10 #include <sys/types.h>
14 #include "stlink-common.h"
15 #include "uglylogging.h"
22 #define LOG_TAG __FILE__
23 #define DLOG(format, args...) ugly_log(UDEBUG, LOG_TAG, format, ## args)
24 #define ILOG(format, args...) ugly_log(UINFO, LOG_TAG, format, ## args)
25 #define WLOG(format, args...) ugly_log(UWARN, LOG_TAG, format, ## args)
26 #define ELOG(format, args...) ugly_log(UERROR, LOG_TAG, format, ## args)
27 #define fatal(format, args...) ugly_log(UFATAL, LOG_TAG, format, ## args)
29 /* todo: stm32l15xxx flash memory, pm0062 manual */
31 /* stm32f FPEC flash controller interface, pm0063 manual */
32 // TODO - all of this needs to be abstracted out....
33 // STM32F05x is identical, based on RM0091 (DM00031936, Doc ID 018940 Rev 2, August 2012)
34 #define FLASH_REGS_ADDR 0x40022000
35 #define FLASH_REGS_SIZE 0x28
37 #define FLASH_ACR (FLASH_REGS_ADDR + 0x00)
38 #define FLASH_KEYR (FLASH_REGS_ADDR + 0x04)
39 #define FLASH_SR (FLASH_REGS_ADDR + 0x0c)
40 #define FLASH_CR (FLASH_REGS_ADDR + 0x10)
41 #define FLASH_AR (FLASH_REGS_ADDR + 0x14)
42 #define FLASH_OBR (FLASH_REGS_ADDR + 0x1c)
43 #define FLASH_WRPR (FLASH_REGS_ADDR + 0x20)
45 // For STM32F05x, the RDPTR_KEY may be wrong, but as it is not used anywhere...
46 #define FLASH_RDPTR_KEY 0x00a5
47 #define FLASH_KEY1 0x45670123
48 #define FLASH_KEY2 0xcdef89ab
50 #define FLASH_SR_BSY 0
51 #define FLASH_SR_EOP 5
54 #define FLASH_CR_PER 1
55 #define FLASH_CR_MER 2
56 #define FLASH_CR_STRT 6
57 #define FLASH_CR_LOCK 7
60 //32L = 32F1 same CoreID as 32F4!
61 #define STM32L_FLASH_REGS_ADDR ((uint32_t)0x40023c00)
62 #define STM32L_FLASH_ACR (STM32L_FLASH_REGS_ADDR + 0x00)
63 #define STM32L_FLASH_PECR (STM32L_FLASH_REGS_ADDR + 0x04)
64 #define STM32L_FLASH_PDKEYR (STM32L_FLASH_REGS_ADDR + 0x08)
65 #define STM32L_FLASH_PEKEYR (STM32L_FLASH_REGS_ADDR + 0x0c)
66 #define STM32L_FLASH_PRGKEYR (STM32L_FLASH_REGS_ADDR + 0x10)
67 #define STM32L_FLASH_OPTKEYR (STM32L_FLASH_REGS_ADDR + 0x14)
68 #define STM32L_FLASH_SR (STM32L_FLASH_REGS_ADDR + 0x18)
69 #define STM32L_FLASH_OBR (STM32L_FLASH_REGS_ADDR + 0x1c)
70 #define STM32L_FLASH_WRPR (STM32L_FLASH_REGS_ADDR + 0x20)
71 #define FLASH_L1_FPRG 10
72 #define FLASH_L1_PROG 3
76 #define FLASH_F4_REGS_ADDR ((uint32_t)0x40023c00)
77 #define FLASH_F4_KEYR (FLASH_F4_REGS_ADDR + 0x04)
78 #define FLASH_F4_OPT_KEYR (FLASH_F4_REGS_ADDR + 0x08)
79 #define FLASH_F4_SR (FLASH_F4_REGS_ADDR + 0x0c)
80 #define FLASH_F4_CR (FLASH_F4_REGS_ADDR + 0x10)
81 #define FLASH_F4_OPT_CR (FLASH_F4_REGS_ADDR + 0x14)
82 #define FLASH_F4_CR_STRT 16
83 #define FLASH_F4_CR_LOCK 31
84 #define FLASH_F4_CR_SER 1
85 #define FLASH_F4_CR_SNB 3
86 #define FLASH_F4_CR_SNB_MASK 0x38
87 #define FLASH_F4_SR_BSY 16
90 void write_uint32(unsigned char* buf, uint32_t ui) {
91 if (!is_bigendian()) { // le -> le (don't swap)
92 buf[0] = ((unsigned char*) &ui)[0];
93 buf[1] = ((unsigned char*) &ui)[1];
94 buf[2] = ((unsigned char*) &ui)[2];
95 buf[3] = ((unsigned char*) &ui)[3];
97 buf[0] = ((unsigned char*) &ui)[3];
98 buf[1] = ((unsigned char*) &ui)[2];
99 buf[2] = ((unsigned char*) &ui)[1];
100 buf[3] = ((unsigned char*) &ui)[0];
104 void write_uint16(unsigned char* buf, uint16_t ui) {
105 if (!is_bigendian()) { // le -> le (don't swap)
106 buf[0] = ((unsigned char*) &ui)[0];
107 buf[1] = ((unsigned char*) &ui)[1];
109 buf[0] = ((unsigned char*) &ui)[1];
110 buf[1] = ((unsigned char*) &ui)[0];
114 uint32_t read_uint32(const unsigned char *c, const int pt) {
116 char *p = (char *) &ui;
118 if (!is_bigendian()) { // le -> le (don't swap)
132 static uint32_t __attribute__((unused)) read_flash_rdp(stlink_t *sl) {
133 return stlink_read_debug32(sl, FLASH_WRPR) & 0xff;
136 static inline uint32_t read_flash_wrpr(stlink_t *sl) {
137 return stlink_read_debug32(sl, FLASH_WRPR);
140 static inline uint32_t read_flash_obr(stlink_t *sl) {
141 return stlink_read_debug32(sl, FLASH_OBR);
144 static inline uint32_t read_flash_cr(stlink_t *sl) {
146 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
147 (sl->chip_id == STM32_CHIPID_F4_LP))
148 res = stlink_read_debug32(sl, FLASH_F4_CR);
150 res = stlink_read_debug32(sl, FLASH_CR);
152 fprintf(stdout, "CR:0x%x\n", res);
157 static inline unsigned int is_flash_locked(stlink_t *sl) {
158 /* return non zero for true */
159 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
160 (sl->chip_id == STM32_CHIPID_F4_LP))
161 return read_flash_cr(sl) & (1 << FLASH_F4_CR_LOCK);
163 return read_flash_cr(sl) & (1 << FLASH_CR_LOCK);
166 static void unlock_flash(stlink_t *sl) {
167 /* the unlock sequence consists of 2 write cycles where
168 2 key values are written to the FLASH_KEYR register.
169 an invalid sequence results in a definitive lock of
170 the FPEC block until next reset.
172 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
173 (sl->chip_id == STM32_CHIPID_F4_LP)) {
174 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY1);
175 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY2);
177 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY1);
178 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY2);
183 static int unlock_flash_if(stlink_t *sl) {
184 /* unlock flash if already locked */
186 if (is_flash_locked(sl)) {
188 if (is_flash_locked(sl)) {
189 WLOG("Failed to unlock flash!\n");
193 DLOG("Successfully unlocked flash\n");
197 static void lock_flash(stlink_t *sl) {
198 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
199 (sl->chip_id == STM32_CHIPID_F4_LP)) {
200 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_F4_CR_LOCK);
201 stlink_write_debug32(sl, FLASH_F4_CR, n);
203 /* write to 1 only. reset by hw at unlock sequence */
204 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_CR_LOCK);
205 stlink_write_debug32(sl, FLASH_CR, n);
210 static void set_flash_cr_pg(stlink_t *sl) {
211 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
212 (sl->chip_id == STM32_CHIPID_F4_LP)) {
213 uint32_t x = read_flash_cr(sl);
214 x |= (1 << FLASH_CR_PG);
215 stlink_write_debug32(sl, FLASH_F4_CR, x);
217 const uint32_t n = 1 << FLASH_CR_PG;
218 stlink_write_debug32(sl, FLASH_CR, n);
222 static void __attribute__((unused)) clear_flash_cr_pg(stlink_t *sl) {
223 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PG);
224 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
225 (sl->chip_id == STM32_CHIPID_F4_LP))
226 stlink_write_debug32(sl, FLASH_F4_CR, n);
228 stlink_write_debug32(sl, FLASH_CR, n);
231 static void set_flash_cr_per(stlink_t *sl) {
232 const uint32_t n = 1 << FLASH_CR_PER;
233 stlink_write_debug32(sl, FLASH_CR, n);
236 static void __attribute__((unused)) clear_flash_cr_per(stlink_t *sl) {
237 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PER);
238 stlink_write_debug32(sl, FLASH_CR, n);
241 static void set_flash_cr_mer(stlink_t *sl) {
242 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
243 (sl->chip_id == STM32_CHIPID_F4_LP))
244 stlink_write_debug32(sl, FLASH_F4_CR,
245 stlink_read_debug32(sl, FLASH_F4_CR) | (1 << FLASH_CR_MER));
247 stlink_write_debug32(sl, FLASH_CR,
248 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_MER));
251 static void __attribute__((unused)) clear_flash_cr_mer(stlink_t *sl) {
252 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
253 (sl->chip_id == STM32_CHIPID_F4_LP))
254 stlink_write_debug32(sl, FLASH_F4_CR,
255 stlink_read_debug32(sl, FLASH_F4_CR) & ~(1 << FLASH_CR_MER));
257 stlink_write_debug32(sl, FLASH_CR,
258 stlink_read_debug32(sl, FLASH_CR) & ~(1 << FLASH_CR_MER));
261 static void set_flash_cr_strt(stlink_t *sl) {
262 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
263 (sl->chip_id == STM32_CHIPID_F4_LP)) {
264 uint32_t x = read_flash_cr(sl);
265 x |= (1 << FLASH_F4_CR_STRT);
266 stlink_write_debug32(sl, FLASH_F4_CR, x);
268 stlink_write_debug32(sl, FLASH_CR,
269 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_STRT) );
273 static inline uint32_t read_flash_acr(stlink_t *sl) {
274 return stlink_read_debug32(sl, FLASH_ACR);
277 static inline uint32_t read_flash_sr(stlink_t *sl) {
279 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
280 (sl->chip_id == STM32_CHIPID_F4_LP))
281 res = stlink_read_debug32(sl, FLASH_F4_SR);
283 res = stlink_read_debug32(sl, FLASH_SR);
284 //fprintf(stdout, "SR:0x%x\n", *(uint32_t*) sl->q_buf);
288 static inline unsigned int is_flash_busy(stlink_t *sl) {
289 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
290 (sl->chip_id == STM32_CHIPID_F4_LP))
291 return read_flash_sr(sl) & (1 << FLASH_F4_SR_BSY);
293 return read_flash_sr(sl) & (1 << FLASH_SR_BSY);
296 static void wait_flash_busy(stlink_t *sl) {
297 /* todo: add some delays here */
298 while (is_flash_busy(sl))
302 static void wait_flash_busy_progress(stlink_t *sl) {
304 fprintf(stdout, "Mass erasing");
306 while (is_flash_busy(sl)) {
310 fprintf(stdout, ".");
314 fprintf(stdout, "\n");
317 static inline unsigned int is_flash_eop(stlink_t *sl) {
318 return read_flash_sr(sl) & (1 << FLASH_SR_EOP);
321 static void __attribute__((unused)) clear_flash_sr_eop(stlink_t *sl) {
322 const uint32_t n = read_flash_sr(sl) & ~(1 << FLASH_SR_EOP);
323 stlink_write_debug32(sl, FLASH_SR, n);
326 static void __attribute__((unused)) wait_flash_eop(stlink_t *sl) {
327 /* todo: add some delays here */
328 while (is_flash_eop(sl) == 0)
332 static inline void write_flash_ar(stlink_t *sl, uint32_t n) {
333 stlink_write_debug32(sl, FLASH_AR, n);
336 static inline void write_flash_cr_psiz(stlink_t *sl, uint32_t n) {
337 uint32_t x = read_flash_cr(sl);
341 fprintf(stdout, "PSIZ:0x%x 0x%x\n", x, n);
343 stlink_write_debug32(sl, FLASH_F4_CR, x);
347 static inline void write_flash_cr_snb(stlink_t *sl, uint32_t n) {
348 uint32_t x = read_flash_cr(sl);
349 x &= ~FLASH_F4_CR_SNB_MASK;
350 x |= (n << FLASH_F4_CR_SNB);
351 x |= (1 << FLASH_F4_CR_SER);
353 fprintf(stdout, "SNB:0x%x 0x%x\n", x, n);
355 stlink_write_debug32(sl, FLASH_F4_CR, x);
360 static void disable_flash_read_protection(stlink_t *sl) {
361 /* erase the option byte area */
368 // Delegates to the backends...
370 void stlink_close(stlink_t *sl) {
371 DLOG("*** stlink_close ***\n");
372 sl->backend->close(sl);
376 void stlink_exit_debug_mode(stlink_t *sl) {
377 DLOG("*** stlink_exit_debug_mode ***\n");
378 stlink_write_debug32(sl, DHCSR, DBGKEY);
379 sl->backend->exit_debug_mode(sl);
382 void stlink_enter_swd_mode(stlink_t *sl) {
383 DLOG("*** stlink_enter_swd_mode ***\n");
384 sl->backend->enter_swd_mode(sl);
387 // Force the core into the debug mode -> halted state.
388 void stlink_force_debug(stlink_t *sl) {
389 DLOG("*** stlink_force_debug_mode ***\n");
390 sl->backend->force_debug(sl);
393 void stlink_exit_dfu_mode(stlink_t *sl) {
394 DLOG("*** stlink_exit_dfu_mode ***\n");
395 sl->backend->exit_dfu_mode(sl);
398 uint32_t stlink_core_id(stlink_t *sl) {
399 DLOG("*** stlink_core_id ***\n");
400 sl->backend->core_id(sl);
402 stlink_print_data(sl);
403 DLOG("core_id = 0x%08x\n", sl->core_id);
407 uint32_t stlink_chip_id(stlink_t *sl) {
408 uint32_t chip_id = stlink_read_debug32(sl, 0xE0042000);
409 if (chip_id == 0) chip_id = stlink_read_debug32(sl, 0x40015800); //Try Corex M0 DBGMCU_IDCODE register address
414 * Cortex m3 tech ref manual, CPUID register description
415 * @param sl stlink context
416 * @param cpuid pointer to the result object
418 void stlink_cpu_id(stlink_t *sl, cortex_m3_cpuid_t *cpuid) {
419 uint32_t raw = stlink_read_debug32(sl, CM3_REG_CPUID);
420 cpuid->implementer_id = (raw >> 24) & 0x7f;
421 cpuid->variant = (raw >> 20) & 0xf;
422 cpuid->part = (raw >> 4) & 0xfff;
423 cpuid->revision = raw & 0xf;
428 * reads and decodes the flash parameters, as dynamically as possible
430 * @return 0 for success, or -1 for unsupported core type.
432 int stlink_load_device_params(stlink_t *sl) {
433 ILOG("Loading device parameters....\n");
434 const chip_params_t *params = NULL;
435 sl->core_id = stlink_core_id(sl);
436 uint32_t chip_id = stlink_chip_id(sl);
438 sl->chip_id = chip_id & 0xfff;
439 /* Fix chip_id for F4 rev A errata , Read CPU ID, as CoreID is the same for F2/F4*/
440 if (sl->chip_id == 0x411) {
441 uint32_t cpuid = stlink_read_debug32(sl, 0xE000ED00);
442 if ((cpuid & 0xfff0) == 0xc240)
446 for (size_t i = 0; i < sizeof(devices) / sizeof(devices[0]); i++) {
447 if(devices[i].chip_id == sl->chip_id) {
448 params = &devices[i];
452 if (params == NULL) {
453 WLOG("unknown chip id! %#x\n", chip_id);
457 // These are fixed...
458 sl->flash_base = STM32_FLASH_BASE;
459 sl->sram_base = STM32_SRAM_BASE;
461 // read flash size from hardware, if possible...
462 if (sl->chip_id == STM32_CHIPID_F2) {
463 sl->flash_size = 0x100000; /* Use maximum, User must care!*/
464 } else if (sl->chip_id == STM32_CHIPID_F4 ||
465 sl->chip_id == STM32_CHIPID_F4_LP) {
466 sl->flash_size = 0x100000; //todo: RM0090 error; size register same address as unique ID
467 } else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM) {
468 // if the flash size is zero, we assume it is 128k, if not we calculate the real value
469 uint32_t flash_size = stlink_read_debug32(sl,params->flash_size_reg) & 0xffff;
470 if ( flash_size == 0 ) {
471 sl->flash_size = 128 * 1024;
473 sl->flash_size = flash_size * 1024;
475 } else if ((sl->chip_id & 0xFFF) == STM32_CHIPID_L1_MEDIUM_PLUS) {
476 uint32_t flash_size = stlink_read_debug32(sl, params->flash_size_reg) & 0x1;
477 // 0 is 384k and 1 is 256k
478 if ( flash_size == 0 ) {
479 sl->flash_size = 384 * 1024;
481 sl->flash_size = 256 * 1024;
484 uint32_t flash_size = stlink_read_debug32(sl, params->flash_size_reg) & 0xffff;
485 sl->flash_size = flash_size * 1024;
487 sl->flash_pgsz = params->flash_pagesize;
488 sl->sram_size = params->sram_size;
489 sl->sys_base = params->bootrom_base;
490 sl->sys_size = params->bootrom_size;
492 ILOG("Device connected is: %s, id %#x\n", params->description, chip_id);
493 // TODO make note of variable page size here.....
494 ILOG("SRAM size: %#x bytes (%d KiB), Flash: %#x bytes (%d KiB) in pages of %zd bytes\n",
495 sl->sram_size, sl->sram_size / 1024, sl->flash_size, sl->flash_size / 1024,
500 void stlink_reset(stlink_t *sl) {
501 DLOG("*** stlink_reset ***\n");
502 sl->backend->reset(sl);
505 void stlink_jtag_reset(stlink_t *sl, int value) {
506 DLOG("*** stlink_jtag_reset ***\n");
507 sl->backend->jtag_reset(sl, value);
510 void stlink_run(stlink_t *sl) {
511 DLOG("*** stlink_run ***\n");
512 sl->backend->run(sl);
515 void stlink_status(stlink_t *sl) {
516 DLOG("*** stlink_status ***\n");
517 sl->backend->status(sl);
518 stlink_core_stat(sl);
522 * Decode the version bits, originally from -sg, verified with usb
523 * @param sl stlink context, assumed to contain valid data in the buffer
524 * @param slv output parsed version object
526 void _parse_version(stlink_t *sl, stlink_version_t *slv) {
527 uint32_t b0 = sl->q_buf[0]; //lsb
528 uint32_t b1 = sl->q_buf[1];
529 uint32_t b2 = sl->q_buf[2];
530 uint32_t b3 = sl->q_buf[3];
531 uint32_t b4 = sl->q_buf[4];
532 uint32_t b5 = sl->q_buf[5]; //msb
534 // b0 b1 || b2 b3 | b4 b5
535 // 4b | 6b | 6b || 2B | 2B
536 // stlink_v | jtag_v | swim_v || st_vid | stlink_pid
538 slv->stlink_v = (b0 & 0xf0) >> 4;
539 slv->jtag_v = ((b0 & 0x0f) << 2) | ((b1 & 0xc0) >> 6);
540 slv->swim_v = b1 & 0x3f;
541 slv->st_vid = (b3 << 8) | b2;
542 slv->stlink_pid = (b5 << 8) | b4;
546 void stlink_version(stlink_t *sl) {
547 DLOG("*** looking up stlink version\n");
548 sl->backend->version(sl);
549 _parse_version(sl, &sl->version);
551 DLOG("st vid = 0x%04x (expect 0x%04x)\n", sl->version.st_vid, USB_ST_VID);
552 DLOG("stlink pid = 0x%04x\n", sl->version.stlink_pid);
553 DLOG("stlink version = 0x%x\n", sl->version.stlink_v);
554 DLOG("jtag version = 0x%x\n", sl->version.jtag_v);
555 DLOG("swim version = 0x%x\n", sl->version.swim_v);
556 if (sl->version.jtag_v == 0) {
557 DLOG(" notice: the firmware doesn't support a jtag/swd interface\n");
559 if (sl->version.swim_v == 0) {
560 DLOG(" notice: the firmware doesn't support a swim interface\n");
564 uint32_t stlink_read_debug32(stlink_t *sl, uint32_t addr) {
565 uint32_t data = sl->backend->read_debug32(sl, addr);
566 DLOG("*** stlink_read_debug32 %x is %#x\n", data, addr);
570 void stlink_write_debug32(stlink_t *sl, uint32_t addr, uint32_t data) {
571 DLOG("*** stlink_write_debug32 %x to %#x\n", data, addr);
572 sl->backend->write_debug32(sl, addr, data);
575 void stlink_write_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
576 DLOG("*** stlink_write_mem32 %u bytes to %#x\n", len, addr);
578 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n", len % 4);
581 sl->backend->write_mem32(sl, addr, len);
584 void stlink_read_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
585 DLOG("*** stlink_read_mem32 ***\n");
586 if (len % 4 != 0) { // !!! never ever: fw gives just wrong values
587 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n",
591 sl->backend->read_mem32(sl, addr, len);
594 void stlink_write_mem8(stlink_t *sl, uint32_t addr, uint16_t len) {
595 DLOG("*** stlink_write_mem8 ***\n");
596 if (len > 0x40 ) { // !!! never ever: Writing more then 0x40 bytes gives unexpected behaviour
597 fprintf(stderr, "Error: Data length > 64: +%d byte.\n",
601 sl->backend->write_mem8(sl, addr, len);
604 void stlink_read_all_regs(stlink_t *sl, reg *regp) {
605 DLOG("*** stlink_read_all_regs ***\n");
606 sl->backend->read_all_regs(sl, regp);
609 void stlink_read_all_unsupported_regs(stlink_t *sl, reg *regp) {
610 DLOG("*** stlink_read_all_unsupported_regs ***\n");
611 sl->backend->read_all_unsupported_regs(sl, regp);
614 void stlink_write_reg(stlink_t *sl, uint32_t reg, int idx) {
615 DLOG("*** stlink_write_reg\n");
616 sl->backend->write_reg(sl, reg, idx);
619 void stlink_read_reg(stlink_t *sl, int r_idx, reg *regp) {
620 DLOG("*** stlink_read_reg\n");
621 DLOG(" (%d) ***\n", r_idx);
623 if (r_idx > 20 || r_idx < 0) {
624 fprintf(stderr, "Error: register index must be in [0..20]\n");
628 sl->backend->read_reg(sl, r_idx, regp);
631 void stlink_read_unsupported_reg(stlink_t *sl, int r_idx, reg *regp) {
634 DLOG("*** stlink_read_unsupported_reg\n");
635 DLOG(" (%d) ***\n", r_idx);
637 /* Convert to values used by DCRSR */
638 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
640 } else if (r_idx == 0x40) { /* FPSCR */
642 } else if (r_idx >= 0x20 && r_idx < 0x40) {
643 r_convert = 0x40 + (r_idx - 0x20);
645 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
649 sl->backend->read_unsupported_reg(sl, r_convert, regp);
652 void stlink_write_unsupported_reg(stlink_t *sl, uint32_t val, int r_idx, reg *regp) {
655 DLOG("*** stlink_write_unsupported_reg\n");
656 DLOG(" (%d) ***\n", r_idx);
658 /* Convert to values used by DCRSR */
659 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
660 r_convert = r_idx; /* The backend function handles this */
661 } else if (r_idx == 0x40) { /* FPSCR */
663 } else if (r_idx >= 0x20 && r_idx < 0x40) {
664 r_convert = 0x40 + (r_idx - 0x20);
666 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
670 sl->backend->write_unsupported_reg(sl, val, r_convert, regp);
673 unsigned int is_core_halted(stlink_t *sl) {
674 /* return non zero if core is halted */
676 return sl->q_buf[0] == STLINK_CORE_HALTED;
679 void stlink_step(stlink_t *sl) {
680 DLOG("*** stlink_step ***\n");
681 sl->backend->step(sl);
684 int stlink_current_mode(stlink_t *sl) {
685 int mode = sl->backend->current_mode(sl);
687 case STLINK_DEV_DFU_MODE:
688 DLOG("stlink current mode: dfu\n");
690 case STLINK_DEV_DEBUG_MODE:
691 DLOG("stlink current mode: debug (jtag or swd)\n");
693 case STLINK_DEV_MASS_MODE:
694 DLOG("stlink current mode: mass\n");
697 DLOG("stlink mode: unknown!\n");
698 return STLINK_DEV_UNKNOWN_MODE;
704 // End of delegates.... Common code below here...
707 // http://www.ibm.com/developerworks/aix/library/au-endianc/index.html
709 // #define is_bigendian() ( (*(char*)&i) == 0 )
711 inline unsigned int is_bigendian(void) {
712 static volatile const unsigned int i = 1;
713 return *(volatile const char*) &i == 0;
716 uint16_t read_uint16(const unsigned char *c, const int pt) {
718 char *p = (char *) &ui;
720 if (!is_bigendian()) { // le -> le (don't swap)
730 // same as above with entrypoint.
732 void stlink_run_at(stlink_t *sl, stm32_addr_t addr) {
733 stlink_write_reg(sl, addr, 15); /* pc register */
737 while (is_core_halted(sl) == 0)
741 void stlink_core_stat(stlink_t *sl) {
745 switch (sl->q_buf[0]) {
746 case STLINK_CORE_RUNNING:
747 sl->core_stat = STLINK_CORE_RUNNING;
748 DLOG(" core status: running\n");
750 case STLINK_CORE_HALTED:
751 sl->core_stat = STLINK_CORE_HALTED;
752 DLOG(" core status: halted\n");
755 sl->core_stat = STLINK_CORE_STAT_UNKNOWN;
756 fprintf(stderr, " core status: unknown\n");
760 void stlink_print_data(stlink_t * sl) {
761 if (sl->q_len <= 0 || sl->verbose < UDEBUG)
764 fprintf(stdout, "data_len = %d 0x%x\n", sl->q_len, sl->q_len);
766 for (int i = 0; i < sl->q_len; i++) {
769 if (sl->q_data_dir == Q_DATA_OUT)
770 fprintf(stdout, "\n<- 0x%08x ", sl->q_addr + i);
772 fprintf(stdout, "\n-> 0x%08x ", sl->q_addr + i);
775 fprintf(stdout, " %02x", (unsigned int) sl->q_buf[i]);
777 fputs("\n\n", stdout);
780 /* memory mapped file */
782 typedef struct mapped_file {
787 #define MAPPED_FILE_INITIALIZER { NULL, 0 }
789 static int map_file(mapped_file_t* mf, const char* path) {
793 const int fd = open(path, O_RDONLY | O_BINARY);
795 fprintf(stderr, "open(%s) == -1\n", path);
799 if (fstat(fd, &st) == -1) {
800 fprintf(stderr, "fstat() == -1\n");
804 mf->base = (uint8_t*) mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
805 if (mf->base == MAP_FAILED) {
806 fprintf(stderr, "mmap() == MAP_FAILED\n");
810 mf->len = st.st_size;
821 static void unmap_file(mapped_file_t * mf) {
822 munmap((void*) mf->base, mf->len);
823 mf->base = (unsigned char*) MAP_FAILED;
827 /* Limit the block size to compare to 0x1800
828 Anything larger will stall the STLINK2
829 Maybe STLINK V1 needs smaller value!*/
830 static int check_file(stlink_t* sl, mapped_file_t* mf, stm32_addr_t addr) {
832 size_t n_cmp = sl->flash_pgsz;
836 for (off = 0; off < mf->len; off += n_cmp) {
839 /* adjust last page size */
840 size_t cmp_size = n_cmp;
841 if ((off + n_cmp) > mf->len)
842 cmp_size = mf->len - off;
844 aligned_size = cmp_size;
845 if (aligned_size & (4 - 1))
846 aligned_size = (cmp_size + 4) & ~(4 - 1);
848 stlink_read_mem32(sl, addr + off, aligned_size);
850 if (memcmp(sl->q_buf, mf->base + off, cmp_size))
857 int stlink_fwrite_sram
858 (stlink_t * sl, const char* path, stm32_addr_t addr) {
859 /* write the file in sram at addr */
863 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
866 if (map_file(&mf, path) == -1) {
867 fprintf(stderr, "map_file() == -1\n");
871 /* check addr range is inside the sram */
872 if (addr < sl->sram_base) {
873 fprintf(stderr, "addr too low\n");
875 } else if ((addr + mf.len) < addr) {
876 fprintf(stderr, "addr overruns\n");
878 } else if ((addr + mf.len) > (sl->sram_base + sl->sram_size)) {
879 fprintf(stderr, "addr too high\n");
881 } else if ((addr & 3) || (mf.len & 3)) {
883 fprintf(stderr, "unaligned addr or size\n");
886 /* do the copy by 1k blocks */
887 for (off = 0; off < mf.len; off += 1024) {
889 if ((off + size) > mf.len)
892 memcpy(sl->q_buf, mf.base + off, size);
894 /* round size if needed */
898 stlink_write_mem32(sl, addr + off, size);
901 /* check the file ha been written */
902 if (check_file(sl, &mf, addr) == -1) {
903 fprintf(stderr, "check_file() == -1\n");
910 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
911 /* Set PC to the reset routine*/
912 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
920 int stlink_fread(stlink_t* sl, const char* path, stm32_addr_t addr, size_t size) {
921 /* read size bytes from addr to file */
926 unsigned char erased_pattern = (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS)?0:0xff;
928 const int fd = open(path, O_RDWR | O_TRUNC | O_CREAT, 00700);
930 fprintf(stderr, "open(%s) == -1\n", path);
935 size = sl->flash_size;
937 if (size > sl->flash_size)
938 size = sl->flash_size;
940 /* do the copy by 1k blocks */
941 for (off = 0; off < size; off += 1024) {
942 size_t read_size = 1024;
945 if ((off + read_size) > size)
946 read_size = size - off;
948 /* round size if needed */
949 rounded_size = read_size;
950 if (rounded_size & 3)
951 rounded_size = (rounded_size + 4) & ~(3);
953 stlink_read_mem32(sl, addr + off, rounded_size);
955 for(index = 0; index < read_size; index ++) {
956 if (sl->q_buf[index] == erased_pattern)
961 if (write(fd, sl->q_buf, read_size) != (ssize_t) read_size) {
962 fprintf(stderr, "write() != read_size\n");
967 /* Ignore NULL Bytes at end of file */
968 if (!ftruncate(fd, size - num_empty)) {
981 int write_buffer_to_sram(stlink_t *sl, flash_loader_t* fl, const uint8_t* buf, size_t size) {
982 /* write the buffer right after the loader */
983 size_t chunk = size & ~0x3;
984 size_t rem = size & 0x3;
986 memcpy(sl->q_buf, buf, chunk);
987 stlink_write_mem32(sl, fl->buf_addr, chunk);
990 memcpy(sl->q_buf, buf+chunk, rem);
991 stlink_write_mem8(sl, (fl->buf_addr)+chunk, rem);
996 uint32_t calculate_F4_sectornum(uint32_t flashaddr){
997 flashaddr &= ~STM32_FLASH_BASE; //Page now holding the actual flash address
998 if (flashaddr<0x4000) return (0);
999 else if(flashaddr<0x8000) return(1);
1000 else if(flashaddr<0xc000) return(2);
1001 else if(flashaddr<0x10000) return(3);
1002 else if(flashaddr<0x20000) return(4);
1003 else return(flashaddr/0x20000)+4;
1007 uint32_t stlink_calculate_pagesize(stlink_t *sl, uint32_t flashaddr){
1008 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
1009 (sl->chip_id == STM32_CHIPID_F4_LP)) {
1010 uint32_t sector=calculate_F4_sectornum(flashaddr);
1011 if (sector<4) sl->flash_pgsz=0x4000;
1012 else if(sector<5) sl->flash_pgsz=0x10000;
1013 else sl->flash_pgsz=0x20000;
1015 return (sl->flash_pgsz);
1019 * Erase a page of flash, assumes sl is fully populated with things like chip/core ids
1020 * @param sl stlink context
1021 * @param flashaddr an address in the flash page to erase
1022 * @return 0 on success -ve on failure
1024 int stlink_erase_flash_page(stlink_t *sl, stm32_addr_t flashaddr)
1026 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
1027 (sl->chip_id == STM32_CHIPID_F4_LP)) {
1028 /* wait for ongoing op to finish */
1029 wait_flash_busy(sl);
1031 /* unlock if locked */
1032 unlock_flash_if(sl);
1034 /* select the page to erase */
1035 // calculate the actual page from the address
1036 uint32_t sector=calculate_F4_sectornum(flashaddr);
1038 fprintf(stderr, "EraseFlash - Sector:0x%x Size:0x%x\n", sector, stlink_calculate_pagesize(sl, flashaddr));
1039 write_flash_cr_snb(sl, sector);
1041 /* start erase operation */
1042 set_flash_cr_strt(sl);
1044 /* wait for completion */
1045 wait_flash_busy(sl);
1047 /* relock the flash */
1048 //todo: fails to program if this is in
1051 fprintf(stdout, "Erase Final CR:0x%x\n", read_flash_cr(sl));
1053 } else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS) {
1057 /* check if the locks are set */
1058 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1059 if((val & (1<<0))||(val & (1<<1))) {
1060 /* disable pecr protection */
1061 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x89abcdef);
1062 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x02030405);
1064 /* check pecr.pelock is cleared */
1065 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1066 if (val & (1 << 0)) {
1067 WLOG("pecr.pelock not clear (%#x)\n", val);
1071 /* unlock program memory */
1072 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x8c9daebf);
1073 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x13141516);
1075 /* check pecr.prglock is cleared */
1076 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1077 if (val & (1 << 1)) {
1078 WLOG("pecr.prglock not clear (%#x)\n", val);
1083 /* unused: unlock the option byte block */
1085 stlink_write_debug32(sl, STM32L_FLASH_OPTKEYR, 0xfbead9c8);
1086 stlink_write_debug32(sl, STM32L_FLASH_OPTKEYR, 0x24252627);
1088 /* check pecr.optlock is cleared */
1089 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1090 if (val & (1 << 2)) {
1091 fprintf(stderr, "pecr.prglock not clear\n");
1096 /* set pecr.{erase,prog} */
1097 val |= (1 << 9) | (1 << 3);
1098 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1100 #if 0 /* fix_to_be_confirmed */
1102 /* wait for sr.busy to be cleared
1103 MP: Test shows that busy bit is not set here. Perhaps, PM0062 is
1104 wrong and we do not need to wait here for clearing the busy bit.
1105 TEXANE: ok, if experience says so and it works for you, we comment
1106 it. If someone has a problem, please drop an email.
1108 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1111 #endif /* fix_to_be_confirmed */
1113 /* write 0 to the first word of the page to be erased */
1114 stlink_write_debug32(sl, flashaddr, 0);
1116 /* MP: It is better to wait for clearing the busy bit after issuing
1117 page erase command, even though PM0062 recommends to wait before it.
1118 Test shows that a few iterations is performed in the following loop
1119 before busy bit is cleared.*/
1120 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1123 /* reset lock bits */
1124 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
1125 | (1 << 0) | (1 << 1) | (1 << 2);
1126 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1127 } else if (sl->core_id == STM32VL_CORE_ID
1128 || sl->core_id == STM32F0_CORE_ID
1129 || sl->chip_id == STM32_CHIPID_F3
1130 || sl->chip_id == STM32_CHIPID_F37x) {
1131 /* wait for ongoing op to finish */
1132 wait_flash_busy(sl);
1134 /* unlock if locked */
1135 unlock_flash_if(sl);
1137 /* set the page erase bit */
1138 set_flash_cr_per(sl);
1140 /* select the page to erase */
1141 write_flash_ar(sl, flashaddr);
1143 /* start erase operation, reset by hw with bsy bit */
1144 set_flash_cr_strt(sl);
1146 /* wait for completion */
1147 wait_flash_busy(sl);
1149 /* relock the flash */
1152 WLOG("unknown coreid %x, page erase failed\n", sl->core_id);
1156 /* todo: verify the erased page */
1161 int stlink_erase_flash_mass(stlink_t *sl) {
1162 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS ) {
1163 /* erase each page */
1164 int i = 0, num_pages = sl->flash_size/sl->flash_pgsz;
1165 for (i = 0; i < num_pages; i++) {
1166 /* addr must be an addr inside the page */
1167 stm32_addr_t addr = sl->flash_base + i * sl->flash_pgsz;
1168 if (stlink_erase_flash_page(sl, addr) == -1) {
1169 WLOG("Failed to erase_flash_page(%#zx) == -1\n", addr);
1172 fprintf(stdout,"\rFlash page at %5d/%5d erased", i, num_pages);
1175 fprintf(stdout, "\n");
1177 /* wait for ongoing op to finish */
1178 wait_flash_busy(sl);
1180 /* unlock if locked */
1181 unlock_flash_if(sl);
1183 /* set the mass erase bit */
1184 set_flash_cr_mer(sl);
1186 /* start erase operation, reset by hw with bsy bit */
1187 set_flash_cr_strt(sl);
1189 /* wait for completion */
1190 wait_flash_busy_progress(sl);
1192 /* relock the flash */
1195 /* todo: verify the erased memory */
1200 int init_flash_loader(stlink_t *sl, flash_loader_t* fl) {
1203 /* allocate the loader in sram */
1204 if (write_loader_to_sram(sl, &fl->loader_addr, &size) == -1) {
1205 WLOG("Failed to write flash loader to sram!\n");
1209 /* allocate a one page buffer in sram right after loader */
1210 fl->buf_addr = fl->loader_addr + size;
1211 ILOG("Successfully loaded flash loader in sram\n");
1215 int write_loader_to_sram(stlink_t *sl, stm32_addr_t* addr, size_t* size) {
1216 /* from openocd, contrib/loaders/flash/stm32.s */
1217 static const uint8_t loader_code_stm32vl[] = {
1218 0x08, 0x4c, /* ldr r4, STM32_FLASH_BASE */
1219 0x1c, 0x44, /* add r4, r3 */
1220 /* write_half_word: */
1221 0x01, 0x23, /* movs r3, #0x01 */
1222 0x23, 0x61, /* str r3, [r4, #STM32_FLASH_CR_OFFSET] */
1223 0x30, 0xf8, 0x02, 0x3b, /* ldrh r3, [r0], #0x02 */
1224 0x21, 0xf8, 0x02, 0x3b, /* strh r3, [r1], #0x02 */
1226 0xe3, 0x68, /* ldr r3, [r4, #STM32_FLASH_SR_OFFSET] */
1227 0x13, 0xf0, 0x01, 0x0f, /* tst r3, #0x01 */
1228 0xfb, 0xd0, /* beq busy */
1229 0x13, 0xf0, 0x14, 0x0f, /* tst r3, #0x14 */
1230 0x01, 0xd1, /* bne exit */
1231 0x01, 0x3a, /* subs r2, r2, #0x01 */
1232 0xf0, 0xd1, /* bne write_half_word */
1234 0x00, 0xbe, /* bkpt #0x00 */
1235 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1238 /* flashloaders/stm32f0.s -- thumb1 only, same sequence as for STM32VL, bank ignored */
1239 static const uint8_t loader_code_stm32f0[] = {
1242 * These two NOPs here are a safety precaution, added by Pekka Nikander
1243 * while debugging the STM32F05x support. They may not be needed, but
1244 * there were strange problems with simpler programs, like a program
1245 * that had just a breakpoint or a program that first moved zero to register r2
1246 * and then had a breakpoint. So, it appears safest to have these two nops.
1248 * Feel free to remove them, if you dare, but then please do test the result
1249 * rigorously. Also, if you remove these, it may be a good idea first to
1250 * #if 0 them out, with a comment when these were taken out, and to remove
1251 * these only a few months later... But YMMV.
1253 0x00, 0x30, // nop /* add r0,#0 */
1254 0x00, 0x30, // nop /* add r0,#0 */
1256 0x0A, 0x4C, // ldr r4, STM32_FLASH_BASE
1257 0x01, 0x25, // mov r5, #1 /* FLASH_CR_PG, FLASH_SR_BUSY */
1258 0x04, 0x26, // mov r6, #4 /* PGERR */
1260 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1261 0x2B, 0x43, // orr r3, r5
1262 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR |= FLASH_CR_PG */
1263 0x03, 0x88, // ldrh r3, [r0] /* r3 = *sram */
1264 0x0B, 0x80, // strh r3, [r1] /* *flash = r3 */
1266 0xE3, 0x68, // ldr r3, [r4, #12] /* FLASH->SR */
1267 0x2B, 0x42, // tst r3, r5 /* FLASH_SR_BUSY */
1268 0xFC, 0xD0, // beq busy
1270 0x33, 0x42, // tst r3, r6 /* PGERR */
1271 0x04, 0xD1, // bne exit
1273 0x02, 0x30, // add r0, r0, #2 /* sram += 2 */
1274 0x02, 0x31, // add r1, r1, #2 /* flash += 2 */
1275 0x01, 0x3A, // sub r2, r2, #0x01 /* count-- */
1276 0x00, 0x2A, // cmp r2, #0
1277 0xF0, 0xD1, // bne write_half_word
1279 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1280 0xAB, 0x43, // bic r3, r5
1281 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR &= ~FLASH_CR_PG */
1282 0x00, 0xBE, // bkpt #0x00
1283 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1286 static const uint8_t loader_code_stm32l[] = {
1288 /* openocd.git/contrib/loaders/flash/stm32lx.S
1289 r0, input, dest addr
1290 r1, input, source addr
1291 r2, input, word count
1292 r3, output, word count
1298 0x51, 0xf8, 0x04, 0xcb,
1299 0x40, 0xf8, 0x04, 0xcb,
1307 static const uint8_t loader_code_stm32f4[] = {
1308 // flashloaders/stm32f4.s
1317 0x14, 0xf0, 0x01, 0x0f,
1319 0x00, 0xf1, 0x04, 0x00,
1320 0x01, 0xf1, 0x04, 0x01,
1321 0xa2, 0xf1, 0x01, 0x02,
1326 0x00, 0x3c, 0x02, 0x40,
1329 const uint8_t* loader_code;
1332 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS ) { /* stm32l */
1333 loader_code = loader_code_stm32l;
1334 loader_size = sizeof(loader_code_stm32l);
1335 } else if (sl->core_id == STM32VL_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1336 loader_code = loader_code_stm32vl;
1337 loader_size = sizeof(loader_code_stm32vl);
1338 } else if (sl->chip_id == STM32_CHIPID_F2 ||
1339 sl->chip_id == STM32_CHIPID_F4 || sl->chip_id == STM32_CHIPID_F4_LP) {
1340 loader_code = loader_code_stm32f4;
1341 loader_size = sizeof(loader_code_stm32f4);
1342 } else if (sl->chip_id == STM32_CHIPID_F0 || sl->chip_id == STM32_CHIPID_F0_SMALL) {
1343 loader_code = loader_code_stm32f0;
1344 loader_size = sizeof(loader_code_stm32f0);
1346 ELOG("unknown coreid, not sure what flash loader to use, aborting!: %x\n", sl->core_id);
1350 memcpy(sl->q_buf, loader_code, loader_size);
1351 stlink_write_mem32(sl, sl->sram_base, loader_size);
1353 *addr = sl->sram_base;
1354 *size = loader_size;
1360 int stlink_fcheck_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1361 /* check the contents of path are at addr */
1364 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1366 if (map_file(&mf, path) == -1)
1369 res = check_file(sl, &mf, addr);
1377 * Verify addr..addr+len is binary identical to base...base+len
1378 * @param sl stlink context
1379 * @param address stm device address
1380 * @param data host side buffer to check against
1381 * @param length how much
1382 * @return 0 for success, -ve for failure
1384 int stlink_verify_write_flash(stlink_t *sl, stm32_addr_t address, uint8_t *data, unsigned length) {
1386 size_t cmp_size = (sl->flash_pgsz > 0x1800)? 0x1800:sl->flash_pgsz;
1387 ILOG("Starting verification of write complete\n");
1388 for (off = 0; off < length; off += cmp_size) {
1389 size_t aligned_size;
1391 /* adjust last page size */
1392 if ((off + cmp_size) > length)
1393 cmp_size = length - off;
1395 aligned_size = cmp_size;
1396 if (aligned_size & (4 - 1))
1397 aligned_size = (cmp_size + 4) & ~(4 - 1);
1399 stlink_read_mem32(sl, address + off, aligned_size);
1401 if (memcmp(sl->q_buf, data + off, cmp_size)) {
1402 ELOG("Verification of flash failed at offset: %zd\n", off);
1406 ILOG("Flash written and verified! jolly good!\n");
1411 int stm32l1_write_half_pages(stlink_t *sl, stm32_addr_t addr, uint8_t* base, unsigned num_half_pages)
1417 ILOG("Starting Half page flash write for STM32L core id\n");
1418 /* flash loader initialization */
1419 if (init_flash_loader(sl, &fl) == -1) {
1420 WLOG("init_flash_loader() == -1\n");
1423 /* Unlock already done */
1424 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1425 val |= (1 << FLASH_L1_FPRG);
1426 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1428 val |= (1 << FLASH_L1_PROG);
1429 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1430 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0) {}
1432 #define L1_WRITE_BLOCK_SIZE 0x80
1433 for (count = 0; count < num_half_pages; count ++) {
1434 if (run_flash_loader(sl, &fl, addr + count * L1_WRITE_BLOCK_SIZE, base + count * L1_WRITE_BLOCK_SIZE, L1_WRITE_BLOCK_SIZE) == -1) {
1435 WLOG("l1_run_flash_loader(%#zx) failed! == -1\n", addr + count * L1_WRITE_BLOCK_SIZE);
1436 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1437 val &= ~((1 << FLASH_L1_FPRG) |(1 << FLASH_L1_PROG));
1438 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1441 /* wait for sr.busy to be cleared */
1442 if (sl->verbose >= 1) {
1443 /* show progress. writing procedure is slow
1444 and previous errors are misleading */
1445 fprintf(stdout, "\r%3u/%u halfpages written", count + 1, num_half_pages);
1448 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0) {
1451 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1452 val &= ~(1 << FLASH_L1_PROG);
1453 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1454 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1455 val &= ~(1 << FLASH_L1_FPRG);
1456 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1461 int stlink_write_flash(stlink_t *sl, stm32_addr_t addr, uint8_t* base, uint32_t len) {
1464 ILOG("Attempting to write %d (%#x) bytes to stm32 address: %u (%#x)\n",
1465 len, len, addr, addr);
1466 /* check addr range is inside the flash */
1467 stlink_calculate_pagesize(sl, addr);
1468 if (addr < sl->flash_base) {
1469 ELOG("addr too low %#x < %#x\n", addr, sl->flash_base);
1471 } else if ((addr + len) < addr) {
1472 ELOG("addr overruns\n");
1474 } else if ((addr + len) > (sl->flash_base + sl->flash_size)) {
1475 ELOG("addr too high\n");
1477 } else if (addr & 1) {
1478 ELOG("unaligned addr 0x%x\n", addr);
1480 } else if (len & 1) {
1481 WLOG("unaligned len 0x%x -- padding with zero\n", len);
1483 } else if (addr & (sl->flash_pgsz - 1)) {
1484 ELOG("addr not a multiple of pagesize, not supported\n");
1488 // Make sure we've loaded the context with the chip details
1490 /* erase each page */
1492 for (off = 0; off < len; off += stlink_calculate_pagesize(sl, addr + off)) {
1493 /* addr must be an addr inside the page */
1494 if (stlink_erase_flash_page(sl, addr + off) == -1) {
1495 ELOG("Failed to erase_flash_page(%#zx) == -1\n", addr + off);
1498 fprintf(stdout,"\rFlash page at addr: 0x%08lx erased",
1499 (unsigned long)addr + off);
1503 fprintf(stdout,"\n");
1504 ILOG("Finished erasing %d pages of %d (%#x) bytes\n",
1505 page_count, sl->flash_pgsz, sl->flash_pgsz);
1507 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4) ||
1508 (sl->chip_id == STM32_CHIPID_F4_LP)) {
1509 /* todo: check write operation */
1511 ILOG("Starting Flash write for F2/F4\n");
1512 /* flash loader initialization */
1513 if (init_flash_loader(sl, &fl) == -1) {
1514 ELOG("init_flash_loader() == -1\n");
1518 /* First unlock the cr */
1519 unlock_flash_if(sl);
1521 /* TODO: Check that Voltage range is 2.7 - 3.6 V */
1522 /* set parallelisim to 32 bit*/
1523 write_flash_cr_psiz(sl, 2);
1525 /* set programming mode */
1526 set_flash_cr_pg(sl);
1528 for(off = 0; off < len;) {
1529 size_t size = len - off > 0x8000 ? 0x8000 : len - off;
1531 printf("size: %zu\n", size);
1533 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1534 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1542 #define PROGRESS_CHUNK_SIZE 0x1000
1543 /* write a word in program memory */
1544 for (off = 0; off < len; off += sizeof(uint32_t)) {
1546 if (sl->verbose >= 1) {
1547 if ((off & (PROGRESS_CHUNK_SIZE - 1)) == 0) {
1548 /* show progress. writing procedure is slow
1549 and previous errors are misleading */
1550 const uint32_t pgnum = (off / PROGRESS_CHUNK_SIZE)+1;
1551 const uint32_t pgcount = len / PROGRESS_CHUNK_SIZE +1;
1552 fprintf(stdout, "Writing %ukB chunk %u out of %u\n",
1553 PROGRESS_CHUNK_SIZE/1024, pgnum, pgcount);
1557 write_uint32((unsigned char*) &data, *(uint32_t*) (base + off));
1558 stlink_write_debug32(sl, addr + off, data);
1560 /* wait for sr.busy to be cleared */
1561 wait_flash_busy(sl);
1568 #if 0 /* todo: debug mode */
1569 fprintf(stdout, "Final CR:0x%x\n", read_flash_cr(sl));
1574 else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS) {
1575 /* use fast word write. todo: half page. */
1578 #if 0 /* todo: check write operation */
1580 uint32_t nwrites = sl->flash_pgsz;
1584 #endif /* todo: check write operation */
1586 /* disable pecr protection */
1587 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x89abcdef);
1588 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x02030405);
1590 /* check pecr.pelock is cleared */
1591 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1592 if (val & (1 << 0)) {
1593 fprintf(stderr, "pecr.pelock not clear\n");
1597 /* unlock program memory */
1598 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x8c9daebf);
1599 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x13141516);
1601 /* check pecr.prglock is cleared */
1602 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1603 if (val & (1 << 1)) {
1604 fprintf(stderr, "pecr.prglock not clear\n");
1608 if (len > L1_WRITE_BLOCK_SIZE) {
1609 if (stm32l1_write_half_pages(sl, addr, base, len/L1_WRITE_BLOCK_SIZE) == -1) {
1610 /* This may happen on a blank device! */
1611 WLOG("\nwrite_half_pages failed == -1\n");
1613 off = (len /L1_WRITE_BLOCK_SIZE)*L1_WRITE_BLOCK_SIZE;
1617 /* write remainingword in program memory */
1618 for ( ; off < len; off += sizeof(uint32_t)) {
1621 fprintf(stdout, "\r");
1623 if ((off % sl->flash_pgsz) > (sl->flash_pgsz -5)) {
1624 fprintf(stdout, "\r%3zd/%3zd pages written",
1625 off/sl->flash_pgsz, len/sl->flash_pgsz);
1629 write_uint32((unsigned char*) &data, *(uint32_t*) (base + off));
1630 stlink_write_debug32(sl, addr + off, data);
1632 /* wait for sr.busy to be cleared */
1633 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1636 #if 0 /* todo: check redo write operation */
1638 /* check written bytes. todo: should be on a per page basis. */
1639 data = stlink_read_debug32(sl, addr + off);
1640 if (data == *(uint32_t*)(base + off)) {
1641 /* re erase the page and redo the write operation */
1645 /* fail if successive write count too low */
1646 if (nwrites < sl->flash_pgsz) {
1647 fprintf(stderr, "writes operation failure count too high, aborting\n");
1653 /* assume addr aligned */
1654 if (off % sl->flash_pgsz) off &= ~(sl->flash_pgsz - 1);
1657 fprintf(stderr, "invalid write @0x%x(0x%x): 0x%x != 0x%x. retrying.\n",
1658 page, addr + off, read_uint32(base + off, 0), read_uint32(sl->q_buf, 0));
1660 /* reset lock bits */
1661 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
1662 | (1 << 0) | (1 << 1) | (1 << 2);
1663 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1665 stlink_erase_flash_page(sl, page);
1670 /* increment successive writes counter */
1673 #endif /* todo: check redo write operation */
1675 fprintf(stdout, "\n");
1676 /* reset lock bits */
1677 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
1678 | (1 << 0) | (1 << 1) | (1 << 2);
1679 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1680 } else if (sl->core_id == STM32VL_CORE_ID || sl->core_id == STM32F0_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1681 ILOG("Starting Flash write for VL/F0 core id\n");
1682 /* flash loader initialization */
1683 if (init_flash_loader(sl, &fl) == -1) {
1684 ELOG("init_flash_loader() == -1\n");
1688 int write_block_count = 0;
1689 for (off = 0; off < len; off += sl->flash_pgsz) {
1690 /* adjust last write size */
1691 size_t size = sl->flash_pgsz;
1692 if ((off + sl->flash_pgsz) > len) size = len - off;
1694 /* unlock and set programming mode */
1695 unlock_flash_if(sl);
1696 set_flash_cr_pg(sl);
1697 //DLOG("Finished setting flash cr pg, running loader!\n");
1698 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1699 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1703 if (sl->verbose >= 1) {
1704 /* show progress. writing procedure is slow
1705 and previous errors are misleading */
1706 fprintf(stdout, "\r%3u/%lu pages written", write_block_count++, (unsigned long)len/sl->flash_pgsz);
1710 fprintf(stdout, "\n");
1712 ELOG("unknown coreid, not sure how to write: %x\n", sl->core_id);
1716 return stlink_verify_write_flash(sl, addr, base, len);
1720 * Write the given binary file into flash at address "addr"
1722 * @param path readable file path, should be binary image
1723 * @param addr where to start writing
1724 * @return 0 on success, -ve on failure.
1726 int stlink_fwrite_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1727 /* write the file in flash at addr */
1729 unsigned int num_empty = 0, index;
1730 unsigned char erased_pattern =(sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS)?0:0xff;
1731 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1732 if (map_file(&mf, path) == -1) {
1733 ELOG("map_file() == -1\n");
1736 for(index = 0; index < mf.len; index ++) {
1737 if (mf.base[index] == erased_pattern)
1742 if(num_empty != 0) {
1743 ILOG("Ignoring %d bytes of Zeros at end of file\n",num_empty);
1744 mf.len -= num_empty;
1746 err = stlink_write_flash(sl, addr, mf.base, mf.len);
1748 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
1749 /* Set PC to the reset routine*/
1750 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
1756 int run_flash_loader(stlink_t *sl, flash_loader_t* fl, stm32_addr_t target, const uint8_t* buf, size_t size) {
1760 DLOG("Running flash loader, write address:%#x, size: %zd\n", target, size);
1761 // FIXME This can never return -1
1762 if (write_buffer_to_sram(sl, fl, buf, size) == -1) {
1764 ELOG("write_buffer_to_sram() == -1\n");
1768 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS) {
1770 size_t count = size / sizeof(uint32_t);
1771 if (size % sizeof(uint32_t)) ++count;
1774 stlink_write_reg(sl, target, 0); /* target */
1775 stlink_write_reg(sl, fl->buf_addr, 1); /* source */
1776 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1777 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1779 } else if (sl->core_id == STM32VL_CORE_ID || sl->core_id == STM32F0_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1781 size_t count = size / sizeof(uint16_t);
1782 if (size % sizeof(uint16_t)) ++count;
1785 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1786 stlink_write_reg(sl, target, 1); /* target */
1787 stlink_write_reg(sl, count, 2); /* count (16 bits half words) */
1788 stlink_write_reg(sl, 0, 3); /* flash bank 0 (input) */
1789 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1791 } else if (sl->chip_id == STM32_CHIPID_F2 ||
1792 sl->chip_id == STM32_CHIPID_F4 || sl->chip_id == STM32_CHIPID_F4_LP) {
1794 size_t count = size / sizeof(uint32_t);
1795 if (size % sizeof(uint32_t)) ++count;
1798 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1799 stlink_write_reg(sl, target, 1); /* target */
1800 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1801 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1804 fprintf(stderr, "unknown coreid 0x%x, don't know what flash loader to use\n", sl->core_id);
1811 #define WAIT_ROUNDS 1000
1812 /* wait until done (reaches breakpoint) */
1813 for (i = 0; i < WAIT_ROUNDS; i++) {
1815 if (is_core_halted(sl))
1819 if (i >= WAIT_ROUNDS) {
1820 ELOG("flash loader run error\n");
1824 /* check written byte count */
1825 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS) {
1827 size_t count = size / sizeof(uint32_t);
1828 if (size % sizeof(uint32_t)) ++count;
1830 stlink_read_reg(sl, 3, &rr);
1831 if (rr.r[3] != count) {
1832 fprintf(stderr, "write error, count == %u\n", rr.r[3]);
1836 } else if (sl->core_id == STM32VL_CORE_ID || sl->core_id == STM32F0_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1838 stlink_read_reg(sl, 2, &rr);
1840 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1844 } else if (sl->chip_id == STM32_CHIPID_F2 ||
1845 sl->chip_id == STM32_CHIPID_F4 || sl->chip_id == STM32_CHIPID_F4_LP) {
1847 stlink_read_reg(sl, 2, &rr);
1849 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1855 fprintf(stderr, "unknown coreid 0x%x, can't check written byte count\n", sl->core_id);
projects / fw / stlink / blob