flashrom 

flashrom Svn Source Tree

Root/trunk/sfdp.c

  • Property svn:eol-style set to native
1/*
2 * This file is part of the flashrom project.
3 *
4 * Copyright (C) 2011-2012 Stefan Tauner
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; version 2 of the License.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18 */
19
20#include <stdint.h>
21#include <stdlib.h>
22#include <string.h>
23#include "flash.h"
24#include "spi.h"
25#include "chipdrivers.h"
26
27static int spi_sfdp_read_sfdp_chunk(struct flashctx *flash, uint32_t address, uint8_t *buf, int len)
28{
29int i, ret;
30uint8_t *newbuf;
31const unsigned char cmd[JEDEC_SFDP_OUTSIZE] = {
32JEDEC_SFDP,
33(address >> 16) & 0xff,
34(address >> 8) & 0xff,
35(address >> 0) & 0xff,
36/* FIXME: the following dummy byte explodes on some programmers.
37 * One workaround is to read the dummy byte
38 * instead and discard its value.
39 */
400
41};
42msg_cspew("%s: addr=0x%x, len=%d, data:\n", __func__, address, len);
43newbuf = malloc(len + 1);
44if (!newbuf)
45return SPI_PROGRAMMER_ERROR;
46ret = spi_send_command(flash, sizeof(cmd) - 1, len + 1, cmd, newbuf);
47memmove(buf, newbuf + 1, len);
48free(newbuf);
49if (ret)
50return ret;
51for (i = 0; i < len; i++)
52msg_cspew(" 0x%02x", buf[i]);
53msg_cspew("\n");
54return 0;
55}
56
57static int spi_sfdp_read_sfdp(struct flashctx *flash, uint32_t address, uint8_t *buf, int len)
58{
59/* FIXME: There are different upper bounds for the number of bytes to
60 * read on the various programmers (even depending on the rest of the
61 * structure of the transaction). 2 is a safe bet. */
62int maxstep = 2;
63int ret = 0;
64while (len > 0) {
65int step = min(len, maxstep);
66ret = spi_sfdp_read_sfdp_chunk(flash, address, buf, step);
67if (ret)
68return ret;
69address += step;
70buf += step;
71len -= step;
72}
73return ret;
74}
75
76struct sfdp_tbl_hdr {
77uint8_t id;
78uint8_t v_minor;
79uint8_t v_major;
80uint8_t len;
81uint32_t ptp; /* 24b pointer */
82};
83
84static int sfdp_add_uniform_eraser(struct flashchip *chip, uint8_t opcode, uint32_t block_size)
85{
86int i;
87uint32_t total_size = chip->total_size * 1024;
88erasefunc_t *erasefn = spi_get_erasefn_from_opcode(opcode);
89
90if (erasefn == NULL || total_size == 0 || block_size == 0 ||
91 total_size % block_size != 0) {
92msg_cdbg("%s: invalid input, please report to "
93 "flashrom@flashrom.org\n", __func__);
94return 1;
95}
96
97for (i = 0; i < NUM_ERASEFUNCTIONS; i++) {
98struct block_eraser *eraser = &chip->block_erasers[i];
99/* Check for duplicates (including (some) non-uniform ones). */
100if (eraser->eraseblocks[0].size == block_size &&
101 eraser->block_erase == erasefn) {
102msg_cdbg2(" Tried to add a duplicate block eraser: "
103 "%d x %d B with opcode 0x%02x.\n",
104 total_size/block_size, block_size, opcode);
105return 1;
106}
107if (eraser->eraseblocks[0].size != 0 ||
108 eraser->block_erase != NULL) {
109msg_cspew(" Block Eraser %d is already occupied.\n",
110 i);
111continue;
112}
113
114eraser->block_erase = erasefn;
115eraser->eraseblocks[0].size = block_size;
116eraser->eraseblocks[0].count = total_size/block_size;
117msg_cdbg2(" Block eraser %d: %d x %d B with opcode "
118 "0x%02x\n", i, total_size/block_size, block_size,
119 opcode);
120return 0;
121}
122msg_cinfo("%s: Not enough space to store another eraser (i=%d)."
123 " Please report this at flashrom@flashrom.org\n",
124 __func__, i);
125return 1;
126}
127
128static int sfdp_fill_flash(struct flashchip *chip, uint8_t *buf, uint16_t len)
129{
130uint8_t opcode_4k_erase = 0xFF;
131uint32_t tmp32;
132uint8_t tmp8;
133uint32_t total_size; /* in bytes */
134uint32_t block_size;
135int j;
136
137msg_cdbg("Parsing JEDEC flash parameter table... ");
138if (len != 9 * 4 && len != 4 * 4) {
139msg_cdbg("%s: len out of spec\n", __func__);
140return 1;
141}
142msg_cdbg2("\n");
143
144/* 1. double word */
145tmp32 = ((unsigned int)buf[(4 * 0) + 0]);
146tmp32 |= ((unsigned int)buf[(4 * 0) + 1]) << 8;
147tmp32 |= ((unsigned int)buf[(4 * 0) + 2]) << 16;
148tmp32 |= ((unsigned int)buf[(4 * 0) + 3]) << 24;
149
150tmp8 = (tmp32 >> 17) & 0x3;
151switch (tmp8) {
152case 0x0:
153msg_cdbg2(" 3-Byte only addressing.\n");
154break;
155case 0x1:
156msg_cdbg2(" 3-Byte (and optionally 4-Byte) addressing.\n");
157break;
158case 0x2:
159msg_cdbg(" 4-Byte only addressing (not supported by "
160 "flashrom).\n");
161return 1;
162default:
163msg_cdbg(" Required addressing mode (0x%x) not supported.\n",
164 tmp8);
165return 1;
166}
167
168msg_cdbg2(" Status register is ");
169if (tmp32 & (1 << 3)) {
170msg_cdbg2("volatile and writes to the status register have to "
171 "be enabled with ");
172if (tmp32 & (1 << 4)) {
173chip->feature_bits = FEATURE_WRSR_WREN;
174msg_cdbg2("WREN (0x06).\n");
175} else {
176chip->feature_bits = FEATURE_WRSR_EWSR;
177msg_cdbg2("EWSR (0x50).\n");
178}
179} else {
180msg_cdbg2("non-volatile and the standard does not allow "
181 "vendors to tell us whether EWSR/WREN is needed for "
182 "status register writes - assuming EWSR.\n");
183chip->feature_bits = FEATURE_WRSR_EWSR;
184}
185
186msg_cdbg2(" Write chunk size is ");
187if (tmp32 & (1 << 2)) {
188msg_cdbg2("at least 64 B.\n");
189chip->page_size = 64;
190chip->write = spi_chip_write_256;
191} else {
192msg_cdbg2("1 B only.\n");
193chip->page_size = 256;
194chip->write = spi_chip_write_1;
195}
196
197if ((tmp32 & 0x3) == 0x1) {
198opcode_4k_erase = (tmp32 >> 8) & 0xFF;
199msg_cspew(" 4kB erase opcode is 0x%02x.\n", opcode_4k_erase);
200/* add the eraser later, because we don't know total_size yet */
201} else
202msg_cspew(" 4kB erase opcode is not defined.\n");
203
204/* 2. double word */
205tmp32 = ((unsigned int)buf[(4 * 1) + 0]);
206tmp32 |= ((unsigned int)buf[(4 * 1) + 1]) << 8;
207tmp32 |= ((unsigned int)buf[(4 * 1) + 2]) << 16;
208tmp32 |= ((unsigned int)buf[(4 * 1) + 3]) << 24;
209
210if (tmp32 & (1 << 31)) {
211msg_cdbg("Flash chip size >= 4 Gb/512 MB not supported.\n");
212return 1;
213}
214total_size = ((tmp32 & 0x7FFFFFFF) + 1) / 8;
215chip->total_size = total_size / 1024;
216msg_cdbg2(" Flash chip size is %d kB.\n", chip->total_size);
217if (total_size > (1 << 24)) {
218msg_cdbg("Flash chip size is bigger than what 3-Byte addressing "
219 "can access.\n");
220return 1;
221}
222
223if (opcode_4k_erase != 0xFF)
224sfdp_add_uniform_eraser(chip, opcode_4k_erase, 4 * 1024);
225
226/* FIXME: double words 3-7 contain unused fast read information */
227
228if (len == 4 * 4) {
229msg_cdbg(" It seems like this chip supports the preliminary "
230 "Intel version of SFDP, skipping processing of double "
231 "words 3-9.\n");
232goto done;
233}
234
235/* 8. double word */
236for (j = 0; j < 4; j++) {
237/* 7 double words from the start + 2 bytes for every eraser */
238tmp8 = buf[(4 * 7) + (j * 2)];
239msg_cspew(" Erase Sector Type %d Size: 0x%02x\n", j + 1,
240 tmp8);
241if (tmp8 == 0) {
242msg_cspew(" Erase Sector Type %d is unused.\n", j);
243continue;
244}
245if (tmp8 >= 31) {
246msg_cdbg2(" Block size of erase Sector Type %d (2^%d) "
247 "is too big for flashrom.\n", j, tmp8);
248continue;
249}
250block_size = 1 << (tmp8); /* block_size = 2 ^ field */
251
252tmp8 = buf[(4 * 7) + (j * 2) + 1];
253msg_cspew(" Erase Sector Type %d Opcode: 0x%02x\n", j + 1,
254 tmp8);
255sfdp_add_uniform_eraser(chip, tmp8, block_size);
256}
257
258done:
259msg_cdbg("done.\n");
260return 0;
261}
262
263int probe_spi_sfdp(struct flashctx *flash)
264{
265int ret = 0;
266uint8_t buf[8];
267uint32_t tmp32;
268uint8_t nph;
269/* need to limit the table loop by comparing i to uint8_t nph hence: */
270uint16_t i;
271struct sfdp_tbl_hdr *hdrs;
272uint8_t *hbuf;
273uint8_t *tbuf;
274
275if (spi_sfdp_read_sfdp(flash, 0x00, buf, 4)) {
276msg_cdbg("Receiving SFDP signature failed.\n");
277return 0;
278}
279tmp32 = buf[0];
280tmp32 |= ((unsigned int)buf[1]) << 8;
281tmp32 |= ((unsigned int)buf[2]) << 16;
282tmp32 |= ((unsigned int)buf[3]) << 24;
283
284if (tmp32 != 0x50444653) {
285msg_cdbg2("Signature = 0x%08x (should be 0x50444653)\n", tmp32);
286msg_cdbg("No SFDP signature found.\n");
287return 0;
288}
289
290if (spi_sfdp_read_sfdp(flash, 0x04, buf, 3)) {
291msg_cdbg("Receiving SFDP revision and number of parameter "
292 "headers (NPH) failed. ");
293return 0;
294}
295msg_cdbg2("SFDP revision = %d.%d\n", buf[1], buf[0]);
296if (buf[1] != 0x01) {
297msg_cdbg("The chip supports an unknown version of SFDP. "
298 "Aborting SFDP probe!\n");
299return 0;
300}
301nph = buf[2];
302msg_cdbg2("SFDP number of parameter headers is %d (NPH = %d).\n",
303 nph + 1, nph);
304
305/* Fetch all parameter headers, even if we don't use them all (yet). */
306hbuf = malloc((nph + 1) * 8);
307hdrs = malloc((nph + 1) * sizeof(struct sfdp_tbl_hdr));
308if (hbuf == NULL || hdrs == NULL ) {
309msg_gerr("Out of memory!\n");
310goto cleanup_hdrs;
311}
312if (spi_sfdp_read_sfdp(flash, 0x08, hbuf, (nph + 1) * 8)) {
313msg_cdbg("Receiving SFDP parameter table headers failed.\n");
314goto cleanup_hdrs;
315}
316
317for (i = 0; i <= nph; i++) {
318uint16_t len;
319hdrs[i].id = hbuf[(8 * i) + 0];
320hdrs[i].v_minor = hbuf[(8 * i) + 1];
321hdrs[i].v_major = hbuf[(8 * i) + 2];
322hdrs[i].len = hbuf[(8 * i) + 3];
323hdrs[i].ptp = hbuf[(8 * i) + 4];
324hdrs[i].ptp |= ((unsigned int)hbuf[(8 * i) + 5]) << 8;
325hdrs[i].ptp |= ((unsigned int)hbuf[(8 * i) + 6]) << 16;
326msg_cdbg2("\nSFDP parameter table header %d/%d:\n", i, nph);
327msg_cdbg2(" ID 0x%02x, version %d.%d\n", hdrs[i].id,
328 hdrs[i].v_major, hdrs[i].v_minor);
329len = hdrs[i].len * 4;
330tmp32 = hdrs[i].ptp;
331msg_cdbg2(" Length %d B, Parameter Table Pointer 0x%06x\n",
332 len, tmp32);
333
334if (tmp32 + len >= (1 << 24)) {
335msg_cdbg("SFDP Parameter Table %d supposedly overflows "
336 "addressable SFDP area. This most\nprobably "
337 "indicates a corrupt SFDP parameter table "
338 "header. Skipping it.\n", i);
339continue;
340}
341
342tbuf = malloc(len);
343if (tbuf == NULL) {
344msg_gerr("Out of memory!\n");
345goto cleanup_hdrs;
346}
347if (spi_sfdp_read_sfdp(flash, tmp32, tbuf, len)){
348msg_cdbg("Fetching SFDP parameter table %d failed.\n",
349 i);
350free(tbuf);
351continue;
352}
353msg_cspew(" Parameter table contents:\n");
354for (tmp32 = 0; tmp32 < len; tmp32++) {
355if ((tmp32 % 8) == 0) {
356msg_cspew(" 0x%04x: ", tmp32);
357}
358msg_cspew(" %02x", tbuf[tmp32]);
359if ((tmp32 % 8) == 7) {
360msg_cspew("\n");
361continue;
362}
363if ((tmp32 % 8) == 3) {
364msg_cspew(" ");
365continue;
366}
367}
368msg_cspew("\n");
369
370if (i == 0) { /* Mandatory JEDEC SFDP parameter table */
371if (hdrs[i].id != 0)
372msg_cdbg("ID of the mandatory JEDEC SFDP "
373 "parameter table is not 0 as demanded "
374 "by JESD216 (warning only).\n");
375
376if (hdrs[i].v_major != 0x01) {
377msg_cdbg("The chip contains an unknown "
378 "version of the JEDEC flash "
379 "parameters table, skipping it.\n");
380} else if (len != 9 * 4 && len != 4 * 4) {
381msg_cdbg("Length of the mandatory JEDEC SFDP "
382 "parameter table is wrong (%d B), "
383 "skipping it.\n", len);
384} else if (sfdp_fill_flash(flash->chip, tbuf, len) == 0)
385ret = 1;
386}
387free(tbuf);
388}
389
390cleanup_hdrs:
391free(hdrs);
392free(hbuf);
393return ret;
394}

Archive Download this file

Revision: HEAD