]> cvs.zerfleddert.de Git - proxmark3-svn/blame_incremental - armsrc/fpgaloader.c
fix mandemod initialisation and add Transit tag trace
[proxmark3-svn] / armsrc / fpgaloader.c
... / ...
CommitLineData
1//-----------------------------------------------------------------------------\r
2// Routines to load the FPGA image, and then to configure the FPGA's major\r
3// mode once it is configured.\r
4//\r
5// Jonathan Westhues, April 2006\r
6//-----------------------------------------------------------------------------\r
7#include <proxmark3.h>\r
8#include "apps.h"\r
9\r
10//-----------------------------------------------------------------------------\r
11// Set up the Serial Peripheral Interface as master\r
12// Used to write the FPGA config word\r
13// May also be used to write to other SPI attached devices like an LCD\r
14//-----------------------------------------------------------------------------\r
15void SetupSpi(int mode)\r
16{\r
17 // PA10 -> SPI_NCS2 chip select (LCD)\r
18 // PA11 -> SPI_NCS0 chip select (FPGA)\r
19 // PA12 -> SPI_MISO Master-In Slave-Out\r
20 // PA13 -> SPI_MOSI Master-Out Slave-In\r
21 // PA14 -> SPI_SPCK Serial Clock\r
22\r
23 // Disable PIO control of the following pins, allows use by the SPI peripheral\r
24 PIO_DISABLE = (1 << GPIO_NCS0) |\r
25 (1 << GPIO_NCS2) |\r
26 (1 << GPIO_MISO) |\r
27 (1 << GPIO_MOSI) |\r
28 (1 << GPIO_SPCK);\r
29\r
30 PIO_PERIPHERAL_A_SEL = (1 << GPIO_NCS0) |\r
31 (1 << GPIO_MISO) |\r
32 (1 << GPIO_MOSI) |\r
33 (1 << GPIO_SPCK);\r
34\r
35 PIO_PERIPHERAL_B_SEL = (1 << GPIO_NCS2);\r
36\r
37 //enable the SPI Peripheral clock\r
38 PMC_PERIPHERAL_CLK_ENABLE = (1<<PERIPH_SPI);\r
39 // Enable SPI\r
40 SPI_CONTROL = SPI_CONTROL_ENABLE;\r
41\r
42 switch (mode) {\r
43 case SPI_FPGA_MODE:\r
44 SPI_MODE =\r
45 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)\r
46 (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)\r
47 ( 0 << 7) | // Local Loopback Disabled\r
48 ( 1 << 4) | // Mode Fault Detection disabled\r
49 ( 0 << 2) | // Chip selects connected directly to peripheral\r
50 ( 0 << 1) | // Fixed Peripheral Select\r
51 ( 1 << 0); // Master Mode\r
52 SPI_FOR_CHIPSEL_0 =\r
53 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)\r
54 ( 1 << 16) | // Delay Before SPCK (1 MCK period)\r
55 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud\r
56 ( 8 << 4) | // Bits per Transfer (16 bits)\r
57 ( 0 << 3) | // Chip Select inactive after transfer\r
58 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge\r
59 ( 0 << 0); // Clock Polarity inactive state is logic 0\r
60 break;\r
61 case SPI_LCD_MODE:\r
62 SPI_MODE =\r
63 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)\r
64 (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)\r
65 ( 0 << 7) | // Local Loopback Disabled\r
66 ( 1 << 4) | // Mode Fault Detection disabled\r
67 ( 0 << 2) | // Chip selects connected directly to peripheral\r
68 ( 0 << 1) | // Fixed Peripheral Select\r
69 ( 1 << 0); // Master Mode\r
70 SPI_FOR_CHIPSEL_2 =\r
71 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)\r
72 ( 1 << 16) | // Delay Before SPCK (1 MCK period)\r
73 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud\r
74 ( 1 << 4) | // Bits per Transfer (9 bits)\r
75 ( 0 << 3) | // Chip Select inactive after transfer\r
76 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge\r
77 ( 0 << 0); // Clock Polarity inactive state is logic 0\r
78 break;\r
79 default: // Disable SPI\r
80 SPI_CONTROL = SPI_CONTROL_DISABLE;\r
81 break;\r
82 }\r
83}\r
84\r
85//-----------------------------------------------------------------------------\r
86// Set up the synchronous serial port, with the one set of options that we\r
87// always use when we are talking to the FPGA. Both RX and TX are enabled.\r
88//-----------------------------------------------------------------------------\r
89void FpgaSetupSsc(void)\r
90{\r
91 // First configure the GPIOs, and get ourselves a clock.\r
92 PIO_PERIPHERAL_A_SEL = (1 << GPIO_SSC_FRAME) |\r
93 (1 << GPIO_SSC_DIN) |\r
94 (1 << GPIO_SSC_DOUT) |\r
95 (1 << GPIO_SSC_CLK);\r
96 PIO_DISABLE = (1 << GPIO_SSC_DOUT);\r
97\r
98 PMC_PERIPHERAL_CLK_ENABLE = (1 << PERIPH_SSC);\r
99\r
100 // Now set up the SSC proper, starting from a known state.\r
101 SSC_CONTROL = SSC_CONTROL_RESET;\r
102\r
103 // RX clock comes from TX clock, RX starts when TX starts, data changes\r
104 // on RX clock rising edge, sampled on falling edge\r
105 SSC_RECEIVE_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);\r
106\r
107 // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync\r
108 // pulse, no output sync, start on positive-going edge of sync\r
109 SSC_RECEIVE_FRAME_MODE = SSC_FRAME_MODE_BITS_IN_WORD(8) |\r
110 SSC_FRAME_MODE_MSB_FIRST | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);\r
111\r
112 // clock comes from TK pin, no clock output, outputs change on falling\r
113 // edge of TK, start on rising edge of TF\r
114 SSC_TRANSMIT_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(2) |\r
115 SSC_CLOCK_MODE_START(5);\r
116\r
117 // tx framing is the same as the rx framing\r
118 SSC_TRANSMIT_FRAME_MODE = SSC_RECEIVE_FRAME_MODE;\r
119\r
120 SSC_CONTROL = SSC_CONTROL_RX_ENABLE | SSC_CONTROL_TX_ENABLE;\r
121}\r
122\r
123//-----------------------------------------------------------------------------\r
124// Set up DMA to receive samples from the FPGA. We will use the PDC, with\r
125// a single buffer as a circular buffer (so that we just chain back to\r
126// ourselves, not to another buffer). The stuff to manipulate those buffers\r
127// is in apps.h, because it should be inlined, for speed.\r
128//-----------------------------------------------------------------------------\r
129void FpgaSetupSscDma(BYTE *buf, int len)\r
130{\r
131 PDC_RX_POINTER(SSC_BASE) = (DWORD)buf;\r
132 PDC_RX_COUNTER(SSC_BASE) = len;\r
133 PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD)buf;\r
134 PDC_RX_NEXT_COUNTER(SSC_BASE) = len;\r
135 PDC_CONTROL(SSC_BASE) = PDC_RX_ENABLE;\r
136}\r
137\r
138static void DownloadFPGA_byte(unsigned char w)\r
139{\r
140#define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }\r
141 SEND_BIT(7);\r
142 SEND_BIT(6);\r
143 SEND_BIT(5);\r
144 SEND_BIT(4);\r
145 SEND_BIT(3);\r
146 SEND_BIT(2);\r
147 SEND_BIT(1);\r
148 SEND_BIT(0);\r
149}\r
150\r
151// Download the fpga image starting at FpgaImage and with length FpgaImageLen bytes\r
152// If bytereversal is set: reverse the byte order in each 4-byte word\r
153static void DownloadFPGA(const char *FpgaImage, int FpgaImageLen, int bytereversal)\r
154{\r
155 int i;\r
156\r
157 PIO_OUTPUT_ENABLE = (1 << GPIO_FPGA_ON);\r
158 PIO_ENABLE = (1 << GPIO_FPGA_ON);\r
159 PIO_OUTPUT_DATA_SET = (1 << GPIO_FPGA_ON);\r
160\r
161 SpinDelay(50);\r
162\r
163 LED_D_ON();\r
164\r
165 HIGH(GPIO_FPGA_NPROGRAM);\r
166 LOW(GPIO_FPGA_CCLK);\r
167 LOW(GPIO_FPGA_DIN);\r
168 PIO_OUTPUT_ENABLE = (1 << GPIO_FPGA_NPROGRAM) |\r
169 (1 << GPIO_FPGA_CCLK) |\r
170 (1 << GPIO_FPGA_DIN);\r
171 SpinDelay(1);\r
172\r
173 LOW(GPIO_FPGA_NPROGRAM);\r
174 SpinDelay(50);\r
175 HIGH(GPIO_FPGA_NPROGRAM);\r
176\r
177 if(bytereversal) {\r
178 /* This is only supported for DWORD aligned images */\r
179 if( ((int)FpgaImage % sizeof(DWORD)) == 0 ) {\r
180 i=0;\r
181 while(FpgaImageLen-->0)\r
182 DownloadFPGA_byte(FpgaImage[(i++)^0x3]);\r
183 /* Explanation of the magic in the above line: \r
184 * i^0x3 inverts the lower two bits of the integer i, counting backwards\r
185 * for each 4 byte increment. The generated sequence of (i++)^3 is\r
186 * 3 2 1 0 7 6 5 4 11 10 9 8 15 14 13 12 etc. pp.
187 */\r
188 }\r
189 } else {\r
190 while(FpgaImageLen-->0)\r
191 DownloadFPGA_byte(*FpgaImage++);\r
192 }\r
193\r
194 LED_D_OFF();\r
195}\r
196\r
197static char *bitparse_headers_start;\r
198static char *bitparse_bitstream_end;\r
199static int bitparse_initialized;\r
200/* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence\r
201 * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01\r
202 * After that the format is 1 byte section type (ASCII character), 2 byte length\r
203 * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes\r
204 * length.
205 */\r
206static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};\r
207static int bitparse_init(void * start_address, void *end_address)\r
208{\r
209 bitparse_initialized = 0;\r
210 \r
211 if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) {\r
212 return 0; /* Not matched */\r
213 } else {\r
214 bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header);\r
215 bitparse_bitstream_end= (char*)end_address;\r
216 bitparse_initialized = 1;\r
217 return 1;\r
218 }\r
219}\r
220\r
221int bitparse_find_section(char section_name, char **section_start, unsigned int *section_length)\r
222{\r
223 char *pos = bitparse_headers_start;\r
224 int result = 0;\r
225\r
226 if(!bitparse_initialized) return 0;\r
227\r
228 while(pos < bitparse_bitstream_end) {\r
229 char current_name = *pos++;\r
230 unsigned int current_length = 0;\r
231 if(current_name < 'a' || current_name > 'e') {\r
232 /* Strange section name, abort */\r
233 break;\r
234 }\r
235 current_length = 0;\r
236 switch(current_name) {\r
237 case 'e':\r
238 /* Four byte length field */\r
239 current_length += (*pos++) << 24;\r
240 current_length += (*pos++) << 16;\r
241 default: /* Fall through, two byte length field */\r
242 current_length += (*pos++) << 8;\r
243 current_length += (*pos++) << 0;\r
244 }\r
245 \r
246 if(current_name != 'e' && current_length > 255) {\r
247 /* Maybe a parse error */\r
248 break;\r
249 }\r
250 \r
251 if(current_name == section_name) {\r
252 /* Found it */\r
253 *section_start = pos;\r
254 *section_length = current_length;\r
255 result = 1;\r
256 break;\r
257 }\r
258 \r
259 pos += current_length; /* Skip section */\r
260 }\r
261 \r
262 return result;\r
263}\r
264\r
265//-----------------------------------------------------------------------------\r
266// Find out which FPGA image format is stored in flash, then call DownloadFPGA\r
267// with the right parameters to download the image\r
268//-----------------------------------------------------------------------------\r
269extern char _binary_fpga_bit_start, _binary_fpga_bit_end;\r
270void FpgaDownloadAndGo(void)\r
271{\r
272 /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start
273 */\r
274 if(bitparse_init(&_binary_fpga_bit_start, &_binary_fpga_bit_end)) {\r
275 /* Successfully initialized the .bit parser. Find the 'e' section and\r
276 * send its contents to the FPGA.
277 */\r
278 char *bitstream_start;\r
279 unsigned int bitstream_length;\r
280 if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) {\r
281 DownloadFPGA(bitstream_start, bitstream_length, 0);\r
282 \r
283 return; /* All done */\r
284 }\r
285 }\r
286 \r
287 /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF\r
288 * 0xAA995566 at address 0x102000. This is raw bitstream with a size of 336,768 bits \r
289 * = 10,524 DWORDs, stored as DWORDS e.g. little-endian in memory, but each DWORD\r
290 * is still to be transmitted in MSBit first order. Set the invert flag to indicate\r
291 * that the DownloadFPGA function should invert every 4 byte sequence when doing\r
292 * the bytewise download.
293 */\r
294 if( *(DWORD*)0x102000 == 0xFFFFFFFF && *(DWORD*)0x102004 == 0xAA995566 )\r
295 DownloadFPGA((char*)0x102000, 10524*4, 1);\r
296}\r
297\r
298void FpgaGatherVersion(char *dst, int len)\r
299{\r
300 char *fpga_info; \r
301 unsigned int fpga_info_len;\r
302 dst[0] = 0;\r
303 if(!bitparse_find_section('e', &fpga_info, &fpga_info_len)) {\r
304 strncat(dst, "FPGA image: legacy image without version information", len-1);\r
305 } else {\r
306 strncat(dst, "FPGA image built", len-1);\r
307 /* USB packets only have 48 bytes data payload, so be terse */\r
308#if 0\r
309 if(bitparse_find_section('a', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {\r
310 strncat(dst, " from ", len-1);\r
311 strncat(dst, fpga_info, len-1);\r
312 }\r
313 if(bitparse_find_section('b', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {\r
314 strncat(dst, " for ", len-1);\r
315 strncat(dst, fpga_info, len-1);\r
316 }\r
317#endif\r
318 if(bitparse_find_section('c', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {\r
319 strncat(dst, " on ", len-1);\r
320 strncat(dst, fpga_info, len-1);\r
321 }\r
322 if(bitparse_find_section('d', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {\r
323 strncat(dst, " at ", len-1);\r
324 strncat(dst, fpga_info, len-1);\r
325 }\r
326 }\r
327}\r
328\r
329//-----------------------------------------------------------------------------\r
330// Send a 16 bit command/data pair to the FPGA.\r
331// The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0\r
332// where C is the 4 bit command and D is the 12 bit data\r
333//-----------------------------------------------------------------------------\r
334void FpgaSendCommand(WORD cmd, WORD v)\r
335{\r
336 SetupSpi(SPI_FPGA_MODE);\r
337 while ((SPI_STATUS & SPI_STATUS_TX_EMPTY) == 0); // wait for the transfer to complete\r
338 SPI_TX_DATA = SPI_CONTROL_LAST_TRANSFER | cmd | v; // send the data\r
339}\r
340//-----------------------------------------------------------------------------\r
341// Write the FPGA setup word (that determines what mode the logic is in, read\r
342// vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to\r
343// avoid changing this function's occurence everywhere in the source code.\r
344//-----------------------------------------------------------------------------\r
345void FpgaWriteConfWord(BYTE v)\r
346{\r
347 FpgaSendCommand(FPGA_CMD_SET_CONFREG, v);\r
348}\r
349\r
350//-----------------------------------------------------------------------------\r
351// Set up the CMOS switches that mux the ADC: four switches, independently\r
352// closable, but should only close one at a time. Not an FPGA thing, but\r
353// the samples from the ADC always flow through the FPGA.\r
354//-----------------------------------------------------------------------------\r
355void SetAdcMuxFor(int whichGpio)\r
356{\r
357 PIO_OUTPUT_ENABLE = (1 << GPIO_MUXSEL_HIPKD) |\r
358 (1 << GPIO_MUXSEL_LOPKD) |\r
359 (1 << GPIO_MUXSEL_LORAW) |\r
360 (1 << GPIO_MUXSEL_HIRAW);\r
361\r
362 PIO_ENABLE = (1 << GPIO_MUXSEL_HIPKD) |\r
363 (1 << GPIO_MUXSEL_LOPKD) |\r
364 (1 << GPIO_MUXSEL_LORAW) |\r
365 (1 << GPIO_MUXSEL_HIRAW);\r
366\r
367 LOW(GPIO_MUXSEL_HIPKD);\r
368 LOW(GPIO_MUXSEL_HIRAW);\r
369 LOW(GPIO_MUXSEL_LORAW);\r
370 LOW(GPIO_MUXSEL_LOPKD);\r
371\r
372 HIGH(whichGpio);\r
373}\r
Impressum, Datenschutz