Skip to main content
Topic: Bus Pirate communication in SPI Mode / SPI speed (Read 219 times) previous topic - next topic

Bus Pirate communication in SPI Mode / SPI speed

Hello everyone,

I have one question related to the Bus Pirates SPI Mode and the configuration of the SPI speed.

I have a Script with that I can read out the content of the first page of a NAND Flash.
That script does the following.
makes the BP enter BBIO1 Mode (20* 0x00) -> makes the BP enter SPI Mode (0x01) -> configures the SPI speed and the SPI Mode (0x64 = 2MHz and 0x8a = CLK idle low, CKE Edge from active to idle, w=3.3V, SMP Sample = Middle) -> supplies power to the NAND Flash and activates CS (0x49).
After all the configuration is done it reads out the first page that is automatically loaded into the Cache from the Flash when it is powered up.

To do so, I used the Write-then-read function: 0x04 0x00 0x04 0x08 0x80 0x03 0x00 0x00 0x00

When I look at the file that contains the content of the first page, it looks like a part of the content is cutted off from the rest and in between there are a bunch of 0 bytes (sometimes 0xFF bytes it does look inconsitent).  Besides of that I know how the first page has to look like and the beginning is correct but once I reach the middle or so it should look different.
I tried a few things until I found out that when I change the SPI speed the output gets even messier. That's why I assume it has something to do with that.
I would like to ask you guys if someone of you knows and can explain me why my output is different with a different SPI speed and how do I determine which SPI speed I need to use and what if the speed value that I need is not part of the 8 values that the BP supports?

Re: Bus Pirate communication in SPI Mode / SPI speed

Reply #1
Speed is tricky, some newer flash have minimum speeds. Generally I like to go slow because there's so much delay between bytes anyways that 2mhz vs 100khz isn't going to change much.

Quote
To do so, I used the Write-then-read function: 0x04 0x00 0x04 0x08 0x80 0x03 0x00 0x00 0x00

I'm not clear what this means. This is the result?

What chip is it? Are there setup and configuration commands, or address commands? Is your script handling that?
Got a question? Please ask in the forum for the fastest answers.

Re: Bus Pirate communication in SPI Mode / SPI speed

Reply #2
I'm not clear what this means. This is the result?

What chip is it? Are there setup and configuration commands, or address commands? Is your script handling that?

Hello Ian,

thank you for replying.

First of all about the byte sequence that I posted. (0x04 0x00 0x04 0x08 0x80 0x03 0x00 0x00 0x00)

http://dangerousprototypes.com/docs/SPI_(binary)#00000100_-_Write_then_read
I was referring to this site. I use the Write then read command from the Bus Pirate to read out the content.
Basically 0x04 is the BP command,
the next two bytes 0x00 0x04 are the number of bytes that I will write,
the next two bytes 0x08 0x80 are the number of bytes that I want to read (2176),
and the last four bytes are the bytes that I want to write. In my case 0x03 is the read page from cache command from my flash and the following three bytes are the parameters.
This is what I send to the Bus Pirate.

The Flash that I am trying to read is this one: GD5F1GQ4RCYIG from Giga Device.

There are specific commands to transfer pages to the cache and to read pages from the cache.
That's not necessary for the first page though because the Flash reads the first page automatically to the Cache when the Flash is supplied with power, that means for the first page I can start directly with the read page from Cache command.

Re: Bus Pirate communication in SPI Mode / SPI speed

Reply #3
Have you tried it from the terminal to see if you can get bytes manually to verify everything? That would be my next step.
Got a question? Please ask in the forum for the fastest answers.

Re: Bus Pirate communication in SPI Mode / SPI speed

Reply #4
Hello Ian,

when I communicate with the BP via terminal I get the same result.

Re: Bus Pirate communication in SPI Mode / SPI speed

Reply #5
Btw is it possible to use other SPI speeds then the possible 8 (30KHz, 125KHz, 250KHz, 1MHz, 2MHz, 2,6MHz, 4 MHz, 8MHz)?
Something like 2.3 MHz for example, I am just wondering if it's possible to let the BP communicating at such a speed.

Edit: The wires that I use to set the connection are around 15cm long, do you think this may be too long?

Re: Bus Pirate communication in SPI Mode / SPI speed

Reply #6
The SPI speeds are taken from the internal clock, so all will be a fraction of that (16mhz I believe). The difference between 2.0 and 2.3 and 2.6MHZ shouldn't usually be an issue. At 2MHz 15cm is a pretty long wire, usually traces are just several cm of copper.
Got a question? Please ask in the forum for the fastest answers.

Re: Bus Pirate communication in SPI Mode / SPI speed

Reply #7
Btw is it possible to use other SPI speeds then the possible 8 (30KHz, 125KHz, 250KHz, 1MHz, 2MHz, 2,6MHz, 4 MHz, 8MHz)?
Something like 2.3 MHz for example, I am just wondering if it's possible to let the BP communicating at such a speed.

Hi Ramazuri.
Firmware 7.x has been improved with new speeds for SPI protocol.
New speeds are:

 1.  30KHz
 2. 125KHz
 3. 250KHz
 4.  1MHz
 5.  50KHz
 6. 1.3MHz
 7.  2MHz
 8. 2.6MHz
 9. 3.2MHz
10.  4MHz
11. 5.3MHz
12.  8MHz

Therefore now in binary mode SPI (bitbang) firmware v7.x natively allow to use these new speeds:

01100xxx - SPI speed
bytes 0x60 SPI speed=30kHz (default startup speed), responds 0×01 on success
bytes 0x61 SPI speed=125kHz (default startup speed is 30kHz), responds 0×01 on success
bytes 0x62 SPI speed=250kHz (default startup speed is 30kHz), responds 0×01 on success
bytes 0x63 SPI speed=1MHz (default startup speed is 30kHz), responds 0×01 on success
bytes 0x64 SPI speed=2MHz (default startup speed is 30kHz), responds 0×01 on success
bytes 0x65 SPI speed=2.6MHz (default startup speed is 30kHz), responds 0×01 on success
bytes 0x66 SPI speed=4MHz (default startup speed is 30kHz), responds 0×01 on success
bytes 0x67 SPI speed=8MHz (default startup speed is 30kHz), responds 0×01 on success

While in binary mode bitbang you want 2.3MHz as speed for the SPI protocol.
Main clock into the Bus Pirate v3 is 16MHz and 16MHz/2.3MHz = ~7, so by reading the datasheet 24FJ64GA002.pdf (http://ww1.microchip.com/downloads/en/devicedoc/39881c.pdf) page 147 and 150, it can be seen that by setting Primary prescale 1:1 = 11b and Secondary prescale 7:1 = 001b it is possible to get just about ~2.3MHz (2.285MHz).

Into spi.c the firmware v7.x has programmed the following presacaler values


    0b00000000, /*  31 kHz - Primary prescaler 64:1 / Secondary prescaler 8:1 */
    0b00001100, /*  50 kHz - Primary prescaler 64:1 / Secondary prescaler 5:1 */
    0b00011000, /* 125 kHz - Primary prescaler 64:1 / Secondary prescaler 2:1 */
    0b00011100, /* 250 kHz - Primary prescaler 64:1 / Secondary prescaler 1:1 */
    0b00011101, /*   1 MHz - Primary prescaler 16:1 / Secondary prescaler 1:1 */
    0b00010110, /* 1.3 MHz - Primary prescaler  4:1 / Secondary prescaler 3:1 */
    0b00011010, /*   2 MHz - Primary prescaler  4:1 / Secondary prescaler 2:1 */
    0b00001011, /* 2.6 MHz - Primary prescaler  1:1 / Secondary prescaler 6:1 */
    0b00001111, /* 3.2 MHz - Primary prescaler  1:1 / Secondary prescaler 5:1 */
    0b00011110, /*   4 MHz - Primary prescaler  4:1 / Secondary prescaler 1:1 */
    0b00010111, /* 5.3 MHz - Primary prescaler  1:1 / Secondary prescaler 3:1 */
    0b00011011, /*   8 MHz - Primary prescaler  1:1 / Secondary prescaler 2:1 */



To reach your goal you have to change 2.6MHz so that it becomes 2.3MHz, namely:

     0b00001011, /* 2.3 MHz - Primary prescaler  1:1 / Secondary prescaler 7:1 */

As well you need to change also the label 2.6MHz into menu as 2.3MHz.
Using the updated prescaler table, build your own custom firmware.
In my opinion this is the easiest way to get what you wish.

Be seeing you.
 
U.Sb

Re: Bus Pirate communication in SPI Mode / SPI speed

Reply #8
Hello USBEprom,

these are some very valuable information. Thank you a lot for replying.

Btw. I managed to read out the first page entirely yesterday with the 2 MHz. I had to use a little trick though. I splitted the page into 4 areas with the same size and then I read out the 4 areas one by one. Seems like I can get 544 Byte consitantly every time. Finally some progress :D

Re: Bus Pirate communication in SPI Mode / SPI speed

Reply #9
Hi Ramazuri.
That sound good.
If you feel like it, do not forget to explain exactly how you did it by proposing the commands you used to reach the goal.
Thanks.
From my side I thought it might be enough to do as explained here, taking into account that some memory areas could be protected, but in that case even FLASHROM would fail:

http://dangerousprototypes.com/forum/index.php?topic=7950.msg63904#msg63904

However, there is a typo in what I wrote, because to program the new 2.3MHz speed it is need to set the secondary prescaler in this way, not as I wrote:

To reach your goal you have to change 2.6MHz so that it becomes 2.3MHz, namely:

     0b00000111, /* 2.3 MHz - Primary prescaler  1:1 / Secondary prescaler 7:1 */

Sorry about that.

Be seeing you.
 
U.Sb

Re: Bus Pirate communication in SPI Mode / SPI speed

Reply #10
I will explain how I did it after finishing it.
Unfortunately I had an other problem. I can read everything up to block 4.
After that it looks like the script doesn't load the blocks correctly and it repeats the first 3 blocks when I reach certain addresses, so I guess there is still something wrong with the addresses that I have to fix.

The output that I get if I load one of those blocks manually is UBI.

Re: Bus Pirate communication in SPI Mode / SPI speed

Reply #11
Ok I managed to fix everything. I will describe real quick what I did to read out the content.
I had a couple of problems until I managed to fix everything, I still don't know why a few of these problems occured but I will describe them and how I fixed them.

Since the device that I worked with was a NAND flash I couldn't simply perform the 0x03 operation (seems to be an operation code for a read operation in many flash memorys).
I had to perform a page read to cache operation first and then I could read the page from the cache.
My device consisted of 1024 blocks in total and every block had 64 pages.
One page consisted of 2048 Bytes + 128 Byte. (Only the first 2048 Bytes of each page were interesting for me)
The first page of the first block is loaded into the cache automatically after powering up the device.

First of all I had to set up my BusPirate.
To do so, I used the following input:
20x 0x00 (Enter BBIO Mode)
0x01 (Enter SPI Mode)
0x64 (set SPI speed to 2MHz)
0x8a(CLK idle low, CKE Edge from active to idle, w=3.3V, SMP Sample = Middle)
0x49(activates CS and powers up the BP)

My next steps are basically:
Reading out the first page that is automatically loaded into the cache and after that go through every page in every block, loading them into the cache via a loop one by one and writing the output into a file.

To send the operations codes to my flash that were necessary I used the write-then-read-command of the BusPirate.
Basically 0x04 and then the parameters.
The last parameter of this function is the command that I want to use to my flash.
So I used this function to send a read page to cache command to my flash followed by a read page from cache command.
This is the idea behind it.

I had two significant problems:

1. I couldn't read an entire page from the cache, if I tried to read 2048 Byte, the first 700 Bytes (sometimes more and sometimes less, it was really inconsistent) were written correctly to the file and the rest was just a bunch of 0 Bytes or F Bytes.
I found out, while I was playing around with the settings that the number of "correct bytes" changed when I altered the SPI speed.
Unfortunately 2MHz worked best for me, with that SPI speed I managed to get the ~700 Bytes mentioned above.

What I did to fix that:
I simply splitted the pages into 4 * 512 Bytes.
Instead of reading the entire page, I loaded the same page 4 times and performed a read operation with a different offset. (+512 Bytes then the last one).   

2. I couldn't perform more then 2 write-then-read operations. After the third operation the BP started to do weird things and it ended up in BBIO Mode and started to change settings and stuff.

What I did to fix that:
I simply reinitiated the BP after every second write-then-read command.
20x 0x00 (BBIO Mode)
0x0f (BP Reset)
20x 0x00 (BBIO Mode)
and then SPI Mode, SPI speed and general settings.
Of course this made the whole thing slower, but I still managed to read the whole NAND flash (1Gb) in around 20 to 30 minutes. At least it worked this way and I think 30 minutes is still ok.

 

Re: Bus Pirate communication in SPI Mode / SPI speed

Reply #12
Glad you got it going.
Got a question? Please ask in the forum for the fastest answers.