1 /***************************************************************************
2 * Copyright (C) 2005, 2007 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * Copyright (C) 2009 Michael Schwingen *
5 * michael@schwingen.org *
6 * Copyright (C) 2010 Øyvind Harboe <oyvind.harboe@zylin.com> *
7 * Copyright (C) 2010 by Antonio Borneo <borneo.antonio@gmail.com> *
9 * This program is free software; you can redistribute it and/or modify *
10 * it under the terms of the GNU General Public License as published by *
11 * the Free Software Foundation; either version 2 of the License, or *
12 * (at your option) any later version. *
14 * This program is distributed in the hope that it will be useful, *
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
17 * GNU General Public License for more details. *
19 * You should have received a copy of the GNU General Public License *
20 * along with this program; if not, write to the *
21 * Free Software Foundation, Inc., *
22 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
23 ***************************************************************************/
32 #include <target/arm.h>
33 #include <target/arm7_9_common.h>
34 #include <target/armv7m.h>
35 #include <target/mips32.h>
36 #include <helper/binarybuffer.h>
37 #include <target/algorithm.h>
39 #define CFI_MAX_BUS_WIDTH 4
40 #define CFI_MAX_CHIP_WIDTH 4
42 /* defines internal maximum size for code fragment in cfi_intel_write_block() */
43 #define CFI_MAX_INTEL_CODESIZE 256
45 /* some id-types with specific handling */
46 #define AT49BV6416 0x00d6
47 #define AT49BV6416T 0x00d2
49 static struct cfi_unlock_addresses cfi_unlock_addresses[] = {
50 [CFI_UNLOCK_555_2AA] = { .unlock1 = 0x555, .unlock2 = 0x2aa },
51 [CFI_UNLOCK_5555_2AAA] = { .unlock1 = 0x5555, .unlock2 = 0x2aaa },
54 /* CFI fixups foward declarations */
55 static void cfi_fixup_0002_erase_regions(struct flash_bank *bank, void *param);
56 static void cfi_fixup_0002_unlock_addresses(struct flash_bank *bank, void *param);
57 static void cfi_fixup_reversed_erase_regions(struct flash_bank *bank, void *param);
58 static void cfi_fixup_0002_write_buffer(struct flash_bank *bank, void *param);
60 /* fixup after reading cmdset 0002 primary query table */
61 static const struct cfi_fixup cfi_0002_fixups[] = {
62 {CFI_MFR_SST, 0x00D4, cfi_fixup_0002_unlock_addresses,
63 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
64 {CFI_MFR_SST, 0x00D5, cfi_fixup_0002_unlock_addresses,
65 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
66 {CFI_MFR_SST, 0x00D6, cfi_fixup_0002_unlock_addresses,
67 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
68 {CFI_MFR_SST, 0x00D7, cfi_fixup_0002_unlock_addresses,
69 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
70 {CFI_MFR_SST, 0x2780, cfi_fixup_0002_unlock_addresses,
71 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
72 {CFI_MFR_SST, 0x274b, cfi_fixup_0002_unlock_addresses,
73 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
74 {CFI_MFR_SST, 0x236d, cfi_fixup_0002_unlock_addresses,
75 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
76 {CFI_MFR_ATMEL, 0x00C8, cfi_fixup_reversed_erase_regions, NULL},
77 {CFI_MFR_ST, 0x22C4, cfi_fixup_reversed_erase_regions, NULL}, /* M29W160ET */
78 {CFI_MFR_FUJITSU, 0x22ea, cfi_fixup_0002_unlock_addresses,
79 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
80 {CFI_MFR_FUJITSU, 0x226b, cfi_fixup_0002_unlock_addresses,
81 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
82 {CFI_MFR_AMIC, 0xb31a, cfi_fixup_0002_unlock_addresses,
83 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
84 {CFI_MFR_MX, 0x225b, cfi_fixup_0002_unlock_addresses,
85 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
86 {CFI_MFR_EON, 0x225b, cfi_fixup_0002_unlock_addresses,
87 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
88 {CFI_MFR_AMD, 0x225b, cfi_fixup_0002_unlock_addresses,
89 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
90 {CFI_MFR_ANY, CFI_ID_ANY, cfi_fixup_0002_erase_regions, NULL},
91 {CFI_MFR_ST, 0x227E, cfi_fixup_0002_write_buffer, NULL},/* M29W128G */
95 /* fixup after reading cmdset 0001 primary query table */
96 static const struct cfi_fixup cfi_0001_fixups[] = {
100 static void cfi_fixup(struct flash_bank *bank, const struct cfi_fixup *fixups)
102 struct cfi_flash_bank *cfi_info = bank->driver_priv;
103 const struct cfi_fixup *f;
105 for (f = fixups; f->fixup; f++) {
106 if (((f->mfr == CFI_MFR_ANY) || (f->mfr == cfi_info->manufacturer)) &&
107 ((f->id == CFI_ID_ANY) || (f->id == cfi_info->device_id)))
108 f->fixup(bank, f->param);
112 /* inline uint32_t flash_address(struct flash_bank *bank, int sector, uint32_t offset) */
113 static inline uint32_t flash_address(struct flash_bank *bank, int sector, uint32_t offset)
115 struct cfi_flash_bank *cfi_info = bank->driver_priv;
117 if (cfi_info->x16_as_x8)
120 /* while the sector list isn't built, only accesses to sector 0 work */
122 return bank->base + offset * bank->bus_width;
124 if (!bank->sectors) {
125 LOG_ERROR("BUG: sector list not yet built");
128 return bank->base + bank->sectors[sector].offset + offset * bank->bus_width;
132 static void cfi_command(struct flash_bank *bank, uint8_t cmd, uint8_t *cmd_buf)
136 /* clear whole buffer, to ensure bits that exceed the bus_width
139 for (i = 0; i < CFI_MAX_BUS_WIDTH; i++)
142 if (bank->target->endianness == TARGET_LITTLE_ENDIAN) {
143 for (i = bank->bus_width; i > 0; i--)
144 *cmd_buf++ = (i & (bank->chip_width - 1)) ? 0x0 : cmd;
146 for (i = 1; i <= bank->bus_width; i++)
147 *cmd_buf++ = (i & (bank->chip_width - 1)) ? 0x0 : cmd;
151 static int cfi_send_command(struct flash_bank *bank, uint8_t cmd, uint32_t address)
153 uint8_t command[CFI_MAX_BUS_WIDTH];
155 cfi_command(bank, cmd, command);
156 return target_write_memory(bank->target, address, bank->bus_width, 1, command);
159 /* read unsigned 8-bit value from the bank
160 * flash banks are expected to be made of similar chips
161 * the query result should be the same for all
163 static int cfi_query_u8(struct flash_bank *bank, int sector, uint32_t offset, uint8_t *val)
165 struct target *target = bank->target;
166 uint8_t data[CFI_MAX_BUS_WIDTH];
169 retval = target_read_memory(target, flash_address(bank, sector, offset),
170 bank->bus_width, 1, data);
171 if (retval != ERROR_OK)
174 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
177 *val = data[bank->bus_width - 1];
182 /* read unsigned 8-bit value from the bank
183 * in case of a bank made of multiple chips,
184 * the individual values are ORed
186 static int cfi_get_u8(struct flash_bank *bank, int sector, uint32_t offset, uint8_t *val)
188 struct target *target = bank->target;
189 uint8_t data[CFI_MAX_BUS_WIDTH];
193 retval = target_read_memory(target, flash_address(bank, sector, offset),
194 bank->bus_width, 1, data);
195 if (retval != ERROR_OK)
198 if (bank->target->endianness == TARGET_LITTLE_ENDIAN) {
199 for (i = 0; i < bank->bus_width / bank->chip_width; i++)
205 for (i = 0; i < bank->bus_width / bank->chip_width; i++)
206 value |= data[bank->bus_width - 1 - i];
213 static int cfi_query_u16(struct flash_bank *bank, int sector, uint32_t offset, uint16_t *val)
215 struct target *target = bank->target;
216 struct cfi_flash_bank *cfi_info = bank->driver_priv;
217 uint8_t data[CFI_MAX_BUS_WIDTH * 2];
220 if (cfi_info->x16_as_x8) {
222 for (i = 0; i < 2; i++) {
223 retval = target_read_memory(target, flash_address(bank, sector, offset + i),
224 bank->bus_width, 1, &data[i * bank->bus_width]);
225 if (retval != ERROR_OK)
229 retval = target_read_memory(target, flash_address(bank, sector, offset),
230 bank->bus_width, 2, data);
231 if (retval != ERROR_OK)
235 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
236 *val = data[0] | data[bank->bus_width] << 8;
238 *val = data[bank->bus_width - 1] | data[(2 * bank->bus_width) - 1] << 8;
243 static int cfi_query_u32(struct flash_bank *bank, int sector, uint32_t offset, uint32_t *val)
245 struct target *target = bank->target;
246 struct cfi_flash_bank *cfi_info = bank->driver_priv;
247 uint8_t data[CFI_MAX_BUS_WIDTH * 4];
250 if (cfi_info->x16_as_x8) {
252 for (i = 0; i < 4; i++) {
253 retval = target_read_memory(target, flash_address(bank, sector, offset + i),
254 bank->bus_width, 1, &data[i * bank->bus_width]);
255 if (retval != ERROR_OK)
259 retval = target_read_memory(target, flash_address(bank, sector, offset),
260 bank->bus_width, 4, data);
261 if (retval != ERROR_OK)
265 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
266 *val = data[0] | data[bank->bus_width] << 8 |
267 data[bank->bus_width * 2] << 16 | data[bank->bus_width * 3] << 24;
269 *val = data[bank->bus_width - 1] | data[(2 * bank->bus_width) - 1] << 8 |
270 data[(3 * bank->bus_width) - 1] << 16 |
271 data[(4 * bank->bus_width) - 1] << 24;
276 static int cfi_reset(struct flash_bank *bank)
278 struct cfi_flash_bank *cfi_info = bank->driver_priv;
279 int retval = ERROR_OK;
281 retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
282 if (retval != ERROR_OK)
285 retval = cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
286 if (retval != ERROR_OK)
289 if (cfi_info->manufacturer == 0x20 &&
290 (cfi_info->device_id == 0x227E || cfi_info->device_id == 0x7E)) {
291 /* Numonix M29W128G is cmd 0xFF intolerant - causes internal undefined state
292 * so we send an extra 0xF0 reset to fix the bug */
293 retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x00));
294 if (retval != ERROR_OK)
301 static void cfi_intel_clear_status_register(struct flash_bank *bank)
303 cfi_send_command(bank, 0x50, flash_address(bank, 0, 0x0));
306 static int cfi_intel_wait_status_busy(struct flash_bank *bank, int timeout, uint8_t *val)
310 int retval = ERROR_OK;
314 LOG_ERROR("timeout while waiting for WSM to become ready");
318 retval = cfi_get_u8(bank, 0, 0x0, &status);
319 if (retval != ERROR_OK)
328 /* mask out bit 0 (reserved) */
329 status = status & 0xfe;
331 LOG_DEBUG("status: 0x%x", status);
333 if (status != 0x80) {
334 LOG_ERROR("status register: 0x%x", status);
336 LOG_ERROR("Block Lock-Bit Detected, Operation Abort");
338 LOG_ERROR("Program suspended");
340 LOG_ERROR("Low Programming Voltage Detected, Operation Aborted");
342 LOG_ERROR("Program Error / Error in Setting Lock-Bit");
344 LOG_ERROR("Error in Block Erasure or Clear Lock-Bits");
346 LOG_ERROR("Block Erase Suspended");
348 cfi_intel_clear_status_register(bank);
357 static int cfi_spansion_wait_status_busy(struct flash_bank *bank, int timeout)
359 uint8_t status, oldstatus;
360 struct cfi_flash_bank *cfi_info = bank->driver_priv;
363 retval = cfi_get_u8(bank, 0, 0x0, &oldstatus);
364 if (retval != ERROR_OK)
368 retval = cfi_get_u8(bank, 0, 0x0, &status);
370 if (retval != ERROR_OK)
373 if ((status ^ oldstatus) & 0x40) {
374 if (status & cfi_info->status_poll_mask & 0x20) {
375 retval = cfi_get_u8(bank, 0, 0x0, &oldstatus);
376 if (retval != ERROR_OK)
378 retval = cfi_get_u8(bank, 0, 0x0, &status);
379 if (retval != ERROR_OK)
381 if ((status ^ oldstatus) & 0x40) {
382 LOG_ERROR("dq5 timeout, status: 0x%x", status);
383 return ERROR_FLASH_OPERATION_FAILED;
385 LOG_DEBUG("status: 0x%x", status);
389 } else {/* no toggle: finished, OK */
390 LOG_DEBUG("status: 0x%x", status);
396 } while (timeout-- > 0);
398 LOG_ERROR("timeout, status: 0x%x", status);
400 return ERROR_FLASH_BUSY;
403 static int cfi_read_intel_pri_ext(struct flash_bank *bank)
406 struct cfi_flash_bank *cfi_info = bank->driver_priv;
407 struct cfi_intel_pri_ext *pri_ext;
409 if (cfi_info->pri_ext)
410 free(cfi_info->pri_ext);
412 pri_ext = malloc(sizeof(struct cfi_intel_pri_ext));
413 if (pri_ext == NULL) {
414 LOG_ERROR("Out of memory");
417 cfi_info->pri_ext = pri_ext;
419 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &pri_ext->pri[0]);
420 if (retval != ERROR_OK)
422 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &pri_ext->pri[1]);
423 if (retval != ERROR_OK)
425 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &pri_ext->pri[2]);
426 if (retval != ERROR_OK)
429 if ((pri_ext->pri[0] != 'P') || (pri_ext->pri[1] != 'R') || (pri_ext->pri[2] != 'I')) {
430 retval = cfi_reset(bank);
431 if (retval != ERROR_OK)
433 LOG_ERROR("Could not read bank flash bank information");
434 return ERROR_FLASH_BANK_INVALID;
437 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &pri_ext->major_version);
438 if (retval != ERROR_OK)
440 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &pri_ext->minor_version);
441 if (retval != ERROR_OK)
444 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", pri_ext->pri[0], pri_ext->pri[1],
445 pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
447 retval = cfi_query_u32(bank, 0, cfi_info->pri_addr + 5, &pri_ext->feature_support);
448 if (retval != ERROR_OK)
450 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 9, &pri_ext->suspend_cmd_support);
451 if (retval != ERROR_OK)
453 retval = cfi_query_u16(bank, 0, cfi_info->pri_addr + 0xa, &pri_ext->blk_status_reg_mask);
454 if (retval != ERROR_OK)
457 LOG_DEBUG("feature_support: 0x%" PRIx32 ", suspend_cmd_support: "
458 "0x%x, blk_status_reg_mask: 0x%x",
459 pri_ext->feature_support,
460 pri_ext->suspend_cmd_support,
461 pri_ext->blk_status_reg_mask);
463 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xc, &pri_ext->vcc_optimal);
464 if (retval != ERROR_OK)
466 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xd, &pri_ext->vpp_optimal);
467 if (retval != ERROR_OK)
470 LOG_DEBUG("Vcc opt: %x.%x, Vpp opt: %u.%x",
471 (pri_ext->vcc_optimal & 0xf0) >> 4, pri_ext->vcc_optimal & 0x0f,
472 (pri_ext->vpp_optimal & 0xf0) >> 4, pri_ext->vpp_optimal & 0x0f);
474 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xe, &pri_ext->num_protection_fields);
475 if (retval != ERROR_OK)
477 if (pri_ext->num_protection_fields != 1) {
478 LOG_WARNING("expected one protection register field, but found %i",
479 pri_ext->num_protection_fields);
482 retval = cfi_query_u16(bank, 0, cfi_info->pri_addr + 0xf, &pri_ext->prot_reg_addr);
483 if (retval != ERROR_OK)
485 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0x11, &pri_ext->fact_prot_reg_size);
486 if (retval != ERROR_OK)
488 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0x12, &pri_ext->user_prot_reg_size);
489 if (retval != ERROR_OK)
492 LOG_DEBUG("protection_fields: %i, prot_reg_addr: 0x%x, "
493 "factory pre-programmed: %i, user programmable: %i",
494 pri_ext->num_protection_fields, pri_ext->prot_reg_addr,
495 1 << pri_ext->fact_prot_reg_size, 1 << pri_ext->user_prot_reg_size);
500 static int cfi_read_spansion_pri_ext(struct flash_bank *bank)
503 struct cfi_flash_bank *cfi_info = bank->driver_priv;
504 struct cfi_spansion_pri_ext *pri_ext;
506 if (cfi_info->pri_ext)
507 free(cfi_info->pri_ext);
509 pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext));
510 if (pri_ext == NULL) {
511 LOG_ERROR("Out of memory");
514 cfi_info->pri_ext = pri_ext;
516 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &pri_ext->pri[0]);
517 if (retval != ERROR_OK)
519 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &pri_ext->pri[1]);
520 if (retval != ERROR_OK)
522 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &pri_ext->pri[2]);
523 if (retval != ERROR_OK)
526 if ((pri_ext->pri[0] != 'P') || (pri_ext->pri[1] != 'R') || (pri_ext->pri[2] != 'I')) {
527 retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
528 if (retval != ERROR_OK)
530 LOG_ERROR("Could not read spansion bank information");
531 return ERROR_FLASH_BANK_INVALID;
534 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &pri_ext->major_version);
535 if (retval != ERROR_OK)
537 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &pri_ext->minor_version);
538 if (retval != ERROR_OK)
541 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", pri_ext->pri[0], pri_ext->pri[1],
542 pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
544 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 5, &pri_ext->SiliconRevision);
545 if (retval != ERROR_OK)
547 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 6, &pri_ext->EraseSuspend);
548 if (retval != ERROR_OK)
550 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 7, &pri_ext->BlkProt);
551 if (retval != ERROR_OK)
553 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 8, &pri_ext->TmpBlkUnprotect);
554 if (retval != ERROR_OK)
556 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 9, &pri_ext->BlkProtUnprot);
557 if (retval != ERROR_OK)
559 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 10, &pri_ext->SimultaneousOps);
560 if (retval != ERROR_OK)
562 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 11, &pri_ext->BurstMode);
563 if (retval != ERROR_OK)
565 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 12, &pri_ext->PageMode);
566 if (retval != ERROR_OK)
568 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 13, &pri_ext->VppMin);
569 if (retval != ERROR_OK)
571 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 14, &pri_ext->VppMax);
572 if (retval != ERROR_OK)
574 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 15, &pri_ext->TopBottom);
575 if (retval != ERROR_OK)
578 LOG_DEBUG("Silicon Revision: 0x%x, Erase Suspend: 0x%x, Block protect: 0x%x",
579 pri_ext->SiliconRevision, pri_ext->EraseSuspend, pri_ext->BlkProt);
581 LOG_DEBUG("Temporary Unprotect: 0x%x, Block Protect Scheme: 0x%x, "
582 "Simultaneous Ops: 0x%x", pri_ext->TmpBlkUnprotect,
583 pri_ext->BlkProtUnprot, pri_ext->SimultaneousOps);
585 LOG_DEBUG("Burst Mode: 0x%x, Page Mode: 0x%x, ", pri_ext->BurstMode, pri_ext->PageMode);
588 LOG_DEBUG("Vpp min: %u.%x, Vpp max: %u.%x",
589 (pri_ext->VppMin & 0xf0) >> 4, pri_ext->VppMin & 0x0f,
590 (pri_ext->VppMax & 0xf0) >> 4, pri_ext->VppMax & 0x0f);
592 LOG_DEBUG("WP# protection 0x%x", pri_ext->TopBottom);
594 /* default values for implementation specific workarounds */
595 pri_ext->_unlock1 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock1;
596 pri_ext->_unlock2 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock2;
597 pri_ext->_reversed_geometry = 0;
602 static int cfi_read_atmel_pri_ext(struct flash_bank *bank)
605 struct cfi_atmel_pri_ext atmel_pri_ext;
606 struct cfi_flash_bank *cfi_info = bank->driver_priv;
607 struct cfi_spansion_pri_ext *pri_ext;
609 if (cfi_info->pri_ext)
610 free(cfi_info->pri_ext);
612 pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext));
613 if (pri_ext == NULL) {
614 LOG_ERROR("Out of memory");
618 /* ATMEL devices use the same CFI primary command set (0x2) as AMD/Spansion,
619 * but a different primary extended query table.
620 * We read the atmel table, and prepare a valid AMD/Spansion query table.
623 memset(pri_ext, 0, sizeof(struct cfi_spansion_pri_ext));
625 cfi_info->pri_ext = pri_ext;
627 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &atmel_pri_ext.pri[0]);
628 if (retval != ERROR_OK)
630 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &atmel_pri_ext.pri[1]);
631 if (retval != ERROR_OK)
633 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &atmel_pri_ext.pri[2]);
634 if (retval != ERROR_OK)
637 if ((atmel_pri_ext.pri[0] != 'P') || (atmel_pri_ext.pri[1] != 'R')
638 || (atmel_pri_ext.pri[2] != 'I')) {
639 retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
640 if (retval != ERROR_OK)
642 LOG_ERROR("Could not read atmel bank information");
643 return ERROR_FLASH_BANK_INVALID;
646 pri_ext->pri[0] = atmel_pri_ext.pri[0];
647 pri_ext->pri[1] = atmel_pri_ext.pri[1];
648 pri_ext->pri[2] = atmel_pri_ext.pri[2];
650 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &atmel_pri_ext.major_version);
651 if (retval != ERROR_OK)
653 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &atmel_pri_ext.minor_version);
654 if (retval != ERROR_OK)
657 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", atmel_pri_ext.pri[0],
658 atmel_pri_ext.pri[1], atmel_pri_ext.pri[2],
659 atmel_pri_ext.major_version, atmel_pri_ext.minor_version);
661 pri_ext->major_version = atmel_pri_ext.major_version;
662 pri_ext->minor_version = atmel_pri_ext.minor_version;
664 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 5, &atmel_pri_ext.features);
665 if (retval != ERROR_OK)
667 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 6, &atmel_pri_ext.bottom_boot);
668 if (retval != ERROR_OK)
670 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 7, &atmel_pri_ext.burst_mode);
671 if (retval != ERROR_OK)
673 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 8, &atmel_pri_ext.page_mode);
674 if (retval != ERROR_OK)
678 "features: 0x%2.2x, bottom_boot: 0x%2.2x, burst_mode: 0x%2.2x, page_mode: 0x%2.2x",
679 atmel_pri_ext.features,
680 atmel_pri_ext.bottom_boot,
681 atmel_pri_ext.burst_mode,
682 atmel_pri_ext.page_mode);
684 if (atmel_pri_ext.features & 0x02)
685 pri_ext->EraseSuspend = 2;
687 /* some chips got it backwards... */
688 if (cfi_info->device_id == AT49BV6416 ||
689 cfi_info->device_id == AT49BV6416T) {
690 if (atmel_pri_ext.bottom_boot)
691 pri_ext->TopBottom = 3;
693 pri_ext->TopBottom = 2;
695 if (atmel_pri_ext.bottom_boot)
696 pri_ext->TopBottom = 2;
698 pri_ext->TopBottom = 3;
701 pri_ext->_unlock1 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock1;
702 pri_ext->_unlock2 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock2;
707 static int cfi_read_0002_pri_ext(struct flash_bank *bank)
709 struct cfi_flash_bank *cfi_info = bank->driver_priv;
711 if (cfi_info->manufacturer == CFI_MFR_ATMEL)
712 return cfi_read_atmel_pri_ext(bank);
714 return cfi_read_spansion_pri_ext(bank);
717 static int cfi_spansion_info(struct flash_bank *bank, char *buf, int buf_size)
720 struct cfi_flash_bank *cfi_info = bank->driver_priv;
721 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
723 printed = snprintf(buf, buf_size, "\nSpansion primary algorithm extend information:\n");
727 printed = snprintf(buf, buf_size, "pri: '%c%c%c', version: %c.%c\n", pri_ext->pri[0],
728 pri_ext->pri[1], pri_ext->pri[2],
729 pri_ext->major_version, pri_ext->minor_version);
733 printed = snprintf(buf, buf_size, "Silicon Rev.: 0x%x, Address Sensitive unlock: 0x%x\n",
734 (pri_ext->SiliconRevision) >> 2,
735 (pri_ext->SiliconRevision) & 0x03);
739 printed = snprintf(buf, buf_size, "Erase Suspend: 0x%x, Sector Protect: 0x%x\n",
740 pri_ext->EraseSuspend,
745 snprintf(buf, buf_size, "VppMin: %u.%x, VppMax: %u.%x\n",
746 (pri_ext->VppMin & 0xf0) >> 4, pri_ext->VppMin & 0x0f,
747 (pri_ext->VppMax & 0xf0) >> 4, pri_ext->VppMax & 0x0f);
752 static int cfi_intel_info(struct flash_bank *bank, char *buf, int buf_size)
755 struct cfi_flash_bank *cfi_info = bank->driver_priv;
756 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
758 printed = snprintf(buf, buf_size, "\nintel primary algorithm extend information:\n");
762 printed = snprintf(buf,
764 "pri: '%c%c%c', version: %c.%c\n",
768 pri_ext->major_version,
769 pri_ext->minor_version);
773 printed = snprintf(buf,
775 "feature_support: 0x%" PRIx32 ", "
776 "suspend_cmd_support: 0x%x, blk_status_reg_mask: 0x%x\n",
777 pri_ext->feature_support,
778 pri_ext->suspend_cmd_support,
779 pri_ext->blk_status_reg_mask);
783 printed = snprintf(buf, buf_size, "Vcc opt: %x.%x, Vpp opt: %u.%x\n",
784 (pri_ext->vcc_optimal & 0xf0) >> 4, pri_ext->vcc_optimal & 0x0f,
785 (pri_ext->vpp_optimal & 0xf0) >> 4, pri_ext->vpp_optimal & 0x0f);
789 snprintf(buf, buf_size, "protection_fields: %i, prot_reg_addr: 0x%x, "
790 "factory pre-programmed: %i, user programmable: %i\n",
791 pri_ext->num_protection_fields, pri_ext->prot_reg_addr,
792 1 << pri_ext->fact_prot_reg_size, 1 << pri_ext->user_prot_reg_size);
797 /* flash_bank cfi <base> <size> <chip_width> <bus_width> <target#> [options]
799 FLASH_BANK_COMMAND_HANDLER(cfi_flash_bank_command)
801 struct cfi_flash_bank *cfi_info;
804 return ERROR_COMMAND_SYNTAX_ERROR;
807 * - not exceed max value;
809 * - be equal to a power of 2.
810 * bus must be wide enought to hold one chip */
811 if ((bank->chip_width > CFI_MAX_CHIP_WIDTH)
812 || (bank->bus_width > CFI_MAX_BUS_WIDTH)
813 || (bank->chip_width == 0)
814 || (bank->bus_width == 0)
815 || (bank->chip_width & (bank->chip_width - 1))
816 || (bank->bus_width & (bank->bus_width - 1))
817 || (bank->chip_width > bank->bus_width)) {
818 LOG_ERROR("chip and bus width have to specified in bytes");
819 return ERROR_FLASH_BANK_INVALID;
822 cfi_info = malloc(sizeof(struct cfi_flash_bank));
823 cfi_info->probed = 0;
824 cfi_info->erase_region_info = NULL;
825 cfi_info->pri_ext = NULL;
826 bank->driver_priv = cfi_info;
828 cfi_info->write_algorithm = NULL;
830 cfi_info->x16_as_x8 = 0;
831 cfi_info->jedec_probe = 0;
832 cfi_info->not_cfi = 0;
834 for (unsigned i = 6; i < CMD_ARGC; i++) {
835 if (strcmp(CMD_ARGV[i], "x16_as_x8") == 0)
836 cfi_info->x16_as_x8 = 1;
837 else if (strcmp(CMD_ARGV[i], "jedec_probe") == 0)
838 cfi_info->jedec_probe = 1;
841 cfi_info->write_algorithm = NULL;
843 /* bank wasn't probed yet */
844 cfi_info->qry[0] = 0xff;
849 static int cfi_intel_erase(struct flash_bank *bank, int first, int last)
852 struct cfi_flash_bank *cfi_info = bank->driver_priv;
855 cfi_intel_clear_status_register(bank);
857 for (i = first; i <= last; i++) {
858 retval = cfi_send_command(bank, 0x20, flash_address(bank, i, 0x0));
859 if (retval != ERROR_OK)
862 retval = cfi_send_command(bank, 0xd0, flash_address(bank, i, 0x0));
863 if (retval != ERROR_OK)
867 retval = cfi_intel_wait_status_busy(bank, cfi_info->block_erase_timeout, &status);
868 if (retval != ERROR_OK)
872 bank->sectors[i].is_erased = 1;
874 retval = cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
875 if (retval != ERROR_OK)
878 LOG_ERROR("couldn't erase block %i of flash bank at base 0x%" PRIx32,
881 return ERROR_FLASH_OPERATION_FAILED;
885 return cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
888 static int cfi_spansion_erase(struct flash_bank *bank, int first, int last)
891 struct cfi_flash_bank *cfi_info = bank->driver_priv;
892 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
895 for (i = first; i <= last; i++) {
896 retval = cfi_send_command(bank, 0xaa, flash_address(bank, 0, pri_ext->_unlock1));
897 if (retval != ERROR_OK)
900 retval = cfi_send_command(bank, 0x55, flash_address(bank, 0, pri_ext->_unlock2));
901 if (retval != ERROR_OK)
904 retval = cfi_send_command(bank, 0x80, flash_address(bank, 0, pri_ext->_unlock1));
905 if (retval != ERROR_OK)
908 retval = cfi_send_command(bank, 0xaa, flash_address(bank, 0, pri_ext->_unlock1));
909 if (retval != ERROR_OK)
912 retval = cfi_send_command(bank, 0x55, flash_address(bank, 0, pri_ext->_unlock2));
913 if (retval != ERROR_OK)
916 retval = cfi_send_command(bank, 0x30, flash_address(bank, i, 0x0));
917 if (retval != ERROR_OK)
920 if (cfi_spansion_wait_status_busy(bank, cfi_info->block_erase_timeout) == ERROR_OK)
921 bank->sectors[i].is_erased = 1;
923 retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
924 if (retval != ERROR_OK)
927 LOG_ERROR("couldn't erase block %i of flash bank at base 0x%"
928 PRIx32, i, bank->base);
929 return ERROR_FLASH_OPERATION_FAILED;
933 return cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
936 static int cfi_erase(struct flash_bank *bank, int first, int last)
938 struct cfi_flash_bank *cfi_info = bank->driver_priv;
940 if (bank->target->state != TARGET_HALTED) {
941 LOG_ERROR("Target not halted");
942 return ERROR_TARGET_NOT_HALTED;
945 if ((first < 0) || (last < first) || (last >= bank->num_sectors))
946 return ERROR_FLASH_SECTOR_INVALID;
948 if (cfi_info->qry[0] != 'Q')
949 return ERROR_FLASH_BANK_NOT_PROBED;
951 switch (cfi_info->pri_id) {
954 return cfi_intel_erase(bank, first, last);
957 return cfi_spansion_erase(bank, first, last);
960 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
967 static int cfi_intel_protect(struct flash_bank *bank, int set, int first, int last)
970 struct cfi_flash_bank *cfi_info = bank->driver_priv;
971 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
975 /* if the device supports neither legacy lock/unlock (bit 3) nor
976 * instant individual block locking (bit 5).
978 if (!(pri_ext->feature_support & 0x28)) {
979 LOG_ERROR("lock/unlock not supported on flash");
980 return ERROR_FLASH_OPERATION_FAILED;
983 cfi_intel_clear_status_register(bank);
985 for (i = first; i <= last; i++) {
986 retval = cfi_send_command(bank, 0x60, flash_address(bank, i, 0x0));
987 if (retval != ERROR_OK)
990 retval = cfi_send_command(bank, 0x01, flash_address(bank, i, 0x0));
991 if (retval != ERROR_OK)
993 bank->sectors[i].is_protected = 1;
995 retval = cfi_send_command(bank, 0xd0, flash_address(bank, i, 0x0));
996 if (retval != ERROR_OK)
998 bank->sectors[i].is_protected = 0;
1001 /* instant individual block locking doesn't require reading of the status register
1003 if (!(pri_ext->feature_support & 0x20)) {
1004 /* Clear lock bits operation may take up to 1.4s */
1006 retval = cfi_intel_wait_status_busy(bank, 1400, &status);
1007 if (retval != ERROR_OK)
1010 uint8_t block_status;
1011 /* read block lock bit, to verify status */
1012 retval = cfi_send_command(bank, 0x90, flash_address(bank, 0, 0x55));
1013 if (retval != ERROR_OK)
1015 retval = cfi_get_u8(bank, i, 0x2, &block_status);
1016 if (retval != ERROR_OK)
1019 if ((block_status & 0x1) != set) {
1021 "couldn't change block lock status (set = %i, block_status = 0x%2.2x)",
1023 retval = cfi_send_command(bank, 0x70, flash_address(bank, 0, 0x55));
1024 if (retval != ERROR_OK)
1027 retval = cfi_intel_wait_status_busy(bank, 10, &status);
1028 if (retval != ERROR_OK)
1032 return ERROR_FLASH_OPERATION_FAILED;
1041 /* if the device doesn't support individual block lock bits set/clear,
1042 * all blocks have been unlocked in parallel, so we set those that should be protected
1044 if ((!set) && (!(pri_ext->feature_support & 0x20))) {
1045 /* FIX!!! this code path is broken!!!
1047 * The correct approach is:
1049 * 1. read out current protection status
1051 * 2. override read out protection status w/unprotected.
1053 * 3. re-protect what should be protected.
1056 for (i = 0; i < bank->num_sectors; i++) {
1057 if (bank->sectors[i].is_protected == 1) {
1058 cfi_intel_clear_status_register(bank);
1060 retval = cfi_send_command(bank, 0x60, flash_address(bank, i, 0x0));
1061 if (retval != ERROR_OK)
1064 retval = cfi_send_command(bank, 0x01, flash_address(bank, i, 0x0));
1065 if (retval != ERROR_OK)
1069 retval = cfi_intel_wait_status_busy(bank, 100, &status);
1070 if (retval != ERROR_OK)
1076 return cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
1079 static int cfi_protect(struct flash_bank *bank, int set, int first, int last)
1081 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1083 if (bank->target->state != TARGET_HALTED) {
1084 LOG_ERROR("Target not halted");
1085 return ERROR_TARGET_NOT_HALTED;
1088 if ((first < 0) || (last < first) || (last >= bank->num_sectors)) {
1089 LOG_ERROR("Invalid sector range");
1090 return ERROR_FLASH_SECTOR_INVALID;
1093 if (cfi_info->qry[0] != 'Q')
1094 return ERROR_FLASH_BANK_NOT_PROBED;
1096 switch (cfi_info->pri_id) {
1099 return cfi_intel_protect(bank, set, first, last);
1102 LOG_WARNING("protect: cfi primary command set %i unsupported", cfi_info->pri_id);
1107 /* Convert code image to target endian
1108 * FIXME create general block conversion fcts in target.c?) */
1109 static void cfi_fix_code_endian(struct target *target, uint8_t *dest,
1110 const uint32_t *src, uint32_t count)
1113 for (i = 0; i < count; i++) {
1114 target_buffer_set_u32(target, dest, *src);
1120 static uint32_t cfi_command_val(struct flash_bank *bank, uint8_t cmd)
1122 struct target *target = bank->target;
1124 uint8_t buf[CFI_MAX_BUS_WIDTH];
1125 cfi_command(bank, cmd, buf);
1126 switch (bank->bus_width) {
1131 return target_buffer_get_u16(target, buf);
1134 return target_buffer_get_u32(target, buf);
1137 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes",
1143 static int cfi_intel_write_block(struct flash_bank *bank, uint8_t *buffer,
1144 uint32_t address, uint32_t count)
1146 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1147 struct target *target = bank->target;
1148 struct reg_param reg_params[7];
1149 struct arm_algorithm arm_algo;
1150 struct working_area *source = NULL;
1151 uint32_t buffer_size = 32768;
1152 uint32_t write_command_val, busy_pattern_val, error_pattern_val;
1154 /* algorithm register usage:
1155 * r0: source address (in RAM)
1156 * r1: target address (in Flash)
1158 * r3: flash write command
1159 * r4: status byte (returned to host)
1160 * r5: busy test pattern
1161 * r6: error test pattern
1164 /* see contib/loaders/flash/armv4_5_cfi_intel_32.s for src */
1165 static const uint32_t word_32_code[] = {
1166 0xe4904004, /* loop: ldr r4, [r0], #4 */
1167 0xe5813000, /* str r3, [r1] */
1168 0xe5814000, /* str r4, [r1] */
1169 0xe5914000, /* busy: ldr r4, [r1] */
1170 0xe0047005, /* and r7, r4, r5 */
1171 0xe1570005, /* cmp r7, r5 */
1172 0x1afffffb, /* bne busy */
1173 0xe1140006, /* tst r4, r6 */
1174 0x1a000003, /* bne done */
1175 0xe2522001, /* subs r2, r2, #1 */
1176 0x0a000001, /* beq done */
1177 0xe2811004, /* add r1, r1 #4 */
1178 0xeafffff2, /* b loop */
1179 0xeafffffe /* done: b -2 */
1182 /* see contib/loaders/flash/armv4_5_cfi_intel_16.s for src */
1183 static const uint32_t word_16_code[] = {
1184 0xe0d040b2, /* loop: ldrh r4, [r0], #2 */
1185 0xe1c130b0, /* strh r3, [r1] */
1186 0xe1c140b0, /* strh r4, [r1] */
1187 0xe1d140b0, /* busy ldrh r4, [r1] */
1188 0xe0047005, /* and r7, r4, r5 */
1189 0xe1570005, /* cmp r7, r5 */
1190 0x1afffffb, /* bne busy */
1191 0xe1140006, /* tst r4, r6 */
1192 0x1a000003, /* bne done */
1193 0xe2522001, /* subs r2, r2, #1 */
1194 0x0a000001, /* beq done */
1195 0xe2811002, /* add r1, r1 #2 */
1196 0xeafffff2, /* b loop */
1197 0xeafffffe /* done: b -2 */
1200 /* see contib/loaders/flash/armv4_5_cfi_intel_8.s for src */
1201 static const uint32_t word_8_code[] = {
1202 0xe4d04001, /* loop: ldrb r4, [r0], #1 */
1203 0xe5c13000, /* strb r3, [r1] */
1204 0xe5c14000, /* strb r4, [r1] */
1205 0xe5d14000, /* busy ldrb r4, [r1] */
1206 0xe0047005, /* and r7, r4, r5 */
1207 0xe1570005, /* cmp r7, r5 */
1208 0x1afffffb, /* bne busy */
1209 0xe1140006, /* tst r4, r6 */
1210 0x1a000003, /* bne done */
1211 0xe2522001, /* subs r2, r2, #1 */
1212 0x0a000001, /* beq done */
1213 0xe2811001, /* add r1, r1 #1 */
1214 0xeafffff2, /* b loop */
1215 0xeafffffe /* done: b -2 */
1217 uint8_t target_code[4*CFI_MAX_INTEL_CODESIZE];
1218 const uint32_t *target_code_src;
1219 uint32_t target_code_size;
1220 int retval = ERROR_OK;
1222 /* check we have a supported arch */
1223 if (is_arm(target_to_arm(target))) {
1224 /* All other ARM CPUs have 32 bit instructions */
1225 arm_algo.common_magic = ARM_COMMON_MAGIC;
1226 arm_algo.core_mode = ARM_MODE_SVC;
1227 arm_algo.core_state = ARM_STATE_ARM;
1229 LOG_ERROR("Unknown architecture");
1233 cfi_intel_clear_status_register(bank);
1235 /* If we are setting up the write_algorith, we need target_code_src
1236 * if not we only need target_code_size. */
1238 /* However, we don't want to create multiple code paths, so we
1239 * do the unecessary evaluation of target_code_src, which the
1240 * compiler will probably nicely optimize away if not needed */
1242 /* prepare algorithm code for target endian */
1243 switch (bank->bus_width) {
1245 target_code_src = word_8_code;
1246 target_code_size = sizeof(word_8_code);
1249 target_code_src = word_16_code;
1250 target_code_size = sizeof(word_16_code);
1253 target_code_src = word_32_code;
1254 target_code_size = sizeof(word_32_code);
1257 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes",
1259 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1262 /* flash write code */
1263 if (!cfi_info->write_algorithm) {
1264 if (target_code_size > sizeof(target_code)) {
1265 LOG_WARNING("Internal error - target code buffer to small. "
1266 "Increase CFI_MAX_INTEL_CODESIZE and recompile.");
1267 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1269 cfi_fix_code_endian(target, target_code, target_code_src, target_code_size / 4);
1271 /* Get memory for block write handler */
1272 retval = target_alloc_working_area(target,
1274 &cfi_info->write_algorithm);
1275 if (retval != ERROR_OK) {
1276 LOG_WARNING("No working area available, can't do block memory writes");
1277 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1281 /* write algorithm code to working area */
1282 retval = target_write_buffer(target, cfi_info->write_algorithm->address,
1283 target_code_size, target_code);
1284 if (retval != ERROR_OK) {
1285 LOG_ERROR("Unable to write block write code to target");
1290 /* Get a workspace buffer for the data to flash starting with 32k size.
1291 Half size until buffer would be smaller 256 Bytem then fail back */
1292 /* FIXME Why 256 bytes, why not 32 bytes (smallest flash write page */
1293 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK) {
1295 if (buffer_size <= 256) {
1297 "no large enough working area available, can't do block memory writes");
1298 retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1304 /* setup algo registers */
1305 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
1306 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
1307 init_reg_param(®_params[2], "r2", 32, PARAM_OUT);
1308 init_reg_param(®_params[3], "r3", 32, PARAM_OUT);
1309 init_reg_param(®_params[4], "r4", 32, PARAM_IN);
1310 init_reg_param(®_params[5], "r5", 32, PARAM_OUT);
1311 init_reg_param(®_params[6], "r6", 32, PARAM_OUT);
1313 /* prepare command and status register patterns */
1314 write_command_val = cfi_command_val(bank, 0x40);
1315 busy_pattern_val = cfi_command_val(bank, 0x80);
1316 error_pattern_val = cfi_command_val(bank, 0x7e);
1318 LOG_DEBUG("Using target buffer at 0x%08" PRIx32 " and of size 0x%04" PRIx32,
1319 source->address, buffer_size);
1321 /* Programming main loop */
1323 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1326 retval = target_write_buffer(target, source->address, thisrun_count, buffer);
1327 if (retval != ERROR_OK)
1330 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1331 buf_set_u32(reg_params[1].value, 0, 32, address);
1332 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1334 buf_set_u32(reg_params[3].value, 0, 32, write_command_val);
1335 buf_set_u32(reg_params[5].value, 0, 32, busy_pattern_val);
1336 buf_set_u32(reg_params[6].value, 0, 32, error_pattern_val);
1338 LOG_DEBUG("Write 0x%04" PRIx32 " bytes to flash at 0x%08" PRIx32,
1339 thisrun_count, address);
1341 /* Execute algorithm, assume breakpoint for last instruction */
1342 retval = target_run_algorithm(target, 0, NULL, 7, reg_params,
1343 cfi_info->write_algorithm->address,
1344 cfi_info->write_algorithm->address + target_code_size -
1346 10000, /* 10s should be enough for max. 32k of data */
1349 /* On failure try a fall back to direct word writes */
1350 if (retval != ERROR_OK) {
1351 cfi_intel_clear_status_register(bank);
1353 "Execution of flash algorythm failed. Can't fall back. Please report.");
1354 retval = ERROR_FLASH_OPERATION_FAILED;
1355 /* retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE; */
1356 /* FIXME To allow fall back or recovery, we must save the actual status
1357 * somewhere, so that a higher level code can start recovery. */
1361 /* Check return value from algo code */
1362 wsm_error = buf_get_u32(reg_params[4].value, 0, 32) & error_pattern_val;
1364 /* read status register (outputs debug inforation) */
1366 cfi_intel_wait_status_busy(bank, 100, &status);
1367 cfi_intel_clear_status_register(bank);
1368 retval = ERROR_FLASH_OPERATION_FAILED;
1372 buffer += thisrun_count;
1373 address += thisrun_count;
1374 count -= thisrun_count;
1379 /* free up resources */
1382 target_free_working_area(target, source);
1384 if (cfi_info->write_algorithm) {
1385 target_free_working_area(target, cfi_info->write_algorithm);
1386 cfi_info->write_algorithm = NULL;
1389 destroy_reg_param(®_params[0]);
1390 destroy_reg_param(®_params[1]);
1391 destroy_reg_param(®_params[2]);
1392 destroy_reg_param(®_params[3]);
1393 destroy_reg_param(®_params[4]);
1394 destroy_reg_param(®_params[5]);
1395 destroy_reg_param(®_params[6]);
1400 static int cfi_spansion_write_block_mips(struct flash_bank *bank, uint8_t *buffer,
1401 uint32_t address, uint32_t count)
1403 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1404 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
1405 struct target *target = bank->target;
1406 struct reg_param reg_params[10];
1407 struct mips32_algorithm mips32_info;
1408 struct working_area *source;
1409 uint32_t buffer_size = 32768;
1411 int retval = ERROR_OK;
1413 /* input parameters -
1414 * 4 A0 = source address
1415 * 5 A1 = destination address
1416 * 6 A2 = number of writes
1417 * 7 A3 = flash write command
1418 * 8 T0 = constant to mask DQ7 bits (also used for Dq5 with shift)
1419 * output parameters -
1420 * 9 T1 = 0x80 ok 0x00 bad
1422 * 10 T2 = value read from flash to test status
1423 * 11 T3 = holding register
1424 * unlock registers -
1425 * 12 T4 = unlock1_addr
1426 * 13 T5 = unlock1_cmd
1427 * 14 T6 = unlock2_addr
1428 * 15 T7 = unlock2_cmd */
1430 static const uint32_t mips_word_16_code[] = {
1432 MIPS32_LHU(9, 0, 4), /* lhu $t1, ($a0) ; out = &saddr */
1433 MIPS32_ADDI(4, 4, 2), /* addi $a0, $a0, 2 ; saddr += 2 */
1434 MIPS32_SH(13, 0, 12), /* sh $t5, ($t4) ; *fl_unl_addr1 =
1436 MIPS32_SH(15, 0, 14), /* sh $t7, ($t6) ; *fl_unl_addr2 =
1438 MIPS32_SH(7, 0, 12), /* sh $a3, ($t4) ; *fl_unl_addr1 =
1440 MIPS32_SH(9, 0, 5), /* sh $t1, ($a1) ; *daddr = out */
1441 MIPS32_NOP, /* nop */
1443 MIPS32_LHU(10, 0, 5), /* lhu $t2, ($a1) ; temp1 = *daddr */
1444 MIPS32_XOR(11, 9, 10), /* xor $t3, $a0, $t2 ; temp2 = out ^
1446 MIPS32_AND(11, 8, 11), /* and $t3, $t0, $t3 ; temp2 = temp2 &
1448 MIPS32_BNE(11, 8, 13), /* bne $t3, $t0, cont ; if (temp2 !=
1449 *DQ7mask) goto cont */
1450 MIPS32_NOP, /* nop */
1452 MIPS32_SRL(10, 8, 2), /* srl $t2,$t0,2 ; temp1 = DQ7mask >>
1454 MIPS32_AND(11, 10, 11), /* and $t3, $t2, $t3 ; temp2 = temp2 &
1456 MIPS32_BNE(11, 10, NEG16(8)), /* bne $t3, $t2, busy ; if (temp2 !=
1457 *temp1) goto busy */
1458 MIPS32_NOP, /* nop */
1460 MIPS32_LHU(10, 0, 5), /* lhu $t2, ($a1) ; temp1 = *daddr */
1461 MIPS32_XOR(11, 9, 10), /* xor $t3, $a0, $t2 ; temp2 = out ^
1463 MIPS32_AND(11, 8, 11), /* and $t3, $t0, $t3 ; temp2 = temp2 &
1465 MIPS32_BNE(11, 8, 4), /* bne $t3, $t0, cont ; if (temp2 !=
1466 *DQ7mask) goto cont */
1467 MIPS32_NOP, /* nop */
1469 MIPS32_XOR(9, 9, 9), /* xor $t1, $t1, $t1 ; out = 0 */
1470 MIPS32_BEQ(9, 0, 11), /* beq $t1, $zero, done ; if (out == 0) goto
1472 MIPS32_NOP, /* nop */
1474 MIPS32_ADDI(6, 6, NEG16(1)), /* addi, $a2, $a2, -1 ; numwrites-- */
1475 MIPS32_BNE(6, 0, 5), /* bne $a2, $zero, cont2 ; if (numwrite != 0)
1477 MIPS32_NOP, /* nop */
1479 MIPS32_LUI(9, 0), /* lui $t1, 0 */
1480 MIPS32_ORI(9, 9, 0x80), /* ori $t1, $t1, 0x80 ; out = 0x80 */
1482 MIPS32_B(4), /* b done ; goto done */
1483 MIPS32_NOP, /* nop */
1485 MIPS32_ADDI(5, 5, 2), /* addi $a0, $a0, 2 ; daddr += 2 */
1486 MIPS32_B(NEG16(33)), /* b start ; goto start */
1487 MIPS32_NOP, /* nop */
1489 *MIPS32_B(NEG16(1)), */ /* b done ; goto done */
1490 MIPS32_SDBBP, /* sdbbp ; break(); */
1491 /*MIPS32_B(NEG16(33)), */ /* b start ; goto start
1495 mips32_info.common_magic = MIPS32_COMMON_MAGIC;
1496 mips32_info.isa_mode = MIPS32_ISA_MIPS32;
1498 int target_code_size = 0;
1499 const uint32_t *target_code_src = NULL;
1501 switch (bank->bus_width) {
1503 /* Check for DQ5 support */
1504 if (cfi_info->status_poll_mask & (1 << 5)) {
1505 target_code_src = mips_word_16_code;
1506 target_code_size = sizeof(mips_word_16_code);
1508 LOG_ERROR("Need DQ5 support");
1509 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1510 /* target_code_src = mips_word_16_code_dq7only; */
1511 /* target_code_size = sizeof(mips_word_16_code_dq7only); */
1515 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes",
1517 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1520 /* flash write code */
1521 if (!cfi_info->write_algorithm) {
1522 uint8_t *target_code;
1524 /* convert bus-width dependent algorithm code to correct endiannes */
1525 target_code = malloc(target_code_size);
1526 if (target_code == NULL) {
1527 LOG_ERROR("Out of memory");
1530 cfi_fix_code_endian(target, target_code, target_code_src, target_code_size / 4);
1532 /* allocate working area */
1533 retval = target_alloc_working_area(target, target_code_size,
1534 &cfi_info->write_algorithm);
1535 if (retval != ERROR_OK) {
1540 /* write algorithm code to working area */
1541 retval = target_write_buffer(target, cfi_info->write_algorithm->address,
1542 target_code_size, target_code);
1543 if (retval != ERROR_OK) {
1550 /* the following code still assumes target code is fixed 24*4 bytes */
1552 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK) {
1554 if (buffer_size <= 256) {
1555 /* if we already allocated the writing code, but failed to get a
1556 * buffer, free the algorithm */
1557 if (cfi_info->write_algorithm)
1558 target_free_working_area(target, cfi_info->write_algorithm);
1561 "not enough working area available, can't do block memory writes");
1562 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1567 init_reg_param(®_params[0], "a0", 32, PARAM_OUT);
1568 init_reg_param(®_params[1], "a1", 32, PARAM_OUT);
1569 init_reg_param(®_params[2], "a2", 32, PARAM_OUT);
1570 init_reg_param(®_params[3], "a3", 32, PARAM_OUT);
1571 init_reg_param(®_params[4], "t0", 32, PARAM_OUT);
1572 init_reg_param(®_params[5], "t1", 32, PARAM_IN);
1573 init_reg_param(®_params[6], "t4", 32, PARAM_OUT);
1574 init_reg_param(®_params[7], "t5", 32, PARAM_OUT);
1575 init_reg_param(®_params[8], "t6", 32, PARAM_OUT);
1576 init_reg_param(®_params[9], "t7", 32, PARAM_OUT);
1579 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1581 retval = target_write_buffer(target, source->address, thisrun_count, buffer);
1582 if (retval != ERROR_OK)
1585 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1586 buf_set_u32(reg_params[1].value, 0, 32, address);
1587 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1588 buf_set_u32(reg_params[3].value, 0, 32, cfi_command_val(bank, 0xA0));
1589 buf_set_u32(reg_params[4].value, 0, 32, cfi_command_val(bank, 0x80));
1590 buf_set_u32(reg_params[6].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock1));
1591 buf_set_u32(reg_params[7].value, 0, 32, 0xaaaaaaaa);
1592 buf_set_u32(reg_params[8].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock2));
1593 buf_set_u32(reg_params[9].value, 0, 32, 0x55555555);
1595 retval = target_run_algorithm(target, 0, NULL, 10, reg_params,
1596 cfi_info->write_algorithm->address,
1597 cfi_info->write_algorithm->address + ((target_code_size) - 4),
1598 10000, &mips32_info);
1599 if (retval != ERROR_OK)
1602 status = buf_get_u32(reg_params[5].value, 0, 32);
1603 if (status != 0x80) {
1604 LOG_ERROR("flash write block failed status: 0x%" PRIx32, status);
1605 retval = ERROR_FLASH_OPERATION_FAILED;
1609 buffer += thisrun_count;
1610 address += thisrun_count;
1611 count -= thisrun_count;
1614 target_free_all_working_areas(target);
1616 destroy_reg_param(®_params[0]);
1617 destroy_reg_param(®_params[1]);
1618 destroy_reg_param(®_params[2]);
1619 destroy_reg_param(®_params[3]);
1620 destroy_reg_param(®_params[4]);
1621 destroy_reg_param(®_params[5]);
1622 destroy_reg_param(®_params[6]);
1623 destroy_reg_param(®_params[7]);
1624 destroy_reg_param(®_params[8]);
1625 destroy_reg_param(®_params[9]);
1630 static int cfi_spansion_write_block(struct flash_bank *bank, uint8_t *buffer,
1631 uint32_t address, uint32_t count)
1633 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1634 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
1635 struct target *target = bank->target;
1636 struct reg_param reg_params[10];
1638 struct arm_algorithm armv4_5_algo;
1639 struct armv7m_algorithm armv7m_algo;
1640 struct working_area *source;
1641 uint32_t buffer_size = 32768;
1643 int retval = ERROR_OK;
1645 /* input parameters -
1646 * R0 = source address
1647 * R1 = destination address
1648 * R2 = number of writes
1649 * R3 = flash write command
1650 * R4 = constant to mask DQ7 bits (also used for Dq5 with shift)
1651 * output parameters -
1652 * R5 = 0x80 ok 0x00 bad
1654 * R6 = value read from flash to test status
1655 * R7 = holding register
1656 * unlock registers -
1659 * R10 = unlock2_addr
1660 * R11 = unlock2_cmd */
1662 /* see contib/loaders/flash/armv4_5_cfi_span_32.s for src */
1663 static const uint32_t armv4_5_word_32_code[] = {
1664 /* 00008100 <sp_32_code>: */
1665 0xe4905004, /* ldr r5, [r0], #4 */
1666 0xe5889000, /* str r9, [r8] */
1667 0xe58ab000, /* str r11, [r10] */
1668 0xe5883000, /* str r3, [r8] */
1669 0xe5815000, /* str r5, [r1] */
1670 0xe1a00000, /* nop */
1672 * 00008110 <sp_32_busy>: */
1673 0xe5916000, /* ldr r6, [r1] */
1674 0xe0257006, /* eor r7, r5, r6 */
1675 0xe0147007, /* ands r7, r4, r7 */
1676 0x0a000007, /* beq 8140 <sp_32_cont> ; b if DQ7 == Data7 */
1677 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1678 0x0afffff9, /* beq 8110 <sp_32_busy> ; b if DQ5 low */
1679 0xe5916000, /* ldr r6, [r1] */
1680 0xe0257006, /* eor r7, r5, r6 */
1681 0xe0147007, /* ands r7, r4, r7 */
1682 0x0a000001, /* beq 8140 <sp_32_cont> ; b if DQ7 == Data7 */
1683 0xe3a05000, /* mov r5, #0 ; 0x0 - return 0x00, error */
1684 0x1a000004, /* bne 8154 <sp_32_done> */
1686 * 00008140 <sp_32_cont>: */
1687 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1688 0x03a05080, /* moveq r5, #128 ; 0x80 */
1689 0x0a000001, /* beq 8154 <sp_32_done> */
1690 0xe2811004, /* add r1, r1, #4 ; 0x4 */
1691 0xeaffffe8, /* b 8100 <sp_32_code> */
1693 * 00008154 <sp_32_done>: */
1694 0xeafffffe /* b 8154 <sp_32_done> */
1697 /* see contib/loaders/flash/armv4_5_cfi_span_16.s for src */
1698 static const uint32_t armv4_5_word_16_code[] = {
1699 /* 00008158 <sp_16_code>: */
1700 0xe0d050b2, /* ldrh r5, [r0], #2 */
1701 0xe1c890b0, /* strh r9, [r8] */
1702 0xe1cab0b0, /* strh r11, [r10] */
1703 0xe1c830b0, /* strh r3, [r8] */
1704 0xe1c150b0, /* strh r5, [r1] */
1705 0xe1a00000, /* nop (mov r0,r0) */
1707 * 00008168 <sp_16_busy>: */
1708 0xe1d160b0, /* ldrh r6, [r1] */
1709 0xe0257006, /* eor r7, r5, r6 */
1710 0xe0147007, /* ands r7, r4, r7 */
1711 0x0a000007, /* beq 8198 <sp_16_cont> */
1712 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1713 0x0afffff9, /* beq 8168 <sp_16_busy> */
1714 0xe1d160b0, /* ldrh r6, [r1] */
1715 0xe0257006, /* eor r7, r5, r6 */
1716 0xe0147007, /* ands r7, r4, r7 */
1717 0x0a000001, /* beq 8198 <sp_16_cont> */
1718 0xe3a05000, /* mov r5, #0 ; 0x0 */
1719 0x1a000004, /* bne 81ac <sp_16_done> */
1721 * 00008198 <sp_16_cont>: */
1722 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1723 0x03a05080, /* moveq r5, #128 ; 0x80 */
1724 0x0a000001, /* beq 81ac <sp_16_done> */
1725 0xe2811002, /* add r1, r1, #2 ; 0x2 */
1726 0xeaffffe8, /* b 8158 <sp_16_code> */
1728 * 000081ac <sp_16_done>: */
1729 0xeafffffe /* b 81ac <sp_16_done> */
1732 /* see contib/loaders/flash/armv7m_cfi_span_16.s for src */
1733 static const uint32_t armv7m_word_16_code[] = {
1754 /* see contib/loaders/flash/armv4_5_cfi_span_16_dq7.s for src */
1755 static const uint32_t armv4_5_word_16_code_dq7only[] = {
1757 0xe0d050b2, /* ldrh r5, [r0], #2 */
1758 0xe1c890b0, /* strh r9, [r8] */
1759 0xe1cab0b0, /* strh r11, [r10] */
1760 0xe1c830b0, /* strh r3, [r8] */
1761 0xe1c150b0, /* strh r5, [r1] */
1762 0xe1a00000, /* nop (mov r0,r0) */
1765 0xe1d160b0, /* ldrh r6, [r1] */
1766 0xe0257006, /* eor r7, r5, r6 */
1767 0xe2177080, /* ands r7, #0x80 */
1768 0x1afffffb, /* bne 8168 <sp_16_busy> */
1770 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1771 0x03a05080, /* moveq r5, #128 ; 0x80 */
1772 0x0a000001, /* beq 81ac <sp_16_done> */
1773 0xe2811002, /* add r1, r1, #2 ; 0x2 */
1774 0xeafffff0, /* b 8158 <sp_16_code> */
1776 * 000081ac <sp_16_done>: */
1777 0xeafffffe /* b 81ac <sp_16_done> */
1780 /* see contib/loaders/flash/armv4_5_cfi_span_8.s for src */
1781 static const uint32_t armv4_5_word_8_code[] = {
1782 /* 000081b0 <sp_16_code_end>: */
1783 0xe4d05001, /* ldrb r5, [r0], #1 */
1784 0xe5c89000, /* strb r9, [r8] */
1785 0xe5cab000, /* strb r11, [r10] */
1786 0xe5c83000, /* strb r3, [r8] */
1787 0xe5c15000, /* strb r5, [r1] */
1788 0xe1a00000, /* nop (mov r0,r0) */
1790 * 000081c0 <sp_8_busy>: */
1791 0xe5d16000, /* ldrb r6, [r1] */
1792 0xe0257006, /* eor r7, r5, r6 */
1793 0xe0147007, /* ands r7, r4, r7 */
1794 0x0a000007, /* beq 81f0 <sp_8_cont> */
1795 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1796 0x0afffff9, /* beq 81c0 <sp_8_busy> */
1797 0xe5d16000, /* ldrb r6, [r1] */
1798 0xe0257006, /* eor r7, r5, r6 */
1799 0xe0147007, /* ands r7, r4, r7 */
1800 0x0a000001, /* beq 81f0 <sp_8_cont> */
1801 0xe3a05000, /* mov r5, #0 ; 0x0 */
1802 0x1a000004, /* bne 8204 <sp_8_done> */
1804 * 000081f0 <sp_8_cont>: */
1805 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1806 0x03a05080, /* moveq r5, #128 ; 0x80 */
1807 0x0a000001, /* beq 8204 <sp_8_done> */
1808 0xe2811001, /* add r1, r1, #1 ; 0x1 */
1809 0xeaffffe8, /* b 81b0 <sp_16_code_end> */
1811 * 00008204 <sp_8_done>: */
1812 0xeafffffe /* b 8204 <sp_8_done> */
1815 if (strncmp(target_type_name(target), "mips_m4k", 8) == 0)
1816 return cfi_spansion_write_block_mips(bank, buffer, address, count);
1818 if (is_armv7m(target_to_armv7m(target))) { /* Cortex-M3 target */
1819 armv7m_algo.common_magic = ARMV7M_COMMON_MAGIC;
1820 armv7m_algo.core_mode = ARMV7M_MODE_HANDLER;
1821 arm_algo = &armv7m_algo;
1822 } else if (is_arm(target_to_arm(target))) {
1823 /* All other ARM CPUs have 32 bit instructions */
1824 armv4_5_algo.common_magic = ARM_COMMON_MAGIC;
1825 armv4_5_algo.core_mode = ARM_MODE_SVC;
1826 armv4_5_algo.core_state = ARM_STATE_ARM;
1827 arm_algo = &armv4_5_algo;
1829 LOG_ERROR("Unknown architecture");
1833 int target_code_size = 0;
1834 const uint32_t *target_code_src = NULL;
1836 switch (bank->bus_width) {
1838 if (is_armv7m(target_to_armv7m(target))) {
1839 LOG_ERROR("Unknown ARM architecture");
1842 target_code_src = armv4_5_word_8_code;
1843 target_code_size = sizeof(armv4_5_word_8_code);
1846 /* Check for DQ5 support */
1847 if (cfi_info->status_poll_mask & (1 << 5)) {
1848 if (is_armv7m(target_to_armv7m(target))) { /*
1852 target_code_src = armv7m_word_16_code;
1853 target_code_size = sizeof(armv7m_word_16_code);
1854 } else { /* armv4_5 target */
1855 target_code_src = armv4_5_word_16_code;
1856 target_code_size = sizeof(armv4_5_word_16_code);
1859 /* No DQ5 support. Use DQ7 DATA# polling only. */
1860 if (is_armv7m(target_to_armv7m(target))) {
1861 LOG_ERROR("Unknown ARM architecture");
1864 target_code_src = armv4_5_word_16_code_dq7only;
1865 target_code_size = sizeof(armv4_5_word_16_code_dq7only);
1869 if (is_armv7m(target_to_armv7m(target))) {
1870 LOG_ERROR("Unknown ARM architecture");
1873 target_code_src = armv4_5_word_32_code;
1874 target_code_size = sizeof(armv4_5_word_32_code);
1877 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes",
1879 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1882 /* flash write code */
1883 if (!cfi_info->write_algorithm) {
1884 uint8_t *target_code;
1886 /* convert bus-width dependent algorithm code to correct endiannes */
1887 target_code = malloc(target_code_size);
1888 if (target_code == NULL) {
1889 LOG_ERROR("Out of memory");
1892 cfi_fix_code_endian(target, target_code, target_code_src, target_code_size / 4);
1894 /* allocate working area */
1895 retval = target_alloc_working_area(target, target_code_size,
1896 &cfi_info->write_algorithm);
1897 if (retval != ERROR_OK) {
1902 /* write algorithm code to working area */
1903 retval = target_write_buffer(target, cfi_info->write_algorithm->address,
1904 target_code_size, target_code);
1905 if (retval != ERROR_OK) {
1912 /* the following code still assumes target code is fixed 24*4 bytes */
1914 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK) {
1916 if (buffer_size <= 256) {
1917 /* if we already allocated the writing code, but failed to get a
1918 * buffer, free the algorithm */
1919 if (cfi_info->write_algorithm)
1920 target_free_working_area(target, cfi_info->write_algorithm);
1923 "not enough working area available, can't do block memory writes");
1924 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1929 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
1930 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
1931 init_reg_param(®_params[2], "r2", 32, PARAM_OUT);
1932 init_reg_param(®_params[3], "r3", 32, PARAM_OUT);
1933 init_reg_param(®_params[4], "r4", 32, PARAM_OUT);
1934 init_reg_param(®_params[5], "r5", 32, PARAM_IN);
1935 init_reg_param(®_params[6], "r8", 32, PARAM_OUT);
1936 init_reg_param(®_params[7], "r9", 32, PARAM_OUT);
1937 init_reg_param(®_params[8], "r10", 32, PARAM_OUT);
1938 init_reg_param(®_params[9], "r11", 32, PARAM_OUT);
1941 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1943 retval = target_write_buffer(target, source->address, thisrun_count, buffer);
1944 if (retval != ERROR_OK)
1947 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1948 buf_set_u32(reg_params[1].value, 0, 32, address);
1949 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1950 buf_set_u32(reg_params[3].value, 0, 32, cfi_command_val(bank, 0xA0));
1951 buf_set_u32(reg_params[4].value, 0, 32, cfi_command_val(bank, 0x80));
1952 buf_set_u32(reg_params[6].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock1));
1953 buf_set_u32(reg_params[7].value, 0, 32, 0xaaaaaaaa);
1954 buf_set_u32(reg_params[8].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock2));
1955 buf_set_u32(reg_params[9].value, 0, 32, 0x55555555);
1957 retval = target_run_algorithm(target, 0, NULL, 10, reg_params,
1958 cfi_info->write_algorithm->address,
1959 cfi_info->write_algorithm->address + ((target_code_size) - 4),
1961 if (retval != ERROR_OK)
1964 status = buf_get_u32(reg_params[5].value, 0, 32);
1965 if (status != 0x80) {
1966 LOG_ERROR("flash write block failed status: 0x%" PRIx32, status);
1967 retval = ERROR_FLASH_OPERATION_FAILED;
1971 buffer += thisrun_count;
1972 address += thisrun_count;
1973 count -= thisrun_count;
1976 target_free_all_working_areas(target);
1978 destroy_reg_param(®_params[0]);
1979 destroy_reg_param(®_params[1]);
1980 destroy_reg_param(®_params[2]);
1981 destroy_reg_param(®_params[3]);
1982 destroy_reg_param(®_params[4]);
1983 destroy_reg_param(®_params[5]);
1984 destroy_reg_param(®_params[6]);
1985 destroy_reg_param(®_params[7]);
1986 destroy_reg_param(®_params[8]);
1987 destroy_reg_param(®_params[9]);
1992 static int cfi_intel_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
1995 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1996 struct target *target = bank->target;
1998 cfi_intel_clear_status_register(bank);
1999 retval = cfi_send_command(bank, 0x40, address);
2000 if (retval != ERROR_OK)
2003 retval = target_write_memory(target, address, bank->bus_width, 1, word);
2004 if (retval != ERROR_OK)
2008 retval = cfi_intel_wait_status_busy(bank, cfi_info->word_write_timeout, &status);
2009 if (retval != 0x80) {
2010 retval = cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
2011 if (retval != ERROR_OK)
2014 LOG_ERROR("couldn't write word at base 0x%" PRIx32 ", address 0x%" PRIx32,
2015 bank->base, address);
2016 return ERROR_FLASH_OPERATION_FAILED;
2022 static int cfi_intel_write_words(struct flash_bank *bank, uint8_t *word,
2023 uint32_t wordcount, uint32_t address)
2026 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2027 struct target *target = bank->target;
2029 /* Calculate buffer size and boundary mask
2030 * buffersize is (buffer size per chip) * (number of chips)
2031 * bufferwsize is buffersize in words */
2032 uint32_t buffersize =
2033 (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
2034 uint32_t buffermask = buffersize-1;
2035 uint32_t bufferwsize = buffersize / bank->bus_width;
2037 /* Check for valid range */
2038 if (address & buffermask) {
2039 LOG_ERROR("Write address at base 0x%" PRIx32 ", address 0x%" PRIx32
2040 " not aligned to 2^%d boundary",
2041 bank->base, address, cfi_info->max_buf_write_size);
2042 return ERROR_FLASH_OPERATION_FAILED;
2045 /* Check for valid size */
2046 if (wordcount > bufferwsize) {
2047 LOG_ERROR("Number of data words %" PRId32 " exceeds available buffersize %" PRId32,
2048 wordcount, buffersize);
2049 return ERROR_FLASH_OPERATION_FAILED;
2052 /* Write to flash buffer */
2053 cfi_intel_clear_status_register(bank);
2055 /* Initiate buffer operation _*/
2056 retval = cfi_send_command(bank, 0xe8, address);
2057 if (retval != ERROR_OK)
2060 retval = cfi_intel_wait_status_busy(bank, cfi_info->buf_write_timeout, &status);
2061 if (retval != ERROR_OK)
2063 if (status != 0x80) {
2064 retval = cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
2065 if (retval != ERROR_OK)
2069 "couldn't start buffer write operation at base 0x%" PRIx32 ", address 0x%" PRIx32,
2072 return ERROR_FLASH_OPERATION_FAILED;
2075 /* Write buffer wordcount-1 and data words */
2076 retval = cfi_send_command(bank, bufferwsize-1, address);
2077 if (retval != ERROR_OK)
2080 retval = target_write_memory(target, address, bank->bus_width, bufferwsize, word);
2081 if (retval != ERROR_OK)
2084 /* Commit write operation */
2085 retval = cfi_send_command(bank, 0xd0, address);
2086 if (retval != ERROR_OK)
2089 retval = cfi_intel_wait_status_busy(bank, cfi_info->buf_write_timeout, &status);
2090 if (retval != ERROR_OK)
2093 if (status != 0x80) {
2094 retval = cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
2095 if (retval != ERROR_OK)
2098 LOG_ERROR("Buffer write at base 0x%" PRIx32
2099 ", address 0x%" PRIx32 " failed.", bank->base, address);
2100 return ERROR_FLASH_OPERATION_FAILED;
2106 static int cfi_spansion_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
2109 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2110 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2111 struct target *target = bank->target;
2113 retval = cfi_send_command(bank, 0xaa, flash_address(bank, 0, pri_ext->_unlock1));
2114 if (retval != ERROR_OK)
2117 retval = cfi_send_command(bank, 0x55, flash_address(bank, 0, pri_ext->_unlock2));
2118 if (retval != ERROR_OK)
2121 retval = cfi_send_command(bank, 0xa0, flash_address(bank, 0, pri_ext->_unlock1));
2122 if (retval != ERROR_OK)
2125 retval = target_write_memory(target, address, bank->bus_width, 1, word);
2126 if (retval != ERROR_OK)
2129 if (cfi_spansion_wait_status_busy(bank, cfi_info->word_write_timeout) != ERROR_OK) {
2130 retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
2131 if (retval != ERROR_OK)
2134 LOG_ERROR("couldn't write word at base 0x%" PRIx32
2135 ", address 0x%" PRIx32, bank->base, address);
2136 return ERROR_FLASH_OPERATION_FAILED;
2142 static int cfi_spansion_write_words(struct flash_bank *bank, uint8_t *word,
2143 uint32_t wordcount, uint32_t address)
2146 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2147 struct target *target = bank->target;
2148 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2150 /* Calculate buffer size and boundary mask
2151 * buffersize is (buffer size per chip) * (number of chips)
2152 * bufferwsize is buffersize in words */
2153 uint32_t buffersize =
2154 (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
2155 uint32_t buffermask = buffersize-1;
2156 uint32_t bufferwsize = buffersize / bank->bus_width;
2158 /* Check for valid range */
2159 if (address & buffermask) {
2160 LOG_ERROR("Write address at base 0x%" PRIx32
2161 ", address 0x%" PRIx32 " not aligned to 2^%d boundary",
2162 bank->base, address, cfi_info->max_buf_write_size);
2163 return ERROR_FLASH_OPERATION_FAILED;
2166 /* Check for valid size */
2167 if (wordcount > bufferwsize) {
2168 LOG_ERROR("Number of data words %" PRId32 " exceeds available buffersize %"
2169 PRId32, wordcount, buffersize);
2170 return ERROR_FLASH_OPERATION_FAILED;
2174 retval = cfi_send_command(bank, 0xaa, flash_address(bank, 0, pri_ext->_unlock1));
2175 if (retval != ERROR_OK)
2178 retval = cfi_send_command(bank, 0x55, flash_address(bank, 0, pri_ext->_unlock2));
2179 if (retval != ERROR_OK)
2182 /* Buffer load command */
2183 retval = cfi_send_command(bank, 0x25, address);
2184 if (retval != ERROR_OK)
2187 /* Write buffer wordcount-1 and data words */
2188 retval = cfi_send_command(bank, bufferwsize-1, address);
2189 if (retval != ERROR_OK)
2192 retval = target_write_memory(target, address, bank->bus_width, bufferwsize, word);
2193 if (retval != ERROR_OK)
2196 /* Commit write operation */
2197 retval = cfi_send_command(bank, 0x29, address);
2198 if (retval != ERROR_OK)
2201 if (cfi_spansion_wait_status_busy(bank, cfi_info->buf_write_timeout) != ERROR_OK) {
2202 retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
2203 if (retval != ERROR_OK)
2206 LOG_ERROR("couldn't write block at base 0x%" PRIx32
2207 ", address 0x%" PRIx32 ", size 0x%" PRIx32, bank->base, address,
2209 return ERROR_FLASH_OPERATION_FAILED;
2215 static int cfi_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
2217 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2219 switch (cfi_info->pri_id) {
2222 return cfi_intel_write_word(bank, word, address);
2225 return cfi_spansion_write_word(bank, word, address);
2228 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2232 return ERROR_FLASH_OPERATION_FAILED;
2235 static int cfi_write_words(struct flash_bank *bank, uint8_t *word,
2236 uint32_t wordcount, uint32_t address)
2238 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2240 if (cfi_info->buf_write_timeout_typ == 0) {
2241 /* buffer writes are not supported */
2242 LOG_DEBUG("Buffer Writes Not Supported");
2243 return ERROR_FLASH_OPER_UNSUPPORTED;
2246 switch (cfi_info->pri_id) {
2249 return cfi_intel_write_words(bank, word, wordcount, address);
2252 return cfi_spansion_write_words(bank, word, wordcount, address);
2255 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2259 return ERROR_FLASH_OPERATION_FAILED;
2262 static int cfi_read(struct flash_bank *bank, uint8_t *buffer, uint32_t offset, uint32_t count)
2264 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2265 struct target *target = bank->target;
2266 uint32_t address = bank->base + offset;
2268 int align; /* number of unaligned bytes */
2269 uint8_t current_word[CFI_MAX_BUS_WIDTH];
2273 LOG_DEBUG("reading buffer of %i byte at 0x%8.8x",
2274 (int)count, (unsigned)offset);
2276 if (bank->target->state != TARGET_HALTED) {
2277 LOG_ERROR("Target not halted");
2278 return ERROR_TARGET_NOT_HALTED;
2281 if (offset + count > bank->size)
2282 return ERROR_FLASH_DST_OUT_OF_BANK;
2284 if (cfi_info->qry[0] != 'Q')
2285 return ERROR_FLASH_BANK_NOT_PROBED;
2287 /* start at the first byte of the first word (bus_width size) */
2288 read_p = address & ~(bank->bus_width - 1);
2289 align = address - read_p;
2291 LOG_INFO("Fixup %d unaligned read head bytes", align);
2293 /* read a complete word from flash */
2294 retval = target_read_memory(target, read_p, bank->bus_width, 1, current_word);
2295 if (retval != ERROR_OK)
2298 /* take only bytes we need */
2299 for (i = align; (i < bank->bus_width) && (count > 0); i++, count--)
2300 *buffer++ = current_word[i];
2302 read_p += bank->bus_width;
2305 align = count / bank->bus_width;
2307 retval = target_read_memory(target, read_p, bank->bus_width, align, buffer);
2308 if (retval != ERROR_OK)
2311 read_p += align * bank->bus_width;
2312 buffer += align * bank->bus_width;
2313 count -= align * bank->bus_width;
2317 LOG_INFO("Fixup %d unaligned read tail bytes", count);
2319 /* read a complete word from flash */
2320 retval = target_read_memory(target, read_p, bank->bus_width, 1, current_word);
2321 if (retval != ERROR_OK)
2324 /* take only bytes we need */
2325 for (i = 0; (i < bank->bus_width) && (count > 0); i++, count--)
2326 *buffer++ = current_word[i];
2332 static int cfi_write(struct flash_bank *bank, uint8_t *buffer, uint32_t offset, uint32_t count)
2334 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2335 struct target *target = bank->target;
2336 uint32_t address = bank->base + offset; /* address of first byte to be programmed */
2338 int align; /* number of unaligned bytes */
2339 int blk_count; /* number of bus_width bytes for block copy */
2340 uint8_t current_word[CFI_MAX_BUS_WIDTH * 4]; /* word (bus_width size) currently being
2345 if (bank->target->state != TARGET_HALTED) {
2346 LOG_ERROR("Target not halted");
2347 return ERROR_TARGET_NOT_HALTED;
2350 if (offset + count > bank->size)
2351 return ERROR_FLASH_DST_OUT_OF_BANK;
2353 if (cfi_info->qry[0] != 'Q')
2354 return ERROR_FLASH_BANK_NOT_PROBED;
2356 /* start at the first byte of the first word (bus_width size) */
2357 write_p = address & ~(bank->bus_width - 1);
2358 align = address - write_p;
2360 LOG_INFO("Fixup %d unaligned head bytes", align);
2362 /* read a complete word from flash */
2363 retval = target_read_memory(target, write_p, bank->bus_width, 1, current_word);
2364 if (retval != ERROR_OK)
2367 /* replace only bytes that must be written */
2368 for (i = align; (i < bank->bus_width) && (count > 0); i++, count--)
2369 current_word[i] = *buffer++;
2371 retval = cfi_write_word(bank, current_word, write_p);
2372 if (retval != ERROR_OK)
2374 write_p += bank->bus_width;
2377 /* handle blocks of bus_size aligned bytes */
2378 blk_count = count & ~(bank->bus_width - 1); /* round down, leave tail bytes */
2379 switch (cfi_info->pri_id) {
2380 /* try block writes (fails without working area) */
2383 retval = cfi_intel_write_block(bank, buffer, write_p, blk_count);
2386 retval = cfi_spansion_write_block(bank, buffer, write_p, blk_count);
2389 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2390 retval = ERROR_FLASH_OPERATION_FAILED;
2393 if (retval == ERROR_OK) {
2394 /* Increment pointers and decrease count on succesful block write */
2395 buffer += blk_count;
2396 write_p += blk_count;
2399 if (retval == ERROR_TARGET_RESOURCE_NOT_AVAILABLE) {
2400 /* Calculate buffer size and boundary mask
2401 * buffersize is (buffer size per chip) * (number of chips)
2402 * bufferwsize is buffersize in words */
2403 uint32_t buffersize =
2405 cfi_info->max_buf_write_size) *
2406 (bank->bus_width / bank->chip_width);
2407 uint32_t buffermask = buffersize-1;
2408 uint32_t bufferwsize = buffersize / bank->bus_width;
2410 /* fall back to memory writes */
2411 while (count >= (uint32_t)bank->bus_width) {
2413 if ((write_p & 0xff) == 0) {
2414 LOG_INFO("Programming at 0x%08" PRIx32 ", count 0x%08"
2415 PRIx32 " bytes remaining", write_p, count);
2418 if ((bufferwsize > 0) && (count >= buffersize) &&
2419 !(write_p & buffermask)) {
2420 retval = cfi_write_words(bank, buffer, bufferwsize, write_p);
2421 if (retval == ERROR_OK) {
2422 buffer += buffersize;
2423 write_p += buffersize;
2424 count -= buffersize;
2426 } else if (retval != ERROR_FLASH_OPER_UNSUPPORTED)
2429 /* try the slow way? */
2431 for (i = 0; i < bank->bus_width; i++)
2432 current_word[i] = *buffer++;
2434 retval = cfi_write_word(bank, current_word, write_p);
2435 if (retval != ERROR_OK)
2438 write_p += bank->bus_width;
2439 count -= bank->bus_width;
2446 /* return to read array mode, so we can read from flash again for padding */
2447 retval = cfi_reset(bank);
2448 if (retval != ERROR_OK)
2451 /* handle unaligned tail bytes */
2453 LOG_INFO("Fixup %" PRId32 " unaligned tail bytes", count);
2455 /* read a complete word from flash */
2456 retval = target_read_memory(target, write_p, bank->bus_width, 1, current_word);
2457 if (retval != ERROR_OK)
2460 /* replace only bytes that must be written */
2461 for (i = 0; (i < bank->bus_width) && (count > 0); i++, count--)
2462 current_word[i] = *buffer++;
2464 retval = cfi_write_word(bank, current_word, write_p);
2465 if (retval != ERROR_OK)
2469 /* return to read array mode */
2470 return cfi_reset(bank);
2473 static void cfi_fixup_reversed_erase_regions(struct flash_bank *bank, void *param)
2476 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2477 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2479 pri_ext->_reversed_geometry = 1;
2482 static void cfi_fixup_0002_erase_regions(struct flash_bank *bank, void *param)
2485 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2486 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2489 if ((pri_ext->_reversed_geometry) || (pri_ext->TopBottom == 3)) {
2490 LOG_DEBUG("swapping reversed erase region information on cmdset 0002 device");
2492 for (i = 0; i < cfi_info->num_erase_regions / 2; i++) {
2493 int j = (cfi_info->num_erase_regions - 1) - i;
2496 swap = cfi_info->erase_region_info[i];
2497 cfi_info->erase_region_info[i] = cfi_info->erase_region_info[j];
2498 cfi_info->erase_region_info[j] = swap;
2503 static void cfi_fixup_0002_unlock_addresses(struct flash_bank *bank, void *param)
2505 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2506 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2507 struct cfi_unlock_addresses *unlock_addresses = param;
2509 pri_ext->_unlock1 = unlock_addresses->unlock1;
2510 pri_ext->_unlock2 = unlock_addresses->unlock2;
2514 static int cfi_query_string(struct flash_bank *bank, int address)
2516 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2519 retval = cfi_send_command(bank, 0x98, flash_address(bank, 0, address));
2520 if (retval != ERROR_OK)
2523 retval = cfi_query_u8(bank, 0, 0x10, &cfi_info->qry[0]);
2524 if (retval != ERROR_OK)
2526 retval = cfi_query_u8(bank, 0, 0x11, &cfi_info->qry[1]);
2527 if (retval != ERROR_OK)
2529 retval = cfi_query_u8(bank, 0, 0x12, &cfi_info->qry[2]);
2530 if (retval != ERROR_OK)
2533 LOG_DEBUG("CFI qry returned: 0x%2.2x 0x%2.2x 0x%2.2x",
2534 cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2]);
2536 if ((cfi_info->qry[0] != 'Q') || (cfi_info->qry[1] != 'R') || (cfi_info->qry[2] != 'Y')) {
2537 retval = cfi_reset(bank);
2538 if (retval != ERROR_OK)
2540 LOG_ERROR("Could not probe bank: no QRY");
2541 return ERROR_FLASH_BANK_INVALID;
2547 static int cfi_probe(struct flash_bank *bank)
2549 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2550 struct target *target = bank->target;
2551 int num_sectors = 0;
2554 uint32_t unlock1 = 0x555;
2555 uint32_t unlock2 = 0x2aa;
2557 uint8_t value_buf0[CFI_MAX_BUS_WIDTH], value_buf1[CFI_MAX_BUS_WIDTH];
2559 if (bank->target->state != TARGET_HALTED) {
2560 LOG_ERROR("Target not halted");
2561 return ERROR_TARGET_NOT_HALTED;
2564 cfi_info->probed = 0;
2565 cfi_info->num_erase_regions = 0;
2566 if (bank->sectors) {
2567 free(bank->sectors);
2568 bank->sectors = NULL;
2570 if (cfi_info->erase_region_info) {
2571 free(cfi_info->erase_region_info);
2572 cfi_info->erase_region_info = NULL;
2575 /* JEDEC standard JESD21C uses 0x5555 and 0x2aaa as unlock addresses,
2576 * while CFI compatible AMD/Spansion flashes use 0x555 and 0x2aa
2578 if (cfi_info->jedec_probe) {
2583 /* switch to read identifier codes mode ("AUTOSELECT") */
2584 retval = cfi_send_command(bank, 0xaa, flash_address(bank, 0, unlock1));
2585 if (retval != ERROR_OK)
2587 retval = cfi_send_command(bank, 0x55, flash_address(bank, 0, unlock2));
2588 if (retval != ERROR_OK)
2590 retval = cfi_send_command(bank, 0x90, flash_address(bank, 0, unlock1));
2591 if (retval != ERROR_OK)
2594 retval = target_read_memory(target, flash_address(bank, 0, 0x00),
2595 bank->bus_width, 1, value_buf0);
2596 if (retval != ERROR_OK)
2598 retval = target_read_memory(target, flash_address(bank, 0, 0x01),
2599 bank->bus_width, 1, value_buf1);
2600 if (retval != ERROR_OK)
2602 switch (bank->chip_width) {
2604 cfi_info->manufacturer = *value_buf0;
2605 cfi_info->device_id = *value_buf1;
2608 cfi_info->manufacturer = target_buffer_get_u16(target, value_buf0);
2609 cfi_info->device_id = target_buffer_get_u16(target, value_buf1);
2612 cfi_info->manufacturer = target_buffer_get_u32(target, value_buf0);
2613 cfi_info->device_id = target_buffer_get_u32(target, value_buf1);
2616 LOG_ERROR("Unsupported bank chipwidth %d, can't probe memory",
2618 return ERROR_FLASH_OPERATION_FAILED;
2621 LOG_INFO("Flash Manufacturer/Device: 0x%04x 0x%04x",
2622 cfi_info->manufacturer, cfi_info->device_id);
2623 /* switch back to read array mode */
2624 retval = cfi_reset(bank);
2625 if (retval != ERROR_OK)
2628 /* check device/manufacturer ID for known non-CFI flashes. */
2629 cfi_fixup_non_cfi(bank);
2631 /* query only if this is a CFI compatible flash,
2632 * otherwise the relevant info has already been filled in
2634 if (cfi_info->not_cfi == 0) {
2635 /* enter CFI query mode
2636 * according to JEDEC Standard No. 68.01,
2637 * a single bus sequence with address = 0x55, data = 0x98 should put
2638 * the device into CFI query mode.
2640 * SST flashes clearly violate this, and we will consider them incompatbile for now
2643 retval = cfi_query_string(bank, 0x55);
2644 if (retval != ERROR_OK) {
2646 * Spansion S29WS-N CFI query fix is to try 0x555 if 0x55 fails. Should
2647 * be harmless enough:
2649 * http://www.infradead.org/pipermail/linux-mtd/2005-September/013618.html
2651 LOG_USER("Try workaround w/0x555 instead of 0x55 to get QRY.");
2652 retval = cfi_query_string(bank, 0x555);
2654 if (retval != ERROR_OK)
2657 retval = cfi_query_u16(bank, 0, 0x13, &cfi_info->pri_id);
2658 if (retval != ERROR_OK)
2660 retval = cfi_query_u16(bank, 0, 0x15, &cfi_info->pri_addr);
2661 if (retval != ERROR_OK)
2663 retval = cfi_query_u16(bank, 0, 0x17, &cfi_info->alt_id);
2664 if (retval != ERROR_OK)
2666 retval = cfi_query_u16(bank, 0, 0x19, &cfi_info->alt_addr);
2667 if (retval != ERROR_OK)
2670 LOG_DEBUG("qry: '%c%c%c', pri_id: 0x%4.4x, pri_addr: 0x%4.4x, alt_id: "
2671 "0x%4.4x, alt_addr: 0x%4.4x", cfi_info->qry[0], cfi_info->qry[1],
2672 cfi_info->qry[2], cfi_info->pri_id, cfi_info->pri_addr,
2673 cfi_info->alt_id, cfi_info->alt_addr);
2675 retval = cfi_query_u8(bank, 0, 0x1b, &cfi_info->vcc_min);
2676 if (retval != ERROR_OK)
2678 retval = cfi_query_u8(bank, 0, 0x1c, &cfi_info->vcc_max);
2679 if (retval != ERROR_OK)
2681 retval = cfi_query_u8(bank, 0, 0x1d, &cfi_info->vpp_min);
2682 if (retval != ERROR_OK)
2684 retval = cfi_query_u8(bank, 0, 0x1e, &cfi_info->vpp_max);
2685 if (retval != ERROR_OK)
2688 retval = cfi_query_u8(bank, 0, 0x1f, &cfi_info->word_write_timeout_typ);
2689 if (retval != ERROR_OK)
2691 retval = cfi_query_u8(bank, 0, 0x20, &cfi_info->buf_write_timeout_typ);
2692 if (retval != ERROR_OK)
2694 retval = cfi_query_u8(bank, 0, 0x21, &cfi_info->block_erase_timeout_typ);
2695 if (retval != ERROR_OK)
2697 retval = cfi_query_u8(bank, 0, 0x22, &cfi_info->chip_erase_timeout_typ);
2698 if (retval != ERROR_OK)
2700 retval = cfi_query_u8(bank, 0, 0x23, &cfi_info->word_write_timeout_max);
2701 if (retval != ERROR_OK)
2703 retval = cfi_query_u8(bank, 0, 0x24, &cfi_info->buf_write_timeout_max);
2704 if (retval != ERROR_OK)
2706 retval = cfi_query_u8(bank, 0, 0x25, &cfi_info->block_erase_timeout_max);
2707 if (retval != ERROR_OK)
2709 retval = cfi_query_u8(bank, 0, 0x26, &cfi_info->chip_erase_timeout_max);
2710 if (retval != ERROR_OK)
2714 retval = cfi_query_u8(bank, 0, 0x27, &data);
2715 if (retval != ERROR_OK)
2717 cfi_info->dev_size = 1 << data;
2719 retval = cfi_query_u16(bank, 0, 0x28, &cfi_info->interface_desc);
2720 if (retval != ERROR_OK)
2722 retval = cfi_query_u16(bank, 0, 0x2a, &cfi_info->max_buf_write_size);
2723 if (retval != ERROR_OK)
2725 retval = cfi_query_u8(bank, 0, 0x2c, &cfi_info->num_erase_regions);
2726 if (retval != ERROR_OK)
2729 LOG_DEBUG("size: 0x%" PRIx32 ", interface desc: %i, max buffer write size: 0x%x",
2730 cfi_info->dev_size, cfi_info->interface_desc,
2731 (1 << cfi_info->max_buf_write_size));
2733 if (cfi_info->num_erase_regions) {
2734 cfi_info->erase_region_info = malloc(sizeof(*cfi_info->erase_region_info)
2735 * cfi_info->num_erase_regions);
2736 for (i = 0; i < cfi_info->num_erase_regions; i++) {
2737 retval = cfi_query_u32(bank,
2740 &cfi_info->erase_region_info[i]);
2741 if (retval != ERROR_OK)
2744 "erase region[%i]: %" PRIu32 " blocks of size 0x%" PRIx32 "",
2746 (cfi_info->erase_region_info[i] & 0xffff) + 1,
2747 (cfi_info->erase_region_info[i] >> 16) * 256);
2750 cfi_info->erase_region_info = NULL;
2752 /* We need to read the primary algorithm extended query table before calculating
2753 * the sector layout to be able to apply fixups
2755 switch (cfi_info->pri_id) {
2756 /* Intel command set (standard and extended) */
2759 cfi_read_intel_pri_ext(bank);
2761 /* AMD/Spansion, Atmel, ... command set */
2763 cfi_info->status_poll_mask = CFI_STATUS_POLL_MASK_DQ5_DQ6_DQ7; /*
2770 cfi_read_0002_pri_ext(bank);
2773 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2777 /* return to read array mode
2778 * we use both reset commands, as some Intel flashes fail to recognize the 0xF0 command
2780 retval = cfi_reset(bank);
2781 if (retval != ERROR_OK)
2783 } /* end CFI case */
2785 LOG_DEBUG("Vcc min: %x.%x, Vcc max: %x.%x, Vpp min: %u.%x, Vpp max: %u.%x",
2786 (cfi_info->vcc_min & 0xf0) >> 4, cfi_info->vcc_min & 0x0f,
2787 (cfi_info->vcc_max & 0xf0) >> 4, cfi_info->vcc_max & 0x0f,
2788 (cfi_info->vpp_min & 0xf0) >> 4, cfi_info->vpp_min & 0x0f,
2789 (cfi_info->vpp_max & 0xf0) >> 4, cfi_info->vpp_max & 0x0f);
2791 LOG_DEBUG("typ. word write timeout: %u us, typ. buf write timeout: %u us, "
2792 "typ. block erase timeout: %u ms, typ. chip erase timeout: %u ms",
2793 1 << cfi_info->word_write_timeout_typ, 1 << cfi_info->buf_write_timeout_typ,
2794 1 << cfi_info->block_erase_timeout_typ, 1 << cfi_info->chip_erase_timeout_typ);
2796 LOG_DEBUG("max. word write timeout: %u us, max. buf write timeout: %u us, "
2797 "max. block erase timeout: %u ms, max. chip erase timeout: %u ms",
2798 (1 << cfi_info->word_write_timeout_max) * (1 << cfi_info->word_write_timeout_typ),
2799 (1 << cfi_info->buf_write_timeout_max) * (1 << cfi_info->buf_write_timeout_typ),
2800 (1 << cfi_info->block_erase_timeout_max) * (1 << cfi_info->block_erase_timeout_typ),
2801 (1 << cfi_info->chip_erase_timeout_max) * (1 << cfi_info->chip_erase_timeout_typ));
2803 /* convert timeouts to real values in ms */
2804 cfi_info->word_write_timeout = DIV_ROUND_UP((1L << cfi_info->word_write_timeout_typ) *
2805 (1L << cfi_info->word_write_timeout_max), 1000);
2806 cfi_info->buf_write_timeout = DIV_ROUND_UP((1L << cfi_info->buf_write_timeout_typ) *
2807 (1L << cfi_info->buf_write_timeout_max), 1000);
2808 cfi_info->block_erase_timeout = (1L << cfi_info->block_erase_timeout_typ) *
2809 (1L << cfi_info->block_erase_timeout_max);
2810 cfi_info->chip_erase_timeout = (1L << cfi_info->chip_erase_timeout_typ) *
2811 (1L << cfi_info->chip_erase_timeout_max);
2813 LOG_DEBUG("calculated word write timeout: %u ms, buf write timeout: %u ms, "
2814 "block erase timeout: %u ms, chip erase timeout: %u ms",
2815 cfi_info->word_write_timeout, cfi_info->buf_write_timeout,
2816 cfi_info->block_erase_timeout, cfi_info->chip_erase_timeout);
2818 /* apply fixups depending on the primary command set */
2819 switch (cfi_info->pri_id) {
2820 /* Intel command set (standard and extended) */
2823 cfi_fixup(bank, cfi_0001_fixups);
2825 /* AMD/Spansion, Atmel, ... command set */
2827 cfi_fixup(bank, cfi_0002_fixups);
2830 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2834 if ((cfi_info->dev_size * bank->bus_width / bank->chip_width) != bank->size) {
2835 LOG_WARNING("configuration specifies 0x%" PRIx32 " size, but a 0x%" PRIx32
2836 " size flash was found", bank->size, cfi_info->dev_size);
2839 if (cfi_info->num_erase_regions == 0) {
2840 /* a device might have only one erase block, spanning the whole device */
2841 bank->num_sectors = 1;
2842 bank->sectors = malloc(sizeof(struct flash_sector));
2844 bank->sectors[sector].offset = 0x0;
2845 bank->sectors[sector].size = bank->size;
2846 bank->sectors[sector].is_erased = -1;
2847 bank->sectors[sector].is_protected = -1;
2849 uint32_t offset = 0;
2851 for (i = 0; i < cfi_info->num_erase_regions; i++)
2852 num_sectors += (cfi_info->erase_region_info[i] & 0xffff) + 1;
2854 bank->num_sectors = num_sectors;
2855 bank->sectors = malloc(sizeof(struct flash_sector) * num_sectors);
2857 for (i = 0; i < cfi_info->num_erase_regions; i++) {
2859 for (j = 0; j < (cfi_info->erase_region_info[i] & 0xffff) + 1; j++) {
2860 bank->sectors[sector].offset = offset;
2861 bank->sectors[sector].size =
2862 ((cfi_info->erase_region_info[i] >> 16) * 256)
2863 * bank->bus_width / bank->chip_width;
2864 offset += bank->sectors[sector].size;
2865 bank->sectors[sector].is_erased = -1;
2866 bank->sectors[sector].is_protected = -1;
2870 if (offset != (cfi_info->dev_size * bank->bus_width / bank->chip_width)) {
2872 "CFI size is 0x%" PRIx32 ", but total sector size is 0x%" PRIx32 "", \
2873 (cfi_info->dev_size * bank->bus_width / bank->chip_width),
2878 cfi_info->probed = 1;
2883 static int cfi_auto_probe(struct flash_bank *bank)
2885 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2886 if (cfi_info->probed)
2888 return cfi_probe(bank);
2891 static int cfi_intel_protect_check(struct flash_bank *bank)
2894 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2895 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
2898 /* check if block lock bits are supported on this device */
2899 if (!(pri_ext->blk_status_reg_mask & 0x1))
2900 return ERROR_FLASH_OPERATION_FAILED;
2902 retval = cfi_send_command(bank, 0x90, flash_address(bank, 0, 0x55));
2903 if (retval != ERROR_OK)
2906 for (i = 0; i < bank->num_sectors; i++) {
2907 uint8_t block_status;
2908 retval = cfi_get_u8(bank, i, 0x2, &block_status);
2909 if (retval != ERROR_OK)
2912 if (block_status & 1)
2913 bank->sectors[i].is_protected = 1;
2915 bank->sectors[i].is_protected = 0;
2918 return cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
2921 static int cfi_spansion_protect_check(struct flash_bank *bank)
2924 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2925 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2928 retval = cfi_send_command(bank, 0xaa, flash_address(bank, 0, pri_ext->_unlock1));
2929 if (retval != ERROR_OK)
2932 retval = cfi_send_command(bank, 0x55, flash_address(bank, 0, pri_ext->_unlock2));
2933 if (retval != ERROR_OK)
2936 retval = cfi_send_command(bank, 0x90, flash_address(bank, 0, pri_ext->_unlock1));
2937 if (retval != ERROR_OK)
2940 for (i = 0; i < bank->num_sectors; i++) {
2941 uint8_t block_status;
2942 retval = cfi_get_u8(bank, i, 0x2, &block_status);
2943 if (retval != ERROR_OK)
2946 if (block_status & 1)
2947 bank->sectors[i].is_protected = 1;
2949 bank->sectors[i].is_protected = 0;
2952 return cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
2955 static int cfi_protect_check(struct flash_bank *bank)
2957 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2959 if (bank->target->state != TARGET_HALTED) {
2960 LOG_ERROR("Target not halted");
2961 return ERROR_TARGET_NOT_HALTED;
2964 if (cfi_info->qry[0] != 'Q')
2965 return ERROR_FLASH_BANK_NOT_PROBED;
2967 switch (cfi_info->pri_id) {
2970 return cfi_intel_protect_check(bank);
2973 return cfi_spansion_protect_check(bank);
2976 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2983 static int get_cfi_info(struct flash_bank *bank, char *buf, int buf_size)
2986 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2988 if (cfi_info->qry[0] == 0xff) {
2989 snprintf(buf, buf_size, "\ncfi flash bank not probed yet\n");
2993 if (cfi_info->not_cfi == 0)
2994 printed = snprintf(buf, buf_size, "\nCFI flash: ");
2996 printed = snprintf(buf, buf_size, "\nnon-CFI flash: ");
2998 buf_size -= printed;
3000 printed = snprintf(buf, buf_size, "mfr: 0x%4.4x, id:0x%4.4x\n\n",
3001 cfi_info->manufacturer, cfi_info->device_id);
3003 buf_size -= printed;
3005 printed = snprintf(buf, buf_size, "qry: '%c%c%c', pri_id: 0x%4.4x, pri_addr: "
3006 "0x%4.4x, alt_id: 0x%4.4x, alt_addr: 0x%4.4x\n",
3007 cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2],
3008 cfi_info->pri_id, cfi_info->pri_addr, cfi_info->alt_id, cfi_info->alt_addr);
3010 buf_size -= printed;
3012 printed = snprintf(buf, buf_size, "Vcc min: %x.%x, Vcc max: %x.%x, "
3013 "Vpp min: %u.%x, Vpp max: %u.%x\n",
3014 (cfi_info->vcc_min & 0xf0) >> 4, cfi_info->vcc_min & 0x0f,
3015 (cfi_info->vcc_max & 0xf0) >> 4, cfi_info->vcc_max & 0x0f,
3016 (cfi_info->vpp_min & 0xf0) >> 4, cfi_info->vpp_min & 0x0f,
3017 (cfi_info->vpp_max & 0xf0) >> 4, cfi_info->vpp_max & 0x0f);
3019 buf_size -= printed;
3021 printed = snprintf(buf, buf_size, "typ. word write timeout: %u us, "
3022 "typ. buf write timeout: %u us, "
3023 "typ. block erase timeout: %u ms, "
3024 "typ. chip erase timeout: %u ms\n",
3025 1 << cfi_info->word_write_timeout_typ,
3026 1 << cfi_info->buf_write_timeout_typ,
3027 1 << cfi_info->block_erase_timeout_typ,
3028 1 << cfi_info->chip_erase_timeout_typ);
3030 buf_size -= printed;
3032 printed = snprintf(buf,
3034 "max. word write timeout: %u us, "
3035 "max. buf write timeout: %u us, max. "
3036 "block erase timeout: %u ms, max. chip erase timeout: %u ms\n",
3038 cfi_info->word_write_timeout_max) * (1 << cfi_info->word_write_timeout_typ),
3040 cfi_info->buf_write_timeout_max) * (1 << cfi_info->buf_write_timeout_typ),
3042 cfi_info->block_erase_timeout_max) *
3043 (1 << cfi_info->block_erase_timeout_typ),
3045 cfi_info->chip_erase_timeout_max) *
3046 (1 << cfi_info->chip_erase_timeout_typ));
3048 buf_size -= printed;
3050 printed = snprintf(buf, buf_size, "size: 0x%" PRIx32 ", interface desc: %i, "
3051 "max buffer write size: 0x%x\n",
3053 cfi_info->interface_desc,
3054 1 << cfi_info->max_buf_write_size);
3056 buf_size -= printed;
3058 switch (cfi_info->pri_id) {
3061 cfi_intel_info(bank, buf, buf_size);
3064 cfi_spansion_info(bank, buf, buf_size);
3067 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
3074 static void cfi_fixup_0002_write_buffer(struct flash_bank *bank, void *param)
3076 struct cfi_flash_bank *cfi_info = bank->driver_priv;
3078 /* disable write buffer for M29W128G */
3079 cfi_info->buf_write_timeout_typ = 0;
3082 struct flash_driver cfi_flash = {
3084 .flash_bank_command = cfi_flash_bank_command,
3086 .protect = cfi_protect,
3090 .auto_probe = cfi_auto_probe,
3091 /* FIXME: access flash at bus_width size */
3092 .erase_check = default_flash_blank_check,
3093 .protect_check = cfi_protect_check,
3094 .info = get_cfi_info,