10 #include <sys/types.h>
14 #include "stlink-common.h"
15 #include "uglylogging.h"
22 #define LOG_TAG __FILE__
23 #define DLOG(format, args...) ugly_log(UDEBUG, LOG_TAG, format, ## args)
24 #define ILOG(format, args...) ugly_log(UINFO, LOG_TAG, format, ## args)
25 #define WLOG(format, args...) ugly_log(UWARN, LOG_TAG, format, ## args)
26 #define ELOG(format, args...) ugly_log(UERROR, LOG_TAG, format, ## args)
27 #define fatal(format, args...) ugly_log(UFATAL, LOG_TAG, format, ## args)
29 /* todo: stm32l15xxx flash memory, pm0062 manual */
31 /* stm32f FPEC flash controller interface, pm0063 manual */
32 // TODO - all of this needs to be abstracted out....
33 // STM32F05x is identical, based on RM0091 (DM00031936, Doc ID 018940 Rev 2, August 2012)
34 #define FLASH_REGS_ADDR 0x40022000
35 #define FLASH_REGS_SIZE 0x28
37 #define FLASH_ACR (FLASH_REGS_ADDR + 0x00)
38 #define FLASH_KEYR (FLASH_REGS_ADDR + 0x04)
39 #define FLASH_SR (FLASH_REGS_ADDR + 0x0c)
40 #define FLASH_CR (FLASH_REGS_ADDR + 0x10)
41 #define FLASH_AR (FLASH_REGS_ADDR + 0x14)
42 #define FLASH_OBR (FLASH_REGS_ADDR + 0x1c)
43 #define FLASH_WRPR (FLASH_REGS_ADDR + 0x20)
45 // For STM32F05x, the RDPTR_KEY may be wrong, but as it is not used anywhere...
46 #define FLASH_RDPTR_KEY 0x00a5
47 #define FLASH_KEY1 0x45670123
48 #define FLASH_KEY2 0xcdef89ab
50 #define FLASH_SR_BSY 0
51 #define FLASH_SR_EOP 5
54 #define FLASH_CR_PER 1
55 #define FLASH_CR_MER 2
56 #define FLASH_CR_STRT 6
57 #define FLASH_CR_LOCK 7
60 //32L = 32F1 same CoreID as 32F4!
61 #define STM32L_FLASH_REGS_ADDR ((uint32_t)0x40023c00)
62 #define STM32L_FLASH_ACR (STM32L_FLASH_REGS_ADDR + 0x00)
63 #define STM32L_FLASH_PECR (STM32L_FLASH_REGS_ADDR + 0x04)
64 #define STM32L_FLASH_PDKEYR (STM32L_FLASH_REGS_ADDR + 0x08)
65 #define STM32L_FLASH_PEKEYR (STM32L_FLASH_REGS_ADDR + 0x0c)
66 #define STM32L_FLASH_PRGKEYR (STM32L_FLASH_REGS_ADDR + 0x10)
67 #define STM32L_FLASH_OPTKEYR (STM32L_FLASH_REGS_ADDR + 0x14)
68 #define STM32L_FLASH_SR (STM32L_FLASH_REGS_ADDR + 0x18)
69 #define STM32L_FLASH_OBR (STM32L_FLASH_REGS_ADDR + 0x1c)
70 #define STM32L_FLASH_WRPR (STM32L_FLASH_REGS_ADDR + 0x20)
71 #define FLASH_L1_FPRG 10
72 #define FLASH_L1_PROG 3
76 #define FLASH_F4_REGS_ADDR ((uint32_t)0x40023c00)
77 #define FLASH_F4_KEYR (FLASH_F4_REGS_ADDR + 0x04)
78 #define FLASH_F4_OPT_KEYR (FLASH_F4_REGS_ADDR + 0x08)
79 #define FLASH_F4_SR (FLASH_F4_REGS_ADDR + 0x0c)
80 #define FLASH_F4_CR (FLASH_F4_REGS_ADDR + 0x10)
81 #define FLASH_F4_OPT_CR (FLASH_F4_REGS_ADDR + 0x14)
82 #define FLASH_F4_CR_STRT 16
83 #define FLASH_F4_CR_LOCK 31
84 #define FLASH_F4_CR_SER 1
85 #define FLASH_F4_CR_SNB 3
86 #define FLASH_F4_CR_SNB_MASK 0x38
87 #define FLASH_F4_SR_BSY 16
90 void write_uint32(unsigned char* buf, uint32_t ui) {
91 if (!is_bigendian()) { // le -> le (don't swap)
92 buf[0] = ((unsigned char*) &ui)[0];
93 buf[1] = ((unsigned char*) &ui)[1];
94 buf[2] = ((unsigned char*) &ui)[2];
95 buf[3] = ((unsigned char*) &ui)[3];
97 buf[0] = ((unsigned char*) &ui)[3];
98 buf[1] = ((unsigned char*) &ui)[2];
99 buf[2] = ((unsigned char*) &ui)[1];
100 buf[3] = ((unsigned char*) &ui)[0];
104 void write_uint16(unsigned char* buf, uint16_t ui) {
105 if (!is_bigendian()) { // le -> le (don't swap)
106 buf[0] = ((unsigned char*) &ui)[0];
107 buf[1] = ((unsigned char*) &ui)[1];
109 buf[0] = ((unsigned char*) &ui)[1];
110 buf[1] = ((unsigned char*) &ui)[0];
114 uint32_t read_uint32(const unsigned char *c, const int pt) {
116 char *p = (char *) &ui;
118 if (!is_bigendian()) { // le -> le (don't swap)
132 static uint32_t __attribute__((unused)) read_flash_rdp(stlink_t *sl) {
133 return stlink_read_debug32(sl, FLASH_WRPR) & 0xff;
136 static inline uint32_t read_flash_wrpr(stlink_t *sl) {
137 return stlink_read_debug32(sl, FLASH_WRPR);
140 static inline uint32_t read_flash_obr(stlink_t *sl) {
141 return stlink_read_debug32(sl, FLASH_OBR);
144 static inline uint32_t read_flash_cr(stlink_t *sl) {
146 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4))
147 res = stlink_read_debug32(sl, FLASH_F4_CR);
149 res = stlink_read_debug32(sl, FLASH_CR);
151 fprintf(stdout, "CR:0x%x\n", res);
156 static inline unsigned int is_flash_locked(stlink_t *sl) {
157 /* return non zero for true */
158 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4))
159 return read_flash_cr(sl) & (1 << FLASH_F4_CR_LOCK);
161 return read_flash_cr(sl) & (1 << FLASH_CR_LOCK);
164 static void unlock_flash(stlink_t *sl) {
165 /* the unlock sequence consists of 2 write cycles where
166 2 key values are written to the FLASH_KEYR register.
167 an invalid sequence results in a definitive lock of
168 the FPEC block until next reset.
170 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4)) {
171 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY1);
172 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY2);
174 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY1);
175 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY2);
180 static int unlock_flash_if(stlink_t *sl) {
181 /* unlock flash if already locked */
183 if (is_flash_locked(sl)) {
185 if (is_flash_locked(sl)) {
186 WLOG("Failed to unlock flash!\n");
190 DLOG("Successfully unlocked flash\n");
194 static void lock_flash(stlink_t *sl) {
195 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4)) {
196 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_F4_CR_LOCK);
197 stlink_write_debug32(sl, FLASH_F4_CR, n);
199 /* write to 1 only. reset by hw at unlock sequence */
200 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_CR_LOCK);
201 stlink_write_debug32(sl, FLASH_CR, n);
206 static void set_flash_cr_pg(stlink_t *sl) {
207 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4)) {
208 uint32_t x = read_flash_cr(sl);
209 x |= (1 << FLASH_CR_PG);
210 stlink_write_debug32(sl, FLASH_F4_CR, x);
212 const uint32_t n = 1 << FLASH_CR_PG;
213 stlink_write_debug32(sl, FLASH_CR, n);
217 static void __attribute__((unused)) clear_flash_cr_pg(stlink_t *sl) {
218 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PG);
219 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4))
220 stlink_write_debug32(sl, FLASH_F4_CR, n);
222 stlink_write_debug32(sl, FLASH_CR, n);
225 static void set_flash_cr_per(stlink_t *sl) {
226 const uint32_t n = 1 << FLASH_CR_PER;
227 stlink_write_debug32(sl, FLASH_CR, n);
230 static void __attribute__((unused)) clear_flash_cr_per(stlink_t *sl) {
231 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PER);
232 stlink_write_debug32(sl, FLASH_CR, n);
235 static void set_flash_cr_mer(stlink_t *sl) {
236 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4))
237 stlink_write_debug32(sl, FLASH_F4_CR,
238 stlink_read_debug32(sl, FLASH_F4_CR) | (1 << FLASH_CR_MER));
240 stlink_write_debug32(sl, FLASH_CR,
241 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_MER));
244 static void __attribute__((unused)) clear_flash_cr_mer(stlink_t *sl) {
245 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4))
246 stlink_write_debug32(sl, FLASH_F4_CR,
247 stlink_read_debug32(sl, FLASH_F4_CR) & ~(1 << FLASH_CR_MER));
249 stlink_write_debug32(sl, FLASH_CR,
250 stlink_read_debug32(sl, FLASH_CR) & ~(1 << FLASH_CR_MER));
253 static void set_flash_cr_strt(stlink_t *sl) {
254 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4)) {
255 uint32_t x = read_flash_cr(sl);
256 x |= (1 << FLASH_F4_CR_STRT);
257 stlink_write_debug32(sl, FLASH_F4_CR, x);
259 stlink_write_debug32(sl, FLASH_CR,
260 stlink_read_debug32(sl, FLASH_CR) | (1 << FLASH_CR_STRT) );
264 static inline uint32_t read_flash_acr(stlink_t *sl) {
265 return stlink_read_debug32(sl, FLASH_ACR);
268 static inline uint32_t read_flash_sr(stlink_t *sl) {
270 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4))
271 res = stlink_read_debug32(sl, FLASH_F4_SR);
273 res = stlink_read_debug32(sl, FLASH_SR);
274 //fprintf(stdout, "SR:0x%x\n", *(uint32_t*) sl->q_buf);
278 static inline unsigned int is_flash_busy(stlink_t *sl) {
279 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4))
280 return read_flash_sr(sl) & (1 << FLASH_F4_SR_BSY);
282 return read_flash_sr(sl) & (1 << FLASH_SR_BSY);
285 static void wait_flash_busy(stlink_t *sl) {
286 /* todo: add some delays here */
287 while (is_flash_busy(sl))
291 static void wait_flash_busy_progress(stlink_t *sl) {
293 fprintf(stdout, "Mass erasing");
295 while (is_flash_busy(sl)) {
299 fprintf(stdout, ".");
303 fprintf(stdout, "\n");
306 static inline unsigned int is_flash_eop(stlink_t *sl) {
307 return read_flash_sr(sl) & (1 << FLASH_SR_EOP);
310 static void __attribute__((unused)) clear_flash_sr_eop(stlink_t *sl) {
311 const uint32_t n = read_flash_sr(sl) & ~(1 << FLASH_SR_EOP);
312 stlink_write_debug32(sl, FLASH_SR, n);
315 static void __attribute__((unused)) wait_flash_eop(stlink_t *sl) {
316 /* todo: add some delays here */
317 while (is_flash_eop(sl) == 0)
321 static inline void write_flash_ar(stlink_t *sl, uint32_t n) {
322 stlink_write_debug32(sl, FLASH_AR, n);
325 static inline void write_flash_cr_psiz(stlink_t *sl, uint32_t n) {
326 uint32_t x = read_flash_cr(sl);
330 fprintf(stdout, "PSIZ:0x%x 0x%x\n", x, n);
332 stlink_write_debug32(sl, FLASH_F4_CR, x);
336 static inline void write_flash_cr_snb(stlink_t *sl, uint32_t n) {
337 uint32_t x = read_flash_cr(sl);
338 x &= ~FLASH_F4_CR_SNB_MASK;
339 x |= (n << FLASH_F4_CR_SNB);
340 x |= (1 << FLASH_F4_CR_SER);
342 fprintf(stdout, "SNB:0x%x 0x%x\n", x, n);
344 stlink_write_debug32(sl, FLASH_F4_CR, x);
349 static void disable_flash_read_protection(stlink_t *sl) {
350 /* erase the option byte area */
357 // Delegates to the backends...
359 void stlink_close(stlink_t *sl) {
360 DLOG("*** stlink_close ***\n");
361 sl->backend->close(sl);
365 void stlink_exit_debug_mode(stlink_t *sl) {
366 DLOG("*** stlink_exit_debug_mode ***\n");
367 stlink_write_debug32(sl, DHCSR, DBGKEY);
368 sl->backend->exit_debug_mode(sl);
371 void stlink_enter_swd_mode(stlink_t *sl) {
372 DLOG("*** stlink_enter_swd_mode ***\n");
373 sl->backend->enter_swd_mode(sl);
376 // Force the core into the debug mode -> halted state.
377 void stlink_force_debug(stlink_t *sl) {
378 DLOG("*** stlink_force_debug_mode ***\n");
379 sl->backend->force_debug(sl);
382 void stlink_exit_dfu_mode(stlink_t *sl) {
383 DLOG("*** stlink_exit_dfu_mode ***\n");
384 sl->backend->exit_dfu_mode(sl);
387 uint32_t stlink_core_id(stlink_t *sl) {
388 DLOG("*** stlink_core_id ***\n");
389 sl->backend->core_id(sl);
391 stlink_print_data(sl);
392 DLOG("core_id = 0x%08x\n", sl->core_id);
396 uint32_t stlink_chip_id(stlink_t *sl) {
397 uint32_t chip_id = stlink_read_debug32(sl, 0xE0042000);
398 if (chip_id == 0) chip_id = stlink_read_debug32(sl, 0x40015800); //Try Corex M0 DBGMCU_IDCODE register address
403 * Cortex m3 tech ref manual, CPUID register description
404 * @param sl stlink context
405 * @param cpuid pointer to the result object
407 void stlink_cpu_id(stlink_t *sl, cortex_m3_cpuid_t *cpuid) {
408 uint32_t raw = stlink_read_debug32(sl, CM3_REG_CPUID);
409 cpuid->implementer_id = (raw >> 24) & 0x7f;
410 cpuid->variant = (raw >> 20) & 0xf;
411 cpuid->part = (raw >> 4) & 0xfff;
412 cpuid->revision = raw & 0xf;
417 * reads and decodes the flash parameters, as dynamically as possible
419 * @return 0 for success, or -1 for unsupported core type.
421 int stlink_load_device_params(stlink_t *sl) {
422 ILOG("Loading device parameters....\n");
423 const chip_params_t *params = NULL;
424 sl->core_id = stlink_core_id(sl);
425 uint32_t chip_id = stlink_chip_id(sl);
427 sl->chip_id = chip_id & 0xfff;
428 /* Fix chip_id for F4 rev A errata , Read CPU ID, as CoreID is the same for F2/F4*/
429 if (sl->chip_id == 0x411) {
430 uint32_t cpuid = stlink_read_debug32(sl, 0xE000ED00);
431 if ((cpuid & 0xfff0) == 0xc240)
435 for (size_t i = 0; i < sizeof(devices) / sizeof(devices[0]); i++) {
436 if(devices[i].chip_id == sl->chip_id) {
437 params = &devices[i];
441 if (params == NULL) {
442 WLOG("unknown chip id! %#x\n", chip_id);
446 // These are fixed...
447 sl->flash_base = STM32_FLASH_BASE;
448 sl->sram_base = STM32_SRAM_BASE;
450 // read flash size from hardware, if possible...
451 if (sl->chip_id == STM32_CHIPID_F2) {
452 sl->flash_size = 0x100000; /* Use maximum, User must care!*/
453 } else if (sl->chip_id == STM32_CHIPID_F4) {
454 sl->flash_size = 0x100000; //todo: RM0090 error; size register same address as unique ID
455 } else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM) {
456 // if the flash size is zero, we assume it is 128k, if not we calculate the real value
457 uint32_t flash_size = stlink_read_debug32(sl,params->flash_size_reg) & 0xffff;
458 if ( flash_size == 0 ) {
459 sl->flash_size = 128 * 1024;
461 sl->flash_size = flash_size * 1024;
463 } else if ((sl->chip_id & 0xFFF) == STM32_CHIPID_L1_MEDIUM_PLUS) {
464 uint32_t flash_size = stlink_read_debug32(sl, params->flash_size_reg) & 0x1;
465 // 0 is 384k and 1 is 256k
466 if ( flash_size == 0 ) {
467 sl->flash_size = 384 * 1024;
469 sl->flash_size = 256 * 1024;
472 uint32_t flash_size = stlink_read_debug32(sl, params->flash_size_reg) & 0xffff;
473 sl->flash_size = flash_size * 1024;
475 sl->flash_pgsz = params->flash_pagesize;
476 sl->sram_size = params->sram_size;
477 sl->sys_base = params->bootrom_base;
478 sl->sys_size = params->bootrom_size;
480 ILOG("Device connected is: %s, id %#x\n", params->description, chip_id);
481 // TODO make note of variable page size here.....
482 ILOG("SRAM size: %#x bytes (%d KiB), Flash: %#x bytes (%d KiB) in pages of %zd bytes\n",
483 sl->sram_size, sl->sram_size / 1024, sl->flash_size, sl->flash_size / 1024,
488 void stlink_reset(stlink_t *sl) {
489 DLOG("*** stlink_reset ***\n");
490 sl->backend->reset(sl);
493 void stlink_jtag_reset(stlink_t *sl, int value) {
494 DLOG("*** stlink_jtag_reset ***\n");
495 sl->backend->jtag_reset(sl, value);
498 void stlink_run(stlink_t *sl) {
499 DLOG("*** stlink_run ***\n");
500 sl->backend->run(sl);
503 void stlink_status(stlink_t *sl) {
504 DLOG("*** stlink_status ***\n");
505 sl->backend->status(sl);
506 stlink_core_stat(sl);
510 * Decode the version bits, originally from -sg, verified with usb
511 * @param sl stlink context, assumed to contain valid data in the buffer
512 * @param slv output parsed version object
514 void _parse_version(stlink_t *sl, stlink_version_t *slv) {
515 uint32_t b0 = sl->q_buf[0]; //lsb
516 uint32_t b1 = sl->q_buf[1];
517 uint32_t b2 = sl->q_buf[2];
518 uint32_t b3 = sl->q_buf[3];
519 uint32_t b4 = sl->q_buf[4];
520 uint32_t b5 = sl->q_buf[5]; //msb
522 // b0 b1 || b2 b3 | b4 b5
523 // 4b | 6b | 6b || 2B | 2B
524 // stlink_v | jtag_v | swim_v || st_vid | stlink_pid
526 slv->stlink_v = (b0 & 0xf0) >> 4;
527 slv->jtag_v = ((b0 & 0x0f) << 2) | ((b1 & 0xc0) >> 6);
528 slv->swim_v = b1 & 0x3f;
529 slv->st_vid = (b3 << 8) | b2;
530 slv->stlink_pid = (b5 << 8) | b4;
534 void stlink_version(stlink_t *sl) {
535 DLOG("*** looking up stlink version\n");
536 sl->backend->version(sl);
537 _parse_version(sl, &sl->version);
539 DLOG("st vid = 0x%04x (expect 0x%04x)\n", sl->version.st_vid, USB_ST_VID);
540 DLOG("stlink pid = 0x%04x\n", sl->version.stlink_pid);
541 DLOG("stlink version = 0x%x\n", sl->version.stlink_v);
542 DLOG("jtag version = 0x%x\n", sl->version.jtag_v);
543 DLOG("swim version = 0x%x\n", sl->version.swim_v);
544 if (sl->version.jtag_v == 0) {
545 DLOG(" notice: the firmware doesn't support a jtag/swd interface\n");
547 if (sl->version.swim_v == 0) {
548 DLOG(" notice: the firmware doesn't support a swim interface\n");
552 uint32_t stlink_read_debug32(stlink_t *sl, uint32_t addr) {
553 uint32_t data = sl->backend->read_debug32(sl, addr);
554 DLOG("*** stlink_read_debug32 %x is %#x\n", data, addr);
558 void stlink_write_debug32(stlink_t *sl, uint32_t addr, uint32_t data) {
559 DLOG("*** stlink_write_debug32 %x to %#x\n", data, addr);
560 sl->backend->write_debug32(sl, addr, data);
563 void stlink_write_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
564 DLOG("*** stlink_write_mem32 %u bytes to %#x\n", len, addr);
566 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n", len % 4);
569 sl->backend->write_mem32(sl, addr, len);
572 void stlink_read_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
573 DLOG("*** stlink_read_mem32 ***\n");
574 if (len % 4 != 0) { // !!! never ever: fw gives just wrong values
575 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n",
579 sl->backend->read_mem32(sl, addr, len);
582 void stlink_write_mem8(stlink_t *sl, uint32_t addr, uint16_t len) {
583 DLOG("*** stlink_write_mem8 ***\n");
584 if (len > 0x40 ) { // !!! never ever: Writing more then 0x40 bytes gives unexpected behaviour
585 fprintf(stderr, "Error: Data length > 64: +%d byte.\n",
589 sl->backend->write_mem8(sl, addr, len);
592 void stlink_read_all_regs(stlink_t *sl, reg *regp) {
593 DLOG("*** stlink_read_all_regs ***\n");
594 sl->backend->read_all_regs(sl, regp);
597 void stlink_read_all_unsupported_regs(stlink_t *sl, reg *regp) {
598 DLOG("*** stlink_read_all_unsupported_regs ***\n");
599 sl->backend->read_all_unsupported_regs(sl, regp);
602 void stlink_write_reg(stlink_t *sl, uint32_t reg, int idx) {
603 DLOG("*** stlink_write_reg\n");
604 sl->backend->write_reg(sl, reg, idx);
607 void stlink_read_reg(stlink_t *sl, int r_idx, reg *regp) {
608 DLOG("*** stlink_read_reg\n");
609 DLOG(" (%d) ***\n", r_idx);
611 if (r_idx > 20 || r_idx < 0) {
612 fprintf(stderr, "Error: register index must be in [0..20]\n");
616 sl->backend->read_reg(sl, r_idx, regp);
619 void stlink_read_unsupported_reg(stlink_t *sl, int r_idx, reg *regp) {
622 DLOG("*** stlink_read_unsupported_reg\n");
623 DLOG(" (%d) ***\n", r_idx);
625 /* Convert to values used by DCRSR */
626 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
628 } else if (r_idx == 0x40) { /* FPSCR */
630 } else if (r_idx >= 0x20 && r_idx < 0x40) {
631 r_convert = 0x40 + (r_idx - 0x20);
633 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
637 sl->backend->read_unsupported_reg(sl, r_convert, regp);
640 void stlink_write_unsupported_reg(stlink_t *sl, uint32_t val, int r_idx, reg *regp) {
643 DLOG("*** stlink_write_unsupported_reg\n");
644 DLOG(" (%d) ***\n", r_idx);
646 /* Convert to values used by DCRSR */
647 if (r_idx >= 0x1C && r_idx <= 0x1F) { /* primask, basepri, faultmask, or control */
648 r_convert = r_idx; /* The backend function handles this */
649 } else if (r_idx == 0x40) { /* FPSCR */
651 } else if (r_idx >= 0x20 && r_idx < 0x40) {
652 r_convert = 0x40 + (r_idx - 0x20);
654 fprintf(stderr, "Error: register address must be in [0x1C..0x40]\n");
658 sl->backend->write_unsupported_reg(sl, val, r_convert, regp);
661 unsigned int is_core_halted(stlink_t *sl) {
662 /* return non zero if core is halted */
664 return sl->q_buf[0] == STLINK_CORE_HALTED;
667 void stlink_step(stlink_t *sl) {
668 DLOG("*** stlink_step ***\n");
669 sl->backend->step(sl);
672 int stlink_current_mode(stlink_t *sl) {
673 int mode = sl->backend->current_mode(sl);
675 case STLINK_DEV_DFU_MODE:
676 DLOG("stlink current mode: dfu\n");
678 case STLINK_DEV_DEBUG_MODE:
679 DLOG("stlink current mode: debug (jtag or swd)\n");
681 case STLINK_DEV_MASS_MODE:
682 DLOG("stlink current mode: mass\n");
685 DLOG("stlink mode: unknown!\n");
686 return STLINK_DEV_UNKNOWN_MODE;
692 // End of delegates.... Common code below here...
695 // http://www.ibm.com/developerworks/aix/library/au-endianc/index.html
697 // #define is_bigendian() ( (*(char*)&i) == 0 )
699 inline unsigned int is_bigendian(void) {
700 static volatile const unsigned int i = 1;
701 return *(volatile const char*) &i == 0;
704 uint16_t read_uint16(const unsigned char *c, const int pt) {
706 char *p = (char *) &ui;
708 if (!is_bigendian()) { // le -> le (don't swap)
718 // same as above with entrypoint.
720 void stlink_run_at(stlink_t *sl, stm32_addr_t addr) {
721 stlink_write_reg(sl, addr, 15); /* pc register */
725 while (is_core_halted(sl) == 0)
729 void stlink_core_stat(stlink_t *sl) {
733 switch (sl->q_buf[0]) {
734 case STLINK_CORE_RUNNING:
735 sl->core_stat = STLINK_CORE_RUNNING;
736 DLOG(" core status: running\n");
738 case STLINK_CORE_HALTED:
739 sl->core_stat = STLINK_CORE_HALTED;
740 DLOG(" core status: halted\n");
743 sl->core_stat = STLINK_CORE_STAT_UNKNOWN;
744 fprintf(stderr, " core status: unknown\n");
748 void stlink_print_data(stlink_t * sl) {
749 if (sl->q_len <= 0 || sl->verbose < UDEBUG)
752 fprintf(stdout, "data_len = %d 0x%x\n", sl->q_len, sl->q_len);
754 for (int i = 0; i < sl->q_len; i++) {
757 if (sl->q_data_dir == Q_DATA_OUT)
758 fprintf(stdout, "\n<- 0x%08x ", sl->q_addr + i);
760 fprintf(stdout, "\n-> 0x%08x ", sl->q_addr + i);
763 fprintf(stdout, " %02x", (unsigned int) sl->q_buf[i]);
765 fputs("\n\n", stdout);
768 /* memory mapped file */
770 typedef struct mapped_file {
775 #define MAPPED_FILE_INITIALIZER { NULL, 0 }
777 static int map_file(mapped_file_t* mf, const char* path) {
781 const int fd = open(path, O_RDONLY | O_BINARY);
783 fprintf(stderr, "open(%s) == -1\n", path);
787 if (fstat(fd, &st) == -1) {
788 fprintf(stderr, "fstat() == -1\n");
792 mf->base = (uint8_t*) mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
793 if (mf->base == MAP_FAILED) {
794 fprintf(stderr, "mmap() == MAP_FAILED\n");
798 mf->len = st.st_size;
809 static void unmap_file(mapped_file_t * mf) {
810 munmap((void*) mf->base, mf->len);
811 mf->base = (unsigned char*) MAP_FAILED;
815 /* Limit the block size to compare to 0x1800
816 Anything larger will stall the STLINK2
817 Maybe STLINK V1 needs smaller value!*/
818 static int check_file(stlink_t* sl, mapped_file_t* mf, stm32_addr_t addr) {
820 size_t n_cmp = sl->flash_pgsz;
824 for (off = 0; off < mf->len; off += n_cmp) {
827 /* adjust last page size */
828 size_t cmp_size = n_cmp;
829 if ((off + n_cmp) > mf->len)
830 cmp_size = mf->len - off;
832 aligned_size = cmp_size;
833 if (aligned_size & (4 - 1))
834 aligned_size = (cmp_size + 4) & ~(4 - 1);
836 stlink_read_mem32(sl, addr + off, aligned_size);
838 if (memcmp(sl->q_buf, mf->base + off, cmp_size))
845 int stlink_fwrite_sram
846 (stlink_t * sl, const char* path, stm32_addr_t addr) {
847 /* write the file in sram at addr */
851 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
854 if (map_file(&mf, path) == -1) {
855 fprintf(stderr, "map_file() == -1\n");
859 /* check addr range is inside the sram */
860 if (addr < sl->sram_base) {
861 fprintf(stderr, "addr too low\n");
863 } else if ((addr + mf.len) < addr) {
864 fprintf(stderr, "addr overruns\n");
866 } else if ((addr + mf.len) > (sl->sram_base + sl->sram_size)) {
867 fprintf(stderr, "addr too high\n");
869 } else if ((addr & 3) || (mf.len & 3)) {
871 fprintf(stderr, "unaligned addr or size\n");
874 /* do the copy by 1k blocks */
875 for (off = 0; off < mf.len; off += 1024) {
877 if ((off + size) > mf.len)
880 memcpy(sl->q_buf, mf.base + off, size);
882 /* round size if needed */
886 stlink_write_mem32(sl, addr + off, size);
889 /* check the file ha been written */
890 if (check_file(sl, &mf, addr) == -1) {
891 fprintf(stderr, "check_file() == -1\n");
898 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
899 /* Set PC to the reset routine*/
900 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
908 int stlink_fread(stlink_t* sl, const char* path, stm32_addr_t addr, size_t size) {
909 /* read size bytes from addr to file */
914 unsigned char erased_pattern = (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS)?0:0xff;
916 const int fd = open(path, O_RDWR | O_TRUNC | O_CREAT, 00700);
918 fprintf(stderr, "open(%s) == -1\n", path);
923 size = sl->flash_size;
925 if (size > sl->flash_size)
926 size = sl->flash_size;
928 /* do the copy by 1k blocks */
929 for (off = 0; off < size; off += 1024) {
930 size_t read_size = 1024;
933 if ((off + read_size) > size)
934 read_size = size - off;
936 /* round size if needed */
937 rounded_size = read_size;
938 if (rounded_size & 3)
939 rounded_size = (rounded_size + 4) & ~(3);
941 stlink_read_mem32(sl, addr + off, rounded_size);
943 for(index = 0; index < read_size; index ++) {
944 if (sl->q_buf[index] == erased_pattern)
949 if (write(fd, sl->q_buf, read_size) != (ssize_t) read_size) {
950 fprintf(stderr, "write() != read_size\n");
955 /* Ignore NULL Bytes at end of file */
956 if (!ftruncate(fd, size - num_empty)) {
969 int write_buffer_to_sram(stlink_t *sl, flash_loader_t* fl, const uint8_t* buf, size_t size) {
970 /* write the buffer right after the loader */
971 size_t chunk = size & ~0x3;
972 size_t rem = size & 0x3;
974 memcpy(sl->q_buf, buf, chunk);
975 stlink_write_mem32(sl, fl->buf_addr, chunk);
978 memcpy(sl->q_buf, buf+chunk, rem);
979 stlink_write_mem8(sl, (fl->buf_addr)+chunk, rem);
984 uint32_t calculate_F4_sectornum(uint32_t flashaddr){
985 flashaddr &= ~STM32_FLASH_BASE; //Page now holding the actual flash address
986 if (flashaddr<0x4000) return (0);
987 else if(flashaddr<0x8000) return(1);
988 else if(flashaddr<0xc000) return(2);
989 else if(flashaddr<0x10000) return(3);
990 else if(flashaddr<0x20000) return(4);
991 else return(flashaddr/0x20000)+4;
995 uint32_t stlink_calculate_pagesize(stlink_t *sl, uint32_t flashaddr){
996 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4)) {
997 uint32_t sector=calculate_F4_sectornum(flashaddr);
998 if (sector<4) sl->flash_pgsz=0x4000;
999 else if(sector<5) sl->flash_pgsz=0x10000;
1000 else sl->flash_pgsz=0x20000;
1002 return (sl->flash_pgsz);
1006 * Erase a page of flash, assumes sl is fully populated with things like chip/core ids
1007 * @param sl stlink context
1008 * @param flashaddr an address in the flash page to erase
1009 * @return 0 on success -ve on failure
1011 int stlink_erase_flash_page(stlink_t *sl, stm32_addr_t flashaddr)
1013 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4)) {
1014 /* wait for ongoing op to finish */
1015 wait_flash_busy(sl);
1017 /* unlock if locked */
1018 unlock_flash_if(sl);
1020 /* select the page to erase */
1021 // calculate the actual page from the address
1022 uint32_t sector=calculate_F4_sectornum(flashaddr);
1024 fprintf(stderr, "EraseFlash - Sector:0x%x Size:0x%x\n", sector, stlink_calculate_pagesize(sl, flashaddr));
1025 write_flash_cr_snb(sl, sector);
1027 /* start erase operation */
1028 set_flash_cr_strt(sl);
1030 /* wait for completion */
1031 wait_flash_busy(sl);
1033 /* relock the flash */
1034 //todo: fails to program if this is in
1037 fprintf(stdout, "Erase Final CR:0x%x\n", read_flash_cr(sl));
1039 } else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS) {
1043 /* check if the locks are set */
1044 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1045 if((val & (1<<0))||(val & (1<<1))) {
1046 /* disable pecr protection */
1047 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x89abcdef);
1048 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x02030405);
1050 /* check pecr.pelock is cleared */
1051 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1052 if (val & (1 << 0)) {
1053 WLOG("pecr.pelock not clear (%#x)\n", val);
1057 /* unlock program memory */
1058 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x8c9daebf);
1059 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x13141516);
1061 /* check pecr.prglock is cleared */
1062 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1063 if (val & (1 << 1)) {
1064 WLOG("pecr.prglock not clear (%#x)\n", val);
1069 /* unused: unlock the option byte block */
1071 stlink_write_debug32(sl, STM32L_FLASH_OPTKEYR, 0xfbead9c8);
1072 stlink_write_debug32(sl, STM32L_FLASH_OPTKEYR, 0x24252627);
1074 /* check pecr.optlock is cleared */
1075 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1076 if (val & (1 << 2)) {
1077 fprintf(stderr, "pecr.prglock not clear\n");
1082 /* set pecr.{erase,prog} */
1083 val |= (1 << 9) | (1 << 3);
1084 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1086 #if 0 /* fix_to_be_confirmed */
1088 /* wait for sr.busy to be cleared
1089 MP: Test shows that busy bit is not set here. Perhaps, PM0062 is
1090 wrong and we do not need to wait here for clearing the busy bit.
1091 TEXANE: ok, if experience says so and it works for you, we comment
1092 it. If someone has a problem, please drop an email.
1094 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1097 #endif /* fix_to_be_confirmed */
1099 /* write 0 to the first word of the page to be erased */
1100 stlink_write_debug32(sl, flashaddr, 0);
1102 /* MP: It is better to wait for clearing the busy bit after issuing
1103 page erase command, even though PM0062 recommends to wait before it.
1104 Test shows that a few iterations is performed in the following loop
1105 before busy bit is cleared.*/
1106 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1109 /* reset lock bits */
1110 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
1111 | (1 << 0) | (1 << 1) | (1 << 2);
1112 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1113 } else if (sl->core_id == STM32VL_CORE_ID
1114 || sl->core_id == STM32F0_CORE_ID
1115 || sl->chip_id == STM32_CHIPID_F3
1116 || sl->chip_id == STM32_CHIPID_F37x) {
1117 /* wait for ongoing op to finish */
1118 wait_flash_busy(sl);
1120 /* unlock if locked */
1121 unlock_flash_if(sl);
1123 /* set the page erase bit */
1124 set_flash_cr_per(sl);
1126 /* select the page to erase */
1127 write_flash_ar(sl, flashaddr);
1129 /* start erase operation, reset by hw with bsy bit */
1130 set_flash_cr_strt(sl);
1132 /* wait for completion */
1133 wait_flash_busy(sl);
1135 /* relock the flash */
1138 WLOG("unknown coreid %x, page erase failed\n", sl->core_id);
1142 /* todo: verify the erased page */
1147 int stlink_erase_flash_mass(stlink_t *sl) {
1148 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS ) {
1149 /* erase each page */
1150 int i = 0, num_pages = sl->flash_size/sl->flash_pgsz;
1151 for (i = 0; i < num_pages; i++) {
1152 /* addr must be an addr inside the page */
1153 stm32_addr_t addr = sl->flash_base + i * sl->flash_pgsz;
1154 if (stlink_erase_flash_page(sl, addr) == -1) {
1155 WLOG("Failed to erase_flash_page(%#zx) == -1\n", addr);
1158 fprintf(stdout,"\rFlash page at %5d/%5d erased", i, num_pages);
1161 fprintf(stdout, "\n");
1163 /* wait for ongoing op to finish */
1164 wait_flash_busy(sl);
1166 /* unlock if locked */
1167 unlock_flash_if(sl);
1169 /* set the mass erase bit */
1170 set_flash_cr_mer(sl);
1172 /* start erase operation, reset by hw with bsy bit */
1173 set_flash_cr_strt(sl);
1175 /* wait for completion */
1176 wait_flash_busy_progress(sl);
1178 /* relock the flash */
1181 /* todo: verify the erased memory */
1186 int init_flash_loader(stlink_t *sl, flash_loader_t* fl) {
1189 /* allocate the loader in sram */
1190 if (write_loader_to_sram(sl, &fl->loader_addr, &size) == -1) {
1191 WLOG("Failed to write flash loader to sram!\n");
1195 /* allocate a one page buffer in sram right after loader */
1196 fl->buf_addr = fl->loader_addr + size;
1197 ILOG("Successfully loaded flash loader in sram\n");
1201 int write_loader_to_sram(stlink_t *sl, stm32_addr_t* addr, size_t* size) {
1202 /* from openocd, contrib/loaders/flash/stm32.s */
1203 static const uint8_t loader_code_stm32vl[] = {
1204 0x08, 0x4c, /* ldr r4, STM32_FLASH_BASE */
1205 0x1c, 0x44, /* add r4, r3 */
1206 /* write_half_word: */
1207 0x01, 0x23, /* movs r3, #0x01 */
1208 0x23, 0x61, /* str r3, [r4, #STM32_FLASH_CR_OFFSET] */
1209 0x30, 0xf8, 0x02, 0x3b, /* ldrh r3, [r0], #0x02 */
1210 0x21, 0xf8, 0x02, 0x3b, /* strh r3, [r1], #0x02 */
1212 0xe3, 0x68, /* ldr r3, [r4, #STM32_FLASH_SR_OFFSET] */
1213 0x13, 0xf0, 0x01, 0x0f, /* tst r3, #0x01 */
1214 0xfb, 0xd0, /* beq busy */
1215 0x13, 0xf0, 0x14, 0x0f, /* tst r3, #0x14 */
1216 0x01, 0xd1, /* bne exit */
1217 0x01, 0x3a, /* subs r2, r2, #0x01 */
1218 0xf0, 0xd1, /* bne write_half_word */
1220 0x00, 0xbe, /* bkpt #0x00 */
1221 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1224 /* flashloaders/stm32f0.s -- thumb1 only, same sequence as for STM32VL, bank ignored */
1225 static const uint8_t loader_code_stm32f0[] = {
1228 * These two NOPs here are a safety precaution, added by Pekka Nikander
1229 * while debugging the STM32F05x support. They may not be needed, but
1230 * there were strange problems with simpler programs, like a program
1231 * that had just a breakpoint or a program that first moved zero to register r2
1232 * and then had a breakpoint. So, it appears safest to have these two nops.
1234 * Feel free to remove them, if you dare, but then please do test the result
1235 * rigorously. Also, if you remove these, it may be a good idea first to
1236 * #if 0 them out, with a comment when these were taken out, and to remove
1237 * these only a few months later... But YMMV.
1239 0x00, 0x30, // nop /* add r0,#0 */
1240 0x00, 0x30, // nop /* add r0,#0 */
1242 0x0A, 0x4C, // ldr r4, STM32_FLASH_BASE
1243 0x01, 0x25, // mov r5, #1 /* FLASH_CR_PG, FLASH_SR_BUSY */
1244 0x04, 0x26, // mov r6, #4 /* PGERR */
1246 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1247 0x2B, 0x43, // orr r3, r5
1248 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR |= FLASH_CR_PG */
1249 0x03, 0x88, // ldrh r3, [r0] /* r3 = *sram */
1250 0x0B, 0x80, // strh r3, [r1] /* *flash = r3 */
1252 0xE3, 0x68, // ldr r3, [r4, #12] /* FLASH->SR */
1253 0x2B, 0x42, // tst r3, r5 /* FLASH_SR_BUSY */
1254 0xFC, 0xD0, // beq busy
1256 0x33, 0x42, // tst r3, r6 /* PGERR */
1257 0x04, 0xD1, // bne exit
1259 0x02, 0x30, // add r0, r0, #2 /* sram += 2 */
1260 0x02, 0x31, // add r1, r1, #2 /* flash += 2 */
1261 0x01, 0x3A, // sub r2, r2, #0x01 /* count-- */
1262 0x00, 0x2A, // cmp r2, #0
1263 0xF0, 0xD1, // bne write_half_word
1265 0x23, 0x69, // ldr r3, [r4, #16] /* FLASH->CR */
1266 0xAB, 0x43, // bic r3, r5
1267 0x23, 0x61, // str r3, [r4, #16] /* FLASH->CR &= ~FLASH_CR_PG */
1268 0x00, 0xBE, // bkpt #0x00
1269 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1272 static const uint8_t loader_code_stm32l[] = {
1274 /* openocd.git/contrib/loaders/flash/stm32lx.S
1275 r0, input, dest addr
1276 r1, input, source addr
1277 r2, input, word count
1278 r3, output, word count
1284 0x51, 0xf8, 0x04, 0xcb,
1285 0x40, 0xf8, 0x04, 0xcb,
1293 static const uint8_t loader_code_stm32f4[] = {
1294 // flashloaders/stm32f4.s
1303 0x14, 0xf0, 0x01, 0x0f,
1305 0x00, 0xf1, 0x04, 0x00,
1306 0x01, 0xf1, 0x04, 0x01,
1307 0xa2, 0xf1, 0x01, 0x02,
1312 0x00, 0x3c, 0x02, 0x40,
1315 const uint8_t* loader_code;
1318 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS ) { /* stm32l */
1319 loader_code = loader_code_stm32l;
1320 loader_size = sizeof(loader_code_stm32l);
1321 } else if (sl->core_id == STM32VL_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1322 loader_code = loader_code_stm32vl;
1323 loader_size = sizeof(loader_code_stm32vl);
1324 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4) {
1325 loader_code = loader_code_stm32f4;
1326 loader_size = sizeof(loader_code_stm32f4);
1327 } else if (sl->chip_id == STM32_CHIPID_F0 || sl->chip_id == STM32_CHIPID_F0_SMALL) {
1328 loader_code = loader_code_stm32f0;
1329 loader_size = sizeof(loader_code_stm32f0);
1331 ELOG("unknown coreid, not sure what flash loader to use, aborting!: %x\n", sl->core_id);
1335 memcpy(sl->q_buf, loader_code, loader_size);
1336 stlink_write_mem32(sl, sl->sram_base, loader_size);
1338 *addr = sl->sram_base;
1339 *size = loader_size;
1345 int stlink_fcheck_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1346 /* check the contents of path are at addr */
1349 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1351 if (map_file(&mf, path) == -1)
1354 res = check_file(sl, &mf, addr);
1362 * Verify addr..addr+len is binary identical to base...base+len
1363 * @param sl stlink context
1364 * @param address stm device address
1365 * @param data host side buffer to check against
1366 * @param length how much
1367 * @return 0 for success, -ve for failure
1369 int stlink_verify_write_flash(stlink_t *sl, stm32_addr_t address, uint8_t *data, unsigned length) {
1371 size_t cmp_size = (sl->flash_pgsz > 0x1800)? 0x1800:sl->flash_pgsz;
1372 ILOG("Starting verification of write complete\n");
1373 for (off = 0; off < length; off += cmp_size) {
1374 size_t aligned_size;
1376 /* adjust last page size */
1377 if ((off + cmp_size) > length)
1378 cmp_size = length - off;
1380 aligned_size = cmp_size;
1381 if (aligned_size & (4 - 1))
1382 aligned_size = (cmp_size + 4) & ~(4 - 1);
1384 stlink_read_mem32(sl, address + off, aligned_size);
1386 if (memcmp(sl->q_buf, data + off, cmp_size)) {
1387 ELOG("Verification of flash failed at offset: %zd\n", off);
1391 ILOG("Flash written and verified! jolly good!\n");
1396 int stm32l1_write_half_pages(stlink_t *sl, stm32_addr_t addr, uint8_t* base, unsigned num_half_pages)
1402 ILOG("Starting Half page flash write for STM32L core id\n");
1403 /* flash loader initialization */
1404 if (init_flash_loader(sl, &fl) == -1) {
1405 WLOG("init_flash_loader() == -1\n");
1408 /* Unlock already done */
1409 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1410 val |= (1 << FLASH_L1_FPRG);
1411 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1413 val |= (1 << FLASH_L1_PROG);
1414 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1415 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0) {}
1417 #define L1_WRITE_BLOCK_SIZE 0x80
1418 for (count = 0; count < num_half_pages; count ++) {
1419 if (run_flash_loader(sl, &fl, addr + count * L1_WRITE_BLOCK_SIZE, base + count * L1_WRITE_BLOCK_SIZE, L1_WRITE_BLOCK_SIZE) == -1) {
1420 WLOG("l1_run_flash_loader(%#zx) failed! == -1\n", addr + count * L1_WRITE_BLOCK_SIZE);
1421 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1422 val &= ~((1 << FLASH_L1_FPRG) |(1 << FLASH_L1_PROG));
1423 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1426 /* wait for sr.busy to be cleared */
1427 if (sl->verbose >= 1) {
1428 /* show progress. writing procedure is slow
1429 and previous errors are misleading */
1430 fprintf(stdout, "\r%3u/%u halfpages written", count + 1, num_half_pages);
1433 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0) {
1436 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1437 val &= ~(1 << FLASH_L1_PROG);
1438 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1439 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1440 val &= ~(1 << FLASH_L1_FPRG);
1441 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1446 int stlink_write_flash(stlink_t *sl, stm32_addr_t addr, uint8_t* base, uint32_t len) {
1449 ILOG("Attempting to write %d (%#x) bytes to stm32 address: %u (%#x)\n",
1450 len, len, addr, addr);
1451 /* check addr range is inside the flash */
1452 stlink_calculate_pagesize(sl, addr);
1453 if (addr < sl->flash_base) {
1454 ELOG("addr too low %#x < %#x\n", addr, sl->flash_base);
1456 } else if ((addr + len) < addr) {
1457 ELOG("addr overruns\n");
1459 } else if ((addr + len) > (sl->flash_base + sl->flash_size)) {
1460 ELOG("addr too high\n");
1462 } else if (addr & 1) {
1463 ELOG("unaligned addr 0x%x\n", addr);
1465 } else if (len & 1) {
1466 WLOG("unaligned len 0x%x -- padding with zero\n", len);
1468 } else if (addr & (sl->flash_pgsz - 1)) {
1469 ELOG("addr not a multiple of pagesize, not supported\n");
1473 // Make sure we've loaded the context with the chip details
1475 /* erase each page */
1477 for (off = 0; off < len; off += stlink_calculate_pagesize(sl, addr + off)) {
1478 /* addr must be an addr inside the page */
1479 if (stlink_erase_flash_page(sl, addr + off) == -1) {
1480 ELOG("Failed to erase_flash_page(%#zx) == -1\n", addr + off);
1483 fprintf(stdout,"\rFlash page at addr: 0x%08lx erased",
1484 (unsigned long)addr + off);
1488 fprintf(stdout,"\n");
1489 ILOG("Finished erasing %d pages of %d (%#x) bytes\n",
1490 page_count, sl->flash_pgsz, sl->flash_pgsz);
1492 if ((sl->chip_id == STM32_CHIPID_F2) || (sl->chip_id == STM32_CHIPID_F4)) {
1493 /* todo: check write operation */
1495 ILOG("Starting Flash write for F2/F4\n");
1496 /* flash loader initialization */
1497 if (init_flash_loader(sl, &fl) == -1) {
1498 ELOG("init_flash_loader() == -1\n");
1502 /* First unlock the cr */
1503 unlock_flash_if(sl);
1505 /* TODO: Check that Voltage range is 2.7 - 3.6 V */
1506 /* set parallelisim to 32 bit*/
1507 write_flash_cr_psiz(sl, 2);
1509 /* set programming mode */
1510 set_flash_cr_pg(sl);
1512 for(off = 0; off < len;) {
1513 size_t size = len - off > 0x8000 ? 0x8000 : len - off;
1515 printf("size: %zu\n", size);
1517 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1518 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1526 #define PROGRESS_CHUNK_SIZE 0x1000
1527 /* write a word in program memory */
1528 for (off = 0; off < len; off += sizeof(uint32_t)) {
1530 if (sl->verbose >= 1) {
1531 if ((off & (PROGRESS_CHUNK_SIZE - 1)) == 0) {
1532 /* show progress. writing procedure is slow
1533 and previous errors are misleading */
1534 const uint32_t pgnum = (off / PROGRESS_CHUNK_SIZE)+1;
1535 const uint32_t pgcount = len / PROGRESS_CHUNK_SIZE +1;
1536 fprintf(stdout, "Writing %ukB chunk %u out of %u\n",
1537 PROGRESS_CHUNK_SIZE/1024, pgnum, pgcount);
1541 write_uint32((unsigned char*) &data, *(uint32_t*) (base + off));
1542 stlink_write_debug32(sl, addr + off, data);
1544 /* wait for sr.busy to be cleared */
1545 wait_flash_busy(sl);
1552 #if 0 /* todo: debug mode */
1553 fprintf(stdout, "Final CR:0x%x\n", read_flash_cr(sl));
1558 else if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS) {
1559 /* use fast word write. todo: half page. */
1562 #if 0 /* todo: check write operation */
1564 uint32_t nwrites = sl->flash_pgsz;
1568 #endif /* todo: check write operation */
1570 /* disable pecr protection */
1571 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x89abcdef);
1572 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x02030405);
1574 /* check pecr.pelock is cleared */
1575 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1576 if (val & (1 << 0)) {
1577 fprintf(stderr, "pecr.pelock not clear\n");
1581 /* unlock program memory */
1582 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x8c9daebf);
1583 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x13141516);
1585 /* check pecr.prglock is cleared */
1586 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1587 if (val & (1 << 1)) {
1588 fprintf(stderr, "pecr.prglock not clear\n");
1592 if (len > L1_WRITE_BLOCK_SIZE) {
1593 if (stm32l1_write_half_pages(sl, addr, base, len/L1_WRITE_BLOCK_SIZE) == -1) {
1594 /* This may happen on a blank device! */
1595 WLOG("\nwrite_half_pages failed == -1\n");
1597 off = (len /L1_WRITE_BLOCK_SIZE)*L1_WRITE_BLOCK_SIZE;
1601 /* write remainingword in program memory */
1602 for ( ; off < len; off += sizeof(uint32_t)) {
1605 fprintf(stdout, "\r");
1607 if ((off % sl->flash_pgsz) > (sl->flash_pgsz -5)) {
1608 fprintf(stdout, "\r%3zd/%3zd pages written",
1609 off/sl->flash_pgsz, len/sl->flash_pgsz);
1613 write_uint32((unsigned char*) &data, *(uint32_t*) (base + off));
1614 stlink_write_debug32(sl, addr + off, data);
1616 /* wait for sr.busy to be cleared */
1617 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
1620 #if 0 /* todo: check redo write operation */
1622 /* check written bytes. todo: should be on a per page basis. */
1623 data = stlink_read_debug32(sl, addr + off);
1624 if (data == *(uint32_t*)(base + off)) {
1625 /* re erase the page and redo the write operation */
1629 /* fail if successive write count too low */
1630 if (nwrites < sl->flash_pgsz) {
1631 fprintf(stderr, "writes operation failure count too high, aborting\n");
1637 /* assume addr aligned */
1638 if (off % sl->flash_pgsz) off &= ~(sl->flash_pgsz - 1);
1641 fprintf(stderr, "invalid write @0x%x(0x%x): 0x%x != 0x%x. retrying.\n",
1642 page, addr + off, read_uint32(base + off, 0), read_uint32(sl->q_buf, 0));
1644 /* reset lock bits */
1645 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
1646 | (1 << 0) | (1 << 1) | (1 << 2);
1647 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1649 stlink_erase_flash_page(sl, page);
1654 /* increment successive writes counter */
1657 #endif /* todo: check redo write operation */
1659 fprintf(stdout, "\n");
1660 /* reset lock bits */
1661 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
1662 | (1 << 0) | (1 << 1) | (1 << 2);
1663 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1664 } else if (sl->core_id == STM32VL_CORE_ID || sl->core_id == STM32F0_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1665 ILOG("Starting Flash write for VL/F0 core id\n");
1666 /* flash loader initialization */
1667 if (init_flash_loader(sl, &fl) == -1) {
1668 ELOG("init_flash_loader() == -1\n");
1672 int write_block_count = 0;
1673 for (off = 0; off < len; off += sl->flash_pgsz) {
1674 /* adjust last write size */
1675 size_t size = sl->flash_pgsz;
1676 if ((off + sl->flash_pgsz) > len) size = len - off;
1678 /* unlock and set programming mode */
1679 unlock_flash_if(sl);
1680 set_flash_cr_pg(sl);
1681 //DLOG("Finished setting flash cr pg, running loader!\n");
1682 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1683 ELOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1687 if (sl->verbose >= 1) {
1688 /* show progress. writing procedure is slow
1689 and previous errors are misleading */
1690 fprintf(stdout, "\r%3u/%lu pages written", write_block_count++, (unsigned long)len/sl->flash_pgsz);
1694 fprintf(stdout, "\n");
1696 ELOG("unknown coreid, not sure how to write: %x\n", sl->core_id);
1700 return stlink_verify_write_flash(sl, addr, base, len);
1704 * Write the given binary file into flash at address "addr"
1706 * @param path readable file path, should be binary image
1707 * @param addr where to start writing
1708 * @return 0 on success, -ve on failure.
1710 int stlink_fwrite_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1711 /* write the file in flash at addr */
1713 unsigned int num_empty = 0, index;
1714 unsigned char erased_pattern =(sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS)?0:0xff;
1715 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1716 if (map_file(&mf, path) == -1) {
1717 ELOG("map_file() == -1\n");
1720 for(index = 0; index < mf.len; index ++) {
1721 if (mf.base[index] == erased_pattern)
1726 if(num_empty != 0) {
1727 ILOG("Ignoring %d bytes of Zeros at end of file\n",num_empty);
1728 mf.len -= num_empty;
1730 err = stlink_write_flash(sl, addr, mf.base, mf.len);
1732 stlink_write_reg(sl, stlink_read_debug32(sl, addr ),13);
1733 /* Set PC to the reset routine*/
1734 stlink_write_reg(sl, stlink_read_debug32(sl, addr + 4),15);
1740 int run_flash_loader(stlink_t *sl, flash_loader_t* fl, stm32_addr_t target, const uint8_t* buf, size_t size) {
1744 DLOG("Running flash loader, write address:%#x, size: %zd\n", target, size);
1745 // FIXME This can never return -1
1746 if (write_buffer_to_sram(sl, fl, buf, size) == -1) {
1748 ELOG("write_buffer_to_sram() == -1\n");
1752 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS) {
1754 size_t count = size / sizeof(uint32_t);
1755 if (size % sizeof(uint32_t)) ++count;
1758 stlink_write_reg(sl, target, 0); /* target */
1759 stlink_write_reg(sl, fl->buf_addr, 1); /* source */
1760 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1761 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1763 } else if (sl->core_id == STM32VL_CORE_ID || sl->core_id == STM32F0_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1765 size_t count = size / sizeof(uint16_t);
1766 if (size % sizeof(uint16_t)) ++count;
1769 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1770 stlink_write_reg(sl, target, 1); /* target */
1771 stlink_write_reg(sl, count, 2); /* count (16 bits half words) */
1772 stlink_write_reg(sl, 0, 3); /* flash bank 0 (input) */
1773 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1775 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4) {
1777 size_t count = size / sizeof(uint32_t);
1778 if (size % sizeof(uint32_t)) ++count;
1781 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1782 stlink_write_reg(sl, target, 1); /* target */
1783 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1784 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1787 fprintf(stderr, "unknown coreid 0x%x, don't know what flash loader to use\n", sl->core_id);
1794 #define WAIT_ROUNDS 1000
1795 /* wait until done (reaches breakpoint) */
1796 for (i = 0; i < WAIT_ROUNDS; i++) {
1798 if (is_core_halted(sl))
1802 if (i >= WAIT_ROUNDS) {
1803 ELOG("flash loader run error\n");
1807 /* check written byte count */
1808 if (sl->chip_id == STM32_CHIPID_L1_MEDIUM || sl->chip_id == STM32_CHIPID_L1_MEDIUM_PLUS) {
1810 size_t count = size / sizeof(uint32_t);
1811 if (size % sizeof(uint32_t)) ++count;
1813 stlink_read_reg(sl, 3, &rr);
1814 if (rr.r[3] != count) {
1815 fprintf(stderr, "write error, count == %u\n", rr.r[3]);
1819 } else if (sl->core_id == STM32VL_CORE_ID || sl->core_id == STM32F0_CORE_ID || sl->chip_id == STM32_CHIPID_F3 || sl->chip_id == STM32_CHIPID_F37x) {
1821 stlink_read_reg(sl, 2, &rr);
1823 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1827 } else if (sl->chip_id == STM32_CHIPID_F2 || sl->chip_id == STM32_CHIPID_F4) {
1829 stlink_read_reg(sl, 2, &rr);
1831 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1837 fprintf(stderr, "unknown coreid 0x%x, can't check written byte count\n", sl->core_id);