry: '%c%c%c', pri_id: 0x%4.4x, pri_addr: "
3036 "0x%4.4x, alt_id: 0x%4.4x, alt_addr: 0x%4.4x\n",
3037 cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2],
3038 cfi_info->pri_id, cfi_info->pri_addr, cfi_info->alt_id, cfi_info->alt_addr);
3040 buf_size -= printed;
3042 printed = snprintf(buf, buf_size, "Vcc min: %x.%x, Vcc max: %x.%x, "
3043 "Vpp min: %u.%x, Vpp max: %u.%x\n",
3044 (cfi_info->vcc_min & 0xf0) >> 4, cfi_info->vcc_min & 0x0f,
3045 (cfi_info->vcc_max & 0xf0) >> 4, cfi_info->vcc_max & 0x0f,
3046 (cfi_info->vpp_min & 0xf0) >> 4, cfi_info->vpp_min & 0x0f,
3047 (cfi_info->vpp_max & 0xf0) >> 4, cfi_info->vpp_max & 0x0f);
3049 buf_size -= printed;
3051 printed = snprintf(buf, buf_size, "typ. word write timeout: %u us, "
3052 "typ. buf write timeout: %u us, "
3053 "typ. block erase timeout: %u ms, "
3054 "typ. chip erase timeout: %u ms\n",
3055 1 << cfi_info->word_write_timeout_typ,
3056 1 << cfi_info->buf_write_timeout_typ,
3057 1 << cfi_info->block_erase_timeout_typ,
3058 1 << cfi_info->chip_erase_timeout_typ);
3060 buf_size -= printed;
3062 printed = snprintf(buf,
3064 "max. word write timeout: %u us, "
3065 "max. buf write timeout: %u us, max. "
3066 "block erase timeout: %u ms, max. chip erase timeout: %u ms\n",
3068 cfi_info->word_write_timeout_max) * (1 << cfi_info->word_write_timeout_typ),
3070 cfi_info->buf_write_timeout_max) * (1 << cfi_info->buf_write_timeout_typ),
3072 cfi_info->block_erase_timeout_max) *
3073 (1 << cfi_info->block_erase_timeout_typ),
3075 cfi_info->chip_erase_timeout_max) *
3076 (1 << cfi_info->chip_erase_timeout_typ));
3078 buf_size -= printed;
3080 printed = snprintf(buf, buf_size, "size: 0x%" PRIx32 ", interface desc: %i, "
3081 "max buffer write size: 0x%x\n",
3083 cfi_info->interface_desc,
3084 1 << cfi_info->max_buf_write_size);
3086 buf_size -= printed;
3088 switch (cfi_info->pri_id) {
3091 cfi_intel_info(bank, buf, buf_size);
3094 cfi_spansion_info(bank, buf, buf_size);
3097 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
3104 static void cfi_fixup_0002_write_buffer(struct flash_bank *bank, const void *param)
3106 struct cfi_flash_bank *cfi_info = bank->driver_priv;
3108 /* disable write buffer for M29W128G */
3109 cfi_info->buf_write_timeout_typ = 0;
3112 const struct flash_driver cfi_flash = {
3114 .flash_bank_command = cfi_flash_bank_command,
3116 .protect = cfi_protect,
3120 .auto_probe = cfi_auto_probe,
3121 /* FIXME: access flash at bus_width size */
3122 .erase_check = default_flash_blank_check,
3123 .protect_check = cfi_protect_check,
3124 .info = cfi_get_info,
3125 .free_driver_priv = default_flash_free_driver_priv,