+ }
+/*
+ else if (ret != size)
+ printf("read_data: read only %d of %d bytes\n", ret, size);
+*/
+ return ret;
+}
+
+static int read_info(struct usb_dev_handle *device, u8 ctl_id, dev_info_t *info)
+{
+ dev_cmd_t cmd;
+ int ret;
+
+ prepare_cmd(&cmd, CMD_ATM_READY);
+ cmd.dev_info.which_device = ctl_id;
+ memset(info, 0, sizeof(*info));
+
+ ret = write_cmd(device, &cmd);
+ if (ret < 0)
+ return ret;
+
+ ret = read_data(device, info, sizeof(*info));
+ if (ret < 0)
+ return ret;
+
+ return 0;
+}
+
+static void printf_info(dev_info_t *info)
+{
+ printf(" firmware version: %X.%X.%X%c\n", info->firmware_ver[0],
+ info->firmware_ver[1], info->firmware_ver[2], info->firmware_ver[3]);
+ printf(" bootloader version: %X.%X.%X%c\n", info->bootloader_ver[0],
+ info->bootloader_ver[1], info->bootloader_ver[2], info->bootloader_ver[3]);
+ info->names[sizeof(info->names) - 1] = 0;
+ printf(" device name: %s\n", info->names);
+}
+
+static void print_progress(u32 done, u32 total)
+{
+ int i, step;
+
+ printf("\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b");
+ printf("\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"); /* 20 */
+ printf("\b\b\b\b\b\b");
+ printf("%06x/%06x |", done, total);
+
+ step = total / 20;
+ for (i = step; i <= total; i += step)
+ printf("%c", done >= i ? '=' : '-');
+ printf("| %3d%%", done * 100 / total);
+ fflush(stdout);
+}
+
+static int read_filename(struct usb_dev_handle *dev, char *dst, int len, u8 which)
+{
+ char buff[65];
+ dev_cmd_t cmd;
+ int ret;
+
+ prepare_cmd(&cmd, CMD_SEC_GET_NAME);
+ cmd.filename.which = which;
+ memset(buff, 0, sizeof(buff));
+
+ ret = write_cmd(dev, &cmd);
+ if (ret < 0)
+ return ret;
+
+ ret = read_data(dev, buff, 64);
+ if (ret < 0)
+ return ret;
+
+ strncpy(dst, buff, len);
+ dst[len - 1] = 0;
+
+ return 0;
+}
+
+static int write_filename(struct usb_dev_handle *dev, const char *fname, u8 which)
+{
+ dev_cmd_t cmd;
+ char buff[64];
+ int ret, len;
+
+ len = strlen(fname);
+ if (len > 63)
+ len = 63;
+ strncpy(buff, fname, len);
+ buff[len] = 0;
+
+ prepare_cmd(&cmd, CMD_SEC_PUT_NAME);
+ cmd.filename.which = which;
+
+ ret = write_cmd(dev, &cmd);
+ if (ret < 0)
+ return ret;
+
+ return write_data(dev, buff, len + 1);
+}
+
+static int read_erase_counter(struct usb_dev_handle *dev, u32 *val)
+{
+ dev_info_t dummy_info;
+ dev_cmd_t cmd;
+ u8 buff[4];
+ int ret;
+
+ /* must perform dummy info read here,
+ * or else device hangs after close (firmware bug?) */
+ ret = read_info(dev, CTL_DATA_BUS, &dummy_info);
+ if (ret < 0)
+ return ret;
+
+ prepare_cmd(&cmd, CMD_ATM_READY);
+ cmd.write_cnt.cmd = W_COUNTER;
+ cmd.write_cnt.action = W_CNT_READ;
+
+ ret = write_cmd(dev, &cmd);
+ if (ret < 0)
+ return ret;
+
+ ret = read_data(dev, buff, sizeof(buff));
+ if (ret < 0)
+ return ret;
+
+ *val = *(u32 *)buff;
+ return 0;
+}
+
+static int read_flash_rom_id(struct usb_dev_handle *dev, int is_second, u32 *val)
+{
+ dev_cmd_t cmd;
+ u8 buff[2];
+ int ret;
+
+ prepare_cmd(&cmd, CMD_SEC_DEVID);
+ cmd.rom_id.which = is_second ? 0x10 : 0;
+ cmd.rom_id.dev_id = 0;
+
+ ret = write_cmd(dev, &cmd);
+ if (ret < 0)
+ return ret;
+
+ ret = read_data(dev, buff, sizeof(buff));
+ if (ret < 0)
+ return ret;
+
+ *val = *(u16 *)buff << 16;
+
+ cmd.rom_id.dev_id = 1;
+ ret = write_cmd(dev, &cmd);
+ if (ret < 0)
+ return ret;
+
+ ret = read_data(dev, buff, sizeof(buff));
+ if (ret < 0)
+ return ret;
+
+ *val |= *(u16 *)buff;
+ return 0;
+}
+
+static const page_table_t *get_page_table(u32 rom_id)
+{
+ switch (rom_id) {
+ case 0x0100F922:
+ return p_AM29LV320DB;
+ case 0x0100F422:
+ return p_AM29LV320DT;
+ case 0x01004922:
+ case 0xC2004922:
+ return p_2x_16;
+ default:
+ fprintf(stderr, "unrecognized ROM id: %08x\n", rom_id);
+ }
+
+ return NULL;
+}
+
+static int get_page_size(const page_table_t *table, u32 addr, u32 *size)
+{
+ const page_table_t *t;
+
+ for (t = table; t->end_addr != 0; t++) {
+ if (addr >= t->start_addr && addr <= t->end_addr) {
+ *size = t->page_size;
+ return 0;
+ }
+ }
+
+ if (addr == t[-1].end_addr + 1)
+ return 1; /* no more */
+
+ fprintf(stderr, "get_page_size: failed on addr %06x\n", addr);
+ return -1;
+}
+
+static int set_ram_mode(struct usb_dev_handle *dev, u8 mode)
+{
+ dev_cmd_t cmd;
+ u8 buff[2];
+ int ret;
+
+ prepare_cmd(&cmd, CMD_SEC_COMPAT);
+ cmd.write_flag = 1;
+ cmd.mode.which = mode;
+
+ ret = write_cmd(dev, &cmd);
+ if (ret < 0)
+ goto end;
+
+ ret = read_data(dev, buff, sizeof(buff));
+
+end:
+ if (ret < 0)
+ fprintf(stderr, "warning: failed to set RAM mode\n");
+ return ret;
+}
+
+/* limitations:
+ * - bytes must be multiple of 64
+ * - bytes must be less than 16k
+ * - must perform even number of reads, or dev hangs on exit (firmware bug?) */
+static int rw_dev_block(struct usb_dev_handle *dev, u32 addr, void *buffer, int bytes, int mx_cmd)
+{
+ dev_cmd_t cmd;
+ int ret;
+
+ prepare_cmd(&cmd, mx_cmd);
+ if (mx_cmd == CMD_SEC_WRITE || mx_cmd == CMD_SEC_RAM_WRITE)
+ cmd.write_flag = 1;
+ cmd.rom_rw.addrb2 = addr >> (16 + 1);
+ cmd.rom_rw.addrb1 = addr >> (8 + 1);
+ cmd.rom_rw.addrb0 = addr >> 1;
+ cmd.rom_rw.param = bytes / 64;
+ if (mx_cmd == CMD_SEC_WRITE || mx_cmd == CMD_SEC_RAM_WRITE)
+ cmd.rom_rw.param2 = 1; /* ? */
+
+ ret = write_cmd(dev, &cmd);
+ if (ret < 0)
+ return ret;
+
+ bytes &= ~63;
+
+ if (mx_cmd == CMD_SEC_WRITE || mx_cmd == CMD_SEC_RAM_WRITE)
+ ret = write_data(dev, buffer, bytes);
+ else
+ ret = read_data(dev, buffer, bytes);
+ if (ret < 0)
+ return ret;
+
+ if (ret != bytes)
+ fprintf(stderr, "rw_dev_block warning: done only %d/%d bytes\n", ret, bytes);
+
+ return ret;
+}
+
+static int read_write_rom(struct usb_dev_handle *dev, u32 addr, void *buffer, int bytes, int is_write)
+{
+ int mx_cmd = is_write ? CMD_SEC_WRITE : CMD_SEC_READ;
+ int total_bytes = bytes;
+ u8 *buff = buffer;
+ u8 dummy[64 * 4];
+ int count, ret;
+
+ if (addr & 1)
+ fprintf(stderr, "read_write_rom: can't handle odd address %06x, "
+ "LSb will be ignored\n", addr);
+ if (bytes & 63)
+ fprintf(stderr, "read_write_rom: byte count must be multiple of 64, "
+ "last %d bytes will not be handled\n", bytes & 63);
+
+ set_ram_mode(dev, C_RAM_TMP_OFF);
+
+ printf("%s flash ROM...\n", is_write ? "writing to" : "reading");
+
+ /* do i/o in blocks */
+ for (count = 0; bytes >= IO_BLK_SIZE; count++) {
+ print_progress(buff - (u8 *)buffer, total_bytes);
+
+ ret = rw_dev_block(dev, addr, buff, IO_BLK_SIZE, mx_cmd);
+ if (ret < 0)
+ return ret;
+ buff += IO_BLK_SIZE;
+ addr += IO_BLK_SIZE;
+ bytes -= IO_BLK_SIZE;
+ }
+ print_progress(buff - (u8 *)buffer, total_bytes);
+
+ ret = 0;
+ if (bytes != 0) {
+ ret = rw_dev_block(dev, addr, buff, bytes, mx_cmd);
+ count++;
+ print_progress(total_bytes, total_bytes);
+ }
+
+ if (count & 1)
+ /* work around rw_dev_block() limitation 3 (works for reads only?) */
+ rw_dev_block(dev, 0, dummy, sizeof(dummy), 0);
+
+ printf("\n");
+ return ret;
+}
+
+static int read_write_ram(struct usb_dev_handle *dev, void *buffer, int bytes, int is_write)
+{
+ int mx_cmd = is_write ? CMD_SEC_RAM_WRITE : CMD_SEC_READ;
+ int total_bytes = bytes;
+ u8 *buff = buffer;
+ u32 addr = 0x200000;
+ int i, ret = 0;
+
+ if (bytes % IO_RAM_BLK_SIZE)
+ fprintf(stderr, "read_write_ram: byte count must be multiple of %d, "
+ "last %d bytes will not be handled\n", IO_RAM_BLK_SIZE,
+ bytes % IO_RAM_BLK_SIZE);
+
+ set_ram_mode(dev, C_RAM_TMP_ON);
+
+ printf("%s RAM...\n", is_write ? "writing to" : "reading");
+
+ /* do i/o in blocks */
+ while (bytes >= IO_RAM_BLK_SIZE) {
+ print_progress(buff - (u8 *)buffer, total_bytes);
+
+ ret = rw_dev_block(dev, addr, buff, IO_RAM_BLK_SIZE, mx_cmd);
+ if (ret < 0)
+ return ret;
+ buff += IO_RAM_BLK_SIZE;
+ addr += IO_RAM_BLK_SIZE;
+ bytes -= IO_RAM_BLK_SIZE;
+ }
+ print_progress(buff - (u8 *)buffer, total_bytes);
+
+ /* only D0-D7 connected.. */
+ for (i = 0; i < total_bytes; i += 2)
+ ((u8 *)buffer)[i] = 0;
+
+ printf("\n");
+ return ret;
+
+}
+
+static int increment_erase_cnt(struct usb_dev_handle *dev)
+{
+ dev_cmd_t cmd;
+ u8 buff[4];
+ u32 cnt;
+ int ret;
+
+ ret = read_erase_counter(dev, &cnt);
+ if (ret != 0)
+ return ret;
+
+ if (cnt == (u32)-1) {
+ fprintf(stderr, "flash erase counter maxed out!\n");
+ fprintf(stderr, "(wow, did you really erase so many times?)\n");
+ return -1;
+ }
+
+ cnt++;
+
+ prepare_cmd(&cmd, CMD_ATM_READY);
+ cmd.write_cnt.cmd = W_COUNTER;
+ cmd.write_cnt.action = W_CNT_WRITE;
+ cmd.write_cnt.b3 = cnt >> 24;
+ cmd.write_cnt.b2 = cnt >> 16;
+ cmd.write_cnt.b1 = cnt >> 8;
+ cmd.write_cnt.b0 = cnt;
+
+ ret = write_cmd(dev, &cmd);
+ if (ret < 0)
+ return ret;
+
+ ret = read_data(dev, buff, sizeof(buff));
+ if (ret < 0)
+ return ret;
+
+ return cnt;
+}
+
+static int erase_page(struct usb_dev_handle *dev, u32 addr, int whole)
+{
+ dev_cmd_t cmd;
+ u8 buff[5];
+ int i, ret;
+
+ prepare_cmd(&cmd, CMD_SEC_ERASE);
+ cmd.write_flag = 1;
+ cmd.rom_rw.addrb2 = addr >> (16 + 1);
+ cmd.rom_rw.addrb1 = addr >> (8 + 1);
+ cmd.rom_rw.addrb0 = addr >> 1;
+ cmd.rom_rw.param = whole ? 0x10 : 0;
+
+ ret = write_cmd(dev, &cmd);
+ if (ret < 0)
+ return ret;
+
+ ret = read_data(dev, buff, sizeof(buff));
+ if (ret < 0)
+ return ret;
+
+ prepare_cmd(&cmd, CMD_SEC_READY);
+ cmd.rom_rw.addrb2 = addr >> (16 + 1);
+ cmd.rom_rw.addrb1 = addr >> (8 + 1);
+ cmd.rom_rw.addrb0 = addr >> 1;
+
+ for (i = 0; i < 100; i++) {
+ ret = write_cmd(dev, &cmd);
+ if (ret < 0)
+ return ret;
+
+ ret = read_data(dev, buff, sizeof(buff));
+ if (ret < 0)
+ return ret;
+
+ if (ret > 4 && buff[4] == 1)
+ break;
+
+ usleep((whole ? 600 : 20) * 1000);
+ }
+
+ if (i == 100) {
+ fprintf(stderr, "\ntimeout waiting for erase to complete\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+static int erase_seq(struct usb_dev_handle *dev, u32 size)
+{
+ const page_table_t *table;
+ u32 addr, page_size = 0;
+ u32 rom0_id, rom1_id;
+ int count, ret;
+
+ ret = read_flash_rom_id(dev, 0, &rom0_id);
+ if (ret < 0)
+ return ret;
+
+ ret = read_flash_rom_id(dev, 1, &rom1_id);
+ if (ret < 0)
+ return ret;
+
+ if (rom0_id != rom1_id)
+ fprintf(stderr, "Warning: flash ROM ids differ: %08x %08x\n",
+ rom0_id, rom1_id);
+
+ table = get_page_table(rom0_id);
+ if (table == NULL)
+ return -1;
+
+ ret = increment_erase_cnt(dev);
+ if (ret < 0)
+ fprintf(stderr, "warning: coun't increase erase counter\n");
+
+ printf("erasing flash... (erase count=%u)\n", ret);
+
+ for (addr = 0, count = 0; addr < size; addr += page_size, count++) {
+ print_progress(addr, size);
+
+ ret = erase_page(dev, addr, 0);
+ if (ret < 0)
+ return ret;
+
+ ret = get_page_size(table, addr, &page_size);
+ if (ret != 0)
+ break;
+ }
+
+ if (count & 1)
+ /* ??? */
+ /* must submit even number of erase commands (fw bug?) */
+ erase_page(dev, 0, 0);
+
+ print_progress(addr, size);
+ printf("\n");
+
+ return ret;
+}
+
+static int erase_all(struct usb_dev_handle *dev, u32 size)
+{
+ int ret;
+
+ ret = increment_erase_cnt(dev);
+ if (ret < 0)
+ fprintf(stderr, "warning: couldn't increase erase counter\n");
+
+ printf("erasing flash0, count=%u ...", ret);
+ fflush(stdout);
+
+ ret = erase_page(dev, 0xaaa, 1);
+ if (ret != 0)
+ return ret;
+
+ if (size > 0x200000) {
+ printf(" done.\n");
+ printf("erasing flash1...");
+ fflush(stdout);
+
+ ret = erase_page(dev, 0x200aaa, 1);
+ }