]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/fpgaloader.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' of https://github.com/Proxmark/proxmark3
[proxmark3-svn] / armsrc / fpgaloader.c
1 //-----------------------------------------------------------------------------
2 // Jonathan Westhues, April 2006
3 // iZsh <izsh at fail0verflow.com>, 2014
4 //
5 // This code is licensed to you under the terms of the GNU GPL, version 2 or,
6 // at your option, any later version. See the LICENSE.txt file for the text of
7 // the license.
8 //-----------------------------------------------------------------------------
9 // Routines to load the FPGA image, and then to configure the FPGA's major
10 // mode once it is configured.
11 //-----------------------------------------------------------------------------
12
13 #include "../include/proxmark3.h"
14 #include "apps.h"
15 #include "util.h"
16 #include "string.h"
17
18 //-----------------------------------------------------------------------------
19 // Set up the Serial Peripheral Interface as master
20 // Used to write the FPGA config word
21 // May also be used to write to other SPI attached devices like an LCD
22 //-----------------------------------------------------------------------------
23 void SetupSpi(int mode)
24 {
25 // PA10 -> SPI_NCS2 chip select (LCD)
26 // PA11 -> SPI_NCS0 chip select (FPGA)
27 // PA12 -> SPI_MISO Master-In Slave-Out
28 // PA13 -> SPI_MOSI Master-Out Slave-In
29 // PA14 -> SPI_SPCK Serial Clock
30
31 // Disable PIO control of the following pins, allows use by the SPI peripheral
32 AT91C_BASE_PIOA->PIO_PDR =
33 GPIO_NCS0 |
34 GPIO_NCS2 |
35 GPIO_MISO |
36 GPIO_MOSI |
37 GPIO_SPCK;
38
39 AT91C_BASE_PIOA->PIO_ASR =
40 GPIO_NCS0 |
41 GPIO_MISO |
42 GPIO_MOSI |
43 GPIO_SPCK;
44
45 AT91C_BASE_PIOA->PIO_BSR = GPIO_NCS2;
46
47 //enable the SPI Peripheral clock
48 AT91C_BASE_PMC->PMC_PCER = (1<<AT91C_ID_SPI);
49 // Enable SPI
50 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIEN;
51
52 switch (mode) {
53 case SPI_FPGA_MODE:
54 AT91C_BASE_SPI->SPI_MR =
55 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
56 (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)
57 ( 0 << 7) | // Local Loopback Disabled
58 ( 1 << 4) | // Mode Fault Detection disabled
59 ( 0 << 2) | // Chip selects connected directly to peripheral
60 ( 0 << 1) | // Fixed Peripheral Select
61 ( 1 << 0); // Master Mode
62 AT91C_BASE_SPI->SPI_CSR[0] =
63 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
64 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
65 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
66 ( 8 << 4) | // Bits per Transfer (16 bits)
67 ( 0 << 3) | // Chip Select inactive after transfer
68 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
69 ( 0 << 0); // Clock Polarity inactive state is logic 0
70 break;
71 case SPI_LCD_MODE:
72 AT91C_BASE_SPI->SPI_MR =
73 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
74 (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)
75 ( 0 << 7) | // Local Loopback Disabled
76 ( 1 << 4) | // Mode Fault Detection disabled
77 ( 0 << 2) | // Chip selects connected directly to peripheral
78 ( 0 << 1) | // Fixed Peripheral Select
79 ( 1 << 0); // Master Mode
80 AT91C_BASE_SPI->SPI_CSR[2] =
81 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
82 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
83 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
84 ( 1 << 4) | // Bits per Transfer (9 bits)
85 ( 0 << 3) | // Chip Select inactive after transfer
86 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
87 ( 0 << 0); // Clock Polarity inactive state is logic 0
88 break;
89 default: // Disable SPI
90 AT91C_BASE_SPI->SPI_CR = AT91C_SPI_SPIDIS;
91 break;
92 }
93 }
94
95 //-----------------------------------------------------------------------------
96 // Set up the synchronous serial port, with the one set of options that we
97 // always use when we are talking to the FPGA. Both RX and TX are enabled.
98 //-----------------------------------------------------------------------------
99 void FpgaSetupSsc(void)
100 {
101 // First configure the GPIOs, and get ourselves a clock.
102 AT91C_BASE_PIOA->PIO_ASR =
103 GPIO_SSC_FRAME |
104 GPIO_SSC_DIN |
105 GPIO_SSC_DOUT |
106 GPIO_SSC_CLK;
107 AT91C_BASE_PIOA->PIO_PDR = GPIO_SSC_DOUT;
108
109 AT91C_BASE_PMC->PMC_PCER = (1 << AT91C_ID_SSC);
110
111 // Now set up the SSC proper, starting from a known state.
112 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_SWRST;
113
114 // RX clock comes from TX clock, RX starts when TX starts, data changes
115 // on RX clock rising edge, sampled on falling edge
116 AT91C_BASE_SSC->SSC_RCMR = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
117
118 // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync
119 // pulse, no output sync
120 AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
121
122 // clock comes from TK pin, no clock output, outputs change on falling
123 // edge of TK, sample on rising edge of TK, start on positive-going edge of sync
124 AT91C_BASE_SSC->SSC_TCMR = SSC_CLOCK_MODE_SELECT(2) | SSC_CLOCK_MODE_START(5);
125
126 // tx framing is the same as the rx framing
127 AT91C_BASE_SSC->SSC_TFMR = AT91C_BASE_SSC->SSC_RFMR;
128
129 AT91C_BASE_SSC->SSC_CR = AT91C_SSC_RXEN | AT91C_SSC_TXEN;
130 }
131
132 //-----------------------------------------------------------------------------
133 // Set up DMA to receive samples from the FPGA. We will use the PDC, with
134 // a single buffer as a circular buffer (so that we just chain back to
135 // ourselves, not to another buffer). The stuff to manipulate those buffers
136 // is in apps.h, because it should be inlined, for speed.
137 //-----------------------------------------------------------------------------
138 bool FpgaSetupSscDma(uint8_t *buf, int len)
139 {
140 if (buf == NULL) {
141 return false;
142 }
143
144 AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; // Disable DMA Transfer
145 AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) buf; // transfer to this memory address
146 AT91C_BASE_PDC_SSC->PDC_RCR = len; // transfer this many bytes
147 AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t) buf; // next transfer to same memory address
148 AT91C_BASE_PDC_SSC->PDC_RNCR = len; // ... with same number of bytes
149 AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; // go!
150
151 return true;
152 }
153
154 static void DownloadFPGA_byte(unsigned char w)
155 {
156 #define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }
157 SEND_BIT(7);
158 SEND_BIT(6);
159 SEND_BIT(5);
160 SEND_BIT(4);
161 SEND_BIT(3);
162 SEND_BIT(2);
163 SEND_BIT(1);
164 SEND_BIT(0);
165 }
166
167 // Download the fpga image starting at FpgaImage and with length FpgaImageLen bytes
168 // If bytereversal is set: reverse the byte order in each 4-byte word
169 static void DownloadFPGA(const char *FpgaImage, int FpgaImageLen, int bytereversal)
170 {
171 int i=0;
172
173 AT91C_BASE_PIOA->PIO_OER = GPIO_FPGA_ON;
174 AT91C_BASE_PIOA->PIO_PER = GPIO_FPGA_ON;
175 HIGH(GPIO_FPGA_ON); // ensure everything is powered on
176
177 SpinDelay(50);
178
179 LED_D_ON();
180
181 // These pins are inputs
182 AT91C_BASE_PIOA->PIO_ODR =
183 GPIO_FPGA_NINIT |
184 GPIO_FPGA_DONE;
185 // PIO controls the following pins
186 AT91C_BASE_PIOA->PIO_PER =
187 GPIO_FPGA_NINIT |
188 GPIO_FPGA_DONE;
189 // Enable pull-ups
190 AT91C_BASE_PIOA->PIO_PPUER =
191 GPIO_FPGA_NINIT |
192 GPIO_FPGA_DONE;
193
194 // setup initial logic state
195 HIGH(GPIO_FPGA_NPROGRAM);
196 LOW(GPIO_FPGA_CCLK);
197 LOW(GPIO_FPGA_DIN);
198 // These pins are outputs
199 AT91C_BASE_PIOA->PIO_OER =
200 GPIO_FPGA_NPROGRAM |
201 GPIO_FPGA_CCLK |
202 GPIO_FPGA_DIN;
203
204 // enter FPGA configuration mode
205 LOW(GPIO_FPGA_NPROGRAM);
206 SpinDelay(50);
207 HIGH(GPIO_FPGA_NPROGRAM);
208
209 i=100000;
210 // wait for FPGA ready to accept data signal
211 while ((i) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_NINIT ) ) ) {
212 i--;
213 }
214
215 // crude error indicator, leave both red LEDs on and return
216 if (i==0){
217 LED_C_ON();
218 LED_D_ON();
219 return;
220 }
221
222 if(bytereversal) {
223 /* This is only supported for uint32_t aligned images */
224 if( ((int)FpgaImage % sizeof(uint32_t)) == 0 ) {
225 i=0;
226 while(FpgaImageLen-->0)
227 DownloadFPGA_byte(FpgaImage[(i++)^0x3]);
228 /* Explanation of the magic in the above line:
229 * i^0x3 inverts the lower two bits of the integer i, counting backwards
230 * for each 4 byte increment. The generated sequence of (i++)^3 is
231 * 3 2 1 0 7 6 5 4 11 10 9 8 15 14 13 12 etc. pp.
232 */
233 }
234 } else {
235 while(FpgaImageLen-->0)
236 DownloadFPGA_byte(*FpgaImage++);
237 }
238
239 // continue to clock FPGA until ready signal goes high
240 i=100000;
241 while ( (i--) && ( !(AT91C_BASE_PIOA->PIO_PDSR & GPIO_FPGA_DONE ) ) ) {
242 HIGH(GPIO_FPGA_CCLK);
243 LOW(GPIO_FPGA_CCLK);
244 }
245 // crude error indicator, leave both red LEDs on and return
246 if (i==0){
247 LED_C_ON();
248 LED_D_ON();
249 return;
250 }
251 LED_D_OFF();
252 }
253
254 static char *bitparse_headers_start;
255 static char *bitparse_bitstream_end;
256 static int bitparse_initialized = 0;
257 /* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence
258 * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01
259 * After that the format is 1 byte section type (ASCII character), 2 byte length
260 * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes
261 * length.
262 */
263 static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};
264 static int bitparse_init(void * start_address, void *end_address)
265 {
266 bitparse_initialized = 0;
267
268 if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) {
269 return 0; /* Not matched */
270 } else {
271 bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header);
272 bitparse_bitstream_end= (char*)end_address;
273 bitparse_initialized = 1;
274 return 1;
275 }
276 }
277
278 int bitparse_find_section(char section_name, char **section_start, unsigned int *section_length)
279 {
280 char *pos = bitparse_headers_start;
281 int result = 0;
282
283 if(!bitparse_initialized) return 0;
284
285 while(pos < bitparse_bitstream_end) {
286 char current_name = *pos++;
287 unsigned int current_length = 0;
288 if(current_name < 'a' || current_name > 'e') {
289 /* Strange section name, abort */
290 break;
291 }
292 current_length = 0;
293 switch(current_name) {
294 case 'e':
295 /* Four byte length field */
296 current_length += (*pos++) << 24;
297 current_length += (*pos++) << 16;
298 default: /* Fall through, two byte length field */
299 current_length += (*pos++) << 8;
300 current_length += (*pos++) << 0;
301 }
302
303 if(current_name != 'e' && current_length > 255) {
304 /* Maybe a parse error */
305 break;
306 }
307
308 if(current_name == section_name) {
309 /* Found it */
310 *section_start = pos;
311 *section_length = current_length;
312 result = 1;
313 break;
314 }
315
316 pos += current_length; /* Skip section */
317 }
318
319 return result;
320 }
321
322 //-----------------------------------------------------------------------------
323 // Find out which FPGA image format is stored in flash, then call DownloadFPGA
324 // with the right parameters to download the image
325 //-----------------------------------------------------------------------------
326 extern char _binary_fpga_lf_bit_start, _binary_fpga_lf_bit_end;
327 extern char _binary_fpga_hf_bit_start, _binary_fpga_hf_bit_end;
328 void FpgaDownloadAndGo(int bitstream_version)
329 {
330 void *bit_start;
331 void *bit_end;
332
333 // check whether or not the bitstream is already loaded
334 if (FpgaGatherBitstreamVersion() == bitstream_version)
335 return;
336
337 if (bitstream_version == FPGA_BITSTREAM_LF) {
338 bit_start = &_binary_fpga_lf_bit_start;
339 bit_end = &_binary_fpga_lf_bit_end;
340 } else if (bitstream_version == FPGA_BITSTREAM_HF) {
341 bit_start = &_binary_fpga_hf_bit_start;
342 bit_end = &_binary_fpga_hf_bit_end;
343 } else
344 return;
345 /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start
346 */
347 if(bitparse_init(bit_start, bit_end)) {
348 /* Successfully initialized the .bit parser. Find the 'e' section and
349 * send its contents to the FPGA.
350 */
351 char *bitstream_start;
352 unsigned int bitstream_length;
353 if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) {
354 DownloadFPGA(bitstream_start, bitstream_length, 0);
355
356 return; /* All done */
357 }
358 }
359
360 /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF
361 * 0xAA995566 at address 0x102000. This is raw bitstream with a size of 336,768 bits
362 * = 10,524 uint32_t, stored as uint32_t e.g. little-endian in memory, but each DWORD
363 * is still to be transmitted in MSBit first order. Set the invert flag to indicate
364 * that the DownloadFPGA function should invert every 4 byte sequence when doing
365 * the bytewise download.
366 */
367 if( *(uint32_t*)0x102000 == 0xFFFFFFFF && *(uint32_t*)0x102004 == 0xAA995566 )
368 DownloadFPGA((char*)0x102000, 10524*4, 1);
369 }
370
371 int FpgaGatherBitstreamVersion()
372 {
373 char temp[256];
374 FpgaGatherVersion(temp, sizeof (temp));
375 if (!memcmp("LF", temp, 2))
376 return FPGA_BITSTREAM_LF;
377 else if (!memcmp("HF", temp, 2))
378 return FPGA_BITSTREAM_HF;
379 return FPGA_BITSTREAM_ERR;
380 }
381
382 void FpgaGatherVersion(char *dst, int len)
383 {
384 char *fpga_info;
385 unsigned int fpga_info_len;
386 dst[0] = 0;
387 if(!bitparse_find_section('e', &fpga_info, &fpga_info_len)) {
388 strncat(dst, "FPGA image: legacy image without version information", len-1);
389 } else {
390 /* USB packets only have 48 bytes data payload, so be terse */
391 if(bitparse_find_section('a', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
392 if (!memcmp("fpga_lf", fpga_info, 7))
393 strncat(dst, "LF ", len-1);
394 else if (!memcmp("fpga_hf", fpga_info, 7))
395 strncat(dst, "HF ", len-1);
396 }
397 strncat(dst, "FPGA image built", len-1);
398 #if 0
399 if(bitparse_find_section('b', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
400 strncat(dst, " for ", len-1);
401 strncat(dst, fpga_info, len-1);
402 }
403 #endif
404 if(bitparse_find_section('c', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
405 strncat(dst, " on ", len-1);
406 strncat(dst, fpga_info, len-1);
407 }
408 if(bitparse_find_section('d', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
409 strncat(dst, " at ", len-1);
410 strncat(dst, fpga_info, len-1);
411 }
412 }
413 }
414
415 //-----------------------------------------------------------------------------
416 // Send a 16 bit command/data pair to the FPGA.
417 // The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0
418 // where C is the 4 bit command and D is the 12 bit data
419 //-----------------------------------------------------------------------------
420 void FpgaSendCommand(uint16_t cmd, uint16_t v)
421 {
422 SetupSpi(SPI_FPGA_MODE);
423 while ((AT91C_BASE_SPI->SPI_SR & AT91C_SPI_TXEMPTY) == 0); // wait for the transfer to complete
424 AT91C_BASE_SPI->SPI_TDR = AT91C_SPI_LASTXFER | cmd | v; // send the data
425 }
426 //-----------------------------------------------------------------------------
427 // Write the FPGA setup word (that determines what mode the logic is in, read
428 // vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to
429 // avoid changing this function's occurence everywhere in the source code.
430 //-----------------------------------------------------------------------------
431 void FpgaWriteConfWord(uint8_t v)
432 {
433 FpgaSendCommand(FPGA_CMD_SET_CONFREG, v);
434 }
435
436 //-----------------------------------------------------------------------------
437 // Set up the CMOS switches that mux the ADC: four switches, independently
438 // closable, but should only close one at a time. Not an FPGA thing, but
439 // the samples from the ADC always flow through the FPGA.
440 //-----------------------------------------------------------------------------
441 void SetAdcMuxFor(uint32_t whichGpio)
442 {
443 AT91C_BASE_PIOA->PIO_OER =
444 GPIO_MUXSEL_HIPKD |
445 GPIO_MUXSEL_LOPKD |
446 GPIO_MUXSEL_LORAW |
447 GPIO_MUXSEL_HIRAW;
448
449 AT91C_BASE_PIOA->PIO_PER =
450 GPIO_MUXSEL_HIPKD |
451 GPIO_MUXSEL_LOPKD |
452 GPIO_MUXSEL_LORAW |
453 GPIO_MUXSEL_HIRAW;
454
455 LOW(GPIO_MUXSEL_HIPKD);
456 LOW(GPIO_MUXSEL_HIRAW);
457 LOW(GPIO_MUXSEL_LORAW);
458 LOW(GPIO_MUXSEL_LOPKD);
459
460 HIGH(whichGpio);
461 }
Proxmark3 GIT tracking
Impressum, Datenschutz