10 #include <sys/types.h>
14 #include "stlink-common.h"
15 #include "uglylogging.h"
21 /* todo: stm32l15xxx flash memory, pm0062 manual */
23 /* stm32f FPEC flash controller interface, pm0063 manual */
24 // TODO - all of this needs to be abstracted out....
25 // STM32F05x is identical, based on RM0091 (DM00031936, Doc ID 018940 Rev 2, August 2012)
26 #define FLASH_REGS_ADDR 0x40022000
27 #define FLASH_REGS_SIZE 0x28
29 #define FLASH_ACR (FLASH_REGS_ADDR + 0x00)
30 #define FLASH_KEYR (FLASH_REGS_ADDR + 0x04)
31 #define FLASH_SR (FLASH_REGS_ADDR + 0x0c)
32 #define FLASH_CR (FLASH_REGS_ADDR + 0x10)
33 #define FLASH_AR (FLASH_REGS_ADDR + 0x14)
34 #define FLASH_OBR (FLASH_REGS_ADDR + 0x1c)
35 #define FLASH_WRPR (FLASH_REGS_ADDR + 0x20)
37 // For STM32F05x, the RDPTR_KEY may be wrong, but as it is not used anywhere...
38 #define FLASH_RDPTR_KEY 0x00a5
39 #define FLASH_KEY1 0x45670123
40 #define FLASH_KEY2 0xcdef89ab
42 #define FLASH_SR_BSY 0
43 #define FLASH_SR_EOP 5
46 #define FLASH_CR_PER 1
47 #define FLASH_CR_MER 2
48 #define FLASH_CR_STRT 6
49 #define FLASH_CR_LOCK 7
52 //32L = 32F1 same CoreID as 32F4!
53 #define STM32L_FLASH_REGS_ADDR ((uint32_t)0x40023c00)
54 #define STM32L_FLASH_ACR (STM32L_FLASH_REGS_ADDR + 0x00)
55 #define STM32L_FLASH_PECR (STM32L_FLASH_REGS_ADDR + 0x04)
56 #define STM32L_FLASH_PDKEYR (STM32L_FLASH_REGS_ADDR + 0x08)
57 #define STM32L_FLASH_PEKEYR (STM32L_FLASH_REGS_ADDR + 0x0c)
58 #define STM32L_FLASH_PRGKEYR (STM32L_FLASH_REGS_ADDR + 0x10)
59 #define STM32L_FLASH_OPTKEYR (STM32L_FLASH_REGS_ADDR + 0x14)
60 #define STM32L_FLASH_SR (STM32L_FLASH_REGS_ADDR + 0x18)
61 #define STM32L_FLASH_OBR (STM32L_FLASH_REGS_ADDR + 0x1c)
62 #define STM32L_FLASH_WRPR (STM32L_FLASH_REGS_ADDR + 0x20)
63 #define FLASH_L1_FPRG 10
64 #define FLASH_L1_PROG 3
66 //STM32L0x flash register base and offsets
68 // RM0090 - DM00031020.pdf
69 #define STM32L0_FLASH_REGS_ADDR ((uint32_t)0x40022000)
70 #define FLASH_ACR_OFF ((uint32_t) 0x00)
71 #define FLASH_PECR_OFF ((uint32_t) 0x04)
72 #define FLASH_PDKEYR_OFF ((uint32_t) 0x08)
73 #define FLASH_PEKEYR_OFF ((uint32_t) 0x0c)
74 #define FLASH_PRGKEYR_OFF ((uint32_t) 0x10)
75 #define FLASH_OPTKEYR_OFF ((uint32_t) 0x14)
76 #define FLASH_SR_OFF ((uint32_t) 0x18)
77 #define FLASH_OBR_OFF ((uint32_t) 0x1c)
78 #define FLASH_WRPR_OFF ((uint32_t) 0x20)
83 #define FLASH_F4_REGS_ADDR ((uint32_t)0x40023c00)
84 #define FLASH_F4_KEYR (FLASH_F4_REGS_ADDR + 0x04)
85 #define FLASH_F4_OPT_KEYR (FLASH_F4_REGS_ADDR + 0x08)
86 #define FLASH_F4_SR (FLASH_F4_REGS_ADDR + 0x0c)
87 #define FLASH_F4_CR (FLASH_F4_REGS_ADDR + 0x10)
88 #define FLASH_F4_OPT_CR (FLASH_F4_REGS_ADDR + 0x14)
89 #define FLASH_F4_CR_STRT 16
90 #define FLASH_F4_CR_LOCK 31
91 #define FLASH_F4_CR_SER 1
92 #define FLASH_F4_CR_SNB 3
93 #define FLASH_F4_CR_SNB_MASK 0xf8
94 #define FLASH_F4_SR_BSY 16
96 #define L1_WRITE_BLOCK_SIZE 0x80
97 #define L0_WRITE_BLOCK_SIZE 0x40
99 void write_uint32(unsigned char* buf, uint32_t ui) {
100 if (!is_bigendian()) { // le -> le (don't swap)
101 buf[0] = ((unsigned char*) &ui)[0];
102 buf[1] = ((unsigned char*) &ui)[1];
103 buf[2] = ((unsigned char*) &ui)[2];
104 buf[3] = ((unsigned char*) &ui)[3];
106 buf[0] = ((unsigned char*) &ui)[3];
107 buf[1] = ((unsigned char*) &ui)[2];
108 buf[2] = ((unsigned char*) &ui)[1];
109 buf[3] = ((unsigned char*) &ui)[0];
113 void write_uint16(unsigned char* buf, uint16_t ui) {
114 if (!is_bigendian()) { // le -> le (don't swap)
115 buf[0] = ((unsigned char*) &ui)[0];
116 buf[1] = ((unsigned char*) &ui)[1];
118 buf[0] = ((unsigned char*) &ui)[1];
119 buf[1] = ((unsigned char*) &ui)[0];
123 uint32_t read_uint32(const unsigned char *c, const int pt) {
125 char *p = (char *) &ui;
127 if (!is_bigendian()) { // le -> le (don't swap)
141 static uint32_t __attribute__((unused)) read_flash_rdp(stlink_t *sl) {
142 return stlink_read_debug32(sl, FLASH_WRPR) & 0xff;
145 static inline uint32_t read_flash_wrpr(stlink_t *sl) {
146 return stlink_read_debug32(sl, FLASH_WRPR);
149 static inline uint32_t read_flash_obr(stlink_t *sl) {
150 return stlink_read_debug32(sl, FLASH_OBR);
153 static inline uint32_t read_flash_cr(stlink_t *sl) {
155 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||(sl->chip_id == STM32_CHIPID_F4_DE) ||
156 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
157 res = stlink_read_debug32(sl, FLASH_F4_CR);
159 res = stlink_read_debug32(sl, FLASH_CR);
161 fprintf(stdout, "CR:0x%x\n", res);
166 static inline unsigned int is_flash_locked(stlink_t *sl) {
167 /* return non zero for true */
168 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
169 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE) )
170 return read_flash_cr(sl) & (1 << FLASH_F4_CR_LOCK);
172 return read_flash_cr(sl) & (1 << FLASH_CR_LOCK);
175 static void unlock_flash(stlink_t *sl) {
176 /* the unlock sequence consists of 2 write cycles where
177 2 key values are written to the FLASH_KEYR register.
178 an invalid sequence results in a definitive lock of
179 the FPEC block until next reset.
181 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
182 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
183 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY1);
184 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY2);
186 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY1);
187 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY2);
192 static int unlock_flash_if(stlink_t *sl) {
193 /* unlock flash if already locked */
195 if (is_flash_locked(sl)) {
197 if (is_flash_locked(sl)) {
198 WLOG("Failed to unlock flash!\n");
202 DLOG("Successfully unlocked flash\n");
206 static void lock_flash(stlink_t *sl) {
207 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
208 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
209 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_F4_CR_LOCK);
210 stlink_write_debug32(sl, FLASH_F4_CR, n);
212 /* write to 1 only. reset by hw at unlock sequence */
213 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_CR_LOCK);
214 stlink_write_debug32(sl, FLASH_CR, n);
219 static void set_flash_cr_pg(stlink_t *sl) {
220 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
221 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
222 uint32_t x = read_flash_cr(sl);
223 x |= (1 << FLASH_CR_PG);
224 stlink_write_debug32(sl, FLASH_F4_CR, x);
226 const uint32_t n = 1 << FLASH_CR_PG;
227 stlink_write_debug32(sl, FLASH_CR, n);
231 static void __attribute__((unused)) clear_flash_cr_pg(stlink_t *sl) {
232 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PG);
233 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
234 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
235 stlink_write_debug32(sl, FLASH_F4_CR, n);
237 stlink_write_debug32(sl, FLASH_CR, n);
240 static void set_flash_cr_per(stlink_t *sl) {
241 const uint32_t n = 1 << FLASH_CR_PER;
242 stlink_write_debug32(sl, FLASH_CR, n);
245 static void __attribute__((unused)) clear_flash_cr_per(stlink_t *sl) {
246 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PER);
247 stlink_write_debug32(sl, FLASH_CR, n);
250 static void set_flash_cr_mer(stlink_t *sl) {
251 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
252 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
253 stlink_write_debug32(sl, FLASH_F4_CR,
254 stlink_read_debug32(sl, FLASH_F4_CR) | (1 << FLASH_CR_MER));
256 stlink_write_debug32(sl, FLASH_CR,
257 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_MER));
260 static void __attribute__((unused)) clear_flash_cr_mer(stlink_t *sl) {
261 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
262 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
263 stlink_write_debug32(sl, FLASH_F4_CR,
264 stlink_read_debug32(sl, FLASH_F4_CR) & ~(1 << FLASH_CR_MER));
266 stlink_write_debug32(sl, FLASH_CR,
267 stlink_read_debug32(sl, FLASH_CR) & ~(1 << FLASH_CR_MER));
270 static void set_flash_cr_strt(stlink_t *sl) {
271 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
272 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
273 uint32_t x = read_flash_cr(sl);
274 x |= (1 << FLASH_F4_CR_STRT);
275 stlink_write_debug32(sl, FLASH_F4_CR, x);
277 stlink_write_debug32(sl, FLASH_CR,
278 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_STRT) );
282 static inline uint32_t read_flash_acr(stlink_t *sl) {
283 return stlink_read_debug32(sl, FLASH_ACR);
286 static inline uint32_t read_flash_sr(stlink_t *sl) {
288 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
289 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
290 res = stlink_read_debug32(sl, FLASH_F4_SR);
292 res = stlink_read_debug32(sl, FLASH_SR);
293 //fprintf(stdout, "SR:0x%x\n", *(uint32_t*) sl->q_buf);
297 static inline unsigned int is_flash_busy(stlink_t *sl) {
298 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
299 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
300 return read_flash_sr(sl) & (1 << FLASH_F4_SR_BSY);
302 return read_flash_sr(sl) & (1 << FLASH_SR_BSY);
305 static void wait_flash_busy(stlink_t *sl) {
306 /* todo: add some delays here */
307 while (is_flash_busy(sl))
311 static void wait_flash_busy_progress(stlink_t *sl) {
313 fprintf(stdout, "Mass erasing");
315 while (is_flash_busy(sl)) {
319 fprintf(stdout, ".");
323 fprintf(stdout, "\n");
326 static inline unsigned int is_flash_eop(stlink_t *sl) {
327 return read_flash_sr(sl) & (1 << FLASH_SR_EOP);
330 static void __attribute__((unused)) clear_flash_sr_eop(stlink_t *sl) {
331 const uint32_t n = read_flash_sr(sl) & ~(1 << FLASH_SR_EOP);
332 stlink_write_debug32(sl, FLASH_SR, n);
335 static void __attribute__((unused)) wait_flash_eop(stlink_t *sl) {
336 /* todo: add some delays here */
337 while (is_flash_eop(sl) == 0)
341 static inline void write_flash_ar(stlink_t *sl, uint32_t n) {
342 stlink_write_debug32(sl, FLASH_AR, n);
345 static inline void write_flash_cr_psiz(stlink_t *sl, uint32_t n) {
346 uint32_t x = read_flash_cr(sl);
350 fprintf(stdout, "PSIZ:0x%x 0x%x\n", x, n);
352 stlink_write_debug32(sl, FLASH_F4_CR, x);
356 static inline void write_flash_cr_snb(stlink_t *sl, uint32_t n) {
357 uint32_t x = read_flash_cr(sl);
358 x &= ~FLASH_F4_CR_SNB_MASK;
359 x |= (n << FLASH_F4_CR_SNB);
360 x |= (1 << FLASH_F4_CR_SER);
362 fprintf(stdout, "SNB:0x%x 0x%x\n", x, n);
364 stlink_write_debug32(sl, FLASH_F4_CR, x);
367 // Delegates to the backends...
369 void stlink_close(stlink_t *sl) {
370 DLOG("*** stlink_close ***\n");
371 sl->backend->close(sl);
375 void stlink_exit_debug_mode(stlink_t *sl) {
376 DLOG("*** stlink_exit_debug_mode ***\n");
377 stlink_write_debug32(sl, DHCSR, DBGKEY);
378 sl->backend->exit_debug_mode(sl);
381 void stlink_enter_swd_mode(stlink_t *sl) {
382 DLOG("*** stlink_enter_swd_mode ***\n");
383 sl->backend->enter_swd_mode(sl);
386 // Force the core into the debug mode -> halted state.
387 void stlink_force_debug(stlink_t *sl) {
388 DLOG("*** stlink_force_debug_mode ***\n");
389 sl->backend->force_debug(sl);
392 void stlink_exit_dfu_mode(stlink_t *sl) {
393 DLOG("*** stlink_exit_dfu_mode ***\n");
394 sl->backend->exit_dfu_mode(sl);
397 uint32_t stlink_core_id(stlink_t *sl) {
398 DLOG("*** stlink_core_id ***\n");
399 sl->backend->core_id(sl);
401 stlink_print_data(sl);
402 DLOG("core_id = 0x%08x\n", sl->core_id);
406 uint32_t stlink_chip_id(stlink_t *sl) {
407 uint32_t chip_id = stlink_read_debug32(sl, 0xE0042000);
408 if (chip_id == 0) chip_id = stlink_read_debug32(sl, 0x40015800); //Try Corex M0 DBGMCU_IDCODE register address
413 * Cortex m3 tech ref manual, CPUID register description
414 * @param sl stlink context
415 * @param cpuid pointer to the result object
417 void stlink_cpu_id(stlink_t *sl, cortex_m3_cpuid_t *cpuid) {
418 uint32_t raw = stlink_read_debug32(sl, CM3_REG_CPUID);
419 cpuid->implementer_id = (raw >> 24) & 0x7f;
420 cpuid->variant = (raw >> 20) & 0xf;
421 cpuid->part = (raw >> 4) & 0xfff;
422 cpuid->revision = raw & 0xf;
427 * reads and decodes the flash parameters, as dynamically as possible
429 * @return 0 for success, or -1 for unsupported core type.
431 int stlink_load_device_params(stlink_t *sl) {
432 ILOG("Loading device parameters....\n");
433 const chip_params_t *params = NULL;
434 sl->core_id = stlink_core_id(sl);
435 uint32_t chip_id = stlink_chip_id(sl);
438 sl->chip_id = chip_id & 0xfff;
439 /* Fix chip_id for F4 rev A errata , Read CPU ID, as CoreID is the same for F2/F4*/
440 if (sl->chip_id == 0x411) {
441 uint32_t cpuid = stlink_read_debug32(sl, 0xE000ED00);
442 if ((cpuid & 0xfff0) == 0xc240)
446 for (size_t i = 0; i < sizeof(devices) / sizeof(devices[0]); i++) {
447 if(devices[i].chip_id == sl->chip_id) {
448 params = &devices[i];
452 if (params == NULL) {
453 WLOG("unknown chip id! %#x\n", chip_id);
457 // These are fixed...
458 sl->flash_base = STM32_FLASH_BASE;
459 sl->sram_base = STM32_SRAM_BASE;
460 flash_size = stlink_read_debug32(sl,(params->flash_size_reg) & ~3);
461 if (params->flash_size_reg & 2)
462 flash_size = flash_size >>16;
463 flash_size = flash_size & 0xffff;
465 if ((sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS) && ( flash_size == 0 )) {
466 sl->flash_size = 128 * 1024;
467 } else if (sl->chip_id == STM32_CHIPID_L1_CAT2) {
468 sl->flash_size = (flash_size & 0xff) * 1024;
469 } else if ((sl->chip_id & 0xFFF) == STM32_CHIPID_L1_HIGH) {
470 // 0 is 384k and 1 is 256k
471 if ( flash_size == 0 ) {
472 sl->flash_size = 384 * 1024;
474 sl->flash_size = 256 * 1024;
477 sl->flash_size = flash_size * 1024;
479 sl->flash_pgsz = params->flash_pagesize;
480 sl->sram_size = params->sram_size;
481 sl->sys_base = params->bootrom_base;
482 sl->sys_size = params->bootrom_size;
484 //medium and low devices have the same chipid. ram size depends on flash size.
485 //STM32F100xx datasheet Doc ID 16455 Table 2
486 if(sl->chip_id == STM32_CHIPID_F1_VL_MEDIUM_LOW && sl->flash_size < 64 * 1024){
487 sl->sram_size = 0x1000;
490 ILOG("Device connected is: %s, id %#x\n", params->description, chip_id);
491 // TODO make note of variable page size here.....
492 ILOG("SRAM size: %#x bytes (%d KiB), Flash: %#x bytes (%d KiB) in pages of %zd bytes\n",
493 sl->sram_size, sl->sram_size / 1024, sl->flash_size, sl->flash_size / 1024,
498 void stlink_reset(stlink_t *sl) {
499 DLOG("*** stlink_reset ***\n");
500 sl->backend->reset(sl);
503 void stlink_jtag_reset(stlink_t *sl, int value) {
504 DLOG("*** stlink_jtag_reset ***\n");
505 sl->backend->jtag_reset(sl, value);
508 void stlink_run(stlink_t *sl) {
509 DLOG("*** stlink_run ***\n");
510 sl->backend->run(sl);
513 void stlink_status(stlink_t *sl) {
514 DLOG("*** stlink_status ***\n");
515 sl->backend->status(sl);
516 stlink_core_stat(sl);
520 * Decode the version bits, originally from -sg, verified with usb
521 * @param sl stlink context, assumed to contain valid data in the buffer
522 * @param slv output parsed version object
524 void _parse_version(stlink_t *sl, stlink_version_t *slv) {
525 uint32_t b0 = sl->q_buf[0]; //lsb
526 uint32_t b1 = sl->q_buf[1];
527 uint32_t b2 = sl->q_buf[2];
528 uint32_t b3 = sl->q_buf[3];
529 uint32_t b4 = sl->q_buf[4];
530 uint32_t b5 = sl->q_buf[5]; //msb
532 // b0 b1 || b2 b3 | b4 b5
533 // 4b | 6b | 6b || 2B | 2B
534 // stlink_v | jtag_v | swim_v || st_vid | stlink_pid
536 slv->stlink_v = (b0 & 0xf0) >> 4;
537 slv->jtag_v = ((b0 & 0x0f) << 2) | ((b1 & 0xc0) >> 6);
538 slv->swim_v = b1 & 0x3f;
539 slv->st_vid = (b3 << 8) | b2;
540 slv->stlink_pid = (b5 << 8) | b4;
544 void stlink_version(stlink_t *sl) {
545 DLOG("*** looking up stlink version\n");
546 sl->backend->version(sl);
547 _parse_version(sl, &sl->version);
549 DLOG("st vid = 0x%04x (expect 0x%04x)\n", sl->version.st_vid, USB_ST_VID);
550 DLOG("stlink pid = 0x%04x\n", sl->version.stlink_pid);
551 DLOG("stlink version = 0x%x\n", sl->version.stlink_v);
552 DLOG("jtag version = 0x%x\n", sl->version.jtag_v);
553 DLOG("swim version = 0x%x\n", sl->version.swim_v);
554 if (sl->version.jtag_v == 0) {
555 DLOG(" notice: the firmware doesn't support a jtag/swd interface\n");
557 if (sl->version.swim_v == 0) {
558 DLOG(" notice: the firmware doesn't support a swim interface\n");
562 int stlink_target_voltage(stlink_t *sl) {
564 DLOG("*** reading target voltage\n");
565 if (sl->backend->target_voltage != NULL) {
566 voltage = sl->backend->target_voltage(sl);
568 DLOG("target voltage = %ldmV\n", voltage);
570 DLOG("error reading target voltage\n");
573 DLOG("reading voltage not supported by backend\n");
578 uint32_t stlink_read_debug32(stlink_t *sl, uint32_t addr) {
579 uint32_t data = sl->backend->read_debug32(sl, addr);
580 DLOG("*** stlink_read_debug32 %x is %#x\n", data, addr);
584 void stlink_write_debug32(stlink_t *sl, uint32_t addr, uint32_t data) {
585 DLOG("*** stlink_write_debug32 %x to %#x\n", data, addr);
586 sl->backend->write_debug32(sl, addr, data);
589 void stlink_write_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
590 DLOG("*** stlink_write_mem32 %u bytes to %#x\n", len, addr);
592 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n", len % 4);
595 sl->backend->write_mem32(sl, addr, len);
598 void stlink_read_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
599 DLOG("*** stlink_read_mem32 ***\n");
600 if (len % 4 != 0) { // !!! never ever: fw gives just wrong values
601 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n",
605 sl->backend->read_mem32(sl, addr, len);
608 void stlink_write_mem8(stlink_t *sl, uint32_t addr, uint16_t len) {
609 DLOG("*** stlink_write_mem8 ***\n");
610 if (len > 0x40 ) { // !!! never ever: Writing more then 0x40 bytes gives unexpected behaviour
611 fprintf(stderr, "Error: Data length > 64: +%d byte.\n",
615 sl->backend->write_mem8(sl, addr, len);
618 void stlink_read_all_regs(stlink_t *sl, reg *regp) {
619 DLOG("*** stlink_read_all_regs ***\n");
620 sl->backend->read_all_regs(sl, regp);
623 void stlink_read_all_unsupported_regs(stlink_t *sl, reg *regp) {
624 DLOG("*** stlink_read_all_unsupported_regs ***\n");
625 sl->backend->read_all_unsupported_regs(sl, regp);
628 void stlink_write_reg(stlink_t *sl, uint32_t reg, int idx) {
629 DLOG("*** stlink_write_reg\n");
630 sl->backend->write_reg(sl, reg, idx);
633 void stlink_read_reg(stlink_t *sl, int r_idx, reg *regp) {
634 DLOG("*** stlink_read_reg\n");
635 DLOG(" (%d) ***\n", r_idx);
637 if (r_idx > 20 || r_idx < 0) {
638 fprintf(stderr, "Error: register index must be in [0..20]\n");
642 sl->backend->read_reg(sl, r_idx, regp);
645 void stlink_read_unsupported_reg(stlink_t *sl, int r_idx, reg *regp) {
648 DLOG("*** stlink_read_unsupported_reg\n");
649 DLOG(" (%d) ***\n", r_idx);
651 /* Convert to values used by DCRSR */
652 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
654 } else if (r_idx == 0x40) { /* FPSCR */
656 } else if (r_idx >= 0x20 && r_idx < 0x40) {
657 r_convert = 0x40 + (r_idx - 0x20);
659 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
663 sl->backend->read_unsupported_reg(sl, r_convert, regp);
666 void stlink_write_unsupported_reg(stlink_t *sl, uint32_t val, int r_idx, reg *regp) {
669 DLOG("*** stlink_write_unsupported_reg\n");
670 DLOG(" (%d) ***\n", r_idx);
672 /* Convert to values used by DCRSR */
673 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
674 r_convert = r_idx; /* The backend function handles this */
675 } else if (r_idx == 0x40) { /* FPSCR */
677 } else if (r_idx >= 0x20 && r_idx < 0x40) {
678 r_convert = 0x40 + (r_idx - 0x20);
680 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
684 sl->backend->write_unsupported_reg(sl, val, r_convert, regp);
687 unsigned int is_core_halted(stlink_t *sl) {
688 /* return non zero if core is halted */
690 return sl->q_buf[0] == STLINK_CORE_HALTED;
693 void stlink_step(stlink_t *sl) {
694 DLOG("*** stlink_step ***\n");
695 sl->backend->step(sl);
698 int stlink_current_mode(stlink_t *sl) {
699 int mode = sl->backend->current_mode(sl);
701 case STLINK_DEV_DFU_MODE:
702 DLOG("stlink current mode: dfu\n");
704 case STLINK_DEV_DEBUG_MODE:
705 DLOG("stlink current mode: debug (jtag or swd)\n");
707 case STLINK_DEV_MASS_MODE:
708 DLOG("stlink current mode: mass\n");
711 DLOG("stlink mode: unknown!\n");
712 return STLINK_DEV_UNKNOWN_MODE;
718 // End of delegates.... Common code below here...
721 // http://www.ibm.com/developerworks/aix/library/au-endianc/index.html
723 // #define is_bigendian() ( (*(char*)&i) == 0 )
725 inline unsigned int is_bigendian(void) {
726 static volatile const unsigned int i = 1;
727 return *(volatile const char*) &i == 0;
730 uint16_t read_uint16(const unsigned char *c, const int pt) {
732 char *p = (char *) &ui;
734 if (!is_bigendian()) { // le -> le (don't swap)
744 // same as above with entrypoint.
746 void stlink_run_at(stlink_t *sl, stm32_addr_t addr) {
747 stlink_write_reg(sl, addr, 15); /* pc register */
751 while (is_core_halted(sl) == 0)
755 void stlink_core_stat(stlink_t *sl) {
759 switch (sl->q_buf[0]) {
760 case STLINK_CORE_RUNNING:
761 sl->core_stat = STLINK_CORE_RUNNING;
762 DLOG(" core status: running\n");
764 case STLINK_CORE_HALTED:
765 sl->core_stat = STLINK_CORE_HALTED;
766 DLOG(" core status: halted\n");
769 sl->core_stat = STLINK_CORE_STAT_UNKNOWN;
770 fprintf(stderr, " core status: unknown\n");
774 void stlink_print_data(stlink_t * sl) {
775 if (sl->q_len <= 0 || sl->verbose < UDEBUG)
778 fprintf(stdout, "data_len = %d 0x%x\n", sl->q_len, sl->q_len);
780 for (int i = 0; i < sl->q_len; i++) {
783 if (sl->q_data_dir == Q_DATA_OUT)
784 fprintf(stdout, "\n<- 0x%08x ", sl->q_addr + i);
786 fprintf(stdout, "\n-> 0x%08x ", sl->q_addr + i);
789 fprintf(stdout, " %02x", (unsigned int) sl->q_buf[i]);
791 fputs("\n\n", stdout);
794 /* memory mapped file */
796 typedef struct mapped_file {
801 #define MAPPED_FILE_INITIALIZER { NULL, 0 }
803 static int map_file(mapped_file_t* mf, const char* path) {
807 const int fd = open(path, O_RDONLY | O_BINARY);
809 fprintf(stderr, "open(%s) == -1\n", path);
813 if (fstat(fd, &st) == -1) {
814 fprintf(stderr, "fstat() == -1\n");
818 mf->base = (uint8_t*) mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
819 if (mf->base == MAP_FAILED) {
820 fprintf(stderr, "mmap() == MAP_FAILED\n");
824 mf->len = st.st_size;
835 static void unmap_file(mapped_file_t * mf) {
836 munmap((void*) mf->base, mf->len);
837 mf->base = (unsigned char*) MAP_FAILED;
841 /* Limit the block size to compare to 0x1800
842 Anything larger will stall the STLINK2
843 Maybe STLINK V1 needs smaller value!*/
844 static int check_file(stlink_t* sl, mapped_file_t* mf, stm32_addr_t addr) {
846 size_t n_cmp = sl->flash_pgsz;
850 for (off = 0; off < mf->len; off += n_cmp) {
853 /* adjust last page size */
854 size_t cmp_size = n_cmp;
855 if ((off + n_cmp) > mf->len)
856 cmp_size = mf->len - off;
858 aligned_size = cmp_size;
859 if (aligned_size & (4 - 1))
860 aligned_size = (cmp_size + 4) & ~(4 - 1);
862 stlink_read_mem32(sl, addr + off, aligned_size);
864 if (memcmp(sl->q_buf, mf->base + off, cmp_size))
871 int stlink_fwrite_sram
872 (stlink_t * sl, const char* path, stm32_addr_t addr) {
873 /* write the file in sram at addr */
877 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
880 if (map_file(&mf, path) == -1) {
881 fprintf(stderr, "map_file() == -1\n");
885 /* check addr range is inside the sram */
886 if (addr < sl->sram_base) {
887 fprintf(stderr, "addr too low\n");
889 } else if ((addr + mf.len) < addr) {
890 fprintf(stderr, "addr overruns\n");
892 } else if ((addr + mf.len) > (sl->sram_base + sl->sram_size)) {
893 fprintf(stderr, "addr too high\n");
895 } else if ((addr & 3) || (mf.len & 3)) {
897 fprintf(stderr, "unaligned addr or size\n");
900 /* do the copy by 1k blocks */
901 for (off = 0; off < mf.len; off += 1024) {
903 if ((off + size) > mf.len)
906 memcpy(sl->q_buf, mf.base + off, size);
908 /* round size if needed */
912 stlink_write_mem32(sl, addr + off, size);
915 /* check the file ha been written */
916 if (check_file(sl, &mf, addr) == -1) {
917 fprintf(stderr, "check_file() == -1\n");
924 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
925 /* Set PC to the reset routine*/
926 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
934 int stlink_fread(stlink_t* sl, const char* path, stm32_addr_t addr, size_t size) {
935 /* read size bytes from addr to file */
940 unsigned char erased_pattern = (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
941 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
942 || sl->chip_id == STM32_CHIPID_L152_RE) ? 0:0xff;
944 const int fd = open(path, O_RDWR | O_TRUNC | O_CREAT, 00700);
946 fprintf(stderr, "open(%s) == -1\n", path);
951 size = sl->flash_size;
953 if (size > sl->flash_size)
954 size = sl->flash_size;
956 /* do the copy by 1k blocks */
957 for (off = 0; off < size; off += 1024) {
958 size_t read_size = 1024;
961 if ((off + read_size) > size)
962 read_size = size - off;
964 /* round size if needed */
965 rounded_size = read_size;
966 if (rounded_size & 3)
967 rounded_size = (rounded_size + 4) & ~(3);
969 stlink_read_mem32(sl, addr + off, rounded_size);
971 for(index = 0; index < read_size; index ++) {
972 if (sl->q_buf[index] == erased_pattern)
977 if (write(fd, sl->q_buf, read_size) != (ssize_t) read_size) {
978 fprintf(stderr, "write() != read_size\n");
983 /* Ignore NULL Bytes at end of file */
984 if (!ftruncate(fd, size - num_empty)) {
997 int write_buffer_to_sram(stlink_t *sl, flash_loader_t* fl, const uint8_t* buf, size_t size) {
998 /* write the buffer right after the loader */
999 size_t chunk = size & ~0x3;
1000 size_t rem = size & 0x3;
1002 memcpy(sl->q_buf, buf, chunk);
1003 stlink_write_mem32(sl, fl->buf_addr, chunk);
1006 memcpy(sl->q_buf, buf+chunk, rem);
1007 stlink_write_mem8(sl, (fl->buf_addr)+chunk, rem);
1012 uint32_t calculate_F4_sectornum(uint32_t flashaddr){
1013 uint32_t offset = 0;
1014 flashaddr &= ~STM32_FLASH_BASE; //Page now holding the actual flash address
1015 if (flashaddr >= 0x100000) {
1017 flashaddr -= 0x100000;
1019 if (flashaddr<0x4000) return (offset + 0);
1020 else if(flashaddr<0x8000) return(offset + 1);
1021 else if(flashaddr<0xc000) return(offset + 2);
1022 else if(flashaddr<0x10000) return(offset + 3);
1023 else if(flashaddr<0x20000) return(offset + 4);
1024 else return offset + (flashaddr/0x20000) +4;
1028 uint32_t stlink_calculate_pagesize(stlink_t *sl, uint32_t flashaddr){
1029 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1030 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
1031 uint32_t sector=calculate_F4_sectornum(flashaddr);
1035 if (sector<4) sl->flash_pgsz=0x4000;
1036 else if(sector<5) sl->flash_pgsz=0x10000;
1037 else sl->flash_pgsz=0x20000;
1039 return (sl->flash_pgsz);
1043 * Erase a page of flash, assumes sl is fully populated with things like chip/core ids
1044 * @param sl stlink context
1045 * @param flashaddr an address in the flash page to erase
1046 * @return 0 on success -ve on failure
1048 int stlink_erase_flash_page(stlink_t *sl, stm32_addr_t flashaddr)
1050 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1051 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
1052 /* wait for ongoing op to finish */
1053 wait_flash_busy(sl);
1055 /* unlock if locked */
1056 unlock_flash_if(sl);
1058 /* select the page to erase */
1059 // calculate the actual page from the address
1060 uint32_t sector=calculate_F4_sectornum(flashaddr);
1062 fprintf(stderr, "EraseFlash - Sector:0x%x Size:0x%x\n", sector, stlink_calculate_pagesize(sl, flashaddr));
1064 //the SNB values for flash sectors in the second bank do not directly follow the values for the first bank on 2mb devices...
1065 if (sector >= 12) sector += 4;
1067 write_flash_cr_snb(sl, sector);
1069 /* start erase operation */
1070 set_flash_cr_strt(sl);
1072 /* wait for completion */
1073 wait_flash_busy(sl);
1075 /* relock the flash */
1076 //todo: fails to program if this is in
1079 fprintf(stdout, "Erase Final CR:0x%x\n", read_flash_cr(sl));
1081 } else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
1082 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
1083 || sl->chip_id == STM32_CHIPID_L152_RE || sl->chip_id == STM32_CHIPID_L0) {
1086 uint32_t flash_regs_base;
1087 if (sl->chip_id == STM32_CHIPID_L0) {
1088 flash_regs_base = STM32L0_FLASH_REGS_ADDR;
1090 flash_regs_base = STM32L_FLASH_REGS_ADDR;
1093 /* check if the locks are set */
1094 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1095 if((val & (1<<0))||(val & (1<<1))) {
1096 /* disable pecr protection */
1097 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x89abcdef);
1098 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x02030405);
1100 /* check pecr.pelock is cleared */
1101 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1102 if (val & (1 << 0)) {
1103 WLOG("pecr.pelock not clear (%#x)\n", val);
1107 /* unlock program memory */
1108 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x8c9daebf);
1109 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x13141516);
1111 /* check pecr.prglock is cleared */
1112 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1113 if (val & (1 << 1)) {
1114 WLOG("pecr.prglock not clear (%#x)\n", val);
1119 /* set pecr.{erase,prog} */
1120 val |= (1 << 9) | (1 << 3);
1121 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1122 #if 0 /* fix_to_be_confirmed */
1124 /* wait for sr.busy to be cleared
1125 * MP: Test shows that busy bit is not set here. Perhaps, PM0062 is
1126 * wrong and we do not need to wait here for clearing the busy bit.
1127 * TEXANE: ok, if experience says so and it works for you, we comment
1128 * it. If someone has a problem, please drop an email.
1130 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1133 #endif /* fix_to_be_confirmed */
1135 /* write 0 to the first word of the page to be erased */
1136 stlink_write_debug32(sl, flashaddr, 0);
1138 /* MP: It is better to wait for clearing the busy bit after issuing
1139 page erase command, even though PM0062 recommends to wait before it.
1140 Test shows that a few iterations is performed in the following loop
1141 before busy bit is cleared.*/
1142 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0)
1145 /* reset lock bits */
1146 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF)
1147 | (1 << 0) | (1 << 1) | (1 << 2);
1148 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1149 } else if (sl->core_id == STM32VL_CORE_ID
1150 || sl->core_id == STM32F0_CORE_ID
1151 || sl->chip_id == STM32_CHIPID_F3
1152 || sl->chip_id == STM32_CHIPID_F303_HIGH
1153 || sl->chip_id == STM32_CHIPID_F37x
1154 || sl->chip_id == STM32_CHIPID_F334) {
1155 /* wait for ongoing op to finish */
1156 wait_flash_busy(sl);
1158 /* unlock if locked */
1159 unlock_flash_if(sl);
1161 /* set the page erase bit */
1162 set_flash_cr_per(sl);
1164 /* select the page to erase */
1165 write_flash_ar(sl, flashaddr);
1167 /* start erase operation, reset by hw with bsy bit */
1168 set_flash_cr_strt(sl);
1170 /* wait for completion */
1171 wait_flash_busy(sl);
1173 /* relock the flash */
1176 WLOG("unknown coreid %x, page erase failed\n", sl->core_id);
1180 /* todo: verify the erased page */
1185 int stlink_erase_flash_mass(stlink_t *sl) {
1186 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
1187 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
1188 || sl->chip_id == STM32_CHIPID_L152_RE || sl->chip_id == STM32_CHIPID_L0) {
1189 /* erase each page */
1190 int i = 0, num_pages = sl->flash_size/sl->flash_pgsz;
1191 for (i = 0; i < num_pages; i++) {
1192 /* addr must be an addr inside the page */
1193 stm32_addr_t addr = sl->flash_base + i * sl->flash_pgsz;
1194 if (stlink_erase_flash_page(sl, addr) == -1) {
1195 WLOG("Failed to erase_flash_page(%#zx) == -1\n", addr);
1198 fprintf(stdout,"\rFlash page at %5d/%5d erased", i, num_pages);
1201 fprintf(stdout, "\n");
1203 /* wait for ongoing op to finish */
1204 wait_flash_busy(sl);
1206 /* unlock if locked */
1207 unlock_flash_if(sl);
1209 /* set the mass erase bit */
1210 set_flash_cr_mer(sl);
1212 /* start erase operation, reset by hw with bsy bit */
1213 set_flash_cr_strt(sl);
1215 /* wait for completion */
1216 wait_flash_busy_progress(sl);
1218 /* relock the flash */
1221 /* todo: verify the erased memory */
1226 int init_flash_loader(stlink_t *sl, flash_loader_t* fl) {
1229 /* allocate the loader in sram */
1230 if (write_loader_to_sram(sl, &fl->loader_addr, &size) == -1) {
1231 WLOG("Failed to write flash loader to sram!\n");
1235 /* allocate a one page buffer in sram right after loader */
1236 fl->buf_addr = fl->loader_addr + size;
1237 ILOG("Successfully loaded flash loader in sram\n");
1241 int write_loader_to_sram(stlink_t *sl, stm32_addr_t* addr, size_t* size) {
1242 /* from openocd, contrib/loaders/flash/stm32.s */
1243 static const uint8_t loader_code_stm32vl[] = {
1244 0x08, 0x4c, /* ldr r4, STM32_FLASH_BASE */
1245 0x1c, 0x44, /* add r4, r3 */
1246 /* write_half_word: */
1247 0x01, 0x23, /* movs r3, #0x01 */
1248 0x23, 0x61, /* str r3, [r4, #STM32_FLASH_CR_OFFSET] */
1249 0x30, 0xf8, 0x02, 0x3b, /* ldrh r3, [r0], #0x02 */
1250 0x21, 0xf8, 0x02, 0x3b, /* strh r3, [r1], #0x02 */
1252 0xe3, 0x68, /* ldr r3, [r4, #STM32_FLASH_SR_OFFSET] */
1253 0x13, 0xf0, 0x01, 0x0f, /* tst r3, #0x01 */
1254 0xfb, 0xd0, /* beq busy */
1255 0x13, 0xf0, 0x14, 0x0f, /* tst r3, #0x14 */
1256 0x01, 0xd1, /* bne exit */
1257 0x01, 0x3a, /* subs r2, r2, #0x01 */
1258 0xf0, 0xd1, /* bne write_half_word */
1260 0x00, 0xbe, /* bkpt #0x00 */
1261 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1264 /* flashloaders/stm32f0.s -- thumb1 only, same sequence as for STM32VL, bank ignored */
1265 static const uint8_t loader_code_stm32f0[] = {
1268 * These two NOPs here are a safety precaution, added by Pekka Nikander
1269 * while debugging the STM32F05x support. They may not be needed, but
1270 * there were strange problems with simpler programs, like a program
1271 * that had just a breakpoint or a program that first moved zero to register r2
1272 * and then had a breakpoint. So, it appears safest to have these two nops.
1274 * Feel free to remove them, if you dare, but then please do test the result
1275 * rigorously. Also, if you remove these, it may be a good idea first to
1276 * #if 0 them out, with a comment when these were taken out, and to remove
1277 * these only a few months later... But YMMV.
1279 0x00, 0x30, // nop /* add r0,#0 */
1280 0x00, 0x30, // nop /* add r0,#0 */
1282 0x0A, 0x4C, // ldr r4, STM32_FLASH_BASE
1283 0x01, 0x25, // mov r5, #1 /* FLASH_CR_PG, FLASH_SR_BUSY */
1284 0x04, 0x26, // mov r6, #4 /* PGERR */
1286 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1287 0x2B, 0x43, // orr r3, r5
1288 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR |= FLASH_CR_PG */
1289 0x03, 0x88, // ldrh r3, [r0] /* r3 = *sram */
1290 0x0B, 0x80, // strh r3, [r1] /* *flash = r3 */
1292 0xE3, 0x68, // ldr r3, [r4, #12] /* FLASH->SR */
1293 0x2B, 0x42, // tst r3, r5 /* FLASH_SR_BUSY */
1294 0xFC, 0xD0, // beq busy
1296 0x33, 0x42, // tst r3, r6 /* PGERR */
1297 0x04, 0xD1, // bne exit
1299 0x02, 0x30, // add r0, r0, #2 /* sram += 2 */
1300 0x02, 0x31, // add r1, r1, #2 /* flash += 2 */
1301 0x01, 0x3A, // sub r2, r2, #0x01 /* count-- */
1302 0x00, 0x2A, // cmp r2, #0
1303 0xF0, 0xD1, // bne write_half_word
1305 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1306 0xAB, 0x43, // bic r3, r5
1307 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR &= ~FLASH_CR_PG */
1308 0x00, 0xBE, // bkpt #0x00
1309 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1312 static const uint8_t loader_code_stm32l[] = {
1314 /* openocd.git/contrib/loaders/flash/stm32lx.S
1315 r0, input, dest addr
1316 r1, input, source addr
1317 r2, input, word count
1318 r3, output, word count
1324 0x51, 0xf8, 0x04, 0xcb,
1325 0x40, 0xf8, 0x04, 0xcb,
1333 static const uint8_t loader_code_stm32l0[] = {
1336 r0, input, dest addr
1337 r1, input, source addr
1338 r2, input, word count
1339 r3, output, word count
1356 static const uint8_t loader_code_stm32f4[] = {
1357 // flashloaders/stm32f4.s
1366 0x14, 0xf0, 0x01, 0x0f,
1368 0x00, 0xf1, 0x04, 0x00,
1369 0x01, 0xf1, 0x04, 0x01,
1370 0xa2, 0xf1, 0x01, 0x02,
1375 0x00, 0x3c, 0x02, 0x40,
1378 static const uint8_t loader_code_stm32f4_lv[] = {
1379 // flashloaders/stm32f4lv.s
1388 0x14, 0xf0, 0x01, 0x0f,
1390 0x00, 0xf1, 0x01, 0x00,
1391 0x01, 0xf1, 0x01, 0x01,
1392 0xa2, 0xf1, 0x01, 0x02,
1398 0x00, 0x3c, 0x02, 0x40,
1401 const uint8_t* loader_code;
1404 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
1405 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
1406 || sl->chip_id == STM32_CHIPID_L152_RE) { /* stm32l */
1407 loader_code = loader_code_stm32l;
1408 loader_size = sizeof(loader_code_stm32l);
1409 } else if (sl->core_id == STM32VL_CORE_ID
1410 || sl->chip_id == STM32_CHIPID_F3
1411 || sl->chip_id == STM32_CHIPID_F303_HIGH
1412 || sl->chip_id == STM32_CHIPID_F37x
1413 || sl->chip_id == STM32_CHIPID_F334) {
1414 loader_code = loader_code_stm32vl;
1415 loader_size = sizeof(loader_code_stm32vl);
1416 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1417 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD || (sl->chip_id == STM32_CHIPID_F411RE)){
1418 int voltage = stlink_target_voltage(sl);
1419 if (voltage > 2700) {
1420 loader_code = loader_code_stm32f4;
1421 loader_size = sizeof(loader_code_stm32f4);
1423 loader_code = loader_code_stm32f4_lv;
1424 loader_size = sizeof(loader_code_stm32f4_lv);
1426 } else if (sl->chip_id == STM32_CHIPID_F0 || sl->chip_id == STM32_CHIPID_F04 || sl->chip_id == STM32_CHIPID_F0_CAN || sl->chip_id == STM32_CHIPID_F0_SMALL || sl->chip_id == STM32_CHIPID_F09X) {
1427 loader_code = loader_code_stm32f0;
1428 loader_size = sizeof(loader_code_stm32f0);
1429 } else if (sl->chip_id == STM32_CHIPID_L0) {
1430 loader_code = loader_code_stm32l0;
1431 loader_size = sizeof(loader_code_stm32l0);
1433 ELOG("unknown coreid, not sure what flash loader to use, aborting!: %x\n", sl->core_id);
1437 memcpy(sl->q_buf, loader_code, loader_size);
1438 stlink_write_mem32(sl, sl->sram_base, loader_size);
1440 *addr = sl->sram_base;
1441 *size = loader_size;
1447 int stlink_fcheck_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1448 /* check the contents of path are at addr */
1451 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1453 if (map_file(&mf, path) == -1)
1456 res = check_file(sl, &mf, addr);
1464 * Verify addr..addr+len is binary identical to base...base+len
1465 * @param sl stlink context
1466 * @param address stm device address
1467 * @param data host side buffer to check against
1468 * @param length how much
1469 * @return 0 for success, -ve for failure
1471 int stlink_verify_write_flash(stlink_t *sl, stm32_addr_t address, uint8_t *data, unsigned length) {
1473 size_t cmp_size = (sl->flash_pgsz > 0x1800)? 0x1800:sl->flash_pgsz;
1474 ILOG("Starting verification of write complete\n");
1475 for (off = 0; off < length; off += cmp_size) {
1476 size_t aligned_size;
1478 /* adjust last page size */
1479 if ((off + cmp_size) > length)
1480 cmp_size = length - off;
1482 aligned_size = cmp_size;
1483 if (aligned_size & (4 - 1))
1484 aligned_size = (cmp_size + 4) & ~(4 - 1);
1486 stlink_read_mem32(sl, address + off, aligned_size);
1488 if (memcmp(sl->q_buf, data + off, cmp_size)) {
1489 ELOG("Verification of flash failed at offset: %zd\n", off);
1493 ILOG("Flash written and verified! jolly good!\n");
1498 int stm32l1_write_half_pages(stlink_t *sl, stm32_addr_t addr, uint8_t* base, uint32_t len, uint32_t pagesize)
1501 unsigned int num_half_pages = len / pagesize;
1503 uint32_t flash_regs_base;
1506 if (sl->chip_id == STM32_CHIPID_L0) {
1507 flash_regs_base = STM32L0_FLASH_REGS_ADDR;
1509 flash_regs_base = STM32L_FLASH_REGS_ADDR;
1512 ILOG("Starting Half page flash write for STM32L core id\n");
1513 /* flash loader initialization */
1514 if (init_flash_loader(sl, &fl) == -1) {
1515 WLOG("init_flash_loader() == -1\n");
1518 /* Unlock already done */
1519 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1520 val |= (1 << FLASH_L1_FPRG);
1521 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1523 val |= (1 << FLASH_L1_PROG);
1524 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1525 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0) {}
1527 for (count = 0; count < num_half_pages; count ++) {
1528 if (run_flash_loader(sl, &fl, addr + count * pagesize, base + count * pagesize, pagesize) == -1) {
1529 WLOG("l1_run_flash_loader(%#zx) failed! == -1\n", addr + count * pagesize);
1530 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1531 val &= ~((1 << FLASH_L1_FPRG) |(1 << FLASH_L1_PROG));
1532 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1535 /* wait for sr.busy to be cleared */
1536 if (sl->verbose >= 1) {
1537 /* show progress. writing procedure is slow
1538 and previous errors are misleading */
1539 fprintf(stdout, "\r%3u/%u halfpages written", count + 1, num_half_pages);
1542 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0) {
1545 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1546 val &= ~(1 << FLASH_L1_PROG);
1547 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1548 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1549 val &= ~(1 << FLASH_L1_FPRG);
1550 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1555 int stlink_write_flash(stlink_t *sl, stm32_addr_t addr, uint8_t* base, uint32_t len) {
1558 ILOG("Attempting to write %d (%#x) bytes to stm32 address: %u (%#x)\n",
1559 len, len, addr, addr);
1560 /* check addr range is inside the flash */
1561 stlink_calculate_pagesize(sl, addr);
1562 if (addr < sl->flash_base) {
1563 ELOG("addr too low %#x < %#x\n", addr, sl->flash_base);
1565 } else if ((addr + len) < addr) {
1566 ELOG("addr overruns\n");
1568 } else if ((addr + len) > (sl->flash_base + sl->flash_size)) {
1569 ELOG("addr too high\n");
1571 } else if (addr & 1) {
1572 ELOG("unaligned addr 0x%x\n", addr);
1574 } else if (len & 1) {
1575 WLOG("unaligned len 0x%x -- padding with zero\n", len);
1577 } else if (addr & (sl->flash_pgsz - 1)) {
1578 ELOG("addr not a multiple of pagesize, not supported\n");
1582 // Make sure we've loaded the context with the chip details
1584 /* erase each page */
1586 for (off = 0; off < len; off += stlink_calculate_pagesize(sl, addr + off)) {
1587 /* addr must be an addr inside the page */
1588 if (stlink_erase_flash_page(sl, addr + off) == -1) {
1589 ELOG("Failed to erase_flash_page(%#zx) == -1\n", addr + off);
1592 fprintf(stdout,"\rFlash page at addr: 0x%08lx erased",
1593 (unsigned long)addr + off);
1597 fprintf(stdout,"\n");
1598 ILOG("Finished erasing %d pages of %d (%#x) bytes\n",
1599 page_count, sl->flash_pgsz, sl->flash_pgsz);
1601 if ((sl->chip_id == STM32_CHIPID_F2) ||
1602 (sl->chip_id == STM32_CHIPID_F4) ||
1603 (sl->chip_id == STM32_CHIPID_F4_DE) ||
1604 (sl->chip_id == STM32_CHIPID_F4_LP) ||
1605 (sl->chip_id == STM32_CHIPID_F4_HD) ||
1606 (sl->chip_id == STM32_CHIPID_F411RE)) {
1607 /* todo: check write operation */
1609 ILOG("Starting Flash write for F2/F4\n");
1610 /* flash loader initialization */
1611 if (init_flash_loader(sl, &fl) == -1) {
1612 ELOG("init_flash_loader() == -1\n");
1616 /* First unlock the cr */
1617 unlock_flash_if(sl);
1619 /* TODO: Check that Voltage range is 2.7 - 3.6 V */
1620 /* set parallelisim to 32 bit*/
1621 int voltage = stlink_target_voltage(sl);
1622 if (voltage > 2700) {
1623 printf("enabling 32-bit flash writes\n");
1624 write_flash_cr_psiz(sl, 2);
1626 printf("Target voltage (%d mV) too low for 32-bit flash, using 8-bit flash writes\n", voltage);
1627 write_flash_cr_psiz(sl, 0);
1630 /* set programming mode */
1631 set_flash_cr_pg(sl);
1633 for(off = 0; off < len;) {
1634 size_t size = len - off > 0x8000 ? 0x8000 : len - off;
1636 printf("size: %zu\n", size);
1638 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1639 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1651 else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
1652 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
1653 || sl->chip_id == STM32_CHIPID_L152_RE || sl->chip_id == STM32_CHIPID_L0) {
1654 /* use fast word write. todo: half page. */
1656 uint32_t flash_regs_base;
1659 if (sl->chip_id == STM32_CHIPID_L0) {
1660 flash_regs_base = STM32L0_FLASH_REGS_ADDR;
1661 pagesize = L0_WRITE_BLOCK_SIZE;
1663 flash_regs_base = STM32L_FLASH_REGS_ADDR;
1664 pagesize = L1_WRITE_BLOCK_SIZE;
1667 /* todo: check write operation */
1669 /* disable pecr protection */
1670 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x89abcdef);
1671 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x02030405);
1673 /* check pecr.pelock is cleared */
1674 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1675 if (val & (1 << 0)) {
1676 fprintf(stderr, "pecr.pelock not clear\n");
1680 /* unlock program memory */
1681 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x8c9daebf);
1682 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x13141516);
1684 /* check pecr.prglock is cleared */
1685 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1686 if (val & (1 << 1)) {
1687 fprintf(stderr, "pecr.prglock not clear\n");
1691 if (len > pagesize) {
1692 if (stm32l1_write_half_pages(sl, addr, base, len, pagesize) == -1) {
1693 /* This may happen on a blank device! */
1694 WLOG("\nwrite_half_pages failed == -1\n");
1696 off = (len / pagesize)*pagesize;
1700 /* write remainingword in program memory */
1701 for ( ; off < len; off += sizeof(uint32_t)) {
1704 fprintf(stdout, "\r");
1706 if ((off % sl->flash_pgsz) > (sl->flash_pgsz -5)) {
1707 fprintf(stdout, "\r%3zd/%3zd pages written",
1708 off/sl->flash_pgsz, len/sl->flash_pgsz);
1712 write_uint32((unsigned char*) &data, *(uint32_t*) (base + off));
1713 stlink_write_debug32(sl, addr + off, data);
1715 /* wait for sr.busy to be cleared */
1716 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0)
1719 /* todo: check redo write operation */
1722 fprintf(stdout, "\n");
1723 /* reset lock bits */
1724 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF)
1725 | (1 << 0) | (1 << 1) | (1 << 2);
1726 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1727 } else if (sl->core_id == STM32VL_CORE_ID ||
1728 sl->core_id == STM32F0_CORE_ID ||
1729 sl->chip_id == STM32_CHIPID_F3 ||
1730 sl->chip_id == STM32_CHIPID_F303_HIGH ||
1731 sl->chip_id == STM32_CHIPID_F334 ||
1732 sl->chip_id == STM32_CHIPID_F37x) {
1733 ILOG("Starting Flash write for VL/F0/F3 core id\n");
1734 /* flash loader initialization */
1735 if (init_flash_loader(sl, &fl) == -1) {
1736 ELOG("init_flash_loader() == -1\n");
1740 int write_block_count = 0;
1741 for (off = 0; off < len; off += sl->flash_pgsz) {
1742 /* adjust last write size */
1743 size_t size = sl->flash_pgsz;
1744 if ((off + sl->flash_pgsz) > len) size = len - off;
1746 /* unlock and set programming mode */
1747 unlock_flash_if(sl);
1748 set_flash_cr_pg(sl);
1749 //DLOG("Finished setting flash cr pg, running loader!\n");
1750 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1751 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1755 if (sl->verbose >= 1) {
1756 /* show progress. writing procedure is slow
1757 and previous errors are misleading */
1758 fprintf(stdout, "\r%3u/%lu pages written", write_block_count++, (unsigned long)len/sl->flash_pgsz);
1762 fprintf(stdout, "\n");
1764 ELOG("unknown coreid, not sure how to write: %x\n", sl->core_id);
1768 return stlink_verify_write_flash(sl, addr, base, len);
1772 * Write the given binary file into flash at address "addr"
1774 * @param path readable file path, should be binary image
1775 * @param addr where to start writing
1776 * @return 0 on success, -ve on failure.
1778 int stlink_fwrite_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1779 /* write the file in flash at addr */
1781 unsigned int num_empty = 0, index;
1782 unsigned char erased_pattern = (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
1783 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
1784 || sl->chip_id == STM32_CHIPID_L152_RE) ? 0:0xff;
1785 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1786 if (map_file(&mf, path) == -1) {
1787 ELOG("map_file() == -1\n");
1790 for(index = 0; index < mf.len; index ++) {
1791 if (mf.base[index] == erased_pattern)
1796 /* Round down to words */
1797 num_empty -= (num_empty & 3);
1798 if(num_empty != 0) {
1799 ILOG("Ignoring %d bytes of 0x%02x at end of file\n", num_empty, erased_pattern);
1800 mf.len -= num_empty;
1802 err = stlink_write_flash(sl, addr, mf.base, mf.len);
1804 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
1805 /* Set PC to the reset routine*/
1806 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
1812 int run_flash_loader(stlink_t *sl, flash_loader_t* fl, stm32_addr_t target, const uint8_t* buf, size_t size) {
1816 DLOG("Running flash loader, write address:%#x, size: %zd\n", target, size);
1817 // FIXME This can never return -1
1818 if (write_buffer_to_sram(sl, fl, buf, size) == -1) {
1820 ELOG("write_buffer_to_sram() == -1\n");
1824 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
1825 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
1826 || sl->chip_id == STM32_CHIPID_L152_RE || sl->chip_id == STM32_CHIPID_L0) {
1828 size_t count = size / sizeof(uint32_t);
1829 if (size % sizeof(uint32_t)) ++count;
1832 stlink_write_reg(sl, target, 0); /* target */
1833 stlink_write_reg(sl, fl->buf_addr, 1); /* source */
1834 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1835 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1837 } else if (sl->core_id == STM32VL_CORE_ID ||
1838 sl->core_id == STM32F0_CORE_ID ||
1839 sl->chip_id == STM32_CHIPID_F3 ||
1840 sl->chip_id == STM32_CHIPID_F303_HIGH ||
1841 sl->chip_id == STM32_CHIPID_F37x ||
1842 sl->chip_id == STM32_CHIPID_F334) {
1844 size_t count = size / sizeof(uint16_t);
1845 if (size % sizeof(uint16_t)) ++count;
1848 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1849 stlink_write_reg(sl, target, 1); /* target */
1850 stlink_write_reg(sl, count, 2); /* count (16 bits half words) */
1851 stlink_write_reg(sl, 0, 3); /* flash bank 0 (input) */
1852 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1854 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1855 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD || (sl->chip_id == STM32_CHIPID_F411RE)) {
1857 size_t count = size / sizeof(uint32_t);
1858 if (size % sizeof(uint32_t)) ++count;
1861 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1862 stlink_write_reg(sl, target, 1); /* target */
1863 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1864 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1867 fprintf(stderr, "unknown coreid 0x%x, don't know what flash loader to use\n", sl->core_id);
1874 #define WAIT_ROUNDS 10000
1875 /* wait until done (reaches breakpoint) */
1876 for (i = 0; i < WAIT_ROUNDS; i++) {
1878 if (is_core_halted(sl))
1882 if (i >= WAIT_ROUNDS) {
1883 ELOG("flash loader run error\n");
1887 /* check written byte count */
1888 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
1889 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
1890 || sl->chip_id == STM32_CHIPID_L152_RE || sl->chip_id == STM32_CHIPID_L0) {
1892 size_t count = size / sizeof(uint32_t);
1893 if (size % sizeof(uint32_t)) ++count;
1895 stlink_read_reg(sl, 3, &rr);
1896 if (rr.r[3] != count) {
1897 fprintf(stderr, "write error, count == %u\n", rr.r[3]);
1901 } else if (sl->core_id == STM32VL_CORE_ID ||
1902 sl->core_id == STM32F0_CORE_ID ||
1903 sl->chip_id == STM32_CHIPID_F3 ||
1904 sl->chip_id == STM32_CHIPID_F303_HIGH ||
1905 sl->chip_id == STM32_CHIPID_F37x ||
1906 sl->chip_id == STM32_CHIPID_F334) {
1908 stlink_read_reg(sl, 2, &rr);
1910 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1914 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1915 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD || (sl->chip_id == STM32_CHIPID_F411RE)) {
1917 stlink_read_reg(sl, 2, &rr);
1919 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1925 fprintf(stderr, "unknown coreid 0x%x, can't check written byte count\n", sl->core_id);