Update FTDI C232HM cfg, and add two new cfgs from cable modem research

Change-Id: Idbeffcd5ff4380b1e7c9fd5ef6ba3ca77cc22d99
Signed-off-by: Al Dyrius <aldyrius42@gmail.com>
Reviewed-on: http://openocd.zylin.com/5307
Tested-by: jenkins
Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>

diff --git a/tcl/board/kc100.cfg b/tcl/board/kc100.cfg
new file mode 100644 (file)
index 0000000..1d383be
--- /dev/null
+++ b/tcl/board/kc100.cfg
@@ -0,0 +1,31 @@
+# Knovative KC-100 cable modem
+
+# TNETC4401PYP, 208-QFP U3
+source [find target/tnetc4401.cfg]
+
+# 14-pin EJTAG on JP1. Standard pinout, 1-3-5-7-9-11 = nTRST-TDI-TDO-TMS-TCK-nSRST. Use 2 for GND.
+# Was initially disabled in hardware; had to add a solder bridge reenabling R124, R125 on back.
+reset_config trst_and_srst separate
+
+# 16Mb Intel CFI flash. Note this CPU has an internal ROM at 0x1FC0000 (phys) for cold boot.
+# All that really does is some minimal checks before jumping to external flash at 0x00000000 phys.
+# That is remapped to 0xB0000000 uncached, 0x90000000 cached.
+flash bank intel cfi 0xB0000000 0x200000 2 2 $_TARGETNAME
+
+# Perform this after a clean reboot, halt, and reset init (which should also leave it halted).
+proc kc100_dump_flash {} {
+       echo "Probing 48 TSOP Intel CFI flash chip (2MB)..."
+       flash probe intel
+       echo "Dumping 2MB flash chip to flashdump.bin.
+       flash read_bank 0 flashdump.bin 0 0x200000
+}
+
+#TODO figure out memory init sequence to be able to dump from cached segment instead
+
+# There is also a serial console on JP2, 3-5-6 = TX-RX-GND. 9600/8/N/1.
+
+# Possibly of note, this modem's ancient ethernet port does not support Auto-MDIX.
+
+# This modem in many ways appears to be essentially a clone of the SB5120. See usbjtag.com.
+# The firmware/OS is also susceptible to many of the same procedures in "Hacking the Cable Modem"
+# by DerEngel (Ryan Harris), available from No Starch Press.

diff --git a/tcl/interface/ftdi/c232hm.cfg b/tcl/interface/ftdi/c232hm.cfg
index 387abbb0562345b7ef59954355a85930be59e642..4f623e0f88a40515844f14f7908f05750ad82717 100644 (file)
--- a/tcl/interface/ftdi/c232hm.cfg
+++ b/tcl/interface/ftdi/c232hm.cfg
@@ -1,4 +1,3 @@
-#
 # FTDI USB Hi-Speed to MPSSE Cable
 #
 # http://www.ftdichip.com/Products/Cables/USBMPSSE.htm
@@ -6,10 +5,52 @@
 # C232HM-DDHSL-0 and C232HM-EDSL-0 provide 3.3V and 5V on pin 1 (Red),
 # respectively.
 #
+# Adapter: http://www.ftdichip.com/Support/Documents/DataSheets/Cables/DS_C232HM_MPSSE_CABLE.PDF
+# Chip: http://www.ftdichip.com/Support/Documents/DataSheets/ICs/DS_FT232H.pdf
+# See pinout/colors at end of this file.
+#
+# Tech notes:
+# http://www.ftdichip.com/Support/Documents/AppNotes/AN_135_MPSSE_Basics.pdf
+# http://www.ftdichip.com/Support/Documents/AppNotes/AN_129_FTDI_Hi_Speed_USB_To_JTAG_Example.pdf
 
 interface ftdi
 #ftdi_device_desc "C232HM-DDHSL-0"
 #ftdi_device_desc "C232HM-EDHSL-0"
+
+# Common PID for FT232H
 ftdi_vid_pid 0x0403 0x6014
 
-ftdi_layout_init 0x0008 0x000b
+# Layout
+# High data byte 0x40 configures red LED on ACBUS6 initially high (unlit, since active-low)
+# Low data byte 0x08 configures TMS on ACBUS3 initially high (asserted); TCK, TDI low
+# High direction byte 0x40 configures red LED on ACBUS6 as high (output)
+# Low direction byte 0x0b configures TDO on ACBUS2 as low (input)
+ftdi_layout_init 0x4008 0x400b
+
+# ---A*BUS-------CCCCCCCC|DDDDDDDD
+# --------\______76543210|76543210
+# LED  0x4000 = 01000000|00000000 = ACBUS6
+#GPIOL0        0x0010 = 00000000|00010000 = ADBUS4
+#GPIOL1        0x0020 = 00000000|00100000 = ADBUS5
+#GPIOL2        0x0040 = 00000000|01000000 = ADBUS6
+#GPIOL3        0x0080 = 00000000|10000000 = ADBUS7
+# -ndata treats the LED as active-low for expected behavior (toggle when transferring)
+ftdi_layout_signal LED -ndata 0x4000
+# Available for aliasing as desired
+ftdi_layout_signal GPIOL0 -data 0x0010 -oe 0x0010
+ftdi_layout_signal GPIOL1 -data 0x0020 -oe 0x0020
+ftdi_layout_signal GPIOL2 -data 0x0040 -oe 0x0040
+ftdi_layout_signal GPIOL3 -data 0x0080 -oe 0x0080
+
+# C232HM               FT232H  JTAG/Other
+# Num  Color   Name    Func
+# 1            Red             VCC             Optionally, can power the board if it is not using its own power supply.
+# 2            Orange  ADBUS0  TCK
+# 3            Yellow  ADBUS1  TDI
+# 4            Green   ADBUS2  TDO
+# 5            Brown   ADBUS3  TMS
+# 6            Grey    ADBUS4  GPIOL0
+# 7            Purple  ADBUS5  GPIOL1
+# 8            White   ADBUS6  GPIOL2
+# 9            Blue    ADBUS7  GPIOL3
+# 10   Black   GND             Connect to ground

diff --git a/tcl/target/tnetc4401.cfg b/tcl/target/tnetc4401.cfg
new file mode 100644 (file)
index 0000000..48f7545
--- /dev/null
+++ b/tcl/target/tnetc4401.cfg
@@ -0,0 +1,17 @@
+# Texas Instruments (TI) TNETC4401, MIPS32 DOCSIS-tailored SoC (4Kc-based)
+# Used in Knovative KC-100 and Motorola Surfboard SB5120 cable modems.
+# Datasheet: https://brezn.muc.ccc.de/~mazzoo/DOCSIS/tnetc4401.pdf
+transport select jtag
+set _TARGETNAME tnetc4401
+set _CPUTAPID 0x0000100f
+jtag newtap $_TARGETNAME tap -irlen 5 -ircapture 0x01 -irmask 0x1f -expected-id $_CPUTAPID
+target create $_TARGETNAME mips_m4k -chain-position $_TARGETNAME.tap -endian big
+
+# May need to halt manually before calling reset init
+$_TARGETNAME configure -event reset-init {
+       halt
+       echo "Attempting to disable watchdog..."
+       mwb phys 0xa8610b00 0 256
+       halt
+       wait_halt
+}