]> git.zerfleddert.de Git - proxmark3-svn/blob - armsrc/fpgaloader.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Clean up data types, some header cleanup, etc.
[proxmark3-svn] / armsrc / fpgaloader.c
1 //-----------------------------------------------------------------------------
2 // Routines to load the FPGA image, and then to configure the FPGA's major
3 // mode once it is configured.
4 //
5 // Jonathan Westhues, April 2006
6 //-----------------------------------------------------------------------------
7 #include "proxmark3.h"
8 #include "apps.h"
9 #include "util.h"
10
11 //-----------------------------------------------------------------------------
12 // Set up the Serial Peripheral Interface as master
13 // Used to write the FPGA config word
14 // May also be used to write to other SPI attached devices like an LCD
15 //-----------------------------------------------------------------------------
16 void SetupSpi(int mode)
17 {
18 // PA10 -> SPI_NCS2 chip select (LCD)
19 // PA11 -> SPI_NCS0 chip select (FPGA)
20 // PA12 -> SPI_MISO Master-In Slave-Out
21 // PA13 -> SPI_MOSI Master-Out Slave-In
22 // PA14 -> SPI_SPCK Serial Clock
23
24 // Disable PIO control of the following pins, allows use by the SPI peripheral
25 AT91C_BASE_PIOA->PIO_PDR =
26 GPIO_NCS0 |
27 GPIO_NCS2 |
28 GPIO_MISO |
29 GPIO_MOSI |
30 GPIO_SPCK;
31
32 AT91C_BASE_PIOA->PIO_ASR =
33 GPIO_NCS0 |
34 GPIO_MISO |
35 GPIO_MOSI |
36 GPIO_SPCK;
37
38 AT91C_BASE_PIOA->PIO_BSR = GPIO_NCS2;
39
40 //enable the SPI Peripheral clock
41 AT91C_BASE_PMC->PMC_PCER = (1<<AT91C_ID_SPI);
42 // Enable SPI
43 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIEN;
44
45 switch (mode) {
46 case SPI_FPGA_MODE:
47 AT91C_BASE_SPI->SPI_MR =
48 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
49 (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)
50 ( 0 << 7) | // Local Loopback Disabled
51 ( 1 << 4) | // Mode Fault Detection disabled
52 ( 0 << 2) | // Chip selects connected directly to peripheral
53 ( 0 << 1) | // Fixed Peripheral Select
54 ( 1 << 0); // Master Mode
55 AT91C_BASE_SPI->SPI_CSR[0] =
56 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
57 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
58 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
59 ( 8 << 4) | // Bits per Transfer (16 bits)
60 ( 0 << 3) | // Chip Select inactive after transfer
61 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
62 ( 0 << 0); // Clock Polarity inactive state is logic 0
63 break;
64 case SPI_LCD_MODE:
65 AT91C_BASE_SPI->SPI_MR =
66 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
67 (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)
68 ( 0 << 7) | // Local Loopback Disabled
69 ( 1 << 4) | // Mode Fault Detection disabled
70 ( 0 << 2) | // Chip selects connected directly to peripheral
71 ( 0 << 1) | // Fixed Peripheral Select
72 ( 1 << 0); // Master Mode
73 AT91C_BASE_SPI->SPI_CSR[2] =
74 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
75 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
76 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
77 ( 1 << 4) | // Bits per Transfer (9 bits)
78 ( 0 << 3) | // Chip Select inactive after transfer
79 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
80 ( 0 << 0); // Clock Polarity inactive state is logic 0
81 break;
82 default: // Disable SPI
83 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIDIS;
84 break;
85 }
86 }
87
88 //-----------------------------------------------------------------------------
89 // Set up the synchronous serial port, with the one set of options that we
90 // always use when we are talking to the FPGA. Both RX and TX are enabled.
91 //-----------------------------------------------------------------------------
92 void FpgaSetupSsc(void)
93 {
94 // First configure the GPIOs, and get ourselves a clock.
95 AT91C_BASE_PIOA->PIO_ASR =
96 GPIO_SSC_FRAME |
97 GPIO_SSC_DIN |
98 GPIO_SSC_DOUT |
99 GPIO_SSC_CLK;
100 AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT;
101
102 AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC);
103
104 // Now set up the SSC proper, starting from a known state.
105 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
106
107 // RX clock comes from TX clock, RX starts when TX starts, data changes
108 // on RX clock rising edge, sampled on falling edge
109 AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
110
111 // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync
112 // pulse, no output sync, start on positive-going edge of sync
113 AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) |
114 AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
115
116 // clock comes from TK pin, no clock output, outputs change on falling
117 // edge of TK, start on rising edge of TF
118 AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) |
119 SSC_CLOCK_MODE_START(5);
120
121 // tx framing is the same as the rx framing
122 AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR;
123
124 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN;
125 }
126
127 //-----------------------------------------------------------------------------
128 // Set up DMA to receive samples from the FPGA. We will use the PDC, with
129 // a single buffer as a circular buffer (so that we just chain back to
130 // ourselves, not to another buffer). The stuff to manipulate those buffers
131 // is in apps.h, because it should be inlined, for speed.
132 //-----------------------------------------------------------------------------
133 void FpgaSetupSscDma(uint8_t *buf, int len)
134 {
135 AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) buf;
136 AT91C_BASE_PDC_SSC->PDC_RCR = len;
137 AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) buf;
138 AT91C_BASE_PDC_SSC->PDC_RNCR = len;
139 AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;
140 }
141
142 static void DownloadFPGA_byte(unsigned char w)
143 {
144 #define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }
145 SEND_BIT(7);
146 SEND_BIT(6);
147 SEND_BIT(5);
148 SEND_BIT(4);
149 SEND_BIT(3);
150 SEND_BIT(2);
151 SEND_BIT(1);
152 SEND_BIT(0);
153 }
154
155 // Download the fpga image starting at FpgaImage and with length FpgaImageLen bytes
156 // If bytereversal is set: reverse the byte order in each 4-byte word
157 static void DownloadFPGA(const char *FpgaImage, int FpgaImageLen, int bytereversal)
158 {
159 int i=0;
160
161 AT91C_BASE_PIOA->PIO_OER = GPIO_FPGA_ON;
162 AT91C_BASE_PIOA->PIO_PER = GPIO_FPGA_ON;
163 HIGH(GPIO_FPGA_ON); // ensure everything is powered on
164
165 SpinDelay(50);
166
167 LED_D_ON();
168
169 // These pins are inputs
170 AT91C_BASE_PIOA->PIO_ODR =
171 GPIO_FPGA_NINIT |
172 GPIO_FPGA_DONE;
173 // PIO controls the following pins
174 AT91C_BASE_PIOA->PIO_PER =
175 GPIO_FPGA_NINIT |
176 GPIO_FPGA_DONE;
177 // Enable pull-ups
178 AT91C_BASE_PIOA->PIO_PPUER =
179 GPIO_FPGA_NINIT |
180 GPIO_FPGA_DONE;
181
182 // setup initial logic state
183 HIGH(GPIO_FPGA_NPROGRAM);
184 LOW(GPIO_FPGA_CCLK);
185 LOW(GPIO_FPGA_DIN);
186 // These pins are outputs
187 AT91C_BASE_PIOA->PIO_OER =
188 GPIO_FPGA_NPROGRAM |
189 GPIO_FPGA_CCLK |
190 GPIO_FPGA_DIN;
191
192 // enter FPGA configuration mode
193 LOW(GPIO_FPGA_NPROGRAM);
194 SpinDelay(50);
195 HIGH(GPIO_FPGA_NPROGRAM);
196
197 i=100000;
198 // wait for FPGA ready to accept data signal
199 while ((i) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_NINIT ) ) ) {
200 i--;
201 }
202
203 // crude error indicator, leave both red LEDs on and return
204 if (i==0){
205 LED_C_ON();
206 LED_D_ON();
207 return;
208 }
209
210 if(bytereversal) {
211 /* This is only supported for uint32_t aligned images */
212 if( ((int)FpgaImage % sizeof(uint32_t)) == 0 ) {
213 i=0;
214 while(FpgaImageLen-->0)
215 DownloadFPGA_byte(FpgaImage[(i++)^0x3]);
216 /* Explanation of the magic in the above line:
217 * i^0x3 inverts the lower two bits of the integer i, counting backwards
218 * for each 4 byte increment. The generated sequence of (i++)^3 is
219 * 3 2 1 0 7 6 5 4 11 10 9 8 15 14 13 12 etc. pp.
220 */
221 }
222 } else {
223 while(FpgaImageLen-->0)
224 DownloadFPGA_byte(*FpgaImage++);
225 }
226
227 // continue to clock FPGA until ready signal goes high
228 i=100000;
229 while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) {
230 HIGH(GPIO_FPGA_CCLK);
231 LOW(GPIO_FPGA_CCLK);
232 }
233 // crude error indicator, leave both red LEDs on and return
234 if (i==0){
235 LED_C_ON();
236 LED_D_ON();
237 return;
238 }
239 LED_D_OFF();
240 }
241
242 static char *bitparse_headers_start;
243 static char *bitparse_bitstream_end;
244 static int bitparse_initialized;
245 /* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence
246 * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01
247 * After that the format is 1 byte section type (ASCII character), 2 byte length
248 * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes
249 * length.
250 */
251 static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};
252 static int bitparse_init(void * start_address, void *end_address)
253 {
254 bitparse_initialized = 0;
255
256 if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) {
257 return 0; /* Not matched */
258 } else {
259 bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header);
260 bitparse_bitstream_end= (char*)end_address;
261 bitparse_initialized = 1;
262 return 1;
263 }
264 }
265
266 int bitparse_find_section(char section_name, char **section_start, unsigned int *section_length)
267 {
268 char *pos = bitparse_headers_start;
269 int result = 0;
270
271 if(!bitparse_initialized) return 0;
272
273 while(pos < bitparse_bitstream_end) {
274 char current_name = *pos++;
275 unsigned int current_length = 0;
276 if(current_name < 'a' || current_name > 'e') {
277 /* Strange section name, abort */
278 break;
279 }
280 current_length = 0;
281 switch(current_name) {
282 case 'e':
283 /* Four byte length field */
284 current_length += (*pos++) << 24;
285 current_length += (*pos++) << 16;
286 default: /* Fall through, two byte length field */
287 current_length += (*pos++) << 8;
288 current_length += (*pos++) << 0;
289 }
290
291 if(current_name != 'e' && current_length > 255) {
292 /* Maybe a parse error */
293 break;
294 }
295
296 if(current_name == section_name) {
297 /* Found it */
298 *section_start = pos;
299 *section_length = current_length;
300 result = 1;
301 break;
302 }
303
304 pos += current_length; /* Skip section */
305 }
306
307 return result;
308 }
309
310 //-----------------------------------------------------------------------------
311 // Find out which FPGA image format is stored in flash, then call DownloadFPGA
312 // with the right parameters to download the image
313 //-----------------------------------------------------------------------------
314 extern char _binary_fpga_bit_start, _binary_fpga_bit_end;
315 void FpgaDownloadAndGo(void)
316 {
317 /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start
318 */
319 if(bitparse_init(&_binary_fpga_bit_start, &_binary_fpga_bit_end)) {
320 /* Successfully initialized the .bit parser. Find the 'e' section and
321 * send its contents to the FPGA.
322 */
323 char *bitstream_start;
324 unsigned int bitstream_length;
325 if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) {
326 DownloadFPGA(bitstream_start, bitstream_length, 0);
327
328 return; /* All done */
329 }
330 }
331
332 /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF
333 * 0xAA995566 at address 0x102000. This is raw bitstream with a size of 336,768 bits
334 * = 10,524 uint32_t, stored as uint32_t e.g. little-endian in memory, but each DWORD
335 * is still to be transmitted in MSBit first order. Set the invert flag to indicate
336 * that the DownloadFPGA function should invert every 4 byte sequence when doing
337 * the bytewise download.
338 */
339 if( *(uint32_t*)0x102000 == 0xFFFFFFFF && *(uint32_t*)0x102004 == 0xAA995566 )
340 DownloadFPGA((char*)0x102000, 10524*4, 1);
341 }
342
343 void FpgaGatherVersion(char *dst, int len)
344 {
345 char *fpga_info;
346 unsigned int fpga_info_len;
347 dst[0] = 0;
348 if(!bitparse_find_section('e', &fpga_info, &fpga_info_len)) {
349 strncat(dst, "FPGA image: legacy image without version information", len-1);
350 } else {
351 strncat(dst, "FPGA image built", len-1);
352 /* USB packets only have 48 bytes data payload, so be terse */
353 #if 0
354 if(bitparse_find_section('a', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
355 strncat(dst, " from ", len-1);
356 strncat(dst, fpga_info, len-1);
357 }
358 if(bitparse_find_section('b', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
359 strncat(dst, " for ", len-1);
360 strncat(dst, fpga_info, len-1);
361 }
362 #endif
363 if(bitparse_find_section('c', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
364 strncat(dst, " on ", len-1);
365 strncat(dst, fpga_info, len-1);
366 }
367 if(bitparse_find_section('d', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
368 strncat(dst, " at ", len-1);
369 strncat(dst, fpga_info, len-1);
370 }
371 }
372 }
373
374 //-----------------------------------------------------------------------------
375 // Send a 16 bit command/data pair to the FPGA.
376 // The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0
377 // where C is the 4 bit command and D is the 12 bit data
378 //-----------------------------------------------------------------------------
379 void FpgaSendCommand(uint16_t cmd, uint16_t v)
380 {
381 SetupSpi(SPI_FPGA_MODE);
382 while ((AT91C_BASE_SPI->SPI_SR & AT91C_SPI_TXEMPTY) == 0); // wait for the transfer to complete
383 AT91C_BASE_SPI->SPI_TDR = AT91C_SPI_LASTXFER | cmd | v; // send the data
384 }
385 //-----------------------------------------------------------------------------
386 // Write the FPGA setup word (that determines what mode the logic is in, read
387 // vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to
388 // avoid changing this function's occurence everywhere in the source code.
389 //-----------------------------------------------------------------------------
390 void FpgaWriteConfWord(uint8_t v)
391 {
392 FpgaSendCommand(FPGA_CMD_SET_CONFREG, v);
393 }
394
395 //-----------------------------------------------------------------------------
396 // Set up the CMOS switches that mux the ADC: four switches, independently
397 // closable, but should only close one at a time. Not an FPGA thing, but
398 // the samples from the ADC always flow through the FPGA.
399 //-----------------------------------------------------------------------------
400 void SetAdcMuxFor(uint32_t whichGpio)
401 {
402 AT91C_BASE_PIOA->PIO_OER =
403 GPIO_MUXSEL_HIPKD |
404 GPIO_MUXSEL_LOPKD |
405 GPIO_MUXSEL_LORAW |
406 GPIO_MUXSEL_HIRAW;
407
408 AT91C_BASE_PIOA->PIO_PER =
409 GPIO_MUXSEL_HIPKD |
410 GPIO_MUXSEL_LOPKD |
411 GPIO_MUXSEL_LORAW |
412 GPIO_MUXSEL_HIRAW;
413
414 LOW(GPIO_MUXSEL_HIPKD);
415 LOW(GPIO_MUXSEL_HIRAW);
416 LOW(GPIO_MUXSEL_LORAW);
417 LOW(GPIO_MUXSEL_LOPKD);
418
419 HIGH(whichGpio);
420 }
Proxmark3 GIT tracking
Impressum, Datenschutz