OpenOCD
qn908x.c
Go to the documentation of this file.
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /***************************************************************************
3  * Copyright (C) 2020 iosabi *
4  * iosabi <iosabi@protonmail.com> *
5  ***************************************************************************/
6 
7 #ifdef HAVE_CONFIG_H
8 #include "config.h"
9 #endif
10 
11 #include "imp.h"
12 
13 #include <helper/binarybuffer.h>
14 #include <helper/bits.h>
15 #include <helper/crc32.h>
16 #include <helper/time_support.h>
17 #include <helper/types.h>
18 
19 /* The QN908x has two flash regions, one is the main flash region holding the
20  * user code and the second one is a small (0x800 bytes) "Flash information
21  * page" that can't be written to by the user. This page contains information
22  * programmed at the factory.
23  *
24  * The main flash region is normally 512 KiB, there's a field in the "Flash
25  * information page" that allows to specify for 256 KiB size chips. However, at
26  * the time of writing, none of the variants in the market have 256 KiB.
27  *
28  * The flash is divided into blocks of 256 KiB each, therefore containing two
29  * blocks. A block is subdivided into pages, of 2048 bytes. A page is the
30  * smallest region that can be erased or protected independently, although it
31  * is also possible to erase a whole block or both blocks. A page is subdivided
32  * into 8 rows of 64 words (32-bit words). The word subdivision is only
33  * relevant because DMA can write multiple words in the same row in the same
34  * flash program operation.
35  *
36  * For the Flash information page we are only interested in the last
37  * 0x100 bytes which contain a CRC-32 checksum of that 0x100 bytes long region
38  * and a field stating the size of the flash. This is also a good check that
39  * we are dealing with the right chip/flash configuration and is used in the
40  * probe() function.
41  */
42 #define QN908X_FLASH_BASE 0x01000000
43 
44 #define QN908X_FLASH_PAGE_SIZE 2048
45 #define QN908X_FLASH_PAGES_PER_BLOCK 128
46 #define QN908X_FLASH_MAX_BLOCKS 2
47 #define QN908X_FLASH_BLOCK_SIZE \
48  (QN908X_FLASH_PAGES_PER_BLOCK * QN908X_FLASH_PAGE_SIZE)
49 #define QN908X_FLASH_IRQ_VECTOR_CHECKSUM_POS 0x1c
50 #define QN908X_FLASH_IRQ_VECTOR_CHECKSUM_SIZE 4
51 #define QN908X_FLASH_IRQ_VECTOR_CHECKSUM_END \
52  (QN908X_FLASH_IRQ_VECTOR_CHECKSUM_POS + QN908X_FLASH_IRQ_VECTOR_CHECKSUM_SIZE)
53 
54 
55 /* Flash information page memory fields. */
56 #define QN908X_INFO_PAGE_BASE 0x210b0000u
57 #define QN908X_INFO_PAGE_CRC32 (QN908X_INFO_PAGE_BASE + 0x700)
58 #define QN908X_INFO_PAGE_CRC_START (QN908X_INFO_PAGE_BASE + 0x704)
59 #define QN908X_INFO_PAGE_BOOTLOADER_VER (QN908X_INFO_PAGE_BASE + 0x704)
60 #define QN908X_INFO_PAGE_FLASH_SIZE (QN908X_INFO_PAGE_BASE + 0x708)
61 #define QN908X_INFO_PAGE_BLUETOOTH_ADDR (QN908X_INFO_PAGE_BASE + 0x7fa)
62 #define QN908X_INFO_PAGE_CRC_END (QN908X_INFO_PAGE_BASE + 0x800)
63 
64 
65 /* Possible values of the QN908X_INFO_PAGE_FLASH_SIZE field. */
66 enum qn908x_info_page_flash_size {
67  QN908X_FLASH_SIZE_512K = 0xfffff0ff,
68  QN908X_FLASH_SIZE_256K = 0xffffe0ff,
69 };
70 
71 /* QN908x "Flash memory controller", described in section 28 of the user
72  * manual. In the NXP SDK this peripheral is called "FLASH", however we use the
73  * name "FMC" (Flash Memory Controller) here when referring to the controller
74  * to avoid confusion with other "flash" terms in OpenOCD. */
75 #define QN908X_FMC_BASE 0x40081000u
76 #define QN908X_FMC_INI_RD_EN (QN908X_FMC_BASE + 0x00)
77 #define QN908X_FMC_ERASE_CTRL (QN908X_FMC_BASE + 0x04)
78 #define QN908X_FMC_ERASE_TIME (QN908X_FMC_BASE + 0x08)
79 #define QN908X_FMC_TIME_CTRL (QN908X_FMC_BASE + 0x0c)
80 #define QN908X_FMC_SMART_CTRL (QN908X_FMC_BASE + 0x10)
81 #define QN908X_FMC_INT_STAT (QN908X_FMC_BASE + 0x18)
82 #define QN908X_FMC_LOCK_STAT_0 (QN908X_FMC_BASE + 0x20)
83 #define QN908X_FMC_LOCK_STAT_1 (QN908X_FMC_BASE + 0x24)
84 #define QN908X_FMC_LOCK_STAT_2 (QN908X_FMC_BASE + 0x28)
85 #define QN908X_FMC_LOCK_STAT_3 (QN908X_FMC_BASE + 0x2c)
86 #define QN908X_FMC_LOCK_STAT_4 (QN908X_FMC_BASE + 0x30)
87 #define QN908X_FMC_LOCK_STAT_5 (QN908X_FMC_BASE + 0x34)
88 #define QN908X_FMC_LOCK_STAT_6 (QN908X_FMC_BASE + 0x38)
89 #define QN908X_FMC_LOCK_STAT_7 (QN908X_FMC_BASE + 0x3c)
90 #define QN908X_FMC_LOCK_STAT_8 (QN908X_FMC_BASE + 0x40)
91 #define QN908X_FMC_STATUS1 (QN908X_FMC_BASE + 0x48)
92 #define QN908X_FMC_DEBUG_PASSWORD (QN908X_FMC_BASE + 0xa8)
93 #define QN908X_FMC_ERASE_PASSWORD (QN908X_FMC_BASE + 0xac)
94 
95 #define QN908X_FMC_INI_RD_EN_INI_RD_EN_MASK BIT(0)
96 
97 #define QN908X_FMC_STATUS1_FSH_ERA_BUSY_L_MASK BIT(9)
98 #define QN908X_FMC_STATUS1_FSH_WR_BUSY_L_MASK BIT(10)
99 #define QN908X_FMC_STATUS1_FSH_ERA_BUSY_H_MASK BIT(12)
100 #define QN908X_FMC_STATUS1_FSH_WR_BUSY_H_MASK BIT(13)
101 #define QN908X_FMC_STATUS1_INI_RD_DONE_MASK BIT(15)
102 #define QN908X_FMC_STATUS1_FSH_STA_MASK BIT(26)
103 
104 #define QN908X_FMC_ERASE_CTRL_PAGE_IDXL_SHIFT 0
105 #define QN908X_FMC_ERASE_CTRL_PAGE_IDXH_SHIFT 8
106 #define QN908X_FMC_ERASE_CTRL_HALF_ERASEL_EN_SHIFT 28
107 #define QN908X_FMC_ERASE_CTRL_HALF_ERASEH_EN_SHIFT 29
108 #define QN908X_FMC_ERASE_CTRL_PAGE_ERASEL_EN_SHIFT 30
109 #define QN908X_FMC_ERASE_CTRL_PAGE_ERASEH_EN_SHIFT 31
110 
111 #define QN908X_FMC_INT_STAT_AHBL_INT_MASK BIT(0)
112 #define QN908X_FMC_INT_STAT_LOCKL_INT_MASK BIT(1)
113 #define QN908X_FMC_INT_STAT_ERASEL_INT_MASK BIT(2)
114 #define QN908X_FMC_INT_STAT_WRITEL_INT_MASK BIT(3)
115 #define QN908X_FMC_INT_STAT_WR_BUFL_INT_MASK BIT(4)
116 #define QN908X_FMC_INT_STAT_WRITE_FAIL_L_INT_MASK BIT(5)
117 #define QN908X_FMC_INT_STAT_ERASE_FAIL_L_INT_MASK BIT(6)
118 #define QN908X_FMC_INT_STAT_AHBH_INT_MASK BIT(8)
119 #define QN908X_FMC_INT_STAT_LOCKH_INT_MASK BIT(9)
120 #define QN908X_FMC_INT_STAT_ERASEH_INT_MASK BIT(10)
121 #define QN908X_FMC_INT_STAT_WRITEH_INT_MASK BIT(11)
122 #define QN908X_FMC_INT_STAT_WR_BUFH_INT_MASK BIT(12)
123 #define QN908X_FMC_INT_STAT_WRITE_FAIL_H_INT_MASK BIT(13)
124 #define QN908X_FMC_INT_STAT_ERASE_FAIL_H_INT_MASK BIT(14)
125 
126 #define QN908X_FMC_SMART_CTRL_PRGML_EN_MASK BIT(0)
127 #define QN908X_FMC_SMART_CTRL_PRGMH_EN_MASK BIT(1)
128 #define QN908X_FMC_SMART_CTRL_SMART_WRITEL_EN_MASK BIT(2)
129 #define QN908X_FMC_SMART_CTRL_SMART_WRITEH_EN_MASK BIT(3)
130 #define QN908X_FMC_SMART_CTRL_SMART_ERASEL_EN_MASK BIT(4)
131 #define QN908X_FMC_SMART_CTRL_SMART_ERASEH_EN_MASK BIT(5)
132 #define QN908X_FMC_SMART_CTRL_MAX_WRITE_MASK 0xf00u
133 #define QN908X_FMC_SMART_CTRL_MAX_WRITE_SHIFT 8u
134 #define QN908X_FMC_SMART_CTRL_MAX_WRITE(x) \
135  (((uint32_t)(((uint32_t)(x)) << QN908X_FMC_SMART_CTRL_MAX_WRITE_SHIFT)) \
136  & QN908X_FMC_SMART_CTRL_MAX_WRITE_MASK)
137 #define QN908X_FMC_SMART_CTRL_MAX_ERASE_MASK 0x3f000u
138 #define QN908X_FMC_SMART_CTRL_MAX_ERASE_SHIFT 12u
139 #define QN908X_FMC_SMART_CTRL_MAX_ERASE(x) \
140  (((uint32_t)(((uint32_t)(x)) << QN908X_FMC_SMART_CTRL_MAX_ERASE_SHIFT)) \
141  & QN908X_FMC_SMART_CTRL_MAX_ERASE_MASK)
142 
143 #define QN908X_FMC_SMART_CTRL_MAX_ERASE_RETRIES 9
144 #define QN908X_FMC_SMART_CTRL_MAX_WRITE_RETRIES 9
145 
146 #define QN908X_FMC_TIME_CTRL_PRGM_CYCLE_MASK 0xfffu
147 #define QN908X_FMC_TIME_CTRL_PRGM_CYCLE_SHIFT 0u
148 #define QN908X_FMC_TIME_CTRL_PRGM_CYCLE(x) \
149  (((uint32_t)(((uint32_t)(x)) << QN908X_FMC_TIME_CTRL_PRGM_CYCLE_SHIFT)) \
150  & QN908X_FMC_TIME_CTRL_PRGM_CYCLE_MASK)
151 #define QN908X_FMC_TIME_CTRL_TIME_BASE_MASK 0xff000u
152 #define QN908X_FMC_TIME_CTRL_TIME_BASE_SHIFT 12u
153 #define QN908X_FMC_TIME_CTRL_TIME_BASE(x) \
154  (((uint32_t)(((uint32_t)(x)) << QN908X_FMC_TIME_CTRL_TIME_BASE_SHIFT)) \
155  & QN908X_FMC_TIME_CTRL_TIME_BASE_MASK)
156 
157 #define QN908X_FMC_LOCK_STAT_8_MASS_ERASE_LOCK_EN BIT(0)
158 #define QN908X_FMC_LOCK_STAT_8_FSH_PROTECT_EN BIT(1)
159 #define QN908X_FMC_LOCK_STAT_8_MEM_PROTECT_EN BIT(2)
160 #define QN908X_FMC_LOCK_STAT_8_PROTECT_ANY (BIT(1) | BIT(2))
161 
162 /* See Table 418 "Flash lock and protect description" in the user manual */
163 #define QN908X_FLASH_LOCK_ADDR (QN908X_FLASH_BASE + 0x7f820)
164 /* Allow mass erase */
165 #define QN908X_FLASH_LOCK_ENABLE_MASS_ERASE BIT(0)
166 /* disallow flash access from SWD */
167 #define QN908X_FLASH_LOCK_ENABLE_FLASH_PROTECTION BIT(1)
168 /* disallow SRAM access from SWD */
169 #define QN908X_FLASH_LOCK_ENABLE_MEMORY_PROTECTION BIT(2)
170 
171 /* Page lock information located at the beginning of the last page. */
172 struct qn908x_flash_page_lock {
173  uint8_t bits[QN908X_FLASH_MAX_BLOCKS * QN908X_FLASH_PAGES_PER_BLOCK / 8];
174  uint8_t protection;
175  uint8_t _reserved[3];
176  /* nvds_size is unused here, but we need to preserve it across erases
177  * when locking and unlocking pages. */
178  uint8_t nvds_size[4];
179 } __attribute__ ((packed));
180 
181 /* Clock configuration is stored in the SYSCON. */
182 #define QN908X_SYSCON_BASE 0x40000000u
183 #define QN908X_SYSCON_CLK_EN (QN908X_SYSCON_BASE + 0x00cu)
184 #define QN908X_SYSCON_CLK_CTRL (QN908X_SYSCON_BASE + 0x010u)
185 #define QN908X_SYSCON_CHIP_ID (QN908X_SYSCON_BASE + 0x108u)
186 #define QN908X_SYSCON_XTAL_CTRL (QN908X_SYSCON_BASE + 0x180u)
187 
188 /* Internal 16MHz / 8MHz clock used by the erase operation. */
189 #define QN908X_SYSCON_CLK_EN_CLK_DP_EN_MASK BIT(21)
190 
191 #define SYSCON_XTAL_CTRL_XTAL_DIV_MASK BIT(31)
192 
193 #define SYSCON_CLK_CTRL_AHB_DIV_MASK 0x1FFF0u
194 #define SYSCON_CLK_CTRL_AHB_DIV_SHIFT 4u
195 #define SYSCON_CLK_CTRL_CLK_XTAL_SEL_MASK BIT(19)
196 #define SYSCON_CLK_CTRL_CLK_OSC32M_DIV_MASK BIT(20)
197 #define SYSCON_CLK_CTRL_SYS_CLK_SEL_MASK 0xC0000000u
198 #define SYSCON_CLK_CTRL_SYS_CLK_SEL_SHIFT 30u
199 
200 #define CLOCK_16MHZ 16000000u
201 #define CLOCK_32MHZ 32000000u
202 #define CLOCK_32KHZ 32000u
203 
204 /* Watchdog block registers */
205 #define QN908X_WDT_BASE 0x40001000u
206 #define QN908X_WDT_CTRL (QN908X_WDT_BASE + 0x08u)
207 #define QN908X_WDT_LOCK (QN908X_WDT_BASE + 0x20u)
208 
209 struct qn908x_flash_bank {
210  /* The number of flash blocks. Initially set to zero until the flash
211  * is probed. This determines the size of the flash. */
212  unsigned int num_blocks;
213 
214  unsigned int user_bank_size;
215  bool calc_checksum;
216 
217  /* Whether we allow to flash an image that disables SWD access, potentially
218  * bricking the device since the image can't be reflashed from SWD. */
219  bool allow_swd_disabled;
220 
221  bool page_lock_loaded;
222  struct qn908x_flash_page_lock page_lock;
223 };
224 
225 /* 500 ms timeout. */
226 #define QN908X_DEFAULT_TIMEOUT_MS 500
227 
228 /* Forward declaration of commands. */
229 static int qn908x_probe(struct flash_bank *bank);
230 static int qn908x_write(struct flash_bank *bank, const uint8_t *buffer,
231  uint32_t offset, uint32_t count);
232 
233 /* Update the value of a register with a mask. This helper allows to read a
234  * register, modify a subset of the bits and write back the value, which is a
235  * common operation when modifying only a bit filed in a register. */
236 static int qn908x_update_reg(struct target *target, target_addr_t reg,
237  uint32_t mask, uint32_t value)
238 {
239  uint32_t orig_value = 0;
240  uint32_t new_value;
241  int retval;
242  if (mask != 0xffffffff) {
243  /* No need to read the old value if we request a mask of 32 bits. */
244  retval = target_read_u32(target, reg, &orig_value);
245  if (retval != ERROR_OK) {
246  LOG_DEBUG("Error reading reg at " TARGET_ADDR_FMT
247  ": %d", reg, retval);
248  return retval;
249  }
250  }
251  new_value = (orig_value & ~mask) | (value & mask);
252  retval = target_write_u32(target, reg, new_value);
253  if (retval != ERROR_OK) {
254  LOG_DEBUG("Error writing reg at " TARGET_ADDR_FMT " with 0x%08"
255  PRIx32 ": %d", reg, new_value, retval);
256  return retval;
257  }
258  if (mask == 0xffffffff) {
259  LOG_DEBUG("Updated reg at " TARGET_ADDR_FMT ": ?? -> 0x%.08"
260  PRIx32 "", reg, new_value);
261  } else {
262  LOG_DEBUG("Updated reg at " TARGET_ADDR_FMT ": 0x%.08" PRIx32
263  " -> 0x%.08" PRIx32, reg, orig_value, new_value);
264  }
265  return ERROR_OK;
266 }
267 
268 /* Load lock bit and protection bit and load redundancy page info.
269  * This populates the LOCK_STAT_n registers with the values from the lock page,
270  * making protection bit changes to the last page effective. */
271 static int qn908x_load_lock_stat(struct target *target)
272 {
273  int retval = target_write_u32(target, QN908X_FMC_INI_RD_EN,
274  QN908X_FMC_INI_RD_EN_INI_RD_EN_MASK);
275  if (retval != ERROR_OK)
276  return retval;
277 
278  uint32_t status1;
279  const uint32_t status_mask = QN908X_FMC_STATUS1_FSH_STA_MASK
280  | QN908X_FMC_STATUS1_INI_RD_DONE_MASK;
281  do {
282  retval = target_read_u32(target, QN908X_FMC_STATUS1, &status1);
283  if (retval != ERROR_OK)
284  return retval;
285  } while ((status1 & status_mask) != QN908X_FMC_STATUS1_INI_RD_DONE_MASK);
286 
287  for (int i = 0; i <= 8; i++) {
288  uint32_t addr = QN908X_FMC_LOCK_STAT_0 + i * 4;
289  uint32_t lock_stat;
290  if (target_read_u32(target, addr, &lock_stat) == ERROR_OK)
291  LOG_DEBUG("LOCK_STAT_%d = 0x%08" PRIx32, i, lock_stat);
292  }
293  return ERROR_OK;
294 }
295 
296 /* Initializes the FMC controller registers for allowing writing. */
297 static int qn908x_init_flash(struct target *target)
298 {
299  /* Determine the current clock configuration. */
300  uint32_t clk_ctrl;
301  int retval = target_read_u32(target, QN908X_SYSCON_CLK_CTRL, &clk_ctrl);
302  if (retval != ERROR_OK)
303  return retval;
304 
305  uint32_t clk_sel = (clk_ctrl & SYSCON_CLK_CTRL_SYS_CLK_SEL_MASK)
306  >> SYSCON_CLK_CTRL_SYS_CLK_SEL_SHIFT;
307  LOG_DEBUG("Clock clk_sel=0x%08" PRIu32, clk_sel);
308 
309  /* Core clock frequency. */
310  uint32_t core_freq = 0;
311  switch (clk_sel) {
312  case 0: /* RCO 32 MHz */
313  core_freq = (clk_ctrl & SYSCON_CLK_CTRL_CLK_OSC32M_DIV_MASK) ?
314  CLOCK_16MHZ : CLOCK_32MHZ;
315  break;
316  case 1: /* Xin frequency */
317  {
318  uint32_t clk_xtal;
319  retval = target_read_u32(target, QN908X_SYSCON_XTAL_CTRL, &clk_xtal);
320  if (retval != ERROR_OK)
321  return retval;
322  core_freq = (clk_ctrl & SYSCON_CLK_CTRL_CLK_XTAL_SEL_MASK)
323  && (clk_xtal & SYSCON_XTAL_CTRL_XTAL_DIV_MASK)
324  ? CLOCK_32MHZ : CLOCK_16MHZ;
325  }
326  break;
327  case 2: /* 32 Kz */
328  core_freq = CLOCK_32KHZ;
329  break;
330  default:
331  return ERROR_FAIL;
332  }
333 
334  uint32_t ahb_div = (clk_ctrl & SYSCON_CLK_CTRL_AHB_DIV_MASK)
335  >> SYSCON_CLK_CTRL_AHB_DIV_SHIFT;
336  uint32_t ahb_freq = core_freq / (ahb_div + 1);
337 
338  LOG_DEBUG("Core freq: %" PRIu32 " Hz | AHB freq: %" PRIu32 " Hz",
339  core_freq, ahb_freq);
340 
341  /* TIME_BASE is 2uS at the current AHB clock speed. */
342  retval = target_write_u32(target, QN908X_FMC_TIME_CTRL,
343  QN908X_FMC_TIME_CTRL_TIME_BASE(2 * ahb_freq / 1000000) |
344  QN908X_FMC_TIME_CTRL_PRGM_CYCLE(30));
345  if (retval != ERROR_OK)
346  return retval;
347 
348  return qn908x_load_lock_stat(target);
349 }
350 
351 /* flash bank qn908x <base> <size> 0 0 <target#> [calc_checksum] */
352 FLASH_BANK_COMMAND_HANDLER(qn908x_flash_bank_command)
353 {
354  struct qn908x_flash_bank *qn908x_info;
355 
356  if (CMD_ARGC < 6 || CMD_ARGC > 7)
357  return ERROR_COMMAND_SYNTAX_ERROR;
358 
359  if (bank->base != QN908X_FLASH_BASE) {
360  LOG_ERROR("Address " TARGET_ADDR_FMT
361  " is an invalid bank address (try 0x%08" PRIx32 ")",
362  bank->base, QN908X_FLASH_BASE);
363  return ERROR_COMMAND_ARGUMENT_INVALID;
364  }
365 
366  qn908x_info = malloc(sizeof(struct qn908x_flash_bank));
367 
368  if (!qn908x_info)
369  return ERROR_FAIL;
370 
371  bank->driver_priv = qn908x_info;
372  qn908x_info->num_blocks = 0;
373  qn908x_info->user_bank_size = bank->size;
374  qn908x_info->page_lock_loaded = false;
375  qn908x_info->allow_swd_disabled = false;
376 
377  qn908x_info->calc_checksum = false;
378  if (CMD_ARGC == 7) {
379  if (strcmp(CMD_ARGV[6], "calc_checksum")) {
380  free(qn908x_info);
381  return ERROR_COMMAND_ARGUMENT_INVALID;
382  }
383  qn908x_info->calc_checksum = true;
384  }
385 
386  return ERROR_OK;
387 }
388 
389 static int qn908x_read_page_lock(struct flash_bank *bank)
390 {
391  struct qn908x_flash_bank *qn908x_info = bank->driver_priv;
392 
393  if (bank->target->state != TARGET_HALTED) {
394  LOG_ERROR("Target not halted");
395  return ERROR_TARGET_NOT_HALTED;
396  }
397 
398  /* The last page of the flash contains the "Flash lock and protect"
399  * information. It is not clear where this is located on chips with only
400  * one block. */
401  uint32_t prot_offset = qn908x_info->num_blocks * QN908X_FLASH_BLOCK_SIZE
402  - QN908X_FLASH_PAGE_SIZE;
403 
404  int retval = target_read_memory(bank->target, bank->base + prot_offset, 4,
405  sizeof(qn908x_info->page_lock) / 4,
406  (void *)(&qn908x_info->page_lock));
407  if (retval != ERROR_OK)
408  return retval;
409  LOG_DEBUG("Flash protection = 0x%02" PRIx8,
410  qn908x_info->page_lock.protection);
411 
412  qn908x_info->page_lock_loaded = true;
413  return ERROR_OK;
414 }
415 
416 static int qn908x_busy_check(struct target *target)
417 {
418  uint32_t status1;
419  int retval = target_read_u32(target, QN908X_FMC_STATUS1, &status1);
420  if (retval != ERROR_OK)
421  return retval;
422 
423  if ((status1 & (QN908X_FMC_STATUS1_FSH_ERA_BUSY_L_MASK
424  | QN908X_FMC_STATUS1_FSH_WR_BUSY_L_MASK
425  | QN908X_FMC_STATUS1_FSH_ERA_BUSY_H_MASK
426  | QN908X_FMC_STATUS1_FSH_WR_BUSY_H_MASK)))
427  return ERROR_FLASH_BUSY;
428  return ERROR_OK;
429 }
430 
431 static int qn908x_status_check(struct target *target)
432 {
433  uint32_t int_stat;
434  int retval = target_read_u32(target, QN908X_FMC_INT_STAT, &int_stat);
435  if (retval != ERROR_OK)
436  return retval;
437 
438  /* The error bits for block 0 and block 1 have the exact same layout, only
439  * that block 1 error bits are shifted by 8 bits. We use this fact to
440  * loop over the blocks */
441  for (unsigned int block = 0; block <= 1; block++) {
442  unsigned int shift = (block) ? 8 : 0;
443  if (int_stat & (QN908X_FMC_INT_STAT_AHBL_INT_MASK << shift)) {
444  LOG_ERROR("AHB error on block %u", block);
445  return ERROR_FAIL;
446  }
447 
448  if (int_stat & (QN908X_FMC_INT_STAT_LOCKL_INT_MASK << shift)) {
449  LOG_ERROR("Locked page being accessed error on block %u", block);
450  return ERROR_FAIL;
451  }
452 
453  if (int_stat & (QN908X_FMC_INT_STAT_WRITE_FAIL_L_INT_MASK << shift)) {
454  LOG_ERROR("Smart write on block %u failed", block);
455  return ERROR_FAIL;
456  }
457 
458  if ((int_stat & (QN908X_FMC_INT_STAT_ERASE_FAIL_L_INT_MASK << shift))
459  || (int_stat & (QN908X_FMC_INT_STAT_ERASE_FAIL_H_INT_MASK << shift))) {
460  LOG_ERROR("Smart erase on block %u failed", block);
461  return ERROR_FAIL;
462  }
463  }
464 
465  return ERROR_OK;
466 }
467 
468 static int qn908x_wait_for_idle(struct target *target, int64_t timeout_ms)
469 {
470  int64_t ms_start = timeval_ms();
471 
472  int busy = ERROR_FLASH_BUSY;
473  while (busy != ERROR_OK) {
474  busy = qn908x_busy_check(target);
475  if (busy != ERROR_OK && busy != ERROR_FLASH_BUSY)
476  return busy;
477  if (timeval_ms() - ms_start > timeout_ms) {
478  LOG_ERROR("Timeout waiting to be idle.");
479  return ERROR_TIMEOUT_REACHED;
480  }
481  }
482  return ERROR_OK;
483 }
484 
485 /* Set up the chip to perform an erase (page or block) operation. */
486 static int qn908x_setup_erase(struct target *target)
487 {
488  int retval;
489  if (target->state != TARGET_HALTED) {
490  LOG_ERROR("Target not halted");
491  return ERROR_TARGET_NOT_HALTED;
492  }
493 
494  /* Enable 8MHz clock. */
495  retval = qn908x_update_reg(target, QN908X_SYSCON_CLK_EN,
496  QN908X_SYSCON_CLK_EN_CLK_DP_EN_MASK,
497  QN908X_SYSCON_CLK_EN_CLK_DP_EN_MASK);
498  if (retval != ERROR_OK)
499  return retval;
500 
501  /* Set ERASE_TIME to 2ms for smart erase. */
502  retval = qn908x_update_reg(target, QN908X_FMC_ERASE_TIME,
503  (1u << 20) - 1,
504  2000 * 8); /* 2000 uS * 8 MHz = x cycles */
505  if (retval != ERROR_OK)
506  return retval;
507 
508  /* Set up smart erase. SWD can only perform smart erase. */
509  uint32_t ctrl_val = QN908X_FMC_SMART_CTRL_SMART_ERASEH_EN_MASK
510  | QN908X_FMC_SMART_CTRL_SMART_ERASEL_EN_MASK
511  | QN908X_FMC_SMART_CTRL_MAX_ERASE(QN908X_FMC_SMART_CTRL_MAX_ERASE_RETRIES)
512  | QN908X_FMC_SMART_CTRL_MAX_WRITE(QN908X_FMC_SMART_CTRL_MAX_WRITE_RETRIES);
513  retval = target_write_u32(target, QN908X_FMC_SMART_CTRL, ctrl_val);
514  if (retval != ERROR_OK)
515  return retval;
516 
517  retval = qn908x_wait_for_idle(target, QN908X_DEFAULT_TIMEOUT_MS);
518  if (retval != ERROR_OK)
519  return retval;
520 
521  return ERROR_OK;
522 }
523 
524 static int qn908x_erase(struct flash_bank *bank, unsigned int first,
525  unsigned int last)
526 {
527  struct qn908x_flash_bank *qn908x_info = bank->driver_priv;
528  int retval = ERROR_OK;
529 
530  if (!qn908x_info->num_blocks) {
531  if (qn908x_probe(bank) != ERROR_OK)
532  return ERROR_FLASH_BANK_NOT_PROBED;
533  }
534 
535  retval = qn908x_setup_erase(bank->target);
536  if (retval != ERROR_OK)
537  return retval;
538 
539  for (unsigned int i = first; i <= last; i++) {
540  if (i >= bank->num_sectors)
541  return ERROR_FLASH_SECTOR_INVALID;
542  uint32_t block_idx = i / QN908X_FLASH_PAGES_PER_BLOCK;
543  uint32_t page_idx = i % QN908X_FLASH_PAGES_PER_BLOCK;
544  if (block_idx >= qn908x_info->num_blocks)
545  return ERROR_FLASH_SECTOR_INVALID;
546 
547  LOG_DEBUG("Erasing page %" PRIu32 " of block %" PRIu32,
548  page_idx, block_idx);
549 
550  /* Depending on the block the page we are erasing is located we
551  * need to use a different set of bits in the registers. */
552  uint32_t ctrl_page_idx_shift = block_idx ?
553  QN908X_FMC_ERASE_CTRL_PAGE_IDXH_SHIFT :
554  QN908X_FMC_ERASE_CTRL_PAGE_IDXL_SHIFT;
555  uint32_t ctrl_erase_en_shift = block_idx ?
556  QN908X_FMC_ERASE_CTRL_PAGE_ERASEH_EN_SHIFT :
557  QN908X_FMC_ERASE_CTRL_PAGE_ERASEL_EN_SHIFT;
558 
559  retval = target_write_u32(bank->target, QN908X_FMC_ERASE_CTRL,
560  BIT(ctrl_erase_en_shift) | (page_idx << ctrl_page_idx_shift));
561  if (retval != ERROR_OK)
562  return retval;
563 
564  retval = qn908x_wait_for_idle(bank->target, QN908X_DEFAULT_TIMEOUT_MS);
565  if (retval != ERROR_OK)
566  return retval;
567 
568  retval = qn908x_status_check(bank->target);
569  if (retval != ERROR_OK)
570  return retval;
571  }
572 
573  return retval;
574 }
575 
576 static int qn908x_protect(struct flash_bank *bank, int set, unsigned int first,
577  unsigned int last)
578 {
579  struct qn908x_flash_bank *qn908x_info = bank->driver_priv;
580 
581  if (bank->target->state != TARGET_HALTED) {
582  LOG_ERROR("Target not halted");
583  return ERROR_TARGET_NOT_HALTED;
584  }
585 
586  if (!qn908x_info->page_lock_loaded) {
587  int retval = qn908x_read_page_lock(bank);
588  if (retval != ERROR_OK)
589  return retval;
590  }
591 
592  /* Use [first, last) interval open on the right side from now on. */
593  last++;
594  /* We use sectors as prot_blocks. */
595  bool needs_update = false;
596  for (unsigned int i = first; i < last; i++) {
597  if (set != (((qn908x_info->page_lock.bits[i / 8] >> (i % 8)) & 1) ^ 1))
598  needs_update = true;
599  }
600 
601  /* Check that flash protection still allows SWD access to flash and RAM,
602  * otherwise we won't be able to re-flash this chip from SWD unless we do a
603  * mass erase. */
604  if (qn908x_info->page_lock.protection & QN908X_FMC_LOCK_STAT_8_PROTECT_ANY) {
605  LOG_WARNING("SWD flash/RAM access disabled in the Flash lock and "
606  "protect descriptor. You might need to issue a mass_erase to "
607  "regain SWD access to this chip after reboot.");
608  }
609 
610  if (!needs_update)
611  return ERROR_OK;
612 
613  int last_page = qn908x_info->num_blocks * QN908X_FLASH_PAGES_PER_BLOCK - 1;
614  int retval;
615 
616  if (qn908x_info->page_lock.bits[sizeof(qn908x_info->page_lock.bits) - 1] & 0x80) {
617  /* A bit 1 in the MSB in the page_lock.bits array means that the last
618  * page is unlocked, so we can just erase it. */
619  retval = qn908x_erase(bank, last_page, last_page);
620  if (retval != ERROR_OK)
621  return retval;
622  } else {
623  /* TODO: The last page is locked and we can't erase unless we use the
624  * ERASE_PASSWORD from code running on the device. For this we need to
625  * copy a little program to RAM and execute the erase command from
626  * there since there's no way to override the page protection from
627  * SWD. */
628  LOG_ERROR("Unprotecting the last page is not supported. Issue a "
629  "\"qn908x mass_erase\" command to erase the whole flash, "
630  "including the last page and its protection.");
631  return ERROR_FAIL;
632  }
633 
634  for (unsigned int i = first / 8; i < (last + 7) / 8; i++) {
635  /* first_mask contains a bit set if the bit corresponds to a block id
636  * that is larger or equal than first. This is basically 0xff in all
637  * cases except potentially the first iteration. */
638  uint8_t first_mask = (first <= i * 8)
639  ? 0xff : 0xff ^ ((1u << (first - i * 8)) - 1);
640  /* Similar to first_mask, this contains a bit set if the corresponding
641  * is smaller than last. */
642  uint8_t last_mask = (i * 8 + 8 <= last)
643  ? 0xff : ((1u << (last - i * 8)) - 1);
644 
645  uint8_t mask = first_mask & last_mask;
646  LOG_DEBUG("protect set=%d bits[%d] with mask=0x%02x", set, i, mask);
647  /* To "set" the protection bit means to clear the bit in the page_lock
648  * bit array. */
649  if (set)
650  qn908x_info->page_lock.bits[i] &= ~mask;
651  else
652  qn908x_info->page_lock.bits[i] |= mask;
653  }
654 
655  retval = qn908x_write(bank, (void *)(&qn908x_info->page_lock),
656  last_page * QN908X_FLASH_PAGE_SIZE, sizeof(qn908x_info->page_lock));
657  if (retval != ERROR_OK)
658  return retval;
659 
660  /* Reload the lock_stat to make the changes effective. */
661  retval = qn908x_load_lock_stat(bank->target);
662  if (retval != ERROR_OK)
663  return retval;
664 
665  for (unsigned int i = first; i < last; i++)
666  bank->sectors[i].is_protected = set;
667 
668  return ERROR_OK;
669 }
670 
671 static int qn908x_write(struct flash_bank *bank, const uint8_t *buffer,
672  uint32_t offset, uint32_t count)
673 {
674  struct qn908x_flash_bank *qn908x_info = bank->driver_priv;
675  int retval = ERROR_OK;
676 
677  if (bank->target->state != TARGET_HALTED) {
678  LOG_ERROR("Target not halted");
679  return ERROR_TARGET_NOT_HALTED;
680  }
681 
682  /* The flash infrastructure was requested to align writes to 32 bit */
683  assert(((offset % 4) == 0) && ((count % 4) == 0));
684 
685  /* Compute the calc_checksum even if it wasn't requested. */
686  uint32_t checksum = 0;
687  if (offset == 0 && count >= 0x20) {
688  for (int i = 0; i < 7; i++)
689  checksum += buf_get_u32(buffer + (i * 4), 0, 32);
690  checksum = 0 - checksum;
691  LOG_DEBUG("computed image checksum: 0x%8.8" PRIx32, checksum);
692  uint32_t stored_checksum = buf_get_u32(buffer + 7 * 4, 0, 32);
693  if (checksum != stored_checksum) {
694  LOG_WARNING("Image vector table checksum mismatch: expected 0x%08"
695  PRIx32 " but found 0x%08" PRIx32,
696  checksum, stored_checksum);
697  if (!qn908x_info->calc_checksum)
698  LOG_WARNING("This device will not boot, use calc_checksum in "
699  "the flash bank.");
700  else
701  LOG_WARNING("Updating checksum, verification will fail.");
702  }
703  }
704 
705  /* Check the Code Read Protection (CRP) word for invalid values or not
706  * allowed ones. */
707  if (offset <= 0x20 && offset + count >= 0x24) {
708  uint32_t crp = buf_get_u32(buffer + 0x20 - offset, 0, 32);
709  /* 2-bit fields at bits 10, 12, 14, 16 and 18 must not be 00 or 11. */
710  for (int i = 10; i <= 18; i += 2) {
711  uint32_t field = (crp >> i) & 3;
712  if (field == 0 || field == 3) {
713  LOG_DEBUG("Code Read Protection = 0x%08" PRIx32, crp);
714  LOG_ERROR("The Code Read Protection (CRP) field at bit %d is "
715  "invalid (%" PRIu32 "). An invalid value could make "
716  "the flash inaccessible.", i, field);
717  return ERROR_FAIL;
718  }
719  }
720 
721  uint32_t swd_allowed = (crp >> 18) & 3;
722  if (swd_allowed != 2) {
723  LOG_WARNING("The Code Read Protection (CRP) in this image "
724  "(0x%08" PRIx32 ") is disabling the SWD access, which is "
725  "currently used by OpenOCD to flash this device. After "
726  "reboot, this device will not be accessible to OpenOCD "
727  "anymore.", crp);
728  if (!qn908x_info->allow_swd_disabled) {
729  LOG_ERROR("Disabling SWD is not allowed, run "
730  "\"qn908x allow_brick\" before if you really want to "
731  "disable SWD. You won't be able to access this chip "
732  "anymore from OpenOCD.");
733  return ERROR_FAIL;
734  }
735  }
736  }
737 
738  retval = qn908x_wait_for_idle(bank->target, QN908X_DEFAULT_TIMEOUT_MS);
739  if (retval != ERROR_OK)
740  return retval;
741 
742  uint32_t smart_ctrl = QN908X_FMC_SMART_CTRL_SMART_WRITEL_EN_MASK
743  | QN908X_FMC_SMART_CTRL_PRGML_EN_MASK
744  | QN908X_FMC_SMART_CTRL_MAX_WRITE(QN908X_FMC_SMART_CTRL_MAX_WRITE_RETRIES);
745  if (qn908x_info->num_blocks > 1) {
746  smart_ctrl |= QN908X_FMC_SMART_CTRL_SMART_WRITEH_EN_MASK
747  | QN908X_FMC_SMART_CTRL_PRGMH_EN_MASK;
748  }
749  retval = target_write_u32(bank->target, QN908X_FMC_SMART_CTRL, smart_ctrl);
750  if (retval != ERROR_OK)
751  return retval;
752 
753  /* Write data page-wise, as suggested in the examples in section
754  * 28.5.2 "Flash write" of user manual UM11023 in revision 1.1
755  * (February 2018). */
756  while (count > 0) {
757  uint32_t next_offset = (offset & ~(QN908X_FLASH_PAGE_SIZE - 1)) + QN908X_FLASH_PAGE_SIZE;
758  uint32_t chunk_len = next_offset - offset;
759  if (chunk_len > count)
760  chunk_len = count;
761 
762  if (offset == 0
763  && chunk_len >= QN908X_FLASH_IRQ_VECTOR_CHECKSUM_END
764  && qn908x_info->calc_checksum) {
765  /* write data prior to checksum */
766  retval = target_write_buffer(bank->target, bank->base,
767  QN908X_FLASH_IRQ_VECTOR_CHECKSUM_POS, buffer);
768  if (retval != ERROR_OK)
769  return retval;
770 
771  /* write computed crc checksum instead of provided data */
772  retval = target_write_u32(bank->target, bank->base + QN908X_FLASH_IRQ_VECTOR_CHECKSUM_POS, checksum);
773  if (retval != ERROR_OK)
774  return retval;
775 
776  retval = target_write_buffer(bank->target,
777  bank->base + QN908X_FLASH_IRQ_VECTOR_CHECKSUM_END,
778  chunk_len - QN908X_FLASH_IRQ_VECTOR_CHECKSUM_END,
779  buffer + QN908X_FLASH_IRQ_VECTOR_CHECKSUM_END);
780  } else {
781  retval = target_write_buffer(bank->target, bank->base + offset,
782  chunk_len, buffer);
783  }
784 
785  if (retval != ERROR_OK)
786  return retval;
787 
788  keep_alive();
789  buffer += chunk_len;
790  count -= chunk_len;
791  offset = next_offset;
792 
793  /* Wait for FMC to complete write */
794  retval = qn908x_wait_for_idle(bank->target, QN908X_DEFAULT_TIMEOUT_MS);
795  if (retval != ERROR_OK)
796  return retval;
797 
798  /* Check if FMC reported any errors */
799  retval = qn908x_status_check(bank->target);
800  if (retval != ERROR_OK)
801  return retval;
802  }
803 
804  return retval;
805 }
806 
807 static int is_flash_protected(struct flash_bank *bank, bool *is_protected)
808 {
809  int retval;
810  uint32_t lock_stat;
811  retval = target_read_u32(bank->target, QN908X_FMC_LOCK_STAT_8, &lock_stat);
812  if (retval)
813  return retval;
814 
815  *is_protected = false;
816  if (lock_stat & QN908X_FMC_LOCK_STAT_8_PROTECT_ANY)
817  *is_protected = true;
818 
819  return ERROR_OK;
820 }
821 
822 static int qn908x_probe(struct flash_bank *bank)
823 {
824  int retval;
825  struct qn908x_flash_bank *qn908x_info = bank->driver_priv;
826  uint8_t info_page[QN908X_INFO_PAGE_CRC_END - QN908X_INFO_PAGE_CRC_START];
827  qn908x_info->num_blocks = 0;
828 
829  /* When the SWD access to the RAM is locked by the LOCK_STAT_8 register we
830  * can't access the info page to verify the chip/bank version and it will
831  * read all zeros. This situation prevents the bank from being initialized
832  * at all so no other operation can be performed. The only option to
833  * re-flash the chip is to perform a mass_erase from SWD, which can be
834  * performed even if the mass_erase operation is locked as well.
835  * We attempt to read the info page and redirect the user to perform a
836  * mass_erase if we detect this situation. */
837  retval = target_read_memory(bank->target, QN908X_INFO_PAGE_CRC_START,
838  sizeof(uint32_t), sizeof(info_page) / sizeof(uint32_t),
839  info_page);
840  if (retval != ERROR_OK)
841  return retval;
842 
843  const uint32_t crc_seed = 0xffffffff;
844  /* The QN908x uses the standard little endian CRC32 polynomial and all ones
845  * as seed. The CRC32 is however finalized by one last xor operation that
846  * is not part of the common CRC32 implementation, so we do that by hand */
847  uint32_t computed_crc = crc32_le(CRC32_POLY_LE, crc_seed,
848  info_page, sizeof(info_page));
849  computed_crc ^= crc_seed;
850  uint32_t read_crc;
851  retval = target_read_u32(bank->target, QN908X_INFO_PAGE_CRC32, &read_crc);
852  if (retval != ERROR_OK)
853  return retval;
854 
855  if (computed_crc != read_crc) {
856  uint32_t info_page_or = 0;
857  for (unsigned int i = 0; i < sizeof(info_page); i++)
858  info_page_or |= info_page[i];
859  bool is_protected;
860  retval = is_flash_protected(bank, &is_protected);
861  if (retval != ERROR_OK)
862  return retval;
863 
864  if (info_page_or == 0 && is_protected) {
865  LOG_ERROR("The flash or memory in this chip is protected and "
866  "cannot be accessed from the SWD interface. However, a "
867  "\"qn908x mass_erase\" can erase the device and lift this "
868  "protection.");
869  return ERROR_FAIL;
870  }
871 
872  LOG_ERROR("Flash information page CRC32 mismatch, found 0x%08"
873  PRIx32 " but computed 0x%08" PRIx32 ". Flash size unknown",
874  read_crc, computed_crc);
875  return ERROR_FAIL;
876  }
877 
878  uint32_t flash_size_fld = target_buffer_get_u32(bank->target,
879  info_page + (QN908X_INFO_PAGE_FLASH_SIZE - QN908X_INFO_PAGE_CRC_START));
880 
881  switch (flash_size_fld) {
882  case QN908X_FLASH_SIZE_512K:
883  qn908x_info->num_blocks = 2;
884  break;
885  case QN908X_FLASH_SIZE_256K:
886  qn908x_info->num_blocks = 1;
887  break;
888  default:
889  LOG_ERROR("Unknown Flash size field: 0x%08" PRIx32,
890  flash_size_fld);
891  return ERROR_FAIL;
892  }
893 
894  bank->size = qn908x_info->num_blocks * QN908X_FLASH_BLOCK_SIZE;
895  bank->write_start_alignment = 4;
896  bank->write_end_alignment = 4;
897 
898  /* The flash supports erasing and protecting individual pages. */
899  bank->num_sectors = qn908x_info->num_blocks *
900  QN908X_FLASH_PAGES_PER_BLOCK;
901  bank->sectors = alloc_block_array(0, QN908X_FLASH_PAGE_SIZE,
902  bank->num_sectors);
903  if (!bank->sectors)
904  return ERROR_FAIL;
905 
906  retval = qn908x_init_flash(bank->target);
907  if (retval != ERROR_OK)
908  return retval;
909 
910  LOG_INFO("Detected flash size: %d KiB", bank->size / 1024);
911 
912  return ERROR_OK;
913 }
914 
915 static int qn908x_auto_probe(struct flash_bank *bank)
916 {
917  struct qn908x_flash_bank *qn908x_info = bank->driver_priv;
918  if (qn908x_info->num_blocks != 0)
919  return ERROR_OK;
920  LOG_DEBUG("auto_probe");
921  return qn908x_probe(bank);
922 }
923 
924 static int qn908x_protect_check(struct flash_bank *bank)
925 {
926  struct qn908x_flash_bank *qn908x_info = bank->driver_priv;
927 
928  int retval = qn908x_read_page_lock(bank);
929  if (retval != ERROR_OK)
930  return retval;
931 
932  for (uint32_t i = 0;
933  i < qn908x_info->num_blocks * QN908X_FLASH_PAGES_PER_BLOCK;
934  i++) {
935  /* A bit 0 in page_lock means page is locked. */
936  bank->sectors[i].is_protected =
937  ((qn908x_info->page_lock.bits[i / 8] >> (i % 8)) & 1) ^ 1;
938  }
939  return ERROR_OK;
940 }
941 
942 static int qn908x_get_info(struct flash_bank *bank,
943  struct command_invocation *cmd)
944 {
945  uint32_t bootloader_version;
946  uint32_t chip_id;
947  uint8_t bluetooth[6];
948  int retval;
949  struct qn908x_flash_bank *qn908x_info = bank->driver_priv;
950 
951  retval = target_read_u32(bank->target, QN908X_SYSCON_CHIP_ID, &chip_id);
952  if (retval != ERROR_OK) {
953  command_print_sameline(cmd, "Cannot read QN908x chip ID.");
954  return retval;
955  }
956  retval = target_read_u32(bank->target, QN908X_INFO_PAGE_BOOTLOADER_VER,
957  &bootloader_version);
958  if (retval != ERROR_OK) {
959  command_print_sameline(cmd, "Cannot read from QN908x info page.");
960  return retval;
961  }
962 
963  retval = target_read_memory(bank->target, QN908X_INFO_PAGE_BLUETOOTH_ADDR,
964  1, sizeof(bluetooth), bluetooth);
965  if (retval != ERROR_OK) {
966  command_print_sameline(cmd, "Cannot read QN908x bluetooth L2 address.");
967  return retval;
968  }
969 
970  command_print_sameline(cmd, "qn908x: chip id: 0x%" PRIx32, chip_id);
971 
972  command_print_sameline(cmd, " bdaddr: "
973  "%02" PRIx8 ":%02" PRIx8 ":%02" PRIx8
974  ":%02" PRIx8 ":%02" PRIx8 ":%02" PRIx8,
975  bluetooth[0], bluetooth[1], bluetooth[2],
976  bluetooth[3], bluetooth[4], bluetooth[5]);
977 
978  command_print_sameline(cmd, " bootloader: %08" PRIx32, bootloader_version);
979 
980  command_print_sameline(cmd, " blocks: %" PRIu32, qn908x_info->num_blocks);
981 
982  return ERROR_OK;
983 }
984 
985 COMMAND_HANDLER(qn908x_handle_allow_brick_command)
986 {
987  int retval;
988 
989  struct target *target = get_current_target(CMD_CTX);
990  struct flash_bank *bank = NULL;
991 
992  if (CMD_ARGC != 0)
993  return ERROR_COMMAND_SYNTAX_ERROR;
994 
995  retval = get_flash_bank_by_addr(target, QN908X_FLASH_BASE, true, &bank);
996  if (retval != ERROR_OK)
997  return retval;
998 
999  /* If get_flash_bank_by_addr() did not find the flash bank, it should have
1000  * returned and error code instead of ERROR_OK */
1001  assert(bank);
1002  struct qn908x_flash_bank *qn908x_info = bank->driver_priv;
1003 
1004  LOG_WARNING("Flashing images that disable SWD in qn908x is now allowed.");
1005  qn908x_info->allow_swd_disabled = true;
1006 
1007  return ERROR_OK;
1008 }
1009 
1010 COMMAND_HANDLER(qn908x_handle_disable_wdog_command)
1011 {
1012  int retval;
1013  struct target *target = get_current_target(CMD_CTX);
1014 
1015  if (CMD_ARGC != 0)
1016  return ERROR_COMMAND_SYNTAX_ERROR;
1017 
1018  if (target->state != TARGET_HALTED) {
1019  command_print(CMD, "Target not halted");
1020  return ERROR_TARGET_NOT_HALTED;
1021  }
1022 
1023  /* To change any value in the watchdog block (WDT) we need to first write
1024  * 0x1ACCE551 to the LOCK register, and we can then set it back to any other
1025  * value to prevent accidental changes to the watchdog. */
1026  retval = target_write_u32(target, QN908X_WDT_LOCK, 0x1ACCE551);
1027  if (retval != ERROR_OK)
1028  return retval;
1029 
1030  retval = target_write_u32(target, QN908X_WDT_CTRL, 0);
1031  if (retval != ERROR_OK)
1032  return retval;
1033 
1034  return target_write_u32(target, QN908X_WDT_LOCK, 0);
1035 }
1036 
1037 COMMAND_HANDLER(qn908x_handle_mass_erase_command)
1038 {
1039  int retval;
1040  bool keep_lock = false;
1041  if (CMD_ARGC > 1)
1042  return ERROR_COMMAND_SYNTAX_ERROR;
1043  if (CMD_ARGC == 1) {
1044  if (strcmp("keep_lock", CMD_ARGV[0]))
1045  return ERROR_COMMAND_ARGUMENT_INVALID;
1046  keep_lock = true;
1047  }
1048 
1049  /* This operation can be performed without probing the bank since it is the
1050  * only way to unlock a chip when the flash and ram have been locked. */
1051  struct target *target = get_current_target(CMD_CTX);
1052 
1053  retval = qn908x_setup_erase(target);
1054  if (retval != ERROR_OK)
1055  return retval;
1056 
1057  /* Check the mass-erase locking status for information purposes only. This
1058  * lock applies to both the SWD and the code running in the core but can be
1059  * bypassed in either case. */
1060  uint32_t lock_stat_8;
1061  retval = target_read_u32(target, QN908X_FMC_LOCK_STAT_8, &lock_stat_8);
1062  LOG_DEBUG("LOCK_STAT_8 before erasing: 0x%" PRIx32, lock_stat_8);
1063  if (retval != ERROR_OK)
1064  return retval;
1065  if ((lock_stat_8 & QN908X_FMC_LOCK_STAT_8_MASS_ERASE_LOCK_EN) == 0) {
1066  LOG_INFO("mass_erase disabled by Flash lock and protection, forcing "
1067  "mass_erase.");
1068  }
1069  /* Set the DEBUG_PASSWORD so we can force the mass erase from the SWD. We do
1070  * this regardless of the lock status. */
1071  retval = target_write_u32(target, QN908X_FMC_DEBUG_PASSWORD, 0xCA1E093F);
1072  if (retval != ERROR_OK)
1073  return retval;
1074 
1075  /* Erase both halves of the flash at the same time. These are actually done
1076  * sequentially but we need to send the command to erase both blocks since
1077  * doing so in a locked flash will change the LOCK_STAT_8 register to 0x01,
1078  * allowing us to access the (now erase) flash an memory. Erasing only one
1079  * block at a time does not reset the LOCK_STAT_8 register and therefore
1080  * will not grant access to program the chip. */
1081  uint32_t erase_cmd = (1u << QN908X_FMC_ERASE_CTRL_HALF_ERASEH_EN_SHIFT) |
1082  (1u << QN908X_FMC_ERASE_CTRL_HALF_ERASEL_EN_SHIFT);
1083  LOG_DEBUG("Erasing both blocks with command 0x%" PRIx32, erase_cmd);
1084 
1085  retval = target_write_u32(target, QN908X_FMC_ERASE_CTRL, erase_cmd);
1086  if (retval != ERROR_OK)
1087  return retval;
1088 
1089  retval = qn908x_wait_for_idle(target, QN908X_DEFAULT_TIMEOUT_MS);
1090  if (retval != ERROR_OK)
1091  return retval;
1092 
1093  retval = qn908x_status_check(target);
1094  if (retval != ERROR_OK)
1095  return retval;
1096 
1097  /* Set the debug password back to 0 to avoid accidental mass_erase. */
1098  retval = target_write_u32(target, QN908X_FMC_DEBUG_PASSWORD, 0);
1099  if (retval != ERROR_OK)
1100  return retval;
1101 
1102  /* At this point the flash is erased and we are able to write to the flash
1103  * since the LOCK_STAT_8 gets updated to 0x01 after the mass_erase. However,
1104  * after a hard reboot this value will be realoaded from flash which after
1105  * an erase is 0xff. This means that after flashing an image that doesn't
1106  * set the protection bits we end up with a chip that we can't debug. We
1107  * update this value to 0x01 unless "keep_lock" is passed to allow the SWD
1108  * interface to debug the flash and RAM after a hard reset. */
1109  if (keep_lock)
1110  return retval;
1111 
1112  retval = qn908x_init_flash(target);
1113  if (retval != ERROR_OK)
1114  return retval;
1115 
1116  /* Unlock access to RAM and FLASH in the last page of the flash and
1117  * reloading */
1118  retval = qn908x_wait_for_idle(target, QN908X_DEFAULT_TIMEOUT_MS);
1119  if (retval != ERROR_OK)
1120  return retval;
1121 
1122  uint32_t smart_ctrl = QN908X_FMC_SMART_CTRL_SMART_WRITEH_EN_MASK |
1123  QN908X_FMC_SMART_CTRL_PRGMH_EN_MASK;
1124  retval = target_write_u32(target, QN908X_FMC_SMART_CTRL, smart_ctrl);
1125  if (retval != ERROR_OK)
1126  return retval;
1127 
1128  retval = target_write_u32(target, QN908X_FLASH_LOCK_ADDR,
1129  QN908X_FLASH_LOCK_ENABLE_MASS_ERASE);
1130  if (retval != ERROR_OK)
1131  return retval;
1132 
1133  retval = qn908x_wait_for_idle(target, QN908X_DEFAULT_TIMEOUT_MS);
1134  if (retval != ERROR_OK)
1135  return retval;
1136 
1137  /* Force a page_lock reload after the mass_erase . */
1138  retval = qn908x_load_lock_stat(target);
1139  if (retval != ERROR_OK)
1140  return retval;
1141 
1142  return retval;
1143 }
1144 
1145 static const struct command_registration qn908x_exec_command_handlers[] = {
1146  {
1147  .name = "allow_brick",
1148  .handler = qn908x_handle_allow_brick_command,
1149  .mode = COMMAND_EXEC,
1150  .help = "Allow writing images that disable SWD access in their "
1151  "Code Read Protection (CRP) word. Warning: This can make your "
1152  "chip inaccessible from OpenOCD or any other SWD debugger.",
1153  .usage = "",
1154  },
1155  {
1156  .name = "disable_wdog",
1157  .handler = qn908x_handle_disable_wdog_command,
1158  .mode = COMMAND_EXEC,
1159  .help = "Disabled the watchdog (WDT).",
1160  .usage = "",
1161  },
1162  {
1163  .name = "mass_erase",
1164  .handler = qn908x_handle_mass_erase_command,
1165  .mode = COMMAND_EXEC,
1166  .help = "Erase the whole flash chip.",
1167  .usage = "[keep_lock]",
1168  },
1169  COMMAND_REGISTRATION_DONE
1170 };
1171 
1172 static const struct command_registration qn908x_command_handlers[] = {
1173  {
1174  .name = "qn908x",
1175  .mode = COMMAND_ANY,
1176  .help = "qn908x flash controller commands",
1177  .usage = "",
1178  .chain = qn908x_exec_command_handlers,
1179  },
1180  COMMAND_REGISTRATION_DONE
1181 };
1182 
1183 const struct flash_driver qn908x_flash = {
1184  .name = "qn908x",
1185  .commands = qn908x_command_handlers,
1186  .flash_bank_command = qn908x_flash_bank_command,
1187  .info = qn908x_get_info,
1188  .erase = qn908x_erase,
1189  .protect = qn908x_protect,
1190  .write = qn908x_write,
1191  .read = default_flash_read,
1192  .probe = qn908x_probe,
1193  .auto_probe = qn908x_auto_probe,
1194  .erase_check = default_flash_blank_check,
1195  .protect_check = qn908x_protect_check,
1196  .free_driver_priv = default_flash_free_driver_priv,
1197 };
binarybuffer.h
Support functions to access arbitrary bits in a byte array.
buf_get_u32
static uint32_t buf_get_u32(const uint8_t *_buffer, unsigned int first, unsigned int num)
Retrieves num bits from _buffer, starting at the first bit, returning the bits in a 32-bit word.
Definition: binarybuffer.h:104
command_print_sameline
void command_print_sameline(struct command_invocation *cmd, const char *format,...)
Definition: command.c:420
command_print
void command_print(struct command_invocation *cmd, const char *format,...)
Definition: command.c:443
CMD
#define CMD
Use this macro to access the command being handled, rather than accessing the variable directly.
Definition: command.h:141
CMD_ARGV
#define CMD_ARGV
Use this macro to access the arguments for the command being handled, rather than accessing the varia...
Definition: command.h:156
ERROR_COMMAND_SYNTAX_ERROR
#define ERROR_COMMAND_SYNTAX_ERROR
Definition: command.h:402
CMD_ARGC
#define CMD_ARGC
Use this macro to access the number of arguments for the command being handled, rather than accessing...
Definition: command.h:151
CMD_CTX
#define CMD_CTX
Use this macro to access the context of the command being handled, rather than accessing the variable...
Definition: command.h:146
COMMAND_REGISTRATION_DONE
#define COMMAND_REGISTRATION_DONE
Use this as the last entry in an array of command_registration records.
Definition: command.h:253
ERROR_COMMAND_ARGUMENT_INVALID
#define ERROR_COMMAND_ARGUMENT_INVALID
Definition: command.h:404
COMMAND_ANY
@ COMMAND_ANY
Definition: command.h:42
COMMAND_EXEC
@ COMMAND_EXEC
Definition: command.h:40
crc32_le
uint32_t crc32_le(uint32_t poly, uint32_t seed, const void *_data, size_t data_len)
Calculate the CRC32 value of the given data.
Definition: crc32.c:33
crc32.h
A generic CRC32 implementation.
CRC32_POLY_LE
#define CRC32_POLY_LE
CRC32 polynomial commonly used for little endian CRC32.
Definition: crc32.h:21
bank
uint8_t bank
Definition: esirisc.c:135
mask
int mask
Definition: esirisc.c:1741
ERROR_FLASH_SECTOR_INVALID
#define ERROR_FLASH_SECTOR_INVALID
Definition: flash/common.h:29
ERROR_FLASH_BANK_NOT_PROBED
#define ERROR_FLASH_BANK_NOT_PROBED
Definition: flash/common.h:35
ERROR_FLASH_BUSY
#define ERROR_FLASH_BUSY
Definition: flash/common.h:33
alloc_block_array
struct flash_sector * alloc_block_array(uint32_t offset, uint32_t size, unsigned int num_blocks)
Allocate and fill an array of sectors or protection blocks.
Definition: flash/nor/core.c:1002
default_flash_blank_check
int default_flash_blank_check(struct flash_bank *bank)
Provides default erased-bank check handling.
Definition: flash/nor/core.c:380
default_flash_read
int default_flash_read(struct flash_bank *bank, uint8_t *buffer, uint32_t offset, uint32_t count)
Provides default read implementation for flash memory.
Definition: flash/nor/core.c:121
default_flash_free_driver_priv
void default_flash_free_driver_priv(struct flash_bank *bank)
Deallocates bank->driver_priv.
Definition: flash/nor/core.c:210
get_flash_bank_by_addr
int get_flash_bank_by_addr(struct target *target, target_addr_t addr, bool check, struct flash_bank **result_bank)
Returns the flash bank located at a specified address.
Definition: flash/nor/core.c:300
keep_alive
void keep_alive(void)
Definition: log.c:415
LOG_WARNING
#define LOG_WARNING(expr ...)
Definition: log.h:129
ERROR_FAIL
#define ERROR_FAIL
Definition: log.h:170
LOG_ERROR
#define LOG_ERROR(expr ...)
Definition: log.h:132
ERROR_TIMEOUT_REACHED
#define ERROR_TIMEOUT_REACHED
Definition: log.h:173
LOG_INFO
#define LOG_INFO(expr ...)
Definition: log.h:126
LOG_DEBUG
#define LOG_DEBUG(expr ...)
Definition: log.h:109
ERROR_OK
#define ERROR_OK
Definition: log.h:164
QN908X_FMC_TIME_CTRL_PRGM_CYCLE
#define QN908X_FMC_TIME_CTRL_PRGM_CYCLE(x)
Definition: qn908x.c:148
QN908X_FMC_TIME_CTRL_TIME_BASE
#define QN908X_FMC_TIME_CTRL_TIME_BASE(x)
Definition: qn908x.c:153
qn908x_write
static int qn908x_write(struct flash_bank *bank, const uint8_t *buffer, uint32_t offset, uint32_t count)
Definition: qn908x.c:671
QN908X_INFO_PAGE_CRC32
#define QN908X_INFO_PAGE_CRC32
Definition: qn908x.c:57
qn908x_setup_erase
static int qn908x_setup_erase(struct target *target)
Definition: qn908x.c:486
QN908X_FMC_LOCK_STAT_8
#define QN908X_FMC_LOCK_STAT_8
Definition: qn908x.c:90
QN908X_FMC_SMART_CTRL_MAX_ERASE_RETRIES
#define QN908X_FMC_SMART_CTRL_MAX_ERASE_RETRIES
Definition: qn908x.c:143
QN908X_FMC_TIME_CTRL
#define QN908X_FMC_TIME_CTRL
Definition: qn908x.c:79
QN908X_FMC_SMART_CTRL_MAX_ERASE
#define QN908X_FMC_SMART_CTRL_MAX_ERASE(x)
Definition: qn908x.c:139
qn908x_auto_probe
static int qn908x_auto_probe(struct flash_bank *bank)
Definition: qn908x.c:915
QN908X_INFO_PAGE_FLASH_SIZE
#define QN908X_INFO_PAGE_FLASH_SIZE
Definition: qn908x.c:60
qn908x_init_flash
static int qn908x_init_flash(struct target *target)
Definition: qn908x.c:297
QN908X_FMC_ERASE_CTRL_PAGE_ERASEH_EN_SHIFT
#define QN908X_FMC_ERASE_CTRL_PAGE_ERASEH_EN_SHIFT
Definition: qn908x.c:109
qn908x_status_check
static int qn908x_status_check(struct target *target)
Definition: qn908x.c:431
qn908x_get_info
static int qn908x_get_info(struct flash_bank *bank, struct command_invocation *cmd)
Definition: qn908x.c:942
QN908X_FMC_STATUS1_INI_RD_DONE_MASK
#define QN908X_FMC_STATUS1_INI_RD_DONE_MASK
Definition: qn908x.c:101
QN908X_FMC_ERASE_CTRL_HALF_ERASEH_EN_SHIFT
#define QN908X_FMC_ERASE_CTRL_HALF_ERASEH_EN_SHIFT
Definition: qn908x.c:107
QN908X_FMC_STATUS1
#define QN908X_FMC_STATUS1
Definition: qn908x.c:91
QN908X_FMC_SMART_CTRL_SMART_WRITEH_EN_MASK
#define QN908X_FMC_SMART_CTRL_SMART_WRITEH_EN_MASK
Definition: qn908x.c:129
QN908X_INFO_PAGE_BLUETOOTH_ADDR
#define QN908X_INFO_PAGE_BLUETOOTH_ADDR
Definition: qn908x.c:61
qn908x_flash
const struct flash_driver qn908x_flash
Definition: qn908x.c:1183
QN908X_FLASH_IRQ_VECTOR_CHECKSUM_POS
#define QN908X_FLASH_IRQ_VECTOR_CHECKSUM_POS
Definition: qn908x.c:49
QN908X_FMC_INT_STAT_WRITE_FAIL_L_INT_MASK
#define QN908X_FMC_INT_STAT_WRITE_FAIL_L_INT_MASK
Definition: qn908x.c:116
QN908X_FMC_INT_STAT_LOCKL_INT_MASK
#define QN908X_FMC_INT_STAT_LOCKL_INT_MASK
Definition: qn908x.c:112
SYSCON_CLK_CTRL_CLK_XTAL_SEL_MASK
#define SYSCON_CLK_CTRL_CLK_XTAL_SEL_MASK
Definition: qn908x.c:195
CLOCK_16MHZ
#define CLOCK_16MHZ
Definition: qn908x.c:200
qn908x_protect_check
static int qn908x_protect_check(struct flash_bank *bank)
Definition: qn908x.c:924
SYSCON_XTAL_CTRL_XTAL_DIV_MASK
#define SYSCON_XTAL_CTRL_XTAL_DIV_MASK
Definition: qn908x.c:191
QN908X_FMC_ERASE_TIME
#define QN908X_FMC_ERASE_TIME
Definition: qn908x.c:78
QN908X_FMC_SMART_CTRL_MAX_WRITE
#define QN908X_FMC_SMART_CTRL_MAX_WRITE(x)
Definition: qn908x.c:134
QN908X_INFO_PAGE_CRC_END
#define QN908X_INFO_PAGE_CRC_END
Definition: qn908x.c:62
QN908X_FLASH_IRQ_VECTOR_CHECKSUM_END
#define QN908X_FLASH_IRQ_VECTOR_CHECKSUM_END
Definition: qn908x.c:51
qn908x_wait_for_idle
static int qn908x_wait_for_idle(struct target *target, int64_t timeout_ms)
Definition: qn908x.c:468
QN908X_FMC_INT_STAT
#define QN908X_FMC_INT_STAT
Definition: qn908x.c:81
QN908X_FMC_INI_RD_EN_INI_RD_EN_MASK
#define QN908X_FMC_INI_RD_EN_INI_RD_EN_MASK
Definition: qn908x.c:95
qn908x_exec_command_handlers
static const struct command_registration qn908x_exec_command_handlers[]
Definition: qn908x.c:1145
QN908X_FMC_SMART_CTRL
#define QN908X_FMC_SMART_CTRL
Definition: qn908x.c:80
QN908X_FMC_STATUS1_FSH_ERA_BUSY_H_MASK
#define QN908X_FMC_STATUS1_FSH_ERA_BUSY_H_MASK
Definition: qn908x.c:99
QN908X_FLASH_BLOCK_SIZE
#define QN908X_FLASH_BLOCK_SIZE
Definition: qn908x.c:47
qn908x_probe
static int qn908x_probe(struct flash_bank *bank)
Definition: qn908x.c:822
is_flash_protected
static int is_flash_protected(struct flash_bank *bank, bool *is_protected)
Definition: qn908x.c:807
QN908X_FMC_SMART_CTRL_PRGMH_EN_MASK
#define QN908X_FMC_SMART_CTRL_PRGMH_EN_MASK
Definition: qn908x.c:127
QN908X_FMC_SMART_CTRL_MAX_WRITE_RETRIES
#define QN908X_FMC_SMART_CTRL_MAX_WRITE_RETRIES
Definition: qn908x.c:144
qn908x_command_handlers
static const struct command_registration qn908x_command_handlers[]
Definition: qn908x.c:1172
QN908X_FLASH_LOCK_ENABLE_MASS_ERASE
#define QN908X_FLASH_LOCK_ENABLE_MASS_ERASE
Definition: qn908x.c:165
QN908X_FMC_SMART_CTRL_PRGML_EN_MASK
#define QN908X_FMC_SMART_CTRL_PRGML_EN_MASK
Definition: qn908x.c:126
QN908X_FLASH_MAX_BLOCKS
#define QN908X_FLASH_MAX_BLOCKS
Definition: qn908x.c:46
QN908X_FMC_INT_STAT_ERASE_FAIL_H_INT_MASK
#define QN908X_FMC_INT_STAT_ERASE_FAIL_H_INT_MASK
Definition: qn908x.c:124
QN908X_SYSCON_CLK_EN_CLK_DP_EN_MASK
#define QN908X_SYSCON_CLK_EN_CLK_DP_EN_MASK
Definition: qn908x.c:189
QN908X_SYSCON_CLK_CTRL
#define QN908X_SYSCON_CLK_CTRL
Definition: qn908x.c:184
qn908x_info_page_flash_size
qn908x_info_page_flash_size
Definition: qn908x.c:66
QN908X_FLASH_SIZE_256K
@ QN908X_FLASH_SIZE_256K
Definition: qn908x.c:68
QN908X_FLASH_SIZE_512K
@ QN908X_FLASH_SIZE_512K
Definition: qn908x.c:67
QN908X_SYSCON_CHIP_ID
#define QN908X_SYSCON_CHIP_ID
Definition: qn908x.c:185
QN908X_FMC_STATUS1_FSH_WR_BUSY_H_MASK
#define QN908X_FMC_STATUS1_FSH_WR_BUSY_H_MASK
Definition: qn908x.c:100
QN908X_FMC_STATUS1_FSH_WR_BUSY_L_MASK
#define QN908X_FMC_STATUS1_FSH_WR_BUSY_L_MASK
Definition: qn908x.c:98
QN908X_FMC_STATUS1_FSH_STA_MASK
#define QN908X_FMC_STATUS1_FSH_STA_MASK
Definition: qn908x.c:102
SYSCON_CLK_CTRL_AHB_DIV_SHIFT
#define SYSCON_CLK_CTRL_AHB_DIV_SHIFT
Definition: qn908x.c:194
QN908X_FLASH_LOCK_ADDR
#define QN908X_FLASH_LOCK_ADDR
Definition: qn908x.c:163
SYSCON_CLK_CTRL_AHB_DIV_MASK
#define SYSCON_CLK_CTRL_AHB_DIV_MASK
Definition: qn908x.c:193
COMMAND_HANDLER
COMMAND_HANDLER(qn908x_handle_allow_brick_command)
Definition: qn908x.c:985
QN908X_FMC_DEBUG_PASSWORD
#define QN908X_FMC_DEBUG_PASSWORD
Definition: qn908x.c:92
QN908X_FLASH_BASE
#define QN908X_FLASH_BASE
Definition: qn908x.c:42
QN908X_FMC_INT_STAT_AHBL_INT_MASK
#define QN908X_FMC_INT_STAT_AHBL_INT_MASK
Definition: qn908x.c:111
QN908X_FMC_LOCK_STAT_8_MASS_ERASE_LOCK_EN
#define QN908X_FMC_LOCK_STAT_8_MASS_ERASE_LOCK_EN
Definition: qn908x.c:157
QN908X_FMC_ERASE_CTRL
#define QN908X_FMC_ERASE_CTRL
Definition: qn908x.c:77
SYSCON_CLK_CTRL_SYS_CLK_SEL_MASK
#define SYSCON_CLK_CTRL_SYS_CLK_SEL_MASK
Definition: qn908x.c:197
qn908x_busy_check
static int qn908x_busy_check(struct target *target)
Definition: qn908x.c:416
SYSCON_CLK_CTRL_SYS_CLK_SEL_SHIFT
#define SYSCON_CLK_CTRL_SYS_CLK_SEL_SHIFT
Definition: qn908x.c:198
SYSCON_CLK_CTRL_CLK_OSC32M_DIV_MASK
#define SYSCON_CLK_CTRL_CLK_OSC32M_DIV_MASK
Definition: qn908x.c:196
__attribute__
struct qn908x_flash_bank __attribute__
Definition: armv8.c:1016
QN908X_FMC_SMART_CTRL_SMART_ERASEL_EN_MASK
#define QN908X_FMC_SMART_CTRL_SMART_ERASEL_EN_MASK
Definition: qn908x.c:130
QN908X_FMC_SMART_CTRL_SMART_WRITEL_EN_MASK
#define QN908X_FMC_SMART_CTRL_SMART_WRITEL_EN_MASK
Definition: qn908x.c:128
QN908X_FMC_SMART_CTRL_SMART_ERASEH_EN_MASK
#define QN908X_FMC_SMART_CTRL_SMART_ERASEH_EN_MASK
Definition: qn908x.c:131
QN908X_INFO_PAGE_CRC_START
#define QN908X_INFO_PAGE_CRC_START
Definition: qn908x.c:58
qn908x_protect
static int qn908x_protect(struct flash_bank *bank, int set, unsigned int first, unsigned int last)
Definition: qn908x.c:576
QN908X_FMC_STATUS1_FSH_ERA_BUSY_L_MASK
#define QN908X_FMC_STATUS1_FSH_ERA_BUSY_L_MASK
Definition: qn908x.c:97
QN908X_FLASH_PAGES_PER_BLOCK
#define QN908X_FLASH_PAGES_PER_BLOCK
Definition: qn908x.c:45
qn908x_read_page_lock
static int qn908x_read_page_lock(struct flash_bank *bank)
Definition: qn908x.c:389
QN908X_WDT_LOCK
#define QN908X_WDT_LOCK
Definition: qn908x.c:207
qn908x_load_lock_stat
static int qn908x_load_lock_stat(struct target *target)
Definition: qn908x.c:271
QN908X_INFO_PAGE_BOOTLOADER_VER
#define QN908X_INFO_PAGE_BOOTLOADER_VER
Definition: qn908x.c:59
QN908X_FLASH_PAGE_SIZE
#define QN908X_FLASH_PAGE_SIZE
Definition: qn908x.c:44
QN908X_SYSCON_CLK_EN
#define QN908X_SYSCON_CLK_EN
Definition: qn908x.c:183
CLOCK_32KHZ
#define CLOCK_32KHZ
Definition: qn908x.c:202
QN908X_FMC_LOCK_STAT_0
#define QN908X_FMC_LOCK_STAT_0
Definition: qn908x.c:82
qn908x_update_reg
static int qn908x_update_reg(struct target *target, target_addr_t reg, uint32_t mask, uint32_t value)
Definition: qn908x.c:236
QN908X_FMC_ERASE_CTRL_PAGE_IDXL_SHIFT
#define QN908X_FMC_ERASE_CTRL_PAGE_IDXL_SHIFT
Definition: qn908x.c:104
FLASH_BANK_COMMAND_HANDLER
FLASH_BANK_COMMAND_HANDLER(qn908x_flash_bank_command)
Definition: qn908x.c:352
QN908X_FMC_ERASE_CTRL_HALF_ERASEL_EN_SHIFT
#define QN908X_FMC_ERASE_CTRL_HALF_ERASEL_EN_SHIFT
Definition: qn908x.c:106
QN908X_FMC_INI_RD_EN
#define QN908X_FMC_INI_RD_EN
Definition: qn908x.c:76
QN908X_FMC_LOCK_STAT_8_PROTECT_ANY
#define QN908X_FMC_LOCK_STAT_8_PROTECT_ANY
Definition: qn908x.c:160
CLOCK_32MHZ
#define CLOCK_32MHZ
Definition: qn908x.c:201
QN908X_FMC_ERASE_CTRL_PAGE_ERASEL_EN_SHIFT
#define QN908X_FMC_ERASE_CTRL_PAGE_ERASEL_EN_SHIFT
Definition: qn908x.c:108
QN908X_FMC_ERASE_CTRL_PAGE_IDXH_SHIFT
#define QN908X_FMC_ERASE_CTRL_PAGE_IDXH_SHIFT
Definition: qn908x.c:105
QN908X_WDT_CTRL
#define QN908X_WDT_CTRL
Definition: qn908x.c:206
QN908X_FMC_INT_STAT_ERASE_FAIL_L_INT_MASK
#define QN908X_FMC_INT_STAT_ERASE_FAIL_L_INT_MASK
Definition: qn908x.c:117
QN908X_SYSCON_XTAL_CTRL
#define QN908X_SYSCON_XTAL_CTRL
Definition: qn908x.c:186
QN908X_DEFAULT_TIMEOUT_MS
#define QN908X_DEFAULT_TIMEOUT_MS
Definition: qn908x.c:226
qn908x_erase
static int qn908x_erase(struct flash_bank *bank, unsigned int first, unsigned int last)
Definition: qn908x.c:524
addr
target_addr_t addr
Start address to search for the control block.
Definition: rtt/rtt.c:28
BIT
#define BIT(nr)
Definition: stm32l4x.h:18
command_invocation
When run_command is called, a new instance will be created on the stack, filled with the proper value...
Definition: command.h:76
command_registration
Definition: command.h:234
command_registration::name
const char * name
Definition: command.h:235
flash_bank
Provides details of a flash bank, available either on-chip or through a major interface.
Definition: nor/core.h:75
flash_driver
Provides the implementation-independent structure that defines all of the callbacks required by OpenO...
Definition: nor/driver.h:39
flash_driver::name
const char * name
Gives a human-readable name of this flash driver, This field is used to select and initialize the dri...
Definition: nor/driver.h:44
qn908x_flash_bank
Definition: qn908x.c:209
qn908x_flash_bank::allow_swd_disabled
bool allow_swd_disabled
Definition: qn908x.c:219
qn908x_flash_bank::calc_checksum
bool calc_checksum
Definition: qn908x.c:215
qn908x_flash_bank::num_blocks
unsigned int num_blocks
Definition: qn908x.c:212
qn908x_flash_bank::page_lock_loaded
bool page_lock_loaded
Definition: qn908x.c:221
qn908x_flash_bank::page_lock
struct qn908x_flash_page_lock page_lock
Definition: qn908x.c:222
qn908x_flash_bank::user_bank_size
unsigned int user_bank_size
Definition: qn908x.c:214
qn908x_flash_page_lock
Definition: qn908x.c:172
qn908x_flash_page_lock::protection
uint8_t protection
Definition: qn908x.c:174
qn908x_flash_page_lock::_reserved
uint8_t _reserved[3]
Definition: qn908x.c:175
qn908x_flash_page_lock::bits
uint8_t bits[QN908X_FLASH_MAX_BLOCKS *QN908X_FLASH_PAGES_PER_BLOCK/8]
Definition: qn908x.c:173
qn908x_flash_page_lock::nvds_size
uint8_t nvds_size[4]
Definition: qn908x.c:178
reg
Definition: register.h:111
target
Definition: target.h:116
target::state
enum target_state state
Definition: target.h:157
target_write_buffer
int target_write_buffer(struct target *target, target_addr_t address, uint32_t size, const uint8_t *buffer)
Definition: target.c:2342
target_write_u32
int target_write_u32(struct target *target, target_addr_t address, uint32_t value)
Definition: target.c:2641
target_read_u32
int target_read_u32(struct target *target, target_addr_t address, uint32_t *value)
Definition: target.c:2550
target_read_memory
int target_read_memory(struct target *target, target_addr_t address, uint32_t size, uint32_t count, uint8_t *buffer)
Read count items of size bytes from the memory of target at the address given.
Definition: target.c:1237
get_current_target
struct target * get_current_target(struct command_context *cmd_ctx)
Definition: target.c:458
target_buffer_get_u32
uint32_t target_buffer_get_u32(struct target *target, const uint8_t *buffer)
Definition: target.c:316
ERROR_TARGET_NOT_HALTED
#define ERROR_TARGET_NOT_HALTED
Definition: target.h:790
TARGET_HALTED
@ TARGET_HALTED
Definition: target.h:56
time_support.h
timeval_ms
int64_t timeval_ms(void)
Definition: time_support_common.c:23
TARGET_ADDR_FMT
#define TARGET_ADDR_FMT
Definition: types.h:342
target_addr_t
uint64_t target_addr_t
Definition: types.h:335
NULL
#define NULL
Definition: usb.h:16
cmd
uint8_t cmd
Definition: vdebug.c:1
offset
uint8_t offset[4]
Definition: vdebug.c:9
count
uint8_t count[4]
Definition: vdebug.c:22