This article is mainly about the introduction of NOR Flash, and focuses on the detailed description of the phenomenon of NOR Flash programming flash lockup.
NOR FlashNOR FLASH is a very common memory chip, and the data will not be lost when power is off. NOR FLASH supports Execute ON Chip, that is, the program can be executed directly in the FLASH chip. This is different from NAND FLASH. Therefore, in the embedded system, NOR FLASH is very suitable as the storage medium of the startup program.
The reading of NOR FLASH is very similar to RAM, but it cannot be directly written. The write operation of NOR FLASH needs to follow a specific command sequence, and the control unit inside the chip ultimately completes the write operation. From the point of view of the smallest supported access unit, NOR FLASH is generally divided into 8-bit and 16-bit (of course, there are also many NOR FLASH chips that support both 8-bit mode and 16-bit mode. The specific working mode is carried out through specific pins. Select). For 8-bit NOR FLASH chips, or chips working in 8-BIT mode, one address corresponds to one BYTE (8-BIT) data. For example, an 8-BIT NOR FLASH, assuming the capacity is 4 BYTE. The chip should have 8 data signals D7-D0 and 2 address signals, A1-A0. Address 0x0 corresponds to the 0th BYTE, and address 0x1 corresponds to the first 1 BYTE, address 0x2 corresponds to the second BYTE, and address 0x3 corresponds to the third BYTE. For a 16-bit NOR FLASH chip, or a chip working in 16-BIT mode, an address corresponds to a HALF-WORD (16-BIT) data. For example, a 16-BIT NOR FLASH, assuming its capacity is 4 BYTE. The chip should have 16 data signal lines D15-D0 and 1 address signal A0. Address 0x0 corresponds to the 0th HALF-WORD inside the chip , Address 0x1 corresponds to the first HALF-WORD inside the chip. FLASH is generally divided into many SECTORs, and each SECTOR includes a certain number of storage units. For some large-capacity FLASH, it is also divided into different banks, each bank includes a certain number of SECTOR. The erasing operation of FLASH is generally based on SECTOR, BANK or the entire FLASH as the unit.
What should I do if flash is locked when programming NOR FlashFlash is locked because the password is written in the password part of the Flash. If it is disturbed during the programming process, it may cause the Flash to be locked. If you still fail to unlock after trying the following methods, you have to replace the chip. C2000 programming process (clear) -----"erase----"depletion ------"program------" verify. If the chip is forcibly powered off during Erase, the power supply is unstable, which results in a situation similar to forcing a short point, and the clock is unstable, then the code segment of FLASH may become a random value or all 0.
Solution
1. Confirm whether there is a program in the password area of ​​FLASH, if it is, then check the data corresponding to the address in .out, which is the password.
2. Power off, use CCS to power on---"memory to see if the FLASH area is all 0s, use Code Security Module in the GEL function-"Unlock_CSM to unlock
3. Every time the link is completed, do not burn FLASH first, first check whether the address corresponding to the password of the .out file is used, and make sure that the used value of PASSWDS is 0
4. If it has been locked, do not change the DSP source program, use the CCS3.3 online CPU simulation mode, View--"Memory to see the data burned in the password area
Unlock by NorFlash program programming
An empty board (the flash is empty) can normally read and write the flash through K9, but after the program has been written in the flash, it is easy to fail to re-write the flash through K9 during the test.
I did an experiment and wrote a text file to the normal startup address in the flash on a board that can be read and written normally, so that the board cannot start normally. At this time, when you erase the flash with K9, it will report "Cannot stop the target board." "Device", select "Special Stop" in the settings to clear the error of "Unable to stop the target board device", but K9 will always stop in the "initial flash" state. Trying various configuration combinations of K9 can no longer continue. Then solder a blank flash to the board, K9 can continue to burn the flash. I have done several such experiments, and I can confirm that the above process will be repeated when the flash is not empty and the program is incorrect.
Analyzing the above phenomenon, it is not difficult to find that it is because the illegal code is programmed into the chip, which causes the chip to be abnormal after power-on and operation, which affects the connection of the emulator. The problem is that the kernel cannot be stopped. If the kernel can be stopped, everything is much easier. Normally, CNW5602, a relatively high-performance ARM chip, supports more startup modes. So I suggested that this customer switch the chip's startup mode, but this user told me that the board is only designed to boot from NorFlash; and because it is a BGA chip, there is no way to set the jumper. There is no other good way, can it be said that the Flash chip must be removed again and replaced with an empty one?
There was really no other way. He sent me the board and asked me to help.
Since the boot mode cannot be switched, can the problem be solved from the source so that the data in NorFlash cannot be read by the chip?
So there is the following method:
I tried it again, but the previous method sometimes failed. The following is a more stable operation method:
Load the initialization macro in the attachment. I have changed this file, adding a 5 second delay at the beginning, and finally adding a command sequence to erase the entire Flash.
Short-circuit the RESET pin of Flash to ground, and power on again;
Enter the emulator self-check interface, click on the self-check, and when the first delay of 5 seconds pops up, disconnect the RESET grounding setting, and then perform the subsequent self-check. When the final operation of the initialization macro is executed, a command to erase the Flash will be executed. (If the first 5 second delay can occur, the device has stopped).
After the execution is complete, power on again, and the connection can be basically normal.
Maybe in the third step, the number of successes is relatively small, so try a few more times. I burned this random number file here, and there was a problem that it could not be stopped. Finally, this method is used to solve the problem.
When burning normally, please use the original initialization file.
The above method is actually a bit complicated, and there is no need to insert an erase sequence in the initialization macro. You can click the erase button directly, you need to delay the first 5 seconds, disconnect the RESET pin, because the chip has stopped at this time, and then you can call the algorithm to erase the chip.
The function of the first 5 second delay is to reserve time to disconnect the RESET pin of NorFlash and restore the normal operation of Flash. In this way, the emulator can execute the subsequent initialization sequence and erasure algorithm normally.
The principle of this method is to first keep the Flash chip in the reset state, the chip cannot read the code, and naturally it cannot start from NorFlash. After the chip is started, the emulator will connect again. At this time, the kernel can be connected and stopped, and various operations of reading Memory can be performed. After stopping the kernel, the Flash can be restored to normal operation, and the emulator will then erase the Flash.
NOR Flash programming method8-BIT FLASH Programming Driver Example-HY29F040
HY29F040 is an 8-BIT NOR FLASH of Hyundai. In this section, we take this chip as an example to introduce how to operate 8-BIT NOR FLASH.
The capacity of HY29F040 is 512K-BYTE, including 8 SECTORs in total, and the capacity of each SECTOR is 64K-BYTE. The chip supports SECTOR erase, block erase and write operations with BYTE as the basic unit. The command definition of HY29F040 is as follows Table-1 shows.
Below, we take a look at how to implement basic erasing and programming operations. In the description later in this section, we use the following 2 definitions:
U32 sysbase; //This variable is used to indicate the starting address of FLASH
#define SysADDR8(sysbase, offset) ((volatile U8*)(sysbase)+(offset)) //Used to facilitate the manipulation of the specified FALSH address
First explain the definition of SysAddr8. This macro defines a BYTE (8-BIT) pointer whose address is (sysbase + offset). Assuming that the starting address of FLASH is 0x10000000, if you want to write 0xAB to the first BYTE of FLASH, you can use the following code:
*SysAddr8 (0x10000000, 0x1) = 0xAB;
Note:
In the description later in this section, SYSBASE represents the start address of FLASH, and OFFSET in SysAddr8 represents the BYTE offset relative to the start address of FLASH. OFFSET is also 8-BIT FLASH in its own address signal An -The address seen on A0.
Mass erase operation
The entire chip erase operation requires a total of 6 cycles of bus write operation
1-Write 0xAA to FLASH address 0x5555
2-Write 0x55 to FLASH address 0x2AAA
3-Write 0x80 to FLASH address 0x5555
4-Write 0xAA to FLASH address 0x5555
5-Write 0x55 to FLASH address 0x2AAA
6-Write 0x10 to FLASH address 0x5555
Corresponding code:
*SysAddr8 (sysbase, 0x5555) = 0xAA; //Write the value 0xAA to FLASH address 0x5555
*SysAddr8 (sysbase, 0x2AAA) = 0x55; //Write the value 0x55 to FLASH address 0x2AAA
*SysAddr8 (sysbase, 0x5555) = 0x80; //Write the value 0x80 to FLASH address 0x5555
*SysAddr8 (sysbase, 0x5555) = 0xAA; //Write the value 0xAA to FLASH address 0x5555
*SysAddr8 (sysbase, 0x2AAA) = 0x55; //Write the value 0x55 to FLASH address 0x2AAA
*SysAddr8 (sysbase, 0x5555) = 0x10; //Write the value 0x10 to the FLASH address 0x5555
SECTOR erase operation
The erase operation of SECTOR requires a total of 6 cycles of bus write operation
1-Write 0xAA to FLASH address 0x5555
2-Write 0x55 to FLASH address 0x2AAA
3-Write 0x80 to FLASH address 0x5555
4-Write 0xAA to FLASH address 0x5555
5-Write 0x55 to FLASH address 0x2AAA
6-Write 0x30 to the address corresponding to the SECTOR to be erased
Corresponding code:
*SysAddr8 (sysbase, 0x5555) = 0xAA; //Write the value 0xAA to FLASH address 0x5555
*SysAddr8 (sysbase, 0x2AAA) = 0x55; //Write the value 0x55 to FLASH address 0x2AAA
*SysAddr8 (sysbase, 0x5555) = 0x80; //Write the value 0x80 to FLASH address 0x5555
*SysAddr8 (sysbase, 0x5555) = 0xAA; //Write the value 0xAA to FLASH address 0x5555
*SysAddr8 (sysbase, 0x2AAA) = 0x55; //Write the value 0x55 to FLASH address 0x2AAA
*SysAddr8 (sysbase, addr) = 0x30; //Write the value 0x30 to the address corresponding to the SECTOR to be erased
BYTE programming manipulation
To write a BYTE data to FLASH, it takes 4 cycles of bus write operation
1-Write 0xAA to FLASH address 0x5555
2-Write 0x55 to FLASH address 0x2AAA
3-Write 0xA0 to FLASH address 0x5555
4-Write the programming data (BYTE) to the corresponding programming address
Corresponding code:
*SysAddr8 (sysbase, 0x5555) = 0xAA; //Write the value 0xAA to FLASH address 0x5555
*SysAddr8 (sysbase, 0x2AAA) = 0x55; //Write the value 0x55 to FLASH address 0x2AAA
*SysAddr8 (sysbase, 0x5555) = 0xA0; //Write the value 0xA0 to FLASH address 0x5555
*SysAddr8(sysbase, addr) = data; //Write a BYTE data to the address when it expires
6. 16-BIT FLASH programming driver example-SST39VF160
SST39VF160 is a 16-BIT NOR FLASH of SST Company. In this section, we take SST39VF160 as an example to introduce how to operate 16-BIT NOR FLASH. The operation of 8-BIT FLASH is well understood, but the operation of 16-BIT FLASH is much more obscure. I tried my best to be clearer.
The capacity of SST39VF160 is 2M-BYTE, including 512 SECTORs in total, and the capacity of each SECTOR is 4K-BYTE. The chip supports SECTOR erase, block erase and write operations with HALF-WORD as the basic unit. SST39VF160 commands The definition is shown in Table-2. In Table 2, all commands are defined from the perspective of FLASH. Therefore, all addresses are HALF-WORD addresses, which refer to the addresses seen by the 16-BIT FLASH on its address signal An-A0.
In the description later in this section, we use the following 2 definitions:
U32 sysbase; //This variable is used to indicate the starting address of FLASH
#define SysAddr16(sysbase, offset) ((volatile U16*)(sysbase)+(offset)) //Used to facilitate the manipulation of the specified FALSH address
SysAddr16 (sysbase, offset) first defines a 16-BIT HALF-WORD pointer, the address of the pointer is sysbase, and then an offset operation is performed according to the offset. Since the address of the HALF-WORD pointer is aligned with 2 BYTEs, each offset manipulation will increase the address by 2. Ultimately, SysAddr16 (sysbase, offset) is equivalent to defining a HALF-WORD pointer, and its ultimate address is ( sysbase + 2offset). When using SysAddr16, set sysbase to the starting address of FLASH, and offset can be understood as the HALF-WORD offset or offset address relative to the starting address of FLASH. Assuming that the starting address of FLASH is 0x10000000, SysAddr16 (0x10000000, 0) points to the 0th HALF-WORD of 16-BIT FLASH, SysAddr16 (0x10000000, 1 points to the 1st HALF-WORD of 16-BIT FLASH, and so on. Suppose. To write 0xABCD to the 0th and 1st HALF-WORD of FLASH respectively, you can use the following code:
*SysAddr16 (0x10000000, 0x0) = 0xABCD;
*SysAddr16 (0x10000000, 0x1) = 0xABCD;
Next, we will analyze in detail from the angle of the ARM processor and the angle of FLASH.
From ARM's point of view:
Assuming that the starting address of FLASH is 0x10000000, because the ARM processor knows that the address space of FLASH is 0x10000000 ~ (0x10000000 + FLASH capacity-1), so when accessing this address space, the chip select signal of FLASH will be set, And output the low-order address to the address signal. Take *SysAddr16 (0x10000000, 0x1) = 0xABCD as an example. From the ARM processor's point of view, the operation is to write 0xABCD to address 0x10000002. So the ARM processor will eventually output address 0x2 on its address signal An-A0, and at the same time it will output 0xABCD on D15-D0.
From the perspective of FLASH:
Or take *SysAddr16(0x10000000, 0x1) = 0xABCD as an example, what address does FLASH see? Then analyze. When the ARM processor performs the operation, it will set the corresponding FLASH chip select enable signal, and output 0x2 on the ARM address signal An-A0. Because the connection between the ARM and 16-BIT FLASH address signal is Staggered by one bit, so the signal that FLASH will finally see on its address An-A0 is 0x1, which is equivalent to changing the ARM
The address output by the processor is shifted to the right, which corresponds to the first HALF-WORD of FLASH. At the same time, FLASH will see the data 0xABCD on its D15-D0.
Through the above analysis, we know that the offset value specified in SysAddr16 is the value seen by 16-BIT FLASH on its address An-A0. Therefore, we can easily manipulate FLASH through SysAddr16 (sysbase, offset), where sysbase represents the start address of FLASH, and offset represents the HALF-WORD (HALF-WORD offset or offset address) of FLASH. ).
Note:
1. In the description later in this section, SYSBASE in SysAddr16 represents the start address of FLASH, and OFFSET in SysAddr16 represents the HALF-WORD offset or offset address relative to the start address of FLASH. OFFSET The value of is also the value seen by 16-BIT FLASH on its address signal An-A0.
2. In the command definition of SST39VF160, all addresses are HALF-WORD addresses for FLASH, referring to the addresses seen on FLASH's own address signal An-A0.
Mass erase operation
The entire chip erase operation requires a total of 6 cycles of bus write operation
1-Write 0x00AA to FLASH HALF-WORD address 0x5555
2-Write 0x0055 to FLASH HALF-WORD address 0x2AAA
3-Write 0x0080 to FLASH HALF-WORD address 0x5555
4-Write 0x00AA to FLASH HALF-WORD address 0x5555
5-Write 0x0055 to FLASH HALF-WORD address 0x2AAA
6-Write 0x0010 to FLASH HALF-WORD address 0x5555
Corresponding code:
*SysAddr16 (sysbase, 0x5555) = 0x00AA; //Write the value 0x00AA to FLASH HALF-WORD address 0x5555
*SysAddr16 (sysbase, 0x2AAA) = 0x0055; //Write the value 0x0055 to FLASH HALF-WORD address 0x2AAA
*SysAddr16 (sysbase, 0x5555) = 0x0080; //Write the value 0x0080 to FLASH HALF-WORD address 0x5555
*SysAddr16 (sysbase, 0x5555) = 0x00AA; //Write the value 0x00AA to FLASH HALF-WORD address 0x5555
*SysAddr16 (sysbase, 0x2AAA) = 0x0055; //Write the value 0x0055 to FLASH HALF-WORD address 0x2AAA
*SysAddr16 (sysbase, 0x5555) = 0x0010; //Write the value 0x0010 to FLASH HALF-WORD address 0x5555
SECTOR erase operation
The erase operation of SECTOR requires a total of 6 cycles of bus write operation
1-Write 0x00AA to FLASH HALF-WORD address 0x5555
2-Write 0x0055 to FLASH HALF-WORD address 0x2AAA
3-Write 0x0080 to FLASH HALF-WORD address 0x5555
4-Write 0x00AA to FLASH HALF-WORD address 0x5555
5-Write 0x0055 to FLASH HALF-WORD address 0x2AAA
6 – Write 0x0030 to the HALF-WORD address corresponding to the SECTOR to be erased
Corresponding code:
*SysAddr16 (sysbase, 0x5555) = 0x00AA; //Write the value 0x00AA to FLASH HALF-WORD address 0x5555
*SysAddr16 (sysbase, 0x2AAA) = 0x0055; //Write the value 0x0055 to FLASH HALF-WORD address 0x2AAA
*SysAddr16 (sysbase, 0x5555) = 0x0080; //Write the value 0x0080 to FLASH HALF-WORD address 0x5555
*SysAddr16 (sysbase, 0x5555) = 0x00AA; //Write the value 0x00AA to FLASH HALF-WORD address 0x5555
*SysAddr16 (sysbase, 0x2AAA) = 0x0055; //Write the value 0x0055 to FLASH HALF-WORD address 0x2AAA
*SysAddr16 (sysbase, addr "" 1) = 0x0030; //Write the value 0x0030 to the corresponding SECTOR to be erased
HALF-WORD address
Note:
The ADDR in the 6th operation cycle in the above code is the BYTE address from the perspective of the ARM processor, because when erasing, the user wants to specify the address from the perspective of the ARM, which is more convenient And more intuitive. In the macro definition of SysAddr16, OFFSET represents the HALF-WORD offset relative to the start address of FLASH, or the address that FLASH sees on its address signal An-A0. So you need to perform a right shift operation to convert ADDR into HALF-WORD address.
For example, the size of each SECTOR of SST39VF160 is 4K-BYTE. From the perspective of the ARM processor and the user, the BYTE address of SECTOR-0 relative to the start address of FLASH is 0x0; from the perspective of FLASH, the value of SECTOR-0 is The HALF-WORD address is 0x0. From the perspective of the ARM processor and the user, the BYTE address of FLASH SECTOR-1 relative to the FLASH start address is 0x1000; from the perspective of FLASH, the HALF-WORD address of SECTOR-1 should be (0x1000 》》 1) = 0x800.
If you want to erase SECTOR-0, the sixth instruction of the above code should be:
*SysAddr16 (sysbase, 0x0 "" 1) = 0x0030;
If you want to erase SECTOR-1, the sixth instruction of the above code should be:
*SysAddr16 (sysbase, 0x1000 "" 1) = 0x0030;
HALF-WORD programming operation
Writing a HALF-WORD data to FLASH requires 4 cycles of bus write operation
1-Write 0x00AA to FLASH HALF-WORD address 0x5555
2-Write 0x0055 to FLASH HALF-WORD address 0x2AAA
3-Write 0x00A0 to FLASH HALF-WORD address 0x5555
4-Write the programming data (HALF-WORD) to the corresponding HALF-WORD address
Corresponding code:
*SysAddr16 (sysbase, 0x5555) = 0x00AA; //Write the value 0x00AA to FLASH address 0x5555
*SysAddr16 (sysbase, 0x2AAA) = 0x0055; //Write the value 0x0055 to the FLASH address 0x2AAA
*SysAddr16 (sysbase, 0x5555) = 0x00A0; //Write the value 0x00A0 to the FLASH address 0x5555
*SysAddr16 (sysbase, addr "" 1) = data; //Write the data to the corresponding HALF-WORD address
Note:
The ADDR in the 4th operation cycle in the above code is the BYTE address from the perspective of the ARM processor. When the write operation is performed, the user wishes to specify the address from the perspective of the ARM. More convenient and more intuitive. In the macro definition of SysAddr16, OFFSET represents the HALF-WORD offset relative to the start address of FLASH. So you need to perform a right shift operation and convert it to HALF-WORD
address.
For example, if you want to write data 0x0123 to address 0x0, it corresponds to the 0th HAFL-WORD of FLASH, and the corresponding HALF-WORD address should be 0x0. The 4th instruction of the above code should be:
*SysAddr16 (sysbase, 0x0 "" 1) = 0x0123;
If you want to write data 0x4567 to address 0x2, it corresponds to the first HALF-WORD of FLASH, and the corresponding HALF-WORD address should be 0x1. The fourth instruction of the above code should be:
*SysAddr16 (sysbase, 0x2 "" 1) = 0x4567;
If you want to write data 0x89AB to address 0x4, it corresponds to the second HALF-WORD of FLASH, and the corresponding HALF-WORD address should be 0x2. The fourth instruction of the above code should be:
*SysAddr16 (sysbase, 0x4 "" 1) = 0x89AB;
If you want to write data 0xCDEF to address 0x6, it corresponds to the third HALF-WORD of FLASH, and the corresponding HALF-WORD address should be 0x3. The fourth instruction of the above code should be:
*SysAddr16 (sysbase, 0x6 "" 1) = 0xCDEF;
ConclusionThis is the end of the related introduction about NOR Flash. Please correct me if there are any deficiencies.
Related reading recommendations: Detailed explanation of the difference between NAND flash and NOR flash
Related reading recommendations: a detailed analysis of the difference between NorFlash and NandFlash
Small Power Diesel Generator,Small Power Diesel Generator Set,Small Power Generator,Air Cooled Portable Diesel Generaor
Shanghai Kosta Electric Co., Ltd. , https://www.ksdgenerator.com