10 #include <sys/types.h>
15 #include "stlink-common.h"
16 #include "uglylogging.h"
18 #define LOG_TAG __FILE__
19 #define DLOG(format, args...) ugly_log(UDEBUG, LOG_TAG, format, ## args)
20 #define ILOG(format, args...) ugly_log(UINFO, LOG_TAG, format, ## args)
21 #define WLOG(format, args...) ugly_log(UWARN, LOG_TAG, format, ## args)
22 #define fatal(format, args...) ugly_log(UFATAL, LOG_TAG, format, ## args)
24 /* todo: stm32l15xxx flash memory, pm0062 manual */
26 /* stm32f FPEC flash controller interface, pm0063 manual */
27 // TODO - all of this needs to be abstracted out....
28 #define FLASH_REGS_ADDR 0x40022000
29 #define FLASH_REGS_SIZE 0x28
31 #define FLASH_ACR (FLASH_REGS_ADDR + 0x00)
32 #define FLASH_KEYR (FLASH_REGS_ADDR + 0x04)
33 #define FLASH_SR (FLASH_REGS_ADDR + 0x0c)
34 #define FLASH_CR (FLASH_REGS_ADDR + 0x10)
35 #define FLASH_AR (FLASH_REGS_ADDR + 0x14)
36 #define FLASH_OBR (FLASH_REGS_ADDR + 0x1c)
37 #define FLASH_WRPR (FLASH_REGS_ADDR + 0x20)
39 #define FLASH_RDPTR_KEY 0x00a5
40 #define FLASH_KEY1 0x45670123
41 #define FLASH_KEY2 0xcdef89ab
43 #define FLASH_SR_BSY 0
44 #define FLASH_SR_EOP 5
47 #define FLASH_CR_PER 1
48 #define FLASH_CR_MER 2
49 #define FLASH_CR_STRT 6
50 #define FLASH_CR_LOCK 7
53 //32L = 32F1 same CoreID as 32F4!
54 #define STM32L_FLASH_REGS_ADDR ((uint32_t)0x40023c00)
55 #define STM32L_FLASH_ACR (STM32L_FLASH_REGS_ADDR + 0x00)
56 #define STM32L_FLASH_PECR (STM32L_FLASH_REGS_ADDR + 0x04)
57 #define STM32L_FLASH_PDKEYR (STM32L_FLASH_REGS_ADDR + 0x08)
58 #define STM32L_FLASH_PEKEYR (STM32L_FLASH_REGS_ADDR + 0x0c)
59 #define STM32L_FLASH_PRGKEYR (STM32L_FLASH_REGS_ADDR + 0x10)
60 #define STM32L_FLASH_OPTKEYR (STM32L_FLASH_REGS_ADDR + 0x14)
61 #define STM32L_FLASH_SR (STM32L_FLASH_REGS_ADDR + 0x18)
62 #define STM32L_FLASH_OBR (STM32L_FLASH_REGS_ADDR + 0x0c)
63 #define STM32L_FLASH_WRPR (STM32L_FLASH_REGS_ADDR + 0x20)
67 #define FLASH_F4_REGS_ADDR ((uint32_t)0x40023c00)
68 #define FLASH_F4_KEYR (FLASH_F4_REGS_ADDR + 0x04)
69 #define FLASH_F4_OPT_KEYR (FLASH_F4_REGS_ADDR + 0x08)
70 #define FLASH_F4_SR (FLASH_F4_REGS_ADDR + 0x0c)
71 #define FLASH_F4_CR (FLASH_F4_REGS_ADDR + 0x10)
72 #define FLASH_F4_OPT_CR (FLASH_F4_REGS_ADDR + 0x14)
73 #define FLASH_F4_CR_STRT 16
74 #define FLASH_F4_CR_LOCK 31
75 #define FLASH_F4_CR_SER 1
76 #define FLASH_F4_CR_SNB 3
77 #define FLASH_F4_CR_SNB_MASK 0x38
78 #define FLASH_F4_SR_BSY 16
81 void write_uint32(unsigned char* buf, uint32_t ui) {
82 if (!is_bigendian()) { // le -> le (don't swap)
83 buf[0] = ((unsigned char*) &ui)[0];
84 buf[1] = ((unsigned char*) &ui)[1];
85 buf[2] = ((unsigned char*) &ui)[2];
86 buf[3] = ((unsigned char*) &ui)[3];
88 buf[0] = ((unsigned char*) &ui)[3];
89 buf[1] = ((unsigned char*) &ui)[2];
90 buf[2] = ((unsigned char*) &ui)[1];
91 buf[3] = ((unsigned char*) &ui)[0];
95 void write_uint16(unsigned char* buf, uint16_t ui) {
96 if (!is_bigendian()) { // le -> le (don't swap)
97 buf[0] = ((unsigned char*) &ui)[0];
98 buf[1] = ((unsigned char*) &ui)[1];
100 buf[0] = ((unsigned char*) &ui)[1];
101 buf[1] = ((unsigned char*) &ui)[0];
105 uint32_t read_uint32(const unsigned char *c, const int pt) {
107 char *p = (char *) &ui;
109 if (!is_bigendian()) { // le -> le (don't swap)
123 static uint32_t __attribute__((unused)) read_flash_rdp(stlink_t *sl) {
124 return stlink_read_debug32(sl, FLASH_WRPR) & 0xff;
127 static inline uint32_t read_flash_wrpr(stlink_t *sl) {
128 return stlink_read_debug32(sl, FLASH_WRPR);
131 static inline uint32_t read_flash_obr(stlink_t *sl) {
132 return stlink_read_debug32(sl, FLASH_OBR);
135 static inline uint32_t read_flash_cr(stlink_t *sl) {
137 if(sl->chip_id==STM32F4_CHIP_ID)
138 res = stlink_read_debug32(sl, FLASH_F4_CR);
140 res = stlink_read_debug32(sl, FLASH_CR);
142 fprintf(stdout, "CR:0x%x\n", res);
147 static inline unsigned int is_flash_locked(stlink_t *sl) {
148 /* return non zero for true */
149 if(sl->chip_id==STM32F4_CHIP_ID)
150 return read_flash_cr(sl) & (1 << FLASH_F4_CR_LOCK);
152 return read_flash_cr(sl) & (1 << FLASH_CR_LOCK);
155 static void unlock_flash(stlink_t *sl) {
156 /* the unlock sequence consists of 2 write cycles where
157 2 key values are written to the FLASH_KEYR register.
158 an invalid sequence results in a definitive lock of
159 the FPEC block until next reset.
161 if(sl->chip_id==STM32F4_CHIP_ID) {
162 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY1);
163 stlink_write_debug32(sl, FLASH_F4_KEYR, FLASH_KEY2);
166 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY1);
167 stlink_write_debug32(sl, FLASH_KEYR, FLASH_KEY2);
172 static int unlock_flash_if(stlink_t *sl) {
173 /* unlock flash if already locked */
175 if (is_flash_locked(sl)) {
177 if (is_flash_locked(sl)) {
178 WLOG("Failed to unlock flash!\n");
182 ILOG("Successfully unlocked flash\n");
186 static void lock_flash(stlink_t *sl) {
187 if(sl->chip_id==STM32F4_CHIP_ID) {
188 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_F4_CR_LOCK);
189 stlink_write_debug32(sl, FLASH_F4_CR, n);
192 /* write to 1 only. reset by hw at unlock sequence */
193 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_CR_LOCK);
194 stlink_write_debug32(sl, FLASH_CR, n);
199 static void set_flash_cr_pg(stlink_t *sl) {
200 if(sl->chip_id==STM32F4_CHIP_ID) {
201 uint32_t x = read_flash_cr(sl);
202 x |= (1 << FLASH_CR_PG);
203 stlink_write_debug32(sl, FLASH_F4_CR, x);
206 const uint32_t n = 1 << FLASH_CR_PG;
207 stlink_write_debug32(sl, FLASH_CR, n);
211 static void __attribute__((unused)) clear_flash_cr_pg(stlink_t *sl) {
212 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PG);
213 if(sl->chip_id==STM32F4_CHIP_ID)
214 stlink_write_debug32(sl, FLASH_F4_CR, n);
216 stlink_write_debug32(sl, FLASH_CR, n);
219 static void set_flash_cr_per(stlink_t *sl) {
220 const uint32_t n = 1 << FLASH_CR_PER;
221 stlink_write_debug32(sl, FLASH_CR, n);
224 static void __attribute__((unused)) clear_flash_cr_per(stlink_t *sl) {
225 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PER);
226 stlink_write_debug32(sl, FLASH_CR, n);
229 static void set_flash_cr_mer(stlink_t *sl) {
230 const uint32_t n = 1 << FLASH_CR_MER;
231 stlink_write_debug32(sl, FLASH_CR, n);
234 static void __attribute__((unused)) clear_flash_cr_mer(stlink_t *sl) {
235 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_MER);
236 stlink_write_debug32(sl, FLASH_CR, n);
239 static void set_flash_cr_strt(stlink_t *sl) {
240 if(sl->chip_id == STM32F4_CHIP_ID)
242 uint32_t x = read_flash_cr(sl);
243 x |= (1 << FLASH_F4_CR_STRT);
244 stlink_write_debug32(sl, FLASH_F4_CR, x);
247 /* assume come on the flash_cr_per path */
248 const uint32_t n = (1 << FLASH_CR_PER) | (1 << FLASH_CR_STRT);
249 stlink_write_debug32(sl, FLASH_CR, n);
253 static inline uint32_t read_flash_acr(stlink_t *sl) {
254 return stlink_read_debug32(sl, FLASH_ACR);
257 static inline uint32_t read_flash_sr(stlink_t *sl) {
259 if(sl->chip_id==STM32F4_CHIP_ID)
260 res = stlink_read_debug32(sl, FLASH_F4_SR);
262 res = stlink_read_debug32(sl, FLASH_SR);
263 //fprintf(stdout, "SR:0x%x\n", *(uint32_t*) sl->q_buf);
267 static inline unsigned int is_flash_busy(stlink_t *sl) {
268 if(sl->chip_id==STM32F4_CHIP_ID)
269 return read_flash_sr(sl) & (1 << FLASH_F4_SR_BSY);
271 return read_flash_sr(sl) & (1 << FLASH_SR_BSY);
274 static void wait_flash_busy(stlink_t *sl) {
275 /* todo: add some delays here */
276 while (is_flash_busy(sl))
280 static inline unsigned int is_flash_eop(stlink_t *sl) {
281 return read_flash_sr(sl) & (1 << FLASH_SR_EOP);
284 static void __attribute__((unused)) clear_flash_sr_eop(stlink_t *sl) {
285 const uint32_t n = read_flash_sr(sl) & ~(1 << FLASH_SR_EOP);
286 stlink_write_debug32(sl, FLASH_SR, n);
289 static void __attribute__((unused)) wait_flash_eop(stlink_t *sl) {
290 /* todo: add some delays here */
291 while (is_flash_eop(sl) == 0)
295 static inline void write_flash_ar(stlink_t *sl, uint32_t n) {
296 stlink_write_debug32(sl, FLASH_AR, n);
299 static inline void write_flash_cr_psiz(stlink_t *sl, uint32_t n) {
300 uint32_t x = read_flash_cr(sl);
304 fprintf(stdout, "PSIZ:0x%x 0x%x\n", x, n);
306 stlink_write_debug32(sl, FLASH_F4_CR, x);
310 static inline void write_flash_cr_snb(stlink_t *sl, uint32_t n) {
311 uint32_t x = read_flash_cr(sl);
312 x &= ~FLASH_F4_CR_SNB_MASK;
313 x |= (n << FLASH_F4_CR_SNB);
314 x |= (1 << FLASH_F4_CR_SER);
316 fprintf(stdout, "SNB:0x%x 0x%x\n", x, n);
318 stlink_write_debug32(sl, FLASH_F4_CR, x);
323 static void disable_flash_read_protection(stlink_t *sl) {
324 /* erase the option byte area */
331 // Delegates to the backends...
333 void stlink_close(stlink_t *sl) {
334 DLOG("*** stlink_close ***\n");
335 sl->backend->close(sl);
339 void stlink_exit_debug_mode(stlink_t *sl) {
340 DLOG("*** stlink_exit_debug_mode ***\n");
341 stlink_write_debug32(sl, DHCSR, DBGKEY);
342 sl->backend->exit_debug_mode(sl);
345 void stlink_enter_swd_mode(stlink_t *sl) {
346 DLOG("*** stlink_enter_swd_mode ***\n");
347 sl->backend->enter_swd_mode(sl);
350 // Force the core into the debug mode -> halted state.
351 void stlink_force_debug(stlink_t *sl) {
352 DLOG("*** stlink_force_debug_mode ***\n");
353 sl->backend->force_debug(sl);
356 void stlink_exit_dfu_mode(stlink_t *sl) {
357 DLOG("*** stlink_exit_dfu_mode ***\n");
358 sl->backend->exit_dfu_mode(sl);
361 uint32_t stlink_core_id(stlink_t *sl) {
362 DLOG("*** stlink_core_id ***\n");
363 sl->backend->core_id(sl);
365 stlink_print_data(sl);
366 DLOG("core_id = 0x%08x\n", sl->core_id);
370 uint32_t stlink_chip_id(stlink_t *sl) {
371 uint32_t chip_id = stlink_read_debug32(sl, 0xE0042000);
376 * Cortex m3 tech ref manual, CPUID register description
377 * @param sl stlink context
378 * @param cpuid pointer to the result object
380 void stlink_cpu_id(stlink_t *sl, cortex_m3_cpuid_t *cpuid) {
381 uint32_t raw = stlink_read_debug32(sl, CM3_REG_CPUID);
382 cpuid->implementer_id = (raw >> 24) & 0x7f;
383 cpuid->variant = (raw >> 20) & 0xf;
384 cpuid->part = (raw >> 4) & 0xfff;
385 cpuid->revision = raw & 0xf;
390 * reads and decodes the flash parameters, as dynamically as possible
392 * @return 0 for success, or -1 for unsupported core type.
394 int stlink_load_device_params(stlink_t *sl) {
395 ILOG("Loading device parameters....\n");
396 const chip_params_t *params = NULL;
398 sl->core_id = stlink_core_id(sl);
399 uint32_t chip_id = stlink_chip_id(sl);
401 /* Fix chip_id for F4 rev A errata */
402 if (((chip_id & 0xFFF) == 0x411) && (sl->core_id == CORE_M4_R0)) {
406 sl->chip_id = chip_id;
407 for(size_t i = 0; i < sizeof(devices) / sizeof(devices[0]); i++) {
408 if(devices[i].chip_id == (chip_id & 0xFFF)) {
409 params = &devices[i];
413 if (params == NULL) {
414 WLOG("unknown chip id! %#x\n", chip_id);
418 // These are fixed...
419 sl->flash_base = STM32_FLASH_BASE;
420 sl->sram_base = STM32_SRAM_BASE;
422 // read flash size from hardware, if possible...
423 if ((chip_id & 0xFFF) == STM32_CHIPID_F2) {
424 sl->flash_size = 0; // FIXME - need to work this out some other way, just set to max possible?
425 } else if ((chip_id & 0xFFF) == STM32_CHIPID_F4) {
426 sl->flash_size = 0x100000; //todo: RM0090 error; size register same address as unique ID
428 uint32_t flash_size = stlink_read_debug32(sl, params->flash_size_reg) & 0xffff;
429 sl->flash_size = flash_size * 1024;
431 sl->flash_pgsz = params->flash_pagesize;
432 sl->sram_size = params->sram_size;
433 sl->sys_base = params->bootrom_base;
434 sl->sys_size = params->bootrom_size;
436 ILOG("Device connected is: %s, id %#x\n", params->description, chip_id);
437 // TODO make note of variable page size here.....
438 ILOG("SRAM size: %#x bytes (%d KiB), Flash: %#x bytes (%d KiB) in pages of %zd bytes\n",
439 sl->sram_size, sl->sram_size / 1024, sl->flash_size, sl->flash_size / 1024,
444 void stlink_reset(stlink_t *sl) {
445 DLOG("*** stlink_reset ***\n");
446 sl->backend->reset(sl);
449 void stlink_jtag_reset(stlink_t *sl, int value) {
450 DLOG("*** stlink_jtag_reset ***\n");
451 sl->backend->jtag_reset(sl, value);
454 void stlink_run(stlink_t *sl) {
455 DLOG("*** stlink_run ***\n");
456 sl->backend->run(sl);
459 void stlink_status(stlink_t *sl) {
460 DLOG("*** stlink_status ***\n");
461 sl->backend->status(sl);
462 stlink_core_stat(sl);
466 * Decode the version bits, originally from -sg, verified with usb
467 * @param sl stlink context, assumed to contain valid data in the buffer
468 * @param slv output parsed version object
470 void _parse_version(stlink_t *sl, stlink_version_t *slv) {
471 uint32_t b0 = sl->q_buf[0]; //lsb
472 uint32_t b1 = sl->q_buf[1];
473 uint32_t b2 = sl->q_buf[2];
474 uint32_t b3 = sl->q_buf[3];
475 uint32_t b4 = sl->q_buf[4];
476 uint32_t b5 = sl->q_buf[5]; //msb
478 // b0 b1 || b2 b3 | b4 b5
479 // 4b | 6b | 6b || 2B | 2B
480 // stlink_v | jtag_v | swim_v || st_vid | stlink_pid
482 slv->stlink_v = (b0 & 0xf0) >> 4;
483 slv->jtag_v = ((b0 & 0x0f) << 2) | ((b1 & 0xc0) >> 6);
484 slv->swim_v = b1 & 0x3f;
485 slv->st_vid = (b3 << 8) | b2;
486 slv->stlink_pid = (b5 << 8) | b4;
490 void stlink_version(stlink_t *sl) {
491 DLOG("*** looking up stlink version\n");
492 sl->backend->version(sl);
493 _parse_version(sl, &sl->version);
495 DLOG("st vid = 0x%04x (expect 0x%04x)\n", sl->version.st_vid, USB_ST_VID);
496 DLOG("stlink pid = 0x%04x\n", sl->version.stlink_pid);
497 DLOG("stlink version = 0x%x\n", sl->version.stlink_v);
498 DLOG("jtag version = 0x%x\n", sl->version.jtag_v);
499 DLOG("swim version = 0x%x\n", sl->version.swim_v);
500 if (sl->version.jtag_v == 0) {
501 DLOG(" notice: the firmware doesn't support a jtag/swd interface\n");
503 if (sl->version.swim_v == 0) {
504 DLOG(" notice: the firmware doesn't support a swim interface\n");
508 uint32_t stlink_read_debug32(stlink_t *sl, uint32_t addr) {
509 uint32_t data = sl->backend->read_debug32(sl, addr);
510 DLOG("*** stlink_read_debug32 %x is %#x\n", data, addr);
514 void stlink_write_debug32(stlink_t *sl, uint32_t addr, uint32_t data) {
515 DLOG("*** stlink_write_debug32 %x to %#x\n", data, addr);
516 sl->backend->write_debug32(sl, addr, data);
519 void stlink_write_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
520 DLOG("*** stlink_write_mem32 %u bytes to %#x\n", len, addr);
522 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n", len % 4);
525 sl->backend->write_mem32(sl, addr, len);
528 void stlink_read_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
529 DLOG("*** stlink_read_mem32 ***\n");
530 if (len % 4 != 0) { // !!! never ever: fw gives just wrong values
531 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n",
535 sl->backend->read_mem32(sl, addr, len);
538 void stlink_write_mem8(stlink_t *sl, uint32_t addr, uint16_t len) {
539 DLOG("*** stlink_write_mem8 ***\n");
540 sl->backend->write_mem8(sl, addr, len);
543 void stlink_read_all_regs(stlink_t *sl, reg *regp) {
544 DLOG("*** stlink_read_all_regs ***\n");
545 sl->backend->read_all_regs(sl, regp);
548 void stlink_write_reg(stlink_t *sl, uint32_t reg, int idx) {
549 DLOG("*** stlink_write_reg\n");
550 sl->backend->write_reg(sl, reg, idx);
553 void stlink_read_reg(stlink_t *sl, int r_idx, reg *regp) {
554 DLOG("*** stlink_read_reg\n");
555 DLOG(" (%d) ***\n", r_idx);
557 if (r_idx > 20 || r_idx < 0) {
558 fprintf(stderr, "Error: register index must be in [0..20]\n");
562 sl->backend->read_reg(sl, r_idx, regp);
565 unsigned int is_core_halted(stlink_t *sl) {
566 /* return non zero if core is halted */
568 return sl->q_buf[0] == STLINK_CORE_HALTED;
571 void stlink_step(stlink_t *sl) {
572 DLOG("*** stlink_step ***\n");
573 sl->backend->step(sl);
576 int stlink_current_mode(stlink_t *sl) {
577 int mode = sl->backend->current_mode(sl);
579 case STLINK_DEV_DFU_MODE:
580 DLOG("stlink current mode: dfu\n");
582 case STLINK_DEV_DEBUG_MODE:
583 DLOG("stlink current mode: debug (jtag or swd)\n");
585 case STLINK_DEV_MASS_MODE:
586 DLOG("stlink current mode: mass\n");
589 DLOG("stlink mode: unknown!\n");
590 return STLINK_DEV_UNKNOWN_MODE;
596 // End of delegates.... Common code below here...
599 // http://www.ibm.com/developerworks/aix/library/au-endianc/index.html
601 // #define is_bigendian() ( (*(char*)&i) == 0 )
603 inline unsigned int is_bigendian(void) {
604 static volatile const unsigned int i = 1;
605 return *(volatile const char*) &i == 0;
608 uint16_t read_uint16(const unsigned char *c, const int pt) {
610 char *p = (char *) &ui;
612 if (!is_bigendian()) { // le -> le (don't swap)
622 // same as above with entrypoint.
624 void stlink_run_at(stlink_t *sl, stm32_addr_t addr) {
625 stlink_write_reg(sl, addr, 15); /* pc register */
629 while (is_core_halted(sl) == 0)
633 void stlink_core_stat(stlink_t *sl) {
637 switch (sl->q_buf[0]) {
638 case STLINK_CORE_RUNNING:
639 sl->core_stat = STLINK_CORE_RUNNING;
640 DLOG(" core status: running\n");
642 case STLINK_CORE_HALTED:
643 sl->core_stat = STLINK_CORE_HALTED;
644 DLOG(" core status: halted\n");
647 sl->core_stat = STLINK_CORE_STAT_UNKNOWN;
648 fprintf(stderr, " core status: unknown\n");
652 void stlink_print_data(stlink_t * sl) {
653 if (sl->q_len <= 0 || sl->verbose < UDEBUG)
656 fprintf(stdout, "data_len = %d 0x%x\n", sl->q_len, sl->q_len);
658 for (int i = 0; i < sl->q_len; i++) {
661 if (sl->q_data_dir == Q_DATA_OUT)
662 fprintf(stdout, "\n<- 0x%08x ", sl->q_addr + i);
664 fprintf(stdout, "\n-> 0x%08x ", sl->q_addr + i);
667 fprintf(stdout, " %02x", (unsigned int) sl->q_buf[i]);
669 fputs("\n\n", stdout);
672 /* memory mapped file */
674 typedef struct mapped_file {
679 #define MAPPED_FILE_INITIALIZER { NULL, 0 }
681 static int map_file(mapped_file_t* mf, const char* path) {
685 const int fd = open(path, O_RDONLY);
687 fprintf(stderr, "open(%s) == -1\n", path);
691 if (fstat(fd, &st) == -1) {
692 fprintf(stderr, "fstat() == -1\n");
696 mf->base = (uint8_t*) mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
697 if (mf->base == MAP_FAILED) {
698 fprintf(stderr, "mmap() == MAP_FAILED\n");
702 mf->len = st.st_size;
713 static void unmap_file(mapped_file_t * mf) {
714 munmap((void*) mf->base, mf->len);
715 mf->base = (unsigned char*) MAP_FAILED;
719 static int check_file(stlink_t* sl, mapped_file_t* mf, stm32_addr_t addr) {
722 for (off = 0; off < mf->len; off += sl->flash_pgsz) {
725 /* adjust last page size */
726 size_t cmp_size = sl->flash_pgsz;
727 if ((off + sl->flash_pgsz) > mf->len)
728 cmp_size = mf->len - off;
730 aligned_size = cmp_size;
731 if (aligned_size & (4 - 1))
732 aligned_size = (cmp_size + 4) & ~(4 - 1);
734 stlink_read_mem32(sl, addr + off, aligned_size);
736 if (memcmp(sl->q_buf, mf->base + off, cmp_size))
743 int stlink_fwrite_sram
744 (stlink_t * sl, const char* path, stm32_addr_t addr) {
745 /* write the file in sram at addr */
749 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
751 if (map_file(&mf, path) == -1) {
752 fprintf(stderr, "map_file() == -1\n");
756 /* check addr range is inside the sram */
757 if (addr < sl->sram_base) {
758 fprintf(stderr, "addr too low\n");
760 } else if ((addr + mf.len) < addr) {
761 fprintf(stderr, "addr overruns\n");
763 } else if ((addr + mf.len) > (sl->sram_base + sl->sram_size)) {
764 fprintf(stderr, "addr too high\n");
766 } else if ((addr & 3) || (mf.len & 3)) {
768 fprintf(stderr, "unaligned addr or size\n");
772 /* do the copy by 1k blocks */
773 for (off = 0; off < mf.len; off += 1024) {
775 if ((off + size) > mf.len)
778 memcpy(sl->q_buf, mf.base + off, size);
780 /* round size if needed */
784 stlink_write_mem32(sl, addr + off, size);
787 /* check the file ha been written */
788 if (check_file(sl, &mf, addr) == -1) {
789 fprintf(stderr, "check_file() == -1\n");
801 int stlink_fread(stlink_t* sl, const char* path, stm32_addr_t addr, size_t size) {
802 /* read size bytes from addr to file */
808 const int fd = open(path, O_RDWR | O_TRUNC | O_CREAT, 00700);
810 fprintf(stderr, "open(%s) == -1\n", path);
814 /* do the copy by 1k blocks */
815 for (off = 0; off < size; off += 1024) {
816 size_t read_size = 1024;
819 if ((off + read_size) > size)
820 read_size = size - off;
822 /* round size if needed */
823 rounded_size = read_size;
824 if (rounded_size & 3)
825 rounded_size = (rounded_size + 4) & ~(3);
827 stlink_read_mem32(sl, addr + off, rounded_size);
829 for(index = 0; index < read_size; index ++) {
830 if (sl->q_buf[index] == 0)
835 if (write(fd, sl->q_buf, read_size) != (ssize_t) read_size) {
836 fprintf(stderr, "write() != read_size\n");
841 /* Ignore NULL Bytes at end of file */
842 ftruncate(fd, size - num_zero);
853 int write_buffer_to_sram(stlink_t *sl, flash_loader_t* fl, const uint8_t* buf, size_t size) {
854 /* write the buffer right after the loader */
855 memcpy(sl->q_buf, buf, size);
856 stlink_write_mem8(sl, fl->buf_addr, size);
860 uint32_t calculate_F4_sectornum(uint32_t flashaddr){
861 flashaddr &= ~STM32_FLASH_BASE; //Page now holding the actual flash address
862 if (flashaddr<0x4000) return (0);
863 else if(flashaddr<0x8000) return(1);
864 else if(flashaddr<0xc000) return(2);
865 else if(flashaddr<0x10000) return(3);
866 else if(flashaddr<0x20000) return(4);
867 else return(flashaddr/0x20000)+4;
871 uint32_t stlink_calculate_pagesize(stlink_t *sl, uint32_t flashaddr){
872 if(sl->chip_id == STM32F4_CHIP_ID) {
873 uint32_t sector=calculate_F4_sectornum(flashaddr);
874 if (sector<4) sl->flash_pgsz=0x4000;
875 else if(sector<5) sl->flash_pgsz=0x10000;
876 else sl->flash_pgsz=0x20000;
878 return (sl->flash_pgsz);
882 * Erase a page of flash, assumes sl is fully populated with things like chip/core ids
883 * @param sl stlink context
884 * @param flashaddr an address in the flash page to erase
885 * @return 0 on success -ve on failure
887 int stlink_erase_flash_page(stlink_t *sl, stm32_addr_t flashaddr)
889 ILOG("Erasing flash page at addr: %#x\n", flashaddr);
890 if (sl->chip_id == STM32F4_CHIP_ID)
892 /* wait for ongoing op to finish */
895 /* unlock if locked */
898 /* select the page to erase */
899 // calculate the actual page from the address
900 uint32_t sector=calculate_F4_sectornum(flashaddr);
902 fprintf(stderr, "EraseFlash - Sector:0x%x Size:0x%x\n", sector, stlink_calculate_pagesize(sl, flashaddr));
903 write_flash_cr_snb(sl, sector);
905 /* start erase operation */
906 set_flash_cr_strt(sl);
908 /* wait for completion */
911 /* relock the flash */
912 //todo: fails to program if this is in
915 fprintf(stdout, "Erase Final CR:0x%x\n", read_flash_cr(sl));
918 else if (sl->core_id == STM32L_CORE_ID)
923 /* disable pecr protection */
924 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x89abcdef);
925 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x02030405);
927 /* check pecr.pelock is cleared */
928 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
931 WLOG("pecr.pelock not clear (%#x)\n", val);
935 /* unlock program memory */
936 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x8c9daebf);
937 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x13141516);
939 /* check pecr.prglock is cleared */
940 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
943 WLOG("pecr.prglock not clear (%#x)\n", val);
947 /* unused: unlock the option byte block */
949 stlink_write_debug32(sl, STM32L_FLASH_OPTKEYR, 0xfbead9c8);
950 stlink_write_debug32(sl, STM32L_FLASH_OPTKEYR, 0x24252627);
952 /* check pecr.optlock is cleared */
953 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
956 fprintf(stderr, "pecr.prglock not clear\n");
961 /* set pecr.{erase,prog} */
962 val |= (1 << 9) | (1 << 3);
963 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
965 #if 0 /* fix_to_be_confirmed */
967 /* wait for sr.busy to be cleared
968 MP: Test shows that busy bit is not set here. Perhaps, PM0062 is
969 wrong and we do not need to wait here for clearing the busy bit.
970 TEXANE: ok, if experience says so and it works for you, we comment
971 it. If someone has a problem, please drop an email.
973 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
977 #endif /* fix_to_be_confirmed */
979 /* write 0 to the first word of the page to be erased */
980 stlink_write_debug32(sl, flashaddr, 0);
982 /* MP: It is better to wait for clearing the busy bit after issuing
983 page erase command, even though PM0062 recommends to wait before it.
984 Test shows that a few iterations is performed in the following loop
985 before busy bit is cleared.*/
986 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0)
990 /* reset lock bits */
991 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
992 | (1 << 0) | (1 << 1) | (1 << 2);
993 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
995 else if (sl->core_id == STM32VL_CORE_ID)
997 /* wait for ongoing op to finish */
1000 /* unlock if locked */
1001 unlock_flash_if(sl);
1003 /* set the page erase bit */
1004 set_flash_cr_per(sl);
1006 /* select the page to erase */
1007 write_flash_ar(sl, flashaddr);
1009 /* start erase operation, reset by hw with bsy bit */
1010 set_flash_cr_strt(sl);
1012 /* wait for completion */
1013 wait_flash_busy(sl);
1015 /* relock the flash */
1020 WLOG("unknown coreid: %x\n", sl->core_id);
1024 /* todo: verify the erased page */
1029 int stlink_erase_flash_mass(stlink_t *sl) {
1030 /* wait for ongoing op to finish */
1031 wait_flash_busy(sl);
1033 /* unlock if locked */
1034 unlock_flash_if(sl);
1036 /* set the mass erase bit */
1037 set_flash_cr_mer(sl);
1039 /* start erase operation, reset by hw with bsy bit */
1040 set_flash_cr_strt(sl);
1042 /* wait for completion */
1043 wait_flash_busy(sl);
1045 /* relock the flash */
1048 /* todo: verify the erased memory */
1053 int init_flash_loader(stlink_t *sl, flash_loader_t* fl) {
1056 /* allocate the loader in sram */
1057 if (write_loader_to_sram(sl, &fl->loader_addr, &size) == -1) {
1058 WLOG("Failed to write flash loader to sram!\n");
1062 /* allocate a one page buffer in sram right after loader */
1063 fl->buf_addr = fl->loader_addr + size;
1064 ILOG("Successfully loaded flash loader in sram\n");
1068 int write_loader_to_sram(stlink_t *sl, stm32_addr_t* addr, size_t* size) {
1069 /* from openocd, contrib/loaders/flash/stm32.s */
1070 static const uint8_t loader_code_stm32vl[] = {
1071 0x08, 0x4c, /* ldr r4, STM32_FLASH_BASE */
1072 0x1c, 0x44, /* add r4, r3 */
1073 /* write_half_word: */
1074 0x01, 0x23, /* movs r3, #0x01 */
1075 0x23, 0x61, /* str r3, [r4, #STM32_FLASH_CR_OFFSET] */
1076 0x30, 0xf8, 0x02, 0x3b, /* ldrh r3, [r0], #0x02 */
1077 0x21, 0xf8, 0x02, 0x3b, /* strh r3, [r1], #0x02 */
1079 0xe3, 0x68, /* ldr r3, [r4, #STM32_FLASH_SR_OFFSET] */
1080 0x13, 0xf0, 0x01, 0x0f, /* tst r3, #0x01 */
1081 0xfb, 0xd0, /* beq busy */
1082 0x13, 0xf0, 0x14, 0x0f, /* tst r3, #0x14 */
1083 0x01, 0xd1, /* bne exit */
1084 0x01, 0x3a, /* subs r2, r2, #0x01 */
1085 0xf0, 0xd1, /* bne write_half_word */
1087 0x00, 0xbe, /* bkpt #0x00 */
1088 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1091 static const uint8_t loader_code_stm32l[] = {
1093 /* openocd.git/contrib/loaders/flash/stm32lx.S
1094 r0, input, dest addr
1095 r1, input, source addr
1096 r2, input, word count
1097 r3, output, word count
1103 0x51, 0xf8, 0x04, 0xcb,
1104 0x40, 0xf8, 0x04, 0xcb,
1112 const uint8_t* loader_code;
1115 if (sl->core_id == STM32L_CORE_ID) /* stm32l */
1117 loader_code = loader_code_stm32l;
1118 loader_size = sizeof(loader_code_stm32l);
1120 else if (sl->core_id == STM32VL_CORE_ID)
1122 loader_code = loader_code_stm32vl;
1123 loader_size = sizeof(loader_code_stm32vl);
1127 WLOG("unknown coreid, not sure what flash loader to use, aborting!: %x\n", sl->core_id);
1131 memcpy(sl->q_buf, loader_code, loader_size);
1132 stlink_write_mem32(sl, sl->sram_base, loader_size);
1134 *addr = sl->sram_base;
1135 *size = loader_size;
1141 int stlink_fcheck_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1142 /* check the contents of path are at addr */
1145 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1147 if (map_file(&mf, path) == -1)
1150 res = check_file(sl, &mf, addr);
1158 * Verify addr..addr+len is binary identical to base...base+len
1159 * @param sl stlink context
1160 * @param address stm device address
1161 * @param data host side buffer to check against
1162 * @param length how much
1163 * @return 0 for success, -ve for failure
1165 int stlink_verify_write_flash(stlink_t *sl, stm32_addr_t address, uint8_t *data, unsigned length) {
1167 if ((sl->chip_id & 0xFFF) == STM32_CHIPID_F4) {
1168 DLOG("(FIXME)Skipping verification for F4, not enough ram (yet)\n");
1171 ILOG("Starting verification of write complete\n");
1172 for (off = 0; off < length; off += sl->flash_pgsz) {
1173 size_t aligned_size;
1175 /* adjust last page size */
1176 size_t cmp_size = sl->flash_pgsz;
1177 if ((off + sl->flash_pgsz) > length)
1178 cmp_size = length - off;
1180 aligned_size = cmp_size;
1181 if (aligned_size & (4 - 1))
1182 aligned_size = (cmp_size + 4) & ~(4 - 1);
1184 stlink_read_mem32(sl, address + off, aligned_size);
1186 if (memcmp(sl->q_buf, data + off, cmp_size)) {
1187 WLOG("Verification of flash failed at offset: %zd\n", off);
1191 ILOG("Flash written and verified! jolly good!\n");
1196 int stlink_write_flash(stlink_t *sl, stm32_addr_t addr, uint8_t* base, unsigned len) {
1199 ILOG("Attempting to write %d (%#x) bytes to stm32 address: %u (%#x)\n",
1200 len, len, addr, addr);
1201 /* check addr range is inside the flash */
1202 stlink_calculate_pagesize(sl, addr);
1203 if (addr < sl->flash_base) {
1204 WLOG("addr too low %#x < %#x\n", addr, sl->flash_base);
1206 } else if ((addr + len) < addr) {
1207 WLOG("addr overruns\n");
1209 } else if ((addr + len) > (sl->flash_base + sl->flash_size)) {
1210 WLOG("addr too high\n");
1212 } else if ((addr & 1) || (len & 1)) {
1213 WLOG("unaligned addr or size\n");
1215 } else if (addr & (sl->flash_pgsz - 1)) {
1216 WLOG("addr not a multiple of pagesize, not supported\n");
1220 // Make sure we've loaded the context with the chip details
1222 /* erase each page */
1224 for (off = 0; off < len; off += stlink_calculate_pagesize(sl, addr + off)) {
1225 /* addr must be an addr inside the page */
1226 if (stlink_erase_flash_page(sl, addr + off) == -1) {
1227 WLOG("Failed to erase_flash_page(%#zx) == -1\n", addr + off);
1232 ILOG("Finished erasing %d pages of %d (%#x) bytes\n",
1233 page_count, sl->flash_pgsz, sl->flash_pgsz);
1235 if (sl->chip_id == STM32F4_CHIP_ID) {
1236 /* todo: check write operation */
1238 /* First unlock the cr */
1239 unlock_flash_if(sl);
1241 /* set parallelisim to 32 bit*/
1242 write_flash_cr_psiz(sl, 2);
1244 /* set programming mode */
1245 set_flash_cr_pg(sl);
1247 #define PROGRESS_CHUNK_SIZE 0x1000
1248 /* write a word in program memory */
1249 for (off = 0; off < len; off += sizeof(uint32_t)) {
1251 if (sl->verbose >= 1) {
1252 if ((off & (PROGRESS_CHUNK_SIZE - 1)) == 0) {
1253 /* show progress. writing procedure is slow
1254 and previous errors are misleading */
1255 const uint32_t pgnum = (off / PROGRESS_CHUNK_SIZE)+1;
1256 const uint32_t pgcount = len / PROGRESS_CHUNK_SIZE;
1257 fprintf(stdout, "Writing %ukB chunk %u out of %u\n", PROGRESS_CHUNK_SIZE/1024, pgnum, pgcount);
1261 write_uint32((unsigned char*) &data, *(uint32_t*) (base + off));
1262 stlink_write_debug32(sl, addr + off, data);
1264 /* wait for sr.busy to be cleared */
1265 wait_flash_busy(sl);
1271 #if 0 /* todo: debug mode */
1272 fprintf(stdout, "Final CR:0x%x\n", read_flash_cr(sl));
1279 else if (sl->core_id == STM32L_CORE_ID) {
1280 /* use fast word write. todo: half page. */
1283 #if 0 /* todo: check write operation */
1285 uint32_t nwrites = sl->flash_pgsz;
1289 #endif /* todo: check write operation */
1291 /* disable pecr protection */
1292 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x89abcdef);
1293 stlink_write_debug32(sl, STM32L_FLASH_PEKEYR, 0x02030405);
1295 /* check pecr.pelock is cleared */
1296 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1297 if (val & (1 << 0)) {
1298 fprintf(stderr, "pecr.pelock not clear\n");
1302 /* unlock program memory */
1303 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x8c9daebf);
1304 stlink_write_debug32(sl, STM32L_FLASH_PRGKEYR, 0x13141516);
1306 /* check pecr.prglock is cleared */
1307 val = stlink_read_debug32(sl, STM32L_FLASH_PECR);
1308 if (val & (1 << 1)) {
1309 fprintf(stderr, "pecr.prglock not clear\n");
1313 /* write a word in program memory */
1314 for (off = 0; off < len; off += sizeof(uint32_t)) {
1316 if (sl->verbose >= 1) {
1317 if ((off & (sl->flash_pgsz - 1)) == 0) {
1318 /* show progress. writing procedure is slow
1319 and previous errors are misleading */
1320 const uint32_t pgnum = off / sl->flash_pgsz;
1321 const uint32_t pgcount = len / sl->flash_pgsz;
1322 fprintf(stdout, "%u pages written out of %u\n", pgnum, pgcount);
1326 write_uint32((unsigned char*) &data, *(uint32_t*) (base + off));
1327 stlink_write_debug32(sl, addr + off, data);
1329 /* wait for sr.busy to be cleared */
1330 while ((stlink_read_debug32(sl, STM32L_FLASH_SR) & (1 << 0)) != 0) {
1333 #if 0 /* todo: check redo write operation */
1335 /* check written bytes. todo: should be on a per page basis. */
1336 data = stlink_read_debug32(sl, addr + off);
1337 if (data == *(uint32_t*)(base + off)) {
1338 /* re erase the page and redo the write operation */
1342 /* fail if successive write count too low */
1343 if (nwrites < sl->flash_pgsz) {
1344 fprintf(stderr, "writes operation failure count too high, aborting\n");
1350 /* assume addr aligned */
1351 if (off % sl->flash_pgsz) off &= ~(sl->flash_pgsz - 1);
1354 fprintf(stderr, "invalid write @0x%x(0x%x): 0x%x != 0x%x. retrying.\n",
1355 page, addr + off, read_uint32(base + off, 0), read_uint32(sl->q_buf, 0));
1357 /* reset lock bits */
1358 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
1359 | (1 << 0) | (1 << 1) | (1 << 2);
1360 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1362 stlink_erase_flash_page(sl, page);
1367 /* increment successive writes counter */
1370 #endif /* todo: check redo write operation */
1372 /* reset lock bits */
1373 val = stlink_read_debug32(sl, STM32L_FLASH_PECR)
1374 | (1 << 0) | (1 << 1) | (1 << 2);
1375 stlink_write_debug32(sl, STM32L_FLASH_PECR, val);
1376 } else if (sl->core_id == STM32VL_CORE_ID) {
1377 ILOG("Starting Flash write for VL core id\n");
1378 /* flash loader initialization */
1379 if (init_flash_loader(sl, &fl) == -1) {
1380 WLOG("init_flash_loader() == -1\n");
1384 /* write each page. above WRITE_BLOCK_SIZE fails? */
1385 #define WRITE_BLOCK_SIZE 0x40
1386 int write_block_count = 0;
1387 for (off = 0; off < len; off += WRITE_BLOCK_SIZE) {
1388 ILOG("Writing flash block %d of size %d (%#x)\n", write_block_count,
1389 WRITE_BLOCK_SIZE, WRITE_BLOCK_SIZE);
1390 /* adjust last write size */
1391 size_t size = WRITE_BLOCK_SIZE;
1392 if ((off + WRITE_BLOCK_SIZE) > len) size = len - off;
1394 /* unlock and set programming mode */
1395 unlock_flash_if(sl);
1396 set_flash_cr_pg(sl);
1397 //DLOG("Finished setting flash cr pg, running loader!\n");
1398 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1399 WLOG("run_flash_loader(%#zx) failed! == -1\n", addr + off);
1403 DLOG("Finished writing block %d\n", write_block_count++);
1406 WLOG("unknown coreid, not sure how to write: %x\n", sl->core_id);
1410 return stlink_verify_write_flash(sl, addr, base, len);
1414 * Write the given binary file into flash at address "addr"
1416 * @param path readable file path, should be binary image
1417 * @param addr where to start writing
1418 * @return 0 on success, -ve on failure.
1420 int stlink_fwrite_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1421 /* write the file in flash at addr */
1423 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1424 if (map_file(&mf, path) == -1) {
1425 WLOG("map_file() == -1\n");
1428 err = stlink_write_flash(sl, addr, mf.base, mf.len);
1433 int run_flash_loader(stlink_t *sl, flash_loader_t* fl, stm32_addr_t target, const uint8_t* buf, size_t size) {
1436 DLOG("Running flash loader, write address:%#x, size: %zd\n", target, size);
1437 // FIXME This can never return -1
1438 if (write_buffer_to_sram(sl, fl, buf, size) == -1) {
1440 WLOG("write_buffer_to_sram() == -1\n");
1444 if (sl->core_id == STM32L_CORE_ID) {
1446 size_t count = size / sizeof(uint32_t);
1447 if (size % sizeof(uint32_t)) ++count;
1450 stlink_write_reg(sl, target, 0); /* target */
1451 stlink_write_reg(sl, fl->buf_addr, 1); /* source */
1452 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1453 stlink_write_reg(sl, 0, 3); /* output count */
1454 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1456 } else if (sl->core_id == STM32VL_CORE_ID) {
1458 size_t count = size / sizeof(uint16_t);
1459 if (size % sizeof(uint16_t)) ++count;
1462 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1463 stlink_write_reg(sl, target, 1); /* target */
1464 stlink_write_reg(sl, count, 2); /* count (16 bits half words) */
1465 stlink_write_reg(sl, 0, 3); /* flash bank 0 (input) */
1466 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1469 fprintf(stderr, "unknown coreid: 0x%x\n", sl->core_id);
1476 /* wait until done (reaches breakpoint) */
1477 while (is_core_halted(sl) == 0) ;
1479 /* check written byte count */
1480 if (sl->core_id == STM32L_CORE_ID) {
1482 size_t count = size / sizeof(uint32_t);
1483 if (size % sizeof(uint32_t)) ++count;
1485 stlink_read_reg(sl, 3, &rr);
1486 if (rr.r[3] != count) {
1487 fprintf(stderr, "write error, count == %u\n", rr.r[3]);
1491 } else if (sl->core_id == STM32VL_CORE_ID) {
1493 stlink_read_reg(sl, 2, &rr);
1495 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1501 fprintf(stderr, "unknown coreid: 0x%x\n", sl->core_id);