10 #include <sys/types.h>
15 #include "stlink-common.h"
17 void D(stlink_t *sl, char *txt) {
22 void DD(stlink_t *sl, char *format, ...) {
23 if (sl->verbose > 0) {
25 va_start(list, format);
26 vfprintf(stderr, format, list);
32 /* todo: stm32l15xxx flash memory, pm0062 manual */
34 /* stm32f FPEC flash controller interface, pm0063 manual */
36 #define FLASH_REGS_ADDR 0x40022000
37 #define FLASH_REGS_SIZE 0x28
39 #define FLASH_ACR (FLASH_REGS_ADDR + 0x00)
40 #define FLASH_KEYR (FLASH_REGS_ADDR + 0x04)
41 #define FLASH_SR (FLASH_REGS_ADDR + 0x0c)
42 #define FLASH_CR (FLASH_REGS_ADDR + 0x10)
43 #define FLASH_AR (FLASH_REGS_ADDR + 0x14)
44 #define FLASH_OBR (FLASH_REGS_ADDR + 0x1c)
45 #define FLASH_WRPR (FLASH_REGS_ADDR + 0x20)
47 #define FLASH_RDPTR_KEY 0x00a5
48 #define FLASH_KEY1 0x45670123
49 #define FLASH_KEY2 0xcdef89ab
51 #define FLASH_SR_BSY 0
52 #define FLASH_SR_EOP 5
55 #define FLASH_CR_PER 1
56 #define FLASH_CR_MER 2
57 #define FLASH_CR_STRT 6
58 #define FLASH_CR_LOCK 7
60 void write_uint32(unsigned char* buf, uint32_t ui) {
61 if (!is_bigendian()) { // le -> le (don't swap)
62 buf[0] = ((unsigned char*) &ui)[0];
63 buf[1] = ((unsigned char*) &ui)[1];
64 buf[2] = ((unsigned char*) &ui)[2];
65 buf[3] = ((unsigned char*) &ui)[3];
67 buf[0] = ((unsigned char*) &ui)[3];
68 buf[1] = ((unsigned char*) &ui)[2];
69 buf[2] = ((unsigned char*) &ui)[1];
70 buf[3] = ((unsigned char*) &ui)[0];
74 void write_uint16(unsigned char* buf, uint16_t ui) {
75 if (!is_bigendian()) { // le -> le (don't swap)
76 buf[0] = ((unsigned char*) &ui)[0];
77 buf[1] = ((unsigned char*) &ui)[1];
79 buf[0] = ((unsigned char*) &ui)[1];
80 buf[1] = ((unsigned char*) &ui)[0];
84 uint32_t read_uint32(const unsigned char *c, const int pt) {
86 char *p = (char *) &ui;
88 if (!is_bigendian()) { // le -> le (don't swap)
102 static uint32_t __attribute__((unused)) read_flash_rdp(stlink_t *sl) {
103 stlink_read_mem32(sl, FLASH_WRPR, sizeof (uint32_t));
104 return (*(uint32_t*) sl->q_buf) & 0xff;
107 static inline uint32_t read_flash_wrpr(stlink_t *sl) {
108 stlink_read_mem32(sl, FLASH_WRPR, sizeof (uint32_t));
109 return *(uint32_t*) sl->q_buf;
112 static inline uint32_t read_flash_obr(stlink_t *sl) {
113 stlink_read_mem32(sl, FLASH_OBR, sizeof (uint32_t));
114 return *(uint32_t*) sl->q_buf;
117 static inline uint32_t read_flash_cr(stlink_t *sl) {
118 stlink_read_mem32(sl, FLASH_CR, sizeof (uint32_t));
119 return *(uint32_t*) sl->q_buf;
122 static inline unsigned int is_flash_locked(stlink_t *sl) {
123 /* return non zero for true */
124 return read_flash_cr(sl) & (1 << FLASH_CR_LOCK);
127 static void unlock_flash(stlink_t *sl) {
128 /* the unlock sequence consists of 2 write cycles where
129 2 key values are written to the FLASH_KEYR register.
130 an invalid sequence results in a definitive lock of
131 the FPEC block until next reset.
134 write_uint32(sl->q_buf, FLASH_KEY1);
135 stlink_write_mem32(sl, FLASH_KEYR, sizeof (uint32_t));
137 write_uint32(sl->q_buf, FLASH_KEY2);
138 stlink_write_mem32(sl, FLASH_KEYR, sizeof (uint32_t));
141 static int unlock_flash_if(stlink_t *sl) {
142 /* unlock flash if already locked */
144 if (is_flash_locked(sl)) {
146 if (is_flash_locked(sl))
153 static void lock_flash(stlink_t *sl) {
154 /* write to 1 only. reset by hw at unlock sequence */
156 const uint32_t n = read_flash_cr(sl) | (1 << FLASH_CR_LOCK);
158 write_uint32(sl->q_buf, n);
159 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
162 static void set_flash_cr_pg(stlink_t *sl) {
163 const uint32_t n = 1 << FLASH_CR_PG;
164 write_uint32(sl->q_buf, n);
165 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
168 static void __attribute__((unused)) clear_flash_cr_pg(stlink_t *sl) {
169 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PG);
170 write_uint32(sl->q_buf, n);
171 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
174 static void set_flash_cr_per(stlink_t *sl) {
175 const uint32_t n = 1 << FLASH_CR_PER;
176 write_uint32(sl->q_buf, n);
177 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
180 static void __attribute__((unused)) clear_flash_cr_per(stlink_t *sl) {
181 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_PER);
182 write_uint32(sl->q_buf, n);
183 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
186 static void set_flash_cr_mer(stlink_t *sl) {
187 const uint32_t n = 1 << FLASH_CR_MER;
188 write_uint32(sl->q_buf, n);
189 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
192 static void __attribute__((unused)) clear_flash_cr_mer(stlink_t *sl) {
193 const uint32_t n = read_flash_cr(sl) & ~(1 << FLASH_CR_MER);
194 write_uint32(sl->q_buf, n);
195 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
198 static void set_flash_cr_strt(stlink_t *sl) {
199 /* assume come on the flash_cr_per path */
200 const uint32_t n = (1 << FLASH_CR_PER) | (1 << FLASH_CR_STRT);
201 write_uint32(sl->q_buf, n);
202 stlink_write_mem32(sl, FLASH_CR, sizeof (uint32_t));
205 static inline uint32_t read_flash_acr(stlink_t *sl) {
206 stlink_read_mem32(sl, FLASH_ACR, sizeof (uint32_t));
207 return *(uint32_t*) sl->q_buf;
210 static inline uint32_t read_flash_sr(stlink_t *sl) {
211 stlink_read_mem32(sl, FLASH_SR, sizeof (uint32_t));
212 return *(uint32_t*) sl->q_buf;
215 static inline unsigned int is_flash_busy(stlink_t *sl) {
216 return read_flash_sr(sl) & (1 << FLASH_SR_BSY);
219 static void wait_flash_busy(stlink_t *sl) {
220 /* todo: add some delays here */
221 while (is_flash_busy(sl))
225 static inline unsigned int is_flash_eop(stlink_t *sl) {
226 return read_flash_sr(sl) & (1 << FLASH_SR_EOP);
229 static void __attribute__((unused)) clear_flash_sr_eop(stlink_t *sl) {
230 const uint32_t n = read_flash_sr(sl) & ~(1 << FLASH_SR_EOP);
231 write_uint32(sl->q_buf, n);
232 stlink_write_mem32(sl, FLASH_SR, sizeof (uint32_t));
235 static void __attribute__((unused)) wait_flash_eop(stlink_t *sl) {
236 /* todo: add some delays here */
237 while (is_flash_eop(sl) == 0)
241 static inline void write_flash_ar(stlink_t *sl, uint32_t n) {
242 write_uint32(sl->q_buf, n);
243 stlink_write_mem32(sl, FLASH_AR, sizeof (uint32_t));
248 static void disable_flash_read_protection(stlink_t *sl) {
249 /* erase the option byte area */
256 // Delegates to the backends...
258 void stlink_close(stlink_t *sl) {
259 D(sl, "\n*** stlink_close ***\n");
260 sl->backend->close(sl);
264 void stlink_exit_debug_mode(stlink_t *sl) {
265 D(sl, "\n*** stlink_exit_debug_mode ***\n");
266 sl->backend->exit_debug_mode(sl);
269 void stlink_enter_swd_mode(stlink_t *sl) {
270 D(sl, "\n*** stlink_enter_swd_mode ***\n");
271 sl->backend->enter_swd_mode(sl);
274 // Force the core into the debug mode -> halted state.
275 void stlink_force_debug(stlink_t *sl) {
276 D(sl, "\n*** stlink_force_debug_mode ***\n");
277 sl->backend->force_debug(sl);
280 void stlink_exit_dfu_mode(stlink_t *sl) {
281 D(sl, "\n*** stlink_exit_dfu_mode ***\n");
282 sl->backend->exit_dfu_mode(sl);
285 uint32_t stlink_core_id(stlink_t *sl) {
286 D(sl, "\n*** stlink_core_id ***\n");
287 sl->backend->core_id(sl);
289 stlink_print_data(sl);
290 DD(sl, "core_id = 0x%08x\n", sl->core_id);
294 uint16_t stlink_chip_id(stlink_t *sl) {
295 stlink_read_mem32(sl, 0xE0042000, 4);
296 uint32_t chip_id = sl->q_buf[0] | (sl->q_buf[1] << 8) | (sl->q_buf[2] << 16) |
297 (sl->q_buf[3] << 24);
302 * Cortex m3 tech ref manual, CPUID register description
303 * @param sl stlink context
304 * @param cpuid pointer to the result object
306 void stlink_cpu_id(stlink_t *sl, cortex_m3_cpuid_t *cpuid) {
307 stlink_read_mem32(sl, CM3_REG_CPUID, 4);
308 uint32_t raw = read_uint32(sl->q_buf, 0);
309 cpuid->implementer_id = (raw >> 24) & 0x7f;
310 cpuid->variant = (raw >> 20) & 0xf;
311 cpuid->part = (raw >> 4) & 0xfff;
312 cpuid->revision = raw & 0xf;
316 void stlink_reset(stlink_t *sl) {
317 D(sl, "\n*** stlink_reset ***\n");
318 sl->backend->reset(sl);
321 void stlink_run(stlink_t *sl) {
322 D(sl, "\n*** stlink_run ***\n");
323 sl->backend->run(sl);
326 void stlink_status(stlink_t *sl) {
327 D(sl, "\n*** stlink_status ***\n");
328 sl->backend->status(sl);
329 stlink_core_stat(sl);
333 * Decode the version bits, originally from -sg, verified with usb
334 * @param sl stlink context, assumed to contain valid data in the buffer
335 * @param slv output parsed version object
337 void _parse_version(stlink_t *sl, stlink_version_t *slv) {
338 uint32_t b0 = sl->q_buf[0]; //lsb
339 uint32_t b1 = sl->q_buf[1];
340 uint32_t b2 = sl->q_buf[2];
341 uint32_t b3 = sl->q_buf[3];
342 uint32_t b4 = sl->q_buf[4];
343 uint32_t b5 = sl->q_buf[5]; //msb
345 // b0 b1 || b2 b3 | b4 b5
346 // 4b | 6b | 6b || 2B | 2B
347 // stlink_v | jtag_v | swim_v || st_vid | stlink_pid
349 slv->stlink_v = (b0 & 0xf0) >> 4;
350 slv->jtag_v = ((b0 & 0x0f) << 2) | ((b1 & 0xc0) >> 6);
351 slv->swim_v = b1 & 0x3f;
352 slv->st_vid = (b3 << 8) | b2;
353 slv->stlink_pid = (b5 << 8) | b4;
357 void stlink_version(stlink_t *sl) {
358 D(sl, "*** looking up stlink version\n");
359 stlink_version_t slv;
360 sl->backend->version(sl);
361 _parse_version(sl, &slv);
363 DD(sl, "st vid = 0x%04x (expect 0x%04x)\n", slv.st_vid, USB_ST_VID);
364 DD(sl, "stlink pid = 0x%04x\n", slv.stlink_pid);
365 DD(sl, "stlink version = 0x%x\n", slv.stlink_v);
366 DD(sl, "jtag version = 0x%x\n", slv.jtag_v);
367 DD(sl, "swim version = 0x%x\n", slv.swim_v);
368 if (slv.jtag_v == 0) {
369 DD(sl, " notice: the firmware doesn't support a jtag/swd interface\n");
371 if (slv.swim_v == 0) {
372 DD(sl, " notice: the firmware doesn't support a swim interface\n");
376 void stlink_write_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
377 D(sl, "\n*** stlink_write_mem32 ***\n");
379 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n", len % 4);
382 sl->backend->write_mem32(sl, addr, len);
385 void stlink_read_mem32(stlink_t *sl, uint32_t addr, uint16_t len) {
386 D(sl, "\n*** stlink_read_mem32 ***\n");
387 if (len % 4 != 0) { // !!! never ever: fw gives just wrong values
388 fprintf(stderr, "Error: Data length doesn't have a 32 bit alignment: +%d byte.\n",
392 sl->backend->read_mem32(sl, addr, len);
395 void stlink_write_mem8(stlink_t *sl, uint32_t addr, uint16_t len) {
396 D(sl, "\n*** stlink_write_mem8 ***\n");
397 sl->backend->write_mem8(sl, addr, len);
400 void stlink_read_all_regs(stlink_t *sl, reg *regp) {
401 D(sl, "\n*** stlink_read_all_regs ***\n");
402 sl->backend->read_all_regs(sl, regp);
405 void stlink_write_reg(stlink_t *sl, uint32_t reg, int idx) {
406 D(sl, "\n*** stlink_write_reg\n");
407 sl->backend->write_reg(sl, reg, idx);
410 void stlink_read_reg(stlink_t *sl, int r_idx, reg *regp) {
411 D(sl, "\n*** stlink_read_reg\n");
412 DD(sl, " (%d) ***\n", r_idx);
414 if (r_idx > 20 || r_idx < 0) {
415 fprintf(stderr, "Error: register index must be in [0..20]\n");
419 sl->backend->read_reg(sl, r_idx, regp);
422 unsigned int is_core_halted(stlink_t *sl) {
423 /* return non zero if core is halted */
425 return sl->q_buf[0] == STLINK_CORE_HALTED;
428 void stlink_step(stlink_t *sl) {
429 D(sl, "\n*** stlink_step ***\n");
430 sl->backend->step(sl);
433 int stlink_current_mode(stlink_t *sl) {
434 int mode = sl->backend->current_mode(sl);
436 case STLINK_DEV_DFU_MODE:
437 DD(sl, "stlink current mode: dfu\n");
439 case STLINK_DEV_DEBUG_MODE:
440 DD(sl, "stlink current mode: debug (jtag or swd)\n");
442 case STLINK_DEV_MASS_MODE:
443 DD(sl, "stlink current mode: mass\n");
446 DD(sl, "stlink mode: unknown!\n");
447 return STLINK_DEV_UNKNOWN_MODE;
453 // End of delegates.... Common code below here...
456 // http://www.ibm.com/developerworks/aix/library/au-endianc/index.html
458 // #define is_bigendian() ( (*(char*)&i) == 0 )
460 inline unsigned int is_bigendian(void) {
461 static volatile const unsigned int i = 1;
462 return *(volatile const char*) &i == 0;
465 uint16_t read_uint16(const unsigned char *c, const int pt) {
467 char *p = (char *) &ui;
469 if (!is_bigendian()) { // le -> le (don't swap)
479 // same as above with entrypoint.
481 void stlink_run_at(stlink_t *sl, stm32_addr_t addr) {
482 stlink_write_reg(sl, addr, 15); /* pc register */
486 while (is_core_halted(sl) == 0)
490 void stlink_core_stat(stlink_t *sl) {
494 switch (sl->q_buf[0]) {
495 case STLINK_CORE_RUNNING:
496 sl->core_stat = STLINK_CORE_RUNNING;
497 DD(sl, " core status: running\n");
499 case STLINK_CORE_HALTED:
500 sl->core_stat = STLINK_CORE_HALTED;
501 DD(sl, " core status: halted\n");
504 sl->core_stat = STLINK_CORE_STAT_UNKNOWN;
505 fprintf(stderr, " core status: unknown\n");
509 void stlink_print_data(stlink_t * sl) {
510 if (sl->q_len <= 0 || sl->verbose < 2)
513 fprintf(stdout, "data_len = %d 0x%x\n", sl->q_len, sl->q_len);
515 for (int i = 0; i < sl->q_len; i++) {
518 if (sl->q_data_dir == Q_DATA_OUT)
519 fprintf(stdout, "\n<- 0x%08x ", sl->q_addr + i);
521 fprintf(stdout, "\n-> 0x%08x ", sl->q_addr + i);
524 fprintf(stdout, " %02x", (unsigned int) sl->q_buf[i]);
526 fputs("\n\n", stdout);
529 /* memory mapped file */
531 typedef struct mapped_file {
536 #define MAPPED_FILE_INITIALIZER { NULL, 0 }
538 static int map_file(mapped_file_t* mf, const char* path) {
542 const int fd = open(path, O_RDONLY);
544 fprintf(stderr, "open(%s) == -1\n", path);
548 if (fstat(fd, &st) == -1) {
549 fprintf(stderr, "fstat() == -1\n");
553 mf->base = (uint8_t*) mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
554 if (mf->base == MAP_FAILED) {
555 fprintf(stderr, "mmap() == MAP_FAILED\n");
559 mf->len = st.st_size;
570 static void unmap_file(mapped_file_t * mf) {
571 munmap((void*) mf->base, mf->len);
572 mf->base = (unsigned char*) MAP_FAILED;
576 static int check_file(stlink_t* sl, mapped_file_t* mf, stm32_addr_t addr) {
579 for (off = 0; off < mf->len; off += sl->flash_pgsz) {
582 /* adjust last page size */
583 size_t cmp_size = sl->flash_pgsz;
584 if ((off + sl->flash_pgsz) > mf->len)
585 cmp_size = mf->len - off;
587 aligned_size = cmp_size;
588 if (aligned_size & (4 - 1))
589 aligned_size = (cmp_size + 4) & ~(4 - 1);
591 stlink_read_mem32(sl, addr + off, aligned_size);
593 if (memcmp(sl->q_buf, mf->base + off, cmp_size))
600 int stlink_fwrite_sram
601 (stlink_t * sl, const char* path, stm32_addr_t addr) {
602 /* write the file in sram at addr */
606 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
608 if (map_file(&mf, path) == -1) {
609 fprintf(stderr, "map_file() == -1\n");
613 /* check addr range is inside the sram */
614 if (addr < sl->sram_base) {
615 fprintf(stderr, "addr too low\n");
617 } else if ((addr + mf.len) < addr) {
618 fprintf(stderr, "addr overruns\n");
620 } else if ((addr + mf.len) > (sl->sram_base + sl->sram_size)) {
621 fprintf(stderr, "addr too high\n");
623 } else if ((addr & 3) || (mf.len & 3)) {
625 fprintf(stderr, "unaligned addr or size\n");
629 /* do the copy by 1k blocks */
630 for (off = 0; off < mf.len; off += 1024) {
632 if ((off + size) > mf.len)
635 memcpy(sl->q_buf, mf.base + off, size);
637 /* round size if needed */
641 stlink_write_mem32(sl, addr + off, size);
644 /* check the file ha been written */
645 if (check_file(sl, &mf, addr) == -1) {
646 fprintf(stderr, "check_file() == -1\n");
658 int stlink_fread(stlink_t* sl, const char* path, stm32_addr_t addr, size_t size) {
659 /* read size bytes from addr to file */
664 const int fd = open(path, O_RDWR | O_TRUNC | O_CREAT, 00700);
666 fprintf(stderr, "open(%s) == -1\n", path);
670 /* do the copy by 1k blocks */
671 for (off = 0; off < size; off += 1024) {
672 size_t read_size = 1024;
674 if ((off + read_size) > size)
675 read_size = size - off;
677 /* round size if needed */
678 rounded_size = read_size;
679 if (rounded_size & 3)
680 rounded_size = (rounded_size + 4) & ~(3);
682 stlink_read_mem32(sl, addr + off, rounded_size);
684 if (write(fd, sl->q_buf, read_size) != (ssize_t) read_size) {
685 fprintf(stderr, "write() != read_size\n");
699 int write_buffer_to_sram(stlink_t *sl, flash_loader_t* fl, const uint8_t* buf, size_t size) {
700 /* write the buffer right after the loader */
701 memcpy(sl->q_buf, buf, size);
702 stlink_write_mem8(sl, fl->buf_addr, size);
706 int stlink_erase_flash_page(stlink_t *sl, stm32_addr_t page)
708 /* page an addr in the page to erase */
710 if (sl->core_id == 0x2ba01477) /* stm32l */
712 #define STM32L_FLASH_REGS_ADDR ((uint32_t)0x40023c00)
713 #define STM32L_FLASH_ACR (STM32L_FLASH_REGS_ADDR + 0x00)
714 #define STM32L_FLASH_PECR (STM32L_FLASH_REGS_ADDR + 0x04)
715 #define STM32L_FLASH_PDKEYR (STM32L_FLASH_REGS_ADDR + 0x08)
716 #define STM32L_FLASH_PEKEYR (STM32L_FLASH_REGS_ADDR + 0x0c)
717 #define STM32L_FLASH_PRGKEYR (STM32L_FLASH_REGS_ADDR + 0x10)
718 #define STM32L_FLASH_OPTKEYR (STM32L_FLASH_REGS_ADDR + 0x14)
719 #define STM32L_FLASH_SR (STM32L_FLASH_REGS_ADDR + 0x18)
720 #define STM32L_FLASH_OBR (STM32L_FLASH_REGS_ADDR + 0x0c)
721 #define STM32L_FLASH_WRPR (STM32L_FLASH_REGS_ADDR + 0x20)
725 /* disable pecr protection */
726 write_uint32(sl->q_buf, 0x89abcdef);
727 stlink_write_mem32(sl, STM32L_FLASH_PEKEYR, sizeof(uint32_t));
728 write_uint32(sl->q_buf, 0x02030405);
729 stlink_write_mem32(sl, STM32L_FLASH_PEKEYR, sizeof(uint32_t));
731 /* check pecr.pelock is cleared */
732 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
733 val = read_uint32(sl->q_buf, 0);
736 fprintf(stderr, "pecr.pelock not clear\n");
740 /* unlock program memory */
741 write_uint32(sl->q_buf, 0x8c9daebf);
742 stlink_write_mem32(sl, STM32L_FLASH_PRGKEYR, sizeof(uint32_t));
743 write_uint32(sl->q_buf, 0x13141516);
744 stlink_write_mem32(sl, STM32L_FLASH_PRGKEYR, sizeof(uint32_t));
746 /* check pecr.prglock is cleared */
747 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
748 val = read_uint32(sl->q_buf, 0);
751 fprintf(stderr, "pecr.prglock not clear\n");
755 /* unused: unlock the option byte block */
757 write_uint32(sl->q_buf, 0xfbead9c8);
758 stlink_write_mem32(sl, STM32L_FLASH_OPTKEYR, sizeof(uint32_t));
759 write_uint32(sl->q_buf, 0x24252627);
760 stlink_write_mem32(sl, STM32L_FLASH_OPTKEYR, sizeof(uint32_t));
762 /* check pecr.optlock is cleared */
763 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
764 val = read_uint32(sl->q_buf, 0);
767 fprintf(stderr, "pecr.prglock not clear\n");
772 /* set pecr.{erase,prog} */
773 val |= (1 << 9) | (1 << 3);
774 write_uint32(sl->q_buf, val);
775 stlink_write_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
777 /* wait for sr.busy to be cleared */
780 stlink_read_mem32(sl, STM32L_FLASH_SR, sizeof(uint32_t));
781 if ((read_uint32(sl->q_buf, 0) & (1 << 0)) == 0) break ;
784 /* write 0 to the first word of the page to be erased */
785 memset(sl->q_buf, 0, sizeof(uint32_t));
786 stlink_write_mem32(sl, page, sizeof(uint32_t));
788 /* reset lock bits */
789 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
790 val = read_uint32(sl->q_buf, 0) | (1 << 0) | (1 << 1) | (1 << 2);
791 write_uint32(sl->q_buf, val);
792 stlink_write_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
796 /* wait for ongoing op to finish */
799 /* unlock if locked */
802 /* set the page erase bit */
803 set_flash_cr_per(sl);
805 /* select the page to erase */
806 write_flash_ar(sl, page);
808 /* start erase operation, reset by hw with bsy bit */
809 set_flash_cr_strt(sl);
811 /* wait for completion */
814 /* relock the flash */
818 /* todo: verify the erased page */
823 int stlink_erase_flash_mass(stlink_t *sl) {
824 /* wait for ongoing op to finish */
827 /* unlock if locked */
830 /* set the mass erase bit */
831 set_flash_cr_mer(sl);
833 /* start erase operation, reset by hw with bsy bit */
834 set_flash_cr_strt(sl);
836 /* wait for completion */
839 /* relock the flash */
842 /* todo: verify the erased memory */
847 int init_flash_loader(stlink_t *sl, flash_loader_t* fl) {
850 /* allocate the loader in sram */
851 if (write_loader_to_sram(sl, &fl->loader_addr, &size) == -1) {
852 fprintf(stderr, "write_loader_to_sram() == -1\n");
856 /* allocate a one page buffer in sram right after loader */
857 fl->buf_addr = fl->loader_addr + size;
862 int write_loader_to_sram(stlink_t *sl, stm32_addr_t* addr, size_t* size) {
863 /* from openocd, contrib/loaders/flash/stm32.s */
864 static const uint8_t loader_code_stm32vl[] = {
865 0x08, 0x4c, /* ldr r4, STM32_FLASH_BASE */
866 0x1c, 0x44, /* add r4, r3 */
867 /* write_half_word: */
868 0x01, 0x23, /* movs r3, #0x01 */
869 0x23, 0x61, /* str r3, [r4, #STM32_FLASH_CR_OFFSET] */
870 0x30, 0xf8, 0x02, 0x3b, /* ldrh r3, [r0], #0x02 */
871 0x21, 0xf8, 0x02, 0x3b, /* strh r3, [r1], #0x02 */
873 0xe3, 0x68, /* ldr r3, [r4, #STM32_FLASH_SR_OFFSET] */
874 0x13, 0xf0, 0x01, 0x0f, /* tst r3, #0x01 */
875 0xfb, 0xd0, /* beq busy */
876 0x13, 0xf0, 0x14, 0x0f, /* tst r3, #0x14 */
877 0x01, 0xd1, /* bne exit */
878 0x01, 0x3a, /* subs r2, r2, #0x01 */
879 0xf0, 0xd1, /* bne write_half_word */
881 0x00, 0xbe, /* bkpt #0x00 */
882 0x00, 0x20, 0x02, 0x40, /* STM32_FLASH_BASE: .word 0x40022000 */
885 static const uint8_t loader_code_stm32l[] = {
887 /* openocd.git/contrib/loaders/flash/stm32lx.S
889 r1, input, source addr
890 r2, input, word count
891 r3, output, word count
897 0x51, 0xf8, 0x04, 0xcb,
898 0x40, 0xf8, 0x04, 0xcb,
906 const uint8_t* loader_code;
909 if (sl->core_id == 0x2ba01477) /* stm32l */
911 loader_code = loader_code_stm32l;
912 loader_size = sizeof(loader_code_stm32l);
916 loader_code = loader_code_stm32vl;
917 loader_size = sizeof(loader_code_stm32vl);
920 memcpy(sl->q_buf, loader_code, loader_size);
921 stlink_write_mem32(sl, sl->sram_base, loader_size);
923 *addr = sl->sram_base;
930 int stlink_fcheck_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
931 /* check the contents of path are at addr */
934 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
936 if (map_file(&mf, path) == -1)
939 res = check_file(sl, &mf, addr);
947 #define WRITE_BLOCK_SIZE 0x40
949 int stlink_write_flash(stlink_t *sl, stm32_addr_t addr, uint8_t* base, unsigned len) {
953 /* check addr range is inside the flash */
954 if (addr < sl->flash_base) {
955 fprintf(stderr, "addr too low\n");
957 } else if ((addr + len) < addr) {
958 fprintf(stderr, "addr overruns\n");
960 } else if ((addr + len) > (sl->flash_base + sl->flash_size)) {
961 fprintf(stderr, "addr too high\n");
963 } else if ((addr & 1) || (len & 1)) {
964 fprintf(stderr, "unaligned addr or size\n");
968 /* needed for specializing loader */
971 if (sl->core_id == 0x2ba01477) /* stm32l */
973 /* use fast word write. todo: half page. */
974 /* todo, factorize with stlink_fwrite_flash */
979 for (off = 0; off < len; off += sl->flash_pgsz) {
980 /* addr must be an addr inside the page */
981 if (stlink_erase_flash_page(sl, addr + off) == -1) {
982 fprintf(stderr, "erase_flash_page(0x%zx) == -1\n", addr + off);
987 /* disable pecr protection */
988 write_uint32(sl->q_buf, 0x89abcdef);
989 stlink_write_mem32(sl, STM32L_FLASH_PEKEYR, sizeof(uint32_t));
990 write_uint32(sl->q_buf, 0x02030405);
991 stlink_write_mem32(sl, STM32L_FLASH_PEKEYR, sizeof(uint32_t));
993 /* check pecr.pelock is cleared */
994 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
995 val = read_uint32(sl->q_buf, 0);
998 fprintf(stderr, "pecr.pelock not clear\n");
1002 /* unlock program memory */
1003 write_uint32(sl->q_buf, 0x8c9daebf);
1004 stlink_write_mem32(sl, STM32L_FLASH_PRGKEYR, sizeof(uint32_t));
1005 write_uint32(sl->q_buf, 0x13141516);
1006 stlink_write_mem32(sl, STM32L_FLASH_PRGKEYR, sizeof(uint32_t));
1008 /* check pecr.prglock is cleared */
1009 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1010 val = read_uint32(sl->q_buf, 0);
1013 fprintf(stderr, "pecr.prglock not clear\n");
1017 /* write a word in program memory */
1018 for (off = 0; off < len; off += sizeof(uint32_t))
1020 memcpy(sl->q_buf, (const void*)(base + off), sizeof(uint32_t));
1021 stlink_write_mem32(sl, addr + off, sizeof(uint32_t));
1023 /* wait for sr.busy to be cleared */
1026 stlink_read_mem32(sl, STM32L_FLASH_SR, sizeof(uint32_t));
1027 if ((read_uint32(sl->q_buf, 0) & (1 << 0)) == 0) break ;
1031 /* reset lock bits */
1032 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1033 val = read_uint32(sl->q_buf, 0) | (1 << 0) | (1 << 1) | (1 << 2);
1034 write_uint32(sl->q_buf, val);
1035 stlink_write_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1040 /* flash loader initialization */
1041 if (init_flash_loader(sl, &fl) == -1) {
1042 fprintf(stderr, "init_flash_loader() == -1\n");
1046 /* write each page. above WRITE_BLOCK_SIZE fails? */
1047 for (off = 0; off < len; off += WRITE_BLOCK_SIZE)
1049 /* adjust last write size */
1050 size_t size = WRITE_BLOCK_SIZE;
1051 if ((off + WRITE_BLOCK_SIZE) > len) size = len - off;
1053 /* unlock and set programming mode */
1054 unlock_flash_if(sl);
1055 set_flash_cr_pg(sl);
1057 if (run_flash_loader(sl, &fl, addr + off, base + off, size) == -1) {
1058 fprintf(stderr, "run_flash_loader(0x%zx) == -1\n", addr + off);
1066 for (off = 0; off < len; off += sl->flash_pgsz) {
1067 size_t aligned_size;
1069 /* adjust last page size */
1070 size_t cmp_size = sl->flash_pgsz;
1071 if ((off + sl->flash_pgsz) > len)
1072 cmp_size = len - off;
1074 aligned_size = cmp_size;
1075 if (aligned_size & (4 - 1))
1076 aligned_size = (cmp_size + 4) & ~(4 - 1);
1078 stlink_read_mem32(sl, addr + off, aligned_size);
1080 if (memcmp(sl->q_buf, base + off, cmp_size))
1087 int stlink_fwrite_flash(stlink_t *sl, const char* path, stm32_addr_t addr) {
1088 /* write the file in flash at addr */
1092 mapped_file_t mf = MAPPED_FILE_INITIALIZER;
1095 if (map_file(&mf, path) == -1) {
1096 fprintf(stderr, "map_file() == -1\n");
1100 /* check addr range is inside the flash */
1101 if (addr < sl->flash_base) {
1102 fprintf(stderr, "addr too low\n");
1104 } else if ((addr + mf.len) < addr) {
1105 fprintf(stderr, "addr overruns\n");
1107 } else if ((addr + mf.len) > (sl->flash_base + sl->flash_size)) {
1108 fprintf(stderr, "addr too high\n");
1110 } else if ((addr & (sl->flash_pgsz - 1)) || (mf.len & 1)) {
1112 fprintf(stderr, "unaligned addr or size\n");
1116 /* needed for specializing loader */
1119 /* erase each page. todo: mass erase faster? */
1120 for (off = 0; off < mf.len; off += sl->flash_pgsz) {
1121 /* addr must be an addr inside the page */
1122 if (stlink_erase_flash_page(sl, addr + off) == -1) {
1123 fprintf(stderr, "erase_flash_page(0x%zx) == -1\n", addr + off);
1128 /* write each page. above WRITE_BLOCK_SIZE fails? */
1130 if (sl->core_id == 0x2ba01477) /* stm32l */
1132 /* use fast word write. todo: half page. */
1135 uint32_t nwrites = sl->flash_pgsz;
1139 /* disable pecr protection */
1140 write_uint32(sl->q_buf, 0x89abcdef);
1141 stlink_write_mem32(sl, STM32L_FLASH_PEKEYR, sizeof(uint32_t));
1142 write_uint32(sl->q_buf, 0x02030405);
1143 stlink_write_mem32(sl, STM32L_FLASH_PEKEYR, sizeof(uint32_t));
1145 /* check pecr.pelock is cleared */
1146 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1147 val = read_uint32(sl->q_buf, 0);
1150 fprintf(stderr, "pecr.pelock not clear\n");
1154 /* unlock program memory */
1155 write_uint32(sl->q_buf, 0x8c9daebf);
1156 stlink_write_mem32(sl, STM32L_FLASH_PRGKEYR, sizeof(uint32_t));
1157 write_uint32(sl->q_buf, 0x13141516);
1158 stlink_write_mem32(sl, STM32L_FLASH_PRGKEYR, sizeof(uint32_t));
1160 /* check pecr.prglock is cleared */
1161 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1162 val = read_uint32(sl->q_buf, 0);
1165 fprintf(stderr, "pecr.prglock not clear\n");
1169 /* write a word in program memory */
1170 for (off = 0; off < mf.len; off += sizeof(uint32_t))
1172 memcpy(sl->q_buf, (const void*)(mf.base + off), sizeof(uint32_t));
1173 stlink_write_mem32(sl, addr + off, sizeof(uint32_t));
1175 /* wait for sr.busy to be cleared */
1178 stlink_read_mem32(sl, STM32L_FLASH_SR, sizeof(uint32_t));
1179 if ((read_uint32(sl->q_buf, 0) & (1 << 0)) == 0) break ;
1182 /* check written bytes. todo: should be on a per page basis. */
1183 stlink_read_mem32(sl, addr + off, sizeof(uint32_t));
1184 if (memcmp(sl->q_buf, mf.base + off, sizeof(uint32_t)))
1186 /* re erase the page and redo the write operation */
1190 /* fail if successive write count too low */
1191 if (nwrites < sl->flash_pgsz) {
1192 fprintf(stderr, "writes operation failure count too high, aborting\n");
1196 fprintf(stderr, "invalid write @%x(%x). retrying.\n", page, addr + off);
1200 /* assume addr aligned */
1201 if (off % sl->flash_pgsz) off &= ~(sl->flash_pgsz - 1);
1204 /* reset lock bits */
1205 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1206 val = read_uint32(sl->q_buf, 0) | (1 << 0) | (1 << 1) | (1 << 2);
1207 write_uint32(sl->q_buf, val);
1208 stlink_write_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1210 stlink_erase_flash_page(sl, page);
1215 /* increment successive writes counter */
1219 /* reset lock bits */
1220 stlink_read_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1221 val = read_uint32(sl->q_buf, 0) | (1 << 0) | (1 << 1) | (1 << 2);
1222 write_uint32(sl->q_buf, val);
1223 stlink_write_mem32(sl, STM32L_FLASH_PECR, sizeof(uint32_t));
1227 #define WRITE_BLOCK_SIZE 0x40
1228 for (off = 0; off < mf.len; off += WRITE_BLOCK_SIZE)
1230 /* adjust last write size */
1231 size_t size = WRITE_BLOCK_SIZE;
1232 if ((off + WRITE_BLOCK_SIZE) > mf.len) size = mf.len - off;
1234 /* unlock and set programming mode */
1235 unlock_flash_if(sl);
1236 set_flash_cr_pg(sl);
1238 if (init_flash_loader(sl, &fl) == -1) {
1239 fprintf(stderr, "init_flash_loader() == -1\n");
1243 if (run_flash_loader(sl, &fl, addr + off, mf.base + off, size) == -1)
1245 fprintf(stderr, "run_flash_loader(0x%zx) == -1\n", addr + off);
1254 /* check the file ha been written */
1255 if (check_file(sl, &mf, addr) == -1) {
1256 fprintf(stderr, "check_file() == -1\n");
1268 int run_flash_loader(stlink_t *sl, flash_loader_t* fl, stm32_addr_t target, const uint8_t* buf, size_t size) {
1272 if (write_buffer_to_sram(sl, fl, buf, size) == -1) {
1273 fprintf(stderr, "write_buffer_to_sram() == -1\n");
1277 if (sl->core_id == 0x2ba01477) /* stm32l */ {
1279 size_t count = size / sizeof(uint32_t);
1280 if (size % sizeof(uint32_t)) ++count;
1283 stlink_write_reg(sl, target, 0); /* target */
1284 stlink_write_reg(sl, fl->buf_addr, 1); /* source */
1285 stlink_write_reg(sl, count, 2); /* count (32 bits words) */
1286 stlink_write_reg(sl, 0, 3); /* output count */
1287 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1289 } else /* stm32vl */ {
1291 size_t count = size / sizeof(uint16_t);
1292 if (size % sizeof(uint16_t)) ++count;
1295 stlink_write_reg(sl, fl->buf_addr, 0); /* source */
1296 stlink_write_reg(sl, target, 1); /* target */
1297 stlink_write_reg(sl, count, 2); /* count (16 bits half words) */
1298 stlink_write_reg(sl, 0, 3); /* flash bank 0 (input) */
1299 stlink_write_reg(sl, fl->loader_addr, 15); /* pc register */
1306 /* wait until done (reaches breakpoint) */
1307 while (is_core_halted(sl) == 0) ;
1309 /* check written byte count */
1310 if (sl->core_id == 0x2ba01477) /* stm32l */ {
1312 size_t count = size / sizeof(uint32_t);
1313 if (size % sizeof(uint32_t)) ++count;
1315 stlink_read_reg(sl, 3, &rr);
1316 if (rr.r[3] != count) {
1317 fprintf(stderr, "write error, count == %u\n", rr.r[3]);
1321 } else /* stm32vl */ {
1323 stlink_read_reg(sl, 2, &rr);
1325 fprintf(stderr, "write error, count == %u\n", rr.r[2]);