1 /* 2 * Nordic Semiconductor nRF51 non-volatile memory 3 * 4 * It provides an interface to erase regions in flash memory. 5 * Furthermore it provides the user and factory information registers. 6 * 7 * Reference Manual: http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.pdf 8 * 9 * See nRF51 reference manual and product sheet sections: 10 * + Non-Volatile Memory Controller (NVMC) 11 * + Factory Information Configuration Registers (FICR) 12 * + User Information Configuration Registers (UICR) 13 * 14 * Copyright 2018 Steffen Görtz <contrib@steffen-goertz.de> 15 * 16 * This code is licensed under the GPL version 2 or later. See 17 * the COPYING file in the top-level directory. 18 */ 19 20 #include "qemu/osdep.h" 21 #include "qapi/error.h" 22 #include "qemu/log.h" 23 #include "qemu/module.h" 24 #include "exec/address-spaces.h" 25 #include "hw/arm/nrf51.h" 26 #include "hw/nvram/nrf51_nvm.h" 27 #include "hw/qdev-properties.h" 28 #include "migration/vmstate.h" 29 30 /* 31 * FICR Registers Assignments 32 * CODEPAGESIZE 0x010 33 * CODESIZE 0x014 34 * CLENR0 0x028 35 * PPFC 0x02C 36 * NUMRAMBLOCK 0x034 37 * SIZERAMBLOCKS 0x038 38 * SIZERAMBLOCK[0] 0x038 39 * SIZERAMBLOCK[1] 0x03C 40 * SIZERAMBLOCK[2] 0x040 41 * SIZERAMBLOCK[3] 0x044 42 * CONFIGID 0x05C 43 * DEVICEID[0] 0x060 44 * DEVICEID[1] 0x064 45 * ER[0] 0x080 46 * ER[1] 0x084 47 * ER[2] 0x088 48 * ER[3] 0x08C 49 * IR[0] 0x090 50 * IR[1] 0x094 51 * IR[2] 0x098 52 * IR[3] 0x09C 53 * DEVICEADDRTYPE 0x0A0 54 * DEVICEADDR[0] 0x0A4 55 * DEVICEADDR[1] 0x0A8 56 * OVERRIDEEN 0x0AC 57 * NRF_1MBIT[0] 0x0B0 58 * NRF_1MBIT[1] 0x0B4 59 * NRF_1MBIT[2] 0x0B8 60 * NRF_1MBIT[3] 0x0BC 61 * NRF_1MBIT[4] 0x0C0 62 * BLE_1MBIT[0] 0x0EC 63 * BLE_1MBIT[1] 0x0F0 64 * BLE_1MBIT[2] 0x0F4 65 * BLE_1MBIT[3] 0x0F8 66 * BLE_1MBIT[4] 0x0FC 67 */ 68 static const uint32_t ficr_content[64] = { 69 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000400, 70 0x00000100, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002, 0x00002000, 71 0x00002000, 0x00002000, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 72 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 73 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003, 74 0x12345678, 0x9ABCDEF1, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 75 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 76 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 77 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 78 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 79 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 80 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 81 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF 82 }; 83 84 static uint64_t ficr_read(void *opaque, hwaddr offset, unsigned int size) 85 { 86 assert(offset < sizeof(ficr_content)); 87 return ficr_content[offset / 4]; 88 } 89 90 static void ficr_write(void *opaque, hwaddr offset, uint64_t value, 91 unsigned int size) 92 { 93 /* Intentionally do nothing */ 94 } 95 96 static const MemoryRegionOps ficr_ops = { 97 .read = ficr_read, 98 .write = ficr_write, 99 .impl.min_access_size = 4, 100 .impl.max_access_size = 4, 101 .endianness = DEVICE_LITTLE_ENDIAN 102 }; 103 104 /* 105 * UICR Registers Assignments 106 * CLENR0 0x000 107 * RBPCONF 0x004 108 * XTALFREQ 0x008 109 * FWID 0x010 110 * BOOTLOADERADDR 0x014 111 * NRFFW[0] 0x014 112 * NRFFW[1] 0x018 113 * NRFFW[2] 0x01C 114 * NRFFW[3] 0x020 115 * NRFFW[4] 0x024 116 * NRFFW[5] 0x028 117 * NRFFW[6] 0x02C 118 * NRFFW[7] 0x030 119 * NRFFW[8] 0x034 120 * NRFFW[9] 0x038 121 * NRFFW[10] 0x03C 122 * NRFFW[11] 0x040 123 * NRFFW[12] 0x044 124 * NRFFW[13] 0x048 125 * NRFFW[14] 0x04C 126 * NRFHW[0] 0x050 127 * NRFHW[1] 0x054 128 * NRFHW[2] 0x058 129 * NRFHW[3] 0x05C 130 * NRFHW[4] 0x060 131 * NRFHW[5] 0x064 132 * NRFHW[6] 0x068 133 * NRFHW[7] 0x06C 134 * NRFHW[8] 0x070 135 * NRFHW[9] 0x074 136 * NRFHW[10] 0x078 137 * NRFHW[11] 0x07C 138 * CUSTOMER[0] 0x080 139 * CUSTOMER[1] 0x084 140 * CUSTOMER[2] 0x088 141 * CUSTOMER[3] 0x08C 142 * CUSTOMER[4] 0x090 143 * CUSTOMER[5] 0x094 144 * CUSTOMER[6] 0x098 145 * CUSTOMER[7] 0x09C 146 * CUSTOMER[8] 0x0A0 147 * CUSTOMER[9] 0x0A4 148 * CUSTOMER[10] 0x0A8 149 * CUSTOMER[11] 0x0AC 150 * CUSTOMER[12] 0x0B0 151 * CUSTOMER[13] 0x0B4 152 * CUSTOMER[14] 0x0B8 153 * CUSTOMER[15] 0x0BC 154 * CUSTOMER[16] 0x0C0 155 * CUSTOMER[17] 0x0C4 156 * CUSTOMER[18] 0x0C8 157 * CUSTOMER[19] 0x0CC 158 * CUSTOMER[20] 0x0D0 159 * CUSTOMER[21] 0x0D4 160 * CUSTOMER[22] 0x0D8 161 * CUSTOMER[23] 0x0DC 162 * CUSTOMER[24] 0x0E0 163 * CUSTOMER[25] 0x0E4 164 * CUSTOMER[26] 0x0E8 165 * CUSTOMER[27] 0x0EC 166 * CUSTOMER[28] 0x0F0 167 * CUSTOMER[29] 0x0F4 168 * CUSTOMER[30] 0x0F8 169 * CUSTOMER[31] 0x0FC 170 */ 171 172 static uint64_t uicr_read(void *opaque, hwaddr offset, unsigned int size) 173 { 174 NRF51NVMState *s = NRF51_NVM(opaque); 175 176 assert(offset < sizeof(s->uicr_content)); 177 return s->uicr_content[offset / 4]; 178 } 179 180 static void uicr_write(void *opaque, hwaddr offset, uint64_t value, 181 unsigned int size) 182 { 183 NRF51NVMState *s = NRF51_NVM(opaque); 184 185 assert(offset < sizeof(s->uicr_content)); 186 s->uicr_content[offset / 4] = value; 187 } 188 189 static const MemoryRegionOps uicr_ops = { 190 .read = uicr_read, 191 .write = uicr_write, 192 .impl.min_access_size = 4, 193 .impl.max_access_size = 4, 194 .endianness = DEVICE_LITTLE_ENDIAN 195 }; 196 197 198 static uint64_t io_read(void *opaque, hwaddr offset, unsigned int size) 199 { 200 NRF51NVMState *s = NRF51_NVM(opaque); 201 uint64_t r = 0; 202 203 switch (offset) { 204 case NRF51_NVMC_READY: 205 r = NRF51_NVMC_READY_READY; 206 break; 207 case NRF51_NVMC_CONFIG: 208 r = s->config; 209 break; 210 default: 211 qemu_log_mask(LOG_GUEST_ERROR, 212 "%s: bad read offset 0x%" HWADDR_PRIx "\n", __func__, offset); 213 break; 214 } 215 216 return r; 217 } 218 219 static void io_write(void *opaque, hwaddr offset, uint64_t value, 220 unsigned int size) 221 { 222 NRF51NVMState *s = NRF51_NVM(opaque); 223 224 switch (offset) { 225 case NRF51_NVMC_CONFIG: 226 s->config = value & NRF51_NVMC_CONFIG_MASK; 227 break; 228 case NRF51_NVMC_ERASEPCR0: 229 case NRF51_NVMC_ERASEPCR1: 230 if (s->config & NRF51_NVMC_CONFIG_EEN) { 231 /* Mask in-page sub address */ 232 value &= ~(NRF51_PAGE_SIZE - 1); 233 if (value <= (s->flash_size - NRF51_PAGE_SIZE)) { 234 memset(s->storage + value, 0xFF, NRF51_PAGE_SIZE); 235 memory_region_flush_rom_device(&s->flash, value, 236 NRF51_PAGE_SIZE); 237 } 238 } else { 239 qemu_log_mask(LOG_GUEST_ERROR, 240 "%s: Flash erase at 0x%" HWADDR_PRIx" while flash not erasable.\n", 241 __func__, offset); 242 } 243 break; 244 case NRF51_NVMC_ERASEALL: 245 if (value == NRF51_NVMC_ERASE) { 246 if (s->config & NRF51_NVMC_CONFIG_EEN) { 247 memset(s->storage, 0xFF, s->flash_size); 248 memory_region_flush_rom_device(&s->flash, 0, s->flash_size); 249 memset(s->uicr_content, 0xFF, sizeof(s->uicr_content)); 250 } else { 251 qemu_log_mask(LOG_GUEST_ERROR, "%s: Flash not erasable.\n", 252 __func__); 253 } 254 } 255 break; 256 case NRF51_NVMC_ERASEUICR: 257 if (value == NRF51_NVMC_ERASE) { 258 memset(s->uicr_content, 0xFF, sizeof(s->uicr_content)); 259 } 260 break; 261 262 default: 263 qemu_log_mask(LOG_GUEST_ERROR, 264 "%s: bad write offset 0x%" HWADDR_PRIx "\n", __func__, offset); 265 } 266 } 267 268 static const MemoryRegionOps io_ops = { 269 .read = io_read, 270 .write = io_write, 271 .impl.min_access_size = 4, 272 .impl.max_access_size = 4, 273 .endianness = DEVICE_LITTLE_ENDIAN, 274 }; 275 276 static uint64_t flash_read(void *opaque, hwaddr offset, unsigned size) 277 { 278 /* 279 * This is a rom_device MemoryRegion which is always in 280 * romd_mode (we never put it in MMIO mode), so reads always 281 * go directly to RAM and never come here. 282 */ 283 g_assert_not_reached(); 284 } 285 286 static void flash_write(void *opaque, hwaddr offset, uint64_t value, 287 unsigned int size) 288 { 289 NRF51NVMState *s = NRF51_NVM(opaque); 290 291 if (s->config & NRF51_NVMC_CONFIG_WEN) { 292 uint32_t oldval; 293 294 assert(offset + size <= s->flash_size); 295 296 /* NOR Flash only allows bits to be flipped from 1's to 0's on write */ 297 oldval = ldl_le_p(s->storage + offset); 298 oldval &= value; 299 stl_le_p(s->storage + offset, oldval); 300 301 memory_region_flush_rom_device(&s->flash, offset, size); 302 } else { 303 qemu_log_mask(LOG_GUEST_ERROR, 304 "%s: Flash write 0x%" HWADDR_PRIx" while flash not writable.\n", 305 __func__, offset); 306 } 307 } 308 309 310 311 static const MemoryRegionOps flash_ops = { 312 .read = flash_read, 313 .write = flash_write, 314 .valid.min_access_size = 4, 315 .valid.max_access_size = 4, 316 .endianness = DEVICE_LITTLE_ENDIAN, 317 }; 318 319 static void nrf51_nvm_init(Object *obj) 320 { 321 NRF51NVMState *s = NRF51_NVM(obj); 322 SysBusDevice *sbd = SYS_BUS_DEVICE(obj); 323 324 memory_region_init_io(&s->mmio, obj, &io_ops, s, "nrf51_soc.nvmc", 325 NRF51_NVMC_SIZE); 326 sysbus_init_mmio(sbd, &s->mmio); 327 328 memory_region_init_io(&s->ficr, obj, &ficr_ops, s, "nrf51_soc.ficr", 329 sizeof(ficr_content)); 330 sysbus_init_mmio(sbd, &s->ficr); 331 332 memory_region_init_io(&s->uicr, obj, &uicr_ops, s, "nrf51_soc.uicr", 333 sizeof(s->uicr_content)); 334 sysbus_init_mmio(sbd, &s->uicr); 335 } 336 337 static void nrf51_nvm_realize(DeviceState *dev, Error **errp) 338 { 339 NRF51NVMState *s = NRF51_NVM(dev); 340 Error *err = NULL; 341 342 memory_region_init_rom_device(&s->flash, OBJECT(dev), &flash_ops, s, 343 "nrf51_soc.flash", s->flash_size, &err); 344 if (err) { 345 error_propagate(errp, err); 346 return; 347 } 348 349 s->storage = memory_region_get_ram_ptr(&s->flash); 350 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &s->flash); 351 } 352 353 static void nrf51_nvm_reset(DeviceState *dev) 354 { 355 NRF51NVMState *s = NRF51_NVM(dev); 356 357 s->config = 0x00; 358 memset(s->uicr_content, 0xFF, sizeof(s->uicr_content)); 359 } 360 361 static Property nrf51_nvm_properties[] = { 362 DEFINE_PROP_UINT32("flash-size", NRF51NVMState, flash_size, 0x40000), 363 DEFINE_PROP_END_OF_LIST(), 364 }; 365 366 static const VMStateDescription vmstate_nvm = { 367 .name = "nrf51_soc.nvm", 368 .version_id = 1, 369 .minimum_version_id = 1, 370 .fields = (VMStateField[]) { 371 VMSTATE_UINT32_ARRAY(uicr_content, NRF51NVMState, 372 NRF51_UICR_FIXTURE_SIZE), 373 VMSTATE_UINT32(config, NRF51NVMState), 374 VMSTATE_END_OF_LIST() 375 } 376 }; 377 378 static void nrf51_nvm_class_init(ObjectClass *klass, void *data) 379 { 380 DeviceClass *dc = DEVICE_CLASS(klass); 381 382 device_class_set_props(dc, nrf51_nvm_properties); 383 dc->vmsd = &vmstate_nvm; 384 dc->realize = nrf51_nvm_realize; 385 dc->reset = nrf51_nvm_reset; 386 } 387 388 static const TypeInfo nrf51_nvm_info = { 389 .name = TYPE_NRF51_NVM, 390 .parent = TYPE_SYS_BUS_DEVICE, 391 .instance_size = sizeof(NRF51NVMState), 392 .instance_init = nrf51_nvm_init, 393 .class_init = nrf51_nvm_class_init 394 }; 395 396 static void nrf51_nvm_register_types(void) 397 { 398 type_register_static(&nrf51_nvm_info); 399 } 400 401 type_init(nrf51_nvm_register_types) 402