X-Git-Url: http://git.rot13.org/?p=goodfet;a=blobdiff_plain;f=firmware%2Fapps%2Fchipcon%2Fchipcon.c;h=5bdd3602c5e29890291a732a80209fde9ca9887e;hp=0ff9f0307b1b8348de9722f0de92ebb559740777;hb=ecb9432850549952b9fe14b67fcf6798bbab0261;hpb=64742f14268508206da9d46480282a045de9a693 diff --git a/firmware/apps/chipcon/chipcon.c b/firmware/apps/chipcon/chipcon.c index 0ff9f03..5bdd360 100644 --- a/firmware/apps/chipcon/chipcon.c +++ b/firmware/apps/chipcon/chipcon.c @@ -20,11 +20,11 @@ #include -/* Concerning clock rates, - the maximimum clock rates are defined on page 4 of the spec. - They vary, but are roughly 30MHz. Raising this clock rate might - allow for clock glitching, but the GoodFET isn't sufficient fast for that. - Perhaps a 200MHz ARM or an FPGA in the BadassFET? +/* Concerning clock rates, the maximimum clock rates are defined on + page 4 of the spec. They vary, but are roughly 30MHz. Raising + this clock rate might allow for clock glitching, but the GoodFET + isn't sufficient fast for that. Perhaps a 200MHz ARM or an FPGA in + the BadassFET? */ //Pins and I/O @@ -126,7 +126,9 @@ void cchandle(unsigned char app, unsigned char verb, unsigned long len){ //Always init. Might help with buggy lines. - ccdebuginit(); + //Might hurt too. + //ccdebuginit(); + long i; switch(verb){ //CC_PEEK and CC_POKE will come later. @@ -172,6 +174,9 @@ void cchandle(unsigned char app, cc_get_pc(); txdata(app,verb,2); break; + case CC_LOCKCHIP: + cc_lockchip(); + //no break, return status case CC_READ_STATUS: cc_read_status(); txdata(app,verb,1); @@ -226,6 +231,11 @@ void cchandle(unsigned char app, cc_write_flash_page(cmddatalong[0]); txdata(app,verb,0); break; + case CC_WIPEFLASHBUFFER: + for(i=0xf000;i<0xf800;i++) + cc_pokedatabyte(i,0xFF); + txdata(app,verb,0); + break; case CC_MASS_ERASE_FLASH: case CC_CLOCK_INIT: case CC_PROGRAM_FLASH: @@ -237,9 +247,10 @@ void cchandle(unsigned char app, //! Set the Chipcon's Program Counter void cc_set_pc(u32 adr){ - cmddata[0]=0x02; //GetPC - cmddata[1]=(adr>>8)&0xff; //HIBYTE - cmddata[2]=adr&0xff; //LOBYTE + cmddata[0]=0x02; //SetPC + cmddata[1]=((adr>>8)&0xff); //HIBYTE + cmddata[2]=adr&0xff; //LOBYTE + cc_debug_instr(3); return; } @@ -256,6 +267,25 @@ void cc_wr_config(unsigned char config){ cccmd(2); ccread(1); } + +//! Locks the chip. +void cc_lockchip(){ + debugstr("Locking chip."); + cc_wr_config(1);//Select Info Flash + if(!(cc_rd_config()&1)) + debugstr("Config forgotten!"); + + //Clear config page. + cc_pokedatabyte(0xf000,0); + cc_write_flash_page(0); + if(cc_peekcodebyte(0)) + debugstr("Failed to clear info flash byte."); + + cc_wr_config(0); + if(cc_rd_config()&1) + debugstr("Stuck in info flash mode!"); +} + //! Read the configuration byte. unsigned char cc_rd_config(){ cmddata[0]=CCCMD_RD_CONFIG; //0x24 @@ -300,12 +330,13 @@ void cc_write_xdata(u16 adr, u8 *data, u16 len){ } -//256 words/page -#define HIBYTE_WORDS_PER_FLASH_PAGE 0x00 -#define LOBYTE_WORDS_PER_FLASH_PAGE 0x80 -#define FLASHPAGE_SIZE 0x100 -//2 bytes/word -#define FLASH_WORD_SIZE 0x2 +//32-bit words, 2KB pages +#define HIBYTE_WORDS_PER_FLASH_PAGE 0x02 +#define LOBYTE_WORDS_PER_FLASH_PAGE 0x00 +#define FLASHPAGE_SIZE 0x800 + +//32 bit words +#define FLASH_WORD_SIZE 0x4 const u8 flash_routine[] = { //MOV FADDRH, #imm; @@ -313,12 +344,12 @@ const u8 flash_routine[] = { 0x00,//#imm=((address >> 8) / FLASH_WORD_SIZE) & 0x7E, 0x75, 0xAC, 0x00, // MOV FADDRL, #00; - /* Erase page. * + /* Erase page. */ 0x75, 0xAE, 0x01, // MOV FLC, #01H; // ERASE // ; Wait for flash erase to complete 0xE5, 0xAE, // eraseWaitLoop: MOV A, FLC; 0x20, 0xE7, 0xFB, // JB ACC_BUSY, eraseWaitLoop; - */ + /* End erase page. */ // ; Initialize the data pointer 0x90, 0xF0, 0x00, // MOV DPTR, #0F000H; // ; Outer loops @@ -340,9 +371,16 @@ const u8 flash_routine[] = { 0xA5 // DB 0xA5; }; + //! Copies flash buffer to flash. void cc_write_flash_page(u32 adr){ //Assumes that page has already been written to XDATA 0xF000 + //debugstr("Flashing 2kb at 0xF000 to given adr."); + + if(adr&(FLASHPAGE_SIZE-1)){ + debugstr("Flash page address is not on a multiple of 2kB. Aborting."); + return; + } //Routine comes next //WRITE_XDATA_MEMORY(IN: 0xF000 + FLASH_PAGE_SIZE, sizeof(routine), routine); @@ -352,14 +390,29 @@ void cc_write_flash_page(u32 adr){ //((address >> 8) / FLASH_WORD_SIZE) & 0x7E cc_pokedatabyte(0xF000+FLASHPAGE_SIZE+2, ((adr>>8)/FLASH_WORD_SIZE)&0x7E); - cc_debug(3, //MOV MEMCTR, (bank * 16) + 1; - 0x75, 0xc7, 0x51); + //debugstr("Wrote flash routine."); + + + //MOV MEMCTR, (bank * 16) + 1; + cmddata[0]=0x75; + cmddata[1]=0xc7; + cmddata[2]=0x51; + cc_debug_instr(3); + //debugstr("Loaded bank info."); + cc_set_pc(0xf000+FLASHPAGE_SIZE);//execute code fragment cc_resume(); + + //debugstr("Executing."); + + while(!(cc_read_status()&CC_STATUS_CPUHALTED)){ - P1OUT^=1;//blink LED + P1OUT^=1;//blink LED while flashing } + + //debugstr("Done flashing."); + P1OUT&=~1;//clear LED } @@ -426,11 +479,11 @@ unsigned char cc_debug(unsigned char len, unsigned char cmd=CCCMD_DEBUG_INSTR+(len&0x3);//0x54+len CCWRITE; cctrans8(cmd); - if(len--) + if(len>0) cctrans8(a); - if(len--) + if(len>1) cctrans8(b); - if(len--) + if(len>2) cctrans8(c); CCREAD; return cctrans8(0x00);