diff --git a/docs/create_peripherals_ida.py b/docs/create_peripherals_ida.py new file mode 100644 index 0000000..6c25243 --- /dev/null +++ b/docs/create_peripherals_ida.py @@ -0,0 +1,71 @@ +from ida_segment import * +from ida_bytes import * + + +def create_peripheral_segment(start_addr, name, size): + seg = segment_t() + seg.start_ea = start_addr + seg.end_ea = start_addr + size + seg.bitness = 1 # 32-bit + seg.align = saRelByte + seg.comb = scPub + seg.perm = SEGPERM_READ | SEGPERM_WRITE + + if add_segm_ex(seg, name, "PERIPHERAL", ADDSEG_OR_DIE): + getseg(start_addr).type = SEG_DATA + set_segment_cmt(getseg(start_addr), "Volatile peripheral registers", True) + return True + return False + + +def verify_no_overlaps(peripherals): + sorted_pairs = sorted(peripherals.items()) + for i in range(len(sorted_pairs) - 1): + curr_addr, (curr_name, curr_size) = sorted_pairs[i] + next_addr, (next_name, _) = sorted_pairs[i + 1] + + if curr_addr + curr_size > next_addr: + print(f"ERROR: Overlap between {curr_name} and {next_name}") + return False + return True + + +def main(): + peripherals = { + 0x40000000: ("SYSTEM_CTRL", 0x200), + 0x40000200: ("PERI_ON", 0x80), + 0x40000280: ("PINMUX_REG", 0xD80), + 0x40001000: ("GPIO_REG", 0x1000), + 0x40002000: ("TIMER_REG", 0x800), + 0x40002800: ("VENDOR_REG", 0x800), + 0x40003000: ("LOG_UART_REG", 0x400), + 0x40003400: ("RTC", 0x800), + 0x40003C00: ("SPIC_CACHE", 0x400), + 0x40010000: ("ADC_REG", 0x1000), + 0x40020000: ("SPI_FLASH_CTRL", 0x1000), + 0x40040000: ("UART0_REG", 0x400), + 0x40040400: ("UART1_REG", 0x400), + 0x40042000: ("SPI0_REG", 0x400), + 0x40042400: ("SPI1_REG", 0x400), + 0x40044000: ("I2C0_REG", 0x400), + 0x40044400: ("I2C1_REG", 0x400), + 0x40050000: ("SDIO_DEVICE_REG", 0x1000), + 0x40060000: ("GDMA0_REG", 0x1000), + 0x40061000: ("GDMA1_REG", 0x1000), + 0x40062000: ("I2S0_REG", 0x1000), + 0x40070000: ("CRYPTO_REG", 0x1000), + 0x40080000: ("WIFI_REG", 0x40000), + 0x400C0000: ("SIE_REG", 0x2000), + 0x400C2000: ("USOC_REG", 0x2000), + } + + if not verify_no_overlaps(peripherals): + return + + for addr, (name, size) in sorted(peripherals.items()): + if not create_peripheral_segment(addr, name, size): + print(f"Failed to create segment {name}") + + +if __name__ == "__main__": + main() diff --git a/docs/wifi.md b/docs/wifi.md new file mode 100644 index 0000000..2171264 --- /dev/null +++ b/docs/wifi.md @@ -0,0 +1,82 @@ +# ROM wifi funcs + +todo: + +- disasm the wifi binary + +```mermaid +sequenceDiagram + participant Device + participant AP as Access Point + participant MAC as MAC Layer + participant PHY as PHY Layer + + Note over Device,PHY: Initialization Phase + Device->>MAC: ROM_WIFI_InitMacClk + Device->>MAC: ROM_WIFI_Init32kClk + Device->>MAC: ROM_WIFI_InitLxDma + Device->>MAC: ROM_WIFI_INIT_MACADDR_SET + Device->>MAC: ROM_WIFI_InitNetworkType + Device->>MAC: ROM_WIFI_InitEDCA + Device->>PHY: ROM_WIFI_ENABLE_BB_RF + + Note over Device,PHY: Connection Phase + Device->>AP: ROM_WIFI_Set_MLME_Sitesurvey + AP->>Device: Beacon Frames + Device->>MAC: ROM_WIFI_BCN_VALID + Device->>MAC: ROM_WIFI_CHECK_BSSID + Device->>MAC: ROM_WIFI_Set_MLME_JOIN + Device->>MAC: ROM_WIFI_BSSID_SET + + Note over Device,PHY: Operation Phase + Device->>MAC: ROM_WIFI_Set_AC_Param + MAC->>Device: ROM_WIFI_CHECK_TXBUF + Device->>MAC: ROM_WIFI_SET_MAX_AGG_NUM + + Note over Device,PHY: Security Setup + Device->>MAC: ROM_WIFI_SEC_CFG + Device->>MAC: ROM_WIFI_CAM_WRITE + + Note over Device,PHY: Maintenance + Device->>MAC: ROM_WIFI_TSF_GetByPort + Device->>MAC: ROM_WIFI_IMR_UPDATE + Device->>MAC: ROM_WIFI_High_Queue_Empty_Check + +``` + +1. init: + + - sysclock init (`ROM_WIFI_InitMacClk`, `ROM_WIFI_Init32kClk`) + - DMA setup (`ROM_WIFI_InitLxDma`) + - MAC address config (`ROM_WIFI_INIT_MACADDR_SET`) + - Network type setup (`ROM_WIFI_InitNetworkType`) + - EDCA params for QoS (`ROM_WIFI_InitEDCA`) + - RF/Baseband enable (`ROM_WIFI_ENABLE_BB_RF`) + +2. connect: + + - site survey to find networks (`ROM_WIFI_Set_MLME_Sitesurvey`) + - beacon validation (`ROM_WIFI_BCN_VALID`) + - BSSID checking (`ROM_WIFI_CHECK_BSSID`) + - join request (`ROM_WIFI_Set_MLME_JOIN`) + - BSSID setting (`ROM_WIFI_BSSID_SET`) + +3. config: + + - AC (Access Category) param (`ROM_WIFI_Set_AC_Param`) + - Buffer management? (`ROM_WIFI_CHECK_TXBUF`) + - Aggregation configuration (`ROM_WIFI_SET_MAX_AGG_NUM`) + +4. security: + + - Security configuration (`ROM_WIFI_SEC_CFG`) + - CAM (Content Addressable Memory) (`ROM_WIFI_CAM_WRITE`) + +5. maintain: + - TSF (Timing Synchronization Function) (`ROM_WIFI_TSF_GetByPort`) + - Interrupt mask updates (`ROM_WIFI_IMR_UPDATE`) + - Queue monitoring (`ROM_WIFI_High_Queue_Empty_Check`) + +- MU-EDCA (Multi-User EDCA) `ROM_WIFI_AX_MUEDCA_Para` +- BSS Coloring `ROM_WIFI_AX_BSS_COLOR_SET` +- OFDMA (Orthogonal Frequency Division Multiple Access) diff --git a/include/rtl8710bx.h b/include/rtl8710bx.h index 4935328..11d7b7e 100644 --- a/include/rtl8710bx.h +++ b/include/rtl8710bx.h @@ -81,121 +81,7 @@ typedef enum IRQn { /* Device Specific Peripheral Section */ -/* AMEBAZ_UART */ -typedef struct { - __IO uint32_t DLL; /* Divisor Latch (unused in Amebaz) */ - __IO uint32_t DLH_INTCR; /* Interrupt Enable */ - __IO uint32_t INTID; /* Interrupt Identification */ - __IO uint32_t LCR; /* Line Control */ - __IO uint32_t MCR; /* Modem Control */ - __I uint32_t LSR; /* Line Status */ - __I uint32_t MDSR; /* Modem Status */ - __IO uint32_t SPR; /* Scratch Pad */ - __IO uint32_t STSR; /* STS Register */ - __IO uint32_t RB_THR; /* Receive Buffer/Transmit Holding */ - __IO uint32_t MISCR; /* Misc Control */ - __IO uint32_t TXPLSR; /* IrDA TX Pulse Width Control */ - - __IO uint32_t RXPLSR; /* IrDA RX Pulse Width Control */ - __IO uint32_t BAUDMONR; /* Baud Monitor */ - __IO uint32_t RSVD2; /* Reserved */ - __IO uint32_t DBG_UART; /* Debug */ - - /* Power save features */ - __IO uint32_t RX_PATH; /* RX Path Control */ - __IO uint32_t MON_BAUD_CTRL; /* Monitor Baud Rate Control */ - __IO uint32_t MON_BAUD_STS; /* Monitor Baud Rate Status */ - __IO uint32_t MON_CYC_NUM; /* Monitor Cycle Number */ - __IO uint32_t RX_BYTE_CNT; /* RX Byte Counter */ - - __IO uint32_t FCR; /* FIFO Control */ -} UART_TypeDef; -/** @} */ - -/* AMEBAZ_SPI */ -typedef struct { - __IO uint32_t CTRLR0; /* Control register 0 */ - __IO uint32_t CTRLR1; /* Control register 1 */ - __IO uint32_t SSIENR; /* SSI enable */ - __IO uint32_t MWCR; /* Microwire control */ - __IO uint32_t SER; /* Slave enable */ - __IO uint32_t BAUDR; /* Baud rate select */ - __IO uint32_t TXFTLR; /* TX FIFO threshold level */ - __IO uint32_t RXFTLR; /* RX FIFO threshold level */ - __I uint32_t TXFLR; /* TX FIFO level */ - __I uint32_t RXFLR; /* RX FIFO level */ - __I uint32_t SR; /* Status */ - __IO uint32_t IMR; /* Interrupt mask */ - __I uint32_t ISR; /* Interrupt status */ - __I uint32_t RISR; /* Raw interrupt status */ - __I uint32_t TXOICR; /* TX FIFO overflow interrupt clear */ - __I uint32_t RXOICR; /* RX FIFO overflow interrupt clear */ - __I uint32_t RXUICR; /* RX FIFO underflow interrupt clear */ - __I uint32_t MSTICR; /* Multi-master interrupt clear */ - __I uint32_t ICR; /* Interrupt clear */ - __IO uint32_t DMACR; /* DMA control */ - __IO uint32_t DMATDLR; /* DMA TX data level */ - __IO uint32_t DMARDLR; /* DMA RX data level */ - __I uint32_t IDR; /* Identification */ - __I uint32_t SSI_COMP_VERSION; /* CoreKit version ID */ - __IO uint32_t DR[36]; /* Data register array */ - __IO uint32_t RX_SAMPLE_DLY; /* RX sample delay */ -} SPI_TypeDef; -/** @} */ - -/* AMEBAZ_SPIC */ -typedef struct { - __IO uint32_t ctrlr0; /* Control register 0 */ - __IO uint32_t ctrlr1; /* Control register 1 */ - __IO uint32_t ssienr; /* SPI enable */ - __IO uint32_t mwcr; /* Reserved */ - __IO uint32_t ser; /* Slave enable */ - __IO uint32_t baudr; /* Baudrate select */ - __IO uint32_t txftlr; /* TX FIFO threshold level */ - __IO uint32_t rxftlr; /* RX FIFO threshold level */ - __IO uint32_t txflr; /* TX FIFO level */ - __IO uint32_t rxflr; /* RX FIFO level */ - __IO uint32_t sr; /* Status register */ - __IO uint32_t imr; /* Interrupt mask */ - __IO uint32_t isr; /* Interrupt status */ - __IO uint32_t risr; /* Raw interrupt status */ - __IO uint32_t txoicr; /* TX FIFO overflow interrupt clear */ - __IO uint32_t rxoicr; /* RX FIFO overflow interrupt clear */ - __IO uint32_t rxuicr; /* RX FIFO underflow interrupt clear */ - __IO uint32_t msticr; /* Master error interrupt clear */ - __IO uint32_t icr; /* Interrupt clear */ - __IO uint32_t dmacr; /* Reserved */ - __IO uint32_t dmatdlr; /* Reserved */ - __IO uint32_t dmardlr; /* Reserved */ - __IO uint32_t idr; /* Identification register */ - __IO uint32_t spi_flash_version; /* Version ID */ - union { - __IO uint8_t byte; - __IO uint16_t half; - __IO uint32_t word; - } dr[32]; /* Data register array */ - __IO uint32_t rd_fast_single; /* Flash fast read command */ - __IO uint32_t rd_dual_o; /* Flash dual output read */ - __IO uint32_t rd_dual_io; /* Flash dual I/O read */ - __IO uint32_t rd_quad_o; /* Flash quad output read */ - __IO uint32_t rd_quad_io; /* Flash quad I/O read */ - __IO uint32_t wr_single; /* Flash page program */ - __IO uint32_t wr_dual_i; /* Flash dual input program */ - __IO uint32_t wr_dual_ii; /* Flash dual addr/data program */ - __IO uint32_t wr_quad_i; /* Flash quad input program */ - __IO uint32_t wr_quad_ii; /* Flash quad addr/data program */ - __IO uint32_t wr_enable; /* Flash write enable */ - __IO uint32_t rd_status; /* Flash read status */ - __IO uint32_t ctrlr2; /* Control register 2 */ - __IO uint32_t fbaudr; /* Fast baudrate select */ - __IO uint32_t addr_length; /* Address length */ - __IO uint32_t auto_length; /* Auto address length */ - __IO uint32_t valid_cmd; /* Valid command */ - __IO uint32_t flash_size; /* Flash size */ - __IO uint32_t flush_fifo; /* Flush FIFO */ -} SPIC_TypeDef; - -/* AMEBAZ_ADC */ +/* Analog to Digital Converter */ typedef struct { __IO uint32_t FIFO_READ; /* FIFO read register for channels 0-3 */ __IO uint32_t CONTROL; /* Main ADC control register */ @@ -213,9 +99,132 @@ typedef struct { __IO uint32_t ANAPAR_AD5; /* Analog parameters for channel 5 */ __IO uint32_t CALI_DATA; /* Calibration data register */ } ADC_TypeDef; -/** @} */ -/* AMEBAZ_I2C */ +/* AMEBAZ_BACKUP_REG */ +typedef struct { + __IO uint32_t DWORD[4]; /* 0x138 */ +} BACKUP_REG_TypeDef; + +/* GDMA channel */ +typedef struct { + __IO uint32_t SAR; /* Source Address, 0x000 */ + __O uint32_t RSAR; /* Source Address Read Back, 0x004 */ + __IO uint32_t DAR; /* Destination Address, 0x008 */ + __O uint32_t RDAR; /* Destination Address Read Back, 0x00C */ + __IO uint32_t LLP; /* Linked List Pointer, 0x010 */ + uint32_t RSVD2; + __IO uint32_t CTL_LOW; /* Control Low, 0x018 */ + __IO uint32_t CTL_HIGH; /* Control High, 0x01C */ + __IO uint32_t SSTAT; /* Source Status, 0x020 */ + uint32_t RSVD4; + __IO uint32_t DSTAT; /* Destination Status, 0x028 */ + uint32_t RSVD5; + __IO uint32_t SSTATAR; /* Source Status Address, 0x030 */ + uint32_t RSVD6; + __IO uint32_t DSTATAR; /* Destination Status Address, 0x038 */ + uint32_t RSVD7; + __IO uint32_t CFG_LOW; /* Config Low, 0x040 */ + __IO uint32_t CFG_HIGH; /* Config High, 0x044 */ + __IO uint32_t SGR; /* Source Gather, 0x048 */ + uint32_t RSVD9; + __IO uint32_t DSR; /* Destination Scatter, 0x050 */ + uint32_t RSVD10; /* 0x054 */ +} GDMA_ChannelTypeDef; + +/* General Direct Memory Access (GDMA) */ +typedef struct { + GDMA_ChannelTypeDef CH[8]; /* 8 chs, we only have 5 though :) 0x000-0x2BC */ + __I uint32_t RAW_TFR; /* Raw Transfer Status, 0x2C0 */ + uint32_t RSVD0; + __I uint32_t RAW_BLOCK; /* Raw Block Status, 0x2C8 */ + uint32_t RSVD1; + __I uint32_t RAW_SRC_TRAN; /* Raw Source Trans Status, 0x2D0 */ + uint32_t RSVD2; + __I uint32_t RAW_DST_TRAN; /* Raw Dest Trans Status, 0x2D8 */ + uint32_t RSVD3; + __I uint32_t RAW_ERR; /* Raw Error Status, 0x2E0 */ + uint32_t RSVD4; + __I uint32_t STATUS_TFR; /* Transfer Status, 0x2E8 */ + uint32_t RSVD5; + __I uint32_t STATUS_BLOCK; /* Block Status, 0x2F0 */ + uint32_t RSVD6; + __I uint32_t STATUS_SRC_TRAN; /* Source Trans Status, 0x2F8 */ + uint32_t RSVD7; + __I uint32_t STATUS_DST_TRAN; /* Dest Trans Status, 0x300 */ + uint32_t RSVD8; + __I uint32_t STATUS_ERR; /* Error Status, 0x308 */ + uint32_t RSVD9; + __IO uint32_t MASK_TFR; /* Transfer Mask, 0x310 */ + uint32_t RSVD10; + __IO uint32_t MASK_BLOCK; /* Block Mask, 0x318 */ + uint32_t RSVD11; + __IO uint32_t MASK_SRC_TRAN; /* Source Trans Mask, 0x320 */ + uint32_t RSVD12; + __IO uint32_t MASK_DST_TRAN; /* Dest Trans Mask, 0x328 */ + uint32_t RSVD13; + __IO uint32_t MASK_ERR; /* Error Mask, 0x330 */ + uint32_t RSVD14; + __O uint32_t CLEAR_TFR; /* Transfer Clear, 0x338 */ + uint32_t RSVD15; + __O uint32_t CLEAR_BLOCK; /* Block Clear, 0x340 */ + uint32_t RSVD16; + __O uint32_t CLEAR_SRC_TRAN; /* Source Trans Clear, 0x348 */ + uint32_t RSVD17; + __O uint32_t CLEAR_DST_TRAN; /* Dest Trans Clear, 0x350 */ + uint32_t RSVD18; + __O uint32_t CLEAR_ERR; /* Error Clear, 0x358 */ + uint32_t RSVD19; + __O uint32_t StatusInt; /* Interrupt Status, 0x360 */ + uint32_t RSVD191; + __IO uint32_t ReqSrcReg; /* Source SW Request, 0x368 */ + uint32_t RSVD20; + __IO uint32_t ReqDstReg; /* Dest SW Request, 0x370 */ + uint32_t RSVD21; + __IO uint32_t SglReqSrcReg; /* Single Source Request, 0x378 */ + uint32_t RSVD22; + __IO uint32_t SglReqDstReg; /* Single Dest Request, 0x380 */ + uint32_t RSVD23; + __IO uint32_t LstSrcReg; /* Last Source Request, 0x388 */ + uint32_t RSVD24; + __IO uint32_t LstDstReg; /* Last Dest Request, 0x390 */ + uint32_t RSVD25; + __IO uint32_t DmaCfgReg; /* DMA Config, 0x398 */ + uint32_t RSVD26; + __IO uint32_t ChEnReg; /* Channel Enable, 0x3A0 */ + uint32_t RSVD27; + __I uint32_t DmaIdReg; /* DMA ID, 0x3A8 */ + uint32_t RSVD28; + __IO uint32_t DmaTestReg; /* DMA Test, 0x3B0 */ + uint32_t RSVD29; +} GDMA_TypeDef; + +/* GPIO (General Purpose Input/Output) register definitions */ +typedef struct { + __IO uint32_t DR; /* Data Register */ + __IO uint32_t DDR; /* Direction Register */ + __IO uint32_t CTRL; /* Control Register */ +} GPIO_Port_TypeDef; + +typedef struct { + GPIO_Port_TypeDef PORT[4]; /*GPIO IP have 4 ports */ + __IO uint32_t INT_EN; /* GPIO interrupt enable register */ + __IO uint32_t INT_MASK; /* GPIO interrupt mask register */ + __IO uint32_t INT_TYPE; /* interrupt type(level/edge) register */ + __IO uint32_t INT_POLARITY; /* interrupt polarity(Active low/high) register */ + __IO uint32_t INT_STATUS; /* interrupt status register */ + __IO uint32_t INT_RAWSTATUS; /* interrupt status without mask register */ + __IO uint32_t DEBOUNCE; /* interrupt signal debounce register */ + __IO uint32_t PORTA_EOI; /* clear interrupt register */ + __IO uint32_t EXT_PORT[4]; /* GPIO IN read or OUT read back register */ + __IO uint32_t LSSYNC; /* level-sensitive synchronization enable register */ + __IO uint32_t IDCODE; /* GPIO ID code register */ + __IO uint32_t RSVD2; /* Reserved */ + __IO uint32_t VERIDCODE; /* component Version register */ + __IO uint32_t CONFIG2; /* GPIO configuration Register 2 */ + __IO uint32_t CONFIG1; /* GPIO configuration Register 1 */ +} GPIO_TypeDef; + +/* Inter Integrated Circuit Interface */ typedef struct { __IO uint32_t IC_CON; /* Control register */ __IO uint32_t IC_TAR; /* Target address register */ @@ -287,9 +296,8 @@ typedef struct { __IO uint32_t IC_DATA_S1; /* Slave1 RX/TX data buffer */ __I uint32_t IC_COMP_VERSION; /* Component version ID */ } I2C_TypeDef; -/** @} */ -/* AMEBAZ_I2S */ +/* Inter-Integrated Circuit Sound interface */ typedef struct { __IO uint32_t IS_CTL; /* Main I2S control register */ __IO uint32_t IS_TX_PAGE_PTR; /* TX page pointer */ @@ -304,98 +312,14 @@ typedef struct { __IO uint32_t IS_TX_PAGE_OWN[4]; /* TX page ownership bits */ __IO uint32_t IS_RX_PAGE_OWN[4]; /* RX page ownership bits */ } I2S_TypeDef; -/** @} */ -/* - * AMEBAZ_TIMER Register Declaration - * TIM1 have 6 CCR registers: bit[15:0] is CCR, bit[31:24] is CCMR - * TIM3 have 1 CCR registesr: bit[15:0] is CCR, bit[31:24] is CCMR - * TIM5-8 dont have CCR register - */ -/** - * @brief RTK TIM CCR - */ -typedef struct { - __IO uint16_t CCRx; /*TIM capture/compare register */ - __IO uint8_t RSVD; /*TIM capture/compare rsvd register */ - __IO uint8_t CCMRx; /*TIM capture/compare register */ -} RTIM_CCR_TypeDef; - -/** - * RTK Timer (RTIM) registers - */ -typedef struct { - __IO uint32_t EN; /* Timer enable */ - __IO uint32_t CR; /* Main control settings */ - __IO uint32_t DIER; /* DMA/Interrupt configuration */ - __IO uint32_t SR; /* Status flags */ - __IO uint32_t EGR; /* Event generation control */ - __IO uint32_t CNT; /* Counter value */ - __IO uint32_t PSC; /* Clock prescaler */ - __IO uint32_t ARR; /* Auto-reload value */ - __IO uint32_t CCMRx[6]; /* Capture/Compare modes */ -} RTIM_TypeDef; -/** @} */ - -/* Real-Time Clock (RTC) registers */ -typedef struct { - __IO uint32_t TR; /* Time value */ - __IO uint32_t CR; /* Control settings */ - __IO uint32_t ISR; /* Status and initialization */ - __IO uint32_t PRER; /* Clock prescaler */ - __IO uint32_t CALIBR; /* Calibration settings */ - __IO uint32_t ALMR1; /* Alarm 1 configuration */ - __IO uint32_t ALMR2; /* Alarm 2 configuration */ - __IO uint32_t WPR; /* Write protection */ -} RTC_TypeDef; -/** @} */ - -/* AMEBAZ_PINMUX */ -typedef struct { - __IO uint32_t PADCTR[21]; /*Pad control register */ -} PINMUX_TypeDef; -/** @} */ - -/* AMEBAZ_IPSEC */ +/* Internet Protocol Security (IPsec) */ typedef struct { __IO uint32_t IPSSDAR; /* Source Descriptor Starting Address Register */ __IO uint32_t IPSDDAR; /* Destination Descriptor Starting Address Register */ __IO uint32_t IPSCSR; /* Command/Status Register */ __IO uint32_t IPSCTR; /* Control Register */ } IPSEC_TypeDef; -/** @} */ - -/* AMEBAZ_USOC */ -typedef struct { - __IO uint32_t SIE_CR; /* SIE control */ - __IO uint32_t CLK_RST_CTRL; /* Clock and reset control */ - __IO uint32_t CHANN_CTRL; /* Channel control */ - __IO uint32_t BUFF_SIZE_CTRL; /* TX/RX buffer size control */ - __IO uint32_t TXBD_BAR; /* TX buffer descriptor base address */ - __IO uint32_t RXBD_BAR; /* RX buffer descriptor base address */ - __IO uint32_t RING_SIZE_CTRL; /* Ring size control */ - __IO uint32_t RSVD1; /* Reserved */ - __I uint32_t TXBD_HW_IDX; /* TX hardware index */ - __IO uint32_t TXBD_SW_IDX; /* TX software index */ - __I uint32_t RXBD_HW_IDX; /* RX hardware index */ - __IO uint32_t RXBD_SW_IDX; /* RX software index */ - __IO uint32_t INTR_MASK; /* Interrupt mask */ - __IO uint32_t INTR_CLR; /* Interrupt clear */ - __IO uint32_t INTR_STAT; /* Interrupt status */ - __IO uint32_t RSVD2; /* Reserved */ - __IO uint32_t TX_MIT; /* TX mitigation */ - __IO uint32_t RX_MIT; /* RX mitigation */ - __IO uint32_t RSVD3[2]; /* Reserved */ - __IO uint32_t IOREG_MAR; /* Host device access */ - __IO uint32_t RSVD4[3]; /* Reserved */ - __IO uint32_t TX_MAIN_BUF_CTRL; /* TX main buffer control */ - __IO uint32_t TX_DEST_BUF_CTRL; /* TX destination buffer control */ - __IO uint32_t RX_MAIN_BUF_CTRL; /* RX main buffer control */ - __IO uint32_t RX_SRC_BUF_CTRL; /* RX source buffer control */ - __IO uint32_t TX_STUCK_TIMER; /* TX stuck timer */ - __IO uint32_t RX_STUCK_TIMER; /* RX stuck timer */ - __IO uint32_t QOS_CTRL; /* QoS control */ -} USOC_REG_TypeDef; /** * NCO32k (Numerically Controlled Oscillator) peripheral structure @@ -420,23 +344,174 @@ typedef struct { } NCO32k_TypeDef; /* - * @defgroup AMEBAZ_NCO8M - * @{ - * @brief AMEBAZ_NCO8M Register Declaration - * @note [0]: function enable - * @note [15:1]: expected frequency of nco output clk, unit is 1KHz - * @note [31:16] frequency of nco input clk, unit is 1KHz + * 8MHz NCO Register Declaration + * [0]: function enable + * [15:1]: expected frequency of nco output clk, unit is 1KHz + * [31:16] frequency of nco input clk, unit is 1KHz */ -typedef struct { - __IO uint32_t NCOReg; +typedef union { + __IO uint32_t NCOReg; /* 32-bit access */ } NCO8M_TypeDef; -/** @} */ -/* AMEBAZ_BACKUP_REG */ +/* Peripheral and clock control register definitions */ typedef struct { - __IO uint32_t DWORD[4]; /* 0x138 */ -} BACKUP_REG_TypeDef; -/** @} */ + __IO uint32_t PEON_PWR_CTRL; /* 0x0200 */ + __IO uint32_t PON_ISO_CTRL; /* 0x0204 */ + uint32_t RESERVED0[2]; /* 0x0208-0x020C */ + __IO uint32_t SOC_FUNC_EN; /* 0x0210 */ + __IO uint32_t SOC_HCI_COM_FUNC_EN; /* 0x0214 */ + __IO uint32_t SOC_PERI_FUNC0_EN; /* 0x0218 */ + __IO uint32_t SOC_PERI_FUNC1_EN; /* 0x021C */ + __IO uint32_t SOC_PERI_BD_FUNC0_EN; /* 0x0220 */ + uint32_t RESERVED1[3]; /* 0x0224-0x022C */ + __IO uint32_t PESOC_CLK_CTRL; /* 0x0230 */ + __IO uint32_t PESOC_PERI_CLK_CTRL0; /* 0x0234 */ + __IO uint32_t PESOC_PERI_CLK_CTRL1; /* 0x0238 */ + __IO uint32_t PESOC_CLK_CTRL3; /* 0x023C */ + __IO uint32_t PESOC_HCI_CLK_CTRL0; /* 0x0240 */ + __IO uint32_t PESOC_COM_CLK_CTRL1; /* 0x0244 */ + __IO uint32_t PESOC_HW_ENG_CLK_CTRL; /* 0x0248 */ + uint32_t RESERVED2[1]; /* 0x024C */ + __IO uint32_t PESOC_CLK_SEL; /* 0x0250 */ + uint32_t RESERVED3[6]; /* 0x0254-0x0268 */ + __IO uint32_t UART_NCO_CTRL; /* 0x026C */ + uint32_t RESERVED4[1]; /* 0x0270 */ + __IO uint32_t OSC32K_REG_CTRL0; /* 0x0274 */ + __IO uint32_t OSC32K_REG_CTRL1; /* 0x0278 */ + __IO uint32_t THERMAL_METER_CTRL; /* 0x027C */ + __IO uint32_t GPIO_PINMUX_CTRL[24]; /* 0x0280-0x02DC */ + __IO uint32_t PON_PINMUX_CTRL; /* 0x02E0 */ + uint32_t RESERVED5[6]; /* 0x02E4-0x02F8 */ + __IO uint32_t FW_PPROTECT_KEY_CTRL; /* 0x02FC */ + uint32_t RESERVED6[1]; /* 0x0300 */ + __IO uint32_t PESOC_SOC_CTRL; /* 0x0304 */ +} PERI_ON_TypeDef; + +/* Pin Multiplexing */ +typedef struct { + __IO uint32_t PADCTR[21]; /*Pad control register */ +} PINMUX_TypeDef; + +/* + * AMEBAZ_TIMER Register Declaration + * TIM1 have 6 CCR registers: bit[15:0] is CCR, bit[31:24] is CCMR + * TIM3 have 1 CCR registesr: bit[15:0] is CCR, bit[31:24] is CCMR + * TIM5-8 dont have CCR register + */ + +/* RTK Timer (RTIM) registers */ +typedef struct { + __IO uint32_t EN; /* Timer enable */ + __IO uint32_t CR; /* Main control settings */ + __IO uint32_t DIER; /* DMA/Interrupt configuration */ + __IO uint32_t SR; /* Status flags */ + __IO uint32_t EGR; /* Event generation control */ + __IO uint32_t CNT; /* Counter value */ + __IO uint32_t PSC; /* Clock prescaler */ + __IO uint32_t ARR; /* Auto-reload value */ + __IO uint32_t CCMRx[6]; /* Capture/Compare modes */ +} RTIM_TypeDef; + +/* RTIM TIM CCR */ +typedef struct { + __IO uint16_t CCRx; /* TIM capture/compare register */ + __IO uint8_t RSVD; /* TIM capture/compare rsvd register */ + __IO uint8_t CCMRx; /* TIM capture/compare register */ +} RTIM_CCR_TypeDef; + +/* Real-Time Clock (RTC) registers */ +typedef struct { + __IO uint32_t TR; /* Time value */ + __IO uint32_t CR; /* Control settings */ + __IO uint32_t ISR; /* Status and initialization */ + __IO uint32_t PRER; /* Clock prescaler */ + __IO uint32_t CALIBR; /* Calibration settings */ + __IO uint32_t ALMR1; /* Alarm 1 configuration */ + __IO uint32_t ALMR2; /* Alarm 2 configuration */ + __IO uint32_t WPR; /* Write protection */ +} RTC_TypeDef; + +/* Serial Peripheral Interface (SPI) */ +typedef struct { + __IO uint32_t CTRLR0; /* Control register 0 */ + __IO uint32_t CTRLR1; /* Control register 1 */ + __IO uint32_t SSIENR; /* SSI enable */ + __IO uint32_t MWCR; /* Microwire control */ + __IO uint32_t SER; /* Slave enable */ + __IO uint32_t BAUDR; /* Baud rate select */ + __IO uint32_t TXFTLR; /* TX FIFO threshold level */ + __IO uint32_t RXFTLR; /* RX FIFO threshold level */ + __I uint32_t TXFLR; /* TX FIFO level */ + __I uint32_t RXFLR; /* RX FIFO level */ + __I uint32_t SR; /* Status */ + __IO uint32_t IMR; /* Interrupt mask */ + __I uint32_t ISR; /* Interrupt status */ + __I uint32_t RISR; /* Raw interrupt status */ + __I uint32_t TXOICR; /* TX FIFO overflow interrupt clear */ + __I uint32_t RXOICR; /* RX FIFO overflow interrupt clear */ + __I uint32_t RXUICR; /* RX FIFO underflow interrupt clear */ + __I uint32_t MSTICR; /* Multi-master interrupt clear */ + __I uint32_t ICR; /* Interrupt clear */ + __IO uint32_t DMACR; /* DMA control */ + __IO uint32_t DMATDLR; /* DMA TX data level */ + __IO uint32_t DMARDLR; /* DMA RX data level */ + __I uint32_t IDR; /* Identification */ + __I uint32_t SSI_COMP_VERSION; /* CoreKit version ID */ + __IO uint32_t DR[36]; /* Data register array */ + __IO uint32_t RX_SAMPLE_DLY; /* RX sample delay */ +} SPI_TypeDef; + +/* SPI Flash Controller (SPIC) */ +typedef struct { + __IO uint32_t ctrlr0; /* Control register 0 */ + __IO uint32_t ctrlr1; /* Control register 1 */ + __IO uint32_t ssienr; /* SPI enable */ + __IO uint32_t mwcr; /* Reserved */ + __IO uint32_t ser; /* Slave enable */ + __IO uint32_t baudr; /* Baudrate select */ + __IO uint32_t txftlr; /* TX FIFO threshold level */ + __IO uint32_t rxftlr; /* RX FIFO threshold level */ + __IO uint32_t txflr; /* TX FIFO level */ + __IO uint32_t rxflr; /* RX FIFO level */ + __IO uint32_t sr; /* Status register */ + __IO uint32_t imr; /* Interrupt mask */ + __IO uint32_t isr; /* Interrupt status */ + __IO uint32_t risr; /* Raw interrupt status */ + __IO uint32_t txoicr; /* TX FIFO overflow interrupt clear */ + __IO uint32_t rxoicr; /* RX FIFO overflow interrupt clear */ + __IO uint32_t rxuicr; /* RX FIFO underflow interrupt clear */ + __IO uint32_t msticr; /* Master error interrupt clear */ + __IO uint32_t icr; /* Interrupt clear */ + __IO uint32_t dmacr; /* Reserved */ + __IO uint32_t dmatdlr; /* Reserved */ + __IO uint32_t dmardlr; /* Reserved */ + __IO uint32_t idr; /* Identification register */ + __IO uint32_t spi_flash_version; /* Version ID */ + union { + __IO uint8_t byte; + __IO uint16_t half; + __IO uint32_t word; + } dr[32]; /* Data register array */ + __IO uint32_t rd_fast_single; /* Flash fast read command */ + __IO uint32_t rd_dual_o; /* Flash dual output read */ + __IO uint32_t rd_dual_io; /* Flash dual I/O read */ + __IO uint32_t rd_quad_o; /* Flash quad output read */ + __IO uint32_t rd_quad_io; /* Flash quad I/O read */ + __IO uint32_t wr_single; /* Flash page program */ + __IO uint32_t wr_dual_i; /* Flash dual input program */ + __IO uint32_t wr_dual_ii; /* Flash dual addr/data program */ + __IO uint32_t wr_quad_i; /* Flash quad input program */ + __IO uint32_t wr_quad_ii; /* Flash quad addr/data program */ + __IO uint32_t wr_enable; /* Flash write enable */ + __IO uint32_t rd_status; /* Flash read status */ + __IO uint32_t ctrlr2; /* Control register 2 */ + __IO uint32_t fbaudr; /* Fast baudrate select */ + __IO uint32_t addr_length; /* Address length */ + __IO uint32_t auto_length; /* Auto address length */ + __IO uint32_t valid_cmd; /* Valid command */ + __IO uint32_t flash_size; /* Flash size */ + __IO uint32_t flush_fifo; /* Flush FIFO */ +} SPIC_TypeDef; /* AMEBAZ_CACHE Register Declaration */ typedef struct { @@ -449,7 +524,6 @@ typedef struct { __IO uint32_t SPICC_HIT_LSTW_EVT_CUNT; /* Last-way hit counter */ __IO uint32_t SPICC_RD_PEND_CUNT; /* Pending read counter */ } SPIC_CACHE_TypeDef; -/** @} */ /* Control register definitions for system-level configurations */ typedef struct { @@ -545,73 +619,74 @@ typedef struct { __IO uint32_t SYSTEM_CFG2; /* 0x01F8 */ } SYSTEM_CTRL_TypeDef; -/* Peripheral and clock control register definitions */ +/* Universal asynchronous receiver-transmitter (UART) */ typedef struct { - __IO uint32_t PEON_PWR_CTRL; /* 0x0200 */ - __IO uint32_t PON_ISO_CTRL; /* 0x0204 */ - uint32_t RESERVED0[2]; /* 0x0208-0x020C */ - __IO uint32_t SOC_FUNC_EN; /* 0x0210 */ - __IO uint32_t SOC_HCI_COM_FUNC_EN; /* 0x0214 */ - __IO uint32_t SOC_PERI_FUNC0_EN; /* 0x0218 */ - __IO uint32_t SOC_PERI_FUNC1_EN; /* 0x021C */ - __IO uint32_t SOC_PERI_BD_FUNC0_EN; /* 0x0220 */ - uint32_t RESERVED1[3]; /* 0x0224-0x022C */ - __IO uint32_t PESOC_CLK_CTRL; /* 0x0230 */ - __IO uint32_t PESOC_PERI_CLK_CTRL0; /* 0x0234 */ - __IO uint32_t PESOC_PERI_CLK_CTRL1; /* 0x0238 */ - __IO uint32_t PESOC_CLK_CTRL3; /* 0x023C */ - __IO uint32_t PESOC_HCI_CLK_CTRL0; /* 0x0240 */ - __IO uint32_t PESOC_COM_CLK_CTRL1; /* 0x0244 */ - __IO uint32_t PESOC_HW_ENG_CLK_CTRL; /* 0x0248 */ - uint32_t RESERVED2[1]; /* 0x024C */ - __IO uint32_t PESOC_CLK_SEL; /* 0x0250 */ - uint32_t RESERVED3[6]; /* 0x0254-0x0268 */ - __IO uint32_t UART_NCO_CTRL; /* 0x026C */ - uint32_t RESERVED4[1]; /* 0x0270 */ - __IO uint32_t OSC32K_REG_CTRL0; /* 0x0274 */ - __IO uint32_t OSC32K_REG_CTRL1; /* 0x0278 */ - __IO uint32_t THERMAL_METER_CTRL; /* 0x027C */ - __IO uint32_t GPIO_PINMUX_CTRL[24]; /* 0x0280-0x02DC */ - __IO uint32_t PON_PINMUX_CTRL; /* 0x02E0 */ - uint32_t RESERVED5[6]; /* 0x02E4-0x02F8 */ - __IO uint32_t FW_PPROTECT_KEY_CTRL; /* 0x02FC */ - uint32_t RESERVED6[1]; /* 0x0300 */ - __IO uint32_t PESOC_SOC_CTRL; /* 0x0304 */ -} PERI_ON_TypeDef; + __IO uint32_t DLL; /* Divisor Latch (unused in Amebaz) */ + __IO uint32_t DLH_INTCR; /* Interrupt Enable */ + __IO uint32_t INTID; /* Interrupt Identification */ + __IO uint32_t LCR; /* Line Control */ + __IO uint32_t MCR; /* Modem Control */ + __I uint32_t LSR; /* Line Status */ + __I uint32_t MDSR; /* Modem Status */ + __IO uint32_t SPR; /* Scratch Pad */ + __IO uint32_t STSR; /* STS Register */ + __IO uint32_t RB_THR; /* Receive Buffer/Transmit Holding */ + __IO uint32_t MISCR; /* Misc Control */ + __IO uint32_t TXPLSR; /* IrDA TX Pulse Width Control */ -/* GPIO (General Purpose Input/Output) register definitions */ -typedef struct { - __IO uint32_t DR; /* Data Register */ - __IO uint32_t DDR; /* Direction Register */ - __IO uint32_t CTRL; /* Control Register */ -} GPIO_Port_TypeDef; + __IO uint32_t RXPLSR; /* IrDA RX Pulse Width Control */ + __IO uint32_t BAUDMONR; /* Baud Monitor */ + __IO uint32_t RSVD2; /* Reserved */ + __IO uint32_t DBG_UART; /* Debug */ + /* Power save features */ + __IO uint32_t RX_PATH; /* RX Path Control */ + __IO uint32_t MON_BAUD_CTRL; /* Monitor Baud Rate Control */ + __IO uint32_t MON_BAUD_STS; /* Monitor Baud Rate Status */ + __IO uint32_t MON_CYC_NUM; /* Monitor Cycle Number */ + __IO uint32_t RX_BYTE_CNT; /* RX Byte Counter */ + + __IO uint32_t FCR; /* FIFO Control */ +} UART_TypeDef; + +/* USB System-on-Chip (USOC) */ typedef struct { - GPIO_Port_TypeDef PORT[4]; /*GPIO IP have 4 ports */ - __IO uint32_t INT_EN; /* GPIO interrupt enable register */ - __IO uint32_t INT_MASK; /* GPIO interrupt mask register */ - __IO uint32_t INT_TYPE; /* interrupt type(level/edge) register */ - __IO uint32_t INT_POLARITY; /* interrupt polarity(Active low/high) register */ - __IO uint32_t INT_STATUS; /* interrupt status register */ - __IO uint32_t INT_RAWSTATUS; /* interrupt status without mask register */ - __IO uint32_t DEBOUNCE; /* interrupt signal debounce register */ - __IO uint32_t PORTA_EOI; /* clear interrupt register */ - __IO uint32_t EXT_PORT[4]; /* GPIO IN read or OUT read back register */ - __IO uint32_t LSSYNC; /* level-sensitive synchronization enable register */ - __IO uint32_t IDCODE; /* GPIO ID code register */ - __IO uint32_t RSVD2; /* Reserved */ - __IO uint32_t VERIDCODE; /* component Version register */ - __IO uint32_t CONFIG2; /* GPIO configuration Register 2 */ - __IO uint32_t CONFIG1; /* GPIO configuration Register 1 */ -} GPIO_TypeDef; + __IO uint32_t SIE_CR; /* SIE control */ + __IO uint32_t CLK_RST_CTRL; /* Clock and reset control */ + __IO uint32_t CHANN_CTRL; /* Channel control */ + __IO uint32_t BUFF_SIZE_CTRL; /* TX/RX buffer size control */ + __IO uint32_t TXBD_BAR; /* TX buffer descriptor base address */ + __IO uint32_t RXBD_BAR; /* RX buffer descriptor base address */ + __IO uint32_t RING_SIZE_CTRL; /* Ring size control */ + __IO uint32_t RSVD1; /* Reserved */ + __I uint32_t TXBD_HW_IDX; /* TX hardware index */ + __IO uint32_t TXBD_SW_IDX; /* TX software index */ + __I uint32_t RXBD_HW_IDX; /* RX hardware index */ + __IO uint32_t RXBD_SW_IDX; /* RX software index */ + __IO uint32_t INTR_MASK; /* Interrupt mask */ + __IO uint32_t INTR_CLR; /* Interrupt clear */ + __IO uint32_t INTR_STAT; /* Interrupt status */ + __IO uint32_t RSVD2; /* Reserved */ + __IO uint32_t TX_MIT; /* TX mitigation */ + __IO uint32_t RX_MIT; /* RX mitigation */ + __IO uint32_t RSVD3[2]; /* Reserved */ + __IO uint32_t IOREG_MAR; /* Host device access */ + __IO uint32_t RSVD4[3]; /* Reserved */ + __IO uint32_t TX_MAIN_BUF_CTRL; /* TX main buffer control */ + __IO uint32_t TX_DEST_BUF_CTRL; /* TX destination buffer control */ + __IO uint32_t RX_MAIN_BUF_CTRL; /* RX main buffer control */ + __IO uint32_t RX_SRC_BUF_CTRL; /* RX source buffer control */ + __IO uint32_t TX_STUCK_TIMER; /* TX stuck timer */ + __IO uint32_t RX_STUCK_TIMER; /* RX stuck timer */ + __IO uint32_t QOS_CTRL; /* QoS control */ +} USOC_REG_TypeDef; /* Peripheral memory map */ +#define SPI_FLASH_BASE 0x08000000 + #define SYSTEM_CTRL_BASE 0x40000000 #define PERI_ON_BASE (SYSTEM_CTRL_BASE + 0x200) -#define VENDOR_REG_BASE 0x40002800 -#define SPI_FLASH_BASE 0x08000000 - #define NCO1_REG_BASE 0x40000080 #define BACKUP_REG_BASE 0x40000138 #define NCO2_REG_BASE 0x4000026C @@ -619,6 +694,7 @@ typedef struct { #define GPIO_REG_BASE 0x40001000 #define TIMER_REG_BASE 0x40002000 +#define VENDOR_REG_BASE 0x40002800 #define LOG_UART_REG_BASE 0x40003000 #define RTC_BASE 0x40003400 #define SPIC_CACHE_BASE 0x40003C00 @@ -639,7 +715,6 @@ typedef struct { #define WIFI_REG_BASE 0x40080000 #define SIE_REG_BASE 0x400C0000 #define USOC_REG_BASE 0x400C2000 -#define GDMA1_REG_OFF 0x1000 #define TIM0_BASE (TIMER_REG_BASE) #define TIM1_BASE (TIMER_REG_BASE + 0x040) @@ -649,6 +724,12 @@ typedef struct { #define TIM5_BASE (TIMER_REG_BASE + 0x140) /* Peripheral declaration */ +// TODO: ida :) +// VENDOR_REG (base: 0x40002800) +// SDIO_DEVICE_REG (base: 0x40050000) +// WIFI_REG (base: 0x40080000) +// SIE_REG (base: 0x400C0000) + #define SYSTEM_CTRL ((SYSTEM_CTRL_TypeDef *)SYSTEM_CTRL_BASE) #define PERI_ON ((PERI_ON_TypeDef *)PERI_ON_BASE) @@ -661,6 +742,8 @@ typedef struct { #define ADC ((ADC_TypeDef *)ADC_REG_BASE) #define I2C0 ((I2C_TypeDef *)I2C0_REG_BASE) #define I2C1 ((I2C_TypeDef *)I2C1_REG_BASE) +#define GDMA0 ((GDMA_TypeDef *)GDMA0_REG_BASE) +#define GDMA1 ((GDMA_TypeDef *)GDMA1_REG_BASE) #define I2S ((I2S_TypeDef *)I2S0_REG_BASE) #define TIM0 ((RTIM_TypeDef *)TIM0_BASE) #define TIM1 ((RTIM_TypeDef *)TIM1_BASE)