10 #include <sys/types.h>
14 #include "stlink-common.h"
15 #include "uglylogging.h"
22 #define LOG_TAG __FILE__
23 #define DLOG(format, args...) ugly_log(UDEBUG, LOG_TAG, format, ## args)
24 #define ILOG(format, args...) ugly_log(UINFO, LOG_TAG, format, ## args)
25 #define WLOG(format, args...) ugly_log(UWARN, LOG_TAG, format, ## args)
26 #define ELOG(format, args...) ugly_log(UERROR, LOG_TAG, format, ## args)
27 #define fatal(format, args...) ugly_log(UFATAL, LOG_TAG, format, ## args)
29 /* todo: stm32l15xxx flash memory, pm0062 manual */
31 /* stm32f FPEC flash controller interface, pm0063 manual */
32 // TODO - all of this needs to be abstracted out....
33 // STM32F05x is identical, based on RM0091 (DM00031936, Doc ID 018940 Rev 2, August 2012)
34 #define FLASH_REGS_ADDR 0x40022000
35 #define FLASH_REGS_SIZE 0x28
37 #define FLASH_ACR (FLASH_REGS_ADDR + 0x00)
38 #define FLASH_KEYR (FLASH_REGS_ADDR + 0x04)
39 #define FLASH_SR (FLASH_REGS_ADDR + 0x0c)
40 #define FLASH_CR (FLASH_REGS_ADDR + 0x10)
41 #define FLASH_AR (FLASH_REGS_ADDR + 0x14)
42 #define FLASH_OBR (FLASH_REGS_ADDR + 0x1c)
43 #define FLASH_WRPR (FLASH_REGS_ADDR + 0x20)
45 // For STM32F05x, the RDPTR_KEY may be wrong, but as it is not used anywhere...
46 #define FLASH_RDPTR_KEY 0x00a5
47 #define FLASH_KEY1 0x45670123
48 #define FLASH_KEY2 0xcdef89ab
50 #define FLASH_SR_BSY 0
51 #define FLASH_SR_EOP 5
54 #define FLASH_CR_PER 1
55 #define FLASH_CR_MER 2
56 #define FLASH_CR_STRT 6
57 #define FLASH_CR_LOCK 7
60 //32L = 32F1 same CoreID as 32F4!
61 #define STM32L_FLASH_REGS_ADDR ((uint32_t)0x40023c00)
62 #define STM32L_FLASH_ACR (STM32L_FLASH_REGS_ADDR + 0x00)
63 #define STM32L_FLASH_PECR (STM32L_FLASH_REGS_ADDR + 0x04)
64 #define STM32L_FLASH_PDKEYR (STM32L_FLASH_REGS_ADDR + 0x08)
65 #define STM32L_FLASH_PEKEYR (STM32L_FLASH_REGS_ADDR + 0x0c)
66 #define STM32L_FLASH_PRGKEYR (STM32L_FLASH_REGS_ADDR + 0x10)
67 #define STM32L_FLASH_OPTKEYR (STM32L_FLASH_REGS_ADDR + 0x14)
68 #define STM32L_FLASH_SR (STM32L_FLASH_REGS_ADDR + 0x18)
69 #define STM32L_FLASH_OBR (STM32L_FLASH_REGS_ADDR + 0x1c)
70 #define STM32L_FLASH_WRPR (STM32L_FLASH_REGS_ADDR + 0x20)
71 #define FLASH_L1_FPRG 10
72 #define FLASH_L1_PROG 3
76 #define FLASH_F4_REGS_ADDR ((uint32_t)0x40023c00)
77 #define FLASH_F4_KEYR (FLASH_F4_REGS_ADDR + 0x04)
78 #define FLASH_F4_OPT_KEYR (FLASH_F4_REGS_ADDR + 0x08)
79 #define FLASH_F4_SR (FLASH_F4_REGS_ADDR + 0x0c)
80 #define FLASH_F4_CR (FLASH_F4_REGS_ADDR + 0x10)
81 #define FLASH_F4_OPT_CR (FLASH_F4_REGS_ADDR + 0x14)
82 #define FLASH_F4_CR_STRT 16
83 #define FLASH_F4_CR_LOCK 31
84 #define FLASH_F4_CR_SER 1
85 #define FLASH_F4_CR_SNB 3
86 #define FLASH_F4_CR_SNB_MASK 0x38
87 #define FLASH_F4_SR_BSY 16
90 void write_uint32(unsigned char* buf, uint32_t ui) {
91 if (!is_bigendian()) { // le -> le (don't swap)
92 buf[0] = ((unsigned char*) &ui)[0];
93 buf[1] = ((unsigned char*) &ui)[1];
94 buf[2] = ((unsigned char*) &ui)[2];
95 buf[3] = ((unsigned char*) &ui)[3];
97 buf[0] = ((unsigned char*) &ui)[3];
98 buf[1] = ((unsigned char*) &ui)[2];
99 buf[2] = ((unsigned char*) &ui)[1];
100 buf[3] = ((unsigned char*) &ui)[0];
104 void write_uint16(unsigned char* buf, uint16_t ui) {
105 if (!is_bigendian()) { // le -> le (don't swap)
106 buf[0] = ((unsigned char*) &ui)[0];
107 buf[1] = ((unsigned char*) &ui)[1];
109 buf[0] = ((unsigned char*) &ui)[1];
110 buf[1] = ((unsigned char*) &ui)[0];
114 uint32_t read_uint32(const unsigned char *c, const int pt) {
116 char *p = (char *) &ui;
118 if (!is_bigendian()) { // le -> le (don't swap)
132 static uint32_t __attribute__((unused)) read_flash_rdp(stlink_t *sl) {
133 return stlink_read_debug32(sl, FLASH_WRPR) & 0xff;
136 static inline uint32_t read_flash_wrpr(stlink_t *sl) {
137 return stlink_read_debug32(sl, FLASH_WRPR);
140 static inline uint32_t read_flash_obr(stlink_t *sl) {
141 return stlink_read_debug32(sl, FLASH_OBR);
144 static inline uint32_t read_flash_cr(stlink_t *sl) {
146 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
147 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD))
148 res = stlink_read_debug32(sl, FLASH_F4_CR);
150 res = stlink_read_debug32(sl, FLASH_CR);
152 fprintf(stdout, "CR:0x%x\n", res);
157 static inline unsigned int is_flash_locked(stlink_t *sl) {
158 /* return non zero for true */
159 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
160 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD))
161 return read_flash_cr(sl) & (1 << FLASH_F4_CR_LOCK);
163 return read_flash_cr(sl) & (1 << FLASH_CR_LOCK);
166 static void unlock_flash(stlink_t *sl) {
167 /* the unlock sequence consists of 2 write cycles where
168 2 key values are written to the FLASH_KEYR register.
169 an invalid sequence results in a definitive lock of
170 the FPEC block until next reset.
172 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
173 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD)) {
174 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY1);
175 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY2);
177 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY1);
178 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY2);
183 static int unlock_flash_if(stlink_t *sl) {
184 /* unlock flash if already locked */
186 if (is_flash_locked(sl)) {
188 if (is_flash_locked(sl)) {
189 WLOG("Failed to unlock flash!\n");
193 DLOG("Successfully unlocked flash\n");
197 static void lock_flash(stlink_t *sl) {
198 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
199 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD)) {
200 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_F4_CR_LOCK);
201 stlink_write_debug32(sl, FLASH_F4_CR, n);
203 /* write to 1 only. reset by hw at unlock sequence */
204 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_CR_LOCK);
205 stlink_write_debug32(sl, FLASH_CR, n);
210 static void set_flash_cr_pg(stlink_t *sl) {
211 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
212 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD)) {
213 uint32_t x = read_flash_cr(sl);
214 x |= (1 << FLASH_CR_PG);
215 stlink_write_debug32(sl, FLASH_F4_CR, x);
217 const uint32_t n = 1 << FLASH_CR_PG;
218 stlink_write_debug32(sl, FLASH_CR, n);
222 static void __attribute__((unused)) clear_flash_cr_pg(stlink_t *sl) {
223 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PG);
224 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
225 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD))
226 stlink_write_debug32(sl, FLASH_F4_CR, n);
228 stlink_write_debug32(sl, FLASH_CR, n);
231 static void set_flash_cr_per(stlink_t *sl) {
232 const uint32_t n = 1 << FLASH_CR_PER;
233 stlink_write_debug32(sl, FLASH_CR, n);
236 static void __attribute__((unused)) clear_flash_cr_per(stlink_t *sl) {
237 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PER);
238 stlink_write_debug32(sl, FLASH_CR, n);
241 static void set_flash_cr_mer(stlink_t *sl) {
242 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
243 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD))
244 stlink_write_debug32(sl, FLASH_F4_CR,
245 stlink_read_debug32(sl, FLASH_F4_CR) | (1 << FLASH_CR_MER));
247 stlink_write_debug32(sl, FLASH_CR,
248 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_MER));
251 static void __attribute__((unused)) clear_flash_cr_mer(stlink_t *sl) {
252 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
253 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD))
254 stlink_write_debug32(sl, FLASH_F4_CR,
255 stlink_read_debug32(sl, FLASH_F4_CR) & ~(1 << FLASH_CR_MER));
257 stlink_write_debug32(sl, FLASH_CR,
258 stlink_read_debug32(sl, FLASH_CR) & ~(1 << FLASH_CR_MER));
261 static void set_flash_cr_strt(stlink_t *sl) {
262 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
263 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD)) {
264 uint32_t x = read_flash_cr(sl);
265 x |= (1 << FLASH_F4_CR_STRT);
266 stlink_write_debug32(sl, FLASH_F4_CR, x);
268 stlink_write_debug32(sl, FLASH_CR,
269 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_STRT) );
273 static inline uint32_t read_flash_acr(stlink_t *sl) {
274 return stlink_read_debug32(sl, FLASH_ACR);
277 static inline uint32_t read_flash_sr(stlink_t *sl) {
279 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
280 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD))
281 res = stlink_read_debug32(sl, FLASH_F4_SR);
283 res = stlink_read_debug32(sl, FLASH_SR);
284 //fprintf(stdout, "SR:0x%x\n", *(uint32_t*) sl->q_buf);
288 static inline unsigned int is_flash_busy(stlink_t *sl) {
289 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
290 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD))
291 return read_flash_sr(sl) & (1 << FLASH_F4_SR_BSY);
293 return read_flash_sr(sl) & (1 << FLASH_SR_BSY);
296 static void wait_flash_busy(stlink_t *sl) {
297 /* todo: add some delays here */
298 while (is_flash_busy(sl))
302 static void wait_flash_busy_progress(stlink_t *sl) {
304 fprintf(stdout, "Mass erasing");
306 while (is_flash_busy(sl)) {
310 fprintf(stdout, ".");
314 fprintf(stdout, "\n");
317 static inline unsigned int is_flash_eop(stlink_t *sl) {
318 return read_flash_sr(sl) & (1 << FLASH_SR_EOP);
321 static void __attribute__((unused)) clear_flash_sr_eop(stlink_t *sl) {
322 const uint32_t n = read_flash_sr(sl) & ~(1 << FLASH_SR_EOP);
323 stlink_write_debug32(sl, FLASH_SR, n);
326 static void __attribute__((unused)) wait_flash_eop(stlink_t *sl) {
327 /* todo: add some delays here */
328 while (is_flash_eop(sl) == 0)
332 static inline void write_flash_ar(stlink_t *sl, uint32_t n) {
333 stlink_write_debug32(sl, FLASH_AR, n);
336 static inline void write_flash_cr_psiz(stlink_t *sl, uint32_t n) {
337 uint32_t x = read_flash_cr(sl);
341 fprintf(stdout, "PSIZ:0x%x 0x%x\n", x, n);
343 stlink_write_debug32(sl, FLASH_F4_CR, x);
347 static inline void write_flash_cr_snb(stlink_t *sl, uint32_t n) {
348 uint32_t x = read_flash_cr(sl);
349 x &= ~FLASH_F4_CR_SNB_MASK;
350 x |= (n << FLASH_F4_CR_SNB);
351 x |= (1 << FLASH_F4_CR_SER);
353 fprintf(stdout, "SNB:0x%x 0x%x\n", x, n);
355 stlink_write_debug32(sl, FLASH_F4_CR, x);
360 static void disable_flash_read_protection(stlink_t *sl) {
361 /* erase the option byte area */
368 // Delegates to the backends...
370 void stlink_close(stlink_t *sl) {
371 DLOG("*** stlink_close ***\n");
372 sl->backend->close(sl);
376 void stlink_exit_debug_mode(stlink_t *sl) {
377 DLOG("*** stlink_exit_debug_mode ***\n");
378 stlink_write_debug32(sl, DHCSR, DBGKEY);
379 sl->backend->exit_debug_mode(sl);
382 void stlink_enter_swd_mode(stlink_t *sl) {
383 DLOG("*** stlink_enter_swd_mode ***\n");
384 sl->backend->enter_swd_mode(sl);
387 // Force the core into the debug mode -> halted state.
388 void stlink_force_debug(stlink_t *sl) {
389 DLOG("*** stlink_force_debug_mode ***\n");
390 sl->backend->force_debug(sl);
393 void stlink_exit_dfu_mode(stlink_t *sl) {
394 DLOG("*** stlink_exit_dfu_mode ***\n");
395 sl->backend->exit_dfu_mode(sl);
398 uint32_t stlink_core_id(stlink_t *sl) {
399 DLOG("*** stlink_core_id ***\n");
400 sl->backend->core_id(sl);
402 stlink_print_data(sl);
403 DLOG("core_id = 0x%08x\n", sl->core_id);
407 uint32_t stlink_chip_id(stlink_t *sl) {
408 uint32_t chip_id = stlink_read_debug32(sl, 0xE0042000);
409 if (chip_id == 0) chip_id = stlink_read_debug32(sl, 0x40015800); //Try Corex M0 DBGMCU_IDCODE register address
414 * Cortex m3 tech ref manual, CPUID register description
415 * @param sl stlink context
416 * @param cpuid pointer to the result object
418 void stlink_cpu_id(stlink_t *sl, cortex_m3_cpuid_t *cpuid) {
419 uint32_t raw = stlink_read_debug32(sl, CM3_REG_CPUID);
420 cpuid->implementer_id = (raw >> 24) & 0x7f;
421 cpuid->variant = (raw >> 20) & 0xf;
422 cpuid->part = (raw >> 4) & 0xfff;
423 cpuid->revision = raw & 0xf;
428 * reads and decodes the flash parameters, as dynamically as possible
430 * @return 0 for success, or -1 for unsupported core type.
432 int stlink_load_device_params(stlink_t *sl) {
433 ILOG("Loading device parameters....\n");
434 const chip_params_t *params = NULL;
435 sl->core_id = stlink_core_id(sl);
436 uint32_t chip_id = stlink_chip_id(sl);
439 sl->chip_id = chip_id & 0xfff;
440 /* Fix chip_id for F4 rev A errata , Read CPU ID, as CoreID is the same for F2/F4*/
441 if (sl->chip_id == 0x411) {
442 uint32_t cpuid = stlink_read_debug32(sl, 0xE000ED00);
443 if ((cpuid & 0xfff0) == 0xc240)
447 for (size_t i = 0; i < sizeof(devices) / sizeof(devices[0]); i++) {
448 if(devices[i].chip_id == sl->chip_id) {
449 params = &devices[i];
453 if (params == NULL) {
454 WLOG("unknown chip id! %#x\n", chip_id);
458 // These are fixed...
459 sl->flash_base = STM32_FLASH_BASE;
460 sl->sram_base = STM32_SRAM_BASE;
461 flash_size = stlink_read_debug32(sl,(params->flash_size_reg) & ~3);
462 if (params->flash_size_reg & 2)
463 flash_size = flash_size >>16;
464 flash_size = flash_size & 0xffff;
466 if ((sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS) && ( flash_size == 0 )) {
467 sl->flash_size = 128 * 1024;
468 } else if ((sl->chip_id & 0xFFF) == STM32_CHIPID_L1_HIGH) {
469 // 0 is 384k and 1 is 256k
470 if ( flash_size == 0 ) {
471 sl->flash_size = 384 * 1024;
473 sl->flash_size = 256 * 1024;
476 sl->flash_size = flash_size * 1024;
478 sl->flash_pgsz = params->flash_pagesize;
479 sl->sram_size = params->sram_size;
480 sl->sys_base = params->bootrom_base;
481 sl->sys_size = params->bootrom_size;
483 ILOG("Device connected is: %s, id %#x\n", params->description, chip_id);
484 // TODO make note of variable page size here.....
485 ILOG("SRAM size: %#x bytes (%d KiB), Flash: %#x bytes (%d KiB) in pages of %zd bytes\n",
486 sl->sram_size, sl->sram_size / 1024, sl->flash_size, sl->flash_size / 1024,
491 void stlink_reset(stlink_t *sl) {
492 DLOG("*** stlink_reset ***\n");
493 sl->backend->reset(sl);
496 void stlink_jtag_reset(stlink_t *sl, int value) {
497 DLOG("*** stlink_jtag_reset ***\n");
498 sl->backend->jtag_reset(sl, value);
501 void stlink_run(stlink_t *sl) {
502 DLOG("*** stlink_run ***\n");
503 sl->backend->run(sl);
506 void stlink_status(stlink_t *sl) {
507 DLOG("*** stlink_status ***\n");
508 sl->backend->status(sl);
509 stlink_core_stat(sl);
513 * Decode the version bits, originally from -sg, verified with usb
514 * @param sl stlink context, assumed to contain valid data in the buffer
515 * @param slv output parsed version object
517 void _parse_version(stlink_t *sl, stlink_version_t *slv) {
518 uint32_t b0 = sl->q_buf[0]; //lsb
519 uint32_t b1 = sl->q_buf[1];
520 uint32_t b2 = sl->q_buf[2];
521 uint32_t b3 = sl->q_buf[3];
522 uint32_t b4 = sl->q_buf[4];
523 uint32_t b5 = sl->q_buf[5]; //msb
525 // b0 b1 || b2 b3 | b4 b5
526 // 4b | 6b | 6b || 2B | 2B
527 // stlink_v | jtag_v | swim_v || st_vid | stlink_pid
529 slv->stlink_v = (b0 & 0xf0) >> 4;
530 slv->jtag_v = ((b0 & 0x0f) << 2) | ((b1 & 0xc0) >> 6);
531 slv->swim_v = b1 & 0x3f;
532 slv->st_vid = (b3 << 8) | b2;
533 slv->stlink_pid = (b5 << 8) | b4;
537 void stlink_version(stlink_t *sl) {
538 DLOG("*** looking up stlink version\n");
539 sl->backend->version(sl);
540 _parse_version(sl, &sl->version);
542 DLOG("st vid = 0x%04x (expect 0x%04x)\n", sl->version.st_vid, USB_ST_VID);
543 DLOG("stlink pid = 0x%04x\n", sl->version.stlink_pid);
544 DLOG("stlink version = 0x%x\n", sl->version.stlink_v);
545 DLOG("jtag version = 0x%x\n", sl->version.jtag_v);
546 DLOG("swim version = 0x%x\n", sl->version.swim_v);
547 if (sl->version.jtag_v == 0) {
548 DLOG(" notice: the firmware doesn't support a jtag/swd interface\n");
550 if (sl->version.swim_v == 0) {
551 DLOG(" notice: the firmware doesn't support a swim interface\n");
555 int stlink_target_voltage(stlink_t *sl) {
557 DLOG("*** reading target voltage\n");
558 if (sl->backend->target_voltage != NULL) {
559 voltage = sl->backend->target_voltage(sl);
561 DLOG("target voltage = %ldmV\n", voltage);
563 DLOG("error reading target voltage\n");
566 DLOG("reading voltage not supported by backend\n");
571 uint32_t stlink_read_debug32(stlink_t *sl, uint32_t addr) {
572 uint32_t data = sl->backend->read_debug32(sl, addr);
573 DLOG("*** stlink_read_debug32 %x is %#x\n", data, addr);
577 void stlink_write_debug32(stlink_t *sl, uint32_t addr, uint32_t data) {
578 DLOG("*** stlink_write_debug32 %x to %#x\n", data, addr);
579 sl->backend->write_debug32(sl, addr, data);
582 void stlink_write_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
583 DLOG("*** stlink_write_mem32 %u bytes to %#x\n", len, addr);
585 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n", len % 4);
588 sl->backend->write_mem32(sl, addr, len);
591 void stlink_read_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
592 DLOG("*** stlink_read_mem32 ***\n");
593 if (len % 4 != 0) { // !!! never ever: fw gives just wrong values
594 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n",
598 sl->backend->read_mem32(sl, addr, len);
601 void stlink_write_mem8(stlink_t *sl, uint32_t addr, uint16_t len) {
602 DLOG("*** stlink_write_mem8 ***\n");
603 if (len > 0x40 ) { // !!! never ever: Writing more then 0x40 bytes gives unexpected behaviour
604 fprintf(stderr, "Error: Data length > 64: +%d byte.\n",
608 sl->backend->write_mem8(sl, addr, len);
611 void stlink_read_all_regs(stlink_t *sl, reg *regp) {
612 DLOG("*** stlink_read_all_regs ***\n");
613 sl->backend->read_all_regs(sl, regp);
616 void stlink_read_all_unsupported_regs(stlink_t *sl, reg *regp) {
617 DLOG("*** stlink_read_all_unsupported_regs ***\n");
618 sl->backend->read_all_unsupported_regs(sl, regp);
621 void stlink_write_reg(stlink_t *sl, uint32_t reg, int idx) {
622 DLOG("*** stlink_write_reg\n");
623 sl->backend->write_reg(sl, reg, idx);
626 void stlink_read_reg(stlink_t *sl, int r_idx, reg *regp) {
627 DLOG("*** stlink_read_reg\n");
628 DLOG(" (%d) ***\n", r_idx);
630 if (r_idx > 20 || r_idx < 0) {
631 fprintf(stderr, "Error: register index must be in [0..20]\n");
635 sl->backend->read_reg(sl, r_idx, regp);
638 void stlink_read_unsupported_reg(stlink_t *sl, int r_idx, reg *regp) {
641 DLOG("*** stlink_read_unsupported_reg\n");
642 DLOG(" (%d) ***\n", r_idx);
644 /* Convert to values used by DCRSR */
645 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
647 } else if (r_idx == 0x40) { /* FPSCR */
649 } else if (r_idx >= 0x20 && r_idx < 0x40) {
650 r_convert = 0x40 + (r_idx - 0x20);
652 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
656 sl->backend->read_unsupported_reg(sl, r_convert, regp);
659 void stlink_write_unsupported_reg(stlink_t *sl, uint32_t val, int r_idx, reg *regp) {
662 DLOG("*** stlink_write_unsupported_reg\n");
663 DLOG(" (%d) ***\n", r_idx);
665 /* Convert to values used by DCRSR */
666 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
667 r_convert = r_idx; /* The backend function handles this */
668 } else if (r_idx == 0x40) { /* FPSCR */
670 } else if (r_idx >= 0x20 && r_idx < 0x40) {
671 r_convert = 0x40 + (r_idx - 0x20);
673 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
677 sl->backend->write_unsupported_reg(sl, val, r_convert, regp);
680 unsigned int is_core_halted(stlink_t *sl) {
681 /* return non zero if core is halted */
683 return sl->q_buf[0] == STLINK_CORE_HALTED;
686 void stlink_step(stlink_t *sl) {
687 DLOG("*** stlink_step ***\n");
688 sl->backend->step(sl);
691 int stlink_current_mode(stlink_t *sl) {
692 int mode = sl->backend->current_mode(sl);
694 case STLINK_DEV_DFU_MODE:
695 DLOG("stlink current mode: dfu\n");
697 case STLINK_DEV_DEBUG_MODE:
698 DLOG("stlink current mode: debug (jtag or swd)\n");
700 case STLINK_DEV_MASS_MODE:
701 DLOG("stlink current mode: mass\n");
704 DLOG("stlink mode: unknown!\n");
705 return STLINK_DEV_UNKNOWN_MODE;
711 // End of delegates.... Common code below here...
714 // http://www.ibm.com/developerworks/aix/library/au-endianc/index.html
716 // #define is_bigendian() ( (*(char*)&i) == 0 )
718 inline unsigned int is_bigendian(void) {
719 static volatile const unsigned int i = 1;
720 return *(volatile const char*) &i == 0;
723 uint16_t read_uint16(const unsigned char *c, const int pt) {
725 char *p = (char *) &ui;
727 if (!is_bigendian()) { // le -> le (don't swap)
737 // same as above with entrypoint.
739 void stlink_run_at(stlink_t *sl, stm32_addr_t addr) {
740 stlink_write_reg(sl, addr, 15); /* pc register */
744 while (is_core_halted(sl) == 0)
748 void stlink_core_stat(stlink_t *sl) {
752 switch (sl->q_buf[0]) {
753 case STLINK_CORE_RUNNING:
754 sl->core_stat = STLINK_CORE_RUNNING;
755 DLOG(" core status: running\n");
757 case STLINK_CORE_HALTED:
758 sl->core_stat = STLINK_CORE_HALTED;
759 DLOG(" core status: halted\n");
762 sl->core_stat = STLINK_CORE_STAT_UNKNOWN;
763 fprintf(stderr, " core status: unknown\n");
767 void stlink_print_data(stlink_t * sl) {
768 if (sl->q_len <= 0 || sl->verbose < UDEBUG)
771 fprintf(stdout, "data_len = %d 0x%x\n", sl->q_len, sl->q_len);
773 for (int i = 0; i < sl->q_len; i++) {
776 if (sl->q_data_dir == Q_DATA_OUT)
777 fprintf(stdout, "\n<- 0x%08x ", sl->q_addr + i);
779 fprintf(stdout, "\n-> 0x%08x ", sl->q_addr + i);
782 fprintf(stdout, " %02x", (unsigned int) sl->q_buf[i]);
784 fputs("\n\n", stdout);
787 /* memory mapped file */
789 typedef struct mapped_file {
794 #define MAPPED_FILE_INITIALIZER { NULL, 0 }
796 static int map_file(mapped_file_t* mf, const char* path) {
800 const int fd = open(path, O_RDONLY | O_BINARY);
802 fprintf(stderr, "open(%s) == -1\n", path);
806 if (fstat(fd, &st) == -1) {
807 fprintf(stderr, "fstat() == -1\n");
811 mf->base = (uint8_t*) mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
812 if (mf->base == MAP_FAILED) {
813 fprintf(stderr, "mmap() == MAP_FAILED\n");
817 mf->len = st.st_size;
828 static void unmap_file(mapped_file_t * mf) {
829 munmap((void*) mf->base, mf->len);
830 mf->base = (unsigned char*) MAP_FAILED;
834 /* Limit the block size to compare to 0x1800
835 Anything larger will stall the STLINK2
836 Maybe STLINK V1 needs smaller value!*/
837 static int check_file(stlink_t* sl, mapped_file_t* mf, stm32_addr_t addr) {
839 size_t n_cmp = sl->flash_pgsz;
843 for (off = 0; off < mf->len; off += n_cmp) {
846 /* adjust last page size */
847 size_t cmp_size = n_cmp;
848 if ((off + n_cmp) > mf->len)
849 cmp_size = mf->len - off;
851 aligned_size = cmp_size;
852 if (aligned_size & (4 - 1))
853 aligned_size = (cmp_size + 4) & ~(4 - 1);
855 stlink_read_mem32(sl, addr + off, aligned_size);
857 if (memcmp(sl->q_buf, mf->base + off, cmp_size))
864 int stlink_fwrite_sram
865 (stlink_t * sl, const char* path, stm32_addr_t addr) {
866 /* write the file in sram at addr */
870 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
873 if (map_file(&mf, path) == -1) {
874 fprintf(stderr, "map_file() == -1\n");
878 /* check addr range is inside the sram */
879 if (addr < sl->sram_base) {
880 fprintf(stderr, "addr too low\n");
882 } else if ((addr + mf.len) < addr) {
883 fprintf(stderr, "addr overruns\n");
885 } else if ((addr + mf.len) > (sl->sram_base + sl->sram_size)) {
886 fprintf(stderr, "addr too high\n");
888 } else if ((addr & 3) || (mf.len & 3)) {
890 fprintf(stderr, "unaligned addr or size\n");
893 /* do the copy by 1k blocks */
894 for (off = 0; off < mf.len; off += 1024) {
896 if ((off + size) > mf.len)
899 memcpy(sl->q_buf, mf.base + off, size);
901 /* round size if needed */
905 stlink_write_mem32(sl, addr + off, size);
908 /* check the file ha been written */
909 if (check_file(sl, &mf, addr) == -1) {
910 fprintf(stderr, "check_file() == -1\n");
917 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
918 /* Set PC to the reset routine*/
919 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
927 int stlink_fread(stlink_t* sl, const char* path, stm32_addr_t addr, size_t size) {
928 /* read size bytes from addr to file */
933 unsigned char erased_pattern = (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
934 || sl->chip_id == STM32_CHIPID_L1_HIGH) ? 0:0xff;
936 const int fd = open(path, O_RDWR | O_TRUNC | O_CREAT, 00700);
938 fprintf(stderr, "open(%s) == -1\n", path);
943 size = sl->flash_size;
945 if (size > sl->flash_size)
946 size = sl->flash_size;
948 /* do the copy by 1k blocks */
949 for (off = 0; off < size; off += 1024) {
950 size_t read_size = 1024;
953 if ((off + read_size) > size)
954 read_size = size - off;
956 /* round size if needed */
957 rounded_size = read_size;
958 if (rounded_size & 3)
959 rounded_size = (rounded_size + 4) & ~(3);
961 stlink_read_mem32(sl, addr + off, rounded_size);
963 for(index = 0; index < read_size; index ++) {
964 if (sl->q_buf[index] == erased_pattern)
969 if (write(fd, sl->q_buf, read_size) != (ssize_t) read_size) {
970 fprintf(stderr, "write() != read_size\n");
975 /* Ignore NULL Bytes at end of file */
976 if (!ftruncate(fd, size - num_empty)) {
989 int write_buffer_to_sram(stlink_t *sl, flash_loader_t* fl, const uint8_t* buf, size_t size) {
990 /* write the buffer right after the loader */
991 size_t chunk = size & ~0x3;
992 size_t rem = size & 0x3;
994 memcpy(sl->q_buf, buf, chunk);
995 stlink_write_mem32(sl, fl->buf_addr, chunk);
998 memcpy(sl->q_buf, buf+chunk, rem);
999 stlink_write_mem8(sl, (fl->buf_addr)+chunk, rem);
1004 uint32_t calculate_F4_sectornum(uint32_t flashaddr){
1005 flashaddr &= ~STM32_FLASH_BASE; //Page now holding the actual flash address
1006 if (flashaddr<0x4000) return (0);
1007 else if(flashaddr<0x8000) return(1);
1008 else if(flashaddr<0xc000) return(2);
1009 else if(flashaddr<0x10000) return(3);
1010 else if(flashaddr<0x20000) return(4);
1011 else return(flashaddr/0x20000)+4;
1015 uint32_t stlink_calculate_pagesize(stlink_t *sl, uint32_t flashaddr){
1016 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
1017 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD)) {
1018 uint32_t sector=calculate_F4_sectornum(flashaddr);
1019 if (sector<4) sl->flash_pgsz=0x4000;
1020 else if(sector<5) sl->flash_pgsz=0x10000;
1021 else sl->flash_pgsz=0x20000;
1023 return (sl->flash_pgsz);
1027 * Erase a page of flash, assumes sl is fully populated with things like chip/core ids
1028 * @param sl stlink context
1029 * @param flashaddr an address in the flash page to erase
1030 * @return 0 on success -ve on failure
1032 int stlink_erase_flash_page(stlink_t *sl, stm32_addr_t flashaddr)
1034 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
1035 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD)) {
1036 /* wait for ongoing op to finish */
1037 wait_flash_busy(sl);
1039 /* unlock if locked */
1040 unlock_flash_if(sl);
1042 /* select the page to erase */
1043 // calculate the actual page from the address
1044 uint32_t sector=calculate_F4_sectornum(flashaddr);
1046 fprintf(stderr, "EraseFlash - Sector:0x%x Size:0x%x\n", sector, stlink_calculate_pagesize(sl, flashaddr));
1047 write_flash_cr_snb(sl, sector);
1049 /* start erase operation */
1050 set_flash_cr_strt(sl);
1052 /* wait for completion */
1053 wait_flash_busy(sl);
1055 /* relock the flash */
1056 //todo: fails to program if this is in
1059 fprintf(stdout, "Erase Final CR:0x%x\n", read_flash_cr(sl));
1061 } else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1062 || sl->chip_id == STM32_CHIPID_L1_HIGH) {
1066 /* check if the locks are set */
1067 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1068 if((val & (1<<0))||(val & (1<<1))) {
1069 /* disable pecr protection */
1070 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x89abcdef);
1071 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x02030405);
1073 /* check pecr.pelock is cleared */
1074 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1075 if (val & (1 << 0)) {
1076 WLOG("pecr.pelock not clear (%#x)\n", val);
1080 /* unlock program memory */
1081 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x8c9daebf);
1082 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x13141516);
1084 /* check pecr.prglock is cleared */
1085 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1086 if (val & (1 << 1)) {
1087 WLOG("pecr.prglock not clear (%#x)\n", val);
1092 /* unused: unlock the option byte block */
1094 stlink_write_debug32(sl, STM32L_FLASH_OPTKEYR, 0xfbead9c8);
1095 stlink_write_debug32(sl, STM32L_FLASH_OPTKEYR, 0x24252627);
1097 /* check pecr.optlock is cleared */
1098 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1099 if (val & (1 << 2)) {
1100 fprintf(stderr, "pecr.prglock not clear\n");
1105 /* set pecr.{erase,prog} */
1106 val |= (1 << 9) | (1 << 3);
1107 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1109 #if 0 /* fix_to_be_confirmed */
1111 /* wait for sr.busy to be cleared
1112 MP: Test shows that busy bit is not set here. Perhaps, PM0062 is
1113 wrong and we do not need to wait here for clearing the busy bit.
1114 TEXANE: ok, if experience says so and it works for you, we comment
1115 it. If someone has a problem, please drop an email.
1117 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1120 #endif /* fix_to_be_confirmed */
1122 /* write 0 to the first word of the page to be erased */
1123 stlink_write_debug32(sl, flashaddr, 0);
1125 /* MP: It is better to wait for clearing the busy bit after issuing
1126 page erase command, even though PM0062 recommends to wait before it.
1127 Test shows that a few iterations is performed in the following loop
1128 before busy bit is cleared.*/
1129 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1132 /* reset lock bits */
1133 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
1134 | (1 << 0) | (1 << 1) | (1 << 2);
1135 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1136 } else if (sl->core_id == STM32VL_CORE_ID
1137 || sl->core_id == STM32F0_CORE_ID
1138 || sl->chip_id == STM32_CHIPID_F3
1139 || sl->chip_id == STM32_CHIPID_F37x) {
1140 /* wait for ongoing op to finish */
1141 wait_flash_busy(sl);
1143 /* unlock if locked */
1144 unlock_flash_if(sl);
1146 /* set the page erase bit */
1147 set_flash_cr_per(sl);
1149 /* select the page to erase */
1150 write_flash_ar(sl, flashaddr);
1152 /* start erase operation, reset by hw with bsy bit */
1153 set_flash_cr_strt(sl);
1155 /* wait for completion */
1156 wait_flash_busy(sl);
1158 /* relock the flash */
1161 WLOG("unknown coreid %x, page erase failed\n", sl->core_id);
1165 /* todo: verify the erased page */
1170 int stlink_erase_flash_mass(stlink_t *sl) {
1171 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1172 || sl->chip_id == STM32_CHIPID_L1_HIGH) {
1173 /* erase each page */
1174 int i = 0, num_pages = sl->flash_size/sl->flash_pgsz;
1175 for (i = 0; i < num_pages; i++) {
1176 /* addr must be an addr inside the page */
1177 stm32_addr_t addr = sl->flash_base + i * sl->flash_pgsz;
1178 if (stlink_erase_flash_page(sl, addr) == -1) {
1179 WLOG("Failed to erase_flash_page(%#zx) == -1\n", addr);
1182 fprintf(stdout,"\rFlash page at %5d/%5d erased", i, num_pages);
1185 fprintf(stdout, "\n");
1187 /* wait for ongoing op to finish */
1188 wait_flash_busy(sl);
1190 /* unlock if locked */
1191 unlock_flash_if(sl);
1193 /* set the mass erase bit */
1194 set_flash_cr_mer(sl);
1196 /* start erase operation, reset by hw with bsy bit */
1197 set_flash_cr_strt(sl);
1199 /* wait for completion */
1200 wait_flash_busy_progress(sl);
1202 /* relock the flash */
1205 /* todo: verify the erased memory */
1210 int init_flash_loader(stlink_t *sl, flash_loader_t* fl) {
1213 /* allocate the loader in sram */
1214 if (write_loader_to_sram(sl, &fl->loader_addr, &size) == -1) {
1215 WLOG("Failed to write flash loader to sram!\n");
1219 /* allocate a one page buffer in sram right after loader */
1220 fl->buf_addr = fl->loader_addr + size;
1221 ILOG("Successfully loaded flash loader in sram\n");
1225 int write_loader_to_sram(stlink_t *sl, stm32_addr_t* addr, size_t* size) {
1226 /* from openocd, contrib/loaders/flash/stm32.s */
1227 static const uint8_t loader_code_stm32vl[] = {
1228 0x08, 0x4c, /* ldr r4, STM32_FLASH_BASE */
1229 0x1c, 0x44, /* add r4, r3 */
1230 /* write_half_word: */
1231 0x01, 0x23, /* movs r3, #0x01 */
1232 0x23, 0x61, /* str r3, [r4, #STM32_FLASH_CR_OFFSET] */
1233 0x30, 0xf8, 0x02, 0x3b, /* ldrh r3, [r0], #0x02 */
1234 0x21, 0xf8, 0x02, 0x3b, /* strh r3, [r1], #0x02 */
1236 0xe3, 0x68, /* ldr r3, [r4, #STM32_FLASH_SR_OFFSET] */
1237 0x13, 0xf0, 0x01, 0x0f, /* tst r3, #0x01 */
1238 0xfb, 0xd0, /* beq busy */
1239 0x13, 0xf0, 0x14, 0x0f, /* tst r3, #0x14 */
1240 0x01, 0xd1, /* bne exit */
1241 0x01, 0x3a, /* subs r2, r2, #0x01 */
1242 0xf0, 0xd1, /* bne write_half_word */
1244 0x00, 0xbe, /* bkpt #0x00 */
1245 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1248 /* flashloaders/stm32f0.s -- thumb1 only, same sequence as for STM32VL, bank ignored */
1249 static const uint8_t loader_code_stm32f0[] = {
1252 * These two NOPs here are a safety precaution, added by Pekka Nikander
1253 * while debugging the STM32F05x support. They may not be needed, but
1254 * there were strange problems with simpler programs, like a program
1255 * that had just a breakpoint or a program that first moved zero to register r2
1256 * and then had a breakpoint. So, it appears safest to have these two nops.
1258 * Feel free to remove them, if you dare, but then please do test the result
1259 * rigorously. Also, if you remove these, it may be a good idea first to
1260 * #if 0 them out, with a comment when these were taken out, and to remove
1261 * these only a few months later... But YMMV.
1263 0x00, 0x30, // nop /* add r0,#0 */
1264 0x00, 0x30, // nop /* add r0,#0 */
1266 0x0A, 0x4C, // ldr r4, STM32_FLASH_BASE
1267 0x01, 0x25, // mov r5, #1 /* FLASH_CR_PG, FLASH_SR_BUSY */
1268 0x04, 0x26, // mov r6, #4 /* PGERR */
1270 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1271 0x2B, 0x43, // orr r3, r5
1272 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR |= FLASH_CR_PG */
1273 0x03, 0x88, // ldrh r3, [r0] /* r3 = *sram */
1274 0x0B, 0x80, // strh r3, [r1] /* *flash = r3 */
1276 0xE3, 0x68, // ldr r3, [r4, #12] /* FLASH->SR */
1277 0x2B, 0x42, // tst r3, r5 /* FLASH_SR_BUSY */
1278 0xFC, 0xD0, // beq busy
1280 0x33, 0x42, // tst r3, r6 /* PGERR */
1281 0x04, 0xD1, // bne exit
1283 0x02, 0x30, // add r0, r0, #2 /* sram += 2 */
1284 0x02, 0x31, // add r1, r1, #2 /* flash += 2 */
1285 0x01, 0x3A, // sub r2, r2, #0x01 /* count-- */
1286 0x00, 0x2A, // cmp r2, #0
1287 0xF0, 0xD1, // bne write_half_word
1289 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1290 0xAB, 0x43, // bic r3, r5
1291 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR &= ~FLASH_CR_PG */
1292 0x00, 0xBE, // bkpt #0x00
1293 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1296 static const uint8_t loader_code_stm32l[] = {
1298 /* openocd.git/contrib/loaders/flash/stm32lx.S
1299 r0, input, dest addr
1300 r1, input, source addr
1301 r2, input, word count
1302 r3, output, word count
1308 0x51, 0xf8, 0x04, 0xcb,
1309 0x40, 0xf8, 0x04, 0xcb,
1317 static const uint8_t loader_code_stm32f4[] = {
1318 // flashloaders/stm32f4.s
1327 0x14, 0xf0, 0x01, 0x0f,
1329 0x00, 0xf1, 0x04, 0x00,
1330 0x01, 0xf1, 0x04, 0x01,
1331 0xa2, 0xf1, 0x01, 0x02,
1336 0x00, 0x3c, 0x02, 0x40,
1339 const uint8_t* loader_code;
1342 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1343 || sl->chip_id == STM32_CHIPID_L1_HIGH ) { /* stm32l */
1344 loader_code = loader_code_stm32l;
1345 loader_size = sizeof(loader_code_stm32l);
1346 } else if (sl->core_id == STM32VL_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1347 loader_code = loader_code_stm32vl;
1348 loader_size = sizeof(loader_code_stm32vl);
1349 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 ||
1350 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD){
1351 loader_code = loader_code_stm32f4;
1352 loader_size = sizeof(loader_code_stm32f4);
1353 } else if (sl->chip_id == STM32_CHIPID_F0 || sl->chip_id == STM32_CHIPID_F0_CAN || sl->chip_id == STM32_CHIPID_F0_SMALL) {
1354 loader_code = loader_code_stm32f0;
1355 loader_size = sizeof(loader_code_stm32f0);
1357 ELOG("unknown coreid, not sure what flash loader to use, aborting!: %x\n", sl->core_id);
1361 memcpy(sl->q_buf, loader_code, loader_size);
1362 stlink_write_mem32(sl, sl->sram_base, loader_size);
1364 *addr = sl->sram_base;
1365 *size = loader_size;
1371 int stlink_fcheck_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1372 /* check the contents of path are at addr */
1375 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1377 if (map_file(&mf, path) == -1)
1380 res = check_file(sl, &mf, addr);
1388 * Verify addr..addr+len is binary identical to base...base+len
1389 * @param sl stlink context
1390 * @param address stm device address
1391 * @param data host side buffer to check against
1392 * @param length how much
1393 * @return 0 for success, -ve for failure
1395 int stlink_verify_write_flash(stlink_t *sl, stm32_addr_t address, uint8_t *data, unsigned length) {
1397 size_t cmp_size = (sl->flash_pgsz > 0x1800)? 0x1800:sl->flash_pgsz;
1398 ILOG("Starting verification of write complete\n");
1399 for (off = 0; off < length; off += cmp_size) {
1400 size_t aligned_size;
1402 /* adjust last page size */
1403 if ((off + cmp_size) > length)
1404 cmp_size = length - off;
1406 aligned_size = cmp_size;
1407 if (aligned_size & (4 - 1))
1408 aligned_size = (cmp_size + 4) & ~(4 - 1);
1410 stlink_read_mem32(sl, address + off, aligned_size);
1412 if (memcmp(sl->q_buf, data + off, cmp_size)) {
1413 ELOG("Verification of flash failed at offset: %zd\n", off);
1417 ILOG("Flash written and verified! jolly good!\n");
1422 int stm32l1_write_half_pages(stlink_t *sl, stm32_addr_t addr, uint8_t* base, unsigned num_half_pages)
1428 ILOG("Starting Half page flash write for STM32L core id\n");
1429 /* flash loader initialization */
1430 if (init_flash_loader(sl, &fl) == -1) {
1431 WLOG("init_flash_loader() == -1\n");
1434 /* Unlock already done */
1435 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1436 val |= (1 << FLASH_L1_FPRG);
1437 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1439 val |= (1 << FLASH_L1_PROG);
1440 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1441 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0) {}
1443 #define L1_WRITE_BLOCK_SIZE 0x80
1444 for (count = 0; count < num_half_pages; count ++) {
1445 if (run_flash_loader(sl, &fl, addr + count * L1_WRITE_BLOCK_SIZE, base + count * L1_WRITE_BLOCK_SIZE, L1_WRITE_BLOCK_SIZE) == -1) {
1446 WLOG("l1_run_flash_loader(%#zx) failed! == -1\n", addr + count * L1_WRITE_BLOCK_SIZE);
1447 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1448 val &= ~((1 << FLASH_L1_FPRG) |(1 << FLASH_L1_PROG));
1449 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1452 /* wait for sr.busy to be cleared */
1453 if (sl->verbose >= 1) {
1454 /* show progress. writing procedure is slow
1455 and previous errors are misleading */
1456 fprintf(stdout, "\r%3u/%u halfpages written", count + 1, num_half_pages);
1459 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0) {
1462 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1463 val &= ~(1 << FLASH_L1_PROG);
1464 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1465 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1466 val &= ~(1 << FLASH_L1_FPRG);
1467 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1472 int stlink_write_flash(stlink_t *sl, stm32_addr_t addr, uint8_t* base, uint32_t len) {
1475 ILOG("Attempting to write %d (%#x) bytes to stm32 address: %u (%#x)\n",
1476 len, len, addr, addr);
1477 /* check addr range is inside the flash */
1478 stlink_calculate_pagesize(sl, addr);
1479 if (addr < sl->flash_base) {
1480 ELOG("addr too low %#x < %#x\n", addr, sl->flash_base);
1482 } else if ((addr + len) < addr) {
1483 ELOG("addr overruns\n");
1485 } else if ((addr + len) > (sl->flash_base + sl->flash_size)) {
1486 ELOG("addr too high\n");
1488 } else if (addr & 1) {
1489 ELOG("unaligned addr 0x%x\n", addr);
1491 } else if (len & 1) {
1492 WLOG("unaligned len 0x%x -- padding with zero\n", len);
1494 } else if (addr & (sl->flash_pgsz - 1)) {
1495 ELOG("addr not a multiple of pagesize, not supported\n");
1499 // Make sure we've loaded the context with the chip details
1501 /* erase each page */
1503 for (off = 0; off < len; off += stlink_calculate_pagesize(sl, addr + off)) {
1504 /* addr must be an addr inside the page */
1505 if (stlink_erase_flash_page(sl, addr + off) == -1) {
1506 ELOG("Failed to erase_flash_page(%#zx) == -1\n", addr + off);
1509 fprintf(stdout,"\rFlash page at addr: 0x%08lx erased",
1510 (unsigned long)addr + off);
1514 fprintf(stdout,"\n");
1515 ILOG("Finished erasing %d pages of %d (%#x) bytes\n",
1516 page_count, sl->flash_pgsz, sl->flash_pgsz);
1518 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
1519 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD)) {
1520 /* todo: check write operation */
1522 ILOG("Starting Flash write for F2/F4\n");
1523 /* flash loader initialization */
1524 if (init_flash_loader(sl, &fl) == -1) {
1525 ELOG("init_flash_loader() == -1\n");
1529 /* First unlock the cr */
1530 unlock_flash_if(sl);
1532 /* TODO: Check that Voltage range is 2.7 - 3.6 V */
1533 /* set parallelisim to 32 bit*/
1534 write_flash_cr_psiz(sl, 2);
1536 /* set programming mode */
1537 set_flash_cr_pg(sl);
1539 for(off = 0; off < len;) {
1540 size_t size = len - off > 0x8000 ? 0x8000 : len - off;
1542 printf("size: %zu\n", size);
1544 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1545 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1553 #define PROGRESS_CHUNK_SIZE 0x1000
1554 /* write a word in program memory */
1555 for (off = 0; off < len; off += sizeof(uint32_t)) {
1557 if (sl->verbose >= 1) {
1558 if ((off & (PROGRESS_CHUNK_SIZE - 1)) == 0) {
1559 /* show progress. writing procedure is slow
1560 and previous errors are misleading */
1561 const uint32_t pgnum = (off / PROGRESS_CHUNK_SIZE)+1;
1562 const uint32_t pgcount = len / PROGRESS_CHUNK_SIZE +1;
1563 fprintf(stdout, "Writing %ukB chunk %u out of %u\n",
1564 PROGRESS_CHUNK_SIZE/1024, pgnum, pgcount);
1568 write_uint32((unsigned char*) &data, *(uint32_t*) (base + off));
1569 stlink_write_debug32(sl, addr + off, data);
1571 /* wait for sr.busy to be cleared */
1572 wait_flash_busy(sl);
1579 #if 0 /* todo: debug mode */
1580 fprintf(stdout, "Final CR:0x%x\n", read_flash_cr(sl));
1585 else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1586 || sl->chip_id == STM32_CHIPID_L1_HIGH ) {
1587 /* use fast word write. todo: half page. */
1590 #if 0 /* todo: check write operation */
1592 uint32_t nwrites = sl->flash_pgsz;
1596 #endif /* todo: check write operation */
1598 /* disable pecr protection */
1599 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x89abcdef);
1600 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x02030405);
1602 /* check pecr.pelock is cleared */
1603 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1604 if (val & (1 << 0)) {
1605 fprintf(stderr, "pecr.pelock not clear\n");
1609 /* unlock program memory */
1610 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x8c9daebf);
1611 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x13141516);
1613 /* check pecr.prglock is cleared */
1614 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1615 if (val & (1 << 1)) {
1616 fprintf(stderr, "pecr.prglock not clear\n");
1620 if (len > L1_WRITE_BLOCK_SIZE) {
1621 if (stm32l1_write_half_pages(sl, addr, base, len/L1_WRITE_BLOCK_SIZE) == -1) {
1622 /* This may happen on a blank device! */
1623 WLOG("\nwrite_half_pages failed == -1\n");
1625 off = (len /L1_WRITE_BLOCK_SIZE)*L1_WRITE_BLOCK_SIZE;
1629 /* write remainingword in program memory */
1630 for ( ; off < len; off += sizeof(uint32_t)) {
1633 fprintf(stdout, "\r");
1635 if ((off % sl->flash_pgsz) > (sl->flash_pgsz -5)) {
1636 fprintf(stdout, "\r%3zd/%3zd pages written",
1637 off/sl->flash_pgsz, len/sl->flash_pgsz);
1641 write_uint32((unsigned char*) &data, *(uint32_t*) (base + off));
1642 stlink_write_debug32(sl, addr + off, data);
1644 /* wait for sr.busy to be cleared */
1645 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1648 #if 0 /* todo: check redo write operation */
1650 /* check written bytes. todo: should be on a per page basis. */
1651 data = stlink_read_debug32(sl, addr + off);
1652 if (data == *(uint32_t*)(base + off)) {
1653 /* re erase the page and redo the write operation */
1657 /* fail if successive write count too low */
1658 if (nwrites < sl->flash_pgsz) {
1659 fprintf(stderr, "writes operation failure count too high, aborting\n");
1665 /* assume addr aligned */
1666 if (off % sl->flash_pgsz) off &= ~(sl->flash_pgsz - 1);
1669 fprintf(stderr, "invalid write @0x%x(0x%x): 0x%x != 0x%x. retrying.\n",
1670 page, addr + off, read_uint32(base + off, 0), read_uint32(sl->q_buf, 0));
1672 /* reset lock bits */
1673 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
1674 | (1 << 0) | (1 << 1) | (1 << 2);
1675 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1677 stlink_erase_flash_page(sl, page);
1682 /* increment successive writes counter */
1685 #endif /* todo: check redo write operation */
1687 fprintf(stdout, "\n");
1688 /* reset lock bits */
1689 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
1690 | (1 << 0) | (1 << 1) | (1 << 2);
1691 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1692 } else if (sl->core_id == STM32VL_CORE_ID || sl->core_id == STM32F0_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1693 ILOG("Starting Flash write for VL/F0 core id\n");
1694 /* flash loader initialization */
1695 if (init_flash_loader(sl, &fl) == -1) {
1696 ELOG("init_flash_loader() == -1\n");
1700 int write_block_count = 0;
1701 for (off = 0; off < len; off += sl->flash_pgsz) {
1702 /* adjust last write size */
1703 size_t size = sl->flash_pgsz;
1704 if ((off + sl->flash_pgsz) > len) size = len - off;
1706 /* unlock and set programming mode */
1707 unlock_flash_if(sl);
1708 set_flash_cr_pg(sl);
1709 //DLOG("Finished setting flash cr pg, running loader!\n");
1710 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1711 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1715 if (sl->verbose >= 1) {
1716 /* show progress. writing procedure is slow
1717 and previous errors are misleading */
1718 fprintf(stdout, "\r%3u/%lu pages written", write_block_count++, (unsigned long)len/sl->flash_pgsz);
1722 fprintf(stdout, "\n");
1724 ELOG("unknown coreid, not sure how to write: %x\n", sl->core_id);
1728 return stlink_verify_write_flash(sl, addr, base, len);
1732 * Write the given binary file into flash at address "addr"
1734 * @param path readable file path, should be binary image
1735 * @param addr where to start writing
1736 * @return 0 on success, -ve on failure.
1738 int stlink_fwrite_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1739 /* write the file in flash at addr */
1741 unsigned int num_empty = 0, index;
1742 unsigned char erased_pattern =(sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1743 || sl->chip_id == STM32_CHIPID_L1_HIGH )?0:0xff;
1744 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1745 if (map_file(&mf, path) == -1) {
1746 ELOG("map_file() == -1\n");
1749 for(index = 0; index < mf.len; index ++) {
1750 if (mf.base[index] == erased_pattern)
1755 /* Round down to words */
1756 num_empty -= (num_empty & 3);
1757 if(num_empty != 0) {
1758 ILOG("Ignoring %d bytes of 0x%02x at end of file\n", num_empty, erased_pattern);
1759 mf.len -= num_empty;
1761 err = stlink_write_flash(sl, addr, mf.base, mf.len);
1763 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
1764 /* Set PC to the reset routine*/
1765 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
1771 int run_flash_loader(stlink_t *sl, flash_loader_t* fl, stm32_addr_t target, const uint8_t* buf, size_t size) {
1775 DLOG("Running flash loader, write address:%#x, size: %zd\n", target, size);
1776 // FIXME This can never return -1
1777 if (write_buffer_to_sram(sl, fl, buf, size) == -1) {
1779 ELOG("write_buffer_to_sram() == -1\n");
1783 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1784 || sl->chip_id == STM32_CHIPID_L1_HIGH ) {
1786 size_t count = size / sizeof(uint32_t);
1787 if (size % sizeof(uint32_t)) ++count;
1790 stlink_write_reg(sl, target, 0); /* target */
1791 stlink_write_reg(sl, fl->buf_addr, 1); /* source */
1792 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1793 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1795 } else if (sl->core_id == STM32VL_CORE_ID || sl->core_id == STM32F0_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1797 size_t count = size / sizeof(uint16_t);
1798 if (size % sizeof(uint16_t)) ++count;
1801 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1802 stlink_write_reg(sl, target, 1); /* target */
1803 stlink_write_reg(sl, count, 2); /* count (16 bits half words) */
1804 stlink_write_reg(sl, 0, 3); /* flash bank 0 (input) */
1805 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1807 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 ||
1808 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD) {
1810 size_t count = size / sizeof(uint32_t);
1811 if (size % sizeof(uint32_t)) ++count;
1814 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1815 stlink_write_reg(sl, target, 1); /* target */
1816 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1817 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1820 fprintf(stderr, "unknown coreid 0x%x, don't know what flash loader to use\n", sl->core_id);
1827 #define WAIT_ROUNDS 10000
1828 /* wait until done (reaches breakpoint) */
1829 for (i = 0; i < WAIT_ROUNDS; i++) {
1831 if (is_core_halted(sl))
1835 if (i >= WAIT_ROUNDS) {
1836 ELOG("flash loader run error\n");
1840 /* check written byte count */
1841 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS
1842 || sl->chip_id == STM32_CHIPID_L1_HIGH ) {
1844 size_t count = size / sizeof(uint32_t);
1845 if (size % sizeof(uint32_t)) ++count;
1847 stlink_read_reg(sl, 3, &rr);
1848 if (rr.r[3] != count) {
1849 fprintf(stderr, "write error, count == %u\n", rr.r[3]);
1853 } else if (sl->core_id == STM32VL_CORE_ID || sl->core_id == STM32F0_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1855 stlink_read_reg(sl, 2, &rr);
1857 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1861 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 ||
1862 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD) {
1864 stlink_read_reg(sl, 2, &rr);
1866 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1872 fprintf(stderr, "unknown coreid 0x%x, can't check written byte count\n", sl->core_id);