10 #include <sys/types.h>
14 #include "stlink-common.h"
15 #include "uglylogging.h"
21 #define LOG_TAG __FILE__
22 #define DLOG(format, args...) ugly_log(UDEBUG, LOG_TAG, format, ## args)
23 #define ILOG(format, args...) ugly_log(UINFO, LOG_TAG, format, ## args)
24 #define WLOG(format, args...) ugly_log(UWARN, LOG_TAG, format, ## args)
25 #define ELOG(format, args...) ugly_log(UERROR, LOG_TAG, format, ## args)
26 #define fatal(format, args...) ugly_log(UFATAL, LOG_TAG, format, ## args)
28 /* todo: stm32l15xxx flash memory, pm0062 manual */
30 /* stm32f FPEC flash controller interface, pm0063 manual */
31 // TODO - all of this needs to be abstracted out....
32 // STM32F05x is identical, based on RM0091 (DM00031936, Doc ID 018940 Rev 2, August 2012)
33 #define FLASH_REGS_ADDR 0x40022000
34 #define FLASH_REGS_SIZE 0x28
36 #define FLASH_ACR (FLASH_REGS_ADDR + 0x00)
37 #define FLASH_KEYR (FLASH_REGS_ADDR + 0x04)
38 #define FLASH_SR (FLASH_REGS_ADDR + 0x0c)
39 #define FLASH_CR (FLASH_REGS_ADDR + 0x10)
40 #define FLASH_AR (FLASH_REGS_ADDR + 0x14)
41 #define FLASH_OBR (FLASH_REGS_ADDR + 0x1c)
42 #define FLASH_WRPR (FLASH_REGS_ADDR + 0x20)
44 // For STM32F05x, the RDPTR_KEY may be wrong, but as it is not used anywhere...
45 #define FLASH_RDPTR_KEY 0x00a5
46 #define FLASH_KEY1 0x45670123
47 #define FLASH_KEY2 0xcdef89ab
49 #define FLASH_SR_BSY 0
50 #define FLASH_SR_EOP 5
53 #define FLASH_CR_PER 1
54 #define FLASH_CR_MER 2
55 #define FLASH_CR_STRT 6
56 #define FLASH_CR_LOCK 7
59 //32L = 32F1 same CoreID as 32F4!
60 #define STM32L_FLASH_REGS_ADDR ((uint32_t)0x40023c00)
61 #define STM32L_FLASH_ACR (STM32L_FLASH_REGS_ADDR + 0x00)
62 #define STM32L_FLASH_PECR (STM32L_FLASH_REGS_ADDR + 0x04)
63 #define STM32L_FLASH_PDKEYR (STM32L_FLASH_REGS_ADDR + 0x08)
64 #define STM32L_FLASH_PEKEYR (STM32L_FLASH_REGS_ADDR + 0x0c)
65 #define STM32L_FLASH_PRGKEYR (STM32L_FLASH_REGS_ADDR + 0x10)
66 #define STM32L_FLASH_OPTKEYR (STM32L_FLASH_REGS_ADDR + 0x14)
67 #define STM32L_FLASH_SR (STM32L_FLASH_REGS_ADDR + 0x18)
68 #define STM32L_FLASH_OBR (STM32L_FLASH_REGS_ADDR + 0x1c)
69 #define STM32L_FLASH_WRPR (STM32L_FLASH_REGS_ADDR + 0x20)
70 #define FLASH_L1_FPRG 10
71 #define FLASH_L1_PROG 3
75 #define FLASH_F4_REGS_ADDR ((uint32_t)0x40023c00)
76 #define FLASH_F4_KEYR (FLASH_F4_REGS_ADDR + 0x04)
77 #define FLASH_F4_OPT_KEYR (FLASH_F4_REGS_ADDR + 0x08)
78 #define FLASH_F4_SR (FLASH_F4_REGS_ADDR + 0x0c)
79 #define FLASH_F4_CR (FLASH_F4_REGS_ADDR + 0x10)
80 #define FLASH_F4_OPT_CR (FLASH_F4_REGS_ADDR + 0x14)
81 #define FLASH_F4_CR_STRT 16
82 #define FLASH_F4_CR_LOCK 31
83 #define FLASH_F4_CR_SER 1
84 #define FLASH_F4_CR_SNB 3
85 #define FLASH_F4_CR_SNB_MASK 0x38
86 #define FLASH_F4_SR_BSY 16
89 void write_uint32(unsigned char* buf, uint32_t ui) {
90 if (!is_bigendian()) { // le -> le (don't swap)
91 buf[0] = ((unsigned char*) &ui)[0];
92 buf[1] = ((unsigned char*) &ui)[1];
93 buf[2] = ((unsigned char*) &ui)[2];
94 buf[3] = ((unsigned char*) &ui)[3];
96 buf[0] = ((unsigned char*) &ui)[3];
97 buf[1] = ((unsigned char*) &ui)[2];
98 buf[2] = ((unsigned char*) &ui)[1];
99 buf[3] = ((unsigned char*) &ui)[0];
103 void write_uint16(unsigned char* buf, uint16_t ui) {
104 if (!is_bigendian()) { // le -> le (don't swap)
105 buf[0] = ((unsigned char*) &ui)[0];
106 buf[1] = ((unsigned char*) &ui)[1];
108 buf[0] = ((unsigned char*) &ui)[1];
109 buf[1] = ((unsigned char*) &ui)[0];
113 uint32_t read_uint32(const unsigned char *c, const int pt) {
115 char *p = (char *) &ui;
117 if (!is_bigendian()) { // le -> le (don't swap)
131 static uint32_t __attribute__((unused)) read_flash_rdp(stlink_t *sl) {
132 return stlink_read_debug32(sl, FLASH_WRPR) & 0xff;
135 static inline uint32_t read_flash_wrpr(stlink_t *sl) {
136 return stlink_read_debug32(sl, FLASH_WRPR);
139 static inline uint32_t read_flash_obr(stlink_t *sl) {
140 return stlink_read_debug32(sl, FLASH_OBR);
143 static inline uint32_t read_flash_cr(stlink_t *sl) {
145 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4))
146 res = stlink_read_debug32(sl, FLASH_F4_CR);
148 res = stlink_read_debug32(sl, FLASH_CR);
150 fprintf(stdout, "CR:0x%x\n", res);
155 static inline unsigned int is_flash_locked(stlink_t *sl) {
156 /* return non zero for true */
157 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4))
158 return read_flash_cr(sl) & (1 << FLASH_F4_CR_LOCK);
160 return read_flash_cr(sl) & (1 << FLASH_CR_LOCK);
163 static void unlock_flash(stlink_t *sl) {
164 /* the unlock sequence consists of 2 write cycles where
165 2 key values are written to the FLASH_KEYR register.
166 an invalid sequence results in a definitive lock of
167 the FPEC block until next reset.
169 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4)) {
170 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY1);
171 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY2);
173 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY1);
174 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY2);
179 static int unlock_flash_if(stlink_t *sl) {
180 /* unlock flash if already locked */
182 if (is_flash_locked(sl)) {
184 if (is_flash_locked(sl)) {
185 WLOG("Failed to unlock flash!\n");
189 DLOG("Successfully unlocked flash\n");
193 static void lock_flash(stlink_t *sl) {
194 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4)) {
195 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_F4_CR_LOCK);
196 stlink_write_debug32(sl, FLASH_F4_CR, n);
198 /* write to 1 only. reset by hw at unlock sequence */
199 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_CR_LOCK);
200 stlink_write_debug32(sl, FLASH_CR, n);
205 static void set_flash_cr_pg(stlink_t *sl) {
206 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4)) {
207 uint32_t x = read_flash_cr(sl);
208 x |= (1 << FLASH_CR_PG);
209 stlink_write_debug32(sl, FLASH_F4_CR, x);
211 const uint32_t n = 1 << FLASH_CR_PG;
212 stlink_write_debug32(sl, FLASH_CR, n);
216 static void __attribute__((unused)) clear_flash_cr_pg(stlink_t *sl) {
217 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PG);
218 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4))
219 stlink_write_debug32(sl, FLASH_F4_CR, n);
221 stlink_write_debug32(sl, FLASH_CR, n);
224 static void set_flash_cr_per(stlink_t *sl) {
225 const uint32_t n = 1 << FLASH_CR_PER;
226 stlink_write_debug32(sl, FLASH_CR, n);
229 static void __attribute__((unused)) clear_flash_cr_per(stlink_t *sl) {
230 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PER);
231 stlink_write_debug32(sl, FLASH_CR, n);
234 static void set_flash_cr_mer(stlink_t *sl) {
235 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4))
236 stlink_write_debug32(sl, FLASH_F4_CR,
237 stlink_read_debug32(sl, FLASH_F4_CR) | (1 << FLASH_CR_MER));
239 stlink_write_debug32(sl, FLASH_CR,
240 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_MER));
243 static void __attribute__((unused)) clear_flash_cr_mer(stlink_t *sl) {
244 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4))
245 stlink_write_debug32(sl, FLASH_F4_CR,
246 stlink_read_debug32(sl, FLASH_F4_CR) & ~(1 << FLASH_CR_MER));
248 stlink_write_debug32(sl, FLASH_CR,
249 stlink_read_debug32(sl, FLASH_CR) & ~(1 << FLASH_CR_MER));
252 static void set_flash_cr_strt(stlink_t *sl) {
253 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4)) {
254 uint32_t x = read_flash_cr(sl);
255 x |= (1 << FLASH_F4_CR_STRT);
256 stlink_write_debug32(sl, FLASH_F4_CR, x);
258 stlink_write_debug32(sl, FLASH_CR,
259 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_STRT) );
263 static inline uint32_t read_flash_acr(stlink_t *sl) {
264 return stlink_read_debug32(sl, FLASH_ACR);
267 static inline uint32_t read_flash_sr(stlink_t *sl) {
269 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4))
270 res = stlink_read_debug32(sl, FLASH_F4_SR);
272 res = stlink_read_debug32(sl, FLASH_SR);
273 //fprintf(stdout, "SR:0x%x\n", *(uint32_t*) sl->q_buf);
277 static inline unsigned int is_flash_busy(stlink_t *sl) {
278 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4))
279 return read_flash_sr(sl) & (1 << FLASH_F4_SR_BSY);
281 return read_flash_sr(sl) & (1 << FLASH_SR_BSY);
284 static void wait_flash_busy(stlink_t *sl) {
285 /* todo: add some delays here */
286 while (is_flash_busy(sl))
290 static void wait_flash_busy_progress(stlink_t *sl) {
292 fprintf(stdout, "Mass erasing");
294 while (is_flash_busy(sl)) {
298 fprintf(stdout, ".");
302 fprintf(stdout, "\n");
305 static inline unsigned int is_flash_eop(stlink_t *sl) {
306 return read_flash_sr(sl) & (1 << FLASH_SR_EOP);
309 static void __attribute__((unused)) clear_flash_sr_eop(stlink_t *sl) {
310 const uint32_t n = read_flash_sr(sl) & ~(1 << FLASH_SR_EOP);
311 stlink_write_debug32(sl, FLASH_SR, n);
314 static void __attribute__((unused)) wait_flash_eop(stlink_t *sl) {
315 /* todo: add some delays here */
316 while (is_flash_eop(sl) == 0)
320 static inline void write_flash_ar(stlink_t *sl, uint32_t n) {
321 stlink_write_debug32(sl, FLASH_AR, n);
324 static inline void write_flash_cr_psiz(stlink_t *sl, uint32_t n) {
325 uint32_t x = read_flash_cr(sl);
329 fprintf(stdout, "PSIZ:0x%x 0x%x\n", x, n);
331 stlink_write_debug32(sl, FLASH_F4_CR, x);
335 static inline void write_flash_cr_snb(stlink_t *sl, uint32_t n) {
336 uint32_t x = read_flash_cr(sl);
337 x &= ~FLASH_F4_CR_SNB_MASK;
338 x |= (n << FLASH_F4_CR_SNB);
339 x |= (1 << FLASH_F4_CR_SER);
341 fprintf(stdout, "SNB:0x%x 0x%x\n", x, n);
343 stlink_write_debug32(sl, FLASH_F4_CR, x);
348 static void disable_flash_read_protection(stlink_t *sl) {
349 /* erase the option byte area */
356 // Delegates to the backends...
358 void stlink_close(stlink_t *sl) {
359 DLOG("*** stlink_close ***\n");
360 sl->backend->close(sl);
364 void stlink_exit_debug_mode(stlink_t *sl) {
365 DLOG("*** stlink_exit_debug_mode ***\n");
366 stlink_write_debug32(sl, DHCSR, DBGKEY);
367 sl->backend->exit_debug_mode(sl);
370 void stlink_enter_swd_mode(stlink_t *sl) {
371 DLOG("*** stlink_enter_swd_mode ***\n");
372 sl->backend->enter_swd_mode(sl);
375 // Force the core into the debug mode -> halted state.
376 void stlink_force_debug(stlink_t *sl) {
377 DLOG("*** stlink_force_debug_mode ***\n");
378 sl->backend->force_debug(sl);
381 void stlink_exit_dfu_mode(stlink_t *sl) {
382 DLOG("*** stlink_exit_dfu_mode ***\n");
383 sl->backend->exit_dfu_mode(sl);
386 uint32_t stlink_core_id(stlink_t *sl) {
387 DLOG("*** stlink_core_id ***\n");
388 sl->backend->core_id(sl);
390 stlink_print_data(sl);
391 DLOG("core_id = 0x%08x\n", sl->core_id);
395 uint32_t stlink_chip_id(stlink_t *sl) {
396 uint32_t chip_id = stlink_read_debug32(sl, 0xE0042000);
397 if (chip_id == 0) chip_id = stlink_read_debug32(sl, 0x40015800); //Try Corex M0 DBGMCU_IDCODE register address
402 * Cortex m3 tech ref manual, CPUID register description
403 * @param sl stlink context
404 * @param cpuid pointer to the result object
406 void stlink_cpu_id(stlink_t *sl, cortex_m3_cpuid_t *cpuid) {
407 uint32_t raw = stlink_read_debug32(sl, CM3_REG_CPUID);
408 cpuid->implementer_id = (raw >> 24) & 0x7f;
409 cpuid->variant = (raw >> 20) & 0xf;
410 cpuid->part = (raw >> 4) & 0xfff;
411 cpuid->revision = raw & 0xf;
416 * reads and decodes the flash parameters, as dynamically as possible
418 * @return 0 for success, or -1 for unsupported core type.
420 int stlink_load_device_params(stlink_t *sl) {
421 ILOG("Loading device parameters....\n");
422 const chip_params_t *params = NULL;
423 sl->core_id = stlink_core_id(sl);
424 uint32_t chip_id = stlink_chip_id(sl);
426 sl->chip_id = chip_id & 0xfff;
427 /* Fix chip_id for F4 rev A errata , Read CPU ID, as CoreID is the same for F2/F4*/
428 if (sl->chip_id == 0x411) {
429 uint32_t cpuid = stlink_read_debug32(sl, 0xE000ED00);
430 if ((cpuid & 0xfff0) == 0xc240)
434 for (size_t i = 0; i < sizeof(devices) / sizeof(devices[0]); i++) {
435 if(devices[i].chip_id == sl->chip_id) {
436 params = &devices[i];
440 if (params == NULL) {
441 WLOG("unknown chip id! %#x\n", chip_id);
445 // These are fixed...
446 sl->flash_base = STM32_FLASH_BASE;
447 sl->sram_base = STM32_SRAM_BASE;
449 // read flash size from hardware, if possible...
450 if (sl->chip_id == STM32_CHIPID_F2) {
451 sl->flash_size = 0x100000; /* Use maximum, User must care!*/
452 } else if (sl->chip_id == STM32_CHIPID_F4) {
453 sl->flash_size = 0x100000; //todo: RM0090 error; size register same address as unique ID
455 uint32_t flash_size = stlink_read_debug32(sl, params->flash_size_reg) & 0xffff;
456 sl->flash_size = flash_size * 1024;
458 sl->flash_pgsz = params->flash_pagesize;
459 sl->sram_size = params->sram_size;
460 sl->sys_base = params->bootrom_base;
461 sl->sys_size = params->bootrom_size;
463 ILOG("Device connected is: %s, id %#x\n", params->description, chip_id);
464 // TODO make note of variable page size here.....
465 ILOG("SRAM size: %#x bytes (%d KiB), Flash: %#x bytes (%d KiB) in pages of %zd bytes\n",
466 sl->sram_size, sl->sram_size / 1024, sl->flash_size, sl->flash_size / 1024,
471 void stlink_reset(stlink_t *sl) {
472 DLOG("*** stlink_reset ***\n");
473 sl->backend->reset(sl);
476 void stlink_jtag_reset(stlink_t *sl, int value) {
477 DLOG("*** stlink_jtag_reset ***\n");
478 sl->backend->jtag_reset(sl, value);
481 void stlink_run(stlink_t *sl) {
482 DLOG("*** stlink_run ***\n");
483 sl->backend->run(sl);
486 void stlink_status(stlink_t *sl) {
487 DLOG("*** stlink_status ***\n");
488 sl->backend->status(sl);
489 stlink_core_stat(sl);
493 * Decode the version bits, originally from -sg, verified with usb
494 * @param sl stlink context, assumed to contain valid data in the buffer
495 * @param slv output parsed version object
497 void _parse_version(stlink_t *sl, stlink_version_t *slv) {
498 uint32_t b0 = sl->q_buf[0]; //lsb
499 uint32_t b1 = sl->q_buf[1];
500 uint32_t b2 = sl->q_buf[2];
501 uint32_t b3 = sl->q_buf[3];
502 uint32_t b4 = sl->q_buf[4];
503 uint32_t b5 = sl->q_buf[5]; //msb
505 // b0 b1 || b2 b3 | b4 b5
506 // 4b | 6b | 6b || 2B | 2B
507 // stlink_v | jtag_v | swim_v || st_vid | stlink_pid
509 slv->stlink_v = (b0 & 0xf0) >> 4;
510 slv->jtag_v = ((b0 & 0x0f) << 2) | ((b1 & 0xc0) >> 6);
511 slv->swim_v = b1 & 0x3f;
512 slv->st_vid = (b3 << 8) | b2;
513 slv->stlink_pid = (b5 << 8) | b4;
517 void stlink_version(stlink_t *sl) {
518 DLOG("*** looking up stlink version\n");
519 sl->backend->version(sl);
520 _parse_version(sl, &sl->version);
522 DLOG("st vid = 0x%04x (expect 0x%04x)\n", sl->version.st_vid, USB_ST_VID);
523 DLOG("stlink pid = 0x%04x\n", sl->version.stlink_pid);
524 DLOG("stlink version = 0x%x\n", sl->version.stlink_v);
525 DLOG("jtag version = 0x%x\n", sl->version.jtag_v);
526 DLOG("swim version = 0x%x\n", sl->version.swim_v);
527 if (sl->version.jtag_v == 0) {
528 DLOG(" notice: the firmware doesn't support a jtag/swd interface\n");
530 if (sl->version.swim_v == 0) {
531 DLOG(" notice: the firmware doesn't support a swim interface\n");
535 uint32_t stlink_read_debug32(stlink_t *sl, uint32_t addr) {
536 uint32_t data = sl->backend->read_debug32(sl, addr);
537 DLOG("*** stlink_read_debug32 %x is %#x\n", data, addr);
541 void stlink_write_debug32(stlink_t *sl, uint32_t addr, uint32_t data) {
542 DLOG("*** stlink_write_debug32 %x to %#x\n", data, addr);
543 sl->backend->write_debug32(sl, addr, data);
546 void stlink_write_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
547 DLOG("*** stlink_write_mem32 %u bytes to %#x\n", len, addr);
549 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n", len % 4);
552 sl->backend->write_mem32(sl, addr, len);
555 void stlink_read_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
556 DLOG("*** stlink_read_mem32 ***\n");
557 if (len % 4 != 0) { // !!! never ever: fw gives just wrong values
558 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n",
562 sl->backend->read_mem32(sl, addr, len);
565 void stlink_write_mem8(stlink_t *sl, uint32_t addr, uint16_t len) {
566 DLOG("*** stlink_write_mem8 ***\n");
567 if (len > 0x40 ) { // !!! never ever: Writing more then 0x40 bytes gives unexpected behaviour
568 fprintf(stderr, "Error: Data length > 64: +%d byte.\n",
572 sl->backend->write_mem8(sl, addr, len);
575 void stlink_read_all_regs(stlink_t *sl, reg *regp) {
576 DLOG("*** stlink_read_all_regs ***\n");
577 sl->backend->read_all_regs(sl, regp);
580 void stlink_read_all_unsupported_regs(stlink_t *sl, reg *regp) {
581 DLOG("*** stlink_read_all_unsupported_regs ***\n");
582 sl->backend->read_all_unsupported_regs(sl, regp);
585 void stlink_write_reg(stlink_t *sl, uint32_t reg, int idx) {
586 DLOG("*** stlink_write_reg\n");
587 sl->backend->write_reg(sl, reg, idx);
590 void stlink_read_reg(stlink_t *sl, int r_idx, reg *regp) {
591 DLOG("*** stlink_read_reg\n");
592 DLOG(" (%d) ***\n", r_idx);
594 if (r_idx > 20 || r_idx < 0) {
595 fprintf(stderr, "Error: register index must be in [0..20]\n");
599 sl->backend->read_reg(sl, r_idx, regp);
602 void stlink_read_unsupported_reg(stlink_t *sl, int r_idx, reg *regp) {
605 DLOG("*** stlink_read_unsupported_reg\n");
606 DLOG(" (%d) ***\n", r_idx);
608 /* Convert to values used by DCRSR */
609 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
611 } else if (r_idx == 0x40) { /* FPSCR */
613 } else if (r_idx >= 0x20 && r_idx < 0x40) {
614 r_convert = 0x40 + (r_idx - 0x20);
616 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
620 sl->backend->read_unsupported_reg(sl, r_convert, regp);
623 void stlink_write_unsupported_reg(stlink_t *sl, uint32_t val, int r_idx, reg *regp) {
626 DLOG("*** stlink_write_unsupported_reg\n");
627 DLOG(" (%d) ***\n", r_idx);
629 /* Convert to values used by DCRSR */
630 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
631 r_convert = r_idx; /* The backend function handles this */
632 } else if (r_idx == 0x40) { /* FPSCR */
634 } else if (r_idx >= 0x20 && r_idx < 0x40) {
635 r_convert = 0x40 + (r_idx - 0x20);
637 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
641 sl->backend->write_unsupported_reg(sl, val, r_convert, regp);
644 unsigned int is_core_halted(stlink_t *sl) {
645 /* return non zero if core is halted */
647 return sl->q_buf[0] == STLINK_CORE_HALTED;
650 void stlink_step(stlink_t *sl) {
651 DLOG("*** stlink_step ***\n");
652 sl->backend->step(sl);
655 int stlink_current_mode(stlink_t *sl) {
656 int mode = sl->backend->current_mode(sl);
658 case STLINK_DEV_DFU_MODE:
659 DLOG("stlink current mode: dfu\n");
661 case STLINK_DEV_DEBUG_MODE:
662 DLOG("stlink current mode: debug (jtag or swd)\n");
664 case STLINK_DEV_MASS_MODE:
665 DLOG("stlink current mode: mass\n");
668 DLOG("stlink mode: unknown!\n");
669 return STLINK_DEV_UNKNOWN_MODE;
675 // End of delegates.... Common code below here...
678 // http://www.ibm.com/developerworks/aix/library/au-endianc/index.html
680 // #define is_bigendian() ( (*(char*)&i) == 0 )
682 inline unsigned int is_bigendian(void) {
683 static volatile const unsigned int i = 1;
684 return *(volatile const char*) &i == 0;
687 uint16_t read_uint16(const unsigned char *c, const int pt) {
689 char *p = (char *) &ui;
691 if (!is_bigendian()) { // le -> le (don't swap)
701 // same as above with entrypoint.
703 void stlink_run_at(stlink_t *sl, stm32_addr_t addr) {
704 stlink_write_reg(sl, addr, 15); /* pc register */
708 while (is_core_halted(sl) == 0)
712 void stlink_core_stat(stlink_t *sl) {
716 switch (sl->q_buf[0]) {
717 case STLINK_CORE_RUNNING:
718 sl->core_stat = STLINK_CORE_RUNNING;
719 DLOG(" core status: running\n");
721 case STLINK_CORE_HALTED:
722 sl->core_stat = STLINK_CORE_HALTED;
723 DLOG(" core status: halted\n");
726 sl->core_stat = STLINK_CORE_STAT_UNKNOWN;
727 fprintf(stderr, " core status: unknown\n");
731 void stlink_print_data(stlink_t * sl) {
732 if (sl->q_len <= 0 || sl->verbose < UDEBUG)
735 fprintf(stdout, "data_len = %d 0x%x\n", sl->q_len, sl->q_len);
737 for (int i = 0; i < sl->q_len; i++) {
740 if (sl->q_data_dir == Q_DATA_OUT)
741 fprintf(stdout, "\n<- 0x%08x ", sl->q_addr + i);
743 fprintf(stdout, "\n-> 0x%08x ", sl->q_addr + i);
746 fprintf(stdout, " %02x", (unsigned int) sl->q_buf[i]);
748 fputs("\n\n", stdout);
751 /* memory mapped file */
753 typedef struct mapped_file {
758 #define MAPPED_FILE_INITIALIZER { NULL, 0 }
760 static int map_file(mapped_file_t* mf, const char* path) {
764 const int fd = open(path, O_RDONLY | O_BINARY);
766 fprintf(stderr, "open(%s) == -1\n", path);
770 if (fstat(fd, &st) == -1) {
771 fprintf(stderr, "fstat() == -1\n");
775 mf->base = (uint8_t*) mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
776 if (mf->base == MAP_FAILED) {
777 fprintf(stderr, "mmap() == MAP_FAILED\n");
781 mf->len = st.st_size;
792 static void unmap_file(mapped_file_t * mf) {
793 munmap((void*) mf->base, mf->len);
794 mf->base = (unsigned char*) MAP_FAILED;
798 /* Limit the block size to compare to 0x1800
799 Anything larger will stall the STLINK2
800 Maybe STLINK V1 needs smaller value!*/
801 static int check_file(stlink_t* sl, mapped_file_t* mf, stm32_addr_t addr) {
803 size_t n_cmp = sl->flash_pgsz;
807 for (off = 0; off < mf->len; off += n_cmp) {
810 /* adjust last page size */
811 size_t cmp_size = n_cmp;
812 if ((off + n_cmp) > mf->len)
813 cmp_size = mf->len - off;
815 aligned_size = cmp_size;
816 if (aligned_size & (4 - 1))
817 aligned_size = (cmp_size + 4) & ~(4 - 1);
819 stlink_read_mem32(sl, addr + off, aligned_size);
821 if (memcmp(sl->q_buf, mf->base + off, cmp_size))
828 int stlink_fwrite_sram
829 (stlink_t * sl, const char* path, stm32_addr_t addr) {
830 /* write the file in sram at addr */
834 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
836 if (map_file(&mf, path) == -1) {
837 fprintf(stderr, "map_file() == -1\n");
841 /* check addr range is inside the sram */
842 if (addr < sl->sram_base) {
843 fprintf(stderr, "addr too low\n");
845 } else if ((addr + mf.len) < addr) {
846 fprintf(stderr, "addr overruns\n");
848 } else if ((addr + mf.len) > (sl->sram_base + sl->sram_size)) {
849 fprintf(stderr, "addr too high\n");
851 } else if ((addr & 3) || (mf.len & 3)) {
853 fprintf(stderr, "unaligned addr or size\n");
857 /* do the copy by 1k blocks */
858 for (off = 0; off < mf.len; off += 1024) {
860 if ((off + size) > mf.len)
863 memcpy(sl->q_buf, mf.base + off, size);
865 /* round size if needed */
869 stlink_write_mem32(sl, addr + off, size);
872 /* check the file ha been written */
873 if (check_file(sl, &mf, addr) == -1) {
874 fprintf(stderr, "check_file() == -1\n");
881 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
882 /* Set PC to the reset routine*/
883 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
891 int stlink_fread(stlink_t* sl, const char* path, stm32_addr_t addr, size_t size) {
892 /* read size bytes from addr to file */
897 unsigned char erased_pattern = (sl->chip_id == STM32_CHIPID_L1_MEDIUM)?0:0xff;
899 const int fd = open(path, O_RDWR | O_TRUNC | O_CREAT, 00700);
901 fprintf(stderr, "open(%s) == -1\n", path);
906 size = sl->flash_size;
908 if (size > sl->flash_size)
909 size = sl->flash_size;
911 /* do the copy by 1k blocks */
912 for (off = 0; off < size; off += 1024) {
913 size_t read_size = 1024;
916 if ((off + read_size) > size)
917 read_size = size - off;
919 /* round size if needed */
920 rounded_size = read_size;
921 if (rounded_size & 3)
922 rounded_size = (rounded_size + 4) & ~(3);
924 stlink_read_mem32(sl, addr + off, rounded_size);
926 for(index = 0; index < read_size; index ++) {
927 if (sl->q_buf[index] == erased_pattern)
932 if (write(fd, sl->q_buf, read_size) != (ssize_t) read_size) {
933 fprintf(stderr, "write() != read_size\n");
938 /* Ignore NULL Bytes at end of file */
939 if (!ftruncate(fd, size - num_empty)) {
952 int write_buffer_to_sram(stlink_t *sl, flash_loader_t* fl, const uint8_t* buf, size_t size) {
953 /* write the buffer right after the loader */
954 size_t chunk = size & ~0x3;
955 size_t rem = size & 0x3;
957 memcpy(sl->q_buf, buf, chunk);
958 stlink_write_mem32(sl, fl->buf_addr, chunk);
961 memcpy(sl->q_buf, buf+chunk, rem);
962 stlink_write_mem8(sl, (fl->buf_addr)+chunk, rem);
967 uint32_t calculate_F4_sectornum(uint32_t flashaddr){
968 flashaddr &= ~STM32_FLASH_BASE; //Page now holding the actual flash address
969 if (flashaddr<0x4000) return (0);
970 else if(flashaddr<0x8000) return(1);
971 else if(flashaddr<0xc000) return(2);
972 else if(flashaddr<0x10000) return(3);
973 else if(flashaddr<0x20000) return(4);
974 else return(flashaddr/0x20000)+4;
978 uint32_t stlink_calculate_pagesize(stlink_t *sl, uint32_t flashaddr){
979 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4)) {
980 uint32_t sector=calculate_F4_sectornum(flashaddr);
981 if (sector<4) sl->flash_pgsz=0x4000;
982 else if(sector<5) sl->flash_pgsz=0x10000;
983 else sl->flash_pgsz=0x20000;
985 return (sl->flash_pgsz);
989 * Erase a page of flash, assumes sl is fully populated with things like chip/core ids
990 * @param sl stlink context
991 * @param flashaddr an address in the flash page to erase
992 * @return 0 on success -ve on failure
994 int stlink_erase_flash_page(stlink_t *sl, stm32_addr_t flashaddr)
996 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4)) {
997 /* wait for ongoing op to finish */
1000 /* unlock if locked */
1001 unlock_flash_if(sl);
1003 /* select the page to erase */
1004 // calculate the actual page from the address
1005 uint32_t sector=calculate_F4_sectornum(flashaddr);
1007 fprintf(stderr, "EraseFlash - Sector:0x%x Size:0x%x\n", sector, stlink_calculate_pagesize(sl, flashaddr));
1008 write_flash_cr_snb(sl, sector);
1010 /* start erase operation */
1011 set_flash_cr_strt(sl);
1013 /* wait for completion */
1014 wait_flash_busy(sl);
1016 /* relock the flash */
1017 //todo: fails to program if this is in
1020 fprintf(stdout, "Erase Final CR:0x%x\n", read_flash_cr(sl));
1022 } else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM) {
1026 /* check if the locks are set */
1027 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1028 if((val & (1<<0))||(val & (1<<1))) {
1029 /* disable pecr protection */
1030 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x89abcdef);
1031 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x02030405);
1033 /* check pecr.pelock is cleared */
1034 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1035 if (val & (1 << 0)) {
1036 WLOG("pecr.pelock not clear (%#x)\n", val);
1040 /* unlock program memory */
1041 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x8c9daebf);
1042 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x13141516);
1044 /* check pecr.prglock is cleared */
1045 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1046 if (val & (1 << 1)) {
1047 WLOG("pecr.prglock not clear (%#x)\n", val);
1052 /* unused: unlock the option byte block */
1054 stlink_write_debug32(sl, STM32L_FLASH_OPTKEYR, 0xfbead9c8);
1055 stlink_write_debug32(sl, STM32L_FLASH_OPTKEYR, 0x24252627);
1057 /* check pecr.optlock is cleared */
1058 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1059 if (val & (1 << 2)) {
1060 fprintf(stderr, "pecr.prglock not clear\n");
1065 /* set pecr.{erase,prog} */
1066 val |= (1 << 9) | (1 << 3);
1067 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1069 #if 0 /* fix_to_be_confirmed */
1071 /* wait for sr.busy to be cleared
1072 MP: Test shows that busy bit is not set here. Perhaps, PM0062 is
1073 wrong and we do not need to wait here for clearing the busy bit.
1074 TEXANE: ok, if experience says so and it works for you, we comment
1075 it. If someone has a problem, please drop an email.
1077 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1080 #endif /* fix_to_be_confirmed */
1082 /* write 0 to the first word of the page to be erased */
1083 stlink_write_debug32(sl, flashaddr, 0);
1085 /* MP: It is better to wait for clearing the busy bit after issuing
1086 page erase command, even though PM0062 recommends to wait before it.
1087 Test shows that a few iterations is performed in the following loop
1088 before busy bit is cleared.*/
1089 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1092 /* reset lock bits */
1093 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
1094 | (1 << 0) | (1 << 1) | (1 << 2);
1095 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1096 } else if (sl->core_id == STM32VL_CORE_ID || sl->core_id == STM32F0_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1097 /* wait for ongoing op to finish */
1098 wait_flash_busy(sl);
1100 /* unlock if locked */
1101 unlock_flash_if(sl);
1103 /* set the page erase bit */
1104 set_flash_cr_per(sl);
1106 /* select the page to erase */
1107 write_flash_ar(sl, flashaddr);
1109 /* start erase operation, reset by hw with bsy bit */
1110 set_flash_cr_strt(sl);
1112 /* wait for completion */
1113 wait_flash_busy(sl);
1115 /* relock the flash */
1118 WLOG("unknown coreid %x, page erase failed\n", sl->core_id);
1122 /* todo: verify the erased page */
1127 int stlink_erase_flash_mass(stlink_t *sl) {
1128 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM) {
1129 /* erase each page */
1130 int i = 0, num_pages = sl->flash_size/sl->flash_pgsz;
1131 for (i = 0; i < num_pages; i++) {
1132 /* addr must be an addr inside the page */
1133 stm32_addr_t addr = sl->flash_base + i * sl->flash_pgsz;
1134 if (stlink_erase_flash_page(sl, addr) == -1) {
1135 WLOG("Failed to erase_flash_page(%#zx) == -1\n", addr);
1138 fprintf(stdout,"\rFlash page at %5d/%5d erased", i, num_pages);
1141 fprintf(stdout, "\n");
1143 /* wait for ongoing op to finish */
1144 wait_flash_busy(sl);
1146 /* unlock if locked */
1147 unlock_flash_if(sl);
1149 /* set the mass erase bit */
1150 set_flash_cr_mer(sl);
1152 /* start erase operation, reset by hw with bsy bit */
1153 set_flash_cr_strt(sl);
1155 /* wait for completion */
1156 wait_flash_busy_progress(sl);
1158 /* relock the flash */
1161 /* todo: verify the erased memory */
1166 int init_flash_loader(stlink_t *sl, flash_loader_t* fl) {
1169 /* allocate the loader in sram */
1170 if (write_loader_to_sram(sl, &fl->loader_addr, &size) == -1) {
1171 WLOG("Failed to write flash loader to sram!\n");
1175 /* allocate a one page buffer in sram right after loader */
1176 fl->buf_addr = fl->loader_addr + size;
1177 ILOG("Successfully loaded flash loader in sram\n");
1181 int write_loader_to_sram(stlink_t *sl, stm32_addr_t* addr, size_t* size) {
1182 /* from openocd, contrib/loaders/flash/stm32.s */
1183 static const uint8_t loader_code_stm32vl[] = {
1184 0x08, 0x4c, /* ldr r4, STM32_FLASH_BASE */
1185 0x1c, 0x44, /* add r4, r3 */
1186 /* write_half_word: */
1187 0x01, 0x23, /* movs r3, #0x01 */
1188 0x23, 0x61, /* str r3, [r4, #STM32_FLASH_CR_OFFSET] */
1189 0x30, 0xf8, 0x02, 0x3b, /* ldrh r3, [r0], #0x02 */
1190 0x21, 0xf8, 0x02, 0x3b, /* strh r3, [r1], #0x02 */
1192 0xe3, 0x68, /* ldr r3, [r4, #STM32_FLASH_SR_OFFSET] */
1193 0x13, 0xf0, 0x01, 0x0f, /* tst r3, #0x01 */
1194 0xfb, 0xd0, /* beq busy */
1195 0x13, 0xf0, 0x14, 0x0f, /* tst r3, #0x14 */
1196 0x01, 0xd1, /* bne exit */
1197 0x01, 0x3a, /* subs r2, r2, #0x01 */
1198 0xf0, 0xd1, /* bne write_half_word */
1200 0x00, 0xbe, /* bkpt #0x00 */
1201 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1204 /* flashloaders/stm32f0.s -- thumb1 only, same sequence as for STM32VL, bank ignored */
1205 static const uint8_t loader_code_stm32f0[] = {
1208 * These two NOPs here are a safety precaution, added by Pekka Nikander
1209 * while debugging the STM32F05x support. They may not be needed, but
1210 * there were strange problems with simpler programs, like a program
1211 * that had just a breakpoint or a program that first moved zero to register r2
1212 * and then had a breakpoint. So, it appears safest to have these two nops.
1214 * Feel free to remove them, if you dare, but then please do test the result
1215 * rigorously. Also, if you remove these, it may be a good idea first to
1216 * #if 0 them out, with a comment when these were taken out, and to remove
1217 * these only a few months later... But YMMV.
1219 0x00, 0x30, // nop /* add r0,#0 */
1220 0x00, 0x30, // nop /* add r0,#0 */
1222 0x0A, 0x4C, // ldr r4, STM32_FLASH_BASE
1223 0x01, 0x25, // mov r5, #1 /* FLASH_CR_PG, FLASH_SR_BUSY */
1224 0x04, 0x26, // mov r6, #4 /* PGERR */
1226 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1227 0x2B, 0x43, // orr r3, r5
1228 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR |= FLASH_CR_PG */
1229 0x03, 0x88, // ldrh r3, [r0] /* r3 = *sram */
1230 0x0B, 0x80, // strh r3, [r1] /* *flash = r3 */
1232 0xE3, 0x68, // ldr r3, [r4, #12] /* FLASH->SR */
1233 0x2B, 0x42, // tst r3, r5 /* FLASH_SR_BUSY */
1234 0xFC, 0xD0, // beq busy
1236 0x33, 0x42, // tst r3, r6 /* PGERR */
1237 0x04, 0xD1, // bne exit
1239 0x02, 0x30, // add r0, r0, #2 /* sram += 2 */
1240 0x02, 0x31, // add r1, r1, #2 /* flash += 2 */
1241 0x01, 0x3A, // sub r2, r2, #0x01 /* count-- */
1242 0x00, 0x2A, // cmp r2, #0
1243 0xF0, 0xD1, // bne write_half_word
1245 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1246 0xAB, 0x43, // bic r3, r5
1247 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR &= ~FLASH_CR_PG */
1248 0x00, 0xBE, // bkpt #0x00
1249 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1252 static const uint8_t loader_code_stm32l[] = {
1254 /* openocd.git/contrib/loaders/flash/stm32lx.S
1255 r0, input, dest addr
1256 r1, input, source addr
1257 r2, input, word count
1258 r3, output, word count
1264 0x51, 0xf8, 0x04, 0xcb,
1265 0x40, 0xf8, 0x04, 0xcb,
1273 static const uint8_t loader_code_stm32f4[] = {
1274 // flashloaders/stm32f4.s
1283 0x14, 0xf0, 0x01, 0x0f,
1285 0x00, 0xf1, 0x04, 0x00,
1286 0x01, 0xf1, 0x04, 0x01,
1287 0xa2, 0xf1, 0x01, 0x02,
1292 0x00, 0x3c, 0x02, 0x40,
1295 const uint8_t* loader_code;
1298 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM) { /* stm32l */
1299 loader_code = loader_code_stm32l;
1300 loader_size = sizeof(loader_code_stm32l);
1301 } else if (sl->core_id == STM32VL_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1302 loader_code = loader_code_stm32vl;
1303 loader_size = sizeof(loader_code_stm32vl);
1304 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4) {
1305 loader_code = loader_code_stm32f4;
1306 loader_size = sizeof(loader_code_stm32f4);
1307 } else if (sl->chip_id == STM32_CHIPID_F0) {
1308 loader_code = loader_code_stm32f0;
1309 loader_size = sizeof(loader_code_stm32f0);
1311 ELOG("unknown coreid, not sure what flash loader to use, aborting!: %x\n", sl->core_id);
1315 memcpy(sl->q_buf, loader_code, loader_size);
1316 stlink_write_mem32(sl, sl->sram_base, loader_size);
1318 *addr = sl->sram_base;
1319 *size = loader_size;
1325 int stlink_fcheck_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1326 /* check the contents of path are at addr */
1329 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1331 if (map_file(&mf, path) == -1)
1334 res = check_file(sl, &mf, addr);
1342 * Verify addr..addr+len is binary identical to base...base+len
1343 * @param sl stlink context
1344 * @param address stm device address
1345 * @param data host side buffer to check against
1346 * @param length how much
1347 * @return 0 for success, -ve for failure
1349 int stlink_verify_write_flash(stlink_t *sl, stm32_addr_t address, uint8_t *data, unsigned length) {
1351 size_t cmp_size = (sl->flash_pgsz > 0x1800)? 0x1800:sl->flash_pgsz;
1352 ILOG("Starting verification of write complete\n");
1353 for (off = 0; off < length; off += cmp_size) {
1354 size_t aligned_size;
1356 /* adjust last page size */
1357 if ((off + cmp_size) > length)
1358 cmp_size = length - off;
1360 aligned_size = cmp_size;
1361 if (aligned_size & (4 - 1))
1362 aligned_size = (cmp_size + 4) & ~(4 - 1);
1364 stlink_read_mem32(sl, address + off, aligned_size);
1366 if (memcmp(sl->q_buf, data + off, cmp_size)) {
1367 ELOG("Verification of flash failed at offset: %zd\n", off);
1371 ILOG("Flash written and verified! jolly good!\n");
1376 int stm32l1_write_half_pages(stlink_t *sl, stm32_addr_t addr, uint8_t* base, unsigned num_half_pages)
1382 ILOG("Starting Half page flash write for STM32L core id\n");
1383 /* flash loader initialization */
1384 if (init_flash_loader(sl, &fl) == -1) {
1385 WLOG("init_flash_loader() == -1\n");
1388 /* Unlock already done */
1389 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1390 val |= (1 << FLASH_L1_FPRG);
1391 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1393 val |= (1 << FLASH_L1_PROG);
1394 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1395 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0) {}
1397 #define L1_WRITE_BLOCK_SIZE 0x80
1398 for (count = 0; count < num_half_pages; count ++) {
1399 if (run_flash_loader(sl, &fl, addr + count * L1_WRITE_BLOCK_SIZE, base + count * L1_WRITE_BLOCK_SIZE, L1_WRITE_BLOCK_SIZE) == -1) {
1400 WLOG("l1_run_flash_loader(%#zx) failed! == -1\n", addr + count * L1_WRITE_BLOCK_SIZE);
1401 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1402 val &= ~((1 << FLASH_L1_FPRG) |(1 << FLASH_L1_PROG));
1403 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1406 /* wait for sr.busy to be cleared */
1407 if (sl->verbose >= 1) {
1408 /* show progress. writing procedure is slow
1409 and previous errors are misleading */
1410 fprintf(stdout, "\r%3u/%u halfpages written", count + 1, num_half_pages);
1413 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0) {
1416 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1417 val &= ~(1 << FLASH_L1_PROG);
1418 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1419 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1420 val &= ~(1 << FLASH_L1_FPRG);
1421 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1426 int stlink_write_flash(stlink_t *sl, stm32_addr_t addr, uint8_t* base, uint32_t len) {
1429 ILOG("Attempting to write %d (%#x) bytes to stm32 address: %u (%#x)\n",
1430 len, len, addr, addr);
1431 /* check addr range is inside the flash */
1432 stlink_calculate_pagesize(sl, addr);
1433 if (addr < sl->flash_base) {
1434 ELOG("addr too low %#x < %#x\n", addr, sl->flash_base);
1436 } else if ((addr + len) < addr) {
1437 ELOG("addr overruns\n");
1439 } else if ((addr + len) > (sl->flash_base + sl->flash_size)) {
1440 ELOG("addr too high\n");
1442 } else if (addr & 1) {
1443 ELOG("unaligned addr 0x%x\n", addr);
1445 } else if (len & 1) {
1446 WLOG("unaligned len 0x%x -- padding with zero\n", len);
1448 } else if (addr & (sl->flash_pgsz - 1)) {
1449 ELOG("addr not a multiple of pagesize, not supported\n");
1453 // Make sure we've loaded the context with the chip details
1455 /* erase each page */
1457 for (off = 0; off < len; off += stlink_calculate_pagesize(sl, addr + off)) {
1458 /* addr must be an addr inside the page */
1459 if (stlink_erase_flash_page(sl, addr + off) == -1) {
1460 ELOG("Failed to erase_flash_page(%#zx) == -1\n", addr + off);
1463 fprintf(stdout,"\rFlash page at addr: 0x%08lx erased",
1464 (unsigned long)addr + off);
1468 fprintf(stdout,"\n");
1469 ILOG("Finished erasing %d pages of %d (%#x) bytes\n",
1470 page_count, sl->flash_pgsz, sl->flash_pgsz);
1472 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4)) {
1473 /* todo: check write operation */
1475 ILOG("Starting Flash write for F2/F4\n");
1476 /* flash loader initialization */
1477 if (init_flash_loader(sl, &fl) == -1) {
1478 ELOG("init_flash_loader() == -1\n");
1482 /* First unlock the cr */
1483 unlock_flash_if(sl);
1485 /* TODO: Check that Voltage range is 2.7 - 3.6 V */
1486 /* set parallelisim to 32 bit*/
1487 write_flash_cr_psiz(sl, 2);
1489 /* set programming mode */
1490 set_flash_cr_pg(sl);
1492 for(off = 0; off < len;) {
1493 size_t size = len - off > 0x8000 ? 0x8000 : len - off;
1495 printf("size: %zu\n", size);
1497 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1498 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1506 #define PROGRESS_CHUNK_SIZE 0x1000
1507 /* write a word in program memory */
1508 for (off = 0; off < len; off += sizeof(uint32_t)) {
1510 if (sl->verbose >= 1) {
1511 if ((off & (PROGRESS_CHUNK_SIZE - 1)) == 0) {
1512 /* show progress. writing procedure is slow
1513 and previous errors are misleading */
1514 const uint32_t pgnum = (off / PROGRESS_CHUNK_SIZE)+1;
1515 const uint32_t pgcount = len / PROGRESS_CHUNK_SIZE +1;
1516 fprintf(stdout, "Writing %ukB chunk %u out of %u\n",
1517 PROGRESS_CHUNK_SIZE/1024, pgnum, pgcount);
1521 write_uint32((unsigned char*) &data, *(uint32_t*) (base + off));
1522 stlink_write_debug32(sl, addr + off, data);
1524 /* wait for sr.busy to be cleared */
1525 wait_flash_busy(sl);
1532 #if 0 /* todo: debug mode */
1533 fprintf(stdout, "Final CR:0x%x\n", read_flash_cr(sl));
1538 else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM) {
1539 /* use fast word write. todo: half page. */
1542 #if 0 /* todo: check write operation */
1544 uint32_t nwrites = sl->flash_pgsz;
1548 #endif /* todo: check write operation */
1550 /* disable pecr protection */
1551 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x89abcdef);
1552 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x02030405);
1554 /* check pecr.pelock is cleared */
1555 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1556 if (val & (1 << 0)) {
1557 fprintf(stderr, "pecr.pelock not clear\n");
1561 /* unlock program memory */
1562 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x8c9daebf);
1563 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x13141516);
1565 /* check pecr.prglock is cleared */
1566 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1567 if (val & (1 << 1)) {
1568 fprintf(stderr, "pecr.prglock not clear\n");
1572 if (len > L1_WRITE_BLOCK_SIZE) {
1573 if (stm32l1_write_half_pages(sl, addr, base, len/L1_WRITE_BLOCK_SIZE) == -1) {
1574 /* This may happen on a blank device! */
1575 WLOG("\nwrite_half_pages failed == -1\n");
1577 off = (len /L1_WRITE_BLOCK_SIZE)*L1_WRITE_BLOCK_SIZE;
1581 /* write remainingword in program memory */
1582 for ( ; off < len; off += sizeof(uint32_t)) {
1585 fprintf(stdout, "\r");
1587 if ((off % sl->flash_pgsz) > (sl->flash_pgsz -5)) {
1588 fprintf(stdout, "\r%3zd/%3zd pages written",
1589 off/sl->flash_pgsz, len/sl->flash_pgsz);
1593 write_uint32((unsigned char*) &data, *(uint32_t*) (base + off));
1594 stlink_write_debug32(sl, addr + off, data);
1596 /* wait for sr.busy to be cleared */
1597 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1600 #if 0 /* todo: check redo write operation */
1602 /* check written bytes. todo: should be on a per page basis. */
1603 data = stlink_read_debug32(sl, addr + off);
1604 if (data == *(uint32_t*)(base + off)) {
1605 /* re erase the page and redo the write operation */
1609 /* fail if successive write count too low */
1610 if (nwrites < sl->flash_pgsz) {
1611 fprintf(stderr, "writes operation failure count too high, aborting\n");
1617 /* assume addr aligned */
1618 if (off % sl->flash_pgsz) off &= ~(sl->flash_pgsz - 1);
1621 fprintf(stderr, "invalid write @0x%x(0x%x): 0x%x != 0x%x. retrying.\n",
1622 page, addr + off, read_uint32(base + off, 0), read_uint32(sl->q_buf, 0));
1624 /* reset lock bits */
1625 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
1626 | (1 << 0) | (1 << 1) | (1 << 2);
1627 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1629 stlink_erase_flash_page(sl, page);
1634 /* increment successive writes counter */
1637 #endif /* todo: check redo write operation */
1639 fprintf(stdout, "\n");
1640 /* reset lock bits */
1641 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
1642 | (1 << 0) | (1 << 1) | (1 << 2);
1643 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1644 } else if (sl->core_id == STM32VL_CORE_ID || sl->core_id == STM32F0_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1645 ILOG("Starting Flash write for VL/F0 core id\n");
1646 /* flash loader initialization */
1647 if (init_flash_loader(sl, &fl) == -1) {
1648 ELOG("init_flash_loader() == -1\n");
1652 int write_block_count = 0;
1653 for (off = 0; off < len; off += sl->flash_pgsz) {
1654 /* adjust last write size */
1655 size_t size = sl->flash_pgsz;
1656 if ((off + sl->flash_pgsz) > len) size = len - off;
1658 /* unlock and set programming mode */
1659 unlock_flash_if(sl);
1660 set_flash_cr_pg(sl);
1661 //DLOG("Finished setting flash cr pg, running loader!\n");
1662 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1663 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1667 if (sl->verbose >= 1) {
1668 /* show progress. writing procedure is slow
1669 and previous errors are misleading */
1670 fprintf(stdout, "\r%3u/%lu pages written", write_block_count++, (unsigned long)len/sl->flash_pgsz);
1674 fprintf(stdout, "\n");
1676 ELOG("unknown coreid, not sure how to write: %x\n", sl->core_id);
1680 return stlink_verify_write_flash(sl, addr, base, len);
1684 * Write the given binary file into flash at address "addr"
1686 * @param path readable file path, should be binary image
1687 * @param addr where to start writing
1688 * @return 0 on success, -ve on failure.
1690 int stlink_fwrite_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1691 /* write the file in flash at addr */
1693 unsigned int num_empty = 0, index;
1694 unsigned char erased_pattern =(sl->chip_id == STM32_CHIPID_L1_MEDIUM)?0:0xff;
1695 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1696 if (map_file(&mf, path) == -1) {
1697 ELOG("map_file() == -1\n");
1700 for(index = 0; index < mf.len; index ++) {
1701 if (mf.base[index] == erased_pattern)
1706 if(num_empty != 0) {
1707 ILOG("Ignoring %d bytes of Zeros at end of file\n",num_empty);
1708 mf.len -= num_empty;
1710 err = stlink_write_flash(sl, addr, mf.base, mf.len);
1712 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
1713 /* Set PC to the reset routine*/
1714 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
1720 int run_flash_loader(stlink_t *sl, flash_loader_t* fl, stm32_addr_t target, const uint8_t* buf, size_t size) {
1724 DLOG("Running flash loader, write address:%#x, size: %zd\n", target, size);
1725 // FIXME This can never return -1
1726 if (write_buffer_to_sram(sl, fl, buf, size) == -1) {
1728 ELOG("write_buffer_to_sram() == -1\n");
1732 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM) {
1734 size_t count = size / sizeof(uint32_t);
1735 if (size % sizeof(uint32_t)) ++count;
1738 stlink_write_reg(sl, target, 0); /* target */
1739 stlink_write_reg(sl, fl->buf_addr, 1); /* source */
1740 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1741 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1743 } else if (sl->core_id == STM32VL_CORE_ID || sl->core_id == STM32F0_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1745 size_t count = size / sizeof(uint16_t);
1746 if (size % sizeof(uint16_t)) ++count;
1749 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1750 stlink_write_reg(sl, target, 1); /* target */
1751 stlink_write_reg(sl, count, 2); /* count (16 bits half words) */
1752 stlink_write_reg(sl, 0, 3); /* flash bank 0 (input) */
1753 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1755 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4) {
1757 size_t count = size / sizeof(uint32_t);
1758 if (size % sizeof(uint32_t)) ++count;
1761 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1762 stlink_write_reg(sl, target, 1); /* target */
1763 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1764 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1767 fprintf(stderr, "unknown coreid 0x%x, don't know what flash loader to use\n", sl->core_id);
1774 #define WAIT_ROUNDS 1000
1775 /* wait until done (reaches breakpoint) */
1776 for (i = 0; i < WAIT_ROUNDS; i++) {
1777 if (is_core_halted(sl))
1781 if (i >= WAIT_ROUNDS) {
1782 fatal("flash loader run error\n");
1786 /* check written byte count */
1787 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM) {
1789 size_t count = size / sizeof(uint32_t);
1790 if (size % sizeof(uint32_t)) ++count;
1792 stlink_read_reg(sl, 3, &rr);
1793 if (rr.r[3] != count) {
1794 fprintf(stderr, "write error, count == %u\n", rr.r[3]);
1798 } else if (sl->core_id == STM32VL_CORE_ID || sl->core_id == STM32F0_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1800 stlink_read_reg(sl, 2, &rr);
1802 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1806 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4) {
1808 stlink_read_reg(sl, 2, &rr);
1810 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1816 fprintf(stderr, "unknown coreid 0x%x, can't check written byte count\n", sl->core_id);