]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/fpgaloader.c
fix mandemod initialisation and add Transit tag trace
[proxmark3-svn] / armsrc / fpgaloader.c
1 //-----------------------------------------------------------------------------
2 // Routines to load the FPGA image, and then to configure the FPGA's major
3 // mode once it is configured.
4 //
5 // Jonathan Westhues, April 2006
6 //-----------------------------------------------------------------------------
7 #include <proxmark3.h>
8 #include "apps.h"
9
10 //-----------------------------------------------------------------------------
11 // Set up the Serial Peripheral Interface as master
12 // Used to write the FPGA config word
13 // May also be used to write to other SPI attached devices like an LCD
14 //-----------------------------------------------------------------------------
15 void SetupSpi(int mode)
16 {
17 // PA10 -> SPI_NCS2 chip select (LCD)
18 // PA11 -> SPI_NCS0 chip select (FPGA)
19 // PA12 -> SPI_MISO Master-In Slave-Out
20 // PA13 -> SPI_MOSI Master-Out Slave-In
21 // PA14 -> SPI_SPCK Serial Clock
22
23 // Disable PIO control of the following pins, allows use by the SPI peripheral
24 PIO_DISABLE = (1 << GPIO_NCS0) |
25 (1 << GPIO_NCS2) |
26 (1 << GPIO_MISO) |
27 (1 << GPIO_MOSI) |
28 (1 << GPIO_SPCK);
29
30 PIO_PERIPHERAL_A_SEL = (1 << GPIO_NCS0) |
31 (1 << GPIO_MISO) |
32 (1 << GPIO_MOSI) |
33 (1 << GPIO_SPCK);
34
35 PIO_PERIPHERAL_B_SEL = (1 << GPIO_NCS2);
36
37 //enable the SPI Peripheral clock
38 PMC_PERIPHERAL_CLK_ENABLE = (1<<PERIPH_SPI);
39 // Enable SPI
40 SPI_CONTROL = SPI_CONTROL_ENABLE;
41
42 switch (mode) {
43 case SPI_FPGA_MODE:
44 SPI_MODE =
45 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
46 (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)
47 ( 0 << 7) | // Local Loopback Disabled
48 ( 1 << 4) | // Mode Fault Detection disabled
49 ( 0 << 2) | // Chip selects connected directly to peripheral
50 ( 0 << 1) | // Fixed Peripheral Select
51 ( 1 << 0); // Master Mode
52 SPI_FOR_CHIPSEL_0 =
53 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
54 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
55 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
56 ( 8 << 4) | // Bits per Transfer (16 bits)
57 ( 0 << 3) | // Chip Select inactive after transfer
58 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
59 ( 0 << 0); // Clock Polarity inactive state is logic 0
60 break;
61 case SPI_LCD_MODE:
62 SPI_MODE =
63 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
64 (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)
65 ( 0 << 7) | // Local Loopback Disabled
66 ( 1 << 4) | // Mode Fault Detection disabled
67 ( 0 << 2) | // Chip selects connected directly to peripheral
68 ( 0 << 1) | // Fixed Peripheral Select
69 ( 1 << 0); // Master Mode
70 SPI_FOR_CHIPSEL_2 =
71 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
72 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
73 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
74 ( 1 << 4) | // Bits per Transfer (9 bits)
75 ( 0 << 3) | // Chip Select inactive after transfer
76 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
77 ( 0 << 0); // Clock Polarity inactive state is logic 0
78 break;
79 default: // Disable SPI
80 SPI_CONTROL = SPI_CONTROL_DISABLE;
81 break;
82 }
83 }
84
85 //-----------------------------------------------------------------------------
86 // Set up the synchronous serial port, with the one set of options that we
87 // always use when we are talking to the FPGA. Both RX and TX are enabled.
88 //-----------------------------------------------------------------------------
89 void FpgaSetupSsc(void)
90 {
91 // First configure the GPIOs, and get ourselves a clock.
92 PIO_PERIPHERAL_A_SEL = (1 << GPIO_SSC_FRAME) |
93 (1 << GPIO_SSC_DIN) |
94 (1 << GPIO_SSC_DOUT) |
95 (1 << GPIO_SSC_CLK);
96 PIO_DISABLE = (1 << GPIO_SSC_DOUT);
97
98 PMC_PERIPHERAL_CLK_ENABLE = (1 << PERIPH_SSC);
99
100 // Now set up the SSC proper, starting from a known state.
101 SSC_CONTROL = SSC_CONTROL_RESET;
102
103 // RX clock comes from TX clock, RX starts when TX starts, data changes
104 // on RX clock rising edge, sampled on falling edge
105 SSC_RECEIVE_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
106
107 // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync
108 // pulse, no output sync, start on positive-going edge of sync
109 SSC_RECEIVE_FRAME_MODE = SSC_FRAME_MODE_BITS_IN_WORD(8) |
110 SSC_FRAME_MODE_MSB_FIRST | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
111
112 // clock comes from TK pin, no clock output, outputs change on falling
113 // edge of TK, start on rising edge of TF
114 SSC_TRANSMIT_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(2) |
115 SSC_CLOCK_MODE_START(5);
116
117 // tx framing is the same as the rx framing
118 SSC_TRANSMIT_FRAME_MODE = SSC_RECEIVE_FRAME_MODE;
119
120 SSC_CONTROL = SSC_CONTROL_RX_ENABLE | SSC_CONTROL_TX_ENABLE;
121 }
122
123 //-----------------------------------------------------------------------------
124 // Set up DMA to receive samples from the FPGA. We will use the PDC, with
125 // a single buffer as a circular buffer (so that we just chain back to
126 // ourselves, not to another buffer). The stuff to manipulate those buffers
127 // is in apps.h, because it should be inlined, for speed.
128 //-----------------------------------------------------------------------------
129 void FpgaSetupSscDma(BYTE *buf, int len)
130 {
131 PDC_RX_POINTER(SSC_BASE) = (DWORD)buf;
132 PDC_RX_COUNTER(SSC_BASE) = len;
133 PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD)buf;
134 PDC_RX_NEXT_COUNTER(SSC_BASE) = len;
135 PDC_CONTROL(SSC_BASE) = PDC_RX_ENABLE;
136 }
137
138 static void DownloadFPGA_byte(unsigned char w)
139 {
140 #define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }
141 SEND_BIT(7);
142 SEND_BIT(6);
143 SEND_BIT(5);
144 SEND_BIT(4);
145 SEND_BIT(3);
146 SEND_BIT(2);
147 SEND_BIT(1);
148 SEND_BIT(0);
149 }
150
151 // Download the fpga image starting at FpgaImage and with length FpgaImageLen bytes
152 // If bytereversal is set: reverse the byte order in each 4-byte word
153 static void DownloadFPGA(const char *FpgaImage, int FpgaImageLen, int bytereversal)
154 {
155 int i;
156
157 PIO_OUTPUT_ENABLE = (1 << GPIO_FPGA_ON);
158 PIO_ENABLE = (1 << GPIO_FPGA_ON);
159 PIO_OUTPUT_DATA_SET = (1 << GPIO_FPGA_ON);
160
161 SpinDelay(50);
162
163 LED_D_ON();
164
165 HIGH(GPIO_FPGA_NPROGRAM);
166 LOW(GPIO_FPGA_CCLK);
167 LOW(GPIO_FPGA_DIN);
168 PIO_OUTPUT_ENABLE = (1 << GPIO_FPGA_NPROGRAM) |
169 (1 << GPIO_FPGA_CCLK) |
170 (1 << GPIO_FPGA_DIN);
171 SpinDelay(1);
172
173 LOW(GPIO_FPGA_NPROGRAM);
174 SpinDelay(50);
175 HIGH(GPIO_FPGA_NPROGRAM);
176
177 if(bytereversal) {
178 /* This is only supported for DWORD aligned images */
179 if( ((int)FpgaImage % sizeof(DWORD)) == 0 ) {
180 i=0;
181 while(FpgaImageLen-->0)
182 DownloadFPGA_byte(FpgaImage[(i++)^0x3]);
183 /* Explanation of the magic in the above line:
184 * i^0x3 inverts the lower two bits of the integer i, counting backwards
185 * for each 4 byte increment. The generated sequence of (i++)^3 is
186 * 3 2 1 0 7 6 5 4 11 10 9 8 15 14 13 12 etc. pp.
187 */
188 }
189 } else {
190 while(FpgaImageLen-->0)
191 DownloadFPGA_byte(*FpgaImage++);
192 }
193
194 LED_D_OFF();
195 }
196
197 static char *bitparse_headers_start;
198 static char *bitparse_bitstream_end;
199 static int bitparse_initialized;
200 /* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence
201 * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01
202 * After that the format is 1 byte section type (ASCII character), 2 byte length
203 * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes
204 * length.
205 */
206 static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};
207 static int bitparse_init(void * start_address, void *end_address)
208 {
209 bitparse_initialized = 0;
210
211 if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) {
212 return 0; /* Not matched */
213 } else {
214 bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header);
215 bitparse_bitstream_end= (char*)end_address;
216 bitparse_initialized = 1;
217 return 1;
218 }
219 }
220
221 int bitparse_find_section(char section_name, char **section_start, unsigned int *section_length)
222 {
223 char *pos = bitparse_headers_start;
224 int result = 0;
225
226 if(!bitparse_initialized) return 0;
227
228 while(pos < bitparse_bitstream_end) {
229 char current_name = *pos++;
230 unsigned int current_length = 0;
231 if(current_name < 'a' || current_name > 'e') {
232 /* Strange section name, abort */
233 break;
234 }
235 current_length = 0;
236 switch(current_name) {
237 case 'e':
238 /* Four byte length field */
239 current_length += (*pos++) << 24;
240 current_length += (*pos++) << 16;
241 default: /* Fall through, two byte length field */
242 current_length += (*pos++) << 8;
243 current_length += (*pos++) << 0;
244 }
245
246 if(current_name != 'e' && current_length > 255) {
247 /* Maybe a parse error */
248 break;
249 }
250
251 if(current_name == section_name) {
252 /* Found it */
253 *section_start = pos;
254 *section_length = current_length;
255 result = 1;
256 break;
257 }
258
259 pos += current_length; /* Skip section */
260 }
261
262 return result;
263 }
264
265 //-----------------------------------------------------------------------------
266 // Find out which FPGA image format is stored in flash, then call DownloadFPGA
267 // with the right parameters to download the image
268 //-----------------------------------------------------------------------------
269 extern char _binary_fpga_bit_start, _binary_fpga_bit_end;
270 void FpgaDownloadAndGo(void)
271 {
272 /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start
273 */
274 if(bitparse_init(&_binary_fpga_bit_start, &_binary_fpga_bit_end)) {
275 /* Successfully initialized the .bit parser. Find the 'e' section and
276 * send its contents to the FPGA.
277 */
278 char *bitstream_start;
279 unsigned int bitstream_length;
280 if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) {
281 DownloadFPGA(bitstream_start, bitstream_length, 0);
282
283 return; /* All done */
284 }
285 }
286
287 /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF
288 * 0xAA995566 at address 0x102000. This is raw bitstream with a size of 336,768 bits
289 * = 10,524 DWORDs, stored as DWORDS e.g. little-endian in memory, but each DWORD
290 * is still to be transmitted in MSBit first order. Set the invert flag to indicate
291 * that the DownloadFPGA function should invert every 4 byte sequence when doing
292 * the bytewise download.
293 */
294 if( *(DWORD*)0x102000 == 0xFFFFFFFF && *(DWORD*)0x102004 == 0xAA995566 )
295 DownloadFPGA((char*)0x102000, 10524*4, 1);
296 }
297
298 void FpgaGatherVersion(char *dst, int len)
299 {
300 char *fpga_info;
301 unsigned int fpga_info_len;
302 dst[0] = 0;
303 if(!bitparse_find_section('e', &fpga_info, &fpga_info_len)) {
304 strncat(dst, "FPGA image: legacy image without version information", len-1);
305 } else {
306 strncat(dst, "FPGA image built", len-1);
307 /* USB packets only have 48 bytes data payload, so be terse */
308 #if 0
309 if(bitparse_find_section('a', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
310 strncat(dst, " from ", len-1);
311 strncat(dst, fpga_info, len-1);
312 }
313 if(bitparse_find_section('b', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
314 strncat(dst, " for ", len-1);
315 strncat(dst, fpga_info, len-1);
316 }
317 #endif
318 if(bitparse_find_section('c', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
319 strncat(dst, " on ", len-1);
320 strncat(dst, fpga_info, len-1);
321 }
322 if(bitparse_find_section('d', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
323 strncat(dst, " at ", len-1);
324 strncat(dst, fpga_info, len-1);
325 }
326 }
327 }
328
329 //-----------------------------------------------------------------------------
330 // Send a 16 bit command/data pair to the FPGA.
331 // The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0
332 // where C is the 4 bit command and D is the 12 bit data
333 //-----------------------------------------------------------------------------
334 void FpgaSendCommand(WORD cmd, WORD v)
335 {
336 SetupSpi(SPI_FPGA_MODE);
337 while ((SPI_STATUS & SPI_STATUS_TX_EMPTY) == 0); // wait for the transfer to complete
338 SPI_TX_DATA = SPI_CONTROL_LAST_TRANSFER | cmd | v; // send the data
339 }
340 //-----------------------------------------------------------------------------
341 // Write the FPGA setup word (that determines what mode the logic is in, read
342 // vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to
343 // avoid changing this function's occurence everywhere in the source code.
344 //-----------------------------------------------------------------------------
345 void FpgaWriteConfWord(BYTE v)
346 {
347 FpgaSendCommand(FPGA_CMD_SET_CONFREG, v);
348 }
349
350 //-----------------------------------------------------------------------------
351 // Set up the CMOS switches that mux the ADC: four switches, independently
352 // closable, but should only close one at a time. Not an FPGA thing, but
353 // the samples from the ADC always flow through the FPGA.
354 //-----------------------------------------------------------------------------
355 void SetAdcMuxFor(int whichGpio)
356 {
357 PIO_OUTPUT_ENABLE = (1 << GPIO_MUXSEL_HIPKD) |
358 (1 << GPIO_MUXSEL_LOPKD) |
359 (1 << GPIO_MUXSEL_LORAW) |
360 (1 << GPIO_MUXSEL_HIRAW);
361
362 PIO_ENABLE = (1 << GPIO_MUXSEL_HIPKD) |
363 (1 << GPIO_MUXSEL_LOPKD) |
364 (1 << GPIO_MUXSEL_LORAW) |
365 (1 << GPIO_MUXSEL_HIRAW);
366
367 LOW(GPIO_MUXSEL_HIPKD);
368 LOW(GPIO_MUXSEL_HIRAW);
369 LOW(GPIO_MUXSEL_LORAW);
370 LOW(GPIO_MUXSEL_LOPKD);
371
372 HIGH(whichGpio);
373 }
Impressum, Datenschutz