foboot/sw/src/dfu.c

500 lines
14 KiB
C
Raw Normal View History

/*
* Fadecandy DFU Bootloader
*
* Copyright (c) 2013 Micah Elizabeth Scott
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#include <stdbool.h>
#include <string.h>
#include <toboot-api.h>
#include <toboot-internal.h>
#include <dfu.h>
// Internal flash-programming state machine
static unsigned fl_current_addr = 0;
static enum {
flsIDLE = 0,
flsERASING,
flsPROGRAMMING
} fl_state;
static struct toboot_state {
// Version number of the program being loaded:
// 0 (legacy)
// 1 (toboot v1)
// 2 (toboot v2)
uint8_t version;
// When clearing, first ensure these sectors are cleared prior to updating
uint32_t clear_lo;
uint32_t clear_hi;
// The current block we're clearing
uint32_t clear_current;
// This is the address we'll start programming/erasing from after clearing
uint32_t next_addr;
enum {
/// Toboot has just started
tbsIDLE,
/// Secure erase memory is being cleared
tbsCLEARING,
/// New image is being loaded
tbsLOADING,
} state;
} tb_state;
static dfu_state_t dfu_state = dfuIDLE;
static dfu_status_t dfu_status = OK;
static unsigned dfu_poll_timeout = 1;
static uint32_t dfu_buffer[DFU_TRANSFER_SIZE/4];
static uint32_t dfu_buffer_offset;
static uint32_t fl_num_words;
// Memory offset we're uploading to.
static uint32_t dfu_target_address;
static void set_state(dfu_state_t new_state, dfu_status_t new_status) {
dfu_state = new_state;
dfu_status = new_status;
}
bool fl_is_idle(void) {
return fl_state == flsIDLE;
}
/*
void *memcpy(void *dst, const void *src, size_t cnt) {
uint8_t *dst8 = dst;
const uint8_t *src8 = src;
while (cnt > 0) {
cnt--;
*(dst8++) = *(src8++);
}
return dst;
}
*/
static bool ftfl_busy()
{
// Is the flash memory controller busy?
// return (MSC->STATUS & MSC_STATUS_BUSY);
return 0;
}
static void ftfl_busy_wait()
{
// Wait for the flash memory controller to finish any pending operation.
while (ftfl_busy())
;//watchdog_refresh();
}
static void ftfl_begin_erase_sector(uint32_t address)
{
// Erase the page at the specified address.
//MSC->WRITECTRL |= MSC_WRITECTRL_WREN;
ftfl_busy_wait();
//MSC->ADDRB = address;
//MSC->WRITECMD = MSC_WRITECMD_LADDRIM;
//MSC->WRITECMD = MSC_WRITECMD_ERASEPAGE;
}
static void ftfl_begin_program_section(uint32_t address)
{
// Write the buffer word to the currently selected address.
// Note that after this is done, the address is incremented by 4.
dfu_buffer_offset = 0;
dfu_target_address = address;
fl_num_words--;
ftfl_busy_wait();
//MSC->ADDRB = address;
ftfl_busy_wait();
//MSC->WRITECTRL |= MSC_WRITECTRL_WREN;
//MSC->WDATA = dfu_buffer[dfu_buffer_offset++];
//MSC->WRITECMD = MSC_WRITECMD_WRITEONCE;
}
static uint32_t address_for_block(unsigned blockNum)
{
static uint32_t starting_offset;
if (blockNum == 0) {
// Determine Toboot version.
if ((dfu_buffer[0x94 / 4] & TOBOOT_V2_MAGIC_MASK) == TOBOOT_V2_MAGIC) {
tb_state.version = 2;
starting_offset = ((struct toboot_configuration *)&dfu_buffer[0x94 / 4])->start;
}
// V1 used a different offset.
else if ((dfu_buffer[0x98 / 4] & TOBOOT_V1_MAGIC_MASK) == TOBOOT_V1_MAGIC) {
// Applications that know about Toboot will indicate their block
// offset by placing a magic byte at offset 0x98.
// Ordinarily this would be the address offset for IRQ 22,
// but since there are only 20 IRQs on the EFM32HG, there are three
// 32-bit values that are unused starting at offset 0x94.
// We already use offset 0x94 for "disable boot", so use offset 0x98
// in the incoming stream to indicate flags for Toboot.
tb_state.version = 1;
starting_offset = (dfu_buffer[0x98 / 4] & TOBOOT_V1_APP_PAGE_MASK) >> TOBOOT_V1_APP_PAGE_SHIFT;
}
// Legacy programs default to offset 0x4000.
else {
tb_state.version = 0;
starting_offset = 16;
}
// Set the state to "CLEARING", since we're just starting the programming process.
tb_state.state = tbsCLEARING;
starting_offset *= 0x400;
}
return starting_offset + (blockNum << 10);
}
// If requested, erase sectors before loading new code.
static void pre_clear_next_block(void) {
// If there is another sector to clear, do that.
while (++tb_state.clear_current < 64) {
if (tb_state.clear_current < 32) {
if ((tb_state.clear_lo & (1 << tb_state.clear_current))) {
ftfl_begin_erase_sector(tb_state.clear_current * 1024);
return;
}
}
else if (tb_state.clear_current < 64) {
if ((tb_state.clear_hi & (1 << (tb_state.clear_current & 31)))) {
ftfl_begin_erase_sector(tb_state.clear_current * 1024);
return;
}
}
}
// No more sectors to clear, continue with programming
tb_state.state = tbsLOADING;
ftfl_begin_erase_sector(tb_state.next_addr);
}
void dfu_init(void)
{
tb_state.state = tbsIDLE;
/*
// Ensure the clocks for the memory are enabled
CMU->OSCENCMD = CMU_OSCENCMD_AUXHFRCOEN;
while (!(CMU->STATUS & CMU_STATUS_AUXHFRCORDY))
;
// Unlock the MSC
MSC->LOCK = MSC_UNLOCK_CODE;
// Enable writing to flash
MSC->WRITECTRL |= MSC_WRITECTRL_WREN;
MSC->IEN |= MSC_IEN_WRITE | MSC_IEN_ERASE;
NVIC_EnableIRQ(MSC_IRQn);
*/
}
uint8_t dfu_getstate(void)
{
return dfu_state;
}
bool dfu_download(unsigned blockNum, unsigned blockLength,
unsigned packetOffset, unsigned packetLength, const uint8_t *data)
{
uint32_t i;
if (packetOffset + packetLength > DFU_TRANSFER_SIZE ||
packetOffset + packetLength > blockLength) {
// Overflow!
set_state(dfuERROR, errADDRESS);
return false;
}
// Store more data...
memcpy(((uint8_t *)dfu_buffer) + packetOffset, data, packetLength);
if (packetOffset + packetLength != blockLength) {
// Still waiting for more data.
return true;
}
if (dfu_state != dfuIDLE && dfu_state != dfuDNLOAD_IDLE) {
// Wrong state! Oops.
set_state(dfuERROR, errSTALLEDPKT);
return false;
}
if (ftfl_busy() || fl_state != flsIDLE) {
// Flash controller shouldn't be busy now!
set_state(dfuERROR, errUNKNOWN);
return false;
}
if (!blockLength) {
// End of download
set_state(dfuMANIFEST_SYNC, OK);
return true;
}
// Start programming a block by erasing the corresponding flash sector
fl_state = flsERASING;
fl_current_addr = address_for_block(blockNum);
fl_num_words = blockLength / 4;
// If it's the first block, figure out what we need to do in terms of erasing
// data and programming the new file.
if (blockNum == 0) {
const struct toboot_configuration *old_config = tb_get_config();
// Don't allow overwriting Toboot itself.
if (fl_current_addr < tb_first_free_address()) {
set_state(dfuERROR, errADDRESS);
return false;
}
// Calculate generation number and hash
if (tb_state.version == 2) {
struct toboot_configuration *new_config = (struct toboot_configuration *)&dfu_buffer[0x94 / 4];
// Update generation number
new_config->reserved_gen = old_config->reserved_gen + 1;
// Ensure we know this header is not fake
new_config->config &= ~TOBOOT_CONFIG_FAKE;
// Generate a valid signature
tb_sign_config(new_config);
}
// If the old configuration requires that certain blocks be erased, do that.
tb_state.clear_hi = old_config->erase_mask_hi;
tb_state.clear_lo = old_config->erase_mask_lo;
tb_state.clear_current = 0;
// Ensure we don't erase Toboot itself
for (i = 0; i < tb_first_free_sector(); i++) {
if (i < 32)
tb_state.clear_lo &= ~(1 << i);
else
tb_state.clear_hi &= ~(1 << i);
}
// If the newly-loaded program does not conform to Toboot V2.0, then look
// for any existing programs on the flash and delete those sectors.
// Because of boot priority, we need to ensure that no V2.0 applications
// exist on flash.
if (tb_state.version < 2) {
for (i = tb_first_free_sector(); i < 64; i++) {
if (tb_valid_signature_at_page(i) < 0)
continue;
if (i < 32)
tb_state.clear_lo |= (1 << i);
else
tb_state.clear_hi |= (1 << (i - 32));
}
}
// If we still have sectors to clear, do that. Otherwise,
// go straight into loading the program.
if (tb_state.clear_lo || tb_state.clear_hi) {
tb_state.state = tbsCLEARING;
tb_state.next_addr = fl_current_addr;
pre_clear_next_block();
}
else {
tb_state.state = tbsLOADING;
ftfl_begin_erase_sector(fl_current_addr);
}
}
else
ftfl_begin_erase_sector(fl_current_addr);
set_state(dfuDNLOAD_SYNC, OK);
return true;
}
static bool fl_handle_status(uint8_t fstat)
{
/*
* Handle common errors from an FSTAT register value.
* The indicated "specificError" is used for reporting a command-specific
* error from MGSTAT0.
*
* Returns true if handled, false if not.
*/
#if 0
if (fstat & MSC_STATUS_BUSY) {
// Still working...
return true;
}
if (fstat & (MSC_STATUS_ERASEABORTED | MSC_STATUS_WORDTIMEOUT)) {
// Bus collision. We did something wrong internally.
set_state(dfuERROR, errUNKNOWN);
fl_state = flsIDLE;
return true;
}
if (fstat & (MSC_STATUS_INVADDR | MSC_STATUS_LOCKED)) {
// Address or protection error
set_state(dfuERROR, errADDRESS);
fl_state = flsIDLE;
return true;
}
if (fl_state == flsPROGRAMMING) {
// Still programming...
return true;
}
#endif
return false;
}
static void fl_state_poll(void)
{
// Try to advance the state of our own flash programming state machine.
uint32_t fstat = 0;//MSC->STATUS;
switch (fl_state) {
case flsIDLE:
break;
case flsERASING:
if (!fl_handle_status(fstat)) {
// ?If we're still pre-clearing, continue with that.
if (tb_state.state == tbsCLEARING) {
pre_clear_next_block();
}
// Done! Move on to programming the sector.
else {
fl_state = flsPROGRAMMING;
ftfl_begin_program_section(fl_current_addr);
}
}
break;
case flsPROGRAMMING:
if (!fl_handle_status(fstat)) {
// Done!
fl_state = flsIDLE;
}
break;
}
}
bool dfu_getstatus(uint8_t status[8])
{
switch (dfu_state) {
case dfuDNLOAD_SYNC:
case dfuDNBUSY:
// Programming operation in progress. Advance our private flash state machine.
fl_state_poll();
if (dfu_state == dfuERROR) {
// An error occurred inside fl_state_poll();
} else if (fl_state == flsIDLE) {
dfu_state = dfuDNLOAD_IDLE;
} else {
dfu_state = dfuDNBUSY;
}
break;
case dfuMANIFEST_SYNC:
// Ready to reboot. The main thread will take care of this. Also let the DFU tool
// know to leave us alone until this happens.
dfu_state = dfuMANIFEST;
dfu_poll_timeout = 10;
break;
case dfuMANIFEST:
// Perform the reboot
dfu_state = dfuMANIFEST_WAIT_RESET;
dfu_poll_timeout = 1000;
break;
default:
break;
}
status[0] = dfu_status;
status[1] = dfu_poll_timeout;
status[2] = dfu_poll_timeout >> 8;
status[3] = dfu_poll_timeout >> 16;
status[4] = dfu_state;
status[5] = 0; // iString
return true;
}
bool dfu_clrstatus(void)
{
switch (dfu_state) {
case dfuERROR:
// Clear an error
set_state(dfuIDLE, OK);
return true;
default:
// Unexpected request
set_state(dfuERROR, errSTALLEDPKT);
return false;
}
}
bool dfu_abort(void)
{
set_state(dfuIDLE, OK);
return true;
}
/*
void MSC_Handler(void) {
uint32_t msc_irq_reason = MSC->IF;
if (msc_irq_reason & MSC_IF_WRITE) {
// Write the buffer word to the currently selected address.
// Note that after this is done, the address is incremented by 4.
if (fl_num_words > 0) {
fl_num_words--;
dfu_target_address += 4;
MSC->ADDRB = dfu_target_address;
ftfl_busy_wait();
MSC->WDATA = dfu_buffer[dfu_buffer_offset++];
MSC->WRITECMD = MSC_WRITECMD_WRITEONCE;
}
else {
// Move to the IDLE state only if we're out of data to write.
fl_state = flsIDLE;
}
}
// Clear iterrupts so we don't fire again.
MSC->IFC = MSC_IFC_ERASE | MSC_IFC_WRITE;
}
*/