mira/rtl8710bx-re
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: wifi

Browse Source
This commit is contained in:
Mira
2024-12-07 06:13:57 +06:00
parent a724a940a6
commit 2cbed65f35
3 changed files with 513 additions and 277 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
docs/create_peripherals_ida.py Normal file
View File

@@ -0,0 +1,71 @@
from ida_segment import *
from ida_bytes import *
def create_peripheral_segment(start_addr, name, size):
seg = segment_t()
seg.start_ea = start_addr
seg.end_ea = start_addr + size
seg.bitness = 1 # 32-bit
seg.align = saRelByte
seg.comb = scPub
seg.perm = SEGPERM_READ | SEGPERM_WRITE
if add_segm_ex(seg, name, "PERIPHERAL", ADDSEG_OR_DIE):
getseg(start_addr).type = SEG_DATA
set_segment_cmt(getseg(start_addr), "Volatile peripheral registers", True)
return True
return False
def verify_no_overlaps(peripherals):
sorted_pairs = sorted(peripherals.items())
for i in range(len(sorted_pairs) - 1):
curr_addr, (curr_name, curr_size) = sorted_pairs[i]
next_addr, (next_name, _) = sorted_pairs[i + 1]
if curr_addr + curr_size > next_addr:
print(f"ERROR: Overlap between {curr_name} and {next_name}")
return False
return True
def main():
peripherals = {
0x40000000: ("SYSTEM_CTRL", 0x200),
0x40000200: ("PERI_ON", 0x80),
0x40000280: ("PINMUX_REG", 0xD80),
0x40001000: ("GPIO_REG", 0x1000),
0x40002000: ("TIMER_REG", 0x800),
0x40002800: ("VENDOR_REG", 0x800),
0x40003000: ("LOG_UART_REG", 0x400),
0x40003400: ("RTC", 0x800),
0x40003C00: ("SPIC_CACHE", 0x400),
0x40010000: ("ADC_REG", 0x1000),
0x40020000: ("SPI_FLASH_CTRL", 0x1000),
0x40040000: ("UART0_REG", 0x400),
0x40040400: ("UART1_REG", 0x400),
0x40042000: ("SPI0_REG", 0x400),
0x40042400: ("SPI1_REG", 0x400),
0x40044000: ("I2C0_REG", 0x400),
0x40044400: ("I2C1_REG", 0x400),
0x40050000: ("SDIO_DEVICE_REG", 0x1000),
0x40060000: ("GDMA0_REG", 0x1000),
0x40061000: ("GDMA1_REG", 0x1000),
0x40062000: ("I2S0_REG", 0x1000),
0x40070000: ("CRYPTO_REG", 0x1000),
0x40080000: ("WIFI_REG", 0x40000),
0x400C0000: ("SIE_REG", 0x2000),
0x400C2000: ("USOC_REG", 0x2000),
}
if not verify_no_overlaps(peripherals):
return
for addr, (name, size) in sorted(peripherals.items()):
if not create_peripheral_segment(addr, name, size):
print(f"Failed to create segment {name}")
if __name__ == "__main__":
main()

82
docs/wifi.md Normal file
View File

@@ -0,0 +1,82 @@
# ROM wifi funcs
todo:
- disasm the wifi binary
```mermaid
sequenceDiagram
participant Device
participant AP as Access Point
participant MAC as MAC Layer
participant PHY as PHY Layer
Note over Device,PHY: Initialization Phase
Device->>MAC: ROM_WIFI_InitMacClk
Device->>MAC: ROM_WIFI_Init32kClk
Device->>MAC: ROM_WIFI_InitLxDma
Device->>MAC: ROM_WIFI_INIT_MACADDR_SET
Device->>MAC: ROM_WIFI_InitNetworkType
Device->>MAC: ROM_WIFI_InitEDCA
Device->>PHY: ROM_WIFI_ENABLE_BB_RF
Note over Device,PHY: Connection Phase
Device->>AP: ROM_WIFI_Set_MLME_Sitesurvey
AP->>Device: Beacon Frames
Device->>MAC: ROM_WIFI_BCN_VALID
Device->>MAC: ROM_WIFI_CHECK_BSSID
Device->>MAC: ROM_WIFI_Set_MLME_JOIN
Device->>MAC: ROM_WIFI_BSSID_SET
Note over Device,PHY: Operation Phase
Device->>MAC: ROM_WIFI_Set_AC_Param
MAC->>Device: ROM_WIFI_CHECK_TXBUF
Device->>MAC: ROM_WIFI_SET_MAX_AGG_NUM
Note over Device,PHY: Security Setup
Device->>MAC: ROM_WIFI_SEC_CFG
Device->>MAC: ROM_WIFI_CAM_WRITE
Note over Device,PHY: Maintenance
Device->>MAC: ROM_WIFI_TSF_GetByPort
Device->>MAC: ROM_WIFI_IMR_UPDATE
Device->>MAC: ROM_WIFI_High_Queue_Empty_Check
```
1. init:
- sysclock init (`ROM_WIFI_InitMacClk`, `ROM_WIFI_Init32kClk`)
- DMA setup (`ROM_WIFI_InitLxDma`)
- MAC address config (`ROM_WIFI_INIT_MACADDR_SET`)
- Network type setup (`ROM_WIFI_InitNetworkType`)
- EDCA params for QoS (`ROM_WIFI_InitEDCA`)
- RF/Baseband enable (`ROM_WIFI_ENABLE_BB_RF`)
2. connect:
- site survey to find networks (`ROM_WIFI_Set_MLME_Sitesurvey`)
- beacon validation (`ROM_WIFI_BCN_VALID`)
- BSSID checking (`ROM_WIFI_CHECK_BSSID`)
- join request (`ROM_WIFI_Set_MLME_JOIN`)
- BSSID setting (`ROM_WIFI_BSSID_SET`)
3. config:
- AC (Access Category) param (`ROM_WIFI_Set_AC_Param`)
- Buffer management? (`ROM_WIFI_CHECK_TXBUF`)
- Aggregation configuration (`ROM_WIFI_SET_MAX_AGG_NUM`)
4. security:
- Security configuration (`ROM_WIFI_SEC_CFG`)
- CAM (Content Addressable Memory) (`ROM_WIFI_CAM_WRITE`)
5. maintain:
- TSF (Timing Synchronization Function) (`ROM_WIFI_TSF_GetByPort`)
- Interrupt mask updates (`ROM_WIFI_IMR_UPDATE`)
- Queue monitoring (`ROM_WIFI_High_Queue_Empty_Check`)
- MU-EDCA (Multi-User EDCA) `ROM_WIFI_AX_MUEDCA_Para`
- BSS Coloring `ROM_WIFI_AX_BSS_COLOR_SET`
- OFDMA (Orthogonal Frequency Division Multiple Access)

637
include/rtl8710bx.h
View File

@@ -81,121 +81,7 @@ typedef enum IRQn {
/* Device Specific Peripheral Section */
/* AMEBAZ_UART */
typedef struct {
__IO uint32_t DLL; /* Divisor Latch (unused in Amebaz) */
__IO uint32_t DLH_INTCR; /* Interrupt Enable */
__IO uint32_t INTID; /* Interrupt Identification */
__IO uint32_t LCR; /* Line Control */
__IO uint32_t MCR; /* Modem Control */
__I uint32_t LSR; /* Line Status */
__I uint32_t MDSR; /* Modem Status */
__IO uint32_t SPR; /* Scratch Pad */
__IO uint32_t STSR; /* STS Register */
__IO uint32_t RB_THR; /* Receive Buffer/Transmit Holding */
__IO uint32_t MISCR; /* Misc Control */
__IO uint32_t TXPLSR; /* IrDA TX Pulse Width Control */
__IO uint32_t RXPLSR; /* IrDA RX Pulse Width Control */
__IO uint32_t BAUDMONR; /* Baud Monitor */
__IO uint32_t RSVD2; /* Reserved */
__IO uint32_t DBG_UART; /* Debug */
/* Power save features */
__IO uint32_t RX_PATH; /* RX Path Control */
__IO uint32_t MON_BAUD_CTRL; /* Monitor Baud Rate Control */
__IO uint32_t MON_BAUD_STS; /* Monitor Baud Rate Status */
__IO uint32_t MON_CYC_NUM; /* Monitor Cycle Number */
__IO uint32_t RX_BYTE_CNT; /* RX Byte Counter */
__IO uint32_t FCR; /* FIFO Control */
} UART_TypeDef;
/** @} */
/* AMEBAZ_SPI */
typedef struct {
__IO uint32_t CTRLR0; /* Control register 0 */
__IO uint32_t CTRLR1; /* Control register 1 */
__IO uint32_t SSIENR; /* SSI enable */
__IO uint32_t MWCR; /* Microwire control */
__IO uint32_t SER; /* Slave enable */
__IO uint32_t BAUDR; /* Baud rate select */
__IO uint32_t TXFTLR; /* TX FIFO threshold level */
__IO uint32_t RXFTLR; /* RX FIFO threshold level */
__I uint32_t TXFLR; /* TX FIFO level */
__I uint32_t RXFLR; /* RX FIFO level */
__I uint32_t SR; /* Status */
__IO uint32_t IMR; /* Interrupt mask */
__I uint32_t ISR; /* Interrupt status */
__I uint32_t RISR; /* Raw interrupt status */
__I uint32_t TXOICR; /* TX FIFO overflow interrupt clear */
__I uint32_t RXOICR; /* RX FIFO overflow interrupt clear */
__I uint32_t RXUICR; /* RX FIFO underflow interrupt clear */
__I uint32_t MSTICR; /* Multi-master interrupt clear */
__I uint32_t ICR; /* Interrupt clear */
__IO uint32_t DMACR; /* DMA control */
__IO uint32_t DMATDLR; /* DMA TX data level */
__IO uint32_t DMARDLR; /* DMA RX data level */
__I uint32_t IDR; /* Identification */
__I uint32_t SSI_COMP_VERSION; /* CoreKit version ID */
__IO uint32_t DR[36]; /* Data register array */
__IO uint32_t RX_SAMPLE_DLY; /* RX sample delay */
} SPI_TypeDef;
/** @} */
/* AMEBAZ_SPIC */
typedef struct {
__IO uint32_t ctrlr0; /* Control register 0 */
__IO uint32_t ctrlr1; /* Control register 1 */
__IO uint32_t ssienr; /* SPI enable */
__IO uint32_t mwcr; /* Reserved */
__IO uint32_t ser; /* Slave enable */
__IO uint32_t baudr; /* Baudrate select */
__IO uint32_t txftlr; /* TX FIFO threshold level */
__IO uint32_t rxftlr; /* RX FIFO threshold level */
__IO uint32_t txflr; /* TX FIFO level */
__IO uint32_t rxflr; /* RX FIFO level */
__IO uint32_t sr; /* Status register */
__IO uint32_t imr; /* Interrupt mask */
__IO uint32_t isr; /* Interrupt status */
__IO uint32_t risr; /* Raw interrupt status */
__IO uint32_t txoicr; /* TX FIFO overflow interrupt clear */
__IO uint32_t rxoicr; /* RX FIFO overflow interrupt clear */
__IO uint32_t rxuicr; /* RX FIFO underflow interrupt clear */
__IO uint32_t msticr; /* Master error interrupt clear */
__IO uint32_t icr; /* Interrupt clear */
__IO uint32_t dmacr; /* Reserved */
__IO uint32_t dmatdlr; /* Reserved */
__IO uint32_t dmardlr; /* Reserved */
__IO uint32_t idr; /* Identification register */
__IO uint32_t spi_flash_version; /* Version ID */
union {
__IO uint8_t byte;
__IO uint16_t half;
__IO uint32_t word;
} dr[32]; /* Data register array */
__IO uint32_t rd_fast_single; /* Flash fast read command */
__IO uint32_t rd_dual_o; /* Flash dual output read */
__IO uint32_t rd_dual_io; /* Flash dual I/O read */
__IO uint32_t rd_quad_o; /* Flash quad output read */
__IO uint32_t rd_quad_io; /* Flash quad I/O read */
__IO uint32_t wr_single; /* Flash page program */
__IO uint32_t wr_dual_i; /* Flash dual input program */
__IO uint32_t wr_dual_ii; /* Flash dual addr/data program */
__IO uint32_t wr_quad_i; /* Flash quad input program */
__IO uint32_t wr_quad_ii; /* Flash quad addr/data program */
__IO uint32_t wr_enable; /* Flash write enable */
__IO uint32_t rd_status; /* Flash read status */
__IO uint32_t ctrlr2; /* Control register 2 */
__IO uint32_t fbaudr; /* Fast baudrate select */
__IO uint32_t addr_length; /* Address length */
__IO uint32_t auto_length; /* Auto address length */
__IO uint32_t valid_cmd; /* Valid command */
__IO uint32_t flash_size; /* Flash size */
__IO uint32_t flush_fifo; /* Flush FIFO */
} SPIC_TypeDef;
/* AMEBAZ_ADC */
/* Analog to Digital Converter */
typedef struct {
__IO uint32_t FIFO_READ; /* FIFO read register for channels 0-3 */
__IO uint32_t CONTROL; /* Main ADC control register */
@@ -213,9 +99,132 @@ typedef struct {
__IO uint32_t ANAPAR_AD5; /* Analog parameters for channel 5 */
__IO uint32_t CALI_DATA; /* Calibration data register */
} ADC_TypeDef;
/** @} */
/* AMEBAZ_I2C */
/* AMEBAZ_BACKUP_REG */
typedef struct {
__IO uint32_t DWORD[4]; /* 0x138 */
} BACKUP_REG_TypeDef;
/* GDMA channel */
typedef struct {
__IO uint32_t SAR; /* Source Address, 0x000 */
__O uint32_t RSAR; /* Source Address Read Back, 0x004 */
__IO uint32_t DAR; /* Destination Address, 0x008 */
__O uint32_t RDAR; /* Destination Address Read Back, 0x00C */
__IO uint32_t LLP; /* Linked List Pointer, 0x010 */
uint32_t RSVD2;
__IO uint32_t CTL_LOW; /* Control Low, 0x018 */
__IO uint32_t CTL_HIGH; /* Control High, 0x01C */
__IO uint32_t SSTAT; /* Source Status, 0x020 */
uint32_t RSVD4;
__IO uint32_t DSTAT; /* Destination Status, 0x028 */
uint32_t RSVD5;
__IO uint32_t SSTATAR; /* Source Status Address, 0x030 */
uint32_t RSVD6;
__IO uint32_t DSTATAR; /* Destination Status Address, 0x038 */
uint32_t RSVD7;
__IO uint32_t CFG_LOW; /* Config Low, 0x040 */
__IO uint32_t CFG_HIGH; /* Config High, 0x044 */
__IO uint32_t SGR; /* Source Gather, 0x048 */
uint32_t RSVD9;
__IO uint32_t DSR; /* Destination Scatter, 0x050 */
uint32_t RSVD10; /* 0x054 */
} GDMA_ChannelTypeDef;
/* General Direct Memory Access (GDMA) */
typedef struct {
GDMA_ChannelTypeDef CH[8]; /* 8 chs, we only have 5 though :) 0x000-0x2BC */
__I uint32_t RAW_TFR; /* Raw Transfer Status, 0x2C0 */
uint32_t RSVD0;
__I uint32_t RAW_BLOCK; /* Raw Block Status, 0x2C8 */
uint32_t RSVD1;
__I uint32_t RAW_SRC_TRAN; /* Raw Source Trans Status, 0x2D0 */
uint32_t RSVD2;
__I uint32_t RAW_DST_TRAN; /* Raw Dest Trans Status, 0x2D8 */
uint32_t RSVD3;
__I uint32_t RAW_ERR; /* Raw Error Status, 0x2E0 */
uint32_t RSVD4;
__I uint32_t STATUS_TFR; /* Transfer Status, 0x2E8 */
uint32_t RSVD5;
__I uint32_t STATUS_BLOCK; /* Block Status, 0x2F0 */
uint32_t RSVD6;
__I uint32_t STATUS_SRC_TRAN; /* Source Trans Status, 0x2F8 */
uint32_t RSVD7;
__I uint32_t STATUS_DST_TRAN; /* Dest Trans Status, 0x300 */
uint32_t RSVD8;
__I uint32_t STATUS_ERR; /* Error Status, 0x308 */
uint32_t RSVD9;
__IO uint32_t MASK_TFR; /* Transfer Mask, 0x310 */
uint32_t RSVD10;
__IO uint32_t MASK_BLOCK; /* Block Mask, 0x318 */
uint32_t RSVD11;
__IO uint32_t MASK_SRC_TRAN; /* Source Trans Mask, 0x320 */
uint32_t RSVD12;
__IO uint32_t MASK_DST_TRAN; /* Dest Trans Mask, 0x328 */
uint32_t RSVD13;
__IO uint32_t MASK_ERR; /* Error Mask, 0x330 */
uint32_t RSVD14;
__O uint32_t CLEAR_TFR; /* Transfer Clear, 0x338 */
uint32_t RSVD15;
__O uint32_t CLEAR_BLOCK; /* Block Clear, 0x340 */
uint32_t RSVD16;
__O uint32_t CLEAR_SRC_TRAN; /* Source Trans Clear, 0x348 */
uint32_t RSVD17;
__O uint32_t CLEAR_DST_TRAN; /* Dest Trans Clear, 0x350 */
uint32_t RSVD18;
__O uint32_t CLEAR_ERR; /* Error Clear, 0x358 */
uint32_t RSVD19;
__O uint32_t StatusInt; /* Interrupt Status, 0x360 */
uint32_t RSVD191;
__IO uint32_t ReqSrcReg; /* Source SW Request, 0x368 */
uint32_t RSVD20;
__IO uint32_t ReqDstReg; /* Dest SW Request, 0x370 */
uint32_t RSVD21;
__IO uint32_t SglReqSrcReg; /* Single Source Request, 0x378 */
uint32_t RSVD22;
__IO uint32_t SglReqDstReg; /* Single Dest Request, 0x380 */
uint32_t RSVD23;
__IO uint32_t LstSrcReg; /* Last Source Request, 0x388 */
uint32_t RSVD24;
__IO uint32_t LstDstReg; /* Last Dest Request, 0x390 */
uint32_t RSVD25;
__IO uint32_t DmaCfgReg; /* DMA Config, 0x398 */
uint32_t RSVD26;
__IO uint32_t ChEnReg; /* Channel Enable, 0x3A0 */
uint32_t RSVD27;
__I uint32_t DmaIdReg; /* DMA ID, 0x3A8 */
uint32_t RSVD28;
__IO uint32_t DmaTestReg; /* DMA Test, 0x3B0 */
uint32_t RSVD29;
} GDMA_TypeDef;
/* GPIO (General Purpose Input/Output) register definitions */
typedef struct {
__IO uint32_t DR; /* Data Register */
__IO uint32_t DDR; /* Direction Register */
__IO uint32_t CTRL; /* Control Register */
} GPIO_Port_TypeDef;
typedef struct {
GPIO_Port_TypeDef PORT[4]; /*GPIO IP have 4 ports */
__IO uint32_t INT_EN; /* GPIO interrupt enable register */
__IO uint32_t INT_MASK; /* GPIO interrupt mask register */
__IO uint32_t INT_TYPE; /* interrupt type(level/edge) register */
__IO uint32_t INT_POLARITY; /* interrupt polarity(Active low/high) register */
__IO uint32_t INT_STATUS; /* interrupt status register */
__IO uint32_t INT_RAWSTATUS; /* interrupt status without mask register */
__IO uint32_t DEBOUNCE; /* interrupt signal debounce register */
__IO uint32_t PORTA_EOI; /* clear interrupt register */
__IO uint32_t EXT_PORT[4]; /* GPIO IN read or OUT read back register */
__IO uint32_t LSSYNC; /* level-sensitive synchronization enable register */
__IO uint32_t IDCODE; /* GPIO ID code register */
__IO uint32_t RSVD2; /* Reserved */
__IO uint32_t VERIDCODE; /* component Version register */
__IO uint32_t CONFIG2; /* GPIO configuration Register 2 */
__IO uint32_t CONFIG1; /* GPIO configuration Register 1 */
} GPIO_TypeDef;
/* Inter Integrated Circuit Interface */
typedef struct {
__IO uint32_t IC_CON; /* Control register */
__IO uint32_t IC_TAR; /* Target address register */
@@ -287,9 +296,8 @@ typedef struct {
__IO uint32_t IC_DATA_S1; /* Slave1 RX/TX data buffer */
__I uint32_t IC_COMP_VERSION; /* Component version ID */
} I2C_TypeDef;
/** @} */
/* AMEBAZ_I2S */
/* Inter-Integrated Circuit Sound interface */
typedef struct {
__IO uint32_t IS_CTL; /* Main I2S control register */
__IO uint32_t IS_TX_PAGE_PTR; /* TX page pointer */
@@ -304,98 +312,14 @@ typedef struct {
__IO uint32_t IS_TX_PAGE_OWN[4]; /* TX page ownership bits */
__IO uint32_t IS_RX_PAGE_OWN[4]; /* RX page ownership bits */
} I2S_TypeDef;
/** @} */
/*
* AMEBAZ_TIMER Register Declaration
* TIM1 have 6 CCR registers: bit[15:0] is CCR, bit[31:24] is CCMR
* TIM3 have 1 CCR registesr: bit[15:0] is CCR, bit[31:24] is CCMR
* TIM5-8 dont have CCR register
*/
/**
* @brief RTK TIM CCR
*/
typedef struct {
__IO uint16_t CCRx; /*TIM capture/compare register */
__IO uint8_t RSVD; /*TIM capture/compare rsvd register */
__IO uint8_t CCMRx; /*TIM capture/compare register */
} RTIM_CCR_TypeDef;
/**
* RTK Timer (RTIM) registers
*/
typedef struct {
__IO uint32_t EN; /* Timer enable */
__IO uint32_t CR; /* Main control settings */
__IO uint32_t DIER; /* DMA/Interrupt configuration */
__IO uint32_t SR; /* Status flags */
__IO uint32_t EGR; /* Event generation control */
__IO uint32_t CNT; /* Counter value */
__IO uint32_t PSC; /* Clock prescaler */
__IO uint32_t ARR; /* Auto-reload value */
__IO uint32_t CCMRx[6]; /* Capture/Compare modes */
} RTIM_TypeDef;
/** @} */
/* Real-Time Clock (RTC) registers */
typedef struct {
__IO uint32_t TR; /* Time value */
__IO uint32_t CR; /* Control settings */
__IO uint32_t ISR; /* Status and initialization */
__IO uint32_t PRER; /* Clock prescaler */
__IO uint32_t CALIBR; /* Calibration settings */
__IO uint32_t ALMR1; /* Alarm 1 configuration */
__IO uint32_t ALMR2; /* Alarm 2 configuration */
__IO uint32_t WPR; /* Write protection */
} RTC_TypeDef;
/** @} */
/* AMEBAZ_PINMUX */
typedef struct {
__IO uint32_t PADCTR[21]; /*Pad control register */
} PINMUX_TypeDef;
/** @} */
/* AMEBAZ_IPSEC */
/* Internet Protocol Security (IPsec) */
typedef struct {
__IO uint32_t IPSSDAR; /* Source Descriptor Starting Address Register */
__IO uint32_t IPSDDAR; /* Destination Descriptor Starting Address Register */
__IO uint32_t IPSCSR; /* Command/Status Register */
__IO uint32_t IPSCTR; /* Control Register */
} IPSEC_TypeDef;
/** @} */
/* AMEBAZ_USOC */
typedef struct {
__IO uint32_t SIE_CR; /* SIE control */
__IO uint32_t CLK_RST_CTRL; /* Clock and reset control */
__IO uint32_t CHANN_CTRL; /* Channel control */
__IO uint32_t BUFF_SIZE_CTRL; /* TX/RX buffer size control */
__IO uint32_t TXBD_BAR; /* TX buffer descriptor base address */
__IO uint32_t RXBD_BAR; /* RX buffer descriptor base address */
__IO uint32_t RING_SIZE_CTRL; /* Ring size control */
__IO uint32_t RSVD1; /* Reserved */
__I uint32_t TXBD_HW_IDX; /* TX hardware index */
__IO uint32_t TXBD_SW_IDX; /* TX software index */
__I uint32_t RXBD_HW_IDX; /* RX hardware index */
__IO uint32_t RXBD_SW_IDX; /* RX software index */
__IO uint32_t INTR_MASK; /* Interrupt mask */
__IO uint32_t INTR_CLR; /* Interrupt clear */
__IO uint32_t INTR_STAT; /* Interrupt status */
__IO uint32_t RSVD2; /* Reserved */
__IO uint32_t TX_MIT; /* TX mitigation */
__IO uint32_t RX_MIT; /* RX mitigation */
__IO uint32_t RSVD3[2]; /* Reserved */
__IO uint32_t IOREG_MAR; /* Host device access */
__IO uint32_t RSVD4[3]; /* Reserved */
__IO uint32_t TX_MAIN_BUF_CTRL; /* TX main buffer control */
__IO uint32_t TX_DEST_BUF_CTRL; /* TX destination buffer control */
__IO uint32_t RX_MAIN_BUF_CTRL; /* RX main buffer control */
__IO uint32_t RX_SRC_BUF_CTRL; /* RX source buffer control */
__IO uint32_t TX_STUCK_TIMER; /* TX stuck timer */
__IO uint32_t RX_STUCK_TIMER; /* RX stuck timer */
__IO uint32_t QOS_CTRL; /* QoS control */
} USOC_REG_TypeDef;
/**
* NCO32k (Numerically Controlled Oscillator) peripheral structure
@@ -420,23 +344,174 @@ typedef struct {
} NCO32k_TypeDef;
/*
* @defgroup AMEBAZ_NCO8M
* @{
* @brief AMEBAZ_NCO8M Register Declaration
* @note [0]: function enable
* @note [15:1]: expected frequency of nco output clk, unit is 1KHz
* @note [31:16] frequency of nco input clk, unit is 1KHz
* 8MHz NCO Register Declaration
* [0]: function enable
* [15:1]: expected frequency of nco output clk, unit is 1KHz
* [31:16] frequency of nco input clk, unit is 1KHz
*/
typedef struct {
__IO uint32_t NCOReg;
typedef union {
__IO uint32_t NCOReg; /* 32-bit access */
} NCO8M_TypeDef;
/** @} */
/* AMEBAZ_BACKUP_REG */
/* Peripheral and clock control register definitions */
typedef struct {
__IO uint32_t DWORD[4]; /* 0x138 */
} BACKUP_REG_TypeDef;
/** @} */
__IO uint32_t PEON_PWR_CTRL; /* 0x0200 */
__IO uint32_t PON_ISO_CTRL; /* 0x0204 */
uint32_t RESERVED0[2]; /* 0x0208-0x020C */
__IO uint32_t SOC_FUNC_EN; /* 0x0210 */
__IO uint32_t SOC_HCI_COM_FUNC_EN; /* 0x0214 */
__IO uint32_t SOC_PERI_FUNC0_EN; /* 0x0218 */
__IO uint32_t SOC_PERI_FUNC1_EN; /* 0x021C */
__IO uint32_t SOC_PERI_BD_FUNC0_EN; /* 0x0220 */
uint32_t RESERVED1[3]; /* 0x0224-0x022C */
__IO uint32_t PESOC_CLK_CTRL; /* 0x0230 */
__IO uint32_t PESOC_PERI_CLK_CTRL0; /* 0x0234 */
__IO uint32_t PESOC_PERI_CLK_CTRL1; /* 0x0238 */
__IO uint32_t PESOC_CLK_CTRL3; /* 0x023C */
__IO uint32_t PESOC_HCI_CLK_CTRL0; /* 0x0240 */
__IO uint32_t PESOC_COM_CLK_CTRL1; /* 0x0244 */
__IO uint32_t PESOC_HW_ENG_CLK_CTRL; /* 0x0248 */
uint32_t RESERVED2[1]; /* 0x024C */
__IO uint32_t PESOC_CLK_SEL; /* 0x0250 */
uint32_t RESERVED3[6]; /* 0x0254-0x0268 */
__IO uint32_t UART_NCO_CTRL; /* 0x026C */
uint32_t RESERVED4[1]; /* 0x0270 */
__IO uint32_t OSC32K_REG_CTRL0; /* 0x0274 */
__IO uint32_t OSC32K_REG_CTRL1; /* 0x0278 */
__IO uint32_t THERMAL_METER_CTRL; /* 0x027C */
__IO uint32_t GPIO_PINMUX_CTRL[24]; /* 0x0280-0x02DC */
__IO uint32_t PON_PINMUX_CTRL; /* 0x02E0 */
uint32_t RESERVED5[6]; /* 0x02E4-0x02F8 */
__IO uint32_t FW_PPROTECT_KEY_CTRL; /* 0x02FC */
uint32_t RESERVED6[1]; /* 0x0300 */
__IO uint32_t PESOC_SOC_CTRL; /* 0x0304 */
} PERI_ON_TypeDef;
/* Pin Multiplexing */
typedef struct {
__IO uint32_t PADCTR[21]; /*Pad control register */
} PINMUX_TypeDef;
/*
* AMEBAZ_TIMER Register Declaration
* TIM1 have 6 CCR registers: bit[15:0] is CCR, bit[31:24] is CCMR
* TIM3 have 1 CCR registesr: bit[15:0] is CCR, bit[31:24] is CCMR
* TIM5-8 dont have CCR register
*/
/* RTK Timer (RTIM) registers */
typedef struct {
__IO uint32_t EN; /* Timer enable */
__IO uint32_t CR; /* Main control settings */
__IO uint32_t DIER; /* DMA/Interrupt configuration */
__IO uint32_t SR; /* Status flags */
__IO uint32_t EGR; /* Event generation control */
__IO uint32_t CNT; /* Counter value */
__IO uint32_t PSC; /* Clock prescaler */
__IO uint32_t ARR; /* Auto-reload value */
__IO uint32_t CCMRx[6]; /* Capture/Compare modes */
} RTIM_TypeDef;
/* RTIM TIM CCR */
typedef struct {
__IO uint16_t CCRx; /* TIM capture/compare register */
__IO uint8_t RSVD; /* TIM capture/compare rsvd register */
__IO uint8_t CCMRx; /* TIM capture/compare register */
} RTIM_CCR_TypeDef;
/* Real-Time Clock (RTC) registers */
typedef struct {
__IO uint32_t TR; /* Time value */
__IO uint32_t CR; /* Control settings */
__IO uint32_t ISR; /* Status and initialization */
__IO uint32_t PRER; /* Clock prescaler */
__IO uint32_t CALIBR; /* Calibration settings */
__IO uint32_t ALMR1; /* Alarm 1 configuration */
__IO uint32_t ALMR2; /* Alarm 2 configuration */
__IO uint32_t WPR; /* Write protection */
} RTC_TypeDef;
/* Serial Peripheral Interface (SPI) */
typedef struct {
__IO uint32_t CTRLR0; /* Control register 0 */
__IO uint32_t CTRLR1; /* Control register 1 */
__IO uint32_t SSIENR; /* SSI enable */
__IO uint32_t MWCR; /* Microwire control */
__IO uint32_t SER; /* Slave enable */
__IO uint32_t BAUDR; /* Baud rate select */
__IO uint32_t TXFTLR; /* TX FIFO threshold level */
__IO uint32_t RXFTLR; /* RX FIFO threshold level */
__I uint32_t TXFLR; /* TX FIFO level */
__I uint32_t RXFLR; /* RX FIFO level */
__I uint32_t SR; /* Status */
__IO uint32_t IMR; /* Interrupt mask */
__I uint32_t ISR; /* Interrupt status */
__I uint32_t RISR; /* Raw interrupt status */
__I uint32_t TXOICR; /* TX FIFO overflow interrupt clear */
__I uint32_t RXOICR; /* RX FIFO overflow interrupt clear */
__I uint32_t RXUICR; /* RX FIFO underflow interrupt clear */
__I uint32_t MSTICR; /* Multi-master interrupt clear */
__I uint32_t ICR; /* Interrupt clear */
__IO uint32_t DMACR; /* DMA control */
__IO uint32_t DMATDLR; /* DMA TX data level */
__IO uint32_t DMARDLR; /* DMA RX data level */
__I uint32_t IDR; /* Identification */
__I uint32_t SSI_COMP_VERSION; /* CoreKit version ID */
__IO uint32_t DR[36]; /* Data register array */
__IO uint32_t RX_SAMPLE_DLY; /* RX sample delay */
} SPI_TypeDef;
/* SPI Flash Controller (SPIC) */
typedef struct {
__IO uint32_t ctrlr0; /* Control register 0 */
__IO uint32_t ctrlr1; /* Control register 1 */
__IO uint32_t ssienr; /* SPI enable */
__IO uint32_t mwcr; /* Reserved */
__IO uint32_t ser; /* Slave enable */
__IO uint32_t baudr; /* Baudrate select */
__IO uint32_t txftlr; /* TX FIFO threshold level */
__IO uint32_t rxftlr; /* RX FIFO threshold level */
__IO uint32_t txflr; /* TX FIFO level */
__IO uint32_t rxflr; /* RX FIFO level */
__IO uint32_t sr; /* Status register */
__IO uint32_t imr; /* Interrupt mask */
__IO uint32_t isr; /* Interrupt status */
__IO uint32_t risr; /* Raw interrupt status */
__IO uint32_t txoicr; /* TX FIFO overflow interrupt clear */
__IO uint32_t rxoicr; /* RX FIFO overflow interrupt clear */
__IO uint32_t rxuicr; /* RX FIFO underflow interrupt clear */
__IO uint32_t msticr; /* Master error interrupt clear */
__IO uint32_t icr; /* Interrupt clear */
__IO uint32_t dmacr; /* Reserved */
__IO uint32_t dmatdlr; /* Reserved */
__IO uint32_t dmardlr; /* Reserved */
__IO uint32_t idr; /* Identification register */
__IO uint32_t spi_flash_version; /* Version ID */
union {
__IO uint8_t byte;
__IO uint16_t half;
__IO uint32_t word;
} dr[32]; /* Data register array */
__IO uint32_t rd_fast_single; /* Flash fast read command */
__IO uint32_t rd_dual_o; /* Flash dual output read */
__IO uint32_t rd_dual_io; /* Flash dual I/O read */
__IO uint32_t rd_quad_o; /* Flash quad output read */
__IO uint32_t rd_quad_io; /* Flash quad I/O read */
__IO uint32_t wr_single; /* Flash page program */
__IO uint32_t wr_dual_i; /* Flash dual input program */
__IO uint32_t wr_dual_ii; /* Flash dual addr/data program */
__IO uint32_t wr_quad_i; /* Flash quad input program */
__IO uint32_t wr_quad_ii; /* Flash quad addr/data program */
__IO uint32_t wr_enable; /* Flash write enable */
__IO uint32_t rd_status; /* Flash read status */
__IO uint32_t ctrlr2; /* Control register 2 */
__IO uint32_t fbaudr; /* Fast baudrate select */
__IO uint32_t addr_length; /* Address length */
__IO uint32_t auto_length; /* Auto address length */
__IO uint32_t valid_cmd; /* Valid command */
__IO uint32_t flash_size; /* Flash size */
__IO uint32_t flush_fifo; /* Flush FIFO */
} SPIC_TypeDef;
/* AMEBAZ_CACHE Register Declaration */
typedef struct {
@@ -449,7 +524,6 @@ typedef struct {
__IO uint32_t SPICC_HIT_LSTW_EVT_CUNT; /* Last-way hit counter */
__IO uint32_t SPICC_RD_PEND_CUNT; /* Pending read counter */
} SPIC_CACHE_TypeDef;
/** @} */
/* Control register definitions for system-level configurations */
typedef struct {
@@ -545,73 +619,74 @@ typedef struct {
__IO uint32_t SYSTEM_CFG2; /* 0x01F8 */
} SYSTEM_CTRL_TypeDef;
/* Peripheral and clock control register definitions */
/* Universal asynchronous receiver-transmitter (UART) */
typedef struct {
__IO uint32_t PEON_PWR_CTRL; /* 0x0200 */
__IO uint32_t PON_ISO_CTRL; /* 0x0204 */
uint32_t RESERVED0[2]; /* 0x0208-0x020C */
__IO uint32_t SOC_FUNC_EN; /* 0x0210 */
__IO uint32_t SOC_HCI_COM_FUNC_EN; /* 0x0214 */
__IO uint32_t SOC_PERI_FUNC0_EN; /* 0x0218 */
__IO uint32_t SOC_PERI_FUNC1_EN; /* 0x021C */
__IO uint32_t SOC_PERI_BD_FUNC0_EN; /* 0x0220 */
uint32_t RESERVED1[3]; /* 0x0224-0x022C */
__IO uint32_t PESOC_CLK_CTRL; /* 0x0230 */
__IO uint32_t PESOC_PERI_CLK_CTRL0; /* 0x0234 */
__IO uint32_t PESOC_PERI_CLK_CTRL1; /* 0x0238 */
__IO uint32_t PESOC_CLK_CTRL3; /* 0x023C */
__IO uint32_t PESOC_HCI_CLK_CTRL0; /* 0x0240 */
__IO uint32_t PESOC_COM_CLK_CTRL1; /* 0x0244 */
__IO uint32_t PESOC_HW_ENG_CLK_CTRL; /* 0x0248 */
uint32_t RESERVED2[1]; /* 0x024C */
__IO uint32_t PESOC_CLK_SEL; /* 0x0250 */
uint32_t RESERVED3[6]; /* 0x0254-0x0268 */
__IO uint32_t UART_NCO_CTRL; /* 0x026C */
uint32_t RESERVED4[1]; /* 0x0270 */
__IO uint32_t OSC32K_REG_CTRL0; /* 0x0274 */
__IO uint32_t OSC32K_REG_CTRL1; /* 0x0278 */
__IO uint32_t THERMAL_METER_CTRL; /* 0x027C */
__IO uint32_t GPIO_PINMUX_CTRL[24]; /* 0x0280-0x02DC */
__IO uint32_t PON_PINMUX_CTRL; /* 0x02E0 */
uint32_t RESERVED5[6]; /* 0x02E4-0x02F8 */
__IO uint32_t FW_PPROTECT_KEY_CTRL; /* 0x02FC */
uint32_t RESERVED6[1]; /* 0x0300 */
__IO uint32_t PESOC_SOC_CTRL; /* 0x0304 */
} PERI_ON_TypeDef;
__IO uint32_t DLL; /* Divisor Latch (unused in Amebaz) */
__IO uint32_t DLH_INTCR; /* Interrupt Enable */
__IO uint32_t INTID; /* Interrupt Identification */
__IO uint32_t LCR; /* Line Control */
__IO uint32_t MCR; /* Modem Control */
__I uint32_t LSR; /* Line Status */
__I uint32_t MDSR; /* Modem Status */
__IO uint32_t SPR; /* Scratch Pad */
__IO uint32_t STSR; /* STS Register */
__IO uint32_t RB_THR; /* Receive Buffer/Transmit Holding */
__IO uint32_t MISCR; /* Misc Control */
__IO uint32_t TXPLSR; /* IrDA TX Pulse Width Control */
/* GPIO (General Purpose Input/Output) register definitions */
typedef struct {
__IO uint32_t DR; /* Data Register */
__IO uint32_t DDR; /* Direction Register */
__IO uint32_t CTRL; /* Control Register */
} GPIO_Port_TypeDef;
__IO uint32_t RXPLSR; /* IrDA RX Pulse Width Control */
__IO uint32_t BAUDMONR; /* Baud Monitor */
__IO uint32_t RSVD2; /* Reserved */
__IO uint32_t DBG_UART; /* Debug */
/* Power save features */
__IO uint32_t RX_PATH; /* RX Path Control */
__IO uint32_t MON_BAUD_CTRL; /* Monitor Baud Rate Control */
__IO uint32_t MON_BAUD_STS; /* Monitor Baud Rate Status */
__IO uint32_t MON_CYC_NUM; /* Monitor Cycle Number */
__IO uint32_t RX_BYTE_CNT; /* RX Byte Counter */
__IO uint32_t FCR; /* FIFO Control */
} UART_TypeDef;
/* USB System-on-Chip (USOC) */
typedef struct {
GPIO_Port_TypeDef PORT[4]; /*GPIO IP have 4 ports */
__IO uint32_t INT_EN; /* GPIO interrupt enable register */
__IO uint32_t INT_MASK; /* GPIO interrupt mask register */
__IO uint32_t INT_TYPE; /* interrupt type(level/edge) register */
__IO uint32_t INT_POLARITY; /* interrupt polarity(Active low/high) register */
__IO uint32_t INT_STATUS; /* interrupt status register */
__IO uint32_t INT_RAWSTATUS; /* interrupt status without mask register */
__IO uint32_t DEBOUNCE; /* interrupt signal debounce register */
__IO uint32_t PORTA_EOI; /* clear interrupt register */
__IO uint32_t EXT_PORT[4]; /* GPIO IN read or OUT read back register */
__IO uint32_t LSSYNC; /* level-sensitive synchronization enable register */
__IO uint32_t IDCODE; /* GPIO ID code register */
__IO uint32_t RSVD2; /* Reserved */
__IO uint32_t VERIDCODE; /* component Version register */
__IO uint32_t CONFIG2; /* GPIO configuration Register 2 */
__IO uint32_t CONFIG1; /* GPIO configuration Register 1 */
} GPIO_TypeDef;
__IO uint32_t SIE_CR; /* SIE control */
__IO uint32_t CLK_RST_CTRL; /* Clock and reset control */
__IO uint32_t CHANN_CTRL; /* Channel control */
__IO uint32_t BUFF_SIZE_CTRL; /* TX/RX buffer size control */
__IO uint32_t TXBD_BAR; /* TX buffer descriptor base address */
__IO uint32_t RXBD_BAR; /* RX buffer descriptor base address */
__IO uint32_t RING_SIZE_CTRL; /* Ring size control */
__IO uint32_t RSVD1; /* Reserved */
__I uint32_t TXBD_HW_IDX; /* TX hardware index */
__IO uint32_t TXBD_SW_IDX; /* TX software index */
__I uint32_t RXBD_HW_IDX; /* RX hardware index */
__IO uint32_t RXBD_SW_IDX; /* RX software index */
__IO uint32_t INTR_MASK; /* Interrupt mask */
__IO uint32_t INTR_CLR; /* Interrupt clear */
__IO uint32_t INTR_STAT; /* Interrupt status */
__IO uint32_t RSVD2; /* Reserved */
__IO uint32_t TX_MIT; /* TX mitigation */
__IO uint32_t RX_MIT; /* RX mitigation */
__IO uint32_t RSVD3[2]; /* Reserved */
__IO uint32_t IOREG_MAR; /* Host device access */
__IO uint32_t RSVD4[3]; /* Reserved */
__IO uint32_t TX_MAIN_BUF_CTRL; /* TX main buffer control */
__IO uint32_t TX_DEST_BUF_CTRL; /* TX destination buffer control */
__IO uint32_t RX_MAIN_BUF_CTRL; /* RX main buffer control */
__IO uint32_t RX_SRC_BUF_CTRL; /* RX source buffer control */
__IO uint32_t TX_STUCK_TIMER; /* TX stuck timer */
__IO uint32_t RX_STUCK_TIMER; /* RX stuck timer */
__IO uint32_t QOS_CTRL; /* QoS control */
} USOC_REG_TypeDef;
/* Peripheral memory map */
#define SPI_FLASH_BASE 0x08000000
#define SYSTEM_CTRL_BASE 0x40000000
#define PERI_ON_BASE (SYSTEM_CTRL_BASE + 0x200)
#define VENDOR_REG_BASE 0x40002800
#define SPI_FLASH_BASE 0x08000000
#define NCO1_REG_BASE 0x40000080
#define BACKUP_REG_BASE 0x40000138
#define NCO2_REG_BASE 0x4000026C
@@ -619,6 +694,7 @@ typedef struct {
#define GPIO_REG_BASE 0x40001000
#define TIMER_REG_BASE 0x40002000
#define VENDOR_REG_BASE 0x40002800
#define LOG_UART_REG_BASE 0x40003000
#define RTC_BASE 0x40003400
#define SPIC_CACHE_BASE 0x40003C00
@@ -639,7 +715,6 @@ typedef struct {
#define WIFI_REG_BASE 0x40080000
#define SIE_REG_BASE 0x400C0000
#define USOC_REG_BASE 0x400C2000
#define GDMA1_REG_OFF 0x1000
#define TIM0_BASE (TIMER_REG_BASE)
#define TIM1_BASE (TIMER_REG_BASE + 0x040)
@@ -649,6 +724,12 @@ typedef struct {
#define TIM5_BASE (TIMER_REG_BASE + 0x140)
/* Peripheral declaration */
// TODO: ida :)
// VENDOR_REG (base: 0x40002800)
// SDIO_DEVICE_REG (base: 0x40050000)
// WIFI_REG (base: 0x40080000)
// SIE_REG (base: 0x400C0000)
#define SYSTEM_CTRL ((SYSTEM_CTRL_TypeDef *)SYSTEM_CTRL_BASE)
#define PERI_ON ((PERI_ON_TypeDef *)PERI_ON_BASE)
@@ -661,6 +742,8 @@ typedef struct {
#define ADC ((ADC_TypeDef *)ADC_REG_BASE)
#define I2C0 ((I2C_TypeDef *)I2C0_REG_BASE)
#define I2C1 ((I2C_TypeDef *)I2C1_REG_BASE)
#define GDMA0 ((GDMA_TypeDef *)GDMA0_REG_BASE)
#define GDMA1 ((GDMA_TypeDef *)GDMA1_REG_BASE)
#define I2S ((I2S_TypeDef *)I2S0_REG_BASE)
#define TIM0 ((RTIM_TypeDef *)TIM0_BASE)
#define TIM1 ((RTIM_TypeDef *)TIM1_BASE)