1 /*
2 * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6 #include <stddef.h>
7
8 #include <bootloader_flash_priv.h>
9 #include <esp_log.h>
10 #include <esp_flash_encrypt.h>
11 #include "sdkconfig.h"
12 #include "soc/soc_caps.h"
13
14 #if CONFIG_IDF_TARGET_ESP32
15 # include "soc/spi_struct.h"
16 # include "soc/spi_reg.h"
17 /* SPI flash controller */
18 # define SPIFLASH SPI1
19 #else
20 # include "soc/spi_mem_struct.h"
21 # include "soc/spi_mem_reg.h"
22 /* SPI flash controller */
23 # define SPIFLASH SPIMEM1
24 #endif
25
26 #if CONFIG_IDF_TARGET_ESP32
27 #include "esp32/rom/spi_flash.h"
28 #elif CONFIG_IDF_TARGET_ESP32S2
29 #include "esp32s2/rom/spi_flash.h"
30 #elif CONFIG_IDF_TARGET_ESP32S3
31 #include "esp32s3/rom/spi_flash.h"
32 #elif CONFIG_IDF_TARGET_ESP32C3
33 #include "esp32c3/rom/spi_flash.h"
34 #elif CONFIG_IDF_TARGET_ESP32H2
35 #include "esp32h2/rom/spi_flash.h"
36 #endif
37
38 #ifdef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
39 #define ENCRYPTION_IS_VIRTUAL 1
40 #else
41 #define ENCRYPTION_IS_VIRTUAL 0
42 #endif
43
44 #define BYTESHIFT(VAR, IDX) (((VAR) >> ((IDX) * 8)) & 0xFF)
45 #define ISSI_ID 0x9D
46 #define MXIC_ID 0xC2
47 #define GD_Q_ID_HIGH 0xC8
48 #define GD_Q_ID_MID 0x40
49 #define GD_Q_ID_LOW 0x16
50
51 #define ESP_BOOTLOADER_SPIFLASH_BP_MASK_ISSI (BIT7 | BIT5 | BIT4 | BIT3 | BIT2)
52 #define ESP_BOOTLOADER_SPIFLASH_QE_GD_SR2 BIT1 // QE position when you write 8 bits(for SR2) at one time.
53 #define ESP_BOOTLOADER_SPIFLASH_QE_SR1_2BYTE BIT9 // QE position when you write 16 bits at one time.
54
55
56 #ifndef BOOTLOADER_BUILD
57 /* Normal app version maps to esp_spi_flash.h operations...
58 */
59 static const char *TAG = "bootloader_mmap";
60
61 static spi_flash_mmap_handle_t map;
62
bootloader_mmap_get_free_pages(void)63 uint32_t bootloader_mmap_get_free_pages(void)
64 {
65 return spi_flash_mmap_get_free_pages(SPI_FLASH_MMAP_DATA);
66 }
67
bootloader_mmap(uint32_t src_addr,uint32_t size)68 const void *bootloader_mmap(uint32_t src_addr, uint32_t size)
69 {
70 if (map) {
71 ESP_LOGE(TAG, "tried to bootloader_mmap twice");
72 return NULL; /* existing mapping in use... */
73 }
74 const void *result = NULL;
75 uint32_t src_page = src_addr & ~(SPI_FLASH_MMU_PAGE_SIZE - 1);
76 size += (src_addr - src_page);
77 esp_err_t err = spi_flash_mmap(src_page, size, SPI_FLASH_MMAP_DATA, &result, &map);
78 if (err != ESP_OK) {
79 ESP_LOGE(TAG, "spi_flash_mmap failed: 0x%x", err);
80 return NULL;
81 }
82 return (void *)((intptr_t)result + (src_addr - src_page));
83 }
84
bootloader_munmap(const void * mapping)85 void bootloader_munmap(const void *mapping)
86 {
87 if (mapping && map) {
88 spi_flash_munmap(map);
89 }
90 map = 0;
91 }
92
bootloader_flash_read(size_t src,void * dest,size_t size,bool allow_decrypt)93 esp_err_t bootloader_flash_read(size_t src, void *dest, size_t size, bool allow_decrypt)
94 {
95 if (allow_decrypt && esp_flash_encryption_enabled()) {
96 return spi_flash_read_encrypted(src, dest, size);
97 } else {
98 return spi_flash_read(src, dest, size);
99 }
100 }
101
bootloader_flash_write(size_t dest_addr,void * src,size_t size,bool write_encrypted)102 esp_err_t bootloader_flash_write(size_t dest_addr, void *src, size_t size, bool write_encrypted)
103 {
104 if (write_encrypted && !ENCRYPTION_IS_VIRTUAL) {
105 #if CONFIG_IDF_TARGET_ESP32
106 return spi_flash_write_encrypted(dest_addr, src, size);
107 #else
108 return esp_rom_spiflash_write_encrypted(dest_addr, src, size);
109 #endif
110 } else {
111 return spi_flash_write(dest_addr, src, size);
112 }
113 }
114
bootloader_flash_erase_sector(size_t sector)115 esp_err_t bootloader_flash_erase_sector(size_t sector)
116 {
117 return spi_flash_erase_sector(sector);
118 }
119
bootloader_flash_erase_range(uint32_t start_addr,uint32_t size)120 esp_err_t bootloader_flash_erase_range(uint32_t start_addr, uint32_t size)
121 {
122 return spi_flash_erase_range(start_addr, size);
123 }
124
125 #else //BOOTLOADER_BUILD
126 /* Bootloader version, uses ROM functions only */
127 #if CONFIG_IDF_TARGET_ESP32
128 #include "esp32/rom/spi_flash.h"
129 #include "esp32/rom/cache.h"
130 #elif CONFIG_IDF_TARGET_ESP32S2
131 #include "esp32s2/rom/spi_flash.h"
132 #include "esp32s2/rom/cache.h"
133 #include "soc/cache_memory.h"
134 #elif CONFIG_IDF_TARGET_ESP32S3
135 #include "esp32s3/rom/spi_flash.h"
136 #include "esp32s3/rom/cache.h"
137 #include "soc/cache_memory.h"
138 #elif CONFIG_IDF_TARGET_ESP32C3
139 #include "esp32c3/rom/spi_flash.h"
140 #include "esp32c3/rom/cache.h"
141 #include "soc/cache_memory.h"
142 #elif CONFIG_IDF_TARGET_ESP32H2
143 #include "esp32h2/rom/spi_flash.h"
144 #include "esp32h2/rom/cache.h"
145 #include "soc/cache_memory.h"
146 #endif
147 static const char *TAG = "bootloader_flash";
148
149 #if CONFIG_IDF_TARGET_ESP32
150 /* Use first 50 blocks in MMU for bootloader_mmap,
151 50th block for bootloader_flash_read
152 */
153 #define MMU_BLOCK0_VADDR SOC_DROM_LOW
154 #define MMU_SIZE (0x320000)
155 #define MMU_BLOCK50_VADDR (MMU_BLOCK0_VADDR + MMU_SIZE)
156 #define FLASH_READ_VADDR MMU_BLOCK50_VADDR
157
158 #else // !CONFIG_IDF_TARGET_ESP32
159
160 /* Use first 63 blocks in MMU for bootloader_mmap,
161 63th block for bootloader_flash_read
162 */
163 #define MMU_BLOCK0_VADDR SOC_DROM_LOW
164 #define MMU_SIZE (0x3f0000)
165 #define MMU_BLOCK63_VADDR (MMU_BLOCK0_VADDR + MMU_SIZE)
166 #define FLASH_READ_VADDR MMU_BLOCK63_VADDR
167 #endif
168
169 #define MMU_FREE_PAGES (MMU_SIZE / FLASH_BLOCK_SIZE)
170
171 static bool mapped;
172
173 // Current bootloader mapping (ab)used for bootloader_read()
174 static uint32_t current_read_mapping = UINT32_MAX;
175
bootloader_mmap_get_free_pages(void)176 uint32_t bootloader_mmap_get_free_pages(void)
177 {
178 /**
179 * Allow mapping up to 50 of the 51 available MMU blocks (last one used for reads)
180 * Since, bootloader_mmap function below assumes it to be 0x320000 (50 pages), we can safely do this.
181 */
182 return MMU_FREE_PAGES;
183 }
184
bootloader_mmap(uint32_t src_addr,uint32_t size)185 const void *bootloader_mmap(uint32_t src_addr, uint32_t size)
186 {
187 if (mapped) {
188 ESP_LOGE(TAG, "tried to bootloader_mmap twice");
189 return NULL; /* can't map twice */
190 }
191 if (size > MMU_SIZE) {
192 ESP_LOGE(TAG, "bootloader_mmap excess size by %d bytes", size);
193 return NULL;
194 }
195
196 uint32_t src_addr_aligned = src_addr & MMU_FLASH_MASK;
197 uint32_t count = bootloader_cache_pages_to_map(size, src_addr);
198 #if CONFIG_IDF_TARGET_ESP32
199 Cache_Read_Disable(0);
200 Cache_Flush(0);
201 #elif CONFIG_IDF_TARGET_ESP32S2
202 uint32_t autoload = Cache_Suspend_ICache();
203 Cache_Invalidate_ICache_All();
204 #elif CONFIG_IDF_TARGET_ESP32S3
205 uint32_t autoload = Cache_Suspend_DCache();
206 Cache_Invalidate_DCache_All();
207 #elif CONFIG_IDF_TARGET_ESP32C3
208 uint32_t autoload = Cache_Suspend_ICache();
209 Cache_Invalidate_ICache_All();
210 #elif CONFIG_IDF_TARGET_ESP32H2
211 uint32_t autoload = Cache_Suspend_ICache();
212 Cache_Invalidate_ICache_All();
213 #endif
214 ESP_LOGD(TAG, "mmu set paddr=%08x count=%d size=%x src_addr=%x src_addr_aligned=%x",
215 src_addr & MMU_FLASH_MASK, count, size, src_addr, src_addr_aligned );
216 #if CONFIG_IDF_TARGET_ESP32
217 int e = cache_flash_mmu_set(0, 0, MMU_BLOCK0_VADDR, src_addr_aligned, 64, count);
218 #elif CONFIG_IDF_TARGET_ESP32S2
219 int e = Cache_Ibus_MMU_Set(MMU_ACCESS_FLASH, MMU_BLOCK0_VADDR, src_addr_aligned, 64, count, 0);
220 #else // S3, C3, H2
221 int e = Cache_Dbus_MMU_Set(MMU_ACCESS_FLASH, MMU_BLOCK0_VADDR, src_addr_aligned, 64, count, 0);
222 #endif
223 if (e != 0) {
224 ESP_LOGE(TAG, "cache_flash_mmu_set failed: %d\n", e);
225 #if CONFIG_IDF_TARGET_ESP32
226 Cache_Read_Enable(0);
227 #elif CONFIG_IDF_TARGET_ESP32S2
228 Cache_Resume_ICache(autoload);
229 #elif CONFIG_IDF_TARGET_ESP32S3
230 Cache_Resume_DCache(autoload);
231 #elif CONFIG_IDF_TARGET_ESP32C3
232 Cache_Resume_ICache(autoload);
233 #elif CONFIG_IDF_TARGET_ESP32H2
234 Cache_Resume_ICache(autoload);
235 #endif
236 return NULL;
237 }
238 #if CONFIG_IDF_TARGET_ESP32
239 Cache_Read_Enable(0);
240 #elif CONFIG_IDF_TARGET_ESP32S2
241 Cache_Resume_ICache(autoload);
242 #elif CONFIG_IDF_TARGET_ESP32S3
243 Cache_Resume_DCache(autoload);
244 #elif CONFIG_IDF_TARGET_ESP32C3
245 Cache_Resume_ICache(autoload);
246 #elif CONFIG_IDF_TARGET_ESP32H2
247 Cache_Resume_ICache(autoload);
248 #endif
249
250 mapped = true;
251
252 return (void *)(MMU_BLOCK0_VADDR + (src_addr - src_addr_aligned));
253 }
254
bootloader_munmap(const void * mapping)255 void bootloader_munmap(const void *mapping)
256 {
257 if (mapped) {
258 #if CONFIG_IDF_TARGET_ESP32
259 /* Full MMU reset */
260 Cache_Read_Disable(0);
261 Cache_Flush(0);
262 mmu_init(0);
263 #elif CONFIG_IDF_TARGET_ESP32S2
264 //TODO, save the autoload value.
265 Cache_Suspend_ICache();
266 Cache_Invalidate_ICache_All();
267 Cache_MMU_Init();
268 #elif CONFIG_IDF_TARGET_ESP32S3
269 Cache_Suspend_DCache();
270 Cache_Invalidate_DCache_All();
271 Cache_MMU_Init();
272 #elif CONFIG_IDF_TARGET_ESP32C3
273 //TODO, save the autoload value.
274 Cache_Suspend_ICache();
275 Cache_Invalidate_ICache_All();
276 Cache_MMU_Init();
277 #elif CONFIG_IDF_TARGET_ESP32H2
278 Cache_Suspend_ICache();
279 Cache_Invalidate_ICache_All();
280 Cache_MMU_Init();
281 #endif
282 mapped = false;
283 current_read_mapping = UINT32_MAX;
284 }
285 }
286
spi_to_esp_err(esp_rom_spiflash_result_t r)287 static esp_err_t spi_to_esp_err(esp_rom_spiflash_result_t r)
288 {
289 switch (r) {
290 case ESP_ROM_SPIFLASH_RESULT_OK:
291 return ESP_OK;
292 case ESP_ROM_SPIFLASH_RESULT_ERR:
293 return ESP_ERR_FLASH_OP_FAIL;
294 case ESP_ROM_SPIFLASH_RESULT_TIMEOUT:
295 return ESP_ERR_FLASH_OP_TIMEOUT;
296 default:
297 return ESP_FAIL;
298 }
299 }
300
bootloader_flash_read_no_decrypt(size_t src_addr,void * dest,size_t size)301 static esp_err_t bootloader_flash_read_no_decrypt(size_t src_addr, void *dest, size_t size)
302 {
303 #if CONFIG_IDF_TARGET_ESP32
304 Cache_Read_Disable(0);
305 Cache_Flush(0);
306 #elif CONFIG_IDF_TARGET_ESP32S2
307 uint32_t autoload = Cache_Suspend_ICache();
308 #elif CONFIG_IDF_TARGET_ESP32S3
309 uint32_t autoload = Cache_Suspend_DCache();
310 #elif CONFIG_IDF_TARGET_ESP32C3
311 uint32_t autoload = Cache_Suspend_ICache();
312 #elif CONFIG_IDF_TARGET_ESP32H2
313 uint32_t autoload = Cache_Suspend_ICache();
314 #endif
315 esp_rom_spiflash_result_t r = esp_rom_spiflash_read(src_addr, dest, size);
316 #if CONFIG_IDF_TARGET_ESP32
317 Cache_Read_Enable(0);
318 #elif CONFIG_IDF_TARGET_ESP32S2
319 Cache_Resume_ICache(autoload);
320 #elif CONFIG_IDF_TARGET_ESP32S3
321 Cache_Resume_DCache(autoload);
322 #elif CONFIG_IDF_TARGET_ESP32C3
323 Cache_Resume_ICache(autoload);
324 #elif CONFIG_IDF_TARGET_ESP32H2
325 Cache_Resume_ICache(autoload);
326 #endif
327
328 return spi_to_esp_err(r);
329 }
330
bootloader_flash_read_allow_decrypt(size_t src_addr,void * dest,size_t size)331 static esp_err_t bootloader_flash_read_allow_decrypt(size_t src_addr, void *dest, size_t size)
332 {
333 uint32_t *dest_words = (uint32_t *)dest;
334
335 for (size_t word = 0; word < size / 4; word++) {
336 uint32_t word_src = src_addr + word * 4; /* Read this offset from flash */
337 uint32_t map_at = word_src & MMU_FLASH_MASK; /* Map this 64KB block from flash */
338 uint32_t *map_ptr;
339 if (map_at != current_read_mapping) {
340 /* Move the 64KB mmu mapping window to fit map_at */
341 #if CONFIG_IDF_TARGET_ESP32
342 Cache_Read_Disable(0);
343 Cache_Flush(0);
344 #elif CONFIG_IDF_TARGET_ESP32S2
345 uint32_t autoload = Cache_Suspend_ICache();
346 Cache_Invalidate_ICache_All();
347 #elif CONFIG_IDF_TARGET_ESP32S3
348 uint32_t autoload = Cache_Suspend_DCache();
349 Cache_Invalidate_DCache_All();
350 #elif CONFIG_IDF_TARGET_ESP32C3
351 uint32_t autoload = Cache_Suspend_ICache();
352 Cache_Invalidate_ICache_All();
353 #elif CONFIG_IDF_TARGET_ESP32H2
354 uint32_t autoload = Cache_Suspend_ICache();
355 Cache_Invalidate_ICache_All();
356 #endif
357 ESP_LOGD(TAG, "mmu set block paddr=0x%08x (was 0x%08x)", map_at, current_read_mapping);
358 #if CONFIG_IDF_TARGET_ESP32
359 int e = cache_flash_mmu_set(0, 0, FLASH_READ_VADDR, map_at, 64, 1);
360 #elif CONFIG_IDF_TARGET_ESP32S2
361 int e = Cache_Ibus_MMU_Set(MMU_ACCESS_FLASH, MMU_BLOCK63_VADDR, map_at, 64, 1, 0);
362 #elif CONFIG_IDF_TARGET_ESP32S3
363 int e = Cache_Dbus_MMU_Set(MMU_ACCESS_FLASH, MMU_BLOCK63_VADDR, map_at, 64, 1, 0);
364 #elif CONFIG_IDF_TARGET_ESP32C3
365 int e = Cache_Dbus_MMU_Set(MMU_ACCESS_FLASH, MMU_BLOCK63_VADDR, map_at, 64, 1, 0);
366 #elif CONFIG_IDF_TARGET_ESP32H2
367 int e = Cache_Dbus_MMU_Set(MMU_ACCESS_FLASH, MMU_BLOCK63_VADDR, map_at, 64, 1, 0);
368 #endif
369 if (e != 0) {
370 ESP_LOGE(TAG, "cache_flash_mmu_set failed: %d\n", e);
371 #if CONFIG_IDF_TARGET_ESP32
372 Cache_Read_Enable(0);
373 #elif CONFIG_IDF_TARGET_ESP32S2
374 Cache_Resume_ICache(autoload);
375 #elif CONFIG_IDF_TARGET_ESP32S3
376 Cache_Resume_DCache(autoload);
377 #elif CONFIG_IDF_TARGET_ESP32C3
378 Cache_Resume_ICache(autoload);
379 #elif CONFIG_IDF_TARGET_ESP32H2
380 Cache_Resume_ICache(autoload);
381 #endif
382 return ESP_FAIL;
383 }
384 current_read_mapping = map_at;
385 #if CONFIG_IDF_TARGET_ESP32
386 Cache_Read_Enable(0);
387 #elif CONFIG_IDF_TARGET_ESP32S2
388 Cache_Resume_ICache(autoload);
389 #elif CONFIG_IDF_TARGET_ESP32S3
390 Cache_Resume_DCache(autoload);
391 #elif CONFIG_IDF_TARGET_ESP32C3
392 Cache_Resume_ICache(autoload);
393 #elif CONFIG_IDF_TARGET_ESP32H2
394 Cache_Resume_ICache(autoload);
395 #endif
396 }
397 map_ptr = (uint32_t *)(FLASH_READ_VADDR + (word_src - map_at));
398 dest_words[word] = *map_ptr;
399 }
400 return ESP_OK;
401 }
402
bootloader_flash_read(size_t src_addr,void * dest,size_t size,bool allow_decrypt)403 esp_err_t bootloader_flash_read(size_t src_addr, void *dest, size_t size, bool allow_decrypt)
404 {
405 if (src_addr & 3) {
406 ESP_LOGE(TAG, "bootloader_flash_read src_addr 0x%x not 4-byte aligned", src_addr);
407 return ESP_FAIL;
408 }
409 if (size & 3) {
410 ESP_LOGE(TAG, "bootloader_flash_read size 0x%x not 4-byte aligned", size);
411 return ESP_FAIL;
412 }
413 if ((intptr_t)dest & 3) {
414 ESP_LOGE(TAG, "bootloader_flash_read dest 0x%x not 4-byte aligned", (intptr_t)dest);
415 return ESP_FAIL;
416 }
417
418 if (allow_decrypt) {
419 return bootloader_flash_read_allow_decrypt(src_addr, dest, size);
420 } else {
421 return bootloader_flash_read_no_decrypt(src_addr, dest, size);
422 }
423 }
424
bootloader_flash_write(size_t dest_addr,void * src,size_t size,bool write_encrypted)425 esp_err_t bootloader_flash_write(size_t dest_addr, void *src, size_t size, bool write_encrypted)
426 {
427 esp_err_t err;
428 size_t alignment = write_encrypted ? 32 : 4;
429 if ((dest_addr % alignment) != 0) {
430 ESP_LOGE(TAG, "bootloader_flash_write dest_addr 0x%x not %d-byte aligned", dest_addr, alignment);
431 return ESP_FAIL;
432 }
433 if ((size % alignment) != 0) {
434 ESP_LOGE(TAG, "bootloader_flash_write size 0x%x not %d-byte aligned", size, alignment);
435 return ESP_FAIL;
436 }
437 if (((intptr_t)src % 4) != 0) {
438 ESP_LOGE(TAG, "bootloader_flash_write src 0x%x not 4 byte aligned", (intptr_t)src);
439 return ESP_FAIL;
440 }
441
442 err = bootloader_flash_unlock();
443 if (err != ESP_OK) {
444 return err;
445 }
446
447 if (write_encrypted && !ENCRYPTION_IS_VIRTUAL) {
448 return spi_to_esp_err(esp_rom_spiflash_write_encrypted(dest_addr, src, size));
449 } else {
450 return spi_to_esp_err(esp_rom_spiflash_write(dest_addr, src, size));
451 }
452 }
453
bootloader_flash_erase_sector(size_t sector)454 esp_err_t bootloader_flash_erase_sector(size_t sector)
455 {
456 return spi_to_esp_err(esp_rom_spiflash_erase_sector(sector));
457 }
458
bootloader_flash_erase_range(uint32_t start_addr,uint32_t size)459 esp_err_t bootloader_flash_erase_range(uint32_t start_addr, uint32_t size)
460 {
461 if (start_addr % FLASH_SECTOR_SIZE != 0) {
462 return ESP_ERR_INVALID_ARG;
463 }
464 if (size % FLASH_SECTOR_SIZE != 0) {
465 return ESP_ERR_INVALID_SIZE;
466 }
467 size_t start = start_addr / FLASH_SECTOR_SIZE;
468 size_t end = start + size / FLASH_SECTOR_SIZE;
469 const size_t sectors_per_block = FLASH_BLOCK_SIZE / FLASH_SECTOR_SIZE;
470
471 esp_rom_spiflash_result_t rc = ESP_ROM_SPIFLASH_RESULT_OK;
472 for (size_t sector = start; sector != end && rc == ESP_ROM_SPIFLASH_RESULT_OK; ) {
473 if (sector % sectors_per_block == 0 && end - sector >= sectors_per_block) {
474 rc = esp_rom_spiflash_erase_block(sector / sectors_per_block);
475 sector += sectors_per_block;
476 } else {
477 rc = esp_rom_spiflash_erase_sector(sector);
478 ++sector;
479 }
480 }
481 return spi_to_esp_err(rc);
482 }
483
484 #endif // BOOTLOADER_BUILD
485
486
is_issi_chip(const esp_rom_spiflash_chip_t * chip)487 FORCE_INLINE_ATTR bool is_issi_chip(const esp_rom_spiflash_chip_t* chip)
488 {
489 return BYTESHIFT(chip->device_id, 2) == ISSI_ID;
490 }
491
492 // For GD25Q32, GD25Q64, GD25Q127C, GD25Q128, which use single command to read/write different SR.
is_gd_q_chip(const esp_rom_spiflash_chip_t * chip)493 FORCE_INLINE_ATTR bool is_gd_q_chip(const esp_rom_spiflash_chip_t* chip)
494 {
495 return BYTESHIFT(chip->device_id, 2) == GD_Q_ID_HIGH && BYTESHIFT(chip->device_id, 1) == GD_Q_ID_MID && BYTESHIFT(chip->device_id, 0) >= GD_Q_ID_LOW;
496 }
497
is_mxic_chip(const esp_rom_spiflash_chip_t * chip)498 FORCE_INLINE_ATTR bool is_mxic_chip(const esp_rom_spiflash_chip_t* chip)
499 {
500 return BYTESHIFT(chip->device_id, 2) == MXIC_ID;
501 }
502
bootloader_flash_unlock(void)503 esp_err_t IRAM_ATTR __attribute__((weak)) bootloader_flash_unlock(void)
504 {
505 // At the beginning status == new_status == status_sr2 == new_status_sr2 == 0.
506 // If the register doesn't need to be updated, keep them the same (0), so that no command will be actually sent.
507 uint16_t status = 0; // status for SR1 or SR1+SR2 if writing SR with 01H + 2Bytes.
508 uint16_t new_status = 0;
509 uint8_t status_sr2 = 0; // status_sr2 for SR2.
510 uint8_t new_status_sr2 = 0;
511 uint8_t sr1_bit_num = 0;
512 esp_err_t err = ESP_OK;
513
514 esp_rom_spiflash_wait_idle(&g_rom_flashchip);
515 if (is_issi_chip(&g_rom_flashchip) || is_mxic_chip(&g_rom_flashchip)) {
516 // Currently ISSI & MXIC share the same command and register layout, which is different from the default model.
517 // If any code here needs to be modified, check both chips.
518 status = bootloader_execute_flash_command(CMD_RDSR, 0, 0, 8);
519
520 /* Clear all bits in the mask.
521 (This is different from ROM esp_rom_spiflash_unlock, which keeps all bits as-is.)
522 */
523 sr1_bit_num = 8;
524 new_status = status & (~ESP_BOOTLOADER_SPIFLASH_BP_MASK_ISSI);
525 } else if (is_gd_q_chip(&g_rom_flashchip)) {
526 /* The GD chips behaviour is to clear all bits in SR1 and clear bits in SR2 except QE bit.
527 Use 01H to write SR1 and 31H to write SR2.
528 */
529 status = bootloader_execute_flash_command(CMD_RDSR, 0, 0, 8);
530 sr1_bit_num = 8;
531 new_status = 0;
532
533 status_sr2 = bootloader_execute_flash_command(CMD_RDSR2, 0, 0, 8);
534 new_status_sr2 = status_sr2 & ESP_BOOTLOADER_SPIFLASH_QE_GD_SR2;
535 } else {
536 /* For common behaviour, like XMC chips, Use 01H+2Bytes to write both SR1 and SR2*/
537 status = bootloader_execute_flash_command(CMD_RDSR, 0, 0, 8) | (bootloader_execute_flash_command(CMD_RDSR2, 0, 0, 8) << 8);
538
539 /* Clear all bits except QE, if it is set.
540 (This is different from ROM esp_rom_spiflash_unlock, which keeps all bits as-is.)
541 */
542 sr1_bit_num = 16;
543 new_status = status & ESP_BOOTLOADER_SPIFLASH_QE_SR1_2BYTE;
544 }
545
546 // When SR is written, set to true to indicate that WRDI need to be sent to ensure the protection is ON before return.
547 bool status_written = false;
548 // Skip if nothing needs to be changed. Meaningless writing to SR increases the risk during write and wastes time.
549 if (status != new_status) {
550 esp_rom_spiflash_wait_idle(&g_rom_flashchip);
551 bootloader_execute_flash_command(CMD_WREN, 0, 0, 0);
552 bootloader_execute_flash_command(CMD_WRSR, new_status, sr1_bit_num, 0);
553 status_written = true;
554 }
555
556 if (status_sr2 != new_status_sr2) {
557 esp_rom_spiflash_wait_idle(&g_rom_flashchip);
558 bootloader_execute_flash_command(CMD_WREN, 0, 0, 0);
559 bootloader_execute_flash_command(CMD_WRSR2, new_status_sr2, 8, 0);
560 status_written = true;
561 }
562
563 if (status_written) {
564 //Call esp_rom_spiflash_wait_idle to make sure previous WRSR is completed.
565 esp_rom_spiflash_wait_idle(&g_rom_flashchip);
566 bootloader_execute_flash_command(CMD_WRDI, 0, 0, 0);
567 }
568
569 return err;
570 }
571
572 /* dummy_len_plus values defined in ROM for SPI flash configuration */
573 #ifndef g_rom_spiflash_dummy_len_plus // ESP32-C3 uses a macro to access ROM data here
574 extern uint8_t g_rom_spiflash_dummy_len_plus[];
575 #endif
bootloader_flash_execute_command_common(uint8_t command,uint32_t addr_len,uint32_t address,uint8_t dummy_len,uint8_t mosi_len,uint32_t mosi_data,uint8_t miso_len)576 IRAM_ATTR static uint32_t bootloader_flash_execute_command_common(
577 uint8_t command,
578 uint32_t addr_len, uint32_t address,
579 uint8_t dummy_len,
580 uint8_t mosi_len, uint32_t mosi_data,
581 uint8_t miso_len)
582 {
583 assert(mosi_len <= 32);
584 assert(miso_len <= 32);
585 uint32_t old_ctrl_reg = SPIFLASH.ctrl.val;
586 uint32_t old_user_reg = SPIFLASH.user.val;
587 uint32_t old_user1_reg = SPIFLASH.user1.val;
588 uint32_t old_user2_reg = SPIFLASH.user2.val;
589 #if CONFIG_IDF_TARGET_ESP32
590 SPIFLASH.ctrl.val = SPI_WP_REG_M; // keep WP high while idle, otherwise leave DIO mode
591 #else
592 SPIFLASH.ctrl.val = SPI_MEM_WP_REG_M; // keep WP high while idle, otherwise leave DIO mode
593 #endif
594 //command phase
595 SPIFLASH.user.usr_command = 1;
596 SPIFLASH.user2.usr_command_bitlen = 7;
597 SPIFLASH.user2.usr_command_value = command;
598 //addr phase
599 SPIFLASH.user.usr_addr = addr_len > 0;
600 SPIFLASH.user1.usr_addr_bitlen = addr_len - 1;
601 #if CONFIG_IDF_TARGET_ESP32
602 SPIFLASH.addr = (addr_len > 0)? (address << (32-addr_len)) : 0;
603 #else
604 SPIFLASH.addr = address;
605 #endif
606 //dummy phase
607 if (miso_len > 0) {
608 uint32_t total_dummy = dummy_len + g_rom_spiflash_dummy_len_plus[1];
609 SPIFLASH.user.usr_dummy = total_dummy > 0;
610 SPIFLASH.user1.usr_dummy_cyclelen = total_dummy - 1;
611 } else {
612 SPIFLASH.user.usr_dummy = 0;
613 SPIFLASH.user1.usr_dummy_cyclelen = 0;
614 }
615 //output data
616 SPIFLASH.user.usr_mosi = mosi_len > 0;
617 #if CONFIG_IDF_TARGET_ESP32
618 SPIFLASH.mosi_dlen.usr_mosi_dbitlen = mosi_len ? (mosi_len - 1) : 0;
619 #else
620 SPIFLASH.mosi_dlen.usr_mosi_bit_len = mosi_len ? (mosi_len - 1) : 0;
621 #endif
622 SPIFLASH.data_buf[0] = mosi_data;
623 //input data
624 SPIFLASH.user.usr_miso = miso_len > 0;
625 #if CONFIG_IDF_TARGET_ESP32
626 SPIFLASH.miso_dlen.usr_miso_dbitlen = miso_len ? (miso_len - 1) : 0;
627 #else
628 SPIFLASH.miso_dlen.usr_miso_bit_len = miso_len ? (miso_len - 1) : 0;
629 #endif
630
631 SPIFLASH.cmd.usr = 1;
632 while (SPIFLASH.cmd.usr != 0) {
633 }
634 SPIFLASH.ctrl.val = old_ctrl_reg;
635 SPIFLASH.user.val = old_user_reg;
636 SPIFLASH.user1.val = old_user1_reg;
637 SPIFLASH.user2.val = old_user2_reg;
638
639 uint32_t ret = SPIFLASH.data_buf[0];
640 if (miso_len < 32) {
641 //set unused bits to 0
642 ret &= ~(UINT32_MAX << miso_len);
643 }
644 return ret;
645 }
646
bootloader_execute_flash_command(uint8_t command,uint32_t mosi_data,uint8_t mosi_len,uint8_t miso_len)647 uint32_t IRAM_ATTR bootloader_execute_flash_command(uint8_t command, uint32_t mosi_data, uint8_t mosi_len, uint8_t miso_len)
648 {
649 const uint8_t addr_len = 0;
650 const uint8_t address = 0;
651 const uint8_t dummy_len = 0;
652
653 return bootloader_flash_execute_command_common(command, addr_len, address,
654 dummy_len, mosi_len, mosi_data, miso_len);
655 }
656
657 // cmd(0x5A) + 24bit address + 8 cycles dummy
bootloader_flash_read_sfdp(uint32_t sfdp_addr,unsigned int miso_byte_num)658 uint32_t IRAM_ATTR bootloader_flash_read_sfdp(uint32_t sfdp_addr, unsigned int miso_byte_num)
659 {
660 assert(miso_byte_num <= 4);
661 const uint8_t command = CMD_RDSFDP;
662 const uint8_t addr_len = 24;
663 const uint8_t dummy_len = 8;
664 const uint8_t mosi_len = 0;
665 const uint32_t mosi_data = 0;
666 const uint8_t miso_len = miso_byte_num * 8;
667
668 return bootloader_flash_execute_command_common(command, addr_len, sfdp_addr,
669 dummy_len, mosi_len, mosi_data, miso_len);
670 }
671
bootloader_enable_wp(void)672 void bootloader_enable_wp(void)
673 {
674 bootloader_execute_flash_command(CMD_WRDI, 0, 0, 0); /* Exit OTP mode */
675 }
676
bootloader_read_flash_id(void)677 uint32_t IRAM_ATTR bootloader_read_flash_id(void)
678 {
679 uint32_t id = bootloader_execute_flash_command(CMD_RDID, 0, 0, 24);
680 id = ((id & 0xff) << 16) | ((id >> 16) & 0xff) | (id & 0xff00);
681 return id;
682 }
683
684 #if SOC_CACHE_SUPPORT_WRAP
bootloader_flash_wrap_set(spi_flash_wrap_mode_t mode)685 esp_err_t bootloader_flash_wrap_set(spi_flash_wrap_mode_t mode)
686 {
687 uint32_t reg_bkp_ctrl = SPIFLASH.ctrl.val;
688 uint32_t reg_bkp_usr = SPIFLASH.user.val;
689 SPIFLASH.user.fwrite_dio = 0;
690 SPIFLASH.user.fwrite_dual = 0;
691 SPIFLASH.user.fwrite_qio = 1;
692 SPIFLASH.user.fwrite_quad = 0;
693 SPIFLASH.ctrl.fcmd_dual = 0;
694 SPIFLASH.ctrl.fcmd_quad = 0;
695 SPIFLASH.user.usr_dummy = 0;
696 SPIFLASH.user.usr_addr = 1;
697 SPIFLASH.user.usr_command = 1;
698 SPIFLASH.user2.usr_command_bitlen = 7;
699 SPIFLASH.user2.usr_command_value = CMD_WRAP;
700 SPIFLASH.user1.usr_addr_bitlen = 23;
701 SPIFLASH.addr = 0;
702 SPIFLASH.user.usr_miso = 0;
703 SPIFLASH.user.usr_mosi = 1;
704 SPIFLASH.mosi_dlen.usr_mosi_bit_len = 7;
705 SPIFLASH.data_buf[0] = (uint32_t) mode << 4;;
706 SPIFLASH.cmd.usr = 1;
707 while(SPIFLASH.cmd.usr != 0)
708 { }
709
710 SPIFLASH.ctrl.val = reg_bkp_ctrl;
711 SPIFLASH.user.val = reg_bkp_usr;
712 return ESP_OK;
713 }
714 #endif //SOC_CACHE_SUPPORT_WRAP
715
716 /*******************************************************************************
717 * XMC startup flow
718 ******************************************************************************/
719
720 #define XMC_SUPPORT CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT
721 #define XMC_VENDOR_ID 0x20
722
723 #if BOOTLOADER_BUILD
724 #define BOOTLOADER_FLASH_LOG(level, ...) ESP_LOG##level(TAG, ##__VA_ARGS__)
725 #else
726 static DRAM_ATTR char bootloader_flash_tag[] = "bootloader_flash";
727 #define BOOTLOADER_FLASH_LOG(level, ...) ESP_DRAM_LOG##level(bootloader_flash_tag, ##__VA_ARGS__)
728 #endif
729
730 #if XMC_SUPPORT
731 //strictly check the model
is_xmc_chip_strict(uint32_t rdid)732 static IRAM_ATTR bool is_xmc_chip_strict(uint32_t rdid)
733 {
734 uint32_t vendor_id = BYTESHIFT(rdid, 2);
735 uint32_t mfid = BYTESHIFT(rdid, 1);
736 uint32_t cpid = BYTESHIFT(rdid, 0);
737
738 if (vendor_id != XMC_VENDOR_ID) {
739 return false;
740 }
741
742 bool matched = false;
743 if (mfid == 0x40) {
744 if (cpid >= 0x13 && cpid <= 0x20) {
745 matched = true;
746 }
747 } else if (mfid == 0x41) {
748 if (cpid >= 0x17 && cpid <= 0x20) {
749 matched = true;
750 }
751 } else if (mfid == 0x50) {
752 if (cpid >= 0x15 && cpid <= 0x16) {
753 matched = true;
754 }
755 }
756 return matched;
757 }
758
bootloader_flash_xmc_startup(void)759 esp_err_t IRAM_ATTR bootloader_flash_xmc_startup(void)
760 {
761 // If the RDID value is a valid XMC one, may skip the flow
762 const bool fast_check = true;
763 if (fast_check && is_xmc_chip_strict(g_rom_flashchip.device_id)) {
764 BOOTLOADER_FLASH_LOG(D, "XMC chip detected by RDID (%08X), skip.", g_rom_flashchip.device_id);
765 return ESP_OK;
766 }
767
768 // Check the Manufacturer ID in SFDP registers (JEDEC standard). If not XMC chip, no need to run the flow
769 const int sfdp_mfid_addr = 0x10;
770 uint8_t mf_id = (bootloader_flash_read_sfdp(sfdp_mfid_addr, 1) & 0xff);
771 if (mf_id != XMC_VENDOR_ID) {
772 BOOTLOADER_FLASH_LOG(D, "non-XMC chip detected by SFDP Read (%02X), skip.", mf_id);
773 return ESP_OK;
774 }
775
776 BOOTLOADER_FLASH_LOG(I, "XM25QHxxC startup flow");
777 // Enter DPD
778 bootloader_execute_flash_command(0xB9, 0, 0, 0);
779 // Enter UDPD
780 bootloader_execute_flash_command(0x79, 0, 0, 0);
781 // Exit UDPD
782 bootloader_execute_flash_command(0xFF, 0, 0, 0);
783 // Delay tXUDPD
784 esp_rom_delay_us(2000);
785 // Release Power-down
786 bootloader_execute_flash_command(0xAB, 0, 0, 0);
787 esp_rom_delay_us(20);
788 // Read flash ID and check again
789 g_rom_flashchip.device_id = bootloader_read_flash_id();
790 if (!is_xmc_chip_strict(g_rom_flashchip.device_id)) {
791 BOOTLOADER_FLASH_LOG(E, "XMC flash startup fail");
792 return ESP_FAIL;
793 }
794
795 return ESP_OK;
796 }
797
798 #else
799 //only compare the vendor id
is_xmc_chip(uint32_t rdid)800 static IRAM_ATTR bool is_xmc_chip(uint32_t rdid)
801 {
802 uint32_t vendor_id = (rdid >> 16) & 0xFF;
803 return (vendor_id == XMC_VENDOR_ID);
804 }
805
bootloader_flash_xmc_startup(void)806 esp_err_t IRAM_ATTR bootloader_flash_xmc_startup(void)
807 {
808 if (is_xmc_chip(g_rom_flashchip.device_id)) {
809 BOOTLOADER_FLASH_LOG(E, "XMC chip detected (%08X) while support disabled.", g_rom_flashchip.device_id);
810 return ESP_FAIL;
811 }
812 return ESP_OK;
813 }
814
815 #endif //XMC_SUPPORT
816
