10 #include <sys/types.h>
14 #include "stlink-common.h"
15 #include "uglylogging.h"
21 /* todo: stm32l15xxx flash memory, pm0062 manual */
23 /* stm32f FPEC flash controller interface, pm0063 manual */
24 // TODO - all of this needs to be abstracted out....
25 // STM32F05x is identical, based on RM0091 (DM00031936, Doc ID 018940 Rev 2, August 2012)
26 #define FLASH_REGS_ADDR 0x40022000
27 #define FLASH_REGS_SIZE 0x28
29 #define FLASH_ACR (FLASH_REGS_ADDR + 0x00)
30 #define FLASH_KEYR (FLASH_REGS_ADDR + 0x04)
31 #define FLASH_SR (FLASH_REGS_ADDR + 0x0c)
32 #define FLASH_CR (FLASH_REGS_ADDR + 0x10)
33 #define FLASH_AR (FLASH_REGS_ADDR + 0x14)
34 #define FLASH_OBR (FLASH_REGS_ADDR + 0x1c)
35 #define FLASH_WRPR (FLASH_REGS_ADDR + 0x20)
37 // For STM32F05x, the RDPTR_KEY may be wrong, but as it is not used anywhere...
38 #define FLASH_RDPTR_KEY 0x00a5
39 #define FLASH_KEY1 0x45670123
40 #define FLASH_KEY2 0xcdef89ab
42 #define FLASH_SR_BSY 0
43 #define FLASH_SR_EOP 5
46 #define FLASH_CR_PER 1
47 #define FLASH_CR_MER 2
48 #define FLASH_CR_STRT 6
49 #define FLASH_CR_LOCK 7
52 //32L = 32F1 same CoreID as 32F4!
53 #define STM32L_FLASH_REGS_ADDR ((uint32_t)0x40023c00)
54 #define STM32L_FLASH_ACR (STM32L_FLASH_REGS_ADDR + 0x00)
55 #define STM32L_FLASH_PECR (STM32L_FLASH_REGS_ADDR + 0x04)
56 #define STM32L_FLASH_PDKEYR (STM32L_FLASH_REGS_ADDR + 0x08)
57 #define STM32L_FLASH_PEKEYR (STM32L_FLASH_REGS_ADDR + 0x0c)
58 #define STM32L_FLASH_PRGKEYR (STM32L_FLASH_REGS_ADDR + 0x10)
59 #define STM32L_FLASH_OPTKEYR (STM32L_FLASH_REGS_ADDR + 0x14)
60 #define STM32L_FLASH_SR (STM32L_FLASH_REGS_ADDR + 0x18)
61 #define STM32L_FLASH_OBR (STM32L_FLASH_REGS_ADDR + 0x1c)
62 #define STM32L_FLASH_WRPR (STM32L_FLASH_REGS_ADDR + 0x20)
63 #define FLASH_L1_FPRG 10
64 #define FLASH_L1_PROG 3
66 //STM32L0x flash register base and offsets
68 #define STM32L0_FLASH_REGS_ADDR ((uint32_t)0x40022000)
69 #define FLASH_ACR_OFF ((uint32_t) 0x00)
70 #define FLASH_PECR_OFF ((uint32_t) 0x04)
71 #define FLASH_PDKEYR_OFF ((uint32_t) 0x08)
72 #define FLASH_PEKEYR_OFF ((uint32_t) 0x0c)
73 #define FLASH_PRGKEYR_OFF ((uint32_t) 0x10)
74 #define FLASH_OPTKEYR_OFF ((uint32_t) 0x14)
75 #define FLASH_SR_OFF ((uint32_t) 0x18)
76 #define FLASH_OBR_OFF ((uint32_t) 0x1c)
77 #define FLASH_WRPR_OFF ((uint32_t) 0x20)
82 #define FLASH_F4_REGS_ADDR ((uint32_t)0x40023c00)
83 #define FLASH_F4_KEYR (FLASH_F4_REGS_ADDR + 0x04)
84 #define FLASH_F4_OPT_KEYR (FLASH_F4_REGS_ADDR + 0x08)
85 #define FLASH_F4_SR (FLASH_F4_REGS_ADDR + 0x0c)
86 #define FLASH_F4_CR (FLASH_F4_REGS_ADDR + 0x10)
87 #define FLASH_F4_OPT_CR (FLASH_F4_REGS_ADDR + 0x14)
88 #define FLASH_F4_CR_STRT 16
89 #define FLASH_F4_CR_LOCK 31
90 #define FLASH_F4_CR_SER 1
91 #define FLASH_F4_CR_SNB 3
92 #define FLASH_F4_CR_SNB_MASK 0xf8
93 #define FLASH_F4_SR_BSY 16
95 #define L1_WRITE_BLOCK_SIZE 0x80
96 #define L0_WRITE_BLOCK_SIZE 0x40
98 void write_uint32(unsigned char* buf, uint32_t ui) {
99 if (!is_bigendian()) { // le -> le (don't swap)
100 buf[0] = ((unsigned char*) &ui)[0];
101 buf[1] = ((unsigned char*) &ui)[1];
102 buf[2] = ((unsigned char*) &ui)[2];
103 buf[3] = ((unsigned char*) &ui)[3];
105 buf[0] = ((unsigned char*) &ui)[3];
106 buf[1] = ((unsigned char*) &ui)[2];
107 buf[2] = ((unsigned char*) &ui)[1];
108 buf[3] = ((unsigned char*) &ui)[0];
112 void write_uint16(unsigned char* buf, uint16_t ui) {
113 if (!is_bigendian()) { // le -> le (don't swap)
114 buf[0] = ((unsigned char*) &ui)[0];
115 buf[1] = ((unsigned char*) &ui)[1];
117 buf[0] = ((unsigned char*) &ui)[1];
118 buf[1] = ((unsigned char*) &ui)[0];
122 uint32_t read_uint32(const unsigned char *c, const int pt) {
124 char *p = (char *) &ui;
126 if (!is_bigendian()) { // le -> le (don't swap)
140 static uint32_t __attribute__((unused)) read_flash_rdp(stlink_t *sl) {
141 return stlink_read_debug32(sl, FLASH_WRPR) & 0xff;
144 static inline uint32_t read_flash_wrpr(stlink_t *sl) {
145 return stlink_read_debug32(sl, FLASH_WRPR);
148 static inline uint32_t read_flash_obr(stlink_t *sl) {
149 return stlink_read_debug32(sl, FLASH_OBR);
152 static inline uint32_t read_flash_cr(stlink_t *sl) {
154 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||(sl->chip_id == STM32_CHIPID_F4_DE) ||
155 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
156 res = stlink_read_debug32(sl, FLASH_F4_CR);
158 res = stlink_read_debug32(sl, FLASH_CR);
160 fprintf(stdout, "CR:0x%x\n", res);
165 static inline unsigned int is_flash_locked(stlink_t *sl) {
166 /* return non zero for true */
167 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
168 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE) )
169 return read_flash_cr(sl) & (1 << FLASH_F4_CR_LOCK);
171 return read_flash_cr(sl) & (1 << FLASH_CR_LOCK);
174 static void unlock_flash(stlink_t *sl) {
175 /* the unlock sequence consists of 2 write cycles where
176 2 key values are written to the FLASH_KEYR register.
177 an invalid sequence results in a definitive lock of
178 the FPEC block until next reset.
180 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
181 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
182 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY1);
183 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY2);
185 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY1);
186 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY2);
191 static int unlock_flash_if(stlink_t *sl) {
192 /* unlock flash if already locked */
194 if (is_flash_locked(sl)) {
196 if (is_flash_locked(sl)) {
197 WLOG("Failed to unlock flash!\n");
201 DLOG("Successfully unlocked flash\n");
205 static void lock_flash(stlink_t *sl) {
206 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
207 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
208 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_F4_CR_LOCK);
209 stlink_write_debug32(sl, FLASH_F4_CR, n);
211 /* write to 1 only. reset by hw at unlock sequence */
212 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_CR_LOCK);
213 stlink_write_debug32(sl, FLASH_CR, n);
218 static void set_flash_cr_pg(stlink_t *sl) {
219 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
220 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
221 uint32_t x = read_flash_cr(sl);
222 x |= (1 << FLASH_CR_PG);
223 stlink_write_debug32(sl, FLASH_F4_CR, x);
225 const uint32_t n = 1 << FLASH_CR_PG;
226 stlink_write_debug32(sl, FLASH_CR, n);
230 static void __attribute__((unused)) clear_flash_cr_pg(stlink_t *sl) {
231 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PG);
232 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
233 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
234 stlink_write_debug32(sl, FLASH_F4_CR, n);
236 stlink_write_debug32(sl, FLASH_CR, n);
239 static void set_flash_cr_per(stlink_t *sl) {
240 const uint32_t n = 1 << FLASH_CR_PER;
241 stlink_write_debug32(sl, FLASH_CR, n);
244 static void __attribute__((unused)) clear_flash_cr_per(stlink_t *sl) {
245 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PER);
246 stlink_write_debug32(sl, FLASH_CR, n);
249 static void set_flash_cr_mer(stlink_t *sl) {
250 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
251 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
252 stlink_write_debug32(sl, FLASH_F4_CR,
253 stlink_read_debug32(sl, FLASH_F4_CR) | (1 << FLASH_CR_MER));
255 stlink_write_debug32(sl, FLASH_CR,
256 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_MER));
259 static void __attribute__((unused)) clear_flash_cr_mer(stlink_t *sl) {
260 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
261 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
262 stlink_write_debug32(sl, FLASH_F4_CR,
263 stlink_read_debug32(sl, FLASH_F4_CR) & ~(1 << FLASH_CR_MER));
265 stlink_write_debug32(sl, FLASH_CR,
266 stlink_read_debug32(sl, FLASH_CR) & ~(1 << FLASH_CR_MER));
269 static void set_flash_cr_strt(stlink_t *sl) {
270 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
271 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
272 uint32_t x = read_flash_cr(sl);
273 x |= (1 << FLASH_F4_CR_STRT);
274 stlink_write_debug32(sl, FLASH_F4_CR, x);
276 stlink_write_debug32(sl, FLASH_CR,
277 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_STRT) );
281 static inline uint32_t read_flash_acr(stlink_t *sl) {
282 return stlink_read_debug32(sl, FLASH_ACR);
285 static inline uint32_t read_flash_sr(stlink_t *sl) {
287 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
288 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
289 res = stlink_read_debug32(sl, FLASH_F4_SR);
291 res = stlink_read_debug32(sl, FLASH_SR);
292 //fprintf(stdout, "SR:0x%x\n", *(uint32_t*) sl->q_buf);
296 static inline unsigned int is_flash_busy(stlink_t *sl) {
297 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
298 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
299 return read_flash_sr(sl) & (1 << FLASH_F4_SR_BSY);
301 return read_flash_sr(sl) & (1 << FLASH_SR_BSY);
304 static void wait_flash_busy(stlink_t *sl) {
305 /* todo: add some delays here */
306 while (is_flash_busy(sl))
310 static void wait_flash_busy_progress(stlink_t *sl) {
312 fprintf(stdout, "Mass erasing");
314 while (is_flash_busy(sl)) {
318 fprintf(stdout, ".");
322 fprintf(stdout, "\n");
325 static inline unsigned int is_flash_eop(stlink_t *sl) {
326 return read_flash_sr(sl) & (1 << FLASH_SR_EOP);
329 static void __attribute__((unused)) clear_flash_sr_eop(stlink_t *sl) {
330 const uint32_t n = read_flash_sr(sl) & ~(1 << FLASH_SR_EOP);
331 stlink_write_debug32(sl, FLASH_SR, n);
334 static void __attribute__((unused)) wait_flash_eop(stlink_t *sl) {
335 /* todo: add some delays here */
336 while (is_flash_eop(sl) == 0)
340 static inline void write_flash_ar(stlink_t *sl, uint32_t n) {
341 stlink_write_debug32(sl, FLASH_AR, n);
344 static inline void write_flash_cr_psiz(stlink_t *sl, uint32_t n) {
345 uint32_t x = read_flash_cr(sl);
349 fprintf(stdout, "PSIZ:0x%x 0x%x\n", x, n);
351 stlink_write_debug32(sl, FLASH_F4_CR, x);
355 static inline void write_flash_cr_snb(stlink_t *sl, uint32_t n) {
356 uint32_t x = read_flash_cr(sl);
357 x &= ~FLASH_F4_CR_SNB_MASK;
358 x |= (n << FLASH_F4_CR_SNB);
359 x |= (1 << FLASH_F4_CR_SER);
361 fprintf(stdout, "SNB:0x%x 0x%x\n", x, n);
363 stlink_write_debug32(sl, FLASH_F4_CR, x);
366 // Delegates to the backends...
368 void stlink_close(stlink_t *sl) {
369 DLOG("*** stlink_close ***\n");
370 sl->backend->close(sl);
374 void stlink_exit_debug_mode(stlink_t *sl) {
375 DLOG("*** stlink_exit_debug_mode ***\n");
376 stlink_write_debug32(sl, DHCSR, DBGKEY);
377 sl->backend->exit_debug_mode(sl);
380 void stlink_enter_swd_mode(stlink_t *sl) {
381 DLOG("*** stlink_enter_swd_mode ***\n");
382 sl->backend->enter_swd_mode(sl);
385 // Force the core into the debug mode -> halted state.
386 void stlink_force_debug(stlink_t *sl) {
387 DLOG("*** stlink_force_debug_mode ***\n");
388 sl->backend->force_debug(sl);
391 void stlink_exit_dfu_mode(stlink_t *sl) {
392 DLOG("*** stlink_exit_dfu_mode ***\n");
393 sl->backend->exit_dfu_mode(sl);
396 uint32_t stlink_core_id(stlink_t *sl) {
397 DLOG("*** stlink_core_id ***\n");
398 sl->backend->core_id(sl);
400 stlink_print_data(sl);
401 DLOG("core_id = 0x%08x\n", sl->core_id);
405 uint32_t stlink_chip_id(stlink_t *sl) {
406 uint32_t chip_id = stlink_read_debug32(sl, 0xE0042000);
407 if (chip_id == 0) chip_id = stlink_read_debug32(sl, 0x40015800); //Try Corex M0 DBGMCU_IDCODE register address
412 * Cortex m3 tech ref manual, CPUID register description
413 * @param sl stlink context
414 * @param cpuid pointer to the result object
416 void stlink_cpu_id(stlink_t *sl, cortex_m3_cpuid_t *cpuid) {
417 uint32_t raw = stlink_read_debug32(sl, CM3_REG_CPUID);
418 cpuid->implementer_id = (raw >> 24) & 0x7f;
419 cpuid->variant = (raw >> 20) & 0xf;
420 cpuid->part = (raw >> 4) & 0xfff;
421 cpuid->revision = raw & 0xf;
426 * reads and decodes the flash parameters, as dynamically as possible
428 * @return 0 for success, or -1 for unsupported core type.
430 int stlink_load_device_params(stlink_t *sl) {
431 ILOG("Loading device parameters....\n");
432 const chip_params_t *params = NULL;
433 sl->core_id = stlink_core_id(sl);
434 uint32_t chip_id = stlink_chip_id(sl);
437 sl->chip_id = chip_id & 0xfff;
438 /* Fix chip_id for F4 rev A errata , Read CPU ID, as CoreID is the same for F2/F4*/
439 if (sl->chip_id == 0x411) {
440 uint32_t cpuid = stlink_read_debug32(sl, 0xE000ED00);
441 if ((cpuid & 0xfff0) == 0xc240)
445 for (size_t i = 0; i < sizeof(devices) / sizeof(devices[0]); i++) {
446 if(devices[i].chip_id == sl->chip_id) {
447 params = &devices[i];
451 if (params == NULL) {
452 WLOG("unknown chip id! %#x\n", chip_id);
456 // These are fixed...
457 sl->flash_base = STM32_FLASH_BASE;
458 sl->sram_base = STM32_SRAM_BASE;
459 flash_size = stlink_read_debug32(sl,(params->flash_size_reg) & ~3);
460 if (params->flash_size_reg & 2)
461 flash_size = flash_size >>16;
462 flash_size = flash_size & 0xffff;
464 if ((sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS) && ( flash_size == 0 )) {
465 sl->flash_size = 128 * 1024;
466 } else if ((sl->chip_id & 0xFFF) == STM32_CHIPID_L1_HIGH) {
467 // 0 is 384k and 1 is 256k
468 if ( flash_size == 0 ) {
469 sl->flash_size = 384 * 1024;
471 sl->flash_size = 256 * 1024;
474 sl->flash_size = flash_size * 1024;
476 sl->flash_pgsz = params->flash_pagesize;
477 sl->sram_size = params->sram_size;
478 sl->sys_base = params->bootrom_base;
479 sl->sys_size = params->bootrom_size;
481 ILOG("Device connected is: %s, id %#x\n", params->description, chip_id);
482 // TODO make note of variable page size here.....
483 ILOG("SRAM size: %#x bytes (%d KiB), Flash: %#x bytes (%d KiB) in pages of %zd bytes\n",
484 sl->sram_size, sl->sram_size / 1024, sl->flash_size, sl->flash_size / 1024,
489 void stlink_reset(stlink_t *sl) {
490 DLOG("*** stlink_reset ***\n");
491 sl->backend->reset(sl);
494 void stlink_jtag_reset(stlink_t *sl, int value) {
495 DLOG("*** stlink_jtag_reset ***\n");
496 sl->backend->jtag_reset(sl, value);
499 void stlink_run(stlink_t *sl) {
500 DLOG("*** stlink_run ***\n");
501 sl->backend->run(sl);
504 void stlink_status(stlink_t *sl) {
505 DLOG("*** stlink_status ***\n");
506 sl->backend->status(sl);
507 stlink_core_stat(sl);
511 * Decode the version bits, originally from -sg, verified with usb
512 * @param sl stlink context, assumed to contain valid data in the buffer
513 * @param slv output parsed version object
515 void _parse_version(stlink_t *sl, stlink_version_t *slv) {
516 uint32_t b0 = sl->q_buf[0]; //lsb
517 uint32_t b1 = sl->q_buf[1];
518 uint32_t b2 = sl->q_buf[2];
519 uint32_t b3 = sl->q_buf[3];
520 uint32_t b4 = sl->q_buf[4];
521 uint32_t b5 = sl->q_buf[5]; //msb
523 // b0 b1 || b2 b3 | b4 b5
524 // 4b | 6b | 6b || 2B | 2B
525 // stlink_v | jtag_v | swim_v || st_vid | stlink_pid
527 slv->stlink_v = (b0 & 0xf0) >> 4;
528 slv->jtag_v = ((b0 & 0x0f) << 2) | ((b1 & 0xc0) >> 6);
529 slv->swim_v = b1 & 0x3f;
530 slv->st_vid = (b3 << 8) | b2;
531 slv->stlink_pid = (b5 << 8) | b4;
535 void stlink_version(stlink_t *sl) {
536 DLOG("*** looking up stlink version\n");
537 sl->backend->version(sl);
538 _parse_version(sl, &sl->version);
540 DLOG("st vid = 0x%04x (expect 0x%04x)\n", sl->version.st_vid, USB_ST_VID);
541 DLOG("stlink pid = 0x%04x\n", sl->version.stlink_pid);
542 DLOG("stlink version = 0x%x\n", sl->version.stlink_v);
543 DLOG("jtag version = 0x%x\n", sl->version.jtag_v);
544 DLOG("swim version = 0x%x\n", sl->version.swim_v);
545 if (sl->version.jtag_v == 0) {
546 DLOG(" notice: the firmware doesn't support a jtag/swd interface\n");
548 if (sl->version.swim_v == 0) {
549 DLOG(" notice: the firmware doesn't support a swim interface\n");
553 int stlink_target_voltage(stlink_t *sl) {
555 DLOG("*** reading target voltage\n");
556 if (sl->backend->target_voltage != NULL) {
557 voltage = sl->backend->target_voltage(sl);
559 DLOG("target voltage = %ldmV\n", voltage);
561 DLOG("error reading target voltage\n");
564 DLOG("reading voltage not supported by backend\n");
569 uint32_t stlink_read_debug32(stlink_t *sl, uint32_t addr) {
570 uint32_t data = sl->backend->read_debug32(sl, addr);
571 DLOG("*** stlink_read_debug32 %x is %#x\n", data, addr);
575 void stlink_write_debug32(stlink_t *sl, uint32_t addr, uint32_t data) {
576 DLOG("*** stlink_write_debug32 %x to %#x\n", data, addr);
577 sl->backend->write_debug32(sl, addr, data);
580 void stlink_write_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
581 DLOG("*** stlink_write_mem32 %u bytes to %#x\n", len, addr);
583 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n", len % 4);
586 sl->backend->write_mem32(sl, addr, len);
589 void stlink_read_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
590 DLOG("*** stlink_read_mem32 ***\n");
591 if (len % 4 != 0) { // !!! never ever: fw gives just wrong values
592 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n",
596 sl->backend->read_mem32(sl, addr, len);
599 void stlink_write_mem8(stlink_t *sl, uint32_t addr, uint16_t len) {
600 DLOG("*** stlink_write_mem8 ***\n");
601 if (len > 0x40 ) { // !!! never ever: Writing more then 0x40 bytes gives unexpected behaviour
602 fprintf(stderr, "Error: Data length > 64: +%d byte.\n",
606 sl->backend->write_mem8(sl, addr, len);
609 void stlink_read_all_regs(stlink_t *sl, reg *regp) {
610 DLOG("*** stlink_read_all_regs ***\n");
611 sl->backend->read_all_regs(sl, regp);
614 void stlink_read_all_unsupported_regs(stlink_t *sl, reg *regp) {
615 DLOG("*** stlink_read_all_unsupported_regs ***\n");
616 sl->backend->read_all_unsupported_regs(sl, regp);
619 void stlink_write_reg(stlink_t *sl, uint32_t reg, int idx) {
620 DLOG("*** stlink_write_reg\n");
621 sl->backend->write_reg(sl, reg, idx);
624 void stlink_read_reg(stlink_t *sl, int r_idx, reg *regp) {
625 DLOG("*** stlink_read_reg\n");
626 DLOG(" (%d) ***\n", r_idx);
628 if (r_idx > 20 || r_idx < 0) {
629 fprintf(stderr, "Error: register index must be in [0..20]\n");
633 sl->backend->read_reg(sl, r_idx, regp);
636 void stlink_read_unsupported_reg(stlink_t *sl, int r_idx, reg *regp) {
639 DLOG("*** stlink_read_unsupported_reg\n");
640 DLOG(" (%d) ***\n", r_idx);
642 /* Convert to values used by DCRSR */
643 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
645 } else if (r_idx == 0x40) { /* FPSCR */
647 } else if (r_idx >= 0x20 && r_idx < 0x40) {
648 r_convert = 0x40 + (r_idx - 0x20);
650 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
654 sl->backend->read_unsupported_reg(sl, r_convert, regp);
657 void stlink_write_unsupported_reg(stlink_t *sl, uint32_t val, int r_idx, reg *regp) {
660 DLOG("*** stlink_write_unsupported_reg\n");
661 DLOG(" (%d) ***\n", r_idx);
663 /* Convert to values used by DCRSR */
664 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
665 r_convert = r_idx; /* The backend function handles this */
666 } else if (r_idx == 0x40) { /* FPSCR */
668 } else if (r_idx >= 0x20 && r_idx < 0x40) {
669 r_convert = 0x40 + (r_idx - 0x20);
671 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
675 sl->backend->write_unsupported_reg(sl, val, r_convert, regp);
678 unsigned int is_core_halted(stlink_t *sl) {
679 /* return non zero if core is halted */
681 return sl->q_buf[0] == STLINK_CORE_HALTED;
684 void stlink_step(stlink_t *sl) {
685 DLOG("*** stlink_step ***\n");
686 sl->backend->step(sl);
689 int stlink_current_mode(stlink_t *sl) {
690 int mode = sl->backend->current_mode(sl);
692 case STLINK_DEV_DFU_MODE:
693 DLOG("stlink current mode: dfu\n");
695 case STLINK_DEV_DEBUG_MODE:
696 DLOG("stlink current mode: debug (jtag or swd)\n");
698 case STLINK_DEV_MASS_MODE:
699 DLOG("stlink current mode: mass\n");
702 DLOG("stlink mode: unknown!\n");
703 return STLINK_DEV_UNKNOWN_MODE;
709 // End of delegates.... Common code below here...
712 // http://www.ibm.com/developerworks/aix/library/au-endianc/index.html
714 // #define is_bigendian() ( (*(char*)&i) == 0 )
716 inline unsigned int is_bigendian(void) {
717 static volatile const unsigned int i = 1;
718 return *(volatile const char*) &i == 0;
721 uint16_t read_uint16(const unsigned char *c, const int pt) {
723 char *p = (char *) &ui;
725 if (!is_bigendian()) { // le -> le (don't swap)
735 // same as above with entrypoint.
737 void stlink_run_at(stlink_t *sl, stm32_addr_t addr) {
738 stlink_write_reg(sl, addr, 15); /* pc register */
742 while (is_core_halted(sl) == 0)
746 void stlink_core_stat(stlink_t *sl) {
750 switch (sl->q_buf[0]) {
751 case STLINK_CORE_RUNNING:
752 sl->core_stat = STLINK_CORE_RUNNING;
753 DLOG(" core status: running\n");
755 case STLINK_CORE_HALTED:
756 sl->core_stat = STLINK_CORE_HALTED;
757 DLOG(" core status: halted\n");
760 sl->core_stat = STLINK_CORE_STAT_UNKNOWN;
761 fprintf(stderr, " core status: unknown\n");
765 void stlink_print_data(stlink_t * sl) {
766 if (sl->q_len <= 0 || sl->verbose < UDEBUG)
769 fprintf(stdout, "data_len = %d 0x%x\n", sl->q_len, sl->q_len);
771 for (int i = 0; i < sl->q_len; i++) {
774 if (sl->q_data_dir == Q_DATA_OUT)
775 fprintf(stdout, "\n<- 0x%08x ", sl->q_addr + i);
777 fprintf(stdout, "\n-> 0x%08x ", sl->q_addr + i);
780 fprintf(stdout, " %02x", (unsigned int) sl->q_buf[i]);
782 fputs("\n\n", stdout);
785 /* memory mapped file */
787 typedef struct mapped_file {
792 #define MAPPED_FILE_INITIALIZER { NULL, 0 }
794 static int map_file(mapped_file_t* mf, const char* path) {
798 const int fd = open(path, O_RDONLY | O_BINARY);
800 fprintf(stderr, "open(%s) == -1\n", path);
804 if (fstat(fd, &st) == -1) {
805 fprintf(stderr, "fstat() == -1\n");
809 mf->base = (uint8_t*) mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
810 if (mf->base == MAP_FAILED) {
811 fprintf(stderr, "mmap() == MAP_FAILED\n");
815 mf->len = st.st_size;
826 static void unmap_file(mapped_file_t * mf) {
827 munmap((void*) mf->base, mf->len);
828 mf->base = (unsigned char*) MAP_FAILED;
832 /* Limit the block size to compare to 0x1800
833 Anything larger will stall the STLINK2
834 Maybe STLINK V1 needs smaller value!*/
835 static int check_file(stlink_t* sl, mapped_file_t* mf, stm32_addr_t addr) {
837 size_t n_cmp = sl->flash_pgsz;
841 for (off = 0; off < mf->len; off += n_cmp) {
844 /* adjust last page size */
845 size_t cmp_size = n_cmp;
846 if ((off + n_cmp) > mf->len)
847 cmp_size = mf->len - off;
849 aligned_size = cmp_size;
850 if (aligned_size & (4 - 1))
851 aligned_size = (cmp_size + 4) & ~(4 - 1);
853 stlink_read_mem32(sl, addr + off, aligned_size);
855 if (memcmp(sl->q_buf, mf->base + off, cmp_size))
862 int stlink_fwrite_sram
863 (stlink_t * sl, const char* path, stm32_addr_t addr) {
864 /* write the file in sram at addr */
868 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
871 if (map_file(&mf, path) == -1) {
872 fprintf(stderr, "map_file() == -1\n");
876 /* check addr range is inside the sram */
877 if (addr < sl->sram_base) {
878 fprintf(stderr, "addr too low\n");
880 } else if ((addr + mf.len) < addr) {
881 fprintf(stderr, "addr overruns\n");
883 } else if ((addr + mf.len) > (sl->sram_base + sl->sram_size)) {
884 fprintf(stderr, "addr too high\n");
886 } else if ((addr & 3) || (mf.len & 3)) {
888 fprintf(stderr, "unaligned addr or size\n");
891 /* do the copy by 1k blocks */
892 for (off = 0; off < mf.len; off += 1024) {
894 if ((off + size) > mf.len)
897 memcpy(sl->q_buf, mf.base + off, size);
899 /* round size if needed */
903 stlink_write_mem32(sl, addr + off, size);
906 /* check the file ha been written */
907 if (check_file(sl, &mf, addr) == -1) {
908 fprintf(stderr, "check_file() == -1\n");
915 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
916 /* Set PC to the reset routine*/
917 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
925 int stlink_fread(stlink_t* sl, const char* path, stm32_addr_t addr, size_t size) {
926 /* read size bytes from addr to file */
931 unsigned char erased_pattern = (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
932 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE) ? 0:0xff;
934 const int fd = open(path, O_RDWR | O_TRUNC | O_CREAT, 00700);
936 fprintf(stderr, "open(%s) == -1\n", path);
941 size = sl->flash_size;
943 if (size > sl->flash_size)
944 size = sl->flash_size;
946 /* do the copy by 1k blocks */
947 for (off = 0; off < size; off += 1024) {
948 size_t read_size = 1024;
951 if ((off + read_size) > size)
952 read_size = size - off;
954 /* round size if needed */
955 rounded_size = read_size;
956 if (rounded_size & 3)
957 rounded_size = (rounded_size + 4) & ~(3);
959 stlink_read_mem32(sl, addr + off, rounded_size);
961 for(index = 0; index < read_size; index ++) {
962 if (sl->q_buf[index] == erased_pattern)
967 if (write(fd, sl->q_buf, read_size) != (ssize_t) read_size) {
968 fprintf(stderr, "write() != read_size\n");
973 /* Ignore NULL Bytes at end of file */
974 if (!ftruncate(fd, size - num_empty)) {
987 int write_buffer_to_sram(stlink_t *sl, flash_loader_t* fl, const uint8_t* buf, size_t size) {
988 /* write the buffer right after the loader */
989 size_t chunk = size & ~0x3;
990 size_t rem = size & 0x3;
992 memcpy(sl->q_buf, buf, chunk);
993 stlink_write_mem32(sl, fl->buf_addr, chunk);
996 memcpy(sl->q_buf, buf+chunk, rem);
997 stlink_write_mem8(sl, (fl->buf_addr)+chunk, rem);
1002 uint32_t calculate_F4_sectornum(uint32_t flashaddr){
1003 flashaddr &= ~STM32_FLASH_BASE; //Page now holding the actual flash address
1004 if (flashaddr<0x4000) return (0);
1005 else if(flashaddr<0x8000) return(1);
1006 else if(flashaddr<0xc000) return(2);
1007 else if(flashaddr<0x10000) return(3);
1008 else if(flashaddr<0x20000) return(4);
1009 else return(flashaddr/0x20000)+4;
1013 uint32_t stlink_calculate_pagesize(stlink_t *sl, uint32_t flashaddr){
1014 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1015 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
1016 uint32_t sector=calculate_F4_sectornum(flashaddr);
1017 if (sector<4) sl->flash_pgsz=0x4000;
1018 else if(sector<5) sl->flash_pgsz=0x10000;
1019 else sl->flash_pgsz=0x20000;
1021 return (sl->flash_pgsz);
1025 * Erase a page of flash, assumes sl is fully populated with things like chip/core ids
1026 * @param sl stlink context
1027 * @param flashaddr an address in the flash page to erase
1028 * @return 0 on success -ve on failure
1030 int stlink_erase_flash_page(stlink_t *sl, stm32_addr_t flashaddr)
1032 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1033 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
1034 /* wait for ongoing op to finish */
1035 wait_flash_busy(sl);
1037 /* unlock if locked */
1038 unlock_flash_if(sl);
1040 /* select the page to erase */
1041 // calculate the actual page from the address
1042 uint32_t sector=calculate_F4_sectornum(flashaddr);
1044 fprintf(stderr, "EraseFlash - Sector:0x%x Size:0x%x\n", sector, stlink_calculate_pagesize(sl, flashaddr));
1045 write_flash_cr_snb(sl, sector);
1047 /* start erase operation */
1048 set_flash_cr_strt(sl);
1050 /* wait for completion */
1051 wait_flash_busy(sl);
1053 /* relock the flash */
1054 //todo: fails to program if this is in
1057 fprintf(stdout, "Erase Final CR:0x%x\n", read_flash_cr(sl));
1059 } else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1060 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE
1061 || sl->chip_id == STM32_CHIPID_L0) {
1064 uint32_t flash_regs_base;
1065 if (sl->chip_id == STM32_CHIPID_L0) {
1066 flash_regs_base = STM32L0_FLASH_REGS_ADDR;
1068 flash_regs_base = STM32L_FLASH_REGS_ADDR;
1071 /* check if the locks are set */
1072 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1073 if((val & (1<<0))||(val & (1<<1))) {
1074 /* disable pecr protection */
1075 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x89abcdef);
1076 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x02030405);
1078 /* check pecr.pelock is cleared */
1079 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1080 if (val & (1 << 0)) {
1081 WLOG("pecr.pelock not clear (%#x)\n", val);
1085 /* unlock program memory */
1086 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x8c9daebf);
1087 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x13141516);
1089 /* check pecr.prglock is cleared */
1090 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1091 if (val & (1 << 1)) {
1092 WLOG("pecr.prglock not clear (%#x)\n", val);
1097 /* set pecr.{erase,prog} */
1098 val |= (1 << 9) | (1 << 3);
1099 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1100 #if 0 /* fix_to_be_confirmed */
1102 /* wait for sr.busy to be cleared
1103 * MP: Test shows that busy bit is not set here. Perhaps, PM0062 is
1104 * wrong and we do not need to wait here for clearing the busy bit.
1105 * TEXANE: ok, if experience says so and it works for you, we comment
1106 * it. If someone has a problem, please drop an email.
1108 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1111 #endif /* fix_to_be_confirmed */
1113 /* write 0 to the first word of the page to be erased */
1114 stlink_write_debug32(sl, flashaddr, 0);
1116 /* MP: It is better to wait for clearing the busy bit after issuing
1117 page erase command, even though PM0062 recommends to wait before it.
1118 Test shows that a few iterations is performed in the following loop
1119 before busy bit is cleared.*/
1120 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0)
1123 /* reset lock bits */
1124 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF)
1125 | (1 << 0) | (1 << 1) | (1 << 2);
1126 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1127 } else if (sl->core_id == STM32VL_CORE_ID
1128 || sl->core_id == STM32F0_CORE_ID
1129 || sl->chip_id == STM32_CHIPID_F3
1130 || sl->chip_id == STM32_CHIPID_F37x
1131 || sl->chip_id == STM32_CHIPID_F334) {
1132 /* wait for ongoing op to finish */
1133 wait_flash_busy(sl);
1135 /* unlock if locked */
1136 unlock_flash_if(sl);
1138 /* set the page erase bit */
1139 set_flash_cr_per(sl);
1141 /* select the page to erase */
1142 write_flash_ar(sl, flashaddr);
1144 /* start erase operation, reset by hw with bsy bit */
1145 set_flash_cr_strt(sl);
1147 /* wait for completion */
1148 wait_flash_busy(sl);
1150 /* relock the flash */
1153 WLOG("unknown coreid %x, page erase failed\n", sl->core_id);
1157 /* todo: verify the erased page */
1162 int stlink_erase_flash_mass(stlink_t *sl) {
1163 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1164 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE
1165 || sl->chip_id == STM32_CHIPID_L0) {
1166 /* erase each page */
1167 int i = 0, num_pages = sl->flash_size/sl->flash_pgsz;
1168 for (i = 0; i < num_pages; i++) {
1169 /* addr must be an addr inside the page */
1170 stm32_addr_t addr = sl->flash_base + i * sl->flash_pgsz;
1171 if (stlink_erase_flash_page(sl, addr) == -1) {
1172 WLOG("Failed to erase_flash_page(%#zx) == -1\n", addr);
1175 fprintf(stdout,"\rFlash page at %5d/%5d erased", i, num_pages);
1178 fprintf(stdout, "\n");
1180 /* wait for ongoing op to finish */
1181 wait_flash_busy(sl);
1183 /* unlock if locked */
1184 unlock_flash_if(sl);
1186 /* set the mass erase bit */
1187 set_flash_cr_mer(sl);
1189 /* start erase operation, reset by hw with bsy bit */
1190 set_flash_cr_strt(sl);
1192 /* wait for completion */
1193 wait_flash_busy_progress(sl);
1195 /* relock the flash */
1198 /* todo: verify the erased memory */
1203 int init_flash_loader(stlink_t *sl, flash_loader_t* fl) {
1206 /* allocate the loader in sram */
1207 if (write_loader_to_sram(sl, &fl->loader_addr, &size) == -1) {
1208 WLOG("Failed to write flash loader to sram!\n");
1212 /* allocate a one page buffer in sram right after loader */
1213 fl->buf_addr = fl->loader_addr + size;
1214 ILOG("Successfully loaded flash loader in sram\n");
1218 int write_loader_to_sram(stlink_t *sl, stm32_addr_t* addr, size_t* size) {
1219 /* from openocd, contrib/loaders/flash/stm32.s */
1220 static const uint8_t loader_code_stm32vl[] = {
1221 0x08, 0x4c, /* ldr r4, STM32_FLASH_BASE */
1222 0x1c, 0x44, /* add r4, r3 */
1223 /* write_half_word: */
1224 0x01, 0x23, /* movs r3, #0x01 */
1225 0x23, 0x61, /* str r3, [r4, #STM32_FLASH_CR_OFFSET] */
1226 0x30, 0xf8, 0x02, 0x3b, /* ldrh r3, [r0], #0x02 */
1227 0x21, 0xf8, 0x02, 0x3b, /* strh r3, [r1], #0x02 */
1229 0xe3, 0x68, /* ldr r3, [r4, #STM32_FLASH_SR_OFFSET] */
1230 0x13, 0xf0, 0x01, 0x0f, /* tst r3, #0x01 */
1231 0xfb, 0xd0, /* beq busy */
1232 0x13, 0xf0, 0x14, 0x0f, /* tst r3, #0x14 */
1233 0x01, 0xd1, /* bne exit */
1234 0x01, 0x3a, /* subs r2, r2, #0x01 */
1235 0xf0, 0xd1, /* bne write_half_word */
1237 0x00, 0xbe, /* bkpt #0x00 */
1238 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1241 /* flashloaders/stm32f0.s -- thumb1 only, same sequence as for STM32VL, bank ignored */
1242 static const uint8_t loader_code_stm32f0[] = {
1245 * These two NOPs here are a safety precaution, added by Pekka Nikander
1246 * while debugging the STM32F05x support. They may not be needed, but
1247 * there were strange problems with simpler programs, like a program
1248 * that had just a breakpoint or a program that first moved zero to register r2
1249 * and then had a breakpoint. So, it appears safest to have these two nops.
1251 * Feel free to remove them, if you dare, but then please do test the result
1252 * rigorously. Also, if you remove these, it may be a good idea first to
1253 * #if 0 them out, with a comment when these were taken out, and to remove
1254 * these only a few months later... But YMMV.
1256 0x00, 0x30, // nop /* add r0,#0 */
1257 0x00, 0x30, // nop /* add r0,#0 */
1259 0x0A, 0x4C, // ldr r4, STM32_FLASH_BASE
1260 0x01, 0x25, // mov r5, #1 /* FLASH_CR_PG, FLASH_SR_BUSY */
1261 0x04, 0x26, // mov r6, #4 /* PGERR */
1263 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1264 0x2B, 0x43, // orr r3, r5
1265 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR |= FLASH_CR_PG */
1266 0x03, 0x88, // ldrh r3, [r0] /* r3 = *sram */
1267 0x0B, 0x80, // strh r3, [r1] /* *flash = r3 */
1269 0xE3, 0x68, // ldr r3, [r4, #12] /* FLASH->SR */
1270 0x2B, 0x42, // tst r3, r5 /* FLASH_SR_BUSY */
1271 0xFC, 0xD0, // beq busy
1273 0x33, 0x42, // tst r3, r6 /* PGERR */
1274 0x04, 0xD1, // bne exit
1276 0x02, 0x30, // add r0, r0, #2 /* sram += 2 */
1277 0x02, 0x31, // add r1, r1, #2 /* flash += 2 */
1278 0x01, 0x3A, // sub r2, r2, #0x01 /* count-- */
1279 0x00, 0x2A, // cmp r2, #0
1280 0xF0, 0xD1, // bne write_half_word
1282 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1283 0xAB, 0x43, // bic r3, r5
1284 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR &= ~FLASH_CR_PG */
1285 0x00, 0xBE, // bkpt #0x00
1286 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1289 static const uint8_t loader_code_stm32l[] = {
1291 /* openocd.git/contrib/loaders/flash/stm32lx.S
1292 r0, input, dest addr
1293 r1, input, source addr
1294 r2, input, word count
1295 r3, output, word count
1301 0x51, 0xf8, 0x04, 0xcb,
1302 0x40, 0xf8, 0x04, 0xcb,
1310 static const uint8_t loader_code_stm32l0[] = {
1313 r0, input, dest addr
1314 r1, input, source addr
1315 r2, input, word count
1316 r3, output, word count
1333 static const uint8_t loader_code_stm32f4[] = {
1334 // flashloaders/stm32f4.s
1343 0x14, 0xf0, 0x01, 0x0f,
1345 0x00, 0xf1, 0x04, 0x00,
1346 0x01, 0xf1, 0x04, 0x01,
1347 0xa2, 0xf1, 0x01, 0x02,
1352 0x00, 0x3c, 0x02, 0x40,
1355 const uint8_t* loader_code;
1358 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1359 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE) { /* stm32l */
1360 loader_code = loader_code_stm32l;
1361 loader_size = sizeof(loader_code_stm32l);
1362 } else if (sl->core_id == STM32VL_CORE_ID || sl->chip_id == STM32_CHIPID_F3 ||
1363 sl->chip_id == STM32_CHIPID_F37x || sl->chip_id == STM32_CHIPID_F334) {
1364 loader_code = loader_code_stm32vl;
1365 loader_size = sizeof(loader_code_stm32vl);
1366 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1367 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD || (sl->chip_id == STM32_CHIPID_F411RE)){
1368 loader_code = loader_code_stm32f4;
1369 loader_size = sizeof(loader_code_stm32f4);
1370 } else if (sl->chip_id == STM32_CHIPID_F0 || sl->chip_id == STM32_CHIPID_F0_CAN || sl->chip_id == STM32_CHIPID_F0_SMALL) {
1371 loader_code = loader_code_stm32f0;
1372 loader_size = sizeof(loader_code_stm32f0);
1373 } else if (sl->chip_id == STM32_CHIPID_L0) {
1374 loader_code = loader_code_stm32l0;
1375 loader_size = sizeof(loader_code_stm32l0);
1377 ELOG("unknown coreid, not sure what flash loader to use, aborting!: %x\n", sl->core_id);
1381 memcpy(sl->q_buf, loader_code, loader_size);
1382 stlink_write_mem32(sl, sl->sram_base, loader_size);
1384 *addr = sl->sram_base;
1385 *size = loader_size;
1391 int stlink_fcheck_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1392 /* check the contents of path are at addr */
1395 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1397 if (map_file(&mf, path) == -1)
1400 res = check_file(sl, &mf, addr);
1408 * Verify addr..addr+len is binary identical to base...base+len
1409 * @param sl stlink context
1410 * @param address stm device address
1411 * @param data host side buffer to check against
1412 * @param length how much
1413 * @return 0 for success, -ve for failure
1415 int stlink_verify_write_flash(stlink_t *sl, stm32_addr_t address, uint8_t *data, unsigned length) {
1417 size_t cmp_size = (sl->flash_pgsz > 0x1800)? 0x1800:sl->flash_pgsz;
1418 ILOG("Starting verification of write complete\n");
1419 for (off = 0; off < length; off += cmp_size) {
1420 size_t aligned_size;
1422 /* adjust last page size */
1423 if ((off + cmp_size) > length)
1424 cmp_size = length - off;
1426 aligned_size = cmp_size;
1427 if (aligned_size & (4 - 1))
1428 aligned_size = (cmp_size + 4) & ~(4 - 1);
1430 stlink_read_mem32(sl, address + off, aligned_size);
1432 if (memcmp(sl->q_buf, data + off, cmp_size)) {
1433 ELOG("Verification of flash failed at offset: %zd\n", off);
1437 ILOG("Flash written and verified! jolly good!\n");
1442 int stm32l1_write_half_pages(stlink_t *sl, stm32_addr_t addr, uint8_t* base, uint32_t len, uint32_t pagesize)
1445 unsigned int num_half_pages = len / pagesize;
1447 uint32_t flash_regs_base;
1450 if (sl->chip_id == STM32_CHIPID_L0) {
1451 flash_regs_base = STM32L0_FLASH_REGS_ADDR;
1453 flash_regs_base = STM32L_FLASH_REGS_ADDR;
1456 ILOG("Starting Half page flash write for STM32L core id\n");
1457 /* flash loader initialization */
1458 if (init_flash_loader(sl, &fl) == -1) {
1459 WLOG("init_flash_loader() == -1\n");
1462 /* Unlock already done */
1463 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1464 val |= (1 << FLASH_L1_FPRG);
1465 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1467 val |= (1 << FLASH_L1_PROG);
1468 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1469 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0) {}
1471 for (count = 0; count < num_half_pages; count ++) {
1472 if (run_flash_loader(sl, &fl, addr + count * pagesize, base + count * pagesize, pagesize) == -1) {
1473 WLOG("l1_run_flash_loader(%#zx) failed! == -1\n", addr + count * pagesize);
1474 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1475 val &= ~((1 << FLASH_L1_FPRG) |(1 << FLASH_L1_PROG));
1476 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1479 /* wait for sr.busy to be cleared */
1480 if (sl->verbose >= 1) {
1481 /* show progress. writing procedure is slow
1482 and previous errors are misleading */
1483 fprintf(stdout, "\r%3u/%u halfpages written", count + 1, num_half_pages);
1486 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0) {
1489 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1490 val &= ~(1 << FLASH_L1_PROG);
1491 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1492 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1493 val &= ~(1 << FLASH_L1_FPRG);
1494 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1499 int stlink_write_flash(stlink_t *sl, stm32_addr_t addr, uint8_t* base, uint32_t len) {
1502 ILOG("Attempting to write %d (%#x) bytes to stm32 address: %u (%#x)\n",
1503 len, len, addr, addr);
1504 /* check addr range is inside the flash */
1505 stlink_calculate_pagesize(sl, addr);
1506 if (addr < sl->flash_base) {
1507 ELOG("addr too low %#x < %#x\n", addr, sl->flash_base);
1509 } else if ((addr + len) < addr) {
1510 ELOG("addr overruns\n");
1512 } else if ((addr + len) > (sl->flash_base + sl->flash_size)) {
1513 ELOG("addr too high\n");
1515 } else if (addr & 1) {
1516 ELOG("unaligned addr 0x%x\n", addr);
1518 } else if (len & 1) {
1519 WLOG("unaligned len 0x%x -- padding with zero\n", len);
1521 } else if (addr & (sl->flash_pgsz - 1)) {
1522 ELOG("addr not a multiple of pagesize, not supported\n");
1526 // Make sure we've loaded the context with the chip details
1528 /* erase each page */
1530 for (off = 0; off < len; off += stlink_calculate_pagesize(sl, addr + off)) {
1531 /* addr must be an addr inside the page */
1532 if (stlink_erase_flash_page(sl, addr + off) == -1) {
1533 ELOG("Failed to erase_flash_page(%#zx) == -1\n", addr + off);
1536 fprintf(stdout,"\rFlash page at addr: 0x%08lx erased",
1537 (unsigned long)addr + off);
1541 fprintf(stdout,"\n");
1542 ILOG("Finished erasing %d pages of %d (%#x) bytes\n",
1543 page_count, sl->flash_pgsz, sl->flash_pgsz);
1545 if ((sl->chip_id == STM32_CHIPID_F2) ||
1546 (sl->chip_id == STM32_CHIPID_F4) ||
1547 (sl->chip_id == STM32_CHIPID_F4_DE) ||
1548 (sl->chip_id == STM32_CHIPID_F4_LP) ||
1549 (sl->chip_id == STM32_CHIPID_F4_HD) ||
1550 (sl->chip_id == STM32_CHIPID_F411RE)) {
1551 /* todo: check write operation */
1553 ILOG("Starting Flash write for F2/F4\n");
1554 /* flash loader initialization */
1555 if (init_flash_loader(sl, &fl) == -1) {
1556 ELOG("init_flash_loader() == -1\n");
1560 /* First unlock the cr */
1561 unlock_flash_if(sl);
1563 /* TODO: Check that Voltage range is 2.7 - 3.6 V */
1564 /* set parallelisim to 32 bit*/
1565 write_flash_cr_psiz(sl, 2);
1567 /* set programming mode */
1568 set_flash_cr_pg(sl);
1570 for(off = 0; off < len;) {
1571 size_t size = len - off > 0x8000 ? 0x8000 : len - off;
1573 printf("size: %zu\n", size);
1575 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1576 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1588 else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1589 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE
1590 || sl->chip_id == STM32_CHIPID_L0) {
1591 /* use fast word write. todo: half page. */
1593 uint32_t flash_regs_base;
1596 if (sl->chip_id == STM32_CHIPID_L0) {
1597 flash_regs_base = STM32L0_FLASH_REGS_ADDR;
1598 pagesize = L0_WRITE_BLOCK_SIZE;
1600 flash_regs_base = STM32L_FLASH_REGS_ADDR;
1601 pagesize = L1_WRITE_BLOCK_SIZE;
1604 /* todo: check write operation */
1606 /* disable pecr protection */
1607 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x89abcdef);
1608 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x02030405);
1610 /* check pecr.pelock is cleared */
1611 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1612 if (val & (1 << 0)) {
1613 fprintf(stderr, "pecr.pelock not clear\n");
1617 /* unlock program memory */
1618 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x8c9daebf);
1619 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x13141516);
1621 /* check pecr.prglock is cleared */
1622 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1623 if (val & (1 << 1)) {
1624 fprintf(stderr, "pecr.prglock not clear\n");
1628 if (len > pagesize) {
1629 if (stm32l1_write_half_pages(sl, addr, base, len, pagesize) == -1) {
1630 /* This may happen on a blank device! */
1631 WLOG("\nwrite_half_pages failed == -1\n");
1633 off = (len / pagesize)*pagesize;
1637 /* write remainingword in program memory */
1638 for ( ; off < len; off += sizeof(uint32_t)) {
1641 fprintf(stdout, "\r");
1643 if ((off % sl->flash_pgsz) > (sl->flash_pgsz -5)) {
1644 fprintf(stdout, "\r%3zd/%3zd pages written",
1645 off/sl->flash_pgsz, len/sl->flash_pgsz);
1649 write_uint32((unsigned char*) &data, *(uint32_t*) (base + off));
1650 stlink_write_debug32(sl, addr + off, data);
1652 /* wait for sr.busy to be cleared */
1653 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0)
1656 /* todo: check redo write operation */
1659 fprintf(stdout, "\n");
1660 /* reset lock bits */
1661 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF)
1662 | (1 << 0) | (1 << 1) | (1 << 2);
1663 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1664 } else if (sl->core_id == STM32VL_CORE_ID ||
1665 sl->core_id == STM32F0_CORE_ID ||
1666 sl->chip_id == STM32_CHIPID_F3 ||
1667 sl->chip_id == STM32_CHIPID_F334 ||
1668 sl->chip_id == STM32_CHIPID_F37x) {
1669 ILOG("Starting Flash write for VL/F0/F3 core id\n");
1670 /* flash loader initialization */
1671 if (init_flash_loader(sl, &fl) == -1) {
1672 ELOG("init_flash_loader() == -1\n");
1676 int write_block_count = 0;
1677 for (off = 0; off < len; off += sl->flash_pgsz) {
1678 /* adjust last write size */
1679 size_t size = sl->flash_pgsz;
1680 if ((off + sl->flash_pgsz) > len) size = len - off;
1682 /* unlock and set programming mode */
1683 unlock_flash_if(sl);
1684 set_flash_cr_pg(sl);
1685 //DLOG("Finished setting flash cr pg, running loader!\n");
1686 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1687 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1691 if (sl->verbose >= 1) {
1692 /* show progress. writing procedure is slow
1693 and previous errors are misleading */
1694 fprintf(stdout, "\r%3u/%lu pages written", write_block_count++, (unsigned long)len/sl->flash_pgsz);
1698 fprintf(stdout, "\n");
1700 ELOG("unknown coreid, not sure how to write: %x\n", sl->core_id);
1704 return stlink_verify_write_flash(sl, addr, base, len);
1708 * Write the given binary file into flash at address "addr"
1710 * @param path readable file path, should be binary image
1711 * @param addr where to start writing
1712 * @return 0 on success, -ve on failure.
1714 int stlink_fwrite_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1715 /* write the file in flash at addr */
1717 unsigned int num_empty = 0, index;
1718 unsigned char erased_pattern =(sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1719 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE )?0:0xff;
1720 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1721 if (map_file(&mf, path) == -1) {
1722 ELOG("map_file() == -1\n");
1725 for(index = 0; index < mf.len; index ++) {
1726 if (mf.base[index] == erased_pattern)
1731 /* Round down to words */
1732 num_empty -= (num_empty & 3);
1733 if(num_empty != 0) {
1734 ILOG("Ignoring %d bytes of 0x%02x at end of file\n", num_empty, erased_pattern);
1735 mf.len -= num_empty;
1737 err = stlink_write_flash(sl, addr, mf.base, mf.len);
1739 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
1740 /* Set PC to the reset routine*/
1741 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
1747 int run_flash_loader(stlink_t *sl, flash_loader_t* fl, stm32_addr_t target, const uint8_t* buf, size_t size) {
1751 DLOG("Running flash loader, write address:%#x, size: %zd\n", target, size);
1752 // FIXME This can never return -1
1753 if (write_buffer_to_sram(sl, fl, buf, size) == -1) {
1755 ELOG("write_buffer_to_sram() == -1\n");
1759 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1760 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE
1761 || sl->chip_id == STM32_CHIPID_L0) {
1763 size_t count = size / sizeof(uint32_t);
1764 if (size % sizeof(uint32_t)) ++count;
1767 stlink_write_reg(sl, target, 0); /* target */
1768 stlink_write_reg(sl, fl->buf_addr, 1); /* source */
1769 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1770 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1772 } else if (sl->core_id == STM32VL_CORE_ID ||
1773 sl->core_id == STM32F0_CORE_ID ||
1774 sl->chip_id == STM32_CHIPID_F3 ||
1775 sl->chip_id == STM32_CHIPID_F37x ||
1776 sl->chip_id == STM32_CHIPID_F334) {
1778 size_t count = size / sizeof(uint16_t);
1779 if (size % sizeof(uint16_t)) ++count;
1782 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1783 stlink_write_reg(sl, target, 1); /* target */
1784 stlink_write_reg(sl, count, 2); /* count (16 bits half words) */
1785 stlink_write_reg(sl, 0, 3); /* flash bank 0 (input) */
1786 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1788 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1789 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD || (sl->chip_id == STM32_CHIPID_F411RE)) {
1791 size_t count = size / sizeof(uint32_t);
1792 if (size % sizeof(uint32_t)) ++count;
1795 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1796 stlink_write_reg(sl, target, 1); /* target */
1797 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1798 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1801 fprintf(stderr, "unknown coreid 0x%x, don't know what flash loader to use\n", sl->core_id);
1808 #define WAIT_ROUNDS 10000
1809 /* wait until done (reaches breakpoint) */
1810 for (i = 0; i < WAIT_ROUNDS; i++) {
1812 if (is_core_halted(sl))
1816 if (i >= WAIT_ROUNDS) {
1817 ELOG("flash loader run error\n");
1821 /* check written byte count */
1822 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1823 || sl->chip_id == STM32_CHIPID_L1_HIGH || sl->chip_id == STM32_CHIPID_L152_RE
1824 || sl->chip_id == STM32_CHIPID_L0) {
1826 size_t count = size / sizeof(uint32_t);
1827 if (size % sizeof(uint32_t)) ++count;
1829 stlink_read_reg(sl, 3, &rr);
1830 if (rr.r[3] != count) {
1831 fprintf(stderr, "write error, count == %u\n", rr.r[3]);
1835 } else if (sl->core_id == STM32VL_CORE_ID ||
1836 sl->core_id == STM32F0_CORE_ID ||
1837 sl->chip_id == STM32_CHIPID_F3 ||
1838 sl->chip_id == STM32_CHIPID_F37x ||
1839 sl->chip_id == STM32_CHIPID_F334) {
1841 stlink_read_reg(sl, 2, &rr);
1843 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1847 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1848 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD || (sl->chip_id == STM32_CHIPID_F411RE)) {
1850 stlink_read_reg(sl, 2, &rr);
1852 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1858 fprintf(stderr, "unknown coreid 0x%x, can't check written byte count\n", sl->core_id);