]> cvs.zerfleddert.de Git - proxmark3-svn/blob - armsrc/fpgaloader.c
af2f02abaf6df550a9f93d2cf313a868bb16ddf5
[proxmark3-svn] / armsrc / fpgaloader.c
1 //-----------------------------------------------------------------------------
2 // Routines to load the FPGA image, and then to configure the FPGA's major
3 // mode once it is configured.
4 //
5 // Jonathan Westhues, April 2006
6 //-----------------------------------------------------------------------------
7 #include <proxmark3.h>
8 #include "apps.h"
9
10 //-----------------------------------------------------------------------------
11 // Set up the Serial Peripheral Interface as master
12 // Used to write the FPGA config word
13 // May also be used to write to other SPI attached devices like an LCD
14 //-----------------------------------------------------------------------------
15 void SetupSpi(int mode)
16 {
17 // PA10 -> SPI_NCS2 chip select (LCD)
18 // PA11 -> SPI_NCS0 chip select (FPGA)
19 // PA12 -> SPI_MISO Master-In Slave-Out
20 // PA13 -> SPI_MOSI Master-Out Slave-In
21 // PA14 -> SPI_SPCK Serial Clock
22
23 // Disable PIO control of the following pins, allows use by the SPI peripheral
24 PIO_DISABLE = (1 << GPIO_NCS0) |
25 (1 << GPIO_NCS2) |
26 (1 << GPIO_MISO) |
27 (1 << GPIO_MOSI) |
28 (1 << GPIO_SPCK);
29
30 PIO_PERIPHERAL_A_SEL = (1 << GPIO_NCS0) |
31 (1 << GPIO_MISO) |
32 (1 << GPIO_MOSI) |
33 (1 << GPIO_SPCK);
34
35 PIO_PERIPHERAL_B_SEL = (1 << GPIO_NCS2);
36
37 //enable the SPI Peripheral clock
38 PMC_PERIPHERAL_CLK_ENABLE = (1<<PERIPH_SPI);
39 // Enable SPI
40 SPI_CONTROL = SPI_CONTROL_ENABLE;
41
42 switch (mode) {
43 case SPI_FPGA_MODE:
44 SPI_MODE =
45 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
46 (14 << 16) | // Peripheral Chip Select (selects FPGA SPI_NCS0 or PA11)
47 ( 0 << 7) | // Local Loopback Disabled
48 ( 1 << 4) | // Mode Fault Detection disabled
49 ( 0 << 2) | // Chip selects connected directly to peripheral
50 ( 0 << 1) | // Fixed Peripheral Select
51 ( 1 << 0); // Master Mode
52 SPI_FOR_CHIPSEL_0 =
53 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
54 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
55 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
56 ( 8 << 4) | // Bits per Transfer (16 bits)
57 ( 0 << 3) | // Chip Select inactive after transfer
58 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
59 ( 0 << 0); // Clock Polarity inactive state is logic 0
60 break;
61 case SPI_LCD_MODE:
62 SPI_MODE =
63 ( 0 << 24) | // Delay between chip selects (take default: 6 MCK periods)
64 (11 << 16) | // Peripheral Chip Select (selects LCD SPI_NCS2 or PA10)
65 ( 0 << 7) | // Local Loopback Disabled
66 ( 1 << 4) | // Mode Fault Detection disabled
67 ( 0 << 2) | // Chip selects connected directly to peripheral
68 ( 0 << 1) | // Fixed Peripheral Select
69 ( 1 << 0); // Master Mode
70 SPI_FOR_CHIPSEL_2 =
71 ( 1 << 24) | // Delay between Consecutive Transfers (32 MCK periods)
72 ( 1 << 16) | // Delay Before SPCK (1 MCK period)
73 ( 6 << 8) | // Serial Clock Baud Rate (baudrate = MCK/6 = 24Mhz/6 = 4M baud
74 ( 1 << 4) | // Bits per Transfer (9 bits)
75 ( 0 << 3) | // Chip Select inactive after transfer
76 ( 1 << 1) | // Clock Phase data captured on leading edge, changes on following edge
77 ( 0 << 0); // Clock Polarity inactive state is logic 0
78 break;
79 default: // Disable SPI
80 SPI_CONTROL = SPI_CONTROL_DISABLE;
81 break;
82 }
83 }
84
85 //-----------------------------------------------------------------------------
86 // Set up the synchronous serial port, with the one set of options that we
87 // always use when we are talking to the FPGA. Both RX and TX are enabled.
88 //-----------------------------------------------------------------------------
89 void FpgaSetupSsc(void)
90 {
91 // First configure the GPIOs, and get ourselves a clock.
92 PIO_PERIPHERAL_A_SEL = (1 << GPIO_SSC_FRAME) |
93 (1 << GPIO_SSC_DIN) |
94 (1 << GPIO_SSC_DOUT) |
95 (1 << GPIO_SSC_CLK);
96 PIO_DISABLE = (1 << GPIO_SSC_DOUT);
97
98 PMC_PERIPHERAL_CLK_ENABLE = (1 << PERIPH_SSC);
99
100 // Now set up the SSC proper, starting from a known state.
101 SSC_CONTROL = SSC_CONTROL_RESET;
102
103 // RX clock comes from TX clock, RX starts when TX starts, data changes
104 // on RX clock rising edge, sampled on falling edge
105 SSC_RECEIVE_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(1) | SSC_CLOCK_MODE_START(1);
106
107 // 8 bits per transfer, no loopback, MSB first, 1 transfer per sync
108 // pulse, no output sync, start on positive-going edge of sync
109 SSC_RECEIVE_FRAME_MODE = SSC_FRAME_MODE_BITS_IN_WORD(8) |
110 SSC_FRAME_MODE_MSB_FIRST | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
111
112 // clock comes from TK pin, no clock output, outputs change on falling
113 // edge of TK, start on rising edge of TF
114 SSC_TRANSMIT_CLOCK_MODE = SSC_CLOCK_MODE_SELECT(2) |
115 SSC_CLOCK_MODE_START(5);
116
117 // tx framing is the same as the rx framing
118 SSC_TRANSMIT_FRAME_MODE = SSC_RECEIVE_FRAME_MODE;
119
120 SSC_CONTROL = SSC_CONTROL_RX_ENABLE | SSC_CONTROL_TX_ENABLE;
121 }
122
123 //-----------------------------------------------------------------------------
124 // Set up DMA to receive samples from the FPGA. We will use the PDC, with
125 // a single buffer as a circular buffer (so that we just chain back to
126 // ourselves, not to another buffer). The stuff to manipulate those buffers
127 // is in apps.h, because it should be inlined, for speed.
128 //-----------------------------------------------------------------------------
129 void FpgaSetupSscDma(BYTE *buf, int len)
130 {
131 PDC_RX_POINTER(SSC_BASE) = (DWORD)buf;
132 PDC_RX_COUNTER(SSC_BASE) = len;
133 PDC_RX_NEXT_POINTER(SSC_BASE) = (DWORD)buf;
134 PDC_RX_NEXT_COUNTER(SSC_BASE) = len;
135 PDC_CONTROL(SSC_BASE) = PDC_RX_ENABLE;
136 }
137
138 static void DownloadFPGA_byte(unsigned char w)
139 {
140 #define SEND_BIT(x) { if(w & (1<<x) ) HIGH(GPIO_FPGA_DIN); else LOW(GPIO_FPGA_DIN); HIGH(GPIO_FPGA_CCLK); LOW(GPIO_FPGA_CCLK); }
141 SEND_BIT(7);
142 SEND_BIT(6);
143 SEND_BIT(5);
144 SEND_BIT(4);
145 SEND_BIT(3);
146 SEND_BIT(2);
147 SEND_BIT(1);
148 SEND_BIT(0);
149 }
150
151 // Download the fpga image starting at FpgaImage and with length FpgaImageLen bytes
152 // If bytereversal is set: reverse the byte order in each 4-byte word
153 static void DownloadFPGA(const char *FpgaImage, int FpgaImageLen, int bytereversal)
154 {
155 int i=0;
156
157 PIO_OUTPUT_ENABLE = (1 << GPIO_FPGA_ON);
158 PIO_ENABLE = (1 << GPIO_FPGA_ON);
159 HIGH(GPIO_FPGA_ON); // ensure everything is powered on
160
161 SpinDelay(50);
162
163 LED_D_ON();
164
165 // These pins are inputs
166 PIO_OUTPUT_DISABLE = (1 << GPIO_FPGA_NINIT) | (1 << GPIO_FPGA_DONE);
167 // PIO controls the following pins
168 PIO_ENABLE = (1 << GPIO_FPGA_NINIT) | (1 << GPIO_FPGA_DONE);
169 // Enable pull-ups
170 PIO_NO_PULL_UP_DISABLE = (1 << GPIO_FPGA_NINIT) | (1 << GPIO_FPGA_DONE);
171
172 // setup initial logic state
173 HIGH(GPIO_FPGA_NPROGRAM);
174 LOW(GPIO_FPGA_CCLK);
175 LOW(GPIO_FPGA_DIN);
176 // These pins are outputs
177 PIO_OUTPUT_ENABLE = (1 << GPIO_FPGA_NPROGRAM) |
178 (1 << GPIO_FPGA_CCLK) |
179 (1 << GPIO_FPGA_DIN);
180
181 // enter FPGA configuration mode
182 LOW(GPIO_FPGA_NPROGRAM);
183 SpinDelay(50);
184 HIGH(GPIO_FPGA_NPROGRAM);
185
186 i=100000;
187 // wait for FPGA ready to accept data signal
188 while ((i) && ( !(PIO_PIN_DATA_STATUS & (1<<GPIO_FPGA_NINIT) ) ) ) {
189 i--;
190 }
191
192 // crude error indicator, leave both red LEDs on and return
193 if (i==0){
194 LED_C_ON();
195 LED_D_ON();
196 return;
197 }
198
199 if(bytereversal) {
200 /* This is only supported for DWORD aligned images */
201 if( ((int)FpgaImage % sizeof(DWORD)) == 0 ) {
202 i=0;
203 while(FpgaImageLen-->0)
204 DownloadFPGA_byte(FpgaImage[(i++)^0x3]);
205 /* Explanation of the magic in the above line:
206 * i^0x3 inverts the lower two bits of the integer i, counting backwards
207 * for each 4 byte increment. The generated sequence of (i++)^3 is
208 * 3 2 1 0 7 6 5 4 11 10 9 8 15 14 13 12 etc. pp.
209 */
210 }
211 } else {
212 while(FpgaImageLen-->0)
213 DownloadFPGA_byte(*FpgaImage++);
214 }
215
216 // continue to clock FPGA until ready signal goes high
217 i=100000;
218 while ( (i--) && ( !(PIO_PIN_DATA_STATUS & (1<<GPIO_FPGA_DONE) ) ) ) {
219 HIGH(GPIO_FPGA_CCLK);
220 LOW(GPIO_FPGA_CCLK);
221 }
222 // crude error indicator, leave both red LEDs on and return
223 if (i==0){
224 LED_C_ON();
225 LED_D_ON();
226 return;
227 }
228 LED_D_OFF();
229 }
230
231 static char *bitparse_headers_start;
232 static char *bitparse_bitstream_end;
233 static int bitparse_initialized;
234 /* Simple Xilinx .bit parser. The file starts with the fixed opaque byte sequence
235 * 00 09 0f f0 0f f0 0f f0 0f f0 00 00 01
236 * After that the format is 1 byte section type (ASCII character), 2 byte length
237 * (big endian), <length> bytes content. Except for section 'e' which has 4 bytes
238 * length.
239 */
240 static const char _bitparse_fixed_header[] = {0x00, 0x09, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x0f, 0xf0, 0x00, 0x00, 0x01};
241 static int bitparse_init(void * start_address, void *end_address)
242 {
243 bitparse_initialized = 0;
244
245 if(memcmp(_bitparse_fixed_header, start_address, sizeof(_bitparse_fixed_header)) != 0) {
246 return 0; /* Not matched */
247 } else {
248 bitparse_headers_start= ((char*)start_address) + sizeof(_bitparse_fixed_header);
249 bitparse_bitstream_end= (char*)end_address;
250 bitparse_initialized = 1;
251 return 1;
252 }
253 }
254
255 int bitparse_find_section(char section_name, char **section_start, unsigned int *section_length)
256 {
257 char *pos = bitparse_headers_start;
258 int result = 0;
259
260 if(!bitparse_initialized) return 0;
261
262 while(pos < bitparse_bitstream_end) {
263 char current_name = *pos++;
264 unsigned int current_length = 0;
265 if(current_name < 'a' || current_name > 'e') {
266 /* Strange section name, abort */
267 break;
268 }
269 current_length = 0;
270 switch(current_name) {
271 case 'e':
272 /* Four byte length field */
273 current_length += (*pos++) << 24;
274 current_length += (*pos++) << 16;
275 default: /* Fall through, two byte length field */
276 current_length += (*pos++) << 8;
277 current_length += (*pos++) << 0;
278 }
279
280 if(current_name != 'e' && current_length > 255) {
281 /* Maybe a parse error */
282 break;
283 }
284
285 if(current_name == section_name) {
286 /* Found it */
287 *section_start = pos;
288 *section_length = current_length;
289 result = 1;
290 break;
291 }
292
293 pos += current_length; /* Skip section */
294 }
295
296 return result;
297 }
298
299 //-----------------------------------------------------------------------------
300 // Find out which FPGA image format is stored in flash, then call DownloadFPGA
301 // with the right parameters to download the image
302 //-----------------------------------------------------------------------------
303 extern char _binary_fpga_bit_start, _binary_fpga_bit_end;
304 void FpgaDownloadAndGo(void)
305 {
306 /* Check for the new flash image format: Should have the .bit file at &_binary_fpga_bit_start
307 */
308 if(bitparse_init(&_binary_fpga_bit_start, &_binary_fpga_bit_end)) {
309 /* Successfully initialized the .bit parser. Find the 'e' section and
310 * send its contents to the FPGA.
311 */
312 char *bitstream_start;
313 unsigned int bitstream_length;
314 if(bitparse_find_section('e', &bitstream_start, &bitstream_length)) {
315 DownloadFPGA(bitstream_start, bitstream_length, 0);
316
317 return; /* All done */
318 }
319 }
320
321 /* Fallback for the old flash image format: Check for the magic marker 0xFFFFFFFF
322 * 0xAA995566 at address 0x102000. This is raw bitstream with a size of 336,768 bits
323 * = 10,524 DWORDs, stored as DWORDS e.g. little-endian in memory, but each DWORD
324 * is still to be transmitted in MSBit first order. Set the invert flag to indicate
325 * that the DownloadFPGA function should invert every 4 byte sequence when doing
326 * the bytewise download.
327 */
328 if( *(DWORD*)0x102000 == 0xFFFFFFFF && *(DWORD*)0x102004 == 0xAA995566 )
329 DownloadFPGA((char*)0x102000, 10524*4, 1);
330 }
331
332 void FpgaGatherVersion(char *dst, int len)
333 {
334 char *fpga_info;
335 unsigned int fpga_info_len;
336 dst[0] = 0;
337 if(!bitparse_find_section('e', &fpga_info, &fpga_info_len)) {
338 strncat(dst, "FPGA image: legacy image without version information", len-1);
339 } else {
340 strncat(dst, "FPGA image built", len-1);
341 /* USB packets only have 48 bytes data payload, so be terse */
342 #if 0
343 if(bitparse_find_section('a', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
344 strncat(dst, " from ", len-1);
345 strncat(dst, fpga_info, len-1);
346 }
347 if(bitparse_find_section('b', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
348 strncat(dst, " for ", len-1);
349 strncat(dst, fpga_info, len-1);
350 }
351 #endif
352 if(bitparse_find_section('c', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
353 strncat(dst, " on ", len-1);
354 strncat(dst, fpga_info, len-1);
355 }
356 if(bitparse_find_section('d', &fpga_info, &fpga_info_len) && fpga_info[fpga_info_len-1] == 0 ) {
357 strncat(dst, " at ", len-1);
358 strncat(dst, fpga_info, len-1);
359 }
360 }
361 }
362
363 //-----------------------------------------------------------------------------
364 // Send a 16 bit command/data pair to the FPGA.
365 // The bit format is: C3 C2 C1 C0 D11 D10 D9 D8 D7 D6 D5 D4 D3 D2 D1 D0
366 // where C is the 4 bit command and D is the 12 bit data
367 //-----------------------------------------------------------------------------
368 void FpgaSendCommand(WORD cmd, WORD v)
369 {
370 SetupSpi(SPI_FPGA_MODE);
371 while ((SPI_STATUS & SPI_STATUS_TX_EMPTY) == 0); // wait for the transfer to complete
372 SPI_TX_DATA = SPI_CONTROL_LAST_TRANSFER | cmd | v; // send the data
373 }
374 //-----------------------------------------------------------------------------
375 // Write the FPGA setup word (that determines what mode the logic is in, read
376 // vs. clone vs. etc.). This is now a special case of FpgaSendCommand() to
377 // avoid changing this function's occurence everywhere in the source code.
378 //-----------------------------------------------------------------------------
379 void FpgaWriteConfWord(BYTE v)
380 {
381 FpgaSendCommand(FPGA_CMD_SET_CONFREG, v);
382 }
383
384 //-----------------------------------------------------------------------------
385 // Set up the CMOS switches that mux the ADC: four switches, independently
386 // closable, but should only close one at a time. Not an FPGA thing, but
387 // the samples from the ADC always flow through the FPGA.
388 //-----------------------------------------------------------------------------
389 void SetAdcMuxFor(int whichGpio)
390 {
391 PIO_OUTPUT_ENABLE = (1 << GPIO_MUXSEL_HIPKD) |
392 (1 << GPIO_MUXSEL_LOPKD) |
393 (1 << GPIO_MUXSEL_LORAW) |
394 (1 << GPIO_MUXSEL_HIRAW);
395
396 PIO_ENABLE = (1 << GPIO_MUXSEL_HIPKD) |
397 (1 << GPIO_MUXSEL_LOPKD) |
398 (1 << GPIO_MUXSEL_LORAW) |
399 (1 << GPIO_MUXSEL_HIRAW);
400
401 LOW(GPIO_MUXSEL_HIPKD);
402 LOW(GPIO_MUXSEL_HIRAW);
403 LOW(GPIO_MUXSEL_LORAW);
404 LOW(GPIO_MUXSEL_LOPKD);
405
406 HIGH(whichGpio);
407 }
Impressum, Datenschutz