1 /***************************************************************************
2 * Copyright (C) 2006 by Magnus Lundin *
5 * Copyright (C) 2008 by Spencer Oliver *
6 * spen@spen-soft.co.uk *
8 * Copyright (C) 2009-2010 by Oyvind Harboe *
9 * oyvind.harboe@zylin.com *
11 * Copyright (C) 2009-2010 by David Brownell *
13 * Copyright (C) 2013 by Andreas Fritiofson *
14 * andreas.fritiofson@gmail.com *
16 * This program is free software; you can redistribute it and/or modify *
17 * it under the terms of the GNU General Public License as published by *
18 * the Free Software Foundation; either version 2 of the License, or *
19 * (at your option) any later version. *
21 * This program is distributed in the hope that it will be useful, *
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
24 * GNU General Public License for more details. *
26 * You should have received a copy of the GNU General Public License *
27 * along with this program; if not, write to the *
28 * Free Software Foundation, Inc., *
29 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
30 ***************************************************************************/
34 * This file implements support for the ARM Debug Interface version 5 (ADIv5)
35 * debugging architecture. Compared with previous versions, this includes
36 * a low pin-count Serial Wire Debug (SWD) alternative to JTAG for message
37 * transport, and focusses on memory mapped resources as defined by the
38 * CoreSight architecture.
40 * A key concept in ADIv5 is the Debug Access Port, or DAP. A DAP has two
41 * basic components: a Debug Port (DP) transporting messages to and from a
42 * debugger, and an Access Port (AP) accessing resources. Three types of DP
43 * are defined. One uses only JTAG for communication, and is called JTAG-DP.
44 * One uses only SWD for communication, and is called SW-DP. The third can
45 * use either SWD or JTAG, and is called SWJ-DP. The most common type of AP
46 * is used to access memory mapped resources and is called a MEM-AP. Also a
47 * JTAG-AP is also defined, bridging to JTAG resources; those are uncommon.
49 * This programming interface allows DAP pipelined operations through a
50 * transaction queue. This primarily affects AP operations (such as using
51 * a MEM-AP to access memory or registers). If the current transaction has
52 * not finished by the time the next one must begin, and the ORUNDETECT bit
53 * is set in the DP_CTRL_STAT register, the SSTICKYORUN status is set and
54 * further AP operations will fail. There are two basic methods to avoid
55 * such overrun errors. One involves polling for status instead of using
56 * transaction piplining. The other involves adding delays to ensure the
57 * AP has enough time to complete one operation before starting the next
58 * one. (For JTAG these delays are controlled by memaccess_tck.)
62 * Relevant specifications from ARM include:
64 * ARM(tm) Debug Interface v5 Architecture Specification ARM IHI 0031A
65 * CoreSight(tm) v1.0 Architecture Specification ARM IHI 0029B
67 * CoreSight(tm) DAP-Lite TRM, ARM DDI 0316D
68 * Cortex-M3(tm) TRM, ARM DDI 0337G
75 #include "jtag/interface.h"
77 #include "arm_adi_v5.h"
78 #include <helper/time_support.h>
80 /* ARM ADI Specification requires at least 10 bits used for TAR autoincrement */
83 uint32_t tar_block_size(uint32_t address)
84 Return the largest block starting at address that does not cross a tar block size alignment boundary
86 static uint32_t max_tar_block_size(uint32_t tar_autoincr_block, uint32_t address)
88 return tar_autoincr_block - ((tar_autoincr_block - 1) & address);
91 /***************************************************************************
93 * DP and MEM-AP register access through APACC and DPACC *
95 ***************************************************************************/
98 * Select one of the APs connected to the specified DAP. The
99 * selection is implicitly used with future AP transactions.
100 * This is a NOP if the specified AP is already selected.
103 * @param apsel Number of the AP to (implicitly) use with further
104 * transactions. This normally identifies a MEM-AP.
106 void dap_ap_select(struct adiv5_dap *dap, uint8_t ap)
108 uint32_t new_ap = (ap << 24) & 0xFF000000;
110 if (new_ap != dap->ap_current) {
111 dap->ap_current = new_ap;
112 /* Switching AP invalidates cached values.
113 * Values MUST BE UPDATED BEFORE AP ACCESS.
115 dap->ap_bank_value = -1;
116 dap->ap_csw_value = -1;
117 dap->ap_tar_value = -1;
121 static int dap_setup_accessport_csw(struct adiv5_dap *dap, uint32_t csw)
123 csw = csw | CSW_DBGSWENABLE | CSW_MASTER_DEBUG | CSW_HPROT |
124 dap->apcsw[dap->ap_current >> 24];
126 if (csw != dap->ap_csw_value) {
127 /* LOG_DEBUG("DAP: Set CSW %x",csw); */
128 int retval = dap_queue_ap_write(dap, AP_REG_CSW, csw);
129 if (retval != ERROR_OK)
131 dap->ap_csw_value = csw;
136 static int dap_setup_accessport_tar(struct adiv5_dap *dap, uint32_t tar)
138 if (tar != dap->ap_tar_value || dap->ap_csw_value & CSW_ADDRINC_MASK) {
139 /* LOG_DEBUG("DAP: Set TAR %x",tar); */
140 int retval = dap_queue_ap_write(dap, AP_REG_TAR, tar);
141 if (retval != ERROR_OK)
143 dap->ap_tar_value = tar;
149 * Queue transactions setting up transfer parameters for the
150 * currently selected MEM-AP.
152 * Subsequent transfers using registers like AP_REG_DRW or AP_REG_BD2
153 * initiate data reads or writes using memory or peripheral addresses.
154 * If the CSW is configured for it, the TAR may be automatically
155 * incremented after each transfer.
157 * @todo Rename to reflect it being specifically a MEM-AP function.
159 * @param dap The DAP connected to the MEM-AP.
160 * @param csw MEM-AP Control/Status Word (CSW) register to assign. If this
161 * matches the cached value, the register is not changed.
162 * @param tar MEM-AP Transfer Address Register (TAR) to assign. If this
163 * matches the cached address, the register is not changed.
165 * @return ERROR_OK if the transaction was properly queued, else a fault code.
167 int dap_setup_accessport(struct adiv5_dap *dap, uint32_t csw, uint32_t tar)
170 retval = dap_setup_accessport_csw(dap, csw);
171 if (retval != ERROR_OK)
173 retval = dap_setup_accessport_tar(dap, tar);
174 if (retval != ERROR_OK)
180 * Asynchronous (queued) read of a word from memory or a system register.
182 * @param dap The DAP connected to the MEM-AP performing the read.
183 * @param address Address of the 32-bit word to read; it must be
184 * readable by the currently selected MEM-AP.
185 * @param value points to where the word will be stored when the
186 * transaction queue is flushed (assuming no errors).
188 * @return ERROR_OK for success. Otherwise a fault code.
190 int mem_ap_read_u32(struct adiv5_dap *dap, uint32_t address,
195 /* Use banked addressing (REG_BDx) to avoid some link traffic
196 * (updating TAR) when reading several consecutive addresses.
198 retval = dap_setup_accessport(dap, CSW_32BIT | CSW_ADDRINC_OFF,
199 address & 0xFFFFFFF0);
200 if (retval != ERROR_OK)
203 return dap_queue_ap_read(dap, AP_REG_BD0 | (address & 0xC), value);
207 * Synchronous read of a word from memory or a system register.
208 * As a side effect, this flushes any queued transactions.
210 * @param dap The DAP connected to the MEM-AP performing the read.
211 * @param address Address of the 32-bit word to read; it must be
212 * readable by the currently selected MEM-AP.
213 * @param value points to where the result will be stored.
215 * @return ERROR_OK for success; *value holds the result.
216 * Otherwise a fault code.
218 int mem_ap_read_atomic_u32(struct adiv5_dap *dap, uint32_t address,
223 retval = mem_ap_read_u32(dap, address, value);
224 if (retval != ERROR_OK)
231 * Asynchronous (queued) write of a word to memory or a system register.
233 * @param dap The DAP connected to the MEM-AP.
234 * @param address Address to be written; it must be writable by
235 * the currently selected MEM-AP.
236 * @param value Word that will be written to the address when transaction
237 * queue is flushed (assuming no errors).
239 * @return ERROR_OK for success. Otherwise a fault code.
241 int mem_ap_write_u32(struct adiv5_dap *dap, uint32_t address,
246 /* Use banked addressing (REG_BDx) to avoid some link traffic
247 * (updating TAR) when writing several consecutive addresses.
249 retval = dap_setup_accessport(dap, CSW_32BIT | CSW_ADDRINC_OFF,
250 address & 0xFFFFFFF0);
251 if (retval != ERROR_OK)
254 return dap_queue_ap_write(dap, AP_REG_BD0 | (address & 0xC),
259 * Synchronous write of a word to memory or a system register.
260 * As a side effect, this flushes any queued transactions.
262 * @param dap The DAP connected to the MEM-AP.
263 * @param address Address to be written; it must be writable by
264 * the currently selected MEM-AP.
265 * @param value Word that will be written.
267 * @return ERROR_OK for success; the data was written. Otherwise a fault code.
269 int mem_ap_write_atomic_u32(struct adiv5_dap *dap, uint32_t address,
272 int retval = mem_ap_write_u32(dap, address, value);
274 if (retval != ERROR_OK)
281 * Synchronous write of a block of memory, using a specific access size.
283 * @param dap The DAP connected to the MEM-AP.
284 * @param buffer The data buffer to write. No particular alignment is assumed.
285 * @param size Which access size to use, in bytes. 1, 2 or 4.
286 * @param count The number of writes to do (in size units, not bytes).
287 * @param address Address to be written; it must be writable by the currently selected MEM-AP.
288 * @param addrinc Whether the target address should be increased for each write or not. This
289 * should normally be true, except when writing to e.g. a FIFO.
290 * @return ERROR_OK on success, otherwise an error code.
292 int mem_ap_write(struct adiv5_dap *dap, const uint8_t *buffer, uint32_t size, uint32_t count,
293 uint32_t address, bool addrinc)
295 size_t nbytes = size * count;
296 const uint32_t csw_addrincr = addrinc ? CSW_ADDRINC_SINGLE : CSW_ADDRINC_OFF;
301 /* TI BE-32 Quirks mode:
302 * Writes on big-endian TMS570 behave very strangely. Observed behavior:
303 * size write address bytes written in order
304 * 4 TAR ^ 0 (val >> 24), (val >> 16), (val >> 8), (val)
305 * 2 TAR ^ 2 (val >> 8), (val)
307 * For example, if you attempt to write a single byte to address 0, the processor
308 * will actually write a byte to address 3.
310 * To make writes of size < 4 work as expected, we xor a value with the address before
311 * setting the TAP, and we set the TAP after every transfer rather then relying on
312 * address increment. */
315 csw_size = CSW_32BIT;
317 } else if (size == 2) {
318 csw_size = CSW_16BIT;
319 addr_xor = dap->ti_be_32_quirks ? 2 : 0;
320 } else if (size == 1) {
322 addr_xor = dap->ti_be_32_quirks ? 3 : 0;
324 return ERROR_TARGET_UNALIGNED_ACCESS;
327 if (dap->unaligned_access_bad && (address % size != 0))
328 return ERROR_TARGET_UNALIGNED_ACCESS;
330 retval = dap_setup_accessport_tar(dap, address ^ addr_xor);
331 if (retval != ERROR_OK)
335 uint32_t this_size = size;
337 /* Select packed transfer if possible */
338 if (addrinc && dap->packed_transfers && nbytes >= 4
339 && max_tar_block_size(dap->tar_autoincr_block, address) >= 4) {
341 retval = dap_setup_accessport_csw(dap, csw_size | CSW_ADDRINC_PACKED);
343 retval = dap_setup_accessport_csw(dap, csw_size | csw_addrincr);
346 if (retval != ERROR_OK)
349 /* How many source bytes each transfer will consume, and their location in the DRW,
350 * depends on the type of transfer and alignment. See ARM document IHI0031C. */
351 uint32_t outvalue = 0;
352 if (dap->ti_be_32_quirks) {
355 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (address++ & 3) ^ addr_xor);
356 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (address++ & 3) ^ addr_xor);
357 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (address++ & 3) ^ addr_xor);
358 outvalue |= (uint32_t)*buffer++ << 8 * (3 ^ (address++ & 3) ^ addr_xor);
361 outvalue |= (uint32_t)*buffer++ << 8 * (1 ^ (address++ & 3) ^ addr_xor);
362 outvalue |= (uint32_t)*buffer++ << 8 * (1 ^ (address++ & 3) ^ addr_xor);
365 outvalue |= (uint32_t)*buffer++ << 8 * (0 ^ (address++ & 3) ^ addr_xor);
371 outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
372 outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
374 outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
376 outvalue |= (uint32_t)*buffer++ << 8 * (address++ & 3);
382 retval = dap_queue_ap_write(dap, AP_REG_DRW, outvalue);
383 if (retval != ERROR_OK)
386 /* Rewrite TAR if it wrapped or we're xoring addresses */
387 if (addrinc && (addr_xor || (address % dap->tar_autoincr_block < size && nbytes > 0))) {
388 retval = dap_setup_accessport_tar(dap, address ^ addr_xor);
389 if (retval != ERROR_OK)
394 /* REVISIT: Might want to have a queued version of this function that does not run. */
395 if (retval == ERROR_OK)
396 retval = dap_run(dap);
398 if (retval != ERROR_OK) {
400 if (dap_queue_ap_read(dap, AP_REG_TAR, &tar) == ERROR_OK
401 && dap_run(dap) == ERROR_OK)
402 LOG_ERROR("Failed to write memory at 0x%08"PRIx32, tar);
404 LOG_ERROR("Failed to write memory and, additionally, failed to find out where");
411 * Synchronous read of a block of memory, using a specific access size.
413 * @param dap The DAP connected to the MEM-AP.
414 * @param buffer The data buffer to receive the data. No particular alignment is assumed.
415 * @param size Which access size to use, in bytes. 1, 2 or 4.
416 * @param count The number of reads to do (in size units, not bytes).
417 * @param address Address to be read; it must be readable by the currently selected MEM-AP.
418 * @param addrinc Whether the target address should be increased after each read or not. This
419 * should normally be true, except when reading from e.g. a FIFO.
420 * @return ERROR_OK on success, otherwise an error code.
422 int mem_ap_read(struct adiv5_dap *dap, uint8_t *buffer, uint32_t size, uint32_t count,
423 uint32_t adr, bool addrinc)
425 size_t nbytes = size * count;
426 const uint32_t csw_addrincr = addrinc ? CSW_ADDRINC_SINGLE : CSW_ADDRINC_OFF;
428 uint32_t address = adr;
431 /* TI BE-32 Quirks mode:
432 * Reads on big-endian TMS570 behave strangely differently than writes.
433 * They read from the physical address requested, but with DRW byte-reversed.
434 * For example, a byte read from address 0 will place the result in the high bytes of DRW.
435 * Also, packed 8-bit and 16-bit transfers seem to sometimes return garbage in some bytes,
439 csw_size = CSW_32BIT;
441 csw_size = CSW_16BIT;
445 return ERROR_TARGET_UNALIGNED_ACCESS;
447 if (dap->unaligned_access_bad && (adr % size != 0))
448 return ERROR_TARGET_UNALIGNED_ACCESS;
450 /* Allocate buffer to hold the sequence of DRW reads that will be made. This is a significant
451 * over-allocation if packed transfers are going to be used, but determining the real need at
452 * this point would be messy. */
453 uint32_t *read_buf = malloc(count * sizeof(uint32_t));
454 uint32_t *read_ptr = read_buf;
455 if (read_buf == NULL) {
456 LOG_ERROR("Failed to allocate read buffer");
460 retval = dap_setup_accessport_tar(dap, address);
461 if (retval != ERROR_OK) {
466 /* Queue up all reads. Each read will store the entire DRW word in the read buffer. How many
467 * useful bytes it contains, and their location in the word, depends on the type of transfer
470 uint32_t this_size = size;
472 /* Select packed transfer if possible */
473 if (addrinc && dap->packed_transfers && nbytes >= 4
474 && max_tar_block_size(dap->tar_autoincr_block, address) >= 4) {
476 retval = dap_setup_accessport_csw(dap, csw_size | CSW_ADDRINC_PACKED);
478 retval = dap_setup_accessport_csw(dap, csw_size | csw_addrincr);
480 if (retval != ERROR_OK)
483 retval = dap_queue_ap_read(dap, AP_REG_DRW, read_ptr++);
484 if (retval != ERROR_OK)
488 address += this_size;
490 /* Rewrite TAR if it wrapped */
491 if (addrinc && address % dap->tar_autoincr_block < size && nbytes > 0) {
492 retval = dap_setup_accessport_tar(dap, address);
493 if (retval != ERROR_OK)
498 if (retval == ERROR_OK)
499 retval = dap_run(dap);
503 nbytes = size * count;
506 /* If something failed, read TAR to find out how much data was successfully read, so we can
507 * at least give the caller what we have. */
508 if (retval != ERROR_OK) {
510 if (dap_queue_ap_read(dap, AP_REG_TAR, &tar) == ERROR_OK
511 && dap_run(dap) == ERROR_OK) {
512 LOG_ERROR("Failed to read memory at 0x%08"PRIx32, tar);
513 if (nbytes > tar - address)
514 nbytes = tar - address;
516 LOG_ERROR("Failed to read memory and, additionally, failed to find out where");
521 /* Replay loop to populate caller's buffer from the correct word and byte lane */
523 uint32_t this_size = size;
525 if (addrinc && dap->packed_transfers && nbytes >= 4
526 && max_tar_block_size(dap->tar_autoincr_block, address) >= 4) {
530 if (dap->ti_be_32_quirks) {
533 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
534 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
536 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
538 *buffer++ = *read_ptr >> 8 * (3 - (address++ & 3));
543 *buffer++ = *read_ptr >> 8 * (address++ & 3);
544 *buffer++ = *read_ptr >> 8 * (address++ & 3);
546 *buffer++ = *read_ptr >> 8 * (address++ & 3);
548 *buffer++ = *read_ptr >> 8 * (address++ & 3);
560 /*--------------------------------------------------------------------*/
561 /* Wrapping function with selection of AP */
562 /*--------------------------------------------------------------------*/
563 int mem_ap_sel_read_u32(struct adiv5_dap *swjdp, uint8_t ap,
564 uint32_t address, uint32_t *value)
566 dap_ap_select(swjdp, ap);
567 return mem_ap_read_u32(swjdp, address, value);
570 int mem_ap_sel_write_u32(struct adiv5_dap *swjdp, uint8_t ap,
571 uint32_t address, uint32_t value)
573 dap_ap_select(swjdp, ap);
574 return mem_ap_write_u32(swjdp, address, value);
577 int mem_ap_sel_read_atomic_u32(struct adiv5_dap *swjdp, uint8_t ap,
578 uint32_t address, uint32_t *value)
580 dap_ap_select(swjdp, ap);
581 return mem_ap_read_atomic_u32(swjdp, address, value);
584 int mem_ap_sel_write_atomic_u32(struct adiv5_dap *swjdp, uint8_t ap,
585 uint32_t address, uint32_t value)
587 dap_ap_select(swjdp, ap);
588 return mem_ap_write_atomic_u32(swjdp, address, value);
591 int mem_ap_sel_read_buf(struct adiv5_dap *swjdp, uint8_t ap,
592 uint8_t *buffer, uint32_t size, uint32_t count, uint32_t address)
594 dap_ap_select(swjdp, ap);
595 return mem_ap_read(swjdp, buffer, size, count, address, true);
598 int mem_ap_sel_write_buf(struct adiv5_dap *swjdp, uint8_t ap,
599 const uint8_t *buffer, uint32_t size, uint32_t count, uint32_t address)
601 dap_ap_select(swjdp, ap);
602 return mem_ap_write(swjdp, buffer, size, count, address, true);
605 int mem_ap_sel_read_buf_noincr(struct adiv5_dap *swjdp, uint8_t ap,
606 uint8_t *buffer, uint32_t size, uint32_t count, uint32_t address)
608 dap_ap_select(swjdp, ap);
609 return mem_ap_read(swjdp, buffer, size, count, address, false);
612 int mem_ap_sel_write_buf_noincr(struct adiv5_dap *swjdp, uint8_t ap,
613 const uint8_t *buffer, uint32_t size, uint32_t count, uint32_t address)
615 dap_ap_select(swjdp, ap);
616 return mem_ap_write(swjdp, buffer, size, count, address, false);
619 /*--------------------------------------------------------------------------*/
622 #define DAP_POWER_DOMAIN_TIMEOUT (10)
624 /* FIXME don't import ... just initialize as
625 * part of DAP transport setup
627 extern const struct dap_ops jtag_dp_ops;
629 /*--------------------------------------------------------------------------*/
632 * Initialize a DAP. This sets up the power domains, prepares the DP
633 * for further use, and arranges to use AP #0 for all AP operations
634 * until dap_ap-select() changes that policy.
636 * @param dap The DAP being initialized.
638 * @todo Rename this. We also need an initialization scheme which account
639 * for SWD transports not just JTAG; that will need to address differences
640 * in layering. (JTAG is useful without any debug target; but not SWD.)
641 * And this may not even use an AHB-AP ... e.g. DAP-Lite uses an APB-AP.
643 int ahbap_debugport_init(struct adiv5_dap *dap)
649 /* JTAG-DP or SWJ-DP, in JTAG mode
650 * ... for SWD mode this is patched as part
654 dap->ops = &jtag_dp_ops;
656 /* Default MEM-AP setup.
658 * REVISIT AP #0 may be an inappropriate default for this.
659 * Should we probe, or take a hint from the caller?
660 * Presumably we can ignore the possibility of multiple APs.
662 dap->ap_current = !0;
663 dap_ap_select(dap, 0);
664 dap->last_read = NULL;
666 /* DP initialization */
668 dap->dp_bank_value = 0;
670 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
671 if (retval != ERROR_OK)
674 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, SSTICKYERR);
675 if (retval != ERROR_OK)
678 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
679 if (retval != ERROR_OK)
682 dap->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ;
683 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, dap->dp_ctrl_stat);
684 if (retval != ERROR_OK)
687 /* Check that we have debug power domains activated */
688 LOG_DEBUG("DAP: wait CDBGPWRUPACK");
689 retval = dap_dp_poll_register(dap, DP_CTRL_STAT,
690 CDBGPWRUPACK, CDBGPWRUPACK,
691 DAP_POWER_DOMAIN_TIMEOUT);
692 if (retval != ERROR_OK)
695 LOG_DEBUG("DAP: wait CSYSPWRUPACK");
696 retval = dap_dp_poll_register(dap, DP_CTRL_STAT,
697 CSYSPWRUPACK, CSYSPWRUPACK,
698 DAP_POWER_DOMAIN_TIMEOUT);
699 if (retval != ERROR_OK)
702 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
703 if (retval != ERROR_OK)
705 /* With debug power on we can activate OVERRUN checking */
706 dap->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ | CORUNDETECT;
707 retval = dap_queue_dp_write(dap, DP_CTRL_STAT, dap->dp_ctrl_stat);
708 if (retval != ERROR_OK)
710 retval = dap_queue_dp_read(dap, DP_CTRL_STAT, NULL);
711 if (retval != ERROR_OK)
714 /* check that we support packed transfers */
717 retval = dap_setup_accessport(dap, CSW_8BIT | CSW_ADDRINC_PACKED, 0);
718 if (retval != ERROR_OK)
721 retval = dap_queue_ap_read(dap, AP_REG_CSW, &csw);
722 if (retval != ERROR_OK)
725 retval = dap_queue_ap_read(dap, AP_REG_CFG, &cfg);
726 if (retval != ERROR_OK)
729 retval = dap_run(dap);
730 if (retval != ERROR_OK)
733 if (csw & CSW_ADDRINC_PACKED)
734 dap->packed_transfers = true;
736 dap->packed_transfers = false;
738 /* Packed transfers on TI BE-32 processors do not work correctly in
740 if (dap->ti_be_32_quirks)
741 dap->packed_transfers = false;
743 LOG_DEBUG("MEM_AP Packed Transfers: %s",
744 dap->packed_transfers ? "enabled" : "disabled");
746 /* The ARM ADI spec leaves implementation-defined whether unaligned
747 * memory accesses work, only work partially, or cause a sticky error.
748 * On TI BE-32 processors, reads seem to return garbage in some bytes
749 * and unaligned writes seem to cause a sticky error.
750 * TODO: it would be nice to have a way to detect whether unaligned
751 * operations are supported on other processors. */
752 dap->unaligned_access_bad = dap->ti_be_32_quirks;
754 LOG_DEBUG("MEM_AP CFG: large data %d, long address %d, big-endian %d",
755 !!(cfg & 0x04), !!(cfg & 0x02), !!(cfg & 0x01));
760 /* CID interpretation -- see ARM IHI 0029B section 3
761 * and ARM IHI 0031A table 13-3.
763 static const char *class_description[16] = {
764 "Reserved", "ROM table", "Reserved", "Reserved",
765 "Reserved", "Reserved", "Reserved", "Reserved",
766 "Reserved", "CoreSight component", "Reserved", "Peripheral Test Block",
767 "Reserved", "OptimoDE DESS",
768 "Generic IP component", "PrimeCell or System component"
771 static bool is_dap_cid_ok(uint32_t cid3, uint32_t cid2, uint32_t cid1, uint32_t cid0)
773 return cid3 == 0xb1 && cid2 == 0x05
774 && ((cid1 & 0x0f) == 0) && cid0 == 0x0d;
778 * This function checks the ID for each access port to find the requested Access Port type
780 int dap_find_ap(struct adiv5_dap *dap, enum ap_type type_to_find, uint8_t *ap_num_out)
784 /* Maximum AP number is 255 since the SELECT register is 8 bits */
785 for (ap = 0; ap <= 255; ap++) {
787 /* read the IDR register of the Access Port */
789 dap_ap_select(dap, ap);
791 int retval = dap_queue_ap_read(dap, AP_REG_IDR, &id_val);
792 if (retval != ERROR_OK)
795 retval = dap_run(dap);
799 * 27-24 : JEDEC bank (0x4 for ARM)
800 * 23-17 : JEDEC code (0x3B for ARM)
803 * 7-0 : AP Identity (1=AHB-AP 2=APB-AP 0x10=JTAG-AP)
806 /* Reading register for a non-existant AP should not cause an error,
807 * but just to be sure, try to continue searching if an error does happen.
809 if ((retval == ERROR_OK) && /* Register read success */
810 ((id_val & 0x0FFF0000) == 0x04770000) && /* Jedec codes match */
811 ((id_val & 0xFF) == type_to_find)) { /* type matches*/
813 LOG_DEBUG("Found %s at AP index: %d (IDR=0x%08" PRIX32 ")",
814 (type_to_find == AP_TYPE_AHB_AP) ? "AHB-AP" :
815 (type_to_find == AP_TYPE_APB_AP) ? "APB-AP" :
816 (type_to_find == AP_TYPE_JTAG_AP) ? "JTAG-AP" : "Unknown",
824 LOG_DEBUG("No %s found",
825 (type_to_find == AP_TYPE_AHB_AP) ? "AHB-AP" :
826 (type_to_find == AP_TYPE_APB_AP) ? "APB-AP" :
827 (type_to_find == AP_TYPE_JTAG_AP) ? "JTAG-AP" : "Unknown");
831 int dap_get_debugbase(struct adiv5_dap *dap, int ap,
832 uint32_t *dbgbase, uint32_t *apid)
837 /* AP address is in bits 31:24 of DP_SELECT */
839 return ERROR_COMMAND_SYNTAX_ERROR;
841 ap_old = dap->ap_current;
842 dap_ap_select(dap, ap);
844 retval = dap_queue_ap_read(dap, AP_REG_BASE, dbgbase);
845 if (retval != ERROR_OK)
847 retval = dap_queue_ap_read(dap, AP_REG_IDR, apid);
848 if (retval != ERROR_OK)
850 retval = dap_run(dap);
851 if (retval != ERROR_OK)
854 dap_ap_select(dap, ap_old);
859 int dap_lookup_cs_component(struct adiv5_dap *dap, int ap,
860 uint32_t dbgbase, uint8_t type, uint32_t *addr)
863 uint32_t romentry, entry_offset = 0, component_base, devtype;
864 int retval = ERROR_FAIL;
867 return ERROR_COMMAND_SYNTAX_ERROR;
869 ap_old = dap->ap_current;
870 dap_ap_select(dap, ap);
873 retval = mem_ap_read_atomic_u32(dap, (dbgbase&0xFFFFF000) |
874 entry_offset, &romentry);
875 if (retval != ERROR_OK)
878 component_base = (dbgbase & 0xFFFFF000)
879 + (romentry & 0xFFFFF000);
881 if (romentry & 0x1) {
882 retval = mem_ap_read_atomic_u32(dap,
883 (component_base & 0xfffff000) | 0xfcc,
885 if (retval != ERROR_OK)
887 if ((devtype & 0xff) == type) {
888 *addr = component_base;
894 } while (romentry > 0);
896 dap_ap_select(dap, ap_old);
901 static int dap_rom_display(struct command_context *cmd_ctx,
902 struct adiv5_dap *dap, int ap, uint32_t dbgbase, int depth)
905 uint32_t cid0, cid1, cid2, cid3, memtype, romentry;
906 uint16_t entry_offset;
910 command_print(cmd_ctx, "\tTables too deep");
915 snprintf(tabs, sizeof(tabs), "[L%02d] ", depth);
917 /* bit 16 of apid indicates a memory access port */
919 command_print(cmd_ctx, "\t%sValid ROM table present", tabs);
921 command_print(cmd_ctx, "\t%sROM table in legacy format", tabs);
923 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
924 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFF0, &cid0);
925 if (retval != ERROR_OK)
927 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFF4, &cid1);
928 if (retval != ERROR_OK)
930 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFF8, &cid2);
931 if (retval != ERROR_OK)
933 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFFC, &cid3);
934 if (retval != ERROR_OK)
936 retval = mem_ap_read_u32(dap, (dbgbase&0xFFFFF000) | 0xFCC, &memtype);
937 if (retval != ERROR_OK)
939 retval = dap_run(dap);
940 if (retval != ERROR_OK)
943 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
944 command_print(cmd_ctx, "\t%sCID3 0x%02x"
949 (unsigned)cid3, (unsigned)cid2,
950 (unsigned)cid1, (unsigned)cid0);
952 command_print(cmd_ctx, "\t%sMEMTYPE system memory present on bus", tabs);
954 command_print(cmd_ctx, "\t%sMEMTYPE system memory not present: dedicated debug bus", tabs);
956 /* Now we read ROM table entries from dbgbase&0xFFFFF000) | 0x000 until we get 0x00000000 */
957 for (entry_offset = 0; ; entry_offset += 4) {
958 retval = mem_ap_read_atomic_u32(dap, (dbgbase&0xFFFFF000) | entry_offset, &romentry);
959 if (retval != ERROR_OK)
961 command_print(cmd_ctx, "\t%sROMTABLE[0x%x] = 0x%" PRIx32 "",
962 tabs, entry_offset, romentry);
963 if (romentry & 0x01) {
964 uint32_t c_cid0, c_cid1, c_cid2, c_cid3;
965 uint32_t c_pid0, c_pid1, c_pid2, c_pid3, c_pid4;
966 uint32_t component_base;
970 component_base = (dbgbase & 0xFFFFF000) + (romentry & 0xFFFFF000);
972 /* IDs are in last 4K section */
973 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFE0, &c_pid0);
974 if (retval != ERROR_OK) {
975 command_print(cmd_ctx, "\t%s\tCan't read component with base address 0x%" PRIx32
976 ", the corresponding core might be turned off", tabs, component_base);
980 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFE4, &c_pid1);
981 if (retval != ERROR_OK)
984 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFE8, &c_pid2);
985 if (retval != ERROR_OK)
988 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFEC, &c_pid3);
989 if (retval != ERROR_OK)
992 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFD0, &c_pid4);
993 if (retval != ERROR_OK)
997 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFF0, &c_cid0);
998 if (retval != ERROR_OK)
1001 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFF4, &c_cid1);
1002 if (retval != ERROR_OK)
1005 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFF8, &c_cid2);
1006 if (retval != ERROR_OK)
1009 retval = mem_ap_read_atomic_u32(dap, component_base + 0xFFC, &c_cid3);
1010 if (retval != ERROR_OK)
1014 command_print(cmd_ctx, "\t\tComponent base address 0x%" PRIx32 ", "
1015 "start address 0x%" PRIx32, component_base,
1016 /* component may take multiple 4K pages */
1017 (uint32_t)(component_base - 0x1000*(c_pid4 >> 4)));
1018 command_print(cmd_ctx, "\t\tComponent class is 0x%" PRIx8 ", %s",
1019 (uint8_t)((c_cid1 >> 4) & 0xf),
1020 /* See ARM IHI 0029B Table 3-3 */
1021 class_description[(c_cid1 >> 4) & 0xf]);
1023 /* CoreSight component? */
1024 if (((c_cid1 >> 4) & 0x0f) == 9) {
1027 char *major = "Reserved", *subtype = "Reserved";
1029 retval = mem_ap_read_atomic_u32(dap,
1030 (component_base & 0xfffff000) | 0xfcc,
1032 if (retval != ERROR_OK)
1034 minor = (devtype >> 4) & 0x0f;
1035 switch (devtype & 0x0f) {
1037 major = "Miscellaneous";
1043 subtype = "Validation component";
1048 major = "Trace Sink";
1065 major = "Trace Link";
1071 subtype = "Funnel, router";
1077 subtype = "FIFO, buffer";
1082 major = "Trace Source";
1088 subtype = "Processor";
1094 subtype = "Engine/Coprocessor";
1100 subtype = "Software";
1105 major = "Debug Control";
1111 subtype = "Trigger Matrix";
1114 subtype = "Debug Auth";
1117 subtype = "Power Requestor";
1122 major = "Debug Logic";
1128 subtype = "Processor";
1134 subtype = "Engine/Coprocessor";
1145 major = "Perfomance Monitor";
1151 subtype = "Processor";
1157 subtype = "Engine/Coprocessor";
1168 command_print(cmd_ctx, "\t\tType is 0x%02" PRIx8 ", %s, %s",
1169 (uint8_t)(devtype & 0xff),
1171 /* REVISIT also show 0xfc8 DevId */
1174 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
1175 command_print(cmd_ctx,
1184 command_print(cmd_ctx,
1185 "\t\tPeripheral ID[4..0] = hex "
1186 "%02x %02x %02x %02x %02x",
1187 (int)c_pid4, (int)c_pid3, (int)c_pid2,
1188 (int)c_pid1, (int)c_pid0);
1190 /* Part number interpretations are from Cortex
1191 * core specs, the CoreSight components TRM
1192 * (ARM DDI 0314H), CoreSight System Design
1193 * Guide (ARM DGI 0012D) and ETM specs; also
1194 * from chip observation (e.g. TI SDTI).
1196 part_num = (c_pid0 & 0xff);
1197 part_num |= (c_pid1 & 0x0f) << 8;
1200 type = "Cortex-M3 NVIC";
1201 full = "(Interrupt Controller)";
1204 type = "Cortex-M3 ITM";
1205 full = "(Instrumentation Trace Module)";
1208 type = "Cortex-M3 DWT";
1209 full = "(Data Watchpoint and Trace)";
1212 type = "Cortex-M3 FBP";
1213 full = "(Flash Patch and Breakpoint)";
1216 type = "Cortex-M4 SCS";
1217 full = "(System Control Space)";
1220 type = "CoreSight ETM11";
1221 full = "(Embedded Trace)";
1223 /* case 0x113: what? */
1224 case 0x120: /* from OMAP3 memmap */
1226 full = "(System Debug Trace Interface)";
1228 case 0x343: /* from OMAP3 memmap */
1233 type = "Coresight CTI";
1234 full = "(Cross Trigger)";
1237 type = "Coresight ETB";
1238 full = "(Trace Buffer)";
1241 type = "Coresight CSTF";
1242 full = "(Trace Funnel)";
1245 type = "CoreSight ETM9";
1246 full = "(Embedded Trace)";
1249 type = "Coresight TPIU";
1250 full = "(Trace Port Interface Unit)";
1253 type = "Coresight ITM";
1254 full = "(Instrumentation Trace Macrocell)";
1257 type = "Coresight HTM";
1258 full = "(AHB Trace Macrocell)";
1261 type = "CoreSight ETM11";
1262 full = "(Embedded Trace)";
1265 type = "Cortex-A8 ETM";
1266 full = "(Embedded Trace)";
1269 type = "Cortex-A8 CTI";
1270 full = "(Cross Trigger)";
1273 type = "Cortex-M3 TPIU";
1274 full = "(Trace Port Interface Unit)";
1277 type = "Cortex-M3 ETM";
1278 full = "(Embedded Trace)";
1281 type = "Cortex-M4 ETM";
1282 full = "(Embedded Trace)";
1285 type = "Cortex-R4 ETM";
1286 full = "(Embedded Trace)";
1289 type = "CoreSight Component";
1290 full = "(unidentified Cortex-A9 component)";
1293 type = "CoreSight STM";
1294 full = "(System Trace Macrocell)";
1297 type = "CoreSight PMU";
1298 full = "(Performance Monitoring Unit)";
1301 type = "Cortex-M4 TPUI";
1302 full = "(Trace Port Interface Unit)";
1305 type = "Cortex-A8 Debug";
1306 full = "(Debug Unit)";
1309 type = "Cortex-A9 Debug";
1310 full = "(Debug Unit)";
1313 type = "-*- unrecognized -*-";
1317 command_print(cmd_ctx, "\t\tPart is %s %s",
1321 if (((c_cid1 >> 4) & 0x0f) == 1) {
1322 retval = dap_rom_display(cmd_ctx, dap, ap, component_base, depth + 1);
1323 if (retval != ERROR_OK)
1328 command_print(cmd_ctx, "\t\tComponent not present");
1333 command_print(cmd_ctx, "\t%s\tEnd of ROM table", tabs);
1337 static int dap_info_command(struct command_context *cmd_ctx,
1338 struct adiv5_dap *dap, int ap)
1341 uint32_t dbgbase, apid;
1342 int romtable_present = 0;
1346 retval = dap_get_debugbase(dap, ap, &dbgbase, &apid);
1347 if (retval != ERROR_OK)
1350 ap_old = dap->ap_current;
1351 dap_ap_select(dap, ap);
1353 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
1354 mem_ap = ((apid&0x10000) && ((apid&0x0F) != 0));
1355 command_print(cmd_ctx, "AP ID register 0x%8.8" PRIx32, apid);
1357 switch (apid&0x0F) {
1359 command_print(cmd_ctx, "\tType is JTAG-AP");
1362 command_print(cmd_ctx, "\tType is MEM-AP AHB");
1365 command_print(cmd_ctx, "\tType is MEM-AP APB");
1368 command_print(cmd_ctx, "\tUnknown AP type");
1372 /* NOTE: a MEM-AP may have a single CoreSight component that's
1373 * not a ROM table ... or have no such components at all.
1376 command_print(cmd_ctx, "AP BASE 0x%8.8" PRIx32, dbgbase);
1378 command_print(cmd_ctx, "No AP found at this ap 0x%x", ap);
1380 romtable_present = ((mem_ap) && (dbgbase != 0xFFFFFFFF));
1381 if (romtable_present) {
1382 dap_rom_display(cmd_ctx, dap, ap, dbgbase, 0);
1384 command_print(cmd_ctx, "\tNo ROM table present");
1385 dap_ap_select(dap, ap_old);
1390 COMMAND_HANDLER(handle_dap_info_command)
1392 struct target *target = get_current_target(CMD_CTX);
1393 struct arm *arm = target_to_arm(target);
1394 struct adiv5_dap *dap = arm->dap;
1402 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1405 return ERROR_COMMAND_SYNTAX_ERROR;
1408 return dap_info_command(CMD_CTX, dap, apsel);
1411 COMMAND_HANDLER(dap_baseaddr_command)
1413 struct target *target = get_current_target(CMD_CTX);
1414 struct arm *arm = target_to_arm(target);
1415 struct adiv5_dap *dap = arm->dap;
1417 uint32_t apsel, baseaddr;
1425 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1426 /* AP address is in bits 31:24 of DP_SELECT */
1428 return ERROR_COMMAND_SYNTAX_ERROR;
1431 return ERROR_COMMAND_SYNTAX_ERROR;
1434 dap_ap_select(dap, apsel);
1436 /* NOTE: assumes we're talking to a MEM-AP, which
1437 * has a base address. There are other kinds of AP,
1438 * though they're not common for now. This should
1439 * use the ID register to verify it's a MEM-AP.
1441 retval = dap_queue_ap_read(dap, AP_REG_BASE, &baseaddr);
1442 if (retval != ERROR_OK)
1444 retval = dap_run(dap);
1445 if (retval != ERROR_OK)
1448 command_print(CMD_CTX, "0x%8.8" PRIx32, baseaddr);
1453 COMMAND_HANDLER(dap_memaccess_command)
1455 struct target *target = get_current_target(CMD_CTX);
1456 struct arm *arm = target_to_arm(target);
1457 struct adiv5_dap *dap = arm->dap;
1459 uint32_t memaccess_tck;
1463 memaccess_tck = dap->memaccess_tck;
1466 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], memaccess_tck);
1469 return ERROR_COMMAND_SYNTAX_ERROR;
1471 dap->memaccess_tck = memaccess_tck;
1473 command_print(CMD_CTX, "memory bus access delay set to %" PRIi32 " tck",
1474 dap->memaccess_tck);
1479 COMMAND_HANDLER(dap_apsel_command)
1481 struct target *target = get_current_target(CMD_CTX);
1482 struct arm *arm = target_to_arm(target);
1483 struct adiv5_dap *dap = arm->dap;
1485 uint32_t apsel, apid;
1493 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1494 /* AP address is in bits 31:24 of DP_SELECT */
1496 return ERROR_COMMAND_SYNTAX_ERROR;
1499 return ERROR_COMMAND_SYNTAX_ERROR;
1503 dap_ap_select(dap, apsel);
1505 retval = dap_queue_ap_read(dap, AP_REG_IDR, &apid);
1506 if (retval != ERROR_OK)
1508 retval = dap_run(dap);
1509 if (retval != ERROR_OK)
1512 command_print(CMD_CTX, "ap %" PRIi32 " selected, identification register 0x%8.8" PRIx32,
1518 COMMAND_HANDLER(dap_apcsw_command)
1520 struct target *target = get_current_target(CMD_CTX);
1521 struct arm *arm = target_to_arm(target);
1522 struct adiv5_dap *dap = arm->dap;
1524 uint32_t apcsw = dap->apcsw[dap->apsel], sprot = 0;
1528 command_print(CMD_CTX, "apsel %" PRIi32 " selected, csw 0x%8.8" PRIx32,
1529 (dap->apsel), apcsw);
1532 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], sprot);
1533 /* AP address is in bits 31:24 of DP_SELECT */
1535 return ERROR_COMMAND_SYNTAX_ERROR;
1539 apcsw &= ~CSW_SPROT;
1542 return ERROR_COMMAND_SYNTAX_ERROR;
1544 dap->apcsw[dap->apsel] = apcsw;
1551 COMMAND_HANDLER(dap_apid_command)
1553 struct target *target = get_current_target(CMD_CTX);
1554 struct arm *arm = target_to_arm(target);
1555 struct adiv5_dap *dap = arm->dap;
1557 uint32_t apsel, apid;
1565 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1566 /* AP address is in bits 31:24 of DP_SELECT */
1568 return ERROR_COMMAND_SYNTAX_ERROR;
1571 return ERROR_COMMAND_SYNTAX_ERROR;
1574 dap_ap_select(dap, apsel);
1576 retval = dap_queue_ap_read(dap, AP_REG_IDR, &apid);
1577 if (retval != ERROR_OK)
1579 retval = dap_run(dap);
1580 if (retval != ERROR_OK)
1583 command_print(CMD_CTX, "0x%8.8" PRIx32, apid);
1588 COMMAND_HANDLER(dap_ti_be_32_quirks_command)
1590 struct target *target = get_current_target(CMD_CTX);
1591 struct arm *arm = target_to_arm(target);
1592 struct adiv5_dap *dap = arm->dap;
1594 uint32_t enable = dap->ti_be_32_quirks;
1600 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], enable);
1602 return ERROR_COMMAND_SYNTAX_ERROR;
1605 return ERROR_COMMAND_SYNTAX_ERROR;
1607 dap->ti_be_32_quirks = enable;
1608 command_print(CMD_CTX, "TI BE-32 quirks mode %s",
1609 enable ? "enabled" : "disabled");
1614 static const struct command_registration dap_commands[] = {
1617 .handler = handle_dap_info_command,
1618 .mode = COMMAND_EXEC,
1619 .help = "display ROM table for MEM-AP "
1620 "(default currently selected AP)",
1621 .usage = "[ap_num]",
1625 .handler = dap_apsel_command,
1626 .mode = COMMAND_EXEC,
1627 .help = "Set the currently selected AP (default 0) "
1628 "and display the result",
1629 .usage = "[ap_num]",
1633 .handler = dap_apcsw_command,
1634 .mode = COMMAND_EXEC,
1635 .help = "Set csw access bit ",
1641 .handler = dap_apid_command,
1642 .mode = COMMAND_EXEC,
1643 .help = "return ID register from AP "
1644 "(default currently selected AP)",
1645 .usage = "[ap_num]",
1649 .handler = dap_baseaddr_command,
1650 .mode = COMMAND_EXEC,
1651 .help = "return debug base address from MEM-AP "
1652 "(default currently selected AP)",
1653 .usage = "[ap_num]",
1656 .name = "memaccess",
1657 .handler = dap_memaccess_command,
1658 .mode = COMMAND_EXEC,
1659 .help = "set/get number of extra tck for MEM-AP memory "
1660 "bus access [0-255]",
1661 .usage = "[cycles]",
1664 .name = "ti_be_32_quirks",
1665 .handler = dap_ti_be_32_quirks_command,
1666 .mode = COMMAND_CONFIG,
1667 .help = "set/get quirks mode for TI TMS450/TMS570 processors",
1668 .usage = "[enable]",
1670 COMMAND_REGISTRATION_DONE
1673 const struct command_registration dap_command_handlers[] = {
1676 .mode = COMMAND_EXEC,
1677 .help = "DAP command group",
1679 .chain = dap_commands,
1681 COMMAND_REGISTRATION_DONE