1 /*
2 * This file is part of the flashrom project.
3 *
4 * Copyright (C) 2011-2012 Stefan Tauner
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; version 2 of the License.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 */
15
16 #include <stdint.h>
17 #include <stdlib.h>
18 #include <string.h>
19 #include "flash.h"
20 #include "spi.h"
21 #include "chipdrivers.h"
22
spi_sfdp_read_sfdp_chunk(struct flashctx * flash,uint32_t address,uint8_t * buf,int len)23 static int spi_sfdp_read_sfdp_chunk(struct flashctx *flash, uint32_t address, uint8_t *buf, int len)
24 {
25 int i, ret;
26 uint8_t *newbuf;
27 const unsigned char cmd[JEDEC_SFDP_OUTSIZE] = {
28 JEDEC_SFDP,
29 (address >> 16) & 0xff,
30 (address >> 8) & 0xff,
31 (address >> 0) & 0xff,
32 /* FIXME: the following dummy byte explodes on some programmers.
33 * One workaround is to read the dummy byte
34 * instead and discard its value.
35 */
36 0
37 };
38 msg_cspew("%s: addr=0x%"PRIx32", len=%d, data:\n", __func__, address, len);
39 newbuf = malloc(len + 1);
40 if (!newbuf)
41 return SPI_PROGRAMMER_ERROR;
42 ret = spi_send_command(flash, sizeof(cmd) - 1, len + 1, cmd, newbuf);
43 memmove(buf, newbuf + 1, len);
44 free(newbuf);
45 if (ret)
46 return ret;
47 for (i = 0; i < len; i++)
48 msg_cspew(" 0x%02x", buf[i]);
49 msg_cspew("\n");
50 return 0;
51 }
52
spi_sfdp_read_sfdp(struct flashctx * flash,uint32_t address,uint8_t * buf,int len)53 static int spi_sfdp_read_sfdp(struct flashctx *flash, uint32_t address, uint8_t *buf, int len)
54 {
55 /* FIXME: There are different upper bounds for the number of bytes to
56 * read on the various programmers (even depending on the rest of the
57 * structure of the transaction). 2 is a safe bet. */
58 int maxstep = 2;
59 int ret = 0;
60 while (len > 0) {
61 int step = min(len, maxstep);
62 ret = spi_sfdp_read_sfdp_chunk(flash, address, buf, step);
63 if (ret)
64 return ret;
65 address += step;
66 buf += step;
67 len -= step;
68 }
69 return ret;
70 }
71
72 struct sfdp_tbl_hdr {
73 uint8_t id;
74 uint8_t v_minor;
75 uint8_t v_major;
76 uint8_t len;
77 uint32_t ptp; /* 24b pointer */
78 };
79
sfdp_add_uniform_eraser(struct flashchip * chip,uint8_t opcode,uint32_t block_size)80 static int sfdp_add_uniform_eraser(struct flashchip *chip, uint8_t opcode, uint32_t block_size)
81 {
82 int i;
83 uint32_t total_size = chip->total_size * 1024;
84 enum block_erase_func erasefn = spi25_get_erasefn_from_opcode(opcode);
85
86 if (erasefn == NO_BLOCK_ERASE_FUNC || total_size == 0 || block_size == 0 ||
87 total_size % block_size != 0) {
88 msg_cdbg("%s: invalid input, please report to "
89 "[email protected]\n", __func__);
90 return 1;
91 }
92
93 for (i = 0; i < NUM_ERASEFUNCTIONS; i++) {
94 struct block_eraser *eraser = &chip->block_erasers[i];
95 /* Check for duplicates (including (some) non-uniform ones). */
96 if (eraser->eraseblocks[0].size == block_size &&
97 eraser->block_erase == erasefn) {
98 msg_cdbg2(" Tried to add a duplicate block eraser: "
99 "%"PRId32" x %"PRId32" B with opcode 0x%02x.\n",
100 total_size/block_size, block_size, opcode);
101 return 1;
102 }
103 if (eraser->eraseblocks[0].size != 0 ||
104 eraser->block_erase != NO_BLOCK_ERASE_FUNC) {
105 msg_cspew(" Block Eraser %d is already occupied.\n",
106 i);
107 continue;
108 }
109
110 eraser->block_erase = erasefn;
111 eraser->eraseblocks[0].size = block_size;
112 eraser->eraseblocks[0].count = total_size/block_size;
113 msg_cdbg2(" Block eraser %d: %"PRId32" x %"PRId32" B with opcode "
114 "0x%02x\n", i, total_size/block_size, block_size,
115 opcode);
116 return 0;
117 }
118 msg_cinfo("%s: Not enough space to store another eraser (i=%d)."
119 " Please report this at [email protected]\n",
120 __func__, i);
121 return 1;
122 }
123
sfdp_fill_flash(struct flashchip * chip,uint8_t * buf,uint16_t len)124 static int sfdp_fill_flash(struct flashchip *chip, uint8_t *buf, uint16_t len)
125 {
126 uint8_t opcode_4k_erase = 0xFF;
127 uint32_t tmp32;
128 uint8_t tmp8;
129 uint32_t total_size; /* in bytes */
130 uint32_t block_size;
131 int j;
132
133 msg_cdbg("Parsing JEDEC flash parameter table... ");
134 msg_cdbg2("\n");
135
136 /* 1. double word */
137 tmp32 = ((unsigned int)buf[(4 * 0) + 0]);
138 tmp32 |= ((unsigned int)buf[(4 * 0) + 1]) << 8;
139 tmp32 |= ((unsigned int)buf[(4 * 0) + 2]) << 16;
140 tmp32 |= ((unsigned int)buf[(4 * 0) + 3]) << 24;
141
142 tmp8 = (tmp32 >> 17) & 0x3;
143 switch (tmp8) {
144 case 0x0:
145 msg_cdbg2(" 3-Byte only addressing.\n");
146 break;
147 case 0x1:
148 msg_cdbg2(" 3-Byte (and optionally 4-Byte) addressing.\n");
149 break;
150 case 0x2:
151 msg_cdbg(" 4-Byte only addressing (not supported by "
152 "flashrom).\n");
153 return 1;
154 default:
155 msg_cdbg(" Required addressing mode (0x%x) not supported.\n",
156 tmp8);
157 return 1;
158 }
159
160 msg_cdbg2(" Status register is ");
161 if (tmp32 & (1 << 3)) {
162 msg_cdbg2("volatile and writes to the status register have to "
163 "be enabled with ");
164 if (tmp32 & (1 << 4)) {
165 chip->feature_bits = FEATURE_WRSR_WREN;
166 msg_cdbg2("WREN (0x06).\n");
167 } else {
168 chip->feature_bits = FEATURE_WRSR_EWSR;
169 msg_cdbg2("EWSR (0x50).\n");
170 }
171 } else {
172 msg_cdbg2("non-volatile and the standard does not allow "
173 "vendors to tell us whether EWSR/WREN is needed for "
174 "status register writes - assuming EWSR.\n");
175 chip->feature_bits = FEATURE_WRSR_EWSR;
176 }
177
178 msg_cdbg2(" Write chunk size is ");
179 if (tmp32 & (1 << 2)) {
180 msg_cdbg2("at least 64 B.\n");
181 chip->page_size = 64;
182 chip->write = SPI_CHIP_WRITE256;
183 } else {
184 msg_cdbg2("1 B only.\n");
185 chip->page_size = 256;
186 chip->write = SPI_CHIP_WRITE1;
187 }
188
189 if ((tmp32 & 0x3) == 0x1) {
190 opcode_4k_erase = (tmp32 >> 8) & 0xFF;
191 msg_cspew(" 4kB erase opcode is 0x%02x.\n", opcode_4k_erase);
192 /* add the eraser later, because we don't know total_size yet */
193 } else
194 msg_cspew(" 4kB erase opcode is not defined.\n");
195
196 /* 2. double word */
197 tmp32 = ((unsigned int)buf[(4 * 1) + 0]);
198 tmp32 |= ((unsigned int)buf[(4 * 1) + 1]) << 8;
199 tmp32 |= ((unsigned int)buf[(4 * 1) + 2]) << 16;
200 tmp32 |= ((unsigned int)buf[(4 * 1) + 3]) << 24;
201
202 if (tmp32 & (1 << 31)) {
203 msg_cdbg("Flash chip size >= 4 Gb/512 MB not supported.\n");
204 return 1;
205 }
206 total_size = ((tmp32 & 0x7FFFFFFF) + 1) / 8;
207 chip->total_size = total_size / 1024;
208 msg_cdbg2(" Flash chip size is %d kB.\n", chip->total_size);
209 if (total_size > (1 << 24)) {
210 msg_cdbg("Flash chip size is bigger than what 3-Byte addressing "
211 "can access.\n");
212 return 1;
213 }
214
215 if (opcode_4k_erase != 0xFF)
216 sfdp_add_uniform_eraser(chip, opcode_4k_erase, 4 * 1024);
217
218 /* FIXME: double words 3-7 contain unused fast read information */
219
220 if (len == 4 * 4) {
221 msg_cdbg(" It seems like this chip supports the preliminary "
222 "Intel version of SFDP, skipping processing of double "
223 "words 3-9.\n");
224 goto done;
225 }
226
227 /* 8. double word */
228 for (j = 0; j < 4; j++) {
229 /* 7 double words from the start + 2 bytes for every eraser */
230 tmp8 = buf[(4 * 7) + (j * 2)];
231 msg_cspew(" Erase Sector Type %d Size: 0x%02x\n", j + 1,
232 tmp8);
233 if (tmp8 == 0) {
234 msg_cspew(" Erase Sector Type %d is unused.\n", j);
235 continue;
236 }
237 if (tmp8 >= 31) {
238 msg_cdbg2(" Block size of erase Sector Type %d (2^%d) "
239 "is too big for flashrom.\n", j, tmp8);
240 continue;
241 }
242 block_size = 1 << (tmp8); /* block_size = 2 ^ field */
243
244 tmp8 = buf[(4 * 7) + (j * 2) + 1];
245 msg_cspew(" Erase Sector Type %d Opcode: 0x%02x\n", j + 1,
246 tmp8);
247 sfdp_add_uniform_eraser(chip, tmp8, block_size);
248 }
249
250 done:
251 msg_cdbg("done.\n");
252 return 0;
253 }
254
probe_spi_sfdp(struct flashctx * flash)255 int probe_spi_sfdp(struct flashctx *flash)
256 {
257 int ret = 0;
258 uint8_t buf[8];
259 uint32_t tmp32;
260 uint8_t nph;
261 /* need to limit the table loop by comparing i to uint8_t nph hence: */
262 uint16_t i;
263 struct sfdp_tbl_hdr *hdrs;
264 uint8_t *hbuf;
265 uint8_t *tbuf;
266
267 if (spi_sfdp_read_sfdp(flash, 0x00, buf, 4)) {
268 msg_cdbg("Receiving SFDP signature failed.\n");
269 return 0;
270 }
271 tmp32 = buf[0];
272 tmp32 |= ((unsigned int)buf[1]) << 8;
273 tmp32 |= ((unsigned int)buf[2]) << 16;
274 tmp32 |= ((unsigned int)buf[3]) << 24;
275
276 if (tmp32 != 0x50444653) {
277 msg_cdbg2("Signature = 0x%08"PRIx32" (should be 0x50444653)\n", tmp32);
278 msg_cdbg("No SFDP signature found.\n");
279 return 0;
280 }
281
282 if (spi_sfdp_read_sfdp(flash, 0x04, buf, 3)) {
283 msg_cdbg("Receiving SFDP revision and number of parameter "
284 "headers (NPH) failed. ");
285 return 0;
286 }
287 msg_cdbg2("SFDP revision = %d.%d\n", buf[1], buf[0]);
288 if (buf[1] != 0x01) {
289 msg_cdbg("The chip supports an unknown version of SFDP. "
290 "Aborting SFDP probe!\n");
291 return 0;
292 }
293 nph = buf[2];
294 msg_cdbg2("SFDP number of parameter headers is %d (NPH = %d).\n",
295 nph + 1, nph);
296
297 /* Fetch all parameter headers, even if we don't use them all (yet). */
298 hbuf = malloc((nph + 1) * 8);
299 hdrs = malloc((nph + 1) * sizeof(*hdrs));
300 if (hbuf == NULL || hdrs == NULL ) {
301 msg_gerr("Out of memory!\n");
302 goto cleanup_hdrs;
303 }
304 if (spi_sfdp_read_sfdp(flash, 0x08, hbuf, (nph + 1) * 8)) {
305 msg_cdbg("Receiving SFDP parameter table headers failed.\n");
306 goto cleanup_hdrs;
307 }
308
309 for (i = 0; i <= nph; i++) {
310 uint16_t len;
311 hdrs[i].id = hbuf[(8 * i) + 0];
312 hdrs[i].v_minor = hbuf[(8 * i) + 1];
313 hdrs[i].v_major = hbuf[(8 * i) + 2];
314 hdrs[i].len = hbuf[(8 * i) + 3];
315 hdrs[i].ptp = hbuf[(8 * i) + 4];
316 hdrs[i].ptp |= ((unsigned int)hbuf[(8 * i) + 5]) << 8;
317 hdrs[i].ptp |= ((unsigned int)hbuf[(8 * i) + 6]) << 16;
318 msg_cdbg2("\nSFDP parameter table header %d/%d:\n", i, nph);
319 msg_cdbg2(" ID 0x%02x, version %d.%d\n", hdrs[i].id,
320 hdrs[i].v_major, hdrs[i].v_minor);
321 len = hdrs[i].len * 4;
322 tmp32 = hdrs[i].ptp;
323 msg_cdbg2(" Length %d B, Parameter Table Pointer 0x%06"PRIx32"\n",
324 len, tmp32);
325
326 if (tmp32 + len >= (1 << 24)) {
327 msg_cdbg("SFDP Parameter Table %d supposedly overflows "
328 "addressable SFDP area. This most\nprobably "
329 "indicates a corrupt SFDP parameter table "
330 "header. Skipping it.\n", i);
331 continue;
332 }
333
334 tbuf = malloc(len);
335 if (tbuf == NULL) {
336 msg_gerr("Out of memory!\n");
337 goto cleanup_hdrs;
338 }
339 if (spi_sfdp_read_sfdp(flash, tmp32, tbuf, len)){
340 msg_cdbg("Fetching SFDP parameter table %d failed.\n",
341 i);
342 free(tbuf);
343 continue;
344 }
345 msg_cspew(" Parameter table contents:\n");
346 for (tmp32 = 0; tmp32 < len; tmp32++) {
347 if ((tmp32 % 8) == 0) {
348 msg_cspew(" 0x%04"PRIx32": ", tmp32);
349 }
350 msg_cspew(" %02x", tbuf[tmp32]);
351 if ((tmp32 % 8) == 7) {
352 msg_cspew("\n");
353 continue;
354 }
355 if ((tmp32 % 8) == 3) {
356 msg_cspew(" ");
357 continue;
358 }
359 }
360 msg_cspew("\n");
361
362 if (i == 0) { /* Mandatory JEDEC SFDP parameter table */
363 if (hdrs[i].id != 0)
364 msg_cdbg("ID of the mandatory JEDEC SFDP "
365 "parameter table is not 0 as demanded "
366 "by JESD216 (warning only).\n");
367
368 if (hdrs[i].v_major != 0x01) {
369 msg_cdbg("The chip contains an unknown "
370 "version of the JEDEC flash "
371 "parameters table, skipping it.\n");
372 } else if (len != 4 * 4 && len < 9 * 4) {
373 msg_cdbg("Length of the mandatory JEDEC SFDP "
374 "parameter table is wrong (%d B), "
375 "skipping it.\n", len);
376 } else if (sfdp_fill_flash(flash->chip, tbuf, len) == 0)
377 ret = 1;
378 }
379 free(tbuf);
380 }
381
382 cleanup_hdrs:
383 free(hdrs);
384 free(hbuf);
385 return ret;
386 }
387