1 /*
2 * Copyright (c) 2020 Raspberry Pi (Trading) Ltd.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include "hardware/flash.h"
8 #include "pico/bootrom.h"
9
10 #if PICO_RP2040
11 #include "hardware/structs/io_qspi.h"
12 #include "hardware/structs/ssi.h"
13 #else
14 #include "hardware/structs/qmi.h"
15 #include "hardware/regs/otp_data.h"
16 #endif
17 #include "hardware/xip_cache.h"
18
19 #define FLASH_BLOCK_ERASE_CMD 0xd8
20
21 // Standard RUID instruction: 4Bh command prefix, 32 dummy bits, 64 data bits.
22 #define FLASH_RUID_CMD 0x4b
23 #define FLASH_RUID_DUMMY_BYTES 4
24 #define FLASH_RUID_DATA_BYTES FLASH_UNIQUE_ID_SIZE_BYTES
25 #define FLASH_RUID_TOTAL_BYTES (1 + FLASH_RUID_DUMMY_BYTES + FLASH_RUID_DATA_BYTES)
26
27 //-----------------------------------------------------------------------------
28 // Infrastructure for reentering XIP mode after exiting for programming (take
29 // a copy of boot2 before XIP exit). Calling boot2 as a function works because
30 // it accepts a return vector in LR (and doesn't trash r4-r7). Bootrom passes
31 // NULL in LR, instructing boot2 to enter flash vector table's reset handler.
32
33 #if !PICO_NO_FLASH
34
35 #define BOOT2_SIZE_WORDS 64
36
37 static uint32_t boot2_copyout[BOOT2_SIZE_WORDS];
38 static bool boot2_copyout_valid = false;
39
__no_inline_not_in_flash_func(flash_init_boot2_copyout)40 static void __no_inline_not_in_flash_func(flash_init_boot2_copyout)(void) {
41 if (boot2_copyout_valid)
42 return;
43 // todo we may want the option of boot2 just being a free function in
44 // user RAM, e.g. if it is larger than 256 bytes
45 #if PICO_RP2040
46 const volatile uint32_t *copy_from = (uint32_t *)XIP_BASE;
47 #else
48 const volatile uint32_t *copy_from = (uint32_t *)BOOTRAM_BASE;
49 #endif
50 for (int i = 0; i < BOOT2_SIZE_WORDS; ++i)
51 boot2_copyout[i] = copy_from[i];
52 __compiler_memory_barrier();
53 boot2_copyout_valid = true;
54 }
55
56
__no_inline_not_in_flash_func(flash_enable_xip_via_boot2)57 static void __no_inline_not_in_flash_func(flash_enable_xip_via_boot2)(void) {
58 ((void (*)(void))((intptr_t)boot2_copyout+1))();
59 }
60
61 #else
62
__no_inline_not_in_flash_func(flash_init_boot2_copyout)63 static void __no_inline_not_in_flash_func(flash_init_boot2_copyout)(void) {}
64
__no_inline_not_in_flash_func(flash_enable_xip_via_boot2)65 static void __no_inline_not_in_flash_func(flash_enable_xip_via_boot2)(void) {
66 // Set up XIP for 03h read on bus access (slow but generic)
67 rom_flash_enter_cmd_xip_fn flash_enter_cmd_xip_func = (rom_flash_enter_cmd_xip_fn)rom_func_lookup_inline(ROM_FUNC_FLASH_ENTER_CMD_XIP);
68 assert(flash_enter_cmd_xip_func);
69 flash_enter_cmd_xip_func();
70 }
71
72 #endif
73
74 #if PICO_RP2350
75 // This is specifically for saving/restoring the registers modified by RP2350
76 // flash_exit_xip() ROM func, not the entirety of the QMI window state.
77 typedef struct flash_rp2350_qmi_save_state {
78 uint32_t timing;
79 uint32_t rcmd;
80 uint32_t rfmt;
81 } flash_rp2350_qmi_save_state_t;
82
__no_inline_not_in_flash_func(flash_rp2350_save_qmi_cs1)83 static void __no_inline_not_in_flash_func(flash_rp2350_save_qmi_cs1)(flash_rp2350_qmi_save_state_t *state) {
84 state->timing = qmi_hw->m[1].timing;
85 state->rcmd = qmi_hw->m[1].rcmd;
86 state->rfmt = qmi_hw->m[1].rfmt;
87 }
88
__no_inline_not_in_flash_func(flash_rp2350_restore_qmi_cs1)89 static void __no_inline_not_in_flash_func(flash_rp2350_restore_qmi_cs1)(const flash_rp2350_qmi_save_state_t *state) {
90 if (flash_devinfo_get_cs_size(1) == FLASH_DEVINFO_SIZE_NONE) {
91 // Case 1: The RP2350 ROM sets QMI to a clean (03h read) configuration
92 // during flash_exit_xip(), even though when CS1 is not enabled via
93 // FLASH_DEVINFO it does not issue an XIP exit sequence to CS1. In
94 // this case, restore the original register config for CS1 as it is
95 // still the correct config.
96 qmi_hw->m[1].timing = state->timing;
97 qmi_hw->m[1].rcmd = state->rcmd;
98 qmi_hw->m[1].rfmt = state->rfmt;
99 } else {
100 // Case 2: If RAM is attached to CS1, and the ROM has issued an XIP
101 // exit sequence to it, then the ROM re-initialisation of the QMI
102 // registers has actually not gone far enough. The old XIP write mode
103 // is no longer valid when the QSPI RAM is returned to a serial
104 // command state. Restore the default 02h serial write command config.
105 qmi_hw->m[1].wfmt = QMI_M1_WFMT_RESET;
106 qmi_hw->m[1].wcmd = QMI_M1_WCMD_RESET;
107 }
108 }
109 #endif
110
111 //-----------------------------------------------------------------------------
112 // Actual flash programming shims (work whether or not PICO_NO_FLASH==1)
113
__no_inline_not_in_flash_func(flash_range_erase)114 void __no_inline_not_in_flash_func(flash_range_erase)(uint32_t flash_offs, size_t count) {
115 #ifdef PICO_FLASH_SIZE_BYTES
116 hard_assert(flash_offs + count <= PICO_FLASH_SIZE_BYTES);
117 #endif
118 invalid_params_if(HARDWARE_FLASH, flash_offs & (FLASH_SECTOR_SIZE - 1));
119 invalid_params_if(HARDWARE_FLASH, count & (FLASH_SECTOR_SIZE - 1));
120 rom_connect_internal_flash_fn connect_internal_flash_func = (rom_connect_internal_flash_fn)rom_func_lookup_inline(ROM_FUNC_CONNECT_INTERNAL_FLASH);
121 rom_flash_exit_xip_fn flash_exit_xip_func = (rom_flash_exit_xip_fn)rom_func_lookup_inline(ROM_FUNC_FLASH_EXIT_XIP);
122 rom_flash_range_erase_fn flash_range_erase_func = (rom_flash_range_erase_fn)rom_func_lookup_inline(ROM_FUNC_FLASH_RANGE_ERASE);
123 rom_flash_flush_cache_fn flash_flush_cache_func = (rom_flash_flush_cache_fn)rom_func_lookup_inline(ROM_FUNC_FLASH_FLUSH_CACHE);
124 assert(connect_internal_flash_func && flash_exit_xip_func && flash_range_erase_func && flash_flush_cache_func);
125 flash_init_boot2_copyout();
126 // Commit any pending writes to external RAM, to avoid losing them in the subsequent flush:
127 xip_cache_clean_all();
128 #if PICO_RP2350
129 flash_rp2350_qmi_save_state_t qmi_save;
130 flash_rp2350_save_qmi_cs1(&qmi_save);
131 #endif
132
133 // No flash accesses after this point
134 __compiler_memory_barrier();
135
136 connect_internal_flash_func();
137 flash_exit_xip_func();
138 flash_range_erase_func(flash_offs, count, FLASH_BLOCK_SIZE, FLASH_BLOCK_ERASE_CMD);
139 flash_flush_cache_func(); // Note this is needed to remove CSn IO force as well as cache flushing
140 flash_enable_xip_via_boot2();
141 #if PICO_RP2350
142 flash_rp2350_restore_qmi_cs1(&qmi_save);
143 #endif
144 }
145
__no_inline_not_in_flash_func(flash_flush_cache)146 void __no_inline_not_in_flash_func(flash_flush_cache)(void) {
147 rom_flash_flush_cache_fn flash_flush_cache_func = (rom_flash_flush_cache_fn)rom_func_lookup_inline(ROM_FUNC_FLASH_FLUSH_CACHE);
148 flash_flush_cache_func();
149 }
150
__no_inline_not_in_flash_func(flash_range_program)151 void __no_inline_not_in_flash_func(flash_range_program)(uint32_t flash_offs, const uint8_t *data, size_t count) {
152 #ifdef PICO_FLASH_SIZE_BYTES
153 hard_assert(flash_offs + count <= PICO_FLASH_SIZE_BYTES);
154 #endif
155 invalid_params_if(HARDWARE_FLASH, flash_offs & (FLASH_PAGE_SIZE - 1));
156 invalid_params_if(HARDWARE_FLASH, count & (FLASH_PAGE_SIZE - 1));
157 rom_connect_internal_flash_fn connect_internal_flash_func = (rom_connect_internal_flash_fn)rom_func_lookup_inline(ROM_FUNC_CONNECT_INTERNAL_FLASH);
158 rom_flash_exit_xip_fn flash_exit_xip_func = (rom_flash_exit_xip_fn)rom_func_lookup_inline(ROM_FUNC_FLASH_EXIT_XIP);
159 rom_flash_range_program_fn flash_range_program_func = (rom_flash_range_program_fn)rom_func_lookup_inline(ROM_FUNC_FLASH_RANGE_PROGRAM);
160 rom_flash_flush_cache_fn flash_flush_cache_func = (rom_flash_flush_cache_fn)rom_func_lookup_inline(ROM_FUNC_FLASH_FLUSH_CACHE);
161 assert(connect_internal_flash_func && flash_exit_xip_func && flash_range_program_func && flash_flush_cache_func);
162 flash_init_boot2_copyout();
163 xip_cache_clean_all();
164 #if PICO_RP2350
165 flash_rp2350_qmi_save_state_t qmi_save;
166 flash_rp2350_save_qmi_cs1(&qmi_save);
167 #endif
168
169 __compiler_memory_barrier();
170
171 connect_internal_flash_func();
172 flash_exit_xip_func();
173 flash_range_program_func(flash_offs, data, count);
174 flash_flush_cache_func(); // Note this is needed to remove CSn IO force as well as cache flushing
175 flash_enable_xip_via_boot2();
176 #if PICO_RP2350
177 flash_rp2350_restore_qmi_cs1(&qmi_save);
178 #endif
179 }
180
181 //-----------------------------------------------------------------------------
182 // Lower-level flash access functions
183
184 #if !PICO_NO_FLASH
185 // Bitbanging the chip select using IO overrides, in case RAM-resident IRQs
186 // are still running, and the FIFO bottoms out. (the bootrom does the same)
__no_inline_not_in_flash_func(flash_cs_force)187 static void __no_inline_not_in_flash_func(flash_cs_force)(bool high) {
188 #if PICO_RP2040
189 uint32_t field_val = high ?
190 IO_QSPI_GPIO_QSPI_SS_CTRL_OUTOVER_VALUE_HIGH :
191 IO_QSPI_GPIO_QSPI_SS_CTRL_OUTOVER_VALUE_LOW;
192 hw_write_masked(&io_qspi_hw->io[1].ctrl,
193 field_val << IO_QSPI_GPIO_QSPI_SS_CTRL_OUTOVER_LSB,
194 IO_QSPI_GPIO_QSPI_SS_CTRL_OUTOVER_BITS
195 );
196 #else
197 if (high) {
198 hw_clear_bits(&qmi_hw->direct_csr, QMI_DIRECT_CSR_ASSERT_CS0N_BITS);
199 } else {
200 hw_set_bits(&qmi_hw->direct_csr, QMI_DIRECT_CSR_ASSERT_CS0N_BITS);
201 }
202 #endif
203 }
204
__no_inline_not_in_flash_func(flash_do_cmd)205 void __no_inline_not_in_flash_func(flash_do_cmd)(const uint8_t *txbuf, uint8_t *rxbuf, size_t count) {
206 rom_connect_internal_flash_fn connect_internal_flash_func = (rom_connect_internal_flash_fn)rom_func_lookup_inline(ROM_FUNC_CONNECT_INTERNAL_FLASH);
207 rom_flash_exit_xip_fn flash_exit_xip_func = (rom_flash_exit_xip_fn)rom_func_lookup_inline(ROM_FUNC_FLASH_EXIT_XIP);
208 rom_flash_flush_cache_fn flash_flush_cache_func = (rom_flash_flush_cache_fn)rom_func_lookup_inline(ROM_FUNC_FLASH_FLUSH_CACHE);
209 assert(connect_internal_flash_func && flash_exit_xip_func && flash_flush_cache_func);
210 flash_init_boot2_copyout();
211 xip_cache_clean_all();
212 #if PICO_RP2350
213 flash_rp2350_qmi_save_state_t qmi_save;
214 flash_rp2350_save_qmi_cs1(&qmi_save);
215 #endif
216
217 __compiler_memory_barrier();
218 connect_internal_flash_func();
219 flash_exit_xip_func();
220
221 flash_cs_force(0);
222 size_t tx_remaining = count;
223 size_t rx_remaining = count;
224 #if PICO_RP2040
225 // Synopsys SSI version
226 // We may be interrupted -- don't want FIFO to overflow if we're distracted.
227 const size_t max_in_flight = 16 - 2;
228 while (tx_remaining || rx_remaining) {
229 uint32_t flags = ssi_hw->sr;
230 bool can_put = flags & SSI_SR_TFNF_BITS;
231 bool can_get = flags & SSI_SR_RFNE_BITS;
232 if (can_put && tx_remaining && rx_remaining - tx_remaining < max_in_flight) {
233 ssi_hw->dr0 = *txbuf++;
234 --tx_remaining;
235 }
236 if (can_get && rx_remaining) {
237 *rxbuf++ = (uint8_t)ssi_hw->dr0;
238 --rx_remaining;
239 }
240 }
241 #else
242 // QMI version -- no need to bound FIFO contents as QMI stalls on full DIRECT_RX.
243 hw_set_bits(&qmi_hw->direct_csr, QMI_DIRECT_CSR_EN_BITS);
244 while (tx_remaining || rx_remaining) {
245 uint32_t flags = qmi_hw->direct_csr;
246 bool can_put = !(flags & QMI_DIRECT_CSR_TXFULL_BITS);
247 bool can_get = !(flags & QMI_DIRECT_CSR_RXEMPTY_BITS);
248 if (can_put && tx_remaining) {
249 qmi_hw->direct_tx = *txbuf++;
250 --tx_remaining;
251 }
252 if (can_get && rx_remaining) {
253 *rxbuf++ = (uint8_t)qmi_hw->direct_rx;
254 --rx_remaining;
255 }
256 }
257 hw_clear_bits(&qmi_hw->direct_csr, QMI_DIRECT_CSR_EN_BITS);
258 #endif
259 flash_cs_force(1);
260
261 flash_flush_cache_func();
262 flash_enable_xip_via_boot2();
263 #if PICO_RP2350
264 flash_rp2350_restore_qmi_cs1(&qmi_save);
265 #endif
266 }
267 #endif
268
269 // Use standard RUID command to get a unique identifier for the flash (and
270 // hence the board)
271
272 static_assert(FLASH_UNIQUE_ID_SIZE_BYTES == FLASH_RUID_DATA_BYTES, "");
273
flash_get_unique_id(uint8_t * id_out)274 void flash_get_unique_id(uint8_t *id_out) {
275 #if PICO_NO_FLASH
276 __unused uint8_t *ignore = id_out;
277 panic_unsupported();
278 #else
279 uint8_t txbuf[FLASH_RUID_TOTAL_BYTES] = {0};
280 uint8_t rxbuf[FLASH_RUID_TOTAL_BYTES] = {0};
281 txbuf[0] = FLASH_RUID_CMD;
282 flash_do_cmd(txbuf, rxbuf, FLASH_RUID_TOTAL_BYTES);
283 for (int i = 0; i < FLASH_RUID_DATA_BYTES; i++)
284 id_out[i] = rxbuf[i + 1 + FLASH_RUID_DUMMY_BYTES];
285 #endif
286 }
287
288 #if !PICO_RP2040
289 // This is a static symbol because the layout of FLASH_DEVINFO is liable to change from device to
290 // device, so fields must have getters/setters.
flash_devinfo_ptr(void)291 static io_rw_16 * flash_devinfo_ptr(void) {
292 // Note the lookup returns a pointer to a 32-bit pointer literal in the ROM
293 io_rw_16 **p = (io_rw_16 **) rom_data_lookup(ROM_DATA_FLASH_DEVINFO16_PTR);
294 assert(p);
295 return *p;
296 }
297
flash_devinfo_update_field(uint16_t wdata,uint16_t mask)298 static void flash_devinfo_update_field(uint16_t wdata, uint16_t mask) {
299 // Boot RAM does not support exclusives, but does support RWTYPE SET/CLR/XOR (with byte
300 // strobes). Can't use hw_write_masked because it performs a 32-bit write.
301 io_rw_16 *devinfo = flash_devinfo_ptr();
302 *hw_xor_alias(devinfo) = (*devinfo ^ wdata) & mask;
303 }
304
305 // This is a RAM function because may be called during flash programming to enable save/restore of
306 // QMI window 1 registers on RP2350:
__no_inline_not_in_flash_func(flash_devinfo_get_cs_size)307 flash_devinfo_size_t __no_inline_not_in_flash_func(flash_devinfo_get_cs_size)(uint cs) {
308 invalid_params_if(HARDWARE_FLASH, cs > 1);
309 io_ro_16 *devinfo = (io_ro_16 *) flash_devinfo_ptr();
310 if (cs == 0u) {
311 #ifdef PICO_FLASH_SIZE_BYTES
312 // A flash size explicitly specified for the build (e.g. from the board header) takes
313 // precedence over whatever was found in OTP. Not using flash_devinfo_bytes_to_size() as
314 // the call could be outlined, and this code must be in RAM.
315 if (PICO_FLASH_SIZE_BYTES == 0) {
316 return FLASH_DEVINFO_SIZE_NONE;
317 } else {
318 return (flash_devinfo_size_t) (
319 __builtin_ctz(PICO_FLASH_SIZE_BYTES / 8192u) + (uint)FLASH_DEVINFO_SIZE_8K
320 );
321 }
322 #else
323 return (flash_devinfo_size_t) (
324 (*devinfo & OTP_DATA_FLASH_DEVINFO_CS0_SIZE_BITS) >> OTP_DATA_FLASH_DEVINFO_CS0_SIZE_LSB
325 );
326 #endif
327 } else {
328 return (flash_devinfo_size_t) (
329 (*devinfo & OTP_DATA_FLASH_DEVINFO_CS1_SIZE_BITS) >> OTP_DATA_FLASH_DEVINFO_CS1_SIZE_LSB
330 );
331 }
332 }
333
flash_devinfo_set_cs_size(uint cs,flash_devinfo_size_t size)334 void flash_devinfo_set_cs_size(uint cs, flash_devinfo_size_t size) {
335 invalid_params_if(HARDWARE_FLASH, cs > 1);
336 invalid_params_if(HARDWARE_FLASH, (uint)size > (uint)FLASH_DEVINFO_SIZE_MAX);
337 uint cs_shift = cs == 0u ? OTP_DATA_FLASH_DEVINFO_CS0_SIZE_LSB : OTP_DATA_FLASH_DEVINFO_CS1_SIZE_LSB;
338 uint16_t cs_mask = OTP_DATA_FLASH_DEVINFO_CS0_SIZE_BITS >> OTP_DATA_FLASH_DEVINFO_CS0_SIZE_LSB;
339 flash_devinfo_update_field(
340 (uint16_t)size << cs_shift,
341 cs_mask << cs_shift
342 );
343 }
344
flash_devinfo_get_d8h_erase_supported(void)345 bool flash_devinfo_get_d8h_erase_supported(void) {
346 return *flash_devinfo_ptr() & OTP_DATA_FLASH_DEVINFO_D8H_ERASE_SUPPORTED_BITS;
347 }
348
flash_devinfo_set_d8h_erase_supported(bool supported)349 void flash_devinfo_set_d8h_erase_supported(bool supported) {
350 flash_devinfo_update_field(
351 (uint)supported << OTP_DATA_FLASH_DEVINFO_D8H_ERASE_SUPPORTED_LSB,
352 OTP_DATA_FLASH_DEVINFO_D8H_ERASE_SUPPORTED_BITS
353 );
354 }
355
flash_devinfo_get_cs_gpio(uint cs)356 uint flash_devinfo_get_cs_gpio(uint cs) {
357 invalid_params_if(HARDWARE_FLASH, cs != 1);
358 (void)cs;
359 return (*flash_devinfo_ptr() & OTP_DATA_FLASH_DEVINFO_CS1_GPIO_BITS) >> OTP_DATA_FLASH_DEVINFO_CS1_GPIO_LSB;
360 }
361
flash_devinfo_set_cs_gpio(uint cs,uint gpio)362 void flash_devinfo_set_cs_gpio(uint cs, uint gpio) {
363 invalid_params_if(HARDWARE_FLASH, cs != 1);
364 invalid_params_if(HARDWARE_FLASH, gpio >= NUM_BANK0_GPIOS);
365 (void)cs;
366 flash_devinfo_update_field(
367 ((uint16_t)gpio) << OTP_DATA_FLASH_DEVINFO_CS1_GPIO_LSB,
368 OTP_DATA_FLASH_DEVINFO_CS1_GPIO_BITS
369 );
370 }
371
372 #endif // !PICO_RP2040
373
