Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
flash/nor: improved API of flash_driver.info & fixed buffer overruns
[openocd.git] / src / flash / nor / cfi.c
1 /***************************************************************************
2 * Copyright (C) 2005, 2007 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * Copyright (C) 2009 Michael Schwingen *
5 * michael@schwingen.org *
6 * Copyright (C) 2010 Øyvind Harboe <oyvind.harboe@zylin.com> *
7 * Copyright (C) 2010 by Antonio Borneo <borneo.antonio@gmail.com> *
8 * *
9 * This program is free software; you can redistribute it and/or modify *
10 * it under the terms of the GNU General Public License as published by *
11 * the Free Software Foundation; either version 2 of the License, or *
12 * (at your option) any later version. *
13 * *
14 * This program is distributed in the hope that it will be useful, *
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
17 * GNU General Public License for more details. *
18 * *
19 * You should have received a copy of the GNU General Public License *
20 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
21 ***************************************************************************/
22
23 #ifdef HAVE_CONFIG_H
24 #include "config.h"
25 #endif
26
27 #include "imp.h"
28 #include "cfi.h"
29 #include "non_cfi.h"
30 #include <target/arm.h>
31 #include <target/arm7_9_common.h>
32 #include <target/armv7m.h>
33 #include <target/mips32.h>
34 #include <helper/binarybuffer.h>
35 #include <target/algorithm.h>
36
37 /* defines internal maximum size for code fragment in cfi_intel_write_block() */
38 #define CFI_MAX_INTEL_CODESIZE 256
39
40 /* some id-types with specific handling */
41 #define AT49BV6416 0x00d6
42 #define AT49BV6416T 0x00d2
43
44 static const struct cfi_unlock_addresses cfi_unlock_addresses[] = {
45 [CFI_UNLOCK_555_2AA] = { .unlock1 = 0x555, .unlock2 = 0x2aa },
46 [CFI_UNLOCK_5555_2AAA] = { .unlock1 = 0x5555, .unlock2 = 0x2aaa },
47 };
48
49 static const int cfi_status_poll_mask_dq6_dq7 = CFI_STATUS_POLL_MASK_DQ6_DQ7;
50
51 /* CFI fixups forward declarations */
52 static void cfi_fixup_0002_erase_regions(struct flash_bank *bank, const void *param);
53 static void cfi_fixup_0002_unlock_addresses(struct flash_bank *bank, const void *param);
54 static void cfi_fixup_reversed_erase_regions(struct flash_bank *bank, const void *param);
55 static void cfi_fixup_0002_write_buffer(struct flash_bank *bank, const void *param);
56 static void cfi_fixup_0002_polling_bits(struct flash_bank *bank, const void *param);
57
58 /* fixup after reading cmdset 0002 primary query table */
59 static const struct cfi_fixup cfi_0002_fixups[] = {
60 {CFI_MFR_SST, 0x00D4, cfi_fixup_0002_unlock_addresses,
61 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
62 {CFI_MFR_SST, 0x00D5, cfi_fixup_0002_unlock_addresses,
63 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
64 {CFI_MFR_SST, 0x00D6, cfi_fixup_0002_unlock_addresses,
65 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
66 {CFI_MFR_SST, 0x00D7, cfi_fixup_0002_unlock_addresses,
67 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
68 {CFI_MFR_SST, 0x2780, cfi_fixup_0002_unlock_addresses,
69 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
70 {CFI_MFR_SST, 0x274b, cfi_fixup_0002_unlock_addresses,
71 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
72 {CFI_MFR_SST, 0x235f, cfi_fixup_0002_polling_bits, /* 39VF3201C */
73 &cfi_status_poll_mask_dq6_dq7},
74 {CFI_MFR_SST, 0x236d, cfi_fixup_0002_unlock_addresses,
75 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
76 {CFI_MFR_ATMEL, 0x00C8, cfi_fixup_reversed_erase_regions, NULL},
77 {CFI_MFR_ST, 0x22C4, cfi_fixup_reversed_erase_regions, NULL}, /* M29W160ET */
78 {CFI_MFR_FUJITSU, 0x22ea, cfi_fixup_0002_unlock_addresses,
79 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
80 {CFI_MFR_FUJITSU, 0x226b, cfi_fixup_0002_unlock_addresses,
81 &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
82 {CFI_MFR_AMIC, 0xb31a, cfi_fixup_0002_unlock_addresses,
83 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
84 {CFI_MFR_MX, 0x225b, cfi_fixup_0002_unlock_addresses,
85 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
86 {CFI_MFR_EON, 0x225b, cfi_fixup_0002_unlock_addresses,
87 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
88 {CFI_MFR_AMD, 0x225b, cfi_fixup_0002_unlock_addresses,
89 &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
90 {CFI_MFR_ANY, CFI_ID_ANY, cfi_fixup_0002_erase_regions, NULL},
91 {CFI_MFR_ST, 0x227E, cfi_fixup_0002_write_buffer, NULL},/* M29W128G */
92 {0, 0, NULL, NULL}
93 };
94
95 /* fixup after reading cmdset 0001 primary query table */
96 static const struct cfi_fixup cfi_0001_fixups[] = {
97 {0, 0, NULL, NULL}
98 };
99
100 static void cfi_fixup(struct flash_bank *bank, const struct cfi_fixup *fixups)
101 {
102 struct cfi_flash_bank *cfi_info = bank->driver_priv;
103
104 for (const struct cfi_fixup *f = fixups; f->fixup; f++) {
105 if (((f->mfr == CFI_MFR_ANY) || (f->mfr == cfi_info->manufacturer)) &&
106 ((f->id == CFI_ID_ANY) || (f->id == cfi_info->device_id)))
107 f->fixup(bank, f->param);
108 }
109 }
110
111 uint32_t cfi_flash_address(struct flash_bank *bank, int sector, uint32_t offset)
112 {
113 struct cfi_flash_bank *cfi_info = bank->driver_priv;
114
115 if (cfi_info->x16_as_x8)
116 offset *= 2;
117
118 /* while the sector list isn't built, only accesses to sector 0 work */
119 if (sector == 0)
120 return bank->base + offset * bank->bus_width;
121 else {
122 if (!bank->sectors) {
123 LOG_ERROR("BUG: sector list not yet built");
124 exit(-1);
125 }
126 return bank->base + bank->sectors[sector].offset + offset * bank->bus_width;
127 }
128 }
129
130 static int cfi_target_write_memory(struct flash_bank *bank, target_addr_t addr,
131 uint32_t count, const uint8_t *buffer)
132 {
133 struct cfi_flash_bank *cfi_info = bank->driver_priv;
134 if (cfi_info->write_mem) {
135 return cfi_info->write_mem(bank, addr, count, buffer);
136 } else {
137 return target_write_memory(bank->target, addr, bank->bus_width,
138 count, buffer);
139 }
140 }
141
142 int cfi_target_read_memory(struct flash_bank *bank, target_addr_t addr,
143 uint32_t count, uint8_t *buffer)
144 {
145 struct cfi_flash_bank *cfi_info = bank->driver_priv;
146 if (cfi_info->read_mem) {
147 return cfi_info->read_mem(bank, addr, count, buffer);
148 } else {
149 return target_read_memory(bank->target, addr, bank->bus_width,
150 count, buffer);
151 }
152 }
153
154 static void cfi_command(struct flash_bank *bank, uint8_t cmd, uint8_t *cmd_buf)
155 {
156 struct cfi_flash_bank *cfi_info = bank->driver_priv;
157
158 /* clear whole buffer, to ensure bits that exceed the bus_width
159 * are set to zero
160 */
161 for (size_t i = 0; i < CFI_MAX_BUS_WIDTH; i++)
162 cmd_buf[i] = 0;
163
164 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN) {
165 for (unsigned int i = bank->bus_width; i > 0; i--)
166 *cmd_buf++ = (i & (bank->chip_width - 1)) ? 0x0 : cmd;
167 } else {
168 for (unsigned int i = 1; i <= bank->bus_width; i++)
169 *cmd_buf++ = (i & (bank->chip_width - 1)) ? 0x0 : cmd;
170 }
171 }
172
173 int cfi_send_command(struct flash_bank *bank, uint8_t cmd, uint32_t address)
174 {
175 uint8_t command[CFI_MAX_BUS_WIDTH];
176
177 cfi_command(bank, cmd, command);
178 return cfi_target_write_memory(bank, address, 1, command);
179 }
180
181 /* read unsigned 8-bit value from the bank
182 * flash banks are expected to be made of similar chips
183 * the query result should be the same for all
184 */
185 static int cfi_query_u8(struct flash_bank *bank, int sector, uint32_t offset, uint8_t *val)
186 {
187 struct cfi_flash_bank *cfi_info = bank->driver_priv;
188 uint8_t data[CFI_MAX_BUS_WIDTH];
189
190 int retval;
191 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, sector, offset),
192 1, data);
193 if (retval != ERROR_OK)
194 return retval;
195
196 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN)
197 *val = data[0];
198 else
199 *val = data[bank->bus_width - 1];
200
201 return ERROR_OK;
202 }
203
204 /* read unsigned 8-bit value from the bank
205 * in case of a bank made of multiple chips,
206 * the individual values are ORed
207 */
208 static int cfi_get_u8(struct flash_bank *bank, int sector, uint32_t offset, uint8_t *val)
209 {
210 struct cfi_flash_bank *cfi_info = bank->driver_priv;
211 uint8_t data[CFI_MAX_BUS_WIDTH];
212
213 int retval;
214 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, sector, offset),
215 1, data);
216 if (retval != ERROR_OK)
217 return retval;
218
219 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN) {
220 for (unsigned int i = 0; i < bank->bus_width / bank->chip_width; i++)
221 data[0] |= data[i];
222
223 *val = data[0];
224 } else {
225 uint8_t value = 0;
226 for (unsigned int i = 0; i < bank->bus_width / bank->chip_width; i++)
227 value |= data[bank->bus_width - 1 - i];
228
229 *val = value;
230 }
231 return ERROR_OK;
232 }
233
234 static int cfi_query_u16(struct flash_bank *bank, int sector, uint32_t offset, uint16_t *val)
235 {
236 struct cfi_flash_bank *cfi_info = bank->driver_priv;
237 uint8_t data[CFI_MAX_BUS_WIDTH * 2];
238 int retval;
239
240 if (cfi_info->x16_as_x8) {
241 for (uint8_t i = 0; i < 2; i++) {
242 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, sector, offset + i),
243 1, &data[i * bank->bus_width]);
244 if (retval != ERROR_OK)
245 return retval;
246 }
247 } else {
248 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, sector, offset),
249 2, data);
250 if (retval != ERROR_OK)
251 return retval;
252 }
253
254 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN)
255 *val = data[0] | data[bank->bus_width] << 8;
256 else
257 *val = data[bank->bus_width - 1] | data[(2 * bank->bus_width) - 1] << 8;
258
259 return ERROR_OK;
260 }
261
262 static int cfi_query_u32(struct flash_bank *bank, int sector, uint32_t offset, uint32_t *val)
263 {
264 struct cfi_flash_bank *cfi_info = bank->driver_priv;
265 uint8_t data[CFI_MAX_BUS_WIDTH * 4];
266 int retval;
267
268 if (cfi_info->x16_as_x8) {
269 for (uint8_t i = 0; i < 4; i++) {
270 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, sector, offset + i),
271 1, &data[i * bank->bus_width]);
272 if (retval != ERROR_OK)
273 return retval;
274 }
275 } else {
276 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, sector, offset),
277 4, data);
278 if (retval != ERROR_OK)
279 return retval;
280 }
281
282 if (cfi_info->endianness == TARGET_LITTLE_ENDIAN)
283 *val = data[0] | data[bank->bus_width] << 8 |
284 data[bank->bus_width * 2] << 16 | data[bank->bus_width * 3] << 24;
285 else
286 *val = data[bank->bus_width - 1] | data[(2 * bank->bus_width) - 1] << 8 |
287 data[(3 * bank->bus_width) - 1] << 16 |
288 data[(4 * bank->bus_width) - 1] << 24;
289
290 return ERROR_OK;
291 }
292
293 int cfi_reset(struct flash_bank *bank)
294 {
295 struct cfi_flash_bank *cfi_info = bank->driver_priv;
296 int retval = ERROR_OK;
297
298 retval = cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
299 if (retval != ERROR_OK)
300 return retval;
301
302 retval = cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
303 if (retval != ERROR_OK)
304 return retval;
305
306 if (cfi_info->manufacturer == 0x20 &&
307 (cfi_info->device_id == 0x227E || cfi_info->device_id == 0x7E)) {
308 /* Numonix M29W128G is cmd 0xFF intolerant - causes internal undefined state
309 * so we send an extra 0xF0 reset to fix the bug */
310 retval = cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x00));
311 if (retval != ERROR_OK)
312 return retval;
313 }
314
315 return retval;
316 }
317
318 static void cfi_intel_clear_status_register(struct flash_bank *bank)
319 {
320 cfi_send_command(bank, 0x50, cfi_flash_address(bank, 0, 0x0));
321 }
322
323 static int cfi_intel_wait_status_busy(struct flash_bank *bank, int timeout, uint8_t *val)
324 {
325 uint8_t status;
326
327 int retval = ERROR_OK;
328
329 for (;; ) {
330 if (timeout-- < 0) {
331 LOG_ERROR("timeout while waiting for WSM to become ready");
332 return ERROR_FAIL;
333 }
334
335 retval = cfi_get_u8(bank, 0, 0x0, &status);
336 if (retval != ERROR_OK)
337 return retval;
338
339 if (status & 0x80)
340 break;
341
342 alive_sleep(1);
343 }
344
345 /* mask out bit 0 (reserved) */
346 status = status & 0xfe;
347
348 LOG_DEBUG("status: 0x%x", status);
349
350 if (status != 0x80) {
351 LOG_ERROR("status register: 0x%x", status);
352 if (status & 0x2)
353 LOG_ERROR("Block Lock-Bit Detected, Operation Abort");
354 if (status & 0x4)
355 LOG_ERROR("Program suspended");
356 if (status & 0x8)
357 LOG_ERROR("Low Programming Voltage Detected, Operation Aborted");
358 if (status & 0x10)
359 LOG_ERROR("Program Error / Error in Setting Lock-Bit");
360 if (status & 0x20)
361 LOG_ERROR("Error in Block Erasure or Clear Lock-Bits");
362 if (status & 0x40)
363 LOG_ERROR("Block Erase Suspended");
364
365 cfi_intel_clear_status_register(bank);
366
367 retval = ERROR_FAIL;
368 }
369
370 *val = status;
371 return retval;
372 }
373
374 int cfi_spansion_wait_status_busy(struct flash_bank *bank, int timeout)
375 {
376 uint8_t status, oldstatus;
377 struct cfi_flash_bank *cfi_info = bank->driver_priv;
378 int retval;
379
380 retval = cfi_get_u8(bank, 0, 0x0, &oldstatus);
381 if (retval != ERROR_OK)
382 return retval;
383
384 do {
385 retval = cfi_get_u8(bank, 0, 0x0, &status);
386
387 if (retval != ERROR_OK)
388 return retval;
389
390 if ((status ^ oldstatus) & 0x40) {
391 if (status & cfi_info->status_poll_mask & 0x20) {
392 retval = cfi_get_u8(bank, 0, 0x0, &oldstatus);
393 if (retval != ERROR_OK)
394 return retval;
395 retval = cfi_get_u8(bank, 0, 0x0, &status);
396 if (retval != ERROR_OK)
397 return retval;
398 if ((status ^ oldstatus) & 0x40) {
399 LOG_ERROR("dq5 timeout, status: 0x%x", status);
400 return ERROR_FLASH_OPERATION_FAILED;
401 } else {
402 LOG_DEBUG("status: 0x%x", status);
403 return ERROR_OK;
404 }
405 }
406 } else {/* no toggle: finished, OK */
407 LOG_DEBUG("status: 0x%x", status);
408 return ERROR_OK;
409 }
410
411 oldstatus = status;
412 alive_sleep(1);
413 } while (timeout-- > 0);
414
415 LOG_ERROR("timeout, status: 0x%x", status);
416
417 return ERROR_FLASH_BUSY;
418 }
419
420 static int cfi_read_intel_pri_ext(struct flash_bank *bank)
421 {
422 int retval;
423 struct cfi_flash_bank *cfi_info = bank->driver_priv;
424 struct cfi_intel_pri_ext *pri_ext;
425
426 free(cfi_info->pri_ext);
427
428 pri_ext = malloc(sizeof(struct cfi_intel_pri_ext));
429 if (pri_ext == NULL) {
430 LOG_ERROR("Out of memory");
431 return ERROR_FAIL;
432 }
433 cfi_info->pri_ext = pri_ext;
434
435 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &pri_ext->pri[0]);
436 if (retval != ERROR_OK)
437 return retval;
438 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &pri_ext->pri[1]);
439 if (retval != ERROR_OK)
440 return retval;
441 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &pri_ext->pri[2]);
442 if (retval != ERROR_OK)
443 return retval;
444
445 if ((pri_ext->pri[0] != 'P') || (pri_ext->pri[1] != 'R') || (pri_ext->pri[2] != 'I')) {
446 retval = cfi_reset(bank);
447 if (retval != ERROR_OK)
448 return retval;
449 LOG_ERROR("Could not read bank flash bank information");
450 return ERROR_FLASH_BANK_INVALID;
451 }
452
453 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &pri_ext->major_version);
454 if (retval != ERROR_OK)
455 return retval;
456 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &pri_ext->minor_version);
457 if (retval != ERROR_OK)
458 return retval;
459
460 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", pri_ext->pri[0], pri_ext->pri[1],
461 pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
462
463 retval = cfi_query_u32(bank, 0, cfi_info->pri_addr + 5, &pri_ext->feature_support);
464 if (retval != ERROR_OK)
465 return retval;
466 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 9, &pri_ext->suspend_cmd_support);
467 if (retval != ERROR_OK)
468 return retval;
469 retval = cfi_query_u16(bank, 0, cfi_info->pri_addr + 0xa, &pri_ext->blk_status_reg_mask);
470 if (retval != ERROR_OK)
471 return retval;
472
473 LOG_DEBUG("feature_support: 0x%" PRIx32 ", suspend_cmd_support: "
474 "0x%x, blk_status_reg_mask: 0x%x",
475 pri_ext->feature_support,
476 pri_ext->suspend_cmd_support,
477 pri_ext->blk_status_reg_mask);
478
479 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xc, &pri_ext->vcc_optimal);
480 if (retval != ERROR_OK)
481 return retval;
482 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xd, &pri_ext->vpp_optimal);
483 if (retval != ERROR_OK)
484 return retval;
485
486 LOG_DEBUG("Vcc opt: %x.%x, Vpp opt: %u.%x",
487 (pri_ext->vcc_optimal & 0xf0) >> 4, pri_ext->vcc_optimal & 0x0f,
488 (pri_ext->vpp_optimal & 0xf0) >> 4, pri_ext->vpp_optimal & 0x0f);
489
490 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xe, &pri_ext->num_protection_fields);
491 if (retval != ERROR_OK)
492 return retval;
493 if (pri_ext->num_protection_fields != 1) {
494 LOG_WARNING("expected one protection register field, but found %i",
495 pri_ext->num_protection_fields);
496 }
497
498 retval = cfi_query_u16(bank, 0, cfi_info->pri_addr + 0xf, &pri_ext->prot_reg_addr);
499 if (retval != ERROR_OK)
500 return retval;
501 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0x11, &pri_ext->fact_prot_reg_size);
502 if (retval != ERROR_OK)
503 return retval;
504 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0x12, &pri_ext->user_prot_reg_size);
505 if (retval != ERROR_OK)
506 return retval;
507
508 LOG_DEBUG("protection_fields: %i, prot_reg_addr: 0x%x, "
509 "factory pre-programmed: %i, user programmable: %i",
510 pri_ext->num_protection_fields, pri_ext->prot_reg_addr,
511 1 << pri_ext->fact_prot_reg_size, 1 << pri_ext->user_prot_reg_size);
512
513 return ERROR_OK;
514 }
515
516 static int cfi_read_spansion_pri_ext(struct flash_bank *bank)
517 {
518 int retval;
519 struct cfi_flash_bank *cfi_info = bank->driver_priv;
520 struct cfi_spansion_pri_ext *pri_ext;
521
522 free(cfi_info->pri_ext);
523
524 pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext));
525 if (pri_ext == NULL) {
526 LOG_ERROR("Out of memory");
527 return ERROR_FAIL;
528 }
529 cfi_info->pri_ext = pri_ext;
530
531 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &pri_ext->pri[0]);
532 if (retval != ERROR_OK)
533 return retval;
534 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &pri_ext->pri[1]);
535 if (retval != ERROR_OK)
536 return retval;
537 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &pri_ext->pri[2]);
538 if (retval != ERROR_OK)
539 return retval;
540
541 /* default values for implementation specific workarounds */
542 pri_ext->_unlock1 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock1;
543 pri_ext->_unlock2 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock2;
544 pri_ext->_reversed_geometry = 0;
545
546 if ((pri_ext->pri[0] != 'P') || (pri_ext->pri[1] != 'R') || (pri_ext->pri[2] != 'I')) {
547 retval = cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
548 if (retval != ERROR_OK)
549 return retval;
550 LOG_ERROR("Could not read spansion bank information");
551 return ERROR_FLASH_BANK_INVALID;
552 }
553
554 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &pri_ext->major_version);
555 if (retval != ERROR_OK)
556 return retval;
557 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &pri_ext->minor_version);
558 if (retval != ERROR_OK)
559 return retval;
560
561 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", pri_ext->pri[0], pri_ext->pri[1],
562 pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
563
564 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 5, &pri_ext->SiliconRevision);
565 if (retval != ERROR_OK)
566 return retval;
567 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 6, &pri_ext->EraseSuspend);
568 if (retval != ERROR_OK)
569 return retval;
570 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 7, &pri_ext->BlkProt);
571 if (retval != ERROR_OK)
572 return retval;
573 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 8, &pri_ext->TmpBlkUnprotect);
574 if (retval != ERROR_OK)
575 return retval;
576 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 9, &pri_ext->BlkProtUnprot);
577 if (retval != ERROR_OK)
578 return retval;
579 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 10, &pri_ext->SimultaneousOps);
580 if (retval != ERROR_OK)
581 return retval;
582 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 11, &pri_ext->BurstMode);
583 if (retval != ERROR_OK)
584 return retval;
585 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 12, &pri_ext->PageMode);
586 if (retval != ERROR_OK)
587 return retval;
588 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 13, &pri_ext->VppMin);
589 if (retval != ERROR_OK)
590 return retval;
591 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 14, &pri_ext->VppMax);
592 if (retval != ERROR_OK)
593 return retval;
594 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 15, &pri_ext->TopBottom);
595 if (retval != ERROR_OK)
596 return retval;
597
598 LOG_DEBUG("Silicon Revision: 0x%x, Erase Suspend: 0x%x, Block protect: 0x%x",
599 pri_ext->SiliconRevision, pri_ext->EraseSuspend, pri_ext->BlkProt);
600
601 LOG_DEBUG("Temporary Unprotect: 0x%x, Block Protect Scheme: 0x%x, "
602 "Simultaneous Ops: 0x%x", pri_ext->TmpBlkUnprotect,
603 pri_ext->BlkProtUnprot, pri_ext->SimultaneousOps);
604
605 LOG_DEBUG("Burst Mode: 0x%x, Page Mode: 0x%x, ", pri_ext->BurstMode, pri_ext->PageMode);
606
607
608 LOG_DEBUG("Vpp min: %u.%x, Vpp max: %u.%x",
609 (pri_ext->VppMin & 0xf0) >> 4, pri_ext->VppMin & 0x0f,
610 (pri_ext->VppMax & 0xf0) >> 4, pri_ext->VppMax & 0x0f);
611
612 LOG_DEBUG("WP# protection 0x%x", pri_ext->TopBottom);
613
614 return ERROR_OK;
615 }
616
617 static int cfi_read_atmel_pri_ext(struct flash_bank *bank)
618 {
619 int retval;
620 struct cfi_atmel_pri_ext atmel_pri_ext;
621 struct cfi_flash_bank *cfi_info = bank->driver_priv;
622 struct cfi_spansion_pri_ext *pri_ext;
623
624 free(cfi_info->pri_ext);
625
626 pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext));
627 if (pri_ext == NULL) {
628 LOG_ERROR("Out of memory");
629 return ERROR_FAIL;
630 }
631
632 /* ATMEL devices use the same CFI primary command set (0x2) as AMD/Spansion,
633 * but a different primary extended query table.
634 * We read the atmel table, and prepare a valid AMD/Spansion query table.
635 */
636
637 memset(pri_ext, 0, sizeof(struct cfi_spansion_pri_ext));
638
639 cfi_info->pri_ext = pri_ext;
640
641 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &atmel_pri_ext.pri[0]);
642 if (retval != ERROR_OK)
643 return retval;
644 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &atmel_pri_ext.pri[1]);
645 if (retval != ERROR_OK)
646 return retval;
647 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &atmel_pri_ext.pri[2]);
648 if (retval != ERROR_OK)
649 return retval;
650
651 if ((atmel_pri_ext.pri[0] != 'P') || (atmel_pri_ext.pri[1] != 'R')
652 || (atmel_pri_ext.pri[2] != 'I')) {
653 retval = cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
654 if (retval != ERROR_OK)
655 return retval;
656 LOG_ERROR("Could not read atmel bank information");
657 return ERROR_FLASH_BANK_INVALID;
658 }
659
660 pri_ext->pri[0] = atmel_pri_ext.pri[0];
661 pri_ext->pri[1] = atmel_pri_ext.pri[1];
662 pri_ext->pri[2] = atmel_pri_ext.pri[2];
663
664 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &atmel_pri_ext.major_version);
665 if (retval != ERROR_OK)
666 return retval;
667 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &atmel_pri_ext.minor_version);
668 if (retval != ERROR_OK)
669 return retval;
670
671 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", atmel_pri_ext.pri[0],
672 atmel_pri_ext.pri[1], atmel_pri_ext.pri[2],
673 atmel_pri_ext.major_version, atmel_pri_ext.minor_version);
674
675 pri_ext->major_version = atmel_pri_ext.major_version;
676 pri_ext->minor_version = atmel_pri_ext.minor_version;
677
678 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 5, &atmel_pri_ext.features);
679 if (retval != ERROR_OK)
680 return retval;
681 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 6, &atmel_pri_ext.bottom_boot);
682 if (retval != ERROR_OK)
683 return retval;
684 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 7, &atmel_pri_ext.burst_mode);
685 if (retval != ERROR_OK)
686 return retval;
687 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 8, &atmel_pri_ext.page_mode);
688 if (retval != ERROR_OK)
689 return retval;
690
691 LOG_DEBUG(
692 "features: 0x%2.2x, bottom_boot: 0x%2.2x, burst_mode: 0x%2.2x, page_mode: 0x%2.2x",
693 atmel_pri_ext.features,
694 atmel_pri_ext.bottom_boot,
695 atmel_pri_ext.burst_mode,
696 atmel_pri_ext.page_mode);
697
698 if (atmel_pri_ext.features & 0x02)
699 pri_ext->EraseSuspend = 2;
700
701 /* some chips got it backwards... */
702 if (cfi_info->device_id == AT49BV6416 ||
703 cfi_info->device_id == AT49BV6416T) {
704 if (atmel_pri_ext.bottom_boot)
705 pri_ext->TopBottom = 3;
706 else
707 pri_ext->TopBottom = 2;
708 } else {
709 if (atmel_pri_ext.bottom_boot)
710 pri_ext->TopBottom = 2;
711 else
712 pri_ext->TopBottom = 3;
713 }
714
715 pri_ext->_unlock1 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock1;
716 pri_ext->_unlock2 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock2;
717
718 return ERROR_OK;
719 }
720
721 static int cfi_read_0002_pri_ext(struct flash_bank *bank)
722 {
723 struct cfi_flash_bank *cfi_info = bank->driver_priv;
724
725 if (cfi_info->manufacturer == CFI_MFR_ATMEL)
726 return cfi_read_atmel_pri_ext(bank);
727 else
728 return cfi_read_spansion_pri_ext(bank);
729 }
730
731 static int cfi_spansion_info(struct flash_bank *bank, struct command_invocation *cmd)
732 {
733 struct cfi_flash_bank *cfi_info = bank->driver_priv;
734 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
735
736 command_print_sameline(cmd, "\nSpansion primary algorithm extend information:\n");
737
738 command_print_sameline(cmd, "pri: '%c%c%c', version: %c.%c\n",
739 pri_ext->pri[0], pri_ext->pri[1], pri_ext->pri[2],
740 pri_ext->major_version, pri_ext->minor_version);
741
742 command_print_sameline(cmd, "Silicon Rev.: 0x%x, Address Sensitive unlock: 0x%x\n",
743 (pri_ext->SiliconRevision) >> 2,
744 (pri_ext->SiliconRevision) & 0x03);
745
746 command_print_sameline(cmd, "Erase Suspend: 0x%x, Sector Protect: 0x%x\n",
747 pri_ext->EraseSuspend,
748 pri_ext->BlkProt);
749
750 command_print_sameline(cmd, "VppMin: %u.%x, VppMax: %u.%x\n",
751 (pri_ext->VppMin & 0xf0) >> 4, pri_ext->VppMin & 0x0f,
752 (pri_ext->VppMax & 0xf0) >> 4, pri_ext->VppMax & 0x0f);
753
754 return ERROR_OK;
755 }
756
757 static int cfi_intel_info(struct flash_bank *bank, struct command_invocation *cmd)
758 {
759 struct cfi_flash_bank *cfi_info = bank->driver_priv;
760 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
761
762 command_print_sameline(cmd, "\nintel primary algorithm extend information:\n");
763
764 command_print_sameline(cmd, "pri: '%c%c%c', version: %c.%c\n",
765 pri_ext->pri[0],
766 pri_ext->pri[1],
767 pri_ext->pri[2],
768 pri_ext->major_version,
769 pri_ext->minor_version);
770
771 command_print_sameline(cmd, "feature_support: 0x%" PRIx32 ", "
772 "suspend_cmd_support: 0x%x, blk_status_reg_mask: 0x%x\n",
773 pri_ext->feature_support,
774 pri_ext->suspend_cmd_support,
775 pri_ext->blk_status_reg_mask);
776
777 command_print_sameline(cmd, "Vcc opt: %x.%x, Vpp opt: %u.%x\n",
778 (pri_ext->vcc_optimal & 0xf0) >> 4, pri_ext->vcc_optimal & 0x0f,
779 (pri_ext->vpp_optimal & 0xf0) >> 4, pri_ext->vpp_optimal & 0x0f);
780
781 command_print_sameline(cmd, "protection_fields: %i, prot_reg_addr: 0x%x, "
782 "factory pre-programmed: %i, user programmable: %i\n",
783 pri_ext->num_protection_fields, pri_ext->prot_reg_addr,
784 1 << pri_ext->fact_prot_reg_size, 1 << pri_ext->user_prot_reg_size);
785
786 return ERROR_OK;
787 }
788
789 int cfi_flash_bank_cmd(struct flash_bank *bank, unsigned int argc, const char **argv)
790 {
791 struct cfi_flash_bank *cfi_info;
792 bool bus_swap = false;
793
794 if (argc < 6)
795 return ERROR_COMMAND_SYNTAX_ERROR;
796
797 /* both widths must:
798 * - not exceed max value;
799 * - not be null;
800 * - be equal to a power of 2.
801 * bus must be wide enough to hold one chip */
802 if ((bank->chip_width > CFI_MAX_CHIP_WIDTH)
803 || (bank->bus_width > CFI_MAX_BUS_WIDTH)
804 || (bank->chip_width == 0)
805 || (bank->bus_width == 0)
806 || (bank->chip_width & (bank->chip_width - 1))
807 || (bank->bus_width & (bank->bus_width - 1))
808 || (bank->chip_width > bank->bus_width)) {
809 LOG_ERROR("chip and bus width have to specified in bytes");
810 return ERROR_FLASH_BANK_INVALID;
811 }
812
813 cfi_info = calloc(1, sizeof(struct cfi_flash_bank));
814 if (cfi_info == NULL) {
815 LOG_ERROR("No memory for flash bank info");
816 return ERROR_FAIL;
817 }
818 bank->driver_priv = cfi_info;
819
820 for (unsigned i = 6; i < argc; i++) {
821 if (strcmp(argv[i], "x16_as_x8") == 0)
822 cfi_info->x16_as_x8 = true;
823 else if (strcmp(argv[i], "data_swap") == 0)
824 cfi_info->data_swap = true;
825 else if (strcmp(argv[i], "bus_swap") == 0)
826 bus_swap = true;
827 else if (strcmp(argv[i], "jedec_probe") == 0)
828 cfi_info->jedec_probe = true;
829 }
830
831 if (bus_swap)
832 cfi_info->endianness =
833 bank->target->endianness == TARGET_LITTLE_ENDIAN ?
834 TARGET_BIG_ENDIAN : TARGET_LITTLE_ENDIAN;
835 else
836 cfi_info->endianness = bank->target->endianness;
837
838 /* bank wasn't probed yet */
839 cfi_info->qry[0] = 0xff;
840
841 return ERROR_OK;
842 }
843
844 /* flash_bank cfi <base> <size> <chip_width> <bus_width> <target#> [options]
845 */
846 FLASH_BANK_COMMAND_HANDLER(cfi_flash_bank_command)
847 {
848 return cfi_flash_bank_cmd(bank, CMD_ARGC, CMD_ARGV);
849 }
850
851 static int cfi_intel_erase(struct flash_bank *bank, unsigned int first,
852 unsigned int last)
853 {
854 int retval;
855 struct cfi_flash_bank *cfi_info = bank->driver_priv;
856
857 cfi_intel_clear_status_register(bank);
858
859 for (unsigned int i = first; i <= last; i++) {
860 retval = cfi_send_command(bank, 0x20, cfi_flash_address(bank, i, 0x0));
861 if (retval != ERROR_OK)
862 return retval;
863
864 retval = cfi_send_command(bank, 0xd0, cfi_flash_address(bank, i, 0x0));
865 if (retval != ERROR_OK)
866 return retval;
867
868 uint8_t status;
869 retval = cfi_intel_wait_status_busy(bank, cfi_info->block_erase_timeout, &status);
870 if (retval != ERROR_OK)
871 return retval;
872
873 if (status == 0x80)
874 bank->sectors[i].is_erased = 1;
875 else {
876 retval = cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
877 if (retval != ERROR_OK)
878 return retval;
879
880 LOG_ERROR("couldn't erase block %u of flash bank at base "
881 TARGET_ADDR_FMT, i, bank->base);
882 return ERROR_FLASH_OPERATION_FAILED;
883 }
884 }
885
886 return cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
887 }
888
889 int cfi_spansion_unlock_seq(struct flash_bank *bank)
890 {
891 int retval;
892 struct cfi_flash_bank *cfi_info = bank->driver_priv;
893 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
894
895 retval = cfi_send_command(bank, 0xaa, cfi_flash_address(bank, 0, pri_ext->_unlock1));
896 if (retval != ERROR_OK)
897 return retval;
898
899 retval = cfi_send_command(bank, 0x55, cfi_flash_address(bank, 0, pri_ext->_unlock2));
900 if (retval != ERROR_OK)
901 return retval;
902
903 return ERROR_OK;
904 }
905
906 static int cfi_spansion_erase(struct flash_bank *bank, unsigned int first,
907 unsigned int last)
908 {
909 int retval;
910 struct cfi_flash_bank *cfi_info = bank->driver_priv;
911 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
912
913 for (unsigned int i = first; i <= last; i++) {
914 retval = cfi_spansion_unlock_seq(bank);
915 if (retval != ERROR_OK)
916 return retval;
917
918 retval = cfi_send_command(bank, 0x80, cfi_flash_address(bank, 0, pri_ext->_unlock1));
919 if (retval != ERROR_OK)
920 return retval;
921
922 retval = cfi_spansion_unlock_seq(bank);
923 if (retval != ERROR_OK)
924 return retval;
925
926 retval = cfi_send_command(bank, 0x30, cfi_flash_address(bank, i, 0x0));
927 if (retval != ERROR_OK)
928 return retval;
929
930 if (cfi_spansion_wait_status_busy(bank, cfi_info->block_erase_timeout) == ERROR_OK)
931 bank->sectors[i].is_erased = 1;
932 else {
933 retval = cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
934 if (retval != ERROR_OK)
935 return retval;
936
937 LOG_ERROR("couldn't erase block %i of flash bank at base "
938 TARGET_ADDR_FMT, i, bank->base);
939 return ERROR_FLASH_OPERATION_FAILED;
940 }
941 }
942
943 return cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
944 }
945
946 int cfi_erase(struct flash_bank *bank, unsigned int first,
947 unsigned int last)
948 {
949 struct cfi_flash_bank *cfi_info = bank->driver_priv;
950
951 if (bank->target->state != TARGET_HALTED) {
952 LOG_ERROR("Target not halted");
953 return ERROR_TARGET_NOT_HALTED;
954 }
955
956 if ((last < first) || (last >= bank->num_sectors))
957 return ERROR_FLASH_SECTOR_INVALID;
958
959 if (cfi_info->qry[0] != 'Q')
960 return ERROR_FLASH_BANK_NOT_PROBED;
961
962 switch (cfi_info->pri_id) {
963 case 1:
964 case 3:
965 return cfi_intel_erase(bank, first, last);
966 case 2:
967 return cfi_spansion_erase(bank, first, last);
968 default:
969 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
970 break;
971 }
972
973 return ERROR_OK;
974 }
975
976 static int cfi_intel_protect(struct flash_bank *bank, int set,
977 unsigned int first, unsigned int last)
978 {
979 int retval;
980 struct cfi_flash_bank *cfi_info = bank->driver_priv;
981 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
982 int retry = 0;
983
984 /* if the device supports neither legacy lock/unlock (bit 3) nor
985 * instant individual block locking (bit 5).
986 */
987 if (!(pri_ext->feature_support & 0x28)) {
988 LOG_ERROR("lock/unlock not supported on flash");
989 return ERROR_FLASH_OPERATION_FAILED;
990 }
991
992 cfi_intel_clear_status_register(bank);
993
994 for (unsigned int i = first; i <= last; i++) {
995 retval = cfi_send_command(bank, 0x60, cfi_flash_address(bank, i, 0x0));
996 if (retval != ERROR_OK)
997 return retval;
998 if (set) {
999 retval = cfi_send_command(bank, 0x01, cfi_flash_address(bank, i, 0x0));
1000 if (retval != ERROR_OK)
1001 return retval;
1002 bank->sectors[i].is_protected = 1;
1003 } else {
1004 retval = cfi_send_command(bank, 0xd0, cfi_flash_address(bank, i, 0x0));
1005 if (retval != ERROR_OK)
1006 return retval;
1007 bank->sectors[i].is_protected = 0;
1008 }
1009
1010 /* instant individual block locking doesn't require reading of the status register
1011 **/
1012 if (!(pri_ext->feature_support & 0x20)) {
1013 /* Clear lock bits operation may take up to 1.4s */
1014 uint8_t status;
1015 retval = cfi_intel_wait_status_busy(bank, 1400, &status);
1016 if (retval != ERROR_OK)
1017 return retval;
1018 } else {
1019 uint8_t block_status;
1020 /* read block lock bit, to verify status */
1021 retval = cfi_send_command(bank, 0x90, cfi_flash_address(bank, 0, 0x55));
1022 if (retval != ERROR_OK)
1023 return retval;
1024 retval = cfi_get_u8(bank, i, 0x2, &block_status);
1025 if (retval != ERROR_OK)
1026 return retval;
1027
1028 if ((block_status & 0x1) != set) {
1029 LOG_ERROR(
1030 "couldn't change block lock status (set = %i, block_status = 0x%2.2x)",
1031 set, block_status);
1032 retval = cfi_send_command(bank, 0x70, cfi_flash_address(bank, 0, 0x55));
1033 if (retval != ERROR_OK)
1034 return retval;
1035 uint8_t status;
1036 retval = cfi_intel_wait_status_busy(bank, 10, &status);
1037 if (retval != ERROR_OK)
1038 return retval;
1039
1040 if (retry > 10)
1041 return ERROR_FLASH_OPERATION_FAILED;
1042 else {
1043 i--;
1044 retry++;
1045 }
1046 }
1047 }
1048 }
1049
1050 /* if the device doesn't support individual block lock bits set/clear,
1051 * all blocks have been unlocked in parallel, so we set those that should be protected
1052 */
1053 if ((!set) && (!(pri_ext->feature_support & 0x20))) {
1054 /* FIX!!! this code path is broken!!!
1055 *
1056 * The correct approach is:
1057 *
1058 * 1. read out current protection status
1059 *
1060 * 2. override read out protection status w/unprotected.
1061 *
1062 * 3. re-protect what should be protected.
1063 *
1064 */
1065 for (unsigned int i = 0; i < bank->num_sectors; i++) {
1066 if (bank->sectors[i].is_protected == 1) {
1067 cfi_intel_clear_status_register(bank);
1068
1069 retval = cfi_send_command(bank, 0x60, cfi_flash_address(bank, i, 0x0));
1070 if (retval != ERROR_OK)
1071 return retval;
1072
1073 retval = cfi_send_command(bank, 0x01, cfi_flash_address(bank, i, 0x0));
1074 if (retval != ERROR_OK)
1075 return retval;
1076
1077 uint8_t status;
1078 retval = cfi_intel_wait_status_busy(bank, 100, &status);
1079 if (retval != ERROR_OK)
1080 return retval;
1081 }
1082 }
1083 }
1084
1085 return cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
1086 }
1087
1088 int cfi_protect(struct flash_bank *bank, int set, unsigned int first,
1089 unsigned int last)
1090 {
1091 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1092
1093 if (bank->target->state != TARGET_HALTED) {
1094 LOG_ERROR("Target not halted");
1095 return ERROR_TARGET_NOT_HALTED;
1096 }
1097
1098 if (cfi_info->qry[0] != 'Q')
1099 return ERROR_FLASH_BANK_NOT_PROBED;
1100
1101 switch (cfi_info->pri_id) {
1102 case 1:
1103 case 3:
1104 return cfi_intel_protect(bank, set, first, last);
1105 default:
1106 LOG_WARNING("protect: cfi primary command set %i unsupported", cfi_info->pri_id);
1107 return ERROR_OK;
1108 }
1109 }
1110
1111 static uint32_t cfi_command_val(struct flash_bank *bank, uint8_t cmd)
1112 {
1113 struct target *target = bank->target;
1114
1115 uint8_t buf[CFI_MAX_BUS_WIDTH];
1116 cfi_command(bank, cmd, buf);
1117 switch (bank->bus_width) {
1118 case 1:
1119 return buf[0];
1120 case 2:
1121 return target_buffer_get_u16(target, buf);
1122 case 4:
1123 return target_buffer_get_u32(target, buf);
1124 default:
1125 LOG_ERROR("Unsupported bank buswidth %u, can't do block memory writes",
1126 bank->bus_width);
1127 return 0;
1128 }
1129 }
1130
1131 static int cfi_intel_write_block(struct flash_bank *bank, const uint8_t *buffer,
1132 uint32_t address, uint32_t count)
1133 {
1134 struct target *target = bank->target;
1135 struct reg_param reg_params[7];
1136 struct arm_algorithm arm_algo;
1137 struct working_area *write_algorithm;
1138 struct working_area *source = NULL;
1139 uint32_t buffer_size = 32768;
1140 uint32_t write_command_val, busy_pattern_val, error_pattern_val;
1141
1142 /* algorithm register usage:
1143 * r0: source address (in RAM)
1144 * r1: target address (in Flash)
1145 * r2: count
1146 * r3: flash write command
1147 * r4: status byte (returned to host)
1148 * r5: busy test pattern
1149 * r6: error test pattern
1150 */
1151
1152 /* see contrib/loaders/flash/armv4_5_cfi_intel_32.s for src */
1153 static const uint32_t word_32_code[] = {
1154 0xe4904004, /* loop: ldr r4, [r0], #4 */
1155 0xe5813000, /* str r3, [r1] */
1156 0xe5814000, /* str r4, [r1] */
1157 0xe5914000, /* busy: ldr r4, [r1] */
1158 0xe0047005, /* and r7, r4, r5 */
1159 0xe1570005, /* cmp r7, r5 */
1160 0x1afffffb, /* bne busy */
1161 0xe1140006, /* tst r4, r6 */
1162 0x1a000003, /* bne done */
1163 0xe2522001, /* subs r2, r2, #1 */
1164 0x0a000001, /* beq done */
1165 0xe2811004, /* add r1, r1 #4 */
1166 0xeafffff2, /* b loop */
1167 0xeafffffe /* done: b -2 */
1168 };
1169
1170 /* see contrib/loaders/flash/armv4_5_cfi_intel_16.s for src */
1171 static const uint32_t word_16_code[] = {
1172 0xe0d040b2, /* loop: ldrh r4, [r0], #2 */
1173 0xe1c130b0, /* strh r3, [r1] */
1174 0xe1c140b0, /* strh r4, [r1] */
1175 0xe1d140b0, /* busy ldrh r4, [r1] */
1176 0xe0047005, /* and r7, r4, r5 */
1177 0xe1570005, /* cmp r7, r5 */
1178 0x1afffffb, /* bne busy */
1179 0xe1140006, /* tst r4, r6 */
1180 0x1a000003, /* bne done */
1181 0xe2522001, /* subs r2, r2, #1 */
1182 0x0a000001, /* beq done */
1183 0xe2811002, /* add r1, r1 #2 */
1184 0xeafffff2, /* b loop */
1185 0xeafffffe /* done: b -2 */
1186 };
1187
1188 /* see contrib/loaders/flash/armv4_5_cfi_intel_8.s for src */
1189 static const uint32_t word_8_code[] = {
1190 0xe4d04001, /* loop: ldrb r4, [r0], #1 */
1191 0xe5c13000, /* strb r3, [r1] */
1192 0xe5c14000, /* strb r4, [r1] */
1193 0xe5d14000, /* busy ldrb r4, [r1] */
1194 0xe0047005, /* and r7, r4, r5 */
1195 0xe1570005, /* cmp r7, r5 */
1196 0x1afffffb, /* bne busy */
1197 0xe1140006, /* tst r4, r6 */
1198 0x1a000003, /* bne done */
1199 0xe2522001, /* subs r2, r2, #1 */
1200 0x0a000001, /* beq done */
1201 0xe2811001, /* add r1, r1 #1 */
1202 0xeafffff2, /* b loop */
1203 0xeafffffe /* done: b -2 */
1204 };
1205 uint8_t target_code[4*CFI_MAX_INTEL_CODESIZE];
1206 const uint32_t *target_code_src;
1207 uint32_t target_code_size;
1208 int retval = ERROR_OK;
1209
1210 /* check we have a supported arch */
1211 if (is_arm(target_to_arm(target))) {
1212 /* All other ARM CPUs have 32 bit instructions */
1213 arm_algo.common_magic = ARM_COMMON_MAGIC;
1214 arm_algo.core_mode = ARM_MODE_SVC;
1215 arm_algo.core_state = ARM_STATE_ARM;
1216 } else {
1217 LOG_ERROR("Unknown architecture");
1218 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1219 }
1220
1221 cfi_intel_clear_status_register(bank);
1222
1223 /* If we are setting up the write_algorithm, we need target_code_src
1224 * if not we only need target_code_size. */
1225
1226 /* However, we don't want to create multiple code paths, so we
1227 * do the unnecessary evaluation of target_code_src, which the
1228 * compiler will probably nicely optimize away if not needed */
1229
1230 /* prepare algorithm code for target endian */
1231 switch (bank->bus_width) {
1232 case 1:
1233 target_code_src = word_8_code;
1234 target_code_size = sizeof(word_8_code);
1235 break;
1236 case 2:
1237 target_code_src = word_16_code;
1238 target_code_size = sizeof(word_16_code);
1239 break;
1240 case 4:
1241 target_code_src = word_32_code;
1242 target_code_size = sizeof(word_32_code);
1243 break;
1244 default:
1245 LOG_ERROR("Unsupported bank buswidth %u, can't do block memory writes",
1246 bank->bus_width);
1247 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1248 }
1249
1250 /* flash write code */
1251 if (target_code_size > sizeof(target_code)) {
1252 LOG_WARNING("Internal error - target code buffer to small. "
1253 "Increase CFI_MAX_INTEL_CODESIZE and recompile.");
1254 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1255 }
1256
1257 target_buffer_set_u32_array(target, target_code, target_code_size / 4, target_code_src);
1258
1259 /* Get memory for block write handler */
1260 retval = target_alloc_working_area(target,
1261 target_code_size,
1262 &write_algorithm);
1263 if (retval != ERROR_OK) {
1264 LOG_WARNING("No working area available, can't do block memory writes");
1265 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1266 }
1267
1268 /* write algorithm code to working area */
1269 retval = target_write_buffer(target, write_algorithm->address,
1270 target_code_size, target_code);
1271 if (retval != ERROR_OK) {
1272 LOG_ERROR("Unable to write block write code to target");
1273 goto cleanup;
1274 }
1275
1276 /* Get a workspace buffer for the data to flash starting with 32k size.
1277 * Half size until buffer would be smaller 256 Bytes then fail back */
1278 /* FIXME Why 256 bytes, why not 32 bytes (smallest flash write page */
1279 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK) {
1280 buffer_size /= 2;
1281 if (buffer_size <= 256) {
1282 LOG_WARNING(
1283 "no large enough working area available, can't do block memory writes");
1284 retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1285 goto cleanup;
1286 }
1287 }
1288
1289 /* setup algo registers */
1290 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
1291 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
1292 init_reg_param(&reg_params[2], "r2", 32, PARAM_OUT);
1293 init_reg_param(&reg_params[3], "r3", 32, PARAM_OUT);
1294 init_reg_param(&reg_params[4], "r4", 32, PARAM_IN);
1295 init_reg_param(&reg_params[5], "r5", 32, PARAM_OUT);
1296 init_reg_param(&reg_params[6], "r6", 32, PARAM_OUT);
1297
1298 /* prepare command and status register patterns */
1299 write_command_val = cfi_command_val(bank, 0x40);
1300 busy_pattern_val = cfi_command_val(bank, 0x80);
1301 error_pattern_val = cfi_command_val(bank, 0x7e);
1302
1303 LOG_DEBUG("Using target buffer at " TARGET_ADDR_FMT " and of size 0x%04" PRIx32,
1304 source->address, buffer_size);
1305
1306 /* Programming main loop */
1307 while (count > 0) {
1308 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1309 uint32_t wsm_error;
1310
1311 retval = target_write_buffer(target, source->address, thisrun_count, buffer);
1312 if (retval != ERROR_OK)
1313 goto cleanup;
1314
1315 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1316 buf_set_u32(reg_params[1].value, 0, 32, address);
1317 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1318
1319 buf_set_u32(reg_params[3].value, 0, 32, write_command_val);
1320 buf_set_u32(reg_params[5].value, 0, 32, busy_pattern_val);
1321 buf_set_u32(reg_params[6].value, 0, 32, error_pattern_val);
1322
1323 LOG_DEBUG("Write 0x%04" PRIx32 " bytes to flash at 0x%08" PRIx32,
1324 thisrun_count, address);
1325
1326 /* Execute algorithm, assume breakpoint for last instruction */
1327 retval = target_run_algorithm(target, 0, NULL, 7, reg_params,
1328 write_algorithm->address,
1329 write_algorithm->address + target_code_size -
1330 sizeof(uint32_t),
1331 10000, /* 10s should be enough for max. 32k of data */
1332 &arm_algo);
1333
1334 /* On failure try a fall back to direct word writes */
1335 if (retval != ERROR_OK) {
1336 cfi_intel_clear_status_register(bank);
1337 LOG_ERROR(
1338 "Execution of flash algorithm failed. Can't fall back. Please report.");
1339 retval = ERROR_FLASH_OPERATION_FAILED;
1340 /* retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE; */
1341 /* FIXME To allow fall back or recovery, we must save the actual status
1342 * somewhere, so that a higher level code can start recovery. */
1343 goto cleanup;
1344 }
1345
1346 /* Check return value from algo code */
1347 wsm_error = buf_get_u32(reg_params[4].value, 0, 32) & error_pattern_val;
1348 if (wsm_error) {
1349 /* read status register (outputs debug information) */
1350 uint8_t status;
1351 cfi_intel_wait_status_busy(bank, 100, &status);
1352 cfi_intel_clear_status_register(bank);
1353 retval = ERROR_FLASH_OPERATION_FAILED;
1354 goto cleanup;
1355 }
1356
1357 buffer += thisrun_count;
1358 address += thisrun_count;
1359 count -= thisrun_count;
1360
1361 keep_alive();
1362 }
1363
1364 /* free up resources */
1365 cleanup:
1366 if (source)
1367 target_free_working_area(target, source);
1368
1369 target_free_working_area(target, write_algorithm);
1370
1371 destroy_reg_param(&reg_params[0]);
1372 destroy_reg_param(&reg_params[1]);
1373 destroy_reg_param(&reg_params[2]);
1374 destroy_reg_param(&reg_params[3]);
1375 destroy_reg_param(&reg_params[4]);
1376 destroy_reg_param(&reg_params[5]);
1377 destroy_reg_param(&reg_params[6]);
1378
1379 return retval;
1380 }
1381
1382 static int cfi_spansion_write_block_mips(struct flash_bank *bank, const uint8_t *buffer,
1383 uint32_t address, uint32_t count)
1384 {
1385 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1386 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
1387 struct target *target = bank->target;
1388 struct reg_param reg_params[10];
1389 struct mips32_algorithm mips32_info;
1390 struct working_area *write_algorithm;
1391 struct working_area *source;
1392 uint32_t buffer_size = 32768;
1393 uint32_t status;
1394 int retval = ERROR_OK;
1395
1396 /* input parameters -
1397 * 4 A0 = source address
1398 * 5 A1 = destination address
1399 * 6 A2 = number of writes
1400 * 7 A3 = flash write command
1401 * 8 T0 = constant to mask DQ7 bits (also used for Dq5 with shift)
1402 * output parameters -
1403 * 9 T1 = 0x80 ok 0x00 bad
1404 * temp registers -
1405 * 10 T2 = value read from flash to test status
1406 * 11 T3 = holding register
1407 * unlock registers -
1408 * 12 T4 = unlock1_addr
1409 * 13 T5 = unlock1_cmd
1410 * 14 T6 = unlock2_addr
1411 * 15 T7 = unlock2_cmd */
1412
1413 static const uint32_t mips_word_16_code[] = {
1414 /* start: */
1415 MIPS32_LHU(0, 9, 0, 4), /* lhu $t1, ($a0) ; out = &saddr */
1416 MIPS32_ADDI(0, 4, 4, 2), /* addi $a0, $a0, 2 ; saddr += 2 */
1417 MIPS32_SH(0, 13, 0, 12), /* sh $t5, ($t4) ; *fl_unl_addr1 = fl_unl_cmd1 */
1418 MIPS32_SH(0, 15, 0, 14), /* sh $t7, ($t6) ; *fl_unl_addr2 = fl_unl_cmd2 */
1419 MIPS32_SH(0, 7, 0, 12), /* sh $a3, ($t4) ; *fl_unl_addr1 = fl_write_cmd */
1420 MIPS32_SH(0, 9, 0, 5), /* sh $t1, ($a1) ; *daddr = out */
1421 MIPS32_NOP, /* nop */
1422 /* busy: */
1423 MIPS32_LHU(0, 10, 0, 5), /* lhu $t2, ($a1) ; temp1 = *daddr */
1424 MIPS32_XOR(0, 11, 9, 10), /* xor $t3, $a0, $t2 ; temp2 = out ^ temp1; */
1425 MIPS32_AND(0, 11, 8, 11), /* and $t3, $t0, $t3 ; temp2 = temp2 & DQ7mask */
1426 MIPS32_BNE(0, 11, 8, 13), /* bne $t3, $t0, cont ; if (temp2 != DQ7mask) goto cont */
1427 MIPS32_NOP, /* nop */
1428
1429 MIPS32_SRL(0, 10, 8, 2), /* srl $t2,$t0,2 ; temp1 = DQ7mask >> 2 */
1430 MIPS32_AND(0, 11, 10, 11), /* and $t3, $t2, $t3 ; temp2 = temp2 & temp1 */
1431 MIPS32_BNE(0, 11, 10, NEG16(8)), /* bne $t3, $t2, busy ; if (temp2 != temp1) goto busy */
1432 MIPS32_NOP, /* nop */
1433
1434 MIPS32_LHU(0, 10, 0, 5), /* lhu $t2, ($a1) ; temp1 = *daddr */
1435 MIPS32_XOR(0, 11, 9, 10), /* xor $t3, $a0, $t2 ; temp2 = out ^ temp1; */
1436 MIPS32_AND(0, 11, 8, 11), /* and $t3, $t0, $t3 ; temp2 = temp2 & DQ7mask */
1437 MIPS32_BNE(0, 11, 8, 4), /* bne $t3, $t0, cont ; if (temp2 != DQ7mask) goto cont */
1438 MIPS32_NOP, /* nop */
1439
1440 MIPS32_XOR(0, 9, 9, 9), /* xor $t1, $t1, $t1 ; out = 0 */
1441 MIPS32_BEQ(0, 9, 0, 11), /* beq $t1, $zero, done ; if (out == 0) goto done */
1442 MIPS32_NOP, /* nop */
1443 /* cont: */
1444 MIPS32_ADDI(0, 6, 6, NEG16(1)), /* addi, $a2, $a2, -1 ; numwrites-- */
1445 MIPS32_BNE(0, 6, 0, 5), /* bne $a2, $zero, cont2 ; if (numwrite != 0) goto cont2 */
1446 MIPS32_NOP, /* nop */
1447
1448 MIPS32_LUI(0, 9, 0), /* lui $t1, 0 */
1449 MIPS32_ORI(0, 9, 9, 0x80), /* ori $t1, $t1, 0x80 ; out = 0x80 */
1450
1451 MIPS32_B(0, 4), /* b done ; goto done */
1452 MIPS32_NOP, /* nop */
1453 /* cont2: */
1454 MIPS32_ADDI(0, 5, 5, 2), /* addi $a0, $a0, 2 ; daddr += 2 */
1455 MIPS32_B(0, NEG16(33)), /* b start ; goto start */
1456 MIPS32_NOP, /* nop */
1457 /* done: */
1458 MIPS32_SDBBP(0), /* sdbbp ; break(); */
1459 };
1460
1461 mips32_info.common_magic = MIPS32_COMMON_MAGIC;
1462 mips32_info.isa_mode = MIPS32_ISA_MIPS32;
1463
1464 int target_code_size = 0;
1465 const uint32_t *target_code_src = NULL;
1466
1467 switch (bank->bus_width) {
1468 case 2:
1469 /* Check for DQ5 support */
1470 if (cfi_info->status_poll_mask & (1 << 5)) {
1471 target_code_src = mips_word_16_code;
1472 target_code_size = sizeof(mips_word_16_code);
1473 } else {
1474 LOG_ERROR("Need DQ5 support");
1475 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1476 /* target_code_src = mips_word_16_code_dq7only; */
1477 /* target_code_size = sizeof(mips_word_16_code_dq7only); */
1478 }
1479 break;
1480 default:
1481 LOG_ERROR("Unsupported bank buswidth %u, can't do block memory writes",
1482 bank->bus_width);
1483 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1484 }
1485
1486 /* flash write code */
1487 uint8_t *target_code;
1488
1489 /* convert bus-width dependent algorithm code to correct endianness */
1490 target_code = malloc(target_code_size);
1491 if (target_code == NULL) {
1492 LOG_ERROR("Out of memory");
1493 return ERROR_FAIL;
1494 }
1495
1496 target_buffer_set_u32_array(target, target_code, target_code_size / 4, target_code_src);
1497
1498 /* allocate working area */
1499 retval = target_alloc_working_area(target, target_code_size,
1500 &write_algorithm);
1501 if (retval != ERROR_OK) {
1502 free(target_code);
1503 return retval;
1504 }
1505
1506 /* write algorithm code to working area */
1507 retval = target_write_buffer(target, write_algorithm->address,
1508 target_code_size, target_code);
1509 if (retval != ERROR_OK) {
1510 free(target_code);
1511 return retval;
1512 }
1513
1514 free(target_code);
1515
1516 /* the following code still assumes target code is fixed 24*4 bytes */
1517
1518 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK) {
1519 buffer_size /= 2;
1520 if (buffer_size <= 256) {
1521 /* we already allocated the writing code, but failed to get a
1522 * buffer, free the algorithm */
1523 target_free_working_area(target, write_algorithm);
1524
1525 LOG_WARNING(
1526 "not enough working area available, can't do block memory writes");
1527 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1528 }
1529 }
1530
1531 init_reg_param(&reg_params[0], "r4", 32, PARAM_OUT);
1532 init_reg_param(&reg_params[1], "r5", 32, PARAM_OUT);
1533 init_reg_param(&reg_params[2], "r6", 32, PARAM_OUT);
1534 init_reg_param(&reg_params[3], "r7", 32, PARAM_OUT);
1535 init_reg_param(&reg_params[4], "r8", 32, PARAM_OUT);
1536 init_reg_param(&reg_params[5], "r9", 32, PARAM_IN);
1537 init_reg_param(&reg_params[6], "r12", 32, PARAM_OUT);
1538 init_reg_param(&reg_params[7], "r13", 32, PARAM_OUT);
1539 init_reg_param(&reg_params[8], "r14", 32, PARAM_OUT);
1540 init_reg_param(&reg_params[9], "r15", 32, PARAM_OUT);
1541
1542 while (count > 0) {
1543 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1544
1545 retval = target_write_buffer(target, source->address, thisrun_count, buffer);
1546 if (retval != ERROR_OK)
1547 break;
1548
1549 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1550 buf_set_u32(reg_params[1].value, 0, 32, address);
1551 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1552 buf_set_u32(reg_params[3].value, 0, 32, cfi_command_val(bank, 0xA0));
1553 buf_set_u32(reg_params[4].value, 0, 32, cfi_command_val(bank, 0x80));
1554 buf_set_u32(reg_params[6].value, 0, 32, cfi_flash_address(bank, 0, pri_ext->_unlock1));
1555 buf_set_u32(reg_params[7].value, 0, 32, 0xaaaaaaaa);
1556 buf_set_u32(reg_params[8].value, 0, 32, cfi_flash_address(bank, 0, pri_ext->_unlock2));
1557 buf_set_u32(reg_params[9].value, 0, 32, 0x55555555);
1558
1559 retval = target_run_algorithm(target, 0, NULL, 10, reg_params,
1560 write_algorithm->address,
1561 write_algorithm->address + ((target_code_size) - 4),
1562 10000, &mips32_info);
1563 if (retval != ERROR_OK)
1564 break;
1565
1566 status = buf_get_u32(reg_params[5].value, 0, 32);
1567 if (status != 0x80) {
1568 LOG_ERROR("flash write block failed status: 0x%" PRIx32, status);
1569 retval = ERROR_FLASH_OPERATION_FAILED;
1570 break;
1571 }
1572
1573 buffer += thisrun_count;
1574 address += thisrun_count;
1575 count -= thisrun_count;
1576 }
1577
1578 target_free_all_working_areas(target);
1579
1580 destroy_reg_param(&reg_params[0]);
1581 destroy_reg_param(&reg_params[1]);
1582 destroy_reg_param(&reg_params[2]);
1583 destroy_reg_param(&reg_params[3]);
1584 destroy_reg_param(&reg_params[4]);
1585 destroy_reg_param(&reg_params[5]);
1586 destroy_reg_param(&reg_params[6]);
1587 destroy_reg_param(&reg_params[7]);
1588 destroy_reg_param(&reg_params[8]);
1589 destroy_reg_param(&reg_params[9]);
1590
1591 return retval;
1592 }
1593
1594 static int cfi_spansion_write_block(struct flash_bank *bank, const uint8_t *buffer,
1595 uint32_t address, uint32_t count)
1596 {
1597 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1598 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
1599 struct target *target = bank->target;
1600 struct reg_param reg_params[10];
1601 void *arm_algo;
1602 struct arm_algorithm armv4_5_algo;
1603 struct armv7m_algorithm armv7m_algo;
1604 struct working_area *write_algorithm;
1605 struct working_area *source;
1606 uint32_t buffer_size = 32768;
1607 uint32_t status;
1608 int retval = ERROR_OK;
1609
1610 /* input parameters -
1611 * R0 = source address
1612 * R1 = destination address
1613 * R2 = number of writes
1614 * R3 = flash write command
1615 * R4 = constant to mask DQ7 bits (also used for Dq5 with shift)
1616 * output parameters -
1617 * R5 = 0x80 ok 0x00 bad
1618 * temp registers -
1619 * R6 = value read from flash to test status
1620 * R7 = holding register
1621 * unlock registers -
1622 * R8 = unlock1_addr
1623 * R9 = unlock1_cmd
1624 * R10 = unlock2_addr
1625 * R11 = unlock2_cmd */
1626
1627 /* see contrib/loaders/flash/armv4_5_cfi_span_32.s for src */
1628 static const uint32_t armv4_5_word_32_code[] = {
1629 /* 00008100 <sp_32_code>: */
1630 0xe4905004, /* ldr r5, [r0], #4 */
1631 0xe5889000, /* str r9, [r8] */
1632 0xe58ab000, /* str r11, [r10] */
1633 0xe5883000, /* str r3, [r8] */
1634 0xe5815000, /* str r5, [r1] */
1635 0xe1a00000, /* nop */
1636 /* 00008110 <sp_32_busy>: */
1637 0xe5916000, /* ldr r6, [r1] */
1638 0xe0257006, /* eor r7, r5, r6 */
1639 0xe0147007, /* ands r7, r4, r7 */
1640 0x0a000007, /* beq 8140 <sp_32_cont> ; b if DQ7 == Data7 */
1641 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1642 0x0afffff9, /* beq 8110 <sp_32_busy> ; b if DQ5 low */
1643 0xe5916000, /* ldr r6, [r1] */
1644 0xe0257006, /* eor r7, r5, r6 */
1645 0xe0147007, /* ands r7, r4, r7 */
1646 0x0a000001, /* beq 8140 <sp_32_cont> ; b if DQ7 == Data7 */
1647 0xe3a05000, /* mov r5, #0 ; 0x0 - return 0x00, error */
1648 0x1a000004, /* bne 8154 <sp_32_done> */
1649 /* 00008140 <sp_32_cont>: */
1650 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1651 0x03a05080, /* moveq r5, #128 ; 0x80 */
1652 0x0a000001, /* beq 8154 <sp_32_done> */
1653 0xe2811004, /* add r1, r1, #4 ; 0x4 */
1654 0xeaffffe8, /* b 8100 <sp_32_code> */
1655 /* 00008154 <sp_32_done>: */
1656 0xeafffffe /* b 8154 <sp_32_done> */
1657 };
1658
1659 /* see contrib/loaders/flash/armv4_5_cfi_span_16.s for src */
1660 static const uint32_t armv4_5_word_16_code[] = {
1661 /* 00008158 <sp_16_code>: */
1662 0xe0d050b2, /* ldrh r5, [r0], #2 */
1663 0xe1c890b0, /* strh r9, [r8] */
1664 0xe1cab0b0, /* strh r11, [r10] */
1665 0xe1c830b0, /* strh r3, [r8] */
1666 0xe1c150b0, /* strh r5, [r1] */
1667 0xe1a00000, /* nop (mov r0,r0) */
1668 /* 00008168 <sp_16_busy>: */
1669 0xe1d160b0, /* ldrh r6, [r1] */
1670 0xe0257006, /* eor r7, r5, r6 */
1671 0xe0147007, /* ands r7, r4, r7 */
1672 0x0a000007, /* beq 8198 <sp_16_cont> */
1673 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1674 0x0afffff9, /* beq 8168 <sp_16_busy> */
1675 0xe1d160b0, /* ldrh r6, [r1] */
1676 0xe0257006, /* eor r7, r5, r6 */
1677 0xe0147007, /* ands r7, r4, r7 */
1678 0x0a000001, /* beq 8198 <sp_16_cont> */
1679 0xe3a05000, /* mov r5, #0 ; 0x0 */
1680 0x1a000004, /* bne 81ac <sp_16_done> */
1681 /* 00008198 <sp_16_cont>: */
1682 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1683 0x03a05080, /* moveq r5, #128 ; 0x80 */
1684 0x0a000001, /* beq 81ac <sp_16_done> */
1685 0xe2811002, /* add r1, r1, #2 ; 0x2 */
1686 0xeaffffe8, /* b 8158 <sp_16_code> */
1687 /* 000081ac <sp_16_done>: */
1688 0xeafffffe /* b 81ac <sp_16_done> */
1689 };
1690
1691 /* see contrib/loaders/flash/armv7m_cfi_span_16.s for src */
1692 static const uint32_t armv7m_word_16_code[] = {
1693 0x5B02F830,
1694 0x9000F8A8,
1695 0xB000F8AA,
1696 0x3000F8A8,
1697 0xBF00800D,
1698 0xEA85880E,
1699 0x40270706,
1700 0xEA16D00A,
1701 0xD0F70694,
1702 0xEA85880E,
1703 0x40270706,
1704 0xF04FD002,
1705 0xD1070500,
1706 0xD0023A01,
1707 0x0102F101,
1708 0xF04FE7E0,
1709 0xE7FF0580,
1710 0x0000BE00
1711 };
1712
1713 /* see contrib/loaders/flash/armv7m_cfi_span_16_dq7.s for src */
1714 static const uint32_t armv7m_word_16_code_dq7only[] = {
1715 /* 00000000 <code>: */
1716 0x5B02F830, /* ldrh.w r5, [r0], #2 */
1717 0x9000F8A8, /* strh.w r9, [r8] */
1718 0xB000F8AA, /* strh.w fp, [sl] */
1719 0x3000F8A8, /* strh.w r3, [r8] */
1720 0xBF00800D, /* strh r5, [r1, #0] */
1721 /* nop */
1722
1723 /* 00000014 <busy>: */
1724 0xEA85880E, /* ldrh r6, [r1, #0] */
1725 /* eor.w r7, r5, r6 */
1726 0x40270706, /* ands r7, r4 */
1727 0x3A01D1FA, /* bne.n 14 <busy> */
1728 /* subs r2, #1 */
1729 0xF101D002, /* beq.n 28 <success> */
1730 0xE7EB0102, /* add.w r1, r1, #2 */
1731 /* b.n 0 <code> */
1732
1733 /* 00000028 <success>: */
1734 0x0580F04F, /* mov.w r5, #128 */
1735 0xBF00E7FF, /* b.n 30 <done> */
1736 /* nop (for alignment purposes) */
1737
1738 /* 00000030 <done>: */
1739 0x0000BE00 /* bkpt 0x0000 */
1740 };
1741
1742 /* see contrib/loaders/flash/armv4_5_cfi_span_16_dq7.s for src */
1743 static const uint32_t armv4_5_word_16_code_dq7only[] = {
1744 /* <sp_16_code>: */
1745 0xe0d050b2, /* ldrh r5, [r0], #2 */
1746 0xe1c890b0, /* strh r9, [r8] */
1747 0xe1cab0b0, /* strh r11, [r10] */
1748 0xe1c830b0, /* strh r3, [r8] */
1749 0xe1c150b0, /* strh r5, [r1] */
1750 0xe1a00000, /* nop (mov r0,r0) */
1751 /* <sp_16_busy>: */
1752 0xe1d160b0, /* ldrh r6, [r1] */
1753 0xe0257006, /* eor r7, r5, r6 */
1754 0xe2177080, /* ands r7, #0x80 */
1755 0x1afffffb, /* bne 8168 <sp_16_busy> */
1756 /* */
1757 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1758 0x03a05080, /* moveq r5, #128 ; 0x80 */
1759 0x0a000001, /* beq 81ac <sp_16_done> */
1760 0xe2811002, /* add r1, r1, #2 ; 0x2 */
1761 0xeafffff0, /* b 8158 <sp_16_code> */
1762 /* 000081ac <sp_16_done>: */
1763 0xeafffffe /* b 81ac <sp_16_done> */
1764 };
1765
1766 /* see contrib/loaders/flash/armv4_5_cfi_span_8.s for src */
1767 static const uint32_t armv4_5_word_8_code[] = {
1768 /* 000081b0 <sp_16_code_end>: */
1769 0xe4d05001, /* ldrb r5, [r0], #1 */
1770 0xe5c89000, /* strb r9, [r8] */
1771 0xe5cab000, /* strb r11, [r10] */
1772 0xe5c83000, /* strb r3, [r8] */
1773 0xe5c15000, /* strb r5, [r1] */
1774 0xe1a00000, /* nop (mov r0,r0) */
1775 /* 000081c0 <sp_8_busy>: */
1776 0xe5d16000, /* ldrb r6, [r1] */
1777 0xe0257006, /* eor r7, r5, r6 */
1778 0xe0147007, /* ands r7, r4, r7 */
1779 0x0a000007, /* beq 81f0 <sp_8_cont> */
1780 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1781 0x0afffff9, /* beq 81c0 <sp_8_busy> */
1782 0xe5d16000, /* ldrb r6, [r1] */
1783 0xe0257006, /* eor r7, r5, r6 */
1784 0xe0147007, /* ands r7, r4, r7 */
1785 0x0a000001, /* beq 81f0 <sp_8_cont> */
1786 0xe3a05000, /* mov r5, #0 ; 0x0 */
1787 0x1a000004, /* bne 8204 <sp_8_done> */
1788 /* 000081f0 <sp_8_cont>: */
1789 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1790 0x03a05080, /* moveq r5, #128 ; 0x80 */
1791 0x0a000001, /* beq 8204 <sp_8_done> */
1792 0xe2811001, /* add r1, r1, #1 ; 0x1 */
1793 0xeaffffe8, /* b 81b0 <sp_16_code_end> */
1794 /* 00008204 <sp_8_done>: */
1795 0xeafffffe /* b 8204 <sp_8_done> */
1796 };
1797
1798 if (strncmp(target_type_name(target), "mips_m4k", 8) == 0)
1799 return cfi_spansion_write_block_mips(bank, buffer, address, count);
1800
1801 if (is_armv7m(target_to_armv7m(target))) { /* armv7m target */
1802 armv7m_algo.common_magic = ARMV7M_COMMON_MAGIC;
1803 armv7m_algo.core_mode = ARM_MODE_THREAD;
1804 arm_algo = &armv7m_algo;
1805 } else if (is_arm(target_to_arm(target))) {
1806 /* All other ARM CPUs have 32 bit instructions */
1807 armv4_5_algo.common_magic = ARM_COMMON_MAGIC;
1808 armv4_5_algo.core_mode = ARM_MODE_SVC;
1809 armv4_5_algo.core_state = ARM_STATE_ARM;
1810 arm_algo = &armv4_5_algo;
1811 } else {
1812 LOG_ERROR("Unknown architecture");
1813 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1814 }
1815
1816 int target_code_size = 0;
1817 const uint32_t *target_code_src = NULL;
1818
1819 switch (bank->bus_width) {
1820 case 1:
1821 if (is_armv7m(target_to_armv7m(target))) {
1822 LOG_ERROR("Unknown ARM architecture");
1823 return ERROR_FAIL;
1824 }
1825 target_code_src = armv4_5_word_8_code;
1826 target_code_size = sizeof(armv4_5_word_8_code);
1827 break;
1828 case 2:
1829 /* Check for DQ5 support */
1830 if (cfi_info->status_poll_mask & (1 << 5)) {
1831 if (is_armv7m(target_to_armv7m(target))) {
1832 /* armv7m target */
1833 target_code_src = armv7m_word_16_code;
1834 target_code_size = sizeof(armv7m_word_16_code);
1835 } else { /* armv4_5 target */
1836 target_code_src = armv4_5_word_16_code;
1837 target_code_size = sizeof(armv4_5_word_16_code);
1838 }
1839 } else {
1840 /* No DQ5 support. Use DQ7 DATA# polling only. */
1841 if (is_armv7m(target_to_armv7m(target))) {
1842 /* armv7m target */
1843 target_code_src = armv7m_word_16_code_dq7only;
1844 target_code_size = sizeof(armv7m_word_16_code_dq7only);
1845 } else { /* armv4_5 target */
1846 target_code_src = armv4_5_word_16_code_dq7only;
1847 target_code_size = sizeof(armv4_5_word_16_code_dq7only);
1848 }
1849 }
1850 break;
1851 case 4:
1852 if (is_armv7m(target_to_armv7m(target))) {
1853 LOG_ERROR("Unknown ARM architecture");
1854 return ERROR_FAIL;
1855 }
1856 target_code_src = armv4_5_word_32_code;
1857 target_code_size = sizeof(armv4_5_word_32_code);
1858 break;
1859 default:
1860 LOG_ERROR("Unsupported bank buswidth %u, can't do block memory writes",
1861 bank->bus_width);
1862 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1863 }
1864
1865 /* flash write code */
1866 uint8_t *target_code;
1867
1868 /* convert bus-width dependent algorithm code to correct endianness */
1869 target_code = malloc(target_code_size);
1870 if (target_code == NULL) {
1871 LOG_ERROR("Out of memory");
1872 return ERROR_FAIL;
1873 }
1874
1875 target_buffer_set_u32_array(target, target_code, target_code_size / 4, target_code_src);
1876
1877 /* allocate working area */
1878 retval = target_alloc_working_area(target, target_code_size,
1879 &write_algorithm);
1880 if (retval != ERROR_OK) {
1881 free(target_code);
1882 return retval;
1883 }
1884
1885 /* write algorithm code to working area */
1886 retval = target_write_buffer(target, write_algorithm->address,
1887 target_code_size, target_code);
1888 if (retval != ERROR_OK) {
1889 free(target_code);
1890 return retval;
1891 }
1892
1893 free(target_code);
1894
1895 /* the following code still assumes target code is fixed 24*4 bytes */
1896
1897 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK) {
1898 buffer_size /= 2;
1899 if (buffer_size <= 256) {
1900 /* we already allocated the writing code, but failed to get a
1901 * buffer, free the algorithm */
1902 target_free_working_area(target, write_algorithm);
1903
1904 LOG_WARNING(
1905 "not enough working area available, can't do block memory writes");
1906 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1907 }
1908 }
1909
1910 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
1911 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
1912 init_reg_param(&reg_params[2], "r2", 32, PARAM_OUT);
1913 init_reg_param(&reg_params[3], "r3", 32, PARAM_OUT);
1914 init_reg_param(&reg_params[4], "r4", 32, PARAM_OUT);
1915 init_reg_param(&reg_params[5], "r5", 32, PARAM_IN);
1916 init_reg_param(&reg_params[6], "r8", 32, PARAM_OUT);
1917 init_reg_param(&reg_params[7], "r9", 32, PARAM_OUT);
1918 init_reg_param(&reg_params[8], "r10", 32, PARAM_OUT);
1919 init_reg_param(&reg_params[9], "r11", 32, PARAM_OUT);
1920
1921 while (count > 0) {
1922 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1923
1924 retval = target_write_buffer(target, source->address, thisrun_count, buffer);
1925 if (retval != ERROR_OK)
1926 break;
1927
1928 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1929 buf_set_u32(reg_params[1].value, 0, 32, address);
1930 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1931 buf_set_u32(reg_params[3].value, 0, 32, cfi_command_val(bank, 0xA0));
1932 buf_set_u32(reg_params[4].value, 0, 32, cfi_command_val(bank, 0x80));
1933 buf_set_u32(reg_params[6].value, 0, 32, cfi_flash_address(bank, 0, pri_ext->_unlock1));
1934 buf_set_u32(reg_params[7].value, 0, 32, 0xaaaaaaaa);
1935 buf_set_u32(reg_params[8].value, 0, 32, cfi_flash_address(bank, 0, pri_ext->_unlock2));
1936 buf_set_u32(reg_params[9].value, 0, 32, 0x55555555);
1937
1938 retval = target_run_algorithm(target, 0, NULL, 10, reg_params,
1939 write_algorithm->address,
1940 write_algorithm->address + ((target_code_size) - 4),
1941 10000, arm_algo);
1942 if (retval != ERROR_OK)
1943 break;
1944
1945 status = buf_get_u32(reg_params[5].value, 0, 32);
1946 if (status != 0x80) {
1947 LOG_ERROR("flash write block failed status: 0x%" PRIx32, status);
1948 retval = ERROR_FLASH_OPERATION_FAILED;
1949 break;
1950 }
1951
1952 buffer += thisrun_count;
1953 address += thisrun_count;
1954 count -= thisrun_count;
1955 }
1956
1957 target_free_all_working_areas(target);
1958
1959 destroy_reg_param(&reg_params[0]);
1960 destroy_reg_param(&reg_params[1]);
1961 destroy_reg_param(&reg_params[2]);
1962 destroy_reg_param(&reg_params[3]);
1963 destroy_reg_param(&reg_params[4]);
1964 destroy_reg_param(&reg_params[5]);
1965 destroy_reg_param(&reg_params[6]);
1966 destroy_reg_param(&reg_params[7]);
1967 destroy_reg_param(&reg_params[8]);
1968 destroy_reg_param(&reg_params[9]);
1969
1970 return retval;
1971 }
1972
1973 static int cfi_intel_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
1974 {
1975 int retval;
1976 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1977
1978 cfi_intel_clear_status_register(bank);
1979 retval = cfi_send_command(bank, 0x40, address);
1980 if (retval != ERROR_OK)
1981 return retval;
1982
1983 retval = cfi_target_write_memory(bank, address, 1, word);
1984 if (retval != ERROR_OK)
1985 return retval;
1986
1987 uint8_t status;
1988 retval = cfi_intel_wait_status_busy(bank, cfi_info->word_write_timeout, &status);
1989 if (retval != ERROR_OK)
1990 return retval;
1991 if (status != 0x80) {
1992 retval = cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
1993 if (retval != ERROR_OK)
1994 return retval;
1995
1996 LOG_ERROR("couldn't write word at base " TARGET_ADDR_FMT
1997 ", address 0x%" PRIx32,
1998 bank->base, address);
1999 return ERROR_FLASH_OPERATION_FAILED;
2000 }
2001
2002 return ERROR_OK;
2003 }
2004
2005 static int cfi_intel_write_words(struct flash_bank *bank, const uint8_t *word,
2006 uint32_t wordcount, uint32_t address)
2007 {
2008 int retval;
2009 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2010
2011 /* Calculate buffer size and boundary mask
2012 * buffersize is (buffer size per chip) * (number of chips)
2013 * bufferwsize is buffersize in words */
2014 uint32_t buffersize =
2015 (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
2016 uint32_t buffermask = buffersize-1;
2017 uint32_t bufferwsize = buffersize / bank->bus_width;
2018
2019 /* Check for valid range */
2020 if (address & buffermask) {
2021 LOG_ERROR("Write address at base " TARGET_ADDR_FMT ", address 0x%"
2022 PRIx32 " not aligned to 2^%d boundary",
2023 bank->base, address, cfi_info->max_buf_write_size);
2024 return ERROR_FLASH_OPERATION_FAILED;
2025 }
2026
2027 /* Check for valid size */
2028 if (wordcount > bufferwsize) {
2029 LOG_ERROR("Number of data words %" PRIu32 " exceeds available buffersize %" PRIu32,
2030 wordcount, buffersize);
2031 return ERROR_FLASH_OPERATION_FAILED;
2032 }
2033
2034 /* Write to flash buffer */
2035 cfi_intel_clear_status_register(bank);
2036
2037 /* Initiate buffer operation _*/
2038 retval = cfi_send_command(bank, 0xe8, address);
2039 if (retval != ERROR_OK)
2040 return retval;
2041 uint8_t status;
2042 retval = cfi_intel_wait_status_busy(bank, cfi_info->buf_write_timeout, &status);
2043 if (retval != ERROR_OK)
2044 return retval;
2045 if (status != 0x80) {
2046 retval = cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
2047 if (retval != ERROR_OK)
2048 return retval;
2049
2050 LOG_ERROR(
2051 "couldn't start buffer write operation at base " TARGET_ADDR_FMT
2052 ", address 0x%" PRIx32,
2053 bank->base,
2054 address);
2055 return ERROR_FLASH_OPERATION_FAILED;
2056 }
2057
2058 /* Write buffer wordcount-1 and data words */
2059 retval = cfi_send_command(bank, bufferwsize-1, address);
2060 if (retval != ERROR_OK)
2061 return retval;
2062
2063 retval = cfi_target_write_memory(bank, address, bufferwsize, word);
2064 if (retval != ERROR_OK)
2065 return retval;
2066
2067 /* Commit write operation */
2068 retval = cfi_send_command(bank, 0xd0, address);
2069 if (retval != ERROR_OK)
2070 return retval;
2071
2072 retval = cfi_intel_wait_status_busy(bank, cfi_info->buf_write_timeout, &status);
2073 if (retval != ERROR_OK)
2074 return retval;
2075
2076 if (status != 0x80) {
2077 retval = cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
2078 if (retval != ERROR_OK)
2079 return retval;
2080
2081 LOG_ERROR("Buffer write at base " TARGET_ADDR_FMT
2082 ", address 0x%" PRIx32 " failed.", bank->base, address);
2083 return ERROR_FLASH_OPERATION_FAILED;
2084 }
2085
2086 return ERROR_OK;
2087 }
2088
2089 static int cfi_spansion_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
2090 {
2091 int retval;
2092 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2093 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2094
2095 retval = cfi_spansion_unlock_seq(bank);
2096 if (retval != ERROR_OK)
2097 return retval;
2098
2099 retval = cfi_send_command(bank, 0xa0, cfi_flash_address(bank, 0, pri_ext->_unlock1));
2100 if (retval != ERROR_OK)
2101 return retval;
2102
2103 retval = cfi_target_write_memory(bank, address, 1, word);
2104 if (retval != ERROR_OK)
2105 return retval;
2106
2107 if (cfi_spansion_wait_status_busy(bank, cfi_info->word_write_timeout) != ERROR_OK) {
2108 retval = cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
2109 if (retval != ERROR_OK)
2110 return retval;
2111
2112 LOG_ERROR("couldn't write word at base " TARGET_ADDR_FMT
2113 ", address 0x%" PRIx32, bank->base, address);
2114 return ERROR_FLASH_OPERATION_FAILED;
2115 }
2116
2117 return ERROR_OK;
2118 }
2119
2120 static int cfi_spansion_write_words(struct flash_bank *bank, const uint8_t *word,
2121 uint32_t wordcount, uint32_t address)
2122 {
2123 int retval;
2124 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2125
2126 /* Calculate buffer size and boundary mask
2127 * buffersize is (buffer size per chip) * (number of chips)
2128 * bufferwsize is buffersize in words */
2129 uint32_t buffersize =
2130 (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
2131 uint32_t buffermask = buffersize-1;
2132 uint32_t bufferwsize = buffersize / bank->bus_width;
2133
2134 /* Check for valid range */
2135 if (address & buffermask) {
2136 LOG_ERROR("Write address at base " TARGET_ADDR_FMT
2137 ", address 0x%" PRIx32 " not aligned to 2^%d boundary",
2138 bank->base, address, cfi_info->max_buf_write_size);
2139 return ERROR_FLASH_OPERATION_FAILED;
2140 }
2141
2142 /* Check for valid size */
2143 if (wordcount > bufferwsize) {
2144 LOG_ERROR("Number of data words %" PRIu32 " exceeds available buffersize %"
2145 PRIu32, wordcount, buffersize);
2146 return ERROR_FLASH_OPERATION_FAILED;
2147 }
2148
2149 /* Unlock */
2150 retval = cfi_spansion_unlock_seq(bank);
2151 if (retval != ERROR_OK)
2152 return retval;
2153
2154 /* Buffer load command */
2155 retval = cfi_send_command(bank, 0x25, address);
2156 if (retval != ERROR_OK)
2157 return retval;
2158
2159 /* Write buffer wordcount-1 and data words */
2160 retval = cfi_send_command(bank, bufferwsize-1, address);
2161 if (retval != ERROR_OK)
2162 return retval;
2163
2164 retval = cfi_target_write_memory(bank, address, bufferwsize, word);
2165 if (retval != ERROR_OK)
2166 return retval;
2167
2168 /* Commit write operation */
2169 retval = cfi_send_command(bank, 0x29, address);
2170 if (retval != ERROR_OK)
2171 return retval;
2172
2173 if (cfi_spansion_wait_status_busy(bank, cfi_info->buf_write_timeout) != ERROR_OK) {
2174 retval = cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
2175 if (retval != ERROR_OK)
2176 return retval;
2177
2178 LOG_ERROR("couldn't write block at base " TARGET_ADDR_FMT
2179 ", address 0x%" PRIx32 ", size 0x%" PRIx32, bank->base, address,
2180 bufferwsize);
2181 return ERROR_FLASH_OPERATION_FAILED;
2182 }
2183
2184 return ERROR_OK;
2185 }
2186
2187 int cfi_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
2188 {
2189 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2190
2191 switch (cfi_info->pri_id) {
2192 case 1:
2193 case 3:
2194 return cfi_intel_write_word(bank, word, address);
2195 case 2:
2196 return cfi_spansion_write_word(bank, word, address);
2197 default:
2198 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2199 break;
2200 }
2201
2202 return ERROR_FLASH_OPERATION_FAILED;
2203 }
2204
2205 static int cfi_write_words(struct flash_bank *bank, const uint8_t *word,
2206 uint32_t wordcount, uint32_t address)
2207 {
2208 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2209
2210 if (cfi_info->buf_write_timeout_typ == 0) {
2211 /* buffer writes are not supported */
2212 LOG_DEBUG("Buffer Writes Not Supported");
2213 return ERROR_FLASH_OPER_UNSUPPORTED;
2214 }
2215
2216 switch (cfi_info->pri_id) {
2217 case 1:
2218 case 3:
2219 return cfi_intel_write_words(bank, word, wordcount, address);
2220 case 2:
2221 return cfi_spansion_write_words(bank, word, wordcount, address);
2222 default:
2223 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2224 break;
2225 }
2226
2227 return ERROR_FLASH_OPERATION_FAILED;
2228 }
2229
2230 static int cfi_read(struct flash_bank *bank, uint8_t *buffer, uint32_t offset, uint32_t count)
2231 {
2232 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2233 uint32_t address = bank->base + offset;
2234 uint32_t read_p;
2235 int align; /* number of unaligned bytes */
2236 uint8_t current_word[CFI_MAX_BUS_WIDTH];
2237 int retval;
2238
2239 LOG_DEBUG("reading buffer of %i byte at 0x%8.8x",
2240 (int)count, (unsigned)offset);
2241
2242 if (bank->target->state != TARGET_HALTED) {
2243 LOG_ERROR("Target not halted");
2244 return ERROR_TARGET_NOT_HALTED;
2245 }
2246
2247 if (offset + count > bank->size)
2248 return ERROR_FLASH_DST_OUT_OF_BANK;
2249
2250 if (cfi_info->qry[0] != 'Q')
2251 return ERROR_FLASH_BANK_NOT_PROBED;
2252
2253 /* start at the first byte of the first word (bus_width size) */
2254 read_p = address & ~(bank->bus_width - 1);
2255 align = address - read_p;
2256 if (align != 0) {
2257 LOG_INFO("Fixup %d unaligned read head bytes", align);
2258
2259 /* read a complete word from flash */
2260 retval = cfi_target_read_memory(bank, read_p, 1, current_word);
2261 if (retval != ERROR_OK)
2262 return retval;
2263
2264 /* take only bytes we need */
2265 for (unsigned int i = align; (i < bank->bus_width) && (count > 0); i++, count--)
2266 *buffer++ = current_word[i];
2267
2268 read_p += bank->bus_width;
2269 }
2270
2271 align = count / bank->bus_width;
2272 if (align) {
2273 retval = cfi_target_read_memory(bank, read_p, align, buffer);
2274 if (retval != ERROR_OK)
2275 return retval;
2276
2277 read_p += align * bank->bus_width;
2278 buffer += align * bank->bus_width;
2279 count -= align * bank->bus_width;
2280 }
2281
2282 if (count) {
2283 LOG_INFO("Fixup %" PRIu32 " unaligned read tail bytes", count);
2284
2285 /* read a complete word from flash */
2286 retval = cfi_target_read_memory(bank, read_p, 1, current_word);
2287 if (retval != ERROR_OK)
2288 return retval;
2289
2290 /* take only bytes we need */
2291 for (unsigned int i = 0; (i < bank->bus_width) && (count > 0); i++, count--)
2292 *buffer++ = current_word[i];
2293 }
2294
2295 return ERROR_OK;
2296 }
2297
2298 static int cfi_write(struct flash_bank *bank, const uint8_t *buffer, uint32_t offset, uint32_t count)
2299 {
2300 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2301 uint32_t address = bank->base + offset; /* address of first byte to be programmed */
2302 uint32_t write_p;
2303 int align; /* number of unaligned bytes */
2304 int blk_count; /* number of bus_width bytes for block copy */
2305 uint8_t current_word[CFI_MAX_BUS_WIDTH * 4]; /* word (bus_width size) currently being
2306 *programmed */
2307 uint8_t *swapped_buffer = NULL;
2308 const uint8_t *real_buffer = NULL;
2309 int retval;
2310
2311 if (bank->target->state != TARGET_HALTED) {
2312 LOG_ERROR("Target not halted");
2313 return ERROR_TARGET_NOT_HALTED;
2314 }
2315
2316 if (offset + count > bank->size)
2317 return ERROR_FLASH_DST_OUT_OF_BANK;
2318
2319 if (cfi_info->qry[0] != 'Q')
2320 return ERROR_FLASH_BANK_NOT_PROBED;
2321
2322 /* start at the first byte of the first word (bus_width size) */
2323 write_p = address & ~(bank->bus_width - 1);
2324 align = address - write_p;
2325 if (align != 0) {
2326 LOG_INFO("Fixup %d unaligned head bytes", align);
2327
2328 /* read a complete word from flash */
2329 retval = cfi_target_read_memory(bank, write_p, 1, current_word);
2330 if (retval != ERROR_OK)
2331 return retval;
2332
2333 /* replace only bytes that must be written */
2334 for (unsigned int i = align; (i < bank->bus_width) && (count > 0); i++, count--)
2335 if (cfi_info->data_swap)
2336 /* data bytes are swapped (reverse endianness) */
2337 current_word[bank->bus_width - i] = *buffer++;
2338 else
2339 current_word[i] = *buffer++;
2340
2341 retval = cfi_write_word(bank, current_word, write_p);
2342 if (retval != ERROR_OK)
2343 return retval;
2344 write_p += bank->bus_width;
2345 }
2346
2347 if (cfi_info->data_swap && count) {
2348 swapped_buffer = malloc(count & ~(bank->bus_width - 1));
2349 switch (bank->bus_width) {
2350 case 2:
2351 buf_bswap16(swapped_buffer, buffer,
2352 count & ~(bank->bus_width - 1));
2353 break;
2354 case 4:
2355 buf_bswap32(swapped_buffer, buffer,
2356 count & ~(bank->bus_width - 1));
2357 break;
2358 }
2359 real_buffer = buffer;
2360 buffer = swapped_buffer;
2361 }
2362
2363 /* handle blocks of bus_size aligned bytes */
2364 blk_count = count & ~(bank->bus_width - 1); /* round down, leave tail bytes */
2365 switch (cfi_info->pri_id) {
2366 /* try block writes (fails without working area) */
2367 case 1:
2368 case 3:
2369 retval = cfi_intel_write_block(bank, buffer, write_p, blk_count);
2370 break;
2371 case 2:
2372 retval = cfi_spansion_write_block(bank, buffer, write_p, blk_count);
2373 break;
2374 default:
2375 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2376 retval = ERROR_FLASH_OPERATION_FAILED;
2377 break;
2378 }
2379 if (retval == ERROR_OK) {
2380 /* Increment pointers and decrease count on successful block write */
2381 buffer += blk_count;
2382 write_p += blk_count;
2383 count -= blk_count;
2384 } else {
2385 if (retval == ERROR_TARGET_RESOURCE_NOT_AVAILABLE) {
2386 /* Calculate buffer size and boundary mask
2387 * buffersize is (buffer size per chip) * (number of chips)
2388 * bufferwsize is buffersize in words */
2389 uint32_t buffersize =
2390 (1UL <<
2391 cfi_info->max_buf_write_size) *
2392 (bank->bus_width / bank->chip_width);
2393 uint32_t buffermask = buffersize-1;
2394 uint32_t bufferwsize = buffersize / bank->bus_width;
2395
2396 /* fall back to memory writes */
2397 while (count >= (uint32_t)bank->bus_width) {
2398 bool fallback;
2399 if ((write_p & 0xff) == 0) {
2400 LOG_INFO("Programming at 0x%08" PRIx32 ", count 0x%08"
2401 PRIx32 " bytes remaining", write_p, count);
2402 }
2403 fallback = true;
2404 if ((bufferwsize > 0) && (count >= buffersize) &&
2405 !(write_p & buffermask)) {
2406 retval = cfi_write_words(bank, buffer, bufferwsize, write_p);
2407 if (retval == ERROR_OK) {
2408 buffer += buffersize;
2409 write_p += buffersize;
2410 count -= buffersize;
2411 fallback = false;
2412 } else if (retval != ERROR_FLASH_OPER_UNSUPPORTED)
2413 return retval;
2414 }
2415 /* try the slow way? */
2416 if (fallback) {
2417 for (unsigned int i = 0; i < bank->bus_width; i++)
2418 current_word[i] = *buffer++;
2419
2420 retval = cfi_write_word(bank, current_word, write_p);
2421 if (retval != ERROR_OK)
2422 return retval;
2423
2424 write_p += bank->bus_width;
2425 count -= bank->bus_width;
2426 }
2427 }
2428 } else
2429 return retval;
2430 }
2431
2432 if (swapped_buffer) {
2433 buffer = real_buffer + (buffer - swapped_buffer);
2434 free(swapped_buffer);
2435 }
2436
2437 /* return to read array mode, so we can read from flash again for padding */
2438 retval = cfi_reset(bank);
2439 if (retval != ERROR_OK)
2440 return retval;
2441
2442 /* handle unaligned tail bytes */
2443 if (count > 0) {
2444 LOG_INFO("Fixup %" PRIu32 " unaligned tail bytes", count);
2445
2446 /* read a complete word from flash */
2447 retval = cfi_target_read_memory(bank, write_p, 1, current_word);
2448 if (retval != ERROR_OK)
2449 return retval;
2450
2451 /* replace only bytes that must be written */
2452 for (unsigned int i = 0; (i < bank->bus_width) && (count > 0); i++, count--)
2453 if (cfi_info->data_swap)
2454 /* data bytes are swapped (reverse endianness) */
2455 current_word[bank->bus_width - i] = *buffer++;
2456 else
2457 current_word[i] = *buffer++;
2458
2459 retval = cfi_write_word(bank, current_word, write_p);
2460 if (retval != ERROR_OK)
2461 return retval;
2462 }
2463
2464 /* return to read array mode */
2465 return cfi_reset(bank);
2466 }
2467
2468 static void cfi_fixup_reversed_erase_regions(struct flash_bank *bank, const void *param)
2469 {
2470 (void) param;
2471 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2472 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2473
2474 pri_ext->_reversed_geometry = 1;
2475 }
2476
2477 static void cfi_fixup_0002_erase_regions(struct flash_bank *bank, const void *param)
2478 {
2479 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2480 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2481 (void) param;
2482
2483 if ((pri_ext->_reversed_geometry) || (pri_ext->TopBottom == 3)) {
2484 LOG_DEBUG("swapping reversed erase region information on cmdset 0002 device");
2485
2486 for (unsigned int i = 0; i < cfi_info->num_erase_regions / 2; i++) {
2487 int j = (cfi_info->num_erase_regions - 1) - i;
2488 uint32_t swap;
2489
2490 swap = cfi_info->erase_region_info[i];
2491 cfi_info->erase_region_info[i] = cfi_info->erase_region_info[j];
2492 cfi_info->erase_region_info[j] = swap;
2493 }
2494 }
2495 }
2496
2497 static void cfi_fixup_0002_unlock_addresses(struct flash_bank *bank, const void *param)
2498 {
2499 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2500 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2501 const struct cfi_unlock_addresses *unlock_addresses = param;
2502
2503 pri_ext->_unlock1 = unlock_addresses->unlock1;
2504 pri_ext->_unlock2 = unlock_addresses->unlock2;
2505 }
2506
2507 static void cfi_fixup_0002_polling_bits(struct flash_bank *bank, const void *param)
2508 {
2509 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2510 const int *status_poll_mask = param;
2511
2512 cfi_info->status_poll_mask = *status_poll_mask;
2513 }
2514
2515
2516 static int cfi_query_string(struct flash_bank *bank, int address)
2517 {
2518 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2519 int retval;
2520
2521 retval = cfi_send_command(bank, 0x98, cfi_flash_address(bank, 0, address));
2522 if (retval != ERROR_OK)
2523 return retval;
2524
2525 retval = cfi_query_u8(bank, 0, 0x10, &cfi_info->qry[0]);
2526 if (retval != ERROR_OK)
2527 return retval;
2528 retval = cfi_query_u8(bank, 0, 0x11, &cfi_info->qry[1]);
2529 if (retval != ERROR_OK)
2530 return retval;
2531 retval = cfi_query_u8(bank, 0, 0x12, &cfi_info->qry[2]);
2532 if (retval != ERROR_OK)
2533 return retval;
2534
2535 LOG_DEBUG("CFI qry returned: 0x%2.2x 0x%2.2x 0x%2.2x",
2536 cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2]);
2537
2538 if ((cfi_info->qry[0] != 'Q') || (cfi_info->qry[1] != 'R') || (cfi_info->qry[2] != 'Y')) {
2539 retval = cfi_reset(bank);
2540 if (retval != ERROR_OK)
2541 return retval;
2542 LOG_ERROR("Could not probe bank: no QRY");
2543 return ERROR_FLASH_BANK_INVALID;
2544 }
2545
2546 return ERROR_OK;
2547 }
2548
2549 int cfi_probe(struct flash_bank *bank)
2550 {
2551 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2552 struct target *target = bank->target;
2553 unsigned int num_sectors = 0;
2554 int sector = 0;
2555 uint32_t unlock1 = 0x555;
2556 uint32_t unlock2 = 0x2aa;
2557 int retval;
2558 uint8_t value_buf0[CFI_MAX_BUS_WIDTH], value_buf1[CFI_MAX_BUS_WIDTH];
2559
2560 if (bank->target->state != TARGET_HALTED) {
2561 LOG_ERROR("Target not halted");
2562 return ERROR_TARGET_NOT_HALTED;
2563 }
2564
2565 cfi_info->probed = false;
2566 cfi_info->num_erase_regions = 0;
2567
2568 free(bank->sectors);
2569 bank->sectors = NULL;
2570
2571 free(cfi_info->erase_region_info);
2572 cfi_info->erase_region_info = NULL;
2573
2574 /* JEDEC standard JESD21C uses 0x5555 and 0x2aaa as unlock addresses,
2575 * while CFI compatible AMD/Spansion flashes use 0x555 and 0x2aa
2576 */
2577 if (cfi_info->jedec_probe) {
2578 unlock1 = 0x5555;
2579 unlock2 = 0x2aaa;
2580 }
2581
2582 /* switch to read identifier codes mode ("AUTOSELECT") */
2583 retval = cfi_send_command(bank, 0xaa, cfi_flash_address(bank, 0, unlock1));
2584 if (retval != ERROR_OK)
2585 return retval;
2586 retval = cfi_send_command(bank, 0x55, cfi_flash_address(bank, 0, unlock2));
2587 if (retval != ERROR_OK)
2588 return retval;
2589 retval = cfi_send_command(bank, 0x90, cfi_flash_address(bank, 0, unlock1));
2590 if (retval != ERROR_OK)
2591 return retval;
2592
2593 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, 0, 0x00),
2594 1, value_buf0);
2595 if (retval != ERROR_OK)
2596 return retval;
2597 retval = cfi_target_read_memory(bank, cfi_flash_address(bank, 0, 0x01),
2598 1, value_buf1);
2599 if (retval != ERROR_OK)
2600 return retval;
2601 switch (bank->chip_width) {
2602 case 1:
2603 cfi_info->manufacturer = *value_buf0;
2604 cfi_info->device_id = *value_buf1;
2605 break;
2606 case 2:
2607 cfi_info->manufacturer = target_buffer_get_u16(target, value_buf0);
2608 cfi_info->device_id = target_buffer_get_u16(target, value_buf1);
2609 break;
2610 case 4:
2611 cfi_info->manufacturer = target_buffer_get_u32(target, value_buf0);
2612 cfi_info->device_id = target_buffer_get_u32(target, value_buf1);
2613 break;
2614 default:
2615 LOG_ERROR("Unsupported bank chipwidth %u, can't probe memory",
2616 bank->chip_width);
2617 return ERROR_FLASH_OPERATION_FAILED;
2618 }
2619
2620 LOG_INFO("Flash Manufacturer/Device: 0x%04x 0x%04x",
2621 cfi_info->manufacturer, cfi_info->device_id);
2622 /* switch back to read array mode */
2623 retval = cfi_reset(bank);
2624 if (retval != ERROR_OK)
2625 return retval;
2626
2627 /* check device/manufacturer ID for known non-CFI flashes. */
2628 cfi_fixup_non_cfi(bank);
2629
2630 /* query only if this is a CFI compatible flash,
2631 * otherwise the relevant info has already been filled in
2632 */
2633 if (!cfi_info->not_cfi) {
2634 /* enter CFI query mode
2635 * according to JEDEC Standard No. 68.01,
2636 * a single bus sequence with address = 0x55, data = 0x98 should put
2637 * the device into CFI query mode.
2638 *
2639 * SST flashes clearly violate this, and we will consider them incompatible for now
2640 */
2641
2642 retval = cfi_query_string(bank, 0x55);
2643 if (retval != ERROR_OK) {
2644 /*
2645 * Spansion S29WS-N CFI query fix is to try 0x555 if 0x55 fails. Should
2646 * be harmless enough:
2647 *
2648 * http://www.infradead.org/pipermail/linux-mtd/2005-September/013618.html
2649 */
2650 LOG_USER("Try workaround w/0x555 instead of 0x55 to get QRY.");
2651 retval = cfi_query_string(bank, 0x555);
2652 }
2653 if (retval != ERROR_OK)
2654 return retval;
2655
2656 retval = cfi_query_u16(bank, 0, 0x13, &cfi_info->pri_id);
2657 if (retval != ERROR_OK)
2658 return retval;
2659 retval = cfi_query_u16(bank, 0, 0x15, &cfi_info->pri_addr);
2660 if (retval != ERROR_OK)
2661 return retval;
2662 retval = cfi_query_u16(bank, 0, 0x17, &cfi_info->alt_id);
2663 if (retval != ERROR_OK)
2664 return retval;
2665 retval = cfi_query_u16(bank, 0, 0x19, &cfi_info->alt_addr);
2666 if (retval != ERROR_OK)
2667 return retval;
2668
2669 LOG_DEBUG("qry: '%c%c%c', pri_id: 0x%4.4x, pri_addr: 0x%4.4x, alt_id: "
2670 "0x%4.4x, alt_addr: 0x%4.4x", cfi_info->qry[0], cfi_info->qry[1],
2671 cfi_info->qry[2], cfi_info->pri_id, cfi_info->pri_addr,
2672 cfi_info->alt_id, cfi_info->alt_addr);
2673
2674 retval = cfi_query_u8(bank, 0, 0x1b, &cfi_info->vcc_min);
2675 if (retval != ERROR_OK)
2676 return retval;
2677 retval = cfi_query_u8(bank, 0, 0x1c, &cfi_info->vcc_max);
2678 if (retval != ERROR_OK)
2679 return retval;
2680 retval = cfi_query_u8(bank, 0, 0x1d, &cfi_info->vpp_min);
2681 if (retval != ERROR_OK)
2682 return retval;
2683 retval = cfi_query_u8(bank, 0, 0x1e, &cfi_info->vpp_max);
2684 if (retval != ERROR_OK)
2685 return retval;
2686
2687 retval = cfi_query_u8(bank, 0, 0x1f, &cfi_info->word_write_timeout_typ);
2688 if (retval != ERROR_OK)
2689 return retval;
2690 retval = cfi_query_u8(bank, 0, 0x20, &cfi_info->buf_write_timeout_typ);
2691 if (retval != ERROR_OK)
2692 return retval;
2693 retval = cfi_query_u8(bank, 0, 0x21, &cfi_info->block_erase_timeout_typ);
2694 if (retval != ERROR_OK)
2695 return retval;
2696 retval = cfi_query_u8(bank, 0, 0x22, &cfi_info->chip_erase_timeout_typ);
2697 if (retval != ERROR_OK)
2698 return retval;
2699 retval = cfi_query_u8(bank, 0, 0x23, &cfi_info->word_write_timeout_max);
2700 if (retval != ERROR_OK)
2701 return retval;
2702 retval = cfi_query_u8(bank, 0, 0x24, &cfi_info->buf_write_timeout_max);
2703 if (retval != ERROR_OK)
2704 return retval;
2705 retval = cfi_query_u8(bank, 0, 0x25, &cfi_info->block_erase_timeout_max);
2706 if (retval != ERROR_OK)
2707 return retval;
2708 retval = cfi_query_u8(bank, 0, 0x26, &cfi_info->chip_erase_timeout_max);
2709 if (retval != ERROR_OK)
2710 return retval;
2711
2712 uint8_t data;
2713 retval = cfi_query_u8(bank, 0, 0x27, &data);
2714 if (retval != ERROR_OK)
2715 return retval;
2716 cfi_info->dev_size = 1 << data;
2717
2718 retval = cfi_query_u16(bank, 0, 0x28, &cfi_info->interface_desc);
2719 if (retval != ERROR_OK)
2720 return retval;
2721 retval = cfi_query_u16(bank, 0, 0x2a, &cfi_info->max_buf_write_size);
2722 if (retval != ERROR_OK)
2723 return retval;
2724 retval = cfi_query_u8(bank, 0, 0x2c, &cfi_info->num_erase_regions);
2725 if (retval != ERROR_OK)
2726 return retval;
2727
2728 LOG_DEBUG("size: 0x%" PRIx32 ", interface desc: %i, max buffer write size: 0x%x",
2729 cfi_info->dev_size, cfi_info->interface_desc,
2730 (1 << cfi_info->max_buf_write_size));
2731
2732 if (cfi_info->num_erase_regions) {
2733 cfi_info->erase_region_info = malloc(sizeof(*cfi_info->erase_region_info)
2734 * cfi_info->num_erase_regions);
2735 for (unsigned int i = 0; i < cfi_info->num_erase_regions; i++) {
2736 retval = cfi_query_u32(bank,
2737 0,
2738 0x2d + (4 * i),
2739 &cfi_info->erase_region_info[i]);
2740 if (retval != ERROR_OK)
2741 return retval;
2742 LOG_DEBUG(
2743 "erase region[%i]: %" PRIu32 " blocks of size 0x%" PRIx32 "",
2744 i,
2745 (cfi_info->erase_region_info[i] & 0xffff) + 1,
2746 (cfi_info->erase_region_info[i] >> 16) * 256);
2747 }
2748 } else
2749 cfi_info->erase_region_info = NULL;
2750
2751 /* We need to read the primary algorithm extended query table before calculating
2752 * the sector layout to be able to apply fixups
2753 */
2754 switch (cfi_info->pri_id) {
2755 /* Intel command set (standard and extended) */
2756 case 0x0001:
2757 case 0x0003:
2758 cfi_read_intel_pri_ext(bank);
2759 break;
2760 /* AMD/Spansion, Atmel, ... command set */
2761 case 0x0002:
2762 cfi_info->status_poll_mask = CFI_STATUS_POLL_MASK_DQ5_DQ6_DQ7; /*
2763 *default
2764 *for
2765 *all
2766 *CFI
2767 *flashes
2768 **/
2769 cfi_read_0002_pri_ext(bank);
2770 break;
2771 default:
2772 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2773 break;
2774 }
2775
2776 /* return to read array mode
2777 * we use both reset commands, as some Intel flashes fail to recognize the 0xF0 command
2778 */
2779 retval = cfi_reset(bank);
2780 if (retval != ERROR_OK)
2781 return retval;
2782 } /* end CFI case */
2783
2784 LOG_DEBUG("Vcc min: %x.%x, Vcc max: %x.%x, Vpp min: %u.%x, Vpp max: %u.%x",
2785 (cfi_info->vcc_min & 0xf0) >> 4, cfi_info->vcc_min & 0x0f,
2786 (cfi_info->vcc_max & 0xf0) >> 4, cfi_info->vcc_max & 0x0f,
2787 (cfi_info->vpp_min & 0xf0) >> 4, cfi_info->vpp_min & 0x0f,
2788 (cfi_info->vpp_max & 0xf0) >> 4, cfi_info->vpp_max & 0x0f);
2789
2790 LOG_DEBUG("typ. word write timeout: %u us, typ. buf write timeout: %u us, "
2791 "typ. block erase timeout: %u ms, typ. chip erase timeout: %u ms",
2792 1 << cfi_info->word_write_timeout_typ, 1 << cfi_info->buf_write_timeout_typ,
2793 1 << cfi_info->block_erase_timeout_typ, 1 << cfi_info->chip_erase_timeout_typ);
2794
2795 LOG_DEBUG("max. word write timeout: %u us, max. buf write timeout: %u us, "
2796 "max. block erase timeout: %u ms, max. chip erase timeout: %u ms",
2797 (1 << cfi_info->word_write_timeout_max) * (1 << cfi_info->word_write_timeout_typ),
2798 (1 << cfi_info->buf_write_timeout_max) * (1 << cfi_info->buf_write_timeout_typ),
2799 (1 << cfi_info->block_erase_timeout_max) * (1 << cfi_info->block_erase_timeout_typ),
2800 (1 << cfi_info->chip_erase_timeout_max) * (1 << cfi_info->chip_erase_timeout_typ));
2801
2802 /* convert timeouts to real values in ms */
2803 cfi_info->word_write_timeout = DIV_ROUND_UP((1L << cfi_info->word_write_timeout_typ) *
2804 (1L << cfi_info->word_write_timeout_max), 1000);
2805 cfi_info->buf_write_timeout = DIV_ROUND_UP((1L << cfi_info->buf_write_timeout_typ) *
2806 (1L << cfi_info->buf_write_timeout_max), 1000);
2807 cfi_info->block_erase_timeout = (1L << cfi_info->block_erase_timeout_typ) *
2808 (1L << cfi_info->block_erase_timeout_max);
2809 cfi_info->chip_erase_timeout = (1L << cfi_info->chip_erase_timeout_typ) *
2810 (1L << cfi_info->chip_erase_timeout_max);
2811
2812 LOG_DEBUG("calculated word write timeout: %u ms, buf write timeout: %u ms, "
2813 "block erase timeout: %u ms, chip erase timeout: %u ms",
2814 cfi_info->word_write_timeout, cfi_info->buf_write_timeout,
2815 cfi_info->block_erase_timeout, cfi_info->chip_erase_timeout);
2816
2817 /* apply fixups depending on the primary command set */
2818 switch (cfi_info->pri_id) {
2819 /* Intel command set (standard and extended) */
2820 case 0x0001:
2821 case 0x0003:
2822 cfi_fixup(bank, cfi_0001_fixups);
2823 break;
2824 /* AMD/Spansion, Atmel, ... command set */
2825 case 0x0002:
2826 cfi_fixup(bank, cfi_0002_fixups);
2827 break;
2828 default:
2829 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2830 break;
2831 }
2832
2833 if ((cfi_info->dev_size * bank->bus_width / bank->chip_width) != bank->size) {
2834 LOG_WARNING("configuration specifies 0x%" PRIx32 " size, but a 0x%" PRIx32
2835 " size flash was found", bank->size, cfi_info->dev_size);
2836 }
2837
2838 if (cfi_info->num_erase_regions == 0) {
2839 /* a device might have only one erase block, spanning the whole device */
2840 bank->num_sectors = 1;
2841 bank->sectors = malloc(sizeof(struct flash_sector));
2842
2843 bank->sectors[sector].offset = 0x0;
2844 bank->sectors[sector].size = bank->size;
2845 bank->sectors[sector].is_erased = -1;
2846 bank->sectors[sector].is_protected = -1;
2847 } else {
2848 uint32_t offset = 0;
2849
2850 for (unsigned int i = 0; i < cfi_info->num_erase_regions; i++)
2851 num_sectors += (cfi_info->erase_region_info[i] & 0xffff) + 1;
2852
2853 bank->num_sectors = num_sectors;
2854 bank->sectors = malloc(sizeof(struct flash_sector) * num_sectors);
2855
2856 for (unsigned int i = 0; i < cfi_info->num_erase_regions; i++) {
2857 for (uint32_t j = 0; j < (cfi_info->erase_region_info[i] & 0xffff) + 1; j++) {
2858 bank->sectors[sector].offset = offset;
2859 bank->sectors[sector].size =
2860 ((cfi_info->erase_region_info[i] >> 16) * 256)
2861 * bank->bus_width / bank->chip_width;
2862 offset += bank->sectors[sector].size;
2863 bank->sectors[sector].is_erased = -1;
2864 bank->sectors[sector].is_protected = -1;
2865 sector++;
2866 }
2867 }
2868 if (offset != (cfi_info->dev_size * bank->bus_width / bank->chip_width)) {
2869 LOG_WARNING(
2870 "CFI size is 0x%" PRIx32 ", but total sector size is 0x%" PRIx32 "",
2871 (cfi_info->dev_size * bank->bus_width / bank->chip_width),
2872 offset);
2873 }
2874 }
2875
2876 cfi_info->probed = true;
2877
2878 return ERROR_OK;
2879 }
2880
2881 int cfi_auto_probe(struct flash_bank *bank)
2882 {
2883 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2884 if (cfi_info->probed)
2885 return ERROR_OK;
2886 return cfi_probe(bank);
2887 }
2888
2889 static int cfi_intel_protect_check(struct flash_bank *bank)
2890 {
2891 int retval;
2892 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2893 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
2894
2895 /* check if block lock bits are supported on this device */
2896 if (!(pri_ext->blk_status_reg_mask & 0x1))
2897 return ERROR_FLASH_OPERATION_FAILED;
2898
2899 retval = cfi_send_command(bank, 0x90, cfi_flash_address(bank, 0, 0x55));
2900 if (retval != ERROR_OK)
2901 return retval;
2902
2903 for (unsigned int i = 0; i < bank->num_sectors; i++) {
2904 uint8_t block_status;
2905 retval = cfi_get_u8(bank, i, 0x2, &block_status);
2906 if (retval != ERROR_OK)
2907 return retval;
2908
2909 if (block_status & 1)
2910 bank->sectors[i].is_protected = 1;
2911 else
2912 bank->sectors[i].is_protected = 0;
2913 }
2914
2915 return cfi_send_command(bank, 0xff, cfi_flash_address(bank, 0, 0x0));
2916 }
2917
2918 static int cfi_spansion_protect_check(struct flash_bank *bank)
2919 {
2920 int retval;
2921 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2922 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2923
2924 retval = cfi_spansion_unlock_seq(bank);
2925 if (retval != ERROR_OK)
2926 return retval;
2927
2928 retval = cfi_send_command(bank, 0x90, cfi_flash_address(bank, 0, pri_ext->_unlock1));
2929 if (retval != ERROR_OK)
2930 return retval;
2931
2932 for (unsigned int i = 0; i < bank->num_sectors; i++) {
2933 uint8_t block_status;
2934 retval = cfi_get_u8(bank, i, 0x2, &block_status);
2935 if (retval != ERROR_OK)
2936 return retval;
2937
2938 if (block_status & 1)
2939 bank->sectors[i].is_protected = 1;
2940 else
2941 bank->sectors[i].is_protected = 0;
2942 }
2943
2944 return cfi_send_command(bank, 0xf0, cfi_flash_address(bank, 0, 0x0));
2945 }
2946
2947 int cfi_protect_check(struct flash_bank *bank)
2948 {
2949 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2950
2951 if (bank->target->state != TARGET_HALTED) {
2952 LOG_ERROR("Target not halted");
2953 return ERROR_TARGET_NOT_HALTED;
2954 }
2955
2956 if (cfi_info->qry[0] != 'Q')
2957 return ERROR_FLASH_BANK_NOT_PROBED;
2958
2959 switch (cfi_info->pri_id) {
2960 case 1:
2961 case 3:
2962 return cfi_intel_protect_check(bank);
2963 case 2:
2964 return cfi_spansion_protect_check(bank);
2965 default:
2966 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2967 break;
2968 }
2969
2970 return ERROR_OK;
2971 }
2972
2973 int cfi_get_info(struct flash_bank *bank, struct command_invocation *cmd)
2974 {
2975 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2976
2977 if (cfi_info->qry[0] == 0xff) {
2978 command_print_sameline(cmd, "\ncfi flash bank not probed yet\n");
2979 return ERROR_OK;
2980 }
2981
2982 if (!cfi_info->not_cfi)
2983 command_print_sameline(cmd, "\nCFI flash: ");
2984 else
2985 command_print_sameline(cmd, "\nnon-CFI flash: ");
2986
2987 command_print_sameline(cmd, "mfr: 0x%4.4x, id:0x%4.4x\n",
2988 cfi_info->manufacturer, cfi_info->device_id);
2989
2990 command_print_sameline(cmd, "qry: '%c%c%c', pri_id: 0x%4.4x, pri_addr: "
2991 "0x%4.4x, alt_id: 0x%4.4x, alt_addr: 0x%4.4x\n",
2992 cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2],
2993 cfi_info->pri_id, cfi_info->pri_addr, cfi_info->alt_id, cfi_info->alt_addr);
2994
2995 command_print_sameline(cmd, "Vcc min: %x.%x, Vcc max: %x.%x, "
2996 "Vpp min: %u.%x, Vpp max: %u.%x\n",
2997 (cfi_info->vcc_min & 0xf0) >> 4, cfi_info->vcc_min & 0x0f,
2998 (cfi_info->vcc_max & 0xf0) >> 4, cfi_info->vcc_max & 0x0f,
2999 (cfi_info->vpp_min & 0xf0) >> 4, cfi_info->vpp_min & 0x0f,
3000 (cfi_info->vpp_max & 0xf0) >> 4, cfi_info->vpp_max & 0x0f);
3001
3002 command_print_sameline(cmd, "typ. word write timeout: %u us, "
3003 "typ. buf write timeout: %u us, "
3004 "typ. block erase timeout: %u ms, "
3005 "typ. chip erase timeout: %u ms\n",
3006 1 << cfi_info->word_write_timeout_typ,
3007 1 << cfi_info->buf_write_timeout_typ,
3008 1 << cfi_info->block_erase_timeout_typ,
3009 1 << cfi_info->chip_erase_timeout_typ);
3010
3011 command_print_sameline(cmd, "max. word write timeout: %u us, "
3012 "max. buf write timeout: %u us, max. "
3013 "block erase timeout: %u ms, max. chip erase timeout: %u ms\n",
3014 (1 <<
3015 cfi_info->word_write_timeout_max) * (1 << cfi_info->word_write_timeout_typ),
3016 (1 <<
3017 cfi_info->buf_write_timeout_max) * (1 << cfi_info->buf_write_timeout_typ),
3018 (1 <<
3019 cfi_info->block_erase_timeout_max) *
3020 (1 << cfi_info->block_erase_timeout_typ),
3021 (1 <<
3022 cfi_info->chip_erase_timeout_max) *
3023 (1 << cfi_info->chip_erase_timeout_typ));
3024
3025 command_print_sameline(cmd, "size: 0x%" PRIx32 ", interface desc: %i, "
3026 "max buffer write size: 0x%x\n",
3027 cfi_info->dev_size,
3028 cfi_info->interface_desc,
3029 1 << cfi_info->max_buf_write_size);
3030
3031 switch (cfi_info->pri_id) {
3032 case 1:
3033 case 3:
3034 cfi_intel_info(bank, cmd);
3035 break;
3036 case 2:
3037 cfi_spansion_info(bank, cmd);
3038 break;
3039 default:
3040 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
3041 break;
3042 }
3043
3044 return ERROR_OK;
3045 }
3046
3047 static void cfi_fixup_0002_write_buffer(struct flash_bank *bank, const void *param)
3048 {
3049 struct cfi_flash_bank *cfi_info = bank->driver_priv;
3050
3051 /* disable write buffer for M29W128G */
3052 cfi_info->buf_write_timeout_typ = 0;
3053 }
3054
3055 const struct flash_driver cfi_flash = {
3056 .name = "cfi",
3057 .flash_bank_command = cfi_flash_bank_command,
3058 .erase = cfi_erase,
3059 .protect = cfi_protect,
3060 .write = cfi_write,
3061 .read = cfi_read,
3062 .probe = cfi_probe,
3063 .auto_probe = cfi_auto_probe,
3064 /* FIXME: access flash at bus_width size */
3065 .erase_check = default_flash_blank_check,
3066 .protect_check = cfi_protect_check,
3067 .info = cfi_get_info,
3068 .free_driver_priv = default_flash_free_driver_priv,
3069 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)