1 /*
2 * This file is part of the flashrom project.
3 *
4 * Copyright (C) 2000 Silicon Integrated System Corporation
5 * Copyright (C) 2006 Giampiero Giancipoli <[email protected]>
6 * Copyright (C) 2006 coresystems GmbH <[email protected]>
7 * Copyright (C) 2007-2012 Carl-Daniel Hailfinger
8 * Copyright (C) 2009 Sean Nelson <[email protected]>
9 * Copyright (C) 2014 Stefan Tauner
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 */
21
22 #include "flash.h"
23 #include "chipdrivers.h"
24
25 #define MAX_REFLASH_TRIES 0x10
26 #define MASK_FULL 0xffff
27 #define MASK_2AA 0x7ff
28 #define MASK_AAA 0xfff
29
30 /* Check one byte for odd parity */
oddparity(uint8_t val)31 uint8_t oddparity(uint8_t val)
32 {
33 val = (val ^ (val >> 4)) & 0xf;
34 val = (val ^ (val >> 2)) & 0x3;
35 return (val ^ (val >> 1)) & 0x1;
36 }
37
toggle_ready_jedec_common(const struct flashctx * flash,chipaddr dst,unsigned int delay)38 static void toggle_ready_jedec_common(const struct flashctx *flash, chipaddr dst, unsigned int delay)
39 {
40 unsigned int i = 0;
41 uint8_t tmp1 = chip_readb(flash, dst) & 0x40;
42
43 while (i++ < 0xFFFFFFF) {
44 programmer_delay(flash, delay);
45 uint8_t tmp2 = chip_readb(flash, dst) & 0x40;
46 if (tmp1 == tmp2) {
47 break;
48 }
49 tmp1 = tmp2;
50 }
51 if (i > 0x100000)
52 msg_cdbg("%s: excessive loops, i=0x%x\n", __func__, i);
53 }
54
toggle_ready_jedec(const struct flashctx * flash,chipaddr dst)55 void toggle_ready_jedec(const struct flashctx *flash, chipaddr dst)
56 {
57 toggle_ready_jedec_common(flash, dst, 0);
58 }
59
60 /* Some chips require a minimum delay between toggle bit reads.
61 * The Winbond W39V040C wants 50 ms between reads on sector erase toggle,
62 * but experiments show that 2 ms are already enough. Pick a safety factor
63 * of 4 and use an 8 ms delay.
64 * Given that erase is slow on all chips, it is recommended to use
65 * toggle_ready_jedec_slow in erase functions.
66 */
toggle_ready_jedec_slow(const struct flashctx * flash)67 static void toggle_ready_jedec_slow(const struct flashctx *flash)
68 {
69 const chipaddr dst = flash->virtual_memory;
70 toggle_ready_jedec_common(flash, dst, 8 * 1000);
71 }
72
data_polling_jedec(const struct flashctx * flash,chipaddr dst,uint8_t data)73 void data_polling_jedec(const struct flashctx *flash, chipaddr dst,
74 uint8_t data)
75 {
76 unsigned int i = 0;
77
78 data &= 0x80;
79
80 while (i++ < 0xFFFFFFF) {
81 uint8_t tmp = chip_readb(flash, dst) & 0x80;
82 if (tmp == data) {
83 break;
84 }
85 }
86 if (i > 0x100000)
87 msg_cdbg("%s: excessive loops, i=0x%x\n", __func__, i);
88 }
89
getaddrmask(const struct flashchip * chip)90 static unsigned int getaddrmask(const struct flashchip *chip)
91 {
92 switch (chip->feature_bits & FEATURE_ADDR_MASK) {
93 case FEATURE_ADDR_FULL:
94 return MASK_FULL;
95 break;
96 case FEATURE_ADDR_2AA:
97 return MASK_2AA;
98 break;
99 case FEATURE_ADDR_AAA:
100 return MASK_AAA;
101 break;
102 default:
103 msg_cerr("%s called with unknown mask\n", __func__);
104 return 0;
105 break;
106 }
107 }
108
start_program_jedec_common(const struct flashctx * flash)109 static void start_program_jedec_common(const struct flashctx *flash)
110 {
111 const chipaddr bios = flash->virtual_memory;
112 const bool shifted = (flash->chip->feature_bits & FEATURE_ADDR_SHIFTED);
113 const unsigned int mask = getaddrmask(flash->chip);
114
115 chip_writeb(flash, 0xAA, bios + ((shifted ? 0x2AAA : 0x5555) & mask));
116 chip_writeb(flash, 0x55, bios + ((shifted ? 0x5555 : 0x2AAA) & mask));
117 chip_writeb(flash, 0xA0, bios + ((shifted ? 0x2AAA : 0x5555) & mask));
118 }
119
probe_jedec_29gl(struct flashctx * flash)120 int probe_jedec_29gl(struct flashctx *flash)
121 {
122 const unsigned int mask = getaddrmask(flash->chip);
123 const chipaddr bios = flash->virtual_memory;
124 const struct flashchip *chip = flash->chip;
125
126 /* Reset chip to a clean slate */
127 chip_writeb(flash, 0xF0, bios + (0x5555 & mask));
128
129 /* Issue JEDEC Product ID Entry command */
130 chip_writeb(flash, 0xAA, bios + (0x5555 & mask));
131 chip_writeb(flash, 0x55, bios + (0x2AAA & mask));
132 chip_writeb(flash, 0x90, bios + (0x5555 & mask));
133
134 /* Read product ID */
135 // FIXME: Continuation loop, second byte is at word 0x100/byte 0x200
136 uint32_t man_id = chip_readb(flash, bios + 0x00);
137 uint32_t dev_id = (chip_readb(flash, bios + 0x01) << 16) |
138 (chip_readb(flash, bios + 0x0E) << 8) |
139 (chip_readb(flash, bios + 0x0F) << 0);
140
141 /* Issue JEDEC Product ID Exit command */
142 chip_writeb(flash, 0xF0, bios + (0x5555 & mask));
143
144 msg_cdbg("%s: man_id 0x%02"PRIx32", dev_id 0x%06"PRIx32"", __func__, man_id, dev_id);
145 if (!oddparity(man_id))
146 msg_cdbg(", man_id parity violation");
147
148 /* Read the product ID location again. We should now see normal flash contents. */
149 uint32_t flashcontent1 = chip_readb(flash, bios + 0x00); // FIXME: Continuation loop
150 uint32_t flashcontent2 = (chip_readb(flash, bios + 0x01) << 16) |
151 (chip_readb(flash, bios + 0x0E) << 8) |
152 (chip_readb(flash, bios + 0x0F) << 0);
153
154 if (man_id == flashcontent1)
155 msg_cdbg(", man_id seems to be normal flash content");
156 if (dev_id == flashcontent2)
157 msg_cdbg(", dev_id seems to be normal flash content");
158
159 msg_cdbg("\n");
160 if (man_id != chip->manufacture_id || dev_id != chip->model_id)
161 return 0;
162
163 return 1;
164 }
165
probe_timings(const struct flashchip * chip,unsigned int * tenter,unsigned int * texit)166 static int probe_timings(const struct flashchip *chip, unsigned int *tenter, unsigned int *texit)
167 {
168 if (chip->probe_timing > 0) {
169 *tenter = *texit = chip->probe_timing;
170 } else if (chip->probe_timing == TIMING_ZERO) { /* No delay. */
171 *tenter = *texit = 0;
172 } else if (chip->probe_timing == TIMING_FIXME) { /* == _IGNORED */
173 msg_cdbg("Chip lacks correct probe timing information, using default 10ms/40us. ");
174 *tenter = 10000;
175 *texit = 40;
176 } else {
177 msg_cerr("Chip has negative value in probe_timing, failing without chip access\n");
178 return -1;
179 }
180
181 return 0;
182 }
183
probe_jedec(struct flashctx * flash)184 int probe_jedec(struct flashctx *flash)
185 {
186 const chipaddr bios = flash->virtual_memory;
187 const struct flashchip *chip = flash->chip;
188 const bool shifted = (flash->chip->feature_bits & FEATURE_ADDR_SHIFTED);
189 const unsigned int mask = getaddrmask(flash->chip);
190 uint8_t id1, id2;
191 uint32_t largeid1, largeid2;
192 uint32_t flashcontent1, flashcontent2;
193 unsigned int probe_timing_enter, probe_timing_exit;
194
195 if (probe_timings(chip, &probe_timing_enter, &probe_timing_exit) < 0)
196 return 0;
197
198 /* Earlier probes might have been too fast for the chip to enter ID
199 * mode completely. Allow the chip to finish this before seeing a
200 * reset command.
201 */
202 programmer_delay(flash, probe_timing_enter);
203 /* Reset chip to a clean slate */
204 if ((chip->feature_bits & FEATURE_RESET_MASK) == FEATURE_LONG_RESET) {
205 chip_writeb(flash, 0xAA, bios + ((shifted ? 0x2AAA : 0x5555) & mask));
206 if (probe_timing_exit)
207 programmer_delay(flash, 10);
208 chip_writeb(flash, 0x55, bios + ((shifted ? 0x5555 : 0x2AAA) & mask));
209 if (probe_timing_exit)
210 programmer_delay(flash, 10);
211 }
212 chip_writeb(flash, 0xF0, bios + ((shifted ? 0x2AAA : 0x5555) & mask));
213 programmer_delay(flash, probe_timing_exit);
214
215 /* Issue JEDEC Product ID Entry command */
216 chip_writeb(flash, 0xAA, bios + ((shifted ? 0x2AAA : 0x5555) & mask));
217 if (probe_timing_enter)
218 programmer_delay(flash, 10);
219 chip_writeb(flash, 0x55, bios + ((shifted ? 0x5555 : 0x2AAA) & mask));
220 if (probe_timing_enter)
221 programmer_delay(flash, 10);
222 chip_writeb(flash, 0x90, bios + ((shifted ? 0x2AAA : 0x5555) & mask));
223 programmer_delay(flash, probe_timing_enter);
224
225 /* Read product ID */
226 id1 = chip_readb(flash, bios + (0x00 << shifted));
227 id2 = chip_readb(flash, bios + (0x01 << shifted));
228 largeid1 = id1;
229 largeid2 = id2;
230
231 /* Check if it is a continuation ID, this should be a while loop. */
232 if (id1 == 0x7F) {
233 largeid1 <<= 8;
234 id1 = chip_readb(flash, bios + 0x100);
235 largeid1 |= id1;
236 }
237 if (id2 == 0x7F) {
238 largeid2 <<= 8;
239 id2 = chip_readb(flash, bios + 0x101);
240 largeid2 |= id2;
241 }
242
243 /* Issue JEDEC Product ID Exit command */
244 if ((chip->feature_bits & FEATURE_RESET_MASK) == FEATURE_LONG_RESET) {
245 chip_writeb(flash, 0xAA, bios + ((shifted ? 0x2AAA : 0x5555) & mask));
246 if (probe_timing_exit)
247 programmer_delay(flash, 10);
248 chip_writeb(flash, 0x55, bios + ((shifted ? 0x5555 : 0x2AAA) & mask));
249 if (probe_timing_exit)
250 programmer_delay(flash, 10);
251 }
252 chip_writeb(flash, 0xF0, bios + ((shifted ? 0x2AAA : 0x5555) & mask));
253 programmer_delay(flash, probe_timing_exit);
254
255 msg_cdbg("%s: id1 0x%02"PRIx32", id2 0x%02"PRIx32"", __func__, largeid1, largeid2);
256 if (!oddparity(id1))
257 msg_cdbg(", id1 parity violation");
258
259 /* Read the product ID location again. We should now see normal flash contents. */
260 flashcontent1 = chip_readb(flash, bios + (0x00 << shifted));
261 flashcontent2 = chip_readb(flash, bios + (0x01 << shifted));
262
263 /* Check if it is a continuation ID, this should be a while loop. */
264 if (flashcontent1 == 0x7F) {
265 flashcontent1 <<= 8;
266 flashcontent1 |= chip_readb(flash, bios + 0x100);
267 }
268 if (flashcontent2 == 0x7F) {
269 flashcontent2 <<= 8;
270 flashcontent2 |= chip_readb(flash, bios + 0x101);
271 }
272
273 if (largeid1 == flashcontent1)
274 msg_cdbg(", id1 is normal flash content");
275 if (largeid2 == flashcontent2)
276 msg_cdbg(", id2 is normal flash content");
277
278 msg_cdbg("\n");
279 if (largeid1 != chip->manufacture_id || largeid2 != chip->model_id)
280 return 0;
281
282 return 1;
283 }
284
issuecmd(const struct flashctx * flash,uint8_t op,unsigned int operand)285 static void issuecmd(const struct flashctx *flash, uint8_t op, unsigned int operand)
286 {
287 const chipaddr bios = flash->virtual_memory;
288 bool shifted = (flash->chip->feature_bits & FEATURE_ADDR_SHIFTED);
289 const unsigned int mask = getaddrmask(flash->chip);
290 unsigned int delay_us = (flash->chip->probe_timing == TIMING_ZERO) ? 0 : 10;
291
292 if (!operand)
293 operand = (shifted ? 0x2AAA : 0x5555) & mask;
294
295 chip_writeb(flash, 0xAA, bios + ((shifted ? 0x2AAA : 0x5555) & mask));
296 programmer_delay(flash, delay_us);
297 chip_writeb(flash, 0x55, bios + ((shifted ? 0x5555 : 0x2AAA) & mask));
298 programmer_delay(flash, delay_us);
299 chip_writeb(flash, op, bios + operand);
300 programmer_delay(flash, delay_us);
301 }
302
erase_sector_jedec(struct flashctx * flash,unsigned int page,unsigned int size)303 int erase_sector_jedec(struct flashctx *flash, unsigned int page, unsigned int size)
304 {
305 /* Issue the Sector Erase command */
306 issuecmd(flash, 0x80, 0);
307 issuecmd(flash, 0x30, page);
308
309 /* Wait for Toggle bit ready */
310 toggle_ready_jedec_slow(flash);
311
312 /* FIXME: Check the status register for errors. */
313 return 0;
314 }
315
erase_block_jedec(struct flashctx * flash,unsigned int block,unsigned int size)316 int erase_block_jedec(struct flashctx *flash, unsigned int block, unsigned int size)
317 {
318 /* Issue the Block Erase command */
319 issuecmd(flash, 0x80, 0);
320 issuecmd(flash, 0x50, block);
321
322 /* Wait for Toggle bit ready */
323 toggle_ready_jedec_slow(flash);
324
325 /* FIXME: Check the status register for errors. */
326 return 0;
327 }
328
329 /* erase chip with block_erase() prototype */
erase_chip_block_jedec(struct flashctx * flash,unsigned int addr,unsigned int blocksize)330 int erase_chip_block_jedec(struct flashctx *flash, unsigned int addr, unsigned int blocksize)
331 {
332 if ((addr != 0) || (blocksize != flash->chip->total_size * 1024)) {
333 msg_cerr("%s called with incorrect arguments\n", __func__);
334 return -1;
335 }
336
337 /* Issue the JEDEC Chip Erase command */
338 issuecmd(flash, 0x80, 0);
339 issuecmd(flash, 0x10, 0);
340
341 toggle_ready_jedec_slow(flash);
342
343 /* FIXME: Check the status register for errors. */
344 return 0;
345 }
346
write_byte_program_jedec_common(const struct flashctx * flash,const uint8_t * src,chipaddr dst)347 static int write_byte_program_jedec_common(const struct flashctx *flash, const uint8_t *src,
348 chipaddr dst)
349 {
350 int tries = 0;
351
352 /* If the data is 0xFF, don't program it and don't complain. */
353 if (*src == 0xFF) {
354 return 0;
355 }
356
357 for (; tries < MAX_REFLASH_TRIES; tries++) {
358 const chipaddr bios = flash->virtual_memory;
359 /* Issue JEDEC Byte Program command */
360 start_program_jedec_common(flash);
361
362 /* transfer data from source to destination */
363 chip_writeb(flash, *src, dst);
364 toggle_ready_jedec(flash, bios);
365
366 if (chip_readb(flash, dst) == *src)
367 break;
368 }
369
370 return (tries >= MAX_REFLASH_TRIES) ? 1 : 0;
371 }
372
373 /* chunksize is 1 */
write_jedec_1(struct flashctx * flash,const uint8_t * src,unsigned int start,unsigned int len)374 int write_jedec_1(struct flashctx *flash, const uint8_t *src, unsigned int start,
375 unsigned int len)
376 {
377 int failed = 0;
378 chipaddr dst = flash->virtual_memory + start;
379 const chipaddr olddst = dst;
380
381 for (unsigned int i = 0; i < len; i++) {
382 if (write_byte_program_jedec_common(flash, src, dst))
383 failed = 1;
384 dst++, src++;
385 update_progress(flash, FLASHROM_PROGRESS_WRITE, i + 1, len);
386 }
387 if (failed)
388 msg_cerr(" writing sector at 0x%" PRIxPTR " failed!\n", olddst);
389
390 return failed;
391 }
392
jedec_write_page(struct flashctx * flash,const uint8_t * src,unsigned int start,unsigned int page_size)393 static int jedec_write_page(struct flashctx *flash, const uint8_t *src,
394 unsigned int start, unsigned int page_size)
395 {
396 int tries = 0, failed;
397 const uint8_t *s = src;
398 const chipaddr bios = flash->virtual_memory;
399 chipaddr dst = bios + start;
400 chipaddr d = dst;
401
402 for (; tries < MAX_REFLASH_TRIES; tries++) {
403 /* Issue JEDEC Start Program command */
404 start_program_jedec_common(flash);
405
406 /* transfer data from source to destination */
407 for (unsigned int i = 0; i < page_size; i++) {
408 /* If the data is 0xFF, don't program it */
409 if (*src != 0xFF)
410 chip_writeb(flash, *src, dst);
411 dst++;
412 src++;
413 }
414
415 toggle_ready_jedec(flash, dst - 1);
416
417 dst = d;
418 src = s;
419 failed = verify_range(flash, src, start, page_size);
420 if (!failed)
421 break;
422
423 msg_cerr("retrying.\n");
424 }
425
426 if (failed) {
427 msg_cerr(" page 0x%" PRIxPTR " failed!\n", (d - bios) / page_size);
428 }
429
430 return failed;
431 }
432
433 /* chunksize is page_size */
434 /*
435 * Write a part of the flash chip.
436 * FIXME: Use the chunk code from Michael Karcher instead.
437 * This function is a slightly modified copy of spi_write_chunked.
438 * Each page is written separately in chunks with a maximum size of chunksize.
439 */
write_jedec(struct flashctx * flash,const uint8_t * buf,unsigned int start,int unsigned len)440 int write_jedec(struct flashctx *flash, const uint8_t *buf, unsigned int start,
441 int unsigned len)
442 {
443 unsigned int starthere, lenhere;
444 /* FIXME: page_size is the wrong variable. We need max_writechunk_size
445 * in struct flashctx to do this properly. All chips using
446 * write_jedec have page_size set to max_writechunk_size, so
447 * we're OK for now.
448 */
449 const unsigned int page_size = flash->chip->page_size;
450 const unsigned int nwrites = (start + len - 1) / page_size;
451
452 /* Warning: This loop has a very unusual condition and body.
453 * The loop needs to go through each page with at least one affected
454 * byte. The lowest page number is (start / page_size) since that
455 * division rounds down. The highest page number we want is the page
456 * where the last byte of the range lives. That last byte has the
457 * address (start + len - 1), thus the highest page number is
458 * (start + len - 1) / page_size. Since we want to include that last
459 * page as well, the loop condition uses <=.
460 */
461 for (unsigned int i = start / page_size; i <= nwrites; i++) {
462 /* Byte position of the first byte in the range in this page. */
463 /* starthere is an offset to the base address of the chip. */
464 starthere = max(start, i * page_size);
465 /* Length of bytes in the range in this page. */
466 lenhere = min(start + len, (i + 1) * page_size) - starthere;
467
468 if (jedec_write_page(flash, buf + starthere - start, starthere, lenhere))
469 return 1;
470 update_progress(flash, FLASHROM_PROGRESS_WRITE, i + 1, nwrites + 1);
471 }
472
473 return 0;
474 }
475