1 /***************************************************************************
2 * Copyright (C) 2005, 2007 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * Copyright (C) 2009 Michael Schwingen *
5 * michael@schwingen.org *
6 * Copyright (C) 2010 Øyvind Harboe <oyvind.harboe@zylin.com> *
7 * Copyright (C) 2010 by Antonio Borneo <borneo.antonio@gmail.com> *
9 * This program is free software; you can redistribute it and/or modify *
10 * it under the terms of the GNU General Public License as published by *
11 * the Free Software Foundation; either version 2 of the License, or *
12 * (at your option) any later version. *
14 * This program is distributed in the hope that it will be useful, *
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
17 * GNU General Public License for more details. *
19 * You should have received a copy of the GNU General Public License *
20 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
21 ***************************************************************************/
30 #include <target/arm.h>
31 #include <target/arm7_9_common.h>
32 #include <target/armv7m.h>
33 #include <target/mips32.h>
34 #include <helper/binarybuffer.h>
35 #include <target/algorithm.h>
37 #define CFI_MAX_BUS_WIDTH 4
38 #define CFI_MAX_CHIP_WIDTH 4
40 /* defines internal maximum size for code fragment in cfi_intel_write_block() */
41 #define CFI_MAX_INTEL_CODESIZE 256
43 /* some id-types with specific handling */
44 #define AT49BV6416 0x00d6
45 #define AT49BV6416T 0x00d2
47 static const struct cfi_unlock_addresses cfi_unlock_addresses[] = {
48 [CFI_UNLOCK_555_2AA] = { .unlock1 = 0x555, .unlock2 = 0x2aa },
49 [CFI_UNLOCK_5555_2AAA] = { .unlock1 = 0x5555, .unlock2 = 0x2aaa },
52 static const int cfi_status_poll_mask_dq6_dq7 = CFI_STATUS_POLL_MASK_DQ6_DQ7;
54 /* CFI fixups forward declarations */
55 static void cfi_fixup_0002_erase_regions(struct flash_bank *bank, const void *param);
56 static void cfi_fixup_0002_unlock_addresses(struct flash_bank *bank, const void *param);
57 static void cfi_fixup_reversed_erase_regions(struct flash_bank *bank, const void *param);
58 static void cfi_fixup_0002_write_buffer(struct flash_bank *bank, const void *param);
59 static void cfi_fixup_0002_polling_bits(struct flash_bank *bank, const void *param);
61 /* fixup after reading cmdset 0002 primary query table */
62 static const struct cfi_fixup cfi_0002_fixups[] = {
63 {CFI_MFR_SST, 0x00D4, cfi_fixup_0002_unlock_addresses,
64 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
65 {CFI_MFR_SST, 0x00D5, cfi_fixup_0002_unlock_addresses,
66 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
67 {CFI_MFR_SST, 0x00D6, cfi_fixup_0002_unlock_addresses,
68 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
69 {CFI_MFR_SST, 0x00D7, cfi_fixup_0002_unlock_addresses,
70 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
71 {CFI_MFR_SST, 0x2780, cfi_fixup_0002_unlock_addresses,
72 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
73 {CFI_MFR_SST, 0x274b, cfi_fixup_0002_unlock_addresses,
74 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
75 {CFI_MFR_SST, 0x235f, cfi_fixup_0002_polling_bits, /* 39VF3201C */
76 &cfi_status_poll_mask_dq6_dq7},
77 {CFI_MFR_SST, 0x236d, cfi_fixup_0002_unlock_addresses,
78 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
79 {CFI_MFR_ATMEL, 0x00C8, cfi_fixup_reversed_erase_regions, NULL},
80 {CFI_MFR_ST, 0x22C4, cfi_fixup_reversed_erase_regions, NULL}, /* M29W160ET */
81 {CFI_MFR_FUJITSU, 0x22ea, cfi_fixup_0002_unlock_addresses,
82 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
83 {CFI_MFR_FUJITSU, 0x226b, cfi_fixup_0002_unlock_addresses,
84 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
85 {CFI_MFR_AMIC, 0xb31a, cfi_fixup_0002_unlock_addresses,
86 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
87 {CFI_MFR_MX, 0x225b, cfi_fixup_0002_unlock_addresses,
88 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
89 {CFI_MFR_EON, 0x225b, cfi_fixup_0002_unlock_addresses,
90 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
91 {CFI_MFR_AMD, 0x225b, cfi_fixup_0002_unlock_addresses,
92 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
93 {CFI_MFR_ANY, CFI_ID_ANY, cfi_fixup_0002_erase_regions, NULL},
94 {CFI_MFR_ST, 0x227E, cfi_fixup_0002_write_buffer, NULL},/* M29W128G */
98 /* fixup after reading cmdset 0001 primary query table */
99 static const struct cfi_fixup cfi_0001_fixups[] = {
103 static void cfi_fixup(struct flash_bank *bank, const struct cfi_fixup *fixups)
105 struct cfi_flash_bank *cfi_info = bank->driver_priv;
106 const struct cfi_fixup *f;
108 for (f = fixups; f->fixup; f++) {
109 if (((f->mfr == CFI_MFR_ANY) || (f->mfr == cfi_info->manufacturer)) &&
110 ((f->id == CFI_ID_ANY) || (f->id == cfi_info->device_id)))
111 f->fixup(bank, f->param);
115 static inline uint32_t flash_address(struct flash_bank *bank, int sector, uint32_t offset)
117 struct cfi_flash_bank *cfi_info = bank->driver_priv;
119 if (cfi_info->x16_as_x8)
122 /* while the sector list isn't built, only accesses to sector 0 work */
124 return bank->base + offset * bank->bus_width;
126 if (!bank->sectors) {
127 LOG_ERROR("BUG: sector list not yet built");
130 return bank->base + bank->sectors[sector].offset + offset * bank->bus_width;
134 static void cfi_command(struct flash_bank *bank, uint8_t cmd, uint8_t *cmd_buf)
137 struct cfi_flash_bank *cfi_info = bank->driver_priv;
139 /* clear whole buffer, to ensure bits that exceed the bus_width
142 for (i = 0; i < CFI_MAX_BUS_WIDTH; i++)
145 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN) {
146 for (i = bank->bus_width; i > 0; i--)
147 *cmd_buf++ = (i & (bank->chip_width - 1)) ? 0x0 : cmd;
149 for (i = 1; i <= bank->bus_width; i++)
150 *cmd_buf++ = (i & (bank->chip_width - 1)) ? 0x0 : cmd;
154 static int cfi_send_command(struct flash_bank *bank, uint8_t cmd, uint32_t address)
156 uint8_t command[CFI_MAX_BUS_WIDTH];
158 cfi_command(bank, cmd, command);
159 return target_write_memory(bank->target, address, bank->bus_width, 1, command);
162 /* read unsigned 8-bit value from the bank
163 * flash banks are expected to be made of similar chips
164 * the query result should be the same for all
166 static int cfi_query_u8(struct flash_bank *bank, int sector, uint32_t offset, uint8_t *val)
168 struct target *target = bank->target;
169 struct cfi_flash_bank *cfi_info = bank->driver_priv;
170 uint8_t data[CFI_MAX_BUS_WIDTH];
173 retval = target_read_memory(target, flash_address(bank, sector, offset),
174 bank->bus_width, 1, data);
175 if (retval != ERROR_OK)
178 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN)
181 *val = data[bank->bus_width - 1];
186 /* read unsigned 8-bit value from the bank
187 * in case of a bank made of multiple chips,
188 * the individual values are ORed
190 static int cfi_get_u8(struct flash_bank *bank, int sector, uint32_t offset, uint8_t *val)
192 struct target *target = bank->target;
193 struct cfi_flash_bank *cfi_info = bank->driver_priv;
194 uint8_t data[CFI_MAX_BUS_WIDTH];
198 retval = target_read_memory(target, flash_address(bank, sector, offset),
199 bank->bus_width, 1, data);
200 if (retval != ERROR_OK)
203 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN) {
204 for (i = 0; i < bank->bus_width / bank->chip_width; i++)
210 for (i = 0; i < bank->bus_width / bank->chip_width; i++)
211 value |= data[bank->bus_width - 1 - i];
218 static int cfi_query_u16(struct flash_bank *bank, int sector, uint32_t offset, uint16_t *val)
220 struct target *target = bank->target;
221 struct cfi_flash_bank *cfi_info = bank->driver_priv;
222 uint8_t data[CFI_MAX_BUS_WIDTH * 2];
225 if (cfi_info->x16_as_x8) {
227 for (i = 0; i < 2; i++) {
228 retval = target_read_memory(target, flash_address(bank, sector, offset + i),
229 bank->bus_width, 1, &data[i * bank->bus_width]);
230 if (retval != ERROR_OK)
234 retval = target_read_memory(target, flash_address(bank, sector, offset),
235 bank->bus_width, 2, data);
236 if (retval != ERROR_OK)
240 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN)
241 *val = data[0] | data[bank->bus_width] << 8;
243 *val = data[bank->bus_width - 1] | data[(2 * bank->bus_width) - 1] << 8;
248 static int cfi_query_u32(struct flash_bank *bank, int sector, uint32_t offset, uint32_t *val)
250 struct target *target = bank->target;
251 struct cfi_flash_bank *cfi_info = bank->driver_priv;
252 uint8_t data[CFI_MAX_BUS_WIDTH * 4];
255 if (cfi_info->x16_as_x8) {
257 for (i = 0; i < 4; i++) {
258 retval = target_read_memory(target, flash_address(bank, sector, offset + i),
259 bank->bus_width, 1, &data[i * bank->bus_width]);
260 if (retval != ERROR_OK)
264 retval = target_read_memory(target, flash_address(bank, sector, offset),
265 bank->bus_width, 4, data);
266 if (retval != ERROR_OK)
270 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN)
271 *val = data[0] | data[bank->bus_width] << 8 |
272 data[bank->bus_width * 2] << 16 | data[bank->bus_width * 3] << 24;
274 *val = data[bank->bus_width - 1] | data[(2 * bank->bus_width) - 1] << 8 |
275 data[(3 * bank->bus_width) - 1] << 16 |
276 data[(4 * bank->bus_width) - 1] << 24;
281 static int cfi_reset(struct flash_bank *bank)
283 struct cfi_flash_bank *cfi_info = bank->driver_priv;
284 int retval = ERROR_OK;
286 retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
287 if (retval != ERROR_OK)
290 retval = cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
291 if (retval != ERROR_OK)
294 if (cfi_info->manufacturer == 0x20 &&
295 (cfi_info->device_id == 0x227E || cfi_info->device_id == 0x7E)) {
296 /* Numonix M29W128G is cmd 0xFF intolerant - causes internal undefined state
297 * so we send an extra 0xF0 reset to fix the bug */
298 retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x00));
299 if (retval != ERROR_OK)
306 static void cfi_intel_clear_status_register(struct flash_bank *bank)
308 cfi_send_command(bank, 0x50, flash_address(bank, 0, 0x0));
311 static int cfi_intel_wait_status_busy(struct flash_bank *bank, int timeout, uint8_t *val)
315 int retval = ERROR_OK;
319 LOG_ERROR("timeout while waiting for WSM to become ready");
323 retval = cfi_get_u8(bank, 0, 0x0, &status);
324 if (retval != ERROR_OK)
333 /* mask out bit 0 (reserved) */
334 status = status & 0xfe;
336 LOG_DEBUG("status: 0x%x", status);
338 if (status != 0x80) {
339 LOG_ERROR("status register: 0x%x", status);
341 LOG_ERROR("Block Lock-Bit Detected, Operation Abort");
343 LOG_ERROR("Program suspended");
345 LOG_ERROR("Low Programming Voltage Detected, Operation Aborted");
347 LOG_ERROR("Program Error / Error in Setting Lock-Bit");
349 LOG_ERROR("Error in Block Erasure or Clear Lock-Bits");
351 LOG_ERROR("Block Erase Suspended");
353 cfi_intel_clear_status_register(bank);
362 static int cfi_spansion_wait_status_busy(struct flash_bank *bank, int timeout)
364 uint8_t status, oldstatus;
365 struct cfi_flash_bank *cfi_info = bank->driver_priv;
368 retval = cfi_get_u8(bank, 0, 0x0, &oldstatus);
369 if (retval != ERROR_OK)
373 retval = cfi_get_u8(bank, 0, 0x0, &status);
375 if (retval != ERROR_OK)
378 if ((status ^ oldstatus) & 0x40) {
379 if (status & cfi_info->status_poll_mask & 0x20) {
380 retval = cfi_get_u8(bank, 0, 0x0, &oldstatus);
381 if (retval != ERROR_OK)
383 retval = cfi_get_u8(bank, 0, 0x0, &status);
384 if (retval != ERROR_OK)
386 if ((status ^ oldstatus) & 0x40) {
387 LOG_ERROR("dq5 timeout, status: 0x%x", status);
388 return ERROR_FLASH_OPERATION_FAILED;
390 LOG_DEBUG("status: 0x%x", status);
394 } else {/* no toggle: finished, OK */
395 LOG_DEBUG("status: 0x%x", status);
401 } while (timeout-- > 0);
403 LOG_ERROR("timeout, status: 0x%x", status);
405 return ERROR_FLASH_BUSY;
408 static int cfi_read_intel_pri_ext(struct flash_bank *bank)
411 struct cfi_flash_bank *cfi_info = bank->driver_priv;
412 struct cfi_intel_pri_ext *pri_ext;
414 if (cfi_info->pri_ext)
415 free(cfi_info->pri_ext);
417 pri_ext = malloc(sizeof(struct cfi_intel_pri_ext));
418 if (pri_ext == NULL) {
419 LOG_ERROR("Out of memory");
422 cfi_info->pri_ext = pri_ext;
424 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &pri_ext->pri[0]);
425 if (retval != ERROR_OK)
427 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &pri_ext->pri[1]);
428 if (retval != ERROR_OK)
430 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &pri_ext->pri[2]);
431 if (retval != ERROR_OK)
434 if ((pri_ext->pri[0] != 'P') || (pri_ext->pri[1] != 'R') || (pri_ext->pri[2] != 'I')) {
435 retval = cfi_reset(bank);
436 if (retval != ERROR_OK)
438 LOG_ERROR("Could not read bank flash bank information");
439 return ERROR_FLASH_BANK_INVALID;
442 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &pri_ext->major_version);
443 if (retval != ERROR_OK)
445 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &pri_ext->minor_version);
446 if (retval != ERROR_OK)
449 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", pri_ext->pri[0], pri_ext->pri[1],
450 pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
452 retval = cfi_query_u32(bank, 0, cfi_info->pri_addr + 5, &pri_ext->feature_support);
453 if (retval != ERROR_OK)
455 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 9, &pri_ext->suspend_cmd_support);
456 if (retval != ERROR_OK)
458 retval = cfi_query_u16(bank, 0, cfi_info->pri_addr + 0xa, &pri_ext->blk_status_reg_mask);
459 if (retval != ERROR_OK)
462 LOG_DEBUG("feature_support: 0x%" PRIx32 ", suspend_cmd_support: "
463 "0x%x, blk_status_reg_mask: 0x%x",
464 pri_ext->feature_support,
465 pri_ext->suspend_cmd_support,
466 pri_ext->blk_status_reg_mask);
468 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xc, &pri_ext->vcc_optimal);
469 if (retval != ERROR_OK)
471 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xd, &pri_ext->vpp_optimal);
472 if (retval != ERROR_OK)
475 LOG_DEBUG("Vcc opt: %x.%x, Vpp opt: %u.%x",
476 (pri_ext->vcc_optimal & 0xf0) >> 4, pri_ext->vcc_optimal & 0x0f,
477 (pri_ext->vpp_optimal & 0xf0) >> 4, pri_ext->vpp_optimal & 0x0f);
479 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xe, &pri_ext->num_protection_fields);
480 if (retval != ERROR_OK)
482 if (pri_ext->num_protection_fields != 1) {
483 LOG_WARNING("expected one protection register field, but found %i",
484 pri_ext->num_protection_fields);
487 retval = cfi_query_u16(bank, 0, cfi_info->pri_addr + 0xf, &pri_ext->prot_reg_addr);
488 if (retval != ERROR_OK)
490 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0x11, &pri_ext->fact_prot_reg_size);
491 if (retval != ERROR_OK)
493 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0x12, &pri_ext->user_prot_reg_size);
494 if (retval != ERROR_OK)
497 LOG_DEBUG("protection_fields: %i, prot_reg_addr: 0x%x, "
498 "factory pre-programmed: %i, user programmable: %i",
499 pri_ext->num_protection_fields, pri_ext->prot_reg_addr,
500 1 << pri_ext->fact_prot_reg_size, 1 << pri_ext->user_prot_reg_size);
505 static int cfi_read_spansion_pri_ext(struct flash_bank *bank)
508 struct cfi_flash_bank *cfi_info = bank->driver_priv;
509 struct cfi_spansion_pri_ext *pri_ext;
511 if (cfi_info->pri_ext)
512 free(cfi_info->pri_ext);
514 pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext));
515 if (pri_ext == NULL) {
516 LOG_ERROR("Out of memory");
519 cfi_info->pri_ext = pri_ext;
521 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &pri_ext->pri[0]);
522 if (retval != ERROR_OK)
524 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &pri_ext->pri[1]);
525 if (retval != ERROR_OK)
527 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &pri_ext->pri[2]);
528 if (retval != ERROR_OK)
531 /* default values for implementation specific workarounds */
532 pri_ext->_unlock1 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock1;
533 pri_ext->_unlock2 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock2;
534 pri_ext->_reversed_geometry = 0;
536 if ((pri_ext->pri[0] != 'P') || (pri_ext->pri[1] != 'R') || (pri_ext->pri[2] != 'I')) {
537 retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
538 if (retval != ERROR_OK)
540 LOG_ERROR("Could not read spansion bank information");
541 return ERROR_FLASH_BANK_INVALID;
544 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &pri_ext->major_version);
545 if (retval != ERROR_OK)
547 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &pri_ext->minor_version);
548 if (retval != ERROR_OK)
551 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", pri_ext->pri[0], pri_ext->pri[1],
552 pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
554 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 5, &pri_ext->SiliconRevision);
555 if (retval != ERROR_OK)
557 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 6, &pri_ext->EraseSuspend);
558 if (retval != ERROR_OK)
560 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 7, &pri_ext->BlkProt);
561 if (retval != ERROR_OK)
563 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 8, &pri_ext->TmpBlkUnprotect);
564 if (retval != ERROR_OK)
566 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 9, &pri_ext->BlkProtUnprot);
567 if (retval != ERROR_OK)
569 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 10, &pri_ext->SimultaneousOps);
570 if (retval != ERROR_OK)
572 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 11, &pri_ext->BurstMode);
573 if (retval != ERROR_OK)
575 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 12, &pri_ext->PageMode);
576 if (retval != ERROR_OK)
578 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 13, &pri_ext->VppMin);
579 if (retval != ERROR_OK)
581 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 14, &pri_ext->VppMax);
582 if (retval != ERROR_OK)
584 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 15, &pri_ext->TopBottom);
585 if (retval != ERROR_OK)
588 LOG_DEBUG("Silicon Revision: 0x%x, Erase Suspend: 0x%x, Block protect: 0x%x",
589 pri_ext->SiliconRevision, pri_ext->EraseSuspend, pri_ext->BlkProt);
591 LOG_DEBUG("Temporary Unprotect: 0x%x, Block Protect Scheme: 0x%x, "
592 "Simultaneous Ops: 0x%x", pri_ext->TmpBlkUnprotect,
593 pri_ext->BlkProtUnprot, pri_ext->SimultaneousOps);
595 LOG_DEBUG("Burst Mode: 0x%x, Page Mode: 0x%x, ", pri_ext->BurstMode, pri_ext->PageMode);
598 LOG_DEBUG("Vpp min: %u.%x, Vpp max: %u.%x",
599 (pri_ext->VppMin & 0xf0) >> 4, pri_ext->VppMin & 0x0f,
600 (pri_ext->VppMax & 0xf0) >> 4, pri_ext->VppMax & 0x0f);
602 LOG_DEBUG("WP# protection 0x%x", pri_ext->TopBottom);
607 static int cfi_read_atmel_pri_ext(struct flash_bank *bank)
610 struct cfi_atmel_pri_ext atmel_pri_ext;
611 struct cfi_flash_bank *cfi_info = bank->driver_priv;
612 struct cfi_spansion_pri_ext *pri_ext;
614 if (cfi_info->pri_ext)
615 free(cfi_info->pri_ext);
617 pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext));
618 if (pri_ext == NULL) {
619 LOG_ERROR("Out of memory");
623 /* ATMEL devices use the same CFI primary command set (0x2) as AMD/Spansion,
624 * but a different primary extended query table.
625 * We read the atmel table, and prepare a valid AMD/Spansion query table.
628 memset(pri_ext, 0, sizeof(struct cfi_spansion_pri_ext));
630 cfi_info->pri_ext = pri_ext;
632 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &atmel_pri_ext.pri[0]);
633 if (retval != ERROR_OK)
635 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &atmel_pri_ext.pri[1]);
636 if (retval != ERROR_OK)
638 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &atmel_pri_ext.pri[2]);
639 if (retval != ERROR_OK)
642 if ((atmel_pri_ext.pri[0] != 'P') || (atmel_pri_ext.pri[1] != 'R')
643 || (atmel_pri_ext.pri[2] != 'I')) {
644 retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
645 if (retval != ERROR_OK)
647 LOG_ERROR("Could not read atmel bank information");
648 return ERROR_FLASH_BANK_INVALID;
651 pri_ext->pri[0] = atmel_pri_ext.pri[0];
652 pri_ext->pri[1] = atmel_pri_ext.pri[1];
653 pri_ext->pri[2] = atmel_pri_ext.pri[2];
655 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &atmel_pri_ext.major_version);
656 if (retval != ERROR_OK)
658 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &atmel_pri_ext.minor_version);
659 if (retval != ERROR_OK)
662 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", atmel_pri_ext.pri[0],
663 atmel_pri_ext.pri[1], atmel_pri_ext.pri[2],
664 atmel_pri_ext.major_version, atmel_pri_ext.minor_version);
666 pri_ext->major_version = atmel_pri_ext.major_version;
667 pri_ext->minor_version = atmel_pri_ext.minor_version;
669 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 5, &atmel_pri_ext.features);
670 if (retval != ERROR_OK)
672 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 6, &atmel_pri_ext.bottom_boot);
673 if (retval != ERROR_OK)
675 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 7, &atmel_pri_ext.burst_mode);
676 if (retval != ERROR_OK)
678 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 8, &atmel_pri_ext.page_mode);
679 if (retval != ERROR_OK)
683 "features: 0x%2.2x, bottom_boot: 0x%2.2x, burst_mode: 0x%2.2x, page_mode: 0x%2.2x",
684 atmel_pri_ext.features,
685 atmel_pri_ext.bottom_boot,
686 atmel_pri_ext.burst_mode,
687 atmel_pri_ext.page_mode);
689 if (atmel_pri_ext.features & 0x02)
690 pri_ext->EraseSuspend = 2;
692 /* some chips got it backwards... */
693 if (cfi_info->device_id == AT49BV6416 ||
694 cfi_info->device_id == AT49BV6416T) {
695 if (atmel_pri_ext.bottom_boot)
696 pri_ext->TopBottom = 3;
698 pri_ext->TopBottom = 2;
700 if (atmel_pri_ext.bottom_boot)
701 pri_ext->TopBottom = 2;
703 pri_ext->TopBottom = 3;
706 pri_ext->_unlock1 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock1;
707 pri_ext->_unlock2 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock2;
712 static int cfi_read_0002_pri_ext(struct flash_bank *bank)
714 struct cfi_flash_bank *cfi_info = bank->driver_priv;
716 if (cfi_info->manufacturer == CFI_MFR_ATMEL)
717 return cfi_read_atmel_pri_ext(bank);
719 return cfi_read_spansion_pri_ext(bank);
722 static int cfi_spansion_info(struct flash_bank *bank, char *buf, int buf_size)
725 struct cfi_flash_bank *cfi_info = bank->driver_priv;
726 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
728 printed = snprintf(buf, buf_size, "\nSpansion primary algorithm extend information:\n");
732 printed = snprintf(buf, buf_size, "pri: '%c%c%c', version: %c.%c\n", pri_ext->pri[0],
733 pri_ext->pri[1], pri_ext->pri[2],
734 pri_ext->major_version, pri_ext->minor_version);
738 printed = snprintf(buf, buf_size, "Silicon Rev.: 0x%x, Address Sensitive unlock: 0x%x\n",
739 (pri_ext->SiliconRevision) >> 2,
740 (pri_ext->SiliconRevision) & 0x03);
744 printed = snprintf(buf, buf_size, "Erase Suspend: 0x%x, Sector Protect: 0x%x\n",
745 pri_ext->EraseSuspend,
750 snprintf(buf, buf_size, "VppMin: %u.%x, VppMax: %u.%x\n",
751 (pri_ext->VppMin & 0xf0) >> 4, pri_ext->VppMin & 0x0f,
752 (pri_ext->VppMax & 0xf0) >> 4, pri_ext->VppMax & 0x0f);
757 static int cfi_intel_info(struct flash_bank *bank, char *buf, int buf_size)
760 struct cfi_flash_bank *cfi_info = bank->driver_priv;
761 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
763 printed = snprintf(buf, buf_size, "\nintel primary algorithm extend information:\n");
767 printed = snprintf(buf,
769 "pri: '%c%c%c', version: %c.%c\n",
773 pri_ext->major_version,
774 pri_ext->minor_version);
778 printed = snprintf(buf,
780 "feature_support: 0x%" PRIx32 ", "
781 "suspend_cmd_support: 0x%x, blk_status_reg_mask: 0x%x\n",
782 pri_ext->feature_support,
783 pri_ext->suspend_cmd_support,
784 pri_ext->blk_status_reg_mask);
788 printed = snprintf(buf, buf_size, "Vcc opt: %x.%x, Vpp opt: %u.%x\n",
789 (pri_ext->vcc_optimal & 0xf0) >> 4, pri_ext->vcc_optimal & 0x0f,
790 (pri_ext->vpp_optimal & 0xf0) >> 4, pri_ext->vpp_optimal & 0x0f);
794 snprintf(buf, buf_size, "protection_fields: %i, prot_reg_addr: 0x%x, "
795 "factory pre-programmed: %i, user programmable: %i\n",
796 pri_ext->num_protection_fields, pri_ext->prot_reg_addr,
797 1 << pri_ext->fact_prot_reg_size, 1 << pri_ext->user_prot_reg_size);
802 /* flash_bank cfi <base> <size> <chip_width> <bus_width> <target#> [options]
804 FLASH_BANK_COMMAND_HANDLER(cfi_flash_bank_command)
806 struct cfi_flash_bank *cfi_info;
810 return ERROR_COMMAND_SYNTAX_ERROR;
813 * - not exceed max value;
815 * - be equal to a power of 2.
816 * bus must be wide enough to hold one chip */
817 if ((bank->chip_width > CFI_MAX_CHIP_WIDTH)
818 || (bank->bus_width > CFI_MAX_BUS_WIDTH)
819 || (bank->chip_width == 0)
820 || (bank->bus_width == 0)
821 || (bank->chip_width & (bank->chip_width - 1))
822 || (bank->bus_width & (bank->bus_width - 1))
823 || (bank->chip_width > bank->bus_width)) {
824 LOG_ERROR("chip and bus width have to specified in bytes");
825 return ERROR_FLASH_BANK_INVALID;
828 cfi_info = malloc(sizeof(struct cfi_flash_bank));
829 cfi_info->probed = 0;
830 cfi_info->erase_region_info = NULL;
831 cfi_info->pri_ext = NULL;
832 bank->driver_priv = cfi_info;
834 cfi_info->x16_as_x8 = 0;
835 cfi_info->jedec_probe = 0;
836 cfi_info->not_cfi = 0;
837 cfi_info->data_swap = 0;
839 for (unsigned i = 6; i < CMD_ARGC; i++) {
840 if (strcmp(CMD_ARGV[i], "x16_as_x8") == 0)
841 cfi_info->x16_as_x8 = 1;
842 else if (strcmp(CMD_ARGV[i], "data_swap") == 0)
843 cfi_info->data_swap = 1;
844 else if (strcmp(CMD_ARGV[i], "bus_swap") == 0)
846 else if (strcmp(CMD_ARGV[i], "jedec_probe") == 0)
847 cfi_info->jedec_probe = 1;
851 cfi_info->endianness =
852 bank->target->endianness == TARGET_LITTLE_ENDIAN ?
853 TARGET_BIG_ENDIAN : TARGET_LITTLE_ENDIAN;
855 cfi_info->endianness = bank->target->endianness;
857 /* bank wasn't probed yet */
858 cfi_info->qry[0] = 0xff;
863 static int cfi_intel_erase(struct flash_bank *bank, int first, int last)
866 struct cfi_flash_bank *cfi_info = bank->driver_priv;
869 cfi_intel_clear_status_register(bank);
871 for (i = first; i <= last; i++) {
872 retval = cfi_send_command(bank, 0x20, flash_address(bank, i, 0x0));
873 if (retval != ERROR_OK)
876 retval = cfi_send_command(bank, 0xd0, flash_address(bank, i, 0x0));
877 if (retval != ERROR_OK)
881 retval = cfi_intel_wait_status_busy(bank, cfi_info->block_erase_timeout, &status);
882 if (retval != ERROR_OK)
886 bank->sectors[i].is_erased = 1;
888 retval = cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
889 if (retval != ERROR_OK)
892 LOG_ERROR("couldn't erase block %i of flash bank at base 0x%"
893 PRIx32, i, bank->base);
894 return ERROR_FLASH_OPERATION_FAILED;
898 return cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
901 static int cfi_spansion_erase(struct flash_bank *bank, int first, int last)
904 struct cfi_flash_bank *cfi_info = bank->driver_priv;
905 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
908 for (i = first; i <= last; i++) {
909 retval = cfi_send_command(bank, 0xaa, flash_address(bank, 0, pri_ext->_unlock1));
910 if (retval != ERROR_OK)
913 retval = cfi_send_command(bank, 0x55, flash_address(bank, 0, pri_ext->_unlock2));
914 if (retval != ERROR_OK)
917 retval = cfi_send_command(bank, 0x80, flash_address(bank, 0, pri_ext->_unlock1));
918 if (retval != ERROR_OK)
921 retval = cfi_send_command(bank, 0xaa, flash_address(bank, 0, pri_ext->_unlock1));
922 if (retval != ERROR_OK)
925 retval = cfi_send_command(bank, 0x55, flash_address(bank, 0, pri_ext->_unlock2));
926 if (retval != ERROR_OK)
929 retval = cfi_send_command(bank, 0x30, flash_address(bank, i, 0x0));
930 if (retval != ERROR_OK)
933 if (cfi_spansion_wait_status_busy(bank, cfi_info->block_erase_timeout) == ERROR_OK)
934 bank->sectors[i].is_erased = 1;
936 retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
937 if (retval != ERROR_OK)
940 LOG_ERROR("couldn't erase block %i of flash bank at base 0x%"
941 PRIx32, i, bank->base);
942 return ERROR_FLASH_OPERATION_FAILED;
946 return cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
949 static int cfi_erase(struct flash_bank *bank, int first, int last)
951 struct cfi_flash_bank *cfi_info = bank->driver_priv;
953 if (bank->target->state != TARGET_HALTED) {
954 LOG_ERROR("Target not halted");
955 return ERROR_TARGET_NOT_HALTED;
958 if ((first < 0) || (last < first) || (last >= bank->num_sectors))
959 return ERROR_FLASH_SECTOR_INVALID;
961 if (cfi_info->qry[0] != 'Q')
962 return ERROR_FLASH_BANK_NOT_PROBED;
964 switch (cfi_info->pri_id) {
967 return cfi_intel_erase(bank, first, last);
970 return cfi_spansion_erase(bank, first, last);
973 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
980 static int cfi_intel_protect(struct flash_bank *bank, int set, int first, int last)
983 struct cfi_flash_bank *cfi_info = bank->driver_priv;
984 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
988 /* if the device supports neither legacy lock/unlock (bit 3) nor
989 * instant individual block locking (bit 5).
991 if (!(pri_ext->feature_support & 0x28)) {
992 LOG_ERROR("lock/unlock not supported on flash");
993 return ERROR_FLASH_OPERATION_FAILED;
996 cfi_intel_clear_status_register(bank);
998 for (i = first; i <= last; i++) {
999 retval = cfi_send_command(bank, 0x60, flash_address(bank, i, 0x0));
1000 if (retval != ERROR_OK)
1003 retval = cfi_send_command(bank, 0x01, flash_address(bank, i, 0x0));
1004 if (retval != ERROR_OK)
1006 bank->sectors[i].is_protected = 1;
1008 retval = cfi_send_command(bank, 0xd0, flash_address(bank, i, 0x0));
1009 if (retval != ERROR_OK)
1011 bank->sectors[i].is_protected = 0;
1014 /* instant individual block locking doesn't require reading of the status register
1016 if (!(pri_ext->feature_support & 0x20)) {
1017 /* Clear lock bits operation may take up to 1.4s */
1019 retval = cfi_intel_wait_status_busy(bank, 1400, &status);
1020 if (retval != ERROR_OK)
1023 uint8_t block_status;
1024 /* read block lock bit, to verify status */
1025 retval = cfi_send_command(bank, 0x90, flash_address(bank, 0, 0x55));
1026 if (retval != ERROR_OK)
1028 retval = cfi_get_u8(bank, i, 0x2, &block_status);
1029 if (retval != ERROR_OK)
1032 if ((block_status & 0x1) != set) {
1034 "couldn't change block lock status (set = %i, block_status = 0x%2.2x)",
1036 retval = cfi_send_command(bank, 0x70, flash_address(bank, 0, 0x55));
1037 if (retval != ERROR_OK)
1040 retval = cfi_intel_wait_status_busy(bank, 10, &status);
1041 if (retval != ERROR_OK)
1045 return ERROR_FLASH_OPERATION_FAILED;
1054 /* if the device doesn't support individual block lock bits set/clear,
1055 * all blocks have been unlocked in parallel, so we set those that should be protected
1057 if ((!set) && (!(pri_ext->feature_support & 0x20))) {
1058 /* FIX!!! this code path is broken!!!
1060 * The correct approach is:
1062 * 1. read out current protection status
1064 * 2. override read out protection status w/unprotected.
1066 * 3. re-protect what should be protected.
1069 for (i = 0; i < bank->num_sectors; i++) {
1070 if (bank->sectors[i].is_protected == 1) {
1071 cfi_intel_clear_status_register(bank);
1073 retval = cfi_send_command(bank, 0x60, flash_address(bank, i, 0x0));
1074 if (retval != ERROR_OK)
1077 retval = cfi_send_command(bank, 0x01, flash_address(bank, i, 0x0));
1078 if (retval != ERROR_OK)
1082 retval = cfi_intel_wait_status_busy(bank, 100, &status);
1083 if (retval != ERROR_OK)
1089 return cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
1092 static int cfi_protect(struct flash_bank *bank, int set, int first, int last)
1094 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1096 if (bank->target->state != TARGET_HALTED) {
1097 LOG_ERROR("Target not halted");
1098 return ERROR_TARGET_NOT_HALTED;
1101 if (cfi_info->qry[0] != 'Q')
1102 return ERROR_FLASH_BANK_NOT_PROBED;
1104 switch (cfi_info->pri_id) {
1107 return cfi_intel_protect(bank, set, first, last);
1110 LOG_WARNING("protect: cfi primary command set %i unsupported", cfi_info->pri_id);
1115 static uint32_t cfi_command_val(struct flash_bank *bank, uint8_t cmd)
1117 struct target *target = bank->target;
1119 uint8_t buf[CFI_MAX_BUS_WIDTH];
1120 cfi_command(bank, cmd, buf);
1121 switch (bank->bus_width) {
1126 return target_buffer_get_u16(target, buf);
1129 return target_buffer_get_u32(target, buf);
1132 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes",
1138 static int cfi_intel_write_block(struct flash_bank *bank, const uint8_t *buffer,
1139 uint32_t address, uint32_t count)
1141 struct target *target = bank->target;
1142 struct reg_param reg_params[7];
1143 struct arm_algorithm arm_algo;
1144 struct working_area *write_algorithm;
1145 struct working_area *source = NULL;
1146 uint32_t buffer_size = 32768;
1147 uint32_t write_command_val, busy_pattern_val, error_pattern_val;
1149 /* algorithm register usage:
1150 * r0: source address (in RAM)
1151 * r1: target address (in Flash)
1153 * r3: flash write command
1154 * r4: status byte (returned to host)
1155 * r5: busy test pattern
1156 * r6: error test pattern
1159 /* see contib/loaders/flash/armv4_5_cfi_intel_32.s for src */
1160 static const uint32_t word_32_code[] = {
1161 0xe4904004, /* loop: ldr r4, [r0], #4 */
1162 0xe5813000, /* str r3, [r1] */
1163 0xe5814000, /* str r4, [r1] */
1164 0xe5914000, /* busy: ldr r4, [r1] */
1165 0xe0047005, /* and r7, r4, r5 */
1166 0xe1570005, /* cmp r7, r5 */
1167 0x1afffffb, /* bne busy */
1168 0xe1140006, /* tst r4, r6 */
1169 0x1a000003, /* bne done */
1170 0xe2522001, /* subs r2, r2, #1 */
1171 0x0a000001, /* beq done */
1172 0xe2811004, /* add r1, r1 #4 */
1173 0xeafffff2, /* b loop */
1174 0xeafffffe /* done: b -2 */
1177 /* see contib/loaders/flash/armv4_5_cfi_intel_16.s for src */
1178 static const uint32_t word_16_code[] = {
1179 0xe0d040b2, /* loop: ldrh r4, [r0], #2 */
1180 0xe1c130b0, /* strh r3, [r1] */
1181 0xe1c140b0, /* strh r4, [r1] */
1182 0xe1d140b0, /* busy ldrh r4, [r1] */
1183 0xe0047005, /* and r7, r4, r5 */
1184 0xe1570005, /* cmp r7, r5 */
1185 0x1afffffb, /* bne busy */
1186 0xe1140006, /* tst r4, r6 */
1187 0x1a000003, /* bne done */
1188 0xe2522001, /* subs r2, r2, #1 */
1189 0x0a000001, /* beq done */
1190 0xe2811002, /* add r1, r1 #2 */
1191 0xeafffff2, /* b loop */
1192 0xeafffffe /* done: b -2 */
1195 /* see contib/loaders/flash/armv4_5_cfi_intel_8.s for src */
1196 static const uint32_t word_8_code[] = {
1197 0xe4d04001, /* loop: ldrb r4, [r0], #1 */
1198 0xe5c13000, /* strb r3, [r1] */
1199 0xe5c14000, /* strb r4, [r1] */
1200 0xe5d14000, /* busy ldrb r4, [r1] */
1201 0xe0047005, /* and r7, r4, r5 */
1202 0xe1570005, /* cmp r7, r5 */
1203 0x1afffffb, /* bne busy */
1204 0xe1140006, /* tst r4, r6 */
1205 0x1a000003, /* bne done */
1206 0xe2522001, /* subs r2, r2, #1 */
1207 0x0a000001, /* beq done */
1208 0xe2811001, /* add r1, r1 #1 */
1209 0xeafffff2, /* b loop */
1210 0xeafffffe /* done: b -2 */
1212 uint8_t target_code[4*CFI_MAX_INTEL_CODESIZE];
1213 const uint32_t *target_code_src;
1214 uint32_t target_code_size;
1215 int retval = ERROR_OK;
1217 /* check we have a supported arch */
1218 if (is_arm(target_to_arm(target))) {
1219 /* All other ARM CPUs have 32 bit instructions */
1220 arm_algo.common_magic = ARM_COMMON_MAGIC;
1221 arm_algo.core_mode = ARM_MODE_SVC;
1222 arm_algo.core_state = ARM_STATE_ARM;
1224 LOG_ERROR("Unknown architecture");
1225 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1228 cfi_intel_clear_status_register(bank);
1230 /* If we are setting up the write_algorith, we need target_code_src
1231 * if not we only need target_code_size. */
1233 /* However, we don't want to create multiple code paths, so we
1234 * do the unnecessary evaluation of target_code_src, which the
1235 * compiler will probably nicely optimize away if not needed */
1237 /* prepare algorithm code for target endian */
1238 switch (bank->bus_width) {
1240 target_code_src = word_8_code;
1241 target_code_size = sizeof(word_8_code);
1244 target_code_src = word_16_code;
1245 target_code_size = sizeof(word_16_code);
1248 target_code_src = word_32_code;
1249 target_code_size = sizeof(word_32_code);
1252 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes",
1254 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1257 /* flash write code */
1258 if (target_code_size > sizeof(target_code)) {
1259 LOG_WARNING("Internal error - target code buffer to small. "
1260 "Increase CFI_MAX_INTEL_CODESIZE and recompile.");
1261 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1264 target_buffer_set_u32_array(target, target_code, target_code_size / 4, target_code_src);
1266 /* Get memory for block write handler */
1267 retval = target_alloc_working_area(target,
1270 if (retval != ERROR_OK) {
1271 LOG_WARNING("No working area available, can't do block memory writes");
1272 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1275 /* write algorithm code to working area */
1276 retval = target_write_buffer(target, write_algorithm->address,
1277 target_code_size, target_code);
1278 if (retval != ERROR_OK) {
1279 LOG_ERROR("Unable to write block write code to target");
1283 /* Get a workspace buffer for the data to flash starting with 32k size.
1284 * Half size until buffer would be smaller 256 Bytes then fail back */
1285 /* FIXME Why 256 bytes, why not 32 bytes (smallest flash write page */
1286 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK) {
1288 if (buffer_size <= 256) {
1290 "no large enough working area available, can't do block memory writes");
1291 retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1296 /* setup algo registers */
1297 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
1298 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
1299 init_reg_param(®_params[2], "r2", 32, PARAM_OUT);
1300 init_reg_param(®_params[3], "r3", 32, PARAM_OUT);
1301 init_reg_param(®_params[4], "r4", 32, PARAM_IN);
1302 init_reg_param(®_params[5], "r5", 32, PARAM_OUT);
1303 init_reg_param(®_params[6], "r6", 32, PARAM_OUT);
1305 /* prepare command and status register patterns */
1306 write_command_val = cfi_command_val(bank, 0x40);
1307 busy_pattern_val = cfi_command_val(bank, 0x80);
1308 error_pattern_val = cfi_command_val(bank, 0x7e);
1310 LOG_DEBUG("Using target buffer at " TARGET_ADDR_FMT " and of size 0x%04" PRIx32,
1311 source->address, buffer_size);
1313 /* Programming main loop */
1315 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1318 retval = target_write_buffer(target, source->address, thisrun_count, buffer);
1319 if (retval != ERROR_OK)
1322 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1323 buf_set_u32(reg_params[1].value, 0, 32, address);
1324 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1326 buf_set_u32(reg_params[3].value, 0, 32, write_command_val);
1327 buf_set_u32(reg_params[5].value, 0, 32, busy_pattern_val);
1328 buf_set_u32(reg_params[6].value, 0, 32, error_pattern_val);
1330 LOG_DEBUG("Write 0x%04" PRIx32 " bytes to flash at 0x%08" PRIx32,
1331 thisrun_count, address);
1333 /* Execute algorithm, assume breakpoint for last instruction */
1334 retval = target_run_algorithm(target, 0, NULL, 7, reg_params,
1335 write_algorithm->address,
1336 write_algorithm->address + target_code_size -
1338 10000, /* 10s should be enough for max. 32k of data */
1341 /* On failure try a fall back to direct word writes */
1342 if (retval != ERROR_OK) {
1343 cfi_intel_clear_status_register(bank);
1345 "Execution of flash algorythm failed. Can't fall back. Please report.");
1346 retval = ERROR_FLASH_OPERATION_FAILED;
1347 /* retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE; */
1348 /* FIXME To allow fall back or recovery, we must save the actual status
1349 * somewhere, so that a higher level code can start recovery. */
1353 /* Check return value from algo code */
1354 wsm_error = buf_get_u32(reg_params[4].value, 0, 32) & error_pattern_val;
1356 /* read status register (outputs debug information) */
1358 cfi_intel_wait_status_busy(bank, 100, &status);
1359 cfi_intel_clear_status_register(bank);
1360 retval = ERROR_FLASH_OPERATION_FAILED;
1364 buffer += thisrun_count;
1365 address += thisrun_count;
1366 count -= thisrun_count;
1371 /* free up resources */
1374 target_free_working_area(target, source);
1376 target_free_working_area(target, write_algorithm);
1378 destroy_reg_param(®_params[0]);
1379 destroy_reg_param(®_params[1]);
1380 destroy_reg_param(®_params[2]);
1381 destroy_reg_param(®_params[3]);
1382 destroy_reg_param(®_params[4]);
1383 destroy_reg_param(®_params[5]);
1384 destroy_reg_param(®_params[6]);
1389 static int cfi_spansion_write_block_mips(struct flash_bank *bank, const uint8_t *buffer,
1390 uint32_t address, uint32_t count)
1392 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1393 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
1394 struct target *target = bank->target;
1395 struct reg_param reg_params[10];
1396 struct mips32_algorithm mips32_info;
1397 struct working_area *write_algorithm;
1398 struct working_area *source;
1399 uint32_t buffer_size = 32768;
1401 int retval = ERROR_OK;
1403 /* input parameters -
1404 * 4 A0 = source address
1405 * 5 A1 = destination address
1406 * 6 A2 = number of writes
1407 * 7 A3 = flash write command
1408 * 8 T0 = constant to mask DQ7 bits (also used for Dq5 with shift)
1409 * output parameters -
1410 * 9 T1 = 0x80 ok 0x00 bad
1412 * 10 T2 = value read from flash to test status
1413 * 11 T3 = holding register
1414 * unlock registers -
1415 * 12 T4 = unlock1_addr
1416 * 13 T5 = unlock1_cmd
1417 * 14 T6 = unlock2_addr
1418 * 15 T7 = unlock2_cmd */
1420 static const uint32_t mips_word_16_code[] = {
1422 MIPS32_LHU(0, 9, 0, 4), /* lhu $t1, ($a0) ; out = &saddr */
1423 MIPS32_ADDI(0, 4, 4, 2), /* addi $a0, $a0, 2 ; saddr += 2 */
1424 MIPS32_SH(0, 13, 0, 12), /* sh $t5, ($t4) ; *fl_unl_addr1 = fl_unl_cmd1 */
1425 MIPS32_SH(0, 15, 0, 14), /* sh $t7, ($t6) ; *fl_unl_addr2 = fl_unl_cmd2 */
1426 MIPS32_SH(0, 7, 0, 12), /* sh $a3, ($t4) ; *fl_unl_addr1 = fl_write_cmd */
1427 MIPS32_SH(0, 9, 0, 5), /* sh $t1, ($a1) ; *daddr = out */
1428 MIPS32_NOP, /* nop */
1430 MIPS32_LHU(0, 10, 0, 5), /* lhu $t2, ($a1) ; temp1 = *daddr */
1431 MIPS32_XOR(0, 11, 9, 10), /* xor $t3, $a0, $t2 ; temp2 = out ^ temp1; */
1432 MIPS32_AND(0, 11, 8, 11), /* and $t3, $t0, $t3 ; temp2 = temp2 & DQ7mask */
1433 MIPS32_BNE(0, 11, 8, 13), /* bne $t3, $t0, cont ; if (temp2 != DQ7mask) goto cont */
1434 MIPS32_NOP, /* nop */
1436 MIPS32_SRL(0, 10, 8, 2), /* srl $t2,$t0,2 ; temp1 = DQ7mask >> 2 */
1437 MIPS32_AND(0, 11, 10, 11), /* and $t3, $t2, $t3 ; temp2 = temp2 & temp1 */
1438 MIPS32_BNE(0, 11, 10, NEG16(8)), /* bne $t3, $t2, busy ; if (temp2 != temp1) goto busy */
1439 MIPS32_NOP, /* nop */
1441 MIPS32_LHU(0, 10, 0, 5), /* lhu $t2, ($a1) ; temp1 = *daddr */
1442 MIPS32_XOR(0, 11, 9, 10), /* xor $t3, $a0, $t2 ; temp2 = out ^ temp1; */
1443 MIPS32_AND(0, 11, 8, 11), /* and $t3, $t0, $t3 ; temp2 = temp2 & DQ7mask */
1444 MIPS32_BNE(0, 11, 8, 4), /* bne $t3, $t0, cont ; if (temp2 != DQ7mask) goto cont */
1445 MIPS32_NOP, /* nop */
1447 MIPS32_XOR(0, 9, 9, 9), /* xor $t1, $t1, $t1 ; out = 0 */
1448 MIPS32_BEQ(0, 9, 0, 11), /* beq $t1, $zero, done ; if (out == 0) goto done */
1449 MIPS32_NOP, /* nop */
1451 MIPS32_ADDI(0, 6, 6, NEG16(1)), /* addi, $a2, $a2, -1 ; numwrites-- */
1452 MIPS32_BNE(0, 6, 0, 5), /* bne $a2, $zero, cont2 ; if (numwrite != 0) goto cont2 */
1453 MIPS32_NOP, /* nop */
1455 MIPS32_LUI(0, 9, 0), /* lui $t1, 0 */
1456 MIPS32_ORI(0, 9, 9, 0x80), /* ori $t1, $t1, 0x80 ; out = 0x80 */
1458 MIPS32_B(0, 4), /* b done ; goto done */
1459 MIPS32_NOP, /* nop */
1461 MIPS32_ADDI(0, 5, 5, 2), /* addi $a0, $a0, 2 ; daddr += 2 */
1462 MIPS32_B(0, NEG16(33)), /* b start ; goto start */
1463 MIPS32_NOP, /* nop */
1465 MIPS32_SDBBP(0), /* sdbbp ; break(); */
1468 mips32_info.common_magic = MIPS32_COMMON_MAGIC;
1469 mips32_info.isa_mode = MIPS32_ISA_MIPS32;
1471 int target_code_size = 0;
1472 const uint32_t *target_code_src = NULL;
1474 switch (bank->bus_width) {
1476 /* Check for DQ5 support */
1477 if (cfi_info->status_poll_mask & (1 << 5)) {
1478 target_code_src = mips_word_16_code;
1479 target_code_size = sizeof(mips_word_16_code);
1481 LOG_ERROR("Need DQ5 support");
1482 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1483 /* target_code_src = mips_word_16_code_dq7only; */
1484 /* target_code_size = sizeof(mips_word_16_code_dq7only); */
1488 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes",
1490 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1493 /* flash write code */
1494 uint8_t *target_code;
1496 /* convert bus-width dependent algorithm code to correct endianness */
1497 target_code = malloc(target_code_size);
1498 if (target_code == NULL) {
1499 LOG_ERROR("Out of memory");
1503 target_buffer_set_u32_array(target, target_code, target_code_size / 4, target_code_src);
1505 /* allocate working area */
1506 retval = target_alloc_working_area(target, target_code_size,
1508 if (retval != ERROR_OK) {
1513 /* write algorithm code to working area */
1514 retval = target_write_buffer(target, write_algorithm->address,
1515 target_code_size, target_code);
1516 if (retval != ERROR_OK) {
1523 /* the following code still assumes target code is fixed 24*4 bytes */
1525 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK) {
1527 if (buffer_size <= 256) {
1528 /* we already allocated the writing code, but failed to get a
1529 * buffer, free the algorithm */
1530 target_free_working_area(target, write_algorithm);
1533 "not enough working area available, can't do block memory writes");
1534 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1538 init_reg_param(®_params[0], "r4", 32, PARAM_OUT);
1539 init_reg_param(®_params[1], "r5", 32, PARAM_OUT);
1540 init_reg_param(®_params[2], "r6", 32, PARAM_OUT);
1541 init_reg_param(®_params[3], "r7", 32, PARAM_OUT);
1542 init_reg_param(®_params[4], "r8", 32, PARAM_OUT);
1543 init_reg_param(®_params[5], "r9", 32, PARAM_IN);
1544 init_reg_param(®_params[6], "r12", 32, PARAM_OUT);
1545 init_reg_param(®_params[7], "r13", 32, PARAM_OUT);
1546 init_reg_param(®_params[8], "r14", 32, PARAM_OUT);
1547 init_reg_param(®_params[9], "r15", 32, PARAM_OUT);
1550 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1552 retval = target_write_buffer(target, source->address, thisrun_count, buffer);
1553 if (retval != ERROR_OK)
1556 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1557 buf_set_u32(reg_params[1].value, 0, 32, address);
1558 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1559 buf_set_u32(reg_params[3].value, 0, 32, cfi_command_val(bank, 0xA0));
1560 buf_set_u32(reg_params[4].value, 0, 32, cfi_command_val(bank, 0x80));
1561 buf_set_u32(reg_params[6].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock1));
1562 buf_set_u32(reg_params[7].value, 0, 32, 0xaaaaaaaa);
1563 buf_set_u32(reg_params[8].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock2));
1564 buf_set_u32(reg_params[9].value, 0, 32, 0x55555555);
1566 retval = target_run_algorithm(target, 0, NULL, 10, reg_params,
1567 write_algorithm->address,
1568 write_algorithm->address + ((target_code_size) - 4),
1569 10000, &mips32_info);
1570 if (retval != ERROR_OK)
1573 status = buf_get_u32(reg_params[5].value, 0, 32);
1574 if (status != 0x80) {
1575 LOG_ERROR("flash write block failed status: 0x%" PRIx32, status);
1576 retval = ERROR_FLASH_OPERATION_FAILED;
1580 buffer += thisrun_count;
1581 address += thisrun_count;
1582 count -= thisrun_count;
1585 target_free_all_working_areas(target);
1587 destroy_reg_param(®_params[0]);
1588 destroy_reg_param(®_params[1]);
1589 destroy_reg_param(®_params[2]);
1590 destroy_reg_param(®_params[3]);
1591 destroy_reg_param(®_params[4]);
1592 destroy_reg_param(®_params[5]);
1593 destroy_reg_param(®_params[6]);
1594 destroy_reg_param(®_params[7]);
1595 destroy_reg_param(®_params[8]);
1596 destroy_reg_param(®_params[9]);
1601 static int cfi_spansion_write_block(struct flash_bank *bank, const uint8_t *buffer,
1602 uint32_t address, uint32_t count)
1604 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1605 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
1606 struct target *target = bank->target;
1607 struct reg_param reg_params[10];
1609 struct arm_algorithm armv4_5_algo;
1610 struct armv7m_algorithm armv7m_algo;
1611 struct working_area *write_algorithm;
1612 struct working_area *source;
1613 uint32_t buffer_size = 32768;
1615 int retval = ERROR_OK;
1617 /* input parameters -
1618 * R0 = source address
1619 * R1 = destination address
1620 * R2 = number of writes
1621 * R3 = flash write command
1622 * R4 = constant to mask DQ7 bits (also used for Dq5 with shift)
1623 * output parameters -
1624 * R5 = 0x80 ok 0x00 bad
1626 * R6 = value read from flash to test status
1627 * R7 = holding register
1628 * unlock registers -
1631 * R10 = unlock2_addr
1632 * R11 = unlock2_cmd */
1634 /* see contib/loaders/flash/armv4_5_cfi_span_32.s for src */
1635 static const uint32_t armv4_5_word_32_code[] = {
1636 /* 00008100 <sp_32_code>: */
1637 0xe4905004, /* ldr r5, [r0], #4 */
1638 0xe5889000, /* str r9, [r8] */
1639 0xe58ab000, /* str r11, [r10] */
1640 0xe5883000, /* str r3, [r8] */
1641 0xe5815000, /* str r5, [r1] */
1642 0xe1a00000, /* nop */
1643 /* 00008110 <sp_32_busy>: */
1644 0xe5916000, /* ldr r6, [r1] */
1645 0xe0257006, /* eor r7, r5, r6 */
1646 0xe0147007, /* ands r7, r4, r7 */
1647 0x0a000007, /* beq 8140 <sp_32_cont> ; b if DQ7 == Data7 */
1648 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1649 0x0afffff9, /* beq 8110 <sp_32_busy> ; b if DQ5 low */
1650 0xe5916000, /* ldr r6, [r1] */
1651 0xe0257006, /* eor r7, r5, r6 */
1652 0xe0147007, /* ands r7, r4, r7 */
1653 0x0a000001, /* beq 8140 <sp_32_cont> ; b if DQ7 == Data7 */
1654 0xe3a05000, /* mov r5, #0 ; 0x0 - return 0x00, error */
1655 0x1a000004, /* bne 8154 <sp_32_done> */
1656 /* 00008140 <sp_32_cont>: */
1657 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1658 0x03a05080, /* moveq r5, #128 ; 0x80 */
1659 0x0a000001, /* beq 8154 <sp_32_done> */
1660 0xe2811004, /* add r1, r1, #4 ; 0x4 */
1661 0xeaffffe8, /* b 8100 <sp_32_code> */
1662 /* 00008154 <sp_32_done>: */
1663 0xeafffffe /* b 8154 <sp_32_done> */
1666 /* see contib/loaders/flash/armv4_5_cfi_span_16.s for src */
1667 static const uint32_t armv4_5_word_16_code[] = {
1668 /* 00008158 <sp_16_code>: */
1669 0xe0d050b2, /* ldrh r5, [r0], #2 */
1670 0xe1c890b0, /* strh r9, [r8] */
1671 0xe1cab0b0, /* strh r11, [r10] */
1672 0xe1c830b0, /* strh r3, [r8] */
1673 0xe1c150b0, /* strh r5, [r1] */
1674 0xe1a00000, /* nop (mov r0,r0) */
1675 /* 00008168 <sp_16_busy>: */
1676 0xe1d160b0, /* ldrh r6, [r1] */
1677 0xe0257006, /* eor r7, r5, r6 */
1678 0xe0147007, /* ands r7, r4, r7 */
1679 0x0a000007, /* beq 8198 <sp_16_cont> */
1680 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1681 0x0afffff9, /* beq 8168 <sp_16_busy> */
1682 0xe1d160b0, /* ldrh r6, [r1] */
1683 0xe0257006, /* eor r7, r5, r6 */
1684 0xe0147007, /* ands r7, r4, r7 */
1685 0x0a000001, /* beq 8198 <sp_16_cont> */
1686 0xe3a05000, /* mov r5, #0 ; 0x0 */
1687 0x1a000004, /* bne 81ac <sp_16_done> */
1688 /* 00008198 <sp_16_cont>: */
1689 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1690 0x03a05080, /* moveq r5, #128 ; 0x80 */
1691 0x0a000001, /* beq 81ac <sp_16_done> */
1692 0xe2811002, /* add r1, r1, #2 ; 0x2 */
1693 0xeaffffe8, /* b 8158 <sp_16_code> */
1694 /* 000081ac <sp_16_done>: */
1695 0xeafffffe /* b 81ac <sp_16_done> */
1698 /* see contrib/loaders/flash/armv7m_cfi_span_16.s for src */
1699 static const uint32_t armv7m_word_16_code[] = {
1720 /* see contrib/loaders/flash/armv7m_cfi_span_16_dq7.s for src */
1721 static const uint32_t armv7m_word_16_code_dq7only[] = {
1722 /* 00000000 <code>: */
1723 0x5B02F830, /* ldrh.w r5, [r0], #2 */
1724 0x9000F8A8, /* strh.w r9, [r8] */
1725 0xB000F8AA, /* strh.w fp, [sl] */
1726 0x3000F8A8, /* strh.w r3, [r8] */
1727 0xBF00800D, /* strh r5, [r1, #0] */
1730 /* 00000014 <busy>: */
1731 0xEA85880E, /* ldrh r6, [r1, #0] */
1732 /* eor.w r7, r5, r6 */
1733 0x40270706, /* ands r7, r4 */
1734 0x3A01D1FA, /* bne.n 14 <busy> */
1736 0xF101D002, /* beq.n 28 <success> */
1737 0xE7EB0102, /* add.w r1, r1, #2 */
1740 /* 00000028 <success>: */
1741 0x0580F04F, /* mov.w r5, #128 */
1742 0xBF00E7FF, /* b.n 30 <done> */
1743 /* nop (for alignment purposes) */
1745 /* 00000030 <done>: */
1746 0x0000BE00 /* bkpt 0x0000 */
1749 /* see contrib/loaders/flash/armv4_5_cfi_span_16_dq7.s for src */
1750 static const uint32_t armv4_5_word_16_code_dq7only[] = {
1752 0xe0d050b2, /* ldrh r5, [r0], #2 */
1753 0xe1c890b0, /* strh r9, [r8] */
1754 0xe1cab0b0, /* strh r11, [r10] */
1755 0xe1c830b0, /* strh r3, [r8] */
1756 0xe1c150b0, /* strh r5, [r1] */
1757 0xe1a00000, /* nop (mov r0,r0) */
1759 0xe1d160b0, /* ldrh r6, [r1] */
1760 0xe0257006, /* eor r7, r5, r6 */
1761 0xe2177080, /* ands r7, #0x80 */
1762 0x1afffffb, /* bne 8168 <sp_16_busy> */
1764 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1765 0x03a05080, /* moveq r5, #128 ; 0x80 */
1766 0x0a000001, /* beq 81ac <sp_16_done> */
1767 0xe2811002, /* add r1, r1, #2 ; 0x2 */
1768 0xeafffff0, /* b 8158 <sp_16_code> */
1769 /* 000081ac <sp_16_done>: */
1770 0xeafffffe /* b 81ac <sp_16_done> */
1773 /* see contrib/loaders/flash/armv4_5_cfi_span_8.s for src */
1774 static const uint32_t armv4_5_word_8_code[] = {
1775 /* 000081b0 <sp_16_code_end>: */
1776 0xe4d05001, /* ldrb r5, [r0], #1 */
1777 0xe5c89000, /* strb r9, [r8] */
1778 0xe5cab000, /* strb r11, [r10] */
1779 0xe5c83000, /* strb r3, [r8] */
1780 0xe5c15000, /* strb r5, [r1] */
1781 0xe1a00000, /* nop (mov r0,r0) */
1782 /* 000081c0 <sp_8_busy>: */
1783 0xe5d16000, /* ldrb r6, [r1] */
1784 0xe0257006, /* eor r7, r5, r6 */
1785 0xe0147007, /* ands r7, r4, r7 */
1786 0x0a000007, /* beq 81f0 <sp_8_cont> */
1787 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1788 0x0afffff9, /* beq 81c0 <sp_8_busy> */
1789 0xe5d16000, /* ldrb r6, [r1] */
1790 0xe0257006, /* eor r7, r5, r6 */
1791 0xe0147007, /* ands r7, r4, r7 */
1792 0x0a000001, /* beq 81f0 <sp_8_cont> */
1793 0xe3a05000, /* mov r5, #0 ; 0x0 */
1794 0x1a000004, /* bne 8204 <sp_8_done> */
1795 /* 000081f0 <sp_8_cont>: */
1796 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1797 0x03a05080, /* moveq r5, #128 ; 0x80 */
1798 0x0a000001, /* beq 8204 <sp_8_done> */
1799 0xe2811001, /* add r1, r1, #1 ; 0x1 */
1800 0xeaffffe8, /* b 81b0 <sp_16_code_end> */
1801 /* 00008204 <sp_8_done>: */
1802 0xeafffffe /* b 8204 <sp_8_done> */
1805 if (strncmp(target_type_name(target), "mips_m4k", 8) == 0)
1806 return cfi_spansion_write_block_mips(bank, buffer, address, count);
1808 if (is_armv7m(target_to_armv7m(target))) { /* armv7m target */
1809 armv7m_algo.common_magic = ARMV7M_COMMON_MAGIC;
1810 armv7m_algo.core_mode = ARM_MODE_THREAD;
1811 arm_algo = &armv7m_algo;
1812 } else if (is_arm(target_to_arm(target))) {
1813 /* All other ARM CPUs have 32 bit instructions */
1814 armv4_5_algo.common_magic = ARM_COMMON_MAGIC;
1815 armv4_5_algo.core_mode = ARM_MODE_SVC;
1816 armv4_5_algo.core_state = ARM_STATE_ARM;
1817 arm_algo = &armv4_5_algo;
1819 LOG_ERROR("Unknown architecture");
1820 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1823 int target_code_size = 0;
1824 const uint32_t *target_code_src = NULL;
1826 switch (bank->bus_width) {
1828 if (is_armv7m(target_to_armv7m(target))) {
1829 LOG_ERROR("Unknown ARM architecture");
1832 target_code_src = armv4_5_word_8_code;
1833 target_code_size = sizeof(armv4_5_word_8_code);
1836 /* Check for DQ5 support */
1837 if (cfi_info->status_poll_mask & (1 << 5)) {
1838 if (is_armv7m(target_to_armv7m(target))) {
1840 target_code_src = armv7m_word_16_code;
1841 target_code_size = sizeof(armv7m_word_16_code);
1842 } else { /* armv4_5 target */
1843 target_code_src = armv4_5_word_16_code;
1844 target_code_size = sizeof(armv4_5_word_16_code);
1847 /* No DQ5 support. Use DQ7 DATA# polling only. */
1848 if (is_armv7m(target_to_armv7m(target))) {
1850 target_code_src = armv7m_word_16_code_dq7only;
1851 target_code_size = sizeof(armv7m_word_16_code_dq7only);
1852 } else { /* armv4_5 target */
1853 target_code_src = armv4_5_word_16_code_dq7only;
1854 target_code_size = sizeof(armv4_5_word_16_code_dq7only);
1859 if (is_armv7m(target_to_armv7m(target))) {
1860 LOG_ERROR("Unknown ARM architecture");
1863 target_code_src = armv4_5_word_32_code;
1864 target_code_size = sizeof(armv4_5_word_32_code);
1867 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes",
1869 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1872 /* flash write code */
1873 uint8_t *target_code;
1875 /* convert bus-width dependent algorithm code to correct endianness */
1876 target_code = malloc(target_code_size);
1877 if (target_code == NULL) {
1878 LOG_ERROR("Out of memory");
1882 target_buffer_set_u32_array(target, target_code, target_code_size / 4, target_code_src);
1884 /* allocate working area */
1885 retval = target_alloc_working_area(target, target_code_size,
1887 if (retval != ERROR_OK) {
1892 /* write algorithm code to working area */
1893 retval = target_write_buffer(target, write_algorithm->address,
1894 target_code_size, target_code);
1895 if (retval != ERROR_OK) {
1902 /* the following code still assumes target code is fixed 24*4 bytes */
1904 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK) {
1906 if (buffer_size <= 256) {
1907 /* we already allocated the writing code, but failed to get a
1908 * buffer, free the algorithm */
1909 target_free_working_area(target, write_algorithm);
1912 "not enough working area available, can't do block memory writes");
1913 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1917 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
1918 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
1919 init_reg_param(®_params[2], "r2", 32, PARAM_OUT);
1920 init_reg_param(®_params[3], "r3", 32, PARAM_OUT);
1921 init_reg_param(®_params[4], "r4", 32, PARAM_OUT);
1922 init_reg_param(®_params[5], "r5", 32, PARAM_IN);
1923 init_reg_param(®_params[6], "r8", 32, PARAM_OUT);
1924 init_reg_param(®_params[7], "r9", 32, PARAM_OUT);
1925 init_reg_param(®_params[8], "r10", 32, PARAM_OUT);
1926 init_reg_param(®_params[9], "r11", 32, PARAM_OUT);
1929 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1931 retval = target_write_buffer(target, source->address, thisrun_count, buffer);
1932 if (retval != ERROR_OK)
1935 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1936 buf_set_u32(reg_params[1].value, 0, 32, address);
1937 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1938 buf_set_u32(reg_params[3].value, 0, 32, cfi_command_val(bank, 0xA0));
1939 buf_set_u32(reg_params[4].value, 0, 32, cfi_command_val(bank, 0x80));
1940 buf_set_u32(reg_params[6].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock1));
1941 buf_set_u32(reg_params[7].value, 0, 32, 0xaaaaaaaa);
1942 buf_set_u32(reg_params[8].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock2));
1943 buf_set_u32(reg_params[9].value, 0, 32, 0x55555555);
1945 retval = target_run_algorithm(target, 0, NULL, 10, reg_params,
1946 write_algorithm->address,
1947 write_algorithm->address + ((target_code_size) - 4),
1949 if (retval != ERROR_OK)
1952 status = buf_get_u32(reg_params[5].value, 0, 32);
1953 if (status != 0x80) {
1954 LOG_ERROR("flash write block failed status: 0x%" PRIx32, status);
1955 retval = ERROR_FLASH_OPERATION_FAILED;
1959 buffer += thisrun_count;
1960 address += thisrun_count;
1961 count -= thisrun_count;
1964 target_free_all_working_areas(target);
1966 destroy_reg_param(®_params[0]);
1967 destroy_reg_param(®_params[1]);
1968 destroy_reg_param(®_params[2]);
1969 destroy_reg_param(®_params[3]);
1970 destroy_reg_param(®_params[4]);
1971 destroy_reg_param(®_params[5]);
1972 destroy_reg_param(®_params[6]);
1973 destroy_reg_param(®_params[7]);
1974 destroy_reg_param(®_params[8]);
1975 destroy_reg_param(®_params[9]);
1980 static int cfi_intel_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
1983 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1984 struct target *target = bank->target;
1986 cfi_intel_clear_status_register(bank);
1987 retval = cfi_send_command(bank, 0x40, address);
1988 if (retval != ERROR_OK)
1991 retval = target_write_memory(target, address, bank->bus_width, 1, word);
1992 if (retval != ERROR_OK)
1996 retval = cfi_intel_wait_status_busy(bank, cfi_info->word_write_timeout, &status);
1997 if (retval != ERROR_OK)
1999 if (status != 0x80) {
2000 retval = cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
2001 if (retval != ERROR_OK)
2004 LOG_ERROR("couldn't write word at base 0x%" PRIx32 ", address 0x%" PRIx32,
2005 bank->base, address);
2006 return ERROR_FLASH_OPERATION_FAILED;
2012 static int cfi_intel_write_words(struct flash_bank *bank, const uint8_t *word,
2013 uint32_t wordcount, uint32_t address)
2016 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2017 struct target *target = bank->target;
2019 /* Calculate buffer size and boundary mask
2020 * buffersize is (buffer size per chip) * (number of chips)
2021 * bufferwsize is buffersize in words */
2022 uint32_t buffersize =
2023 (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
2024 uint32_t buffermask = buffersize-1;
2025 uint32_t bufferwsize = buffersize / bank->bus_width;
2027 /* Check for valid range */
2028 if (address & buffermask) {
2029 LOG_ERROR("Write address at base 0x%" PRIx32 ", address 0x%" PRIx32
2030 " not aligned to 2^%d boundary",
2031 bank->base, address, cfi_info->max_buf_write_size);
2032 return ERROR_FLASH_OPERATION_FAILED;
2035 /* Check for valid size */
2036 if (wordcount > bufferwsize) {
2037 LOG_ERROR("Number of data words %" PRId32 " exceeds available buffersize %" PRId32,
2038 wordcount, buffersize);
2039 return ERROR_FLASH_OPERATION_FAILED;
2042 /* Write to flash buffer */
2043 cfi_intel_clear_status_register(bank);
2045 /* Initiate buffer operation _*/
2046 retval = cfi_send_command(bank, 0xe8, address);
2047 if (retval != ERROR_OK)
2050 retval = cfi_intel_wait_status_busy(bank, cfi_info->buf_write_timeout, &status);
2051 if (retval != ERROR_OK)
2053 if (status != 0x80) {
2054 retval = cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
2055 if (retval != ERROR_OK)
2059 "couldn't start buffer write operation at base 0x%" PRIx32 ", address 0x%" PRIx32,
2062 return ERROR_FLASH_OPERATION_FAILED;
2065 /* Write buffer wordcount-1 and data words */
2066 retval = cfi_send_command(bank, bufferwsize-1, address);
2067 if (retval != ERROR_OK)
2070 retval = target_write_memory(target, address, bank->bus_width, bufferwsize, word);
2071 if (retval != ERROR_OK)
2074 /* Commit write operation */
2075 retval = cfi_send_command(bank, 0xd0, address);
2076 if (retval != ERROR_OK)
2079 retval = cfi_intel_wait_status_busy(bank, cfi_info->buf_write_timeout, &status);
2080 if (retval != ERROR_OK)
2083 if (status != 0x80) {
2084 retval = cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
2085 if (retval != ERROR_OK)
2088 LOG_ERROR("Buffer write at base 0x%" PRIx32
2089 ", address 0x%" PRIx32 " failed.", bank->base, address);
2090 return ERROR_FLASH_OPERATION_FAILED;
2096 static int cfi_spansion_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
2099 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2100 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2101 struct target *target = bank->target;
2103 retval = cfi_send_command(bank, 0xaa, flash_address(bank, 0, pri_ext->_unlock1));
2104 if (retval != ERROR_OK)
2107 retval = cfi_send_command(bank, 0x55, flash_address(bank, 0, pri_ext->_unlock2));
2108 if (retval != ERROR_OK)
2111 retval = cfi_send_command(bank, 0xa0, flash_address(bank, 0, pri_ext->_unlock1));
2112 if (retval != ERROR_OK)
2115 retval = target_write_memory(target, address, bank->bus_width, 1, word);
2116 if (retval != ERROR_OK)
2119 if (cfi_spansion_wait_status_busy(bank, cfi_info->word_write_timeout) != ERROR_OK) {
2120 retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
2121 if (retval != ERROR_OK)
2124 LOG_ERROR("couldn't write word at base 0x%" PRIx32
2125 ", address 0x%" PRIx32, bank->base, address);
2126 return ERROR_FLASH_OPERATION_FAILED;
2132 static int cfi_spansion_write_words(struct flash_bank *bank, const uint8_t *word,
2133 uint32_t wordcount, uint32_t address)
2136 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2137 struct target *target = bank->target;
2138 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2140 /* Calculate buffer size and boundary mask
2141 * buffersize is (buffer size per chip) * (number of chips)
2142 * bufferwsize is buffersize in words */
2143 uint32_t buffersize =
2144 (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
2145 uint32_t buffermask = buffersize-1;
2146 uint32_t bufferwsize = buffersize / bank->bus_width;
2148 /* Check for valid range */
2149 if (address & buffermask) {
2150 LOG_ERROR("Write address at base 0x%" PRIx32
2151 ", address 0x%" PRIx32 " not aligned to 2^%d boundary",
2152 bank->base, address, cfi_info->max_buf_write_size);
2153 return ERROR_FLASH_OPERATION_FAILED;
2156 /* Check for valid size */
2157 if (wordcount > bufferwsize) {
2158 LOG_ERROR("Number of data words %" PRId32 " exceeds available buffersize %"
2159 PRId32, wordcount, buffersize);
2160 return ERROR_FLASH_OPERATION_FAILED;
2164 retval = cfi_send_command(bank, 0xaa, flash_address(bank, 0, pri_ext->_unlock1));
2165 if (retval != ERROR_OK)
2168 retval = cfi_send_command(bank, 0x55, flash_address(bank, 0, pri_ext->_unlock2));
2169 if (retval != ERROR_OK)
2172 /* Buffer load command */
2173 retval = cfi_send_command(bank, 0x25, address);
2174 if (retval != ERROR_OK)
2177 /* Write buffer wordcount-1 and data words */
2178 retval = cfi_send_command(bank, bufferwsize-1, address);
2179 if (retval != ERROR_OK)
2182 retval = target_write_memory(target, address, bank->bus_width, bufferwsize, word);
2183 if (retval != ERROR_OK)
2186 /* Commit write operation */
2187 retval = cfi_send_command(bank, 0x29, address);
2188 if (retval != ERROR_OK)
2191 if (cfi_spansion_wait_status_busy(bank, cfi_info->buf_write_timeout) != ERROR_OK) {
2192 retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
2193 if (retval != ERROR_OK)
2196 LOG_ERROR("couldn't write block at base 0x%" PRIx32
2197 ", address 0x%" PRIx32 ", size 0x%" PRIx32, bank->base, address,
2199 return ERROR_FLASH_OPERATION_FAILED;
2205 static int cfi_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
2207 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2209 switch (cfi_info->pri_id) {
2212 return cfi_intel_write_word(bank, word, address);
2215 return cfi_spansion_write_word(bank, word, address);
2218 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2222 return ERROR_FLASH_OPERATION_FAILED;
2225 static int cfi_write_words(struct flash_bank *bank, const uint8_t *word,
2226 uint32_t wordcount, uint32_t address)
2228 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2230 if (cfi_info->buf_write_timeout_typ == 0) {
2231 /* buffer writes are not supported */
2232 LOG_DEBUG("Buffer Writes Not Supported");
2233 return ERROR_FLASH_OPER_UNSUPPORTED;
2236 switch (cfi_info->pri_id) {
2239 return cfi_intel_write_words(bank, word, wordcount, address);
2242 return cfi_spansion_write_words(bank, word, wordcount, address);
2245 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2249 return ERROR_FLASH_OPERATION_FAILED;
2252 static int cfi_read(struct flash_bank *bank, uint8_t *buffer, uint32_t offset, uint32_t count)
2254 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2255 struct target *target = bank->target;
2256 uint32_t address = bank->base + offset;
2258 int align; /* number of unaligned bytes */
2259 uint8_t current_word[CFI_MAX_BUS_WIDTH];
2263 LOG_DEBUG("reading buffer of %i byte at 0x%8.8x",
2264 (int)count, (unsigned)offset);
2266 if (bank->target->state != TARGET_HALTED) {
2267 LOG_ERROR("Target not halted");
2268 return ERROR_TARGET_NOT_HALTED;
2271 if (offset + count > bank->size)
2272 return ERROR_FLASH_DST_OUT_OF_BANK;
2274 if (cfi_info->qry[0] != 'Q')
2275 return ERROR_FLASH_BANK_NOT_PROBED;
2277 /* start at the first byte of the first word (bus_width size) */
2278 read_p = address & ~(bank->bus_width - 1);
2279 align = address - read_p;
2281 LOG_INFO("Fixup %d unaligned read head bytes", align);
2283 /* read a complete word from flash */
2284 retval = target_read_memory(target, read_p, bank->bus_width, 1, current_word);
2285 if (retval != ERROR_OK)
2288 /* take only bytes we need */
2289 for (i = align; (i < bank->bus_width) && (count > 0); i++, count--)
2290 *buffer++ = current_word[i];
2292 read_p += bank->bus_width;
2295 align = count / bank->bus_width;
2297 retval = target_read_memory(target, read_p, bank->bus_width, align, buffer);
2298 if (retval != ERROR_OK)
2301 read_p += align * bank->bus_width;
2302 buffer += align * bank->bus_width;
2303 count -= align * bank->bus_width;
2307 LOG_INFO("Fixup %" PRIu32 " unaligned read tail bytes", count);
2309 /* read a complete word from flash */
2310 retval = target_read_memory(target, read_p, bank->bus_width, 1, current_word);
2311 if (retval != ERROR_OK)
2314 /* take only bytes we need */
2315 for (i = 0; (i < bank->bus_width) && (count > 0); i++, count--)
2316 *buffer++ = current_word[i];
2322 static int cfi_write(struct flash_bank *bank, const uint8_t *buffer, uint32_t offset, uint32_t count)
2324 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2325 struct target *target = bank->target;
2326 uint32_t address = bank->base + offset; /* address of first byte to be programmed */
2328 int align; /* number of unaligned bytes */
2329 int blk_count; /* number of bus_width bytes for block copy */
2330 uint8_t current_word[CFI_MAX_BUS_WIDTH * 4]; /* word (bus_width size) currently being
2332 uint8_t *swapped_buffer = NULL;
2333 const uint8_t *real_buffer = NULL;
2337 if (bank->target->state != TARGET_HALTED) {
2338 LOG_ERROR("Target not halted");
2339 return ERROR_TARGET_NOT_HALTED;
2342 if (offset + count > bank->size)
2343 return ERROR_FLASH_DST_OUT_OF_BANK;
2345 if (cfi_info->qry[0] != 'Q')
2346 return ERROR_FLASH_BANK_NOT_PROBED;
2348 /* start at the first byte of the first word (bus_width size) */
2349 write_p = address & ~(bank->bus_width - 1);
2350 align = address - write_p;
2352 LOG_INFO("Fixup %d unaligned head bytes", align);
2354 /* read a complete word from flash */
2355 retval = target_read_memory(target, write_p, bank->bus_width, 1, current_word);
2356 if (retval != ERROR_OK)
2359 /* replace only bytes that must be written */
2361 (i < bank->bus_width) && (count > 0);
2363 if (cfi_info->data_swap)
2364 /* data bytes are swapped (reverse endianness) */
2365 current_word[bank->bus_width - i] = *buffer++;
2367 current_word[i] = *buffer++;
2369 retval = cfi_write_word(bank, current_word, write_p);
2370 if (retval != ERROR_OK)
2372 write_p += bank->bus_width;
2375 if (cfi_info->data_swap && count) {
2376 swapped_buffer = malloc(count & ~(bank->bus_width - 1));
2377 switch (bank->bus_width) {
2379 buf_bswap16(swapped_buffer, buffer,
2380 count & ~(bank->bus_width - 1));
2383 buf_bswap32(swapped_buffer, buffer,
2384 count & ~(bank->bus_width - 1));
2387 real_buffer = buffer;
2388 buffer = swapped_buffer;
2391 /* handle blocks of bus_size aligned bytes */
2392 blk_count = count & ~(bank->bus_width - 1); /* round down, leave tail bytes */
2393 switch (cfi_info->pri_id) {
2394 /* try block writes (fails without working area) */
2397 retval = cfi_intel_write_block(bank, buffer, write_p, blk_count);
2400 retval = cfi_spansion_write_block(bank, buffer, write_p, blk_count);
2403 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2404 retval = ERROR_FLASH_OPERATION_FAILED;
2407 if (retval == ERROR_OK) {
2408 /* Increment pointers and decrease count on succesful block write */
2409 buffer += blk_count;
2410 write_p += blk_count;
2413 if (retval == ERROR_TARGET_RESOURCE_NOT_AVAILABLE) {
2414 /* Calculate buffer size and boundary mask
2415 * buffersize is (buffer size per chip) * (number of chips)
2416 * bufferwsize is buffersize in words */
2417 uint32_t buffersize =
2419 cfi_info->max_buf_write_size) *
2420 (bank->bus_width / bank->chip_width);
2421 uint32_t buffermask = buffersize-1;
2422 uint32_t bufferwsize = buffersize / bank->bus_width;
2424 /* fall back to memory writes */
2425 while (count >= (uint32_t)bank->bus_width) {
2427 if ((write_p & 0xff) == 0) {
2428 LOG_INFO("Programming at 0x%08" PRIx32 ", count 0x%08"
2429 PRIx32 " bytes remaining", write_p, count);
2432 if ((bufferwsize > 0) && (count >= buffersize) &&
2433 !(write_p & buffermask)) {
2434 retval = cfi_write_words(bank, buffer, bufferwsize, write_p);
2435 if (retval == ERROR_OK) {
2436 buffer += buffersize;
2437 write_p += buffersize;
2438 count -= buffersize;
2440 } else if (retval != ERROR_FLASH_OPER_UNSUPPORTED)
2443 /* try the slow way? */
2445 for (i = 0; i < bank->bus_width; i++)
2446 current_word[i] = *buffer++;
2448 retval = cfi_write_word(bank, current_word, write_p);
2449 if (retval != ERROR_OK)
2452 write_p += bank->bus_width;
2453 count -= bank->bus_width;
2460 if (swapped_buffer) {
2461 buffer = real_buffer + (buffer - swapped_buffer);
2462 free(swapped_buffer);
2465 /* return to read array mode, so we can read from flash again for padding */
2466 retval = cfi_reset(bank);
2467 if (retval != ERROR_OK)
2470 /* handle unaligned tail bytes */
2472 LOG_INFO("Fixup %" PRId32 " unaligned tail bytes", count);
2474 /* read a complete word from flash */
2475 retval = target_read_memory(target, write_p, bank->bus_width, 1, current_word);
2476 if (retval != ERROR_OK)
2479 /* replace only bytes that must be written */
2480 for (i = 0; (i < bank->bus_width) && (count > 0); i++, count--)
2481 if (cfi_info->data_swap)
2482 /* data bytes are swapped (reverse endianness) */
2483 current_word[bank->bus_width - i] = *buffer++;
2485 current_word[i] = *buffer++;
2487 retval = cfi_write_word(bank, current_word, write_p);
2488 if (retval != ERROR_OK)
2492 /* return to read array mode */
2493 return cfi_reset(bank);
2496 static void cfi_fixup_reversed_erase_regions(struct flash_bank *bank, const void *param)
2499 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2500 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2502 pri_ext->_reversed_geometry = 1;
2505 static void cfi_fixup_0002_erase_regions(struct flash_bank *bank, const void *param)
2508 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2509 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2512 if ((pri_ext->_reversed_geometry) || (pri_ext->TopBottom == 3)) {
2513 LOG_DEBUG("swapping reversed erase region information on cmdset 0002 device");
2515 for (i = 0; i < cfi_info->num_erase_regions / 2; i++) {
2516 int j = (cfi_info->num_erase_regions - 1) - i;
2519 swap = cfi_info->erase_region_info[i];
2520 cfi_info->erase_region_info[i] = cfi_info->erase_region_info[j];
2521 cfi_info->erase_region_info[j] = swap;
2526 static void cfi_fixup_0002_unlock_addresses(struct flash_bank *bank, const void *param)
2528 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2529 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2530 const struct cfi_unlock_addresses *unlock_addresses = param;
2532 pri_ext->_unlock1 = unlock_addresses->unlock1;
2533 pri_ext->_unlock2 = unlock_addresses->unlock2;
2536 static void cfi_fixup_0002_polling_bits(struct flash_bank *bank, const void *param)
2538 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2539 const int *status_poll_mask = param;
2541 cfi_info->status_poll_mask = *status_poll_mask;
2545 static int cfi_query_string(struct flash_bank *bank, int address)
2547 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2550 retval = cfi_send_command(bank, 0x98, flash_address(bank, 0, address));
2551 if (retval != ERROR_OK)
2554 retval = cfi_query_u8(bank, 0, 0x10, &cfi_info->qry[0]);
2555 if (retval != ERROR_OK)
2557 retval = cfi_query_u8(bank, 0, 0x11, &cfi_info->qry[1]);
2558 if (retval != ERROR_OK)
2560 retval = cfi_query_u8(bank, 0, 0x12, &cfi_info->qry[2]);
2561 if (retval != ERROR_OK)
2564 LOG_DEBUG("CFI qry returned: 0x%2.2x 0x%2.2x 0x%2.2x",
2565 cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2]);
2567 if ((cfi_info->qry[0] != 'Q') || (cfi_info->qry[1] != 'R') || (cfi_info->qry[2] != 'Y')) {
2568 retval = cfi_reset(bank);
2569 if (retval != ERROR_OK)
2571 LOG_ERROR("Could not probe bank: no QRY");
2572 return ERROR_FLASH_BANK_INVALID;
2578 static int cfi_probe(struct flash_bank *bank)
2580 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2581 struct target *target = bank->target;
2582 int num_sectors = 0;
2585 uint32_t unlock1 = 0x555;
2586 uint32_t unlock2 = 0x2aa;
2588 uint8_t value_buf0[CFI_MAX_BUS_WIDTH], value_buf1[CFI_MAX_BUS_WIDTH];
2590 if (bank->target->state != TARGET_HALTED) {
2591 LOG_ERROR("Target not halted");
2592 return ERROR_TARGET_NOT_HALTED;
2595 cfi_info->probed = 0;
2596 cfi_info->num_erase_regions = 0;
2597 if (bank->sectors) {
2598 free(bank->sectors);
2599 bank->sectors = NULL;
2601 if (cfi_info->erase_region_info) {
2602 free(cfi_info->erase_region_info);
2603 cfi_info->erase_region_info = NULL;
2606 /* JEDEC standard JESD21C uses 0x5555 and 0x2aaa as unlock addresses,
2607 * while CFI compatible AMD/Spansion flashes use 0x555 and 0x2aa
2609 if (cfi_info->jedec_probe) {
2614 /* switch to read identifier codes mode ("AUTOSELECT") */
2615 retval = cfi_send_command(bank, 0xaa, flash_address(bank, 0, unlock1));
2616 if (retval != ERROR_OK)
2618 retval = cfi_send_command(bank, 0x55, flash_address(bank, 0, unlock2));
2619 if (retval != ERROR_OK)
2621 retval = cfi_send_command(bank, 0x90, flash_address(bank, 0, unlock1));
2622 if (retval != ERROR_OK)
2625 retval = target_read_memory(target, flash_address(bank, 0, 0x00),
2626 bank->bus_width, 1, value_buf0);
2627 if (retval != ERROR_OK)
2629 retval = target_read_memory(target, flash_address(bank, 0, 0x01),
2630 bank->bus_width, 1, value_buf1);
2631 if (retval != ERROR_OK)
2633 switch (bank->chip_width) {
2635 cfi_info->manufacturer = *value_buf0;
2636 cfi_info->device_id = *value_buf1;
2639 cfi_info->manufacturer = target_buffer_get_u16(target, value_buf0);
2640 cfi_info->device_id = target_buffer_get_u16(target, value_buf1);
2643 cfi_info->manufacturer = target_buffer_get_u32(target, value_buf0);
2644 cfi_info->device_id = target_buffer_get_u32(target, value_buf1);
2647 LOG_ERROR("Unsupported bank chipwidth %d, can't probe memory",
2649 return ERROR_FLASH_OPERATION_FAILED;
2652 LOG_INFO("Flash Manufacturer/Device: 0x%04x 0x%04x",
2653 cfi_info->manufacturer, cfi_info->device_id);
2654 /* switch back to read array mode */
2655 retval = cfi_reset(bank);
2656 if (retval != ERROR_OK)
2659 /* check device/manufacturer ID for known non-CFI flashes. */
2660 cfi_fixup_non_cfi(bank);
2662 /* query only if this is a CFI compatible flash,
2663 * otherwise the relevant info has already been filled in
2665 if (cfi_info->not_cfi == 0) {
2666 /* enter CFI query mode
2667 * according to JEDEC Standard No. 68.01,
2668 * a single bus sequence with address = 0x55, data = 0x98 should put
2669 * the device into CFI query mode.
2671 * SST flashes clearly violate this, and we will consider them incompatible for now
2674 retval = cfi_query_string(bank, 0x55);
2675 if (retval != ERROR_OK) {
2677 * Spansion S29WS-N CFI query fix is to try 0x555 if 0x55 fails. Should
2678 * be harmless enough:
2680 * http://www.infradead.org/pipermail/linux-mtd/2005-September/013618.html
2682 LOG_USER("Try workaround w/0x555 instead of 0x55 to get QRY.");
2683 retval = cfi_query_string(bank, 0x555);
2685 if (retval != ERROR_OK)
2688 retval = cfi_query_u16(bank, 0, 0x13, &cfi_info->pri_id);
2689 if (retval != ERROR_OK)
2691 retval = cfi_query_u16(bank, 0, 0x15, &cfi_info->pri_addr);
2692 if (retval != ERROR_OK)
2694 retval = cfi_query_u16(bank, 0, 0x17, &cfi_info->alt_id);
2695 if (retval != ERROR_OK)
2697 retval = cfi_query_u16(bank, 0, 0x19, &cfi_info->alt_addr);
2698 if (retval != ERROR_OK)
2701 LOG_DEBUG("qry: '%c%c%c', pri_id: 0x%4.4x, pri_addr: 0x%4.4x, alt_id: "
2702 "0x%4.4x, alt_addr: 0x%4.4x", cfi_info->qry[0], cfi_info->qry[1],
2703 cfi_info->qry[2], cfi_info->pri_id, cfi_info->pri_addr,
2704 cfi_info->alt_id, cfi_info->alt_addr);
2706 retval = cfi_query_u8(bank, 0, 0x1b, &cfi_info->vcc_min);
2707 if (retval != ERROR_OK)
2709 retval = cfi_query_u8(bank, 0, 0x1c, &cfi_info->vcc_max);
2710 if (retval != ERROR_OK)
2712 retval = cfi_query_u8(bank, 0, 0x1d, &cfi_info->vpp_min);
2713 if (retval != ERROR_OK)
2715 retval = cfi_query_u8(bank, 0, 0x1e, &cfi_info->vpp_max);
2716 if (retval != ERROR_OK)
2719 retval = cfi_query_u8(bank, 0, 0x1f, &cfi_info->word_write_timeout_typ);
2720 if (retval != ERROR_OK)
2722 retval = cfi_query_u8(bank, 0, 0x20, &cfi_info->buf_write_timeout_typ);
2723 if (retval != ERROR_OK)
2725 retval = cfi_query_u8(bank, 0, 0x21, &cfi_info->block_erase_timeout_typ);
2726 if (retval != ERROR_OK)
2728 retval = cfi_query_u8(bank, 0, 0x22, &cfi_info->chip_erase_timeout_typ);
2729 if (retval != ERROR_OK)
2731 retval = cfi_query_u8(bank, 0, 0x23, &cfi_info->word_write_timeout_max);
2732 if (retval != ERROR_OK)
2734 retval = cfi_query_u8(bank, 0, 0x24, &cfi_info->buf_write_timeout_max);
2735 if (retval != ERROR_OK)
2737 retval = cfi_query_u8(bank, 0, 0x25, &cfi_info->block_erase_timeout_max);
2738 if (retval != ERROR_OK)
2740 retval = cfi_query_u8(bank, 0, 0x26, &cfi_info->chip_erase_timeout_max);
2741 if (retval != ERROR_OK)
2745 retval = cfi_query_u8(bank, 0, 0x27, &data);
2746 if (retval != ERROR_OK)
2748 cfi_info->dev_size = 1 << data;
2750 retval = cfi_query_u16(bank, 0, 0x28, &cfi_info->interface_desc);
2751 if (retval != ERROR_OK)
2753 retval = cfi_query_u16(bank, 0, 0x2a, &cfi_info->max_buf_write_size);
2754 if (retval != ERROR_OK)
2756 retval = cfi_query_u8(bank, 0, 0x2c, &cfi_info->num_erase_regions);
2757 if (retval != ERROR_OK)
2760 LOG_DEBUG("size: 0x%" PRIx32 ", interface desc: %i, max buffer write size: 0x%x",
2761 cfi_info->dev_size, cfi_info->interface_desc,
2762 (1 << cfi_info->max_buf_write_size));
2764 if (cfi_info->num_erase_regions) {
2765 cfi_info->erase_region_info = malloc(sizeof(*cfi_info->erase_region_info)
2766 * cfi_info->num_erase_regions);
2767 for (i = 0; i < cfi_info->num_erase_regions; i++) {
2768 retval = cfi_query_u32(bank,
2771 &cfi_info->erase_region_info[i]);
2772 if (retval != ERROR_OK)
2775 "erase region[%i]: %" PRIu32 " blocks of size 0x%" PRIx32 "",
2777 (cfi_info->erase_region_info[i] & 0xffff) + 1,
2778 (cfi_info->erase_region_info[i] >> 16) * 256);
2781 cfi_info->erase_region_info = NULL;
2783 /* We need to read the primary algorithm extended query table before calculating
2784 * the sector layout to be able to apply fixups
2786 switch (cfi_info->pri_id) {
2787 /* Intel command set (standard and extended) */
2790 cfi_read_intel_pri_ext(bank);
2792 /* AMD/Spansion, Atmel, ... command set */
2794 cfi_info->status_poll_mask = CFI_STATUS_POLL_MASK_DQ5_DQ6_DQ7; /*
2801 cfi_read_0002_pri_ext(bank);
2804 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2808 /* return to read array mode
2809 * we use both reset commands, as some Intel flashes fail to recognize the 0xF0 command
2811 retval = cfi_reset(bank);
2812 if (retval != ERROR_OK)
2814 } /* end CFI case */
2816 LOG_DEBUG("Vcc min: %x.%x, Vcc max: %x.%x, Vpp min: %u.%x, Vpp max: %u.%x",
2817 (cfi_info->vcc_min & 0xf0) >> 4, cfi_info->vcc_min & 0x0f,
2818 (cfi_info->vcc_max & 0xf0) >> 4, cfi_info->vcc_max & 0x0f,
2819 (cfi_info->vpp_min & 0xf0) >> 4, cfi_info->vpp_min & 0x0f,
2820 (cfi_info->vpp_max & 0xf0) >> 4, cfi_info->vpp_max & 0x0f);
2822 LOG_DEBUG("typ. word write timeout: %u us, typ. buf write timeout: %u us, "
2823 "typ. block erase timeout: %u ms, typ. chip erase timeout: %u ms",
2824 1 << cfi_info->word_write_timeout_typ, 1 << cfi_info->buf_write_timeout_typ,
2825 1 << cfi_info->block_erase_timeout_typ, 1 << cfi_info->chip_erase_timeout_typ);
2827 LOG_DEBUG("max. word write timeout: %u us, max. buf write timeout: %u us, "
2828 "max. block erase timeout: %u ms, max. chip erase timeout: %u ms",
2829 (1 << cfi_info->word_write_timeout_max) * (1 << cfi_info->word_write_timeout_typ),
2830 (1 << cfi_info->buf_write_timeout_max) * (1 << cfi_info->buf_write_timeout_typ),
2831 (1 << cfi_info->block_erase_timeout_max) * (1 << cfi_info->block_erase_timeout_typ),
2832 (1 << cfi_info->chip_erase_timeout_max) * (1 << cfi_info->chip_erase_timeout_typ));
2834 /* convert timeouts to real values in ms */
2835 cfi_info->word_write_timeout = DIV_ROUND_UP((1L << cfi_info->word_write_timeout_typ) *
2836 (1L << cfi_info->word_write_timeout_max), 1000);
2837 cfi_info->buf_write_timeout = DIV_ROUND_UP((1L << cfi_info->buf_write_timeout_typ) *
2838 (1L << cfi_info->buf_write_timeout_max), 1000);
2839 cfi_info->block_erase_timeout = (1L << cfi_info->block_erase_timeout_typ) *
2840 (1L << cfi_info->block_erase_timeout_max);
2841 cfi_info->chip_erase_timeout = (1L << cfi_info->chip_erase_timeout_typ) *
2842 (1L << cfi_info->chip_erase_timeout_max);
2844 LOG_DEBUG("calculated word write timeout: %u ms, buf write timeout: %u ms, "
2845 "block erase timeout: %u ms, chip erase timeout: %u ms",
2846 cfi_info->word_write_timeout, cfi_info->buf_write_timeout,
2847 cfi_info->block_erase_timeout, cfi_info->chip_erase_timeout);
2849 /* apply fixups depending on the primary command set */
2850 switch (cfi_info->pri_id) {
2851 /* Intel command set (standard and extended) */
2854 cfi_fixup(bank, cfi_0001_fixups);
2856 /* AMD/Spansion, Atmel, ... command set */
2858 cfi_fixup(bank, cfi_0002_fixups);
2861 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2865 if ((cfi_info->dev_size * bank->bus_width / bank->chip_width) != bank->size) {
2866 LOG_WARNING("configuration specifies 0x%" PRIx32 " size, but a 0x%" PRIx32
2867 " size flash was found", bank->size, cfi_info->dev_size);
2870 if (cfi_info->num_erase_regions == 0) {
2871 /* a device might have only one erase block, spanning the whole device */
2872 bank->num_sectors = 1;
2873 bank->sectors = malloc(sizeof(struct flash_sector));
2875 bank->sectors[sector].offset = 0x0;
2876 bank->sectors[sector].size = bank->size;
2877 bank->sectors[sector].is_erased = -1;
2878 bank->sectors[sector].is_protected = -1;
2880 uint32_t offset = 0;
2882 for (i = 0; i < cfi_info->num_erase_regions; i++)
2883 num_sectors += (cfi_info->erase_region_info[i] & 0xffff) + 1;
2885 bank->num_sectors = num_sectors;
2886 bank->sectors = malloc(sizeof(struct flash_sector) * num_sectors);
2888 for (i = 0; i < cfi_info->num_erase_regions; i++) {
2890 for (j = 0; j < (cfi_info->erase_region_info[i] & 0xffff) + 1; j++) {
2891 bank->sectors[sector].offset = offset;
2892 bank->sectors[sector].size =
2893 ((cfi_info->erase_region_info[i] >> 16) * 256)
2894 * bank->bus_width / bank->chip_width;
2895 offset += bank->sectors[sector].size;
2896 bank->sectors[sector].is_erased = -1;
2897 bank->sectors[sector].is_protected = -1;
2901 if (offset != (cfi_info->dev_size * bank->bus_width / bank->chip_width)) {
2903 "CFI size is 0x%" PRIx32 ", but total sector size is 0x%" PRIx32 "", \
2904 (cfi_info->dev_size * bank->bus_width / bank->chip_width),
2909 cfi_info->probed = 1;
2914 static int cfi_auto_probe(struct flash_bank *bank)
2916 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2917 if (cfi_info->probed)
2919 return cfi_probe(bank);
2922 static int cfi_intel_protect_check(struct flash_bank *bank)
2925 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2926 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
2929 /* check if block lock bits are supported on this device */
2930 if (!(pri_ext->blk_status_reg_mask & 0x1))
2931 return ERROR_FLASH_OPERATION_FAILED;
2933 retval = cfi_send_command(bank, 0x90, flash_address(bank, 0, 0x55));
2934 if (retval != ERROR_OK)
2937 for (i = 0; i < bank->num_sectors; i++) {
2938 uint8_t block_status;
2939 retval = cfi_get_u8(bank, i, 0x2, &block_status);
2940 if (retval != ERROR_OK)
2943 if (block_status & 1)
2944 bank->sectors[i].is_protected = 1;
2946 bank->sectors[i].is_protected = 0;
2949 return cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
2952 static int cfi_spansion_protect_check(struct flash_bank *bank)
2955 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2956 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2959 retval = cfi_send_command(bank, 0xaa, flash_address(bank, 0, pri_ext->_unlock1));
2960 if (retval != ERROR_OK)
2963 retval = cfi_send_command(bank, 0x55, flash_address(bank, 0, pri_ext->_unlock2));
2964 if (retval != ERROR_OK)
2967 retval = cfi_send_command(bank, 0x90, flash_address(bank, 0, pri_ext->_unlock1));
2968 if (retval != ERROR_OK)
2971 for (i = 0; i < bank->num_sectors; i++) {
2972 uint8_t block_status;
2973 retval = cfi_get_u8(bank, i, 0x2, &block_status);
2974 if (retval != ERROR_OK)
2977 if (block_status & 1)
2978 bank->sectors[i].is_protected = 1;
2980 bank->sectors[i].is_protected = 0;
2983 return cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
2986 static int cfi_protect_check(struct flash_bank *bank)
2988 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2990 if (bank->target->state != TARGET_HALTED) {
2991 LOG_ERROR("Target not halted");
2992 return ERROR_TARGET_NOT_HALTED;
2995 if (cfi_info->qry[0] != 'Q')
2996 return ERROR_FLASH_BANK_NOT_PROBED;
2998 switch (cfi_info->pri_id) {
3001 return cfi_intel_protect_check(bank);
3004 return cfi_spansion_protect_check(bank);
3007 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
3014 static int get_cfi_info(struct flash_bank *bank, char *buf, int buf_size)
3017 struct cfi_flash_bank *cfi_info = bank->driver_priv;
3019 if (cfi_info->qry[0] == 0xff) {
3020 snprintf(buf, buf_size, "\ncfi flash bank not probed yet\n");
3024 if (cfi_info->not_cfi == 0)
3025 printed = snprintf(buf, buf_size, "\nCFI flash: ");
3027 printed = snprintf(buf, buf_size, "\nnon-CFI flash: ");
3029 buf_size -= printed;
3031 printed = snprintf(buf, buf_size, "mfr: 0x%4.4x, id:0x%4.4x\n\n",
3032 cfi_info->manufacturer, cfi_info->device_id);
3034 buf_size -= printed;
3036 printed = snprintf(buf, buf_size, "qry: '%c%c%c', pri_id: 0x%4.4x, pri_addr: "
3037 "0x%4.4x, alt_id: 0x%4.4x, alt_addr: 0x%4.4x\n",
3038 cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2],
3039 cfi_info->pri_id, cfi_info->pri_addr, cfi_info->alt_id, cfi_info->alt_addr);
3041 buf_size -= printed;
3043 printed = snprintf(buf, buf_size, "Vcc min: %x.%x, Vcc max: %x.%x, "
3044 "Vpp min: %u.%x, Vpp max: %u.%x\n",
3045 (cfi_info->vcc_min & 0xf0) >> 4, cfi_info->vcc_min & 0x0f,
3046 (cfi_info->vcc_max & 0xf0) >> 4, cfi_info->vcc_max & 0x0f,
3047 (cfi_info->vpp_min & 0xf0) >> 4, cfi_info->vpp_min & 0x0f,
3048 (cfi_info->vpp_max & 0xf0) >> 4, cfi_info->vpp_max & 0x0f);
3050 buf_size -= printed;
3052 printed = snprintf(buf, buf_size, "typ. word write timeout: %u us, "
3053 "typ. buf write timeout: %u us, "
3054 "typ. block erase timeout: %u ms, "
3055 "typ. chip erase timeout: %u ms\n",
3056 1 << cfi_info->word_write_timeout_typ,
3057 1 << cfi_info->buf_write_timeout_typ,
3058 1 << cfi_info->block_erase_timeout_typ,
3059 1 << cfi_info->chip_erase_timeout_typ);
3061 buf_size -= printed;
3063 printed = snprintf(buf,
3065 "max. word write timeout: %u us, "
3066 "max. buf write timeout: %u us, max. "
3067 "block erase timeout: %u ms, max. chip erase timeout: %u ms\n",
3069 cfi_info->word_write_timeout_max) * (1 << cfi_info->word_write_timeout_typ),
3071 cfi_info->buf_write_timeout_max) * (1 << cfi_info->buf_write_timeout_typ),
3073 cfi_info->block_erase_timeout_max) *
3074 (1 << cfi_info->block_erase_timeout_typ),
3076 cfi_info->chip_erase_timeout_max) *
3077 (1 << cfi_info->chip_erase_timeout_typ));
3079 buf_size -= printed;
3081 printed = snprintf(buf, buf_size, "size: 0x%" PRIx32 ", interface desc: %i, "
3082 "max buffer write size: 0x%x\n",
3084 cfi_info->interface_desc,
3085 1 << cfi_info->max_buf_write_size);
3087 buf_size -= printed;
3089 switch (cfi_info->pri_id) {
3092 cfi_intel_info(bank, buf, buf_size);
3095 cfi_spansion_info(bank, buf, buf_size);
3098 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
3105 static void cfi_fixup_0002_write_buffer(struct flash_bank *bank, const void *param)
3107 struct cfi_flash_bank *cfi_info = bank->driver_priv;
3109 /* disable write buffer for M29W128G */
3110 cfi_info->buf_write_timeout_typ = 0;
3113 struct flash_driver cfi_flash = {
3115 .flash_bank_command = cfi_flash_bank_command,
3117 .protect = cfi_protect,
3121 .auto_probe = cfi_auto_probe,
3122 /* FIXME: access flash at bus_width size */
3123 .erase_check = default_flash_blank_check,
3124 .protect_check = cfi_protect_check,
3125 .info = get_cfi_info,
3126 .free_driver_priv = default_flash_free_driver_priv,