]>
Commit | Line | Data |
---|---|---|
1 | //-----------------------------------------------------------------------------\r | |
2 | // Routines to load the FPGA image, and then to configure the FPGA's major\r | |
3 | // mode once it is configured.\r | |
4 | //\r | |
5 | // Jonathan Westhues, April 2006\r | |
6 | //-----------------------------------------------------------------------------\r | |
7 | #include <proxmark3.h>\r | |
8 | #include "apps.h"\r | |
9 | \r | |
10 | //-----------------------------------------------------------------------------\r | |
11 | // Set up the Serial Peripheral Interface as master\r | |
12 | // Used to write the FPGA config word\r | |
13 | // May also be used to write to other SPI attached devices like an LCD\r | |
14 | //-----------------------------------------------------------------------------\r | |
15 | void SetupSpi(int mode)\r | |
16 | {\r | |
17 | // PA10 -> SPI_NCS2 chip select (LCD)\r | |
18 | // PA11 -> SPI_NCS0 chip select (FPGA)\r | |
19 | // PA12 -> SPI_MISO Master-In Slave-Out\r | |
20 | // PA13 -> SPI_MOSI Master-Out Slave-In\r | |
21 | // PA14 -> SPI_SPCK Serial Clock\r | |
22 | \r | |
23 | // Disable PIO control of the following pins, allows use by the SPI peripheral\r | |
24 | PIO_DISABLE = (1 << GPIO_NCS0) |\r | |
25 | (1 << GPIO_NCS2) |\r | |
26 | (1 << GPIO_MISO) |\r | |
27 | (1 << GPIO_MOSI) |\r | |
28 | (1 << GPIO_SPCK);\r | |
29 | \r | |
30 | PIO_PERIPHERAL_A_SEL = (1 << GPIO_NCS0) |\r | |
31 | (1 << GPIO_MISO) |\r | |
32 | (1 << GPIO_MOSI) |\r | |
33 | (1 << GPIO_SPCK);\r | |
34 | \r | |
35 | PIO_PERIPHERAL_B_SEL = (1 << GPIO_NCS2);\r | |
36 | \r | |
37 | //enable the SPI Peripheral clock\r | |
38 | PMC_PERIPHERAL_CLK_ENABLE = (1<<PERIPH_SPI);\r | |
39 | // Enable SPI\r | |
40 | SPI_CONTROL = SPI_CONTROL_ENABLE;\r | |
41 | \r | |
42 | switch (mode) {\r | |
43 | case SPI_FPGA_MODE:\r | |
44 | SPI_MODE =\r | |
45 | ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)\r | |
46 | (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)\r | |
47 | ( 0 << 7) | // Local Loopback Disabled\r | |
48 | ( 1 << 4) | // Mode Fault Detection disabled\r | |
49 | ( 0 << 2) | // Chip selects connected directly to peripheral\r | |
50 | ( 0 << 1) | // Fixed Peripheral Select\r | |
51 | ( 1 << 0); // Master Mode\r | |
52 | SPI_FOR_CHIPSEL_0 =\r | |
53 | ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)\r | |
54 | ( 1 << 16) | // Delay Before SPCK (1 MCK period)\r | |
55 | ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud\r | |
56 | ( 8 << 4) | // Bits per Transfer (16 bits)\r | |
57 | ( 0 << 3) | // Chip Select inactive after transfer\r | |
58 | ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge\r | |
59 | ( 0 << 0); // Clock Polarity inactive state is logic 0\r | |
60 | break;\r | |
61 | case SPI_LCD_MODE:\r | |
62 | SPI_MODE =\r | |
63 | ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)\r | |
64 | (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)\r | |
65 | ( 0 << 7) | // Local Loopback Disabled\r | |
66 | ( 1 << 4) | // Mode Fault Detection disabled\r | |
67 | ( 0 << 2) | // Chip selects connected directly to peripheral\r | |
68 | ( 0 << 1) | // Fixed Peripheral Select\r | |
69 | ( 1 << 0); // Master Mode\r | |
70 | SPI_FOR_CHIPSEL_2 =\r | |
71 | ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)\r | |
72 | ( 1 << 16) | // Delay Before SPCK (1 MCK period)\r | |
73 | ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud\r | |
74 | ( 1 << 4) | // Bits per Transfer (9 bits)\r | |
75 | ( 0 << 3) | // Chip Select inactive after transfer\r | |
76 | ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge\r | |
77 | ( 0 << 0); // Clock Polarity inactive state is logic 0\r | |
78 | break;\r | |
79 | default: // Disable SPI\r | |
80 | SPI_CONTROL = SPI_CONTROL_DISABLE;\r | |
81 | break;\r | |
82 | }\r | |
83 | }\r | |
84 | \r | |
85 | //-----------------------------------------------------------------------------\r | |
86 | // Set up the synchronous serial port, with the one set of options that we\r | |
87 | // always use when we are talking to the FPGA. Both RX and TX are enabled.\r | |
88 | //-----------------------------------------------------------------------------\r | |
89 | void FpgaSetupSsc(void)\r | |
90 | {\r | |
91 | // First configure the GPIOs, and get ourselves a clock.\r | |
92 | PIO_PERIPHERAL_A_SEL = (1 << GPIO_SSC_FRAME) |\r | |
93 | (1 << GPIO_SSC_DIN) |\r | |
94 | (1 << GPIO_SSC_DOUT) |\r | |
95 | (1 << GPIO_SSC_CLK);\r | |
96 | PIO_DISABLE = (1 << GPIO_SSC_DOUT);\r | |
97 | \r | |
98 | PMC_PERIPHERAL_CLK_ENABLE = (1 << PERIPH_SSC);\r | |
99 | \r | |
100 | // Now set up the SSC proper, starting from a known state.\r | |
101 | SSC_CONTROL = SSC_CONTROL_RESET;\r | |
102 | \r | |
103 | // RX clock comes from TX clock, RX starts when TX starts, data changes\r | |
104 | // on RX clock rising edge, sampled on falling edge\r | |
105 | SSC_RECEIVE_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);\r | |
106 | \r | |
107 | // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync\r | |
108 | // pulse, no output sync, start on positive-going edge of sync\r | |
109 | SSC_RECEIVE_FRAME_MODE = SSC_FRAME_MODE_BITS_IN_WORD(8) |\r | |
110 | SSC_FRAME_MODE_MSB_FIRST | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);\r | |
111 | \r | |
112 | // clock comes from TK pin, no clock output, outputs change on falling\r | |
113 | // edge of TK, start on rising edge of TF\r | |
114 | SSC_TRANSMIT_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(2) |\r | |
115 | SSC_CLOCK_MODE_START(5);\r | |
116 | \r | |
117 | // tx framing is the same as the rx framing\r | |
118 | SSC_TRANSMIT_FRAME_MODE = SSC_RECEIVE_FRAME_MODE;\r | |
119 | \r | |
120 | SSC_CONTROL = SSC_CONTROL_RX_ENABLE | SSC_CONTROL_TX_ENABLE;\r | |
121 | }\r | |
122 | \r | |
123 | //-----------------------------------------------------------------------------\r | |
124 | // Set up DMA to receive samples from the FPGA. We will use the PDC, with\r | |
125 | // a single buffer as a circular buffer (so that we just chain back to\r | |
126 | // ourselves, not to another buffer). The stuff to manipulate those buffers\r | |
127 | // is in apps.h, because it should be inlined, for speed.\r | |
128 | //-----------------------------------------------------------------------------\r | |
129 | void FpgaSetupSscDma(BYTE *buf, int len)\r | |
130 | {\r | |
131 | PDC_RX_POINTER(SSC_BASE) = (DWORD)buf;\r | |
132 | PDC_RX_COUNTER(SSC_BASE) = len;\r | |
133 | PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD)buf;\r | |
134 | PDC_RX_NEXT_COUNTER(SSC_BASE) = len;\r | |
135 | PDC_CONTROL(SSC_BASE) = PDC_RX_ENABLE;\r | |
136 | }\r | |
137 | \r | |
138 | // Download the fpga image starting at FpgaImage and with length FpgaImageLen DWORDs (e.g. 4 bytes)\r | |
139 | // If bytereversal is set: reverse the byte order in each 4-byte word\r | |
140 | static void DownloadFPGA(const DWORD *FpgaImage, DWORD FpgaImageLen, int bytereversal)\r | |
141 | {\r | |
142 | int i, j;\r | |
143 | \r | |
144 | PIO_OUTPUT_ENABLE = (1 << GPIO_FPGA_ON);\r | |
145 | PIO_ENABLE = (1 << GPIO_FPGA_ON);\r | |
146 | PIO_OUTPUT_DATA_SET = (1 << GPIO_FPGA_ON);\r | |
147 | \r | |
148 | SpinDelay(50);\r | |
149 | \r | |
150 | LED_D_ON();\r | |
151 | \r | |
152 | HIGH(GPIO_FPGA_NPROGRAM);\r | |
153 | LOW(GPIO_FPGA_CCLK);\r | |
154 | LOW(GPIO_FPGA_DIN);\r | |
155 | PIO_OUTPUT_ENABLE = (1 << GPIO_FPGA_NPROGRAM) |\r | |
156 | (1 << GPIO_FPGA_CCLK) |\r | |
157 | (1 << GPIO_FPGA_DIN);\r | |
158 | SpinDelay(1);\r | |
159 | \r | |
160 | LOW(GPIO_FPGA_NPROGRAM);\r | |
161 | SpinDelay(50);\r | |
162 | HIGH(GPIO_FPGA_NPROGRAM);\r | |
163 | \r | |
164 | for(i = 0; i < FpgaImageLen; i++) {\r | |
165 | DWORD v = FpgaImage[i];\r | |
166 | unsigned char w;\r | |
167 | for(j = 0; j < 4; j++) {\r | |
168 | if(!bytereversal) \r | |
169 | w = v >>(j*8);\r | |
170 | else\r | |
171 | w = v >>((3-j)*8);\r | |
172 | #define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }\r | |
173 | SEND_BIT(7);\r | |
174 | SEND_BIT(6);\r | |
175 | SEND_BIT(5);\r | |
176 | SEND_BIT(4);\r | |
177 | SEND_BIT(3);\r | |
178 | SEND_BIT(2);\r | |
179 | SEND_BIT(1);\r | |
180 | SEND_BIT(0);\r | |
181 | }\r | |
182 | }\r | |
183 | \r | |
184 | LED_D_OFF();\r | |
185 | }\r | |
186 | \r | |
187 | static char *bitparse_headers_start;\r | |
188 | static char *bitparse_bitstream_end;\r | |
189 | static int bitparse_initialized;\r | |
190 | /* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence\r | |
191 | * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01\r | |
192 | * After that the format is 1 byte section type (ASCII character), 2 byte length\r | |
193 | * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes\r | |
194 | * length. | |
195 | */\r | |
196 | static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};\r | |
197 | static int bitparse_init(void * start_address, void *end_address)\r | |
198 | {\r | |
199 | bitparse_initialized = 0;\r | |
200 | \r | |
201 | if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) {\r | |
202 | return 0; /* Not matched */\r | |
203 | } else {\r | |
204 | bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header);\r | |
205 | bitparse_bitstream_end= (char*)end_address;\r | |
206 | bitparse_initialized = 1;\r | |
207 | return 1;\r | |
208 | }\r | |
209 | }\r | |
210 | \r | |
211 | int bitparse_find_section(char section_name, void **section_start, unsigned int *section_length)\r | |
212 | {\r | |
213 | char *pos = bitparse_headers_start;\r | |
214 | int result = 0;\r | |
215 | \r | |
216 | if(!bitparse_initialized) return 0;\r | |
217 | \r | |
218 | while(pos < bitparse_bitstream_end) {\r | |
219 | char current_name = *pos++;\r | |
220 | unsigned int current_length = 0;\r | |
221 | if(current_name < 'a' || current_name > 'e') {\r | |
222 | /* Strange section name, abort */\r | |
223 | break;\r | |
224 | }\r | |
225 | current_length = 0;\r | |
226 | switch(current_name) {\r | |
227 | case 'e':\r | |
228 | /* Four byte length field */\r | |
229 | current_length += (*pos++) << 24;\r | |
230 | current_length += (*pos++) << 16;\r | |
231 | default: /* Fall through, two byte length field */\r | |
232 | current_length += (*pos++) << 8;\r | |
233 | current_length += (*pos++) << 0;\r | |
234 | }\r | |
235 | \r | |
236 | if(current_name != 'e' && current_length > 255) {\r | |
237 | /* Maybe a parse error */\r | |
238 | break;\r | |
239 | }\r | |
240 | \r | |
241 | if(current_name == section_name) {\r | |
242 | /* Found it */\r | |
243 | *section_start = pos;\r | |
244 | *section_length = current_length;\r | |
245 | result = 1;\r | |
246 | break;\r | |
247 | }\r | |
248 | \r | |
249 | pos += current_length; /* Skip section */\r | |
250 | }\r | |
251 | \r | |
252 | return result;\r | |
253 | }\r | |
254 | \r | |
255 | //-----------------------------------------------------------------------------\r | |
256 | // Find out which FPGA image format is stored in flash, then call DownloadFPGA\r | |
257 | // with the right parameters to download the image\r | |
258 | //-----------------------------------------------------------------------------\r | |
259 | extern char _binary_fpga_bit_start, _binary_fpga_bit_end;\r | |
260 | void FpgaDownloadAndGo(void)\r | |
261 | {\r | |
262 | /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start | |
263 | */\r | |
264 | if(bitparse_init(&_binary_fpga_bit_start, &_binary_fpga_bit_end)) {\r | |
265 | /* Successfully initialized the .bit parser. Find the 'e' section and\r | |
266 | * send its contents to the FPGA. | |
267 | */\r | |
268 | void *bitstream_start;\r | |
269 | unsigned int bitstream_length;\r | |
270 | if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) {\r | |
271 | DownloadFPGA((DWORD *)bitstream_start, bitstream_length/4, 0);\r | |
272 | \r | |
273 | return; /* All done */\r | |
274 | }\r | |
275 | }\r | |
276 | \r | |
277 | /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF\r | |
278 | * 0xAA995566 at address 0x2000. This is raw bitstream with a size of 336,768 bits \r | |
279 | * = 10,524 DWORDs, stored as DWORDS e.g. little-endian in memory, but each DWORD\r | |
280 | * is still to be transmitted in MSBit first order. Set the invert flag to indicate\r | |
281 | * that the DownloadFPGA function should invert every 4 byte sequence when doing\r | |
282 | * the bytewise download. | |
283 | */\r | |
284 | if( *(DWORD*)0x2000 == 0xFFFFFFFF && *(DWORD*)0x2004 == 0xAA995566 )\r | |
285 | DownloadFPGA((DWORD *)0x2000, 10524, 1);\r | |
286 | }\r | |
287 | \r | |
288 | void FpgaGatherVersion(char *dst, int len)\r | |
289 | {\r | |
290 | char *fpga_info; \r | |
291 | unsigned int fpga_info_len;\r | |
292 | dst[0] = 0;\r | |
293 | if(!bitparse_find_section('e', (void**)&fpga_info, &fpga_info_len)) {\r | |
294 | strncat(dst, "FPGA image: legacy image without version information", len-1);\r | |
295 | } else {\r | |
296 | strncat(dst, "FPGA image built", len-1);\r | |
297 | /* USB packets only have 48 bytes data payload, so be terse */\r | |
298 | #if 0\r | |
299 | if(bitparse_find_section('a', (void**)&fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {\r | |
300 | strncat(dst, " from ", len-1);\r | |
301 | strncat(dst, fpga_info, len-1);\r | |
302 | }\r | |
303 | if(bitparse_find_section('b', (void**)&fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {\r | |
304 | strncat(dst, " for ", len-1);\r | |
305 | strncat(dst, fpga_info, len-1);\r | |
306 | }\r | |
307 | #endif\r | |
308 | if(bitparse_find_section('c', (void**)&fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {\r | |
309 | strncat(dst, " on ", len-1);\r | |
310 | strncat(dst, fpga_info, len-1);\r | |
311 | }\r | |
312 | if(bitparse_find_section('d', (void**)&fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {\r | |
313 | strncat(dst, " at ", len-1);\r | |
314 | strncat(dst, fpga_info, len-1);\r | |
315 | }\r | |
316 | }\r | |
317 | }\r | |
318 | \r | |
319 | //-----------------------------------------------------------------------------\r | |
320 | // Send a 16 bit command/data pair to the FPGA.\r | |
321 | // The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0\r | |
322 | // where C is the 4 bit command and D is the 12 bit data\r | |
323 | //-----------------------------------------------------------------------------\r | |
324 | void FpgaSendCommand(WORD cmd, WORD v)\r | |
325 | {\r | |
326 | SetupSpi(SPI_FPGA_MODE);\r | |
327 | while ((SPI_STATUS & SPI_STATUS_TX_EMPTY) == 0); // wait for the transfer to complete\r | |
328 | SPI_TX_DATA = SPI_CONTROL_LAST_TRANSFER | cmd | v; // send the data\r | |
329 | }\r | |
330 | //-----------------------------------------------------------------------------\r | |
331 | // Write the FPGA setup word (that determines what mode the logic is in, read\r | |
332 | // vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to\r | |
333 | // avoid changing this function's occurence everywhere in the source code.\r | |
334 | //-----------------------------------------------------------------------------\r | |
335 | void FpgaWriteConfWord(BYTE v)\r | |
336 | {\r | |
337 | FpgaSendCommand(FPGA_CMD_SET_CONFREG, v);\r | |
338 | }\r | |
339 | \r | |
340 | //-----------------------------------------------------------------------------\r | |
341 | // Set up the CMOS switches that mux the ADC: four switches, independently\r | |
342 | // closable, but should only close one at a time. Not an FPGA thing, but\r | |
343 | // the samples from the ADC always flow through the FPGA.\r | |
344 | //-----------------------------------------------------------------------------\r | |
345 | void SetAdcMuxFor(int whichGpio)\r | |
346 | {\r | |
347 | PIO_OUTPUT_ENABLE = (1 << GPIO_MUXSEL_HIPKD) |\r | |
348 | (1 << GPIO_MUXSEL_LOPKD) |\r | |
349 | (1 << GPIO_MUXSEL_LORAW) |\r | |
350 | (1 << GPIO_MUXSEL_HIRAW);\r | |
351 | \r | |
352 | PIO_ENABLE = (1 << GPIO_MUXSEL_HIPKD) |\r | |
353 | (1 << GPIO_MUXSEL_LOPKD) |\r | |
354 | (1 << GPIO_MUXSEL_LORAW) |\r | |
355 | (1 << GPIO_MUXSEL_HIRAW);\r | |
356 | \r | |
357 | LOW(GPIO_MUXSEL_HIPKD);\r | |
358 | LOW(GPIO_MUXSEL_HIRAW);\r | |
359 | LOW(GPIO_MUXSEL_LORAW);\r | |
360 | LOW(GPIO_MUXSEL_LOPKD);\r | |
361 | \r | |
362 | HIGH(whichGpio);\r | |
363 | }\r |