]> git.zerfleddert.de Git - proxmark3-svn/blame - armsrc/fpgaloader.c
projects / proxmark3-svn / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
More en masse cleanup (whitespace/newlines/headers/etc)
[proxmark3-svn] / armsrc / fpgaloader.c
CommitLineData
15c4dc5a 1//-----------------------------------------------------------------------------
2// Routines to load the FPGA image, and then to configure the FPGA's major
3// mode once it is configured.
4//
5// Jonathan Westhues, April 2006
6//-----------------------------------------------------------------------------
e30c654b 7#include "proxmark3.h"
15c4dc5a 8#include "apps.h"
9
10//-----------------------------------------------------------------------------
11// Set up the Serial Peripheral Interface as master
12// Used to write the FPGA config word
13// May also be used to write to other SPI attached devices like an LCD
14//-----------------------------------------------------------------------------
15void SetupSpi(int mode)
16{
17 // PA10 -> SPI_NCS2 chip select (LCD)
18 // PA11 -> SPI_NCS0 chip select (FPGA)
19 // PA12 -> SPI_MISO Master-In Slave-Out
20 // PA13 -> SPI_MOSI Master-Out Slave-In
21 // PA14 -> SPI_SPCK Serial Clock
22
23 // Disable PIO control of the following pins, allows use by the SPI peripheral
24 AT91C_BASE_PIOA->PIO_PDR =
25 GPIO_NCS0 |
26 GPIO_NCS2 |
27 GPIO_MISO |
28 GPIO_MOSI |
29 GPIO_SPCK;
30
31 AT91C_BASE_PIOA->PIO_ASR =
32 GPIO_NCS0 |
33 GPIO_MISO |
34 GPIO_MOSI |
35 GPIO_SPCK;
36
37 AT91C_BASE_PIOA->PIO_BSR = GPIO_NCS2;
38
39 //enable the SPI Peripheral clock
40 AT91C_BASE_PMC->PMC_PCER = (1<<AT91C_ID_SPI);
41 // Enable SPI
42 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIEN;
43
44 switch (mode) {
45 case SPI_FPGA_MODE:
46 AT91C_BASE_SPI->SPI_MR =
47 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
48 (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)
49 ( 0 << 7) | // Local Loopback Disabled
50 ( 1 << 4) | // Mode Fault Detection disabled
51 ( 0 << 2) | // Chip selects connected directly to peripheral
52 ( 0 << 1) | // Fixed Peripheral Select
53 ( 1 << 0); // Master Mode
54 AT91C_BASE_SPI->SPI_CSR[0] =
55 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
56 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
57 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
58 ( 8 << 4) | // Bits per Transfer (16 bits)
59 ( 0 << 3) | // Chip Select inactive after transfer
60 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
61 ( 0 << 0); // Clock Polarity inactive state is logic 0
62 break;
63 case SPI_LCD_MODE:
64 AT91C_BASE_SPI->SPI_MR =
65 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
66 (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)
67 ( 0 << 7) | // Local Loopback Disabled
68 ( 1 << 4) | // Mode Fault Detection disabled
69 ( 0 << 2) | // Chip selects connected directly to peripheral
70 ( 0 << 1) | // Fixed Peripheral Select
71 ( 1 << 0); // Master Mode
72 AT91C_BASE_SPI->SPI_CSR[2] =
73 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
74 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
75 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
76 ( 1 << 4) | // Bits per Transfer (9 bits)
77 ( 0 << 3) | // Chip Select inactive after transfer
78 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
79 ( 0 << 0); // Clock Polarity inactive state is logic 0
80 break;
81 default: // Disable SPI
82 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIDIS;
83 break;
84 }
85}
86
87//-----------------------------------------------------------------------------
88// Set up the synchronous serial port, with the one set of options that we
89// always use when we are talking to the FPGA. Both RX and TX are enabled.
90//-----------------------------------------------------------------------------
91void FpgaSetupSsc(void)
92{
93 // First configure the GPIOs, and get ourselves a clock.
94 AT91C_BASE_PIOA->PIO_ASR =
95 GPIO_SSC_FRAME |
96 GPIO_SSC_DIN |
97 GPIO_SSC_DOUT |
98 GPIO_SSC_CLK;
99 AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT;
100
101 AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC);
102
103 // Now set up the SSC proper, starting from a known state.
104 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
105
106 // RX clock comes from TX clock, RX starts when TX starts, data changes
107 // on RX clock rising edge, sampled on falling edge
108 AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
109
110 // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync
111 // pulse, no output sync, start on positive-going edge of sync
112 AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) |
113 AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
114
115 // clock comes from TK pin, no clock output, outputs change on falling
116 // edge of TK, start on rising edge of TF
117 AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) |
118 SSC_CLOCK_MODE_START(5);
119
120 // tx framing is the same as the rx framing
121 AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR;
122
123 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN;
124}
125
126//-----------------------------------------------------------------------------
127// Set up DMA to receive samples from the FPGA. We will use the PDC, with
128// a single buffer as a circular buffer (so that we just chain back to
129// ourselves, not to another buffer). The stuff to manipulate those buffers
130// is in apps.h, because it should be inlined, for speed.
131//-----------------------------------------------------------------------------
132void FpgaSetupSscDma(BYTE *buf, int len)
133{
134 AT91C_BASE_PDC_SSC->PDC_RPR = (DWORD)buf;
135 AT91C_BASE_PDC_SSC->PDC_RCR = len;
136 AT91C_BASE_PDC_SSC->PDC_RNPR = (DWORD)buf;
137 AT91C_BASE_PDC_SSC->PDC_RNCR = len;
138 AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;
139}
140
141static void DownloadFPGA_byte(unsigned char w)
142{
143#define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }
144 SEND_BIT(7);
145 SEND_BIT(6);
146 SEND_BIT(5);
147 SEND_BIT(4);
148 SEND_BIT(3);
149 SEND_BIT(2);
150 SEND_BIT(1);
151 SEND_BIT(0);
152}
153
154// Download the fpga image starting at FpgaImage and with length FpgaImageLen bytes
155// If bytereversal is set: reverse the byte order in each 4-byte word
156static void DownloadFPGA(const char *FpgaImage, int FpgaImageLen, int bytereversal)
157{
158 int i=0;
159
160 AT91C_BASE_PIOA->PIO_OER = GPIO_FPGA_ON;
161 AT91C_BASE_PIOA->PIO_PER = GPIO_FPGA_ON;
162 HIGH(GPIO_FPGA_ON); // ensure everything is powered on
163
164 SpinDelay(50);
165
166 LED_D_ON();
167
168 // These pins are inputs
169 AT91C_BASE_PIOA->PIO_ODR =
170 GPIO_FPGA_NINIT |
171 GPIO_FPGA_DONE;
172 // PIO controls the following pins
173 AT91C_BASE_PIOA->PIO_PER =
174 GPIO_FPGA_NINIT |
175 GPIO_FPGA_DONE;
176 // Enable pull-ups
177 AT91C_BASE_PIOA->PIO_PPUER =
178 GPIO_FPGA_NINIT |
179 GPIO_FPGA_DONE;
180
181 // setup initial logic state
182 HIGH(GPIO_FPGA_NPROGRAM);
183 LOW(GPIO_FPGA_CCLK);
184 LOW(GPIO_FPGA_DIN);
185 // These pins are outputs
186 AT91C_BASE_PIOA->PIO_OER =
187 GPIO_FPGA_NPROGRAM |
188 GPIO_FPGA_CCLK |
189 GPIO_FPGA_DIN;
190
191 // enter FPGA configuration mode
192 LOW(GPIO_FPGA_NPROGRAM);
193 SpinDelay(50);
194 HIGH(GPIO_FPGA_NPROGRAM);
195
196 i=100000;
197 // wait for FPGA ready to accept data signal
198 while ((i) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_NINIT ) ) ) {
199 i--;
200 }
201
202 // crude error indicator, leave both red LEDs on and return
203 if (i==0){
204 LED_C_ON();
205 LED_D_ON();
206 return;
207 }
208
209 if(bytereversal) {
210 /* This is only supported for DWORD aligned images */
211 if( ((int)FpgaImage % sizeof(DWORD)) == 0 ) {
212 i=0;
213 while(FpgaImageLen-->0)
214 DownloadFPGA_byte(FpgaImage[(i++)^0x3]);
e30c654b 215 /* Explanation of the magic in the above line:
15c4dc5a 216 * i^0x3 inverts the lower two bits of the integer i, counting backwards
217 * for each 4 byte increment. The generated sequence of (i++)^3 is
e30c654b 218 * 3 2 1 0 7 6 5 4 11 10 9 8 15 14 13 12 etc. pp.
15c4dc5a 219 */
220 }
221 } else {
222 while(FpgaImageLen-->0)
223 DownloadFPGA_byte(*FpgaImage++);
224 }
225
226 // continue to clock FPGA until ready signal goes high
227 i=100000;
228 while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) {
229 HIGH(GPIO_FPGA_CCLK);
230 LOW(GPIO_FPGA_CCLK);
231 }
232 // crude error indicator, leave both red LEDs on and return
233 if (i==0){
234 LED_C_ON();
235 LED_D_ON();
236 return;
237 }
238 LED_D_OFF();
239}
240
241static char *bitparse_headers_start;
242static char *bitparse_bitstream_end;
243static int bitparse_initialized;
244/* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence
245 * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01
246 * After that the format is 1 byte section type (ASCII character), 2 byte length
247 * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes
248 * length.
249 */
250static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};
251static int bitparse_init(void * start_address, void *end_address)
252{
253 bitparse_initialized = 0;
e30c654b 254
15c4dc5a 255 if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) {
256 return 0; /* Not matched */
257 } else {
258 bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header);
259 bitparse_bitstream_end= (char*)end_address;
260 bitparse_initialized = 1;
261 return 1;
262 }
263}
264
265int bitparse_find_section(char section_name, char **section_start, unsigned int *section_length)
266{
267 char *pos = bitparse_headers_start;
268 int result = 0;
269
270 if(!bitparse_initialized) return 0;
271
272 while(pos < bitparse_bitstream_end) {
273 char current_name = *pos++;
274 unsigned int current_length = 0;
275 if(current_name < 'a' || current_name > 'e') {
276 /* Strange section name, abort */
277 break;
278 }
279 current_length = 0;
280 switch(current_name) {
281 case 'e':
282 /* Four byte length field */
283 current_length += (*pos++) << 24;
284 current_length += (*pos++) << 16;
285 default: /* Fall through, two byte length field */
286 current_length += (*pos++) << 8;
287 current_length += (*pos++) << 0;
288 }
e30c654b 289
15c4dc5a 290 if(current_name != 'e' && current_length > 255) {
291 /* Maybe a parse error */
292 break;
293 }
e30c654b 294
15c4dc5a 295 if(current_name == section_name) {
296 /* Found it */
297 *section_start = pos;
298 *section_length = current_length;
299 result = 1;
300 break;
301 }
e30c654b 302
15c4dc5a 303 pos += current_length; /* Skip section */
304 }
e30c654b 305
15c4dc5a 306 return result;
307}
308
309//-----------------------------------------------------------------------------
310// Find out which FPGA image format is stored in flash, then call DownloadFPGA
311// with the right parameters to download the image
312//-----------------------------------------------------------------------------
313extern char _binary_fpga_bit_start, _binary_fpga_bit_end;
314void FpgaDownloadAndGo(void)
315{
316 /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start
317 */
318 if(bitparse_init(&_binary_fpga_bit_start, &_binary_fpga_bit_end)) {
319 /* Successfully initialized the .bit parser. Find the 'e' section and
320 * send its contents to the FPGA.
321 */
322 char *bitstream_start;
323 unsigned int bitstream_length;
324 if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) {
325 DownloadFPGA(bitstream_start, bitstream_length, 0);
e30c654b 326
15c4dc5a 327 return; /* All done */
328 }
329 }
e30c654b 330
15c4dc5a 331 /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF
e30c654b 332 * 0xAA995566 at address 0x102000. This is raw bitstream with a size of 336,768 bits
15c4dc5a 333 * = 10,524 DWORDs, stored as DWORDS e.g. little-endian in memory, but each DWORD
334 * is still to be transmitted in MSBit first order. Set the invert flag to indicate
335 * that the DownloadFPGA function should invert every 4 byte sequence when doing
336 * the bytewise download.
337 */
338 if( *(DWORD*)0x102000 == 0xFFFFFFFF && *(DWORD*)0x102004 == 0xAA995566 )
339 DownloadFPGA((char*)0x102000, 10524*4, 1);
340}
341
342void FpgaGatherVersion(char *dst, int len)
343{
e30c654b 344 char *fpga_info;
15c4dc5a 345 unsigned int fpga_info_len;
346 dst[0] = 0;
347 if(!bitparse_find_section('e', &fpga_info, &fpga_info_len)) {
348 strncat(dst, "FPGA image: legacy image without version information", len-1);
349 } else {
350 strncat(dst, "FPGA image built", len-1);
351 /* USB packets only have 48 bytes data payload, so be terse */
352#if 0
353 if(bitparse_find_section('a', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
354 strncat(dst, " from ", len-1);
355 strncat(dst, fpga_info, len-1);
356 }
357 if(bitparse_find_section('b', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
358 strncat(dst, " for ", len-1);
359 strncat(dst, fpga_info, len-1);
360 }
361#endif
362 if(bitparse_find_section('c', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
363 strncat(dst, " on ", len-1);
364 strncat(dst, fpga_info, len-1);
365 }
366 if(bitparse_find_section('d', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
367 strncat(dst, " at ", len-1);
368 strncat(dst, fpga_info, len-1);
369 }
370 }
371}
372
373//-----------------------------------------------------------------------------
374// Send a 16 bit command/data pair to the FPGA.
375// The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0
376// where C is the 4 bit command and D is the 12 bit data
377//-----------------------------------------------------------------------------
378void FpgaSendCommand(WORD cmd, WORD v)
379{
380 SetupSpi(SPI_FPGA_MODE);
381 while ((AT91C_BASE_SPI->SPI_SR & AT91C_SPI_TXEMPTY) == 0); // wait for the transfer to complete
382 AT91C_BASE_SPI->SPI_TDR = AT91C_SPI_LASTXFER | cmd | v; // send the data
383}
384//-----------------------------------------------------------------------------
385// Write the FPGA setup word (that determines what mode the logic is in, read
386// vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to
387// avoid changing this function's occurence everywhere in the source code.
388//-----------------------------------------------------------------------------
389void FpgaWriteConfWord(BYTE v)
390{
391 FpgaSendCommand(FPGA_CMD_SET_CONFREG, v);
392}
393
394//-----------------------------------------------------------------------------
395// Set up the CMOS switches that mux the ADC: four switches, independently
396// closable, but should only close one at a time. Not an FPGA thing, but
397// the samples from the ADC always flow through the FPGA.
398//-----------------------------------------------------------------------------
399void SetAdcMuxFor(DWORD whichGpio)
400{
401 AT91C_BASE_PIOA->PIO_OER =
402 GPIO_MUXSEL_HIPKD |
403 GPIO_MUXSEL_LOPKD |
404 GPIO_MUXSEL_LORAW |
405 GPIO_MUXSEL_HIRAW;
406
407 AT91C_BASE_PIOA->PIO_PER =
408 GPIO_MUXSEL_HIPKD |
409 GPIO_MUXSEL_LOPKD |
410 GPIO_MUXSEL_LORAW |
411 GPIO_MUXSEL_HIRAW;
412
413 LOW(GPIO_MUXSEL_HIPKD);
414 LOW(GPIO_MUXSEL_HIRAW);
415 LOW(GPIO_MUXSEL_LORAW);
416 LOW(GPIO_MUXSEL_LOPKD);
417
418 HIGH(whichGpio);
419}
Proxmark3 GIT tracking
Impressum, Datenschutz