1 /***************************************************************************
2 * Copyright (C) 2006 by Magnus Lundin *
5 * Copyright (C) 2008 by Spencer Oliver *
6 * spen@spen-soft.co.uk *
8 * Copyright (C) 2009 by Oyvind Harboe *
9 * oyvind.harboe@zylin.com *
11 * This program is free software; you can redistribute it and/or modify *
12 * it under the terms of the GNU General Public License as published by *
13 * the Free Software Foundation; either version 2 of the License, or *
14 * (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the *
23 * Free Software Foundation, Inc., *
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
25 ***************************************************************************/
29 * This file implements support for the ARM Debug Interface version 5 (ADIv5)
30 * debugging architecture. Compared with previous versions, this includes
31 * a low pin-count Serial Wire Debug (SWD) alternative to JTAG for message
32 * transport, and focusses on memory mapped resources as defined by the
33 * CoreSight architecture.
35 * A key concept in ADIv5 is the Debug Access Port, or DAP. A DAP has two
36 * basic components: a Debug Port (DP) transporting messages to and from a
37 * debugger, and an Access Port (AP) accessing resources. Three types of DP
38 * are defined. One uses only JTAG for communication, and is called JTAG-DP.
39 * One uses only SWD for communication, and is called SW-DP. The third can
40 * use either SWD or JTAG, and is called SWJ-DP. The most common type of AP
41 * is used to access memory mapped resources and is called a MEM-AP. Also a
42 * JTAG-AP is also defined, bridging to JTAG resources; those are uncommon.
46 * Relevant specifications from ARM include:
48 * ARM(tm) Debug Interface v5 Architecture Specification ARM IHI 0031A
49 * CoreSight(tm) v1.0 Architecture Specification ARM IHI 0029B
51 * CoreSight(tm) DAP-Lite TRM, ARM DDI 0316D
52 * Cortex-M3(tm) TRM, ARM DDI 0337G
59 #include "arm_adi_v5.h"
60 #include <helper/time_support.h>
64 * swjdp->trans_mode = TRANS_MODE_COMPOSITE;
65 * Uses Overrun checking mode and does not do actual JTAG send/receive or transaction
66 * result checking until swjdp_end_transaction()
67 * This must be done before using or deallocating any return variables.
68 * swjdp->trans_mode == TRANS_MODE_ATOMIC
69 * All reads and writes to the AHB bus are checked for valid completion, and return values
70 * are immediatley available.
74 /* ARM ADI Specification requires at least 10 bits used for TAR autoincrement */
77 uint32_t tar_block_size(uint32_t address)
78 Return the largest block starting at address that does not cross a tar block size alignment boundary
80 static uint32_t max_tar_block_size(uint32_t tar_autoincr_block, uint32_t address)
82 return (tar_autoincr_block - ((tar_autoincr_block - 1) & address)) >> 2;
85 /***************************************************************************
87 * DPACC and APACC scanchain access through JTAG-DP *
89 ***************************************************************************/
91 /* Scan out and in from target ordered uint8_t buffers */
92 static int adi_jtag_dp_scan(struct swjdp_common *swjdp,
93 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
94 uint8_t *outvalue, uint8_t *invalue, uint8_t *ack)
96 struct arm_jtag *jtag_info = swjdp->jtag_info;
97 struct scan_field fields[2];
100 jtag_set_end_state(TAP_IDLE);
101 arm_jtag_set_instr(jtag_info, instr, NULL);
103 /* Add specified number of tck clocks before accessing memory bus */
105 /* REVISIT these TCK cycles should be *AFTER* updating APACC, since
106 * they provide more time for the (MEM) AP to complete the read ...
108 if ((instr == JTAG_DP_APACC)
109 && ((reg_addr == AP_REG_DRW)
110 || ((reg_addr & 0xF0) == AP_REG_BD0))
111 && (swjdp->memaccess_tck != 0))
112 jtag_add_runtest(swjdp->memaccess_tck, jtag_set_end_state(TAP_IDLE));
114 fields[0].tap = jtag_info->tap;
115 fields[0].num_bits = 3;
116 buf_set_u32(&out_addr_buf, 0, 3, ((reg_addr >> 1) & 0x6) | (RnW & 0x1));
117 fields[0].out_value = &out_addr_buf;
118 fields[0].in_value = ack;
120 fields[1].tap = jtag_info->tap;
121 fields[1].num_bits = 32;
122 fields[1].out_value = outvalue;
123 fields[1].in_value = invalue;
125 jtag_add_dr_scan(2, fields, jtag_get_end_state());
130 /* Scan out and in from host ordered uint32_t variables */
131 static int adi_jtag_dp_scan_u32(struct swjdp_common *swjdp,
132 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
133 uint32_t outvalue, uint32_t *invalue, uint8_t *ack)
135 struct arm_jtag *jtag_info = swjdp->jtag_info;
136 struct scan_field fields[2];
137 uint8_t out_value_buf[4];
138 uint8_t out_addr_buf;
140 jtag_set_end_state(TAP_IDLE);
141 arm_jtag_set_instr(jtag_info, instr, NULL);
143 /* Add specified number of tck clocks before accessing memory bus */
145 /* REVISIT these TCK cycles should be *AFTER* updating APACC, since
146 * they provide more time for the (MEM) AP to complete the read ...
148 if ((instr == JTAG_DP_APACC)
149 && ((reg_addr == AP_REG_DRW)
150 || ((reg_addr & 0xF0) == AP_REG_BD0))
151 && (swjdp->memaccess_tck != 0))
152 jtag_add_runtest(swjdp->memaccess_tck, jtag_set_end_state(TAP_IDLE));
154 fields[0].tap = jtag_info->tap;
155 fields[0].num_bits = 3;
156 buf_set_u32(&out_addr_buf, 0, 3, ((reg_addr >> 1) & 0x6) | (RnW & 0x1));
157 fields[0].out_value = &out_addr_buf;
158 fields[0].in_value = ack;
160 fields[1].tap = jtag_info->tap;
161 fields[1].num_bits = 32;
162 buf_set_u32(out_value_buf, 0, 32, outvalue);
163 fields[1].out_value = out_value_buf;
164 fields[1].in_value = NULL;
168 fields[1].in_value = (uint8_t *)invalue;
169 jtag_add_dr_scan(2, fields, jtag_get_end_state());
171 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t) invalue);
175 jtag_add_dr_scan(2, fields, jtag_get_end_state());
181 /* scan_inout_check adds one extra inscan for DPAP_READ commands to read variables */
182 static int scan_inout_check(struct swjdp_common *swjdp,
183 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
184 uint8_t *outvalue, uint8_t *invalue)
186 adi_jtag_dp_scan(swjdp, instr, reg_addr, RnW, outvalue, NULL, NULL);
188 if ((RnW == DPAP_READ) && (invalue != NULL))
189 adi_jtag_dp_scan(swjdp, JTAG_DP_DPACC,
190 DP_RDBUFF, DPAP_READ, 0, invalue, &swjdp->ack);
192 /* In TRANS_MODE_ATOMIC all JTAG_DP_APACC transactions wait for
193 * ack = OK/FAULT and the check CTRL_STAT
195 if ((instr == JTAG_DP_APACC)
196 && (swjdp->trans_mode == TRANS_MODE_ATOMIC))
197 return swjdp_transaction_endcheck(swjdp);
202 static int scan_inout_check_u32(struct swjdp_common *swjdp,
203 uint8_t instr, uint8_t reg_addr, uint8_t RnW,
204 uint32_t outvalue, uint32_t *invalue)
206 /* Issue the read or write */
207 adi_jtag_dp_scan_u32(swjdp, instr, reg_addr, RnW, outvalue, NULL, NULL);
209 /* For reads, collect posted value; RDBUFF has no other effect.
210 * Assumes read gets acked with OK/FAULT, and CTRL_STAT says "OK".
212 if ((RnW == DPAP_READ) && (invalue != NULL))
213 adi_jtag_dp_scan_u32(swjdp, JTAG_DP_DPACC,
214 DP_RDBUFF, DPAP_READ, 0, invalue, &swjdp->ack);
216 /* In TRANS_MODE_ATOMIC all JTAG_DP_APACC transactions wait for
217 * ack = OK/FAULT and then check CTRL_STAT
219 if ((instr == JTAG_DP_APACC)
220 && (swjdp->trans_mode == TRANS_MODE_ATOMIC))
221 return swjdp_transaction_endcheck(swjdp);
226 int swjdp_transaction_endcheck(struct swjdp_common *swjdp)
231 /* too expensive to call keep_alive() here */
234 /* Danger!!!! BROKEN!!!! */
235 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
236 DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
237 /* Danger!!!! BROKEN!!!! Why will jtag_execute_queue() fail here????
238 R956 introduced the check on return value here and now Michael Schwingen reports
239 that this code no longer works....
241 https://lists.berlios.de/pipermail/openocd-development/2008-September/003107.html
243 if ((retval = jtag_execute_queue()) != ERROR_OK)
245 LOG_ERROR("BUG: Why does this fail the first time????");
247 /* Why??? second time it works??? */
250 /* Post CTRL/STAT read; discard any previous posted read value
251 * but collect its ACK status.
253 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
254 DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
255 if ((retval = jtag_execute_queue()) != ERROR_OK)
258 swjdp->ack = swjdp->ack & 0x7;
260 /* common code path avoids calling timeval_ms() */
261 if (swjdp->ack != JTAG_ACK_OK_FAULT)
263 long long then = timeval_ms();
265 while (swjdp->ack != JTAG_ACK_OK_FAULT)
267 if (swjdp->ack == JTAG_ACK_WAIT)
269 if ((timeval_ms()-then) > 1000)
271 /* NOTE: this would be a good spot
272 * to use JTAG_DP_ABORT.
274 LOG_WARNING("Timeout (1000ms) waiting "
276 "in JTAG-DP transaction");
277 return ERROR_JTAG_DEVICE_ERROR;
282 LOG_WARNING("Invalid ACK "
283 "in JTAG-DP transaction");
284 return ERROR_JTAG_DEVICE_ERROR;
287 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
288 DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
289 if ((retval = jtag_execute_queue()) != ERROR_OK)
291 swjdp->ack = swjdp->ack & 0x7;
295 /* Check for STICKYERR and STICKYORUN */
296 if (ctrlstat & (SSTICKYORUN | SSTICKYERR))
298 LOG_DEBUG("swjdp: CTRL/STAT error 0x%" PRIx32 "", ctrlstat);
299 /* Check power to debug regions */
300 if ((ctrlstat & 0xf0000000) != 0xf0000000)
302 ahbap_debugport_init(swjdp);
306 uint32_t mem_ap_csw, mem_ap_tar;
308 /* Print information about last AHBAP access */
309 LOG_ERROR("AHBAP Cached values: dp_select 0x%" PRIx32 ", ap_csw 0x%" PRIx32 ", ap_tar 0x%" PRIx32 "", swjdp->dp_select_value, swjdp->ap_csw_value, swjdp->ap_tar_value);
310 if (ctrlstat & SSTICKYORUN)
311 LOG_ERROR("JTAG-DP OVERRUN - "
312 "check clock or reduce jtag speed");
314 if (ctrlstat & SSTICKYERR)
315 LOG_ERROR("JTAG-DP STICKY ERROR");
317 /* Clear Sticky Error Bits */
318 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
319 DP_CTRL_STAT, DPAP_WRITE,
320 swjdp->dp_ctrl_stat | SSTICKYORUN
322 scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
323 DP_CTRL_STAT, DPAP_READ, 0, &ctrlstat);
324 if ((retval = jtag_execute_queue()) != ERROR_OK)
327 LOG_DEBUG("swjdp: status 0x%" PRIx32 "", ctrlstat);
329 dap_ap_read_reg_u32(swjdp, AP_REG_CSW, &mem_ap_csw);
330 dap_ap_read_reg_u32(swjdp, AP_REG_TAR, &mem_ap_tar);
331 if ((retval = jtag_execute_queue()) != ERROR_OK)
333 LOG_ERROR("Read MEM_AP_CSW 0x%" PRIx32 ", MEM_AP_TAR 0x%" PRIx32 "", mem_ap_csw, mem_ap_tar);
336 if ((retval = jtag_execute_queue()) != ERROR_OK)
338 return ERROR_JTAG_DEVICE_ERROR;
344 /***************************************************************************
346 * DP and MEM-AP register access through APACC and DPACC *
348 ***************************************************************************/
350 static int dap_dp_write_reg(struct swjdp_common *swjdp,
351 uint32_t value, uint8_t reg_addr)
353 return scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
354 reg_addr, DPAP_WRITE, value, NULL);
357 static int dap_dp_read_reg(struct swjdp_common *swjdp,
358 uint32_t *value, uint8_t reg_addr)
360 return scan_inout_check_u32(swjdp, JTAG_DP_DPACC,
361 reg_addr, DPAP_READ, 0, value);
364 int dap_ap_select(struct swjdp_common *swjdp,uint8_t apsel)
367 select = (apsel << 24) & 0xFF000000;
369 if (select != swjdp->apsel)
371 swjdp->apsel = select;
372 /* Switching AP invalidates cached values */
373 swjdp->dp_select_value = -1;
374 swjdp->ap_csw_value = -1;
375 swjdp->ap_tar_value = -1;
381 static int dap_dp_bankselect(struct swjdp_common *swjdp, uint32_t ap_reg)
384 select = (ap_reg & 0x000000F0);
386 if (select != swjdp->dp_select_value)
388 dap_dp_write_reg(swjdp, select | swjdp->apsel, DP_SELECT);
389 swjdp->dp_select_value = select;
395 static int dap_ap_write_reg(struct swjdp_common *swjdp,
396 uint32_t reg_addr, uint8_t *out_value_buf)
398 dap_dp_bankselect(swjdp, reg_addr);
399 scan_inout_check(swjdp, JTAG_DP_APACC, reg_addr,
400 DPAP_WRITE, out_value_buf, NULL);
405 int dap_ap_write_reg_u32(struct swjdp_common *swjdp, uint32_t reg_addr, uint32_t value)
407 uint8_t out_value_buf[4];
409 buf_set_u32(out_value_buf, 0, 32, value);
410 dap_dp_bankselect(swjdp, reg_addr);
411 scan_inout_check(swjdp, JTAG_DP_APACC, reg_addr,
412 DPAP_WRITE, out_value_buf, NULL);
417 int dap_ap_read_reg_u32(struct swjdp_common *swjdp, uint32_t reg_addr, uint32_t *value)
419 dap_dp_bankselect(swjdp, reg_addr);
420 scan_inout_check_u32(swjdp, JTAG_DP_APACC, reg_addr,
421 DPAP_READ, 0, value);
426 /***************************************************************************
428 * AHB-AP access to memory and system registers on AHB bus *
430 ***************************************************************************/
432 int dap_setup_accessport(struct swjdp_common *swjdp, uint32_t csw, uint32_t tar)
434 csw = csw | CSW_DBGSWENABLE | CSW_MASTER_DEBUG | CSW_HPROT;
435 if (csw != swjdp->ap_csw_value)
437 /* LOG_DEBUG("swjdp : Set CSW %x",csw); */
438 dap_ap_write_reg_u32(swjdp, AP_REG_CSW, csw);
439 swjdp->ap_csw_value = csw;
441 if (tar != swjdp->ap_tar_value)
443 /* LOG_DEBUG("swjdp : Set TAR %x",tar); */
444 dap_ap_write_reg_u32(swjdp, AP_REG_TAR, tar);
445 swjdp->ap_tar_value = tar;
447 if (csw & CSW_ADDRINC_MASK)
449 /* Do not cache TAR value when autoincrementing */
450 swjdp->ap_tar_value = -1;
455 /*****************************************************************************
457 * mem_ap_read_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t *value) *
459 * Read a uint32_t value from memory or system register *
460 * Functionally equivalent to target_read_u32(target, address, uint32_t *value), *
461 * but with less overhead *
462 *****************************************************************************/
463 int mem_ap_read_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t *value)
465 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
467 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_OFF, address & 0xFFFFFFF0);
468 dap_ap_read_reg_u32(swjdp, AP_REG_BD0 | (address & 0xC), value);
473 int mem_ap_read_atomic_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t *value)
475 mem_ap_read_u32(swjdp, address, value);
477 return swjdp_transaction_endcheck(swjdp);
480 /*****************************************************************************
482 * mem_ap_write_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t value) *
484 * Write a uint32_t value to memory or memory mapped register *
486 *****************************************************************************/
487 int mem_ap_write_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t value)
489 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
491 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_OFF, address & 0xFFFFFFF0);
492 dap_ap_write_reg_u32(swjdp, AP_REG_BD0 | (address & 0xC), value);
497 int mem_ap_write_atomic_u32(struct swjdp_common *swjdp, uint32_t address, uint32_t value)
499 mem_ap_write_u32(swjdp, address, value);
501 return swjdp_transaction_endcheck(swjdp);
504 /*****************************************************************************
506 * mem_ap_write_buf(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address) *
508 * Write a buffer in target order (little endian) *
510 *****************************************************************************/
511 int mem_ap_write_buf_u32(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
513 int wcount, blocksize, writecount, errorcount = 0, retval = ERROR_OK;
514 uint32_t adr = address;
515 uint8_t* pBuffer = buffer;
517 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
522 /* if we have an unaligned access - reorder data */
525 for (writecount = 0; writecount < count; writecount++)
529 memcpy(&outvalue, pBuffer, sizeof(uint32_t));
531 for (i = 0; i < 4; i++)
533 *((uint8_t*)pBuffer + (adr & 0x3)) = outvalue;
537 pBuffer += sizeof(uint32_t);
543 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
544 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
545 if (wcount < blocksize)
548 /* handle unaligned data at 4k boundary */
552 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_SINGLE, address);
554 for (writecount = 0; writecount < blocksize; writecount++)
556 dap_ap_write_reg(swjdp, AP_REG_DRW, buffer + 4 * writecount);
559 if (swjdp_transaction_endcheck(swjdp) == ERROR_OK)
561 wcount = wcount - blocksize;
562 address = address + 4 * blocksize;
563 buffer = buffer + 4 * blocksize;
572 LOG_WARNING("Block write error address 0x%" PRIx32 ", wcount 0x%x", address, wcount);
573 return ERROR_JTAG_DEVICE_ERROR;
580 static int mem_ap_write_buf_packed_u16(struct swjdp_common *swjdp,
581 uint8_t *buffer, int count, uint32_t address)
583 int retval = ERROR_OK;
584 int wcount, blocksize, writecount, i;
586 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
594 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
595 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
597 if (wcount < blocksize)
600 /* handle unaligned data at 4k boundary */
604 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_PACKED, address);
605 writecount = blocksize;
609 nbytes = MIN((writecount << 1), 4);
613 if (mem_ap_write_buf_u16(swjdp, buffer, nbytes, address) != ERROR_OK)
615 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
616 return ERROR_JTAG_DEVICE_ERROR;
619 address += nbytes >> 1;
624 memcpy(&outvalue, buffer, sizeof(uint32_t));
626 for (i = 0; i < nbytes; i++)
628 *((uint8_t*)buffer + (address & 0x3)) = outvalue;
633 memcpy(&outvalue, buffer, sizeof(uint32_t));
634 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
635 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
637 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
638 return ERROR_JTAG_DEVICE_ERROR;
642 buffer += nbytes >> 1;
643 writecount -= nbytes >> 1;
645 } while (writecount);
652 int mem_ap_write_buf_u16(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
654 int retval = ERROR_OK;
657 return mem_ap_write_buf_packed_u16(swjdp, buffer, count, address);
659 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
663 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_SINGLE, address);
665 memcpy(&svalue, buffer, sizeof(uint16_t));
666 uint32_t outvalue = (uint32_t)svalue << 8 * (address & 0x3);
667 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
668 retval = swjdp_transaction_endcheck(swjdp);
677 static int mem_ap_write_buf_packed_u8(struct swjdp_common *swjdp,
678 uint8_t *buffer, int count, uint32_t address)
680 int retval = ERROR_OK;
681 int wcount, blocksize, writecount, i;
683 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
691 /* Adjust to write blocks within boundaries aligned to the TAR autoincremnent size*/
692 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
694 if (wcount < blocksize)
697 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_PACKED, address);
698 writecount = blocksize;
702 nbytes = MIN(writecount, 4);
706 if (mem_ap_write_buf_u8(swjdp, buffer, nbytes, address) != ERROR_OK)
708 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
709 return ERROR_JTAG_DEVICE_ERROR;
717 memcpy(&outvalue, buffer, sizeof(uint32_t));
719 for (i = 0; i < nbytes; i++)
721 *((uint8_t*)buffer + (address & 0x3)) = outvalue;
726 memcpy(&outvalue, buffer, sizeof(uint32_t));
727 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
728 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
730 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
731 return ERROR_JTAG_DEVICE_ERROR;
736 writecount -= nbytes;
738 } while (writecount);
745 int mem_ap_write_buf_u8(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
747 int retval = ERROR_OK;
750 return mem_ap_write_buf_packed_u8(swjdp, buffer, count, address);
752 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
756 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_SINGLE, address);
757 uint32_t outvalue = (uint32_t)*buffer << 8 * (address & 0x3);
758 dap_ap_write_reg_u32(swjdp, AP_REG_DRW, outvalue);
759 retval = swjdp_transaction_endcheck(swjdp);
768 /*********************************************************************************
770 * mem_ap_read_buf_u32(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address) *
772 * Read block fast in target order (little endian) into a buffer *
774 **********************************************************************************/
775 int mem_ap_read_buf_u32(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
777 int wcount, blocksize, readcount, errorcount = 0, retval = ERROR_OK;
778 uint32_t adr = address;
779 uint8_t* pBuffer = buffer;
781 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
788 /* Adjust to read blocks within boundaries aligned to the TAR autoincremnent size*/
789 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
790 if (wcount < blocksize)
793 /* handle unaligned data at 4k boundary */
797 dap_setup_accessport(swjdp, CSW_32BIT | CSW_ADDRINC_SINGLE, address);
799 /* Scan out first read */
800 adi_jtag_dp_scan(swjdp, JTAG_DP_APACC, AP_REG_DRW,
801 DPAP_READ, 0, NULL, NULL);
802 for (readcount = 0; readcount < blocksize - 1; readcount++)
804 /* Scan out next read; scan in posted value for the
805 * previous one. Assumes read is acked "OK/FAULT",
806 * and CTRL_STAT says that meant "OK".
808 adi_jtag_dp_scan(swjdp, JTAG_DP_APACC, AP_REG_DRW,
809 DPAP_READ, 0, buffer + 4 * readcount,
813 /* Scan in last posted value; RDBUFF has no other effect,
814 * assuming ack is OK/FAULT and CTRL_STAT says "OK".
816 adi_jtag_dp_scan(swjdp, JTAG_DP_DPACC, DP_RDBUFF,
817 DPAP_READ, 0, buffer + 4 * readcount,
819 if (swjdp_transaction_endcheck(swjdp) == ERROR_OK)
821 wcount = wcount - blocksize;
822 address += 4 * blocksize;
823 buffer += 4 * blocksize;
832 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
833 return ERROR_JTAG_DEVICE_ERROR;
837 /* if we have an unaligned access - reorder data */
840 for (readcount = 0; readcount < count; readcount++)
844 memcpy(&data, pBuffer, sizeof(uint32_t));
846 for (i = 0; i < 4; i++)
848 *((uint8_t*)pBuffer) = (data >> 8 * (adr & 0x3));
858 static int mem_ap_read_buf_packed_u16(struct swjdp_common *swjdp,
859 uint8_t *buffer, int count, uint32_t address)
862 int retval = ERROR_OK;
863 int wcount, blocksize, readcount, i;
865 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
873 /* Adjust to read blocks within boundaries aligned to the TAR autoincremnent size*/
874 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
875 if (wcount < blocksize)
878 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_PACKED, address);
880 /* handle unaligned data at 4k boundary */
883 readcount = blocksize;
887 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
888 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
890 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
891 return ERROR_JTAG_DEVICE_ERROR;
894 nbytes = MIN((readcount << 1), 4);
896 for (i = 0; i < nbytes; i++)
898 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
903 readcount -= (nbytes >> 1);
911 int mem_ap_read_buf_u16(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
914 int retval = ERROR_OK;
917 return mem_ap_read_buf_packed_u16(swjdp, buffer, count, address);
919 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
923 dap_setup_accessport(swjdp, CSW_16BIT | CSW_ADDRINC_SINGLE, address);
924 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
925 retval = swjdp_transaction_endcheck(swjdp);
928 for (i = 0; i < 2; i++)
930 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
937 uint16_t svalue = (invalue >> 8 * (address & 0x3));
938 memcpy(buffer, &svalue, sizeof(uint16_t));
948 /* FIX!!! is this a potential performance bottleneck w.r.t. requiring too many
949 * roundtrips when jtag_execute_queue() has a large overhead(e.g. for USB)s?
951 * The solution is to arrange for a large out/in scan in this loop and
952 * and convert data afterwards.
954 static int mem_ap_read_buf_packed_u8(struct swjdp_common *swjdp,
955 uint8_t *buffer, int count, uint32_t address)
958 int retval = ERROR_OK;
959 int wcount, blocksize, readcount, i;
961 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
969 /* Adjust to read blocks within boundaries aligned to the TAR autoincremnent size*/
970 blocksize = max_tar_block_size(swjdp->tar_autoincr_block, address);
972 if (wcount < blocksize)
975 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_PACKED, address);
976 readcount = blocksize;
980 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
981 if (swjdp_transaction_endcheck(swjdp) != ERROR_OK)
983 LOG_WARNING("Block read error address 0x%" PRIx32 ", count 0x%x", address, count);
984 return ERROR_JTAG_DEVICE_ERROR;
987 nbytes = MIN(readcount, 4);
989 for (i = 0; i < nbytes; i++)
991 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
1004 int mem_ap_read_buf_u8(struct swjdp_common *swjdp, uint8_t *buffer, int count, uint32_t address)
1007 int retval = ERROR_OK;
1010 return mem_ap_read_buf_packed_u8(swjdp, buffer, count, address);
1012 swjdp->trans_mode = TRANS_MODE_COMPOSITE;
1016 dap_setup_accessport(swjdp, CSW_8BIT | CSW_ADDRINC_SINGLE, address);
1017 dap_ap_read_reg_u32(swjdp, AP_REG_DRW, &invalue);
1018 retval = swjdp_transaction_endcheck(swjdp);
1019 *((uint8_t*)buffer) = (invalue >> 8 * (address & 0x3));
1031 * @todo Rename this. We also need an initialization scheme which account
1032 * for SWD transports not just JTAG; that will need to address differences
1033 * in layering. (JTAG is useful without any debug target; but not SWD.)
1035 int ahbap_debugport_init(struct swjdp_common *swjdp)
1037 uint32_t idreg, romaddr, dummy;
1044 /* Default MEM-AP setup.
1046 * REVISIT AP #0 may be an inappropriate default for this.
1047 * Should we probe, or receve a hint from the caller?
1048 * Presumably we can ignore the possibility of multiple APs.
1051 swjdp->ap_csw_value = -1;
1052 swjdp->ap_tar_value = -1;
1054 /* DP initialization */
1055 swjdp->trans_mode = TRANS_MODE_ATOMIC;
1056 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1057 dap_dp_write_reg(swjdp, SSTICKYERR, DP_CTRL_STAT);
1058 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1060 swjdp->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ;
1062 dap_dp_write_reg(swjdp, swjdp->dp_ctrl_stat, DP_CTRL_STAT);
1063 dap_dp_read_reg(swjdp, &ctrlstat, DP_CTRL_STAT);
1064 if ((retval = jtag_execute_queue()) != ERROR_OK)
1067 /* Check that we have debug power domains activated */
1068 while (!(ctrlstat & CDBGPWRUPACK) && (cnt++ < 10))
1070 LOG_DEBUG("swjdp: wait CDBGPWRUPACK");
1071 dap_dp_read_reg(swjdp, &ctrlstat, DP_CTRL_STAT);
1072 if ((retval = jtag_execute_queue()) != ERROR_OK)
1077 while (!(ctrlstat & CSYSPWRUPACK) && (cnt++ < 10))
1079 LOG_DEBUG("swjdp: wait CSYSPWRUPACK");
1080 dap_dp_read_reg(swjdp, &ctrlstat, DP_CTRL_STAT);
1081 if ((retval = jtag_execute_queue()) != ERROR_OK)
1086 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1087 /* With debug power on we can activate OVERRUN checking */
1088 swjdp->dp_ctrl_stat = CDBGPWRUPREQ | CSYSPWRUPREQ | CORUNDETECT;
1089 dap_dp_write_reg(swjdp, swjdp->dp_ctrl_stat, DP_CTRL_STAT);
1090 dap_dp_read_reg(swjdp, &dummy, DP_CTRL_STAT);
1093 * REVISIT this isn't actually *initializing* anything in an AP,
1094 * and doesn't care if it's a MEM-AP at all (much less AHB-AP).
1095 * Should it? If the ROM address is valid, is this the right
1096 * place to scan the table and do any topology detection?
1098 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &idreg);
1099 dap_ap_read_reg_u32(swjdp, AP_REG_BASE, &romaddr);
1101 LOG_DEBUG("AHB-AP ID Register 0x%" PRIx32 ", Debug ROM Address 0x%" PRIx32 "", idreg, romaddr);
1106 /* CID interpretation -- see ARM IHI 0029B section 3
1107 * and ARM IHI 0031A table 13-3.
1109 static const char *class_description[16] ={
1110 "Reserved", "ROM table", "Reserved", "Reserved",
1111 "Reserved", "Reserved", "Reserved", "Reserved",
1112 "Reserved", "CoreSight component", "Reserved", "Peripheral Test Block",
1113 "Reserved", "OptimoDE DESS",
1114 "Generic IP component", "PrimeCell or System component"
1118 is_dap_cid_ok(uint32_t cid3, uint32_t cid2, uint32_t cid1, uint32_t cid0)
1120 return cid3 == 0xb1 && cid2 == 0x05
1121 && ((cid1 & 0x0f) == 0) && cid0 == 0x0d;
1124 int dap_info_command(struct command_context *cmd_ctx, struct swjdp_common *swjdp, int apsel)
1127 uint32_t dbgbase, apid;
1128 int romtable_present = 0;
1132 apselold = swjdp->apsel;
1133 dap_ap_select(swjdp, apsel);
1134 dap_ap_read_reg_u32(swjdp, AP_REG_BASE, &dbgbase);
1135 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &apid);
1136 swjdp_transaction_endcheck(swjdp);
1137 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
1138 mem_ap = ((apid&0x10000) && ((apid&0x0F) != 0));
1139 command_print(cmd_ctx, "AP ID register 0x%8.8" PRIx32, apid);
1145 command_print(cmd_ctx, "\tType is JTAG-AP");
1148 command_print(cmd_ctx, "\tType is MEM-AP AHB");
1151 command_print(cmd_ctx, "\tType is MEM-AP APB");
1154 command_print(cmd_ctx, "\tUnknown AP type");
1158 /* NOTE: a MEM-AP may have a single CoreSight component that's
1159 * not a ROM table ... or have no such components at all.
1162 command_print(cmd_ctx, "AP BASE 0x%8.8" PRIx32,
1167 command_print(cmd_ctx, "No AP found at this apsel 0x%x", apsel);
1170 romtable_present = ((mem_ap) && (dbgbase != 0xFFFFFFFF));
1171 if (romtable_present)
1173 uint32_t cid0,cid1,cid2,cid3,memtype,romentry;
1174 uint16_t entry_offset;
1176 /* bit 16 of apid indicates a memory access port */
1178 command_print(cmd_ctx, "\tValid ROM table present");
1180 command_print(cmd_ctx, "\tROM table in legacy format");
1182 /* Now we read ROM table ID registers, ref. ARM IHI 0029B sec */
1183 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFF0, &cid0);
1184 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFF4, &cid1);
1185 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFF8, &cid2);
1186 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFFC, &cid3);
1187 mem_ap_read_u32(swjdp, (dbgbase&0xFFFFF000) | 0xFCC, &memtype);
1188 swjdp_transaction_endcheck(swjdp);
1189 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
1190 command_print(cmd_ctx, "\tCID3 0x%2.2" PRIx32
1191 ", CID2 0x%2.2" PRIx32
1192 ", CID1 0x%2.2" PRIx32
1193 ", CID0 0x%2.2" PRIx32,
1194 cid3, cid2, cid1, cid0);
1196 command_print(cmd_ctx, "\tMEMTYPE system memory present on bus");
1198 command_print(cmd_ctx, "\tMEMTYPE System memory not present. "
1199 "Dedicated debug bus.");
1201 /* Now we read ROM table entries from dbgbase&0xFFFFF000) | 0x000 until we get 0x00000000 */
1205 mem_ap_read_atomic_u32(swjdp, (dbgbase&0xFFFFF000) | entry_offset, &romentry);
1206 command_print(cmd_ctx, "\tROMTABLE[0x%x] = 0x%" PRIx32 "",entry_offset,romentry);
1209 uint32_t c_cid0, c_cid1, c_cid2, c_cid3;
1210 uint32_t c_pid0, c_pid1, c_pid2, c_pid3, c_pid4;
1211 uint32_t component_start, component_base;
1215 component_base = (uint32_t)((dbgbase & 0xFFFFF000)
1216 + (int)(romentry & 0xFFFFF000));
1217 mem_ap_read_atomic_u32(swjdp,
1218 (component_base & 0xFFFFF000) | 0xFE0, &c_pid0);
1219 mem_ap_read_atomic_u32(swjdp,
1220 (component_base & 0xFFFFF000) | 0xFE4, &c_pid1);
1221 mem_ap_read_atomic_u32(swjdp,
1222 (component_base & 0xFFFFF000) | 0xFE8, &c_pid2);
1223 mem_ap_read_atomic_u32(swjdp,
1224 (component_base & 0xFFFFF000) | 0xFEC, &c_pid3);
1225 mem_ap_read_atomic_u32(swjdp,
1226 (component_base & 0xFFFFF000) | 0xFD0, &c_pid4);
1227 mem_ap_read_atomic_u32(swjdp,
1228 (component_base & 0xFFFFF000) | 0xFF0, &c_cid0);
1229 mem_ap_read_atomic_u32(swjdp,
1230 (component_base & 0xFFFFF000) | 0xFF4, &c_cid1);
1231 mem_ap_read_atomic_u32(swjdp,
1232 (component_base & 0xFFFFF000) | 0xFF8, &c_cid2);
1233 mem_ap_read_atomic_u32(swjdp,
1234 (component_base & 0xFFFFF000) | 0xFFC, &c_cid3);
1235 component_start = component_base - 0x1000*(c_pid4 >> 4);
1237 command_print(cmd_ctx, "\t\tComponent base address 0x%" PRIx32
1238 ", start address 0x%" PRIx32,
1239 component_base, component_start);
1240 command_print(cmd_ctx, "\t\tComponent class is 0x%x, %s",
1241 (int) (c_cid1 >> 4) & 0xf,
1242 /* See ARM IHI 0029B Table 3-3 */
1243 class_description[(c_cid1 >> 4) & 0xf]);
1245 /* CoreSight component? */
1246 if (((c_cid1 >> 4) & 0x0f) == 9) {
1249 char *major = "Reserved", *subtype = "Reserved";
1251 mem_ap_read_atomic_u32(swjdp,
1252 (component_base & 0xfffff000) | 0xfcc,
1254 minor = (devtype >> 4) & 0x0f;
1255 switch (devtype & 0x0f) {
1257 major = "Miscellaneous";
1263 subtype = "Validation component";
1268 major = "Trace Sink";
1282 major = "Trace Link";
1288 subtype = "Funnel, router";
1294 subtype = "FIFO, buffer";
1299 major = "Trace Source";
1305 subtype = "Processor";
1311 subtype = "Engine/Coprocessor";
1319 major = "Debug Control";
1325 subtype = "Trigger Matrix";
1328 subtype = "Debug Auth";
1333 major = "Debug Logic";
1339 subtype = "Processor";
1345 subtype = "Engine/Coprocessor";
1350 command_print(cmd_ctx, "\t\tType is 0x%2.2x, %s, %s",
1351 (unsigned) (devtype & 0xff),
1353 /* REVISIT also show 0xfc8 DevId */
1356 if (!is_dap_cid_ok(cid3, cid2, cid1, cid0))
1357 command_print(cmd_ctx, "\t\tCID3 0x%2.2" PRIx32
1358 ", CID2 0x%2.2" PRIx32
1359 ", CID1 0x%2.2" PRIx32
1360 ", CID0 0x%2.2" PRIx32,
1361 c_cid3, c_cid2, c_cid1, c_cid0);
1362 command_print(cmd_ctx, "\t\tPeripheral ID[4..0] = hex "
1363 "%2.2x %2.2x %2.2x %2.2x %2.2x",
1365 (int) c_pid3, (int) c_pid2,
1366 (int) c_pid1, (int) c_pid0);
1368 /* Part number interpretations are from Cortex
1369 * core specs, the CoreSight components TRM
1370 * (ARM DDI 0314H), and ETM specs; also from
1371 * chip observation (e.g. TI SDTI).
1373 part_num = c_pid0 & 0xff;
1374 part_num |= (c_pid1 & 0x0f) << 8;
1377 type = "Cortex-M3 NVIC";
1378 full = "(Interrupt Controller)";
1381 type = "Cortex-M3 ITM";
1382 full = "(Instrumentation Trace Module)";
1385 type = "Cortex-M3 DWT";
1386 full = "(Data Watchpoint and Trace)";
1389 type = "Cortex-M3 FBP";
1390 full = "(Flash Patch and Breakpoint)";
1393 type = "CoreSight ETM11";
1394 full = "(Embedded Trace)";
1396 // case 0x113: what?
1397 case 0x120: /* from OMAP3 memmap */
1399 full = "(System Debug Trace Interface)";
1401 case 0x343: /* from OMAP3 memmap */
1406 type = "Cortex-M3 ETM";
1407 full = "(Embedded Trace)";
1410 type = "Coresight CTI";
1411 full = "(Cross Trigger)";
1414 type = "Coresight ETB";
1415 full = "(Trace Buffer)";
1418 type = "Coresight CSTF";
1419 full = "(Trace Funnel)";
1422 type = "CoreSight ETM9";
1423 full = "(Embedded Trace)";
1426 type = "Coresight TPIU";
1427 full = "(Trace Port Interface Unit)";
1430 type = "Cortex-A8 ETM";
1431 full = "(Embedded Trace)";
1434 type = "Cortex-A8 CTI";
1435 full = "(Cross Trigger)";
1438 type = "Cortex-M3 TPIU";
1439 full = "(Trace Port Interface Unit)";
1442 type = "Cortex-A8 Debug";
1443 full = "(Debug Unit)";
1446 type = "-*- unrecognized -*-";
1450 command_print(cmd_ctx, "\t\tPart is %s %s",
1456 command_print(cmd_ctx, "\t\tComponent not present");
1458 command_print(cmd_ctx, "\t\tEnd of ROM table");
1461 } while (romentry > 0);
1465 command_print(cmd_ctx, "\tNo ROM table present");
1467 dap_ap_select(swjdp, apselold);
1472 DAP_COMMAND_HANDLER(dap_baseaddr_command)
1474 uint32_t apsel, apselsave, baseaddr;
1477 apselsave = swjdp->apsel;
1480 apsel = swjdp->apsel;
1483 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1486 return ERROR_COMMAND_SYNTAX_ERROR;
1489 if (apselsave != apsel)
1490 dap_ap_select(swjdp, apsel);
1492 dap_ap_read_reg_u32(swjdp, AP_REG_BASE, &baseaddr);
1493 retval = swjdp_transaction_endcheck(swjdp);
1494 command_print(CMD_CTX, "0x%8.8" PRIx32, baseaddr);
1496 if (apselsave != apsel)
1497 dap_ap_select(swjdp, apselsave);
1502 DAP_COMMAND_HANDLER(dap_memaccess_command)
1504 uint32_t memaccess_tck;
1508 memaccess_tck = swjdp->memaccess_tck;
1511 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], memaccess_tck);
1514 return ERROR_COMMAND_SYNTAX_ERROR;
1516 swjdp->memaccess_tck = memaccess_tck;
1518 command_print(CMD_CTX, "memory bus access delay set to %" PRIi32 " tck",
1519 swjdp->memaccess_tck);
1524 DAP_COMMAND_HANDLER(dap_apsel_command)
1526 uint32_t apsel, apid;
1534 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1537 return ERROR_COMMAND_SYNTAX_ERROR;
1540 dap_ap_select(swjdp, apsel);
1541 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &apid);
1542 retval = swjdp_transaction_endcheck(swjdp);
1543 command_print(CMD_CTX, "ap %" PRIi32 " selected, identification register 0x%8.8" PRIx32,
1549 DAP_COMMAND_HANDLER(dap_apid_command)
1551 uint32_t apsel, apselsave, apid;
1554 apselsave = swjdp->apsel;
1557 apsel = swjdp->apsel;
1560 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], apsel);
1563 return ERROR_COMMAND_SYNTAX_ERROR;
1566 if (apselsave != apsel)
1567 dap_ap_select(swjdp, apsel);
1569 dap_ap_read_reg_u32(swjdp, AP_REG_IDR, &apid);
1570 retval = swjdp_transaction_endcheck(swjdp);
1571 command_print(CMD_CTX, "0x%8.8" PRIx32, apid);
1572 if (apselsave != apsel)
1573 dap_ap_select(swjdp, apselsave);