search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
flash/nor/rp2040: fix flash erase timeout
[openocd.git] / src / flash / nor / rp2040.c
blob7cc6434ffeab573d279eae1f898c4e397b8b2877
1 // SPDX-License-Identifier: GPL-2.0-or-later
2
3 #ifdef HAVE_CONFIG_H
4 #include "config.h"
5 #endif
6
7 #include "imp.h"
8 #include <helper/binarybuffer.h>
9 #include <target/algorithm.h>
10 #include <target/armv7m.h>
11 #include "spi.h"
12
13 /* NOTE THAT THIS CODE REQUIRES FLASH ROUTINES in BOOTROM WITH FUNCTION TABLE PTR AT 0x00000010
14 Your gdbinit should load the bootrom.elf if appropriate */
15
16 /* this is 'M' 'u', 1 (version) */
17 #define BOOTROM_MAGIC 0x01754d
18 #define BOOTROM_MAGIC_ADDR 0x00000010
19
20 /* Call a ROM function via the debug trampoline
21 Up to four arguments passed in r0...r3 as per ABI
22 Function address is passed in r7
23 the trampoline is needed because OpenOCD "algorithm" code insists on sw breakpoints. */
24
25 #define MAKE_TAG(a, b) (((b)<<8) | a)
26 #define FUNC_DEBUG_TRAMPOLINE MAKE_TAG('D', 'T')
27 #define FUNC_DEBUG_TRAMPOLINE_END MAKE_TAG('D', 'E')
28 #define FUNC_FLASH_EXIT_XIP MAKE_TAG('E', 'X')
29 #define FUNC_CONNECT_INTERNAL_FLASH MAKE_TAG('I', 'F')
30 #define FUNC_FLASH_RANGE_ERASE MAKE_TAG('R', 'E')
31 #define FUNC_FLASH_RANGE_PROGRAM MAKE_TAG('R', 'P')
32 #define FUNC_FLASH_FLUSH_CACHE MAKE_TAG('F', 'C')
33 #define FUNC_FLASH_ENTER_CMD_XIP MAKE_TAG('C', 'X')
34
35 struct rp2040_flash_bank {
36 /* flag indicating successful flash probe */
37 bool probed;
38 /* stack used by Boot ROM calls */
39 struct working_area *stack;
40 /* function jump table populated by rp2040_flash_probe() */
41 uint16_t jump_debug_trampoline;
42 uint16_t jump_debug_trampoline_end;
43 uint16_t jump_flash_exit_xip;
44 uint16_t jump_connect_internal_flash;
45 uint16_t jump_flash_range_erase;
46 uint16_t jump_flash_range_program;
47 uint16_t jump_flush_cache;
48 uint16_t jump_enter_cmd_xip;
49 /* detected model of SPI flash */
50 const struct flash_device *dev;
51 };
52
53 static uint32_t rp2040_lookup_symbol(struct target *target, uint32_t tag, uint16_t *symbol)
54 {
55 uint32_t magic;
56 int err = target_read_u32(target, BOOTROM_MAGIC_ADDR, &magic);
57 if (err != ERROR_OK)
58 return err;
59
60 magic &= 0xffffff; /* ignore bootrom version */
61 if (magic != BOOTROM_MAGIC) {
62 if (!((magic ^ BOOTROM_MAGIC)&0xffff))
63 LOG_ERROR("Incorrect RP2040 BOOT ROM version");
64 else
65 LOG_ERROR("RP2040 BOOT ROM not found");
66 return ERROR_FAIL;
67 }
68
69 /* dereference the table pointer */
70 uint16_t table_entry;
71 err = target_read_u16(target, BOOTROM_MAGIC_ADDR + 4, &table_entry);
72 if (err != ERROR_OK)
73 return err;
74
75 uint16_t entry_tag;
76 do {
77 err = target_read_u16(target, table_entry, &entry_tag);
78 if (err != ERROR_OK)
79 return err;
80 if (entry_tag == tag) {
81 /* 16 bit symbol is next */
82 return target_read_u16(target, table_entry + 2, symbol);
83 }
84 table_entry += 4;
85 } while (entry_tag);
86 return ERROR_FAIL;
87 }
88
89 static int rp2040_call_rom_func(struct target *target, struct rp2040_flash_bank *priv,
90 uint16_t func_offset, uint32_t argdata[], unsigned int n_args, int timeout_ms)
91 {
92 char *regnames[4] = { "r0", "r1", "r2", "r3" };
93
94 assert(n_args <= ARRAY_SIZE(regnames)); /* only allow register arguments */
95
96 if (!priv->stack) {
97 LOG_ERROR("no stack for flash programming code");
98 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
99 }
100 target_addr_t stacktop = priv->stack->address + priv->stack->size;
101
102 LOG_DEBUG("Calling ROM func @0x%" PRIx16 " with %d arguments", func_offset, n_args);
103 LOG_DEBUG("Calling on core \"%s\"", target->cmd_name);
104
105 struct reg_param args[ARRAY_SIZE(regnames) + 2];
106 struct armv7m_algorithm alg_info;
107
108 for (unsigned int i = 0; i < n_args; ++i) {
109 init_reg_param(&args[i], regnames[i], 32, PARAM_OUT);
110 buf_set_u32(args[i].value, 0, 32, argdata[i]);
111 }
112 /* Pass function pointer in r7 */
113 init_reg_param(&args[n_args], "r7", 32, PARAM_OUT);
114 buf_set_u32(args[n_args].value, 0, 32, func_offset);
115 init_reg_param(&args[n_args + 1], "sp", 32, PARAM_OUT);
116 buf_set_u32(args[n_args + 1].value, 0, 32, stacktop);
117
118
119 for (unsigned int i = 0; i < n_args + 2; ++i)
120 LOG_DEBUG("Set %s = 0x%" PRIx32, args[i].reg_name, buf_get_u32(args[i].value, 0, 32));
121
122 /* Actually call the function */
123 alg_info.common_magic = ARMV7M_COMMON_MAGIC;
124 alg_info.core_mode = ARM_MODE_THREAD;
125 int err = target_run_algorithm(
126 target,
127 0, NULL, /* No memory arguments */
128 n_args + 1, args, /* User arguments + r7 */
129 priv->jump_debug_trampoline, priv->jump_debug_trampoline_end,
130 timeout_ms,
131 &alg_info
132 );
133 for (unsigned int i = 0; i < n_args + 2; ++i)
134 destroy_reg_param(&args[i]);
135 if (err != ERROR_OK)
136 LOG_ERROR("Failed to invoke ROM function @0x%" PRIx16 "\n", func_offset);
137 return err;
138
139 }
140
141 /* Finalize flash write/erase/read ID
142 * - flush cache
143 * - enters memory-mapped (XIP) mode to make flash data visible
144 * - deallocates target ROM func stack if previously allocated
145 */
146 static int rp2040_finalize_stack_free(struct flash_bank *bank)
147 {
148 struct rp2040_flash_bank *priv = bank->driver_priv;
149 struct target *target = bank->target;
150
151 /* Always flush before returning to execute-in-place, to invalidate stale
152 * cache contents. The flush call also restores regular hardware-controlled
153 * chip select following a rp2040_flash_exit_xip().
154 */
155 LOG_DEBUG("Flushing flash cache after write behind");
156 int err = rp2040_call_rom_func(target, priv, priv->jump_flush_cache, NULL, 0, 1000);
157 if (err != ERROR_OK) {
158 LOG_ERROR("Failed to flush flash cache");
159 /* Intentionally continue after error and try to setup xip anyway */
160 }
161
162 LOG_DEBUG("Configuring SSI for execute-in-place");
163 err = rp2040_call_rom_func(target, priv, priv->jump_enter_cmd_xip, NULL, 0, 1000);
164 if (err != ERROR_OK)
165 LOG_ERROR("Failed to set SSI to XIP mode");
166
167 target_free_working_area(target, priv->stack);
168 priv->stack = NULL;
169 return err;
170 }
171
172 /* Prepare flash write/erase/read ID
173 * - allocates a stack for target ROM func
174 * - switches the SPI interface from memory-mapped mode to direct command mode
175 * Always pair with a call of rp2040_finalize_stack_free()
176 * after flash operation finishes or fails.
177 */
178 static int rp2040_stack_grab_and_prep(struct flash_bank *bank)
179 {
180 struct rp2040_flash_bank *priv = bank->driver_priv;
181 struct target *target = bank->target;
182
183 /* target_alloc_working_area always allocates multiples of 4 bytes, so no worry about alignment */
184 const int STACK_SIZE = 256;
185 int err = target_alloc_working_area(target, STACK_SIZE, &priv->stack);
186 if (err != ERROR_OK) {
187 LOG_ERROR("Could not allocate stack for flash programming code");
188 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
189 }
190
191 LOG_DEBUG("Connecting internal flash");
192 err = rp2040_call_rom_func(target, priv, priv->jump_connect_internal_flash, NULL, 0, 1000);
193 if (err != ERROR_OK) {
194 LOG_ERROR("Failed to connect internal flash");
195 return err;
196 }
197
198 LOG_DEBUG("Kicking flash out of XIP mode");
199 err = rp2040_call_rom_func(target, priv, priv->jump_flash_exit_xip, NULL, 0, 1000);
200 if (err != ERROR_OK) {
201 LOG_ERROR("Failed to exit flash XIP mode");
202 return err;
203 }
204
205 return ERROR_OK;
206 }
207
208 static int rp2040_flash_write(struct flash_bank *bank, const uint8_t *buffer, uint32_t offset, uint32_t count)
209 {
210 LOG_DEBUG("Writing %d bytes starting at 0x%" PRIx32, count, offset);
211
212 struct rp2040_flash_bank *priv = bank->driver_priv;
213 struct target *target = bank->target;
214 struct working_area *bounce = NULL;
215
216 int err = rp2040_stack_grab_and_prep(bank);
217 if (err != ERROR_OK)
218 goto cleanup;
219
220 unsigned int avail_pages = target_get_working_area_avail(target) / priv->dev->pagesize;
221 /* We try to allocate working area rounded down to device page size,
222 * al least 1 page, at most the write data size
223 */
224 unsigned int chunk_size = MIN(MAX(avail_pages, 1) * priv->dev->pagesize, count);
225 err = target_alloc_working_area(target, chunk_size, &bounce);
226 if (err != ERROR_OK) {
227 LOG_ERROR("Could not allocate bounce buffer for flash programming. Can't continue");
228 goto cleanup;
229 }
230
231 LOG_DEBUG("Allocated flash bounce buffer @" TARGET_ADDR_FMT, bounce->address);
232
233 while (count > 0) {
234 uint32_t write_size = count > chunk_size ? chunk_size : count;
235 LOG_DEBUG("Writing %d bytes to offset 0x%" PRIx32, write_size, offset);
236 err = target_write_buffer(target, bounce->address, write_size, buffer);
237 if (err != ERROR_OK) {
238 LOG_ERROR("Could not load data into target bounce buffer");
239 break;
240 }
241 uint32_t args[3] = {
242 offset, /* addr */
243 bounce->address, /* data */
244 write_size /* count */
245 };
246 err = rp2040_call_rom_func(target, priv, priv->jump_flash_range_program,
247 args, ARRAY_SIZE(args), 3000);
248 if (err != ERROR_OK) {
249 LOG_ERROR("Failed to invoke flash programming code on target");
250 break;
251 }
252
253 buffer += write_size;
254 offset += write_size;
255 count -= write_size;
256 }
257
258 cleanup:
259 target_free_working_area(target, bounce);
260
261 rp2040_finalize_stack_free(bank);
262
263 return err;
264 }
265
266 static int rp2040_flash_erase(struct flash_bank *bank, unsigned int first, unsigned int last)
267 {
268 struct rp2040_flash_bank *priv = bank->driver_priv;
269 uint32_t start_addr = bank->sectors[first].offset;
270 uint32_t length = bank->sectors[last].offset + bank->sectors[last].size - start_addr;
271 LOG_DEBUG("RP2040 erase %d bytes starting at 0x%" PRIx32, length, start_addr);
272
273 int err = rp2040_stack_grab_and_prep(bank);
274 if (err != ERROR_OK)
275 goto cleanup;
276
277 LOG_DEBUG("Remote call flash_range_erase");
278
279 uint32_t args[4] = {
280 bank->sectors[first].offset, /* addr */
281 bank->sectors[last].offset + bank->sectors[last].size - bank->sectors[first].offset, /* count */
282 priv->dev->sectorsize, /* block_size */
283 priv->dev->erase_cmd /* block_cmd */
284 };
285
286 /*
287 The RP2040 Boot ROM provides a _flash_range_erase() API call documented in Section 2.8.3.1.3:
288 https://datasheets.raspberrypi.org/rp2040/rp2040-datasheet.pdf
289 and the particular source code for said Boot ROM function can be found here:
290 https://github.com/raspberrypi/pico-bootrom/blob/master/bootrom/program_flash_generic.c
291
292 In theory, the function algorithm provides for erasing both a smaller "sector" (4096 bytes) and
293 an optional larger "block" (size and command provided in args).
294 */
295
296 int timeout_ms = 2000 * (last - first) + 1000;
297 err = rp2040_call_rom_func(bank->target, priv, priv->jump_flash_range_erase,
298 args, ARRAY_SIZE(args), timeout_ms);
299
300 cleanup:
301 rp2040_finalize_stack_free(bank);
302
303 return err;
304 }
305
306 /* -----------------------------------------------------------------------------
307 Driver probing etc */
308
309 static int rp2040_ssel_active(struct target *target, bool active)
310 {
311 const target_addr_t qspi_ctrl_addr = 0x4001800c;
312 const uint32_t qspi_ctrl_outover_low = 2UL << 8;
313 const uint32_t qspi_ctrl_outover_high = 3UL << 8;
314 uint32_t state = (active) ? qspi_ctrl_outover_low : qspi_ctrl_outover_high;
315 uint32_t val;
316
317 int err = target_read_u32(target, qspi_ctrl_addr, &val);
318 if (err != ERROR_OK)
319 return err;
320
321 val = (val & ~qspi_ctrl_outover_high) | state;
322
323 err = target_write_u32(target, qspi_ctrl_addr, val);
324 if (err != ERROR_OK)
325 return err;
326
327 return ERROR_OK;
328 }
329
330 static int rp2040_spi_read_flash_id(struct target *target, uint32_t *devid)
331 {
332 uint32_t device_id = 0;
333 const target_addr_t ssi_dr0 = 0x18000060;
334
335 int err = rp2040_ssel_active(target, true);
336
337 /* write RDID request into SPI peripheral's FIFO */
338 for (int count = 0; (count < 4) && (err == ERROR_OK); count++)
339 err = target_write_u32(target, ssi_dr0, SPIFLASH_READ_ID);
340
341 /* by this time, there is a receive FIFO entry for every write */
342 for (int count = 0; (count < 4) && (err == ERROR_OK); count++) {
343 uint32_t status;
344 err = target_read_u32(target, ssi_dr0, &status);
345
346 device_id >>= 8;
347 device_id |= (status & 0xFF) << 24;
348 }
349
350 if (err == ERROR_OK)
351 *devid = device_id >> 8;
352
353 int err2 = rp2040_ssel_active(target, false);
354 if (err2 != ERROR_OK)
355 LOG_ERROR("SSEL inactive failed");
356
357 return err;
358 }
359
360 static int rp2040_flash_probe(struct flash_bank *bank)
361 {
362 struct rp2040_flash_bank *priv = bank->driver_priv;
363 struct target *target = bank->target;
364
365 int err = rp2040_lookup_symbol(target, FUNC_DEBUG_TRAMPOLINE, &priv->jump_debug_trampoline);
366 if (err != ERROR_OK) {
367 LOG_ERROR("Debug trampoline not found in RP2040 ROM.");
368 return err;
369 }
370 priv->jump_debug_trampoline &= ~1u; /* mask off thumb bit */
371
372 err = rp2040_lookup_symbol(target, FUNC_DEBUG_TRAMPOLINE_END, &priv->jump_debug_trampoline_end);
373 if (err != ERROR_OK) {
374 LOG_ERROR("Debug trampoline end not found in RP2040 ROM.");
375 return err;
376 }
377 priv->jump_debug_trampoline_end &= ~1u; /* mask off thumb bit */
378
379 err = rp2040_lookup_symbol(target, FUNC_FLASH_EXIT_XIP, &priv->jump_flash_exit_xip);
380 if (err != ERROR_OK) {
381 LOG_ERROR("Function FUNC_FLASH_EXIT_XIP not found in RP2040 ROM.");
382 return err;
383 }
384
385 err = rp2040_lookup_symbol(target, FUNC_CONNECT_INTERNAL_FLASH, &priv->jump_connect_internal_flash);
386 if (err != ERROR_OK) {
387 LOG_ERROR("Function FUNC_CONNECT_INTERNAL_FLASH not found in RP2040 ROM.");
388 return err;
389 }
390
391 err = rp2040_lookup_symbol(target, FUNC_FLASH_RANGE_ERASE, &priv->jump_flash_range_erase);
392 if (err != ERROR_OK) {
393 LOG_ERROR("Function FUNC_FLASH_RANGE_ERASE not found in RP2040 ROM.");
394 return err;
395 }
396
397 err = rp2040_lookup_symbol(target, FUNC_FLASH_RANGE_PROGRAM, &priv->jump_flash_range_program);
398 if (err != ERROR_OK) {
399 LOG_ERROR("Function FUNC_FLASH_RANGE_PROGRAM not found in RP2040 ROM.");
400 return err;
401 }
402
403 err = rp2040_lookup_symbol(target, FUNC_FLASH_FLUSH_CACHE, &priv->jump_flush_cache);
404 if (err != ERROR_OK) {
405 LOG_ERROR("Function FUNC_FLASH_FLUSH_CACHE not found in RP2040 ROM.");
406 return err;
407 }
408
409 err = rp2040_lookup_symbol(target, FUNC_FLASH_ENTER_CMD_XIP, &priv->jump_enter_cmd_xip);
410 if (err != ERROR_OK) {
411 LOG_ERROR("Function FUNC_FLASH_ENTER_CMD_XIP not found in RP2040 ROM.");
412 return err;
413 }
414
415 err = rp2040_stack_grab_and_prep(bank);
416
417 uint32_t device_id = 0;
418 if (err == ERROR_OK)
419 err = rp2040_spi_read_flash_id(target, &device_id);
420
421 rp2040_finalize_stack_free(bank);
422
423 if (err != ERROR_OK)
424 return err;
425
426 /* search for a SPI flash Device ID match */
427 priv->dev = NULL;
428 for (const struct flash_device *p = flash_devices; p->name ; p++)
429 if (p->device_id == device_id) {
430 priv->dev = p;
431 break;
432 }
433
434 if (!priv->dev) {
435 LOG_ERROR("Unknown flash device (ID 0x%08" PRIx32 ")", device_id);
436 return ERROR_FAIL;
437 }
438
439 LOG_INFO("Found flash device \'%s\' (ID 0x%08" PRIx32 ")",
440 priv->dev->name, priv->dev->device_id);
441
442 /* the Boot ROM flash_range_program() routine requires page alignment */
443 bank->write_start_alignment = priv->dev->pagesize;
444 bank->write_end_alignment = priv->dev->pagesize;
445
446 bank->size = priv->dev->size_in_bytes;
447
448 bank->num_sectors = bank->size / priv->dev->sectorsize;
449 LOG_INFO("RP2040 B0 Flash Probe: %d bytes @" TARGET_ADDR_FMT ", in %d sectors\n",
450 bank->size, bank->base, bank->num_sectors);
451 bank->sectors = alloc_block_array(0, priv->dev->sectorsize, bank->num_sectors);
452 if (!bank->sectors)
453 return ERROR_FAIL;
454
455 if (err == ERROR_OK)
456 priv->probed = true;
457
458 return err;
459 }
460
461 static int rp2040_flash_auto_probe(struct flash_bank *bank)
462 {
463 struct rp2040_flash_bank *priv = bank->driver_priv;
464
465 if (priv->probed)
466 return ERROR_OK;
467
468 return rp2040_flash_probe(bank);
469 }
470
471 static void rp2040_flash_free_driver_priv(struct flash_bank *bank)
472 {
473 free(bank->driver_priv);
474 bank->driver_priv = NULL;
475 }
476
477 /* -----------------------------------------------------------------------------
478 Driver boilerplate */
479
480 FLASH_BANK_COMMAND_HANDLER(rp2040_flash_bank_command)
481 {
482 struct rp2040_flash_bank *priv;
483 priv = malloc(sizeof(struct rp2040_flash_bank));
484 priv->probed = false;
485
486 /* Set up driver_priv */
487 bank->driver_priv = priv;
488
489 return ERROR_OK;
490 }
491
492 struct flash_driver rp2040_flash = {
493 .name = "rp2040_flash",
494 .flash_bank_command = rp2040_flash_bank_command,
495 .erase = rp2040_flash_erase,
496 .write = rp2040_flash_write,
497 .read = default_flash_read,
498 .probe = rp2040_flash_probe,
499 .auto_probe = rp2040_flash_auto_probe,
500 .erase_check = default_flash_blank_check,
501 .free_driver_priv = rp2040_flash_free_driver_priv
502 };
Official OpenOCD Mirror