]> git.zerfleddert.de Git - proxmark3-svn/blob - armsrc/fpgaloader.c
projects / proxmark3-svn / blob
? search:


be0d87d61bc1633cb431690d3a3c3383ffe904d6
[proxmark3-svn] / armsrc / fpgaloader.c
1 //-----------------------------------------------------------------------------
2 // Jonathan Westhues, April 2006
3 // iZsh <izsh at fail0verflow.com>, 2014
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // Routines to load the FPGA image, and then to configure the FPGA's major
10 // mode once it is configured.
11 //-----------------------------------------------------------------------------
12
13 #include <stdint.h>
14 #include <stddef.h>
15 #include <stdbool.h>
16 #include "fpgaloader.h"
17 #include "proxmark3.h"
18 #include "util.h"
19 #include "string.h"
20 #include "BigBuf.h"
21 #include "zlib.h"
22
23 extern void Dbprintf(const char *fmt, ...);
24
25 // remember which version of the bitstream we have already downloaded to the FPGA
26 static int downloaded_bitstream = FPGA_BITSTREAM_ERR;
27
28 // this is where the bitstreams are located in memory:
29 extern uint8_t _binary_fpga_lf_bit_start, _binary_fpga_lf_bit_end;
30 extern uint8_t _binary_fpga_hf_bit_start, _binary_fpga_hf_bit_end;
31 static uint8_t *fpga_image_ptr = NULL;
32
33 static const uint8_t _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};
34 #define FPGA_BITSTREAM_FIXED_HEADER_SIZE sizeof(_bitparse_fixed_header)
35 #define OUTPUT_BUFFER_LEN 80
36
37 //-----------------------------------------------------------------------------
38 // Set up the Serial Peripheral Interface as master
39 // Used to write the FPGA config word
40 // May also be used to write to other SPI attached devices like an LCD
41 //-----------------------------------------------------------------------------
42 void SetupSpi(int mode)
43 {
44 // PA10 -> SPI_NCS2 chip select (LCD)
45 // PA11 -> SPI_NCS0 chip select (FPGA)
46 // PA12 -> SPI_MISO Master-In Slave-Out
47 // PA13 -> SPI_MOSI Master-Out Slave-In
48 // PA14 -> SPI_SPCK Serial Clock
49
50 // Disable PIO control of the following pins, allows use by the SPI peripheral
51 AT91C_BASE_PIOA->PIO_PDR =
52 GPIO_NCS0 |
53 GPIO_NCS2 |
54 GPIO_MISO |
55 GPIO_MOSI |
56 GPIO_SPCK;
57
58 AT91C_BASE_PIOA->PIO_ASR =
59 GPIO_NCS0 |
60 GPIO_MISO |
61 GPIO_MOSI |
62 GPIO_SPCK;
63
64 AT91C_BASE_PIOA->PIO_BSR = GPIO_NCS2;
65
66 //enable the SPI Peripheral clock
67 AT91C_BASE_PMC->PMC_PCER = (1<<AT91C_ID_SPI);
68 // Enable SPI
69 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIEN;
70
71 switch (mode) {
72 case SPI_FPGA_MODE:
73 AT91C_BASE_SPI->SPI_MR =
74 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
75 (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)
76 ( 0 << 7) | // Local Loopback Disabled
77 ( 1 << 4) | // Mode Fault Detection disabled
78 ( 0 << 2) | // Chip selects connected directly to peripheral
79 ( 0 << 1) | // Fixed Peripheral Select
80 ( 1 << 0); // Master Mode
81 AT91C_BASE_SPI->SPI_CSR[0] =
82 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
83 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
84 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
85 ( 8 << 4) | // Bits per Transfer (16 bits)
86 ( 0 << 3) | // Chip Select inactive after transfer
87 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
88 ( 0 << 0); // Clock Polarity inactive state is logic 0
89 break;
90 case SPI_LCD_MODE:
91 AT91C_BASE_SPI->SPI_MR =
92 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
93 (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)
94 ( 0 << 7) | // Local Loopback Disabled
95 ( 1 << 4) | // Mode Fault Detection disabled
96 ( 0 << 2) | // Chip selects connected directly to peripheral
97 ( 0 << 1) | // Fixed Peripheral Select
98 ( 1 << 0); // Master Mode
99 AT91C_BASE_SPI->SPI_CSR[2] =
100 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
101 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
102 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
103 ( 1 << 4) | // Bits per Transfer (9 bits)
104 ( 0 << 3) | // Chip Select inactive after transfer
105 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
106 ( 0 << 0); // Clock Polarity inactive state is logic 0
107 break;
108 default: // Disable SPI
109 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIDIS;
110 break;
111 }
112 }
113
114 //-----------------------------------------------------------------------------
115 // Set up the synchronous serial port, with the one set of options that we
116 // always use when we are talking to the FPGA. Both RX and TX are enabled.
117 //-----------------------------------------------------------------------------
118 void FpgaSetupSsc(void)
119 {
120 // First configure the GPIOs, and get ourselves a clock.
121 AT91C_BASE_PIOA->PIO_ASR =
122 GPIO_SSC_FRAME |
123 GPIO_SSC_DIN |
124 GPIO_SSC_DOUT |
125 GPIO_SSC_CLK;
126 AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT;
127
128 AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC);
129
130 // Now set up the SSC proper, starting from a known state.
131 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
132
133 // RX clock comes from TX clock, RX starts when TX starts, data changes
134 // on RX clock rising edge, sampled on falling edge
135 AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
136
137 // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync
138 // pulse, no output sync
139 AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
140
141 // clock comes from TK pin, no clock output, outputs change on falling
142 // edge of TK, sample on rising edge of TK, start on positive-going edge of sync
143 AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) | SSC_CLOCK_MODE_START(5);
144
145 // tx framing is the same as the rx framing
146 AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR;
147
148 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN;
149 }
150
151 //-----------------------------------------------------------------------------
152 // Set up DMA to receive samples from the FPGA. We will use the PDC, with
153 // a single buffer as a circular buffer (so that we just chain back to
154 // ourselves, not to another buffer). The stuff to manipulate those buffers
155 // is in apps.h, because it should be inlined, for speed.
156 //-----------------------------------------------------------------------------
157 bool FpgaSetupSscDma(uint8_t *buf, int len)
158 {
159 if (buf == NULL) {
160 return false;
161 }
162
163 AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; // Disable DMA Transfer
164 AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) buf; // transfer to this memory address
165 AT91C_BASE_PDC_SSC->PDC_RCR = len; // transfer this many bytes
166 AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) buf; // next transfer to same memory address
167 AT91C_BASE_PDC_SSC->PDC_RNCR = len; // ... with same number of bytes
168 AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; // go!
169
170 return true;
171 }
172
173
174 static int get_from_fpga_stream(z_streamp compressed_fpga_stream, uint8_t *output_buffer)
175 {
176 if (fpga_image_ptr == compressed_fpga_stream->next_out) { // need more data
177 compressed_fpga_stream->next_out = output_buffer;
178 compressed_fpga_stream->avail_out = OUTPUT_BUFFER_LEN;
179 fpga_image_ptr = output_buffer;
180 int res = inflate(compressed_fpga_stream, Z_SYNC_FLUSH);
181 if (res != Z_OK) {
182 Dbprintf("inflate returned: %d, %s", res, compressed_fpga_stream->msg);
183 }
184 if (res < 0) {
185 return res;
186 }
187 }
188
189 return *fpga_image_ptr++;
190 }
191
192
193 static voidpf fpga_inflate_malloc(voidpf opaque, uInt items, uInt size)
194 {
195 Dbprintf("zlib requested %d bytes", items*size);
196 return BigBuf_malloc(items*size);
197 }
198
199
200 static void fpga_inflate_free(voidpf opaque, voidpf address)
201 {
202 Dbprintf("zlib frees memory");
203 BigBuf_free_keep_EM();
204 }
205
206
207 static bool reset_fpga_stream(int bitstream_version, z_streamp compressed_fpga_stream, uint8_t *output_buffer)
208 {
209 uint8_t header[FPGA_BITSTREAM_FIXED_HEADER_SIZE];
210 uint8_t *fpga_image_start;
211 uint32_t fpga_image_size;
212
213 if (bitstream_version == FPGA_BITSTREAM_LF) {
214 fpga_image_start = &_binary_fpga_lf_bit_start;
215 fpga_image_size = (uint32_t)&_binary_fpga_lf_bit_end - (uint32_t)&_binary_fpga_lf_bit_start;
216 } else if (bitstream_version == FPGA_BITSTREAM_HF) {
217 fpga_image_start = &_binary_fpga_hf_bit_start;
218 fpga_image_size = (uint32_t)&_binary_fpga_hf_bit_end - (uint32_t)&_binary_fpga_hf_bit_start;
219 } else {
220 return false;
221 }
222
223 // initialize z_stream structure for inflate:
224 compressed_fpga_stream->next_in = fpga_image_start;
225 compressed_fpga_stream->avail_in = fpga_image_size;
226 compressed_fpga_stream->next_out = output_buffer;
227 compressed_fpga_stream->avail_out = OUTPUT_BUFFER_LEN;
228 compressed_fpga_stream->zalloc = &fpga_inflate_malloc;
229 compressed_fpga_stream->zfree = &fpga_inflate_free;
230
231 // initialize inflate with WindowBits=15 and to automatically detect header:
232 inflateInit2(compressed_fpga_stream, 15+32);
233
234 fpga_image_ptr = output_buffer;
235
236 for (uint16_t i = 0; i < FPGA_BITSTREAM_FIXED_HEADER_SIZE; i++) {
237 header[i] = get_from_fpga_stream(compressed_fpga_stream, output_buffer);
238 }
239
240 // Check for a valid .bit file (starts with _bitparse_fixed_header)
241 if(memcmp(_bitparse_fixed_header, header, FPGA_BITSTREAM_FIXED_HEADER_SIZE) == 0) {
242 return true;
243 } else {
244 return false;
245 }
246 }
247
248
249 static void DownloadFPGA_byte(unsigned char w)
250 {
251 #define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }
252 SEND_BIT(7);
253 SEND_BIT(6);
254 SEND_BIT(5);
255 SEND_BIT(4);
256 SEND_BIT(3);
257 SEND_BIT(2);
258 SEND_BIT(1);
259 SEND_BIT(0);
260 }
261
262 // Download the fpga image starting at current stream position with length FpgaImageLen bytes
263 static void DownloadFPGA(int FpgaImageLen, z_streamp compressed_fpga_stream, uint8_t *output_buffer)
264 {
265
266 Dbprintf("DownloadFPGA(len: %d)", FpgaImageLen);
267
268 int i=0;
269
270 AT91C_BASE_PIOA->PIO_OER = GPIO_FPGA_ON;
271 AT91C_BASE_PIOA->PIO_PER = GPIO_FPGA_ON;
272 HIGH(GPIO_FPGA_ON); // ensure everything is powered on
273
274 SpinDelay(50);
275
276 LED_D_ON();
277
278 // These pins are inputs
279 AT91C_BASE_PIOA->PIO_ODR =
280 GPIO_FPGA_NINIT |
281 GPIO_FPGA_DONE;
282 // PIO controls the following pins
283 AT91C_BASE_PIOA->PIO_PER =
284 GPIO_FPGA_NINIT |
285 GPIO_FPGA_DONE;
286 // Enable pull-ups
287 AT91C_BASE_PIOA->PIO_PPUER =
288 GPIO_FPGA_NINIT |
289 GPIO_FPGA_DONE;
290
291 // setup initial logic state
292 HIGH(GPIO_FPGA_NPROGRAM);
293 LOW(GPIO_FPGA_CCLK);
294 LOW(GPIO_FPGA_DIN);
295 // These pins are outputs
296 AT91C_BASE_PIOA->PIO_OER =
297 GPIO_FPGA_NPROGRAM |
298 GPIO_FPGA_CCLK |
299 GPIO_FPGA_DIN;
300
301 // enter FPGA configuration mode
302 LOW(GPIO_FPGA_NPROGRAM);
303 SpinDelay(50);
304 HIGH(GPIO_FPGA_NPROGRAM);
305
306 i=100000;
307 // wait for FPGA ready to accept data signal
308 while ((i) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_NINIT ) ) ) {
309 i--;
310 }
311
312 // crude error indicator, leave both red LEDs on and return
313 if (i==0){
314 LED_C_ON();
315 LED_D_ON();
316 return;
317 }
318
319 for(i = 0; i < FpgaImageLen; i++) {
320 int b = get_from_fpga_stream(compressed_fpga_stream, output_buffer);
321 if (b < 0) {
322 Dbprintf("Error %d during FpgaDownload", b);
323 break;
324 }
325 DownloadFPGA_byte(b);
326 }
327
328 Dbprintf("%d bytes loaded into FPGA", i);
329
330 // continue to clock FPGA until ready signal goes high
331 i=100000;
332 while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) {
333 HIGH(GPIO_FPGA_CCLK);
334 LOW(GPIO_FPGA_CCLK);
335 }
336 // crude error indicator, leave both red LEDs on and return
337 if (i==0){
338 LED_C_ON();
339 LED_D_ON();
340 return;
341 }
342 LED_D_OFF();
343 }
344
345
346 /* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence
347 * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01
348 * After that the format is 1 byte section type (ASCII character), 2 byte length
349 * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes
350 * length.
351 */
352 static int bitparse_find_section(char section_name, unsigned int *section_length, z_streamp compressed_fpga_stream, uint8_t *output_buffer)
353 {
354 int result = 0;
355 #define MAX_FPGA_BIT_STREAM_HEADER_SEARCH 100 // maximum number of bytes to search for the requested section
356 uint16_t numbytes = 0;
357 while(numbytes < MAX_FPGA_BIT_STREAM_HEADER_SEARCH) {
358 char current_name = get_from_fpga_stream(compressed_fpga_stream, output_buffer);
359 numbytes++;
360 unsigned int current_length = 0;
361 if(current_name < 'a' || current_name > 'e') {
362 /* Strange section name, abort */
363 break;
364 }
365 current_length = 0;
366 switch(current_name) {
367 case 'e':
368 /* Four byte length field */
369 current_length += get_from_fpga_stream(compressed_fpga_stream, output_buffer) << 24;
370 current_length += get_from_fpga_stream(compressed_fpga_stream, output_buffer) << 16;
371 numbytes += 2;
372 default: /* Fall through, two byte length field */
373 current_length += get_from_fpga_stream(compressed_fpga_stream, output_buffer) << 8;
374 current_length += get_from_fpga_stream(compressed_fpga_stream, output_buffer) << 0;
375 numbytes += 2;
376 }
377
378 if(current_name != 'e' && current_length > 255) {
379 /* Maybe a parse error */
380 break;
381 }
382
383 if(current_name == section_name) {
384 /* Found it */
385 *section_length = current_length;
386 result = 1;
387 break;
388 }
389
390 for (uint16_t i = 0; i < current_length && numbytes < MAX_FPGA_BIT_STREAM_HEADER_SEARCH; i++) {
391 get_from_fpga_stream(compressed_fpga_stream, output_buffer);
392 numbytes++;
393 }
394 }
395
396 return result;
397 }
398
399
400 //-----------------------------------------------------------------------------
401 // Find out which FPGA image format is stored in flash, then call DownloadFPGA
402 // with the right parameters to download the image
403 //-----------------------------------------------------------------------------
404 void FpgaDownloadAndGo(int bitstream_version)
405 {
406 z_stream compressed_fpga_stream;
407 uint8_t output_buffer[OUTPUT_BUFFER_LEN];
408
409 // check whether or not the bitstream is already loaded
410 if (downloaded_bitstream == bitstream_version)
411 return;
412
413 if (!reset_fpga_stream(bitstream_version, &compressed_fpga_stream, output_buffer)) {
414 return;
415 }
416
417 unsigned int bitstream_length;
418 if(bitparse_find_section('e', &bitstream_length, &compressed_fpga_stream, output_buffer)) {
419 DownloadFPGA(bitstream_length, &compressed_fpga_stream, output_buffer);
420 downloaded_bitstream = bitstream_version;
421 }
422
423 inflateEnd(&compressed_fpga_stream);
424
425 }
426
427
428 void FpgaGatherVersion(int bitstream_version, char *dst, int len)
429 {
430 unsigned int fpga_info_len;
431 char tempstr[40];
432 z_stream compressed_fpga_stream;
433 uint8_t output_buffer[OUTPUT_BUFFER_LEN];
434
435 dst[0] = '\0';
436
437 if (!reset_fpga_stream(bitstream_version, &compressed_fpga_stream, output_buffer)) {
438 return;
439 }
440
441 if(bitparse_find_section('a', &fpga_info_len, &compressed_fpga_stream, output_buffer)) {
442 for (uint16_t i = 0; i < fpga_info_len; i++) {
443 char c = (char)get_from_fpga_stream(&compressed_fpga_stream, output_buffer);
444 if (i < sizeof(tempstr)) {
445 tempstr[i] = c;
446 }
447 }
448 if (!memcmp("fpga_lf", tempstr, 7))
449 strncat(dst, "LF ", len-1);
450 else if (!memcmp("fpga_hf", tempstr, 7))
451 strncat(dst, "HF ", len-1);
452 }
453 strncat(dst, "FPGA image built", len-1);
454 if(bitparse_find_section('b', &fpga_info_len, &compressed_fpga_stream, output_buffer)) {
455 strncat(dst, " for ", len-1);
456 for (uint16_t i = 0; i < fpga_info_len; i++) {
457 char c = (char)get_from_fpga_stream(&compressed_fpga_stream, output_buffer);
458 if (i < sizeof(tempstr)) {
459 tempstr[i] = c;
460 }
461 }
462 strncat(dst, tempstr, len-1);
463 }
464 if(bitparse_find_section('c', &fpga_info_len, &compressed_fpga_stream, output_buffer)) {
465 strncat(dst, " on ", len-1);
466 for (uint16_t i = 0; i < fpga_info_len; i++) {
467 char c = (char)get_from_fpga_stream(&compressed_fpga_stream, output_buffer);
468 if (i < sizeof(tempstr)) {
469 tempstr[i] = c;
470 }
471 }
472 strncat(dst, tempstr, len-1);
473 }
474 if(bitparse_find_section('d', &fpga_info_len, &compressed_fpga_stream, output_buffer)) {
475 strncat(dst, " at ", len-1);
476 for (uint16_t i = 0; i < fpga_info_len; i++) {
477 char c = (char)get_from_fpga_stream(&compressed_fpga_stream, output_buffer);
478 if (i < sizeof(tempstr)) {
479 tempstr[i] = c;
480 }
481 }
482 strncat(dst, tempstr, len-1);
483 }
484
485 inflateEnd(&compressed_fpga_stream);
486
487 }
488
489
490 //-----------------------------------------------------------------------------
491 // Send a 16 bit command/data pair to the FPGA.
492 // The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0
493 // where C is the 4 bit command and D is the 12 bit data
494 //-----------------------------------------------------------------------------
495 void FpgaSendCommand(uint16_t cmd, uint16_t v)
496 {
497 SetupSpi(SPI_FPGA_MODE);
498 while ((AT91C_BASE_SPI->SPI_SR & AT91C_SPI_TXEMPTY) == 0); // wait for the transfer to complete
499 AT91C_BASE_SPI->SPI_TDR = AT91C_SPI_LASTXFER | cmd | v; // send the data
500 }
501 //-----------------------------------------------------------------------------
502 // Write the FPGA setup word (that determines what mode the logic is in, read
503 // vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to
504 // avoid changing this function's occurence everywhere in the source code.
505 //-----------------------------------------------------------------------------
506 void FpgaWriteConfWord(uint8_t v)
507 {
508 FpgaSendCommand(FPGA_CMD_SET_CONFREG, v);
509 }
510
511 //-----------------------------------------------------------------------------
512 // Set up the CMOS switches that mux the ADC: four switches, independently
513 // closable, but should only close one at a time. Not an FPGA thing, but
514 // the samples from the ADC always flow through the FPGA.
515 //-----------------------------------------------------------------------------
516 void SetAdcMuxFor(uint32_t whichGpio)
517 {
518 AT91C_BASE_PIOA->PIO_OER =
519 GPIO_MUXSEL_HIPKD |
520 GPIO_MUXSEL_LOPKD |
521 GPIO_MUXSEL_LORAW |
522 GPIO_MUXSEL_HIRAW;
523
524 AT91C_BASE_PIOA->PIO_PER =
525 GPIO_MUXSEL_HIPKD |
526 GPIO_MUXSEL_LOPKD |
527 GPIO_MUXSEL_LORAW |
528 GPIO_MUXSEL_HIRAW;
529
530 LOW(GPIO_MUXSEL_HIPKD);
531 LOW(GPIO_MUXSEL_HIRAW);
532 LOW(GPIO_MUXSEL_LORAW);
533 LOW(GPIO_MUXSEL_LOPKD);
534
535 HIGH(whichGpio);
536 }
Proxmark3 GIT tracking
Impressum, Datenschutz