]> git.sur5r.net Git - openocd/blob - src/flash/nor/kinetis_ke.c
tcl/target: ti_tms570.cfg restructure dap support
[openocd] / src / flash / nor / kinetis_ke.c
1 /***************************************************************************
2  *   Copyright (C) 2015 by Ivan Meleca                                     *
3  *   ivan@artekit.eu                                                       *
4  *                                                                         *
5  *   Modified from kinetis.c                                               *
6  *                                                                         *
7  *   Copyright (C) 2011 by Mathias Kuester                                 *
8  *   kesmtp@freenet.de                                                     *
9  *                                                                         *
10  *   Copyright (C) 2011 sleep(5) ltd                                       *
11  *   tomas@sleepfive.com                                                   *
12  *                                                                         *
13  *   Copyright (C) 2012 by Christopher D. Kilgour                          *
14  *   techie at whiterocker.com                                             *
15  *                                                                         *
16  *   Copyright (C) 2013 Nemui Trinomius                                    *
17  *   nemuisan_kawausogasuki@live.jp                                        *
18  *                                                                         *
19  *   Copyright (C) 2015 Tomas Vanek                                        *
20  *   vanekt@fbl.cz                                                         *
21  *                                                                         *
22  *   This program is free software; you can redistribute it and/or modify  *
23  *   it under the terms of the GNU General Public License as published by  *
24  *   the Free Software Foundation; either version 2 of the License, or     *
25  *   (at your option) any later version.                                   *
26  *                                                                         *
27  *   This program is distributed in the hope that it will be useful,       *
28  *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
29  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
30  *   GNU General Public License for more details.                          *
31  *                                                                         *
32  *   You should have received a copy of the GNU General Public License     *
33  *   along with this program.  If not, see <http://www.gnu.org/licenses/>. *
34  ***************************************************************************/
35
36 #ifdef HAVE_CONFIG_H
37 #include "config.h"
38 #endif
39
40 #include "jtag/interface.h"
41 #include "imp.h"
42 #include <helper/binarybuffer.h>
43 #include <target/algorithm.h>
44 #include <target/armv7m.h>
45 #include <target/cortex_m.h>
46
47 /* Addresses */
48 #define SIM_SRSID                                       0x40048000
49 #define ICS_C1                                          0x40064000
50 #define ICS_C2                                          0x40064001
51 #define ICS_C3                                          0x40064002
52 #define ICS_C4                                          0x40064003
53 #define ICS_S                                           0x40064004
54 #define SIM_BUSDIV                                      0x40048018
55 #define SIM_CLKDIV_KE06                         0x40048024
56 #define SIM_CLKDIV_KE04_44_64_80        0x40048024
57 #define SIM_CLKDIV_KE04_16_20_24        0x4004801C
58 #define WDOG_CS1                                        0x40052000
59
60 #define ICS_C2_BDIV_MASK                        0xE0
61 #define ICS_C2_BDIV_SHIFT                       5
62 #define ICS_C2_BDIV(x)                          (((uint8_t)(((uint8_t)(x))<<ICS_C2_BDIV_SHIFT))&ICS_C2_BDIV_MASK)
63 #define ICS_S_LOCK_MASK                         0x40
64 #define ICS_C4_SCFTRIM_MASK                     0x1
65 #define SIM_CLKDIV_OUTDIV2_MASK         0x1000000
66 #define FTMRX_FCLKDIV_FDIV_MASK         0x3F
67 #define FTMRX_FCLKDIV_FDIV_SHIFT        0
68 #define FTMRX_FCLKDIV_FDIV(x)           (((uint8_t)(((uint8_t)(x))<<FTMRX_FCLKDIV_FDIV_SHIFT))&FTMRX_FCLKDIV_FDIV_MASK)
69 #define FTMRX_FCLKDIV_FDIVLCK_MASK      0x40
70 #define FTMRX_FCLKDIV_FDIVLCK_SHIFT     6
71 #define FTMRX_FCLKDIV_FDIVLD_MASK       0x80
72 #define FTMRX_FCLKDIV_FDIVLD_SHIFT      7
73 #define FTMRX_FSTAT_CCIF_MASK           0x80
74 #define FTMRX_FSTAT_MGSTAT0_MASK        0x01
75 #define FTMRX_FSTAT_MGSTAT1_MASK        0x02
76
77 /* Commands */
78 #define FTMRX_CMD_ALLERASED                     0x01
79 #define FTMRX_CMD_BLOCKERASED           0x02
80 #define FTMRX_CMD_SECTIONERASED         0x03
81 #define FTMRX_CMD_READONCE                      0x04
82 #define FTMRX_CMD_PROGFLASH                     0x06
83 #define FTMRX_CMD_PROGONCE                      0x07
84 #define FTMRX_CMD_ERASEALL                      0x08
85 #define FTMRX_CMD_ERASEBLOCK            0x09
86 #define FTMRX_CMD_ERASESECTOR           0x0A
87 #define FTMRX_CMD_UNSECURE                      0x0B
88 #define FTMRX_CMD_VERIFYACCESS          0x0C
89 #define FTMRX_CMD_SETMARGINLVL          0x0D
90 #define FTMRX_CMD_SETFACTORYLVL         0x0E
91 #define FTMRX_CMD_CONFIGNVM                     0x0F
92
93 /* Error codes */
94 #define FTMRX_ERROR_ACCERR                      0x20
95 #define FTMRX_ERROR_FPVIOL                      0x10
96
97 #define KINETIS_KE_SRSID_FAMID(x)               ((x >> 28) & 0x0F)
98 #define KINETIS_KE_SRSID_SUBFAMID(x)    ((x >> 24) & 0x0F)
99 #define KINETIS_KE_SRSID_PINCOUNT(x)    ((x >> 16) & 0x0F)
100
101 #define KINETIS_KE_SRSID_KEX2   0x02
102 #define KINETIS_KE_SRSID_KEX4   0x04
103 #define KINETIS_KE_SRSID_KEX6   0x06
104
105 struct kinetis_ke_flash_bank {
106         uint32_t sector_size;
107         uint32_t protection_size;
108
109         uint32_t sim_srsid;
110         uint32_t ftmrx_fclkdiv_addr;
111         uint32_t ftmrx_fccobix_addr;
112         uint32_t ftmrx_fstat_addr;
113         uint32_t ftmrx_fprot_addr;
114         uint32_t ftmrx_fccobhi_addr;
115         uint32_t ftmrx_fccoblo_addr;
116 };
117
118 #define MDM_REG_STAT            0x00
119 #define MDM_REG_CTRL            0x04
120 #define MDM_REG_ID                      0xfc
121
122 #define MDM_STAT_FMEACK         (1<<0)
123 #define MDM_STAT_FREADY         (1<<1)
124 #define MDM_STAT_SYSSEC         (1<<2)
125 #define MDM_STAT_SYSRES         (1<<3)
126 #define MDM_STAT_FMEEN          (1<<5)
127 #define MDM_STAT_BACKDOOREN     (1<<6)
128 #define MDM_STAT_LPEN           (1<<7)
129 #define MDM_STAT_VLPEN          (1<<8)
130 #define MDM_STAT_LLSMODEXIT     (1<<9)
131 #define MDM_STAT_VLLSXMODEXIT   (1<<10)
132 #define MDM_STAT_CORE_HALTED    (1<<16)
133 #define MDM_STAT_CORE_SLEEPDEEP (1<<17)
134 #define MDM_STAT_CORESLEEPING   (1<<18)
135
136 #define MEM_CTRL_FMEIP          (1<<0)
137 #define MEM_CTRL_DBG_DIS        (1<<1)
138 #define MEM_CTRL_DBG_REQ        (1<<2)
139 #define MEM_CTRL_SYS_RES_REQ    (1<<3)
140 #define MEM_CTRL_CORE_HOLD_RES  (1<<4)
141 #define MEM_CTRL_VLLSX_DBG_REQ  (1<<5)
142 #define MEM_CTRL_VLLSX_DBG_ACK  (1<<6)
143 #define MEM_CTRL_VLLSX_STAT_ACK (1<<7)
144
145 #define MDM_ACCESS_TIMEOUT      3000 /* iterations */
146
147 static int kinetis_ke_mdm_write_register(struct adiv5_dap *dap, unsigned reg, uint32_t value)
148 {
149         int retval;
150         LOG_DEBUG("MDM_REG[0x%02x] <- %08" PRIX32, reg, value);
151
152         retval = dap_queue_ap_write(dap_ap(dap, 1), reg, value);
153         if (retval != ERROR_OK) {
154                 LOG_DEBUG("MDM: failed to queue a write request");
155                 return retval;
156         }
157
158         retval = dap_run(dap);
159         if (retval != ERROR_OK) {
160                 LOG_DEBUG("MDM: dap_run failed");
161                 return retval;
162         }
163
164         return ERROR_OK;
165 }
166
167 static int kinetis_ke_mdm_read_register(struct adiv5_dap *dap, unsigned reg, uint32_t *result)
168 {
169         int retval;
170         retval = dap_queue_ap_read(dap_ap(dap, 1), reg, result);
171         if (retval != ERROR_OK) {
172                 LOG_DEBUG("MDM: failed to queue a read request");
173                 return retval;
174         }
175
176         retval = dap_run(dap);
177         if (retval != ERROR_OK) {
178                 LOG_DEBUG("MDM: dap_run failed");
179                 return retval;
180         }
181
182         LOG_DEBUG("MDM_REG[0x%02x]: %08" PRIX32, reg, *result);
183         return ERROR_OK;
184 }
185
186 static int kinetis_ke_mdm_poll_register(struct adiv5_dap *dap, unsigned reg, uint32_t mask, uint32_t value)
187 {
188         uint32_t val;
189         int retval;
190         int timeout = MDM_ACCESS_TIMEOUT;
191
192         do {
193                 retval = kinetis_ke_mdm_read_register(dap, reg, &val);
194                 if (retval != ERROR_OK || (val & mask) == value)
195                         return retval;
196
197                 alive_sleep(1);
198         } while (timeout--);
199
200         LOG_DEBUG("MDM: polling timed out");
201         return ERROR_FAIL;
202 }
203
204 static int kinetis_ke_prepare_flash(struct flash_bank *bank)
205 {
206         struct target *target = bank->target;
207         struct kinetis_ke_flash_bank *kinfo = bank->driver_priv;
208         uint8_t c2, c3, c4, s = 0;
209         uint16_t trim_value = 0;
210         uint16_t timeout = 0;
211         uint32_t bus_clock = 0;
212         uint32_t bus_reg_val = 0;
213         uint32_t bus_reg_addr = 0;
214         uint32_t flash_clk_div;
215         uint8_t fclkdiv;
216         int result;
217
218         /*
219          * The RM states that the flash clock has to be set to 1MHz for writing and
220          * erasing operations (otherwise it can damage the flash).
221          * This function configures the entire clock tree to make sure we
222          * run at the specified clock. We'll set FEI mode running from the ~32KHz
223          * internal clock. So we need to:
224          * - Trim internal clock.
225          * - Configure the divider for ICSOUTCLK (ICS module).
226          * - Configure the divider to get a bus clock (SIM module).
227          * - Configure the flash clock that depends on the bus clock.
228          *
229          * For MKE02_40 and MKE02_20 we set ICSOUTCLK = 20MHz and bus clock = 20MHz.
230          * For MKE04 and MKE06 we run at ICSOUTCLK = 48MHz and bus clock = 24MHz.
231          */
232
233         /*
234          * Trim internal clock
235          */
236         switch (KINETIS_KE_SRSID_SUBFAMID(kinfo->sim_srsid)) {
237
238                 case KINETIS_KE_SRSID_KEX2:
239                         /* Both KE02_20 and KE02_40 should get the same trim value */
240                         trim_value = 0x4C;
241                         break;
242
243                 case KINETIS_KE_SRSID_KEX4:
244                         trim_value = 0x54;
245                         break;
246
247                 case KINETIS_KE_SRSID_KEX6:
248                         trim_value = 0x58;
249                         break;
250         }
251
252         result = target_read_u8(target, ICS_C4, &c4);
253         if (result != ERROR_OK)
254                 return result;
255
256         c3 = trim_value;
257         c4 = (c4 & ~(ICS_C4_SCFTRIM_MASK)) | ((trim_value >> 8) & 0x01);
258
259         result = target_write_u8(target, ICS_C3, c3);
260         if (result != ERROR_OK)
261                 return result;
262
263         result = target_write_u8(target, ICS_C4, c4);
264         if (result != ERROR_OK)
265                 return result;
266
267         result = target_read_u8(target, ICS_S, &s);
268         if (result != ERROR_OK)
269                 return result;
270
271         /* Wait */
272         while (!(s & ICS_S_LOCK_MASK)) {
273
274                 if (timeout <= 1000) {
275                         timeout++;
276                         alive_sleep(1);
277                 } else {
278                         return ERROR_FAIL;
279                 }
280
281                 result = target_read_u8(target, ICS_S, &s);
282                 if (result != ERROR_OK)
283                         return result;
284         }
285
286         /* ... trim done ... */
287
288         /*
289          * Configure SIM (bus clock)
290          */
291         switch (KINETIS_KE_SRSID_SUBFAMID(kinfo->sim_srsid)) {
292
293                 /* KE02 sub-family operates on SIM_BUSDIV */
294                 case KINETIS_KE_SRSID_KEX2:
295                         bus_reg_val = 0;
296                         bus_reg_addr = SIM_BUSDIV;
297                         bus_clock = 20000000;
298                         break;
299
300                 /* KE04 and KE06 sub-family operates on SIM_CLKDIV
301                  * Clocks are divided by:
302                  * DIV1 = core clock = 48MHz
303                  * DIV2 = bus clock = 24Mhz
304                  * DIV3 = timer clocks
305                  * So we need to configure SIM_CLKDIV, DIV1 and DIV2 value
306                  */
307                 case KINETIS_KE_SRSID_KEX4:
308                         /* KE04 devices have the SIM_CLKDIV register at a different offset
309                          * depending on the pin count. */
310                         switch (KINETIS_KE_SRSID_PINCOUNT(kinfo->sim_srsid)) {
311
312                                 /* 16, 20 and 24 pins */
313                                 case 1:
314                                 case 2:
315                                 case 3:
316                                         bus_reg_addr = SIM_CLKDIV_KE04_16_20_24;
317                                         break;
318
319                                 /* 44, 64 and 80 pins */
320                                 case 5:
321                                 case 7:
322                                 case 8:
323                                         bus_reg_addr = SIM_CLKDIV_KE04_44_64_80;
324                                         break;
325
326                                 default:
327                                         LOG_ERROR("KE04 - Unknown pin count");
328                                         return ERROR_FAIL;
329                         }
330
331                         bus_reg_val = SIM_CLKDIV_OUTDIV2_MASK;
332                         bus_clock = 24000000;
333                         break;
334
335                 case KINETIS_KE_SRSID_KEX6:
336                         bus_reg_val = SIM_CLKDIV_OUTDIV2_MASK;
337                         bus_reg_addr = SIM_CLKDIV_KE06;
338                         bus_clock = 24000000;
339                         break;
340         }
341
342         result = target_write_u32(target, bus_reg_addr, bus_reg_val);
343         if (result != ERROR_OK)
344                 return result;
345
346         /*
347          * Configure ICS to FEI (internal source)
348          */
349         result = target_read_u8(target, ICS_C2, &c2);
350         if (result != ERROR_OK)
351                 return result;
352
353         c2 &= ~ICS_C2_BDIV_MASK;
354
355         switch (KINETIS_KE_SRSID_SUBFAMID(kinfo->sim_srsid)) {
356
357                 case KINETIS_KE_SRSID_KEX2:
358                         /* Note: since there are two KE02 types, the KE02_40 @ 40MHz and the
359                          * KE02_20 @ 20MHz, we divide here the ~40MHz ICSFLLCLK down to 20MHz,
360                          * for compatibility.
361                          */
362                         c2 |= ICS_C2_BDIV(1);
363                         break;
364
365                 case KINETIS_KE_SRSID_KEX4:
366                 case KINETIS_KE_SRSID_KEX6:
367                         /* For KE04 and KE06, the ICSFLLCLK can be 48MHz. */
368                         c2 |= ICS_C2_BDIV(0);
369                         break;
370         }
371
372         result = target_write_u8(target, ICS_C2, c2);
373         if (result != ERROR_OK)
374                 return result;
375
376         /* Internal clock as reference (IREFS = 1) */
377         result = target_write_u8(target, ICS_C1, 4);
378         if (result != ERROR_OK)
379                 return result;
380
381         /* Wait for FLL to lock */
382         result = target_read_u8(target, ICS_S, &s);
383         if (result != ERROR_OK)
384                 return result;
385
386         while (!(s & ICS_S_LOCK_MASK)) {
387
388                 if (timeout <= 1000) {
389                         timeout++;
390                         alive_sleep(1);
391                 } else {
392                         return ERROR_FLASH_OPERATION_FAILED;
393                 }
394
395                 result = target_read_u8(target, ICS_S, &s);
396                 if (result != ERROR_OK)
397                         return result;
398         }
399
400         /*
401          * Configure flash clock to 1MHz.
402          */
403         flash_clk_div = bus_clock / 1000000L - 1;
404
405         /* Check if the FCLKDIV register is locked */
406         result = target_read_u8(target, kinfo->ftmrx_fclkdiv_addr, &fclkdiv);
407         if (result != ERROR_OK)
408                 return result;
409
410         if (!(fclkdiv & FTMRX_FCLKDIV_FDIVLCK_MASK)) {
411                 /* Unlocked. Check if the register was configured, and if so, if it has the right value */
412                 if ((fclkdiv & FTMRX_FCLKDIV_FDIVLD_MASK) &&
413                         ((fclkdiv & FTMRX_FCLKDIV_FDIV_MASK) != FTMRX_FCLKDIV_FDIV(flash_clk_div))) {
414                         LOG_WARNING("Flash clock was already set and contains an invalid value.");
415                         LOG_WARNING("Please reset the target.");
416                         return ERROR_FAIL;
417                 }
418
419                 /* Finally, configure the flash clock */
420                 fclkdiv = (fclkdiv & ~(FTMRX_FCLKDIV_FDIV_MASK)) | FTMRX_FCLKDIV_FDIV(flash_clk_div);
421                 result = target_write_u8(target, kinfo->ftmrx_fclkdiv_addr, fclkdiv);
422                 if (result != ERROR_OK)
423                         return result;
424         } else {
425                 /* Locked. Check if the current value is correct. */
426                 if ((fclkdiv & FTMRX_FCLKDIV_FDIV_MASK) != FTMRX_FCLKDIV_FDIV(flash_clk_div)) {
427                         LOG_WARNING("Flash clock register is locked and contains an invalid value.");
428                         LOG_WARNING("Please reset the target.");
429                         return ERROR_FAIL;
430                 }
431         }
432
433         LOG_INFO("Flash clock ready");
434         return ERROR_OK;
435 }
436
437 int kinetis_ke_stop_watchdog(struct target *target)
438 {
439         struct working_area *watchdog_algorithm;
440         struct armv7m_algorithm armv7m_info;
441         int retval;
442         uint8_t cs1;
443
444         static const uint8_t watchdog_code[] = {
445 #include "../../../contrib/loaders/flash/kinetis_ke/kinetis_ke_watchdog.inc"
446         };
447
448         if (target->state != TARGET_HALTED) {
449                 LOG_ERROR("Target not halted");
450                 return ERROR_TARGET_NOT_HALTED;
451         }
452
453         /* Check if the watchdog is enabled */
454         retval = target_read_u8(target, WDOG_CS1, &cs1);
455         if (retval != ERROR_OK)
456                 return retval;
457
458         if (!(cs1 & 0x80)) {
459                 /* Already stopped */
460                 return ERROR_OK;
461         }
462
463         /* allocate working area with watchdog code */
464         if (target_alloc_working_area(target, sizeof(watchdog_code), &watchdog_algorithm) != ERROR_OK) {
465                 LOG_WARNING("No working area available for watchdog algorithm");
466                 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
467         }
468
469         retval = target_write_buffer(target, watchdog_algorithm->address,
470                         sizeof(watchdog_code), watchdog_code);
471         if (retval != ERROR_OK)
472                 return retval;
473
474         armv7m_info.common_magic = ARMV7M_COMMON_MAGIC;
475         armv7m_info.core_mode = ARM_MODE_THREAD;
476
477         retval = target_run_algorithm(target, 0, NULL, 0, NULL,
478                         watchdog_algorithm->address, 0, 100000, &armv7m_info);
479         if (retval != ERROR_OK) {
480                 LOG_ERROR("Error executing Kinetis KE watchdog algorithm");
481         } else {
482                 LOG_INFO("Watchdog stopped");
483         }
484
485         target_free_working_area(target, watchdog_algorithm);
486
487         return retval;
488 }
489
490 COMMAND_HANDLER(kinetis_ke_disable_wdog_handler)
491 {
492         struct target *target = get_current_target(CMD_CTX);
493
494         if (CMD_ARGC > 0)
495                 return ERROR_COMMAND_SYNTAX_ERROR;
496
497         return kinetis_ke_stop_watchdog(target);
498 }
499
500 COMMAND_HANDLER(kinetis_ke_mdm_mass_erase)
501 {
502         struct target *target = get_current_target(CMD_CTX);
503         struct cortex_m_common *cortex_m = target_to_cm(target);
504         struct adiv5_dap *dap = cortex_m->armv7m.arm.dap;
505
506         if (!dap) {
507                 LOG_ERROR("Cannot perform mass erase with a high-level adapter");
508                 return ERROR_FAIL;
509         }
510
511         int retval;
512
513         /* According to chapter 18.3.7.2 of the KE02 reference manual */
514
515         /* assert SRST */
516         if (jtag_get_reset_config() & RESET_HAS_SRST)
517                 adapter_assert_reset();
518
519         /*
520          * 1. Reset the device by asserting RESET pin or DAP_CTRL[3]
521          */
522         retval = kinetis_ke_mdm_write_register(dap, MDM_REG_CTRL, MEM_CTRL_SYS_RES_REQ);
523         if (retval != ERROR_OK)
524                 return retval;
525
526         /*
527          * ... Read the MDM-AP status register until the Flash Ready bit sets...
528          */
529         retval = kinetis_ke_mdm_poll_register(dap, MDM_REG_STAT,
530                                            MDM_STAT_FREADY | MDM_STAT_SYSRES,
531                                            MDM_STAT_FREADY);
532         if (retval != ERROR_OK) {
533                 LOG_ERROR("MDM : flash ready timeout");
534                 return retval;
535         }
536
537         /*
538          * 2. Set DAP_CTRL[0] bit to invoke debug mass erase via SWD
539          * 3. Release reset by deasserting RESET pin or DAP_CTRL[3] bit via SWD.
540          */
541         retval = kinetis_ke_mdm_write_register(dap, MDM_REG_CTRL, MEM_CTRL_FMEIP);
542         if (retval != ERROR_OK)
543                 return retval;
544
545         /* As a sanity check make sure that device started mass erase procedure */
546         retval = kinetis_ke_mdm_poll_register(dap, MDM_REG_STAT,
547                                            MDM_STAT_FMEACK, MDM_STAT_FMEACK);
548         if (retval != ERROR_OK)
549                 return retval;
550
551         /*
552          * 4. Wait till DAP_CTRL[0] bit is cleared (after mass erase completes,
553          * DAP_CTRL[0] bit is cleared automatically).
554          */
555         retval = kinetis_ke_mdm_poll_register(dap, MDM_REG_CTRL,
556                                            MEM_CTRL_FMEIP,
557                                            0);
558         if (retval != ERROR_OK)
559                 return retval;
560
561         if (jtag_get_reset_config() & RESET_HAS_SRST)
562                 adapter_deassert_reset();
563
564         return ERROR_OK;
565 }
566
567 static const uint32_t kinetis_ke_known_mdm_ids[] = {
568         0x001C0020,     /* Kinetis-L/M/V/E/KE Series */
569 };
570
571 /*
572  * This function implements the procedure to connect to
573  * SWD/JTAG on Kinetis K and L series of devices as it is described in
574  * AN4835 "Production Flash Programming Best Practices for Kinetis K-
575  * and L-series MCUs" Section 4.1.1
576  */
577 COMMAND_HANDLER(kinetis_ke_check_flash_security_status)
578 {
579         struct target *target = get_current_target(CMD_CTX);
580         struct cortex_m_common *cortex_m = target_to_cm(target);
581         struct adiv5_dap *dap = cortex_m->armv7m.arm.dap;
582
583         if (!dap) {
584                 LOG_WARNING("Cannot check flash security status with a high-level adapter");
585                 return ERROR_OK;
586         }
587
588         uint32_t val;
589         int retval;
590
591         /*
592          * ... The MDM-AP ID register can be read to verify that the
593          * connection is working correctly...
594          */
595         retval = kinetis_ke_mdm_read_register(dap, MDM_REG_ID, &val);
596         if (retval != ERROR_OK) {
597                 LOG_ERROR("MDM: failed to read ID register");
598                 goto fail;
599         }
600
601         bool found = false;
602         for (size_t i = 0; i < ARRAY_SIZE(kinetis_ke_known_mdm_ids); i++) {
603                 if (val == kinetis_ke_known_mdm_ids[i]) {
604                         found = true;
605                         break;
606                 }
607         }
608
609         if (!found)
610                 LOG_WARNING("MDM: unknown ID %08" PRIX32, val);
611
612         /*
613          * ... Read the MDM-AP status register until the Flash Ready bit sets...
614          */
615         retval = kinetis_ke_mdm_poll_register(dap, MDM_REG_STAT,
616                                            MDM_STAT_FREADY,
617                                            MDM_STAT_FREADY);
618         if (retval != ERROR_OK) {
619                 LOG_ERROR("MDM: flash ready timeout");
620                 goto fail;
621         }
622
623         /*
624          * ... Read the System Security bit to determine if security is enabled.
625          * If System Security = 0, then proceed. If System Security = 1, then
626          * communication with the internals of the processor, including the
627          * flash, will not be possible without issuing a mass erase command or
628          * unsecuring the part through other means (backdoor key unlock)...
629          */
630         retval = kinetis_ke_mdm_read_register(dap, MDM_REG_STAT, &val);
631         if (retval != ERROR_OK) {
632                 LOG_ERROR("MDM: failed to read MDM_REG_STAT");
633                 goto fail;
634         }
635
636         if (val & MDM_STAT_SYSSEC) {
637                 jtag_poll_set_enabled(false);
638
639                 LOG_WARNING("*********** ATTENTION! ATTENTION! ATTENTION! ATTENTION! **********");
640                 LOG_WARNING("****                                                          ****");
641                 LOG_WARNING("**** Your Kinetis MCU is in secured state, which means that,  ****");
642                 LOG_WARNING("**** with exception for very basic communication, JTAG/SWD    ****");
643                 LOG_WARNING("**** interface will NOT work. In order to restore its         ****");
644                 LOG_WARNING("**** functionality please issue 'kinetis_ke mdm mass_erase'   ****");
645                 LOG_WARNING("**** command, power cycle the MCU and restart OpenOCD.        ****");
646                 LOG_WARNING("****                                                          ****");
647                 LOG_WARNING("*********** ATTENTION! ATTENTION! ATTENTION! ATTENTION! **********");
648         } else {
649                 LOG_INFO("MDM: Chip is unsecured. Continuing.");
650                 jtag_poll_set_enabled(true);
651         }
652
653         return ERROR_OK;
654
655 fail:
656         LOG_ERROR("MDM: Failed to check security status of the MCU. Cannot proceed further");
657         jtag_poll_set_enabled(false);
658         return retval;
659 }
660
661 FLASH_BANK_COMMAND_HANDLER(kinetis_ke_flash_bank_command)
662 {
663         struct kinetis_ke_flash_bank *bank_info;
664
665         if (CMD_ARGC < 6)
666                 return ERROR_COMMAND_SYNTAX_ERROR;
667
668         LOG_INFO("add flash_bank kinetis_ke %s", bank->name);
669
670         bank_info = malloc(sizeof(struct kinetis_ke_flash_bank));
671
672         memset(bank_info, 0, sizeof(struct kinetis_ke_flash_bank));
673
674         bank->driver_priv = bank_info;
675
676         return ERROR_OK;
677 }
678
679 /* Kinetis Program-LongWord Microcodes */
680 static uint8_t kinetis_ke_flash_write_code[] = {
681 #include "../../../contrib/loaders/flash/kinetis_ke/kinetis_ke_flash.inc"
682 };
683
684 static int kinetis_ke_write_words(struct flash_bank *bank, const uint8_t *buffer,
685                                                                 uint32_t offset, uint32_t words)
686 {
687         struct kinetis_ke_flash_bank *kinfo = bank->driver_priv;
688         struct target *target = bank->target;
689         uint32_t ram_buffer_size = 512 + 16;
690         struct working_area *write_algorithm;
691         struct working_area *source;
692         uint32_t address = bank->base + offset;
693         struct reg_param reg_params[4];
694         struct armv7m_algorithm armv7m_info;
695         int retval = ERROR_OK;
696         uint32_t flash_code_size;
697
698         LOG_INFO("Kinetis KE: FLASH Write ...");
699
700         /* allocate working area with flash programming code */
701         if (target_alloc_working_area(target, sizeof(kinetis_ke_flash_write_code),
702                         &write_algorithm) != ERROR_OK) {
703                 LOG_WARNING("no working area available, can't do block memory writes");
704                 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
705         }
706
707         /* Patch the FTMRx registers addresses */
708         flash_code_size = sizeof(kinetis_ke_flash_write_code);
709         buf_set_u32(&kinetis_ke_flash_write_code[flash_code_size-16], 0, 32, kinfo->ftmrx_fstat_addr);
710         buf_set_u32(&kinetis_ke_flash_write_code[flash_code_size-12], 0, 32, kinfo->ftmrx_fccobix_addr);
711         buf_set_u32(&kinetis_ke_flash_write_code[flash_code_size-8], 0, 32, kinfo->ftmrx_fccobhi_addr);
712         buf_set_u32(&kinetis_ke_flash_write_code[flash_code_size-4], 0, 32, kinfo->ftmrx_fccoblo_addr);
713
714         retval = target_write_buffer(target, write_algorithm->address,
715                 sizeof(kinetis_ke_flash_write_code), kinetis_ke_flash_write_code);
716         if (retval != ERROR_OK)
717                 return retval;
718
719         /* memory buffer */
720         if (target_alloc_working_area(target, ram_buffer_size, &source) != ERROR_OK) {
721                 /* free working area, write algorithm already allocated */
722                 target_free_working_area(target, write_algorithm);
723
724                 LOG_WARNING("No large enough working area available, can't do block memory writes");
725                 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
726         }
727
728         armv7m_info.common_magic = ARMV7M_COMMON_MAGIC;
729         armv7m_info.core_mode = ARM_MODE_THREAD;
730
731         init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
732         init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
733         init_reg_param(&reg_params[2], "r2", 32, PARAM_OUT);
734         init_reg_param(&reg_params[3], "r3", 32, PARAM_OUT);
735
736         buf_set_u32(reg_params[0].value, 0, 32, address);
737         buf_set_u32(reg_params[1].value, 0, 32, words);
738         buf_set_u32(reg_params[2].value, 0, 32, source->address);
739         buf_set_u32(reg_params[3].value, 0, 32, source->address + source->size);
740
741         retval = target_run_flash_async_algorithm(target, buffer, words, 4,
742                         0, NULL,
743                         4, reg_params,
744                         source->address, source->size,
745                         write_algorithm->address, 0,
746                         &armv7m_info);
747
748         if (retval == ERROR_FLASH_OPERATION_FAILED) {
749                 if (buf_get_u32(reg_params[0].value, 0, 32) & FTMRX_ERROR_ACCERR)
750                         LOG_ERROR("flash access error");
751
752                 if (buf_get_u32(reg_params[0].value, 0, 32) & FTMRX_ERROR_FPVIOL)
753                         LOG_ERROR("flash protection violation");
754         }
755
756         target_free_working_area(target, source);
757         target_free_working_area(target, write_algorithm);
758
759         destroy_reg_param(&reg_params[0]);
760         destroy_reg_param(&reg_params[1]);
761         destroy_reg_param(&reg_params[2]);
762         destroy_reg_param(&reg_params[3]);
763
764         return retval;
765 }
766
767 static int kinetis_ke_protect(struct flash_bank *bank, int set, int first, int last)
768 {
769         LOG_WARNING("kinetis_ke_protect not supported yet");
770         /* FIXME: TODO */
771
772         if (bank->target->state != TARGET_HALTED) {
773                 LOG_ERROR("Target not halted");
774                 return ERROR_TARGET_NOT_HALTED;
775         }
776
777         return ERROR_FLASH_BANK_INVALID;
778 }
779
780 static int kinetis_ke_protect_check(struct flash_bank *bank)
781 {
782         struct kinetis_ke_flash_bank *kinfo = bank->driver_priv;
783
784         if (bank->target->state != TARGET_HALTED) {
785                 LOG_ERROR("Target not halted");
786                 return ERROR_TARGET_NOT_HALTED;
787         }
788
789         int result;
790         uint8_t fprot;
791         uint8_t fpopen, fpldis, fphdis;
792         uint8_t fphs, fpls;
793         uint32_t lprot_size = 0, hprot_size = 0;
794         uint32_t lprot_to = 0, hprot_from = 0;
795
796         /* read protection register */
797         result = target_read_u8(bank->target, kinfo->ftmrx_fprot_addr, &fprot);
798
799         if (result != ERROR_OK)
800                 return result;
801
802         fpopen = fprot & 0x80;
803         fpldis = fprot & 0x04;
804         fphdis = fprot & 0x20;
805         fphs = (fprot >> 3) & 0x03;
806         fpls = fprot & 0x03;
807
808         /* Fully unprotected? */
809         if (fpopen && fpldis && fphdis) {
810                 LOG_WARNING("No flash protection found.");
811
812                 for (uint32_t i = 0; i < (uint32_t) bank->num_sectors; i++)
813                         bank->sectors[i].is_protected = 0;
814
815                 kinfo->protection_size = 0;
816         } else {
817                 LOG_WARNING("Flash protected. FPOPEN=%i FPLDIS=%i FPHDIS=%i FPLS=%i FPHS=%i", \
818                                         fpopen ? 1 : 0, fpldis ? 1 : 0, fphdis ? 1 : 0, fpls, fphs);
819
820                 /* Retrieve which region is protected and how much */
821                 if (fpopen) {
822                         if (fpldis == 0)
823                                 lprot_size = (kinfo->sector_size * 4) << fpls;
824
825                         if (fphdis == 0)
826                                 hprot_size = (kinfo->sector_size * 2) << fphs;
827                 } else {
828                         if (fpldis == 1)
829                                 lprot_size = (kinfo->sector_size * 4) << fpls;
830
831                         if (fphdis == 1)
832                                 hprot_size = (kinfo->sector_size * 2) << fphs;
833                 }
834
835                 kinfo->protection_size = lprot_size + hprot_size;
836
837                 /* lprot_to indicates up to where the lower region is protected */
838                 lprot_to = lprot_size / kinfo->sector_size;
839
840                 /* hprot_from indicates from where the upper region is protected */
841                 hprot_from = (0x8000 - hprot_size) / kinfo->sector_size;
842
843                 for (uint32_t i = 0; i < (uint32_t) bank->num_sectors; i++) {
844
845                         /* Check if the sector is in the lower region */
846                         if (bank->sectors[i].offset < 0x4000) {
847                                 /* Compare the sector start address against lprot_to */
848                                 if (lprot_to && (i < lprot_to))
849                                         bank->sectors[i].is_protected = 1;
850                                 else
851                                         bank->sectors[i].is_protected = 0;
852
853                         /* Check if the sector is between the lower and upper region
854                          * OR after the upper region */
855                         } else if (bank->sectors[i].offset < 0x6000 || bank->sectors[i].offset >= 0x8000) {
856                                 /* If fpopen is 1 then these regions are protected */
857                                 if (fpopen)
858                                         bank->sectors[i].is_protected = 0;
859                                 else
860                                         bank->sectors[i].is_protected = 1;
861
862                         /* Check if the sector is in the upper region */
863                         } else if (bank->sectors[i].offset < 0x8000) {
864                                 if (hprot_from && (i > hprot_from))
865                                         bank->sectors[i].is_protected = 1;
866                                 else
867                                         bank->sectors[i].is_protected = 0;
868                         }
869                 }
870         }
871
872         return ERROR_OK;
873 }
874
875 static int kinetis_ke_ftmrx_command(struct flash_bank *bank, uint8_t count,
876                                                                         uint8_t *FCCOBIX, uint8_t *FCCOBHI, uint8_t *FCCOBLO, uint8_t *fstat)
877 {
878         uint8_t i;
879         int result;
880         struct target *target = bank->target;
881         struct kinetis_ke_flash_bank *kinfo = bank->driver_priv;
882         uint32_t timeout = 0;
883
884         /* Clear error flags */
885         result = target_write_u8(target, kinfo->ftmrx_fstat_addr, 0x30);
886         if (result != ERROR_OK)
887                 return result;
888
889         for (i = 0; i < count; i++)     {
890                 /* Write index */
891                 result = target_write_u8(target, kinfo->ftmrx_fccobix_addr, FCCOBIX[i]);
892                 if (result != ERROR_OK)
893                         return result;
894
895                 /* Write high part */
896                 result = target_write_u8(target, kinfo->ftmrx_fccobhi_addr, FCCOBHI[i]);
897                 if (result != ERROR_OK)
898                         return result;
899
900                 /* Write low part (that is not always required) */
901                 if (FCCOBLO) {
902                         result = target_write_u8(target, kinfo->ftmrx_fccoblo_addr, FCCOBLO[i]);
903                         if (result != ERROR_OK)
904                                 return result;
905                 }
906         }
907
908         /* Launch the command */
909         result = target_write_u8(target, kinfo->ftmrx_fstat_addr, 0x80);
910         if (result != ERROR_OK)
911                 return result;
912
913         /* Wait for it to finish */
914         result = target_read_u8(target, kinfo->ftmrx_fstat_addr, fstat);
915         if (result != ERROR_OK)
916                 return result;
917
918         while (!(*fstat & FTMRX_FSTAT_CCIF_MASK)) {
919                 if (timeout <= 1000) {
920                         timeout++;
921                         alive_sleep(1);
922                 } else {
923                         return ERROR_FLASH_OPERATION_FAILED;
924                 }
925
926                 result = target_read_u8(target, kinfo->ftmrx_fstat_addr, fstat);
927                 if (result != ERROR_OK)
928                         return result;
929         }
930
931         return ERROR_OK;
932 }
933
934 COMMAND_HANDLER(kinetis_ke_securing_test)
935 {
936         int result;
937         struct target *target = get_current_target(CMD_CTX);
938         struct flash_bank *bank = NULL;
939         uint32_t address;
940
941         uint8_t FCCOBIX[2], FCCOBHI[2], FCCOBLO[2], fstat;
942
943         result = get_flash_bank_by_addr(target, 0x00000000, true, &bank);
944         if (result != ERROR_OK)
945                 return result;
946
947         assert(bank != NULL);
948
949         if (target->state != TARGET_HALTED) {
950                 LOG_ERROR("Target not halted");
951                 return ERROR_TARGET_NOT_HALTED;
952         }
953
954         address = bank->base + 0x00000400;
955
956         FCCOBIX[0] = 0;
957         FCCOBHI[0] = FTMRX_CMD_ERASESECTOR;
958         FCCOBLO[0] = address >> 16;
959
960         FCCOBIX[1] = 1;
961         FCCOBHI[1] = address >> 8;
962         FCCOBLO[1] = address;
963
964         return kinetis_ke_ftmrx_command(bank, 2, FCCOBIX, FCCOBHI, FCCOBLO, &fstat);
965 }
966
967 static int kinetis_ke_erase(struct flash_bank *bank, int first, int last)
968 {
969         int result, i;
970         uint8_t FCCOBIX[2], FCCOBHI[2], FCCOBLO[2], fstat;
971         bool fcf_erased = false;
972
973         if (bank->target->state != TARGET_HALTED) {
974                 LOG_ERROR("Target not halted");
975                 return ERROR_TARGET_NOT_HALTED;
976         }
977
978         if ((first > bank->num_sectors) || (last > bank->num_sectors))
979                 return ERROR_FLASH_OPERATION_FAILED;
980
981         result = kinetis_ke_prepare_flash(bank);
982         if (result != ERROR_OK)
983                 return result;
984
985         for (i = first; i <= last; i++) {
986                 FCCOBIX[0] = 0;
987                 FCCOBHI[0] = FTMRX_CMD_ERASESECTOR;
988                 FCCOBLO[0] = (bank->base + bank->sectors[i].offset) >> 16;
989
990                 FCCOBIX[1] = 1;
991                 FCCOBHI[1] = (bank->base + bank->sectors[i].offset) >> 8;
992                 FCCOBLO[1] = (bank->base + bank->sectors[i].offset);
993
994                 result = kinetis_ke_ftmrx_command(bank, 2, FCCOBIX, FCCOBHI, FCCOBLO, &fstat);
995
996                 if (result != ERROR_OK) {
997                         LOG_WARNING("erase sector %d failed", i);
998                         return ERROR_FLASH_OPERATION_FAILED;
999                 }
1000
1001                 bank->sectors[i].is_erased = 1;
1002
1003                 if (i == 2)
1004                         fcf_erased = true;
1005         }
1006
1007         if (fcf_erased) {
1008                 LOG_WARNING
1009                         ("flash configuration field erased, please reset the device");
1010         }
1011
1012         return ERROR_OK;
1013 }
1014
1015 static int kinetis_ke_write(struct flash_bank *bank, const uint8_t *buffer,
1016                          uint32_t offset, uint32_t count)
1017 {
1018         int result;
1019         uint8_t *new_buffer = NULL;
1020         uint32_t words = count / 4;
1021
1022         if (bank->target->state != TARGET_HALTED) {
1023                 LOG_ERROR("Target not halted");
1024                 return ERROR_TARGET_NOT_HALTED;
1025         }
1026
1027         if (offset > bank->size)
1028                 return ERROR_FLASH_BANK_INVALID;
1029
1030         if (offset & 0x3) {
1031                 LOG_WARNING("offset 0x%" PRIx32 " breaks the required alignment", offset);
1032                 return ERROR_FLASH_DST_BREAKS_ALIGNMENT;
1033         }
1034
1035         result = kinetis_ke_stop_watchdog(bank->target);
1036         if (result != ERROR_OK)
1037                         return result;
1038
1039         result = kinetis_ke_prepare_flash(bank);
1040         if (result != ERROR_OK)
1041                 return result;
1042
1043         if (count & 0x3) {
1044                 uint32_t old_count = count;
1045                 count = (old_count | 3) + 1;
1046                 new_buffer = malloc(count);
1047                 if (new_buffer == NULL) {
1048                         LOG_ERROR("odd number of bytes to write and no memory "
1049                                 "for padding buffer");
1050                         return ERROR_FAIL;
1051                 }
1052
1053                 LOG_INFO("odd number of bytes to write (%" PRIu32 "), extending to %" PRIu32 " "
1054                         "and padding with 0xff", old_count, count);
1055
1056                 memset(new_buffer, 0xff, count);
1057                 buffer = memcpy(new_buffer, buffer, old_count);
1058                 words++;
1059         }
1060
1061         result = kinetis_ke_write_words(bank, buffer, offset, words);
1062         free(new_buffer);
1063
1064         return result;
1065 }
1066
1067 static int kinetis_ke_probe(struct flash_bank *bank)
1068 {
1069         int result, i;
1070         uint32_t offset = 0;
1071         struct target *target = bank->target;
1072         struct kinetis_ke_flash_bank *kinfo = bank->driver_priv;
1073
1074         result = target_read_u32(target, SIM_SRSID, &kinfo->sim_srsid);
1075         if (result != ERROR_OK)
1076                 return result;
1077
1078         if (KINETIS_KE_SRSID_FAMID(kinfo->sim_srsid) != 0x00) {
1079                 LOG_ERROR("Unsupported KE family");
1080                 return ERROR_FLASH_OPER_UNSUPPORTED;
1081         }
1082
1083         switch (KINETIS_KE_SRSID_SUBFAMID(kinfo->sim_srsid)) {
1084                 case KINETIS_KE_SRSID_KEX2:
1085                         LOG_INFO("KE02 sub-family");
1086                         break;
1087
1088                 case KINETIS_KE_SRSID_KEX4:
1089                         LOG_INFO("KE04 sub-family");
1090                         break;
1091
1092                 case KINETIS_KE_SRSID_KEX6:
1093                         LOG_INFO("KE06 sub-family");
1094                         break;
1095
1096                 default:
1097                         LOG_ERROR("Unsupported KE sub-family");
1098                         return ERROR_FLASH_OPER_UNSUPPORTED;
1099         }
1100
1101         /* We can only retrieve the ke0x part, but there is no way to know
1102          * the flash size, so assume the maximum flash size for the entire
1103          * sub family.
1104          */
1105         bank->base = 0x00000000;
1106         kinfo->sector_size = 512;
1107
1108         switch (KINETIS_KE_SRSID_SUBFAMID(kinfo->sim_srsid)) {
1109
1110                 case KINETIS_KE_SRSID_KEX2:
1111                         /* Max. 64KB */
1112                         bank->size = 0x00010000;
1113                         bank->num_sectors = 128;
1114
1115                         /* KE02 uses the FTMRH flash controller,
1116                          * and registers have a different offset from the
1117                          * FTMRE flash controller. Sort this out here.
1118                          */
1119                         kinfo->ftmrx_fclkdiv_addr = 0x40020000;
1120                         kinfo->ftmrx_fccobix_addr = 0x40020002;
1121                         kinfo->ftmrx_fstat_addr = 0x40020006;
1122                         kinfo->ftmrx_fprot_addr = 0x40020008;
1123                         kinfo->ftmrx_fccobhi_addr = 0x4002000A;
1124                         kinfo->ftmrx_fccoblo_addr = 0x4002000B;
1125                         break;
1126
1127                 case KINETIS_KE_SRSID_KEX6:
1128                 case KINETIS_KE_SRSID_KEX4:
1129                         /* Max. 128KB */
1130                         bank->size = 0x00020000;
1131                         bank->num_sectors = 256;
1132
1133                         /* KE04 and KE06 use the FTMRE flash controller,
1134                          * and registers have a different offset from the
1135                          * FTMRH flash controller. Sort this out here.
1136                          */
1137                         kinfo->ftmrx_fclkdiv_addr = 0x40020003;
1138                         kinfo->ftmrx_fccobix_addr = 0x40020001;
1139                         kinfo->ftmrx_fstat_addr = 0x40020005;
1140                         kinfo->ftmrx_fprot_addr = 0x4002000B;
1141                         kinfo->ftmrx_fccobhi_addr = 0x40020009;
1142                         kinfo->ftmrx_fccoblo_addr = 0x40020008;
1143                         break;
1144         }
1145
1146         if (bank->sectors) {
1147                 free(bank->sectors);
1148                 bank->sectors = NULL;
1149         }
1150
1151         assert(bank->num_sectors > 0);
1152         bank->sectors = malloc(sizeof(struct flash_sector) * bank->num_sectors);
1153
1154         for (i = 0; i < bank->num_sectors; i++) {
1155                 bank->sectors[i].offset = offset;
1156                 bank->sectors[i].size = kinfo->sector_size;
1157                 offset += kinfo->sector_size;
1158                 bank->sectors[i].is_erased = -1;
1159                 bank->sectors[i].is_protected = 1;
1160         }
1161
1162         return ERROR_OK;
1163 }
1164
1165 static int kinetis_ke_auto_probe(struct flash_bank *bank)
1166 {
1167         struct kinetis_ke_flash_bank *kinfo = bank->driver_priv;
1168
1169         if (kinfo->sim_srsid)
1170                 return ERROR_OK;
1171
1172         return kinetis_ke_probe(bank);
1173 }
1174
1175 static int kinetis_ke_info(struct flash_bank *bank, char *buf, int buf_size)
1176 {
1177         (void) snprintf(buf, buf_size,
1178                         "%s driver for flash bank %s at 0x%8.8" PRIx32 "",
1179                         bank->driver->name,     bank->name, bank->base);
1180
1181         return ERROR_OK;
1182 }
1183
1184 static int kinetis_ke_blank_check(struct flash_bank *bank)
1185 {
1186         uint8_t FCCOBIX[3], FCCOBHI[3], FCCOBLO[3], fstat;
1187         uint16_t longwords = 0;
1188         int result;
1189
1190         if (bank->target->state != TARGET_HALTED) {
1191                 LOG_ERROR("Target not halted");
1192                 return ERROR_TARGET_NOT_HALTED;
1193         }
1194
1195         result = kinetis_ke_prepare_flash(bank);
1196         if (result != ERROR_OK)
1197                 return result;
1198
1199         /* check if whole bank is blank */
1200         FCCOBIX[0] = 0;
1201         FCCOBHI[0] = FTMRX_CMD_ALLERASED;
1202
1203         result = kinetis_ke_ftmrx_command(bank, 1, FCCOBIX, FCCOBHI, NULL, &fstat);
1204
1205         if (result != ERROR_OK)
1206                 return result;
1207
1208         if (fstat & (FTMRX_FSTAT_MGSTAT0_MASK | FTMRX_FSTAT_MGSTAT1_MASK)) {
1209                 /* the whole bank is not erased, check sector-by-sector */
1210                 int i;
1211
1212                 for (i = 0; i < bank->num_sectors; i++) {
1213                         FCCOBIX[0] = 0;
1214                         FCCOBHI[0] = FTMRX_CMD_SECTIONERASED;
1215                         FCCOBLO[0] = (bank->base + bank->sectors[i].offset) >> 16;
1216
1217                         FCCOBIX[1] = 1;
1218                         FCCOBHI[1] = (bank->base + bank->sectors[i].offset) >> 8;
1219                         FCCOBLO[1] = (bank->base + bank->sectors[i].offset);
1220
1221                         longwords = 128;
1222
1223                         FCCOBIX[2] = 2;
1224                         FCCOBHI[2] = longwords >> 8;
1225                         FCCOBLO[2] = longwords;
1226
1227                         result = kinetis_ke_ftmrx_command(bank, 3, FCCOBIX, FCCOBHI, FCCOBLO, &fstat);
1228
1229                         if (result == ERROR_OK) {
1230                                 bank->sectors[i].is_erased = !(fstat & (FTMRX_FSTAT_MGSTAT0_MASK | FTMRX_FSTAT_MGSTAT1_MASK));
1231                         } else {
1232                                 LOG_DEBUG("Ignoring errored PFlash sector blank-check");
1233                                 bank->sectors[i].is_erased = -1;
1234                         }
1235                 }
1236         } else {
1237                 /* the whole bank is erased, update all sectors */
1238                 int i;
1239                 for (i = 0; i < bank->num_sectors; i++)
1240                         bank->sectors[i].is_erased = 1;
1241         }
1242
1243         return ERROR_OK;
1244 }
1245
1246 static const struct command_registration kinetis_ke_security_command_handlers[] = {
1247         {
1248                 .name = "check_security",
1249                 .mode = COMMAND_EXEC,
1250                 .help = "",
1251                 .usage = "",
1252                 .handler = kinetis_ke_check_flash_security_status,
1253         },
1254         {
1255                 .name = "mass_erase",
1256                 .mode = COMMAND_EXEC,
1257                 .help = "",
1258                 .usage = "",
1259                 .handler = kinetis_ke_mdm_mass_erase,
1260         },
1261         {
1262                 .name = "test_securing",
1263                 .mode = COMMAND_EXEC,
1264                 .help = "",
1265                 .usage = "",
1266                 .handler = kinetis_ke_securing_test,
1267         },
1268         COMMAND_REGISTRATION_DONE
1269 };
1270
1271 static const struct command_registration kinetis_ke_exec_command_handlers[] = {
1272         {
1273                 .name = "mdm",
1274                 .mode = COMMAND_ANY,
1275                 .help = "",
1276                 .usage = "",
1277                 .chain = kinetis_ke_security_command_handlers,
1278         },
1279         {
1280                 .name = "disable_wdog",
1281                 .mode = COMMAND_EXEC,
1282                 .help = "Disable the watchdog timer",
1283                 .usage = "",
1284                 .handler = kinetis_ke_disable_wdog_handler,
1285         },
1286         COMMAND_REGISTRATION_DONE
1287 };
1288
1289 static const struct command_registration kinetis_ke_command_handler[] = {
1290         {
1291                 .name = "kinetis_ke",
1292                 .mode = COMMAND_ANY,
1293                 .help = "Kinetis KE NAND flash controller commands",
1294                 .usage = "",
1295                 .chain = kinetis_ke_exec_command_handlers,
1296         },
1297         COMMAND_REGISTRATION_DONE
1298 };
1299
1300 struct flash_driver kinetis_ke_flash = {
1301         .name = "kinetis_ke",
1302         .commands = kinetis_ke_command_handler,
1303         .flash_bank_command = kinetis_ke_flash_bank_command,
1304         .erase = kinetis_ke_erase,
1305         .protect = kinetis_ke_protect,
1306         .write = kinetis_ke_write,
1307         .read = default_flash_read,
1308         .probe = kinetis_ke_probe,
1309         .auto_probe = kinetis_ke_auto_probe,
1310         .erase_check = kinetis_ke_blank_check,
1311         .protect_check = kinetis_ke_protect_check,
1312         .info = kinetis_ke_info,
1313         .free_driver_priv = default_flash_free_driver_priv,
1314 };