10 #include <sys/types.h>
14 #include "stlink-common.h"
15 #include "uglylogging.h"
21 /* todo: stm32l15xxx flash memory, pm0062 manual */
23 /* stm32f FPEC flash controller interface, pm0063 manual */
24 // TODO - all of this needs to be abstracted out....
25 // STM32F05x is identical, based on RM0091 (DM00031936, Doc ID 018940 Rev 2, August 2012)
26 #define FLASH_REGS_ADDR 0x40022000
27 #define FLASH_REGS_SIZE 0x28
29 #define FLASH_ACR (FLASH_REGS_ADDR + 0x00)
30 #define FLASH_KEYR (FLASH_REGS_ADDR + 0x04)
31 #define FLASH_SR (FLASH_REGS_ADDR + 0x0c)
32 #define FLASH_CR (FLASH_REGS_ADDR + 0x10)
33 #define FLASH_AR (FLASH_REGS_ADDR + 0x14)
34 #define FLASH_OBR (FLASH_REGS_ADDR + 0x1c)
35 #define FLASH_WRPR (FLASH_REGS_ADDR + 0x20)
37 // For STM32F05x, the RDPTR_KEY may be wrong, but as it is not used anywhere...
38 #define FLASH_RDPTR_KEY 0x00a5
39 #define FLASH_KEY1 0x45670123
40 #define FLASH_KEY2 0xcdef89ab
42 #define FLASH_SR_BSY 0
43 #define FLASH_SR_EOP 5
46 #define FLASH_CR_PER 1
47 #define FLASH_CR_MER 2
48 #define FLASH_CR_STRT 6
49 #define FLASH_CR_LOCK 7
52 //32L = 32F1 same CoreID as 32F4!
53 #define STM32L_FLASH_REGS_ADDR ((uint32_t)0x40023c00)
54 #define STM32L_FLASH_ACR (STM32L_FLASH_REGS_ADDR + 0x00)
55 #define STM32L_FLASH_PECR (STM32L_FLASH_REGS_ADDR + 0x04)
56 #define STM32L_FLASH_PDKEYR (STM32L_FLASH_REGS_ADDR + 0x08)
57 #define STM32L_FLASH_PEKEYR (STM32L_FLASH_REGS_ADDR + 0x0c)
58 #define STM32L_FLASH_PRGKEYR (STM32L_FLASH_REGS_ADDR + 0x10)
59 #define STM32L_FLASH_OPTKEYR (STM32L_FLASH_REGS_ADDR + 0x14)
60 #define STM32L_FLASH_SR (STM32L_FLASH_REGS_ADDR + 0x18)
61 #define STM32L_FLASH_OBR (STM32L_FLASH_REGS_ADDR + 0x1c)
62 #define STM32L_FLASH_WRPR (STM32L_FLASH_REGS_ADDR + 0x20)
63 #define FLASH_L1_FPRG 10
64 #define FLASH_L1_PROG 3
66 //STM32L0x flash register base and offsets
68 #define STM32L0_FLASH_REGS_ADDR ((uint32_t)0x40022000)
69 #define FLASH_ACR_OFF ((uint32_t) 0x00)
70 #define FLASH_PECR_OFF ((uint32_t) 0x04)
71 #define FLASH_PDKEYR_OFF ((uint32_t) 0x08)
72 #define FLASH_PEKEYR_OFF ((uint32_t) 0x0c)
73 #define FLASH_PRGKEYR_OFF ((uint32_t) 0x10)
74 #define FLASH_OPTKEYR_OFF ((uint32_t) 0x14)
75 #define FLASH_SR_OFF ((uint32_t) 0x18)
76 #define FLASH_OBR_OFF ((uint32_t) 0x1c)
77 #define FLASH_WRPR_OFF ((uint32_t) 0x20)
82 #define FLASH_F4_REGS_ADDR ((uint32_t)0x40023c00)
83 #define FLASH_F4_KEYR (FLASH_F4_REGS_ADDR + 0x04)
84 #define FLASH_F4_OPT_KEYR (FLASH_F4_REGS_ADDR + 0x08)
85 #define FLASH_F4_SR (FLASH_F4_REGS_ADDR + 0x0c)
86 #define FLASH_F4_CR (FLASH_F4_REGS_ADDR + 0x10)
87 #define FLASH_F4_OPT_CR (FLASH_F4_REGS_ADDR + 0x14)
88 #define FLASH_F4_CR_STRT 16
89 #define FLASH_F4_CR_LOCK 31
90 #define FLASH_F4_CR_SER 1
91 #define FLASH_F4_CR_SNB 3
92 #define FLASH_F4_CR_SNB_MASK 0xf8
93 #define FLASH_F4_SR_BSY 16
95 #define L1_WRITE_BLOCK_SIZE 0x80
96 #define L0_WRITE_BLOCK_SIZE 0x40
98 void write_uint32(unsigned char* buf, uint32_t ui) {
99 if (!is_bigendian()) { // le -> le (don't swap)
100 buf[0] = ((unsigned char*) &ui)[0];
101 buf[1] = ((unsigned char*) &ui)[1];
102 buf[2] = ((unsigned char*) &ui)[2];
103 buf[3] = ((unsigned char*) &ui)[3];
105 buf[0] = ((unsigned char*) &ui)[3];
106 buf[1] = ((unsigned char*) &ui)[2];
107 buf[2] = ((unsigned char*) &ui)[1];
108 buf[3] = ((unsigned char*) &ui)[0];
112 void write_uint16(unsigned char* buf, uint16_t ui) {
113 if (!is_bigendian()) { // le -> le (don't swap)
114 buf[0] = ((unsigned char*) &ui)[0];
115 buf[1] = ((unsigned char*) &ui)[1];
117 buf[0] = ((unsigned char*) &ui)[1];
118 buf[1] = ((unsigned char*) &ui)[0];
122 uint32_t read_uint32(const unsigned char *c, const int pt) {
124 char *p = (char *) &ui;
126 if (!is_bigendian()) { // le -> le (don't swap)
140 static uint32_t __attribute__((unused)) read_flash_rdp(stlink_t *sl) {
141 return stlink_read_debug32(sl, FLASH_WRPR) & 0xff;
144 static inline uint32_t read_flash_wrpr(stlink_t *sl) {
145 return stlink_read_debug32(sl, FLASH_WRPR);
148 static inline uint32_t read_flash_obr(stlink_t *sl) {
149 return stlink_read_debug32(sl, FLASH_OBR);
152 static inline uint32_t read_flash_cr(stlink_t *sl) {
154 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||(sl->chip_id == STM32_CHIPID_F4_DE) ||
155 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
156 res = stlink_read_debug32(sl, FLASH_F4_CR);
158 res = stlink_read_debug32(sl, FLASH_CR);
160 fprintf(stdout, "CR:0x%x\n", res);
165 static inline unsigned int is_flash_locked(stlink_t *sl) {
166 /* return non zero for true */
167 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
168 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE) )
169 return read_flash_cr(sl) & (1 << FLASH_F4_CR_LOCK);
171 return read_flash_cr(sl) & (1 << FLASH_CR_LOCK);
174 static void unlock_flash(stlink_t *sl) {
175 /* the unlock sequence consists of 2 write cycles where
176 2 key values are written to the FLASH_KEYR register.
177 an invalid sequence results in a definitive lock of
178 the FPEC block until next reset.
180 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
181 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
182 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY1);
183 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY2);
185 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY1);
186 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY2);
191 static int unlock_flash_if(stlink_t *sl) {
192 /* unlock flash if already locked */
194 if (is_flash_locked(sl)) {
196 if (is_flash_locked(sl)) {
197 WLOG("Failed to unlock flash!\n");
201 DLOG("Successfully unlocked flash\n");
205 static void lock_flash(stlink_t *sl) {
206 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
207 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
208 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_F4_CR_LOCK);
209 stlink_write_debug32(sl, FLASH_F4_CR, n);
211 /* write to 1 only. reset by hw at unlock sequence */
212 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_CR_LOCK);
213 stlink_write_debug32(sl, FLASH_CR, n);
218 static void set_flash_cr_pg(stlink_t *sl) {
219 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
220 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
221 uint32_t x = read_flash_cr(sl);
222 x |= (1 << FLASH_CR_PG);
223 stlink_write_debug32(sl, FLASH_F4_CR, x);
225 const uint32_t n = 1 << FLASH_CR_PG;
226 stlink_write_debug32(sl, FLASH_CR, n);
230 static void __attribute__((unused)) clear_flash_cr_pg(stlink_t *sl) {
231 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PG);
232 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
233 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
234 stlink_write_debug32(sl, FLASH_F4_CR, n);
236 stlink_write_debug32(sl, FLASH_CR, n);
239 static void set_flash_cr_per(stlink_t *sl) {
240 const uint32_t n = 1 << FLASH_CR_PER;
241 stlink_write_debug32(sl, FLASH_CR, n);
244 static void __attribute__((unused)) clear_flash_cr_per(stlink_t *sl) {
245 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PER);
246 stlink_write_debug32(sl, FLASH_CR, n);
249 static void set_flash_cr_mer(stlink_t *sl) {
250 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
251 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
252 stlink_write_debug32(sl, FLASH_F4_CR,
253 stlink_read_debug32(sl, FLASH_F4_CR) | (1 << FLASH_CR_MER));
255 stlink_write_debug32(sl, FLASH_CR,
256 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_MER));
259 static void __attribute__((unused)) clear_flash_cr_mer(stlink_t *sl) {
260 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
261 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
262 stlink_write_debug32(sl, FLASH_F4_CR,
263 stlink_read_debug32(sl, FLASH_F4_CR) & ~(1 << FLASH_CR_MER));
265 stlink_write_debug32(sl, FLASH_CR,
266 stlink_read_debug32(sl, FLASH_CR) & ~(1 << FLASH_CR_MER));
269 static void set_flash_cr_strt(stlink_t *sl) {
270 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
271 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
272 uint32_t x = read_flash_cr(sl);
273 x |= (1 << FLASH_F4_CR_STRT);
274 stlink_write_debug32(sl, FLASH_F4_CR, x);
276 stlink_write_debug32(sl, FLASH_CR,
277 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_STRT) );
281 static inline uint32_t read_flash_acr(stlink_t *sl) {
282 return stlink_read_debug32(sl, FLASH_ACR);
285 static inline uint32_t read_flash_sr(stlink_t *sl) {
287 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
288 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
289 res = stlink_read_debug32(sl, FLASH_F4_SR);
291 res = stlink_read_debug32(sl, FLASH_SR);
292 //fprintf(stdout, "SR:0x%x\n", *(uint32_t*) sl->q_buf);
296 static inline unsigned int is_flash_busy(stlink_t *sl) {
297 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
298 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
299 return read_flash_sr(sl) & (1 << FLASH_F4_SR_BSY);
301 return read_flash_sr(sl) & (1 << FLASH_SR_BSY);
304 static void wait_flash_busy(stlink_t *sl) {
305 /* todo: add some delays here */
306 while (is_flash_busy(sl))
310 static void wait_flash_busy_progress(stlink_t *sl) {
312 fprintf(stdout, "Mass erasing");
314 while (is_flash_busy(sl)) {
318 fprintf(stdout, ".");
322 fprintf(stdout, "\n");
325 static inline unsigned int is_flash_eop(stlink_t *sl) {
326 return read_flash_sr(sl) & (1 << FLASH_SR_EOP);
329 static void __attribute__((unused)) clear_flash_sr_eop(stlink_t *sl) {
330 const uint32_t n = read_flash_sr(sl) & ~(1 << FLASH_SR_EOP);
331 stlink_write_debug32(sl, FLASH_SR, n);
334 static void __attribute__((unused)) wait_flash_eop(stlink_t *sl) {
335 /* todo: add some delays here */
336 while (is_flash_eop(sl) == 0)
340 static inline void write_flash_ar(stlink_t *sl, uint32_t n) {
341 stlink_write_debug32(sl, FLASH_AR, n);
344 static inline void write_flash_cr_psiz(stlink_t *sl, uint32_t n) {
345 uint32_t x = read_flash_cr(sl);
349 fprintf(stdout, "PSIZ:0x%x 0x%x\n", x, n);
351 stlink_write_debug32(sl, FLASH_F4_CR, x);
355 static inline void write_flash_cr_snb(stlink_t *sl, uint32_t n) {
356 uint32_t x = read_flash_cr(sl);
357 x &= ~FLASH_F4_CR_SNB_MASK;
358 x |= (n << FLASH_F4_CR_SNB);
359 x |= (1 << FLASH_F4_CR_SER);
361 fprintf(stdout, "SNB:0x%x 0x%x\n", x, n);
363 stlink_write_debug32(sl, FLASH_F4_CR, x);
366 // Delegates to the backends...
368 void stlink_close(stlink_t *sl) {
369 DLOG("*** stlink_close ***\n");
370 sl->backend->close(sl);
374 void stlink_exit_debug_mode(stlink_t *sl) {
375 DLOG("*** stlink_exit_debug_mode ***\n");
376 stlink_write_debug32(sl, DHCSR, DBGKEY);
377 sl->backend->exit_debug_mode(sl);
380 void stlink_enter_swd_mode(stlink_t *sl) {
381 DLOG("*** stlink_enter_swd_mode ***\n");
382 sl->backend->enter_swd_mode(sl);
385 // Force the core into the debug mode -> halted state.
386 void stlink_force_debug(stlink_t *sl) {
387 DLOG("*** stlink_force_debug_mode ***\n");
388 sl->backend->force_debug(sl);
391 void stlink_exit_dfu_mode(stlink_t *sl) {
392 DLOG("*** stlink_exit_dfu_mode ***\n");
393 sl->backend->exit_dfu_mode(sl);
396 uint32_t stlink_core_id(stlink_t *sl) {
397 DLOG("*** stlink_core_id ***\n");
398 sl->backend->core_id(sl);
400 stlink_print_data(sl);
401 DLOG("core_id = 0x%08x\n", sl->core_id);
405 uint32_t stlink_chip_id(stlink_t *sl) {
406 uint32_t chip_id = stlink_read_debug32(sl, 0xE0042000);
407 if (chip_id == 0) chip_id = stlink_read_debug32(sl, 0x40015800); //Try Corex M0 DBGMCU_IDCODE register address
412 * Cortex m3 tech ref manual, CPUID register description
413 * @param sl stlink context
414 * @param cpuid pointer to the result object
416 void stlink_cpu_id(stlink_t *sl, cortex_m3_cpuid_t *cpuid) {
417 uint32_t raw = stlink_read_debug32(sl, CM3_REG_CPUID);
418 cpuid->implementer_id = (raw >> 24) & 0x7f;
419 cpuid->variant = (raw >> 20) & 0xf;
420 cpuid->part = (raw >> 4) & 0xfff;
421 cpuid->revision = raw & 0xf;
426 * reads and decodes the flash parameters, as dynamically as possible
428 * @return 0 for success, or -1 for unsupported core type.
430 int stlink_load_device_params(stlink_t *sl) {
431 ILOG("Loading device parameters....\n");
432 const chip_params_t *params = NULL;
433 sl->core_id = stlink_core_id(sl);
434 uint32_t chip_id = stlink_chip_id(sl);
437 sl->chip_id = chip_id & 0xfff;
438 /* Fix chip_id for F4 rev A errata , Read CPU ID, as CoreID is the same for F2/F4*/
439 if (sl->chip_id == 0x411) {
440 uint32_t cpuid = stlink_read_debug32(sl, 0xE000ED00);
441 if ((cpuid & 0xfff0) == 0xc240)
445 for (size_t i = 0; i < sizeof(devices) / sizeof(devices[0]); i++) {
446 if(devices[i].chip_id == sl->chip_id) {
447 params = &devices[i];
451 if (params == NULL) {
452 WLOG("unknown chip id! %#x\n", chip_id);
456 // These are fixed...
457 sl->flash_base = STM32_FLASH_BASE;
458 sl->sram_base = STM32_SRAM_BASE;
459 flash_size = stlink_read_debug32(sl,(params->flash_size_reg) & ~3);
460 if (params->flash_size_reg & 2)
461 flash_size = flash_size >>16;
462 flash_size = flash_size & 0xffff;
464 if ((sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS) && ( flash_size == 0 )) {
465 sl->flash_size = 128 * 1024;
466 } else if ((sl->chip_id & 0xFFF) == STM32_CHIPID_L1_HIGH) {
467 // 0 is 384k and 1 is 256k
468 if ( flash_size == 0 ) {
469 sl->flash_size = 384 * 1024;
471 sl->flash_size = 256 * 1024;
474 sl->flash_size = flash_size * 1024;
476 sl->flash_pgsz = params->flash_pagesize;
477 sl->sram_size = params->sram_size;
478 sl->sys_base = params->bootrom_base;
479 sl->sys_size = params->bootrom_size;
481 //medium and low devices have the same chipid. ram size depends on flash size.
482 //STM32F100xx datasheet Doc ID 16455 Table 2
483 if(sl->chip_id == STM32_CHIPID_F1_VL_MEDIUM_LOW && sl->flash_size < 64 * 1024){
484 sl->sram_size = 0x1000;
487 ILOG("Device connected is: %s, id %#x\n", params->description, chip_id);
488 // TODO make note of variable page size here.....
489 ILOG("SRAM size: %#x bytes (%d KiB), Flash: %#x bytes (%d KiB) in pages of %zd bytes\n",
490 sl->sram_size, sl->sram_size / 1024, sl->flash_size, sl->flash_size / 1024,
495 void stlink_reset(stlink_t *sl) {
496 DLOG("*** stlink_reset ***\n");
497 sl->backend->reset(sl);
500 void stlink_jtag_reset(stlink_t *sl, int value) {
501 DLOG("*** stlink_jtag_reset ***\n");
502 sl->backend->jtag_reset(sl, value);
505 void stlink_run(stlink_t *sl) {
506 DLOG("*** stlink_run ***\n");
507 sl->backend->run(sl);
510 void stlink_status(stlink_t *sl) {
511 DLOG("*** stlink_status ***\n");
512 sl->backend->status(sl);
513 stlink_core_stat(sl);
517 * Decode the version bits, originally from -sg, verified with usb
518 * @param sl stlink context, assumed to contain valid data in the buffer
519 * @param slv output parsed version object
521 void _parse_version(stlink_t *sl, stlink_version_t *slv) {
522 uint32_t b0 = sl->q_buf[0]; //lsb
523 uint32_t b1 = sl->q_buf[1];
524 uint32_t b2 = sl->q_buf[2];
525 uint32_t b3 = sl->q_buf[3];
526 uint32_t b4 = sl->q_buf[4];
527 uint32_t b5 = sl->q_buf[5]; //msb
529 // b0 b1 || b2 b3 | b4 b5
530 // 4b | 6b | 6b || 2B | 2B
531 // stlink_v | jtag_v | swim_v || st_vid | stlink_pid
533 slv->stlink_v = (b0 & 0xf0) >> 4;
534 slv->jtag_v = ((b0 & 0x0f) << 2) | ((b1 & 0xc0) >> 6);
535 slv->swim_v = b1 & 0x3f;
536 slv->st_vid = (b3 << 8) | b2;
537 slv->stlink_pid = (b5 << 8) | b4;
541 void stlink_version(stlink_t *sl) {
542 DLOG("*** looking up stlink version\n");
543 sl->backend->version(sl);
544 _parse_version(sl, &sl->version);
546 DLOG("st vid = 0x%04x (expect 0x%04x)\n", sl->version.st_vid, USB_ST_VID);
547 DLOG("stlink pid = 0x%04x\n", sl->version.stlink_pid);
548 DLOG("stlink version = 0x%x\n", sl->version.stlink_v);
549 DLOG("jtag version = 0x%x\n", sl->version.jtag_v);
550 DLOG("swim version = 0x%x\n", sl->version.swim_v);
551 if (sl->version.jtag_v == 0) {
552 DLOG(" notice: the firmware doesn't support a jtag/swd interface\n");
554 if (sl->version.swim_v == 0) {
555 DLOG(" notice: the firmware doesn't support a swim interface\n");
559 int stlink_target_voltage(stlink_t *sl) {
561 DLOG("*** reading target voltage\n");
562 if (sl->backend->target_voltage != NULL) {
563 voltage = sl->backend->target_voltage(sl);
565 DLOG("target voltage = %ldmV\n", voltage);
567 DLOG("error reading target voltage\n");
570 DLOG("reading voltage not supported by backend\n");
575 uint32_t stlink_read_debug32(stlink_t *sl, uint32_t addr) {
576 uint32_t data = sl->backend->read_debug32(sl, addr);
577 DLOG("*** stlink_read_debug32 %x is %#x\n", data, addr);
581 void stlink_write_debug32(stlink_t *sl, uint32_t addr, uint32_t data) {
582 DLOG("*** stlink_write_debug32 %x to %#x\n", data, addr);
583 sl->backend->write_debug32(sl, addr, data);
586 void stlink_write_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
587 DLOG("*** stlink_write_mem32 %u bytes to %#x\n", len, addr);
589 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n", len % 4);
592 sl->backend->write_mem32(sl, addr, len);
595 void stlink_read_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
596 DLOG("*** stlink_read_mem32 ***\n");
597 if (len % 4 != 0) { // !!! never ever: fw gives just wrong values
598 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n",
602 sl->backend->read_mem32(sl, addr, len);
605 void stlink_write_mem8(stlink_t *sl, uint32_t addr, uint16_t len) {
606 DLOG("*** stlink_write_mem8 ***\n");
607 if (len > 0x40 ) { // !!! never ever: Writing more then 0x40 bytes gives unexpected behaviour
608 fprintf(stderr, "Error: Data length > 64: +%d byte.\n",
612 sl->backend->write_mem8(sl, addr, len);
615 void stlink_read_all_regs(stlink_t *sl, reg *regp) {
616 DLOG("*** stlink_read_all_regs ***\n");
617 sl->backend->read_all_regs(sl, regp);
620 void stlink_read_all_unsupported_regs(stlink_t *sl, reg *regp) {
621 DLOG("*** stlink_read_all_unsupported_regs ***\n");
622 sl->backend->read_all_unsupported_regs(sl, regp);
625 void stlink_write_reg(stlink_t *sl, uint32_t reg, int idx) {
626 DLOG("*** stlink_write_reg\n");
627 sl->backend->write_reg(sl, reg, idx);
630 void stlink_read_reg(stlink_t *sl, int r_idx, reg *regp) {
631 DLOG("*** stlink_read_reg\n");
632 DLOG(" (%d) ***\n", r_idx);
634 if (r_idx > 20 || r_idx < 0) {
635 fprintf(stderr, "Error: register index must be in [0..20]\n");
639 sl->backend->read_reg(sl, r_idx, regp);
642 void stlink_read_unsupported_reg(stlink_t *sl, int r_idx, reg *regp) {
645 DLOG("*** stlink_read_unsupported_reg\n");
646 DLOG(" (%d) ***\n", r_idx);
648 /* Convert to values used by DCRSR */
649 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
651 } else if (r_idx == 0x40) { /* FPSCR */
653 } else if (r_idx >= 0x20 && r_idx < 0x40) {
654 r_convert = 0x40 + (r_idx - 0x20);
656 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
660 sl->backend->read_unsupported_reg(sl, r_convert, regp);
663 void stlink_write_unsupported_reg(stlink_t *sl, uint32_t val, int r_idx, reg *regp) {
666 DLOG("*** stlink_write_unsupported_reg\n");
667 DLOG(" (%d) ***\n", r_idx);
669 /* Convert to values used by DCRSR */
670 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
671 r_convert = r_idx; /* The backend function handles this */
672 } else if (r_idx == 0x40) { /* FPSCR */
674 } else if (r_idx >= 0x20 && r_idx < 0x40) {
675 r_convert = 0x40 + (r_idx - 0x20);
677 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
681 sl->backend->write_unsupported_reg(sl, val, r_convert, regp);
684 unsigned int is_core_halted(stlink_t *sl) {
685 /* return non zero if core is halted */
687 return sl->q_buf[0] == STLINK_CORE_HALTED;
690 void stlink_step(stlink_t *sl) {
691 DLOG("*** stlink_step ***\n");
692 sl->backend->step(sl);
695 int stlink_current_mode(stlink_t *sl) {
696 int mode = sl->backend->current_mode(sl);
698 case STLINK_DEV_DFU_MODE:
699 DLOG("stlink current mode: dfu\n");
701 case STLINK_DEV_DEBUG_MODE:
702 DLOG("stlink current mode: debug (jtag or swd)\n");
704 case STLINK_DEV_MASS_MODE:
705 DLOG("stlink current mode: mass\n");
708 DLOG("stlink mode: unknown!\n");
709 return STLINK_DEV_UNKNOWN_MODE;
715 // End of delegates.... Common code below here...
718 // http://www.ibm.com/developerworks/aix/library/au-endianc/index.html
720 // #define is_bigendian() ( (*(char*)&i) == 0 )
722 inline unsigned int is_bigendian(void) {
723 static volatile const unsigned int i = 1;
724 return *(volatile const char*) &i == 0;
727 uint16_t read_uint16(const unsigned char *c, const int pt) {
729 char *p = (char *) &ui;
731 if (!is_bigendian()) { // le -> le (don't swap)
741 // same as above with entrypoint.
743 void stlink_run_at(stlink_t *sl, stm32_addr_t addr) {
744 stlink_write_reg(sl, addr, 15); /* pc register */
748 while (is_core_halted(sl) == 0)
752 void stlink_core_stat(stlink_t *sl) {
756 switch (sl->q_buf[0]) {
757 case STLINK_CORE_RUNNING:
758 sl->core_stat = STLINK_CORE_RUNNING;
759 DLOG(" core status: running\n");
761 case STLINK_CORE_HALTED:
762 sl->core_stat = STLINK_CORE_HALTED;
763 DLOG(" core status: halted\n");
766 sl->core_stat = STLINK_CORE_STAT_UNKNOWN;
767 fprintf(stderr, " core status: unknown\n");
771 void stlink_print_data(stlink_t * sl) {
772 if (sl->q_len <= 0 || sl->verbose < UDEBUG)
775 fprintf(stdout, "data_len = %d 0x%x\n", sl->q_len, sl->q_len);
777 for (int i = 0; i < sl->q_len; i++) {
780 if (sl->q_data_dir == Q_DATA_OUT)
781 fprintf(stdout, "\n<- 0x%08x ", sl->q_addr + i);
783 fprintf(stdout, "\n-> 0x%08x ", sl->q_addr + i);
786 fprintf(stdout, " %02x", (unsigned int) sl->q_buf[i]);
788 fputs("\n\n", stdout);
791 /* memory mapped file */
793 typedef struct mapped_file {
798 #define MAPPED_FILE_INITIALIZER { NULL, 0 }
800 static int map_file(mapped_file_t* mf, const char* path) {
804 const int fd = open(path, O_RDONLY | O_BINARY);
806 fprintf(stderr, "open(%s) == -1\n", path);
810 if (fstat(fd, &st) == -1) {
811 fprintf(stderr, "fstat() == -1\n");
815 mf->base = (uint8_t*) mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
816 if (mf->base == MAP_FAILED) {
817 fprintf(stderr, "mmap() == MAP_FAILED\n");
821 mf->len = st.st_size;
832 static void unmap_file(mapped_file_t * mf) {
833 munmap((void*) mf->base, mf->len);
834 mf->base = (unsigned char*) MAP_FAILED;
838 /* Limit the block size to compare to 0x1800
839 Anything larger will stall the STLINK2
840 Maybe STLINK V1 needs smaller value!*/
841 static int check_file(stlink_t* sl, mapped_file_t* mf, stm32_addr_t addr) {
843 size_t n_cmp = sl->flash_pgsz;
847 for (off = 0; off < mf->len; off += n_cmp) {
850 /* adjust last page size */
851 size_t cmp_size = n_cmp;
852 if ((off + n_cmp) > mf->len)
853 cmp_size = mf->len - off;
855 aligned_size = cmp_size;
856 if (aligned_size & (4 - 1))
857 aligned_size = (cmp_size + 4) & ~(4 - 1);
859 stlink_read_mem32(sl, addr + off, aligned_size);
861 if (memcmp(sl->q_buf, mf->base + off, cmp_size))
868 int stlink_fwrite_sram
869 (stlink_t * sl, const char* path, stm32_addr_t addr) {
870 /* write the file in sram at addr */
874 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
877 if (map_file(&mf, path) == -1) {
878 fprintf(stderr, "map_file() == -1\n");
882 /* check addr range is inside the sram */
883 if (addr < sl->sram_base) {
884 fprintf(stderr, "addr too low\n");
886 } else if ((addr + mf.len) < addr) {
887 fprintf(stderr, "addr overruns\n");
889 } else if ((addr + mf.len) > (sl->sram_base + sl->sram_size)) {
890 fprintf(stderr, "addr too high\n");
892 } else if ((addr & 3) || (mf.len & 3)) {
894 fprintf(stderr, "unaligned addr or size\n");
897 /* do the copy by 1k blocks */
898 for (off = 0; off < mf.len; off += 1024) {
900 if ((off + size) > mf.len)
903 memcpy(sl->q_buf, mf.base + off, size);
905 /* round size if needed */
909 stlink_write_mem32(sl, addr + off, size);
912 /* check the file ha been written */
913 if (check_file(sl, &mf, addr) == -1) {
914 fprintf(stderr, "check_file() == -1\n");
921 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
922 /* Set PC to the reset routine*/
923 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
931 int stlink_fread(stlink_t* sl, const char* path, stm32_addr_t addr, size_t size) {
932 /* read size bytes from addr to file */
937 unsigned char erased_pattern = (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
938 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE) ? 0:0xff;
940 const int fd = open(path, O_RDWR | O_TRUNC | O_CREAT, 00700);
942 fprintf(stderr, "open(%s) == -1\n", path);
947 size = sl->flash_size;
949 if (size > sl->flash_size)
950 size = sl->flash_size;
952 /* do the copy by 1k blocks */
953 for (off = 0; off < size; off += 1024) {
954 size_t read_size = 1024;
957 if ((off + read_size) > size)
958 read_size = size - off;
960 /* round size if needed */
961 rounded_size = read_size;
962 if (rounded_size & 3)
963 rounded_size = (rounded_size + 4) & ~(3);
965 stlink_read_mem32(sl, addr + off, rounded_size);
967 for(index = 0; index < read_size; index ++) {
968 if (sl->q_buf[index] == erased_pattern)
973 if (write(fd, sl->q_buf, read_size) != (ssize_t) read_size) {
974 fprintf(stderr, "write() != read_size\n");
979 /* Ignore NULL Bytes at end of file */
980 if (!ftruncate(fd, size - num_empty)) {
993 int write_buffer_to_sram(stlink_t *sl, flash_loader_t* fl, const uint8_t* buf, size_t size) {
994 /* write the buffer right after the loader */
995 size_t chunk = size & ~0x3;
996 size_t rem = size & 0x3;
998 memcpy(sl->q_buf, buf, chunk);
999 stlink_write_mem32(sl, fl->buf_addr, chunk);
1002 memcpy(sl->q_buf, buf+chunk, rem);
1003 stlink_write_mem8(sl, (fl->buf_addr)+chunk, rem);
1008 uint32_t calculate_F4_sectornum(uint32_t flashaddr){
1009 uint32_t offset = 0;
1010 flashaddr &= ~STM32_FLASH_BASE; //Page now holding the actual flash address
1011 if (flashaddr >= 0x100000) {
1013 flashaddr -= 0x100000;
1015 if (flashaddr<0x4000) return (offset + 0);
1016 else if(flashaddr<0x8000) return(offset + 1);
1017 else if(flashaddr<0xc000) return(offset + 2);
1018 else if(flashaddr<0x10000) return(offset + 3);
1019 else if(flashaddr<0x20000) return(offset + 4);
1020 else return offset + (flashaddr/0x20000) +4;
1024 uint32_t stlink_calculate_pagesize(stlink_t *sl, uint32_t flashaddr){
1025 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1026 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
1027 uint32_t sector=calculate_F4_sectornum(flashaddr);
1031 if (sector<4) sl->flash_pgsz=0x4000;
1032 else if(sector<5) sl->flash_pgsz=0x10000;
1033 else sl->flash_pgsz=0x20000;
1035 return (sl->flash_pgsz);
1039 * Erase a page of flash, assumes sl is fully populated with things like chip/core ids
1040 * @param sl stlink context
1041 * @param flashaddr an address in the flash page to erase
1042 * @return 0 on success -ve on failure
1044 int stlink_erase_flash_page(stlink_t *sl, stm32_addr_t flashaddr)
1046 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1047 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
1048 /* wait for ongoing op to finish */
1049 wait_flash_busy(sl);
1051 /* unlock if locked */
1052 unlock_flash_if(sl);
1054 /* select the page to erase */
1055 // calculate the actual page from the address
1056 uint32_t sector=calculate_F4_sectornum(flashaddr);
1058 fprintf(stderr, "EraseFlash - Sector:0x%x Size:0x%x\n", sector, stlink_calculate_pagesize(sl, flashaddr));
1060 //the SNB values for flash sectors in the second bank do not directly follow the values for the first bank on 2mb devices...
1061 if (sector >= 12) sector += 4;
1063 write_flash_cr_snb(sl, sector);
1065 /* start erase operation */
1066 set_flash_cr_strt(sl);
1068 /* wait for completion */
1069 wait_flash_busy(sl);
1071 /* relock the flash */
1072 //todo: fails to program if this is in
1075 fprintf(stdout, "Erase Final CR:0x%x\n", read_flash_cr(sl));
1077 } else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1078 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE
1079 || sl->chip_id == STM32_CHIPID_L0) {
1082 uint32_t flash_regs_base;
1083 if (sl->chip_id == STM32_CHIPID_L0) {
1084 flash_regs_base = STM32L0_FLASH_REGS_ADDR;
1086 flash_regs_base = STM32L_FLASH_REGS_ADDR;
1089 /* check if the locks are set */
1090 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1091 if((val & (1<<0))||(val & (1<<1))) {
1092 /* disable pecr protection */
1093 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x89abcdef);
1094 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x02030405);
1096 /* check pecr.pelock is cleared */
1097 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1098 if (val & (1 << 0)) {
1099 WLOG("pecr.pelock not clear (%#x)\n", val);
1103 /* unlock program memory */
1104 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x8c9daebf);
1105 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x13141516);
1107 /* check pecr.prglock is cleared */
1108 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1109 if (val & (1 << 1)) {
1110 WLOG("pecr.prglock not clear (%#x)\n", val);
1115 /* set pecr.{erase,prog} */
1116 val |= (1 << 9) | (1 << 3);
1117 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1118 #if 0 /* fix_to_be_confirmed */
1120 /* wait for sr.busy to be cleared
1121 * MP: Test shows that busy bit is not set here. Perhaps, PM0062 is
1122 * wrong and we do not need to wait here for clearing the busy bit.
1123 * TEXANE: ok, if experience says so and it works for you, we comment
1124 * it. If someone has a problem, please drop an email.
1126 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1129 #endif /* fix_to_be_confirmed */
1131 /* write 0 to the first word of the page to be erased */
1132 stlink_write_debug32(sl, flashaddr, 0);
1134 /* MP: It is better to wait for clearing the busy bit after issuing
1135 page erase command, even though PM0062 recommends to wait before it.
1136 Test shows that a few iterations is performed in the following loop
1137 before busy bit is cleared.*/
1138 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0)
1141 /* reset lock bits */
1142 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF)
1143 | (1 << 0) | (1 << 1) | (1 << 2);
1144 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1145 } else if (sl->core_id == STM32VL_CORE_ID
1146 || sl->core_id == STM32F0_CORE_ID
1147 || sl->chip_id == STM32_CHIPID_F3
1148 || sl->chip_id == STM32_CHIPID_F303_HIGH
1149 || sl->chip_id == STM32_CHIPID_F37x
1150 || sl->chip_id == STM32_CHIPID_F334) {
1151 /* wait for ongoing op to finish */
1152 wait_flash_busy(sl);
1154 /* unlock if locked */
1155 unlock_flash_if(sl);
1157 /* set the page erase bit */
1158 set_flash_cr_per(sl);
1160 /* select the page to erase */
1161 write_flash_ar(sl, flashaddr);
1163 /* start erase operation, reset by hw with bsy bit */
1164 set_flash_cr_strt(sl);
1166 /* wait for completion */
1167 wait_flash_busy(sl);
1169 /* relock the flash */
1172 WLOG("unknown coreid %x, page erase failed\n", sl->core_id);
1176 /* todo: verify the erased page */
1181 int stlink_erase_flash_mass(stlink_t *sl) {
1182 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1183 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE
1184 || sl->chip_id == STM32_CHIPID_L0) {
1185 /* erase each page */
1186 int i = 0, num_pages = sl->flash_size/sl->flash_pgsz;
1187 for (i = 0; i < num_pages; i++) {
1188 /* addr must be an addr inside the page */
1189 stm32_addr_t addr = sl->flash_base + i * sl->flash_pgsz;
1190 if (stlink_erase_flash_page(sl, addr) == -1) {
1191 WLOG("Failed to erase_flash_page(%#zx) == -1\n", addr);
1194 fprintf(stdout,"\rFlash page at %5d/%5d erased", i, num_pages);
1197 fprintf(stdout, "\n");
1199 /* wait for ongoing op to finish */
1200 wait_flash_busy(sl);
1202 /* unlock if locked */
1203 unlock_flash_if(sl);
1205 /* set the mass erase bit */
1206 set_flash_cr_mer(sl);
1208 /* start erase operation, reset by hw with bsy bit */
1209 set_flash_cr_strt(sl);
1211 /* wait for completion */
1212 wait_flash_busy_progress(sl);
1214 /* relock the flash */
1217 /* todo: verify the erased memory */
1222 int init_flash_loader(stlink_t *sl, flash_loader_t* fl) {
1225 /* allocate the loader in sram */
1226 if (write_loader_to_sram(sl, &fl->loader_addr, &size) == -1) {
1227 WLOG("Failed to write flash loader to sram!\n");
1231 /* allocate a one page buffer in sram right after loader */
1232 fl->buf_addr = fl->loader_addr + size;
1233 ILOG("Successfully loaded flash loader in sram\n");
1237 int write_loader_to_sram(stlink_t *sl, stm32_addr_t* addr, size_t* size) {
1238 /* from openocd, contrib/loaders/flash/stm32.s */
1239 static const uint8_t loader_code_stm32vl[] = {
1240 0x08, 0x4c, /* ldr r4, STM32_FLASH_BASE */
1241 0x1c, 0x44, /* add r4, r3 */
1242 /* write_half_word: */
1243 0x01, 0x23, /* movs r3, #0x01 */
1244 0x23, 0x61, /* str r3, [r4, #STM32_FLASH_CR_OFFSET] */
1245 0x30, 0xf8, 0x02, 0x3b, /* ldrh r3, [r0], #0x02 */
1246 0x21, 0xf8, 0x02, 0x3b, /* strh r3, [r1], #0x02 */
1248 0xe3, 0x68, /* ldr r3, [r4, #STM32_FLASH_SR_OFFSET] */
1249 0x13, 0xf0, 0x01, 0x0f, /* tst r3, #0x01 */
1250 0xfb, 0xd0, /* beq busy */
1251 0x13, 0xf0, 0x14, 0x0f, /* tst r3, #0x14 */
1252 0x01, 0xd1, /* bne exit */
1253 0x01, 0x3a, /* subs r2, r2, #0x01 */
1254 0xf0, 0xd1, /* bne write_half_word */
1256 0x00, 0xbe, /* bkpt #0x00 */
1257 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1260 /* flashloaders/stm32f0.s -- thumb1 only, same sequence as for STM32VL, bank ignored */
1261 static const uint8_t loader_code_stm32f0[] = {
1264 * These two NOPs here are a safety precaution, added by Pekka Nikander
1265 * while debugging the STM32F05x support. They may not be needed, but
1266 * there were strange problems with simpler programs, like a program
1267 * that had just a breakpoint or a program that first moved zero to register r2
1268 * and then had a breakpoint. So, it appears safest to have these two nops.
1270 * Feel free to remove them, if you dare, but then please do test the result
1271 * rigorously. Also, if you remove these, it may be a good idea first to
1272 * #if 0 them out, with a comment when these were taken out, and to remove
1273 * these only a few months later... But YMMV.
1275 0x00, 0x30, // nop /* add r0,#0 */
1276 0x00, 0x30, // nop /* add r0,#0 */
1278 0x0A, 0x4C, // ldr r4, STM32_FLASH_BASE
1279 0x01, 0x25, // mov r5, #1 /* FLASH_CR_PG, FLASH_SR_BUSY */
1280 0x04, 0x26, // mov r6, #4 /* PGERR */
1282 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1283 0x2B, 0x43, // orr r3, r5
1284 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR |= FLASH_CR_PG */
1285 0x03, 0x88, // ldrh r3, [r0] /* r3 = *sram */
1286 0x0B, 0x80, // strh r3, [r1] /* *flash = r3 */
1288 0xE3, 0x68, // ldr r3, [r4, #12] /* FLASH->SR */
1289 0x2B, 0x42, // tst r3, r5 /* FLASH_SR_BUSY */
1290 0xFC, 0xD0, // beq busy
1292 0x33, 0x42, // tst r3, r6 /* PGERR */
1293 0x04, 0xD1, // bne exit
1295 0x02, 0x30, // add r0, r0, #2 /* sram += 2 */
1296 0x02, 0x31, // add r1, r1, #2 /* flash += 2 */
1297 0x01, 0x3A, // sub r2, r2, #0x01 /* count-- */
1298 0x00, 0x2A, // cmp r2, #0
1299 0xF0, 0xD1, // bne write_half_word
1301 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1302 0xAB, 0x43, // bic r3, r5
1303 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR &= ~FLASH_CR_PG */
1304 0x00, 0xBE, // bkpt #0x00
1305 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1308 static const uint8_t loader_code_stm32l[] = {
1310 /* openocd.git/contrib/loaders/flash/stm32lx.S
1311 r0, input, dest addr
1312 r1, input, source addr
1313 r2, input, word count
1314 r3, output, word count
1320 0x51, 0xf8, 0x04, 0xcb,
1321 0x40, 0xf8, 0x04, 0xcb,
1329 static const uint8_t loader_code_stm32l0[] = {
1332 r0, input, dest addr
1333 r1, input, source addr
1334 r2, input, word count
1335 r3, output, word count
1352 static const uint8_t loader_code_stm32f4[] = {
1353 // flashloaders/stm32f4.s
1362 0x14, 0xf0, 0x01, 0x0f,
1364 0x00, 0xf1, 0x04, 0x00,
1365 0x01, 0xf1, 0x04, 0x01,
1366 0xa2, 0xf1, 0x01, 0x02,
1371 0x00, 0x3c, 0x02, 0x40,
1374 const uint8_t* loader_code;
1377 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1378 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE) { /* stm32l */
1379 loader_code = loader_code_stm32l;
1380 loader_size = sizeof(loader_code_stm32l);
1381 } else if (sl->core_id == STM32VL_CORE_ID
1382 || sl->chip_id == STM32_CHIPID_F3
1383 || sl->chip_id == STM32_CHIPID_F303_HIGH
1384 || sl->chip_id == STM32_CHIPID_F37x
1385 || sl->chip_id == STM32_CHIPID_F334) {
1386 loader_code = loader_code_stm32vl;
1387 loader_size = sizeof(loader_code_stm32vl);
1388 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1389 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD || (sl->chip_id == STM32_CHIPID_F411RE)){
1390 loader_code = loader_code_stm32f4;
1391 loader_size = sizeof(loader_code_stm32f4);
1392 } else if (sl->chip_id == STM32_CHIPID_F0 || sl->chip_id == STM32_CHIPID_F04 || sl->chip_id == STM32_CHIPID_F0_CAN || sl->chip_id == STM32_CHIPID_F0_SMALL || sl->chip_id == STM32_CHIPID_F09X) {
1393 loader_code = loader_code_stm32f0;
1394 loader_size = sizeof(loader_code_stm32f0);
1395 } else if (sl->chip_id == STM32_CHIPID_L0) {
1396 loader_code = loader_code_stm32l0;
1397 loader_size = sizeof(loader_code_stm32l0);
1399 ELOG("unknown coreid, not sure what flash loader to use, aborting!: %x\n", sl->core_id);
1403 memcpy(sl->q_buf, loader_code, loader_size);
1404 stlink_write_mem32(sl, sl->sram_base, loader_size);
1406 *addr = sl->sram_base;
1407 *size = loader_size;
1413 int stlink_fcheck_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1414 /* check the contents of path are at addr */
1417 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1419 if (map_file(&mf, path) == -1)
1422 res = check_file(sl, &mf, addr);
1430 * Verify addr..addr+len is binary identical to base...base+len
1431 * @param sl stlink context
1432 * @param address stm device address
1433 * @param data host side buffer to check against
1434 * @param length how much
1435 * @return 0 for success, -ve for failure
1437 int stlink_verify_write_flash(stlink_t *sl, stm32_addr_t address, uint8_t *data, unsigned length) {
1439 size_t cmp_size = (sl->flash_pgsz > 0x1800)? 0x1800:sl->flash_pgsz;
1440 ILOG("Starting verification of write complete\n");
1441 for (off = 0; off < length; off += cmp_size) {
1442 size_t aligned_size;
1444 /* adjust last page size */
1445 if ((off + cmp_size) > length)
1446 cmp_size = length - off;
1448 aligned_size = cmp_size;
1449 if (aligned_size & (4 - 1))
1450 aligned_size = (cmp_size + 4) & ~(4 - 1);
1452 stlink_read_mem32(sl, address + off, aligned_size);
1454 if (memcmp(sl->q_buf, data + off, cmp_size)) {
1455 ELOG("Verification of flash failed at offset: %zd\n", off);
1459 ILOG("Flash written and verified! jolly good!\n");
1464 int stm32l1_write_half_pages(stlink_t *sl, stm32_addr_t addr, uint8_t* base, uint32_t len, uint32_t pagesize)
1467 unsigned int num_half_pages = len / pagesize;
1469 uint32_t flash_regs_base;
1472 if (sl->chip_id == STM32_CHIPID_L0) {
1473 flash_regs_base = STM32L0_FLASH_REGS_ADDR;
1475 flash_regs_base = STM32L_FLASH_REGS_ADDR;
1478 ILOG("Starting Half page flash write for STM32L core id\n");
1479 /* flash loader initialization */
1480 if (init_flash_loader(sl, &fl) == -1) {
1481 WLOG("init_flash_loader() == -1\n");
1484 /* Unlock already done */
1485 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1486 val |= (1 << FLASH_L1_FPRG);
1487 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1489 val |= (1 << FLASH_L1_PROG);
1490 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1491 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0) {}
1493 for (count = 0; count < num_half_pages; count ++) {
1494 if (run_flash_loader(sl, &fl, addr + count * pagesize, base + count * pagesize, pagesize) == -1) {
1495 WLOG("l1_run_flash_loader(%#zx) failed! == -1\n", addr + count * pagesize);
1496 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1497 val &= ~((1 << FLASH_L1_FPRG) |(1 << FLASH_L1_PROG));
1498 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1501 /* wait for sr.busy to be cleared */
1502 if (sl->verbose >= 1) {
1503 /* show progress. writing procedure is slow
1504 and previous errors are misleading */
1505 fprintf(stdout, "\r%3u/%u halfpages written", count + 1, num_half_pages);
1508 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0) {
1511 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1512 val &= ~(1 << FLASH_L1_PROG);
1513 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1514 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1515 val &= ~(1 << FLASH_L1_FPRG);
1516 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1521 int stlink_write_flash(stlink_t *sl, stm32_addr_t addr, uint8_t* base, uint32_t len) {
1524 ILOG("Attempting to write %d (%#x) bytes to stm32 address: %u (%#x)\n",
1525 len, len, addr, addr);
1526 /* check addr range is inside the flash */
1527 stlink_calculate_pagesize(sl, addr);
1528 if (addr < sl->flash_base) {
1529 ELOG("addr too low %#x < %#x\n", addr, sl->flash_base);
1531 } else if ((addr + len) < addr) {
1532 ELOG("addr overruns\n");
1534 } else if ((addr + len) > (sl->flash_base + sl->flash_size)) {
1535 ELOG("addr too high\n");
1537 } else if (addr & 1) {
1538 ELOG("unaligned addr 0x%x\n", addr);
1540 } else if (len & 1) {
1541 WLOG("unaligned len 0x%x -- padding with zero\n", len);
1543 } else if (addr & (sl->flash_pgsz - 1)) {
1544 ELOG("addr not a multiple of pagesize, not supported\n");
1548 // Make sure we've loaded the context with the chip details
1550 /* erase each page */
1552 for (off = 0; off < len; off += stlink_calculate_pagesize(sl, addr + off)) {
1553 /* addr must be an addr inside the page */
1554 if (stlink_erase_flash_page(sl, addr + off) == -1) {
1555 ELOG("Failed to erase_flash_page(%#zx) == -1\n", addr + off);
1558 fprintf(stdout,"\rFlash page at addr: 0x%08lx erased",
1559 (unsigned long)addr + off);
1563 fprintf(stdout,"\n");
1564 ILOG("Finished erasing %d pages of %d (%#x) bytes\n",
1565 page_count, sl->flash_pgsz, sl->flash_pgsz);
1567 if ((sl->chip_id == STM32_CHIPID_F2) ||
1568 (sl->chip_id == STM32_CHIPID_F4) ||
1569 (sl->chip_id == STM32_CHIPID_F4_DE) ||
1570 (sl->chip_id == STM32_CHIPID_F4_LP) ||
1571 (sl->chip_id == STM32_CHIPID_F4_HD) ||
1572 (sl->chip_id == STM32_CHIPID_F411RE)) {
1573 /* todo: check write operation */
1575 ILOG("Starting Flash write for F2/F4\n");
1576 /* flash loader initialization */
1577 if (init_flash_loader(sl, &fl) == -1) {
1578 ELOG("init_flash_loader() == -1\n");
1582 /* First unlock the cr */
1583 unlock_flash_if(sl);
1585 /* TODO: Check that Voltage range is 2.7 - 3.6 V */
1586 /* set parallelisim to 32 bit*/
1587 write_flash_cr_psiz(sl, 2);
1589 /* set programming mode */
1590 set_flash_cr_pg(sl);
1592 for(off = 0; off < len;) {
1593 size_t size = len - off > 0x8000 ? 0x8000 : len - off;
1595 printf("size: %zu\n", size);
1597 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1598 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1610 else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1611 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE
1612 || sl->chip_id == STM32_CHIPID_L0) {
1613 /* use fast word write. todo: half page. */
1615 uint32_t flash_regs_base;
1618 if (sl->chip_id == STM32_CHIPID_L0) {
1619 flash_regs_base = STM32L0_FLASH_REGS_ADDR;
1620 pagesize = L0_WRITE_BLOCK_SIZE;
1622 flash_regs_base = STM32L_FLASH_REGS_ADDR;
1623 pagesize = L1_WRITE_BLOCK_SIZE;
1626 /* todo: check write operation */
1628 /* disable pecr protection */
1629 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x89abcdef);
1630 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x02030405);
1632 /* check pecr.pelock is cleared */
1633 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1634 if (val & (1 << 0)) {
1635 fprintf(stderr, "pecr.pelock not clear\n");
1639 /* unlock program memory */
1640 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x8c9daebf);
1641 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x13141516);
1643 /* check pecr.prglock is cleared */
1644 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1645 if (val & (1 << 1)) {
1646 fprintf(stderr, "pecr.prglock not clear\n");
1650 if (len > pagesize) {
1651 if (stm32l1_write_half_pages(sl, addr, base, len, pagesize) == -1) {
1652 /* This may happen on a blank device! */
1653 WLOG("\nwrite_half_pages failed == -1\n");
1655 off = (len / pagesize)*pagesize;
1659 /* write remainingword in program memory */
1660 for ( ; off < len; off += sizeof(uint32_t)) {
1663 fprintf(stdout, "\r");
1665 if ((off % sl->flash_pgsz) > (sl->flash_pgsz -5)) {
1666 fprintf(stdout, "\r%3zd/%3zd pages written",
1667 off/sl->flash_pgsz, len/sl->flash_pgsz);
1671 write_uint32((unsigned char*) &data, *(uint32_t*) (base + off));
1672 stlink_write_debug32(sl, addr + off, data);
1674 /* wait for sr.busy to be cleared */
1675 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0)
1678 /* todo: check redo write operation */
1681 fprintf(stdout, "\n");
1682 /* reset lock bits */
1683 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF)
1684 | (1 << 0) | (1 << 1) | (1 << 2);
1685 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1686 } else if (sl->core_id == STM32VL_CORE_ID ||
1687 sl->core_id == STM32F0_CORE_ID ||
1688 sl->chip_id == STM32_CHIPID_F3 ||
1689 sl->chip_id == STM32_CHIPID_F303_HIGH ||
1690 sl->chip_id == STM32_CHIPID_F334 ||
1691 sl->chip_id == STM32_CHIPID_F37x) {
1692 ILOG("Starting Flash write for VL/F0/F3 core id\n");
1693 /* flash loader initialization */
1694 if (init_flash_loader(sl, &fl) == -1) {
1695 ELOG("init_flash_loader() == -1\n");
1699 int write_block_count = 0;
1700 for (off = 0; off < len; off += sl->flash_pgsz) {
1701 /* adjust last write size */
1702 size_t size = sl->flash_pgsz;
1703 if ((off + sl->flash_pgsz) > len) size = len - off;
1705 /* unlock and set programming mode */
1706 unlock_flash_if(sl);
1707 set_flash_cr_pg(sl);
1708 //DLOG("Finished setting flash cr pg, running loader!\n");
1709 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1710 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1714 if (sl->verbose >= 1) {
1715 /* show progress. writing procedure is slow
1716 and previous errors are misleading */
1717 fprintf(stdout, "\r%3u/%lu pages written", write_block_count++, (unsigned long)len/sl->flash_pgsz);
1721 fprintf(stdout, "\n");
1723 ELOG("unknown coreid, not sure how to write: %x\n", sl->core_id);
1727 return stlink_verify_write_flash(sl, addr, base, len);
1731 * Write the given binary file into flash at address "addr"
1733 * @param path readable file path, should be binary image
1734 * @param addr where to start writing
1735 * @return 0 on success, -ve on failure.
1737 int stlink_fwrite_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1738 /* write the file in flash at addr */
1740 unsigned int num_empty = 0, index;
1741 unsigned char erased_pattern =(sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1742 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE )?0:0xff;
1743 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1744 if (map_file(&mf, path) == -1) {
1745 ELOG("map_file() == -1\n");
1748 for(index = 0; index < mf.len; index ++) {
1749 if (mf.base[index] == erased_pattern)
1754 /* Round down to words */
1755 num_empty -= (num_empty & 3);
1756 if(num_empty != 0) {
1757 ILOG("Ignoring %d bytes of 0x%02x at end of file\n", num_empty, erased_pattern);
1758 mf.len -= num_empty;
1760 err = stlink_write_flash(sl, addr, mf.base, mf.len);
1762 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
1763 /* Set PC to the reset routine*/
1764 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
1770 int run_flash_loader(stlink_t *sl, flash_loader_t* fl, stm32_addr_t target, const uint8_t* buf, size_t size) {
1774 DLOG("Running flash loader, write address:%#x, size: %zd\n", target, size);
1775 // FIXME This can never return -1
1776 if (write_buffer_to_sram(sl, fl, buf, size) == -1) {
1778 ELOG("write_buffer_to_sram() == -1\n");
1782 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1783 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE
1784 || sl->chip_id == STM32_CHIPID_L0) {
1786 size_t count = size / sizeof(uint32_t);
1787 if (size % sizeof(uint32_t)) ++count;
1790 stlink_write_reg(sl, target, 0); /* target */
1791 stlink_write_reg(sl, fl->buf_addr, 1); /* source */
1792 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1793 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1795 } else if (sl->core_id == STM32VL_CORE_ID ||
1796 sl->core_id == STM32F0_CORE_ID ||
1797 sl->chip_id == STM32_CHIPID_F3 ||
1798 sl->chip_id == STM32_CHIPID_F303_HIGH ||
1799 sl->chip_id == STM32_CHIPID_F37x ||
1800 sl->chip_id == STM32_CHIPID_F334) {
1802 size_t count = size / sizeof(uint16_t);
1803 if (size % sizeof(uint16_t)) ++count;
1806 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1807 stlink_write_reg(sl, target, 1); /* target */
1808 stlink_write_reg(sl, count, 2); /* count (16 bits half words) */
1809 stlink_write_reg(sl, 0, 3); /* flash bank 0 (input) */
1810 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1812 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1813 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD || (sl->chip_id == STM32_CHIPID_F411RE)) {
1815 size_t count = size / sizeof(uint32_t);
1816 if (size % sizeof(uint32_t)) ++count;
1819 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1820 stlink_write_reg(sl, target, 1); /* target */
1821 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1822 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1825 fprintf(stderr, "unknown coreid 0x%x, don't know what flash loader to use\n", sl->core_id);
1832 #define WAIT_ROUNDS 10000
1833 /* wait until done (reaches breakpoint) */
1834 for (i = 0; i < WAIT_ROUNDS; i++) {
1836 if (is_core_halted(sl))
1840 if (i >= WAIT_ROUNDS) {
1841 ELOG("flash loader run error\n");
1845 /* check written byte count */
1846 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1847 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE
1848 || sl->chip_id == STM32_CHIPID_L0) {
1850 size_t count = size / sizeof(uint32_t);
1851 if (size % sizeof(uint32_t)) ++count;
1853 stlink_read_reg(sl, 3, &rr);
1854 if (rr.r[3] != count) {
1855 fprintf(stderr, "write error, count == %u\n", rr.r[3]);
1859 } else if (sl->core_id == STM32VL_CORE_ID ||
1860 sl->core_id == STM32F0_CORE_ID ||
1861 sl->chip_id == STM32_CHIPID_F3 ||
1862 sl->chip_id == STM32_CHIPID_F303_HIGH ||
1863 sl->chip_id == STM32_CHIPID_F37x ||
1864 sl->chip_id == STM32_CHIPID_F334) {
1866 stlink_read_reg(sl, 2, &rr);
1868 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1872 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1873 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD || (sl->chip_id == STM32_CHIPID_F411RE)) {
1875 stlink_read_reg(sl, 2, &rr);
1877 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1883 fprintf(stderr, "unknown coreid 0x%x, can't check written byte count\n", sl->core_id);
projects / fw / stlink / blob