1 /***************************************************************************
2 * Copyright (C) 2006 by Magnus Lundin *
5 * Copyright (C) 2008 by Spencer Oliver *
6 * spen@spen-soft.co.uk *
8 * Copyright (C) 2009-2010 by Oyvind Harboe *
9 * oyvind.harboe@zylin.com *
11 * Copyright (C) 2009-2010 by David Brownell *
13 * This program is free software; you can redistribute it and/or modify *
14 * it under the terms of the GNU General Public License as published by *
15 * the Free Software Foundation; either version 2 of the License, or *
16 * (at your option) any later version. *
18 * This program is distributed in the hope that it will be useful, *
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
21 * GNU General Public License for more details. *
23 * You should have received a copy of the GNU General Public License *
24 * along with this program; if not, write to the *
25 * Free Software Foundation, Inc., *
26 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
27 ***************************************************************************/
31 * This file implements support for the ARM Debug Interface version 5 (ADIv5)
32 * debugging architecture. Compared with previous versions, this includes
33 * a low pin-count Serial Wire Debug (SWD) alternative to JTAG for message
34 * transport, and focusses on memory mapped resources as defined by the
35 * CoreSight architecture.
37 * A key concept in ADIv5 is the Debug Access Port, or DAP. A DAP has two
38 * basic components: a Debug Port (DP) transporting messages to and from a
39 * debugger, and an Access Port (AP) accessing resources. Three types of DP
40 * are defined. One uses only JTAG for communication, and is called JTAG-DP.
41 * One uses only SWD for communication, and is called SW-DP. The third can
42 * use either SWD or JTAG, and is called SWJ-DP. The most common type of AP
43 * is used to access memory mapped resources and is called a MEM-AP. Also a
44 * JTAG-AP is also defined, bridging to JTAG resources; those are uncommon.
46 * This programming interface allows DAP pipelined operations through a
47 * transaction queue. This primarily affects AP operations (such as using
48 * a MEM-AP to access memory or registers). If the current transaction has
49 * not finished by the time the next one must begin, and the ORUNDETECT bit
50 * is set in the DP_CTRL_STAT register, the SSTICKYORUN status is set and
51 * further AP operations will fail. There are two basic methods to avoid
52 * such overrun errors. One involves polling for status instead of using
53 * transaction piplining. The other involves adding delays to ensure the
54 * AP has enough time to complete one operation before starting the next
55 * one. (For JTAG these delays are controlled by memaccess_tck.)
59 * Relevant specifications from ARM include:
61 * ARM(tm) Debug Interface v5 Architecture Specification ARM IHI 0031A
62 * CoreSight(tm) v1.0 Architecture Specification ARM IHI 0029B
64 * CoreSight(tm) DAP-Lite TRM, ARM DDI 0316D
65 * Cortex-M3(tm) TRM, ARM DDI 0337G
73 #include "arm_adi_v5.h"
74 #include <helper/time_support.h>
77 /* ARM ADI Specification requires at least 10 bits used for TAR autoincrement */
80 uint32_t tar_block_size(uint32_t address)
81 Return the largest block starting at address that does not cross a tar block size alignment boundary
83 static uint32_t max_tar_block_size(uint32_t tar_autoincr_block, uint32_t address)
85 return (tar_autoincr_block - ((tar_autoincr_block - 1) & address)) >> 2;
88 /***************************************************************************
90 * DP and MEM-AP register access through APACC and DPACC *
92 ***************************************************************************/
95 * Select one of the APs connected to the specified DAP. The
96 * selection is implicitly used with future AP transactions.
97 * This is a NOP if the specified AP is already selected.
100 * @param apsel Number of the AP to (implicitly) use with further
101 * transactions. This normally identifies a MEM-AP.
103 void dap_ap_select(struct adiv5_dap *dap,uint8_t apsel)
105 uint32_t select_apsel = (apsel << 24) & 0xFF000000;
107 if (select_apsel != dap->apsel)
109 dap->apsel = select_apsel;
110 /* Switching AP invalidates cached values.
111 * Values MUST BE UPDATED BEFORE AP ACCESS.
113 dap->ap_bank_value = -1;
114 dap->ap_csw_value = -1;
115 dap->ap_tar_value = -1;
120 * Queue transactions setting up transfer parameters for the
121 * currently selected MEM-AP.
123 * Subsequent transfers using registers like AP_REG_DRW or AP_REG_BD2
124 * initiate data reads or writes using memory or peripheral addresses.
125 * If the CSW is configured for it, the TAR may be automatically
126 * incremented after each transfer.
128 * @todo Rename to reflect it being specifically a MEM-AP function.
130 * @param dap The DAP connected to the MEM-AP.
131 * @param csw MEM-AP Control/Status Word (CSW) register to assign. If this
132 * matches the cached value, the register is not changed.
133 * @param tar MEM-AP Transfer Address Register (TAR) to assign. If this
134 * matches the cached address, the register is not changed.
136 * @return ERROR_OK if the transaction was properly queued, else a fault code.
138 int dap_setup_accessport(struct adiv5_dap *dap, uint32_t csw, uint32_t tar)
142 csw = csw | CSW_DBGSWENABLE | CSW_MASTER_DEBUG | CSW_HPROT;
143 if (csw != dap->ap_csw_value)
145 /* LOG_DEBUG("DAP: Set CSW %x",csw); */
146 retval = dap_queue_ap_write(dap, AP_REG_CSW, csw);
147 if (retval != ERROR_OK)
149 dap->ap_csw_value = csw;
151 if (tar != dap->ap_tar_value)
153 /* LOG_DEBUG("DAP: Set TAR %x",tar); */
154 retval = dap_queue_ap_write(dap, AP_REG_TAR, tar);
155 if (retval != ERROR_OK)
157 dap->ap_tar_value = tar;
159 /* Disable TAR cache when autoincrementing */
160 if (csw & CSW_ADDRINC_MASK)
161 dap->ap_tar_value = -1;
166 * Asynchronous (queued) read of a word from memory or a system register.
168 * @param dap The DAP connected to the MEM-AP performing the read.
169 * @param address Address of the 32-bit word to read; it must be
170 * readable by the currently selected MEM-AP.
171 * @param value points to where the word will be stored when the
172 * transaction queue is flushed (assuming no errors).
174 * @return ERROR_OK for success. Otherwise a fault code.
176 int mem_ap_read_u32(struct adiv5_dap *dap, uint32_t address,
181 /* Use banked addressing (REG_BDx) to avoid some link traffic
182 * (updating TAR) when reading several consecutive addresses.
184 retval = dap_setup_accessport(dap, CSW_32BIT | CSW_ADDRINC_OFF,
185 address & 0xFFFFFFF0);
186 if (retval != ERROR_OK)
189 return dap_queue_ap_read(dap, AP_REG_BD0 | (address & 0xC), value);
193 * Synchronous read of a word from memory or a system register.
194 * As a side effect, this flushes any queued transactions.
196 * @param dap The DAP connected to the MEM-AP performing the read.
197 * @param address Address of the 32-bit word to read; it must be
198 * readable by the currently selected MEM-AP.
199 * @param value points to where the result will be stored.
201 * @return ERROR_OK for success; *value holds the result.
202 * Otherwise a fault code.
204 int mem_ap_read_atomic_u32(struct adiv5_dap *dap, uint32_t address,
209 retval = mem_ap_read_u32(dap, address, value);
210 if (retval != ERROR_OK)
217 * Asynchronous (queued) write of a word to memory or a system register.
219 * @param dap The DAP connected to the MEM-AP.
220 * @param address Address to be written; it must be writable by
221 * the currently selected MEM-AP.
222 * @param value Word that will be written to the address when transaction
223 * queue is flushed (assuming no errors).
225 * @return ERROR_OK for success. Otherwise a fault code.
227 int mem_ap_write_u32(struct adiv5_dap *dap, uint32_t address,
232 /* Use banked addressing (REG_BDx) to avoid some link traffic
233 * (updating TAR) when writing several consecutive addresses.
235 retval = dap_setup_accessport(dap, CSW_32BIT | CSW_ADDRINC_OFF,
236 address & 0xFFFFFFF0);
237 if (retval != ERROR_OK)
240 return dap_queue_ap_write(dap, AP_REG_BD0 | (address & 0xC),
245 * Synchronous write of a word to memory or a system register.
246 * As a side effect, this flushes any queued transactions.
248 * @param dap The DAP connected to the MEM-AP.
249 * @param address Address to be written; it must be writable by
250 * the currently selected MEM-AP.
251 * @param value Word that will be written.
253 * @return ERROR_OK for success; the data was written. Otherwise a fault code.
255 int mem_ap_write_atomic_u32(struct adiv5_dap *dap, uint32_t address,
258 int retval = mem_ap_write_u32(dap, address, value);
260 if (retval != ERROR_OK)
266 /*****************************************************************************
268 * mem_ap_write_buf(struct adiv5_dap *dap, uint8_t *buffer, int count, uint32_t address) *
270 * Write a buffer in target order (little endian) *
272 *****************************************************************************/
273 int mem_ap_write_buf_u32(struct adiv5_dap *dap, uint8_t *buffer, int count, uint32_t address)
275 int wcount, blocksize, writecount, errorcount = 0, retval = ERROR_OK;
276 uint32_t adr = address;
277 uint8_t* pBuffer = buffer;
282 /* if we have an unaligned access - reorder data */
285 for (writecount = 0; writecount < count; writecount++)
289 memcpy(&outvalue, pBuffer, sizeof(uint32_t));
291 for (i = 0; i < 4; i++)
293 *((uint8_t*)pBuffer + (adr & 0x3)) = outvalue;
297 pBuffer += sizeof(uint32_t);
303 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
304 blocksize = max_tar_block_size(dap->tar_autoincr_block, address);
305 if (wcount < blocksize)
308 /* handle unaligned data at 4k boundary */
312 retval = dap_setup_accessport(dap, CSW_32BIT | CSW_ADDRINC_SINGLE, address);
313 if (retval != ERROR_OK)
316 for (writecount = 0; writecount < blocksize; writecount++)
318 retval = dap_queue_ap_write(dap, AP_REG_DRW,
319 *(uint32_t *) ((void *) (buffer + 4 * writecount)));
320 if (retval != ERROR_OK)
324 if ((retval = dap_run(dap)) == ERROR_OK)
326 wcount = wcount - blocksize;
327 address = address + 4 * blocksize;
328 buffer = buffer + 4 * blocksize;
337 LOG_WARNING("Block write error address 0x%" PRIx32 ", wcount 0x%x", address, wcount);
345 static int mem_ap_write_buf_packed_u16(struct adiv5_dap *dap,
346 uint8_t *buffer, int count, uint32_t address)
348 int retval = ERROR_OK;
349 int wcount, blocksize, writecount, i;
357 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
358 blocksize = max_tar_block_size(dap->tar_autoincr_block, address);
360 if (wcount < blocksize)
363 /* handle unaligned data at 4k boundary */
367 retval = dap_setup_accessport(dap, CSW_16BIT | CSW_ADDRINC_PACKED, address);
368 if (retval != ERROR_OK)
370 writecount = blocksize;
374 nbytes = MIN((writecount << 1), 4);
378 retval = mem_ap_write_buf_u16(dap, buffer,
380 if (retval != ERROR_OK)
382 LOG_WARNING("Block write error address "
383 "0x%" PRIx32 ", count 0x%x",
388 address += nbytes >> 1;
393 memcpy(&outvalue, buffer, sizeof(uint32_t));
395 for (i = 0; i < nbytes; i++)
397 *((uint8_t*)buffer + (address & 0x3)) = outvalue;
402 memcpy(&outvalue, buffer, sizeof(uint32_t));
403 retval = dap_queue_ap_write(dap,
404 AP_REG_DRW, outvalue);
405 if (retval != ERROR_OK)
408 if ((retval = dap_run(dap)) != ERROR_OK)
410 LOG_WARNING("Block write error address "
411 "0x%" PRIx32 ", count 0x%x",
417 buffer += nbytes >> 1;
418 writecount -= nbytes >> 1;
420 } while (writecount);
427 int mem_ap_write_buf_u16(struct adiv5_dap *dap, uint8_t *buffer, int count, uint32_t address)
429 int retval = ERROR_OK;
432 return mem_ap_write_buf_packed_u16(dap, buffer, count, address);
436 retval = dap_setup_accessport(dap, CSW_16BIT | CSW_ADDRINC_SINGLE, address);
437 if (retval != ERROR_OK)
440 memcpy(&svalue, buffer, sizeof(uint16_t));
441 uint32_t outvalue = (uint32_t)svalue << 8 * (address & 0x3);
442 retval = dap_queue_ap_write(dap, AP_REG_DRW, outvalue);
443 if (retval != ERROR_OK)
446 retval = dap_run(dap);
447 if (retval != ERROR_OK)
458 static int mem_ap_write_buf_packed_u8(struct adiv5_dap *dap,
459 uint8_t *buffer, int count, uint32_t address)
461 int retval = ERROR_OK;
462 int wcount, blocksize, writecount, i;
470 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
471 blocksize = max_tar_block_size(dap->tar_autoincr_block, address);
473 if (wcount < blocksize)
476 retval = dap_setup_accessport(dap, CSW_8BIT | CSW_ADDRINC_PACKED, address);
477 if (retval != ERROR_OK)
479 writecount = blocksize;
483 nbytes = MIN(writecount, 4);
487 retval = mem_ap_write_buf_u8(dap, buffer, nbytes, address);
488 if (retval != ERROR_OK)
490 LOG_WARNING("Block write error address "
491 "0x%" PRIx32 ", count 0x%x",
501 memcpy(&outvalue, buffer, sizeof(uint32_t));
503 for (i = 0; i < nbytes; i++)
505 *((uint8_t*)buffer + (address & 0x3)) = outvalue;
510 memcpy(&outvalue, buffer, sizeof(uint32_t));
511 retval = dap_queue_ap_write(dap,
512 AP_REG_DRW, outvalue);
513 if (retval != ERROR_OK)
516 if ((retval = dap_run(dap)) != ERROR_OK)
518 LOG_WARNING("Block write error address "
519 "0x%" PRIx32 ", count 0x%x",
526 writecount -= nbytes;
528 } while (writecount);
535 int mem_ap_write_buf_u8(struct adiv5_dap *dap, uint8_t *buffer, int count, uint32_t address)
537 int retval = ERROR_OK;
540 return mem_ap_write_buf_packed_u8(dap, buffer, count, address);
544 retval = dap_setup_accessport(dap, CSW_8BIT | CSW_ADDRINC_SINGLE, address);
545 if (retval != ERROR_OK)
547 uint32_t outvalue = (uint32_t)*buffer << 8 * (address & 0x3);
548 retval = dap_queue_ap_write(dap, AP_REG_DRW, outvalue);
549 if (retval != ERROR_OK)
552 retval = dap_run(dap);
553 if (retval != ERROR_OK)
564 /* FIXME don't import ... this is a temporary workaround for the
565 * mem_ap_read_buf_u32() mess, until it's no longer JTAG-specific.
567 extern int adi_jtag_dp_scan(struct adiv5_dap *dap,
568 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
569 uint8_t *outvalue, uint8_t *invalue, uint8_t *ack);
572 * Synchronously read a block of 32-bit words into a buffer
573 * @param dap The DAP connected to the MEM-AP.
574 * @param buffer where the words will be stored (in host byte order).
575 * @param count How many words to read.
576 * @param address Memory address from which to read words; all the
577 * words must be readable by the currently selected MEM-AP.
579 int mem_ap_read_buf_u32(struct adiv5_dap *dap, uint8_t *buffer,
580 int count, uint32_t address)
582 int wcount, blocksize, readcount, errorcount = 0, retval = ERROR_OK;
583 uint32_t adr = address;
584 uint8_t* pBuffer = buffer;
591 /* Adjust to read blocks within boundaries aligned to the
592 * TAR autoincrement size (at least 2^10). Autoincrement
593 * mode avoids an extra per-word roundtrip to update TAR.
595 blocksize = max_tar_block_size(dap->tar_autoincr_block,
597 if (wcount < blocksize)
600 /* handle unaligned data at 4k boundary */
604 retval = dap_setup_accessport(dap, CSW_32BIT | CSW_ADDRINC_SINGLE,
606 if (retval != ERROR_OK)
609 /* FIXME remove these three calls to adi_jtag_dp_scan(),
610 * so this routine becomes transport-neutral. Be careful
611 * not to cause performance problems with JTAG; would it
612 * suffice to loop over dap_queue_ap_read(), or would that
613 * be slower when JTAG is the chosen transport?
616 /* Scan out first read */
617 retval = adi_jtag_dp_scan(dap, JTAG_DP_APACC, AP_REG_DRW,
618 DPAP_READ, 0, NULL, NULL);
619 if (retval != ERROR_OK)
621 for (readcount = 0; readcount < blocksize - 1; readcount++)
623 /* Scan out next read; scan in posted value for the
624 * previous one. Assumes read is acked "OK/FAULT",
625 * and CTRL_STAT says that meant "OK".
627 retval = adi_jtag_dp_scan(dap, JTAG_DP_APACC, AP_REG_DRW,
628 DPAP_READ, 0, buffer + 4 * readcount,
630 if (retval != ERROR_OK)
634 /* Scan in last posted value; RDBUFF has no other effect,
635 * assuming ack is OK/FAULT and CTRL_STAT says "OK".
637 retval = adi_jtag_dp_scan(dap, JTAG_DP_DPACC, DP_RDBUFF,
638 DPAP_READ, 0, buffer + 4 * readcount,
640 if (retval != ERROR_OK)
643 retval = dap_run(dap);
644 if (retval != ERROR_OK)
652 LOG_WARNING("Block read error address 0x%" PRIx32, address);
655 wcount = wcount - blocksize;
656 address += 4 * blocksize;
657 buffer += 4 * blocksize;
660 /* if we have an unaligned access - reorder data */
663 for (readcount = 0; readcount < count; readcount++)
667 memcpy(&data, pBuffer, sizeof(uint32_t));
669 for (i = 0; i < 4; i++)
671 *((uint8_t*)pBuffer) =
672 (data >> 8 * (adr & 0x3));
682 static int mem_ap_read_buf_packed_u16(struct adiv5_dap *dap,
683 uint8_t *buffer, int count, uint32_t address)
686 int retval = ERROR_OK;
687 int wcount, blocksize, readcount, i;
695 /* Adjust to read blocks within boundaries aligned to the TAR autoincremnent size*/
696 blocksize = max_tar_block_size(dap->tar_autoincr_block, address);
697 if (wcount < blocksize)
700 retval = dap_setup_accessport(dap, CSW_16BIT | CSW_ADDRINC_PACKED, address);
701 if (retval != ERROR_OK)
704 /* handle unaligned data at 4k boundary */
707 readcount = blocksize;
711 retval = dap_queue_ap_read(dap, AP_REG_DRW, &invalue);
712 if (retval != ERROR_OK)
714 if ((retval = dap_run(dap)) != ERROR_OK)
716 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
720 nbytes = MIN((readcount << 1), 4);
722 for (i = 0; i < nbytes; i++)
724 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
729 readcount -= (nbytes >> 1);
738 * Synchronously read a block of 16-bit halfwords into a buffer
739 * @param dap The DAP connected to the MEM-AP.
740 * @param buffer where the halfwords will be stored (in host byte order).
741 * @param count How many halfwords to read.
742 * @param address Memory address from which to read words; all the
743 * words must be readable by the currently selected MEM-AP.
745 int mem_ap_read_buf_u16(struct adiv5_dap *dap, uint8_t *buffer,
746 int count, uint32_t address)
749 int retval = ERROR_OK;
752 return mem_ap_read_buf_packed_u16(dap, buffer, count, address);
756 retval = dap_setup_accessport(dap, CSW_16BIT | CSW_ADDRINC_SINGLE, address);
757 if (retval != ERROR_OK)
759 retval = dap_queue_ap_read(dap, AP_REG_DRW, &invalue);
760 if (retval != ERROR_OK)
763 retval = dap_run(dap);
764 if (retval != ERROR_OK)
769 for (i = 0; i < 2; i++)
771 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
778 uint16_t svalue = (invalue >> 8 * (address & 0x3));
779 memcpy(buffer, &svalue, sizeof(uint16_t));
789 /* FIX!!! is this a potential performance bottleneck w.r.t. requiring too many
790 * roundtrips when jtag_execute_queue() has a large overhead(e.g. for USB)s?
792 * The solution is to arrange for a large out/in scan in this loop and
793 * and convert data afterwards.
795 static int mem_ap_read_buf_packed_u8(struct adiv5_dap *dap,
796 uint8_t *buffer, int count, uint32_t address)
799 int retval = ERROR_OK;
800 int wcount, blocksize, readcount, i;
808 /* Adjust to read blocks within boundaries aligned to the TAR autoincremnent size*/
809 blocksize = max_tar_block_size(dap->tar_autoincr_block, address);
811 if (wcount < blocksize)
814 retval = dap_setup_accessport(dap, CSW_8BIT | CSW_ADDRINC_PACKED, address);
815 if (retval != ERROR_OK)
817 readcount = blocksize;
821 retval = dap_queue_ap_read(dap, AP_REG_DRW, &invalue);
822 if (retval != ERROR_OK)
824 if ((retval = dap_run(dap)) != ERROR_OK)
826 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
830 nbytes = MIN(readcount, 4);
832 for (i = 0; i < nbytes; i++)
834 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
848 * Synchronously read a block of bytes into a buffer
849 * @param dap The DAP connected to the MEM-AP.
850 * @param buffer where the bytes will be stored.
851 * @param count How many bytes to read.
852 * @param address Memory address from which to read data; all the
853 * data must be readable by the currently selected MEM-AP.
855 int mem_ap_read_buf_u8(struct adiv5_dap *dap, uint8_t *buffer,
856 int count, uint32_t address)
859 int retval = ERROR_OK;
862 return mem_ap_read_buf_packed_u8(dap, buffer, count, address);
866 retval = dap_setup_accessport(dap, CSW_8BIT | CSW_ADDRINC_SINGLE, address);
867 if (retval != ERROR_OK)
869 retval = dap_queue_ap_read(dap, AP_REG_DRW, &invalue);
870 if (retval != ERROR_OK)
872 retval = dap_run(dap);
873 if (retval != ERROR_OK)
876 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
885 /*--------------------------------------------------------------------------*/
888 /* FIXME don't import ... just initialize as
889 * part of DAP transport setup
891 extern const struct dap_ops jtag_dp_ops;
893 /*--------------------------------------------------------------------------*/
896 * Initialize a DAP. This sets up the power domains, prepares the DP
897 * for further use, and arranges to use AP #0 for all AP operations
898 * until dap_ap-select() changes that policy.
900 * @param dap The DAP being initialized.
902 * @todo Rename this. We also need an initialization scheme which account
903 * for SWD transports not just JTAG; that will need to address differences
904 * in layering. (JTAG is useful without any debug target; but not SWD.)
905 * And this may not even use an AHB-AP ... e.g. DAP-Lite uses an APB-AP.
907 int ahbap_debugport_init(struct adiv5_dap *dap)
915 /* JTAG-DP or SWJ-DP, in JTAG mode
916 * ... for SWD mode this is patched as part
920 dap->ops = &jtag_dp_ops;
922 /* Default MEM-AP setup.
924 * REVISIT AP #0 may be an inappropriate default for this.
925 * Should we probe, or take a hint from the caller?
926 * Presumably we can ignore the possibility of multiple APs.
929 dap_ap_select(dap, 0);
931 /* DP initialization */
933 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
934 if (retval != ERROR_OK)
937 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, SSTICKYERR);
938 if (retval != ERROR_OK)
941 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
942 if (retval != ERROR_OK)
945 dap->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ;
946 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, dap->dp_ctrl_stat);
947 if (retval != ERROR_OK)
950 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, &ctrlstat);
951 if (retval != ERROR_OK)
953 if ((retval = dap_run(dap)) != ERROR_OK)
956 /* Check that we have debug power domains activated */
957 while (!(ctrlstat & CDBGPWRUPACK) && (cnt++ < 10))
959 LOG_DEBUG("DAP: wait CDBGPWRUPACK");
960 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, &ctrlstat);
961 if (retval != ERROR_OK)
963 if ((retval = dap_run(dap)) != ERROR_OK)
968 while (!(ctrlstat & CSYSPWRUPACK) && (cnt++ < 10))
970 LOG_DEBUG("DAP: wait CSYSPWRUPACK");
971 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, &ctrlstat);
972 if (retval != ERROR_OK)
974 if ((retval = dap_run(dap)) != ERROR_OK)
979 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
980 if (retval != ERROR_OK)
982 /* With debug power on we can activate OVERRUN checking */
983 dap->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ | CORUNDETECT;
984 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, dap->dp_ctrl_stat);
985 if (retval != ERROR_OK)
987 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
988 if (retval != ERROR_OK)
994 /* CID interpretation -- see ARM IHI 0029B section 3
995 * and ARM IHI 0031A table 13-3.
997 static const char *class_description[16] ={
998 "Reserved", "ROM table", "Reserved", "Reserved",
999 "Reserved", "Reserved", "Reserved", "Reserved",
1000 "Reserved", "CoreSight component", "Reserved", "Peripheral Test Block",
1001 "Reserved", "OptimoDE DESS",
1002 "Generic IP component", "PrimeCell or System component"
1006 is_dap_cid_ok(uint32_t cid3, uint32_t cid2, uint32_t cid1, uint32_t cid0)
1008 return cid3 == 0xb1 && cid2 == 0x05
1009 && ((cid1 & 0x0f) == 0) && cid0 == 0x0d;
1016 uint32_t correct_dbgbase;
1019 { 0x80000000, 0x04770002, 0x1ba00477, 0x60000000, "imx51" },
1022 int dap_get_debugbase(struct adiv5_dap *dap, int apsel,
1023 uint32_t *out_dbgbase, uint32_t *out_apid)
1028 uint32_t dbgbase, apid, idcode;
1030 /* AP address is in bits 31:24 of DP_SELECT */
1032 return ERROR_INVALID_ARGUMENTS;
1034 apselold = dap->apsel;
1035 dap_ap_select(dap, apsel);
1037 retval = dap_queue_ap_read(dap, AP_REG_BASE, &dbgbase);
1038 if (retval != ERROR_OK)
1040 retval = dap_queue_ap_read(dap, AP_REG_IDR, &apid);
1041 if (retval != ERROR_OK)
1043 retval = dap_run(dap);
1044 if (retval != ERROR_OK)
1047 /* Excavate the device ID code */
1048 struct jtag_tap *tap = dap->jtag_info->tap;
1049 while (tap != NULL) {
1050 if (tap->hasidcode) {
1051 idcode = tap->idcode;
1054 tap = tap->next_tap;
1056 if (tap == NULL || !tap->hasidcode)
1059 /* Some CPUs are messed up, so fixup if needed. */
1060 for (i = 0; i < sizeof(broken_cpus)/sizeof(struct broken_cpu); i++)
1061 if (broken_cpus[i].dbgbase == dbgbase &&
1062 broken_cpus[i].apid == apid &&
1063 broken_cpus[i].idcode == idcode) {
1064 LOG_WARNING("Found broken CPU (%s), trying to fixup "
1065 "ROM Table location from 0x%08x to 0x%08x",
1066 broken_cpus[i].model, dbgbase,
1067 broken_cpus[i].correct_dbgbase);
1068 dbgbase = broken_cpus[i].correct_dbgbase;
1072 dap_ap_select(dap, apselold);
1074 /* The asignment happens only here to prevent modification of these
1075 * values before they are certain. */
1076 *out_dbgbase = dbgbase;
1082 int dap_lookup_cs_component(struct adiv5_dap *dap, int apsel,
1083 uint32_t dbgbase, uint8_t type, uint32_t *addr)
1086 uint32_t romentry, entry_offset = 0, component_base, devtype;
1087 int retval = ERROR_FAIL;
1090 return ERROR_INVALID_ARGUMENTS;
1092 apselold = dap->apsel;
1093 dap_ap_select(dap, apsel);
1097 retval = mem_ap_read_atomic_u32(dap, (dbgbase&0xFFFFF000) |
1098 entry_offset, &romentry);
1099 if (retval != ERROR_OK)
1102 component_base = (dbgbase & 0xFFFFF000)
1103 + (romentry & 0xFFFFF000);
1105 if (romentry & 0x1) {
1106 retval = mem_ap_read_atomic_u32(dap,
1107 (component_base & 0xfffff000) | 0xfcc,
1109 if ((devtype & 0xff) == type) {
1110 *addr = component_base;
1116 } while (romentry > 0);
1118 dap_ap_select(dap, apselold);
1123 static int dap_info_command(struct command_context *cmd_ctx,
1124 struct adiv5_dap *dap, int apsel)
1127 uint32_t dbgbase, apid;
1128 int romtable_present = 0;
1132 retval = dap_get_debugbase(dap, apsel, &dbgbase, &apid);
1133 if (retval != ERROR_OK)
1136 apselold = dap->apsel;
1137 dap_ap_select(dap, apsel);
1139 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
1140 mem_ap = ((apid&0x10000) && ((apid&0x0F) != 0));
1141 command_print(cmd_ctx, "AP ID register 0x%8.8" PRIx32, apid);
1147 command_print(cmd_ctx, "\tType is JTAG-AP");
1150 command_print(cmd_ctx, "\tType is MEM-AP AHB");
1153 command_print(cmd_ctx, "\tType is MEM-AP APB");
1156 command_print(cmd_ctx, "\tUnknown AP type");
1160 /* NOTE: a MEM-AP may have a single CoreSight component that's
1161 * not a ROM table ... or have no such components at all.
1164 command_print(cmd_ctx, "AP BASE 0x%8.8" PRIx32,
1169 command_print(cmd_ctx, "No AP found at this apsel 0x%x", apsel);
1172 romtable_present = ((mem_ap) && (dbgbase != 0xFFFFFFFF));
1173 if (romtable_present)
1175 uint32_t cid0,cid1,cid2,cid3,memtype,romentry;
1176 uint16_t entry_offset;
1178 /* bit 16 of apid indicates a memory access port */
1180 command_print(cmd_ctx, "\tValid ROM table present");
1182 command_print(cmd_ctx, "\tROM table in legacy format");
1184 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
1185 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFF0, &cid0);
1186 if (retval != ERROR_OK)
1188 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFF4, &cid1);
1189 if (retval != ERROR_OK)
1191 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFF8, &cid2);
1192 if (retval != ERROR_OK)
1194 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFFC, &cid3);
1195 if (retval != ERROR_OK)
1197 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFCC, &memtype);
1198 if (retval != ERROR_OK)
1200 retval = dap_run(dap);
1201 if (retval != ERROR_OK)
1204 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
1205 command_print(cmd_ctx, "\tCID3 0x%2.2x"
1209 (unsigned) cid3, (unsigned)cid2,
1210 (unsigned) cid1, (unsigned) cid0);
1212 command_print(cmd_ctx, "\tMEMTYPE system memory present on bus");
1214 command_print(cmd_ctx, "\tMEMTYPE System memory not present. "
1215 "Dedicated debug bus.");
1217 /* Now we read ROM table entries from dbgbase&0xFFFFF000) | 0x000 until we get 0x00000000 */
1221 retval = mem_ap_read_atomic_u32(dap, (dbgbase&0xFFFFF000) | entry_offset, &romentry);
1222 if (retval != ERROR_OK)
1224 command_print(cmd_ctx, "\tROMTABLE[0x%x] = 0x%" PRIx32 "",entry_offset,romentry);
1227 uint32_t c_cid0, c_cid1, c_cid2, c_cid3;
1228 uint32_t c_pid0, c_pid1, c_pid2, c_pid3, c_pid4;
1229 uint32_t component_base;
1233 component_base = (dbgbase & 0xFFFFF000)
1234 + (romentry & 0xFFFFF000);
1236 /* IDs are in last 4K section */
1239 retval = mem_ap_read_atomic_u32(dap,
1240 component_base + 0xFE0, &c_pid0);
1241 if (retval != ERROR_OK)
1244 retval = mem_ap_read_atomic_u32(dap,
1245 component_base + 0xFE4, &c_pid1);
1246 if (retval != ERROR_OK)
1249 retval = mem_ap_read_atomic_u32(dap,
1250 component_base + 0xFE8, &c_pid2);
1251 if (retval != ERROR_OK)
1254 retval = mem_ap_read_atomic_u32(dap,
1255 component_base + 0xFEC, &c_pid3);
1256 if (retval != ERROR_OK)
1259 retval = mem_ap_read_atomic_u32(dap,
1260 component_base + 0xFD0, &c_pid4);
1261 if (retval != ERROR_OK)
1265 retval = mem_ap_read_atomic_u32(dap,
1266 component_base + 0xFF0, &c_cid0);
1267 if (retval != ERROR_OK)
1270 retval = mem_ap_read_atomic_u32(dap,
1271 component_base + 0xFF4, &c_cid1);
1272 if (retval != ERROR_OK)
1275 retval = mem_ap_read_atomic_u32(dap,
1276 component_base + 0xFF8, &c_cid2);
1277 if (retval != ERROR_OK)
1280 retval = mem_ap_read_atomic_u32(dap,
1281 component_base + 0xFFC, &c_cid3);
1282 if (retval != ERROR_OK)
1287 command_print(cmd_ctx,
1288 "\t\tComponent base address 0x%" PRIx32
1289 ", start address 0x%" PRIx32,
1291 /* component may take multiple 4K pages */
1292 component_base - 0x1000*(c_pid4 >> 4));
1293 command_print(cmd_ctx, "\t\tComponent class is 0x%x, %s",
1294 (int) (c_cid1 >> 4) & 0xf,
1295 /* See ARM IHI 0029B Table 3-3 */
1296 class_description[(c_cid1 >> 4) & 0xf]);
1298 /* CoreSight component? */
1299 if (((c_cid1 >> 4) & 0x0f) == 9) {
1302 char *major = "Reserved", *subtype = "Reserved";
1304 retval = mem_ap_read_atomic_u32(dap,
1305 (component_base & 0xfffff000) | 0xfcc,
1307 if (retval != ERROR_OK)
1309 minor = (devtype >> 4) & 0x0f;
1310 switch (devtype & 0x0f) {
1312 major = "Miscellaneous";
1318 subtype = "Validation component";
1323 major = "Trace Sink";
1337 major = "Trace Link";
1343 subtype = "Funnel, router";
1349 subtype = "FIFO, buffer";
1354 major = "Trace Source";
1360 subtype = "Processor";
1366 subtype = "Engine/Coprocessor";
1374 major = "Debug Control";
1380 subtype = "Trigger Matrix";
1383 subtype = "Debug Auth";
1388 major = "Debug Logic";
1394 subtype = "Processor";
1400 subtype = "Engine/Coprocessor";
1405 command_print(cmd_ctx, "\t\tType is 0x%2.2x, %s, %s",
1406 (unsigned) (devtype & 0xff),
1408 /* REVISIT also show 0xfc8 DevId */
1411 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
1412 command_print(cmd_ctx,
1421 command_print(cmd_ctx,
1422 "\t\tPeripheral ID[4..0] = hex "
1423 "%2.2x %2.2x %2.2x %2.2x %2.2x",
1424 (int) c_pid4, (int) c_pid3, (int) c_pid2,
1425 (int) c_pid1, (int) c_pid0);
1427 /* Part number interpretations are from Cortex
1428 * core specs, the CoreSight components TRM
1429 * (ARM DDI 0314H), and ETM specs; also from
1430 * chip observation (e.g. TI SDTI).
1432 part_num = (c_pid0 & 0xff);
1433 part_num |= (c_pid1 & 0x0f) << 8;
1436 type = "Cortex-M3 NVIC";
1437 full = "(Interrupt Controller)";
1440 type = "Cortex-M3 ITM";
1441 full = "(Instrumentation Trace Module)";
1444 type = "Cortex-M3 DWT";
1445 full = "(Data Watchpoint and Trace)";
1448 type = "Cortex-M3 FBP";
1449 full = "(Flash Patch and Breakpoint)";
1452 type = "CoreSight ETM11";
1453 full = "(Embedded Trace)";
1455 // case 0x113: what?
1456 case 0x120: /* from OMAP3 memmap */
1458 full = "(System Debug Trace Interface)";
1460 case 0x343: /* from OMAP3 memmap */
1465 type = "Coresight CTI";
1466 full = "(Cross Trigger)";
1469 type = "Coresight ETB";
1470 full = "(Trace Buffer)";
1473 type = "Coresight CSTF";
1474 full = "(Trace Funnel)";
1477 type = "CoreSight ETM9";
1478 full = "(Embedded Trace)";
1481 type = "Coresight TPIU";
1482 full = "(Trace Port Interface Unit)";
1485 type = "Cortex-A8 ETM";
1486 full = "(Embedded Trace)";
1489 type = "Cortex-A8 CTI";
1490 full = "(Cross Trigger)";
1493 type = "Cortex-M3 TPIU";
1494 full = "(Trace Port Interface Unit)";
1497 type = "Cortex-M3 ETM";
1498 full = "(Embedded Trace)";
1501 type = "Cortex-A8 Debug";
1502 full = "(Debug Unit)";
1505 type = "-*- unrecognized -*-";
1509 command_print(cmd_ctx, "\t\tPart is %s %s",
1515 command_print(cmd_ctx, "\t\tComponent not present");
1517 command_print(cmd_ctx, "\t\tEnd of ROM table");
1520 } while (romentry > 0);
1524 command_print(cmd_ctx, "\tNo ROM table present");
1526 dap_ap_select(dap, apselold);
1531 COMMAND_HANDLER(handle_dap_info_command)
1533 struct target *target = get_current_target(CMD_CTX);
1534 struct arm *arm = target_to_arm(target);
1535 struct adiv5_dap *dap = arm->dap;
1543 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1546 return ERROR_COMMAND_SYNTAX_ERROR;
1549 return dap_info_command(CMD_CTX, dap, apsel);
1552 COMMAND_HANDLER(dap_baseaddr_command)
1554 struct target *target = get_current_target(CMD_CTX);
1555 struct arm *arm = target_to_arm(target);
1556 struct adiv5_dap *dap = arm->dap;
1558 uint32_t apsel, apselsave, baseaddr;
1561 apselsave = dap->apsel;
1567 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1568 /* AP address is in bits 31:24 of DP_SELECT */
1570 return ERROR_INVALID_ARGUMENTS;
1573 return ERROR_COMMAND_SYNTAX_ERROR;
1576 if (apselsave != apsel)
1577 dap_ap_select(dap, apsel);
1579 /* NOTE: assumes we're talking to a MEM-AP, which
1580 * has a base address. There are other kinds of AP,
1581 * though they're not common for now. This should
1582 * use the ID register to verify it's a MEM-AP.
1584 retval = dap_queue_ap_read(dap, AP_REG_BASE, &baseaddr);
1585 if (retval != ERROR_OK)
1587 retval = dap_run(dap);
1588 if (retval != ERROR_OK)
1591 command_print(CMD_CTX, "0x%8.8" PRIx32, baseaddr);
1593 if (apselsave != apsel)
1594 dap_ap_select(dap, apselsave);
1599 COMMAND_HANDLER(dap_memaccess_command)
1601 struct target *target = get_current_target(CMD_CTX);
1602 struct arm *arm = target_to_arm(target);
1603 struct adiv5_dap *dap = arm->dap;
1605 uint32_t memaccess_tck;
1609 memaccess_tck = dap->memaccess_tck;
1612 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], memaccess_tck);
1615 return ERROR_COMMAND_SYNTAX_ERROR;
1617 dap->memaccess_tck = memaccess_tck;
1619 command_print(CMD_CTX, "memory bus access delay set to %" PRIi32 " tck",
1620 dap->memaccess_tck);
1625 COMMAND_HANDLER(dap_apsel_command)
1627 struct target *target = get_current_target(CMD_CTX);
1628 struct arm *arm = target_to_arm(target);
1629 struct adiv5_dap *dap = arm->dap;
1631 uint32_t apsel, apid;
1639 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1640 /* AP address is in bits 31:24 of DP_SELECT */
1642 return ERROR_INVALID_ARGUMENTS;
1645 return ERROR_COMMAND_SYNTAX_ERROR;
1648 dap_ap_select(dap, apsel);
1649 retval = dap_queue_ap_read(dap, AP_REG_IDR, &apid);
1650 if (retval != ERROR_OK)
1652 retval = dap_run(dap);
1653 if (retval != ERROR_OK)
1656 command_print(CMD_CTX, "ap %" PRIi32 " selected, identification register 0x%8.8" PRIx32,
1662 COMMAND_HANDLER(dap_apid_command)
1664 struct target *target = get_current_target(CMD_CTX);
1665 struct arm *arm = target_to_arm(target);
1666 struct adiv5_dap *dap = arm->dap;
1668 uint32_t apsel, apselsave, apid;
1671 apselsave = dap->apsel;
1677 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1678 /* AP address is in bits 31:24 of DP_SELECT */
1680 return ERROR_INVALID_ARGUMENTS;
1683 return ERROR_COMMAND_SYNTAX_ERROR;
1686 if (apselsave != apsel)
1687 dap_ap_select(dap, apsel);
1689 retval = dap_queue_ap_read(dap, AP_REG_IDR, &apid);
1690 if (retval != ERROR_OK)
1692 retval = dap_run(dap);
1693 if (retval != ERROR_OK)
1696 command_print(CMD_CTX, "0x%8.8" PRIx32, apid);
1697 if (apselsave != apsel)
1698 dap_ap_select(dap, apselsave);
1703 static const struct command_registration dap_commands[] = {
1706 .handler = handle_dap_info_command,
1707 .mode = COMMAND_EXEC,
1708 .help = "display ROM table for MEM-AP "
1709 "(default currently selected AP)",
1710 .usage = "[ap_num]",
1714 .handler = dap_apsel_command,
1715 .mode = COMMAND_EXEC,
1716 .help = "Set the currently selected AP (default 0) "
1717 "and display the result",
1718 .usage = "[ap_num]",
1722 .handler = dap_apid_command,
1723 .mode = COMMAND_EXEC,
1724 .help = "return ID register from AP "
1725 "(default currently selected AP)",
1726 .usage = "[ap_num]",
1730 .handler = dap_baseaddr_command,
1731 .mode = COMMAND_EXEC,
1732 .help = "return debug base address from MEM-AP "
1733 "(default currently selected AP)",
1734 .usage = "[ap_num]",
1737 .name = "memaccess",
1738 .handler = dap_memaccess_command,
1739 .mode = COMMAND_EXEC,
1740 .help = "set/get number of extra tck for MEM-AP memory "
1741 "bus access [0-255]",
1742 .usage = "[cycles]",
1744 COMMAND_REGISTRATION_DONE
1747 const struct command_registration dap_command_handlers[] = {
1750 .mode = COMMAND_EXEC,
1751 .help = "DAP command group",
1752 .chain = dap_commands,
1754 COMMAND_REGISTRATION_DONE
projects / fw / openocd / blob