10 #include <sys/types.h>
15 #include "stlink-common.h"
17 void D(stlink_t *sl, char *txt) {
22 void DD(stlink_t *sl, char *format, ...) {
23 if (sl->verbose > 0) {
25 va_start(list, format);
26 vfprintf(stderr, format, list);
32 /* todo: stm32l15xxx flash memory, pm0062 manual */
34 /* stm32f FPEC flash controller interface, pm0063 manual */
36 #define FLASH_REGS_ADDR 0x40022000
37 #define FLASH_REGS_SIZE 0x28
39 #define FLASH_ACR (FLASH_REGS_ADDR + 0x00)
40 #define FLASH_KEYR (FLASH_REGS_ADDR + 0x04)
41 #define FLASH_SR (FLASH_REGS_ADDR + 0x0c)
42 #define FLASH_CR (FLASH_REGS_ADDR + 0x10)
43 #define FLASH_AR (FLASH_REGS_ADDR + 0x14)
44 #define FLASH_OBR (FLASH_REGS_ADDR + 0x1c)
45 #define FLASH_WRPR (FLASH_REGS_ADDR + 0x20)
47 #define FLASH_RDPTR_KEY 0x00a5
48 #define FLASH_KEY1 0x45670123
49 #define FLASH_KEY2 0xcdef89ab
51 #define FLASH_SR_BSY 0
52 #define FLASH_SR_EOP 5
55 #define FLASH_CR_PER 1
56 #define FLASH_CR_MER 2
57 #define FLASH_CR_STRT 6
58 #define FLASH_CR_LOCK 7
61 //32L = 32F1 same CoreID as 32F4!
62 #define STM32L_FLASH_REGS_ADDR ((uint32_t)0x40023c00)
63 #define STM32L_FLASH_ACR (STM32L_FLASH_REGS_ADDR + 0x00)
64 #define STM32L_FLASH_PECR (STM32L_FLASH_REGS_ADDR + 0x04)
65 #define STM32L_FLASH_PDKEYR (STM32L_FLASH_REGS_ADDR + 0x08)
66 #define STM32L_FLASH_PEKEYR (STM32L_FLASH_REGS_ADDR + 0x0c)
67 #define STM32L_FLASH_PRGKEYR (STM32L_FLASH_REGS_ADDR + 0x10)
68 #define STM32L_FLASH_OPTKEYR (STM32L_FLASH_REGS_ADDR + 0x14)
69 #define STM32L_FLASH_SR (STM32L_FLASH_REGS_ADDR + 0x18)
70 #define STM32L_FLASH_OBR (STM32L_FLASH_REGS_ADDR + 0x0c)
71 #define STM32L_FLASH_WRPR (STM32L_FLASH_REGS_ADDR + 0x20)
75 #define FLASH_F4_REGS_ADDR ((uint32_t)0x40023c00)
76 #define FLASH_F4_KEYR (FLASH_F4_REGS_ADDR + 0x04)
77 #define FLASH_F4_OPT_KEYR (FLASH_F4_REGS_ADDR + 0x08)
78 #define FLASH_F4_SR (FLASH_F4_REGS_ADDR + 0x0c)
79 #define FLASH_F4_CR (FLASH_F4_REGS_ADDR + 0x10)
80 #define FLASH_F4_OPT_CR (FLASH_F4_REGS_ADDR + 0x14)
81 #define FLASH_F4_CR_STRT 16
82 #define FLASH_F4_CR_LOCK 31
83 #define FLASH_F4_CR_SER 1
84 #define FLASH_F4_CR_SNB 3
85 #define FLASH_F4_CR_SNB_MASK 0x38
86 #define FLASH_F4_SR_BSY 16
89 void write_uint32(unsigned char* buf, uint32_t ui) {
90 if (!is_bigendian()) { // le -> le (don't swap)
91 buf[0] = ((unsigned char*) &ui)[0];
92 buf[1] = ((unsigned char*) &ui)[1];
93 buf[2] = ((unsigned char*) &ui)[2];
94 buf[3] = ((unsigned char*) &ui)[3];
96 buf[0] = ((unsigned char*) &ui)[3];
97 buf[1] = ((unsigned char*) &ui)[2];
98 buf[2] = ((unsigned char*) &ui)[1];
99 buf[3] = ((unsigned char*) &ui)[0];
103 void write_uint16(unsigned char* buf, uint16_t ui) {
104 if (!is_bigendian()) { // le -> le (don't swap)
105 buf[0] = ((unsigned char*) &ui)[0];
106 buf[1] = ((unsigned char*) &ui)[1];
108 buf[0] = ((unsigned char*) &ui)[1];
109 buf[1] = ((unsigned char*) &ui)[0];
113 uint32_t read_uint32(const unsigned char *c, const int pt) {
115 char *p = (char *) &ui;
117 if (!is_bigendian()) { // le -> le (don't swap)
131 static uint32_t __attribute__((unused)) read_flash_rdp(stlink_t *sl) {
132 stlink_read_mem32(sl, FLASH_WRPR, sizeof (uint32_t));
133 return (*(uint32_t*) sl->q_buf) & 0xff;
136 static inline uint32_t read_flash_wrpr(stlink_t *sl) {
137 stlink_read_mem32(sl, FLASH_WRPR, sizeof (uint32_t));
138 return *(uint32_t*) sl->q_buf;
141 static inline uint32_t read_flash_obr(stlink_t *sl) {
142 stlink_read_mem32(sl, FLASH_OBR, sizeof (uint32_t));
143 return *(uint32_t*) sl->q_buf;
146 static inline uint32_t read_flash_cr(stlink_t *sl) {
147 if(sl->chip_id==STM32F4_CHIP_ID)
148 stlink_read_mem32(sl, FLASH_F4_CR, sizeof (uint32_t));
150 stlink_read_mem32(sl, FLASH_CR, sizeof (uint32_t));
151 fprintf(stdout, "CR:%X\n", *(uint32_t*) sl->q_buf);
152 return *(uint32_t*) sl->q_buf;
155 static inline unsigned int is_flash_locked(stlink_t *sl) {
156 /* return non zero for true */
157 if(sl->chip_id==STM32F4_CHIP_ID)
158 return read_flash_cr(sl) & (1 << FLASH_F4_CR_LOCK);
160 return read_flash_cr(sl) & (1 << FLASH_CR_LOCK);
163 static void unlock_flash(stlink_t *sl) {
164 /* the unlock sequence consists of 2 write cycles where
165 2 key values are written to the FLASH_KEYR register.
166 an invalid sequence results in a definitive lock of
167 the FPEC block until next reset.
169 if(sl->chip_id==STM32F4_CHIP_ID) {
170 write_uint32(sl->q_buf, FLASH_KEY1);
171 stlink_write_mem32(sl, FLASH_F4_KEYR, sizeof (uint32_t));
172 write_uint32(sl->q_buf, FLASH_KEY2);
173 stlink_write_mem32(sl, FLASH_F4_KEYR, sizeof (uint32_t));
176 write_uint32(sl->q_buf, FLASH_KEY1);
177 stlink_write_mem32(sl, FLASH_KEYR, sizeof (uint32_t));
178 write_uint32(sl->q_buf, FLASH_KEY2);
179 stlink_write_mem32(sl, FLASH_KEYR, sizeof (uint32_t));
184 static int unlock_flash_if(stlink_t *sl) {
185 /* unlock flash if already locked */
187 if (is_flash_locked(sl)) {
189 if (is_flash_locked(sl))
196 static void lock_flash(stlink_t *sl) {
197 if(sl->chip_id==STM32F4_CHIP_ID) {
198 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_F4_CR_LOCK);
199 write_uint32(sl->q_buf, n);
200 stlink_write_mem32(sl, FLASH_F4_CR, sizeof (uint32_t));
203 /* write to 1 only. reset by hw at unlock sequence */
204 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_CR_LOCK);
205 write_uint32(sl->q_buf, n);
206 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
211 static void set_flash_cr_pg(stlink_t *sl) {
212 if(sl->chip_id==STM32F4_CHIP_ID) {
213 uint32_t x = read_flash_cr(sl);
214 x |= (1 << FLASH_CR_PG);
215 write_uint32(sl->q_buf, x);
216 stlink_write_mem32(sl, FLASH_F4_CR, sizeof (uint32_t));
219 const uint32_t n = 1 << FLASH_CR_PG;
220 write_uint32(sl->q_buf, n);
221 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
225 static void __attribute__((unused)) clear_flash_cr_pg(stlink_t *sl) {
226 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PG);
227 write_uint32(sl->q_buf, n);
228 if(sl->chip_id==STM32F4_CHIP_ID)
229 stlink_write_mem32(sl, FLASH_F4_CR, sizeof (uint32_t));
231 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
234 static void set_flash_cr_per(stlink_t *sl) {
235 const uint32_t n = 1 << FLASH_CR_PER;
236 write_uint32(sl->q_buf, n);
237 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
240 static void __attribute__((unused)) clear_flash_cr_per(stlink_t *sl) {
241 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PER);
242 write_uint32(sl->q_buf, n);
243 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
246 static void set_flash_cr_mer(stlink_t *sl) {
247 const uint32_t n = 1 << FLASH_CR_MER;
248 write_uint32(sl->q_buf, n);
249 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
252 static void __attribute__((unused)) clear_flash_cr_mer(stlink_t *sl) {
253 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_MER);
254 write_uint32(sl->q_buf, n);
255 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
258 static void set_flash_cr_strt(stlink_t *sl) {
259 if(sl->chip_id == STM32F4_CHIP_ID)
261 uint32_t x = read_flash_cr(sl);
262 x |= (1 << FLASH_F4_CR_STRT);
263 write_uint32(sl->q_buf, x);
264 stlink_write_mem32(sl, FLASH_F4_CR, sizeof (uint32_t));
267 /* assume come on the flash_cr_per path */
268 const uint32_t n = (1 << FLASH_CR_PER) | (1 << FLASH_CR_STRT);
269 write_uint32(sl->q_buf, n);
270 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
274 static inline uint32_t read_flash_acr(stlink_t *sl) {
275 stlink_read_mem32(sl, FLASH_ACR, sizeof (uint32_t));
276 return *(uint32_t*) sl->q_buf;
279 static inline uint32_t read_flash_sr(stlink_t *sl) {
280 if(sl->chip_id==STM32F4_CHIP_ID)
281 stlink_read_mem32(sl, FLASH_F4_SR, sizeof (uint32_t));
283 stlink_read_mem32(sl, FLASH_SR, sizeof (uint32_t));
284 //fprintf(stdout, "SR:%X\n", *(uint32_t*) sl->q_buf);
285 return *(uint32_t*) sl->q_buf;
288 static inline unsigned int is_flash_busy(stlink_t *sl) {
289 if(sl->chip_id==STM32F4_CHIP_ID)
290 return read_flash_sr(sl) & (1 << FLASH_F4_SR_BSY);
292 return read_flash_sr(sl) & (1 << FLASH_SR_BSY);
295 static void wait_flash_busy(stlink_t *sl) {
296 /* todo: add some delays here */
297 while (is_flash_busy(sl))
301 static inline unsigned int is_flash_eop(stlink_t *sl) {
302 return read_flash_sr(sl) & (1 << FLASH_SR_EOP);
305 static void __attribute__((unused)) clear_flash_sr_eop(stlink_t *sl) {
306 const uint32_t n = read_flash_sr(sl) & ~(1 << FLASH_SR_EOP);
307 write_uint32(sl->q_buf, n);
308 stlink_write_mem32(sl, FLASH_SR, sizeof (uint32_t));
311 static void __attribute__((unused)) wait_flash_eop(stlink_t *sl) {
312 /* todo: add some delays here */
313 while (is_flash_eop(sl) == 0)
317 static inline void write_flash_ar(stlink_t *sl, uint32_t n) {
318 write_uint32(sl->q_buf, n);
319 stlink_write_mem32(sl, FLASH_AR, sizeof (uint32_t));
322 static inline void write_flash_cr_psiz(stlink_t *sl, uint32_t n) {
323 uint32_t x = read_flash_cr(sl);
326 fprintf(stdout, "PSIZ:%X %X\n", x, n);
327 write_uint32(sl->q_buf, x);
328 stlink_write_mem32(sl, FLASH_F4_CR, sizeof (uint32_t));
332 static inline void write_flash_cr_snb(stlink_t *sl, uint32_t n) {
333 uint32_t x = read_flash_cr(sl);
334 x &= ~FLASH_F4_CR_SNB_MASK;
335 x |= (n << FLASH_F4_CR_SNB);
336 x |= (1 << FLASH_F4_CR_SER);
337 fprintf(stdout, "SNB:%X %X\n", x, n);
338 write_uint32(sl->q_buf, x);
339 stlink_write_mem32(sl, FLASH_F4_CR, sizeof (uint32_t));
344 static void disable_flash_read_protection(stlink_t *sl) {
345 /* erase the option byte area */
352 // Delegates to the backends...
354 void stlink_close(stlink_t *sl) {
355 D(sl, "\n*** stlink_close ***\n");
356 sl->backend->close(sl);
360 void stlink_exit_debug_mode(stlink_t *sl) {
361 D(sl, "\n*** stlink_exit_debug_mode ***\n");
362 sl->backend->exit_debug_mode(sl);
365 void stlink_enter_swd_mode(stlink_t *sl) {
366 D(sl, "\n*** stlink_enter_swd_mode ***\n");
367 sl->backend->enter_swd_mode(sl);
370 // Force the core into the debug mode -> halted state.
371 void stlink_force_debug(stlink_t *sl) {
372 D(sl, "\n*** stlink_force_debug_mode ***\n");
373 sl->backend->force_debug(sl);
376 void stlink_exit_dfu_mode(stlink_t *sl) {
377 D(sl, "\n*** stlink_exit_dfu_mode ***\n");
378 sl->backend->exit_dfu_mode(sl);
381 uint32_t stlink_core_id(stlink_t *sl) {
382 D(sl, "\n*** stlink_core_id ***\n");
383 sl->backend->core_id(sl);
385 stlink_print_data(sl);
389 void stlink_identify_device(stlink_t *sl) {
390 uint32_t core_id=stlink_core_id(sl);
391 stlink_read_mem32(sl, 0xE0042000, 4);
392 uint32_t chip_id = sl->q_buf[0] | (sl->q_buf[1] << 8) | (sl->q_buf[2] << 16) |
393 (sl->q_buf[3] << 24);
394 /* Fix chip_id for F4 */
395 if (((chip_id & 0xFFF) == 0x411) && (core_id == CORE_M4_R0)) {
396 printf("Fixing wrong chip_id for STM32F4 Rev A errata\n");
404 * Cortex m3 tech ref manual, CPUID register description
405 * @param sl stlink context
406 * @param cpuid pointer to the result object
408 void stlink_cpu_id(stlink_t *sl, cortex_m3_cpuid_t *cpuid) {
409 stlink_read_mem32(sl, CM3_REG_CPUID, 4);
410 uint32_t raw = read_uint32(sl->q_buf, 0);
411 cpuid->implementer_id = (raw >> 24) & 0x7f;
412 cpuid->variant = (raw >> 20) & 0xf;
413 cpuid->part = (raw >> 4) & 0xfff;
414 cpuid->revision = raw & 0xf;
418 void stlink_reset(stlink_t *sl) {
419 D(sl, "\n*** stlink_reset ***\n");
420 sl->backend->reset(sl);
423 void stlink_run(stlink_t *sl) {
424 D(sl, "\n*** stlink_run ***\n");
425 sl->backend->run(sl);
428 void stlink_status(stlink_t *sl) {
429 D(sl, "\n*** stlink_status ***\n");
430 sl->backend->status(sl);
431 stlink_core_stat(sl);
435 * Decode the version bits, originally from -sg, verified with usb
436 * @param sl stlink context, assumed to contain valid data in the buffer
437 * @param slv output parsed version object
439 void _parse_version(stlink_t *sl, stlink_version_t *slv) {
440 uint32_t b0 = sl->q_buf[0]; //lsb
441 uint32_t b1 = sl->q_buf[1];
442 uint32_t b2 = sl->q_buf[2];
443 uint32_t b3 = sl->q_buf[3];
444 uint32_t b4 = sl->q_buf[4];
445 uint32_t b5 = sl->q_buf[5]; //msb
447 // b0 b1 || b2 b3 | b4 b5
448 // 4b | 6b | 6b || 2B | 2B
449 // stlink_v | jtag_v | swim_v || st_vid | stlink_pid
451 slv->stlink_v = (b0 & 0xf0) >> 4;
452 slv->jtag_v = ((b0 & 0x0f) << 2) | ((b1 & 0xc0) >> 6);
453 slv->swim_v = b1 & 0x3f;
454 slv->st_vid = (b3 << 8) | b2;
455 slv->stlink_pid = (b5 << 8) | b4;
459 void stlink_version(stlink_t *sl) {
460 D(sl, "*** looking up stlink version\n");
461 stlink_version_t slv;
462 sl->backend->version(sl);
463 _parse_version(sl, &slv);
465 DD(sl, "st vid = 0x%04x (expect 0x%04x)\n", slv.st_vid, USB_ST_VID);
466 DD(sl, "stlink pid = 0x%04x\n", slv.stlink_pid);
467 DD(sl, "stlink version = 0x%x\n", slv.stlink_v);
468 DD(sl, "jtag version = 0x%x\n", slv.jtag_v);
469 DD(sl, "swim version = 0x%x\n", slv.swim_v);
470 if (slv.jtag_v == 0) {
471 DD(sl, " notice: the firmware doesn't support a jtag/swd interface\n");
473 if (slv.swim_v == 0) {
474 DD(sl, " notice: the firmware doesn't support a swim interface\n");
478 void stlink_write_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
479 D(sl, "\n*** stlink_write_mem32 ***\n");
481 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n", len % 4);
484 sl->backend->write_mem32(sl, addr, len);
487 void stlink_read_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
488 D(sl, "\n*** stlink_read_mem32 ***\n");
489 if (len % 4 != 0) { // !!! never ever: fw gives just wrong values
490 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n",
494 sl->backend->read_mem32(sl, addr, len);
497 void stlink_write_mem8(stlink_t *sl, uint32_t addr, uint16_t len) {
498 D(sl, "\n*** stlink_write_mem8 ***\n");
499 sl->backend->write_mem8(sl, addr, len);
502 void stlink_read_all_regs(stlink_t *sl, reg *regp) {
503 D(sl, "\n*** stlink_read_all_regs ***\n");
504 sl->backend->read_all_regs(sl, regp);
507 void stlink_write_reg(stlink_t *sl, uint32_t reg, int idx) {
508 D(sl, "\n*** stlink_write_reg\n");
509 sl->backend->write_reg(sl, reg, idx);
512 void stlink_read_reg(stlink_t *sl, int r_idx, reg *regp) {
513 D(sl, "\n*** stlink_read_reg\n");
514 DD(sl, " (%d) ***\n", r_idx);
516 if (r_idx > 20 || r_idx < 0) {
517 fprintf(stderr, "Error: register index must be in [0..20]\n");
521 sl->backend->read_reg(sl, r_idx, regp);
524 unsigned int is_core_halted(stlink_t *sl) {
525 /* return non zero if core is halted */
527 return sl->q_buf[0] == STLINK_CORE_HALTED;
530 void stlink_step(stlink_t *sl) {
531 D(sl, "\n*** stlink_step ***\n");
532 sl->backend->step(sl);
535 int stlink_current_mode(stlink_t *sl) {
536 int mode = sl->backend->current_mode(sl);
538 case STLINK_DEV_DFU_MODE:
539 DD(sl, "stlink current mode: dfu\n");
541 case STLINK_DEV_DEBUG_MODE:
542 DD(sl, "stlink current mode: debug (jtag or swd)\n");
544 case STLINK_DEV_MASS_MODE:
545 DD(sl, "stlink current mode: mass\n");
548 DD(sl, "stlink mode: unknown!\n");
549 return STLINK_DEV_UNKNOWN_MODE;
555 // End of delegates.... Common code below here...
558 // http://www.ibm.com/developerworks/aix/library/au-endianc/index.html
560 // #define is_bigendian() ( (*(char*)&i) == 0 )
562 inline unsigned int is_bigendian(void) {
563 static volatile const unsigned int i = 1;
564 return *(volatile const char*) &i == 0;
567 uint16_t read_uint16(const unsigned char *c, const int pt) {
569 char *p = (char *) &ui;
571 if (!is_bigendian()) { // le -> le (don't swap)
581 // same as above with entrypoint.
583 void stlink_run_at(stlink_t *sl, stm32_addr_t addr) {
584 stlink_write_reg(sl, addr, 15); /* pc register */
588 while (is_core_halted(sl) == 0)
592 void stlink_core_stat(stlink_t *sl) {
596 switch (sl->q_buf[0]) {
597 case STLINK_CORE_RUNNING:
598 sl->core_stat = STLINK_CORE_RUNNING;
599 DD(sl, " core status: running\n");
601 case STLINK_CORE_HALTED:
602 sl->core_stat = STLINK_CORE_HALTED;
603 DD(sl, " core status: halted\n");
606 sl->core_stat = STLINK_CORE_STAT_UNKNOWN;
607 fprintf(stderr, " core status: unknown\n");
611 void stlink_print_data(stlink_t * sl) {
612 if (sl->q_len <= 0 || sl->verbose < 2)
615 fprintf(stdout, "data_len = %d 0x%x\n", sl->q_len, sl->q_len);
617 for (int i = 0; i < sl->q_len; i++) {
620 if (sl->q_data_dir == Q_DATA_OUT)
621 fprintf(stdout, "\n<- 0x%08x ", sl->q_addr + i);
623 fprintf(stdout, "\n-> 0x%08x ", sl->q_addr + i);
626 fprintf(stdout, " %02x", (unsigned int) sl->q_buf[i]);
628 fputs("\n\n", stdout);
631 /* memory mapped file */
633 typedef struct mapped_file {
638 #define MAPPED_FILE_INITIALIZER { NULL, 0 }
640 static int map_file(mapped_file_t* mf, const char* path) {
644 const int fd = open(path, O_RDONLY);
646 fprintf(stderr, "open(%s) == -1\n", path);
650 if (fstat(fd, &st) == -1) {
651 fprintf(stderr, "fstat() == -1\n");
655 mf->base = (uint8_t*) mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
656 if (mf->base == MAP_FAILED) {
657 fprintf(stderr, "mmap() == MAP_FAILED\n");
661 mf->len = st.st_size;
672 static void unmap_file(mapped_file_t * mf) {
673 munmap((void*) mf->base, mf->len);
674 mf->base = (unsigned char*) MAP_FAILED;
678 static int check_file(stlink_t* sl, mapped_file_t* mf, stm32_addr_t addr) {
681 for (off = 0; off < mf->len; off += sl->flash_pgsz) {
684 /* adjust last page size */
685 size_t cmp_size = sl->flash_pgsz;
686 if ((off + sl->flash_pgsz) > mf->len)
687 cmp_size = mf->len - off;
689 aligned_size = cmp_size;
690 if (aligned_size & (4 - 1))
691 aligned_size = (cmp_size + 4) & ~(4 - 1);
693 stlink_read_mem32(sl, addr + off, aligned_size);
695 if (memcmp(sl->q_buf, mf->base + off, cmp_size))
702 int stlink_fwrite_sram
703 (stlink_t * sl, const char* path, stm32_addr_t addr) {
704 /* write the file in sram at addr */
708 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
710 if (map_file(&mf, path) == -1) {
711 fprintf(stderr, "map_file() == -1\n");
715 /* check addr range is inside the sram */
716 if (addr < sl->sram_base) {
717 fprintf(stderr, "addr too low\n");
719 } else if ((addr + mf.len) < addr) {
720 fprintf(stderr, "addr overruns\n");
722 } else if ((addr + mf.len) > (sl->sram_base + sl->sram_size)) {
723 fprintf(stderr, "addr too high\n");
725 } else if ((addr & 3) || (mf.len & 3)) {
727 fprintf(stderr, "unaligned addr or size\n");
731 /* do the copy by 1k blocks */
732 for (off = 0; off < mf.len; off += 1024) {
734 if ((off + size) > mf.len)
737 memcpy(sl->q_buf, mf.base + off, size);
739 /* round size if needed */
743 stlink_write_mem32(sl, addr + off, size);
746 /* check the file ha been written */
747 if (check_file(sl, &mf, addr) == -1) {
748 fprintf(stderr, "check_file() == -1\n");
760 int stlink_fread(stlink_t* sl, const char* path, stm32_addr_t addr, size_t size) {
761 /* read size bytes from addr to file */
766 const int fd = open(path, O_RDWR | O_TRUNC | O_CREAT, 00700);
768 fprintf(stderr, "open(%s) == -1\n", path);
772 /* do the copy by 1k blocks */
773 for (off = 0; off < size; off += 1024) {
774 size_t read_size = 1024;
776 if ((off + read_size) > size)
777 read_size = size - off;
779 /* round size if needed */
780 rounded_size = read_size;
781 if (rounded_size & 3)
782 rounded_size = (rounded_size + 4) & ~(3);
784 stlink_read_mem32(sl, addr + off, rounded_size);
786 if (write(fd, sl->q_buf, read_size) != (ssize_t) read_size) {
787 fprintf(stderr, "write() != read_size\n");
801 int write_buffer_to_sram(stlink_t *sl, flash_loader_t* fl, const uint8_t* buf, size_t size) {
802 /* write the buffer right after the loader */
803 memcpy(sl->q_buf, buf, size);
804 stlink_write_mem8(sl, fl->buf_addr, size);
808 uint32_t calculate_F4_sectornum(uint32_t flashaddr){
809 flashaddr &= ~STM32_FLASH_BASE; //Page now holding the actual flash address
810 if (flashaddr<0x4000) return (0);
811 else if(flashaddr<0x8000) return(1);
812 else if(flashaddr<0xc000) return(2);
813 else if(flashaddr<0x10000) return(3);
814 else if(flashaddr<0x20000) return(4);
815 else return(flashaddr/0x20000)+4;
819 uint32_t calculate_sectorsize(stlink_t *sl, uint32_t flashaddr){
820 if(sl->chip_id == STM32F4_CHIP_ID) {
821 uint32_t sector=calculate_F4_sectornum(flashaddr);
822 if (sector<4) return (0x4000);
823 else if(sector<5) return(0x10000);
824 else return(0x20000);
826 else return (sl->flash_pgsz);
829 int stlink_erase_flash_page(stlink_t *sl, stm32_addr_t page)
831 /* page an addr in the page to erase */
833 stlink_identify_device(sl);
835 if (sl->chip_id == STM32F4_CHIP_ID)
837 /* wait for ongoing op to finish */
840 /* unlock if locked */
843 /* select the page to erase */
844 //Page is passed to us as an addr, so calculate the actual page
847 page=calculate_F4_sectornum(addr);
849 fprintf(stderr, "Erasing Sector:%u SectorSize:%u\n", page, calculate_sectorsize(sl, addr));
850 write_flash_cr_snb(sl, page);
852 /* start erase operation */
853 set_flash_cr_strt(sl);
855 /* wait for completion */
858 /* relock the flash */
859 //todo: fails to program if this is in
861 fprintf(stdout, "Erase Final CR:%X\n", read_flash_cr(sl));
865 else if (sl->core_id == STM32L_CORE_ID)
870 /* disable pecr protection */
871 write_uint32(sl->q_buf, 0x89abcdef);
872 stlink_write_mem32(sl, STM32L_FLASH_PEKEYR, sizeof(uint32_t));
873 write_uint32(sl->q_buf, 0x02030405);
874 stlink_write_mem32(sl, STM32L_FLASH_PEKEYR, sizeof(uint32_t));
876 /* check pecr.pelock is cleared */
877 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
878 val = read_uint32(sl->q_buf, 0);
881 fprintf(stderr, "pecr.pelock not clear (0x%x)\n", val);
885 /* unlock program memory */
886 write_uint32(sl->q_buf, 0x8c9daebf);
887 stlink_write_mem32(sl, STM32L_FLASH_PRGKEYR, sizeof(uint32_t));
888 write_uint32(sl->q_buf, 0x13141516);
889 stlink_write_mem32(sl, STM32L_FLASH_PRGKEYR, sizeof(uint32_t));
891 /* check pecr.prglock is cleared */
892 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
893 val = read_uint32(sl->q_buf, 0);
896 fprintf(stderr, "pecr.prglock not clear (0x%x)\n", val);
900 /* unused: unlock the option byte block */
902 write_uint32(sl->q_buf, 0xfbead9c8);
903 stlink_write_mem32(sl, STM32L_FLASH_OPTKEYR, sizeof(uint32_t));
904 write_uint32(sl->q_buf, 0x24252627);
905 stlink_write_mem32(sl, STM32L_FLASH_OPTKEYR, sizeof(uint32_t));
907 /* check pecr.optlock is cleared */
908 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
909 val = read_uint32(sl->q_buf, 0);
912 fprintf(stderr, "pecr.prglock not clear\n");
917 /* set pecr.{erase,prog} */
918 val |= (1 << 9) | (1 << 3);
919 write_uint32(sl->q_buf, val);
920 stlink_write_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
922 /* wait for sr.busy to be cleared */
925 stlink_read_mem32(sl, STM32L_FLASH_SR, sizeof(uint32_t));
926 if ((read_uint32(sl->q_buf, 0) & (1 << 0)) == 0) break ;
929 /* write 0 to the first word of the page to be erased */
930 memset(sl->q_buf, 0, sizeof(uint32_t));
931 stlink_write_mem32(sl, page, sizeof(uint32_t));
933 /* reset lock bits */
934 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
935 val = read_uint32(sl->q_buf, 0) | (1 << 0) | (1 << 1) | (1 << 2);
936 write_uint32(sl->q_buf, val);
937 stlink_write_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
939 else if (sl->core_id == STM32VL_CORE_ID)
941 /* wait for ongoing op to finish */
944 /* unlock if locked */
947 /* set the page erase bit */
948 set_flash_cr_per(sl);
950 /* select the page to erase */
951 write_flash_ar(sl, page);
953 /* start erase operation, reset by hw with bsy bit */
954 set_flash_cr_strt(sl);
956 /* wait for completion */
959 /* relock the flash */
964 fprintf(stderr, "unknown device!\n");
968 /* todo: verify the erased page */
973 int stlink_erase_flash_mass(stlink_t *sl) {
974 /* wait for ongoing op to finish */
977 /* unlock if locked */
980 /* set the mass erase bit */
981 set_flash_cr_mer(sl);
983 /* start erase operation, reset by hw with bsy bit */
984 set_flash_cr_strt(sl);
986 /* wait for completion */
989 /* relock the flash */
992 /* todo: verify the erased memory */
997 int init_flash_loader(stlink_t *sl, flash_loader_t* fl) {
1000 /* allocate the loader in sram */
1001 if (write_loader_to_sram(sl, &fl->loader_addr, &size) == -1) {
1002 fprintf(stderr, "write_loader_to_sram() == -1\n");
1006 /* allocate a one page buffer in sram right after loader */
1007 fl->buf_addr = fl->loader_addr + size;
1012 int write_loader_to_sram(stlink_t *sl, stm32_addr_t* addr, size_t* size) {
1013 /* from openocd, contrib/loaders/flash/stm32.s */
1014 static const uint8_t loader_code_stm32vl[] = {
1015 0x08, 0x4c, /* ldr r4, STM32_FLASH_BASE */
1016 0x1c, 0x44, /* add r4, r3 */
1017 /* write_half_word: */
1018 0x01, 0x23, /* movs r3, #0x01 */
1019 0x23, 0x61, /* str r3, [r4, #STM32_FLASH_CR_OFFSET] */
1020 0x30, 0xf8, 0x02, 0x3b, /* ldrh r3, [r0], #0x02 */
1021 0x21, 0xf8, 0x02, 0x3b, /* strh r3, [r1], #0x02 */
1023 0xe3, 0x68, /* ldr r3, [r4, #STM32_FLASH_SR_OFFSET] */
1024 0x13, 0xf0, 0x01, 0x0f, /* tst r3, #0x01 */
1025 0xfb, 0xd0, /* beq busy */
1026 0x13, 0xf0, 0x14, 0x0f, /* tst r3, #0x14 */
1027 0x01, 0xd1, /* bne exit */
1028 0x01, 0x3a, /* subs r2, r2, #0x01 */
1029 0xf0, 0xd1, /* bne write_half_word */
1031 0x00, 0xbe, /* bkpt #0x00 */
1032 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
1035 static const uint8_t loader_code_stm32l[] = {
1037 /* openocd.git/contrib/loaders/flash/stm32lx.S
1038 r0, input, dest addr
1039 r1, input, source addr
1040 r2, input, word count
1041 r3, output, word count
1047 0x51, 0xf8, 0x04, 0xcb,
1048 0x40, 0xf8, 0x04, 0xcb,
1056 const uint8_t* loader_code;
1059 if (sl->core_id == STM32L_CORE_ID) /* stm32l */
1061 loader_code = loader_code_stm32l;
1062 loader_size = sizeof(loader_code_stm32l);
1064 else if (sl->core_id == STM32VL_CORE_ID)
1066 loader_code = loader_code_stm32vl;
1067 loader_size = sizeof(loader_code_stm32vl);
1071 fprintf(stderr, "unknown coreid: %x\n", sl->core_id);
1075 memcpy(sl->q_buf, loader_code, loader_size);
1076 stlink_write_mem32(sl, sl->sram_base, loader_size);
1078 *addr = sl->sram_base;
1079 *size = loader_size;
1085 int stlink_fcheck_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1086 /* check the contents of path are at addr */
1089 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1091 if (map_file(&mf, path) == -1)
1094 res = check_file(sl, &mf, addr);
1101 int stlink_write_flash(stlink_t *sl, stm32_addr_t addr, uint8_t* base, unsigned len) {
1105 stlink_identify_device(sl);
1107 #if 0 /* todo: use in debugging mode only */
1108 fprintf(stdout, "WriteFlash - addr:%x len:%x\n", addr, len);
1109 fprintf(stdout, "CoreID:%X ChipID:%X\n", sl->core_id, sl->chip_id);
1112 /* check addr range is inside the flash */
1113 if (addr < sl->flash_base) {
1114 fprintf(stderr, "addr too low\n");
1116 } else if ((addr + len) < addr) {
1117 fprintf(stderr, "addr overruns\n");
1119 } else if ((addr + len) > (sl->flash_base + sl->flash_size)) {
1120 fprintf(stderr, "addr too high\n");
1122 } else if ((addr & 1) || (len & 1)) {
1123 fprintf(stderr, "unaligned addr or size\n");
1125 } else if (addr & (sl->flash_pgsz - 1)) {
1126 fprintf(stderr, "addr not a multiple of pagesize, not supported\n");
1130 /* erase each page */
1131 for (off = 0; off < len; off += calculate_sectorsize(sl, addr + off) ) {
1132 /* addr must be an addr inside the page */
1133 if (stlink_erase_flash_page(sl, addr + off) == -1) {
1134 fprintf(stderr, "erase_flash_page(0x%zx) == -1\n", addr + off);
1139 if (sl->chip_id == STM32F4_CHIP_ID) {
1140 /* todo: check write operation */
1142 /* First unlock the cr */
1143 unlock_flash_if(sl);
1145 /* set parallelisim to 32 bit*/
1146 write_flash_cr_psiz(sl, 2);
1148 /* set programming mode */
1149 set_flash_cr_pg(sl);
1151 #define PROGRESS_CHUNK_SIZE 0x1000
1152 /* write a word in program memory */
1153 for (off = 0; off < len; off += sizeof(uint32_t)) {
1154 if (sl->verbose >= 1) {
1155 if ((off & (PROGRESS_CHUNK_SIZE - 1)) == 0) {
1156 /* show progress. writing procedure is slow
1157 and previous errors are misleading */
1158 const uint32_t pgnum = (off / PROGRESS_CHUNK_SIZE)+1;
1159 const uint32_t pgcount = len / PROGRESS_CHUNK_SIZE;
1160 fprintf(stdout, "Writing %ukB chunk %u out of %u\n", PROGRESS_CHUNK_SIZE/1024, pgnum, pgcount);
1164 memcpy(sl->q_buf, (const void*)(base + off), sizeof(uint32_t));
1165 stlink_write_mem32(sl, addr + off, sizeof(uint32_t));
1167 /* wait for sr.busy to be cleared */
1168 wait_flash_busy(sl);
1174 #if 0 /* todo: debug mode */
1175 fprintf(stdout, "Final CR:%X\n", read_flash_cr(sl));
1182 else if (sl->core_id == STM32L_CORE_ID) {
1183 /* use fast word write. todo: half page. */
1187 #if 0 /* todo: check write operation */
1189 uint32_t nwrites = sl->flash_pgsz;
1193 #endif /* todo: check write operation */
1195 /* disable pecr protection */
1196 write_uint32(sl->q_buf, 0x89abcdef);
1197 stlink_write_mem32(sl, STM32L_FLASH_PEKEYR, sizeof(uint32_t));
1198 write_uint32(sl->q_buf, 0x02030405);
1199 stlink_write_mem32(sl, STM32L_FLASH_PEKEYR, sizeof(uint32_t));
1201 /* check pecr.pelock is cleared */
1202 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1203 val = read_uint32(sl->q_buf, 0);
1204 if (val & (1 << 0)) {
1205 fprintf(stderr, "pecr.pelock not clear\n");
1209 /* unlock program memory */
1210 write_uint32(sl->q_buf, 0x8c9daebf);
1211 stlink_write_mem32(sl, STM32L_FLASH_PRGKEYR, sizeof(uint32_t));
1212 write_uint32(sl->q_buf, 0x13141516);
1213 stlink_write_mem32(sl, STM32L_FLASH_PRGKEYR, sizeof(uint32_t));
1215 /* check pecr.prglock is cleared */
1216 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1217 val = read_uint32(sl->q_buf, 0);
1218 if (val & (1 << 1)) {
1219 fprintf(stderr, "pecr.prglock not clear\n");
1223 /* write a word in program memory */
1224 for (off = 0; off < len; off += sizeof(uint32_t)) {
1225 if (sl->verbose >= 1) {
1226 if ((off & (sl->flash_pgsz - 1)) == 0) {
1227 /* show progress. writing procedure is slow
1228 and previous errors are misleading */
1229 const uint32_t pgnum = off / sl->flash_pgsz;
1230 const uint32_t pgcount = len / sl->flash_pgsz;
1231 fprintf(stdout, "%u pages written out of %u\n", pgnum, pgcount);
1235 memcpy(sl->q_buf, (const void*)(base + off), sizeof(uint32_t));
1236 stlink_write_mem32(sl, addr + off, sizeof(uint32_t));
1238 /* wait for sr.busy to be cleared */
1240 stlink_read_mem32(sl, STM32L_FLASH_SR, sizeof(uint32_t));
1241 if ((read_uint32(sl->q_buf, 0) & (1 << 0)) == 0) break ;
1244 #if 0 /* todo: check redo write operation */
1246 /* check written bytes. todo: should be on a per page basis. */
1247 stlink_read_mem32(sl, addr + off, sizeof(uint32_t));
1248 if (memcmp(sl->q_buf, base + off, sizeof(uint32_t))) {
1249 /* re erase the page and redo the write operation */
1253 /* fail if successive write count too low */
1254 if (nwrites < sl->flash_pgsz) {
1255 fprintf(stderr, "writes operation failure count too high, aborting\n");
1261 /* assume addr aligned */
1262 if (off % sl->flash_pgsz) off &= ~(sl->flash_pgsz - 1);
1265 fprintf(stderr, "invalid write @%x(%x): %x != %x. retrying.\n",
1266 page, addr + off, read_uint32(base + off, 0), read_uint32(sl->q_buf, 0));
1268 /* reset lock bits */
1269 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1270 val = read_uint32(sl->q_buf, 0) | (1 << 0) | (1 << 1) | (1 << 2);
1271 write_uint32(sl->q_buf, val);
1272 stlink_write_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1274 stlink_erase_flash_page(sl, page);
1279 /* increment successive writes counter */
1282 #endif /* todo: check redo write operation */
1284 /* reset lock bits */
1285 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1286 val = read_uint32(sl->q_buf, 0) | (1 << 0) | (1 << 1) | (1 << 2);
1287 write_uint32(sl->q_buf, val);
1288 stlink_write_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1294 else if (sl->core_id == STM32VL_CORE_ID) {
1295 /* flash loader initialization */
1296 if (init_flash_loader(sl, &fl) == -1) {
1297 fprintf(stderr, "init_flash_loader() == -1\n");
1300 /* write each page. above WRITE_BLOCK_SIZE fails? */
1301 #define WRITE_BLOCK_SIZE 0x40
1302 for (off = 0; off < len; off += WRITE_BLOCK_SIZE) {
1303 /* adjust last write size */
1304 size_t size = WRITE_BLOCK_SIZE;
1305 if ((off + WRITE_BLOCK_SIZE) > len) size = len - off;
1307 /* unlock and set programming mode */
1308 unlock_flash_if(sl);
1309 set_flash_cr_pg(sl);
1311 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1312 fprintf(stderr, "run_flash_loader(0x%zx) == -1\n", addr + off);
1324 fprintf(stderr, "unknown device!\n");
1333 //todo: F4 Can't stlink_read_mem32 an entire sector, not enough ram!
1334 for (off = 0; off < len; off += sl->flash_pgsz) {
1335 size_t aligned_size;
1337 /* adjust last page size */
1338 size_t cmp_size = sl->flash_pgsz;
1339 if ((off + sl->flash_pgsz) > len)
1340 cmp_size = len - off;
1342 aligned_size = cmp_size;
1343 if (aligned_size & (4 - 1))
1344 aligned_size = (cmp_size + 4) & ~(4 - 1);
1346 fprintf(stdout, "AlignedSize:%x\n", aligned_size);
1347 stlink_read_mem32(sl, addr + off, aligned_size);
1349 if (memcmp(sl->q_buf, base + off, cmp_size))
1360 int stlink_fwrite_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1361 /* write the file in flash at addr */
1364 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1366 if (map_file(&mf, path) == -1) {
1367 fprintf(stderr, "map_file() == -1\n");
1371 err = stlink_write_flash(sl, addr, mf.base, mf.len);
1378 int run_flash_loader(stlink_t *sl, flash_loader_t* fl, stm32_addr_t target, const uint8_t* buf, size_t size) {
1382 if (write_buffer_to_sram(sl, fl, buf, size) == -1) {
1383 fprintf(stderr, "write_buffer_to_sram() == -1\n");
1387 if (sl->core_id == STM32L_CORE_ID) {
1389 size_t count = size / sizeof(uint32_t);
1390 if (size % sizeof(uint32_t)) ++count;
1393 stlink_write_reg(sl, target, 0); /* target */
1394 stlink_write_reg(sl, fl->buf_addr, 1); /* source */
1395 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1396 stlink_write_reg(sl, 0, 3); /* output count */
1397 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1399 } else if (sl->core_id == STM32VL_CORE_ID) {
1401 size_t count = size / sizeof(uint16_t);
1402 if (size % sizeof(uint16_t)) ++count;
1405 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1406 stlink_write_reg(sl, target, 1); /* target */
1407 stlink_write_reg(sl, count, 2); /* count (16 bits half words) */
1408 stlink_write_reg(sl, 0, 3); /* flash bank 0 (input) */
1409 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1412 fprintf(stderr, "unknown coreid: %x\n", sl->core_id);
1419 /* wait until done (reaches breakpoint) */
1420 while (is_core_halted(sl) == 0) ;
1422 /* check written byte count */
1423 if (sl->core_id == STM32L_CORE_ID) {
1425 size_t count = size / sizeof(uint32_t);
1426 if (size % sizeof(uint32_t)) ++count;
1428 stlink_read_reg(sl, 3, &rr);
1429 if (rr.r[3] != count) {
1430 fprintf(stderr, "write error, count == %u\n", rr.r[3]);
1434 } else if (sl->core_id == STM32VL_CORE_ID) {
1436 stlink_read_reg(sl, 2, &rr);
1438 fprintf(stderr, "write error, count == %u\n", rr.r[2]);
1444 fprintf(stderr, "unknown coreid: %x\n", sl->core_id);
projects / fw / stlink / blob