1 /***************************************************************************
2 * Copyright (C) 2006 by Magnus Lundin *
5 * Copyright (C) 2008 by Spencer Oliver *
6 * spen@spen-soft.co.uk *
8 * Copyright (C) 2009 by Oyvind Harboe *
9 * oyvind.harboe@zylin.com *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
29 * This file implements support for the ARM Debug Interface version 5 (ADIv5)
30 * debugging architecture. Compared with previous versions, this includes
31 * a low pin-count Serial Wire Debug (SWD) alternative to JTAG for message
32 * transport, and focusses on memory mapped resources as defined by the
33 * CoreSight architecture.
35 * A key concept in ADIv5 is the Debug Access Port, or DAP. A DAP has two
36 * basic components: a Debug Port (DP) transporting messages to and from a
37 * debugger, and an Access Port (AP) accessing resources. Three types of DP
38 * are defined. One uses only JTAG for communication, and is called JTAG-DP.
39 * One uses only SWD for communication, and is called SW-DP. The third can
40 * use either SWD or JTAG, and is called SWJ-DP. The most common type of AP
41 * is used to access memory mapped resources and is called a MEM-AP. Also a
42 * JTAG-AP is also defined, bridging to JTAG resources; those are uncommon.
46 * Relevant specifications from ARM include:
48 * ARM(tm) Debug Interface v5 Architecture Specification ARM IHI 0031A
49 * CoreSight(tm) v1.0 Architecture Specification ARM IHI 0029B
51 * CoreSight(tm) DAP-Lite TRM, ARM DDI 0316D
52 * Cortex-M3(tm) TRM, ARM DDI 0337G
59 #include "arm_adi_v5.h"
60 #include <helper/time_support.h>
64 * swjdp->trans_mode = TRANS_MODE_COMPOSITE;
65 * Uses Overrun checking mode and does not do actual JTAG send/receive or transaction
66 * result checking until swjdp_end_transaction()
67 * This must be done before using or deallocating any return variables.
68 * swjdp->trans_mode == TRANS_MODE_ATOMIC
69 * All reads and writes to the AHB bus are checked for valid completion, and return values
70 * are immediatley available.
74 /* ARM ADI Specification requires at least 10 bits used for TAR autoincrement */
77 uint32_t tar_block_size(uint32_t address)
78 Return the largest block starting at address that does not cross a tar block size alignment boundary
80 static uint32_t max_tar_block_size(uint32_t tar_autoincr_block, uint32_t address)
82 return (tar_autoincr_block - ((tar_autoincr_block - 1) & address)) >> 2;
85 /***************************************************************************
87 * DPACC and APACC scanchain access through JTAG-DP *
89 ***************************************************************************/
91 /* Scan out and in from target ordered uint8_t buffers */
92 static int adi_jtag_dp_scan(struct swjdp_common *swjdp,
93 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
94 uint8_t *outvalue, uint8_t *invalue, uint8_t *ack)
96 struct arm_jtag *jtag_info = swjdp->jtag_info;
97 struct scan_field fields[2];
100 jtag_set_end_state(TAP_IDLE);
101 arm_jtag_set_instr(jtag_info, instr, NULL);
103 /* Add specified number of tck clocks before accessing memory bus */
104 if ((instr == JTAG_DP_APACC)
105 && ((reg_addr == AP_REG_DRW)
106 || ((reg_addr & 0xF0) == AP_REG_BD0))
107 && (swjdp->memaccess_tck != 0))
108 jtag_add_runtest(swjdp->memaccess_tck, jtag_set_end_state(TAP_IDLE));
110 fields[0].tap = jtag_info->tap;
111 fields[0].num_bits = 3;
112 buf_set_u32(&out_addr_buf, 0, 3, ((reg_addr >> 1) & 0x6) | (RnW & 0x1));
113 fields[0].out_value = &out_addr_buf;
114 fields[0].in_value = ack;
116 fields[1].tap = jtag_info->tap;
117 fields[1].num_bits = 32;
118 fields[1].out_value = outvalue;
119 fields[1].in_value = invalue;
121 jtag_add_dr_scan(2, fields, jtag_get_end_state());
126 /* Scan out and in from host ordered uint32_t variables */
127 static int adi_jtag_dp_scan_u32(struct swjdp_common *swjdp,
128 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
129 uint32_t outvalue, uint32_t *invalue, uint8_t *ack)
131 struct arm_jtag *jtag_info = swjdp->jtag_info;
132 struct scan_field fields[2];
133 uint8_t out_value_buf[4];
134 uint8_t out_addr_buf;
136 jtag_set_end_state(TAP_IDLE);
137 arm_jtag_set_instr(jtag_info, instr, NULL);
139 /* Add specified number of tck clocks before accessing memory bus */
140 if ((instr == JTAG_DP_APACC)
141 && ((reg_addr == AP_REG_DRW)
142 || ((reg_addr & 0xF0) == AP_REG_BD0))
143 && (swjdp->memaccess_tck != 0))
144 jtag_add_runtest(swjdp->memaccess_tck, jtag_set_end_state(TAP_IDLE));
146 fields[0].tap = jtag_info->tap;
147 fields[0].num_bits = 3;
148 buf_set_u32(&out_addr_buf, 0, 3, ((reg_addr >> 1) & 0x6) | (RnW & 0x1));
149 fields[0].out_value = &out_addr_buf;
150 fields[0].in_value = ack;
152 fields[1].tap = jtag_info->tap;
153 fields[1].num_bits = 32;
154 buf_set_u32(out_value_buf, 0, 32, outvalue);
155 fields[1].out_value = out_value_buf;
156 fields[1].in_value = NULL;
160 fields[1].in_value = (uint8_t *)invalue;
161 jtag_add_dr_scan(2, fields, jtag_get_end_state());
163 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t) invalue);
167 jtag_add_dr_scan(2, fields, jtag_get_end_state());
173 /* scan_inout_check adds one extra inscan for DPAP_READ commands to read variables */
174 static int scan_inout_check(struct swjdp_common *swjdp,
175 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
176 uint8_t *outvalue, uint8_t *invalue)
178 adi_jtag_dp_scan(swjdp, instr, reg_addr, RnW, outvalue, NULL, NULL);
180 if ((RnW == DPAP_READ) && (invalue != NULL))
181 adi_jtag_dp_scan(swjdp, JTAG_DP_DPACC,
182 DP_RDBUFF, DPAP_READ, 0, invalue, &swjdp->ack);
184 /* In TRANS_MODE_ATOMIC all JTAG_DP_APACC transactions wait for
185 * ack = OK/FAULT and the check CTRL_STAT
187 if ((instr == JTAG_DP_APACC)
188 && (swjdp->trans_mode == TRANS_MODE_ATOMIC))
189 return swjdp_transaction_endcheck(swjdp);
194 static int scan_inout_check_u32(struct swjdp_common *swjdp,
195 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
196 uint32_t outvalue, uint32_t *invalue)
198 adi_jtag_dp_scan_u32(swjdp, instr, reg_addr, RnW, outvalue, NULL, NULL);
200 if ((RnW == DPAP_READ) && (invalue != NULL))
201 adi_jtag_dp_scan_u32(swjdp, JTAG_DP_DPACC,
202 DP_RDBUFF, DPAP_READ, 0, invalue, &swjdp->ack);
204 /* In TRANS_MODE_ATOMIC all JTAG_DP_APACC transactions wait for
205 * ack = OK/FAULT and then check CTRL_STAT
207 if ((instr == JTAG_DP_APACC)
208 && (swjdp->trans_mode == TRANS_MODE_ATOMIC))
209 return swjdp_transaction_endcheck(swjdp);
214 int swjdp_transaction_endcheck(struct swjdp_common *swjdp)
219 /* too expensive to call keep_alive() here */
222 /* Danger!!!! BROKEN!!!! */
223 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
224 DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
225 /* Danger!!!! BROKEN!!!! Why will jtag_execute_queue() fail here????
226 R956 introduced the check on return value here and now Michael Schwingen reports
227 that this code no longer works....
229 https://lists.berlios.de/pipermail/openocd-development/2008-September/003107.html
231 if ((retval = jtag_execute_queue()) != ERROR_OK)
233 LOG_ERROR("BUG: Why does this fail the first time????");
235 /* Why??? second time it works??? */
238 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
239 DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
240 if ((retval = jtag_execute_queue()) != ERROR_OK)
243 swjdp->ack = swjdp->ack & 0x7;
247 long long then = timeval_ms();
248 while (swjdp->ack != 2)
252 if ((timeval_ms()-then) > 1000)
254 /* NOTE: this would be a good spot
255 * to use JTAG_DP_ABORT.
257 LOG_WARNING("Timeout (1000ms) waiting "
259 "in JTAG-DP transaction");
260 return ERROR_JTAG_DEVICE_ERROR;
265 LOG_WARNING("Invalid ACK "
266 "in JTAG-DP transaction");
267 return ERROR_JTAG_DEVICE_ERROR;
270 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
271 DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
272 if ((retval = jtag_execute_queue()) != ERROR_OK)
274 swjdp->ack = swjdp->ack & 0x7;
278 /* common code path avoids fn to timeval_ms() */
281 /* Check for STICKYERR and STICKYORUN */
282 if (ctrlstat & (SSTICKYORUN | SSTICKYERR))
284 LOG_DEBUG("swjdp: CTRL/STAT error 0x%" PRIx32 "", ctrlstat);
285 /* Check power to debug regions */
286 if ((ctrlstat & 0xf0000000) != 0xf0000000)
288 ahbap_debugport_init(swjdp);
292 uint32_t mem_ap_csw, mem_ap_tar;
294 /* Print information about last AHBAP access */
295 LOG_ERROR("AHBAP Cached values: dp_select 0x%" PRIx32 ", ap_csw 0x%" PRIx32 ", ap_tar 0x%" PRIx32 "", swjdp->dp_select_value, swjdp->ap_csw_value, swjdp->ap_tar_value);
296 if (ctrlstat & SSTICKYORUN)
297 LOG_ERROR("JTAG-DP OVERRUN - "
298 "check clock or reduce jtag speed");
300 if (ctrlstat & SSTICKYERR)
301 LOG_ERROR("JTAG-DP STICKY ERROR");
303 /* Clear Sticky Error Bits */
304 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
305 DP_CTRL_STAT, DPAP_WRITE,
306 swjdp->dp_ctrl_stat | SSTICKYORUN
308 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
309 DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
310 if ((retval = jtag_execute_queue()) != ERROR_OK)
313 LOG_DEBUG("swjdp: status 0x%" PRIx32 "", ctrlstat);
315 dap_ap_read_reg_u32(swjdp, AP_REG_CSW, &mem_ap_csw);
316 dap_ap_read_reg_u32(swjdp, AP_REG_TAR, &mem_ap_tar);
317 if ((retval = jtag_execute_queue()) != ERROR_OK)
319 LOG_ERROR("Read MEM_AP_CSW 0x%" PRIx32 ", MEM_AP_TAR 0x%" PRIx32 "", mem_ap_csw, mem_ap_tar);
322 if ((retval = jtag_execute_queue()) != ERROR_OK)
324 return ERROR_JTAG_DEVICE_ERROR;
330 /***************************************************************************
332 * DP and MEM-AP register access through APACC and DPACC *
334 ***************************************************************************/
336 static int dap_dp_write_reg(struct swjdp_common *swjdp,
337 uint32_t value, uint8_t reg_addr)
339 return scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
340 reg_addr, DPAP_WRITE, value, NULL);
343 static int dap_dp_read_reg(struct swjdp_common *swjdp,
344 uint32_t *value, uint8_t reg_addr)
346 return scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
347 reg_addr, DPAP_READ, 0, value);
350 int dap_ap_select(struct swjdp_common *swjdp,uint8_t apsel)
353 select = (apsel << 24) & 0xFF000000;
355 if (select != swjdp->apsel)
357 swjdp->apsel = select;
358 /* Switching AP invalidates cached values */
359 swjdp->dp_select_value = -1;
360 swjdp->ap_csw_value = -1;
361 swjdp->ap_tar_value = -1;
367 static int dap_dp_bankselect(struct swjdp_common *swjdp, uint32_t ap_reg)
370 select = (ap_reg & 0x000000F0);
372 if (select != swjdp->dp_select_value)
374 dap_dp_write_reg(swjdp, select | swjdp->apsel, DP_SELECT);
375 swjdp->dp_select_value = select;
381 static int dap_ap_write_reg(struct swjdp_common *swjdp,
382 uint32_t reg_addr, uint8_t *out_value_buf)
384 dap_dp_bankselect(swjdp, reg_addr);
385 scan_inout_check(swjdp, JTAG_DP_APACC, reg_addr,
386 DPAP_WRITE, out_value_buf, NULL);
391 int dap_ap_write_reg_u32(struct swjdp_common *swjdp, uint32_t reg_addr, uint32_t value)
393 uint8_t out_value_buf[4];
395 buf_set_u32(out_value_buf, 0, 32, value);
396 dap_dp_bankselect(swjdp, reg_addr);
397 scan_inout_check(swjdp, JTAG_DP_APACC, reg_addr,
398 DPAP_WRITE, out_value_buf, NULL);
403 int dap_ap_read_reg_u32(struct swjdp_common *swjdp, uint32_t reg_addr, uint32_t *value)
405 dap_dp_bankselect(swjdp, reg_addr);
406 scan_inout_check_u32(swjdp, JTAG_DP_APACC, reg_addr,
407 DPAP_READ, 0, value);
412 /***************************************************************************
414 * AHB-AP access to memory and system registers on AHB bus *
416 ***************************************************************************/
418 int dap_setup_accessport(struct swjdp_common *swjdp, uint32_t csw, uint32_t tar)
420 csw = csw | CSW_DBGSWENABLE | CSW_MASTER_DEBUG | CSW_HPROT;
421 if (csw != swjdp->ap_csw_value)
423 /* LOG_DEBUG("swjdp : Set CSW %x",csw); */
424 dap_ap_write_reg_u32(swjdp, AP_REG_CSW, csw);
425 swjdp->ap_csw_value = csw;
427 if (tar != swjdp->ap_tar_value)
429 /* LOG_DEBUG("swjdp : Set TAR %x",tar); */
430 dap_ap_write_reg_u32(swjdp, AP_REG_TAR, tar);
431 swjdp->ap_tar_value = tar;
433 if (csw & CSW_ADDRINC_MASK)
435 /* Do not cache TAR value when autoincrementing */
436 swjdp->ap_tar_value = -1;
441 /*****************************************************************************
443 * mem_ap_read_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t *value) *
445 * Read a uint32_t value from memory or system register *
446 * Functionally equivalent to target_read_u32(target, address, uint32_t *value), *
447 * but with less overhead *
448 *****************************************************************************/
449 int mem_ap_read_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t *value)
451 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
453 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_OFF, address & 0xFFFFFFF0);
454 dap_ap_read_reg_u32(swjdp, AP_REG_BD0 | (address & 0xC), value);
459 int mem_ap_read_atomic_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t *value)
461 mem_ap_read_u32(swjdp, address, value);
463 return swjdp_transaction_endcheck(swjdp);
466 /*****************************************************************************
468 * mem_ap_write_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t value) *
470 * Write a uint32_t value to memory or memory mapped register *
472 *****************************************************************************/
473 int mem_ap_write_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t value)
475 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
477 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_OFF, address & 0xFFFFFFF0);
478 dap_ap_write_reg_u32(swjdp, AP_REG_BD0 | (address & 0xC), value);
483 int mem_ap_write_atomic_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t value)
485 mem_ap_write_u32(swjdp, address, value);
487 return swjdp_transaction_endcheck(swjdp);
490 /*****************************************************************************
492 * mem_ap_write_buf(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address) *
494 * Write a buffer in target order (little endian) *
496 *****************************************************************************/
497 int mem_ap_write_buf_u32(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
499 int wcount, blocksize, writecount, errorcount = 0, retval = ERROR_OK;
500 uint32_t adr = address;
501 uint8_t* pBuffer = buffer;
503 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
508 /* if we have an unaligned access - reorder data */
511 for (writecount = 0; writecount < count; writecount++)
515 memcpy(&outvalue, pBuffer, sizeof(uint32_t));
517 for (i = 0; i < 4; i++)
519 *((uint8_t*)pBuffer + (adr & 0x3)) = outvalue;
523 pBuffer += sizeof(uint32_t);
529 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
530 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
531 if (wcount < blocksize)
534 /* handle unaligned data at 4k boundary */
538 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_SINGLE, address);
540 for (writecount = 0; writecount < blocksize; writecount++)
542 dap_ap_write_reg(swjdp, AP_REG_DRW, buffer + 4 * writecount);
545 if (swjdp_transaction_endcheck(swjdp) == ERROR_OK)
547 wcount = wcount - blocksize;
548 address = address + 4 * blocksize;
549 buffer = buffer + 4 * blocksize;
558 LOG_WARNING("Block write error address 0x%" PRIx32 ", wcount 0x%x", address, wcount);
559 return ERROR_JTAG_DEVICE_ERROR;
566 static int mem_ap_write_buf_packed_u16(struct swjdp_common *swjdp,
567 uint8_t *buffer, int count, uint32_t address)
569 int retval = ERROR_OK;
570 int wcount, blocksize, writecount, i;
572 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
580 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
581 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
583 if (wcount < blocksize)
586 /* handle unaligned data at 4k boundary */
590 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_PACKED, address);
591 writecount = blocksize;
595 nbytes = MIN((writecount << 1), 4);
599 if (mem_ap_write_buf_u16(swjdp, buffer, nbytes, address) != ERROR_OK)
601 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
602 return ERROR_JTAG_DEVICE_ERROR;
605 address += nbytes >> 1;
610 memcpy(&outvalue, buffer, sizeof(uint32_t));
612 for (i = 0; i < nbytes; i++)
614 *((uint8_t*)buffer + (address & 0x3)) = outvalue;
619 memcpy(&outvalue, buffer, sizeof(uint32_t));
620 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
621 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
623 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
624 return ERROR_JTAG_DEVICE_ERROR;
628 buffer += nbytes >> 1;
629 writecount -= nbytes >> 1;
631 } while (writecount);
638 int mem_ap_write_buf_u16(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
640 int retval = ERROR_OK;
643 return mem_ap_write_buf_packed_u16(swjdp, buffer, count, address);
645 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
649 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_SINGLE, address);
651 memcpy(&svalue, buffer, sizeof(uint16_t));
652 uint32_t outvalue = (uint32_t)svalue << 8 * (address & 0x3);
653 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
654 retval = swjdp_transaction_endcheck(swjdp);
663 static int mem_ap_write_buf_packed_u8(struct swjdp_common *swjdp,
664 uint8_t *buffer, int count, uint32_t address)
666 int retval = ERROR_OK;
667 int wcount, blocksize, writecount, i;
669 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
677 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
678 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
680 if (wcount < blocksize)
683 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_PACKED, address);
684 writecount = blocksize;
688 nbytes = MIN(writecount, 4);
692 if (mem_ap_write_buf_u8(swjdp, buffer, nbytes, address) != ERROR_OK)
694 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
695 return ERROR_JTAG_DEVICE_ERROR;
703 memcpy(&outvalue, buffer, sizeof(uint32_t));
705 for (i = 0; i < nbytes; i++)
707 *((uint8_t*)buffer + (address & 0x3)) = outvalue;
712 memcpy(&outvalue, buffer, sizeof(uint32_t));
713 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
714 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
716 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
717 return ERROR_JTAG_DEVICE_ERROR;
722 writecount -= nbytes;
724 } while (writecount);
731 int mem_ap_write_buf_u8(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
733 int retval = ERROR_OK;
736 return mem_ap_write_buf_packed_u8(swjdp, buffer, count, address);
738 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
742 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_SINGLE, address);
743 uint32_t outvalue = (uint32_t)*buffer << 8 * (address & 0x3);
744 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
745 retval = swjdp_transaction_endcheck(swjdp);
754 /*********************************************************************************
756 * mem_ap_read_buf_u32(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address) *
758 * Read block fast in target order (little endian) into a buffer *
760 **********************************************************************************/
761 int mem_ap_read_buf_u32(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
763 int wcount, blocksize, readcount, errorcount = 0, retval = ERROR_OK;
764 uint32_t adr = address;
765 uint8_t* pBuffer = buffer;
767 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
774 /* Adjust to read blocks within boundaries aligned to the TAR autoincremnent size*/
775 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
776 if (wcount < blocksize)
779 /* handle unaligned data at 4k boundary */
783 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_SINGLE, address);
785 /* Scan out first read */
786 adi_jtag_dp_scan(swjdp, JTAG_DP_APACC, AP_REG_DRW,
787 DPAP_READ, 0, NULL, NULL);
788 for (readcount = 0; readcount < blocksize - 1; readcount++)
790 /* Scan out read instruction and scan in previous value */
791 adi_jtag_dp_scan(swjdp, JTAG_DP_APACC, AP_REG_DRW,
792 DPAP_READ, 0, buffer + 4 * readcount,
796 /* Scan in last value */
797 adi_jtag_dp_scan(swjdp, JTAG_DP_DPACC, DP_RDBUFF,
798 DPAP_READ, 0, buffer + 4 * readcount,
800 if (swjdp_transaction_endcheck(swjdp) == ERROR_OK)
802 wcount = wcount - blocksize;
803 address += 4 * blocksize;
804 buffer += 4 * blocksize;
813 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
814 return ERROR_JTAG_DEVICE_ERROR;
818 /* if we have an unaligned access - reorder data */
821 for (readcount = 0; readcount < count; readcount++)
825 memcpy(&data, pBuffer, sizeof(uint32_t));
827 for (i = 0; i < 4; i++)
829 *((uint8_t*)pBuffer) = (data >> 8 * (adr & 0x3));
839 static int mem_ap_read_buf_packed_u16(struct swjdp_common *swjdp,
840 uint8_t *buffer, int count, uint32_t address)
843 int retval = ERROR_OK;
844 int wcount, blocksize, readcount, i;
846 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
854 /* Adjust to read blocks within boundaries aligned to the TAR autoincremnent size*/
855 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
856 if (wcount < blocksize)
859 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_PACKED, address);
861 /* handle unaligned data at 4k boundary */
864 readcount = blocksize;
868 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
869 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
871 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
872 return ERROR_JTAG_DEVICE_ERROR;
875 nbytes = MIN((readcount << 1), 4);
877 for (i = 0; i < nbytes; i++)
879 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
884 readcount -= (nbytes >> 1);
892 int mem_ap_read_buf_u16(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
895 int retval = ERROR_OK;
898 return mem_ap_read_buf_packed_u16(swjdp, buffer, count, address);
900 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
904 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_SINGLE, address);
905 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
906 retval = swjdp_transaction_endcheck(swjdp);
909 for (i = 0; i < 2; i++)
911 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
918 uint16_t svalue = (invalue >> 8 * (address & 0x3));
919 memcpy(buffer, &svalue, sizeof(uint16_t));
929 /* FIX!!! is this a potential performance bottleneck w.r.t. requiring too many
930 * roundtrips when jtag_execute_queue() has a large overhead(e.g. for USB)s?
932 * The solution is to arrange for a large out/in scan in this loop and
933 * and convert data afterwards.
935 static int mem_ap_read_buf_packed_u8(struct swjdp_common *swjdp,
936 uint8_t *buffer, int count, uint32_t address)
939 int retval = ERROR_OK;
940 int wcount, blocksize, readcount, i;
942 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
950 /* Adjust to read blocks within boundaries aligned to the TAR autoincremnent size*/
951 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
953 if (wcount < blocksize)
956 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_PACKED, address);
957 readcount = blocksize;
961 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
962 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
964 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
965 return ERROR_JTAG_DEVICE_ERROR;
968 nbytes = MIN(readcount, 4);
970 for (i = 0; i < nbytes; i++)
972 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
985 int mem_ap_read_buf_u8(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
988 int retval = ERROR_OK;
991 return mem_ap_read_buf_packed_u8(swjdp, buffer, count, address);
993 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
997 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_SINGLE, address);
998 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
999 retval = swjdp_transaction_endcheck(swjdp);
1000 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
1012 * @todo Rename this. We also need an initialization scheme which account
1013 * for SWD transports not just JTAG; that will need to address differences
1014 * in layering. (JTAG is useful without any debug target; but not SWD.)
1016 int ahbap_debugport_init(struct swjdp_common *swjdp)
1018 uint32_t idreg, romaddr, dummy;
1025 /* Default MEM-AP setup.
1027 * REVISIT AP #0 may be an inappropriate default for this.
1028 * Should we probe, or receve a hint from the caller?
1029 * Presumably we can ignore the possibility of multiple APs.
1032 swjdp->ap_csw_value = -1;
1033 swjdp->ap_tar_value = -1;
1035 /* DP initialization */
1036 swjdp->trans_mode = TRANS_MODE_ATOMIC;
1037 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1038 dap_dp_write_reg(swjdp, SSTICKYERR, DP_CTRL_STAT);
1039 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1041 swjdp->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ;
1043 dap_dp_write_reg(swjdp, swjdp->dp_ctrl_stat, DP_CTRL_STAT);
1044 dap_dp_read_reg(swjdp, &ctrlstat, DP_CTRL_STAT);
1045 if ((retval = jtag_execute_queue()) != ERROR_OK)
1048 /* Check that we have debug power domains activated */
1049 while (!(ctrlstat & CDBGPWRUPACK) && (cnt++ < 10))
1051 LOG_DEBUG("swjdp: wait CDBGPWRUPACK");
1052 dap_dp_read_reg(swjdp, &ctrlstat, DP_CTRL_STAT);
1053 if ((retval = jtag_execute_queue()) != ERROR_OK)
1058 while (!(ctrlstat & CSYSPWRUPACK) && (cnt++ < 10))
1060 LOG_DEBUG("swjdp: wait CSYSPWRUPACK");
1061 dap_dp_read_reg(swjdp, &ctrlstat, DP_CTRL_STAT);
1062 if ((retval = jtag_execute_queue()) != ERROR_OK)
1067 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1068 /* With debug power on we can activate OVERRUN checking */
1069 swjdp->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ | CORUNDETECT;
1070 dap_dp_write_reg(swjdp, swjdp->dp_ctrl_stat, DP_CTRL_STAT);
1071 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1074 * REVISIT this isn't actually *initializing* anything in an AP,
1075 * and doesn't care if it's a MEM-AP at all (much less AHB-AP).
1076 * Should it? If the ROM address is valid, is this the right
1077 * place to scan the table and do any topology detection?
1079 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &idreg);
1080 dap_ap_read_reg_u32(swjdp, AP_REG_BASE, &romaddr);
1082 LOG_DEBUG("AHB-AP ID Register 0x%" PRIx32 ", Debug ROM Address 0x%" PRIx32 "", idreg, romaddr);
1087 /* CID interpretation -- see ARM IHI 0029B section 3
1088 * and ARM IHI 0031A table 13-3.
1090 static const char *class_description[16] ={
1091 "Reserved", "ROM table", "Reserved", "Reserved",
1092 "Reserved", "Reserved", "Reserved", "Reserved",
1093 "Reserved", "CoreSight component", "Reserved", "Peripheral Test Block",
1094 "Reserved", "OptimoDE DESS",
1095 "Generic IP component", "PrimeCell or System component"
1099 is_dap_cid_ok(uint32_t cid3, uint32_t cid2, uint32_t cid1, uint32_t cid0)
1101 return cid3 == 0xb1 && cid2 == 0x05
1102 && ((cid1 & 0x0f) == 0) && cid0 == 0x0d;
1105 int dap_info_command(struct command_context *cmd_ctx, struct swjdp_common *swjdp, int apsel)
1108 uint32_t dbgbase, apid;
1109 int romtable_present = 0;
1113 apselold = swjdp->apsel;
1114 dap_ap_select(swjdp, apsel);
1115 dap_ap_read_reg_u32(swjdp, AP_REG_BASE, &dbgbase);
1116 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &apid);
1117 swjdp_transaction_endcheck(swjdp);
1118 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
1119 mem_ap = ((apid&0x10000) && ((apid&0x0F) != 0));
1120 command_print(cmd_ctx, "AP ID register 0x%8.8" PRIx32, apid);
1126 command_print(cmd_ctx, "\tType is JTAG-AP");
1129 command_print(cmd_ctx, "\tType is MEM-AP AHB");
1132 command_print(cmd_ctx, "\tType is MEM-AP APB");
1135 command_print(cmd_ctx, "\tUnknown AP type");
1139 /* NOTE: a MEM-AP may have a single CoreSight component that's
1140 * not a ROM table ... or have no such components at all.
1143 command_print(cmd_ctx, "AP BASE 0x%8.8" PRIx32,
1148 command_print(cmd_ctx, "No AP found at this apsel 0x%x", apsel);
1151 romtable_present = ((mem_ap) && (dbgbase != 0xFFFFFFFF));
1152 if (romtable_present)
1154 uint32_t cid0,cid1,cid2,cid3,memtype,romentry;
1155 uint16_t entry_offset;
1157 /* bit 16 of apid indicates a memory access port */
1159 command_print(cmd_ctx, "\tValid ROM table present");
1161 command_print(cmd_ctx, "\tROM table in legacy format");
1163 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
1164 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFF0, &cid0);
1165 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFF4, &cid1);
1166 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFF8, &cid2);
1167 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFFC, &cid3);
1168 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFCC, &memtype);
1169 swjdp_transaction_endcheck(swjdp);
1170 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
1171 command_print(cmd_ctx, "\tCID3 0x%2.2" PRIx32
1172 ", CID2 0x%2.2" PRIx32
1173 ", CID1 0x%2.2" PRIx32
1174 ", CID0 0x%2.2" PRIx32,
1175 cid3, cid2, cid1, cid0);
1177 command_print(cmd_ctx, "\tMEMTYPE system memory present on bus");
1179 command_print(cmd_ctx, "\tMEMTYPE System memory not present. "
1180 "Dedicated debug bus.");
1182 /* Now we read ROM table entries from dbgbase&0xFFFFF000) | 0x000 until we get 0x00000000 */
1186 mem_ap_read_atomic_u32(swjdp, (dbgbase&0xFFFFF000) | entry_offset, &romentry);
1187 command_print(cmd_ctx, "\tROMTABLE[0x%x] = 0x%" PRIx32 "",entry_offset,romentry);
1190 uint32_t c_cid0, c_cid1, c_cid2, c_cid3;
1191 uint32_t c_pid0, c_pid1, c_pid2, c_pid3, c_pid4;
1192 uint32_t component_start, component_base;
1196 component_base = (uint32_t)((dbgbase & 0xFFFFF000)
1197 + (int)(romentry & 0xFFFFF000));
1198 mem_ap_read_atomic_u32(swjdp,
1199 (component_base & 0xFFFFF000) | 0xFE0, &c_pid0);
1200 mem_ap_read_atomic_u32(swjdp,
1201 (component_base & 0xFFFFF000) | 0xFE4, &c_pid1);
1202 mem_ap_read_atomic_u32(swjdp,
1203 (component_base & 0xFFFFF000) | 0xFE8, &c_pid2);
1204 mem_ap_read_atomic_u32(swjdp,
1205 (component_base & 0xFFFFF000) | 0xFEC, &c_pid3);
1206 mem_ap_read_atomic_u32(swjdp,
1207 (component_base & 0xFFFFF000) | 0xFD0, &c_pid4);
1208 mem_ap_read_atomic_u32(swjdp,
1209 (component_base & 0xFFFFF000) | 0xFF0, &c_cid0);
1210 mem_ap_read_atomic_u32(swjdp,
1211 (component_base & 0xFFFFF000) | 0xFF4, &c_cid1);
1212 mem_ap_read_atomic_u32(swjdp,
1213 (component_base & 0xFFFFF000) | 0xFF8, &c_cid2);
1214 mem_ap_read_atomic_u32(swjdp,
1215 (component_base & 0xFFFFF000) | 0xFFC, &c_cid3);
1216 component_start = component_base - 0x1000*(c_pid4 >> 4);
1218 command_print(cmd_ctx, "\t\tComponent base address 0x%" PRIx32
1219 ", start address 0x%" PRIx32,
1220 component_base, component_start);
1221 command_print(cmd_ctx, "\t\tComponent class is 0x%x, %s",
1222 (int) (c_cid1 >> 4) & 0xf,
1223 /* See ARM IHI 0029B Table 3-3 */
1224 class_description[(c_cid1 >> 4) & 0xf]);
1226 /* CoreSight component? */
1227 if (((c_cid1 >> 4) & 0x0f) == 9) {
1230 char *major = "Reserved", *subtype = "Reserved";
1232 mem_ap_read_atomic_u32(swjdp,
1233 (component_base & 0xfffff000) | 0xfcc,
1235 minor = (devtype >> 4) & 0x0f;
1236 switch (devtype & 0x0f) {
1238 major = "Miscellaneous";
1244 subtype = "Validation component";
1249 major = "Trace Sink";
1263 major = "Trace Link";
1269 subtype = "Funnel, router";
1275 subtype = "FIFO, buffer";
1280 major = "Trace Source";
1286 subtype = "Processor";
1292 subtype = "Engine/Coprocessor";
1300 major = "Debug Control";
1306 subtype = "Trigger Matrix";
1309 subtype = "Debug Auth";
1314 major = "Debug Logic";
1320 subtype = "Processor";
1326 subtype = "Engine/Coprocessor";
1331 command_print(cmd_ctx, "\t\tType is 0x%2.2x, %s, %s",
1332 (unsigned) (devtype & 0xff),
1334 /* REVISIT also show 0xfc8 DevId */
1337 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
1338 command_print(cmd_ctx, "\t\tCID3 0x%2.2" PRIx32
1339 ", CID2 0x%2.2" PRIx32
1340 ", CID1 0x%2.2" PRIx32
1341 ", CID0 0x%2.2" PRIx32,
1342 c_cid3, c_cid2, c_cid1, c_cid0);
1343 command_print(cmd_ctx, "\t\tPeripheral ID[4..0] = hex "
1344 "%2.2x %2.2x %2.2x %2.2x %2.2x",
1346 (int) c_pid3, (int) c_pid2,
1347 (int) c_pid1, (int) c_pid0);
1349 /* Part number interpretations are from Cortex
1350 * core specs, the CoreSight components TRM
1351 * (ARM DDI 0314H), and ETM specs; also from
1352 * chip observation (e.g. TI SDTI).
1354 part_num = c_pid0 & 0xff;
1355 part_num |= (c_pid1 & 0x0f) << 8;
1358 type = "Cortex-M3 NVIC";
1359 full = "(Interrupt Controller)";
1362 type = "Cortex-M3 ITM";
1363 full = "(Instrumentation Trace Module)";
1366 type = "Cortex-M3 DWT";
1367 full = "(Data Watchpoint and Trace)";
1370 type = "Cortex-M3 FBP";
1371 full = "(Flash Patch and Breakpoint)";
1374 type = "CoreSight ETM11";
1375 full = "(Embedded Trace)";
1377 // case 0x113: what?
1378 case 0x120: /* from OMAP3 memmap */
1380 full = "(System Debug Trace Interface)";
1382 case 0x343: /* from OMAP3 memmap */
1387 type = "Cortex-M3 ETM";
1388 full = "(Embedded Trace)";
1391 type = "Coresight CTI";
1392 full = "(Cross Trigger)";
1395 type = "Coresight ETB";
1396 full = "(Trace Buffer)";
1399 type = "Coresight CSTF";
1400 full = "(Trace Funnel)";
1403 type = "CoreSight ETM9";
1404 full = "(Embedded Trace)";
1407 type = "Coresight TPIU";
1408 full = "(Trace Port Interface Unit)";
1411 type = "Cortex-A8 ETM";
1412 full = "(Embedded Trace)";
1415 type = "Cortex-A8 CTI";
1416 full = "(Cross Trigger)";
1419 type = "Cortex-M3 TPIU";
1420 full = "(Trace Port Interface Unit)";
1423 type = "Cortex-A8 Debug";
1424 full = "(Debug Unit)";
1427 type = "-*- unrecognized -*-";
1431 command_print(cmd_ctx, "\t\tPart is %s %s",
1437 command_print(cmd_ctx, "\t\tComponent not present");
1439 command_print(cmd_ctx, "\t\tEnd of ROM table");
1442 } while (romentry > 0);
1446 command_print(cmd_ctx, "\tNo ROM table present");
1448 dap_ap_select(swjdp, apselold);
1453 DAP_COMMAND_HANDLER(dap_baseaddr_command)
1455 uint32_t apsel, apselsave, baseaddr;
1458 apselsave = swjdp->apsel;
1461 apsel = swjdp->apsel;
1464 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1467 return ERROR_COMMAND_SYNTAX_ERROR;
1470 if (apselsave != apsel)
1471 dap_ap_select(swjdp, apsel);
1473 dap_ap_read_reg_u32(swjdp, AP_REG_BASE, &baseaddr);
1474 retval = swjdp_transaction_endcheck(swjdp);
1475 command_print(CMD_CTX, "0x%8.8" PRIx32, baseaddr);
1477 if (apselsave != apsel)
1478 dap_ap_select(swjdp, apselsave);
1483 DAP_COMMAND_HANDLER(dap_memaccess_command)
1485 uint32_t memaccess_tck;
1489 memaccess_tck = swjdp->memaccess_tck;
1492 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], memaccess_tck);
1495 return ERROR_COMMAND_SYNTAX_ERROR;
1497 swjdp->memaccess_tck = memaccess_tck;
1499 command_print(CMD_CTX, "memory bus access delay set to %" PRIi32 " tck",
1500 swjdp->memaccess_tck);
1505 DAP_COMMAND_HANDLER(dap_apsel_command)
1507 uint32_t apsel, apid;
1515 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1518 return ERROR_COMMAND_SYNTAX_ERROR;
1521 dap_ap_select(swjdp, apsel);
1522 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &apid);
1523 retval = swjdp_transaction_endcheck(swjdp);
1524 command_print(CMD_CTX, "ap %" PRIi32 " selected, identification register 0x%8.8" PRIx32,
1530 DAP_COMMAND_HANDLER(dap_apid_command)
1532 uint32_t apsel, apselsave, apid;
1535 apselsave = swjdp->apsel;
1538 apsel = swjdp->apsel;
1541 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1544 return ERROR_COMMAND_SYNTAX_ERROR;
1547 if (apselsave != apsel)
1548 dap_ap_select(swjdp, apsel);
1550 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &apid);
1551 retval = swjdp_transaction_endcheck(swjdp);
1552 command_print(CMD_CTX, "0x%8.8" PRIx32, apid);
1553 if (apselsave != apsel)
1554 dap_ap_select(swjdp, apselsave);