SIMtrace Firmware » History » Version 25
laforge, 02/21/2016 11:26 AM
1 | 1 | laforge | |
---|---|---|---|
2 | 22 | laforge | h1. SIMtrace Firmware |
3 | |||
4 | |||
5 | The Firmware for the AT91SAM7S device was written by reusing a lot of the code for the "OpenPCD":http://www.openpcd.org/ |
||
6 | 1 | laforge | RFID reader. |
7 | 21 | laforge | |
8 | 23 | laforge | There is a simtrace Makefile target in the @git://git.osmocom.org/openpcd.git@ repository containing the latest firmware code. |
9 | 1 | laforge | |
10 | 22 | laforge | Eventually, the OS part of [[OpenPCD]]/OpenPICC/SIMtrace will be separated. At that point, the firmware source can become |
11 | 1 | laforge | part of simtrace.git |
12 | |||
13 | 4 | laforge | |
14 | 22 | laforge | h2. Building the firmware |
15 | 4 | laforge | |
16 | 22 | laforge | |
17 | 25 | laforge | Precondition: You need to set your PATH in a way that contains an arm-elf [[osmocombb:toolchain]], i.e. the same way that you build [[OsmocomBB:]]. |
18 | 22 | laforge | |
19 | <pre> |
||
20 | 1 | laforge | git clone git://git.osmocom.org/openpcd.git |
21 | cd openpcd/firmware |
||
22 | make -f Makefile.dfu BOARD=SIMTRACE |
||
23 | make BOARD=SIMTRACE DEBUG=1 TARGET=main_simtrace |
||
24 | 4 | laforge | cat dfu.bin main_simtrace.bin > main_simtrace.samba |
25 | 1 | laforge | cd ../.. |
26 | 22 | laforge | </pre> |
27 | 1 | laforge | |
28 | |||
29 | 22 | laforge | h3. Firmware parts |
30 | |||
31 | |||
32 | 1 | laforge | The firmware build process creates two images: |
33 | 22 | laforge | * dfu.bin -- the sam7dfu 2nd level bootloader. It implements the USB DFU (Device Firmware Upgrade) profile. |
34 | * main_simtrace.bin -- the actual simtrace program. To be loaded via DFU, using "dfu-util":http://dfu-util.gnumonks.org/. |
||
35 | * main_simtrace.samba -- "sam7dfu":http://www.openpcd.org/Sam7dfu + simtrace image. to be loaded via SAM-BA, using sam7utils (see below). |
||
36 | 16 | tsaitgaist | |
37 | 1 | laforge | |
38 | 22 | laforge | h2. Flashing the firmware |
39 | |||
40 | |||
41 | 1 | laforge | There are two ways to flash the firmware: |
42 | 22 | laforge | * DFU: over USB and simple. |
43 | * SAM-BA: for AT91SAM7S without DFU installed, or when DFU fails. |
||
44 | 1 | laforge | |
45 | 16 | tsaitgaist | |
46 | 22 | laforge | h3. DFU |
47 | |||
48 | |||
49 | 16 | tsaitgaist | SIMtrace comes with the Device Firmware Upgrade (DFU) already installed. |
50 | To install it on a new AT91SAM7S, use the SAM-BA procedure below. |
||
51 | DFU can be used to replace the SIMtrace payload. |
||
52 | |||
53 | 1 | laforge | To get dfu-util: |
54 | 22 | laforge | <pre> |
55 | 1 | laforge | sudo apt-get install dfu-util |
56 | 22 | laforge | </pre> |
57 | 16 | tsaitgaist | |
58 | To flash the firmware: |
||
59 | 22 | laforge | <pre> |
60 | 1 | laforge | sudo dfu-util -d 16c0:0762 -a0 -D ./main_simtrace.bin -R |
61 | 22 | laforge | </pre> |
62 | 17 | tsaitgaist | |
63 | dfu-util should reset the board and use the DFU bootloader. |
||
64 | Try the command a second time if it did not work at first. |
||
65 | 22 | laforge | If this still does not work, power up the board while pressing the *BOOTLOADER* button. |
66 | 9 | laforge | |
67 | 1 | laforge | |
68 | 22 | laforge | h3. SAM-BA |
69 | |||
70 | |||
71 | 1 | laforge | The SAM-BA mode is provided by the AT91SAM7S. |
72 | This can be used at any time, even if the firmware bricks the device. |
||
73 | To flash the new firmware, sam7utils is used. |
||
74 | |||
75 | |||
76 | 22 | laforge | h4. sam7utils |
77 | |||
78 | |||
79 | 1 | laforge | SAM-BA images contain a full NOR flash image. They can be used in case the sam7dfu bootloader was corrupted, |
80 | 22 | laforge | and can be installed either using the *sam7* program released by Atmel, or via JTAG based flashing. |
81 | 1 | laforge | |
82 | 15 | tsaitgaist | Installing firmware using SAM-BA is a bit cumbersome and requires strict adherence to a sequence of USB cable |
83 | 1 | laforge | plugging/unplugging and jumper setting, waiting, jumper removal, etc. |
84 | |||
85 | |||
86 | 22 | laforge | sam7utils will be used to flash the *main_simtrace.samba* image over SAM-BA. |
87 | <pre> |
||
88 | 1 | laforge | sudo aptitude install libreadline-dev libusb-dev |
89 | 17 | tsaitgaist | wget http://www.openpcd.org/dl/sam7utils-0.2.1-bm.tar.bz2 |
90 | 12 | laforge | tar xf sam7utils-*.tar.bz2 |
91 | cd sam7utils |
||
92 | 1 | laforge | ./configure --prefix=/usr/local |
93 | make AM_CFLAGS="" |
||
94 | 22 | laforge | </pre> |
95 | 12 | laforge | |
96 | |||
97 | 22 | laforge | h4. Entering the SAM-BA mode |
98 | |||
99 | |||
100 | 14 | laforge | The first time you flash the device, you will have to use the SAM-BA method using the main_simtrace.samba image. |
101 | 1 | laforge | |
102 | To put the board into SAM-BA mode, use the following steps: |
||
103 | |||
104 | 22 | laforge | * unplug the board |
105 | * short TEST to VCC (3.3V) pin using a jumper. leave PA0,PA1,PA2 unconnected. |
||
106 | * power up the board |
||
107 | * wait 20s |
||
108 | * unplug board |
||
109 | * remove jumper |
||
110 | 12 | laforge | |
111 | 23 | laforge | !shortTEST.jpg! |
112 | 1 | laforge | |
113 | Now when the board is attached to USB, lsusb should show : |
||
114 | 22 | laforge | <pre> |
115 | 1 | laforge | Bus 002 Device 015: ID 03eb:6124 Atmel Corp. at91sam SAMBA bootloader |
116 | 22 | laforge | </pre> |
117 | 1 | laforge | |
118 | 22 | laforge | *note*: sometimes switching to SAM-BA mode is not working. |
119 | 1 | laforge | This is the case if the 2 LEDs are on when powering up the board while VCC and TEST is shorted. |
120 | 20 | tsaitgaist | This is because PA0 should be pulled up to enter the SAM-BE mode, but the internal pull-up does not seem to be used. |
121 | 1 | laforge | There are several methods to correct this: |
122 | 20 | tsaitgaist | |
123 | 22 | laforge | * press the RESET button while powering up |
124 | * touch PA0 (pin 48, on the right upper corner) with a piece of metal |
||
125 | * short PA0 and PA1 (pin 48 and 47, next to each other on the right upper corner) |
||
126 | 1 | laforge | |
127 | As soon as the LEDs go off, the SAM-BA mode is working. |
||
128 | |||
129 | 22 | laforge | *note for SIMtace v1.3 boards*: Because of a [[SIMtraceHardware#v13|hardware design bug] if you produced the board yourself you have to cut a path on the board and write the board version on flash the first time you install the firmware Follow the detailed [wikiProductionFlashingV13 instructions]]. |
130 | 1 | laforge | |
131 | For more information about SAM-BA, please refer to the Atmel documentation on the AT91SAM7S component. |
||
132 | |||
133 | |||
134 | 22 | laforge | h4. Flashing the firmware with sam7 |
135 | |||
136 | |||
137 | 1 | laforge | You can flash with sam7utils using libusb or POSIX. |
138 | 17 | tsaitgaist | |
139 | 1 | laforge | It may happen that sam7 loads a sam_ba module at the end. |
140 | 17 | tsaitgaist | If you want to use sam7 multiple times, remove the loaded module after each run: |
141 | 22 | laforge | <pre> |
142 | 17 | tsaitgaist | sudo rmmod sam_ba |
143 | 22 | laforge | </pre> |
144 | 1 | laforge | |
145 | 17 | tsaitgaist | |
146 | 22 | laforge | h5. flashing using libusb |
147 | |||
148 | |||
149 | 17 | tsaitgaist | sam7utils tries to compile with libusb, so to access the device directly. |
150 | If libusb is not present, you must flash using serial. |
||
151 | |||
152 | On ubuntu the usb device 03eb:6124 is mapped on /dev/ttyACMx using the cdc_cam module. |
||
153 | Remove it while the board is plugged, so sam7utils is able to communicate with it. |
||
154 | 22 | laforge | <pre> |
155 | 1 | laforge | sudo rmmod cdc_acm |
156 | 22 | laforge | </pre> |
157 | 11 | laforge | |
158 | to flash the samba image using libusb : |
||
159 | 22 | laforge | <pre> |
160 | 1 | laforge | sudo ./sam7 --exec set_clock --exec unlock_regions --exec "flash ../openpcd/firmware/main_simtrace.samba" |
161 | 22 | laforge | </pre> |
162 | 9 | laforge | |
163 | 6 | laforge | |
164 | 22 | laforge | h5. using POSIX |
165 | |||
166 | |||
167 | 6 | laforge | If libusb is not present, sam7utils will be compiled to communicate with the board using POSIX. |
168 | 17 | tsaitgaist | |
169 | 1 | laforge | If the device is not mapped to a node, use usbserial : |
170 | 22 | laforge | <pre> |
171 | 15 | tsaitgaist | sudo rmmod usbserial |
172 | 1 | laforge | sudo modprobe usbserial vendor=0x03EB product=0x6124 |
173 | 22 | laforge | </pre> |
174 | 17 | tsaitgaist | |
175 | 2 | laforge | to flash the samba image using serial : |
176 | 22 | laforge | <pre> |
177 | 2 | laforge | sudo ./sam7 -l /dev/ttyUSB0 --exec set_clock --exec unlock_regions --exec "flash ../openpcd/firmware/main_simtrace.samba" |
178 | 22 | laforge | </pre> |
179 | 19 | laforge | |
180 | |||
181 | 22 | laforge | h2. Serial |
182 | |||
183 | |||
184 | 9 | laforge | The debug serial is available with 115200 baud and 8n1 with no flow control |
185 | 19 | laforge | |
186 | 10 | laforge | |
187 | 22 | laforge | h2. Bugs |
188 | |||
189 | |||
190 | 18 | laforge | With high speed SIM cards some bytes inside an APDU can be skipped. This is more likely to happen in a virtualized environment. The workaround is to decrease the buffer size inside the firmware. |
191 | 1 | laforge | |
192 | 22 | laforge | |
193 | h2. Version History |
||
194 | |||
195 | * v0.2 Fixes ATR handling for older SIMcards. |
||
196 | * v0.4 fixes wrong Fi/Di computation in some cases |
||
197 | * v0.5 fixes SIMtrace crashes, lost bytes, WDT expiration and many other issues |