]> cvs.zerfleddert.de Git - proxmark3-svn/blame - armsrc/fpgaloader.c
projects / proxmark3-svn / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
add: hw ver: show FPGA versions for both HF and LF FPGA configs
[proxmark3-svn] / armsrc / fpgaloader.c
CommitLineData
15c4dc5a 1//-----------------------------------------------------------------------------
bd20f8f4 2// Jonathan Westhues, April 2006
62638f87 3// iZsh <izsh at fail0verflow.com>, 2014
bd20f8f4 4//
5// This code is licensed to you under the terms of the GNU GPL, version 2 or,
6// at your option, any later version. See the LICENSE.txt file for the text of
7// the license.
8//-----------------------------------------------------------------------------
15c4dc5a 9// Routines to load the FPGA image, and then to configure the FPGA's major
10// mode once it is configured.
15c4dc5a 11//-----------------------------------------------------------------------------
e30c654b 12#include "proxmark3.h"
15c4dc5a 13#include "apps.h"
f7e3ed82 14#include "util.h"
9ab7a6c7 15#include "string.h"
15c4dc5a 16
e6153040 17// remember which version of the bitstream we have already downloaded to the FPGA
18static int downloaded_bitstream = FPGA_BITSTREAM_ERR;
19
20// this is where the bitstreams are located in memory:
21extern uint8_t _binary_fpga_lf_bit_start, _binary_fpga_lf_bit_end;
22extern uint8_t _binary_fpga_hf_bit_start, _binary_fpga_hf_bit_end;
23static uint8_t *fpga_image_ptr = NULL;
24
25static const uint8_t _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};
26static const uint8_t _gzip_header[] = {0x1f, 0x8b, 0x08}; // including compression method 0x08 (deflate)
27#define GZIP_HEADER_SIZE sizeof(_gzip_header)
28#define FPGA_BITSTREAM_FIXED_HEADER_SIZE sizeof(_bitparse_fixed_header)
29
15c4dc5a 30//-----------------------------------------------------------------------------
31// Set up the Serial Peripheral Interface as master
32// Used to write the FPGA config word
33// May also be used to write to other SPI attached devices like an LCD
34//-----------------------------------------------------------------------------
35void SetupSpi(int mode)
36{
37 // PA10 -> SPI_NCS2 chip select (LCD)
38 // PA11 -> SPI_NCS0 chip select (FPGA)
39 // PA12 -> SPI_MISO Master-In Slave-Out
40 // PA13 -> SPI_MOSI Master-Out Slave-In
41 // PA14 -> SPI_SPCK Serial Clock
42
43 // Disable PIO control of the following pins, allows use by the SPI peripheral
44 AT91C_BASE_PIOA->PIO_PDR =
45 GPIO_NCS0 |
46 GPIO_NCS2 |
47 GPIO_MISO |
48 GPIO_MOSI |
49 GPIO_SPCK;
50
51 AT91C_BASE_PIOA->PIO_ASR =
52 GPIO_NCS0 |
53 GPIO_MISO |
54 GPIO_MOSI |
55 GPIO_SPCK;
56
57 AT91C_BASE_PIOA->PIO_BSR = GPIO_NCS2;
58
59 //enable the SPI Peripheral clock
60 AT91C_BASE_PMC->PMC_PCER = (1<<AT91C_ID_SPI);
61 // Enable SPI
62 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIEN;
63
64 switch (mode) {
65 case SPI_FPGA_MODE:
66 AT91C_BASE_SPI->SPI_MR =
67 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
68 (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)
69 ( 0 << 7) | // Local Loopback Disabled
70 ( 1 << 4) | // Mode Fault Detection disabled
71 ( 0 << 2) | // Chip selects connected directly to peripheral
72 ( 0 << 1) | // Fixed Peripheral Select
73 ( 1 << 0); // Master Mode
74 AT91C_BASE_SPI->SPI_CSR[0] =
75 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
76 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
77 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
78 ( 8 << 4) | // Bits per Transfer (16 bits)
79 ( 0 << 3) | // Chip Select inactive after transfer
80 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
81 ( 0 << 0); // Clock Polarity inactive state is logic 0
82 break;
83 case SPI_LCD_MODE:
84 AT91C_BASE_SPI->SPI_MR =
85 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
86 (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)
87 ( 0 << 7) | // Local Loopback Disabled
88 ( 1 << 4) | // Mode Fault Detection disabled
89 ( 0 << 2) | // Chip selects connected directly to peripheral
90 ( 0 << 1) | // Fixed Peripheral Select
91 ( 1 << 0); // Master Mode
92 AT91C_BASE_SPI->SPI_CSR[2] =
93 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
94 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
95 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
96 ( 1 << 4) | // Bits per Transfer (9 bits)
97 ( 0 << 3) | // Chip Select inactive after transfer
98 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
99 ( 0 << 0); // Clock Polarity inactive state is logic 0
100 break;
101 default: // Disable SPI
102 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIDIS;
103 break;
104 }
105}
106
107//-----------------------------------------------------------------------------
108// Set up the synchronous serial port, with the one set of options that we
109// always use when we are talking to the FPGA. Both RX and TX are enabled.
110//-----------------------------------------------------------------------------
111void FpgaSetupSsc(void)
112{
113 // First configure the GPIOs, and get ourselves a clock.
114 AT91C_BASE_PIOA->PIO_ASR =
115 GPIO_SSC_FRAME |
116 GPIO_SSC_DIN |
117 GPIO_SSC_DOUT |
118 GPIO_SSC_CLK;
119 AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT;
120
121 AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC);
122
123 // Now set up the SSC proper, starting from a known state.
124 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
125
126 // RX clock comes from TX clock, RX starts when TX starts, data changes
127 // on RX clock rising edge, sampled on falling edge
128 AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
129
130 // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync
d714d3ef 131 // pulse, no output sync
902cb3c0 132 AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
15c4dc5a 133
134 // clock comes from TK pin, no clock output, outputs change on falling
d714d3ef 135 // edge of TK, sample on rising edge of TK, start on positive-going edge of sync
902cb3c0 136 AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) | SSC_CLOCK_MODE_START(5);
15c4dc5a 137
138 // tx framing is the same as the rx framing
139 AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR;
140
141 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN;
142}
143
144//-----------------------------------------------------------------------------
145// Set up DMA to receive samples from the FPGA. We will use the PDC, with
146// a single buffer as a circular buffer (so that we just chain back to
147// ourselves, not to another buffer). The stuff to manipulate those buffers
148// is in apps.h, because it should be inlined, for speed.
149//-----------------------------------------------------------------------------
d19929cb 150bool FpgaSetupSscDma(uint8_t *buf, int len)
15c4dc5a 151{
d19929cb 152 if (buf == NULL) {
153 return false;
154 }
155
7bc95e2e 156 AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; // Disable DMA Transfer
157 AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) buf; // transfer to this memory address
158 AT91C_BASE_PDC_SSC->PDC_RCR = len; // transfer this many bytes
159 AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) buf; // next transfer to same memory address
160 AT91C_BASE_PDC_SSC->PDC_RNCR = len; // ... with same number of bytes
161 AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; // go!
d19929cb 162
163 return true;
15c4dc5a 164}
165
e6153040 166
167void reset_fpga_stream(uint8_t *image_start)
168{
169 fpga_image_ptr = image_start;
170}
171
172
173uint8_t get_from_fpga_stream(void)
174{
175 return *fpga_image_ptr++;
176}
177
178
15c4dc5a 179static void DownloadFPGA_byte(unsigned char w)
180{
181#define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }
182 SEND_BIT(7);
183 SEND_BIT(6);
184 SEND_BIT(5);
185 SEND_BIT(4);
186 SEND_BIT(3);
187 SEND_BIT(2);
188 SEND_BIT(1);
189 SEND_BIT(0);
190}
191
e6153040 192// Download the fpga image starting at current stream position with length FpgaImageLen bytes
193static void DownloadFPGA(int FpgaImageLen)
15c4dc5a 194{
195 int i=0;
196
197 AT91C_BASE_PIOA->PIO_OER = GPIO_FPGA_ON;
198 AT91C_BASE_PIOA->PIO_PER = GPIO_FPGA_ON;
199 HIGH(GPIO_FPGA_ON); // ensure everything is powered on
200
201 SpinDelay(50);
202
203 LED_D_ON();
204
205 // These pins are inputs
206 AT91C_BASE_PIOA->PIO_ODR =
207 GPIO_FPGA_NINIT |
208 GPIO_FPGA_DONE;
209 // PIO controls the following pins
210 AT91C_BASE_PIOA->PIO_PER =
211 GPIO_FPGA_NINIT |
212 GPIO_FPGA_DONE;
213 // Enable pull-ups
214 AT91C_BASE_PIOA->PIO_PPUER =
215 GPIO_FPGA_NINIT |
216 GPIO_FPGA_DONE;
217
218 // setup initial logic state
219 HIGH(GPIO_FPGA_NPROGRAM);
220 LOW(GPIO_FPGA_CCLK);
221 LOW(GPIO_FPGA_DIN);
222 // These pins are outputs
223 AT91C_BASE_PIOA->PIO_OER =
224 GPIO_FPGA_NPROGRAM |
225 GPIO_FPGA_CCLK |
226 GPIO_FPGA_DIN;
227
228 // enter FPGA configuration mode
229 LOW(GPIO_FPGA_NPROGRAM);
230 SpinDelay(50);
231 HIGH(GPIO_FPGA_NPROGRAM);
232
233 i=100000;
234 // wait for FPGA ready to accept data signal
235 while ((i) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_NINIT ) ) ) {
236 i--;
237 }
238
239 // crude error indicator, leave both red LEDs on and return
240 if (i==0){
241 LED_C_ON();
242 LED_D_ON();
243 return;
244 }
245
e6153040 246 while(FpgaImageLen-->0) {
247 DownloadFPGA_byte(get_from_fpga_stream());
15c4dc5a 248 }
249
250 // continue to clock FPGA until ready signal goes high
251 i=100000;
252 while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) {
253 HIGH(GPIO_FPGA_CCLK);
254 LOW(GPIO_FPGA_CCLK);
255 }
256 // crude error indicator, leave both red LEDs on and return
257 if (i==0){
258 LED_C_ON();
259 LED_D_ON();
260 return;
261 }
262 LED_D_OFF();
263}
264
e6153040 265
15c4dc5a 266/* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence
267 * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01
268 * After that the format is 1 byte section type (ASCII character), 2 byte length
269 * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes
270 * length.
271 */
e6153040 272int bitparse_find_section(char section_name, unsigned int *section_length)
15c4dc5a 273{
15c4dc5a 274 int result = 0;
e6153040 275 #define MAX_FPGA_BIT_STREAM_HEADER_SEARCH 100 // maximum number of bytes to search for the requested section
276 uint16_t numbytes = 0;
277 while(numbytes < MAX_FPGA_BIT_STREAM_HEADER_SEARCH) {
278 char current_name = get_from_fpga_stream();
279 numbytes++;
15c4dc5a 280 unsigned int current_length = 0;
281 if(current_name < 'a' || current_name > 'e') {
282 /* Strange section name, abort */
283 break;
284 }
285 current_length = 0;
286 switch(current_name) {
287 case 'e':
288 /* Four byte length field */
e6153040 289 current_length += get_from_fpga_stream() << 24;
290 current_length += get_from_fpga_stream() << 16;
291 numbytes += 2;
15c4dc5a 292 default: /* Fall through, two byte length field */
e6153040 293 current_length += get_from_fpga_stream() << 8;
294 current_length += get_from_fpga_stream() << 0;
295 numbytes += 2;
15c4dc5a 296 }
e30c654b 297
15c4dc5a 298 if(current_name != 'e' && current_length > 255) {
299 /* Maybe a parse error */
300 break;
301 }
e30c654b 302
15c4dc5a 303 if(current_name == section_name) {
304 /* Found it */
15c4dc5a 305 *section_length = current_length;
306 result = 1;
307 break;
308 }
e30c654b 309
e6153040 310 for (uint16_t i = 0; i < current_length && numbytes < MAX_FPGA_BIT_STREAM_HEADER_SEARCH; i++) {
311 get_from_fpga_stream();
312 numbytes++;
313 }
15c4dc5a 314 }
e30c654b 315
15c4dc5a 316 return result;
317}
318
e6153040 319void init_fpga_inflate(void)
320{
321 // initialize zlib for inflate
322}
323
324
15c4dc5a 325//-----------------------------------------------------------------------------
326// Find out which FPGA image format is stored in flash, then call DownloadFPGA
327// with the right parameters to download the image
328//-----------------------------------------------------------------------------
7cc204bf 329void FpgaDownloadAndGo(int bitstream_version)
15c4dc5a 330{
e6153040 331 uint8_t header[FPGA_BITSTREAM_FIXED_HEADER_SIZE];
332
7cc204bf 333 // check whether or not the bitstream is already loaded
e6153040 334 if (downloaded_bitstream == bitstream_version)
7cc204bf 335 return;
336
337 if (bitstream_version == FPGA_BITSTREAM_LF) {
e6153040 338 reset_fpga_stream(&_binary_fpga_lf_bit_start);
7cc204bf 339 } else if (bitstream_version == FPGA_BITSTREAM_HF) {
e6153040 340 reset_fpga_stream(&_binary_fpga_hf_bit_start);
7cc204bf 341 } else
342 return;
e30c654b 343
e6153040 344 uint16_t i = 0;
345 for (; i < GZIP_HEADER_SIZE; i++) {
346 header[i] = get_from_fpga_stream();
347 }
348
349 // Check for compressed new flash image format (starts with gzip header)
350 if(memcmp(_gzip_header, header, GZIP_HEADER_SIZE) == 0) {
351 init_fpga_inflate();
352 }
353
354 for (; i < FPGA_BITSTREAM_FIXED_HEADER_SIZE; i++) {
355 header[i] = get_from_fpga_stream();
356 }
357
358 // Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start
359 if(memcmp(_bitparse_fixed_header, header, FPGA_BITSTREAM_FIXED_HEADER_SIZE) == 0) {
360 unsigned int bitstream_length;
361 if(bitparse_find_section('e', &bitstream_length)) {
362 DownloadFPGA(bitstream_length);
363 downloaded_bitstream = bitstream_version;
15c4dc5a 364 return; /* All done */
365 }
366 }
e6153040 367}
15c4dc5a 368
7cc204bf 369int FpgaGatherBitstreamVersion()
370{
e6153040 371 return downloaded_bitstream;
7cc204bf 372}
373
e6153040 374void FpgaGatherVersion(int bitstream_version, char *dst, int len)
15c4dc5a 375{
15c4dc5a 376 unsigned int fpga_info_len;
e6153040 377 char tempstr[40];
378
379 dst[0] = '\0';
380
381 if (bitstream_version == FPGA_BITSTREAM_LF) {
382 reset_fpga_stream(&_binary_fpga_lf_bit_start);
383 } else if (bitstream_version == FPGA_BITSTREAM_HF) {
384 reset_fpga_stream(&_binary_fpga_hf_bit_start);
385 } else
386 return;
387
388
389 for (uint16_t i = 0; i < FPGA_BITSTREAM_FIXED_HEADER_SIZE; i++) {
390 get_from_fpga_stream();
391 }
392
393 if(bitparse_find_section('a', &fpga_info_len)) {
394 for (uint16_t i = 0; i < fpga_info_len; i++) {
395 char c = (char)get_from_fpga_stream();
396 if (i < sizeof(tempstr)) {
397 tempstr[i] = c;
398 }
15c4dc5a 399 }
e6153040 400 if (!memcmp("fpga_lf", tempstr, 7))
401 strncat(dst, "LF ", len-1);
402 else if (!memcmp("fpga_hf", tempstr, 7))
403 strncat(dst, "HF ", len-1);
404 }
405 strncat(dst, "FPGA image built", len-1);
406 if(bitparse_find_section('b', &fpga_info_len)) {
407 strncat(dst, " for ", len-1);
408 for (uint16_t i = 0; i < fpga_info_len; i++) {
409 char c = (char)get_from_fpga_stream();
410 if (i < sizeof(tempstr)) {
411 tempstr[i] = c;
412 }
15c4dc5a 413 }
e6153040 414 strncat(dst, tempstr, len-1);
415 }
416 if(bitparse_find_section('c', &fpga_info_len)) {
417 strncat(dst, " on ", len-1);
418 for (uint16_t i = 0; i < fpga_info_len; i++) {
419 char c = (char)get_from_fpga_stream();
420 if (i < sizeof(tempstr)) {
421 tempstr[i] = c;
422 }
15c4dc5a 423 }
e6153040 424 strncat(dst, tempstr, len-1);
425 }
426 if(bitparse_find_section('d', &fpga_info_len)) {
427 strncat(dst, " at ", len-1);
428 for (uint16_t i = 0; i < fpga_info_len; i++) {
429 char c = (char)get_from_fpga_stream();
430 if (i < sizeof(tempstr)) {
431 tempstr[i] = c;
432 }
15c4dc5a 433 }
e6153040 434 strncat(dst, tempstr, len-1);
15c4dc5a 435 }
436}
437
438//-----------------------------------------------------------------------------
439// Send a 16 bit command/data pair to the FPGA.
440// The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0
441// where C is the 4 bit command and D is the 12 bit data
442//-----------------------------------------------------------------------------
f7e3ed82 443void FpgaSendCommand(uint16_t cmd, uint16_t v)
15c4dc5a 444{
445 SetupSpi(SPI_FPGA_MODE);
446 while ((AT91C_BASE_SPI->SPI_SR & AT91C_SPI_TXEMPTY) == 0); // wait for the transfer to complete
447 AT91C_BASE_SPI->SPI_TDR = AT91C_SPI_LASTXFER | cmd | v; // send the data
448}
449//-----------------------------------------------------------------------------
450// Write the FPGA setup word (that determines what mode the logic is in, read
451// vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to
452// avoid changing this function's occurence everywhere in the source code.
453//-----------------------------------------------------------------------------
f7e3ed82 454void FpgaWriteConfWord(uint8_t v)
15c4dc5a 455{
456 FpgaSendCommand(FPGA_CMD_SET_CONFREG, v);
457}
458
459//-----------------------------------------------------------------------------
460// Set up the CMOS switches that mux the ADC: four switches, independently
461// closable, but should only close one at a time. Not an FPGA thing, but
462// the samples from the ADC always flow through the FPGA.
463//-----------------------------------------------------------------------------
f7e3ed82 464void SetAdcMuxFor(uint32_t whichGpio)
15c4dc5a 465{
466 AT91C_BASE_PIOA->PIO_OER =
467 GPIO_MUXSEL_HIPKD |
468 GPIO_MUXSEL_LOPKD |
469 GPIO_MUXSEL_LORAW |
470 GPIO_MUXSEL_HIRAW;
471
472 AT91C_BASE_PIOA->PIO_PER =
473 GPIO_MUXSEL_HIPKD |
474 GPIO_MUXSEL_LOPKD |
475 GPIO_MUXSEL_LORAW |
476 GPIO_MUXSEL_HIRAW;
477
478 LOW(GPIO_MUXSEL_HIPKD);
479 LOW(GPIO_MUXSEL_HIRAW);
480 LOW(GPIO_MUXSEL_LORAW);
481 LOW(GPIO_MUXSEL_LOPKD);
482
483 HIGH(whichGpio);
484}
Proxmark3 GIT tracking
Impressum, Datenschutz