OpenOCD
rp2xxx.c
Go to the documentation of this file.
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 
3 #ifdef HAVE_CONFIG_H
4 #include "config.h"
5 #endif
6 
7 #include "imp.h"
8 #include <helper/binarybuffer.h>
9 #include <target/algorithm.h>
10 #include <target/armv7m.h>
11 #include "spi.h"
12 #include "sfdp.h"
13 #include <target/cortex_m.h>
14 
15 /* this is 'M' 'u', 1 (version) */
16 #define BOOTROM_RP2040_MAGIC 0x01754d
17 /* this is 'M' 'u', 2 (version) */
18 #define BOOTROM_RP2350_MAGIC 0x02754d
19 #define BOOTROM_MAGIC_MASK 0xffffff
20 #define BOOTROM_MAGIC_ADDR 0x00000010
21 
22 #define MAKE_TAG(a, b) (((b)<<8) | a)
23 #define FUNC_FLASH_EXIT_XIP MAKE_TAG('E', 'X')
24 #define FUNC_CONNECT_INTERNAL_FLASH MAKE_TAG('I', 'F')
25 #define FUNC_FLASH_RANGE_ERASE MAKE_TAG('R', 'E')
26 #define FUNC_FLASH_RANGE_PROGRAM MAKE_TAG('R', 'P')
27 #define FUNC_FLASH_FLUSH_CACHE MAKE_TAG('F', 'C')
28 #define FUNC_FLASH_ENTER_CMD_XIP MAKE_TAG('C', 'X')
29 #define FUNC_BOOTROM_STATE_RESET MAKE_TAG('S', 'R')
30 #define FUNC_BOOTROM_SET_STACK MAKE_TAG('S', 'S')
31 #define FUNC_FLASH_RESET_ADDRESS_TRANS MAKE_TAG('R', 'A')
32 
33 /* ROM table flags for RP2350 A1 ROM onwards */
34 #define RT_FLAG_FUNC_RISCV 0x01
35 #define RT_FLAG_FUNC_ARM_SEC 0x04
36 #define RT_FLAG_FUNC_ARM_NONSEC 0x10
37 #define RT_FLAG_DATA 0x40
38 
39 // these form a bit set
40 #define BOOTROM_STATE_RESET_CURRENT_CORE 0x01
41 #define BOOTROM_STATE_RESET_OTHER_CORE 0x02
42 #define BOOTROM_STATE_RESET_GLOBAL_STATE 0x04
43 
44 #define ACCESSCTRL_LOCK_OFFSET 0x40060000u
45 #define ACCESSCTRL_CFGRESET_OFFSET 0x40060008u
46 #define ACCESSCTRL_GPIO_NSMASK0_OFFSET 0x4006000cu
47 #define ACCESSCTRL_GPIO_ROM_OFFSET 0x40060014u
48 #define ACCESSCTRL_GPIO_XIP_AUX_OFFSET 0x400600e8u
49 
50 #define ACCESSCTRL_SAVE_BASE ACCESSCTRL_GPIO_NSMASK0_OFFSET
51 #define ACCESSCTRL_SAVE_SIZE \
52  (ACCESSCTRL_GPIO_XIP_AUX_OFFSET + 4 - ACCESSCTRL_SAVE_BASE)
53 
54 #define ACCESSCTRL_LOCK_DEBUG_BITS 0x00000008u
55 #define ACCESSCTRL_WRITE_PASSWORD 0xacce0000u
56 
57 #define RP2040_SSI_DR0 0x18000060
58 #define RP2040_QSPI_CTRL 0x4001800c
59 
60 #define RP2040_QSPI_CTRL_OUTOVER_MASK (3ul << 8)
61 #define RP2040_QSPI_CTRL_OUTOVER_LOW (2ul << 8)
62 #define RP2040_QSPI_CTRL_OUTOVER_HIGH (3ul << 8)
63 
64 #define RP2350_QMI_DIRECT_CSR 0x400d0000
65 #define RP2350_QMI_DIRECT_TX 0x400d0004
66 #define RP2350_QMI_DIRECT_RX 0x400d0008
67 
68 #define RP2350_QMI_DIRECT_CSR_EN BIT(0)
69 #define RP2350_QMI_DIRECT_CSR_ASSERT_CS0N BIT(2)
70 #define RP2350_QMI_DIRECT_TX_NOPUSH BIT(20)
71 #define RP2350_QMI_DIRECT_TX_OE BIT(19)
72 
73 #define RP2XXX_SYSINFO_CHIP_ID 0x40000000
74 #define RP2XXX_CHIP_ID_PART_MANUFACTURER(id) ((id) & 0x0fffffff)
75 #define RP2XXX_CHIP_ID_MANUFACTURER 0x493
76 #define RP2XXX_MK_PART(part) (((part) << 12) | (RP2XXX_CHIP_ID_MANUFACTURER << 1) | 1)
77 #define RP2040_CHIP_ID_PART 0x0002
78 #define IS_RP2040(id) (RP2XXX_CHIP_ID_PART_MANUFACTURER(id) == RP2XXX_MK_PART(RP2040_CHIP_ID_PART))
79 #define RP2350_CHIP_ID_PART 0x0004
80 #define IS_RP2350(id) (RP2XXX_CHIP_ID_PART_MANUFACTURER(id) == RP2XXX_MK_PART(RP2350_CHIP_ID_PART))
81 #define RP2XXX_CHIP_ID_REVISION(id) ((id) >> 28)
82 
83 #define RP2XXX_MAX_ALGO_STACK_USAGE 1024
84 #define RP2XXX_MAX_RAM_ALGO_SIZE 1024
85 
86 #define RP2XXX_ROM_API_FIXED_FLASH_PAGE 256
87 #define RP2XXX_ROM_API_FIXED_FLASH_SECTOR 4096
88 
89 // Calling bootrom functions on Arm RP2350 requires the redundancy
90 // coprocessor (RCP) to be initialised. Usually this is done first thing by
91 // the bootrom, but the debugger may skip this, e.g. by resetting the cores
92 // and then running a NO_FLASH binary, or by reset-halting the cores before
93 // flash programming.
94 //
95 // The first case can be handled by a stub in the binary itself to initialise
96 // the RCP with dummy values if the bootrom has not already initialised it.
97 // (Note this case is only reachable via the debugger.) The second case
98 // requires the debugger itself to initialise the RCP, using this stub code:
99 
100 static const int rcp_init_code_bkpt_offset = 24;
101 static const uint8_t rcp_init_code[] = {
102  // Just enable the RCP which is fine if it already was (we assume no other
103  // co-processors are enabled at this point to save space)
104  0x06, 0x48, // ldr r0, = PPB_BASE + M33_CPACR_OFFSET
105  0x5f, 0xf4, 0x40, 0x41, // movs r1, #M33_CPACR_CP7_BITS
106  0x01, 0x60, // str r1, [r0]
107  // Only initialize canary seeds if they haven't been (as to do so twice is a fault)
108  0x30, 0xee, 0x10, 0xf7, // mrc p7, #1, r15, c0, c0, #0
109  0x04, 0xd4, // bmi 1f
110  // Todo should we use something random here and pass it into the algorithm?
111  0x40, 0xec, 0x80, 0x07, // mcrr p7, #8, r0, r0, c0
112  0x40, 0xec, 0x81, 0x07, // mcrr p7, #8, r0, r0, c1
113  // Let other core know
114  0x40, 0xbf, // sev
115  // 1:
116  0x00, 0xbe, // bkpt (end of algorithm)
117  0x00, 0x00, // pad
118  0x88, 0xed, 0x00, 0xe0 // PPB_BASE + M33_CPACR_OFFSET
119 };
120 
121 // An algorithm stub that can be concatenated with a null-terminated list of
122 // (PC, SP, r0-r3) records to perform a batch of ROM calls under a single
123 // OpenOCD algorithm call, to save on algorithm overhead:
124 #define ROM_CALL_BATCH_ALGO_SIZE_BYTES 32
127 // <_start>:
128  0x07, 0xa7, // add r7, pc, #28 ; (adr r7, 20 <_args>)
129 // <_do_next>:
130  0x10, 0xcf, // ldmia r7!, {r4}
131  0x00, 0x2c, // cmp r4, #0
132  0x0a, 0xd0, // beq.n 1e <_done>
133  0x20, 0xcf, // ldmia r7!, {r5}
134  0xad, 0x46, // mov sp, r5
135  0x0f, 0xcf, // ldmia r7!, {r0, r1, r2, r3}
136  0xa0, 0x47, // blx r4
137  0xf7, 0xe7, // b.n 2 <_do_next>
138  0xc0, 0x46, // nop
139  0xc0, 0x46, // nop
140  0xc0, 0x46, // nop
141  0xc0, 0x46, // nop
142  0xc0, 0x46, // nop
143  0xc0, 0x46, // nop
144 // <_done>:
145  0x00, 0xbe, // bkpt 0x0000
146 // <_args>:
147 };
148 
149 // The same as rom_call_batch_algo_armv6m, but clearing stack limits before setting stack:
151 // <_start>:
152  0x07, 0xa7, // add r7, pc, #28 ; (adr r7, 20 <_args>)
153  0x00, 0x20, // movs r0, #0
154  0x80, 0xf3, 0x0a, 0x88, // msr MSPLIM, r0
155  0x80, 0xf3, 0x0b, 0x88, // msr PSPLIM, r0
156 // <_do_next>:
157  0x10, 0xcf, // ldmia r7!, {r4}
158  0x00, 0x2c, // cmp r4, #0
159  0x05, 0xd0, // beq.n 1e <_done>
160  0x20, 0xcf, // ldmia r7!, {r5}
161  0xad, 0x46, // mov sp, r5
162  0x0f, 0xcf, // ldmia r7!, {r0, r1, r2, r3}
163  0xa0, 0x47, // blx r4
164  0xf7, 0xe7, // b.n c <_do_next>
165  0xc0, 0x46, // nop
166 // <_done>:
167  0x00, 0xbe, // bkpt 0x0000
168 // <_args>:
169 };
170 
171 // The same as rom_call_batch_algo_armv6m, but placing arguments in a0-a3 on RISC-V:
173 // <_start>:
174  0x97, 0x04, 0x00, 0x00, // auipc s1,0
175  0x93, 0x84, 0x04, 0x02, // add s1,s1,32 # 20 <_args>
176 // <_do_next>:
177  0x98, 0x40, // lw a4,0(s1)
178  0x11, 0xcb, // beqz a4,1e <_done>
179  0x03, 0xa1, 0x44, 0x00, // lw sp,4(s1)
180  0x88, 0x44, // lw a0,8(s1)
181  0xcc, 0x44, // lw a1,12(s1)
182  0x90, 0x48, // lw a2,16(s1)
183  0xd4, 0x48, // lw a3,20(s1)
184  0xe1, 0x04, // add s1,s1,24
185  0x02, 0x97, // jalr a4
186  0xf5, 0xb7, // j 8 <_do_next>
187 // <_done>:
188  0x02, 0x90, // ebreak
189 // <_args>:
190 };
191 
193  uint32_t pc;
194  uint32_t sp;
195  uint32_t args[4];
196 };
197 
199  bool probed; /* flag indicating successful flash probe */
200  uint32_t id; /* cached SYSINFO CHIP_ID */
201  struct working_area *stack; /* stack used by Boot ROM calls */
202  /* static code scratchpad used for RAM algorithms -- allocated in advance
203  so that higher-level calls can just grab all remaining workarea: */
205  /* function jump table populated by rp2xxx_flash_probe() */
215 
216  char dev_name[20];
218  struct flash_device spi_dev; /* detected model of SPI flash */
220 
223  uint8_t saved_accessctrl[ACCESSCTRL_SAVE_SIZE]; /* in target byte order */
224 };
225 
226 #ifndef LOG_ROM_SYMBOL_DEBUG
227 #define LOG_ROM_SYMBOL_DEBUG LOG_DEBUG
228 #endif
229 
230 static int rp2040_lookup_rom_symbol(struct target *target, uint16_t tag, uint16_t flags, uint16_t *symbol_out)
231 {
232  LOG_ROM_SYMBOL_DEBUG("Looking up ROM symbol '%c%c' in RP2040 table", tag & 0xff, (tag >> 8) & 0xff);
233  if (flags != RT_FLAG_FUNC_ARM_SEC && flags != RT_FLAG_DATA) {
234  /* Note RT flags do not exist on RP2040, so just sanity check that we
235  are asked for a type of thing that actually exists in the ROM table */
236  LOG_ERROR("Only data and Secure Arm functions can be looked up in RP2040 ROM table");
237  return ERROR_FAIL;
238  }
239 
240  uint16_t ptr_to_entry;
241  unsigned int offset_magic_to_table_ptr = flags == RT_FLAG_DATA ? 6 : 4;
242  int err = target_read_u16(target, BOOTROM_MAGIC_ADDR + offset_magic_to_table_ptr, &ptr_to_entry);
243  if (err != ERROR_OK)
244  return err;
245 
246  uint16_t entry_tag;
247  do {
248  err = target_read_u16(target, ptr_to_entry, &entry_tag);
249  if (err != ERROR_OK)
250  return err;
251 
252  if (entry_tag == tag) {
253  /* 16 bit symbol is next */
254  err = target_read_u16(target, ptr_to_entry + 2, symbol_out);
255  if (err != ERROR_OK)
256  return err;
257 
258  LOG_ROM_SYMBOL_DEBUG(" -> found: 0x%04" PRIx16, *symbol_out);
259  return ERROR_OK;
260  }
261  ptr_to_entry += 4;
262  } while (entry_tag);
263  *symbol_out = 0;
264  return ERROR_FAIL;
265 }
266 
267 static int rp2350_a0_lookup_symbol(struct target *target, uint16_t tag, uint16_t flags, uint16_t *symbol_out)
268 {
269  LOG_ROM_SYMBOL_DEBUG("Looking up ROM symbol '%c%c' in RP2350 A0 table", tag & 0xff, (tag >> 8) & 0xff);
270 
271  /* RP2350 A0 table format is the same as RP2040 except with 16 bits of
272  flags after each 16-bit pointer. We ignore the flags, as each symbol
273  only has one datum associated with it. */
274 
275  uint32_t magic_ptr = BOOTROM_MAGIC_ADDR;
276  if (flags == RT_FLAG_FUNC_RISCV) {
277  /* RP2350 A0 used split function tables for Arm/RISC-V -- not used on
278  any other device or any other version of this device. There is a
279  well-known RISC-V table at the top of ROM, matching the well-known
280  Arm table at the bottom of ROM. */
281  magic_ptr = 0x7decu;
282  } else if (flags != RT_FLAG_FUNC_ARM_SEC) {
283  LOG_WARNING("Ignoring non-default flags for RP2350 A0 lookup, hope you like Secure Arm functions");
284  }
285 
286  uint16_t ptr_to_entry;
287  const unsigned int offset_magic_to_table_ptr = 4;
288  int err = target_read_u16(target, magic_ptr + offset_magic_to_table_ptr, &ptr_to_entry);
289  if (err != ERROR_OK)
290  return err;
291 
292  uint16_t entry_tag;
293  do {
294  err = target_read_u16(target, ptr_to_entry, &entry_tag);
295  if (err != ERROR_OK)
296  return err;
297 
298  if (entry_tag == tag) {
299  err = target_read_u16(target, ptr_to_entry + 2, symbol_out);
300  if (err != ERROR_OK)
301  return err;
302 
303  LOG_ROM_SYMBOL_DEBUG(" -> found: 0x%04" PRIx16, *symbol_out);
304  return ERROR_OK;
305  }
306  ptr_to_entry += 6;
307  } while (entry_tag);
308  *symbol_out = 0;
309  return ERROR_FAIL;
310 }
311 
312 static int rp2350_lookup_rom_symbol(struct target *target, uint32_t ptr_to_entry,
313  uint16_t tag, uint16_t flags, uint16_t *symbol_out)
314 {
315  LOG_ROM_SYMBOL_DEBUG("Looking up ROM symbol '%c%c' in RP2350 A1 table", tag & 0xff, (tag >> 8) & 0xff);
316 
317  /* On RP2350 A1, Each entry has a flag bitmap identifying the type of its
318  contents. The entry contains one halfword of data for each set flag
319  bit. There may be both Arm and RISC-V entries under the same tag, or
320  separate Arm Secure/NonSecure entries (or all three, why not). */
321 
322  while (true) {
323  uint16_t entry_tag, entry_flags;
324 
325  int err = target_read_u16(target, ptr_to_entry, &entry_tag);
326  if (err != ERROR_OK)
327  return err;
328 
329  if (entry_tag == 0) {
330  *symbol_out = 0;
331  return ERROR_FAIL;
332  }
333  ptr_to_entry += 2;
334 
335  err = target_read_u16(target, ptr_to_entry, &entry_flags);
336  if (err != ERROR_OK)
337  return err;
338 
339  ptr_to_entry += 2;
340 
341  uint16_t matching_flags = flags & entry_flags;
342 
343  if (tag == entry_tag && matching_flags != 0) {
344  /* This is our entry, seek to the correct data item and return it. */
345  bool is_riscv_func = matching_flags & RT_FLAG_FUNC_RISCV;
346  while (!(matching_flags & 1)) {
347  if (entry_flags & 1)
348  ptr_to_entry += 2;
349 
350  matching_flags >>= 1;
351  entry_flags >>= 1;
352  }
353  if (is_riscv_func) {
354  /* For RISC-V, the table entry itself is the entry point -- trick
355  to make shared function implementations smaller */
356  *symbol_out = ptr_to_entry;
357  return ERROR_OK;
358  }
359  err = target_read_u16(target, ptr_to_entry, symbol_out);
360  if (err != ERROR_OK)
361  return err;
362 
363  LOG_ROM_SYMBOL_DEBUG(" -> found: 0x%04" PRIx16, *symbol_out);
364  return ERROR_OK;
365  }
366  /* Skip past this entry */
367  while (entry_flags) {
368  if (entry_flags & 1)
369  ptr_to_entry += 2;
370 
371  entry_flags >>= 1;
372  }
373  }
374 }
375 
376 static int rp2xxx_lookup_rom_symbol(struct target *target, uint16_t tag, uint16_t flags, uint16_t *symbol_out)
377 {
378  uint32_t magic;
379  int err = target_read_u32(target, BOOTROM_MAGIC_ADDR, &magic);
380  if (err != ERROR_OK)
381  return err;
382 
383  /* Ignore version */
384  magic &= BOOTROM_MAGIC_MASK;
385 
386  if (magic == BOOTROM_RP2350_MAGIC) {
387  /* Distinguish old-style RP2350 ROM table (A0, and earlier A1 builds)
388  based on position of table -- a high address means it is shared with
389  RISC-V, i.e. new-style. */
390  uint16_t table_ptr;
391  err = target_read_u16(target, BOOTROM_MAGIC_ADDR + 4, &table_ptr);
392  if (err != ERROR_OK)
393  return err;
394  if (table_ptr < 0x7c00)
395  return rp2350_a0_lookup_symbol(target, tag, flags, symbol_out);
396  else
397  return rp2350_lookup_rom_symbol(target, table_ptr, tag, flags, symbol_out);
398 
399  } else if (magic == BOOTROM_RP2040_MAGIC) {
400  return rp2040_lookup_rom_symbol(target, tag, flags, symbol_out);
401  }
402  LOG_ERROR("RP2040/RP2350 BOOT ROM not found");
403  return ERROR_FAIL;
404 }
405 
407 {
408  uint16_t symtype_func = is_arm(target_to_arm(target))
410  int err;
412  symtype_func, &priv->jump_flash_exit_xip);
413  if (err != ERROR_OK) {
414  LOG_ERROR("Function FUNC_FLASH_EXIT_XIP not found in RP2xxx ROM");
415  return err;
416  }
417 
419  symtype_func, &priv->jump_connect_internal_flash);
420  if (err != ERROR_OK) {
421  LOG_ERROR("Function FUNC_CONNECT_INTERNAL_FLASH not found in RP2xxx ROM");
422  return err;
423  }
424 
425  err = rp2xxx_lookup_rom_symbol(target, FUNC_FLASH_RANGE_ERASE, symtype_func, &priv->jump_flash_range_erase);
426  if (err != ERROR_OK) {
427  LOG_ERROR("Function FUNC_FLASH_RANGE_ERASE not found in RP2xxx ROM");
428  return err;
429  }
430 
431  err = rp2xxx_lookup_rom_symbol(target, FUNC_FLASH_RANGE_PROGRAM, symtype_func, &priv->jump_flash_range_program);
432  if (err != ERROR_OK) {
433  LOG_ERROR("Function FUNC_FLASH_RANGE_PROGRAM not found in RP2xxx ROM");
434  return err;
435  }
436 
437  err = rp2xxx_lookup_rom_symbol(target, FUNC_FLASH_FLUSH_CACHE, symtype_func, &priv->jump_flush_cache);
438  if (err != ERROR_OK) {
439  LOG_ERROR("Function FUNC_FLASH_FLUSH_CACHE not found in RP2xxx ROM");
440  return err;
441  }
442 
443  err = rp2xxx_lookup_rom_symbol(target, FUNC_FLASH_ENTER_CMD_XIP, symtype_func, &priv->jump_enter_cmd_xip);
444  if (err != ERROR_OK) {
445  LOG_ERROR("Function FUNC_FLASH_ENTER_CMD_XIP not found in RP2xxx ROM");
446  return err;
447  }
448 
449  // From this point are optional functions which do not exist on e.g. RP2040
450  // or pre-production RP2350 ROM versions:
451  if (IS_RP2040(priv->id)) {
452  priv->jump_bootrom_reset_state = 0;
453  priv->jump_flash_reset_address_trans = 0;
454  return ERROR_OK;
455  }
456 
457  err = rp2xxx_lookup_rom_symbol(target, FUNC_BOOTROM_STATE_RESET, symtype_func, &priv->jump_bootrom_reset_state);
458  if (err != ERROR_OK) {
459  priv->jump_bootrom_reset_state = 0;
460  LOG_WARNING("Function FUNC_BOOTROM_STATE_RESET not found in RP2xxx ROM. (probably an RP2350 A0)");
461  }
462 
463  if (!is_arm(target_to_arm(target))) {
465  &priv->jump_bootrom_set_varm_stack);
466  if (err != ERROR_OK) {
467  priv->jump_bootrom_set_varm_stack = 0;
468  LOG_WARNING("Function FUNC_BOOTROM_SET_STACK not found in RP2xxx ROM. (probably an RP2350 A0)");
469  }
470  }
471 
473  symtype_func, &priv->jump_flash_reset_address_trans);
474  if (err != ERROR_OK) {
475  priv->jump_flash_reset_address_trans = 0;
476  LOG_WARNING("Function FUNC_FLASH_RESET_ADDRESS_TRANS not found in RP2xxx ROM. (probably an RP2350 A0)");
477  }
478  return ERROR_OK;
479 }
480 
481 // Call a list of PC + SP + r0-r3 function call tuples with a single OpenOCD
482 // algorithm invocation, to amortise the algorithm overhead over multiple calls:
484  struct rp2xxx_rom_call_batch_record *calls, unsigned int n_calls)
485 {
486  // Note + sizeof(uint32_t) is for the null terminator
487  unsigned int batch_size = ROM_CALL_BATCH_ALGO_SIZE_BYTES
488  + n_calls * sizeof(struct rp2xxx_rom_call_batch_record)
489  + sizeof(uint32_t);
490 
491  if (!priv->ram_algo_space) {
492  LOG_ERROR("No RAM code space allocated for ROM call");
494  }
495  if (priv->ram_algo_space->size < batch_size) {
496  LOG_ERROR("RAM code space too small for call batch size of %u", n_calls);
497  return ERROR_BUF_TOO_SMALL;
498  }
499 
500  LOG_TARGET_DEBUG(target, "Calling batch of %u ROM functions:", n_calls);
501  for (unsigned int i = 0; i < n_calls; ++i) {
502  LOG_DEBUG(" func @ %" PRIx32, calls[i].pc);
503  LOG_DEBUG(" sp = %" PRIx32, calls[i].sp);
504  for (unsigned int j = 0; j < 4; ++j)
505  LOG_DEBUG(" a%u = %" PRIx32, j, calls[i].args[j]);
506  }
507 
508  if (n_calls <= 0) {
509  LOG_DEBUG("Returning early from call of 0 ROM functions");
510  return ERROR_OK;
511  }
512 
513  const uint8_t *algo_code;
514  if (is_arm(target_to_arm(target))) {
515  if (target_to_arm(target)->arch == ARM_ARCH_V8M) {
516  LOG_DEBUG("Using algo: rp2xxx_rom_call_batch_algo_armv8m");
518  } else {
519  LOG_DEBUG("Using algo: rp2xxx_rom_call_batch_algo_armv6m");
521  }
522  } else {
523  LOG_DEBUG("Using algo: rp2xxx_rom_call_batch_algo_riscv");
525  }
526 
527  uint8_t *batch_bf = malloc(batch_size);
528  if (!batch_bf) {
529  LOG_ERROR("No memory for batch buffer");
530  return ERROR_FAIL;
531  }
532  memcpy(batch_bf, algo_code, ROM_CALL_BATCH_ALGO_SIZE_BYTES);
533  unsigned int words = n_calls * sizeof(struct rp2xxx_rom_call_batch_record)
534  / sizeof(uint32_t);
536  &batch_bf[ROM_CALL_BATCH_ALGO_SIZE_BYTES], words,
537  (const uint32_t *)calls);
538  /* Null terminator */
539  target_buffer_set_u32(target, &batch_bf[batch_size - sizeof(uint32_t)], 0);
540 
541  int err = target_write_buffer(target,
542  priv->ram_algo_space->address,
543  batch_size,
544  batch_bf
545  );
546  free(batch_bf);
547 
548  if (err != ERROR_OK) {
549  LOG_ERROR("Failed to write ROM batch algorithm to RAM code space");
550  return err;
551  }
552 
553  // Call into the ROM batch algorithm -- this will in turn call each ROM
554  // call specified by the batch records.
555  target_addr_t algo_start_addr = priv->ram_algo_space->address;
556  target_addr_t algo_end_addr = priv->ram_algo_space->address + rp2xxx_rom_call_batch_algo_bkpt_offset;
557  unsigned int algo_timeout_ms = 3000;
558  if (is_arm(target_to_arm(target))) {
559  struct armv7m_algorithm alg_info;
561  alg_info.core_mode = ARM_MODE_THREAD;
563  0, NULL, /* No memory arguments */
564  0, NULL, /* No register arguments */
565  algo_start_addr, algo_end_addr,
566  algo_timeout_ms,
567  &alg_info
568  );
569  } else {
570  // Presumed RISC-V -- there is no RISCV_COMMON_MAGIC on older OpenOCD
572  0, NULL, /* No memory arguments */
573  0, NULL, /* No register arguments */
574  algo_start_addr, algo_end_addr,
575  algo_timeout_ms,
576  NULL /* Currently no RISC-V-specific algorithm info */
577  );
578  }
579  if (err != ERROR_OK) {
580  LOG_ERROR("Failed to call ROM function batch");
581  /* This case is hit when loading new ROM images on FPGA, but can also be hit on real
582  hardware if you swap two devices with different ROM versions without restarting OpenOCD: */
583  LOG_ROM_SYMBOL_DEBUG("Repopulating ROM address cache after failed ROM call");
584  /* We ignore the error on this next call because we have already failed, this is just
585  recovery for the next attempt. */
587  return err;
588  }
589  return ERROR_OK;
590 }
591 
592 // Call a single ROM function, using the default algorithm stack.
594  uint16_t func_offset, uint32_t argdata[], unsigned int n_args)
595 {
596  assert(n_args <= 4); /* only allow register arguments -- capped at just 4 on Arm */
597 
598  if (!priv->stack) {
599  LOG_ERROR("no stack for flash programming code");
601  }
602  target_addr_t stacktop = priv->stack->address + priv->stack->size;
603 
604  struct rp2xxx_rom_call_batch_record call = {
605  .pc = func_offset,
606  .sp = stacktop
607  };
608  for (unsigned int i = 0; i < n_args; ++i)
609  call.args[i] = argdata[i];
610 
611  return rp2xxx_call_rom_func_batch(target, priv, &call, 1);
612 }
613 
615 {
617  priv->saved_accessctrl);
618 }
619 
621 {
622  // Add write passwords to all ACCESSCTRL regs from ACCESSCTRL_GPIO_ROM to the end
623  // (exclude not keyed ACCESSCTRL_GPIO_NSMASK0 and ACCESSCTRL_GPIO_NSMASK1
624  for (unsigned int i = ACCESSCTRL_GPIO_ROM_OFFSET - ACCESSCTRL_SAVE_BASE;
625  i < ACCESSCTRL_SAVE_SIZE; i += 4)
626  target_buffer_set_u32(target, priv->saved_accessctrl + i,
627  target_buffer_get_u32(target, priv->saved_accessctrl + i) | ACCESSCTRL_WRITE_PASSWORD);
628 
630  priv->saved_accessctrl);
631 }
632 
634 {
635  priv->accessctrl_dirty = false;
636  // Attempt to reset ACCESSCTRL, in case Secure access to SRAM has been
637  // blocked, which will stop us from loading/running algorithms such as RCP
638  // init. (Also ROM, QMI regs are needed later)
639  uint32_t accessctrl_lock_reg;
640  if (target_read_u32(target, ACCESSCTRL_LOCK_OFFSET, &accessctrl_lock_reg) != ERROR_OK) {
641  LOG_ERROR("Failed to read ACCESSCTRL lock register");
642  // Failed to read an APB register which should always be readable from
643  // any security/privilege level. Something fundamental is wrong. E.g.:
644  //
645  // - The debugger is attempting to perform Secure bus accesses on a
646  // system where Secure debug has been disabled
647  // - clk_sys or busfabric clock are stopped (try doing a rescue reset)
648  return ERROR_FAIL;
649  }
650  if (accessctrl_lock_reg & ACCESSCTRL_LOCK_DEBUG_BITS) {
651  LOG_ERROR("ACCESSCTRL is locked, so can't reset permissions. Following steps might fail");
652  } else {
653  int retval = rp2350_save_accessctrl(target, priv);
654  if (retval == ERROR_OK)
655  priv->accessctrl_dirty = true;
656  // If the ACCESSCTRL backup copy is valid, mark it dirty
657  // as we immediately proceed to ACCESSCTRL config reset.
658  // Don't fail on save ACCESSCTRL error, not vital for ROM API call
659 
660  LOG_DEBUG("Reset ACCESSCTRL permissions via CFGRESET");
662  }
663  return ERROR_OK;
664 }
665 
667 {
668  // Flash algorithms (and the RCP init stub called by this function) must
669  // run in the Secure state, so flip the state now before attempting to
670  // execute any code on the core.
671  int retval;
672  retval = cortex_m_set_secure(target, &priv->saved_security);
673  if (retval != ERROR_OK) {
674  LOG_ERROR("RP2350 init ARM core: set secure mode failed");
675  return retval;
676  }
677 
678  if (!priv->stack) {
679  LOG_ERROR("No stack for flash programming code");
681  }
682 
683  if (!priv->ram_algo_space || priv->ram_algo_space->size < sizeof(rcp_init_code)) {
684  LOG_ERROR("No algorithm space for rcp_init code");
685  return ERROR_BUF_TOO_SMALL;
686  }
687 
688  int err = target_write_memory(target,
689  priv->ram_algo_space->address,
690  1,
691  sizeof(rcp_init_code),
693  );
694  if (err != ERROR_OK) {
695  LOG_ERROR("Failed to load rcp_init algorithm into RAM");
696  return ERROR_FAIL;
697  }
698 
699  LOG_TARGET_DEBUG(target, "Calling rcp_init, code at " TARGET_ADDR_FMT,
700  priv->ram_algo_space->address);
701 
702  /* Actually call the function */
703  struct armv7m_algorithm alg_info;
705  alg_info.core_mode = ARM_MODE_THREAD;
707  0, NULL, /* No memory arguments */
708  0, NULL, /* No register arguments */
709  priv->ram_algo_space->address,
710  priv->ram_algo_space->address + rcp_init_code_bkpt_offset,
711  1000, /* 1s timeout */
712  &alg_info
713  );
714  if (err != ERROR_OK) {
715  LOG_ERROR("Failed to invoke rcp_init");
716  return err;
717  }
718 
719  return err;
720 }
721 
723 {
724  int err = ERROR_OK;
725 
726  if (!priv->stack) {
727  /* target_alloc_working_area always allocates multiples of 4 bytes, so no worry about alignment */
729  if (err != ERROR_OK) {
730  LOG_ERROR("Could not allocate stack for flash programming code -- insufficient space");
732  }
733  }
734 
735  if (!priv->ram_algo_space) {
737  if (err != ERROR_OK) {
738  LOG_ERROR("Could not allocate RAM code space for ROM calls -- insufficient space");
740  }
741  }
742 
743  if (IS_RP2350(priv->id)) {
745  if (err != ERROR_OK) {
746  LOG_ERROR("Failed to init ACCESSCTRL before ROM call");
747  return err;
748  }
749  if (is_arm(target_to_arm(target))) {
751  if (err != ERROR_OK) {
752  LOG_ERROR("Failed to init Arm core 0 before ROM call");
753  return err;
754  }
755  }
756  uint32_t reset_args[1] = {
758  };
759  if (!priv->jump_bootrom_reset_state) {
760  LOG_WARNING("RP2350 flash: no bootrom_reset_method");
761  } else {
762  /* This is mainly required to clear varmulet_enclosing_cpu pointers on RISC-V, in case
763  an Arm -> RISC-V call has been interrupted (these pointers are used to handle
764  reentrant calls to the ROM emulator) */
765  LOG_DEBUG("Clearing core 0 ROM state");
766  err = rp2xxx_call_rom_func(target, priv, priv->jump_bootrom_reset_state,
767  reset_args, ARRAY_SIZE(reset_args));
768  if (err != ERROR_OK) {
769  LOG_ERROR("RP2350 flash: failed to call reset core state");
770  return err;
771  }
772  }
773  if (!is_arm(target_to_arm(target)) && priv->jump_bootrom_set_varm_stack) {
774  /* Pass {0, 0} to set_varmulet_user_stack() to enable automatic emulation of Arm APIs
775  using the ROM's default stacks. Usually the bootrom does this before exiting to user
776  code, but it needs to be done manually when the USB bootloader has been interrupted. */
777  LOG_DEBUG("Enabling default Arm emulator stacks for RISC-V ROM calls");
778  struct working_area *set_stack_mem_args;
779  err = target_alloc_working_area(target, 2 * sizeof(uint32_t), &set_stack_mem_args);
780  if (err != ERROR_OK) {
781  LOG_ERROR("Failed to allocate memory for arguments to set_varmulet_user_stack()");
782  return err;
783  }
784 
785  err = target_write_u32(target, set_stack_mem_args->address, 0);
786  if (err == ERROR_OK)
787  err = target_write_u32(target, set_stack_mem_args->address + 4, 0);
788 
789  if (err != ERROR_OK) {
790  LOG_ERROR("Failed to initialise memory arguments for set_varmulet_user_stack()");
791  target_free_working_area(target, set_stack_mem_args);
792  return err;
793  }
794 
795  uint32_t set_stack_register_args[1] = {
796  set_stack_mem_args->address
797  };
798  err = rp2xxx_call_rom_func(target, priv, priv->jump_bootrom_set_varm_stack,
799  set_stack_register_args, ARRAY_SIZE(set_stack_register_args));
800  target_free_working_area(target, set_stack_mem_args);
801  if (err != ERROR_OK) {
802  LOG_ERROR("Failed to initialise Arm emulation stacks for RISC-V");
803  return err;
804  }
805  }
806  }
807 
808  LOG_DEBUG("Connecting flash IOs and issuing XIP exit sequence to flash");
809  struct rp2xxx_rom_call_batch_record calls[2] = {
810  {
811  .pc = priv->jump_connect_internal_flash,
812  .sp = priv->stack->address + priv->stack->size
813  },
814  {
815  .pc = priv->jump_flash_exit_xip,
816  .sp = priv->stack->address + priv->stack->size
817  }
818  };
819  err = rp2xxx_call_rom_func_batch(target, priv, calls, 2);
820  if (err != ERROR_OK) {
821  LOG_ERROR("RP2xxx flash: failed to exit flash XIP mode");
822  return err;
823  }
824 
825  return ERROR_OK;
826 }
827 
829 {
830  // Flash content has changed. We can now do a bit of poking to make
831  // the new flash contents visible to us via memory-mapped (XIP) interface
832  // in the 0x1... memory region.
833 
834  LOG_DEBUG("Flushing flash cache after write behind");
835 
836  struct rp2xxx_rom_call_batch_record finishing_calls[2] = {
837  {
838  .pc = priv->jump_flush_cache,
839  .sp = priv->stack->address + priv->stack->size
840  },
841  {
842  .sp = priv->stack->address + priv->stack->size
843  },
844  };
845 
846  int num_finishing_calls = 1;
847  // Note on RP2350 it's not *required* to call flash_enter_cmd_xip, since
848  // the ROM leaves flash XIPable by default in between direct-mode
849  // accesses
850  if (IS_RP2040(priv->id)) {
851  finishing_calls[num_finishing_calls++].pc = priv->jump_enter_cmd_xip;
852  } else if (priv->jump_flash_reset_address_trans) {
853  // Note flash_reset_address_trans function does not exist on older devices
854  finishing_calls[num_finishing_calls++].pc = priv->jump_flash_reset_address_trans;
855  }
856 
857  int retval = rp2xxx_call_rom_func_batch(target, priv, finishing_calls, num_finishing_calls);
858  if (retval != ERROR_OK)
859  LOG_ERROR("RP2xxx: failed to flush flash cache/restore XIP");
860 
861  return retval;
862 }
863 
865 {
866  /* OpenOCD is prone to trashing work-area allocations on target state
867  transitions, which leaves us with stale work area pointers in our
868  driver state. Best to clean up our allocations manually after
869  completing each flash call, so we know to make fresh ones next time. */
870  LOG_DEBUG("Cleaning up after flash operations");
871 
872  if (IS_RP2350(priv->id)) {
873  int retval1 = ERROR_OK;
874  if (priv->accessctrl_dirty) {
876  priv->accessctrl_dirty = false;
877  }
878 
879  int retval2 = ERROR_OK;
881  retval2 = cortex_m_security_restore(target, &priv->saved_security);
882 
883  if (retval1 != ERROR_OK || retval2 != ERROR_OK)
884  LOG_WARNING("RP2xxx: security state was not restored properly. Debug 'resume' will probably fail, use 'reset' instead");
885  /* Don't fail on security restore error, not vital for flash operation */
886  }
887  if (priv->stack) {
889  priv->stack = 0;
890  }
891  if (priv->ram_algo_space) {
892  target_free_working_area(target, priv->ram_algo_space);
893  priv->ram_algo_space = 0;
894  }
895 }
896 
897 static int rp2xxx_flash_write(struct flash_bank *bank, const uint8_t *buffer, uint32_t offset, uint32_t count)
898 {
899  LOG_DEBUG("Writing %" PRIu32 " bytes starting at 0x%" PRIx32, count, offset);
900 
901  struct rp2xxx_flash_bank *priv = bank->driver_priv;
902  struct target *target = bank->target;
903 
904  if (target->state != TARGET_HALTED) {
905  LOG_ERROR("Target not halted");
907  }
908 
909  struct working_area *bounce = NULL;
910 
911  int err = setup_for_raw_flash_cmd(target, priv);
912  if (err != ERROR_OK)
913  goto cleanup_and_return;
914 
916  /* We try to allocate working area rounded down to device page size,
917  * al least 1 page, at most the write data size */
918  unsigned int chunk_size = MIN(MAX(avail_pages, 1) * RP2XXX_ROM_API_FIXED_FLASH_PAGE, count);
919  err = target_alloc_working_area(target, chunk_size, &bounce);
920  if (err != ERROR_OK) {
921  LOG_ERROR("Could not allocate bounce buffer for flash programming. Can't continue");
922  goto cleanup_and_return;
923  }
924 
925  LOG_DEBUG("Allocated flash bounce buffer @" TARGET_ADDR_FMT, bounce->address);
926 
927  while (count > 0) {
928  uint32_t write_size = count > chunk_size ? chunk_size : count;
929  LOG_DEBUG("Writing %" PRIu32 " bytes to offset 0x%" PRIx32,
930  write_size, offset);
931  err = target_write_buffer(target, bounce->address, write_size, buffer);
932  if (err != ERROR_OK) {
933  LOG_ERROR("Could not load data into target bounce buffer");
934  break;
935  }
936  uint32_t args[3] = {
937  offset, /* addr */
938  bounce->address, /* data */
939  write_size /* count */
940  };
941  err = rp2xxx_call_rom_func(target, priv, priv->jump_flash_range_program,
942  args, ARRAY_SIZE(args));
943  keep_alive();
944  if (err != ERROR_OK) {
945  LOG_ERROR("Failed to invoke flash programming code on target");
946  break;
947  }
948 
949  buffer += write_size;
950  offset += write_size;
951  count -= write_size;
952  }
953 
954 cleanup_and_return:
956 
957  /* Don't propagate error or user gets fooled the flash write failed */
959 
961  return err;
962 }
963 
964 static int rp2xxx_flash_erase(struct flash_bank *bank, unsigned int first, unsigned int last)
965 {
966  struct rp2xxx_flash_bank *priv = bank->driver_priv;
967  struct target *target = bank->target;
968 
969  if (target->state != TARGET_HALTED) {
970  LOG_ERROR("Target not halted");
972  }
973 
974  uint32_t offset_start = bank->sectors[first].offset;
975  uint32_t offset_last = bank->sectors[last].offset + bank->sectors[last].size;
976  uint32_t length = offset_last - offset_start;
977  LOG_DEBUG("erase %" PRIu32 " bytes starting at 0x%" PRIx32,
978  length, offset_start);
979 
980  int err = setup_for_raw_flash_cmd(target, priv);
981  if (err != ERROR_OK)
982  goto cleanup_and_return;
983 
984  uint32_t offset_next = offset_start;
985 
986  /* Break erase into multiple calls to avoid timeout on large erase. Choose 128k chunk which has
987  fairly low ROM call overhead and empirically seems to avoid the default keep_alive() limit
988  as well as our ROM call timeout. */
989  const uint32_t erase_chunk_size = 128 * 1024;
990 
991  /* Promote log level for long erases to provide feedback */
992  bool requires_loud_prints = offset_last - offset_next >= 2 * erase_chunk_size;
993  enum log_levels chunk_log_level = requires_loud_prints ? LOG_LVL_INFO : LOG_LVL_DEBUG;
994 
995  while (offset_next < offset_last) {
996  uint32_t remaining = offset_last - offset_next;
997  uint32_t call_size = remaining < erase_chunk_size ? remaining : erase_chunk_size;
998  /* Shorten the first call of a large erase if necessary to align subsequent calls */
999  if (offset_next % erase_chunk_size != 0 && call_size == erase_chunk_size)
1000  call_size = erase_chunk_size - offset_next % erase_chunk_size;
1001 
1002  LOG_CUSTOM_LEVEL(chunk_log_level,
1003  " Erase chunk: 0x%08" PRIx32 " -> 0x%08" PRIx32,
1004  offset_next,
1005  offset_next + call_size - 1
1006  );
1007 
1008  /* This ROM function uses the optimal mixture of 4k 20h and 64k D8h erases, without
1009  over-erase. This is why we force the flash_bank sector size attribute to 4k even if
1010  OpenOCD prefers to give the block size instead. */
1011  uint32_t args[4] = {
1012  offset_next,
1013  call_size,
1014  65536, /* block_size */
1015  0xd8 /* block_cmd */
1016  };
1017 
1018  err = rp2xxx_call_rom_func(target, priv, priv->jump_flash_range_erase, args, ARRAY_SIZE(args));
1019  keep_alive();
1020 
1021  if (err != ERROR_OK)
1022  break;
1023 
1024  offset_next += call_size;
1025  }
1026 
1027 
1028 cleanup_and_return:
1029  /* Don't propagate error or user gets fooled the flash erase failed */
1031 
1033  return err;
1034 }
1035 
1036 /* -----------------------------------------------------------------------------
1037  Driver probing etc */
1038 
1039 
1040 static int rp2040_ssel_active(struct target *target, bool active)
1041 {
1043  uint32_t val;
1044 
1045  int err = target_read_u32(target, RP2040_QSPI_CTRL, &val);
1046  if (err != ERROR_OK)
1047  return err;
1048 
1049  val = (val & ~RP2040_QSPI_CTRL_OUTOVER_MASK) | state;
1050 
1052  if (err != ERROR_OK)
1053  return err;
1054 
1055  return ERROR_OK;
1056 }
1057 
1058 static int rp2040_spi_tx_rx(struct target *target,
1059  const uint8_t *tx, unsigned int tx_len,
1060  unsigned int dummy_len,
1061  uint8_t *rx, unsigned int rx_len)
1062 {
1063  int retval, retval2;
1064 
1065  retval = rp2040_ssel_active(target, true);
1066  if (retval != ERROR_OK) {
1067  LOG_ERROR("QSPI select failed");
1068  goto deselect;
1069  }
1070 
1071  unsigned int tx_cnt = 0;
1072  unsigned int rx_cnt = 0;
1073  unsigned int xfer_len = tx_len + dummy_len + rx_len;
1074  while (rx_cnt < xfer_len) {
1075  int in_flight = tx_cnt - rx_cnt;
1076  if (tx_cnt < xfer_len && in_flight < 14) {
1077  uint32_t dr = tx_cnt < tx_len ? tx[tx_cnt] : 0;
1079  if (retval != ERROR_OK)
1080  break;
1081 
1082  tx_cnt++;
1083  continue;
1084  }
1085  uint32_t dr;
1086  retval = target_read_u32(target, RP2040_SSI_DR0, &dr);
1087  if (retval != ERROR_OK)
1088  break;
1089 
1090  if (rx_cnt >= tx_len + dummy_len)
1091  rx[rx_cnt - tx_len - dummy_len] = (uint8_t)dr;
1092 
1093  rx_cnt++;
1094  }
1095 
1096 deselect:
1097  retval2 = rp2040_ssel_active(target, false);
1098 
1099  if (retval != ERROR_OK) {
1100  LOG_ERROR("QSPI Tx/Rx failed");
1101  return retval;
1102  }
1103  if (retval2 != ERROR_OK)
1104  LOG_ERROR("QSPI deselect failed");
1105 
1106  return retval2;
1107 }
1108 
1109 static int rp2350_spi_tx_rx(struct target *target,
1110  const uint8_t *tx, unsigned int tx_len,
1111  unsigned int dummy_len,
1112  uint8_t *rx, unsigned int rx_len)
1113 {
1114  uint32_t direct_csr;
1115  int retval = target_read_u32(target, RP2350_QMI_DIRECT_CSR, &direct_csr);
1116  if (retval != ERROR_OK) {
1117  LOG_ERROR("QMI DIRECT_CSR read failed");
1118  return retval;
1119  }
1121  retval = target_write_u32(target, RP2350_QMI_DIRECT_CSR, direct_csr);
1122  if (retval != ERROR_OK) {
1123  LOG_ERROR("QMI DIRECT mode enable failed");
1124  goto deselect;
1125  }
1126 
1127  unsigned int tx_cnt = 0;
1128  unsigned int rx_cnt = 0;
1129  unsigned int xfer_len = tx_len + dummy_len + rx_len;
1130  while (tx_cnt < xfer_len || rx_cnt < rx_len) {
1131  int in_flight = tx_cnt - tx_len - dummy_len - rx_cnt;
1132  if (tx_cnt < xfer_len && in_flight < 4) {
1133  uint32_t tx_cmd;
1134  if (tx_cnt < tx_len)
1135  tx_cmd = tx[tx_cnt] | RP2350_QMI_DIRECT_TX_NOPUSH | RP2350_QMI_DIRECT_TX_OE;
1136  else if (tx_cnt < tx_len + dummy_len)
1137  tx_cmd = RP2350_QMI_DIRECT_TX_NOPUSH;
1138  else
1139  tx_cmd = 0;
1140 
1141  retval = target_write_u32(target, RP2350_QMI_DIRECT_TX, tx_cmd);
1142  if (retval != ERROR_OK)
1143  break;
1144 
1145  tx_cnt++;
1146  continue;
1147  }
1148  if (rx_cnt < rx_len) {
1149  uint32_t dr;
1151  if (retval != ERROR_OK)
1152  break;
1153 
1154  rx[rx_cnt] = (uint8_t)dr;
1155  rx_cnt++;
1156  }
1157  }
1158 
1159 deselect:
1161  int retval2 = target_write_u32(target, RP2350_QMI_DIRECT_CSR, direct_csr);
1162 
1163  if (retval != ERROR_OK) {
1164  LOG_ERROR("QSPI Tx/Rx failed");
1165  return retval;
1166  }
1167  if (retval2 != ERROR_OK)
1168  LOG_ERROR("QMI DIRECT mode disable failed");
1169 
1170  return retval2;
1171 }
1172 
1173 static int rp2xxx_spi_tx_rx(struct flash_bank *bank,
1174  const uint8_t *tx, unsigned int tx_len,
1175  unsigned int dummy_len,
1176  uint8_t *rx, unsigned int rx_len)
1177 {
1178  struct rp2xxx_flash_bank *priv = bank->driver_priv;
1179  struct target *target = bank->target;
1180 
1181  if (IS_RP2040(priv->id))
1182  return rp2040_spi_tx_rx(target, tx, tx_len, dummy_len, rx, rx_len);
1183  else if (IS_RP2350(priv->id))
1184  return rp2350_spi_tx_rx(target, tx, tx_len, dummy_len, rx, rx_len);
1185  else
1186  return ERROR_FAIL;
1187 }
1188 
1189 static int rp2xxx_read_sfdp_block(struct flash_bank *bank, uint32_t addr,
1190  unsigned int words, uint32_t *buffer)
1191 {
1192  struct rp2xxx_flash_bank *priv = bank->driver_priv;
1193 
1194  uint8_t cmd[4] = { SPIFLASH_READ_SFDP };
1195  uint8_t data[4 * words + priv->sfdp_dummy_detect];
1196 
1197  h_u24_to_be(&cmd[1], addr);
1198 
1199  int retval = rp2xxx_spi_tx_rx(bank, cmd, sizeof(cmd), priv->sfdp_dummy,
1200  data, 4 * words + priv->sfdp_dummy_detect);
1201  if (retval != ERROR_OK)
1202  return retval;
1203 
1204  if (priv->sfdp_dummy_detect) {
1205  for (unsigned int i = 0; i < priv->sfdp_dummy_detect; i++)
1206  if (le_to_h_u32(&data[i]) == SFDP_MAGIC) {
1207  priv->sfdp_dummy_detect = 0;
1208  priv->sfdp_dummy = i;
1209  break;
1210  }
1211  for (unsigned int i = 0; i < words; i++)
1212  buffer[i] = le_to_h_u32(&data[4 * i + priv->sfdp_dummy]);
1213  } else {
1214  for (unsigned int i = 0; i < words; i++)
1215  buffer[i] = le_to_h_u32(&data[4 * i]);
1216  }
1217  return retval;
1218 }
1219 
1221 {
1222  struct rp2xxx_flash_bank *priv = bank->driver_priv;
1223  struct target *target = bank->target;
1224 
1225  int retval = target_read_u32(target, RP2XXX_SYSINFO_CHIP_ID, &priv->id);
1226  if (retval != ERROR_OK) {
1227  LOG_ERROR("SYSINFO CHIP_ID read failed");
1228  return retval;
1229  }
1230  if (!IS_RP2040(priv->id) && !IS_RP2350(priv->id)) {
1231  LOG_ERROR("Unknown SYSINFO CHIP_ID 0x%08" PRIx32, priv->id);
1232  return ERROR_FLASH_BANK_INVALID;
1233  }
1234 
1236  if (retval != ERROR_OK)
1237  return retval;
1238 
1239  /* the Boot ROM flash_range_program() routine requires page alignment */
1240  bank->write_start_alignment = RP2XXX_ROM_API_FIXED_FLASH_PAGE;
1241  bank->write_end_alignment = RP2XXX_ROM_API_FIXED_FLASH_PAGE;
1242 
1243  uint32_t flash_id = 0;
1244  if (priv->size_override) {
1245  priv->spi_dev.name = "size override";
1246  LOG_DEBUG("SPI flash autodetection disabled, using configured size");
1247  } else {
1248  if (target->state != TARGET_HALTED) {
1249  LOG_ERROR("Target not halted");
1250  return ERROR_TARGET_NOT_HALTED;
1251  }
1252 
1253  bank->size = 0;
1254 
1256  /* ignore error, flash size detection could work anyway */
1257 
1258  const uint8_t cmd[] = { SPIFLASH_READ_ID };
1259  uint8_t data[3];
1260  retval = rp2xxx_spi_tx_rx(bank, cmd, sizeof(cmd), 0, data, sizeof(data));
1261  if (retval == ERROR_OK) {
1262  flash_id = le_to_h_u24(data);
1263 
1264  /* search for a SPI flash Device ID match */
1265  for (const struct flash_device *p = flash_devices; p->name ; p++) {
1266  if (p->device_id == flash_id) {
1267  priv->spi_dev = *p;
1268  bank->size = p->size_in_bytes;
1269  break;
1270  }
1271  }
1272  }
1273 
1274  if (bank->size == 0) {
1275  priv->sfdp_dummy_detect = 8;
1276  priv->sfdp_dummy = 0;
1277  retval = spi_sfdp(bank, &priv->spi_dev, &rp2xxx_read_sfdp_block);
1278  if (retval == ERROR_OK)
1279  bank->size = priv->spi_dev.size_in_bytes;
1280  }
1281 
1283  }
1284 
1285  snprintf(priv->dev_name, sizeof(priv->dev_name), "%s rev %u",
1286  IS_RP2350(priv->id) ? "RP2350" : "RP2040",
1288 
1289  if (bank->size == 0) {
1290  LOG_ERROR("%s, QSPI Flash id = 0x%06" PRIx32 " not recognised",
1291  priv->dev_name, flash_id);
1292  return ERROR_FLASH_BANK_INVALID;
1293  }
1294 
1295  bank->num_sectors = bank->size / RP2XXX_ROM_API_FIXED_FLASH_SECTOR;
1296 
1297  if (priv->size_override) {
1298  LOG_INFO("%s, QSPI Flash size override = %u KiB in %u sectors",
1299  priv->dev_name, bank->size / 1024, bank->num_sectors);
1300  } else {
1301  LOG_INFO("%s, QSPI Flash %s id = 0x%06" PRIx32 " size = %u KiB in %u sectors",
1302  priv->dev_name, priv->spi_dev.name, flash_id,
1303  bank->size / 1024, bank->num_sectors);
1304  }
1305 
1306  free(bank->sectors);
1307  bank->sectors = alloc_block_array(0, RP2XXX_ROM_API_FIXED_FLASH_SECTOR, bank->num_sectors);
1308  if (!bank->sectors)
1309  return ERROR_FAIL;
1310 
1311  priv->probed = true;
1312 
1313  return ERROR_OK;
1314 }
1315 
1317 {
1318  struct rp2xxx_flash_bank *priv = bank->driver_priv;
1319 
1320  if (priv->probed)
1321  return ERROR_OK;
1322 
1323  return rp2xxx_flash_probe(bank);
1324 }
1325 
1326 /* -----------------------------------------------------------------------------
1327  Driver boilerplate */
1328 
1329 FLASH_BANK_COMMAND_HANDLER(rp2xxx_flash_bank_command)
1330 {
1331  struct rp2xxx_flash_bank *priv;
1332  priv = calloc(1, sizeof(struct rp2xxx_flash_bank));
1333  priv->size_override = bank->size != 0;
1334 
1335  /* Set up driver_priv */
1336  bank->driver_priv = priv;
1337 
1338  return ERROR_OK;
1339 }
1340 
1341 
1342 COMMAND_HANDLER(rp2xxx_rom_api_call_handler)
1343 {
1344  if (CMD_ARGC < 1)
1346 
1347  struct target *target = get_current_target(CMD->ctx);
1348 
1349  struct flash_bank *bank;
1350  for (bank = flash_bank_list(); bank; bank = bank->next) {
1351  if (bank->driver != &rp2xxx_flash)
1352  continue;
1353 
1354  if (bank->target == target)
1355  break;
1356  }
1357 
1358  if (!bank) {
1359  command_print(CMD, "[%s] No associated RP2xxx flash bank found",
1360  target_name(target));
1361  return ERROR_FAIL;
1362  }
1363 
1364  int retval = rp2xxx_flash_auto_probe(bank);
1365  if (retval != ERROR_OK) {
1366  command_print(CMD, "auto_probe failed");
1367  return retval;
1368  }
1369 
1370  uint16_t tag = MAKE_TAG(CMD_ARGV[0][0], CMD_ARGV[0][1]);
1371 
1372  uint32_t args[4] = { 0 };
1373  for (unsigned int i = 0; i + 1 < CMD_ARGC && i < ARRAY_SIZE(args); i++)
1374  COMMAND_PARSE_NUMBER(u32, CMD_ARGV[i + 1], args[i]);
1375 
1376  if (target->state != TARGET_HALTED) {
1377  command_print(CMD, "Target not halted");
1378  return ERROR_TARGET_NOT_HALTED;
1379  }
1380 
1381  struct rp2xxx_flash_bank *priv = bank->driver_priv;
1382  retval = setup_for_raw_flash_cmd(target, priv);
1383  if (retval != ERROR_OK)
1384  goto cleanup_and_return;
1385 
1386  uint16_t symtype_func = is_arm(target_to_arm(target))
1388 
1389  uint16_t fc;
1390  retval = rp2xxx_lookup_rom_symbol(target, tag, symtype_func, &fc);
1391  if (retval != ERROR_OK) {
1392  command_print(CMD, "Function %.2s not found in RP2xxx ROM",
1393  CMD_ARGV[0]);
1394  goto cleanup_and_return;
1395  }
1396 
1397  /* command_print() output gets lost if the command is called
1398  * in an event handler, use LOG_INFO instead */
1399  LOG_INFO("RP2xxx ROM API function %.2s @ %04" PRIx16, CMD_ARGV[0], fc);
1400 
1401  retval = rp2xxx_call_rom_func(target, priv, fc, args, ARRAY_SIZE(args));
1402  if (retval != ERROR_OK)
1403  command_print(CMD, "RP2xxx ROM API call failed");
1404 
1405 cleanup_and_return:
1407  return retval;
1408 }
1409 
1410 COMMAND_HANDLER(rp2xxx_switch_target_handler)
1411 {
1412  if (CMD_ARGC != 2)
1414 
1415  struct target *old_target = get_target(CMD_ARGV[0]);
1416  if (!old_target) {
1417  command_print(CMD, "Unrecognised old target %s", CMD_ARGV[0]);
1419  }
1420 
1421  struct target *new_target = get_target(CMD_ARGV[1]);
1422  if (!new_target) {
1423  command_print(CMD, "Unrecognised new target %s", CMD_ARGV[1]);
1425  }
1426 
1427  struct flash_bank *bank;
1428  for (bank = flash_bank_list(); bank; bank = bank->next) {
1429  if (bank->driver == &rp2xxx_flash) {
1430  if (bank->target == old_target) {
1431  bank->target = new_target;
1432  struct rp2xxx_flash_bank *priv = bank->driver_priv;
1433  priv->probed = false;
1434  return ERROR_OK;
1435  } else if (bank->target == new_target) {
1436  return ERROR_OK;
1437  }
1438  }
1439  }
1440 
1441  command_print(CMD, "Neither old nor new target %s found in flash bank list",
1442  CMD_ARGV[0]);
1443  return ERROR_FAIL;
1444 }
1445 
1446 static const struct command_registration rp2xxx_exec_command_handlers[] = {
1447  {
1448  .name = "rom_api_call",
1449  .mode = COMMAND_EXEC,
1450  .help = "arbitrary ROM API call",
1451  .usage = "fc [p0 [p1 [p2 [p3]]]]",
1452  .handler = rp2xxx_rom_api_call_handler,
1453  },
1454  {
1455  .name = "_switch_target",
1456  .mode = COMMAND_EXEC,
1457  .help = "internal use",
1458  .usage = "old_target new_target",
1459  .handler = rp2xxx_switch_target_handler,
1460  },
1462 };
1463 
1464 static const struct command_registration rp2xxx_command_handler[] = {
1465  {
1466  .name = "rp2xxx",
1467  .mode = COMMAND_ANY,
1468  .help = "rp2xxx flash controller commands",
1469  .usage = "",
1471  },
1473 };
1474 
1475 const struct flash_driver rp2xxx_flash = {
1476  .name = "rp2xxx",
1477  .commands = rp2xxx_command_handler,
1478  .flash_bank_command = rp2xxx_flash_bank_command,
1479  .erase = rp2xxx_flash_erase,
1480  .write = rp2xxx_flash_write,
1481  .read = default_flash_read,
1482  .probe = rp2xxx_flash_probe,
1483  .auto_probe = rp2xxx_flash_auto_probe,
1484  .erase_check = default_flash_blank_check,
1485  .free_driver_priv = default_flash_free_driver_priv
1486 };
@ ARM_ARCH_V8M
Definition: arm.h:58
static bool is_arm(struct arm *arm)
Definition: arm.h:267
@ ARM_MODE_THREAD
Definition: arm.h:94
static struct arm * target_to_arm(const struct target *target)
Convert target handle to generic ARM target state handle.
Definition: arm.h:261
#define ARMV7M_COMMON_MAGIC
Definition: armv7m.h:224
Support functions to access arbitrary bits in a byte array.
void command_print(struct command_invocation *cmd, const char *format,...)
Definition: command.c:375
#define CMD
Use this macro to access the command being handled, rather than accessing the variable directly.
Definition: command.h:141
#define CMD_ARGV
Use this macro to access the arguments for the command being handled, rather than accessing the varia...
Definition: command.h:156
#define ERROR_COMMAND_SYNTAX_ERROR
Definition: command.h:400
#define CMD_ARGC
Use this macro to access the number of arguments for the command being handled, rather than accessing...
Definition: command.h:151
#define COMMAND_PARSE_NUMBER(type, in, out)
parses the string in into out as a type, or prints a command error and passes the error code to the c...
Definition: command.h:440
#define COMMAND_REGISTRATION_DONE
Use this as the last entry in an array of command_registration records.
Definition: command.h:251
#define ERROR_COMMAND_ARGUMENT_INVALID
Definition: command.h:402
@ COMMAND_ANY
Definition: command.h:42
@ COMMAND_EXEC
Definition: command.h:40
int cortex_m_security_restore(struct target *target, struct cortex_m_saved_security *ssec)
Restores saved security context to MPU_CTRL, SAU_CTRL and DSCSR.
Definition: cortex_m.c:2634
int cortex_m_set_secure(struct target *target, struct cortex_m_saved_security *ssec)
Forces Cortex-M core to the basic secure context with SAU and MPU off.
Definition: cortex_m.c:2566
uint64_t buffer
Pointer to data buffer to send over SPI.
Definition: dw-spi-helper.h:0
uint8_t bank
Definition: esirisc.c:135
static struct esp_usb_jtag * priv
Definition: esp_usb_jtag.c:219
uint8_t length
Definition: esp_usb_jtag.c:1
#define ERROR_FLASH_BANK_INVALID
Definition: flash/common.h:28
struct flash_sector * alloc_block_array(uint32_t offset, uint32_t size, unsigned int num_blocks)
Allocate and fill an array of sectors or protection blocks.
int default_flash_blank_check(struct flash_bank *bank)
Provides default erased-bank check handling.
int default_flash_read(struct flash_bank *bank, uint8_t *buffer, uint32_t offset, uint32_t count)
Provides default read implementation for flash memory.
void default_flash_free_driver_priv(struct flash_bank *bank)
Deallocates bank->driver_priv.
struct flash_bank * flash_bank_list(void)
uint32_t dr
Definition: imx_gpio.c:0
void keep_alive(void)
Definition: log.c:426
#define LOG_CUSTOM_LEVEL(level, expr ...)
Definition: log.h:118
#define LOG_WARNING(expr ...)
Definition: log.h:130
#define ERROR_FAIL
Definition: log.h:174
#define ERROR_BUF_TOO_SMALL
Definition: log.h:170
#define LOG_TARGET_DEBUG(target, fmt_str,...)
Definition: log.h:150
#define LOG_ERROR(expr ...)
Definition: log.h:133
#define LOG_INFO(expr ...)
Definition: log.h:127
#define LOG_DEBUG(expr ...)
Definition: log.h:110
#define ERROR_OK
Definition: log.h:168
log_levels
Definition: log.h:40
@ LOG_LVL_INFO
Definition: log.h:46
@ LOG_LVL_DEBUG
Definition: log.h:47
#define sp
Definition: mips32.c:222
#define MIN(a, b)
Definition: replacements.h:22
#define MAX(a, b)
Definition: replacements.h:25
#define RP2350_QMI_DIRECT_CSR
Definition: rp2xxx.c:64
#define RP2040_QSPI_CTRL_OUTOVER_LOW
Definition: rp2xxx.c:61
static const uint8_t rp2xxx_rom_call_batch_algo_riscv[ROM_CALL_BATCH_ALGO_SIZE_BYTES]
Definition: rp2xxx.c:172
#define RP2350_QMI_DIRECT_RX
Definition: rp2xxx.c:66
#define LOG_ROM_SYMBOL_DEBUG
Definition: rp2xxx.c:227
#define RP2350_QMI_DIRECT_TX
Definition: rp2xxx.c:65
#define FUNC_FLASH_RANGE_ERASE
Definition: rp2xxx.c:25
static int rp2350_init_arm_core0(struct target *target, struct rp2xxx_flash_bank *priv)
Definition: rp2xxx.c:666
static int rp2350_a0_lookup_symbol(struct target *target, uint16_t tag, uint16_t flags, uint16_t *symbol_out)
Definition: rp2xxx.c:267
static const struct command_registration rp2xxx_command_handler[]
Definition: rp2xxx.c:1464
static const int rp2xxx_rom_call_batch_algo_bkpt_offset
Definition: rp2xxx.c:125
#define BOOTROM_RP2350_MAGIC
Definition: rp2xxx.c:18
static int rp2xxx_call_rom_func(struct target *target, struct rp2xxx_flash_bank *priv, uint16_t func_offset, uint32_t argdata[], unsigned int n_args)
Definition: rp2xxx.c:593
#define RP2040_QSPI_CTRL_OUTOVER_MASK
Definition: rp2xxx.c:60
#define RT_FLAG_FUNC_RISCV
Definition: rp2xxx.c:34
#define MAKE_TAG(a, b)
Definition: rp2xxx.c:22
#define FUNC_FLASH_FLUSH_CACHE
Definition: rp2xxx.c:27
static const uint8_t rcp_init_code[]
Definition: rp2xxx.c:101
static int rp2xxx_flash_probe(struct flash_bank *bank)
Definition: rp2xxx.c:1220
static int rp2xxx_invalidate_cache_restore_xip(struct target *target, struct rp2xxx_flash_bank *priv)
Definition: rp2xxx.c:828
static int rp2350_init_accessctrl(struct target *target, struct rp2xxx_flash_bank *priv)
Definition: rp2xxx.c:633
#define RP2040_QSPI_CTRL_OUTOVER_HIGH
Definition: rp2xxx.c:62
const struct flash_driver rp2xxx_flash
Definition: rp2xxx.c:1475
#define RP2040_SSI_DR0
Definition: rp2xxx.c:57
#define RT_FLAG_DATA
Definition: rp2xxx.c:37
#define FUNC_FLASH_RESET_ADDRESS_TRANS
Definition: rp2xxx.c:31
#define RP2350_QMI_DIRECT_CSR_EN
Definition: rp2xxx.c:68
#define ROM_CALL_BATCH_ALGO_SIZE_BYTES
Definition: rp2xxx.c:124
#define FUNC_FLASH_EXIT_XIP
Definition: rp2xxx.c:23
static const struct command_registration rp2xxx_exec_command_handlers[]
Definition: rp2xxx.c:1446
#define RP2040_QSPI_CTRL
Definition: rp2xxx.c:58
COMMAND_HANDLER(rp2xxx_rom_api_call_handler)
Definition: rp2xxx.c:1342
#define ACCESSCTRL_WRITE_PASSWORD
Definition: rp2xxx.c:55
#define FUNC_BOOTROM_SET_STACK
Definition: rp2xxx.c:30
#define RP2XXX_CHIP_ID_REVISION(id)
Definition: rp2xxx.c:81
static int rp2350_save_accessctrl(struct target *target, struct rp2xxx_flash_bank *priv)
Definition: rp2xxx.c:614
static int rp2350_restore_accessctrl(struct target *target, struct rp2xxx_flash_bank *priv)
Definition: rp2xxx.c:620
#define BOOTROM_STATE_RESET_CURRENT_CORE
Definition: rp2xxx.c:40
static int rp2350_spi_tx_rx(struct target *target, const uint8_t *tx, unsigned int tx_len, unsigned int dummy_len, uint8_t *rx, unsigned int rx_len)
Definition: rp2xxx.c:1109
static int rp2040_spi_tx_rx(struct target *target, const uint8_t *tx, unsigned int tx_len, unsigned int dummy_len, uint8_t *rx, unsigned int rx_len)
Definition: rp2xxx.c:1058
static void cleanup_after_raw_flash_cmd(struct target *target, struct rp2xxx_flash_bank *priv)
Definition: rp2xxx.c:864
static int rp2xxx_spi_tx_rx(struct flash_bank *bank, const uint8_t *tx, unsigned int tx_len, unsigned int dummy_len, uint8_t *rx, unsigned int rx_len)
Definition: rp2xxx.c:1173
#define ACCESSCTRL_LOCK_DEBUG_BITS
Definition: rp2xxx.c:54
#define RT_FLAG_FUNC_ARM_SEC
Definition: rp2xxx.c:35
static int rp2xxx_call_rom_func_batch(struct target *target, struct rp2xxx_flash_bank *priv, struct rp2xxx_rom_call_batch_record *calls, unsigned int n_calls)
Definition: rp2xxx.c:483
#define FUNC_BOOTROM_STATE_RESET
Definition: rp2xxx.c:29
#define RP2XXX_MAX_RAM_ALGO_SIZE
Definition: rp2xxx.c:84
FLASH_BANK_COMMAND_HANDLER(rp2xxx_flash_bank_command)
Definition: rp2xxx.c:1329
#define ACCESSCTRL_CFGRESET_OFFSET
Definition: rp2xxx.c:45
#define ACCESSCTRL_LOCK_OFFSET
Definition: rp2xxx.c:44
#define FUNC_CONNECT_INTERNAL_FLASH
Definition: rp2xxx.c:24
#define RP2XXX_ROM_API_FIXED_FLASH_PAGE
Definition: rp2xxx.c:86
#define IS_RP2040(id)
Definition: rp2xxx.c:78
static int rp2xxx_flash_auto_probe(struct flash_bank *bank)
Definition: rp2xxx.c:1316
static int rp2xxx_populate_rom_pointer_cache(struct target *target, struct rp2xxx_flash_bank *priv)
Definition: rp2xxx.c:406
#define RP2350_QMI_DIRECT_TX_OE
Definition: rp2xxx.c:71
#define BOOTROM_MAGIC_ADDR
Definition: rp2xxx.c:20
static int rp2xxx_flash_write(struct flash_bank *bank, const uint8_t *buffer, uint32_t offset, uint32_t count)
Definition: rp2xxx.c:897
static const uint8_t rp2xxx_rom_call_batch_algo_armv6m[ROM_CALL_BATCH_ALGO_SIZE_BYTES]
Definition: rp2xxx.c:126
#define RP2XXX_ROM_API_FIXED_FLASH_SECTOR
Definition: rp2xxx.c:87
static int rp2350_lookup_rom_symbol(struct target *target, uint32_t ptr_to_entry, uint16_t tag, uint16_t flags, uint16_t *symbol_out)
Definition: rp2xxx.c:312
#define IS_RP2350(id)
Definition: rp2xxx.c:80
#define RP2XXX_MAX_ALGO_STACK_USAGE
Definition: rp2xxx.c:83
#define BOOTROM_MAGIC_MASK
Definition: rp2xxx.c:19
#define FUNC_FLASH_RANGE_PROGRAM
Definition: rp2xxx.c:26
#define BOOTROM_RP2040_MAGIC
Definition: rp2xxx.c:16
static const int rcp_init_code_bkpt_offset
Definition: rp2xxx.c:100
#define RP2350_QMI_DIRECT_TX_NOPUSH
Definition: rp2xxx.c:70
#define ACCESSCTRL_GPIO_ROM_OFFSET
Definition: rp2xxx.c:47
static int rp2040_ssel_active(struct target *target, bool active)
Definition: rp2xxx.c:1040
static int rp2xxx_read_sfdp_block(struct flash_bank *bank, uint32_t addr, unsigned int words, uint32_t *buffer)
Definition: rp2xxx.c:1189
#define RP2XXX_SYSINFO_CHIP_ID
Definition: rp2xxx.c:73
#define ACCESSCTRL_SAVE_BASE
Definition: rp2xxx.c:50
#define RP2350_QMI_DIRECT_CSR_ASSERT_CS0N
Definition: rp2xxx.c:69
static int rp2040_lookup_rom_symbol(struct target *target, uint16_t tag, uint16_t flags, uint16_t *symbol_out)
Definition: rp2xxx.c:230
static int setup_for_raw_flash_cmd(struct target *target, struct rp2xxx_flash_bank *priv)
Definition: rp2xxx.c:722
static int rp2xxx_flash_erase(struct flash_bank *bank, unsigned int first, unsigned int last)
Definition: rp2xxx.c:964
static int rp2xxx_lookup_rom_symbol(struct target *target, uint16_t tag, uint16_t flags, uint16_t *symbol_out)
Definition: rp2xxx.c:376
static const uint8_t rp2xxx_rom_call_batch_algo_armv8m[ROM_CALL_BATCH_ALGO_SIZE_BYTES]
Definition: rp2xxx.c:150
#define FUNC_FLASH_ENTER_CMD_XIP
Definition: rp2xxx.c:28
#define ACCESSCTRL_SAVE_SIZE
Definition: rp2xxx.c:51
target_addr_t addr
Start address to search for the control block.
Definition: rtt/rtt.c:28
int spi_sfdp(struct flash_bank *bank, struct flash_device *dev, read_sfdp_block_t read_sfdp_block)
Definition: sfdp.c:60
#define SFDP_MAGIC
Definition: sfdp.h:10
const struct flash_device flash_devices[]
Definition: spi.c:24
#define SPIFLASH_READ_SFDP
Definition: spi.h:80
#define SPIFLASH_READ_ID
Definition: spi.h:72
unsigned int common_magic
Definition: armv7m.h:299
enum arm_mode core_mode
Definition: armv7m.h:301
const char * name
Definition: command.h:234
Provides details of a flash bank, available either on-chip or through a major interface.
Definition: nor/core.h:75
const char * name
Definition: spi.h:21
Provides the implementation-independent structure that defines all of the callbacks required by OpenO...
Definition: nor/driver.h:39
const char * name
Gives a human-readable name of this flash driver, This field is used to select and initialize the dri...
Definition: nor/driver.h:44
uint16_t jump_connect_internal_flash
Definition: rp2xxx.c:207
struct cortex_m_saved_security saved_security
Definition: rp2xxx.c:221
uint16_t jump_flash_reset_address_trans
Definition: rp2xxx.c:211
uint8_t saved_accessctrl[ACCESSCTRL_SAVE_SIZE]
Definition: rp2xxx.c:223
uint16_t jump_flash_range_erase
Definition: rp2xxx.c:208
uint16_t jump_bootrom_reset_state
Definition: rp2xxx.c:213
uint16_t jump_enter_cmd_xip
Definition: rp2xxx.c:212
struct working_area * stack
Definition: rp2xxx.c:201
unsigned int sfdp_dummy_detect
Definition: rp2xxx.c:219
uint32_t id
Definition: rp2xxx.c:200
struct working_area * ram_algo_space
Definition: rp2xxx.c:204
bool accessctrl_dirty
Definition: rp2xxx.c:222
uint16_t jump_flush_cache
Definition: rp2xxx.c:210
uint16_t jump_flash_exit_xip
Definition: rp2xxx.c:206
struct flash_device spi_dev
Definition: rp2xxx.c:218
uint16_t jump_bootrom_set_varm_stack
Definition: rp2xxx.c:214
bool size_override
Definition: rp2xxx.c:217
unsigned int sfdp_dummy
Definition: rp2xxx.c:219
uint16_t jump_flash_range_program
Definition: rp2xxx.c:209
char dev_name[20]
Definition: rp2xxx.c:216
Definition: target.h:119
enum target_state state
Definition: target.h:160
target_addr_t address
Definition: target.h:89
struct target * get_target(const char *id)
Definition: target.c:442
void target_buffer_set_u32(struct target *target, uint8_t *buffer, uint32_t value)
Definition: target.c:361
int target_write_buffer(struct target *target, target_addr_t address, uint32_t size, const uint8_t *buffer)
Definition: target.c:2351
int target_run_algorithm(struct target *target, int num_mem_params, struct mem_param *mem_params, int num_reg_params, struct reg_param *reg_param, target_addr_t entry_point, target_addr_t exit_point, unsigned int timeout_ms, void *arch_info)
Downloads a target-specific native code algorithm to the target, and executes it.
Definition: target.c:783
int target_write_memory(struct target *target, target_addr_t address, uint32_t size, uint32_t count, const uint8_t *buffer)
Write count items of size bytes to the memory of target at the address given.
Definition: target.c:1275
uint32_t target_get_working_area_avail(struct target *target)
Definition: target.c:2174
int target_alloc_working_area(struct target *target, uint32_t size, struct working_area **area)
Definition: target.c:2070
int target_write_u32(struct target *target, target_addr_t address, uint32_t value)
Definition: target.c:2650
int target_free_working_area(struct target *target, struct working_area *area)
Free a working area.
Definition: target.c:2128
int target_read_u16(struct target *target, target_addr_t address, uint16_t *value)
Definition: target.c:2583
int target_read_u32(struct target *target, target_addr_t address, uint32_t *value)
Definition: target.c:2559
int target_read_memory(struct target *target, target_addr_t address, uint32_t size, uint32_t count, uint8_t *buffer)
Read count items of size bytes from the memory of target at the address given.
Definition: target.c:1247
struct target * get_current_target(struct command_context *cmd_ctx)
Definition: target.c:467
void target_buffer_set_u32_array(struct target *target, uint8_t *buffer, uint32_t count, const uint32_t *srcbuf)
Definition: target.c:426
uint32_t target_buffer_get_u32(struct target *target, const uint8_t *buffer)
Definition: target.c:325
#define ERROR_TARGET_NOT_HALTED
Definition: target.h:786
static const char * target_name(const struct target *target)
Returns the instance-specific name of the specified target.
Definition: target.h:236
@ TARGET_HALTED
Definition: target.h:58
#define ERROR_TARGET_RESOURCE_NOT_AVAILABLE
Definition: target.h:790
static uint32_t le_to_h_u24(const uint8_t *buf)
Definition: types.h:117
#define TARGET_ADDR_FMT
Definition: types.h:342
#define ARRAY_SIZE(x)
Compute the number of elements of a variable length array.
Definition: types.h:57
uint64_t target_addr_t
Definition: types.h:335
static void h_u24_to_be(uint8_t *buf, unsigned int val)
Definition: types.h:201
static uint32_t le_to_h_u32(const uint8_t *buf)
Definition: types.h:112
#define NULL
Definition: usb.h:16
uint8_t cmd
Definition: vdebug.c:1
uint8_t offset[4]
Definition: vdebug.c:9
uint8_t state[4]
Definition: vdebug.c:21
uint8_t count[4]
Definition: vdebug.c:22