blob: 708b66b0153d52360fce676ef43303cd127bc8ea [file] [log] [blame]
Stefan Taunerac1b4c82012-02-17 14:51:04 +00001/*
2 * This file is part of the flashrom project.
3 *
4 * Copyright (C) 2011-2012 Stefan Tauner
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; version 2 of the License.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18 */
19
20#include <stdint.h>
21#include <stdlib.h>
Carl-Daniel Hailfinger2d251242012-02-24 23:49:30 +000022#include <string.h>
Stefan Taunerac1b4c82012-02-17 14:51:04 +000023#include "flash.h"
24#include "spi.h"
25#include "chipdrivers.h"
26
27static int spi_sfdp_read_sfdp_chunk(struct flashctx *flash, uint32_t address, uint8_t *buf, int len)
28{
29 int i, ret;
Carl-Daniel Hailfinger2d251242012-02-24 23:49:30 +000030 uint8_t *newbuf;
Stefan Taunerac1b4c82012-02-17 14:51:04 +000031 const unsigned char cmd[JEDEC_SFDP_OUTSIZE] = {
32 JEDEC_SFDP,
33 (address >> 16) & 0xff,
34 (address >> 8) & 0xff,
35 (address >> 0) & 0xff,
36 /* FIXME: the following dummy byte explodes on some programmers.
Carl-Daniel Hailfinger2d251242012-02-24 23:49:30 +000037 * One workaround is to read the dummy byte
Stefan Taunerac1b4c82012-02-17 14:51:04 +000038 * instead and discard its value.
39 */
40 0
41 };
42 msg_cspew("%s: addr=0x%x, len=%d, data:\n", __func__, address, len);
Carl-Daniel Hailfinger2d251242012-02-24 23:49:30 +000043 newbuf = malloc(len + 1);
44 if (!newbuf)
45 return SPI_PROGRAMMER_ERROR;
46 ret = spi_send_command(flash, sizeof(cmd) - 1, len + 1, cmd, newbuf);
47 memmove(buf, newbuf + 1, len);
48 free(newbuf);
49 if (ret)
50 return ret;
Stefan Taunerac1b4c82012-02-17 14:51:04 +000051 for (i = 0; i < len; i++)
52 msg_cspew(" 0x%02x", buf[i]);
53 msg_cspew("\n");
Carl-Daniel Hailfinger2d251242012-02-24 23:49:30 +000054 return 0;
Stefan Taunerac1b4c82012-02-17 14:51:04 +000055}
56
57static int spi_sfdp_read_sfdp(struct flashctx *flash, uint32_t address, uint8_t *buf, int len)
58{
Carl-Daniel Hailfinger2d251242012-02-24 23:49:30 +000059 /* FIXME: There are different upper bounds for the number of bytes to
60 * read on the various programmers (even depending on the rest of the
61 * structure of the transaction). 2 is a safe bet. */
62 int maxstep = 2;
Stefan Taunerac1b4c82012-02-17 14:51:04 +000063 int ret = 0;
64 while (len > 0) {
65 int step = min(len, maxstep);
66 ret = spi_sfdp_read_sfdp_chunk(flash, address, buf, step);
67 if (ret)
68 return ret;
69 address += step;
70 buf += step;
71 len -= step;
72 }
73 return ret;
74}
75
76struct sfdp_tbl_hdr {
77 uint8_t id;
78 uint8_t v_minor;
79 uint8_t v_major;
80 uint8_t len;
81 uint32_t ptp; /* 24b pointer */
82};
83
84static int sfdp_add_uniform_eraser(struct flashctx *flash, uint8_t opcode, uint32_t block_size)
85{
86 int i;
87 uint32_t total_size = flash->total_size * 1024;
88 erasefunc_t *erasefn = spi_get_erasefn_from_opcode(opcode);
89
Stefan Tauner75adf322012-02-22 00:14:14 +000090 if (erasefn == NULL || total_size == 0 || block_size == 0 ||
91 total_size % block_size != 0) {
92 msg_cdbg("%s: invalid input, please report to "
93 "flashrom@flashrom.org\n", __func__);
Stefan Taunerac1b4c82012-02-17 14:51:04 +000094 return 1;
95 }
96
97 for (i = 0; i < NUM_ERASEFUNCTIONS; i++) {
98 struct block_eraser *eraser = &flash->block_erasers[i];
99 /* Check for duplicates (including (some) non-uniform ones). */
100 if (eraser->eraseblocks[0].size == block_size &&
101 eraser->block_erase == erasefn) {
102 msg_cdbg2(" Tried to add a duplicate block eraser: "
Stefan Tauner75adf322012-02-22 00:14:14 +0000103 "%d x %d B with opcode 0x%02x.\n",
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000104 total_size/block_size, block_size, opcode);
105 return 1;
106 }
Stefan Tauner75adf322012-02-22 00:14:14 +0000107 if (eraser->eraseblocks[0].size != 0 ||
108 eraser->block_erase != NULL) {
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000109 msg_cspew(" Block Eraser %d is already occupied.\n",
110 i);
111 continue;
112 }
113
114 eraser->block_erase = erasefn;
115 eraser->eraseblocks[0].size = block_size;
116 eraser->eraseblocks[0].count = total_size/block_size;
117 msg_cdbg2(" Block eraser %d: %d x %d B with opcode "
118 "0x%02x\n", i, total_size/block_size, block_size,
119 opcode);
120 return 0;
121 }
122 msg_cinfo("%s: Not enough space to store another eraser (i=%d)."
123 " Please report this at flashrom@flashrom.org\n",
124 __func__, i);
125 return 1;
126}
127
128static int sfdp_fill_flash(struct flashctx *flash, uint8_t *buf, uint16_t len)
129{
Stefan Tauner75adf322012-02-22 00:14:14 +0000130 uint8_t opcode_4k_erase = 0xFF;
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000131 uint32_t tmp32;
132 uint8_t tmp8;
133 uint32_t total_size; /* in bytes */
134 uint32_t block_size;
Stefan Tauner75adf322012-02-22 00:14:14 +0000135 int j;
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000136
137 msg_cdbg("Parsing JEDEC flash parameter table... ");
138 if (len != 9 * 4 && len != 4 * 4) {
139 msg_cdbg("%s: len out of spec\n", __func__);
140 return 1;
141 }
142 msg_cdbg2("\n");
143
144 /* 1. double word */
Stefan Tauner75adf322012-02-22 00:14:14 +0000145 tmp32 = ((unsigned int)buf[(4 * 0) + 0]);
146 tmp32 |= ((unsigned int)buf[(4 * 0) + 1]) << 8;
147 tmp32 |= ((unsigned int)buf[(4 * 0) + 2]) << 16;
148 tmp32 |= ((unsigned int)buf[(4 * 0) + 3]) << 24;
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000149
150 tmp8 = (tmp32 >> 17) & 0x3;
151 switch (tmp8) {
152 case 0x0:
153 msg_cdbg2(" 3-Byte only addressing.\n");
154 break;
155 case 0x1:
156 msg_cdbg2(" 3-Byte (and optionally 4-Byte) addressing.\n");
157 break;
158 case 0x2:
159 msg_cdbg(" 4-Byte only addressing (not supported by "
160 "flashrom).\n");
161 return 1;
162 default:
163 msg_cdbg(" Required addressing mode (0x%x) not supported.\n",
164 tmp8);
165 return 1;
166 }
167
168 msg_cdbg2(" Status register is ");
169 if (tmp32 & (1 << 3)) {
170 msg_cdbg2("volatile and writes to the status register have to "
171 "be enabled with ");
172 if (tmp32 & (1 << 4)) {
173 flash->feature_bits = FEATURE_WRSR_WREN;
174 msg_cdbg2("WREN (0x06).\n");
175 } else {
176 flash->feature_bits = FEATURE_WRSR_EWSR;
177 msg_cdbg2("EWSR (0x50).\n");
178 }
Steven Zakulec3603a282012-05-02 20:07:57 +0000179 } else {
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000180 msg_cdbg2("non-volatile and the standard does not allow "
181 "vendors to tell us whether EWSR/WREN is needed for "
182 "status register writes - assuming EWSR.\n");
Steven Zakulec3603a282012-05-02 20:07:57 +0000183 flash->feature_bits = FEATURE_WRSR_EWSR;
184 }
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000185
186 msg_cdbg2(" Write chunk size is ");
187 if (tmp32 & (1 << 2)) {
188 msg_cdbg2("at least 64 B.\n");
189 flash->page_size = 64;
190 flash->write = spi_chip_write_256;
191 } else {
192 msg_cdbg2("1 B only.\n");
193 flash->page_size = 256;
194 flash->write = spi_chip_write_1;
195 }
196
197 if ((tmp32 & 0x3) == 0x1) {
Stefan Tauner75adf322012-02-22 00:14:14 +0000198 opcode_4k_erase = (tmp32 >> 8) & 0xFF;
199 msg_cspew(" 4kB erase opcode is 0x%02x.\n", opcode_4k_erase);
200 /* add the eraser later, because we don't know total_size yet */
201 } else
202 msg_cspew(" 4kB erase opcode is not defined.\n");
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000203
204 /* 2. double word */
Stefan Tauner75adf322012-02-22 00:14:14 +0000205 tmp32 = ((unsigned int)buf[(4 * 1) + 0]);
206 tmp32 |= ((unsigned int)buf[(4 * 1) + 1]) << 8;
207 tmp32 |= ((unsigned int)buf[(4 * 1) + 2]) << 16;
208 tmp32 |= ((unsigned int)buf[(4 * 1) + 3]) << 24;
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000209
210 if (tmp32 & (1 << 31)) {
211 msg_cdbg("Flash chip size >= 4 Gb/512 MB not supported.\n");
212 return 1;
213 }
214 total_size = ((tmp32 & 0x7FFFFFFF) + 1) / 8;
215 flash->total_size = total_size / 1024;
216 msg_cdbg2(" Flash chip size is %d kB.\n", flash->total_size);
217 if (total_size > (1 << 24)) {
218 msg_cdbg("Flash chip size is bigger than what 3-Byte addressing "
219 "can access.\n");
220 return 1;
221 }
222
Stefan Tauner75adf322012-02-22 00:14:14 +0000223 if (opcode_4k_erase != 0xFF)
224 sfdp_add_uniform_eraser(flash, opcode_4k_erase, 4 * 1024);
225
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000226 /* FIXME: double words 3-7 contain unused fast read information */
227
228 if (len == 4 * 4) {
Stefan Tauner75adf322012-02-22 00:14:14 +0000229 msg_cdbg(" It seems like this chip supports the preliminary "
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000230 "Intel version of SFDP, skipping processing of double "
231 "words 3-9.\n");
232 goto done;
233 }
234
Stefan Tauner75adf322012-02-22 00:14:14 +0000235 /* 8. double word */
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000236 for (j = 0; j < 4; j++) {
Stefan Tauner75adf322012-02-22 00:14:14 +0000237 /* 7 double words from the start + 2 bytes for every eraser */
238 tmp8 = buf[(4 * 7) + (j * 2)];
239 msg_cspew(" Erase Sector Type %d Size: 0x%02x\n", j + 1,
240 tmp8);
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000241 if (tmp8 == 0) {
Stefan Tauner75adf322012-02-22 00:14:14 +0000242 msg_cspew(" Erase Sector Type %d is unused.\n", j);
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000243 continue;
244 }
245 if (tmp8 >= 31) {
Stefan Tauner75adf322012-02-22 00:14:14 +0000246 msg_cdbg2(" Block size of erase Sector Type %d (2^%d) "
247 "is too big for flashrom.\n", j, tmp8);
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000248 continue;
249 }
250 block_size = 1 << (tmp8); /* block_size = 2 ^ field */
251
Stefan Tauner75adf322012-02-22 00:14:14 +0000252 tmp8 = buf[(4 * 7) + (j * 2) + 1];
253 msg_cspew(" Erase Sector Type %d Opcode: 0x%02x\n", j + 1,
254 tmp8);
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000255 sfdp_add_uniform_eraser(flash, tmp8, block_size);
256 }
257
258done:
259 msg_cdbg("done.\n");
260 return 0;
261}
262
263int probe_spi_sfdp(struct flashctx *flash)
264{
265 int ret = 0;
266 uint8_t buf[8];
267 uint32_t tmp32;
268 uint8_t nph;
269 /* need to limit the table loop by comparing i to uint8_t nph hence: */
270 uint16_t i;
271 struct sfdp_tbl_hdr *hdrs;
272 uint8_t *hbuf;
273 uint8_t *tbuf;
274
275 if (spi_sfdp_read_sfdp(flash, 0x00, buf, 4)) {
276 msg_cdbg("Receiving SFDP signature failed.\n");
277 return 0;
278 }
279 tmp32 = buf[0];
280 tmp32 |= ((unsigned int)buf[1]) << 8;
281 tmp32 |= ((unsigned int)buf[2]) << 16;
282 tmp32 |= ((unsigned int)buf[3]) << 24;
283
284 if (tmp32 != 0x50444653) {
285 msg_cdbg2("Signature = 0x%08x (should be 0x50444653)\n", tmp32);
286 msg_cdbg("No SFDP signature found.\n");
287 return 0;
288 }
289
290 if (spi_sfdp_read_sfdp(flash, 0x04, buf, 3)) {
291 msg_cdbg("Receiving SFDP revision and number of parameter "
292 "headers (NPH) failed. ");
293 return 0;
294 }
295 msg_cdbg2("SFDP revision = %d.%d\n", buf[1], buf[0]);
296 if (buf[1] != 0x01) {
297 msg_cdbg("The chip supports an unknown version of SFDP. "
298 "Aborting SFDP probe!\n");
299 return 0;
300 }
301 nph = buf[2];
302 msg_cdbg2("SFDP number of parameter headers is %d (NPH = %d).\n",
303 nph + 1, nph);
304
305 /* Fetch all parameter headers, even if we don't use them all (yet). */
306 hbuf = malloc((nph + 1) * 8);
307 hdrs = malloc((nph + 1) * sizeof(struct sfdp_tbl_hdr));
308 if (hbuf == NULL || hdrs == NULL ) {
309 msg_gerr("Out of memory!\n");
310 goto cleanup_hdrs;
311 }
312 if (spi_sfdp_read_sfdp(flash, 0x08, hbuf, (nph + 1) * 8)) {
313 msg_cdbg("Receiving SFDP parameter table headers failed.\n");
314 goto cleanup_hdrs;
315 }
316
317 for (i = 0; i <= nph; i++) {
318 uint16_t len;
319 hdrs[i].id = hbuf[(8 * i) + 0];
320 hdrs[i].v_minor = hbuf[(8 * i) + 1];
321 hdrs[i].v_major = hbuf[(8 * i) + 2];
322 hdrs[i].len = hbuf[(8 * i) + 3];
323 hdrs[i].ptp = hbuf[(8 * i) + 4];
324 hdrs[i].ptp |= ((unsigned int)hbuf[(8 * i) + 5]) << 8;
325 hdrs[i].ptp |= ((unsigned int)hbuf[(8 * i) + 6]) << 16;
326 msg_cdbg2("\nSFDP parameter table header %d/%d:\n", i, nph);
327 msg_cdbg2(" ID 0x%02x, version %d.%d\n", hdrs[i].id,
328 hdrs[i].v_major, hdrs[i].v_minor);
329 len = hdrs[i].len * 4;
330 tmp32 = hdrs[i].ptp;
331 msg_cdbg2(" Length %d B, Parameter Table Pointer 0x%06x\n",
332 len, tmp32);
333
334 if (tmp32 + len >= (1 << 24)) {
335 msg_cdbg("SFDP Parameter Table %d supposedly overflows "
336 "addressable SFDP area. This most\nprobably "
337 "indicates a corrupt SFDP parameter table "
338 "header. Skipping it.\n", i);
339 continue;
340 }
341
342 tbuf = malloc(len);
343 if (tbuf == NULL) {
344 msg_gerr("Out of memory!\n");
345 goto cleanup_hdrs;
346 }
347 if (spi_sfdp_read_sfdp(flash, tmp32, tbuf, len)){
348 msg_cdbg("Fetching SFDP parameter table %d failed.\n",
349 i);
350 free(tbuf);
351 continue;
352 }
353 msg_cspew(" Parameter table contents:\n");
354 for (tmp32 = 0; tmp32 < len; tmp32++) {
355 if ((tmp32 % 8) == 0) {
356 msg_cspew(" 0x%04x: ", tmp32);
357 }
Stefan Tauner75adf322012-02-22 00:14:14 +0000358 msg_cspew(" %02x", tbuf[tmp32]);
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000359 if ((tmp32 % 8) == 7) {
360 msg_cspew("\n");
361 continue;
362 }
363 if ((tmp32 % 8) == 3) {
364 msg_cspew(" ");
365 continue;
366 }
367 }
Stefan Tauner75adf322012-02-22 00:14:14 +0000368 msg_cspew("\n");
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000369
370 if (i == 0) { /* Mandatory JEDEC SFDP parameter table */
371 if (hdrs[i].id != 0)
372 msg_cdbg("ID of the mandatory JEDEC SFDP "
373 "parameter table is not 0 as demanded "
374 "by JESD216 (warning only).\n");
375
376 if (hdrs[i].v_major != 0x01) {
377 msg_cdbg("The chip contains an unknown "
378 "version of the JEDEC flash "
379 "parameters table, skipping it.\n");
380 } else if (len != 9 * 4 && len != 4 * 4) {
381 msg_cdbg("Length of the mandatory JEDEC SFDP "
382 "parameter table is wrong (%d B), "
383 "skipping it.\n", len);
384 } else if (sfdp_fill_flash(flash, tbuf, len) == 0)
385 ret = 1;
386 }
387 free(tbuf);
388 }
389
390cleanup_hdrs:
391 free(hdrs);
392 free(hbuf);
393 return ret;
394}