1 /***************************************************************************
2 * Copyright (C) 2006 by Magnus Lundin *
5 * Copyright (C) 2008 by Spencer Oliver *
6 * spen@spen-soft.co.uk *
8 * Copyright (C) 2009 by Oyvind Harboe *
9 * oyvind.harboe@zylin.com *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
29 * This file implements support for the ARM Debug Interface version 5 (ADIv5)
30 * debugging architecture. Compared with previous versions, this includes
31 * a low pin-count Serial Wire Debug (SWD) alternative to JTAG for message
32 * transport, and focusses on memory mapped resources as defined by the
33 * CoreSight architecture.
35 * A key concept in ADIv5 is the Debug Access Port, or DAP. A DAP has two
36 * basic components: a Debug Port (DP) transporting messages to and from a
37 * debugger, and an Access Port (AP) accessing resources. Three types of DP
38 * are defined. One uses only JTAG for communication, and is called JTAG-DP.
39 * One uses only SWD for communication, and is called SW-DP. The third can
40 * use either SWD or JTAG, and is called SWJ-DP. The most common type of AP
41 * is used to access memory mapped resources and is called a MEM-AP. Also a
42 * JTAG-AP is also defined, bridging to JTAG resources; those are uncommon.
46 * Relevant specifications from ARM include:
48 * ARM(tm) Debug Interface v5 Architecture Specification ARM IHI 0031A
49 * CoreSight(tm) v1.0 Architecture Specification ARM IHI 0029B
51 * CoreSight(tm) DAP-Lite TRM, ARM DDI 0316D
52 * Cortex-M3(tm) TRM, ARM DDI 0337G
59 #include "arm_adi_v5.h"
60 #include <helper/time_support.h>
64 * swjdp->trans_mode = TRANS_MODE_COMPOSITE;
65 * Uses Overrun checking mode and does not do actual JTAG send/receive or transaction
66 * result checking until swjdp_end_transaction()
67 * This must be done before using or deallocating any return variables.
68 * swjdp->trans_mode == TRANS_MODE_ATOMIC
69 * All reads and writes to the AHB bus are checked for valid completion, and return values
70 * are immediatley available.
74 /* ARM ADI Specification requires at least 10 bits used for TAR autoincrement */
77 uint32_t tar_block_size(uint32_t address)
78 Return the largest block starting at address that does not cross a tar block size alignment boundary
80 static uint32_t max_tar_block_size(uint32_t tar_autoincr_block, uint32_t address)
82 return (tar_autoincr_block - ((tar_autoincr_block - 1) & address)) >> 2;
85 /***************************************************************************
87 * DPACC and APACC scanchain access through JTAG-DP *
89 ***************************************************************************/
91 /* Scan out and in from target ordered uint8_t buffers */
92 static int adi_jtag_dp_scan(struct swjdp_common *swjdp,
93 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
94 uint8_t *outvalue, uint8_t *invalue, uint8_t *ack)
96 struct arm_jtag *jtag_info = swjdp->jtag_info;
97 struct scan_field fields[2];
100 jtag_set_end_state(TAP_IDLE);
101 arm_jtag_set_instr(jtag_info, instr, NULL);
103 /* Add specified number of tck clocks before accessing memory bus */
104 if ((instr == JTAG_DP_APACC)
105 && ((reg_addr == AP_REG_DRW)
106 || ((reg_addr & 0xF0) == AP_REG_BD0))
107 && (swjdp->memaccess_tck != 0))
108 jtag_add_runtest(swjdp->memaccess_tck, jtag_set_end_state(TAP_IDLE));
110 fields[0].tap = jtag_info->tap;
111 fields[0].num_bits = 3;
112 buf_set_u32(&out_addr_buf, 0, 3, ((reg_addr >> 1) & 0x6) | (RnW & 0x1));
113 fields[0].out_value = &out_addr_buf;
114 fields[0].in_value = ack;
116 fields[1].tap = jtag_info->tap;
117 fields[1].num_bits = 32;
118 fields[1].out_value = outvalue;
119 fields[1].in_value = invalue;
121 jtag_add_dr_scan(2, fields, jtag_get_end_state());
126 /* Scan out and in from host ordered uint32_t variables */
127 static int adi_jtag_dp_scan_u32(struct swjdp_common *swjdp,
128 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
129 uint32_t outvalue, uint32_t *invalue, uint8_t *ack)
131 struct arm_jtag *jtag_info = swjdp->jtag_info;
132 struct scan_field fields[2];
133 uint8_t out_value_buf[4];
134 uint8_t out_addr_buf;
136 jtag_set_end_state(TAP_IDLE);
137 arm_jtag_set_instr(jtag_info, instr, NULL);
139 /* Add specified number of tck clocks before accessing memory bus */
140 if ((instr == JTAG_DP_APACC)
141 && ((reg_addr == AP_REG_DRW)
142 || ((reg_addr & 0xF0) == AP_REG_BD0))
143 && (swjdp->memaccess_tck != 0))
144 jtag_add_runtest(swjdp->memaccess_tck, jtag_set_end_state(TAP_IDLE));
146 fields[0].tap = jtag_info->tap;
147 fields[0].num_bits = 3;
148 buf_set_u32(&out_addr_buf, 0, 3, ((reg_addr >> 1) & 0x6) | (RnW & 0x1));
149 fields[0].out_value = &out_addr_buf;
150 fields[0].in_value = ack;
152 fields[1].tap = jtag_info->tap;
153 fields[1].num_bits = 32;
154 buf_set_u32(out_value_buf, 0, 32, outvalue);
155 fields[1].out_value = out_value_buf;
156 fields[1].in_value = NULL;
160 fields[1].in_value = (uint8_t *)invalue;
161 jtag_add_dr_scan(2, fields, jtag_get_end_state());
163 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t) invalue);
167 jtag_add_dr_scan(2, fields, jtag_get_end_state());
173 /* scan_inout_check adds one extra inscan for DPAP_READ commands to read variables */
174 static int scan_inout_check(struct swjdp_common *swjdp,
175 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
176 uint8_t *outvalue, uint8_t *invalue)
178 adi_jtag_dp_scan(swjdp, instr, reg_addr, RnW, outvalue, NULL, NULL);
180 if ((RnW == DPAP_READ) && (invalue != NULL))
181 adi_jtag_dp_scan(swjdp, JTAG_DP_DPACC,
182 DP_RDBUFF, DPAP_READ, 0, invalue, &swjdp->ack);
184 /* In TRANS_MODE_ATOMIC all JTAG_DP_APACC transactions wait for
185 * ack = OK/FAULT and the check CTRL_STAT
187 if ((instr == JTAG_DP_APACC)
188 && (swjdp->trans_mode == TRANS_MODE_ATOMIC))
189 return swjdp_transaction_endcheck(swjdp);
194 static int scan_inout_check_u32(struct swjdp_common *swjdp,
195 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
196 uint32_t outvalue, uint32_t *invalue)
198 /* Issue the read or write */
199 adi_jtag_dp_scan_u32(swjdp, instr, reg_addr, RnW, outvalue, NULL, NULL);
201 /* For reads, collect posted value; RDBUFF has no other effect.
202 * Assumes read gets acked with OK/FAULT, and CTRL_STAT says "OK".
204 if ((RnW == DPAP_READ) && (invalue != NULL))
205 adi_jtag_dp_scan_u32(swjdp, JTAG_DP_DPACC,
206 DP_RDBUFF, DPAP_READ, 0, invalue, &swjdp->ack);
208 /* In TRANS_MODE_ATOMIC all JTAG_DP_APACC transactions wait for
209 * ack = OK/FAULT and then check CTRL_STAT
211 if ((instr == JTAG_DP_APACC)
212 && (swjdp->trans_mode == TRANS_MODE_ATOMIC))
213 return swjdp_transaction_endcheck(swjdp);
218 int swjdp_transaction_endcheck(struct swjdp_common *swjdp)
223 /* too expensive to call keep_alive() here */
226 /* Danger!!!! BROKEN!!!! */
227 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
228 DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
229 /* Danger!!!! BROKEN!!!! Why will jtag_execute_queue() fail here????
230 R956 introduced the check on return value here and now Michael Schwingen reports
231 that this code no longer works....
233 https://lists.berlios.de/pipermail/openocd-development/2008-September/003107.html
235 if ((retval = jtag_execute_queue()) != ERROR_OK)
237 LOG_ERROR("BUG: Why does this fail the first time????");
239 /* Why??? second time it works??? */
242 /* Post CTRL/STAT read; discard any previous posted read value
243 * but collect its ACK status.
245 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
246 DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
247 if ((retval = jtag_execute_queue()) != ERROR_OK)
250 swjdp->ack = swjdp->ack & 0x7;
254 long long then = timeval_ms();
255 while (swjdp->ack != 2)
259 if ((timeval_ms()-then) > 1000)
261 /* NOTE: this would be a good spot
262 * to use JTAG_DP_ABORT.
264 LOG_WARNING("Timeout (1000ms) waiting "
266 "in JTAG-DP transaction");
267 return ERROR_JTAG_DEVICE_ERROR;
272 LOG_WARNING("Invalid ACK "
273 "in JTAG-DP transaction");
274 return ERROR_JTAG_DEVICE_ERROR;
277 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
278 DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
279 if ((retval = jtag_execute_queue()) != ERROR_OK)
281 swjdp->ack = swjdp->ack & 0x7;
285 /* common code path avoids fn to timeval_ms() */
288 /* Check for STICKYERR and STICKYORUN */
289 if (ctrlstat & (SSTICKYORUN | SSTICKYERR))
291 LOG_DEBUG("swjdp: CTRL/STAT error 0x%" PRIx32 "", ctrlstat);
292 /* Check power to debug regions */
293 if ((ctrlstat & 0xf0000000) != 0xf0000000)
295 ahbap_debugport_init(swjdp);
299 uint32_t mem_ap_csw, mem_ap_tar;
301 /* Print information about last AHBAP access */
302 LOG_ERROR("AHBAP Cached values: dp_select 0x%" PRIx32 ", ap_csw 0x%" PRIx32 ", ap_tar 0x%" PRIx32 "", swjdp->dp_select_value, swjdp->ap_csw_value, swjdp->ap_tar_value);
303 if (ctrlstat & SSTICKYORUN)
304 LOG_ERROR("JTAG-DP OVERRUN - "
305 "check clock or reduce jtag speed");
307 if (ctrlstat & SSTICKYERR)
308 LOG_ERROR("JTAG-DP STICKY ERROR");
310 /* Clear Sticky Error Bits */
311 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
312 DP_CTRL_STAT, DPAP_WRITE,
313 swjdp->dp_ctrl_stat | SSTICKYORUN
315 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
316 DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
317 if ((retval = jtag_execute_queue()) != ERROR_OK)
320 LOG_DEBUG("swjdp: status 0x%" PRIx32 "", ctrlstat);
322 dap_ap_read_reg_u32(swjdp, AP_REG_CSW, &mem_ap_csw);
323 dap_ap_read_reg_u32(swjdp, AP_REG_TAR, &mem_ap_tar);
324 if ((retval = jtag_execute_queue()) != ERROR_OK)
326 LOG_ERROR("Read MEM_AP_CSW 0x%" PRIx32 ", MEM_AP_TAR 0x%" PRIx32 "", mem_ap_csw, mem_ap_tar);
329 if ((retval = jtag_execute_queue()) != ERROR_OK)
331 return ERROR_JTAG_DEVICE_ERROR;
337 /***************************************************************************
339 * DP and MEM-AP register access through APACC and DPACC *
341 ***************************************************************************/
343 static int dap_dp_write_reg(struct swjdp_common *swjdp,
344 uint32_t value, uint8_t reg_addr)
346 return scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
347 reg_addr, DPAP_WRITE, value, NULL);
350 static int dap_dp_read_reg(struct swjdp_common *swjdp,
351 uint32_t *value, uint8_t reg_addr)
353 return scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
354 reg_addr, DPAP_READ, 0, value);
357 int dap_ap_select(struct swjdp_common *swjdp,uint8_t apsel)
360 select = (apsel << 24) & 0xFF000000;
362 if (select != swjdp->apsel)
364 swjdp->apsel = select;
365 /* Switching AP invalidates cached values */
366 swjdp->dp_select_value = -1;
367 swjdp->ap_csw_value = -1;
368 swjdp->ap_tar_value = -1;
374 static int dap_dp_bankselect(struct swjdp_common *swjdp, uint32_t ap_reg)
377 select = (ap_reg & 0x000000F0);
379 if (select != swjdp->dp_select_value)
381 dap_dp_write_reg(swjdp, select | swjdp->apsel, DP_SELECT);
382 swjdp->dp_select_value = select;
388 static int dap_ap_write_reg(struct swjdp_common *swjdp,
389 uint32_t reg_addr, uint8_t *out_value_buf)
391 dap_dp_bankselect(swjdp, reg_addr);
392 scan_inout_check(swjdp, JTAG_DP_APACC, reg_addr,
393 DPAP_WRITE, out_value_buf, NULL);
398 int dap_ap_write_reg_u32(struct swjdp_common *swjdp, uint32_t reg_addr, uint32_t value)
400 uint8_t out_value_buf[4];
402 buf_set_u32(out_value_buf, 0, 32, value);
403 dap_dp_bankselect(swjdp, reg_addr);
404 scan_inout_check(swjdp, JTAG_DP_APACC, reg_addr,
405 DPAP_WRITE, out_value_buf, NULL);
410 int dap_ap_read_reg_u32(struct swjdp_common *swjdp, uint32_t reg_addr, uint32_t *value)
412 dap_dp_bankselect(swjdp, reg_addr);
413 scan_inout_check_u32(swjdp, JTAG_DP_APACC, reg_addr,
414 DPAP_READ, 0, value);
419 /***************************************************************************
421 * AHB-AP access to memory and system registers on AHB bus *
423 ***************************************************************************/
425 int dap_setup_accessport(struct swjdp_common *swjdp, uint32_t csw, uint32_t tar)
427 csw = csw | CSW_DBGSWENABLE | CSW_MASTER_DEBUG | CSW_HPROT;
428 if (csw != swjdp->ap_csw_value)
430 /* LOG_DEBUG("swjdp : Set CSW %x",csw); */
431 dap_ap_write_reg_u32(swjdp, AP_REG_CSW, csw);
432 swjdp->ap_csw_value = csw;
434 if (tar != swjdp->ap_tar_value)
436 /* LOG_DEBUG("swjdp : Set TAR %x",tar); */
437 dap_ap_write_reg_u32(swjdp, AP_REG_TAR, tar);
438 swjdp->ap_tar_value = tar;
440 if (csw & CSW_ADDRINC_MASK)
442 /* Do not cache TAR value when autoincrementing */
443 swjdp->ap_tar_value = -1;
448 /*****************************************************************************
450 * mem_ap_read_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t *value) *
452 * Read a uint32_t value from memory or system register *
453 * Functionally equivalent to target_read_u32(target, address, uint32_t *value), *
454 * but with less overhead *
455 *****************************************************************************/
456 int mem_ap_read_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t *value)
458 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
460 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_OFF, address & 0xFFFFFFF0);
461 dap_ap_read_reg_u32(swjdp, AP_REG_BD0 | (address & 0xC), value);
466 int mem_ap_read_atomic_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t *value)
468 mem_ap_read_u32(swjdp, address, value);
470 return swjdp_transaction_endcheck(swjdp);
473 /*****************************************************************************
475 * mem_ap_write_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t value) *
477 * Write a uint32_t value to memory or memory mapped register *
479 *****************************************************************************/
480 int mem_ap_write_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t value)
482 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
484 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_OFF, address & 0xFFFFFFF0);
485 dap_ap_write_reg_u32(swjdp, AP_REG_BD0 | (address & 0xC), value);
490 int mem_ap_write_atomic_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t value)
492 mem_ap_write_u32(swjdp, address, value);
494 return swjdp_transaction_endcheck(swjdp);
497 /*****************************************************************************
499 * mem_ap_write_buf(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address) *
501 * Write a buffer in target order (little endian) *
503 *****************************************************************************/
504 int mem_ap_write_buf_u32(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
506 int wcount, blocksize, writecount, errorcount = 0, retval = ERROR_OK;
507 uint32_t adr = address;
508 uint8_t* pBuffer = buffer;
510 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
515 /* if we have an unaligned access - reorder data */
518 for (writecount = 0; writecount < count; writecount++)
522 memcpy(&outvalue, pBuffer, sizeof(uint32_t));
524 for (i = 0; i < 4; i++)
526 *((uint8_t*)pBuffer + (adr & 0x3)) = outvalue;
530 pBuffer += sizeof(uint32_t);
536 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
537 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
538 if (wcount < blocksize)
541 /* handle unaligned data at 4k boundary */
545 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_SINGLE, address);
547 for (writecount = 0; writecount < blocksize; writecount++)
549 dap_ap_write_reg(swjdp, AP_REG_DRW, buffer + 4 * writecount);
552 if (swjdp_transaction_endcheck(swjdp) == ERROR_OK)
554 wcount = wcount - blocksize;
555 address = address + 4 * blocksize;
556 buffer = buffer + 4 * blocksize;
565 LOG_WARNING("Block write error address 0x%" PRIx32 ", wcount 0x%x", address, wcount);
566 return ERROR_JTAG_DEVICE_ERROR;
573 static int mem_ap_write_buf_packed_u16(struct swjdp_common *swjdp,
574 uint8_t *buffer, int count, uint32_t address)
576 int retval = ERROR_OK;
577 int wcount, blocksize, writecount, i;
579 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
587 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
588 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
590 if (wcount < blocksize)
593 /* handle unaligned data at 4k boundary */
597 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_PACKED, address);
598 writecount = blocksize;
602 nbytes = MIN((writecount << 1), 4);
606 if (mem_ap_write_buf_u16(swjdp, buffer, nbytes, address) != ERROR_OK)
608 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
609 return ERROR_JTAG_DEVICE_ERROR;
612 address += nbytes >> 1;
617 memcpy(&outvalue, buffer, sizeof(uint32_t));
619 for (i = 0; i < nbytes; i++)
621 *((uint8_t*)buffer + (address & 0x3)) = outvalue;
626 memcpy(&outvalue, buffer, sizeof(uint32_t));
627 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
628 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
630 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
631 return ERROR_JTAG_DEVICE_ERROR;
635 buffer += nbytes >> 1;
636 writecount -= nbytes >> 1;
638 } while (writecount);
645 int mem_ap_write_buf_u16(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
647 int retval = ERROR_OK;
650 return mem_ap_write_buf_packed_u16(swjdp, buffer, count, address);
652 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
656 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_SINGLE, address);
658 memcpy(&svalue, buffer, sizeof(uint16_t));
659 uint32_t outvalue = (uint32_t)svalue << 8 * (address & 0x3);
660 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
661 retval = swjdp_transaction_endcheck(swjdp);
670 static int mem_ap_write_buf_packed_u8(struct swjdp_common *swjdp,
671 uint8_t *buffer, int count, uint32_t address)
673 int retval = ERROR_OK;
674 int wcount, blocksize, writecount, i;
676 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
684 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
685 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
687 if (wcount < blocksize)
690 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_PACKED, address);
691 writecount = blocksize;
695 nbytes = MIN(writecount, 4);
699 if (mem_ap_write_buf_u8(swjdp, buffer, nbytes, address) != ERROR_OK)
701 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
702 return ERROR_JTAG_DEVICE_ERROR;
710 memcpy(&outvalue, buffer, sizeof(uint32_t));
712 for (i = 0; i < nbytes; i++)
714 *((uint8_t*)buffer + (address & 0x3)) = outvalue;
719 memcpy(&outvalue, buffer, sizeof(uint32_t));
720 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
721 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
723 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
724 return ERROR_JTAG_DEVICE_ERROR;
729 writecount -= nbytes;
731 } while (writecount);
738 int mem_ap_write_buf_u8(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
740 int retval = ERROR_OK;
743 return mem_ap_write_buf_packed_u8(swjdp, buffer, count, address);
745 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
749 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_SINGLE, address);
750 uint32_t outvalue = (uint32_t)*buffer << 8 * (address & 0x3);
751 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
752 retval = swjdp_transaction_endcheck(swjdp);
761 /*********************************************************************************
763 * mem_ap_read_buf_u32(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address) *
765 * Read block fast in target order (little endian) into a buffer *
767 **********************************************************************************/
768 int mem_ap_read_buf_u32(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
770 int wcount, blocksize, readcount, errorcount = 0, retval = ERROR_OK;
771 uint32_t adr = address;
772 uint8_t* pBuffer = buffer;
774 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
781 /* Adjust to read blocks within boundaries aligned to the TAR autoincremnent size*/
782 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
783 if (wcount < blocksize)
786 /* handle unaligned data at 4k boundary */
790 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_SINGLE, address);
792 /* Scan out first read */
793 adi_jtag_dp_scan(swjdp, JTAG_DP_APACC, AP_REG_DRW,
794 DPAP_READ, 0, NULL, NULL);
795 for (readcount = 0; readcount < blocksize - 1; readcount++)
797 /* Scan out next read; scan in posted value for the
798 * previous one. Assumes read is acked "OK/FAULT",
799 * and CTRL_STAT says that meant "OK".
801 adi_jtag_dp_scan(swjdp, JTAG_DP_APACC, AP_REG_DRW,
802 DPAP_READ, 0, buffer + 4 * readcount,
806 /* Scan in last posted value; RDBUFF has no other effect,
807 * assuming ack is OK/FAULT and CTRL_STAT says "OK".
809 adi_jtag_dp_scan(swjdp, JTAG_DP_DPACC, DP_RDBUFF,
810 DPAP_READ, 0, buffer + 4 * readcount,
812 if (swjdp_transaction_endcheck(swjdp) == ERROR_OK)
814 wcount = wcount - blocksize;
815 address += 4 * blocksize;
816 buffer += 4 * blocksize;
825 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
826 return ERROR_JTAG_DEVICE_ERROR;
830 /* if we have an unaligned access - reorder data */
833 for (readcount = 0; readcount < count; readcount++)
837 memcpy(&data, pBuffer, sizeof(uint32_t));
839 for (i = 0; i < 4; i++)
841 *((uint8_t*)pBuffer) = (data >> 8 * (adr & 0x3));
851 static int mem_ap_read_buf_packed_u16(struct swjdp_common *swjdp,
852 uint8_t *buffer, int count, uint32_t address)
855 int retval = ERROR_OK;
856 int wcount, blocksize, readcount, i;
858 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
866 /* Adjust to read blocks within boundaries aligned to the TAR autoincremnent size*/
867 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
868 if (wcount < blocksize)
871 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_PACKED, address);
873 /* handle unaligned data at 4k boundary */
876 readcount = blocksize;
880 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
881 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
883 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
884 return ERROR_JTAG_DEVICE_ERROR;
887 nbytes = MIN((readcount << 1), 4);
889 for (i = 0; i < nbytes; i++)
891 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
896 readcount -= (nbytes >> 1);
904 int mem_ap_read_buf_u16(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
907 int retval = ERROR_OK;
910 return mem_ap_read_buf_packed_u16(swjdp, buffer, count, address);
912 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
916 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_SINGLE, address);
917 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
918 retval = swjdp_transaction_endcheck(swjdp);
921 for (i = 0; i < 2; i++)
923 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
930 uint16_t svalue = (invalue >> 8 * (address & 0x3));
931 memcpy(buffer, &svalue, sizeof(uint16_t));
941 /* FIX!!! is this a potential performance bottleneck w.r.t. requiring too many
942 * roundtrips when jtag_execute_queue() has a large overhead(e.g. for USB)s?
944 * The solution is to arrange for a large out/in scan in this loop and
945 * and convert data afterwards.
947 static int mem_ap_read_buf_packed_u8(struct swjdp_common *swjdp,
948 uint8_t *buffer, int count, uint32_t address)
951 int retval = ERROR_OK;
952 int wcount, blocksize, readcount, i;
954 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
962 /* Adjust to read blocks within boundaries aligned to the TAR autoincremnent size*/
963 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
965 if (wcount < blocksize)
968 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_PACKED, address);
969 readcount = blocksize;
973 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
974 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
976 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
977 return ERROR_JTAG_DEVICE_ERROR;
980 nbytes = MIN(readcount, 4);
982 for (i = 0; i < nbytes; i++)
984 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
997 int mem_ap_read_buf_u8(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
1000 int retval = ERROR_OK;
1003 return mem_ap_read_buf_packed_u8(swjdp, buffer, count, address);
1005 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
1009 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_SINGLE, address);
1010 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
1011 retval = swjdp_transaction_endcheck(swjdp);
1012 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
1024 * @todo Rename this. We also need an initialization scheme which account
1025 * for SWD transports not just JTAG; that will need to address differences
1026 * in layering. (JTAG is useful without any debug target; but not SWD.)
1028 int ahbap_debugport_init(struct swjdp_common *swjdp)
1030 uint32_t idreg, romaddr, dummy;
1037 /* Default MEM-AP setup.
1039 * REVISIT AP #0 may be an inappropriate default for this.
1040 * Should we probe, or receve a hint from the caller?
1041 * Presumably we can ignore the possibility of multiple APs.
1044 swjdp->ap_csw_value = -1;
1045 swjdp->ap_tar_value = -1;
1047 /* DP initialization */
1048 swjdp->trans_mode = TRANS_MODE_ATOMIC;
1049 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1050 dap_dp_write_reg(swjdp, SSTICKYERR, DP_CTRL_STAT);
1051 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1053 swjdp->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ;
1055 dap_dp_write_reg(swjdp, swjdp->dp_ctrl_stat, DP_CTRL_STAT);
1056 dap_dp_read_reg(swjdp, &ctrlstat, DP_CTRL_STAT);
1057 if ((retval = jtag_execute_queue()) != ERROR_OK)
1060 /* Check that we have debug power domains activated */
1061 while (!(ctrlstat & CDBGPWRUPACK) && (cnt++ < 10))
1063 LOG_DEBUG("swjdp: wait CDBGPWRUPACK");
1064 dap_dp_read_reg(swjdp, &ctrlstat, DP_CTRL_STAT);
1065 if ((retval = jtag_execute_queue()) != ERROR_OK)
1070 while (!(ctrlstat & CSYSPWRUPACK) && (cnt++ < 10))
1072 LOG_DEBUG("swjdp: wait CSYSPWRUPACK");
1073 dap_dp_read_reg(swjdp, &ctrlstat, DP_CTRL_STAT);
1074 if ((retval = jtag_execute_queue()) != ERROR_OK)
1079 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1080 /* With debug power on we can activate OVERRUN checking */
1081 swjdp->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ | CORUNDETECT;
1082 dap_dp_write_reg(swjdp, swjdp->dp_ctrl_stat, DP_CTRL_STAT);
1083 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1086 * REVISIT this isn't actually *initializing* anything in an AP,
1087 * and doesn't care if it's a MEM-AP at all (much less AHB-AP).
1088 * Should it? If the ROM address is valid, is this the right
1089 * place to scan the table and do any topology detection?
1091 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &idreg);
1092 dap_ap_read_reg_u32(swjdp, AP_REG_BASE, &romaddr);
1094 LOG_DEBUG("AHB-AP ID Register 0x%" PRIx32 ", Debug ROM Address 0x%" PRIx32 "", idreg, romaddr);
1099 /* CID interpretation -- see ARM IHI 0029B section 3
1100 * and ARM IHI 0031A table 13-3.
1102 static const char *class_description[16] ={
1103 "Reserved", "ROM table", "Reserved", "Reserved",
1104 "Reserved", "Reserved", "Reserved", "Reserved",
1105 "Reserved", "CoreSight component", "Reserved", "Peripheral Test Block",
1106 "Reserved", "OptimoDE DESS",
1107 "Generic IP component", "PrimeCell or System component"
1111 is_dap_cid_ok(uint32_t cid3, uint32_t cid2, uint32_t cid1, uint32_t cid0)
1113 return cid3 == 0xb1 && cid2 == 0x05
1114 && ((cid1 & 0x0f) == 0) && cid0 == 0x0d;
1117 int dap_info_command(struct command_context *cmd_ctx, struct swjdp_common *swjdp, int apsel)
1120 uint32_t dbgbase, apid;
1121 int romtable_present = 0;
1125 apselold = swjdp->apsel;
1126 dap_ap_select(swjdp, apsel);
1127 dap_ap_read_reg_u32(swjdp, AP_REG_BASE, &dbgbase);
1128 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &apid);
1129 swjdp_transaction_endcheck(swjdp);
1130 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
1131 mem_ap = ((apid&0x10000) && ((apid&0x0F) != 0));
1132 command_print(cmd_ctx, "AP ID register 0x%8.8" PRIx32, apid);
1138 command_print(cmd_ctx, "\tType is JTAG-AP");
1141 command_print(cmd_ctx, "\tType is MEM-AP AHB");
1144 command_print(cmd_ctx, "\tType is MEM-AP APB");
1147 command_print(cmd_ctx, "\tUnknown AP type");
1151 /* NOTE: a MEM-AP may have a single CoreSight component that's
1152 * not a ROM table ... or have no such components at all.
1155 command_print(cmd_ctx, "AP BASE 0x%8.8" PRIx32,
1160 command_print(cmd_ctx, "No AP found at this apsel 0x%x", apsel);
1163 romtable_present = ((mem_ap) && (dbgbase != 0xFFFFFFFF));
1164 if (romtable_present)
1166 uint32_t cid0,cid1,cid2,cid3,memtype,romentry;
1167 uint16_t entry_offset;
1169 /* bit 16 of apid indicates a memory access port */
1171 command_print(cmd_ctx, "\tValid ROM table present");
1173 command_print(cmd_ctx, "\tROM table in legacy format");
1175 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
1176 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFF0, &cid0);
1177 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFF4, &cid1);
1178 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFF8, &cid2);
1179 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFFC, &cid3);
1180 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFCC, &memtype);
1181 swjdp_transaction_endcheck(swjdp);
1182 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
1183 command_print(cmd_ctx, "\tCID3 0x%2.2" PRIx32
1184 ", CID2 0x%2.2" PRIx32
1185 ", CID1 0x%2.2" PRIx32
1186 ", CID0 0x%2.2" PRIx32,
1187 cid3, cid2, cid1, cid0);
1189 command_print(cmd_ctx, "\tMEMTYPE system memory present on bus");
1191 command_print(cmd_ctx, "\tMEMTYPE System memory not present. "
1192 "Dedicated debug bus.");
1194 /* Now we read ROM table entries from dbgbase&0xFFFFF000) | 0x000 until we get 0x00000000 */
1198 mem_ap_read_atomic_u32(swjdp, (dbgbase&0xFFFFF000) | entry_offset, &romentry);
1199 command_print(cmd_ctx, "\tROMTABLE[0x%x] = 0x%" PRIx32 "",entry_offset,romentry);
1202 uint32_t c_cid0, c_cid1, c_cid2, c_cid3;
1203 uint32_t c_pid0, c_pid1, c_pid2, c_pid3, c_pid4;
1204 uint32_t component_start, component_base;
1208 component_base = (uint32_t)((dbgbase & 0xFFFFF000)
1209 + (int)(romentry & 0xFFFFF000));
1210 mem_ap_read_atomic_u32(swjdp,
1211 (component_base & 0xFFFFF000) | 0xFE0, &c_pid0);
1212 mem_ap_read_atomic_u32(swjdp,
1213 (component_base & 0xFFFFF000) | 0xFE4, &c_pid1);
1214 mem_ap_read_atomic_u32(swjdp,
1215 (component_base & 0xFFFFF000) | 0xFE8, &c_pid2);
1216 mem_ap_read_atomic_u32(swjdp,
1217 (component_base & 0xFFFFF000) | 0xFEC, &c_pid3);
1218 mem_ap_read_atomic_u32(swjdp,
1219 (component_base & 0xFFFFF000) | 0xFD0, &c_pid4);
1220 mem_ap_read_atomic_u32(swjdp,
1221 (component_base & 0xFFFFF000) | 0xFF0, &c_cid0);
1222 mem_ap_read_atomic_u32(swjdp,
1223 (component_base & 0xFFFFF000) | 0xFF4, &c_cid1);
1224 mem_ap_read_atomic_u32(swjdp,
1225 (component_base & 0xFFFFF000) | 0xFF8, &c_cid2);
1226 mem_ap_read_atomic_u32(swjdp,
1227 (component_base & 0xFFFFF000) | 0xFFC, &c_cid3);
1228 component_start = component_base - 0x1000*(c_pid4 >> 4);
1230 command_print(cmd_ctx, "\t\tComponent base address 0x%" PRIx32
1231 ", start address 0x%" PRIx32,
1232 component_base, component_start);
1233 command_print(cmd_ctx, "\t\tComponent class is 0x%x, %s",
1234 (int) (c_cid1 >> 4) & 0xf,
1235 /* See ARM IHI 0029B Table 3-3 */
1236 class_description[(c_cid1 >> 4) & 0xf]);
1238 /* CoreSight component? */
1239 if (((c_cid1 >> 4) & 0x0f) == 9) {
1242 char *major = "Reserved", *subtype = "Reserved";
1244 mem_ap_read_atomic_u32(swjdp,
1245 (component_base & 0xfffff000) | 0xfcc,
1247 minor = (devtype >> 4) & 0x0f;
1248 switch (devtype & 0x0f) {
1250 major = "Miscellaneous";
1256 subtype = "Validation component";
1261 major = "Trace Sink";
1275 major = "Trace Link";
1281 subtype = "Funnel, router";
1287 subtype = "FIFO, buffer";
1292 major = "Trace Source";
1298 subtype = "Processor";
1304 subtype = "Engine/Coprocessor";
1312 major = "Debug Control";
1318 subtype = "Trigger Matrix";
1321 subtype = "Debug Auth";
1326 major = "Debug Logic";
1332 subtype = "Processor";
1338 subtype = "Engine/Coprocessor";
1343 command_print(cmd_ctx, "\t\tType is 0x%2.2x, %s, %s",
1344 (unsigned) (devtype & 0xff),
1346 /* REVISIT also show 0xfc8 DevId */
1349 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
1350 command_print(cmd_ctx, "\t\tCID3 0x%2.2" PRIx32
1351 ", CID2 0x%2.2" PRIx32
1352 ", CID1 0x%2.2" PRIx32
1353 ", CID0 0x%2.2" PRIx32,
1354 c_cid3, c_cid2, c_cid1, c_cid0);
1355 command_print(cmd_ctx, "\t\tPeripheral ID[4..0] = hex "
1356 "%2.2x %2.2x %2.2x %2.2x %2.2x",
1358 (int) c_pid3, (int) c_pid2,
1359 (int) c_pid1, (int) c_pid0);
1361 /* Part number interpretations are from Cortex
1362 * core specs, the CoreSight components TRM
1363 * (ARM DDI 0314H), and ETM specs; also from
1364 * chip observation (e.g. TI SDTI).
1366 part_num = c_pid0 & 0xff;
1367 part_num |= (c_pid1 & 0x0f) << 8;
1370 type = "Cortex-M3 NVIC";
1371 full = "(Interrupt Controller)";
1374 type = "Cortex-M3 ITM";
1375 full = "(Instrumentation Trace Module)";
1378 type = "Cortex-M3 DWT";
1379 full = "(Data Watchpoint and Trace)";
1382 type = "Cortex-M3 FBP";
1383 full = "(Flash Patch and Breakpoint)";
1386 type = "CoreSight ETM11";
1387 full = "(Embedded Trace)";
1389 // case 0x113: what?
1390 case 0x120: /* from OMAP3 memmap */
1392 full = "(System Debug Trace Interface)";
1394 case 0x343: /* from OMAP3 memmap */
1399 type = "Cortex-M3 ETM";
1400 full = "(Embedded Trace)";
1403 type = "Coresight CTI";
1404 full = "(Cross Trigger)";
1407 type = "Coresight ETB";
1408 full = "(Trace Buffer)";
1411 type = "Coresight CSTF";
1412 full = "(Trace Funnel)";
1415 type = "CoreSight ETM9";
1416 full = "(Embedded Trace)";
1419 type = "Coresight TPIU";
1420 full = "(Trace Port Interface Unit)";
1423 type = "Cortex-A8 ETM";
1424 full = "(Embedded Trace)";
1427 type = "Cortex-A8 CTI";
1428 full = "(Cross Trigger)";
1431 type = "Cortex-M3 TPIU";
1432 full = "(Trace Port Interface Unit)";
1435 type = "Cortex-A8 Debug";
1436 full = "(Debug Unit)";
1439 type = "-*- unrecognized -*-";
1443 command_print(cmd_ctx, "\t\tPart is %s %s",
1449 command_print(cmd_ctx, "\t\tComponent not present");
1451 command_print(cmd_ctx, "\t\tEnd of ROM table");
1454 } while (romentry > 0);
1458 command_print(cmd_ctx, "\tNo ROM table present");
1460 dap_ap_select(swjdp, apselold);
1465 DAP_COMMAND_HANDLER(dap_baseaddr_command)
1467 uint32_t apsel, apselsave, baseaddr;
1470 apselsave = swjdp->apsel;
1473 apsel = swjdp->apsel;
1476 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1479 return ERROR_COMMAND_SYNTAX_ERROR;
1482 if (apselsave != apsel)
1483 dap_ap_select(swjdp, apsel);
1485 dap_ap_read_reg_u32(swjdp, AP_REG_BASE, &baseaddr);
1486 retval = swjdp_transaction_endcheck(swjdp);
1487 command_print(CMD_CTX, "0x%8.8" PRIx32, baseaddr);
1489 if (apselsave != apsel)
1490 dap_ap_select(swjdp, apselsave);
1495 DAP_COMMAND_HANDLER(dap_memaccess_command)
1497 uint32_t memaccess_tck;
1501 memaccess_tck = swjdp->memaccess_tck;
1504 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], memaccess_tck);
1507 return ERROR_COMMAND_SYNTAX_ERROR;
1509 swjdp->memaccess_tck = memaccess_tck;
1511 command_print(CMD_CTX, "memory bus access delay set to %" PRIi32 " tck",
1512 swjdp->memaccess_tck);
1517 DAP_COMMAND_HANDLER(dap_apsel_command)
1519 uint32_t apsel, apid;
1527 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1530 return ERROR_COMMAND_SYNTAX_ERROR;
1533 dap_ap_select(swjdp, apsel);
1534 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &apid);
1535 retval = swjdp_transaction_endcheck(swjdp);
1536 command_print(CMD_CTX, "ap %" PRIi32 " selected, identification register 0x%8.8" PRIx32,
1542 DAP_COMMAND_HANDLER(dap_apid_command)
1544 uint32_t apsel, apselsave, apid;
1547 apselsave = swjdp->apsel;
1550 apsel = swjdp->apsel;
1553 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1556 return ERROR_COMMAND_SYNTAX_ERROR;
1559 if (apselsave != apsel)
1560 dap_ap_select(swjdp, apsel);
1562 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &apid);
1563 retval = swjdp_transaction_endcheck(swjdp);
1564 command_print(CMD_CTX, "0x%8.8" PRIx32, apid);
1565 if (apselsave != apsel)
1566 dap_ap_select(swjdp, apselsave);