]>
Commit | Line | Data |
---|---|---|
1 | ## | |
2 | ## This file is part of the libsigrokdecode project. | |
3 | ## | |
4 | ## Copyright (C) 2012-2015 Uwe Hermann <uwe@hermann-uwe.de> | |
5 | ## | |
6 | ## This program is free software; you can redistribute it and/or modify | |
7 | ## it under the terms of the GNU General Public License as published by | |
8 | ## the Free Software Foundation; either version 2 of the License, or | |
9 | ## (at your option) any later version. | |
10 | ## | |
11 | ## This program is distributed in the hope that it will be useful, | |
12 | ## but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | ## GNU General Public License for more details. | |
15 | ## | |
16 | ## You should have received a copy of the GNU General Public License | |
17 | ## along with this program; if not, see <http://www.gnu.org/licenses/>. | |
18 | ## | |
19 | ||
20 | import sigrokdecode as srd | |
21 | ||
22 | # JTAG debug port data registers (in IR[3:0]) and their sizes (in bits) | |
23 | # Note: The ARM DAP-DP is not IEEE 1149.1 (JTAG) compliant (as per ARM docs), | |
24 | # as it does not implement the EXTEST, SAMPLE, and PRELOAD instructions. | |
25 | # Instead, BYPASS is decoded for any of these instructions. | |
26 | ir = { | |
27 | '1111': ['BYPASS', 1], # Bypass register | |
28 | '1110': ['IDCODE', 32], # ID code register | |
29 | '1010': ['DPACC', 35], # Debug port access register | |
30 | '1011': ['APACC', 35], # Access port access register | |
31 | '1000': ['ABORT', 35], # Abort register # TODO: 32 bits? Datasheet typo? | |
32 | } | |
33 | ||
34 | # ARM Cortex-M3 r1p1-01rel0 ID code | |
35 | cm3_idcode = 0x3ba00477 | |
36 | ||
37 | # http://infocenter.arm.com/help/topic/com.arm.doc.ddi0413c/Chdjibcg.html | |
38 | cm3_idcode_ver = { | |
39 | 0x3: 'JTAG-DP', | |
40 | 0x2: 'SW-DP', | |
41 | } | |
42 | cm3_idcode_part = { | |
43 | 0xba00: 'JTAG-DP', | |
44 | 0xba10: 'SW-DP', | |
45 | } | |
46 | ||
47 | # http://infocenter.arm.com/help/topic/com.arm.doc.faqs/ka14408.html | |
48 | jedec_id = { | |
49 | 5: { | |
50 | 0x3b: 'ARM Ltd.', | |
51 | }, | |
52 | } | |
53 | ||
54 | # JTAG ID code in the STM32F10xxx BSC (boundary scan) TAP | |
55 | jtag_idcode = { | |
56 | 0x06412041: 'Low-density device, rev. A', | |
57 | 0x06410041: 'Medium-density device, rev. A', | |
58 | 0x16410041: 'Medium-density device, rev. B/Z/Y', | |
59 | 0x06414041: 'High-density device, rev. A/Z/Y', | |
60 | 0x06430041: 'XL-density device, rev. A', | |
61 | 0x06418041: 'Connectivity-line device, rev. A/Z', | |
62 | } | |
63 | ||
64 | # ACK[2:0] in the DPACC/APACC registers (unlisted values are reserved) | |
65 | ack_val = { | |
66 | '001': 'WAIT', | |
67 | '010': 'OK/FAULT', | |
68 | } | |
69 | ||
70 | # 32bit debug port registers (addressed via A[3:2]) | |
71 | dp_reg = { | |
72 | '00': 'Reserved', # Must be kept at reset value | |
73 | '01': 'DP CTRL/STAT', | |
74 | '10': 'DP SELECT', | |
75 | '11': 'DP RDBUFF', | |
76 | } | |
77 | ||
78 | # APB-AP registers (each of them 32 bits wide) | |
79 | apb_ap_reg = { | |
80 | 0x00: ['CSW', 'Control/status word'], | |
81 | 0x04: ['TAR', 'Transfer address'], | |
82 | # 0x08: Reserved SBZ | |
83 | 0x0c: ['DRW', 'Data read/write'], | |
84 | 0x10: ['BD0', 'Banked data 0'], | |
85 | 0x14: ['BD1', 'Banked data 1'], | |
86 | 0x18: ['BD2', 'Banked data 2'], | |
87 | 0x1c: ['BD3', 'Banked data 3'], | |
88 | # 0x20-0xf4: Reserved SBZ | |
89 | 0x800000000: ['ROM', 'Debug ROM address'], | |
90 | 0xfc: ['IDR', 'Identification register'], | |
91 | } | |
92 | ||
93 | # TODO: Split off generic ARM/Cortex-M3 parts into another protocol decoder? | |
94 | ||
95 | # Bits[31:28]: Version (here: 0x3) | |
96 | # JTAG-DP: 0x3, SW-DP: 0x2 | |
97 | # Bits[27:12]: Part number (here: 0xba00) | |
98 | # JTAG-DP: 0xba00, SW-DP: 0xba10 | |
99 | # Bits[11:1]: JEDEC (JEP-106) manufacturer ID (here: 0x23b) | |
100 | # Bits[11:8]: Continuation code ('ARM Ltd.': 0x04) | |
101 | # Bits[7:1]: Identity code ('ARM Ltd.': 0x3b) | |
102 | # Bits[0:0]: Reserved (here: 0x1) | |
103 | def decode_device_id_code(bits): | |
104 | id_hex = '0x%x' % int('0b' + bits, 2) | |
105 | ver = cm3_idcode_ver.get(int('0b' + bits[-32:-28], 2), 'UNKNOWN') | |
106 | part = cm3_idcode_part.get(int('0b' + bits[-28:-12], 2), 'UNKNOWN') | |
107 | ids = jedec_id.get(int('0b' + bits[-12:-8], 2) + 1, {}) | |
108 | manuf = ids.get(int('0b' + bits[-7:-1], 2), 'UNKNOWN') | |
109 | return (id_hex, manuf, ver, part) | |
110 | ||
111 | # DPACC is used to access debug port registers (CTRL/STAT, SELECT, RDBUFF). | |
112 | # APACC is used to access all Access Port (AHB-AP) registers. | |
113 | ||
114 | # APACC/DPACC, when transferring data IN: | |
115 | # Bits[34:3] = DATA[31:0]: 32bit data to transfer (write request) | |
116 | # Bits[2:1] = A[3:2]: 2-bit address (debug/access port register) | |
117 | # Bits[0:0] = RnW: Read request (1) or write request (0) | |
118 | def data_in(instruction, bits): | |
119 | data, a, rnw = bits[:-3], bits[-3:-1], bits[-1] | |
120 | data_hex = '0x%x' % int('0b' + data, 2) | |
121 | r = 'Read request' if (rnw == '1') else 'Write request' | |
122 | # reg = dp_reg[a] if (instruction == 'DPACC') else apb_ap_reg[a] | |
123 | reg = dp_reg[a] if (instruction == 'DPACC') else a # TODO | |
124 | return 'New transaction: DATA: %s, A: %s, RnW: %s' % (data_hex, reg, r) | |
125 | ||
126 | # APACC/DPACC, when transferring data OUT: | |
127 | # Bits[34:3] = DATA[31:0]: 32bit data which is read (read request) | |
128 | # Bits[2:0] = ACK[2:0]: 3-bit acknowledge | |
129 | def data_out(bits): | |
130 | data, ack = bits[:-3], bits[-3:] | |
131 | data_hex = '0x%x' % int('0b' + data, 2) | |
132 | ack_meaning = ack_val.get(ack, 'Reserved') | |
133 | return 'Previous transaction result: DATA: %s, ACK: %s' \ | |
134 | % (data_hex, ack_meaning) | |
135 | ||
136 | class Decoder(srd.Decoder): | |
137 | api_version = 2 | |
138 | id = 'jtag_stm32' | |
139 | name = 'JTAG / STM32' | |
140 | longname = 'Joint Test Action Group / ST STM32' | |
141 | desc = 'ST STM32-specific JTAG protocol.' | |
142 | license = 'gplv2+' | |
143 | inputs = ['jtag'] | |
144 | outputs = ['jtag_stm32'] | |
145 | annotations = ( | |
146 | ('item', 'Item'), | |
147 | ('field', 'Field'), | |
148 | ('command', 'Command'), | |
149 | ('warning', 'Warning'), | |
150 | ) | |
151 | annotation_rows = ( | |
152 | ('items', 'Items', (0,)), | |
153 | ('fields', 'Fields', (1,)), | |
154 | ('commands', 'Commands', (2,)), | |
155 | ('warnings', 'Warnings', (3,)), | |
156 | ) | |
157 | ||
158 | def __init__(self): | |
159 | self.state = 'IDLE' | |
160 | self.samplenums = None | |
161 | ||
162 | def start(self): | |
163 | self.out_ann = self.register(srd.OUTPUT_ANN) | |
164 | ||
165 | def putx(self, data): | |
166 | self.put(self.ss, self.es, self.out_ann, data) | |
167 | ||
168 | def putf(self, s, e, data): | |
169 | self.put(self.samplenums[s][0], self.samplenums[e][1], self.out_ann, data) | |
170 | ||
171 | def handle_reg_bypass(self, cmd, bits): | |
172 | self.putx([0, ['BYPASS: ' + bits]]) | |
173 | ||
174 | def handle_reg_idcode(self, cmd, bits): | |
175 | # IDCODE is a read-only register which is always accessible. | |
176 | # IR == IDCODE: The 32bit device ID code is shifted out via DR next. | |
177 | ||
178 | id_hex, manuf, ver, part = decode_device_id_code(bits[:-1]) | |
179 | cc = '0x%x' % int('0b' + bits[:-1][-12:-8], 2) | |
180 | ic = '0x%x' % int('0b' + bits[:-1][-7:-1], 2) | |
181 | ||
182 | self.putf(0, 0, [1, ['Reserved (BS TAP)', 'BS', 'B']]) | |
183 | self.putf(1, 1, [1, ['Reserved', 'Res', 'R']]) | |
184 | self.putf(9, 12, [0, ['Continuation code: %s' % cc, 'CC', 'C']]) | |
185 | self.putf(2, 8, [0, ['Identity code: %s' % ic, 'IC', 'I']]) | |
186 | self.putf(2, 12, [1, ['Manufacturer: %s' % manuf, 'Manuf', 'M']]) | |
187 | self.putf(13, 28, [1, ['Part: %s' % part, 'Part', 'P']]) | |
188 | self.putf(29, 32, [1, ['Version: %s' % ver, 'Version', 'V']]) | |
189 | ||
190 | self.ss = self.samplenums[1][0] | |
191 | self.putx([2, ['IDCODE: %s (%s: %s/%s)' % \ | |
192 | decode_device_id_code(bits[:-1])]]) | |
193 | ||
194 | def handle_reg_dpacc(self, cmd, bits): | |
195 | bits = bits[:-1] | |
196 | s = data_in('DPACC', bits) if (cmd == 'DR TDI') else data_out(bits) | |
197 | self.putx([2, [s]]) | |
198 | ||
199 | def handle_reg_apacc(self, cmd, bits): | |
200 | bits = bits[:-1] | |
201 | s = data_in('APACC', bits) if (cmd == 'DR TDI') else data_out(bits) | |
202 | self.putx([2, [s]]) | |
203 | ||
204 | def handle_reg_abort(self, cmd, bits): | |
205 | bits = bits[:-1] | |
206 | # Bits[31:1]: reserved. Bit[0]: DAPABORT. | |
207 | a = '' if (bits[0] == '1') else 'No ' | |
208 | s = 'DAPABORT = %s: %sDAP abort generated' % (bits[0], a) | |
209 | self.putx([2, [s]]) | |
210 | ||
211 | # Warn if DAPABORT[31:1] contains non-zero bits. | |
212 | if (bits[:-1] != ('0' * 31)): | |
213 | self.putx([3, ['WARNING: DAPABORT[31:1] reserved!']]) | |
214 | ||
215 | def handle_reg_unknown(self, cmd, bits): | |
216 | bits = bits[:-1] | |
217 | self.putx([2, ['Unknown instruction: %s' % bits]]) | |
218 | ||
219 | def decode(self, ss, es, data): | |
220 | cmd, val = data | |
221 | ||
222 | self.ss, self.es = ss, es | |
223 | ||
224 | if cmd != 'NEW STATE': | |
225 | # The right-most char in the 'val' bitstring is the LSB. | |
226 | val, self.samplenums = val | |
227 | self.samplenums.reverse() | |
228 | ||
229 | # State machine | |
230 | if self.state == 'IDLE': | |
231 | # Wait until a new instruction is shifted into the IR register. | |
232 | if cmd != 'IR TDI': | |
233 | return | |
234 | # Switch to the state named after the instruction, or 'UNKNOWN'. | |
235 | # The STM32F10xxx has two serially connected JTAG TAPs, the | |
236 | # boundary scan tap (5 bits) and the Cortex-M3 TAP (4 bits). | |
237 | # See UM 31.5 "STM32F10xxx JTAG TAP connection" for details. | |
238 | self.state = ir.get(val[:-1][-4:], ['UNKNOWN', 0])[0] | |
239 | bstap_ir = ir.get(val[:-1][:4], ['UNKNOWN', 0])[0] | |
240 | self.putf(5, 8, [1, ['IR (BS TAP): ' + bstap_ir]]) | |
241 | self.putf(1, 4, [1, ['IR (M3 TAP): ' + self.state]]) | |
242 | self.putf(0, 0, [1, ['Reserved (BS TAP)', 'BS', 'B']]) | |
243 | self.putx([2, ['IR: %s' % self.state]]) | |
244 | elif self.state == 'BYPASS': | |
245 | # Here we're interested in incoming bits (TDI). | |
246 | if cmd != 'DR TDI': | |
247 | return | |
248 | handle_reg = getattr(self, 'handle_reg_%s' % self.state.lower()) | |
249 | handle_reg(cmd, val) | |
250 | self.state = 'IDLE' | |
251 | elif self.state in ('IDCODE', 'ABORT', 'UNKNOWN'): | |
252 | # Here we're interested in outgoing bits (TDO). | |
253 | if cmd != 'DR TDO': | |
254 | return | |
255 | handle_reg = getattr(self, 'handle_reg_%s' % self.state.lower()) | |
256 | handle_reg(cmd, val) | |
257 | self.state = 'IDLE' | |
258 | elif self.state in ('DPACC', 'APACC'): | |
259 | # Here we're interested in incoming and outgoing bits (TDI/TDO). | |
260 | if cmd not in ('DR TDI', 'DR TDO'): | |
261 | return | |
262 | handle_reg = getattr(self, 'handle_reg_%s' % self.state.lower()) | |
263 | handle_reg(cmd, val) | |
264 | if cmd == 'DR TDO': # Assumes 'DR TDI' comes before 'DR TDO'. | |
265 | self.state = 'IDLE' |