2 * lpcload.c - load firmware into ram of lpc2220 via uart0
4 * author: hackbard@hackdaworld.org, rolf.anders@physik.uni-augsburg.de
7 * usage: sudo ./lpcload -d /dev/ttyS0 -f firmware.hex -D0 fw0.bin [-v]
14 #include <sys/types.h>
19 #define VERBOSE (1<<0)
20 #define FIRMWARE (1<<1)
25 #define BANK0_ADDR 0x80000000
26 #define BANK2_ADDR 0x82000000
27 #define BANK_SIZE 0x00100000
28 #define BL_ADDR 0x7fffe000
29 #define BL_SIZE 0x00002000
31 #define CMD_READ 'R' // stay compatible to fwflash!
33 #define TXRX_TYPE_SYNC 0x00
34 #define TXRX_TYPE_CKSM 0x00
35 #define TXRX_TYPE_BAUD 0x01
36 #define TXRX_TYPE_CMD 0x02
37 #define TXRX_TYPE_DATA 0x03
38 #define TXRX_TYPE_GO 0x04
40 #define CMD_SUCCESS "0\r\n"
41 #define INVALID_COMMAND "1\r\n"
42 #define SRC_ADDR_ERROR "2\r\n"
43 #define DST_ADDR_ERROR "3\r\n"
44 #define SRC_ADDR_NOT_MAPPED "4\r\n"
45 #define DST_ADDR_NOT_MAPPED "5\r\n"
46 #define COUNT_ERROR "6\r\n"
47 #define COMPARE_ERROR "10\r\n"
49 #define PARAM_ERROR "12\r\n"
50 #define ADDR_ERROR "13\r\n"
51 #define ADDR_NOT_MAPPED "14\r\n"
52 #define CMD_LOCKED "15\r\n"
53 #define INVALID_CODE "16\r\n"
54 #define INVALID_BAUD_RATE "17\r\n"
55 #define INVALID_STOP_BIT "18\r\n"
57 #define CRYSTFREQ "10000"
58 #define RAMOFFSET 0x40000200
62 typedef unsigned char u8;
63 typedef unsigned short u16;
64 typedef unsigned int u32;
66 typedef struct s_lpc {
67 int sfd; /* serial fd */
68 char sdev[128]; /* seriel device */
69 int fwfd; /* fimrware fd */
70 char fwfile[128]; /* firmware file */
71 u8 info; /* info/mode */
72 char freq[8]; /* frequency */
73 char bank0[127]; /* flash dump bank0 */
74 int b0fd; /* dumpfile fd bank0 */
75 char bank2[127]; /* flash dump bank2 */
76 int b2fd; /* dumpfile fd bank0 */
77 char bl[127]; /* flash dump bootloader */
78 int blfd; /* dumpfile fd bootloader */
79 u32 roff; /* ram offset of uc */
80 u32 jaddr; /* addr for the jump */
85 printf("possible argv:\n");
86 printf(" -d <serial device>\n");
87 printf(" -f <firmware>\n");
88 printf(" -c <crystal freq>\n");
89 printf(" -Dx <filename>\n");
90 printf(" x=0: bank0, x=2: bank2, x=b: bootloader\n");
95 int open_serial_device(t_lpc *lpc) {
99 //memset(&term,0,sizeof(struct termios));
101 /* open serial device */
103 lpc->sfd=open(lpc->sdev,O_RDWR);
109 /* configure the serial device */
111 tcgetattr(lpc->sfd,&term);
113 // input/output baudrate
115 cfsetispeed(&term,B38400);
116 cfsetospeed(&term,B38400);
118 // control options -> 8n1
120 term.c_cflag&=~PARENB; // no parity
121 term.c_cflag&=~CSTOPB; // only 1 stop bit
122 term.c_cflag&=~CSIZE; // no bit mask for data bits
123 term.c_cflag|=CS8; // 8 data bits
125 // line options -> raw input
127 term.c_lflag&=~(ICANON|ECHO|ECHOE|ISIG);
129 // input options -> enable flow control
131 term.c_iflag&=~(INLCR|ICRNL|IXANY);
132 term.c_iflag|=(IXON|IXOFF);
138 // more control options -> timeout / flow control
141 term.c_cc[VTIME]=20; // 2 seconds timeout
142 //term.c_cc[VSTART]=0x11;
143 //term.c_cc[VSTOP]=0x13;
145 tcsetattr(lpc->sfd,TCSANOW,&term);
150 int reconfig_serial_device(t_lpc *lpc) {
155 /* reconfigure the serial device for our lousy loader tool */
157 tcgetattr(lpc->sfd,&term);
159 // disable flow control
161 term.c_iflag&=~(IXON|IXOFF|IXANY|INLCR|ICRNL);
165 cfsetispeed(&term,B115200);
166 cfsetospeed(&term,B115200);
168 ret=tcsetattr(lpc->sfd,TCSANOW,&term);
173 int open_firmware(t_lpc *lpc) {
175 /* open firmware file */
177 lpc->fwfd=open(lpc->fwfile,O_RDONLY);
185 int open_dumpfiles(t_lpc *lpc) {
189 if(lpc->info&BANK0) {
190 lpc->b0fd=open(lpc->bank0,O_WRONLY|O_CREAT);
192 perror("bank0 dump file open");
197 if(lpc->info&BANK2) {
198 lpc->b2fd=open(lpc->bank2,O_WRONLY|O_CREAT);
200 perror("bank2 dump file open");
206 lpc->blfd=open(lpc->bl,O_WRONLY|O_CREAT);
208 perror("bootloader dump file open");
216 int txrx(t_lpc *lpc,char *buf,int len,u8 type) {
223 if(lpc->info&VERBOSE)
227 ret=write(lpc->sfd,buf+cnt,len);
229 perror("txrx write");
232 if(lpc->info&VERBOSE)
235 ((buf[cnt+i]>0x19)&(buf[cnt+i]<0x7f))?
240 if(lpc->info&VERBOSE) {
243 printf("%02x ",buf[i]);
244 printf("| (%d)\n",cnt);
249 /* cut the echo if not of type auto baud */
251 if(type!=TXRX_TYPE_BAUD) {
253 ret=read(lpc->sfd,buf,cnt);
255 perror("txrx echo cut");
262 /* return if type is go */
264 if(type==TXRX_TYPE_GO)
267 /* return here if type is data */
269 if(type==TXRX_TYPE_DATA)
274 ret=read(lpc->sfd,buf,1);
276 perror("txrx read (first byte)");
294 printf("txrx read: bad return byte '%02x'\n",buf[0]);
301 ret=read(lpc->sfd,buf+1+cnt-i,i);
303 perror("txrx read (next bytes)");
308 if(lpc->info&VERBOSE) {
311 printf("%c",((buf[i]>0x19)&(buf[i]<0x7f))?
315 printf("%02x ",buf[i]);
316 printf("| (%d)\n",cnt+1);
320 /* check/strip return code if type is cmd */
322 if(type==TXRX_TYPE_CMD) {
323 ret=strlen(CMD_SUCCESS);
324 if(!strncmp(buf,CMD_SUCCESS,ret)) {
330 printf("txrx bad return code!\n");
338 int bl_init(t_lpc *lpc) {
343 /* auto baud sequence */
345 txrx(lpc,buf,1,TXRX_TYPE_BAUD);
346 if(strncmp(buf,"Synchronized\r\n",14)) {
347 printf("auto baud detection failed\n");
351 /* tell bl that we are synchronized (it's allready in buf) */
352 txrx(lpc,buf,14,TXRX_TYPE_SYNC);
353 if(strncmp(buf,"OK\r\n",4)) {
354 printf("sync failed\n");
358 /* tell bl the crystal frequency */
359 len=strlen(lpc->freq)+2;
360 strncpy(buf,lpc->freq,BUFSIZE);
363 txrx(lpc,buf,len,TXRX_TYPE_SYNC);
364 if(strncmp(buf,"OK\r\n",4)) {
365 printf("freq set failed\n");
372 int unlock_go(t_lpc *lpc) {
377 memcpy(buf,"U 23130\r\n",9);
378 ret=txrx(lpc,buf,9,TXRX_TYPE_CMD);
388 snprintf(buf,BUFSIZE,"G %d A\r\n",lpc->jaddr);
390 ret=txrx(lpc,buf,len,TXRX_TYPE_GO);
395 int uuencode(u8 *in,u8 *out,int len) {
398 out[1]=0x20+((in[0]>>2)&0x3f);
399 out[2]=0x20+(((in[0]<<4)|(in[1]>>4))&0x3f);
400 out[3]=0x20+(((in[1]<<2)|(in[2]>>6))&0x3f);
401 out[4]=0x20+(in[2]&0x3f);
406 int write_to_ram(t_lpc *lpc,char *buf,u32 addr,int len) {
410 char txrxbuf[BUFSIZE];
417 printf("ram write: not a multiple of 4\n");
421 /* make it a multiple of 3 (reason: uuencode) */
422 nlen=(!(len%3))?len:((len/3+1)*3);
424 printf("ram write: too much data\n");
427 for(i=len;i<nlen;i++) buf[i]=0;
432 /* prepare write command */
433 if(lpc->info&VERBOSE)
434 printf("writing 0x%02x bytes to 0x%08x\n",len,addr);
435 snprintf(txrxbuf,BUFSIZE,"W %d %d\r\n",addr,len);
436 slen=strlen(txrxbuf);
438 /* send command and check return code */
439 txrx(lpc,txrxbuf,slen,TXRX_TYPE_CMD);
448 /* uuencode / prepare data bytes */
449 uuencode((u8 *)(buf+bcnt),(u8 *)(txrxbuf),
450 (bcnt==nlen-3)?(len%3?len%3:3):3);
455 checksum+=((u8)buf[bcnt]+(u8)buf[bcnt+1]+(u8)buf[bcnt+2]);
457 /* send a data line */
458 txrx(lpc,txrxbuf,7,TXRX_TYPE_DATA);
460 /* increase counters */
466 if((!(lcount%20))|(bcnt==nlen)) {
468 memcpy(txrxbuf,"`\r\n",3);
469 //txrx(lpc,txrxbuf,3,TXRX_TYPE_DATA);
471 snprintf(txrxbuf,BUFSIZE,"%d\r\n",checksum);
472 slen=strlen(txrxbuf);
473 txrx(lpc,txrxbuf,slen,TXRX_TYPE_CKSM);
474 if(!strncmp(txrxbuf,"RESE",4)) {
475 read(lpc->sfd,txrxbuf+4,4);
476 printf("ram write: resending ...\n");
479 if(strncmp(txrxbuf,"OK\r\n",4)) {
480 printf("ram write: bad response\n");
483 /* reset checksum & counter */
493 int firmware_to_ram(t_lpc *lpc) {
503 ret=read(lpc->fwfd,buf,1);
513 printf("fw to ram: no ihex format\n");
517 ret=read(lpc->fwfd,buf,2);
518 sscanf(buf,"%02x",&len);
520 ret=read(lpc->fwfd,buf,4);
521 sscanf(buf,"%04x",&addr);
523 ret=read(lpc->fwfd,buf,2);
524 sscanf(buf,"%02x",&type);
525 /* successfull return if type is end of file */
528 /* read data (and cksum) */
529 ret=read(lpc->fwfd,buf,2*(len+1));
530 if(ret!=(2*(len+1))) {
531 printf("fw to ram: data missing\n");
534 for(ret=0;ret<len;ret++) {
535 sscanf(buf+2*ret,"%02x",&temp);
538 /* act according to type */
541 // /* get cs and ip */
545 printf("fw to ram: invalid len\n");
548 write_to_ram(lpc,buf,addr,len);
551 lpc->roff=((buf[0]<<24)|(buf[1]<<16));
554 lpc->jaddr=((buf[0]<<24)|(buf[1]<<16));
555 lpc->jaddr|=((buf[2]<<8)|buf[3]);
558 printf("fw to ram: unknown type %02x\n",type);
566 int lpc_txbuf_flush(t_lpc *lpc) {
572 printf("flushing lpc tx buffer: ");
574 ret=read(lpc->sfd,buf,16);
576 printf("%02x ",buf[i]);
583 int dump_files(int sfd,int dfd,u32 addr,u32 len) {
591 printf("dumping content (addr=0x%08x, len=0x%08x) ...\n",addr,len);
597 buf[1]=(addr>>24)&0xff;
598 buf[2]=(addr>>16)&0xff;
599 buf[3]=(addr>>8)&0xff;
601 buf[5]=(len>>24)&0xff;
602 buf[6]=(len>>16)&0xff;
603 buf[7]=(len>>8)&0xff;
605 printf(" sending cmd: ");
607 ret=write(sfd,buf+cnt,size);
608 for(i=cnt;i<cnt+ret;i++)
609 printf("%02x ",buf[i]);
611 perror("dump file: send cmd ");
619 /* receive data and dump it to file */
622 printf(" receiving data ...\n");
624 ret=read(sfd,buf,16);
626 perror("dump file: read data");
632 ret=write(dfd,buf+cnt,size-cnt);
634 perror("dump file: write data");
645 int main(int argc,char **argv) {
655 memset(&lpc,0,sizeof(t_lpc));
656 strncpy(lpc.freq,CRYSTFREQ,7);
662 for(i=1;i<argc;i++) {
664 if(argv[i][0]!='-') {
671 strncpy(lpc.sdev,argv[++i],127);
674 strncpy(lpc.fwfile,argv[++i],127);
681 strncpy(lpc.freq,argv[++i],7);
684 if(argv[i][2]=='0') {
686 strncpy(lpc.bank0,argv[++i],127);
689 else if(argv[i][2]=='2') {
691 strncpy(lpc.bank2,argv[++i],127);
694 else if(argv[i][2]=='b') {
696 strncpy(lpc.bl,argv[++i],127);
711 /* open serial port */
712 if(open_serial_device(&lpc)<0)
715 /* boot loader init */
716 printf("boot loader init ...\n");
720 /* quit if there is no hex file to process */
721 if(!(lpc.info&FIRMWARE)) {
722 printf("no firmware -> aborting\n");
726 /* open firmware file */
727 if(open_firmware(&lpc)<0)
730 /* open dump files */
731 if(open_dumpfiles(&lpc)<0)
734 /* parse intel hex file and write to ram */
735 printf("write firmware to ram ...\n");
736 firmware_to_ram(&lpc);
739 printf("unlock go command ...\n");
746 /* flush the lpc2220 tx buf */
747 lpc_txbuf_flush(&lpc);
749 /* reconfigure the serial port */
750 if(reconfig_serial_device(&lpc)<0)
753 /* download flash/bootloader content */
755 dump_files(lpc.sfd,lpc.b0fd,BANK0_ADDR,BANK_SIZE);
757 dump_files(lpc.sfd,lpc.b2fd,BANK2_ADDR,BANK_SIZE);
759 dump_files(lpc.sfd,lpc.blfd,BL_ADDR,BL_SIZE);