]> cvs.zerfleddert.de Git - proxmark3-svn/blame - armsrc/fpgaloader.c
Add command and code for bidirectional LF emulation of Hitag2. Should be extended...
[proxmark3-svn] / armsrc / fpgaloader.c
CommitLineData
6658905f 1//-----------------------------------------------------------------------------\r
2// Routines to load the FPGA image, and then to configure the FPGA's major\r
3// mode once it is configured.\r
4//\r
5// Jonathan Westhues, April 2006\r
6//-----------------------------------------------------------------------------\r
7#include <proxmark3.h>\r
8#include "apps.h"\r
9\r
10//-----------------------------------------------------------------------------\r
11// Set up the Serial Peripheral Interface as master\r
12// Used to write the FPGA config word\r
13// May also be used to write to other SPI attached devices like an LCD\r
14//-----------------------------------------------------------------------------\r
15void SetupSpi(int mode)\r
16{\r
17 // PA10 -> SPI_NCS2 chip select (LCD)\r
18 // PA11 -> SPI_NCS0 chip select (FPGA)\r
19 // PA12 -> SPI_MISO Master-In Slave-Out\r
20 // PA13 -> SPI_MOSI Master-Out Slave-In\r
21 // PA14 -> SPI_SPCK Serial Clock\r
22\r
23 // Disable PIO control of the following pins, allows use by the SPI peripheral\r
24 PIO_DISABLE = (1 << GPIO_NCS0) |\r
25 (1 << GPIO_NCS2) |\r
26 (1 << GPIO_MISO) |\r
27 (1 << GPIO_MOSI) |\r
28 (1 << GPIO_SPCK);\r
29\r
30 PIO_PERIPHERAL_A_SEL = (1 << GPIO_NCS0) |\r
31 (1 << GPIO_MISO) |\r
32 (1 << GPIO_MOSI) |\r
33 (1 << GPIO_SPCK);\r
34\r
35 PIO_PERIPHERAL_B_SEL = (1 << GPIO_NCS2);\r
36\r
37 //enable the SPI Peripheral clock\r
38 PMC_PERIPHERAL_CLK_ENABLE = (1<<PERIPH_SPI);\r
39 // Enable SPI\r
40 SPI_CONTROL = SPI_CONTROL_ENABLE;\r
41\r
42 switch (mode) {\r
43 case SPI_FPGA_MODE:\r
44 SPI_MODE =\r
45 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)\r
46 (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)\r
47 ( 0 << 7) | // Local Loopback Disabled\r
48 ( 1 << 4) | // Mode Fault Detection disabled\r
49 ( 0 << 2) | // Chip selects connected directly to peripheral\r
50 ( 0 << 1) | // Fixed Peripheral Select\r
51 ( 1 << 0); // Master Mode\r
52 SPI_FOR_CHIPSEL_0 =\r
53 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)\r
54 ( 1 << 16) | // Delay Before SPCK (1 MCK period)\r
55 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud\r
30f2a7d3 56 ( 8 << 4) | // Bits per Transfer (16 bits)\r
6658905f 57 ( 0 << 3) | // Chip Select inactive after transfer\r
58 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge\r
59 ( 0 << 0); // Clock Polarity inactive state is logic 0\r
60 break;\r
61 case SPI_LCD_MODE:\r
62 SPI_MODE =\r
63 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)\r
64 (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)\r
65 ( 0 << 7) | // Local Loopback Disabled\r
66 ( 1 << 4) | // Mode Fault Detection disabled\r
67 ( 0 << 2) | // Chip selects connected directly to peripheral\r
68 ( 0 << 1) | // Fixed Peripheral Select\r
69 ( 1 << 0); // Master Mode\r
70 SPI_FOR_CHIPSEL_2 =\r
71 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)\r
72 ( 1 << 16) | // Delay Before SPCK (1 MCK period)\r
73 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud\r
74 ( 1 << 4) | // Bits per Transfer (9 bits)\r
75 ( 0 << 3) | // Chip Select inactive after transfer\r
76 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge\r
77 ( 0 << 0); // Clock Polarity inactive state is logic 0\r
78 break;\r
79 default: // Disable SPI\r
80 SPI_CONTROL = SPI_CONTROL_DISABLE;\r
81 break;\r
82 }\r
83}\r
84\r
85//-----------------------------------------------------------------------------\r
86// Set up the synchronous serial port, with the one set of options that we\r
87// always use when we are talking to the FPGA. Both RX and TX are enabled.\r
88//-----------------------------------------------------------------------------\r
89void FpgaSetupSsc(void)\r
90{\r
91 // First configure the GPIOs, and get ourselves a clock.\r
92 PIO_PERIPHERAL_A_SEL = (1 << GPIO_SSC_FRAME) |\r
93 (1 << GPIO_SSC_DIN) |\r
94 (1 << GPIO_SSC_DOUT) |\r
95 (1 << GPIO_SSC_CLK);\r
96 PIO_DISABLE = (1 << GPIO_SSC_DOUT);\r
97\r
98 PMC_PERIPHERAL_CLK_ENABLE = (1 << PERIPH_SSC);\r
99\r
100 // Now set up the SSC proper, starting from a known state.\r
101 SSC_CONTROL = SSC_CONTROL_RESET;\r
102\r
103 // RX clock comes from TX clock, RX starts when TX starts, data changes\r
104 // on RX clock rising edge, sampled on falling edge\r
105 SSC_RECEIVE_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);\r
106\r
107 // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync\r
108 // pulse, no output sync, start on positive-going edge of sync\r
109 SSC_RECEIVE_FRAME_MODE = SSC_FRAME_MODE_BITS_IN_WORD(8) |\r
110 SSC_FRAME_MODE_MSB_FIRST | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);\r
111\r
112 // clock comes from TK pin, no clock output, outputs change on falling\r
113 // edge of TK, start on rising edge of TF\r
114 SSC_TRANSMIT_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(2) |\r
115 SSC_CLOCK_MODE_START(5);\r
116\r
117 // tx framing is the same as the rx framing\r
118 SSC_TRANSMIT_FRAME_MODE = SSC_RECEIVE_FRAME_MODE;\r
119\r
120 SSC_CONTROL = SSC_CONTROL_RX_ENABLE | SSC_CONTROL_TX_ENABLE;\r
121}\r
122\r
123//-----------------------------------------------------------------------------\r
124// Set up DMA to receive samples from the FPGA. We will use the PDC, with\r
125// a single buffer as a circular buffer (so that we just chain back to\r
126// ourselves, not to another buffer). The stuff to manipulate those buffers\r
127// is in apps.h, because it should be inlined, for speed.\r
128//-----------------------------------------------------------------------------\r
129void FpgaSetupSscDma(BYTE *buf, int len)\r
130{\r
131 PDC_RX_POINTER(SSC_BASE) = (DWORD)buf;\r
132 PDC_RX_COUNTER(SSC_BASE) = len;\r
133 PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD)buf;\r
134 PDC_RX_NEXT_COUNTER(SSC_BASE) = len;\r
135 PDC_CONTROL(SSC_BASE) = PDC_RX_ENABLE;\r
136}\r
137\r
e73e7172 138// Download the fpga image starting at FpgaImage and with length FpgaImageLen DWORDs (e.g. 4 bytes)\r
139// If bytereversal is set: reverse the byte order in each 4-byte word\r
140static void DownloadFPGA(const DWORD *FpgaImage, DWORD FpgaImageLen, int bytereversal)\r
6658905f 141{\r
6658905f 142 int i, j;\r
143\r
144 PIO_OUTPUT_ENABLE = (1 << GPIO_FPGA_ON);\r
145 PIO_ENABLE = (1 << GPIO_FPGA_ON);\r
146 PIO_OUTPUT_DATA_SET = (1 << GPIO_FPGA_ON);\r
147\r
148 SpinDelay(50);\r
149\r
150 LED_D_ON();\r
151\r
152 HIGH(GPIO_FPGA_NPROGRAM);\r
153 LOW(GPIO_FPGA_CCLK);\r
154 LOW(GPIO_FPGA_DIN);\r
155 PIO_OUTPUT_ENABLE = (1 << GPIO_FPGA_NPROGRAM) |\r
156 (1 << GPIO_FPGA_CCLK) |\r
157 (1 << GPIO_FPGA_DIN);\r
158 SpinDelay(1);\r
159\r
160 LOW(GPIO_FPGA_NPROGRAM);\r
161 SpinDelay(50);\r
162 HIGH(GPIO_FPGA_NPROGRAM);\r
163\r
164 for(i = 0; i < FpgaImageLen; i++) {\r
165 DWORD v = FpgaImage[i];\r
e73e7172 166 unsigned char w;\r
167 for(j = 0; j < 4; j++) {\r
168 if(!bytereversal) \r
169 w = v >>(j*8);\r
170 else\r
171 w = v >>((3-j)*8);\r
172#define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }\r
173 SEND_BIT(7);\r
174 SEND_BIT(6);\r
175 SEND_BIT(5);\r
176 SEND_BIT(4);\r
177 SEND_BIT(3);\r
178 SEND_BIT(2);\r
179 SEND_BIT(1);\r
180 SEND_BIT(0);\r
6658905f 181 }\r
182 }\r
183\r
184 LED_D_OFF();\r
185}\r
186\r
e73e7172 187static char *bitparse_headers_start;\r
188static char *bitparse_bitstream_end;\r
189static int bitparse_initialized;\r
190/* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence\r
191 * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01\r
192 * After that the format is 1 byte section type (ASCII character), 2 byte length\r
193 * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes\r
194 * length.
195 */\r
196static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};\r
197static int bitparse_init(void * start_address, void *end_address)\r
198{\r
199 bitparse_initialized = 0;\r
200 \r
201 if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) {\r
202 return 0; /* Not matched */\r
203 } else {\r
204 bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header);\r
205 bitparse_bitstream_end= (char*)end_address;\r
206 bitparse_initialized = 1;\r
207 return 1;\r
208 }\r
209}\r
210\r
211int bitparse_find_section(char section_name, void **section_start, unsigned int *section_length)\r
212{\r
213 char *pos = bitparse_headers_start;\r
214 int result = 0;\r
215\r
216 if(!bitparse_initialized) return 0;\r
217\r
218 while(pos < bitparse_bitstream_end) {\r
219 char current_name = *pos++;\r
220 unsigned int current_length = 0;\r
221 if(current_name < 'a' || current_name > 'e') {\r
222 /* Strange section name, abort */\r
223 break;\r
224 }\r
225 current_length = 0;\r
226 switch(current_name) {\r
227 case 'e':\r
228 /* Four byte length field */\r
229 current_length += (*pos++) << 24;\r
230 current_length += (*pos++) << 16;\r
231 default: /* Fall through, two byte length field */\r
232 current_length += (*pos++) << 8;\r
233 current_length += (*pos++) << 0;\r
234 }\r
235 \r
236 if(current_name != 'e' && current_length > 255) {\r
237 /* Maybe a parse error */\r
238 break;\r
239 }\r
240 \r
241 if(current_name == section_name) {\r
242 /* Found it */\r
243 *section_start = pos;\r
244 *section_length = current_length;\r
245 result = 1;\r
246 break;\r
247 }\r
248 \r
249 pos += current_length; /* Skip section */\r
250 }\r
251 \r
252 return result;\r
253}\r
254\r
255//-----------------------------------------------------------------------------\r
256// Find out which FPGA image format is stored in flash, then call DownloadFPGA\r
257// with the right parameters to download the image\r
258//-----------------------------------------------------------------------------\r
259extern char _binary_fpga_bit_start, _binary_fpga_bit_end;\r
260void FpgaDownloadAndGo(void)\r
261{\r
262 /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start
263 */\r
264 if(bitparse_init(&_binary_fpga_bit_start, &_binary_fpga_bit_end)) {\r
265 /* Successfully initialized the .bit parser. Find the 'e' section and\r
266 * send its contents to the FPGA.
267 */\r
268 void *bitstream_start;\r
269 unsigned int bitstream_length;\r
270 if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) {\r
271 DownloadFPGA((DWORD *)bitstream_start, bitstream_length/4, 0);\r
272 \r
273 return; /* All done */\r
274 }\r
275 }\r
276 \r
277 /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF\r
278 * 0xAA995566 at address 0x2000. This is raw bitstream with a size of 336,768 bits \r
279 * = 10,524 DWORDs, stored as DWORDS e.g. little-endian in memory, but each DWORD\r
280 * is still to be transmitted in MSBit first order. Set the invert flag to indicate\r
281 * that the DownloadFPGA function should invert every 4 byte sequence when doing\r
282 * the bytewise download.
283 */\r
284 if( *(DWORD*)0x2000 == 0xFFFFFFFF && *(DWORD*)0x2004 == 0xAA995566 )\r
285 DownloadFPGA((DWORD *)0x2000, 10524, 1);\r
286}\r
287\r
ba8a80b3 288void FpgaGatherVersion(char *dst, int len)\r
289{\r
290 char *fpga_info; \r
291 unsigned int fpga_info_len;\r
292 dst[0] = 0;\r
293 if(!bitparse_find_section('e', (void**)&fpga_info, &fpga_info_len)) {\r
294 strncat(dst, "FPGA image: legacy image without version information", len-1);\r
295 } else {\r
296 strncat(dst, "FPGA image built", len-1);\r
297 /* USB packets only have 48 bytes data payload, so be terse */\r
298#if 0\r
299 if(bitparse_find_section('a', (void**)&fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {\r
300 strncat(dst, " from ", len-1);\r
301 strncat(dst, fpga_info, len-1);\r
302 }\r
303 if(bitparse_find_section('b', (void**)&fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {\r
304 strncat(dst, " for ", len-1);\r
305 strncat(dst, fpga_info, len-1);\r
306 }\r
307#endif\r
308 if(bitparse_find_section('c', (void**)&fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {\r
309 strncat(dst, " on ", len-1);\r
310 strncat(dst, fpga_info, len-1);\r
311 }\r
312 if(bitparse_find_section('d', (void**)&fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {\r
313 strncat(dst, " at ", len-1);\r
314 strncat(dst, fpga_info, len-1);\r
315 }\r
316 }\r
317}\r
318\r
30f2a7d3 319//-----------------------------------------------------------------------------\r
320// Send a 16 bit command/data pair to the FPGA.\r
321// The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0\r
322// where C is the 4 bit command and D is the 12 bit data\r
323//-----------------------------------------------------------------------------\r
324void FpgaSendCommand(WORD cmd, WORD v)\r
325{\r
326 SetupSpi(SPI_FPGA_MODE);\r
327 while ((SPI_STATUS & SPI_STATUS_TX_EMPTY) == 0); // wait for the transfer to complete\r
328 SPI_TX_DATA = SPI_CONTROL_LAST_TRANSFER | cmd | v; // send the data\r
329}\r
6658905f 330//-----------------------------------------------------------------------------\r
331// Write the FPGA setup word (that determines what mode the logic is in, read\r
30f2a7d3 332// vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to\r
333// avoid changing this function's occurence everywhere in the source code.\r
6658905f 334//-----------------------------------------------------------------------------\r
335void FpgaWriteConfWord(BYTE v)\r
336{\r
30f2a7d3 337 FpgaSendCommand(FPGA_CMD_SET_CONFREG, v);\r
6658905f 338}\r
339\r
340//-----------------------------------------------------------------------------\r
341// Set up the CMOS switches that mux the ADC: four switches, independently\r
342// closable, but should only close one at a time. Not an FPGA thing, but\r
343// the samples from the ADC always flow through the FPGA.\r
344//-----------------------------------------------------------------------------\r
345void SetAdcMuxFor(int whichGpio)\r
346{\r
347 PIO_OUTPUT_ENABLE = (1 << GPIO_MUXSEL_HIPKD) |\r
348 (1 << GPIO_MUXSEL_LOPKD) |\r
349 (1 << GPIO_MUXSEL_LORAW) |\r
350 (1 << GPIO_MUXSEL_HIRAW);\r
351\r
352 PIO_ENABLE = (1 << GPIO_MUXSEL_HIPKD) |\r
353 (1 << GPIO_MUXSEL_LOPKD) |\r
354 (1 << GPIO_MUXSEL_LORAW) |\r
355 (1 << GPIO_MUXSEL_HIRAW);\r
356\r
357 LOW(GPIO_MUXSEL_HIPKD);\r
358 LOW(GPIO_MUXSEL_HIRAW);\r
359 LOW(GPIO_MUXSEL_LORAW);\r
360 LOW(GPIO_MUXSEL_LOPKD);\r
361\r
362 HIGH(whichGpio);\r
363}\r
Impressum, Datenschutz