+++ /dev/null
-#!/usr/bin/env python
-# GoodFET ARM Client Library
-#
-#
-# Good luck with alpha / beta code.
-# Contributions and bug reports welcome.
-#
-
-
-
-raise Exception("DEPRECATED. USE GoodFETARM7")
-
-import sys, binascii, struct, time
-import atlasutils.smartprint as asp
-from GoodFET import GoodFET
-from intelhex import IntelHex
-
-platforms = {
- "at91sam7": {0:(0x100000, "Flash before remap, SRAM after remap"),
- 0x100000: (0x100000, "Internal Flash"),
- 0x200000: (0x100000, "Internal SRAM"),
- },
- }
-
-
-#Global Commands
-READ = 0x00
-WRITE = 0x01
-PEEK = 0x02
-POKE = 0x03
-SETUP = 0x10
-START = 0x20
-STOP = 0x21
-CALL = 0x30
-EXEC = 0x31
-NOK = 0x7E
-OK = 0x7F
-
-# ARM7TDMI JTAG commands
-GET_DEBUG_CTRL = 0x80
-SET_DEBUG_CTRL = 0x81
-GET_PC = 0x82
-SET_PC = 0x83
-GET_CHIP_ID = 0x84
-GET_DEBUG_STATE = 0x85
-GET_WATCHPOINT = 0x86
-SET_WATCHPOINT = 0x87
-GET_REGISTER = 0x88
-SET_REGISTER = 0x89
-GET_REGISTERS = 0x8a
-SET_REGISTERS = 0x8b
-HALTCPU = 0x8c
-RESUMECPU = 0x8d
-DEBUG_INSTR = 0x8e #
-STEP_INSTR = 0x8f #
-STEP_REPLACE = 0x90 #
-PROGRAM_FLASH = 0x95
-LOCKCHIP = 0x96 # ??
-CHIP_ERASE = 0x97 # can do?
-# Really ARM specific stuff
-GET_CPSR = 0x98
-SET_CPSR = 0x99
-GET_SPSR = 0x9a
-SET_SPSR = 0x9b
-SET_MODE_THUMB = 0x9c
-SET_MODE_ARM = 0x9d
-SET_IR = 0x9e
-WAIT_DBG = 0x9f
-SHIFT_DR = 0xa0
-SETWATCH0 = 0xa1
-SETWATCH1 = 0xa2
-CHAIN0 = 0xa3
-
-
-MSB = 0
-LSB = 1
-NOEND = 2
-NORETIDLE = 4
-
-PM_usr = 0b10000
-PM_fiq = 0b10001
-PM_irq = 0b10010
-PM_svc = 0b10011
-PM_abt = 0b10111
-PM_und = 0b11011
-PM_sys = 0b11111
-proc_modes = {
- PM_usr: ("User Processor Mode", "usr", "Normal program execution mode"),
- PM_fiq: ("FIQ Processor Mode", "fiq", "Supports a high-speed data transfer or channel process"),
- PM_irq: ("IRQ Processor Mode", "irq", "Used for general-purpose interrupt handling"),
- PM_svc: ("Supervisor Processor Mode", "svc", "A protected mode for the operating system"),
- PM_irq: ("Abort Processor Mode", "irq", "Implements virtual memory and/or memory protection"),
- PM_und: ("Undefined Processor Mode", "und", "Supports software emulation of hardware coprocessor"),
- PM_sys: ("System Processor Mode", "sys", "Runs privileged operating system tasks (ARMv4 and above)"),
-}
-
-PSR_bits = [
- None,
- None,
- None,
- None,
- None,
- "Thumb",
- "nFIQ_int",
- "nIRQ_int",
- "nImprDataAbort_int",
- "BIGendian",
- None,
- None,
- None,
- None,
- None,
- None,
- "GE_0",
- "GE_1",
- "GE_2",
- "GE_3",
- None,
- None,
- None,
- None,
- "Jazelle",
- None,
- None,
- "Q (DSP-overflow)",
- "oVerflow",
- "Carry",
- "Zero",
- "Neg",
- ]
-
-
-
-ARM_INSTR_NOP = 0xe1a00000L
-ARM_INSTR_BX_R0 = 0xe12fff10L
-ARM_INSTR_STR_Rx_r14 = 0xe58f0000L # from atmel docs
-ARM_READ_REG = ARM_INSTR_STR_Rx_r14
-ARM_INSTR_LDR_Rx_r14 = 0xe59f0000L # from atmel docs
-ARM_WRITE_REG = ARM_INSTR_LDR_Rx_r14
-ARM_INSTR_LDR_R1_r0_4 = 0xe4901004L
-ARM_READ_MEM = ARM_INSTR_LDR_R1_r0_4
-ARM_INSTR_STR_R1_r0_4 = 0xe4801004L
-ARM_WRITE_MEM = ARM_INSTR_STR_R1_r0_4
-ARM_INSTR_MRS_R0_CPSR = 0xe10f0000L
-ARM_INSTR_MSR_cpsr_cxsf_R0 =0xe12ff000L
-ARM_INSTR_STMIA_R14_r0_rx = 0xE88E0000L # add up to 65k to indicate which registers...
-ARM_STORE_MULTIPLE = ARM_INSTR_STMIA_R14_r0_rx
-ARM_INSTR_SKANKREGS = 0xE88F7fffL
-ARM_INSTR_CLOBBEREGS = 0xE89F7fffL
-
-ARM_INSTR_B_PC = 0xea000000L
-ARM_INSTR_BX_PC = 0xe1200010L # need to set r0 to the desired address
-THUMB_INSTR_STR_R0_r0 = 0x60006000L
-THUMB_INSTR_MOV_R0_PC = 0x46b846b8L
-THUMB_INSTR_BX_PC = 0x47784778L
-THUMB_INSTR_NOP = 0x1c001c00L
-ARM_REG_PC = 15
-
-ARM7TDMI_IR_EXTEST = 0x0
-ARM7TDMI_IR_SCAN_N = 0x2
-ARM7TDMI_IR_SAMPLE = 0x3
-ARM7TDMI_IR_RESTART = 0x4
-ARM7TDMI_IR_CLAMP = 0x5
-ARM7TDMI_IR_HIGHZ = 0x7
-ARM7TDMI_IR_CLAMPZ = 0x9
-ARM7TDMI_IR_INTEST = 0xC
-ARM7TDMI_IR_IDCODE = 0xE
-ARM7TDMI_IR_BYPASS = 0xF
-
-
-def PSRdecode(psrval):
- output = [ "(%s mode)"%proc_modes[psrval&0x1f][1] ]
- for x in xrange(5,32):
- if psrval & (1<<x):
- output.append(PSR_bits[x])
- return " ".join(output)
-
-fmt = [None, "B", "<H", None, "<L", None, None, None, "<Q"]
-def chop(val,byts):
- s = struct.pack(fmt[byts], val)
- return [ord(b) for b in s ]
-
-class GoodFETARM(GoodFET):
- """A GoodFET variant for use with ARM7TDMI microprocessor."""
- def ARMhaltcpu(self):
- """Halt the CPU."""
- self.writecmd(0x13,HALTCPU,0,self.data)
- print "CPSR: (%s) %s"%(self.ARMget_regCPSRstr())
- halt=ARMhaltcpu
- def ARMreleasecpu(self):
- """Resume the CPU."""
- self.writecmd(0x13,RESUMECPU,0,self.data)
- def ARMsetModeArm(self, restart=0):
- self.writecmd(0x13,SET_MODE_ARM,0,[restart])
- def ARMsetModeThumb(self, restart=0):
- self.writecmd(0x13,SET_MODE_THUMB,0,[restart])
- def ARMtest(self):
- #self.ARMreleasecpu()
- #self.ARMhaltcpu()
- print "Status: %s" % self.ARMstatusstr()
-
- #Grab ident three times, should be equal.
- ident1=self.ARMident()
- ident2=self.ARMident()
- ident3=self.ARMident()
- if(ident1!=ident2 or ident2!=ident3):
- print "Error, repeated ident attempts unequal."
- print "%04x, %04x, %04x" % (ident1, ident2, ident3)
-
- #Set and Check Registers
- regs = [1024+x for x in range(0,15)]
- regr = []
- for x in range(len(regs)):
- self.ARMset_register(x, regs[x])
-
- for x in range(len(regs)):
- regr.append(self.ARMget_register(x))
-
- for x in range(len(regs)):
- if regs[x] != regr[x]:
- print "Error, R%d fail: %x != %x"%(x,regs[x],regr[x])
-
- return
-
-
-
-
- #Single step, printing PC.
- print "Tracing execution at startup."
- for i in range(15):
- pc=self.ARMgetPC()
- byte=self.ARMpeekcodebyte(i)
- #print "PC=%04x, %02x" % (pc, byte)
- self.ARMstep_instr()
-
- print "Verifying that debugging a NOP doesn't affect the PC."
- for i in range(1,15):
- pc=self.ARMgetPC()
- self.ARMdebuginstr([NOP])
- if(pc!=self.ARMgetPC()):
- print "ERROR: PC changed during ARMdebuginstr([NOP])!"
-
- print "Checking pokes to XRAM."
- for i in range(0xf000,0xf020):
- self.ARMpokedatabyte(i,0xde)
- if(self.ARMpeekdatabyte(i)!=0xde):
- print "Error in DATA at 0x%04x" % i
-
- #print "Status: %s." % self.ARMstatusstr()
- #Exit debugger
- self.stop()
- print "Done."
-
- def setup(self):
- """Move the FET into the JTAG ARM application."""
- #print "Initializing ARM."
- self.writecmd(0x13,SETUP,0,self.data)
- def ARMget_dbgstate(self):
- """Read the config register of an ARM."""
- self.writecmd(0x13,GET_DEBUG_STATE,0,self.data)
- retval = struct.unpack("<L", self.data[:4])[0]
- return retval
- def ARMget_dbgctrl(self):
- """Read the config register of an ARM."""
- self.writecmd(0x13,GET_DEBUG_CTRL,0,self.data)
- retval = struct.unpack("B", self.data)[0]
- return retval
- def ARMset_dbgctrl(self,config):
- """Write the config register of an ARM."""
- self.writecmd(0x13,SET_DEBUG_CTRL,1,[config&7])
- def ARMlockchip(self):
- """Set the flash lock bit in info mem.
- Chip-Specific. Not implemented"""
- #self.writecmd(0x13, LOCKCHIP, 0, [])
- raise Exception("Unimplemented: lockchip. This is chip specific and must be implemented for each chip.")
-
-
- def ARMidentstr(self):
- ident=self.ARMident()
- ver = ident >> 28
- partno = (ident >> 12) & 0x10
- mfgid = ident & 0xfff
- return "mfg: %x\npartno: %x\nver: %x\n(%x)" % (ver, partno, mfgid, ident);
- def ARMident(self):
- """Get an ARM's ID."""
- self.writecmd(0x13,GET_CHIP_ID,0,[])
- retval = struct.unpack("<L", "".join(self.data[0:4]))[0]
- return retval
- def ARMsetPC(self, val):
- """Set an ARM's PC. Note: real PC gets all wonky in debug mode, this changes the "saved" PC which is used when exiting debug mode"""
- self.writecmd(0x13,SET_PC,0,chop(val,4))
- def ARMgetPC(self):
- """Get an ARM's PC. Note: real PC gets all wonky in debug mode, this is the "saved" PC"""
- self.writecmd(0x13,GET_PC,0,[])
- retval = struct.unpack("<L", "".join(self.data[0:4]))[0]
- return retval
- def ARMget_register(self, reg):
- """Get an ARM's Register"""
- self.writecmd(0x13,GET_REGISTER,1,[reg&0xff])
- retval = struct.unpack("<L", "".join(self.data[0:4]))[0]
- return retval
- def ARMset_register(self, reg, val):
- """Get an ARM's Register"""
- self.writecmd(0x13,SET_REGISTER,8,[val&0xff, (val>>8)&0xff, (val>>16)&0xff, val>>24, reg,0,0,0])
- #self.writecmd(0x13,SET_REGISTER,8,[reg,0,0,0, (val>>16)&0xff, val>>24, val&0xff, (val>>8)&0xff])
- retval = struct.unpack("<L", "".join(self.data[0:4]))[0]
- return retval
- def ARMget_registers(self):
- """Get ARM Registers"""
- regs = [ self.ARMget_register(x) for x in range(15) ]
- regs.append(self.ARMgetPC()) # make sure we snag the "static" version of PC
- return regs
- def ARMset_registers(self, regs, mask):
- """Set ARM Registers"""
- for x in xrange(15):
- if (1<<x) & mask:
- self.ARMset_register(x,regs.pop())
- if (1<<15) & mask: # make sure we set the "static" version of PC or changes will be lost
- self.ARMsetPC(regs.pop())
- def ARMget_regCPSRstr(self):
- psr = self.ARMget_regCPSR()
- return hex(psr), PSRdecode(psr)
- def ARMget_regCPSR(self):
- """Get an ARM's Register"""
- self.writecmd(0x13,GET_CPSR,0,[])
- retval = struct.unpack("<L", "".join(self.data[0:4]))[0]
- return retval
- def ARMset_regCPSR(self, val):
- """Get an ARM's Register"""
- self.writecmd(0x13,SET_CPSR,4,[val&0xff, (val>>8)&0xff, (val>>16)&0xff, val>>24])
- def ARMcmd(self,phrase):
- self.writecmd(0x13,READ,len(phrase),phrase)
- val=ord(self.data[0])
- print "Got %02x" % val
- return val
- def ARMdebuginstr(self,instr,bkpt):
- if type (instr) == int or type(instr) == long:
- instr = struct.pack("<L", instr)
- instr = [int("0x%x"%ord(x),16) for x in instr]
- instr.extend([bkpt])
- self.writecmd(0x13,DEBUG_INSTR,len(instr),instr)
- return (self.data)
- def ARM_nop(self, bkpt):
- return self.ARMdebuginstr(ARM_INSTR_NOP, bkpt)
- def ARMset_IR(self, IR, noretidle=0):
- self.writecmd(0x13,SET_IR,2, [IR, LSB|noretidle])
- return self.data
- def ARMshiftDR(self, data, bits, flags):
- self.writecmd(0x13,SHIFT_DR,8,[bits&0xff, flags&0xff, 0, 0, data&0xff,(data>>8)&0xff,(data>>16)&0xff,(data>>24)&0xff])
- return self.data
- def ARMwaitDBG(self, timeout=0xff):
- self.writecmd(0x13,WAIT_DBG,2,[timeout&0xf,timeout>>8])
- return self.data
- def ARMrestart(self):
- #self.ARMset_IR(ARM7TDMI_IR_BYPASS)
- self.ARMset_IR(ARM7TDMI_IR_RESTART)
- def ARMset_watchpoint0(self, addr, addrmask, data, datamask, ctrl, ctrlmask):
- self.data = []
- self.data.extend(chop(addr,4))
- self.data.extend(chop(addrmask,4))
- self.data.extend(chop(data,4))
- self.data.extend(chop(datamask,4))
- self.data.extend(chop(ctrl,4))
- self.data.extend(chop(ctrlmask,4))
- self.writecmd(0x13,SETWATCH0,24,self.data)
- return self.data
- def ARMset_watchpoint1(self, addr, addrmask, data, datamask, ctrl, ctrlmask):
- self.data = []
- self.data.extend(chop(addr,4))
- self.data.extend(chop(addrmask,4))
- self.data.extend(chop(data,4))
- self.data.extend(chop(datamask,4))
- self.data.extend(chop(ctrl,4))
- self.data.extend(chop(ctrlmask,4))
- self.writecmd(0x13,SETWATCH1,24,self.data)
- return self.data
- def ARMreadMem(self, adr, wrdcount):
- retval = []
- r0 = self.ARMget_register(0); # store R0 and R1
- r1 = self.ARMget_register(1);
- #print >>sys.stderr,("CPSR:\t%x"%self.ARMget_regCPSR())
- for word in range(adr, adr+(wrdcount*4), 4):
- sys.stdin.readline()
- self.ARMset_register(0, word); # write address into R0
- #time.sleep(1)
- self.ARMset_register(1, 0xdeadbeef)
- #time.sleep(1)
- self.ARM_nop(0)
- #time.sleep(1)
- self.ARM_nop(1)
- #time.sleep(1)
- self.ARMdebuginstr(ARM_READ_MEM, 0); # push LDR R1, [R0], #4 into instruction pipeline (autoincrements for consecutive reads)
- #time.sleep(1)
- self.ARM_nop(0)
- #time.sleep(1)
- self.ARMrestart()
- #time.sleep(1)
- self.ARMwaitDBG()
- #time.sleep(1)
- print hex(self.ARMget_register(1))
-
-
- # FIXME: this may end up changing te current debug-state. should we compare to current_dbgstate?
- #print repr(self.data[4])
- if (len(self.data)>4 and self.data[4] == '\x00'):
- print >>sys.stderr,("FAILED TO READ MEMORY/RE-ENTER DEBUG MODE")
- raise Exception("FAILED TO READ MEMORY/RE-ENTER DEBUG MODE")
- return (-1);
- else:
- retval.append( self.ARMget_register(1) ) # read memory value from R1 register
- #print >>sys.stderr,("CPSR: %x\t\tR0: %x\t\tR1: %x"%(self.ARMget_regCPSR(),self.ARMget_register(0),self.ARMget_register(1)))
- self.ARMset_register(1, r1); # restore R0 and R1
- self.ARMset_register(0, r0);
- return retval
-
- def ARMwriteMem(self, adr, wordarray):
- r0 = self.ARMget_register(0); # store R0 and R1
- r1 = self.ARMget_register(1);
- #print >>sys.stderr,("CPSR:\t%x"%self.ARMget_regCPSR())
- for word in xrange(adr, adr+len(string), 4):
- self.ARMset_register(0, word); # write address into R0
- self.ARM_nop(0)
- self.ARM_nop(1)
- self.ARMdebuginstr(ARM_WRITE_MEM, 0); # push STR R1, [R0], #4 into instruction pipeline (autoincrements for consecutive writes)
- self.ARM_nop(0)
- self.ARMrestart()
- self.ARMwaitDBG()
- print hex(self.ARMget_register(1))
-
-
- # FIXME: this may end up changing te current debug-state. should we compare to current_dbgstate?
- #print repr(self.data[4])
- if (len(self.data)>4 and self.data[4] == '\x00'):
- print >>sys.stderr,("FAILED TO READ MEMORY/RE-ENTER DEBUG MODE")
- raise Exception("FAILED TO READ MEMORY/RE-ENTER DEBUG MODE")
- return (-1);
- else:
- retval.append( self.ARMget_register(1) ) # read memory value from R1 register
- #print >>sys.stderr,("CPSR: %x\t\tR0: %x\t\tR1: %x"%(self.ARMget_regCPSR(),self.ARMget_register(0),self.ARMget_register(1)))
- self.ARMset_register(1, r1); # restore R0 and R1
- self.ARMset_register(0, r0);
- return retval
-
- def ARMpeekcodewords(self,adr,words):
- """Read the contents of code memory at an address."""
- self.data=[adr&0xff, (adr>>8)&0xff, (adr>>16)&0xff, (adr>>24)&0xff, words&0xff, (words>>8)&0xff, (words>>16)&0xff, (words>>24)&0xff ]
- self.writecmd(0x13,READ_CODE_MEMORY,8,self.data)
- retval = []
- retval.append(self.serialport.read(words*4))
- #retval = struct.unpack("<L", "".join(self.data[0:4]))[0]
- return "".join(retval)
- def ARMpeekdatabyte(self,adr):
- """Read the contents of data memory at an address."""
- self.data=[ adr&0xff, (adr>>8)&0xff, (adr>>16)&0xff, (adr>>24)&0xff ]
- self.writecmd(0x13, PEEK, 4, self.data)
- #retval.append(self.serialport.read(words*4))
- retval = struct.unpack("<L", "".join(self.data[0:4]))[0]
- return retval
- def ARMpokedatabyte(self,adr,val):
- """Write a byte to data memory."""
- self.data=[adr&0xff, (adr>>8)&0xff, (adr>>16)&0xff, (adr>>24)&0xff, val&0xff, (val>>8)&0xff, (val>>16)&0xff, (val>>24)&0xff ]
- self.writecmd(0x13, POKE, 8, self.data)
- retval = struct.unpack("<L", "".join(self.data[0:4]))[0]
- return retval
- #def ARMchiperase(self):
- # """Erase all of the target's memory."""
- # self.writecmd(0x13,CHIP_ERASE,0,[])
- def ARMstatus(self):
- """Check the status."""
- self.writecmd(0x13,GET_DEBUG_STATE,0,[])
- return ord(self.data[0])
- ARMstatusbits={
- 0x10 : "TBIT",
- 0x08 : "cgenL",
- 0x04 : "Interrupts Enabled (or not?)",
- 0x02 : "DBGRQ",
- 0x01 : "DGBACK"
- }
- ARMctrlbits={
- 0x04 : "disable interrupts",
- 0x02 : "force dbgrq",
- 0x01 : "force dbgack"
- }
-
- def ARMstatusstr(self):
- """Check the status as a string."""
- status=self.ARMstatus()
- str=""
- i=1
- while i<0x100:
- if(status&i):
- str="%s %s" %(self.ARMstatusbits[i],str)
- i*=2
- return str
- def ARMchain0(self, address, bits, data):
- bulk = chop(address,4)
- bulk.extend(chop(bits,8))
- bulk.extend(chop(data,4))
- print (repr(bulk))
- self.writecmd(0x13,CHAIN0,16,bulk)
- d1,b1,a1 = struct.unpack("<LQL",self.data)
- return (a1,b1,d1)
- def start(self):
- """Start debugging."""
- self.writecmd(0x13,START,0,self.data)
- ident=self.ARMidentstr()
- print "Target identifies as %s." % ident
- print "Debug Status: %s." % self.ARMstatusstr()
- #print "System State: %x." % self.ARMget_regCPSRstr()
- #self.ARMreleasecpu()
- #self.ARMhaltcpu()
-
- def stop(self):
- """Stop debugging."""
- self.writecmd(0x13,STOP,0,self.data)
- #def ARMstep_instr(self):
- # """Step one instruction."""
- # self.writecmd(0x13,STEP_INSTR,0,self.data)
- #def ARMflashpage(self,adr):
- # """Flash 2kB a page of flash from 0xF000 in XDATA"""
- # data=[adr&0xFF,
- # (adr>>8)&0xFF,
- # (adr>>16)&0xFF,
- # (adr>>24)&0xFF]
- # print "Flashing buffer to 0x%06x" % adr
- # self.writecmd(0x13,MASS_FLASH_PAGE,4,data)
-
- def writecmd(self, app, verb, count=0, data=[]):
- """Write a command and some data to the GoodFET."""
- self.serialport.write(chr(app))
- self.serialport.write(chr(verb))
- count = len(data)
- #if data!=None:
- # count=len(data); #Initial count ignored.
-
- #print "TX %02x %02x %04x" % (app,verb,count)
-
- #little endian 16-bit length
- self.serialport.write(chr(count&0xFF))
- self.serialport.write(chr(count>>8))
-
- #print "count=%02x, len(data)=%04x" % (count,len(data))
-
- if count!=0:
- if(isinstance(data,list)):
- for i in range(0,count):
- #print "Converting %02x at %i" % (data[i],i)
- data[i]=chr(data[i])
- #print type(data)
- outstr=''.join(data)
- self.serialport.write(outstr)
- if not self.besilent:
- self.readcmd()
-
-
-
projects / goodfet / blobdiff