1 /***************************************************************************
2 * Copyright (C) 2006 by Magnus Lundin *
5 * Copyright (C) 2008 by Spencer Oliver *
6 * spen@spen-soft.co.uk *
8 * Copyright (C) 2009 by Oyvind Harboe *
9 * oyvind.harboe@zylin.com *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
29 * This file implements support for the ARM Debug Interface version 5 (ADIv5)
30 * debugging architecture. Compared with previous versions, this includes
31 * a low pin-count Serial Wire Debug (SWD) alternative to JTAG for message
32 * transport, and focusses on memory mapped resources as defined by the
33 * CoreSight architecture.
35 * A key concept in ADIv5 is the Debug Access Port, or DAP. A DAP has two
36 * basic components: a Debug Port (DP) transporting messages to and from a
37 * debugger, and an Access Port (AP) accessing resources. Three types of DP
38 * are defined. One uses only JTAG for communication, and is called JTAG-DP.
39 * One uses only SWD for communication, and is called SW-DP. The third can
40 * use either SWD or JTAG, and is called SWJ-DP. The most common type of AP
41 * is used to access memory mapped resources and is called a MEM-AP. Also a
42 * JTAG-AP is also defined, bridging to JTAG resources; those are uncommon.
46 * Relevant specifications from ARM include:
48 * ARM(tm) Debug Interface v5 Architecture Specification ARM IHI 0031A
49 * CoreSight(tm) v1.0 Architecture Specification ARM IHI 0029B
51 * CoreSight(tm) DAP-Lite TRM, ARM DDI 0316D
52 * Cortex-M3(tm) TRM, ARM DDI 0337G
59 #include "arm_adi_v5.h"
60 #include <helper/time_support.h>
64 * swjdp->trans_mode = TRANS_MODE_COMPOSITE;
65 * Uses Overrun checking mode and does not do actual JTAG send/receive or transaction
66 * result checking until swjdp_end_transaction()
67 * This must be done before using or deallocating any return variables.
68 * swjdp->trans_mode == TRANS_MODE_ATOMIC
69 * All reads and writes to the AHB bus are checked for valid completion, and return values
70 * are immediatley available.
74 /* ARM ADI Specification requires at least 10 bits used for TAR autoincrement */
77 uint32_t tar_block_size(uint32_t address)
78 Return the largest block starting at address that does not cross a tar block size alignment boundary
80 static uint32_t max_tar_block_size(uint32_t tar_autoincr_block, uint32_t address)
82 return (tar_autoincr_block - ((tar_autoincr_block - 1) & address)) >> 2;
85 /***************************************************************************
87 * DPACC and APACC scanchain access through JTAG-DP *
89 ***************************************************************************/
91 /* Scan out and in from target ordered uint8_t buffers */
92 int adi_jtag_dp_scan(struct swjdp_common *swjdp, uint8_t instr, uint8_t reg_addr, uint8_t RnW, uint8_t *outvalue, uint8_t *invalue, uint8_t *ack)
94 struct arm_jtag *jtag_info = swjdp->jtag_info;
95 struct scan_field fields[2];
98 jtag_set_end_state(TAP_IDLE);
99 arm_jtag_set_instr(jtag_info, instr, NULL);
101 /* Add specified number of tck clocks before accessing memory bus */
102 if ((instr == DAP_IR_APACC) && ((reg_addr == AP_REG_DRW)||((reg_addr&0xF0) == AP_REG_BD0))&& (swjdp->memaccess_tck != 0))
103 jtag_add_runtest(swjdp->memaccess_tck, jtag_set_end_state(TAP_IDLE));
105 fields[0].tap = jtag_info->tap;
106 fields[0].num_bits = 3;
107 buf_set_u32(&out_addr_buf, 0, 3, ((reg_addr >> 1) & 0x6) | (RnW & 0x1));
108 fields[0].out_value = &out_addr_buf;
109 fields[0].in_value = ack;
111 fields[1].tap = jtag_info->tap;
112 fields[1].num_bits = 32;
113 fields[1].out_value = outvalue;
114 fields[1].in_value = invalue;
116 jtag_add_dr_scan(2, fields, jtag_get_end_state());
121 /* Scan out and in from host ordered uint32_t variables */
122 int adi_jtag_dp_scan_u32(struct swjdp_common *swjdp, uint8_t instr, uint8_t reg_addr, uint8_t RnW, uint32_t outvalue, uint32_t *invalue, uint8_t *ack)
124 struct arm_jtag *jtag_info = swjdp->jtag_info;
125 struct scan_field fields[2];
126 uint8_t out_value_buf[4];
127 uint8_t out_addr_buf;
129 jtag_set_end_state(TAP_IDLE);
130 arm_jtag_set_instr(jtag_info, instr, NULL);
132 /* Add specified number of tck clocks before accessing memory bus */
133 if ((instr == DAP_IR_APACC) && ((reg_addr == AP_REG_DRW)||((reg_addr&0xF0) == AP_REG_BD0))&& (swjdp->memaccess_tck != 0))
134 jtag_add_runtest(swjdp->memaccess_tck, jtag_set_end_state(TAP_IDLE));
136 fields[0].tap = jtag_info->tap;
137 fields[0].num_bits = 3;
138 buf_set_u32(&out_addr_buf, 0, 3, ((reg_addr >> 1) & 0x6) | (RnW & 0x1));
139 fields[0].out_value = &out_addr_buf;
140 fields[0].in_value = ack;
142 fields[1].tap = jtag_info->tap;
143 fields[1].num_bits = 32;
144 buf_set_u32(out_value_buf, 0, 32, outvalue);
145 fields[1].out_value = out_value_buf;
146 fields[1].in_value = NULL;
150 fields[1].in_value = (uint8_t *)invalue;
151 jtag_add_dr_scan(2, fields, jtag_get_end_state());
153 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t) invalue);
157 jtag_add_dr_scan(2, fields, jtag_get_end_state());
163 /* scan_inout_check adds one extra inscan for DPAP_READ commands to read variables */
164 int scan_inout_check(struct swjdp_common *swjdp, uint8_t instr, uint8_t reg_addr, uint8_t RnW, uint8_t *outvalue, uint8_t *invalue)
166 adi_jtag_dp_scan(swjdp, instr, reg_addr, RnW, outvalue, NULL, NULL);
168 if ((RnW == DPAP_READ) && (invalue != NULL))
170 adi_jtag_dp_scan(swjdp, DAP_IR_DPACC, DP_RDBUFF, DPAP_READ, 0, invalue, &swjdp->ack);
173 /* In TRANS_MODE_ATOMIC all DAP_IR_APACC transactions wait for ack = OK/FAULT and the check CTRL_STAT */
174 if ((instr == DAP_IR_APACC) && (swjdp->trans_mode == TRANS_MODE_ATOMIC))
176 return swjdp_transaction_endcheck(swjdp);
182 int scan_inout_check_u32(struct swjdp_common *swjdp, uint8_t instr, uint8_t reg_addr, uint8_t RnW, uint32_t outvalue, uint32_t *invalue)
184 adi_jtag_dp_scan_u32(swjdp, instr, reg_addr, RnW, outvalue, NULL, NULL);
186 if ((RnW == DPAP_READ) && (invalue != NULL))
188 adi_jtag_dp_scan_u32(swjdp, DAP_IR_DPACC, DP_RDBUFF, DPAP_READ, 0, invalue, &swjdp->ack);
191 /* In TRANS_MODE_ATOMIC all DAP_IR_APACC transactions wait for ack = OK/FAULT and then check CTRL_STAT */
192 if ((instr == DAP_IR_APACC) && (swjdp->trans_mode == TRANS_MODE_ATOMIC))
194 return swjdp_transaction_endcheck(swjdp);
200 int swjdp_transaction_endcheck(struct swjdp_common *swjdp)
205 /* too expensive to call keep_alive() here */
208 /* Danger!!!! BROKEN!!!! */
209 scan_inout_check_u32(swjdp, DAP_IR_DPACC, DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
210 /* Danger!!!! BROKEN!!!! Why will jtag_execute_queue() fail here????
211 R956 introduced the check on return value here and now Michael Schwingen reports
212 that this code no longer works....
214 https://lists.berlios.de/pipermail/openocd-development/2008-September/003107.html
216 if ((retval = jtag_execute_queue()) != ERROR_OK)
218 LOG_ERROR("BUG: Why does this fail the first time????");
220 /* Why??? second time it works??? */
223 scan_inout_check_u32(swjdp, DAP_IR_DPACC, DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
224 if ((retval = jtag_execute_queue()) != ERROR_OK)
227 swjdp->ack = swjdp->ack & 0x7;
231 long long then = timeval_ms();
232 while (swjdp->ack != 2)
236 if ((timeval_ms()-then) > 1000)
238 LOG_WARNING("Timeout (1000ms) waiting for ACK = OK/FAULT in SWJDP transaction");
239 return ERROR_JTAG_DEVICE_ERROR;
244 LOG_WARNING("Invalid ACK in SWJDP transaction");
245 return ERROR_JTAG_DEVICE_ERROR;
248 scan_inout_check_u32(swjdp, DAP_IR_DPACC, DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
249 if ((retval = jtag_execute_queue()) != ERROR_OK)
251 swjdp->ack = swjdp->ack & 0x7;
255 /* common code path avoids fn to timeval_ms() */
258 /* Check for STICKYERR and STICKYORUN */
259 if (ctrlstat & (SSTICKYORUN | SSTICKYERR))
261 LOG_DEBUG("swjdp: CTRL/STAT error 0x%" PRIx32 "", ctrlstat);
262 /* Check power to debug regions */
263 if ((ctrlstat & 0xf0000000) != 0xf0000000)
265 ahbap_debugport_init(swjdp);
269 uint32_t mem_ap_csw, mem_ap_tar;
271 /* Print information about last AHBAP access */
272 LOG_ERROR("AHBAP Cached values: dp_select 0x%" PRIx32 ", ap_csw 0x%" PRIx32 ", ap_tar 0x%" PRIx32 "", swjdp->dp_select_value, swjdp->ap_csw_value, swjdp->ap_tar_value);
273 if (ctrlstat & SSTICKYORUN)
274 LOG_ERROR("SWJ-DP OVERRUN - check clock or reduce jtag speed");
276 if (ctrlstat & SSTICKYERR)
277 LOG_ERROR("SWJ-DP STICKY ERROR");
279 /* Clear Sticky Error Bits */
280 scan_inout_check_u32(swjdp, DAP_IR_DPACC, DP_CTRL_STAT, DPAP_WRITE, swjdp->dp_ctrl_stat | SSTICKYORUN | SSTICKYERR, NULL);
281 scan_inout_check_u32(swjdp, DAP_IR_DPACC, DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
282 if ((retval = jtag_execute_queue()) != ERROR_OK)
285 LOG_DEBUG("swjdp: status 0x%" PRIx32 "", ctrlstat);
287 dap_ap_read_reg_u32(swjdp, AP_REG_CSW, &mem_ap_csw);
288 dap_ap_read_reg_u32(swjdp, AP_REG_TAR, &mem_ap_tar);
289 if ((retval = jtag_execute_queue()) != ERROR_OK)
291 LOG_ERROR("Read MEM_AP_CSW 0x%" PRIx32 ", MEM_AP_TAR 0x%" PRIx32 "", mem_ap_csw, mem_ap_tar);
294 if ((retval = jtag_execute_queue()) != ERROR_OK)
296 return ERROR_JTAG_DEVICE_ERROR;
302 /***************************************************************************
304 * DP and MEM-AP register access through APACC and DPACC *
306 ***************************************************************************/
308 int dap_dp_write_reg(struct swjdp_common *swjdp, uint32_t value, uint8_t reg_addr)
310 return scan_inout_check_u32(swjdp, DAP_IR_DPACC, reg_addr, DPAP_WRITE, value, NULL);
313 int dap_dp_read_reg(struct swjdp_common *swjdp, uint32_t *value, uint8_t reg_addr)
315 return scan_inout_check_u32(swjdp, DAP_IR_DPACC, reg_addr, DPAP_READ, 0, value);
318 int dap_ap_select(struct swjdp_common *swjdp,uint8_t apsel)
321 select = (apsel << 24) & 0xFF000000;
323 if (select != swjdp->apsel)
325 swjdp->apsel = select;
326 /* Switching AP invalidates cached values */
327 swjdp->dp_select_value = -1;
328 swjdp->ap_csw_value = -1;
329 swjdp->ap_tar_value = -1;
335 int dap_dp_bankselect(struct swjdp_common *swjdp,uint32_t ap_reg)
338 select = (ap_reg & 0x000000F0);
340 if (select != swjdp->dp_select_value)
342 dap_dp_write_reg(swjdp, select | swjdp->apsel, DP_SELECT);
343 swjdp->dp_select_value = select;
349 int dap_ap_write_reg(struct swjdp_common *swjdp, uint32_t reg_addr, uint8_t* out_value_buf)
351 dap_dp_bankselect(swjdp, reg_addr);
352 scan_inout_check(swjdp, DAP_IR_APACC, reg_addr, DPAP_WRITE, out_value_buf, NULL);
357 int dap_ap_read_reg(struct swjdp_common *swjdp, uint32_t reg_addr, uint8_t *in_value_buf)
359 dap_dp_bankselect(swjdp, reg_addr);
360 scan_inout_check(swjdp, DAP_IR_APACC, reg_addr, DPAP_READ, 0, in_value_buf);
364 int dap_ap_write_reg_u32(struct swjdp_common *swjdp, uint32_t reg_addr, uint32_t value)
366 uint8_t out_value_buf[4];
368 buf_set_u32(out_value_buf, 0, 32, value);
369 dap_dp_bankselect(swjdp, reg_addr);
370 scan_inout_check(swjdp, DAP_IR_APACC, reg_addr, DPAP_WRITE, out_value_buf, NULL);
375 int dap_ap_read_reg_u32(struct swjdp_common *swjdp, uint32_t reg_addr, uint32_t *value)
377 dap_dp_bankselect(swjdp, reg_addr);
378 scan_inout_check_u32(swjdp, DAP_IR_APACC, reg_addr, DPAP_READ, 0, value);
383 /***************************************************************************
385 * AHB-AP access to memory and system registers on AHB bus *
387 ***************************************************************************/
389 int dap_setup_accessport(struct swjdp_common *swjdp, uint32_t csw, uint32_t tar)
391 csw = csw | CSW_DBGSWENABLE | CSW_MASTER_DEBUG | CSW_HPROT;
392 if (csw != swjdp->ap_csw_value)
394 /* LOG_DEBUG("swjdp : Set CSW %x",csw); */
395 dap_ap_write_reg_u32(swjdp, AP_REG_CSW, csw);
396 swjdp->ap_csw_value = csw;
398 if (tar != swjdp->ap_tar_value)
400 /* LOG_DEBUG("swjdp : Set TAR %x",tar); */
401 dap_ap_write_reg_u32(swjdp, AP_REG_TAR, tar);
402 swjdp->ap_tar_value = tar;
404 if (csw & CSW_ADDRINC_MASK)
406 /* Do not cache TAR value when autoincrementing */
407 swjdp->ap_tar_value = -1;
412 /*****************************************************************************
414 * mem_ap_read_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t *value) *
416 * Read a uint32_t value from memory or system register *
417 * Functionally equivalent to target_read_u32(target, address, uint32_t *value), *
418 * but with less overhead *
419 *****************************************************************************/
420 int mem_ap_read_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t *value)
422 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
424 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_OFF, address & 0xFFFFFFF0);
425 dap_ap_read_reg_u32(swjdp, AP_REG_BD0 | (address & 0xC), value);
430 int mem_ap_read_atomic_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t *value)
432 mem_ap_read_u32(swjdp, address, value);
434 return swjdp_transaction_endcheck(swjdp);
437 /*****************************************************************************
439 * mem_ap_write_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t value) *
441 * Write a uint32_t value to memory or memory mapped register *
443 *****************************************************************************/
444 int mem_ap_write_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t value)
446 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
448 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_OFF, address & 0xFFFFFFF0);
449 dap_ap_write_reg_u32(swjdp, AP_REG_BD0 | (address & 0xC), value);
454 int mem_ap_write_atomic_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t value)
456 mem_ap_write_u32(swjdp, address, value);
458 return swjdp_transaction_endcheck(swjdp);
461 /*****************************************************************************
463 * mem_ap_write_buf(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address) *
465 * Write a buffer in target order (little endian) *
467 *****************************************************************************/
468 int mem_ap_write_buf_u32(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
470 int wcount, blocksize, writecount, errorcount = 0, retval = ERROR_OK;
471 uint32_t adr = address;
472 uint8_t* pBuffer = buffer;
474 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
479 /* if we have an unaligned access - reorder data */
482 for (writecount = 0; writecount < count; writecount++)
486 memcpy(&outvalue, pBuffer, sizeof(uint32_t));
488 for (i = 0; i < 4; i++)
490 *((uint8_t*)pBuffer + (adr & 0x3)) = outvalue;
494 pBuffer += sizeof(uint32_t);
500 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
501 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
502 if (wcount < blocksize)
505 /* handle unaligned data at 4k boundary */
509 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_SINGLE, address);
511 for (writecount = 0; writecount < blocksize; writecount++)
513 dap_ap_write_reg(swjdp, AP_REG_DRW, buffer + 4 * writecount);
516 if (swjdp_transaction_endcheck(swjdp) == ERROR_OK)
518 wcount = wcount - blocksize;
519 address = address + 4 * blocksize;
520 buffer = buffer + 4 * blocksize;
529 LOG_WARNING("Block write error address 0x%" PRIx32 ", wcount 0x%x", address, wcount);
530 return ERROR_JTAG_DEVICE_ERROR;
537 int mem_ap_write_buf_packed_u16(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
539 int retval = ERROR_OK;
540 int wcount, blocksize, writecount, i;
542 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
550 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
551 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
553 if (wcount < blocksize)
556 /* handle unaligned data at 4k boundary */
560 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_PACKED, address);
561 writecount = blocksize;
565 nbytes = MIN((writecount << 1), 4);
569 if (mem_ap_write_buf_u16(swjdp, buffer, nbytes, address) != ERROR_OK)
571 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
572 return ERROR_JTAG_DEVICE_ERROR;
575 address += nbytes >> 1;
580 memcpy(&outvalue, buffer, sizeof(uint32_t));
582 for (i = 0; i < nbytes; i++)
584 *((uint8_t*)buffer + (address & 0x3)) = outvalue;
589 memcpy(&outvalue, buffer, sizeof(uint32_t));
590 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
591 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
593 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
594 return ERROR_JTAG_DEVICE_ERROR;
598 buffer += nbytes >> 1;
599 writecount -= nbytes >> 1;
601 } while (writecount);
608 int mem_ap_write_buf_u16(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
610 int retval = ERROR_OK;
613 return mem_ap_write_buf_packed_u16(swjdp, buffer, count, address);
615 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
619 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_SINGLE, address);
621 memcpy(&svalue, buffer, sizeof(uint16_t));
622 uint32_t outvalue = (uint32_t)svalue << 8 * (address & 0x3);
623 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
624 retval = swjdp_transaction_endcheck(swjdp);
633 int mem_ap_write_buf_packed_u8(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
635 int retval = ERROR_OK;
636 int wcount, blocksize, writecount, i;
638 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
646 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
647 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
649 if (wcount < blocksize)
652 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_PACKED, address);
653 writecount = blocksize;
657 nbytes = MIN(writecount, 4);
661 if (mem_ap_write_buf_u8(swjdp, buffer, nbytes, address) != ERROR_OK)
663 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
664 return ERROR_JTAG_DEVICE_ERROR;
672 memcpy(&outvalue, buffer, sizeof(uint32_t));
674 for (i = 0; i < nbytes; i++)
676 *((uint8_t*)buffer + (address & 0x3)) = outvalue;
681 memcpy(&outvalue, buffer, sizeof(uint32_t));
682 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
683 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
685 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
686 return ERROR_JTAG_DEVICE_ERROR;
691 writecount -= nbytes;
693 } while (writecount);
700 int mem_ap_write_buf_u8(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
702 int retval = ERROR_OK;
705 return mem_ap_write_buf_packed_u8(swjdp, buffer, count, address);
707 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
711 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_SINGLE, address);
712 uint32_t outvalue = (uint32_t)*buffer << 8 * (address & 0x3);
713 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
714 retval = swjdp_transaction_endcheck(swjdp);
723 /*********************************************************************************
725 * mem_ap_read_buf_u32(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address) *
727 * Read block fast in target order (little endian) into a buffer *
729 **********************************************************************************/
730 int mem_ap_read_buf_u32(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
732 int wcount, blocksize, readcount, errorcount = 0, retval = ERROR_OK;
733 uint32_t adr = address;
734 uint8_t* pBuffer = buffer;
736 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
743 /* Adjust to read blocks within boundaries aligned to the TAR autoincremnent size*/
744 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
745 if (wcount < blocksize)
748 /* handle unaligned data at 4k boundary */
752 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_SINGLE, address);
754 /* Scan out first read */
755 adi_jtag_dp_scan(swjdp, DAP_IR_APACC, AP_REG_DRW, DPAP_READ, 0, NULL, NULL);
756 for (readcount = 0; readcount < blocksize - 1; readcount++)
758 /* Scan out read instruction and scan in previous value */
759 adi_jtag_dp_scan(swjdp, DAP_IR_APACC, AP_REG_DRW, DPAP_READ, 0, buffer + 4 * readcount, &swjdp->ack);
762 /* Scan in last value */
763 adi_jtag_dp_scan(swjdp, DAP_IR_DPACC, DP_RDBUFF, DPAP_READ, 0, buffer + 4 * readcount, &swjdp->ack);
764 if (swjdp_transaction_endcheck(swjdp) == ERROR_OK)
766 wcount = wcount - blocksize;
767 address += 4 * blocksize;
768 buffer += 4 * blocksize;
777 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
778 return ERROR_JTAG_DEVICE_ERROR;
782 /* if we have an unaligned access - reorder data */
785 for (readcount = 0; readcount < count; readcount++)
789 memcpy(&data, pBuffer, sizeof(uint32_t));
791 for (i = 0; i < 4; i++)
793 *((uint8_t*)pBuffer) = (data >> 8 * (adr & 0x3));
803 int mem_ap_read_buf_packed_u16(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
806 int retval = ERROR_OK;
807 int wcount, blocksize, readcount, i;
809 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
817 /* Adjust to read blocks within boundaries aligned to the TAR autoincremnent size*/
818 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
819 if (wcount < blocksize)
822 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_PACKED, address);
824 /* handle unaligned data at 4k boundary */
827 readcount = blocksize;
831 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
832 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
834 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
835 return ERROR_JTAG_DEVICE_ERROR;
838 nbytes = MIN((readcount << 1), 4);
840 for (i = 0; i < nbytes; i++)
842 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
847 readcount -= (nbytes >> 1);
855 int mem_ap_read_buf_u16(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
858 int retval = ERROR_OK;
861 return mem_ap_read_buf_packed_u16(swjdp, buffer, count, address);
863 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
867 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_SINGLE, address);
868 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
869 retval = swjdp_transaction_endcheck(swjdp);
872 for (i = 0; i < 2; i++)
874 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
881 uint16_t svalue = (invalue >> 8 * (address & 0x3));
882 memcpy(buffer, &svalue, sizeof(uint16_t));
892 /* FIX!!! is this a potential performance bottleneck w.r.t. requiring too many
893 * roundtrips when jtag_execute_queue() has a large overhead(e.g. for USB)s?
895 * The solution is to arrange for a large out/in scan in this loop and
896 * and convert data afterwards.
898 int mem_ap_read_buf_packed_u8(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
901 int retval = ERROR_OK;
902 int wcount, blocksize, readcount, i;
904 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
912 /* Adjust to read blocks within boundaries aligned to the TAR autoincremnent size*/
913 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
915 if (wcount < blocksize)
918 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_PACKED, address);
919 readcount = blocksize;
923 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
924 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
926 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
927 return ERROR_JTAG_DEVICE_ERROR;
930 nbytes = MIN(readcount, 4);
932 for (i = 0; i < nbytes; i++)
934 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
947 int mem_ap_read_buf_u8(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
950 int retval = ERROR_OK;
953 return mem_ap_read_buf_packed_u8(swjdp, buffer, count, address);
955 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
959 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_SINGLE, address);
960 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
961 retval = swjdp_transaction_endcheck(swjdp);
962 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
974 * @todo Rename this. We also need an initialization scheme which account
975 * for SWD transports not just JTAG; that will need to address differences
976 * in layering. (JTAG is useful without any debug target; but not SWD.)
978 int ahbap_debugport_init(struct swjdp_common *swjdp)
980 uint32_t idreg, romaddr, dummy;
987 /* Default MEM-AP setup.
989 * REVISIT AP #0 may be an inappropriate default for this.
990 * Should we probe, or receve a hint from the caller?
991 * Presumably we can ignore the possibility of multiple APs.
994 swjdp->ap_csw_value = -1;
995 swjdp->ap_tar_value = -1;
997 /* DP initialization */
998 swjdp->trans_mode = TRANS_MODE_ATOMIC;
999 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1000 dap_dp_write_reg(swjdp, SSTICKYERR, DP_CTRL_STAT);
1001 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1003 swjdp->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ;
1005 dap_dp_write_reg(swjdp, swjdp->dp_ctrl_stat, DP_CTRL_STAT);
1006 dap_dp_read_reg(swjdp, &ctrlstat, DP_CTRL_STAT);
1007 if ((retval = jtag_execute_queue()) != ERROR_OK)
1010 /* Check that we have debug power domains activated */
1011 while (!(ctrlstat & CDBGPWRUPACK) && (cnt++ < 10))
1013 LOG_DEBUG("swjdp: wait CDBGPWRUPACK");
1014 dap_dp_read_reg(swjdp, &ctrlstat, DP_CTRL_STAT);
1015 if ((retval = jtag_execute_queue()) != ERROR_OK)
1020 while (!(ctrlstat & CSYSPWRUPACK) && (cnt++ < 10))
1022 LOG_DEBUG("swjdp: wait CSYSPWRUPACK");
1023 dap_dp_read_reg(swjdp, &ctrlstat, DP_CTRL_STAT);
1024 if ((retval = jtag_execute_queue()) != ERROR_OK)
1029 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1030 /* With debug power on we can activate OVERRUN checking */
1031 swjdp->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ | CORUNDETECT;
1032 dap_dp_write_reg(swjdp, swjdp->dp_ctrl_stat, DP_CTRL_STAT);
1033 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1036 * REVISIT this isn't actually *initializing* anything in an AP,
1037 * and doesn't care if it's a MEM-AP at all (much less AHB-AP).
1038 * Should it? If the ROM address is valid, is this the right
1039 * place to scan the table and do any topology detection?
1041 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &idreg);
1042 dap_ap_read_reg_u32(swjdp, AP_REG_BASE, &romaddr);
1044 LOG_DEBUG("AHB-AP ID Register 0x%" PRIx32 ", Debug ROM Address 0x%" PRIx32 "", idreg, romaddr);
1049 /* CID interpretation -- see ARM IHI 0029B section 3
1050 * and ARM IHI 0031A table 13-3.
1052 static const char *class_description[16] ={
1053 "Reserved", "ROM table", "Reserved", "Reserved",
1054 "Reserved", "Reserved", "Reserved", "Reserved",
1055 "Reserved", "CoreSight component", "Reserved", "Peripheral Test Block",
1056 "Reserved", "OptimoDE DESS",
1057 "Generic IP component", "PrimeCell or System component"
1061 is_dap_cid_ok(uint32_t cid3, uint32_t cid2, uint32_t cid1, uint32_t cid0)
1063 return cid3 == 0xb1 && cid2 == 0x05
1064 && ((cid1 & 0x0f) == 0) && cid0 == 0x0d;
1067 int dap_info_command(struct command_context *cmd_ctx, struct swjdp_common *swjdp, int apsel)
1070 uint32_t dbgbase,apid;
1071 int romtable_present = 0;
1075 apselold = swjdp->apsel;
1076 dap_ap_select(swjdp, apsel);
1077 dap_ap_read_reg_u32(swjdp, AP_REG_BASE, &dbgbase);
1078 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &apid);
1079 swjdp_transaction_endcheck(swjdp);
1080 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
1081 mem_ap = ((apid&0x10000) && ((apid&0x0F) != 0));
1082 command_print(cmd_ctx, "ap identification register 0x%8.8" PRIx32 "", apid);
1088 command_print(cmd_ctx, "\tType is jtag-ap");
1091 command_print(cmd_ctx, "\tType is mem-ap AHB");
1094 command_print(cmd_ctx, "\tType is mem-ap APB");
1097 command_print(cmd_ctx, "\tUnknown AP-type");
1100 command_print(cmd_ctx, "ap debugbase 0x%8.8" PRIx32 "", dbgbase);
1104 command_print(cmd_ctx, "No AP found at this apsel 0x%x", apsel);
1107 romtable_present = ((mem_ap) && (dbgbase != 0xFFFFFFFF));
1108 if (romtable_present)
1110 uint32_t cid0,cid1,cid2,cid3,memtype,romentry;
1111 uint16_t entry_offset;
1113 /* bit 16 of apid indicates a memory access port */
1115 command_print(cmd_ctx, "\tValid ROM table present");
1117 command_print(cmd_ctx, "\tROM table in legacy format");
1119 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
1120 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFF0, &cid0);
1121 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFF4, &cid1);
1122 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFF8, &cid2);
1123 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFFC, &cid3);
1124 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFCC, &memtype);
1125 swjdp_transaction_endcheck(swjdp);
1126 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
1127 command_print(cmd_ctx, "\tCID3 0x%2.2" PRIx32
1128 ", CID2 0x%2.2" PRIx32
1129 ", CID1 0x%2.2" PRIx32
1130 ", CID0 0x%2.2" PRIx32,
1131 cid3, cid2, cid1, cid0);
1133 command_print(cmd_ctx, "\tMEMTYPE system memory present on bus");
1135 command_print(cmd_ctx, "\tMEMTYPE System memory not present. "
1136 "Dedicated debug bus.");
1138 /* Now we read ROM table entries from dbgbase&0xFFFFF000) | 0x000 until we get 0x00000000 */
1142 mem_ap_read_atomic_u32(swjdp, (dbgbase&0xFFFFF000) | entry_offset, &romentry);
1143 command_print(cmd_ctx, "\tROMTABLE[0x%x] = 0x%" PRIx32 "",entry_offset,romentry);
1146 uint32_t c_cid0, c_cid1, c_cid2, c_cid3;
1147 uint32_t c_pid0, c_pid1, c_pid2, c_pid3, c_pid4;
1148 uint32_t component_start, component_base;
1152 component_base = (uint32_t)((dbgbase & 0xFFFFF000)
1153 + (int)(romentry & 0xFFFFF000));
1154 mem_ap_read_atomic_u32(swjdp,
1155 (component_base & 0xFFFFF000) | 0xFE0, &c_pid0);
1156 mem_ap_read_atomic_u32(swjdp,
1157 (component_base & 0xFFFFF000) | 0xFE4, &c_pid1);
1158 mem_ap_read_atomic_u32(swjdp,
1159 (component_base & 0xFFFFF000) | 0xFE8, &c_pid2);
1160 mem_ap_read_atomic_u32(swjdp,
1161 (component_base & 0xFFFFF000) | 0xFEC, &c_pid3);
1162 mem_ap_read_atomic_u32(swjdp,
1163 (component_base & 0xFFFFF000) | 0xFD0, &c_pid4);
1164 mem_ap_read_atomic_u32(swjdp,
1165 (component_base & 0xFFFFF000) | 0xFF0, &c_cid0);
1166 mem_ap_read_atomic_u32(swjdp,
1167 (component_base & 0xFFFFF000) | 0xFF4, &c_cid1);
1168 mem_ap_read_atomic_u32(swjdp,
1169 (component_base & 0xFFFFF000) | 0xFF8, &c_cid2);
1170 mem_ap_read_atomic_u32(swjdp,
1171 (component_base & 0xFFFFF000) | 0xFFC, &c_cid3);
1172 component_start = component_base - 0x1000*(c_pid4 >> 4);
1174 command_print(cmd_ctx, "\t\tComponent base address 0x%" PRIx32
1175 ", start address 0x%" PRIx32,
1176 component_base, component_start);
1177 command_print(cmd_ctx, "\t\tComponent class is 0x%x, %s",
1178 (int) (c_cid1 >> 4) & 0xf,
1179 /* See ARM IHI 0029B Table 3-3 */
1180 class_description[(c_cid1 >> 4) & 0xf]);
1182 /* CoreSight component? */
1183 if (((c_cid1 >> 4) & 0x0f) == 9) {
1186 char *major = "Reserved", *subtype = "Reserved";
1188 mem_ap_read_atomic_u32(swjdp,
1189 (component_base & 0xfffff000) | 0xfcc,
1191 minor = (devtype >> 4) & 0x0f;
1192 switch (devtype & 0x0f) {
1194 major = "Miscellaneous";
1200 subtype = "Validation component";
1205 major = "Trace Sink";
1219 major = "Trace Link";
1225 subtype = "Funnel, router";
1231 subtype = "FIFO, buffer";
1236 major = "Trace Source";
1242 subtype = "Processor";
1248 subtype = "Engine/Coprocessor";
1256 major = "Debug Control";
1262 subtype = "Trigger Matrix";
1265 subtype = "Debug Auth";
1270 major = "Debug Logic";
1276 subtype = "Processor";
1282 subtype = "Engine/Coprocessor";
1287 command_print(cmd_ctx, "\t\tType is 0x%2.2x, %s, %s",
1288 (unsigned) (devtype & 0xff),
1290 /* REVISIT also show 0xfc8 DevId */
1293 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
1294 command_print(cmd_ctx, "\t\tCID3 0x%2.2" PRIx32
1295 ", CID2 0x%2.2" PRIx32
1296 ", CID1 0x%2.2" PRIx32
1297 ", CID0 0x%2.2" PRIx32,
1298 c_cid3, c_cid2, c_cid1, c_cid0);
1299 command_print(cmd_ctx, "\t\tPeripheral ID[4..0] = hex "
1300 "%2.2x %2.2x %2.2x %2.2x %2.2x",
1302 (int) c_pid3, (int) c_pid2,
1303 (int) c_pid1, (int) c_pid0);
1305 /* Part number interpretations are from Cortex
1306 * core specs, the CoreSight components TRM
1307 * (ARM DDI 0314H), and ETM specs; also from
1308 * chip observation (e.g. TI SDTI).
1310 part_num = c_pid0 & 0xff;
1311 part_num |= (c_pid1 & 0x0f) << 8;
1314 type = "Cortex-M3 NVIC";
1315 full = "(Interrupt Controller)";
1318 type = "Cortex-M3 ITM";
1319 full = "(Instrumentation Trace Module)";
1322 type = "Cortex-M3 DWT";
1323 full = "(Data Watchpoint and Trace)";
1326 type = "Cortex-M3 FBP";
1327 full = "(Flash Patch and Breakpoint)";
1330 type = "CoreSight ETM11";
1331 full = "(Embedded Trace)";
1333 // case 0x113: what?
1334 case 0x120: /* from OMAP3 memmap */
1336 full = "(System Debug Trace Interface)";
1338 case 0x343: /* from OMAP3 memmap */
1343 type = "Cortex-M3 ETM";
1344 full = "(Embedded Trace)";
1347 type = "Coresight CTI";
1348 full = "(Cross Trigger)";
1351 type = "Coresight ETB";
1352 full = "(Trace Buffer)";
1355 type = "Coresight CSTF";
1356 full = "(Trace Funnel)";
1359 type = "CoreSight ETM9";
1360 full = "(Embedded Trace)";
1363 type = "Coresight TPIU";
1364 full = "(Trace Port Interface Unit)";
1367 type = "Cortex-A8 ETM";
1368 full = "(Embedded Trace)";
1371 type = "Cortex-A8 CTI";
1372 full = "(Cross Trigger)";
1375 type = "Cortex-M3 TPIU";
1376 full = "(Trace Port Interface Unit)";
1379 type = "Cortex-A8 Debug";
1380 full = "(Debug Unit)";
1383 type = "-*- unrecognized -*-";
1387 command_print(cmd_ctx, "\t\tPart is %s %s",
1393 command_print(cmd_ctx, "\t\tComponent not present");
1395 command_print(cmd_ctx, "\t\tEnd of ROM table");
1398 } while (romentry > 0);
1402 command_print(cmd_ctx, "\tNo ROM table present");
1404 dap_ap_select(swjdp, apselold);
1409 DAP_COMMAND_HANDLER(dap_baseaddr_command)
1411 uint32_t apsel, apselsave, baseaddr;
1414 apselsave = swjdp->apsel;
1417 apsel = swjdp->apsel;
1420 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1423 return ERROR_COMMAND_SYNTAX_ERROR;
1426 if (apselsave != apsel)
1427 dap_ap_select(swjdp, apsel);
1429 dap_ap_read_reg_u32(swjdp, AP_REG_BASE, &baseaddr);
1430 retval = swjdp_transaction_endcheck(swjdp);
1431 command_print(CMD_CTX, "0x%8.8" PRIx32, baseaddr);
1433 if (apselsave != apsel)
1434 dap_ap_select(swjdp, apselsave);
1439 DAP_COMMAND_HANDLER(dap_memaccess_command)
1441 uint32_t memaccess_tck;
1445 memaccess_tck = swjdp->memaccess_tck;
1448 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], memaccess_tck);
1451 return ERROR_COMMAND_SYNTAX_ERROR;
1453 swjdp->memaccess_tck = memaccess_tck;
1455 command_print(CMD_CTX, "memory bus access delay set to %" PRIi32 " tck",
1456 swjdp->memaccess_tck);
1461 DAP_COMMAND_HANDLER(dap_apsel_command)
1463 uint32_t apsel, apid;
1471 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1474 return ERROR_COMMAND_SYNTAX_ERROR;
1477 dap_ap_select(swjdp, apsel);
1478 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &apid);
1479 retval = swjdp_transaction_endcheck(swjdp);
1480 command_print(CMD_CTX, "ap %" PRIi32 " selected, identification register 0x%8.8" PRIx32,
1486 DAP_COMMAND_HANDLER(dap_apid_command)
1488 uint32_t apsel, apselsave, apid;
1491 apselsave = swjdp->apsel;
1494 apsel = swjdp->apsel;
1497 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1500 return ERROR_COMMAND_SYNTAX_ERROR;
1503 if (apselsave != apsel)
1504 dap_ap_select(swjdp, apsel);
1506 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &apid);
1507 retval = swjdp_transaction_endcheck(swjdp);
1508 command_print(CMD_CTX, "0x%8.8" PRIx32, apid);
1509 if (apselsave != apsel)
1510 dap_ap_select(swjdp, apselsave);