/*
* lpcload.c - load firmware into ram of lpc2220 via uart0
*
- * author: hackbard@hackdaworld.org
+ * author: hackbard@hackdaworld.org, rolf.anders@physik.uni-augsburg.de
*
+ * build: make
+ * usage: sudo ./lpcload -d /dev/ttyS0 -f firmware.hex [-v]
*/
#include <stdio.h>
#define TXRX_TYPE_SYNC 0x02
#define TXRX_TYPE_CMD 0x03
#define TXRX_TYPE_DATA 0x04
+#define TXRX_TYPE_CKSM 0x05
#define CMD_SUCCESS "0\r\n"
#define INVALID_COMMAND "1\r\n"
#define INVALID_STOP_BIT "18\r\n"
#define CRYSTFREQ "10000"
+#define RAMOFFSET 0x40000200
-#define BUFSIZE 64
+#define BUFSIZE 128
typedef unsigned char u8;
+typedef unsigned short u16;
+typedef unsigned int u32;
typedef struct s_lpc {
int sfd; /* serial fd */
char fwfile[128]; /* firmware file */
u8 info; /* info/mode */
char freq[8]; /* frequency */
- int partid; /* part id */
- u8 bcv[2]; /* boot code version */
+ u32 hoff; /* start addr of ihex file */
+ u32 roff; /* ram offset of uc */
} t_lpc;
void usage(void) {
printf(" -d <serial device>\n");
printf(" -f <firmware>\n");
printf(" -c <crystal freq>\n");
+ printf(" -r <ram offset>\n");
printf(" -v\n");
}
term.c_lflag&=~(ICANON|ECHO|ECHOE|ISIG);
- // input options -> disable flow control
+ // input options -> enable flow control
- term.c_iflag&=~(IXON|IXOFF|IXANY);
+ //term.c_iflag&=~(IXON|IXOFF|IXANY|INLCR|ICRNL);
+ term.c_iflag&=~(INLCR|ICRNL|IXANY);
+ term.c_iflag|=(IXON|IXOFF);
+
+ // output options
+
+ term.c_oflag=0;
- // more control options -> timeout
+ // more control options -> timeout / flow control
term.c_cc[VMIN]=0;
- term.c_cc[VTIME]=10; // 1 second timeout
+ term.c_cc[VTIME]=40; // 4 second timeout
+ term.c_cc[VSTART]=0x11;
+ term.c_cc[VSTOP]=0x13;
tcsetattr(lpc->sfd,TCSANOW,&term);
int open_firmware(t_lpc *lpc) {
+ int ret;
+ char buf[BUFSIZE];
+
/* open firmware file */
lpc->fwfd=open(lpc->fwfile,O_RDONLY);
if(lpc->fwfd<0)
perror("fw open");
+ /* read hex file offset */
+
+ ret=read(lpc->fwfd,buf,7);
+ if(buf[0]!=':') {
+ printf("fw open: not an intel hex file?\n");
+ return -1;
+ }
+ sscanf(buf+3,"%04x",&(lpc->hoff));
+ lseek(lpc->fwfd,0,SEEK_SET);
+
return lpc->fwfd;
}
-int txrx(t_lpc *lpc,u8 *buf,int len,u8 type) {
+int txrx(t_lpc *lpc,char *buf,int len,u8 type) {
int ret,cnt;
int i;
len-=ret;
cnt+=ret;
}
- if(lpc->info&VERBOSE)
- printf(" (%d)\n",cnt);
+ if(lpc->info&VERBOSE) {
+ printf(" | ");
+ for(i=0;i<cnt;i++)
+ printf("%02x ",buf[i]);
+ printf("| (%d)\n",cnt);
+ }
/* cut the echo if not of type auto baud */
/* read */
- if(lpc->info&VERBOSE)
- printf(" << ");
+ ret=read(lpc->sfd,buf,1);
+ if(ret<0) {
+ perror("txrx read (first byte)");
+ return ret;
+ }
+
+ switch(buf[0]) {
+ case 'S':
+ cnt=13;
+ break;
+ case 'O':
+ cnt=3;
+ break;
+ case 'R':
+ cnt=7;
+ break;
+ case '0':
+ cnt=2;
+ break;
+ default:
+ printf("txrx read: bad return byte '%02x'\n",buf[0]);
+ break;
+ }
+
ret=1;
- cnt=0;
- while(ret>0) {
- ret=read(lpc->sfd,buf+cnt,BUFSIZE-cnt);
+ i=cnt;
+ while(i) {
+ ret=read(lpc->sfd,buf+1+cnt-i,i);
if(ret<0) {
- perror("txrx read");
+ perror("txrx read (next bytes)");
return ret;
}
- if(ret+cnt>BUFSIZE) {
- printf("txrx read: too small buf size (%d)!\n",BUFSIZE);
- return -1;
- }
- if(lpc->info&VERBOSE)
- for(i=0;i<ret;i++)
- printf("%c",
- ((buf[cnt+i]>0x19)&(buf[cnt+i]<0x7f))?
- buf[cnt+i]:'.');
- cnt+=ret;
+ i-=ret;
}
- if(lpc->info&VERBOSE)
- printf(" (%d)\n",cnt);
- buf[cnt]='\0';
+ if(lpc->info&VERBOSE) {
+ printf(" << ");
+ for(i=0;i<cnt+1;i++)
+ printf("%c",((buf[i]>0x19)&(buf[i]<0x7f))?
+ buf[i]:'.');
+ printf(" | ");
+ for(i=0;i<cnt+1;i++)
+ printf("%02x ",buf[i]);
+ printf("| (%d)\n",cnt+1);
+ }
+ buf[cnt+1]='\0';
- /* check/strip return code if type is data */
+ /* check/strip return code if type is cmd */
if(type==TXRX_TYPE_CMD) {
ret=strlen(CMD_SUCCESS);
int bl_init(t_lpc *lpc) {
- u8 buf[BUFSIZE];
+ char buf[BUFSIZE];
int len;
/* auto baud sequence */
return 0;
}
-int read_part_id(t_lpc *lpc) {
+int unlock_go(t_lpc *lpc) {
- u8 buf[BUFSIZE];
+ char buf[BUFSIZE];
+ int ret;
- memcpy(buf,"J\r\n",3);
- txrx(lpc,buf,3,TXRX_TYPE_CMD);
- lpc->partid=atoi(buf);
+ memcpy(buf,"U 23130\r\n",9);
+ ret=txrx(lpc,buf,9,TXRX_TYPE_CMD);
- return lpc->partid;
+ return ret;
}
-int read_bcv(t_lpc *lpc) {
+int go(t_lpc *lpc) {
- u8 buf[BUFSIZE];
- char *ptr;
+ char buf[BUFSIZE];
+ int ret,len;
- memcpy(buf,"K\r\n",3);
- txrx(lpc,buf,3,TXRX_TYPE_CMD);
- ptr=strtok(buf,"\r\n");
- lpc->bcv[0]=strtol(ptr,NULL,16);
- ptr=strtok(NULL,"\r\n");
- lpc->bcv[1]=strtol(ptr,NULL,16);
+ snprintf(buf,BUFSIZE,"G %d A\r\n",lpc->roff);
+ len=strlen(buf);
+ ret=txrx(lpc,buf,len,TXRX_TYPE_CMD);
- return 0;
+ return ret;
}
-int uuencode(u8 *in,u8 *out) {
+int uuencode(u8 *in,u8 *out,int len) {
- out[0]=0x20+((in[0]>>2)&0x3f);
- out[1]=0x20+(((in[0]<<4)|(in[1]>>4))&0x3f);
- out[2]=0x20+(((in[1]<<2)|(in[2]>>6))&0x3f);
- out[3]=0x20+(in[2]&0x3f);
+ out[0]=0x20+len;
+ out[1]=0x20+((in[0]>>2)&0x3f);
+ out[2]=0x20+(((in[0]<<4)|(in[1]>>4))&0x3f);
+ out[3]=0x20+(((in[1]<<2)|(in[2]>>6))&0x3f);
+ out[4]=0x20+(in[2]&0x3f);
return 0;
}
-int write_to_ram(t_lpc *lpc,u8 *buf,int addr,int len) {
+int write_to_ram(t_lpc *lpc,char *buf,u32 addr,int len) {
int lcount;
- u8 checksum;
- u8 txrxbuf[BUFSIZE];
+ u32 checksum;
+ char txrxbuf[BUFSIZE];
int count,bcnt;
int nlen,slen;
int i;
}
/* make it a multiple of 3 (reason: uuencode) */
- nlen=(len/3+1)*3;
+ nlen=(!(len%3))?len:((len/3+1)*3);
if(nlen>BUFSIZE) {
printf("ram write: too much data\n");
return -1;
}
for(i=len;i<nlen;i++) buf[i]=0;
+ /* prepare addr */
+ addr+=(lpc->roff-lpc->hoff);
+
/* prepare write command */
- snprintf(txrxbuf,BUFSIZE,"W %d %d",addr,len);
+ if(lpc->info&VERBOSE)
+ printf("writing 0x%02x bytes to 0x%08x\n",len,addr);
+ snprintf(txrxbuf,BUFSIZE,"W %d %d\r\n",addr,len);
slen=strlen(txrxbuf);
- txrxbuf[slen]='\r';
- txrxbuf[slen+1]='\0';
- slen+=2;
/* send command and check return code */
txrx(lpc,txrxbuf,slen,TXRX_TYPE_CMD);
- if(strncmp(txrxbuf,"OK\r\n",4)) {
- printf("ram write: write command failed\n");
- return -1;
- }
/* send data */
lcount=0;
while(bcnt<nlen) {
/* uuencode / prepare data bytes */
- uuencode(buf+bcnt,txrxbuf);
- txrxbuf[4]='\0';
- txrxbuf[5]='\0';
+ uuencode((u8 *)(buf+bcnt),(u8 *)(txrxbuf),
+ (bcnt==nlen-3)?(len%3?len%3:3):3);
+ txrxbuf[5]='\r';
+ txrxbuf[6]='\n';
/* checksum */
- checksum+=(buf[0]+buf[1]+buf[2]);
+ checksum+=((u8)buf[bcnt]+(u8)buf[bcnt+1]+(u8)buf[bcnt+2]);
/* send a data line */
- txrx(lpc,txrxbuf,6,TXRX_TYPE_DATA);
+ txrx(lpc,txrxbuf,7,TXRX_TYPE_DATA);
/* increase counters */
lcount+=1;
count+=3;
/* checksum */
- if(!(lcount%20)) {
+ if((!(lcount%20))|(bcnt==nlen)) {
+ /* send backtick */
+ memcpy(txrxbuf,"`\r\n",3);
+ //txrx(lpc,txrxbuf,3,TXRX_TYPE_DATA);
/* send checksum */
- txrxbuf[0]=checksum;
- txrx(lpc,txrxbuf,1,TXRX_TYPE_CMD);
- if(!strncmp(txrxbuf,"RESEND\r\n",8)) {
+ snprintf(txrxbuf,BUFSIZE,"%d\r\n",checksum);
+ slen=strlen(txrxbuf);
+ txrx(lpc,txrxbuf,slen,TXRX_TYPE_CKSM);
+ if(!strncmp(txrxbuf,"RESE",4)) {
+ read(lpc->sfd,txrxbuf+4,4);
printf("ram write: resending ...\n");
bcnt-=count;
}
int firmware_to_ram(t_lpc *lpc) {
+ char buf[BUFSIZE];
+ u32 addr,len,type;
+ int ret,temp;
+ /* read a line */
+ ret=1;
+ while(ret) {
+ /* sync line */
+ ret=read(lpc->fwfd,buf,1);
+ switch(buf[0]) {
+ case '\r':
+ continue;
+ case '\n':
+ continue;
+ case ':':
+ /* start code */
+ break;
+ default:
+ printf("fw to ram: no ihex format\n");
+ return -1;
+ }
+ /* read len */
+ ret=read(lpc->fwfd,buf,2);
+ sscanf(buf,"%02x",&len);
+ if(len%4) {
+ printf("fw to ram: len not a multiple of 4\n");
+ return -1;
+ }
+ /* read addr */
+ ret=read(lpc->fwfd,buf,4);
+ sscanf(buf,"%04x",&addr);
+ /* read type */
+ ret=read(lpc->fwfd,buf,2);
+ sscanf(buf,"%02x",&type);
+ /* successfull return if type is end of file */
+ if(type==0x01)
+ return 0;
+ /* read data (and cksum) */
+ ret=read(lpc->fwfd,buf,2*(len+1));
+ if(ret!=(2*(len+1))) {
+ printf("fw to ram: data missing\n");
+ return -1;
+ }
+ for(ret=0;ret<len;ret++) {
+ sscanf(buf+2*ret,"%02x",&temp);
+ buf[ret]=temp;
+ }
+ /* act according to type */
+ switch(type) {
+ //case 0x03:
+ // /* get cs and ip */
+ // break;
+ case 0x00:
+ write_to_ram(lpc,buf,addr,len);
+ break;
+ case 0x01:
+ write_to_ram(lpc,buf,addr,len);
+ break;
+ default:
+ printf("fw to ram: unknown type %02x\n",type);
+ return -1;
+ }
+ }
return 0;
}
t_lpc lpc;
int i;
+ u8 buf[BUFSIZE];
+ int ret;
/*
* initial ...
memset(&lpc,0,sizeof(t_lpc));
strncpy(lpc.freq,CRYSTFREQ,7);
+ lpc.roff=RAMOFFSET;
/* parse argv */
/* boot loader init */
printf("boot loader init ...\n");
- bl_init(&lpc);
-
- /* read part id */
- read_part_id(&lpc);
- printf("part id: %d\n",lpc.partid);
+ if(bl_init(&lpc)<0)
+ return -1;
- /* read boot code version */
- read_bcv(&lpc);
- printf("boot code version: %02x %02x\n",lpc.bcv[0],lpc.bcv[1]);
+ /* quit if there is no hex file to process */
+ if(!(lpc.info&FIRMWARE)) {
+ printf("no firmware -> aborting\n");
+ goto end;
+ }
- // to be continued ... (parsing fw file and poking it to ram)
+ /* open firmware file */
if(open_firmware(&lpc)<0)
goto end;
+
+ /* parse intel hex file and write to ram */
+ printf("write firmware to ram ...\n");
firmware_to_ram(&lpc);
+ /* unlock go cmd */
+ printf("unlock go command ...\n");
+ unlock_go(&lpc);
+
+ /* go! */
+ printf("go ...\n");
+ ret=go(&lpc);
+
+ /* tell the user that the error might be due to the jump */
+ printf("\n\n");
+ if(ret<0)
+ printf("the above error might be due to the jump!\n\n");
+
+ /* query user for serial port listening */
+ printf("continue listening on serial port? (ctrl+c to quit) [y|n]: ");
+ buf[0]=getchar();
+ printf("\n");
+
+ if(buf[0]!='y')
+ goto end;
+
+ /* continue lsitening on serial port */
+ ret=1;
+ while(ret) {
+ ret=read(lpc.sfd,buf,BUFSIZE);
+ printf("\rread %d bytes: ",ret);
+ for(i=0;i<ret;i++)
+ printf("%02x ",buf[i]);
+ printf("\n");
+ }
+
end:
close(lpc.sfd);
close(lpc.fwfd);