2 * CFI parallel flash with Intel command set emulation
4 * Copyright (c) 2006 Thorsten Zitterell
5 * Copyright (c) 2005 Jocelyn Mayer
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA
23 * For now, this code can emulate flashes of 1, 2 or 4 bytes width.
24 * Supported commands/modes are:
31 * It does not support timings
32 * It does not support flash interleaving
33 * It does not implement software data protection as found in many real chips
34 * It does not implement erase suspend/resume commands
35 * It does not implement multiple sectors erase
37 * It does not implement much more ...
43 #include "qemu-timer.h"
45 #define PFLASH_BUG(fmt, ...) \
47 printf("PFLASH: Possible BUG - " fmt, ## __VA_ARGS__); \
51 /* #define PFLASH_DEBUG */
53 #define DPRINTF(fmt, ...) \
55 printf("PFLASH: " fmt , ## __VA_ARGS__); \
58 #define DPRINTF(fmt, ...) do { } while (0)
63 target_phys_addr_t base;
64 target_phys_addr_t sector_len;
65 target_phys_addr_t total_len;
67 int wcycle; /* if 0, the flash is read normally */
74 uint8_t cfi_table[0x52];
75 target_phys_addr_t counter;
82 static void pflash_timer (void *opaque)
84 pflash_t *pfl = opaque;
86 DPRINTF("%s: command %02x done\n", __func__, pfl->cmd);
92 cpu_register_physical_memory(pfl->base, pfl->total_len,
93 pfl->off | IO_MEM_ROMD | pfl->fl_mem);
99 static uint32_t pflash_read (pflash_t *pfl, target_phys_addr_t offset,
102 target_phys_addr_t boff;
107 boff = offset & 0xFF; /* why this here ?? */
111 else if (pfl->width == 4)
114 DPRINTF("%s: reading offset " TARGET_FMT_lx " under cmd %02x width %d\n",
115 __func__, offset, pfl->cmd, width);
119 /* Flash area read */
124 DPRINTF("%s: data offset " TARGET_FMT_lx " %02x\n",
125 __func__, offset, ret);
128 #if defined(TARGET_WORDS_BIGENDIAN)
129 ret = p[offset] << 8;
130 ret |= p[offset + 1];
133 ret |= p[offset + 1] << 8;
135 DPRINTF("%s: data offset " TARGET_FMT_lx " %04x\n",
136 __func__, offset, ret);
139 #if defined(TARGET_WORDS_BIGENDIAN)
140 ret = p[offset] << 24;
141 ret |= p[offset + 1] << 16;
142 ret |= p[offset + 2] << 8;
143 ret |= p[offset + 3];
146 ret |= p[offset + 1] << 8;
147 ret |= p[offset + 1] << 8;
148 ret |= p[offset + 2] << 16;
149 ret |= p[offset + 3] << 24;
151 DPRINTF("%s: data offset " TARGET_FMT_lx " %08x\n",
152 __func__, offset, ret);
155 DPRINTF("BUG in %s\n", __func__);
159 case 0x20: /* Block erase */
160 case 0x50: /* Clear status register */
161 case 0x60: /* Block /un)lock */
162 case 0x70: /* Status Register */
163 case 0xe8: /* Write block */
164 /* Status register read */
166 DPRINTF("%s: status %x\n", __func__, ret);
168 case 0x98: /* Query mode */
169 if (boff > pfl->cfi_len)
172 ret = pfl->cfi_table[boff];
175 /* This should never happen : reset state & treat it as a read */
176 DPRINTF("%s: unknown command state: %x\n", __func__, pfl->cmd);
183 /* update flash content on disk */
184 static void pflash_update(pflash_t *pfl, int offset,
189 offset_end = offset + size;
190 /* round to sectors */
191 offset = offset >> 9;
192 offset_end = (offset_end + 511) >> 9;
193 bdrv_write(pfl->bs, offset, pfl->storage + (offset << 9),
194 offset_end - offset);
198 static void inline pflash_data_write(pflash_t *pfl, target_phys_addr_t offset,
199 uint32_t value, int width)
201 uint8_t *p = pfl->storage;
203 DPRINTF("%s: block write offset " TARGET_FMT_lx
204 " value %x counter " TARGET_FMT_lx "\n",
205 __func__, offset, value, pfl->counter);
209 pflash_update(pfl, offset, 1);
212 #if defined(TARGET_WORDS_BIGENDIAN)
213 p[offset] = value >> 8;
214 p[offset + 1] = value;
217 p[offset + 1] = value >> 8;
219 pflash_update(pfl, offset, 2);
222 #if defined(TARGET_WORDS_BIGENDIAN)
223 p[offset] = value >> 24;
224 p[offset + 1] = value >> 16;
225 p[offset + 2] = value >> 8;
226 p[offset + 3] = value;
229 p[offset + 1] = value >> 8;
230 p[offset + 2] = value >> 16;
231 p[offset + 3] = value >> 24;
233 pflash_update(pfl, offset, 4);
239 static void pflash_write(pflash_t *pfl, target_phys_addr_t offset,
240 uint32_t value, int width)
242 target_phys_addr_t boff;
248 DPRINTF("%s: writing offset " TARGET_FMT_lx " value %08x width %d wcycle 0x%x\n",
249 __func__, offset, value, width, pfl->wcycle);
251 /* Set the device in I/O access mode */
252 cpu_register_physical_memory(pfl->base, pfl->total_len, pfl->fl_mem);
253 boff = offset & (pfl->sector_len - 1);
257 else if (pfl->width == 4)
260 switch (pfl->wcycle) {
266 case 0x10: /* Single Byte Program */
267 case 0x40: /* Single Byte Program */
268 DPRINTF(stderr, "%s: Single Byte Program\n", __func__);
270 case 0x20: /* Block erase */
272 offset &= ~(pfl->sector_len - 1);
274 DPRINTF("%s: block erase at " TARGET_FMT_lx " bytes "
276 __func__, offset, pfl->sector_len);
278 memset(p + offset, 0xff, pfl->sector_len);
279 pflash_update(pfl, offset, pfl->sector_len);
280 pfl->status |= 0x80; /* Ready! */
282 case 0x50: /* Clear status bits */
283 DPRINTF("%s: Clear status bits\n", __func__);
286 case 0x60: /* Block (un)lock */
287 DPRINTF("%s: Block unlock\n", __func__);
289 case 0x70: /* Status Register */
290 DPRINTF("%s: Read status register\n", __func__);
293 case 0x98: /* CFI query */
294 DPRINTF("%s: CFI query\n", __func__);
296 case 0xe8: /* Write to buffer */
297 DPRINTF("%s: Write to buffer\n", __func__);
298 pfl->status |= 0x80; /* Ready! */
300 case 0xff: /* Read array mode */
301 DPRINTF("%s: Read array mode\n", __func__);
311 case 0x10: /* Single Byte Program */
312 case 0x40: /* Single Byte Program */
313 DPRINTF("%s: Single Byte Program\n", __func__);
314 pflash_data_write(pfl, offset, value, width);
315 pfl->status |= 0x80; /* Ready! */
318 case 0x20: /* Block erase */
320 if (cmd == 0xd0) { /* confirm */
323 } else if (cmd == 0xff) { /* read array mode */
330 DPRINTF("%s: block write of %x bytes\n", __func__, value);
331 pfl->counter = value;
338 } else if (cmd == 0x01) {
341 } else if (cmd == 0xff) {
344 DPRINTF("%s: Unknown (un)locking command\n", __func__);
352 DPRINTF("%s: leaving query mode\n", __func__);
361 case 0xe8: /* Block write */
362 pflash_data_write(pfl, offset, value, width);
367 DPRINTF("%s: block write finished\n", __func__);
377 case 3: /* Confirm mode */
379 case 0xe8: /* Block write */
384 DPRINTF("%s: unknown command for \"write block\"\n", __func__);
385 PFLASH_BUG("Write block confirm");
394 /* Should never happen */
395 DPRINTF("%s: invalid write state\n", __func__);
401 printf("%s: Unimplemented flash cmd sequence "
402 "(offset " TARGET_FMT_plx ", wcycle 0x%x cmd 0x%x value 0x%x)\n",
403 __func__, offset, pfl->wcycle, pfl->cmd, value);
406 cpu_register_physical_memory(pfl->base, pfl->total_len,
407 pfl->off | IO_MEM_ROMD | pfl->fl_mem);
416 static uint32_t pflash_readb (void *opaque, target_phys_addr_t addr)
418 return pflash_read(opaque, addr, 1);
421 static uint32_t pflash_readw (void *opaque, target_phys_addr_t addr)
423 pflash_t *pfl = opaque;
425 return pflash_read(pfl, addr, 2);
428 static uint32_t pflash_readl (void *opaque, target_phys_addr_t addr)
430 pflash_t *pfl = opaque;
432 return pflash_read(pfl, addr, 4);
435 static void pflash_writeb (void *opaque, target_phys_addr_t addr,
438 pflash_write(opaque, addr, value, 1);
441 static void pflash_writew (void *opaque, target_phys_addr_t addr,
444 pflash_t *pfl = opaque;
446 pflash_write(pfl, addr, value, 2);
449 static void pflash_writel (void *opaque, target_phys_addr_t addr,
452 pflash_t *pfl = opaque;
454 pflash_write(pfl, addr, value, 4);
457 static CPUWriteMemoryFunc *pflash_write_ops[] = {
463 static CPUReadMemoryFunc *pflash_read_ops[] = {
469 /* Count trailing zeroes of a 32 bits quantity */
470 static int ctz32 (uint32_t n)
495 #if 0 /* This is not necessary as n is never 0 */
503 pflash_t *pflash_cfi01_register(target_phys_addr_t base, ram_addr_t off,
504 BlockDriverState *bs, uint32_t sector_len,
505 int nb_blocs, int width,
506 uint16_t id0, uint16_t id1,
507 uint16_t id2, uint16_t id3)
510 target_phys_addr_t total_len;
512 total_len = sector_len * nb_blocs;
514 /* XXX: to be fixed */
516 if (total_len != (8 * 1024 * 1024) && total_len != (16 * 1024 * 1024) &&
517 total_len != (32 * 1024 * 1024) && total_len != (64 * 1024 * 1024))
521 pfl = qemu_mallocz(sizeof(pflash_t));
523 /* FIXME: Allocate ram ourselves. */
524 pfl->storage = qemu_get_ram_ptr(off);
525 pfl->fl_mem = cpu_register_io_memory(0,
526 pflash_read_ops, pflash_write_ops, pfl);
528 cpu_register_physical_memory(base, total_len,
529 off | pfl->fl_mem | IO_MEM_ROMD);
533 /* read the initial flash content */
534 bdrv_read(pfl->bs, 0, pfl->storage, total_len >> 9);
536 #if 0 /* XXX: there should be a bit to set up read-only,
537 * the same way the hardware does (with WP pin).
543 pfl->timer = qemu_new_timer(vm_clock, pflash_timer, pfl);
545 pfl->sector_len = sector_len;
546 pfl->total_len = total_len;
555 /* Hardcoded CFI table */
557 /* Standard "QRY" string */
558 pfl->cfi_table[0x10] = 'Q';
559 pfl->cfi_table[0x11] = 'R';
560 pfl->cfi_table[0x12] = 'Y';
561 /* Command set (Intel) */
562 pfl->cfi_table[0x13] = 0x01;
563 pfl->cfi_table[0x14] = 0x00;
564 /* Primary extended table address (none) */
565 pfl->cfi_table[0x15] = 0x31;
566 pfl->cfi_table[0x16] = 0x00;
567 /* Alternate command set (none) */
568 pfl->cfi_table[0x17] = 0x00;
569 pfl->cfi_table[0x18] = 0x00;
570 /* Alternate extended table (none) */
571 pfl->cfi_table[0x19] = 0x00;
572 pfl->cfi_table[0x1A] = 0x00;
574 pfl->cfi_table[0x1B] = 0x45;
576 pfl->cfi_table[0x1C] = 0x55;
577 /* Vpp min (no Vpp pin) */
578 pfl->cfi_table[0x1D] = 0x00;
579 /* Vpp max (no Vpp pin) */
580 pfl->cfi_table[0x1E] = 0x00;
582 pfl->cfi_table[0x1F] = 0x07;
583 /* Timeout for min size buffer write */
584 pfl->cfi_table[0x20] = 0x07;
585 /* Typical timeout for block erase */
586 pfl->cfi_table[0x21] = 0x0a;
587 /* Typical timeout for full chip erase (4096 ms) */
588 pfl->cfi_table[0x22] = 0x00;
590 pfl->cfi_table[0x23] = 0x04;
591 /* Max timeout for buffer write */
592 pfl->cfi_table[0x24] = 0x04;
593 /* Max timeout for block erase */
594 pfl->cfi_table[0x25] = 0x04;
595 /* Max timeout for chip erase */
596 pfl->cfi_table[0x26] = 0x00;
598 pfl->cfi_table[0x27] = ctz32(total_len); // + 1;
599 /* Flash device interface (8 & 16 bits) */
600 pfl->cfi_table[0x28] = 0x02;
601 pfl->cfi_table[0x29] = 0x00;
602 /* Max number of bytes in multi-bytes write */
603 pfl->cfi_table[0x2A] = 0x0B;
604 pfl->cfi_table[0x2B] = 0x00;
605 /* Number of erase block regions (uniform) */
606 pfl->cfi_table[0x2C] = 0x01;
607 /* Erase block region 1 */
608 pfl->cfi_table[0x2D] = nb_blocs - 1;
609 pfl->cfi_table[0x2E] = (nb_blocs - 1) >> 8;
610 pfl->cfi_table[0x2F] = sector_len >> 8;
611 pfl->cfi_table[0x30] = sector_len >> 16;
614 pfl->cfi_table[0x31] = 'P';
615 pfl->cfi_table[0x32] = 'R';
616 pfl->cfi_table[0x33] = 'I';
618 pfl->cfi_table[0x34] = '1';
619 pfl->cfi_table[0x35] = '1';
621 pfl->cfi_table[0x36] = 0x00;
622 pfl->cfi_table[0x37] = 0x00;
623 pfl->cfi_table[0x38] = 0x00;
624 pfl->cfi_table[0x39] = 0x00;
626 pfl->cfi_table[0x3a] = 0x00;
628 pfl->cfi_table[0x3b] = 0x00;
629 pfl->cfi_table[0x3c] = 0x00;
projects / qemu / blob