-//-----------------------------------------------------------------------------\r
-// Routines to load the FPGA image, and then to configure the FPGA's major\r
-// mode once it is configured.\r
-//\r
-// Jonathan Westhues, April 2006\r
-//-----------------------------------------------------------------------------\r
-#include <proxmark3.h>\r
-#include "apps.h"\r
-\r
-//-----------------------------------------------------------------------------\r
-// Set up the Serial Peripheral Interface as master\r
-// Used to write the FPGA config word\r
-// May also be used to write to other SPI attached devices like an LCD\r
-//-----------------------------------------------------------------------------\r
-void SetupSpi(int mode)\r
-{\r
- // PA10 -> SPI_NCS2 chip select (LCD)\r
- // PA11 -> SPI_NCS0 chip select (FPGA)\r
- // PA12 -> SPI_MISO Master-In Slave-Out\r
- // PA13 -> SPI_MOSI Master-Out Slave-In\r
- // PA14 -> SPI_SPCK Serial Clock\r
-\r
- // Disable PIO control of the following pins, allows use by the SPI peripheral\r
- PIO_DISABLE = (1 << GPIO_NCS0) |\r
- (1 << GPIO_NCS2) |\r
- (1 << GPIO_MISO) |\r
- (1 << GPIO_MOSI) |\r
- (1 << GPIO_SPCK);\r
-\r
- PIO_PERIPHERAL_A_SEL = (1 << GPIO_NCS0) |\r
- (1 << GPIO_MISO) |\r
- (1 << GPIO_MOSI) |\r
- (1 << GPIO_SPCK);\r
-\r
- PIO_PERIPHERAL_B_SEL = (1 << GPIO_NCS2);\r
-\r
- //enable the SPI Peripheral clock\r
- PMC_PERIPHERAL_CLK_ENABLE = (1<<PERIPH_SPI);\r
- // Enable SPI\r
- SPI_CONTROL = SPI_CONTROL_ENABLE;\r
-\r
- switch (mode) {\r
- case SPI_FPGA_MODE:\r
- SPI_MODE =\r
- ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)\r
- (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)\r
- ( 0 << 7) | // Local Loopback Disabled\r
- ( 1 << 4) | // Mode Fault Detection disabled\r
- ( 0 << 2) | // Chip selects connected directly to peripheral\r
- ( 0 << 1) | // Fixed Peripheral Select\r
- ( 1 << 0); // Master Mode\r
- SPI_FOR_CHIPSEL_0 =\r
- ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)\r
- ( 1 << 16) | // Delay Before SPCK (1 MCK period)\r
- ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud\r
- ( 8 << 4) | // Bits per Transfer (16 bits)\r
- ( 0 << 3) | // Chip Select inactive after transfer\r
- ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge\r
- ( 0 << 0); // Clock Polarity inactive state is logic 0\r
- break;\r
- case SPI_LCD_MODE:\r
- SPI_MODE =\r
- ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)\r
- (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)\r
- ( 0 << 7) | // Local Loopback Disabled\r
- ( 1 << 4) | // Mode Fault Detection disabled\r
- ( 0 << 2) | // Chip selects connected directly to peripheral\r
- ( 0 << 1) | // Fixed Peripheral Select\r
- ( 1 << 0); // Master Mode\r
- SPI_FOR_CHIPSEL_2 =\r
- ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)\r
- ( 1 << 16) | // Delay Before SPCK (1 MCK period)\r
- ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud\r
- ( 1 << 4) | // Bits per Transfer (9 bits)\r
- ( 0 << 3) | // Chip Select inactive after transfer\r
- ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge\r
- ( 0 << 0); // Clock Polarity inactive state is logic 0\r
- break;\r
- default: // Disable SPI\r
- SPI_CONTROL = SPI_CONTROL_DISABLE;\r
- break;\r
- }\r
-}\r
-\r
-//-----------------------------------------------------------------------------\r
-// Set up the synchronous serial port, with the one set of options that we\r
-// always use when we are talking to the FPGA. Both RX and TX are enabled.\r
-//-----------------------------------------------------------------------------\r
-void FpgaSetupSsc(void)\r
-{\r
- // First configure the GPIOs, and get ourselves a clock.\r
- PIO_PERIPHERAL_A_SEL = (1 << GPIO_SSC_FRAME) |\r
- (1 << GPIO_SSC_DIN) |\r
- (1 << GPIO_SSC_DOUT) |\r
- (1 << GPIO_SSC_CLK);\r
- PIO_DISABLE = (1 << GPIO_SSC_DOUT);\r
-\r
- PMC_PERIPHERAL_CLK_ENABLE = (1 << PERIPH_SSC);\r
-\r
- // Now set up the SSC proper, starting from a known state.\r
- SSC_CONTROL = SSC_CONTROL_RESET;\r
-\r
- // RX clock comes from TX clock, RX starts when TX starts, data changes\r
- // on RX clock rising edge, sampled on falling edge\r
- SSC_RECEIVE_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);\r
-\r
- // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync\r
- // pulse, no output sync, start on positive-going edge of sync\r
- SSC_RECEIVE_FRAME_MODE = SSC_FRAME_MODE_BITS_IN_WORD(8) |\r
- SSC_FRAME_MODE_MSB_FIRST | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);\r
-\r
- // clock comes from TK pin, no clock output, outputs change on falling\r
- // edge of TK, start on rising edge of TF\r
- SSC_TRANSMIT_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(2) |\r
- SSC_CLOCK_MODE_START(5);\r
-\r
- // tx framing is the same as the rx framing\r
- SSC_TRANSMIT_FRAME_MODE = SSC_RECEIVE_FRAME_MODE;\r
-\r
- SSC_CONTROL = SSC_CONTROL_RX_ENABLE | SSC_CONTROL_TX_ENABLE;\r
-}\r
-\r
-//-----------------------------------------------------------------------------\r
-// Set up DMA to receive samples from the FPGA. We will use the PDC, with\r
-// a single buffer as a circular buffer (so that we just chain back to\r
-// ourselves, not to another buffer). The stuff to manipulate those buffers\r
-// is in apps.h, because it should be inlined, for speed.\r
-//-----------------------------------------------------------------------------\r
-void FpgaSetupSscDma(BYTE *buf, int len)\r
-{\r
- PDC_RX_POINTER(SSC_BASE) = (DWORD)buf;\r
- PDC_RX_COUNTER(SSC_BASE) = len;\r
- PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD)buf;\r
- PDC_RX_NEXT_COUNTER(SSC_BASE) = len;\r
- PDC_CONTROL(SSC_BASE) = PDC_RX_ENABLE;\r
-}\r
-\r
-static void DownloadFPGA_byte(unsigned char w)\r
-{\r
-#define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }\r
- SEND_BIT(7);\r
- SEND_BIT(6);\r
- SEND_BIT(5);\r
- SEND_BIT(4);\r
- SEND_BIT(3);\r
- SEND_BIT(2);\r
- SEND_BIT(1);\r
- SEND_BIT(0);\r
-}\r
-\r
-// Download the fpga image starting at FpgaImage and with length FpgaImageLen bytes\r
-// If bytereversal is set: reverse the byte order in each 4-byte word\r
-static void DownloadFPGA(const char *FpgaImage, int FpgaImageLen, int bytereversal)\r
-{\r
- int i;\r
-\r
- PIO_OUTPUT_ENABLE = (1 << GPIO_FPGA_ON);\r
- PIO_ENABLE = (1 << GPIO_FPGA_ON);\r
- PIO_OUTPUT_DATA_SET = (1 << GPIO_FPGA_ON);\r
-\r
- SpinDelay(50);\r
-\r
- LED_D_ON();\r
-\r
- HIGH(GPIO_FPGA_NPROGRAM);\r
- LOW(GPIO_FPGA_CCLK);\r
- LOW(GPIO_FPGA_DIN);\r
- PIO_OUTPUT_ENABLE = (1 << GPIO_FPGA_NPROGRAM) |\r
- (1 << GPIO_FPGA_CCLK) |\r
- (1 << GPIO_FPGA_DIN);\r
- SpinDelay(1);\r
-\r
- LOW(GPIO_FPGA_NPROGRAM);\r
- SpinDelay(50);\r
- HIGH(GPIO_FPGA_NPROGRAM);\r
-\r
- if(bytereversal) {\r
- /* This is only supported for DWORD aligned images */\r
- if( ((int)FpgaImage % sizeof(DWORD)) == 0 ) {\r
- i=0;\r
- while(FpgaImageLen-->0)\r
- DownloadFPGA_byte(FpgaImage[(i++)^0x3]);\r
- /* Explanation of the magic in the above line: \r
- * i^0x3 inverts the lower two bits of the integer i, counting backwards\r
- * for each 4 byte increment. The generated sequence of (i++)^3 is\r
- * 3 2 1 0 7 6 5 4 11 10 9 8 15 14 13 12 etc. pp.
- */\r
- }\r
- } else {\r
- while(FpgaImageLen-->0)\r
- DownloadFPGA_byte(*FpgaImage++);\r
- }\r
-\r
- LED_D_OFF();\r
-}\r
-\r
-static char *bitparse_headers_start;\r
-static char *bitparse_bitstream_end;\r
-static int bitparse_initialized;\r
-/* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence\r
- * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01\r
- * After that the format is 1 byte section type (ASCII character), 2 byte length\r
- * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes\r
+//-----------------------------------------------------------------------------
+// Jonathan Westhues, April 2006
+// iZsh <izsh at fail0verflow.com>, 2014
+//
+// This code is licensed to you under the terms of the GNU GPL, version 2 or,
+// at your option, any later version. See the LICENSE.txt file for the text of
+// the license.
+//-----------------------------------------------------------------------------
+// Routines to load the FPGA image, and then to configure the FPGA's major
+// mode once it is configured.
+//-----------------------------------------------------------------------------
+#include "proxmark3.h"
+#include "apps.h"
+#include "util.h"
+#include "string.h"
+
+//-----------------------------------------------------------------------------
+// Set up the Serial Peripheral Interface as master
+// Used to write the FPGA config word
+// May also be used to write to other SPI attached devices like an LCD
+//-----------------------------------------------------------------------------
+void SetupSpi(int mode)
+{
+ // PA10 -> SPI_NCS2 chip select (LCD)
+ // PA11 -> SPI_NCS0 chip select (FPGA)
+ // PA12 -> SPI_MISO Master-In Slave-Out
+ // PA13 -> SPI_MOSI Master-Out Slave-In
+ // PA14 -> SPI_SPCK Serial Clock
+
+ // Disable PIO control of the following pins, allows use by the SPI peripheral
+ AT91C_BASE_PIOA->PIO_PDR =
+ GPIO_NCS0 |
+ GPIO_NCS2 |
+ GPIO_MISO |
+ GPIO_MOSI |
+ GPIO_SPCK;
+
+ AT91C_BASE_PIOA->PIO_ASR =
+ GPIO_NCS0 |
+ GPIO_MISO |
+ GPIO_MOSI |
+ GPIO_SPCK;
+
+ AT91C_BASE_PIOA->PIO_BSR = GPIO_NCS2;
+
+ //enable the SPI Peripheral clock
+ AT91C_BASE_PMC->PMC_PCER = (1<<AT91C_ID_SPI);
+ // Enable SPI
+ AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIEN;
+
+ switch (mode) {
+ case SPI_FPGA_MODE:
+ AT91C_BASE_SPI->SPI_MR =
+ ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
+ (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)
+ ( 0 << 7) | // Local Loopback Disabled
+ ( 1 << 4) | // Mode Fault Detection disabled
+ ( 0 << 2) | // Chip selects connected directly to peripheral
+ ( 0 << 1) | // Fixed Peripheral Select
+ ( 1 << 0); // Master Mode
+ AT91C_BASE_SPI->SPI_CSR[0] =
+ ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
+ ( 1 << 16) | // Delay Before SPCK (1 MCK period)
+ ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
+ ( 8 << 4) | // Bits per Transfer (16 bits)
+ ( 0 << 3) | // Chip Select inactive after transfer
+ ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
+ ( 0 << 0); // Clock Polarity inactive state is logic 0
+ break;
+ case SPI_LCD_MODE:
+ AT91C_BASE_SPI->SPI_MR =
+ ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
+ (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)
+ ( 0 << 7) | // Local Loopback Disabled
+ ( 1 << 4) | // Mode Fault Detection disabled
+ ( 0 << 2) | // Chip selects connected directly to peripheral
+ ( 0 << 1) | // Fixed Peripheral Select
+ ( 1 << 0); // Master Mode
+ AT91C_BASE_SPI->SPI_CSR[2] =
+ ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
+ ( 1 << 16) | // Delay Before SPCK (1 MCK period)
+ ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
+ ( 1 << 4) | // Bits per Transfer (9 bits)
+ ( 0 << 3) | // Chip Select inactive after transfer
+ ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
+ ( 0 << 0); // Clock Polarity inactive state is logic 0
+ break;
+ default: // Disable SPI
+ AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIDIS;
+ break;
+ }
+}
+
+//-----------------------------------------------------------------------------
+// Set up the synchronous serial port, with the one set of options that we
+// always use when we are talking to the FPGA. Both RX and TX are enabled.
+//-----------------------------------------------------------------------------
+void FpgaSetupSsc(void)
+{
+ // First configure the GPIOs, and get ourselves a clock.
+ AT91C_BASE_PIOA->PIO_ASR =
+ GPIO_SSC_FRAME |
+ GPIO_SSC_DIN |
+ GPIO_SSC_DOUT |
+ GPIO_SSC_CLK;
+ AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT;
+
+ AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC);
+
+ // Now set up the SSC proper, starting from a known state.
+ AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
+
+ // RX clock comes from TX clock, RX starts when TX starts, data changes
+ // on RX clock rising edge, sampled on falling edge
+ AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
+
+ // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync
+ // pulse, no output sync
+ AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
+
+ // clock comes from TK pin, no clock output, outputs change on falling
+ // edge of TK, sample on rising edge of TK, start on positive-going edge of sync
+ AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) | SSC_CLOCK_MODE_START(5);
+
+ // tx framing is the same as the rx framing
+ AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR;
+
+ AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN;
+}
+
+//-----------------------------------------------------------------------------
+// Set up DMA to receive samples from the FPGA. We will use the PDC, with
+// a single buffer as a circular buffer (so that we just chain back to
+// ourselves, not to another buffer). The stuff to manipulate those buffers
+// is in apps.h, because it should be inlined, for speed.
+//-----------------------------------------------------------------------------
+bool FpgaSetupSscDma(uint8_t *buf, int len)
+{
+ if (buf == NULL) {
+ return false;
+ }
+
+ AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; // Disable DMA Transfer
+ AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) buf; // transfer to this memory address
+ AT91C_BASE_PDC_SSC->PDC_RCR = len; // transfer this many bytes
+ AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) buf; // next transfer to same memory address
+ AT91C_BASE_PDC_SSC->PDC_RNCR = len; // ... with same number of bytes
+ AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; // go!
+
+ return true;
+}
+
+static void DownloadFPGA_byte(unsigned char w)
+{
+#define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }
+ SEND_BIT(7);
+ SEND_BIT(6);
+ SEND_BIT(5);
+ SEND_BIT(4);
+ SEND_BIT(3);
+ SEND_BIT(2);
+ SEND_BIT(1);
+ SEND_BIT(0);
+}
+
+// Download the fpga image starting at FpgaImage and with length FpgaImageLen bytes
+// If bytereversal is set: reverse the byte order in each 4-byte word
+static void DownloadFPGA(const char *FpgaImage, int FpgaImageLen, int bytereversal)
+{
+ int i=0;
+
+ AT91C_BASE_PIOA->PIO_OER = GPIO_FPGA_ON;
+ AT91C_BASE_PIOA->PIO_PER = GPIO_FPGA_ON;
+ HIGH(GPIO_FPGA_ON); // ensure everything is powered on
+
+ SpinDelay(50);
+
+ LED_D_ON();
+
+ // These pins are inputs
+ AT91C_BASE_PIOA->PIO_ODR =
+ GPIO_FPGA_NINIT |
+ GPIO_FPGA_DONE;
+ // PIO controls the following pins
+ AT91C_BASE_PIOA->PIO_PER =
+ GPIO_FPGA_NINIT |
+ GPIO_FPGA_DONE;
+ // Enable pull-ups
+ AT91C_BASE_PIOA->PIO_PPUER =
+ GPIO_FPGA_NINIT |
+ GPIO_FPGA_DONE;
+
+ // setup initial logic state
+ HIGH(GPIO_FPGA_NPROGRAM);
+ LOW(GPIO_FPGA_CCLK);
+ LOW(GPIO_FPGA_DIN);
+ // These pins are outputs
+ AT91C_BASE_PIOA->PIO_OER =
+ GPIO_FPGA_NPROGRAM |
+ GPIO_FPGA_CCLK |
+ GPIO_FPGA_DIN;
+
+ // enter FPGA configuration mode
+ LOW(GPIO_FPGA_NPROGRAM);
+ SpinDelay(50);
+ HIGH(GPIO_FPGA_NPROGRAM);
+
+ i=100000;
+ // wait for FPGA ready to accept data signal
+ while ((i) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_NINIT ) ) ) {
+ i--;
+ }
+
+ // crude error indicator, leave both red LEDs on and return
+ if (i==0){
+ LED_C_ON();
+ LED_D_ON();
+ return;
+ }
+
+ if(bytereversal) {
+ /* This is only supported for uint32_t aligned images */
+ if( ((int)FpgaImage % sizeof(uint32_t)) == 0 ) {
+ i=0;
+ while(FpgaImageLen-->0)
+ DownloadFPGA_byte(FpgaImage[(i++)^0x3]);
+ /* Explanation of the magic in the above line:
+ * i^0x3 inverts the lower two bits of the integer i, counting backwards
+ * for each 4 byte increment. The generated sequence of (i++)^3 is
+ * 3 2 1 0 7 6 5 4 11 10 9 8 15 14 13 12 etc. pp.
+ */
+ }
+ } else {
+ while(FpgaImageLen-->0)
+ DownloadFPGA_byte(*FpgaImage++);
+ }
+
+ // continue to clock FPGA until ready signal goes high
+ i=100000;
+ while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) {
+ HIGH(GPIO_FPGA_CCLK);
+ LOW(GPIO_FPGA_CCLK);
+ }
+ // crude error indicator, leave both red LEDs on and return
+ if (i==0){
+ LED_C_ON();
+ LED_D_ON();
+ return;
+ }
+ LED_D_OFF();
+}
+
+static char *bitparse_headers_start;
+static char *bitparse_bitstream_end;
+static int bitparse_initialized = 0;
+/* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence
+ * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01
+ * After that the format is 1 byte section type (ASCII character), 2 byte length
+ * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes