1 /*
2 * SPDX-FileCopyrightText: 2016 Cesanta Software Limited
3 *
4 * SPDX-License-Identifier: GPL-2.0-or-later
5 *
6 * SPDX-FileContributor: 2016-2022 Espressif Systems (Shanghai) CO LTD
7 */
8
9 #include "soc_support.h"
10 #include "stub_write_flash.h"
11 #include "stub_flasher.h"
12 #include "rom_functions.h"
13 #include "miniz.h"
14
15 /* local flashing state
16
17 This is wrapped in a structure because gcc 4.8
18 generates significantly more code for ESP32
19 if they are static variables (literal pool, I think!)
20 */
21 static struct {
22 /* set by flash_begin, cleared by flash_end */
23 bool in_flash_mode;
24 /* offset of next SPI write */
25 uint32_t next_write;
26 /* sector number for next erase */
27 int next_erase_sector;
28 /* number of output bytes remaining to write */
29 uint32_t remaining;
30 /* number of sectors remaining to erase */
31 int remaining_erase_sector;
32 /* last error generated by a data packet */
33 esp_command_error last_error;
34
35 /* inflator state for deflate write */
36 tinfl_decompressor inflator;
37 /* number of compressed bytes remaining to read */
38 uint32_t remaining_compressed;
39 } fs;
40
41 /* SPI status bits */
42 static const uint32_t STATUS_WIP_BIT = (1 << 0);
43 #if ESP32_OR_LATER
44 static const uint32_t STATUS_QIE_BIT = (1 << 9); /* Quad Enable */
45 #endif
46
is_in_flash_mode(void)47 bool is_in_flash_mode(void)
48 {
49 return fs.in_flash_mode;
50 }
51
get_flash_error(void)52 esp_command_error get_flash_error(void)
53 {
54 return fs.last_error;
55 }
56
57 /* Wait for the SPI state machine to be ready,
58 ie no command in progress in the internal host.
59 */
spi_wait_ready(void)60 inline static void spi_wait_ready(void)
61 {
62 /* Wait for SPI state machine ready */
63 while((READ_REG(SPI_EXT2_REG) & SPI_ST))
64 { }
65 #if ESP32_OR_LATER
66 while(READ_REG(SPI0_EXT2_REG) & SPI_ST)
67 { }
68 #endif
69 }
70
71 /* Returns true if the spiflash is ready for its next write
72 operation.
73
74 Doesn't block, except for the SPI state machine to finish
75 any previous SPI host operation.
76 */
spiflash_is_ready(void)77 static bool spiflash_is_ready(void)
78 {
79 spi_wait_ready();
80 WRITE_REG(SPI_RD_STATUS_REG, 0);
81 /* Issue read status command */
82 WRITE_REG(SPI_CMD_REG, SPI_FLASH_RDSR);
83 while(READ_REG(SPI_CMD_REG) != 0)
84 { }
85 uint32_t status_value = READ_REG(SPI_RD_STATUS_REG);
86 return (status_value & STATUS_WIP_BIT) == 0;
87 }
88
spi_write_enable(void)89 static void spi_write_enable(void)
90 {
91 while(!spiflash_is_ready())
92 { }
93 WRITE_REG(SPI_CMD_REG, SPI_FLASH_WREN);
94 while(READ_REG(SPI_CMD_REG) != 0)
95 { }
96 }
97
98 #if ESP32_OR_LATER
99 static esp_rom_spiflash_chip_t *flashchip = (esp_rom_spiflash_chip_t *)ROM_SPIFLASH_LEGACY;
100
101 /* Stub version of SPIUnlock() that replaces version in ROM.
102
103 This works around a bug where SPIUnlock sometimes reads the wrong
104 high status byte (RDSR2 result) and then copies it back to the
105 flash status, causing lock bit CMP or Status Register Protect ` to
106 become set.
107 */
SPIUnlock(void)108 SpiFlashOpResult SPIUnlock(void)
109 {
110 uint32_t status;
111
112 spi_wait_ready(); /* ROM SPI_read_status_high() doesn't wait for this */
113 #if ESP32S2_OR_LATER
114 if (SPI_read_status_high(flashchip, &status) != SPI_FLASH_RESULT_OK) {
115 return SPI_FLASH_RESULT_ERR;
116 }
117 #else
118 if (SPI_read_status_high(&status) != SPI_FLASH_RESULT_OK) {
119 return SPI_FLASH_RESULT_ERR;
120 }
121 #endif // ESP32S2_OR_LATER
122
123 /* Clear all bits except QIE, if it is set.
124 (This is different from ROM SPIUnlock, which keeps all bits as-is.)
125 */
126 status &= STATUS_QIE_BIT;
127
128 spi_write_enable();
129
130 REG_SET_MASK(SPI_CTRL_REG, SPI_WRSR_2B);
131 if (SPI_write_status(flashchip, status) != SPI_FLASH_RESULT_OK) {
132 return SPI_FLASH_RESULT_ERR;
133 }
134
135 return SPI_FLASH_RESULT_OK;
136 }
137 #endif // ESP32_OR_LATER
138
139 #if defined(ESP32S3) && !defined(ESP32S3BETA2)
page_program_internal(int spi_num,uint32_t spi_addr,uint8_t * addr_source,uint32_t byte_length)140 static esp_rom_spiflash_result_t page_program_internal(int spi_num, uint32_t spi_addr, uint8_t* addr_source, uint32_t byte_length)
141 {
142 uint32_t temp_addr;
143 int32_t temp_bl;
144 esp_rom_opiflash_wait_idle();
145 temp_addr = spi_addr;
146 temp_bl = byte_length;
147 uint32_t temp_len = 0;
148
149 const uint16_t cmd = CMD_PROGRAM_PAGE_4B;
150 uint8_t cmd_len = 8;
151 int dummy = 0;
152
153 while (temp_bl > 0 ) {
154 esp_rom_opiflash_wren();
155 temp_len = (temp_bl >= 32) ? 32 : temp_bl; //32 = write_sub_len
156 esp_rom_opiflash_exec_cmd(spi_num, SPI_FLASH_FASTRD_MODE,
157 cmd, cmd_len,
158 temp_addr, 32,
159 dummy,
160 addr_source, 8 * temp_len,
161 NULL, 0,
162 ESP_ROM_OPIFLASH_SEL_CS0,
163 true);
164 esp_rom_opiflash_wait_idle();
165 addr_source += temp_len;
166 temp_addr += temp_len;
167 temp_bl -= temp_len;
168 }
169 return ESP_ROM_SPIFLASH_RESULT_OK;
170 }
171 #endif // ESP32S3
172
173 #if defined(ESP32S3) && !defined(ESP32S3BETA2)
SPIWrite4B(int spi_num,uint32_t target,uint8_t * src_addr,int32_t len)174 static esp_rom_spiflash_result_t SPIWrite4B(int spi_num, uint32_t target, uint8_t *src_addr, int32_t len)
175 {
176 uint32_t page_size = 256;
177 uint32_t pgm_len, pgm_num;
178 uint8_t i;
179
180 esp_rom_opiflash_wait_idle();
181 pgm_len = page_size - (target % page_size);
182 if (len < pgm_len) {
183 page_program_internal(spi_num, target, src_addr, len);
184 } else {
185 page_program_internal(spi_num, target, src_addr, pgm_len);
186 //whole page program
187 pgm_num = (len - pgm_len) / page_size;
188 for (i = 0; i < pgm_num; i++) {
189 page_program_internal(spi_num, target + pgm_len, (src_addr + pgm_len), page_size);
190 pgm_len += page_size;
191 }
192 //remain parts to program
193 page_program_internal(spi_num, target + pgm_len, (src_addr + pgm_len), len - pgm_len);
194 }
195 esp_rom_opiflash_wait_idle();
196 return ESP_ROM_SPIFLASH_RESULT_OK;
197 }
198 #endif // defined(ESP32S3) && !defined(ESP32S3BETA2)
199
handle_flash_begin(uint32_t total_size,uint32_t offset)200 esp_command_error handle_flash_begin(uint32_t total_size, uint32_t offset) {
201 fs.in_flash_mode = true;
202 fs.next_write = offset;
203 fs.next_erase_sector = offset / FLASH_SECTOR_SIZE;
204 fs.remaining = total_size;
205 fs.remaining_erase_sector = ((offset % FLASH_SECTOR_SIZE) + total_size + FLASH_SECTOR_SIZE - 1) / FLASH_SECTOR_SIZE;
206 fs.last_error = ESP_OK;
207
208 #if defined(ESP32S3) && !defined(ESP32S3BETA2)
209 if (large_flash_mode) {
210 esp_rom_opiflash_wait_idle();
211 } else {
212 if (SPIUnlock() != 0) {
213 return ESP_FAILED_SPI_UNLOCK;
214 }
215 }
216 #else
217 if (SPIUnlock() != 0) {
218 return ESP_FAILED_SPI_UNLOCK;
219 }
220 #endif //defined(ESP32S3) and !defined(ESP32S3BETA2)
221
222 return ESP_OK;
223 }
224
handle_flash_deflated_begin(uint32_t uncompressed_size,uint32_t compressed_size,uint32_t offset)225 esp_command_error handle_flash_deflated_begin(uint32_t uncompressed_size, uint32_t compressed_size, uint32_t offset) {
226 esp_command_error err = handle_flash_begin(uncompressed_size, offset);
227 tinfl_init(&fs.inflator);
228 fs.remaining_compressed = compressed_size;
229 return err;
230 }
231
232 /* Erase the next sector or block (depending if we're at a block boundary).
233
234 Updates fs.next_erase_sector & fs.remaining_erase_sector on success.
235
236 If nothing left to erase, returns immediately.
237
238 Returns immediately if SPI flash not yet ready for a write operation.
239
240 Does not wait for the erase to complete - the next SPI operation
241 should check if a write operation is currently in progress.
242 */
start_next_erase(void)243 static void start_next_erase(void)
244 {
245 bool block_erase = false;
246
247 if(fs.remaining_erase_sector == 0)
248 return; /* nothing left to erase */
249 if(!spiflash_is_ready())
250 return; /* don't wait for flash to be ready, caller will call again if needed */
251
252 if(fs.remaining_erase_sector >= SECTORS_PER_BLOCK
253 && fs.next_erase_sector % SECTORS_PER_BLOCK == 0) {
254 /* perform a 64KB block erase if we have space for it */
255 block_erase = true;
256 }
257
258 spi_write_enable();
259 spi_wait_ready();
260 #if defined(ESP32S3) && !defined(ESP32S3BETA2)
261 if (large_flash_mode) {
262 if (block_erase) {
263 if (fs.next_erase_sector * FLASH_SECTOR_SIZE < (1 << 24)) {
264 esp_rom_opiflash_wait_idle();
265 esp_rom_opiflash_wren();
266
267 esp_rom_opiflash_exec_cmd(1, SPI_FLASH_SLOWRD_MODE,
268 CMD_LARGE_BLOCK_ERASE, 8,
269 fs.next_erase_sector * FLASH_SECTOR_SIZE, 24,
270 0,
271 NULL, 0,
272 NULL, 0,
273 1,
274 true);
275 esp_rom_opiflash_wait_idle();
276 } else {
277 esp_rom_opiflash_erase_block_64k(fs.next_erase_sector / SECTORS_PER_BLOCK);
278 }
279 }
280 else {
281 if (fs.next_erase_sector * FLASH_SECTOR_SIZE < (1 << 24)) {
282 esp_rom_opiflash_wait_idle();
283 esp_rom_opiflash_wren();
284
285 esp_rom_opiflash_exec_cmd(1, SPI_FLASH_SLOWRD_MODE,
286 CMD_SECTOR_ERASE, 8,
287 fs.next_erase_sector * FLASH_SECTOR_SIZE, 24,
288 0,
289 NULL, 0,
290 NULL, 0,
291 1,
292 true);
293 esp_rom_opiflash_wait_idle();
294 } else {
295 esp_rom_opiflash_erase_sector(fs.next_erase_sector);
296 }
297 }
298 } else {
299 uint32_t addr = fs.next_erase_sector * FLASH_SECTOR_SIZE;
300 uint32_t command = block_erase ? SPI_FLASH_BE : SPI_FLASH_SE; /* block erase, 64KB : sector erase, 4KB */
301 WRITE_REG(SPI_ADDR_REG, addr & 0xffffff);
302 WRITE_REG(SPI_CMD_REG, command);
303 while(READ_REG(SPI_CMD_REG) != 0) { }
304 }
305 #else
306 uint32_t addr = fs.next_erase_sector * FLASH_SECTOR_SIZE;
307 uint32_t command = block_erase ? SPI_FLASH_BE : SPI_FLASH_SE; /* block erase, 64KB : sector erase, 4KB */
308 WRITE_REG(SPI_ADDR_REG, addr & 0xffffff);
309 WRITE_REG(SPI_CMD_REG, command);
310 while(READ_REG(SPI_CMD_REG) != 0) { }
311 #endif // defined(ESP32S3) && !defined(ESP32S3BETA2)
312
313 uint32_t sectors_to_erase = block_erase ? SECTORS_PER_BLOCK : 1;
314 fs.remaining_erase_sector -= sectors_to_erase;
315 fs.next_erase_sector += sectors_to_erase;
316 }
317
318 /* Write data to flash (either direct for non-compressed upload, or
319 freshly decompressed.) Erases as it goes.
320
321 Updates fs.remaining_erase_sector, fs.next_write, and fs.remaining
322 */
handle_flash_data(void * data_buf,uint32_t length)323 void handle_flash_data(void *data_buf, uint32_t length) {
324 int last_sector;
325 uint8_t res = 0;
326
327 if (length > fs.remaining) {
328 /* Trim the final block, as it may have padding beyond
329 the length we are writing */
330 length = fs.remaining;
331 }
332
333 if (length == 0) {
334 return;
335 }
336
337 /* what sector is this write going to end in?
338 make sure we've erased at least that far.
339 */
340 last_sector = (fs.next_write + length) / FLASH_SECTOR_SIZE;
341 while(fs.remaining_erase_sector > 0 && fs.next_erase_sector <= last_sector) {
342 start_next_erase();
343 }
344 while(!spiflash_is_ready())
345 {}
346
347 /* do the actual write */
348 #if defined(ESP32S3) && !defined(ESP32S3BETA2)
349 if (large_flash_mode){
350 res = SPIWrite4B(1, fs.next_write, data_buf, length);
351 } else {
352 res = SPIWrite(fs.next_write, data_buf, length);
353 }
354 #else
355 res = SPIWrite(fs.next_write, data_buf, length);
356 #endif // defined(ESP32S3) && !defined(ESP32S3BETA2)
357 if (res != 0)
358 fs.last_error = ESP_FAILED_SPI_OP;
359 fs.next_write += length;
360 fs.remaining -= length;
361 }
362
363 #if !ESP8266
364 /* Write encrypted data to flash (either direct for non-compressed upload, or
365 freshly decompressed.) Erases as it goes.
366
367 Updates fs.remaining_erase_sector, fs.next_write, and fs.remaining
368 */
handle_flash_encrypt_data(void * data_buf,uint32_t length)369 void handle_flash_encrypt_data(void *data_buf, uint32_t length) {
370 int last_sector;
371 int res;
372
373 #if ESP32S2_OR_LATER
374 SPI_Write_Encrypt_Enable();
375 #endif
376
377 if (length > fs.remaining) {
378 /* Trim the final block, as it may have padding beyond
379 the length we are writing */
380 length = fs.remaining;
381 }
382
383 if (length == 0) {
384 return;
385 }
386
387 /* what sector is this write going to end in?
388 make sure we've erased at least that far.
389 */
390 last_sector = (fs.next_write + length) / FLASH_SECTOR_SIZE;
391 while(fs.remaining_erase_sector > 0 && fs.next_erase_sector <= last_sector) {
392 start_next_erase();
393 }
394 while(!spiflash_is_ready())
395 {}
396
397 /* do the actual write */
398 #if ESP32
399 res = esp_rom_spiflash_write_encrypted(fs.next_write, data_buf, length);
400 #else
401 res = SPI_Encrypt_Write(fs.next_write, data_buf, length);
402 #endif
403
404 if (res) {
405 fs.last_error = ESP_FAILED_SPI_OP;
406 }
407 fs.next_write += length;
408 fs.remaining -= length;
409
410 #if ESP32S2_OR_LATER
411 SPI_Write_Encrypt_Disable();
412 #endif
413 }
414
415 #endif // !ESP8266
416
handle_flash_deflated_data(void * data_buf,uint32_t length)417 void handle_flash_deflated_data(void *data_buf, uint32_t length) {
418 /* if all data has been uploaded and another block comes,
419 accept it only if it is part of a 4-byte Adler-32 checksum */
420 if (fs.remaining == 0 && length > 4) {
421 fs.last_error = ESP_TOO_MUCH_DATA;
422 return;
423 }
424
425 static uint8_t out_buf[32768];
426 static uint8_t *next_out = out_buf;
427 int status = TINFL_STATUS_NEEDS_MORE_INPUT;
428
429 while(length > 0 && fs.remaining > 0 && status > TINFL_STATUS_DONE) {
430 size_t in_bytes = length; /* input remaining */
431 size_t out_bytes = out_buf + sizeof(out_buf) - next_out; /* output space remaining */
432 int flags = TINFL_FLAG_PARSE_ZLIB_HEADER;
433 if(fs.remaining_compressed > length) {
434 flags |= TINFL_FLAG_HAS_MORE_INPUT;
435 }
436
437 /* start an opportunistic erase: decompressing takes time, so might as
438 well be running a SPI erase in the background. */
439 start_next_erase();
440
441 status = tinfl_decompress(&fs.inflator, data_buf, &in_bytes,
442 out_buf, next_out, &out_bytes,
443 flags);
444
445 fs.remaining_compressed -= in_bytes;
446 length -= in_bytes;
447 data_buf += in_bytes;
448
449 next_out += out_bytes;
450 size_t bytes_in_out_buf = next_out - out_buf;
451 if (status == TINFL_STATUS_DONE || bytes_in_out_buf == sizeof(out_buf)) {
452 // Output buffer full, or done
453 handle_flash_data(out_buf, bytes_in_out_buf);
454 next_out = out_buf;
455 }
456 } // while
457
458 if (status < TINFL_STATUS_DONE) {
459 /* error won't get sent back to esptool.py until next block is sent */
460 fs.last_error = ESP_INFLATE_ERROR;
461 }
462
463 if (status == TINFL_STATUS_DONE && fs.remaining > 0) {
464 fs.last_error = ESP_NOT_ENOUGH_DATA;
465 }
466 }
467
handle_flash_end(void)468 esp_command_error handle_flash_end(void)
469 {
470 if (!fs.in_flash_mode) {
471 return ESP_NOT_IN_FLASH_MODE;
472 }
473
474 if (fs.remaining > 0) {
475 return ESP_NOT_ENOUGH_DATA;
476 }
477
478 fs.in_flash_mode = false;
479 return fs.last_error;
480 }
481
