]> git.zerfleddert.de Git - proxmark3-svn/blob - armsrc/fpgaloader.c
projects / proxmark3-svn / blob
? search:


50a6521dcd9fda0302c073bfe1fea0704668b0a7
[proxmark3-svn] / armsrc / fpgaloader.c
1 //-----------------------------------------------------------------------------
2 // Routines to load the FPGA image, and then to configure the FPGA's major
3 // mode once it is configured.
4 //
5 // Jonathan Westhues, April 2006
6 //-----------------------------------------------------------------------------
7 #include "proxmark3.h"
8 #include "apps.h"
9 #include "util.h"
10 #include "string.h"
11
12 //-----------------------------------------------------------------------------
13 // Set up the Serial Peripheral Interface as master
14 // Used to write the FPGA config word
15 // May also be used to write to other SPI attached devices like an LCD
16 //-----------------------------------------------------------------------------
17 void SetupSpi(int mode)
18 {
19 // PA10 -> SPI_NCS2 chip select (LCD)
20 // PA11 -> SPI_NCS0 chip select (FPGA)
21 // PA12 -> SPI_MISO Master-In Slave-Out
22 // PA13 -> SPI_MOSI Master-Out Slave-In
23 // PA14 -> SPI_SPCK Serial Clock
24
25 // Disable PIO control of the following pins, allows use by the SPI peripheral
26 AT91C_BASE_PIOA->PIO_PDR =
27 GPIO_NCS0 |
28 GPIO_NCS2 |
29 GPIO_MISO |
30 GPIO_MOSI |
31 GPIO_SPCK;
32
33 AT91C_BASE_PIOA->PIO_ASR =
34 GPIO_NCS0 |
35 GPIO_MISO |
36 GPIO_MOSI |
37 GPIO_SPCK;
38
39 AT91C_BASE_PIOA->PIO_BSR = GPIO_NCS2;
40
41 //enable the SPI Peripheral clock
42 AT91C_BASE_PMC->PMC_PCER = (1<<AT91C_ID_SPI);
43 // Enable SPI
44 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIEN;
45
46 switch (mode) {
47 case SPI_FPGA_MODE:
48 AT91C_BASE_SPI->SPI_MR =
49 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
50 (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)
51 ( 0 << 7) | // Local Loopback Disabled
52 ( 1 << 4) | // Mode Fault Detection disabled
53 ( 0 << 2) | // Chip selects connected directly to peripheral
54 ( 0 << 1) | // Fixed Peripheral Select
55 ( 1 << 0); // Master Mode
56 AT91C_BASE_SPI->SPI_CSR[0] =
57 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
58 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
59 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
60 ( 8 << 4) | // Bits per Transfer (16 bits)
61 ( 0 << 3) | // Chip Select inactive after transfer
62 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
63 ( 0 << 0); // Clock Polarity inactive state is logic 0
64 break;
65 case SPI_LCD_MODE:
66 AT91C_BASE_SPI->SPI_MR =
67 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
68 (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)
69 ( 0 << 7) | // Local Loopback Disabled
70 ( 1 << 4) | // Mode Fault Detection disabled
71 ( 0 << 2) | // Chip selects connected directly to peripheral
72 ( 0 << 1) | // Fixed Peripheral Select
73 ( 1 << 0); // Master Mode
74 AT91C_BASE_SPI->SPI_CSR[2] =
75 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
76 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
77 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
78 ( 1 << 4) | // Bits per Transfer (9 bits)
79 ( 0 << 3) | // Chip Select inactive after transfer
80 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
81 ( 0 << 0); // Clock Polarity inactive state is logic 0
82 break;
83 default: // Disable SPI
84 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIDIS;
85 break;
86 }
87 }
88
89 //-----------------------------------------------------------------------------
90 // Set up the synchronous serial port, with the one set of options that we
91 // always use when we are talking to the FPGA. Both RX and TX are enabled.
92 //-----------------------------------------------------------------------------
93 void FpgaSetupSsc(void)
94 {
95 // First configure the GPIOs, and get ourselves a clock.
96 AT91C_BASE_PIOA->PIO_ASR =
97 GPIO_SSC_FRAME |
98 GPIO_SSC_DIN |
99 GPIO_SSC_DOUT |
100 GPIO_SSC_CLK;
101 AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT;
102
103 AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC);
104
105 // Now set up the SSC proper, starting from a known state.
106 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
107
108 // RX clock comes from TX clock, RX starts when TX starts, data changes
109 // on RX clock rising edge, sampled on falling edge
110 AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
111
112 // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync
113 // pulse, no output sync, start on positive-going edge of sync
114 AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) |
115 AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
116
117 // clock comes from TK pin, no clock output, outputs change on falling
118 // edge of TK, start on rising edge of TF
119 AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) |
120 SSC_CLOCK_MODE_START(5);
121
122 // tx framing is the same as the rx framing
123 AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR;
124
125 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN;
126 }
127
128 //-----------------------------------------------------------------------------
129 // Set up DMA to receive samples from the FPGA. We will use the PDC, with
130 // a single buffer as a circular buffer (so that we just chain back to
131 // ourselves, not to another buffer). The stuff to manipulate those buffers
132 // is in apps.h, because it should be inlined, for speed.
133 //-----------------------------------------------------------------------------
134 void FpgaSetupSscDma(uint8_t *buf, int len)
135 {
136 AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) buf;
137 AT91C_BASE_PDC_SSC->PDC_RCR = len;
138 AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) buf;
139 AT91C_BASE_PDC_SSC->PDC_RNCR = len;
140 AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;
141 }
142
143 static void DownloadFPGA_byte(unsigned char w)
144 {
145 #define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }
146 SEND_BIT(7);
147 SEND_BIT(6);
148 SEND_BIT(5);
149 SEND_BIT(4);
150 SEND_BIT(3);
151 SEND_BIT(2);
152 SEND_BIT(1);
153 SEND_BIT(0);
154 }
155
156 // Download the fpga image starting at FpgaImage and with length FpgaImageLen bytes
157 // If bytereversal is set: reverse the byte order in each 4-byte word
158 static void DownloadFPGA(const char *FpgaImage, int FpgaImageLen, int bytereversal)
159 {
160 int i=0;
161
162 AT91C_BASE_PIOA->PIO_OER = GPIO_FPGA_ON;
163 AT91C_BASE_PIOA->PIO_PER = GPIO_FPGA_ON;
164 HIGH(GPIO_FPGA_ON); // ensure everything is powered on
165
166 SpinDelay(50);
167
168 LED_D_ON();
169
170 // These pins are inputs
171 AT91C_BASE_PIOA->PIO_ODR =
172 GPIO_FPGA_NINIT |
173 GPIO_FPGA_DONE;
174 // PIO controls the following pins
175 AT91C_BASE_PIOA->PIO_PER =
176 GPIO_FPGA_NINIT |
177 GPIO_FPGA_DONE;
178 // Enable pull-ups
179 AT91C_BASE_PIOA->PIO_PPUER =
180 GPIO_FPGA_NINIT |
181 GPIO_FPGA_DONE;
182
183 // setup initial logic state
184 HIGH(GPIO_FPGA_NPROGRAM);
185 LOW(GPIO_FPGA_CCLK);
186 LOW(GPIO_FPGA_DIN);
187 // These pins are outputs
188 AT91C_BASE_PIOA->PIO_OER =
189 GPIO_FPGA_NPROGRAM |
190 GPIO_FPGA_CCLK |
191 GPIO_FPGA_DIN;
192
193 // enter FPGA configuration mode
194 LOW(GPIO_FPGA_NPROGRAM);
195 SpinDelay(50);
196 HIGH(GPIO_FPGA_NPROGRAM);
197
198 i=100000;
199 // wait for FPGA ready to accept data signal
200 while ((i) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_NINIT ) ) ) {
201 i--;
202 }
203
204 // crude error indicator, leave both red LEDs on and return
205 if (i==0){
206 LED_C_ON();
207 LED_D_ON();
208 return;
209 }
210
211 if(bytereversal) {
212 /* This is only supported for uint32_t aligned images */
213 if( ((int)FpgaImage % sizeof(uint32_t)) == 0 ) {
214 i=0;
215 while(FpgaImageLen-->0)
216 DownloadFPGA_byte(FpgaImage[(i++)^0x3]);
217 /* Explanation of the magic in the above line:
218 * i^0x3 inverts the lower two bits of the integer i, counting backwards
219 * for each 4 byte increment. The generated sequence of (i++)^3 is
220 * 3 2 1 0 7 6 5 4 11 10 9 8 15 14 13 12 etc. pp.
221 */
222 }
223 } else {
224 while(FpgaImageLen-->0)
225 DownloadFPGA_byte(*FpgaImage++);
226 }
227
228 // continue to clock FPGA until ready signal goes high
229 i=100000;
230 while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) {
231 HIGH(GPIO_FPGA_CCLK);
232 LOW(GPIO_FPGA_CCLK);
233 }
234 // crude error indicator, leave both red LEDs on and return
235 if (i==0){
236 LED_C_ON();
237 LED_D_ON();
238 return;
239 }
240 LED_D_OFF();
241 }
242
243 static char *bitparse_headers_start;
244 static char *bitparse_bitstream_end;
245 static int bitparse_initialized;
246 /* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence
247 * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01
248 * After that the format is 1 byte section type (ASCII character), 2 byte length
249 * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes
250 * length.
251 */
252 static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};
253 static int bitparse_init(void * start_address, void *end_address)
254 {
255 bitparse_initialized = 0;
256
257 if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) {
258 return 0; /* Not matched */
259 } else {
260 bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header);
261 bitparse_bitstream_end= (char*)end_address;
262 bitparse_initialized = 1;
263 return 1;
264 }
265 }
266
267 int bitparse_find_section(char section_name, char **section_start, unsigned int *section_length)
268 {
269 char *pos = bitparse_headers_start;
270 int result = 0;
271
272 if(!bitparse_initialized) return 0;
273
274 while(pos < bitparse_bitstream_end) {
275 char current_name = *pos++;
276 unsigned int current_length = 0;
277 if(current_name < 'a' || current_name > 'e') {
278 /* Strange section name, abort */
279 break;
280 }
281 current_length = 0;
282 switch(current_name) {
283 case 'e':
284 /* Four byte length field */
285 current_length += (*pos++) << 24;
286 current_length += (*pos++) << 16;
287 default: /* Fall through, two byte length field */
288 current_length += (*pos++) << 8;
289 current_length += (*pos++) << 0;
290 }
291
292 if(current_name != 'e' && current_length > 255) {
293 /* Maybe a parse error */
294 break;
295 }
296
297 if(current_name == section_name) {
298 /* Found it */
299 *section_start = pos;
300 *section_length = current_length;
301 result = 1;
302 break;
303 }
304
305 pos += current_length; /* Skip section */
306 }
307
308 return result;
309 }
310
311 //-----------------------------------------------------------------------------
312 // Find out which FPGA image format is stored in flash, then call DownloadFPGA
313 // with the right parameters to download the image
314 //-----------------------------------------------------------------------------
315 extern char _binary_fpga_bit_start, _binary_fpga_bit_end;
316 void FpgaDownloadAndGo(void)
317 {
318 /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start
319 */
320 if(bitparse_init(&_binary_fpga_bit_start, &_binary_fpga_bit_end)) {
321 /* Successfully initialized the .bit parser. Find the 'e' section and
322 * send its contents to the FPGA.
323 */
324 char *bitstream_start;
325 unsigned int bitstream_length;
326 if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) {
327 DownloadFPGA(bitstream_start, bitstream_length, 0);
328
329 return; /* All done */
330 }
331 }
332
333 /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF
334 * 0xAA995566 at address 0x102000. This is raw bitstream with a size of 336,768 bits
335 * = 10,524 uint32_t, stored as uint32_t e.g. little-endian in memory, but each DWORD
336 * is still to be transmitted in MSBit first order. Set the invert flag to indicate
337 * that the DownloadFPGA function should invert every 4 byte sequence when doing
338 * the bytewise download.
339 */
340 if( *(uint32_t*)0x102000 == 0xFFFFFFFF && *(uint32_t*)0x102004 == 0xAA995566 )
341 DownloadFPGA((char*)0x102000, 10524*4, 1);
342 }
343
344 void FpgaGatherVersion(char *dst, int len)
345 {
346 char *fpga_info;
347 unsigned int fpga_info_len;
348 dst[0] = 0;
349 if(!bitparse_find_section('e', &fpga_info, &fpga_info_len)) {
350 strncat(dst, "FPGA image: legacy image without version information", len-1);
351 } else {
352 strncat(dst, "FPGA image built", len-1);
353 /* USB packets only have 48 bytes data payload, so be terse */
354 #if 0
355 if(bitparse_find_section('a', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
356 strncat(dst, " from ", len-1);
357 strncat(dst, fpga_info, len-1);
358 }
359 if(bitparse_find_section('b', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
360 strncat(dst, " for ", len-1);
361 strncat(dst, fpga_info, len-1);
362 }
363 #endif
364 if(bitparse_find_section('c', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
365 strncat(dst, " on ", len-1);
366 strncat(dst, fpga_info, len-1);
367 }
368 if(bitparse_find_section('d', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
369 strncat(dst, " at ", len-1);
370 strncat(dst, fpga_info, len-1);
371 }
372 }
373 }
374
375 //-----------------------------------------------------------------------------
376 // Send a 16 bit command/data pair to the FPGA.
377 // The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0
378 // where C is the 4 bit command and D is the 12 bit data
379 //-----------------------------------------------------------------------------
380 void FpgaSendCommand(uint16_t cmd, uint16_t v)
381 {
382 SetupSpi(SPI_FPGA_MODE);
383 while ((AT91C_BASE_SPI->SPI_SR & AT91C_SPI_TXEMPTY) == 0); // wait for the transfer to complete
384 AT91C_BASE_SPI->SPI_TDR = AT91C_SPI_LASTXFER | cmd | v; // send the data
385 }
386 //-----------------------------------------------------------------------------
387 // Write the FPGA setup word (that determines what mode the logic is in, read
388 // vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to
389 // avoid changing this function's occurence everywhere in the source code.
390 //-----------------------------------------------------------------------------
391 void FpgaWriteConfWord(uint8_t v)
392 {
393 FpgaSendCommand(FPGA_CMD_SET_CONFREG, v);
394 }
395
396 //-----------------------------------------------------------------------------
397 // Set up the CMOS switches that mux the ADC: four switches, independently
398 // closable, but should only close one at a time. Not an FPGA thing, but
399 // the samples from the ADC always flow through the FPGA.
400 //-----------------------------------------------------------------------------
401 void SetAdcMuxFor(uint32_t whichGpio)
402 {
403 AT91C_BASE_PIOA->PIO_OER =
404 GPIO_MUXSEL_HIPKD |
405 GPIO_MUXSEL_LOPKD |
406 GPIO_MUXSEL_LORAW |
407 GPIO_MUXSEL_HIRAW;
408
409 AT91C_BASE_PIOA->PIO_PER =
410 GPIO_MUXSEL_HIPKD |
411 GPIO_MUXSEL_LOPKD |
412 GPIO_MUXSEL_LORAW |
413 GPIO_MUXSEL_HIRAW;
414
415 LOW(GPIO_MUXSEL_HIPKD);
416 LOW(GPIO_MUXSEL_HIRAW);
417 LOW(GPIO_MUXSEL_LORAW);
418 LOW(GPIO_MUXSEL_LOPKD);
419
420 HIGH(whichGpio);
421 }
Proxmark3 GIT tracking
Impressum, Datenschutz