1 /*
2  * This file is part of the flashrom project.
3  *
4  * Copyright (C) 2007, 2008, 2009, 2010 Carl-Daniel Hailfinger
5  * Copyright (C) 2008 coresystems GmbH
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; version 2 of the License.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  */
16 
17 /*
18  * Contains the common SPI chip driver functions
19  */
20 
21 #include <stddef.h>
22 #include <string.h>
23 #include <stdbool.h>
24 #include "flash.h"
25 #include "flashchips.h"
26 #include "chipdrivers.h"
27 #include "programmer.h"
28 #include "spi.h"
29 
30 enum id_type {
31 	RDID,
32 	RDID4,
33 	REMS,
34 	RES2,
35 	RES3,
36 	NUM_ID_TYPES,
37 };
38 
39 static struct {
40 	bool is_cached;
41 	unsigned char bytes[4];		/* enough to hold largest ID type */
42 } id_cache[NUM_ID_TYPES];
43 
clear_spi_id_cache(void)44 void clear_spi_id_cache(void)
45 {
46 	memset(id_cache, 0, sizeof(id_cache));
47 	return;
48 }
49 
spi_rdid(struct flashctx * flash,unsigned char * readarr,int bytes)50 static int spi_rdid(struct flashctx *flash, unsigned char *readarr, int bytes)
51 {
52 	static const unsigned char cmd[JEDEC_RDID_OUTSIZE] = { JEDEC_RDID };
53 	int ret;
54 	int i;
55 
56 	ret = spi_send_command(flash, sizeof(cmd), bytes, cmd, readarr);
57 	if (ret)
58 		return ret;
59 	msg_cspew("RDID returned");
60 	for (i = 0; i < bytes; i++)
61 		msg_cspew(" 0x%02x", readarr[i]);
62 	msg_cspew(". ");
63 	return 0;
64 }
65 
spi_rems(struct flashctx * flash,unsigned char * readarr)66 static int spi_rems(struct flashctx *flash, unsigned char *readarr)
67 {
68 	static const unsigned char cmd[JEDEC_REMS_OUTSIZE] = { JEDEC_REMS, };
69 	int ret;
70 
71 	ret = spi_send_command(flash, sizeof(cmd), JEDEC_REMS_INSIZE, cmd, readarr);
72 	if (ret)
73 		return ret;
74 	msg_cspew("REMS returned 0x%02x 0x%02x. ", readarr[0], readarr[1]);
75 	return 0;
76 }
77 
spi_res(struct flashctx * flash,unsigned char * readarr,int bytes)78 static int spi_res(struct flashctx *flash, unsigned char *readarr, int bytes)
79 {
80 	static const unsigned char cmd[JEDEC_RES_OUTSIZE] = { JEDEC_RES, };
81 	int ret;
82 	int i;
83 
84 	ret = spi_send_command(flash, sizeof(cmd), bytes, cmd, readarr);
85 	if (ret)
86 		return ret;
87 	msg_cspew("RES returned");
88 	for (i = 0; i < bytes; i++)
89 		msg_cspew(" 0x%02x", readarr[i]);
90 	msg_cspew(". ");
91 	return 0;
92 }
93 
spi_write_enable(struct flashctx * flash)94 int spi_write_enable(struct flashctx *flash)
95 {
96 	static const unsigned char cmd[JEDEC_WREN_OUTSIZE] = { JEDEC_WREN };
97 	int result;
98 
99 	/* Send WREN (Write Enable) */
100 	result = spi_send_command(flash, sizeof(cmd), 0, cmd, NULL);
101 
102 	if (result)
103 		msg_cerr("%s failed\n", __func__);
104 
105 	return result;
106 }
107 
spi_write_disable(struct flashctx * flash)108 int spi_write_disable(struct flashctx *flash)
109 {
110 	static const unsigned char cmd[JEDEC_WRDI_OUTSIZE] = { JEDEC_WRDI };
111 
112 	/* Send WRDI (Write Disable) */
113 	return spi_send_command(flash, sizeof(cmd), 0, cmd, NULL);
114 }
115 
rdid_get_ids(unsigned char * readarr,int bytes,uint32_t * id1,uint32_t * id2)116 static void rdid_get_ids(unsigned char *readarr, int bytes,
117 		uint32_t *id1, uint32_t *id2)
118 {
119 	if (!oddparity(readarr[0]))
120 		msg_cdbg("RDID byte 0 parity violation. ");
121 
122 	/* Check if this is a continuation vendor ID.
123 	 * FIXME: Handle continuation device IDs.
124 	 */
125 	if (readarr[0] == 0x7f) {
126 		if (!oddparity(readarr[1]))
127 			msg_cdbg("RDID byte 1 parity violation. ");
128 		*id1 = (readarr[0] << 8) | readarr[1];
129 		*id2 = readarr[2];
130 		if (bytes > 3) {
131 			*id2 <<= 8;
132 			*id2 |= readarr[3];
133 		}
134 	} else {
135 		*id1 = readarr[0];
136 		*id2 = (readarr[1] << 8) | readarr[2];
137 	}
138 }
139 
compare_id(const struct flashctx * flash,uint32_t id1,uint32_t id2)140 static int compare_id(const struct flashctx *flash, uint32_t id1, uint32_t id2)
141 {
142 	const struct flashchip *chip = flash->chip;
143 
144 	msg_cdbg("%s: id1 0x%02"PRIx32", id2 0x%02"PRIx32"\n", __func__, id1, id2);
145 	if (id1 == chip->manufacture_id && id2 == chip->model_id)
146 		return 1;
147 
148 	/* Test if this is a pure vendor match. */
149 	if (id1 == chip->manufacture_id && GENERIC_DEVICE_ID == chip->model_id)
150 		return 1;
151 
152 	/* Test if there is any vendor ID. */
153 	if (GENERIC_MANUF_ID == chip->manufacture_id && id1 != 0xff && id1 != 0x00)
154 		return 1;
155 
156 	return 0;
157 }
158 
probe_spi_rdid_generic(struct flashctx * flash,int bytes)159 static int probe_spi_rdid_generic(struct flashctx *flash, int bytes)
160 {
161 	uint32_t id1, id2;
162 	enum id_type idty = bytes == 3 ? RDID : RDID4;
163 
164 	if (!id_cache[idty].is_cached) {
165 		const int ret = spi_rdid(flash, id_cache[idty].bytes, bytes);
166 		if (ret == SPI_INVALID_LENGTH)
167 			msg_cinfo("%d byte RDID not supported on this SPI controller\n", bytes);
168 		if (ret)
169 			return 0;
170 		id_cache[idty].is_cached = true;
171 	}
172 
173 	rdid_get_ids(id_cache[idty].bytes, bytes, &id1, &id2);
174 	return compare_id(flash, id1, id2);
175 }
176 
probe_spi_rdid(struct flashctx * flash)177 int probe_spi_rdid(struct flashctx *flash)
178 {
179 	return probe_spi_rdid_generic(flash, 3);
180 }
181 
probe_spi_rdid4(struct flashctx * flash)182 int probe_spi_rdid4(struct flashctx *flash)
183 {
184 	return probe_spi_rdid_generic(flash, 4);
185 }
186 
probe_spi_rems(struct flashctx * flash)187 int probe_spi_rems(struct flashctx *flash)
188 {
189 	uint32_t id1, id2;
190 
191 	if (!id_cache[REMS].is_cached) {
192 		if (spi_rems(flash, id_cache[REMS].bytes))
193 			return 0;
194 		id_cache[REMS].is_cached = true;
195 	}
196 
197 	id1 = id_cache[REMS].bytes[0];
198 	id2 = id_cache[REMS].bytes[1];
199 	return compare_id(flash, id1, id2);
200 }
201 
probe_spi_res1(struct flashctx * flash)202 int probe_spi_res1(struct flashctx *flash)
203 {
204 	static const unsigned char allff[] = {0xff, 0xff, 0xff};
205 	static const unsigned char all00[] = {0x00, 0x00, 0x00};
206 	unsigned char readarr[3];
207 	uint32_t id2;
208 
209 	/* We only want one-byte RES if RDID and REMS are unusable. */
210 
211 	/* Check if RDID is usable and does not return 0xff 0xff 0xff or
212 	 * 0x00 0x00 0x00. In that case, RES is pointless.
213 	 */
214 	if (!spi_rdid(flash, readarr, 3) && memcmp(readarr, allff, 3) &&
215 	    memcmp(readarr, all00, 3)) {
216 		msg_cdbg("Ignoring RES in favour of RDID.\n");
217 		return 0;
218 	}
219 	/* Check if REMS is usable and does not return 0xff 0xff or
220 	 * 0x00 0x00. In that case, RES is pointless.
221 	 */
222 	if (!spi_rems(flash, readarr) &&
223 	    memcmp(readarr, allff, JEDEC_REMS_INSIZE) &&
224 	    memcmp(readarr, all00, JEDEC_REMS_INSIZE)) {
225 		msg_cdbg("Ignoring RES in favour of REMS.\n");
226 		return 0;
227 	}
228 
229 	if (spi_res(flash, readarr, 1)) {
230 		return 0;
231 	}
232 
233 	id2 = readarr[0];
234 
235 	msg_cdbg("%s: id 0x%"PRIx32"\n", __func__, id2);
236 
237 	if (id2 != flash->chip->model_id)
238 		return 0;
239 
240 	return 1;
241 }
242 
probe_spi_res2(struct flashctx * flash)243 int probe_spi_res2(struct flashctx *flash)
244 {
245 	uint32_t id1, id2;
246 
247 	if (!id_cache[RES2].is_cached) {
248 		if (spi_res(flash, id_cache[RES2].bytes, 2))
249 			return 0;
250 		id_cache[RES2].is_cached = true;
251 	}
252 
253 	id1 = id_cache[RES2].bytes[0];
254 	id2 = id_cache[RES2].bytes[1];
255 	msg_cdbg("%s: id1 0x%"PRIx32", id2 0x%"PRIx32"\n", __func__, id1, id2);
256 
257 	if (id1 != flash->chip->manufacture_id || id2 != flash->chip->model_id)
258 		return 0;
259 
260 	return 1;
261 }
262 
probe_spi_res3(struct flashctx * flash)263 int probe_spi_res3(struct flashctx *flash)
264 {
265 	uint32_t id1, id2;
266 
267 	if (!id_cache[RES3].is_cached) {
268 		if (spi_res(flash, id_cache[RES3].bytes, 3))
269 			return 0;
270 		id_cache[RES3].is_cached = true;
271 	}
272 
273 	id1 = (id_cache[RES3].bytes[0] << 8) | id_cache[RES3].bytes[1];
274 	id2 = id_cache[RES3].bytes[3];
275 	msg_cdbg("%s: id1 0x%"PRIx32", id2 0x%"PRIx32"\n", __func__, id1, id2);
276 
277 	if (id1 != flash->chip->manufacture_id || id2 != flash->chip->model_id)
278 		return 0;
279 
280 	return 1;
281 }
282 
283 /* Only used for some Atmel chips. */
probe_spi_at25f(struct flashctx * flash)284 int probe_spi_at25f(struct flashctx *flash)
285 {
286 	static const unsigned char cmd[AT25F_RDID_OUTSIZE] = { AT25F_RDID };
287 	unsigned char readarr[AT25F_RDID_INSIZE];
288 	uint32_t id1;
289 	uint32_t id2;
290 
291 	if (spi_send_command(flash, sizeof(cmd), sizeof(readarr), cmd, readarr))
292 		return 0;
293 
294 	id1 = readarr[0];
295 	id2 = readarr[1];
296 
297 	msg_cdbg("%s: id1 0x%02"PRIx32", id2 0x%02"PRIx32"\n", __func__, id1, id2);
298 
299 	if (id1 == flash->chip->manufacture_id && id2 == flash->chip->model_id)
300 		return 1;
301 
302 	return 0;
303 }
304 
spi_poll_wip(struct flashctx * const flash,const unsigned int poll_delay)305 static int spi_poll_wip(struct flashctx *const flash, const unsigned int poll_delay)
306 {
307 	/* FIXME: We don't time out. */
308 	while (true) {
309 		uint8_t status;
310 		int ret = spi_read_register(flash, STATUS1, &status);
311 		if (ret)
312 			return ret;
313 		if (!(status & SPI_SR_WIP))
314 			return 0;
315 
316 		programmer_delay(flash, poll_delay);
317 	}
318 }
319 
320 /**
321  * Execute WREN plus another one byte `op`, optionally poll WIP afterwards.
322  *
323  * @param flash       the flash chip's context
324  * @param op          the operation to execute
325  * @param poll_delay  interval in us for polling WIP, don't poll if zero
326  * @return 0 on success, non-zero otherwise
327  */
spi_simple_write_cmd(struct flashctx * const flash,const uint8_t op,const unsigned int poll_delay)328 static int spi_simple_write_cmd(struct flashctx *const flash, const uint8_t op, const unsigned int poll_delay)
329 {
330 	struct spi_command cmds[] = {
331 	{
332 		.readarr = 0,
333 		.writecnt = JEDEC_WREN_OUTSIZE,
334 		.writearr = (const unsigned char[]){ JEDEC_WREN },
335 	}, {
336 		.readarr = 0,
337 		.writecnt = 1,
338 		.writearr = (const unsigned char[]){ op },
339 	},
340 		NULL_SPI_CMD,
341 	};
342 
343 	const int result = spi_send_multicommand(flash, cmds);
344 	if (result)
345 		msg_cerr("%s failed during command execution\n", __func__);
346 
347 	const int status = poll_delay ? spi_poll_wip(flash, poll_delay) : 0;
348 
349 	return result ? result : status;
350 }
351 
spi_write_extended_address_register(struct flashctx * const flash,const uint8_t regdata)352 static int spi_write_extended_address_register(struct flashctx *const flash, const uint8_t regdata)
353 {
354 	uint8_t op;
355 	if (flash->chip->feature_bits & FEATURE_4BA_EAR_C5C8) {
356 		op = JEDEC_WRITE_EXT_ADDR_REG;
357 	} else if (flash->chip->feature_bits & FEATURE_4BA_EAR_1716) {
358 		op = ALT_WRITE_EXT_ADDR_REG_17;
359 	} else {
360 		msg_cerr("Flash misses feature flag for extended-address register.\n");
361 		return -1;
362 	}
363 
364 	struct spi_command cmds[] = {
365 	{
366 		.readarr = 0,
367 		.writecnt = 1,
368 		.writearr = (const unsigned char[]){ JEDEC_WREN },
369 	}, {
370 		.readarr = 0,
371 		.writecnt = 2,
372 		.writearr = (const unsigned char[]){ op, regdata },
373 	},
374 		NULL_SPI_CMD,
375 	};
376 
377 	const int result = spi_send_multicommand(flash, cmds);
378 	if (result)
379 		msg_cerr("%s failed during command execution\n", __func__);
380 	return result;
381 }
382 
spi_set_extended_address(struct flashctx * const flash,const uint8_t addr_high)383 int spi_set_extended_address(struct flashctx *const flash, const uint8_t addr_high)
384 {
385 	if (flash->address_high_byte != addr_high &&
386 	    spi_write_extended_address_register(flash, addr_high))
387 		return -1;
388 	flash->address_high_byte = addr_high;
389 	return 0;
390 }
391 
spi_prepare_address(struct flashctx * const flash,uint8_t cmd_buf[],const bool native_4ba,const unsigned int addr)392 static int spi_prepare_address(struct flashctx *const flash, uint8_t cmd_buf[],
393 			       const bool native_4ba, const unsigned int addr)
394 {
395 	if (native_4ba || flash->in_4ba_mode) {
396 		if (!spi_master_4ba(flash)) {
397 			msg_cwarn("4-byte address requested but master can't handle 4-byte addresses.\n");
398 			return -1;
399 		}
400 		cmd_buf[1] = (addr >> 24) & 0xff;
401 		cmd_buf[2] = (addr >> 16) & 0xff;
402 		cmd_buf[3] = (addr >>  8) & 0xff;
403 		cmd_buf[4] = (addr >>  0) & 0xff;
404 		return 4;
405 	} else {
406 		if (flash->chip->feature_bits & FEATURE_4BA_EAR_ANY) {
407 			if (spi_set_extended_address(flash, addr >> 24))
408 				return -1;
409 		} else if (addr >> 24) {
410 			msg_cerr("Can't handle 4-byte address for opcode '0x%02x'\n"
411 				 "with this chip/programmer combination.\n", cmd_buf[0]);
412 			return -1;
413 		}
414 		cmd_buf[1] = (addr >> 16) & 0xff;
415 		cmd_buf[2] = (addr >>  8) & 0xff;
416 		cmd_buf[3] = (addr >>  0) & 0xff;
417 		return 3;
418 	}
419 }
420 
421 /**
422  * Execute WREN plus another `op` that takes an address and
423  * optional data, poll WIP afterwards.
424  *
425  * @param flash       the flash chip's context
426  * @param op          the operation to execute
427  * @param native_4ba  whether `op` always takes a 4-byte address
428  * @param addr        the address parameter to `op`
429  * @param out_bytes   bytes to send after the address,
430  *                    may be NULL if and only if `out_bytes` is 0
431  * @param out_bytes   number of bytes to send, 256 at most, may be zero
432  * @param poll_delay  interval in us for polling WIP
433  * @return 0 on success, non-zero otherwise
434  */
spi_write_cmd(struct flashctx * const flash,const uint8_t op,const bool native_4ba,const unsigned int addr,const uint8_t * const out_bytes,const size_t out_len,const unsigned int poll_delay)435 static int spi_write_cmd(struct flashctx *const flash, const uint8_t op,
436 			 const bool native_4ba, const unsigned int addr,
437 			 const uint8_t *const out_bytes, const size_t out_len,
438 			 const unsigned int poll_delay)
439 {
440 	uint8_t cmd[1 + JEDEC_MAX_ADDR_LEN + 256];
441 	struct spi_command cmds[] = {
442 	{
443 		.readarr = 0,
444 		.writecnt = 1,
445 		.writearr = (const unsigned char[]){ JEDEC_WREN },
446 	}, {
447 		.readarr = 0,
448 		.writearr = cmd,
449 	},
450 		NULL_SPI_CMD,
451 	};
452 
453 	cmd[0] = op;
454 	const int addr_len = spi_prepare_address(flash, cmd, native_4ba, addr);
455 	if (addr_len < 0)
456 		return 1;
457 
458 	if (1 + addr_len + out_len > sizeof(cmd)) {
459 		msg_cerr("%s called for too long a write\n", __func__);
460 		return 1;
461 	}
462 	if (!out_bytes && out_len > 0)
463 		return 1;
464 
465 	memcpy(cmd + 1 + addr_len, out_bytes, out_len);
466 	cmds[1].writecnt = 1 + addr_len + out_len;
467 
468 	const int result = spi_send_multicommand(flash, cmds);
469 	if (result)
470 		msg_cerr("%s failed during command execution at address 0x%x\n", __func__, addr);
471 
472 	const int status = spi_poll_wip(flash, poll_delay);
473 
474 	return result ? result : status;
475 }
476 
spi_chip_erase_60(struct flashctx * flash)477 static int spi_chip_erase_60(struct flashctx *flash)
478 {
479 	/* This usually takes 1-85s, so wait in 1s steps. */
480 	return spi_simple_write_cmd(flash, JEDEC_CE_60, 1000 * 1000);
481 }
482 
spi_chip_erase_62(struct flashctx * flash)483 static int spi_chip_erase_62(struct flashctx *flash)
484 {
485 	/* This usually takes 2-5s, so wait in 100ms steps. */
486 	return spi_simple_write_cmd(flash, JEDEC_CE_62, 100 * 1000);
487 }
488 
spi_chip_erase_c7(struct flashctx * flash)489 static int spi_chip_erase_c7(struct flashctx *flash)
490 {
491 	/* This usually takes 1-85s, so wait in 1s steps. */
492 	return spi_simple_write_cmd(flash, JEDEC_CE_C7, 1000 * 1000);
493 }
494 
spi_block_erase_52(struct flashctx * flash,unsigned int addr,unsigned int blocklen)495 int spi_block_erase_52(struct flashctx *flash, unsigned int addr,
496 		       unsigned int blocklen)
497 {
498 	/* This usually takes 100-4000ms, so wait in 100ms steps. */
499 	return spi_write_cmd(flash, JEDEC_BE_52, false, addr, NULL, 0, 100 * 1000);
500 }
501 
502 /* Block size is usually
503  * 32M (one die) for Micron
504  */
spi_block_erase_c4(struct flashctx * flash,unsigned int addr,unsigned int blocklen)505 int spi_block_erase_c4(struct flashctx *flash, unsigned int addr, unsigned int blocklen)
506 {
507 	/* This usually takes 240-480s, so wait in 500ms steps. */
508 	return spi_write_cmd(flash, JEDEC_BE_C4, false, addr, NULL, 0, 500 * 1000);
509 }
510 
511 /* Block size is usually
512  * 64k for Macronix
513  * 32k for SST
514  * 4-32k non-uniform for EON
515  */
spi_block_erase_d8(struct flashctx * flash,unsigned int addr,unsigned int blocklen)516 int spi_block_erase_d8(struct flashctx *flash, unsigned int addr,
517 		       unsigned int blocklen)
518 {
519 	/* This usually takes 100-4000ms, so wait in 100ms steps. */
520 	return spi_write_cmd(flash, JEDEC_BE_D8, false, addr, NULL, 0, 100 * 1000);
521 }
522 
523 /* Block size is usually
524  * 4k for PMC
525  */
spi_block_erase_d7(struct flashctx * flash,unsigned int addr,unsigned int blocklen)526 int spi_block_erase_d7(struct flashctx *flash, unsigned int addr,
527 		       unsigned int blocklen)
528 {
529 	/* This usually takes 100-4000ms, so wait in 100ms steps. */
530 	return spi_write_cmd(flash, JEDEC_BE_D7, false, addr, NULL, 0, 100 * 1000);
531 }
532 
533 /* Page erase (usually 256B blocks) */
spi_block_erase_db(struct flashctx * flash,unsigned int addr,unsigned int blocklen)534 int spi_block_erase_db(struct flashctx *flash, unsigned int addr, unsigned int blocklen)
535 {
536 	/* This takes up to 20ms usually (on worn out devices
537 	   up to the 0.5s range), so wait in 1ms steps. */
538 	return spi_write_cmd(flash, 0xdb, false, addr, NULL, 0, 1 * 1000);
539 }
540 
541 /* Sector size is usually 4k, though Macronix eliteflash has 64k */
spi_block_erase_20(struct flashctx * flash,unsigned int addr,unsigned int blocklen)542 int spi_block_erase_20(struct flashctx *flash, unsigned int addr,
543 		       unsigned int blocklen)
544 {
545 	/* This usually takes 15-800ms, so wait in 10ms steps. */
546 	return spi_write_cmd(flash, JEDEC_SE, false, addr, NULL, 0, 10 * 1000);
547 }
548 
spi_block_erase_50(struct flashctx * flash,unsigned int addr,unsigned int blocklen)549 int spi_block_erase_50(struct flashctx *flash, unsigned int addr, unsigned int blocklen)
550 {
551 	/* This usually takes 10ms, so wait in 1ms steps. */
552 	return spi_write_cmd(flash, JEDEC_BE_50, false, addr, NULL, 0, 1 * 1000);
553 }
554 
spi_block_erase_81(struct flashctx * flash,unsigned int addr,unsigned int blocklen)555 int spi_block_erase_81(struct flashctx *flash, unsigned int addr, unsigned int blocklen)
556 {
557 	/* This usually takes 8ms, so wait in 1ms steps. */
558 	return spi_write_cmd(flash, JEDEC_BE_81, false, addr, NULL, 0, 1 * 1000);
559 }
560 
spi_block_erase_60(struct flashctx * flash,unsigned int addr,unsigned int blocklen)561 int spi_block_erase_60(struct flashctx *flash, unsigned int addr,
562 		       unsigned int blocklen)
563 {
564 	if ((addr != 0) || (blocklen != flash->chip->total_size * 1024)) {
565 		msg_cerr("%s called with incorrect arguments\n",
566 			__func__);
567 		return -1;
568 	}
569 	return spi_chip_erase_60(flash);
570 }
571 
spi_block_erase_62(struct flashctx * flash,unsigned int addr,unsigned int blocklen)572 int spi_block_erase_62(struct flashctx *flash, unsigned int addr, unsigned int blocklen)
573 {
574 	if ((addr != 0) || (blocklen != flash->chip->total_size * 1024)) {
575 		msg_cerr("%s called with incorrect arguments\n",
576 			__func__);
577 		return -1;
578 	}
579 	return spi_chip_erase_62(flash);
580 }
581 
spi_block_erase_c7(struct flashctx * flash,unsigned int addr,unsigned int blocklen)582 int spi_block_erase_c7(struct flashctx *flash, unsigned int addr,
583 		       unsigned int blocklen)
584 {
585 	if ((addr != 0) || (blocklen != flash->chip->total_size * 1024)) {
586 		msg_cerr("%s called with incorrect arguments\n",
587 			__func__);
588 		return -1;
589 	}
590 	return spi_chip_erase_c7(flash);
591 }
592 
593 /* Erase 4 KB of flash with 4-bytes address from ANY mode (3-bytes or 4-bytes) */
spi_block_erase_21(struct flashctx * flash,unsigned int addr,unsigned int blocklen)594 int spi_block_erase_21(struct flashctx *flash, unsigned int addr, unsigned int blocklen)
595 {
596 	/* This usually takes 15-800ms, so wait in 10ms steps. */
597 	return spi_write_cmd(flash, 0x21, true, addr, NULL, 0, 10 * 1000);
598 }
599 
600 /* Erase 32 KB of flash with 4-bytes address from ANY mode (3-bytes or 4-bytes) */
spi_block_erase_53(struct flashctx * flash,unsigned int addr,unsigned int blocklen)601 int spi_block_erase_53(struct flashctx *flash, unsigned int addr, unsigned int blocklen)
602 {
603 	/* This usually takes 100-4000ms, so wait in 100ms steps. */
604 	return spi_write_cmd(flash, 0x53, true, addr, NULL, 0, 100 * 1000);
605 }
606 
607 /* Erase 32 KB of flash with 4-bytes address from ANY mode (3-bytes or 4-bytes) */
spi_block_erase_5c(struct flashctx * flash,unsigned int addr,unsigned int blocklen)608 int spi_block_erase_5c(struct flashctx *flash, unsigned int addr, unsigned int blocklen)
609 {
610 	/* This usually takes 100-4000ms, so wait in 100ms steps. */
611 	return spi_write_cmd(flash, 0x5c, true, addr, NULL, 0, 100 * 1000);
612 }
613 
614 /* Erase 64 KB of flash with 4-bytes address from ANY mode (3-bytes or 4-bytes) */
spi_block_erase_dc(struct flashctx * flash,unsigned int addr,unsigned int blocklen)615 int spi_block_erase_dc(struct flashctx *flash, unsigned int addr, unsigned int blocklen)
616 {
617 	/* This usually takes 100-4000ms, so wait in 100ms steps. */
618 	return spi_write_cmd(flash, 0xdc, true, addr, NULL, 0, 100 * 1000);
619 }
620 
621 static const struct {
622 	enum block_erase_func func;
623 	uint8_t opcode;
624 } spi25_function_opcode_list[] = {
625 	{SPI_BLOCK_ERASE_20, 0x20},
626 	{SPI_BLOCK_ERASE_21, 0x21},
627 	{SPI_BLOCK_ERASE_50, 0x50},
628 	{SPI_BLOCK_ERASE_52, 0x52},
629 	{SPI_BLOCK_ERASE_53, 0x53},
630 	{SPI_BLOCK_ERASE_5C, 0x5c},
631 	{SPI_BLOCK_ERASE_60, 0x60},
632 	{SPI_BLOCK_ERASE_62, 0x62},
633 	{SPI_BLOCK_ERASE_81, 0x81},
634 	{SPI_BLOCK_ERASE_C4, 0xc4},
635 	{SPI_BLOCK_ERASE_C7, 0xc7},
636 	{SPI_BLOCK_ERASE_D7, 0xd7},
637 	{SPI_BLOCK_ERASE_D8, 0xd8},
638 	{SPI_BLOCK_ERASE_DB, 0xdb},
639 	{SPI_BLOCK_ERASE_DC, 0xdc},
640 };
641 
spi25_get_erasefn_from_opcode(uint8_t opcode)642 enum block_erase_func spi25_get_erasefn_from_opcode(uint8_t opcode)
643 {
644 	size_t i;
645 	for (i = 0; i < ARRAY_SIZE(spi25_function_opcode_list); i++) {
646 		if (spi25_function_opcode_list[i].opcode == opcode)
647 			return spi25_function_opcode_list[i].func;
648 	}
649 	msg_cinfo("%s: unknown erase opcode (0x%02x). Please report "
650 			  "this at flashrom@flashrom.org\n", __func__, opcode);
651 	return NO_BLOCK_ERASE_FUNC;
652 }
653 
spi_nbyte_program(struct flashctx * flash,unsigned int addr,const uint8_t * bytes,unsigned int len)654 static int spi_nbyte_program(struct flashctx *flash, unsigned int addr, const uint8_t *bytes, unsigned int len)
655 {
656 	const bool native_4ba = flash->chip->feature_bits & FEATURE_4BA_WRITE && spi_master_4ba(flash);
657 	const uint8_t op = native_4ba ? JEDEC_BYTE_PROGRAM_4BA : JEDEC_BYTE_PROGRAM;
658 	return spi_write_cmd(flash, op, native_4ba, addr, bytes, len, 10);
659 }
660 
spi_nbyte_read(struct flashctx * flash,unsigned int address,uint8_t * bytes,unsigned int len)661 int spi_nbyte_read(struct flashctx *flash, unsigned int address, uint8_t *bytes,
662 		   unsigned int len)
663 {
664 	const bool native_4ba = flash->chip->feature_bits & FEATURE_4BA_READ && spi_master_4ba(flash);
665 	uint8_t cmd[1 + JEDEC_MAX_ADDR_LEN] = { native_4ba ? JEDEC_READ_4BA : JEDEC_READ, };
666 
667 	const int addr_len = spi_prepare_address(flash, cmd, native_4ba, address);
668 	if (addr_len < 0)
669 		return 1;
670 
671 	/* Send Read */
672 	return spi_send_command(flash, 1 + addr_len, len, cmd, bytes);
673 }
674 
675 /*
676  * Read a part of the flash chip.
677  * Data is read in chunks with a maximum size of chunksize.
678  */
spi_read_chunked(struct flashctx * flash,uint8_t * buf,unsigned int start,unsigned int len,unsigned int chunksize)679 int spi_read_chunked(struct flashctx *flash, uint8_t *buf, unsigned int start,
680 		     unsigned int len, unsigned int chunksize)
681 {
682 	int ret;
683 	size_t to_read;
684 	size_t start_address = start;
685 	size_t end_address = len - start;
686 	for (; len; len -= to_read, buf += to_read, start += to_read) {
687 		to_read = min(chunksize, len);
688 		ret = spi_nbyte_read(flash, start, buf, to_read);
689 		if (ret)
690 			return ret;
691 		update_progress(flash, FLASHROM_PROGRESS_READ, start - start_address + to_read, end_address);
692 	}
693 	return 0;
694 }
695 
696 /*
697  * Write a part of the flash chip.
698  * FIXME: Use the chunk code from Michael Karcher instead.
699  * Each page is written separately in chunks with a maximum size of chunksize.
700  */
spi_write_chunked(struct flashctx * flash,const uint8_t * buf,unsigned int start,unsigned int len,unsigned int chunksize)701 int spi_write_chunked(struct flashctx *flash, const uint8_t *buf, unsigned int start,
702 		      unsigned int len, unsigned int chunksize)
703 {
704 	unsigned int i, j, starthere, lenhere, towrite;
705 	/* FIXME: page_size is the wrong variable. We need max_writechunk_size
706 	 * in struct flashctx to do this properly. All chips using
707 	 * spi_chip_write_256 have page_size set to max_writechunk_size, so
708 	 * we're OK for now.
709 	 */
710 	unsigned int page_size = flash->chip->page_size;
711 	size_t start_address = start;
712 	size_t end_address = len - start;
713 
714 	/* Warning: This loop has a very unusual condition and body.
715 	 * The loop needs to go through each page with at least one affected
716 	 * byte. The lowest page number is (start / page_size) since that
717 	 * division rounds down. The highest page number we want is the page
718 	 * where the last byte of the range lives. That last byte has the
719 	 * address (start + len - 1), thus the highest page number is
720 	 * (start + len - 1) / page_size. Since we want to include that last
721 	 * page as well, the loop condition uses <=.
722 	 */
723 	for (i = start / page_size; i <= (start + len - 1) / page_size; i++) {
724 		/* Byte position of the first byte in the range in this page. */
725 		/* starthere is an offset to the base address of the chip. */
726 		starthere = max(start, i * page_size);
727 		/* Length of bytes in the range in this page. */
728 		lenhere = min(start + len, (i + 1) * page_size) - starthere;
729 		for (j = 0; j < lenhere; j += chunksize) {
730 			int rc;
731 
732 			towrite = min(chunksize, lenhere - j);
733 			rc = spi_nbyte_program(flash, starthere + j, buf + starthere - start + j, towrite);
734 			if (rc)
735 				return rc;
736 		}
737 		update_progress(flash, FLASHROM_PROGRESS_WRITE, start - start_address + lenhere, end_address);
738 	}
739 
740 	return 0;
741 }
742 
743 /*
744  * Program chip using byte programming. (SLOW!)
745  * This is for chips which can only handle one byte writes
746  * and for chips where memory mapped programming is impossible
747  * (e.g. due to size constraints in IT87* for over 512 kB)
748  */
749 /* real chunksize is 1, logical chunksize is 1 */
spi_chip_write_1(struct flashctx * flash,const uint8_t * buf,unsigned int start,unsigned int len)750 int spi_chip_write_1(struct flashctx *flash, const uint8_t *buf, unsigned int start, unsigned int len)
751 {
752 	unsigned int i;
753 
754 	for (i = start; i < start + len; i++) {
755 		if (spi_nbyte_program(flash, i, buf + i - start, 1))
756 			return 1;
757 		update_progress(flash, FLASHROM_PROGRESS_WRITE, i - start, len - start);
758 	}
759 	return 0;
760 }
761 
default_spi_write_aai(struct flashctx * flash,const uint8_t * buf,unsigned int start,unsigned int len)762 int default_spi_write_aai(struct flashctx *flash, const uint8_t *buf, unsigned int start, unsigned int len)
763 {
764 	uint32_t pos = start;
765 	int result;
766 	unsigned char cmd[JEDEC_AAI_WORD_PROGRAM_CONT_OUTSIZE] = {
767 		JEDEC_AAI_WORD_PROGRAM,
768 	};
769 
770 	/* The even start address and even length requirements can be either
771 	 * honored outside this function, or we can call spi_byte_program
772 	 * for the first and/or last byte and use AAI for the rest.
773 	 * FIXME: Move this to generic code.
774 	 */
775 	/* The data sheet requires a start address with the low bit cleared. */
776 	if (start % 2) {
777 		msg_cerr("%s: start address not even! Please report a bug at "
778 			 "flashrom@flashrom.org\n", __func__);
779 		if (spi_chip_write_1(flash, buf, start, start % 2))
780 			return SPI_GENERIC_ERROR;
781 		pos += start % 2;
782 		/* Do not return an error for now. */
783 		//return SPI_GENERIC_ERROR;
784 	}
785 	/* The data sheet requires total AAI write length to be even. */
786 	if (len % 2) {
787 		msg_cerr("%s: total write length not even! Please report a "
788 			 "bug at flashrom@flashrom.org\n", __func__);
789 		/* Do not return an error for now. */
790 		//return SPI_GENERIC_ERROR;
791 	}
792 
793 	result = spi_write_cmd(flash, JEDEC_AAI_WORD_PROGRAM, false, start, buf + pos - start, 2, 10);
794 	if (result)
795 		goto bailout;
796 
797 	/* We already wrote 2 bytes in the multicommand step. */
798 	pos += 2;
799 
800 	/* Are there at least two more bytes to write? */
801 	while (pos < start + len - 1) {
802 		cmd[1] = buf[pos++ - start];
803 		cmd[2] = buf[pos++ - start];
804 		result = spi_send_command(flash, JEDEC_AAI_WORD_PROGRAM_CONT_OUTSIZE, 0, cmd, NULL);
805 		if (result != 0) {
806 			msg_cerr("%s failed during followup AAI command execution: %d\n", __func__, result);
807 			goto bailout;
808 		}
809 		if (spi_poll_wip(flash, 10))
810 			goto bailout;
811 	}
812 
813 	/* Use WRDI to exit AAI mode. This needs to be done before issuing any other non-AAI command. */
814 	result = spi_write_disable(flash);
815 	if (result != 0) {
816 		msg_cerr("%s failed to disable AAI mode.\n", __func__);
817 		return SPI_GENERIC_ERROR;
818 	}
819 
820 	/* Write remaining byte (if any). */
821 	if (pos < start + len) {
822 		if (spi_chip_write_1(flash, buf + pos - start, pos, pos % 2))
823 			return SPI_GENERIC_ERROR;
824 	}
825 
826 	return 0;
827 
828 bailout:
829 	result = spi_write_disable(flash);
830 	if (result != 0)
831 		msg_cerr("%s failed to disable AAI mode.\n", __func__);
832 	return SPI_GENERIC_ERROR;
833 }
834 
spi_enter_exit_4ba(struct flashctx * const flash,const bool enter)835 static int spi_enter_exit_4ba(struct flashctx *const flash, const bool enter)
836 {
837 	const unsigned char cmd = enter ? JEDEC_ENTER_4_BYTE_ADDR_MODE : JEDEC_EXIT_4_BYTE_ADDR_MODE;
838 	int ret = 1;
839 
840 	if (flash->chip->feature_bits & FEATURE_4BA_ENTER)
841 		ret = spi_send_command(flash, sizeof(cmd), 0, &cmd, NULL);
842 	else if (flash->chip->feature_bits & FEATURE_4BA_ENTER_WREN)
843 		ret = spi_simple_write_cmd(flash, cmd, 0);
844 	else if (flash->chip->feature_bits & FEATURE_4BA_ENTER_EAR7)
845 		ret = spi_set_extended_address(flash, enter ? 0x80 : 0x00);
846 
847 	if (!ret)
848 		flash->in_4ba_mode = enter;
849 	return ret;
850 }
851 
spi_enter_4ba(struct flashctx * const flash)852 int spi_enter_4ba(struct flashctx *const flash)
853 {
854 	return spi_enter_exit_4ba(flash, true);
855 }
856 
spi_exit_4ba(struct flashctx * flash)857 int spi_exit_4ba(struct flashctx *flash)
858 {
859 	return spi_enter_exit_4ba(flash, false);
860 }
861