From d256545b2fd62d78910efcc6273c3b70abd3aa13 Mon Sep 17 00:00:00 2001 From: laforge Date: Tue, 12 Sep 2006 17:35:30 +0000 Subject: move to new directory git-svn-id: https://svn.openpcd.org:2342/trunk@191 6dc7ffe9-61d6-0310-9af1-9938baff3ed1 --- firmware/doc/bitpattern.txt | 102 ++++++++++++++++++++++++++++++++++++++++++ firmware/doc/dfu.txt | 89 ++++++++++++++++++++++++++++++++++++ firmware/doc/piccsim-todo.txt | 34 ++++++++++++++ firmware/doc/piccsim.txt | 42 +++++++++++++++++ 4 files changed, 267 insertions(+) create mode 100644 firmware/doc/bitpattern.txt create mode 100644 firmware/doc/dfu.txt create mode 100644 firmware/doc/piccsim-todo.txt create mode 100644 firmware/doc/piccsim.txt (limited to 'firmware/doc') diff --git a/firmware/doc/bitpattern.txt b/firmware/doc/bitpattern.txt new file mode 100644 index 0000000..2594a4c --- /dev/null +++ b/firmware/doc/bitpattern.txt @@ -0,0 +1,102 @@ +DATA CODING + +ISO 14443 A bit patterns PCD -> PICC direction: + +Sequence X After time of 64/fC a "pause" shall occur +Sequence Y for the full bit duration (128/fC) no modulation shall occur +Sequence Z at the beginning of the bit duration a pause shall occur + + +logic 1 Sequence X +logic 0 Sequence Y with two exceptions: + - if there are two or more contiguous '0, Z used from the second on + - if the first bit after SOF is 0, sequence Z used for all contig. 0's +SOF Sequence Z +EOF Logic 0 followed by Sequence Y +No Inform At least two sequences Y + + + +FRAME TYPES + +During anti collision we have two frame types: + +1) REQA/WUPA (short frame) + +Short frame is seven bits with SOF/EOF "SOF 0 1 2 3 4 5 6 EOF" + +REQA 0x26 S 0101010 E Z ZXYXYXY ZY +WUPA 0x52 S 0100101 E Z ZXYZXYX YY +REQA_t 0x35 S 1001110 E Z XYZXXXY ZY + +2) ANTICOL/SELET (standard frame) + +Standard frame: minimum "SOF byte parity EOF", e.g. + + S 01234567 P 01234567 P 01234567 P E + +Anticol frame: like standard frame, but + - frame splitted between PCD and PICC + - total bit length is 56 + - length of PCD part: 16 data bits to 55 data bits + - length of PICC part: 1 data bit to 40 data bits + - split can occur at any bit position + - full byte: split after complete byte: Parity added after last PCD bit + - split byte: No Parity is added after last PCD bit + - each half of the split frame has its own SOF / EOF + +BIT TIMING + +One bit clock is fC/128, i.e. 105937.5 kHz, resulting in 9.43uS bit time + +The "pause" has to be min. 2uS, or 21.2% of the bit duration. + + +SAMPLING + +Given the pause is only 21.2%, four samples per bit clock are not really enough +to catch the pause under all circumstances. + +Given four-times and eight-times oversampling, we get: + + 4-over 8-over +Sequence X 0010 00001000 (00000100) +Sequence Y 0000 00000000 +Sequence Z 1000 10000000 (01000000) + + + +Ideas: +- if we ignore final 'Y' sequence, DATLEN is 32 (8 clocks, four bits each), therefore + we can just configure SSC to sample one frame of 32 sample bits after the start condition + was met. + + +SAMPLING DURING STANDARD FRAMES + +The maxiumum frame size is 256 data bytes. We have to add two bytes CRC (=258 +bytes), plus parity (2064bits, plus 258 bits parity, equals 2322 data bits. Add +SOF / EOF with three bit clocks, and we have 2325 total data bits for a +maximum-sized frame. At four-times oversampling, this is 9300 sampled bits, +equals to 1162.5 bytes (eight-times oversampling consequently 2325 bytes). + + + +BIT SYNCHRONOUS RESPONSE IN SPLIT FRAME + +For some stupid reasons, the frame delay time for synchronous frames is not in +relation to the bit clock but in relation to the last rising edge of a +modulation pause. + +Therefore we need some trickery. Every rising edge resets TC2 of the SAM7, which +is clocked by the carrier clock. Once RA compare is true, TIOA2 will see a +rising edge, which is connected to TF, the SSC Tx Framer. + +On The Tx side we have to run the SSC always at 847.5kHz + + + + +thoughts: +falling edge of demodulated signal: counter reset, TIOB set +RB Compare: TIOB reset diff --git a/firmware/doc/dfu.txt b/firmware/doc/dfu.txt new file mode 100644 index 0000000..9b40c3c --- /dev/null +++ b/firmware/doc/dfu.txt @@ -0,0 +1,89 @@ +- data that is needed from both app and dfu mode +- code that is needed from both app and dfu mode + - function pointers + - copy code to RAM in case of DFU switch +- data that is only needed in DFU mode + - can be overwritten in case of reset-to-application +- data that is only needed in app mode + - can be overwritten with DFU data in case of DFU switch +- code that is only needed in DFU mode + - has to be copied to ram in case of DFU switch +- code that is only needed in app mode + - can be read from flash, no action required + + +=> abandoned that complicated idea. +now all DFU functions are __ramfunc's and thus always present. + + +interaction between app and dfu code: + +- dfu_switch(void) +- dfu_status (can be put in accessor function, if required) +- dfu_cfg_descriptor +- dfu_dev_descriptor +- dfu_ep0_handler() + + +order of events at boot; + +- start at reset vector in flash + - AT91F_LowLevelInit() +- setup stack for each mode +- relocate 'data' of bootloader, including ramfunc/vectram +- clear 'bss' of bootloader +- call remap command + - call usb initialization (irq, clock) + - if keypress, + - call dfu_main() + - wait for ep0 / busreset interrupt + - else call main() + + +memory layout: + +0: lowlevel startup code + Cstartup.o 0x00bc + Cstartup_SAM7.o 0x0100 + dfufunc 0x1dcc + dfustruct 0x0038 + + text text 0x0070 +data data 0x0000 +bss bss 0x000c + +flash = text + data (= 8k) +ram/rel = data + bss (12 bytes) + + +If we drop the DFU-can-flash-DFU requirement, we can leave all DFU related code +in flash. no need for any function to be permanently in RAM. However, not +preventing this feature in some future version, we shouldn't do that. + + +Function DFU runtime +udp_init x x RAM +udp_ep0_send_data x x RAM +udp_ep0_send_zlp x x RAM +udp_sp0_send_stall x x RAM +handle_dnload x - flash/relocated +handle_upload x - flash/relocated +handle_getstatus x - flash/relocated +handle_getstate x - flash/relocated +dfu_ep0_handler x x RAM + +dfu_dev_descriptor x - flash/relocated +dfu_cfg_descriptor x - flash/relocated +dfu_udp_ep0_handler x - flash/relocated +dfu_udp_irq x - flash/relocated +dfu_switch - x RAM +dfu_main x - flash/relocated +vectram x x flash/relocated/switched +IRQ_Handler_EntryR x x flash/relocated/switched +_remap x - flash/reloaded + +dfu_api x x flash (const anyway) +dfu_state x x RAM + + + diff --git a/firmware/doc/piccsim-todo.txt b/firmware/doc/piccsim-todo.txt new file mode 100644 index 0000000..a009b7d --- /dev/null +++ b/firmware/doc/piccsim-todo.txt @@ -0,0 +1,34 @@ +- code to control digital potentiometers via SPI [MM] + - chip select not SPI CS + +- idea: use comparator to determine voltage range, then reconfigure amplifier + - later + +- problem: capacitance of digital poti + - idea 1: + - idea 2: logarithmic amplifier using transistor + +- ADC driver + - core [MM] + - trigger function (we want to read all values ASAP) + - callback function (once new values are available) + - init function (initialize ADC) + - USB integration [HW] + - simple READ_ADC command + - one reply packet with all ADC channels + +- OS timer + - how often? + +- 'load modulation' driver + x set PA2/PA3 to binary 0..3 + +x add IO definitions for + - PLL INHIBIT low + - SPI_SS1_GAIN + - SPI_SS2_DATA_THRESHOLD + - BOOTLDR + +- sampled data continuous output into file / stdout + - trigger sampling by raising/falling edge (configurable) + - sample only one buffer diff --git a/firmware/doc/piccsim.txt b/firmware/doc/piccsim.txt new file mode 100644 index 0000000..3f149da --- /dev/null +++ b/firmware/doc/piccsim.txt @@ -0,0 +1,42 @@ +PICCSIM design + +ISO14443 anticollision: +- Configure TC + - to reset TC2 on every falling edge + - to use FORCE_FAST for TC IRQ + - to enable TC2 ETRGS +- CARRIER_DIV is switched to 212kHz / 424kHz + - this results in SSC Rx is 4x (2x?) oversampling +- Set SSC Rx start condition to 4x/2x SOF pattern +- upon reception of first falling edge, we + - end up in TC FIQ + - read out TC0 current value + - reconfigure TC0 RA/RB to be in-phase with previously-read TC0 + value (subtracting some fixed offset depending on FIQ latency) + - reconfigure TC2 + - to use external event on every rising edge + - to reset(trigger) on every external event + - to clear TIOA2 on RC compare (RC is high) + - to set TIOA2 on RA compare (RA set later) + - disable TC2 IRQ (and FIQ FAST_FORCE) +- Wait for SSC Rx Interrupt (DMA complete, or PIO) + - Read and decode single 32bit word + - determine whether it is REQA or WUPA + - abort if not, start over + - depending on last bit 0/1, configure TC2 RA (FDT) + - recconfig TC0 to produce 1.6MHz CARRIER_DIV clock for SSC Tx + - make sure this is done synchronously + - + - set up SSC Tx + - DMA with pre-encoded (and user-configured) ATQA + - start Tx at a rising edge of TF (asserted by TC2 RA) + - Send Interrupt once TX DMA is done +- Once TC2 RA compare happens, the rising edge of TIOA2 will trigger SSC +- Wait for SSC Tx DMA to finish +- Repeat similar steps for ANTICOL/SELECT command, differences: + - single-byte compare after frame Rx is not sufficient + - evaluate number of valid bits ASAP + - we might receive and transmit split frame at non-byte-boundaries + - just shift a prepared ANTICOL/Select response + - make sure parity is handled correctly! +- Once we've completed the select, we go on with normal -- cgit v1.2.3