Serial Wire Debugging the STM32 via the Bus Pirate

2 October 2010

So 10 days ago I saw a post on Dangerous Prototypes mentioning the new STM32 Discovery board. Needless to say, I had impulse-bought a couple from Digi-Key within minutes. Unfortunately, I didn’t bother doing much research at that point, so I was unaware that the ST-Link has no Linux support until they arrived and I went to go program one. I could have just rebooted into Windows, but that seemed like admitting defeat, and I don’t really like IDEs anyway. Serendipitously, I had been reading about the Serial Wire Debug protocol for the past couple of days, and it seemed like a pretty nice little protocol, so I wondered if perhaps I could get that working.

Step 1 - The Bus Pirate

Given that I own a Bus Pirate, it seemed like the natural tool for implementing a new protocol that I had just read about. I had never used it before or even indeed verified that it worked, but I’ll spare you a long recounting of how I spent several days fighting with it, and just note that a tedious firmware upgrade process is ESSENTIAL if you bought a Bus Pirate from Sparkfun. Once that was fixed, it was a breeze setting up some basic serial communications with the Bus Pirate using the binary raw-wire mode from a Python script, although as mentioned in a previous post, the timings are slightly off compared to what one might naively expect.

Step 2 - Debug Port Communications

So given the ability to send and receive bits and bytes via the Bus Pirate, Debug Port communications were relatively straightforward. It’s important to pay attention to the fact that register numbers and data are all sent LSB-first down the wire, but otherwise it’s a nice, simple protocol.

Step 3 - Access Port Communications

So next I turned to the Cortex-M3 AHB Access Port, which would allow me to start manipulating the chip proper. I’ll again spare you several days of agonizing debugging, and just point out that when you clear the xPWRUPREQ bits, the associated features will power down. In hindsight, that makes a lot of sense. The general operation of the AHB-AP is pretty simple. Set the Control/Status Word to auto-increment if you want that feature, write the desired address into the Transfer Address Register, and manipulate the contents of the Data Read/Write register to your heart’s desire. At this point I was able to scan over the chip’s memory and make a dump of its contents, so I went ahead and made a copy of the current program in flash, just to be safe. This turned out to be very useful indeed.

Step 4 - Processor State

I knew that programming the flash would probably be tricky and possibly require the core to be halted, so I took some time at this point to do some little helper functions for state manipulation. Halting, unhalting, and restarting the processor are all pretty easy, simply involving writing some magic numbers to magic memory locations.

Step 5 - Programming the Flash

This stumped me for a while until I found the STM32 Flash Programming manual. After that it took some fiddling, but ultimately worked out pretty nicely. The process involves writing a sequence of keys to an unlock register before the control register can be written, then using the control register to erase the whole memory (in theory I could do it page-by-page, but that seemed harder and wasn’t necessary). Then the programming process consists of setting the FLASH_CR_PRG bit to indicate that programming is incoming, setting the AHB-AP to do writes in 16-bit packed mode, and writing the program data to memory starting at 0x08000000.

Step 6 - Optimizing

When I started this step, the script took 11 seconds to program a 3k firmware to the chip. When I finished, it took 1.5 seconds, and a good portion of that is required to avoid overflowing the write buffer (at least I think that’s the reason it errors if I try to decrease the interval between successive words). Those reads are very costly, so the optimizing essentially was just finding clever ways to avoid reading data from the Bus Pirate whenever possible, and only doing it in big blocks when required.

Conclusion

And that was it, modulo some issues with .bin file endianness and me having some trouble getting a decent firmware to compile properly. The code for the programming script, along with some precompiled firmwares which blink the blue LED at different rates, can be grabbed off GitHub, although there is currently no error recovery whatsoever, and only the most basic error detection.

Serial Wire Debugging the STM32 via the Bus Pirate的更多相关文章

  1. Introduction to Cortex Serial Wire Debugging

    Serial Wire Debug (SWD) provides a debug port for severely pin limited packages, often the case for ...

  2. Serial Wire Viewer (SWV)

    Being able to display values for counters, sensors and other debugging information is an important p ...

  3. Programming Internal Flash Over the Serial Wire Debug <SWD> Interface -- EFM32

    1 Debug Interface Overview 1.1 Serial Wire Debug Serial Wire Debug (SWD) is a two-wire protocol for ...

  4. Implementation of Serial Wire JTAG flash programming in ARM Cortex M3 Processors

    Implementation of Serial Wire JTAG flash programming in ARM Cortex M3 Processors The goal of the pro ...

  5. Serial Wire Debug (SWD) Interface -- PSoc5

    PSoC 5 supports programming through the serial wire debug (SWD) interface. There are two signals in ...

  6. SW-DP (Serial Wire Debug Port) Analyzer plugin for the Saleae Logic

    SW-DP (Serial Wire Debug Port) Analyzer plugin for the Saleae Logic The SW-DP protocol is described ...

  7. 各种版本的ST-LINK仿真器

    1.ST官方正式出版了两种仿真器:ST-LINK.ST-LINK/V2,其他型号(ST-LINK II,ST-LINK III,…)要么是国内公司生产,要么是开发板自带的:2.在ST官网ST-LINK ...

  8. KL46 custom board SWD reset is never asserted - SWS Waveform

    KL46 custom board SWD reset is never asserted Hi everybody, I'm trying to program a custom board bas ...

  9. windows下STM32开发环境的搭建

    一.概述 1.说明 笔者已经写了一篇Linux下STM32开发环境的搭建 ,这两篇文章的最区别在于开发环境所处的系统平台不一样,而其实这个区别对于开发环境的搭建其实影响不大,制作局部上的操作上发生了改 ...

随机推荐

  1. Javascript - Vue - 请求

    本地增删查的一个例子 <div id="box">    <div class="panel panel-primary">       ...

  2. Kth Smallest Number in Sorted Matrix

    Find the kth smallest number in at row and column sorted matrix. Example Given k = 4 and a matrix: [ ...

  3. iptables-25个常用用法【转】

    本文介绍25个常用的iptables用法.如果你对iptables还不甚了解,可以参考上一篇iptables详细教程:基础.架构.清空规则.追加规则.应用实例,看完这篇文章,你就能明白iptables ...

  4. mysql及linux发行版下载源

    MySQL国内镜像资源 搜狐开源镜像站:http://mirrors.sohu.com/ 国内开源镜像站点汇总 http://segmentfault.com/a/1190000000375848   ...

  5. vs2017 Remote Debugger远程调试目录

    默认目录:C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\Remote Debugger

  6. Batch Normalization 与 Caffe中的 相关layer

    在机器学习领域,通常假设训练数据与测试数据是同分布的,BatchNorm的作用就是深度神经网络训练过程中, 使得每层神经网络的输入保持同分布. 原因:随着深度神经网络层数的增加,训练越来越困难,收敛越 ...

  7. 在centos中修改yum源为阿里源

    cd /etc/yum.repos.d 备份旧的配置文件:mv CentOS-Base.repo CentOS-Base.repo.bak 下载阿里源的文件: wget -O CentOS-Base. ...

  8. PHP 利用redis 做统计缓存mysql的压力

    <?php header("Content-Type:text/html;charset=utf-8"); include 'lib/mysql.class.php'; $m ...

  9. spark sql中将数据保存成parquet,json格式

    val df = sqlContext.load("/opt/modules/spark1.3.1/examples/src/main/resources/people.json" ...

  10. PHP中使用OpenSSL生成RSA公钥私钥及进行加密解密示例(非对称加密)

    php服务端与客户端交互.提供开放api时,通常需要对敏感的部分api数据传输进行数据加密,这时候rsa非对称加密就能派上用处了,下面通过一个例子来说明如何用php来实现数据的加密解密 先了解一下关于 ...