2 * lpcload.c - load firmware into ram of lpc2220 via uart0
4 * author: hackbard@hackdaworld.org, rolf.anders@physik.uni-augsburg.de
7 * usage: sudo ./lpcload -d /dev/ttyS0 -f firmware.hex [-v]
14 #include <sys/types.h>
19 #define VERBOSE (1<<0)
20 #define FIRMWARE (1<<1)
22 #define TXRX_TYPE_BAUD 0x01
23 #define TXRX_TYPE_SYNC 0x02
24 #define TXRX_TYPE_CMD 0x03
25 #define TXRX_TYPE_DATA 0x04
26 #define TXRX_TYPE_CKSM 0x05
28 #define CMD_SUCCESS "0\r\n"
29 #define INVALID_COMMAND "1\r\n"
30 #define SRC_ADDR_ERROR "2\r\n"
31 #define DST_ADDR_ERROR "3\r\n"
32 #define SRC_ADDR_NOT_MAPPED "4\r\n"
33 #define DST_ADDR_NOT_MAPPED "5\r\n"
34 #define COUNT_ERROR "6\r\n"
35 #define COMPARE_ERROR "10\r\n"
37 #define PARAM_ERROR "12\r\n"
38 #define ADDR_ERROR "13\r\n"
39 #define ADDR_NOT_MAPPED "14\r\n"
40 #define CMD_LOCKED "15\r\n"
41 #define INVALID_CODE "16\r\n"
42 #define INVALID_BAUD_RATE "17\r\n"
43 #define INVALID_STOP_BIT "18\r\n"
45 #define CRYSTFREQ "10000"
46 #define RAMOFFSET 0x40000200
50 typedef unsigned char u8;
51 typedef unsigned short u16;
52 typedef unsigned int u32;
54 typedef struct s_lpc {
55 int sfd; /* serial fd */
56 char sdev[128]; /* seriel device */
57 int fwfd; /* fimrware fd */
58 char fwfile[128]; /* firmware file */
59 u8 info; /* info/mode */
60 char freq[8]; /* frequency */
61 u32 hoff; /* start addr of ihex file */
62 u32 roff; /* ram offset of uc */
67 printf("possible argv:\n");
68 printf(" -d <serial device>\n");
69 printf(" -f <firmware>\n");
70 printf(" -c <crystal freq>\n");
71 printf(" -r <ram offset>\n");
76 int open_serial_device(t_lpc *lpc) {
80 //memset(&term,0,sizeof(struct termios));
82 /* open serial device */
84 lpc->sfd=open(lpc->sdev,O_RDWR);
90 /* configure the serial device */
92 tcgetattr(lpc->sfd,&term);
94 // input/output baudrate
96 cfsetispeed(&term,B9600);
97 cfsetospeed(&term,B9600);
99 // control options -> 8n1
101 term.c_cflag&=~PARENB; // no parity
102 term.c_cflag&=~CSTOPB; // only 1 stop bit
103 term.c_cflag&=~CSIZE; // no bit mask for data bits
104 term.c_cflag|=CS8; // 8 data bits
106 // line options -> raw input
108 term.c_lflag&=~(ICANON|ECHO|ECHOE|ISIG);
110 // input options -> enable flow control
112 //term.c_iflag&=~(IXON|IXOFF|IXANY|INLCR|ICRNL);
113 term.c_iflag&=~(INLCR|ICRNL|IXANY);
114 term.c_iflag|=(IXON|IXOFF);
120 // more control options -> timeout / flow control
123 term.c_cc[VTIME]=40; // 4 second timeout
124 term.c_cc[VSTART]=0x11;
125 term.c_cc[VSTOP]=0x13;
127 tcsetattr(lpc->sfd,TCSANOW,&term);
132 int open_firmware(t_lpc *lpc) {
137 /* open firmware file */
139 lpc->fwfd=open(lpc->fwfile,O_RDONLY);
144 /* read hex file offset */
146 ret=read(lpc->fwfd,buf,7);
148 printf("fw open: not an intel hex file?\n");
151 sscanf(buf+3,"%04x",&(lpc->hoff));
152 lseek(lpc->fwfd,0,SEEK_SET);
157 int txrx(t_lpc *lpc,char *buf,int len,u8 type) {
164 if(lpc->info&VERBOSE)
168 ret=write(lpc->sfd,buf+cnt,len);
170 perror("txrx write");
173 if(lpc->info&VERBOSE)
176 ((buf[cnt+i]>0x19)&(buf[cnt+i]<0x7f))?
181 if(lpc->info&VERBOSE) {
184 printf("%02x ",buf[i]);
185 printf("| (%d)\n",cnt);
188 /* cut the echo if not of type auto baud */
190 if(type!=TXRX_TYPE_BAUD) {
192 ret=read(lpc->sfd,buf,cnt);
194 perror("txrx echo cut");
201 /* return here if type is data */
203 if(type==TXRX_TYPE_DATA)
208 ret=read(lpc->sfd,buf,1);
210 perror("txrx read (first byte)");
228 printf("txrx read: bad return byte '%02x'\n",buf[0]);
235 ret=read(lpc->sfd,buf+1+cnt-i,i);
237 perror("txrx read (next bytes)");
242 if(lpc->info&VERBOSE) {
245 printf("%c",((buf[i]>0x19)&(buf[i]<0x7f))?
249 printf("%02x ",buf[i]);
250 printf("| (%d)\n",cnt+1);
254 /* check/strip return code if type is cmd */
256 if(type==TXRX_TYPE_CMD) {
257 ret=strlen(CMD_SUCCESS);
258 if(!strncmp(buf,CMD_SUCCESS,ret)) {
264 printf("txrx bad return code!\n");
272 int bl_init(t_lpc *lpc) {
277 /* auto baud sequence */
279 txrx(lpc,buf,1,TXRX_TYPE_BAUD);
280 if(strncmp(buf,"Synchronized\r\n",14)) {
281 printf("auto baud detection failed\n");
285 /* tell bl that we are synchronized (it's allready in buf) */
286 txrx(lpc,buf,14,TXRX_TYPE_SYNC);
287 if(strncmp(buf,"OK\r\n",4)) {
288 printf("sync failed\n");
292 /* tell bl the crystal frequency */
293 len=strlen(lpc->freq)+2;
294 strncpy(buf,lpc->freq,BUFSIZE);
297 txrx(lpc,buf,len,TXRX_TYPE_SYNC);
298 if(strncmp(buf,"OK\r\n",4)) {
299 printf("freq set failed\n");
306 int unlock_go(t_lpc *lpc) {
311 memcpy(buf,"U 23130\r\n",9);
312 ret=txrx(lpc,buf,9,TXRX_TYPE_CMD);
322 snprintf(buf,BUFSIZE,"G %d A\r\n",lpc->roff);
324 ret=txrx(lpc,buf,len,TXRX_TYPE_CMD);
329 int uuencode(u8 *in,u8 *out,int len) {
332 out[1]=0x20+((in[0]>>2)&0x3f);
333 out[2]=0x20+(((in[0]<<4)|(in[1]>>4))&0x3f);
334 out[3]=0x20+(((in[1]<<2)|(in[2]>>6))&0x3f);
335 out[4]=0x20+(in[2]&0x3f);
340 int write_to_ram(t_lpc *lpc,char *buf,u32 addr,int len) {
344 char txrxbuf[BUFSIZE];
351 printf("ram write: not a multiple of 4\n");
355 /* make it a multiple of 3 (reason: uuencode) */
356 nlen=(!(len%3))?len:((len/3+1)*3);
358 printf("ram write: too much data\n");
361 for(i=len;i<nlen;i++) buf[i]=0;
364 addr+=(lpc->roff-lpc->hoff);
366 /* prepare write command */
367 if(lpc->info&VERBOSE)
368 printf("writing 0x%02x bytes to 0x%08x\n",len,addr);
369 snprintf(txrxbuf,BUFSIZE,"W %d %d\r\n",addr,len);
370 slen=strlen(txrxbuf);
372 /* send command and check return code */
373 txrx(lpc,txrxbuf,slen,TXRX_TYPE_CMD);
382 /* uuencode / prepare data bytes */
383 uuencode((u8 *)(buf+bcnt),(u8 *)(txrxbuf),
384 (bcnt==nlen-3)?(len%3?len%3:3):3);
389 checksum+=((u8)buf[bcnt]+(u8)buf[bcnt+1]+(u8)buf[bcnt+2]);
391 /* send a data line */
392 txrx(lpc,txrxbuf,7,TXRX_TYPE_DATA);
394 /* increase counters */
400 if((!(lcount%20))|(bcnt==nlen)) {
402 memcpy(txrxbuf,"`\r\n",3);
403 //txrx(lpc,txrxbuf,3,TXRX_TYPE_DATA);
405 snprintf(txrxbuf,BUFSIZE,"%d\r\n",checksum);
406 slen=strlen(txrxbuf);
407 txrx(lpc,txrxbuf,slen,TXRX_TYPE_CKSM);
408 if(!strncmp(txrxbuf,"RESE",4)) {
409 read(lpc->sfd,txrxbuf+4,4);
410 printf("ram write: resending ...\n");
413 if(strncmp(txrxbuf,"OK\r\n",4)) {
414 printf("ram write: bad response\n");
417 /* reset checksum & counter */
427 int firmware_to_ram(t_lpc *lpc) {
437 ret=read(lpc->fwfd,buf,1);
447 printf("fw to ram: no ihex format\n");
451 ret=read(lpc->fwfd,buf,2);
452 sscanf(buf,"%02x",&len);
454 printf("fw to ram: len not a multiple of 4\n");
458 ret=read(lpc->fwfd,buf,4);
459 sscanf(buf,"%04x",&addr);
461 ret=read(lpc->fwfd,buf,2);
462 sscanf(buf,"%02x",&type);
463 /* successfull return if type is end of file */
466 /* read data (and cksum) */
467 ret=read(lpc->fwfd,buf,2*(len+1));
468 if(ret!=(2*(len+1))) {
469 printf("fw to ram: data missing\n");
472 for(ret=0;ret<len;ret++) {
473 sscanf(buf+2*ret,"%02x",&temp);
476 /* act according to type */
479 // /* get cs and ip */
482 write_to_ram(lpc,buf,addr,len);
485 write_to_ram(lpc,buf,addr,len);
488 printf("fw to ram: unknown type %02x\n",type);
496 int main(int argc,char **argv) {
507 memset(&lpc,0,sizeof(t_lpc));
508 strncpy(lpc.freq,CRYSTFREQ,7);
513 for(i=1;i<argc;i++) {
515 if(argv[i][0]!='-') {
522 strncpy(lpc.sdev,argv[++i],127);
525 strncpy(lpc.fwfile,argv[++i],127);
532 strncpy(lpc.freq,argv[++i],7);
541 /* open serial port */
542 if(open_serial_device(&lpc)<0)
545 /* boot loader init */
546 printf("boot loader init ...\n");
550 /* quit if there is no hex file to process */
551 if(!(lpc.info&FIRMWARE)) {
552 printf("no firmware -> aborting\n");
556 /* open firmware file */
557 if(open_firmware(&lpc)<0)
560 /* parse intel hex file and write to ram */
561 printf("write firmware to ram ...\n");
562 firmware_to_ram(&lpc);
565 printf("unlock go command ...\n");
572 /* tell the user that the error might be due to the jump */
575 printf("the above error might be due to the jump!\n\n");
577 /* query user for serial port listening */
578 printf("continue listening on serial port? (ctrl+c to quit) [y|n]: ");
585 /* continue lsitening on serial port */
588 ret=read(lpc.sfd,buf,BUFSIZE);
589 printf("\rread %d bytes: ",ret);
591 printf("%02x ",buf[i]);