From: dodge-this Date: Fri, 13 Aug 2010 04:11:22 +0000 (+0000) Subject: x00t! X-Git-Url: http://git.rot13.org/?p=goodfet;a=commitdiff_plain;h=373f6c85cd1a08942b56aa62ead944638c804af0;hp=4ba334e74eb758e67539b1b8b679cd3cbccd2433 x00t! arm jtag on goodfet is a reality! or at least most of the hurdles have been conquered. ARMreadMem works now. it turns out i was haphazardly running through RUNTEST/IDLE willy nilly, which was messing up the RESTART/BRKPT magic. still todo: * complete and test writeMem * add flash-writing (may need to implement in specific subclasses) * create goodfet.arm for command-line access * prettify and complete GoodFETARM7, rename jtagarm7tdmi.h * create specific subclasses for actual arm7 chips (at91r40008, at91sam7, etc...) git-svn-id: https://svn.code.sf.net/p/goodfet/code/trunk@693 12e2690d-a6be-4b82-a7b7-67c4a43b65c8 --- diff --git a/client/gplay-arm.py b/client/gplay-arm.py index f8dd394..eb253b3 100755 --- a/client/gplay-arm.py +++ b/client/gplay-arm.py @@ -1,6 +1,6 @@ #!/usr/bin/env ipython import sys, struct, binascii,time -from GoodFETARM import * +from GoodFETARM7 import * from intelhex import IntelHex @@ -342,6 +342,38 @@ def printResults(): x=results[y] print "%.2x=%s"%(y,repr(["%x"%t for t in x])) +def ARMreadMem(self, adr, wrdcount): + retval = [] + r0 = self.ARMget_register(5); # store R0 and R1 + r1 = self.ARMget_register(9); + #print >>sys.stderr,("CPSR:\t%x"%self.ARMget_regCPSR()) + for word in range(adr, adr+(wrdcount*4), 4): + #sys.stdin.readline() + self.ARMset_register(5, word); # write address into R0 + self.ARMset_register(9, 0xdeadbeef) + self.ARM_nop(0) + self.ARM_nop(1) + self.ARMdebuginstr(0xe4959004L, 0); # push LDR R1, [R0], #4 into instruction pipeline (autoincrements for consecutive reads) + self.ARM_nop(0) + self.ARMrestart() + self.ARMwaitDBG() + time.sleep(.4) + self.ARMdebuginstr(0x47146,0) + self.ARMdebuginstr(0x47147,0) + print hex(self.ARMget_register(9)) + # FIXME: this may end up changing te current debug-state. should we compare to current_dbgstate? + #print repr(self.data[4]) + if (len(self.data)>4 and self.data[4] == '\x00'): + print >>sys.stderr,("FAILED TO READ MEMORY/RE-ENTER DEBUG MODE") + raise Exception("FAILED TO READ MEMORY/RE-ENTER DEBUG MODE") + #return -1 + else: + retval.append( self.ARMget_register(9) ) # read memory value from R1 register + #print >>sys.stderr,("CPSR: %x\t\tR0: %x\t\tR1: %x"%(self.ARMget_regCPSR(),self.ARMget_register(0),self.ARMget_register(1))) + self.ARMset_register(9, r1); # restore R0 and R1 + self.ARMset_register(5, r0); + return retval + """ case 0xD0: // loopback test cmddatalong[0] = 0x12345678; diff --git a/firmware/apps/jtag/jtagarm7.c b/firmware/apps/jtag/jtagarm7.c index 77e9c38..63ab746 100644 --- a/firmware/apps/jtag/jtagarm7.c +++ b/firmware/apps/jtag/jtagarm7.c @@ -59,10 +59,10 @@ void jtagarm7tdmi_start() { * *set_register */ -u32 shift_ir(u32 ir){ - u32 retval; +u8 shift_ir(u8 ir, u8 flags){ + u8 retval; jtag_goto_shift_ir(); - retval = jtagtransn(ir, 4, LSB); + retval = jtagtransn(ir, 4, LSB|flags); return retval; } @@ -75,12 +75,10 @@ commands occur. Therefore, it is recommended to pass directly from the “Update state” to the “Select DR” state each time the “Update” state is reached. */ unsigned long retval; - jtag_goto_shift_ir(); - jtagtransn(ARM7TDMI_IR_SCAN_N, 4, LSB | NORETIDLE); + shift_ir(ARM7TDMI_IR_SCAN_N, NORETIDLE); jtag_goto_shift_dr(); retval = jtagtransn(chain, 4, LSB | NORETIDLE); - jtag_goto_shift_ir(); - jtagtransn(testmode, 4, LSB); + shift_ir(testmode, NORETIDLE); return(retval); } @@ -120,12 +118,10 @@ unsigned long jtagarm7tdmi_instr_primitive(unsigned long instr, char breakpt){ if (breakpt) { SETMOSI; - count_sysspd_instr_since_debug++; } else { CLRMOSI; - count_dbgspd_instr_since_debug++; } jtag_tcktock(); @@ -195,12 +191,10 @@ void jtagarm7tdmihandle(unsigned char app, unsigned char verb, unsigned long len txdata(app,verb,0); break; case JTAG_IR_SHIFT: - jtag_goto_shift_ir(); - cmddataword[0] = jtagtransn(cmddata[0], 4, cmddata[1]); - txdata(app,verb,2); + cmddataword[0] = shift_ir(cmddata[0], cmddata[1]); + txdata(app,verb,1); break; case JTAG_DR_SHIFT: - jtag_resettap(); jtag_goto_shift_dr(); cmddatalong[0] = jtagtransn(cmddatalong[1],cmddata[0],cmddata[1]); txdata(app,verb,4); @@ -208,10 +202,10 @@ void jtagarm7tdmihandle(unsigned char app, unsigned char verb, unsigned long len case JTAGARM7_CHAIN0: jtagarm7tdmi_scan(0, ARM7TDMI_IR_INTEST); jtag_goto_shift_dr(); - debughex32(cmddatalong[0]); - debughex(cmddataword[4]); - debughex32(cmddatalong[1]); - debughex32(cmddatalong[3]); + //debughex32(cmddatalong[0]); + //debughex(cmddataword[4]); + //debughex32(cmddatalong[1]); + //debughex32(cmddatalong[3]); cmddatalong[0] = jtagtransn(cmddatalong[0], 32, LSB| NOEND| NORETIDLE); cmddatalong[2] = jtagtransn(cmddataword[4], 9, MSB| NOEND| NORETIDLE); cmddatalong[1] = jtagtransn(cmddatalong[1], 32, MSB| NOEND| NORETIDLE); diff --git a/firmware/include/jtagarm7tdmi.h b/firmware/include/jtagarm7tdmi.h index fe2bc41..ae1d4fd 100644 --- a/firmware/include/jtagarm7tdmi.h +++ b/firmware/include/jtagarm7tdmi.h @@ -17,16 +17,14 @@ unsigned char current_chain; unsigned char current_dbgstate = -1; -unsigned char last_halt_debug_state = -1; -unsigned long last_halt_pc = -1; -unsigned long count_dbgspd_instr_since_debug = 0; -unsigned long count_sysspd_instr_since_debug = 0; +//unsigned char last_halt_debug_state = -1; +//unsigned long last_halt_pc = -1; -void jtag_goto_shift_ir(); -void jtag_goto_shift_dr(); -void jtag_reset_to_runtest_idle(); -void jtag_arm_tcktock(); +//void jtag_goto_shift_ir(); +//void jtag_goto_shift_dr(); +//void jtag_reset_to_runtest_idle(); +//void jtag_arm_tcktock(); // JTAGARM7TDMI Commands