We use cookies to ensure you get the best experience on our website
首页 发现 帮助
注册 登录
0ct0pu5
/
pebble-firmware
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
分支: main
分支列表 标签列表
pebble-firmware
/
python_libs
/
pblprog
/
pebble
/
programmer
/
targets
/
stm32.py

stm32.py 11 KB
永久链接 文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352 
  1. # Copyright 2024 Google LLC
    2. 

  2. #
    3. 

  3. # Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. # you may not use this file except in compliance with the License.
    5. 

  5. # You may obtain a copy of the License at
    6. 

  6. #
    7. 

  7. #     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. #
    9. 

  9. # Unless required by applicable law or agreed to in writing, software
    10. 

  10. # distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. # See the License for the specific language governing permissions and
    13. 

  13. # limitations under the License.
    14. 

  14. 

  15. import array
    16. 

  16. import logging
    17. 

  17. import os
    18. 

  18. import struct
    19. 

  19. import time
    20. 

  20. from intelhex import IntelHex
    21. 

  21. 

  22. LOG = logging.getLogger(__name__)
    23. 

  23. 

  24. class STM32FlashProgrammer(object):
    25. 

  25.     # CPUID register
    26. 

  26.     CPUID_ADDR = 0xE000ED00
    27. 

  27. 

  28.     # Flash constants
    29. 

  29.     FLASH_BASE_ADDR = 0x08000000
    30. 

  30. 

  31.     # Flash key register (FLASH_KEYR)
    32. 

  32.     FLASH_KEYR_ADDR = 0x40023C04
    33. 

  33.     FLASH_KEYR_VAL1 = 0x45670123
    34. 

  34.     FLASH_KEYR_VAL2 = 0xCDEF89AB
    35. 

  35. 

  36.     # Flash status register (FLASH_SR)
    37. 

  37.     FLASH_SR_ADDR = 0x40023C0C
    38. 

  38.     FLASH_SR_BSY = (1 << 16)
    39. 

  39. 

  40.     # Flash control register (FLASH_CR)
    41. 

  41.     FLASH_CR_ADDR = 0x40023C10
    42. 

  42.     FLASH_CR_PG = (1 << 0)
    43. 

  43.     FLASH_CR_SER = (1 << 1)
    44. 

  44.     FLASH_CR_SNB_OFFSET = 3
    45. 

  45.     FLASH_CR_PSIZE_8BIT = (0x0 << 8)
    46. 

  46.     FLASH_CR_PSIZE_16BIT = (0x1 << 8)
    47. 

  47.     FLASH_CR_PSIZE_32BIT = (0x2 << 8)
    48. 

  48.     FLASH_CR_STRT = (1 << 16)
    49. 

  49. 

  50.     # Debug halting control and status register (DHCSR)
    51. 

  51.     DHCSR_ADDR = 0xE000EDF0
    52. 

  52.     DHCSR_DBGKEY_VALUE = 0xA05F0000
    53. 

  53.     DHCSR_HALT = (1 << 0)
    54. 

  54.     DHCSR_DEBUGEN = (1 << 1)
    55. 

  55.     DHCSR_S_REGRDY = (1 << 16)
    56. 

  56.     DHCSR_S_LOCKUP = (1 << 19)
    57. 

  57. 

  58.     # Application interrupt and reset control register (AIRCR)
    59. 

  59.     AIRCR_ADDR = 0xE000ED0C
    60. 

  60.     AIRCR_VECTKEY_VALUE = 0x05FA0000
    61. 

  61.     AIRCR_SYSRESETREQ = (1 << 2)
    62. 

  62. 

  63.     # Debug Core Register Selector Register (DCRSR)
    64. 

  64.     DCRSR_ADDR = 0xE000EDF4
    65. 

  65.     DCRSR_WRITE = (1 << 16)
    66. 

  66. 

  67.     # Debug Core Register Data register (DCRDR)
    68. 

  68.     DCRDR_ADDR = 0xE000EDF8
    69. 

  69. 

  70.     # Debug Exception and Monitor Control register (DEMCR)
    71. 

  71.     DEMCR_ADDR = 0xE000EDFC
    72. 

  72.     DEMCR_RESET_CATCH = (1 << 0)
    73. 

  73.     DEMCR_TRCENA = (1 << 24)
    74. 

  74. 

  75.     # Program Counter Sample Register (PCSR)
    76. 

  76.     PCSR_ADDR = 0xE000101C
    77. 

  77. 

  78.     # Loader addresses
    79. 

  79.     PBLLDR_HEADER_ADDR = 0x20000400
    80. 

  80.     PBLLDR_HEADER_OFFSET = PBLLDR_HEADER_ADDR + 0x4
    81. 

  81.     PBLLDR_HEADER_LENGTH = PBLLDR_HEADER_ADDR + 0x8
    82. 

  82.     PBLLDR_DATA_ADDR = 0x20000800
    83. 

  83.     PBLLDR_DATA_MAX_LENGTH = 0x20000
    84. 

  84.     PBLLDR_STATE_WAIT = 0
    85. 

  85.     PBLLDR_STATE_WRITE = 1
    86. 

  86.     PBLLDR_STATE_CRC = 2
    87. 

  87. 

  88.     # SRAM base addr
    89. 

  89.     SRAM_BASE_ADDR = 0x20000000
    90. 

  90. 

  91.     def __init__(self, driver):
    92. 

  92.         self._driver = driver
    93. 

  93.         self._step_start_time = 0
    94. 

  94.         self.FLASH_SECTOR_SIZES = [x*1024 for x in self.FLASH_SECTOR_SIZES]
    95. 

  95. 

  96.     def __enter__(self):
    97. 

  97.         try:
    98. 

  98.             self.connect()
    99. 

  99.             return self
    100. 

  100.         except:
    101. 

  101.             self.close()
    102. 

  102.             raise
    103. 

  103. 

  104.     def __exit__(self, exc, value, trace):
    105. 

  105.         self.close()
    106. 

  106. 

  107.     def _fatal(self, message):
    108. 

  108.         raise Exception('FATAL ERROR: {}'.format(message))
    109. 

  109. 

  110.     def _start_step(self, msg):
    111. 

  111.         LOG.info(msg)
    112. 

  112.         self._step_start_time = time.time()
    113. 

  113. 

  114.     def _end_step(self, msg, no_time=False, num_bytes=None):
    115. 

  115.         total_time = round(time.time() - self._step_start_time, 2)
    116. 

  116.         if not no_time:
    117. 

  117.             msg += ' in {}s'.format(total_time)
    118. 

  118.         if num_bytes:
    119. 

  119.             kibps = round(num_bytes / 1024.0 / total_time, 2)
    120. 

  120.             msg += ' ({} KiB/s)'.format(kibps)
    121. 

  121.         LOG.info(msg)
    122. 

  122. 

  123.     def connect(self):
    124. 

  124.         self._start_step('Connecting...')
    125. 

  125. 

  126.         # connect and check the IDCODE
    127. 

  127.         if self._driver.connect() != self.IDCODE:
    128. 

  128.             self._fatal('Invalid IDCODE')
    129. 

  129. 

  130.         # check the CPUID register
    131. 

  131.         if self._driver.read_memory_address(self.CPUID_ADDR) != self.CPUID_VALUE:
    132. 

  132.             self._fatal('Invalid CPU ID')
    133. 

  133. 

  134.         self._end_step('Connected', no_time=True)
    135. 

  135. 

  136.     def halt_core(self):
    137. 

  137.         # halt the core immediately
    138. 

  138.         dhcsr_value = self.DHCSR_DBGKEY_VALUE | self.DHCSR_DEBUGEN | self.DHCSR_HALT
    139. 

  139.         self._driver.write_memory_address(self.DHCSR_ADDR, dhcsr_value)
    140. 

  140. 

  141.     def resume_core(self):
    142. 

  142.         # resume the core
    143. 

  143.         dhcsr_value = self.DHCSR_DBGKEY_VALUE
    144. 

  144.         self._driver.write_memory_address(self.DHCSR_ADDR, dhcsr_value)
    145. 

  145. 

  146.     def reset_core(self, halt=False):
    147. 

  147.         if self._driver.read_memory_address(self.DHCSR_ADDR) & self.DHCSR_S_LOCKUP:
    148. 

  148.             # halt the core first to clear the lockup
    149. 

  149.             LOG.info('Clearing lockup condition')
    150. 

  150.             self.halt_core()
    151. 

  151. 

  152.         # enable reset vector catch
    153. 

  153.         demcr_value = 0
    154. 

  154.         if halt:
    155. 

  155.             demcr_value |= self.DEMCR_RESET_CATCH
    156. 

  156. 

  157.         self._driver.write_memory_address(self.DEMCR_ADDR, demcr_value)
    158. 

  158.         self._driver.read_memory_address(self.DHCSR_ADDR)
    159. 

  159. 

  160.         # reset the core
    161. 

  161.         aircr_value = self.AIRCR_VECTKEY_VALUE | self.AIRCR_SYSRESETREQ
    162. 

  162.         self._driver.write_memory_address(self.AIRCR_ADDR, aircr_value)
    163. 

  163. 

  164.         if halt:
    165. 

  165.             self.halt_core()
    166. 

  166. 

  167.     def unlock_flash(self):
    168. 

  168.         # unlock the flash
    169. 

  169.         self._driver.write_memory_address(self.FLASH_KEYR_ADDR, self.FLASH_KEYR_VAL1)
    170. 

  170.         self._driver.write_memory_address(self.FLASH_KEYR_ADDR, self.FLASH_KEYR_VAL2)
    171. 

  171. 

  172.     def _poll_register(self, timeout=0.5):
    173. 

  173.         end_time = time.time() + timeout
    174. 

  174.         while end_time > time.time():
    175. 

  175.             val = self._driver.read_memory_address(self.DHCSR_ADDR)
    176. 

  176.             if val & self.DHCSR_S_REGRDY:
    177. 

  177.                 break
    178. 

  178.         else:
    179. 

  179.             raise Exception('Register operation was not confirmed')
    180. 

  180. 

  181.     def write_register(self, reg, val):
    182. 

  182.         self._driver.write_memory_address(self.DCRDR_ADDR, val)
    183. 

  183.         reg |= self.DCRSR_WRITE
    184. 

  184.         self._driver.write_memory_address(self.DCRSR_ADDR, reg)
    185. 

  185.         self._poll_register()
    186. 

  186. 

  187.     def read_register(self, reg):
    188. 

  188.         self._driver.write_memory_address(self.DCRSR_ADDR, reg)
    189. 

  189.         self._poll_register()
    190. 

  190.         return self._driver.read_memory_address(self.DCRDR_ADDR)
    191. 

  191. 

  192.     def erase_flash(self, flash_offset, length):
    193. 

  193.         self._start_step('Erasing...')
    194. 

  194. 

  195.         def overlap(a1, a2, b1, b2):
    196. 

  196.             return max(a1, b1) < min(a2, b2)
    197. 

  197. 

  198.         # find all the sectors which we need to erase
    199. 

  199.         erase_sectors = []
    200. 

  200.         for i, size in enumerate(self.FLASH_SECTOR_SIZES):
    201. 

  201.             addr = self.FLASH_BASE_ADDR + sum(self.FLASH_SECTOR_SIZES[:i])
    202. 

  202.             if overlap(flash_offset, flash_offset+length, addr, addr+size):
    203. 

  203.                 erase_sectors += [i]
    204. 

  204.         if not erase_sectors:
    205. 

  205.             self._fatal('Could not find sectors to erase!')
    206. 

  206. 

  207.         # erase the sectors
    208. 

  208.         for sector in erase_sectors:
    209. 

  209.             # start the erase
    210. 

  210.             reg_value = (sector << self.FLASH_CR_SNB_OFFSET)
    211. 

  211.             reg_value |= self.FLASH_CR_PSIZE_8BIT
    212. 

  212.             reg_value |= self.FLASH_CR_STRT
    213. 

  213.             reg_value |= self.FLASH_CR_SER
    214. 

  214.             self._driver.write_memory_address(self.FLASH_CR_ADDR, reg_value)
    215. 

  215.             # wait for the erase to finish
    216. 

  216.             while self._driver.read_memory_address(self.FLASH_SR_ADDR) & self.FLASH_SR_BSY:
    217. 

  217.                 time.sleep(0)
    218. 

  218. 

  219.         self._end_step('Erased')
    220. 

  220. 

  221.     def close(self):
    222. 

  222.         self._driver.close()
    223. 

  223. 

  224.     def _write_loader_state(self, state):
    225. 

  225.         self._driver.write_memory_address(self.PBLLDR_HEADER_ADDR, state)
    226. 

  226. 

  227.     def _wait_loader_state(self, wanted_state, timeout=3):
    228. 

  228.         end_time = time.time() + timeout
    229. 

  229.         state = -1
    230. 

  230.         while time.time() < end_time:
    231. 

  231.             time.sleep(0)
    232. 

  232.             state = self._driver.read_memory_address(self.PBLLDR_HEADER_ADDR)
    233. 

  233.             if state == wanted_state:
    234. 

  234.                 break
    235. 

  235.         else:
    236. 

  236.             raise Exception("Timed out waiting for loader state %d, got %d" % (wanted_state, state))
    237. 

  237. 

  238.     @staticmethod
    239. 

  239.     def _chunks(l, n):
    240. 

  240.         for i in xrange(0, len(l), n):
    241. 

  241.             yield l[i:i+n], len(l[i:i+n]), i
    242. 

  242. 

  243.     def execute_loader(self):
    244. 

  244.         # reset and halt the core
    245. 

  245.         self.reset_core(halt=True)
    246. 

  246. 

  247.         with open(os.path.join(os.path.dirname(__file__), "loader.bin")) as f:
    248. 

  248.             loader_bin = f.read()
    249. 

  249. 

  250.         # load loader binary into SRAM
    251. 

  251.         self._driver.write_memory_bulk(self.SRAM_BASE_ADDR, array.array('B', loader_bin))
    252. 

  252. 

  253.         # set PC based on value in loader
    254. 

  254.         reg_sp, = struct.unpack("<I", loader_bin[:4])
    255. 

  255.         self.write_register(13, reg_sp)
    256. 

  256. 

  257.         # set PC to new reset handler
    258. 

  258.         pc, = struct.unpack('<I', loader_bin[4:8])
    259. 

  259.         self.write_register(15, pc)
    260. 

  260. 

  261.         # unlock flash
    262. 

  262.         self.unlock_flash()
    263. 

  263. 

  264.         self.resume_core()
    265. 

  265. 

  266.     @staticmethod
    267. 

  267.     def generate_crc(data):
    268. 

  268.         length = len(data)
    269. 

  269.         lookup_table = [0, 47, 94, 113, 188, 147, 226, 205, 87, 120, 9, 38, 235, 196, 181, 154]
    270. 

  270. 

  271.         crc = 0
    272. 

  272.         for i in xrange(length*2):
    273. 

  273.             nibble = data[i / 2]
    274. 

  274.             if i % 2 == 0:
    275. 

  275.                 nibble >>= 4
    276. 

  276. 

  277.             index = nibble ^ (crc >> 4)
    278. 

  278.             crc = lookup_table[index & 0xf] ^ ((crc << 4) & 0xf0)
    279. 

  279. 

  280.         return crc
    281. 

  281. 

  282.     def read_crc(self, addr, length):
    283. 

  283.         self._driver.write_memory_address(self.PBLLDR_HEADER_OFFSET, addr)
    284. 

  284.         self._driver.write_memory_address(self.PBLLDR_HEADER_LENGTH, length)
    285. 

  285. 

  286.         self._write_loader_state(self.PBLLDR_STATE_CRC)
    287. 

  287.         self._wait_loader_state(self.PBLLDR_STATE_WAIT)
    288. 

  288.         return self._driver.read_memory_address(self.PBLLDR_DATA_ADDR) & 0xFF
    289. 

  289. 

  290.     def load_hex(self, hex_path):
    291. 

  291.         self._start_step("Loading binary: %s" % hex_path)
    292. 

  292. 

  293.         ih = IntelHex(hex_path)
    294. 

  294.         offset = ih.minaddr()
    295. 

  295.         data = ih.tobinarray()
    296. 

  296. 

  297.         self.load_bin(offset, data)
    298. 

  298.         self._end_step("Loaded binary", num_bytes=len(data))
    299. 

  299. 

  300.     def load_bin(self, offset, data):
    301. 

  301.         while len(data) % 4 != 0:
    302. 

  302.             data.append(0xFF)
    303. 

  303. 

  304.         length = len(data)
    305. 

  305. 

  306.         # prepare the flash for programming
    307. 

  307.         self.erase_flash(offset, length)
    308. 

  308.         cr_value = self.FLASH_CR_PSIZE_8BIT | self.FLASH_CR_PG
    309. 

  309.         self._driver.write_memory_address(self.FLASH_CR_ADDR, cr_value)
    310. 

  310. 

  311.         # set the base address
    312. 

  312.         self._wait_loader_state(self.PBLLDR_STATE_WAIT)
    313. 

  313.         self._driver.write_memory_address(self.PBLLDR_HEADER_OFFSET, offset)
    314. 

  314. 

  315.         for chunk, chunk_length, pos in self._chunks(data, self.PBLLDR_DATA_MAX_LENGTH):
    316. 

  316.             LOG.info("Written %d/%d", pos, length)
    317. 

  317. 

  318.             self._driver.write_memory_address(self.PBLLDR_HEADER_LENGTH, chunk_length)
    319. 

  319.             self._driver.write_memory_bulk(self.PBLLDR_DATA_ADDR, chunk)
    320. 

  320. 

  321.             self._write_loader_state(self.PBLLDR_STATE_WRITE)
    322. 

  322.             self._wait_loader_state(self.PBLLDR_STATE_WAIT)
    323. 

  323. 

  324.         expected_crc = self.generate_crc(data)
    325. 

  325.         actual_crc = self.read_crc(offset, length)
    326. 

  326. 

  327.         if actual_crc != expected_crc:
    328. 

  328.             raise Exception("Bad CRC, expected %d, found %d" % (expected_crc, actual_crc))
    329. 

  329.         LOG.info("CRC-8 matched: %d", actual_crc)
    330. 

  330. 

  331.     def profile(self, duration):
    332. 

  332.         LOG.info('Collecting %f second(s) worth of samples...', duration)
    333. 

  333. 

  334.         # ensure DWT is enabled so we can get PC samples from PCSR
    335. 

  335.         demcr_value = self._driver.read_memory_address(self.DEMCR_ADDR)
    336. 

  336.         self._driver.write_memory_address(self.DEMCR_ADDR, demcr_value | self.DEMCR_TRCENA)
    337. 

  337. 

  338.         # take the samples
    339. 

  339.         samples = self._driver.continuous_read(self.PCSR_ADDR, duration)
    340. 

  340. 

  341.         # restore the original DEMCR value
    342. 

  342.         self._driver.write_memory_address(self.DEMCR_ADDR, demcr_value)
    343. 

  343. 

  344.         # process the samples
    345. 

  345.         pcs = dict()
    346. 

  346.         for sample in samples:
    347. 

  347.             sample = '0x%08x' % sample
    348. 

  348.             pcs[sample] = pcs.get(sample, 0) + 1
    349. 

  349. 

  350.         LOG.info('Collected %d samples!', len(samples))
    351. 

  351.         return pcs
    352. 

  352.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5