-//GoodFET ChipCon Debugging Application
-//Handles basic I/O for the Chipcon 8051 debugging protocol.
+/*! \file chipcon.c
+ \author Travis Goodspeed
+ \brief Chipcon 8051 debugging.
+*/
-//Higher level left to client application.
//This is like SPI, except that you read or write, not both.
-/** N.B. The READ verb performs a write of all (any) supplied data,
- then reads a single byte reply from the target. The WRITE verb
- only writes.
+/* N.B. The READ verb performs a write of all (any) supplied data,
+ then reads a single byte reply from the target. The WRITE verb
+ only writes.
*/
-//This is REALLY untested.
-
#include "platform.h"
#include "command.h"
#include "chipcon.h"
#include <iomacros.h>
-/** Concerning clock rates,
- the maximimum clock rates are defined on page 4 of the spec.
- They vary, but are roughly 30MHz. Raising this clock rate might
- allow for clock glitching, but the GoodFET isn't sufficient fast for that.
- Perhaps a 200MHz ARM or an FPGA in the BadassFET?
+/* Concerning clock rates, the maximimum clock rates are defined on
+ page 4 of the spec. They vary, but are roughly 30MHz. Raising
+ this clock rate might allow for clock glitching, but the GoodFET
+ isn't sufficient fast for that. Perhaps a 200MHz ARM or an FPGA in
+ the BadassFET?
*/
//Pins and I/O
//This could be more accurate.
//Does it ever need to be?
-#define CCSPEED 0
+#define CCSPEED 3
#define CCDELAY(x) delay(x)
#define SETMOSI P5OUT|=MOSI
//! Handles a monitor command.
void cchandle(unsigned char app,
unsigned char verb,
- unsigned char len){
+ unsigned long len){
+ //Always init. Might help with buggy lines.
+ //Might hurt too.
+ //ccdebuginit();
+ long i;
+
switch(verb){
- //PEEK and POKE will come later.
+ //CC_PEEK and CC_POKE will come later.
case READ: //Write a command and return 1-byte reply.
cccmd(len);
ccread(1);
break;
case START://enter debugger
ccdebuginit();
+ txdata(app,verb,0);
break;
case STOP://exit debugger
//Take RST low, then high.
P5OUT&=~RST;
CCDELAY(CCSPEED);
P5OUT|=RST;
+ txdata(app,verb,0);
break;
case SETUP:
ccsetup();
break;
case CC_GET_PC:
cc_get_pc();
- txdata(app,verb,1);
+ txdata(app,verb,2);
break;
+ case CC_LOCKCHIP:
+ cc_lockchip();
+ //no break, return status
case CC_READ_STATUS:
cc_read_status();
txdata(app,verb,1);
txdata(app,verb,1);
break;
case CC_DEBUG_INSTR:
- txdata(app,NOK,0);//TODO add me
+ cc_debug_instr(len);
+ txdata(app,verb,1);
break;
case CC_STEP_INSTR:
cc_step_instr();
//Macro commands
case CC_READ_CODE_MEMORY:
+ cmddata[0]=cc_peekcodebyte(cmddataword[0]);
+ txdata(app,verb,1);
+ break;
case CC_READ_XDATA_MEMORY:
+ cmddata[0]=cc_peekdatabyte(cmddataword[0]);
+ txdata(app,verb,1);
+ break;
case CC_WRITE_XDATA_MEMORY:
+ cmddata[0]=cc_pokedatabyte(cmddataword[0], cmddata[2]);
+ txdata(app,verb,1);
+ break;
case CC_SET_PC:
- case CC_CLOCK_INIT:
+ cc_set_pc(cmddatalong[0]);
+ txdata(app,verb,0);
+ break;
case CC_WRITE_FLASH_PAGE:
+ cc_write_flash_page(cmddatalong[0]);
+ txdata(app,verb,0);
+ break;
+ case CC_WIPEFLASHBUFFER:
+ for(i=0xf000;i<0xf800;i++)
+ cc_pokedatabyte(i,0xFF);
+ txdata(app,verb,0);
+ break;
case CC_MASS_ERASE_FLASH:
+ case CC_CLOCK_INIT:
case CC_PROGRAM_FLASH:
+ debugstr("This Chipcon command is not yet implemented.");
txdata(app,NOK,0);//TODO implement me.
break;
}
}
+//! Set the Chipcon's Program Counter
+void cc_set_pc(u32 adr){
+ cmddata[0]=0x02; //SetPC
+ cmddata[1]=((adr>>8)&0xff); //HIBYTE
+ cmddata[2]=adr&0xff; //LOBYTE
+ cc_debug_instr(3);
+ return;
+}
+
//! Erase all of a Chipcon's memory.
void cc_chip_erase(){
- cmddata[0]=0x14;
+ cmddata[0]=CCCMD_CHIP_ERASE; //0x14
cccmd(1);
ccread(1);
}
//! Write the configuration byte.
void cc_wr_config(unsigned char config){
- cmddata[0]=0x1d;
+ cmddata[0]=CCCMD_WR_CONFIG; //0x1D
cmddata[1]=config;
cccmd(2);
ccread(1);
}
+
+//! Locks the chip.
+void cc_lockchip(){
+ debugstr("Locking chip.");
+ cc_wr_config(1);//Select Info Flash
+ if(!(cc_rd_config()&1))
+ debugstr("Config forgotten!");
+
+ //Clear config page.
+ cc_pokedatabyte(0xf000,0);
+ cc_write_flash_page(0);
+ if(cc_peekcodebyte(0))
+ debugstr("Failed to clear info flash byte.");
+
+ cc_wr_config(0);
+ if(cc_rd_config()&1)
+ debugstr("Stuck in info flash mode!");
+}
+
//! Read the configuration byte.
unsigned char cc_rd_config(){
- cmddata[0]=0x24;
+ cmddata[0]=CCCMD_RD_CONFIG; //0x24
cccmd(1);
ccread(1);
return cmddata[0];
}
-
//! Read the status register
unsigned char cc_read_status(){
- cmddata[0]=0x34;
+ cmddata[0]=CCCMD_READ_STATUS; //0x3f
cccmd(1);
ccread(1);
return cmddata[0];
//! Read the CHIP ID bytes.
unsigned short cc_get_chip_id(){
unsigned short toret;
- cmddata[0]=0x68;
+ cmddata[0]=CCCMD_GET_CHIP_ID; //0x68
cccmd(1);
ccread(2);
return toret;
}
+//! Populates flash buffer in xdata.
+void cc_write_flash_buffer(u8 *data, u16 len){
+ cc_write_xdata(0xf000, data, len);
+}
+//! Populates flash buffer in xdata.
+void cc_write_xdata(u16 adr, u8 *data, u16 len){
+ u16 i;
+ for(i=0; i<len; i++){
+ cc_pokedatabyte(adr+i,
+ data[i]);
+ }
+}
+
+
+//32-bit words, 2KB pages
+#define HIBYTE_WORDS_PER_FLASH_PAGE 0x02
+#define LOBYTE_WORDS_PER_FLASH_PAGE 0x00
+#define FLASHPAGE_SIZE 0x800
+
+//32 bit words
+#define FLASH_WORD_SIZE 0x4
+
+const u8 flash_routine[] = {
+ //MOV FADDRH, #imm;
+ 0x75, 0xAD,
+ 0x00,//#imm=((address >> 8) / FLASH_WORD_SIZE) & 0x7E,
+
+ 0x75, 0xAC, 0x00, // MOV FADDRL, #00;
+ /* Erase page. */
+ 0x75, 0xAE, 0x01, // MOV FLC, #01H; // ERASE
+ // ; Wait for flash erase to complete
+ 0xE5, 0xAE, // eraseWaitLoop: MOV A, FLC;
+ 0x20, 0xE7, 0xFB, // JB ACC_BUSY, eraseWaitLoop;
+ /* End erase page. */
+ // ; Initialize the data pointer
+ 0x90, 0xF0, 0x00, // MOV DPTR, #0F000H;
+ // ; Outer loops
+ 0x7F, HIBYTE_WORDS_PER_FLASH_PAGE, // MOV R7, #imm;
+ 0x7E, LOBYTE_WORDS_PER_FLASH_PAGE, // MOV R6, #imm;
+ 0x75, 0xAE, 0x02, // MOV FLC, #02H; // WRITE
+ // ; Inner loops
+ 0x7D, FLASH_WORD_SIZE, // writeLoop: MOV R5, #imm;
+ 0xE0, // writeWordLoop: MOVX A, @DPTR;
+ 0xA3, // INC DPTR;
+ 0xF5, 0xAF, // MOV FWDATA, A;
+ 0xDD, 0xFA, // DJNZ R5, writeWordLoop;
+ // ; Wait for completion
+ 0xE5, 0xAE, // writeWaitLoop: MOV A, FLC;
+ 0x20, 0xE6, 0xFB, // JB ACC_SWBSY, writeWaitLoop;
+ 0xDE, 0xF1, // DJNZ R6, writeLoop;
+ 0xDF, 0xEF, // DJNZ R7, writeLoop;
+ // ; Done, fake a breakpoint
+ 0xA5 // DB 0xA5;
+};
+
+
+//! Copies flash buffer to flash.
+void cc_write_flash_page(u32 adr){
+ //Assumes that page has already been written to XDATA 0xF000
+ //debugstr("Flashing 2kb at 0xF000 to given adr.");
+
+ if(adr&(FLASHPAGE_SIZE-1)){
+ debugstr("Flash page address is not on a multiple of 2kB. Aborting.");
+ return;
+ }
+
+ //Routine comes next
+ //WRITE_XDATA_MEMORY(IN: 0xF000 + FLASH_PAGE_SIZE, sizeof(routine), routine);
+ cc_write_xdata(0xF000+FLASHPAGE_SIZE,
+ (u8*) flash_routine, sizeof(flash_routine));
+ //Patch routine's third byte with
+ //((address >> 8) / FLASH_WORD_SIZE) & 0x7E
+ cc_pokedatabyte(0xF000+FLASHPAGE_SIZE+2,
+ ((adr>>8)/FLASH_WORD_SIZE)&0x7E);
+ //debugstr("Wrote flash routine.");
+
+
+ //MOV MEMCTR, (bank * 16) + 1;
+ cmddata[0]=0x75;
+ cmddata[1]=0xc7;
+ cmddata[2]=0x51;
+ cc_debug_instr(3);
+ //debugstr("Loaded bank info.");
+
+ cc_set_pc(0xf000+FLASHPAGE_SIZE);//execute code fragment
+ cc_resume();
+
+ //debugstr("Executing.");
+
+
+ while(!(cc_read_status()&CC_STATUS_CPUHALTED)){
+ P1OUT^=1;//blink LED while flashing
+ }
+
+
+ //debugstr("Done flashing.");
+
+ P1OUT&=~1;//clear LED
+}
//! Read the PC
unsigned short cc_get_pc(){
- cmddata[0]=0x28;
+ cmddata[0]=CCCMD_GET_PC; //0x28
cccmd(1);
ccread(2);
return cmddataword[0];
}
-
//! Set a hardware breakpoint.
void cc_set_hw_brkpnt(unsigned short adr){
+ debugstr("FIXME: This certainly won't work.");
cmddataword[0]=adr;
cccmd(2);
ccread(1);
//! Halt the CPU.
void cc_halt(){
- cmddata[0]=0x44;
+ cmddata[0]=CCCMD_HALT; //0x44
cccmd(1);
ccread(1);
return;
}
//! Resume the CPU.
void cc_resume(){
- cmddata[0]=0x4C;
+ cmddata[0]=CCCMD_RESUME; //0x4C
cccmd(1);
ccread(1);
return;
//! Step an instruction
void cc_step_instr(){
- cmddata[0]=0x5C;
+ cmddata[0]=CCCMD_STEP_INSTR; //0x5C
cccmd(1);
ccread(1);
return;
}
+
+//! Debug an instruction.
+void cc_debug_instr(unsigned char len){
+ //Bottom two bits of command indicate length.
+ unsigned char cmd=CCCMD_DEBUG_INSTR+(len&0x3); //0x54+len
+ CCWRITE;
+ cctrans8(cmd); //Second command code
+ cccmd(len&0x3); //Command itself.
+ ccread(1);
+ return;
+}
+
+//! Debug an instruction, for local use.
+unsigned char cc_debug(unsigned char len,
+ unsigned char a,
+ unsigned char b,
+ unsigned char c){
+ unsigned char cmd=CCCMD_DEBUG_INSTR+(len&0x3);//0x54+len
+ CCWRITE;
+ cctrans8(cmd);
+ if(len>0)
+ cctrans8(a);
+ if(len>1)
+ cctrans8(b);
+ if(len>2)
+ cctrans8(c);
+ CCREAD;
+ return cctrans8(0x00);
+}
+
+//! Fetch a byte of code memory.
+unsigned char cc_peekcodebyte(unsigned long adr){
+ /** See page 9 of SWRA124 */
+ unsigned char bank=adr>>15,
+ lb=adr&0xFF,
+ hb=(adr>>8)&0x7F,
+ toret=0;
+ adr&=0x7FFF;
+
+ //MOV MEMCTR, (bank*16)+1
+ cc_debug(3, 0x75, 0xC7, (bank<<4) + 1);
+ //MOV DPTR, address
+ cc_debug(3, 0x90, hb, lb);
+
+ //for each byte
+ //CLR A
+ cc_debug(2, 0xE4, 0, 0);
+ //MOVC A, @A+DPTR;
+ toret=cc_debug(3, 0x93, 0, 0);
+ //INC DPTR
+ //cc_debug(1, 0xA3, 0, 0);
+
+ return toret;
+}
+
+
+//! Set a byte of data memory.
+unsigned char cc_pokedatabyte(unsigned int adr,
+ unsigned char val){
+ unsigned char
+ hb=(adr&0xFF00)>>8,
+ lb=adr&0xFF;
+
+ //MOV DPTR, adr
+ cc_debug(3, 0x90, hb, lb);
+ //MOV A, val
+ cc_debug(2, 0x74, val, 0);
+ //MOVX @DPTR, A
+ cc_debug(1, 0xF0, 0, 0);
+
+ return 0;
+ /*
+DEBUG_INSTR(IN: 0x90, HIBYTE(address), LOBYTE(address), OUT: Discard);
+for (n = 0; n < count; n++) {
+ DEBUG_INSTR(IN: 0x74, inputArray[n], OUT: Discard);
+ DEBUG_INSTR(IN: 0xF0, OUT: Discard);
+ DEBUG_INSTR(IN: 0xA3, OUT: Discard);
+}
+ */
+}
+
+//! Fetch a byte of data memory.
+unsigned char cc_peekdatabyte(unsigned int adr){
+ unsigned char
+ hb=(adr&0xFF00)>>8,
+ lb=adr&0xFF,
+ toret;
+
+ //MOV DPTR, adr
+ cc_debug(3, 0x90, hb, lb);
+ //MOVX A, @DPTR
+ //Must be 2, perhaps for clocking?
+ toret=cc_debug(3, 0xE0, 0, 0);
+ return toret;
+}
+
+
projects / goodfet / blobdiff