1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2007,2008,2009 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
30 #include "embeddedice.h"
32 #define ARRAY_SIZE(x) ((int)(sizeof(x)/sizeof((x)[0])))
35 static bitfield_desc_t embeddedice_comms_ctrl_bitfield_desc
[] =
45 * From: ARM9E-S TRM, DDI 0165, table C-4 (and similar, for other cores)
55 /* width is assigned based on EICE version */
58 .name
= "debug_status",
60 /* width is assigned based on EICE version */
72 [EICE_W0_ADDR_VALUE
] = {
73 .name
= "watch_0_addr_value",
77 [EICE_W0_ADDR_MASK
] = {
78 .name
= "watch_0_addr_mask",
82 [EICE_W0_DATA_VALUE
] = {
83 .name
= "watch_0_data_value",
87 [EICE_W0_DATA_MASK
] = {
88 .name
= "watch_0_data_mask",
92 [EICE_W0_CONTROL_VALUE
] = {
93 .name
= "watch_0_control_value",
97 [EICE_W0_CONTROL_MASK
] = {
98 .name
= "watch_0_control_mask",
102 [EICE_W1_ADDR_VALUE
] = {
103 .name
= "watch_1_addr_value",
107 [EICE_W1_ADDR_MASK
] = {
108 .name
= "watch_1_addr_mask",
112 [EICE_W1_DATA_VALUE
] = {
113 .name
= "watch_1_data_value",
117 [EICE_W1_DATA_MASK
] = {
118 .name
= "watch_1_data_mask",
122 [EICE_W1_CONTROL_VALUE
] = {
123 .name
= "watch_1_control_value",
127 [EICE_W1_CONTROL_MASK
] = {
128 .name
= "watch_1_control_mask",
132 /* vector_catch isn't always present */
134 .name
= "vector_catch",
141 static int embeddedice_reg_arch_type
= -1;
143 static int embeddedice_get_reg(reg_t
*reg
);
145 reg_cache_t
* embeddedice_build_reg_cache(target_t
*target
, arm7_9_common_t
*arm7_9
)
148 reg_cache_t
*reg_cache
= malloc(sizeof(reg_cache_t
));
149 reg_t
*reg_list
= NULL
;
150 embeddedice_reg_t
*arch_info
= NULL
;
151 arm_jtag_t
*jtag_info
= &arm7_9
->jtag_info
;
152 int num_regs
= ARRAY_SIZE(eice_regs
);
154 int eice_version
= 0;
156 /* register a register arch-type for EmbeddedICE registers only once */
157 if (embeddedice_reg_arch_type
== -1)
158 embeddedice_reg_arch_type
= register_reg_arch_type(
159 embeddedice_get_reg
, embeddedice_set_reg_w_exec
);
161 /* vector_catch isn't always present */
162 if (!arm7_9
->has_vector_catch
)
165 /* the actual registers are kept in two arrays */
166 reg_list
= calloc(num_regs
, sizeof(reg_t
));
167 arch_info
= calloc(num_regs
, sizeof(embeddedice_reg_t
));
169 /* fill in values for the reg cache */
170 reg_cache
->name
= "EmbeddedICE registers";
171 reg_cache
->next
= NULL
;
172 reg_cache
->reg_list
= reg_list
;
173 reg_cache
->num_regs
= num_regs
;
175 /* set up registers */
176 for (i
= 0; i
< num_regs
; i
++)
178 reg_list
[i
].name
= eice_regs
[i
].name
;
179 reg_list
[i
].size
= eice_regs
[i
].width
;
180 reg_list
[i
].dirty
= 0;
181 reg_list
[i
].valid
= 0;
182 reg_list
[i
].bitfield_desc
= NULL
;
183 reg_list
[i
].num_bitfields
= 0;
184 reg_list
[i
].value
= calloc(1, 4);
185 reg_list
[i
].arch_info
= &arch_info
[i
];
186 reg_list
[i
].arch_type
= embeddedice_reg_arch_type
;
187 arch_info
[i
].addr
= eice_regs
[i
].addr
;
188 arch_info
[i
].jtag_info
= jtag_info
;
191 /* identify EmbeddedICE version by reading DCC control register */
192 embeddedice_read_reg(®_list
[EICE_COMMS_CTRL
]);
193 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
195 for (i
= 0; i
< num_regs
; i
++)
197 free(reg_list
[i
].value
);
205 eice_version
= buf_get_u32(reg_list
[EICE_COMMS_CTRL
].value
, 28, 4);
206 LOG_INFO("Embedded ICE version %d", eice_version
);
208 switch (eice_version
)
211 /* ARM7TDMI r3, ARM7TDMI-S r3
213 * REVISIT docs say ARM7TDMI-S r4 uses version 1 but
214 * that it has 6-bit CTRL and 5-bit STAT... doc bug?
215 * ARM7TDMI r4 docs say EICE v4.
217 reg_list
[EICE_DBG_CTRL
].size
= 3;
218 reg_list
[EICE_DBG_STAT
].size
= 5;
222 reg_list
[EICE_DBG_CTRL
].size
= 4;
223 reg_list
[EICE_DBG_STAT
].size
= 5;
224 arm7_9
->has_single_step
= 1;
227 LOG_ERROR("EmbeddedICE v%d handling might be broken",
229 reg_list
[EICE_DBG_CTRL
].size
= 6;
230 reg_list
[EICE_DBG_STAT
].size
= 5;
231 arm7_9
->has_single_step
= 1;
232 arm7_9
->has_monitor_mode
= 1;
236 reg_list
[EICE_DBG_CTRL
].size
= 6;
237 reg_list
[EICE_DBG_STAT
].size
= 5;
238 arm7_9
->has_monitor_mode
= 1;
242 reg_list
[EICE_DBG_CTRL
].size
= 6;
243 reg_list
[EICE_DBG_STAT
].size
= 5;
244 arm7_9
->has_single_step
= 1;
245 arm7_9
->has_monitor_mode
= 1;
248 /* ARM7EJ-S, ARM9E-S rev 2, ARM9EJ-S */
249 reg_list
[EICE_DBG_CTRL
].size
= 6;
250 reg_list
[EICE_DBG_STAT
].size
= 10;
251 /* DBG_STAT has MOE bits */
252 arm7_9
->has_monitor_mode
= 1;
255 LOG_ERROR("EmbeddedICE v%d handling might be broken",
257 reg_list
[EICE_DBG_CTRL
].size
= 6;
258 reg_list
[EICE_DBG_STAT
].size
= 5;
259 arm7_9
->has_monitor_mode
= 1;
263 * The Feroceon implementation has the version number
264 * in some unusual bits. Let feroceon.c validate it
265 * and do the appropriate setup itself.
267 if (strcmp(target_get_name(target
), "feroceon") == 0 ||
268 strcmp(target_get_name(target
), "dragonite") == 0)
270 LOG_ERROR("unknown EmbeddedICE version (comms ctrl: 0x%8.8" PRIx32
")", buf_get_u32(reg_list
[EICE_COMMS_CTRL
].value
, 0, 32));
276 int embeddedice_setup(target_t
*target
)
279 struct arm7_9_common_s
*arm7_9
= target_to_arm7_9(target
);
281 /* Explicitly disable monitor mode. For now we only support halting
282 * debug ... we don't know how to talk with a resident debug monitor
283 * that manages break requests. ARM's "Angel Debug Monitor" is one
284 * common example of such code.
286 if (arm7_9
->has_monitor_mode
)
288 reg_t
*dbg_ctrl
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_CTRL
];
290 embeddedice_read_reg(dbg_ctrl
);
291 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
293 buf_set_u32(dbg_ctrl
->value
, 4, 1, 0);
294 embeddedice_set_reg_w_exec(dbg_ctrl
, dbg_ctrl
->value
);
296 return jtag_execute_queue();
299 static int embeddedice_get_reg(reg_t
*reg
)
302 if ((retval
= embeddedice_read_reg(reg
)) != ERROR_OK
)
304 LOG_ERROR("BUG: error scheduling EmbeddedICE register read");
308 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
310 LOG_ERROR("register read failed");
317 int embeddedice_read_reg_w_check(reg_t
*reg
, uint8_t* check_value
, uint8_t* check_mask
)
319 embeddedice_reg_t
*ice_reg
= reg
->arch_info
;
320 uint8_t reg_addr
= ice_reg
->addr
& 0x1f;
321 scan_field_t fields
[3];
322 uint8_t field1_out
[1];
323 uint8_t field2_out
[1];
325 jtag_set_end_state(TAP_IDLE
);
326 arm_jtag_scann(ice_reg
->jtag_info
, 0x2);
328 arm_jtag_set_instr(ice_reg
->jtag_info
, ice_reg
->jtag_info
->intest_instr
, NULL
);
330 fields
[0].tap
= ice_reg
->jtag_info
->tap
;
331 fields
[0].num_bits
= 32;
332 fields
[0].out_value
= reg
->value
;
333 fields
[0].in_value
= NULL
;
334 fields
[0].check_value
= NULL
;
335 fields
[0].check_mask
= NULL
;
337 fields
[1].tap
= ice_reg
->jtag_info
->tap
;
338 fields
[1].num_bits
= 5;
339 fields
[1].out_value
= field1_out
;
340 buf_set_u32(fields
[1].out_value
, 0, 5, reg_addr
);
341 fields
[1].in_value
= NULL
;
342 fields
[1].check_value
= NULL
;
343 fields
[1].check_mask
= NULL
;
345 fields
[2].tap
= ice_reg
->jtag_info
->tap
;
346 fields
[2].num_bits
= 1;
347 fields
[2].out_value
= field2_out
;
348 buf_set_u32(fields
[2].out_value
, 0, 1, 0);
349 fields
[2].in_value
= NULL
;
350 fields
[2].check_value
= NULL
;
351 fields
[2].check_mask
= NULL
;
353 jtag_add_dr_scan(3, fields
, jtag_get_end_state());
355 fields
[0].in_value
= reg
->value
;
356 fields
[0].check_value
= check_value
;
357 fields
[0].check_mask
= check_mask
;
359 /* when reading the DCC data register, leaving the address field set to
360 * EICE_COMMS_DATA would read the register twice
361 * reading the control register is safe
363 buf_set_u32(fields
[1].out_value
, 0, 5, eice_regs
[EICE_COMMS_CTRL
].addr
);
365 jtag_add_dr_scan_check(3, fields
, jtag_get_end_state());
370 /* receive <size> words of 32 bit from the DCC
371 * we pretend the target is always going to be fast enough
372 * (relative to the JTAG clock), so we don't need to handshake
374 int embeddedice_receive(arm_jtag_t
*jtag_info
, uint32_t *data
, uint32_t size
)
376 scan_field_t fields
[3];
377 uint8_t field1_out
[1];
378 uint8_t field2_out
[1];
380 jtag_set_end_state(TAP_IDLE
);
381 arm_jtag_scann(jtag_info
, 0x2);
382 arm_jtag_set_instr(jtag_info
, jtag_info
->intest_instr
, NULL
);
384 fields
[0].tap
= jtag_info
->tap
;
385 fields
[0].num_bits
= 32;
386 fields
[0].out_value
= NULL
;
387 fields
[0].in_value
= NULL
;
389 fields
[1].tap
= jtag_info
->tap
;
390 fields
[1].num_bits
= 5;
391 fields
[1].out_value
= field1_out
;
392 buf_set_u32(fields
[1].out_value
, 0, 5, eice_regs
[EICE_COMMS_DATA
].addr
);
393 fields
[1].in_value
= NULL
;
395 fields
[2].tap
= jtag_info
->tap
;
396 fields
[2].num_bits
= 1;
397 fields
[2].out_value
= field2_out
;
398 buf_set_u32(fields
[2].out_value
, 0, 1, 0);
399 fields
[2].in_value
= NULL
;
401 jtag_add_dr_scan(3, fields
, jtag_get_end_state());
405 /* when reading the last item, set the register address to the DCC control reg,
406 * to avoid reading additional data from the DCC data reg
409 buf_set_u32(fields
[1].out_value
, 0, 5,
410 eice_regs
[EICE_COMMS_CTRL
].addr
);
412 fields
[0].in_value
= (uint8_t *)data
;
413 jtag_add_dr_scan(3, fields
, jtag_get_end_state());
414 jtag_add_callback(arm_le_to_h_u32
, (jtag_callback_data_t
)data
);
420 return jtag_execute_queue();
423 int embeddedice_read_reg(reg_t
*reg
)
425 return embeddedice_read_reg_w_check(reg
, NULL
, NULL
);
428 void embeddedice_set_reg(reg_t
*reg
, uint32_t value
)
430 embeddedice_write_reg(reg
, value
);
432 buf_set_u32(reg
->value
, 0, reg
->size
, value
);
438 int embeddedice_set_reg_w_exec(reg_t
*reg
, uint8_t *buf
)
441 embeddedice_set_reg(reg
, buf_get_u32(buf
, 0, reg
->size
));
443 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
445 LOG_ERROR("register write failed");
451 void embeddedice_write_reg(reg_t
*reg
, uint32_t value
)
453 embeddedice_reg_t
*ice_reg
= reg
->arch_info
;
455 LOG_DEBUG("%i: 0x%8.8" PRIx32
"", ice_reg
->addr
, value
);
457 jtag_set_end_state(TAP_IDLE
);
458 arm_jtag_scann(ice_reg
->jtag_info
, 0x2);
460 arm_jtag_set_instr(ice_reg
->jtag_info
, ice_reg
->jtag_info
->intest_instr
, NULL
);
462 uint8_t reg_addr
= ice_reg
->addr
& 0x1f;
463 embeddedice_write_reg_inner(ice_reg
->jtag_info
->tap
, reg_addr
, value
);
467 void embeddedice_store_reg(reg_t
*reg
)
469 embeddedice_write_reg(reg
, buf_get_u32(reg
->value
, 0, reg
->size
));
472 /* send <size> words of 32 bit to the DCC
473 * we pretend the target is always going to be fast enough
474 * (relative to the JTAG clock), so we don't need to handshake
476 int embeddedice_send(arm_jtag_t
*jtag_info
, uint32_t *data
, uint32_t size
)
478 scan_field_t fields
[3];
479 uint8_t field0_out
[4];
480 uint8_t field1_out
[1];
481 uint8_t field2_out
[1];
483 jtag_set_end_state(TAP_IDLE
);
484 arm_jtag_scann(jtag_info
, 0x2);
485 arm_jtag_set_instr(jtag_info
, jtag_info
->intest_instr
, NULL
);
487 fields
[0].tap
= jtag_info
->tap
;
488 fields
[0].num_bits
= 32;
489 fields
[0].out_value
= field0_out
;
490 fields
[0].in_value
= NULL
;
492 fields
[1].tap
= jtag_info
->tap
;
493 fields
[1].num_bits
= 5;
494 fields
[1].out_value
= field1_out
;
495 buf_set_u32(fields
[1].out_value
, 0, 5, eice_regs
[EICE_COMMS_DATA
].addr
);
496 fields
[1].in_value
= NULL
;
498 fields
[2].tap
= jtag_info
->tap
;
499 fields
[2].num_bits
= 1;
500 fields
[2].out_value
= field2_out
;
501 buf_set_u32(fields
[2].out_value
, 0, 1, 1);
503 fields
[2].in_value
= NULL
;
507 buf_set_u32(fields
[0].out_value
, 0, 32, *data
);
508 jtag_add_dr_scan(3, fields
, jtag_get_end_state());
514 /* call to jtag_execute_queue() intentionally omitted */
518 /* wait for DCC control register R/W handshake bit to become active
520 int embeddedice_handshake(arm_jtag_t
*jtag_info
, int hsbit
, uint32_t timeout
)
522 scan_field_t fields
[3];
523 uint8_t field0_in
[4];
524 uint8_t field1_out
[1];
525 uint8_t field2_out
[1];
531 if (hsbit
== EICE_COMM_CTRL_WBIT
)
533 else if (hsbit
== EICE_COMM_CTRL_RBIT
)
536 return ERROR_INVALID_ARGUMENTS
;
538 jtag_set_end_state(TAP_IDLE
);
539 arm_jtag_scann(jtag_info
, 0x2);
540 arm_jtag_set_instr(jtag_info
, jtag_info
->intest_instr
, NULL
);
542 fields
[0].tap
= jtag_info
->tap
;
543 fields
[0].num_bits
= 32;
544 fields
[0].out_value
= NULL
;
545 fields
[0].in_value
= field0_in
;
547 fields
[1].tap
= jtag_info
->tap
;
548 fields
[1].num_bits
= 5;
549 fields
[1].out_value
= field1_out
;
550 buf_set_u32(fields
[1].out_value
, 0, 5, eice_regs
[EICE_COMMS_DATA
].addr
);
551 fields
[1].in_value
= NULL
;
553 fields
[2].tap
= jtag_info
->tap
;
554 fields
[2].num_bits
= 1;
555 fields
[2].out_value
= field2_out
;
556 buf_set_u32(fields
[2].out_value
, 0, 1, 0);
557 fields
[2].in_value
= NULL
;
559 jtag_add_dr_scan(3, fields
, jtag_get_end_state());
560 gettimeofday(&lap
, NULL
);
563 jtag_add_dr_scan(3, fields
, jtag_get_end_state());
564 if ((retval
= jtag_execute_queue()) != ERROR_OK
)
567 if (buf_get_u32(field0_in
, hsbit
, 1) == hsact
)
570 gettimeofday(&now
, NULL
);
572 while ((uint32_t)((now
.tv_sec
-lap
.tv_sec
)*1000 + (now
.tv_usec
-lap
.tv_usec
)/1000) <= timeout
);
574 return ERROR_TARGET_TIMEOUT
;
577 #ifndef HAVE_JTAG_MINIDRIVER_H
578 /* this is the inner loop of the open loop DCC write of data to target */
579 void embeddedice_write_dcc(jtag_tap_t
*tap
, int reg_addr
, uint8_t *buffer
, int little
, int count
)
582 for (i
= 0; i
< count
; i
++)
584 embeddedice_write_reg_inner(tap
, reg_addr
, fast_target_buffer_get_u32(buffer
, little
));
589 /* provided by minidriver */
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)