1 /***************************************************************************
2 * Copyright (C) 2005, 2007 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * Copyright (C) 2009 Michael Schwingen *
5 * michael@schwingen.org *
6 * Copyright (C) 2010 Øyvind Harboe <oyvind.harboe@zylin.com> *
7 * Copyright (C) 2010 by Antonio Borneo <borneo.antonio@gmail.com> *
9 * This program is free software; you can redistribute it and/or modify *
10 * it under the terms of the GNU General Public License as published by *
11 * the Free Software Foundation; either version 2 of the License, or *
12 * (at your option) any later version. *
14 * This program is distributed in the hope that it will be useful, *
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
17 * GNU General Public License for more details. *
19 * You should have received a copy of the GNU General Public License *
20 * along with this program; if not, write to the *
21 * Free Software Foundation, Inc., *
22 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
23 ***************************************************************************/
31 #include <target/arm.h>
32 #include <target/arm7_9_common.h>
33 #include <target/armv7m.h>
34 #include <target/mips32.h>
35 #include <helper/binarybuffer.h>
36 #include <target/algorithm.h>
39 #define CFI_MAX_BUS_WIDTH 4
40 #define CFI_MAX_CHIP_WIDTH 4
42 /* defines internal maximum size for code fragment in cfi_intel_write_block() */
43 #define CFI_MAX_INTEL_CODESIZE 256
45 /* some id-types with specific handling */
46 #define AT49BV6416 0x00d6
47 #define AT49BV6416T 0x00d2
49 static struct cfi_unlock_addresses cfi_unlock_addresses[] =
51 [CFI_UNLOCK_555_2AA] = { .unlock1 = 0x555, .unlock2 = 0x2aa },
52 [CFI_UNLOCK_5555_2AAA] = { .unlock1 = 0x5555, .unlock2 = 0x2aaa },
55 /* CFI fixups foward declarations */
56 static void cfi_fixup_0002_erase_regions(struct flash_bank *bank, void *param);
57 static void cfi_fixup_0002_unlock_addresses(struct flash_bank *bank, void *param);
58 static void cfi_fixup_reversed_erase_regions(struct flash_bank *bank, void *param);
59 static void cfi_fixup_0002_write_buffer(struct flash_bank *bank, void *param);
61 /* fixup after reading cmdset 0002 primary query table */
62 static const struct cfi_fixup cfi_0002_fixups[] = {
63 {CFI_MFR_SST, 0x00D4, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
64 {CFI_MFR_SST, 0x00D5, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
65 {CFI_MFR_SST, 0x00D6, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
66 {CFI_MFR_SST, 0x00D7, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
67 {CFI_MFR_SST, 0x2780, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
68 {CFI_MFR_SST, 0x236d, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
69 {CFI_MFR_ATMEL, 0x00C8, cfi_fixup_reversed_erase_regions, NULL},
70 {CFI_MFR_ST, 0x22C4, cfi_fixup_reversed_erase_regions, NULL}, /* M29W160ET */
71 {CFI_MFR_FUJITSU, 0x22ea, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
72 {CFI_MFR_FUJITSU, 0x226b, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_5555_2AAA]},
73 {CFI_MFR_AMIC, 0xb31a, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
74 {CFI_MFR_MX, 0x225b, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
75 {CFI_MFR_EON, 0x225b, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
76 {CFI_MFR_AMD, 0x225b, cfi_fixup_0002_unlock_addresses, &cfi_unlock_addresses[CFI_UNLOCK_555_2AA]},
77 {CFI_MFR_ANY, CFI_ID_ANY, cfi_fixup_0002_erase_regions, NULL},
78 {CFI_MFR_ST, 0x227E, cfi_fixup_0002_write_buffer, NULL}, /* M29W128G */
82 /* fixup after reading cmdset 0001 primary query table */
83 static const struct cfi_fixup cfi_0001_fixups[] = {
87 static void cfi_fixup(struct flash_bank *bank, const struct cfi_fixup *fixups)
89 struct cfi_flash_bank *cfi_info = bank->driver_priv;
90 const struct cfi_fixup *f;
92 for (f = fixups; f->fixup; f++)
94 if (((f->mfr == CFI_MFR_ANY) || (f->mfr == cfi_info->manufacturer)) &&
95 ((f->id == CFI_ID_ANY) || (f->id == cfi_info->device_id)))
97 f->fixup(bank, f->param);
102 /* inline uint32_t flash_address(struct flash_bank *bank, int sector, uint32_t offset) */
103 static __inline__ uint32_t flash_address(struct flash_bank *bank, int sector, uint32_t offset)
105 struct cfi_flash_bank *cfi_info = bank->driver_priv;
107 if (cfi_info->x16_as_x8) offset *= 2;
109 /* while the sector list isn't built, only accesses to sector 0 work */
111 return bank->base + offset * bank->bus_width;
116 LOG_ERROR("BUG: sector list not yet built");
119 return bank->base + bank->sectors[sector].offset + offset * bank->bus_width;
123 static void cfi_command(struct flash_bank *bank, uint8_t cmd, uint8_t *cmd_buf)
127 /* clear whole buffer, to ensure bits that exceed the bus_width
130 for (i = 0; i < CFI_MAX_BUS_WIDTH; i++)
133 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
135 for (i = bank->bus_width; i > 0; i--)
137 *cmd_buf++ = (i & (bank->chip_width - 1)) ? 0x0 : cmd;
142 for (i = 1; i <= bank->bus_width; i++)
144 *cmd_buf++ = (i & (bank->chip_width - 1)) ? 0x0 : cmd;
149 static int cfi_send_command(struct flash_bank *bank, uint8_t cmd, uint32_t address)
151 uint8_t command[CFI_MAX_BUS_WIDTH];
153 cfi_command(bank, cmd, command);
154 return target_write_memory(bank->target, address, bank->bus_width, 1, command);
157 /* read unsigned 8-bit value from the bank
158 * flash banks are expected to be made of similar chips
159 * the query result should be the same for all
161 static int cfi_query_u8(struct flash_bank *bank, int sector, uint32_t offset, uint8_t *val)
163 struct target *target = bank->target;
164 uint8_t data[CFI_MAX_BUS_WIDTH];
167 retval = target_read_memory(target, flash_address(bank, sector, offset),
168 bank->bus_width, 1, data);
169 if (retval != ERROR_OK)
172 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
175 *val = data[bank->bus_width - 1];
180 /* read unsigned 8-bit value from the bank
181 * in case of a bank made of multiple chips,
182 * the individual values are ORed
184 static int cfi_get_u8(struct flash_bank *bank, int sector, uint32_t offset, uint8_t *val)
186 struct target *target = bank->target;
187 uint8_t data[CFI_MAX_BUS_WIDTH];
191 retval = target_read_memory(target, flash_address(bank, sector, offset),
192 bank->bus_width, 1, data);
193 if (retval != ERROR_OK)
196 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
198 for (i = 0; i < bank->bus_width / bank->chip_width; i++)
206 for (i = 0; i < bank->bus_width / bank->chip_width; i++)
207 value |= data[bank->bus_width - 1 - i];
214 static int cfi_query_u16(struct flash_bank *bank, int sector, uint32_t offset, uint16_t *val)
216 struct target *target = bank->target;
217 struct cfi_flash_bank *cfi_info = bank->driver_priv;
218 uint8_t data[CFI_MAX_BUS_WIDTH * 2];
221 if (cfi_info->x16_as_x8)
224 for (i = 0;i < 2;i++)
226 retval = target_read_memory(target, flash_address(bank, sector, offset + i),
227 bank->bus_width, 1, &data[i * bank->bus_width]);
228 if (retval != ERROR_OK)
233 retval = target_read_memory(target, flash_address(bank, sector, offset),
234 bank->bus_width, 2, data);
235 if (retval != ERROR_OK)
239 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
240 *val = data[0] | data[bank->bus_width] << 8;
242 *val = data[bank->bus_width - 1] | data[(2 * bank->bus_width) - 1] << 8;
247 static int cfi_query_u32(struct flash_bank *bank, int sector, uint32_t offset, uint32_t *val)
249 struct target *target = bank->target;
250 struct cfi_flash_bank *cfi_info = bank->driver_priv;
251 uint8_t data[CFI_MAX_BUS_WIDTH * 4];
254 if (cfi_info->x16_as_x8)
257 for (i = 0;i < 4;i++)
259 retval = target_read_memory(target, flash_address(bank, sector, offset + i),
260 bank->bus_width, 1, &data[i * bank->bus_width]);
261 if (retval != ERROR_OK)
267 retval = target_read_memory(target, flash_address(bank, sector, offset),
268 bank->bus_width, 4, data);
269 if (retval != ERROR_OK)
273 if (bank->target->endianness == TARGET_LITTLE_ENDIAN)
274 *val = data[0] | data[bank->bus_width] << 8 |
275 data[bank->bus_width * 2] << 16 | data[bank->bus_width * 3] << 24;
277 *val = data[bank->bus_width - 1] | data[(2* bank->bus_width) - 1] << 8 |
278 data[(3 * bank->bus_width) - 1] << 16 | data[(4 * bank->bus_width) - 1] << 24;
283 static int cfi_reset(struct flash_bank *bank)
285 struct cfi_flash_bank *cfi_info = bank->driver_priv;
286 int retval = ERROR_OK;
288 if ((retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0))) != ERROR_OK)
293 if ((retval = cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0))) != ERROR_OK)
298 if (cfi_info->manufacturer == 0x20 &&
299 (cfi_info->device_id == 0x227E || cfi_info->device_id == 0x7E))
301 /* Numonix M29W128G is cmd 0xFF intolerant - causes internal undefined state
302 * so we send an extra 0xF0 reset to fix the bug */
303 if ((retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x00))) != ERROR_OK)
312 static void cfi_intel_clear_status_register(struct flash_bank *bank)
314 cfi_send_command(bank, 0x50, flash_address(bank, 0, 0x0));
317 static int cfi_intel_wait_status_busy(struct flash_bank *bank, int timeout, uint8_t *val)
321 int retval = ERROR_OK;
327 LOG_ERROR("timeout while waiting for WSM to become ready");
331 retval = cfi_get_u8(bank, 0, 0x0, &status);
332 if (retval != ERROR_OK)
341 /* mask out bit 0 (reserved) */
342 status = status & 0xfe;
344 LOG_DEBUG("status: 0x%x", status);
348 LOG_ERROR("status register: 0x%x", status);
350 LOG_ERROR("Block Lock-Bit Detected, Operation Abort");
352 LOG_ERROR("Program suspended");
354 LOG_ERROR("Low Programming Voltage Detected, Operation Aborted");
356 LOG_ERROR("Program Error / Error in Setting Lock-Bit");
358 LOG_ERROR("Error in Block Erasure or Clear Lock-Bits");
360 LOG_ERROR("Block Erase Suspended");
362 cfi_intel_clear_status_register(bank);
371 static int cfi_spansion_wait_status_busy(struct flash_bank *bank, int timeout)
373 uint8_t status, oldstatus;
374 struct cfi_flash_bank *cfi_info = bank->driver_priv;
377 retval = cfi_get_u8(bank, 0, 0x0, &oldstatus);
378 if (retval != ERROR_OK)
382 retval = cfi_get_u8(bank, 0, 0x0, &status);
384 if (retval != ERROR_OK)
387 if ((status ^ oldstatus) & 0x40) {
388 if (status & cfi_info->status_poll_mask & 0x20) {
389 retval = cfi_get_u8(bank, 0, 0x0, &oldstatus);
390 if (retval != ERROR_OK)
392 retval = cfi_get_u8(bank, 0, 0x0, &status);
393 if (retval != ERROR_OK)
395 if ((status ^ oldstatus) & 0x40) {
396 LOG_ERROR("dq5 timeout, status: 0x%x", status);
397 return(ERROR_FLASH_OPERATION_FAILED);
399 LOG_DEBUG("status: 0x%x", status);
403 } else { /* no toggle: finished, OK */
404 LOG_DEBUG("status: 0x%x", status);
410 } while (timeout-- > 0);
412 LOG_ERROR("timeout, status: 0x%x", status);
414 return(ERROR_FLASH_BUSY);
417 static int cfi_read_intel_pri_ext(struct flash_bank *bank)
420 struct cfi_flash_bank *cfi_info = bank->driver_priv;
421 struct cfi_intel_pri_ext *pri_ext;
423 if (cfi_info->pri_ext)
424 free(cfi_info->pri_ext);
426 pri_ext = malloc(sizeof(struct cfi_intel_pri_ext));
429 LOG_ERROR("Out of memory");
432 cfi_info->pri_ext = pri_ext;
434 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &pri_ext->pri[0]);
435 if (retval != ERROR_OK)
437 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &pri_ext->pri[1]);
438 if (retval != ERROR_OK)
440 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &pri_ext->pri[2]);
441 if (retval != ERROR_OK)
444 if ((pri_ext->pri[0] != 'P') || (pri_ext->pri[1] != 'R') || (pri_ext->pri[2] != 'I'))
446 if ((retval = cfi_reset(bank)) != ERROR_OK)
450 LOG_ERROR("Could not read bank flash bank information");
451 return ERROR_FLASH_BANK_INVALID;
454 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &pri_ext->major_version);
455 if (retval != ERROR_OK)
457 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &pri_ext->minor_version);
458 if (retval != ERROR_OK)
461 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", pri_ext->pri[0], pri_ext->pri[1],
462 pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
464 retval = cfi_query_u32(bank, 0, cfi_info->pri_addr + 5, &pri_ext->feature_support);
465 if (retval != ERROR_OK)
467 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 9, &pri_ext->suspend_cmd_support);
468 if (retval != ERROR_OK)
470 retval = cfi_query_u16(bank, 0, cfi_info->pri_addr + 0xa, &pri_ext->blk_status_reg_mask);
471 if (retval != ERROR_OK)
474 LOG_DEBUG("feature_support: 0x%" PRIx32 ", suspend_cmd_support: "
475 "0x%x, blk_status_reg_mask: 0x%x",
476 pri_ext->feature_support,
477 pri_ext->suspend_cmd_support,
478 pri_ext->blk_status_reg_mask);
480 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xc, &pri_ext->vcc_optimal);
481 if (retval != ERROR_OK)
483 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xd, &pri_ext->vpp_optimal);
484 if (retval != ERROR_OK)
487 LOG_DEBUG("Vcc opt: %x.%x, Vpp opt: %u.%x",
488 (pri_ext->vcc_optimal & 0xf0) >> 4, pri_ext->vcc_optimal & 0x0f,
489 (pri_ext->vpp_optimal & 0xf0) >> 4, pri_ext->vpp_optimal & 0x0f);
491 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0xe, &pri_ext->num_protection_fields);
492 if (retval != ERROR_OK)
494 if (pri_ext->num_protection_fields != 1)
496 LOG_WARNING("expected one protection register field, but found %i",
497 pri_ext->num_protection_fields);
500 retval = cfi_query_u16(bank, 0, cfi_info->pri_addr + 0xf, &pri_ext->prot_reg_addr);
501 if (retval != ERROR_OK)
503 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0x11, &pri_ext->fact_prot_reg_size);
504 if (retval != ERROR_OK)
506 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0x12, &pri_ext->user_prot_reg_size);
507 if (retval != ERROR_OK)
510 LOG_DEBUG("protection_fields: %i, prot_reg_addr: 0x%x, "
511 "factory pre-programmed: %i, user programmable: %i",
512 pri_ext->num_protection_fields, pri_ext->prot_reg_addr,
513 1 << pri_ext->fact_prot_reg_size, 1 << pri_ext->user_prot_reg_size);
518 static int cfi_read_spansion_pri_ext(struct flash_bank *bank)
521 struct cfi_flash_bank *cfi_info = bank->driver_priv;
522 struct cfi_spansion_pri_ext *pri_ext;
524 if (cfi_info->pri_ext)
525 free(cfi_info->pri_ext);
527 pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext));
530 LOG_ERROR("Out of memory");
533 cfi_info->pri_ext = pri_ext;
535 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &pri_ext->pri[0]);
536 if (retval != ERROR_OK)
538 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &pri_ext->pri[1]);
539 if (retval != ERROR_OK)
541 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &pri_ext->pri[2]);
542 if (retval != ERROR_OK)
545 if ((pri_ext->pri[0] != 'P') || (pri_ext->pri[1] != 'R') || (pri_ext->pri[2] != 'I'))
547 if ((retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0))) != ERROR_OK)
551 LOG_ERROR("Could not read spansion bank information");
552 return ERROR_FLASH_BANK_INVALID;
555 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &pri_ext->major_version);
556 if (retval != ERROR_OK)
558 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &pri_ext->minor_version);
559 if (retval != ERROR_OK)
562 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", pri_ext->pri[0], pri_ext->pri[1],
563 pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
565 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 5, &pri_ext->SiliconRevision);
566 if (retval != ERROR_OK)
568 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 6, &pri_ext->EraseSuspend);
569 if (retval != ERROR_OK)
571 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 7, &pri_ext->BlkProt);
572 if (retval != ERROR_OK)
574 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 8, &pri_ext->TmpBlkUnprotect);
575 if (retval != ERROR_OK)
577 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 9, &pri_ext->BlkProtUnprot);
578 if (retval != ERROR_OK)
580 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 10, &pri_ext->SimultaneousOps);
581 if (retval != ERROR_OK)
583 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 11, &pri_ext->BurstMode);
584 if (retval != ERROR_OK)
586 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 12, &pri_ext->PageMode);
587 if (retval != ERROR_OK)
589 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 13, &pri_ext->VppMin);
590 if (retval != ERROR_OK)
592 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 14, &pri_ext->VppMax);
593 if (retval != ERROR_OK)
595 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 15, &pri_ext->TopBottom);
596 if (retval != ERROR_OK)
599 LOG_DEBUG("Silicon Revision: 0x%x, Erase Suspend: 0x%x, Block protect: 0x%x",
600 pri_ext->SiliconRevision, pri_ext->EraseSuspend, pri_ext->BlkProt);
602 LOG_DEBUG("Temporary Unprotect: 0x%x, Block Protect Scheme: 0x%x, "
603 "Simultaneous Ops: 0x%x", pri_ext->TmpBlkUnprotect,
604 pri_ext->BlkProtUnprot, pri_ext->SimultaneousOps);
606 LOG_DEBUG("Burst Mode: 0x%x, Page Mode: 0x%x, ", pri_ext->BurstMode, pri_ext->PageMode);
609 LOG_DEBUG("Vpp min: %u.%x, Vpp max: %u.%x",
610 (pri_ext->VppMin & 0xf0) >> 4, pri_ext->VppMin & 0x0f,
611 (pri_ext->VppMax & 0xf0) >> 4, pri_ext->VppMax & 0x0f);
613 LOG_DEBUG("WP# protection 0x%x", pri_ext->TopBottom);
615 /* default values for implementation specific workarounds */
616 pri_ext->_unlock1 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock1;
617 pri_ext->_unlock2 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock2;
618 pri_ext->_reversed_geometry = 0;
623 static int cfi_read_atmel_pri_ext(struct flash_bank *bank)
626 struct cfi_atmel_pri_ext atmel_pri_ext;
627 struct cfi_flash_bank *cfi_info = bank->driver_priv;
628 struct cfi_spansion_pri_ext *pri_ext;
630 if (cfi_info->pri_ext)
631 free(cfi_info->pri_ext);
633 pri_ext = malloc(sizeof(struct cfi_spansion_pri_ext));
636 LOG_ERROR("Out of memory");
640 /* ATMEL devices use the same CFI primary command set (0x2) as AMD/Spansion,
641 * but a different primary extended query table.
642 * We read the atmel table, and prepare a valid AMD/Spansion query table.
645 memset(pri_ext, 0, sizeof(struct cfi_spansion_pri_ext));
647 cfi_info->pri_ext = pri_ext;
649 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 0, &atmel_pri_ext.pri[0]);
650 if (retval != ERROR_OK)
652 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 1, &atmel_pri_ext.pri[1]);
653 if (retval != ERROR_OK)
655 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 2, &atmel_pri_ext.pri[2]);
656 if (retval != ERROR_OK)
659 if ((atmel_pri_ext.pri[0] != 'P') || (atmel_pri_ext.pri[1] != 'R')
660 || (atmel_pri_ext.pri[2] != 'I'))
662 if ((retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0))) != ERROR_OK)
666 LOG_ERROR("Could not read atmel bank information");
667 return ERROR_FLASH_BANK_INVALID;
670 pri_ext->pri[0] = atmel_pri_ext.pri[0];
671 pri_ext->pri[1] = atmel_pri_ext.pri[1];
672 pri_ext->pri[2] = atmel_pri_ext.pri[2];
674 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 3, &atmel_pri_ext.major_version);
675 if (retval != ERROR_OK)
677 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 4, &atmel_pri_ext.minor_version);
678 if (retval != ERROR_OK)
681 LOG_DEBUG("pri: '%c%c%c', version: %c.%c", atmel_pri_ext.pri[0],
682 atmel_pri_ext.pri[1], atmel_pri_ext.pri[2],
683 atmel_pri_ext.major_version, atmel_pri_ext.minor_version);
685 pri_ext->major_version = atmel_pri_ext.major_version;
686 pri_ext->minor_version = atmel_pri_ext.minor_version;
688 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 5, &atmel_pri_ext.features);
689 if (retval != ERROR_OK)
691 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 6, &atmel_pri_ext.bottom_boot);
692 if (retval != ERROR_OK)
694 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 7, &atmel_pri_ext.burst_mode);
695 if (retval != ERROR_OK)
697 retval = cfi_query_u8(bank, 0, cfi_info->pri_addr + 8, &atmel_pri_ext.page_mode);
698 if (retval != ERROR_OK)
701 LOG_DEBUG("features: 0x%2.2x, bottom_boot: 0x%2.2x, burst_mode: 0x%2.2x, page_mode: 0x%2.2x",
702 atmel_pri_ext.features, atmel_pri_ext.bottom_boot,
703 atmel_pri_ext.burst_mode, atmel_pri_ext.page_mode);
705 if (atmel_pri_ext.features & 0x02)
706 pri_ext->EraseSuspend = 2;
708 /* some chips got it backwards... */
709 if (cfi_info->device_id == AT49BV6416 ||
710 cfi_info->device_id == AT49BV6416T) {
711 if (atmel_pri_ext.bottom_boot)
712 pri_ext->TopBottom = 3;
714 pri_ext->TopBottom = 2;
716 if (atmel_pri_ext.bottom_boot)
717 pri_ext->TopBottom = 2;
719 pri_ext->TopBottom = 3;
722 pri_ext->_unlock1 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock1;
723 pri_ext->_unlock2 = cfi_unlock_addresses[CFI_UNLOCK_555_2AA].unlock2;
728 static int cfi_read_0002_pri_ext(struct flash_bank *bank)
730 struct cfi_flash_bank *cfi_info = bank->driver_priv;
732 if (cfi_info->manufacturer == CFI_MFR_ATMEL)
734 return cfi_read_atmel_pri_ext(bank);
738 return cfi_read_spansion_pri_ext(bank);
742 static int cfi_spansion_info(struct flash_bank *bank, char *buf, int buf_size)
745 struct cfi_flash_bank *cfi_info = bank->driver_priv;
746 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
748 printed = snprintf(buf, buf_size, "\nSpansion primary algorithm extend information:\n");
752 printed = snprintf(buf, buf_size, "pri: '%c%c%c', version: %c.%c\n", pri_ext->pri[0],
753 pri_ext->pri[1], pri_ext->pri[2],
754 pri_ext->major_version, pri_ext->minor_version);
758 printed = snprintf(buf, buf_size, "Silicon Rev.: 0x%x, Address Sensitive unlock: 0x%x\n",
759 (pri_ext->SiliconRevision) >> 2,
760 (pri_ext->SiliconRevision) & 0x03);
764 printed = snprintf(buf, buf_size, "Erase Suspend: 0x%x, Sector Protect: 0x%x\n",
765 pri_ext->EraseSuspend,
770 printed = snprintf(buf, buf_size, "VppMin: %u.%x, VppMax: %u.%x\n",
771 (pri_ext->VppMin & 0xf0) >> 4, pri_ext->VppMin & 0x0f,
772 (pri_ext->VppMax & 0xf0) >> 4, pri_ext->VppMax & 0x0f);
777 static int cfi_intel_info(struct flash_bank *bank, char *buf, int buf_size)
780 struct cfi_flash_bank *cfi_info = bank->driver_priv;
781 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
783 printed = snprintf(buf, buf_size, "\nintel primary algorithm extend information:\n");
787 printed = snprintf(buf, buf_size, "pri: '%c%c%c', version: %c.%c\n", pri_ext->pri[0],
788 pri_ext->pri[1], pri_ext->pri[2], pri_ext->major_version, pri_ext->minor_version);
792 printed = snprintf(buf, buf_size, "feature_support: 0x%" PRIx32 ", "
793 "suspend_cmd_support: 0x%x, blk_status_reg_mask: 0x%x\n",
794 pri_ext->feature_support, pri_ext->suspend_cmd_support, pri_ext->blk_status_reg_mask);
798 printed = snprintf(buf, buf_size, "Vcc opt: %x.%x, Vpp opt: %u.%x\n",
799 (pri_ext->vcc_optimal & 0xf0) >> 4, pri_ext->vcc_optimal & 0x0f,
800 (pri_ext->vpp_optimal & 0xf0) >> 4, pri_ext->vpp_optimal & 0x0f);
804 printed = snprintf(buf, buf_size, "protection_fields: %i, prot_reg_addr: 0x%x, "
805 "factory pre-programmed: %i, user programmable: %i\n",
806 pri_ext->num_protection_fields, pri_ext->prot_reg_addr,
807 1 << pri_ext->fact_prot_reg_size, 1 << pri_ext->user_prot_reg_size);
812 /* flash_bank cfi <base> <size> <chip_width> <bus_width> <target#> [options]
814 FLASH_BANK_COMMAND_HANDLER(cfi_flash_bank_command)
816 struct cfi_flash_bank *cfi_info;
820 LOG_WARNING("incomplete flash_bank cfi configuration");
821 return ERROR_FLASH_BANK_INVALID;
825 * - not exceed max value;
827 * - be equal to a power of 2.
828 * bus must be wide enought to hold one chip */
829 if ((bank->chip_width > CFI_MAX_CHIP_WIDTH)
830 || (bank->bus_width > CFI_MAX_BUS_WIDTH)
831 || (bank->chip_width == 0)
832 || (bank->bus_width == 0)
833 || (bank->chip_width & (bank->chip_width - 1))
834 || (bank->bus_width & (bank->bus_width - 1))
835 || (bank->chip_width > bank->bus_width))
837 LOG_ERROR("chip and bus width have to specified in bytes");
838 return ERROR_FLASH_BANK_INVALID;
841 cfi_info = malloc(sizeof(struct cfi_flash_bank));
842 cfi_info->probed = 0;
843 cfi_info->erase_region_info = NULL;
844 cfi_info->pri_ext = NULL;
845 bank->driver_priv = cfi_info;
847 cfi_info->write_algorithm = NULL;
849 cfi_info->x16_as_x8 = 0;
850 cfi_info->jedec_probe = 0;
851 cfi_info->not_cfi = 0;
853 for (unsigned i = 6; i < CMD_ARGC; i++)
855 if (strcmp(CMD_ARGV[i], "x16_as_x8") == 0)
857 cfi_info->x16_as_x8 = 1;
859 else if (strcmp(CMD_ARGV[i], "jedec_probe") == 0)
861 cfi_info->jedec_probe = 1;
865 cfi_info->write_algorithm = NULL;
867 /* bank wasn't probed yet */
868 cfi_info->qry[0] = 0xff;
873 static int cfi_intel_erase(struct flash_bank *bank, int first, int last)
876 struct cfi_flash_bank *cfi_info = bank->driver_priv;
879 cfi_intel_clear_status_register(bank);
881 for (i = first; i <= last; i++)
883 if ((retval = cfi_send_command(bank, 0x20, flash_address(bank, i, 0x0))) != ERROR_OK)
888 if ((retval = cfi_send_command(bank, 0xd0, flash_address(bank, i, 0x0))) != ERROR_OK)
894 retval = cfi_intel_wait_status_busy(bank, cfi_info->block_erase_timeout, &status);
895 if (retval != ERROR_OK)
899 bank->sectors[i].is_erased = 1;
902 if ((retval = cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0))) != ERROR_OK)
907 LOG_ERROR("couldn't erase block %i of flash bank at base 0x%" PRIx32 , i, bank->base);
908 return ERROR_FLASH_OPERATION_FAILED;
912 return cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
915 static int cfi_spansion_erase(struct flash_bank *bank, int first, int last)
918 struct cfi_flash_bank *cfi_info = bank->driver_priv;
919 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
922 for (i = first; i <= last; i++)
924 if ((retval = cfi_send_command(bank, 0xaa,
925 flash_address(bank, 0, pri_ext->_unlock1))) != ERROR_OK)
930 if ((retval = cfi_send_command(bank, 0x55,
931 flash_address(bank, 0, pri_ext->_unlock2))) != ERROR_OK)
936 if ((retval = cfi_send_command(bank, 0x80,
937 flash_address(bank, 0, pri_ext->_unlock1))) != ERROR_OK)
942 if ((retval = cfi_send_command(bank, 0xaa,
943 flash_address(bank, 0, pri_ext->_unlock1))) != ERROR_OK)
948 if ((retval = cfi_send_command(bank, 0x55,
949 flash_address(bank, 0, pri_ext->_unlock2))) != ERROR_OK)
954 if ((retval = cfi_send_command(bank, 0x30,
955 flash_address(bank, i, 0x0))) != ERROR_OK)
960 if (cfi_spansion_wait_status_busy(bank, cfi_info->block_erase_timeout) == ERROR_OK)
962 bank->sectors[i].is_erased = 1;
966 if ((retval = cfi_send_command(bank, 0xf0,
967 flash_address(bank, 0, 0x0))) != ERROR_OK)
972 LOG_ERROR("couldn't erase block %i of flash bank at base 0x%"
973 PRIx32, i, bank->base);
974 return ERROR_FLASH_OPERATION_FAILED;
978 return cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
981 static int cfi_erase(struct flash_bank *bank, int first, int last)
983 struct cfi_flash_bank *cfi_info = bank->driver_priv;
985 if (bank->target->state != TARGET_HALTED)
987 LOG_ERROR("Target not halted");
988 return ERROR_TARGET_NOT_HALTED;
991 if ((first < 0) || (last < first) || (last >= bank->num_sectors))
993 return ERROR_FLASH_SECTOR_INVALID;
996 if (cfi_info->qry[0] != 'Q')
997 return ERROR_FLASH_BANK_NOT_PROBED;
999 switch (cfi_info->pri_id)
1003 return cfi_intel_erase(bank, first, last);
1006 return cfi_spansion_erase(bank, first, last);
1009 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
1016 static int cfi_intel_protect(struct flash_bank *bank, int set, int first, int last)
1019 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1020 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
1024 /* if the device supports neither legacy lock/unlock (bit 3) nor
1025 * instant individual block locking (bit 5).
1027 if (!(pri_ext->feature_support & 0x28))
1029 LOG_ERROR("lock/unlock not supported on flash");
1030 return ERROR_FLASH_OPERATION_FAILED;
1033 cfi_intel_clear_status_register(bank);
1035 for (i = first; i <= last; i++)
1037 if ((retval = cfi_send_command(bank, 0x60, flash_address(bank, i, 0x0))) != ERROR_OK)
1043 if ((retval = cfi_send_command(bank, 0x01, flash_address(bank, i, 0x0))) != ERROR_OK)
1047 bank->sectors[i].is_protected = 1;
1051 if ((retval = cfi_send_command(bank, 0xd0, flash_address(bank, i, 0x0))) != ERROR_OK)
1055 bank->sectors[i].is_protected = 0;
1058 /* instant individual block locking doesn't require reading of the status register */
1059 if (!(pri_ext->feature_support & 0x20))
1061 /* Clear lock bits operation may take up to 1.4s */
1063 retval = cfi_intel_wait_status_busy(bank, 1400, &status);
1064 if (retval != ERROR_OK)
1069 uint8_t block_status;
1070 /* read block lock bit, to verify status */
1071 if ((retval = cfi_send_command(bank, 0x90, flash_address(bank, 0, 0x55))) != ERROR_OK)
1075 retval = cfi_get_u8(bank, i, 0x2, &block_status);
1076 if (retval != ERROR_OK)
1079 if ((block_status & 0x1) != set)
1081 LOG_ERROR("couldn't change block lock status (set = %i, block_status = 0x%2.2x)",
1083 if ((retval = cfi_send_command(bank, 0x70,
1084 flash_address(bank, 0, 0x55))) != ERROR_OK)
1089 retval = cfi_intel_wait_status_busy(bank, 10, &status);
1090 if (retval != ERROR_OK)
1094 return ERROR_FLASH_OPERATION_FAILED;
1104 /* if the device doesn't support individual block lock bits set/clear,
1105 * all blocks have been unlocked in parallel, so we set those that should be protected
1107 if ((!set) && (!(pri_ext->feature_support & 0x20)))
1109 /* FIX!!! this code path is broken!!!
1111 * The correct approach is:
1113 * 1. read out current protection status
1115 * 2. override read out protection status w/unprotected.
1117 * 3. re-protect what should be protected.
1120 for (i = 0; i < bank->num_sectors; i++)
1122 if (bank->sectors[i].is_protected == 1)
1124 cfi_intel_clear_status_register(bank);
1126 if ((retval = cfi_send_command(bank, 0x60,
1127 flash_address(bank, i, 0x0))) != ERROR_OK)
1132 if ((retval = cfi_send_command(bank, 0x01,
1133 flash_address(bank, i, 0x0))) != ERROR_OK)
1139 retval = cfi_intel_wait_status_busy(bank, 100, &status);
1140 if (retval != ERROR_OK)
1146 return cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
1149 static int cfi_protect(struct flash_bank *bank, int set, int first, int last)
1151 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1153 if (bank->target->state != TARGET_HALTED)
1155 LOG_ERROR("Target not halted");
1156 return ERROR_TARGET_NOT_HALTED;
1159 if ((first < 0) || (last < first) || (last >= bank->num_sectors))
1161 LOG_ERROR("Invalid sector range");
1162 return ERROR_FLASH_SECTOR_INVALID;
1165 if (cfi_info->qry[0] != 'Q')
1166 return ERROR_FLASH_BANK_NOT_PROBED;
1168 switch (cfi_info->pri_id)
1172 return cfi_intel_protect(bank, set, first, last);
1175 LOG_WARNING("protect: cfi primary command set %i unsupported", cfi_info->pri_id);
1180 /* Convert code image to target endian */
1181 /* FIXME create general block conversion fcts in target.c?) */
1182 static void cfi_fix_code_endian(struct target *target, uint8_t *dest,
1183 const uint32_t *src, uint32_t count)
1186 for (i = 0; i< count; i++)
1188 target_buffer_set_u32(target, dest, *src);
1194 static uint32_t cfi_command_val(struct flash_bank *bank, uint8_t cmd)
1196 struct target *target = bank->target;
1198 uint8_t buf[CFI_MAX_BUS_WIDTH];
1199 cfi_command(bank, cmd, buf);
1200 switch (bank->bus_width)
1206 return target_buffer_get_u16(target, buf);
1209 return target_buffer_get_u32(target, buf);
1212 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes", bank->bus_width);
1217 static int cfi_intel_write_block(struct flash_bank *bank, uint8_t *buffer,
1218 uint32_t address, uint32_t count)
1220 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1221 struct target *target = bank->target;
1222 struct reg_param reg_params[7];
1223 struct arm_algorithm armv4_5_info;
1224 struct working_area *source;
1225 uint32_t buffer_size = 32768;
1226 uint32_t write_command_val, busy_pattern_val, error_pattern_val;
1228 /* algorithm register usage:
1229 * r0: source address (in RAM)
1230 * r1: target address (in Flash)
1232 * r3: flash write command
1233 * r4: status byte (returned to host)
1234 * r5: busy test pattern
1235 * r6: error test pattern
1238 /* see contib/loaders/flash/armv4_5_cfi_intel_32.s for src */
1239 static const uint32_t word_32_code[] = {
1240 0xe4904004, /* loop: ldr r4, [r0], #4 */
1241 0xe5813000, /* str r3, [r1] */
1242 0xe5814000, /* str r4, [r1] */
1243 0xe5914000, /* busy: ldr r4, [r1] */
1244 0xe0047005, /* and r7, r4, r5 */
1245 0xe1570005, /* cmp r7, r5 */
1246 0x1afffffb, /* bne busy */
1247 0xe1140006, /* tst r4, r6 */
1248 0x1a000003, /* bne done */
1249 0xe2522001, /* subs r2, r2, #1 */
1250 0x0a000001, /* beq done */
1251 0xe2811004, /* add r1, r1 #4 */
1252 0xeafffff2, /* b loop */
1253 0xeafffffe /* done: b -2 */
1256 /* see contib/loaders/flash/armv4_5_cfi_intel_16.s for src */
1257 static const uint32_t word_16_code[] = {
1258 0xe0d040b2, /* loop: ldrh r4, [r0], #2 */
1259 0xe1c130b0, /* strh r3, [r1] */
1260 0xe1c140b0, /* strh r4, [r1] */
1261 0xe1d140b0, /* busy ldrh r4, [r1] */
1262 0xe0047005, /* and r7, r4, r5 */
1263 0xe1570005, /* cmp r7, r5 */
1264 0x1afffffb, /* bne busy */
1265 0xe1140006, /* tst r4, r6 */
1266 0x1a000003, /* bne done */
1267 0xe2522001, /* subs r2, r2, #1 */
1268 0x0a000001, /* beq done */
1269 0xe2811002, /* add r1, r1 #2 */
1270 0xeafffff2, /* b loop */
1271 0xeafffffe /* done: b -2 */
1274 /* see contib/loaders/flash/armv4_5_cfi_intel_8.s for src */
1275 static const uint32_t word_8_code[] = {
1276 0xe4d04001, /* loop: ldrb r4, [r0], #1 */
1277 0xe5c13000, /* strb r3, [r1] */
1278 0xe5c14000, /* strb r4, [r1] */
1279 0xe5d14000, /* busy ldrb r4, [r1] */
1280 0xe0047005, /* and r7, r4, r5 */
1281 0xe1570005, /* cmp r7, r5 */
1282 0x1afffffb, /* bne busy */
1283 0xe1140006, /* tst r4, r6 */
1284 0x1a000003, /* bne done */
1285 0xe2522001, /* subs r2, r2, #1 */
1286 0x0a000001, /* beq done */
1287 0xe2811001, /* add r1, r1 #1 */
1288 0xeafffff2, /* b loop */
1289 0xeafffffe /* done: b -2 */
1291 uint8_t target_code[4*CFI_MAX_INTEL_CODESIZE];
1292 const uint32_t *target_code_src;
1293 uint32_t target_code_size;
1294 int retval = ERROR_OK;
1296 /* todo: if ( (!is_armv7m(target_to_armv7m(target)) && (!is_arm(target_to_arm(target)) ) */
1297 if (strncmp(target_type_name(target),"mips_m4k",8) == 0)
1299 LOG_ERROR("Your target has no flash block write support yet.");
1300 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1303 cfi_intel_clear_status_register(bank);
1305 armv4_5_info.common_magic = ARM_COMMON_MAGIC;
1306 armv4_5_info.core_mode = ARM_MODE_SVC;
1307 armv4_5_info.core_state = ARM_STATE_ARM;
1309 /* If we are setting up the write_algorith, we need target_code_src */
1310 /* if not we only need target_code_size. */
1312 /* However, we don't want to create multiple code paths, so we */
1313 /* do the unecessary evaluation of target_code_src, which the */
1314 /* compiler will probably nicely optimize away if not needed */
1316 /* prepare algorithm code for target endian */
1317 switch (bank->bus_width)
1320 target_code_src = word_8_code;
1321 target_code_size = sizeof(word_8_code);
1324 target_code_src = word_16_code;
1325 target_code_size = sizeof(word_16_code);
1328 target_code_src = word_32_code;
1329 target_code_size = sizeof(word_32_code);
1332 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes", bank->bus_width);
1333 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1336 /* flash write code */
1337 if (!cfi_info->write_algorithm)
1339 if (target_code_size > sizeof(target_code))
1341 LOG_WARNING("Internal error - target code buffer to small. "
1342 "Increase CFI_MAX_INTEL_CODESIZE and recompile.");
1343 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1345 cfi_fix_code_endian(target, target_code, target_code_src, target_code_size / 4);
1347 /* Get memory for block write handler */
1348 retval = target_alloc_working_area(target, target_code_size, &cfi_info->write_algorithm);
1349 if (retval != ERROR_OK)
1351 LOG_WARNING("No working area available, can't do block memory writes");
1352 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1355 /* write algorithm code to working area */
1356 retval = target_write_buffer(target, cfi_info->write_algorithm->address,
1357 target_code_size, target_code);
1358 if (retval != ERROR_OK)
1360 LOG_ERROR("Unable to write block write code to target");
1365 /* Get a workspace buffer for the data to flash starting with 32k size.
1366 Half size until buffer would be smaller 256 Bytem then fail back */
1367 /* FIXME Why 256 bytes, why not 32 bytes (smallest flash write page */
1368 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK)
1371 if (buffer_size <= 256)
1373 LOG_WARNING("no large enough working area available, can't do block memory writes");
1374 retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1379 /* setup algo registers */
1380 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
1381 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
1382 init_reg_param(®_params[2], "r2", 32, PARAM_OUT);
1383 init_reg_param(®_params[3], "r3", 32, PARAM_OUT);
1384 init_reg_param(®_params[4], "r4", 32, PARAM_IN);
1385 init_reg_param(®_params[5], "r5", 32, PARAM_OUT);
1386 init_reg_param(®_params[6], "r6", 32, PARAM_OUT);
1388 /* prepare command and status register patterns */
1389 write_command_val = cfi_command_val(bank, 0x40);
1390 busy_pattern_val = cfi_command_val(bank, 0x80);
1391 error_pattern_val = cfi_command_val(bank, 0x7e);
1393 LOG_DEBUG("Using target buffer at 0x%08" PRIx32 " and of size 0x%04" PRIx32,
1394 source->address, buffer_size);
1396 /* Programming main loop */
1399 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1402 if ((retval = target_write_buffer(target, source->address,
1403 thisrun_count, buffer)) != ERROR_OK)
1408 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1409 buf_set_u32(reg_params[1].value, 0, 32, address);
1410 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1412 buf_set_u32(reg_params[3].value, 0, 32, write_command_val);
1413 buf_set_u32(reg_params[5].value, 0, 32, busy_pattern_val);
1414 buf_set_u32(reg_params[6].value, 0, 32, error_pattern_val);
1416 LOG_DEBUG("Write 0x%04" PRIx32 " bytes to flash at 0x%08" PRIx32 , thisrun_count, address);
1418 /* Execute algorithm, assume breakpoint for last instruction */
1419 retval = target_run_algorithm(target, 0, NULL, 7, reg_params,
1420 cfi_info->write_algorithm->address,
1421 cfi_info->write_algorithm->address + target_code_size - sizeof(uint32_t),
1422 10000, /* 10s should be enough for max. 32k of data */
1425 /* On failure try a fall back to direct word writes */
1426 if (retval != ERROR_OK)
1428 cfi_intel_clear_status_register(bank);
1429 LOG_ERROR("Execution of flash algorythm failed. Can't fall back. Please report.");
1430 retval = ERROR_FLASH_OPERATION_FAILED;
1431 /* retval = ERROR_TARGET_RESOURCE_NOT_AVAILABLE; */
1432 /* FIXME To allow fall back or recovery, we must save the actual status
1433 * somewhere, so that a higher level code can start recovery. */
1437 /* Check return value from algo code */
1438 wsm_error = buf_get_u32(reg_params[4].value, 0, 32) & error_pattern_val;
1441 /* read status register (outputs debug inforation) */
1443 cfi_intel_wait_status_busy(bank, 100, &status);
1444 cfi_intel_clear_status_register(bank);
1445 retval = ERROR_FLASH_OPERATION_FAILED;
1449 buffer += thisrun_count;
1450 address += thisrun_count;
1451 count -= thisrun_count;
1456 /* free up resources */
1459 target_free_working_area(target, source);
1461 if (cfi_info->write_algorithm)
1463 target_free_working_area(target, cfi_info->write_algorithm);
1464 cfi_info->write_algorithm = NULL;
1467 destroy_reg_param(®_params[0]);
1468 destroy_reg_param(®_params[1]);
1469 destroy_reg_param(®_params[2]);
1470 destroy_reg_param(®_params[3]);
1471 destroy_reg_param(®_params[4]);
1472 destroy_reg_param(®_params[5]);
1473 destroy_reg_param(®_params[6]);
1478 static int cfi_spansion_write_block_mips(struct flash_bank *bank, uint8_t *buffer,
1479 uint32_t address, uint32_t count)
1481 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1482 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
1483 struct target *target = bank->target;
1484 struct reg_param reg_params[10];
1485 struct mips32_algorithm mips32_info;
1486 struct working_area *source;
1487 uint32_t buffer_size = 32768;
1489 int retval = ERROR_OK;
1491 /* input parameters - */
1492 /* 4 A0 = source address */
1493 /* 5 A1 = destination address */
1494 /* 6 A2 = number of writes */
1495 /* 7 A3 = flash write command */
1496 /* 8 T0 = constant to mask DQ7 bits (also used for Dq5 with shift) */
1497 /* output parameters - */
1498 /* 9 T1 = 0x80 ok 0x00 bad */
1499 /* temp registers - */
1500 /* 10 T2 = value read from flash to test status */
1501 /* 11 T3 = holding register */
1502 /* unlock registers - */
1503 /* 12 T4 = unlock1_addr */
1504 /* 13 T5 = unlock1_cmd */
1505 /* 14 T6 = unlock2_addr */
1506 /* 15 T7 = unlock2_cmd */
1508 static const uint32_t mips_word_16_code[] = {
1510 MIPS32_LHU(9,0,4), /* lhu $t1, ($a0) ; out = &saddr */
1511 MIPS32_ADDI(4,4,2), /* addi $a0, $a0, 2 ; saddr += 2 */
1512 MIPS32_SH(13,0,12), /* sh $t5, ($t4) ; *fl_unl_addr1 = fl_unl_cmd1 */
1513 MIPS32_SH(15,0,14), /* sh $t7, ($t6) ; *fl_unl_addr2 = fl_unl_cmd2 */
1514 MIPS32_SH(7,0,12), /* sh $a3, ($t4) ; *fl_unl_addr1 = fl_write_cmd */
1515 MIPS32_SH(9,0,5), /* sh $t1, ($a1) ; *daddr = out */
1516 MIPS32_NOP, /* nop */
1518 MIPS32_LHU(10,0,5), /* lhu $t2, ($a1) ; temp1 = *daddr */
1519 MIPS32_XOR(11,9,10), /* xor $t3, $a0, $t2 ; temp2 = out ^ temp1; */
1520 MIPS32_AND(11,8,11), /* and $t3, $t0, $t3 ; temp2 = temp2 & DQ7mask */
1521 MIPS32_BNE(11,8, 13), /* bne $t3, $t0, cont ; if (temp2 != DQ7mask) goto cont */
1522 MIPS32_NOP, /* nop */
1524 MIPS32_SRL(10,8,2), /* srl $t2,$t0,2 ; temp1 = DQ7mask >> 2 */
1525 MIPS32_AND(11,10,11), /* and $t3, $t2, $t3 ; temp2 = temp2 & temp1 */
1526 MIPS32_BNE(11,10, NEG16(8)), /* bne $t3, $t2, busy ; if (temp2 != temp1) goto busy */
1527 MIPS32_NOP, /* nop */
1529 MIPS32_LHU(10,0,5), /* lhu $t2, ($a1) ; temp1 = *daddr */
1530 MIPS32_XOR(11,9,10), /* xor $t3, $a0, $t2 ; temp2 = out ^ temp1; */
1531 MIPS32_AND(11,8,11), /* and $t3, $t0, $t3 ; temp2 = temp2 & DQ7mask */
1532 MIPS32_BNE(11,8, 4), /* bne $t3, $t0, cont ; if (temp2 != DQ7mask) goto cont */
1533 MIPS32_NOP, /* nop */
1535 MIPS32_XOR(9,9,9), /* xor $t1, $t1, $t1 ; out = 0 */
1536 MIPS32_BEQ(9,0, 11), /* beq $t1, $zero, done ; if (out == 0) goto done */
1537 MIPS32_NOP, /* nop */
1539 MIPS32_ADDI(6,6,NEG16(1)), /* addi, $a2, $a2, -1 ; numwrites-- */
1540 MIPS32_BNE(6,0, 5), /* bne $a2, $zero, cont2 ; if (numwrite != 0) goto cont2 */
1541 MIPS32_NOP, /* nop */
1543 MIPS32_LUI(9,0), /* lui $t1, 0 */
1544 MIPS32_ORI(9,9,0x80), /* ori $t1, $t1, 0x80 ; out = 0x80 */
1546 MIPS32_B(4), /* b done ; goto done */
1547 MIPS32_NOP, /* nop */
1549 MIPS32_ADDI(5,5,2), /* addi $a0, $a0, 2 ; daddr += 2 */
1550 MIPS32_B(NEG16(33)), /* b start ; goto start */
1551 MIPS32_NOP, /* nop */
1553 /*MIPS32_B(NEG16(1)), */ /* b done ; goto done */
1554 MIPS32_SDBBP, /* sdbbp ; break(); */
1555 /*MIPS32_B(NEG16(33)), */ /* b start ; goto start */
1559 mips32_info.common_magic = MIPS32_COMMON_MAGIC;
1560 mips32_info.isa_mode = MIPS32_ISA_MIPS32;
1562 int target_code_size = 0;
1563 const uint32_t *target_code_src = NULL;
1565 switch (bank->bus_width)
1568 /* Check for DQ5 support */
1569 if( cfi_info->status_poll_mask & (1 << 5) )
1571 target_code_src = mips_word_16_code;
1572 target_code_size = sizeof(mips_word_16_code);
1576 LOG_ERROR("Need DQ5 support");
1577 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1578 //target_code_src = mips_word_16_code_dq7only;
1579 //target_code_size = sizeof(mips_word_16_code_dq7only);
1583 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes", bank->bus_width);
1584 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1587 /* flash write code */
1588 if (!cfi_info->write_algorithm)
1590 uint8_t *target_code;
1592 /* convert bus-width dependent algorithm code to correct endiannes */
1593 target_code = malloc(target_code_size);
1594 if (target_code == NULL)
1596 LOG_ERROR("Out of memory");
1599 cfi_fix_code_endian(target, target_code, target_code_src, target_code_size / 4);
1601 /* allocate working area */
1602 retval = target_alloc_working_area(target, target_code_size,
1603 &cfi_info->write_algorithm);
1604 if (retval != ERROR_OK)
1610 /* write algorithm code to working area */
1611 if ((retval = target_write_buffer(target, cfi_info->write_algorithm->address,
1612 target_code_size, target_code)) != ERROR_OK)
1620 /* the following code still assumes target code is fixed 24*4 bytes */
1622 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK)
1625 if (buffer_size <= 256)
1627 /* if we already allocated the writing code, but failed to get a
1628 * buffer, free the algorithm */
1629 if (cfi_info->write_algorithm)
1630 target_free_working_area(target, cfi_info->write_algorithm);
1632 LOG_WARNING("not enough working area available, can't do block memory writes");
1633 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1637 init_reg_param(®_params[0], "a0", 32, PARAM_OUT);
1638 init_reg_param(®_params[1], "a1", 32, PARAM_OUT);
1639 init_reg_param(®_params[2], "a2", 32, PARAM_OUT);
1640 init_reg_param(®_params[3], "a3", 32, PARAM_OUT);
1641 init_reg_param(®_params[4], "t0", 32, PARAM_OUT);
1642 init_reg_param(®_params[5], "t1", 32, PARAM_IN);
1643 init_reg_param(®_params[6], "t4", 32, PARAM_OUT);
1644 init_reg_param(®_params[7], "t5", 32, PARAM_OUT);
1645 init_reg_param(®_params[8], "t6", 32, PARAM_OUT);
1646 init_reg_param(®_params[9], "t7", 32, PARAM_OUT);
1650 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
1652 retval = target_write_buffer(target, source->address, thisrun_count, buffer);
1653 if (retval != ERROR_OK)
1658 buf_set_u32(reg_params[0].value, 0, 32, source->address);
1659 buf_set_u32(reg_params[1].value, 0, 32, address);
1660 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
1661 buf_set_u32(reg_params[3].value, 0, 32, cfi_command_val(bank, 0xA0));
1662 buf_set_u32(reg_params[4].value, 0, 32, cfi_command_val(bank, 0x80));
1663 buf_set_u32(reg_params[6].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock1));
1664 buf_set_u32(reg_params[7].value, 0, 32, 0xaaaaaaaa);
1665 buf_set_u32(reg_params[8].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock2));
1666 buf_set_u32(reg_params[9].value, 0, 32, 0x55555555);
1668 retval = target_run_algorithm(target, 0, NULL, 10, reg_params,
1669 cfi_info->write_algorithm->address,
1670 cfi_info->write_algorithm->address + ((target_code_size) - 4),
1671 10000, &mips32_info);
1672 if (retval != ERROR_OK)
1677 status = buf_get_u32(reg_params[5].value, 0, 32);
1680 LOG_ERROR("flash write block failed status: 0x%" PRIx32 , status);
1681 retval = ERROR_FLASH_OPERATION_FAILED;
1685 buffer += thisrun_count;
1686 address += thisrun_count;
1687 count -= thisrun_count;
1690 target_free_all_working_areas(target);
1692 destroy_reg_param(®_params[0]);
1693 destroy_reg_param(®_params[1]);
1694 destroy_reg_param(®_params[2]);
1695 destroy_reg_param(®_params[3]);
1696 destroy_reg_param(®_params[4]);
1697 destroy_reg_param(®_params[5]);
1698 destroy_reg_param(®_params[6]);
1699 destroy_reg_param(®_params[7]);
1700 destroy_reg_param(®_params[8]);
1701 destroy_reg_param(®_params[9]);
1706 static int cfi_spansion_write_block(struct flash_bank *bank, uint8_t *buffer,
1707 uint32_t address, uint32_t count)
1709 struct cfi_flash_bank *cfi_info = bank->driver_priv;
1710 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
1711 struct target *target = bank->target;
1712 struct reg_param reg_params[10];
1713 struct arm_algorithm armv4_5_info;
1714 struct working_area *source;
1715 uint32_t buffer_size = 32768;
1717 int retval = ERROR_OK;
1719 /* input parameters - */
1720 /* R0 = source address */
1721 /* R1 = destination address */
1722 /* R2 = number of writes */
1723 /* R3 = flash write command */
1724 /* R4 = constant to mask DQ7 bits (also used for Dq5 with shift) */
1725 /* output parameters - */
1726 /* R5 = 0x80 ok 0x00 bad */
1727 /* temp registers - */
1728 /* R6 = value read from flash to test status */
1729 /* R7 = holding register */
1730 /* unlock registers - */
1731 /* R8 = unlock1_addr */
1732 /* R9 = unlock1_cmd */
1733 /* R10 = unlock2_addr */
1734 /* R11 = unlock2_cmd */
1736 /* see contib/loaders/flash/armv4_5_cfi_span_32.s for src */
1737 static const uint32_t armv4_5_word_32_code[] = {
1738 /* 00008100 <sp_32_code>: */
1739 0xe4905004, /* ldr r5, [r0], #4 */
1740 0xe5889000, /* str r9, [r8] */
1741 0xe58ab000, /* str r11, [r10] */
1742 0xe5883000, /* str r3, [r8] */
1743 0xe5815000, /* str r5, [r1] */
1744 0xe1a00000, /* nop */
1746 /* 00008110 <sp_32_busy>: */
1747 0xe5916000, /* ldr r6, [r1] */
1748 0xe0257006, /* eor r7, r5, r6 */
1749 0xe0147007, /* ands r7, r4, r7 */
1750 0x0a000007, /* beq 8140 <sp_32_cont> ; b if DQ7 == Data7 */
1751 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1752 0x0afffff9, /* beq 8110 <sp_32_busy> ; b if DQ5 low */
1753 0xe5916000, /* ldr r6, [r1] */
1754 0xe0257006, /* eor r7, r5, r6 */
1755 0xe0147007, /* ands r7, r4, r7 */
1756 0x0a000001, /* beq 8140 <sp_32_cont> ; b if DQ7 == Data7 */
1757 0xe3a05000, /* mov r5, #0 ; 0x0 - return 0x00, error */
1758 0x1a000004, /* bne 8154 <sp_32_done> */
1760 /* 00008140 <sp_32_cont>: */
1761 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1762 0x03a05080, /* moveq r5, #128 ; 0x80 */
1763 0x0a000001, /* beq 8154 <sp_32_done> */
1764 0xe2811004, /* add r1, r1, #4 ; 0x4 */
1765 0xeaffffe8, /* b 8100 <sp_32_code> */
1767 /* 00008154 <sp_32_done>: */
1768 0xeafffffe /* b 8154 <sp_32_done> */
1771 /* see contib/loaders/flash/armv4_5_cfi_span_16.s for src */
1772 static const uint32_t armv4_5_word_16_code[] = {
1773 /* 00008158 <sp_16_code>: */
1774 0xe0d050b2, /* ldrh r5, [r0], #2 */
1775 0xe1c890b0, /* strh r9, [r8] */
1776 0xe1cab0b0, /* strh r11, [r10] */
1777 0xe1c830b0, /* strh r3, [r8] */
1778 0xe1c150b0, /* strh r5, [r1] */
1779 0xe1a00000, /* nop (mov r0,r0) */
1781 /* 00008168 <sp_16_busy>: */
1782 0xe1d160b0, /* ldrh r6, [r1] */
1783 0xe0257006, /* eor r7, r5, r6 */
1784 0xe0147007, /* ands r7, r4, r7 */
1785 0x0a000007, /* beq 8198 <sp_16_cont> */
1786 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1787 0x0afffff9, /* beq 8168 <sp_16_busy> */
1788 0xe1d160b0, /* ldrh r6, [r1] */
1789 0xe0257006, /* eor r7, r5, r6 */
1790 0xe0147007, /* ands r7, r4, r7 */
1791 0x0a000001, /* beq 8198 <sp_16_cont> */
1792 0xe3a05000, /* mov r5, #0 ; 0x0 */
1793 0x1a000004, /* bne 81ac <sp_16_done> */
1795 /* 00008198 <sp_16_cont>: */
1796 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1797 0x03a05080, /* moveq r5, #128 ; 0x80 */
1798 0x0a000001, /* beq 81ac <sp_16_done> */
1799 0xe2811002, /* add r1, r1, #2 ; 0x2 */
1800 0xeaffffe8, /* b 8158 <sp_16_code> */
1802 /* 000081ac <sp_16_done>: */
1803 0xeafffffe /* b 81ac <sp_16_done> */
1806 /* see contib/loaders/flash/armv7m_cfi_span_16.s for src */
1807 static const uint32_t armv7m_word_16_code[] = {
1828 /* see contib/loaders/flash/armv4_5_cfi_span_16_dq7.s for src */
1829 static const uint32_t armv4_5_word_16_code_dq7only[] = {
1831 0xe0d050b2, /* ldrh r5, [r0], #2 */
1832 0xe1c890b0, /* strh r9, [r8] */
1833 0xe1cab0b0, /* strh r11, [r10] */
1834 0xe1c830b0, /* strh r3, [r8] */
1835 0xe1c150b0, /* strh r5, [r1] */
1836 0xe1a00000, /* nop (mov r0,r0) */
1839 0xe1d160b0, /* ldrh r6, [r1] */
1840 0xe0257006, /* eor r7, r5, r6 */
1841 0xe2177080, /* ands r7, #0x80 */
1842 0x1afffffb, /* bne 8168 <sp_16_busy> */
1844 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1845 0x03a05080, /* moveq r5, #128 ; 0x80 */
1846 0x0a000001, /* beq 81ac <sp_16_done> */
1847 0xe2811002, /* add r1, r1, #2 ; 0x2 */
1848 0xeafffff0, /* b 8158 <sp_16_code> */
1850 /* 000081ac <sp_16_done>: */
1851 0xeafffffe /* b 81ac <sp_16_done> */
1854 /* see contib/loaders/flash/armv4_5_cfi_span_8.s for src */
1855 static const uint32_t armv4_5_word_8_code[] = {
1856 /* 000081b0 <sp_16_code_end>: */
1857 0xe4d05001, /* ldrb r5, [r0], #1 */
1858 0xe5c89000, /* strb r9, [r8] */
1859 0xe5cab000, /* strb r11, [r10] */
1860 0xe5c83000, /* strb r3, [r8] */
1861 0xe5c15000, /* strb r5, [r1] */
1862 0xe1a00000, /* nop (mov r0,r0) */
1864 /* 000081c0 <sp_8_busy>: */
1865 0xe5d16000, /* ldrb r6, [r1] */
1866 0xe0257006, /* eor r7, r5, r6 */
1867 0xe0147007, /* ands r7, r4, r7 */
1868 0x0a000007, /* beq 81f0 <sp_8_cont> */
1869 0xe0166124, /* ands r6, r6, r4, lsr #2 */
1870 0x0afffff9, /* beq 81c0 <sp_8_busy> */
1871 0xe5d16000, /* ldrb r6, [r1] */
1872 0xe0257006, /* eor r7, r5, r6 */
1873 0xe0147007, /* ands r7, r4, r7 */
1874 0x0a000001, /* beq 81f0 <sp_8_cont> */
1875 0xe3a05000, /* mov r5, #0 ; 0x0 */
1876 0x1a000004, /* bne 8204 <sp_8_done> */
1878 /* 000081f0 <sp_8_cont>: */
1879 0xe2522001, /* subs r2, r2, #1 ; 0x1 */
1880 0x03a05080, /* moveq r5, #128 ; 0x80 */
1881 0x0a000001, /* beq 8204 <sp_8_done> */
1882 0xe2811001, /* add r1, r1, #1 ; 0x1 */
1883 0xeaffffe8, /* b 81b0 <sp_16_code_end> */
1885 /* 00008204 <sp_8_done>: */
1886 0xeafffffe /* b 8204 <sp_8_done> */
1889 if (strncmp(target_type_name(target),"mips_m4k",8) == 0)
1891 return cfi_spansion_write_block_mips(bank,buffer,address,count);
1894 if (is_armv7m(target_to_armv7m(target))) /* Cortex-M3 target */
1896 armv4_5_info.common_magic = ARMV7M_COMMON_MAGIC;
1897 armv4_5_info.core_mode = ARMV7M_MODE_HANDLER;
1898 armv4_5_info.core_state = ARM_STATE_ARM;
1902 /* All other ARM CPUs have 32 bit instructions */
1903 armv4_5_info.common_magic = ARM_COMMON_MAGIC;
1904 armv4_5_info.core_mode = ARM_MODE_SVC;
1905 armv4_5_info.core_state = ARM_STATE_ARM;
1908 int target_code_size = 0;
1909 const uint32_t *target_code_src = NULL;
1911 switch (bank->bus_width)
1914 if(armv4_5_info.common_magic == ARM_COMMON_MAGIC) /* armv4_5 target */
1916 target_code_src = armv4_5_word_8_code;
1917 target_code_size = sizeof(armv4_5_word_8_code);
1921 /* Check for DQ5 support */
1922 if( cfi_info->status_poll_mask & (1 << 5) )
1924 if(armv4_5_info.common_magic == ARM_COMMON_MAGIC) /* armv4_5 target */
1926 target_code_src = armv4_5_word_16_code;
1927 target_code_size = sizeof(armv4_5_word_16_code);
1929 else if (armv4_5_info.common_magic == ARMV7M_COMMON_MAGIC) /* cortex-m3 target */
1931 target_code_src = armv7m_word_16_code;
1932 target_code_size = sizeof(armv7m_word_16_code);
1937 /* No DQ5 support. Use DQ7 DATA# polling only. */
1938 if(armv4_5_info.common_magic == ARM_COMMON_MAGIC) // armv4_5 target
1940 target_code_src = armv4_5_word_16_code_dq7only;
1941 target_code_size = sizeof(armv4_5_word_16_code_dq7only);
1946 if(armv4_5_info.common_magic == ARM_COMMON_MAGIC) // armv4_5 target
1948 target_code_src = armv4_5_word_32_code;
1949 target_code_size = sizeof(armv4_5_word_32_code);
1953 LOG_ERROR("Unsupported bank buswidth %d, can't do block memory writes", bank->bus_width);
1954 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1957 /* flash write code */
1958 if (!cfi_info->write_algorithm)
1960 uint8_t *target_code;
1962 /* convert bus-width dependent algorithm code to correct endiannes */
1963 target_code = malloc(target_code_size);
1964 if (target_code == NULL)
1966 LOG_ERROR("Out of memory");
1969 cfi_fix_code_endian(target, target_code, target_code_src, target_code_size / 4);
1971 /* allocate working area */
1972 retval = target_alloc_working_area(target, target_code_size,
1973 &cfi_info->write_algorithm);
1974 if (retval != ERROR_OK)
1980 /* write algorithm code to working area */
1981 if ((retval = target_write_buffer(target, cfi_info->write_algorithm->address,
1982 target_code_size, target_code)) != ERROR_OK)
1990 /* the following code still assumes target code is fixed 24*4 bytes */
1992 while (target_alloc_working_area_try(target, buffer_size, &source) != ERROR_OK)
1995 if (buffer_size <= 256)
1997 /* if we already allocated the writing code, but failed to get a
1998 * buffer, free the algorithm */
1999 if (cfi_info->write_algorithm)
2000 target_free_working_area(target, cfi_info->write_algorithm);
2002 LOG_WARNING("not enough working area available, can't do block memory writes");
2003 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2007 init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
2008 init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
2009 init_reg_param(®_params[2], "r2", 32, PARAM_OUT);
2010 init_reg_param(®_params[3], "r3", 32, PARAM_OUT);
2011 init_reg_param(®_params[4], "r4", 32, PARAM_OUT);
2012 init_reg_param(®_params[5], "r5", 32, PARAM_IN);
2013 init_reg_param(®_params[6], "r8", 32, PARAM_OUT);
2014 init_reg_param(®_params[7], "r9", 32, PARAM_OUT);
2015 init_reg_param(®_params[8], "r10", 32, PARAM_OUT);
2016 init_reg_param(®_params[9], "r11", 32, PARAM_OUT);
2020 uint32_t thisrun_count = (count > buffer_size) ? buffer_size : count;
2022 retval = target_write_buffer(target, source->address, thisrun_count, buffer);
2023 if (retval != ERROR_OK)
2028 buf_set_u32(reg_params[0].value, 0, 32, source->address);
2029 buf_set_u32(reg_params[1].value, 0, 32, address);
2030 buf_set_u32(reg_params[2].value, 0, 32, thisrun_count / bank->bus_width);
2031 buf_set_u32(reg_params[3].value, 0, 32, cfi_command_val(bank, 0xA0));
2032 buf_set_u32(reg_params[4].value, 0, 32, cfi_command_val(bank, 0x80));
2033 buf_set_u32(reg_params[6].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock1));
2034 buf_set_u32(reg_params[7].value, 0, 32, 0xaaaaaaaa);
2035 buf_set_u32(reg_params[8].value, 0, 32, flash_address(bank, 0, pri_ext->_unlock2));
2036 buf_set_u32(reg_params[9].value, 0, 32, 0x55555555);
2038 retval = target_run_algorithm(target, 0, NULL, 10, reg_params,
2039 cfi_info->write_algorithm->address,
2040 cfi_info->write_algorithm->address + ((target_code_size) - 4),
2041 10000, &armv4_5_info);
2042 if (retval != ERROR_OK)
2047 status = buf_get_u32(reg_params[5].value, 0, 32);
2050 LOG_ERROR("flash write block failed status: 0x%" PRIx32 , status);
2051 retval = ERROR_FLASH_OPERATION_FAILED;
2055 buffer += thisrun_count;
2056 address += thisrun_count;
2057 count -= thisrun_count;
2060 target_free_all_working_areas(target);
2062 destroy_reg_param(®_params[0]);
2063 destroy_reg_param(®_params[1]);
2064 destroy_reg_param(®_params[2]);
2065 destroy_reg_param(®_params[3]);
2066 destroy_reg_param(®_params[4]);
2067 destroy_reg_param(®_params[5]);
2068 destroy_reg_param(®_params[6]);
2069 destroy_reg_param(®_params[7]);
2070 destroy_reg_param(®_params[8]);
2071 destroy_reg_param(®_params[9]);
2076 static int cfi_intel_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
2079 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2080 struct target *target = bank->target;
2082 cfi_intel_clear_status_register(bank);
2083 if ((retval = cfi_send_command(bank, 0x40, address)) != ERROR_OK)
2088 if ((retval = target_write_memory(target, address, bank->bus_width, 1, word)) != ERROR_OK)
2094 retval = cfi_intel_wait_status_busy(bank, cfi_info->word_write_timeout, &status);
2097 if ((retval = cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0))) != ERROR_OK)
2102 LOG_ERROR("couldn't write word at base 0x%" PRIx32 ", address 0x%" PRIx32,
2103 bank->base, address);
2104 return ERROR_FLASH_OPERATION_FAILED;
2110 static int cfi_intel_write_words(struct flash_bank *bank, uint8_t *word,
2111 uint32_t wordcount, uint32_t address)
2114 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2115 struct target *target = bank->target;
2117 /* Calculate buffer size and boundary mask */
2118 /* buffersize is (buffer size per chip) * (number of chips) */
2119 /* bufferwsize is buffersize in words */
2120 uint32_t buffersize = (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
2121 uint32_t buffermask = buffersize-1;
2122 uint32_t bufferwsize = buffersize / bank->bus_width;
2124 /* Check for valid range */
2125 if (address & buffermask)
2127 LOG_ERROR("Write address at base 0x%" PRIx32 ", address 0x%" PRIx32
2128 " not aligned to 2^%d boundary",
2129 bank->base, address, cfi_info->max_buf_write_size);
2130 return ERROR_FLASH_OPERATION_FAILED;
2133 /* Check for valid size */
2134 if (wordcount > bufferwsize)
2136 LOG_ERROR("Number of data words %" PRId32 " exceeds available buffersize %" PRId32,
2137 wordcount, buffersize);
2138 return ERROR_FLASH_OPERATION_FAILED;
2141 /* Write to flash buffer */
2142 cfi_intel_clear_status_register(bank);
2144 /* Initiate buffer operation _*/
2145 if ((retval = cfi_send_command(bank, 0xe8, address)) != ERROR_OK)
2150 retval = cfi_intel_wait_status_busy(bank, cfi_info->buf_write_timeout, &status);
2151 if (retval != ERROR_OK)
2155 if ((retval = cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0))) != ERROR_OK)
2160 LOG_ERROR("couldn't start buffer write operation at base 0x%" PRIx32 ", address 0x%" PRIx32,
2161 bank->base, address);
2162 return ERROR_FLASH_OPERATION_FAILED;
2165 /* Write buffer wordcount-1 and data words */
2166 if ((retval = cfi_send_command(bank, bufferwsize-1, address)) != ERROR_OK)
2171 if ((retval = target_write_memory(target,
2172 address, bank->bus_width, bufferwsize, word)) != ERROR_OK)
2177 /* Commit write operation */
2178 if ((retval = cfi_send_command(bank, 0xd0, address)) != ERROR_OK)
2183 retval = cfi_intel_wait_status_busy(bank, cfi_info->buf_write_timeout, &status);
2184 if (retval != ERROR_OK)
2189 if ((retval = cfi_send_command(bank, 0xff,
2190 flash_address(bank, 0, 0x0))) != ERROR_OK)
2195 LOG_ERROR("Buffer write at base 0x%" PRIx32
2196 ", address 0x%" PRIx32 " failed.", bank->base, address);
2197 return ERROR_FLASH_OPERATION_FAILED;
2203 static int cfi_spansion_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
2206 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2207 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2208 struct target *target = bank->target;
2210 if ((retval = cfi_send_command(bank, 0xaa,
2211 flash_address(bank, 0, pri_ext->_unlock1))) != ERROR_OK)
2216 if ((retval = cfi_send_command(bank, 0x55,
2217 flash_address(bank, 0, pri_ext->_unlock2))) != ERROR_OK)
2222 if ((retval = cfi_send_command(bank, 0xa0,
2223 flash_address(bank, 0, pri_ext->_unlock1))) != ERROR_OK)
2228 if ((retval = target_write_memory(target,
2229 address, bank->bus_width, 1, word)) != ERROR_OK)
2234 if (cfi_spansion_wait_status_busy(bank, cfi_info->word_write_timeout) != ERROR_OK)
2236 if ((retval = cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0))) != ERROR_OK)
2241 LOG_ERROR("couldn't write word at base 0x%" PRIx32
2242 ", address 0x%" PRIx32 , bank->base, address);
2243 return ERROR_FLASH_OPERATION_FAILED;
2249 static int cfi_spansion_write_words(struct flash_bank *bank, uint8_t *word,
2250 uint32_t wordcount, uint32_t address)
2253 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2254 struct target *target = bank->target;
2255 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2257 /* Calculate buffer size and boundary mask */
2258 /* buffersize is (buffer size per chip) * (number of chips) */
2259 /* bufferwsize is buffersize in words */
2260 uint32_t buffersize = (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
2261 uint32_t buffermask = buffersize-1;
2262 uint32_t bufferwsize = buffersize / bank->bus_width;
2264 /* Check for valid range */
2265 if (address & buffermask)
2267 LOG_ERROR("Write address at base 0x%" PRIx32
2268 ", address 0x%" PRIx32 " not aligned to 2^%d boundary",
2269 bank->base, address, cfi_info->max_buf_write_size);
2270 return ERROR_FLASH_OPERATION_FAILED;
2273 /* Check for valid size */
2274 if (wordcount > bufferwsize)
2276 LOG_ERROR("Number of data words %" PRId32 " exceeds available buffersize %"
2277 PRId32, wordcount, buffersize);
2278 return ERROR_FLASH_OPERATION_FAILED;
2282 if ((retval = cfi_send_command(bank, 0xaa,
2283 flash_address(bank, 0, pri_ext->_unlock1))) != ERROR_OK)
2288 if ((retval = cfi_send_command(bank, 0x55,
2289 flash_address(bank, 0, pri_ext->_unlock2))) != ERROR_OK)
2294 /* Buffer load command */
2295 if ((retval = cfi_send_command(bank, 0x25, address)) != ERROR_OK)
2300 /* Write buffer wordcount-1 and data words */
2301 if ((retval = cfi_send_command(bank, bufferwsize-1, address)) != ERROR_OK)
2306 if ((retval = target_write_memory(target,
2307 address, bank->bus_width, bufferwsize, word)) != ERROR_OK)
2312 /* Commit write operation */
2313 if ((retval = cfi_send_command(bank, 0x29, address)) != ERROR_OK)
2318 if (cfi_spansion_wait_status_busy(bank, cfi_info->buf_write_timeout) != ERROR_OK)
2320 if ((retval = cfi_send_command(bank, 0xf0,
2321 flash_address(bank, 0, 0x0))) != ERROR_OK)
2326 LOG_ERROR("couldn't write block at base 0x%" PRIx32
2327 ", address 0x%" PRIx32 ", size 0x%" PRIx32, bank->base, address, bufferwsize);
2328 return ERROR_FLASH_OPERATION_FAILED;
2334 static int cfi_write_word(struct flash_bank *bank, uint8_t *word, uint32_t address)
2336 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2338 switch (cfi_info->pri_id)
2342 return cfi_intel_write_word(bank, word, address);
2345 return cfi_spansion_write_word(bank, word, address);
2348 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2352 return ERROR_FLASH_OPERATION_FAILED;
2355 static int cfi_write_words(struct flash_bank *bank, uint8_t *word,
2356 uint32_t wordcount, uint32_t address)
2358 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2360 if (cfi_info->buf_write_timeout_typ == 0)
2362 /* buffer writes are not supported */
2363 LOG_DEBUG("Buffer Writes Not Supported");
2364 return ERROR_FLASH_OPER_UNSUPPORTED;
2367 switch (cfi_info->pri_id)
2371 return cfi_intel_write_words(bank, word, wordcount, address);
2374 return cfi_spansion_write_words(bank, word, wordcount, address);
2377 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2381 return ERROR_FLASH_OPERATION_FAILED;
2384 static int cfi_read(struct flash_bank *bank, uint8_t *buffer, uint32_t offset, uint32_t count)
2386 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2387 struct target *target = bank->target;
2388 uint32_t address = bank->base + offset;
2390 int align; /* number of unaligned bytes */
2391 uint8_t current_word[CFI_MAX_BUS_WIDTH];
2395 LOG_DEBUG("reading buffer of %i byte at 0x%8.8x",
2396 (int)count, (unsigned)offset);
2398 if (bank->target->state != TARGET_HALTED)
2400 LOG_ERROR("Target not halted");
2401 return ERROR_TARGET_NOT_HALTED;
2404 if (offset + count > bank->size)
2405 return ERROR_FLASH_DST_OUT_OF_BANK;
2407 if (cfi_info->qry[0] != 'Q')
2408 return ERROR_FLASH_BANK_NOT_PROBED;
2410 /* start at the first byte of the first word (bus_width size) */
2411 read_p = address & ~(bank->bus_width - 1);
2412 if ((align = address - read_p) != 0)
2414 LOG_INFO("Fixup %d unaligned read head bytes", align);
2416 /* read a complete word from flash */
2417 if ((retval = target_read_memory(target, read_p,
2418 bank->bus_width, 1, current_word)) != ERROR_OK)
2421 /* take only bytes we need */
2422 for (i = align; (i < bank->bus_width) && (count > 0); i++, count--)
2423 *buffer++ = current_word[i];
2425 read_p += bank->bus_width;
2428 align = count / bank->bus_width;
2431 if ((retval = target_read_memory(target, read_p,
2432 bank->bus_width, align, buffer)) != ERROR_OK)
2435 read_p += align * bank->bus_width;
2436 buffer += align * bank->bus_width;
2437 count -= align * bank->bus_width;
2442 LOG_INFO("Fixup %d unaligned read tail bytes", count);
2444 /* read a complete word from flash */
2445 if ((retval = target_read_memory(target, read_p,
2446 bank->bus_width, 1, current_word)) != ERROR_OK)
2449 /* take only bytes we need */
2450 for (i = 0; (i < bank->bus_width) && (count > 0); i++, count--)
2451 *buffer++ = current_word[i];
2457 static int cfi_write(struct flash_bank *bank, uint8_t *buffer, uint32_t offset, uint32_t count)
2459 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2460 struct target *target = bank->target;
2461 uint32_t address = bank->base + offset; /* address of first byte to be programmed */
2463 int align; /* number of unaligned bytes */
2464 int blk_count; /* number of bus_width bytes for block copy */
2465 uint8_t current_word[CFI_MAX_BUS_WIDTH * 4]; /* word (bus_width size) currently being programmed */
2469 if (bank->target->state != TARGET_HALTED)
2471 LOG_ERROR("Target not halted");
2472 return ERROR_TARGET_NOT_HALTED;
2475 if (offset + count > bank->size)
2476 return ERROR_FLASH_DST_OUT_OF_BANK;
2478 if (cfi_info->qry[0] != 'Q')
2479 return ERROR_FLASH_BANK_NOT_PROBED;
2481 /* start at the first byte of the first word (bus_width size) */
2482 write_p = address & ~(bank->bus_width - 1);
2483 if ((align = address - write_p) != 0)
2485 LOG_INFO("Fixup %d unaligned head bytes", align);
2487 /* read a complete word from flash */
2488 if ((retval = target_read_memory(target, write_p,
2489 bank->bus_width, 1, current_word)) != ERROR_OK)
2492 /* replace only bytes that must be written */
2493 for (i = align; (i < bank->bus_width) && (count > 0); i++, count--)
2494 current_word[i] = *buffer++;
2496 retval = cfi_write_word(bank, current_word, write_p);
2497 if (retval != ERROR_OK)
2499 write_p += bank->bus_width;
2502 /* handle blocks of bus_size aligned bytes */
2503 blk_count = count & ~(bank->bus_width - 1); /* round down, leave tail bytes */
2504 switch (cfi_info->pri_id)
2506 /* try block writes (fails without working area) */
2509 retval = cfi_intel_write_block(bank, buffer, write_p, blk_count);
2512 retval = cfi_spansion_write_block(bank, buffer, write_p, blk_count);
2515 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2516 retval = ERROR_FLASH_OPERATION_FAILED;
2519 if (retval == ERROR_OK)
2521 /* Increment pointers and decrease count on succesful block write */
2522 buffer += blk_count;
2523 write_p += blk_count;
2528 if (retval == ERROR_TARGET_RESOURCE_NOT_AVAILABLE)
2530 /* Calculate buffer size and boundary mask */
2531 /* buffersize is (buffer size per chip) * (number of chips) */
2532 /* bufferwsize is buffersize in words */
2533 uint32_t buffersize = (1UL << cfi_info->max_buf_write_size) * (bank->bus_width / bank->chip_width);
2534 uint32_t buffermask = buffersize-1;
2535 uint32_t bufferwsize = buffersize / bank->bus_width;
2537 /* fall back to memory writes */
2538 while (count >= (uint32_t)bank->bus_width)
2541 if ((write_p & 0xff) == 0)
2543 LOG_INFO("Programming at 0x%08" PRIx32 ", count 0x%08"
2544 PRIx32 " bytes remaining", write_p, count);
2547 if ((bufferwsize > 0) && (count >= buffersize) && !(write_p & buffermask))
2549 retval = cfi_write_words(bank, buffer, bufferwsize, write_p);
2550 if (retval == ERROR_OK)
2552 buffer += buffersize;
2553 write_p += buffersize;
2554 count -= buffersize;
2557 else if (retval != ERROR_FLASH_OPER_UNSUPPORTED)
2560 /* try the slow way? */
2563 for (i = 0; i < bank->bus_width; i++)
2564 current_word[i] = *buffer++;
2566 retval = cfi_write_word(bank, current_word, write_p);
2567 if (retval != ERROR_OK)
2570 write_p += bank->bus_width;
2571 count -= bank->bus_width;
2579 /* return to read array mode, so we can read from flash again for padding */
2580 if ((retval = cfi_reset(bank)) != ERROR_OK)
2585 /* handle unaligned tail bytes */
2588 LOG_INFO("Fixup %" PRId32 " unaligned tail bytes", count);
2590 /* read a complete word from flash */
2591 if ((retval = target_read_memory(target, write_p,
2592 bank->bus_width, 1, current_word)) != ERROR_OK)
2595 /* replace only bytes that must be written */
2596 for (i = 0; (i < bank->bus_width) && (count > 0); i++, count--)
2597 current_word[i] = *buffer++;
2599 retval = cfi_write_word(bank, current_word, write_p);
2600 if (retval != ERROR_OK)
2604 /* return to read array mode */
2605 return cfi_reset(bank);
2608 static void cfi_fixup_reversed_erase_regions(struct flash_bank *bank, void *param)
2611 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2612 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2614 pri_ext->_reversed_geometry = 1;
2617 static void cfi_fixup_0002_erase_regions(struct flash_bank *bank, void *param)
2620 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2621 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2624 if ((pri_ext->_reversed_geometry) || (pri_ext->TopBottom == 3))
2626 LOG_DEBUG("swapping reversed erase region information on cmdset 0002 device");
2628 for (i = 0; i < cfi_info->num_erase_regions / 2; i++)
2630 int j = (cfi_info->num_erase_regions - 1) - i;
2633 swap = cfi_info->erase_region_info[i];
2634 cfi_info->erase_region_info[i] = cfi_info->erase_region_info[j];
2635 cfi_info->erase_region_info[j] = swap;
2640 static void cfi_fixup_0002_unlock_addresses(struct flash_bank *bank, void *param)
2642 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2643 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
2644 struct cfi_unlock_addresses *unlock_addresses = param;
2646 pri_ext->_unlock1 = unlock_addresses->unlock1;
2647 pri_ext->_unlock2 = unlock_addresses->unlock2;
2651 static int cfi_query_string(struct flash_bank *bank, int address)
2653 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2656 if ((retval = cfi_send_command(bank, 0x98, flash_address(bank, 0, address))) != ERROR_OK)
2661 retval = cfi_query_u8(bank, 0, 0x10, &cfi_info->qry[0]);
2662 if (retval != ERROR_OK)
2664 retval = cfi_query_u8(bank, 0, 0x11, &cfi_info->qry[1]);
2665 if (retval != ERROR_OK)
2667 retval = cfi_query_u8(bank, 0, 0x12, &cfi_info->qry[2]);
2668 if (retval != ERROR_OK)
2671 LOG_DEBUG("CFI qry returned: 0x%2.2x 0x%2.2x 0x%2.2x",
2672 cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2]);
2674 if ((cfi_info->qry[0] != 'Q') || (cfi_info->qry[1] != 'R') || (cfi_info->qry[2] != 'Y'))
2676 if ((retval = cfi_reset(bank)) != ERROR_OK)
2680 LOG_ERROR("Could not probe bank: no QRY");
2681 return ERROR_FLASH_BANK_INVALID;
2687 static int cfi_probe(struct flash_bank *bank)
2689 struct cfi_flash_bank *cfi_info = bank->driver_priv;
2690 struct target *target = bank->target;
2691 int num_sectors = 0;
2694 uint32_t unlock1 = 0x555;
2695 uint32_t unlock2 = 0x2aa;
2697 uint8_t value_buf0[CFI_MAX_BUS_WIDTH], value_buf1[CFI_MAX_BUS_WIDTH];
2699 if (bank->target->state != TARGET_HALTED)
2701 LOG_ERROR("Target not halted");
2702 return ERROR_TARGET_NOT_HALTED;
2705 cfi_info->probed = 0;
2708 free(bank->sectors);
2709 bank->sectors = NULL;
2711 if(cfi_info->erase_region_info)
2713 free(cfi_info->erase_region_info);
2714 cfi_info->erase_region_info = NULL;
2717 /* JEDEC standard JESD21C uses 0x5555 and 0x2aaa as unlock addresses,
2718 * while CFI compatible AMD/Spansion flashes use 0x555 and 0x2aa
2720 if (cfi_info->jedec_probe)
2726 /* switch to read identifier codes mode ("AUTOSELECT") */
2727 if ((retval = cfi_send_command(bank, 0xaa, flash_address(bank, 0, unlock1))) != ERROR_OK)
2731 if ((retval = cfi_send_command(bank, 0x55, flash_address(bank, 0, unlock2))) != ERROR_OK)
2735 if ((retval = cfi_send_command(bank, 0x90, flash_address(bank, 0, unlock1))) != ERROR_OK)
2740 if ((retval = target_read_memory(target, flash_address(bank, 0, 0x00),
2741 bank->bus_width, 1, value_buf0)) != ERROR_OK)
2745 if ((retval = target_read_memory(target, flash_address(bank, 0, 0x01),
2746 bank->bus_width, 1, value_buf1)) != ERROR_OK)
2750 switch (bank->chip_width) {
2752 cfi_info->manufacturer = *value_buf0;
2753 cfi_info->device_id = *value_buf1;
2756 cfi_info->manufacturer = target_buffer_get_u16(target, value_buf0);
2757 cfi_info->device_id = target_buffer_get_u16(target, value_buf1);
2760 cfi_info->manufacturer = target_buffer_get_u32(target, value_buf0);
2761 cfi_info->device_id = target_buffer_get_u32(target, value_buf1);
2764 LOG_ERROR("Unsupported bank chipwidth %d, can't probe memory", bank->chip_width);
2765 return ERROR_FLASH_OPERATION_FAILED;
2768 LOG_INFO("Flash Manufacturer/Device: 0x%04x 0x%04x",
2769 cfi_info->manufacturer, cfi_info->device_id);
2770 /* switch back to read array mode */
2771 if ((retval = cfi_reset(bank)) != ERROR_OK)
2776 /* check device/manufacturer ID for known non-CFI flashes. */
2777 cfi_fixup_non_cfi(bank);
2779 /* query only if this is a CFI compatible flash,
2780 * otherwise the relevant info has already been filled in
2782 if (cfi_info->not_cfi == 0)
2784 /* enter CFI query mode
2785 * according to JEDEC Standard No. 68.01,
2786 * a single bus sequence with address = 0x55, data = 0x98 should put
2787 * the device into CFI query mode.
2789 * SST flashes clearly violate this, and we will consider them incompatbile for now
2792 retval = cfi_query_string(bank, 0x55);
2793 if (retval != ERROR_OK)
2796 * Spansion S29WS-N CFI query fix is to try 0x555 if 0x55 fails. Should
2797 * be harmless enough:
2799 * http://www.infradead.org/pipermail/linux-mtd/2005-September/013618.html
2801 LOG_USER("Try workaround w/0x555 instead of 0x55 to get QRY.");
2802 retval = cfi_query_string(bank, 0x555);
2804 if (retval != ERROR_OK)
2807 retval = cfi_query_u16(bank, 0, 0x13, &cfi_info->pri_id);
2808 if (retval != ERROR_OK)
2810 retval = cfi_query_u16(bank, 0, 0x15, &cfi_info->pri_addr);
2811 if (retval != ERROR_OK)
2813 retval = cfi_query_u16(bank, 0, 0x17, &cfi_info->alt_id);
2814 if (retval != ERROR_OK)
2816 retval = cfi_query_u16(bank, 0, 0x19, &cfi_info->alt_addr);
2817 if (retval != ERROR_OK)
2820 LOG_DEBUG("qry: '%c%c%c', pri_id: 0x%4.4x, pri_addr: 0x%4.4x, alt_id: "
2821 "0x%4.4x, alt_addr: 0x%4.4x", cfi_info->qry[0], cfi_info->qry[1],
2822 cfi_info->qry[2], cfi_info->pri_id, cfi_info->pri_addr,
2823 cfi_info->alt_id, cfi_info->alt_addr);
2825 retval = cfi_query_u8(bank, 0, 0x1b, &cfi_info->vcc_min);
2826 if (retval != ERROR_OK)
2828 retval = cfi_query_u8(bank, 0, 0x1c, &cfi_info->vcc_max);
2829 if (retval != ERROR_OK)
2831 retval = cfi_query_u8(bank, 0, 0x1d, &cfi_info->vpp_min);
2832 if (retval != ERROR_OK)
2834 retval = cfi_query_u8(bank, 0, 0x1e, &cfi_info->vpp_max);
2835 if (retval != ERROR_OK)
2838 retval = cfi_query_u8(bank, 0, 0x1f, &cfi_info->word_write_timeout_typ);
2839 if (retval != ERROR_OK)
2841 retval = cfi_query_u8(bank, 0, 0x20, &cfi_info->buf_write_timeout_typ);
2842 if (retval != ERROR_OK)
2844 retval = cfi_query_u8(bank, 0, 0x21, &cfi_info->block_erase_timeout_typ);
2845 if (retval != ERROR_OK)
2847 retval = cfi_query_u8(bank, 0, 0x22, &cfi_info->chip_erase_timeout_typ);
2848 if (retval != ERROR_OK)
2850 retval = cfi_query_u8(bank, 0, 0x23, &cfi_info->word_write_timeout_max);
2851 if (retval != ERROR_OK)
2853 retval = cfi_query_u8(bank, 0, 0x24, &cfi_info->buf_write_timeout_max);
2854 if (retval != ERROR_OK)
2856 retval = cfi_query_u8(bank, 0, 0x25, &cfi_info->block_erase_timeout_max);
2857 if (retval != ERROR_OK)
2859 retval = cfi_query_u8(bank, 0, 0x26, &cfi_info->chip_erase_timeout_max);
2860 if (retval != ERROR_OK)
2864 retval = cfi_query_u8(bank, 0, 0x27, &data);
2865 if (retval != ERROR_OK)
2867 cfi_info->dev_size = 1 << data;
2869 retval = cfi_query_u16(bank, 0, 0x28, &cfi_info->interface_desc);
2870 if (retval != ERROR_OK)
2872 retval = cfi_query_u16(bank, 0, 0x2a, &cfi_info->max_buf_write_size);
2873 if (retval != ERROR_OK)
2875 retval = cfi_query_u8(bank, 0, 0x2c, &cfi_info->num_erase_regions);
2876 if (retval != ERROR_OK)
2879 LOG_DEBUG("size: 0x%" PRIx32 ", interface desc: %i, max buffer write size: 0x%x",
2880 cfi_info->dev_size, cfi_info->interface_desc, (1 << cfi_info->max_buf_write_size));
2882 if (cfi_info->num_erase_regions)
2884 cfi_info->erase_region_info = malloc(sizeof(*cfi_info->erase_region_info)
2885 * cfi_info->num_erase_regions);
2886 for (i = 0; i < cfi_info->num_erase_regions; i++)
2888 retval = cfi_query_u32(bank, 0, 0x2d + (4 * i), &cfi_info->erase_region_info[i]);
2889 if (retval != ERROR_OK)
2891 LOG_DEBUG("erase region[%i]: %" PRIu32 " blocks of size 0x%" PRIx32 "", i,
2892 (cfi_info->erase_region_info[i] & 0xffff) + 1,
2893 (cfi_info->erase_region_info[i] >> 16) * 256);
2898 cfi_info->erase_region_info = NULL;
2901 /* We need to read the primary algorithm extended query table before calculating
2902 * the sector layout to be able to apply fixups
2904 switch (cfi_info->pri_id)
2906 /* Intel command set (standard and extended) */
2909 cfi_read_intel_pri_ext(bank);
2911 /* AMD/Spansion, Atmel, ... command set */
2913 cfi_info->status_poll_mask = CFI_STATUS_POLL_MASK_DQ5_DQ6_DQ7; /* default for all CFI flashs */
2914 cfi_read_0002_pri_ext(bank);
2917 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2921 /* return to read array mode
2922 * we use both reset commands, as some Intel flashes fail to recognize the 0xF0 command
2924 if ((retval = cfi_reset(bank)) != ERROR_OK)
2928 } /* end CFI case */
2930 LOG_DEBUG("Vcc min: %x.%x, Vcc max: %x.%x, Vpp min: %u.%x, Vpp max: %u.%x",
2931 (cfi_info->vcc_min & 0xf0) >> 4, cfi_info->vcc_min & 0x0f,
2932 (cfi_info->vcc_max & 0xf0) >> 4, cfi_info->vcc_max & 0x0f,
2933 (cfi_info->vpp_min & 0xf0) >> 4, cfi_info->vpp_min & 0x0f,
2934 (cfi_info->vpp_max & 0xf0) >> 4, cfi_info->vpp_max & 0x0f);
2936 LOG_DEBUG("typ. word write timeout: %u us, typ. buf write timeout: %u us, "
2937 "typ. block erase timeout: %u ms, typ. chip erase timeout: %u ms",
2938 1 << cfi_info->word_write_timeout_typ, 1 << cfi_info->buf_write_timeout_typ,
2939 1 << cfi_info->block_erase_timeout_typ, 1 << cfi_info->chip_erase_timeout_typ);
2941 LOG_DEBUG("max. word write timeout: %u us, max. buf write timeout: %u us, "
2942 "max. block erase timeout: %u ms, max. chip erase timeout: %u ms",
2943 (1 << cfi_info->word_write_timeout_max) * (1 << cfi_info->word_write_timeout_typ),
2944 (1 << cfi_info->buf_write_timeout_max) * (1 << cfi_info->buf_write_timeout_typ),
2945 (1 << cfi_info->block_erase_timeout_max) * (1 << cfi_info->block_erase_timeout_typ),
2946 (1 << cfi_info->chip_erase_timeout_max) * (1 << cfi_info->chip_erase_timeout_typ));
2948 /* convert timeouts to real values in ms */
2949 cfi_info->word_write_timeout = DIV_ROUND_UP((1L << cfi_info->word_write_timeout_typ) *
2950 (1L << cfi_info->word_write_timeout_max), 1000);
2951 cfi_info->buf_write_timeout = DIV_ROUND_UP((1L << cfi_info->buf_write_timeout_typ) *
2952 (1L << cfi_info->buf_write_timeout_max), 1000);
2953 cfi_info->block_erase_timeout = (1L << cfi_info->block_erase_timeout_typ) *
2954 (1L << cfi_info->block_erase_timeout_max);
2955 cfi_info->chip_erase_timeout = (1L << cfi_info->chip_erase_timeout_typ) *
2956 (1L << cfi_info->chip_erase_timeout_max);
2958 LOG_DEBUG("calculated word write timeout: %u ms, buf write timeout: %u ms, "
2959 "block erase timeout: %u ms, chip erase timeout: %u ms",
2960 cfi_info->word_write_timeout, cfi_info->buf_write_timeout,
2961 cfi_info->block_erase_timeout, cfi_info->chip_erase_timeout);
2963 /* apply fixups depending on the primary command set */
2964 switch (cfi_info->pri_id)
2966 /* Intel command set (standard and extended) */
2969 cfi_fixup(bank, cfi_0001_fixups);
2971 /* AMD/Spansion, Atmel, ... command set */
2973 cfi_fixup(bank, cfi_0002_fixups);
2976 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
2980 if ((cfi_info->dev_size * bank->bus_width / bank->chip_width) != bank->size)
2982 LOG_WARNING("configuration specifies 0x%" PRIx32 " size, but a 0x%" PRIx32
2983 " size flash was found", bank->size, cfi_info->dev_size);
2986 if (cfi_info->num_erase_regions == 0)
2988 /* a device might have only one erase block, spanning the whole device */
2989 bank->num_sectors = 1;
2990 bank->sectors = malloc(sizeof(struct flash_sector));
2992 bank->sectors[sector].offset = 0x0;
2993 bank->sectors[sector].size = bank->size;
2994 bank->sectors[sector].is_erased = -1;
2995 bank->sectors[sector].is_protected = -1;
2999 uint32_t offset = 0;
3001 for (i = 0; i < cfi_info->num_erase_regions; i++)
3003 num_sectors += (cfi_info->erase_region_info[i] & 0xffff) + 1;
3006 bank->num_sectors = num_sectors;
3007 bank->sectors = malloc(sizeof(struct flash_sector) * num_sectors);
3009 for (i = 0; i < cfi_info->num_erase_regions; i++)
3012 for (j = 0; j < (cfi_info->erase_region_info[i] & 0xffff) + 1; j++)
3014 bank->sectors[sector].offset = offset;
3015 bank->sectors[sector].size = ((cfi_info->erase_region_info[i] >> 16) * 256)
3016 * bank->bus_width / bank->chip_width;
3017 offset += bank->sectors[sector].size;
3018 bank->sectors[sector].is_erased = -1;
3019 bank->sectors[sector].is_protected = -1;
3023 if (offset != (cfi_info->dev_size * bank->bus_width / bank->chip_width))
3025 LOG_WARNING("CFI size is 0x%" PRIx32 ", but total sector size is 0x%" PRIx32 "", \
3026 (cfi_info->dev_size * bank->bus_width / bank->chip_width), offset);
3030 cfi_info->probed = 1;
3035 static int cfi_auto_probe(struct flash_bank *bank)
3037 struct cfi_flash_bank *cfi_info = bank->driver_priv;
3038 if (cfi_info->probed)
3040 return cfi_probe(bank);
3043 static int cfi_intel_protect_check(struct flash_bank *bank)
3046 struct cfi_flash_bank *cfi_info = bank->driver_priv;
3047 struct cfi_intel_pri_ext *pri_ext = cfi_info->pri_ext;
3050 /* check if block lock bits are supported on this device */
3051 if (!(pri_ext->blk_status_reg_mask & 0x1))
3052 return ERROR_FLASH_OPERATION_FAILED;
3054 if ((retval = cfi_send_command(bank, 0x90, flash_address(bank, 0, 0x55))) != ERROR_OK)
3059 for (i = 0; i < bank->num_sectors; i++)
3061 uint8_t block_status;
3062 retval = cfi_get_u8(bank, i, 0x2, &block_status);
3063 if (retval != ERROR_OK)
3066 if (block_status & 1)
3067 bank->sectors[i].is_protected = 1;
3069 bank->sectors[i].is_protected = 0;
3072 return cfi_send_command(bank, 0xff, flash_address(bank, 0, 0x0));
3075 static int cfi_spansion_protect_check(struct flash_bank *bank)
3078 struct cfi_flash_bank *cfi_info = bank->driver_priv;
3079 struct cfi_spansion_pri_ext *pri_ext = cfi_info->pri_ext;
3082 if ((retval = cfi_send_command(bank, 0xaa,
3083 flash_address(bank, 0, pri_ext->_unlock1))) != ERROR_OK)
3088 if ((retval = cfi_send_command(bank, 0x55,
3089 flash_address(bank, 0, pri_ext->_unlock2))) != ERROR_OK)
3094 if ((retval = cfi_send_command(bank, 0x90,
3095 flash_address(bank, 0, pri_ext->_unlock1))) != ERROR_OK)
3100 for (i = 0; i < bank->num_sectors; i++)
3102 uint8_t block_status;
3103 retval = cfi_get_u8(bank, i, 0x2, &block_status);
3104 if (retval != ERROR_OK)
3107 if (block_status & 1)
3108 bank->sectors[i].is_protected = 1;
3110 bank->sectors[i].is_protected = 0;
3113 return cfi_send_command(bank, 0xf0, flash_address(bank, 0, 0x0));
3116 static int cfi_protect_check(struct flash_bank *bank)
3118 struct cfi_flash_bank *cfi_info = bank->driver_priv;
3120 if (bank->target->state != TARGET_HALTED)
3122 LOG_ERROR("Target not halted");
3123 return ERROR_TARGET_NOT_HALTED;
3126 if (cfi_info->qry[0] != 'Q')
3127 return ERROR_FLASH_BANK_NOT_PROBED;
3129 switch (cfi_info->pri_id)
3133 return cfi_intel_protect_check(bank);
3136 return cfi_spansion_protect_check(bank);
3139 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
3146 static int get_cfi_info(struct flash_bank *bank, char *buf, int buf_size)
3149 struct cfi_flash_bank *cfi_info = bank->driver_priv;
3151 if (cfi_info->qry[0] == 0xff)
3153 printed = snprintf(buf, buf_size, "\ncfi flash bank not probed yet\n");
3157 if (cfi_info->not_cfi == 0)
3158 printed = snprintf(buf, buf_size, "\nCFI flash: ");
3160 printed = snprintf(buf, buf_size, "\nnon-CFI flash: ");
3162 buf_size -= printed;
3164 printed = snprintf(buf, buf_size, "mfr: 0x%4.4x, id:0x%4.4x\n\n",
3165 cfi_info->manufacturer, cfi_info->device_id);
3167 buf_size -= printed;
3169 printed = snprintf(buf, buf_size, "qry: '%c%c%c', pri_id: 0x%4.4x, pri_addr: "
3170 "0x%4.4x, alt_id: 0x%4.4x, alt_addr: 0x%4.4x\n",
3171 cfi_info->qry[0], cfi_info->qry[1], cfi_info->qry[2],
3172 cfi_info->pri_id, cfi_info->pri_addr, cfi_info->alt_id, cfi_info->alt_addr);
3174 buf_size -= printed;
3176 printed = snprintf(buf, buf_size, "Vcc min: %x.%x, Vcc max: %x.%x, "
3177 "Vpp min: %u.%x, Vpp max: %u.%x\n",
3178 (cfi_info->vcc_min & 0xf0) >> 4, cfi_info->vcc_min & 0x0f,
3179 (cfi_info->vcc_max & 0xf0) >> 4, cfi_info->vcc_max & 0x0f,
3180 (cfi_info->vpp_min & 0xf0) >> 4, cfi_info->vpp_min & 0x0f,
3181 (cfi_info->vpp_max & 0xf0) >> 4, cfi_info->vpp_max & 0x0f);
3183 buf_size -= printed;
3185 printed = snprintf(buf, buf_size, "typ. word write timeout: %u us, "
3186 "typ. buf write timeout: %u us, "
3187 "typ. block erase timeout: %u ms, "
3188 "typ. chip erase timeout: %u ms\n",
3189 1 << cfi_info->word_write_timeout_typ,
3190 1 << cfi_info->buf_write_timeout_typ,
3191 1 << cfi_info->block_erase_timeout_typ,
3192 1 << cfi_info->chip_erase_timeout_typ);
3194 buf_size -= printed;
3196 printed = snprintf(buf, buf_size, "max. word write timeout: %u us, "
3197 "max. buf write timeout: %u us, max. "
3198 "block erase timeout: %u ms, max. chip erase timeout: %u ms\n",
3199 (1 << cfi_info->word_write_timeout_max) * (1 << cfi_info->word_write_timeout_typ),
3200 (1 << cfi_info->buf_write_timeout_max) * (1 << cfi_info->buf_write_timeout_typ),
3201 (1 << cfi_info->block_erase_timeout_max) * (1 << cfi_info->block_erase_timeout_typ),
3202 (1 << cfi_info->chip_erase_timeout_max) * (1 << cfi_info->chip_erase_timeout_typ));
3204 buf_size -= printed;
3206 printed = snprintf(buf, buf_size, "size: 0x%" PRIx32 ", interface desc: %i, "
3207 "max buffer write size: 0x%x\n",
3209 cfi_info->interface_desc,
3210 1 << cfi_info->max_buf_write_size);
3212 buf_size -= printed;
3214 switch (cfi_info->pri_id)
3218 cfi_intel_info(bank, buf, buf_size);
3221 cfi_spansion_info(bank, buf, buf_size);
3224 LOG_ERROR("cfi primary command set %i unsupported", cfi_info->pri_id);
3231 static void cfi_fixup_0002_write_buffer(struct flash_bank *bank, void *param)
3233 struct cfi_flash_bank *cfi_info = bank->driver_priv;
3235 /* disable write buffer for M29W128G */
3236 cfi_info->buf_write_timeout_typ = 0;
3239 struct flash_driver cfi_flash = {
3241 .flash_bank_command = cfi_flash_bank_command,
3243 .protect = cfi_protect,
3247 .auto_probe = cfi_auto_probe,
3248 /* FIXME: access flash at bus_width size */
3249 .erase_check = default_flash_blank_check,
3250 .protect_check = cfi_protect_check,
3251 .info = get_cfi_info,