]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/fpgaloader.c
projects / proxmark3-svn / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Implement version information storage and retrieval for the bootrom and the osimage.
[proxmark3-svn] / armsrc / fpgaloader.c
1 //-----------------------------------------------------------------------------
2 // Routines to load the FPGA image, and then to configure the FPGA's major
3 // mode once it is configured.
4 //
5 // Jonathan Westhues, April 2006
6 //-----------------------------------------------------------------------------
7 #include <proxmark3.h>
8 #include "apps.h"
9
10 //-----------------------------------------------------------------------------
11 // Set up the Serial Peripheral Interface as master
12 // Used to write the FPGA config word
13 // May also be used to write to other SPI attached devices like an LCD
14 //-----------------------------------------------------------------------------
15 void SetupSpi(int mode)
16 {
17 // PA10 -> SPI_NCS2 chip select (LCD)
18 // PA11 -> SPI_NCS0 chip select (FPGA)
19 // PA12 -> SPI_MISO Master-In Slave-Out
20 // PA13 -> SPI_MOSI Master-Out Slave-In
21 // PA14 -> SPI_SPCK Serial Clock
22
23 // Disable PIO control of the following pins, allows use by the SPI peripheral
24 PIO_DISABLE = (1 << GPIO_NCS0) |
25 (1 << GPIO_NCS2) |
26 (1 << GPIO_MISO) |
27 (1 << GPIO_MOSI) |
28 (1 << GPIO_SPCK);
29
30 PIO_PERIPHERAL_A_SEL = (1 << GPIO_NCS0) |
31 (1 << GPIO_MISO) |
32 (1 << GPIO_MOSI) |
33 (1 << GPIO_SPCK);
34
35 PIO_PERIPHERAL_B_SEL = (1 << GPIO_NCS2);
36
37 //enable the SPI Peripheral clock
38 PMC_PERIPHERAL_CLK_ENABLE = (1<<PERIPH_SPI);
39 // Enable SPI
40 SPI_CONTROL = SPI_CONTROL_ENABLE;
41
42 switch (mode) {
43 case SPI_FPGA_MODE:
44 SPI_MODE =
45 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
46 (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)
47 ( 0 << 7) | // Local Loopback Disabled
48 ( 1 << 4) | // Mode Fault Detection disabled
49 ( 0 << 2) | // Chip selects connected directly to peripheral
50 ( 0 << 1) | // Fixed Peripheral Select
51 ( 1 << 0); // Master Mode
52 SPI_FOR_CHIPSEL_0 =
53 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
54 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
55 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
56 ( 8 << 4) | // Bits per Transfer (16 bits)
57 ( 0 << 3) | // Chip Select inactive after transfer
58 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
59 ( 0 << 0); // Clock Polarity inactive state is logic 0
60 break;
61 case SPI_LCD_MODE:
62 SPI_MODE =
63 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
64 (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)
65 ( 0 << 7) | // Local Loopback Disabled
66 ( 1 << 4) | // Mode Fault Detection disabled
67 ( 0 << 2) | // Chip selects connected directly to peripheral
68 ( 0 << 1) | // Fixed Peripheral Select
69 ( 1 << 0); // Master Mode
70 SPI_FOR_CHIPSEL_2 =
71 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
72 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
73 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
74 ( 1 << 4) | // Bits per Transfer (9 bits)
75 ( 0 << 3) | // Chip Select inactive after transfer
76 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
77 ( 0 << 0); // Clock Polarity inactive state is logic 0
78 break;
79 default: // Disable SPI
80 SPI_CONTROL = SPI_CONTROL_DISABLE;
81 break;
82 }
83 }
84
85 //-----------------------------------------------------------------------------
86 // Set up the synchronous serial port, with the one set of options that we
87 // always use when we are talking to the FPGA. Both RX and TX are enabled.
88 //-----------------------------------------------------------------------------
89 void FpgaSetupSsc(void)
90 {
91 // First configure the GPIOs, and get ourselves a clock.
92 PIO_PERIPHERAL_A_SEL = (1 << GPIO_SSC_FRAME) |
93 (1 << GPIO_SSC_DIN) |
94 (1 << GPIO_SSC_DOUT) |
95 (1 << GPIO_SSC_CLK);
96 PIO_DISABLE = (1 << GPIO_SSC_DOUT);
97
98 PMC_PERIPHERAL_CLK_ENABLE = (1 << PERIPH_SSC);
99
100 // Now set up the SSC proper, starting from a known state.
101 SSC_CONTROL = SSC_CONTROL_RESET;
102
103 // RX clock comes from TX clock, RX starts when TX starts, data changes
104 // on RX clock rising edge, sampled on falling edge
105 SSC_RECEIVE_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
106
107 // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync
108 // pulse, no output sync, start on positive-going edge of sync
109 SSC_RECEIVE_FRAME_MODE = SSC_FRAME_MODE_BITS_IN_WORD(8) |
110 SSC_FRAME_MODE_MSB_FIRST | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
111
112 // clock comes from TK pin, no clock output, outputs change on falling
113 // edge of TK, start on rising edge of TF
114 SSC_TRANSMIT_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(2) |
115 SSC_CLOCK_MODE_START(5);
116
117 // tx framing is the same as the rx framing
118 SSC_TRANSMIT_FRAME_MODE = SSC_RECEIVE_FRAME_MODE;
119
120 SSC_CONTROL = SSC_CONTROL_RX_ENABLE | SSC_CONTROL_TX_ENABLE;
121 }
122
123 //-----------------------------------------------------------------------------
124 // Set up DMA to receive samples from the FPGA. We will use the PDC, with
125 // a single buffer as a circular buffer (so that we just chain back to
126 // ourselves, not to another buffer). The stuff to manipulate those buffers
127 // is in apps.h, because it should be inlined, for speed.
128 //-----------------------------------------------------------------------------
129 void FpgaSetupSscDma(BYTE *buf, int len)
130 {
131 PDC_RX_POINTER(SSC_BASE) = (DWORD)buf;
132 PDC_RX_COUNTER(SSC_BASE) = len;
133 PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD)buf;
134 PDC_RX_NEXT_COUNTER(SSC_BASE) = len;
135 PDC_CONTROL(SSC_BASE) = PDC_RX_ENABLE;
136 }
137
138 // Download the fpga image starting at FpgaImage and with length FpgaImageLen DWORDs (e.g. 4 bytes)
139 // If bytereversal is set: reverse the byte order in each 4-byte word
140 static void DownloadFPGA(const DWORD *FpgaImage, DWORD FpgaImageLen, int bytereversal)
141 {
142 int i, j;
143
144 PIO_OUTPUT_ENABLE = (1 << GPIO_FPGA_ON);
145 PIO_ENABLE = (1 << GPIO_FPGA_ON);
146 PIO_OUTPUT_DATA_SET = (1 << GPIO_FPGA_ON);
147
148 SpinDelay(50);
149
150 LED_D_ON();
151
152 HIGH(GPIO_FPGA_NPROGRAM);
153 LOW(GPIO_FPGA_CCLK);
154 LOW(GPIO_FPGA_DIN);
155 PIO_OUTPUT_ENABLE = (1 << GPIO_FPGA_NPROGRAM) |
156 (1 << GPIO_FPGA_CCLK) |
157 (1 << GPIO_FPGA_DIN);
158 SpinDelay(1);
159
160 LOW(GPIO_FPGA_NPROGRAM);
161 SpinDelay(50);
162 HIGH(GPIO_FPGA_NPROGRAM);
163
164 for(i = 0; i < FpgaImageLen; i++) {
165 DWORD v = FpgaImage[i];
166 unsigned char w;
167 for(j = 0; j < 4; j++) {
168 if(!bytereversal)
169 w = v >>(j*8);
170 else
171 w = v >>((3-j)*8);
172 #define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }
173 SEND_BIT(7);
174 SEND_BIT(6);
175 SEND_BIT(5);
176 SEND_BIT(4);
177 SEND_BIT(3);
178 SEND_BIT(2);
179 SEND_BIT(1);
180 SEND_BIT(0);
181 }
182 }
183
184 LED_D_OFF();
185 }
186
187 static char *bitparse_headers_start;
188 static char *bitparse_bitstream_end;
189 static int bitparse_initialized;
190 /* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence
191 * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01
192 * After that the format is 1 byte section type (ASCII character), 2 byte length
193 * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes
194 * length.
195 */
196 static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};
197 static int bitparse_init(void * start_address, void *end_address)
198 {
199 bitparse_initialized = 0;
200
201 if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) {
202 return 0; /* Not matched */
203 } else {
204 bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header);
205 bitparse_bitstream_end= (char*)end_address;
206 bitparse_initialized = 1;
207 return 1;
208 }
209 }
210
211 int bitparse_find_section(char section_name, void **section_start, unsigned int *section_length)
212 {
213 char *pos = bitparse_headers_start;
214 int result = 0;
215
216 if(!bitparse_initialized) return 0;
217
218 while(pos < bitparse_bitstream_end) {
219 char current_name = *pos++;
220 unsigned int current_length = 0;
221 if(current_name < 'a' || current_name > 'e') {
222 /* Strange section name, abort */
223 break;
224 }
225 current_length = 0;
226 switch(current_name) {
227 case 'e':
228 /* Four byte length field */
229 current_length += (*pos++) << 24;
230 current_length += (*pos++) << 16;
231 default: /* Fall through, two byte length field */
232 current_length += (*pos++) << 8;
233 current_length += (*pos++) << 0;
234 }
235
236 if(current_name != 'e' && current_length > 255) {
237 /* Maybe a parse error */
238 break;
239 }
240
241 if(current_name == section_name) {
242 /* Found it */
243 *section_start = pos;
244 *section_length = current_length;
245 result = 1;
246 break;
247 }
248
249 pos += current_length; /* Skip section */
250 }
251
252 return result;
253 }
254
255 //-----------------------------------------------------------------------------
256 // Find out which FPGA image format is stored in flash, then call DownloadFPGA
257 // with the right parameters to download the image
258 //-----------------------------------------------------------------------------
259 extern char _binary_fpga_bit_start, _binary_fpga_bit_end;
260 void FpgaDownloadAndGo(void)
261 {
262 /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start
263 */
264 if(bitparse_init(&_binary_fpga_bit_start, &_binary_fpga_bit_end)) {
265 /* Successfully initialized the .bit parser. Find the 'e' section and
266 * send its contents to the FPGA.
267 */
268 void *bitstream_start;
269 unsigned int bitstream_length;
270 if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) {
271 DownloadFPGA((DWORD *)bitstream_start, bitstream_length/4, 0);
272
273 return; /* All done */
274 }
275 }
276
277 /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF
278 * 0xAA995566 at address 0x2000. This is raw bitstream with a size of 336,768 bits
279 * = 10,524 DWORDs, stored as DWORDS e.g. little-endian in memory, but each DWORD
280 * is still to be transmitted in MSBit first order. Set the invert flag to indicate
281 * that the DownloadFPGA function should invert every 4 byte sequence when doing
282 * the bytewise download.
283 */
284 if( *(DWORD*)0x2000 == 0xFFFFFFFF && *(DWORD*)0x2004 == 0xAA995566 )
285 DownloadFPGA((DWORD *)0x2000, 10524, 1);
286 }
287
288 void FpgaGatherVersion(char *dst, int len)
289 {
290 char *fpga_info;
291 unsigned int fpga_info_len;
292 dst[0] = 0;
293 if(!bitparse_find_section('e', (void**)&fpga_info, &fpga_info_len)) {
294 strncat(dst, "FPGA image: legacy image without version information", len-1);
295 } else {
296 strncat(dst, "FPGA image built", len-1);
297 /* USB packets only have 48 bytes data payload, so be terse */
298 #if 0
299 if(bitparse_find_section('a', (void**)&fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
300 strncat(dst, " from ", len-1);
301 strncat(dst, fpga_info, len-1);
302 }
303 if(bitparse_find_section('b', (void**)&fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
304 strncat(dst, " for ", len-1);
305 strncat(dst, fpga_info, len-1);
306 }
307 #endif
308 if(bitparse_find_section('c', (void**)&fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
309 strncat(dst, " on ", len-1);
310 strncat(dst, fpga_info, len-1);
311 }
312 if(bitparse_find_section('d', (void**)&fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
313 strncat(dst, " at ", len-1);
314 strncat(dst, fpga_info, len-1);
315 }
316 }
317 }
318
319 //-----------------------------------------------------------------------------
320 // Send a 16 bit command/data pair to the FPGA.
321 // The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0
322 // where C is the 4 bit command and D is the 12 bit data
323 //-----------------------------------------------------------------------------
324 void FpgaSendCommand(WORD cmd, WORD v)
325 {
326 SetupSpi(SPI_FPGA_MODE);
327 while ((SPI_STATUS & SPI_STATUS_TX_EMPTY) == 0); // wait for the transfer to complete
328 SPI_TX_DATA = SPI_CONTROL_LAST_TRANSFER | cmd | v; // send the data
329 }
330 //-----------------------------------------------------------------------------
331 // Write the FPGA setup word (that determines what mode the logic is in, read
332 // vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to
333 // avoid changing this function's occurence everywhere in the source code.
334 //-----------------------------------------------------------------------------
335 void FpgaWriteConfWord(BYTE v)
336 {
337 FpgaSendCommand(FPGA_CMD_SET_CONFREG, v);
338 }
339
340 //-----------------------------------------------------------------------------
341 // Set up the CMOS switches that mux the ADC: four switches, independently
342 // closable, but should only close one at a time. Not an FPGA thing, but
343 // the samples from the ADC always flow through the FPGA.
344 //-----------------------------------------------------------------------------
345 void SetAdcMuxFor(int whichGpio)
346 {
347 PIO_OUTPUT_ENABLE = (1 << GPIO_MUXSEL_HIPKD) |
348 (1 << GPIO_MUXSEL_LOPKD) |
349 (1 << GPIO_MUXSEL_LORAW) |
350 (1 << GPIO_MUXSEL_HIRAW);
351
352 PIO_ENABLE = (1 << GPIO_MUXSEL_HIPKD) |
353 (1 << GPIO_MUXSEL_LOPKD) |
354 (1 << GPIO_MUXSEL_LORAW) |
355 (1 << GPIO_MUXSEL_HIRAW);
356
357 LOW(GPIO_MUXSEL_HIPKD);
358 LOW(GPIO_MUXSEL_HIRAW);
359 LOW(GPIO_MUXSEL_LORAW);
360 LOW(GPIO_MUXSEL_LOPKD);
361
362 HIGH(whichGpio);
363 }
Proxmark3 GIT tracking
Impressum, Datenschutz