int avr32_jtag_nexus_set_address(struct avr32_jtag *jtag_info,
uint32_t addr, int mode)
{
struct scan_field fields[2];
uint8_t addr_buf[4];
uint8_t busy_buf[4];
int busy;
memset(fields, 0, sizeof(fields));
do {
memset(addr_buf, 0, sizeof(addr_buf));
memset(busy_buf, 0, sizeof(busy_buf));
buf_set_u32(addr_buf, 0, 1, mode);
buf_set_u32(addr_buf, 1, 7, addr);
fields[0].num_bits = 26;
fields[0].in_value = NULL;
fields[0].out_value = NULL;
fields[1].num_bits = 8;
fields[1].in_value = busy_buf;
fields[1].out_value = addr_buf;
jtag_add_dr_scan(jtag_info->tap, 2, fields, TAP_IDLE);
if (jtag_execute_queue() != ERROR_OK) {
LOG_ERROR("%s: setting address failed", __func__);
return ERROR_FAIL;
}
busy = buf_get_u32(busy_buf, 6, 1);
} while (busy);
return ERROR_OK;
}
int str9xpec_handle_flash_options_lvdwarn_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
{
flash_bank_t *bank;
str9xpec_flash_controller_t *str9xpec_info = NULL;
if (argc < 2)
{
command_print(cmd_ctx, "str9xpec options_lvdwarn <bank> <vdd|vdd_vddq>");
return ERROR_OK;
}
bank = get_flash_bank_by_num(strtoul(args[0], NULL, 0));
if (!bank)
{
command_print(cmd_ctx, "flash bank '#%s' is out of bounds", args[0]);
return ERROR_OK;
}
str9xpec_info = bank->driver_priv;
if (strcmp(args[1], "vdd_vddq") == 0)
{
buf_set_u32(str9xpec_info->options, STR9XPEC_OPT_LVDWARNBIT, 1, 1);
}
else
{
buf_set_u32(str9xpec_info->options, STR9XPEC_OPT_LVDWARNBIT, 1, 0);
}
return ERROR_OK;
}
int embeddedice_read_reg_w_check(reg_t *reg, u8* check_value, u8* check_mask)
{
embeddedice_reg_t *ice_reg = reg->arch_info;
u8 reg_addr = ice_reg->addr & 0x1f;
scan_field_t fields[3];
u8 field1_out[1];
u8 field2_out[1];
jtag_add_end_state(TAP_IDLE);
arm_jtag_scann(ice_reg->jtag_info, 0x2);
arm_jtag_set_instr(ice_reg->jtag_info, ice_reg->jtag_info->intest_instr, NULL);
fields[0].tap = ice_reg->jtag_info->tap;
fields[0].num_bits = 32;
fields[0].out_value = reg->value;
fields[0].out_mask = NULL;
fields[0].in_value = NULL;
fields[0].in_check_value = NULL;
fields[0].in_check_mask = NULL;
fields[0].in_handler = NULL;
fields[0].in_handler_priv = NULL;
fields[1].tap = ice_reg->jtag_info->tap;
fields[1].num_bits = 5;
fields[1].out_value = field1_out;
buf_set_u32(fields[1].out_value, 0, 5, reg_addr);
fields[1].out_mask = NULL;
fields[1].in_value = NULL;
fields[1].in_check_value = NULL;
fields[1].in_check_mask = NULL;
fields[1].in_handler = NULL;
fields[1].in_handler_priv = NULL;
fields[2].tap = ice_reg->jtag_info->tap;
fields[2].num_bits = 1;
fields[2].out_value = field2_out;
buf_set_u32(fields[2].out_value, 0, 1, 0);
fields[2].out_mask = NULL;
fields[2].in_value = NULL;
fields[2].in_check_value = NULL;
fields[2].in_check_mask = NULL;
fields[2].in_handler = NULL;
fields[2].in_handler_priv = NULL;
jtag_add_dr_scan(3, fields, -1);
fields[0].in_value = reg->value;
jtag_set_check_value(fields+0, check_value, check_mask, NULL);
/* when reading the DCC data register, leaving the address field set to
* EICE_COMMS_DATA would read the register twice
* reading the control register is safe
*/
buf_set_u32(fields[1].out_value, 0, 5, embeddedice_reg_arch_info[EICE_COMMS_CTRL]);
jtag_add_dr_scan(3, fields, -1);
return ERROR_OK;
}
static int or1k_read_core_reg(struct target *target, int num)
{
struct or1k_common *or1k = target_to_or1k(target);
struct or1k_du *du_core = or1k_to_du(or1k);
uint32_t reg_value;
LOG_DEBUG("-");
if ((num < 0) || (num >= or1k->nb_regs))
return ERROR_COMMAND_SYNTAX_ERROR;
if ((num >= 0) && (num < OR1KNUMCOREREGS)) {
reg_value = or1k->core_regs[num];
buf_set_u32(or1k->core_cache->reg_list[num].value, 0, 32, reg_value);
LOG_DEBUG("Read core reg %i value 0x%08" PRIx32, num , reg_value);
or1k->core_cache->reg_list[num].valid = 1;
or1k->core_cache->reg_list[num].dirty = 0;
} else {
/* This is an spr, always read value from HW */
int retval = du_core->or1k_jtag_read_cpu(&or1k->jtag,
or1k->arch_info[num].spr_num, 1, ®_value);
if (retval != ERROR_OK) {
LOG_ERROR("Error while reading spr 0x%08" PRIx32, or1k->arch_info[num].spr_num);
return retval;
}
buf_set_u32(or1k->core_cache->reg_list[num].value, 0, 32, reg_value);
LOG_DEBUG("Read spr reg %i value 0x%08" PRIx32, num , reg_value);
}
return ERROR_OK;
}
static int str9xpec_erase_area(struct flash_bank *bank, int first, int last)
{
struct scan_field field;
uint8_t status;
struct jtag_tap *tap;
int i;
uint8_t *buffer = NULL;
struct str9xpec_flash_controller *str9xpec_info = bank->driver_priv;
tap = str9xpec_info->tap;
if (!str9xpec_info->isc_enable)
str9xpec_isc_enable(bank);
if (!str9xpec_info->isc_enable)
return ISC_STATUS_ERROR;
buffer = calloc(DIV_ROUND_UP(64, 8), 1);
LOG_DEBUG("erase: first_bank: %i, last_bank: %i", first, last);
/* last bank: 0xFF signals a full erase (unlock complete device) */
/* last bank: 0xFE signals a option byte erase */
if (last == 0xFF) {
for (i = 0; i < 64; i++)
buf_set_u32(buffer, i, 1, 1);
} else if (last == 0xFE)
buf_set_u32(buffer, 49, 1, 1);
else {
for (i = first; i <= last; i++)
buf_set_u32(buffer, str9xpec_info->sector_bits[i], 1, 1);
}
LOG_DEBUG("ISC_ERASE");
/* execute ISC_ERASE command */
str9xpec_set_instr(tap, ISC_ERASE, TAP_IRPAUSE);
field.num_bits = 64;
field.out_value = buffer;
field.in_value = NULL;
jtag_add_dr_scan(tap, 1, &field, TAP_IDLE);
jtag_execute_queue();
jtag_add_sleep(10);
/* wait for erase completion */
while (!((status = str9xpec_isc_status(tap)) & ISC_STATUS_BUSY))
alive_sleep(1);
free(buffer);
str9xpec_isc_disable(bank);
return status;
}
/** Checks whether a memory region is zeroed. */
int armv7m_blank_check_memory(struct target *target,
uint32_t address, uint32_t count, uint32_t* blank)
{
struct working_area *erase_check_algorithm;
struct reg_param reg_params[3];
struct armv7m_algorithm armv7m_info;
int retval;
uint32_t i;
static const uint16_t erase_check_code[] =
{
/* loop: */
0xF810, 0x3B01, /* ldrb r3, [r0], #1 */
0xEA02, 0x0203, /* and r2, r2, r3 */
0x3901, /* subs r1, r1, #1 */
0xD1F9, /* bne loop */
0xBE00, /* bkpt #0 */
};
/* make sure we have a working area */
if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
{
return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
}
/* convert flash writing code into a buffer in target endianness */
for (i = 0; i < ARRAY_SIZE(erase_check_code); i++)
target_write_u16(target, erase_check_algorithm->address + i*sizeof(uint16_t), erase_check_code[i]);
armv7m_info.common_magic = ARMV7M_COMMON_MAGIC;
armv7m_info.core_mode = ARMV7M_MODE_ANY;
init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
buf_set_u32(reg_params[0].value, 0, 32, address);
init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
buf_set_u32(reg_params[1].value, 0, 32, count);
init_reg_param(®_params[2], "r2", 32, PARAM_IN_OUT);
buf_set_u32(reg_params[2].value, 0, 32, 0xff);
retval = target_run_algorithm(target, 0, NULL, 3, reg_params, erase_check_algorithm->address,
erase_check_algorithm->address + (sizeof(erase_check_code) - 2),
10000, &armv7m_info);
if (retval == ERROR_OK)
*blank = buf_get_u32(reg_params[2].value, 0, 32);
destroy_reg_param(®_params[0]);
destroy_reg_param(®_params[1]);
destroy_reg_param(®_params[2]);
target_free_working_area(target, erase_check_algorithm);
return retval;
}
/** Checks whether a memory region is zeroed. */
int mips32_blank_check_memory(struct target *target,
uint32_t address, uint32_t count, uint32_t *blank)
{
struct working_area *erase_check_algorithm;
struct reg_param reg_params[3];
struct mips32_algorithm mips32_info;
static const uint32_t erase_check_code[] = {
/* nbyte: */
0x80880000, /* lb $t0, ($a0) */
0x00C83024, /* and $a2, $a2, $t0 */
0x24A5FFFF, /* addiu $a1, $a1, -1 */
0x14A0FFFC, /* bne $a1, $zero, nbyte */
0x24840001, /* addiu $a0, $a0, 1 */
0x7000003F /* sdbbp */
};
/* make sure we have a working area */
if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
/* convert erase check code into a buffer in target endianness */
uint8_t erase_check_code_8[sizeof(erase_check_code)];
target_buffer_set_u32_array(target, erase_check_code_8,
ARRAY_SIZE(erase_check_code), erase_check_code);
target_write_buffer(target, erase_check_algorithm->address, sizeof(erase_check_code), erase_check_code_8);
mips32_info.common_magic = MIPS32_COMMON_MAGIC;
mips32_info.isa_mode = MIPS32_ISA_MIPS32;
init_reg_param(®_params[0], "r4", 32, PARAM_OUT);
buf_set_u32(reg_params[0].value, 0, 32, address);
init_reg_param(®_params[1], "r5", 32, PARAM_OUT);
buf_set_u32(reg_params[1].value, 0, 32, count);
init_reg_param(®_params[2], "r6", 32, PARAM_IN_OUT);
buf_set_u32(reg_params[2].value, 0, 32, 0xff);
int retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
erase_check_algorithm->address,
erase_check_algorithm->address + (sizeof(erase_check_code) - 4),
10000, &mips32_info);
if (retval == ERROR_OK)
*blank = buf_get_u32(reg_params[2].value, 0, 32);
destroy_reg_param(®_params[0]);
destroy_reg_param(®_params[1]);
destroy_reg_param(®_params[2]);
target_free_working_area(target, erase_check_algorithm);
return retval;
}
/** Checks whether a memory region is zeroed. */
int xmc4xxx_blank_check_memory(struct target *target,
uint32_t address, uint32_t count, uint32_t *blank)
{
struct working_area *erase_check_algorithm;
struct reg_param reg_params[3];
struct armv7m_algorithm armv7m_info;
int retval;
static const uint8_t erase_check_code[] = {
#include "../../../contrib/loaders/erase_check/armv7m_0_erase_check.inc"
};
/* make sure we have a working area */
if (target_alloc_working_area(target, sizeof(erase_check_code),
&erase_check_algorithm) != ERROR_OK)
return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
retval = target_write_buffer(target, erase_check_algorithm->address,
sizeof(erase_check_code), (uint8_t *)erase_check_code);
if (retval != ERROR_OK)
return retval;
armv7m_info.common_magic = ARMV7M_COMMON_MAGIC;
armv7m_info.core_mode = ARM_MODE_THREAD;
init_reg_param(®_params[0], "r0", 32, PARAM_OUT);
buf_set_u32(reg_params[0].value, 0, 32, address);
init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
buf_set_u32(reg_params[1].value, 0, 32, count);
init_reg_param(®_params[2], "r2", 32, PARAM_IN_OUT);
buf_set_u32(reg_params[2].value, 0, 32, 0x00);
retval = target_run_algorithm(target,
0,
NULL,
3,
reg_params,
erase_check_algorithm->address,
erase_check_algorithm->address + (sizeof(erase_check_code) - 2),
10000,
&armv7m_info);
if (retval == ERROR_OK)
*blank = buf_get_u32(reg_params[2].value, 0, 32);
destroy_reg_param(®_params[0]);
destroy_reg_param(®_params[1]);
destroy_reg_param(®_params[2]);
target_free_working_area(target, erase_check_algorithm);
return retval;
}
/* send <size> words of 32 bit to the DCC
* we pretend the target is always going to be fast enough
* (relative to the JTAG clock), so we don't need to handshake
*/
int embeddedice_send(arm_jtag_t *jtag_info, u32 *data, u32 size)
{
scan_field_t fields[3];
u8 field0_out[4];
u8 field1_out[1];
u8 field2_out[1];
jtag_add_end_state(TAP_IDLE);
arm_jtag_scann(jtag_info, 0x2);
arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
fields[0].tap = jtag_info->tap;
fields[0].num_bits = 32;
fields[0].out_value = field0_out;
fields[0].out_mask = NULL;
fields[0].in_value = NULL;
fields[0].in_check_value = NULL;
fields[0].in_check_mask = NULL;
fields[0].in_handler = NULL;
fields[0].in_handler_priv = NULL;
fields[1].tap = jtag_info->tap;
fields[1].num_bits = 5;
fields[1].out_value = field1_out;
buf_set_u32(fields[1].out_value, 0, 5, embeddedice_reg_arch_info[EICE_COMMS_DATA]);
fields[1].out_mask = NULL;
fields[1].in_value = NULL;
fields[1].in_check_value = NULL;
fields[1].in_check_mask = NULL;
fields[1].in_handler = NULL;
fields[1].in_handler_priv = NULL;
fields[2].tap = jtag_info->tap;
fields[2].num_bits = 1;
fields[2].out_value = field2_out;
buf_set_u32(fields[2].out_value, 0, 1, 1);
fields[2].out_mask = NULL;
fields[2].in_value = NULL;
fields[2].in_check_value = NULL;
fields[2].in_check_mask = NULL;
fields[2].in_handler = NULL;
fields[2].in_handler_priv = NULL;
while (size > 0)
{
buf_set_u32(fields[0].out_value, 0, 32, *data);
jtag_add_dr_scan(3, fields, -1);
data++;
size--;
}
/* call to jtag_execute_queue() intentionally omitted */
return ERROR_OK;
}
static int ftdi_execute_pathmove(struct jtag_command *cmd)
{
int retval = ERROR_OK;
tap_state_t *path = cmd->cmd.pathmove->path;
int num_states = cmd->cmd.pathmove->num_states;
DEBUG_JTAG_IO("pathmove: %i states, current: %s end: %s", num_states,
tap_state_name(tap_get_state()),
tap_state_name(path[num_states-1]));
int state_count = 0;
unsigned bit_count = 0;
uint8_t tms_byte = 0;
DEBUG_JTAG_IO("-");
/* this loop verifies that the path is legal and logs each state in the path */
while (num_states-- && retval == ERROR_OK) {
/* either TMS=0 or TMS=1 must work ... */
if (tap_state_transition(tap_get_state(), false)
== path[state_count])
buf_set_u32(&tms_byte, bit_count++, 1, 0x0);
else if (tap_state_transition(tap_get_state(), true)
== path[state_count]) {
buf_set_u32(&tms_byte, bit_count++, 1, 0x1);
/* ... or else the caller goofed BADLY */
} else {
LOG_ERROR("BUG: %s -> %s isn't a valid "
"TAP state transition",
tap_state_name(tap_get_state()),
tap_state_name(path[state_count]));
exit(-1);
}
tap_set_state(path[state_count]);
state_count++;
if (bit_count == 7 || num_states == 0) {
retval = mpsse_clock_tms_cs_out(mpsse_ctx,
&tms_byte,
0,
bit_count,
false,
JTAG_MODE);
bit_count = 0;
}
}
tap_set_end_state(tap_get_state());
return retval;
}
/** Generates a CRC32 checksum of a memory region. */
int armv7m_checksum_memory(struct target *target,
target_addr_t address, uint32_t count, uint32_t *checksum)
{
struct working_area *crc_algorithm;
struct armv7m_algorithm armv7m_info;
struct reg_param reg_params[2];
int retval;
static const uint8_t cortex_m_crc_code[] = {
#include "../../contrib/loaders/checksum/armv7m_crc.inc"
};
retval = target_alloc_working_area(target, sizeof(cortex_m_crc_code), &crc_algorithm);
if (retval != ERROR_OK)
return retval;
retval = target_write_buffer(target, crc_algorithm->address,
sizeof(cortex_m_crc_code), (uint8_t *)cortex_m_crc_code);
if (retval != ERROR_OK)
goto cleanup;
armv7m_info.common_magic = ARMV7M_COMMON_MAGIC;
armv7m_info.core_mode = ARM_MODE_THREAD;
init_reg_param(®_params[0], "r0", 32, PARAM_IN_OUT);
init_reg_param(®_params[1], "r1", 32, PARAM_OUT);
buf_set_u32(reg_params[0].value, 0, 32, address);
buf_set_u32(reg_params[1].value, 0, 32, count);
int timeout = 20000 * (1 + (count / (1024 * 1024)));
retval = target_run_algorithm(target, 0, NULL, 2, reg_params, crc_algorithm->address,
crc_algorithm->address + (sizeof(cortex_m_crc_code) - 6),
timeout, &armv7m_info);
if (retval == ERROR_OK)
*checksum = buf_get_u32(reg_params[0].value, 0, 32);
else
LOG_ERROR("error executing cortex_m crc algorithm");
destroy_reg_param(®_params[0]);
destroy_reg_param(®_params[1]);
cleanup:
target_free_working_area(target, crc_algorithm);
return retval;
}
static void msp432_init_params(struct msp432_algo_params *algo_params)
{
buf_set_u32(algo_params->flash_command, 0, 32, FLASH_NO_COMMAND);
buf_set_u32(algo_params->return_code, 0, 32, 0);
buf_set_u32(algo_params->_reserved0, 0, 32, 0);
buf_set_u32(algo_params->address, 0, 32, 0);
buf_set_u32(algo_params->length, 0, 32, 0);
buf_set_u32(algo_params->buffer1_status, 0, 32, BUFFER_INACTIVE);
buf_set_u32(algo_params->buffer2_status, 0, 32, BUFFER_INACTIVE);
buf_set_u32(algo_params->erase_param, 0, 32, FLASH_ERASE_MAIN);
buf_set_u32(algo_params->unlock_bsl, 0, 32, FLASH_LOCK_BSL);
}
/**
* This functions sets instruction register in TAP. TAP end state is always
* IRPAUSE.
*
* @param jtag_info
* @param new_instr Instruction to write to instruction register.
*/
static void arc_jtag_write_ir(struct arc_jtag *jtag_info, uint32_t
new_instr)
{
assert(jtag_info != NULL);
assert(jtag_info->tap != NULL);
struct jtag_tap *tap = jtag_info->tap;
/* Set end state */
jtag_info->tap_end_state = TAP_IRPAUSE;
/* Do not set instruction if it is the same as current. */
uint32_t current_instr = buf_get_u32(tap->cur_instr, 0, tap->ir_length);
if (current_instr == new_instr)
return;
/* Create scan field to output new instruction. */
struct scan_field field;
uint8_t instr_buffer[4];
field.num_bits = tap->ir_length;
field.in_value = NULL;
buf_set_u32(instr_buffer, 0, field.num_bits, new_instr);
field.out_value = instr_buffer;
/* From code in src/jtag/drivers/driver.c it look like that fields are
* copied so it is OK that field in this function is allocated in stack and
* thus this memory will be repurposed before jtag_execute_queue() will be
* invoked. */
jtag_add_ir_scan(tap, &field, jtag_info->tap_end_state);
}
int arm_jtag_set_instr(arm_jtag_t *jtag_info, u32 new_instr, in_handler_t handler)
{
jtag_tap_t *tap;
tap = jtag_info->tap;
if (tap==NULL)
return ERROR_FAIL;
if (buf_get_u32(tap->cur_instr, 0, tap->ir_length) != new_instr)
{
scan_field_t field;
u8 t[4];
field.tap = tap;
field.num_bits = tap->ir_length;
field.out_value = t;
buf_set_u32(field.out_value, 0, field.num_bits, new_instr);
field.out_mask = NULL;
field.in_value = NULL;
field.in_check_value = NULL;
field.in_check_mask = NULL;
field.in_handler = handler;
field.in_handler_priv = NULL;
jtag_add_ir_scan(1, &field, -1);
}
return ERROR_OK;
}
int arm_jtag_set_instr_inner(struct arm_jtag *jtag_info, uint32_t new_instr, void *no_verify_capture)
{
struct jtag_tap *tap;
tap = jtag_info->tap;
struct scan_field field;
uint8_t t[4];
field.tap = tap;
field.num_bits = tap->ir_length;
field.out_value = t;
buf_set_u32(field.out_value, 0, field.num_bits, new_instr);
field.in_value = NULL;
if (no_verify_capture == NULL)
{
jtag_add_ir_scan(1, &field, jtag_get_end_state());
} else
{
/* FIX!!!! this is a kludge!!! arm926ejs.c should reimplement this arm_jtag_set_instr to
* have special verification code.
*/
jtag_add_ir_scan_noverify(1, &field, jtag_get_end_state());
}
return ERROR_OK;
}
int armv7m_maybe_skip_bkpt_inst(struct target *target, bool *inst_found)
{
struct armv7m_common *armv7m = target_to_armv7m(target);
struct reg *r = armv7m->arm.pc;
bool result = false;
/* if we halted last time due to a bkpt instruction
* then we have to manually step over it, otherwise
* the core will break again */
if (target->debug_reason == DBG_REASON_BREAKPOINT) {
uint16_t op;
uint32_t pc = buf_get_u32(r->value, 0, 32);
pc &= ~1;
if (target_read_u16(target, pc, &op) == ERROR_OK) {
if ((op & 0xFF00) == 0xBE00) {
pc = buf_get_u32(r->value, 0, 32) + 2;
buf_set_u32(r->value, 0, 32, pc);
r->dirty = true;
r->valid = true;
result = true;
LOG_DEBUG("Skipping over BKPT instruction");
}
}
}
if (inst_found)
*inst_found = result;
return ERROR_OK;
}
static int osbdm_add_pathmove(
struct queue *queue,
tap_state_t *path,
int num_states)
{
assert(num_states <= 32);
struct sequence *next = queue_add_tail(queue, num_states);
if (!next) {
LOG_ERROR("BUG: can't allocate bit sequence");
return ERROR_FAIL;
}
uint32_t tms = 0;
for (int i = 0; i < num_states; i++) {
if (tap_state_transition(tap_get_state(), 1) == path[i]) {
tms |= (1 << i);
} else if (tap_state_transition(tap_get_state(), 0) == path[i]) {
tms &= ~(1 << i); /* This line not so needed */
} else {
LOG_ERROR("BUG: %s -> %s isn't a valid TAP state transition",
tap_state_name(tap_get_state()),
tap_state_name(path[i]));
return ERROR_FAIL;
}
tap_set_state(path[i]);
}
buf_set_u32(next->tms, 0, num_states, tms);
tap_set_end_state(tap_get_state());
return ERROR_OK;
}
/* Execute an Xtensa OCD TAP instruction immediately */
static int xtensa_tap_exec(struct target *target, int inst_idx, uint32_t data_out, uint32_t *data_in)
{
uint8_t out[4] = { 0 }, in[4] = { 0 };
int res;
if(data_out)
buf_set_u32(out, 0, 32, data_out);
res = xtensa_tap_queue(target, inst_idx, out, in);
if(res != ERROR_OK)
return res;
res = jtag_execute_queue();
if(res != ERROR_OK) {
LOG_ERROR("failed to scan tap instruction");
return res;
}
if(data_in) {
static uint32_t last_dosr;
*data_in = buf_get_u32(in, 0, 32);
if(inst_idx != TAP_INS_READ_DOSR || *data_in != last_dosr) {
LOG_DEBUG("Executed %s, data_out=0x%" PRIx32 " data_in=0x%" PRIx32,
tap_instrs[inst_idx].name, data_out, *data_in);
if(inst_idx == TAP_INS_READ_DOSR)
last_dosr = *data_in;
}
} else {
LOG_DEBUG("Executed %s, data_out=0x%" PRIx32,
tap_instrs[inst_idx].name, data_out);
}
return ERROR_OK;
}
int str9xpec_set_instr(jtag_tap_t *tap, u32 new_instr, tap_state_t end_state)
{
if( tap == NULL ){
return ERROR_TARGET_INVALID;
}
if (buf_get_u32(tap->cur_instr, 0, tap->ir_length) != new_instr)
{
scan_field_t field;
field.tap = tap;
field.num_bits = tap->ir_length;
field.out_value = calloc(CEIL(field.num_bits, 8), 1);
buf_set_u32(field.out_value, 0, field.num_bits, new_instr);
field.out_mask = NULL;
field.in_value = NULL;
field.in_check_value = NULL;
field.in_check_mask = NULL;
field.in_handler = NULL;
field.in_handler_priv = NULL;
jtag_add_ir_scan(1, &field, end_state);
free(field.out_value);
}
return ERROR_OK;
}
/**
* Set transaction in command register. This function sets instruction register
* and then transaction register, there is no need to invoke write_ir before
* invoking this function.
*
* @param jtag_info
* @param new_trans Transaction to write to transaction command register.
* @param end_state End state after writing.
*/
static void arc_jtag_set_transaction(struct arc_jtag *jtag_info,
arc_jtag_transaction_t new_trans, tap_state_t end_state)
{
assert(jtag_info != NULL);
assert(jtag_info->tap != NULL);
/* No need to do anything. */
if (jtag_info->cur_trans == new_trans)
return;
/* Set instruction. We used to call write_ir at upper levels, however
* write_ir-write_transaction were constantly in pair, so to avoid code
* duplication this function does it self. For this reasons it is "set"
* instead of "write". */
arc_jtag_write_ir(jtag_info, ARC_TRANSACTION_CMD_REG);
jtag_info->tap_end_state = end_state;
uint8_t out_value[4];
buf_set_u32(out_value, 0, ARC_TRANSACTION_CMD_REG_LENGTH, new_trans);
struct scan_field field;
field.num_bits = ARC_TRANSACTION_CMD_REG_LENGTH;
field.out_value = out_value;
field.in_value = NULL;
jtag_add_dr_scan(jtag_info->tap, 1, &field, jtag_info->tap_end_state);
jtag_info->cur_trans = new_trans;
}
/* flash bank str9x <base> <size> 0 0 <target#>
*/
int str9xpec_flash_bank_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc, struct flash_bank_s *bank)
{
str9xpec_flash_controller_t *str9xpec_info;
armv4_5_common_t *armv4_5 = NULL;
arm7_9_common_t *arm7_9 = NULL;
arm_jtag_t *jtag_info = NULL;
if (argc < 6)
{
LOG_WARNING("incomplete flash_bank str9x configuration");
return ERROR_FLASH_BANK_INVALID;
}
str9xpec_info = malloc(sizeof(str9xpec_flash_controller_t));
bank->driver_priv = str9xpec_info;
/* find out jtag position of flash controller
* it is always after the arm966 core */
armv4_5 = bank->target->arch_info;
arm7_9 = armv4_5->arch_info;
jtag_info = &arm7_9->jtag_info;
str9xpec_info->tap = jtag_TapByAbsPosition( jtag_info->tap->abs_chain_position - 1);
str9xpec_info->isc_enable = 0;
str9xpec_build_block_list(bank);
/* clear option byte register */
buf_set_u32(str9xpec_info->options, 0, 64, 0);
return ERROR_OK;
}
/* read reg from lakemont core shadow ram, update reg cache if needed */
static int read_hw_reg(struct target *t, int reg, uint32_t *regval, uint8_t cache)
{
struct x86_32_common *x86_32 = target_to_x86_32(t);
struct lakemont_core_reg *arch_info;
arch_info = x86_32->cache->reg_list[reg].arch_info;
x86_32->flush = 0; /* dont flush scans till we have a batch */
if (submit_reg_pir(t, reg) != ERROR_OK)
return ERROR_FAIL;
if (submit_instruction_pir(t, SRAMACCESS) != ERROR_OK)
return ERROR_FAIL;
if (submit_instruction_pir(t, SRAM2PDR) != ERROR_OK)
return ERROR_FAIL;
x86_32->flush = 1;
scan.out[0] = RDWRPDR;
if (irscan(t, scan.out, NULL, LMT_IRLEN) != ERROR_OK)
return ERROR_FAIL;
if (drscan(t, NULL, scan.out, PDR_SIZE) != ERROR_OK)
return ERROR_FAIL;
jtag_add_sleep(DELAY_SUBMITPIR);
*regval = buf_get_u32(scan.out, 0, 32);
if (cache) {
buf_set_u32(x86_32->cache->reg_list[reg].value, 0, 32, *regval);
x86_32->cache->reg_list[reg].valid = 1;
x86_32->cache->reg_list[reg].dirty = 0;
}
LOG_DEBUG("reg=%s, op=0x%016" PRIx64 ", val=0x%08" PRIx32,
x86_32->cache->reg_list[reg].name,
arch_info->op,
*regval);
return ERROR_OK;
}
/* write lakemont core shadow ram reg, update reg cache if needed */
static int write_hw_reg(struct target *t, int reg, uint32_t regval, uint8_t cache)
{
struct x86_32_common *x86_32 = target_to_x86_32(t);
struct lakemont_core_reg *arch_info;
arch_info = x86_32->cache->reg_list[reg].arch_info;
uint8_t reg_buf[4];
if (cache)
regval = buf_get_u32(x86_32->cache->reg_list[reg].value, 0, 32);
buf_set_u32(reg_buf, 0, 32, regval);
LOG_DEBUG("reg=%s, op=0x%016" PRIx64 ", val=0x%08" PRIx32 " cache=0x%08" PRIx8,
x86_32->cache->reg_list[reg].name, arch_info->op, regval, cache);
x86_32->flush = 0; /* dont flush scans till we have a batch */
if (submit_reg_pir(t, reg) != ERROR_OK)
return ERROR_FAIL;
if (submit_instruction_pir(t, SRAMACCESS) != ERROR_OK)
return ERROR_FAIL;
scan.out[0] = RDWRPDR;
if (irscan(t, scan.out, NULL, LMT_IRLEN) != ERROR_OK)
return ERROR_FAIL;
if (drscan(t, reg_buf, scan.out, PDR_SIZE) != ERROR_OK)
return ERROR_FAIL;
x86_32->flush = 1;
if (submit_instruction_pir(t, PDR2SRAM) != ERROR_OK)
return ERROR_FAIL;
/* we are writing from the cache so ensure we reset flags */
if (cache) {
x86_32->cache->reg_list[reg].dirty = 0;
x86_32->cache->reg_list[reg].valid = 0;
}
return ERROR_OK;
}
static int or1k_set_core_reg(struct reg *reg, uint8_t *buf)
{
struct or1k_core_reg *or1k_reg = reg->arch_info;
struct target *target = or1k_reg->target;
struct or1k_common *or1k = target_to_or1k(target);
struct or1k_du *du_core = or1k_to_du(or1k);
uint32_t value = buf_get_u32(buf, 0, 32);
LOG_DEBUG("-");
if (target->state != TARGET_HALTED)
return ERROR_TARGET_NOT_HALTED;
if (or1k_reg->list_num < OR1KNUMCOREREGS) {
buf_set_u32(reg->value, 0, 32, value);
reg->dirty = 1;
reg->valid = 1;
} else {
/* This is an spr, write it to the HW */
int retval = du_core->or1k_jtag_write_cpu(&or1k->jtag,
or1k_reg->spr_num, 1, &value);
if (retval != ERROR_OK) {
LOG_ERROR("Error while writing spr 0x%08" PRIx32, or1k_reg->spr_num);
return retval;
}
}
return ERROR_OK;
}
static int str9xpec_blank_check(struct flash_bank *bank, int first, int last)
{
struct scan_field field;
uint8_t status;
struct jtag_tap *tap;
int i;
uint8_t *buffer = NULL;
struct str9xpec_flash_controller *str9xpec_info = bank->driver_priv;
tap = str9xpec_info->tap;
if (!str9xpec_info->isc_enable)
str9xpec_isc_enable(bank);
if (!str9xpec_info->isc_enable)
return ERROR_FLASH_OPERATION_FAILED;
buffer = calloc(DIV_ROUND_UP(64, 8), 1);
LOG_DEBUG("blank check: first_bank: %i, last_bank: %i", first, last);
for (i = first; i <= last; i++)
buf_set_u32(buffer, str9xpec_info->sector_bits[i], 1, 1);
/* execute ISC_BLANK_CHECK command */
str9xpec_set_instr(tap, ISC_BLANK_CHECK, TAP_IRPAUSE);
field.num_bits = 64;
field.out_value = buffer;
field.in_value = NULL;
jtag_add_dr_scan(tap, 1, &field, TAP_IDLE);
jtag_add_sleep(40000);
/* read blank check result */
field.num_bits = 64;
field.out_value = NULL;
field.in_value = buffer;
jtag_add_dr_scan(tap, 1, &field, TAP_IRPAUSE);
jtag_execute_queue();
status = str9xpec_isc_status(tap);
for (i = first; i <= last; i++) {
if (buf_get_u32(buffer, str9xpec_info->sector_bits[i], 1))
bank->sectors[i].is_erased = 0;
else
bank->sectors[i].is_erased = 1;
}
free(buffer);
str9xpec_isc_disable(bank);
if ((status & ISC_STATUS_ERROR) != STR9XPEC_ISC_SUCCESS)
return ERROR_FLASH_OPERATION_FAILED;
return ERROR_OK;
}
static int virtex2_send_32(struct pld_device *pld_device,
int num_words, uint32_t *words)
{
struct virtex2_pld_device *virtex2_info = pld_device->driver_priv;
struct scan_field scan_field;
uint8_t *values;
int i;
values = malloc(num_words * 4);
scan_field.tap = virtex2_info->tap;
scan_field.num_bits = num_words * 32;
scan_field.out_value = values;
scan_field.in_value = NULL;
for (i = 0; i < num_words; i++)
buf_set_u32(values + 4 * i, 0, 32, flip_u32(*words++, 32));
virtex2_set_instr(virtex2_info->tap, 0x5); /* CFG_IN */
jtag_add_dr_scan(1, &scan_field, jtag_set_end_state(TAP_DRPAUSE));
free(values);
return ERROR_OK;
}
static uint32_t arm11_nextpc(struct arm11_common *arm11, int current, uint32_t address)
{
void *value = arm11->arm.pc->value;
/* use the current program counter */
if (current)
address = buf_get_u32(value, 0, 32);
/* Make sure that the gdb thumb fixup does not
* kill the return address
*/
switch (arm11->arm.core_state) {
case ARM_STATE_ARM:
address &= 0xFFFFFFFC;
break;
case ARM_STATE_THUMB:
/* When the return address is loaded into PC
* bit 0 must be 1 to stay in Thumb state
*/
address |= 0x1;
break;
/* catch-all for JAZELLE and THUMB_EE */
default:
break;
}
buf_set_u32(value, 0, 32, address);
arm11->arm.pc->dirty = 1;
arm11->arm.pc->valid = 1;
return address;
}
int mips_ejtag_drscan_8(struct mips_ejtag *ejtag_info, uint32_t *data)
{
// LOG_DEBUG("mips_ejtag_drscan_8");
struct jtag_tap *tap;
tap = ejtag_info->tap;
assert(tap != NULL);
struct scan_field field;
uint8_t t[4] = {0, 0, 0, 0}, r[4];
int retval;
field.num_bits = 8;
field.out_value = t;
buf_set_u32(t, 0, field.num_bits, *data);
field.in_value = r;
jtag_add_dr_scan(tap, 1, &field, TAP_IDLE);
retval = jtag_execute_queue();
if (retval != ERROR_OK) {
LOG_ERROR("register read failed");
return retval;
}
*data = buf_get_u32(field.in_value, 0, 32);
return ERROR_OK;
}
static int avr32_jtag_set_instr(struct avr32_jtag *jtag_info, int new_instr)
{
struct jtag_tap *tap;
int busy = 0;
tap = jtag_info->tap;
if (tap == NULL)
return ERROR_FAIL;
if (buf_get_u32(tap->cur_instr, 0, tap->ir_length) != (uint32_t)new_instr)
{
do {
struct scan_field field;
uint8_t t[4];
uint8_t ret[4];
field.num_bits = tap->ir_length;
field.out_value = t;
buf_set_u32(t, 0, field.num_bits, new_instr);
field.in_value = ret;
jtag_add_ir_scan(tap, &field, TAP_IDLE);
if (jtag_execute_queue() != ERROR_OK)
{
LOG_ERROR("%s: setting address failed", __func__);
return ERROR_FAIL;
}
busy = buf_get_u32(ret, 2, 1);
} while (busy); /* check for busy bit */
}
return ERROR_OK;
}
int arm926ejs_soft_reset_halt(struct target *target)
{
int retval = ERROR_OK;
struct arm926ejs_common *arm926ejs = target_to_arm926(target);
struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
struct arm *arm = &arm7_9->arm;
struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
retval = target_halt(target);
if (retval != ERROR_OK)
return retval;
int64_t then = timeval_ms();
int timeout;
while (!(timeout = ((timeval_ms()-then) > 1000))) {
if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) == 0) {
embeddedice_read_reg(dbg_stat);
retval = jtag_execute_queue();
if (retval != ERROR_OK)
return retval;
} else
break;
if (debug_level >= 1) {
/* do not eat all CPU, time out after 1 se*/
alive_sleep(100);
} else
keep_alive();
}
if (timeout) {
LOG_ERROR("Failed to halt CPU after 1 sec");
return ERROR_TARGET_TIMEOUT;
}
target->state = TARGET_HALTED;
/* SVC, ARM state, IRQ and FIQ disabled */
uint32_t cpsr;
cpsr = buf_get_u32(arm->cpsr->value, 0, 32);
cpsr &= ~0xff;
cpsr |= 0xd3;
arm_set_cpsr(arm, cpsr);
arm->cpsr->dirty = 1;
/* start fetching from 0x0 */
buf_set_u32(arm->pc->value, 0, 32, 0x0);
arm->pc->dirty = 1;
arm->pc->valid = 1;
retval = arm926ejs_disable_mmu_caches(target, 1, 1, 1);
if (retval != ERROR_OK)
return retval;
arm926ejs->armv4_5_mmu.mmu_enabled = 0;
arm926ejs->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
arm926ejs->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
}
