2 * lpcload.c - load firmware into ram of lpc2220 via uart0
4 * author: hackbard@hackdaworld.org, rolf.anders@physik.uni-augsburg.de
7 * usage: sudo ./lpcload -d /dev/ttyS0 -f firmware.hex -D0 fw0.bin [-v]
14 #include <sys/types.h>
19 #define VERBOSE (1<<0)
20 #define FIRMWARE (1<<1)
24 #define FLASHFW (1<<5)
27 #define BANK0_ADDR 0x80000000
28 #define BANK2_ADDR 0x82000000
29 #define BANK_SIZE 0x00100000
30 #define BL_ADDR 0x7fffe000
31 #define BL_SIZE 0x00002000
33 #define CMD_READ 'R' // stay compatible to fwflash!
35 #define CMD_CHIP_ERASE 'E'
37 #define TXRX_TYPE_SYNC 0x00
38 #define TXRX_TYPE_CKSM 0x00
39 #define TXRX_TYPE_BAUD 0x01
40 #define TXRX_TYPE_CMD 0x02
41 #define TXRX_TYPE_DATA 0x03
42 #define TXRX_TYPE_GO 0x04
44 #define CMD_SUCCESS "0\r\n"
45 #define INVALID_COMMAND "1\r\n"
46 #define SRC_ADDR_ERROR "2\r\n"
47 #define DST_ADDR_ERROR "3\r\n"
48 #define SRC_ADDR_NOT_MAPPED "4\r\n"
49 #define DST_ADDR_NOT_MAPPED "5\r\n"
50 #define COUNT_ERROR "6\r\n"
51 #define COMPARE_ERROR "10\r\n"
53 #define PARAM_ERROR "12\r\n"
54 #define ADDR_ERROR "13\r\n"
55 #define ADDR_NOT_MAPPED "14\r\n"
56 #define CMD_LOCKED "15\r\n"
57 #define INVALID_CODE "16\r\n"
58 #define INVALID_BAUD_RATE "17\r\n"
59 #define INVALID_STOP_BIT "18\r\n"
64 #define CRYSTFREQ "10000"
65 #define RAMOFFSET 0x40000200
69 typedef unsigned char u8;
70 typedef unsigned short u16;
71 typedef unsigned int u32;
73 typedef struct s_lpc {
74 int sfd; /* serial fd */
75 char sdev[128]; /* seriel device */
76 int fwfd; /* fimrware fd */
77 char fwfile[128]; /* firmware file */
78 u32 info; /* info/mode */
79 char freq[8]; /* frequency */
80 char bank0[127]; /* flash dump bank0 */
81 int b0fd; /* dumpfile fd bank0 */
82 char bank2[127]; /* flash dump bank2 */
83 int b2fd; /* dumpfile fd bank0 */
84 char bl[127]; /* flash dump bootloader */
85 int blfd; /* dumpfile fd bootloader */
86 char ffwfile[127]; /* file with firmware to be flashed */
87 int ffwfd; /* fd of the above */
88 u32 roff; /* ram offset of uc */
89 u32 jaddr; /* addr for the jump */
94 printf("possible argv:\n");
95 printf(" -d <serial device>\n");
96 printf(" -f <firmware>\n");
97 printf(" -c <crystal freq>\n");
98 printf(" -Dx <filename>\n");
99 printf(" x=0: bank0, x=2: bank2, x=b: bootloader\n");
100 printf(" -w <firmware which goes to flash>\n");
101 printf(" -b (if firmware for flash is a binary)\n");
106 int open_serial_device(t_lpc *lpc) {
110 //memset(&term,0,sizeof(struct termios));
112 /* open serial device */
114 lpc->sfd=open(lpc->sdev,O_RDWR);
120 /* configure the serial device */
122 tcgetattr(lpc->sfd,&term);
124 // input/output baudrate
126 cfsetispeed(&term,B38400);
127 cfsetospeed(&term,B38400);
129 // control options -> 8n1
131 term.c_cflag&=~PARENB; // no parity
132 term.c_cflag&=~CSTOPB; // only 1 stop bit
133 term.c_cflag&=~CSIZE; // no bit mask for data bits
134 term.c_cflag|=CS8; // 8 data bits
136 // line options -> raw input
138 term.c_lflag&=~(ICANON|ECHO|ECHOE|ISIG);
140 // input options -> enable flow control
142 term.c_iflag&=~(INLCR|ICRNL|IXANY);
143 term.c_iflag|=(IXON|IXOFF);
149 // more control options -> timeout / flow control
152 term.c_cc[VTIME]=20; // 2 seconds timeout
153 //term.c_cc[VSTART]=0x11;
154 //term.c_cc[VSTOP]=0x13;
156 tcsetattr(lpc->sfd,TCSANOW,&term);
161 int reconfig_serial_device(t_lpc *lpc) {
166 /* reconfigure the serial device for our lousy loader tool */
168 tcgetattr(lpc->sfd,&term);
170 // disable flow control
172 term.c_iflag&=~(IXON|IXOFF|IXANY|INLCR|ICRNL);
176 cfsetispeed(&term,B115200);
177 cfsetospeed(&term,B115200);
182 term.c_cc[VTIME]=100; // 10 seconds timeout
184 ret=tcsetattr(lpc->sfd,TCSANOW,&term);
189 int open_firmware(t_lpc *lpc) {
191 /* open firmware file */
193 lpc->fwfd=open(lpc->fwfile,O_RDONLY);
200 if(lpc->info&FLASHFW) {
201 lpc->ffwfd=open(lpc->ffwfile,O_RDONLY);
211 int open_dumpfiles(t_lpc *lpc) {
215 if(lpc->info&BANK0) {
216 lpc->b0fd=open(lpc->bank0,O_WRONLY|O_CREAT);
218 perror("bank0 dump file open");
223 if(lpc->info&BANK2) {
224 lpc->b2fd=open(lpc->bank2,O_WRONLY|O_CREAT);
226 perror("bank2 dump file open");
232 lpc->blfd=open(lpc->bl,O_WRONLY|O_CREAT);
234 perror("bootloader dump file open");
242 int txrx(t_lpc *lpc,char *buf,int len,u8 type) {
249 if(lpc->info&VERBOSE)
253 ret=write(lpc->sfd,buf+cnt,len);
255 perror("txrx write");
258 if(lpc->info&VERBOSE)
261 ((buf[cnt+i]>0x19)&(buf[cnt+i]<0x7f))?
266 if(lpc->info&VERBOSE) {
269 printf("%02x ",buf[i]);
270 printf("| (%d)\n",cnt);
275 /* cut the echo if not of type auto baud */
277 if(type!=TXRX_TYPE_BAUD) {
279 ret=read(lpc->sfd,buf,cnt);
281 perror("txrx echo cut");
288 /* return if type is go */
290 if(type==TXRX_TYPE_GO)
293 /* return here if type is data */
295 if(type==TXRX_TYPE_DATA)
300 ret=read(lpc->sfd,buf,1);
302 perror("txrx read (first byte)");
320 printf("txrx read: bad return byte '%02x'\n",buf[0]);
327 ret=read(lpc->sfd,buf+1+cnt-i,i);
329 perror("txrx read (next bytes)");
334 if(lpc->info&VERBOSE) {
337 printf("%c",((buf[i]>0x19)&(buf[i]<0x7f))?
341 printf("%02x ",buf[i]);
342 printf("| (%d)\n",cnt+1);
346 /* check/strip return code if type is cmd */
348 if(type==TXRX_TYPE_CMD) {
349 ret=strlen(CMD_SUCCESS);
350 if(!strncmp(buf,CMD_SUCCESS,ret)) {
356 printf("txrx bad return code!\n");
364 int bl_init(t_lpc *lpc) {
369 /* auto baud sequence */
371 txrx(lpc,buf,1,TXRX_TYPE_BAUD);
372 if(strncmp(buf,"Synchronized\r\n",14)) {
373 printf("auto baud detection failed\n");
377 /* tell bl that we are synchronized (it's allready in buf) */
378 txrx(lpc,buf,14,TXRX_TYPE_SYNC);
379 if(strncmp(buf,"OK\r\n",4)) {
380 printf("sync failed\n");
384 /* tell bl the crystal frequency */
385 len=strlen(lpc->freq)+2;
386 strncpy(buf,lpc->freq,BUFSIZE);
389 txrx(lpc,buf,len,TXRX_TYPE_SYNC);
390 if(strncmp(buf,"OK\r\n",4)) {
391 printf("freq set failed\n");
398 int unlock_go(t_lpc *lpc) {
403 memcpy(buf,"U 23130\r\n",9);
404 ret=txrx(lpc,buf,9,TXRX_TYPE_CMD);
414 snprintf(buf,BUFSIZE,"G %d A\r\n",lpc->jaddr);
416 ret=txrx(lpc,buf,len,TXRX_TYPE_GO);
421 int uuencode(u8 *in,u8 *out,int len) {
424 out[1]=0x20+((in[0]>>2)&0x3f);
425 out[2]=0x20+(((in[0]<<4)|(in[1]>>4))&0x3f);
426 out[3]=0x20+(((in[1]<<2)|(in[2]>>6))&0x3f);
427 out[4]=0x20+(in[2]&0x3f);
432 int write_to_ram(t_lpc *lpc,char *buf,u32 addr,int len) {
436 char txrxbuf[BUFSIZE];
443 printf("ram write: not a multiple of 4\n");
447 /* make it a multiple of 3 (reason: uuencode) */
448 nlen=(!(len%3))?len:((len/3+1)*3);
450 printf("ram write: too much data\n");
453 for(i=len;i<nlen;i++) buf[i]=0;
458 /* prepare write command */
459 if(lpc->info&VERBOSE)
460 printf("writing 0x%02x bytes to 0x%08x\n",len,addr);
461 snprintf(txrxbuf,BUFSIZE,"W %d %d\r\n",addr,len);
462 slen=strlen(txrxbuf);
464 /* send command and check return code */
465 txrx(lpc,txrxbuf,slen,TXRX_TYPE_CMD);
474 /* uuencode / prepare data bytes */
475 uuencode((u8 *)(buf+bcnt),(u8 *)(txrxbuf),
476 (bcnt==nlen-3)?(len%3?len%3:3):3);
481 checksum+=((u8)buf[bcnt]+(u8)buf[bcnt+1]+(u8)buf[bcnt+2]);
483 /* send a data line */
484 txrx(lpc,txrxbuf,7,TXRX_TYPE_DATA);
486 /* increase counters */
492 if((!(lcount%20))|(bcnt==nlen)) {
494 memcpy(txrxbuf,"`\r\n",3);
495 //txrx(lpc,txrxbuf,3,TXRX_TYPE_DATA);
497 snprintf(txrxbuf,BUFSIZE,"%d\r\n",checksum);
498 slen=strlen(txrxbuf);
499 txrx(lpc,txrxbuf,slen,TXRX_TYPE_CKSM);
500 if(!strncmp(txrxbuf,"RESE",4)) {
501 read(lpc->sfd,txrxbuf+4,4);
502 printf("ram write: resending ...\n");
505 if(strncmp(txrxbuf,"OK\r\n",4)) {
506 printf("ram write: bad response\n");
509 /* reset checksum & counter */
519 int send_cmd(int sfd,u32 addr,u32 len,u8 cmd) {
536 printf("send cmd: cmd '%02x' not supported\n",cmd);
544 send[1+i]=(addr>>((as-1-i)*8))&0xff;
546 send[1+i+as]=(len>>((ls-1-i)*8))&0xff;
550 ret=write(sfd,send+cnt,size);
552 perror("dump file: send cmd ");
562 int write_to_flash(t_lpc *lpc,u8 *buf,u32 addr,int len) {
573 send_cmd(lpc->sfd,addr,len,CMD_WRITE);
581 ret=write(lpc->sfd,buf+cnt+i,1);
583 perror("transmit flash content (w)");
590 ret=read(lpc->sfd,&check,1);
592 perror("transmit flash content (r)");
598 if(buf[cnt+i]!=check)
599 printf("FATAL: write to flash (transfer)\n");
612 ret=write(lpc->sfd,buf+cnt,len);
614 perror("transmit flash content (w)");
617 for(i=cnt;i<cnt+ret;i++)
626 ret=read(lpc->sfd,&cksmr,1);
628 perror("write to flash: read cksm");
634 printf("FATAL: wrong checksum or failure in flash write!\n");
636 printf(" -> most probably due to flash write!\n");
638 printf(" -> most probably failure in transfer!\n");
639 printf(" addr:0x%08x l:%02x r:%02x\n",addr,cksml,cksmr);
645 int firmware_to_mem(t_lpc *lpc,u8 memtype) {
652 /* prepare for memory type */
655 else if(memtype==FLASH)
660 /* another evil hack to support binary format */
661 if((lpc->info&BINARY)&&(memtype==FLASH)) {
667 printf("D'OH ...\n");
671 for(temp=0;temp<16;temp++)
672 if((u8)buf[temp]!=0xff)
673 buf[16]='w'; // write
674 printf("addr:%08x\r",addr+lpc->roff);
677 write_to_flash(lpc,(u8 *)buf,addr,16);
697 printf("fw to mem: no ihex format\n");
702 sscanf(buf,"%02x",&len);
705 sscanf(buf,"%04x",&addr);
708 sscanf(buf,"%02x",&type);
709 /* successfull return if type is end of file */
712 /* read data (and cksum) */
713 ret=read(fd,buf,2*(len+1));
714 if(ret!=(2*(len+1))) {
715 printf("fw to mem: data missing\n");
718 for(ret=0;ret<len;ret++) {
719 sscanf(buf+2*ret,"%02x",&temp);
722 /* act according to type */
725 // /* get cs and ip */
729 printf("fw to mem: invalid len\n");
733 write_to_ram(lpc,buf,addr,len);
735 write_to_flash(lpc,(u8 *)buf,addr,len);
738 lpc->roff=((buf[0]<<24)|(buf[1]<<16));
741 lpc->jaddr=((buf[0]<<24)|(buf[1]<<16));
742 lpc->jaddr|=((buf[2]<<8)|buf[3]);
745 printf("fw to mem: unknown type %02x\n",type);
753 int lpc_txbuf_flush(t_lpc *lpc) {
759 printf("flushing lpc tx buffer: ");
761 ret=read(lpc->sfd,buf,16);
763 printf("%02x ",buf[i]);
770 int dump_files(int sfd,int dfd,u32 addr,u32 len) {
777 printf("dumping content (addr=0x%08x, len=0x%08x) ...\n",addr,len);
780 send_cmd(sfd,addr,len,CMD_READ);
782 /* receive data and dump it to file */
785 printf(" receiving data ...\n");
787 ret=read(sfd,buf,16);
789 perror("dump file: read data");
795 ret=write(dfd,buf+cnt,size-cnt);
797 perror("dump file: write data");
808 int main(int argc,char **argv) {
818 memset(&lpc,0,sizeof(t_lpc));
819 strncpy(lpc.freq,CRYSTFREQ,7);
825 for(i=1;i<argc;i++) {
827 if(argv[i][0]!='-') {
834 strncpy(lpc.sdev,argv[++i],127);
837 strncpy(lpc.fwfile,argv[++i],127);
844 strncpy(lpc.freq,argv[++i],7);
847 if(argv[i][2]=='0') {
849 strncpy(lpc.bank0,argv[++i],127);
852 else if(argv[i][2]=='2') {
854 strncpy(lpc.bank2,argv[++i],127);
857 else if(argv[i][2]=='b') {
859 strncpy(lpc.bl,argv[++i],127);
867 strncpy(lpc.ffwfile,argv[++i],127);
880 /* open serial port */
881 if(open_serial_device(&lpc)<0)
884 /* boot loader init */
885 printf("boot loader init ...\n");
889 /* quit if there is no hex file to process */
890 if(!(lpc.info&FIRMWARE)) {
891 printf("no firmware -> aborting\n");
895 /* open firmware file */
896 if(open_firmware(&lpc)<0)
899 /* open dump files */
900 if(open_dumpfiles(&lpc)<0)
903 /* parse intel hex file and write to ram */
904 printf("write firmware to ram ...\n");
905 firmware_to_mem(&lpc,RAM);
908 printf("unlock go command ...\n");
915 /* flush the lpc2220 tx buf */
916 lpc_txbuf_flush(&lpc);
918 /* reconfigure the serial port */
919 if(reconfig_serial_device(&lpc)<0)
922 /* download flash/bootloader content */
924 dump_files(lpc.sfd,lpc.b0fd,BANK0_ADDR,BANK_SIZE);
926 dump_files(lpc.sfd,lpc.b2fd,BANK2_ADDR,BANK_SIZE);
928 dump_files(lpc.sfd,lpc.blfd,BL_ADDR,BL_SIZE);
930 /* write a firmware to the lpc flash */
931 if(lpc.info&FLASHFW) {
932 printf("writing firmware to flash ...\n");
933 send_cmd(lpc.sfd,0,'0',CMD_CHIP_ERASE);
935 firmware_to_mem(&lpc,FLASH);