10 #include <sys/types.h>
14 #include "stlink-common.h"
15 #include "uglylogging.h"
21 /* todo: stm32l15xxx flash memory, pm0062 manual */
23 /* stm32f FPEC flash controller interface, pm0063 manual */
24 // TODO - all of this needs to be abstracted out....
25 // STM32F05x is identical, based on RM0091 (DM00031936, Doc ID 018940 Rev 2, August 2012)
26 #define FLASH_REGS_ADDR 0x40022000
27 #define FLASH_REGS_SIZE 0x28
29 #define FLASH_ACR (FLASH_REGS_ADDR + 0x00)
30 #define FLASH_KEYR (FLASH_REGS_ADDR + 0x04)
31 #define FLASH_SR (FLASH_REGS_ADDR + 0x0c)
32 #define FLASH_CR (FLASH_REGS_ADDR + 0x10)
33 #define FLASH_AR (FLASH_REGS_ADDR + 0x14)
34 #define FLASH_OBR (FLASH_REGS_ADDR + 0x1c)
35 #define FLASH_WRPR (FLASH_REGS_ADDR + 0x20)
37 // For STM32F05x, the RDPTR_KEY may be wrong, but as it is not used anywhere...
38 #define FLASH_RDPTR_KEY 0x00a5
39 #define FLASH_KEY1 0x45670123
40 #define FLASH_KEY2 0xcdef89ab
42 #define FLASH_SR_BSY 0
43 #define FLASH_SR_EOP 5
46 #define FLASH_CR_PER 1
47 #define FLASH_CR_MER 2
48 #define FLASH_CR_STRT 6
49 #define FLASH_CR_LOCK 7
52 //32L = 32F1 same CoreID as 32F4!
53 #define STM32L_FLASH_REGS_ADDR ((uint32_t)0x40023c00)
54 #define STM32L_FLASH_ACR (STM32L_FLASH_REGS_ADDR + 0x00)
55 #define STM32L_FLASH_PECR (STM32L_FLASH_REGS_ADDR + 0x04)
56 #define STM32L_FLASH_PDKEYR (STM32L_FLASH_REGS_ADDR + 0x08)
57 #define STM32L_FLASH_PEKEYR (STM32L_FLASH_REGS_ADDR + 0x0c)
58 #define STM32L_FLASH_PRGKEYR (STM32L_FLASH_REGS_ADDR + 0x10)
59 #define STM32L_FLASH_OPTKEYR (STM32L_FLASH_REGS_ADDR + 0x14)
60 #define STM32L_FLASH_SR (STM32L_FLASH_REGS_ADDR + 0x18)
61 #define STM32L_FLASH_OBR (STM32L_FLASH_REGS_ADDR + 0x1c)
62 #define STM32L_FLASH_WRPR (STM32L_FLASH_REGS_ADDR + 0x20)
63 #define FLASH_L1_FPRG 10
64 #define FLASH_L1_PROG 3
66 //STM32L0x flash register base and offsets
68 #define STM32L0_FLASH_REGS_ADDR ((uint32_t)0x40022000)
69 #define FLASH_ACR_OFF ((uint32_t) 0x00)
70 #define FLASH_PECR_OFF ((uint32_t) 0x04)
71 #define FLASH_PDKEYR_OFF ((uint32_t) 0x08)
72 #define FLASH_PEKEYR_OFF ((uint32_t) 0x0c)
73 #define FLASH_PRGKEYR_OFF ((uint32_t) 0x10)
74 #define FLASH_OPTKEYR_OFF ((uint32_t) 0x14)
75 #define FLASH_SR_OFF ((uint32_t) 0x18)
76 #define FLASH_OBR_OFF ((uint32_t) 0x1c)
77 #define FLASH_WRPR_OFF ((uint32_t) 0x20)
82 #define FLASH_F4_REGS_ADDR ((uint32_t)0x40023c00)
83 #define FLASH_F4_KEYR (FLASH_F4_REGS_ADDR + 0x04)
84 #define FLASH_F4_OPT_KEYR (FLASH_F4_REGS_ADDR + 0x08)
85 #define FLASH_F4_SR (FLASH_F4_REGS_ADDR + 0x0c)
86 #define FLASH_F4_CR (FLASH_F4_REGS_ADDR + 0x10)
87 #define FLASH_F4_OPT_CR (FLASH_F4_REGS_ADDR + 0x14)
88 #define FLASH_F4_CR_STRT 16
89 #define FLASH_F4_CR_LOCK 31
90 #define FLASH_F4_CR_SER 1
91 #define FLASH_F4_CR_SNB 3
92 #define FLASH_F4_CR_SNB_MASK 0xf8
93 #define FLASH_F4_SR_BSY 16
95 #define L1_WRITE_BLOCK_SIZE 0x80
96 #define L0_WRITE_BLOCK_SIZE 0x40
98 void write_uint32(unsigned char* buf, uint32_t ui) {
99 if (!is_bigendian()) { // le -> le (don't swap)
100 buf[0] = ((unsigned char*) &ui)[0];
101 buf[1] = ((unsigned char*) &ui)[1];
102 buf[2] = ((unsigned char*) &ui)[2];
103 buf[3] = ((unsigned char*) &ui)[3];
105 buf[0] = ((unsigned char*) &ui)[3];
106 buf[1] = ((unsigned char*) &ui)[2];
107 buf[2] = ((unsigned char*) &ui)[1];
108 buf[3] = ((unsigned char*) &ui)[0];
112 void write_uint16(unsigned char* buf, uint16_t ui) {
113 if (!is_bigendian()) { // le -> le (don't swap)
114 buf[0] = ((unsigned char*) &ui)[0];
115 buf[1] = ((unsigned char*) &ui)[1];
117 buf[0] = ((unsigned char*) &ui)[1];
118 buf[1] = ((unsigned char*) &ui)[0];
122 uint32_t read_uint32(const unsigned char *c, const int pt) {
124 char *p = (char *) &ui;
126 if (!is_bigendian()) { // le -> le (don't swap)
140 static uint32_t __attribute__((unused)) read_flash_rdp(stlink_t *sl) {
141 return stlink_read_debug32(sl, FLASH_WRPR) & 0xff;
144 static inline uint32_t read_flash_wrpr(stlink_t *sl) {
145 return stlink_read_debug32(sl, FLASH_WRPR);
148 static inline uint32_t read_flash_obr(stlink_t *sl) {
149 return stlink_read_debug32(sl, FLASH_OBR);
152 static inline uint32_t read_flash_cr(stlink_t *sl) {
154 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||(sl->chip_id == STM32_CHIPID_F4_DE) ||
155 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
156 res = stlink_read_debug32(sl, FLASH_F4_CR);
158 res = stlink_read_debug32(sl, FLASH_CR);
160 fprintf(stdout, "CR:0x%x\n", res);
165 static inline unsigned int is_flash_locked(stlink_t *sl) {
166 /* return non zero for true */
167 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
168 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE) )
169 return read_flash_cr(sl) & (1 << FLASH_F4_CR_LOCK);
171 return read_flash_cr(sl) & (1 << FLASH_CR_LOCK);
174 static void unlock_flash(stlink_t *sl) {
175 /* the unlock sequence consists of 2 write cycles where
176 2 key values are written to the FLASH_KEYR register.
177 an invalid sequence results in a definitive lock of
178 the FPEC block until next reset.
180 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
181 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
182 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY1);
183 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY2);
185 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY1);
186 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY2);
191 static int unlock_flash_if(stlink_t *sl) {
192 /* unlock flash if already locked */
194 if (is_flash_locked(sl)) {
196 if (is_flash_locked(sl)) {
197 WLOG("Failed to unlock flash!\n");
201 DLOG("Successfully unlocked flash\n");
205 static void lock_flash(stlink_t *sl) {
206 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
207 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
208 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_F4_CR_LOCK);
209 stlink_write_debug32(sl, FLASH_F4_CR, n);
211 /* write to 1 only. reset by hw at unlock sequence */
212 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_CR_LOCK);
213 stlink_write_debug32(sl, FLASH_CR, n);
218 static void set_flash_cr_pg(stlink_t *sl) {
219 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
220 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
221 uint32_t x = read_flash_cr(sl);
222 x |= (1 << FLASH_CR_PG);
223 stlink_write_debug32(sl, FLASH_F4_CR, x);
225 const uint32_t n = 1 << FLASH_CR_PG;
226 stlink_write_debug32(sl, FLASH_CR, n);
230 static void __attribute__((unused)) clear_flash_cr_pg(stlink_t *sl) {
231 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PG);
232 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
233 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
234 stlink_write_debug32(sl, FLASH_F4_CR, n);
236 stlink_write_debug32(sl, FLASH_CR, n);
239 static void set_flash_cr_per(stlink_t *sl) {
240 const uint32_t n = 1 << FLASH_CR_PER;
241 stlink_write_debug32(sl, FLASH_CR, n);
244 static void __attribute__((unused)) clear_flash_cr_per(stlink_t *sl) {
245 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PER);
246 stlink_write_debug32(sl, FLASH_CR, n);
249 static void set_flash_cr_mer(stlink_t *sl) {
250 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
251 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
252 stlink_write_debug32(sl, FLASH_F4_CR,
253 stlink_read_debug32(sl, FLASH_F4_CR) | (1 << FLASH_CR_MER));
255 stlink_write_debug32(sl, FLASH_CR,
256 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_MER));
259 static void __attribute__((unused)) clear_flash_cr_mer(stlink_t *sl) {
260 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
261 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
262 stlink_write_debug32(sl, FLASH_F4_CR,
263 stlink_read_debug32(sl, FLASH_F4_CR) & ~(1 << FLASH_CR_MER));
265 stlink_write_debug32(sl, FLASH_CR,
266 stlink_read_debug32(sl, FLASH_CR) & ~(1 << FLASH_CR_MER));
269 static void set_flash_cr_strt(stlink_t *sl) {
270 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
271 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
272 uint32_t x = read_flash_cr(sl);
273 x |= (1 << FLASH_F4_CR_STRT);
274 stlink_write_debug32(sl, FLASH_F4_CR, x);
276 stlink_write_debug32(sl, FLASH_CR,
277 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_STRT) );
281 static inline uint32_t read_flash_acr(stlink_t *sl) {
282 return stlink_read_debug32(sl, FLASH_ACR);
285 static inline uint32_t read_flash_sr(stlink_t *sl) {
287 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
288 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
289 res = stlink_read_debug32(sl, FLASH_F4_SR);
291 res = stlink_read_debug32(sl, FLASH_SR);
292 //fprintf(stdout, "SR:0x%x\n", *(uint32_t*) sl->q_buf);
296 static inline unsigned int is_flash_busy(stlink_t *sl) {
297 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
298 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE))
299 return read_flash_sr(sl) & (1 << FLASH_F4_SR_BSY);
301 return read_flash_sr(sl) & (1 << FLASH_SR_BSY);
304 static void wait_flash_busy(stlink_t *sl) {
305 /* todo: add some delays here */
306 while (is_flash_busy(sl))
310 static void wait_flash_busy_progress(stlink_t *sl) {
312 fprintf(stdout, "Mass erasing");
314 while (is_flash_busy(sl)) {
318 fprintf(stdout, ".");
322 fprintf(stdout, "\n");
325 static inline unsigned int is_flash_eop(stlink_t *sl) {
326 return read_flash_sr(sl) & (1 << FLASH_SR_EOP);
329 static void __attribute__((unused)) clear_flash_sr_eop(stlink_t *sl) {
330 const uint32_t n = read_flash_sr(sl) & ~(1 << FLASH_SR_EOP);
331 stlink_write_debug32(sl, FLASH_SR, n);
334 static void __attribute__((unused)) wait_flash_eop(stlink_t *sl) {
335 /* todo: add some delays here */
336 while (is_flash_eop(sl) == 0)
340 static inline void write_flash_ar(stlink_t *sl, uint32_t n) {
341 stlink_write_debug32(sl, FLASH_AR, n);
344 static inline void write_flash_cr_psiz(stlink_t *sl, uint32_t n) {
345 uint32_t x = read_flash_cr(sl);
349 fprintf(stdout, "PSIZ:0x%x 0x%x\n", x, n);
351 stlink_write_debug32(sl, FLASH_F4_CR, x);
355 static inline void write_flash_cr_snb(stlink_t *sl, uint32_t n) {
356 uint32_t x = read_flash_cr(sl);
357 x &= ~FLASH_F4_CR_SNB_MASK;
358 x |= (n << FLASH_F4_CR_SNB);
359 x |= (1 << FLASH_F4_CR_SER);
361 fprintf(stdout, "SNB:0x%x 0x%x\n", x, n);
363 stlink_write_debug32(sl, FLASH_F4_CR, x);
366 // Delegates to the backends...
368 void stlink_close(stlink_t *sl) {
369 DLOG("*** stlink_close ***\n");
370 sl->backend->close(sl);
374 void stlink_exit_debug_mode(stlink_t *sl) {
375 DLOG("*** stlink_exit_debug_mode ***\n");
376 stlink_write_debug32(sl, DHCSR, DBGKEY);
377 sl->backend->exit_debug_mode(sl);
380 void stlink_enter_swd_mode(stlink_t *sl) {
381 DLOG("*** stlink_enter_swd_mode ***\n");
382 sl->backend->enter_swd_mode(sl);
385 // Force the core into the debug mode -> halted state.
386 void stlink_force_debug(stlink_t *sl) {
387 DLOG("*** stlink_force_debug_mode ***\n");
388 sl->backend->force_debug(sl);
391 void stlink_exit_dfu_mode(stlink_t *sl) {
392 DLOG("*** stlink_exit_dfu_mode ***\n");
393 sl->backend->exit_dfu_mode(sl);
396 uint32_t stlink_core_id(stlink_t *sl) {
397 DLOG("*** stlink_core_id ***\n");
398 sl->backend->core_id(sl);
400 stlink_print_data(sl);
401 DLOG("core_id = 0x%08x\n", sl->core_id);
405 uint32_t stlink_chip_id(stlink_t *sl) {
406 uint32_t chip_id = stlink_read_debug32(sl, 0xE0042000);
407 if (chip_id == 0) chip_id = stlink_read_debug32(sl, 0x40015800); //Try Corex M0 DBGMCU_IDCODE register address
412 * Cortex m3 tech ref manual, CPUID register description
413 * @param sl stlink context
414 * @param cpuid pointer to the result object
416 void stlink_cpu_id(stlink_t *sl, cortex_m3_cpuid_t *cpuid) {
417 uint32_t raw = stlink_read_debug32(sl, CM3_REG_CPUID);
418 cpuid->implementer_id = (raw >> 24) & 0x7f;
419 cpuid->variant = (raw >> 20) & 0xf;
420 cpuid->part = (raw >> 4) & 0xfff;
421 cpuid->revision = raw & 0xf;
426 * reads and decodes the flash parameters, as dynamically as possible
428 * @return 0 for success, or -1 for unsupported core type.
430 int stlink_load_device_params(stlink_t *sl) {
431 ILOG("Loading device parameters....\n");
432 const chip_params_t *params = NULL;
433 sl->core_id = stlink_core_id(sl);
434 uint32_t chip_id = stlink_chip_id(sl);
437 sl->chip_id = chip_id & 0xfff;
438 /* Fix chip_id for F4 rev A errata , Read CPU ID, as CoreID is the same for F2/F4*/
439 if (sl->chip_id == 0x411) {
440 uint32_t cpuid = stlink_read_debug32(sl, 0xE000ED00);
441 if ((cpuid & 0xfff0) == 0xc240)
445 for (size_t i = 0; i < sizeof(devices) / sizeof(devices[0]); i++) {
446 if(devices[i].chip_id == sl->chip_id) {
447 params = &devices[i];
451 if (params == NULL) {
452 WLOG("unknown chip id! %#x\n", chip_id);
456 // These are fixed...
457 sl->flash_base = STM32_FLASH_BASE;
458 sl->sram_base = STM32_SRAM_BASE;
459 flash_size = stlink_read_debug32(sl,(params->flash_size_reg) & ~3);
460 if (params->flash_size_reg & 2)
461 flash_size = flash_size >>16;
462 flash_size = flash_size & 0xffff;
464 if ((sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS) && ( flash_size == 0 )) {
465 sl->flash_size = 128 * 1024;
466 } else if (sl->chip_id == STM32_CHIPID_L1_CAT2) {
467 sl->flash_size = (flash_size & 0xff) * 1024;
468 } else if ((sl->chip_id & 0xFFF) == STM32_CHIPID_L1_HIGH) {
469 // 0 is 384k and 1 is 256k
470 if ( flash_size == 0 ) {
471 sl->flash_size = 384 * 1024;
473 sl->flash_size = 256 * 1024;
476 sl->flash_size = flash_size * 1024;
478 sl->flash_pgsz = params->flash_pagesize;
479 sl->sram_size = params->sram_size;
480 sl->sys_base = params->bootrom_base;
481 sl->sys_size = params->bootrom_size;
483 //medium and low devices have the same chipid. ram size depends on flash size.
484 //STM32F100xx datasheet Doc ID 16455 Table 2
485 if(sl->chip_id == STM32_CHIPID_F1_VL_MEDIUM_LOW && sl->flash_size < 64 * 1024){
486 sl->sram_size = 0x1000;
489 ILOG("Device connected is: %s, id %#x\n", params->description, chip_id);
490 // TODO make note of variable page size here.....
491 ILOG("SRAM size: %#x bytes (%d KiB), Flash: %#x bytes (%d KiB) in pages of %zd bytes\n",
492 sl->sram_size, sl->sram_size / 1024, sl->flash_size, sl->flash_size / 1024,
497 void stlink_reset(stlink_t *sl) {
498 DLOG("*** stlink_reset ***\n");
499 sl->backend->reset(sl);
502 void stlink_jtag_reset(stlink_t *sl, int value) {
503 DLOG("*** stlink_jtag_reset ***\n");
504 sl->backend->jtag_reset(sl, value);
507 void stlink_run(stlink_t *sl) {
508 DLOG("*** stlink_run ***\n");
509 sl->backend->run(sl);
512 void stlink_status(stlink_t *sl) {
513 DLOG("*** stlink_status ***\n");
514 sl->backend->status(sl);
515 stlink_core_stat(sl);
519 * Decode the version bits, originally from -sg, verified with usb
520 * @param sl stlink context, assumed to contain valid data in the buffer
521 * @param slv output parsed version object
523 void _parse_version(stlink_t *sl, stlink_version_t *slv) {
524 uint32_t b0 = sl->q_buf[0]; //lsb
525 uint32_t b1 = sl->q_buf[1];
526 uint32_t b2 = sl->q_buf[2];
527 uint32_t b3 = sl->q_buf[3];
528 uint32_t b4 = sl->q_buf[4];
529 uint32_t b5 = sl->q_buf[5]; //msb
531 // b0 b1 || b2 b3 | b4 b5
532 // 4b | 6b | 6b || 2B | 2B
533 // stlink_v | jtag_v | swim_v || st_vid | stlink_pid
535 slv->stlink_v = (b0 & 0xf0) >> 4;
536 slv->jtag_v = ((b0 & 0x0f) << 2) | ((b1 & 0xc0) >> 6);
537 slv->swim_v = b1 & 0x3f;
538 slv->st_vid = (b3 << 8) | b2;
539 slv->stlink_pid = (b5 << 8) | b4;
543 void stlink_version(stlink_t *sl) {
544 DLOG("*** looking up stlink version\n");
545 sl->backend->version(sl);
546 _parse_version(sl, &sl->version);
548 DLOG("st vid = 0x%04x (expect 0x%04x)\n", sl->version.st_vid, USB_ST_VID);
549 DLOG("stlink pid = 0x%04x\n", sl->version.stlink_pid);
550 DLOG("stlink version = 0x%x\n", sl->version.stlink_v);
551 DLOG("jtag version = 0x%x\n", sl->version.jtag_v);
552 DLOG("swim version = 0x%x\n", sl->version.swim_v);
553 if (sl->version.jtag_v == 0) {
554 DLOG(" notice: the firmware doesn't support a jtag/swd interface\n");
556 if (sl->version.swim_v == 0) {
557 DLOG(" notice: the firmware doesn't support a swim interface\n");
561 int stlink_target_voltage(stlink_t *sl) {
563 DLOG("*** reading target voltage\n");
564 if (sl->backend->target_voltage != NULL) {
565 voltage = sl->backend->target_voltage(sl);
567 DLOG("target voltage = %ldmV\n", voltage);
569 DLOG("error reading target voltage\n");
572 DLOG("reading voltage not supported by backend\n");
577 uint32_t stlink_read_debug32(stlink_t *sl, uint32_t addr) {
578 uint32_t data = sl->backend->read_debug32(sl, addr);
579 DLOG("*** stlink_read_debug32 %x is %#x\n", data, addr);
583 void stlink_write_debug32(stlink_t *sl, uint32_t addr, uint32_t data) {
584 DLOG("*** stlink_write_debug32 %x to %#x\n", data, addr);
585 sl->backend->write_debug32(sl, addr, data);
588 void stlink_write_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
589 DLOG("*** stlink_write_mem32 %u bytes to %#x\n", len, addr);
591 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n", len % 4);
594 sl->backend->write_mem32(sl, addr, len);
597 void stlink_read_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
598 DLOG("*** stlink_read_mem32 ***\n");
599 if (len % 4 != 0) { // !!! never ever: fw gives just wrong values
600 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n",
604 sl->backend->read_mem32(sl, addr, len);
607 void stlink_write_mem8(stlink_t *sl, uint32_t addr, uint16_t len) {
608 DLOG("*** stlink_write_mem8 ***\n");
609 if (len > 0x40 ) { // !!! never ever: Writing more then 0x40 bytes gives unexpected behaviour
610 fprintf(stderr, "Error: Data length > 64: +%d byte.\n",
614 sl->backend->write_mem8(sl, addr, len);
617 void stlink_read_all_regs(stlink_t *sl, reg *regp) {
618 DLOG("*** stlink_read_all_regs ***\n");
619 sl->backend->read_all_regs(sl, regp);
622 void stlink_read_all_unsupported_regs(stlink_t *sl, reg *regp) {
623 DLOG("*** stlink_read_all_unsupported_regs ***\n");
624 sl->backend->read_all_unsupported_regs(sl, regp);
627 void stlink_write_reg(stlink_t *sl, uint32_t reg, int idx) {
628 DLOG("*** stlink_write_reg\n");
629 sl->backend->write_reg(sl, reg, idx);
632 void stlink_read_reg(stlink_t *sl, int r_idx, reg *regp) {
633 DLOG("*** stlink_read_reg\n");
634 DLOG(" (%d) ***\n", r_idx);
636 if (r_idx > 20 || r_idx < 0) {
637 fprintf(stderr, "Error: register index must be in [0..20]\n");
641 sl->backend->read_reg(sl, r_idx, regp);
644 void stlink_read_unsupported_reg(stlink_t *sl, int r_idx, reg *regp) {
647 DLOG("*** stlink_read_unsupported_reg\n");
648 DLOG(" (%d) ***\n", r_idx);
650 /* Convert to values used by DCRSR */
651 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
653 } else if (r_idx == 0x40) { /* FPSCR */
655 } else if (r_idx >= 0x20 && r_idx < 0x40) {
656 r_convert = 0x40 + (r_idx - 0x20);
658 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
662 sl->backend->read_unsupported_reg(sl, r_convert, regp);
665 void stlink_write_unsupported_reg(stlink_t *sl, uint32_t val, int r_idx, reg *regp) {
668 DLOG("*** stlink_write_unsupported_reg\n");
669 DLOG(" (%d) ***\n", r_idx);
671 /* Convert to values used by DCRSR */
672 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
673 r_convert = r_idx; /* The backend function handles this */
674 } else if (r_idx == 0x40) { /* FPSCR */
676 } else if (r_idx >= 0x20 && r_idx < 0x40) {
677 r_convert = 0x40 + (r_idx - 0x20);
679 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
683 sl->backend->write_unsupported_reg(sl, val, r_convert, regp);
686 unsigned int is_core_halted(stlink_t *sl) {
687 /* return non zero if core is halted */
689 return sl->q_buf[0] == STLINK_CORE_HALTED;
692 void stlink_step(stlink_t *sl) {
693 DLOG("*** stlink_step ***\n");
694 sl->backend->step(sl);
697 int stlink_current_mode(stlink_t *sl) {
698 int mode = sl->backend->current_mode(sl);
700 case STLINK_DEV_DFU_MODE:
701 DLOG("stlink current mode: dfu\n");
703 case STLINK_DEV_DEBUG_MODE:
704 DLOG("stlink current mode: debug (jtag or swd)\n");
706 case STLINK_DEV_MASS_MODE:
707 DLOG("stlink current mode: mass\n");
710 DLOG("stlink mode: unknown!\n");
711 return STLINK_DEV_UNKNOWN_MODE;
717 // End of delegates.... Common code below here...
720 // http://www.ibm.com/developerworks/aix/library/au-endianc/index.html
722 // #define is_bigendian() ( (*(char*)&i) == 0 )
724 inline unsigned int is_bigendian(void) {
725 static volatile const unsigned int i = 1;
726 return *(volatile const char*) &i == 0;
729 uint16_t read_uint16(const unsigned char *c, const int pt) {
731 char *p = (char *) &ui;
733 if (!is_bigendian()) { // le -> le (don't swap)
743 // same as above with entrypoint.
745 void stlink_run_at(stlink_t *sl, stm32_addr_t addr) {
746 stlink_write_reg(sl, addr, 15); /* pc register */
750 while (is_core_halted(sl) == 0)
754 void stlink_core_stat(stlink_t *sl) {
758 switch (sl->q_buf[0]) {
759 case STLINK_CORE_RUNNING:
760 sl->core_stat = STLINK_CORE_RUNNING;
761 DLOG(" core status: running\n");
763 case STLINK_CORE_HALTED:
764 sl->core_stat = STLINK_CORE_HALTED;
765 DLOG(" core status: halted\n");
768 sl->core_stat = STLINK_CORE_STAT_UNKNOWN;
769 fprintf(stderr, " core status: unknown\n");
773 void stlink_print_data(stlink_t * sl) {
774 if (sl->q_len <= 0 || sl->verbose < UDEBUG)
777 fprintf(stdout, "data_len = %d 0x%x\n", sl->q_len, sl->q_len);
779 for (int i = 0; i < sl->q_len; i++) {
782 if (sl->q_data_dir == Q_DATA_OUT)
783 fprintf(stdout, "\n<- 0x%08x ", sl->q_addr + i);
785 fprintf(stdout, "\n-> 0x%08x ", sl->q_addr + i);
788 fprintf(stdout, " %02x", (unsigned int) sl->q_buf[i]);
790 fputs("\n\n", stdout);
793 /* memory mapped file */
795 typedef struct mapped_file {
800 #define MAPPED_FILE_INITIALIZER { NULL, 0 }
802 static int map_file(mapped_file_t* mf, const char* path) {
806 const int fd = open(path, O_RDONLY | O_BINARY);
808 fprintf(stderr, "open(%s) == -1\n", path);
812 if (fstat(fd, &st) == -1) {
813 fprintf(stderr, "fstat() == -1\n");
817 mf->base = (uint8_t*) mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
818 if (mf->base == MAP_FAILED) {
819 fprintf(stderr, "mmap() == MAP_FAILED\n");
823 mf->len = st.st_size;
834 static void unmap_file(mapped_file_t * mf) {
835 munmap((void*) mf->base, mf->len);
836 mf->base = (unsigned char*) MAP_FAILED;
840 /* Limit the block size to compare to 0x1800
841 Anything larger will stall the STLINK2
842 Maybe STLINK V1 needs smaller value!*/
843 static int check_file(stlink_t* sl, mapped_file_t* mf, stm32_addr_t addr) {
845 size_t n_cmp = sl->flash_pgsz;
849 for (off = 0; off < mf->len; off += n_cmp) {
852 /* adjust last page size */
853 size_t cmp_size = n_cmp;
854 if ((off + n_cmp) > mf->len)
855 cmp_size = mf->len - off;
857 aligned_size = cmp_size;
858 if (aligned_size & (4 - 1))
859 aligned_size = (cmp_size + 4) & ~(4 - 1);
861 stlink_read_mem32(sl, addr + off, aligned_size);
863 if (memcmp(sl->q_buf, mf->base + off, cmp_size))
870 int stlink_fwrite_sram
871 (stlink_t * sl, const char* path, stm32_addr_t addr) {
872 /* write the file in sram at addr */
876 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
879 if (map_file(&mf, path) == -1) {
880 fprintf(stderr, "map_file() == -1\n");
884 /* check addr range is inside the sram */
885 if (addr < sl->sram_base) {
886 fprintf(stderr, "addr too low\n");
888 } else if ((addr + mf.len) < addr) {
889 fprintf(stderr, "addr overruns\n");
891 } else if ((addr + mf.len) > (sl->sram_base + sl->sram_size)) {
892 fprintf(stderr, "addr too high\n");
894 } else if ((addr & 3) || (mf.len & 3)) {
896 fprintf(stderr, "unaligned addr or size\n");
899 /* do the copy by 1k blocks */
900 for (off = 0; off < mf.len; off += 1024) {
902 if ((off + size) > mf.len)
905 memcpy(sl->q_buf, mf.base + off, size);
907 /* round size if needed */
911 stlink_write_mem32(sl, addr + off, size);
914 /* check the file ha been written */
915 if (check_file(sl, &mf, addr) == -1) {
916 fprintf(stderr, "check_file() == -1\n");
923 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
924 /* Set PC to the reset routine*/
925 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
933 int stlink_fread(stlink_t* sl, const char* path, stm32_addr_t addr, size_t size) {
934 /* read size bytes from addr to file */
939 unsigned char erased_pattern = (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
940 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
941 || sl->chip_id == STM32_CHIPID_L152_RE) ? 0:0xff;
943 const int fd = open(path, O_RDWR | O_TRUNC | O_CREAT, 00700);
945 fprintf(stderr, "open(%s) == -1\n", path);
950 size = sl->flash_size;
952 if (size > sl->flash_size)
953 size = sl->flash_size;
955 /* do the copy by 1k blocks */
956 for (off = 0; off < size; off += 1024) {
957 size_t read_size = 1024;
960 if ((off + read_size) > size)
961 read_size = size - off;
963 /* round size if needed */
964 rounded_size = read_size;
965 if (rounded_size & 3)
966 rounded_size = (rounded_size + 4) & ~(3);
968 stlink_read_mem32(sl, addr + off, rounded_size);
970 for(index = 0; index < read_size; index ++) {
971 if (sl->q_buf[index] == erased_pattern)
976 if (write(fd, sl->q_buf, read_size) != (ssize_t) read_size) {
977 fprintf(stderr, "write() != read_size\n");
982 /* Ignore NULL Bytes at end of file */
983 if (!ftruncate(fd, size - num_empty)) {
996 int write_buffer_to_sram(stlink_t *sl, flash_loader_t* fl, const uint8_t* buf, size_t size) {
997 /* write the buffer right after the loader */
998 size_t chunk = size & ~0x3;
999 size_t rem = size & 0x3;
1001 memcpy(sl->q_buf, buf, chunk);
1002 stlink_write_mem32(sl, fl->buf_addr, chunk);
1005 memcpy(sl->q_buf, buf+chunk, rem);
1006 stlink_write_mem8(sl, (fl->buf_addr)+chunk, rem);
1011 uint32_t calculate_F4_sectornum(uint32_t flashaddr){
1012 uint32_t offset = 0;
1013 flashaddr &= ~STM32_FLASH_BASE; //Page now holding the actual flash address
1014 if (flashaddr >= 0x100000) {
1016 flashaddr -= 0x100000;
1018 if (flashaddr<0x4000) return (offset + 0);
1019 else if(flashaddr<0x8000) return(offset + 1);
1020 else if(flashaddr<0xc000) return(offset + 2);
1021 else if(flashaddr<0x10000) return(offset + 3);
1022 else if(flashaddr<0x20000) return(offset + 4);
1023 else return offset + (flashaddr/0x20000) +4;
1027 uint32_t stlink_calculate_pagesize(stlink_t *sl, uint32_t flashaddr){
1028 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1029 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
1030 uint32_t sector=calculate_F4_sectornum(flashaddr);
1034 if (sector<4) sl->flash_pgsz=0x4000;
1035 else if(sector<5) sl->flash_pgsz=0x10000;
1036 else sl->flash_pgsz=0x20000;
1038 return (sl->flash_pgsz);
1042 * Erase a page of flash, assumes sl is fully populated with things like chip/core ids
1043 * @param sl stlink context
1044 * @param flashaddr an address in the flash page to erase
1045 * @return 0 on success -ve on failure
1047 int stlink_erase_flash_page(stlink_t *sl, stm32_addr_t flashaddr)
1049 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1050 (sl->chip_id == STM32_CHIPID_F4_LP) || (sl->chip_id == STM32_CHIPID_F4_HD) || (sl->chip_id == STM32_CHIPID_F411RE)) {
1051 /* wait for ongoing op to finish */
1052 wait_flash_busy(sl);
1054 /* unlock if locked */
1055 unlock_flash_if(sl);
1057 /* select the page to erase */
1058 // calculate the actual page from the address
1059 uint32_t sector=calculate_F4_sectornum(flashaddr);
1061 fprintf(stderr, "EraseFlash - Sector:0x%x Size:0x%x\n", sector, stlink_calculate_pagesize(sl, flashaddr));
1063 //the SNB values for flash sectors in the second bank do not directly follow the values for the first bank on 2mb devices...
1064 if (sector >= 12) sector += 4;
1066 write_flash_cr_snb(sl, sector);
1068 /* start erase operation */
1069 set_flash_cr_strt(sl);
1071 /* wait for completion */
1072 wait_flash_busy(sl);
1074 /* relock the flash */
1075 //todo: fails to program if this is in
1078 fprintf(stdout, "Erase Final CR:0x%x\n", read_flash_cr(sl));
1080 } else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
1081 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
1082 || sl->chip_id == STM32_CHIPID_L152_RE || sl->chip_id == STM32_CHIPID_L0) {
1085 uint32_t flash_regs_base;
1086 if (sl->chip_id == STM32_CHIPID_L0) {
1087 flash_regs_base = STM32L0_FLASH_REGS_ADDR;
1089 flash_regs_base = STM32L_FLASH_REGS_ADDR;
1092 /* check if the locks are set */
1093 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1094 if((val & (1<<0))||(val & (1<<1))) {
1095 /* disable pecr protection */
1096 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x89abcdef);
1097 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x02030405);
1099 /* check pecr.pelock is cleared */
1100 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1101 if (val & (1 << 0)) {
1102 WLOG("pecr.pelock not clear (%#x)\n", val);
1106 /* unlock program memory */
1107 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x8c9daebf);
1108 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x13141516);
1110 /* check pecr.prglock is cleared */
1111 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1112 if (val & (1 << 1)) {
1113 WLOG("pecr.prglock not clear (%#x)\n", val);
1118 /* set pecr.{erase,prog} */
1119 val |= (1 << 9) | (1 << 3);
1120 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1121 #if 0 /* fix_to_be_confirmed */
1123 /* wait for sr.busy to be cleared
1124 * MP: Test shows that busy bit is not set here. Perhaps, PM0062 is
1125 * wrong and we do not need to wait here for clearing the busy bit.
1126 * TEXANE: ok, if experience says so and it works for you, we comment
1127 * it. If someone has a problem, please drop an email.
1129 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1132 #endif /* fix_to_be_confirmed */
1134 /* write 0 to the first word of the page to be erased */
1135 stlink_write_debug32(sl, flashaddr, 0);
1137 /* MP: It is better to wait for clearing the busy bit after issuing
1138 page erase command, even though PM0062 recommends to wait before it.
1139 Test shows that a few iterations is performed in the following loop
1140 before busy bit is cleared.*/
1141 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0)
1144 /* reset lock bits */
1145 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF)
1146 | (1 << 0) | (1 << 1) | (1 << 2);
1147 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1148 } else if (sl->core_id == STM32VL_CORE_ID
1149 || sl->core_id == STM32F0_CORE_ID
1150 || sl->chip_id == STM32_CHIPID_F3
1151 || sl->chip_id == STM32_CHIPID_F303_HIGH
1152 || sl->chip_id == STM32_CHIPID_F37x
1153 || sl->chip_id == STM32_CHIPID_F334) {
1154 /* wait for ongoing op to finish */
1155 wait_flash_busy(sl);
1157 /* unlock if locked */
1158 unlock_flash_if(sl);
1160 /* set the page erase bit */
1161 set_flash_cr_per(sl);
1163 /* select the page to erase */
1164 write_flash_ar(sl, flashaddr);
1166 /* start erase operation, reset by hw with bsy bit */
1167 set_flash_cr_strt(sl);
1169 /* wait for completion */
1170 wait_flash_busy(sl);
1172 /* relock the flash */
1175 WLOG("unknown coreid %x, page erase failed\n", sl->core_id);
1179 /* todo: verify the erased page */
1184 int stlink_erase_flash_mass(stlink_t *sl) {
1185 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
1186 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
1187 || sl->chip_id == STM32_CHIPID_L152_RE || sl->chip_id == STM32_CHIPID_L0) {
1188 /* erase each page */
1189 int i = 0, num_pages = sl->flash_size/sl->flash_pgsz;
1190 for (i = 0; i < num_pages; i++) {
1191 /* addr must be an addr inside the page */
1192 stm32_addr_t addr = sl->flash_base + i * sl->flash_pgsz;
1193 if (stlink_erase_flash_page(sl, addr) == -1) {
1194 WLOG("Failed to erase_flash_page(%#zx) == -1\n", addr);
1197 fprintf(stdout,"\rFlash page at %5d/%5d erased", i, num_pages);
1200 fprintf(stdout, "\n");
1202 /* wait for ongoing op to finish */
1203 wait_flash_busy(sl);
1205 /* unlock if locked */
1206 unlock_flash_if(sl);
1208 /* set the mass erase bit */
1209 set_flash_cr_mer(sl);
1211 /* start erase operation, reset by hw with bsy bit */
1212 set_flash_cr_strt(sl);
1214 /* wait for completion */
1215 wait_flash_busy_progress(sl);
1217 /* relock the flash */
1220 /* todo: verify the erased memory */
1225 int init_flash_loader(stlink_t *sl, flash_loader_t* fl) {
1228 /* allocate the loader in sram */
1229 if (write_loader_to_sram(sl, &fl->loader_addr, &size) == -1) {
1230 WLOG("Failed to write flash loader to sram!\n");
1234 /* allocate a one page buffer in sram right after loader */
1235 fl->buf_addr = fl->loader_addr + size;
1236 ILOG("Successfully loaded flash loader in sram\n");
1240 int write_loader_to_sram(stlink_t *sl, stm32_addr_t* addr, size_t* size) {
1241 /* from openocd, contrib/loaders/flash/stm32.s */
1242 static const uint8_t loader_code_stm32vl[] = {
1243 0x08, 0x4c, /* ldr r4, STM32_FLASH_BASE */
1244 0x1c, 0x44, /* add r4, r3 */
1245 /* write_half_word: */
1246 0x01, 0x23, /* movs r3, #0x01 */
1247 0x23, 0x61, /* str r3, [r4, #STM32_FLASH_CR_OFFSET] */
1248 0x30, 0xf8, 0x02, 0x3b, /* ldrh r3, [r0], #0x02 */
1249 0x21, 0xf8, 0x02, 0x3b, /* strh r3, [r1], #0x02 */
1251 0xe3, 0x68, /* ldr r3, [r4, #STM32_FLASH_SR_OFFSET] */
1252 0x13, 0xf0, 0x01, 0x0f, /* tst r3, #0x01 */
1253 0xfb, 0xd0, /* beq busy */
1254 0x13, 0xf0, 0x14, 0x0f, /* tst r3, #0x14 */
1255 0x01, 0xd1, /* bne exit */
1256 0x01, 0x3a, /* subs r2, r2, #0x01 */
1257 0xf0, 0xd1, /* bne write_half_word */
1259 0x00, 0xbe, /* bkpt #0x00 */
1260 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1263 /* flashloaders/stm32f0.s -- thumb1 only, same sequence as for STM32VL, bank ignored */
1264 static const uint8_t loader_code_stm32f0[] = {
1267 * These two NOPs here are a safety precaution, added by Pekka Nikander
1268 * while debugging the STM32F05x support. They may not be needed, but
1269 * there were strange problems with simpler programs, like a program
1270 * that had just a breakpoint or a program that first moved zero to register r2
1271 * and then had a breakpoint. So, it appears safest to have these two nops.
1273 * Feel free to remove them, if you dare, but then please do test the result
1274 * rigorously. Also, if you remove these, it may be a good idea first to
1275 * #if 0 them out, with a comment when these were taken out, and to remove
1276 * these only a few months later... But YMMV.
1278 0x00, 0x30, // nop /* add r0,#0 */
1279 0x00, 0x30, // nop /* add r0,#0 */
1281 0x0A, 0x4C, // ldr r4, STM32_FLASH_BASE
1282 0x01, 0x25, // mov r5, #1 /* FLASH_CR_PG, FLASH_SR_BUSY */
1283 0x04, 0x26, // mov r6, #4 /* PGERR */
1285 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1286 0x2B, 0x43, // orr r3, r5
1287 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR |= FLASH_CR_PG */
1288 0x03, 0x88, // ldrh r3, [r0] /* r3 = *sram */
1289 0x0B, 0x80, // strh r3, [r1] /* *flash = r3 */
1291 0xE3, 0x68, // ldr r3, [r4, #12] /* FLASH->SR */
1292 0x2B, 0x42, // tst r3, r5 /* FLASH_SR_BUSY */
1293 0xFC, 0xD0, // beq busy
1295 0x33, 0x42, // tst r3, r6 /* PGERR */
1296 0x04, 0xD1, // bne exit
1298 0x02, 0x30, // add r0, r0, #2 /* sram += 2 */
1299 0x02, 0x31, // add r1, r1, #2 /* flash += 2 */
1300 0x01, 0x3A, // sub r2, r2, #0x01 /* count-- */
1301 0x00, 0x2A, // cmp r2, #0
1302 0xF0, 0xD1, // bne write_half_word
1304 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1305 0xAB, 0x43, // bic r3, r5
1306 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR &= ~FLASH_CR_PG */
1307 0x00, 0xBE, // bkpt #0x00
1308 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1311 static const uint8_t loader_code_stm32l[] = {
1313 /* openocd.git/contrib/loaders/flash/stm32lx.S
1314 r0, input, dest addr
1315 r1, input, source addr
1316 r2, input, word count
1317 r3, output, word count
1323 0x51, 0xf8, 0x04, 0xcb,
1324 0x40, 0xf8, 0x04, 0xcb,
1332 static const uint8_t loader_code_stm32l0[] = {
1335 r0, input, dest addr
1336 r1, input, source addr
1337 r2, input, word count
1338 r3, output, word count
1355 static const uint8_t loader_code_stm32f4[] = {
1356 // flashloaders/stm32f4.s
1365 0x14, 0xf0, 0x01, 0x0f,
1367 0x00, 0xf1, 0x04, 0x00,
1368 0x01, 0xf1, 0x04, 0x01,
1369 0xa2, 0xf1, 0x01, 0x02,
1374 0x00, 0x3c, 0x02, 0x40,
1377 const uint8_t* loader_code;
1380 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
1381 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
1382 || sl->chip_id == STM32_CHIPID_L152_RE) { /* stm32l */
1383 loader_code = loader_code_stm32l;
1384 loader_size = sizeof(loader_code_stm32l);
1385 } else if (sl->core_id == STM32VL_CORE_ID
1386 || sl->chip_id == STM32_CHIPID_F3
1387 || sl->chip_id == STM32_CHIPID_F303_HIGH
1388 || sl->chip_id == STM32_CHIPID_F37x
1389 || sl->chip_id == STM32_CHIPID_F334) {
1390 loader_code = loader_code_stm32vl;
1391 loader_size = sizeof(loader_code_stm32vl);
1392 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1393 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD || (sl->chip_id == STM32_CHIPID_F411RE)){
1394 loader_code = loader_code_stm32f4;
1395 loader_size = sizeof(loader_code_stm32f4);
1396 } else if (sl->chip_id == STM32_CHIPID_F0 || sl->chip_id == STM32_CHIPID_F04 || sl->chip_id == STM32_CHIPID_F0_CAN || sl->chip_id == STM32_CHIPID_F0_SMALL || sl->chip_id == STM32_CHIPID_F09X) {
1397 loader_code = loader_code_stm32f0;
1398 loader_size = sizeof(loader_code_stm32f0);
1399 } else if (sl->chip_id == STM32_CHIPID_L0) {
1400 loader_code = loader_code_stm32l0;
1401 loader_size = sizeof(loader_code_stm32l0);
1403 ELOG("unknown coreid, not sure what flash loader to use, aborting!: %x\n", sl->core_id);
1407 memcpy(sl->q_buf, loader_code, loader_size);
1408 stlink_write_mem32(sl, sl->sram_base, loader_size);
1410 *addr = sl->sram_base;
1411 *size = loader_size;
1417 int stlink_fcheck_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1418 /* check the contents of path are at addr */
1421 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1423 if (map_file(&mf, path) == -1)
1426 res = check_file(sl, &mf, addr);
1434 * Verify addr..addr+len is binary identical to base...base+len
1435 * @param sl stlink context
1436 * @param address stm device address
1437 * @param data host side buffer to check against
1438 * @param length how much
1439 * @return 0 for success, -ve for failure
1441 int stlink_verify_write_flash(stlink_t *sl, stm32_addr_t address, uint8_t *data, unsigned length) {
1443 size_t cmp_size = (sl->flash_pgsz > 0x1800)? 0x1800:sl->flash_pgsz;
1444 ILOG("Starting verification of write complete\n");
1445 for (off = 0; off < length; off += cmp_size) {
1446 size_t aligned_size;
1448 /* adjust last page size */
1449 if ((off + cmp_size) > length)
1450 cmp_size = length - off;
1452 aligned_size = cmp_size;
1453 if (aligned_size & (4 - 1))
1454 aligned_size = (cmp_size + 4) & ~(4 - 1);
1456 stlink_read_mem32(sl, address + off, aligned_size);
1458 if (memcmp(sl->q_buf, data + off, cmp_size)) {
1459 ELOG("Verification of flash failed at offset: %zd\n", off);
1463 ILOG("Flash written and verified! jolly good!\n");
1468 int stm32l1_write_half_pages(stlink_t *sl, stm32_addr_t addr, uint8_t* base, uint32_t len, uint32_t pagesize)
1471 unsigned int num_half_pages = len / pagesize;
1473 uint32_t flash_regs_base;
1476 if (sl->chip_id == STM32_CHIPID_L0) {
1477 flash_regs_base = STM32L0_FLASH_REGS_ADDR;
1479 flash_regs_base = STM32L_FLASH_REGS_ADDR;
1482 ILOG("Starting Half page flash write for STM32L core id\n");
1483 /* flash loader initialization */
1484 if (init_flash_loader(sl, &fl) == -1) {
1485 WLOG("init_flash_loader() == -1\n");
1488 /* Unlock already done */
1489 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1490 val |= (1 << FLASH_L1_FPRG);
1491 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1493 val |= (1 << FLASH_L1_PROG);
1494 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1495 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0) {}
1497 for (count = 0; count < num_half_pages; count ++) {
1498 if (run_flash_loader(sl, &fl, addr + count * pagesize, base + count * pagesize, pagesize) == -1) {
1499 WLOG("l1_run_flash_loader(%#zx) failed! == -1\n", addr + count * pagesize);
1500 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1501 val &= ~((1 << FLASH_L1_FPRG) |(1 << FLASH_L1_PROG));
1502 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1505 /* wait for sr.busy to be cleared */
1506 if (sl->verbose >= 1) {
1507 /* show progress. writing procedure is slow
1508 and previous errors are misleading */
1509 fprintf(stdout, "\r%3u/%u halfpages written", count + 1, num_half_pages);
1512 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0) {
1515 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1516 val &= ~(1 << FLASH_L1_PROG);
1517 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1518 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1519 val &= ~(1 << FLASH_L1_FPRG);
1520 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1525 int stlink_write_flash(stlink_t *sl, stm32_addr_t addr, uint8_t* base, uint32_t len) {
1528 ILOG("Attempting to write %d (%#x) bytes to stm32 address: %u (%#x)\n",
1529 len, len, addr, addr);
1530 /* check addr range is inside the flash */
1531 stlink_calculate_pagesize(sl, addr);
1532 if (addr < sl->flash_base) {
1533 ELOG("addr too low %#x < %#x\n", addr, sl->flash_base);
1535 } else if ((addr + len) < addr) {
1536 ELOG("addr overruns\n");
1538 } else if ((addr + len) > (sl->flash_base + sl->flash_size)) {
1539 ELOG("addr too high\n");
1541 } else if (addr & 1) {
1542 ELOG("unaligned addr 0x%x\n", addr);
1544 } else if (len & 1) {
1545 WLOG("unaligned len 0x%x -- padding with zero\n", len);
1547 } else if (addr & (sl->flash_pgsz - 1)) {
1548 ELOG("addr not a multiple of pagesize, not supported\n");
1552 // Make sure we've loaded the context with the chip details
1554 /* erase each page */
1556 for (off = 0; off < len; off += stlink_calculate_pagesize(sl, addr + off)) {
1557 /* addr must be an addr inside the page */
1558 if (stlink_erase_flash_page(sl, addr + off) == -1) {
1559 ELOG("Failed to erase_flash_page(%#zx) == -1\n", addr + off);
1562 fprintf(stdout,"\rFlash page at addr: 0x%08lx erased",
1563 (unsigned long)addr + off);
1567 fprintf(stdout,"\n");
1568 ILOG("Finished erasing %d pages of %d (%#x) bytes\n",
1569 page_count, sl->flash_pgsz, sl->flash_pgsz);
1571 if ((sl->chip_id == STM32_CHIPID_F2) ||
1572 (sl->chip_id == STM32_CHIPID_F4) ||
1573 (sl->chip_id == STM32_CHIPID_F4_DE) ||
1574 (sl->chip_id == STM32_CHIPID_F4_LP) ||
1575 (sl->chip_id == STM32_CHIPID_F4_HD) ||
1576 (sl->chip_id == STM32_CHIPID_F411RE)) {
1577 /* todo: check write operation */
1579 ILOG("Starting Flash write for F2/F4\n");
1580 /* flash loader initialization */
1581 if (init_flash_loader(sl, &fl) == -1) {
1582 ELOG("init_flash_loader() == -1\n");
1586 /* First unlock the cr */
1587 unlock_flash_if(sl);
1589 /* TODO: Check that Voltage range is 2.7 - 3.6 V */
1590 /* set parallelisim to 32 bit*/
1591 write_flash_cr_psiz(sl, 2);
1593 /* set programming mode */
1594 set_flash_cr_pg(sl);
1596 for(off = 0; off < len;) {
1597 size_t size = len - off > 0x8000 ? 0x8000 : len - off;
1599 printf("size: %zu\n", size);
1601 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1602 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1614 else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
1615 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
1616 || sl->chip_id == STM32_CHIPID_L152_RE || sl->chip_id == STM32_CHIPID_L0) {
1617 /* use fast word write. todo: half page. */
1619 uint32_t flash_regs_base;
1622 if (sl->chip_id == STM32_CHIPID_L0) {
1623 flash_regs_base = STM32L0_FLASH_REGS_ADDR;
1624 pagesize = L0_WRITE_BLOCK_SIZE;
1626 flash_regs_base = STM32L_FLASH_REGS_ADDR;
1627 pagesize = L1_WRITE_BLOCK_SIZE;
1630 /* todo: check write operation */
1632 /* disable pecr protection */
1633 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x89abcdef);
1634 stlink_write_debug32(sl, flash_regs_base + FLASH_PEKEYR_OFF, 0x02030405);
1636 /* check pecr.pelock is cleared */
1637 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1638 if (val & (1 << 0)) {
1639 fprintf(stderr, "pecr.pelock not clear\n");
1643 /* unlock program memory */
1644 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x8c9daebf);
1645 stlink_write_debug32(sl, flash_regs_base + FLASH_PRGKEYR_OFF, 0x13141516);
1647 /* check pecr.prglock is cleared */
1648 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF);
1649 if (val & (1 << 1)) {
1650 fprintf(stderr, "pecr.prglock not clear\n");
1654 if (len > pagesize) {
1655 if (stm32l1_write_half_pages(sl, addr, base, len, pagesize) == -1) {
1656 /* This may happen on a blank device! */
1657 WLOG("\nwrite_half_pages failed == -1\n");
1659 off = (len / pagesize)*pagesize;
1663 /* write remainingword in program memory */
1664 for ( ; off < len; off += sizeof(uint32_t)) {
1667 fprintf(stdout, "\r");
1669 if ((off % sl->flash_pgsz) > (sl->flash_pgsz -5)) {
1670 fprintf(stdout, "\r%3zd/%3zd pages written",
1671 off/sl->flash_pgsz, len/sl->flash_pgsz);
1675 write_uint32((unsigned char*) &data, *(uint32_t*) (base + off));
1676 stlink_write_debug32(sl, addr + off, data);
1678 /* wait for sr.busy to be cleared */
1679 while ((stlink_read_debug32(sl, flash_regs_base + FLASH_SR_OFF) & (1 << 0)) != 0)
1682 /* todo: check redo write operation */
1685 fprintf(stdout, "\n");
1686 /* reset lock bits */
1687 val = stlink_read_debug32(sl, flash_regs_base + FLASH_PECR_OFF)
1688 | (1 << 0) | (1 << 1) | (1 << 2);
1689 stlink_write_debug32(sl, flash_regs_base + FLASH_PECR_OFF, val);
1690 } else if (sl->core_id == STM32VL_CORE_ID ||
1691 sl->core_id == STM32F0_CORE_ID ||
1692 sl->chip_id == STM32_CHIPID_F3 ||
1693 sl->chip_id == STM32_CHIPID_F303_HIGH ||
1694 sl->chip_id == STM32_CHIPID_F334 ||
1695 sl->chip_id == STM32_CHIPID_F37x) {
1696 ILOG("Starting Flash write for VL/F0/F3 core id\n");
1697 /* flash loader initialization */
1698 if (init_flash_loader(sl, &fl) == -1) {
1699 ELOG("init_flash_loader() == -1\n");
1703 int write_block_count = 0;
1704 for (off = 0; off < len; off += sl->flash_pgsz) {
1705 /* adjust last write size */
1706 size_t size = sl->flash_pgsz;
1707 if ((off + sl->flash_pgsz) > len) size = len - off;
1709 /* unlock and set programming mode */
1710 unlock_flash_if(sl);
1711 set_flash_cr_pg(sl);
1712 //DLOG("Finished setting flash cr pg, running loader!\n");
1713 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1714 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1718 if (sl->verbose >= 1) {
1719 /* show progress. writing procedure is slow
1720 and previous errors are misleading */
1721 fprintf(stdout, "\r%3u/%lu pages written", write_block_count++, (unsigned long)len/sl->flash_pgsz);
1725 fprintf(stdout, "\n");
1727 ELOG("unknown coreid, not sure how to write: %x\n", sl->core_id);
1731 return stlink_verify_write_flash(sl, addr, base, len);
1735 * Write the given binary file into flash at address "addr"
1737 * @param path readable file path, should be binary image
1738 * @param addr where to start writing
1739 * @return 0 on success, -ve on failure.
1741 int stlink_fwrite_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1742 /* write the file in flash at addr */
1744 unsigned int num_empty = 0, index;
1745 unsigned char erased_pattern = (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
1746 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
1747 || sl->chip_id == STM32_CHIPID_L152_RE) ? 0:0xff;
1748 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1749 if (map_file(&mf, path) == -1) {
1750 ELOG("map_file() == -1\n");
1753 for(index = 0; index < mf.len; index ++) {
1754 if (mf.base[index] == erased_pattern)
1759 /* Round down to words */
1760 num_empty -= (num_empty & 3);
1761 if(num_empty != 0) {
1762 ILOG("Ignoring %d bytes of 0x%02x at end of file\n", num_empty, erased_pattern);
1763 mf.len -= num_empty;
1765 err = stlink_write_flash(sl, addr, mf.base, mf.len);
1767 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
1768 /* Set PC to the reset routine*/
1769 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
1775 int run_flash_loader(stlink_t *sl, flash_loader_t* fl, stm32_addr_t target, const uint8_t* buf, size_t size) {
1779 DLOG("Running flash loader, write address:%#x, size: %zd\n", target, size);
1780 // FIXME This can never return -1
1781 if (write_buffer_to_sram(sl, fl, buf, size) == -1) {
1783 ELOG("write_buffer_to_sram() == -1\n");
1787 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
1788 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
1789 || sl->chip_id == STM32_CHIPID_L152_RE || sl->chip_id == STM32_CHIPID_L0) {
1791 size_t count = size / sizeof(uint32_t);
1792 if (size % sizeof(uint32_t)) ++count;
1795 stlink_write_reg(sl, target, 0); /* target */
1796 stlink_write_reg(sl, fl->buf_addr, 1); /* source */
1797 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1798 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1800 } else if (sl->core_id == STM32VL_CORE_ID ||
1801 sl->core_id == STM32F0_CORE_ID ||
1802 sl->chip_id == STM32_CHIPID_F3 ||
1803 sl->chip_id == STM32_CHIPID_F303_HIGH ||
1804 sl->chip_id == STM32_CHIPID_F37x ||
1805 sl->chip_id == STM32_CHIPID_F334) {
1807 size_t count = size / sizeof(uint16_t);
1808 if (size % sizeof(uint16_t)) ++count;
1811 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1812 stlink_write_reg(sl, target, 1); /* target */
1813 stlink_write_reg(sl, count, 2); /* count (16 bits half words) */
1814 stlink_write_reg(sl, 0, 3); /* flash bank 0 (input) */
1815 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1817 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1818 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD || (sl->chip_id == STM32_CHIPID_F411RE)) {
1820 size_t count = size / sizeof(uint32_t);
1821 if (size % sizeof(uint32_t)) ++count;
1824 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1825 stlink_write_reg(sl, target, 1); /* target */
1826 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1827 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1830 fprintf(stderr, "unknown coreid 0x%x, don't know what flash loader to use\n", sl->core_id);
1837 #define WAIT_ROUNDS 10000
1838 /* wait until done (reaches breakpoint) */
1839 for (i = 0; i < WAIT_ROUNDS; i++) {
1841 if (is_core_halted(sl))
1845 if (i >= WAIT_ROUNDS) {
1846 ELOG("flash loader run error\n");
1850 /* check written byte count */
1851 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_CAT2
1852 || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS || sl->chip_id == STM32_CHIPID_L1_HIGH
1853 || sl->chip_id == STM32_CHIPID_L152_RE || sl->chip_id == STM32_CHIPID_L0) {
1855 size_t count = size / sizeof(uint32_t);
1856 if (size % sizeof(uint32_t)) ++count;
1858 stlink_read_reg(sl, 3, &rr);
1859 if (rr.r[3] != count) {
1860 fprintf(stderr, "write error, count == %u\n", rr.r[3]);
1864 } else if (sl->core_id == STM32VL_CORE_ID ||
1865 sl->core_id == STM32F0_CORE_ID ||
1866 sl->chip_id == STM32_CHIPID_F3 ||
1867 sl->chip_id == STM32_CHIPID_F303_HIGH ||
1868 sl->chip_id == STM32_CHIPID_F37x ||
1869 sl->chip_id == STM32_CHIPID_F334) {
1871 stlink_read_reg(sl, 2, &rr);
1873 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1877 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4 || (sl->chip_id == STM32_CHIPID_F4_DE) ||
1878 sl->chip_id == STM32_CHIPID_F4_LP || sl->chip_id == STM32_CHIPID_F4_HD || (sl->chip_id == STM32_CHIPID_F411RE)) {
1880 stlink_read_reg(sl, 2, &rr);
1882 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1888 fprintf(stderr, "unknown coreid 0x%x, can't check written byte count\n", sl->core_id);
projects / fw / stlink / blob