projects / proxmark3-svn / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
updates to function hf mf retore1k
[proxmark3-svn] / armsrc / fpgaloader.c
CommitLineData
15c4dc5a 1//-----------------------------------------------------------------------------
bd20f8f4 2// Jonathan Westhues, April 2006
3//
4// This code is licensed to you under the terms of the GNU GPL, version 2 or,
5// at your option, any later version. See the LICENSE.txt file for the text of
6// the license.
7//-----------------------------------------------------------------------------
15c4dc5a 8// Routines to load the FPGA image, and then to configure the FPGA's major
9// mode once it is configured.
15c4dc5a 10//-----------------------------------------------------------------------------
bd20f8f4 11
e30c654b 12#include "proxmark3.h"
15c4dc5a 13#include "apps.h"
f7e3ed82 14#include "util.h"
9ab7a6c7 15#include "string.h"
15c4dc5a 16
17//-----------------------------------------------------------------------------
18// Set up the Serial Peripheral Interface as master
19// Used to write the FPGA config word
20// May also be used to write to other SPI attached devices like an LCD
21//-----------------------------------------------------------------------------
22void SetupSpi(int mode)
23{
24 // PA10 -> SPI_NCS2 chip select (LCD)
25 // PA11 -> SPI_NCS0 chip select (FPGA)
26 // PA12 -> SPI_MISO Master-In Slave-Out
27 // PA13 -> SPI_MOSI Master-Out Slave-In
28 // PA14 -> SPI_SPCK Serial Clock
29
30 // Disable PIO control of the following pins, allows use by the SPI peripheral
31 AT91C_BASE_PIOA->PIO_PDR =
32 GPIO_NCS0 |
33 GPIO_NCS2 |
34 GPIO_MISO |
35 GPIO_MOSI |
36 GPIO_SPCK;
37
38 AT91C_BASE_PIOA->PIO_ASR =
39 GPIO_NCS0 |
40 GPIO_MISO |
41 GPIO_MOSI |
42 GPIO_SPCK;
43
44 AT91C_BASE_PIOA->PIO_BSR = GPIO_NCS2;
45
46 //enable the SPI Peripheral clock
47 AT91C_BASE_PMC->PMC_PCER = (1<<AT91C_ID_SPI);
48 // Enable SPI
49 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIEN;
50
51 switch (mode) {
52 case SPI_FPGA_MODE:
53 AT91C_BASE_SPI->SPI_MR =
54 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
55 (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)
56 ( 0 << 7) | // Local Loopback Disabled
57 ( 1 << 4) | // Mode Fault Detection disabled
58 ( 0 << 2) | // Chip selects connected directly to peripheral
59 ( 0 << 1) | // Fixed Peripheral Select
60 ( 1 << 0); // Master Mode
61 AT91C_BASE_SPI->SPI_CSR[0] =
62 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
63 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
64 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
65 ( 8 << 4) | // Bits per Transfer (16 bits)
66 ( 0 << 3) | // Chip Select inactive after transfer
67 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
68 ( 0 << 0); // Clock Polarity inactive state is logic 0
69 break;
70 case SPI_LCD_MODE:
71 AT91C_BASE_SPI->SPI_MR =
72 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
73 (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)
74 ( 0 << 7) | // Local Loopback Disabled
75 ( 1 << 4) | // Mode Fault Detection disabled
76 ( 0 << 2) | // Chip selects connected directly to peripheral
77 ( 0 << 1) | // Fixed Peripheral Select
78 ( 1 << 0); // Master Mode
79 AT91C_BASE_SPI->SPI_CSR[2] =
80 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
81 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
82 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
83 ( 1 << 4) | // Bits per Transfer (9 bits)
84 ( 0 << 3) | // Chip Select inactive after transfer
85 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
86 ( 0 << 0); // Clock Polarity inactive state is logic 0
87 break;
88 default: // Disable SPI
89 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIDIS;
90 break;
91 }
92}
93
94//-----------------------------------------------------------------------------
95// Set up the synchronous serial port, with the one set of options that we
96// always use when we are talking to the FPGA. Both RX and TX are enabled.
97//-----------------------------------------------------------------------------
98void FpgaSetupSsc(void)
99{
100 // First configure the GPIOs, and get ourselves a clock.
101 AT91C_BASE_PIOA->PIO_ASR =
102 GPIO_SSC_FRAME |
103 GPIO_SSC_DIN |
104 GPIO_SSC_DOUT |
105 GPIO_SSC_CLK;
106 AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT;
107
108 AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC);
109
110 // Now set up the SSC proper, starting from a known state.
111 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
112
113 // RX clock comes from TX clock, RX starts when TX starts, data changes
114 // on RX clock rising edge, sampled on falling edge
115 AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
116
117 // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync
118 // pulse, no output sync, start on positive-going edge of sync
119 AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) |
120 AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
121
122 // clock comes from TK pin, no clock output, outputs change on falling
123 // edge of TK, start on rising edge of TF
124 AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) |
125 SSC_CLOCK_MODE_START(5);
126
127 // tx framing is the same as the rx framing
128 AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR;
129
130 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN;
131}
132
133//-----------------------------------------------------------------------------
134// Set up DMA to receive samples from the FPGA. We will use the PDC, with
135// a single buffer as a circular buffer (so that we just chain back to
136// ourselves, not to another buffer). The stuff to manipulate those buffers
137// is in apps.h, because it should be inlined, for speed.
138//-----------------------------------------------------------------------------
f7e3ed82 139void FpgaSetupSscDma(uint8_t *buf, int len)
15c4dc5a 140{
f7e3ed82 141 AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) buf;
15c4dc5a 142 AT91C_BASE_PDC_SSC->PDC_RCR = len;
f7e3ed82 143 AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) buf;
15c4dc5a 144 AT91C_BASE_PDC_SSC->PDC_RNCR = len;
145 AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN;
146}
147
148static void DownloadFPGA_byte(unsigned char w)
149{
150#define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }
151 SEND_BIT(7);
152 SEND_BIT(6);
153 SEND_BIT(5);
154 SEND_BIT(4);
155 SEND_BIT(3);
156 SEND_BIT(2);
157 SEND_BIT(1);
158 SEND_BIT(0);
159}
160
161// Download the fpga image starting at FpgaImage and with length FpgaImageLen bytes
162// If bytereversal is set: reverse the byte order in each 4-byte word
163static void DownloadFPGA(const char *FpgaImage, int FpgaImageLen, int bytereversal)
164{
165 int i=0;
166
167 AT91C_BASE_PIOA->PIO_OER = GPIO_FPGA_ON;
168 AT91C_BASE_PIOA->PIO_PER = GPIO_FPGA_ON;
169 HIGH(GPIO_FPGA_ON); // ensure everything is powered on
170
171 SpinDelay(50);
172
173 LED_D_ON();
174
175 // These pins are inputs
176 AT91C_BASE_PIOA->PIO_ODR =
177 GPIO_FPGA_NINIT |
178 GPIO_FPGA_DONE;
179 // PIO controls the following pins
180 AT91C_BASE_PIOA->PIO_PER =
181 GPIO_FPGA_NINIT |
182 GPIO_FPGA_DONE;
183 // Enable pull-ups
184 AT91C_BASE_PIOA->PIO_PPUER =
185 GPIO_FPGA_NINIT |
186 GPIO_FPGA_DONE;
187
188 // setup initial logic state
189 HIGH(GPIO_FPGA_NPROGRAM);
190 LOW(GPIO_FPGA_CCLK);
191 LOW(GPIO_FPGA_DIN);
192 // These pins are outputs
193 AT91C_BASE_PIOA->PIO_OER =
194 GPIO_FPGA_NPROGRAM |
195 GPIO_FPGA_CCLK |
196 GPIO_FPGA_DIN;
197
198 // enter FPGA configuration mode
199 LOW(GPIO_FPGA_NPROGRAM);
200 SpinDelay(50);
201 HIGH(GPIO_FPGA_NPROGRAM);
202
203 i=100000;
204 // wait for FPGA ready to accept data signal
205 while ((i) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_NINIT ) ) ) {
206 i--;
207 }
208
209 // crude error indicator, leave both red LEDs on and return
210 if (i==0){
211 LED_C_ON();
212 LED_D_ON();
213 return;
214 }
215
216 if(bytereversal) {
f7e3ed82 217 /* This is only supported for uint32_t aligned images */
218 if( ((int)FpgaImage % sizeof(uint32_t)) == 0 ) {
15c4dc5a 219 i=0;
220 while(FpgaImageLen-->0)
221 DownloadFPGA_byte(FpgaImage[(i++)^0x3]);
e30c654b 222 /* Explanation of the magic in the above line:
15c4dc5a 223 * i^0x3 inverts the lower two bits of the integer i, counting backwards
224 * for each 4 byte increment. The generated sequence of (i++)^3 is
e30c654b 225 * 3 2 1 0 7 6 5 4 11 10 9 8 15 14 13 12 etc. pp.
15c4dc5a 226 */
227 }
228 } else {
229 while(FpgaImageLen-->0)
230 DownloadFPGA_byte(*FpgaImage++);
231 }
232
233 // continue to clock FPGA until ready signal goes high
234 i=100000;
235 while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) {
236 HIGH(GPIO_FPGA_CCLK);
237 LOW(GPIO_FPGA_CCLK);
238 }
239 // crude error indicator, leave both red LEDs on and return
240 if (i==0){
241 LED_C_ON();
242 LED_D_ON();
243 return;
244 }
245 LED_D_OFF();
246}
247
248static char *bitparse_headers_start;
249static char *bitparse_bitstream_end;
250static int bitparse_initialized;
251/* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence
252 * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01
253 * After that the format is 1 byte section type (ASCII character), 2 byte length
254 * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes
255 * length.
256 */
257static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};
258static int bitparse_init(void * start_address, void *end_address)
259{
260 bitparse_initialized = 0;
e30c654b 261
15c4dc5a 262 if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) {
263 return 0; /* Not matched */
264 } else {
265 bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header);
266 bitparse_bitstream_end= (char*)end_address;
267 bitparse_initialized = 1;
268 return 1;
269 }
270}
271
272int bitparse_find_section(char section_name, char **section_start, unsigned int *section_length)
273{
274 char *pos = bitparse_headers_start;
275 int result = 0;
276
277 if(!bitparse_initialized) return 0;
278
279 while(pos < bitparse_bitstream_end) {
280 char current_name = *pos++;
281 unsigned int current_length = 0;
282 if(current_name < 'a' || current_name > 'e') {
283 /* Strange section name, abort */
284 break;
285 }
286 current_length = 0;
287 switch(current_name) {
288 case 'e':
289 /* Four byte length field */
290 current_length += (*pos++) << 24;
291 current_length += (*pos++) << 16;
292 default: /* Fall through, two byte length field */
293 current_length += (*pos++) << 8;
294 current_length += (*pos++) << 0;
295 }
e30c654b 296
15c4dc5a 297 if(current_name != 'e' && current_length > 255) {
298 /* Maybe a parse error */
299 break;
300 }
e30c654b 301
15c4dc5a 302 if(current_name == section_name) {
303 /* Found it */
304 *section_start = pos;
305 *section_length = current_length;
306 result = 1;
307 break;
308 }
e30c654b 309
15c4dc5a 310 pos += current_length; /* Skip section */
311 }
e30c654b 312
15c4dc5a 313 return result;
314}
315
316//-----------------------------------------------------------------------------
317// Find out which FPGA image format is stored in flash, then call DownloadFPGA
318// with the right parameters to download the image
319//-----------------------------------------------------------------------------
320extern char _binary_fpga_bit_start, _binary_fpga_bit_end;
321void FpgaDownloadAndGo(void)
322{
323 /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start
324 */
325 if(bitparse_init(&_binary_fpga_bit_start, &_binary_fpga_bit_end)) {
326 /* Successfully initialized the .bit parser. Find the 'e' section and
327 * send its contents to the FPGA.
328 */
329 char *bitstream_start;
330 unsigned int bitstream_length;
331 if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) {
332 DownloadFPGA(bitstream_start, bitstream_length, 0);
e30c654b 333
15c4dc5a 334 return; /* All done */
335 }
336 }
e30c654b 337
15c4dc5a 338 /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF
e30c654b 339 * 0xAA995566 at address 0x102000. This is raw bitstream with a size of 336,768 bits
f7e3ed82 340 * = 10,524 uint32_t, stored as uint32_t e.g. little-endian in memory, but each DWORD
15c4dc5a 341 * is still to be transmitted in MSBit first order. Set the invert flag to indicate
342 * that the DownloadFPGA function should invert every 4 byte sequence when doing
343 * the bytewise download.
344 */
f7e3ed82 345 if( *(uint32_t*)0x102000 == 0xFFFFFFFF && *(uint32_t*)0x102004 == 0xAA995566 )
15c4dc5a 346 DownloadFPGA((char*)0x102000, 10524*4, 1);
347}
348
349void FpgaGatherVersion(char *dst, int len)
350{
e30c654b 351 char *fpga_info;
15c4dc5a 352 unsigned int fpga_info_len;
353 dst[0] = 0;
354 if(!bitparse_find_section('e', &fpga_info, &fpga_info_len)) {
355 strncat(dst, "FPGA image: legacy image without version information", len-1);
356 } else {
357 strncat(dst, "FPGA image built", len-1);
358 /* USB packets only have 48 bytes data payload, so be terse */
359#if 0
360 if(bitparse_find_section('a', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
361 strncat(dst, " from ", len-1);
362 strncat(dst, fpga_info, len-1);
363 }
364 if(bitparse_find_section('b', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
365 strncat(dst, " for ", len-1);
366 strncat(dst, fpga_info, len-1);
367 }
368#endif
369 if(bitparse_find_section('c', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
370 strncat(dst, " on ", len-1);
371 strncat(dst, fpga_info, len-1);
372 }
373 if(bitparse_find_section('d', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
374 strncat(dst, " at ", len-1);
375 strncat(dst, fpga_info, len-1);
376 }
377 }
378}
379
380//-----------------------------------------------------------------------------
381// Send a 16 bit command/data pair to the FPGA.
382// The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0
383// where C is the 4 bit command and D is the 12 bit data
384//-----------------------------------------------------------------------------
f7e3ed82 385void FpgaSendCommand(uint16_t cmd, uint16_t v)
15c4dc5a 386{
387 SetupSpi(SPI_FPGA_MODE);
388 while ((AT91C_BASE_SPI->SPI_SR & AT91C_SPI_TXEMPTY) == 0); // wait for the transfer to complete
389 AT91C_BASE_SPI->SPI_TDR = AT91C_SPI_LASTXFER | cmd | v; // send the data
390}
391//-----------------------------------------------------------------------------
392// Write the FPGA setup word (that determines what mode the logic is in, read
393// vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to
394// avoid changing this function's occurence everywhere in the source code.
395//-----------------------------------------------------------------------------
f7e3ed82 396void FpgaWriteConfWord(uint8_t v)
15c4dc5a 397{
398 FpgaSendCommand(FPGA_CMD_SET_CONFREG, v);
399}
400
401//-----------------------------------------------------------------------------
402// Set up the CMOS switches that mux the ADC: four switches, independently
403// closable, but should only close one at a time. Not an FPGA thing, but
404// the samples from the ADC always flow through the FPGA.
405//-----------------------------------------------------------------------------
f7e3ed82 406void SetAdcMuxFor(uint32_t whichGpio)
15c4dc5a 407{
408 AT91C_BASE_PIOA->PIO_OER =
409 GPIO_MUXSEL_HIPKD |
410 GPIO_MUXSEL_LOPKD |
411 GPIO_MUXSEL_LORAW |
412 GPIO_MUXSEL_HIRAW;
413
414 AT91C_BASE_PIOA->PIO_PER =
415 GPIO_MUXSEL_HIPKD |
416 GPIO_MUXSEL_LOPKD |
417 GPIO_MUXSEL_LORAW |
418 GPIO_MUXSEL_HIRAW;
419
420 LOW(GPIO_MUXSEL_HIPKD);
421 LOW(GPIO_MUXSEL_HIRAW);
422 LOW(GPIO_MUXSEL_LORAW);
423 LOW(GPIO_MUXSEL_LOPKD);
424
425 HIGH(whichGpio);
426}
Proxmark3 GIT tracking
Impressum, Datenschutz