X-Git-Url: http://git.rot13.org/?p=goodfet;a=blobdiff_plain;f=firmware%2Fapps%2Fchipcon%2Fchipcon.c;h=c5855949206478ebfd7db0b2e5e0c9356753a709;hp=1a4846bdf4e28b480d58f29b6ab4847e49f0e693;hb=ea4f451d1fbdc93bb175c7b55a43f3e906219a62;hpb=7d3404539568650baef6a21c85580ea8e3e097aa diff --git a/firmware/apps/chipcon/chipcon.c b/firmware/apps/chipcon/chipcon.c index 1a4846b..c585594 100644 --- a/firmware/apps/chipcon/chipcon.c +++ b/firmware/apps/chipcon/chipcon.c @@ -20,11 +20,11 @@ #include -/* Concerning clock rates, - the maximimum clock rates are defined on page 4 of the spec. - They vary, but are roughly 30MHz. Raising this clock rate might - allow for clock glitching, but the GoodFET isn't sufficient fast for that. - Perhaps a 200MHz ARM or an FPGA in the BadassFET? +/* Concerning clock rates, the maximimum clock rates are defined on + page 4 of the spec. They vary, but are roughly 30MHz. Raising + this clock rate might allow for clock glitching, but the GoodFET + isn't sufficient fast for that. Perhaps a 200MHz ARM or an FPGA in + the BadassFET? */ //Pins and I/O @@ -126,7 +126,9 @@ void cchandle(unsigned char app, unsigned char verb, unsigned long len){ //Always init. Might help with buggy lines. - ccdebuginit(); + //Might hurt too. + //ccdebuginit(); + long i; switch(verb){ //CC_PEEK and CC_POKE will come later. @@ -219,15 +221,36 @@ void cchandle(unsigned char app, txdata(app,verb,1); break; case CC_SET_PC: - case CC_CLOCK_INIT: + cc_set_pc(cmddatalong[0]); + txdata(app,verb,0); + break; case CC_WRITE_FLASH_PAGE: + cc_write_flash_page(cmddatalong[0]); + txdata(app,verb,0); + break; + case CC_WIPEFLASHBUFFER: + for(i=0xf000;i<0xf800;i++) + cc_pokedatabyte(i,0xFF); + txdata(app,verb,0); + break; case CC_MASS_ERASE_FLASH: + case CC_CLOCK_INIT: case CC_PROGRAM_FLASH: + debugstr("This Chipcon command is not yet implemented."); txdata(app,NOK,0);//TODO implement me. break; } } +//! Set the Chipcon's Program Counter +void cc_set_pc(u32 adr){ + cmddata[0]=0x02; //SetPC + cmddata[1]=((adr>>8)&0xff); //HIBYTE + cmddata[2]=adr&0xff; //LOBYTE + cc_debug_instr(3); + return; +} + //! Erase all of a Chipcon's memory. void cc_chip_erase(){ cmddata[0]=CCCMD_CHIP_ERASE; //0x14 @@ -271,6 +294,102 @@ unsigned short cc_get_chip_id(){ return toret; } +//! Populates flash buffer in xdata. +void cc_write_flash_buffer(u8 *data, u16 len){ + cc_write_xdata(0xf000, data, len); +} +//! Populates flash buffer in xdata. +void cc_write_xdata(u16 adr, u8 *data, u16 len){ + u16 i; + for(i=0; i> 8) / FLASH_WORD_SIZE) & 0x7E, + + 0x75, 0xAC, 0x00, // MOV FADDRL, #00; + /* Erase page. */ + 0x75, 0xAE, 0x01, // MOV FLC, #01H; // ERASE + // ; Wait for flash erase to complete + 0xE5, 0xAE, // eraseWaitLoop: MOV A, FLC; + 0x20, 0xE7, 0xFB, // JB ACC_BUSY, eraseWaitLoop; + /* End erase page. */ + // ; Initialize the data pointer + 0x90, 0xF0, 0x00, // MOV DPTR, #0F000H; + // ; Outer loops + 0x7F, HIBYTE_WORDS_PER_FLASH_PAGE, // MOV R7, #imm; + 0x7E, LOBYTE_WORDS_PER_FLASH_PAGE, // MOV R6, #imm; + 0x75, 0xAE, 0x02, // MOV FLC, #02H; // WRITE + // ; Inner loops + 0x7D, FLASH_WORD_SIZE, // writeLoop: MOV R5, #imm; + 0xE0, // writeWordLoop: MOVX A, @DPTR; + 0xA3, // INC DPTR; + 0xF5, 0xAF, // MOV FWDATA, A; + 0xDD, 0xFA, // DJNZ R5, writeWordLoop; + // ; Wait for completion + 0xE5, 0xAE, // writeWaitLoop: MOV A, FLC; + 0x20, 0xE6, 0xFB, // JB ACC_SWBSY, writeWaitLoop; + 0xDE, 0xF1, // DJNZ R6, writeLoop; + 0xDF, 0xEF, // DJNZ R7, writeLoop; + // ; Done, fake a breakpoint + 0xA5 // DB 0xA5; +}; + +//! Copies flash buffer to flash. +void cc_write_flash_page(u32 adr){ + //Assumes that page has already been written to XDATA 0xF000 + //debugstr("Flashing 2kb at 0xF000 to given adr."); + + if(adr&(FLASHPAGE_SIZE-1)){ + debugstr("Flash page address is not on a multiple of 2kB. Aborting."); + return; + } + + //Routine comes next + //WRITE_XDATA_MEMORY(IN: 0xF000 + FLASH_PAGE_SIZE, sizeof(routine), routine); + cc_write_xdata(0xF000+FLASHPAGE_SIZE, + (u8*) flash_routine, sizeof(flash_routine)); + //Patch routine's third byte with + //((address >> 8) / FLASH_WORD_SIZE) & 0x7E + cc_pokedatabyte(0xF000+FLASHPAGE_SIZE+2, + ((adr>>8)/FLASH_WORD_SIZE)&0x7E); + //debugstr("Wrote flash routine."); + + + //MOV MEMCTR, (bank * 16) + 1; + cmddata[0]=0x75; + cmddata[1]=0xc7; + cmddata[2]=0x51; + cc_debug_instr(3); + //debugstr("Loaded bank info."); + + cc_set_pc(0xf000+FLASHPAGE_SIZE);//execute code fragment + cc_resume(); + //debugstr("Executing."); + + + while(!(cc_read_status()&CC_STATUS_CPUHALTED)){ + P1OUT^=1;//blink LED while flashing + } + + //debugstr("Done flashing."); + + P1OUT&=~1;//clear LED +} //! Read the PC unsigned short cc_get_pc(){