1 /***************************************************************************
2 * Copyright (C) 2006 by Magnus Lundin *
5 * Copyright (C) 2008 by Spencer Oliver *
6 * spen@spen-soft.co.uk *
8 * Copyright (C) 2009-2010 by Oyvind Harboe *
9 * oyvind.harboe@zylin.com *
11 * Copyright (C) 2009-2010 by David Brownell *
13 * Copyright (C) 2013 by Andreas Fritiofson *
14 * andreas.fritiofson@gmail.com *
16 * Copyright (C) 2019-2021, Ampere Computing LLC *
18 * This program is free software; you can redistribute it and/or modify *
19 * it under the terms of the GNU General Public License as published by *
20 * the Free Software Foundation; either version 2 of the License, or *
21 * (at your option) any later version. *
23 * This program is distributed in the hope that it will be useful, *
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
26 * GNU General Public License for more details. *
28 * You should have received a copy of the GNU General Public License *
29 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
30 ***************************************************************************/
34 * This file implements support for the ARM Debug Interface version 5 (ADIv5)
35 * debugging architecture. Compared with previous versions, this includes
36 * a low pin-count Serial Wire Debug (SWD) alternative to JTAG for message
37 * transport, and focuses on memory mapped resources as defined by the
38 * CoreSight architecture.
40 * A key concept in ADIv5 is the Debug Access Port, or DAP. A DAP has two
41 * basic components: a Debug Port (DP) transporting messages to and from a
42 * debugger, and an Access Port (AP) accessing resources. Three types of DP
43 * are defined. One uses only JTAG for communication, and is called JTAG-DP.
44 * One uses only SWD for communication, and is called SW-DP. The third can
45 * use either SWD or JTAG, and is called SWJ-DP. The most common type of AP
46 * is used to access memory mapped resources and is called a MEM-AP. Also a
47 * JTAG-AP is also defined, bridging to JTAG resources; those are uncommon.
49 * This programming interface allows DAP pipelined operations through a
50 * transaction queue. This primarily affects AP operations (such as using
51 * a MEM-AP to access memory or registers). If the current transaction has
52 * not finished by the time the next one must begin, and the ORUNDETECT bit
53 * is set in the DP_CTRL_STAT register, the SSTICKYORUN status is set and
54 * further AP operations will fail. There are two basic methods to avoid
55 * such overrun errors. One involves polling for status instead of using
56 * transaction pipelining. The other involves adding delays to ensure the
57 * AP has enough time to complete one operation before starting the next
58 * one. (For JTAG these delays are controlled by memaccess_tck.)
62 * Relevant specifications from ARM include:
64 * ARM(tm) Debug Interface v5 Architecture Specification ARM IHI 0031E
65 * CoreSight(tm) v1.0 Architecture Specification ARM IHI 0029B
67 * CoreSight(tm) DAP-Lite TRM, ARM DDI 0316D
68 * Cortex-M3(tm) TRM, ARM DDI 0337G
75 #include "jtag/interface.h"
77 #include "arm_adi_v5.h"
79 #include "transport/transport.h"
80 #include <helper/jep106.h>
81 #include <helper/time_support.h>
82 #include <helper/list.h>
83 #include <helper/jim-nvp.h>
85 /* ARM ADI Specification requires at least 10 bits used for TAR autoincrement */
88 uint32_t tar_block_size(uint32_t address)
89 Return the largest block starting at address that does not cross a tar block size alignment boundary
91 static uint32_t max_tar_block_size(uint32_t tar_autoincr_block, target_addr_t address)
93 return tar_autoincr_block - ((tar_autoincr_block - 1) & address);
96 /***************************************************************************
98 * DP and MEM-AP register access through APACC and DPACC *
100 ***************************************************************************/
102 static int mem_ap_setup_csw(struct adiv5_ap *ap, uint32_t csw)
104 csw |= ap->csw_default;
106 if (csw != ap->csw_value) {
107 /* LOG_DEBUG("DAP: Set CSW %x",csw); */
108 int retval = dap_queue_ap_write(ap, MEM_AP_REG_CSW, csw);
109 if (retval != ERROR_OK) {
118 static int mem_ap_setup_tar(struct adiv5_ap *ap, target_addr_t tar)
120 if (!ap->tar_valid || tar != ap->tar_value) {
121 /* LOG_DEBUG("DAP: Set TAR %x",tar); */
122 int retval = dap_queue_ap_write(ap, MEM_AP_REG_TAR, (uint32_t)(tar & 0xffffffffUL));
123 if (retval == ERROR_OK && is_64bit_ap(ap)) {
124 /* See if bits 63:32 of tar is different from last setting */
125 if ((ap->tar_value >> 32) != (tar >> 32))
126 retval = dap_queue_ap_write(ap, MEM_AP_REG_TAR64, (uint32_t)(tar >> 32));
128 if (retval != ERROR_OK) {
129 ap->tar_valid = false;
133 ap->tar_valid = true;
138 static int mem_ap_read_tar(struct adiv5_ap *ap, target_addr_t *tar)
143 int retval = dap_queue_ap_read(ap, MEM_AP_REG_TAR, &lower);
144 if (retval == ERROR_OK && is_64bit_ap(ap))
145 retval = dap_queue_ap_read(ap, MEM_AP_REG_TAR64, &upper);
147 if (retval != ERROR_OK) {
148 ap->tar_valid = false;
152 retval = dap_run(ap->dap);
153 if (retval != ERROR_OK) {
154 ap->tar_valid = false;
158 *tar = (((target_addr_t)upper) << 32) | (target_addr_t)lower;
160 ap->tar_value = *tar;
161 ap->tar_valid = true;
165 static uint32_t mem_ap_get_tar_increment(struct adiv5_ap *ap)
167 switch (ap->csw_value & CSW_ADDRINC_MASK) {
168 case CSW_ADDRINC_SINGLE:
169 switch (ap->csw_value & CSW_SIZE_MASK) {
179 case CSW_ADDRINC_PACKED:
185 /* mem_ap_update_tar_cache is called after an access to MEM_AP_REG_DRW
187 static void mem_ap_update_tar_cache(struct adiv5_ap *ap)
192 uint32_t inc = mem_ap_get_tar_increment(ap);
193 if (inc >= max_tar_block_size(ap->tar_autoincr_block, ap->tar_value))
194 ap->tar_valid = false;
196 ap->tar_value += inc;
200 * Queue transactions setting up transfer parameters for the
201 * currently selected MEM-AP.
203 * Subsequent transfers using registers like MEM_AP_REG_DRW or MEM_AP_REG_BD2
204 * initiate data reads or writes using memory or peripheral addresses.
205 * If the CSW is configured for it, the TAR may be automatically
206 * incremented after each transfer.
208 * @param ap The MEM-AP.
209 * @param csw MEM-AP Control/Status Word (CSW) register to assign. If this
210 * matches the cached value, the register is not changed.
211 * @param tar MEM-AP Transfer Address Register (TAR) to assign. If this
212 * matches the cached address, the register is not changed.
214 * @return ERROR_OK if the transaction was properly queued, else a fault code.
216 static int mem_ap_setup_transfer(struct adiv5_ap *ap, uint32_t csw, target_addr_t tar)
219 retval = mem_ap_setup_csw(ap, csw);
220 if (retval != ERROR_OK)
222 retval = mem_ap_setup_tar(ap, tar);
223 if (retval != ERROR_OK)
229 * Asynchronous (queued) read of a word from memory or a system register.
231 * @param ap The MEM-AP to access.
232 * @param address Address of the 32-bit word to read; it must be
233 * readable by the currently selected MEM-AP.
234 * @param value points to where the word will be stored when the
235 * transaction queue is flushed (assuming no errors).
237 * @return ERROR_OK for success. Otherwise a fault code.
239 int mem_ap_read_u32(struct adiv5_ap *ap, target_addr_t address,
244 /* Use banked addressing (REG_BDx) to avoid some link traffic
245 * (updating TAR) when reading several consecutive addresses.
247 retval = mem_ap_setup_transfer(ap,
248 CSW_32BIT | (ap->csw_value & CSW_ADDRINC_MASK),
249 address & 0xFFFFFFFFFFFFFFF0ull);
250 if (retval != ERROR_OK)
253 return dap_queue_ap_read(ap, MEM_AP_REG_BD0 | (address & 0xC), value);
257 * Synchronous read of a word from memory or a system register.
258 * As a side effect, this flushes any queued transactions.
260 * @param ap The MEM-AP to access.
261 * @param address Address of the 32-bit word to read; it must be
262 * readable by the currently selected MEM-AP.
263 * @param value points to where the result will be stored.
265 * @return ERROR_OK for success; *value holds the result.
266 * Otherwise a fault code.
268 int mem_ap_read_atomic_u32(struct adiv5_ap *ap, target_addr_t address,
273 retval = mem_ap_read_u32(ap, address, value);
274 if (retval != ERROR_OK)
277 return dap_run(ap->dap);
281 * Asynchronous (queued) write of a word to memory or a system register.
283 * @param ap The MEM-AP to access.
284 * @param address Address to be written; it must be writable by
285 * the currently selected MEM-AP.
286 * @param value Word that will be written to the address when transaction
287 * queue is flushed (assuming no errors).
289 * @return ERROR_OK for success. Otherwise a fault code.
291 int mem_ap_write_u32(struct adiv5_ap *ap, target_addr_t address,
296 /* Use banked addressing (REG_BDx) to avoid some link traffic
297 * (updating TAR) when writing several consecutive addresses.
299 retval = mem_ap_setup_transfer(ap,
300 CSW_32BIT | (ap->csw_value & CSW_ADDRINC_MASK),
301 address & 0xFFFFFFFFFFFFFFF0ull);
302 if (retval != ERROR_OK)
305 return dap_queue_ap_write(ap, MEM_AP_REG_BD0 | (address & 0xC),
310 * Synchronous write of a word to memory or a system register.
311 * As a side effect, this flushes any queued transactions.
313 * @param ap The MEM-AP to access.
314 * @param address Address to be written; it must be writable by
315 * the currently selected MEM-AP.
316 * @param value Word that will be written.
318 * @return ERROR_OK for success; the data was written. Otherwise a fault code.
320 int mem_ap_write_atomic_u32(struct adiv5_ap *ap, target_addr_t address,
323 int retval = mem_ap_write_u32(ap, address, value);
325 if (retval != ERROR_OK)
328 return dap_run(ap->dap);
332 * Synchronous write of a block of memory, using a specific access size.
334 * @param ap The MEM-AP to access.
335 * @param buffer The data buffer to write. No particular alignment is assumed.
336 * @param size Which access size to use, in bytes. 1, 2 or 4.
337 * @param count The number of writes to do (in size units, not bytes).
338 * @param address Address to be written; it must be writable by the currently selected MEM-AP.
339 * @param addrinc Whether the target address should be increased for each write or not. This
340 * should normally be true, except when writing to e.g. a FIFO.
341 * @return ERROR_OK on success, otherwise an error code.
343 static int mem_ap_write(struct adiv5_ap *ap, const uint8_t *buffer, uint32_t size, uint32_t count,
344 target_addr_t address, bool addrinc)
346 struct adiv5_dap *dap = ap->dap;
347 size_t nbytes = size * count;
348 const uint32_t csw_addrincr = addrinc ? CSW_ADDRINC_SINGLE : CSW_ADDRINC_OFF;
350 target_addr_t addr_xor;
351 int retval = ERROR_OK;
353 /* TI BE-32 Quirks mode:
354 * Writes on big-endian TMS570 behave very strangely. Observed behavior:
355 * size write address bytes written in order
356 * 4 TAR ^ 0 (val >> 24), (val >> 16), (val >> 8), (val)
357 * 2 TAR ^ 2 (val >> 8), (val)
359 * For example, if you attempt to write a single byte to address 0, the processor
360 * will actually write a byte to address 3.
362 * To make writes of size < 4 work as expected, we xor a value with the address before
363 * setting the TAP, and we set the TAP after every transfer rather then relying on
364 * address increment. */
367 csw_size = CSW_32BIT;
369 } else if (size == 2) {
370 csw_size = CSW_16BIT;
371 addr_xor = dap->ti_be_32_quirks ? 2 : 0;
372 } else if (size == 1) {
374 addr_xor = dap->ti_be_32_quirks ? 3 : 0;
376 return ERROR_TARGET_UNALIGNED_ACCESS;
379 if (ap->unaligned_access_bad && (address % size != 0))
380 return ERROR_TARGET_UNALIGNED_ACCESS;
383 uint32_t this_size = size;
385 /* Select packed transfer if possible */
386 if (addrinc && ap->packed_transfers && nbytes >= 4
387 && max_tar_block_size(ap->tar_autoincr_block, address) >= 4) {
389 retval = mem_ap_setup_csw(ap, csw_size | CSW_ADDRINC_PACKED);
391 retval = mem_ap_setup_csw(ap, csw_size | csw_addrincr);
394 if (retval != ERROR_OK)
397 retval = mem_ap_setup_tar(ap, address ^ addr_xor);
398 if (retval != ERROR_OK)
401 /* How many source bytes each transfer will consume, and their location in the DRW,
402 * depends on the type of transfer and alignment. See ARM document IHI0031C. */
403 uint32_t outvalue = 0;
404 uint32_t drw_byte_idx = address;
405 if (dap->ti_be_32_quirks) {
408 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (drw_byte_idx++ & 3) ^ addr_xor);
409 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (drw_byte_idx++ & 3) ^ addr_xor);
410 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (drw_byte_idx++ & 3) ^ addr_xor);
411 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (drw_byte_idx & 3) ^ addr_xor);
414 outvalue |= (uint32_t)*buffer++ << 8 * (1 ^ (drw_byte_idx++ & 3) ^ addr_xor);
415 outvalue |= (uint32_t)*buffer++ << 8 * (1 ^ (drw_byte_idx & 3) ^ addr_xor);
418 outvalue |= (uint32_t)*buffer++ << 8 * (0 ^ (drw_byte_idx & 3) ^ addr_xor);
424 outvalue |= (uint32_t)*buffer++ << 8 * (drw_byte_idx++ & 3);
425 outvalue |= (uint32_t)*buffer++ << 8 * (drw_byte_idx++ & 3);
428 outvalue |= (uint32_t)*buffer++ << 8 * (drw_byte_idx++ & 3);
431 outvalue |= (uint32_t)*buffer++ << 8 * (drw_byte_idx & 3);
437 retval = dap_queue_ap_write(ap, MEM_AP_REG_DRW, outvalue);
438 if (retval != ERROR_OK)
441 mem_ap_update_tar_cache(ap);
443 address += this_size;
446 /* REVISIT: Might want to have a queued version of this function that does not run. */
447 if (retval == ERROR_OK)
448 retval = dap_run(dap);
450 if (retval != ERROR_OK) {
452 if (mem_ap_read_tar(ap, &tar) == ERROR_OK)
453 LOG_ERROR("Failed to write memory at " TARGET_ADDR_FMT, tar);
455 LOG_ERROR("Failed to write memory and, additionally, failed to find out where");
462 * Synchronous read of a block of memory, using a specific access size.
464 * @param ap The MEM-AP to access.
465 * @param buffer The data buffer to receive the data. No particular alignment is assumed.
466 * @param size Which access size to use, in bytes. 1, 2 or 4.
467 * @param count The number of reads to do (in size units, not bytes).
468 * @param adr Address to be read; it must be readable by the currently selected MEM-AP.
469 * @param addrinc Whether the target address should be increased after each read or not. This
470 * should normally be true, except when reading from e.g. a FIFO.
471 * @return ERROR_OK on success, otherwise an error code.
473 static int mem_ap_read(struct adiv5_ap *ap, uint8_t *buffer, uint32_t size, uint32_t count,
474 target_addr_t adr, bool addrinc)
476 struct adiv5_dap *dap = ap->dap;
477 size_t nbytes = size * count;
478 const uint32_t csw_addrincr = addrinc ? CSW_ADDRINC_SINGLE : CSW_ADDRINC_OFF;
480 target_addr_t address = adr;
481 int retval = ERROR_OK;
483 /* TI BE-32 Quirks mode:
484 * Reads on big-endian TMS570 behave strangely differently than writes.
485 * They read from the physical address requested, but with DRW byte-reversed.
486 * For example, a byte read from address 0 will place the result in the high bytes of DRW.
487 * Also, packed 8-bit and 16-bit transfers seem to sometimes return garbage in some bytes,
491 csw_size = CSW_32BIT;
493 csw_size = CSW_16BIT;
497 return ERROR_TARGET_UNALIGNED_ACCESS;
499 if (ap->unaligned_access_bad && (adr % size != 0))
500 return ERROR_TARGET_UNALIGNED_ACCESS;
502 /* Allocate buffer to hold the sequence of DRW reads that will be made. This is a significant
503 * over-allocation if packed transfers are going to be used, but determining the real need at
504 * this point would be messy. */
505 uint32_t *read_buf = calloc(count, sizeof(uint32_t));
506 /* Multiplication count * sizeof(uint32_t) may overflow, calloc() is safe */
507 uint32_t *read_ptr = read_buf;
509 LOG_ERROR("Failed to allocate read buffer");
513 /* Queue up all reads. Each read will store the entire DRW word in the read buffer. How many
514 * useful bytes it contains, and their location in the word, depends on the type of transfer
517 uint32_t this_size = size;
519 /* Select packed transfer if possible */
520 if (addrinc && ap->packed_transfers && nbytes >= 4
521 && max_tar_block_size(ap->tar_autoincr_block, address) >= 4) {
523 retval = mem_ap_setup_csw(ap, csw_size | CSW_ADDRINC_PACKED);
525 retval = mem_ap_setup_csw(ap, csw_size | csw_addrincr);
527 if (retval != ERROR_OK)
530 retval = mem_ap_setup_tar(ap, address);
531 if (retval != ERROR_OK)
534 retval = dap_queue_ap_read(ap, MEM_AP_REG_DRW, read_ptr++);
535 if (retval != ERROR_OK)
540 address += this_size;
542 mem_ap_update_tar_cache(ap);
545 if (retval == ERROR_OK)
546 retval = dap_run(dap);
550 nbytes = size * count;
553 /* If something failed, read TAR to find out how much data was successfully read, so we can
554 * at least give the caller what we have. */
555 if (retval != ERROR_OK) {
557 if (mem_ap_read_tar(ap, &tar) == ERROR_OK) {
558 /* TAR is incremented after failed transfer on some devices (eg Cortex-M4) */
559 LOG_ERROR("Failed to read memory at " TARGET_ADDR_FMT, tar);
560 if (nbytes > tar - address)
561 nbytes = tar - address;
563 LOG_ERROR("Failed to read memory and, additionally, failed to find out where");
568 /* Replay loop to populate caller's buffer from the correct word and byte lane */
570 uint32_t this_size = size;
572 if (addrinc && ap->packed_transfers && nbytes >= 4
573 && max_tar_block_size(ap->tar_autoincr_block, address) >= 4) {
577 if (dap->ti_be_32_quirks) {
580 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
581 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
584 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
587 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
592 *buffer++ = *read_ptr >> 8 * (address++ & 3);
593 *buffer++ = *read_ptr >> 8 * (address++ & 3);
596 *buffer++ = *read_ptr >> 8 * (address++ & 3);
599 *buffer++ = *read_ptr >> 8 * (address++ & 3);
611 int mem_ap_read_buf(struct adiv5_ap *ap,
612 uint8_t *buffer, uint32_t size, uint32_t count, target_addr_t address)
614 return mem_ap_read(ap, buffer, size, count, address, true);
617 int mem_ap_write_buf(struct adiv5_ap *ap,
618 const uint8_t *buffer, uint32_t size, uint32_t count, target_addr_t address)
620 return mem_ap_write(ap, buffer, size, count, address, true);
623 int mem_ap_read_buf_noincr(struct adiv5_ap *ap,
624 uint8_t *buffer, uint32_t size, uint32_t count, target_addr_t address)
626 return mem_ap_read(ap, buffer, size, count, address, false);
629 int mem_ap_write_buf_noincr(struct adiv5_ap *ap,
630 const uint8_t *buffer, uint32_t size, uint32_t count, target_addr_t address)
632 return mem_ap_write(ap, buffer, size, count, address, false);
635 /*--------------------------------------------------------------------------*/
638 #define DAP_POWER_DOMAIN_TIMEOUT (10)
640 /*--------------------------------------------------------------------------*/
643 * Invalidate cached DP select and cached TAR and CSW of all APs
645 void dap_invalidate_cache(struct adiv5_dap *dap)
647 dap->select = DP_SELECT_INVALID;
648 dap->last_read = NULL;
651 for (i = 0; i <= 255; i++) {
652 /* force csw and tar write on the next mem-ap access */
653 dap->ap[i].tar_valid = false;
654 dap->ap[i].csw_value = 0;
659 * Initialize a DAP. This sets up the power domains, prepares the DP
660 * for further use and activates overrun checking.
662 * @param dap The DAP being initialized.
664 int dap_dp_init(struct adiv5_dap *dap)
668 LOG_DEBUG("%s", adiv5_dap_name(dap));
670 dap->do_reconnect = false;
671 dap_invalidate_cache(dap);
674 * Early initialize dap->dp_ctrl_stat.
675 * In jtag mode only, if the following queue run (in dap_dp_poll_register)
676 * fails and sets the sticky error, it will trigger the clearing
677 * of the sticky. Without this initialization system and debug power
678 * would be disabled while clearing the sticky error bit.
680 dap->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ;
683 * This write operation clears the sticky error bit in jtag mode only and
684 * is ignored in swd mode. It also powers-up system and debug domains in
685 * both jtag and swd modes, if not done before.
687 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, dap->dp_ctrl_stat | SSTICKYERR);
688 if (retval != ERROR_OK)
691 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
692 if (retval != ERROR_OK)
695 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, dap->dp_ctrl_stat);
696 if (retval != ERROR_OK)
699 /* Check that we have debug power domains activated */
700 LOG_DEBUG("DAP: wait CDBGPWRUPACK");
701 retval = dap_dp_poll_register(dap, DP_CTRL_STAT,
702 CDBGPWRUPACK, CDBGPWRUPACK,
703 DAP_POWER_DOMAIN_TIMEOUT);
704 if (retval != ERROR_OK)
707 if (!dap->ignore_syspwrupack) {
708 LOG_DEBUG("DAP: wait CSYSPWRUPACK");
709 retval = dap_dp_poll_register(dap, DP_CTRL_STAT,
710 CSYSPWRUPACK, CSYSPWRUPACK,
711 DAP_POWER_DOMAIN_TIMEOUT);
712 if (retval != ERROR_OK)
716 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
717 if (retval != ERROR_OK)
720 /* With debug power on we can activate OVERRUN checking */
721 dap->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ | CORUNDETECT;
722 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, dap->dp_ctrl_stat);
723 if (retval != ERROR_OK)
725 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
726 if (retval != ERROR_OK)
729 retval = dap_run(dap);
730 if (retval != ERROR_OK)
737 * Initialize a DAP or do reconnect if DAP is not accessible.
739 * @param dap The DAP being initialized.
741 int dap_dp_init_or_reconnect(struct adiv5_dap *dap)
743 LOG_DEBUG("%s", adiv5_dap_name(dap));
746 * Early initialize dap->dp_ctrl_stat.
747 * In jtag mode only, if the following atomic reads fail and set the
748 * sticky error, it will trigger the clearing of the sticky. Without this
749 * initialization system and debug power would be disabled while clearing
750 * the sticky error bit.
752 dap->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ;
754 dap->do_reconnect = false;
756 dap_dp_read_atomic(dap, DP_CTRL_STAT, NULL);
757 if (dap->do_reconnect) {
758 /* dap connect calls dap_dp_init() after transport dependent initialization */
759 return dap->ops->connect(dap);
761 return dap_dp_init(dap);
766 * Initialize a DAP. This sets up the power domains, prepares the DP
767 * for further use, and arranges to use AP #0 for all AP operations
768 * until dap_ap-select() changes that policy.
770 * @param ap The MEM-AP being initialized.
772 int mem_ap_init(struct adiv5_ap *ap)
774 /* check that we support packed transfers */
777 struct adiv5_dap *dap = ap->dap;
779 /* Set ap->cfg_reg before calling mem_ap_setup_transfer(). */
780 /* mem_ap_setup_transfer() needs to know if the MEM_AP supports LPAE. */
781 retval = dap_queue_ap_read(ap, MEM_AP_REG_CFG, &cfg);
782 if (retval != ERROR_OK)
785 retval = dap_run(dap);
786 if (retval != ERROR_OK)
790 ap->tar_valid = false;
791 ap->csw_value = 0; /* force csw and tar write */
792 retval = mem_ap_setup_transfer(ap, CSW_8BIT | CSW_ADDRINC_PACKED, 0);
793 if (retval != ERROR_OK)
796 retval = dap_queue_ap_read(ap, MEM_AP_REG_CSW, &csw);
797 if (retval != ERROR_OK)
800 retval = dap_run(dap);
801 if (retval != ERROR_OK)
804 if (csw & CSW_ADDRINC_PACKED)
805 ap->packed_transfers = true;
807 ap->packed_transfers = false;
809 /* Packed transfers on TI BE-32 processors do not work correctly in
811 if (dap->ti_be_32_quirks)
812 ap->packed_transfers = false;
814 LOG_DEBUG("MEM_AP Packed Transfers: %s",
815 ap->packed_transfers ? "enabled" : "disabled");
817 /* The ARM ADI spec leaves implementation-defined whether unaligned
818 * memory accesses work, only work partially, or cause a sticky error.
819 * On TI BE-32 processors, reads seem to return garbage in some bytes
820 * and unaligned writes seem to cause a sticky error.
821 * TODO: it would be nice to have a way to detect whether unaligned
822 * operations are supported on other processors. */
823 ap->unaligned_access_bad = dap->ti_be_32_quirks;
825 LOG_DEBUG("MEM_AP CFG: large data %d, long address %d, big-endian %d",
826 !!(cfg & MEM_AP_REG_CFG_LD), !!(cfg & MEM_AP_REG_CFG_LA), !!(cfg & MEM_AP_REG_CFG_BE));
832 * Put the debug link into SWD mode, if the target supports it.
833 * The link's initial mode may be either JTAG (for example,
834 * with SWJ-DP after reset) or SWD.
836 * Note that targets using the JTAG-DP do not support SWD, and that
837 * some targets which could otherwise support it may have been
838 * configured to disable SWD signaling
840 * @param dap The DAP used
841 * @return ERROR_OK or else a fault code.
843 int dap_to_swd(struct adiv5_dap *dap)
845 LOG_DEBUG("Enter SWD mode");
847 return dap_send_sequence(dap, JTAG_TO_SWD);
851 * Put the debug link into JTAG mode, if the target supports it.
852 * The link's initial mode may be either SWD or JTAG.
854 * Note that targets implemented with SW-DP do not support JTAG, and
855 * that some targets which could otherwise support it may have been
856 * configured to disable JTAG signaling
858 * @param dap The DAP used
859 * @return ERROR_OK or else a fault code.
861 int dap_to_jtag(struct adiv5_dap *dap)
863 LOG_DEBUG("Enter JTAG mode");
865 return dap_send_sequence(dap, SWD_TO_JTAG);
868 /* CID interpretation -- see ARM IHI 0029B section 3
869 * and ARM IHI 0031A table 13-3.
871 static const char *class_description[16] = {
872 "Reserved", "ROM table", "Reserved", "Reserved",
873 "Reserved", "Reserved", "Reserved", "Reserved",
874 "Reserved", "CoreSight component", "Reserved", "Peripheral Test Block",
875 "Reserved", "OptimoDE DESS",
876 "Generic IP component", "PrimeCell or System component"
879 static bool is_dap_cid_ok(uint32_t cid)
881 return (cid & 0xffff0fff) == 0xb105000d;
885 * This function checks the ID for each access port to find the requested Access Port type
887 int dap_find_ap(struct adiv5_dap *dap, enum ap_type type_to_find, struct adiv5_ap **ap_out)
891 /* Maximum AP number is 255 since the SELECT register is 8 bits */
892 for (ap_num = 0; ap_num <= DP_APSEL_MAX; ap_num++) {
894 /* read the IDR register of the Access Port */
897 int retval = dap_queue_ap_read(dap_ap(dap, ap_num), AP_REG_IDR, &id_val);
898 if (retval != ERROR_OK)
901 retval = dap_run(dap);
905 * 27-24 : JEDEC bank (0x4 for ARM)
906 * 23-17 : JEDEC code (0x3B for ARM)
907 * 16-13 : Class (0b1000=Mem-AP)
909 * 7-4 : AP Variant (non-zero for JTAG-AP)
910 * 3-0 : AP Type (0=JTAG-AP 1=AHB-AP 2=APB-AP 4=AXI-AP)
913 /* Reading register for a non-existent AP should not cause an error,
914 * but just to be sure, try to continue searching if an error does happen.
916 if ((retval == ERROR_OK) && /* Register read success */
917 ((id_val & IDR_JEP106) == IDR_JEP106_ARM) && /* Jedec codes match */
918 ((id_val & IDR_TYPE) == type_to_find)) { /* type matches*/
920 LOG_DEBUG("Found %s at AP index: %d (IDR=0x%08" PRIX32 ")",
921 (type_to_find == AP_TYPE_AHB3_AP) ? "AHB3-AP" :
922 (type_to_find == AP_TYPE_AHB5_AP) ? "AHB5-AP" :
923 (type_to_find == AP_TYPE_APB_AP) ? "APB-AP" :
924 (type_to_find == AP_TYPE_AXI_AP) ? "AXI-AP" :
925 (type_to_find == AP_TYPE_JTAG_AP) ? "JTAG-AP" : "Unknown",
928 *ap_out = &dap->ap[ap_num];
933 LOG_DEBUG("No %s found",
934 (type_to_find == AP_TYPE_AHB3_AP) ? "AHB3-AP" :
935 (type_to_find == AP_TYPE_AHB5_AP) ? "AHB5-AP" :
936 (type_to_find == AP_TYPE_APB_AP) ? "APB-AP" :
937 (type_to_find == AP_TYPE_AXI_AP) ? "AXI-AP" :
938 (type_to_find == AP_TYPE_JTAG_AP) ? "JTAG-AP" : "Unknown");
942 int dap_get_debugbase(struct adiv5_ap *ap,
943 target_addr_t *dbgbase, uint32_t *apid)
945 struct adiv5_dap *dap = ap->dap;
947 uint32_t baseptr_upper, baseptr_lower;
951 if (is_64bit_ap(ap)) {
952 /* Read higher order 32-bits of base address */
953 retval = dap_queue_ap_read(ap, MEM_AP_REG_BASE64, &baseptr_upper);
954 if (retval != ERROR_OK)
958 retval = dap_queue_ap_read(ap, MEM_AP_REG_BASE, &baseptr_lower);
959 if (retval != ERROR_OK)
961 retval = dap_queue_ap_read(ap, AP_REG_IDR, apid);
962 if (retval != ERROR_OK)
964 retval = dap_run(dap);
965 if (retval != ERROR_OK)
968 *dbgbase = (((target_addr_t)baseptr_upper) << 32) | baseptr_lower;
973 int dap_lookup_cs_component(struct adiv5_ap *ap,
974 target_addr_t dbgbase, uint8_t type, target_addr_t *addr, int32_t *idx)
976 uint32_t romentry, entry_offset = 0, devtype;
977 target_addr_t component_base;
980 dbgbase &= 0xFFFFFFFFFFFFF000ull;
984 retval = mem_ap_read_atomic_u32(ap, dbgbase |
985 entry_offset, &romentry);
986 if (retval != ERROR_OK)
989 component_base = dbgbase + (target_addr_t)(romentry & 0xFFFFF000);
991 if (romentry & 0x1) {
993 retval = mem_ap_read_atomic_u32(ap, component_base | 0xff4, &c_cid1);
994 if (retval != ERROR_OK) {
995 LOG_ERROR("Can't read component with base address " TARGET_ADDR_FMT
996 ", the corresponding core might be turned off", component_base);
999 if (((c_cid1 >> 4) & 0x0f) == 1) {
1000 retval = dap_lookup_cs_component(ap, component_base,
1002 if (retval == ERROR_OK)
1004 if (retval != ERROR_TARGET_RESOURCE_NOT_AVAILABLE)
1008 retval = mem_ap_read_atomic_u32(ap, component_base | 0xfcc, &devtype);
1009 if (retval != ERROR_OK)
1011 if ((devtype & 0xff) == type) {
1013 *addr = component_base;
1020 } while ((romentry > 0) && (entry_offset < 0xf00));
1023 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1028 static int dap_read_part_id(struct adiv5_ap *ap, target_addr_t component_base, uint32_t *cid, uint64_t *pid)
1030 assert((component_base & 0xFFF) == 0);
1031 assert(ap && cid && pid);
1033 uint32_t cid0, cid1, cid2, cid3;
1034 uint32_t pid0, pid1, pid2, pid3, pid4;
1037 /* IDs are in last 4K section */
1038 retval = mem_ap_read_u32(ap, component_base + 0xFE0, &pid0);
1039 if (retval != ERROR_OK)
1041 retval = mem_ap_read_u32(ap, component_base + 0xFE4, &pid1);
1042 if (retval != ERROR_OK)
1044 retval = mem_ap_read_u32(ap, component_base + 0xFE8, &pid2);
1045 if (retval != ERROR_OK)
1047 retval = mem_ap_read_u32(ap, component_base + 0xFEC, &pid3);
1048 if (retval != ERROR_OK)
1050 retval = mem_ap_read_u32(ap, component_base + 0xFD0, &pid4);
1051 if (retval != ERROR_OK)
1053 retval = mem_ap_read_u32(ap, component_base + 0xFF0, &cid0);
1054 if (retval != ERROR_OK)
1056 retval = mem_ap_read_u32(ap, component_base + 0xFF4, &cid1);
1057 if (retval != ERROR_OK)
1059 retval = mem_ap_read_u32(ap, component_base + 0xFF8, &cid2);
1060 if (retval != ERROR_OK)
1062 retval = mem_ap_read_u32(ap, component_base + 0xFFC, &cid3);
1063 if (retval != ERROR_OK)
1066 retval = dap_run(ap->dap);
1067 if (retval != ERROR_OK)
1070 *cid = (cid3 & 0xff) << 24
1071 | (cid2 & 0xff) << 16
1072 | (cid1 & 0xff) << 8
1074 *pid = (uint64_t)(pid4 & 0xff) << 32
1075 | (pid3 & 0xff) << 24
1076 | (pid2 & 0xff) << 16
1077 | (pid1 & 0xff) << 8
1083 /* The designer identity code is encoded as:
1084 * bits 11:8 : JEP106 Bank (number of continuation codes), only valid when bit 7 is 1.
1085 * bit 7 : Set when bits 6:0 represent a JEP106 ID and cleared when bits 6:0 represent
1086 * a legacy ASCII Identity Code.
1087 * bits 6:0 : JEP106 Identity Code (without parity) or legacy ASCII code according to bit 7.
1088 * JEP106 is a standard available from jedec.org
1091 /* Part number interpretations are from Cortex
1092 * core specs, the CoreSight components TRM
1093 * (ARM DDI 0314H), CoreSight System Design
1094 * Guide (ARM DGI 0012D) and ETM specs; also
1095 * from chip observation (e.g. TI SDTI).
1098 /* The legacy code only used the part number field to identify CoreSight peripherals.
1099 * This meant that the same part number from two different manufacturers looked the same.
1100 * It is desirable for all future additions to identify with both part number and JEP106.
1101 * "ANY_ID" is a wildcard (any JEP106) only to preserve legacy behavior for legacy entries.
1104 #define ANY_ID 0x1000
1106 #define ARM_ID 0x4BB
1108 static const struct {
1109 uint16_t designer_id;
1113 } dap_partnums[] = {
1114 { ARM_ID, 0x000, "Cortex-M3 SCS", "(System Control Space)", },
1115 { ARM_ID, 0x001, "Cortex-M3 ITM", "(Instrumentation Trace Module)", },
1116 { ARM_ID, 0x002, "Cortex-M3 DWT", "(Data Watchpoint and Trace)", },
1117 { ARM_ID, 0x003, "Cortex-M3 FPB", "(Flash Patch and Breakpoint)", },
1118 { ARM_ID, 0x008, "Cortex-M0 SCS", "(System Control Space)", },
1119 { ARM_ID, 0x00a, "Cortex-M0 DWT", "(Data Watchpoint and Trace)", },
1120 { ARM_ID, 0x00b, "Cortex-M0 BPU", "(Breakpoint Unit)", },
1121 { ARM_ID, 0x00c, "Cortex-M4 SCS", "(System Control Space)", },
1122 { ARM_ID, 0x00d, "CoreSight ETM11", "(Embedded Trace)", },
1123 { ARM_ID, 0x00e, "Cortex-M7 FPB", "(Flash Patch and Breakpoint)", },
1124 { ARM_ID, 0x470, "Cortex-M1 ROM", "(ROM Table)", },
1125 { ARM_ID, 0x471, "Cortex-M0 ROM", "(ROM Table)", },
1126 { ARM_ID, 0x490, "Cortex-A15 GIC", "(Generic Interrupt Controller)", },
1127 { ARM_ID, 0x4a1, "Cortex-A53 ROM", "(v8 Memory Map ROM Table)", },
1128 { ARM_ID, 0x4a2, "Cortex-A57 ROM", "(ROM Table)", },
1129 { ARM_ID, 0x4a3, "Cortex-A53 ROM", "(v7 Memory Map ROM Table)", },
1130 { ARM_ID, 0x4a4, "Cortex-A72 ROM", "(ROM Table)", },
1131 { ARM_ID, 0x4a9, "Cortex-A9 ROM", "(ROM Table)", },
1132 { ARM_ID, 0x4aa, "Cortex-A35 ROM", "(v8 Memory Map ROM Table)", },
1133 { ARM_ID, 0x4af, "Cortex-A15 ROM", "(ROM Table)", },
1134 { ARM_ID, 0x4b5, "Cortex-R5 ROM", "(ROM Table)", },
1135 { ARM_ID, 0x4c0, "Cortex-M0+ ROM", "(ROM Table)", },
1136 { ARM_ID, 0x4c3, "Cortex-M3 ROM", "(ROM Table)", },
1137 { ARM_ID, 0x4c4, "Cortex-M4 ROM", "(ROM Table)", },
1138 { ARM_ID, 0x4c7, "Cortex-M7 PPB ROM", "(Private Peripheral Bus ROM Table)", },
1139 { ARM_ID, 0x4c8, "Cortex-M7 ROM", "(ROM Table)", },
1140 { ARM_ID, 0x4e0, "Cortex-A35 ROM", "(v7 Memory Map ROM Table)", },
1141 { ARM_ID, 0x906, "CoreSight CTI", "(Cross Trigger)", },
1142 { ARM_ID, 0x907, "CoreSight ETB", "(Trace Buffer)", },
1143 { ARM_ID, 0x908, "CoreSight CSTF", "(Trace Funnel)", },
1144 { ARM_ID, 0x909, "CoreSight ATBR", "(Advanced Trace Bus Replicator)", },
1145 { ARM_ID, 0x910, "CoreSight ETM9", "(Embedded Trace)", },
1146 { ARM_ID, 0x912, "CoreSight TPIU", "(Trace Port Interface Unit)", },
1147 { ARM_ID, 0x913, "CoreSight ITM", "(Instrumentation Trace Macrocell)", },
1148 { ARM_ID, 0x914, "CoreSight SWO", "(Single Wire Output)", },
1149 { ARM_ID, 0x917, "CoreSight HTM", "(AHB Trace Macrocell)", },
1150 { ARM_ID, 0x920, "CoreSight ETM11", "(Embedded Trace)", },
1151 { ARM_ID, 0x921, "Cortex-A8 ETM", "(Embedded Trace)", },
1152 { ARM_ID, 0x922, "Cortex-A8 CTI", "(Cross Trigger)", },
1153 { ARM_ID, 0x923, "Cortex-M3 TPIU", "(Trace Port Interface Unit)", },
1154 { ARM_ID, 0x924, "Cortex-M3 ETM", "(Embedded Trace)", },
1155 { ARM_ID, 0x925, "Cortex-M4 ETM", "(Embedded Trace)", },
1156 { ARM_ID, 0x930, "Cortex-R4 ETM", "(Embedded Trace)", },
1157 { ARM_ID, 0x931, "Cortex-R5 ETM", "(Embedded Trace)", },
1158 { ARM_ID, 0x932, "CoreSight MTB-M0+", "(Micro Trace Buffer)", },
1159 { ARM_ID, 0x941, "CoreSight TPIU-Lite", "(Trace Port Interface Unit)", },
1160 { ARM_ID, 0x950, "Cortex-A9 PTM", "(Program Trace Macrocell)", },
1161 { ARM_ID, 0x955, "Cortex-A5 ETM", "(Embedded Trace)", },
1162 { ARM_ID, 0x95a, "Cortex-A72 ETM", "(Embedded Trace)", },
1163 { ARM_ID, 0x95b, "Cortex-A17 PTM", "(Program Trace Macrocell)", },
1164 { ARM_ID, 0x95d, "Cortex-A53 ETM", "(Embedded Trace)", },
1165 { ARM_ID, 0x95e, "Cortex-A57 ETM", "(Embedded Trace)", },
1166 { ARM_ID, 0x95f, "Cortex-A15 PTM", "(Program Trace Macrocell)", },
1167 { ARM_ID, 0x961, "CoreSight TMC", "(Trace Memory Controller)", },
1168 { ARM_ID, 0x962, "CoreSight STM", "(System Trace Macrocell)", },
1169 { ARM_ID, 0x975, "Cortex-M7 ETM", "(Embedded Trace)", },
1170 { ARM_ID, 0x9a0, "CoreSight PMU", "(Performance Monitoring Unit)", },
1171 { ARM_ID, 0x9a1, "Cortex-M4 TPIU", "(Trace Port Interface Unit)", },
1172 { ARM_ID, 0x9a4, "CoreSight GPR", "(Granular Power Requester)", },
1173 { ARM_ID, 0x9a5, "Cortex-A5 PMU", "(Performance Monitor Unit)", },
1174 { ARM_ID, 0x9a7, "Cortex-A7 PMU", "(Performance Monitor Unit)", },
1175 { ARM_ID, 0x9a8, "Cortex-A53 CTI", "(Cross Trigger)", },
1176 { ARM_ID, 0x9a9, "Cortex-M7 TPIU", "(Trace Port Interface Unit)", },
1177 { ARM_ID, 0x9ae, "Cortex-A17 PMU", "(Performance Monitor Unit)", },
1178 { ARM_ID, 0x9af, "Cortex-A15 PMU", "(Performance Monitor Unit)", },
1179 { ARM_ID, 0x9b7, "Cortex-R7 PMU", "(Performance Monitor Unit)", },
1180 { ARM_ID, 0x9d3, "Cortex-A53 PMU", "(Performance Monitor Unit)", },
1181 { ARM_ID, 0x9d7, "Cortex-A57 PMU", "(Performance Monitor Unit)", },
1182 { ARM_ID, 0x9d8, "Cortex-A72 PMU", "(Performance Monitor Unit)", },
1183 { ARM_ID, 0x9da, "Cortex-A35 PMU/CTI/ETM", "(Performance Monitor Unit/Cross Trigger/ETM)", },
1184 { ARM_ID, 0xc05, "Cortex-A5 Debug", "(Debug Unit)", },
1185 { ARM_ID, 0xc07, "Cortex-A7 Debug", "(Debug Unit)", },
1186 { ARM_ID, 0xc08, "Cortex-A8 Debug", "(Debug Unit)", },
1187 { ARM_ID, 0xc09, "Cortex-A9 Debug", "(Debug Unit)", },
1188 { ARM_ID, 0xc0e, "Cortex-A17 Debug", "(Debug Unit)", },
1189 { ARM_ID, 0xc0f, "Cortex-A15 Debug", "(Debug Unit)", },
1190 { ARM_ID, 0xc14, "Cortex-R4 Debug", "(Debug Unit)", },
1191 { ARM_ID, 0xc15, "Cortex-R5 Debug", "(Debug Unit)", },
1192 { ARM_ID, 0xc17, "Cortex-R7 Debug", "(Debug Unit)", },
1193 { ARM_ID, 0xd03, "Cortex-A53 Debug", "(Debug Unit)", },
1194 { ARM_ID, 0xd04, "Cortex-A35 Debug", "(Debug Unit)", },
1195 { ARM_ID, 0xd07, "Cortex-A57 Debug", "(Debug Unit)", },
1196 { ARM_ID, 0xd08, "Cortex-A72 Debug", "(Debug Unit)", },
1197 { 0x097, 0x9af, "MSP432 ROM", "(ROM Table)" },
1198 { 0x09f, 0xcd0, "Atmel CPU with DSU", "(CPU)" },
1199 { 0x0c1, 0x1db, "XMC4500 ROM", "(ROM Table)" },
1200 { 0x0c1, 0x1df, "XMC4700/4800 ROM", "(ROM Table)" },
1201 { 0x0c1, 0x1ed, "XMC1000 ROM", "(ROM Table)" },
1202 { 0x0E5, 0x000, "SHARC+/Blackfin+", "", },
1203 { 0x0F0, 0x440, "Qualcomm QDSS Component v1", "(Qualcomm Designed CoreSight Component v1)", },
1204 { 0x1bf, 0x100, "Brahma-B53 Debug", "(Debug Unit)", },
1205 { 0x1bf, 0x9d3, "Brahma-B53 PMU", "(Performance Monitor Unit)", },
1206 { 0x1bf, 0x4a1, "Brahma-B53 ROM", "(ROM Table)", },
1207 { 0x1bf, 0x721, "Brahma-B53 ROM", "(ROM Table)", },
1208 { 0x3eb, 0x181, "Tegra 186 ROM", "(ROM Table)", },
1209 { 0x3eb, 0x202, "Denver ETM", "(Denver Embedded Trace)", },
1210 { 0x3eb, 0x211, "Tegra 210 ROM", "(ROM Table)", },
1211 { 0x3eb, 0x302, "Denver Debug", "(Debug Unit)", },
1212 { 0x3eb, 0x402, "Denver PMU", "(Performance Monitor Unit)", },
1213 /* legacy comment: 0x113: what? */
1214 { ANY_ID, 0x120, "TI SDTI", "(System Debug Trace Interface)", }, /* from OMAP3 memmap */
1215 { ANY_ID, 0x343, "TI DAPCTL", "", }, /* from OMAP3 memmap */
1218 static int dap_rom_display(struct command_invocation *cmd,
1219 struct adiv5_ap *ap, target_addr_t dbgbase, int depth)
1227 command_print(cmd, "\tTables too deep");
1232 snprintf(tabs, sizeof(tabs), "[L%02d] ", depth);
1234 target_addr_t base_addr = dbgbase & 0xFFFFFFFFFFFFF000ull;
1235 command_print(cmd, "\t\tComponent base address " TARGET_ADDR_FMT, base_addr);
1237 retval = dap_read_part_id(ap, base_addr, &cid, &pid);
1238 if (retval != ERROR_OK) {
1239 command_print(cmd, "\t\tCan't read component, the corresponding core might be turned off");
1240 return ERROR_OK; /* Don't abort recursion */
1243 if (!is_dap_cid_ok(cid)) {
1244 command_print(cmd, "\t\tInvalid CID 0x%08" PRIx32, cid);
1245 return ERROR_OK; /* Don't abort recursion */
1248 /* component may take multiple 4K pages */
1249 uint32_t size = (pid >> 36) & 0xf;
1251 command_print(cmd, "\t\tStart address " TARGET_ADDR_FMT, base_addr - 0x1000 * size);
1253 command_print(cmd, "\t\tPeripheral ID 0x%010" PRIx64, pid);
1255 uint8_t class = (cid >> 12) & 0xf;
1256 uint16_t part_num = pid & 0xfff;
1257 uint16_t designer_id = ((pid >> 32) & 0xf) << 8 | ((pid >> 12) & 0xff);
1259 if (designer_id & 0x80) {
1261 command_print(cmd, "\t\tDesigner is 0x%03" PRIx16 ", %s",
1262 designer_id, jep106_manufacturer(designer_id >> 8, designer_id & 0x7f));
1264 /* Legacy ASCII ID, clear invalid bits */
1265 designer_id &= 0x7f;
1266 command_print(cmd, "\t\tDesigner ASCII code 0x%02" PRIx16 ", %s",
1267 designer_id, designer_id == 0x41 ? "ARM" : "<unknown>");
1270 /* default values to be overwritten upon finding a match */
1271 const char *type = "Unrecognized";
1272 const char *full = "";
1274 /* search dap_partnums[] array for a match */
1275 for (unsigned entry = 0; entry < ARRAY_SIZE(dap_partnums); entry++) {
1277 if ((dap_partnums[entry].designer_id != designer_id) && (dap_partnums[entry].designer_id != ANY_ID))
1280 if (dap_partnums[entry].part_num != part_num)
1283 type = dap_partnums[entry].type;
1284 full = dap_partnums[entry].full;
1288 command_print(cmd, "\t\tPart is 0x%" PRIx16", %s %s", part_num, type, full);
1289 command_print(cmd, "\t\tComponent class is 0x%" PRIx8 ", %s", class, class_description[class]);
1291 if (class == 1) { /* ROM Table */
1293 retval = mem_ap_read_atomic_u32(ap, base_addr | 0xFCC, &memtype);
1294 if (retval != ERROR_OK)
1298 command_print(cmd, "\t\tMEMTYPE system memory present on bus");
1300 command_print(cmd, "\t\tMEMTYPE system memory not present: dedicated debug bus");
1302 /* Read ROM table entries from base address until we get 0x00000000 or reach the reserved area */
1303 for (uint16_t entry_offset = 0; entry_offset < 0xF00; entry_offset += 4) {
1305 retval = mem_ap_read_atomic_u32(ap, base_addr | entry_offset, &romentry);
1306 if (retval != ERROR_OK)
1308 command_print(cmd, "\t%sROMTABLE[0x%x] = 0x%" PRIx32 "",
1309 tabs, entry_offset, romentry);
1310 if (romentry & 0x01) {
1312 retval = dap_rom_display(cmd, ap, base_addr + (romentry & 0xFFFFF000), depth + 1);
1313 if (retval != ERROR_OK)
1315 } else if (romentry != 0) {
1316 command_print(cmd, "\t\tComponent not present");
1318 command_print(cmd, "\t%s\tEnd of ROM table", tabs);
1322 } else if (class == 9) { /* CoreSight component */
1323 const char *major = "Reserved", *subtype = "Reserved";
1326 retval = mem_ap_read_atomic_u32(ap, base_addr | 0xFCC, &devtype);
1327 if (retval != ERROR_OK)
1329 unsigned minor = (devtype >> 4) & 0x0f;
1330 switch (devtype & 0x0f) {
1332 major = "Miscellaneous";
1338 subtype = "Validation component";
1343 major = "Trace Sink";
1360 major = "Trace Link";
1366 subtype = "Funnel, router";
1372 subtype = "FIFO, buffer";
1377 major = "Trace Source";
1383 subtype = "Processor";
1389 subtype = "Engine/Coprocessor";
1395 subtype = "Software";
1400 major = "Debug Control";
1406 subtype = "Trigger Matrix";
1409 subtype = "Debug Auth";
1412 subtype = "Power Requestor";
1417 major = "Debug Logic";
1423 subtype = "Processor";
1429 subtype = "Engine/Coprocessor";
1440 major = "Performance Monitor";
1446 subtype = "Processor";
1452 subtype = "Engine/Coprocessor";
1463 command_print(cmd, "\t\tType is 0x%02" PRIx8 ", %s, %s",
1464 (uint8_t)(devtype & 0xff),
1466 /* REVISIT also show 0xfc8 DevId */
1472 int dap_info_command(struct command_invocation *cmd,
1473 struct adiv5_ap *ap)
1477 target_addr_t dbgbase;
1478 target_addr_t dbgaddr;
1481 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
1482 retval = dap_get_debugbase(ap, &dbgbase, &apid);
1483 if (retval != ERROR_OK)
1486 command_print(cmd, "AP ID register 0x%8.8" PRIx32, apid);
1488 command_print(cmd, "No AP found at this ap 0x%x", ap->ap_num);
1492 switch (apid & (IDR_JEP106 | IDR_TYPE)) {
1493 case IDR_JEP106_ARM | AP_TYPE_JTAG_AP:
1494 command_print(cmd, "\tType is JTAG-AP");
1496 case IDR_JEP106_ARM | AP_TYPE_AHB3_AP:
1497 command_print(cmd, "\tType is MEM-AP AHB3");
1499 case IDR_JEP106_ARM | AP_TYPE_AHB5_AP:
1500 command_print(cmd, "\tType is MEM-AP AHB5");
1502 case IDR_JEP106_ARM | AP_TYPE_APB_AP:
1503 command_print(cmd, "\tType is MEM-AP APB");
1505 case IDR_JEP106_ARM | AP_TYPE_AXI_AP:
1506 command_print(cmd, "\tType is MEM-AP AXI");
1509 command_print(cmd, "\tUnknown AP type");
1513 /* NOTE: a MEM-AP may have a single CoreSight component that's
1514 * not a ROM table ... or have no such components at all.
1516 mem_ap = (apid & IDR_CLASS) == AP_CLASS_MEM_AP;
1518 if (is_64bit_ap(ap))
1519 dbgaddr = 0xFFFFFFFFFFFFFFFFull;
1521 dbgaddr = 0xFFFFFFFFul;
1523 command_print(cmd, "MEM-AP BASE " TARGET_ADDR_FMT, dbgbase);
1525 if (dbgbase == dbgaddr || (dbgbase & 0x3) == 0x2) {
1526 command_print(cmd, "\tNo ROM table present");
1529 command_print(cmd, "\tValid ROM table present");
1531 command_print(cmd, "\tROM table in legacy format");
1533 dap_rom_display(cmd, ap, dbgbase & 0xFFFFFFFFFFFFF000ull, 0);
1540 enum adiv5_cfg_param {
1544 CFG_CTIBASE, /* DEPRECATED */
1547 static const struct jim_nvp nvp_config_opts[] = {
1548 { .name = "-dap", .value = CFG_DAP },
1549 { .name = "-ap-num", .value = CFG_AP_NUM },
1550 { .name = "-baseaddr", .value = CFG_BASEADDR },
1551 { .name = "-ctibase", .value = CFG_CTIBASE }, /* DEPRECATED */
1552 { .name = NULL, .value = -1 }
1555 static int adiv5_jim_spot_configure(struct jim_getopt_info *goi,
1556 struct adiv5_dap **dap_p, int *ap_num_p, uint32_t *base_p)
1561 Jim_SetEmptyResult(goi->interp);
1564 int e = jim_nvp_name2value_obj(goi->interp, nvp_config_opts,
1567 return JIM_CONTINUE;
1569 /* base_p can be NULL, then '-baseaddr' option is treated as unknown */
1570 if (!base_p && (n->value == CFG_BASEADDR || n->value == CFG_CTIBASE))
1571 return JIM_CONTINUE;
1573 e = jim_getopt_obj(goi, NULL);
1579 if (goi->isconfigure) {
1581 struct adiv5_dap *dap;
1582 e = jim_getopt_obj(goi, &o_t);
1585 dap = dap_instance_by_jim_obj(goi->interp, o_t);
1587 Jim_SetResultString(goi->interp, "DAP name invalid!", -1);
1590 if (*dap_p && *dap_p != dap) {
1591 Jim_SetResultString(goi->interp,
1592 "DAP assignment cannot be changed!", -1);
1600 Jim_SetResultString(goi->interp, "DAP not configured", -1);
1603 Jim_SetResultString(goi->interp, adiv5_dap_name(*dap_p), -1);
1608 if (goi->isconfigure) {
1610 e = jim_getopt_wide(goi, &ap_num);
1613 if (ap_num < 0 || ap_num > DP_APSEL_MAX) {
1614 Jim_SetResultString(goi->interp, "Invalid AP number!", -1);
1621 if (*ap_num_p == DP_APSEL_INVALID) {
1622 Jim_SetResultString(goi->interp, "AP number not configured", -1);
1625 Jim_SetResult(goi->interp, Jim_NewIntObj(goi->interp, *ap_num_p));
1630 LOG_WARNING("DEPRECATED! use \'-baseaddr' not \'-ctibase\'");
1633 if (goi->isconfigure) {
1635 e = jim_getopt_wide(goi, &base);
1638 *base_p = (uint32_t)base;
1642 Jim_SetResult(goi->interp, Jim_NewIntObj(goi->interp, *base_p));
1650 Jim_WrongNumArgs(goi->interp, goi->argc, goi->argv, "NO PARAMS");
1654 int adiv5_jim_configure(struct target *target, struct jim_getopt_info *goi)
1656 struct adiv5_private_config *pc;
1659 pc = (struct adiv5_private_config *)target->private_config;
1661 pc = calloc(1, sizeof(struct adiv5_private_config));
1662 pc->ap_num = DP_APSEL_INVALID;
1663 target->private_config = pc;
1666 target->has_dap = true;
1668 e = adiv5_jim_spot_configure(goi, &pc->dap, &pc->ap_num, NULL);
1672 if (pc->dap && !target->dap_configured) {
1673 if (target->tap_configured) {
1675 Jim_SetResultString(goi->interp,
1676 "-chain-position and -dap configparams are mutually exclusive!", -1);
1679 target->tap = pc->dap->tap;
1680 target->dap_configured = true;
1686 int adiv5_verify_config(struct adiv5_private_config *pc)
1697 int adiv5_jim_mem_ap_spot_configure(struct adiv5_mem_ap_spot *cfg,
1698 struct jim_getopt_info *goi)
1700 return adiv5_jim_spot_configure(goi, &cfg->dap, &cfg->ap_num, &cfg->base);
1703 int adiv5_mem_ap_spot_init(struct adiv5_mem_ap_spot *p)
1706 p->ap_num = DP_APSEL_INVALID;
1711 COMMAND_HANDLER(handle_dap_info_command)
1713 struct adiv5_dap *dap = adiv5_get_dap(CMD_DATA);
1721 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1722 if (apsel > DP_APSEL_MAX) {
1723 command_print(CMD, "Invalid AP number");
1724 return ERROR_COMMAND_ARGUMENT_INVALID;
1728 return ERROR_COMMAND_SYNTAX_ERROR;
1731 return dap_info_command(CMD, &dap->ap[apsel]);
1734 COMMAND_HANDLER(dap_baseaddr_command)
1736 struct adiv5_dap *dap = adiv5_get_dap(CMD_DATA);
1737 uint32_t apsel, baseaddr_lower, baseaddr_upper;
1738 struct adiv5_ap *ap;
1739 target_addr_t baseaddr;
1749 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1750 /* AP address is in bits 31:24 of DP_SELECT */
1751 if (apsel > DP_APSEL_MAX) {
1752 command_print(CMD, "Invalid AP number");
1753 return ERROR_COMMAND_ARGUMENT_INVALID;
1757 return ERROR_COMMAND_SYNTAX_ERROR;
1760 /* NOTE: assumes we're talking to a MEM-AP, which
1761 * has a base address. There are other kinds of AP,
1762 * though they're not common for now. This should
1763 * use the ID register to verify it's a MEM-AP.
1766 ap = dap_ap(dap, apsel);
1767 retval = dap_queue_ap_read(ap, MEM_AP_REG_BASE, &baseaddr_lower);
1769 if (is_64bit_ap(ap) && retval == ERROR_OK)
1770 retval = dap_queue_ap_read(ap, MEM_AP_REG_BASE64, &baseaddr_upper);
1771 if (retval != ERROR_OK)
1773 retval = dap_run(dap);
1774 if (retval != ERROR_OK)
1776 if (is_64bit_ap(ap)) {
1777 baseaddr = (((target_addr_t)baseaddr_upper) << 32) | baseaddr_lower;
1778 command_print(CMD, "0x%016" PRIx64, baseaddr);
1780 command_print(CMD, "0x%08" PRIx32, baseaddr_lower);
1785 COMMAND_HANDLER(dap_memaccess_command)
1787 struct adiv5_dap *dap = adiv5_get_dap(CMD_DATA);
1788 uint32_t memaccess_tck;
1792 memaccess_tck = dap->ap[dap->apsel].memaccess_tck;
1795 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], memaccess_tck);
1798 return ERROR_COMMAND_SYNTAX_ERROR;
1800 dap->ap[dap->apsel].memaccess_tck = memaccess_tck;
1802 command_print(CMD, "memory bus access delay set to %" PRIu32 " tck",
1803 dap->ap[dap->apsel].memaccess_tck);
1808 COMMAND_HANDLER(dap_apsel_command)
1810 struct adiv5_dap *dap = adiv5_get_dap(CMD_DATA);
1815 command_print(CMD, "%" PRIu32, dap->apsel);
1818 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1819 /* AP address is in bits 31:24 of DP_SELECT */
1820 if (apsel > DP_APSEL_MAX) {
1821 command_print(CMD, "Invalid AP number");
1822 return ERROR_COMMAND_ARGUMENT_INVALID;
1826 return ERROR_COMMAND_SYNTAX_ERROR;
1833 COMMAND_HANDLER(dap_apcsw_command)
1835 struct adiv5_dap *dap = adiv5_get_dap(CMD_DATA);
1836 uint32_t apcsw = dap->ap[dap->apsel].csw_default;
1837 uint32_t csw_val, csw_mask;
1841 command_print(CMD, "ap %" PRIu32 " selected, csw 0x%8.8" PRIx32,
1845 if (strcmp(CMD_ARGV[0], "default") == 0)
1846 csw_val = CSW_AHB_DEFAULT;
1848 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], csw_val);
1850 if (csw_val & (CSW_SIZE_MASK | CSW_ADDRINC_MASK)) {
1851 LOG_ERROR("CSW value cannot include 'Size' and 'AddrInc' bit-fields");
1852 return ERROR_COMMAND_ARGUMENT_INVALID;
1857 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], csw_val);
1858 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], csw_mask);
1859 if (csw_mask & (CSW_SIZE_MASK | CSW_ADDRINC_MASK)) {
1860 LOG_ERROR("CSW mask cannot include 'Size' and 'AddrInc' bit-fields");
1861 return ERROR_COMMAND_ARGUMENT_INVALID;
1863 apcsw = (apcsw & ~csw_mask) | (csw_val & csw_mask);
1866 return ERROR_COMMAND_SYNTAX_ERROR;
1868 dap->ap[dap->apsel].csw_default = apcsw;
1875 COMMAND_HANDLER(dap_apid_command)
1877 struct adiv5_dap *dap = adiv5_get_dap(CMD_DATA);
1878 uint32_t apsel, apid;
1886 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1887 /* AP address is in bits 31:24 of DP_SELECT */
1888 if (apsel > DP_APSEL_MAX) {
1889 command_print(CMD, "Invalid AP number");
1890 return ERROR_COMMAND_ARGUMENT_INVALID;
1894 return ERROR_COMMAND_SYNTAX_ERROR;
1897 retval = dap_queue_ap_read(dap_ap(dap, apsel), AP_REG_IDR, &apid);
1898 if (retval != ERROR_OK)
1900 retval = dap_run(dap);
1901 if (retval != ERROR_OK)
1904 command_print(CMD, "0x%8.8" PRIx32, apid);
1909 COMMAND_HANDLER(dap_apreg_command)
1911 struct adiv5_dap *dap = adiv5_get_dap(CMD_DATA);
1912 uint32_t apsel, reg, value;
1913 struct adiv5_ap *ap;
1916 if (CMD_ARGC < 2 || CMD_ARGC > 3)
1917 return ERROR_COMMAND_SYNTAX_ERROR;
1919 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1920 /* AP address is in bits 31:24 of DP_SELECT */
1921 if (apsel > DP_APSEL_MAX) {
1922 command_print(CMD, "Invalid AP number");
1923 return ERROR_COMMAND_ARGUMENT_INVALID;
1926 ap = dap_ap(dap, apsel);
1928 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], reg);
1929 if (reg >= 256 || (reg & 3)) {
1930 command_print(CMD, "Invalid reg value (should be less than 256 and 4 bytes aligned)");
1931 return ERROR_COMMAND_ARGUMENT_INVALID;
1934 if (CMD_ARGC == 3) {
1935 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], value);
1937 case MEM_AP_REG_CSW:
1938 ap->csw_value = 0; /* invalid, in case write fails */
1939 retval = dap_queue_ap_write(ap, reg, value);
1940 if (retval == ERROR_OK)
1941 ap->csw_value = value;
1943 case MEM_AP_REG_TAR:
1944 retval = dap_queue_ap_write(ap, reg, value);
1945 if (retval == ERROR_OK)
1946 ap->tar_value = (ap->tar_value & ~0xFFFFFFFFull) | value;
1948 /* To track independent writes to TAR and TAR64, two tar_valid flags */
1949 /* should be used. To keep it simple, tar_valid is only invalidated on a */
1950 /* write fail. This approach causes a later re-write of the TAR and TAR64 */
1951 /* if tar_valid is false. */
1952 ap->tar_valid = false;
1955 case MEM_AP_REG_TAR64:
1956 retval = dap_queue_ap_write(ap, reg, value);
1957 if (retval == ERROR_OK)
1958 ap->tar_value = (ap->tar_value & 0xFFFFFFFFull) | (((target_addr_t)value) << 32);
1960 /* See above comment for the MEM_AP_REG_TAR failed write case */
1961 ap->tar_valid = false;
1965 retval = dap_queue_ap_write(ap, reg, value);
1969 retval = dap_queue_ap_read(ap, reg, &value);
1971 if (retval == ERROR_OK)
1972 retval = dap_run(dap);
1974 if (retval != ERROR_OK)
1978 command_print(CMD, "0x%08" PRIx32, value);
1983 COMMAND_HANDLER(dap_dpreg_command)
1985 struct adiv5_dap *dap = adiv5_get_dap(CMD_DATA);
1986 uint32_t reg, value;
1989 if (CMD_ARGC < 1 || CMD_ARGC > 2)
1990 return ERROR_COMMAND_SYNTAX_ERROR;
1992 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], reg);
1993 if (reg >= 256 || (reg & 3)) {
1994 command_print(CMD, "Invalid reg value (should be less than 256 and 4 bytes aligned)");
1995 return ERROR_COMMAND_ARGUMENT_INVALID;
1998 if (CMD_ARGC == 2) {
1999 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
2000 retval = dap_queue_dp_write(dap, reg, value);
2002 retval = dap_queue_dp_read(dap, reg, &value);
2004 if (retval == ERROR_OK)
2005 retval = dap_run(dap);
2007 if (retval != ERROR_OK)
2011 command_print(CMD, "0x%08" PRIx32, value);
2016 COMMAND_HANDLER(dap_ti_be_32_quirks_command)
2018 struct adiv5_dap *dap = adiv5_get_dap(CMD_DATA);
2019 return CALL_COMMAND_HANDLER(handle_command_parse_bool, &dap->ti_be_32_quirks,
2020 "TI BE-32 quirks mode");
2023 const struct command_registration dap_instance_commands[] = {
2026 .handler = handle_dap_info_command,
2027 .mode = COMMAND_EXEC,
2028 .help = "display ROM table for MEM-AP "
2029 "(default currently selected AP)",
2030 .usage = "[ap_num]",
2034 .handler = dap_apsel_command,
2035 .mode = COMMAND_ANY,
2036 .help = "Set the currently selected AP (default 0) "
2037 "and display the result",
2038 .usage = "[ap_num]",
2042 .handler = dap_apcsw_command,
2043 .mode = COMMAND_ANY,
2044 .help = "Set CSW default bits",
2045 .usage = "[value [mask]]",
2050 .handler = dap_apid_command,
2051 .mode = COMMAND_EXEC,
2052 .help = "return ID register from AP "
2053 "(default currently selected AP)",
2054 .usage = "[ap_num]",
2058 .handler = dap_apreg_command,
2059 .mode = COMMAND_EXEC,
2060 .help = "read/write a register from AP "
2061 "(reg is byte address of a word register, like 0 4 8...)",
2062 .usage = "ap_num reg [value]",
2066 .handler = dap_dpreg_command,
2067 .mode = COMMAND_EXEC,
2068 .help = "read/write a register from DP "
2069 "(reg is byte address (bank << 4 | reg) of a word register, like 0 4 8...)",
2070 .usage = "reg [value]",
2074 .handler = dap_baseaddr_command,
2075 .mode = COMMAND_EXEC,
2076 .help = "return debug base address from MEM-AP "
2077 "(default currently selected AP)",
2078 .usage = "[ap_num]",
2081 .name = "memaccess",
2082 .handler = dap_memaccess_command,
2083 .mode = COMMAND_EXEC,
2084 .help = "set/get number of extra tck for MEM-AP memory "
2085 "bus access [0-255]",
2086 .usage = "[cycles]",
2089 .name = "ti_be_32_quirks",
2090 .handler = dap_ti_be_32_quirks_command,
2091 .mode = COMMAND_CONFIG,
2092 .help = "set/get quirks mode for TI TMS450/TMS570 processors",
2093 .usage = "[enable]",
2095 COMMAND_REGISTRATION_DONE