mirror of https://github.com/ARMmbed/mbed-os.git
769 lines
39 KiB
C
769 lines
39 KiB
C
|
/*
|
||
|
* Copyright (c) 2006-2016, ARM Limited, All Rights Reserved
|
||
|
* SPDX-License-Identifier: Apache-2.0
|
||
|
*
|
||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||
|
* not use this file except in compliance with the License.
|
||
|
* You may obtain a copy of the License at
|
||
|
*
|
||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||
|
*
|
||
|
* Unless required by applicable law or agreed to in writing, software
|
||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
* See the License for the specific language governing permissions and
|
||
|
* limitations under the License.
|
||
|
*/
|
||
|
|
||
|
#ifndef __DRIVER_STORAGE_H
|
||
|
#define __DRIVER_STORAGE_H
|
||
|
|
||
|
#include <stdint.h>
|
||
|
|
||
|
#ifdef __cplusplus
|
||
|
extern "C" {
|
||
|
#endif // __cplusplus
|
||
|
|
||
|
#include "Driver_Common.h"
|
||
|
|
||
|
#define ARM_STORAGE_API_VERSION ARM_DRIVER_VERSION_MAJOR_MINOR(1,00) /* API version */
|
||
|
|
||
|
|
||
|
#define _ARM_Driver_Storage_(n) Driver_Storage##n
|
||
|
#define ARM_Driver_Storage_(n) _ARM_Driver_Storage_(n)
|
||
|
|
||
|
#define ARM_STORAGE_INVALID_OFFSET (0xFFFFFFFFFFFFFFFFULL) ///< Invalid address (relative to a storage controller's
|
||
|
///< address space). A storage block may never start at this address.
|
||
|
|
||
|
#define ARM_STORAGE_INVALID_ADDRESS (0xFFFFFFFFUL) ///< Invalid address within the processor's memory address space.
|
||
|
///< Refer to memory-mapped storage, i.e. < \ref ARM_DRIVER_STORAGE::ResolveAddress().
|
||
|
|
||
|
/****** Storage specific error codes *****/
|
||
|
#define ARM_STORAGE_ERROR_NOT_ERASABLE (ARM_DRIVER_ERROR_SPECIFIC - 1) ///< Part (or all) of the range provided to Erase() isn't erasable.
|
||
|
#define ARM_STORAGE_ERROR_NOT_PROGRAMMABLE (ARM_DRIVER_ERROR_SPECIFIC - 2) ///< Part (or all) of the range provided to ProgramData() isn't programmable.
|
||
|
#define ARM_STORAGE_ERROR_PROTECTED (ARM_DRIVER_ERROR_SPECIFIC - 3) ///< Part (or all) of the range to Erase() or ProgramData() is protected.
|
||
|
#define ARM_STORAGE_ERROR_RUNTIME_OR_INTEGRITY_FAILURE (ARM_DRIVER_ERROR_SPECIFIC - 4) ///< Runtime or sanity-check failure.
|
||
|
|
||
|
/**
|
||
|
* \brief Attributes of the storage range within a storage block.
|
||
|
*/
|
||
|
typedef struct _ARM_STORAGE_BLOCK_ATTRIBUTES {
|
||
|
uint32_t erasable : 1; ///< Erasing blocks is permitted with a minimum granularity of 'erase_unit'.
|
||
|
///< @note: if 'erasable' is 0--i.e. the 'erase' operation isn't available--then
|
||
|
///< 'erase_unit' (see below) is immaterial and should be 0.
|
||
|
uint32_t programmable : 1; ///< Writing to ranges is permitted with a minimum granularity of 'program_unit'.
|
||
|
///< Writes are typically achieved through the ProgramData operation (following an erase);
|
||
|
///< if storage isn't erasable (see 'erasable' above) but is memory-mapped
|
||
|
///< (i.e. 'memory_mapped'), it can be written directly using memory-store operations.
|
||
|
uint32_t executable : 1; ///< This storage block can hold program data; the processor can fetch and execute code
|
||
|
///< sourced from it. Often this is accompanied with the device being 'memory_mapped' (see \ref ARM_STORAGE_INFO).
|
||
|
uint32_t protectable : 1; ///< The entire block can be protected from program and erase operations. Once protection
|
||
|
///< is enabled for a block, its 'erasable' and 'programmable' bits are turned off.
|
||
|
uint32_t reserved : 28;
|
||
|
uint32_t erase_unit; ///< Minimum erase size in bytes.
|
||
|
///< The offset of the start of the erase-range should also be aligned with this value.
|
||
|
///< Applicable if the 'erasable' attribute is set for the block.
|
||
|
///< @note: if 'erasable' (see above) is 0--i.e. the 'erase' operation isn't available--then
|
||
|
///< 'erase_unit' is immaterial and should be 0.
|
||
|
uint32_t protection_unit; ///< Minimum protectable size in bytes. Applicable if the 'protectable'
|
||
|
///< attribute is set for the block. This should be a divisor of the block's size. A
|
||
|
///< block can be considered to be made up of consecutive, individually-protectable fragments.
|
||
|
} ARM_STORAGE_BLOCK_ATTRIBUTES;
|
||
|
|
||
|
/**
|
||
|
* \brief A storage block is a range of memory with uniform attributes. Storage blocks
|
||
|
* combine to make up the address map of a storage controller.
|
||
|
*/
|
||
|
typedef struct _ARM_STORAGE_BLOCK {
|
||
|
uint64_t addr; ///< This is the start address of the storage block. It is
|
||
|
///< expressed as an offset from the start of the storage map
|
||
|
///< maintained by the owning storage controller.
|
||
|
uint64_t size; ///< This is the size of the storage block, in units of bytes.
|
||
|
///< Together with addr, it describes a range [addr, addr+size).
|
||
|
ARM_STORAGE_BLOCK_ATTRIBUTES attributes; ///< Attributes for this block.
|
||
|
} ARM_STORAGE_BLOCK;
|
||
|
|
||
|
/**
|
||
|
* The check for a valid ARM_STORAGE_BLOCK.
|
||
|
*/
|
||
|
#define ARM_STORAGE_VALID_BLOCK(BLK) (((BLK)->addr != ARM_STORAGE_INVALID_OFFSET) && ((BLK)->size != 0))
|
||
|
|
||
|
/**
|
||
|
* \brief Values for encoding storage memory-types with respect to programmability.
|
||
|
*
|
||
|
* Please ensure that the maximum of the following memory types doesn't exceed 16; we
|
||
|
* encode this in a 4-bit field within ARM_STORAGE_INFO::programmability.
|
||
|
*/
|
||
|
#define ARM_STORAGE_PROGRAMMABILITY_RAM (0x0)
|
||
|
#define ARM_STORAGE_PROGRAMMABILITY_ROM (0x1) ///< Read-only memory.
|
||
|
#define ARM_STORAGE_PROGRAMMABILITY_WORM (0x2) ///< write-once-read-only-memory (WORM).
|
||
|
#define ARM_STORAGE_PROGRAMMABILITY_ERASABLE (0x3) ///< re-programmable based on erase. Supports multiple writes.
|
||
|
|
||
|
/**
|
||
|
* Values for encoding data-retention levels for storage blocks.
|
||
|
*
|
||
|
* Please ensure that the maximum of the following retention types doesn't exceed 16; we
|
||
|
* encode this in a 4-bit field within ARM_STORAGE_INFO::retention_level.
|
||
|
*/
|
||
|
#define ARM_RETENTION_WHILE_DEVICE_ACTIVE (0x0) ///< Data is retained only during device activity.
|
||
|
#define ARM_RETENTION_ACROSS_SLEEP (0x1) ///< Data is retained across processor sleep.
|
||
|
#define ARM_RETENTION_ACROSS_DEEP_SLEEP (0x2) ///< Data is retained across processor deep-sleep.
|
||
|
#define ARM_RETENTION_BATTERY_BACKED (0x3) ///< Data is battery-backed. Device can be powered off.
|
||
|
#define ARM_RETENTION_NVM (0x4) ///< Data is retained in non-volatile memory.
|
||
|
|
||
|
/**
|
||
|
* Device Data Security Protection Features. Applicable mostly to EXTERNAL_NVM.
|
||
|
*/
|
||
|
typedef struct _ARM_STORAGE_SECURITY_FEATURES {
|
||
|
uint32_t acls : 1; ///< Protection against internal software attacks using ACLs.
|
||
|
uint32_t rollback_protection : 1; ///< Roll-back protection. Set to true if the creator of the storage
|
||
|
///< can ensure that an external attacker can't force an
|
||
|
///< older firmware to run or to revert back to a previous state.
|
||
|
uint32_t tamper_proof : 1; ///< Tamper-proof memory (will be deleted on tamper-attempts using board level or chip level sensors).
|
||
|
uint32_t internal_flash : 1; ///< Internal flash.
|
||
|
uint32_t reserved1 : 12;
|
||
|
|
||
|
/**
|
||
|
* Encode support for hardening against various classes of attacks.
|
||
|
*/
|
||
|
uint32_t software_attacks : 1; ///< device software (malware running on the device).
|
||
|
uint32_t board_level_attacks : 1; ///< board level attacks (debug probes, copy protection fuses.)
|
||
|
uint32_t chip_level_attacks : 1; ///< chip level attacks (tamper-protection).
|
||
|
uint32_t side_channel_attacks : 1; ///< side channel attacks.
|
||
|
uint32_t reserved2 : 12;
|
||
|
} ARM_STORAGE_SECURITY_FEATURES;
|
||
|
|
||
|
#define ARM_STORAGE_PROGRAM_CYCLES_INFINITE (0UL) /**< Infinite or unknown endurance for reprogramming. */
|
||
|
|
||
|
/**
|
||
|
* \brief Storage information. This contains device-metadata. It is the return
|
||
|
* value from calling GetInfo() on the storage driver.
|
||
|
*
|
||
|
* \details These fields serve a different purpose than the ones contained in
|
||
|
* \ref ARM_STORAGE_CAPABILITIES, which is another structure containing
|
||
|
* device-level metadata. ARM_STORAGE_CAPABILITIES describes the API
|
||
|
* capabilities, whereas ARM_STORAGE_INFO describes the device. Furthermore
|
||
|
* ARM_STORAGE_CAPABILITIES fits within a single word, and is designed to be
|
||
|
* passed around by value; ARM_STORAGE_INFO, on the other hand, contains
|
||
|
* metadata which doesn't fit into a single word and requires the use of
|
||
|
* pointers to be moved around.
|
||
|
*/
|
||
|
typedef struct _ARM_STORAGE_INFO {
|
||
|
uint64_t total_storage; ///< Total available storage, in bytes.
|
||
|
uint32_t program_unit; ///< Minimum programming size in bytes.
|
||
|
///< The offset of the start of the program-range should also be aligned with this value.
|
||
|
///< Applicable only if the 'programmable' attribute is set for a block.
|
||
|
///< @note: setting program_unit to 0 has the effect of disabling the size and alignment
|
||
|
///< restrictions (setting it to 1 also has the same effect).
|
||
|
uint32_t optimal_program_unit; ///< Optimal programming page-size in bytes. Some storage controllers
|
||
|
///< have internal buffers into which to receive data. Writing in chunks of
|
||
|
///< 'optimal_program_unit' would achieve maximum programming speed.
|
||
|
///< Applicable only if the 'programmable' attribute is set for the underlying block(s).
|
||
|
uint32_t program_cycles; ///< A measure of endurance for reprogramming.
|
||
|
///< Use ARM_STORAGE_PROGRAM_CYCLES_INFINITE for infinite or unknown endurance.
|
||
|
uint32_t erased_value : 1; ///< Contents of erased memory (usually 1 to indicate erased bytes with state 0xFF).
|
||
|
uint32_t memory_mapped : 1; ///< This storage device has a mapping onto the processor's memory address space.
|
||
|
///< @note: For a memory-mapped block which isn't erasable but is programmable (i.e. if
|
||
|
///< 'erasable' is set to 0, but 'programmable' is 1), writes should be possible directly to
|
||
|
///< the memory-mapped storage without going through the ProgramData operation.
|
||
|
uint32_t programmability : 4; ///< A value to indicate storage programmability.
|
||
|
uint32_t retention_level : 4;
|
||
|
uint32_t reserved : 22;
|
||
|
ARM_STORAGE_SECURITY_FEATURES security; ///< \ref ARM_STORAGE_SECURITY_FEATURES
|
||
|
} ARM_STORAGE_INFO;
|
||
|
|
||
|
/**
|
||
|
\brief Operating status of the storage controller.
|
||
|
*/
|
||
|
typedef struct _ARM_STORAGE_STATUS {
|
||
|
uint32_t busy : 1; ///< Controller busy flag
|
||
|
uint32_t error : 1; ///< Read/Program/Erase error flag (cleared on start of next operation)
|
||
|
} ARM_STORAGE_STATUS;
|
||
|
|
||
|
/**
|
||
|
* \brief Storage Driver API Capabilities.
|
||
|
*
|
||
|
* This data structure is designed to fit within a single word so that it can be
|
||
|
* fetched cheaply using a call to driver->GetCapabilities().
|
||
|
*/
|
||
|
typedef struct _ARM_STORAGE_CAPABILITIES {
|
||
|
uint32_t asynchronous_ops : 1; ///< Used to indicate if APIs like initialize,
|
||
|
///< read, erase, program, etc. can operate in asynchronous mode.
|
||
|
///< Setting this bit to 1 means that the driver is capable
|
||
|
///< of launching asynchronous operations; command completion is
|
||
|
///< signaled by the invocation of a completion callback. If
|
||
|
///< set to 1, drivers may still complete asynchronous
|
||
|
///< operations synchronously as necessary--in which case they
|
||
|
///< return a positive error code to indicate synchronous completion.
|
||
|
uint32_t erase_all : 1; ///< Supports EraseAll operation.
|
||
|
uint32_t reserved : 30;
|
||
|
} ARM_STORAGE_CAPABILITIES;
|
||
|
|
||
|
/**
|
||
|
* Command opcodes for Storage. Completion callbacks use these codes to refer to
|
||
|
* completing commands. Refer to \ref ARM_Storage_Callback_t.
|
||
|
*/
|
||
|
typedef enum _ARM_STORAGE_OPERATION {
|
||
|
ARM_STORAGE_OPERATION_GET_VERSION,
|
||
|
ARM_STORAGE_OPERATION_GET_CAPABILITIES,
|
||
|
ARM_STORAGE_OPERATION_INITIALIZE,
|
||
|
ARM_STORAGE_OPERATION_UNINITIALIZE,
|
||
|
ARM_STORAGE_OPERATION_POWER_CONTROL,
|
||
|
ARM_STORAGE_OPERATION_READ_DATA,
|
||
|
ARM_STORAGE_OPERATION_PROGRAM_DATA,
|
||
|
ARM_STORAGE_OPERATION_ERASE,
|
||
|
ARM_STORAGE_OPERATION_ERASE_ALL,
|
||
|
ARM_STORAGE_OPERATION_GET_STATUS,
|
||
|
ARM_STORAGE_OPERATION_GET_INFO,
|
||
|
ARM_STORAGE_OPERATION_RESOLVE_ADDRESS,
|
||
|
ARM_STORAGE_OPERATION_GET_NEXT_BLOCK,
|
||
|
ARM_STORAGE_OPERATION_GET_BLOCK
|
||
|
} ARM_STORAGE_OPERATION;
|
||
|
|
||
|
/**
|
||
|
* Declaration of the callback-type for command completion.
|
||
|
*
|
||
|
* @param [in] status
|
||
|
* A code to indicate the status of the completed operation. For data
|
||
|
* transfer operations, the status field is overloaded in case of
|
||
|
* success to return the count of items successfully transferred; this
|
||
|
* can be done safely because error codes are negative values.
|
||
|
*
|
||
|
* @param [in] operation
|
||
|
* The command op-code. This value isn't essential for the callback in
|
||
|
* the presence of the command instance-id, but it is expected that
|
||
|
* this information could be a quick and useful filter.
|
||
|
*/
|
||
|
typedef void (*ARM_Storage_Callback_t)(int32_t status, ARM_STORAGE_OPERATION operation);
|
||
|
|
||
|
/**
|
||
|
* This is the set of operations constituting the Storage driver. Their
|
||
|
* implementation is platform-specific, and needs to be supplied by the
|
||
|
* porting effort.
|
||
|
*
|
||
|
* Some APIs within `ARM_DRIVER_STORAGE` will always operate synchronously:
|
||
|
* GetVersion, GetCapabilities, GetStatus, GetInfo, ResolveAddress,
|
||
|
* GetNextBlock, and GetBlock. This means that control returns to the caller
|
||
|
* with a relevant status code only after the completion of the operation (or
|
||
|
* the discovery of a failure condition).
|
||
|
*
|
||
|
* The remainder of the APIs: Initialize, Uninitialize, PowerControl, ReadData,
|
||
|
* ProgramData, Erase, EraseAll, can function asynchronously if the underlying
|
||
|
* controller supports it--i.e. if ARM_STORAGE_CAPABILITIES::asynchronous_ops is
|
||
|
* set. In the case of asynchronous operation, the invocation returns early
|
||
|
* (with ARM_DRIVER_OK) and results in a completion callback later. If
|
||
|
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is not set, then all such APIs
|
||
|
* execute synchronously, and control returns to the caller with a status code
|
||
|
* only after the completion of the operation (or the discovery of a failure
|
||
|
* condition).
|
||
|
*
|
||
|
* If ARM_STORAGE_CAPABILITIES::asynchronous_ops is set, a storage driver may
|
||
|
* still choose to execute asynchronous operations in a synchronous manner. If
|
||
|
* so, the driver returns a positive value to indicate successful synchronous
|
||
|
* completion (or an error code in case of failure) and no further invocation of
|
||
|
* completion callback should be expected. The expected return value for
|
||
|
* synchronous completion of such asynchronous operations varies depending on
|
||
|
* the operation. For operations involving data access, it often equals the
|
||
|
* amount of data transferred or affected. For non data-transfer operations,
|
||
|
* such as EraseAll or Initialize, it is usually 1.
|
||
|
*
|
||
|
* Here's a code snippet to suggest how asynchronous APIs might be used by
|
||
|
* callers to handle both synchronous and asynchronous execution by the
|
||
|
* underlying storage driver:
|
||
|
* \code
|
||
|
* ASSERT(ARM_DRIVER_OK == 0); // this is a precondition; it doesn't need to be put in code
|
||
|
* int32_t returnValue = drv->asynchronousAPI(...);
|
||
|
* if (returnValue < ARM_DRIVER_OK) {
|
||
|
* // handle error.
|
||
|
* } else if (returnValue == ARM_DRIVER_OK) {
|
||
|
* ASSERT(drv->GetCapabilities().asynchronous_ops == 1);
|
||
|
* // handle early return from asynchronous execution; remainder of the work is done in the callback handler.
|
||
|
* } else {
|
||
|
* ASSERT(returnValue == EXPECTED_RETURN_VALUE_FOR_SYNCHRONOUS_COMPLETION);
|
||
|
* // handle synchronous completion.
|
||
|
* }
|
||
|
* \endcode
|
||
|
*/
|
||
|
typedef struct _ARM_DRIVER_STORAGE {
|
||
|
/**
|
||
|
* \brief Get driver version.
|
||
|
*
|
||
|
* The function GetVersion() returns version information of the driver implementation in ARM_DRIVER_VERSION.
|
||
|
*
|
||
|
* - API version is the version of the CMSIS-Driver specification used to implement this driver.
|
||
|
* - Driver version is source code version of the actual driver implementation.
|
||
|
*
|
||
|
* Example:
|
||
|
* \code
|
||
|
* extern ARM_DRIVER_STORAGE *drv_info;
|
||
|
*
|
||
|
* void read_version (void) {
|
||
|
* ARM_DRIVER_VERSION version;
|
||
|
*
|
||
|
* version = drv_info->GetVersion ();
|
||
|
* if (version.api < 0x10A) { // requires at minimum API version 1.10 or higher
|
||
|
* // error handling
|
||
|
* return;
|
||
|
* }
|
||
|
* }
|
||
|
* \endcode
|
||
|
*
|
||
|
* @return \ref ARM_DRIVER_VERSION.
|
||
|
*
|
||
|
* @note This API returns synchronously--it does not result in an invocation
|
||
|
* of a completion callback.
|
||
|
*
|
||
|
* @note The function GetVersion() can be called any time to obtain the
|
||
|
* required information from the driver (even before initialization). It
|
||
|
* always returns the same information.
|
||
|
*/
|
||
|
ARM_DRIVER_VERSION (*GetVersion)(void);
|
||
|
|
||
|
/**
|
||
|
* \brief Get driver capabilities.
|
||
|
*
|
||
|
* \details The function GetCapabilities() returns information about
|
||
|
* capabilities in this driver implementation. The data fields of the struct
|
||
|
* ARM_STORAGE_CAPABILITIES encode various capabilities, for example if the device
|
||
|
* is able to execute operations asynchronously.
|
||
|
*
|
||
|
* Example:
|
||
|
* \code
|
||
|
* extern ARM_DRIVER_STORAGE *drv_info;
|
||
|
*
|
||
|
* void read_capabilities (void) {
|
||
|
* ARM_STORAGE_CAPABILITIES drv_capabilities;
|
||
|
*
|
||
|
* drv_capabilities = drv_info->GetCapabilities ();
|
||
|
* // interrogate capabilities
|
||
|
*
|
||
|
* }
|
||
|
* \endcode
|
||
|
*
|
||
|
* @return \ref ARM_STORAGE_CAPABILITIES.
|
||
|
*
|
||
|
* @note This API returns synchronously--it does not result in an invocation
|
||
|
* of a completion callback.
|
||
|
*
|
||
|
* @note The function GetCapabilities() can be called any time to obtain the
|
||
|
* required information from the driver (even before initialization). It
|
||
|
* always returns the same information.
|
||
|
*/
|
||
|
ARM_STORAGE_CAPABILITIES (*GetCapabilities)(void);
|
||
|
|
||
|
/**
|
||
|
* \brief Initialize the Storage Interface.
|
||
|
*
|
||
|
* The function Initialize is called when the middleware component starts
|
||
|
* operation. In addition to bringing the controller to a ready state,
|
||
|
* Initialize() receives a callback handler to be invoked upon completion of
|
||
|
* asynchronous operations.
|
||
|
*
|
||
|
* Initialize() needs to be called explicitly before
|
||
|
* powering the peripheral using PowerControl(), and before initiating other
|
||
|
* accesses to the storage controller.
|
||
|
*
|
||
|
* The function performs the following operations:
|
||
|
* - Initializes the resources needed for the Storage interface.
|
||
|
* - Registers the \ref ARM_Storage_Callback_t callback function.
|
||
|
*
|
||
|
* To start working with a peripheral the functions Initialize and PowerControl need to be called in this order:
|
||
|
* drv->Initialize (...); // Allocate I/O pins
|
||
|
* drv->PowerControl (ARM_POWER_FULL); // Power up peripheral, setup IRQ/DMA
|
||
|
*
|
||
|
* - Initialize() typically allocates the I/O resources (pins) for the
|
||
|
* peripheral. The function can be called multiple times; if the I/O resources
|
||
|
* are already initialized it performs no operation and just returns with
|
||
|
* ARM_DRIVER_OK.
|
||
|
*
|
||
|
* - PowerControl (ARM_POWER_FULL) sets the peripheral registers including
|
||
|
* interrupt (NVIC) and optionally DMA. The function can be called multiple
|
||
|
* times; if the registers are already set it performs no operation and just
|
||
|
* returns with ARM_DRIVER_OK.
|
||
|
*
|
||
|
* To stop working with a peripheral the functions PowerControl and Uninitialize need to be called in this order:
|
||
|
* drv->PowerControl (ARM_POWER_OFF); // Terminate any pending transfers, reset IRQ/DMA, power off peripheral
|
||
|
* drv->Uninitialize (...); // Release I/O pins
|
||
|
*
|
||
|
* The functions PowerControl and Uninitialize always execute and can be used
|
||
|
* to put the peripheral into a Safe State, for example after any data
|
||
|
* transmission errors. To restart the peripheral in an error condition,
|
||
|
* you should first execute the Stop Sequence and then the Start Sequence.
|
||
|
*
|
||
|
* @param [in] callback
|
||
|
* Caller-defined callback to be invoked upon command completion
|
||
|
* for asynchronous APIs (including the completion of
|
||
|
* initialization). Use a NULL pointer when no callback
|
||
|
* signals are required.
|
||
|
*
|
||
|
* @note This API may execute asynchronously if
|
||
|
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
|
||
|
* execution is optional even if 'asynchronous_ops' is set.
|
||
|
*
|
||
|
* @return If asynchronous activity is launched, an invocation returns
|
||
|
* ARM_DRIVER_OK, and the caller can expect to receive a callback in the
|
||
|
* future with a status value of ARM_DRIVER_OK or an error-code. In the
|
||
|
* case of synchronous execution, control returns after completion with a
|
||
|
* value of 1. Return values less than ARM_DRIVER_OK (0) signify errors.
|
||
|
*/
|
||
|
int32_t (*Initialize)(ARM_Storage_Callback_t callback);
|
||
|
|
||
|
/**
|
||
|
* \brief De-initialize the Storage Interface.
|
||
|
*
|
||
|
* The function Uninitialize() de-initializes the resources of Storage interface.
|
||
|
*
|
||
|
* It is called when the middleware component stops operation, and wishes to
|
||
|
* release the software resources used by the interface.
|
||
|
*
|
||
|
* @note This API may execute asynchronously if
|
||
|
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
|
||
|
* execution is optional even if 'asynchronous_ops' is set.
|
||
|
*
|
||
|
* @return If asynchronous activity is launched, an invocation returns
|
||
|
* ARM_DRIVER_OK, and the caller can expect to receive a callback in the
|
||
|
* future with a status value of ARM_DRIVER_OK or an error-code. In the
|
||
|
* case of synchronous execution, control returns after completion with a
|
||
|
* value of 1. Return values less than ARM_DRIVER_OK (0) signify errors.
|
||
|
*/
|
||
|
int32_t (*Uninitialize)(void);
|
||
|
|
||
|
/**
|
||
|
* \brief Control the Storage interface power.
|
||
|
*
|
||
|
* The function \b ARM_Storage_PowerControl operates the power modes of the Storage interface.
|
||
|
*
|
||
|
* To start working with a peripheral the functions Initialize and PowerControl need to be called in this order:
|
||
|
* drv->Initialize (...); // Allocate I/O pins
|
||
|
* drv->PowerControl (ARM_POWER_FULL); // Power up peripheral, setup IRQ/DMA
|
||
|
*
|
||
|
* - Initialize() typically allocates the I/O resources (pins) for the
|
||
|
* peripheral. The function can be called multiple times; if the I/O resources
|
||
|
* are already initialized it performs no operation and just returns with
|
||
|
* ARM_DRIVER_OK.
|
||
|
*
|
||
|
* - PowerControl (ARM_POWER_FULL) sets the peripheral registers including
|
||
|
* interrupt (NVIC) and optionally DMA. The function can be called multiple
|
||
|
* times; if the registers are already set it performs no operation and just
|
||
|
* returns with ARM_DRIVER_OK.
|
||
|
*
|
||
|
* To stop working with a peripheral the functions PowerControl and Uninitialize need to be called in this order:
|
||
|
*
|
||
|
* drv->PowerControl (ARM_POWER_OFF); // Terminate any pending transfers, reset IRQ/DMA, power off peripheral
|
||
|
* drv->Uninitialize (...); // Release I/O pins
|
||
|
*
|
||
|
* The functions PowerControl and Uninitialize always execute and can be used
|
||
|
* to put the peripheral into a Safe State, for example after any data
|
||
|
* transmission errors. To restart the peripheral in an error condition,
|
||
|
* you should first execute the Stop Sequence and then the Start Sequence.
|
||
|
*
|
||
|
* @param state
|
||
|
* \ref ARM_POWER_STATE. The target power-state for the storage controller.
|
||
|
* The parameter state can have the following values:
|
||
|
* - ARM_POWER_FULL : set-up peripheral for data transfers, enable interrupts
|
||
|
* (NVIC) and optionally DMA. Can be called multiple times. If the peripheral
|
||
|
* is already in this mode, then the function performs no operation and returns
|
||
|
* with ARM_DRIVER_OK.
|
||
|
* - ARM_POWER_LOW : may use power saving. Returns ARM_DRIVER_ERROR_UNSUPPORTED when not implemented.
|
||
|
* - ARM_POWER_OFF : terminates any pending data transfers, disables peripheral, disables related interrupts and DMA.
|
||
|
*
|
||
|
* @note This API may execute asynchronously if
|
||
|
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
|
||
|
* execution is optional even if 'asynchronous_ops' is set.
|
||
|
*
|
||
|
* @return If asynchronous activity is launched, an invocation returns
|
||
|
* ARM_DRIVER_OK, and the caller can expect to receive a callback in the
|
||
|
* future with a status value of ARM_DRIVER_OK or an error-code. In the
|
||
|
* case of synchronous execution, control returns after completion with a
|
||
|
* value of 1. Return values less than ARM_DRIVER_OK (0) signify errors.
|
||
|
*/
|
||
|
int32_t (*PowerControl)(ARM_POWER_STATE state);
|
||
|
|
||
|
/**
|
||
|
* \brief read the contents of a given address range from the storage device.
|
||
|
*
|
||
|
* \details Read the contents of a range of storage memory into a buffer
|
||
|
* supplied by the caller. The buffer is owned by the caller and should
|
||
|
* remain accessible for the lifetime of this command.
|
||
|
*
|
||
|
* @param [in] addr
|
||
|
* This specifies the address from where to read data.
|
||
|
*
|
||
|
* @param [out] data
|
||
|
* The destination of the read operation. The buffer
|
||
|
* is owned by the caller and should remain accessible for the
|
||
|
* lifetime of this command.
|
||
|
*
|
||
|
* @param [in] size
|
||
|
* The number of bytes requested to read. The data buffer
|
||
|
* should be at least as large as this size.
|
||
|
*
|
||
|
* @note This API may execute asynchronously if
|
||
|
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
|
||
|
* execution is optional even if 'asynchronous_ops' is set.
|
||
|
*
|
||
|
* @return If asynchronous activity is launched, an invocation returns
|
||
|
* ARM_DRIVER_OK, and the caller can expect to receive a callback in the
|
||
|
* future with the number of successfully transferred bytes passed in as
|
||
|
* the 'status' parameter. In the case of synchronous execution, control
|
||
|
* returns after completion with a positive transfer-count. Return values
|
||
|
* less than ARM_DRIVER_OK (0) signify errors.
|
||
|
*/
|
||
|
int32_t (*ReadData)(uint64_t addr, void *data, uint32_t size);
|
||
|
|
||
|
/**
|
||
|
* \brief program (write into) the contents of a given address range of the storage device.
|
||
|
*
|
||
|
* \details Write the contents of a given memory buffer into a range of
|
||
|
* storage memory. In the case of flash memory, the destination range in
|
||
|
* storage memory typically has its contents in an erased state from a
|
||
|
* preceding erase operation. The source memory buffer is owned by the
|
||
|
* caller and should remain accessible for the lifetime of this command.
|
||
|
*
|
||
|
* @param [in] addr
|
||
|
* This is the start address of the range to be written into. It
|
||
|
* needs to be aligned to the device's \em program_unit
|
||
|
* specified in \ref ARM_STORAGE_INFO.
|
||
|
*
|
||
|
* @param [in] data
|
||
|
* The source of the write operation. The buffer is owned by the
|
||
|
* caller and should remain accessible for the lifetime of this
|
||
|
* command.
|
||
|
*
|
||
|
* @param [in] size
|
||
|
* The number of bytes requested to be written. The buffer
|
||
|
* should be at least as large as this size. \note 'size' should
|
||
|
* be a multiple of the device's 'program_unit' (see \ref
|
||
|
* ARM_STORAGE_INFO).
|
||
|
*
|
||
|
* @note It is best for the middleware to write in units of
|
||
|
* 'optimal_program_unit' (\ref ARM_STORAGE_INFO) of the device.
|
||
|
*
|
||
|
* @note This API may execute asynchronously if
|
||
|
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
|
||
|
* execution is optional even if 'asynchronous_ops' is set.
|
||
|
*
|
||
|
* @return If asynchronous activity is launched, an invocation returns
|
||
|
* ARM_DRIVER_OK, and the caller can expect to receive a callback in the
|
||
|
* future with the number of successfully transferred bytes passed in as
|
||
|
* the 'status' parameter. In the case of synchronous execution, control
|
||
|
* returns after completion with a positive transfer-count. Return values
|
||
|
* less than ARM_DRIVER_OK (0) signify errors.
|
||
|
*/
|
||
|
int32_t (*ProgramData)(uint64_t addr, const void *data, uint32_t size);
|
||
|
|
||
|
/**
|
||
|
* @brief Erase Storage range.
|
||
|
*
|
||
|
* @details This function erases a range of storage specified by [addr, addr +
|
||
|
* size). Both 'addr' and 'addr + size' should align with the
|
||
|
* 'erase_unit'(s) of the respective owning storage block(s) (see \ref
|
||
|
* ARM_STORAGE_BLOCK and \ref ARM_STORAGE_BLOCK_ATTRIBUTES). The range to
|
||
|
* be erased will have its contents returned to the un-programmed state--
|
||
|
* i.e. to 'erased_value' (see \ref ARM_STORAGE_BLOCK_ATTRIBUTES), which
|
||
|
* is usually 1 to indicate the pattern of all ones: 0xFF.
|
||
|
*
|
||
|
* @param [in] addr
|
||
|
* This is the start-address of the range to be erased. It must
|
||
|
* start at an 'erase_unit' boundary of the underlying block.
|
||
|
*
|
||
|
* @param [in] size
|
||
|
* Size (in bytes) of the range to be erased. 'addr + size'
|
||
|
* must be aligned with the 'erase_unit' of the underlying
|
||
|
* block.
|
||
|
*
|
||
|
* @note This API may execute asynchronously if
|
||
|
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
|
||
|
* execution is optional even if 'asynchronous_ops' is set.
|
||
|
*
|
||
|
* @return
|
||
|
* If the range to be erased doesn't align with the erase_units of the
|
||
|
* respective start and end blocks, ARM_DRIVER_ERROR_PARAMETER is returned.
|
||
|
* If any part of the range is protected, ARM_STORAGE_ERROR_PROTECTED is
|
||
|
* returned. If any part of the range is not erasable,
|
||
|
* ARM_STORAGE_ERROR_NOT_ERASABLE is returned. All such sanity-check
|
||
|
* failures result in the error code being returned synchronously and the
|
||
|
* storage bytes within the range remain unaffected.
|
||
|
* Otherwise the function executes in the following ways:
|
||
|
* If asynchronous activity is launched, an invocation returns
|
||
|
* ARM_DRIVER_OK, and the caller can expect to receive a callback in the
|
||
|
* future with the number of successfully erased bytes passed in as
|
||
|
* the 'status' parameter. In the case of synchronous execution, control
|
||
|
* returns after completion with a positive erase-count. Return values
|
||
|
* less than ARM_DRIVER_OK (0) signify errors.
|
||
|
*
|
||
|
* @note Erase() may return a smaller (positive) value than the size of the
|
||
|
* requested range. The returned value indicates the actual number of bytes
|
||
|
* erased. It is the caller's responsibility to follow up with an appropriate
|
||
|
* request to complete the operation.
|
||
|
*
|
||
|
* @note in the case of a failed erase (except when
|
||
|
* ARM_DRIVER_ERROR_PARAMETER, ARM_STORAGE_ERROR_PROTECTED, or
|
||
|
* ARM_STORAGE_ERROR_NOT_ERASABLE is returned synchronously), the
|
||
|
* requested range should be assumed to be in an unknown state. The
|
||
|
* previous contents may not be retained.
|
||
|
*/
|
||
|
int32_t (*Erase)(uint64_t addr, uint32_t size);
|
||
|
|
||
|
/**
|
||
|
* @brief Erase complete storage. Optional function for faster erase of the complete device.
|
||
|
*
|
||
|
* This optional function erases the complete device. If the device does not
|
||
|
* support global erase then the function returns the error value \ref
|
||
|
* ARM_DRIVER_ERROR_UNSUPPORTED. The data field \em 'erase_all' =
|
||
|
* \token{1} of the structure \ref ARM_STORAGE_CAPABILITIES encodes that
|
||
|
* \ref ARM_STORAGE_EraseAll is supported.
|
||
|
*
|
||
|
* @note This API may execute asynchronously if
|
||
|
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
|
||
|
* execution is optional even if 'asynchronous_ops' is set.
|
||
|
*
|
||
|
* @return
|
||
|
* If any part of the storage range is protected,
|
||
|
* ARM_STORAGE_ERROR_PROTECTED is returned. If any part of the storage
|
||
|
* range is not erasable, ARM_STORAGE_ERROR_NOT_ERASABLE is returned. All
|
||
|
* such sanity-check failures result in the error code being returned
|
||
|
* synchronously and the storage bytes within the range remain unaffected.
|
||
|
* Otherwise the function executes in the following ways:
|
||
|
* If asynchronous activity is launched, an invocation returns
|
||
|
* ARM_DRIVER_OK, and the caller can expect to receive a callback in the
|
||
|
* future with ARM_DRIVER_OK passed in as the 'status' parameter. In the
|
||
|
* case of synchronous execution, control returns after completion with a
|
||
|
* value of 1. Return values less than ARM_DRIVER_OK (0) signify errors.
|
||
|
*/
|
||
|
int32_t (*EraseAll)(void);
|
||
|
|
||
|
/**
|
||
|
* @brief Get the status of the current (or previous) command executed by the
|
||
|
* storage controller; stored in the structure \ref ARM_STORAGE_STATUS.
|
||
|
*
|
||
|
* @return
|
||
|
* The status of the underlying controller.
|
||
|
*
|
||
|
* @note This API returns synchronously--it does not result in an invocation
|
||
|
* of a completion callback.
|
||
|
*/
|
||
|
ARM_STORAGE_STATUS (*GetStatus)(void);
|
||
|
|
||
|
/**
|
||
|
* @brief Get information about the Storage device; stored in the structure \ref ARM_STORAGE_INFO.
|
||
|
*
|
||
|
* @param [out] info
|
||
|
* A caller-supplied buffer capable of being filled in with an
|
||
|
* \ref ARM_STORAGE_INFO.
|
||
|
*
|
||
|
* @return ARM_DRIVER_OK if a ARM_STORAGE_INFO structure containing top level
|
||
|
* metadata about the storage controller is filled into the supplied
|
||
|
* buffer, else an appropriate error value.
|
||
|
*
|
||
|
* @note It is the caller's responsibility to ensure that the buffer passed in
|
||
|
* is able to be initialized with a \ref ARM_STORAGE_INFO.
|
||
|
*
|
||
|
* @note This API returns synchronously--it does not result in an invocation
|
||
|
* of a completion callback.
|
||
|
*/
|
||
|
int32_t (*GetInfo)(ARM_STORAGE_INFO *info);
|
||
|
|
||
|
/**
|
||
|
* \brief For memory-mapped storage, resolve an address relative to
|
||
|
* the storage controller into a memory address.
|
||
|
*
|
||
|
* @param addr
|
||
|
* This is the address for which we want a resolution to the
|
||
|
* processor's physical address space. It is an offset from the
|
||
|
* start of the storage map maintained by the owning storage
|
||
|
* controller.
|
||
|
*
|
||
|
* @return
|
||
|
* The resolved address in the processor's address space; else
|
||
|
* ARM_STORAGE_INVALID_ADDRESS, if no resolution is possible.
|
||
|
*
|
||
|
* @note This API returns synchronously. The invocation should return quickly,
|
||
|
* and result in a resolved address.
|
||
|
*/
|
||
|
uint32_t (*ResolveAddress)(uint64_t addr);
|
||
|
|
||
|
/**
|
||
|
* @brief Advance to the successor of the current block (iterator), or fetch
|
||
|
* the first block (if 'prev_block' is passed in as NULL).
|
||
|
*
|
||
|
* @details This helper function fetches (an iterator to) the next block (or
|
||
|
* the first block if 'prev_block' is passed in as NULL). In the failure
|
||
|
* case, a terminating, invalid block iterator is filled into the out
|
||
|
* parameter: 'next_block'. In combination with \ref
|
||
|
* ARM_STORAGE_VALID_BLOCK(), it can be used to iterate over the sequence
|
||
|
* of blocks within the storage map:
|
||
|
*
|
||
|
* \code
|
||
|
* ARM_STORAGE_BLOCK block;
|
||
|
* for (drv->GetNextBlock(NULL, &block); ARM_STORAGE_VALID_BLOCK(&block); drv->GetNextBlock(&block, &block)) {
|
||
|
* // make use of block
|
||
|
* }
|
||
|
* \endcode
|
||
|
*
|
||
|
* @param[in] prev_block
|
||
|
* An existing block (iterator) within the same storage
|
||
|
* controller. The memory buffer holding this block is owned
|
||
|
* by the caller. This pointer may be NULL; if so, the
|
||
|
* invocation fills in the first block into the out parameter:
|
||
|
* 'next_block'.
|
||
|
*
|
||
|
* @param[out] next_block
|
||
|
* A caller-owned buffer large enough to be filled in with
|
||
|
* the following ARM_STORAGE_BLOCK. It is legal to provide the
|
||
|
* same buffer using 'next_block' as was passed in with 'prev_block'. It
|
||
|
* is also legal to pass a NULL into this parameter if the
|
||
|
* caller isn't interested in populating a buffer with the next
|
||
|
* block--i.e. if the caller only wishes to establish the
|
||
|
* presence of a next block.
|
||
|
*
|
||
|
* @return ARM_DRIVER_OK if a valid next block is found (or first block, if
|
||
|
* prev_block is passed as NULL); upon successful operation, the contents
|
||
|
* of the next (or first) block are filled into the buffer pointed to by
|
||
|
* the parameter 'next_block' and ARM_STORAGE_VALID_BLOCK(next_block) is
|
||
|
* guaranteed to be true. Upon reaching the end of the sequence of blocks
|
||
|
* (iterators), or in case the driver is unable to fetch information about
|
||
|
* the next (or first) block, an error (negative) value is returned and an
|
||
|
* invalid StorageBlock is populated into the supplied buffer. If
|
||
|
* prev_block is NULL, the first block is returned.
|
||
|
*
|
||
|
* @note This API returns synchronously--it does not result in an invocation
|
||
|
* of a completion callback.
|
||
|
*/
|
||
|
int32_t (*GetNextBlock)(const ARM_STORAGE_BLOCK* prev_block, ARM_STORAGE_BLOCK *next_block);
|
||
|
|
||
|
/**
|
||
|
* @brief Find the storage block (iterator) encompassing a given storage address.
|
||
|
*
|
||
|
* @param[in] addr
|
||
|
* Storage address in bytes.
|
||
|
*
|
||
|
* @param[out] block
|
||
|
* A caller-owned buffer large enough to be filled in with the
|
||
|
* ARM_STORAGE_BLOCK encapsulating the given address. This value
|
||
|
* can also be passed in as NULL if the caller isn't interested
|
||
|
* in populating a buffer with the block--if the caller only
|
||
|
* wishes to establish the presence of a containing storage
|
||
|
* block.
|
||
|
*
|
||
|
* @return ARM_DRIVER_OK if a containing storage-block is found. In this case,
|
||
|
* if block is non-NULL, the buffer pointed to by it is populated with
|
||
|
* the contents of the storage block--i.e. if block is valid and a block is
|
||
|
* found, ARM_STORAGE_VALID_BLOCK(block) would return true following this
|
||
|
* call. If there is no storage block containing the given offset, or in
|
||
|
* case the driver is unable to resolve an address to a storage-block, an
|
||
|
* error (negative) value is returned and an invalid StorageBlock is
|
||
|
* populated into the supplied buffer.
|
||
|
*
|
||
|
* @note This API returns synchronously--it does not result in an invocation
|
||
|
* of a completion callback.
|
||
|
*/
|
||
|
int32_t (*GetBlock)(uint64_t addr, ARM_STORAGE_BLOCK *block);
|
||
|
} const ARM_DRIVER_STORAGE;
|
||
|
|
||
|
#ifdef __cplusplus
|
||
|
}
|
||
|
#endif // __cplusplus
|
||
|
|
||
|
#endif /* __DRIVER_STORAGE_H */
|