1 /***************************************************************************
2 * Copyright (C) 2006 by Magnus Lundin *
5 * Copyright (C) 2008 by Spencer Oliver *
6 * spen@spen-soft.co.uk *
8 * Copyright (C) 2009-2010 by Oyvind Harboe *
9 * oyvind.harboe@zylin.com *
11 * Copyright (C) 2009-2010 by David Brownell *
13 * Copyright (C) 2013 by Andreas Fritiofson *
14 * andreas.fritiofson@gmail.com *
16 * This program is free software; you can redistribute it and/or modify *
17 * it under the terms of the GNU General Public License as published by *
18 * the Free Software Foundation; either version 2 of the License, or *
19 * (at your option) any later version. *
21 * This program is distributed in the hope that it will be useful, *
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
24 * GNU General Public License for more details. *
26 * You should have received a copy of the GNU General Public License *
27 * along with this program; if not, write to the *
28 * Free Software Foundation, Inc., *
29 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
30 ***************************************************************************/
34 * This file implements support for the ARM Debug Interface version 5 (ADIv5)
35 * debugging architecture. Compared with previous versions, this includes
36 * a low pin-count Serial Wire Debug (SWD) alternative to JTAG for message
37 * transport, and focusses on memory mapped resources as defined by the
38 * CoreSight architecture.
40 * A key concept in ADIv5 is the Debug Access Port, or DAP. A DAP has two
41 * basic components: a Debug Port (DP) transporting messages to and from a
42 * debugger, and an Access Port (AP) accessing resources. Three types of DP
43 * are defined. One uses only JTAG for communication, and is called JTAG-DP.
44 * One uses only SWD for communication, and is called SW-DP. The third can
45 * use either SWD or JTAG, and is called SWJ-DP. The most common type of AP
46 * is used to access memory mapped resources and is called a MEM-AP. Also a
47 * JTAG-AP is also defined, bridging to JTAG resources; those are uncommon.
49 * This programming interface allows DAP pipelined operations through a
50 * transaction queue. This primarily affects AP operations (such as using
51 * a MEM-AP to access memory or registers). If the current transaction has
52 * not finished by the time the next one must begin, and the ORUNDETECT bit
53 * is set in the DP_CTRL_STAT register, the SSTICKYORUN status is set and
54 * further AP operations will fail. There are two basic methods to avoid
55 * such overrun errors. One involves polling for status instead of using
56 * transaction piplining. The other involves adding delays to ensure the
57 * AP has enough time to complete one operation before starting the next
58 * one. (For JTAG these delays are controlled by memaccess_tck.)
62 * Relevant specifications from ARM include:
64 * ARM(tm) Debug Interface v5 Architecture Specification ARM IHI 0031A
65 * CoreSight(tm) v1.0 Architecture Specification ARM IHI 0029B
67 * CoreSight(tm) DAP-Lite TRM, ARM DDI 0316D
68 * Cortex-M3(tm) TRM, ARM DDI 0337G
75 #include "jtag/interface.h"
77 #include "arm_adi_v5.h"
78 #include <helper/time_support.h>
80 /* ARM ADI Specification requires at least 10 bits used for TAR autoincrement */
83 uint32_t tar_block_size(uint32_t address)
84 Return the largest block starting at address that does not cross a tar block size alignment boundary
86 static uint32_t max_tar_block_size(uint32_t tar_autoincr_block, uint32_t address)
88 return tar_autoincr_block - ((tar_autoincr_block - 1) & address);
91 /***************************************************************************
93 * DP and MEM-AP register access through APACC and DPACC *
95 ***************************************************************************/
97 static int mem_ap_setup_csw(struct adiv5_ap *ap, uint32_t csw)
99 csw = csw | CSW_DBGSWENABLE | CSW_MASTER_DEBUG | CSW_HPROT |
102 if (csw != ap->csw_value) {
103 /* LOG_DEBUG("DAP: Set CSW %x",csw); */
104 int retval = dap_queue_ap_write(ap, MEM_AP_REG_CSW, csw);
105 if (retval != ERROR_OK)
112 static int mem_ap_setup_tar(struct adiv5_ap *ap, uint32_t tar)
114 if (tar != ap->tar_value ||
115 (ap->csw_value & CSW_ADDRINC_MASK)) {
116 /* LOG_DEBUG("DAP: Set TAR %x",tar); */
117 int retval = dap_queue_ap_write(ap, MEM_AP_REG_TAR, tar);
118 if (retval != ERROR_OK)
126 * Queue transactions setting up transfer parameters for the
127 * currently selected MEM-AP.
129 * Subsequent transfers using registers like MEM_AP_REG_DRW or MEM_AP_REG_BD2
130 * initiate data reads or writes using memory or peripheral addresses.
131 * If the CSW is configured for it, the TAR may be automatically
132 * incremented after each transfer.
134 * @param ap The MEM-AP.
135 * @param csw MEM-AP Control/Status Word (CSW) register to assign. If this
136 * matches the cached value, the register is not changed.
137 * @param tar MEM-AP Transfer Address Register (TAR) to assign. If this
138 * matches the cached address, the register is not changed.
140 * @return ERROR_OK if the transaction was properly queued, else a fault code.
142 static int mem_ap_setup_transfer(struct adiv5_ap *ap, uint32_t csw, uint32_t tar)
145 retval = mem_ap_setup_csw(ap, csw);
146 if (retval != ERROR_OK)
148 retval = mem_ap_setup_tar(ap, tar);
149 if (retval != ERROR_OK)
155 * Asynchronous (queued) read of a word from memory or a system register.
157 * @param ap The MEM-AP to access.
158 * @param address Address of the 32-bit word to read; it must be
159 * readable by the currently selected MEM-AP.
160 * @param value points to where the word will be stored when the
161 * transaction queue is flushed (assuming no errors).
163 * @return ERROR_OK for success. Otherwise a fault code.
165 int mem_ap_read_u32(struct adiv5_ap *ap, uint32_t address,
170 /* Use banked addressing (REG_BDx) to avoid some link traffic
171 * (updating TAR) when reading several consecutive addresses.
173 retval = mem_ap_setup_transfer(ap, CSW_32BIT | CSW_ADDRINC_OFF,
174 address & 0xFFFFFFF0);
175 if (retval != ERROR_OK)
178 return dap_queue_ap_read(ap, MEM_AP_REG_BD0 | (address & 0xC), value);
182 * Synchronous read of a word from memory or a system register.
183 * As a side effect, this flushes any queued transactions.
185 * @param ap The MEM-AP to access.
186 * @param address Address of the 32-bit word to read; it must be
187 * readable by the currently selected MEM-AP.
188 * @param value points to where the result will be stored.
190 * @return ERROR_OK for success; *value holds the result.
191 * Otherwise a fault code.
193 int mem_ap_read_atomic_u32(struct adiv5_ap *ap, uint32_t address,
198 retval = mem_ap_read_u32(ap, address, value);
199 if (retval != ERROR_OK)
202 return dap_run(ap->dap);
206 * Asynchronous (queued) write of a word to memory or a system register.
208 * @param ap The MEM-AP to access.
209 * @param address Address to be written; it must be writable by
210 * the currently selected MEM-AP.
211 * @param value Word that will be written to the address when transaction
212 * queue is flushed (assuming no errors).
214 * @return ERROR_OK for success. Otherwise a fault code.
216 int mem_ap_write_u32(struct adiv5_ap *ap, uint32_t address,
221 /* Use banked addressing (REG_BDx) to avoid some link traffic
222 * (updating TAR) when writing several consecutive addresses.
224 retval = mem_ap_setup_transfer(ap, CSW_32BIT | CSW_ADDRINC_OFF,
225 address & 0xFFFFFFF0);
226 if (retval != ERROR_OK)
229 return dap_queue_ap_write(ap, MEM_AP_REG_BD0 | (address & 0xC),
234 * Synchronous write of a word to memory or a system register.
235 * As a side effect, this flushes any queued transactions.
237 * @param ap The MEM-AP to access.
238 * @param address Address to be written; it must be writable by
239 * the currently selected MEM-AP.
240 * @param value Word that will be written.
242 * @return ERROR_OK for success; the data was written. Otherwise a fault code.
244 int mem_ap_write_atomic_u32(struct adiv5_ap *ap, uint32_t address,
247 int retval = mem_ap_write_u32(ap, address, value);
249 if (retval != ERROR_OK)
252 return dap_run(ap->dap);
256 * Synchronous write of a block of memory, using a specific access size.
258 * @param ap The MEM-AP to access.
259 * @param buffer The data buffer to write. No particular alignment is assumed.
260 * @param size Which access size to use, in bytes. 1, 2 or 4.
261 * @param count The number of writes to do (in size units, not bytes).
262 * @param address Address to be written; it must be writable by the currently selected MEM-AP.
263 * @param addrinc Whether the target address should be increased for each write or not. This
264 * should normally be true, except when writing to e.g. a FIFO.
265 * @return ERROR_OK on success, otherwise an error code.
267 static int mem_ap_write(struct adiv5_ap *ap, const uint8_t *buffer, uint32_t size, uint32_t count,
268 uint32_t address, bool addrinc)
270 struct adiv5_dap *dap = ap->dap;
271 size_t nbytes = size * count;
272 const uint32_t csw_addrincr = addrinc ? CSW_ADDRINC_SINGLE : CSW_ADDRINC_OFF;
277 /* TI BE-32 Quirks mode:
278 * Writes on big-endian TMS570 behave very strangely. Observed behavior:
279 * size write address bytes written in order
280 * 4 TAR ^ 0 (val >> 24), (val >> 16), (val >> 8), (val)
281 * 2 TAR ^ 2 (val >> 8), (val)
283 * For example, if you attempt to write a single byte to address 0, the processor
284 * will actually write a byte to address 3.
286 * To make writes of size < 4 work as expected, we xor a value with the address before
287 * setting the TAP, and we set the TAP after every transfer rather then relying on
288 * address increment. */
291 csw_size = CSW_32BIT;
293 } else if (size == 2) {
294 csw_size = CSW_16BIT;
295 addr_xor = dap->ti_be_32_quirks ? 2 : 0;
296 } else if (size == 1) {
298 addr_xor = dap->ti_be_32_quirks ? 3 : 0;
300 return ERROR_TARGET_UNALIGNED_ACCESS;
303 if (ap->unaligned_access_bad && (address % size != 0))
304 return ERROR_TARGET_UNALIGNED_ACCESS;
306 retval = mem_ap_setup_tar(ap, address ^ addr_xor);
307 if (retval != ERROR_OK)
311 uint32_t this_size = size;
313 /* Select packed transfer if possible */
314 if (addrinc && ap->packed_transfers && nbytes >= 4
315 && max_tar_block_size(ap->tar_autoincr_block, address) >= 4) {
317 retval = mem_ap_setup_csw(ap, csw_size | CSW_ADDRINC_PACKED);
319 retval = mem_ap_setup_csw(ap, csw_size | csw_addrincr);
322 if (retval != ERROR_OK)
325 /* How many source bytes each transfer will consume, and their location in the DRW,
326 * depends on the type of transfer and alignment. See ARM document IHI0031C. */
327 uint32_t outvalue = 0;
328 if (dap->ti_be_32_quirks) {
331 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (address++ & 3) ^ addr_xor);
332 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (address++ & 3) ^ addr_xor);
333 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (address++ & 3) ^ addr_xor);
334 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (address++ & 3) ^ addr_xor);
337 outvalue |= (uint32_t)*buffer++ << 8 * (1 ^ (address++ & 3) ^ addr_xor);
338 outvalue |= (uint32_t)*buffer++ << 8 * (1 ^ (address++ & 3) ^ addr_xor);
341 outvalue |= (uint32_t)*buffer++ << 8 * (0 ^ (address++ & 3) ^ addr_xor);
347 outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
348 outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
350 outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
352 outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
358 retval = dap_queue_ap_write(ap, MEM_AP_REG_DRW, outvalue);
359 if (retval != ERROR_OK)
362 /* Rewrite TAR if it wrapped or we're xoring addresses */
363 if (addrinc && (addr_xor || (address % ap->tar_autoincr_block < size && nbytes > 0))) {
364 retval = mem_ap_setup_tar(ap, address ^ addr_xor);
365 if (retval != ERROR_OK)
370 /* REVISIT: Might want to have a queued version of this function that does not run. */
371 if (retval == ERROR_OK)
372 retval = dap_run(dap);
374 if (retval != ERROR_OK) {
376 if (dap_queue_ap_read(ap, MEM_AP_REG_TAR, &tar) == ERROR_OK
377 && dap_run(dap) == ERROR_OK)
378 LOG_ERROR("Failed to write memory at 0x%08"PRIx32, tar);
380 LOG_ERROR("Failed to write memory and, additionally, failed to find out where");
387 * Synchronous read of a block of memory, using a specific access size.
389 * @param ap The MEM-AP to access.
390 * @param buffer The data buffer to receive the data. No particular alignment is assumed.
391 * @param size Which access size to use, in bytes. 1, 2 or 4.
392 * @param count The number of reads to do (in size units, not bytes).
393 * @param address Address to be read; it must be readable by the currently selected MEM-AP.
394 * @param addrinc Whether the target address should be increased after each read or not. This
395 * should normally be true, except when reading from e.g. a FIFO.
396 * @return ERROR_OK on success, otherwise an error code.
398 static int mem_ap_read(struct adiv5_ap *ap, uint8_t *buffer, uint32_t size, uint32_t count,
399 uint32_t adr, bool addrinc)
401 struct adiv5_dap *dap = ap->dap;
402 size_t nbytes = size * count;
403 const uint32_t csw_addrincr = addrinc ? CSW_ADDRINC_SINGLE : CSW_ADDRINC_OFF;
405 uint32_t address = adr;
408 /* TI BE-32 Quirks mode:
409 * Reads on big-endian TMS570 behave strangely differently than writes.
410 * They read from the physical address requested, but with DRW byte-reversed.
411 * For example, a byte read from address 0 will place the result in the high bytes of DRW.
412 * Also, packed 8-bit and 16-bit transfers seem to sometimes return garbage in some bytes,
416 csw_size = CSW_32BIT;
418 csw_size = CSW_16BIT;
422 return ERROR_TARGET_UNALIGNED_ACCESS;
424 if (ap->unaligned_access_bad && (adr % size != 0))
425 return ERROR_TARGET_UNALIGNED_ACCESS;
427 /* Allocate buffer to hold the sequence of DRW reads that will be made. This is a significant
428 * over-allocation if packed transfers are going to be used, but determining the real need at
429 * this point would be messy. */
430 uint32_t *read_buf = malloc(count * sizeof(uint32_t));
431 uint32_t *read_ptr = read_buf;
432 if (read_buf == NULL) {
433 LOG_ERROR("Failed to allocate read buffer");
437 retval = mem_ap_setup_tar(ap, address);
438 if (retval != ERROR_OK) {
443 /* Queue up all reads. Each read will store the entire DRW word in the read buffer. How many
444 * useful bytes it contains, and their location in the word, depends on the type of transfer
447 uint32_t this_size = size;
449 /* Select packed transfer if possible */
450 if (addrinc && ap->packed_transfers && nbytes >= 4
451 && max_tar_block_size(ap->tar_autoincr_block, address) >= 4) {
453 retval = mem_ap_setup_csw(ap, csw_size | CSW_ADDRINC_PACKED);
455 retval = mem_ap_setup_csw(ap, csw_size | csw_addrincr);
457 if (retval != ERROR_OK)
460 retval = dap_queue_ap_read(ap, MEM_AP_REG_DRW, read_ptr++);
461 if (retval != ERROR_OK)
465 address += this_size;
467 /* Rewrite TAR if it wrapped */
468 if (addrinc && address % ap->tar_autoincr_block < size && nbytes > 0) {
469 retval = mem_ap_setup_tar(ap, address);
470 if (retval != ERROR_OK)
475 if (retval == ERROR_OK)
476 retval = dap_run(dap);
480 nbytes = size * count;
483 /* If something failed, read TAR to find out how much data was successfully read, so we can
484 * at least give the caller what we have. */
485 if (retval != ERROR_OK) {
487 if (dap_queue_ap_read(ap, MEM_AP_REG_TAR, &tar) == ERROR_OK
488 && dap_run(dap) == ERROR_OK) {
489 LOG_ERROR("Failed to read memory at 0x%08"PRIx32, tar);
490 if (nbytes > tar - address)
491 nbytes = tar - address;
493 LOG_ERROR("Failed to read memory and, additionally, failed to find out where");
498 /* Replay loop to populate caller's buffer from the correct word and byte lane */
500 uint32_t this_size = size;
502 if (addrinc && ap->packed_transfers && nbytes >= 4
503 && max_tar_block_size(ap->tar_autoincr_block, address) >= 4) {
507 if (dap->ti_be_32_quirks) {
510 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
511 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
513 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
515 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
520 *buffer++ = *read_ptr >> 8 * (address++ & 3);
521 *buffer++ = *read_ptr >> 8 * (address++ & 3);
523 *buffer++ = *read_ptr >> 8 * (address++ & 3);
525 *buffer++ = *read_ptr >> 8 * (address++ & 3);
537 int mem_ap_read_buf(struct adiv5_ap *ap,
538 uint8_t *buffer, uint32_t size, uint32_t count, uint32_t address)
540 return mem_ap_read(ap, buffer, size, count, address, true);
543 int mem_ap_write_buf(struct adiv5_ap *ap,
544 const uint8_t *buffer, uint32_t size, uint32_t count, uint32_t address)
546 return mem_ap_write(ap, buffer, size, count, address, true);
549 int mem_ap_read_buf_noincr(struct adiv5_ap *ap,
550 uint8_t *buffer, uint32_t size, uint32_t count, uint32_t address)
552 return mem_ap_read(ap, buffer, size, count, address, false);
555 int mem_ap_write_buf_noincr(struct adiv5_ap *ap,
556 const uint8_t *buffer, uint32_t size, uint32_t count, uint32_t address)
558 return mem_ap_write(ap, buffer, size, count, address, false);
561 /*--------------------------------------------------------------------------*/
564 #define DAP_POWER_DOMAIN_TIMEOUT (10)
566 /* FIXME don't import ... just initialize as
567 * part of DAP transport setup
569 extern const struct dap_ops jtag_dp_ops;
571 /*--------------------------------------------------------------------------*/
576 struct adiv5_dap *dap_init(void)
578 struct adiv5_dap *dap = calloc(1, sizeof(struct adiv5_dap));
580 /* Set up with safe defaults */
581 for (i = 0; i <= 255; i++) {
582 dap->ap[i].dap = dap;
583 dap->ap[i].ap_num = i;
584 /* memaccess_tck max is 255 */
585 dap->ap[i].memaccess_tck = 255;
586 /* Number of bits for tar autoincrement, impl. dep. at least 10 */
587 dap->ap[i].tar_autoincr_block = (1<<10);
593 * Initialize a DAP. This sets up the power domains, prepares the DP
594 * for further use and activates overrun checking.
596 * @param dap The DAP being initialized.
598 int dap_dp_init(struct adiv5_dap *dap)
603 /* JTAG-DP or SWJ-DP, in JTAG mode
604 * ... for SWD mode this is patched as part
606 * FIXME: This should already be setup by the respective transport specific DAP creation.
609 dap->ops = &jtag_dp_ops;
611 dap->select = DP_SELECT_INVALID;
612 dap->last_read = NULL;
614 for (size_t i = 0; i < 10; i++) {
615 /* DP initialization */
617 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
618 if (retval != ERROR_OK)
621 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, SSTICKYERR);
622 if (retval != ERROR_OK)
625 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
626 if (retval != ERROR_OK)
629 dap->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ;
630 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, dap->dp_ctrl_stat);
631 if (retval != ERROR_OK)
634 /* Check that we have debug power domains activated */
635 LOG_DEBUG("DAP: wait CDBGPWRUPACK");
636 retval = dap_dp_poll_register(dap, DP_CTRL_STAT,
637 CDBGPWRUPACK, CDBGPWRUPACK,
638 DAP_POWER_DOMAIN_TIMEOUT);
639 if (retval != ERROR_OK)
642 LOG_DEBUG("DAP: wait CSYSPWRUPACK");
643 retval = dap_dp_poll_register(dap, DP_CTRL_STAT,
644 CSYSPWRUPACK, CSYSPWRUPACK,
645 DAP_POWER_DOMAIN_TIMEOUT);
646 if (retval != ERROR_OK)
649 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
650 if (retval != ERROR_OK)
653 /* With debug power on we can activate OVERRUN checking */
654 dap->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ | CORUNDETECT;
655 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, dap->dp_ctrl_stat);
656 if (retval != ERROR_OK)
658 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
659 if (retval != ERROR_OK)
662 retval = dap_run(dap);
663 if (retval != ERROR_OK)
673 * Initialize a DAP. This sets up the power domains, prepares the DP
674 * for further use, and arranges to use AP #0 for all AP operations
675 * until dap_ap-select() changes that policy.
677 * @param ap The MEM-AP being initialized.
679 int mem_ap_init(struct adiv5_ap *ap)
681 /* check that we support packed transfers */
684 struct adiv5_dap *dap = ap->dap;
686 retval = mem_ap_setup_transfer(ap, CSW_8BIT | CSW_ADDRINC_PACKED, 0);
687 if (retval != ERROR_OK)
690 retval = dap_queue_ap_read(ap, MEM_AP_REG_CSW, &csw);
691 if (retval != ERROR_OK)
694 retval = dap_queue_ap_read(ap, MEM_AP_REG_CFG, &cfg);
695 if (retval != ERROR_OK)
698 retval = dap_run(dap);
699 if (retval != ERROR_OK)
702 if (csw & CSW_ADDRINC_PACKED)
703 ap->packed_transfers = true;
705 ap->packed_transfers = false;
707 /* Packed transfers on TI BE-32 processors do not work correctly in
709 if (dap->ti_be_32_quirks)
710 ap->packed_transfers = false;
712 LOG_DEBUG("MEM_AP Packed Transfers: %s",
713 ap->packed_transfers ? "enabled" : "disabled");
715 /* The ARM ADI spec leaves implementation-defined whether unaligned
716 * memory accesses work, only work partially, or cause a sticky error.
717 * On TI BE-32 processors, reads seem to return garbage in some bytes
718 * and unaligned writes seem to cause a sticky error.
719 * TODO: it would be nice to have a way to detect whether unaligned
720 * operations are supported on other processors. */
721 ap->unaligned_access_bad = dap->ti_be_32_quirks;
723 LOG_DEBUG("MEM_AP CFG: large data %d, long address %d, big-endian %d",
724 !!(cfg & 0x04), !!(cfg & 0x02), !!(cfg & 0x01));
729 /* CID interpretation -- see ARM IHI 0029B section 3
730 * and ARM IHI 0031A table 13-3.
732 static const char *class_description[16] = {
733 "Reserved", "ROM table", "Reserved", "Reserved",
734 "Reserved", "Reserved", "Reserved", "Reserved",
735 "Reserved", "CoreSight component", "Reserved", "Peripheral Test Block",
736 "Reserved", "OptimoDE DESS",
737 "Generic IP component", "PrimeCell or System component"
740 static bool is_dap_cid_ok(uint32_t cid3, uint32_t cid2, uint32_t cid1, uint32_t cid0)
742 return cid3 == 0xb1 && cid2 == 0x05
743 && ((cid1 & 0x0f) == 0) && cid0 == 0x0d;
747 * This function checks the ID for each access port to find the requested Access Port type
749 int dap_find_ap(struct adiv5_dap *dap, enum ap_type type_to_find, struct adiv5_ap **ap_out)
753 /* Maximum AP number is 255 since the SELECT register is 8 bits */
754 for (ap_num = 0; ap_num <= 255; ap_num++) {
756 /* read the IDR register of the Access Port */
759 int retval = dap_queue_ap_read(dap_ap(dap, ap_num), AP_REG_IDR, &id_val);
760 if (retval != ERROR_OK)
763 retval = dap_run(dap);
767 * 27-24 : JEDEC bank (0x4 for ARM)
768 * 23-17 : JEDEC code (0x3B for ARM)
769 * 16-13 : Class (0b1000=Mem-AP)
771 * 7-4 : AP Variant (non-zero for JTAG-AP)
772 * 3-0 : AP Type (0=JTAG-AP 1=AHB-AP 2=APB-AP 4=AXI-AP)
775 /* Reading register for a non-existant AP should not cause an error,
776 * but just to be sure, try to continue searching if an error does happen.
778 if ((retval == ERROR_OK) && /* Register read success */
779 ((id_val & IDR_JEP106) == IDR_JEP106_ARM) && /* Jedec codes match */
780 ((id_val & IDR_TYPE) == type_to_find)) { /* type matches*/
782 LOG_DEBUG("Found %s at AP index: %d (IDR=0x%08" PRIX32 ")",
783 (type_to_find == AP_TYPE_AHB_AP) ? "AHB-AP" :
784 (type_to_find == AP_TYPE_APB_AP) ? "APB-AP" :
785 (type_to_find == AP_TYPE_AXI_AP) ? "AXI-AP" :
786 (type_to_find == AP_TYPE_JTAG_AP) ? "JTAG-AP" : "Unknown",
789 *ap_out = &dap->ap[ap_num];
794 LOG_DEBUG("No %s found",
795 (type_to_find == AP_TYPE_AHB_AP) ? "AHB-AP" :
796 (type_to_find == AP_TYPE_APB_AP) ? "APB-AP" :
797 (type_to_find == AP_TYPE_AXI_AP) ? "AXI-AP" :
798 (type_to_find == AP_TYPE_JTAG_AP) ? "JTAG-AP" : "Unknown");
802 int dap_get_debugbase(struct adiv5_ap *ap,
803 uint32_t *dbgbase, uint32_t *apid)
805 struct adiv5_dap *dap = ap->dap;
808 retval = dap_queue_ap_read(ap, MEM_AP_REG_BASE, dbgbase);
809 if (retval != ERROR_OK)
811 retval = dap_queue_ap_read(ap, AP_REG_IDR, apid);
812 if (retval != ERROR_OK)
814 retval = dap_run(dap);
815 if (retval != ERROR_OK)
821 int dap_lookup_cs_component(struct adiv5_ap *ap,
822 uint32_t dbgbase, uint8_t type, uint32_t *addr, int32_t *idx)
824 uint32_t romentry, entry_offset = 0, component_base, devtype;
830 retval = mem_ap_read_atomic_u32(ap, (dbgbase&0xFFFFF000) |
831 entry_offset, &romentry);
832 if (retval != ERROR_OK)
835 component_base = (dbgbase & 0xFFFFF000)
836 + (romentry & 0xFFFFF000);
838 if (romentry & 0x1) {
840 retval = mem_ap_read_atomic_u32(ap, component_base | 0xff4, &c_cid1);
841 if (retval != ERROR_OK) {
842 LOG_ERROR("Can't read component with base address 0x%" PRIx32
843 ", the corresponding core might be turned off", component_base);
846 if (((c_cid1 >> 4) & 0x0f) == 1) {
847 retval = dap_lookup_cs_component(ap, component_base,
849 if (retval == ERROR_OK)
851 if (retval != ERROR_TARGET_RESOURCE_NOT_AVAILABLE)
855 retval = mem_ap_read_atomic_u32(ap,
856 (component_base & 0xfffff000) | 0xfcc,
858 if (retval != ERROR_OK)
860 if ((devtype & 0xff) == type) {
862 *addr = component_base;
869 } while (romentry > 0);
872 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
877 static int dap_rom_display(struct command_context *cmd_ctx,
878 struct adiv5_ap *ap, uint32_t dbgbase, int depth)
880 struct adiv5_dap *dap = ap->dap;
882 uint32_t cid0, cid1, cid2, cid3, memtype, romentry;
883 uint16_t entry_offset;
887 command_print(cmd_ctx, "\tTables too deep");
892 snprintf(tabs, sizeof(tabs), "[L%02d] ", depth);
894 /* bit 16 of apid indicates a memory access port */
896 command_print(cmd_ctx, "\t%sValid ROM table present", tabs);
898 command_print(cmd_ctx, "\t%sROM table in legacy format", tabs);
900 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
901 retval = mem_ap_read_u32(ap, (dbgbase&0xFFFFF000) | 0xFF0, &cid0);
902 if (retval != ERROR_OK)
904 retval = mem_ap_read_u32(ap, (dbgbase&0xFFFFF000) | 0xFF4, &cid1);
905 if (retval != ERROR_OK)
907 retval = mem_ap_read_u32(ap, (dbgbase&0xFFFFF000) | 0xFF8, &cid2);
908 if (retval != ERROR_OK)
910 retval = mem_ap_read_u32(ap, (dbgbase&0xFFFFF000) | 0xFFC, &cid3);
911 if (retval != ERROR_OK)
913 retval = mem_ap_read_u32(ap, (dbgbase&0xFFFFF000) | 0xFCC, &memtype);
914 if (retval != ERROR_OK)
916 retval = dap_run(dap);
917 if (retval != ERROR_OK)
920 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
921 command_print(cmd_ctx, "\t%sCID3 0x%02x"
926 (unsigned)cid3, (unsigned)cid2,
927 (unsigned)cid1, (unsigned)cid0);
929 command_print(cmd_ctx, "\t%sMEMTYPE system memory present on bus", tabs);
931 command_print(cmd_ctx, "\t%sMEMTYPE system memory not present: dedicated debug bus", tabs);
933 /* Now we read ROM table entries from dbgbase&0xFFFFF000) | 0x000 until we get 0x00000000 */
934 for (entry_offset = 0; ; entry_offset += 4) {
935 retval = mem_ap_read_atomic_u32(ap, (dbgbase&0xFFFFF000) | entry_offset, &romentry);
936 if (retval != ERROR_OK)
938 command_print(cmd_ctx, "\t%sROMTABLE[0x%x] = 0x%" PRIx32 "",
939 tabs, entry_offset, romentry);
940 if (romentry & 0x01) {
941 uint32_t c_cid0, c_cid1, c_cid2, c_cid3;
942 uint32_t c_pid0, c_pid1, c_pid2, c_pid3, c_pid4;
943 uint32_t component_base;
945 const char *type, *full;
947 component_base = (dbgbase & 0xFFFFF000) + (romentry & 0xFFFFF000);
949 /* IDs are in last 4K section */
950 retval = mem_ap_read_atomic_u32(ap, component_base + 0xFE0, &c_pid0);
951 if (retval != ERROR_OK) {
952 command_print(cmd_ctx, "\t%s\tCan't read component with base address 0x%" PRIx32
953 ", the corresponding core might be turned off", tabs, component_base);
957 retval = mem_ap_read_atomic_u32(ap, component_base + 0xFE4, &c_pid1);
958 if (retval != ERROR_OK)
961 retval = mem_ap_read_atomic_u32(ap, component_base + 0xFE8, &c_pid2);
962 if (retval != ERROR_OK)
965 retval = mem_ap_read_atomic_u32(ap, component_base + 0xFEC, &c_pid3);
966 if (retval != ERROR_OK)
969 retval = mem_ap_read_atomic_u32(ap, component_base + 0xFD0, &c_pid4);
970 if (retval != ERROR_OK)
974 retval = mem_ap_read_atomic_u32(ap, component_base + 0xFF0, &c_cid0);
975 if (retval != ERROR_OK)
978 retval = mem_ap_read_atomic_u32(ap, component_base + 0xFF4, &c_cid1);
979 if (retval != ERROR_OK)
982 retval = mem_ap_read_atomic_u32(ap, component_base + 0xFF8, &c_cid2);
983 if (retval != ERROR_OK)
986 retval = mem_ap_read_atomic_u32(ap, component_base + 0xFFC, &c_cid3);
987 if (retval != ERROR_OK)
991 command_print(cmd_ctx, "\t\tComponent base address 0x%" PRIx32 ", "
992 "start address 0x%" PRIx32, component_base,
993 /* component may take multiple 4K pages */
994 (uint32_t)(component_base - 0x1000*(c_pid4 >> 4)));
995 command_print(cmd_ctx, "\t\tComponent class is 0x%" PRIx8 ", %s",
996 (uint8_t)((c_cid1 >> 4) & 0xf),
997 /* See ARM IHI 0029B Table 3-3 */
998 class_description[(c_cid1 >> 4) & 0xf]);
1000 /* CoreSight component? */
1001 if (((c_cid1 >> 4) & 0x0f) == 9) {
1004 const char *major = "Reserved", *subtype = "Reserved";
1006 retval = mem_ap_read_atomic_u32(ap,
1007 (component_base & 0xfffff000) | 0xfcc,
1009 if (retval != ERROR_OK)
1011 minor = (devtype >> 4) & 0x0f;
1012 switch (devtype & 0x0f) {
1014 major = "Miscellaneous";
1020 subtype = "Validation component";
1025 major = "Trace Sink";
1042 major = "Trace Link";
1048 subtype = "Funnel, router";
1054 subtype = "FIFO, buffer";
1059 major = "Trace Source";
1065 subtype = "Processor";
1071 subtype = "Engine/Coprocessor";
1077 subtype = "Software";
1082 major = "Debug Control";
1088 subtype = "Trigger Matrix";
1091 subtype = "Debug Auth";
1094 subtype = "Power Requestor";
1099 major = "Debug Logic";
1105 subtype = "Processor";
1111 subtype = "Engine/Coprocessor";
1122 major = "Perfomance Monitor";
1128 subtype = "Processor";
1134 subtype = "Engine/Coprocessor";
1145 command_print(cmd_ctx, "\t\tType is 0x%02" PRIx8 ", %s, %s",
1146 (uint8_t)(devtype & 0xff),
1148 /* REVISIT also show 0xfc8 DevId */
1151 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
1152 command_print(cmd_ctx,
1161 command_print(cmd_ctx,
1162 "\t\tPeripheral ID[4..0] = hex "
1163 "%02x %02x %02x %02x %02x",
1164 (int)c_pid4, (int)c_pid3, (int)c_pid2,
1165 (int)c_pid1, (int)c_pid0);
1167 /* Part number interpretations are from Cortex
1168 * core specs, the CoreSight components TRM
1169 * (ARM DDI 0314H), CoreSight System Design
1170 * Guide (ARM DGI 0012D) and ETM specs; also
1171 * from chip observation (e.g. TI SDTI).
1173 part_num = (c_pid0 & 0xff);
1174 part_num |= (c_pid1 & 0x0f) << 8;
1177 type = "Cortex-M3 NVIC";
1178 full = "(Interrupt Controller)";
1181 type = "Cortex-M3 ITM";
1182 full = "(Instrumentation Trace Module)";
1185 type = "Cortex-M3 DWT";
1186 full = "(Data Watchpoint and Trace)";
1189 type = "Cortex-M3 FBP";
1190 full = "(Flash Patch and Breakpoint)";
1193 type = "Cortex-M0 SCS";
1194 full = "(System Control Space)";
1197 type = "Cortex-M0 DWT";
1198 full = "(Data Watchpoint and Trace)";
1201 type = "Cortex-M0 BPU";
1202 full = "(Breakpoint Unit)";
1205 type = "Cortex-M4 SCS";
1206 full = "(System Control Space)";
1209 type = "CoreSight ETM11";
1210 full = "(Embedded Trace)";
1212 /* case 0x113: what? */
1213 case 0x120: /* from OMAP3 memmap */
1215 full = "(System Debug Trace Interface)";
1217 case 0x343: /* from OMAP3 memmap */
1222 type = "Coresight CTI";
1223 full = "(Cross Trigger)";
1226 type = "Coresight ETB";
1227 full = "(Trace Buffer)";
1230 type = "Coresight CSTF";
1231 full = "(Trace Funnel)";
1234 type = "CoreSight ETM9";
1235 full = "(Embedded Trace)";
1238 type = "Coresight TPIU";
1239 full = "(Trace Port Interface Unit)";
1242 type = "Coresight ITM";
1243 full = "(Instrumentation Trace Macrocell)";
1246 type = "Coresight SWO";
1247 full = "(Single Wire Output)";
1250 type = "Coresight HTM";
1251 full = "(AHB Trace Macrocell)";
1254 type = "CoreSight ETM11";
1255 full = "(Embedded Trace)";
1258 type = "Cortex-A8 ETM";
1259 full = "(Embedded Trace)";
1262 type = "Cortex-A8 CTI";
1263 full = "(Cross Trigger)";
1266 type = "Cortex-M3 TPIU";
1267 full = "(Trace Port Interface Unit)";
1270 type = "Cortex-M3 ETM";
1271 full = "(Embedded Trace)";
1274 type = "Cortex-M4 ETM";
1275 full = "(Embedded Trace)";
1278 type = "Cortex-R4 ETM";
1279 full = "(Embedded Trace)";
1282 type = "CoreSight Component";
1283 full = "(unidentified Cortex-A9 component)";
1286 type = "CoreSight TMC";
1287 full = "(Trace Memory Controller)";
1290 type = "CoreSight STM";
1291 full = "(System Trace Macrocell)";
1294 type = "CoreSight PMU";
1295 full = "(Performance Monitoring Unit)";
1298 type = "Cortex-M4 TPUI";
1299 full = "(Trace Port Interface Unit)";
1302 type = "Cortex-A5 ETM";
1303 full = "(Embedded Trace)";
1306 type = "Cortex-A5 Debug";
1307 full = "(Debug Unit)";
1310 type = "Cortex-A8 Debug";
1311 full = "(Debug Unit)";
1314 type = "Cortex-A9 Debug";
1315 full = "(Debug Unit)";
1318 type = "Cortex-A15 Debug";
1319 full = "(Debug Unit)";
1322 LOG_DEBUG("Unrecognized Part number 0x%" PRIx32, part_num);
1323 type = "-*- unrecognized -*-";
1327 command_print(cmd_ctx, "\t\tPart is %s %s",
1331 if (((c_cid1 >> 4) & 0x0f) == 1) {
1332 retval = dap_rom_display(cmd_ctx, ap, component_base, depth + 1);
1333 if (retval != ERROR_OK)
1338 command_print(cmd_ctx, "\t\tComponent not present");
1343 command_print(cmd_ctx, "\t%s\tEnd of ROM table", tabs);
1347 static int dap_info_command(struct command_context *cmd_ctx,
1348 struct adiv5_ap *ap)
1351 uint32_t dbgbase, apid;
1352 int romtable_present = 0;
1355 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
1356 retval = dap_get_debugbase(ap, &dbgbase, &apid);
1357 if (retval != ERROR_OK)
1360 command_print(cmd_ctx, "AP ID register 0x%8.8" PRIx32, apid);
1362 command_print(cmd_ctx, "No AP found at this ap 0x%x", ap->ap_num);
1366 switch (apid & (IDR_JEP106 | IDR_TYPE)) {
1367 case IDR_JEP106_ARM | AP_TYPE_JTAG_AP:
1368 command_print(cmd_ctx, "\tType is JTAG-AP");
1370 case IDR_JEP106_ARM | AP_TYPE_AHB_AP:
1371 command_print(cmd_ctx, "\tType is MEM-AP AHB");
1373 case IDR_JEP106_ARM | AP_TYPE_APB_AP:
1374 command_print(cmd_ctx, "\tType is MEM-AP APB");
1376 case IDR_JEP106_ARM | AP_TYPE_AXI_AP:
1377 command_print(cmd_ctx, "\tType is MEM-AP AXI");
1380 command_print(cmd_ctx, "\tUnknown AP type");
1384 /* NOTE: a MEM-AP may have a single CoreSight component that's
1385 * not a ROM table ... or have no such components at all.
1387 mem_ap = (apid & IDR_CLASS) == AP_CLASS_MEM_AP;
1389 command_print(cmd_ctx, "MEM-AP BASE 0x%8.8" PRIx32, dbgbase);
1391 romtable_present = dbgbase != 0xFFFFFFFF;
1392 if (romtable_present)
1393 dap_rom_display(cmd_ctx, ap, dbgbase, 0);
1395 command_print(cmd_ctx, "\tNo ROM table present");
1401 COMMAND_HANDLER(handle_dap_info_command)
1403 struct target *target = get_current_target(CMD_CTX);
1404 struct arm *arm = target_to_arm(target);
1405 struct adiv5_dap *dap = arm->dap;
1413 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1415 return ERROR_COMMAND_SYNTAX_ERROR;
1418 return ERROR_COMMAND_SYNTAX_ERROR;
1421 return dap_info_command(CMD_CTX, &dap->ap[apsel]);
1424 COMMAND_HANDLER(dap_baseaddr_command)
1426 struct target *target = get_current_target(CMD_CTX);
1427 struct arm *arm = target_to_arm(target);
1428 struct adiv5_dap *dap = arm->dap;
1430 uint32_t apsel, baseaddr;
1438 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1439 /* AP address is in bits 31:24 of DP_SELECT */
1441 return ERROR_COMMAND_SYNTAX_ERROR;
1444 return ERROR_COMMAND_SYNTAX_ERROR;
1447 /* NOTE: assumes we're talking to a MEM-AP, which
1448 * has a base address. There are other kinds of AP,
1449 * though they're not common for now. This should
1450 * use the ID register to verify it's a MEM-AP.
1452 retval = dap_queue_ap_read(dap_ap(dap, apsel), MEM_AP_REG_BASE, &baseaddr);
1453 if (retval != ERROR_OK)
1455 retval = dap_run(dap);
1456 if (retval != ERROR_OK)
1459 command_print(CMD_CTX, "0x%8.8" PRIx32, baseaddr);
1464 COMMAND_HANDLER(dap_memaccess_command)
1466 struct target *target = get_current_target(CMD_CTX);
1467 struct arm *arm = target_to_arm(target);
1468 struct adiv5_dap *dap = arm->dap;
1470 uint32_t memaccess_tck;
1474 memaccess_tck = dap->ap[dap->apsel].memaccess_tck;
1477 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], memaccess_tck);
1480 return ERROR_COMMAND_SYNTAX_ERROR;
1482 dap->ap[dap->apsel].memaccess_tck = memaccess_tck;
1484 command_print(CMD_CTX, "memory bus access delay set to %" PRIi32 " tck",
1485 dap->ap[dap->apsel].memaccess_tck);
1490 COMMAND_HANDLER(dap_apsel_command)
1492 struct target *target = get_current_target(CMD_CTX);
1493 struct arm *arm = target_to_arm(target);
1494 struct adiv5_dap *dap = arm->dap;
1496 uint32_t apsel, apid;
1504 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1505 /* AP address is in bits 31:24 of DP_SELECT */
1507 return ERROR_COMMAND_SYNTAX_ERROR;
1510 return ERROR_COMMAND_SYNTAX_ERROR;
1515 retval = dap_queue_ap_read(dap_ap(dap, apsel), AP_REG_IDR, &apid);
1516 if (retval != ERROR_OK)
1518 retval = dap_run(dap);
1519 if (retval != ERROR_OK)
1522 command_print(CMD_CTX, "ap %" PRIi32 " selected, identification register 0x%8.8" PRIx32,
1528 COMMAND_HANDLER(dap_apcsw_command)
1530 struct target *target = get_current_target(CMD_CTX);
1531 struct arm *arm = target_to_arm(target);
1532 struct adiv5_dap *dap = arm->dap;
1534 uint32_t apcsw = dap->ap[dap->apsel].csw_default, sprot = 0;
1538 command_print(CMD_CTX, "apsel %" PRIi32 " selected, csw 0x%8.8" PRIx32,
1539 (dap->apsel), apcsw);
1542 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], sprot);
1543 /* AP address is in bits 31:24 of DP_SELECT */
1545 return ERROR_COMMAND_SYNTAX_ERROR;
1549 apcsw &= ~CSW_SPROT;
1552 return ERROR_COMMAND_SYNTAX_ERROR;
1554 dap->ap[dap->apsel].csw_default = apcsw;
1561 COMMAND_HANDLER(dap_apid_command)
1563 struct target *target = get_current_target(CMD_CTX);
1564 struct arm *arm = target_to_arm(target);
1565 struct adiv5_dap *dap = arm->dap;
1567 uint32_t apsel, apid;
1575 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1576 /* AP address is in bits 31:24 of DP_SELECT */
1578 return ERROR_COMMAND_SYNTAX_ERROR;
1581 return ERROR_COMMAND_SYNTAX_ERROR;
1584 retval = dap_queue_ap_read(dap_ap(dap, apsel), AP_REG_IDR, &apid);
1585 if (retval != ERROR_OK)
1587 retval = dap_run(dap);
1588 if (retval != ERROR_OK)
1591 command_print(CMD_CTX, "0x%8.8" PRIx32, apid);
1596 COMMAND_HANDLER(dap_ti_be_32_quirks_command)
1598 struct target *target = get_current_target(CMD_CTX);
1599 struct arm *arm = target_to_arm(target);
1600 struct adiv5_dap *dap = arm->dap;
1602 uint32_t enable = dap->ti_be_32_quirks;
1608 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], enable);
1610 return ERROR_COMMAND_SYNTAX_ERROR;
1613 return ERROR_COMMAND_SYNTAX_ERROR;
1615 dap->ti_be_32_quirks = enable;
1616 command_print(CMD_CTX, "TI BE-32 quirks mode %s",
1617 enable ? "enabled" : "disabled");
1622 static const struct command_registration dap_commands[] = {
1625 .handler = handle_dap_info_command,
1626 .mode = COMMAND_EXEC,
1627 .help = "display ROM table for MEM-AP "
1628 "(default currently selected AP)",
1629 .usage = "[ap_num]",
1633 .handler = dap_apsel_command,
1634 .mode = COMMAND_EXEC,
1635 .help = "Set the currently selected AP (default 0) "
1636 "and display the result",
1637 .usage = "[ap_num]",
1641 .handler = dap_apcsw_command,
1642 .mode = COMMAND_EXEC,
1643 .help = "Set csw access bit ",
1649 .handler = dap_apid_command,
1650 .mode = COMMAND_EXEC,
1651 .help = "return ID register from AP "
1652 "(default currently selected AP)",
1653 .usage = "[ap_num]",
1657 .handler = dap_baseaddr_command,
1658 .mode = COMMAND_EXEC,
1659 .help = "return debug base address from MEM-AP "
1660 "(default currently selected AP)",
1661 .usage = "[ap_num]",
1664 .name = "memaccess",
1665 .handler = dap_memaccess_command,
1666 .mode = COMMAND_EXEC,
1667 .help = "set/get number of extra tck for MEM-AP memory "
1668 "bus access [0-255]",
1669 .usage = "[cycles]",
1672 .name = "ti_be_32_quirks",
1673 .handler = dap_ti_be_32_quirks_command,
1674 .mode = COMMAND_CONFIG,
1675 .help = "set/get quirks mode for TI TMS450/TMS570 processors",
1676 .usage = "[enable]",
1678 COMMAND_REGISTRATION_DONE
1681 const struct command_registration dap_command_handlers[] = {
1684 .mode = COMMAND_EXEC,
1685 .help = "DAP command group",
1687 .chain = dap_commands,
1689 COMMAND_REGISTRATION_DONE