]> git.zerfleddert.de Git - proxmark3-svn/blame - armsrc/fpgaloader.c
projects / proxmark3-svn / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Split str* and mem* into string.[ch]
[proxmark3-svn] / armsrc / fpgaloader.c
CommitLineData
15c4dc5a 1//-----------------------------------------------------------------------------
2// Routines to load the FPGA image, and then to configure the FPGA's major
3// mode once it is configured.
4//
5// Jonathan Westhues, April 2006
6//-----------------------------------------------------------------------------
e30c654b 7#include "proxmark3.h"
15c4dc5a 8#include "apps.h"
f7e3ed82 9#include "util.h"
9ab7a6c7 10#include "string.h"
15c4dc5a 11
12//-----------------------------------------------------------------------------
13// Set up the Serial Peripheral Interface as master
14// Used to write the FPGA config word
15// May also be used to write to other SPI attached devices like an LCD
16//-----------------------------------------------------------------------------
17void SetupSpi(int mode)
18{
19 // PA10 -> SPI_NCS2 chip select (LCD)
20 // PA11 -> SPI_NCS0 chip select (FPGA)
21 // PA12 -> SPI_MISO Master-In Slave-Out
22 // PA13 -> SPI_MOSI Master-Out Slave-In
23 // PA14 -> SPI_SPCK Serial Clock
24
25 // Disable PIO control of the following pins, allows use by the SPI peripheral
26 AT91C_BASE_PIOA->PIO_PDR =
27 GPIO_NCS0 |
28 GPIO_NCS2 |
29 GPIO_MISO |
30 GPIO_MOSI |
31 GPIO_SPCK;
32
33 AT91C_BASE_PIOA->PIO_ASR =
34 GPIO_NCS0 |
35 GPIO_MISO |
36 GPIO_MOSI |
37 GPIO_SPCK;
38
39 AT91C_BASE_PIOA->PIO_BSR = GPIO_NCS2;
40
41 //enable the SPI Peripheral clock
42 AT91C_BASE_PMC->PMC_PCER = (1<<AT91C_ID_SPI);
43 // Enable SPI
44 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIEN;
45
46 switch (mode) {
47 case SPI_FPGA_MODE:
48 AT91C_BASE_SPI->SPI_MR =
49 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
50 (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)
51 ( 0 << 7) | // Local Loopback Disabled
52 ( 1 << 4) | // Mode Fault Detection disabled
53 ( 0 << 2) | // Chip selects connected directly to peripheral
54 ( 0 << 1) | // Fixed Peripheral Select
55 ( 1 << 0); // Master Mode
56 AT91C_BASE_SPI->SPI_CSR[0] =
57 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
58 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
59 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
60 ( 8 << 4) | // Bits per Transfer (16 bits)
61 ( 0 << 3) | // Chip Select inactive after transfer
62 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
63 ( 0 << 0); // Clock Polarity inactive state is logic 0
64 break;
65 case SPI_LCD_MODE:
66 AT91C_BASE_SPI->SPI_MR =
67 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
68 (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)
69 ( 0 << 7) | // Local Loopback Disabled
70 ( 1 << 4) | // Mode Fault Detection disabled
71 ( 0 << 2) | // Chip selects connected directly to peripheral
72 ( 0 << 1) | // Fixed Peripheral Select
73 ( 1 << 0); // Master Mode
74 AT91C_BASE_SPI->SPI_CSR[2] =
75 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
76 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
77 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
78 ( 1 << 4) | // Bits per Transfer (9 bits)
79 ( 0 << 3) | // Chip Select inactive after transfer
80 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
81 ( 0 << 0); // Clock Polarity inactive state is logic 0
82 break;
83 default: // Disable SPI
84 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIDIS;
85 break;
86 }
87}
88
89//-----------------------------------------------------------------------------
90// Set up the synchronous serial port, with the one set of options that we
91// always use when we are talking to the FPGA. Both RX and TX are enabled.
92//-----------------------------------------------------------------------------
93void FpgaSetupSsc(void)
94{
95 // First configure the GPIOs, and get ourselves a clock.
96 AT91C_BASE_PIOA->PIO_ASR =
97 GPIO_SSC_FRAME |
98 GPIO_SSC_DIN |
99 GPIO_SSC_DOUT |
100 GPIO_SSC_CLK;
101 AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT;
102
103 AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC);
104
105 // Now set up the SSC proper, starting from a known state.
106 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
107
108 // RX clock comes from TX clock, RX starts when TX starts, data changes
109 // on RX clock rising edge, sampled on falling edge
110 AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
111
112 // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync
113 // pulse, no output sync, start on positive-going edge of sync
114 AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) |
115 AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
116
117 // clock comes from TK pin, no clock output, outputs change on falling
118 // edge of TK, start on rising edge of TF
119 AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) |
120 SSC_CLOCK_MODE_START(5);
121
122 // tx framing is the same as the rx framing
123 AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR;
124
125 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN;
126}
127
128//-----------------------------------------------------------------------------
129// Set up DMA to receive samples from the FPGA. We will use the PDC, with
130// a single buffer as a circular buffer (so that we just chain back to
131// ourselves, not to another buffer). The stuff to manipulate those buffers
132// is in apps.h, because it should be inlined, for speed.
133//-----------------------------------------------------------------------------
f7e3ed82 134void FpgaSetupSscDma(uint8_t *buf, int len)
15c4dc5a 135{
f7e3ed82 136 AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) buf;
15c4dc5a 137 AT91C_BASE_PDC_SSC->PDC_RCR = len;
f7e3ed82 138 AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) buf;
15c4dc5a 139 AT91C_BASE_PDC_SSC->PDC_RNCR = len;
140 AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;
141}
142
143static void DownloadFPGA_byte(unsigned char w)
144{
145#define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }
146 SEND_BIT(7);
147 SEND_BIT(6);
148 SEND_BIT(5);
149 SEND_BIT(4);
150 SEND_BIT(3);
151 SEND_BIT(2);
152 SEND_BIT(1);
153 SEND_BIT(0);
154}
155
156// Download the fpga image starting at FpgaImage and with length FpgaImageLen bytes
157// If bytereversal is set: reverse the byte order in each 4-byte word
158static void DownloadFPGA(const char *FpgaImage, int FpgaImageLen, int bytereversal)
159{
160 int i=0;
161
162 AT91C_BASE_PIOA->PIO_OER = GPIO_FPGA_ON;
163 AT91C_BASE_PIOA->PIO_PER = GPIO_FPGA_ON;
164 HIGH(GPIO_FPGA_ON); // ensure everything is powered on
165
166 SpinDelay(50);
167
168 LED_D_ON();
169
170 // These pins are inputs
171 AT91C_BASE_PIOA->PIO_ODR =
172 GPIO_FPGA_NINIT |
173 GPIO_FPGA_DONE;
174 // PIO controls the following pins
175 AT91C_BASE_PIOA->PIO_PER =
176 GPIO_FPGA_NINIT |
177 GPIO_FPGA_DONE;
178 // Enable pull-ups
179 AT91C_BASE_PIOA->PIO_PPUER =
180 GPIO_FPGA_NINIT |
181 GPIO_FPGA_DONE;
182
183 // setup initial logic state
184 HIGH(GPIO_FPGA_NPROGRAM);
185 LOW(GPIO_FPGA_CCLK);
186 LOW(GPIO_FPGA_DIN);
187 // These pins are outputs
188 AT91C_BASE_PIOA->PIO_OER =
189 GPIO_FPGA_NPROGRAM |
190 GPIO_FPGA_CCLK |
191 GPIO_FPGA_DIN;
192
193 // enter FPGA configuration mode
194 LOW(GPIO_FPGA_NPROGRAM);
195 SpinDelay(50);
196 HIGH(GPIO_FPGA_NPROGRAM);
197
198 i=100000;
199 // wait for FPGA ready to accept data signal
200 while ((i) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_NINIT ) ) ) {
201 i--;
202 }
203
204 // crude error indicator, leave both red LEDs on and return
205 if (i==0){
206 LED_C_ON();
207 LED_D_ON();
208 return;
209 }
210
211 if(bytereversal) {
f7e3ed82 212 /* This is only supported for uint32_t aligned images */
213 if( ((int)FpgaImage % sizeof(uint32_t)) == 0 ) {
15c4dc5a 214 i=0;
215 while(FpgaImageLen-->0)
216 DownloadFPGA_byte(FpgaImage[(i++)^0x3]);
e30c654b 217 /* Explanation of the magic in the above line:
15c4dc5a 218 * i^0x3 inverts the lower two bits of the integer i, counting backwards
219 * for each 4 byte increment. The generated sequence of (i++)^3 is
e30c654b 220 * 3 2 1 0 7 6 5 4 11 10 9 8 15 14 13 12 etc. pp.
15c4dc5a 221 */
222 }
223 } else {
224 while(FpgaImageLen-->0)
225 DownloadFPGA_byte(*FpgaImage++);
226 }
227
228 // continue to clock FPGA until ready signal goes high
229 i=100000;
230 while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) {
231 HIGH(GPIO_FPGA_CCLK);
232 LOW(GPIO_FPGA_CCLK);
233 }
234 // crude error indicator, leave both red LEDs on and return
235 if (i==0){
236 LED_C_ON();
237 LED_D_ON();
238 return;
239 }
240 LED_D_OFF();
241}
242
243static char *bitparse_headers_start;
244static char *bitparse_bitstream_end;
245static int bitparse_initialized;
246/* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence
247 * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01
248 * After that the format is 1 byte section type (ASCII character), 2 byte length
249 * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes
250 * length.
251 */
252static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};
253static int bitparse_init(void * start_address, void *end_address)
254{
255 bitparse_initialized = 0;
e30c654b 256
15c4dc5a 257 if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) {
258 return 0; /* Not matched */
259 } else {
260 bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header);
261 bitparse_bitstream_end= (char*)end_address;
262 bitparse_initialized = 1;
263 return 1;
264 }
265}
266
267int bitparse_find_section(char section_name, char **section_start, unsigned int *section_length)
268{
269 char *pos = bitparse_headers_start;
270 int result = 0;
271
272 if(!bitparse_initialized) return 0;
273
274 while(pos < bitparse_bitstream_end) {
275 char current_name = *pos++;
276 unsigned int current_length = 0;
277 if(current_name < 'a' || current_name > 'e') {
278 /* Strange section name, abort */
279 break;
280 }
281 current_length = 0;
282 switch(current_name) {
283 case 'e':
284 /* Four byte length field */
285 current_length += (*pos++) << 24;
286 current_length += (*pos++) << 16;
287 default: /* Fall through, two byte length field */
288 current_length += (*pos++) << 8;
289 current_length += (*pos++) << 0;
290 }
e30c654b 291
15c4dc5a 292 if(current_name != 'e' && current_length > 255) {
293 /* Maybe a parse error */
294 break;
295 }
e30c654b 296
15c4dc5a 297 if(current_name == section_name) {
298 /* Found it */
299 *section_start = pos;
300 *section_length = current_length;
301 result = 1;
302 break;
303 }
e30c654b 304
15c4dc5a 305 pos += current_length; /* Skip section */
306 }
e30c654b 307
15c4dc5a 308 return result;
309}
310
311//-----------------------------------------------------------------------------
312// Find out which FPGA image format is stored in flash, then call DownloadFPGA
313// with the right parameters to download the image
314//-----------------------------------------------------------------------------
315extern char _binary_fpga_bit_start, _binary_fpga_bit_end;
316void FpgaDownloadAndGo(void)
317{
318 /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start
319 */
320 if(bitparse_init(&_binary_fpga_bit_start, &_binary_fpga_bit_end)) {
321 /* Successfully initialized the .bit parser. Find the 'e' section and
322 * send its contents to the FPGA.
323 */
324 char *bitstream_start;
325 unsigned int bitstream_length;
326 if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) {
327 DownloadFPGA(bitstream_start, bitstream_length, 0);
e30c654b 328
15c4dc5a 329 return; /* All done */
330 }
331 }
e30c654b 332
15c4dc5a 333 /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF
e30c654b 334 * 0xAA995566 at address 0x102000. This is raw bitstream with a size of 336,768 bits
f7e3ed82 335 * = 10,524 uint32_t, stored as uint32_t e.g. little-endian in memory, but each DWORD
15c4dc5a 336 * is still to be transmitted in MSBit first order. Set the invert flag to indicate
337 * that the DownloadFPGA function should invert every 4 byte sequence when doing
338 * the bytewise download.
339 */
f7e3ed82 340 if( *(uint32_t*)0x102000 == 0xFFFFFFFF && *(uint32_t*)0x102004 == 0xAA995566 )
15c4dc5a 341 DownloadFPGA((char*)0x102000, 10524*4, 1);
342}
343
344void FpgaGatherVersion(char *dst, int len)
345{
e30c654b 346 char *fpga_info;
15c4dc5a 347 unsigned int fpga_info_len;
348 dst[0] = 0;
349 if(!bitparse_find_section('e', &fpga_info, &fpga_info_len)) {
350 strncat(dst, "FPGA image: legacy image without version information", len-1);
351 } else {
352 strncat(dst, "FPGA image built", len-1);
353 /* USB packets only have 48 bytes data payload, so be terse */
354#if 0
355 if(bitparse_find_section('a', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
356 strncat(dst, " from ", len-1);
357 strncat(dst, fpga_info, len-1);
358 }
359 if(bitparse_find_section('b', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
360 strncat(dst, " for ", len-1);
361 strncat(dst, fpga_info, len-1);
362 }
363#endif
364 if(bitparse_find_section('c', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
365 strncat(dst, " on ", len-1);
366 strncat(dst, fpga_info, len-1);
367 }
368 if(bitparse_find_section('d', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
369 strncat(dst, " at ", len-1);
370 strncat(dst, fpga_info, len-1);
371 }
372 }
373}
374
375//-----------------------------------------------------------------------------
376// Send a 16 bit command/data pair to the FPGA.
377// The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0
378// where C is the 4 bit command and D is the 12 bit data
379//-----------------------------------------------------------------------------
f7e3ed82 380void FpgaSendCommand(uint16_t cmd, uint16_t v)
15c4dc5a 381{
382 SetupSpi(SPI_FPGA_MODE);
383 while ((AT91C_BASE_SPI->SPI_SR & AT91C_SPI_TXEMPTY) == 0); // wait for the transfer to complete
384 AT91C_BASE_SPI->SPI_TDR = AT91C_SPI_LASTXFER | cmd | v; // send the data
385}
386//-----------------------------------------------------------------------------
387// Write the FPGA setup word (that determines what mode the logic is in, read
388// vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to
389// avoid changing this function's occurence everywhere in the source code.
390//-----------------------------------------------------------------------------
f7e3ed82 391void FpgaWriteConfWord(uint8_t v)
15c4dc5a 392{
393 FpgaSendCommand(FPGA_CMD_SET_CONFREG, v);
394}
395
396//-----------------------------------------------------------------------------
397// Set up the CMOS switches that mux the ADC: four switches, independently
398// closable, but should only close one at a time. Not an FPGA thing, but
399// the samples from the ADC always flow through the FPGA.
400//-----------------------------------------------------------------------------
f7e3ed82 401void SetAdcMuxFor(uint32_t whichGpio)
15c4dc5a 402{
403 AT91C_BASE_PIOA->PIO_OER =
404 GPIO_MUXSEL_HIPKD |
405 GPIO_MUXSEL_LOPKD |
406 GPIO_MUXSEL_LORAW |
407 GPIO_MUXSEL_HIRAW;
408
409 AT91C_BASE_PIOA->PIO_PER =
410 GPIO_MUXSEL_HIPKD |
411 GPIO_MUXSEL_LOPKD |
412 GPIO_MUXSEL_LORAW |
413 GPIO_MUXSEL_HIRAW;
414
415 LOW(GPIO_MUXSEL_HIPKD);
416 LOW(GPIO_MUXSEL_HIRAW);
417 LOW(GPIO_MUXSEL_LORAW);
418 LOW(GPIO_MUXSEL_LOPKD);
419
420 HIGH(whichGpio);
421}
Proxmark3 GIT tracking
Impressum, Datenschutz