blob: 68671851c5e9b62cfd2748d2329616b86cbf653b [file] [log] [blame]
Stefan Taunerac1b4c82012-02-17 14:51:04 +00001/*
2 * This file is part of the flashrom project.
3 *
4 * Copyright (C) 2011-2012 Stefan Tauner
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; version 2 of the License.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
Stefan Taunerac1b4c82012-02-17 14:51:04 +000014 */
15
16#include <stdint.h>
17#include <stdlib.h>
Carl-Daniel Hailfinger2d251242012-02-24 23:49:30 +000018#include <string.h>
Stefan Taunerac1b4c82012-02-17 14:51:04 +000019#include "flash.h"
20#include "spi.h"
21#include "chipdrivers.h"
22
23static int spi_sfdp_read_sfdp_chunk(struct flashctx *flash, uint32_t address, uint8_t *buf, int len)
24{
25 int i, ret;
Carl-Daniel Hailfinger2d251242012-02-24 23:49:30 +000026 uint8_t *newbuf;
Stefan Taunerac1b4c82012-02-17 14:51:04 +000027 const unsigned char cmd[JEDEC_SFDP_OUTSIZE] = {
28 JEDEC_SFDP,
29 (address >> 16) & 0xff,
30 (address >> 8) & 0xff,
31 (address >> 0) & 0xff,
32 /* FIXME: the following dummy byte explodes on some programmers.
Carl-Daniel Hailfinger2d251242012-02-24 23:49:30 +000033 * One workaround is to read the dummy byte
Stefan Taunerac1b4c82012-02-17 14:51:04 +000034 * instead and discard its value.
35 */
36 0
37 };
38 msg_cspew("%s: addr=0x%x, len=%d, data:\n", __func__, address, len);
Carl-Daniel Hailfinger2d251242012-02-24 23:49:30 +000039 newbuf = malloc(len + 1);
40 if (!newbuf)
41 return SPI_PROGRAMMER_ERROR;
42 ret = spi_send_command(flash, sizeof(cmd) - 1, len + 1, cmd, newbuf);
43 memmove(buf, newbuf + 1, len);
44 free(newbuf);
45 if (ret)
46 return ret;
Stefan Taunerac1b4c82012-02-17 14:51:04 +000047 for (i = 0; i < len; i++)
48 msg_cspew(" 0x%02x", buf[i]);
49 msg_cspew("\n");
Carl-Daniel Hailfinger2d251242012-02-24 23:49:30 +000050 return 0;
Stefan Taunerac1b4c82012-02-17 14:51:04 +000051}
52
53static int spi_sfdp_read_sfdp(struct flashctx *flash, uint32_t address, uint8_t *buf, int len)
54{
Carl-Daniel Hailfinger2d251242012-02-24 23:49:30 +000055 /* FIXME: There are different upper bounds for the number of bytes to
56 * read on the various programmers (even depending on the rest of the
57 * structure of the transaction). 2 is a safe bet. */
58 int maxstep = 2;
Stefan Taunerac1b4c82012-02-17 14:51:04 +000059 int ret = 0;
60 while (len > 0) {
61 int step = min(len, maxstep);
62 ret = spi_sfdp_read_sfdp_chunk(flash, address, buf, step);
63 if (ret)
64 return ret;
65 address += step;
66 buf += step;
67 len -= step;
68 }
69 return ret;
70}
71
72struct sfdp_tbl_hdr {
73 uint8_t id;
74 uint8_t v_minor;
75 uint8_t v_major;
76 uint8_t len;
77 uint32_t ptp; /* 24b pointer */
78};
79
Carl-Daniel Hailfinger5a7cb842012-08-25 01:17:58 +000080static int sfdp_add_uniform_eraser(struct flashchip *chip, uint8_t opcode, uint32_t block_size)
Stefan Taunerac1b4c82012-02-17 14:51:04 +000081{
82 int i;
Carl-Daniel Hailfinger5a7cb842012-08-25 01:17:58 +000083 uint32_t total_size = chip->total_size * 1024;
Thomas Heijligen35614512022-09-19 23:46:58 +020084 erasefunc_t *erasefn = spi25_get_erasefn_from_opcode(opcode);
Stefan Taunerac1b4c82012-02-17 14:51:04 +000085
Stefan Tauner75adf322012-02-22 00:14:14 +000086 if (erasefn == NULL || total_size == 0 || block_size == 0 ||
87 total_size % block_size != 0) {
88 msg_cdbg("%s: invalid input, please report to "
Nico Huberac90af62022-12-18 00:22:47 +000089 "flashrom-stable@flashrom.org\n", __func__);
Stefan Taunerac1b4c82012-02-17 14:51:04 +000090 return 1;
91 }
92
93 for (i = 0; i < NUM_ERASEFUNCTIONS; i++) {
Carl-Daniel Hailfinger5a7cb842012-08-25 01:17:58 +000094 struct block_eraser *eraser = &chip->block_erasers[i];
Stefan Taunerac1b4c82012-02-17 14:51:04 +000095 /* Check for duplicates (including (some) non-uniform ones). */
96 if (eraser->eraseblocks[0].size == block_size &&
97 eraser->block_erase == erasefn) {
98 msg_cdbg2(" Tried to add a duplicate block eraser: "
Stefan Tauner75adf322012-02-22 00:14:14 +000099 "%d x %d B with opcode 0x%02x.\n",
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000100 total_size/block_size, block_size, opcode);
101 return 1;
102 }
Stefan Tauner75adf322012-02-22 00:14:14 +0000103 if (eraser->eraseblocks[0].size != 0 ||
104 eraser->block_erase != NULL) {
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000105 msg_cspew(" Block Eraser %d is already occupied.\n",
106 i);
107 continue;
108 }
109
110 eraser->block_erase = erasefn;
111 eraser->eraseblocks[0].size = block_size;
112 eraser->eraseblocks[0].count = total_size/block_size;
113 msg_cdbg2(" Block eraser %d: %d x %d B with opcode "
114 "0x%02x\n", i, total_size/block_size, block_size,
115 opcode);
116 return 0;
117 }
Nico Huberac90af62022-12-18 00:22:47 +0000118 msg_cinfo("%s: Not enough space to store another eraser (i=%d).\n"
119 "Please report this at flashrom-stable@flashrom.org\n",
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000120 __func__, i);
121 return 1;
122}
123
Carl-Daniel Hailfinger5a7cb842012-08-25 01:17:58 +0000124static int sfdp_fill_flash(struct flashchip *chip, uint8_t *buf, uint16_t len)
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000125{
Stefan Tauner75adf322012-02-22 00:14:14 +0000126 uint8_t opcode_4k_erase = 0xFF;
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000127 uint32_t tmp32;
128 uint8_t tmp8;
129 uint32_t total_size; /* in bytes */
130 uint32_t block_size;
Stefan Tauner75adf322012-02-22 00:14:14 +0000131 int j;
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000132
133 msg_cdbg("Parsing JEDEC flash parameter table... ");
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000134 msg_cdbg2("\n");
Elyes HAOUAS0cacb112019-02-04 12:16:38 +0100135
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000136 /* 1. double word */
Stefan Tauner75adf322012-02-22 00:14:14 +0000137 tmp32 = ((unsigned int)buf[(4 * 0) + 0]);
138 tmp32 |= ((unsigned int)buf[(4 * 0) + 1]) << 8;
139 tmp32 |= ((unsigned int)buf[(4 * 0) + 2]) << 16;
140 tmp32 |= ((unsigned int)buf[(4 * 0) + 3]) << 24;
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000141
142 tmp8 = (tmp32 >> 17) & 0x3;
143 switch (tmp8) {
144 case 0x0:
145 msg_cdbg2(" 3-Byte only addressing.\n");
146 break;
147 case 0x1:
148 msg_cdbg2(" 3-Byte (and optionally 4-Byte) addressing.\n");
149 break;
150 case 0x2:
151 msg_cdbg(" 4-Byte only addressing (not supported by "
152 "flashrom).\n");
153 return 1;
154 default:
155 msg_cdbg(" Required addressing mode (0x%x) not supported.\n",
156 tmp8);
157 return 1;
158 }
159
160 msg_cdbg2(" Status register is ");
161 if (tmp32 & (1 << 3)) {
162 msg_cdbg2("volatile and writes to the status register have to "
163 "be enabled with ");
164 if (tmp32 & (1 << 4)) {
Carl-Daniel Hailfinger5a7cb842012-08-25 01:17:58 +0000165 chip->feature_bits = FEATURE_WRSR_WREN;
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000166 msg_cdbg2("WREN (0x06).\n");
167 } else {
Carl-Daniel Hailfinger5a7cb842012-08-25 01:17:58 +0000168 chip->feature_bits = FEATURE_WRSR_EWSR;
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000169 msg_cdbg2("EWSR (0x50).\n");
170 }
Steven Zakulec3603a282012-05-02 20:07:57 +0000171 } else {
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000172 msg_cdbg2("non-volatile and the standard does not allow "
173 "vendors to tell us whether EWSR/WREN is needed for "
174 "status register writes - assuming EWSR.\n");
Carl-Daniel Hailfinger5a7cb842012-08-25 01:17:58 +0000175 chip->feature_bits = FEATURE_WRSR_EWSR;
Steven Zakulec3603a282012-05-02 20:07:57 +0000176 }
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000177
178 msg_cdbg2(" Write chunk size is ");
179 if (tmp32 & (1 << 2)) {
180 msg_cdbg2("at least 64 B.\n");
Carl-Daniel Hailfinger5a7cb842012-08-25 01:17:58 +0000181 chip->page_size = 64;
182 chip->write = spi_chip_write_256;
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000183 } else {
184 msg_cdbg2("1 B only.\n");
Carl-Daniel Hailfinger5a7cb842012-08-25 01:17:58 +0000185 chip->page_size = 256;
186 chip->write = spi_chip_write_1;
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000187 }
188
189 if ((tmp32 & 0x3) == 0x1) {
Stefan Tauner75adf322012-02-22 00:14:14 +0000190 opcode_4k_erase = (tmp32 >> 8) & 0xFF;
191 msg_cspew(" 4kB erase opcode is 0x%02x.\n", opcode_4k_erase);
192 /* add the eraser later, because we don't know total_size yet */
193 } else
194 msg_cspew(" 4kB erase opcode is not defined.\n");
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000195
196 /* 2. double word */
Stefan Tauner75adf322012-02-22 00:14:14 +0000197 tmp32 = ((unsigned int)buf[(4 * 1) + 0]);
198 tmp32 |= ((unsigned int)buf[(4 * 1) + 1]) << 8;
199 tmp32 |= ((unsigned int)buf[(4 * 1) + 2]) << 16;
200 tmp32 |= ((unsigned int)buf[(4 * 1) + 3]) << 24;
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000201
202 if (tmp32 & (1 << 31)) {
203 msg_cdbg("Flash chip size >= 4 Gb/512 MB not supported.\n");
204 return 1;
205 }
206 total_size = ((tmp32 & 0x7FFFFFFF) + 1) / 8;
Carl-Daniel Hailfinger5a7cb842012-08-25 01:17:58 +0000207 chip->total_size = total_size / 1024;
208 msg_cdbg2(" Flash chip size is %d kB.\n", chip->total_size);
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000209 if (total_size > (1 << 24)) {
210 msg_cdbg("Flash chip size is bigger than what 3-Byte addressing "
211 "can access.\n");
212 return 1;
213 }
214
Stefan Tauner75adf322012-02-22 00:14:14 +0000215 if (opcode_4k_erase != 0xFF)
Carl-Daniel Hailfinger5a7cb842012-08-25 01:17:58 +0000216 sfdp_add_uniform_eraser(chip, opcode_4k_erase, 4 * 1024);
Stefan Tauner75adf322012-02-22 00:14:14 +0000217
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000218 /* FIXME: double words 3-7 contain unused fast read information */
219
220 if (len == 4 * 4) {
Stefan Tauner75adf322012-02-22 00:14:14 +0000221 msg_cdbg(" It seems like this chip supports the preliminary "
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000222 "Intel version of SFDP, skipping processing of double "
223 "words 3-9.\n");
224 goto done;
225 }
226
Stefan Tauner75adf322012-02-22 00:14:14 +0000227 /* 8. double word */
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000228 for (j = 0; j < 4; j++) {
Stefan Tauner75adf322012-02-22 00:14:14 +0000229 /* 7 double words from the start + 2 bytes for every eraser */
230 tmp8 = buf[(4 * 7) + (j * 2)];
231 msg_cspew(" Erase Sector Type %d Size: 0x%02x\n", j + 1,
232 tmp8);
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000233 if (tmp8 == 0) {
Stefan Tauner75adf322012-02-22 00:14:14 +0000234 msg_cspew(" Erase Sector Type %d is unused.\n", j);
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000235 continue;
236 }
237 if (tmp8 >= 31) {
Stefan Tauner75adf322012-02-22 00:14:14 +0000238 msg_cdbg2(" Block size of erase Sector Type %d (2^%d) "
239 "is too big for flashrom.\n", j, tmp8);
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000240 continue;
241 }
242 block_size = 1 << (tmp8); /* block_size = 2 ^ field */
243
Stefan Tauner75adf322012-02-22 00:14:14 +0000244 tmp8 = buf[(4 * 7) + (j * 2) + 1];
245 msg_cspew(" Erase Sector Type %d Opcode: 0x%02x\n", j + 1,
246 tmp8);
Carl-Daniel Hailfinger5a7cb842012-08-25 01:17:58 +0000247 sfdp_add_uniform_eraser(chip, tmp8, block_size);
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000248 }
249
250done:
251 msg_cdbg("done.\n");
252 return 0;
253}
254
255int probe_spi_sfdp(struct flashctx *flash)
256{
257 int ret = 0;
258 uint8_t buf[8];
259 uint32_t tmp32;
260 uint8_t nph;
261 /* need to limit the table loop by comparing i to uint8_t nph hence: */
262 uint16_t i;
263 struct sfdp_tbl_hdr *hdrs;
264 uint8_t *hbuf;
265 uint8_t *tbuf;
266
267 if (spi_sfdp_read_sfdp(flash, 0x00, buf, 4)) {
268 msg_cdbg("Receiving SFDP signature failed.\n");
269 return 0;
270 }
271 tmp32 = buf[0];
272 tmp32 |= ((unsigned int)buf[1]) << 8;
273 tmp32 |= ((unsigned int)buf[2]) << 16;
274 tmp32 |= ((unsigned int)buf[3]) << 24;
275
276 if (tmp32 != 0x50444653) {
277 msg_cdbg2("Signature = 0x%08x (should be 0x50444653)\n", tmp32);
278 msg_cdbg("No SFDP signature found.\n");
279 return 0;
280 }
281
282 if (spi_sfdp_read_sfdp(flash, 0x04, buf, 3)) {
283 msg_cdbg("Receiving SFDP revision and number of parameter "
284 "headers (NPH) failed. ");
285 return 0;
286 }
287 msg_cdbg2("SFDP revision = %d.%d\n", buf[1], buf[0]);
288 if (buf[1] != 0x01) {
289 msg_cdbg("The chip supports an unknown version of SFDP. "
290 "Aborting SFDP probe!\n");
291 return 0;
292 }
293 nph = buf[2];
294 msg_cdbg2("SFDP number of parameter headers is %d (NPH = %d).\n",
295 nph + 1, nph);
296
297 /* Fetch all parameter headers, even if we don't use them all (yet). */
298 hbuf = malloc((nph + 1) * 8);
Angel Pons690a9442021-06-07 12:33:53 +0200299 hdrs = malloc((nph + 1) * sizeof(*hdrs));
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000300 if (hbuf == NULL || hdrs == NULL ) {
301 msg_gerr("Out of memory!\n");
302 goto cleanup_hdrs;
303 }
304 if (spi_sfdp_read_sfdp(flash, 0x08, hbuf, (nph + 1) * 8)) {
305 msg_cdbg("Receiving SFDP parameter table headers failed.\n");
306 goto cleanup_hdrs;
307 }
308
309 for (i = 0; i <= nph; i++) {
310 uint16_t len;
311 hdrs[i].id = hbuf[(8 * i) + 0];
312 hdrs[i].v_minor = hbuf[(8 * i) + 1];
313 hdrs[i].v_major = hbuf[(8 * i) + 2];
314 hdrs[i].len = hbuf[(8 * i) + 3];
315 hdrs[i].ptp = hbuf[(8 * i) + 4];
316 hdrs[i].ptp |= ((unsigned int)hbuf[(8 * i) + 5]) << 8;
317 hdrs[i].ptp |= ((unsigned int)hbuf[(8 * i) + 6]) << 16;
318 msg_cdbg2("\nSFDP parameter table header %d/%d:\n", i, nph);
319 msg_cdbg2(" ID 0x%02x, version %d.%d\n", hdrs[i].id,
320 hdrs[i].v_major, hdrs[i].v_minor);
321 len = hdrs[i].len * 4;
322 tmp32 = hdrs[i].ptp;
323 msg_cdbg2(" Length %d B, Parameter Table Pointer 0x%06x\n",
324 len, tmp32);
325
326 if (tmp32 + len >= (1 << 24)) {
327 msg_cdbg("SFDP Parameter Table %d supposedly overflows "
328 "addressable SFDP area. This most\nprobably "
329 "indicates a corrupt SFDP parameter table "
330 "header. Skipping it.\n", i);
331 continue;
332 }
333
334 tbuf = malloc(len);
335 if (tbuf == NULL) {
336 msg_gerr("Out of memory!\n");
337 goto cleanup_hdrs;
338 }
339 if (spi_sfdp_read_sfdp(flash, tmp32, tbuf, len)){
340 msg_cdbg("Fetching SFDP parameter table %d failed.\n",
341 i);
342 free(tbuf);
343 continue;
344 }
345 msg_cspew(" Parameter table contents:\n");
346 for (tmp32 = 0; tmp32 < len; tmp32++) {
347 if ((tmp32 % 8) == 0) {
348 msg_cspew(" 0x%04x: ", tmp32);
349 }
Stefan Tauner75adf322012-02-22 00:14:14 +0000350 msg_cspew(" %02x", tbuf[tmp32]);
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000351 if ((tmp32 % 8) == 7) {
352 msg_cspew("\n");
353 continue;
354 }
355 if ((tmp32 % 8) == 3) {
356 msg_cspew(" ");
357 continue;
358 }
359 }
Stefan Tauner75adf322012-02-22 00:14:14 +0000360 msg_cspew("\n");
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000361
362 if (i == 0) { /* Mandatory JEDEC SFDP parameter table */
363 if (hdrs[i].id != 0)
364 msg_cdbg("ID of the mandatory JEDEC SFDP "
365 "parameter table is not 0 as demanded "
366 "by JESD216 (warning only).\n");
367
368 if (hdrs[i].v_major != 0x01) {
369 msg_cdbg("The chip contains an unknown "
370 "version of the JEDEC flash "
371 "parameters table, skipping it.\n");
Michael Niewöhnerde307c02021-12-11 22:15:06 +0100372 } else if (len != 4 * 4 && len < 9 * 4) {
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000373 msg_cdbg("Length of the mandatory JEDEC SFDP "
374 "parameter table is wrong (%d B), "
375 "skipping it.\n", len);
Carl-Daniel Hailfinger5a7cb842012-08-25 01:17:58 +0000376 } else if (sfdp_fill_flash(flash->chip, tbuf, len) == 0)
Stefan Taunerac1b4c82012-02-17 14:51:04 +0000377 ret = 1;
378 }
379 free(tbuf);
380 }
381
382cleanup_hdrs:
383 free(hdrs);
384 free(hbuf);
385 return ret;
386}