summaryrefslogtreecommitdiff
path: root/firmware/doc
diff options
context:
space:
mode:
Diffstat (limited to 'firmware/doc')
-rw-r--r--firmware/doc/bitpattern.txt102
-rw-r--r--firmware/doc/dfu.txt89
-rw-r--r--firmware/doc/piccsim-todo.txt34
-rw-r--r--firmware/doc/piccsim.txt42
4 files changed, 267 insertions, 0 deletions
diff --git a/firmware/doc/bitpattern.txt b/firmware/doc/bitpattern.txt
new file mode 100644
index 0000000..2594a4c
--- /dev/null
+++ b/firmware/doc/bitpattern.txt
@@ -0,0 +1,102 @@
+DATA CODING
+
+ISO 14443 A bit patterns PCD -> PICC direction:
+
+Sequence X After time of 64/fC a "pause" shall occur
+Sequence Y for the full bit duration (128/fC) no modulation shall occur
+Sequence Z at the beginning of the bit duration a pause shall occur
+
+
+logic 1 Sequence X
+logic 0 Sequence Y with two exceptions:
+ - if there are two or more contiguous '0, Z used from the second on
+ - if the first bit after SOF is 0, sequence Z used for all contig. 0's
+SOF Sequence Z
+EOF Logic 0 followed by Sequence Y
+No Inform At least two sequences Y
+
+
+
+FRAME TYPES
+
+During anti collision we have two frame types:
+
+1) REQA/WUPA (short frame)
+
+Short frame is seven bits with SOF/EOF "SOF 0 1 2 3 4 5 6 EOF"
+
+REQA 0x26 S 0101010 E Z ZXYXYXY ZY
+WUPA 0x52 S 0100101 E Z ZXYZXYX YY
+REQA_t 0x35 S 1001110 E Z XYZXXXY ZY
+
+2) ANTICOL/SELET (standard frame)
+
+Standard frame: minimum "SOF byte parity EOF", e.g.
+
+ S 01234567 P 01234567 P 01234567 P E
+
+Anticol frame: like standard frame, but
+ - frame splitted between PCD and PICC
+ - total bit length is 56
+ - length of PCD part: 16 data bits to 55 data bits
+ - length of PICC part: 1 data bit to 40 data bits
+ - split can occur at any bit position
+ - full byte: split after complete byte: Parity added after last PCD bit
+ - split byte: No Parity is added after last PCD bit
+ - each half of the split frame has its own SOF / EOF
+
+BIT TIMING
+
+One bit clock is fC/128, i.e. 105937.5 kHz, resulting in 9.43uS bit time
+
+The "pause" has to be min. 2uS, or 21.2% of the bit duration.
+
+
+SAMPLING
+
+Given the pause is only 21.2%, four samples per bit clock are not really enough
+to catch the pause under all circumstances.
+
+Given four-times and eight-times oversampling, we get:
+
+ 4-over 8-over
+Sequence X 0010 00001000 (00000100)
+Sequence Y 0000 00000000
+Sequence Z 1000 10000000 (01000000)
+
+
+
+Ideas:
+- if we ignore final 'Y' sequence, DATLEN is 32 (8 clocks, four bits each), therefore
+ we can just configure SSC to sample one frame of 32 sample bits after the start condition
+ was met.
+
+
+SAMPLING DURING STANDARD FRAMES
+
+The maxiumum frame size is 256 data bytes. We have to add two bytes CRC (=258
+bytes), plus parity (2064bits, plus 258 bits parity, equals 2322 data bits. Add
+SOF / EOF with three bit clocks, and we have 2325 total data bits for a
+maximum-sized frame. At four-times oversampling, this is 9300 sampled bits,
+equals to 1162.5 bytes (eight-times oversampling consequently 2325 bytes).
+
+
+
+BIT SYNCHRONOUS RESPONSE IN SPLIT FRAME
+
+For some stupid reasons, the frame delay time for synchronous frames is not in
+relation to the bit clock but in relation to the last rising edge of a
+modulation pause.
+
+Therefore we need some trickery. Every rising edge resets TC2 of the SAM7, which
+is clocked by the carrier clock. Once RA compare is true, TIOA2 will see a
+rising edge, which is connected to TF, the SSC Tx Framer.
+
+On The Tx side we have to run the SSC always at 847.5kHz
+
+
+
+
+thoughts:
+falling edge of demodulated signal: counter reset, TIOB set
+RB Compare: TIOB reset
diff --git a/firmware/doc/dfu.txt b/firmware/doc/dfu.txt
new file mode 100644
index 0000000..9b40c3c
--- /dev/null
+++ b/firmware/doc/dfu.txt
@@ -0,0 +1,89 @@
+- data that is needed from both app and dfu mode
+- code that is needed from both app and dfu mode
+ - function pointers
+ - copy code to RAM in case of DFU switch
+- data that is only needed in DFU mode
+ - can be overwritten in case of reset-to-application
+- data that is only needed in app mode
+ - can be overwritten with DFU data in case of DFU switch
+- code that is only needed in DFU mode
+ - has to be copied to ram in case of DFU switch
+- code that is only needed in app mode
+ - can be read from flash, no action required
+
+
+=> abandoned that complicated idea.
+now all DFU functions are __ramfunc's and thus always present.
+
+
+interaction between app and dfu code:
+
+- dfu_switch(void)
+- dfu_status (can be put in accessor function, if required)
+- dfu_cfg_descriptor
+- dfu_dev_descriptor
+- dfu_ep0_handler()
+
+
+order of events at boot;
+
+- start at reset vector in flash
+ - AT91F_LowLevelInit()
+- setup stack for each mode
+- relocate 'data' of bootloader, including ramfunc/vectram
+- clear 'bss' of bootloader
+- call remap command
+ - call usb initialization (irq, clock)
+ - if keypress,
+ - call dfu_main()
+ - wait for ep0 / busreset interrupt
+ - else call main()
+
+
+memory layout:
+
+0: lowlevel startup code
+ Cstartup.o 0x00bc
+ Cstartup_SAM7.o 0x0100
+ dfufunc 0x1dcc
+ dfustruct 0x0038
+
+ text text 0x0070
+data data 0x0000
+bss bss 0x000c
+
+flash = text + data (= 8k)
+ram/rel = data + bss (12 bytes)
+
+
+If we drop the DFU-can-flash-DFU requirement, we can leave all DFU related code
+in flash. no need for any function to be permanently in RAM. However, not
+preventing this feature in some future version, we shouldn't do that.
+
+
+Function DFU runtime
+udp_init x x RAM
+udp_ep0_send_data x x RAM
+udp_ep0_send_zlp x x RAM
+udp_sp0_send_stall x x RAM
+handle_dnload x - flash/relocated
+handle_upload x - flash/relocated
+handle_getstatus x - flash/relocated
+handle_getstate x - flash/relocated
+dfu_ep0_handler x x RAM
+
+dfu_dev_descriptor x - flash/relocated
+dfu_cfg_descriptor x - flash/relocated
+dfu_udp_ep0_handler x - flash/relocated
+dfu_udp_irq x - flash/relocated
+dfu_switch - x RAM
+dfu_main x - flash/relocated
+vectram x x flash/relocated/switched
+IRQ_Handler_EntryR x x flash/relocated/switched
+_remap x - flash/reloaded
+
+dfu_api x x flash (const anyway)
+dfu_state x x RAM
+
+
+
diff --git a/firmware/doc/piccsim-todo.txt b/firmware/doc/piccsim-todo.txt
new file mode 100644
index 0000000..a009b7d
--- /dev/null
+++ b/firmware/doc/piccsim-todo.txt
@@ -0,0 +1,34 @@
+- code to control digital potentiometers via SPI [MM]
+ - chip select not SPI CS
+
+- idea: use comparator to determine voltage range, then reconfigure amplifier
+ - later
+
+- problem: capacitance of digital poti
+ - idea 1:
+ - idea 2: logarithmic amplifier using transistor
+
+- ADC driver
+ - core [MM]
+ - trigger function (we want to read all values ASAP)
+ - callback function (once new values are available)
+ - init function (initialize ADC)
+ - USB integration [HW]
+ - simple READ_ADC command
+ - one reply packet with all ADC channels
+
+- OS timer
+ - how often?
+
+- 'load modulation' driver
+ x set PA2/PA3 to binary 0..3
+
+x add IO definitions for
+ - PLL INHIBIT low
+ - SPI_SS1_GAIN
+ - SPI_SS2_DATA_THRESHOLD
+ - BOOTLDR
+
+- sampled data continuous output into file / stdout
+ - trigger sampling by raising/falling edge (configurable)
+ - sample only one buffer
diff --git a/firmware/doc/piccsim.txt b/firmware/doc/piccsim.txt
new file mode 100644
index 0000000..3f149da
--- /dev/null
+++ b/firmware/doc/piccsim.txt
@@ -0,0 +1,42 @@
+PICCSIM design
+
+ISO14443 anticollision:
+- Configure TC
+ - to reset TC2 on every falling edge
+ - to use FORCE_FAST for TC IRQ
+ - to enable TC2 ETRGS
+- CARRIER_DIV is switched to 212kHz / 424kHz
+ - this results in SSC Rx is 4x (2x?) oversampling
+- Set SSC Rx start condition to 4x/2x SOF pattern
+- upon reception of first falling edge, we
+ - end up in TC FIQ
+ - read out TC0 current value
+ - reconfigure TC0 RA/RB to be in-phase with previously-read TC0
+ value (subtracting some fixed offset depending on FIQ latency)
+ - reconfigure TC2
+ - to use external event on every rising edge
+ - to reset(trigger) on every external event
+ - to clear TIOA2 on RC compare (RC is high)
+ - to set TIOA2 on RA compare (RA set later)
+ - disable TC2 IRQ (and FIQ FAST_FORCE)
+- Wait for SSC Rx Interrupt (DMA complete, or PIO)
+ - Read and decode single 32bit word
+ - determine whether it is REQA or WUPA
+ - abort if not, start over
+ - depending on last bit 0/1, configure TC2 RA (FDT)
+ - recconfig TC0 to produce 1.6MHz CARRIER_DIV clock for SSC Tx
+ - make sure this is done synchronously
+ -
+ - set up SSC Tx
+ - DMA with pre-encoded (and user-configured) ATQA
+ - start Tx at a rising edge of TF (asserted by TC2 RA)
+ - Send Interrupt once TX DMA is done
+- Once TC2 RA compare happens, the rising edge of TIOA2 will trigger SSC
+- Wait for SSC Tx DMA to finish
+- Repeat similar steps for ANTICOL/SELECT command, differences:
+ - single-byte compare after frame Rx is not sufficient
+ - evaluate number of valid bits ASAP
+ - we might receive and transmit split frame at non-byte-boundaries
+ - just shift a prepared ANTICOL/Select response
+ - make sure parity is handled correctly!
+- Once we've completed the select, we go on with normal
personal git repositories of Harald Welte. Your mileage may vary