1 /*
2 * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6 #include <stddef.h>
7
8 #include <bootloader_flash_priv.h>
9 #include <esp_log.h>
10 #include <esp_flash_encrypt.h>
11 #include "sdkconfig.h"
12 #include "soc/soc_caps.h"
13 #include "hal/efuse_ll.h"
14 #include "hal/efuse_hal.h"
15
16 #if CONFIG_IDF_TARGET_ESP32
17 # include "soc/spi_struct.h"
18 # include "soc/spi_reg.h"
19 /* SPI flash controller */
20 # define SPIFLASH SPI1
21 #else
22 # include "soc/spi_mem_struct.h"
23 # include "soc/spi_mem_reg.h"
24 /* SPI flash controller */
25 # define SPIFLASH SPIMEM1
26 #endif
27
28 // This dependency will be removed in the future. IDF-5025
29 #include "esp_flash.h"
30
31 #include "esp_rom_spiflash.h"
32
33 #ifdef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
34 #define ENCRYPTION_IS_VIRTUAL (!efuse_hal_flash_encryption_enabled())
35 #else
36 #define ENCRYPTION_IS_VIRTUAL 0
37 #endif
38
39 #define BYTESHIFT(VAR, IDX) (((VAR) >> ((IDX) * 8)) & 0xFF)
40 #define ISSI_ID 0x9D
41 #define MXIC_ID 0xC2
42 #define GD_Q_ID_HIGH 0xC8
43 #define GD_Q_ID_MID 0x40
44 #define GD_Q_ID_LOW 0x16
45
46 #define ESP_BOOTLOADER_SPIFLASH_BP_MASK_ISSI (BIT7 | BIT5 | BIT4 | BIT3 | BIT2)
47 #define ESP_BOOTLOADER_SPIFLASH_QE_GD_SR2 BIT1 // QE position when you write 8 bits(for SR2) at one time.
48 #define ESP_BOOTLOADER_SPIFLASH_QE_SR1_2BYTE BIT9 // QE position when you write 16 bits at one time.
49
50 static const char *TAG = "bootloader_flash";
51
52 static spi_flash_mmap_handle_t map;
53
bootloader_mmap_get_free_pages(void)54 uint32_t bootloader_mmap_get_free_pages(void)
55 {
56 return spi_flash_mmap_get_free_pages(SPI_FLASH_MMAP_DATA);
57 }
58
bootloader_mmap(uint32_t src_addr,uint32_t size)59 const void *bootloader_mmap(uint32_t src_addr, uint32_t size)
60 {
61 if (map) {
62 ESP_EARLY_LOGE(TAG, "tried to bootloader_mmap twice");
63 return NULL; /* existing mapping in use... */
64 }
65 const void *result = NULL;
66 uint32_t src_page = src_addr & ~(SPI_FLASH_MMU_PAGE_SIZE - 1);
67 size += (src_addr - src_page);
68 esp_err_t err = spi_flash_mmap(src_page, size, SPI_FLASH_MMAP_DATA, &result, &map);
69 if (err != ESP_OK) {
70 ESP_EARLY_LOGE(TAG, "spi_flash_mmap failed: 0x%x", err);
71 return NULL;
72 }
73 return (void *)((intptr_t)result + (src_addr - src_page));
74 }
75
bootloader_munmap(const void * mapping)76 void bootloader_munmap(const void *mapping)
77 {
78 if (mapping && map) {
79 spi_flash_munmap(map);
80 }
81 map = 0;
82 }
83
bootloader_flash_read(size_t src,void * dest,size_t size,bool allow_decrypt)84 esp_err_t bootloader_flash_read(size_t src, void *dest, size_t size, bool allow_decrypt)
85 {
86 if (allow_decrypt && esp_flash_encryption_enabled()) {
87 return esp_flash_read_encrypted(NULL, src, dest, size);
88 } else {
89 return esp_flash_read(NULL, dest, src, size);
90 }
91 }
92
bootloader_flash_write(size_t dest_addr,void * src,size_t size,bool write_encrypted)93 esp_err_t bootloader_flash_write(size_t dest_addr, void *src, size_t size, bool write_encrypted)
94 {
95 if (write_encrypted && !ENCRYPTION_IS_VIRTUAL) {
96 return esp_flash_write_encrypted(NULL, dest_addr, src, size);
97 } else {
98 return esp_flash_write(NULL, src, dest_addr, size);
99 }
100 }
101
bootloader_flash_erase_sector(size_t sector)102 esp_err_t bootloader_flash_erase_sector(size_t sector)
103 {
104 // Will de-dependency IDF-5025
105 return esp_flash_erase_region(NULL, sector * SPI_FLASH_SEC_SIZE, SPI_FLASH_SEC_SIZE);
106 }
107
bootloader_flash_erase_range(uint32_t start_addr,uint32_t size)108 esp_err_t bootloader_flash_erase_range(uint32_t start_addr, uint32_t size)
109 {
110 // Will de-dependency IDF-5025
111 return esp_flash_erase_region(NULL, start_addr, size);
112 }
113
114 /* Bootloader version, uses ROM functions only */
115 #if CONFIG_IDF_TARGET_ESP32
116 #include "esp32/rom/cache.h"
117 #endif
118 #include "esp_rom_spiflash.h"
119 #include "esp_rom_sys.h"
120 #include "hal/mmu_hal.h"
121 #include "hal/mmu_ll.h"
122 #include "hal/cache_hal.h"
123 #if CONFIG_IDF_TARGET_ESP32S3
124 #include "esp32s3/rom/opi_flash.h"
125 #endif
126
127 #if CONFIG_IDF_TARGET_ESP32
128 /* Use first 50 blocks in MMU for bootloader_mmap,
129 50th block for bootloader_flash_read
130 */
131 #define MMU_BLOCK0_VADDR SOC_DROM_LOW
132 #define MMAP_MMU_SIZE (0x320000)
133 #define MMU_BLOCK50_VADDR (MMU_BLOCK0_VADDR + MMAP_MMU_SIZE)
134 #define FLASH_READ_VADDR MMU_BLOCK50_VADDR
135
136 #else // !CONFIG_IDF_TARGET_ESP32
137
138 /* Use first 63 blocks in MMU for bootloader_mmap,
139 63th block for bootloader_flash_read
140 */
141 #define MMU_BLOCK0_VADDR SOC_DROM_LOW
142 #define MMAP_MMU_SIZE (DRAM0_CACHE_ADDRESS_HIGH - DRAM0_CACHE_ADDRESS_LOW) // This mmu size means that the mmu size to be mapped
143 #define MMU_BLOCK63_VADDR (MMU_BLOCK0_VADDR + MMAP_MMU_SIZE - SPI_FLASH_MMU_PAGE_SIZE)
144 #define FLASH_READ_VADDR MMU_BLOCK63_VADDR
145 #endif
146
147 #define MMU_FREE_PAGES (MMAP_MMU_SIZE / CONFIG_MMU_PAGE_SIZE)
148
149 static bool mapped;
150
151 // Current bootloader mapping (ab)used for bootloader_read()
152 static uint32_t current_read_mapping = UINT32_MAX;
153
esp_rom_flash_mmap_get_free_pages(void)154 uint32_t esp_rom_flash_mmap_get_free_pages(void)
155 {
156 /**
157 * Allow mapping up to 50 of the 51 available MMU blocks (last one used for reads)
158 * Since, bootloader_mmap function below assumes it to be 0x320000 (50 pages), we can safely do this.
159 */
160 return MMU_FREE_PAGES;
161 }
162
esp_rom_flash_mmap(uint32_t src_paddr,uint32_t size)163 const void *esp_rom_flash_mmap(uint32_t src_paddr, uint32_t size)
164 {
165 if (mapped) {
166 ESP_EARLY_LOGE(TAG, "tried to bootloader_mmap twice");
167 return NULL; /* can't map twice */
168 }
169 if (size > MMAP_MMU_SIZE) {
170 ESP_EARLY_LOGE(TAG, "bootloader_mmap excess size %x", size);
171 return NULL;
172 }
173
174 uint32_t src_paddr_aligned = src_paddr & MMU_FLASH_MASK;
175 //The addr is aligned, so we add the mask off length to the size, to make sure the corresponding buses are enabled.
176 uint32_t size_after_paddr_aligned = (src_paddr - src_paddr_aligned) + size;
177 /**
178 * @note 1
179 * Will add here a check to make sure the vaddr is on read-only and executable buses, since we use others for psram
180 * Now simply check if it's valid vaddr, didn't check if it's readable, writable or executable.
181 * TODO: IDF-4710
182 */
183 if (mmu_ll_check_valid_ext_vaddr_region(0, MMU_BLOCK0_VADDR, size_after_paddr_aligned, MMU_VADDR_DATA | MMU_VADDR_INSTRUCTION) == 0) {
184 ESP_EARLY_LOGE(TAG, "vaddr not valid");
185 return NULL;
186 }
187
188 //-------------stop cache to do the MMU mapping--------------
189 #if CONFIG_IDF_TARGET_ESP32
190 Cache_Read_Disable(0);
191 Cache_Flush(0);
192 #else
193 cache_hal_disable(CACHE_TYPE_ALL);
194 #endif
195
196 //---------------Do mapping------------------------
197 ESP_EARLY_LOGD(TAG, "rodata starts from paddr=0x%08x, size=0x%x, will be mapped to vaddr=0x%08x", src_paddr, size, MMU_BLOCK0_VADDR);
198 #if CONFIG_IDF_TARGET_ESP32
199 uint32_t count = GET_REQUIRED_MMU_PAGES(size, src_paddr);
200 int e = cache_flash_mmu_set(0, 0, MMU_BLOCK0_VADDR, src_paddr_aligned, 64, count);
201 ESP_EARLY_LOGV(TAG, "after mapping, starting from paddr=0x%08x and vaddr=0x%08x, 0x%x bytes are mapped", src_paddr_aligned, MMU_BLOCK0_VADDR, count * SPI_FLASH_MMU_PAGE_SIZE);
202 if (e != 0) {
203 ESP_EARLY_LOGE(TAG, "cache_flash_mmu_set failed: %d\n", e);
204 Cache_Read_Enable(0);
205 return NULL;
206 }
207 #else
208 /**
209 * This hal won't return error, it assumes the inputs are valid. The related check should be done in `bootloader_mmap()`.
210 * See above comments (note 1) about IDF-4710
211 */
212 uint32_t actual_mapped_len = 0;
213 mmu_hal_map_region(0, MMU_TARGET_FLASH0, MMU_BLOCK0_VADDR, src_paddr_aligned, size_after_paddr_aligned, &actual_mapped_len);
214 ESP_EARLY_LOGV(TAG, "after mapping, starting from paddr=0x%08x and vaddr=0x%08x, 0x%x bytes are mapped", src_paddr_aligned, MMU_BLOCK0_VADDR, actual_mapped_len);
215 #endif
216
217 /**
218 * If after mapping, your code stucks, it possibly means that some of the buses are not enabled, check `cache_ll_l1_enable_bus()`
219 * For now, keep this unchanged.
220 */
221
222 //-------------enable cache--------------
223 #if CONFIG_IDF_TARGET_ESP32
224 Cache_Read_Enable(0);
225 #else
226 cache_hal_enable(CACHE_TYPE_ALL);
227 #endif
228
229 mapped = true;
230
231 return (void *)(MMU_BLOCK0_VADDR + (src_paddr - src_paddr_aligned));
232 }
233
esp_rom_flash_unmmap(const void * mapping)234 void esp_rom_flash_unmmap(const void *mapping)
235 {
236 if (mapped) {
237 #if CONFIG_IDF_TARGET_ESP32
238 /* Full MMU reset */
239 Cache_Read_Disable(0);
240 Cache_Flush(0);
241 mmu_init(0);
242 #else
243 cache_hal_disable(CACHE_TYPE_ALL);
244 mmu_hal_unmap_all();
245 #endif
246 mapped = false;
247 current_read_mapping = UINT32_MAX;
248 }
249 }
250
spi_to_esp_err(esp_rom_spiflash_result_t r)251 static esp_err_t spi_to_esp_err(esp_rom_spiflash_result_t r)
252 {
253 switch (r) {
254 case ESP_ROM_SPIFLASH_RESULT_OK:
255 return ESP_OK;
256 case ESP_ROM_SPIFLASH_RESULT_ERR:
257 return ESP_ERR_FLASH_OP_FAIL;
258 case ESP_ROM_SPIFLASH_RESULT_TIMEOUT:
259 return ESP_ERR_FLASH_OP_TIMEOUT;
260 default:
261 return ESP_FAIL;
262 }
263 }
264
bootloader_flash_read_no_decrypt(size_t src_addr,void * dest,size_t size)265 static esp_err_t bootloader_flash_read_no_decrypt(size_t src_addr, void *dest, size_t size)
266 {
267 #if CONFIG_IDF_TARGET_ESP32
268 Cache_Read_Disable(0);
269 Cache_Flush(0);
270 #else
271 cache_hal_disable(CACHE_TYPE_ALL);
272 #endif
273
274 esp_rom_spiflash_result_t r = esp_rom_spiflash_read(src_addr, dest, size);
275
276 #if CONFIG_IDF_TARGET_ESP32
277 Cache_Read_Enable(0);
278 #else
279 cache_hal_enable(CACHE_TYPE_ALL);
280 #endif
281
282 return spi_to_esp_err(r);
283 }
284
bootloader_flash_read_allow_decrypt(size_t src_addr,void * dest,size_t size)285 static esp_err_t bootloader_flash_read_allow_decrypt(size_t src_addr, void *dest, size_t size)
286 {
287 uint32_t *dest_words = (uint32_t *)dest;
288
289 for (size_t word = 0; word < size / 4; word++) {
290 uint32_t word_src = src_addr + word * 4; /* Read this offset from flash */
291 uint32_t map_at = word_src & MMU_FLASH_MASK; /* Map this 64KB block from flash */
292 uint32_t *map_ptr;
293
294 /* Move the 64KB mmu mapping window to fit map_at */
295 if (map_at != current_read_mapping) {
296
297 //----------Stop cache for mapping----------------
298 #if CONFIG_IDF_TARGET_ESP32
299 Cache_Read_Disable(0);
300 Cache_Flush(0);
301 #else
302 cache_hal_disable(CACHE_TYPE_ALL);
303 #endif
304
305 //---------------Do mapping------------------------
306 ESP_EARLY_LOGD(TAG, "mmu set block paddr=0x%08x (was 0x%08x)", map_at, current_read_mapping);
307 #if CONFIG_IDF_TARGET_ESP32
308 //Should never fail if we only map a SPI_FLASH_MMU_PAGE_SIZE to the vaddr starting from FLASH_READ_VADDR
309 int e = cache_flash_mmu_set(0, 0, FLASH_READ_VADDR, map_at, 64, 1);
310 if (e != 0) {
311 ESP_EARLY_LOGE(TAG, "cache_flash_mmu_set failed: error=%d\n", e);
312 Cache_Read_Enable(0);
313 return ESP_FAIL;
314 }
315 #else
316 uint32_t actual_mapped_len = 0;
317 mmu_hal_map_region(0, MMU_TARGET_FLASH0, FLASH_READ_VADDR, map_at, SPI_FLASH_MMU_PAGE_SIZE - 1, &actual_mapped_len);
318 #endif
319 current_read_mapping = map_at;
320
321 //-------------enable cache-------------------------
322 #if CONFIG_IDF_TARGET_ESP32
323 Cache_Read_Enable(0);
324 #else
325 cache_hal_enable(CACHE_TYPE_ALL);
326 #endif
327 }
328 map_ptr = (uint32_t *)(FLASH_READ_VADDR + (word_src - map_at));
329 dest_words[word] = *map_ptr;
330 }
331 return ESP_OK;
332 }
333
esp_rom_flash_read(size_t src_addr,void * dest,size_t size,bool allow_decrypt)334 esp_err_t esp_rom_flash_read(size_t src_addr, void *dest, size_t size, bool allow_decrypt)
335 {
336 if (src_addr & 3) {
337 ESP_EARLY_LOGE(TAG, "bootloader_flash_read src_addr 0x%x not 4-byte aligned", src_addr);
338 return ESP_FAIL;
339 }
340 if (size & 3) {
341 ESP_EARLY_LOGE(TAG, "bootloader_flash_read size 0x%x not 4-byte aligned", size);
342 return ESP_FAIL;
343 }
344 if ((intptr_t)dest & 3) {
345 ESP_EARLY_LOGE(TAG, "bootloader_flash_read dest 0x%x not 4-byte aligned", (intptr_t)dest);
346 return ESP_FAIL;
347 }
348
349 if (allow_decrypt) {
350 return bootloader_flash_read_allow_decrypt(src_addr, dest, size);
351 } else {
352 return bootloader_flash_read_no_decrypt(src_addr, dest, size);
353 }
354 }
355
esp_rom_flash_write(size_t dest_addr,void * src,size_t size,bool write_encrypted)356 esp_err_t esp_rom_flash_write(size_t dest_addr, void *src, size_t size, bool write_encrypted)
357 {
358 esp_err_t err;
359 size_t alignment = write_encrypted ? 32 : 4;
360 if ((dest_addr % alignment) != 0) {
361 ESP_EARLY_LOGE(TAG, "bootloader_flash_write dest_addr 0x%x not %d-byte aligned", dest_addr, alignment);
362 return ESP_FAIL;
363 }
364 if ((size % alignment) != 0) {
365 ESP_EARLY_LOGE(TAG, "bootloader_flash_write size 0x%x not %d-byte aligned", size, alignment);
366 return ESP_FAIL;
367 }
368 if (((intptr_t)src % 4) != 0) {
369 ESP_EARLY_LOGE(TAG, "bootloader_flash_write src 0x%x not 4 byte aligned", (intptr_t)src);
370 return ESP_FAIL;
371 }
372
373 err = bootloader_flash_unlock();
374 if (err != ESP_OK) {
375 return err;
376 }
377
378 if (write_encrypted && !ENCRYPTION_IS_VIRTUAL) {
379 return spi_to_esp_err(esp_rom_spiflash_write_encrypted(dest_addr, src, size));
380 } else {
381 return spi_to_esp_err(esp_rom_spiflash_write(dest_addr, src, size));
382 }
383 }
384
esp_rom_flash_erase_sector(size_t sector)385 esp_err_t esp_rom_flash_erase_sector(size_t sector)
386 {
387 return spi_to_esp_err(esp_rom_spiflash_erase_sector(sector));
388 }
389
esp_rom_flash_erase_range(uint32_t start_addr,uint32_t size)390 esp_err_t esp_rom_flash_erase_range(uint32_t start_addr, uint32_t size)
391 {
392 if (start_addr % FLASH_SECTOR_SIZE != 0) {
393 return ESP_ERR_INVALID_ARG;
394 }
395 if (size % FLASH_SECTOR_SIZE != 0) {
396 return ESP_ERR_INVALID_SIZE;
397 }
398 size_t start = start_addr / FLASH_SECTOR_SIZE;
399 size_t end = start + size / FLASH_SECTOR_SIZE;
400 const size_t sectors_per_block = FLASH_BLOCK_SIZE / FLASH_SECTOR_SIZE;
401
402 esp_rom_spiflash_result_t rc = ESP_ROM_SPIFLASH_RESULT_OK;
403 for (size_t sector = start; sector != end && rc == ESP_ROM_SPIFLASH_RESULT_OK; ) {
404 if (sector % sectors_per_block == 0 && end - sector >= sectors_per_block) {
405 rc = esp_rom_spiflash_erase_block(sector / sectors_per_block);
406 sector += sectors_per_block;
407 } else {
408 rc = esp_rom_spiflash_erase_sector(sector);
409 ++sector;
410 }
411 }
412 return spi_to_esp_err(rc);
413 }
414
415 #if CONFIG_BOOTLOADER_CACHE_32BIT_ADDR_OCTAL_FLASH
bootloader_flash_32bits_address_map_enable(esp_rom_spiflash_read_mode_t flash_mode)416 void bootloader_flash_32bits_address_map_enable(esp_rom_spiflash_read_mode_t flash_mode)
417 {
418 esp_rom_opiflash_spi0rd_t cache_rd = {};
419 switch (flash_mode) {
420 case ESP_ROM_SPIFLASH_FASTRD_MODE:
421 cache_rd.addr_bit_len = 32;
422 cache_rd.dummy_bit_len = 8;
423 cache_rd.cmd = CMD_FASTRD_4B;
424 cache_rd.cmd_bit_len = 8;
425 break;
426 case ESP_ROM_SPIFLASH_SLOWRD_MODE:
427 cache_rd.addr_bit_len = 32;
428 cache_rd.dummy_bit_len = 0;
429 cache_rd.cmd = CMD_SLOWRD_4B;
430 cache_rd.cmd_bit_len = 8;
431 break;
432 default:
433 assert(false);
434 break;
435 }
436 cache_hal_disable(CACHE_TYPE_ALL);
437 esp_rom_opiflash_cache_mode_config(flash_mode, &cache_rd);
438 cache_hal_enable(CACHE_TYPE_ALL);
439 }
440 #endif
441
is_issi_chip(const esp_rom_spiflash_chip_t * chip)442 FORCE_INLINE_ATTR bool is_issi_chip(const esp_rom_spiflash_chip_t* chip)
443 {
444 return BYTESHIFT(chip->device_id, 2) == ISSI_ID;
445 }
446
447 // For GD25Q32, GD25Q64, GD25Q127C, GD25Q128, which use single command to read/write different SR.
is_gd_q_chip(const esp_rom_spiflash_chip_t * chip)448 FORCE_INLINE_ATTR bool is_gd_q_chip(const esp_rom_spiflash_chip_t* chip)
449 {
450 return BYTESHIFT(chip->device_id, 2) == GD_Q_ID_HIGH && BYTESHIFT(chip->device_id, 1) == GD_Q_ID_MID && BYTESHIFT(chip->device_id, 0) >= GD_Q_ID_LOW;
451 }
452
is_mxic_chip(const esp_rom_spiflash_chip_t * chip)453 FORCE_INLINE_ATTR bool is_mxic_chip(const esp_rom_spiflash_chip_t* chip)
454 {
455 return BYTESHIFT(chip->device_id, 2) == MXIC_ID;
456 }
457
bootloader_flash_unlock(void)458 esp_err_t IRAM_ATTR __attribute__((weak)) bootloader_flash_unlock(void)
459 {
460 // At the beginning status == new_status == status_sr2 == new_status_sr2 == 0.
461 // If the register doesn't need to be updated, keep them the same (0), so that no command will be actually sent.
462 uint16_t status = 0; // status for SR1 or SR1+SR2 if writing SR with 01H + 2Bytes.
463 uint16_t new_status = 0;
464 uint8_t status_sr2 = 0; // status_sr2 for SR2.
465 uint8_t new_status_sr2 = 0;
466 uint8_t sr1_bit_num = 0;
467 esp_err_t err = ESP_OK;
468
469 esp_rom_spiflash_wait_idle(&g_rom_flashchip);
470 if (is_issi_chip(&g_rom_flashchip) || is_mxic_chip(&g_rom_flashchip)) {
471 // Currently ISSI & MXIC share the same command and register layout, which is different from the default model.
472 // If any code here needs to be modified, check both chips.
473 status = bootloader_execute_flash_command(CMD_RDSR, 0, 0, 8);
474
475 /* Clear all bits in the mask.
476 (This is different from ROM esp_rom_spiflash_unlock, which keeps all bits as-is.)
477 */
478 sr1_bit_num = 8;
479 new_status = status & (~ESP_BOOTLOADER_SPIFLASH_BP_MASK_ISSI);
480 } else if (is_gd_q_chip(&g_rom_flashchip)) {
481 /* The GD chips behaviour is to clear all bits in SR1 and clear bits in SR2 except QE bit.
482 Use 01H to write SR1 and 31H to write SR2.
483 */
484 status = bootloader_execute_flash_command(CMD_RDSR, 0, 0, 8);
485 sr1_bit_num = 8;
486 new_status = 0;
487
488 status_sr2 = bootloader_execute_flash_command(CMD_RDSR2, 0, 0, 8);
489 new_status_sr2 = status_sr2 & ESP_BOOTLOADER_SPIFLASH_QE_GD_SR2;
490 } else {
491 /* For common behaviour, like XMC chips, Use 01H+2Bytes to write both SR1 and SR2*/
492 status = bootloader_execute_flash_command(CMD_RDSR, 0, 0, 8) | (bootloader_execute_flash_command(CMD_RDSR2, 0, 0, 8) << 8);
493
494 /* Clear all bits except QE, if it is set.
495 (This is different from ROM esp_rom_spiflash_unlock, which keeps all bits as-is.)
496 */
497 sr1_bit_num = 16;
498 new_status = status & ESP_BOOTLOADER_SPIFLASH_QE_SR1_2BYTE;
499 }
500
501 // When SR is written, set to true to indicate that WRDI need to be sent to ensure the protection is ON before return.
502 bool status_written = false;
503 // Skip if nothing needs to be changed. Meaningless writing to SR increases the risk during write and wastes time.
504 if (status != new_status) {
505 esp_rom_spiflash_wait_idle(&g_rom_flashchip);
506 bootloader_execute_flash_command(CMD_WREN, 0, 0, 0);
507 bootloader_execute_flash_command(CMD_WRSR, new_status, sr1_bit_num, 0);
508 status_written = true;
509 }
510
511 if (status_sr2 != new_status_sr2) {
512 esp_rom_spiflash_wait_idle(&g_rom_flashchip);
513 bootloader_execute_flash_command(CMD_WREN, 0, 0, 0);
514 bootloader_execute_flash_command(CMD_WRSR2, new_status_sr2, 8, 0);
515 status_written = true;
516 }
517
518 if (status_written) {
519 //Call esp_rom_spiflash_wait_idle to make sure previous WRSR is completed.
520 esp_rom_spiflash_wait_idle(&g_rom_flashchip);
521 bootloader_execute_flash_command(CMD_WRDI, 0, 0, 0);
522 }
523
524 return err;
525 }
526
bootloader_flash_execute_command_common(uint8_t command,uint32_t addr_len,uint32_t address,uint8_t dummy_len,uint8_t mosi_len,uint32_t mosi_data,uint8_t miso_len)527 IRAM_ATTR uint32_t bootloader_flash_execute_command_common(
528 uint8_t command,
529 uint32_t addr_len, uint32_t address,
530 uint8_t dummy_len,
531 uint8_t mosi_len, uint32_t mosi_data,
532 uint8_t miso_len)
533 {
534 assert(mosi_len <= 32);
535 assert(miso_len <= 32);
536 uint32_t old_ctrl_reg = SPIFLASH.ctrl.val;
537 uint32_t old_user_reg = SPIFLASH.user.val;
538 uint32_t old_user1_reg = SPIFLASH.user1.val;
539 #if CONFIG_IDF_TARGET_ESP32
540 SPIFLASH.ctrl.val = SPI_WP_REG_M; // keep WP high while idle, otherwise leave DIO mode
541 #else
542 SPIFLASH.ctrl.val = SPI_MEM_WP_REG_M; // keep WP high while idle, otherwise leave DIO mode
543 #endif
544 //command phase
545 SPIFLASH.user.usr_command = 1;
546 SPIFLASH.user2.usr_command_bitlen = 7;
547 SPIFLASH.user2.usr_command_value = command;
548 //addr phase
549 SPIFLASH.user.usr_addr = addr_len > 0;
550 SPIFLASH.user1.usr_addr_bitlen = addr_len - 1;
551 #if CONFIG_IDF_TARGET_ESP32
552 SPIFLASH.addr = (addr_len > 0)? (address << (32-addr_len)) : 0;
553 #else
554 SPIFLASH.addr = address;
555 #endif
556 //dummy phase
557 uint32_t total_dummy = dummy_len;
558 if (miso_len > 0) {
559 total_dummy += g_rom_spiflash_dummy_len_plus[1];
560 }
561 SPIFLASH.user.usr_dummy = total_dummy > 0;
562 SPIFLASH.user1.usr_dummy_cyclelen = total_dummy - 1;
563 //output data
564 SPIFLASH.user.usr_mosi = mosi_len > 0;
565 #if CONFIG_IDF_TARGET_ESP32
566 SPIFLASH.mosi_dlen.usr_mosi_dbitlen = mosi_len ? (mosi_len - 1) : 0;
567 #else
568 SPIFLASH.mosi_dlen.usr_mosi_bit_len = mosi_len ? (mosi_len - 1) : 0;
569 #endif
570 SPIFLASH.data_buf[0] = mosi_data;
571 //input data
572 SPIFLASH.user.usr_miso = miso_len > 0;
573 #if CONFIG_IDF_TARGET_ESP32
574 SPIFLASH.miso_dlen.usr_miso_dbitlen = miso_len ? (miso_len - 1) : 0;
575 #else
576 SPIFLASH.miso_dlen.usr_miso_bit_len = miso_len ? (miso_len - 1) : 0;
577 #endif
578
579 SPIFLASH.cmd.usr = 1;
580 while (SPIFLASH.cmd.usr != 0) {
581 }
582 SPIFLASH.ctrl.val = old_ctrl_reg;
583 SPIFLASH.user.val = old_user_reg;
584 SPIFLASH.user1.val = old_user1_reg;
585
586 uint32_t ret = SPIFLASH.data_buf[0];
587 if (miso_len < 32) {
588 //set unused bits to 0
589 ret &= ~(UINT32_MAX << miso_len);
590 }
591 return ret;
592 }
593
bootloader_execute_flash_command(uint8_t command,uint32_t mosi_data,uint8_t mosi_len,uint8_t miso_len)594 uint32_t IRAM_ATTR bootloader_execute_flash_command(uint8_t command, uint32_t mosi_data, uint8_t mosi_len, uint8_t miso_len)
595 {
596 const uint8_t addr_len = 0;
597 const uint8_t address = 0;
598 const uint8_t dummy_len = 0;
599
600 return bootloader_flash_execute_command_common(command, addr_len, address,
601 dummy_len, mosi_len, mosi_data, miso_len);
602 }
603
604 // cmd(0x5A) + 24bit address + 8 cycles dummy
bootloader_flash_read_sfdp(uint32_t sfdp_addr,unsigned int miso_byte_num)605 uint32_t IRAM_ATTR bootloader_flash_read_sfdp(uint32_t sfdp_addr, unsigned int miso_byte_num)
606 {
607 assert(miso_byte_num <= 4);
608 const uint8_t command = CMD_RDSFDP;
609 const uint8_t addr_len = 24;
610 const uint8_t dummy_len = 8;
611 const uint8_t mosi_len = 0;
612 const uint32_t mosi_data = 0;
613 const uint8_t miso_len = miso_byte_num * 8;
614
615 return bootloader_flash_execute_command_common(command, addr_len, sfdp_addr,
616 dummy_len, mosi_len, mosi_data, miso_len);
617 }
618
bootloader_enable_wp(void)619 void bootloader_enable_wp(void)
620 {
621 bootloader_execute_flash_command(CMD_WRDI, 0, 0, 0); /* Exit OTP mode */
622 }
623
bootloader_read_flash_id(void)624 uint32_t IRAM_ATTR bootloader_read_flash_id(void)
625 {
626 uint32_t id = bootloader_execute_flash_command(CMD_RDID, 0, 0, 24);
627 id = ((id & 0xff) << 16) | ((id >> 16) & 0xff) | (id & 0xff00);
628 return id;
629 }
630
bootloader_spi_flash_reset(void)631 void bootloader_spi_flash_reset(void)
632 {
633 bootloader_execute_flash_command(CMD_RESETEN, 0, 0, 0);
634 bootloader_execute_flash_command(CMD_RESET, 0, 0, 0);
635 }
636
637 /*******************************************************************************
638 * XMC startup flow
639 ******************************************************************************/
640
641 #define XMC_SUPPORT CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT
642 #define XMC_VENDOR_ID 0x20
643
644 static DRAM_ATTR char bootloader_flash_tag[] = "bootloader_flash";
645 #define BOOTLOADER_FLASH_LOG(level, ...) ESP_DRAM_LOG##level(bootloader_flash_tag, ##__VA_ARGS__)
646
647 #if XMC_SUPPORT
648 //strictly check the model
is_xmc_chip_strict(uint32_t rdid)649 static IRAM_ATTR bool is_xmc_chip_strict(uint32_t rdid)
650 {
651 uint32_t vendor_id = BYTESHIFT(rdid, 2);
652 uint32_t mfid = BYTESHIFT(rdid, 1);
653 uint32_t cpid = BYTESHIFT(rdid, 0);
654
655 if (vendor_id != XMC_VENDOR_ID) {
656 return false;
657 }
658
659 bool matched = false;
660 if (mfid == 0x40) {
661 if (cpid >= 0x13 && cpid <= 0x20) {
662 matched = true;
663 }
664 } else if (mfid == 0x41) {
665 if (cpid >= 0x17 && cpid <= 0x20) {
666 matched = true;
667 }
668 } else if (mfid == 0x50) {
669 if (cpid >= 0x15 && cpid <= 0x16) {
670 matched = true;
671 }
672 }
673 return matched;
674 }
675
bootloader_flash_xmc_startup(void)676 esp_err_t IRAM_ATTR bootloader_flash_xmc_startup(void)
677 {
678 // If the RDID value is a valid XMC one, may skip the flow
679 const bool fast_check = true;
680 if (fast_check && is_xmc_chip_strict(g_rom_flashchip.device_id)) {
681 BOOTLOADER_FLASH_LOG(D, "XMC chip detected by RDID (%08X), skip.", g_rom_flashchip.device_id);
682 return ESP_OK;
683 }
684
685 // Check the Manufacturer ID in SFDP registers (JEDEC standard). If not XMC chip, no need to run the flow
686 const int sfdp_mfid_addr = 0x10;
687 uint8_t mf_id = (bootloader_flash_read_sfdp(sfdp_mfid_addr, 1) & 0xff);
688 if (mf_id != XMC_VENDOR_ID) {
689 BOOTLOADER_FLASH_LOG(D, "non-XMC chip detected by SFDP Read (%02X), skip.", mf_id);
690 return ESP_OK;
691 }
692
693 BOOTLOADER_FLASH_LOG(I, "XM25QHxxC startup flow");
694 // Enter DPD
695 bootloader_execute_flash_command(0xB9, 0, 0, 0);
696 // Enter UDPD
697 bootloader_execute_flash_command(0x79, 0, 0, 0);
698 // Exit UDPD
699 bootloader_execute_flash_command(0xFF, 0, 0, 0);
700 // Delay tXUDPD
701 esp_rom_delay_us(2000);
702 // Release Power-down
703 bootloader_execute_flash_command(0xAB, 0, 0, 0);
704 esp_rom_delay_us(20);
705 // Read flash ID and check again
706 g_rom_flashchip.device_id = bootloader_read_flash_id();
707 if (!is_xmc_chip_strict(g_rom_flashchip.device_id)) {
708 BOOTLOADER_FLASH_LOG(E, "XMC flash startup fail");
709 return ESP_FAIL;
710 }
711
712 return ESP_OK;
713 }
714
715 #else
716 //only compare the vendor id
is_xmc_chip(uint32_t rdid)717 static IRAM_ATTR bool is_xmc_chip(uint32_t rdid)
718 {
719 uint32_t vendor_id = (rdid >> 16) & 0xFF;
720 return (vendor_id == XMC_VENDOR_ID);
721 }
722
bootloader_flash_xmc_startup(void)723 esp_err_t IRAM_ATTR bootloader_flash_xmc_startup(void)
724 {
725 if (is_xmc_chip(g_rom_flashchip.device_id)) {
726 BOOTLOADER_FLASH_LOG(E, "XMC chip detected (%08X) while support disabled.", g_rom_flashchip.device_id);
727 return ESP_FAIL;
728 }
729 return ESP_OK;
730 }
731
732 #endif //XMC_SUPPORT
733
bootloader_mspi_reset(void)734 FORCE_INLINE_ATTR void bootloader_mspi_reset(void)
735 {
736 #if CONFIG_IDF_TARGET_ESP32
737 SPI1.slave.sync_reset = 0;
738 SPI0.slave.sync_reset = 0;
739 SPI1.slave.sync_reset = 1;
740 SPI0.slave.sync_reset = 1;
741 SPI1.slave.sync_reset = 0;
742 SPI0.slave.sync_reset = 0;
743 #else
744 SPIMEM1.ctrl2.sync_reset = 0;
745 SPIMEM0.ctrl2.sync_reset = 0;
746 SPIMEM1.ctrl2.sync_reset = 1;
747 SPIMEM0.ctrl2.sync_reset = 1;
748 SPIMEM1.ctrl2.sync_reset = 0;
749 SPIMEM0.ctrl2.sync_reset = 0;
750 #endif
751 }
752
bootloader_flash_reset_chip(void)753 esp_err_t IRAM_ATTR bootloader_flash_reset_chip(void)
754 {
755 bootloader_mspi_reset();
756 // Seems that sync_reset cannot make host totally idle.'
757 // Sending an extra(useless) command to make the host idle in order to send reset command.
758 bootloader_execute_flash_command(0x05, 0, 0, 0);
759 #if CONFIG_IDF_TARGET_ESP32
760 if (SPI1.ext2.st != 0)
761 #else
762 if (!spimem_flash_ll_host_idle(&SPIMEM1))
763 #endif
764 {
765 return ESP_FAIL;
766 }
767 bootloader_execute_flash_command(0x66, 0, 0, 0);
768 bootloader_execute_flash_command(0x99, 0, 0, 0);
769
770 return ESP_OK;
771 }
772
bootloader_flash_is_octal_mode_enabled(void)773 bool IRAM_ATTR bootloader_flash_is_octal_mode_enabled(void)
774 {
775 #if SOC_SPI_MEM_SUPPORT_OPI_MODE
776 return efuse_ll_get_flash_type();
777 #else
778 return false;
779 #endif
780 }
781
bootloader_flash_get_spi_mode(void)782 esp_rom_spiflash_read_mode_t bootloader_flash_get_spi_mode(void)
783 {
784 esp_rom_spiflash_read_mode_t spi_mode = ESP_ROM_SPIFLASH_FASTRD_MODE;
785 #if CONFIG_IDF_TARGET_ESP32
786 uint32_t spi_ctrl = REG_READ(SPI_CTRL_REG(0));
787 if (spi_ctrl & SPI_FREAD_QIO) {
788 spi_mode = ESP_ROM_SPIFLASH_QIO_MODE;
789 } else if (spi_ctrl & SPI_FREAD_QUAD) {
790 spi_mode = ESP_ROM_SPIFLASH_QOUT_MODE;
791 } else if (spi_ctrl & SPI_FREAD_DIO) {
792 spi_mode = ESP_ROM_SPIFLASH_DIO_MODE;
793 } else if (spi_ctrl & SPI_FREAD_DUAL) {
794 spi_mode = ESP_ROM_SPIFLASH_DOUT_MODE;
795 } else if (spi_ctrl & SPI_FASTRD_MODE) {
796 spi_mode = ESP_ROM_SPIFLASH_FASTRD_MODE;
797 } else {
798 spi_mode = ESP_ROM_SPIFLASH_SLOWRD_MODE;
799 }
800 #else
801 uint32_t spi_ctrl = REG_READ(SPI_MEM_CTRL_REG(0));
802 if (spi_ctrl & SPI_MEM_FREAD_QIO) {
803 spi_mode = ESP_ROM_SPIFLASH_QIO_MODE;
804 } else if (spi_ctrl & SPI_MEM_FREAD_QUAD) {
805 spi_mode = ESP_ROM_SPIFLASH_QOUT_MODE;
806 } else if (spi_ctrl & SPI_MEM_FREAD_DIO) {
807 spi_mode = ESP_ROM_SPIFLASH_DIO_MODE;
808 } else if (spi_ctrl & SPI_MEM_FREAD_DUAL) {
809 spi_mode = ESP_ROM_SPIFLASH_DOUT_MODE;
810 } else if (spi_ctrl & SPI_MEM_FASTRD_MODE) {
811 spi_mode = ESP_ROM_SPIFLASH_FASTRD_MODE;
812 } else {
813 spi_mode = ESP_ROM_SPIFLASH_SLOWRD_MODE;
814 }
815 #endif
816 return spi_mode;
817 }
818
