1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
|
/** \addtogroup hal */
/** @{*/
/*
* Copyright (c) 2006-2016, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __DRIVER_STORAGE_H
#define __DRIVER_STORAGE_H
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif // __cplusplus
#include "Driver_Common.h"
#define ARM_STORAGE_API_VERSION ARM_DRIVER_VERSION_MAJOR_MINOR(1,00) /* API version */
#define _ARM_Driver_Storage_(n) Driver_Storage##n
#define ARM_Driver_Storage_(n) _ARM_Driver_Storage_(n)
#define ARM_STORAGE_INVALID_OFFSET (0xFFFFFFFFFFFFFFFFULL) ///< Invalid address (relative to a storage controller's
///< address space). A storage block may never start at this address.
#define ARM_STORAGE_INVALID_ADDRESS (0xFFFFFFFFUL) ///< Invalid address within the processor's memory address space.
///< Refer to memory-mapped storage, i.e. < \ref ARM_DRIVER_STORAGE::ResolveAddress().
/****** Storage specific error codes *****/
#define ARM_STORAGE_ERROR_NOT_ERASABLE (ARM_DRIVER_ERROR_SPECIFIC - 1) ///< Part (or all) of the range provided to Erase() isn't erasable.
#define ARM_STORAGE_ERROR_NOT_PROGRAMMABLE (ARM_DRIVER_ERROR_SPECIFIC - 2) ///< Part (or all) of the range provided to ProgramData() isn't programmable.
#define ARM_STORAGE_ERROR_PROTECTED (ARM_DRIVER_ERROR_SPECIFIC - 3) ///< Part (or all) of the range to Erase() or ProgramData() is protected.
#define ARM_STORAGE_ERROR_RUNTIME_OR_INTEGRITY_FAILURE (ARM_DRIVER_ERROR_SPECIFIC - 4) ///< Runtime or sanity-check failure.
/**
* \brief Attributes of the storage range within a storage block.
*/
typedef struct _ARM_STORAGE_BLOCK_ATTRIBUTES {
uint32_t erasable : 1; ///< Erasing blocks is permitted with a minimum granularity of 'erase_unit'.
///< @note: if 'erasable' is 0--i.e. the 'erase' operation isn't available--then
///< 'erase_unit' (see below) is immaterial and should be 0.
uint32_t programmable : 1; ///< Writing to ranges is permitted with a minimum granularity of 'program_unit'.
///< Writes are typically achieved through the ProgramData operation (following an erase);
///< if storage isn't erasable (see 'erasable' above) but is memory-mapped
///< (i.e. 'memory_mapped'), it can be written directly using memory-store operations.
uint32_t executable : 1; ///< This storage block can hold program data; the processor can fetch and execute code
///< sourced from it. Often this is accompanied with the device being 'memory_mapped' (see \ref ARM_STORAGE_INFO).
uint32_t protectable : 1; ///< The entire block can be protected from program and erase operations. Once protection
///< is enabled for a block, its 'erasable' and 'programmable' bits are turned off.
uint32_t reserved : 28;
uint32_t erase_unit; ///< Minimum erase size in bytes.
///< The offset of the start of the erase-range should also be aligned with this value.
///< Applicable if the 'erasable' attribute is set for the block.
///< @note: if 'erasable' (see above) is 0--i.e. the 'erase' operation isn't available--then
///< 'erase_unit' is immaterial and should be 0.
uint32_t protection_unit; ///< Minimum protectable size in bytes. Applicable if the 'protectable'
///< attribute is set for the block. This should be a divisor of the block's size. A
///< block can be considered to be made up of consecutive, individually-protectable fragments.
} ARM_STORAGE_BLOCK_ATTRIBUTES;
/**
* \brief A storage block is a range of memory with uniform attributes. Storage blocks
* combine to make up the address map of a storage controller.
*/
typedef struct _ARM_STORAGE_BLOCK {
uint64_t addr; ///< This is the start address of the storage block. It is
///< expressed as an offset from the start of the storage map
///< maintained by the owning storage controller.
uint64_t size; ///< This is the size of the storage block, in units of bytes.
///< Together with addr, it describes a range [addr, addr+size).
ARM_STORAGE_BLOCK_ATTRIBUTES attributes; ///< Attributes for this block.
} ARM_STORAGE_BLOCK;
/**
* The check for a valid ARM_STORAGE_BLOCK.
*/
#define ARM_STORAGE_VALID_BLOCK(BLK) (((BLK)->addr != ARM_STORAGE_INVALID_OFFSET) && ((BLK)->size != 0))
/**
* \brief Values for encoding storage memory-types with respect to programmability.
*
* Please ensure that the maximum of the following memory types doesn't exceed 16; we
* encode this in a 4-bit field within ARM_STORAGE_INFO::programmability.
*/
#define ARM_STORAGE_PROGRAMMABILITY_RAM (0x0)
#define ARM_STORAGE_PROGRAMMABILITY_ROM (0x1) ///< Read-only memory.
#define ARM_STORAGE_PROGRAMMABILITY_WORM (0x2) ///< write-once-read-only-memory (WORM).
#define ARM_STORAGE_PROGRAMMABILITY_ERASABLE (0x3) ///< re-programmable based on erase. Supports multiple writes.
/**
* Values for encoding data-retention levels for storage blocks.
*
* Please ensure that the maximum of the following retention types doesn't exceed 16; we
* encode this in a 4-bit field within ARM_STORAGE_INFO::retention_level.
*/
#define ARM_RETENTION_WHILE_DEVICE_ACTIVE (0x0) ///< Data is retained only during device activity.
#define ARM_RETENTION_ACROSS_SLEEP (0x1) ///< Data is retained across processor sleep.
#define ARM_RETENTION_ACROSS_DEEP_SLEEP (0x2) ///< Data is retained across processor deep-sleep.
#define ARM_RETENTION_BATTERY_BACKED (0x3) ///< Data is battery-backed. Device can be powered off.
#define ARM_RETENTION_NVM (0x4) ///< Data is retained in non-volatile memory.
/**
* Device Data Security Protection Features. Applicable mostly to EXTERNAL_NVM.
*/
typedef struct _ARM_STORAGE_SECURITY_FEATURES {
uint32_t acls : 1; ///< Protection against internal software attacks using ACLs.
uint32_t rollback_protection : 1; ///< Roll-back protection. Set to true if the creator of the storage
///< can ensure that an external attacker can't force an
///< older firmware to run or to revert back to a previous state.
uint32_t tamper_proof : 1; ///< Tamper-proof memory (will be deleted on tamper-attempts using board level or chip level sensors).
uint32_t internal_flash : 1; ///< Internal flash.
uint32_t reserved1 : 12;
/**
* Encode support for hardening against various classes of attacks.
*/
uint32_t software_attacks : 1; ///< device software (malware running on the device).
uint32_t board_level_attacks : 1; ///< board level attacks (debug probes, copy protection fuses.)
uint32_t chip_level_attacks : 1; ///< chip level attacks (tamper-protection).
uint32_t side_channel_attacks : 1; ///< side channel attacks.
uint32_t reserved2 : 12;
} ARM_STORAGE_SECURITY_FEATURES;
#define ARM_STORAGE_PROGRAM_CYCLES_INFINITE (0UL) /**< Infinite or unknown endurance for reprogramming. */
/**
* \brief Storage information. This contains device-metadata. It is the return
* value from calling GetInfo() on the storage driver.
*
* \details These fields serve a different purpose than the ones contained in
* \ref ARM_STORAGE_CAPABILITIES, which is another structure containing
* device-level metadata. ARM_STORAGE_CAPABILITIES describes the API
* capabilities, whereas ARM_STORAGE_INFO describes the device. Furthermore
* ARM_STORAGE_CAPABILITIES fits within a single word, and is designed to be
* passed around by value; ARM_STORAGE_INFO, on the other hand, contains
* metadata which doesn't fit into a single word and requires the use of
* pointers to be moved around.
*/
typedef struct _ARM_STORAGE_INFO {
uint64_t total_storage; ///< Total available storage, in bytes.
uint32_t program_unit; ///< Minimum programming size in bytes.
///< The offset of the start of the program-range should also be aligned with this value.
///< Applicable only if the 'programmable' attribute is set for a block.
///< @note: setting program_unit to 0 has the effect of disabling the size and alignment
///< restrictions (setting it to 1 also has the same effect).
uint32_t optimal_program_unit; ///< Optimal programming page-size in bytes. Some storage controllers
///< have internal buffers into which to receive data. Writing in chunks of
///< 'optimal_program_unit' would achieve maximum programming speed.
///< Applicable only if the 'programmable' attribute is set for the underlying block(s).
uint32_t program_cycles; ///< A measure of endurance for reprogramming.
///< Use ARM_STORAGE_PROGRAM_CYCLES_INFINITE for infinite or unknown endurance.
uint32_t erased_value : 1; ///< Contents of erased memory (usually 1 to indicate erased bytes with state 0xFF).
uint32_t memory_mapped : 1; ///< This storage device has a mapping onto the processor's memory address space.
///< @note: For a memory-mapped block which isn't erasable but is programmable (i.e. if
///< 'erasable' is set to 0, but 'programmable' is 1), writes should be possible directly to
///< the memory-mapped storage without going through the ProgramData operation.
uint32_t programmability : 4; ///< A value to indicate storage programmability.
uint32_t retention_level : 4;
uint32_t reserved : 22;
ARM_STORAGE_SECURITY_FEATURES security; ///< \ref ARM_STORAGE_SECURITY_FEATURES
} ARM_STORAGE_INFO;
/**
\brief Operating status of the storage controller.
*/
typedef struct _ARM_STORAGE_STATUS {
uint32_t busy : 1; ///< Controller busy flag
uint32_t error : 1; ///< Read/Program/Erase error flag (cleared on start of next operation)
} ARM_STORAGE_STATUS;
/**
* \brief Storage Driver API Capabilities.
*
* This data structure is designed to fit within a single word so that it can be
* fetched cheaply using a call to driver->GetCapabilities().
*/
typedef struct _ARM_STORAGE_CAPABILITIES {
uint32_t asynchronous_ops : 1; ///< Used to indicate if APIs like initialize,
///< read, erase, program, etc. can operate in asynchronous mode.
///< Setting this bit to 1 means that the driver is capable
///< of launching asynchronous operations; command completion is
///< signaled by the invocation of a completion callback. If
///< set to 1, drivers may still complete asynchronous
///< operations synchronously as necessary--in which case they
///< return a positive error code to indicate synchronous completion.
uint32_t erase_all : 1; ///< Supports EraseAll operation.
uint32_t reserved : 30;
} ARM_STORAGE_CAPABILITIES;
/**
* Command opcodes for Storage. Completion callbacks use these codes to refer to
* completing commands. Refer to \ref ARM_Storage_Callback_t.
*/
typedef enum _ARM_STORAGE_OPERATION {
ARM_STORAGE_OPERATION_GET_VERSION,
ARM_STORAGE_OPERATION_GET_CAPABILITIES,
ARM_STORAGE_OPERATION_INITIALIZE,
ARM_STORAGE_OPERATION_UNINITIALIZE,
ARM_STORAGE_OPERATION_POWER_CONTROL,
ARM_STORAGE_OPERATION_READ_DATA,
ARM_STORAGE_OPERATION_PROGRAM_DATA,
ARM_STORAGE_OPERATION_ERASE,
ARM_STORAGE_OPERATION_ERASE_ALL,
ARM_STORAGE_OPERATION_GET_STATUS,
ARM_STORAGE_OPERATION_GET_INFO,
ARM_STORAGE_OPERATION_RESOLVE_ADDRESS,
ARM_STORAGE_OPERATION_GET_NEXT_BLOCK,
ARM_STORAGE_OPERATION_GET_BLOCK
} ARM_STORAGE_OPERATION;
/**
* Declaration of the callback-type for command completion.
*
* @param [in] status
* A code to indicate the status of the completed operation. For data
* transfer operations, the status field is overloaded in case of
* success to return the count of items successfully transferred; this
* can be done safely because error codes are negative values.
*
* @param [in] operation
* The command op-code. This value isn't essential for the callback in
* the presence of the command instance-id, but it is expected that
* this information could be a quick and useful filter.
*/
typedef void (*ARM_Storage_Callback_t)(int32_t status, ARM_STORAGE_OPERATION operation);
/**
* This is the set of operations constituting the Storage driver. Their
* implementation is platform-specific, and needs to be supplied by the
* porting effort.
*
* Some APIs within `ARM_DRIVER_STORAGE` will always operate synchronously:
* GetVersion, GetCapabilities, GetStatus, GetInfo, ResolveAddress,
* GetNextBlock, and GetBlock. This means that control returns to the caller
* with a relevant status code only after the completion of the operation (or
* the discovery of a failure condition).
*
* The remainder of the APIs: Initialize, Uninitialize, PowerControl, ReadData,
* ProgramData, Erase, EraseAll, can function asynchronously if the underlying
* controller supports it--i.e. if ARM_STORAGE_CAPABILITIES::asynchronous_ops is
* set. In the case of asynchronous operation, the invocation returns early
* (with ARM_DRIVER_OK) and results in a completion callback later. If
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is not set, then all such APIs
* execute synchronously, and control returns to the caller with a status code
* only after the completion of the operation (or the discovery of a failure
* condition).
*
* If ARM_STORAGE_CAPABILITIES::asynchronous_ops is set, a storage driver may
* still choose to execute asynchronous operations in a synchronous manner. If
* so, the driver returns a positive value to indicate successful synchronous
* completion (or an error code in case of failure) and no further invocation of
* completion callback should be expected. The expected return value for
* synchronous completion of such asynchronous operations varies depending on
* the operation. For operations involving data access, it often equals the
* amount of data transferred or affected. For non data-transfer operations,
* such as EraseAll or Initialize, it is usually 1.
*
* Here's a code snippet to suggest how asynchronous APIs might be used by
* callers to handle both synchronous and asynchronous execution by the
* underlying storage driver:
* \code
* ASSERT(ARM_DRIVER_OK == 0); // this is a precondition; it doesn't need to be put in code
* int32_t returnValue = drv->asynchronousAPI(...);
* if (returnValue < ARM_DRIVER_OK) {
* // handle error.
* } else if (returnValue == ARM_DRIVER_OK) {
* ASSERT(drv->GetCapabilities().asynchronous_ops == 1);
* // handle early return from asynchronous execution; remainder of the work is done in the callback handler.
* } else {
* ASSERT(returnValue == EXPECTED_RETURN_VALUE_FOR_SYNCHRONOUS_COMPLETION);
* // handle synchronous completion.
* }
* \endcode
*/
typedef struct _ARM_DRIVER_STORAGE {
/**
* \brief Get driver version.
*
* The function GetVersion() returns version information of the driver implementation in ARM_DRIVER_VERSION.
*
* - API version is the version of the CMSIS-Driver specification used to implement this driver.
* - Driver version is source code version of the actual driver implementation.
*
* Example:
* \code
* extern ARM_DRIVER_STORAGE *drv_info;
*
* void read_version (void) {
* ARM_DRIVER_VERSION version;
*
* version = drv_info->GetVersion ();
* if (version.api < 0x10A) { // requires at minimum API version 1.10 or higher
* // error handling
* return;
* }
* }
* \endcode
*
* @return \ref ARM_DRIVER_VERSION.
*
* @note This API returns synchronously--it does not result in an invocation
* of a completion callback.
*
* @note The function GetVersion() can be called any time to obtain the
* required information from the driver (even before initialization). It
* always returns the same information.
*/
ARM_DRIVER_VERSION (*GetVersion)(void);
/**
* \brief Get driver capabilities.
*
* \details The function GetCapabilities() returns information about
* capabilities in this driver implementation. The data fields of the struct
* ARM_STORAGE_CAPABILITIES encode various capabilities, for example if the device
* is able to execute operations asynchronously.
*
* Example:
* \code
* extern ARM_DRIVER_STORAGE *drv_info;
*
* void read_capabilities (void) {
* ARM_STORAGE_CAPABILITIES drv_capabilities;
*
* drv_capabilities = drv_info->GetCapabilities ();
* // interrogate capabilities
*
* }
* \endcode
*
* @return \ref ARM_STORAGE_CAPABILITIES.
*
* @note This API returns synchronously--it does not result in an invocation
* of a completion callback.
*
* @note The function GetCapabilities() can be called any time to obtain the
* required information from the driver (even before initialization). It
* always returns the same information.
*/
ARM_STORAGE_CAPABILITIES (*GetCapabilities)(void);
/**
* \brief Initialize the Storage Interface.
*
* The function Initialize is called when the middleware component starts
* operation. In addition to bringing the controller to a ready state,
* Initialize() receives a callback handler to be invoked upon completion of
* asynchronous operations.
*
* Initialize() needs to be called explicitly before
* powering the peripheral using PowerControl(), and before initiating other
* accesses to the storage controller.
*
* The function performs the following operations:
* - Initializes the resources needed for the Storage interface.
* - Registers the \ref ARM_Storage_Callback_t callback function.
*
* To start working with a peripheral the functions Initialize and PowerControl need to be called in this order:
* drv->Initialize (...); // Allocate I/O pins
* drv->PowerControl (ARM_POWER_FULL); // Power up peripheral, setup IRQ/DMA
*
* - Initialize() typically allocates the I/O resources (pins) for the
* peripheral. The function can be called multiple times; if the I/O resources
* are already initialized it performs no operation and just returns with
* ARM_DRIVER_OK.
*
* - PowerControl (ARM_POWER_FULL) sets the peripheral registers including
* interrupt (NVIC) and optionally DMA. The function can be called multiple
* times; if the registers are already set it performs no operation and just
* returns with ARM_DRIVER_OK.
*
* To stop working with a peripheral the functions PowerControl and Uninitialize need to be called in this order:
* drv->PowerControl (ARM_POWER_OFF); // Terminate any pending transfers, reset IRQ/DMA, power off peripheral
* drv->Uninitialize (...); // Release I/O pins
*
* The functions PowerControl and Uninitialize always execute and can be used
* to put the peripheral into a Safe State, for example after any data
* transmission errors. To restart the peripheral in an error condition,
* you should first execute the Stop Sequence and then the Start Sequence.
*
* @param [in] callback
* Caller-defined callback to be invoked upon command completion
* for asynchronous APIs (including the completion of
* initialization). Use a NULL pointer when no callback
* signals are required.
*
* @note This API may execute asynchronously if
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
* execution is optional even if 'asynchronous_ops' is set.
*
* @return If asynchronous activity is launched, an invocation returns
* ARM_DRIVER_OK, and the caller can expect to receive a callback in the
* future with a status value of ARM_DRIVER_OK or an error-code. In the
* case of synchronous execution, control returns after completion with a
* value of 1. Return values less than ARM_DRIVER_OK (0) signify errors.
*/
int32_t (*Initialize)(ARM_Storage_Callback_t callback);
/**
* \brief De-initialize the Storage Interface.
*
* The function Uninitialize() de-initializes the resources of Storage interface.
*
* It is called when the middleware component stops operation, and wishes to
* release the software resources used by the interface.
*
* @note This API may execute asynchronously if
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
* execution is optional even if 'asynchronous_ops' is set.
*
* @return If asynchronous activity is launched, an invocation returns
* ARM_DRIVER_OK, and the caller can expect to receive a callback in the
* future with a status value of ARM_DRIVER_OK or an error-code. In the
* case of synchronous execution, control returns after completion with a
* value of 1. Return values less than ARM_DRIVER_OK (0) signify errors.
*/
int32_t (*Uninitialize)(void);
/**
* \brief Control the Storage interface power.
*
* The function \b ARM_Storage_PowerControl operates the power modes of the Storage interface.
*
* To start working with a peripheral the functions Initialize and PowerControl need to be called in this order:
* drv->Initialize (...); // Allocate I/O pins
* drv->PowerControl (ARM_POWER_FULL); // Power up peripheral, setup IRQ/DMA
*
* - Initialize() typically allocates the I/O resources (pins) for the
* peripheral. The function can be called multiple times; if the I/O resources
* are already initialized it performs no operation and just returns with
* ARM_DRIVER_OK.
*
* - PowerControl (ARM_POWER_FULL) sets the peripheral registers including
* interrupt (NVIC) and optionally DMA. The function can be called multiple
* times; if the registers are already set it performs no operation and just
* returns with ARM_DRIVER_OK.
*
* To stop working with a peripheral the functions PowerControl and Uninitialize need to be called in this order:
*
* drv->PowerControl (ARM_POWER_OFF); // Terminate any pending transfers, reset IRQ/DMA, power off peripheral
* drv->Uninitialize (...); // Release I/O pins
*
* The functions PowerControl and Uninitialize always execute and can be used
* to put the peripheral into a Safe State, for example after any data
* transmission errors. To restart the peripheral in an error condition,
* you should first execute the Stop Sequence and then the Start Sequence.
*
* @param state
* \ref ARM_POWER_STATE. The target power-state for the storage controller.
* The parameter state can have the following values:
* - ARM_POWER_FULL : set-up peripheral for data transfers, enable interrupts
* (NVIC) and optionally DMA. Can be called multiple times. If the peripheral
* is already in this mode, then the function performs no operation and returns
* with ARM_DRIVER_OK.
* - ARM_POWER_LOW : may use power saving. Returns ARM_DRIVER_ERROR_UNSUPPORTED when not implemented.
* - ARM_POWER_OFF : terminates any pending data transfers, disables peripheral, disables related interrupts and DMA.
*
* @note This API may execute asynchronously if
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
* execution is optional even if 'asynchronous_ops' is set.
*
* @return If asynchronous activity is launched, an invocation returns
* ARM_DRIVER_OK, and the caller can expect to receive a callback in the
* future with a status value of ARM_DRIVER_OK or an error-code. In the
* case of synchronous execution, control returns after completion with a
* value of 1. Return values less than ARM_DRIVER_OK (0) signify errors.
*/
int32_t (*PowerControl)(ARM_POWER_STATE state);
/**
* \brief read the contents of a given address range from the storage device.
*
* \details Read the contents of a range of storage memory into a buffer
* supplied by the caller. The buffer is owned by the caller and should
* remain accessible for the lifetime of this command.
*
* @param [in] addr
* This specifies the address from where to read data.
*
* @param [out] data
* The destination of the read operation. The buffer
* is owned by the caller and should remain accessible for the
* lifetime of this command.
*
* @param [in] size
* The number of bytes requested to read. The data buffer
* should be at least as large as this size.
*
* @note This API may execute asynchronously if
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
* execution is optional even if 'asynchronous_ops' is set.
*
* @return If asynchronous activity is launched, an invocation returns
* ARM_DRIVER_OK, and the caller can expect to receive a callback in the
* future with the number of successfully transferred bytes passed in as
* the 'status' parameter. In the case of synchronous execution, control
* returns after completion with a positive transfer-count. Return values
* less than ARM_DRIVER_OK (0) signify errors.
*/
int32_t (*ReadData)(uint64_t addr, void *data, uint32_t size);
/**
* \brief program (write into) the contents of a given address range of the storage device.
*
* \details Write the contents of a given memory buffer into a range of
* storage memory. In the case of flash memory, the destination range in
* storage memory typically has its contents in an erased state from a
* preceding erase operation. The source memory buffer is owned by the
* caller and should remain accessible for the lifetime of this command.
*
* @param [in] addr
* This is the start address of the range to be written into. It
* needs to be aligned to the device's \em program_unit
* specified in \ref ARM_STORAGE_INFO.
*
* @param [in] data
* The source of the write operation. The buffer is owned by the
* caller and should remain accessible for the lifetime of this
* command.
*
* @param [in] size
* The number of bytes requested to be written. The buffer
* should be at least as large as this size. \note 'size' should
* be a multiple of the device's 'program_unit' (see \ref
* ARM_STORAGE_INFO).
*
* @note It is best for the middleware to write in units of
* 'optimal_program_unit' (\ref ARM_STORAGE_INFO) of the device.
*
* @note This API may execute asynchronously if
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
* execution is optional even if 'asynchronous_ops' is set.
*
* @return If asynchronous activity is launched, an invocation returns
* ARM_DRIVER_OK, and the caller can expect to receive a callback in the
* future with the number of successfully transferred bytes passed in as
* the 'status' parameter. In the case of synchronous execution, control
* returns after completion with a positive transfer-count. Return values
* less than ARM_DRIVER_OK (0) signify errors.
*/
int32_t (*ProgramData)(uint64_t addr, const void *data, uint32_t size);
/**
* @brief Erase Storage range.
*
* @details This function erases a range of storage specified by [addr, addr +
* size). Both 'addr' and 'addr + size' should align with the
* 'erase_unit'(s) of the respective owning storage block(s) (see \ref
* ARM_STORAGE_BLOCK and \ref ARM_STORAGE_BLOCK_ATTRIBUTES). The range to
* be erased will have its contents returned to the un-programmed state--
* i.e. to 'erased_value' (see \ref ARM_STORAGE_BLOCK_ATTRIBUTES), which
* is usually 1 to indicate the pattern of all ones: 0xFF.
*
* @param [in] addr
* This is the start-address of the range to be erased. It must
* start at an 'erase_unit' boundary of the underlying block.
*
* @param [in] size
* Size (in bytes) of the range to be erased. 'addr + size'
* must be aligned with the 'erase_unit' of the underlying
* block.
*
* @note This API may execute asynchronously if
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
* execution is optional even if 'asynchronous_ops' is set.
*
* @return
* If the range to be erased doesn't align with the erase_units of the
* respective start and end blocks, ARM_DRIVER_ERROR_PARAMETER is returned.
* If any part of the range is protected, ARM_STORAGE_ERROR_PROTECTED is
* returned. If any part of the range is not erasable,
* ARM_STORAGE_ERROR_NOT_ERASABLE is returned. All such sanity-check
* failures result in the error code being returned synchronously and the
* storage bytes within the range remain unaffected.
* Otherwise the function executes in the following ways:
* If asynchronous activity is launched, an invocation returns
* ARM_DRIVER_OK, and the caller can expect to receive a callback in the
* future with the number of successfully erased bytes passed in as
* the 'status' parameter. In the case of synchronous execution, control
* returns after completion with a positive erase-count. Return values
* less than ARM_DRIVER_OK (0) signify errors.
*
* @note Erase() may return a smaller (positive) value than the size of the
* requested range. The returned value indicates the actual number of bytes
* erased. It is the caller's responsibility to follow up with an appropriate
* request to complete the operation.
*
* @note in the case of a failed erase (except when
* ARM_DRIVER_ERROR_PARAMETER, ARM_STORAGE_ERROR_PROTECTED, or
* ARM_STORAGE_ERROR_NOT_ERASABLE is returned synchronously), the
* requested range should be assumed to be in an unknown state. The
* previous contents may not be retained.
*/
int32_t (*Erase)(uint64_t addr, uint32_t size);
/**
* @brief Erase complete storage. Optional function for faster erase of the complete device.
*
* This optional function erases the complete device. If the device does not
* support global erase then the function returns the error value \ref
* ARM_DRIVER_ERROR_UNSUPPORTED. The data field \em 'erase_all' =
* \token{1} of the structure \ref ARM_STORAGE_CAPABILITIES encodes that
* \ref ARM_STORAGE_EraseAll is supported.
*
* @note This API may execute asynchronously if
* ARM_STORAGE_CAPABILITIES::asynchronous_ops is set. Asynchronous
* execution is optional even if 'asynchronous_ops' is set.
*
* @return
* If any part of the storage range is protected,
* ARM_STORAGE_ERROR_PROTECTED is returned. If any part of the storage
* range is not erasable, ARM_STORAGE_ERROR_NOT_ERASABLE is returned. All
* such sanity-check failures result in the error code being returned
* synchronously and the storage bytes within the range remain unaffected.
* Otherwise the function executes in the following ways:
* If asynchronous activity is launched, an invocation returns
* ARM_DRIVER_OK, and the caller can expect to receive a callback in the
* future with ARM_DRIVER_OK passed in as the 'status' parameter. In the
* case of synchronous execution, control returns after completion with a
* value of 1. Return values less than ARM_DRIVER_OK (0) signify errors.
*/
int32_t (*EraseAll)(void);
/**
* @brief Get the status of the current (or previous) command executed by the
* storage controller; stored in the structure \ref ARM_STORAGE_STATUS.
*
* @return
* The status of the underlying controller.
*
* @note This API returns synchronously--it does not result in an invocation
* of a completion callback.
*/
ARM_STORAGE_STATUS (*GetStatus)(void);
/**
* @brief Get information about the Storage device; stored in the structure \ref ARM_STORAGE_INFO.
*
* @param [out] info
* A caller-supplied buffer capable of being filled in with an
* \ref ARM_STORAGE_INFO.
*
* @return ARM_DRIVER_OK if a ARM_STORAGE_INFO structure containing top level
* metadata about the storage controller is filled into the supplied
* buffer, else an appropriate error value.
*
* @note It is the caller's responsibility to ensure that the buffer passed in
* is able to be initialized with a \ref ARM_STORAGE_INFO.
*
* @note This API returns synchronously--it does not result in an invocation
* of a completion callback.
*/
int32_t (*GetInfo)(ARM_STORAGE_INFO *info);
/**
* \brief For memory-mapped storage, resolve an address relative to
* the storage controller into a memory address.
*
* @param addr
* This is the address for which we want a resolution to the
* processor's physical address space. It is an offset from the
* start of the storage map maintained by the owning storage
* controller.
*
* @return
* The resolved address in the processor's address space; else
* ARM_STORAGE_INVALID_ADDRESS, if no resolution is possible.
*
* @note This API returns synchronously. The invocation should return quickly,
* and result in a resolved address.
*/
uint32_t (*ResolveAddress)(uint64_t addr);
/**
* @brief Advance to the successor of the current block (iterator), or fetch
* the first block (if 'prev_block' is passed in as NULL).
*
* @details This helper function fetches (an iterator to) the next block (or
* the first block if 'prev_block' is passed in as NULL). In the failure
* case, a terminating, invalid block iterator is filled into the out
* parameter: 'next_block'. In combination with \ref
* ARM_STORAGE_VALID_BLOCK(), it can be used to iterate over the sequence
* of blocks within the storage map:
*
* \code
* ARM_STORAGE_BLOCK block;
* for (drv->GetNextBlock(NULL, &block); ARM_STORAGE_VALID_BLOCK(&block); drv->GetNextBlock(&block, &block)) {
* // make use of block
* }
* \endcode
*
* @param[in] prev_block
* An existing block (iterator) within the same storage
* controller. The memory buffer holding this block is owned
* by the caller. This pointer may be NULL; if so, the
* invocation fills in the first block into the out parameter:
* 'next_block'.
*
* @param[out] next_block
* A caller-owned buffer large enough to be filled in with
* the following ARM_STORAGE_BLOCK. It is legal to provide the
* same buffer using 'next_block' as was passed in with 'prev_block'. It
* is also legal to pass a NULL into this parameter if the
* caller isn't interested in populating a buffer with the next
* block--i.e. if the caller only wishes to establish the
* presence of a next block.
*
* @return ARM_DRIVER_OK if a valid next block is found (or first block, if
* prev_block is passed as NULL); upon successful operation, the contents
* of the next (or first) block are filled into the buffer pointed to by
* the parameter 'next_block' and ARM_STORAGE_VALID_BLOCK(next_block) is
* guaranteed to be true. Upon reaching the end of the sequence of blocks
* (iterators), or in case the driver is unable to fetch information about
* the next (or first) block, an error (negative) value is returned and an
* invalid StorageBlock is populated into the supplied buffer. If
* prev_block is NULL, the first block is returned.
*
* @note This API returns synchronously--it does not result in an invocation
* of a completion callback.
*/
int32_t (*GetNextBlock)(const ARM_STORAGE_BLOCK* prev_block, ARM_STORAGE_BLOCK *next_block);
/**
* @brief Find the storage block (iterator) encompassing a given storage address.
*
* @param[in] addr
* Storage address in bytes.
*
* @param[out] block
* A caller-owned buffer large enough to be filled in with the
* ARM_STORAGE_BLOCK encapsulating the given address. This value
* can also be passed in as NULL if the caller isn't interested
* in populating a buffer with the block--if the caller only
* wishes to establish the presence of a containing storage
* block.
*
* @return ARM_DRIVER_OK if a containing storage-block is found. In this case,
* if block is non-NULL, the buffer pointed to by it is populated with
* the contents of the storage block--i.e. if block is valid and a block is
* found, ARM_STORAGE_VALID_BLOCK(block) would return true following this
* call. If there is no storage block containing the given offset, or in
* case the driver is unable to resolve an address to a storage-block, an
* error (negative) value is returned and an invalid StorageBlock is
* populated into the supplied buffer.
*
* @note This API returns synchronously--it does not result in an invocation
* of a completion callback.
*/
int32_t (*GetBlock)(uint64_t addr, ARM_STORAGE_BLOCK *block);
} const ARM_DRIVER_STORAGE;
#ifdef __cplusplus
}
#endif // __cplusplus
#endif /* __DRIVER_STORAGE_H */
/** @}*/
|
