jtag-mpsse.c (14317B)
1 /* Copyright 2014 Brian Swetland <swetland@frotz.net> 2 * 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #include <stdio.h> 17 #include <stdlib.h> 18 #include <unistd.h> 19 #include <string.h> 20 #include <ctype.h> 21 22 #include "jtag.h" 23 24 #include <libusb-1.0/libusb.h> 25 26 struct device_info { 27 u32 idcode; 28 u32 idmask; 29 u32 irsize; 30 const char *name; 31 }; 32 33 #define ZYNQID(code) ((0x1B<<21)|(0x9<<17)|((code)<<12)|(0x49<<1)|1) 34 #define ZYNQMASK 0x0FFFFFFF 35 36 struct device_info LIBRARY[] = { 37 { 0x4ba00477, 0xFFFFFFFF, 4, "Cortex A9" }, 38 { ZYNQID(0x02), ZYNQMASK, 6, "xc7x010" }, 39 { ZYNQID(0x1b), ZYNQMASK, 6, "xc7x015" }, 40 { ZYNQID(0x07), ZYNQMASK, 6, "xc7x020" }, 41 { ZYNQID(0x0c), ZYNQMASK, 6, "xc7x030" }, 42 { ZYNQID(0x11), ZYNQMASK, 6, "xc7x045" }, 43 { 0x13631093, 0xFFFFFFFF, 6, "xc7a100t" }, 44 }; 45 46 struct device_info *identify_device(u32 idcode) { 47 unsigned n; 48 for (n = 0; n < sizeof(LIBRARY) / sizeof(LIBRARY[0]); n++) { 49 if ((idcode & LIBRARY[n].idmask) == LIBRARY[n].idcode) { 50 return LIBRARY + n; 51 } 52 } 53 return NULL; 54 } 55 56 #define TRACE_USB 0 57 #define TRACE_JTAG 0 58 59 #define DEVICE_MAX 16 60 61 struct jtag_handle { 62 struct libusb_device_handle *udev; 63 u8 ep_in; 64 u8 ep_out; 65 66 u8 read_buffer[512]; 67 u8 *read_ptr; 68 u32 read_count; 69 u32 read_size; 70 71 u32 dr_pre; 72 u32 dr_post; 73 u32 ir_pre; 74 u32 ir_post; 75 76 u32 dev_count; 77 u32 dev_idcode[DEVICE_MAX]; 78 u32 dev_irsize[DEVICE_MAX]; 79 struct device_info *dev_info[DEVICE_MAX]; 80 81 u32 active_irsize; 82 u32 active_idcode; 83 }; 84 85 static int usb_open(JTAG *jtag, unsigned vid, unsigned pid) { 86 struct libusb_device_handle *udev; 87 88 if (libusb_init(NULL) < 0) 89 return -1; 90 91 if (!(udev = libusb_open_device_with_vid_pid(NULL, vid, pid))) { 92 fprintf(stderr,"cannot find device\n"); 93 return -1; 94 } 95 96 libusb_detach_kernel_driver(udev, 0); 97 98 if (libusb_claim_interface(udev, 0) < 0) { 99 fprintf(stderr,"cannot claim interface\n"); 100 return -1; 101 } 102 jtag->udev = udev; 103 jtag->ep_in = 0x81; 104 jtag->ep_out = 0x02; 105 return 0; 106 } 107 108 109 #if TRACE_USB 110 static void dump(char *prefix, void *data, int len) { 111 unsigned char *x = data; 112 fprintf(stderr,"%s: (%d)", prefix, len); 113 while (len > 0) { 114 fprintf(stderr," %02x", *x++); 115 len--; 116 } 117 fprintf(stderr,"\n"); 118 } 119 #endif 120 121 static int usb_bulk(struct libusb_device_handle *udev, 122 unsigned char ep, void *data, int len, unsigned timeout) { 123 int r, xfer; 124 #if TRACE_USB 125 if (!(ep & 0x80)) 126 dump("xmit", data, len); 127 #endif 128 r = libusb_bulk_transfer(udev, ep, data, len, &xfer, timeout); 129 if (r < 0) { 130 fprintf(stderr,"bulk: error: %d\n", r); 131 return r; 132 } 133 #if TRACE_USB 134 if (ep & 0x80) 135 dump("recv", data, xfer); 136 #endif 137 return xfer; 138 } 139 140 #define FTDI_REQTYPE_OUT (LIBUSB_REQUEST_TYPE_VENDOR | LIBUSB_RECIPIENT_DEVICE | LIBUSB_ENDPOINT_OUT) 141 #define FTDI_CTL_RESET 0x00 142 #define FTDI_CTL_SET_BITMODE 0x0B 143 #define FTDI_CTL_SET_EVENT_CH 0x06 144 #define FTDI_CTL_SET_ERROR_CH 0x07 145 146 #define FTDI_IFC_A 1 147 #define FTDI_IFC_B 2 148 149 int ftdi_reset(struct libusb_device_handle *udev) { 150 if (libusb_control_transfer(udev, 151 FTDI_REQTYPE_OUT, FTDI_CTL_RESET, 0, FTDI_IFC_A, NULL, 0, 10000) < 0) { 152 fprintf(stderr,"ftdi: reset failed\n"); 153 return -1; 154 } 155 return 0; 156 } 157 158 int ftdi_mpsse_enable(struct libusb_device_handle *udev) { 159 if (libusb_control_transfer(udev, 160 FTDI_REQTYPE_OUT, FTDI_CTL_SET_BITMODE, 0x0000, FTDI_IFC_A, NULL, 0, 10000) < 0) { 161 fprintf(stderr,"ftdi: set bitmode failed\n"); 162 return -1; 163 } 164 if (libusb_control_transfer(udev, 165 FTDI_REQTYPE_OUT, FTDI_CTL_SET_BITMODE, 0x020b, FTDI_IFC_A, NULL, 0, 10000) < 0) { 166 fprintf(stderr,"ftdi: set bitmode failed\n"); 167 return -1; 168 } 169 if (libusb_control_transfer(udev, 170 FTDI_REQTYPE_OUT, FTDI_CTL_SET_EVENT_CH, 0, FTDI_IFC_A, NULL, 0, 10000) < 0) { 171 fprintf(stderr,"ftdi: disable event character failed\n"); 172 return -1; 173 } 174 return 0; 175 if (libusb_control_transfer(udev, 176 FTDI_REQTYPE_OUT, FTDI_CTL_SET_ERROR_CH, 0, FTDI_IFC_A, NULL, 0, 10000) < 0) { 177 fprintf(stderr,"ftdi: disable error character failed\n"); 178 return -1; 179 } 180 return 0; 181 } 182 183 /* TODO: handle smaller packet size for lowspeed version of the part */ 184 /* TODO: multi-packet reads */ 185 /* TODO: asynch/background reads */ 186 static int ftdi_read(JTAG *jtag, unsigned char *buffer, int count, int timeout) { 187 int xfer; 188 while (count > 0) { 189 if (jtag->read_count >= count) { 190 memcpy(buffer, jtag->read_ptr, count); 191 jtag->read_count -= count; 192 jtag->read_ptr += count; 193 return 0; 194 } 195 if (jtag->read_count > 0) { 196 memcpy(buffer, jtag->read_ptr, jtag->read_count); 197 count -= jtag->read_count; 198 jtag->read_count = 0; 199 } 200 xfer = usb_bulk(jtag->udev, jtag->ep_in, 201 jtag->read_buffer, jtag->read_size, 1000); 202 if (xfer < 0) 203 return -1; 204 if (xfer < 2) 205 return -1; 206 /* discard header */ 207 jtag->read_ptr = jtag->read_buffer + 2; 208 jtag->read_count = xfer - 2; 209 } 210 return 0; 211 } 212 213 static unsigned char bitxfermask[8] = { 0x00, 0x01, 0x03, 0x07, 0x0F, 0x1F, 0x3F, 0x7F }; 214 215 static int jtag_move(JTAG *jtag, int count, unsigned bits){ 216 unsigned char buf[1024]; 217 unsigned char *p = buf; 218 unsigned xfer; 219 220 if (count > 32) 221 return -1; 222 223 #if TRACE_JTAG 224 { 225 u64 tmp = bits; 226 int n; 227 fprintf(stderr,"TDI <- "); 228 for (n = 0; n < count; n++) { 229 fprintf(stderr, "X"); 230 } 231 fprintf(stderr,"\nTMS <- "); 232 for (n = 0; n < count; n++) { 233 fprintf(stderr,"%c", (tmp & 1) ? '1' : '0'); 234 tmp >>= 1; 235 } 236 fprintf(stderr,"\n"); 237 } 238 #endif 239 while (count > 0) { 240 xfer = (count > 6) ? 6 : count; 241 *p++ = 0x4b; 242 *p++ = xfer - 1; 243 *p++ = bits & bitxfermask[xfer]; 244 bits >>= xfer; 245 count -= xfer; 246 } 247 if (usb_bulk(jtag->udev, jtag->ep_out, buf, p - buf, 1000) != (p - buf)) 248 return -1; 249 return 0; 250 } 251 252 int _jtag_shift(JTAG *jtag, int count, u64 bits, u64 *out, 253 int movecount, unsigned movebits) { 254 unsigned char buf[1024]; 255 unsigned char *p = buf; 256 unsigned xfer, bytes, readbytes, iobytes, readbits; 257 258 if (count > 64) 259 return -1; 260 261 if (movecount) { 262 /* if we're doing a joint shift-move, the last bit is 263 * shifted during the first bit of the move 264 */ 265 count--; 266 } 267 268 if (count <= 0) 269 return -1; 270 271 #if TRACE_JTAG 272 { 273 u64 tmp = bits; 274 int n; 275 fprintf(stderr,"TDI <- "); 276 for (n = 0; n < count; n++) { 277 fprintf(stderr,"%c", (tmp & 1) ? '1' : '0'); 278 tmp >>= 1; 279 } 280 for (n = 0; n < movebits; n++) 281 fprintf(stderr,"%c", (tmp & 1) ? '1' : '0'); 282 fprintf(stderr,"\nTMS <- "); 283 for (n = 0; n < count; n++) 284 fprintf(stderr,"0"); 285 tmp = movebits; 286 for (n = 0; n < movebits; n++) { 287 fprintf(stderr,"%c", (tmp & 1) ? '1' : '0'); 288 tmp >>= 1; 289 } 290 fprintf(stderr,"\n"); 291 } 292 #endif 293 294 bytes = count / 8; 295 readbytes = bytes; 296 iobytes = bytes; 297 298 if (bytes) { 299 count -= (bytes * 8); 300 *p++ = out ? 0x39 : 0x19; 301 *p++ = bytes - 1; 302 *p++ = 0; 303 while (bytes > 0) { 304 *p++ = bits & 0xff; 305 bits >>= 8; 306 bytes--; 307 } 308 } 309 readbits = count; 310 while (count > 0) { 311 xfer = (count > 6) ? 6 : count; 312 *p++ = out ? 0x3b : 0x1b; 313 *p++ = xfer - 1; 314 *p++ = bits & bitxfermask[xfer]; 315 bits >>= xfer; 316 count -= xfer; 317 iobytes++; 318 } 319 320 if (movecount) { 321 if (movebits > 6) 322 return -1; /* TODO */ 323 *p++ = out ? 0x6b : 0x4b; 324 *p++ = movecount - 1; 325 *p++ = ((bits & 1) << 7) | (movebits & 0x3F); 326 iobytes++; 327 } 328 329 /* if we're doing readback demand an ioflush */ 330 if (out) 331 *p++ = 0x87; 332 333 if (usb_bulk(jtag->udev, jtag->ep_out, buf, p - buf, 1000) != (p - buf)) 334 return -1; 335 336 if (out) { 337 u64 n = 0, bit; 338 unsigned shift = 0; 339 if (ftdi_read(jtag, buf, iobytes, 1000)) 340 return -1; 341 p = buf; 342 while (readbytes-- > 0) { 343 n |= (((u64) *p++) << shift); 344 shift += 8; 345 } 346 while (readbits > 0) { 347 xfer = (readbits > 6) ? 6 : readbits; 348 bit = ((*p++) >> (8 - xfer)) & bitxfermask[xfer]; 349 n |= (bit << shift); 350 shift += xfer; 351 readbits -= xfer; 352 } 353 if (movecount) { 354 /* we only ever care about the first bit */ 355 bit = ((*p++) >> (8 - movecount)) & 1; 356 n |= (bit << shift); 357 } 358 *out = n; 359 } 360 return 0; 361 } 362 363 #define ONES(n) (0x7FFFFFFFFFFFFFFFULL >> (63 - (n))) 364 365 static int jtag_shift_dr(JTAG *jtag, int count, u64 bits, 366 u64 *out, int movecount, unsigned movebits) { 367 int r; 368 bits <<= jtag->dr_pre; 369 r = _jtag_shift(jtag, count + jtag->dr_pre + jtag->dr_post, 370 bits, out, movecount, movebits); 371 if (out) { 372 *out = (*out >> jtag->dr_pre) & ONES(count); 373 } 374 return r; 375 } 376 377 static int jtag_shift_ir(JTAG *jtag, int count, u64 bits, 378 int movecount, unsigned movebits) { 379 bits |= (ONES(jtag->ir_post) << count); 380 bits <<= jtag->ir_pre; 381 bits |= ONES(jtag->ir_pre); 382 return _jtag_shift(jtag, count + jtag->ir_pre + jtag->ir_post, 383 bits, NULL , movecount, movebits); 384 } 385 386 /* JTAG notes 387 * 388 * TMS is sampled on +TCK 389 * Capture-XR state loads shift register on +TCK as state is exited 390 * Shift-XR state TDO goes active (containing shiftr[0]) on the first -TCK 391 * after entry, shifts occur on each +TCK, *including* the +TCK 392 * that will exist Shift-XR when TMS=1 again 393 * Update-XR update occurs on the -TCK after entry to state 394 * 395 * Any -> Reset: 11111 396 * Any -> Reset -> RTI: 111110 397 * RTI -> ShiftDR: 100 398 * ShiftDR shifting: 0 x N 399 * ShiftDR -> UpdateDR -> RTI: 110 400 * ShiftDR -> UpdateDR -> ShiftDR: 11100 401 * RTI -> ShiftIR: 1100 402 * ShiftIR shifting: 0 x N 403 * ShiftIR -> UpdateIR -> RTI: 110 404 */ 405 406 #define MOVE_NONE 0,0 407 #define MOVE_ANY_TO_RESET_IDLE 8,0b01111111 408 #define MOVE_IDLE_TO_SHIFTDR 3,0b001 409 #define MOVE_IDLE_TO_SHIFTIR 4,0b0011 410 #define MOVE_SHIFTxR_TO_IDLE 3,0b011 411 412 413 void jtag_close(JTAG *jtag) { 414 } 415 416 static unsigned char mpsse_init[] = { 417 0x85, // loopback off 418 0x8a, // disable clock/5 419 0x86, 0x01, 0x00, // set divisor 420 0x80, 0xe8, 0xeb, // set low state and dir 421 0x82, 0x20, 0x30, // set high state and dir 422 }; 423 424 JTAG *jtag_open(void) { 425 int r; 426 JTAG *jtag = malloc(sizeof(JTAG)); 427 if (!jtag) 428 return NULL; 429 memset(jtag, 0, sizeof(JTAG)); 430 jtag->read_size = sizeof(jtag->read_buffer); 431 432 r = usb_open(jtag, 0x0403, 0x6010); 433 if (r < 0) 434 goto fail; 435 if (ftdi_reset(jtag->udev)) 436 goto fail; 437 if (ftdi_mpsse_enable(jtag->udev)) 438 goto fail; 439 if (usb_bulk(jtag->udev, jtag->ep_out, 440 mpsse_init, sizeof(mpsse_init), 1000) != sizeof(mpsse_init)) 441 goto fail; 442 return jtag; 443 444 fail: 445 jtag_close(jtag); 446 free(jtag); 447 return NULL; 448 } 449 450 #define ENUM_MAGIC (0x00005038aaaaaaFFULL) 451 452 /* TODO: attempt to probe for IR size if devices are not in library. 453 * On RESET the IR must have 1 in bit0 and 0 in bit1. 454 * The other bits are undefined. 455 */ 456 int jtag_enumerate(JTAG *jtag) { 457 u64 u; 458 unsigned n; 459 460 jtag_move(jtag, MOVE_ANY_TO_RESET_IDLE); 461 jtag_move(jtag, MOVE_IDLE_TO_SHIFTIR); 462 /* BYPASS is always all 1s -- shift a pile of BYPASS opcodes into the chain */ 463 _jtag_shift(jtag, 64, 0xFFFFFFFFFFFFFFFFULL, NULL, MOVE_NONE); 464 _jtag_shift(jtag, 64, 0xFFFFFFFFFFFFFFFFULL, NULL, MOVE_NONE); 465 _jtag_shift(jtag, 64, 0xFFFFFFFFFFFFFFFFULL, NULL, MOVE_NONE); 466 _jtag_shift(jtag, 64, 0xFFFFFFFFFFFFFFFFULL, NULL, MOVE_NONE); 467 _jtag_shift(jtag, 64, 0xFFFFFFFFFFFFFFFFULL, NULL, MOVE_NONE); 468 _jtag_shift(jtag, 64, 0xFFFFFFFFFFFFFFFFULL, NULL, MOVE_NONE); 469 _jtag_shift(jtag, 64, 0xFFFFFFFFFFFFFFFFULL, NULL, MOVE_NONE); 470 _jtag_shift(jtag, 64, 0xFFFFFFFFFFFFFFFFULL, NULL, MOVE_SHIFTxR_TO_IDLE); 471 jtag_move(jtag, MOVE_IDLE_TO_SHIFTDR); 472 /* BYPASS registers should be one 0 bit each. 473 * Shift a pattern in and try to find it after all the 0s. 474 * If we can't find it, there must be >16 devices on the chain 475 * and/or they have enormous instruction registers. 476 */ 477 _jtag_shift(jtag, 64, ENUM_MAGIC, &u, MOVE_SHIFTxR_TO_IDLE); 478 for (n = 0; n < DEVICE_MAX; n++) { 479 if (!(u & 1)) { 480 u >>= 1; 481 continue; 482 } 483 if (u == ENUM_MAGIC) { 484 jtag->dev_count = n; 485 #if TRACE_JTAG 486 fprintf(stderr, "jtag: found %d devices\n", jtag->dev_count); 487 #endif 488 goto okay; 489 } 490 } 491 fprintf(stderr,"jtag: more than %d devices?!\n", DEVICE_MAX); 492 return -1; 493 494 okay: 495 jtag_move(jtag, MOVE_ANY_TO_RESET_IDLE); 496 /* should put IDCODE in IR of everyone */ 497 jtag_move(jtag, MOVE_IDLE_TO_SHIFTDR); 498 for (n = 0; n < jtag->dev_count; n++) { 499 _jtag_shift(jtag, 32, 0xFFFFFFFF, &u, MOVE_NONE); 500 if ((u & 1) == 0) { 501 fprintf(stderr, "jtag: device %2d has no idcode\n", n); 502 return -1; 503 } 504 jtag->dev_idcode[n] = (u32) u; 505 jtag->dev_info[n] = identify_device((u32) u); 506 if (jtag->dev_info[n] == NULL) { 507 fprintf(stderr, "jtag: device %2d idcode %08x unknown IR size\n", 508 n, (u32) u); 509 return -1; 510 } 511 jtag->dev_irsize[n] = jtag->dev_info[n]->irsize; 512 #if TRACE_JTAG 513 fprintf(stderr, "jtag: device %2d idcode %08x irsize %2d '%s'\n", 514 n, jtag->dev_idcode[n], jtag->dev_irsize[n], 515 jtag->dev_info[n]->name); 516 #endif 517 } 518 return jtag->dev_count; 519 } 520 521 int jtag_select(JTAG *jtag, u32 idcode) { 522 u32 irsize = 0; 523 u32 ir_pre = 0; 524 u32 ir_post = 0; 525 u32 dr_pre = 0; 526 u32 dr_post = 0; 527 int found = 0; 528 unsigned n; 529 530 for (n = 0; n < jtag->dev_count; n++) { 531 u32 sz; 532 if (idcode == jtag->dev_idcode[n]) { 533 irsize = jtag->dev_irsize[n]; 534 found = 1; 535 continue; 536 } 537 sz = jtag->dev_irsize[n]; 538 if (sz > 32) 539 return -1; 540 if (found) { 541 ir_post += sz; 542 dr_post += 1; 543 } else { 544 ir_pre += sz; 545 dr_pre += 1; 546 } 547 } 548 if (!found) { 549 fprintf(stderr,"device id %08x not found in chain\n", idcode); 550 return -1; 551 } 552 553 jtag->active_idcode = idcode; 554 jtag->active_irsize = irsize; 555 #if TRACE_JTAG 556 fprintf(stderr,"jtag: select idcode %08x\n", idcode); 557 fprintf(stderr,"jtag: TDI -> irpost(%d) -> iract(%d) -> irpre(%d) -> TDO\n", 558 ir_post, irsize, ir_pre); 559 #endif 560 jtag->dr_pre = dr_pre; 561 jtag->dr_post = dr_post; 562 jtag->ir_pre = ir_pre; 563 jtag->ir_post = ir_post; 564 565 return jtag_move(jtag, MOVE_ANY_TO_RESET_IDLE); 566 } 567 568 int jtag_ir_wr(JTAG *jtag, u32 ir) { 569 if (jtag_move(jtag, MOVE_IDLE_TO_SHIFTIR)) 570 return -1; 571 if (jtag_shift_ir(jtag, jtag->active_irsize, ir, MOVE_SHIFTxR_TO_IDLE)) 572 return -1; 573 return 0; 574 } 575 576 int jtag_dr_io(JTAG *jtag, u32 bitcount, u64 wdata, u64 *rdata) { 577 if (jtag_move(jtag, MOVE_IDLE_TO_SHIFTDR)) 578 return -1; 579 if (jtag_shift_dr(jtag, bitcount, wdata, rdata, MOVE_SHIFTxR_TO_IDLE)) 580 return -1; 581 return 0; 582 } 583