diff --git a/stm32/mk4-bootloader/releases/3.1.1.txt b/stm32/mk4-bootloader/releases/3.1.1.txt new file mode 100644 index 00000000..e94ec2d0 --- /dev/null +++ b/stm32/mk4-bootloader/releases/3.1.1.txt @@ -0,0 +1,4 @@ +0fe21e4b6a25f32652b18e2aa1f20ea3c14310df40e7c7c7888800973aa3f34b bootloader.dfu +5a75e0d02ddba8bd7598d56b304c755713539021c7e87ea623474147f708d61b bootloader.bin +f72586e558b9bccafd02e3c8ddf796197deb0943a297f8eb9c37bf43a1efdb94 bootloader.lss +3.1.1 time=20220314.093111 git=mk4@8300b54 diff --git a/stm32/mk4-bootloader/releases/3.1.1/bootloader.bin b/stm32/mk4-bootloader/releases/3.1.1/bootloader.bin new file mode 100644 index 00000000..f65b5db2 Binary files /dev/null and b/stm32/mk4-bootloader/releases/3.1.1/bootloader.bin differ diff --git a/stm32/mk4-bootloader/releases/3.1.1/bootloader.dfu b/stm32/mk4-bootloader/releases/3.1.1/bootloader.dfu new file mode 100644 index 00000000..bf37cb61 Binary files /dev/null and b/stm32/mk4-bootloader/releases/3.1.1/bootloader.dfu differ diff --git a/stm32/mk4-bootloader/releases/3.1.1/bootloader.lss b/stm32/mk4-bootloader/releases/3.1.1/bootloader.lss new file mode 100644 index 00000000..96ee2985 --- /dev/null +++ b/stm32/mk4-bootloader/releases/3.1.1/bootloader.lss @@ -0,0 +1,34515 @@ + +bootloader.elf: file format elf32-littlearm + +Sections: +Idx Name Size VMA LMA File off Algn + 0 .text 0000e9bc 08000000 08000000 00010000 2**8 + CONTENTS, ALLOC, LOAD, READONLY, CODE + 1 .relocate 00000150 2009e000 0800e9bc 0002e000 2**2 + CONTENTS, ALLOC, LOAD, READONLY, CODE + 2 .bss 000002e8 2009e150 0800eb0c 0002e150 2**2 + ALLOC + 3 .stack 00000800 2009e438 0800edf4 0002e150 2**0 + ALLOC + 4 .debug_info 0002bc31 00000000 00000000 0002e150 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 5 .debug_abbrev 00005f32 00000000 00000000 00059d81 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 6 .debug_loc 000145be 00000000 00000000 0005fcb3 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 7 .debug_aranges 000010c0 00000000 00000000 00074271 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 8 .debug_ranges 00002150 00000000 00000000 00075331 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 9 .debug_macro 0003240c 00000000 00000000 00077481 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 10 .debug_line 0001dbf7 00000000 00000000 000a988d 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 11 .debug_str 0011cb59 00000000 00000000 000c7484 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 12 .comment 00000049 00000000 00000000 001e3fdd 2**0 + CONTENTS, READONLY + 13 .ARM.attributes 00000032 00000000 00000000 001e4026 2**0 + CONTENTS, READONLY + 14 .debug_frame 000036cc 00000000 00000000 001e4058 2**2 + CONTENTS, READONLY, DEBUGGING, OCTETS + +Disassembly of section .text: + +08000000 <_sfixed>: + 8000000: 200a0000 .word 0x200a0000 + 8000004: 080000b5 .word 0x080000b5 + 8000008: 0800001d .word 0x0800001d + 800000c: 0800001f .word 0x0800001f + 8000010: 08000021 .word 0x08000021 + 8000014: 08000023 .word 0x08000023 + 8000018: 08000025 .word 0x08000025 + +0800001c : + 800001c: be01 bkpt 0x0001 + +0800001e : + 800001e: be02 bkpt 0x0002 + +08000020 : + 8000020: be03 bkpt 0x0003 + +08000022 : + 8000022: be04 bkpt 0x0004 + +08000024 : + 8000024: be05 bkpt 0x0005 + 8000026: e7fe b.n 8000026 + +08000028 : + ... + 8000040: 08000305 .word 0x08000305 + +08000044 : + 8000044: 00000200 .word 0x00000200 + ... + 8000060: 20296328 .word 0x20296328 + 8000064: 79706f43 .word 0x79706f43 + 8000068: 68676972 .word 0x68676972 + 800006c: 30322074 .word 0x30322074 + 8000070: 322d3831 .word 0x322d3831 + 8000074: 20323230 .word 0x20323230 + 8000078: 43207962 .word 0x43207962 + 800007c: 6b6e696f .word 0x6b6e696f + 8000080: 20657469 .word 0x20657469 + 8000084: 2e636e49 .word 0x2e636e49 + 8000088: 0a200a20 .word 0x0a200a20 + 800008c: 73696854 .word 0x73696854 + 8000090: 61707320 .word 0x61707320 + 8000094: 66206563 .word 0x66206563 + 8000098: 7220726f .word 0x7220726f + 800009c: 21746e65 .word 0x21746e65 + 80000a0: 73754a20 .word 0x73754a20 + 80000a4: 42312074 .word 0x42312074 + 80000a8: 792f4354 .word 0x792f4354 + 80000ac: 2e726165 .word 0x2e726165 + 80000b0: 0a200a20 .word 0x0a200a20 + +080000b4 : + 80000b4: f000 f816 bl 80000e4 + 80000b8: f04f 30ff mov.w r0, #4294967295 ; 0xffffffff + 80000bc: f04f 0100 mov.w r1, #0 + 80000c0: f04f 0200 mov.w r2, #0 + 80000c4: f04f 0300 mov.w r3, #0 + 80000c8: f000 f91c bl 8000304 + 80000cc: f248 0120 movw r1, #32800 ; 0x8020 + 80000d0: ea4f 3101 mov.w r1, r1, lsl #12 + 80000d4: 6808 ldr r0, [r1, #0] + 80000d6: 4685 mov sp, r0 + 80000d8: f04f 0001 mov.w r0, #1 + 80000dc: f8d1 e004 ldr.w lr, [r1, #4] + 80000e0: 4770 bx lr + ... + +080000e4 : + void +firewall_setup(void) +{ + // This is critical: without the clock enabled to "SYSCFG" we + // can't tell the FW is enabled or not! Enabling it would also not work + __HAL_RCC_SYSCFG_CLK_ENABLE(); + 80000e4: 4b1b ldr r3, [pc, #108] ; (8000154 ) +{ + 80000e6: b500 push {lr} + __HAL_RCC_SYSCFG_CLK_ENABLE(); + 80000e8: 6e1a ldr r2, [r3, #96] ; 0x60 + 80000ea: f042 0201 orr.w r2, r2, #1 + 80000ee: 661a str r2, [r3, #96] ; 0x60 + 80000f0: 6e1b ldr r3, [r3, #96] ; 0x60 +{ + 80000f2: b08b sub sp, #44 ; 0x2c + __HAL_RCC_SYSCFG_CLK_ENABLE(); + 80000f4: f003 0301 and.w r3, r3, #1 + 80000f8: 9300 str r3, [sp, #0] + 80000fa: 9b00 ldr r3, [sp, #0] + + if(__HAL_FIREWALL_IS_ENABLED()) { + 80000fc: 4b16 ldr r3, [pc, #88] ; (8000158 ) + 80000fe: 685b ldr r3, [r3, #4] + 8000100: 07db lsls r3, r3, #31 + 8000102: d524 bpl.n 800014e + // REMINDERS: + // - cannot debug anything in boot loader w/ firewall enabled (no readback, no bkpt) + // - when RDP=2, this protection still important or else python can read pairing secret + // - in factory mode (RDP!=2), it's nice to have this disabled so we can debug still + // - could look at RDP level here, but it would be harder to completely reset the bag number! + if(check_all_ones_raw(rom_secrets->bag_number, sizeof(rom_secrets->bag_number))) { + 8000104: 4815 ldr r0, [pc, #84] ; (800015c ) + 8000106: 2120 movs r1, #32 + 8000108: f002 fa9e bl 8002648 + 800010c: b9f8 cbnz r0, 800014e + // for debug builds, never enable firewall + return; +#endif + + extern int firewall_starts; // see startup.S ... aligned@256 (0x08000300) + uint32_t start = (uint32_t)&firewall_starts; + 800010e: 4b14 ldr r3, [pc, #80] ; (8000160 ) + uint32_t len = BL_FLASH_SIZE - (start - BL_FLASH_BASE); + 8000110: 4a14 ldr r2, [pc, #80] ; (8000164 ) + // but sensitive stuff is still there (which would allow bypass) + // - so it's important to enable option bytes to set write-protect flash of entire bootloader + // - to disable debug and complete protection, must enable write-protect "level 2" (RDP=2) + // + + FIREWALL_InitTypeDef init = { + 8000112: 9302 str r3, [sp, #8] + uint32_t len = BL_FLASH_SIZE - (start - BL_FLASH_BASE); + 8000114: 1ad3 subs r3, r2, r3 + FIREWALL_InitTypeDef init = { + 8000116: e9cd 3203 strd r3, r2, [sp, #12] + 800011a: f44f 4380 mov.w r3, #16384 ; 0x4000 + 800011e: e9cd 3005 strd r3, r0, [sp, #20] + 8000122: e9cd 0007 strd r0, r0, [sp, #28] + 8000126: 9009 str r0, [sp, #36] ; 0x24 + .VDataSegmentLength = 0, + .VolatileDataExecution = 0, + .VolatileDataShared = 0, + }; + + int rv = HAL_FIREWALL_Config((FIREWALL_InitTypeDef *)&init); + 8000128: a802 add r0, sp, #8 + 800012a: f000 f821 bl 8000170 + if(rv) { + 800012e: b110 cbz r0, 8000136 + INCONSISTENT("fw"); + 8000130: 480d ldr r0, [pc, #52] ; (8000168 ) + 8000132: f000 fc77 bl 8000a24 + } + + __HAL_FIREWALL_PREARM_DISABLE(); + 8000136: 4b0d ldr r3, [pc, #52] ; (800016c ) + 8000138: 6a1a ldr r2, [r3, #32] + 800013a: f022 0201 bic.w r2, r2, #1 + 800013e: 621a str r2, [r3, #32] + 8000140: 6a1b ldr r3, [r3, #32] + 8000142: f003 0301 and.w r3, r3, #1 + 8000146: 9301 str r3, [sp, #4] + 8000148: 9b01 ldr r3, [sp, #4] + HAL_FIREWALL_EnableFirewall(); + 800014a: f000 f88b bl 8000264 +} + 800014e: b00b add sp, #44 ; 0x2c + 8000150: f85d fb04 ldr.w pc, [sp], #4 + 8000154: 40021000 .word 0x40021000 + 8000158: 40010000 .word 0x40010000 + 800015c: 0801c050 .word 0x0801c050 + 8000160: 08000300 .word 0x08000300 + 8000164: 0801c000 .word 0x0801c000 + 8000168: 0800d688 .word 0x0800d688 + 800016c: 40011c00 .word 0x40011c00 + +08000170 : + * @param fw_init: Firewall initialization structure + * @note The API returns HAL_ERROR if the Firewall is already enabled. + * @retval HAL status + */ +HAL_StatusTypeDef HAL_FIREWALL_Config(FIREWALL_InitTypeDef * fw_init) +{ + 8000170: b573 push {r0, r1, r4, r5, r6, lr} + /* Check the Firewall initialization structure allocation */ + if(fw_init == NULL) + 8000172: b910 cbnz r0, 800017a + { + return HAL_ERROR; + 8000174: 2001 movs r0, #1 + /* Set Firewall Configuration Register VDE and VDS bits + (volatile data execution and shared configuration) */ + MODIFY_REG(FIREWALL->CR, FW_CR_VDS|FW_CR_VDE, fw_init->VolatileDataExecution|fw_init->VolatileDataShared); + + return HAL_OK; +} + 8000176: b002 add sp, #8 + 8000178: bd70 pop {r4, r5, r6, pc} + __HAL_RCC_FIREWALL_CLK_ENABLE(); + 800017a: 4b19 ldr r3, [pc, #100] ; (80001e0 ) + 800017c: 6e1a ldr r2, [r3, #96] ; 0x60 + 800017e: f042 0280 orr.w r2, r2, #128 ; 0x80 + 8000182: 661a str r2, [r3, #96] ; 0x60 + 8000184: 6e1b ldr r3, [r3, #96] ; 0x60 + 8000186: f003 0380 and.w r3, r3, #128 ; 0x80 + 800018a: 9301 str r3, [sp, #4] + 800018c: 9b01 ldr r3, [sp, #4] + if (__HAL_FIREWALL_IS_ENABLED() != RESET) + 800018e: 4b15 ldr r3, [pc, #84] ; (80001e4 ) + 8000190: 685b ldr r3, [r3, #4] + 8000192: 07db lsls r3, r3, #31 + 8000194: d5ee bpl.n 8000174 + if (fw_init->CodeSegmentLength != 0U) + 8000196: 6841 ldr r1, [r0, #4] + if (fw_init->NonVDataSegmentLength < 0x100U) + 8000198: 68c2 ldr r2, [r0, #12] + if (fw_init->CodeSegmentLength != 0U) + 800019a: b109 cbz r1, 80001a0 + if (fw_init->NonVDataSegmentLength < 0x100U) + 800019c: 2aff cmp r2, #255 ; 0xff + 800019e: d9e9 bls.n 8000174 + WRITE_REG(FIREWALL->CSSA, (FW_CSSA_ADD & fw_init->CodeSegmentStartAddress)); + 80001a0: 6803 ldr r3, [r0, #0] + 80001a2: 4e11 ldr r6, [pc, #68] ; (80001e8 ) + if (fw_init->VDataSegmentLength != 0U) + 80001a4: 6944 ldr r4, [r0, #20] + WRITE_REG(FIREWALL->CSSA, (FW_CSSA_ADD & fw_init->CodeSegmentStartAddress)); + 80001a6: ea03 0506 and.w r5, r3, r6 + 80001aa: 4b10 ldr r3, [pc, #64] ; (80001ec ) + 80001ac: 601d str r5, [r3, #0] + WRITE_REG(FIREWALL->CSL, (FW_CSL_LENG & fw_init->CodeSegmentLength)); + 80001ae: 4d10 ldr r5, [pc, #64] ; (80001f0 ) + 80001b0: 4029 ands r1, r5 + 80001b2: 6059 str r1, [r3, #4] + WRITE_REG(FIREWALL->NVDSSA, (FW_NVDSSA_ADD & fw_init->NonVDataSegmentStartAddress)); + 80001b4: 6881 ldr r1, [r0, #8] + WRITE_REG(FIREWALL->NVDSL, (FW_NVDSL_LENG & fw_init->NonVDataSegmentLength)); + 80001b6: 402a ands r2, r5 + WRITE_REG(FIREWALL->NVDSSA, (FW_NVDSSA_ADD & fw_init->NonVDataSegmentStartAddress)); + 80001b8: 4031 ands r1, r6 + 80001ba: 6099 str r1, [r3, #8] + WRITE_REG(FIREWALL->NVDSL, (FW_NVDSL_LENG & fw_init->NonVDataSegmentLength)); + 80001bc: 60da str r2, [r3, #12] + WRITE_REG(FIREWALL->VDSSA, (FW_VDSSA_ADD & fw_init->VDataSegmentStartAddress)); + 80001be: 6901 ldr r1, [r0, #16] + 80001c0: 4a0c ldr r2, [pc, #48] ; (80001f4 ) + 80001c2: 4011 ands r1, r2 + WRITE_REG(FIREWALL->VDSL, (FW_VDSL_LENG & fw_init->VDataSegmentLength)); + 80001c4: 4022 ands r2, r4 + WRITE_REG(FIREWALL->VDSSA, (FW_VDSSA_ADD & fw_init->VDataSegmentStartAddress)); + 80001c6: 6119 str r1, [r3, #16] + WRITE_REG(FIREWALL->VDSL, (FW_VDSL_LENG & fw_init->VDataSegmentLength)); + 80001c8: 615a str r2, [r3, #20] + MODIFY_REG(FIREWALL->CR, FW_CR_VDS|FW_CR_VDE, fw_init->VolatileDataExecution|fw_init->VolatileDataShared); + 80001ca: e9d0 2006 ldrd r2, r0, [r0, #24] + 80001ce: 6a19 ldr r1, [r3, #32] + 80001d0: 4302 orrs r2, r0 + 80001d2: f021 0106 bic.w r1, r1, #6 + 80001d6: 430a orrs r2, r1 + 80001d8: 621a str r2, [r3, #32] + return HAL_OK; + 80001da: 2000 movs r0, #0 + 80001dc: e7cb b.n 8000176 + 80001de: bf00 nop + 80001e0: 40021000 .word 0x40021000 + 80001e4: 40010000 .word 0x40010000 + 80001e8: 00ffff00 .word 0x00ffff00 + 80001ec: 40011c00 .word 0x40011c00 + 80001f0: 003fff00 .word 0x003fff00 + 80001f4: 0003ffc0 .word 0x0003ffc0 + +080001f8 : +void HAL_FIREWALL_GetConfig(FIREWALL_InitTypeDef * fw_config) +{ + + /* Enable Firewall clock, in case no Firewall configuration has been carried + out up to this point */ + __HAL_RCC_FIREWALL_CLK_ENABLE(); + 80001f8: 4b15 ldr r3, [pc, #84] ; (8000250 ) + 80001fa: 6e1a ldr r2, [r3, #96] ; 0x60 +{ + 80001fc: b573 push {r0, r1, r4, r5, r6, lr} + __HAL_RCC_FIREWALL_CLK_ENABLE(); + 80001fe: f042 0280 orr.w r2, r2, #128 ; 0x80 + 8000202: 661a str r2, [r3, #96] ; 0x60 + 8000204: 6e1b ldr r3, [r3, #96] ; 0x60 + + /* Retrieve code segment protection setting */ + fw_config->CodeSegmentStartAddress = (READ_REG(FIREWALL->CSSA) & FW_CSSA_ADD); + 8000206: 4e13 ldr r6, [pc, #76] ; (8000254 ) + fw_config->CodeSegmentLength = (READ_REG(FIREWALL->CSL) & FW_CSL_LENG); + 8000208: 4d13 ldr r5, [pc, #76] ; (8000258 ) + __HAL_RCC_FIREWALL_CLK_ENABLE(); + 800020a: f003 0380 and.w r3, r3, #128 ; 0x80 + 800020e: 9301 str r3, [sp, #4] + 8000210: 9b01 ldr r3, [sp, #4] + fw_config->CodeSegmentStartAddress = (READ_REG(FIREWALL->CSSA) & FW_CSSA_ADD); + 8000212: 4b12 ldr r3, [pc, #72] ; (800025c ) + 8000214: 681a ldr r2, [r3, #0] + 8000216: 4032 ands r2, r6 + 8000218: 6002 str r2, [r0, #0] + fw_config->CodeSegmentLength = (READ_REG(FIREWALL->CSL) & FW_CSL_LENG); + 800021a: 685c ldr r4, [r3, #4] + 800021c: 402c ands r4, r5 + 800021e: 6044 str r4, [r0, #4] + + /* Retrieve non volatile data segment protection setting */ + fw_config->NonVDataSegmentStartAddress = (READ_REG(FIREWALL->NVDSSA) & FW_NVDSSA_ADD); + 8000220: 6899 ldr r1, [r3, #8] + fw_config->NonVDataSegmentLength = (READ_REG(FIREWALL->NVDSL) & FW_NVDSL_LENG); + + /* Retrieve volatile data segment protection setting */ + fw_config->VDataSegmentStartAddress = (READ_REG(FIREWALL->VDSSA) & FW_VDSSA_ADD); + 8000222: 4c0f ldr r4, [pc, #60] ; (8000260 ) + fw_config->NonVDataSegmentStartAddress = (READ_REG(FIREWALL->NVDSSA) & FW_NVDSSA_ADD); + 8000224: 4031 ands r1, r6 + 8000226: 6081 str r1, [r0, #8] + fw_config->NonVDataSegmentLength = (READ_REG(FIREWALL->NVDSL) & FW_NVDSL_LENG); + 8000228: 68da ldr r2, [r3, #12] + 800022a: 402a ands r2, r5 + 800022c: 60c2 str r2, [r0, #12] + fw_config->VDataSegmentStartAddress = (READ_REG(FIREWALL->VDSSA) & FW_VDSSA_ADD); + 800022e: 6919 ldr r1, [r3, #16] + 8000230: 4021 ands r1, r4 + 8000232: 6101 str r1, [r0, #16] + fw_config->VDataSegmentLength = (READ_REG(FIREWALL->VDSL) & FW_VDSL_LENG); + 8000234: 695a ldr r2, [r3, #20] + 8000236: 4022 ands r2, r4 + 8000238: 6142 str r2, [r0, #20] + + /* Retrieve volatile data execution setting */ + fw_config->VolatileDataExecution = (READ_REG(FIREWALL->CR) & FW_CR_VDE); + 800023a: 6a1a ldr r2, [r3, #32] + 800023c: f002 0204 and.w r2, r2, #4 + 8000240: 6182 str r2, [r0, #24] + + /* Retrieve volatile data shared setting */ + fw_config->VolatileDataShared = (READ_REG(FIREWALL->CR) & FW_CR_VDS); + 8000242: 6a1b ldr r3, [r3, #32] + 8000244: f003 0302 and.w r3, r3, #2 + 8000248: 61c3 str r3, [r0, #28] + + return; +} + 800024a: b002 add sp, #8 + 800024c: bd70 pop {r4, r5, r6, pc} + 800024e: bf00 nop + 8000250: 40021000 .word 0x40021000 + 8000254: 00ffff00 .word 0x00ffff00 + 8000258: 003fff00 .word 0x003fff00 + 800025c: 40011c00 .word 0x40011c00 + 8000260: 0003ffc0 .word 0x0003ffc0 + +08000264 : + * @retval None + */ +void HAL_FIREWALL_EnableFirewall(void) +{ + /* Clears FWDIS bit of SYSCFG CFGR1 register */ + CLEAR_BIT(SYSCFG->CFGR1, SYSCFG_CFGR1_FWDIS); + 8000264: 4a02 ldr r2, [pc, #8] ; (8000270 ) + 8000266: 6853 ldr r3, [r2, #4] + 8000268: f023 0301 bic.w r3, r3, #1 + 800026c: 6053 str r3, [r2, #4] + +} + 800026e: 4770 bx lr + 8000270: 40010000 .word 0x40010000 + +08000274 : + * @retval None + */ +void HAL_FIREWALL_EnablePreArmFlag(void) +{ + /* Set FPA bit */ + SET_BIT(FIREWALL->CR, FW_CR_FPA); + 8000274: 4a02 ldr r2, [pc, #8] ; (8000280 ) + 8000276: 6a13 ldr r3, [r2, #32] + 8000278: f043 0301 orr.w r3, r3, #1 + 800027c: 6213 str r3, [r2, #32] +} + 800027e: 4770 bx lr + 8000280: 40011c00 .word 0x40011c00 + +08000284 : + * @retval None + */ +void HAL_FIREWALL_DisablePreArmFlag(void) +{ + /* Clear FPA bit */ + CLEAR_BIT(FIREWALL->CR, FW_CR_FPA); + 8000284: 4a02 ldr r2, [pc, #8] ; (8000290 ) + 8000286: 6a13 ldr r3, [r2, #32] + 8000288: f023 0301 bic.w r3, r3, #1 + 800028c: 6213 str r3, [r2, #32] +} + 800028e: 4770 bx lr + 8000290: 40011c00 .word 0x40011c00 + ... + +08000300 <_firewall_start>: + 8000300: 0f193a11 .word 0x0f193a11 + +08000304 : + 8000304: f24e 0900 movw r9, #57344 ; 0xe000 + 8000308: f2c2 0909 movt r9, #8201 ; 0x2009 + 800030c: f44f 5a00 mov.w sl, #8192 ; 0x2000 + 8000310: 44ca add sl, r9 + +08000312 : + 8000312: f849 ab04 str.w sl, [r9], #4 + 8000316: 45d1 cmp r9, sl + 8000318: d1fb bne.n 8000312 + 800031a: 46ea mov sl, sp + 800031c: 46cd mov sp, r9 + 800031e: e92d 4400 stmdb sp!, {sl, lr} + +08000322 : + 8000322: f000 f841 bl 80003a8 + 8000326: e8bd 4400 ldmia.w sp!, {sl, lr} + 800032a: 46d5 mov sp, sl + 800032c: f24e 0900 movw r9, #57344 ; 0xe000 + 8000330: f2c2 0909 movt r9, #8201 ; 0x2009 + 8000334: f44f 5a00 mov.w sl, #8192 ; 0x2000 + 8000338: 44ca add sl, r9 + +0800033a : + 800033a: f849 0b04 str.w r0, [r9], #4 + 800033e: 45d1 cmp r9, sl + 8000340: d1fb bne.n 800033a + 8000342: 4770 bx lr + +08000344 <__NVIC_SystemReset>: + \details Acts as a special kind of Data Memory Barrier. + It completes when all explicit memory accesses before this instruction complete. + */ +__STATIC_FORCEINLINE void __DSB(void) +{ + __ASM volatile ("dsb 0xF":::"memory"); + 8000344: f3bf 8f4f dsb sy +__NO_RETURN __STATIC_INLINE void __NVIC_SystemReset(void) +{ + __DSB(); /* Ensure all outstanding memory accesses included + buffered write are completed before reset */ + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 8000348: 4905 ldr r1, [pc, #20] ; (8000360 <__NVIC_SystemReset+0x1c>) + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 800034a: 4b06 ldr r3, [pc, #24] ; (8000364 <__NVIC_SystemReset+0x20>) + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 800034c: 68ca ldr r2, [r1, #12] + 800034e: f402 62e0 and.w r2, r2, #1792 ; 0x700 + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 8000352: 4313 orrs r3, r2 + 8000354: 60cb str r3, [r1, #12] + 8000356: f3bf 8f4f dsb sy + SCB_AIRCR_SYSRESETREQ_Msk ); /* Keep priority group unchanged */ + __DSB(); /* Ensure completion of memory access */ + + for(;;) /* wait until reset */ + { + __NOP(); + 800035a: bf00 nop + for(;;) /* wait until reset */ + 800035c: e7fd b.n 800035a <__NVIC_SystemReset+0x16> + 800035e: bf00 nop + 8000360: e000ed00 .word 0xe000ed00 + 8000364: 05fa0004 .word 0x05fa0004 + +08000368 : +good_addr(const uint8_t *b, int minlen, int len, bool readonly) +{ + uint32_t x = (uint32_t)b; + + if(minlen) { + if(!b) return EFAULT; // gave no buffer + 8000368: b198 cbz r0, 8000392 + if(len < minlen) return ERANGE; // too small + 800036a: 4291 cmp r1, r2 + 800036c: dc13 bgt.n 8000396 + } + + if((x >= SRAM1_BASE) && ((x+len) <= BL_SRAM_BASE)) { + 800036e: f1b0 5f00 cmp.w r0, #536870912 ; 0x20000000 + 8000372: d303 bcc.n 800037c + 8000374: 490b ldr r1, [pc, #44] ; (80003a4 ) + 8000376: 4402 add r2, r0 + 8000378: 428a cmp r2, r1 + 800037a: d90e bls.n 800039a + // ok: it's inside the SRAM areas, up to where we start + return 0; + } + + if(!readonly) { + 800037c: b17b cbz r3, 800039e + return EPERM; + } + + if((x >= FIRMWARE_START) && (x - FIRMWARE_START) < FW_MAX_LENGTH_MK4) { + 800037e: f100 4077 add.w r0, r0, #4143972352 ; 0xf7000000 + 8000382: f500 007e add.w r0, r0, #16646144 ; 0xfe0000 + // inside flash of main firmware (happens for QSTR's) + return 0; + } + + return EACCES; + 8000386: f5b0 1ff0 cmp.w r0, #1966080 ; 0x1e0000 + 800038a: bf34 ite cc + 800038c: 2000 movcc r0, #0 + 800038e: 200d movcs r0, #13 + 8000390: 4770 bx lr + if(!b) return EFAULT; // gave no buffer + 8000392: 200e movs r0, #14 + 8000394: 4770 bx lr + if(len < minlen) return ERANGE; // too small + 8000396: 2022 movs r0, #34 ; 0x22 + 8000398: 4770 bx lr + return 0; + 800039a: 2000 movs r0, #0 + 800039c: 4770 bx lr + return EPERM; + 800039e: 2001 movs r0, #1 +} + 80003a0: 4770 bx lr + 80003a2: bf00 nop + 80003a4: 2009e000 .word 0x2009e000 + +080003a8 : +// + __attribute__ ((used)) + int +firewall_dispatch(int method_num, uint8_t *buf_io, int len_in, + uint32_t arg2, uint32_t incoming_sp, uint32_t incoming_lr) +{ + 80003a8: b570 push {r4, r5, r6, lr} + 80003aa: b09e sub sp, #120 ; 0x78 + 80003ac: 460d mov r5, r1 + 80003ae: 9c23 ldr r4, [sp, #140] ; 0x8c + 80003b0: 9301 str r3, [sp, #4] + __ASM volatile ("cpsid i" : : : "memory"); + 80003b2: b672 cpsid i + // in case the caller didn't already, but would just lead to a crash anyway + __disable_irq(); + + // "1=any code executed outside the protected segment will close the Firewall" + // "0=.. will reset the processor" + __HAL_FIREWALL_PREARM_DISABLE(); + 80003b4: 4bae ldr r3, [pc, #696] ; (8000670 ) + 80003b6: 6a19 ldr r1, [r3, #32] + 80003b8: f021 0101 bic.w r1, r1, #1 + 80003bc: 6219 str r1, [r3, #32] + 80003be: 6a1b ldr r3, [r3, #32] + 80003c0: f003 0301 and.w r3, r3, #1 + 80003c4: 9302 str r3, [sp, #8] + // using read/write in place. + // - use arg2 use when a simple number is needed; never a pointer! + // - mpy may provide a pointer to flash if we give it a qstr or small value, and if + // we're reading only, that's fine. + + if(len_in > 1024) { // arbitrary max, increase as needed + 80003c6: f5b2 6f80 cmp.w r2, #1024 ; 0x400 + __HAL_FIREWALL_PREARM_DISABLE(); + 80003ca: 9b02 ldr r3, [sp, #8] + if(len_in > 1024) { // arbitrary max, increase as needed + 80003cc: f300 82e2 bgt.w 8000994 + + // Use these macros +#define REQUIRE_IN_ONLY(x) if((rv = good_addr(buf_io, (x), len_in, true))) { goto fail; } +#define REQUIRE_OUT(x) if((rv = good_addr(buf_io, (x), len_in, false))) { goto fail; } + + switch(method_num) { + 80003d0: 3001 adds r0, #1 + 80003d2: 281b cmp r0, #27 + 80003d4: f200 81b5 bhi.w 8000742 + 80003d8: e8df f010 tbh [pc, r0, lsl #1] + 80003dc: 001c02ea .word 0x001c02ea + 80003e0: 007f0033 .word 0x007f0033 + 80003e4: 00d000bc .word 0x00d000bc + 80003e8: 01f200f1 .word 0x01f200f1 + 80003ec: 01b301b3 .word 0x01b301b3 + 80003f0: 01b301b3 .word 0x01b301b3 + 80003f4: 00f901b3 .word 0x00f901b3 + 80003f8: 01b301b3 .word 0x01b301b3 + 80003fc: 01230104 .word 0x01230104 + 8000400: 01660136 .word 0x01660136 + 8000404: 01f601aa .word 0x01f601aa + 8000408: 025e0205 .word 0x025e0205 + 800040c: 02b602a1 .word 0x02b602a1 + 8000410: 02ce02be .word 0x02ce02be + case 0: { + REQUIRE_OUT(64); + 8000414: 2300 movs r3, #0 + 8000416: 2140 movs r1, #64 ; 0x40 + 8000418: 4628 mov r0, r5 + 800041a: 9200 str r2, [sp, #0] + 800041c: f7ff ffa4 bl 8000368 + 8000420: 4604 mov r4, r0 + 8000422: bb48 cbnz r0, 8000478 + + // Return my version string + memset(buf_io, 0, len_in); + 8000424: 4601 mov r1, r0 + 8000426: 9a00 ldr r2, [sp, #0] + 8000428: 4628 mov r0, r5 + 800042a: f00d f8f1 bl 800d610 + strlcpy((char *)buf_io, version_string, len_in); + 800042e: 9a00 ldr r2, [sp, #0] + 8000430: 4990 ldr r1, [pc, #576] ; (8000674 ) + 8000432: 4628 mov r0, r5 + 8000434: f00d f902 bl 800d63c + + rv = strlen(version_string); + 8000438: 488e ldr r0, [pc, #568] ; (8000674 ) + 800043a: f00d f914 bl 800d666 + ae_setup(); + ae_keep_alive(); + switch(arg2) { + default: + case 0: // read state + rv = ae_get_gpio(); + 800043e: 4604 mov r4, r0 + break; + 8000440: e01a b.n 8000478 + REQUIRE_OUT(32); + 8000442: 2300 movs r3, #0 + 8000444: 2120 movs r1, #32 + 8000446: 4628 mov r0, r5 + 8000448: f7ff ff8e bl 8000368 + 800044c: 4604 mov r4, r0 + 800044e: b998 cbnz r0, 8000478 + sha256_init(&ctx); + 8000450: a80b add r0, sp, #44 ; 0x2c + 8000452: f005 f805 bl 8005460 + sha256_update(&ctx, (void *)&arg2, 4); + 8000456: 2204 movs r2, #4 + 8000458: eb0d 0102 add.w r1, sp, r2 + 800045c: a80b add r0, sp, #44 ; 0x2c + 800045e: f005 f80d bl 800547c + sha256_update(&ctx, (void *)BL_FLASH_BASE, BL_FLASH_SIZE); + 8000462: f04f 6100 mov.w r1, #134217728 ; 0x8000000 + 8000466: a80b add r0, sp, #44 ; 0x2c + 8000468: f44f 32e0 mov.w r2, #114688 ; 0x1c000 + 800046c: f005 f806 bl 800547c + sha256_final(&ctx, buf_io); + 8000470: 4629 mov r1, r5 + 8000472: a80b add r0, sp, #44 ; 0x2c + 8000474: f005 f848 bl 8005508 + +fail: + + // Precaution: we don't want to leave ATECC508A authorized for any specific keys, + // perhaps due to an error path we didn't see. Always reset the chip. + ae_reset_chip(); + 8000478: f002 fa86 bl 8002988 + + // Unlikely it matters, but clear flash memory cache. + __HAL_FLASH_DATA_CACHE_DISABLE(); + 800047c: 4b7e ldr r3, [pc, #504] ; (8000678 ) + 800047e: 681a ldr r2, [r3, #0] + 8000480: f422 6280 bic.w r2, r2, #1024 ; 0x400 + 8000484: 601a str r2, [r3, #0] + __HAL_FLASH_DATA_CACHE_RESET(); + 8000486: 681a ldr r2, [r3, #0] + 8000488: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 800048c: 601a str r2, [r3, #0] + 800048e: 681a ldr r2, [r3, #0] + 8000490: f422 5280 bic.w r2, r2, #4096 ; 0x1000 + 8000494: 601a str r2, [r3, #0] + __HAL_FLASH_DATA_CACHE_ENABLE(); + 8000496: 681a ldr r2, [r3, #0] + 8000498: f442 6280 orr.w r2, r2, #1024 ; 0x400 + 800049c: 601a str r2, [r3, #0] + + // .. and instruction memory (flash cache too?) + __HAL_FLASH_INSTRUCTION_CACHE_DISABLE(); + 800049e: 681a ldr r2, [r3, #0] + 80004a0: f422 7200 bic.w r2, r2, #512 ; 0x200 + 80004a4: 601a str r2, [r3, #0] + __HAL_FLASH_INSTRUCTION_CACHE_RESET(); + 80004a6: 681a ldr r2, [r3, #0] + 80004a8: f442 6200 orr.w r2, r2, #2048 ; 0x800 + 80004ac: 601a str r2, [r3, #0] + 80004ae: 681a ldr r2, [r3, #0] + 80004b0: f422 6200 bic.w r2, r2, #2048 ; 0x800 + 80004b4: 601a str r2, [r3, #0] + __HAL_FLASH_INSTRUCTION_CACHE_ENABLE(); + 80004b6: 681a ldr r2, [r3, #0] + 80004b8: f442 7200 orr.w r2, r2, #512 ; 0x200 + 80004bc: 601a str r2, [r3, #0] + + + // authorize return from firewall into user's code + __HAL_FIREWALL_PREARM_ENABLE(); + 80004be: f5a3 3382 sub.w r3, r3, #66560 ; 0x10400 + + return rv; +} + 80004c2: 4620 mov r0, r4 + __HAL_FIREWALL_PREARM_ENABLE(); + 80004c4: 6a1a ldr r2, [r3, #32] + 80004c6: f042 0201 orr.w r2, r2, #1 + 80004ca: 621a str r2, [r3, #32] + 80004cc: 6a1b ldr r3, [r3, #32] + 80004ce: f003 0301 and.w r3, r3, #1 + 80004d2: 930b str r3, [sp, #44] ; 0x2c + 80004d4: 9b0b ldr r3, [sp, #44] ; 0x2c +} + 80004d6: b01e add sp, #120 ; 0x78 + 80004d8: bd70 pop {r4, r5, r6, pc} +// Write bag number (probably a string) +void flash_save_bag_number(const uint8_t new_number[32]); + +// Are we operating in level2? +static inline bool flash_is_security_level2(void) { + rng_delay(); + 80004da: f002 f93f bl 800275c + return ((FLASH->OPTR & FLASH_OPTR_RDP_Msk) == 0xCC); + 80004de: 4b66 ldr r3, [pc, #408] ; (8000678 ) + 80004e0: 6a1b ldr r3, [r3, #32] + 80004e2: b2db uxtb r3, r3 + 80004e4: f1a3 02cc sub.w r2, r3, #204 ; 0xcc + 80004e8: 4255 negs r5, r2 + 80004ea: 4155 adcs r5, r2 + switch(arg2) { + 80004ec: 9a01 ldr r2, [sp, #4] + 80004ee: 2a02 cmp r2, #2 + 80004f0: d01c beq.n 800052c + 80004f2: 2a03 cmp r2, #3 + 80004f4: d01f beq.n 8000536 + 80004f6: 2a01 cmp r2, #1 + 80004f8: d013 beq.n 8000522 + if(secure) { + 80004fa: 2bcc cmp r3, #204 ; 0xcc + 80004fc: f000 8216 beq.w 800092c + puts("Die: DFU"); + 8000500: 485e ldr r0, [pc, #376] ; (800067c ) + scr = screen_upgrading; // was screen_dfu, but limited audience + 8000502: 4c5f ldr r4, [pc, #380] ; (8000680 ) + puts("Die: DFU"); + 8000504: f004 fc20 bl 8004d48 + bool secure = flash_is_security_level2(); + 8000508: 2500 movs r5, #0 + oled_setup(); + 800050a: f000 fbfb bl 8000d04 + oled_show(scr); + 800050e: 4620 mov r0, r4 + 8000510: f000 fc88 bl 8000e24 + wipe_all_sram(); + 8000514: f000 fa66 bl 80009e4 + psram_wipe(); + 8000518: f004 fd3e bl 8004f98 + if(secure) { + 800051c: b18d cbz r5, 8000542 + LOCKUP_FOREVER(); + 800051e: bf30 wfi + 8000520: e7fd b.n 800051e + puts("Die: Downgrade"); + 8000522: 4858 ldr r0, [pc, #352] ; (8000684 ) + scr = screen_downgrade; + 8000524: 4c58 ldr r4, [pc, #352] ; (8000688 ) + puts("Die: Downgrade"); + 8000526: f004 fc0f bl 8004d48 + break; + 800052a: e7ee b.n 800050a + puts("Die: Blankish"); + 800052c: 4857 ldr r0, [pc, #348] ; (800068c ) + scr = screen_blankish; + 800052e: 4c58 ldr r4, [pc, #352] ; (8000690 ) + puts("Die: Blankish"); + 8000530: f004 fc0a bl 8004d48 + break; + 8000534: e7e9 b.n 800050a + puts("Die: Brick"); + 8000536: 4857 ldr r0, [pc, #348] ; (8000694 ) + scr = screen_brick; + 8000538: 4c57 ldr r4, [pc, #348] ; (8000698 ) + puts("Die: Brick"); + 800053a: f004 fc05 bl 8004d48 + secure = true; // no point going into DFU, if even possible + 800053e: 2501 movs r5, #1 + break; + 8000540: e7e3 b.n 800050a + memcpy(dfu_flag->magic, REBOOT_TO_DFU, sizeof(dfu_flag->magic)); + 8000542: 4956 ldr r1, [pc, #344] ; (800069c ) + 8000544: 4a56 ldr r2, [pc, #344] ; (80006a0 ) + 8000546: 6808 ldr r0, [r1, #0] + 8000548: 6849 ldr r1, [r1, #4] + 800054a: 4613 mov r3, r2 + 800054c: c303 stmia r3!, {r0, r1} + dfu_flag->screen = scr; + 800054e: 6094 str r4, [r2, #8] + NVIC_SystemReset(); + 8000550: f7ff fef8 bl 8000344 <__NVIC_SystemReset> + switch(arg2) { + 8000554: 9b01 ldr r3, [sp, #4] + 8000556: f033 0302 bics.w r3, r3, #2 + 800055a: d102 bne.n 8000562 + oled_show(screen_logout); + 800055c: 4851 ldr r0, [pc, #324] ; (80006a4 ) + 800055e: f000 fc61 bl 8000e24 + wipe_all_sram(); + 8000562: f000 fa3f bl 80009e4 + psram_wipe(); + 8000566: f004 fd17 bl 8004f98 + if(arg2 == 2) { + 800056a: 9b01 ldr r3, [sp, #4] + 800056c: 2b02 cmp r3, #2 + 800056e: d103 bne.n 8000578 + delay_ms(100); + 8000570: 2064 movs r0, #100 ; 0x64 + 8000572: f003 f9b1 bl 80038d8 + 8000576: e7eb b.n 8000550 + LOCKUP_FOREVER() + 8000578: bf30 wfi + 800057a: e7fd b.n 8000578 + ae_setup(); + 800057c: f002 fa12 bl 80029a4 + ae_keep_alive(); + 8000580: f002 fa42 bl 8002a08 + switch(arg2) { + 8000584: 9b01 ldr r3, [sp, #4] + 8000586: 2b02 cmp r3, #2 + 8000588: d00a beq.n 80005a0 + 800058a: 2b03 cmp r3, #3 + 800058c: d00a beq.n 80005a4 + 800058e: 2b01 cmp r3, #1 + 8000590: d002 beq.n 8000598 + rv = ae_get_gpio(); + 8000592: f002 ffb7 bl 8003504 + 8000596: e752 b.n 800043e + rv = ae_set_gpio(0); + 8000598: 2000 movs r0, #0 + rv = ae_set_gpio(1); + 800059a: f002 ff85 bl 80034a8 + 800059e: e74e b.n 800043e + 80005a0: 2001 movs r0, #1 + 80005a2: e7fa b.n 800059a + checksum_flash(fw_digest, world_digest, 0); + 80005a4: 2200 movs r2, #0 + 80005a6: a90b add r1, sp, #44 ; 0x2c + 80005a8: a803 add r0, sp, #12 + 80005aa: f001 fa35 bl 8001a18 + rv = ae_set_gpio_secure(world_digest); + 80005ae: a80b add r0, sp, #44 ; 0x2c + 80005b0: f002 ff90 bl 80034d4 + 80005b4: 4604 mov r4, r0 + oled_show(screen_blankish); + 80005b6: 4836 ldr r0, [pc, #216] ; (8000690 ) + 80005b8: f000 fc34 bl 8000e24 + break; + 80005bc: e75c b.n 8000478 + ae_setup(); + 80005be: f002 f9f1 bl 80029a4 + rv = (ae_pair_unlock() != 0); + 80005c2: f002 fbe5 bl 8002d90 + 80005c6: 1e04 subs r4, r0, #0 + 80005c8: bf18 it ne + 80005ca: 2401 movne r4, #1 + break; + 80005cc: e754 b.n 8000478 + REQUIRE_OUT(1); + 80005ce: 2300 movs r3, #0 + 80005d0: 2101 movs r1, #1 + 80005d2: 4628 mov r0, r5 + 80005d4: f7ff fec8 bl 8000368 + 80005d8: 4604 mov r4, r0 + 80005da: 2800 cmp r0, #0 + 80005dc: f47f af4c bne.w 8000478 + buf_io[0] = 0; // NOT SUPPORTED on Mk4 + 80005e0: 7028 strb r0, [r5, #0] + break; + 80005e2: e749 b.n 8000478 + if(len_in != 4 && len_in != 32 && len_in != 72) { + 80005e4: 2a04 cmp r2, #4 + 80005e6: d004 beq.n 80005f2 + 80005e8: 2a20 cmp r2, #32 + 80005ea: d002 beq.n 80005f2 + 80005ec: 2a48 cmp r2, #72 ; 0x48 + 80005ee: f040 81d1 bne.w 8000994 + REQUIRE_OUT(4); + 80005f2: 2300 movs r3, #0 + 80005f4: 2104 movs r1, #4 + 80005f6: 4628 mov r0, r5 + 80005f8: 9200 str r2, [sp, #0] + 80005fa: f7ff feb5 bl 8000368 + 80005fe: 4604 mov r4, r0 + 8000600: 2800 cmp r0, #0 + 8000602: f47f af39 bne.w 8000478 + ae_setup(); + 8000606: f002 f9cd bl 80029a4 + if(ae_read_data_slot(arg2 & 0xf, buf_io, len_in)) { + 800060a: 9801 ldr r0, [sp, #4] + 800060c: 9a00 ldr r2, [sp, #0] + 800060e: 4629 mov r1, r5 + 8000610: f000 000f and.w r0, r0, #15 + 8000614: f002 ff02 bl 800341c + if(rv) { + 8000618: 2800 cmp r0, #0 + 800061a: f000 80d1 beq.w 80007c0 + rv = EIO; + 800061e: 2405 movs r4, #5 + 8000620: e72a b.n 8000478 + REQUIRE_OUT(MAX_PIN_LEN); + 8000622: 2300 movs r3, #0 + 8000624: 2120 movs r1, #32 + 8000626: 4628 mov r0, r5 + 8000628: f7ff fe9e bl 8000368 + 800062c: 4604 mov r4, r0 + 800062e: 2800 cmp r0, #0 + 8000630: f47f af22 bne.w 8000478 + if((arg2 < 1) || (arg2 > MAX_PIN_LEN)) { + 8000634: 9901 ldr r1, [sp, #4] + 8000636: 1e4b subs r3, r1, #1 + 8000638: 2b1f cmp r3, #31 + 800063a: f200 81ab bhi.w 8000994 + if(pin_prefix_words((char *)buf_io, arg2, (uint32_t *)buf_io)) { + 800063e: 462a mov r2, r5 + 8000640: 4628 mov r0, r5 + 8000642: f003 fc4d bl 8003ee0 + 8000646: e7e7 b.n 8000618 + REQUIRE_OUT(32); + 8000648: 2300 movs r3, #0 + 800064a: 2120 movs r1, #32 + 800064c: 4628 mov r0, r5 + 800064e: f7ff fe8b bl 8000368 + 8000652: 4604 mov r4, r0 + 8000654: 2800 cmp r0, #0 + 8000656: f47f af0f bne.w 8000478 + memset(buf_io, 0x55, 32); // to help show errors + 800065a: 2220 movs r2, #32 + 800065c: 2155 movs r1, #85 ; 0x55 + 800065e: 4628 mov r0, r5 + 8000660: f00c ffd6 bl 800d610 + rng_buffer(buf_io, 32); + 8000664: 2120 movs r1, #32 + 8000666: 4628 mov r0, r5 + 8000668: f002 f862 bl 8002730 + break; + 800066c: e704 b.n 8000478 + 800066e: bf00 nop + 8000670: 40011c00 .word 0x40011c00 + 8000674: 0800e694 .word 0x0800e694 + 8000678: 40022000 .word 0x40022000 + 800067c: 0800d68e .word 0x0800d68e + 8000680: 0800e0ff .word 0x0800e0ff + 8000684: 0800d697 .word 0x0800d697 + 8000688: 0800d9ee .word 0x0800d9ee + 800068c: 0800d6a6 .word 0x0800d6a6 + 8000690: 0800d752 .word 0x0800d752 + 8000694: 0800d6b4 .word 0x0800d6b4 + 8000698: 0800d77f .word 0x0800d77f + 800069c: 0800d6bf .word 0x0800d6bf + 80006a0: 20008000 .word 0x20008000 + 80006a4: 0800db0a .word 0x0800db0a + REQUIRE_OUT(PIN_ATTEMPT_SIZE_V2); + 80006a8: 2300 movs r3, #0 + 80006aa: f44f 718c mov.w r1, #280 ; 0x118 + 80006ae: 4628 mov r0, r5 + 80006b0: 9200 str r2, [sp, #0] + 80006b2: f7ff fe59 bl 8000368 + 80006b6: 4604 mov r4, r0 + 80006b8: 2800 cmp r0, #0 + 80006ba: f47f aedd bne.w 8000478 + switch(arg2) { + 80006be: e9dd 2300 ldrd r2, r3, [sp] + 80006c2: 2b08 cmp r3, #8 + 80006c4: d83d bhi.n 8000742 + 80006c6: e8df f003 tbb [pc, r3] + 80006ca: 0905 .short 0x0905 + 80006cc: 1915110d .word 0x1915110d + 80006d0: 221d .short 0x221d + 80006d2: 26 .byte 0x26 + 80006d3: 00 .byte 0x00 + rv = pin_setup_attempt(args); + 80006d4: 4628 mov r0, r5 + 80006d6: f003 fc21 bl 8003f1c + 80006da: e6b0 b.n 800043e + rv = pin_delay(args); + 80006dc: 4628 mov r0, r5 + 80006de: f003 fc8b bl 8003ff8 + 80006e2: e6ac b.n 800043e + rv = pin_login_attempt(args); + 80006e4: 4628 mov r0, r5 + 80006e6: f003 fc89 bl 8003ffc + 80006ea: e6a8 b.n 800043e + rv = pin_change(args); + 80006ec: 4628 mov r0, r5 + 80006ee: f003 fd87 bl 8004200 + 80006f2: e6a4 b.n 800043e + rv = pin_fetch_secret(args); + 80006f4: 4628 mov r0, r5 + 80006f6: f003 fe3b bl 8004370 + 80006fa: e6a0 b.n 800043e + rv = pin_firmware_greenlight(args); + 80006fc: 4628 mov r0, r5 + 80006fe: f003 ffe1 bl 80046c4 + 8000702: e69c b.n 800043e + rv = pin_long_secret(args, NULL); + 8000704: 2100 movs r1, #0 + rv = pin_long_secret(args, &buf_io[PIN_ATTEMPT_SIZE_V2]); + 8000706: 4628 mov r0, r5 + 8000708: f003 ff1e bl 8004548 + 800070c: e697 b.n 800043e + rv = pin_firmware_upgrade(args); + 800070e: 4628 mov r0, r5 + 8000710: f004 f818 bl 8004744 + 8000714: e693 b.n 800043e + REQUIRE_OUT(PIN_ATTEMPT_SIZE_V2 + AE_LONG_SECRET_LEN); + 8000716: 2300 movs r3, #0 + 8000718: f44f 712e mov.w r1, #696 ; 0x2b8 + 800071c: 4628 mov r0, r5 + 800071e: f7ff fe23 bl 8000368 + 8000722: 4604 mov r4, r0 + 8000724: 2800 cmp r0, #0 + 8000726: f47f aea7 bne.w 8000478 + rv = pin_long_secret(args, &buf_io[PIN_ATTEMPT_SIZE_V2]); + 800072a: f505 718c add.w r1, r5, #280 ; 0x118 + 800072e: e7ea b.n 8000706 + switch(arg2) { + 8000730: 9b01 ldr r3, [sp, #4] + 8000732: 2b64 cmp r3, #100 ; 0x64 + 8000734: d041 beq.n 80007ba + 8000736: d806 bhi.n 8000746 + 8000738: 2b01 cmp r3, #1 + 800073a: d01e beq.n 800077a + 800073c: 2b02 cmp r3, #2 + 800073e: d028 beq.n 8000792 + 8000740: b13b cbz r3, 8000752 + 8000742: 2402 movs r4, #2 + 8000744: e698 b.n 8000478 + 8000746: 2b65 cmp r3, #101 ; 0x65 + 8000748: d03c beq.n 80007c4 + 800074a: 2b66 cmp r3, #102 ; 0x66 + 800074c: d1f9 bne.n 8000742 + flash_lockdown_hard(OB_RDP_LEVEL_2); // No change possible after this. + 800074e: 20cc movs r0, #204 ; 0xcc + 8000750: e034 b.n 80007bc + REQUIRE_OUT(32); + 8000752: 2120 movs r1, #32 + 8000754: 4628 mov r0, r5 + 8000756: f7ff fe07 bl 8000368 + 800075a: 4604 mov r4, r0 + 800075c: 2800 cmp r0, #0 + 800075e: f47f ae8b bne.w 8000478 + memcpy(buf_io, rom_secrets->bag_number, 32); + 8000762: 4a9a ldr r2, [pc, #616] ; (80009cc ) + 8000764: 4e9a ldr r6, [pc, #616] ; (80009d0 ) + 8000766: 4613 mov r3, r2 + 8000768: cb03 ldmia r3!, {r0, r1} + 800076a: 42b3 cmp r3, r6 + 800076c: 6028 str r0, [r5, #0] + 800076e: 6069 str r1, [r5, #4] + 8000770: 461a mov r2, r3 + 8000772: f105 0508 add.w r5, r5, #8 + 8000776: d1f6 bne.n 8000766 + 8000778: e67e b.n 8000478 + REQUIRE_IN_ONLY(32); + 800077a: 2120 movs r1, #32 + 800077c: 4628 mov r0, r5 + 800077e: f7ff fdf3 bl 8000368 + 8000782: 4604 mov r4, r0 + 8000784: 2800 cmp r0, #0 + 8000786: f47f ae77 bne.w 8000478 + flash_save_bag_number(buf_io); + 800078a: 4628 mov r0, r5 + 800078c: f001 fcea bl 8002164 + break; + 8000790: e672 b.n 8000478 + REQUIRE_OUT(1); + 8000792: 2300 movs r3, #0 + 8000794: 2101 movs r1, #1 + 8000796: 4628 mov r0, r5 + 8000798: f7ff fde6 bl 8000368 + 800079c: 4604 mov r4, r0 + 800079e: 2800 cmp r0, #0 + 80007a0: f47f ae6a bne.w 8000478 + rng_delay(); + 80007a4: f001 ffda bl 800275c + return ((FLASH->OPTR & FLASH_OPTR_RDP_Msk) == 0xCC); + 80007a8: 4b8a ldr r3, [pc, #552] ; (80009d4 ) + 80007aa: 6a1b ldr r3, [r3, #32] + 80007ac: b2db uxtb r3, r3 + buf_io[0] = (flash_is_security_level2() ? 2 : 0xff); + 80007ae: 2bcc cmp r3, #204 ; 0xcc + 80007b0: bf0c ite eq + 80007b2: 2302 moveq r3, #2 + 80007b4: 23ff movne r3, #255 ; 0xff + buf_io[0] = 8; + 80007b6: 702b strb r3, [r5, #0] + break; + 80007b8: e65e b.n 8000478 + flash_lockdown_hard(OB_RDP_LEVEL_0); // wipes contents of flash (1->0) + 80007ba: 20aa movs r0, #170 ; 0xaa + flash_lockdown_hard(OB_RDP_LEVEL_2); // No change possible after this. + 80007bc: f001 fdd4 bl 8002368 + int rv = 0; + 80007c0: 2400 movs r4, #0 + break; + 80007c2: e659 b.n 8000478 + flash_lockdown_hard(OB_RDP_LEVEL_1); // Can only do 0->1 (experiments) + 80007c4: 20bb movs r0, #187 ; 0xbb + 80007c6: e7f9 b.n 80007bc + REQUIRE_OUT(128); + 80007c8: 2300 movs r3, #0 + 80007ca: 2180 movs r1, #128 ; 0x80 + 80007cc: 4628 mov r0, r5 + 80007ce: f7ff fdcb bl 8000368 + 80007d2: 4604 mov r4, r0 + 80007d4: 2800 cmp r0, #0 + 80007d6: f47f ae4f bne.w 8000478 + ae_setup(); + 80007da: f002 f8e3 bl 80029a4 + rv = ae_config_read(buf_io); + 80007de: 4628 mov r0, r5 + 80007e0: f002 fee1 bl 80035a6 + 80007e4: e718 b.n 8000618 + switch(arg2) { + 80007e6: 9b01 ldr r3, [sp, #4] + 80007e8: 2b03 cmp r3, #3 + 80007ea: d8aa bhi.n 8000742 + 80007ec: e8df f003 tbb [pc, r3] + 80007f0: 441d0f02 .word 0x441d0f02 + REQUIRE_OUT(8); + 80007f4: 2300 movs r3, #0 + 80007f6: 2108 movs r1, #8 + 80007f8: 4628 mov r0, r5 + 80007fa: f7ff fdb5 bl 8000368 + 80007fe: 4604 mov r4, r0 + 8000800: 2800 cmp r0, #0 + 8000802: f47f ae39 bne.w 8000478 + get_min_version(buf_io); + 8000806: 4628 mov r0, r5 + 8000808: f001 f996 bl 8001b38 + break; + 800080c: e634 b.n 8000478 + REQUIRE_IN_ONLY(8); + 800080e: 2301 movs r3, #1 + 8000810: 2108 movs r1, #8 + 8000812: 4628 mov r0, r5 + 8000814: f7ff fda8 bl 8000368 + 8000818: 4604 mov r4, r0 + 800081a: 2800 cmp r0, #0 + 800081c: f47f ae2c bne.w 8000478 + rv = check_is_downgrade(buf_io, NULL); + 8000820: 4601 mov r1, r0 + 8000822: 4628 mov r0, r5 + 8000824: f001 f9a8 bl 8001b78 + 8000828: e609 b.n 800043e + REQUIRE_IN_ONLY(8); + 800082a: 2301 movs r3, #1 + 800082c: 2108 movs r1, #8 + 800082e: 4628 mov r0, r5 + 8000830: f7ff fd9a bl 8000368 + 8000834: 4604 mov r4, r0 + 8000836: 2800 cmp r0, #0 + 8000838: f47f ae1e bne.w 8000478 + if(buf_io[0] < 0x10 || buf_io[0] >= 0x40) { + 800083c: 782b ldrb r3, [r5, #0] + 800083e: 3b10 subs r3, #16 + rv = ERANGE; + 8000840: 2b2f cmp r3, #47 ; 0x2f + } if(check_is_downgrade(buf_io, NULL)) { + 8000842: 4601 mov r1, r0 + 8000844: 4628 mov r0, r5 + rv = ERANGE; + 8000846: bf88 it hi + 8000848: 2422 movhi r4, #34 ; 0x22 + } if(check_is_downgrade(buf_io, NULL)) { + 800084a: f001 f995 bl 8001b78 + 800084e: 2800 cmp r0, #0 + 8000850: f040 80ba bne.w 80009c8 + get_min_version(min); + 8000854: a80b add r0, sp, #44 ; 0x2c + 8000856: f001 f96f bl 8001b38 + if(memcmp(min, buf_io, 8) == 0) { + 800085a: 2208 movs r2, #8 + 800085c: 4629 mov r1, r5 + 800085e: a80b add r0, sp, #44 ; 0x2c + 8000860: f00c fe9e bl 800d5a0 + 8000864: 2800 cmp r0, #0 + 8000866: f000 80af beq.w 80009c8 + if(record_highwater_version(buf_io)) { + 800086a: 4628 mov r0, r5 + 800086c: f001 fd96 bl 800239c + rv = ENOMEM; + 8000870: 2800 cmp r0, #0 + 8000872: bf18 it ne + 8000874: 240c movne r4, #12 + 8000876: e5ff b.n 8000478 + REQUIRE_OUT(4); + 8000878: 2300 movs r3, #0 + 800087a: 2104 movs r1, #4 + 800087c: 4628 mov r0, r5 + 800087e: f7ff fd73 bl 8000368 + 8000882: 4604 mov r4, r0 + 8000884: 2800 cmp r0, #0 + 8000886: f47f adf7 bne.w 8000478 + ae_setup(); + 800088a: f002 f88b bl 80029a4 + rv = ae_get_counter((uint32_t *)buf_io, 0) ? EIO: 0; + 800088e: 4621 mov r1, r4 + 8000890: 4628 mov r0, r5 + 8000892: f002 fc78 bl 8003186 + 8000896: e6bf b.n 8000618 + REQUIRE_OUT(PIN_ATTEMPT_SIZE_V2 + sizeof(trick_slot_t)); + 8000898: 2300 movs r3, #0 + 800089a: f44f 71cc mov.w r1, #408 ; 0x198 + 800089e: 4628 mov r0, r5 + 80008a0: f7ff fd62 bl 8000368 + 80008a4: 4604 mov r4, r0 + 80008a6: 2800 cmp r0, #0 + 80008a8: f47f ade6 bne.w 8000478 + rv = pin_check_logged_in(args, &trick_mode); + 80008ac: a90b add r1, sp, #44 ; 0x2c + 80008ae: 4628 mov r0, r5 + 80008b0: f003 fc74 bl 800419c + if(rv) goto fail; + 80008b4: 4604 mov r4, r0 + 80008b6: 2800 cmp r0, #0 + 80008b8: f47f adde bne.w 8000478 + if(trick_mode) { + 80008bc: f89d 302c ldrb.w r3, [sp, #44] ; 0x2c + 80008c0: b10b cbz r3, 80008c6 + mcu_key_clear(NULL); + 80008c2: f001 fdb9 bl 8002438 + switch(arg2) { + 80008c6: 9b01 ldr r3, [sp, #4] + 80008c8: 2b01 cmp r3, #1 + trick_slot_t *slot = (trick_slot_t *)(&buf_io[PIN_ATTEMPT_SIZE_V2]); + 80008ca: f505 728c add.w r2, r5, #280 ; 0x118 + switch(arg2) { + 80008ce: d00c beq.n 80008ea + 80008d0: 2b02 cmp r3, #2 + 80008d2: d01b beq.n 800090c + 80008d4: 2b00 cmp r3, #0 + 80008d6: f47f af34 bne.w 8000742 + if(!trick_mode) { + 80008da: f89d 302c ldrb.w r3, [sp, #44] ; 0x2c + 80008de: 2b00 cmp r3, #0 + 80008e0: f47f adca bne.w 8000478 + se2_clear_tricks(); + 80008e4: f007 fa08 bl 8007cf8 + 80008e8: e5c6 b.n 8000478 + if(trick_mode) { + 80008ea: f89d 102c ldrb.w r1, [sp, #44] ; 0x2c + 80008ee: 2900 cmp r1, #0 + 80008f0: f47f af27 bne.w 8000742 + if(slot->pin_len > 16) { + 80008f4: f8d5 1170 ldr.w r1, [r5, #368] ; 0x170 + 80008f8: 2910 cmp r1, #16 + 80008fa: dc4b bgt.n 8000994 + if(se2_test_trick_pin(slot->pin, slot->pin_len, slot, true)) { + 80008fc: f505 70b0 add.w r0, r5, #352 ; 0x160 + 8000900: f007 fa60 bl 8007dc4 + 8000904: 2800 cmp r0, #0 + 8000906: f47f adb7 bne.w 8000478 + 800090a: e71a b.n 8000742 + if(!trick_mode) { + 800090c: f89d 302c ldrb.w r3, [sp, #44] ; 0x2c + 8000910: 2b00 cmp r3, #0 + 8000912: f47f adb1 bne.w 8000478 + rv = se2_save_trick(slot); + 8000916: 4610 mov r0, r2 + 8000918: f007 fb6c bl 8007ff4 + 800091c: e58f b.n 800043e + if(arg2 == 0xBeef) { + 800091e: 9b01 ldr r3, [sp, #4] + 8000920: f64b 62ef movw r2, #48879 ; 0xbeef + 8000924: 4293 cmp r3, r2 + 8000926: d103 bne.n 8000930 + fast_wipe(); + 8000928: f001 fe78 bl 800261c + rv = EPERM; + 800092c: 2401 movs r4, #1 + 800092e: e5a3 b.n 8000478 + } else if(arg2 == 0xDead) { + 8000930: f64d 62ad movw r2, #57005 ; 0xdead + 8000934: 4293 cmp r3, r2 + 8000936: d1f9 bne.n 800092c + mcu_key_clear(NULL); + 8000938: 2000 movs r0, #0 + 800093a: f001 fd7d bl 8002438 + oled_show(screen_wiped); + 800093e: 4826 ldr r0, [pc, #152] ; (80009d8 ) + 8000940: f000 fa70 bl 8000e24 + LOCKUP_FOREVER(); + 8000944: bf30 wfi + 8000946: e7fd b.n 8000944 + if(arg2 == 0xDead) fast_brick(); + 8000948: 9a01 ldr r2, [sp, #4] + 800094a: f64d 63ad movw r3, #57005 ; 0xdead + 800094e: 429a cmp r2, r3 + 8000950: d1ec bne.n 800092c + 8000952: f001 fe35 bl 80025c0 + 8000956: e7e9 b.n 800092c + REQUIRE_OUT(8); + 8000958: 2300 movs r3, #0 + 800095a: 2108 movs r1, #8 + 800095c: 4628 mov r0, r5 + 800095e: f7ff fd03 bl 8000368 + 8000962: 4604 mov r4, r0 + 8000964: 2800 cmp r0, #0 + 8000966: f47f ad87 bne.w 8000478 + mcu_key_usage(avail, consumed, total); + 800096a: f105 0208 add.w r2, r5, #8 + 800096e: 1d29 adds r1, r5, #4 + 8000970: 4628 mov r0, r5 + 8000972: f001 fd8f bl 8002494 + break; + 8000976: e57f b.n 8000478 + REQUIRE_OUT(33); + 8000978: 2300 movs r3, #0 + 800097a: 2121 movs r1, #33 ; 0x21 + 800097c: 4628 mov r0, r5 + 800097e: f7ff fcf3 bl 8000368 + 8000982: 4604 mov r4, r0 + 8000984: 2800 cmp r0, #0 + 8000986: f47f ad77 bne.w 8000478 + switch(arg2) { + 800098a: 9b01 ldr r3, [sp, #4] + 800098c: 2b01 cmp r3, #1 + 800098e: d003 beq.n 8000998 + 8000990: 2b02 cmp r3, #2 + 8000992: d008 beq.n 80009a6 + rv = ERANGE; + 8000994: 2422 movs r4, #34 ; 0x22 + 8000996: e56f b.n 8000478 + ae_setup(); + 8000998: f002 f804 bl 80029a4 + ae_secure_random(&buf_io[1]); + 800099c: 1c68 adds r0, r5, #1 + 800099e: f002 fb69 bl 8003074 + buf_io[0] = 32; + 80009a2: 2320 movs r3, #32 + 80009a4: e707 b.n 80007b6 + se2_read_rng(&buf_io[1]); + 80009a6: 1c68 adds r0, r5, #1 + 80009a8: f007 fd08 bl 80083bc + buf_io[0] = 8; + 80009ac: 2308 movs r3, #8 + 80009ae: e702 b.n 80007b6 + if(incoming_lr <= BL_FLASH_BASE || incoming_lr >= (uint32_t)&firewall_starts) { + 80009b0: f1b4 6f00 cmp.w r4, #134217728 ; 0x8000000 + 80009b4: d902 bls.n 80009bc + 80009b6: 4b09 ldr r3, [pc, #36] ; (80009dc ) + 80009b8: 429c cmp r4, r3 + 80009ba: d302 bcc.n 80009c2 + fatal_error("LR"); + 80009bc: 4808 ldr r0, [pc, #32] ; (80009e0 ) + 80009be: f000 f831 bl 8000a24 + system_startup(); + 80009c2: f000 f88d bl 8000ae0 + break; + 80009c6: e6fb b.n 80007c0 + rv = EAGAIN; + 80009c8: 240b movs r4, #11 + 80009ca: e555 b.n 8000478 + 80009cc: 0801c050 .word 0x0801c050 + 80009d0: 0801c070 .word 0x0801c070 + 80009d4: 40022000 .word 0x40022000 + 80009d8: 0800e284 .word 0x0800e284 + 80009dc: 08000300 .word 0x08000300 + 80009e0: 0800d6c8 .word 0x0800d6c8 + +080009e4 : +// + static inline void +memset4(uint32_t *dest, uint32_t value, uint32_t byte_len) +{ + for(; byte_len; byte_len-=4, dest++) { + *dest = value; + 80009e4: 4a0a ldr r2, [pc, #40] ; (8000a10 ) + for(; byte_len; byte_len-=4, dest++) { + 80009e6: 490b ldr r1, [pc, #44] ; (8000a14 ) + +// wipe_all_sram() +// + void +wipe_all_sram(void) +{ + 80009e8: f04f 5300 mov.w r3, #536870912 ; 0x20000000 + *dest = value; + 80009ec: f843 2b04 str.w r2, [r3], #4 + for(; byte_len; byte_len-=4, dest++) { + 80009f0: 428b cmp r3, r1 + 80009f2: d1fb bne.n 80009ec + 80009f4: 4908 ldr r1, [pc, #32] ; (8000a18 ) + 80009f6: f04f 5380 mov.w r3, #268435456 ; 0x10000000 + *dest = value; + 80009fa: f843 2b04 str.w r2, [r3], #4 + for(; byte_len; byte_len-=4, dest++) { + 80009fe: 428b cmp r3, r1 + 8000a00: d1fb bne.n 80009fa + 8000a02: 4b06 ldr r3, [pc, #24] ; (8000a1c ) + 8000a04: 4906 ldr r1, [pc, #24] ; (8000a20 ) + *dest = value; + 8000a06: f843 2b04 str.w r2, [r3], #4 + for(; byte_len; byte_len-=4, dest++) { + 8000a0a: 428b cmp r3, r1 + 8000a0c: d1fb bne.n 8000a06 + STATIC_ASSERT((SRAM3_BASE + SRAM3_SIZE) - BL_SRAM_BASE == 8192); + + memset4((void *)SRAM1_BASE, noise, SRAM1_SIZE_MAX); + memset4((void *)SRAM2_BASE, noise, SRAM2_SIZE); + memset4((void *)SRAM3_BASE, noise, SRAM3_SIZE - (BL_SRAM_BASE - SRAM3_BASE)); +} + 8000a0e: 4770 bx lr + 8000a10: deadbeef .word 0xdeadbeef + 8000a14: 20030000 .word 0x20030000 + 8000a18: 10010000 .word 0x10010000 + 8000a1c: 20040000 .word 0x20040000 + 8000a20: 20042000 .word 0x20042000 + +08000a24 : + +// fatal_error(const char *msg) +// + void __attribute__((noreturn)) +fatal_error(const char *msgvoid) +{ + 8000a24: b508 push {r3, lr} + oled_setup(); + 8000a26: f000 f96d bl 8000d04 + oled_show(screen_fatal); + 8000a2a: 4802 ldr r0, [pc, #8] ; (8000a34 ) + 8000a2c: f000 f9fa bl 8000e24 + BREAKPOINT; +#endif + + // Maybe should do a reset after a delay, like with + // the watchdog timer or something. + LOCKUP_FOREVER(); + 8000a30: bf30 wfi + 8000a32: e7fd b.n 8000a30 + 8000a34: 0800dac6 .word 0x0800dac6 + +08000a38 : + +// fatal_mitm() +// + void __attribute__((noreturn)) +fatal_mitm(void) +{ + 8000a38: b508 push {r3, lr} + oled_setup(); + 8000a3a: f000 f963 bl 8000d04 + oled_show(screen_mitm); + 8000a3e: 4803 ldr r0, [pc, #12] ; (8000a4c ) + 8000a40: f000 f9f0 bl 8000e24 + +#ifdef RELEASE + wipe_all_sram(); + 8000a44: f7ff ffce bl 80009e4 +#endif + + LOCKUP_FOREVER(); + 8000a48: bf30 wfi + 8000a4a: e7fd b.n 8000a48 + 8000a4c: 0800dbca .word 0x0800dbca + +08000a50 : + +// enter_dfu() +// + void __attribute__((noreturn)) +enter_dfu(void) +{ + 8000a50: b507 push {r0, r1, r2, lr} + puts("enter_dfu()"); + 8000a52: 481f ldr r0, [pc, #124] ; (8000ad0 ) + 8000a54: f004 f978 bl 8004d48 + + // clear the green light, if set + ae_setup(); + 8000a58: f001 ffa4 bl 80029a4 + ae_set_gpio(0); + 8000a5c: 2000 movs r0, #0 + 8000a5e: f002 fd23 bl 80034a8 + + // Reset huge parts of the chip + __HAL_RCC_APB1_FORCE_RESET(); + 8000a62: 4b1c ldr r3, [pc, #112] ; (8000ad4 ) + 8000a64: f04f 31ff mov.w r1, #4294967295 ; 0xffffffff + __HAL_RCC_APB1_RELEASE_RESET(); + 8000a68: 2200 movs r2, #0 + __HAL_RCC_APB1_FORCE_RESET(); + 8000a6a: 6399 str r1, [r3, #56] ; 0x38 + 8000a6c: 63d9 str r1, [r3, #60] ; 0x3c + __HAL_RCC_APB1_RELEASE_RESET(); + 8000a6e: 639a str r2, [r3, #56] ; 0x38 + 8000a70: 63da str r2, [r3, #60] ; 0x3c + + __HAL_RCC_APB2_FORCE_RESET(); + 8000a72: 6419 str r1, [r3, #64] ; 0x40 + __HAL_RCC_APB2_RELEASE_RESET(); + 8000a74: 641a str r2, [r3, #64] ; 0x40 + + __HAL_RCC_AHB1_FORCE_RESET(); + 8000a76: 6299 str r1, [r3, #40] ; 0x28 + __HAL_RCC_AHB1_RELEASE_RESET(); + 8000a78: 629a str r2, [r3, #40] ; 0x28 + // But not this; it borks things. + __HAL_RCC_AHB2_FORCE_RESET(); + __HAL_RCC_AHB2_RELEASE_RESET(); +#endif + + __HAL_RCC_AHB3_FORCE_RESET(); + 8000a7a: 6319 str r1, [r3, #48] ; 0x30 + __HAL_RCC_AHB3_RELEASE_RESET(); + 8000a7c: 631a str r2, [r3, #48] ; 0x30 + + __HAL_FIREWALL_PREARM_ENABLE(); + 8000a7e: f5a3 4374 sub.w r3, r3, #62464 ; 0xf400 + 8000a82: 6a1a ldr r2, [r3, #32] + 8000a84: f042 0201 orr.w r2, r2, #1 + 8000a88: 621a str r2, [r3, #32] + 8000a8a: 6a1b ldr r3, [r3, #32] + 8000a8c: f003 0301 and.w r3, r3, #1 + 8000a90: 9301 str r3, [sp, #4] + 8000a92: 9b01 ldr r3, [sp, #4] + + // Wipe all of memory SRAM, just in case + // there is some way to trick us into DFU + // after sensitive content in place. + wipe_all_sram(); + 8000a94: f7ff ffa6 bl 80009e4 + rng_delay(); + 8000a98: f001 fe60 bl 800275c + return ((FLASH->OPTR & FLASH_OPTR_RDP_Msk) == 0xCC); + 8000a9c: 4b0e ldr r3, [pc, #56] ; (8000ad8 ) + 8000a9e: 6a1b ldr r3, [r3, #32] + 8000aa0: b2db uxtb r3, r3 + + if(flash_is_security_level2()) { + 8000aa2: 2bcc cmp r3, #204 ; 0xcc + 8000aa4: d101 bne.n 8000aaa + // cannot do DFU in RDP=2, so just die. Helps to preserve screen + LOCKUP_FOREVER(); + 8000aa6: bf30 wfi + 8000aa8: e7fd b.n 8000aa6 + } + + // Reset clocks. + HAL_RCC_DeInit(); + 8000aaa: f007 fdc5 bl 8008638 + + // move system ROM into 0x0 + __HAL_SYSCFG_REMAPMEMORY_SYSTEMFLASH(); + 8000aae: 4a0b ldr r2, [pc, #44] ; (8000adc ) + 8000ab0: 6813 ldr r3, [r2, #0] + 8000ab2: f023 0307 bic.w r3, r3, #7 + 8000ab6: f043 0301 orr.w r3, r3, #1 + 8000aba: 6013 str r3, [r2, #0] + + // need this here?! + asm("nop; nop; nop; nop;"); + 8000abc: bf00 nop + 8000abe: bf00 nop + 8000ac0: bf00 nop + 8000ac2: bf00 nop + + // simulate a reset vector + __ASM volatile ("movs r0, #0\n" + 8000ac4: 2000 movs r0, #0 + 8000ac6: 6803 ldr r3, [r0, #0] + 8000ac8: f383 8808 msr MSP, r3 + 8000acc: 6843 ldr r3, [r0, #4] + 8000ace: 4798 blx r3 + "ldr r3, [r0, #4]\n" + "blx r3" + : : : "r0", "r3"); // also SP + + // NOT-REACHED. + __builtin_unreachable(); + 8000ad0: 0800d6cb .word 0x0800d6cb + 8000ad4: 40021000 .word 0x40021000 + 8000ad8: 40022000 .word 0x40022000 + 8000adc: 40010000 .word 0x40010000 + +08000ae0 : +{ + 8000ae0: b510 push {r4, lr} + system_init0(); + 8000ae2: f001 f987 bl 8001df4 + clocks_setup(); + 8000ae6: f001 f9a7 bl 8001e38 + rng_setup(); // needs to be super early + 8000aea: f001 fdf5 bl 80026d8 + rng_delay(); + 8000aee: f001 fe35 bl 800275c + if(!check_all_ones(rom_secrets->bag_number, sizeof(rom_secrets->bag_number)) + 8000af2: 4839 ldr r0, [pc, #228] ; (8000bd8 ) + 8000af4: 2120 movs r1, #32 + 8000af6: f001 fdb3 bl 8002660 + 8000afa: b948 cbnz r0, 8000b10 + rng_delay(); + 8000afc: f001 fe2e bl 800275c + return ((FLASH->OPTR & FLASH_OPTR_RDP_Msk) == 0xCC); + 8000b00: 4b36 ldr r3, [pc, #216] ; (8000bdc ) + 8000b02: 6a1b ldr r3, [r3, #32] + 8000b04: b2db uxtb r3, r3 + && !flash_is_security_level2() + 8000b06: 2bcc cmp r3, #204 ; 0xcc + 8000b08: d002 beq.n 8000b10 + flash_lockdown_hard(OB_RDP_LEVEL_2); + 8000b0a: 20cc movs r0, #204 ; 0xcc + 8000b0c: f001 fc2c bl 8002368 + gpio_setup(); + 8000b10: f002 fef2 bl 80038f8 + uint32_t reset_reason = RCC->CSR; + 8000b14: 4c32 ldr r4, [pc, #200] ; (8000be0 ) + console_setup(); + 8000b16: f004 f83d bl 8004b94 + puts2("\r\n\nMk4 Bootloader: "); + 8000b1a: 4832 ldr r0, [pc, #200] ; (8000be4 ) + 8000b1c: f004 f886 bl 8004c2c + puts(version_string); + 8000b20: 4831 ldr r0, [pc, #196] ; (8000be8 ) + 8000b22: f004 f911 bl 8004d48 + uint32_t reset_reason = RCC->CSR; + 8000b26: f8d4 3094 ldr.w r3, [r4, #148] ; 0x94 + if(reset_reason & RCC_CSR_FWRSTF) { + 8000b2a: 01db lsls r3, r3, #7 + 8000b2c: d502 bpl.n 8000b34 + puts(">FIREWALLED<"); + 8000b2e: 482f ldr r0, [pc, #188] ; (8000bec ) + 8000b30: f004 f90a bl 8004d48 + SET_BIT(RCC->CSR, RCC_CSR_RMVF); + 8000b34: f8d4 3094 ldr.w r3, [r4, #148] ; 0x94 + 8000b38: f443 0300 orr.w r3, r3, #8388608 ; 0x800000 + 8000b3c: f8c4 3094 str.w r3, [r4, #148] ; 0x94 + if(memcmp(dfu_flag->magic, REBOOT_TO_DFU, sizeof(dfu_flag->magic)) == 0) { + 8000b40: 4c2b ldr r4, [pc, #172] ; (8000bf0 ) + pin_setup0(); + 8000b42: f003 f937 bl 8003db4 + rng_delay(); + 8000b46: f001 fe09 bl 800275c + if(memcmp(dfu_flag->magic, REBOOT_TO_DFU, sizeof(dfu_flag->magic)) == 0) { + 8000b4a: 492a ldr r1, [pc, #168] ; (8000bf4 ) + 8000b4c: 2208 movs r2, #8 + 8000b4e: 4620 mov r0, r4 + 8000b50: f00c fd26 bl 800d5a0 + 8000b54: b938 cbnz r0, 8000b66 + dfu_flag->magic[0] = 0; + 8000b56: 7020 strb r0, [r4, #0] + oled_setup(); + 8000b58: f000 f8d4 bl 8000d04 + oled_show(dfu_flag->screen); + 8000b5c: 68a0 ldr r0, [r4, #8] + 8000b5e: f000 f961 bl 8000e24 + enter_dfu(); + 8000b62: f7ff ff75 bl 8000a50 + rng_delay(); + 8000b66: f001 fdf9 bl 800275c + oled_setup(); + 8000b6a: f000 f8cb bl 8000d04 + oled_show_progress(screen_verify, 0); + 8000b6e: 2100 movs r1, #0 + 8000b70: 4821 ldr r0, [pc, #132] ; (8000bf8 ) + 8000b72: f000 f999 bl 8000ea8 + wipe_all_sram(); + 8000b76: f7ff ff35 bl 80009e4 + ae_setup(); + 8000b7a: f001 ff13 bl 80029a4 + ae_set_gpio(0); // turn light red + 8000b7e: 2000 movs r0, #0 + 8000b80: f002 fc92 bl 80034a8 + se2_setup(); + 8000b84: f007 f872 bl 8007c6c + se2_probe(); + 8000b88: f006 fdf6 bl 8007778 + flash_setup(); + 8000b8c: f001 fb56 bl 800223c + psram_setup(); + 8000b90: f004 f912 bl 8004db8 + if(ae_pair_unlock() != 0) { + 8000b94: f002 f8fc bl 8002d90 + 8000b98: b138 cbz r0, 8000baa + oled_show(screen_brick); + 8000b9a: 4818 ldr r0, [pc, #96] ; (8000bfc ) + 8000b9c: f000 f942 bl 8000e24 + puts("pair-bricked"); + 8000ba0: 4817 ldr r0, [pc, #92] ; (8000c00 ) + 8000ba2: f004 f8d1 bl 8004d48 + LOCKUP_FOREVER(); + 8000ba6: bf30 wfi + 8000ba8: e7fd b.n 8000ba6 + puts2("Verify: "); + 8000baa: 4816 ldr r0, [pc, #88] ; (8000c04 ) + 8000bac: f004 f83e bl 8004c2c + bool main_ok = verify_firmware(); + 8000bb0: f001 f8a4 bl 8001cfc + if(main_ok) { + 8000bb4: b120 cbz r0, 8000bc0 +} + 8000bb6: e8bd 4010 ldmia.w sp!, {r4, lr} + oled_show(screen_blankish); + 8000bba: 4813 ldr r0, [pc, #76] ; (8000c08 ) + 8000bbc: f000 b932 b.w 8000e24 + psram_recover_firmware(); + 8000bc0: f004 fa68 bl 8005094 + rng_delay(); + 8000bc4: f001 fdca bl 800275c + return ((FLASH->OPTR & FLASH_OPTR_RDP_Msk) == 0xCC); + 8000bc8: 4b04 ldr r3, [pc, #16] ; (8000bdc ) + 8000bca: 6a1b ldr r3, [r3, #32] + 8000bcc: b2db uxtb r3, r3 + if(!flash_is_security_level2()) { + 8000bce: 2bcc cmp r3, #204 ; 0xcc + 8000bd0: d1c7 bne.n 8000b62 + while(1) sdcard_recovery(); + 8000bd2: f004 fc0b bl 80053ec + 8000bd6: e7fc b.n 8000bd2 + 8000bd8: 0801c050 .word 0x0801c050 + 8000bdc: 40022000 .word 0x40022000 + 8000be0: 40021000 .word 0x40021000 + 8000be4: 0800d6d7 .word 0x0800d6d7 + 8000be8: 0800e694 .word 0x0800e694 + 8000bec: 0800d6eb .word 0x0800d6eb + 8000bf0: 20008000 .word 0x20008000 + 8000bf4: 0800d6bf .word 0x0800d6bf + 8000bf8: 0800e1b6 .word 0x0800e1b6 + 8000bfc: 0800d77f .word 0x0800d77f + 8000c00: 0800d6f8 .word 0x0800d6f8 + 8000c04: 0800d705 .word 0x0800d705 + 8000c08: 0800d752 .word 0x0800d752 + +08000c0c : + static inline void +write_bytes(int len, const uint8_t *buf) +{ +#ifndef DISABLE_OLED + // send via SPI(1) + HAL_SPI_Transmit(&spi_port, (uint8_t *)buf, len, HAL_MAX_DELAY); + 8000c0c: b282 uxth r2, r0 + 8000c0e: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 8000c12: 4801 ldr r0, [pc, #4] ; (8000c18 ) + 8000c14: f000 bc06 b.w 8001424 + 8000c18: 2009e154 .word 0x2009e154 + +08000c1c : + +// oled_write_cmd() +// + void +oled_write_cmd(uint8_t cmd) +{ + 8000c1c: b507 push {r0, r1, r2, lr} + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000c1e: 2201 movs r2, #1 +{ + 8000c20: f88d 0007 strb.w r0, [sp, #7] + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000c24: 2110 movs r1, #16 + 8000c26: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000c2a: f000 fb5b bl 80012e4 + HAL_GPIO_WritePin(GPIOA, DC_PIN, 0); + 8000c2e: 2200 movs r2, #0 + 8000c30: f44f 7180 mov.w r1, #256 ; 0x100 + 8000c34: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000c38: f000 fb54 bl 80012e4 + HAL_GPIO_WritePin(GPIOA, CS_PIN, 0); + 8000c3c: 2200 movs r2, #0 + 8000c3e: 2110 movs r1, #16 + 8000c40: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000c44: f000 fb4e bl 80012e4 + + write_bytes(1, &cmd); + 8000c48: f10d 0107 add.w r1, sp, #7 + 8000c4c: 2001 movs r0, #1 + 8000c4e: f7ff ffdd bl 8000c0c + + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000c52: 2201 movs r2, #1 + 8000c54: 2110 movs r1, #16 + 8000c56: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000c5a: f000 fb43 bl 80012e4 +} + 8000c5e: b003 add sp, #12 + 8000c60: f85d fb04 ldr.w pc, [sp], #4 + +08000c64 : + +// oled_write_cmd_sequence() +// + void +oled_write_cmd_sequence(int len, const uint8_t *cmds) +{ + 8000c64: b570 push {r4, r5, r6, lr} + 8000c66: 4605 mov r5, r0 + 8000c68: 460e mov r6, r1 + for(int i=0; i + oled_write_cmd(cmds[i]); + } +} + 8000c70: bd70 pop {r4, r5, r6, pc} + oled_write_cmd(cmds[i]); + 8000c72: 5d30 ldrb r0, [r6, r4] + 8000c74: f7ff ffd2 bl 8000c1c + for(int i=0; i + +08000c7c : + +// oled_write_data() +// + void +oled_write_data(int len, const uint8_t *pixels) +{ + 8000c7c: b538 push {r3, r4, r5, lr} + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000c7e: 2201 movs r2, #1 +{ + 8000c80: 4604 mov r4, r0 + 8000c82: 460d mov r5, r1 + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000c84: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000c88: 2110 movs r1, #16 + 8000c8a: f000 fb2b bl 80012e4 + HAL_GPIO_WritePin(GPIOA, DC_PIN, 1); + 8000c8e: 2201 movs r2, #1 + 8000c90: f44f 7180 mov.w r1, #256 ; 0x100 + 8000c94: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000c98: f000 fb24 bl 80012e4 + HAL_GPIO_WritePin(GPIOA, CS_PIN, 0); + 8000c9c: 2200 movs r2, #0 + 8000c9e: 2110 movs r1, #16 + 8000ca0: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000ca4: f000 fb1e bl 80012e4 + + write_bytes(len, pixels); + 8000ca8: 4629 mov r1, r5 + 8000caa: 4620 mov r0, r4 + 8000cac: f7ff ffae bl 8000c0c + + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); +} + 8000cb0: e8bd 4038 ldmia.w sp!, {r3, r4, r5, lr} + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000cb4: 2201 movs r2, #1 + 8000cb6: 2110 movs r1, #16 + 8000cb8: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000cbc: f000 bb12 b.w 80012e4 + +08000cc0 : +// +// Just setup SPI, do not reset display, etc. +// + void +oled_spi_setup(void) +{ + 8000cc0: b538 push {r3, r4, r5, lr} +#ifndef DISABLE_OLED + // might already be setup + if(spi_port.Instance == SPI1) return; + 8000cc2: 4c0e ldr r4, [pc, #56] ; (8000cfc ) + 8000cc4: 4d0e ldr r5, [pc, #56] ; (8000d00 ) + 8000cc6: 6823 ldr r3, [r4, #0] + 8000cc8: 42ab cmp r3, r5 + 8000cca: d016 beq.n 8000cfa + + memset(&spi_port, 0, sizeof(spi_port)); + 8000ccc: f104 0008 add.w r0, r4, #8 + 8000cd0: 225c movs r2, #92 ; 0x5c + 8000cd2: 2100 movs r1, #0 + 8000cd4: f00c fc9c bl 800d610 + + spi_port.Instance = SPI1; + + // see SPI_InitTypeDef + spi_port.Init.Mode = SPI_MODE_MASTER; + 8000cd8: f44f 7382 mov.w r3, #260 ; 0x104 + 8000cdc: 6063 str r3, [r4, #4] + spi_port.Init.Direction = SPI_DIRECTION_2LINES; + spi_port.Init.DataSize = SPI_DATASIZE_8BIT; + 8000cde: f44f 63e0 mov.w r3, #1792 ; 0x700 + 8000ce2: 60e3 str r3, [r4, #12] + spi_port.Init.CLKPolarity = SPI_POLARITY_LOW; + spi_port.Init.CLKPhase = SPI_PHASE_1EDGE; + spi_port.Init.NSS = SPI_NSS_SOFT; + spi_port.Init.BaudRatePrescaler = SPI_BAUDRATEPRESCALER_16; // conservative + 8000ce4: f44f 7000 mov.w r0, #512 ; 0x200 + 8000ce8: 2318 movs r3, #24 + 8000cea: e9c4 0306 strd r0, r3, [r4, #24] + spi_port.Instance = SPI1; + 8000cee: 6025 str r5, [r4, #0] + spi_port.Init.FirstBit = SPI_FIRSTBIT_MSB; + spi_port.Init.TIMode = SPI_TIMODE_DISABLED; + spi_port.Init.CRCCalculation = SPI_CRCCALCULATION_DISABLED; + + HAL_SPI_Init(&spi_port); + 8000cf0: 4620 mov r0, r4 +#endif +} + 8000cf2: e8bd 4038 ldmia.w sp!, {r3, r4, r5, lr} + HAL_SPI_Init(&spi_port); + 8000cf6: f000 bb37 b.w 8001368 +} + 8000cfa: bd38 pop {r3, r4, r5, pc} + 8000cfc: 2009e154 .word 0x2009e154 + 8000d00: 40013000 .word 0x40013000 + +08000d04 : +// +// Ok to call this lots. +// + void +oled_setup(void) +{ + 8000d04: b530 push {r4, r5, lr} + puts("oled disabled");return; // disable so I can use MCO +#endif + + static uint32_t inited; + + if(inited == 0x238a572F) { + 8000d06: 4b2c ldr r3, [pc, #176] ; (8000db8 ) + 8000d08: 4a2c ldr r2, [pc, #176] ; (8000dbc ) + 8000d0a: 6819 ldr r1, [r3, #0] + 8000d0c: 4291 cmp r1, r2 +{ + 8000d0e: b089 sub sp, #36 ; 0x24 + if(inited == 0x238a572F) { + 8000d10: d050 beq.n 8000db4 + return; + } + inited = 0x238a572F; + 8000d12: 601a str r2, [r3, #0] + + // enable some internal clocks + __HAL_RCC_GPIOA_CLK_ENABLE(); + 8000d14: 4b2a ldr r3, [pc, #168] ; (8000dc0 ) + __HAL_RCC_SPI1_CLK_ENABLE(); + + // simple pins + GPIO_InitTypeDef setup = { + 8000d16: 4d2b ldr r5, [pc, #172] ; (8000dc4 ) + __HAL_RCC_GPIOA_CLK_ENABLE(); + 8000d18: 6cda ldr r2, [r3, #76] ; 0x4c + 8000d1a: f042 0201 orr.w r2, r2, #1 + 8000d1e: 64da str r2, [r3, #76] ; 0x4c + 8000d20: 6cda ldr r2, [r3, #76] ; 0x4c + 8000d22: f002 0201 and.w r2, r2, #1 + 8000d26: 9201 str r2, [sp, #4] + 8000d28: 9a01 ldr r2, [sp, #4] + __HAL_RCC_SPI1_CLK_ENABLE(); + 8000d2a: 6e1a ldr r2, [r3, #96] ; 0x60 + 8000d2c: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 8000d30: 661a str r2, [r3, #96] ; 0x60 + 8000d32: 6e1b ldr r3, [r3, #96] ; 0x60 + 8000d34: f403 5380 and.w r3, r3, #4096 ; 0x1000 + 8000d38: 9302 str r3, [sp, #8] + 8000d3a: 9b02 ldr r3, [sp, #8] + GPIO_InitTypeDef setup = { + 8000d3c: cd0f ldmia r5!, {r0, r1, r2, r3} + 8000d3e: ac03 add r4, sp, #12 + 8000d40: c40f stmia r4!, {r0, r1, r2, r3} + 8000d42: 682b ldr r3, [r5, #0] + 8000d44: 6023 str r3, [r4, #0] + .Mode = GPIO_MODE_OUTPUT_PP, + .Pull = GPIO_NOPULL, + .Speed = GPIO_SPEED_FREQ_MEDIUM, + .Alternate = 0, + }; + HAL_GPIO_Init(GPIOA, &setup); + 8000d46: a903 add r1, sp, #12 + 8000d48: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000d4c: f000 f950 bl 8000ff0 + + // starting values + HAL_GPIO_WritePin(GPIOA, RESET_PIN | CS_PIN | DC_PIN, 1); + 8000d50: 2201 movs r2, #1 + 8000d52: f44f 71a8 mov.w r1, #336 ; 0x150 + 8000d56: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000d5a: f000 fac3 bl 80012e4 + + // SPI pins + setup.Pin = SPI_SCK | SPI_MOSI; + setup.Mode = GPIO_MODE_AF_PP; + 8000d5e: 22a0 movs r2, #160 ; 0xa0 + 8000d60: 2302 movs r3, #2 + 8000d62: e9cd 2303 strd r2, r3, [sp, #12] + setup.Alternate = GPIO_AF5_SPI1; + HAL_GPIO_Init(GPIOA, &setup); + 8000d66: a903 add r1, sp, #12 + setup.Alternate = GPIO_AF5_SPI1; + 8000d68: 2305 movs r3, #5 + HAL_GPIO_Init(GPIOA, &setup); + 8000d6a: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + setup.Alternate = GPIO_AF5_SPI1; + 8000d6e: 9307 str r3, [sp, #28] + HAL_GPIO_Init(GPIOA, &setup); + 8000d70: f000 f93e bl 8000ff0 + + // lock the RESET pin so that St's DFU code doesn't clear screen + // it might be trying to use it a MISO signal for SPI loading + HAL_GPIO_LockPin(GPIOA, RESET_PIN | CS_PIN | DC_PIN); + 8000d74: f44f 71a8 mov.w r1, #336 ; 0x150 + 8000d78: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000d7c: f000 fabb bl 80012f6 + + // 10ms low-going pulse on reset pin + delay_ms(1); + 8000d80: 2001 movs r0, #1 + 8000d82: f002 fda9 bl 80038d8 + HAL_GPIO_WritePin(GPIOA, RESET_PIN, 0); + 8000d86: 2200 movs r2, #0 + 8000d88: 2140 movs r1, #64 ; 0x40 + 8000d8a: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000d8e: f000 faa9 bl 80012e4 + delay_ms(10); + 8000d92: 200a movs r0, #10 + 8000d94: f002 fda0 bl 80038d8 + HAL_GPIO_WritePin(GPIOA, RESET_PIN, 1); + 8000d98: 2201 movs r2, #1 + 8000d9a: 2140 movs r1, #64 ; 0x40 + 8000d9c: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000da0: f000 faa0 bl 80012e4 + + oled_spi_setup(); + 8000da4: f7ff ff8c bl 8000cc0 + // this code: + // '0x37c', '0x1700', '0x603' + //SPI1->CR1 = 0x354; + + // write a sequence to reset things + oled_write_cmd_sequence(sizeof(reset_commands), reset_commands); + 8000da8: 4907 ldr r1, [pc, #28] ; (8000dc8 ) + 8000daa: 2019 movs r0, #25 + 8000dac: f7ff ff5a bl 8000c64 + + rng_delay(); + 8000db0: f001 fcd4 bl 800275c +} + 8000db4: b009 add sp, #36 ; 0x24 + 8000db6: bd30 pop {r4, r5, pc} + 8000db8: 2009e150 .word 0x2009e150 + 8000dbc: 238a572f .word 0x238a572f + 8000dc0: 40021000 .word 0x40021000 + 8000dc4: 0800d710 .word 0x0800d710 + 8000dc8: 0800d733 .word 0x0800d733 + +08000dcc : +// +// No decompression. +// + void +oled_show_raw(uint32_t len, const uint8_t *pixels) +{ + 8000dcc: b538 push {r3, r4, r5, lr} + 8000dce: 4604 mov r4, r0 + 8000dd0: 460d mov r5, r1 + oled_setup(); + 8000dd2: f7ff ff97 bl 8000d04 + + oled_write_cmd_sequence(sizeof(before_show), before_show); + 8000dd6: 4912 ldr r1, [pc, #72] ; (8000e20 ) + 8000dd8: 2006 movs r0, #6 + 8000dda: f7ff ff43 bl 8000c64 + + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000dde: 2201 movs r2, #1 + 8000de0: 2110 movs r1, #16 + 8000de2: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000de6: f000 fa7d bl 80012e4 + HAL_GPIO_WritePin(GPIOA, DC_PIN, 1); + 8000dea: 2201 movs r2, #1 + 8000dec: f44f 7180 mov.w r1, #256 ; 0x100 + 8000df0: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000df4: f000 fa76 bl 80012e4 + HAL_GPIO_WritePin(GPIOA, CS_PIN, 0); + 8000df8: 2200 movs r2, #0 + 8000dfa: 2110 movs r1, #16 + 8000dfc: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000e00: f000 fa70 bl 80012e4 + + write_bytes(len, pixels); + 8000e04: 4629 mov r1, r5 + 8000e06: 4620 mov r0, r4 + 8000e08: f7ff ff00 bl 8000c0c + + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000e0c: 2201 movs r2, #1 + 8000e0e: 2110 movs r1, #16 + 8000e10: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000e14: f000 fa66 bl 80012e4 + rng_delay(); +} + 8000e18: e8bd 4038 ldmia.w sp!, {r3, r4, r5, lr} + rng_delay(); + 8000e1c: f001 bc9e b.w 800275c + 8000e20: 0800d72d .word 0x0800d72d + +08000e24 : +// +// Perform simple RLE decompression. +// + void +oled_show(const uint8_t *pixels) +{ + 8000e24: b530 push {r4, r5, lr} + 8000e26: b0a1 sub sp, #132 ; 0x84 + 8000e28: 4604 mov r4, r0 + oled_setup(); + 8000e2a: f7ff ff6b bl 8000d04 + + oled_write_cmd_sequence(sizeof(before_show), before_show); + 8000e2e: 491d ldr r1, [pc, #116] ; (8000ea4 ) + 8000e30: 2006 movs r0, #6 + 8000e32: f7ff ff17 bl 8000c64 + + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000e36: 2201 movs r2, #1 + 8000e38: 2110 movs r1, #16 + 8000e3a: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000e3e: f000 fa51 bl 80012e4 + HAL_GPIO_WritePin(GPIOA, DC_PIN, 1); + 8000e42: 2201 movs r2, #1 + 8000e44: f44f 7180 mov.w r1, #256 ; 0x100 + 8000e48: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000e4c: f000 fa4a bl 80012e4 + HAL_GPIO_WritePin(GPIOA, CS_PIN, 0); + 8000e50: 2200 movs r2, #0 + 8000e52: 2110 movs r1, #16 + 8000e54: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000e58: f000 fa44 bl 80012e4 + uint8_t buf[127]; + const uint8_t *p = pixels; + + // NOTE: must also update code in oled_show_progress, which dups this heavily. + while(1) { + uint8_t hdr = *(p++); + 8000e5c: 7823 ldrb r3, [r4, #0] + if(!hdr) break; + 8000e5e: b1b3 cbz r3, 8000e8e + + uint8_t len = hdr & 0x7f; + 8000e60: f003 057f and.w r5, r3, #127 ; 0x7f + if(hdr & 0x80) { + 8000e64: 061b lsls r3, r3, #24 + 8000e66: d50b bpl.n 8000e80 + uint8_t hdr = *(p++); + 8000e68: 3401 adds r4, #1 + // random bytes follow + memcpy(buf, p, len); + 8000e6a: 4621 mov r1, r4 + 8000e6c: 462a mov r2, r5 + 8000e6e: 4668 mov r0, sp + 8000e70: f00c fba6 bl 800d5c0 + p += len; + 8000e74: 442c add r4, r5 + // repeat same byte + memset(buf, *p, len); + p++; + } + + write_bytes(len, buf); + 8000e76: 4669 mov r1, sp + 8000e78: 4628 mov r0, r5 + 8000e7a: f7ff fec7 bl 8000c0c + while(1) { + 8000e7e: e7ed b.n 8000e5c + memset(buf, *p, len); + 8000e80: 7861 ldrb r1, [r4, #1] + 8000e82: 462a mov r2, r5 + 8000e84: 4668 mov r0, sp + 8000e86: f00c fbc3 bl 800d610 + p++; + 8000e8a: 3402 adds r4, #2 + 8000e8c: e7f3 b.n 8000e76 + } + + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000e8e: 2201 movs r2, #1 + 8000e90: 2110 movs r1, #16 + 8000e92: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000e96: f000 fa25 bl 80012e4 + rng_delay(); + 8000e9a: f001 fc5f bl 800275c +} + 8000e9e: b021 add sp, #132 ; 0x84 + 8000ea0: bd30 pop {r4, r5, pc} + 8000ea2: bf00 nop + 8000ea4: 0800d72d .word 0x0800d72d + +08000ea8 : +// +// Perform simple RLE decompression, and add a bar on final screen line. +// + void +oled_show_progress(const uint8_t *pixels, int progress) +{ + 8000ea8: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + 8000eac: b0a1 sub sp, #132 ; 0x84 + 8000eae: 460d mov r5, r1 + 8000eb0: 4606 mov r6, r0 + oled_setup(); + 8000eb2: f7ff ff27 bl 8000d04 + + oled_write_cmd_sequence(sizeof(before_show), before_show); + 8000eb6: 493b ldr r1, [pc, #236] ; (8000fa4 ) + 8000eb8: 2006 movs r0, #6 + 8000eba: f7ff fed3 bl 8000c64 + + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000ebe: 2201 movs r2, #1 + 8000ec0: 2110 movs r1, #16 + 8000ec2: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000ec6: f000 fa0d bl 80012e4 + HAL_GPIO_WritePin(GPIOA, DC_PIN, 1); + 8000eca: 2201 movs r2, #1 + 8000ecc: f44f 7180 mov.w r1, #256 ; 0x100 + 8000ed0: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000ed4: f000 fa06 bl 80012e4 + HAL_GPIO_WritePin(GPIOA, CS_PIN, 0); + 8000ed8: 2110 movs r1, #16 + 8000eda: 2200 movs r2, #0 + 8000edc: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000ee0: f000 fa00 bl 80012e4 + + uint8_t buf[127]; + const uint8_t *p = pixels; + + const uint16_t p_start = 896; + uint32_t p_count = 1280 * progress / 1000; + 8000ee4: f44f 61a0 mov.w r1, #1280 ; 0x500 + 8000ee8: 434d muls r5, r1 + 8000eea: 2400 movs r4, #0 + 8000eec: f44f 717a mov.w r1, #1000 ; 0x3e8 + 8000ef0: fb95 f5f1 sdiv r5, r5, r1 + + if(p_count > 128) p_count = 128; + 8000ef4: 2d80 cmp r5, #128 ; 0x80 + 8000ef6: bf28 it cs + 8000ef8: 2580 movcs r5, #128 ; 0x80 + uint32_t p_count = 1280 * progress / 1000; + 8000efa: 46a0 mov r8, r4 + + bool last_line = false; + + uint16_t offset = 0; + while(1) { + uint8_t hdr = *(p++); + 8000efc: 7833 ldrb r3, [r6, #0] + if(hdr == 0) break; + 8000efe: 2b00 cmp r3, #0 + 8000f00: d045 beq.n 8000f8e + + uint8_t len = hdr & 0x7f; + 8000f02: f003 097f and.w r9, r3, #127 ; 0x7f + if(hdr & 0x80) { + 8000f06: 061b lsls r3, r3, #24 + 8000f08: d524 bpl.n 8000f54 + uint8_t hdr = *(p++); + 8000f0a: 3601 adds r6, #1 + // random bytes follow + memcpy(buf, p, len); + 8000f0c: 4631 mov r1, r6 + 8000f0e: 464a mov r2, r9 + 8000f10: 4668 mov r0, sp + 8000f12: f00c fb55 bl 800d5c0 + p += len; + 8000f16: 444e add r6, r9 + // repeat same byte + memset(buf, *p, len); + p++; + } + + if(!last_line && (offset+len) >= p_start) { + 8000f18: f1b8 0f00 cmp.w r8, #0 + 8000f1c: d117 bne.n 8000f4e + 8000f1e: eb04 0309 add.w r3, r4, r9 + 8000f22: f5b3 7f60 cmp.w r3, #896 ; 0x380 + 8000f26: db29 blt.n 8000f7c + last_line = true; + + // adjust so we're aligned w/ last line + int h = p_start - offset; + if(h) { + 8000f28: f5d4 7460 rsbs r4, r4, #896 ; 0x380 + 8000f2c: d00d beq.n 8000f4a + write_bytes(h, buf); + 8000f2e: 4669 mov r1, sp + 8000f30: 4620 mov r0, r4 + memmove(buf, buf+h, len-h); + 8000f32: eba9 0904 sub.w r9, r9, r4 + write_bytes(h, buf); + 8000f36: f7ff fe69 bl 8000c0c + memmove(buf, buf+h, len-h); + 8000f3a: 464a mov r2, r9 + 8000f3c: eb0d 0104 add.w r1, sp, r4 + 8000f40: 4668 mov r0, sp + 8000f42: f00c fb4b bl 800d5dc + len -= h; + 8000f46: fa5f f989 uxtb.w r9, r9 + offset += h; + 8000f4a: f44f 7460 mov.w r4, #896 ; 0x380 + } + } + + if(last_line) { + 8000f4e: 466b mov r3, sp + while(1) { + 8000f50: 462f mov r7, r5 + 8000f52: e00c b.n 8000f6e + memset(buf, *p, len); + 8000f54: 7871 ldrb r1, [r6, #1] + 8000f56: 464a mov r2, r9 + 8000f58: 4668 mov r0, sp + 8000f5a: f00c fb59 bl 800d610 + p++; + 8000f5e: 3602 adds r6, #2 + 8000f60: e7da b.n 8000f18 + for(int j=0; (p_count > 0) && (j 0) && (j + 8000f70: 1bea subs r2, r5, r7 + 8000f72: 454a cmp r2, r9 + 8000f74: dbf5 blt.n 8000f62 + 8000f76: f04f 0801 mov.w r8, #1 + 8000f7a: e000 b.n 8000f7e + 8000f7c: 462f mov r7, r5 + } + } + + write_bytes(len, buf); + 8000f7e: 4669 mov r1, sp + 8000f80: 4648 mov r0, r9 + offset += len; + 8000f82: 444c add r4, r9 + write_bytes(len, buf); + 8000f84: f7ff fe42 bl 8000c0c + offset += len; + 8000f88: b2a4 uxth r4, r4 + while(1) { + 8000f8a: 463d mov r5, r7 + 8000f8c: e7b6 b.n 8000efc + } + + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000f8e: 2201 movs r2, #1 + 8000f90: 2110 movs r1, #16 + 8000f92: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000f96: f000 f9a5 bl 80012e4 + rng_delay(); + 8000f9a: f001 fbdf bl 800275c +} + 8000f9e: b021 add sp, #132 ; 0x84 + 8000fa0: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + 8000fa4: 0800d72d .word 0x0800d72d + +08000fa8 : + +// oled_factory_busy() +// + void +oled_factory_busy(void) +{ + 8000fa8: b510 push {r4, lr} + 8000faa: b0a0 sub sp, #128 ; 0x80 + 8000fac: 466a mov r2, sp + 8000fae: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 8000fb2: 4614 mov r4, r2 + }; + uint8_t data[128]; + + for(int x=0; x<128; x++) { + // each byte here is a vertical column, 8 pixels tall, MSB at bottom + data[x] = (1<<(7 - (x%8))); + 8000fb4: 2001 movs r0, #1 + 8000fb6: f003 0107 and.w r1, r3, #7 + for(int x=0; x<128; x++) { + 8000fba: 3b01 subs r3, #1 + data[x] = (1<<(7 - (x%8))); + 8000fbc: fa00 f101 lsl.w r1, r0, r1 + for(int x=0; x<128; x++) { + 8000fc0: f113 0f81 cmn.w r3, #129 ; 0x81 + data[x] = (1<<(7 - (x%8))); + 8000fc4: f802 1b01 strb.w r1, [r2], #1 + for(int x=0; x<128; x++) { + 8000fc8: d1f5 bne.n 8000fb6 + } + + oled_write_cmd_sequence(sizeof(setup), setup); + 8000fca: 4907 ldr r1, [pc, #28] ; (8000fe8 ) + 8000fcc: 2006 movs r0, #6 + 8000fce: f7ff fe49 bl 8000c64 + oled_write_data(sizeof(data), data); + 8000fd2: 4621 mov r1, r4 + 8000fd4: 2080 movs r0, #128 ; 0x80 + 8000fd6: f7ff fe51 bl 8000c7c + oled_write_cmd_sequence(sizeof(animate), animate); + 8000fda: 4904 ldr r1, [pc, #16] ; (8000fec ) + 8000fdc: 2009 movs r0, #9 + 8000fde: f7ff fe41 bl 8000c64 +} + 8000fe2: b020 add sp, #128 ; 0x80 + 8000fe4: bd10 pop {r4, pc} + 8000fe6: bf00 nop + 8000fe8: 0800d74c .word 0x0800d74c + 8000fec: 0800d724 .word 0x0800d724 + +08000ff0 : + * @param GPIO_Init: pointer to a GPIO_InitTypeDef structure that contains + * the configuration information for the specified GPIO peripheral. + * @retval None + */ +void HAL_GPIO_Init(GPIO_TypeDef *GPIOx, GPIO_InitTypeDef *GPIO_Init) +{ + 8000ff0: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + /*--------------------- EXTI Mode Configuration ------------------------*/ + /* Configure the External Interrupt or event for the current IO */ + if((GPIO_Init->Mode & EXTI_MODE) == EXTI_MODE) + { + /* Enable SYSCFG Clock */ + __HAL_RCC_SYSCFG_CLK_ENABLE(); + 8000ff4: f8df 81b4 ldr.w r8, [pc, #436] ; 80011ac + temp &= ~(((uint32_t)0x0F) << (4 * (position & 0x03))); + temp |= (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03))); + SYSCFG->EXTICR[position >> 2] = temp; + + /* Clear EXTI line configuration */ + temp = EXTI->IMR1; + 8000ff8: 4c6a ldr r4, [pc, #424] ; (80011a4 ) + temp |= (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03))); + 8000ffa: f8df 91b4 ldr.w r9, [pc, #436] ; 80011b0 +{ + 8000ffe: b085 sub sp, #20 + uint32_t position = 0x00; + 8001000: 2300 movs r3, #0 + while (((GPIO_Init->Pin) >> position) != RESET) + 8001002: 680a ldr r2, [r1, #0] + 8001004: fa32 f503 lsrs.w r5, r2, r3 + 8001008: d102 bne.n 8001010 + } + } + + position++; + } +} + 800100a: b005 add sp, #20 + 800100c: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + iocurrent = (GPIO_Init->Pin) & (1U << position); + 8001010: 2701 movs r7, #1 + 8001012: 409f lsls r7, r3 + if(iocurrent) + 8001014: 403a ands r2, r7 + 8001016: f000 80b4 beq.w 8001182 + if((GPIO_Init->Mode == GPIO_MODE_AF_PP) || (GPIO_Init->Mode == GPIO_MODE_AF_OD)) + 800101a: 684d ldr r5, [r1, #4] + 800101c: f025 0a10 bic.w sl, r5, #16 + 8001020: f1ba 0f02 cmp.w sl, #2 + 8001024: d116 bne.n 8001054 + temp = GPIOx->AFR[position >> 3]; + 8001026: ea4f 0ed3 mov.w lr, r3, lsr #3 + 800102a: eb00 0e8e add.w lr, r0, lr, lsl #2 + temp &= ~((uint32_t)0xF << ((uint32_t)(position & (uint32_t)0x07) * 4)) ; + 800102e: f003 0b07 and.w fp, r3, #7 + temp = GPIOx->AFR[position >> 3]; + 8001032: f8de 6020 ldr.w r6, [lr, #32] + temp &= ~((uint32_t)0xF << ((uint32_t)(position & (uint32_t)0x07) * 4)) ; + 8001036: ea4f 0b8b mov.w fp, fp, lsl #2 + 800103a: f04f 0c0f mov.w ip, #15 + 800103e: fa0c fc0b lsl.w ip, ip, fp + 8001042: ea26 0c0c bic.w ip, r6, ip + temp |= ((uint32_t)(GPIO_Init->Alternate) << (((uint32_t)position & (uint32_t)0x07) * 4)); + 8001046: 690e ldr r6, [r1, #16] + 8001048: fa06 f60b lsl.w r6, r6, fp + 800104c: ea46 060c orr.w r6, r6, ip + GPIOx->AFR[position >> 3] = temp; + 8001050: f8ce 6020 str.w r6, [lr, #32] + temp = GPIOx->MODER; + 8001054: f8d0 b000 ldr.w fp, [r0] + temp &= ~(GPIO_MODER_MODE0 << (position * 2)); + 8001058: ea4f 0e43 mov.w lr, r3, lsl #1 + 800105c: f04f 0c03 mov.w ip, #3 + 8001060: fa0c fc0e lsl.w ip, ip, lr + 8001064: ea6f 060c mvn.w r6, ip + 8001068: ea2b 0b0c bic.w fp, fp, ip + temp |= ((GPIO_Init->Mode & GPIO_MODE) << (position * 2)); + 800106c: f005 0c03 and.w ip, r5, #3 + 8001070: fa0c fc0e lsl.w ip, ip, lr + if((GPIO_Init->Mode == GPIO_MODE_OUTPUT_PP) || (GPIO_Init->Mode == GPIO_MODE_AF_PP) || + 8001074: f10a 3aff add.w sl, sl, #4294967295 ; 0xffffffff + temp |= ((GPIO_Init->Mode & GPIO_MODE) << (position * 2)); + 8001078: ea4c 0c0b orr.w ip, ip, fp + if((GPIO_Init->Mode == GPIO_MODE_OUTPUT_PP) || (GPIO_Init->Mode == GPIO_MODE_AF_PP) || + 800107c: f1ba 0f01 cmp.w sl, #1 + temp &= ~(GPIO_MODER_MODE0 << (position * 2)); + 8001080: 9601 str r6, [sp, #4] + GPIOx->MODER = temp; + 8001082: f8c0 c000 str.w ip, [r0] + if((GPIO_Init->Mode == GPIO_MODE_OUTPUT_PP) || (GPIO_Init->Mode == GPIO_MODE_AF_PP) || + 8001086: d815 bhi.n 80010b4 + temp = GPIOx->OSPEEDR; + 8001088: f8d0 c008 ldr.w ip, [r0, #8] + temp &= ~(GPIO_OSPEEDR_OSPEED0 << (position * 2)); + 800108c: ea06 0c0c and.w ip, r6, ip + temp |= (GPIO_Init->Speed << (position * 2)); + 8001090: 68ce ldr r6, [r1, #12] + 8001092: fa06 fa0e lsl.w sl, r6, lr + 8001096: ea4a 0c0c orr.w ip, sl, ip + GPIOx->OSPEEDR = temp; + 800109a: f8c0 c008 str.w ip, [r0, #8] + temp = GPIOx->OTYPER; + 800109e: f8d0 c004 ldr.w ip, [r0, #4] + temp &= ~(GPIO_OTYPER_OT0 << position) ; + 80010a2: ea2c 0707 bic.w r7, ip, r7 + temp |= (((GPIO_Init->Mode & GPIO_OUTPUT_TYPE) >> 4) << position); + 80010a6: f3c5 1c00 ubfx ip, r5, #4, #1 + 80010aa: fa0c fc03 lsl.w ip, ip, r3 + 80010ae: ea4c 0707 orr.w r7, ip, r7 + GPIOx->OTYPER = temp; + 80010b2: 6047 str r7, [r0, #4] + temp = GPIOx->PUPDR; + 80010b4: 68c7 ldr r7, [r0, #12] + temp &= ~(GPIO_PUPDR_PUPD0 << (position * 2)); + 80010b6: 9e01 ldr r6, [sp, #4] + 80010b8: 4037 ands r7, r6 + temp |= ((GPIO_Init->Pull) << (position * 2)); + 80010ba: 688e ldr r6, [r1, #8] + 80010bc: fa06 f60e lsl.w r6, r6, lr + 80010c0: 433e orrs r6, r7 + GPIOx->PUPDR = temp; + 80010c2: 60c6 str r6, [r0, #12] + if((GPIO_Init->Mode & EXTI_MODE) == EXTI_MODE) + 80010c4: 00ee lsls r6, r5, #3 + 80010c6: d55c bpl.n 8001182 + __HAL_RCC_SYSCFG_CLK_ENABLE(); + 80010c8: f8d8 6060 ldr.w r6, [r8, #96] ; 0x60 + 80010cc: f046 0601 orr.w r6, r6, #1 + 80010d0: f8c8 6060 str.w r6, [r8, #96] ; 0x60 + 80010d4: f8d8 6060 ldr.w r6, [r8, #96] ; 0x60 + 80010d8: f023 0703 bic.w r7, r3, #3 + 80010dc: f107 4780 add.w r7, r7, #1073741824 ; 0x40000000 + 80010e0: f006 0601 and.w r6, r6, #1 + 80010e4: f507 3780 add.w r7, r7, #65536 ; 0x10000 + 80010e8: 9603 str r6, [sp, #12] + temp &= ~(((uint32_t)0x0F) << (4 * (position & 0x03))); + 80010ea: f003 0c03 and.w ip, r3, #3 + __HAL_RCC_SYSCFG_CLK_ENABLE(); + 80010ee: 9e03 ldr r6, [sp, #12] + temp = SYSCFG->EXTICR[position >> 2]; + 80010f0: f8d7 a008 ldr.w sl, [r7, #8] + temp &= ~(((uint32_t)0x0F) << (4 * (position & 0x03))); + 80010f4: f04f 0e0f mov.w lr, #15 + 80010f8: ea4f 0c8c mov.w ip, ip, lsl #2 + 80010fc: fa0e f60c lsl.w r6, lr, ip + temp |= (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03))); + 8001100: f1b0 4f90 cmp.w r0, #1207959552 ; 0x48000000 + temp &= ~(((uint32_t)0x0F) << (4 * (position & 0x03))); + 8001104: ea2a 0e06 bic.w lr, sl, r6 + temp |= (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03))); + 8001108: d03d beq.n 8001186 + 800110a: 4e27 ldr r6, [pc, #156] ; (80011a8 ) + 800110c: 42b0 cmp r0, r6 + 800110e: d03c beq.n 800118a + 8001110: f506 6680 add.w r6, r6, #1024 ; 0x400 + 8001114: 42b0 cmp r0, r6 + 8001116: d03a beq.n 800118e + 8001118: f506 6680 add.w r6, r6, #1024 ; 0x400 + 800111c: 42b0 cmp r0, r6 + 800111e: d038 beq.n 8001192 + 8001120: f506 6680 add.w r6, r6, #1024 ; 0x400 + 8001124: 42b0 cmp r0, r6 + 8001126: d036 beq.n 8001196 + 8001128: f506 6680 add.w r6, r6, #1024 ; 0x400 + 800112c: 42b0 cmp r0, r6 + 800112e: d034 beq.n 800119a + 8001130: 4548 cmp r0, r9 + 8001132: d034 beq.n 800119e + 8001134: f506 6600 add.w r6, r6, #2048 ; 0x800 + 8001138: 42b0 cmp r0, r6 + 800113a: bf0c ite eq + 800113c: 2607 moveq r6, #7 + 800113e: 2608 movne r6, #8 + 8001140: fa06 f60c lsl.w r6, r6, ip + 8001144: ea46 060e orr.w r6, r6, lr + SYSCFG->EXTICR[position >> 2] = temp; + 8001148: 60be str r6, [r7, #8] + temp = EXTI->IMR1; + 800114a: 6826 ldr r6, [r4, #0] + temp &= ~((uint32_t)iocurrent); + 800114c: 43d7 mvns r7, r2 + if((GPIO_Init->Mode & GPIO_MODE_IT) == GPIO_MODE_IT) + 800114e: f415 3f80 tst.w r5, #65536 ; 0x10000 + temp &= ~((uint32_t)iocurrent); + 8001152: bf0c ite eq + 8001154: 403e andeq r6, r7 + temp |= iocurrent; + 8001156: 4316 orrne r6, r2 + EXTI->IMR1 = temp; + 8001158: 6026 str r6, [r4, #0] + temp = EXTI->EMR1; + 800115a: 6866 ldr r6, [r4, #4] + if((GPIO_Init->Mode & GPIO_MODE_EVT) == GPIO_MODE_EVT) + 800115c: f415 3f00 tst.w r5, #131072 ; 0x20000 + temp &= ~((uint32_t)iocurrent); + 8001160: bf0c ite eq + 8001162: 403e andeq r6, r7 + temp |= iocurrent; + 8001164: 4316 orrne r6, r2 + EXTI->EMR1 = temp; + 8001166: 6066 str r6, [r4, #4] + temp = EXTI->RTSR1; + 8001168: 68a6 ldr r6, [r4, #8] + if((GPIO_Init->Mode & RISING_EDGE) == RISING_EDGE) + 800116a: f415 1f80 tst.w r5, #1048576 ; 0x100000 + temp &= ~((uint32_t)iocurrent); + 800116e: bf0c ite eq + 8001170: 403e andeq r6, r7 + temp |= iocurrent; + 8001172: 4316 orrne r6, r2 + EXTI->RTSR1 = temp; + 8001174: 60a6 str r6, [r4, #8] + temp = EXTI->FTSR1; + 8001176: 68e6 ldr r6, [r4, #12] + if((GPIO_Init->Mode & FALLING_EDGE) == FALLING_EDGE) + 8001178: 02ad lsls r5, r5, #10 + temp &= ~((uint32_t)iocurrent); + 800117a: bf54 ite pl + 800117c: 403e andpl r6, r7 + temp |= iocurrent; + 800117e: 4316 orrmi r6, r2 + EXTI->FTSR1 = temp; + 8001180: 60e6 str r6, [r4, #12] + position++; + 8001182: 3301 adds r3, #1 + 8001184: e73d b.n 8001002 + temp |= (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03))); + 8001186: 2600 movs r6, #0 + 8001188: e7da b.n 8001140 + 800118a: 2601 movs r6, #1 + 800118c: e7d8 b.n 8001140 + 800118e: 2602 movs r6, #2 + 8001190: e7d6 b.n 8001140 + 8001192: 2603 movs r6, #3 + 8001194: e7d4 b.n 8001140 + 8001196: 2604 movs r6, #4 + 8001198: e7d2 b.n 8001140 + 800119a: 2605 movs r6, #5 + 800119c: e7d0 b.n 8001140 + 800119e: 2606 movs r6, #6 + 80011a0: e7ce b.n 8001140 + 80011a2: bf00 nop + 80011a4: 40010400 .word 0x40010400 + 80011a8: 48000400 .word 0x48000400 + 80011ac: 40021000 .word 0x40021000 + 80011b0: 48001800 .word 0x48001800 + +080011b4 : + * @param GPIO_Pin: specifies the port bit to be written. + * This parameter can be one of GPIO_PIN_x where x can be (0..15). + * @retval None + */ +void HAL_GPIO_DeInit(GPIO_TypeDef *GPIOx, uint32_t GPIO_Pin) +{ + 80011b4: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + { + tmp = ((uint32_t)0x0F) << (4 * (position & 0x03)); + SYSCFG->EXTICR[position >> 2] &= ~tmp; + + /* Clear EXTI line configuration */ + EXTI->IMR1 &= ~((uint32_t)iocurrent); + 80011b8: 4c43 ldr r4, [pc, #268] ; (80012c8 ) + if(tmp == (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03)))) + 80011ba: f8df a114 ldr.w sl, [pc, #276] ; 80012d0 + 80011be: f8df b114 ldr.w fp, [pc, #276] ; 80012d4 + uint32_t position = 0x00; + 80011c2: 2200 movs r2, #0 + iocurrent = (GPIO_Pin) & (1U << position); + 80011c4: f04f 0901 mov.w r9, #1 + while ((GPIO_Pin >> position) != RESET) + 80011c8: fa31 f302 lsrs.w r3, r1, r2 + 80011cc: d101 bne.n 80011d2 + } + } + + position++; + } +} + 80011ce: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + iocurrent = (GPIO_Pin) & (1U << position); + 80011d2: fa09 f802 lsl.w r8, r9, r2 + if (iocurrent) + 80011d6: ea18 0c01 ands.w ip, r8, r1 + 80011da: d064 beq.n 80012a6 + GPIOx->MODER |= (GPIO_MODER_MODE0 << (position * 2)); + 80011dc: 6805 ldr r5, [r0, #0] + 80011de: 2303 movs r3, #3 + 80011e0: 0056 lsls r6, r2, #1 + 80011e2: fa03 f606 lsl.w r6, r3, r6 + GPIOx->AFR[position >> 3] &= ~((uint32_t)0xF << ((uint32_t)(position & (uint32_t)0x07) * 4)) ; + 80011e6: fa22 fe03 lsr.w lr, r2, r3 + GPIOx->MODER |= (GPIO_MODER_MODE0 << (position * 2)); + 80011ea: 4335 orrs r5, r6 + 80011ec: eb00 0e8e add.w lr, r0, lr, lsl #2 + 80011f0: 6005 str r5, [r0, #0] + GPIOx->AFR[position >> 3] &= ~((uint32_t)0xF << ((uint32_t)(position & (uint32_t)0x07) * 4)) ; + 80011f2: f8de 5020 ldr.w r5, [lr, #32] + 80011f6: f002 0707 and.w r7, r2, #7 + 80011fa: 462b mov r3, r5 + 80011fc: 00bf lsls r7, r7, #2 + 80011fe: 250f movs r5, #15 + 8001200: fa05 f707 lsl.w r7, r5, r7 + 8001204: ea23 0707 bic.w r7, r3, r7 + 8001208: f8ce 7020 str.w r7, [lr, #32] + GPIOx->OSPEEDR &= ~(GPIO_OSPEEDR_OSPEED0 << (position * 2)); + 800120c: 6887 ldr r7, [r0, #8] + 800120e: ea27 0706 bic.w r7, r7, r6 + 8001212: 6087 str r7, [r0, #8] + GPIOx->OTYPER &= ~(GPIO_OTYPER_OT0 << position) ; + 8001214: 6847 ldr r7, [r0, #4] + 8001216: ea27 0708 bic.w r7, r7, r8 + 800121a: 6047 str r7, [r0, #4] + GPIOx->PUPDR &= ~(GPIO_PUPDR_PUPD0 << (position * 2)); + 800121c: 68c7 ldr r7, [r0, #12] + 800121e: ea27 0606 bic.w r6, r7, r6 + 8001222: 60c6 str r6, [r0, #12] + tmp = SYSCFG->EXTICR[position >> 2]; + 8001224: f022 0603 bic.w r6, r2, #3 + 8001228: f106 4680 add.w r6, r6, #1073741824 ; 0x40000000 + 800122c: f506 3680 add.w r6, r6, #65536 ; 0x10000 + tmp &= (((uint32_t)0x0F) << (4 * (position & 0x03))); + 8001230: f002 0703 and.w r7, r2, #3 + tmp = SYSCFG->EXTICR[position >> 2]; + 8001234: f8d6 e008 ldr.w lr, [r6, #8] + tmp &= (((uint32_t)0x0F) << (4 * (position & 0x03))); + 8001238: 00bf lsls r7, r7, #2 + 800123a: 40bd lsls r5, r7 + if(tmp == (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03)))) + 800123c: f1b0 4f90 cmp.w r0, #1207959552 ; 0x48000000 + tmp &= (((uint32_t)0x0F) << (4 * (position & 0x03))); + 8001240: ea05 0e0e and.w lr, r5, lr + if(tmp == (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03)))) + 8001244: d031 beq.n 80012aa + 8001246: 4b21 ldr r3, [pc, #132] ; (80012cc ) + 8001248: 4298 cmp r0, r3 + 800124a: d030 beq.n 80012ae + 800124c: f503 6380 add.w r3, r3, #1024 ; 0x400 + 8001250: 4298 cmp r0, r3 + 8001252: d02e beq.n 80012b2 + 8001254: f503 6380 add.w r3, r3, #1024 ; 0x400 + 8001258: 4298 cmp r0, r3 + 800125a: d02c beq.n 80012b6 + 800125c: f503 6380 add.w r3, r3, #1024 ; 0x400 + 8001260: 4298 cmp r0, r3 + 8001262: d02a beq.n 80012ba + 8001264: f503 6380 add.w r3, r3, #1024 ; 0x400 + 8001268: 4298 cmp r0, r3 + 800126a: d028 beq.n 80012be + 800126c: 4550 cmp r0, sl + 800126e: d028 beq.n 80012c2 + 8001270: 4558 cmp r0, fp + 8001272: bf0c ite eq + 8001274: 2307 moveq r3, #7 + 8001276: 2308 movne r3, #8 + 8001278: 40bb lsls r3, r7 + 800127a: 4573 cmp r3, lr + 800127c: d113 bne.n 80012a6 + SYSCFG->EXTICR[position >> 2] &= ~tmp; + 800127e: 68b3 ldr r3, [r6, #8] + 8001280: ea23 0505 bic.w r5, r3, r5 + 8001284: 60b5 str r5, [r6, #8] + EXTI->IMR1 &= ~((uint32_t)iocurrent); + 8001286: 6823 ldr r3, [r4, #0] + 8001288: ea23 030c bic.w r3, r3, ip + 800128c: 6023 str r3, [r4, #0] + EXTI->EMR1 &= ~((uint32_t)iocurrent); + 800128e: 6863 ldr r3, [r4, #4] + 8001290: ea23 030c bic.w r3, r3, ip + 8001294: 6063 str r3, [r4, #4] + EXTI->RTSR1 &= ~((uint32_t)iocurrent); + 8001296: 68a3 ldr r3, [r4, #8] + 8001298: ea23 030c bic.w r3, r3, ip + 800129c: 60a3 str r3, [r4, #8] + EXTI->FTSR1 &= ~((uint32_t)iocurrent); + 800129e: 68e3 ldr r3, [r4, #12] + 80012a0: ea23 030c bic.w r3, r3, ip + 80012a4: 60e3 str r3, [r4, #12] + position++; + 80012a6: 3201 adds r2, #1 + 80012a8: e78e b.n 80011c8 + if(tmp == (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03)))) + 80012aa: 2300 movs r3, #0 + 80012ac: e7e4 b.n 8001278 + 80012ae: 2301 movs r3, #1 + 80012b0: e7e2 b.n 8001278 + 80012b2: 2302 movs r3, #2 + 80012b4: e7e0 b.n 8001278 + 80012b6: 2303 movs r3, #3 + 80012b8: e7de b.n 8001278 + 80012ba: 2304 movs r3, #4 + 80012bc: e7dc b.n 8001278 + 80012be: 2305 movs r3, #5 + 80012c0: e7da b.n 8001278 + 80012c2: 2306 movs r3, #6 + 80012c4: e7d8 b.n 8001278 + 80012c6: bf00 nop + 80012c8: 40010400 .word 0x40010400 + 80012cc: 48000400 .word 0x48000400 + 80012d0: 48001800 .word 0x48001800 + 80012d4: 48001c00 .word 0x48001c00 + +080012d8 : + GPIO_PinState bitstatus; + + /* Check the parameters */ + assert_param(IS_GPIO_PIN(GPIO_Pin)); + + if((GPIOx->IDR & GPIO_Pin) != (uint32_t)GPIO_PIN_RESET) + 80012d8: 6903 ldr r3, [r0, #16] + 80012da: 4219 tst r1, r3 + else + { + bitstatus = GPIO_PIN_RESET; + } + return bitstatus; +} + 80012dc: bf14 ite ne + 80012de: 2001 movne r0, #1 + 80012e0: 2000 moveq r0, #0 + 80012e2: 4770 bx lr + +080012e4 : +{ + /* Check the parameters */ + assert_param(IS_GPIO_PIN(GPIO_Pin)); + assert_param(IS_GPIO_PIN_ACTION(PinState)); + + if(PinState != GPIO_PIN_RESET) + 80012e4: b10a cbz r2, 80012ea + { + GPIOx->BSRR = (uint32_t)GPIO_Pin; + 80012e6: 6181 str r1, [r0, #24] + 80012e8: 4770 bx lr + } + else + { + GPIOx->BRR = (uint32_t)GPIO_Pin; + 80012ea: 6281 str r1, [r0, #40] ; 0x28 + } +} + 80012ec: 4770 bx lr + +080012ee : +void HAL_GPIO_TogglePin(GPIO_TypeDef* GPIOx, uint16_t GPIO_Pin) +{ + /* Check the parameters */ + assert_param(IS_GPIO_PIN(GPIO_Pin)); + + GPIOx->ODR ^= GPIO_Pin; + 80012ee: 6943 ldr r3, [r0, #20] + 80012f0: 4059 eors r1, r3 + 80012f2: 6141 str r1, [r0, #20] +} + 80012f4: 4770 bx lr + +080012f6 : + * @param GPIO_Pin: specifies the port bits to be locked. + * This parameter can be any combination of GPIO_Pin_x where x can be (0..15). + * @retval None + */ +HAL_StatusTypeDef HAL_GPIO_LockPin(GPIO_TypeDef* GPIOx, uint16_t GPIO_Pin) +{ + 80012f6: b082 sub sp, #8 + __IO uint32_t tmp = GPIO_LCKR_LCKK; + 80012f8: f44f 3380 mov.w r3, #65536 ; 0x10000 + 80012fc: 9301 str r3, [sp, #4] + /* Check the parameters */ + assert_param(IS_GPIO_LOCK_INSTANCE(GPIOx)); + assert_param(IS_GPIO_PIN(GPIO_Pin)); + + /* Apply lock key write sequence */ + tmp |= GPIO_Pin; + 80012fe: 9b01 ldr r3, [sp, #4] + 8001300: 430b orrs r3, r1 + 8001302: 9301 str r3, [sp, #4] + /* Set LCKx bit(s): LCKK='1' + LCK[15-0] */ + GPIOx->LCKR = tmp; + 8001304: 9b01 ldr r3, [sp, #4] + 8001306: 61c3 str r3, [r0, #28] + /* Reset LCKx bit(s): LCKK='0' + LCK[15-0] */ + GPIOx->LCKR = GPIO_Pin; + 8001308: 61c1 str r1, [r0, #28] + /* Set LCKx bit(s): LCKK='1' + LCK[15-0] */ + GPIOx->LCKR = tmp; + 800130a: 9b01 ldr r3, [sp, #4] + 800130c: 61c3 str r3, [r0, #28] + /* Read LCKK bit*/ + tmp = GPIOx->LCKR; + 800130e: 69c3 ldr r3, [r0, #28] + 8001310: 9301 str r3, [sp, #4] + + if((GPIOx->LCKR & GPIO_LCKR_LCKK) != RESET) + 8001312: 69c0 ldr r0, [r0, #28] + 8001314: f480 3080 eor.w r0, r0, #65536 ; 0x10000 + } + else + { + return HAL_ERROR; + } +} + 8001318: f3c0 4000 ubfx r0, r0, #16, #1 + 800131c: b002 add sp, #8 + 800131e: 4770 bx lr + +08001320 : + UNUSED(GPIO_Pin); + + /* NOTE: This function should not be modified, when the callback is needed, + the HAL_GPIO_EXTI_Callback could be implemented in the user file + */ +} + 8001320: 4770 bx lr + ... + +08001324 : + if(__HAL_GPIO_EXTI_GET_IT(GPIO_Pin) != RESET) + 8001324: 4a04 ldr r2, [pc, #16] ; (8001338 ) + 8001326: 6951 ldr r1, [r2, #20] + 8001328: 4201 tst r1, r0 +{ + 800132a: b508 push {r3, lr} + if(__HAL_GPIO_EXTI_GET_IT(GPIO_Pin) != RESET) + 800132c: d002 beq.n 8001334 + __HAL_GPIO_EXTI_CLEAR_IT(GPIO_Pin); + 800132e: 6150 str r0, [r2, #20] + HAL_GPIO_EXTI_Callback(GPIO_Pin); + 8001330: f7ff fff6 bl 8001320 +} + 8001334: bd08 pop {r3, pc} + 8001336: bf00 nop + 8001338: 40010400 .word 0x40010400 + +0800133c : +static HAL_StatusTypeDef SPI_WaitFifoStateUntilTimeout(SPI_HandleTypeDef *hspi, uint32_t Fifo, uint32_t State, + uint32_t Timeout, uint32_t Tickstart) +{ + __IO uint8_t tmpreg; + + while ((hspi->Instance->SR & Fifo) != State) + 800133c: 6803 ldr r3, [r0, #0] +static HAL_StatusTypeDef SPI_EndRxTxTransaction(SPI_HandleTypeDef *hspi, uint32_t Timeout, uint32_t Tickstart) + 800133e: b082 sub sp, #8 + while ((hspi->Instance->SR & Fifo) != State) + 8001340: 689a ldr r2, [r3, #8] + 8001342: f412 5fc0 tst.w r2, #6144 ; 0x1800 + 8001346: d1fb bne.n 8001340 + * @retval HAL status + */ +static HAL_StatusTypeDef SPI_WaitFlagStateUntilTimeout(SPI_HandleTypeDef *hspi, uint32_t Flag, uint32_t State, + uint32_t Timeout, uint32_t Tickstart) +{ + while ((__HAL_SPI_GET_FLAG(hspi, Flag) ? SET : RESET) != State) + 8001348: 689a ldr r2, [r3, #8] + 800134a: 0612 lsls r2, r2, #24 + 800134c: d4fc bmi.n 8001348 + while ((hspi->Instance->SR & Fifo) != State) + 800134e: 6898 ldr r0, [r3, #8] + 8001350: f410 60c0 ands.w r0, r0, #1536 ; 0x600 + 8001354: d101 bne.n 800135a +} + 8001356: b002 add sp, #8 + 8001358: 4770 bx lr + tmpreg = *((__IO uint8_t *)&hspi->Instance->DR); + 800135a: 7b1a ldrb r2, [r3, #12] + 800135c: b2d2 uxtb r2, r2 + 800135e: f88d 2007 strb.w r2, [sp, #7] + UNUSED(tmpreg); + 8001362: f89d 2007 ldrb.w r2, [sp, #7] + 8001366: e7f2 b.n 800134e + +08001368 : +{ + 8001368: b5f0 push {r4, r5, r6, r7, lr} + if (hspi == NULL) + 800136a: 2800 cmp r0, #0 + 800136c: d054 beq.n 8001418 + if (hspi->State == HAL_SPI_STATE_RESET) + 800136e: f890 305d ldrb.w r3, [r0, #93] ; 0x5d + if (hspi->Init.TIMode == SPI_TIMODE_DISABLE) + 8001372: f8d0 c024 ldr.w ip, [r0, #36] ; 0x24 + if (hspi->State == HAL_SPI_STATE_RESET) + 8001376: f003 02ff and.w r2, r3, #255 ; 0xff + 800137a: b90b cbnz r3, 8001380 + hspi->Lock = HAL_UNLOCKED; + 800137c: f880 205c strb.w r2, [r0, #92] ; 0x5c + __HAL_SPI_DISABLE(hspi); + 8001380: 6801 ldr r1, [r0, #0] + if (hspi->Init.DataSize > SPI_DATASIZE_8BIT) + 8001382: 68c2 ldr r2, [r0, #12] + hspi->State = HAL_SPI_STATE_BUSY; + 8001384: 2302 movs r3, #2 + 8001386: f880 305d strb.w r3, [r0, #93] ; 0x5d + __HAL_SPI_DISABLE(hspi); + 800138a: 680b ldr r3, [r1, #0] + if (hspi->Init.DataSize > SPI_DATASIZE_8BIT) + 800138c: f5b2 6fe0 cmp.w r2, #1792 ; 0x700 + __HAL_SPI_DISABLE(hspi); + 8001390: f023 0340 bic.w r3, r3, #64 ; 0x40 + 8001394: 600b str r3, [r1, #0] + if (hspi->Init.DataSize > SPI_DATASIZE_8BIT) + 8001396: f04f 0300 mov.w r3, #0 + 800139a: d83f bhi.n 800141c + frxth = SPI_RXFIFO_THRESHOLD_QF; + 800139c: f44f 5580 mov.w r5, #4096 ; 0x1000 + if ((hspi->Init.DataSize != SPI_DATASIZE_16BIT) && (hspi->Init.DataSize != SPI_DATASIZE_8BIT)) + 80013a0: d000 beq.n 80013a4 + hspi->Init.CRCCalculation = SPI_CRCCALCULATION_DISABLE; + 80013a2: 6283 str r3, [r0, #40] ; 0x28 + if (hspi->Init.CRCLength == SPI_CRC_LENGTH_DATASIZE) + 80013a4: 6b03 ldr r3, [r0, #48] ; 0x30 + 80013a6: b92b cbnz r3, 80013b4 + if (hspi->Init.DataSize > SPI_DATASIZE_8BIT) + 80013a8: f5b2 6fe0 cmp.w r2, #1792 ; 0x700 + hspi->Init.CRCLength = SPI_CRC_LENGTH_16BIT; + 80013ac: bf8c ite hi + 80013ae: 2302 movhi r3, #2 + hspi->Init.CRCLength = SPI_CRC_LENGTH_8BIT; + 80013b0: 2301 movls r3, #1 + 80013b2: 6303 str r3, [r0, #48] ; 0x30 + WRITE_REG(hspi->Instance->CR1, (hspi->Init.Mode | hspi->Init.Direction | + 80013b4: e9d0 3701 ldrd r3, r7, [r0, #4] + 80013b8: 433b orrs r3, r7 + 80013ba: 6907 ldr r7, [r0, #16] + 80013bc: 6984 ldr r4, [r0, #24] + 80013be: 6a86 ldr r6, [r0, #40] ; 0x28 + 80013c0: 433b orrs r3, r7 + 80013c2: 6947 ldr r7, [r0, #20] + 80013c4: 433b orrs r3, r7 + 80013c6: 69c7 ldr r7, [r0, #28] + 80013c8: 433b orrs r3, r7 + 80013ca: 6a07 ldr r7, [r0, #32] + 80013cc: 433b orrs r3, r7 + 80013ce: 4333 orrs r3, r6 + 80013d0: f404 7700 and.w r7, r4, #512 ; 0x200 + 80013d4: 433b orrs r3, r7 + 80013d6: 600b str r3, [r1, #0] + if (hspi->Init.CRCLength == SPI_CRC_LENGTH_16BIT) + 80013d8: 6b03 ldr r3, [r0, #48] ; 0x30 + 80013da: 2b02 cmp r3, #2 + hspi->Instance->CR1 |= SPI_CR1_CRCL; + 80013dc: bf02 ittt eq + 80013de: 680b ldreq r3, [r1, #0] + 80013e0: f443 6300 orreq.w r3, r3, #2048 ; 0x800 + 80013e4: 600b streq r3, [r1, #0] + WRITE_REG(hspi->Instance->CR2, (((hspi->Init.NSS >> 16U) & SPI_CR2_SSOE) | hspi->Init.TIMode | + 80013e6: 6b43 ldr r3, [r0, #52] ; 0x34 + 80013e8: ea4c 0202 orr.w r2, ip, r2 + 80013ec: 0c24 lsrs r4, r4, #16 + 80013ee: 431a orrs r2, r3 + 80013f0: f004 0404 and.w r4, r4, #4 + 80013f4: 4322 orrs r2, r4 + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 80013f6: f5b6 5f00 cmp.w r6, #8192 ; 0x2000 + WRITE_REG(hspi->Instance->CRCPR, hspi->Init.CRCPolynomial); + 80013fa: bf08 it eq + 80013fc: 6ac3 ldreq r3, [r0, #44] ; 0x2c + WRITE_REG(hspi->Instance->CR2, (((hspi->Init.NSS >> 16U) & SPI_CR2_SSOE) | hspi->Init.TIMode | + 80013fe: ea45 0502 orr.w r5, r5, r2 + 8001402: 604d str r5, [r1, #4] + hspi->State = HAL_SPI_STATE_READY; + 8001404: f04f 0201 mov.w r2, #1 + WRITE_REG(hspi->Instance->CRCPR, hspi->Init.CRCPolynomial); + 8001408: bf08 it eq + 800140a: 610b streq r3, [r1, #16] + hspi->ErrorCode = HAL_SPI_ERROR_NONE; + 800140c: 2300 movs r3, #0 + 800140e: 6603 str r3, [r0, #96] ; 0x60 + hspi->State = HAL_SPI_STATE_READY; + 8001410: f880 205d strb.w r2, [r0, #93] ; 0x5d + return HAL_OK; + 8001414: 4618 mov r0, r3 +} + 8001416: bdf0 pop {r4, r5, r6, r7, pc} + return HAL_ERROR; + 8001418: 2001 movs r0, #1 + 800141a: e7fc b.n 8001416 + frxth = SPI_RXFIFO_THRESHOLD_HF; + 800141c: 461d mov r5, r3 + if ((hspi->Init.DataSize != SPI_DATASIZE_16BIT) && (hspi->Init.DataSize != SPI_DATASIZE_8BIT)) + 800141e: f5b2 6f70 cmp.w r2, #3840 ; 0xf00 + 8001422: e7bd b.n 80013a0 + +08001424 : +{ + 8001424: e92d 41f3 stmdb sp!, {r0, r1, r4, r5, r6, r7, r8, lr} + 8001428: 461e mov r6, r3 + __HAL_LOCK(hspi); + 800142a: f890 305c ldrb.w r3, [r0, #92] ; 0x5c + 800142e: 2b01 cmp r3, #1 +{ + 8001430: 4604 mov r4, r0 + 8001432: 460d mov r5, r1 + 8001434: 4690 mov r8, r2 + __HAL_LOCK(hspi); + 8001436: f000 809c beq.w 8001572 + 800143a: 2301 movs r3, #1 + 800143c: f880 305c strb.w r3, [r0, #92] ; 0x5c + tickstart = HAL_GetTick(); + 8001440: f005 fe3e bl 80070c0 + if (hspi->State != HAL_SPI_STATE_READY) + 8001444: f894 305d ldrb.w r3, [r4, #93] ; 0x5d + 8001448: 2b01 cmp r3, #1 + tickstart = HAL_GetTick(); + 800144a: 4607 mov r7, r0 + if (hspi->State != HAL_SPI_STATE_READY) + 800144c: b2d8 uxtb r0, r3 + 800144e: f040 808e bne.w 800156e + if ((pData == NULL) || (Size == 0U)) + 8001452: 2d00 cmp r5, #0 + 8001454: d07a beq.n 800154c + 8001456: f1b8 0f00 cmp.w r8, #0 + 800145a: d077 beq.n 800154c + hspi->State = HAL_SPI_STATE_BUSY_TX; + 800145c: 2303 movs r3, #3 + 800145e: f884 305d strb.w r3, [r4, #93] ; 0x5d + if (hspi->Init.Direction == SPI_DIRECTION_1LINE) + 8001462: 68a3 ldr r3, [r4, #8] + SPI_1LINE_TX(hspi); + 8001464: 6822 ldr r2, [r4, #0] + hspi->pTxBuffPtr = (uint8_t *)pData; + 8001466: 63a5 str r5, [r4, #56] ; 0x38 + hspi->ErrorCode = HAL_SPI_ERROR_NONE; + 8001468: 2100 movs r1, #0 + if (hspi->Init.Direction == SPI_DIRECTION_1LINE) + 800146a: f5b3 4f00 cmp.w r3, #32768 ; 0x8000 + hspi->ErrorCode = HAL_SPI_ERROR_NONE; + 800146e: 6621 str r1, [r4, #96] ; 0x60 + hspi->TxXferCount = Size; + 8001470: f8a4 803e strh.w r8, [r4, #62] ; 0x3e + hspi->RxXferCount = 0U; + 8001474: f8a4 1046 strh.w r1, [r4, #70] ; 0x46 + SPI_1LINE_TX(hspi); + 8001478: bf08 it eq + 800147a: 6813 ldreq r3, [r2, #0] + hspi->TxXferSize = Size; + 800147c: f8a4 803c strh.w r8, [r4, #60] ; 0x3c + SPI_1LINE_TX(hspi); + 8001480: bf08 it eq + 8001482: f443 4380 orreq.w r3, r3, #16384 ; 0x4000 + hspi->RxISR = NULL; + 8001486: e9c4 1113 strd r1, r1, [r4, #76] ; 0x4c + hspi->pRxBuffPtr = (uint8_t *)NULL; + 800148a: 6421 str r1, [r4, #64] ; 0x40 + hspi->RxXferSize = 0U; + 800148c: f8a4 1044 strh.w r1, [r4, #68] ; 0x44 + SPI_1LINE_TX(hspi); + 8001490: bf08 it eq + 8001492: 6013 streq r3, [r2, #0] + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 8001494: 6aa3 ldr r3, [r4, #40] ; 0x28 + 8001496: f5b3 5f00 cmp.w r3, #8192 ; 0x2000 + 800149a: d107 bne.n 80014ac + SPI_RESET_CRC(hspi); + 800149c: 6813 ldr r3, [r2, #0] + 800149e: f423 5300 bic.w r3, r3, #8192 ; 0x2000 + 80014a2: 6013 str r3, [r2, #0] + 80014a4: 6813 ldr r3, [r2, #0] + 80014a6: f443 5300 orr.w r3, r3, #8192 ; 0x2000 + 80014aa: 6013 str r3, [r2, #0] + if ((hspi->Instance->CR1 & SPI_CR1_SPE) != SPI_CR1_SPE) + 80014ac: 6813 ldr r3, [r2, #0] + 80014ae: 0659 lsls r1, r3, #25 + __HAL_SPI_ENABLE(hspi); + 80014b0: bf5e ittt pl + 80014b2: 6813 ldrpl r3, [r2, #0] + 80014b4: f043 0340 orrpl.w r3, r3, #64 ; 0x40 + 80014b8: 6013 strpl r3, [r2, #0] + if ((hspi->Init.Mode == SPI_MODE_SLAVE) || (hspi->TxXferCount == 0x01U)) + 80014ba: 6863 ldr r3, [r4, #4] + 80014bc: b11b cbz r3, 80014c6 + 80014be: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 80014c0: b29b uxth r3, r3 + 80014c2: 2b01 cmp r3, #1 + 80014c4: d110 bne.n 80014e8 + if (hspi->TxXferCount > 1U) + 80014c6: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 80014c8: b29b uxth r3, r3 + 80014ca: 2b01 cmp r3, #1 + 80014cc: d905 bls.n 80014da + hspi->Instance->DR = *((uint16_t *)pData); + 80014ce: f835 3b02 ldrh.w r3, [r5], #2 + 80014d2: 60d3 str r3, [r2, #12] + hspi->TxXferCount -= 2U; + 80014d4: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 80014d6: 3b02 subs r3, #2 + 80014d8: e004 b.n 80014e4 + *((__IO uint8_t *)&hspi->Instance->DR) = (*pData++); + 80014da: f815 3b01 ldrb.w r3, [r5], #1 + 80014de: 7313 strb r3, [r2, #12] + hspi->TxXferCount--; + 80014e0: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 80014e2: 3b01 subs r3, #1 + 80014e4: b29b uxth r3, r3 + 80014e6: 87e3 strh r3, [r4, #62] ; 0x3e + while (hspi->TxXferCount > 0U) + 80014e8: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 80014ea: b29b uxth r3, r3 + 80014ec: b9e3 cbnz r3, 8001528 + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 80014ee: 6aa3 ldr r3, [r4, #40] ; 0x28 + 80014f0: f5b3 5f00 cmp.w r3, #8192 ; 0x2000 + SET_BIT(hspi->Instance->CR1, SPI_CR1_CRCNEXT); + 80014f4: bf01 itttt eq + 80014f6: 6822 ldreq r2, [r4, #0] + 80014f8: 6813 ldreq r3, [r2, #0] + 80014fa: f443 5380 orreq.w r3, r3, #4096 ; 0x1000 + 80014fe: 6013 streq r3, [r2, #0] + if (SPI_EndRxTxTransaction(hspi, Timeout, tickstart) != HAL_OK) + 8001500: 4620 mov r0, r4 + 8001502: f7ff ff1b bl 800133c + 8001506: b108 cbz r0, 800150c + hspi->ErrorCode = HAL_SPI_ERROR_FLAG; + 8001508: 2320 movs r3, #32 + 800150a: 6623 str r3, [r4, #96] ; 0x60 + if (hspi->Init.Direction == SPI_DIRECTION_2LINES) + 800150c: 68a3 ldr r3, [r4, #8] + 800150e: b933 cbnz r3, 800151e + __HAL_SPI_CLEAR_OVRFLAG(hspi); + 8001510: 9301 str r3, [sp, #4] + 8001512: 6823 ldr r3, [r4, #0] + 8001514: 68da ldr r2, [r3, #12] + 8001516: 9201 str r2, [sp, #4] + 8001518: 689b ldr r3, [r3, #8] + 800151a: 9301 str r3, [sp, #4] + 800151c: 9b01 ldr r3, [sp, #4] + if (hspi->ErrorCode != HAL_SPI_ERROR_NONE) + 800151e: 6e20 ldr r0, [r4, #96] ; 0x60 + errorcode = HAL_BUSY; + 8001520: 3800 subs r0, #0 + 8001522: bf18 it ne + 8001524: 2001 movne r0, #1 +error: + 8001526: e011 b.n 800154c + if (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_TXE)) + 8001528: 6823 ldr r3, [r4, #0] + 800152a: 689a ldr r2, [r3, #8] + 800152c: 0792 lsls r2, r2, #30 + 800152e: d50b bpl.n 8001548 + if (hspi->TxXferCount > 1U) + 8001530: 8fe2 ldrh r2, [r4, #62] ; 0x3e + 8001532: b292 uxth r2, r2 + 8001534: 2a01 cmp r2, #1 + 8001536: d903 bls.n 8001540 + hspi->Instance->DR = *((uint16_t *)pData); + 8001538: f835 2b02 ldrh.w r2, [r5], #2 + 800153c: 60da str r2, [r3, #12] + 800153e: e7c9 b.n 80014d4 + *((__IO uint8_t *)&hspi->Instance->DR) = (*pData++); + 8001540: f815 2b01 ldrb.w r2, [r5], #1 + 8001544: 731a strb r2, [r3, #12] + hspi->TxXferCount--; + 8001546: e7cb b.n 80014e0 + if ((Timeout == 0U) || ((Timeout != HAL_MAX_DELAY) && ((HAL_GetTick() - tickstart) >= Timeout))) + 8001548: b94e cbnz r6, 800155e + errorcode = HAL_TIMEOUT; + 800154a: 2003 movs r0, #3 + hspi->State = HAL_SPI_STATE_READY; + 800154c: 2301 movs r3, #1 + 800154e: f884 305d strb.w r3, [r4, #93] ; 0x5d + __HAL_UNLOCK(hspi); + 8001552: 2300 movs r3, #0 + 8001554: f884 305c strb.w r3, [r4, #92] ; 0x5c +} + 8001558: b002 add sp, #8 + 800155a: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + if ((Timeout == 0U) || ((Timeout != HAL_MAX_DELAY) && ((HAL_GetTick() - tickstart) >= Timeout))) + 800155e: 1c73 adds r3, r6, #1 + 8001560: d0c2 beq.n 80014e8 + 8001562: f005 fdad bl 80070c0 + 8001566: 1bc0 subs r0, r0, r7 + 8001568: 42b0 cmp r0, r6 + 800156a: d3bd bcc.n 80014e8 + 800156c: e7ed b.n 800154a + errorcode = HAL_BUSY; + 800156e: 2002 movs r0, #2 + 8001570: e7ec b.n 800154c + __HAL_LOCK(hspi); + 8001572: 2002 movs r0, #2 + 8001574: e7f0 b.n 8001558 + +08001576 : + * @param Timeout: Timeout duration + * @retval HAL status + */ +HAL_StatusTypeDef HAL_SPI_TransmitReceive(SPI_HandleTypeDef *hspi, uint8_t *pTxData, uint8_t *pRxData, uint16_t Size, + uint32_t Timeout) +{ + 8001576: e92d 43f7 stmdb sp!, {r0, r1, r2, r4, r5, r6, r7, r8, r9, lr} + 800157a: 461e mov r6, r3 + uint32_t tmp = 0U, tmp1 = 0U; +#if (USE_SPI_CRC != 0U) + __IO uint16_t tmpreg = 0U; + 800157c: 2300 movs r3, #0 + 800157e: f8ad 3006 strh.w r3, [sp, #6] + + /* Check Direction parameter */ + assert_param(IS_SPI_DIRECTION_2LINES(hspi->Init.Direction)); + + /* Process Locked */ + __HAL_LOCK(hspi); + 8001582: f890 305c ldrb.w r3, [r0, #92] ; 0x5c +{ + 8001586: f8dd 8028 ldr.w r8, [sp, #40] ; 0x28 + __HAL_LOCK(hspi); + 800158a: 2b01 cmp r3, #1 +{ + 800158c: 4604 mov r4, r0 + 800158e: 460d mov r5, r1 + 8001590: 4617 mov r7, r2 + __HAL_LOCK(hspi); + 8001592: f000 8124 beq.w 80017de + 8001596: 2301 movs r3, #1 + 8001598: f880 305c strb.w r3, [r0, #92] ; 0x5c + + /* Init tickstart for timeout management*/ + tickstart = HAL_GetTick(); + 800159c: f005 fd90 bl 80070c0 + + tmp = hspi->State; + 80015a0: f894 305d ldrb.w r3, [r4, #93] ; 0x5d + tmp1 = hspi->Init.Mode; + 80015a4: 6861 ldr r1, [r4, #4] + + if (!((tmp == HAL_SPI_STATE_READY) || \ + 80015a6: 2b01 cmp r3, #1 + tickstart = HAL_GetTick(); + 80015a8: 4681 mov r9, r0 + tmp = hspi->State; + 80015aa: b2da uxtb r2, r3 + if (!((tmp == HAL_SPI_STATE_READY) || \ + 80015ac: d00a beq.n 80015c4 + 80015ae: f5b1 7f82 cmp.w r1, #260 ; 0x104 + 80015b2: f040 8112 bne.w 80017da + ((tmp1 == SPI_MODE_MASTER) && (hspi->Init.Direction == SPI_DIRECTION_2LINES) && (tmp == HAL_SPI_STATE_BUSY_RX)))) + 80015b6: 68a3 ldr r3, [r4, #8] + 80015b8: 2b00 cmp r3, #0 + 80015ba: f040 810e bne.w 80017da + 80015be: 2a04 cmp r2, #4 + 80015c0: f040 810b bne.w 80017da + { + errorcode = HAL_BUSY; + goto error; + } + + if ((pTxData == NULL) || (pRxData == NULL) || (Size == 0U)) + 80015c4: b955 cbnz r5, 80015dc + { + errorcode = HAL_ERROR; + 80015c6: 2101 movs r1, #1 + { + errorcode = HAL_ERROR; + } + +error : + hspi->State = HAL_SPI_STATE_READY; + 80015c8: 2301 movs r3, #1 + 80015ca: f884 305d strb.w r3, [r4, #93] ; 0x5d + __HAL_UNLOCK(hspi); + 80015ce: 2300 movs r3, #0 + 80015d0: f884 305c strb.w r3, [r4, #92] ; 0x5c + return errorcode; +} + 80015d4: 4608 mov r0, r1 + 80015d6: b003 add sp, #12 + 80015d8: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + if ((pTxData == NULL) || (pRxData == NULL) || (Size == 0U)) + 80015dc: 2f00 cmp r7, #0 + 80015de: d0f2 beq.n 80015c6 + 80015e0: 2e00 cmp r6, #0 + 80015e2: d0f0 beq.n 80015c6 + if (hspi->State != HAL_SPI_STATE_BUSY_RX) + 80015e4: f894 305d ldrb.w r3, [r4, #93] ; 0x5d + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 80015e8: 6aa2 ldr r2, [r4, #40] ; 0x28 + hspi->pRxBuffPtr = (uint8_t *)pRxData; + 80015ea: 6427 str r7, [r4, #64] ; 0x40 + if (hspi->State != HAL_SPI_STATE_BUSY_RX) + 80015ec: 2b04 cmp r3, #4 + hspi->State = HAL_SPI_STATE_BUSY_TX_RX; + 80015ee: bf1c itt ne + 80015f0: 2305 movne r3, #5 + 80015f2: f884 305d strbne.w r3, [r4, #93] ; 0x5d + hspi->ErrorCode = HAL_SPI_ERROR_NONE; + 80015f6: 2300 movs r3, #0 + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 80015f8: f5b2 5f00 cmp.w r2, #8192 ; 0x2000 + hspi->ErrorCode = HAL_SPI_ERROR_NONE; + 80015fc: 6623 str r3, [r4, #96] ; 0x60 + hspi->TxISR = NULL; + 80015fe: e9c4 3313 strd r3, r3, [r4, #76] ; 0x4c + hspi->RxXferCount = Size; + 8001602: f8a4 6046 strh.w r6, [r4, #70] ; 0x46 + SPI_RESET_CRC(hspi); + 8001606: 6823 ldr r3, [r4, #0] + hspi->RxXferSize = Size; + 8001608: f8a4 6044 strh.w r6, [r4, #68] ; 0x44 + hspi->pTxBuffPtr = (uint8_t *)pTxData; + 800160c: 63a5 str r5, [r4, #56] ; 0x38 + hspi->TxXferCount = Size; + 800160e: 87e6 strh r6, [r4, #62] ; 0x3e + hspi->TxXferSize = Size; + 8001610: 87a6 strh r6, [r4, #60] ; 0x3c + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 8001612: d107 bne.n 8001624 + SPI_RESET_CRC(hspi); + 8001614: 681a ldr r2, [r3, #0] + 8001616: f422 5200 bic.w r2, r2, #8192 ; 0x2000 + 800161a: 601a str r2, [r3, #0] + 800161c: 681a ldr r2, [r3, #0] + 800161e: f442 5200 orr.w r2, r2, #8192 ; 0x2000 + 8001622: 601a str r2, [r3, #0] + if ((hspi->Init.DataSize > SPI_DATASIZE_8BIT) || (hspi->RxXferCount > 1U)) + 8001624: 68e2 ldr r2, [r4, #12] + 8001626: f5b2 6fe0 cmp.w r2, #1792 ; 0x700 + 800162a: d804 bhi.n 8001636 + 800162c: f8b4 2046 ldrh.w r2, [r4, #70] ; 0x46 + 8001630: b292 uxth r2, r2 + 8001632: 2a01 cmp r2, #1 + 8001634: d94e bls.n 80016d4 + CLEAR_BIT(hspi->Instance->CR2, SPI_RXFIFO_THRESHOLD); + 8001636: 685a ldr r2, [r3, #4] + 8001638: f422 5280 bic.w r2, r2, #4096 ; 0x1000 + SET_BIT(hspi->Instance->CR2, SPI_RXFIFO_THRESHOLD); + 800163c: 605a str r2, [r3, #4] + if ((hspi->Instance->CR1 & SPI_CR1_SPE) != SPI_CR1_SPE) + 800163e: 681a ldr r2, [r3, #0] + 8001640: 0650 lsls r0, r2, #25 + __HAL_SPI_ENABLE(hspi); + 8001642: bf5e ittt pl + 8001644: 681a ldrpl r2, [r3, #0] + 8001646: f042 0240 orrpl.w r2, r2, #64 ; 0x40 + 800164a: 601a strpl r2, [r3, #0] + if ((hspi->Init.Mode == SPI_MODE_SLAVE) || (hspi->TxXferCount == 0x01U)) + 800164c: b119 cbz r1, 8001656 + 800164e: 8fe2 ldrh r2, [r4, #62] ; 0x3e + 8001650: b292 uxth r2, r2 + 8001652: 2a01 cmp r2, #1 + 8001654: d10a bne.n 800166c + if (hspi->TxXferCount > 1U) + 8001656: 8fe2 ldrh r2, [r4, #62] ; 0x3e + 8001658: b292 uxth r2, r2 + 800165a: 2a01 cmp r2, #1 + 800165c: d93e bls.n 80016dc + hspi->Instance->DR = *((uint16_t *)pTxData); + 800165e: f835 2b02 ldrh.w r2, [r5], #2 + 8001662: 60da str r2, [r3, #12] + hspi->TxXferCount -= 2U; + 8001664: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 8001666: 3b02 subs r3, #2 + 8001668: b29b uxth r3, r3 + 800166a: 87e3 strh r3, [r4, #62] ; 0x3e + txallowed = 1U; + 800166c: 2601 movs r6, #1 + while ((hspi->TxXferCount > 0U) || (hspi->RxXferCount > 0U)) + 800166e: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 8001670: b29b uxth r3, r3 + 8001672: 2b00 cmp r3, #0 + 8001674: d138 bne.n 80016e8 + 8001676: f8b4 3046 ldrh.w r3, [r4, #70] ; 0x46 + 800167a: b29b uxth r3, r3 + 800167c: 2b00 cmp r3, #0 + 800167e: d133 bne.n 80016e8 + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 8001680: 6aa2 ldr r2, [r4, #40] ; 0x28 + if (txallowed && (hspi->TxXferCount > 0U) && (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_TXE))) + 8001682: 6823 ldr r3, [r4, #0] + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 8001684: f5b2 5f00 cmp.w r2, #8192 ; 0x2000 + 8001688: d10d bne.n 80016a6 + while ((__HAL_SPI_GET_FLAG(hspi, Flag) ? SET : RESET) != State) + 800168a: 689a ldr r2, [r3, #8] + 800168c: 07d1 lsls r1, r2, #31 + 800168e: d5fc bpl.n 800168a + if (hspi->Init.DataSize == SPI_DATASIZE_16BIT) + 8001690: 68e2 ldr r2, [r4, #12] + 8001692: f5b2 6f70 cmp.w r2, #3840 ; 0xf00 + 8001696: f040 8092 bne.w 80017be + tmpreg = hspi->Instance->DR; + 800169a: 68da ldr r2, [r3, #12] + 800169c: b292 uxth r2, r2 + tmpreg = *(__IO uint8_t *)&hspi->Instance->DR; + 800169e: f8ad 2006 strh.w r2, [sp, #6] + UNUSED(tmpreg); + 80016a2: f8bd 2006 ldrh.w r2, [sp, #6] + if (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_CRCERR)) + 80016a6: 6899 ldr r1, [r3, #8] + 80016a8: f011 0110 ands.w r1, r1, #16 + 80016ac: d007 beq.n 80016be + SET_BIT(hspi->ErrorCode, HAL_SPI_ERROR_CRC); + 80016ae: 6e22 ldr r2, [r4, #96] ; 0x60 + 80016b0: f042 0202 orr.w r2, r2, #2 + 80016b4: 6622 str r2, [r4, #96] ; 0x60 + __HAL_SPI_CLEAR_CRCERRFLAG(hspi); + 80016b6: f64f 72ef movw r2, #65519 ; 0xffef + 80016ba: 609a str r2, [r3, #8] + errorcode = HAL_ERROR; + 80016bc: 2101 movs r1, #1 + if (SPI_EndRxTxTransaction(hspi, Timeout, tickstart) != HAL_OK) + 80016be: 4620 mov r0, r4 + 80016c0: f7ff fe3c bl 800133c + 80016c4: b108 cbz r0, 80016ca + hspi->ErrorCode = HAL_SPI_ERROR_FLAG; + 80016c6: 2320 movs r3, #32 + 80016c8: 6623 str r3, [r4, #96] ; 0x60 + if (hspi->ErrorCode != HAL_SPI_ERROR_NONE) + 80016ca: 6e23 ldr r3, [r4, #96] ; 0x60 + 80016cc: 2b00 cmp r3, #0 + 80016ce: f47f af7a bne.w 80015c6 + 80016d2: e779 b.n 80015c8 + SET_BIT(hspi->Instance->CR2, SPI_RXFIFO_THRESHOLD); + 80016d4: 685a ldr r2, [r3, #4] + 80016d6: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 80016da: e7af b.n 800163c + *(__IO uint8_t *)&hspi->Instance->DR = (*pTxData++); + 80016dc: f815 2b01 ldrb.w r2, [r5], #1 + 80016e0: 731a strb r2, [r3, #12] + hspi->TxXferCount--; + 80016e2: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 80016e4: 3b01 subs r3, #1 + 80016e6: e7bf b.n 8001668 + if (txallowed && (hspi->TxXferCount > 0U) && (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_TXE))) + 80016e8: 2e00 cmp r6, #0 + 80016ea: d030 beq.n 800174e + 80016ec: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 80016ee: b29b uxth r3, r3 + 80016f0: 2b00 cmp r3, #0 + 80016f2: d02c beq.n 800174e + 80016f4: 6823 ldr r3, [r4, #0] + 80016f6: 689a ldr r2, [r3, #8] + 80016f8: 0792 lsls r2, r2, #30 + 80016fa: d528 bpl.n 800174e + if (hspi->TxXferCount > 1U) + 80016fc: 8fe2 ldrh r2, [r4, #62] ; 0x3e + 80016fe: b292 uxth r2, r2 + 8001700: 2a01 cmp r2, #1 + hspi->Instance->DR = *((uint16_t *)pTxData); + 8001702: bf8b itete hi + 8001704: f835 2b02 ldrhhi.w r2, [r5], #2 + *(__IO uint8_t *)&hspi->Instance->DR = (*pTxData++); + 8001708: f815 2b01 ldrbls.w r2, [r5], #1 + hspi->Instance->DR = *((uint16_t *)pTxData); + 800170c: 60da strhi r2, [r3, #12] + *(__IO uint8_t *)&hspi->Instance->DR = (*pTxData++); + 800170e: 731a strbls r2, [r3, #12] + hspi->TxXferCount -= 2U; + 8001710: bf8b itete hi + 8001712: 8fe3 ldrhhi r3, [r4, #62] ; 0x3e + hspi->TxXferCount--; + 8001714: 8fe3 ldrhls r3, [r4, #62] ; 0x3e + hspi->TxXferCount -= 2U; + 8001716: 3b02 subhi r3, #2 + hspi->TxXferCount--; + 8001718: f103 33ff addls.w r3, r3, #4294967295 ; 0xffffffff + 800171c: b29b uxth r3, r3 + 800171e: 87e3 strh r3, [r4, #62] ; 0x3e + if ((hspi->TxXferCount == 0U) && (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE)) + 8001720: 8fe6 ldrh r6, [r4, #62] ; 0x3e + 8001722: b2b6 uxth r6, r6 + 8001724: b996 cbnz r6, 800174c + 8001726: 6aa3 ldr r3, [r4, #40] ; 0x28 + 8001728: f5b3 5f00 cmp.w r3, #8192 ; 0x2000 + 800172c: d10f bne.n 800174e + if (((hspi->Instance->CR1 & SPI_CR1_MSTR) == 0U) && ((hspi->Instance->CR2 & SPI_CR2_NSSP) == SPI_CR2_NSSP)) + 800172e: 6823 ldr r3, [r4, #0] + 8001730: 681a ldr r2, [r3, #0] + 8001732: 0756 lsls r6, r2, #29 + 8001734: d406 bmi.n 8001744 + 8001736: 685a ldr r2, [r3, #4] + 8001738: 0710 lsls r0, r2, #28 + SET_BIT(hspi->Instance->CR1, SPI_CR1_SSM); + 800173a: bf42 ittt mi + 800173c: 681a ldrmi r2, [r3, #0] + 800173e: f442 7200 orrmi.w r2, r2, #512 ; 0x200 + 8001742: 601a strmi r2, [r3, #0] + SET_BIT(hspi->Instance->CR1, SPI_CR1_CRCNEXT); + 8001744: 681a ldr r2, [r3, #0] + 8001746: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 800174a: 601a str r2, [r3, #0] + txallowed = 0U; + 800174c: 2600 movs r6, #0 + if ((hspi->RxXferCount > 0U) && (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_RXNE))) + 800174e: f8b4 3046 ldrh.w r3, [r4, #70] ; 0x46 + 8001752: b29b uxth r3, r3 + 8001754: b1e3 cbz r3, 8001790 + 8001756: 6821 ldr r1, [r4, #0] + 8001758: 688b ldr r3, [r1, #8] + 800175a: f013 0301 ands.w r3, r3, #1 + 800175e: d017 beq.n 8001790 + if (hspi->RxXferCount > 1U) + 8001760: f8b4 2046 ldrh.w r2, [r4, #70] ; 0x46 + 8001764: b292 uxth r2, r2 + 8001766: 2a01 cmp r2, #1 + 8001768: d91f bls.n 80017aa + *((uint16_t *)pRxData) = hspi->Instance->DR; + 800176a: 68ca ldr r2, [r1, #12] + 800176c: f827 2b02 strh.w r2, [r7], #2 + hspi->RxXferCount -= 2U; + 8001770: f8b4 2046 ldrh.w r2, [r4, #70] ; 0x46 + 8001774: 3a02 subs r2, #2 + 8001776: b292 uxth r2, r2 + 8001778: f8a4 2046 strh.w r2, [r4, #70] ; 0x46 + if (hspi->RxXferCount <= 1U) + 800177c: f8b4 2046 ldrh.w r2, [r4, #70] ; 0x46 + 8001780: b292 uxth r2, r2 + 8001782: 2a01 cmp r2, #1 + 8001784: d803 bhi.n 800178e + SET_BIT(hspi->Instance->CR2, SPI_RXFIFO_THRESHOLD); + 8001786: 684a ldr r2, [r1, #4] + 8001788: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 800178c: 604a str r2, [r1, #4] + txallowed = 1U; + 800178e: 461e mov r6, r3 + if ((Timeout != HAL_MAX_DELAY) && ((HAL_GetTick() - tickstart) >= Timeout)) + 8001790: f1b8 3fff cmp.w r8, #4294967295 ; 0xffffffff + 8001794: f43f af6b beq.w 800166e + 8001798: f005 fc92 bl 80070c0 + 800179c: eba0 0009 sub.w r0, r0, r9 + 80017a0: 4540 cmp r0, r8 + 80017a2: f4ff af64 bcc.w 800166e + errorcode = HAL_TIMEOUT; + 80017a6: 2103 movs r1, #3 + 80017a8: e70e b.n 80015c8 + (*(uint8_t *)pRxData++) = *(__IO uint8_t *)&hspi->Instance->DR; + 80017aa: 7b0a ldrb r2, [r1, #12] + 80017ac: f807 2b01 strb.w r2, [r7], #1 + hspi->RxXferCount--; + 80017b0: f8b4 1046 ldrh.w r1, [r4, #70] ; 0x46 + 80017b4: 3901 subs r1, #1 + 80017b6: b289 uxth r1, r1 + 80017b8: f8a4 1046 strh.w r1, [r4, #70] ; 0x46 + 80017bc: e7e7 b.n 800178e + tmpreg = *(__IO uint8_t *)&hspi->Instance->DR; + 80017be: 7b1a ldrb r2, [r3, #12] + 80017c0: f8ad 2006 strh.w r2, [sp, #6] + UNUSED(tmpreg); + 80017c4: f8bd 2006 ldrh.w r2, [sp, #6] + if (hspi->Init.CRCLength == SPI_CRC_LENGTH_16BIT) + 80017c8: 6b22 ldr r2, [r4, #48] ; 0x30 + 80017ca: 2a02 cmp r2, #2 + 80017cc: f47f af6b bne.w 80016a6 + while ((__HAL_SPI_GET_FLAG(hspi, Flag) ? SET : RESET) != State) + 80017d0: 689a ldr r2, [r3, #8] + 80017d2: 07d2 lsls r2, r2, #31 + 80017d4: d5fc bpl.n 80017d0 + tmpreg = *(__IO uint8_t *)&hspi->Instance->DR; + 80017d6: 7b1a ldrb r2, [r3, #12] + 80017d8: e761 b.n 800169e + errorcode = HAL_BUSY; + 80017da: 2102 movs r1, #2 + 80017dc: e6f4 b.n 80015c8 + __HAL_LOCK(hspi); + 80017de: 2102 movs r1, #2 + 80017e0: e6f8 b.n 80015d4 + +080017e2 : +{ + 80017e2: e92d 41ff stmdb sp!, {r0, r1, r2, r3, r4, r5, r6, r7, r8, lr} + 80017e6: 461f mov r7, r3 + __IO uint16_t tmpreg = 0U; + 80017e8: 2300 movs r3, #0 + 80017ea: f8ad 300e strh.w r3, [sp, #14] + if ((hspi->Init.Mode == SPI_MODE_MASTER) && (hspi->Init.Direction == SPI_DIRECTION_2LINES)) + 80017ee: 6843 ldr r3, [r0, #4] + 80017f0: f5b3 7f82 cmp.w r3, #260 ; 0x104 +{ + 80017f4: 4604 mov r4, r0 + 80017f6: 460e mov r6, r1 + 80017f8: 4615 mov r5, r2 + if ((hspi->Init.Mode == SPI_MODE_MASTER) && (hspi->Init.Direction == SPI_DIRECTION_2LINES)) + 80017fa: d10c bne.n 8001816 + 80017fc: 6883 ldr r3, [r0, #8] + 80017fe: b953 cbnz r3, 8001816 + hspi->State = HAL_SPI_STATE_BUSY_RX; + 8001800: 2304 movs r3, #4 + 8001802: f880 305d strb.w r3, [r0, #93] ; 0x5d + return HAL_SPI_TransmitReceive(hspi, pData, pData, Size, Timeout); + 8001806: 4613 mov r3, r2 + 8001808: 9700 str r7, [sp, #0] + 800180a: 460a mov r2, r1 + 800180c: f7ff feb3 bl 8001576 +} + 8001810: b004 add sp, #16 + 8001812: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + __HAL_LOCK(hspi); + 8001816: f894 305c ldrb.w r3, [r4, #92] ; 0x5c + 800181a: 2b01 cmp r3, #1 + 800181c: f000 80dd beq.w 80019da + 8001820: 2301 movs r3, #1 + 8001822: f884 305c strb.w r3, [r4, #92] ; 0x5c + tickstart = HAL_GetTick(); + 8001826: f005 fc4b bl 80070c0 + if (hspi->State != HAL_SPI_STATE_READY) + 800182a: f894 305d ldrb.w r3, [r4, #93] ; 0x5d + 800182e: 2b01 cmp r3, #1 + tickstart = HAL_GetTick(); + 8001830: 4680 mov r8, r0 + if (hspi->State != HAL_SPI_STATE_READY) + 8001832: b2d8 uxtb r0, r3 + 8001834: f040 80cf bne.w 80019d6 + if ((pData == NULL) || (Size == 0U)) + 8001838: 2e00 cmp r6, #0 + 800183a: f000 8092 beq.w 8001962 + 800183e: 2d00 cmp r5, #0 + 8001840: f000 808f beq.w 8001962 + hspi->State = HAL_SPI_STATE_BUSY_RX; + 8001844: 2304 movs r3, #4 + 8001846: f884 305d strb.w r3, [r4, #93] ; 0x5d + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 800184a: 6aa3 ldr r3, [r4, #40] ; 0x28 + hspi->RxXferSize = Size; + 800184c: f8a4 5044 strh.w r5, [r4, #68] ; 0x44 + hspi->ErrorCode = HAL_SPI_ERROR_NONE; + 8001850: 2100 movs r1, #0 + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 8001852: f5b3 5f00 cmp.w r3, #8192 ; 0x2000 + hspi->ErrorCode = HAL_SPI_ERROR_NONE; + 8001856: 6621 str r1, [r4, #96] ; 0x60 + hspi->TxISR = NULL; + 8001858: e9c4 1113 strd r1, r1, [r4, #76] ; 0x4c + hspi->RxXferCount = Size; + 800185c: f8a4 5046 strh.w r5, [r4, #70] ; 0x46 + hspi->pRxBuffPtr = (uint8_t *)pData; + 8001860: 6426 str r6, [r4, #64] ; 0x40 + SPI_RESET_CRC(hspi); + 8001862: 6825 ldr r5, [r4, #0] + hspi->pTxBuffPtr = (uint8_t *)NULL; + 8001864: 63a1 str r1, [r4, #56] ; 0x38 + hspi->TxXferSize = 0U; + 8001866: 87a1 strh r1, [r4, #60] ; 0x3c + hspi->TxXferCount = 0U; + 8001868: 87e1 strh r1, [r4, #62] ; 0x3e + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 800186a: d10d bne.n 8001888 + SPI_RESET_CRC(hspi); + 800186c: 682b ldr r3, [r5, #0] + 800186e: f423 5300 bic.w r3, r3, #8192 ; 0x2000 + 8001872: 602b str r3, [r5, #0] + 8001874: 682b ldr r3, [r5, #0] + 8001876: f443 5300 orr.w r3, r3, #8192 ; 0x2000 + 800187a: 602b str r3, [r5, #0] + hspi->RxXferCount--; + 800187c: f8b4 3046 ldrh.w r3, [r4, #70] ; 0x46 + 8001880: 3b01 subs r3, #1 + 8001882: b29b uxth r3, r3 + 8001884: f8a4 3046 strh.w r3, [r4, #70] ; 0x46 + if (hspi->Init.DataSize > SPI_DATASIZE_8BIT) + 8001888: 68e3 ldr r3, [r4, #12] + 800188a: f5b3 6fe0 cmp.w r3, #1792 ; 0x700 + CLEAR_BIT(hspi->Instance->CR2, SPI_RXFIFO_THRESHOLD); + 800188e: 686b ldr r3, [r5, #4] + 8001890: bf8c ite hi + 8001892: f423 5380 bichi.w r3, r3, #4096 ; 0x1000 + SET_BIT(hspi->Instance->CR2, SPI_RXFIFO_THRESHOLD); + 8001896: f443 5380 orrls.w r3, r3, #4096 ; 0x1000 + 800189a: 606b str r3, [r5, #4] + if (hspi->Init.Direction == SPI_DIRECTION_1LINE) + 800189c: 68a3 ldr r3, [r4, #8] + 800189e: f5b3 4f00 cmp.w r3, #32768 ; 0x8000 + SPI_1LINE_RX(hspi); + 80018a2: bf02 ittt eq + 80018a4: 682b ldreq r3, [r5, #0] + 80018a6: f423 4380 biceq.w r3, r3, #16384 ; 0x4000 + 80018aa: 602b streq r3, [r5, #0] + if ((hspi->Instance->CR1 & SPI_CR1_SPE) != SPI_CR1_SPE) + 80018ac: 682b ldr r3, [r5, #0] + 80018ae: 0658 lsls r0, r3, #25 + 80018b0: d403 bmi.n 80018ba + __HAL_SPI_ENABLE(hspi); + 80018b2: 682b ldr r3, [r5, #0] + 80018b4: f043 0340 orr.w r3, r3, #64 ; 0x40 + 80018b8: 602b str r3, [r5, #0] + while (hspi->RxXferCount > 0U) + 80018ba: f8b4 3046 ldrh.w r3, [r4, #70] ; 0x46 + if (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_RXNE)) + 80018be: 6822 ldr r2, [r4, #0] + while (hspi->RxXferCount > 0U) + 80018c0: b29b uxth r3, r3 + 80018c2: 2b00 cmp r3, #0 + 80018c4: d13e bne.n 8001944 + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 80018c6: 6aa3 ldr r3, [r4, #40] ; 0x28 + 80018c8: f5b3 5f00 cmp.w r3, #8192 ; 0x2000 + 80018cc: d11c bne.n 8001908 + SET_BIT(hspi->Instance->CR1, SPI_CR1_CRCNEXT); + 80018ce: 6813 ldr r3, [r2, #0] + 80018d0: f443 5380 orr.w r3, r3, #4096 ; 0x1000 + 80018d4: 6013 str r3, [r2, #0] + while ((__HAL_SPI_GET_FLAG(hspi, Flag) ? SET : RESET) != State) + 80018d6: 6893 ldr r3, [r2, #8] + 80018d8: 07df lsls r7, r3, #31 + 80018da: d5fc bpl.n 80018d6 + if (hspi->Init.DataSize > SPI_DATASIZE_8BIT) + 80018dc: 68e3 ldr r3, [r4, #12] + 80018de: f5b3 6fe0 cmp.w r3, #1792 ; 0x700 + (*(uint8_t *)pData) = *(__IO uint8_t *)&hspi->Instance->DR; + 80018e2: bf95 itete ls + 80018e4: 7b13 ldrbls r3, [r2, #12] + *((uint16_t *)pData) = hspi->Instance->DR; + 80018e6: 68d3 ldrhi r3, [r2, #12] + (*(uint8_t *)pData) = *(__IO uint8_t *)&hspi->Instance->DR; + 80018e8: 7033 strbls r3, [r6, #0] + *((uint16_t *)pData) = hspi->Instance->DR; + 80018ea: 8033 strhhi r3, [r6, #0] + while ((__HAL_SPI_GET_FLAG(hspi, Flag) ? SET : RESET) != State) + 80018ec: 6823 ldr r3, [r4, #0] + 80018ee: 689a ldr r2, [r3, #8] + 80018f0: 07d6 lsls r6, r2, #31 + 80018f2: d5fc bpl.n 80018ee + if (hspi->Init.DataSize == SPI_DATASIZE_16BIT) + 80018f4: 68e1 ldr r1, [r4, #12] + 80018f6: f5b1 6f70 cmp.w r1, #3840 ; 0xf00 + 80018fa: d142 bne.n 8001982 + tmpreg = hspi->Instance->DR; + 80018fc: 68db ldr r3, [r3, #12] + 80018fe: b29b uxth r3, r3 + tmpreg = *(__IO uint8_t *)&hspi->Instance->DR; + 8001900: f8ad 300e strh.w r3, [sp, #14] + UNUSED(tmpreg); + 8001904: f8bd 300e ldrh.w r3, [sp, #14] + * @param Tickstart: tick start value + * @retval HAL status + */ +static HAL_StatusTypeDef SPI_EndRxTransaction(SPI_HandleTypeDef *hspi, uint32_t Timeout, uint32_t Tickstart) +{ + if ((hspi->Init.Mode == SPI_MODE_MASTER) && ((hspi->Init.Direction == SPI_DIRECTION_1LINE) + 8001908: 6861 ldr r1, [r4, #4] + 800190a: 6823 ldr r3, [r4, #0] + 800190c: f5b1 7f82 cmp.w r1, #260 ; 0x104 + 8001910: d10a bne.n 8001928 + 8001912: 68a2 ldr r2, [r4, #8] + 8001914: f5b2 4f00 cmp.w r2, #32768 ; 0x8000 + 8001918: d002 beq.n 8001920 + || (hspi->Init.Direction == SPI_DIRECTION_2LINES_RXONLY))) + 800191a: f5b2 6f80 cmp.w r2, #1024 ; 0x400 + 800191e: d103 bne.n 8001928 + { + /* Disable SPI peripheral */ + __HAL_SPI_DISABLE(hspi); + 8001920: 681a ldr r2, [r3, #0] + 8001922: f022 0240 bic.w r2, r2, #64 ; 0x40 + 8001926: 601a str r2, [r3, #0] + while ((__HAL_SPI_GET_FLAG(hspi, Flag) ? SET : RESET) != State) + 8001928: 689a ldr r2, [r3, #8] + 800192a: 0610 lsls r0, r2, #24 + 800192c: d4fc bmi.n 8001928 + { + SET_BIT(hspi->ErrorCode, HAL_SPI_ERROR_FLAG); + return HAL_TIMEOUT; + } + + if ((hspi->Init.Mode == SPI_MODE_MASTER) && ((hspi->Init.Direction == SPI_DIRECTION_1LINE) + 800192e: f5b1 7f82 cmp.w r1, #260 ; 0x104 + 8001932: d036 beq.n 80019a2 + if (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_CRCERR)) + 8001934: 689a ldr r2, [r3, #8] + 8001936: 06d2 lsls r2, r2, #27 + 8001938: d445 bmi.n 80019c6 + if (hspi->ErrorCode != HAL_SPI_ERROR_NONE) + 800193a: 6e20 ldr r0, [r4, #96] ; 0x60 + errorcode = HAL_BUSY; + 800193c: 3800 subs r0, #0 + 800193e: bf18 it ne + 8001940: 2001 movne r0, #1 +error : + 8001942: e00e b.n 8001962 + if (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_RXNE)) + 8001944: 6893 ldr r3, [r2, #8] + 8001946: 07d9 lsls r1, r3, #31 + 8001948: d509 bpl.n 800195e + (* (uint8_t *)pData) = *(__IO uint8_t *)&hspi->Instance->DR; + 800194a: 7b13 ldrb r3, [r2, #12] + 800194c: f806 3b01 strb.w r3, [r6], #1 + hspi->RxXferCount--; + 8001950: f8b4 3046 ldrh.w r3, [r4, #70] ; 0x46 + 8001954: 3b01 subs r3, #1 + 8001956: b29b uxth r3, r3 + 8001958: f8a4 3046 strh.w r3, [r4, #70] ; 0x46 + 800195c: e7ad b.n 80018ba + if ((Timeout == 0U) || ((Timeout != HAL_MAX_DELAY) && ((HAL_GetTick() - tickstart) >= Timeout))) + 800195e: b93f cbnz r7, 8001970 + errorcode = HAL_TIMEOUT; + 8001960: 2003 movs r0, #3 + hspi->State = HAL_SPI_STATE_READY; + 8001962: 2301 movs r3, #1 + 8001964: f884 305d strb.w r3, [r4, #93] ; 0x5d + __HAL_UNLOCK(hspi); + 8001968: 2300 movs r3, #0 + 800196a: f884 305c strb.w r3, [r4, #92] ; 0x5c + return errorcode; + 800196e: e74f b.n 8001810 + if ((Timeout == 0U) || ((Timeout != HAL_MAX_DELAY) && ((HAL_GetTick() - tickstart) >= Timeout))) + 8001970: 1c7b adds r3, r7, #1 + 8001972: d0a2 beq.n 80018ba + 8001974: f005 fba4 bl 80070c0 + 8001978: eba0 0008 sub.w r0, r0, r8 + 800197c: 42b8 cmp r0, r7 + 800197e: d39c bcc.n 80018ba + 8001980: e7ee b.n 8001960 + tmpreg = *(__IO uint8_t *)&hspi->Instance->DR; + 8001982: 7b1a ldrb r2, [r3, #12] + 8001984: f8ad 200e strh.w r2, [sp, #14] + if ((hspi->Init.DataSize == SPI_DATASIZE_8BIT) && (hspi->Init.CRCLength == SPI_CRC_LENGTH_16BIT)) + 8001988: f5b1 6fe0 cmp.w r1, #1792 ; 0x700 + UNUSED(tmpreg); + 800198c: f8bd 200e ldrh.w r2, [sp, #14] + if ((hspi->Init.DataSize == SPI_DATASIZE_8BIT) && (hspi->Init.CRCLength == SPI_CRC_LENGTH_16BIT)) + 8001990: d1ba bne.n 8001908 + 8001992: 6b22 ldr r2, [r4, #48] ; 0x30 + 8001994: 2a02 cmp r2, #2 + 8001996: d1b7 bne.n 8001908 + while ((__HAL_SPI_GET_FLAG(hspi, Flag) ? SET : RESET) != State) + 8001998: 689a ldr r2, [r3, #8] + 800199a: 07d5 lsls r5, r2, #31 + 800199c: d5fc bpl.n 8001998 + tmpreg = *(__IO uint8_t *)&hspi->Instance->DR; + 800199e: 7b1b ldrb r3, [r3, #12] + 80019a0: e7ae b.n 8001900 + if ((hspi->Init.Mode == SPI_MODE_MASTER) && ((hspi->Init.Direction == SPI_DIRECTION_1LINE) + 80019a2: 68a2 ldr r2, [r4, #8] + 80019a4: f5b2 4f00 cmp.w r2, #32768 ; 0x8000 + 80019a8: d002 beq.n 80019b0 + || (hspi->Init.Direction == SPI_DIRECTION_2LINES_RXONLY))) + 80019aa: f5b2 6f80 cmp.w r2, #1024 ; 0x400 + 80019ae: d1c1 bne.n 8001934 + while ((hspi->Instance->SR & Fifo) != State) + 80019b0: 689a ldr r2, [r3, #8] + 80019b2: f412 6fc0 tst.w r2, #1536 ; 0x600 + 80019b6: d0bd beq.n 8001934 + tmpreg = *((__IO uint8_t *)&hspi->Instance->DR); + 80019b8: 7b1a ldrb r2, [r3, #12] + 80019ba: b2d2 uxtb r2, r2 + 80019bc: f88d 200d strb.w r2, [sp, #13] + UNUSED(tmpreg); + 80019c0: f89d 200d ldrb.w r2, [sp, #13] + 80019c4: e7f4 b.n 80019b0 + SET_BIT(hspi->ErrorCode, HAL_SPI_ERROR_CRC); + 80019c6: 6e22 ldr r2, [r4, #96] ; 0x60 + 80019c8: f042 0202 orr.w r2, r2, #2 + 80019cc: 6622 str r2, [r4, #96] ; 0x60 + __HAL_SPI_CLEAR_CRCERRFLAG(hspi); + 80019ce: f64f 72ef movw r2, #65519 ; 0xffef + 80019d2: 609a str r2, [r3, #8] + 80019d4: e7b1 b.n 800193a + errorcode = HAL_BUSY; + 80019d6: 2002 movs r0, #2 + 80019d8: e7c3 b.n 8001962 + __HAL_LOCK(hspi); + 80019da: 2002 movs r0, #2 + 80019dc: e718 b.n 8001810 + ... + +080019e0 : + +// checksum_more() +// + static void +checksum_more(SHA256_CTX *ctx, uint32_t *total, const uint8_t *addr, int len) +{ + 80019e0: b5f8 push {r3, r4, r5, r6, r7, lr} + 80019e2: 460c mov r4, r1 + // mk4 has hardware hash engine, and no DFU button + int percent = ((*total) * 100) / TOTAL_CHECKSUM_LEN; + 80019e4: 6809 ldr r1, [r1, #0] +{ + 80019e6: 461d mov r5, r3 + int percent = ((*total) * 100) / TOTAL_CHECKSUM_LEN; + 80019e8: 2364 movs r3, #100 ; 0x64 +{ + 80019ea: 4617 mov r7, r2 + 80019ec: 4606 mov r6, r0 + int percent = ((*total) * 100) / TOTAL_CHECKSUM_LEN; + 80019ee: 4359 muls r1, r3 + puts2("Verify %0x"); + puthex2(percent); + putchar('\n'); +#endif + + oled_show_progress(screen_verify, percent); + 80019f0: 4807 ldr r0, [pc, #28] ; (8001a10 ) + 80019f2: 4b08 ldr r3, [pc, #32] ; (8001a14 ) + 80019f4: fbb1 f1f3 udiv r1, r1, r3 + 80019f8: f7ff fa56 bl 8000ea8 + + sha256_update(ctx, addr, len); + 80019fc: 462a mov r2, r5 + 80019fe: 4639 mov r1, r7 + 8001a00: 4630 mov r0, r6 + 8001a02: f003 fd3b bl 800547c + *total += len; + 8001a06: 6823 ldr r3, [r4, #0] + 8001a08: 442b add r3, r5 + 8001a0a: 6023 str r3, [r4, #0] +} + 8001a0c: bdf8 pop {r3, r4, r5, r6, r7, pc} + 8001a0e: bf00 nop + 8001a10: 0800e1b6 .word 0x0800e1b6 + 8001a14: 0018741c .word 0x0018741c + +08001a18 : + +// checksum_flash() +// + void +checksum_flash(uint8_t fw_digest[32], uint8_t world_digest[32], uint32_t fw_length) +{ + 8001a18: b570 push {r4, r5, r6, lr} + 8001a1a: b09c sub sp, #112 ; 0x70 + 8001a1c: 4606 mov r6, r0 + 8001a1e: 460d mov r5, r1 + 8001a20: 4614 mov r4, r2 + const uint8_t *start = (const uint8_t *)FIRMWARE_START; + + rng_delay(); + 8001a22: f000 fe9b bl 800275c + + SHA256_CTX ctx; + uint32_t total_len = 0; + 8001a26: 2300 movs r3, #0 + 8001a28: 9300 str r3, [sp, #0] + + if(fw_length == 0) { + 8001a2a: 2c00 cmp r4, #0 + 8001a2c: d15f bne.n 8001aee + uint8_t first[32]; + sha256_init(&ctx); + 8001a2e: a809 add r0, sp, #36 ; 0x24 + 8001a30: f003 fd16 bl 8005460 + + // use length from header in flash + fw_length = FW_HDR->firmware_length; + 8001a34: 4b36 ldr r3, [pc, #216] ; (8001b10 ) + + // start of firmware (just after we end) to header + checksum_more(&ctx, &total_len, start, FW_HEADER_OFFSET + FW_HEADER_SIZE - 64); + 8001a36: 4a37 ldr r2, [pc, #220] ; (8001b14 ) + fw_length = FW_HDR->firmware_length; + 8001a38: f8d3 4098 ldr.w r4, [r3, #152] ; 0x98 + checksum_more(&ctx, &total_len, start, FW_HEADER_OFFSET + FW_HEADER_SIZE - 64); + 8001a3c: 4669 mov r1, sp + 8001a3e: f44f 537f mov.w r3, #16320 ; 0x3fc0 + 8001a42: a809 add r0, sp, #36 ; 0x24 + 8001a44: f7ff ffcc bl 80019e0 + + // from after header to end + checksum_more(&ctx, &total_len, start + FW_HEADER_OFFSET + FW_HEADER_SIZE, + 8001a48: 4a33 ldr r2, [pc, #204] ; (8001b18 ) + 8001a4a: f5a4 4380 sub.w r3, r4, #16384 ; 0x4000 + 8001a4e: 4669 mov r1, sp + 8001a50: a809 add r0, sp, #36 ; 0x24 + 8001a52: f7ff ffc5 bl 80019e0 + fw_length - (FW_HEADER_OFFSET + FW_HEADER_SIZE)); + + sha256_final(&ctx, first); + 8001a56: a901 add r1, sp, #4 + 8001a58: a809 add r0, sp, #36 ; 0x24 + 8001a5a: f003 fd55 bl 8005508 + + // double SHA256 + sha256_single(first, sizeof(first), fw_digest); + 8001a5e: 4632 mov r2, r6 + 8001a60: 2120 movs r1, #32 + 8001a62: a801 add r0, sp, #4 + 8001a64: f003 fd64 bl 8005530 + // fw_digest should already be populated by caller + total_len = fw_length - 64; + } + + // start over, and get the rest of flash. All of it. + sha256_init(&ctx); + 8001a68: a809 add r0, sp, #36 ; 0x24 + 8001a6a: f003 fcf9 bl 8005460 + + // .. and chain in what we have so far + sha256_update(&ctx, fw_digest, 32); + 8001a6e: 2220 movs r2, #32 + 8001a70: 4631 mov r1, r6 + 8001a72: a809 add r0, sp, #36 ; 0x24 + 8001a74: f003 fd02 bl 800547c + + // bootloader, including pairing secret area. + const uint8_t *base = (const uint8_t *)BL_FLASH_BASE; + checksum_more(&ctx, &total_len, base, start-base); + 8001a78: f44f 3300 mov.w r3, #131072 ; 0x20000 + 8001a7c: f04f 6200 mov.w r2, #134217728 ; 0x8000000 + 8001a80: 4669 mov r1, sp + 8001a82: a809 add r0, sp, #36 ; 0x24 + 8001a84: f7ff ffac bl 80019e0 + + // probably-blank area after firmware, and filesystem area + const uint8_t *fs = start + fw_length; + const uint8_t *last = base + MAIN_FLASH_SIZE; + checksum_more(&ctx, &total_len, fs, last-fs); + 8001a88: f104 6200 add.w r2, r4, #134217728 ; 0x8000000 + 8001a8c: f5c4 13b0 rsb r3, r4, #1441792 ; 0x160000 + 8001a90: f502 3200 add.w r2, r2, #131072 ; 0x20000 + 8001a94: 4669 mov r1, sp + 8001a96: a809 add r0, sp, #36 ; 0x24 + 8001a98: f7ff ffa2 bl 80019e0 + + rng_delay(); + 8001a9c: f000 fe5e bl 800275c + + // OTP area + checksum_more(&ctx, &total_len, (void *)0x1fff7000, 0x400); + 8001aa0: 4a1e ldr r2, [pc, #120] ; (8001b1c ) + 8001aa2: f44f 6380 mov.w r3, #1024 ; 0x400 + 8001aa6: 4669 mov r1, sp + 8001aa8: a809 add r0, sp, #36 ; 0x24 + 8001aaa: f7ff ff99 bl 80019e0 + + // "just in case" ... the option bytes (2 banks) + checksum_more(&ctx, &total_len, (void *)0x1fff7800, 0x28); + 8001aae: 4a1c ldr r2, [pc, #112] ; (8001b20 ) + 8001ab0: 2328 movs r3, #40 ; 0x28 + 8001ab2: 4669 mov r1, sp + 8001ab4: a809 add r0, sp, #36 ; 0x24 + 8001ab6: f7ff ff93 bl 80019e0 + checksum_more(&ctx, &total_len, (void *)0x1ffff800, 0x28); + 8001aba: 4a1a ldr r2, [pc, #104] ; (8001b24 ) + 8001abc: 2328 movs r3, #40 ; 0x28 + 8001abe: 4669 mov r1, sp + 8001ac0: a809 add r0, sp, #36 ; 0x24 + 8001ac2: f7ff ff8d bl 80019e0 + + // System ROM (they say it can't change, but clearly + // implemented as flash cells) + checksum_more(&ctx, &total_len, (void *)0x1fff0000, 0x7000); + 8001ac6: 4a18 ldr r2, [pc, #96] ; (8001b28 ) + 8001ac8: f44f 43e0 mov.w r3, #28672 ; 0x7000 + 8001acc: 4669 mov r1, sp + 8001ace: a809 add r0, sp, #36 ; 0x24 + 8001ad0: f7ff ff86 bl 80019e0 + + // device serial number, just for kicks + checksum_more(&ctx, &total_len, (void *)0x1fff7590, 12); + 8001ad4: 4a15 ldr r2, [pc, #84] ; (8001b2c ) + 8001ad6: 230c movs r3, #12 + 8001ad8: 4669 mov r1, sp + 8001ada: a809 add r0, sp, #36 ; 0x24 + 8001adc: f7ff ff80 bl 80019e0 + + ASSERT(total_len == TOTAL_CHECKSUM_LEN); + 8001ae0: 4b13 ldr r3, [pc, #76] ; (8001b30 ) + 8001ae2: 9a00 ldr r2, [sp, #0] + 8001ae4: 429a cmp r2, r3 + 8001ae6: d006 beq.n 8001af6 + 8001ae8: 4812 ldr r0, [pc, #72] ; (8001b34 ) + 8001aea: f7fe ff9b bl 8000a24 + total_len = fw_length - 64; + 8001aee: f1a4 0340 sub.w r3, r4, #64 ; 0x40 + 8001af2: 9300 str r3, [sp, #0] + 8001af4: e7b8 b.n 8001a68 + + sha256_final(&ctx, world_digest); + 8001af6: 4629 mov r1, r5 + 8001af8: a809 add r0, sp, #36 ; 0x24 + 8001afa: f003 fd05 bl 8005508 + + // double SHA256 (a bitcoin fetish) + sha256_single(world_digest, 32, world_digest); + 8001afe: 462a mov r2, r5 + 8001b00: 2120 movs r1, #32 + 8001b02: 4628 mov r0, r5 + 8001b04: f003 fd14 bl 8005530 + + rng_delay(); + 8001b08: f000 fe28 bl 800275c +} + 8001b0c: b01c add sp, #112 ; 0x70 + 8001b0e: bd70 pop {r4, r5, r6, pc} + 8001b10: 08023f00 .word 0x08023f00 + 8001b14: 08020000 .word 0x08020000 + 8001b18: 08024000 .word 0x08024000 + 8001b1c: 1fff7000 .word 0x1fff7000 + 8001b20: 1fff7800 .word 0x1fff7800 + 8001b24: 1ffff800 .word 0x1ffff800 + 8001b28: 1fff0000 .word 0x1fff0000 + 8001b2c: 1fff7590 .word 0x1fff7590 + 8001b30: 0018741c .word 0x0018741c + 8001b34: 0800e354 .word 0x0800e354 + +08001b38 : +// Scan the OTP area and determine what the current min-version (timestamp) +// we can allow. All zeros if any if okay. +// + void +get_min_version(uint8_t min_version[8]) +{ + 8001b38: b570 push {r4, r5, r6, lr} + 8001b3a: 4604 mov r4, r0 + const uint8_t *otp = (const uint8_t *)OPT_FLASH_BASE; + 8001b3c: 4d0c ldr r5, [pc, #48] ; (8001b70 ) + + rng_delay(); + memset(min_version, 0, 8); + + for(int i=0; i) + rng_delay(); + 8001b40: f000 fe0c bl 800275c + memset(min_version, 0, 8); + 8001b44: 2300 movs r3, #0 + 8001b46: 6023 str r3, [r4, #0] + 8001b48: 6063 str r3, [r4, #4] + // is it programmed? + if(otp[0] == 0xff) continue; + + // is it a timestamp value? + if(otp[0] >= 0x40) continue; + if(otp[0] < 0x10) continue; + 8001b4a: 782b ldrb r3, [r5, #0] + 8001b4c: 3b10 subs r3, #16 + 8001b4e: 2b2f cmp r3, #47 ; 0x2f + 8001b50: d80a bhi.n 8001b68 + + if(memcmp(otp, min_version, 8) > 0) { + 8001b52: 4621 mov r1, r4 + 8001b54: 2208 movs r2, #8 + 8001b56: 4628 mov r0, r5 + 8001b58: f00b fd22 bl 800d5a0 + 8001b5c: 2800 cmp r0, #0 + memcpy(min_version, otp, 8); + 8001b5e: bfc1 itttt gt + 8001b60: 462b movgt r3, r5 + 8001b62: cb03 ldmiagt r3!, {r0, r1} + 8001b64: 6020 strgt r0, [r4, #0] + 8001b66: 6061 strgt r1, [r4, #4] + for(int i=0; i + } + } +} + 8001b6e: bd70 pop {r4, r5, r6, pc} + 8001b70: 1fff7000 .word 0x1fff7000 + 8001b74: 1fff7400 .word 0x1fff7400 + +08001b78 : + +// check_is_downgrade() +// + bool +check_is_downgrade(const uint8_t timestamp[8], const char *version) +{ + 8001b78: b513 push {r0, r1, r4, lr} + 8001b7a: 4604 mov r4, r0 + if(version) { + 8001b7c: b129 cbz r1, 8001b8a + int major = (version[1] == '.') ? (version[0]-'0') : 10; + 8001b7e: 784b ldrb r3, [r1, #1] + 8001b80: 2b2e cmp r3, #46 ; 0x2e + 8001b82: d102 bne.n 8001b8a + if(major < 3) { + 8001b84: 780b ldrb r3, [r1, #0] + 8001b86: 2b32 cmp r3, #50 ; 0x32 + 8001b88: d90a bls.n 8001ba0 + } + } + + // look at FW_HDR->timestamp and compare to a growing list in main flash OTP + uint8_t min[8]; + get_min_version(min); + 8001b8a: 4668 mov r0, sp + 8001b8c: f7ff ffd4 bl 8001b38 + + return (memcmp(timestamp, min, 8) < 0); + 8001b90: 2208 movs r2, #8 + 8001b92: 4669 mov r1, sp + 8001b94: 4620 mov r0, r4 + 8001b96: f00b fd03 bl 800d5a0 + 8001b9a: 0fc0 lsrs r0, r0, #31 +} + 8001b9c: b002 add sp, #8 + 8001b9e: bd10 pop {r4, pc} + return true; + 8001ba0: 2001 movs r0, #1 + 8001ba2: e7fb b.n 8001b9c + +08001ba4 : + +// warn_fishy_firmware() +// + void +warn_fishy_firmware(const uint8_t *pixels) +{ + 8001ba4: b538 push {r3, r4, r5, lr} + 8001ba6: 4605 mov r5, r0 + const int wait = 100; +#else + const int wait = 10; +#endif + + for(int i=0; i < wait; i++) { + 8001ba8: 2400 movs r4, #0 + oled_show_progress(pixels, (i*100)/wait); + 8001baa: 4621 mov r1, r4 + 8001bac: 4628 mov r0, r5 + 8001bae: f7ff f97b bl 8000ea8 + for(int i=0; i < wait; i++) { + 8001bb2: 3401 adds r4, #1 + + delay_ms(250); + 8001bb4: 20fa movs r0, #250 ; 0xfa + 8001bb6: f001 fe8f bl 80038d8 + for(int i=0; i < wait; i++) { + 8001bba: 2c64 cmp r4, #100 ; 0x64 + 8001bbc: d1f5 bne.n 8001baa + } +} + 8001bbe: bd38 pop {r3, r4, r5, pc} + +08001bc0 : + +// verify_header() +// + bool +verify_header(const coldcardFirmwareHeader_t *hdr) +{ + 8001bc0: b510 push {r4, lr} + 8001bc2: 4604 mov r4, r0 + rng_delay(); + 8001bc4: f000 fdca bl 800275c + + if(hdr->magic_value != FW_HEADER_MAGIC) goto fail; + 8001bc8: 6822 ldr r2, [r4, #0] + 8001bca: 4b0b ldr r3, [pc, #44] ; (8001bf8 ) + 8001bcc: 429a cmp r2, r3 + 8001bce: d110 bne.n 8001bf2 + if(hdr->version_string[0] == 0x0) goto fail; + 8001bd0: 7b20 ldrb r0, [r4, #12] + 8001bd2: b168 cbz r0, 8001bf0 + if(hdr->timestamp[0] >= 0x40) goto fail; // 22 yr product lifetime + 8001bd4: 7923 ldrb r3, [r4, #4] + 8001bd6: 2b3f cmp r3, #63 ; 0x3f + 8001bd8: d80b bhi.n 8001bf2 + if(hdr->firmware_length < FW_MIN_LENGTH) goto fail; + 8001bda: 69a3 ldr r3, [r4, #24] + 8001bdc: f5a3 2380 sub.w r3, r3, #262144 ; 0x40000 + 8001be0: f5b3 1fd0 cmp.w r3, #1703936 ; 0x1a0000 + 8001be4: d205 bcs.n 8001bf2 + if(hdr->firmware_length >= FW_MAX_LENGTH_MK4) goto fail; + if(hdr->pubkey_num >= NUM_KNOWN_PUBKEYS) goto fail; + 8001be6: 6960 ldr r0, [r4, #20] + 8001be8: 2805 cmp r0, #5 + 8001bea: bf8c ite hi + 8001bec: 2000 movhi r0, #0 + 8001bee: 2001 movls r0, #1 + + return true; +fail: + return false; +} + 8001bf0: bd10 pop {r4, pc} + return false; + 8001bf2: 2000 movs r0, #0 + 8001bf4: e7fc b.n 8001bf0 + 8001bf6: bf00 nop + 8001bf8: cc001234 .word 0xcc001234 + +08001bfc : +// +// Given double-sha256 over the firmware bytes, check the signature. +// + bool +verify_signature(const coldcardFirmwareHeader_t *hdr, const uint8_t fw_check[32]) +{ + 8001bfc: b530 push {r4, r5, lr} + // this takes a few ms at least, not fast. + int ok = uECC_verify(approved_pubkeys[hdr->pubkey_num], fw_check, 32, + 8001bfe: 6943 ldr r3, [r0, #20] + 8001c00: 4d0b ldr r5, [pc, #44] ; (8001c30 ) +{ + 8001c02: b085 sub sp, #20 + int ok = uECC_verify(approved_pubkeys[hdr->pubkey_num], fw_check, 32, + 8001c04: eb05 1583 add.w r5, r5, r3, lsl #6 +{ + 8001c08: 4604 mov r4, r0 + 8001c0a: 9103 str r1, [sp, #12] + int ok = uECC_verify(approved_pubkeys[hdr->pubkey_num], fw_check, 32, + 8001c0c: f004 fe54 bl 80068b8 + 8001c10: f104 0340 add.w r3, r4, #64 ; 0x40 + 8001c14: 9903 ldr r1, [sp, #12] + 8001c16: 9000 str r0, [sp, #0] + 8001c18: 2220 movs r2, #32 + 8001c1a: 4628 mov r0, r5 + 8001c1c: f005 f8d3 bl 8006dc6 + 8001c20: 4604 mov r4, r0 + hdr->signature, uECC_secp256k1()); + + //puts(ok ? "Sig ok" : "Sig fail"); + rng_delay(); + 8001c22: f000 fd9b bl 800275c + + return ok; +} + 8001c26: 1e20 subs r0, r4, #0 + 8001c28: bf18 it ne + 8001c2a: 2001 movne r0, #1 + 8001c2c: b005 add sp, #20 + 8001c2e: bd30 pop {r4, r5, pc} + 8001c30: 0800e3ce .word 0x0800e3ce + +08001c34 : +// Check hdr, and even signature of protential new firmware in PSRAM. +// Returns checksum needed for 608 +// + bool +verify_firmware_in_ram(const uint8_t *start, uint32_t len, uint8_t world_check[32]) +{ + 8001c34: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + const coldcardFirmwareHeader_t *hdr = (const coldcardFirmwareHeader_t *) + 8001c38: f500 567e add.w r6, r0, #16256 ; 0x3f80 +{ + 8001c3c: b09c sub sp, #112 ; 0x70 + 8001c3e: 4605 mov r5, r0 + (start + FW_HEADER_OFFSET); + uint8_t fw_digest[32]; + + // check basics like verison, hw compat, etc + if(!verify_header(hdr)) goto fail; + 8001c40: 4630 mov r0, r6 +{ + 8001c42: 4617 mov r7, r2 + if(!verify_header(hdr)) goto fail; + 8001c44: f7ff ffbc bl 8001bc0 + 8001c48: 4604 mov r4, r0 + 8001c4a: b150 cbz r0, 8001c62 + + if(check_is_downgrade(hdr->timestamp, (const char *)hdr->version_string)) { + 8001c4c: f106 010c add.w r1, r6, #12 + 8001c50: 1d30 adds r0, r6, #4 + 8001c52: f7ff ff91 bl 8001b78 + 8001c56: 4604 mov r4, r0 + 8001c58: b138 cbz r0, 8001c6a + puts("downgrade"); + 8001c5a: 481e ldr r0, [pc, #120] ; (8001cd4 ) + 8001c5c: f003 f874 bl 8004d48 + + checksum_flash(fw_digest, world_check, hdr->firmware_length); + + return true; +fail: + return false; + 8001c60: 2400 movs r4, #0 +} + 8001c62: 4620 mov r0, r4 + 8001c64: b01c add sp, #112 ; 0x70 + 8001c66: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + rng_delay(); + 8001c6a: f000 fd77 bl 800275c + hdr->firmware_length - (FW_HEADER_OFFSET + FW_HEADER_SIZE)); + 8001c6e: f505 5840 add.w r8, r5, #12288 ; 0x3000 + sha256_init(&ctx); + 8001c72: a809 add r0, sp, #36 ; 0x24 + uint32_t total_len = 0; + 8001c74: 9400 str r4, [sp, #0] + sha256_init(&ctx); + 8001c76: f003 fbf3 bl 8005460 + checksum_more(&ctx, &total_len, start, FW_HEADER_OFFSET + FW_HEADER_SIZE - 64); + 8001c7a: f44f 537f mov.w r3, #16320 ; 0x3fc0 + 8001c7e: 462a mov r2, r5 + 8001c80: 4669 mov r1, sp + 8001c82: a809 add r0, sp, #36 ; 0x24 + 8001c84: f7ff feac bl 80019e0 + hdr->firmware_length - (FW_HEADER_OFFSET + FW_HEADER_SIZE)); + 8001c88: f8d8 3f98 ldr.w r3, [r8, #3992] ; 0xf98 + checksum_more(&ctx, &total_len, start + FW_HEADER_OFFSET + FW_HEADER_SIZE, + 8001c8c: f505 4280 add.w r2, r5, #16384 ; 0x4000 + 8001c90: f5a3 4380 sub.w r3, r3, #16384 ; 0x4000 + 8001c94: 4669 mov r1, sp + 8001c96: a809 add r0, sp, #36 ; 0x24 + 8001c98: f7ff fea2 bl 80019e0 + sha256_final(&ctx, fw_digest); + 8001c9c: a901 add r1, sp, #4 + 8001c9e: a809 add r0, sp, #36 ; 0x24 + 8001ca0: f003 fc32 bl 8005508 + sha256_single(fw_digest, 32, fw_digest); + 8001ca4: aa01 add r2, sp, #4 + 8001ca6: 4610 mov r0, r2 + 8001ca8: 2120 movs r1, #32 + 8001caa: f003 fc41 bl 8005530 + rng_delay(); + 8001cae: f000 fd55 bl 800275c + if(!verify_signature(hdr, fw_digest)) { + 8001cb2: a901 add r1, sp, #4 + 8001cb4: 4630 mov r0, r6 + 8001cb6: f7ff ffa1 bl 8001bfc + 8001cba: 4604 mov r4, r0 + 8001cbc: b918 cbnz r0, 8001cc6 + puts("sig fail"); + 8001cbe: 4806 ldr r0, [pc, #24] ; (8001cd8 ) + 8001cc0: f003 f842 bl 8004d48 + goto fail; + 8001cc4: e7cd b.n 8001c62 + checksum_flash(fw_digest, world_check, hdr->firmware_length); + 8001cc6: f8d8 2f98 ldr.w r2, [r8, #3992] ; 0xf98 + 8001cca: 4639 mov r1, r7 + 8001ccc: a801 add r0, sp, #4 + 8001cce: f7ff fea3 bl 8001a18 + return true; + 8001cd2: e7c6 b.n 8001c62 + 8001cd4: 0800e35b .word 0x0800e35b + 8001cd8: 0800e365 .word 0x0800e365 + +08001cdc : +// - don't set the light at this point. +// - requires bootloader to have been unchanged since world_check recorded (debug issue) +// + bool +verify_world_checksum(const uint8_t world_check[32]) +{ + 8001cdc: b507 push {r0, r1, r2, lr} + 8001cde: 9001 str r0, [sp, #4] + ae_setup(); + 8001ce0: f000 fe60 bl 80029a4 + ae_pair_unlock(); + 8001ce4: f001 f854 bl 8002d90 + + return (ae_checkmac_hard(KEYNUM_firmware, world_check) == 0); + 8001ce8: 9901 ldr r1, [sp, #4] + 8001cea: 200e movs r0, #14 + 8001cec: f001 f9de bl 80030ac +} + 8001cf0: fab0 f080 clz r0, r0 + 8001cf4: 0940 lsrs r0, r0, #5 + 8001cf6: b003 add sp, #12 + 8001cf8: f85d fb04 ldr.w pc, [sp], #4 + +08001cfc : + +// verify_firmware() +// + bool +verify_firmware(void) +{ + 8001cfc: b570 push {r4, r5, r6, lr} + STATIC_ASSERT(sizeof(coldcardFirmwareHeader_t) == FW_HEADER_SIZE); + + rng_delay(); + + // watch for unprogrammed header. and some + if(FW_HDR->version_string[0] == 0xff) goto blank; + 8001cfe: 4e2a ldr r6, [pc, #168] ; (8001da8 ) +{ + 8001d00: b090 sub sp, #64 ; 0x40 + rng_delay(); + 8001d02: f000 fd2b bl 800275c + if(FW_HDR->version_string[0] == 0xff) goto blank; + 8001d06: f896 308c ldrb.w r3, [r6, #140] ; 0x8c + 8001d0a: 2bff cmp r3, #255 ; 0xff + 8001d0c: d107 bne.n 8001d1e + puts("corrupt firmware"); + oled_show(screen_corrupt); + return false; + +blank: + puts("no firmware"); + 8001d0e: 4827 ldr r0, [pc, #156] ; (8001dac ) + puts("corrupt firmware"); + 8001d10: f003 f81a bl 8004d48 + oled_show(screen_corrupt); + 8001d14: 4826 ldr r0, [pc, #152] ; (8001db0 ) + 8001d16: f7ff f885 bl 8000e24 + return false; + 8001d1a: 2400 movs r4, #0 + 8001d1c: e030 b.n 8001d80 + if(!verify_header(FW_HDR)) goto fail; + 8001d1e: 4825 ldr r0, [pc, #148] ; (8001db4 ) + 8001d20: f7ff ff4e bl 8001bc0 + 8001d24: 2800 cmp r0, #0 + 8001d26: d03c beq.n 8001da2 + rng_delay(); + 8001d28: f000 fd18 bl 800275c + checksum_flash(fw_check, world_check, 0); + 8001d2c: 2200 movs r2, #0 + 8001d2e: a908 add r1, sp, #32 + 8001d30: 4668 mov r0, sp + 8001d32: f7ff fe71 bl 8001a18 + rng_delay(); + 8001d36: f000 fd11 bl 800275c + if(!verify_signature(FW_HDR, fw_check)) goto fail; + 8001d3a: 481e ldr r0, [pc, #120] ; (8001db4 ) + 8001d3c: 4669 mov r1, sp + 8001d3e: f7ff ff5d bl 8001bfc + 8001d42: 4604 mov r4, r0 + 8001d44: b368 cbz r0, 8001da2 + int not_green = ae_set_gpio_secure(world_check); + 8001d46: a808 add r0, sp, #32 + 8001d48: f001 fbc4 bl 80034d4 + 8001d4c: 4605 mov r5, r0 + rng_delay(); + 8001d4e: f000 fd05 bl 800275c + rng_delay(); + 8001d52: f000 fd03 bl 800275c + return ((FLASH->OPTR & FLASH_OPTR_RDP_Msk) == 0xCC); + 8001d56: 4b18 ldr r3, [pc, #96] ; (8001db8 ) + 8001d58: 6a1b ldr r3, [r3, #32] + 8001d5a: b2db uxtb r3, r3 + if(!flash_is_security_level2() && not_green) { + 8001d5c: 2bcc cmp r3, #204 ; 0xcc + 8001d5e: d008 beq.n 8001d72 + 8001d60: b18d cbz r5, 8001d86 + oled_show_progress(screen_verify, 100); + 8001d62: 4816 ldr r0, [pc, #88] ; (8001dbc ) + 8001d64: 2164 movs r1, #100 ; 0x64 + 8001d66: f7ff f89f bl 8000ea8 + puts("Factory boot"); + 8001d6a: 4815 ldr r0, [pc, #84] ; (8001dc0 ) + puts("Good firmware"); + 8001d6c: f002 ffec bl 8004d48 + 8001d70: e006 b.n 8001d80 + } else if(not_green) { + 8001d72: b145 cbz r5, 8001d86 + puts("WARN: Red light"); + 8001d74: 4813 ldr r0, [pc, #76] ; (8001dc4 ) + 8001d76: f002 ffe7 bl 8004d48 + warn_fishy_firmware(screen_red_light); + 8001d7a: 4813 ldr r0, [pc, #76] ; (8001dc8 ) + warn_fishy_firmware(screen_devmode); + 8001d7c: f7ff ff12 bl 8001ba4 + oled_show(screen_corrupt); + + return false; +} + 8001d80: 4620 mov r0, r4 + 8001d82: b010 add sp, #64 ; 0x40 + 8001d84: bd70 pop {r4, r5, r6, pc} + } else if(FW_HDR->pubkey_num == 0) { + 8001d86: f8d6 3094 ldr.w r3, [r6, #148] ; 0x94 + 8001d8a: b923 cbnz r3, 8001d96 + puts("WARN: Unsigned firmware"); + 8001d8c: 480f ldr r0, [pc, #60] ; (8001dcc ) + 8001d8e: f002 ffdb bl 8004d48 + warn_fishy_firmware(screen_devmode); + 8001d92: 480f ldr r0, [pc, #60] ; (8001dd0 ) + 8001d94: e7f2 b.n 8001d7c + oled_show_progress(screen_verify, 100); + 8001d96: 4809 ldr r0, [pc, #36] ; (8001dbc ) + 8001d98: 2164 movs r1, #100 ; 0x64 + 8001d9a: f7ff f885 bl 8000ea8 + puts("Good firmware"); + 8001d9e: 480d ldr r0, [pc, #52] ; (8001dd4 ) + 8001da0: e7e4 b.n 8001d6c + puts("corrupt firmware"); + 8001da2: 480d ldr r0, [pc, #52] ; (8001dd8 ) + 8001da4: e7b4 b.n 8001d10 + 8001da6: bf00 nop + 8001da8: 08023f00 .word 0x08023f00 + 8001dac: 0800e36e .word 0x0800e36e + 8001db0: 0800d7e9 .word 0x0800d7e9 + 8001db4: 08023f80 .word 0x08023f80 + 8001db8: 40022000 .word 0x40022000 + 8001dbc: 0800e1b6 .word 0x0800e1b6 + 8001dc0: 0800e37a .word 0x0800e37a + 8001dc4: 0800e387 .word 0x0800e387 + 8001dc8: 0800dce6 .word 0x0800dce6 + 8001dcc: 0800e397 .word 0x0800e397 + 8001dd0: 0800d8a6 .word 0x0800d8a6 + 8001dd4: 0800e3af .word 0x0800e3af + 8001dd8: 0800e3bd .word 0x0800e3bd + +08001ddc : + void +systick_setup(void) +{ + const uint32_t ticks = HCLK_FREQUENCY/1000; + + SysTick->LOAD = (ticks - 1); + 8001ddc: f04f 23e0 mov.w r3, #3758153728 ; 0xe000e000 + 8001de0: 4a03 ldr r2, [pc, #12] ; (8001df0 ) + 8001de2: 615a str r2, [r3, #20] + SysTick->VAL = 0; + 8001de4: 2200 movs r2, #0 + 8001de6: 619a str r2, [r3, #24] + SysTick->CTRL = SYSTICK_CLKSOURCE_HCLK | SysTick_CTRL_ENABLE_Msk; + 8001de8: 2205 movs r2, #5 + 8001dea: 611a str r2, [r3, #16] +} + 8001dec: 4770 bx lr + 8001dee: bf00 nop + 8001df0: 0001d4bf .word 0x0001d4bf + +08001df4 : + SCB->VTOR = VECT_TAB_BASE_ADDRESS | VECT_TAB_OFFSET; +#endif + + /* FPU settings ------------------------------------------------------------*/ +#if (__FPU_PRESENT == 1) && (__FPU_USED == 1) + SCB->CPACR |= ((3UL << 20U)|(3UL << 22U)); /* set CP10 and CP11 Full Access */ + 8001df4: 4a0e ldr r2, [pc, #56] ; (8001e30 ) + 8001df6: f8d2 3088 ldr.w r3, [r2, #136] ; 0x88 + 8001dfa: f443 0370 orr.w r3, r3, #15728640 ; 0xf00000 + 8001dfe: f8c2 3088 str.w r3, [r2, #136] ; 0x88 +#endif + + /* Reset the RCC clock configuration to the default reset state ------------*/ + /* Set MSION bit */ + RCC->CR |= RCC_CR_MSION; + 8001e02: 4b0c ldr r3, [pc, #48] ; (8001e34 ) + 8001e04: 681a ldr r2, [r3, #0] + + /* Reset CFGR register */ + RCC->CFGR = 0x00000000U; + 8001e06: 2100 movs r1, #0 + RCC->CR |= RCC_CR_MSION; + 8001e08: f042 0201 orr.w r2, r2, #1 + 8001e0c: 601a str r2, [r3, #0] + RCC->CFGR = 0x00000000U; + 8001e0e: 6099 str r1, [r3, #8] + + /* Reset HSEON, CSSON , HSION, and PLLON bits */ + RCC->CR &= 0xEAF6FFFFU; + 8001e10: 681a ldr r2, [r3, #0] + 8001e12: f022 52a8 bic.w r2, r2, #352321536 ; 0x15000000 + 8001e16: f422 2210 bic.w r2, r2, #589824 ; 0x90000 + 8001e1a: 601a str r2, [r3, #0] + + /* Reset PLLCFGR register */ + RCC->PLLCFGR = 0x00001000U; + 8001e1c: f44f 5280 mov.w r2, #4096 ; 0x1000 + 8001e20: 60da str r2, [r3, #12] + + /* Reset HSEBYP bit */ + RCC->CR &= 0xFFFBFFFFU; + 8001e22: 681a ldr r2, [r3, #0] + 8001e24: f422 2280 bic.w r2, r2, #262144 ; 0x40000 + 8001e28: 601a str r2, [r3, #0] + + /* Disable all interrupts */ + RCC->CIER = 0x00000000U; + 8001e2a: 6199 str r1, [r3, #24] +} + 8001e2c: 4770 bx lr + 8001e2e: bf00 nop + 8001e30: e000ed00 .word 0xe000ed00 + 8001e34: 40021000 .word 0x40021000 + +08001e38 : + +// clocks_setup() +// + void +clocks_setup(void) +{ + 8001e38: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + + // setup power supplies + HAL_PWREx_ControlVoltageScaling(PWR_REGULATOR_VOLTAGE_SCALE1_BOOST); + + // Configure LSE Drive Capability + __HAL_RCC_LSEDRIVE_CONFIG(RCC_LSEDRIVE_LOW); + 8001e3c: 4c41 ldr r4, [pc, #260] ; (8001f44 ) +{ + 8001e3e: b0c1 sub sp, #260 ; 0x104 + HAL_PWREx_ControlVoltageScaling(PWR_REGULATOR_VOLTAGE_SCALE1_BOOST); + 8001e40: 2000 movs r0, #0 + 8001e42: f005 f953 bl 80070ec + __HAL_RCC_LSEDRIVE_CONFIG(RCC_LSEDRIVE_LOW); + 8001e46: f8d4 3090 ldr.w r3, [r4, #144] ; 0x90 + 8001e4a: f023 0318 bic.w r3, r3, #24 + 8001e4e: f8c4 3090 str.w r3, [r4, #144] ; 0x90 + + // Enable HSE Oscillator and activate PLL with HSE as source + RCC_OscInitStruct.OscillatorType = RCC_OSCILLATORTYPE_HSE; + + RCC_OscInitStruct.HSEState = RCC_HSE_ON; + 8001e52: 2201 movs r2, #1 + 8001e54: f44f 3380 mov.w r3, #65536 ; 0x10000 + 8001e58: e9cd 230a strd r2, r3, [sp, #40] ; 0x28 + RCC_OscInitStruct.LSEState = RCC_LSE_OFF; + RCC_OscInitStruct.MSIState = RCC_MSI_OFF; + + RCC_OscInitStruct.PLL.PLLSource = RCC_PLLSOURCE_HSE; + RCC_OscInitStruct.PLL.PLLState = RCC_PLL_ON; + 8001e5c: 2703 movs r7, #3 + + // Select PLL as system clock source and configure + // the HCLK, PCLK1 and PCLK2 clocks dividers + RCC_ClkInitStruct.ClockType = (RCC_CLOCKTYPE_SYSCLK | RCC_CLOCKTYPE_HCLK + 8001e5e: 230f movs r3, #15 + RCC_OscInitStruct.LSEState = RCC_LSE_OFF; + 8001e60: 2500 movs r5, #0 + RCC_OscInitStruct.PLL.PLLState = RCC_PLL_ON; + 8001e62: 2602 movs r6, #2 + | RCC_CLOCKTYPE_PCLK1 | RCC_CLOCKTYPE_PCLK2); + RCC_ClkInitStruct.SYSCLKSource = RCC_SYSCLKSOURCE_PLLCLK; + 8001e64: e9cd 3705 strd r3, r7, [sp, #20] + + RCC_OscInitStruct.PLL.PLLM = CKCC_CLK_PLLM; + RCC_OscInitStruct.PLL.PLLN = CKCC_CLK_PLLN; + RCC_OscInitStruct.PLL.PLLP = CKCC_CLK_PLLP; + 8001e68: f04f 0807 mov.w r8, #7 + 8001e6c: 233c movs r3, #60 ; 0x3c + RCC_OscInitStruct.PLL.PLLQ = CKCC_CLK_PLLQ; + 8001e6e: f04f 0905 mov.w r9, #5 + + RCC_ClkInitStruct.AHBCLKDivider = RCC_SYSCLK_DIV1; + RCC_ClkInitStruct.APB1CLKDivider = RCC_HCLK_DIV1; + RCC_ClkInitStruct.APB2CLKDivider = RCC_HCLK_DIV1; + + HAL_RCC_OscConfig(&RCC_OscInitStruct); + 8001e72: a80a add r0, sp, #40 ; 0x28 + RCC_OscInitStruct.PLL.PLLP = CKCC_CLK_PLLP; + 8001e74: e9cd 3817 strd r3, r8, [sp, #92] ; 0x5c + RCC_OscInitStruct.PLL.PLLState = RCC_PLL_ON; + 8001e78: e9cd 6714 strd r6, r7, [sp, #80] ; 0x50 + RCC_OscInitStruct.PLL.PLLR = CKCC_CLK_PLLR; + 8001e7c: e9cd 9619 strd r9, r6, [sp, #100] ; 0x64 + RCC_ClkInitStruct.APB1CLKDivider = RCC_HCLK_DIV1; + 8001e80: e9cd 5507 strd r5, r5, [sp, #28] + RCC_OscInitStruct.LSEState = RCC_LSE_OFF; + 8001e84: 950c str r5, [sp, #48] ; 0x30 + RCC_OscInitStruct.MSIState = RCC_MSI_OFF; + 8001e86: 9510 str r5, [sp, #64] ; 0x40 + RCC_OscInitStruct.PLL.PLLM = CKCC_CLK_PLLM; + 8001e88: 9616 str r6, [sp, #88] ; 0x58 + RCC_ClkInitStruct.APB2CLKDivider = RCC_HCLK_DIV1; + 8001e8a: 9509 str r5, [sp, #36] ; 0x24 + HAL_RCC_OscConfig(&RCC_OscInitStruct); + 8001e8c: f006 fcba bl 8008804 + + HAL_RCC_ClockConfig(&RCC_ClkInitStruct, FLASH_LATENCY_5); + 8001e90: 4649 mov r1, r9 + 8001e92: a805 add r0, sp, #20 + 8001e94: f006 ff64 bl 8008d60 + + // DIS-able MSI-Hardware auto calibration mode with LSE + CLEAR_BIT(RCC->CR, RCC_CR_MSIPLLEN); + 8001e98: 6823 ldr r3, [r4, #0] + 8001e9a: f023 0304 bic.w r3, r3, #4 + 8001e9e: 6023 str r3, [r4, #0] + + RCC_PeriphCLKInitTypeDef PeriphClkInitStruct; + PeriphClkInitStruct.PeriphClockSelection = RCC_PERIPHCLK_SAI1|RCC_PERIPHCLK_I2C2 + 8001ea0: 4b29 ldr r3, [pc, #164] ; (8001f48 ) + 8001ea2: 931b str r3, [sp, #108] ; 0x6c + + // PLLSAI is used to clock USB, ADC, I2C1 and RNG. The frequency is + // HSE(8MHz)/PLLM(2)*PLLSAI1N(24)/PLLSAIQ(2) = 48MHz. + // + PeriphClkInitStruct.Sai1ClockSelection = RCC_SAI1CLKSOURCE_PLLSAI1; + PeriphClkInitStruct.AdcClockSelection = RCC_ADCCLKSOURCE_PLLSAI1; + 8001ea4: f04f 5380 mov.w r3, #268435456 ; 0x10000000 + 8001ea8: 933b str r3, [sp, #236] ; 0xec + PeriphClkInitStruct.UsbClockSelection = RCC_USBCLKSOURCE_PLLSAI1; + 8001eaa: f04f 6380 mov.w r3, #67108864 ; 0x4000000 + 8001eae: 9338 str r3, [sp, #224] ; 0xe0 + PeriphClkInitStruct.RTCClockSelection = RCC_RTCCLKSOURCE_HSE_DIV32; // but unused + PeriphClkInitStruct.RngClockSelection = RCC_RNGCLKSOURCE_PLLSAI1; + 8001eb0: 933a str r3, [sp, #232] ; 0xe8 + + PeriphClkInitStruct.PLLSAI1.PLLSAI1Source = RCC_PLLSOURCE_HSE; + PeriphClkInitStruct.PLLSAI1.PLLSAI1M = 2; + PeriphClkInitStruct.PLLSAI1.PLLSAI1N = 24; + 8001eb2: 2318 movs r3, #24 + PeriphClkInitStruct.RTCClockSelection = RCC_RTCCLKSOURCE_HSE_DIV32; // but unused + 8001eb4: f44f 7240 mov.w r2, #768 ; 0x300 + PeriphClkInitStruct.PLLSAI1.PLLSAI1P = RCC_PLLP_DIV7; + 8001eb8: e9cd 381e strd r3, r8, [sp, #120] ; 0x78 + PeriphClkInitStruct.PLLSAI1.PLLSAI1R = RCC_PLLR_DIV2; + PeriphClkInitStruct.PLLSAI1.PLLSAI1ClockOut = RCC_PLLSAI1_SAI1CLK + |RCC_PLLSAI1_48M2CLK + |RCC_PLLSAI1_ADC1CLK; + + HAL_RCCEx_PeriphCLKConfig(&PeriphClkInitStruct); + 8001ebc: a81b add r0, sp, #108 ; 0x6c + PeriphClkInitStruct.PLLSAI1.PLLSAI1ClockOut = RCC_PLLSAI1_SAI1CLK + 8001ebe: 4b23 ldr r3, [pc, #140] ; (8001f4c ) + PeriphClkInitStruct.RTCClockSelection = RCC_RTCCLKSOURCE_HSE_DIV32; // but unused + 8001ec0: 923f str r2, [sp, #252] ; 0xfc + PeriphClkInitStruct.PLLSAI1.PLLSAI1ClockOut = RCC_PLLSAI1_SAI1CLK + 8001ec2: 9322 str r3, [sp, #136] ; 0x88 + PeriphClkInitStruct.PLLSAI1.PLLSAI1M = 2; + 8001ec4: e9cd 761c strd r7, r6, [sp, #112] ; 0x70 + PeriphClkInitStruct.PLLSAI1.PLLSAI1R = RCC_PLLR_DIV2; + 8001ec8: e9cd 6620 strd r6, r6, [sp, #128] ; 0x80 + PeriphClkInitStruct.I2c2ClockSelection = RCC_I2C2CLKSOURCE_PCLK1; + 8001ecc: 9531 str r5, [sp, #196] ; 0xc4 + PeriphClkInitStruct.Sai1ClockSelection = RCC_SAI1CLKSOURCE_PLLSAI1; + 8001ece: 9536 str r5, [sp, #216] ; 0xd8 + HAL_RCCEx_PeriphCLKConfig(&PeriphClkInitStruct); + 8001ed0: f007 fa6a bl 80093a8 + + __HAL_RCC_RTC_ENABLE(); + 8001ed4: f8d4 3090 ldr.w r3, [r4, #144] ; 0x90 + 8001ed8: f443 4300 orr.w r3, r3, #32768 ; 0x8000 + 8001edc: f8c4 3090 str.w r3, [r4, #144] ; 0x90 + __HAL_RCC_HASH_CLK_ENABLE(); // for SHA256 + 8001ee0: 6ce3 ldr r3, [r4, #76] ; 0x4c + 8001ee2: f443 3300 orr.w r3, r3, #131072 ; 0x20000 + 8001ee6: 64e3 str r3, [r4, #76] ; 0x4c + 8001ee8: 6ce3 ldr r3, [r4, #76] ; 0x4c + 8001eea: f403 3300 and.w r3, r3, #131072 ; 0x20000 + 8001eee: 9301 str r3, [sp, #4] + 8001ef0: 9b01 ldr r3, [sp, #4] + __HAL_RCC_SPI1_CLK_ENABLE(); // for OLED + 8001ef2: 6e23 ldr r3, [r4, #96] ; 0x60 + 8001ef4: f443 5380 orr.w r3, r3, #4096 ; 0x1000 + 8001ef8: 6623 str r3, [r4, #96] ; 0x60 + 8001efa: 6e23 ldr r3, [r4, #96] ; 0x60 + 8001efc: f403 5380 and.w r3, r3, #4096 ; 0x1000 + 8001f00: 9302 str r3, [sp, #8] + 8001f02: 9b02 ldr r3, [sp, #8] + //__HAL_RCC_SPI2_CLK_ENABLE(); // for SPI flash + __HAL_RCC_DMAMUX1_CLK_ENABLE(); // (need this) because code missing in mpy? + 8001f04: 6ca3 ldr r3, [r4, #72] ; 0x48 + 8001f06: f043 0304 orr.w r3, r3, #4 + 8001f0a: 64a3 str r3, [r4, #72] ; 0x48 + 8001f0c: 6ca3 ldr r3, [r4, #72] ; 0x48 + 8001f0e: f003 0304 and.w r3, r3, #4 + 8001f12: 9303 str r3, [sp, #12] + 8001f14: 9b03 ldr r3, [sp, #12] + + // for SE2 + __HAL_RCC_I2C2_CLK_ENABLE(); + 8001f16: 6da3 ldr r3, [r4, #88] ; 0x58 + 8001f18: f443 0380 orr.w r3, r3, #4194304 ; 0x400000 + 8001f1c: 65a3 str r3, [r4, #88] ; 0x58 + 8001f1e: 6da3 ldr r3, [r4, #88] ; 0x58 + 8001f20: f403 0380 and.w r3, r3, #4194304 ; 0x400000 + 8001f24: 9304 str r3, [sp, #16] + 8001f26: 9b04 ldr r3, [sp, #16] + __HAL_RCC_I2C2_FORCE_RESET(); + 8001f28: 6ba3 ldr r3, [r4, #56] ; 0x38 + 8001f2a: f443 0380 orr.w r3, r3, #4194304 ; 0x400000 + 8001f2e: 63a3 str r3, [r4, #56] ; 0x38 + __HAL_RCC_I2C2_RELEASE_RESET(); + 8001f30: 6ba3 ldr r3, [r4, #56] ; 0x38 + 8001f32: f423 0380 bic.w r3, r3, #4194304 ; 0x400000 + 8001f36: 63a3 str r3, [r4, #56] ; 0x38 + + // setup SYSTICK, but we don't have the irq hooked up and not using HAL + // but we use it in polling mode for delay_ms() + systick_setup(); + 8001f38: f7ff ff50 bl 8001ddc + +} + 8001f3c: b041 add sp, #260 ; 0x104 + 8001f3e: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + 8001f42: bf00 nop + 8001f44: 40021000 .word 0x40021000 + 8001f48: 00066880 .word 0x00066880 + 8001f4c: 01110000 .word 0x01110000 + +08001f50 : + } else { + + // write changes to OB flash bytes + + // Set OPTSTRT bit + SET_BIT(FLASH->CR, FLASH_CR_OPTSTRT); + 8001f50: 4b13 ldr r3, [pc, #76] ; (8001fa0 ) + 8001f52: 695a ldr r2, [r3, #20] + 8001f54: f442 3200 orr.w r2, r2, #131072 ; 0x20000 + 8001f58: 615a str r2, [r3, #20] + while(__HAL_FLASH_GET_FLAG(FLASH_FLAG_BSY)) { + 8001f5a: 691a ldr r2, [r3, #16] + 8001f5c: 03d2 lsls r2, r2, #15 + 8001f5e: d4fc bmi.n 8001f5a + uint32_t error = (FLASH->SR & FLASH_FLAG_SR_ERRORS); + 8001f60: 6919 ldr r1, [r3, #16] + if(error) { + 8001f62: 4a10 ldr r2, [pc, #64] ; (8001fa4 ) + 8001f64: 4211 tst r1, r2 + 8001f66: d104 bne.n 8001f72 + if (__HAL_FLASH_GET_FLAG(FLASH_FLAG_EOP)) { + 8001f68: 691a ldr r2, [r3, #16] + 8001f6a: 07d0 lsls r0, r2, #31 + __HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP); + 8001f6c: bf44 itt mi + 8001f6e: 2201 movmi r2, #1 + 8001f70: 611a strmi r2, [r3, #16] + + /// Wait for update to complete + _flash_wait_done(); + + // lock OB again. + SET_BIT(FLASH->CR, FLASH_CR_OPTLOCK); + 8001f72: 4b0b ldr r3, [pc, #44] ; (8001fa0 ) + 8001f74: 695a ldr r2, [r3, #20] + 8001f76: f042 4280 orr.w r2, r2, #1073741824 ; 0x40000000 + 8001f7a: 615a str r2, [r3, #20] + + // include "launch" to make them take effect NOW + SET_BIT(FLASH->CR, FLASH_CR_OBL_LAUNCH); + 8001f7c: 695a ldr r2, [r3, #20] + 8001f7e: f042 6200 orr.w r2, r2, #134217728 ; 0x8000000 + 8001f82: 615a str r2, [r3, #20] + while(__HAL_FLASH_GET_FLAG(FLASH_FLAG_BSY)) { + 8001f84: 691a ldr r2, [r3, #16] + 8001f86: 03d1 lsls r1, r2, #15 + 8001f88: d4fc bmi.n 8001f84 + uint32_t error = (FLASH->SR & FLASH_FLAG_SR_ERRORS); + 8001f8a: 6919 ldr r1, [r3, #16] + if(error) { + 8001f8c: 4a05 ldr r2, [pc, #20] ; (8001fa4 ) + 8001f8e: 4211 tst r1, r2 + 8001f90: d104 bne.n 8001f9c + if (__HAL_FLASH_GET_FLAG(FLASH_FLAG_EOP)) { + 8001f92: 691a ldr r2, [r3, #16] + 8001f94: 07d2 lsls r2, r2, #31 + __HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP); + 8001f96: bf44 itt mi + 8001f98: 2201 movmi r2, #1 + 8001f9a: 611a strmi r2, [r3, #16] + + _flash_wait_done(); + } +} + 8001f9c: 4770 bx lr + 8001f9e: bf00 nop + 8001fa0: 40022000 .word 0x40022000 + 8001fa4: 0002c3fa .word 0x0002c3fa + +08001fa8 : +{ + 8001fa8: b507 push {r0, r1, r2, lr} + memcpy(&_srelocate, &_etext, ((uint32_t)&_erelocate)-(uint32_t)&_srelocate); + 8001faa: 4809 ldr r0, [pc, #36] ; (8001fd0 ) + 8001fac: 4a09 ldr r2, [pc, #36] ; (8001fd4 ) + 8001fae: 490a ldr r1, [pc, #40] ; (8001fd8 ) + 8001fb0: 1a12 subs r2, r2, r0 + 8001fb2: f00b fb05 bl 800d5c0 + __HAL_RCC_FLASH_CLK_ENABLE(); + 8001fb6: 4b09 ldr r3, [pc, #36] ; (8001fdc ) + 8001fb8: 6c9a ldr r2, [r3, #72] ; 0x48 + 8001fba: f442 7280 orr.w r2, r2, #256 ; 0x100 + 8001fbe: 649a str r2, [r3, #72] ; 0x48 + 8001fc0: 6c9b ldr r3, [r3, #72] ; 0x48 + 8001fc2: f403 7380 and.w r3, r3, #256 ; 0x100 + 8001fc6: 9301 str r3, [sp, #4] + 8001fc8: 9b01 ldr r3, [sp, #4] +} + 8001fca: b003 add sp, #12 + 8001fcc: f85d fb04 ldr.w pc, [sp], #4 + 8001fd0: 2009e000 .word 0x2009e000 + 8001fd4: 2009e150 .word 0x2009e150 + 8001fd8: 0800e9bc .word 0x0800e9bc + 8001fdc: 40021000 .word 0x40021000 + +08001fe0 : + SET_BIT(FLASH->CR, FLASH_CR_LOCK); + 8001fe0: 4a02 ldr r2, [pc, #8] ; (8001fec ) + 8001fe2: 6953 ldr r3, [r2, #20] + 8001fe4: f043 4300 orr.w r3, r3, #2147483648 ; 0x80000000 + 8001fe8: 6153 str r3, [r2, #20] +} + 8001fea: 4770 bx lr + 8001fec: 40022000 .word 0x40022000 + +08001ff0 : +{ + 8001ff0: b508 push {r3, lr} + if(READ_BIT(FLASH->CR, FLASH_CR_LOCK)) { + 8001ff2: 4b08 ldr r3, [pc, #32] ; (8002014 ) + 8001ff4: 695a ldr r2, [r3, #20] + 8001ff6: 2a00 cmp r2, #0 + 8001ff8: da0a bge.n 8002010 + WRITE_REG(FLASH->KEYR, FLASH_KEY1); + 8001ffa: 4a07 ldr r2, [pc, #28] ; (8002018 ) + 8001ffc: 609a str r2, [r3, #8] + WRITE_REG(FLASH->KEYR, FLASH_KEY2); + 8001ffe: f102 3288 add.w r2, r2, #2290649224 ; 0x88888888 + 8002002: 609a str r2, [r3, #8] + if(READ_BIT(FLASH->CR, FLASH_CR_LOCK)) { + 8002004: 695b ldr r3, [r3, #20] + 8002006: 2b00 cmp r3, #0 + 8002008: da02 bge.n 8002010 + INCONSISTENT("failed to unlock"); + 800200a: 4804 ldr r0, [pc, #16] ; (800201c ) + 800200c: f7fe fd0a bl 8000a24 +} + 8002010: bd08 pop {r3, pc} + 8002012: bf00 nop + 8002014: 40022000 .word 0x40022000 + 8002018: 45670123 .word 0x45670123 + 800201c: 0800d688 .word 0x0800d688 + +08002020 : +{ + 8002020: b510 push {r4, lr} + if(!lock) { + 8002022: b980 cbnz r0, 8002046 + if(READ_BIT(FLASH->CR, FLASH_CR_OPTLOCK)) { + 8002024: 4c0a ldr r4, [pc, #40] ; (8002050 ) + 8002026: 6963 ldr r3, [r4, #20] + 8002028: 005a lsls r2, r3, #1 + 800202a: d510 bpl.n 800204e + flash_unlock(); + 800202c: f7ff ffe0 bl 8001ff0 + WRITE_REG(FLASH->OPTKEYR, FLASH_OPTKEY1); + 8002030: 4b08 ldr r3, [pc, #32] ; (8002054 ) + 8002032: 60e3 str r3, [r4, #12] + WRITE_REG(FLASH->OPTKEYR, FLASH_OPTKEY2); + 8002034: f103 3344 add.w r3, r3, #1145324612 ; 0x44444444 + 8002038: 60e3 str r3, [r4, #12] + if(READ_BIT(FLASH->CR, FLASH_CR_OPTLOCK)) { + 800203a: 6963 ldr r3, [r4, #20] + 800203c: 005b lsls r3, r3, #1 + 800203e: d506 bpl.n 800204e + INCONSISTENT("failed to OB unlock"); + 8002040: 4805 ldr r0, [pc, #20] ; (8002058 ) + 8002042: f7fe fcef bl 8000a24 +} + 8002046: e8bd 4010 ldmia.w sp!, {r4, lr} + 800204a: f7ff bf81 b.w 8001f50 + 800204e: bd10 pop {r4, pc} + 8002050: 40022000 .word 0x40022000 + 8002054: 08192a3b .word 0x08192a3b + 8002058: 0800d688 .word 0x0800d688 + +0800205c : + +// pick_pairing_secret() +// + static void +pick_pairing_secret(void) +{ + 800205c: b570 push {r4, r5, r6, lr} + 800205e: f5ad 6d85 sub.w sp, sp, #1064 ; 0x428 + // important the RNG works here. ok to call setup multiple times. + rng_setup(); + 8002062: f000 fb39 bl 80026d8 + 8002066: 24c8 movs r4, #200 ; 0xc8 + + // Demo to anyone watching that the RNG is working, but likely only + // to be seen by production team during initial powerup. + uint8_t tmp[1024]; + for(int i=0; i<200; i++) { + rng_buffer(tmp, sizeof(tmp)); + 8002068: f44f 6180 mov.w r1, #1024 ; 0x400 + 800206c: a80a add r0, sp, #40 ; 0x28 + 800206e: f000 fb5f bl 8002730 + + oled_show_raw(sizeof(tmp), (void *)tmp); + 8002072: a90a add r1, sp, #40 ; 0x28 + 8002074: f44f 6080 mov.w r0, #1024 ; 0x400 + 8002078: f7fe fea8 bl 8000dcc + for(int i=0; i<200; i++) { + 800207c: 3c01 subs r4, #1 + 800207e: d1f3 bne.n 8002068 + } + + oled_factory_busy(); + 8002080: f7fe ff92 bl 8000fa8 + + // .. but don't use those numbers, because those are semi-public now. + uint32_t secret[8]; + for(int i=0; i<8; i++) { + 8002084: ad02 add r5, sp, #8 + oled_factory_busy(); + 8002086: 462e mov r6, r5 + secret[i] = rng_sample(); + 8002088: f000 fb14 bl 80026b4 + for(int i=0; i<8; i++) { + 800208c: 3401 adds r4, #1 + 800208e: 2c08 cmp r4, #8 + secret[i] = rng_sample(); + 8002090: f846 0b04 str.w r0, [r6], #4 + for(int i=0; i<8; i++) { + 8002094: d1f8 bne.n 8002088 + } + + // enforce policy that first word is not all ones (so it never + // looks like unprogrammed flash). + while(secret[0] == ~0) { + 8002096: 682b ldr r3, [r5, #0] + 8002098: 3301 adds r3, #1 + 800209a: d00c beq.n 80020b6 + + // Write pairing secret into flash + { + uint32_t dest = (uint32_t)&rom_secrets->pairing_secret; + + flash_unlock(); + 800209c: f7ff ffa8 bl 8001ff0 + uint32_t dest = (uint32_t)&rom_secrets->pairing_secret; + 80020a0: 4c16 ldr r4, [pc, #88] ; (80020fc ) + for(int i=0; i<8; i+=2, dest += 8) { + 80020a2: 4e17 ldr r6, [pc, #92] ; (8002100 ) + uint64_t val = (((uint64_t)secret[i]) << 32) | secret[i+1]; + + if(flash_burn(dest, val)) { + 80020a4: e9d5 3200 ldrd r3, r2, [r5] + 80020a8: 4620 mov r0, r4 + 80020aa: f00b fae5 bl 800d678 <__flash_burn_veneer> + 80020ae: b130 cbz r0, 80020be + INCONSISTENT("flash fail"); + 80020b0: 4814 ldr r0, [pc, #80] ; (8002104 ) + 80020b2: f7fe fcb7 bl 8000a24 + secret[0] = rng_sample(); + 80020b6: f000 fafd bl 80026b4 + 80020ba: 6028 str r0, [r5, #0] + 80020bc: e7eb b.n 8002096 + for(int i=0; i<8; i+=2, dest += 8) { + 80020be: 3408 adds r4, #8 + 80020c0: 42b4 cmp r4, r6 + 80020c2: f105 0508 add.w r5, r5, #8 + 80020c6: d1ed bne.n 80020a4 + } + } + flash_lock(); + 80020c8: f7ff ff8a bl 8001fe0 + + sizeof(rom_secrets->mcu_hmac_key); + + STATIC_ASSERT(offsetof(rom_secrets_t, hash_cache_secret) % 8 == 0); + STATIC_ASSERT(blen % 8 == 0); + + flash_unlock(); + 80020cc: f7ff ff90 bl 8001ff0 + uint32_t dest = (uint32_t)&rom_secrets->hash_cache_secret; + 80020d0: 4c0d ldr r4, [pc, #52] ; (8002108 ) + for(int i=0; i) + uint64_t val = ((uint64_t)rng_sample() << 32) | rng_sample(); + 80020d4: f000 faee bl 80026b4 + 80020d8: 9001 str r0, [sp, #4] + 80020da: f000 faeb bl 80026b4 + + if(flash_burn(dest, val)) { + 80020de: 9b01 ldr r3, [sp, #4] + uint64_t val = ((uint64_t)rng_sample() << 32) | rng_sample(); + 80020e0: 4602 mov r2, r0 + if(flash_burn(dest, val)) { + 80020e2: 4620 mov r0, r4 + 80020e4: f00b fac8 bl 800d678 <__flash_burn_veneer> + 80020e8: 2800 cmp r0, #0 + 80020ea: d1e1 bne.n 80020b0 + for(int i=0; i + INCONSISTENT("flash fail"); + } + } + flash_lock(); + 80020f2: f7ff ff75 bl 8001fe0 + } + +} + 80020f6: f50d 6d85 add.w sp, sp, #1064 ; 0x428 + 80020fa: bd70 pop {r4, r5, r6, pc} + 80020fc: 0801c000 .word 0x0801c000 + 8002100: 0801c020 .word 0x0801c020 + 8002104: 0800d688 .word 0x0800d688 + 8002108: 0801c070 .word 0x0801c070 + 800210c: 0801c0b0 .word 0x0801c0b0 + +08002110 : +// +// Write the serial number of ATECC608 into flash forever. +// + void +flash_save_ae_serial(const uint8_t serial[9]) +{ + 8002110: b51f push {r0, r1, r2, r3, r4, lr} + 8002112: 4602 mov r2, r0 + uint64_t tmp[2]; + memset(&tmp, 0x0, sizeof(tmp)); + 8002114: 2300 movs r3, #0 + memcpy(&tmp, serial, 9); + 8002116: 6800 ldr r0, [r0, #0] + 8002118: 6851 ldr r1, [r2, #4] + 800211a: 7a12 ldrb r2, [r2, #8] + memset(&tmp, 0x0, sizeof(tmp)); + 800211c: e9cd 3302 strd r3, r3, [sp, #8] + memcpy(&tmp, serial, 9); + 8002120: 466b mov r3, sp + 8002122: c303 stmia r3!, {r0, r1} + 8002124: 701a strb r2, [r3, #0] + + flash_setup0(); + 8002126: f7ff ff3f bl 8001fa8 + flash_unlock(); + 800212a: f7ff ff61 bl 8001ff0 + + if(flash_burn((uint32_t)&rom_secrets->ae_serial_number[0], tmp[0])) { + 800212e: e9dd 2300 ldrd r2, r3, [sp] + 8002132: 4809 ldr r0, [pc, #36] ; (8002158 ) + 8002134: f00b faa0 bl 800d678 <__flash_burn_veneer> + 8002138: b110 cbz r0, 8002140 + INCONSISTENT("fail1"); + 800213a: 4808 ldr r0, [pc, #32] ; (800215c ) + 800213c: f7fe fc72 bl 8000a24 + } + if(flash_burn((uint32_t)&rom_secrets->ae_serial_number[1], tmp[1])) { + 8002140: e9dd 2302 ldrd r2, r3, [sp, #8] + 8002144: 4806 ldr r0, [pc, #24] ; (8002160 ) + 8002146: f00b fa97 bl 800d678 <__flash_burn_veneer> + 800214a: 2800 cmp r0, #0 + 800214c: d1f5 bne.n 800213a + INCONSISTENT("fail2"); + } + + flash_lock(); +} + 800214e: b005 add sp, #20 + 8002150: f85d eb04 ldr.w lr, [sp], #4 + flash_lock(); + 8002154: f7ff bf44 b.w 8001fe0 + 8002158: 0801c040 .word 0x0801c040 + 800215c: 0800d688 .word 0x0800d688 + 8002160: 0801c048 .word 0x0801c048 + +08002164 : +// +// Write bag number (probably a string) +// + void +flash_save_bag_number(const uint8_t new_number[32]) +{ + 8002164: b570 push {r4, r5, r6, lr} + 8002166: b088 sub sp, #32 + uint32_t dest = (uint32_t)&rom_secrets->bag_number[0]; + uint64_t tmp[4] = { 0 }; + uint64_t *src = tmp; + + STATIC_ASSERT(sizeof(tmp) == 32); + memcpy(tmp, new_number, 32); + 8002168: 4603 mov r3, r0 + 800216a: 466c mov r4, sp + 800216c: f100 0520 add.w r5, r0, #32 + 8002170: 6818 ldr r0, [r3, #0] + 8002172: 6859 ldr r1, [r3, #4] + 8002174: 4622 mov r2, r4 + 8002176: c203 stmia r2!, {r0, r1} + 8002178: 3308 adds r3, #8 + 800217a: 42ab cmp r3, r5 + 800217c: 4614 mov r4, r2 + 800217e: d1f7 bne.n 8002170 + + flash_setup0(); + 8002180: f7ff ff12 bl 8001fa8 + flash_unlock(); + 8002184: f7ff ff34 bl 8001ff0 + uint32_t dest = (uint32_t)&rom_secrets->bag_number[0]; + 8002188: 4d09 ldr r5, [pc, #36] ; (80021b0 ) + + // NOTE: can only write once! No provision for read/check, and write + // when non-ones will fail. + for(int i=0; i<(32/8); i++, dest+=8, src++) { + 800218a: 4e0a ldr r6, [pc, #40] ; (80021b4 ) + 800218c: 466c mov r4, sp + if(flash_burn(dest, *src)) { + 800218e: e8f4 2302 ldrd r2, r3, [r4], #8 + 8002192: 4628 mov r0, r5 + 8002194: f00b fa70 bl 800d678 <__flash_burn_veneer> + 8002198: b110 cbz r0, 80021a0 + INCONSISTENT("fail write"); + 800219a: 4807 ldr r0, [pc, #28] ; (80021b8 ) + 800219c: f7fe fc42 bl 8000a24 + for(int i=0; i<(32/8); i++, dest+=8, src++) { + 80021a0: 3508 adds r5, #8 + 80021a2: 42b5 cmp r5, r6 + 80021a4: d1f3 bne.n 800218e + } + } + + flash_lock(); +} + 80021a6: b008 add sp, #32 + 80021a8: e8bd 4070 ldmia.w sp!, {r4, r5, r6, lr} + flash_lock(); + 80021ac: f7ff bf18 b.w 8001fe0 + 80021b0: 0801c050 .word 0x0801c050 + 80021b4: 0801c070 .word 0x0801c070 + 80021b8: 0800d688 .word 0x0800d688 + +080021bc : +// Save bunch of stuff related to SE2. Allow updates to sections that are +// given as ones at this point. +// + void +flash_save_se2_data(const se2_secrets_t *se2) +{ + 80021bc: e92d 41f3 stmdb sp!, {r0, r1, r4, r5, r6, r7, r8, lr} + 80021c0: 4605 mov r5, r0 + uint8_t *dest = (uint8_t *)&rom_secrets->se2; + 80021c2: 4c1a ldr r4, [pc, #104] ; (800222c ) + STATIC_ASSERT(offsetof(rom_secrets_t, se2) % 8 == 0); + + flash_setup0(); + flash_unlock(); + + for(int i=0; i<(sizeof(se2_secrets_t)/8); i++, dest+=8, src+=8) { + 80021c4: f8df 8070 ldr.w r8, [pc, #112] ; 8002238 + flash_setup0(); + 80021c8: f7ff feee bl 8001fa8 + flash_unlock(); + 80021cc: f7ff ff10 bl 8001ff0 + for(int i=0; i<(sizeof(se2_secrets_t)/8); i++, dest+=8, src+=8) { + 80021d0: 1b2d subs r5, r5, r4 + 80021d2: eb05 0c04 add.w ip, r5, r4 + uint64_t val; + memcpy(&val, src, sizeof(val)); + 80021d6: 5928 ldr r0, [r5, r4] + 80021d8: f8dc 1004 ldr.w r1, [ip, #4] + 80021dc: 466b mov r3, sp + + // don't write if all ones or already written correctly + if(val == ~0) continue; + 80021de: f1b1 3fff cmp.w r1, #4294967295 ; 0xffffffff + 80021e2: bf08 it eq + 80021e4: f1b0 3fff cmpeq.w r0, #4294967295 ; 0xffffffff + memcpy(&val, src, sizeof(val)); + 80021e8: c303 stmia r3!, {r0, r1} + if(val == ~0) continue; + 80021ea: 4607 mov r7, r0 + 80021ec: 460e mov r6, r1 + 80021ee: d015 beq.n 800221c + if(check_equal(dest, src, 8)) continue; + 80021f0: 2208 movs r2, #8 + 80021f2: 4661 mov r1, ip + 80021f4: 4620 mov r0, r4 + 80021f6: f000 fa4c bl 8002692 + 80021fa: b978 cbnz r0, 800221c + + // can't write if not ones already + ASSERT(check_all_ones(dest, 8)); + 80021fc: 2108 movs r1, #8 + 80021fe: 4620 mov r0, r4 + 8002200: f000 fa2e bl 8002660 + 8002204: b910 cbnz r0, 800220c + 8002206: 480a ldr r0, [pc, #40] ; (8002230 ) + + if(flash_burn((uint32_t)dest, val)) { + INCONSISTENT("fail write"); + 8002208: f7fe fc0c bl 8000a24 + if(flash_burn((uint32_t)dest, val)) { + 800220c: 463a mov r2, r7 + 800220e: 4633 mov r3, r6 + 8002210: 4620 mov r0, r4 + 8002212: f00b fa31 bl 800d678 <__flash_burn_veneer> + 8002216: b108 cbz r0, 800221c + INCONSISTENT("fail write"); + 8002218: 4806 ldr r0, [pc, #24] ; (8002234 ) + 800221a: e7f5 b.n 8002208 + for(int i=0; i<(sizeof(se2_secrets_t)/8); i++, dest+=8, src+=8) { + 800221c: 3408 adds r4, #8 + 800221e: 4544 cmp r4, r8 + 8002220: d1d7 bne.n 80021d2 + } + } + + flash_lock(); +} + 8002222: b002 add sp, #8 + 8002224: e8bd 41f0 ldmia.w sp!, {r4, r5, r6, r7, r8, lr} + flash_lock(); + 8002228: f7ff beda b.w 8001fe0 + 800222c: 0801c0b0 .word 0x0801c0b0 + 8002230: 0800e354 .word 0x0800e354 + 8002234: 0800d688 .word 0x0800d688 + 8002238: 0801c190 .word 0x0801c190 + +0800223c : +// +// This is really a state-machine, to recover boards that are booted w/ missing AE chip. +// + void +flash_setup(void) +{ + 800223c: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + + // see if we have picked a pairing secret yet. + // NOTE: critical section for glitching (at least in past versions) + // - check_all.. functions have a rng_delay in them already + rng_delay(); + bool blank_ps = check_all_ones(rom_secrets->pairing_secret, 32); + 8002240: 4d3e ldr r5, [pc, #248] ; (800233c ) +{ + 8002242: b088 sub sp, #32 + flash_setup0(); + 8002244: f7ff feb0 bl 8001fa8 + rng_delay(); + 8002248: f000 fa88 bl 800275c + bool blank_ps = check_all_ones(rom_secrets->pairing_secret, 32); + 800224c: 2120 movs r1, #32 + 800224e: 4628 mov r0, r5 + 8002250: f000 fa06 bl 8002660 + bool zeroed_ps = check_all_zeros(rom_secrets->pairing_secret, 32); + 8002254: 2120 movs r1, #32 + bool blank_ps = check_all_ones(rom_secrets->pairing_secret, 32); + 8002256: 4606 mov r6, r0 + bool zeroed_ps = check_all_zeros(rom_secrets->pairing_secret, 32); + 8002258: 4628 mov r0, r5 + 800225a: f000 fa0b bl 8002674 + bool blank_xor = check_all_ones(rom_secrets->pairing_secret_xor, 32); + 800225e: 2120 movs r1, #32 + bool zeroed_ps = check_all_zeros(rom_secrets->pairing_secret, 32); + 8002260: 4607 mov r7, r0 + bool blank_xor = check_all_ones(rom_secrets->pairing_secret_xor, 32); + 8002262: 4837 ldr r0, [pc, #220] ; (8002340 ) + 8002264: f000 f9fc bl 8002660 + bool blank_ae = (~rom_secrets->ae_serial_number[0] == 0); + 8002268: e9d5 8510 ldrd r8, r5, [r5, #64] ; 0x40 + bool blank_xor = check_all_ones(rom_secrets->pairing_secret_xor, 32); + 800226c: 4604 mov r4, r0 + rng_delay(); + 800226e: f000 fa75 bl 800275c + + if(zeroed_ps) { + 8002272: b127 cbz r7, 800227e + // fast brick process leaves us w/ zero pairing secret + oled_show(screen_brick); + 8002274: 4833 ldr r0, [pc, #204] ; (8002344 ) + 8002276: f7fe fdd5 bl 8000e24 + LOCKUP_FOREVER(); + 800227a: bf30 wfi + 800227c: e7fd b.n 800227a + } + + if(blank_ps) { + 800227e: b10e cbz r6, 8002284 + // get some good entropy, save it. + pick_pairing_secret(); + 8002280: f7ff feec bl 800205c + + blank_ps = false; + } + + if(blank_xor || blank_ae) { + 8002284: b92c cbnz r4, 8002292 + 8002286: f1b5 3fff cmp.w r5, #4294967295 ; 0xffffffff + 800228a: bf08 it eq + 800228c: f1b8 3fff cmpeq.w r8, #4294967295 ; 0xffffffff + 8002290: d12f bne.n 80022f2 + + // setup the SE2 (mostly). handles failures by dying + se2_setup_config(); + 8002292: f005 fad1 bl 8007838 + + // configure and lock-down the SE1 + int rv = ae_setup_config(); + 8002296: f001 f99b bl 80035d0 + 800229a: 4605 mov r5, r0 + + rng_delay(); + 800229c: f000 fa5e bl 800275c + if(rv) { + 80022a0: b13d cbz r5, 80022b2 + // Hardware fail speaking to AE chip ... be careful not to brick here. + // Do not continue!! We might fix the board, or add missing pullup, etc. + oled_show(screen_se1_issue); + 80022a2: 4829 ldr r0, [pc, #164] ; (8002348 ) + 80022a4: f7fe fdbe bl 8000e24 + puts("SE1 config fail"); + 80022a8: 4828 ldr r0, [pc, #160] ; (800234c ) + 80022aa: f002 fd4d bl 8004d48 + + LOCKUP_FOREVER(); + 80022ae: bf30 wfi + 80022b0: e7fd b.n 80022ae + } + + rng_delay(); + 80022b2: f000 fa53 bl 800275c + if(blank_xor) { + 80022b6: b1a4 cbz r4, 80022e2 + flash_unlock(); + 80022b8: f7ff fe9a bl 8001ff0 + uint64_t *src = (uint64_t *)&rom_secrets->pairing_secret; + 80022bc: 4c1f ldr r4, [pc, #124] ; (800233c ) + for(int i=0; i<(32/8); i++, dest+=8, src++) { + 80022be: 4d20 ldr r5, [pc, #128] ; (8002340 ) + uint64_t val = ~(*src); + 80022c0: e9d4 2300 ldrd r2, r3, [r4] + if(flash_burn(dest, val)) { + 80022c4: f104 0020 add.w r0, r4, #32 + 80022c8: 43d2 mvns r2, r2 + 80022ca: 43db mvns r3, r3 + 80022cc: f00b f9d4 bl 800d678 <__flash_burn_veneer> + 80022d0: b110 cbz r0, 80022d8 + INCONSISTENT("flash xor fail"); + 80022d2: 481f ldr r0, [pc, #124] ; (8002350 ) + 80022d4: f7fe fba6 bl 8000a24 + for(int i=0; i<(32/8); i++, dest+=8, src++) { + 80022d8: 3408 adds r4, #8 + 80022da: 42ac cmp r4, r5 + 80022dc: d1f0 bne.n 80022c0 + flash_lock(); + 80022de: f7ff fe7f bl 8001fe0 + // write secret again, complemented, to indicate successful AE programming + confirm_pairing_secret(); + } + + // real power cycle required now. + oled_show(screen_replug); + 80022e2: 481c ldr r0, [pc, #112] ; (8002354 ) + 80022e4: f7fe fd9e bl 8000e24 + puts("replug required"); + 80022e8: 481b ldr r0, [pc, #108] ; (8002358 ) + 80022ea: f002 fd2d bl 8004d48 + + LOCKUP_FOREVER(); + 80022ee: bf30 wfi + 80022f0: e7fd b.n 80022ee + + rng_delay(); + if(!blank_ps && !blank_xor) { + // check the XOR value also written: 2 phase commit + uint8_t tmp[32]; + memcpy(tmp, rom_secrets->pairing_secret, 32); + 80022f2: 4d12 ldr r5, [pc, #72] ; (800233c ) + rng_delay(); + 80022f4: f000 fa32 bl 800275c + memcpy(tmp, rom_secrets->pairing_secret, 32); + 80022f8: cd0f ldmia r5!, {r0, r1, r2, r3} + 80022fa: 466c mov r4, sp + 80022fc: c40f stmia r4!, {r0, r1, r2, r3} + 80022fe: e895 000f ldmia.w r5, {r0, r1, r2, r3} + 8002302: e884 000f stmia.w r4, {r0, r1, r2, r3} + 8002306: 466b mov r3, sp + 8002308: 4a0d ldr r2, [pc, #52] ; (8002340 ) +bool check_equal(const void *aV, const void *bV, int len); + +// XOR-mixin more bytes; acc = acc XOR more for each byte +void static inline xor_mixin(uint8_t *acc, const uint8_t *more, int len) +{ + for(; len; len--, more++, acc++) { + 800230a: 4c14 ldr r4, [pc, #80] ; (800235c ) + 800230c: 4618 mov r0, r3 + *(acc) ^= *(more); + 800230e: 7819 ldrb r1, [r3, #0] + 8002310: f812 5b01 ldrb.w r5, [r2], #1 + 8002314: 4069 eors r1, r5 + for(; len; len--, more++, acc++) { + 8002316: 42a2 cmp r2, r4 + *(acc) ^= *(more); + 8002318: f803 1b01 strb.w r1, [r3], #1 + for(; len; len--, more++, acc++) { + 800231c: d1f7 bne.n 800230e + xor_mixin(tmp, rom_secrets->pairing_secret_xor, 32); + + if(!check_all_ones(tmp, 32)) { + 800231e: 2120 movs r1, #32 + 8002320: f000 f99e bl 8002660 + 8002324: b938 cbnz r0, 8002336 + oled_show(screen_corrupt); + 8002326: 480e ldr r0, [pc, #56] ; (8002360 ) + 8002328: f7fe fd7c bl 8000e24 + puts("corrupt pair sec"); + 800232c: 480d ldr r0, [pc, #52] ; (8002364 ) + 800232e: f002 fd0b bl 8004d48 + + // dfu won't save them here, so just die + LOCKUP_FOREVER(); + 8002332: bf30 wfi + 8002334: e7fd b.n 8002332 + // That's fine if we intend to ship units locked already. + + // Do NOT do write every boot, as it might wear-out + // the flash bits in OB. + +} + 8002336: b008 add sp, #32 + 8002338: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + 800233c: 0801c000 .word 0x0801c000 + 8002340: 0801c020 .word 0x0801c020 + 8002344: 0800d77f .word 0x0800d77f + 8002348: 0800de9b .word 0x0800de9b + 800234c: 0800e54e .word 0x0800e54e + 8002350: 0800d688 .word 0x0800d688 + 8002354: 0800de3a .word 0x0800de3a + 8002358: 0800e55e .word 0x0800e55e + 800235c: 0801c040 .word 0x0801c040 + 8002360: 0800d7e9 .word 0x0800d7e9 + 8002364: 0800e56e .word 0x0800e56e + +08002368 : +// +// This is a one-way trip. Might need power cycle to (fully?) take effect. +// + void +flash_lockdown_hard(uint8_t rdp_level_code) +{ + 8002368: b510 push {r4, lr} + 800236a: 4604 mov r4, r0 + flash_setup0(); + 800236c: f7ff fe1c bl 8001fa8 + + // see FLASH_OB_WRPConfig() + + flash_ob_lock(false); + 8002370: 2000 movs r0, #0 + 8002372: f7ff fe55 bl 8002020 + // lock first 128k-8k against any writes + FLASH->WRP1AR = (num_pages_locked << 16); + 8002376: 4b08 ldr r3, [pc, #32] ; (8002398 ) + 8002378: f44f 2260 mov.w r2, #917504 ; 0xe0000 + 800237c: 62da str r2, [r3, #44] ; 0x2c + FLASH->WRP1BR = 0xff; // unused. + 800237e: 22ff movs r2, #255 ; 0xff + 8002380: 631a str r2, [r3, #48] ; 0x30 + FLASH->WRP2AR = 0xff; // unused. + 8002382: 64da str r2, [r3, #76] ; 0x4c + FLASH->WRP2BR = 0xff; // unused. + 8002384: 651a str r2, [r3, #80] ; 0x50 + // the RDP level is decreased from Level 1 to Level 0)." + // - D-bus access blocked, even for code running inside the PCROP area! (AN4758) + // So literal values and constant tables and such would need special linking. + + // set protection level + uint32_t was = FLASH->OPTR & ~0xff; + 8002386: 6a1a ldr r2, [r3, #32] + 8002388: f022 02ff bic.w r2, r2, #255 ; 0xff + FLASH->OPTR = was | rdp_level_code; // select level X, other values as observed + 800238c: 4322 orrs r2, r4 + 800238e: 621a str r2, [r3, #32] + + flash_ob_lock(true); +} + 8002390: e8bd 4010 ldmia.w sp!, {r4, lr} + 8002394: f7ff bddc b.w 8001f50 + 8002398: 40022000 .word 0x40022000 + +0800239c : + +// record_highwater_version() +// + int +record_highwater_version(const uint8_t timestamp[8]) +{ + 800239c: b537 push {r0, r1, r2, r4, r5, lr} + const uint8_t *otp = (const uint8_t *)OPT_FLASH_BASE; + + ASSERT(timestamp[0] < 0x40); + ASSERT(timestamp[0] >= 0x10); + 800239e: 7802 ldrb r2, [r0, #0] + 80023a0: 3a10 subs r2, #16 + 80023a2: 2a2f cmp r2, #47 ; 0x2f +{ + 80023a4: 4603 mov r3, r0 + ASSERT(timestamp[0] >= 0x10); + 80023a6: d902 bls.n 80023ae + ASSERT(timestamp[0] < 0x40); + 80023a8: 4810 ldr r0, [pc, #64] ; (80023ec ) + 80023aa: f7fe fb3b bl 8000a24 + + uint64_t val = 0; + memcpy(&val, timestamp, 8); + 80023ae: 6800 ldr r0, [r0, #0] + 80023b0: 6859 ldr r1, [r3, #4] + const uint8_t *otp = (const uint8_t *)OPT_FLASH_BASE; + 80023b2: 4c0f ldr r4, [pc, #60] ; (80023f0 ) + + // just write to first blank slot we can find. + for(int i=0; i) + memcpy(&val, timestamp, 8); + 80023b6: 466a mov r2, sp + 80023b8: c203 stmia r2!, {r0, r1} + if(check_all_ones(otp, 8)) { + 80023ba: 2108 movs r1, #8 + 80023bc: 4620 mov r0, r4 + 80023be: f000 f94f bl 8002660 + 80023c2: b168 cbz r0, 80023e0 + // write here. + flash_setup0(); + 80023c4: f7ff fdf0 bl 8001fa8 + flash_unlock(); + 80023c8: f7ff fe12 bl 8001ff0 + flash_burn((uint32_t)otp, val); + 80023cc: e9dd 2300 ldrd r2, r3, [sp] + 80023d0: 4620 mov r0, r4 + 80023d2: f00b f951 bl 800d678 <__flash_burn_veneer> + flash_lock(); + 80023d6: f7ff fe03 bl 8001fe0 + + return 0; + 80023da: 2000 movs r0, #0 + } + } + + // no space. + return 1; +} + 80023dc: b003 add sp, #12 + 80023de: bd30 pop {r4, r5, pc} + for(int i=0; i + return 1; + 80023e6: 2001 movs r0, #1 + 80023e8: e7f8 b.n 80023dc + 80023ea: bf00 nop + 80023ec: 0800e354 .word 0x0800e354 + 80023f0: 1fff7000 .word 0x1fff7000 + 80023f4: 1fff7400 .word 0x1fff7400 + +080023f8 : + +// mcu_key_get() +// + const mcu_key_t * +mcu_key_get(bool *valid) +{ + 80023f8: b570 push {r4, r5, r6, lr} + // get current "mcu_key" value; first byte will never be 0x0 or 0xff + // - except if no key set yet/recently wiped + // - if none set, returns ptr to first available slot which will be all ones + const mcu_key_t *ptr = MCU_KEYS, *avail=NULL; + + for(int i=0; i) + const mcu_key_t *ptr = MCU_KEYS, *avail=NULL; + 80023fc: 4c0d ldr r4, [pc, #52] ; (8002434 ) +{ + 80023fe: 4606 mov r6, r0 + const mcu_key_t *ptr = MCU_KEYS, *avail=NULL; + 8002400: 2500 movs r5, #0 + if(ptr->value[0] == 0xff) { + 8002402: 7823 ldrb r3, [r4, #0] + 8002404: 2bff cmp r3, #255 ; 0xff + 8002406: d10b bne.n 8002420 + if(!avail) { + 8002408: 2d00 cmp r5, #0 + 800240a: bf08 it eq + 800240c: 4625 moveq r5, r4 + for(int i=0; i + *valid = true; + return ptr; + } + } + + rng_delay(); + 8002414: f000 f9a2 bl 800275c + *valid = false; + 8002418: 2300 movs r3, #0 + 800241a: 7033 strb r3, [r6, #0] + return avail; + 800241c: 462c mov r4, r5 + 800241e: e005 b.n 800242c + } else if(ptr->value[0] != 0x00) { + 8002420: 2b00 cmp r3, #0 + 8002422: d0f4 beq.n 800240e + rng_delay(); + 8002424: f000 f99a bl 800275c + *valid = true; + 8002428: 2301 movs r3, #1 + 800242a: 7033 strb r3, [r6, #0] +} + 800242c: 4620 mov r0, r4 + 800242e: bd70 pop {r4, r5, r6, pc} + 8002430: 08020000 .word 0x08020000 + 8002434: 0801e000 .word 0x0801e000 + +08002438 : + +// mcu_key_clear() +// + void +mcu_key_clear(const mcu_key_t *cur) +{ + 8002438: b513 push {r0, r1, r4, lr} + if(!cur) { + 800243a: 4604 mov r4, r0 + 800243c: b938 cbnz r0, 800244e + bool valid; + cur = mcu_key_get(&valid); + 800243e: f10d 0007 add.w r0, sp, #7 + 8002442: f7ff ffd9 bl 80023f8 + + if(!valid) return; + 8002446: f89d 3007 ldrb.w r3, [sp, #7] + cur = mcu_key_get(&valid); + 800244a: 4604 mov r4, r0 + if(!valid) return; + 800244c: b1fb cbz r3, 800248e + } + + // no delays here since decision has been made, and don't + // want to give them more time to interrupt us + flash_setup0(); + 800244e: f7ff fdab bl 8001fa8 + flash_unlock(); + 8002452: f7ff fdcd bl 8001ff0 + uint32_t pos = (uint32_t)cur; + flash_burn(pos, 0); pos += 8; + 8002456: 2200 movs r2, #0 + 8002458: 2300 movs r3, #0 + 800245a: 4620 mov r0, r4 + 800245c: f00b f90c bl 800d678 <__flash_burn_veneer> + flash_burn(pos, 0); pos += 8; + 8002460: 2200 movs r2, #0 + 8002462: 2300 movs r3, #0 + 8002464: f104 0008 add.w r0, r4, #8 + 8002468: f00b f906 bl 800d678 <__flash_burn_veneer> + flash_burn(pos, 0); pos += 8; + 800246c: 2200 movs r2, #0 + 800246e: 2300 movs r3, #0 + 8002470: f104 0010 add.w r0, r4, #16 + 8002474: f00b f900 bl 800d678 <__flash_burn_veneer> + flash_burn(pos, 0); + 8002478: 2200 movs r2, #0 + 800247a: 2300 movs r3, #0 + 800247c: f104 0018 add.w r0, r4, #24 + 8002480: f00b f8fa bl 800d678 <__flash_burn_veneer> + flash_lock(); +} + 8002484: b002 add sp, #8 + 8002486: e8bd 4010 ldmia.w sp!, {r4, lr} + flash_lock(); + 800248a: f7ff bda9 b.w 8001fe0 +} + 800248e: b002 add sp, #8 + 8002490: bd10 pop {r4, pc} + ... + +08002494 : + +// mcu_key_usage() +// + void +mcu_key_usage(int *avail_out, int *consumed_out, int *total_out) +{ + 8002494: b5f0 push {r4, r5, r6, r7, lr} + const mcu_key_t *ptr = MCU_KEYS; + int avail = 0, used = 0; + 8002496: 2300 movs r3, #0 + const mcu_key_t *ptr = MCU_KEYS; + 8002498: 4c09 ldr r4, [pc, #36] ; (80024c0 ) + + for(int i=0; i) + int avail = 0, used = 0; + 800249c: 461d mov r5, r3 + if(ptr->value[0] == 0xff) { + 800249e: 7826 ldrb r6, [r4, #0] + 80024a0: 2eff cmp r6, #255 ; 0xff + 80024a2: d109 bne.n 80024b8 + avail ++; + 80024a4: 3501 adds r5, #1 + for(int i=0; i + } else if(ptr->value[0] == 0x00) { + used ++; + } + } + + *avail_out = avail; + 80024ac: 6005 str r5, [r0, #0] + *consumed_out = used; + 80024ae: 600b str r3, [r1, #0] + *total_out = NUM_MCU_KEYS; + 80024b0: f44f 7380 mov.w r3, #256 ; 0x100 + 80024b4: 6013 str r3, [r2, #0] +} + 80024b6: bdf0 pop {r4, r5, r6, r7, pc} + } else if(ptr->value[0] == 0x00) { + 80024b8: 2e00 cmp r6, #0 + 80024ba: d1f4 bne.n 80024a6 + used ++; + 80024bc: 3301 adds r3, #1 + 80024be: e7f2 b.n 80024a6 + 80024c0: 0801e000 .word 0x0801e000 + 80024c4: 08020000 .word 0x08020000 + +080024c8 : + +// mcu_key_pick() +// + const mcu_key_t * +mcu_key_pick(void) +{ + 80024c8: b5f0 push {r4, r5, r6, r7, lr} + 80024ca: b08b sub sp, #44 ; 0x2c + mcu_key_t n; + + // get some good entropy, and whiten it just in case. + do { + rng_buffer(n.value, 32); + 80024cc: ad02 add r5, sp, #8 + 80024ce: 2120 movs r1, #32 + 80024d0: 4628 mov r0, r5 + 80024d2: f000 f92d bl 8002730 + sha256_single(n.value, 32, n.value); + 80024d6: 462a mov r2, r5 + 80024d8: 2120 movs r1, #32 + 80024da: 4628 mov r0, r5 + 80024dc: f003 f828 bl 8005530 + sha256_single(n.value, 32, n.value); + 80024e0: 462a mov r2, r5 + 80024e2: 2120 movs r1, #32 + 80024e4: 4628 mov r0, r5 + 80024e6: f003 f823 bl 8005530 + } while(n.value[0] == 0x0 || n.value[0] == 0xff); + 80024ea: f89d 3008 ldrb.w r3, [sp, #8] + 80024ee: 3b01 subs r3, #1 + 80024f0: b2db uxtb r3, r3 + 80024f2: 2bfd cmp r3, #253 ; 0xfd + 80024f4: d8eb bhi.n 80024ce + + int err = 0; + const mcu_key_t *cur; + + do { + bool valid = false; + 80024f6: 2300 movs r3, #0 + cur = mcu_key_get(&valid); + 80024f8: 4668 mov r0, sp + bool valid = false; + 80024fa: f88d 3000 strb.w r3, [sp] + cur = mcu_key_get(&valid); + 80024fe: f7ff ff7b bl 80023f8 + + if(!cur) { + 8002502: 4604 mov r4, r0 + 8002504: b938 cbnz r0, 8002516 + // no free slots. we are brick. + puts("mcu full"); + 8002506: 4828 ldr r0, [pc, #160] ; (80025a8 ) + 8002508: f002 fc1e bl 8004d48 + oled_show(screen_brick); + 800250c: 4827 ldr r0, [pc, #156] ; (80025ac ) + 800250e: f7fe fc89 bl 8000e24 + + LOCKUP_FOREVER(); + 8002512: bf30 wfi + 8002514: e7fd b.n 8002512 + } + + if(valid) { + 8002516: f89d 3000 ldrb.w r3, [sp] + 800251a: b14b cbz r3, 8002530 + // clear existing key, if it's defined. + ASSERT(cur->value[0] != 0x00); + 800251c: 7803 ldrb r3, [r0, #0] + 800251e: 3b01 subs r3, #1 + 8002520: b2db uxtb r3, r3 + 8002522: 2bfd cmp r3, #253 ; 0xfd + 8002524: d902 bls.n 800252c + 8002526: 4822 ldr r0, [pc, #136] ; (80025b0 ) + 8002528: f7fe fa7c bl 8000a24 + ASSERT(cur->value[0] != 0xff); + + mcu_key_clear(cur); + 800252c: f7ff ff84 bl 8002438 + continue; + } + } while(0); + + // burn it + flash_setup0(); + 8002530: f7ff fd3a bl 8001fa8 + flash_unlock(); + 8002534: f7ff fd5c bl 8001ff0 + uint32_t pos = (uint32_t)cur; + const uint8_t *fr = n.value; + + for(int i=0; i<32; i+= 8, pos += 8, fr += 8) { + 8002538: 2700 movs r7, #0 + uint64_t v; + memcpy(&v, fr, sizeof(v)); + 800253a: 19ea adds r2, r5, r7 + 800253c: 59e8 ldr r0, [r5, r7] + 800253e: 6851 ldr r1, [r2, #4] + 8002540: 466b mov r3, sp + 8002542: c303 stmia r3!, {r0, r1} + + err = flash_burn(pos, v); + 8002544: 19e0 adds r0, r4, r7 + 8002546: e9dd 2300 ldrd r2, r3, [sp] + 800254a: f00b f895 bl 800d678 <__flash_burn_veneer> + if(err) break; + 800254e: 4606 mov r6, r0 + 8002550: b910 cbnz r0, 8002558 + for(int i=0; i<32; i+= 8, pos += 8, fr += 8) { + 8002552: 3708 adds r7, #8 + 8002554: 2f20 cmp r7, #32 + 8002556: d1f0 bne.n 800253a + } + flash_lock(); + 8002558: f7ff fd42 bl 8001fe0 + + // NOTE: Errors not expected, but lets be graceful about them. + + if(err) { + 800255c: b166 cbz r6, 8002578 + // what to do? + puts("burn fail: "); + 800255e: 4815 ldr r0, [pc, #84] ; (80025b4 ) + 8002560: f002 fbf2 bl 8004d48 + puthex2(err); + 8002564: b2f0 uxtb r0, r6 + 8002566: f002 fb93 bl 8004c90 + putchar('\n'); + 800256a: 200a movs r0, #10 + 800256c: f002 fb72 bl 8004c54 + return NULL; + } + + if(after != cur || !check_equal(after->value, n.value, 32)) { + puts("bad val?"); + return NULL; + 8002570: 2400 movs r4, #0 + } + + return cur; +} + 8002572: 4620 mov r0, r4 + 8002574: b00b add sp, #44 ; 0x2c + 8002576: bdf0 pop {r4, r5, r6, r7, pc} + const mcu_key_t *after = mcu_key_get(&valid); + 8002578: 4668 mov r0, sp + bool valid = false; + 800257a: f88d 6000 strb.w r6, [sp] + const mcu_key_t *after = mcu_key_get(&valid); + 800257e: f7ff ff3b bl 80023f8 + if(!valid) { + 8002582: f89d 2000 ldrb.w r2, [sp] + 8002586: b91a cbnz r2, 8002590 + puts("!valid?"); + 8002588: 480b ldr r0, [pc, #44] ; (80025b8 ) + puts("bad val?"); + 800258a: f002 fbdd bl 8004d48 + 800258e: e7ef b.n 8002570 + if(after != cur || !check_equal(after->value, n.value, 32)) { + 8002590: 4284 cmp r4, r0 + 8002592: d001 beq.n 8002598 + puts("bad val?"); + 8002594: 4809 ldr r0, [pc, #36] ; (80025bc ) + 8002596: e7f8 b.n 800258a + if(after != cur || !check_equal(after->value, n.value, 32)) { + 8002598: 2220 movs r2, #32 + 800259a: 4629 mov r1, r5 + 800259c: f000 f879 bl 8002692 + 80025a0: 2800 cmp r0, #0 + 80025a2: d1e6 bne.n 8002572 + 80025a4: e7f6 b.n 8002594 + 80025a6: bf00 nop + 80025a8: 0800e57f .word 0x0800e57f + 80025ac: 0800d77f .word 0x0800d77f + 80025b0: 0800e354 .word 0x0800e354 + 80025b4: 0800e588 .word 0x0800e588 + 80025b8: 0800e594 .word 0x0800e594 + 80025bc: 0800e59c .word 0x0800e59c + +080025c0 : + +// fast_brick() +// + void +fast_brick(void) +{ + 80025c0: b538 push {r3, r4, r5, lr} +#ifndef RELEASE + puts2("DISABLED fast brick... "); + oled_show(screen_brick); +#else + // do a fast wipe of our key + mcu_key_clear(NULL); + 80025c2: 2000 movs r0, #0 + 80025c4: f7ff ff38 bl 8002438 + + // brick SE1 for future + ae_brick_myself(); + 80025c8: f001 f970 bl 80038ac + + // NOTE: could brick SE1 (somewhat) by dec'ing the counter, which will + // invalidate all PIN hashes + + // no going back from that -- but for privacy, wipe more stuff + oled_show(screen_brick); + 80025cc: 480e ldr r0, [pc, #56] ; (8002608 ) + uint32_t bot = (uint32_t)MCU_KEYS; + flash_page_erase(bot); + + // 2: LFS area first, since holds settings (AES'ed w/ lost key, but yeah) + // 3: the firmware, not a secret anyway + for(uint32_t pos=(FLASH_BASE + 0x200000 - FLASH_ERASE_SIZE); + 80025ce: 4c0f ldr r4, [pc, #60] ; (800260c ) + 80025d0: 4d0f ldr r5, [pc, #60] ; (8002610 ) + oled_show(screen_brick); + 80025d2: f7fe fc27 bl 8000e24 + puts2("fast brick... "); + 80025d6: 480f ldr r0, [pc, #60] ; (8002614 ) + 80025d8: f002 fb28 bl 8004c2c + flash_setup0(); + 80025dc: f7ff fce4 bl 8001fa8 + flash_unlock(); + 80025e0: f7ff fd06 bl 8001ff0 + flash_page_erase(bot); + 80025e4: 480a ldr r0, [pc, #40] ; (8002610 ) + 80025e6: f00b f84b bl 800d680 <__flash_page_erase_veneer> + pos > bot; pos -= FLASH_ERASE_SIZE) { + flash_page_erase(pos); + 80025ea: 4620 mov r0, r4 + pos > bot; pos -= FLASH_ERASE_SIZE) { + 80025ec: f5a4 5480 sub.w r4, r4, #4096 ; 0x1000 + flash_page_erase(pos); + 80025f0: f00b f846 bl 800d680 <__flash_page_erase_veneer> + for(uint32_t pos=(FLASH_BASE + 0x200000 - FLASH_ERASE_SIZE); + 80025f4: 42ac cmp r4, r5 + 80025f6: d1f8 bne.n 80025ea + } + flash_lock(); + puts(" done"); + 80025f8: 4807 ldr r0, [pc, #28] ; (8002618 ) + flash_lock(); + 80025fa: f7ff fcf1 bl 8001fe0 + puts(" done"); + 80025fe: f002 fba3 bl 8004d48 +#endif + + LOCKUP_FOREVER(); + 8002602: bf30 wfi + 8002604: e7fd b.n 8002602 + 8002606: bf00 nop + 8002608: 0800d77f .word 0x0800d77f + 800260c: 081ff000 .word 0x081ff000 + 8002610: 0801e000 .word 0x0801e000 + 8002614: 0800e5a5 .word 0x0800e5a5 + 8002618: 0800e5b4 .word 0x0800e5b4 + +0800261c : + +// fast_wipe() +// + void +fast_wipe(void) +{ + 800261c: b508 push {r3, lr} + // dump (part of) the main seed key and become a new Coldcard + // - lots of other code can and will detect a missing MCU key as "blank" + // - and the check value on main seed will be garbage now + mcu_key_clear(NULL); + 800261e: 2000 movs r0, #0 + 8002620: f7ff ff0a bl 8002438 + __ASM volatile ("dsb 0xF":::"memory"); + 8002624: f3bf 8f4f dsb sy + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 8002628: 4905 ldr r1, [pc, #20] ; (8002640 ) + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 800262a: 4b06 ldr r3, [pc, #24] ; (8002644 ) + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 800262c: 68ca ldr r2, [r1, #12] + 800262e: f402 62e0 and.w r2, r2, #1792 ; 0x700 + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 8002632: 4313 orrs r3, r2 + 8002634: 60cb str r3, [r1, #12] + 8002636: f3bf 8f4f dsb sy + __NOP(); + 800263a: bf00 nop + for(;;) /* wait until reset */ + 800263c: e7fd b.n 800263a + 800263e: bf00 nop + 8002640: e000ed00 .word 0xe000ed00 + 8002644: 05fa0004 .word 0x05fa0004 + +08002648 : +check_all_ones_raw(const void *ptrV, int len) +{ + uint8_t rv = 0xff; + const uint8_t *ptr = (const uint8_t *)ptrV; + + for(; len; len--, ptr++) { + 8002648: 4401 add r1, r0 + uint8_t rv = 0xff; + 800264a: 23ff movs r3, #255 ; 0xff + for(; len; len--, ptr++) { + 800264c: 4288 cmp r0, r1 + 800264e: d103 bne.n 8002658 + rv &= *ptr; + } + + return (rv == 0xff); +} + 8002650: 3bff subs r3, #255 ; 0xff + 8002652: 4258 negs r0, r3 + 8002654: 4158 adcs r0, r3 + 8002656: 4770 bx lr + rv &= *ptr; + 8002658: f810 2b01 ldrb.w r2, [r0], #1 + 800265c: 4013 ands r3, r2 + for(; len; len--, ptr++) { + 800265e: e7f5 b.n 800264c + +08002660 : +// +// Return T if all bytes are 0xFF +// + bool +check_all_ones(const void *ptrV, int len) +{ + 8002660: b507 push {r0, r1, r2, lr} + bool rv = check_all_ones_raw(ptrV, len); + 8002662: f7ff fff1 bl 8002648 + 8002666: 9001 str r0, [sp, #4] + + rng_delay(); + 8002668: f000 f878 bl 800275c + + return rv; +} + 800266c: 9801 ldr r0, [sp, #4] + 800266e: b003 add sp, #12 + 8002670: f85d fb04 ldr.w pc, [sp], #4 + +08002674 : +// +// Return T if all bytes are 0x00 +// + bool +check_all_zeros(const void *ptrV, int len) +{ + 8002674: b510 push {r4, lr} + 8002676: 4401 add r1, r0 + uint8_t rv = 0x0; + 8002678: 2400 movs r4, #0 + const uint8_t *ptr = (const uint8_t *)ptrV; + + for(; len; len--, ptr++) { + 800267a: 4288 cmp r0, r1 + 800267c: d105 bne.n 800268a + rv |= *ptr; + } + + rng_delay(); + 800267e: f000 f86d bl 800275c + return (rv == 0x00); +} + 8002682: fab4 f084 clz r0, r4 + 8002686: 0940 lsrs r0, r0, #5 + 8002688: bd10 pop {r4, pc} + rv |= *ptr; + 800268a: f810 3b01 ldrb.w r3, [r0], #1 + 800268e: 431c orrs r4, r3 + for(; len; len--, ptr++) { + 8002690: e7f3 b.n 800267a + +08002692 : + const uint8_t *left = (const uint8_t *)aV; + const uint8_t *right = (const uint8_t *)bV; + uint8_t diff = 0; + int i; + + for (i = 0; i < len; i++) { + 8002692: 2300 movs r3, #0 +{ + 8002694: b570 push {r4, r5, r6, lr} + uint8_t diff = 0; + 8002696: 461c mov r4, r3 + for (i = 0; i < len; i++) { + 8002698: 4293 cmp r3, r2 + 800269a: db05 blt.n 80026a8 + diff |= (left[i] ^ right[i]); + } + + rng_delay(); + 800269c: f000 f85e bl 800275c + return (diff == 0); +} + 80026a0: fab4 f084 clz r0, r4 + 80026a4: 0940 lsrs r0, r0, #5 + 80026a6: bd70 pop {r4, r5, r6, pc} + diff |= (left[i] ^ right[i]); + 80026a8: 5cc5 ldrb r5, [r0, r3] + 80026aa: 5cce ldrb r6, [r1, r3] + 80026ac: 4075 eors r5, r6 + 80026ae: 432c orrs r4, r5 + for (i = 0; i < len; i++) { + 80026b0: 3301 adds r3, #1 + 80026b2: e7f1 b.n 8002698 + +080026b4 : + } + + // Get the new number + uint32_t rv = RNG->DR; + + if(rv != last_rng_result && rv) { + 80026b4: 4b06 ldr r3, [pc, #24] ; (80026d0 ) + while(!(RNG->SR & RNG_FLAG_DRDY)) { + 80026b6: 4a07 ldr r2, [pc, #28] ; (80026d4 ) + if(rv != last_rng_result && rv) { + 80026b8: 6819 ldr r1, [r3, #0] + while(!(RNG->SR & RNG_FLAG_DRDY)) { + 80026ba: 6850 ldr r0, [r2, #4] + 80026bc: 07c0 lsls r0, r0, #31 + 80026be: d5fc bpl.n 80026ba + uint32_t rv = RNG->DR; + 80026c0: 6890 ldr r0, [r2, #8] + if(rv != last_rng_result && rv) { + 80026c2: 4281 cmp r1, r0 + 80026c4: d0f9 beq.n 80026ba + 80026c6: 2800 cmp r0, #0 + 80026c8: d0f7 beq.n 80026ba + last_rng_result = rv; + 80026ca: 6018 str r0, [r3, #0] + + // keep trying if not a new number + } + + // NOT-REACHED +} + 80026cc: 4770 bx lr + 80026ce: bf00 nop + 80026d0: 2009e1b8 .word 0x2009e1b8 + 80026d4: 50060800 .word 0x50060800 + +080026d8 : + if(RNG->CR & RNG_CR_RNGEN) { + 80026d8: 4b12 ldr r3, [pc, #72] ; (8002724 ) + 80026da: 681a ldr r2, [r3, #0] + 80026dc: 0752 lsls r2, r2, #29 +{ + 80026de: b513 push {r0, r1, r4, lr} + if(RNG->CR & RNG_CR_RNGEN) { + 80026e0: d41d bmi.n 800271e + __HAL_RCC_RNG_CLK_ENABLE(); + 80026e2: 4a11 ldr r2, [pc, #68] ; (8002728 ) + 80026e4: 6cd1 ldr r1, [r2, #76] ; 0x4c + 80026e6: f441 2180 orr.w r1, r1, #262144 ; 0x40000 + 80026ea: 64d1 str r1, [r2, #76] ; 0x4c + 80026ec: 6cd2 ldr r2, [r2, #76] ; 0x4c + 80026ee: f402 2280 and.w r2, r2, #262144 ; 0x40000 + 80026f2: 9201 str r2, [sp, #4] + 80026f4: 9a01 ldr r2, [sp, #4] + RNG->CR |= RNG_CR_RNGEN; + 80026f6: 681a ldr r2, [r3, #0] + 80026f8: f042 0204 orr.w r2, r2, #4 + 80026fc: 601a str r2, [r3, #0] + uint32_t chk = rng_sample(); + 80026fe: f7ff ffd9 bl 80026b4 + 8002702: 4604 mov r4, r0 + uint32_t chk2 = rng_sample(); + 8002704: f7ff ffd6 bl 80026b4 + if(chk == 0 || chk == ~0 + 8002708: 1e63 subs r3, r4, #1 + 800270a: 3303 adds r3, #3 + 800270c: d804 bhi.n 8002718 + || chk2 == 0 || chk2 == ~0 + 800270e: 1e43 subs r3, r0, #1 + 8002710: 3303 adds r3, #3 + 8002712: d801 bhi.n 8002718 + || chk == chk2 + 8002714: 4284 cmp r4, r0 + 8002716: d102 bne.n 800271e + INCONSISTENT("bad rng"); + 8002718: 4804 ldr r0, [pc, #16] ; (800272c ) + 800271a: f7fe f983 bl 8000a24 +} + 800271e: b002 add sp, #8 + 8002720: bd10 pop {r4, pc} + 8002722: bf00 nop + 8002724: 50060800 .word 0x50060800 + 8002728: 40021000 .word 0x40021000 + 800272c: 0800d688 .word 0x0800d688 + +08002730 : + +// rng_buffer() +// + void +rng_buffer(uint8_t *result, int len) +{ + 8002730: b573 push {r0, r1, r4, r5, r6, lr} + 8002732: 460c mov r4, r1 + 8002734: 1845 adds r5, r0, r1 + while(len > 0) { + 8002736: 2c00 cmp r4, #0 + 8002738: eba5 0604 sub.w r6, r5, r4 + 800273c: dc01 bgt.n 8002742 + memcpy(result, &t, MIN(4, len)); + + len -= 4; + result += 4; + } +} + 800273e: b002 add sp, #8 + 8002740: bd70 pop {r4, r5, r6, pc} + uint32_t t = rng_sample(); + 8002742: f7ff ffb7 bl 80026b4 + memcpy(result, &t, MIN(4, len)); + 8002746: 2c04 cmp r4, #4 + 8002748: 4622 mov r2, r4 + uint32_t t = rng_sample(); + 800274a: 9001 str r0, [sp, #4] + memcpy(result, &t, MIN(4, len)); + 800274c: bfa8 it ge + 800274e: 2204 movge r2, #4 + 8002750: a901 add r1, sp, #4 + 8002752: 4630 mov r0, r6 + 8002754: f00a ff34 bl 800d5c0 + len -= 4; + 8002758: 3c04 subs r4, #4 + result += 4; + 800275a: e7ec b.n 8002736 + +0800275c : +// +// Call anytime. Delays for a random time period to fustrate glitchers. +// + void +rng_delay(void) +{ + 800275c: b508 push {r3, lr} + uint32_t r = rng_sample() % 8; + 800275e: f7ff ffa9 bl 80026b4 + uint32_t cnt = (1< + cnt--; + } +} + 8002772: bd08 pop {r3, pc} + +08002774 <_send_byte>: + static inline void +_send_byte(uint8_t ch) +{ + // reset timeout timer (Systick) + uint32_t ticks = 0; + SysTick->VAL = 0; + 8002774: f04f 22e0 mov.w r2, #3758153728 ; 0xe000e000 +{ + 8002778: b510 push {r4, lr} + SysTick->VAL = 0; + 800277a: 2300 movs r3, #0 + + while(!(MY_UART->ISR & UART_FLAG_TXE)) { + 800277c: 4c07 ldr r4, [pc, #28] ; (800279c <_send_byte+0x28>) + SysTick->VAL = 0; + 800277e: 6193 str r3, [r2, #24] + while(!(MY_UART->ISR & UART_FLAG_TXE)) { + 8002780: 230b movs r3, #11 + 8002782: 69e1 ldr r1, [r4, #28] + 8002784: 0609 lsls r1, r1, #24 + 8002786: d404 bmi.n 8002792 <_send_byte+0x1e> + // busy-wait until able to send (no fifo?) + if(SysTick->CTRL & SysTick_CTRL_COUNTFLAG_Msk) { + 8002788: 6911 ldr r1, [r2, #16] + 800278a: 03c9 lsls r1, r1, #15 + 800278c: d5f9 bpl.n 8002782 <_send_byte+0xe> + // failsafe timeout + ticks += 1; + if(ticks > 10) break; + 800278e: 3b01 subs r3, #1 + 8002790: d1f7 bne.n 8002782 <_send_byte+0xe> + } + } + MY_UART->TDR = ch; + 8002792: 4b02 ldr r3, [pc, #8] ; (800279c <_send_byte+0x28>) + 8002794: b280 uxth r0, r0 + 8002796: 8518 strh r0, [r3, #40] ; 0x28 +} + 8002798: bd10 pop {r4, pc} + 800279a: bf00 nop + 800279c: 40004c00 .word 0x40004c00 + +080027a0 <_send_bits>: + +// _send_bits() +// + static void +_send_bits(uint8_t tx) +{ + 80027a0: b570 push {r4, r5, r6, lr} + 80027a2: 4606 mov r6, r0 + 80027a4: 2508 movs r5, #8 + // serialize and send one byte + uint8_t mask = 0x1; + 80027a6: 2401 movs r4, #1 + + for(int i=0; i<8; i++, mask <<= 1) { + uint8_t h = (tx & mask) ? BIT1 : BIT0; + 80027a8: 4226 tst r6, r4 + + _send_byte(h); + 80027aa: bf14 ite ne + 80027ac: 207f movne r0, #127 ; 0x7f + 80027ae: 207d moveq r0, #125 ; 0x7d + 80027b0: f7ff ffe0 bl 8002774 <_send_byte> + for(int i=0; i<8; i++, mask <<= 1) { + 80027b4: 0064 lsls r4, r4, #1 + 80027b6: 3d01 subs r5, #1 + 80027b8: b2e4 uxtb r4, r4 + 80027ba: d1f5 bne.n 80027a8 <_send_bits+0x8> + } +} + 80027bc: bd70 pop {r4, r5, r6, pc} + +080027be <_send_serialized>: + +// _send_serialized() +// + static void +_send_serialized(const uint8_t *buf, int len) +{ + 80027be: b538 push {r3, r4, r5, lr} + 80027c0: 4604 mov r4, r0 + 80027c2: 1845 adds r5, r0, r1 + for(int i=0; i + for(int i=0; i + } +} + 80027d0: bd38 pop {r3, r4, r5, pc} + ... + +080027d4 <_flush_rx>: +// + static inline void +_flush_rx(void) +{ + // reset timeout timer (Systick) + SysTick->VAL = 0; + 80027d4: f04f 23e0 mov.w r3, #3758153728 ; 0xe000e000 + 80027d8: 2200 movs r2, #0 + + while(!(MY_UART->ISR & UART_FLAG_TC)) { + 80027da: 490b ldr r1, [pc, #44] ; (8002808 <_flush_rx+0x34>) + SysTick->VAL = 0; + 80027dc: 619a str r2, [r3, #24] + while(!(MY_UART->ISR & UART_FLAG_TC)) { + 80027de: 69ca ldr r2, [r1, #28] + 80027e0: 0652 lsls r2, r2, #25 + 80027e2: d402 bmi.n 80027ea <_flush_rx+0x16> + // wait for last bit(byte) to be serialized and sent + + if(SysTick->CTRL & SysTick_CTRL_COUNTFLAG_Msk) { + 80027e4: 691a ldr r2, [r3, #16] + 80027e6: 03d0 lsls r0, r2, #15 + 80027e8: d5f9 bpl.n 80027de <_flush_rx+0xa> + break; + } + } + + // We actually need this delay here! + __NOP(); + 80027ea: bf00 nop + __NOP(); + 80027ec: bf00 nop + __NOP(); + 80027ee: bf00 nop + __NOP(); + 80027f0: bf00 nop + __NOP(); + 80027f2: bf00 nop + __NOP(); + 80027f4: bf00 nop + __NOP(); + 80027f6: bf00 nop + __NOP(); + 80027f8: bf00 nop + + // clear junk in rx buffer + MY_UART->RQR = USART_RQR_RXFRQ; + 80027fa: 4b03 ldr r3, [pc, #12] ; (8002808 <_flush_rx+0x34>) + 80027fc: 2208 movs r2, #8 + 80027fe: 831a strh r2, [r3, #24] + + // clear overrun error + // clear rx timeout flag + // clear framing error + MY_UART->ICR = USART_ICR_ORECF | USART_ICR_RTOCF | USART_ICR_FECF; + 8002800: f640 020a movw r2, #2058 ; 0x80a + 8002804: 621a str r2, [r3, #32] +} + 8002806: 4770 bx lr + 8002808: 40004c00 .word 0x40004c00 + +0800280c : + uint16_t crc_register = 0; + uint16_t polynom = 0x8005; + uint8_t shift_register; + uint8_t data_bit, crc_bit; + + crc_register = (((uint16_t) crc[0]) & 0x00FF) | (((uint16_t) crc[1]) << 8); + 800280c: 8813 ldrh r3, [r2, #0] +{ + 800280e: b5f0 push {r4, r5, r6, r7, lr} + 8002810: 4408 add r0, r1 + + // Shift CRC to the left by 1. + crc_register <<= 1; + + if ((data_bit ^ crc_bit) != 0) + crc_register ^= polynom; + 8002812: f248 0605 movw r6, #32773 ; 0x8005 + for (counter = 0; counter < length; counter++) { + 8002816: 4281 cmp r1, r0 + 8002818: d103 bne.n 8002822 + } + } + + crc[0] = (uint8_t) (crc_register & 0x00FF); + 800281a: 7013 strb r3, [r2, #0] + crc[1] = (uint8_t) (crc_register >> 8); + 800281c: 0a1b lsrs r3, r3, #8 + 800281e: 7053 strb r3, [r2, #1] +} + 8002820: bdf0 pop {r4, r5, r6, r7, pc} + data_bit = (data[counter] & shift_register) ? 1 : 0; + 8002822: f811 7b01 ldrb.w r7, [r1], #1 + 8002826: 2508 movs r5, #8 + for (shift_register = 0x01; shift_register > 0x00; shift_register <<= 1) { + 8002828: 2401 movs r4, #1 + data_bit = (data[counter] & shift_register) ? 1 : 0; + 800282a: 4227 tst r7, r4 + crc_bit = crc_register >> 15; + 800282c: ea4f 3cd3 mov.w ip, r3, lsr #15 + if ((data_bit ^ crc_bit) != 0) + 8002830: bf18 it ne + 8002832: f04f 0e01 movne.w lr, #1 + crc_register <<= 1; + 8002836: ea4f 0343 mov.w r3, r3, lsl #1 + if ((data_bit ^ crc_bit) != 0) + 800283a: bf08 it eq + 800283c: f04f 0e00 moveq.w lr, #0 + 8002840: 45e6 cmp lr, ip + crc_register <<= 1; + 8002842: b29b uxth r3, r3 + crc_register ^= polynom; + 8002844: bf18 it ne + 8002846: 4073 eorne r3, r6 + for (shift_register = 0x01; shift_register > 0x00; shift_register <<= 1) { + 8002848: 0064 lsls r4, r4, #1 + 800284a: 3d01 subs r5, #1 + 800284c: b2e4 uxtb r4, r4 + 800284e: d1ec bne.n 800282a + 8002850: e7e1 b.n 8002816 + +08002852 : + +// ae_check_crc() +// + static bool +ae_check_crc(const uint8_t *data, uint8_t length) +{ + 8002852: b573 push {r0, r1, r4, r5, r6, lr} + uint8_t obs[2] = { 0, 0 }; + + if(data[0] != length) { + 8002854: 7806 ldrb r6, [r0, #0] + uint8_t obs[2] = { 0, 0 }; + 8002856: 2400 movs r4, #0 + if(data[0] != length) { + 8002858: 428e cmp r6, r1 +{ + 800285a: 4605 mov r5, r0 + uint8_t obs[2] = { 0, 0 }; + 800285c: f8ad 4004 strh.w r4, [sp, #4] + if(data[0] != length) { + 8002860: d113 bne.n 800288a + // length is wrong + STATS(crc_len_error++); + return false; + } + + crc16_chain(length-2, data, obs); + 8002862: 4629 mov r1, r5 + 8002864: 1eb0 subs r0, r6, #2 + + return (obs[0] == data[length-2] && obs[1] == data[length-1]); + 8002866: 4435 add r5, r6 + crc16_chain(length-2, data, obs); + 8002868: aa01 add r2, sp, #4 + 800286a: b2c0 uxtb r0, r0 + 800286c: f7ff ffce bl 800280c + return (obs[0] == data[length-2] && obs[1] == data[length-1]); + 8002870: f89d 2004 ldrb.w r2, [sp, #4] + 8002874: f815 3c02 ldrb.w r3, [r5, #-2] + 8002878: 429a cmp r2, r3 + 800287a: d106 bne.n 800288a + 800287c: f815 4c01 ldrb.w r4, [r5, #-1] + 8002880: f89d 0005 ldrb.w r0, [sp, #5] + 8002884: 1a23 subs r3, r4, r0 + 8002886: 425c negs r4, r3 + 8002888: 415c adcs r4, r3 + return false; + 800288a: 4620 mov r0, r4 +} + 800288c: b002 add sp, #8 + 800288e: bd70 pop {r4, r5, r6, pc} + +08002890 : +{ + 8002890: b508 push {r3, lr} + _send_byte(0x00); + 8002892: 2000 movs r0, #0 + 8002894: f7ff ff6e bl 8002774 <_send_byte> + delay_ms(3); // measured: ~2.9ms + 8002898: 2003 movs r0, #3 + 800289a: f001 f81d bl 80038d8 +} + 800289e: e8bd 4008 ldmia.w sp!, {r3, lr} + _flush_rx(); + 80028a2: f7ff bf97 b.w 80027d4 <_flush_rx> + +080028a6 : +{ + 80028a6: b508 push {r3, lr} + ae_wake(); + 80028a8: f7ff fff2 bl 8002890 +} + 80028ac: e8bd 4008 ldmia.w sp!, {r3, lr} + _send_bits(IOFLAG_IDLE); + 80028b0: 20bb movs r0, #187 ; 0xbb + 80028b2: f7ff bf75 b.w 80027a0 <_send_bits> + ... + +080028b8 : +{ + 80028b8: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + int max_expect = (max_len+1) * 8; + 80028bc: 3101 adds r1, #1 + uint8_t raw[max_expect]; + 80028be: 466b mov r3, sp + 80028c0: eba3 03c1 sub.w r3, r3, r1, lsl #3 +{ + 80028c4: af00 add r7, sp, #0 + 80028c6: 4606 mov r6, r0 + uint8_t raw[max_expect]; + 80028c8: 469d mov sp, r3 + _send_bits(IOFLAG_TX); + 80028ca: 2088 movs r0, #136 ; 0x88 + int max_expect = (max_len+1) * 8; + 80028cc: 00cd lsls r5, r1, #3 + _send_bits(IOFLAG_TX); + 80028ce: f7ff ff67 bl 80027a0 <_send_bits> + _flush_rx(); + 80028d2: f7ff ff7f bl 80027d4 <_flush_rx> + int actual = 0; + 80028d6: 2200 movs r2, #0 + while(!(MY_UART->ISR & UART_FLAG_RXNE) && !(MY_UART->ISR & UART_FLAG_RTOF)) { + 80028d8: 4829 ldr r0, [pc, #164] ; (8002980 ) + uint8_t raw[max_expect]; + 80028da: 466c mov r4, sp + for(uint8_t *p = raw; ; actual++) { + 80028dc: 4669 mov r1, sp + SysTick->VAL = 0; + 80028de: f04f 2ce0 mov.w ip, #3758153728 ; 0xe000e000 + 80028e2: 4696 mov lr, r2 + 80028e4: f8cc e018 str.w lr, [ip, #24] + while(!(MY_UART->ISR & UART_FLAG_RXNE) && !(MY_UART->ISR & UART_FLAG_RTOF)) { + 80028e8: 2305 movs r3, #5 + 80028ea: f8d0 801c ldr.w r8, [r0, #28] + 80028ee: f018 0f20 tst.w r8, #32 + 80028f2: d104 bne.n 80028fe + 80028f4: f8d0 801c ldr.w r8, [r0, #28] + 80028f8: f418 6f00 tst.w r8, #2048 ; 0x800 + 80028fc: d008 beq.n 8002910 + if(MY_UART->ISR & UART_FLAG_RXNE) { + 80028fe: 69c3 ldr r3, [r0, #28] + 8002900: 069b lsls r3, r3, #26 + 8002902: d52e bpl.n 8002962 + return MY_UART->RDR & 0x7f; + 8002904: 8c83 ldrh r3, [r0, #36] ; 0x24 + if(actual < max_expect) { + 8002906: 42aa cmp r2, r5 + return MY_UART->RDR & 0x7f; + 8002908: b29b uxth r3, r3 + if(actual < max_expect) { + 800290a: db34 blt.n 8002976 + for(uint8_t *p = raw; ; actual++) { + 800290c: 3201 adds r2, #1 + 800290e: e7e9 b.n 80028e4 + if(SysTick->CTRL & SysTick_CTRL_COUNTFLAG_Msk) { + 8002910: f8dc 8010 ldr.w r8, [ip, #16] + 8002914: f418 3f80 tst.w r8, #65536 ; 0x10000 + 8002918: d0e7 beq.n 80028ea + if(ticks >= 5) { + 800291a: 3b01 subs r3, #1 + 800291c: d1e5 bne.n 80028ea + actual &= ~7; + 800291e: f022 0107 bic.w r1, r2, #7 + while(from_len > 0) { + 8002922: 3d08 subs r5, #8 + 8002924: 4425 add r5, r4 + 8002926: 4623 mov r3, r4 + 8002928: 4421 add r1, r4 + 800292a: 1ac8 subs r0, r1, r3 + 800292c: 2800 cmp r0, #0 + 800292e: dd14 ble.n 800295a + 8002930: f103 3cff add.w ip, r3, #4294967295 ; 0xffffffff + uint8_t rv = 0, mask = 0x1; + 8002934: 2001 movs r0, #1 + 8002936: 2400 movs r4, #0 + for(int i=0; i<8; i++, mask <<= 1) { + 8002938: f103 0e07 add.w lr, r3, #7 + if(from[i] == BIT1) { + 800293c: f81c 8f01 ldrb.w r8, [ip, #1]! + 8002940: f1b8 0f7f cmp.w r8, #127 ; 0x7f + rv |= mask; + 8002944: bf08 it eq + 8002946: 4304 orreq r4, r0 + for(int i=0; i<8; i++, mask <<= 1) { + 8002948: 0040 lsls r0, r0, #1 + 800294a: 45f4 cmp ip, lr + 800294c: b2c0 uxtb r0, r0 + 800294e: d1f5 bne.n 800293c + from += 8; + 8002950: 3308 adds r3, #8 + if(max_into <= 0) break; + 8002952: 42ab cmp r3, r5 + *(into++) = rv; + 8002954: f806 4b01 strb.w r4, [r6], #1 + if(max_into <= 0) break; + 8002958: d1e7 bne.n 800292a + return actual / 8; + 800295a: 10d0 asrs r0, r2, #3 +} + 800295c: 46bd mov sp, r7 + 800295e: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + if(MY_UART->ISR & UART_FLAG_RTOF) { + 8002962: 69c3 ldr r3, [r0, #28] + 8002964: 051b lsls r3, r3, #20 + 8002966: d503 bpl.n 8002970 + MY_UART->ICR = USART_ICR_RTOCF; + 8002968: f44f 6300 mov.w r3, #2048 ; 0x800 + 800296c: 6203 str r3, [r0, #32] + if(ch < 0) { + 800296e: e7d6 b.n 800291e + INCONSISTENT("rxf"); + 8002970: 4804 ldr r0, [pc, #16] ; (8002984 ) + 8002972: f7fe f857 bl 8000a24 + *(p++) = ch; + 8002976: f003 037f and.w r3, r3, #127 ; 0x7f + 800297a: f801 3b01 strb.w r3, [r1], #1 + 800297e: e7c5 b.n 800290c + 8002980: 40004c00 .word 0x40004c00 + 8002984: 0800d688 .word 0x0800d688 + +08002988 : + if(ae_chip_is_setup == AE_CHIP_IS_SETUP) { + 8002988: 4b04 ldr r3, [pc, #16] ; (800299c ) + 800298a: 681a ldr r2, [r3, #0] + 800298c: 4b04 ldr r3, [pc, #16] ; (80029a0 ) + 800298e: 429a cmp r2, r3 + 8002990: d102 bne.n 8002998 + _send_bits(IOFLAG_SLEEP); + 8002992: 20cc movs r0, #204 ; 0xcc + 8002994: f7ff bf04 b.w 80027a0 <_send_bits> +} + 8002998: 4770 bx lr + 800299a: bf00 nop + 800299c: 2009e1bc .word 0x2009e1bc + 80029a0: 35d25d63 .word 0x35d25d63 + +080029a4 : + __HAL_RCC_UART4_CLK_ENABLE(); + 80029a4: 4b13 ldr r3, [pc, #76] ; (80029f4 ) + 80029a6: 6d9a ldr r2, [r3, #88] ; 0x58 + 80029a8: f442 2200 orr.w r2, r2, #524288 ; 0x80000 + 80029ac: 659a str r2, [r3, #88] ; 0x58 + 80029ae: 6d9b ldr r3, [r3, #88] ; 0x58 +{ + 80029b0: b082 sub sp, #8 + __HAL_RCC_UART4_CLK_ENABLE(); + 80029b2: f403 2300 and.w r3, r3, #524288 ; 0x80000 + 80029b6: 9301 str r3, [sp, #4] + 80029b8: 9b01 ldr r3, [sp, #4] + MY_UART->CR1 = 0; + 80029ba: 4b0f ldr r3, [pc, #60] ; (80029f8 ) + 80029bc: 2200 movs r2, #0 + 80029be: 601a str r2, [r3, #0] + MY_UART->CR1 = 0x1000002d & ~(0 + 80029c0: 4a0e ldr r2, [pc, #56] ; (80029fc ) + 80029c2: 601a str r2, [r3, #0] + MY_UART->RTOR = 24; // timeout in bit periods: 3 chars or so + 80029c4: 2218 movs r2, #24 + 80029c6: 615a str r2, [r3, #20] + MY_UART->CR2 = USART_CR2_RTOEN; // rx timeout enable + 80029c8: f44f 0200 mov.w r2, #8388608 ; 0x800000 + 80029cc: 605a str r2, [r3, #4] + MY_UART->CR3 = USART_CR3_HDSEL | USART_CR3_ONEBIT; + 80029ce: f640 0208 movw r2, #2056 ; 0x808 + 80029d2: 609a str r2, [r3, #8] + MY_UART->BRR = 521; // 230400 bps @ 120 Mhz SYSCLK + 80029d4: f240 2209 movw r2, #521 ; 0x209 + 80029d8: 60da str r2, [r3, #12] + MY_UART->ICR = USART_ICR_RTOCF; + 80029da: f44f 6200 mov.w r2, #2048 ; 0x800 + 80029de: 621a str r2, [r3, #32] + MY_UART->CR1 |= USART_CR1_UE; + 80029e0: 681a ldr r2, [r3, #0] + 80029e2: f042 0201 orr.w r2, r2, #1 + 80029e6: 601a str r2, [r3, #0] + ae_chip_is_setup = AE_CHIP_IS_SETUP; + 80029e8: 4b05 ldr r3, [pc, #20] ; (8002a00 ) + 80029ea: 4a06 ldr r2, [pc, #24] ; (8002a04 ) + 80029ec: 601a str r2, [r3, #0] +} + 80029ee: b002 add sp, #8 + 80029f0: 4770 bx lr + 80029f2: bf00 nop + 80029f4: 40021000 .word 0x40021000 + 80029f8: 40004c00 .word 0x40004c00 + 80029fc: 1000002c .word 0x1000002c + 8002a00: 2009e1bc .word 0x2009e1bc + 8002a04: 35d25d63 .word 0x35d25d63 + +08002a08 : + ae_send_idle(); + 8002a08: f7ff bf4d b.w 80028a6 + +08002a0c : +// Read a one-byte status/error code response from chip. It's wrapped as 4 bytes: +// (len=4) (value) (crc16) (crc16) +// + int +ae_read1(void) +{ + 8002a0c: b513 push {r0, r1, r4, lr} + 8002a0e: 2408 movs r4, #8 + uint8_t msg[4]; + + for(int retry=7; retry >= 0; retry--) { + // tell it we want to read a response, read it, and deserialize + int rv = ae_read_response(msg, 4); + 8002a10: 2104 movs r1, #4 + 8002a12: eb0d 0001 add.w r0, sp, r1 + 8002a16: f7ff ff4f bl 80028b8 + + if(rv == 0) { + 8002a1a: 4601 mov r1, r0 + 8002a1c: b938 cbnz r0, 8002a2e + // nothing heard, it's probably still processing + ERR("not rdy"); + STATS(not_ready++); + + delay_ms(5); + 8002a1e: 2005 movs r0, #5 + 8002a20: f000 ff5a bl 80038d8 + for(int retry=7; retry >= 0; retry--) { + 8002a24: 3c01 subs r4, #1 + 8002a26: d1f3 bne.n 8002a10 + try_again: + STATS(l1_retry++); + } + + // fail. + return -1; + 8002a28: f04f 30ff mov.w r0, #4294967295 ; 0xffffffff + 8002a2c: e008 b.n 8002a40 + if(rv != 4) { + 8002a2e: 2804 cmp r0, #4 + 8002a30: d1f8 bne.n 8002a24 + if(!ae_check_crc(msg, 4)) { + 8002a32: a801 add r0, sp, #4 + 8002a34: f7ff ff0d bl 8002852 + 8002a38: 2800 cmp r0, #0 + 8002a3a: d0f3 beq.n 8002a24 + return msg[1]; + 8002a3c: f89d 0005 ldrb.w r0, [sp, #5] +} + 8002a40: b002 add sp, #8 + 8002a42: bd10 pop {r4, pc} + +08002a44 : +// Read and check CRC over N bytes, wrapped in 3-bytes of framing overhead. +// Return -1 for timeout, zero for normal, and one-byte error code otherwise. +// + int +ae_read_n(uint8_t len, uint8_t *body) +{ + 8002a44: e92d 43f8 stmdb sp!, {r3, r4, r5, r6, r7, r8, r9, lr} + uint8_t tmp[1+len+2]; + 8002a48: f100 030a add.w r3, r0, #10 + 8002a4c: f403 73fc and.w r3, r3, #504 ; 0x1f8 +{ + 8002a50: af00 add r7, sp, #0 + uint8_t tmp[1+len+2]; + 8002a52: ebad 0d03 sub.w sp, sp, r3 +{ + 8002a56: 460d mov r5, r1 + uint8_t tmp[1+len+2]; + 8002a58: 1cc6 adds r6, r0, #3 + 8002a5a: 46e8 mov r8, sp + 8002a5c: f04f 0908 mov.w r9, #8 + + for(int retry=7; retry >= 0; retry--) { + + int actual = ae_read_response(tmp, len+3); + 8002a60: 4631 mov r1, r6 + 8002a62: 4640 mov r0, r8 + 8002a64: f7ff ff28 bl 80028b8 + if(actual < 4) { + 8002a68: 2803 cmp r0, #3 + int actual = ae_read_response(tmp, len+3); + 8002a6a: 4604 mov r4, r0 + if(actual < 4) { + 8002a6c: dc0b bgt.n 8002a86 + + if(actual == 0) { + 8002a6e: b910 cbnz r0, 8002a76 + // nothing heard, it's probably still processing + delay_ms(5); + 8002a70: 2005 movs r0, #5 + 8002a72: f000 ff31 bl 80038d8 + + return 0; + + try_again: + STATS(ln_retry++); + ae_wake(); + 8002a76: f7ff ff0b bl 8002890 + for(int retry=7; retry >= 0; retry--) { + 8002a7a: f1b9 0901 subs.w r9, r9, #1 + 8002a7e: d1ef bne.n 8002a60 + } + + return -1; + 8002a80: f04f 30ff mov.w r0, #4294967295 ; 0xffffffff + 8002a84: e007 b.n 8002a96 + uint8_t resp_len = tmp[0]; + 8002a86: f898 3000 ldrb.w r3, [r8] + if(resp_len != (len + 3)) { + 8002a8a: 42b3 cmp r3, r6 + 8002a8c: d006 beq.n 8002a9c + if(resp_len == 4) { + 8002a8e: 2b04 cmp r3, #4 + 8002a90: d1f1 bne.n 8002a76 + return tmp[1]; + 8002a92: f898 0001 ldrb.w r0, [r8, #1] +} + 8002a96: 46bd mov sp, r7 + 8002a98: e8bd 83f8 ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, pc} + if(!ae_check_crc(tmp, actual)) { + 8002a9c: b2c1 uxtb r1, r0 + 8002a9e: 4640 mov r0, r8 + 8002aa0: f7ff fed7 bl 8002852 + 8002aa4: 2800 cmp r0, #0 + 8002aa6: d0e6 beq.n 8002a76 + memcpy(body, tmp+1, actual-3); + 8002aa8: 1ee2 subs r2, r4, #3 + 8002aaa: f108 0101 add.w r1, r8, #1 + 8002aae: 4628 mov r0, r5 + 8002ab0: f00a fd86 bl 800d5c0 + return 0; + 8002ab4: 2000 movs r0, #0 + 8002ab6: e7ee b.n 8002a96 + +08002ab8 : + +// ae_send_n() +// + void +ae_send_n(aeopcode_t opcode, uint8_t p1, uint16_t p2, const uint8_t *data, uint8_t data_len) +{ + 8002ab8: b530 push {r4, r5, lr} + 8002aba: b085 sub sp, #20 + 8002abc: 461d mov r5, r3 + 8002abe: f89d 4020 ldrb.w r4, [sp, #32] + uint8_t framed_len; + uint8_t op; + uint8_t p1; + uint8_t p2_lsb; + uint8_t p2_msb; + } known = { + 8002ac2: f88d 200c strb.w r2, [sp, #12] + 8002ac6: 2377 movs r3, #119 ; 0x77 + 8002ac8: 0a12 lsrs r2, r2, #8 + 8002aca: f88d 3008 strb.w r3, [sp, #8] + .ioflag = IOFLAG_CMD, + .framed_len = (data_len + 7), // 7 = (1 len) + (4 bytes of msg) + (2 crc) + 8002ace: 1de3 adds r3, r4, #7 + } known = { + 8002ad0: f88d 3009 strb.w r3, [sp, #9] + 8002ad4: f88d 200d strb.w r2, [sp, #13] + 8002ad8: f88d 000a strb.w r0, [sp, #10] + 8002adc: f88d 100b strb.w r1, [sp, #11] + STATS(last_op = opcode); + STATS(last_p1 = p1); + STATS(last_p2 = p2); + + // important to wake chip at this point. + ae_wake(); + 8002ae0: f7ff fed6 bl 8002890 + + _send_serialized((const uint8_t *)&known, sizeof(known)); + 8002ae4: 2106 movs r1, #6 + 8002ae6: a802 add r0, sp, #8 + 8002ae8: f7ff fe69 bl 80027be <_send_serialized> + + // CRC will start from frame_len onwards + uint8_t crc[2] = {0, 0}; + 8002aec: 2300 movs r3, #0 + crc16_chain(sizeof(known)-1, &known.framed_len, crc); + 8002aee: aa01 add r2, sp, #4 + 8002af0: f10d 0109 add.w r1, sp, #9 + 8002af4: 2005 movs r0, #5 + uint8_t crc[2] = {0, 0}; + 8002af6: f8ad 3004 strh.w r3, [sp, #4] + crc16_chain(sizeof(known)-1, &known.framed_len, crc); + 8002afa: f7ff fe87 bl 800280c + + // insert a variable-length body area (sometimes) + if(data_len) { + 8002afe: b144 cbz r4, 8002b12 + _send_serialized(data, data_len); + 8002b00: 4621 mov r1, r4 + 8002b02: 4628 mov r0, r5 + 8002b04: f7ff fe5b bl 80027be <_send_serialized> + + crc16_chain(data_len, data, crc); + 8002b08: aa01 add r2, sp, #4 + 8002b0a: 4629 mov r1, r5 + 8002b0c: 4620 mov r0, r4 + 8002b0e: f7ff fe7d bl 800280c + } + + // send final CRC bytes + _send_serialized(crc, 2); + 8002b12: 2102 movs r1, #2 + 8002b14: a801 add r0, sp, #4 + 8002b16: f7ff fe52 bl 80027be <_send_serialized> +} + 8002b1a: b005 add sp, #20 + 8002b1c: bd30 pop {r4, r5, pc} + +08002b1e : +{ + 8002b1e: b507 push {r0, r1, r2, lr} + ae_send_n(opcode, p1, p2, NULL, 0); + 8002b20: 2300 movs r3, #0 + 8002b22: 9300 str r3, [sp, #0] + 8002b24: f7ff ffc8 bl 8002ab8 +} + 8002b28: b003 add sp, #12 + 8002b2a: f85d fb04 ldr.w pc, [sp], #4 + +08002b2e : +// +// Do Info(p1=2) command, and return result. +// + uint16_t +ae_get_info(void) +{ + 8002b2e: b507 push {r0, r1, r2, lr} + // not doing error checking here + ae_send(OP_Info, 0x2, 0); + 8002b30: 2200 movs r2, #0 + 8002b32: 2102 movs r1, #2 + 8002b34: 2030 movs r0, #48 ; 0x30 + 8002b36: f7ff fff2 bl 8002b1e + + // note: always returns 4 bytes, but most are garbage and unused. + uint8_t tmp[4]; + ae_read_n(4, tmp); + 8002b3a: a901 add r1, sp, #4 + 8002b3c: 2004 movs r0, #4 + 8002b3e: f7ff ff81 bl 8002a44 + + return (tmp[0] << 8) | tmp[1]; + 8002b42: f8bd 0004 ldrh.w r0, [sp, #4] + 8002b46: ba40 rev16 r0, r0 +} + 8002b48: b280 uxth r0, r0 + 8002b4a: b003 add sp, #12 + 8002b4c: f85d fb04 ldr.w pc, [sp], #4 + +08002b50 : +// Load Tempkey with a specific value. Resulting Tempkey cannot be +// used with many commands/keys, but is needed for signing. +// + int +ae_load_nonce(const uint8_t nonce[32]) +{ + 8002b50: b507 push {r0, r1, r2, lr} + // p1=3 + ae_send_n(OP_Nonce, 3, 0, nonce, 32); // 608a ok + 8002b52: 2220 movs r2, #32 +{ + 8002b54: 4603 mov r3, r0 + ae_send_n(OP_Nonce, 3, 0, nonce, 32); // 608a ok + 8002b56: 9200 str r2, [sp, #0] + 8002b58: 2103 movs r1, #3 + 8002b5a: 2200 movs r2, #0 + 8002b5c: 2016 movs r0, #22 + 8002b5e: f7ff ffab bl 8002ab8 + + return ae_read1(); +} + 8002b62: b003 add sp, #12 + 8002b64: f85d eb04 ldr.w lr, [sp], #4 + return ae_read1(); + 8002b68: f7ff bf50 b.w 8002a0c + +08002b6c : +// Load 32bytes of message digest with a specific value. +// Needed for signing. +// + int +ae_load_msgdigest(const uint8_t md[32]) +{ + 8002b6c: b507 push {r0, r1, r2, lr} + ae_send_n(OP_Nonce, (1<<6) | 3, 0, md, 32); + 8002b6e: 2220 movs r2, #32 +{ + 8002b70: 4603 mov r3, r0 + ae_send_n(OP_Nonce, (1<<6) | 3, 0, md, 32); + 8002b72: 9200 str r2, [sp, #0] + 8002b74: 2143 movs r1, #67 ; 0x43 + 8002b76: 2200 movs r2, #0 + 8002b78: 2016 movs r0, #22 + 8002b7a: f7ff ff9d bl 8002ab8 + + return ae_read1(); +} + 8002b7e: b003 add sp, #12 + 8002b80: f85d eb04 ldr.w lr, [sp], #4 + return ae_read1(); + 8002b84: f7ff bf42 b.w 8002a0c + +08002b88 : +// Load Tempkey with a nonce value that we both know, but +// is random and we both know is random! Tricky! +// + int +ae_pick_nonce(const uint8_t num_in[20], uint8_t tempkey[32]) +{ + 8002b88: b5f0 push {r4, r5, r6, r7, lr} + 8002b8a: b09f sub sp, #124 ; 0x7c + // We provide some 20 bytes of randomness to chip + // The chip must provide 32-bytes of random-ness, + // so no choice in args to OP.Nonce here (due to ReqRandom). + ae_send_n(OP_Nonce, 0, 0, num_in, 20); + 8002b8c: 2200 movs r2, #0 + 8002b8e: 2714 movs r7, #20 + 8002b90: 4603 mov r3, r0 +{ + 8002b92: 4605 mov r5, r0 + 8002b94: 460e mov r6, r1 + ae_send_n(OP_Nonce, 0, 0, num_in, 20); + 8002b96: 2016 movs r0, #22 + 8002b98: 4611 mov r1, r2 + 8002b9a: 9700 str r7, [sp, #0] + 8002b9c: f7ff ff8c bl 8002ab8 + + // Nonce command returns the RNG result, but not contents of TempKey + uint8_t randout[32]; + int rv = ae_read_n(32, randout); + 8002ba0: a903 add r1, sp, #12 + 8002ba2: 2020 movs r0, #32 + 8002ba4: f7ff ff4e bl 8002a44 + RET_IF_BAD(rv); + 8002ba8: 4604 mov r4, r0 + 8002baa: b9e0 cbnz r0, 8002be6 + // + // return sha256(rndout + num_in + b'\x16\0\0').digest() + // + SHA256_CTX ctx; + + sha256_init(&ctx); + 8002bac: a80b add r0, sp, #44 ; 0x2c + 8002bae: f002 fc57 bl 8005460 + sha256_update(&ctx, randout, 32); + 8002bb2: 2220 movs r2, #32 + 8002bb4: a903 add r1, sp, #12 + 8002bb6: a80b add r0, sp, #44 ; 0x2c + 8002bb8: f002 fc60 bl 800547c + sha256_update(&ctx, num_in, 20); + 8002bbc: 463a mov r2, r7 + 8002bbe: 4629 mov r1, r5 + 8002bc0: a80b add r0, sp, #44 ; 0x2c + 8002bc2: f002 fc5b bl 800547c + const uint8_t fixed[3] = { 0x16, 0, 0 }; + 8002bc6: 4b09 ldr r3, [pc, #36] ; (8002bec ) + 8002bc8: 881a ldrh r2, [r3, #0] + 8002bca: f8ad 2008 strh.w r2, [sp, #8] + 8002bce: 789b ldrb r3, [r3, #2] + 8002bd0: f88d 300a strb.w r3, [sp, #10] + sha256_update(&ctx, fixed, 3); + 8002bd4: a902 add r1, sp, #8 + 8002bd6: a80b add r0, sp, #44 ; 0x2c + 8002bd8: 2203 movs r2, #3 + 8002bda: f002 fc4f bl 800547c + + sha256_final(&ctx, tempkey); + 8002bde: 4631 mov r1, r6 + 8002be0: a80b add r0, sp, #44 ; 0x2c + 8002be2: f002 fc91 bl 8005508 + + return 0; +} + 8002be6: 4620 mov r0, r4 + 8002be8: b01f add sp, #124 ; 0x7c + 8002bea: bdf0 pop {r4, r5, r6, r7, pc} + 8002bec: 0800e5e8 .word 0x0800e5e8 + +08002bf0 : +// Check that TempKey is holding what we think it does. Uses the MAC +// command over contents of Tempkey and our shared secret. +// + bool +ae_is_correct_tempkey(const uint8_t expected_tempkey[32]) +{ + 8002bf0: b570 push {r4, r5, r6, lr} + const uint8_t mode = (1<<6) // include full serial number + | (0<<2) // TempKey.SourceFlag == 0 == 'rand' + | (0<<1) // first 32 bytes are the shared secret + | (1<<0); // second 32 bytes are tempkey + + ae_send(OP_MAC, mode, KEYNUM_pairing); + 8002bf2: 2141 movs r1, #65 ; 0x41 +{ + 8002bf4: b0a8 sub sp, #160 ; 0xa0 + 8002bf6: 4604 mov r4, r0 + ae_send(OP_MAC, mode, KEYNUM_pairing); + 8002bf8: 2201 movs r2, #1 + 8002bfa: 2008 movs r0, #8 + 8002bfc: f7ff ff8f bl 8002b1e + + // read chip's answer + uint8_t resp[32]; + int rv = ae_read_n(32, resp); + 8002c00: a905 add r1, sp, #20 + 8002c02: 2020 movs r0, #32 + 8002c04: f7ff ff1e bl 8002a44 + if(rv) return false; + 8002c08: 2800 cmp r0, #0 + 8002c0a: d135 bne.n 8002c78 + ae_send_idle(); + 8002c0c: f7ff fe4b bl 80028a6 + ae_keep_alive(); + + // Duplicate the hash process, and then compare. + SHA256_CTX ctx; + + sha256_init(&ctx); + 8002c10: a815 add r0, sp, #84 ; 0x54 + 8002c12: f002 fc25 bl 8005460 + sha256_update(&ctx, rom_secrets->pairing_secret, 32); + 8002c16: 4919 ldr r1, [pc, #100] ; (8002c7c ) + 8002c18: 2220 movs r2, #32 + 8002c1a: a815 add r0, sp, #84 ; 0x54 + 8002c1c: f002 fc2e bl 800547c + sha256_update(&ctx, expected_tempkey, 32); + 8002c20: 2220 movs r2, #32 + 8002c22: 4621 mov r1, r4 + 8002c24: a815 add r0, sp, #84 ; 0x54 + 8002c26: f002 fc29 bl 800547c + + const uint8_t fixed[16] = { OP_MAC, mode, KEYNUM_pairing, 0x0, + 8002c2a: 4b15 ldr r3, [pc, #84] ; (8002c80 ) + 8002c2c: aa01 add r2, sp, #4 + 8002c2e: f103 0610 add.w r6, r3, #16 + 8002c32: 4615 mov r5, r2 + 8002c34: 6818 ldr r0, [r3, #0] + 8002c36: 6859 ldr r1, [r3, #4] + 8002c38: 4614 mov r4, r2 + 8002c3a: c403 stmia r4!, {r0, r1} + 8002c3c: 3308 adds r3, #8 + 8002c3e: 42b3 cmp r3, r6 + 8002c40: 4622 mov r2, r4 + 8002c42: d1f7 bne.n 8002c34 + 0,0,0,0, 0,0,0,0, // eight zeros + 0,0,0, // three zeros + 0xEE }; + sha256_update(&ctx, fixed, sizeof(fixed)); + 8002c44: 2210 movs r2, #16 + 8002c46: 4629 mov r1, r5 + 8002c48: a815 add r0, sp, #84 ; 0x54 + 8002c4a: f002 fc17 bl 800547c + + sha256_update(&ctx, ((const uint8_t *)rom_secrets->ae_serial_number)+4, 4); + 8002c4e: 490d ldr r1, [pc, #52] ; (8002c84 ) + 8002c50: 2204 movs r2, #4 + 8002c52: a815 add r0, sp, #84 ; 0x54 + 8002c54: f002 fc12 bl 800547c + sha256_update(&ctx, ((const uint8_t *)rom_secrets->ae_serial_number)+0, 4); + 8002c58: 2204 movs r2, #4 + 8002c5a: 490b ldr r1, [pc, #44] ; (8002c88 ) + 8002c5c: a815 add r0, sp, #84 ; 0x54 + 8002c5e: f002 fc0d bl 800547c + // this verifies no problem. + ASSERT(ctx.datalen + (ctx.bitlen/8) == 32+32+1+1+2+8+3+1+4+2+2); // == 88 +#endif + + uint8_t actual[32]; + sha256_final(&ctx, actual); + 8002c62: a90d add r1, sp, #52 ; 0x34 + 8002c64: a815 add r0, sp, #84 ; 0x54 + 8002c66: f002 fc4f bl 8005508 + + return check_equal(actual, resp, 32); + 8002c6a: 2220 movs r2, #32 + 8002c6c: a905 add r1, sp, #20 + 8002c6e: a80d add r0, sp, #52 ; 0x34 + 8002c70: f7ff fd0f bl 8002692 +} + 8002c74: b028 add sp, #160 ; 0xa0 + 8002c76: bd70 pop {r4, r5, r6, pc} + if(rv) return false; + 8002c78: 2000 movs r0, #0 + 8002c7a: e7fb b.n 8002c74 + 8002c7c: 0801c000 .word 0x0801c000 + 8002c80: 0800e5eb .word 0x0800e5eb + 8002c84: 0801c044 .word 0x0801c044 + 8002c88: 0801c040 .word 0x0801c040 + +08002c8c : +// inside the 508a/608a, like use of a specific key, but not for us to +// authenticate the 508a/608a or its contents/state. +// + int +ae_checkmac(uint8_t keynum, const uint8_t secret[32]) +{ + 8002c8c: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 8002c90: b0c2 sub sp, #264 ; 0x108 + + // Since this is part of the hash, we want random bytes + // for our "other data". Also a number for "numin" of nonce + uint8_t od[32], numin[20]; + + rng_buffer(od, sizeof(od)); + 8002c92: ad0b add r5, sp, #44 ; 0x2c +{ + 8002c94: 4607 mov r7, r0 + 8002c96: 460e mov r6, r1 + rng_buffer(od, sizeof(od)); + 8002c98: 4628 mov r0, r5 + 8002c9a: 2120 movs r1, #32 + 8002c9c: f7ff fd48 bl 8002730 + rng_buffer(numin, sizeof(numin)); + 8002ca0: 2114 movs r1, #20 + 8002ca2: a806 add r0, sp, #24 + 8002ca4: f7ff fd44 bl 8002730 + ae_send_idle(); + 8002ca8: f7ff fdfd bl 80028a6 + + // need this one, want to reset watchdog to this point. + ae_keep_alive(); + + // - load tempkey with a known nonce value + uint8_t zeros[8] = {0}; + 8002cac: 2300 movs r3, #0 + uint8_t tempkey[32]; + rv = ae_pick_nonce(numin, tempkey); + 8002cae: a913 add r1, sp, #76 ; 0x4c + 8002cb0: a806 add r0, sp, #24 + uint8_t zeros[8] = {0}; + 8002cb2: e9cd 3304 strd r3, r3, [sp, #16] + rv = ae_pick_nonce(numin, tempkey); + 8002cb6: f7ff ff67 bl 8002b88 + RET_IF_BAD(rv); + 8002cba: 4604 mov r4, r0 + 8002cbc: 2800 cmp r0, #0 + 8002cbe: d15d bne.n 8002d7c + + // - hash nonce and lots of other bits together + SHA256_CTX ctx; + sha256_init(&ctx); + 8002cc0: a81b add r0, sp, #108 ; 0x6c + 8002cc2: f002 fbcd bl 8005460 + + // shared secret is 32 bytes from flash + sha256_update(&ctx, secret, 32); + 8002cc6: 2220 movs r2, #32 + 8002cc8: 4631 mov r1, r6 + 8002cca: a81b add r0, sp, #108 ; 0x6c + 8002ccc: f002 fbd6 bl 800547c + + sha256_update(&ctx, tempkey, 32); + 8002cd0: 2220 movs r2, #32 + 8002cd2: a913 add r1, sp, #76 ; 0x4c + 8002cd4: a81b add r0, sp, #108 ; 0x6c + 8002cd6: f002 fbd1 bl 800547c + sha256_update(&ctx, &od[0], 4); + 8002cda: 2204 movs r2, #4 + 8002cdc: 4629 mov r1, r5 + 8002cde: a81b add r0, sp, #108 ; 0x6c + 8002ce0: f002 fbcc bl 800547c + + sha256_update(&ctx, zeros, 8); + 8002ce4: 2208 movs r2, #8 + 8002ce6: a904 add r1, sp, #16 + 8002ce8: a81b add r0, sp, #108 ; 0x6c + 8002cea: f002 fbc7 bl 800547c + + sha256_update(&ctx, &od[4], 3); + 8002cee: 2203 movs r2, #3 + 8002cf0: a90c add r1, sp, #48 ; 0x30 + 8002cf2: a81b add r0, sp, #108 ; 0x6c + 8002cf4: f002 fbc2 bl 800547c + + uint8_t ee = 0xEE; + 8002cf8: 23ee movs r3, #238 ; 0xee + sha256_update(&ctx, &ee, 1); + 8002cfa: 2201 movs r2, #1 + 8002cfc: f10d 010b add.w r1, sp, #11 + 8002d00: a81b add r0, sp, #108 ; 0x6c + uint8_t ee = 0xEE; + 8002d02: f88d 300b strb.w r3, [sp, #11] + sha256_update(&ctx, &ee, 1); + 8002d06: f002 fbb9 bl 800547c + sha256_update(&ctx, &od[7], 4); + 8002d0a: 2204 movs r2, #4 + 8002d0c: f10d 0133 add.w r1, sp, #51 ; 0x33 + 8002d10: a81b add r0, sp, #108 ; 0x6c + 8002d12: f002 fbb3 bl 800547c + + uint8_t snp[2] = { 0x01, 0x23 }; + 8002d16: f242 3301 movw r3, #8961 ; 0x2301 + sha256_update(&ctx, snp, 2); + 8002d1a: 2202 movs r2, #2 + 8002d1c: a903 add r1, sp, #12 + 8002d1e: a81b add r0, sp, #108 ; 0x6c + uint8_t snp[2] = { 0x01, 0x23 }; + 8002d20: f8ad 300c strh.w r3, [sp, #12] + sha256_update(&ctx, snp, 2); + 8002d24: f002 fbaa bl 800547c + sha256_update(&ctx, &od[11], 2); + 8002d28: 2202 movs r2, #2 + 8002d2a: f10d 0137 add.w r1, sp, #55 ; 0x37 + 8002d2e: a81b add r0, sp, #108 ; 0x6c + 8002d30: f002 fba4 bl 800547c + uint8_t resp[32]; + uint8_t od[13]; + } req; + + // content doesn't matter, but nice and visible: + memcpy(req.ch3, copyright_msg, 32); + 8002d34: 4b15 ldr r3, [pc, #84] ; (8002d8c ) + 8002d36: ac2e add r4, sp, #184 ; 0xb8 + 8002d38: f103 0220 add.w r2, r3, #32 + 8002d3c: 46a0 mov r8, r4 + 8002d3e: 6818 ldr r0, [r3, #0] + 8002d40: 6859 ldr r1, [r3, #4] + 8002d42: 4626 mov r6, r4 + 8002d44: c603 stmia r6!, {r0, r1} + 8002d46: 3308 adds r3, #8 + 8002d48: 4293 cmp r3, r2 + 8002d4a: 4634 mov r4, r6 + 8002d4c: d1f7 bne.n 8002d3e + // this verifies no problem. + int l = (ctx.blocks * 64) + ctx.npartial; + ASSERT(l == 32+32+4+8+3+1+4+2+2); // == 88 +#endif + + sha256_final(&ctx, req.resp); + 8002d4e: a936 add r1, sp, #216 ; 0xd8 + 8002d50: a81b add r0, sp, #108 ; 0x6c + 8002d52: f002 fbd9 bl 8005508 + memcpy(req.od, od, 13); + 8002d56: e895 000f ldmia.w r5, {r0, r1, r2, r3} + 8002d5a: ac3e add r4, sp, #248 ; 0xf8 + 8002d5c: c407 stmia r4!, {r0, r1, r2} + 8002d5e: 7023 strb r3, [r4, #0] + + STATIC_ASSERT(sizeof(req) == 32 + 32 + 13); + + // Give our answer to the chip. + ae_send_n(OP_CheckMac, 0x01, keynum, (uint8_t *)&req, sizeof(req)); + 8002d60: 234d movs r3, #77 ; 0x4d + 8002d62: 9300 str r3, [sp, #0] + 8002d64: 463a mov r2, r7 + 8002d66: 4643 mov r3, r8 + 8002d68: 2101 movs r1, #1 + 8002d6a: 2028 movs r0, #40 ; 0x28 + 8002d6c: f7ff fea4 bl 8002ab8 + + rv = ae_read1(); + 8002d70: f7ff fe4c bl 8002a0c + if(rv != 0) { + 8002d74: 4604 mov r4, r0 + 8002d76: b928 cbnz r0, 8002d84 + ae_send_idle(); + 8002d78: f7ff fd95 bl 80028a6 + + // just in case ... always restart watchdog timer. + ae_keep_alive(); + + return 0; +} + 8002d7c: 4620 mov r0, r4 + 8002d7e: b042 add sp, #264 ; 0x108 + 8002d80: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + return -1; + 8002d84: f04f 34ff mov.w r4, #4294967295 ; 0xffffffff + 8002d88: e7f8 b.n 8002d7c + 8002d8a: bf00 nop + 8002d8c: 0800e5ba .word 0x0800e5ba + +08002d90 : + return ae_checkmac(KEYNUM_pairing, rom_secrets->pairing_secret); + 8002d90: 4901 ldr r1, [pc, #4] ; (8002d98 ) + 8002d92: 2001 movs r0, #1 + 8002d94: f7ff bf7a b.w 8002c8c + 8002d98: 0801c000 .word 0x0801c000 + +08002d9c : +// Sign a message (already digested) +// + int +ae_sign_authed(uint8_t keynum, const uint8_t msg_hash[32], + uint8_t signature[64], int auth_kn, const uint8_t auth_digest[32]) +{ + 8002d9c: b570 push {r4, r5, r6, lr} + 8002d9e: 460e mov r6, r1 + 8002da0: 4604 mov r4, r0 + 8002da2: 4615 mov r5, r2 + // indicate we know the PIN + ae_pair_unlock(); + 8002da4: f7ff fff4 bl 8002d90 + int rv = ae_checkmac(KEYNUM_main_pin, auth_digest); + 8002da8: 9904 ldr r1, [sp, #16] + 8002daa: 2003 movs r0, #3 + 8002dac: f7ff ff6e bl 8002c8c + RET_IF_BAD(rv); + 8002db0: b990 cbnz r0, 8002dd8 + + // send what we need signed + rv = ae_load_msgdigest(msg_hash); + 8002db2: 4630 mov r0, r6 + 8002db4: f7ff feda bl 8002b6c + RET_IF_BAD(rv); + 8002db8: b970 cbnz r0, 8002dd8 + + do { + ae_send(OP_Sign, (7<<5), keynum); + 8002dba: b2a4 uxth r4, r4 + 8002dbc: 4622 mov r2, r4 + 8002dbe: 21e0 movs r1, #224 ; 0xe0 + 8002dc0: 2041 movs r0, #65 ; 0x41 + 8002dc2: f7ff feac bl 8002b1e + + delay_ms(60); // min time for processing + 8002dc6: 203c movs r0, #60 ; 0x3c + 8002dc8: f000 fd86 bl 80038d8 + + rv = ae_read_n(64, signature); + 8002dcc: 4629 mov r1, r5 + 8002dce: 2040 movs r0, #64 ; 0x40 + 8002dd0: f7ff fe38 bl 8002a44 + } while(rv == AE_ECC_FAULT); + 8002dd4: 2805 cmp r0, #5 + 8002dd6: d0f1 beq.n 8002dbc + + return rv; +} + 8002dd8: bd70 pop {r4, r5, r6, pc} + ... + +08002ddc : + +// ae_gen_ecc_key() +// + int +ae_gen_ecc_key(uint8_t keynum, uint8_t pubkey_out[64]) +{ + 8002ddc: b530 push {r4, r5, lr} + int rv; + uint8_t junk[3] = { 0 }; + 8002dde: 4b0f ldr r3, [pc, #60] ; (8002e1c ) +{ + 8002de0: b085 sub sp, #20 + uint8_t junk[3] = { 0 }; + 8002de2: f8b3 3013 ldrh.w r3, [r3, #19] + 8002de6: f8ad 300c strh.w r3, [sp, #12] + 8002dea: 2300 movs r3, #0 +{ + 8002dec: 460c mov r4, r1 + uint8_t junk[3] = { 0 }; + 8002dee: f88d 300e strb.w r3, [sp, #14] + + do { + ae_send_n(OP_GenKey, (1<<2), keynum, junk, 3); + 8002df2: 4605 mov r5, r0 + 8002df4: 2303 movs r3, #3 + 8002df6: 462a mov r2, r5 + 8002df8: 2104 movs r1, #4 + 8002dfa: 9300 str r3, [sp, #0] + 8002dfc: 2040 movs r0, #64 ; 0x40 + 8002dfe: ab03 add r3, sp, #12 + 8002e00: f7ff fe5a bl 8002ab8 + + delay_ms(100); // to avoid timeouts + 8002e04: 2064 movs r0, #100 ; 0x64 + 8002e06: f000 fd67 bl 80038d8 + + rv = ae_read_n(64, pubkey_out); + 8002e0a: 4621 mov r1, r4 + 8002e0c: 2040 movs r0, #64 ; 0x40 + 8002e0e: f7ff fe19 bl 8002a44 + } while(rv == AE_ECC_FAULT); + 8002e12: 2805 cmp r0, #5 + 8002e14: d0ee beq.n 8002df4 + + return rv; +} + 8002e16: b005 add sp, #20 + 8002e18: bd30 pop {r4, r5, pc} + 8002e1a: bf00 nop + 8002e1c: 0800e5e8 .word 0x0800e5e8 + +08002e20 : +// 508a: Different opcode, OP_HMAC does exactly 32 bytes w/ less steps. +// 608a: Use old SHA256 command, but with new flags. +// + int +ae_hmac32(uint8_t keynum, const uint8_t msg[32], uint8_t digest[32]) +{ + 8002e20: b530 push {r4, r5, lr} + 8002e22: b085 sub sp, #20 + 8002e24: 4615 mov r5, r2 + 8002e26: 9103 str r1, [sp, #12] + // Start SHA w/ HMAC setup + ae_send(OP_SHA, 4, keynum); // 4 = HMAC_Init + 8002e28: 4602 mov r2, r0 + 8002e2a: 2104 movs r1, #4 + 8002e2c: 2047 movs r0, #71 ; 0x47 + 8002e2e: f7ff fe76 bl 8002b1e + + // expect zero, meaning "ready" + int rv = ae_read1(); + 8002e32: f7ff fdeb bl 8002a0c + RET_IF_BAD(rv); + 8002e36: b970 cbnz r0, 8002e56 + + // send the contents to be hashed + ae_send_n(OP_SHA, (3<<6) | 2, 32, msg, 32); // 2 = Finalize, 3=Place output + 8002e38: 2420 movs r4, #32 + 8002e3a: 9b03 ldr r3, [sp, #12] + 8002e3c: 9400 str r4, [sp, #0] + 8002e3e: 4622 mov r2, r4 + 8002e40: 21c2 movs r1, #194 ; 0xc2 + 8002e42: 2047 movs r0, #71 ; 0x47 + 8002e44: f7ff fe38 bl 8002ab8 + + // read result + return ae_read_n(32, digest); + 8002e48: 4629 mov r1, r5 + 8002e4a: 4620 mov r0, r4 +} + 8002e4c: b005 add sp, #20 + 8002e4e: e8bd 4030 ldmia.w sp!, {r4, r5, lr} + return ae_read_n(32, digest); + 8002e52: f7ff bdf7 b.w 8002a44 +} + 8002e56: b005 add sp, #20 + 8002e58: bd30 pop {r4, r5, pc} + +08002e5a : +// +// Return the serial number: it's 9 bytes, altho 3 are fixed. +// + int +ae_get_serial(uint8_t serial[6]) +{ + 8002e5a: b510 push {r4, lr} + ae_send(OP_Read, 0x80, 0x0); + 8002e5c: 2200 movs r2, #0 +{ + 8002e5e: b08c sub sp, #48 ; 0x30 + ae_send(OP_Read, 0x80, 0x0); + 8002e60: 2180 movs r1, #128 ; 0x80 +{ + 8002e62: 4604 mov r4, r0 + ae_send(OP_Read, 0x80, 0x0); + 8002e64: 2002 movs r0, #2 + 8002e66: f7ff fe5a bl 8002b1e + + uint8_t temp[32]; + int rv = ae_read_n(32, temp); + 8002e6a: a904 add r1, sp, #16 + 8002e6c: 2020 movs r0, #32 + 8002e6e: f7ff fde9 bl 8002a44 + RET_IF_BAD(rv); + 8002e72: 4603 mov r3, r0 + 8002e74: b9b8 cbnz r0, 8002ea6 + + // reformat to 9 bytes. + uint8_t ts[9]; + memcpy(ts, &temp[0], 4); + memcpy(&ts[4], &temp[8], 5); + 8002e76: e9dd 0106 ldrd r0, r1, [sp, #24] + 8002e7a: 9a04 ldr r2, [sp, #16] + 8002e7c: f88d 100c strb.w r1, [sp, #12] + + // check the hard-coded values + if((ts[0] != 0x01) || (ts[1] != 0x23) || (ts[8] != 0xEE)) return 1; + 8002e80: b2d1 uxtb r1, r2 + 8002e82: 2901 cmp r1, #1 + memcpy(ts, &temp[0], 4); + 8002e84: 9201 str r2, [sp, #4] + memcpy(&ts[4], &temp[8], 5); + 8002e86: 9002 str r0, [sp, #8] + if((ts[0] != 0x01) || (ts[1] != 0x23) || (ts[8] != 0xEE)) return 1; + 8002e88: d110 bne.n 8002eac + 8002e8a: f3c2 2207 ubfx r2, r2, #8, #8 + 8002e8e: 2a23 cmp r2, #35 ; 0x23 + 8002e90: d10c bne.n 8002eac + 8002e92: f89d 200c ldrb.w r2, [sp, #12] + 8002e96: 2aee cmp r2, #238 ; 0xee + 8002e98: d10a bne.n 8002eb0 + + // save only the unique bits. + memcpy(serial, ts+2, 6); + 8002e9a: f8dd 2006 ldr.w r2, [sp, #6] + 8002e9e: 6022 str r2, [r4, #0] + 8002ea0: f8bd 200a ldrh.w r2, [sp, #10] + 8002ea4: 80a2 strh r2, [r4, #4] + + return 0; +} + 8002ea6: 4618 mov r0, r3 + 8002ea8: b00c add sp, #48 ; 0x30 + 8002eaa: bd10 pop {r4, pc} + if((ts[0] != 0x01) || (ts[1] != 0x23) || (ts[8] != 0xEE)) return 1; + 8002eac: 2301 movs r3, #1 + 8002eae: e7fa b.n 8002ea6 + 8002eb0: 460b mov r3, r1 + 8002eb2: e7f8 b.n 8002ea6 + +08002eb4 : +{ + 8002eb4: b513 push {r0, r1, r4, lr} + ae_wake(); + 8002eb6: f7ff fceb bl 8002890 + _send_bits(IOFLAG_SLEEP); + 8002eba: 20cc movs r0, #204 ; 0xcc + 8002ebc: f7ff fc70 bl 80027a0 <_send_bits> + ae_wake(); + 8002ec0: f7ff fce6 bl 8002890 + ae_read1(); + 8002ec4: f7ff fda2 bl 8002a0c + uint8_t chk = ae_read1(); + 8002ec8: f7ff fda0 bl 8002a0c + if(chk != AE_AFTER_WAKE) return "wk fl"; + 8002ecc: b2c0 uxtb r0, r0 + 8002ece: 2811 cmp r0, #17 + 8002ed0: d10e bne.n 8002ef0 + if(ae_get_serial(serial)) return "no ser"; + 8002ed2: 4668 mov r0, sp + 8002ed4: f7ff ffc1 bl 8002e5a + 8002ed8: 4604 mov r4, r0 + 8002eda: b938 cbnz r0, 8002eec + ae_wake(); + 8002edc: f7ff fcd8 bl 8002890 + _send_bits(IOFLAG_SLEEP); + 8002ee0: 20cc movs r0, #204 ; 0xcc + 8002ee2: f7ff fc5d bl 80027a0 <_send_bits> + return NULL; + 8002ee6: 4620 mov r0, r4 +} + 8002ee8: b002 add sp, #8 + 8002eea: bd10 pop {r4, pc} + if(ae_get_serial(serial)) return "no ser"; + 8002eec: 4801 ldr r0, [pc, #4] ; (8002ef4 ) + 8002eee: e7fb b.n 8002ee8 + if(chk != AE_AFTER_WAKE) return "wk fl"; + 8002ef0: 4801 ldr r0, [pc, #4] ; (8002ef8 ) + 8002ef2: e7f9 b.n 8002ee8 + 8002ef4: 0800e5db .word 0x0800e5db + 8002ef8: 0800e5e2 .word 0x0800e5e2 + +08002efc : +// +// -- can also lock it. +// + int +ae_write_data_slot(int slot_num, const uint8_t *data, int len, bool lock_it) +{ + 8002efc: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 8002f00: 4699 mov r9, r3 + ASSERT(len >= 32); + 8002f02: f1a2 0320 sub.w r3, r2, #32 +{ + 8002f06: b085 sub sp, #20 + ASSERT(len >= 32); + 8002f08: f5b3 7fc0 cmp.w r3, #384 ; 0x180 +{ + 8002f0c: 4604 mov r4, r0 + 8002f0e: af02 add r7, sp, #8 + 8002f10: 460d mov r5, r1 + 8002f12: 4690 mov r8, r2 + ASSERT(len >= 32); + 8002f14: d902 bls.n 8002f1c + 8002f16: 482d ldr r0, [pc, #180] ; (8002fcc ) + 8002f18: f7fd fd84 bl 8000a24 + ASSERT(len <= 416); + + for(int blk=0, xlen=len; xlen>0; blk++, xlen-=32) { + // have to write each "block" of 32-bytes, separately + // zone => data + ae_send_n(OP_Write, 0x80|2, (blk<<8) | (slot_num<<3), data+(blk*32), 32); + 8002f1c: ea4f 0ac0 mov.w sl, r0, lsl #3 + 8002f20: fa0f fa8a sxth.w sl, sl + 8002f24: 2600 movs r6, #0 + 8002f26: f04f 0b20 mov.w fp, #32 + 8002f2a: ebc6 3246 rsb r2, r6, r6, lsl #13 + 8002f2e: ea4a 02c2 orr.w r2, sl, r2, lsl #3 + 8002f32: b292 uxth r2, r2 + 8002f34: 1bab subs r3, r5, r6 + 8002f36: 2182 movs r1, #130 ; 0x82 + 8002f38: 2012 movs r0, #18 + 8002f3a: f8cd b000 str.w fp, [sp] + 8002f3e: f7ff fdbb bl 8002ab8 + + int rv = ae_read1(); + 8002f42: f7ff fd63 bl 8002a0c + RET_IF_BAD(rv); + 8002f46: 2800 cmp r0, #0 + 8002f48: d13c bne.n 8002fc4 + for(int blk=0, xlen=len; xlen>0; blk++, xlen-=32) { + 8002f4a: 3e20 subs r6, #32 + 8002f4c: eb06 0308 add.w r3, r6, r8 + 8002f50: 2b00 cmp r3, #0 + 8002f52: dcea bgt.n 8002f2a + } + + if(lock_it) { + 8002f54: f1b9 0f00 cmp.w r9, #0 + 8002f58: d034 beq.n 8002fc4 + ASSERT(slot_num != 8); // no support for mega slot 8 + 8002f5a: 2c08 cmp r4, #8 + if(lock_it) { + 8002f5c: 466e mov r6, sp + ASSERT(slot_num != 8); // no support for mega slot 8 + 8002f5e: d0da beq.n 8002f16 + ASSERT(len == 32); // probably not a limitation here + 8002f60: f1b8 0f20 cmp.w r8, #32 + 8002f64: d1d7 bne.n 8002f16 + + // Assume 36/72-byte long slot, which will be partially written, and rest + // should be ones. + const int slot_len = (slot_num <= 7) ? 36 : 72; + 8002f66: 2c08 cmp r4, #8 + 8002f68: bfb4 ite lt + 8002f6a: f04f 0824 movlt.w r8, #36 ; 0x24 + 8002f6e: f04f 0848 movge.w r8, #72 ; 0x48 + uint8_t copy[slot_len]; + 8002f72: f108 0307 add.w r3, r8, #7 + 8002f76: f003 03f8 and.w r3, r3, #248 ; 0xf8 + 8002f7a: ebad 0d03 sub.w sp, sp, r3 + 8002f7e: ab02 add r3, sp, #8 + + memset(copy, 0xff, slot_len); + 8002f80: 4642 mov r2, r8 + 8002f82: 21ff movs r1, #255 ; 0xff + 8002f84: 4618 mov r0, r3 + 8002f86: f00a fb43 bl 800d610 + memcpy(copy, data, len); + 8002f8a: f105 0120 add.w r1, r5, #32 + memset(copy, 0xff, slot_len); + 8002f8e: 4603 mov r3, r0 + memcpy(copy, data, len); + 8002f90: 4602 mov r2, r0 + 8002f92: f855 0b04 ldr.w r0, [r5], #4 + 8002f96: f842 0b04 str.w r0, [r2], #4 + 8002f9a: 428d cmp r5, r1 + 8002f9c: d1f9 bne.n 8002f92 + + // calc expected CRC + uint8_t crc[2] = {0, 0}; + 8002f9e: 2200 movs r2, #0 + crc16_chain(slot_len, copy, crc); + 8002fa0: 4619 mov r1, r3 + uint8_t crc[2] = {0, 0}; + 8002fa2: 80ba strh r2, [r7, #4] + crc16_chain(slot_len, copy, crc); + 8002fa4: 4640 mov r0, r8 + 8002fa6: 1d3a adds r2, r7, #4 + 8002fa8: f7ff fc30 bl 800280c + + // do the lock + ae_send(OP_Lock, 2 | (slot_num << 2), (crc[1]<<8) | crc[0]); + 8002fac: 00a1 lsls r1, r4, #2 + 8002fae: f041 0102 orr.w r1, r1, #2 + 8002fb2: 88ba ldrh r2, [r7, #4] + 8002fb4: f001 01fe and.w r1, r1, #254 ; 0xfe + 8002fb8: 2017 movs r0, #23 + 8002fba: f7ff fdb0 bl 8002b1e + + int rv = ae_read1(); + 8002fbe: f7ff fd25 bl 8002a0c + RET_IF_BAD(rv); + 8002fc2: 46b5 mov sp, r6 + } + + return 0; +} + 8002fc4: 370c adds r7, #12 + 8002fc6: 46bd mov sp, r7 + 8002fc8: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + 8002fcc: 0800e354 .word 0x0800e354 + +08002fd0 : + +// ae_gendig_slot() +// + int +ae_gendig_slot(int slot_num, const uint8_t slot_contents[32], uint8_t digest[32]) +{ + 8002fd0: b5f0 push {r4, r5, r6, r7, lr} + 8002fd2: b0ab sub sp, #172 ; 0xac + 8002fd4: 4605 mov r5, r0 + 8002fd6: 460f mov r7, r1 + // Construct a digest on the device (and here) that depends on the secret + // contents of a specific slot. + uint8_t num_in[20], tempkey[32]; + + rng_buffer(num_in, sizeof(num_in)); + 8002fd8: a803 add r0, sp, #12 + 8002fda: 2114 movs r1, #20 +{ + 8002fdc: 4616 mov r6, r2 + rng_buffer(num_in, sizeof(num_in)); + 8002fde: f7ff fba7 bl 8002730 + int rv = ae_pick_nonce(num_in, tempkey); + 8002fe2: a90f add r1, sp, #60 ; 0x3c + 8002fe4: a803 add r0, sp, #12 + 8002fe6: f7ff fdcf bl 8002b88 + RET_IF_BAD(rv); + 8002fea: 4604 mov r4, r0 + 8002fec: 2800 cmp r0, #0 + 8002fee: d13d bne.n 800306c + + //using Zone=2="Data" => "KeyID specifies a slot in the Data zone" + ae_send(OP_GenDig, 0x2, slot_num); + 8002ff0: b2aa uxth r2, r5 + 8002ff2: 2102 movs r1, #2 + 8002ff4: 2015 movs r0, #21 + 8002ff6: f7ff fd92 bl 8002b1e + + rv = ae_read1(); + 8002ffa: f7ff fd07 bl 8002a0c + RET_IF_BAD(rv); + 8002ffe: 4604 mov r4, r0 + 8003000: bba0 cbnz r0, 800306c + ae_send_idle(); + 8003002: f7ff fc50 bl 80028a6 + // msg = hkey + b'\x15\x02' + ustruct.pack(" + + uint8_t args[7] = { OP_GenDig, 2, slot_num, 0, 0xEE, 0x01, 0x23 }; + 800300c: 2302 movs r3, #2 + 800300e: f88d 3005 strb.w r3, [sp, #5] + 8003012: 23ee movs r3, #238 ; 0xee + 8003014: f88d 3008 strb.w r3, [sp, #8] + 8003018: 2301 movs r3, #1 + 800301a: 2215 movs r2, #21 + 800301c: f88d 3009 strb.w r3, [sp, #9] + uint8_t zeros[25] = { 0 }; + 8003020: 4621 mov r1, r4 + uint8_t args[7] = { OP_GenDig, 2, slot_num, 0, 0xEE, 0x01, 0x23 }; + 8003022: 2323 movs r3, #35 ; 0x23 + uint8_t zeros[25] = { 0 }; + 8003024: a809 add r0, sp, #36 ; 0x24 + uint8_t args[7] = { OP_GenDig, 2, slot_num, 0, 0xEE, 0x01, 0x23 }; + 8003026: f88d 300a strb.w r3, [sp, #10] + 800302a: f88d 2004 strb.w r2, [sp, #4] + 800302e: f88d 5006 strb.w r5, [sp, #6] + 8003032: f88d 4007 strb.w r4, [sp, #7] + uint8_t zeros[25] = { 0 }; + 8003036: 9408 str r4, [sp, #32] + 8003038: f00a faea bl 800d610 + + sha256_update(&ctx, slot_contents, 32); + 800303c: 2220 movs r2, #32 + 800303e: 4639 mov r1, r7 + 8003040: a817 add r0, sp, #92 ; 0x5c + 8003042: f002 fa1b bl 800547c + sha256_update(&ctx, args, sizeof(args)); + 8003046: 2207 movs r2, #7 + 8003048: a901 add r1, sp, #4 + 800304a: a817 add r0, sp, #92 ; 0x5c + 800304c: f002 fa16 bl 800547c + sha256_update(&ctx, zeros, sizeof(zeros)); + 8003050: 2219 movs r2, #25 + 8003052: a908 add r1, sp, #32 + 8003054: a817 add r0, sp, #92 ; 0x5c + 8003056: f002 fa11 bl 800547c + sha256_update(&ctx, tempkey, 32); + 800305a: a90f add r1, sp, #60 ; 0x3c + 800305c: a817 add r0, sp, #92 ; 0x5c + 800305e: 2220 movs r2, #32 + 8003060: f002 fa0c bl 800547c + + sha256_final(&ctx, digest); + 8003064: 4631 mov r1, r6 + 8003066: a817 add r0, sp, #92 ; 0x5c + 8003068: f002 fa4e bl 8005508 + + return 0; +} + 800306c: 4620 mov r0, r4 + 800306e: b02b add sp, #172 ; 0xac + 8003070: bdf0 pop {r4, r5, r6, r7, pc} + ... + +08003074 : +{ + 8003074: b507 push {r0, r1, r2, lr} + 8003076: 4602 mov r2, r0 + int rv = ae_gendig_slot(KEYNUM_pairing, rom_secrets->pairing_secret, randout); + 8003078: 9001 str r0, [sp, #4] + 800307a: 490b ldr r1, [pc, #44] ; (80030a8 ) + 800307c: 2001 movs r0, #1 + 800307e: f7ff ffa7 bl 8002fd0 + if(rv || !ae_is_correct_tempkey(randout)) { + 8003082: 9a01 ldr r2, [sp, #4] + 8003084: b108 cbz r0, 800308a + fatal_mitm(); + 8003086: f7fd fcd7 bl 8000a38 + if(rv || !ae_is_correct_tempkey(randout)) { + 800308a: 4610 mov r0, r2 + 800308c: 9201 str r2, [sp, #4] + 800308e: f7ff fdaf bl 8002bf0 + 8003092: 2800 cmp r0, #0 + 8003094: d0f7 beq.n 8003086 + sha256_single(randout, 32, randout); + 8003096: 9a01 ldr r2, [sp, #4] + 8003098: 2120 movs r1, #32 + 800309a: 4610 mov r0, r2 +} + 800309c: b003 add sp, #12 + 800309e: f85d eb04 ldr.w lr, [sp], #4 + sha256_single(randout, 32, randout); + 80030a2: f002 ba45 b.w 8005530 + 80030a6: bf00 nop + 80030a8: 0801c000 .word 0x0801c000 + +080030ac : +{ + 80030ac: b510 push {r4, lr} + 80030ae: b088 sub sp, #32 + int rv = ae_gendig_slot(keynum, secret, digest); + 80030b0: 466a mov r2, sp + 80030b2: f7ff ff8d bl 8002fd0 + RET_IF_BAD(rv); + 80030b6: 4604 mov r4, r0 + 80030b8: b930 cbnz r0, 80030c8 + if(!ae_is_correct_tempkey(digest)) return -2; + 80030ba: 4668 mov r0, sp + 80030bc: f7ff fd98 bl 8002bf0 + 80030c0: 2800 cmp r0, #0 + 80030c2: bf08 it eq + 80030c4: f06f 0401 mvneq.w r4, #1 +} + 80030c8: 4620 mov r0, r4 + 80030ca: b008 add sp, #32 + 80030cc: bd10 pop {r4, pc} + +080030ce : +// the digest should be, and ask the chip to do the same. Verify we match +// using MAC command (done elsewhere). +// + int +ae_gendig_counter(int counter_num, const uint32_t expected_value, uint8_t digest[32]) +{ + 80030ce: b5f0 push {r4, r5, r6, r7, lr} + 80030d0: b0ad sub sp, #180 ; 0xb4 + 80030d2: 4605 mov r5, r0 + 80030d4: 9101 str r1, [sp, #4] + uint8_t num_in[20], tempkey[32]; + + rng_buffer(num_in, sizeof(num_in)); + 80030d6: a804 add r0, sp, #16 + 80030d8: 2114 movs r1, #20 +{ + 80030da: 4616 mov r6, r2 + rng_buffer(num_in, sizeof(num_in)); + 80030dc: f7ff fb28 bl 8002730 + int rv = ae_pick_nonce(num_in, tempkey); + 80030e0: a909 add r1, sp, #36 ; 0x24 + 80030e2: a804 add r0, sp, #16 + 80030e4: f7ff fd50 bl 8002b88 + RET_IF_BAD(rv); + 80030e8: 4604 mov r4, r0 + 80030ea: 2800 cmp r0, #0 + 80030ec: d148 bne.n 8003180 + + //using Zone=4="Counter" => "KeyID specifies the monotonic counter ID" + ae_send(OP_GenDig, 0x4, counter_num); + 80030ee: b2aa uxth r2, r5 + 80030f0: 2104 movs r1, #4 + 80030f2: 2015 movs r0, #21 + 80030f4: f7ff fd13 bl 8002b1e + + rv = ae_read1(); + 80030f8: f7ff fc88 bl 8002a0c + RET_IF_BAD(rv); + 80030fc: 4604 mov r4, r0 + 80030fe: 2800 cmp r0, #0 + 8003100: d13e bne.n 8003180 + ae_send_idle(); + 8003102: f7ff fbd0 bl 80028a6 + // msg = hkey + b'\x15\x02' + ustruct.pack(" + + uint8_t zeros[32] = { 0 }; + 800310c: 221c movs r2, #28 + 800310e: 4621 mov r1, r4 + 8003110: a812 add r0, sp, #72 ; 0x48 + 8003112: 9411 str r4, [sp, #68] ; 0x44 + 8003114: f00a fa7c bl 800d610 + uint8_t args[8] = { OP_GenDig, 0x4, counter_num, 0, 0xEE, 0x01, 0x23, 0x0 }; + 8003118: 2315 movs r3, #21 + 800311a: f88d 3008 strb.w r3, [sp, #8] + 800311e: 23ee movs r3, #238 ; 0xee + 8003120: f88d 300c strb.w r3, [sp, #12] + 8003124: 2301 movs r3, #1 + 8003126: 2704 movs r7, #4 + 8003128: f88d 300d strb.w r3, [sp, #13] + + sha256_update(&ctx, zeros, 32); + 800312c: 2220 movs r2, #32 + uint8_t args[8] = { OP_GenDig, 0x4, counter_num, 0, 0xEE, 0x01, 0x23, 0x0 }; + 800312e: 2323 movs r3, #35 ; 0x23 + sha256_update(&ctx, zeros, 32); + 8003130: a911 add r1, sp, #68 ; 0x44 + 8003132: a819 add r0, sp, #100 ; 0x64 + uint8_t args[8] = { OP_GenDig, 0x4, counter_num, 0, 0xEE, 0x01, 0x23, 0x0 }; + 8003134: f88d 300e strb.w r3, [sp, #14] + 8003138: f88d 7009 strb.w r7, [sp, #9] + 800313c: f88d 500a strb.w r5, [sp, #10] + 8003140: f88d 400b strb.w r4, [sp, #11] + 8003144: f88d 400f strb.w r4, [sp, #15] + sha256_update(&ctx, zeros, 32); + 8003148: f002 f998 bl 800547c + sha256_update(&ctx, args, sizeof(args)); + 800314c: 2208 movs r2, #8 + 800314e: eb0d 0102 add.w r1, sp, r2 + 8003152: a819 add r0, sp, #100 ; 0x64 + 8003154: f002 f992 bl 800547c + sha256_update(&ctx, (const uint8_t *)&expected_value, 4); + 8003158: 463a mov r2, r7 + 800315a: eb0d 0107 add.w r1, sp, r7 + 800315e: a819 add r0, sp, #100 ; 0x64 + 8003160: f002 f98c bl 800547c + sha256_update(&ctx, zeros, 20); + 8003164: 2214 movs r2, #20 + 8003166: a911 add r1, sp, #68 ; 0x44 + 8003168: a819 add r0, sp, #100 ; 0x64 + 800316a: f002 f987 bl 800547c + sha256_update(&ctx, tempkey, 32); + 800316e: a909 add r1, sp, #36 ; 0x24 + 8003170: a819 add r0, sp, #100 ; 0x64 + 8003172: 2220 movs r2, #32 + 8003174: f002 f982 bl 800547c + + sha256_final(&ctx, digest); + 8003178: 4631 mov r1, r6 + 800317a: a819 add r0, sp, #100 ; 0x64 + 800317c: f002 f9c4 bl 8005508 + + return 0; +} + 8003180: 4620 mov r0, r4 + 8003182: b02d add sp, #180 ; 0xb4 + 8003184: bdf0 pop {r4, r5, r6, r7, pc} + +08003186 : +{ + 8003186: b570 push {r4, r5, r6, lr} + ae_send(OP_Counter, 0x0, counter_number); + 8003188: 460a mov r2, r1 +{ + 800318a: b088 sub sp, #32 + 800318c: 4606 mov r6, r0 + 800318e: 460d mov r5, r1 + ae_send(OP_Counter, 0x0, counter_number); + 8003190: 2024 movs r0, #36 ; 0x24 + 8003192: 2100 movs r1, #0 + 8003194: f7ff fcc3 bl 8002b1e + int rv = ae_read_n(4, (uint8_t *)result); + 8003198: 4631 mov r1, r6 + 800319a: 2004 movs r0, #4 + 800319c: f7ff fc52 bl 8002a44 + RET_IF_BAD(rv); + 80031a0: 4604 mov r4, r0 + 80031a2: b960 cbnz r0, 80031be + rv = ae_gendig_counter(counter_number, *result, digest); + 80031a4: 6831 ldr r1, [r6, #0] + 80031a6: 466a mov r2, sp + 80031a8: 4628 mov r0, r5 + 80031aa: f7ff ff90 bl 80030ce + RET_IF_BAD(rv); + 80031ae: 4604 mov r4, r0 + 80031b0: b928 cbnz r0, 80031be + if(!ae_is_correct_tempkey(digest)) { + 80031b2: 4668 mov r0, sp + 80031b4: f7ff fd1c bl 8002bf0 + 80031b8: b908 cbnz r0, 80031be + fatal_mitm(); + 80031ba: f7fd fc3d bl 8000a38 +} + 80031be: 4620 mov r0, r4 + 80031c0: b008 add sp, #32 + 80031c2: bd70 pop {r4, r5, r6, pc} + +080031c4 : +{ + 80031c4: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + 80031c8: 4606 mov r6, r0 + 80031ca: b089 sub sp, #36 ; 0x24 + 80031cc: 460d mov r5, r1 + 80031ce: 4617 mov r7, r2 + for(int i=0; i + int rv = ae_gendig_counter(counter_number, *result, digest); + 80031dc: 6831 ldr r1, [r6, #0] + 80031de: 466a mov r2, sp + 80031e0: 4628 mov r0, r5 + 80031e2: f7ff ff74 bl 80030ce + RET_IF_BAD(rv); + 80031e6: 4604 mov r4, r0 + 80031e8: b998 cbnz r0, 8003212 + if(!ae_is_correct_tempkey(digest)) { + 80031ea: 4668 mov r0, sp + 80031ec: f7ff fd00 bl 8002bf0 + 80031f0: b978 cbnz r0, 8003212 + fatal_mitm(); + 80031f2: f7fd fc21 bl 8000a38 + ae_send(OP_Counter, 0x1, counter_number); + 80031f6: 464a mov r2, r9 + 80031f8: 2101 movs r1, #1 + 80031fa: 2024 movs r0, #36 ; 0x24 + 80031fc: f7ff fc8f bl 8002b1e + int rv = ae_read_n(4, (uint8_t *)result); + 8003200: 4631 mov r1, r6 + 8003202: 2004 movs r0, #4 + 8003204: f7ff fc1e bl 8002a44 + RET_IF_BAD(rv); + 8003208: 4604 mov r4, r0 + 800320a: b910 cbnz r0, 8003212 + for(int i=0; i +} + 8003212: 4620 mov r0, r4 + 8003214: b009 add sp, #36 ; 0x24 + 8003216: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + +0800321a : +// ae_encrypted_read32() +// + int +ae_encrypted_read32(int data_slot, int blk, + int read_kn, const uint8_t read_key[32], uint8_t data[32]) +{ + 800321a: b5f0 push {r4, r5, r6, r7, lr} + 800321c: b08b sub sp, #44 ; 0x2c + 800321e: 4617 mov r7, r2 + 8003220: 460e mov r6, r1 + 8003222: 9d10 ldr r5, [sp, #64] ; 0x40 + 8003224: 9301 str r3, [sp, #4] + 8003226: 4604 mov r4, r0 + uint8_t digest[32]; + + ae_pair_unlock(); + 8003228: f7ff fdb2 bl 8002d90 + + int rv = ae_gendig_slot(read_kn, read_key, digest); + 800322c: 9901 ldr r1, [sp, #4] + 800322e: aa02 add r2, sp, #8 + 8003230: 4638 mov r0, r7 + 8003232: f7ff fecd bl 8002fd0 + RET_IF_BAD(rv); + 8003236: b9c0 cbnz r0, 800326a + + // read nth 32-byte "block" + ae_send(OP_Read, 0x82, (blk << 8) | (data_slot<<3)); + 8003238: 00e4 lsls r4, r4, #3 + 800323a: ea44 2206 orr.w r2, r4, r6, lsl #8 + 800323e: 2182 movs r1, #130 ; 0x82 + 8003240: 2002 movs r0, #2 + 8003242: b292 uxth r2, r2 + 8003244: f7ff fc6b bl 8002b1e + + rv = ae_read_n(32, data); + 8003248: 4629 mov r1, r5 + 800324a: 2020 movs r0, #32 + 800324c: f7ff fbfa bl 8002a44 + RET_IF_BAD(rv); + 8003250: b958 cbnz r0, 800326a + 8003252: 1e6a subs r2, r5, #1 + 8003254: ab02 add r3, sp, #8 + 8003256: 351f adds r5, #31 + *(acc) ^= *(more); + 8003258: f812 1f01 ldrb.w r1, [r2, #1]! + 800325c: f813 4b01 ldrb.w r4, [r3], #1 + for(; len; len--, more++, acc++) { + 8003260: 4295 cmp r5, r2 + *(acc) ^= *(more); + 8003262: ea81 0104 eor.w r1, r1, r4 + 8003266: 7011 strb r1, [r2, #0] + for(; len; len--, more++, acc++) { + 8003268: d1f6 bne.n 8003258 + + xor_mixin(data, digest, 32); + + return 0; +} + 800326a: b00b add sp, #44 ; 0x2c + 800326c: bdf0 pop {r4, r5, r6, r7, pc} + ... + +08003270 : + +// ae_encrypted_read() +// + int +ae_encrypted_read(int data_slot, int read_kn, const uint8_t read_key[32], uint8_t *data, int len) +{ + 8003270: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + 8003274: b08b sub sp, #44 ; 0x2c + 8003276: 4607 mov r7, r0 + 8003278: 9d12 ldr r5, [sp, #72] ; 0x48 + // not clear if chip supports 4-byte encrypted reads + ASSERT((len == 32) || (len == 72)); + 800327a: 2d20 cmp r5, #32 +{ + 800327c: 4688 mov r8, r1 + 800327e: 4691 mov r9, r2 + 8003280: 461e mov r6, r3 + ASSERT((len == 32) || (len == 72)); + 8003282: d004 beq.n 800328e + 8003284: 2d48 cmp r5, #72 ; 0x48 + 8003286: d002 beq.n 800328e + 8003288: 4815 ldr r0, [pc, #84] ; (80032e0 ) + 800328a: f7fd fbcb bl 8000a24 + + int rv = ae_encrypted_read32(data_slot, 0, read_kn, read_key, data); + 800328e: 9600 str r6, [sp, #0] + 8003290: 464b mov r3, r9 + 8003292: 4642 mov r2, r8 + 8003294: 2100 movs r1, #0 + 8003296: 4638 mov r0, r7 + 8003298: f7ff ffbf bl 800321a + RET_IF_BAD(rv); + 800329c: 4604 mov r4, r0 + 800329e: b9d0 cbnz r0, 80032d6 + + if(len == 32) return 0; + 80032a0: 2d20 cmp r5, #32 + 80032a2: d018 beq.n 80032d6 + + rv = ae_encrypted_read32(data_slot, 1, read_kn, read_key, data+32); + 80032a4: f106 0320 add.w r3, r6, #32 + 80032a8: 9300 str r3, [sp, #0] + 80032aa: 4642 mov r2, r8 + 80032ac: 464b mov r3, r9 + 80032ae: 2101 movs r1, #1 + 80032b0: 4638 mov r0, r7 + 80032b2: f7ff ffb2 bl 800321a + RET_IF_BAD(rv); + 80032b6: 4604 mov r4, r0 + 80032b8: b968 cbnz r0, 80032d6 + + uint8_t tmp[32]; + rv = ae_encrypted_read32(data_slot, 2, read_kn, read_key, tmp); + 80032ba: ad02 add r5, sp, #8 + 80032bc: 9500 str r5, [sp, #0] + 80032be: 464b mov r3, r9 + 80032c0: 4642 mov r2, r8 + 80032c2: 2102 movs r1, #2 + 80032c4: 4638 mov r0, r7 + 80032c6: f7ff ffa8 bl 800321a + RET_IF_BAD(rv); + 80032ca: 4604 mov r4, r0 + 80032cc: b918 cbnz r0, 80032d6 + + memcpy(data+64, tmp, 72-64); + 80032ce: 462a mov r2, r5 + 80032d0: ca03 ldmia r2!, {r0, r1} + 80032d2: 6430 str r0, [r6, #64] ; 0x40 + 80032d4: 6471 str r1, [r6, #68] ; 0x44 + + return 0; +} + 80032d6: 4620 mov r0, r4 + 80032d8: b00b add sp, #44 ; 0x2c + 80032da: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + 80032de: bf00 nop + 80032e0: 0800e354 .word 0x0800e354 + +080032e4 : +// ae_encrypted_write() +// + int +ae_encrypted_write32(int data_slot, int blk, int write_kn, + const uint8_t write_key[32], const uint8_t data[32]) +{ + 80032e4: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 80032e8: b0b8 sub sp, #224 ; 0xe0 + 80032ea: 4617 mov r7, r2 + 80032ec: 460d mov r5, r1 + 80032ee: 9e3e ldr r6, [sp, #248] ; 0xf8 + 80032f0: 9303 str r3, [sp, #12] + 80032f2: 4604 mov r4, r0 + uint8_t digest[32]; + + ae_pair_unlock(); + 80032f4: f7ff fd4c bl 8002d90 + + // generate a hash over shared secret and rng + int rv = ae_gendig_slot(write_kn, write_key, digest); + 80032f8: 9903 ldr r1, [sp, #12] + 80032fa: aa0d add r2, sp, #52 ; 0x34 + 80032fc: 4638 mov r0, r7 + 80032fe: f7ff fe67 bl 8002fd0 + RET_IF_BAD(rv); + 8003302: 2800 cmp r0, #0 + 8003304: d151 bne.n 80033aa + 8003306: 1e72 subs r2, r6, #1 + 8003308: af0d add r7, sp, #52 ; 0x34 + 800330a: a915 add r1, sp, #84 ; 0x54 + 800330c: f106 0c1f add.w ip, r6, #31 + + // encrypt the data to be written, and append an authenticating MAC + uint8_t body[32 + 32]; + + for(int i=0; i<32; i++) { + body[i] = data[i] ^ digest[i]; + 8003310: f812 ef01 ldrb.w lr, [r2, #1]! + 8003314: f817 0b01 ldrb.w r0, [r7], #1 + for(int i=0; i<32; i++) { + 8003318: 4562 cmp r2, ip + body[i] = data[i] ^ digest[i]; + 800331a: ea80 000e eor.w r0, r0, lr + 800331e: f801 0b01 strb.w r0, [r1], #1 + for(int i=0; i<32; i++) { + 8003322: d1f5 bne.n 8003310 + // + (b'\0'*25) + // + new_value) + // assert len(msg) == 32+1+1+2+1+2+25+32 + // + SHA256_CTX ctx; + sha256_init(&ctx); + 8003324: a825 add r0, sp, #148 ; 0x94 + 8003326: f002 f89b bl 8005460 + + uint8_t p1 = 0x80|2; // 32 bytes into a data slot + uint8_t p2_lsb = (data_slot << 3); + uint8_t p2_msb = blk; + + uint8_t args[7] = { OP_Write, p1, p2_lsb, p2_msb, 0xEE, 0x01, 0x23 }; + 800332a: 22ee movs r2, #238 ; 0xee + 800332c: f88d 2014 strb.w r2, [sp, #20] + 8003330: 2201 movs r2, #1 + 8003332: f88d 2015 strb.w r2, [sp, #21] + uint8_t p2_lsb = (data_slot << 3); + 8003336: 00e4 lsls r4, r4, #3 + uint8_t args[7] = { OP_Write, p1, p2_lsb, p2_msb, 0xEE, 0x01, 0x23 }; + 8003338: 2223 movs r2, #35 ; 0x23 + uint8_t zeros[25] = { 0 }; + 800333a: 2100 movs r1, #0 + uint8_t p2_lsb = (data_slot << 3); + 800333c: b2e4 uxtb r4, r4 + uint8_t args[7] = { OP_Write, p1, p2_lsb, p2_msb, 0xEE, 0x01, 0x23 }; + 800333e: 2712 movs r7, #18 + 8003340: f04f 0882 mov.w r8, #130 ; 0x82 + 8003344: f88d 2016 strb.w r2, [sp, #22] + uint8_t zeros[25] = { 0 }; + 8003348: a807 add r0, sp, #28 + 800334a: 2215 movs r2, #21 + 800334c: 9106 str r1, [sp, #24] + uint8_t args[7] = { OP_Write, p1, p2_lsb, p2_msb, 0xEE, 0x01, 0x23 }; + 800334e: f88d 7010 strb.w r7, [sp, #16] + 8003352: f88d 8011 strb.w r8, [sp, #17] + 8003356: f88d 4012 strb.w r4, [sp, #18] + uint8_t p2_msb = blk; + 800335a: f88d 5013 strb.w r5, [sp, #19] + uint8_t zeros[25] = { 0 }; + 800335e: f00a f957 bl 800d610 + + sha256_update(&ctx, digest, 32); + 8003362: 2220 movs r2, #32 + 8003364: a90d add r1, sp, #52 ; 0x34 + 8003366: a825 add r0, sp, #148 ; 0x94 + 8003368: f002 f888 bl 800547c + sha256_update(&ctx, args, sizeof(args)); + 800336c: 2207 movs r2, #7 + 800336e: a904 add r1, sp, #16 + 8003370: a825 add r0, sp, #148 ; 0x94 + 8003372: f002 f883 bl 800547c + sha256_update(&ctx, zeros, sizeof(zeros)); + 8003376: 2219 movs r2, #25 + 8003378: a906 add r1, sp, #24 + 800337a: a825 add r0, sp, #148 ; 0x94 + 800337c: f002 f87e bl 800547c + sha256_update(&ctx, data, 32); + 8003380: 2220 movs r2, #32 + 8003382: 4631 mov r1, r6 + 8003384: a825 add r0, sp, #148 ; 0x94 + 8003386: f002 f879 bl 800547c + + sha256_final(&ctx, &body[32]); + 800338a: a91d add r1, sp, #116 ; 0x74 + 800338c: a825 add r0, sp, #148 ; 0x94 + 800338e: f002 f8bb bl 8005508 + + ae_send_n(OP_Write, p1, (p2_msb << 8) | p2_lsb, body, sizeof(body)); + 8003392: 2140 movs r1, #64 ; 0x40 + 8003394: ea44 2205 orr.w r2, r4, r5, lsl #8 + 8003398: b292 uxth r2, r2 + 800339a: 9100 str r1, [sp, #0] + 800339c: ab15 add r3, sp, #84 ; 0x54 + 800339e: 4641 mov r1, r8 + 80033a0: 4638 mov r0, r7 + 80033a2: f7ff fb89 bl 8002ab8 + + return ae_read1(); + 80033a6: f7ff fb31 bl 8002a0c +} + 80033aa: b038 add sp, #224 ; 0xe0 + 80033ac: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + +080033b0 : +// ae_encrypted_write() +// + int +ae_encrypted_write(int data_slot, int write_kn, const uint8_t write_key[32], + const uint8_t *data, int len) +{ + 80033b0: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 80033b4: b08a sub sp, #40 ; 0x28 + ASSERT(data_slot >= 0); + ASSERT(data_slot <= 15); + 80033b6: 280f cmp r0, #15 +{ + 80033b8: 9d12 ldr r5, [sp, #72] ; 0x48 + 80033ba: 4606 mov r6, r0 + 80033bc: 460f mov r7, r1 + 80033be: 4690 mov r8, r2 + 80033c0: 4699 mov r9, r3 + ASSERT(data_slot <= 15); + 80033c2: d902 bls.n 80033ca + ASSERT(data_slot >= 0); + 80033c4: 4814 ldr r0, [pc, #80] ; (8003418 ) + 80033c6: f7fd fb2d bl 8000a24 + + for(int blk=0; blk<3 && len>0; blk++, len-=32) { + 80033ca: 2400 movs r4, #0 + int here = MIN(32, len); + + // be nice and don't read past end of input buffer + uint8_t tmp[32] = { 0 }; + 80033cc: 46a2 mov sl, r4 + for(int blk=0; blk<3 && len>0; blk++, len-=32) { + 80033ce: 2d00 cmp r5, #0 + 80033d0: dd1d ble.n 800340e + uint8_t tmp[32] = { 0 }; + 80033d2: 221c movs r2, #28 + 80033d4: 2100 movs r1, #0 + 80033d6: a803 add r0, sp, #12 + 80033d8: f8cd a008 str.w sl, [sp, #8] + 80033dc: f00a f918 bl 800d610 + memcpy(tmp, data+(32*blk), here); + 80033e0: ab02 add r3, sp, #8 + 80033e2: 2d20 cmp r5, #32 + 80033e4: 462a mov r2, r5 + 80033e6: eb09 1144 add.w r1, r9, r4, lsl #5 + 80033ea: bfa8 it ge + 80033ec: 2220 movge r2, #32 + 80033ee: 4618 mov r0, r3 + 80033f0: f00a f8e6 bl 800d5c0 + + int rv = ae_encrypted_write32(data_slot, blk, write_kn, write_key, tmp); + 80033f4: 4643 mov r3, r8 + 80033f6: 9000 str r0, [sp, #0] + 80033f8: 463a mov r2, r7 + 80033fa: 4621 mov r1, r4 + 80033fc: 4630 mov r0, r6 + 80033fe: f7ff ff71 bl 80032e4 + RET_IF_BAD(rv); + 8003402: b928 cbnz r0, 8003410 + for(int blk=0; blk<3 && len>0; blk++, len-=32) { + 8003404: 3401 adds r4, #1 + 8003406: 2c03 cmp r4, #3 + 8003408: f1a5 0520 sub.w r5, r5, #32 + 800340c: d1df bne.n 80033ce + } + + return 0; + 800340e: 2000 movs r0, #0 +} + 8003410: b00a add sp, #40 ; 0x28 + 8003412: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + 8003416: bf00 nop + 8003418: 0800e354 .word 0x0800e354 + +0800341c : + +// ae_read_data_slot() +// + int +ae_read_data_slot(int slot_num, uint8_t *data, int len) +{ + 800341c: b570 push {r4, r5, r6, lr} + ASSERT((len == 4) || (len == 32) || (len == 72)); + 800341e: 2a04 cmp r2, #4 +{ + 8003420: b088 sub sp, #32 + 8003422: 460d mov r5, r1 + 8003424: 4616 mov r6, r2 + ASSERT((len == 4) || (len == 32) || (len == 72)); + 8003426: d006 beq.n 8003436 + 8003428: 2a20 cmp r2, #32 + 800342a: d038 beq.n 800349e + 800342c: 2a48 cmp r2, #72 ; 0x48 + 800342e: d036 beq.n 800349e + 8003430: 481c ldr r0, [pc, #112] ; (80034a4 ) + 8003432: f7fd faf7 bl 8000a24 + + // zone => data + // only reading first block of 32 bytes. ignore the rest + ae_send(OP_Read, (len == 4 ? 0x00 : 0x80) | 2, (slot_num<<3)); + 8003436: 2102 movs r1, #2 + 8003438: 00c4 lsls r4, r0, #3 + 800343a: b2a2 uxth r2, r4 + 800343c: 2002 movs r0, #2 + 800343e: f7ff fb6e bl 8002b1e + + int rv = ae_read_n((len == 4) ? 4 : 32, data); + 8003442: 2e04 cmp r6, #4 + 8003444: 4629 mov r1, r5 + 8003446: bf0c ite eq + 8003448: 2004 moveq r0, #4 + 800344a: 2020 movne r0, #32 + 800344c: f7ff fafa bl 8002a44 + RET_IF_BAD(rv); + 8003450: 4603 mov r3, r0 + 8003452: bb08 cbnz r0, 8003498 + + if(len == 72) { + 8003454: 2e48 cmp r6, #72 ; 0x48 + 8003456: d11f bne.n 8003498 + // read second block + ae_send(OP_Read, 0x82, (1<<8) | (slot_num<<3)); + 8003458: b224 sxth r4, r4 + 800345a: f444 7280 orr.w r2, r4, #256 ; 0x100 + 800345e: b292 uxth r2, r2 + 8003460: 2182 movs r1, #130 ; 0x82 + 8003462: 2002 movs r0, #2 + 8003464: f7ff fb5b bl 8002b1e + + int rv = ae_read_n(32, data+32); + 8003468: f105 0120 add.w r1, r5, #32 + 800346c: 2020 movs r0, #32 + 800346e: f7ff fae9 bl 8002a44 + RET_IF_BAD(rv); + 8003472: 4603 mov r3, r0 + 8003474: b980 cbnz r0, 8003498 + + // read third block, but only using part of it + uint8_t tmp[32]; + ae_send(OP_Read, 0x82, (2<<8) | (slot_num<<3)); + 8003476: f444 7400 orr.w r4, r4, #512 ; 0x200 + 800347a: b2a2 uxth r2, r4 + 800347c: 2182 movs r1, #130 ; 0x82 + 800347e: 2002 movs r0, #2 + 8003480: f7ff fb4d bl 8002b1e + + rv = ae_read_n(32, tmp); + 8003484: 4669 mov r1, sp + 8003486: 2020 movs r0, #32 + 8003488: f7ff fadc bl 8002a44 + RET_IF_BAD(rv); + 800348c: 4603 mov r3, r0 + 800348e: b918 cbnz r0, 8003498 + + memcpy(data+64, tmp, 72-64); + 8003490: 466a mov r2, sp + 8003492: ca03 ldmia r2!, {r0, r1} + 8003494: 6428 str r0, [r5, #64] ; 0x40 + 8003496: 6469 str r1, [r5, #68] ; 0x44 + } + + return 0; +} + 8003498: 4618 mov r0, r3 + 800349a: b008 add sp, #32 + 800349c: bd70 pop {r4, r5, r6, pc} + ae_send(OP_Read, (len == 4 ? 0x00 : 0x80) | 2, (slot_num<<3)); + 800349e: 2182 movs r1, #130 ; 0x82 + 80034a0: e7ca b.n 8003438 + 80034a2: bf00 nop + 80034a4: 0800e354 .word 0x0800e354 + +080034a8 : + +// ae_set_gpio() +// + int +ae_set_gpio(int state) +{ + 80034a8: b513 push {r0, r1, r4, lr} + // 1=turn on green, 0=red light (if not yet configured to be secure) + ae_send(OP_Info, 3, 2 | (!!state)); + 80034aa: 1e04 subs r4, r0, #0 + 80034ac: bf14 ite ne + 80034ae: 2203 movne r2, #3 + 80034b0: 2202 moveq r2, #2 + 80034b2: 2103 movs r1, #3 + 80034b4: 2030 movs r0, #48 ; 0x30 + 80034b6: f7ff fb32 bl 8002b1e + + // "Always return the current state in the first byte followed by three bytes of 0x00" + // - simple 1/0, in LSB. + uint8_t resp[4]; + + int rv = ae_read_n(4, resp); + 80034ba: a901 add r1, sp, #4 + 80034bc: 2004 movs r0, #4 + 80034be: f7ff fac1 bl 8002a44 + RET_IF_BAD(rv); + 80034c2: b928 cbnz r0, 80034d0 + + return (resp[0] != state) ? -1 : 0; + 80034c4: f89d 0004 ldrb.w r0, [sp, #4] + 80034c8: 1b00 subs r0, r0, r4 + 80034ca: bf18 it ne + 80034cc: f04f 30ff movne.w r0, #4294967295 ; 0xffffffff +} + 80034d0: b002 add sp, #8 + 80034d2: bd10 pop {r4, pc} + +080034d4 : +// +// Set the GPIO using secure hash generated somehow already. +// + int +ae_set_gpio_secure(uint8_t digest[32]) +{ + 80034d4: b538 push {r3, r4, r5, lr} + 80034d6: 4605 mov r5, r0 + ae_pair_unlock(); + 80034d8: f7ff fc5a bl 8002d90 + ae_checkmac(KEYNUM_firmware, digest); + 80034dc: 4629 mov r1, r5 + 80034de: 200e movs r0, #14 + 80034e0: f7ff fbd4 bl 8002c8c + + int rv = ae_set_gpio(1); + 80034e4: 2001 movs r0, #1 + 80034e6: f7ff ffdf bl 80034a8 + + if(rv == 0) { + 80034ea: 4604 mov r4, r0 + 80034ec: b940 cbnz r0, 8003500 + // trust that readback, and so do a verify that the chip has + // the digest we think it does. If MitM wanted to turn off the output, + // they can do that anytime regardless. We just don't want them to be + // able to fake it being set, and therefore bypass the + // "unsigned firmware" delay and warning. + ae_pair_unlock(); + 80034ee: f7ff fc4f bl 8002d90 + + if(ae_checkmac_hard(KEYNUM_firmware, digest) != 0) { + 80034f2: 4629 mov r1, r5 + 80034f4: 200e movs r0, #14 + 80034f6: f7ff fdd9 bl 80030ac + 80034fa: b108 cbz r0, 8003500 + fatal_mitm(); + 80034fc: f7fd fa9c bl 8000a38 + } + } + + return rv; +} + 8003500: 4620 mov r0, r4 + 8003502: bd38 pop {r3, r4, r5, pc} + +08003504 : +// +// IMPORTANT: do not trust this result, could be MitM'ed. +// + uint8_t +ae_get_gpio(void) +{ + 8003504: b507 push {r0, r1, r2, lr} + // not doing error checking here + ae_send(OP_Info, 0x3, 0); + 8003506: 2200 movs r2, #0 + 8003508: 2103 movs r1, #3 + 800350a: 2030 movs r0, #48 ; 0x30 + 800350c: f7ff fb07 bl 8002b1e + + // note: always returns 4 bytes, but most are garbage and unused. + uint8_t tmp[4]; + ae_read_n(4, tmp); + 8003510: a901 add r1, sp, #4 + 8003512: 2004 movs r0, #4 + 8003514: f7ff fa96 bl 8002a44 + + return tmp[0]; +} + 8003518: f89d 0004 ldrb.w r0, [sp, #4] + 800351c: b003 add sp, #12 + 800351e: f85d fb04 ldr.w pc, [sp], #4 + +08003522 : +// +// Read a 4-byte area from config area, or -1 if fail. +// + int +ae_read_config_word(int offset, uint8_t *dest) +{ + 8003522: b510 push {r4, lr} + offset &= 0x7f; + + // read 32 bits (aligned) + ae_send(OP_Read, 0x00, offset/4); + 8003524: f3c0 0284 ubfx r2, r0, #2, #5 +{ + 8003528: 460c mov r4, r1 + ae_send(OP_Read, 0x00, offset/4); + 800352a: 2002 movs r0, #2 + 800352c: 2100 movs r1, #0 + 800352e: f7ff faf6 bl 8002b1e + + int rv = ae_read_n(4, dest); + 8003532: 4621 mov r1, r4 + 8003534: 2004 movs r0, #4 + 8003536: f7ff fa85 bl 8002a44 + if(rv) return -1; + 800353a: 3800 subs r0, #0 + 800353c: bf18 it ne + 800353e: 2001 movne r0, #1 + + return 0; +} + 8003540: 4240 negs r0, r0 + 8003542: bd10 pop {r4, pc} + +08003544 : +{ + 8003544: b513 push {r0, r1, r4, lr} + 8003546: 4604 mov r4, r0 + ae_read_config_word(offset, tmp); + 8003548: a901 add r1, sp, #4 + 800354a: f7ff ffea bl 8003522 + return tmp[offset % 4]; + 800354e: 4263 negs r3, r4 + 8003550: f003 0303 and.w r3, r3, #3 + 8003554: f004 0403 and.w r4, r4, #3 + 8003558: bf58 it pl + 800355a: 425c negpl r4, r3 + 800355c: f104 0308 add.w r3, r4, #8 + 8003560: eb0d 0403 add.w r4, sp, r3 +} + 8003564: f814 0c04 ldrb.w r0, [r4, #-4] + 8003568: b002 add sp, #8 + 800356a: bd10 pop {r4, pc} + +0800356c : + +// ae_destroy_key() +// + int +ae_destroy_key(int keynum) +{ + 800356c: b510 push {r4, lr} + 800356e: b090 sub sp, #64 ; 0x40 + uint8_t numin[20]; + + // Load tempkey with a known (random) nonce value + rng_buffer(numin, sizeof(numin)); + 8003570: 2114 movs r1, #20 +{ + 8003572: 4604 mov r4, r0 + rng_buffer(numin, sizeof(numin)); + 8003574: a803 add r0, sp, #12 + 8003576: f7ff f8db bl 8002730 + ae_send_n(OP_Nonce, 0, 0, numin, 20); + 800357a: 2314 movs r3, #20 + 800357c: 2200 movs r2, #0 + 800357e: 9300 str r3, [sp, #0] + 8003580: 4611 mov r1, r2 + 8003582: 2016 movs r0, #22 + 8003584: ab03 add r3, sp, #12 + 8003586: f7ff fa97 bl 8002ab8 + + // Nonce command returns the RNG result, not contents of TempKey, + // but since we are destroying, no need to calculate what it is. + uint8_t randout[32]; + int rv = ae_read_n(32, randout); + 800358a: a908 add r1, sp, #32 + 800358c: 2020 movs r0, #32 + 800358e: f7ff fa59 bl 8002a44 + RET_IF_BAD(rv); + 8003592: b930 cbnz r0, 80035a2 + + // do a "DeriveKey" operation, based on that! + ae_send(OP_DeriveKey, 0x00, keynum); + 8003594: 4601 mov r1, r0 + 8003596: b2a2 uxth r2, r4 + 8003598: 201c movs r0, #28 + 800359a: f7ff fac0 bl 8002b1e + + return ae_read1(); + 800359e: f7ff fa35 bl 8002a0c +} + 80035a2: b010 add sp, #64 ; 0x40 + 80035a4: bd10 pop {r4, pc} + +080035a6 : + +// ae_config_read() +// + int +ae_config_read(uint8_t config[128]) +{ + 80035a6: b538 push {r3, r4, r5, lr} + 80035a8: 4605 mov r5, r0 + for(int blk=0; blk<4; blk++) { + 80035aa: 2400 movs r4, #0 + // read 32 bytes (aligned) from config "zone" + ae_send(OP_Read, 0x80, blk<<3); + 80035ac: 00e2 lsls r2, r4, #3 + 80035ae: 2180 movs r1, #128 ; 0x80 + 80035b0: 2002 movs r0, #2 + 80035b2: b292 uxth r2, r2 + 80035b4: f7ff fab3 bl 8002b1e + + int rv = ae_read_n(32, &config[32*blk]); + 80035b8: eb05 1144 add.w r1, r5, r4, lsl #5 + 80035bc: 2020 movs r0, #32 + 80035be: f7ff fa41 bl 8002a44 + if(rv) return EIO; + 80035c2: b918 cbnz r0, 80035cc + for(int blk=0; blk<4; blk++) { + 80035c4: 3401 adds r4, #1 + 80035c6: 2c04 cmp r4, #4 + 80035c8: d1f0 bne.n 80035ac + } + + return 0; +} + 80035ca: bd38 pop {r3, r4, r5, pc} + if(rv) return EIO; + 80035cc: 2005 movs r0, #5 + 80035ce: e7fc b.n 80035ca + +080035d0 : +// us to write the (existing) pairing secret into, they would see the pairing +// secret in cleartext. They could then restore original chip and access freely. +// + int +ae_setup_config(void) +{ + 80035d0: b5f0 push {r4, r5, r6, r7, lr} + 80035d2: 2405 movs r4, #5 + 80035d4: f5ad 7d41 sub.w sp, sp, #772 ; 0x304 + // Need to wake up AE, since many things happen before this point. + for(int retry=0; retry<5; retry++) { + if(!ae_probe()) break; + 80035d8: f7ff fc6c bl 8002eb4 + 80035dc: b108 cbz r0, 80035e2 + for(int retry=0; retry<5; retry++) { + 80035de: 3c01 subs r4, #1 + 80035e0: d1fa bne.n 80035d8 + // Is data zone is locked? + // Allow rest of function to happen if it's not. + +#if 1 + // 0x55 = unlocked; 0x00 = locked + bool data_locked = (ae_read_config_byte(86) != 0x55); + 80035e2: 2056 movs r0, #86 ; 0x56 + 80035e4: f7ff ffae bl 8003544 + if(data_locked) return 0; // basically success + 80035e8: 2855 cmp r0, #85 ; 0x55 + 80035ea: f040 80df bne.w 80037ac + + // To lock, we need a CRC over whole thing, but we + // only set a few values... plus the serial number is + // in there, so start with some readout. + uint8_t config[128]; + int rv = ae_config_read(config); + 80035ee: a838 add r0, sp, #224 ; 0xe0 + 80035f0: f7ff ffd9 bl 80035a6 + if(rv) return rv; + 80035f4: 4604 mov r4, r0 + 80035f6: 2800 cmp r0, #0 + 80035f8: f040 80d9 bne.w 80037ae + uint8_t config[128]; + while(ae_config_read(config)) ; +#endif + + // verify some fixed values + ASSERT(config[0] == 0x01); + 80035fc: f89d 30e0 ldrb.w r3, [sp, #224] ; 0xe0 + 8003600: 2b01 cmp r3, #1 + 8003602: d002 beq.n 800360a + 8003604: 486f ldr r0, [pc, #444] ; (80037c4 ) + + ae_keep_alive(); + + // lock config zone + if(ae_lock_config_zone(config)) { + INCONSISTENT("conf lock"); + 8003606: f7fd fa0d bl 8000a24 + ASSERT(config[1] == 0x23); + 800360a: f89d 30e1 ldrb.w r3, [sp, #225] ; 0xe1 + 800360e: 2b23 cmp r3, #35 ; 0x23 + 8003610: d1f8 bne.n 8003604 + ASSERT(config[12] == 0xee); + 8003612: f89d 30ec ldrb.w r3, [sp, #236] ; 0xec + 8003616: 2bee cmp r3, #238 ; 0xee + 8003618: d1f4 bne.n 8003604 + int8_t partno = ((config[6]>>4)&0xf); + 800361a: f89d 30e6 ldrb.w r3, [sp, #230] ; 0xe6 + ASSERT(partno == 6); + 800361e: 091b lsrs r3, r3, #4 + 8003620: 2b06 cmp r3, #6 + 8003622: d1ef bne.n 8003604 + memcpy(serial, &config[0], 4); + 8003624: 9b38 ldr r3, [sp, #224] ; 0xe0 + 8003626: 9303 str r3, [sp, #12] + memcpy(&serial[4], &config[8], 5); + 8003628: ab3a add r3, sp, #232 ; 0xe8 + 800362a: e893 0003 ldmia.w r3, {r0, r1} + 800362e: 9004 str r0, [sp, #16] + 8003630: f88d 1014 strb.w r1, [sp, #20] + if(check_all_ones(rom_secrets->ae_serial_number, 9)) { + 8003634: 4864 ldr r0, [pc, #400] ; (80037c8 ) + 8003636: 2109 movs r1, #9 + 8003638: f7ff f812 bl 8002660 + 800363c: b110 cbz r0, 8003644 + flash_save_ae_serial(serial); + 800363e: a803 add r0, sp, #12 + 8003640: f7fe fd66 bl 8002110 + if(!check_equal(rom_secrets->ae_serial_number, serial, 9)) { + 8003644: 4860 ldr r0, [pc, #384] ; (80037c8 ) + 8003646: 2209 movs r2, #9 + 8003648: a903 add r1, sp, #12 + 800364a: f7ff f822 bl 8002692 + 800364e: 2800 cmp r0, #0 + 8003650: f000 80b6 beq.w 80037c0 + if(config[87] == 0x55) { + 8003654: f89d 3137 ldrb.w r3, [sp, #311] ; 0x137 + 8003658: 2b55 cmp r3, #85 ; 0x55 + 800365a: d12b bne.n 80036b4 + memcpy(&config[16], config_1, sizeof(config_1)); + 800365c: 495b ldr r1, [pc, #364] ; (80037cc ) + 800365e: 2244 movs r2, #68 ; 0x44 + 8003660: a83c add r0, sp, #240 ; 0xf0 + 8003662: f009 ffad bl 800d5c0 + memcpy(&config[90], config_2, sizeof(config_2)); + 8003666: 4b5a ldr r3, [pc, #360] ; (80037d0 ) + 8003668: f50d 729d add.w r2, sp, #314 ; 0x13a + 800366c: f103 0124 add.w r1, r3, #36 ; 0x24 + 8003670: f853 0b04 ldr.w r0, [r3], #4 + 8003674: f842 0b04 str.w r0, [r2], #4 + 8003678: 428b cmp r3, r1 + 800367a: d1f9 bne.n 8003670 + 800367c: 881b ldrh r3, [r3, #0] + 800367e: 8013 strh r3, [r2, #0] + for(int n=16; n<128; n+= 4) { + 8003680: 2510 movs r5, #16 + ae_send_n(OP_Write, 0, n/4, &config[n], 4); + 8003682: 2604 movs r6, #4 + if(n == 84) continue; // that word not writable + 8003684: 2d54 cmp r5, #84 ; 0x54 + 8003686: d130 bne.n 80036ea + for(int n=16; n<128; n+= 4) { + 8003688: 3504 adds r5, #4 + 800368a: 2d80 cmp r5, #128 ; 0x80 + 800368c: d1fa bne.n 8003684 + ae_send_idle(); + 800368e: f7ff f90a bl 80028a6 + uint8_t crc[2] = {0, 0}; + 8003692: 2600 movs r6, #0 + crc16_chain(128, config, crc); + 8003694: aa58 add r2, sp, #352 ; 0x160 + 8003696: a938 add r1, sp, #224 ; 0xe0 + 8003698: 4628 mov r0, r5 + uint8_t crc[2] = {0, 0}; + 800369a: f8ad 6160 strh.w r6, [sp, #352] ; 0x160 + crc16_chain(128, config, crc); + 800369e: f7ff f8b5 bl 800280c + ae_send(OP_Lock, 0x0, (crc[1]<<8) | crc[0]); + 80036a2: f8bd 2160 ldrh.w r2, [sp, #352] ; 0x160 + 80036a6: 4631 mov r1, r6 + 80036a8: 2017 movs r0, #23 + 80036aa: f7ff fa38 bl 8002b1e + return ae_read1(); + 80036ae: f7ff f9ad bl 8002a0c + if(ae_lock_config_zone(config)) { + 80036b2: bb38 cbnz r0, 8003704 + // Load data zone with some known values. + // The datazone still unlocked, so no encryption needed (nor possible). + + // will use zeros for all PIN codes, and customer-defined-secret starting values + uint8_t zeros[72]; + memset(zeros, 0, sizeof(zeros)); + 80036b4: 2248 movs r2, #72 ; 0x48 + 80036b6: 2100 movs r1, #0 + 80036b8: a826 add r0, sp, #152 ; 0x98 + 80036ba: f009 ffa9 bl 800d610 + se2_save_auth_pubkey(pubkey); + break; + } + + case 0: + if(ae_write_data_slot(kn, (const uint8_t *)copyright_msg, 32, true)) { + 80036be: 4e45 ldr r6, [pc, #276] ; (80037d4 ) + 80036c0: f8bd 5138 ldrh.w r5, [sp, #312] ; 0x138 + if(ae_write_data_slot(kn, rom_secrets->pairing_secret, 32, false)) { + 80036c4: 4f44 ldr r7, [pc, #272] ; (80037d8 ) + ae_send_idle(); + 80036c6: f7ff f8ee bl 80028a6 + if(!(unlocked & (1< + switch(kn) { + 80036d2: 2c0e cmp r4, #14 + 80036d4: d85c bhi.n 8003790 + 80036d6: e8df f004 tbb [pc, r4] + 80036da: 176e .short 0x176e + 80036dc: 29202920 .word 0x29202920 + 80036e0: 2d304c3e .word 0x2d304c3e + 80036e4: 2d2d2d2d .word 0x2d2d2d2d + 80036e8: 29 .byte 0x29 + 80036e9: 00 .byte 0x00 + ae_send_n(OP_Write, 0, n/4, &config[n], 4); + 80036ea: ab38 add r3, sp, #224 ; 0xe0 + 80036ec: 442b add r3, r5 + 80036ee: f3c5 028f ubfx r2, r5, #2, #16 + 80036f2: 2100 movs r1, #0 + 80036f4: 2012 movs r0, #18 + 80036f6: 9600 str r6, [sp, #0] + 80036f8: f7ff f9de bl 8002ab8 + int rv = ae_read1(); + 80036fc: f7ff f986 bl 8002a0c + if(rv) return rv; + 8003700: 2800 cmp r0, #0 + 8003702: d0c1 beq.n 8003688 + INCONSISTENT("conf lock"); + 8003704: 4835 ldr r0, [pc, #212] ; (80037dc ) + 8003706: e77e b.n 8003606 + if(ae_write_data_slot(kn, rom_secrets->pairing_secret, 32, false)) { + 8003708: 2300 movs r3, #0 + 800370a: 2220 movs r2, #32 + 800370c: 4639 mov r1, r7 + 800370e: 2001 movs r0, #1 + if(ae_write_data_slot(kn, (const uint8_t *)copyright_msg, 32, true)) { + 8003710: f7ff fbf4 bl 8002efc + 8003714: 2800 cmp r0, #0 + 8003716: d03b beq.n 8003790 + 8003718: e7f4 b.n 8003704 + rng_buffer(tmp, sizeof(tmp)); + 800371a: 2120 movs r1, #32 + 800371c: a806 add r0, sp, #24 + 800371e: f7ff f807 bl 8002730 + if(ae_write_data_slot(kn, tmp, 32, true)) { + 8003722: 2301 movs r3, #1 + 8003724: 2220 movs r2, #32 + 8003726: a906 add r1, sp, #24 + if(ae_write_data_slot(kn, zeros, 32, false)) { + 8003728: 4620 mov r0, r4 + 800372a: e7f1 b.n 8003710 + 800372c: 2300 movs r3, #0 + 800372e: 2220 movs r2, #32 + 8003730: a926 add r1, sp, #152 ; 0x98 + 8003732: e7f9 b.n 8003728 + if(ae_write_data_slot(kn, zeros, 72, false)) { + 8003734: 2300 movs r3, #0 + 8003736: 2248 movs r2, #72 ; 0x48 + 8003738: e7fa b.n 8003730 + uint8_t long_zeros[416] = {0}; + 800373a: 2300 movs r3, #0 + 800373c: 4619 mov r1, r3 + 800373e: f44f 72ce mov.w r2, #412 ; 0x19c + 8003742: a859 add r0, sp, #356 ; 0x164 + 8003744: 9358 str r3, [sp, #352] ; 0x160 + 8003746: f009 ff63 bl 800d610 + if(ae_write_data_slot(kn, long_zeros, 416, false)) { + 800374a: 2300 movs r3, #0 + 800374c: f44f 72d0 mov.w r2, #416 ; 0x1a0 + 8003750: a958 add r1, sp, #352 ; 0x160 + 8003752: 2008 movs r0, #8 + 8003754: e7dc b.n 8003710 + uint32_t buf[32/4] = { 1024, 1024 }; + 8003756: 2218 movs r2, #24 + 8003758: 2100 movs r1, #0 + 800375a: a810 add r0, sp, #64 ; 0x40 + 800375c: f009 ff58 bl 800d610 + 8003760: f44f 6380 mov.w r3, #1024 ; 0x400 + 8003764: e9cd 330e strd r3, r3, [sp, #56] ; 0x38 + if(ae_write_data_slot(KEYNUM_match_count, (const uint8_t *)buf,sizeof(buf),false)) { + 8003768: 2220 movs r2, #32 + 800376a: 2300 movs r3, #0 + 800376c: a90e add r1, sp, #56 ; 0x38 + 800376e: 2006 movs r0, #6 + 8003770: e7ce b.n 8003710 + if(ae_checkmac_hard(KEYNUM_main_pin, zeros) != 0) { + 8003772: a926 add r1, sp, #152 ; 0x98 + 8003774: 2003 movs r0, #3 + 8003776: f7ff fc99 bl 80030ac + 800377a: 2800 cmp r0, #0 + 800377c: d1c2 bne.n 8003704 + if(ae_gen_ecc_key(KEYNUM_joiner_key, pubkey)) { + 800377e: a916 add r1, sp, #88 ; 0x58 + 8003780: 2007 movs r0, #7 + 8003782: f7ff fb2b bl 8002ddc + 8003786: 2800 cmp r0, #0 + 8003788: d1bc bne.n 8003704 + se2_save_auth_pubkey(pubkey); + 800378a: a816 add r0, sp, #88 ; 0x58 + 800378c: f004 f918 bl 80079c0 + for(int kn=0; kn<16; kn++) { + 8003790: 3401 adds r4, #1 + 8003792: 2c10 cmp r4, #16 + 8003794: d197 bne.n 80036c6 + ae_send_idle(); + 8003796: f7ff f886 bl 80028a6 + ae_send(OP_Lock, 0x81, 0x0000); + 800379a: 2200 movs r2, #0 + 800379c: 2181 movs r1, #129 ; 0x81 + 800379e: 2017 movs r0, #23 + 80037a0: f7ff f9bd bl 8002b1e + return ae_read1(); + 80037a4: f7ff f932 bl 8002a0c + } + } + + // lock the data zone and effectively enter normal operation. + ae_keep_alive(); + if(ae_lock_data_zone()) { + 80037a8: 2800 cmp r0, #0 + 80037aa: d1ab bne.n 8003704 + if(data_locked) return 0; // basically success + 80037ac: 2400 movs r4, #0 + INCONSISTENT("data lock"); + } + + return 0; +} + 80037ae: 4620 mov r0, r4 + 80037b0: f50d 7d41 add.w sp, sp, #772 ; 0x304 + 80037b4: bdf0 pop {r4, r5, r6, r7, pc} + if(ae_write_data_slot(kn, (const uint8_t *)copyright_msg, 32, true)) { + 80037b6: 2301 movs r3, #1 + 80037b8: 2220 movs r2, #32 + 80037ba: 4631 mov r1, r6 + 80037bc: 2000 movs r0, #0 + 80037be: e7a7 b.n 8003710 + return EPERM; + 80037c0: 2401 movs r4, #1 + 80037c2: e7f4 b.n 80037ae + 80037c4: 0800e354 .word 0x0800e354 + 80037c8: 0801c040 .word 0x0801c040 + 80037cc: 0800e5fe .word 0x0800e5fe + 80037d0: 0800e642 .word 0x0800e642 + 80037d4: 0800e5ba .word 0x0800e5ba + 80037d8: 0801c000 .word 0x0801c000 + 80037dc: 0800d688 .word 0x0800d688 + +080037e0 : +// - but our time to do each iteration is limited by software SHA256 in ae_pair_unlock +// + int +ae_stretch_iter(const uint8_t start[32], uint8_t end[32], int iterations) +{ + ASSERT(start != end); // we can't work inplace + 80037e0: 4288 cmp r0, r1 +{ + 80037e2: b570 push {r4, r5, r6, lr} + 80037e4: 460c mov r4, r1 + 80037e6: 4615 mov r5, r2 + ASSERT(start != end); // we can't work inplace + 80037e8: d102 bne.n 80037f0 + 80037ea: 4810 ldr r0, [pc, #64] ; (800382c ) + 80037ec: f7fd f91a bl 8000a24 + memcpy(end, start, 32); + 80037f0: 460b mov r3, r1 + 80037f2: f100 0220 add.w r2, r0, #32 + 80037f6: f850 1b04 ldr.w r1, [r0], #4 + 80037fa: f843 1b04 str.w r1, [r3], #4 + 80037fe: 4290 cmp r0, r2 + 8003800: d1f9 bne.n 80037f6 + + for(int i=0; i + + int rv = ae_hmac32(KEYNUM_pin_stretch, end, end); + RET_IF_BAD(rv); + } + + return 0; + 8003808: 2000 movs r0, #0 +} + 800380a: bd70 pop {r4, r5, r6, pc} + if(ae_pair_unlock()) return -2; + 800380c: f7ff fac0 bl 8002d90 + 8003810: b940 cbnz r0, 8003824 + int rv = ae_hmac32(KEYNUM_pin_stretch, end, end); + 8003812: 4622 mov r2, r4 + 8003814: 4621 mov r1, r4 + 8003816: 2002 movs r0, #2 + 8003818: f7ff fb02 bl 8002e20 + RET_IF_BAD(rv); + 800381c: 2800 cmp r0, #0 + 800381e: d1f4 bne.n 800380a + for(int i=0; i + if(ae_pair_unlock()) return -2; + 8003824: f06f 0001 mvn.w r0, #1 + 8003828: e7ef b.n 800380a + 800382a: bf00 nop + 800382c: 0800e354 .word 0x0800e354 + +08003830 : +// Apply HMAC using secret in chip as a HMAC key, then encrypt +// the result a little because read in clear over bus. +// + int +ae_mixin_key(uint8_t keynum, const uint8_t start[32], uint8_t end[32]) +{ + 8003830: b570 push {r4, r5, r6, lr} + 8003832: b096 sub sp, #88 ; 0x58 + ASSERT(start != end); // we can't work inplace + 8003834: 4291 cmp r1, r2 +{ + 8003836: 460e mov r6, r1 + 8003838: 4614 mov r4, r2 + 800383a: f88d 0007 strb.w r0, [sp, #7] + ASSERT(start != end); // we can't work inplace + 800383e: d102 bne.n 8003846 + 8003840: 4818 ldr r0, [pc, #96] ; (80038a4 ) + 8003842: f7fd f8ef bl 8000a24 + + if(ae_pair_unlock()) return -1; + 8003846: f7ff faa3 bl 8002d90 + 800384a: bb40 cbnz r0, 800389e + + ASSERT(keynum != 0); + 800384c: f89d 0007 ldrb.w r0, [sp, #7] + 8003850: 2800 cmp r0, #0 + 8003852: d0f5 beq.n 8003840 + int rv = ae_hmac32(keynum, start, end); + 8003854: 4622 mov r2, r4 + 8003856: 4631 mov r1, r6 + 8003858: f7ff fae2 bl 8002e20 + RET_IF_BAD(rv); + 800385c: 4605 mov r5, r0 + 800385e: b9d8 cbnz r0, 8003898 + // use the value provided in cleartext[sic--it's not] write back shortly (to test it). + // Solution: one more SHA256, and to be safe, mixin lots of values! + + SHA256_CTX ctx; + + sha256_init(&ctx); + 8003860: a803 add r0, sp, #12 + 8003862: f001 fdfd bl 8005460 + sha256_update(&ctx, rom_secrets->pairing_secret, 32); + 8003866: 4910 ldr r1, [pc, #64] ; (80038a8 ) + 8003868: 2220 movs r2, #32 + 800386a: a803 add r0, sp, #12 + 800386c: f001 fe06 bl 800547c + sha256_update(&ctx, start, 32); + 8003870: 2220 movs r2, #32 + 8003872: 4631 mov r1, r6 + 8003874: a803 add r0, sp, #12 + 8003876: f001 fe01 bl 800547c + sha256_update(&ctx, &keynum, 1); + 800387a: 2201 movs r2, #1 + 800387c: f10d 0107 add.w r1, sp, #7 + 8003880: a803 add r0, sp, #12 + 8003882: f001 fdfb bl 800547c + sha256_update(&ctx, end, 32); + 8003886: 4621 mov r1, r4 + 8003888: a803 add r0, sp, #12 + 800388a: 2220 movs r2, #32 + 800388c: f001 fdf6 bl 800547c + sha256_final(&ctx, end); + 8003890: 4621 mov r1, r4 + 8003892: a803 add r0, sp, #12 + 8003894: f001 fe38 bl 8005508 + + return 0; +} + 8003898: 4628 mov r0, r5 + 800389a: b016 add sp, #88 ; 0x58 + 800389c: bd70 pop {r4, r5, r6, pc} + if(ae_pair_unlock()) return -1; + 800389e: f04f 35ff mov.w r5, #4294967295 ; 0xffffffff + 80038a2: e7f9 b.n 8003898 + 80038a4: 0800e354 .word 0x0800e354 + 80038a8: 0801c000 .word 0x0801c000 + +080038ac : +// Immediately destroy the pairing secret so that we become +// a useless brick. Ignore errors but retry. +// + void +ae_brick_myself(void) +{ + 80038ac: b510 push {r4, lr} + for(int retry=0; retry<10; retry++) { + 80038ae: 2400 movs r4, #0 + ae_reset_chip(); + 80038b0: f7ff f86a bl 8002988 + + if(retry) rng_delay(); + 80038b4: b10c cbz r4, 80038ba + 80038b6: f7fe ff51 bl 800275c + + ae_pair_unlock(); + 80038ba: f7ff fa69 bl 8002d90 + + // Concern: MitM could block this by trashing our write + // - but they have to do it without causing CRC or other comm error + // - ten times + int rv = ae_destroy_key(KEYNUM_pairing); + 80038be: 2001 movs r0, #1 + 80038c0: f7ff fe54 bl 800356c + if(rv == 0) break; + 80038c4: b120 cbz r0, 80038d0 + for(int retry=0; retry<10; retry++) { + 80038c6: 3401 adds r4, #1 + + rng_delay(); + 80038c8: f7fe ff48 bl 800275c + for(int retry=0; retry<10; retry++) { + 80038cc: 2c0a cmp r4, #10 + 80038ce: d1ef bne.n 80038b0 + } + + ae_reset_chip(); +} + 80038d0: e8bd 4010 ldmia.w sp!, {r4, lr} + ae_reset_chip(); + 80038d4: f7ff b858 b.w 8002988 + +080038d8 : +// + void +delay_ms(int ms) +{ + // Clear the COUNTFLAG and reset value to zero + SysTick->VAL = 0; + 80038d8: f04f 23e0 mov.w r3, #3758153728 ; 0xe000e000 + 80038dc: 2200 movs r2, #0 + 80038de: 619a str r2, [r3, #24] + //SysTick->CTRL; + + // Wait for ticks to happen + while(ms > 0) { + 80038e0: 2800 cmp r0, #0 + 80038e2: dc00 bgt.n 80038e6 + if(SysTick->CTRL & SysTick_CTRL_COUNTFLAG_Msk) { + ms--; + } + } +} + 80038e4: 4770 bx lr + if(SysTick->CTRL & SysTick_CTRL_COUNTFLAG_Msk) { + 80038e6: 691a ldr r2, [r3, #16] + 80038e8: 03d2 lsls r2, r2, #15 + ms--; + 80038ea: bf48 it mi + 80038ec: f100 30ff addmi.w r0, r0, #4294967295 ; 0xffffffff + 80038f0: e7f6 b.n 80038e0 + +080038f2 : +// Replace HAL version which needs interrupts +// + void +HAL_Delay(uint32_t Delay) +{ + delay_ms(Delay); + 80038f2: f7ff bff1 b.w 80038d8 + ... + +080038f8 : + // NOTES: + // - try not to limit PCB changes for future revs; leave unused unchanged. + // - oled_setup() uses pins on PA4 thru PA8 + + // enable clock to GPIO's ... we will be using them all at some point + __HAL_RCC_GPIOA_CLK_ENABLE(); + 80038f8: 4b39 ldr r3, [pc, #228] ; (80039e0 ) +{ + 80038fa: b570 push {r4, r5, r6, lr} + __HAL_RCC_GPIOA_CLK_ENABLE(); + 80038fc: 6cda ldr r2, [r3, #76] ; 0x4c + __HAL_RCC_GPIOC_CLK_ENABLE(); + __HAL_RCC_GPIOD_CLK_ENABLE(); + __HAL_RCC_GPIOE_CLK_ENABLE(); + + { // Onewire bus pins used for ATECC608 comms + GPIO_InitTypeDef setup = { + 80038fe: 4c39 ldr r4, [pc, #228] ; (80039e4 ) + __HAL_RCC_GPIOA_CLK_ENABLE(); + 8003900: f042 0201 orr.w r2, r2, #1 + 8003904: 64da str r2, [r3, #76] ; 0x4c + 8003906: 6cda ldr r2, [r3, #76] ; 0x4c +{ + 8003908: b08a sub sp, #40 ; 0x28 + __HAL_RCC_GPIOA_CLK_ENABLE(); + 800390a: f002 0201 and.w r2, r2, #1 + 800390e: 9200 str r2, [sp, #0] + 8003910: 9a00 ldr r2, [sp, #0] + __HAL_RCC_GPIOB_CLK_ENABLE(); + 8003912: 6cda ldr r2, [r3, #76] ; 0x4c + 8003914: f042 0202 orr.w r2, r2, #2 + 8003918: 64da str r2, [r3, #76] ; 0x4c + 800391a: 6cda ldr r2, [r3, #76] ; 0x4c + 800391c: f002 0202 and.w r2, r2, #2 + 8003920: 9201 str r2, [sp, #4] + 8003922: 9a01 ldr r2, [sp, #4] + __HAL_RCC_GPIOC_CLK_ENABLE(); + 8003924: 6cda ldr r2, [r3, #76] ; 0x4c + 8003926: f042 0204 orr.w r2, r2, #4 + 800392a: 64da str r2, [r3, #76] ; 0x4c + 800392c: 6cda ldr r2, [r3, #76] ; 0x4c + 800392e: f002 0204 and.w r2, r2, #4 + 8003932: 9202 str r2, [sp, #8] + 8003934: 9a02 ldr r2, [sp, #8] + __HAL_RCC_GPIOD_CLK_ENABLE(); + 8003936: 6cda ldr r2, [r3, #76] ; 0x4c + 8003938: f042 0208 orr.w r2, r2, #8 + 800393c: 64da str r2, [r3, #76] ; 0x4c + 800393e: 6cda ldr r2, [r3, #76] ; 0x4c + 8003940: f002 0208 and.w r2, r2, #8 + 8003944: 9203 str r2, [sp, #12] + 8003946: 9a03 ldr r2, [sp, #12] + __HAL_RCC_GPIOE_CLK_ENABLE(); + 8003948: 6cda ldr r2, [r3, #76] ; 0x4c + 800394a: f042 0210 orr.w r2, r2, #16 + 800394e: 64da str r2, [r3, #76] ; 0x4c + 8003950: 6cdb ldr r3, [r3, #76] ; 0x4c + 8003952: f003 0310 and.w r3, r3, #16 + 8003956: 9304 str r3, [sp, #16] + 8003958: 9b04 ldr r3, [sp, #16] + GPIO_InitTypeDef setup = { + 800395a: cc0f ldmia r4!, {r0, r1, r2, r3} + 800395c: ad05 add r5, sp, #20 + 800395e: c50f stmia r5!, {r0, r1, r2, r3} + 8003960: 6823 ldr r3, [r4, #0] + 8003962: 602b str r3, [r5, #0] + .Mode = GPIO_MODE_AF_OD, + .Pull = GPIO_NOPULL, + .Speed = GPIO_SPEED_FREQ_MEDIUM, + .Alternate = GPIO_AF8_UART4, + }; + HAL_GPIO_Init(ONEWIRE_PORT, &setup); + 8003964: a905 add r1, sp, #20 + 8003966: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 800396a: f7fd fb41 bl 8000ff0 + } + + // Bugfix: re-init of console port pins seems to wreck + // the mpy uart code, so avoid after first time. + if(USART1->BRR == 0) { + 800396e: 4b1e ldr r3, [pc, #120] ; (80039e8 ) + 8003970: 68de ldr r6, [r3, #12] + 8003972: b9ae cbnz r6, 80039a0 + // debug console: USART1 = PA9=Tx & PA10=Rx + GPIO_InitTypeDef setup = { + 8003974: 3404 adds r4, #4 + 8003976: cc0f ldmia r4!, {r0, r1, r2, r3} + 8003978: ad05 add r5, sp, #20 + 800397a: c50f stmia r5!, {r0, r1, r2, r3} + 800397c: 6823 ldr r3, [r4, #0] + 800397e: 602b str r3, [r5, #0] + .Mode = GPIO_MODE_AF_PP, + .Pull = GPIO_NOPULL, + .Speed = GPIO_SPEED_FREQ_MEDIUM, + .Alternate = GPIO_AF7_USART1, + }; + HAL_GPIO_Init(GPIOA, &setup); + 8003980: a905 add r1, sp, #20 + 8003982: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8003986: f7fd fb33 bl 8000ff0 + + setup.Pin = GPIO_PIN_10; + 800398a: f44f 6380 mov.w r3, #1024 ; 0x400 + setup.Mode = GPIO_MODE_INPUT; + 800398e: e9cd 3605 strd r3, r6, [sp, #20] + setup.Pull = GPIO_PULLUP; + HAL_GPIO_Init(GPIOA, &setup); + 8003992: a905 add r1, sp, #20 + setup.Pull = GPIO_PULLUP; + 8003994: 2301 movs r3, #1 + HAL_GPIO_Init(GPIOA, &setup); + 8003996: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + setup.Pull = GPIO_PULLUP; + 800399a: 9307 str r3, [sp, #28] + HAL_GPIO_Init(GPIOA, &setup); + 800399c: f7fd fb28 bl 8000ff0 + } + + // SD active LED: PC7 + // USB active LED: PC6 + { GPIO_InitTypeDef setup = { + 80039a0: 2400 movs r4, #0 + 80039a2: 26c0 movs r6, #192 ; 0xc0 + 80039a4: 2501 movs r5, #1 + .Pin = GPIO_PIN_7 | GPIO_PIN_6, + .Mode = GPIO_MODE_OUTPUT_PP, + .Pull = GPIO_NOPULL, + .Speed = GPIO_SPEED_FREQ_LOW, + }; + HAL_GPIO_Init(GPIOC, &setup); + 80039a6: a905 add r1, sp, #20 + 80039a8: 4810 ldr r0, [pc, #64] ; (80039ec ) + { GPIO_InitTypeDef setup = { + 80039aa: 9409 str r4, [sp, #36] ; 0x24 + 80039ac: e9cd 4407 strd r4, r4, [sp, #28] + 80039b0: e9cd 6505 strd r6, r5, [sp, #20] + HAL_GPIO_Init(GPIOC, &setup); + 80039b4: f7fd fb1c bl 8000ff0 + + HAL_GPIO_WritePin(GPIOC, GPIO_PIN_7|GPIO_PIN_6, 0); // turn LEDs off + 80039b8: 4622 mov r2, r4 + 80039ba: 4631 mov r1, r6 + 80039bc: 480b ldr r0, [pc, #44] ; (80039ec ) + 80039be: f7fd fc91 bl 80012e4 + } + + // SD card detect switch: PC13 + { GPIO_InitTypeDef setup = { + 80039c2: 2210 movs r2, #16 + 80039c4: 4621 mov r1, r4 + 80039c6: a806 add r0, sp, #24 + 80039c8: f009 fe22 bl 800d610 + 80039cc: f44f 5300 mov.w r3, #8192 ; 0x2000 + .Pin = GPIO_PIN_13, + .Mode = GPIO_MODE_INPUT, + .Pull = GPIO_PULLUP, + .Speed = GPIO_SPEED_FREQ_LOW, + }; + HAL_GPIO_Init(GPIOC, &setup); + 80039d0: 4806 ldr r0, [pc, #24] ; (80039ec ) + { GPIO_InitTypeDef setup = { + 80039d2: 9305 str r3, [sp, #20] + HAL_GPIO_Init(GPIOC, &setup); + 80039d4: a905 add r1, sp, #20 + { GPIO_InitTypeDef setup = { + 80039d6: 9507 str r5, [sp, #28] + HAL_GPIO_Init(GPIOC, &setup); + 80039d8: f7fd fb0a bl 8000ff0 + + // elsewhere... + //HAL_GPIO_WritePin(GPIOB, GPIO_PIN_13, 1); + //HAL_GPIO_WritePin(GPIOB, GPIO_PIN_13, 0); +#endif +} + 80039dc: b00a add sp, #40 ; 0x28 + 80039de: bd70 pop {r4, r5, r6, pc} + 80039e0: 40021000 .word 0x40021000 + 80039e4: 0800e668 .word 0x0800e668 + 80039e8: 40013800 .word 0x40013800 + 80039ec: 48000800 .word 0x48000800 + +080039f0 : + +// reboot_nonce() +// + static inline void +reboot_nonce(SHA256_CTX *ctx) +{ + 80039f0: b537 push {r0, r1, r2, r4, r5, lr} + uint32_t a = CRC->INIT; + 80039f2: 4d09 ldr r5, [pc, #36] ; (8003a18 ) + sha256_update(ctx, (const uint8_t *)&a, 4); + 80039f4: 2204 movs r2, #4 + uint32_t a = CRC->INIT; + 80039f6: 692b ldr r3, [r5, #16] + 80039f8: 9301 str r3, [sp, #4] + sha256_update(ctx, (const uint8_t *)&a, 4); + 80039fa: eb0d 0102 add.w r1, sp, r2 +{ + 80039fe: 4604 mov r4, r0 + sha256_update(ctx, (const uint8_t *)&a, 4); + 8003a00: f001 fd3c bl 800547c + + a = CRC->POL; + sha256_update(ctx, (const uint8_t *)&a, 4); + 8003a04: 2204 movs r2, #4 + a = CRC->POL; + 8003a06: 696b ldr r3, [r5, #20] + 8003a08: 9301 str r3, [sp, #4] + sha256_update(ctx, (const uint8_t *)&a, 4); + 8003a0a: eb0d 0102 add.w r1, sp, r2 + 8003a0e: 4620 mov r0, r4 + 8003a10: f001 fd34 bl 800547c +} + 8003a14: b003 add sp, #12 + 8003a16: bd30 pop {r4, r5, pc} + 8003a18: 40023000 .word 0x40023000 + +08003a1c : +// +// Hash up a string of digits into 32-bytes of goodness. +// + static void +pin_hash(const char *pin, int pin_len, uint8_t result[32], uint32_t purpose) +{ + 8003a1c: b570 push {r4, r5, r6, lr} + 8003a1e: b096 sub sp, #88 ; 0x58 + ASSERT(pin_len <= MAX_PIN_LEN); + 8003a20: 2920 cmp r1, #32 +{ + 8003a22: 4606 mov r6, r0 + 8003a24: 460d mov r5, r1 + 8003a26: 4614 mov r4, r2 + 8003a28: 9301 str r3, [sp, #4] + ASSERT(pin_len <= MAX_PIN_LEN); + 8003a2a: dd02 ble.n 8003a32 + 8003a2c: 4817 ldr r0, [pc, #92] ; (8003a8c ) + 8003a2e: f7fc fff9 bl 8000a24 + + if(pin_len == 0) { + 8003a32: b929 cbnz r1, 8003a40 + // zero-length PIN is considered the "blank" one: all zero + memset(result, 0, 32); + 8003a34: 2220 movs r2, #32 + 8003a36: 4620 mov r0, r4 + 8003a38: f009 fdea bl 800d610 + // and run that thru SE2 as well + se2_pin_hash(result, purpose); + + // and a second-sha256 on that, just in case. + sha256_single(result, 32, result); +} + 8003a3c: b016 add sp, #88 ; 0x58 + 8003a3e: bd70 pop {r4, r5, r6, pc} + sha256_init(&ctx); + 8003a40: a803 add r0, sp, #12 + 8003a42: f001 fd0d bl 8005460 + sha256_update(&ctx, rom_secrets->hash_cache_secret, 32); + 8003a46: a803 add r0, sp, #12 + 8003a48: 4911 ldr r1, [pc, #68] ; (8003a90 ) + 8003a4a: 2220 movs r2, #32 + 8003a4c: f001 fd16 bl 800547c + sha256_update(&ctx, (uint8_t *)&purpose, 4); + 8003a50: 2204 movs r2, #4 + 8003a52: eb0d 0102 add.w r1, sp, r2 + 8003a56: a803 add r0, sp, #12 + 8003a58: f001 fd10 bl 800547c + sha256_update(&ctx, (uint8_t *)pin, pin_len); + 8003a5c: 462a mov r2, r5 + 8003a5e: 4631 mov r1, r6 + 8003a60: a803 add r0, sp, #12 + 8003a62: f001 fd0b bl 800547c + sha256_update(&ctx, rom_secrets->pairing_secret, 32); + 8003a66: 2220 movs r2, #32 + 8003a68: a803 add r0, sp, #12 + 8003a6a: 490a ldr r1, [pc, #40] ; (8003a94 ) + 8003a6c: f001 fd06 bl 800547c + sha256_final(&ctx, result); + 8003a70: 4621 mov r1, r4 + 8003a72: a803 add r0, sp, #12 + 8003a74: f001 fd48 bl 8005508 + se2_pin_hash(result, purpose); + 8003a78: 9901 ldr r1, [sp, #4] + 8003a7a: 4620 mov r0, r4 + 8003a7c: f004 fc10 bl 80082a0 + sha256_single(result, 32, result); + 8003a80: 4622 mov r2, r4 + 8003a82: 2120 movs r1, #32 + 8003a84: 4620 mov r0, r4 + 8003a86: f001 fd53 bl 8005530 + 8003a8a: e7d7 b.n 8003a3c + 8003a8c: 0800e354 .word 0x0800e354 + 8003a90: 0801c070 .word 0x0801c070 + 8003a94: 0801c000 .word 0x0801c000 + +08003a98 <_hmac_attempt>: +// +// Maybe should be proper HMAC from fips std? Can be changed later. +// + static void +_hmac_attempt(const pinAttempt_t *args, uint8_t result[32]) +{ + 8003a98: b530 push {r4, r5, lr} + 8003a9a: b095 sub sp, #84 ; 0x54 + 8003a9c: 4604 mov r4, r0 + SHA256_CTX ctx; + + sha256_init(&ctx); + 8003a9e: a801 add r0, sp, #4 +{ + 8003aa0: 460d mov r5, r1 + sha256_init(&ctx); + 8003aa2: f001 fcdd bl 8005460 + sha256_update(&ctx, rom_secrets->pairing_secret, 32); + 8003aa6: 4911 ldr r1, [pc, #68] ; (8003aec <_hmac_attempt+0x54>) + 8003aa8: 2220 movs r2, #32 + 8003aaa: a801 add r0, sp, #4 + 8003aac: f001 fce6 bl 800547c + reboot_nonce(&ctx); + 8003ab0: a801 add r0, sp, #4 + 8003ab2: f7ff ff9d bl 80039f0 + sha256_update(&ctx, (uint8_t *)args, offsetof(pinAttempt_t, hmac)); + 8003ab6: 2244 movs r2, #68 ; 0x44 + 8003ab8: 4621 mov r1, r4 + 8003aba: a801 add r0, sp, #4 + 8003abc: f001 fcde bl 800547c + + if(args->magic_value == PA_MAGIC_V2) { + 8003ac0: 6822 ldr r2, [r4, #0] + 8003ac2: 4b0b ldr r3, [pc, #44] ; (8003af0 <_hmac_attempt+0x58>) + 8003ac4: 429a cmp r2, r3 + 8003ac6: d105 bne.n 8003ad4 <_hmac_attempt+0x3c> + sha256_update(&ctx, (uint8_t *)args->cached_main_pin, + 8003ac8: 2220 movs r2, #32 + 8003aca: f104 01f8 add.w r1, r4, #248 ; 0xf8 + 8003ace: a801 add r0, sp, #4 + 8003ad0: f001 fcd4 bl 800547c + msizeof(pinAttempt_t, cached_main_pin)); + } + + sha256_final(&ctx, result); + 8003ad4: 4629 mov r1, r5 + 8003ad6: a801 add r0, sp, #4 + 8003ad8: f001 fd16 bl 8005508 + + // and a second-sha256 on that, just in case. + sha256_single(result, 32, result); + 8003adc: 462a mov r2, r5 + 8003ade: 2120 movs r1, #32 + 8003ae0: 4628 mov r0, r5 + 8003ae2: f001 fd25 bl 8005530 +} + 8003ae6: b015 add sp, #84 ; 0x54 + 8003ae8: bd30 pop {r4, r5, pc} + 8003aea: bf00 nop + 8003aec: 0801c000 .word 0x0801c000 + 8003af0: 2eaf6312 .word 0x2eaf6312 + +08003af4 <_validate_attempt>: + +// _validate_attempt() +// + static int +_validate_attempt(const pinAttempt_t *args, bool first_time) +{ + 8003af4: b510 push {r4, lr} + 8003af6: 4604 mov r4, r0 + 8003af8: b088 sub sp, #32 + if(first_time) { + 8003afa: b969 cbnz r1, 8003b18 <_validate_attempt+0x24> + // no hmac needed for setup call + } else { + // if hmac is defined, better be right. + uint8_t actual[32]; + + _hmac_attempt(args, actual); + 8003afc: 4669 mov r1, sp + 8003afe: f7ff ffcb bl 8003a98 <_hmac_attempt> + + if(!check_equal(actual, args->hmac, 32)) { + 8003b02: 2220 movs r2, #32 + 8003b04: f104 0144 add.w r1, r4, #68 ; 0x44 + 8003b08: 4668 mov r0, sp + 8003b0a: f7fe fdc2 bl 8002692 + 8003b0e: b918 cbnz r0, 8003b18 <_validate_attempt+0x24> + // hmac is wrong? + return EPIN_HMAC_FAIL; + 8003b10: f06f 0063 mvn.w r0, #99 ; 0x63 + if((args->change_flags & CHANGE__MASK) != args->change_flags) return EPIN_RANGE_ERR; + + if((args->is_secondary & 0x1) != args->is_secondary) return EPIN_RANGE_ERR; + + return 0; +} + 8003b14: b008 add sp, #32 + 8003b16: bd10 pop {r4, pc} + if(args->magic_value == PA_MAGIC_V2) { + 8003b18: 6822 ldr r2, [r4, #0] + 8003b1a: 4b10 ldr r3, [pc, #64] ; (8003b5c <_validate_attempt+0x68>) + 8003b1c: 429a cmp r2, r3 + 8003b1e: d117 bne.n 8003b50 <_validate_attempt+0x5c> + if(args->pin_len > MAX_PIN_LEN) return EPIN_RANGE_ERR; + 8003b20: 6aa3 ldr r3, [r4, #40] ; 0x28 + 8003b22: 2b20 cmp r3, #32 + 8003b24: dc17 bgt.n 8003b56 <_validate_attempt+0x62> + if(args->old_pin_len > MAX_PIN_LEN) return EPIN_RANGE_ERR; + 8003b26: f8d4 3088 ldr.w r3, [r4, #136] ; 0x88 + 8003b2a: 2b20 cmp r3, #32 + 8003b2c: dc13 bgt.n 8003b56 <_validate_attempt+0x62> + if(args->new_pin_len > MAX_PIN_LEN) return EPIN_RANGE_ERR; + 8003b2e: f8d4 30ac ldr.w r3, [r4, #172] ; 0xac + 8003b32: 2b20 cmp r3, #32 + 8003b34: dc0f bgt.n 8003b56 <_validate_attempt+0x62> + if((args->change_flags & CHANGE__MASK) != args->change_flags) return EPIN_RANGE_ERR; + 8003b36: 6e63 ldr r3, [r4, #100] ; 0x64 + 8003b38: f640 727f movw r2, #3967 ; 0xf7f + 8003b3c: 4393 bics r3, r2 + 8003b3e: d10a bne.n 8003b56 <_validate_attempt+0x62> + if((args->is_secondary & 0x1) != args->is_secondary) return EPIN_RANGE_ERR; + 8003b40: 6863 ldr r3, [r4, #4] + return 0; + 8003b42: f033 0301 bics.w r3, r3, #1 + 8003b46: bf14 ite ne + 8003b48: f06f 0066 mvnne.w r0, #102 ; 0x66 + 8003b4c: 2000 moveq r0, #0 + 8003b4e: e7e1 b.n 8003b14 <_validate_attempt+0x20> + return EPIN_BAD_MAGIC; + 8003b50: f06f 0065 mvn.w r0, #101 ; 0x65 + 8003b54: e7de b.n 8003b14 <_validate_attempt+0x20> + if((args->is_secondary & 0x1) != args->is_secondary) return EPIN_RANGE_ERR; + 8003b56: f06f 0066 mvn.w r0, #102 ; 0x66 + 8003b5a: e7db b.n 8003b14 <_validate_attempt+0x20> + 8003b5c: 2eaf6312 .word 0x2eaf6312 + +08003b60 : + +// warmup_ae() +// + static int +warmup_ae(void) +{ + 8003b60: b510 push {r4, lr} + ae_setup(); + 8003b62: f7fe ff1f bl 80029a4 + 8003b66: 2405 movs r4, #5 + + for(int retry=0; retry<5; retry++) { + if(!ae_probe()) break; + 8003b68: f7ff f9a4 bl 8002eb4 + 8003b6c: b108 cbz r0, 8003b72 + for(int retry=0; retry<5; retry++) { + 8003b6e: 3c01 subs r4, #1 + 8003b70: d1fa bne.n 8003b68 + } + + if(ae_pair_unlock()) return -1; + 8003b72: f7ff f90d bl 8002d90 + 8003b76: 4604 mov r4, r0 + 8003b78: b918 cbnz r0, 8003b82 + + // reset watchdog timer + ae_keep_alive(); + 8003b7a: f7fe ff45 bl 8002a08 + + return 0; +} + 8003b7e: 4620 mov r0, r4 + 8003b80: bd10 pop {r4, pc} + if(ae_pair_unlock()) return -1; + 8003b82: f04f 34ff mov.w r4, #4294967295 ; 0xffffffff + 8003b86: e7fa b.n 8003b7e + +08003b88 <_read_slot_as_counter>: +{ + 8003b88: b530 push {r4, r5, lr} + 8003b8a: b091 sub sp, #68 ; 0x44 + uint32_t padded[32/4] = { 0 }; + 8003b8c: 2220 movs r2, #32 +{ + 8003b8e: 4604 mov r4, r0 + 8003b90: 460d mov r5, r1 + uint32_t padded[32/4] = { 0 }; + 8003b92: 4668 mov r0, sp + 8003b94: 2100 movs r1, #0 + 8003b96: f009 fd3b bl 800d610 + ae_pair_unlock(); + 8003b9a: f7ff f8f9 bl 8002d90 + if(ae_read_data_slot(slot, (uint8_t *)padded, 32)) return -1; + 8003b9e: 2220 movs r2, #32 + 8003ba0: 4669 mov r1, sp + 8003ba2: 4620 mov r0, r4 + 8003ba4: f7ff fc3a bl 800341c + 8003ba8: b120 cbz r0, 8003bb4 <_read_slot_as_counter+0x2c> + 8003baa: f04f 34ff mov.w r4, #4294967295 ; 0xffffffff +} + 8003bae: 4620 mov r0, r4 + 8003bb0: b011 add sp, #68 ; 0x44 + 8003bb2: bd30 pop {r4, r5, pc} + ae_pair_unlock(); + 8003bb4: f7ff f8ec bl 8002d90 + if(ae_gendig_slot(slot, (const uint8_t *)padded, tempkey)) return -1; + 8003bb8: 4620 mov r0, r4 + 8003bba: aa08 add r2, sp, #32 + 8003bbc: 4669 mov r1, sp + 8003bbe: f7ff fa07 bl 8002fd0 + 8003bc2: 4604 mov r4, r0 + 8003bc4: 2800 cmp r0, #0 + 8003bc6: d1f0 bne.n 8003baa <_read_slot_as_counter+0x22> + if(!ae_is_correct_tempkey(tempkey)) fatal_mitm(); + 8003bc8: a808 add r0, sp, #32 + 8003bca: f7ff f811 bl 8002bf0 + 8003bce: b908 cbnz r0, 8003bd4 <_read_slot_as_counter+0x4c> + 8003bd0: f7fc ff32 bl 8000a38 + *dest = padded[0]; + 8003bd4: 9b00 ldr r3, [sp, #0] + 8003bd6: 602b str r3, [r5, #0] + return 0; + 8003bd8: e7e9 b.n 8003bae <_read_slot_as_counter+0x26> + +08003bda : +{ + 8003bda: b530 push {r4, r5, lr} + 8003bdc: b095 sub sp, #84 ; 0x54 + 8003bde: 4605 mov r5, r0 + ae_pair_unlock(); + 8003be0: f7ff f8d6 bl 8002d90 + uint32_t padded[32/4] = { 0 }; + 8003be4: 2220 movs r2, #32 + 8003be6: 2100 movs r1, #0 + 8003be8: a804 add r0, sp, #16 + 8003bea: f009 fd11 bl 800d610 + if(ae_read_data_slot(slot, (uint8_t *)padded, 32)) return -1; + 8003bee: 2220 movs r2, #32 + 8003bf0: a904 add r1, sp, #16 + 8003bf2: 2005 movs r0, #5 + 8003bf4: f7ff fc12 bl 800341c + 8003bf8: b118 cbz r0, 8003c02 + 8003bfa: f04f 30ff mov.w r0, #4294967295 ; 0xffffffff +} + 8003bfe: b015 add sp, #84 ; 0x54 + 8003c00: bd30 pop {r4, r5, pc} + ae_pair_unlock(); + 8003c02: f7ff f8c5 bl 8002d90 + if(ae_gendig_slot(slot, (const uint8_t *)padded, tempkey)) return -1; + 8003c06: aa0c add r2, sp, #48 ; 0x30 + 8003c08: a904 add r1, sp, #16 + 8003c0a: 2005 movs r0, #5 + 8003c0c: f7ff f9e0 bl 8002fd0 + 8003c10: 4604 mov r4, r0 + 8003c12: 2800 cmp r0, #0 + 8003c14: d1f1 bne.n 8003bfa + if(!ae_is_correct_tempkey(tempkey)) fatal_mitm(); + 8003c16: a80c add r0, sp, #48 ; 0x30 + 8003c18: f7fe ffea bl 8002bf0 + 8003c1c: b908 cbnz r0, 8003c22 + 8003c1e: f7fc ff0b bl 8000a38 + if(_read_slot_as_counter(KEYNUM_lastgood, &lastgood)) return -1; + 8003c22: a901 add r1, sp, #4 + 8003c24: 2005 movs r0, #5 + uint32_t lastgood=0, match_count=0, counter=0; + 8003c26: e9cd 4401 strd r4, r4, [sp, #4] + 8003c2a: 9403 str r4, [sp, #12] + if(_read_slot_as_counter(KEYNUM_lastgood, &lastgood)) return -1; + 8003c2c: f7ff ffac bl 8003b88 <_read_slot_as_counter> + 8003c30: 2800 cmp r0, #0 + 8003c32: d1e2 bne.n 8003bfa + if(_read_slot_as_counter(KEYNUM_match_count, &match_count)) return -1; + 8003c34: a902 add r1, sp, #8 + 8003c36: 2006 movs r0, #6 + 8003c38: f7ff ffa6 bl 8003b88 <_read_slot_as_counter> + 8003c3c: 4601 mov r1, r0 + 8003c3e: 2800 cmp r0, #0 + 8003c40: d1db bne.n 8003bfa + if(ae_get_counter(&counter, 0)) return -1; + 8003c42: a803 add r0, sp, #12 + 8003c44: f7ff fa9f bl 8003186 + 8003c48: 2800 cmp r0, #0 + 8003c4a: d1d6 bne.n 8003bfa + if(lastgood > counter) { + 8003c4c: 9a01 ldr r2, [sp, #4] + 8003c4e: 9903 ldr r1, [sp, #12] + match_count &= ~31; + 8003c50: 9b02 ldr r3, [sp, #8] + if(lastgood > counter) { + 8003c52: 428a cmp r2, r1 + match_count &= ~31; + 8003c54: f023 031f bic.w r3, r3, #31 + args->num_fails = counter - lastgood; + 8003c58: bf94 ite ls + 8003c5a: 1a8a subls r2, r1, r2 + args->num_fails = 99; + 8003c5c: 2263 movhi r2, #99 ; 0x63 + if(counter < match_count) { + 8003c5e: 4299 cmp r1, r3 + args->attempts_left = match_count - counter; + 8003c60: bf34 ite cc + 8003c62: 1a5b subcc r3, r3, r1 + args->attempts_left = 0; + 8003c64: 2300 movcs r3, #0 + 8003c66: 636a str r2, [r5, #52] ; 0x34 + 8003c68: 63ab str r3, [r5, #56] ; 0x38 + 8003c6a: e7c8 b.n 8003bfe + +08003c6c : + +// updates_for_good_login() +// + static int +updates_for_good_login(uint8_t digest[32]) +{ + 8003c6c: b5f0 push {r4, r5, r6, r7, lr} + 8003c6e: b08d sub sp, #52 ; 0x34 + // User got the main PIN right: update the attempt counters, + // to document this (lastgood) and also bump the match counter if needed + + uint32_t count; + int rv = ae_get_counter(&count, 0); + 8003c70: 2100 movs r1, #0 +{ + 8003c72: 4606 mov r6, r0 + int rv = ae_get_counter(&count, 0); + 8003c74: a802 add r0, sp, #8 + 8003c76: f7ff fa86 bl 8003186 + if(rv) goto fail; + 8003c7a: 4601 mov r1, r0 + 8003c7c: 2800 cmp r0, #0 + 8003c7e: d13b bne.n 8003cf8 + + // Challenge: Have to update both the counter, and the target match value because + // no other way to have exact value. + + uint32_t mc = (count + MAX_TARGET_ATTEMPTS + 32) & ~31; + 8003c80: 9b02 ldr r3, [sp, #8] + 8003c82: f103 042d add.w r4, r3, #45 ; 0x2d + 8003c86: f024 041f bic.w r4, r4, #31 + ASSERT(mc >= count); + 8003c8a: 42a3 cmp r3, r4 + 8003c8c: d902 bls.n 8003c94 + 8003c8e: 481d ldr r0, [pc, #116] ; (8003d04 ) + 8003c90: f7fc fec8 bl 8000a24 + + int bump = (mc - MAX_TARGET_ATTEMPTS) - count; + 8003c94: 1ae3 subs r3, r4, r3 + 8003c96: f1a3 050d sub.w r5, r3, #13 + ASSERT(bump >= 1); + 8003c9a: 3b0e subs r3, #14 + 8003c9c: 2b1f cmp r3, #31 + 8003c9e: d8f6 bhi.n 8003c8e + // Would rather update the counter first, so that a hostile interruption can't increase + // attempts (altho the attacker knows the pin at that point?!) .. but chip won't + // let the counter go past the match value, so that has to be first. + + // set the new "match count" + { uint32_t tmp[32/4] = {mc, mc} ; + 8003ca0: 2218 movs r2, #24 + 8003ca2: eb0d 0002 add.w r0, sp, r2 + rv = ae_encrypted_write(KEYNUM_match_count, KEYNUM_main_pin, digest, (void *)tmp, 32); + 8003ca6: 2720 movs r7, #32 + { uint32_t tmp[32/4] = {mc, mc} ; + 8003ca8: f009 fcb2 bl 800d610 + rv = ae_encrypted_write(KEYNUM_match_count, KEYNUM_main_pin, digest, (void *)tmp, 32); + 8003cac: 2103 movs r1, #3 + 8003cae: 9700 str r7, [sp, #0] + 8003cb0: ab04 add r3, sp, #16 + 8003cb2: 4632 mov r2, r6 + 8003cb4: 2006 movs r0, #6 + { uint32_t tmp[32/4] = {mc, mc} ; + 8003cb6: e9cd 4404 strd r4, r4, [sp, #16] + rv = ae_encrypted_write(KEYNUM_match_count, KEYNUM_main_pin, digest, (void *)tmp, 32); + 8003cba: f7ff fb79 bl 80033b0 + if(rv) goto fail; + 8003cbe: 4601 mov r1, r0 + 8003cc0: b9d0 cbnz r0, 8003cf8 + } + + // incr the counter a bunch to get to that-13 + uint32_t new_count = 0; + 8003cc2: 9003 str r0, [sp, #12] + rv = ae_add_counter(&new_count, 0, bump); + 8003cc4: 462a mov r2, r5 + 8003cc6: a803 add r0, sp, #12 + 8003cc8: f7ff fa7c bl 80031c4 + if(rv) goto fail; + 8003ccc: 4601 mov r1, r0 + 8003cce: b998 cbnz r0, 8003cf8 + + ASSERT(new_count == count + bump); + 8003cd0: 9b02 ldr r3, [sp, #8] + 8003cd2: 441d add r5, r3 + 8003cd4: 9b03 ldr r3, [sp, #12] + 8003cd6: 429d cmp r5, r3 + 8003cd8: d1d9 bne.n 8003c8e + ASSERT(mc > new_count); + 8003cda: 42a5 cmp r5, r4 + 8003cdc: d2d7 bcs.n 8003c8e + + // Update the "last good" counter + { uint32_t tmp[32/4] = {new_count, 0 }; + 8003cde: 221c movs r2, #28 + 8003ce0: a805 add r0, sp, #20 + 8003ce2: f009 fc95 bl 800d610 + rv = ae_encrypted_write(KEYNUM_lastgood, KEYNUM_main_pin, digest, (void *)tmp, 32); + 8003ce6: 9700 str r7, [sp, #0] + 8003ce8: ab04 add r3, sp, #16 + 8003cea: 4632 mov r2, r6 + 8003cec: 2103 movs r1, #3 + 8003cee: 2005 movs r0, #5 + { uint32_t tmp[32/4] = {new_count, 0 }; + 8003cf0: 9504 str r5, [sp, #16] + rv = ae_encrypted_write(KEYNUM_lastgood, KEYNUM_main_pin, digest, (void *)tmp, 32); + 8003cf2: f7ff fb5d bl 80033b0 + if(rv) goto fail; + 8003cf6: b118 cbz r0, 8003d00 + // just be reducing attempts. + + return 0; + +fail: + ae_reset_chip(); + 8003cf8: f7fe fe46 bl 8002988 + return EPIN_AE_FAIL; + 8003cfc: f06f 0069 mvn.w r0, #105 ; 0x69 +} + 8003d00: b00d add sp, #52 ; 0x34 + 8003d02: bdf0 pop {r4, r5, r6, r7, pc} + 8003d04: 0800e354 .word 0x0800e354 + +08003d08 : +{ + 8003d08: b5f0 push {r4, r5, r6, r7, lr} + 8003d0a: 4615 mov r5, r2 + 8003d0c: b089 sub sp, #36 ; 0x24 + if(pin_len == 0) { + 8003d0e: 460c mov r4, r1 + 8003d10: b931 cbnz r1, 8003d20 + memset(result, 0, 32); + 8003d12: 2220 movs r2, #32 + 8003d14: 4628 mov r0, r5 + 8003d16: f009 fc7b bl 800d610 +} + 8003d1a: 4620 mov r0, r4 + 8003d1c: b009 add sp, #36 ; 0x24 + 8003d1e: bdf0 pop {r4, r5, r6, r7, pc} + pin_hash(pin, pin_len, tmp, PIN_PURPOSE_NORMAL); + 8003d20: 4b0f ldr r3, [pc, #60] ; (8003d60 ) + 8003d22: 466a mov r2, sp + 8003d24: f7ff fe7a bl 8003a1c + int rv = ae_stretch_iter(tmp, result, KDF_ITER_PIN); + 8003d28: 2208 movs r2, #8 + 8003d2a: 4629 mov r1, r5 + 8003d2c: 4668 mov r0, sp + 8003d2e: f7ff fd57 bl 80037e0 + if(rv) return EPIN_AE_FAIL; + 8003d32: 4604 mov r4, r0 + 8003d34: b988 cbnz r0, 8003d5a + memcpy(tmp, result, 32); + 8003d36: 462b mov r3, r5 + 8003d38: 466e mov r6, sp + 8003d3a: f105 0720 add.w r7, r5, #32 + 8003d3e: 6818 ldr r0, [r3, #0] + 8003d40: 6859 ldr r1, [r3, #4] + 8003d42: 4632 mov r2, r6 + 8003d44: c203 stmia r2!, {r0, r1} + 8003d46: 3308 adds r3, #8 + 8003d48: 42bb cmp r3, r7 + 8003d4a: 4616 mov r6, r2 + 8003d4c: d1f7 bne.n 8003d3e + ae_mixin_key(KEYNUM_pin_attempt, tmp, result); + 8003d4e: 462a mov r2, r5 + 8003d50: 4669 mov r1, sp + 8003d52: 2004 movs r0, #4 + 8003d54: f7ff fd6c bl 8003830 + return 0; + 8003d58: e7df b.n 8003d1a + if(rv) return EPIN_AE_FAIL; + 8003d5a: f06f 0469 mvn.w r4, #105 ; 0x69 + 8003d5e: e7dc b.n 8003d1a + 8003d60: 334d1858 .word 0x334d1858 + +08003d64 : +set_is_trick(pinAttempt_t *args, const trick_slot_t *slot) + 8003d64: b5f0 push {r4, r5, r6, r7, lr} + args->delay_achieved = slot->tc_arg; + 8003d66: 88cb ldrh r3, [r1, #6] + 8003d68: 62c3 str r3, [r0, #44] ; 0x2c +set_is_trick(pinAttempt_t *args, const trick_slot_t *slot) + 8003d6a: f5ad 7d0d sub.w sp, sp, #564 ; 0x234 + memcpy(key, &args->private_state, sizeof(args->private_state)); + 8003d6e: 6c03 ldr r3, [r0, #64] ; 0x40 + memcpy(key+4, rom_secrets->hash_cache_secret+4, sizeof(rom_secrets->hash_cache_secret)-4); + 8003d70: 4d0f ldr r5, [pc, #60] ; (8003db0 ) + memcpy(key, &args->private_state, sizeof(args->private_state)); + 8003d72: 9303 str r3, [sp, #12] +set_is_trick(pinAttempt_t *args, const trick_slot_t *slot) + 8003d74: 4606 mov r6, r0 + 8003d76: 460f mov r7, r1 + memcpy(key+4, rom_secrets->hash_cache_secret+4, sizeof(rom_secrets->hash_cache_secret)-4); + 8003d78: cd0f ldmia r5!, {r0, r1, r2, r3} + 8003d7a: ac04 add r4, sp, #16 + 8003d7c: c40f stmia r4!, {r0, r1, r2, r3} + 8003d7e: e895 0007 ldmia.w r5, {r0, r1, r2} + 8003d82: e884 0007 stmia.w r4, {r0, r1, r2} + aes_init(&ctx); + 8003d86: a80b add r0, sp, #44 ; 0x2c + 8003d88: f004 fb38 bl 80083fc + aes_add(&ctx, (uint8_t *)slot, 32); + 8003d8c: 4639 mov r1, r7 + 8003d8e: a80b add r0, sp, #44 ; 0x2c + 8003d90: 2220 movs r2, #32 + 8003d92: f004 fb39 bl 8008408 + aes_done(&ctx, args->cached_main_pin, 32, key, NULL); + 8003d96: 2300 movs r3, #0 + 8003d98: 9300 str r3, [sp, #0] + 8003d9a: 2220 movs r2, #32 + 8003d9c: ab03 add r3, sp, #12 + 8003d9e: f106 01f8 add.w r1, r6, #248 ; 0xf8 + 8003da2: a80b add r0, sp, #44 ; 0x2c + 8003da4: f004 fb46 bl 8008434 +} + 8003da8: f50d 7d0d add.w sp, sp, #564 ; 0x234 + 8003dac: bdf0 pop {r4, r5, r6, r7, pc} + 8003dae: bf00 nop + 8003db0: 0801c074 .word 0x0801c074 + +08003db4 : + __HAL_RCC_CRC_CLK_ENABLE(); + 8003db4: 4b09 ldr r3, [pc, #36] ; (8003ddc ) + 8003db6: 6c9a ldr r2, [r3, #72] ; 0x48 +{ + 8003db8: b513 push {r0, r1, r4, lr} + __HAL_RCC_CRC_CLK_ENABLE(); + 8003dba: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 8003dbe: 649a str r2, [r3, #72] ; 0x48 + 8003dc0: 6c9b ldr r3, [r3, #72] ; 0x48 + CRC->INIT = rng_sample(); + 8003dc2: 4c07 ldr r4, [pc, #28] ; (8003de0 ) + __HAL_RCC_CRC_CLK_ENABLE(); + 8003dc4: f403 5380 and.w r3, r3, #4096 ; 0x1000 + 8003dc8: 9301 str r3, [sp, #4] + 8003dca: 9b01 ldr r3, [sp, #4] + CRC->INIT = rng_sample(); + 8003dcc: f7fe fc72 bl 80026b4 + 8003dd0: 6120 str r0, [r4, #16] + CRC->POL = rng_sample(); + 8003dd2: f7fe fc6f bl 80026b4 + 8003dd6: 6160 str r0, [r4, #20] +} + 8003dd8: b002 add sp, #8 + 8003dda: bd10 pop {r4, pc} + 8003ddc: 40021000 .word 0x40021000 + 8003de0: 40023000 .word 0x40023000 + +08003de4 : +{ + 8003de4: b510 push {r4, lr} + 8003de6: b094 sub sp, #80 ; 0x50 + 8003de8: 4604 mov r4, r0 + sha256_init(&ctx); + 8003dea: a801 add r0, sp, #4 + 8003dec: f001 fb38 bl 8005460 + reboot_nonce(&ctx); + 8003df0: a801 add r0, sp, #4 + 8003df2: f7ff fdfd bl 80039f0 + sha256_update(&ctx, rom_secrets->hash_cache_secret, 32); + 8003df6: 2220 movs r2, #32 + 8003df8: a801 add r0, sp, #4 + 8003dfa: 4904 ldr r1, [pc, #16] ; (8003e0c ) + 8003dfc: f001 fb3e bl 800547c + sha256_final(&ctx, key); + 8003e00: 4621 mov r1, r4 + 8003e02: a801 add r0, sp, #4 + 8003e04: f001 fb80 bl 8005508 +} + 8003e08: b014 add sp, #80 ; 0x50 + 8003e0a: bd10 pop {r4, pc} + 8003e0c: 0801c070 .word 0x0801c070 + +08003e10 : +{ + 8003e10: b530 push {r4, r5, lr} + 8003e12: 460d mov r5, r1 + 8003e14: b089 sub sp, #36 ; 0x24 + 8003e16: 4604 mov r4, r0 + if(!check_all_zeros(digest, 32)) { + 8003e18: 2120 movs r1, #32 + 8003e1a: 4628 mov r0, r5 + 8003e1c: f7fe fc2a bl 8002674 + 8003e20: b9a0 cbnz r0, 8003e4c + pin_cache_get_key(value); + 8003e22: 4668 mov r0, sp + 8003e24: f7ff ffde bl 8003de4 + 8003e28: 466b mov r3, sp + 8003e2a: f105 0120 add.w r1, r5, #32 + *(acc) ^= *(more); + 8003e2e: 781a ldrb r2, [r3, #0] + 8003e30: f815 0b01 ldrb.w r0, [r5], #1 + 8003e34: 4042 eors r2, r0 + for(; len; len--, more++, acc++) { + 8003e36: 428d cmp r5, r1 + *(acc) ^= *(more); + 8003e38: f803 2b01 strb.w r2, [r3], #1 + for(; len; len--, more++, acc++) { + 8003e3c: d1f7 bne.n 8003e2e + ASSERT(args->magic_value == PA_MAGIC_V2); + 8003e3e: 6822 ldr r2, [r4, #0] + 8003e40: 4b0d ldr r3, [pc, #52] ; (8003e78 ) + 8003e42: 429a cmp r2, r3 + 8003e44: d008 beq.n 8003e58 + 8003e46: 480d ldr r0, [pc, #52] ; (8003e7c ) + 8003e48: f7fc fdec bl 8000a24 + memset(value, 0, 32); + 8003e4c: 2220 movs r2, #32 + 8003e4e: 2100 movs r1, #0 + 8003e50: 4668 mov r0, sp + 8003e52: f009 fbdd bl 800d610 + 8003e56: e7f2 b.n 8003e3e + memcpy(args->cached_main_pin, value, 32); + 8003e58: 466b mov r3, sp + 8003e5a: f104 02f8 add.w r2, r4, #248 ; 0xf8 + 8003e5e: ad08 add r5, sp, #32 + 8003e60: 461c mov r4, r3 + 8003e62: cc03 ldmia r4!, {r0, r1} + 8003e64: 42ac cmp r4, r5 + 8003e66: 6010 str r0, [r2, #0] + 8003e68: 6051 str r1, [r2, #4] + 8003e6a: 4623 mov r3, r4 + 8003e6c: f102 0208 add.w r2, r2, #8 + 8003e70: d1f6 bne.n 8003e60 +} + 8003e72: b009 add sp, #36 ; 0x24 + 8003e74: bd30 pop {r4, r5, pc} + 8003e76: bf00 nop + 8003e78: 2eaf6312 .word 0x2eaf6312 + 8003e7c: 0800e354 .word 0x0800e354 + +08003e80 : +{ + 8003e80: b510 push {r4, lr} + ASSERT(args->magic_value == PA_MAGIC_V2); + 8003e82: 6802 ldr r2, [r0, #0] + 8003e84: 4b14 ldr r3, [pc, #80] ; (8003ed8 ) + 8003e86: 429a cmp r2, r3 +{ + 8003e88: b088 sub sp, #32 + 8003e8a: 460c mov r4, r1 + ASSERT(args->magic_value == PA_MAGIC_V2); + 8003e8c: d002 beq.n 8003e94 + 8003e8e: 4813 ldr r0, [pc, #76] ; (8003edc ) + 8003e90: f7fc fdc8 bl 8000a24 + memcpy(digest, args->cached_main_pin, 32); + 8003e94: f100 03f8 add.w r3, r0, #248 ; 0xf8 + 8003e98: 460a mov r2, r1 + 8003e9a: f500 708c add.w r0, r0, #280 ; 0x118 + 8003e9e: f853 1b04 ldr.w r1, [r3], #4 + 8003ea2: f842 1b04 str.w r1, [r2], #4 + 8003ea6: 4283 cmp r3, r0 + 8003ea8: d1f9 bne.n 8003e9e + if(!check_all_zeros(digest, 32)) { + 8003eaa: 2120 movs r1, #32 + 8003eac: 4620 mov r0, r4 + 8003eae: f7fe fbe1 bl 8002674 + 8003eb2: b970 cbnz r0, 8003ed2 + pin_cache_get_key(key); + 8003eb4: 4668 mov r0, sp + 8003eb6: f7ff ff95 bl 8003de4 + 8003eba: 1e62 subs r2, r4, #1 + 8003ebc: 466b mov r3, sp + 8003ebe: 341f adds r4, #31 + *(acc) ^= *(more); + 8003ec0: f812 1f01 ldrb.w r1, [r2, #1]! + 8003ec4: f813 0b01 ldrb.w r0, [r3], #1 + for(; len; len--, more++, acc++) { + 8003ec8: 42a2 cmp r2, r4 + *(acc) ^= *(more); + 8003eca: ea81 0100 eor.w r1, r1, r0 + 8003ece: 7011 strb r1, [r2, #0] + for(; len; len--, more++, acc++) { + 8003ed0: d1f6 bne.n 8003ec0 +} + 8003ed2: b008 add sp, #32 + 8003ed4: bd10 pop {r4, pc} + 8003ed6: bf00 nop + 8003ed8: 2eaf6312 .word 0x2eaf6312 + 8003edc: 0800e354 .word 0x0800e354 + +08003ee0 : +{ + 8003ee0: b530 push {r4, r5, lr} + 8003ee2: b091 sub sp, #68 ; 0x44 + pin_hash(pin_prefix, prefix_len, tmp, PIN_PURPOSE_WORDS); + 8003ee4: 4b0b ldr r3, [pc, #44] ; (8003f14 ) +{ + 8003ee6: 4615 mov r5, r2 + pin_hash(pin_prefix, prefix_len, tmp, PIN_PURPOSE_WORDS); + 8003ee8: 466a mov r2, sp + 8003eea: f7ff fd97 bl 8003a1c + ae_setup(); + 8003eee: f7fe fd59 bl 80029a4 + int rv = ae_stretch_iter(tmp, digest, KDF_ITER_WORDS); + 8003ef2: 2206 movs r2, #6 + 8003ef4: a908 add r1, sp, #32 + 8003ef6: 4668 mov r0, sp + 8003ef8: f7ff fc72 bl 80037e0 + 8003efc: 4604 mov r4, r0 + ae_reset_chip(); + 8003efe: f7fe fd43 bl 8002988 + if(rv) return -1; + 8003f02: b924 cbnz r4, 8003f0e + memcpy(result, digest, 4); + 8003f04: 9b08 ldr r3, [sp, #32] + 8003f06: 602b str r3, [r5, #0] +} + 8003f08: 4620 mov r0, r4 + 8003f0a: b011 add sp, #68 ; 0x44 + 8003f0c: bd30 pop {r4, r5, pc} + if(rv) return -1; + 8003f0e: f04f 34ff mov.w r4, #4294967295 ; 0xffffffff + 8003f12: e7f9 b.n 8003f08 + 8003f14: 2e6d6773 .word 0x2e6d6773 + +08003f18 : +} + 8003f18: 2000 movs r0, #0 + 8003f1a: 4770 bx lr + +08003f1c : +{ + 8003f1c: b5f0 push {r4, r5, r6, r7, lr} + int rv = _validate_attempt(args, true); + 8003f1e: 2101 movs r1, #1 +{ + 8003f20: b091 sub sp, #68 ; 0x44 + 8003f22: 4605 mov r5, r0 + int rv = _validate_attempt(args, true); + 8003f24: f7ff fde6 bl 8003af4 <_validate_attempt> + if(rv) return rv; + 8003f28: 4604 mov r4, r0 + 8003f2a: bb28 cbnz r0, 8003f78 + if(args->is_secondary) { + 8003f2c: 686b ldr r3, [r5, #4] + 8003f2e: 2b00 cmp r3, #0 + 8003f30: d158 bne.n 8003fe4 + int pin_len = args->pin_len; + 8003f32: 6aaf ldr r7, [r5, #40] ; 0x28 + memcpy(pin_copy, args->pin, pin_len); + 8003f34: f105 0608 add.w r6, r5, #8 + 8003f38: 463a mov r2, r7 + 8003f3a: 4631 mov r1, r6 + 8003f3c: 4668 mov r0, sp + 8003f3e: f009 fb3f bl 800d5c0 + memset(args, 0, PIN_ATTEMPT_SIZE_V2); + 8003f42: f44f 728c mov.w r2, #280 ; 0x118 + 8003f46: 4621 mov r1, r4 + 8003f48: 4628 mov r0, r5 + 8003f4a: f009 fb61 bl 800d610 + args->magic_value = PA_MAGIC_V2; + 8003f4e: 4b28 ldr r3, [pc, #160] ; (8003ff0 ) + 8003f50: 602b str r3, [r5, #0] + memcpy(args->pin, pin_copy, pin_len); + 8003f52: 463a mov r2, r7 + 8003f54: 4669 mov r1, sp + args->pin_len = pin_len; + 8003f56: 62af str r7, [r5, #40] ; 0x28 + memcpy(args->pin, pin_copy, pin_len); + 8003f58: 4630 mov r0, r6 + 8003f5a: f009 fb31 bl 800d5c0 + if(warmup_ae()) { + 8003f5e: f7ff fdff bl 8003b60 + 8003f62: 2800 cmp r0, #0 + 8003f64: d141 bne.n 8003fea + if(get_last_success(args)) { + 8003f66: 4628 mov r0, r5 + 8003f68: f7ff fe37 bl 8003bda + 8003f6c: 4604 mov r4, r0 + 8003f6e: b130 cbz r0, 8003f7e + ae_reset_chip(); + 8003f70: f7fe fd0a bl 8002988 + return EPIN_AE_FAIL; + 8003f74: f06f 0469 mvn.w r4, #105 ; 0x69 +} + 8003f78: 4620 mov r0, r4 + 8003f7a: b011 add sp, #68 ; 0x44 + 8003f7c: bdf0 pop {r4, r5, r6, r7, pc} + uint8_t blank[32] = {0}; + 8003f7e: 4601 mov r1, r0 + 8003f80: 221c movs r2, #28 + args->delay_achieved = 0; + 8003f82: e9c5 000b strd r0, r0, [r5, #44] ; 0x2c + uint8_t blank[32] = {0}; + 8003f86: 9008 str r0, [sp, #32] + 8003f88: a809 add r0, sp, #36 ; 0x24 + 8003f8a: f009 fb41 bl 800d610 + ae_reset_chip(); + 8003f8e: f7fe fcfb bl 8002988 + ae_pair_unlock(); + 8003f92: f7fe fefd bl 8002d90 + int is_blank = (ae_checkmac_hard(keynum, blank) == 0); + 8003f96: a908 add r1, sp, #32 + 8003f98: 2003 movs r0, #3 + 8003f9a: f7ff f887 bl 80030ac + 8003f9e: 4606 mov r6, r0 + ae_reset_chip(); + 8003fa0: f7fe fcf2 bl 8002988 + if(pin_is_blank(KEYNUM_main_pin)) { + 8003fa4: b9c6 cbnz r6, 8003fd8 + args->state_flags |= PA_SUCCESSFUL | PA_IS_BLANK; + 8003fa6: 6beb ldr r3, [r5, #60] ; 0x3c + const uint8_t zeros[32] = {0}; + 8003fa8: 9408 str r4, [sp, #32] + args->state_flags |= PA_SUCCESSFUL | PA_IS_BLANK; + 8003faa: f043 0303 orr.w r3, r3, #3 + 8003fae: 63eb str r3, [r5, #60] ; 0x3c + const uint8_t zeros[32] = {0}; + 8003fb0: 221c movs r2, #28 + 8003fb2: 4621 mov r1, r4 + 8003fb4: a809 add r0, sp, #36 ; 0x24 + 8003fb6: f009 fb2b bl 800d610 + pin_cache_save(args, zeros); + 8003fba: a908 add r1, sp, #32 + 8003fbc: 4628 mov r0, r5 + 8003fbe: f7ff ff27 bl 8003e10 + args->private_state = ((rng_sample() & ~1) | is_trick_pin) ^ rom_secrets->hash_cache_secret[0]; + 8003fc2: f7fe fb77 bl 80026b4 + 8003fc6: 4b0b ldr r3, [pc, #44] ; (8003ff4 ) + 8003fc8: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 8003fcc: f020 0001 bic.w r0, r0, #1 + args->delay_achieved = 0; + 8003fd0: e9c5 440b strd r4, r4, [r5, #44] ; 0x2c + args->private_state = ((rng_sample() & ~1) | is_trick_pin) ^ rom_secrets->hash_cache_secret[0]; + 8003fd4: 4058 eors r0, r3 + 8003fd6: 6428 str r0, [r5, #64] ; 0x40 + _hmac_attempt(args, args->hmac); + 8003fd8: f105 0144 add.w r1, r5, #68 ; 0x44 + 8003fdc: 4628 mov r0, r5 + 8003fde: f7ff fd5b bl 8003a98 <_hmac_attempt> +} + 8003fe2: e7c9 b.n 8003f78 + return EPIN_PRIMARY_ONLY; + 8003fe4: f06f 0471 mvn.w r4, #113 ; 0x71 + 8003fe8: e7c6 b.n 8003f78 + return EPIN_I_AM_BRICK; + 8003fea: f06f 0468 mvn.w r4, #104 ; 0x68 + 8003fee: e7c3 b.n 8003f78 + 8003ff0: 2eaf6312 .word 0x2eaf6312 + 8003ff4: 0801c000 .word 0x0801c000 + +08003ff8 : +} + 8003ff8: 2000 movs r0, #0 + 8003ffa: 4770 bx lr + +08003ffc : +// +// Do the PIN check, and return a value. Or fail. +// + int +pin_login_attempt(pinAttempt_t *args) +{ + 8003ffc: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + bool deltamode = false; + char tmp_pin[32]; + + int rv = _validate_attempt(args, false); + 8004000: 2100 movs r1, #0 +{ + 8004002: b0c7 sub sp, #284 ; 0x11c + 8004004: 4604 mov r4, r0 + int rv = _validate_attempt(args, false); + 8004006: f7ff fd75 bl 8003af4 <_validate_attempt> + if(rv) return rv; + 800400a: 4605 mov r5, r0 + 800400c: 2800 cmp r0, #0 + 800400e: d16e bne.n 80040ee + + if(args->state_flags & PA_SUCCESSFUL) { + 8004010: 6be3 ldr r3, [r4, #60] ; 0x3c + 8004012: 07d9 lsls r1, r3, #31 + 8004014: f100 80ba bmi.w 800418c + } + + // Mk4: Check SE2 first to see if this is a "trick" pin. + // - this call may have side-effects, like wiping keys, bricking, etc. + trick_slot_t slot; + bool is_trick = se2_test_trick_pin(args->pin, args->pin_len, &slot, false); + 8004018: f104 0808 add.w r8, r4, #8 + 800401c: 4603 mov r3, r0 + 800401e: 6aa1 ldr r1, [r4, #40] ; 0x28 + 8004020: aa26 add r2, sp, #152 ; 0x98 + 8004022: 4640 mov r0, r8 + 8004024: f003 fece bl 8007dc4 + + if(is_trick) { + 8004028: 4606 mov r6, r0 + 800402a: 2800 cmp r0, #0 + 800402c: d042 beq.n 80040b4 + // They gave a trick PIN. Implement it. + + // Mark as success + args->state_flags = PA_SUCCESSFUL; + 800402e: 2301 movs r3, #1 + 8004030: 63e3 str r3, [r4, #60] ; 0x3c + args->num_fails = 0; + args->attempts_left = MAX_TARGET_ATTEMPTS; + 8004032: 230d movs r3, #13 + args->num_fails = 0; + 8004034: 6365 str r5, [r4, #52] ; 0x34 + args->attempts_left = MAX_TARGET_ATTEMPTS; + 8004036: 63a3 str r3, [r4, #56] ; 0x38 + + if(check_all_zeros(slot.xdata, 32) || (slot.tc_flags & TC_WIPE)) { + 8004038: 2120 movs r1, #32 + 800403a: a828 add r0, sp, #160 ; 0xa0 + 800403c: f7fe fb1a bl 8002674 + 8004040: b918 cbnz r0, 800404a + 8004042: f9bd 309c ldrsh.w r3, [sp, #156] ; 0x9c + 8004046: 2b00 cmp r3, #0 + 8004048: da03 bge.n 8004052 + args->state_flags |= PA_ZERO_SECRET; + 800404a: 6be3 ldr r3, [r4, #60] ; 0x3c + 800404c: f043 0310 orr.w r3, r3, #16 + 8004050: 63e3 str r3, [r4, #60] ; 0x3c + args->private_state = ((rng_sample() & ~1) | is_trick_pin) ^ rom_secrets->hash_cache_secret[0]; + 8004052: f7fe fb2f bl 80026b4 + 8004056: 4b50 ldr r3, [pc, #320] ; (8004198 ) + 8004058: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 800405c: f040 0001 orr.w r0, r0, #1 + 8004060: 4058 eors r0, r3 + args->delay_required = (slot->tc_flags & ~TC_HIDDEN_MASK); + 8004062: f8bd 309c ldrh.w r3, [sp, #156] ; 0x9c + args->private_state = ((rng_sample() & ~1) | is_trick_pin) ^ rom_secrets->hash_cache_secret[0]; + 8004066: 6420 str r0, [r4, #64] ; 0x40 + args->delay_required = (slot->tc_flags & ~TC_HIDDEN_MASK); + 8004068: f423 4278 bic.w r2, r3, #63488 ; 0xf800 + 800406c: 6322 str r2, [r4, #48] ; 0x30 + if(slot->tc_flags & TC_DELTA_MODE) { + 800406e: 055a lsls r2, r3, #21 + 8004070: d530 bpl.n 80040d4 + args->delay_achieved = 0; + 8004072: 2300 movs r3, #0 + 8004074: 62e3 str r3, [r4, #44] ; 0x2c + memcpy(tmp_pin, pin, pin_len); + 8004076: 6aa7 ldr r7, [r4, #40] ; 0x28 + // Thug gave wrong PIN, but we are going to let them + // past (by calculating correct PIN, up to 4 digits different), + // and the mpy firmware can do tricky stuff to protect funds + // even though the private key is known at that point. + deltamode = true; + apply_pin_delta(args->pin, args->pin_len, slot.tc_arg, tmp_pin); + 8004078: f8bd 909e ldrh.w r9, [sp, #158] ; 0x9e + memcpy(tmp_pin, pin, pin_len); + 800407c: ab04 add r3, sp, #16 + 800407e: 463a mov r2, r7 + 8004080: 4641 mov r1, r8 + 8004082: 4618 mov r0, r3 + 8004084: f009 fa9c bl 800d5c0 + tmp_pin[pin_len] = 0; + 8004088: 2200 movs r2, #0 + 800408a: 55c2 strb r2, [r0, r7] + char *p = &tmp_pin[pin_len-1]; + 800408c: 1e7a subs r2, r7, #1 + 800408e: 4402 add r2, r0 + 8004090: 2104 movs r1, #4 + if(*p == '-') p--; + 8004092: 7813 ldrb r3, [r2, #0] + 8004094: 2b2d cmp r3, #45 ; 0x2d + 8004096: f009 030f and.w r3, r9, #15 + 800409a: bf08 it eq + 800409c: f102 32ff addeq.w r2, r2, #4294967295 ; 0xffffffff + if((here >= 0) && (here <= 9)) { + 80040a0: 2b09 cmp r3, #9 + *p = '0' + here; + 80040a2: bf9c itt ls + 80040a4: 3330 addls r3, #48 ; 0x30 + 80040a6: 7013 strbls r3, [r2, #0] + for(int i=0; i<4; i++, p--) { + 80040a8: 3901 subs r1, #1 + replacement >>= 4; + 80040aa: ea4f 1919 mov.w r9, r9, lsr #4 + for(int i=0; i<4; i++, p--) { + 80040ae: f102 32ff add.w r2, r2, #4294967295 ; 0xffffffff + 80040b2: d1ee bne.n 8004092 + return 0; + } + +real_login: + // unlock the AE chip + if(warmup_ae()) return EPIN_I_AM_BRICK; + 80040b4: f7ff fd54 bl 8003b60 + 80040b8: 2800 cmp r0, #0 + 80040ba: d16a bne.n 8004192 + + // hash up the pin now, assuming we'll use it on main PIN + uint8_t digest[32]; + rv = pin_hash_attempt(deltamode ? tmp_pin : args->pin, args->pin_len, digest); + 80040bc: b10e cbz r6, 80040c2 + 80040be: f10d 0810 add.w r8, sp, #16 + 80040c2: 6aa1 ldr r1, [r4, #40] ; 0x28 + 80040c4: aa0c add r2, sp, #48 ; 0x30 + 80040c6: 4640 mov r0, r8 + 80040c8: f7ff fe1e bl 8003d08 + if(rv) return EPIN_AE_FAIL; + 80040cc: b198 cbz r0, 80040f6 + + rv = ae_encrypted_read(KEYNUM_secret, KEYNUM_main_pin, digest, ts, AE_SECRET_LEN); + if(rv) { + ae_reset_chip(); + + return EPIN_AE_FAIL; + 80040ce: f06f 0569 mvn.w r5, #105 ; 0x69 + 80040d2: e00c b.n 80040ee + 80040d4: a926 add r1, sp, #152 ; 0x98 + 80040d6: 4620 mov r0, r4 + 80040d8: f7ff fe44 bl 8003d64 + if(slot.tc_flags & TC_DELTA_MODE) { + 80040dc: f8bd 309c ldrh.w r3, [sp, #156] ; 0x9c + 80040e0: 055b lsls r3, r3, #21 + 80040e2: d4c8 bmi.n 8004076 + _hmac_attempt(args, args->hmac); + 80040e4: f104 0144 add.w r1, r4, #68 ; 0x44 + 80040e8: 4620 mov r0, r4 + 80040ea: f7ff fcd5 bl 8003a98 <_hmac_attempt> + } + + _sign_attempt(args); + + return 0; +} + 80040ee: 4628 mov r0, r5 + 80040f0: b047 add sp, #284 ; 0x11c + 80040f2: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + ae_reset_chip(); + 80040f6: f7fe fc47 bl 8002988 + ae_pair_unlock(); + 80040fa: f7fe fe49 bl 8002d90 + return (ae_checkmac_hard(KEYNUM_main_pin, digest) == 0); + 80040fe: a90c add r1, sp, #48 ; 0x30 + 8004100: 2003 movs r0, #3 + 8004102: f7fe ffd3 bl 80030ac + if(!is_main_pin(digest)) { + 8004106: b130 cbz r0, 8004116 + se2_handle_bad_pin(args->num_fails + 1); + 8004108: 6b60 ldr r0, [r4, #52] ; 0x34 + 800410a: 3001 adds r0, #1 + 800410c: f003 ff46 bl 8007f9c + return EPIN_AUTH_FAIL; + 8004110: f06f 056f mvn.w r5, #111 ; 0x6f + 8004114: e7eb b.n 80040ee + rv = updates_for_good_login(digest); + 8004116: a80c add r0, sp, #48 ; 0x30 + 8004118: f7ff fda8 bl 8003c6c + if(rv) return EPIN_AE_FAIL; + 800411c: 4607 mov r7, r0 + 800411e: 2800 cmp r0, #0 + 8004120: d1d5 bne.n 80040ce + pin_cache_save(args, digest); + 8004122: a90c add r1, sp, #48 ; 0x30 + 8004124: 4620 mov r0, r4 + 8004126: f7ff fe73 bl 8003e10 + args->state_flags = PA_SUCCESSFUL; + 800412a: 2301 movs r3, #1 + 800412c: 63e3 str r3, [r4, #60] ; 0x3c + args->num_fails = 0; + 800412e: 6367 str r7, [r4, #52] ; 0x34 + args->attempts_left = MAX_TARGET_ATTEMPTS; + 8004130: 230d movs r3, #13 + rv = ae_encrypted_read(KEYNUM_secret, KEYNUM_main_pin, digest, ts, AE_SECRET_LEN); + 8004132: 2748 movs r7, #72 ; 0x48 + args->attempts_left = MAX_TARGET_ATTEMPTS; + 8004134: 63a3 str r3, [r4, #56] ; 0x38 + rv = ae_encrypted_read(KEYNUM_secret, KEYNUM_main_pin, digest, ts, AE_SECRET_LEN); + 8004136: 9700 str r7, [sp, #0] + 8004138: ab14 add r3, sp, #80 ; 0x50 + 800413a: aa0c add r2, sp, #48 ; 0x30 + 800413c: 2103 movs r1, #3 + 800413e: 2009 movs r0, #9 + 8004140: f7ff f896 bl 8003270 + if(rv) { + 8004144: b110 cbz r0, 800414c + ae_reset_chip(); + 8004146: f7fe fc1f bl 8002988 + 800414a: e7c0 b.n 80040ce + ae_reset_chip(); + 800414c: f7fe fc1c bl 8002988 + mcu_key_get(&mcu_key_valid); + 8004150: f10d 000f add.w r0, sp, #15 + 8004154: f7fe f950 bl 80023f8 + if(check_all_zeros(ts, AE_SECRET_LEN) || !mcu_key_valid) { + 8004158: 4639 mov r1, r7 + 800415a: a814 add r0, sp, #80 ; 0x50 + 800415c: f7fe fa8a bl 8002674 + 8004160: b910 cbnz r0, 8004168 + 8004162: f89d 300f ldrb.w r3, [sp, #15] + 8004166: b91b cbnz r3, 8004170 + args->state_flags |= PA_ZERO_SECRET; + 8004168: 6be3 ldr r3, [r4, #60] ; 0x3c + 800416a: f043 0310 orr.w r3, r3, #16 + 800416e: 63e3 str r3, [r4, #60] ; 0x3c + if(!deltamode) { + 8004170: 2e00 cmp r6, #0 + 8004172: d1b7 bne.n 80040e4 + args->private_state = ((rng_sample() & ~1) | is_trick_pin) ^ rom_secrets->hash_cache_secret[0]; + 8004174: f7fe fa9e bl 80026b4 + 8004178: 4b07 ldr r3, [pc, #28] ; (8004198 ) + 800417a: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 800417e: f020 0001 bic.w r0, r0, #1 + 8004182: 4058 eors r0, r3 + args->delay_achieved = 0; + 8004184: e9c4 660b strd r6, r6, [r4, #44] ; 0x2c + args->private_state = ((rng_sample() & ~1) | is_trick_pin) ^ rom_secrets->hash_cache_secret[0]; + 8004188: 6420 str r0, [r4, #64] ; 0x40 + return; + 800418a: e7ab b.n 80040e4 + return EPIN_WRONG_SUCCESS; + 800418c: f06f 056c mvn.w r5, #108 ; 0x6c + 8004190: e7ad b.n 80040ee + if(warmup_ae()) return EPIN_I_AM_BRICK; + 8004192: f06f 0568 mvn.w r5, #104 ; 0x68 + 8004196: e7aa b.n 80040ee + 8004198: 0801c000 .word 0x0801c000 + +0800419c : +// +// Verify we know the main PIN, but don't do anything with it. +// + int +pin_check_logged_in(const pinAttempt_t *args, bool *is_trick) +{ + 800419c: b570 push {r4, r5, r6, lr} + 800419e: 460e mov r6, r1 + 80041a0: b088 sub sp, #32 + int rv = _validate_attempt(args, false); + 80041a2: 2100 movs r1, #0 +{ + 80041a4: 4605 mov r5, r0 + int rv = _validate_attempt(args, false); + 80041a6: f7ff fca5 bl 8003af4 <_validate_attempt> + if(rv) return rv; + 80041aa: 4604 mov r4, r0 + 80041ac: b980 cbnz r0, 80041d0 + + if((args->state_flags & PA_SUCCESSFUL) != PA_SUCCESSFUL) { + 80041ae: 6beb ldr r3, [r5, #60] ; 0x3c + 80041b0: 07da lsls r2, r3, #31 + 80041b2: d520 bpl.n 80041f6 + bool is_trick = ((args->private_state ^ rom_secrets->hash_cache_secret[0]) & 0x1); + 80041b4: 4b11 ldr r3, [pc, #68] ; (80041fc ) + 80041b6: 6c2a ldr r2, [r5, #64] ; 0x40 + 80041b8: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 80041bc: 4053 eors r3, r2 + // must come here with a successful PIN login (so it's rate limited nicely) + return EPIN_WRONG_SUCCESS; + } + + if(get_is_trick(args, NULL)) { + 80041be: 07db lsls r3, r3, #31 + 80041c0: d509 bpl.n 80041d6 + // they used a trick pin to get this far. Amuse them more. + *is_trick = true; + 80041c2: 2301 movs r3, #1 + 80041c4: 7033 strb r3, [r6, #0] + + // should calibrate this, but smart money will just look at the bus + delay_ms(10); + 80041c6: 200a movs r0, #10 + 80041c8: f7ff fb86 bl 80038d8 + rng_delay(); + 80041cc: f7fe fac6 bl 800275c + int rv = ae_checkmac(KEYNUM_main_pin, auth_digest); + if(rv) return EPIN_AUTH_FAIL; + } + + return 0; +} + 80041d0: 4620 mov r0, r4 + 80041d2: b008 add sp, #32 + 80041d4: bd70 pop {r4, r5, r6, pc} + pin_cache_restore(args, auth_digest); + 80041d6: 4669 mov r1, sp + *is_trick = false; + 80041d8: 7030 strb r0, [r6, #0] + pin_cache_restore(args, auth_digest); + 80041da: 4628 mov r0, r5 + 80041dc: f7ff fe50 bl 8003e80 + ae_pair_unlock(); + 80041e0: f7fe fdd6 bl 8002d90 + int rv = ae_checkmac(KEYNUM_main_pin, auth_digest); + 80041e4: 4669 mov r1, sp + 80041e6: 2003 movs r0, #3 + 80041e8: f7fe fd50 bl 8002c8c + if(rv) return EPIN_AUTH_FAIL; + 80041ec: 1e04 subs r4, r0, #0 + 80041ee: bf18 it ne + 80041f0: f06f 046f mvnne.w r4, #111 ; 0x6f + 80041f4: e7ec b.n 80041d0 + return EPIN_WRONG_SUCCESS; + 80041f6: f06f 046c mvn.w r4, #108 ; 0x6c + 80041fa: e7e9 b.n 80041d0 + 80041fc: 0801c000 .word 0x0801c000 + +08004200 : +// +// Change the PIN and/or the secret. (Must also know the previous value, or it must be blank) +// + int +pin_change(pinAttempt_t *args) +{ + 8004200: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + // Validate args and signature + int rv = _validate_attempt(args, false); + 8004204: 2100 movs r1, #0 +{ + 8004206: b0a4 sub sp, #144 ; 0x90 + 8004208: 4604 mov r4, r0 + int rv = _validate_attempt(args, false); + 800420a: f7ff fc73 bl 8003af4 <_validate_attempt> + if(rv) return rv; + 800420e: 4605 mov r5, r0 + 8004210: 2800 cmp r0, #0 + 8004212: f040 8094 bne.w 800433e + + if((args->state_flags & PA_SUCCESSFUL) != PA_SUCCESSFUL) { + 8004216: 6be3 ldr r3, [r4, #60] ; 0x3c + 8004218: 07d9 lsls r1, r3, #31 + 800421a: f140 809c bpl.w 8004356 + // must come here with a successful PIN login (so it's rate limited nicely) + return EPIN_WRONG_SUCCESS; + } + + if(args->state_flags & PA_IS_BLANK) { + 800421e: 079a lsls r2, r3, #30 + 8004220: d502 bpl.n 8004228 + // if blank, must provide blank value + if(args->pin_len) return EPIN_RANGE_ERR; + 8004222: 6aa3 ldr r3, [r4, #40] ; 0x28 + 8004224: 2b00 cmp r3, #0 + 8004226: d158 bne.n 80042da + } + + // Look at change flags. + const uint32_t cf = args->change_flags; + + ASSERT(!args->is_secondary); + 8004228: 6863 ldr r3, [r4, #4] + const uint32_t cf = args->change_flags; + 800422a: f8d4 9064 ldr.w r9, [r4, #100] ; 0x64 + ASSERT(!args->is_secondary); + 800422e: b113 cbz r3, 8004236 + 8004230: 484c ldr r0, [pc, #304] ; (8004364 ) + 8004232: f7fc fbf7 bl 8000a24 + if(cf & CHANGE_SECONDARY_WALLET_PIN) { + // obsolete secondary support, can't support. + return EPIN_BAD_REQUEST; + } + if(cf & (CHANGE_DURESS_PIN | CHANGE_DURESS_SECRET | CHANGE_BRICKME_PIN)) { + 8004236: f019 0f36 tst.w r9, #54 ; 0x36 + 800423a: d10b bne.n 8004254 + // we need some new API for trick PIN lookup/changes. + return EPIN_BAD_REQUEST; + } + if(!(cf & (CHANGE_WALLET_PIN | CHANGE_SECRET))) { + 800423c: f019 0f09 tst.w r9, #9 + 8004240: d04b beq.n 80042da + bool is_trick = ((args->private_state ^ rom_secrets->hash_cache_secret[0]) & 0x1); + 8004242: 4b49 ldr r3, [pc, #292] ; (8004368 ) + 8004244: 6c22 ldr r2, [r4, #64] ; 0x40 + 8004246: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 800424a: 4053 eors r3, r2 + // If they authorized w/ a trick PIN, new policy is to wipe ourselves if + // they try to change PIN code or the secret. + // - it's hard to fake them out here, and they may be onto us. + // - this protects the seed, but does end the game somewhat + // - all trick PINs will still be in effect, and looks like random reset + if(get_is_trick(args, NULL)) { + 800424c: 07db lsls r3, r3, #31 + 800424e: d504 bpl.n 800425a + // User is a thug.. kill secret and reboot w/o any notice + fast_wipe(); + 8004250: f7fe f9e4 bl 800261c + return EPIN_BAD_REQUEST; + 8004254: f06f 0567 mvn.w r5, #103 ; 0x67 + 8004258: e071 b.n 800433e + // NOT-REACHED + return EPIN_BAD_REQUEST; + } + + // unlock the AE chip + if(warmup_ae()) return EPIN_I_AM_BRICK; + 800425a: f7ff fc81 bl 8003b60 + 800425e: 4605 mov r5, r0 + 8004260: 2800 cmp r0, #0 + 8004262: d17b bne.n 800435c + // If they tricked us to get to this point, doesn't matter as + // below SE1 validates it all again. + + // Restore cached version of PIN digest: fast + uint8_t required_digest[32]; + pin_cache_restore(args, required_digest); + 8004264: f10d 0808 add.w r8, sp, #8 + 8004268: 4641 mov r1, r8 + 800426a: 4620 mov r0, r4 + 800426c: f7ff fe08 bl 8003e80 + + // Calculate new PIN hashed value: will be slow to do + if(cf & CHANGE_WALLET_PIN) { + 8004270: f019 0f01 tst.w r9, #1 + 8004274: d021 beq.n 80042ba + uint8_t new_digest[32]; + rv = pin_hash_attempt(args->new_pin, args->new_pin_len, new_digest); + 8004276: f8d4 10ac ldr.w r1, [r4, #172] ; 0xac + 800427a: aa12 add r2, sp, #72 ; 0x48 + 800427c: f104 008c add.w r0, r4, #140 ; 0x8c + 8004280: f7ff fd42 bl 8003d08 + if(rv) goto ae_fail; + 8004284: 2800 cmp r0, #0 + 8004286: d161 bne.n 800434c + + if(ae_encrypted_write(KEYNUM_main_pin, KEYNUM_main_pin, required_digest, new_digest, 32)) { + 8004288: 2320 movs r3, #32 + 800428a: 2103 movs r1, #3 + 800428c: 9300 str r3, [sp, #0] + 800428e: 4642 mov r2, r8 + 8004290: ab12 add r3, sp, #72 ; 0x48 + 8004292: 4608 mov r0, r1 + 8004294: f7ff f88c bl 80033b0 + 8004298: 2800 cmp r0, #0 + 800429a: d157 bne.n 800434c + goto ae_fail; + } + + memcpy(required_digest, new_digest, 32); + 800429c: af12 add r7, sp, #72 ; 0x48 + 800429e: cf0f ldmia r7!, {r0, r1, r2, r3} + 80042a0: 4646 mov r6, r8 + 80042a2: c60f stmia r6!, {r0, r1, r2, r3} + 80042a4: e897 000f ldmia.w r7, {r0, r1, r2, r3} + 80042a8: e886 000f stmia.w r6, {r0, r1, r2, r3} + + // main pin is changing; reset counter to zero (good login) and our cache + pin_cache_save(args, new_digest); + 80042ac: 4620 mov r0, r4 + 80042ae: a912 add r1, sp, #72 ; 0x48 + 80042b0: f7ff fdae bl 8003e10 + + updates_for_good_login(new_digest); + 80042b4: a812 add r0, sp, #72 ; 0x48 + 80042b6: f7ff fcd9 bl 8003c6c + } + + // Recording new secret. + // Note the required_digest might have just changed above. + if(cf & CHANGE_SECRET) { + 80042ba: f019 0f08 tst.w r9, #8 + 80042be: d037 beq.n 8004330 + int which = (args->change_flags >> 8) & 0xf; + 80042c0: 6e63 ldr r3, [r4, #100] ; 0x64 + 80042c2: 121b asrs r3, r3, #8 + switch(which) { + 80042c4: f013 020c ands.w r2, r3, #12 + 80042c8: d107 bne.n 80042da + 80042ca: 4928 ldr r1, [pc, #160] ; (800436c ) + int which = (args->change_flags >> 8) & 0xf; + 80042cc: f003 030f and.w r3, r3, #15 + 80042d0: f911 a003 ldrsb.w sl, [r1, r3] + uint8_t tmp[AE_SECRET_LEN]; + uint8_t check[32]; + + // what slot (key number) are updating? (probably: KEYNUM_secret) + int target_slot = keynum_for_secret(args); + if(target_slot < 0) return EPIN_RANGE_ERR; + 80042d4: f1ba 0f00 cmp.w sl, #0 + 80042d8: da02 bge.n 80042e0 + if(args->pin_len) return EPIN_RANGE_ERR; + 80042da: f06f 0566 mvn.w r5, #102 ; 0x66 + 80042de: e02e b.n 800433e + + se2_encrypt_secret(args->secret, AE_SECRET_LEN, 0, tmp, check, required_digest); + 80042e0: f104 07b0 add.w r7, r4, #176 ; 0xb0 + 80042e4: ae0a add r6, sp, #40 ; 0x28 + 80042e6: ab12 add r3, sp, #72 ; 0x48 + 80042e8: 2148 movs r1, #72 ; 0x48 + + // write into two slots + if(ae_encrypted_write(target_slot, KEYNUM_main_pin, + 80042ea: f04f 0948 mov.w r9, #72 ; 0x48 + se2_encrypt_secret(args->secret, AE_SECRET_LEN, 0, tmp, check, required_digest); + 80042ee: f8cd 8004 str.w r8, [sp, #4] + 80042f2: 9600 str r6, [sp, #0] + 80042f4: 4638 mov r0, r7 + 80042f6: f003 ff1d bl 8008134 + if(ae_encrypted_write(target_slot, KEYNUM_main_pin, + 80042fa: 2103 movs r1, #3 + 80042fc: f8cd 9000 str.w r9, [sp] + 8004300: eb0d 0309 add.w r3, sp, r9 + 8004304: 4642 mov r2, r8 + 8004306: 4650 mov r0, sl + 8004308: f7ff f852 bl 80033b0 + 800430c: 4601 mov r1, r0 + 800430e: b9e8 cbnz r0, 800434c + required_digest, tmp, AE_SECRET_LEN)){ + goto ae_fail; + } + if(ae_encrypted_write32(KEYNUM_check_secret, 0, KEYNUM_main_pin, required_digest, check)){ + 8004310: 9600 str r6, [sp, #0] + 8004312: 4643 mov r3, r8 + 8004314: 2203 movs r2, #3 + 8004316: 200a movs r0, #10 + 8004318: f7fe ffe4 bl 80032e4 + 800431c: b9b0 cbnz r0, 800434c + goto ae_fail; + } + + // update the zero-secret flag to be correct. + if(cf & CHANGE_SECRET) { + if(check_all_zeros(args->secret, AE_SECRET_LEN)) { + 800431e: 4649 mov r1, r9 + 8004320: 4638 mov r0, r7 + 8004322: f7fe f9a7 bl 8002674 + 8004326: 6be3 ldr r3, [r4, #60] ; 0x3c + 8004328: b168 cbz r0, 8004346 + args->state_flags |= PA_ZERO_SECRET; + 800432a: f043 0310 orr.w r3, r3, #16 + 800432e: 63e3 str r3, [r4, #60] ; 0x3c + args->state_flags &= ~PA_ZERO_SECRET; + } + } + } + + ae_reset_chip(); + 8004330: f7fe fb2a bl 8002988 + _hmac_attempt(args, args->hmac); + 8004334: f104 0144 add.w r1, r4, #68 ; 0x44 + 8004338: 4620 mov r0, r4 + 800433a: f7ff fbad bl 8003a98 <_hmac_attempt> + +ae_fail: + ae_reset_chip(); + + return EPIN_AE_FAIL; +} + 800433e: 4628 mov r0, r5 + 8004340: b024 add sp, #144 ; 0x90 + 8004342: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + args->state_flags &= ~PA_ZERO_SECRET; + 8004346: f023 0310 bic.w r3, r3, #16 + 800434a: e7f0 b.n 800432e + ae_reset_chip(); + 800434c: f7fe fb1c bl 8002988 + return EPIN_AE_FAIL; + 8004350: f06f 0569 mvn.w r5, #105 ; 0x69 + 8004354: e7f3 b.n 800433e + return EPIN_WRONG_SUCCESS; + 8004356: f06f 056c mvn.w r5, #108 ; 0x6c + 800435a: e7f0 b.n 800433e + if(warmup_ae()) return EPIN_I_AM_BRICK; + 800435c: f06f 0568 mvn.w r5, #104 ; 0x68 + 8004360: e7ed b.n 800433e + 8004362: bf00 nop + 8004364: 0800e354 .word 0x0800e354 + 8004368: 0801c000 .word 0x0801c000 + 800436c: 0800e690 .word 0x0800e690 + +08004370 : +// To encourage not keeping the secret in memory, a way to fetch it after you've already +// proven you know the PIN. +// + int +pin_fetch_secret(pinAttempt_t *args) +{ + 8004370: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + // Validate args and signature + int rv = _validate_attempt(args, false); + 8004374: 2100 movs r1, #0 +{ + 8004376: f5ad 7d38 sub.w sp, sp, #736 ; 0x2e0 + 800437a: 4604 mov r4, r0 + int rv = _validate_attempt(args, false); + 800437c: f7ff fbba bl 8003af4 <_validate_attempt> + if(rv) return rv; + 8004380: 4605 mov r5, r0 + 8004382: 2800 cmp r0, #0 + 8004384: d13d bne.n 8004402 + + if((args->state_flags & PA_SUCCESSFUL) != PA_SUCCESSFUL) { + 8004386: 6be3 ldr r3, [r4, #60] ; 0x3c + 8004388: 07db lsls r3, r3, #31 + 800438a: f140 80cd bpl.w 8004528 + // must come here with a successful PIN login (so it's rate limited nicely) + return EPIN_WRONG_SUCCESS; + } + if(args->change_flags & CHANGE_DURESS_SECRET) { + 800438e: 6e65 ldr r5, [r4, #100] ; 0x64 + 8004390: f015 0510 ands.w r5, r5, #16 + 8004394: f040 80cb bne.w 800452e + + // fetch the already-hashed pin + // - no real need to re-prove PIN knowledge. + // - if they tricked us, doesn't matter as below the SE validates it all again + uint8_t digest[32]; + pin_cache_restore(args, digest); + 8004398: f10d 081c add.w r8, sp, #28 + 800439c: 4641 mov r1, r8 + 800439e: 4620 mov r0, r4 + 80043a0: f7ff fd6e bl 8003e80 + bool is_trick = ((args->private_state ^ rom_secrets->hash_cache_secret[0]) & 0x1); + 80043a4: 4b65 ldr r3, [pc, #404] ; (800453c ) + 80043a6: 6c26 ldr r6, [r4, #64] ; 0x40 + 80043a8: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 80043ac: 4073 eors r3, r6 + if(!slot || !is_trick) return is_trick; + 80043ae: 07df lsls r7, r3, #31 + 80043b0: d561 bpl.n 8004476 + memset(slot, 0, sizeof(trick_slot_t)); + 80043b2: 2280 movs r2, #128 ; 0x80 + 80043b4: 4629 mov r1, r5 + 80043b6: a817 add r0, sp, #92 ; 0x5c + 80043b8: f009 f92a bl 800d610 + if(args->delay_required & TC_DELTA_MODE) { + 80043bc: 6b23 ldr r3, [r4, #48] ; 0x30 + 80043be: 0558 lsls r0, r3, #21 + 80043c0: d524 bpl.n 800440c + slot->tc_flags = args->delay_required; + 80043c2: f8ad 3060 strh.w r3, [sp, #96] ; 0x60 + slot->slot_num = -1; // unknown + 80043c6: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 80043ca: 9317 str r3, [sp, #92] ; 0x5c + + // determine if we should proceed under duress + trick_slot_t slot; + bool is_trick = get_is_trick(args, &slot); + + if(is_trick && !(slot.tc_flags & TC_DELTA_MODE)) { + 80043cc: f8bd 6060 ldrh.w r6, [sp, #96] ; 0x60 + 80043d0: f416 6180 ands.w r1, r6, #1024 ; 0x400 + 80043d4: d14f bne.n 8004476 + // emulate a 24-word wallet, or xprv based wallet + // see stash.py for encoding details + memset(args->secret, 0, AE_SECRET_LEN); + 80043d6: 2248 movs r2, #72 ; 0x48 + 80043d8: f104 00b0 add.w r0, r4, #176 ; 0xb0 + 80043dc: f009 f918 bl 800d610 + + if(slot.tc_flags & TC_WORD_WALLET) { + 80043e0: 04f1 lsls r1, r6, #19 + 80043e2: d536 bpl.n 8004452 + args->secret[0] = 0x82; // 24 word phrase + 80043e4: 2382 movs r3, #130 ; 0x82 + 80043e6: f884 30b0 strb.w r3, [r4, #176] ; 0xb0 + memcpy(&args->secret[1], slot.xdata, 32); + 80043ea: aa19 add r2, sp, #100 ; 0x64 + 80043ec: 34b1 adds r4, #177 ; 0xb1 + 80043ee: ae21 add r6, sp, #132 ; 0x84 + 80043f0: 4613 mov r3, r2 + 80043f2: cb03 ldmia r3!, {r0, r1} + 80043f4: 42b3 cmp r3, r6 + 80043f6: 6020 str r0, [r4, #0] + 80043f8: 6061 str r1, [r4, #4] + 80043fa: 461a mov r2, r3 + 80043fc: f104 0408 add.w r4, r4, #8 + 8004400: d1f6 bne.n 80043f0 + ae_reset_chip(); + + if(rv) return EPIN_AE_FAIL; + + return 0; +} + 8004402: 4628 mov r0, r5 + 8004404: f50d 7d38 add.w sp, sp, #736 ; 0x2e0 + 8004408: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + memcpy(key+4, rom_secrets->hash_cache_secret+4, sizeof(rom_secrets->hash_cache_secret)-4); + 800440c: 4f4c ldr r7, [pc, #304] ; (8004540 ) + memcpy(key, &args->private_state, sizeof(args->private_state)); + 800440e: 960f str r6, [sp, #60] ; 0x3c + memcpy(key+4, rom_secrets->hash_cache_secret+4, sizeof(rom_secrets->hash_cache_secret)-4); + 8004410: cf0f ldmia r7!, {r0, r1, r2, r3} + 8004412: ae10 add r6, sp, #64 ; 0x40 + 8004414: c60f stmia r6!, {r0, r1, r2, r3} + 8004416: e897 0007 ldmia.w r7, {r0, r1, r2} + 800441a: e886 0007 stmia.w r6, {r0, r1, r2} + aes_init(&ctx); + 800441e: a837 add r0, sp, #220 ; 0xdc + 8004420: f003 ffec bl 80083fc + aes_add(&ctx, args->cached_main_pin, 32); + 8004424: 2220 movs r2, #32 + 8004426: f104 01f8 add.w r1, r4, #248 ; 0xf8 + 800442a: a837 add r0, sp, #220 ; 0xdc + 800442c: f003 ffec bl 8008408 + aes_done(&ctx, (uint8_t *)slot, 32, key, NULL); + 8004430: a917 add r1, sp, #92 ; 0x5c + 8004432: 9500 str r5, [sp, #0] + 8004434: ab0f add r3, sp, #60 ; 0x3c + 8004436: 2220 movs r2, #32 + 8004438: a837 add r0, sp, #220 ; 0xdc + 800443a: f003 fffb bl 8008434 + if(slot->tc_flags & (TC_WORD_WALLET|TC_XPRV_WALLET)) { + 800443e: f8bd 1060 ldrh.w r1, [sp, #96] ; 0x60 + 8004442: f411 5fc0 tst.w r1, #6144 ; 0x1800 + 8004446: d0c1 beq.n 80043cc + se2_read_trick_data(slot->slot_num, slot->tc_flags, slot->xdata); + 8004448: 9817 ldr r0, [sp, #92] ; 0x5c + 800444a: aa19 add r2, sp, #100 ; 0x64 + 800444c: f003 fc80 bl 8007d50 + if(is_trick && !(slot.tc_flags & TC_DELTA_MODE)) { + 8004450: e7bc b.n 80043cc + } else if(slot.tc_flags & TC_XPRV_WALLET) { + 8004452: 0532 lsls r2, r6, #20 + 8004454: d5d5 bpl.n 8004402 + args->secret[0] = 0x01; // XPRV mode + 8004456: 2301 movs r3, #1 + 8004458: f884 30b0 strb.w r3, [r4, #176] ; 0xb0 + memcpy(&args->secret[1], slot.xdata, 64); + 800445c: aa19 add r2, sp, #100 ; 0x64 + 800445e: 34b1 adds r4, #177 ; 0xb1 + 8004460: ae29 add r6, sp, #164 ; 0xa4 + 8004462: 4613 mov r3, r2 + 8004464: cb03 ldmia r3!, {r0, r1} + 8004466: 42b3 cmp r3, r6 + 8004468: 6020 str r0, [r4, #0] + 800446a: 6061 str r1, [r4, #4] + 800446c: 461a mov r2, r3 + 800446e: f104 0408 add.w r4, r4, #8 + 8004472: d1f6 bne.n 8004462 + 8004474: e7c5 b.n 8004402 + int which = (args->change_flags >> 8) & 0xf; + 8004476: 6e63 ldr r3, [r4, #100] ; 0x64 + 8004478: 121b asrs r3, r3, #8 + switch(which) { + 800447a: f013 0f0c tst.w r3, #12 + 800447e: d159 bne.n 8004534 + 8004480: 4a30 ldr r2, [pc, #192] ; (8004544 ) + int which = (args->change_flags >> 8) & 0xf; + 8004482: f003 030f and.w r3, r3, #15 + 8004486: f912 9003 ldrsb.w r9, [r2, r3] + if(kn < 0) return EPIN_RANGE_ERR; + 800448a: f1b9 0f00 cmp.w r9, #0 + 800448e: db51 blt.n 8004534 + 8004490: 2703 movs r7, #3 + rv = ae_encrypted_read(kn, KEYNUM_main_pin, digest, tmp, AE_SECRET_LEN); + 8004492: f04f 0a48 mov.w sl, #72 ; 0x48 + 8004496: 2103 movs r1, #3 + 8004498: f8cd a000 str.w sl, [sp] + 800449c: ab37 add r3, sp, #220 ; 0xdc + 800449e: 4642 mov r2, r8 + 80044a0: 4648 mov r0, r9 + 80044a2: f7fe fee5 bl 8003270 + if(rv) continue; + 80044a6: 4601 mov r1, r0 + 80044a8: b130 cbz r0, 80044b8 + for(int retry=0; retry<3; retry++) { + 80044aa: 3f01 subs r7, #1 + 80044ac: d1f3 bne.n 8004496 + ae_reset_chip(); + 80044ae: f7fe fa6b bl 8002988 + if(rv) return EPIN_AE_FAIL; + 80044b2: f06f 0569 mvn.w r5, #105 ; 0x69 + 80044b6: e7a4 b.n 8004402 + rv = ae_encrypted_read32(KEYNUM_check_secret, 0, KEYNUM_main_pin, digest, check); + 80044b8: ae0f add r6, sp, #60 ; 0x3c + 80044ba: 9600 str r6, [sp, #0] + 80044bc: 4643 mov r3, r8 + 80044be: 2203 movs r2, #3 + 80044c0: 200a movs r0, #10 + 80044c2: f7fe feaa bl 800321a + if(rv) continue; + 80044c6: 4605 mov r5, r0 + 80044c8: 2800 cmp r0, #0 + 80044ca: d1ee bne.n 80044aa + se2_decrypt_secret(args->secret, AE_SECRET_LEN, 0, tmp, check, digest, &is_valid); + 80044cc: f10d 071b add.w r7, sp, #27 + 80044d0: f104 00b0 add.w r0, r4, #176 ; 0xb0 + 80044d4: ab37 add r3, sp, #220 ; 0xdc + 80044d6: e9cd 8701 strd r8, r7, [sp, #4] + 80044da: 9600 str r6, [sp, #0] + 80044dc: 462a mov r2, r5 + 80044de: 2148 movs r1, #72 ; 0x48 + 80044e0: 9005 str r0, [sp, #20] + 80044e2: f003 fe7d bl 80081e0 + if(!is_valid) { + 80044e6: f89d 301b ldrb.w r3, [sp, #27] + 80044ea: 9805 ldr r0, [sp, #20] + 80044ec: b993 cbnz r3, 8004514 + memset(args->secret, 0, AE_SECRET_LEN); + 80044ee: 2248 movs r2, #72 ; 0x48 + 80044f0: 4629 mov r1, r5 + 80044f2: f009 f88d bl 800d610 + if(!(args->state_flags & PA_ZERO_SECRET)) { + 80044f6: 6be3 ldr r3, [r4, #60] ; 0x3c + 80044f8: 06db lsls r3, r3, #27 + 80044fa: d408 bmi.n 800450e + args->state_flags |= PA_ZERO_SECRET; + 80044fc: 6be3 ldr r3, [r4, #60] ; 0x3c + 80044fe: f043 0310 orr.w r3, r3, #16 + 8004502: 63e3 str r3, [r4, #60] ; 0x3c + _hmac_attempt(args, args->hmac); + 8004504: f104 0144 add.w r1, r4, #68 ; 0x44 + 8004508: 4620 mov r0, r4 + 800450a: f7ff fac5 bl 8003a98 <_hmac_attempt> + ae_reset_chip(); + 800450e: f7fe fa3b bl 8002988 + if(rv) return EPIN_AE_FAIL; + 8004512: e776 b.n 8004402 + if(!args->secret[0] && check_all_zeros(args->secret, AE_SECRET_LEN)) { + 8004514: f894 30b0 ldrb.w r3, [r4, #176] ; 0xb0 + 8004518: 2b00 cmp r3, #0 + 800451a: d1f8 bne.n 800450e + 800451c: 2148 movs r1, #72 ; 0x48 + 800451e: f7fe f8a9 bl 8002674 + 8004522: 2800 cmp r0, #0 + 8004524: d0f3 beq.n 800450e + 8004526: e7e9 b.n 80044fc + return EPIN_WRONG_SUCCESS; + 8004528: f06f 056c mvn.w r5, #108 ; 0x6c + 800452c: e769 b.n 8004402 + return EPIN_BAD_REQUEST; + 800452e: f06f 0567 mvn.w r5, #103 ; 0x67 + 8004532: e766 b.n 8004402 + if(kn < 0) return EPIN_RANGE_ERR; + 8004534: f06f 0566 mvn.w r5, #102 ; 0x66 + 8004538: e763 b.n 8004402 + 800453a: bf00 nop + 800453c: 0801c000 .word 0x0801c000 + 8004540: 0801c074 .word 0x0801c074 + 8004544: 0800e690 .word 0x0800e690 + +08004548 : +// - new API so whole thing provided in one shot? encryption issues: provide +// "dest" and all 416 bytes end up there (read case only). +// + int +pin_long_secret(pinAttempt_t *args, uint8_t *dest) +{ + 8004548: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + 800454c: 460f mov r7, r1 + 800454e: b099 sub sp, #100 ; 0x64 + // Validate args and signature + int rv = _validate_attempt(args, false); + 8004550: 2100 movs r1, #0 +{ + 8004552: 4606 mov r6, r0 + int rv = _validate_attempt(args, false); + 8004554: f7ff face bl 8003af4 <_validate_attempt> + if(rv) return rv; + 8004558: 4604 mov r4, r0 + 800455a: b9b8 cbnz r0, 800458c + + if((args->state_flags & PA_SUCCESSFUL) != PA_SUCCESSFUL) { + 800455c: 6bf3 ldr r3, [r6, #60] ; 0x3c + 800455e: 07da lsls r2, r3, #31 + 8004560: f140 80a5 bpl.w 80046ae + bool is_trick = ((args->private_state ^ rom_secrets->hash_cache_secret[0]) & 0x1); + 8004564: 4b55 ldr r3, [pc, #340] ; (80046bc ) + 8004566: 6c32 ldr r2, [r6, #64] ; 0x40 + 8004568: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 800456c: 4053 eors r3, r2 + } + + // determine if we should proceed under duress/in some trick way + bool is_trick = get_is_trick(args, NULL); + + if(is_trick) { + 800456e: 07db lsls r3, r3, #31 + 8004570: d510 bpl.n 8004594 + // Not supported in trick mode. Pretend it's all zeros. Accept all writes. + memset(args->secret, 0, 32); + 8004572: 4601 mov r1, r0 + 8004574: 2220 movs r2, #32 + 8004576: f106 00b0 add.w r0, r6, #176 ; 0xb0 + 800457a: f009 f849 bl 800d610 + if(dest) memset(dest, 0, AE_LONG_SECRET_LEN); + 800457e: b12f cbz r7, 800458c + 8004580: f44f 72d0 mov.w r2, #416 ; 0x1a0 + 8004584: 4621 mov r1, r4 + 8004586: 4638 mov r0, r7 + 8004588: f009 f842 bl 800d610 + +se2_fail: + ae_reset_chip(); + + return EPIN_SE2_FAIL; +} + 800458c: 4620 mov r0, r4 + 800458e: b019 add sp, #100 ; 0x64 + 8004590: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + int blk = (args->change_flags >> 8) & 0xf; + 8004594: 6e73 ldr r3, [r6, #100] ; 0x64 + 8004596: f3c3 2803 ubfx r8, r3, #8, #4 + if(blk > 13) return EPIN_RANGE_ERR; + 800459a: f1b8 0f0d cmp.w r8, #13 + 800459e: f300 8089 bgt.w 80046b4 + pin_cache_restore(args, digest); + 80045a2: a908 add r1, sp, #32 + 80045a4: 4630 mov r0, r6 + 80045a6: f7ff fc6b bl 8003e80 + if(!(args->change_flags & CHANGE_SECRET)) { + 80045aa: 6e71 ldr r1, [r6, #100] ; 0x64 + 80045ac: f011 0908 ands.w r9, r1, #8 + 80045b0: d156 bne.n 8004660 + if(!dest) { + 80045b2: bb27 cbnz r7, 80045fe + rv = ae_encrypted_read32(KEYNUM_long_secret, blk, KEYNUM_main_pin, digest, tmp); + 80045b4: af10 add r7, sp, #64 ; 0x40 + 80045b6: 9700 str r7, [sp, #0] + 80045b8: ab08 add r3, sp, #32 + 80045ba: 2203 movs r2, #3 + 80045bc: 4641 mov r1, r8 + 80045be: 2008 movs r0, #8 + 80045c0: f7fe fe2b bl 800321a + if(rv) goto fail; + 80045c4: 4605 mov r5, r0 + 80045c6: 2800 cmp r0, #0 + 80045c8: d16a bne.n 80046a0 + se2_decrypt_secret(args->secret, 32, blk*32, tmp, NULL, digest, &is_valid); + 80045ca: f10d 031f add.w r3, sp, #31 + 80045ce: 9302 str r3, [sp, #8] + 80045d0: ab08 add r3, sp, #32 + 80045d2: f106 00b0 add.w r0, r6, #176 ; 0xb0 + 80045d6: e9cd 4300 strd r4, r3, [sp] + 80045da: ea4f 1248 mov.w r2, r8, lsl #5 + 80045de: 463b mov r3, r7 + 80045e0: 2120 movs r1, #32 + 80045e2: 9005 str r0, [sp, #20] + 80045e4: f003 fdfc bl 80081e0 + if(!is_valid) { + 80045e8: f89d 301f ldrb.w r3, [sp, #31] + 80045ec: 9805 ldr r0, [sp, #20] + 80045ee: b91b cbnz r3, 80045f8 + memset(args->secret, 0, 32); + 80045f0: 2220 movs r2, #32 + 80045f2: 4621 mov r1, r4 + memset(dest, 0, AE_LONG_SECRET_LEN); + 80045f4: f009 f80c bl 800d610 + ae_reset_chip(); + 80045f8: f7fe f9c6 bl 8002988 + if(rv) return EPIN_AE_FAIL; + 80045fc: e7c6 b.n 800458c + 80045fe: 463e mov r6, r7 + rv = ae_encrypted_read32(KEYNUM_long_secret, blk, KEYNUM_main_pin, digest, p); + 8004600: 9600 str r6, [sp, #0] + 8004602: ab08 add r3, sp, #32 + 8004604: 2203 movs r2, #3 + 8004606: 4649 mov r1, r9 + 8004608: 2008 movs r0, #8 + 800460a: f7fe fe06 bl 800321a + if(rv) goto fail; + 800460e: 4605 mov r5, r0 + 8004610: 2800 cmp r0, #0 + 8004612: d145 bne.n 80046a0 + for(blk=0; blk<13; blk++, p += 32) { + 8004614: f109 0901 add.w r9, r9, #1 + 8004618: f1b9 0f0d cmp.w r9, #13 + 800461c: f106 0620 add.w r6, r6, #32 + 8004620: d1ee bne.n 8004600 + ASSERT(p == dest+AE_LONG_SECRET_LEN); + 8004622: f507 73d0 add.w r3, r7, #416 ; 0x1a0 + 8004626: 429e cmp r6, r3 + 8004628: d002 beq.n 8004630 + 800462a: 4825 ldr r0, [pc, #148] ; (80046c0 ) + 800462c: f7fc f9fa bl 8000a24 + se2_decrypt_secret(dest, AE_LONG_SECRET_LEN, 0, dest, NULL, digest, &is_valid); + 8004630: ab10 add r3, sp, #64 ; 0x40 + 8004632: 9302 str r3, [sp, #8] + 8004634: ab08 add r3, sp, #32 + 8004636: e9cd 0300 strd r0, r3, [sp] + 800463a: 4602 mov r2, r0 + 800463c: 463b mov r3, r7 + 800463e: f44f 71d0 mov.w r1, #416 ; 0x1a0 + 8004642: 4638 mov r0, r7 + 8004644: f003 fdcc bl 80081e0 + if(!is_valid) { + 8004648: f89d 4040 ldrb.w r4, [sp, #64] ; 0x40 + 800464c: b924 cbnz r4, 8004658 + memset(dest, 0, AE_LONG_SECRET_LEN); + 800464e: f44f 72d0 mov.w r2, #416 ; 0x1a0 + 8004652: 4621 mov r1, r4 + 8004654: 4638 mov r0, r7 + 8004656: e7cd b.n 80045f4 + ae_reset_chip(); + 8004658: f7fe f996 bl 8002988 + return 0; + 800465c: 462c mov r4, r5 + 800465e: e795 b.n 800458c + uint8_t tmp[32] = {0}; + 8004660: 221c movs r2, #28 + 8004662: 4621 mov r1, r4 + 8004664: a811 add r0, sp, #68 ; 0x44 + 8004666: 9410 str r4, [sp, #64] ; 0x40 + if(se2_encrypt_secret(args->secret, 32, blk*32, tmp, NULL, digest)) { + 8004668: ad10 add r5, sp, #64 ; 0x40 + uint8_t tmp[32] = {0}; + 800466a: f008 ffd1 bl 800d610 + if(se2_encrypt_secret(args->secret, 32, blk*32, tmp, NULL, digest)) { + 800466e: ab08 add r3, sp, #32 + 8004670: e9cd 4300 strd r4, r3, [sp] + 8004674: ea4f 1248 mov.w r2, r8, lsl #5 + 8004678: 462b mov r3, r5 + 800467a: 2120 movs r1, #32 + 800467c: f106 00b0 add.w r0, r6, #176 ; 0xb0 + 8004680: f003 fd58 bl 8008134 + 8004684: b120 cbz r0, 8004690 + ae_reset_chip(); + 8004686: f7fe f97f bl 8002988 + return EPIN_SE2_FAIL; + 800468a: f06f 0472 mvn.w r4, #114 ; 0x72 + 800468e: e77d b.n 800458c + rv = ae_encrypted_write32(KEYNUM_long_secret, blk, KEYNUM_main_pin, digest, tmp); + 8004690: 9500 str r5, [sp, #0] + 8004692: ab08 add r3, sp, #32 + 8004694: 2203 movs r2, #3 + 8004696: 4641 mov r1, r8 + 8004698: 2008 movs r0, #8 + 800469a: f7fe fe23 bl 80032e4 + 800469e: 4605 mov r5, r0 + ae_reset_chip(); + 80046a0: f7fe f972 bl 8002988 + if(rv) return EPIN_AE_FAIL; + 80046a4: 2d00 cmp r5, #0 + 80046a6: bf18 it ne + 80046a8: f06f 0469 mvnne.w r4, #105 ; 0x69 + 80046ac: e76e b.n 800458c + return EPIN_WRONG_SUCCESS; + 80046ae: f06f 046c mvn.w r4, #108 ; 0x6c + 80046b2: e76b b.n 800458c + if(blk > 13) return EPIN_RANGE_ERR; + 80046b4: f06f 0466 mvn.w r4, #102 ; 0x66 + 80046b8: e768 b.n 800458c + 80046ba: bf00 nop + 80046bc: 0801c000 .word 0x0801c000 + 80046c0: 0800e354 .word 0x0800e354 + +080046c4 : +// +// Record current flash checksum and make green light go on. +// + int +pin_firmware_greenlight(pinAttempt_t *args) +{ + 80046c4: b530 push {r4, r5, lr} + // Validate args and signature + int rv = _validate_attempt(args, false); + 80046c6: 2100 movs r1, #0 +{ + 80046c8: b09b sub sp, #108 ; 0x6c + 80046ca: 4604 mov r4, r0 + int rv = _validate_attempt(args, false); + 80046cc: f7ff fa12 bl 8003af4 <_validate_attempt> + if(rv) return rv; + 80046d0: bb20 cbnz r0, 800471c + + if((args->state_flags & PA_SUCCESSFUL) != PA_SUCCESSFUL) { + 80046d2: 6be3 ldr r3, [r4, #60] ; 0x3c + 80046d4: 07da lsls r2, r3, #31 + 80046d6: d529 bpl.n 800472c + // must come here with a successful PIN login (so it's rate limited nicely) + return EPIN_WRONG_SUCCESS; + } + + if(args->is_secondary) { + 80046d8: 6865 ldr r5, [r4, #4] + 80046da: bb55 cbnz r5, 8004732 + return EPIN_PRIMARY_ONLY; + } + + // load existing PIN's hash + uint8_t digest[32]; + pin_cache_restore(args, digest); + 80046dc: a902 add r1, sp, #8 + 80046de: 4620 mov r0, r4 + 80046e0: f7ff fbce bl 8003e80 + + // step 1: calc the value to use + uint8_t fw_check[32], world_check[32]; + checksum_flash(fw_check, world_check, 0); + 80046e4: 462a mov r2, r5 + 80046e6: a912 add r1, sp, #72 ; 0x48 + 80046e8: a80a add r0, sp, #40 ; 0x28 + 80046ea: f7fd f995 bl 8001a18 + + // step 2: write it out to chip. + if(warmup_ae()) return EPIN_I_AM_BRICK; + 80046ee: f7ff fa37 bl 8003b60 + 80046f2: bb08 cbnz r0, 8004738 + bool is_trick = ((args->private_state ^ rom_secrets->hash_cache_secret[0]) & 0x1); + 80046f4: 4b12 ldr r3, [pc, #72] ; (8004740 ) + 80046f6: 6c22 ldr r2, [r4, #64] ; 0x40 + 80046f8: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 80046fc: 4053 eors r3, r2 + + // under duress, we can't fake this, but we go through the motions anyway + if(!get_is_trick(args, NULL)) { + 80046fe: 07db lsls r3, r3, #31 + 8004700: d40e bmi.n 8004720 + rv = ae_encrypted_write(KEYNUM_firmware, KEYNUM_main_pin, digest, world_check, 32); + 8004702: 2320 movs r3, #32 + 8004704: 9300 str r3, [sp, #0] + 8004706: aa02 add r2, sp, #8 + 8004708: ab12 add r3, sp, #72 ; 0x48 + 800470a: 2103 movs r1, #3 + 800470c: 200e movs r0, #14 + 800470e: f7fe fe4f bl 80033b0 + + if(rv) { + 8004712: b128 cbz r0, 8004720 + ae_reset_chip(); + 8004714: f7fe f938 bl 8002988 + + return EPIN_AE_FAIL; + 8004718: f06f 0069 mvn.w r0, #105 ; 0x69 + + return EPIN_AE_FAIL; + } + + return 0; +} + 800471c: b01b add sp, #108 ; 0x6c + 800471e: bd30 pop {r4, r5, pc} + rv = ae_set_gpio_secure(world_check); + 8004720: a812 add r0, sp, #72 ; 0x48 + 8004722: f7fe fed7 bl 80034d4 + if(rv) { + 8004726: 2800 cmp r0, #0 + 8004728: d0f8 beq.n 800471c + 800472a: e7f3 b.n 8004714 + return EPIN_WRONG_SUCCESS; + 800472c: f06f 006c mvn.w r0, #108 ; 0x6c + 8004730: e7f4 b.n 800471c + return EPIN_PRIMARY_ONLY; + 8004732: f06f 0071 mvn.w r0, #113 ; 0x71 + 8004736: e7f1 b.n 800471c + if(warmup_ae()) return EPIN_I_AM_BRICK; + 8004738: f06f 0068 mvn.w r0, #104 ; 0x68 + 800473c: e7ee b.n 800471c + 800473e: bf00 nop + 8004740: 0801c000 .word 0x0801c000 + +08004744 : +// Update the system firmware via file in PSRAM. Arrange for +// light to stay green through out process. +// + int +pin_firmware_upgrade(pinAttempt_t *args) +{ + 8004744: b570 push {r4, r5, r6, lr} + // Validate args and signature + int rv = _validate_attempt(args, false); + 8004746: 2100 movs r1, #0 +{ + 8004748: b092 sub sp, #72 ; 0x48 + 800474a: 4604 mov r4, r0 + int rv = _validate_attempt(args, false); + 800474c: f7ff f9d2 bl 8003af4 <_validate_attempt> + if(rv) return rv; + 8004750: 2800 cmp r0, #0 + 8004752: d14e bne.n 80047f2 + + if((args->state_flags & PA_SUCCESSFUL) != PA_SUCCESSFUL) { + 8004754: 6be3 ldr r3, [r4, #60] ; 0x3c + 8004756: 07da lsls r2, r3, #31 + 8004758: d54d bpl.n 80047f6 + // must come here with a successful PIN login + return EPIN_WRONG_SUCCESS; + } + + if(args->change_flags != CHANGE_FIRMWARE) { + 800475a: 6e63 ldr r3, [r4, #100] ; 0x64 + 800475c: 2b40 cmp r3, #64 ; 0x40 + 800475e: d11c bne.n 800479a + } + + // expecting start/length relative to psram start + uint32_t *about = (uint32_t *)args->secret; + uint32_t start = about[0]; + uint32_t len = about[1]; + 8004760: e9d4 562c ldrd r5, r6, [r4, #176] ; 0xb0 + + if(len < 32768) return EPIN_RANGE_ERR; + 8004764: f5a6 4300 sub.w r3, r6, #32768 ; 0x8000 + 8004768: f5b3 1ffc cmp.w r3, #2064384 ; 0x1f8000 + 800476c: d846 bhi.n 80047fc + if(len > 2<<20) return EPIN_RANGE_ERR; + if(start+len > PSRAM_SIZE) return EPIN_RANGE_ERR; + 800476e: 19ab adds r3, r5, r6 + 8004770: f5b3 0f00 cmp.w r3, #8388608 ; 0x800000 + 8004774: d842 bhi.n 80047fc + + const uint8_t *data = (const uint8_t *)PSRAM_BASE+start; + 8004776: f105 4510 add.w r5, r5, #2415919104 ; 0x90000000 + + // verify a firmware image that's in RAM, and calc its digest + // - also applies watermark policy, etc + uint8_t world_check[32]; + bool ok = verify_firmware_in_ram(data, len, world_check); + 800477a: aa02 add r2, sp, #8 + 800477c: 4631 mov r1, r6 + 800477e: 4628 mov r0, r5 + 8004780: f7fd fa58 bl 8001c34 + if(!ok) { + 8004784: 2800 cmp r0, #0 + 8004786: d03c beq.n 8004802 + bool is_trick = ((args->private_state ^ rom_secrets->hash_cache_secret[0]) & 0x1); + 8004788: 4b21 ldr r3, [pc, #132] ; (8004810 ) + 800478a: 6c22 ldr r2, [r4, #64] ; 0x40 + 800478c: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 8004790: 4053 eors r3, r2 + return EPIN_AUTH_FAIL; + } + + // under duress, we can't fake this, so kill ourselves. + if(get_is_trick(args, NULL)) { + 8004792: 07db lsls r3, r3, #31 + 8004794: d504 bpl.n 80047a0 + // User is a thug.. kill secret and reboot w/o any notice + fast_wipe(); + 8004796: f7fd ff41 bl 800261c + return EPIN_BAD_REQUEST; + 800479a: f06f 0067 mvn.w r0, #103 ; 0x67 + 800479e: e028 b.n 80047f2 + return EPIN_BAD_REQUEST; + } + + // load existing PIN's hash + uint8_t digest[32]; + pin_cache_restore(args, digest); + 80047a0: a90a add r1, sp, #40 ; 0x28 + 80047a2: 4620 mov r0, r4 + 80047a4: f7ff fb6c bl 8003e80 + + // step 1: calc the value to use, see above + if(warmup_ae()) return EPIN_I_AM_BRICK; + 80047a8: f7ff f9da bl 8003b60 + 80047ac: bb60 cbnz r0, 8004808 + + // step 2: write it out to chip. + rv = ae_encrypted_write(KEYNUM_firmware, KEYNUM_main_pin, digest, world_check, 32); + 80047ae: 2320 movs r3, #32 + 80047b0: 9300 str r3, [sp, #0] + 80047b2: aa0a add r2, sp, #40 ; 0x28 + 80047b4: ab02 add r3, sp, #8 + 80047b6: 2103 movs r1, #3 + 80047b8: 200e movs r0, #14 + 80047ba: f7fe fdf9 bl 80033b0 + if(rv) goto fail; + 80047be: b9a0 cbnz r0, 80047ea + + // this turns on green light + rv = ae_set_gpio_secure(world_check); + 80047c0: a802 add r0, sp, #8 + 80047c2: f7fe fe87 bl 80034d4 + if(rv) goto fail; + 80047c6: b980 cbnz r0, 80047ea + + // -- point of no return -- + + // burn it, shows progress + psram_do_upgrade(data, len); + 80047c8: 4631 mov r1, r6 + 80047ca: 4628 mov r0, r5 + 80047cc: f000 fbf4 bl 8004fb8 + 80047d0: f3bf 8f4f dsb sy + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 80047d4: 490f ldr r1, [pc, #60] ; (8004814 ) + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 80047d6: 4b10 ldr r3, [pc, #64] ; (8004818 ) + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 80047d8: 68ca ldr r2, [r1, #12] + 80047da: f402 62e0 and.w r2, r2, #1792 ; 0x700 + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 80047de: 4313 orrs r3, r2 + 80047e0: 60cb str r3, [r1, #12] + 80047e2: f3bf 8f4f dsb sy + __NOP(); + 80047e6: bf00 nop + for(;;) /* wait until reset */ + 80047e8: e7fd b.n 80047e6 + NVIC_SystemReset(); + + return 0; + +fail: + ae_reset_chip(); + 80047ea: f7fe f8cd bl 8002988 + + return EPIN_AE_FAIL; + 80047ee: f06f 0069 mvn.w r0, #105 ; 0x69 +} + 80047f2: b012 add sp, #72 ; 0x48 + 80047f4: bd70 pop {r4, r5, r6, pc} + return EPIN_WRONG_SUCCESS; + 80047f6: f06f 006c mvn.w r0, #108 ; 0x6c + 80047fa: e7fa b.n 80047f2 + if(len < 32768) return EPIN_RANGE_ERR; + 80047fc: f06f 0066 mvn.w r0, #102 ; 0x66 + 8004800: e7f7 b.n 80047f2 + return EPIN_AUTH_FAIL; + 8004802: f06f 006f mvn.w r0, #111 ; 0x6f + 8004806: e7f4 b.n 80047f2 + if(warmup_ae()) return EPIN_I_AM_BRICK; + 8004808: f06f 0068 mvn.w r0, #104 ; 0x68 + 800480c: e7f1 b.n 80047f2 + 800480e: bf00 nop + 8004810: 0801c000 .word 0x0801c000 + 8004814: e000ed00 .word 0xe000ed00 + 8004818: 05fa0004 .word 0x05fa0004 + +0800481c : + +// strcat_hex() +// + void +strcat_hex(char *msg, const void *d, int len) +{ + 800481c: b570 push {r4, r5, r6, lr} + 800481e: 4616 mov r6, r2 + 8004820: 4604 mov r4, r0 + 8004822: 460d mov r5, r1 + char *p = msg+strlen(msg); + 8004824: f008 ff1f bl 800d666 + const uint8_t *h = (const uint8_t *)d; + + for(; len; len--, h++) { + *(p++) = hexmap[(*h>>4) & 0xf]; + 8004828: 4a0b ldr r2, [pc, #44] ; (8004858 ) + char *p = msg+strlen(msg); + 800482a: 4420 add r0, r4 + for(; len; len--, h++) { + 800482c: 1e69 subs r1, r5, #1 + 800482e: eb00 0646 add.w r6, r0, r6, lsl #1 + 8004832: 42b0 cmp r0, r6 + 8004834: d102 bne.n 800483c + *(p++) = hexmap[(*h>>0) & 0xf]; + } + + *(p++) = 0; + 8004836: 2300 movs r3, #0 + 8004838: 7003 strb r3, [r0, #0] +} + 800483a: bd70 pop {r4, r5, r6, pc} + *(p++) = hexmap[(*h>>4) & 0xf]; + 800483c: f811 3f01 ldrb.w r3, [r1, #1]! + 8004840: 091b lsrs r3, r3, #4 + 8004842: 5cd3 ldrb r3, [r2, r3] + 8004844: f800 3b02 strb.w r3, [r0], #2 + *(p++) = hexmap[(*h>>0) & 0xf]; + 8004848: 780b ldrb r3, [r1, #0] + 800484a: f003 030f and.w r3, r3, #15 + 800484e: 5cd3 ldrb r3, [r2, r3] + 8004850: f800 3c01 strb.w r3, [r0, #-1] + for(; len; len--, h++) { + 8004854: e7ed b.n 8004832 + 8004856: bf00 nop + 8004858: 0800e6c2 .word 0x0800e6c2 + +0800485c : + * parameters in the USART_InitTypeDef and initialize the associated handle. + * @param husart USART handle. + * @retval HAL status + */ +HAL_StatusTypeDef HAL_USART_Init(USART_HandleTypeDef *husart) +{ + 800485c: b5f8 push {r3, r4, r5, r6, r7, lr} + /* Check the USART handle allocation */ + if (husart == NULL) + 800485e: 4604 mov r4, r0 + 8004860: b910 cbnz r0, 8004868 + { + return HAL_ERROR; + 8004862: 2501 movs r5, #1 + /* Enable the Peripheral */ + __HAL_USART_ENABLE(husart); + + /* TEACK and/or REACK to check before moving husart->State to Ready */ + return (USART_CheckIdleState(husart)); +} + 8004864: 4628 mov r0, r5 + 8004866: bdf8 pop {r3, r4, r5, r6, r7, pc} + if (husart->State == HAL_USART_STATE_RESET) + 8004868: f890 3059 ldrb.w r3, [r0, #89] ; 0x59 + 800486c: f003 02ff and.w r2, r3, #255 ; 0xff + 8004870: b90b cbnz r3, 8004876 + husart->Lock = HAL_UNLOCKED; + 8004872: f880 2058 strb.w r2, [r0, #88] ; 0x58 + __HAL_USART_DISABLE(husart); + 8004876: 6823 ldr r3, [r4, #0] + tmpreg = (uint32_t)husart->Init.WordLength | husart->Init.Parity | husart->Init.Mode | USART_CR1_OVER8; + 8004878: 6921 ldr r1, [r4, #16] + husart->State = HAL_USART_STATE_BUSY; + 800487a: 2502 movs r5, #2 + 800487c: f884 5059 strb.w r5, [r4, #89] ; 0x59 + __HAL_USART_DISABLE(husart); + 8004880: 681a ldr r2, [r3, #0] + 8004882: f022 0201 bic.w r2, r2, #1 + 8004886: 601a str r2, [r3, #0] + tmpreg = (uint32_t)husart->Init.WordLength | husart->Init.Parity | husart->Init.Mode | USART_CR1_OVER8; + 8004888: 68a2 ldr r2, [r4, #8] + MODIFY_REG(husart->Instance->CR1, USART_CR1_FIELDS, tmpreg); + 800488a: 6818 ldr r0, [r3, #0] + tmpreg = (uint32_t)husart->Init.WordLength | husart->Init.Parity | husart->Init.Mode | USART_CR1_OVER8; + 800488c: 430a orrs r2, r1 + MODIFY_REG(husart->Instance->CR1, USART_CR1_FIELDS, tmpreg); + 800488e: 49a9 ldr r1, [pc, #676] ; (8004b34 ) + 8004890: 4001 ands r1, r0 + 8004892: 430a orrs r2, r1 + 8004894: 6961 ldr r1, [r4, #20] + MODIFY_REG(husart->Instance->CR2, USART_CR2_FIELDS, tmpreg); + 8004896: 69a0 ldr r0, [r4, #24] + MODIFY_REG(husart->Instance->CR1, USART_CR1_FIELDS, tmpreg); + 8004898: 430a orrs r2, r1 + 800489a: f442 4200 orr.w r2, r2, #32768 ; 0x8000 + 800489e: 601a str r2, [r3, #0] + MODIFY_REG(husart->Instance->CR2, USART_CR2_FIELDS, tmpreg); + 80048a0: 6859 ldr r1, [r3, #4] + 80048a2: 6a22 ldr r2, [r4, #32] + 80048a4: f421 517c bic.w r1, r1, #16128 ; 0x3f00 + 80048a8: f021 0109 bic.w r1, r1, #9 + 80048ac: 4302 orrs r2, r0 + 80048ae: 430a orrs r2, r1 + 80048b0: 69e1 ldr r1, [r4, #28] + 80048b2: 430a orrs r2, r1 + 80048b4: 68e1 ldr r1, [r4, #12] + 80048b6: 430a orrs r2, r1 + 80048b8: f442 6200 orr.w r2, r2, #2048 ; 0x800 + 80048bc: 605a str r2, [r3, #4] + MODIFY_REG(husart->Instance->PRESC, USART_PRESC_PRESCALER, husart->Init.ClockPrescaler); + 80048be: 6ad9 ldr r1, [r3, #44] ; 0x2c + 80048c0: 6a62 ldr r2, [r4, #36] ; 0x24 + 80048c2: f021 010f bic.w r1, r1, #15 + 80048c6: 4311 orrs r1, r2 + 80048c8: 62d9 str r1, [r3, #44] ; 0x2c + USART_GETCLOCKSOURCE(husart, clocksource); + 80048ca: 499b ldr r1, [pc, #620] ; (8004b38 ) + 80048cc: 428b cmp r3, r1 + 80048ce: d10e bne.n 80048ee + 80048d0: 4b9a ldr r3, [pc, #616] ; (8004b3c ) + 80048d2: f8d3 3088 ldr.w r3, [r3, #136] ; 0x88 + 80048d6: f003 0303 and.w r3, r3, #3 + 80048da: 42ab cmp r3, r5 + 80048dc: f000 80cd beq.w 8004a7a + 80048e0: 2b03 cmp r3, #3 + 80048e2: d01a beq.n 800491a + 80048e4: 2b01 cmp r3, #1 + 80048e6: d153 bne.n 8004990 + pclk = HAL_RCC_GetSysClockFreq(); + 80048e8: f003 ff3e bl 8008768 + 80048ec: e052 b.n 8004994 + USART_GETCLOCKSOURCE(husart, clocksource); + 80048ee: 4994 ldr r1, [pc, #592] ; (8004b40 ) + 80048f0: 428b cmp r3, r1 + 80048f2: d13c bne.n 800496e + 80048f4: 4b91 ldr r3, [pc, #580] ; (8004b3c ) + 80048f6: f8d3 3088 ldr.w r3, [r3, #136] ; 0x88 + 80048fa: f003 030c and.w r3, r3, #12 + 80048fe: 2b08 cmp r3, #8 + 8004900: f000 80bb beq.w 8004a7a + 8004904: d807 bhi.n 8004916 + 8004906: 2b00 cmp r3, #0 + 8004908: f000 80b4 beq.w 8004a74 + 800490c: 2b04 cmp r3, #4 + 800490e: d0eb beq.n 80048e8 + uint32_t usartdiv = 0x00000000; + 8004910: 2300 movs r3, #0 + ret = HAL_ERROR; + 8004912: 2501 movs r5, #1 + 8004914: e06e b.n 80049f4 + USART_GETCLOCKSOURCE(husart, clocksource); + 8004916: 2b0c cmp r3, #12 + 8004918: d1fa bne.n 8004910 + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(LSE_VALUE, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 800491a: 2a00 cmp r2, #0 + 800491c: f000 80fb beq.w 8004b16 + 8004920: 2a01 cmp r2, #1 + 8004922: f000 80fa beq.w 8004b1a + 8004926: 2a02 cmp r2, #2 + 8004928: f000 80f9 beq.w 8004b1e + 800492c: 2a03 cmp r2, #3 + 800492e: f000 80f8 beq.w 8004b22 + 8004932: 2a04 cmp r2, #4 + 8004934: f000 80f7 beq.w 8004b26 + 8004938: 2a05 cmp r2, #5 + 800493a: f000 80f6 beq.w 8004b2a + 800493e: 2a06 cmp r2, #6 + 8004940: f000 80f5 beq.w 8004b2e + 8004944: 2a07 cmp r2, #7 + 8004946: f000 8101 beq.w 8004b4c + 800494a: 2a08 cmp r2, #8 + 800494c: f000 8100 beq.w 8004b50 + 8004950: 2a09 cmp r2, #9 + 8004952: f000 80ff beq.w 8004b54 + 8004956: 2a0a cmp r2, #10 + 8004958: f000 80fe beq.w 8004b58 + 800495c: 2a0b cmp r2, #11 + 800495e: bf14 ite ne + 8004960: 2201 movne r2, #1 + 8004962: f44f 7280 moveq.w r2, #256 ; 0x100 + 8004966: 6861 ldr r1, [r4, #4] + 8004968: f44f 4300 mov.w r3, #32768 ; 0x8000 + 800496c: e0a1 b.n 8004ab2 + USART_GETCLOCKSOURCE(husart, clocksource); + 800496e: 4975 ldr r1, [pc, #468] ; (8004b44 ) + 8004970: 428b cmp r3, r1 + 8004972: d1cd bne.n 8004910 + 8004974: 4b71 ldr r3, [pc, #452] ; (8004b3c ) + 8004976: f8d3 3088 ldr.w r3, [r3, #136] ; 0x88 + 800497a: f003 0330 and.w r3, r3, #48 ; 0x30 + 800497e: 2b20 cmp r3, #32 + 8004980: d07b beq.n 8004a7a + 8004982: d803 bhi.n 800498c + 8004984: 2b00 cmp r3, #0 + 8004986: d075 beq.n 8004a74 + 8004988: 2b10 cmp r3, #16 + 800498a: e7c0 b.n 800490e + 800498c: 2b30 cmp r3, #48 ; 0x30 + 800498e: e7c3 b.n 8004918 + pclk = HAL_RCC_GetPCLK2Freq(); + 8004990: f004 faf8 bl 8008f84 + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(pclk, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004994: 6a62 ldr r2, [r4, #36] ; 0x24 + 8004996: 2a00 cmp r2, #0 + 8004998: f000 80a7 beq.w 8004aea + 800499c: 2a01 cmp r2, #1 + 800499e: f000 80a6 beq.w 8004aee + 80049a2: 2a02 cmp r2, #2 + 80049a4: f000 80a5 beq.w 8004af2 + 80049a8: 2a03 cmp r2, #3 + 80049aa: f000 80a4 beq.w 8004af6 + 80049ae: 2a04 cmp r2, #4 + 80049b0: f000 80a3 beq.w 8004afa + 80049b4: 2a05 cmp r2, #5 + 80049b6: f000 80a2 beq.w 8004afe + 80049ba: 2a06 cmp r2, #6 + 80049bc: f000 80a1 beq.w 8004b02 + 80049c0: 2a07 cmp r2, #7 + 80049c2: f000 80a0 beq.w 8004b06 + 80049c6: 2a08 cmp r2, #8 + 80049c8: f000 809f beq.w 8004b0a + 80049cc: 2a09 cmp r2, #9 + 80049ce: f000 809e beq.w 8004b0e + 80049d2: 2a0a cmp r2, #10 + 80049d4: f000 809d beq.w 8004b12 + 80049d8: 2a0b cmp r2, #11 + 80049da: bf14 ite ne + 80049dc: 2201 movne r2, #1 + 80049de: f44f 7280 moveq.w r2, #256 ; 0x100 + 80049e2: 6861 ldr r1, [r4, #4] + 80049e4: fbb0 f0f2 udiv r0, r0, r2 + 80049e8: 084b lsrs r3, r1, #1 + 80049ea: eb03 0340 add.w r3, r3, r0, lsl #1 + HAL_StatusTypeDef ret = HAL_OK; + 80049ee: 2500 movs r5, #0 + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(LSE_VALUE, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 80049f0: fbb3 f3f1 udiv r3, r3, r1 + if ((usartdiv >= USART_BRR_MIN) && (usartdiv <= USART_BRR_MAX)) + 80049f4: f1a3 0110 sub.w r1, r3, #16 + 80049f8: f64f 72ef movw r2, #65519 ; 0xffef + 80049fc: 4291 cmp r1, r2 + brrtemp = (uint16_t)(usartdiv & 0xFFF0U); + 80049fe: bf9f itttt ls + 8004a00: f023 020f bicls.w r2, r3, #15 + 8004a04: b292 uxthls r2, r2 + brrtemp |= (uint16_t)((usartdiv & (uint16_t)0x000FU) >> 1U); + 8004a06: f3c3 0342 ubfxls r3, r3, #1, #3 + husart->Instance->BRR = brrtemp; + 8004a0a: 6821 ldrls r1, [r4, #0] + 8004a0c: bf9a itte ls + 8004a0e: 4313 orrls r3, r2 + 8004a10: 60cb strls r3, [r1, #12] + ret = HAL_ERROR; + 8004a12: 2501 movhi r5, #1 + husart->NbTxDataToProcess = 1U; + 8004a14: 2301 movs r3, #1 + husart->RxISR = NULL; + 8004a16: 2200 movs r2, #0 + if (USART_SetConfig(husart) == HAL_ERROR) + 8004a18: 429d cmp r5, r3 + husart->TxISR = NULL; + 8004a1a: e9c4 2212 strd r2, r2, [r4, #72] ; 0x48 + husart->NbTxDataToProcess = 1U; + 8004a1e: 87a3 strh r3, [r4, #60] ; 0x3c + husart->NbRxDataToProcess = 1U; + 8004a20: 8763 strh r3, [r4, #58] ; 0x3a + if (USART_SetConfig(husart) == HAL_ERROR) + 8004a22: f43f af1e beq.w 8004862 + husart->Instance->CR2 &= ~USART_CR2_LINEN; + 8004a26: 6823 ldr r3, [r4, #0] + 8004a28: 6859 ldr r1, [r3, #4] + 8004a2a: f421 4180 bic.w r1, r1, #16384 ; 0x4000 + 8004a2e: 6059 str r1, [r3, #4] + husart->Instance->CR3 &= ~(USART_CR3_SCEN | USART_CR3_HDSEL | USART_CR3_IREN); + 8004a30: 6899 ldr r1, [r3, #8] + 8004a32: f021 012a bic.w r1, r1, #42 ; 0x2a + 8004a36: 6099 str r1, [r3, #8] + __HAL_USART_ENABLE(husart); + 8004a38: 6819 ldr r1, [r3, #0] + 8004a3a: f041 0101 orr.w r1, r1, #1 + 8004a3e: 6019 str r1, [r3, #0] + husart->ErrorCode = HAL_USART_ERROR_NONE; + 8004a40: 65e2 str r2, [r4, #92] ; 0x5c + tickstart = HAL_GetTick(); + 8004a42: f002 fb3d bl 80070c0 + if ((husart->Instance->CR1 & USART_CR1_TE) == USART_CR1_TE) + 8004a46: 6823 ldr r3, [r4, #0] + 8004a48: 681b ldr r3, [r3, #0] + 8004a4a: 071a lsls r2, r3, #28 + tickstart = HAL_GetTick(); + 8004a4c: 4607 mov r7, r0 + if ((husart->Instance->CR1 & USART_CR1_TE) == USART_CR1_TE) + 8004a4e: f100 8085 bmi.w 8004b5c + if ((husart->Instance->CR1 & USART_CR1_RE) == USART_CR1_RE) + 8004a52: 6823 ldr r3, [r4, #0] + 8004a54: 681b ldr r3, [r3, #0] + 8004a56: 075b lsls r3, r3, #29 + 8004a58: d505 bpl.n 8004a66 + while ((__HAL_USART_GET_FLAG(husart, Flag) ? SET : RESET) == Status) + 8004a5a: 6823 ldr r3, [r4, #0] + 8004a5c: 69de ldr r6, [r3, #28] + 8004a5e: f416 0680 ands.w r6, r6, #4194304 ; 0x400000 + 8004a62: f000 808e beq.w 8004b82 + husart->State = HAL_USART_STATE_READY; + 8004a66: 2301 movs r3, #1 + 8004a68: f884 3059 strb.w r3, [r4, #89] ; 0x59 + __HAL_UNLOCK(husart); + 8004a6c: 2300 movs r3, #0 + 8004a6e: f884 3058 strb.w r3, [r4, #88] ; 0x58 + return HAL_OK; + 8004a72: e6f7 b.n 8004864 + pclk = HAL_RCC_GetPCLK1Freq(); + 8004a74: f004 fa74 bl 8008f60 + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(pclk, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004a78: e78c b.n 8004994 + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(HSI_VALUE, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004a7a: b302 cbz r2, 8004abe + 8004a7c: 2a01 cmp r2, #1 + 8004a7e: d020 beq.n 8004ac2 + 8004a80: 2a02 cmp r2, #2 + 8004a82: d020 beq.n 8004ac6 + 8004a84: 2a03 cmp r2, #3 + 8004a86: d020 beq.n 8004aca + 8004a88: 2a04 cmp r2, #4 + 8004a8a: d020 beq.n 8004ace + 8004a8c: 2a05 cmp r2, #5 + 8004a8e: d020 beq.n 8004ad2 + 8004a90: 2a06 cmp r2, #6 + 8004a92: d020 beq.n 8004ad6 + 8004a94: 2a07 cmp r2, #7 + 8004a96: d020 beq.n 8004ada + 8004a98: 2a08 cmp r2, #8 + 8004a9a: d020 beq.n 8004ade + 8004a9c: 2a09 cmp r2, #9 + 8004a9e: d020 beq.n 8004ae2 + 8004aa0: 2a0a cmp r2, #10 + 8004aa2: d020 beq.n 8004ae6 + 8004aa4: 2a0b cmp r2, #11 + 8004aa6: bf14 ite ne + 8004aa8: 2201 movne r2, #1 + 8004aaa: f44f 7280 moveq.w r2, #256 ; 0x100 + 8004aae: 6861 ldr r1, [r4, #4] + 8004ab0: 4b25 ldr r3, [pc, #148] ; (8004b48 ) + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(LSE_VALUE, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004ab2: fbb3 f2f2 udiv r2, r3, r2 + 8004ab6: 084b lsrs r3, r1, #1 + 8004ab8: eb03 0342 add.w r3, r3, r2, lsl #1 + 8004abc: e797 b.n 80049ee + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(HSI_VALUE, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004abe: 2201 movs r2, #1 + 8004ac0: e7f5 b.n 8004aae + 8004ac2: 2202 movs r2, #2 + 8004ac4: e7f3 b.n 8004aae + 8004ac6: 2204 movs r2, #4 + 8004ac8: e7f1 b.n 8004aae + 8004aca: 2206 movs r2, #6 + 8004acc: e7ef b.n 8004aae + 8004ace: 2208 movs r2, #8 + 8004ad0: e7ed b.n 8004aae + 8004ad2: 220a movs r2, #10 + 8004ad4: e7eb b.n 8004aae + 8004ad6: 220c movs r2, #12 + 8004ad8: e7e9 b.n 8004aae + 8004ada: 2210 movs r2, #16 + 8004adc: e7e7 b.n 8004aae + 8004ade: 2220 movs r2, #32 + 8004ae0: e7e5 b.n 8004aae + 8004ae2: 2240 movs r2, #64 ; 0x40 + 8004ae4: e7e3 b.n 8004aae + 8004ae6: 2280 movs r2, #128 ; 0x80 + 8004ae8: e7e1 b.n 8004aae + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(pclk, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004aea: 2201 movs r2, #1 + 8004aec: e779 b.n 80049e2 + 8004aee: 2202 movs r2, #2 + 8004af0: e777 b.n 80049e2 + 8004af2: 2204 movs r2, #4 + 8004af4: e775 b.n 80049e2 + 8004af6: 2206 movs r2, #6 + 8004af8: e773 b.n 80049e2 + 8004afa: 2208 movs r2, #8 + 8004afc: e771 b.n 80049e2 + 8004afe: 220a movs r2, #10 + 8004b00: e76f b.n 80049e2 + 8004b02: 220c movs r2, #12 + 8004b04: e76d b.n 80049e2 + 8004b06: 2210 movs r2, #16 + 8004b08: e76b b.n 80049e2 + 8004b0a: 2220 movs r2, #32 + 8004b0c: e769 b.n 80049e2 + 8004b0e: 2240 movs r2, #64 ; 0x40 + 8004b10: e767 b.n 80049e2 + 8004b12: 2280 movs r2, #128 ; 0x80 + 8004b14: e765 b.n 80049e2 + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(LSE_VALUE, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004b16: 2201 movs r2, #1 + 8004b18: e725 b.n 8004966 + 8004b1a: 2202 movs r2, #2 + 8004b1c: e723 b.n 8004966 + 8004b1e: 2204 movs r2, #4 + 8004b20: e721 b.n 8004966 + 8004b22: 2206 movs r2, #6 + 8004b24: e71f b.n 8004966 + 8004b26: 2208 movs r2, #8 + 8004b28: e71d b.n 8004966 + 8004b2a: 220a movs r2, #10 + 8004b2c: e71b b.n 8004966 + 8004b2e: 220c movs r2, #12 + 8004b30: e719 b.n 8004966 + 8004b32: bf00 nop + 8004b34: cfff69f3 .word 0xcfff69f3 + 8004b38: 40013800 .word 0x40013800 + 8004b3c: 40021000 .word 0x40021000 + 8004b40: 40004400 .word 0x40004400 + 8004b44: 40004800 .word 0x40004800 + 8004b48: 00f42400 .word 0x00f42400 + 8004b4c: 2210 movs r2, #16 + 8004b4e: e70a b.n 8004966 + 8004b50: 2220 movs r2, #32 + 8004b52: e708 b.n 8004966 + 8004b54: 2240 movs r2, #64 ; 0x40 + 8004b56: e706 b.n 8004966 + 8004b58: 2280 movs r2, #128 ; 0x80 + 8004b5a: e704 b.n 8004966 + while ((__HAL_USART_GET_FLAG(husart, Flag) ? SET : RESET) == Status) + 8004b5c: 6823 ldr r3, [r4, #0] + 8004b5e: 69de ldr r6, [r3, #28] + 8004b60: f416 1600 ands.w r6, r6, #2097152 ; 0x200000 + 8004b64: f47f af75 bne.w 8004a52 + if (((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 8004b68: f002 faaa bl 80070c0 + 8004b6c: 1bc0 subs r0, r0, r7 + 8004b6e: f5b0 7f7a cmp.w r0, #1000 ; 0x3e8 + 8004b72: d9f3 bls.n 8004b5c + husart->State = HAL_USART_STATE_READY; + 8004b74: 2301 movs r3, #1 + 8004b76: f884 3059 strb.w r3, [r4, #89] ; 0x59 + __HAL_UNLOCK(husart); + 8004b7a: f884 6058 strb.w r6, [r4, #88] ; 0x58 + return HAL_TIMEOUT; + 8004b7e: 2503 movs r5, #3 + 8004b80: e670 b.n 8004864 + if (((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 8004b82: f002 fa9d bl 80070c0 + 8004b86: 1bc0 subs r0, r0, r7 + 8004b88: f5b0 7f7a cmp.w r0, #1000 ; 0x3e8 + 8004b8c: f67f af65 bls.w 8004a5a + 8004b90: e7f0 b.n 8004b74 + 8004b92: bf00 nop + +08004b94 : + __HAL_RCC_USART1_CONFIG(RCC_USART1CLKSOURCE_SYSCLK); + 8004b94: 4b14 ldr r3, [pc, #80] ; (8004be8 ) + 8004b96: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8004b9a: f022 0203 bic.w r2, r2, #3 + 8004b9e: f042 0201 orr.w r2, r2, #1 +{ + 8004ba2: b513 push {r0, r1, r4, lr} + __HAL_RCC_USART1_CONFIG(RCC_USART1CLKSOURCE_SYSCLK); + 8004ba4: f8c3 2088 str.w r2, [r3, #136] ; 0x88 + __HAL_RCC_USART1_CLK_ENABLE(); + 8004ba8: 6e1a ldr r2, [r3, #96] ; 0x60 + memset(&con, 0, sizeof(con)); + 8004baa: 4c10 ldr r4, [pc, #64] ; (8004bec ) + __HAL_RCC_USART1_CLK_ENABLE(); + 8004bac: f442 4280 orr.w r2, r2, #16384 ; 0x4000 + 8004bb0: 661a str r2, [r3, #96] ; 0x60 + 8004bb2: 6e1b ldr r3, [r3, #96] ; 0x60 + 8004bb4: f403 4380 and.w r3, r3, #16384 ; 0x4000 + 8004bb8: 9301 str r3, [sp, #4] + memset(&con, 0, sizeof(con)); + 8004bba: 2258 movs r2, #88 ; 0x58 + 8004bbc: 2100 movs r1, #0 + 8004bbe: f104 0008 add.w r0, r4, #8 + __HAL_RCC_USART1_CLK_ENABLE(); + 8004bc2: 9b01 ldr r3, [sp, #4] + memset(&con, 0, sizeof(con)); + 8004bc4: f008 fd24 bl 800d610 + con.Init.BaudRate = 115200; + 8004bc8: 4a09 ldr r2, [pc, #36] ; (8004bf0 ) + 8004bca: f44f 33e1 mov.w r3, #115200 ; 0x1c200 + 8004bce: e9c4 2300 strd r2, r3, [r4] + HAL_StatusTypeDef rv = HAL_USART_Init(&con); + 8004bd2: 4620 mov r0, r4 + con.Init.Mode = USART_MODE_TX_RX; + 8004bd4: 230c movs r3, #12 + 8004bd6: 6163 str r3, [r4, #20] + HAL_StatusTypeDef rv = HAL_USART_Init(&con); + 8004bd8: f7ff fe40 bl 800485c + ASSERT(rv == HAL_OK); + 8004bdc: b110 cbz r0, 8004be4 + 8004bde: 4805 ldr r0, [pc, #20] ; (8004bf4 ) + 8004be0: f7fb ff20 bl 8000a24 +} + 8004be4: b002 add sp, #8 + 8004be6: bd10 pop {r4, pc} + 8004be8: 40021000 .word 0x40021000 + 8004bec: 2009e1c0 .word 0x2009e1c0 + 8004bf0: 40013800 .word 0x40013800 + 8004bf4: 0800e354 .word 0x0800e354 + +08004bf8 : + * @param Timeout Timeout duration. + * @retval HAL status + */ +HAL_StatusTypeDef HAL_USART_Transmit(USART_HandleTypeDef *husart, uint8_t *pTxData, uint16_t Size, uint32_t Timeout) +{ + while(Size > 0U) { + 8004bf8: 4b0b ldr r3, [pc, #44] ; (8004c28 ) + 8004bfa: 440a add r2, r1 + 8004bfc: 4291 cmp r1, r2 + 8004bfe: d10b bne.n 8004c18 + MY_UART->TDR = *pTxData; + pTxData++; + Size --; + } + + while(!(MY_UART->ISR & UART_FLAG_TC)) { + 8004c00: 69da ldr r2, [r3, #28] + 8004c02: 0652 lsls r2, r2, #25 + 8004c04: d5fc bpl.n 8004c00 + // wait for final byte to be sent + } + + // Clear Transmission Complete Flag + MY_UART->ICR = USART_CLEAR_TCF; + 8004c06: 2240 movs r2, #64 ; 0x40 + 8004c08: 621a str r2, [r3, #32] + + // Clear overrun flag and discard the received data + MY_UART->ICR = USART_CLEAR_OREF; + 8004c0a: 2208 movs r2, #8 + 8004c0c: 621a str r2, [r3, #32] + MY_UART->RQR = USART_RXDATA_FLUSH_REQUEST; + 8004c0e: 831a strh r2, [r3, #24] + MY_UART->RQR = USART_TXDATA_FLUSH_REQUEST; + 8004c10: 2210 movs r2, #16 + 8004c12: 831a strh r2, [r3, #24] + + return HAL_OK; +} + 8004c14: 2000 movs r0, #0 + 8004c16: 4770 bx lr + while(!(MY_UART->ISR & UART_FLAG_TXE)) { + 8004c18: 69d8 ldr r0, [r3, #28] + 8004c1a: 0600 lsls r0, r0, #24 + 8004c1c: d5fc bpl.n 8004c18 + MY_UART->TDR = *pTxData; + 8004c1e: f811 0b01 ldrb.w r0, [r1], #1 + 8004c22: 8518 strh r0, [r3, #40] ; 0x28 + Size --; + 8004c24: e7ea b.n 8004bfc + 8004c26: bf00 nop + 8004c28: 40013800 .word 0x40013800 + +08004c2c : +{ + 8004c2c: b510 push {r4, lr} + 8004c2e: 4604 mov r4, r0 + rng_delay(); + 8004c30: f7fd fd94 bl 800275c + HAL_USART_Transmit(&con, (uint8_t *)msg, strlen(msg), HAL_MAX_DELAY); + 8004c34: 4620 mov r0, r4 + 8004c36: f008 fd16 bl 800d666 + 8004c3a: 4621 mov r1, r4 + 8004c3c: b282 uxth r2, r0 + 8004c3e: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 8004c42: 4803 ldr r0, [pc, #12] ; (8004c50 ) + 8004c44: f7ff ffd8 bl 8004bf8 +} + 8004c48: e8bd 4010 ldmia.w sp!, {r4, lr} + rng_delay(); + 8004c4c: f7fd bd86 b.w 800275c + 8004c50: 2009e1c0 .word 0x2009e1c0 + +08004c54 : +{ + 8004c54: b513 push {r0, r1, r4, lr} + 8004c56: 4604 mov r4, r0 + uint8_t cb = c; + 8004c58: f88d 0007 strb.w r0, [sp, #7] + rng_delay(); + 8004c5c: f7fd fd7e bl 800275c + if(cb != '\n') { + 8004c60: f89d 3007 ldrb.w r3, [sp, #7] + HAL_USART_Transmit(&con, (uint8_t *)CRLF, 2, HAL_MAX_DELAY); + 8004c64: 4808 ldr r0, [pc, #32] ; (8004c88 ) + if(cb != '\n') { + 8004c66: 2b0a cmp r3, #10 + HAL_USART_Transmit(&con, (uint8_t *)CRLF, 2, HAL_MAX_DELAY); + 8004c68: bf08 it eq + 8004c6a: 4908 ldreq r1, [pc, #32] ; (8004c8c ) + HAL_USART_Transmit(&con, &cb, 1, HAL_MAX_DELAY); + 8004c6c: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 8004c70: bf1a itte ne + 8004c72: 2201 movne r2, #1 + 8004c74: f10d 0107 addne.w r1, sp, #7 + HAL_USART_Transmit(&con, (uint8_t *)CRLF, 2, HAL_MAX_DELAY); + 8004c78: 2202 moveq r2, #2 + 8004c7a: f7ff ffbd bl 8004bf8 + rng_delay(); + 8004c7e: f7fd fd6d bl 800275c +} + 8004c82: 4620 mov r0, r4 + 8004c84: b002 add sp, #8 + 8004c86: bd10 pop {r4, pc} + 8004c88: 2009e1c0 .word 0x2009e1c0 + 8004c8c: 0800e6bf .word 0x0800e6bf + +08004c90 : +{ + 8004c90: b538 push {r3, r4, r5, lr} + putchar(hexmap[(b>>4) & 0xf]); + 8004c92: 4d06 ldr r5, [pc, #24] ; (8004cac ) + 8004c94: 0903 lsrs r3, r0, #4 +{ + 8004c96: 4604 mov r4, r0 + putchar(hexmap[(b>>0) & 0xf]); + 8004c98: f004 040f and.w r4, r4, #15 + putchar(hexmap[(b>>4) & 0xf]); + 8004c9c: 5ce8 ldrb r0, [r5, r3] + 8004c9e: f7ff ffd9 bl 8004c54 + putchar(hexmap[(b>>0) & 0xf]); + 8004ca2: 5d28 ldrb r0, [r5, r4] +} + 8004ca4: e8bd 4038 ldmia.w sp!, {r3, r4, r5, lr} + putchar(hexmap[(b>>0) & 0xf]); + 8004ca8: f7ff bfd4 b.w 8004c54 + 8004cac: 0800e6c2 .word 0x0800e6c2 + +08004cb0 : +{ + 8004cb0: b538 push {r3, r4, r5, lr} + putchar(hexmap[(w>>12) & 0xf]); + 8004cb2: 4d0b ldr r5, [pc, #44] ; (8004ce0 ) + 8004cb4: 0b03 lsrs r3, r0, #12 +{ + 8004cb6: 4604 mov r4, r0 + putchar(hexmap[(w>>12) & 0xf]); + 8004cb8: 5ce8 ldrb r0, [r5, r3] + 8004cba: f7ff ffcb bl 8004c54 + putchar(hexmap[(w>>8) & 0xf]); + 8004cbe: f3c4 2303 ubfx r3, r4, #8, #4 + 8004cc2: 5ce8 ldrb r0, [r5, r3] + 8004cc4: f7ff ffc6 bl 8004c54 + putchar(hexmap[(w>>4) & 0xf]); + 8004cc8: f3c4 1303 ubfx r3, r4, #4, #4 + putchar(hexmap[(w>>0) & 0xf]); + 8004ccc: f004 040f and.w r4, r4, #15 + putchar(hexmap[(w>>4) & 0xf]); + 8004cd0: 5ce8 ldrb r0, [r5, r3] + 8004cd2: f7ff ffbf bl 8004c54 + putchar(hexmap[(w>>0) & 0xf]); + 8004cd6: 5d28 ldrb r0, [r5, r4] +} + 8004cd8: e8bd 4038 ldmia.w sp!, {r3, r4, r5, lr} + putchar(hexmap[(w>>0) & 0xf]); + 8004cdc: f7ff bfba b.w 8004c54 + 8004ce0: 0800e6c2 .word 0x0800e6c2 + +08004ce4 : +{ + 8004ce4: b510 push {r4, lr} + 8004ce6: 4604 mov r4, r0 + puthex4(w >> 16); + 8004ce8: 0c00 lsrs r0, r0, #16 + 8004cea: f7ff ffe1 bl 8004cb0 + puthex4(w & 0xffff); + 8004cee: b2a0 uxth r0, r4 +} + 8004cf0: e8bd 4010 ldmia.w sp!, {r4, lr} + puthex4(w & 0xffff); + 8004cf4: f7ff bfdc b.w 8004cb0 + +08004cf8 : +{ + 8004cf8: b5f8 push {r3, r4, r5, r6, r7, lr} + 8004cfa: 4605 mov r5, r0 + 8004cfc: 2604 movs r6, #4 + for(int m=1000; m; m /= 10) { + 8004cfe: f44f 747a mov.w r4, #1000 ; 0x3e8 + char n = '0' + ((w / m) % 10); + 8004d02: 270a movs r7, #10 + if(w >= m) { + 8004d04: 42a5 cmp r5, r4 + 8004d06: db09 blt.n 8004d1c + char n = '0' + ((w / m) % 10); + 8004d08: fb95 f3f4 sdiv r3, r5, r4 + 8004d0c: fb93 f0f7 sdiv r0, r3, r7 + 8004d10: fb07 3310 mls r3, r7, r0, r3 + 8004d14: 3330 adds r3, #48 ; 0x30 + putchar(n); + 8004d16: b2d8 uxtb r0, r3 + 8004d18: f7ff ff9c bl 8004c54 + for(int m=1000; m; m /= 10) { + 8004d1c: fb94 f4f7 sdiv r4, r4, r7 + 8004d20: 3e01 subs r6, #1 + 8004d22: d1ef bne.n 8004d04 +} + 8004d24: bdf8 pop {r3, r4, r5, r6, r7, pc} + +08004d26 : +{ + 8004d26: b570 push {r4, r5, r6, lr} + 8004d28: 4606 mov r6, r0 + 8004d2a: 460d mov r5, r1 + for(int i=0; i +} + 8004d32: e8bd 4070 ldmia.w sp!, {r4, r5, r6, lr} + putchar('\n'); + 8004d36: 200a movs r0, #10 + 8004d38: f7ff bf8c b.w 8004c54 + puthex2(data[i]); + 8004d3c: 5d30 ldrb r0, [r6, r4] + 8004d3e: f7ff ffa7 bl 8004c90 + for(int i=0; i + ... + +08004d48 : +{ + 8004d48: b513 push {r0, r1, r4, lr} + 8004d4a: 9001 str r0, [sp, #4] + int ln = strlen(msg); + 8004d4c: f008 fc8b bl 800d666 + 8004d50: 4604 mov r4, r0 + rng_delay(); + 8004d52: f7fd fd03 bl 800275c + if(ln) HAL_USART_Transmit(&con, (uint8_t *)msg, ln, HAL_MAX_DELAY); + 8004d56: 9901 ldr r1, [sp, #4] + 8004d58: b12c cbz r4, 8004d66 + 8004d5a: 4809 ldr r0, [pc, #36] ; (8004d80 ) + 8004d5c: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 8004d60: b2a2 uxth r2, r4 + 8004d62: f7ff ff49 bl 8004bf8 + HAL_USART_Transmit(&con, (uint8_t *)CRLF, 2, HAL_MAX_DELAY); + 8004d66: 4907 ldr r1, [pc, #28] ; (8004d84 ) + 8004d68: 4805 ldr r0, [pc, #20] ; (8004d80 ) + 8004d6a: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 8004d6e: 2202 movs r2, #2 + 8004d70: f7ff ff42 bl 8004bf8 + rng_delay(); + 8004d74: f7fd fcf2 bl 800275c +} + 8004d78: 2001 movs r0, #1 + 8004d7a: b002 add sp, #8 + 8004d7c: bd10 pop {r4, pc} + 8004d7e: bf00 nop + 8004d80: 2009e1c0 .word 0x2009e1c0 + 8004d84: 0800e6bf .word 0x0800e6bf + +08004d88 : + +// psram_send_byte() +// + void +psram_send_byte(OSPI_HandleTypeDef *qh, uint8_t cmd_byte, bool is_quad) +{ + 8004d88: b570 push {r4, r5, r6, lr} + 8004d8a: b094 sub sp, #80 ; 0x50 + 8004d8c: 4604 mov r4, r0 + 8004d8e: 460e mov r6, r1 + 8004d90: 4615 mov r5, r2 + // Send single-byte commands to the PSRAM chip. Quad mode or normal SPI. + + OSPI_RegularCmdTypeDef cmd = { + 8004d92: 2100 movs r1, #0 + 8004d94: 2250 movs r2, #80 ; 0x50 + 8004d96: 4668 mov r0, sp + 8004d98: f008 fc3a bl 800d610 + .OperationType = HAL_OSPI_OPTYPE_COMMON_CFG, + .Instruction = cmd_byte, // Exit Quad Mode + .InstructionMode = is_quad ? HAL_OSPI_INSTRUCTION_4_LINES : HAL_OSPI_INSTRUCTION_1_LINE, + 8004d9c: 2d00 cmp r5, #0 + 8004d9e: bf14 ite ne + 8004da0: 2303 movne r3, #3 + 8004da2: 2301 moveq r3, #1 + .DataMode = HAL_OSPI_DATA_NONE, + .NbData = 0, // how much to read in bytes + }; + + // Start and finish a "Indirection functional mode" request + HAL_OSPI_Command(qh, &cmd, HAL_MAX_DELAY); + 8004da4: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 8004da8: 4669 mov r1, sp + 8004daa: 4620 mov r0, r4 + OSPI_RegularCmdTypeDef cmd = { + 8004dac: 9602 str r6, [sp, #8] + 8004dae: 9303 str r3, [sp, #12] + HAL_OSPI_Command(qh, &cmd, HAL_MAX_DELAY); + 8004db0: f006 f884 bl 800aebc +} + 8004db4: b014 add sp, #80 ; 0x50 + 8004db6: bd70 pop {r4, r5, r6, pc} + +08004db8 : + +// psram_setup() +// + void +psram_setup(void) +{ + 8004db8: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 8004dbc: b0c6 sub sp, #280 ; 0x118 + // Using OSPI1 block + OSPI_HandleTypeDef qh = { 0 }; + 8004dbe: 2250 movs r2, #80 ; 0x50 + 8004dc0: 2100 movs r1, #0 + 8004dc2: a80a add r0, sp, #40 ; 0x28 + 8004dc4: f008 fc24 bl 800d610 + + // enable clocks + __HAL_RCC_OSPI1_CLK_ENABLE(); + 8004dc8: 4b6a ldr r3, [pc, #424] ; (8004f74 ) + // reset module + __HAL_RCC_OSPI1_FORCE_RESET(); + __HAL_RCC_OSPI1_RELEASE_RESET(); + + // configure pins: Port E PE10-PE15 + GPIO_InitTypeDef setup = { + 8004dca: 4c6b ldr r4, [pc, #428] ; (8004f78 ) + __HAL_RCC_OSPI1_CLK_ENABLE(); + 8004dcc: 6d1a ldr r2, [r3, #80] ; 0x50 + 8004dce: f442 7280 orr.w r2, r2, #256 ; 0x100 + 8004dd2: 651a str r2, [r3, #80] ; 0x50 + 8004dd4: 6d1a ldr r2, [r3, #80] ; 0x50 + 8004dd6: f402 7280 and.w r2, r2, #256 ; 0x100 + 8004dda: 9201 str r2, [sp, #4] + 8004ddc: 9a01 ldr r2, [sp, #4] + __HAL_RCC_GPIOE_CLK_ENABLE(); + 8004dde: 6cda ldr r2, [r3, #76] ; 0x4c + 8004de0: f042 0210 orr.w r2, r2, #16 + 8004de4: 64da str r2, [r3, #76] ; 0x4c + 8004de6: 6cda ldr r2, [r3, #76] ; 0x4c + 8004de8: f002 0210 and.w r2, r2, #16 + 8004dec: 9202 str r2, [sp, #8] + 8004dee: 9a02 ldr r2, [sp, #8] + __HAL_RCC_OSPI1_FORCE_RESET(); + 8004df0: 6b1a ldr r2, [r3, #48] ; 0x30 + 8004df2: f442 7280 orr.w r2, r2, #256 ; 0x100 + 8004df6: 631a str r2, [r3, #48] ; 0x30 + __HAL_RCC_OSPI1_RELEASE_RESET(); + 8004df8: 6b1a ldr r2, [r3, #48] ; 0x30 + 8004dfa: f422 7280 bic.w r2, r2, #256 ; 0x100 + 8004dfe: 631a str r2, [r3, #48] ; 0x30 + GPIO_InitTypeDef setup = { + 8004e00: cc0f ldmia r4!, {r0, r1, r2, r3} + 8004e02: ad05 add r5, sp, #20 + 8004e04: c50f stmia r5!, {r0, r1, r2, r3} + 8004e06: 6823 ldr r3, [r4, #0] + .Mode = GPIO_MODE_AF_PP, // not sure + .Pull = GPIO_NOPULL, // not sure + .Speed = GPIO_SPEED_FREQ_VERY_HIGH, + .Alternate = GPIO_AF10_OCTOSPIM_P1, + }; + HAL_GPIO_Init(GPIOE, &setup); + 8004e08: 485c ldr r0, [pc, #368] ; (8004f7c ) + GPIO_InitTypeDef setup = { + 8004e0a: 602b str r3, [r5, #0] + HAL_GPIO_Init(GPIOE, &setup); + 8004e0c: a905 add r1, sp, #20 + 8004e0e: f7fc f8ef bl 8000ff0 + + + // Config operational values + qh.Instance = OCTOSPI1; + qh.Init.FifoThreshold = 1; // ?? unused + 8004e12: 4b5b ldr r3, [pc, #364] ; (8004f80 ) + 8004e14: 2701 movs r7, #1 + qh.Init.DualQuad = HAL_OSPI_DUALQUAD_DISABLE; + qh.Init.MemoryType = HAL_OSPI_MEMTYPE_MICRON; // want standard mode (but octo only?) + qh.Init.DeviceSize = 24; // assume max size, actual is 8Mbyte + 8004e16: 2218 movs r2, #24 + qh.Init.FifoThreshold = 1; // ?? unused + 8004e18: e9cd 370a strd r3, r7, [sp, #40] ; 0x28 + qh.Init.ChipSelectHighTime = 1; // 1, maxed out, seems to work + 8004e1c: e9cd 270e strd r2, r7, [sp, #56] ; 0x38 + qh.Init.DualQuad = HAL_OSPI_DUALQUAD_DISABLE; + 8004e20: 2300 movs r3, #0 + qh.Init.DelayHoldQuarterCycle = HAL_OSPI_DHQC_ENABLE; // maybe? + 8004e22: f04f 5280 mov.w r2, #268435456 ; 0x10000000 + qh.Init.FreeRunningClock = HAL_OSPI_FREERUNCLK_DISABLE; // required! + qh.Init.ClockMode = HAL_OSPI_CLOCK_MODE_0; // low clock between ops (required, see errata) +#if HCLK_FREQUENCY == 80000000 + qh.Init.ClockPrescaler = 1; // prescaler (1=>80Mhz, 2=>40Mhz, etc) +#elif HCLK_FREQUENCY == 120000000 + qh.Init.ClockPrescaler = 2; // prescaler (1=>120Mhz, 2=>60Mhz, etc) + 8004e26: f04f 0802 mov.w r8, #2 +#else +# error "testing needed" +#endif + qh.Init.DelayBlockBypass = HAL_OSPI_DELAY_BLOCK_BYPASSED; // dont need it? + 8004e2a: f04f 0908 mov.w r9, #8 + // - (during reads) 3 => 400ns 4 => 660ns 5+ => 1us + // - LATER: Errata 2.8.1 => says shall not use + qh.Init.ChipSelectBoundary = 0; + + // module init + HAL_StatusTypeDef rv = HAL_OSPI_Init(&qh); + 8004e2e: a80a add r0, sp, #40 ; 0x28 + qh.Init.MemoryType = HAL_OSPI_MEMTYPE_MICRON; // want standard mode (but octo only?) + 8004e30: e9cd 330c strd r3, r3, [sp, #48] ; 0x30 + qh.Init.ClockMode = HAL_OSPI_CLOCK_MODE_0; // low clock between ops (required, see errata) + 8004e34: e9cd 3310 strd r3, r3, [sp, #64] ; 0x40 + qh.Init.ChipSelectBoundary = 0; + 8004e38: e9cd 3915 strd r3, r9, [sp, #84] ; 0x54 + qh.Init.DelayHoldQuarterCycle = HAL_OSPI_DHQC_ENABLE; // maybe? + 8004e3c: 9214 str r2, [sp, #80] ; 0x50 + qh.Init.ClockPrescaler = 2; // prescaler (1=>120Mhz, 2=>60Mhz, etc) + 8004e3e: f8cd 8048 str.w r8, [sp, #72] ; 0x48 + HAL_StatusTypeDef rv = HAL_OSPI_Init(&qh); + 8004e42: f005 ffd1 bl 800ade8 + ASSERT(rv == HAL_OK); + 8004e46: 4606 mov r6, r0 + 8004e48: b110 cbz r0, 8004e50 + 8004e4a: 484e ldr r0, [pc, #312] ; (8004f84 ) + 8004e4c: f7fb fdea bl 8000a24 + + // do some SPI commands first + + // Exit Quad mode, to get to a known state, after first power-up + psram_send_byte(&qh, 0xf5, true); + 8004e50: 463a mov r2, r7 + 8004e52: 21f5 movs r1, #245 ; 0xf5 + 8004e54: a80a add r0, sp, #40 ; 0x28 + 8004e56: f7ff ff97 bl 8004d88 + + // Chip Reset sequence + psram_send_byte(&qh, 0x66, false); // reset enable + 8004e5a: 4632 mov r2, r6 + 8004e5c: 2166 movs r1, #102 ; 0x66 + 8004e5e: a80a add r0, sp, #40 ; 0x28 + 8004e60: f7ff ff92 bl 8004d88 + + // Read Electronic ID + // - length not clear from datasheet, but repeats after 8 bytes + uint8_t psram_chip_eid[8]; + + { OSPI_RegularCmdTypeDef cmd = { + 8004e64: ad32 add r5, sp, #200 ; 0xc8 + psram_send_byte(&qh, 0x99, false); // reset + 8004e66: 4632 mov r2, r6 + 8004e68: 2199 movs r1, #153 ; 0x99 + 8004e6a: a80a add r0, sp, #40 ; 0x28 + 8004e6c: f7ff ff8c bl 8004d88 + { OSPI_RegularCmdTypeDef cmd = { + 8004e70: 2250 movs r2, #80 ; 0x50 + 8004e72: 4631 mov r1, r6 + 8004e74: 4628 mov r0, r5 + 8004e76: f008 fbcb bl 800d610 + 8004e7a: 239f movs r3, #159 ; 0x9f + 8004e7c: e9cd 3734 strd r3, r7, [sp, #208] ; 0xd0 + 8004e80: f44f 5a00 mov.w sl, #8192 ; 0x2000 + 8004e84: f44f 7380 mov.w r3, #256 ; 0x100 + 8004e88: e9cd 3a39 strd r3, sl, [sp, #228] ; 0xe4 + .DataMode = HAL_OSPI_DATA_1_LINE, + .NbData = sizeof(psram_chip_eid), // how much to read in bytes + }; + + // Start a "Indirection functional mode" request + rv = HAL_OSPI_Command(&qh, &cmd, HAL_MAX_DELAY); + 8004e8c: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + { OSPI_RegularCmdTypeDef cmd = { + 8004e90: f04f 7380 mov.w r3, #16777216 ; 0x1000000 + rv = HAL_OSPI_Command(&qh, &cmd, HAL_MAX_DELAY); + 8004e94: 4629 mov r1, r5 + 8004e96: a80a add r0, sp, #40 ; 0x28 + { OSPI_RegularCmdTypeDef cmd = { + 8004e98: e9cd 3940 strd r3, r9, [sp, #256] ; 0x100 + rv = HAL_OSPI_Command(&qh, &cmd, HAL_MAX_DELAY); + 8004e9c: f006 f80e bl 800aebc + if(rv != HAL_OK) goto fail; + 8004ea0: 2800 cmp r0, #0 + 8004ea2: d15d bne.n 8004f60 + + rv = HAL_OSPI_Receive(&qh, psram_chip_eid, HAL_MAX_DELAY); + 8004ea4: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 8004ea8: a903 add r1, sp, #12 + 8004eaa: a80a add r0, sp, #40 ; 0x28 + 8004eac: f006 f938 bl 800b120 + if(rv != HAL_OK) goto fail; + 8004eb0: 4606 mov r6, r0 + 8004eb2: 2800 cmp r0, #0 + 8004eb4: d154 bne.n 8004f60 + } + + //puts2("PSRAM EID: "); + //hex_dump(psram_chip_eid, sizeof(psram_chip_eid)); + ASSERT(psram_chip_eid[0] == 0x0d); + 8004eb6: f89d 300c ldrb.w r3, [sp, #12] + 8004eba: 2b0d cmp r3, #13 + 8004ebc: d1c5 bne.n 8004e4a + ASSERT(psram_chip_eid[1] == 0x5d); + 8004ebe: f89d 300d ldrb.w r3, [sp, #13] + 8004ec2: 2b5d cmp r3, #93 ; 0x5d + 8004ec4: d1c1 bne.n 8004e4a + // .. other bits seem pretty similar between devices, they don't claim they are UUID + + // Put into Quad mode + psram_send_byte(&qh, 0x35, false); // 0x35 = Enter Quad Mode + 8004ec6: 4602 mov r2, r0 + 8004ec8: 2135 movs r1, #53 ; 0x35 + 8004eca: a80a add r0, sp, #40 ; 0x28 + 8004ecc: f7ff ff5c bl 8004d88 + + // Configure read/write cycles for mem-mapped mode + { OSPI_RegularCmdTypeDef cmd = { + 8004ed0: 4631 mov r1, r6 + 8004ed2: 224c movs r2, #76 ; 0x4c + 8004ed4: a81f add r0, sp, #124 ; 0x7c + 8004ed6: f008 fb9b bl 800d610 + 8004eda: f04f 0903 mov.w r9, #3 + 8004ede: f8cd 8078 str.w r8, [sp, #120] ; 0x78 + 8004ee2: f8cd 8080 str.w r8, [sp, #128] ; 0x80 + .DataMode = HAL_OSPI_DATA_4_LINES, + .NbData = 0, // don't care / TBD? + }; + + // Config for write + rv = HAL_OSPI_Command(&qh, &cmd, HAL_MAX_DELAY); + 8004ee6: a91e add r1, sp, #120 ; 0x78 + { OSPI_RegularCmdTypeDef cmd = { + 8004ee8: f44f 7840 mov.w r8, #768 ; 0x300 + 8004eec: f04f 7640 mov.w r6, #50331648 ; 0x3000000 + rv = HAL_OSPI_Command(&qh, &cmd, HAL_MAX_DELAY); + 8004ef0: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 8004ef4: a80a add r0, sp, #40 ; 0x28 + { OSPI_RegularCmdTypeDef cmd = { + 8004ef6: e9cd 8a25 strd r8, sl, [sp, #148] ; 0x94 + 8004efa: f8cd 9084 str.w r9, [sp, #132] ; 0x84 + 8004efe: 962c str r6, [sp, #176] ; 0xb0 + rv = HAL_OSPI_Command(&qh, &cmd, HAL_MAX_DELAY); + 8004f00: f005 ffdc bl 800aebc + if(rv != HAL_OK) goto fail; + 8004f04: 4601 mov r1, r0 + 8004f06: bb58 cbnz r0, 8004f60 + + // .. for read + OSPI_RegularCmdTypeDef cmd2 = { + 8004f08: 224c movs r2, #76 ; 0x4c + 8004f0a: a833 add r0, sp, #204 ; 0xcc + 8004f0c: f008 fb80 bl 800d610 + 8004f10: 23eb movs r3, #235 ; 0xeb + 8004f12: e9cd 3934 strd r3, r9, [sp, #208] ; 0xd0 + .DataMode = HAL_OSPI_DATA_4_LINES, + .NbData = 0, // don't care / TBD? + }; + + // Config for read + rv = HAL_OSPI_Command(&qh, &cmd2, HAL_MAX_DELAY); + 8004f16: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + OSPI_RegularCmdTypeDef cmd2 = { + 8004f1a: 2306 movs r3, #6 + rv = HAL_OSPI_Command(&qh, &cmd2, HAL_MAX_DELAY); + 8004f1c: 4629 mov r1, r5 + 8004f1e: a80a add r0, sp, #40 ; 0x28 + OSPI_RegularCmdTypeDef cmd2 = { + 8004f20: e9cd 8a39 strd r8, sl, [sp, #228] ; 0xe4 + 8004f24: 9732 str r7, [sp, #200] ; 0xc8 + 8004f26: 9640 str r6, [sp, #256] ; 0x100 + 8004f28: 9343 str r3, [sp, #268] ; 0x10c + rv = HAL_OSPI_Command(&qh, &cmd2, HAL_MAX_DELAY); + 8004f2a: f005 ffc7 bl 800aebc + if(rv != HAL_OK) goto fail; + 8004f2e: b9b8 cbnz r0, 8004f60 + } + + // config for memmap + { OSPI_MemoryMappedTypeDef mmap = { + 8004f30: e9d4 0101 ldrd r0, r1, [r4, #4] + 8004f34: e885 0003 stmia.w r5, {r0, r1} + // Need this so that CS lines returns to inactive sometimes. + .TimeOutActivation = HAL_OSPI_TIMEOUT_COUNTER_ENABLE, + .TimeOutPeriod = 16, // no idea, max value 0xffff + }; + + rv = HAL_OSPI_MemoryMapped(&qh, &mmap); + 8004f38: 4629 mov r1, r5 + 8004f3a: a80a add r0, sp, #40 ; 0x28 + 8004f3c: f006 f9d6 bl 800b2ec + if(rv != HAL_OK) goto fail; + 8004f40: b970 cbnz r0, 8004f60 +#else + // Only a quick operational check only here. Non-destructive. + { __IO uint32_t *ptr = (uint32_t *)(PSRAM_BASE+PSRAM_SIZE-4); + uint32_t tmp; + + tmp = *ptr; + 8004f42: 4b11 ldr r3, [pc, #68] ; (8004f88 ) + *ptr = 0x55aa1234; + 8004f44: 4a11 ldr r2, [pc, #68] ; (8004f8c ) + tmp = *ptr; + 8004f46: f8d3 1ffc ldr.w r1, [r3, #4092] ; 0xffc + *ptr = 0x55aa1234; + 8004f4a: f8c3 2ffc str.w r2, [r3, #4092] ; 0xffc + if(*ptr != 0x55aa1234) goto fail; + 8004f4e: f8d3 0ffc ldr.w r0, [r3, #4092] ; 0xffc + 8004f52: 4290 cmp r0, r2 + 8004f54: d104 bne.n 8004f60 + *ptr = tmp; + 8004f56: f8c3 1ffc str.w r1, [r3, #4092] ; 0xffc + + oled_setup(); + oled_show(screen_fatal); + + LOCKUP_FOREVER(); +} + 8004f5a: b046 add sp, #280 ; 0x118 + 8004f5c: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + puts("PSRAM fail"); + 8004f60: 480b ldr r0, [pc, #44] ; (8004f90 ) + 8004f62: f7ff fef1 bl 8004d48 + oled_setup(); + 8004f66: f7fb fecd bl 8000d04 + oled_show(screen_fatal); + 8004f6a: 480a ldr r0, [pc, #40] ; (8004f94 ) + 8004f6c: f7fb ff5a bl 8000e24 + LOCKUP_FOREVER(); + 8004f70: bf30 wfi + 8004f72: e7fd b.n 8004f70 + 8004f74: 40021000 .word 0x40021000 + 8004f78: 0800e71c .word 0x0800e71c + 8004f7c: 48001000 .word 0x48001000 + 8004f80: a0001000 .word 0xa0001000 + 8004f84: 0800e354 .word 0x0800e354 + 8004f88: 907ff000 .word 0x907ff000 + 8004f8c: 55aa1234 .word 0x55aa1234 + 8004f90: 0800e6d2 .word 0x0800e6d2 + 8004f94: 0800dac6 .word 0x0800dac6 + +08004f98 : + +// psram_wipe() +// + void +psram_wipe(void) +{ + 8004f98: b508 push {r3, lr} + if(OCTOSPI1->CR == 0) return; // PSRAM not enabled (yet?) + 8004f9a: 4b06 ldr r3, [pc, #24] ; (8004fb4 ) + 8004f9c: 681b ldr r3, [r3, #0] + 8004f9e: b143 cbz r3, 8004fb2 + + // Fast! But real; maybe 150ms + //puts2("PSRAM Wipe: "); + memset4((uint32_t *)PSRAM_BASE, rng_sample(), PSRAM_SIZE); + 8004fa0: f7fd fb88 bl 80026b4 + 8004fa4: f04f 4310 mov.w r3, #2415919104 ; 0x90000000 + *dest = value; + 8004fa8: f843 0b04 str.w r0, [r3], #4 + for(; byte_len; byte_len-=4, dest++) { + 8004fac: f113 4fdf cmn.w r3, #1870659584 ; 0x6f800000 + 8004fb0: d1fa bne.n 8004fa8 + //puts("done"); +} + 8004fb2: bd08 pop {r3, pc} + 8004fb4: a0001000 .word 0xa0001000 + +08004fb8 : +// NOTE: Incoming start address is typically not aligned. +// + void +psram_do_upgrade(const uint8_t *start, uint32_t size) +{ + ASSERT(size >= FW_MIN_LENGTH); + 8004fb8: f5b1 2f80 cmp.w r1, #262144 ; 0x40000 +{ + 8004fbc: e92d 47f3 stmdb sp!, {r0, r1, r4, r5, r6, r7, r8, r9, sl, lr} + 8004fc0: 4607 mov r7, r0 + 8004fc2: 460d mov r5, r1 + ASSERT(size >= FW_MIN_LENGTH); + 8004fc4: d202 bcs.n 8004fcc + puts2("erase rv="); + puthex2(rv); + putchar('\n'); + } +#endif + ASSERT(rv == 0); + 8004fc6: 482b ldr r0, [pc, #172] ; (8005074 ) + 8004fc8: f7fb fd2c bl 8000a24 + h->start = start; + 8004fcc: 4b2a ldr r3, [pc, #168] ; (8005078 ) + h->magic1 = RECHDR_MAGIC1; + 8004fce: 4a2b ldr r2, [pc, #172] ; (800507c ) + h->start = start; + 8004fd0: 6058 str r0, [r3, #4] + h->size = size; + 8004fd2: 6099 str r1, [r3, #8] + h->magic1 = RECHDR_MAGIC1; + 8004fd4: 601a str r2, [r3, #0] + h->magic2 = RECHDR_MAGIC2; + 8004fd6: 4a2a ldr r2, [pc, #168] ; (8005080 ) + 8004fd8: 60da str r2, [r3, #12] + flash_setup0(); + 8004fda: f7fc ffe5 bl 8001fa8 + flash_unlock(); + 8004fde: f7fd f807 bl 8001ff0 + oled_show_progress(screen_upgrading, pos*100/size); + 8004fe2: f8df a0ac ldr.w sl, [pc, #172] ; 8005090 + for(uint32_t pos=0; pos < size; pos += 8) { + 8004fe6: 2400 movs r4, #0 + oled_show_progress(screen_upgrading, pos*100/size); + 8004fe8: f04f 0964 mov.w r9, #100 ; 0x64 + uint32_t dest = FIRMWARE_START+pos; + 8004fec: f104 6600 add.w r6, r4, #134217728 ; 0x8000000 + if(dest % (4*FLASH_ERASE_SIZE) == 0) { + 8004ff0: f3c4 030d ubfx r3, r4, #0, #14 + 8004ff4: f506 3600 add.w r6, r6, #131072 ; 0x20000 + 8004ff8: b933 cbnz r3, 8005008 + oled_show_progress(screen_upgrading, pos*100/size); + 8004ffa: fb09 f104 mul.w r1, r9, r4 + 8004ffe: 4650 mov r0, sl + 8005000: fbb1 f1f5 udiv r1, r1, r5 + 8005004: f7fb ff50 bl 8000ea8 + if(dest % FLASH_ERASE_SIZE == 0) { + 8005008: f3c6 030b ubfx r3, r6, #0, #12 + 800500c: b97b cbnz r3, 800502e + rv = flash_page_erase(dest); + 800500e: 4630 mov r0, r6 + 8005010: f008 fb36 bl 800d680 <__flash_page_erase_veneer> + if(rv) { + 8005014: 4680 mov r8, r0 + 8005016: b150 cbz r0, 800502e + puts2("erase rv="); + 8005018: 481a ldr r0, [pc, #104] ; (8005084 ) + 800501a: f7ff fe07 bl 8004c2c + puthex2(rv); + 800501e: fa5f f088 uxtb.w r0, r8 + 8005022: f7ff fe35 bl 8004c90 + putchar('\n'); + 8005026: 200a movs r0, #10 + 8005028: f7ff fe14 bl 8004c54 + 800502c: e7cb b.n 8004fc6 + } + + memcpy(&tmp, start+pos, 8); + 800502e: 193a adds r2, r7, r4 + 8005030: 5938 ldr r0, [r7, r4] + 8005032: 6851 ldr r1, [r2, #4] + 8005034: 466b mov r3, sp + 8005036: c303 stmia r3!, {r0, r1} + rv = flash_burn(dest, tmp); + 8005038: 4630 mov r0, r6 + 800503a: e9dd 2300 ldrd r2, r3, [sp] + 800503e: f008 fb1b bl 800d678 <__flash_burn_veneer> +#if 1 + if(rv) { + 8005042: 4680 mov r8, r0 + 8005044: b168 cbz r0, 8005062 + puts2("burn rv="); + 8005046: 4810 ldr r0, [pc, #64] ; (8005088 ) + 8005048: f7ff fdf0 bl 8004c2c + puthex2(rv); + 800504c: fa5f f088 uxtb.w r0, r8 + 8005050: f7ff fe1e bl 8004c90 + puts2(" addr="); + 8005054: 480d ldr r0, [pc, #52] ; (800508c ) + 8005056: f7ff fde9 bl 8004c2c + puthex8(dest); + 800505a: 4630 mov r0, r6 + 800505c: f7ff fe42 bl 8004ce4 + putchar('\n'); + 8005060: e7e1 b.n 8005026 + for(uint32_t pos=0; pos < size; pos += 8) { + 8005062: 3408 adds r4, #8 + 8005064: 42a5 cmp r5, r4 + 8005066: d8c1 bhi.n 8004fec +#endif + ASSERT(rv == 0); + } + + flash_lock(); +} + 8005068: b002 add sp, #8 + 800506a: e8bd 47f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + flash_lock(); + 800506e: f7fc bfb7 b.w 8001fe0 + 8005072: bf00 nop + 8005074: 0800e354 .word 0x0800e354 + 8005078: 907ff800 .word 0x907ff800 + 800507c: dbcc8350 .word 0xdbcc8350 + 8005080: bafcfba3 .word 0xbafcfba3 + 8005084: 0800e6dd .word 0x0800e6dd + 8005088: 0800e6e7 .word 0x0800e6e7 + 800508c: 0800e6f0 .word 0x0800e6f0 + 8005090: 0800e0ff .word 0x0800e0ff + +08005094 : +{ + 8005094: b510 push {r4, lr} + if( (h->magic1 != RECHDR_MAGIC1) + 8005096: 4c1f ldr r4, [pc, #124] ; (8005114 ) + 8005098: 4b1f ldr r3, [pc, #124] ; (8005118 ) + 800509a: 6822 ldr r2, [r4, #0] + 800509c: 429a cmp r2, r3 +{ + 800509e: b088 sub sp, #32 + if( (h->magic1 != RECHDR_MAGIC1) + 80050a0: d113 bne.n 80050ca + || (h->magic2 != RECHDR_MAGIC2) + 80050a2: 68e2 ldr r2, [r4, #12] + 80050a4: 4b1d ldr r3, [pc, #116] ; (800511c ) + 80050a6: 429a cmp r2, r3 + 80050a8: d10f bne.n 80050ca + || ((uint32_t)h->start < PSRAM_BASE) + 80050aa: 6863 ldr r3, [r4, #4] + 80050ac: f1b3 4f10 cmp.w r3, #2415919104 ; 0x90000000 + 80050b0: d30b bcc.n 80050ca + || ((uint32_t)h->start >= PSRAM_BASE+(PSRAM_SIZE/2)) + 80050b2: 6862 ldr r2, [r4, #4] + 80050b4: 4b1a ldr r3, [pc, #104] ; (8005120 ) + 80050b6: 429a cmp r2, r3 + 80050b8: d807 bhi.n 80050ca + || (h->size > FW_MAX_LENGTH_MK4) + 80050ba: 68a3 ldr r3, [r4, #8] + 80050bc: f5b3 1ff0 cmp.w r3, #1966080 ; 0x1e0000 + 80050c0: d803 bhi.n 80050ca + || (h->size < FW_MIN_LENGTH) + 80050c2: 68a3 ldr r3, [r4, #8] + 80050c4: f5b3 2f80 cmp.w r3, #262144 ; 0x40000 + 80050c8: d205 bcs.n 80050d6 + puts("PSR: nada"); + 80050ca: 4816 ldr r0, [pc, #88] ; (8005124 ) + puts("PSR: version"); + 80050cc: f7ff fe3c bl 8004d48 +} + 80050d0: 2000 movs r0, #0 + 80050d2: b008 add sp, #32 + 80050d4: bd10 pop {r4, pc} + bool ok = verify_firmware_in_ram(h->start, h->size, world_check); + 80050d6: 6860 ldr r0, [r4, #4] + 80050d8: 68a1 ldr r1, [r4, #8] + 80050da: 466a mov r2, sp + 80050dc: f7fc fdaa bl 8001c34 + if(!ok) { + 80050e0: b908 cbnz r0, 80050e6 + puts("PSR: !check"); + 80050e2: 4811 ldr r0, [pc, #68] ; (8005128 ) + 80050e4: e7f2 b.n 80050cc + if(!verify_world_checksum(world_check)) { + 80050e6: 4668 mov r0, sp + 80050e8: f7fc fdf8 bl 8001cdc + 80050ec: b908 cbnz r0, 80050f2 + puts("PSR: version"); + 80050ee: 480f ldr r0, [pc, #60] ; (800512c ) + 80050f0: e7ec b.n 80050cc + psram_do_upgrade(h->start, h->size); + 80050f2: 6860 ldr r0, [r4, #4] + 80050f4: 68a1 ldr r1, [r4, #8] + 80050f6: f7ff ff5f bl 8004fb8 + 80050fa: f3bf 8f4f dsb sy + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 80050fe: 490c ldr r1, [pc, #48] ; (8005130 ) + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 8005100: 4b0c ldr r3, [pc, #48] ; (8005134 ) + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 8005102: 68ca ldr r2, [r1, #12] + 8005104: f402 62e0 and.w r2, r2, #1792 ; 0x700 + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 8005108: 4313 orrs r3, r2 + 800510a: 60cb str r3, [r1, #12] + 800510c: f3bf 8f4f dsb sy + __NOP(); + 8005110: bf00 nop + for(;;) /* wait until reset */ + 8005112: e7fd b.n 8005110 + 8005114: 907ff800 .word 0x907ff800 + 8005118: dbcc8350 .word 0xdbcc8350 + 800511c: bafcfba3 .word 0xbafcfba3 + 8005120: 903fffff .word 0x903fffff + 8005124: 0800e6f7 .word 0x0800e6f7 + 8005128: 0800e701 .word 0x0800e701 + 800512c: 0800e70d .word 0x0800e70d + 8005130: e000ed00 .word 0xe000ed00 + 8005134: 05fa0004 .word 0x05fa0004 + +08005138 : + +// sdcard_light() +// + void inline +sdcard_light(bool on) +{ + 8005138: 4602 mov r2, r0 + HAL_GPIO_WritePin(GPIOC, GPIO_PIN_7, !!on); // turn LED off + 800513a: 2180 movs r1, #128 ; 0x80 + 800513c: 4801 ldr r0, [pc, #4] ; (8005144 ) + 800513e: f7fc b8d1 b.w 80012e4 + 8005142: bf00 nop + 8005144: 48000800 .word 0x48000800 + +08005148 : + +// sdcard_is_inserted() +// + bool +sdcard_is_inserted(void) +{ + 8005148: b508 push {r3, lr} + return !!HAL_GPIO_ReadPin(GPIOC, GPIO_PIN_13); + 800514a: f44f 5100 mov.w r1, #8192 ; 0x2000 + 800514e: 4803 ldr r0, [pc, #12] ; (800515c ) + 8005150: f7fc f8c2 bl 80012d8 +} + 8005154: 3800 subs r0, #0 + 8005156: bf18 it ne + 8005158: 2001 movne r0, #1 + 800515a: bd08 pop {r3, pc} + 800515c: 48000800 .word 0x48000800 + +08005160 : + +// sdcard_try_file() +// + void +sdcard_try_file(uint32_t blk_pos) +{ + 8005160: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 8005164: f5ad 5d81 sub.w sp, sp, #4128 ; 0x1020 + 8005168: b082 sub sp, #8 + 800516a: 4606 mov r6, r0 + oled_show(screen_verify); + 800516c: 4832 ldr r0, [pc, #200] ; (8005238 ) + // read full possible file into PSRAM, assume continguous, and big enough + uint8_t *ps = (uint8_t *)PSRAM_BASE; + uint8_t buf[512*8]; // half of all our SRAM 0x00002000 + + for(uint32_t off = 0; off < FW_MAX_LENGTH_MK4; off += sizeof(buf)) { + int rv = HAL_SD_ReadBlocks(&hsd, buf, blk_pos+(off/512), sizeof(buf)/512, 60000); + 800516e: f8df 80e8 ldr.w r8, [pc, #232] ; 8005258 + oled_show(screen_verify); + 8005172: f7fb fe57 bl 8000e24 + for(uint32_t off = 0; off < FW_MAX_LENGTH_MK4; off += sizeof(buf)) { + 8005176: 2500 movs r5, #0 + int rv = HAL_SD_ReadBlocks(&hsd, buf, blk_pos+(off/512), sizeof(buf)/512, 60000); + 8005178: f64e 2760 movw r7, #60000 ; 0xea60 + 800517c: 9700 str r7, [sp, #0] + 800517e: 2308 movs r3, #8 + 8005180: eb06 2255 add.w r2, r6, r5, lsr #9 + 8005184: a90a add r1, sp, #40 ; 0x28 + 8005186: 4640 mov r0, r8 + 8005188: f006 fe2c bl 800bde4 + if(rv != HAL_OK) { + 800518c: 4604 mov r4, r0 + 800518e: b138 cbz r0, 80051a0 + puts("long read fail"); + 8005190: 482a ldr r0, [pc, #168] ; (800523c ) + + // Check we have the **right** firmware, based on the world check sum + // but don't set the light at this point. + // - this includes check over bootrom (ourselves) + if(!verify_world_checksum(world_check)) { + puts("wrong world"); + 8005192: f7ff fdd9 bl 8004d48 + // Do the upgrade, using PSRAM data. + psram_do_upgrade(start, len); + + // done + NVIC_SystemReset(); +} + 8005196: f50d 5d81 add.w sp, sp, #4128 ; 0x1020 + 800519a: b002 add sp, #8 + 800519c: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + memcpy(ps + off, buf, sizeof(buf)); + 80051a0: f105 4010 add.w r0, r5, #2415919104 ; 0x90000000 + 80051a4: f44f 5280 mov.w r2, #4096 ; 0x1000 + 80051a8: a90a add r1, sp, #40 ; 0x28 + for(uint32_t off = 0; off < FW_MAX_LENGTH_MK4; off += sizeof(buf)) { + 80051aa: f505 5580 add.w r5, r5, #4096 ; 0x1000 + memcpy(ps + off, buf, sizeof(buf)); + 80051ae: f008 fa07 bl 800d5c0 + for(uint32_t off = 0; off < FW_MAX_LENGTH_MK4; off += sizeof(buf)) { + 80051b2: f5b5 1ff0 cmp.w r5, #1966080 ; 0x1e0000 + 80051b6: d1e1 bne.n 800517c + for(int idx=0; idxtargets; idx++) { + 80051b8: f04f 4310 mov.w r3, #2415919104 ; 0x90000000 + if(elem->addr == FIRMWARE_START) { + 80051bc: 4d20 ldr r5, [pc, #128] ; (8005240 ) + for(int idx=0; idxtargets; idx++) { + 80051be: 7a99 ldrb r1, [r3, #10] + 80051c0: 4620 mov r0, r4 + ptr += sizeof(DFUFile_t); + 80051c2: 330b adds r3, #11 + for(int idx=0; idxtargets; idx++) { + 80051c4: 4288 cmp r0, r1 + 80051c6: db01 blt.n 80051cc + puts("DFU parse fail"); + 80051c8: 481e ldr r0, [pc, #120] ; (8005244 ) + 80051ca: e7e2 b.n 8005192 + for(int ei=0; eielements; ei++) { + 80051cc: f8d3 610e ldr.w r6, [r3, #270] ; 0x10e + 80051d0: 2200 movs r2, #0 + ptr += sizeof(DFUTarget_t); + 80051d2: f503 7389 add.w r3, r3, #274 ; 0x112 + for(int ei=0; eielements; ei++) { + 80051d6: 42b2 cmp r2, r6 + 80051d8: d101 bne.n 80051de + for(int idx=0; idxtargets; idx++) { + 80051da: 3001 adds r0, #1 + 80051dc: e7f2 b.n 80051c4 + ptr += sizeof(DFUElement_t); + 80051de: 461c mov r4, r3 + if(elem->addr == FIRMWARE_START) { + 80051e0: f854 7b08 ldr.w r7, [r4], #8 + 80051e4: 42af cmp r7, r5 + 80051e6: d110 bne.n 800520a + *target_size = elem->size; + 80051e8: 685d ldr r5, [r3, #4] + bool ok = verify_firmware_in_ram(start, len, world_check); + 80051ea: aa02 add r2, sp, #8 + 80051ec: 4629 mov r1, r5 + 80051ee: 4620 mov r0, r4 + 80051f0: f7fc fd20 bl 8001c34 + if(!ok) return; + 80051f4: 2800 cmp r0, #0 + 80051f6: d0ce beq.n 8005196 + puts("good firmware"); + 80051f8: 4813 ldr r0, [pc, #76] ; (8005248 ) + 80051fa: f7ff fda5 bl 8004d48 + if(!verify_world_checksum(world_check)) { + 80051fe: a802 add r0, sp, #8 + 8005200: f7fc fd6c bl 8001cdc + 8005204: b920 cbnz r0, 8005210 + puts("wrong world"); + 8005206: 4811 ldr r0, [pc, #68] ; (800524c ) + 8005208: e7c3 b.n 8005192 + for(int ei=0; eielements; ei++) { + 800520a: 3201 adds r2, #1 + ptr += sizeof(DFUElement_t); + 800520c: 4623 mov r3, r4 + 800520e: e7e2 b.n 80051d6 + sdcard_light(false); + 8005210: 2000 movs r0, #0 + 8005212: f7ff ff91 bl 8005138 + psram_do_upgrade(start, len); + 8005216: 4629 mov r1, r5 + 8005218: 4620 mov r0, r4 + 800521a: f7ff fecd bl 8004fb8 + 800521e: f3bf 8f4f dsb sy + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 8005222: 490b ldr r1, [pc, #44] ; (8005250 ) + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 8005224: 4b0b ldr r3, [pc, #44] ; (8005254 ) + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 8005226: 68ca ldr r2, [r1, #12] + 8005228: f402 62e0 and.w r2, r2, #1792 ; 0x700 + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 800522c: 4313 orrs r3, r2 + 800522e: 60cb str r3, [r1, #12] + 8005230: f3bf 8f4f dsb sy + __NOP(); + 8005234: bf00 nop + for(;;) /* wait until reset */ + 8005236: e7fd b.n 8005234 + 8005238: 0800e1b6 .word 0x0800e1b6 + 800523c: 0800e738 .word 0x0800e738 + 8005240: 08020000 .word 0x08020000 + 8005244: 0800e747 .word 0x0800e747 + 8005248: 0800e756 .word 0x0800e756 + 800524c: 0800e764 .word 0x0800e764 + 8005250: e000ed00 .word 0xe000ed00 + 8005254: 05fa0004 .word 0x05fa0004 + 8005258: 2009e220 .word 0x2009e220 + +0800525c : + +// sdcard_search() +// + void +sdcard_search(void) +{ + 800525c: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + oled_show(screen_search); + 8005260: 4852 ldr r0, [pc, #328] ; (80053ac ) +{ + 8005262: f5ad 7d04 sub.w sp, sp, #528 ; 0x210 + oled_show(screen_search); + 8005266: f7fb fddd bl 8000e24 + + if(!sdcard_is_inserted()) return; + 800526a: f7ff ff6d bl 8005148 + 800526e: 2800 cmp r0, #0 + 8005270: d077 beq.n 8005362 + __HAL_RCC_SDMMC1_CLK_ENABLE(); + 8005272: 4f4f ldr r7, [pc, #316] ; (80053b0 ) + + uint32_t num_blocks; + + // open card (power it) and get details, do setup + puts2("SDCard: "); + 8005274: 484f ldr r0, [pc, #316] ; (80053b4 ) + { GPIO_InitTypeDef setup = { + 8005276: 4c50 ldr r4, [pc, #320] ; (80053b8 ) + puts2("SDCard: "); + 8005278: f7ff fcd8 bl 8004c2c + __HAL_RCC_SDMMC1_CLK_ENABLE(); + 800527c: 6cfb ldr r3, [r7, #76] ; 0x4c + 800527e: f443 0380 orr.w r3, r3, #4194304 ; 0x400000 + 8005282: 64fb str r3, [r7, #76] ; 0x4c + 8005284: 6cfb ldr r3, [r7, #76] ; 0x4c + 8005286: f403 0380 and.w r3, r3, #4194304 ; 0x400000 + 800528a: 9303 str r3, [sp, #12] + 800528c: 9b03 ldr r3, [sp, #12] + { GPIO_InitTypeDef setup = { + 800528e: cc0f ldmia r4!, {r0, r1, r2, r3} + 8005290: ad04 add r5, sp, #16 + 8005292: c50f stmia r5!, {r0, r1, r2, r3} + 8005294: f854 3b04 ldr.w r3, [r4], #4 + 8005298: 602b str r3, [r5, #0] + HAL_GPIO_Init(GPIOC, &setup); + 800529a: 4848 ldr r0, [pc, #288] ; (80053bc ) + 800529c: a904 add r1, sp, #16 + 800529e: f7fb fea7 bl 8000ff0 + { GPIO_InitTypeDef setup = { + 80052a2: cc0f ldmia r4!, {r0, r1, r2, r3} + 80052a4: ae04 add r6, sp, #16 + 80052a6: c60f stmia r6!, {r0, r1, r2, r3} + 80052a8: 6823 ldr r3, [r4, #0] + 80052aa: 602b str r3, [r5, #0] + HAL_GPIO_Init(GPIOD, &setup); + 80052ac: 4844 ldr r0, [pc, #272] ; (80053c0 ) + memset(&hsd, 0, sizeof(SD_HandleTypeDef)); + 80052ae: 4d45 ldr r5, [pc, #276] ; (80053c4 ) + HAL_GPIO_Init(GPIOD, &setup); + 80052b0: a904 add r1, sp, #16 + 80052b2: f7fb fe9d bl 8000ff0 + __HAL_RCC_SDMMC1_FORCE_RESET(); + 80052b6: 6afb ldr r3, [r7, #44] ; 0x2c + 80052b8: f443 0380 orr.w r3, r3, #4194304 ; 0x400000 + 80052bc: 62fb str r3, [r7, #44] ; 0x2c + __HAL_RCC_SDMMC1_RELEASE_RESET(); + 80052be: 6afb ldr r3, [r7, #44] ; 0x2c + 80052c0: f423 0380 bic.w r3, r3, #4194304 ; 0x400000 + 80052c4: 62fb str r3, [r7, #44] ; 0x2c + memset(&hsd, 0, sizeof(SD_HandleTypeDef)); + 80052c6: 2280 movs r2, #128 ; 0x80 + 80052c8: 2100 movs r1, #0 + 80052ca: 4628 mov r0, r5 + 80052cc: f008 f9a0 bl 800d610 + puts2("SDCard: "); + 80052d0: 4838 ldr r0, [pc, #224] ; (80053b4 ) + 80052d2: f7ff fcab bl 8004c2c + hsd.Init.ClockEdge = SDMMC_CLOCK_EDGE_RISING; + 80052d6: 4a3c ldr r2, [pc, #240] ; (80053c8 ) + 80052d8: 2300 movs r3, #0 + 80052da: e9c5 2300 strd r2, r3, [r5] + hsd.Init.ClockPowerSave = SDMMC_CLOCK_POWER_SAVE_ENABLE; + 80052de: f44f 5280 mov.w r2, #4096 ; 0x1000 + hsd.Init.BusWide = SDMMC_BUS_WIDE_1B; + 80052e2: e9c5 2302 strd r2, r3, [r5, #8] + hsd.Init.HardwareFlowControl = SDMMC_HARDWARE_FLOW_CONTROL_DISABLE; + 80052e6: 612b str r3, [r5, #16] + int rv = HAL_SD_Init(&hsd); + 80052e8: 4628 mov r0, r5 + hsd.Init.ClockDiv = SDMMC_TRANSFER_CLK_DIV; + 80052ea: 2303 movs r3, #3 + 80052ec: 616b str r3, [r5, #20] + int rv = HAL_SD_Init(&hsd); + 80052ee: f007 faf3 bl 800c8d8 + if(rv != HAL_OK) { + 80052f2: 4604 mov r4, r0 + 80052f4: b130 cbz r0, 8005304 + puts("init fail"); + 80052f6: 4835 ldr r0, [pc, #212] ; (80053cc ) + oled_show_progress(screen_search, pos*100 / num_blocks); + sdcard_light(true); + } + } + +} + 80052f8: f50d 7d04 add.w sp, sp, #528 ; 0x210 + 80052fc: e8bd 41f0 ldmia.w sp!, {r4, r5, r6, r7, r8, lr} + puts("bsize?"); + 8005300: f7ff bd22 b.w 8004d48 + sdcard_light(true); + 8005304: 2001 movs r0, #1 + 8005306: f7ff ff17 bl 8005138 + rv = HAL_SD_ConfigSpeedBusOperation(&hsd, SDMMC_SPEED_MODE_AUTO); + 800530a: 4621 mov r1, r4 + 800530c: 4628 mov r0, r5 + 800530e: f007 fbbb bl 800ca88 + if(rv != HAL_OK) { + 8005312: b108 cbz r0, 8005318 + puts("speed"); + 8005314: 482e ldr r0, [pc, #184] ; (80053d0 ) + 8005316: e7ef b.n 80052f8 + rv = HAL_SD_ConfigWideBusOperation(&hsd, SDMMC_BUS_WIDE_4B); + 8005318: f44f 4180 mov.w r1, #16384 ; 0x4000 + 800531c: 4628 mov r0, r5 + 800531e: f007 fa05 bl 800c72c + if(rv != HAL_OK) { + 8005322: 4604 mov r4, r0 + 8005324: b108 cbz r0, 800532a + puts("wide"); + 8005326: 482b ldr r0, [pc, #172] ; (80053d4 ) + 8005328: e7e6 b.n 80052f8 + if(hsd.SdCard.BlockSize != 512) { + 800532a: 6d2b ldr r3, [r5, #80] ; 0x50 + 800532c: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 8005330: d001 beq.n 8005336 + puts("bsize?"); + 8005332: 4829 ldr r0, [pc, #164] ; (80053d8 ) + 8005334: e7e0 b.n 80052f8 + puts("ok"); + 8005336: 4829 ldr r0, [pc, #164] ; (80053dc ) + *num_blocks = hsd.SdCard.BlockNbr; + 8005338: 6cee ldr r6, [r5, #76] ; 0x4c + if(memcmp(blk, "DfuSe", 5) == 0) { + 800533a: 4f29 ldr r7, [pc, #164] ; (80053e0 ) + oled_show_progress(screen_search, pos*100 / num_blocks); + 800533c: f8df 806c ldr.w r8, [pc, #108] ; 80053ac + puts("ok"); + 8005340: f7ff fd02 bl 8004d48 + for(int pos=0; pos + int rv = HAL_SD_ReadBlocks(&hsd, blk, pos, 1, 60000); + 8005348: f64e 2360 movw r3, #60000 ; 0xea60 + 800534c: 9300 str r3, [sp, #0] + 800534e: 4622 mov r2, r4 + 8005350: 2301 movs r3, #1 + 8005352: a904 add r1, sp, #16 + 8005354: 4628 mov r0, r5 + 8005356: f006 fd45 bl 800bde4 + if(rv != HAL_OK) { + 800535a: b130 cbz r0, 800536a + puts("fail read"); + 800535c: 4821 ldr r0, [pc, #132] ; (80053e4 ) + 800535e: f7ff fcf3 bl 8004d48 +} + 8005362: f50d 7d04 add.w sp, sp, #528 ; 0x210 + 8005366: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + if(memcmp(blk, "DfuSe", 5) == 0) { + 800536a: 2205 movs r2, #5 + 800536c: 4639 mov r1, r7 + 800536e: a804 add r0, sp, #16 + 8005370: f008 f916 bl 800d5a0 + 8005374: b9b0 cbnz r0, 80053a4 + puts2("found @ "); + 8005376: 481c ldr r0, [pc, #112] ; (80053e8 ) + 8005378: f7ff fc58 bl 8004c2c + puthex8(pos); + 800537c: 4620 mov r0, r4 + 800537e: f7ff fcb1 bl 8004ce4 + putchar('\n'); + 8005382: 200a movs r0, #10 + 8005384: f7ff fc66 bl 8004c54 + sdcard_try_file(pos); + 8005388: 4620 mov r0, r4 + 800538a: f7ff fee9 bl 8005160 + oled_show_progress(screen_search, pos*100 / num_blocks); + 800538e: 2164 movs r1, #100 ; 0x64 + 8005390: 4640 mov r0, r8 + 8005392: 4361 muls r1, r4 + 8005394: fbb1 f1f6 udiv r1, r1, r6 + 8005398: f7fb fd86 bl 8000ea8 + sdcard_light(true); + 800539c: 2001 movs r0, #1 + 800539e: f7ff fecb bl 8005138 + 80053a2: e001 b.n 80053a8 + if(pos % 128 == 0) { + 80053a4: 0663 lsls r3, r4, #25 + 80053a6: d0f2 beq.n 800538e + for(int pos=0; pos + 80053ac: 0800dfed .word 0x0800dfed + 80053b0: 40021000 .word 0x40021000 + 80053b4: 0800e770 .word 0x0800e770 + 80053b8: 0800e7c0 .word 0x0800e7c0 + 80053bc: 48000800 .word 0x48000800 + 80053c0: 48000c00 .word 0x48000c00 + 80053c4: 2009e220 .word 0x2009e220 + 80053c8: 50062400 .word 0x50062400 + 80053cc: 0800e779 .word 0x0800e779 + 80053d0: 0800e783 .word 0x0800e783 + 80053d4: 0800e789 .word 0x0800e789 + 80053d8: 0800e78e .word 0x0800e78e + 80053dc: 0800e795 .word 0x0800e795 + 80053e0: 0800e7a2 .word 0x0800e7a2 + 80053e4: 0800e798 .word 0x0800e798 + 80053e8: 0800e7a8 .word 0x0800e7a8 + +080053ec : + +// sdcard_recovery() +// + void +sdcard_recovery(void) +{ + 80053ec: b508 push {r3, lr} + // Use SDCard to recover. Must be precise version they tried to + // install before, and will be slow AF. + + puts("Recovery mode."); + 80053ee: 480b ldr r0, [pc, #44] ; (800541c ) + while(1) { + // .. need them to insert a card + + sdcard_light(false); + while(!sdcard_is_inserted()) { + oled_show(screen_recovery); + 80053f0: 4c0b ldr r4, [pc, #44] ; (8005420 ) + puts("Recovery mode."); + 80053f2: f7ff fca9 bl 8004d48 + sdcard_light(false); + 80053f6: 2000 movs r0, #0 + 80053f8: f7ff fe9e bl 8005138 + while(!sdcard_is_inserted()) { + 80053fc: f7ff fea4 bl 8005148 + 8005400: b128 cbz r0, 800540e + delay_ms(200); + } + + // look for binary, will reset system if successful + sdcard_light(true); + 8005402: 2001 movs r0, #1 + 8005404: f7ff fe98 bl 8005138 + sdcard_search(); + 8005408: f7ff ff28 bl 800525c + sdcard_light(false); + 800540c: e7f3 b.n 80053f6 + oled_show(screen_recovery); + 800540e: 4620 mov r0, r4 + 8005410: f7fb fd08 bl 8000e24 + delay_ms(200); + 8005414: 20c8 movs r0, #200 ; 0xc8 + 8005416: f7fe fa5f bl 80038d8 + 800541a: e7ef b.n 80053fc + 800541c: 0800e7b1 .word 0x0800e7b1 + 8005420: 0800dbec .word 0x0800dbec + +08005424 : +#include + +// so we don't need stm32l4xx_hal_hash_ex.c +HAL_StatusTypeDef HAL_HASHEx_SHA256_Accmlt(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size) +{ + return HASH_Accumulate(hhash, pInBuffer, Size,HASH_ALGOSELECTION_SHA256); + 8005424: 4b01 ldr r3, [pc, #4] ; (800542c ) + 8005426: f005 ba25 b.w 800a874 + 800542a: bf00 nop + 800542c: 00040080 .word 0x00040080 + +08005430 : +} + +HAL_StatusTypeDef HAL_HASHEx_SHA256_Start(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size, uint8_t* pOutBuffer, uint32_t Timeout) +{ + 8005430: b513 push {r0, r1, r4, lr} + return HASH_Start(hhash, pInBuffer, Size, pOutBuffer, Timeout, HASH_ALGOSELECTION_SHA256); + 8005432: 4c04 ldr r4, [pc, #16] ; (8005444 ) + 8005434: 9401 str r4, [sp, #4] + 8005436: 9c04 ldr r4, [sp, #16] + 8005438: 9400 str r4, [sp, #0] + 800543a: f005 f977 bl 800a72c +} + 800543e: b002 add sp, #8 + 8005440: bd10 pop {r4, pc} + 8005442: bf00 nop + 8005444: 00040080 .word 0x00040080 + +08005448 : + +HAL_StatusTypeDef HAL_HMACEx_SHA256_Start(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size, uint8_t* pOutBuffer, uint32_t Timeout) +{ + 8005448: b513 push {r0, r1, r4, lr} + return HMAC_Start(hhash, pInBuffer, Size, pOutBuffer, Timeout, HASH_ALGOSELECTION_SHA256); + 800544a: 4c04 ldr r4, [pc, #16] ; (800545c ) + 800544c: 9401 str r4, [sp, #4] + 800544e: 9c04 ldr r4, [sp, #16] + 8005450: 9400 str r4, [sp, #0] + 8005452: f005 fbad bl 800abb0 +} + 8005456: b002 add sp, #8 + 8005458: bd10 pop {r4, pc} + 800545a: bf00 nop + 800545c: 00040080 .word 0x00040080 + +08005460 : + +void sha256_init(SHA256_CTX *ctx) +{ + 8005460: b510 push {r4, lr} + memset(ctx, 0, sizeof(SHA256_CTX)); + 8005462: 2248 movs r2, #72 ; 0x48 +{ + 8005464: 4604 mov r4, r0 + memset(ctx, 0, sizeof(SHA256_CTX)); + 8005466: 2100 movs r1, #0 + 8005468: 3004 adds r0, #4 + 800546a: f008 f8d1 bl 800d610 + +#if 1 + ctx->num_pending = 0; + ctx->hh.Init.DataType = HASH_DATATYPE_8B; + 800546e: 2320 movs r3, #32 + 8005470: 6023 str r3, [r4, #0] + HAL_HASH_Init(&ctx->hh); + 8005472: 4620 mov r0, r4 + __HAL_HASH_RESET_MDMAT(); + + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, + HASH_ALGOSELECTION_SHA256 | HASH_CR_INIT); +#endif +} + 8005474: e8bd 4010 ldmia.w sp!, {r4, lr} + HAL_HASH_Init(&ctx->hh); + 8005478: f004 bfe6 b.w 800a448 + +0800547c : + +void sha256_update(SHA256_CTX *ctx, const uint8_t data[], uint32_t len) +{ + 800547c: b5f8 push {r3, r4, r5, r6, r7, lr} + HAL_StatusTypeDef rv; + + // clear out any pending bytes + if(ctx->num_pending + len >= 4) { + 800547e: f890 3048 ldrb.w r3, [r0, #72] ; 0x48 + 8005482: 4413 add r3, r2 + 8005484: 2b03 cmp r3, #3 +{ + 8005486: 4605 mov r5, r0 + 8005488: 460e mov r6, r1 + 800548a: 4614 mov r4, r2 + if(ctx->num_pending + len >= 4) { + 800548c: d818 bhi.n 80054c0 + } + } + + // write full blocks + uint32_t blocks = len / 4; + if(blocks) { + 800548e: 2c03 cmp r4, #3 + 8005490: d926 bls.n 80054e0 +#if 1 + rv = HAL_HASHEx_SHA256_Accumulate(&ctx->hh, (uint8_t *)data, blocks*4); + 8005492: f024 0703 bic.w r7, r4, #3 + 8005496: 463a mov r2, r7 + 8005498: 4631 mov r1, r6 + 800549a: 4628 mov r0, r5 + 800549c: f7ff ffc2 bl 8005424 + ASSERT(rv == HAL_OK); + 80054a0: b9c8 cbnz r0, 80054d6 + uint32_t tmp; + memcpy(&tmp, data, 4); + HASH->DIN = tmp; + } +#endif + len -= blocks*4; + 80054a2: f004 0403 and.w r4, r4, #3 + data += blocks*4; + 80054a6: 443e add r6, r7 + 80054a8: e01a b.n 80054e0 + ctx->pending[ctx->num_pending++] = *data; + 80054aa: 1c5a adds r2, r3, #1 + 80054ac: b2d2 uxtb r2, r2 + 80054ae: f885 2048 strb.w r2, [r5, #72] ; 0x48 + 80054b2: 442b add r3, r5 + 80054b4: f816 1b01 ldrb.w r1, [r6], #1 + 80054b8: f883 1044 strb.w r1, [r3, #68] ; 0x44 + if(!len) break; + 80054bc: 3c01 subs r4, #1 + 80054be: d00d beq.n 80054dc + while(ctx->num_pending != 4) { + 80054c0: f895 3048 ldrb.w r3, [r5, #72] ; 0x48 + 80054c4: 2b04 cmp r3, #4 + 80054c6: d1f0 bne.n 80054aa + rv = HAL_HASHEx_SHA256_Accumulate(&ctx->hh, ctx->pending, 4); + 80054c8: 2204 movs r2, #4 + 80054ca: f105 0144 add.w r1, r5, #68 ; 0x44 + 80054ce: 4628 mov r0, r5 + 80054d0: f7ff ffa8 bl 8005424 + ASSERT(rv == HAL_OK); + 80054d4: b140 cbz r0, 80054e8 + 80054d6: 480b ldr r0, [pc, #44] ; (8005504 ) + 80054d8: f7fb faa4 bl 8000a24 + if(ctx->num_pending == 4) { + 80054dc: 2a04 cmp r2, #4 + 80054de: d0f3 beq.n 80054c8 + 80054e0: 4434 add r4, r6 + } + + // save runt for later + ASSERT(len <= 3); + while(len) { + 80054e2: 42b4 cmp r4, r6 + 80054e4: d103 bne.n 80054ee + ctx->pending[ctx->num_pending++] = *data; + data++; + len--; + } +} + 80054e6: bdf8 pop {r3, r4, r5, r6, r7, pc} + ctx->num_pending = 0; + 80054e8: f885 0048 strb.w r0, [r5, #72] ; 0x48 + 80054ec: e7cf b.n 800548e + ctx->pending[ctx->num_pending++] = *data; + 80054ee: f895 3048 ldrb.w r3, [r5, #72] ; 0x48 + 80054f2: 1c5a adds r2, r3, #1 + 80054f4: f885 2048 strb.w r2, [r5, #72] ; 0x48 + 80054f8: 442b add r3, r5 + 80054fa: f816 2b01 ldrb.w r2, [r6], #1 + 80054fe: f883 2044 strb.w r2, [r3, #68] ; 0x44 + len--; + 8005502: e7ee b.n 80054e2 + 8005504: 0800e354 .word 0x0800e354 + +08005508 : + +void sha256_final(SHA256_CTX *ctx, uint8_t digest[32]) +{ + 8005508: b513 push {r0, r1, r4, lr} + // Do final 0-3 bytes, pad and return digest. +#if 1 + HAL_StatusTypeDef rv = HAL_HASHEx_SHA256_Start(&ctx->hh, + 800550a: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 800550e: 9200 str r2, [sp, #0] +{ + 8005510: 460b mov r3, r1 + HAL_StatusTypeDef rv = HAL_HASHEx_SHA256_Start(&ctx->hh, + 8005512: f890 2048 ldrb.w r2, [r0, #72] ; 0x48 + 8005516: f100 0144 add.w r1, r0, #68 ; 0x44 + 800551a: f7ff ff89 bl 8005430 + ctx->pending, ctx->num_pending, digest, HAL_MAX_DELAY); + ASSERT(rv == HAL_OK); + 800551e: b110 cbz r0, 8005526 + 8005520: 4802 ldr r0, [pc, #8] ; (800552c ) + 8005522: f7fb fa7f bl 8000a24 + tmp = __REV(HASH_DIGEST->HR[6]); + memcpy(out, &tmp, 4); out += 4; + tmp = __REV(HASH_DIGEST->HR[7]); + memcpy(out, &tmp, 4); +#endif +} + 8005526: b002 add sp, #8 + 8005528: bd10 pop {r4, pc} + 800552a: bf00 nop + 800552c: 0800e354 .word 0x0800e354 + +08005530 : +// +// single-shot version (best) +// + void +sha256_single(const uint8_t data[], uint32_t len, uint8_t digest[32]) +{ + 8005530: b530 push {r4, r5, lr} + 8005532: b097 sub sp, #92 ; 0x5c + 8005534: 4604 mov r4, r0 + 8005536: 460d mov r5, r1 + 8005538: 9203 str r2, [sp, #12] + HASH_HandleTypeDef hh = {0}; + 800553a: 2100 movs r1, #0 + 800553c: 2240 movs r2, #64 ; 0x40 + 800553e: a806 add r0, sp, #24 + 8005540: f008 f866 bl 800d610 + + hh.Init.DataType = HASH_DATATYPE_8B; + 8005544: 2220 movs r2, #32 + + HAL_HASH_Init(&hh); + 8005546: a805 add r0, sp, #20 + hh.Init.DataType = HASH_DATATYPE_8B; + 8005548: 9205 str r2, [sp, #20] + HAL_HASH_Init(&hh); + 800554a: f004 ff7d bl 800a448 + + // It's called "Start" but it handles the runt packet, so really can only + // be used once at end of message, or for whole message. + HAL_StatusTypeDef rv = HAL_HASHEx_SHA256_Start(&hh, (uint8_t *)data, len, + 800554e: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 8005552: 9200 str r2, [sp, #0] + 8005554: 9b03 ldr r3, [sp, #12] + 8005556: 462a mov r2, r5 + 8005558: 4621 mov r1, r4 + 800555a: a805 add r0, sp, #20 + 800555c: f7ff ff68 bl 8005430 + digest, HAL_MAX_DELAY); + ASSERT(rv == HAL_OK); + 8005560: b110 cbz r0, 8005568 + 8005562: 4802 ldr r0, [pc, #8] ; (800556c ) + 8005564: f7fb fa5e bl 8000a24 +} + 8005568: b017 add sp, #92 ; 0x5c + 800556a: bd30 pop {r4, r5, pc} + 800556c: 0800e354 .word 0x0800e354 + +08005570 : +// hmac_sha256_init() +// + void +hmac_sha256_init(HMAC_CTX *ctx) +{ + memset(ctx, 0, sizeof(HMAC_CTX)); + 8005570: f44f 7282 mov.w r2, #260 ; 0x104 + 8005574: 2100 movs r1, #0 + 8005576: f008 b84b b.w 800d610 + ... + +0800557c : + +// hmac_sha256_update() +// + void +hmac_sha256_update(HMAC_CTX *ctx, const uint8_t data[], uint32_t len) +{ + 800557c: b538 push {r3, r4, r5, lr} + 800557e: 4604 mov r4, r0 + // simple append + ASSERT(ctx->num_pending + len < sizeof(ctx->pending)); + 8005580: f8d0 0100 ldr.w r0, [r0, #256] ; 0x100 + 8005584: 1883 adds r3, r0, r2 + 8005586: 2bff cmp r3, #255 ; 0xff +{ + 8005588: 4615 mov r5, r2 + ASSERT(ctx->num_pending + len < sizeof(ctx->pending)); + 800558a: d902 bls.n 8005592 + 800558c: 4805 ldr r0, [pc, #20] ; (80055a4 ) + 800558e: f7fb fa49 bl 8000a24 + + memcpy(ctx->pending+ctx->num_pending, data, len); + 8005592: 4420 add r0, r4 + 8005594: f008 f814 bl 800d5c0 + + ctx->num_pending += len; + 8005598: f8d4 2100 ldr.w r2, [r4, #256] ; 0x100 + 800559c: 442a add r2, r5 + 800559e: f8c4 2100 str.w r2, [r4, #256] ; 0x100 +} + 80055a2: bd38 pop {r3, r4, r5, pc} + 80055a4: 0800e354 .word 0x0800e354 + +080055a8 : + +// hmac_sha256_final() +// + void +hmac_sha256_final(HMAC_CTX *ctx, const uint8_t key[32], uint8_t digest[32]) +{ + 80055a8: b530 push {r4, r5, lr} + 80055aa: b097 sub sp, #92 ; 0x5c + 80055ac: 4604 mov r4, r0 + 80055ae: 460d mov r5, r1 + 80055b0: 9203 str r2, [sp, #12] + HASH_HandleTypeDef hh = {0}; + 80055b2: 2100 movs r1, #0 + 80055b4: 2238 movs r2, #56 ; 0x38 + 80055b6: a808 add r0, sp, #32 + 80055b8: f008 f82a bl 800d610 + + hh.Init.DataType = HASH_DATATYPE_8B; + 80055bc: 2220 movs r2, #32 + hh.Init.pKey = (uint8_t *)key; // const viol due to API dumbness + hh.Init.KeySize = 32; + + HAL_HASH_Init(&hh); + 80055be: a805 add r0, sp, #20 + hh.Init.KeySize = 32; + 80055c0: e9cd 2506 strd r2, r5, [sp, #24] + hh.Init.DataType = HASH_DATATYPE_8B; + 80055c4: 9205 str r2, [sp, #20] + HAL_HASH_Init(&hh); + 80055c6: f004 ff3f bl 800a448 + + HAL_StatusTypeDef rv = HAL_HMACEx_SHA256_Start(&hh, + 80055ca: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 80055ce: 9200 str r2, [sp, #0] + 80055d0: 9b03 ldr r3, [sp, #12] + 80055d2: f8d4 2100 ldr.w r2, [r4, #256] ; 0x100 + 80055d6: 4621 mov r1, r4 + 80055d8: a805 add r0, sp, #20 + 80055da: f7ff ff35 bl 8005448 + ctx->pending, ctx->num_pending, digest, HAL_MAX_DELAY); + ASSERT(rv == HAL_OK); + 80055de: b110 cbz r0, 80055e6 + 80055e0: 4802 ldr r0, [pc, #8] ; (80055ec ) + 80055e2: f7fb fa1f bl 8000a24 +} + 80055e6: b017 add sp, #92 ; 0x5c + 80055e8: bd30 pop {r4, r5, pc} + 80055ea: bf00 nop + 80055ec: 0800e354 .word 0x0800e354 + +080055f0 : + +#if !asm_mult +uECC_VLI_API void uECC_vli_mult(uECC_word_t *result, + const uECC_word_t *left, + const uECC_word_t *right, + wordcount_t num_words) { + 80055f0: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + ); + +#else /* Thumb-1 */ + uint32_t r4, r5, r6, r7; + + __asm__ volatile ( + 80055f4: 3b01 subs r3, #1 + 80055f6: 009b lsls r3, r3, #2 + 80055f8: 4698 mov r8, r3 + 80055fa: 005b lsls r3, r3, #1 + 80055fc: 4699 mov r9, r3 + 80055fe: 2300 movs r3, #0 + 8005600: 2400 movs r4, #0 + 8005602: 2500 movs r5, #0 + 8005604: 2600 movs r6, #0 + 8005606: b401 push {r0} + 8005608: 2700 movs r7, #0 + 800560a: e002 b.n 8005612 + 800560c: 0037 movs r7, r6 + 800560e: 4640 mov r0, r8 + 8005610: 1a3f subs r7, r7, r0 + 8005612: b478 push {r3, r4, r5, r6} + 8005614: 1bf0 subs r0, r6, r7 + 8005616: 5814 ldr r4, [r2, r0] + 8005618: 59c8 ldr r0, [r1, r7] + 800561a: 0c03 lsrs r3, r0, #16 + 800561c: b280 uxth r0, r0 + 800561e: 0c25 lsrs r5, r4, #16 + 8005620: b2a4 uxth r4, r4 + 8005622: 001e movs r6, r3 + 8005624: 436e muls r6, r5 + 8005626: 4363 muls r3, r4 + 8005628: 4345 muls r5, r0 + 800562a: 4360 muls r0, r4 + 800562c: 2400 movs r4, #0 + 800562e: 195b adds r3, r3, r5 + 8005630: 4164 adcs r4, r4 + 8005632: 0424 lsls r4, r4, #16 + 8005634: 1936 adds r6, r6, r4 + 8005636: 041c lsls r4, r3, #16 + 8005638: 0c1b lsrs r3, r3, #16 + 800563a: 1900 adds r0, r0, r4 + 800563c: 415e adcs r6, r3 + 800563e: bc38 pop {r3, r4, r5} + 8005640: 181b adds r3, r3, r0 + 8005642: 4174 adcs r4, r6 + 8005644: 2000 movs r0, #0 + 8005646: 4145 adcs r5, r0 + 8005648: bc40 pop {r6} + 800564a: 3704 adds r7, #4 + 800564c: 4547 cmp r7, r8 + 800564e: dc01 bgt.n 8005654 + 8005650: 42b7 cmp r7, r6 + 8005652: ddde ble.n 8005612 + 8005654: 9800 ldr r0, [sp, #0] + 8005656: 5183 str r3, [r0, r6] + 8005658: 4623 mov r3, r4 + 800565a: 462c mov r4, r5 + 800565c: 2500 movs r5, #0 + 800565e: 3604 adds r6, #4 + 8005660: 4546 cmp r6, r8 + 8005662: ddd1 ble.n 8005608 + 8005664: 454e cmp r6, r9 + 8005666: ddd1 ble.n 800560c + 8005668: 5183 str r3, [r0, r6] + 800566a: bc01 pop {r0} + [r5] "=&l" (r5), [r6] "=&l" (r6), [r7] "=&l" (r7) + : [r0] "l" (result), [r1] "l" (left), [r2] "l" (right) + : "r8", "r9", "cc", "memory" + ); +#endif +} + 800566c: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + +08005670 : + +#if !asm_clear +uECC_VLI_API void uECC_vli_clear(uECC_word_t *vli, wordcount_t num_words) { + wordcount_t i; + for (i = 0; i < num_words; ++i) { + vli[i] = 0; + 8005670: ea21 71e1 bic.w r1, r1, r1, asr #31 + 8005674: 008a lsls r2, r1, #2 + 8005676: 2100 movs r1, #0 + 8005678: f007 bfca b.w 800d610 + +0800567c : +} +#endif /* !asm_clear */ + +/* Constant-time comparison to zero - secure way to compare long integers */ +/* Returns 1 if vli == 0, 0 otherwise. */ +uECC_VLI_API uECC_word_t uECC_vli_isZero(const uECC_word_t *vli, wordcount_t num_words) { + 800567c: b510 push {r4, lr} + uECC_word_t bits = 0; + wordcount_t i; + for (i = 0; i < num_words; ++i) { + 800567e: 2300 movs r3, #0 + uECC_word_t bits = 0; + 8005680: 461a mov r2, r3 + for (i = 0; i < num_words; ++i) { + 8005682: b25c sxtb r4, r3 + 8005684: 42a1 cmp r1, r4 + 8005686: dc03 bgt.n 8005690 + bits |= vli[i]; + } + return (bits == 0); +} + 8005688: fab2 f082 clz r0, r2 + 800568c: 0940 lsrs r0, r0, #5 + 800568e: bd10 pop {r4, pc} + bits |= vli[i]; + 8005690: f850 4023 ldr.w r4, [r0, r3, lsl #2] + 8005694: 3301 adds r3, #1 + 8005696: 4322 orrs r2, r4 + for (i = 0; i < num_words; ++i) { + 8005698: e7f3 b.n 8005682 + +0800569a : + +/* Returns nonzero if bit 'bit' of vli is set. */ +uECC_VLI_API uECC_word_t uECC_vli_testBit(const uECC_word_t *vli, bitcount_t bit) { + return (vli[bit >> uECC_WORD_BITS_SHIFT] & ((uECC_word_t)1 << (bit & uECC_WORD_BITS_MASK))); + 800569a: 114a asrs r2, r1, #5 + 800569c: 2301 movs r3, #1 + 800569e: f850 0022 ldr.w r0, [r0, r2, lsl #2] + 80056a2: f001 011f and.w r1, r1, #31 + 80056a6: fa03 f101 lsl.w r1, r3, r1 +} + 80056aa: 4008 ands r0, r1 + 80056ac: 4770 bx lr + +080056ae : +/* Counts the number of words in vli. */ +static wordcount_t vli_numDigits(const uECC_word_t *vli, const wordcount_t max_words) { + wordcount_t i; + /* Search from the end until we find a non-zero digit. + We do it in reverse because we expect that most digits will be nonzero. */ + for (i = max_words - 1; i >= 0 && vli[i] == 0; --i) { + 80056ae: 3901 subs r1, #1 + + return (i + 1); +} + +/* Counts the number of bits required to represent vli. */ +uECC_VLI_API bitcount_t uECC_vli_numBits(const uECC_word_t *vli, const wordcount_t max_words) { + 80056b0: b510 push {r4, lr} + 80056b2: b249 sxtb r1, r1 + for (i = max_words - 1; i >= 0 && vli[i] == 0; --i) { + 80056b4: 1d04 adds r4, r0, #4 + 80056b6: 060a lsls r2, r1, #24 + 80056b8: b2cb uxtb r3, r1 + 80056ba: d404 bmi.n 80056c6 + 80056bc: 3901 subs r1, #1 + 80056be: f854 2021 ldr.w r2, [r4, r1, lsl #2] + 80056c2: 2a00 cmp r2, #0 + 80056c4: d0f7 beq.n 80056b6 + return (i + 1); + 80056c6: 3301 adds r3, #1 + 80056c8: b25b sxtb r3, r3 + uECC_word_t i; + uECC_word_t digit; + + wordcount_t num_digits = vli_numDigits(vli, max_words); + if (num_digits == 0) { + 80056ca: b173 cbz r3, 80056ea + return 0; + } + + digit = vli[num_digits - 1]; + 80056cc: f103 4280 add.w r2, r3, #1073741824 ; 0x40000000 + 80056d0: 3a01 subs r2, #1 + 80056d2: f850 2022 ldr.w r2, [r0, r2, lsl #2] + for (i = 0; digit; ++i) { + 80056d6: 2000 movs r0, #0 + 80056d8: b922 cbnz r2, 80056e4 + digit >>= 1; + } + + return (((bitcount_t)(num_digits - 1) << uECC_WORD_BITS_SHIFT) + i); + 80056da: 3b01 subs r3, #1 + 80056dc: eb00 1343 add.w r3, r0, r3, lsl #5 + 80056e0: b218 sxth r0, r3 +} + 80056e2: bd10 pop {r4, pc} + digit >>= 1; + 80056e4: 0852 lsrs r2, r2, #1 + for (i = 0; digit; ++i) { + 80056e6: 3001 adds r0, #1 + 80056e8: e7f6 b.n 80056d8 + return 0; + 80056ea: 4618 mov r0, r3 + 80056ec: e7f9 b.n 80056e2 + +080056ee : + +/* Sets dest = src. */ +#if !asm_set +uECC_VLI_API void uECC_vli_set(uECC_word_t *dest, const uECC_word_t *src, wordcount_t num_words) { + 80056ee: b510 push {r4, lr} + wordcount_t i; + for (i = 0; i < num_words; ++i) { + 80056f0: 2300 movs r3, #0 + 80056f2: b25c sxtb r4, r3 + 80056f4: 42a2 cmp r2, r4 + 80056f6: dc00 bgt.n 80056fa + dest[i] = src[i]; + } +} + 80056f8: bd10 pop {r4, pc} + dest[i] = src[i]; + 80056fa: f851 4023 ldr.w r4, [r1, r3, lsl #2] + 80056fe: f840 4023 str.w r4, [r0, r3, lsl #2] + for (i = 0; i < num_words; ++i) { + 8005702: 3301 adds r3, #1 + 8005704: e7f5 b.n 80056f2 + +08005706 : +#endif /* !asm_set */ + +/* Returns sign of left - right. */ +static cmpresult_t uECC_vli_cmp_unsafe(const uECC_word_t *left, + const uECC_word_t *right, + wordcount_t num_words) { + 8005706: b510 push {r4, lr} + wordcount_t i; + for (i = num_words - 1; i >= 0; --i) { + 8005708: 3a01 subs r2, #1 + 800570a: b252 sxtb r2, r2 + 800570c: 0613 lsls r3, r2, #24 + 800570e: d501 bpl.n 8005714 + return 1; + } else if (left[i] < right[i]) { + return -1; + } + } + return 0; + 8005710: 2000 movs r0, #0 +} + 8005712: bd10 pop {r4, pc} + if (left[i] > right[i]) { + 8005714: f850 4022 ldr.w r4, [r0, r2, lsl #2] + 8005718: f851 3022 ldr.w r3, [r1, r2, lsl #2] + 800571c: 429c cmp r4, r3 + 800571e: d805 bhi.n 800572c + } else if (left[i] < right[i]) { + 8005720: f102 32ff add.w r2, r2, #4294967295 ; 0xffffffff + 8005724: d2f2 bcs.n 800570c + return -1; + 8005726: f04f 30ff mov.w r0, #4294967295 ; 0xffffffff + 800572a: e7f2 b.n 8005712 + return 1; + 800572c: 2001 movs r0, #1 + 800572e: e7f0 b.n 8005712 + +08005730 : +#if !asm_rshift1 +uECC_VLI_API void uECC_vli_rshift1(uECC_word_t *vli, wordcount_t num_words) { + uECC_word_t *end = vli; + uECC_word_t carry = 0; + + vli += num_words; + 8005730: eb00 0181 add.w r1, r0, r1, lsl #2 + uECC_word_t carry = 0; + 8005734: 2300 movs r3, #0 + while (vli-- > end) { + 8005736: 4288 cmp r0, r1 + 8005738: d300 bcc.n 800573c + uECC_word_t temp = *vli; + *vli = (temp >> 1) | carry; + carry = temp << (uECC_WORD_BITS - 1); + } +} + 800573a: 4770 bx lr + uECC_word_t temp = *vli; + 800573c: f851 2d04 ldr.w r2, [r1, #-4]! + *vli = (temp >> 1) | carry; + 8005740: ea43 0352 orr.w r3, r3, r2, lsr #1 + 8005744: 600b str r3, [r1, #0] + carry = temp << (uECC_WORD_BITS - 1); + 8005746: 07d3 lsls r3, r2, #31 + 8005748: e7f5 b.n 8005736 + +0800574a : +/* Computes result = (left * right) % mod. */ +uECC_VLI_API void uECC_vli_modMult(uECC_word_t *result, + const uECC_word_t *left, + const uECC_word_t *right, + const uECC_word_t *mod, + wordcount_t num_words) { + 800574a: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 800574e: b0b5 sub sp, #212 ; 0xd4 + 8005750: 461f mov r7, r3 + 8005752: f99d 50f8 ldrsb.w r5, [sp, #248] ; 0xf8 + 8005756: 4680 mov r8, r0 + uECC_word_t product[2 * uECC_MAX_WORDS]; + uECC_vli_mult(product, left, right, num_words); + 8005758: 462b mov r3, r5 + 800575a: a804 add r0, sp, #16 + 800575c: f7ff ff48 bl 80055f0 + uECC_word_t *v[2] = {tmp, product}; + 8005760: ab24 add r3, sp, #144 ; 0x90 + 8005762: e9cd 3002 strd r3, r0, [sp, #8] + bitcount_t shift = (num_words * 2 * uECC_WORD_BITS) - uECC_vli_numBits(mod, num_words); + 8005766: 4629 mov r1, r5 + 8005768: 4638 mov r0, r7 + 800576a: f7ff ffa0 bl 80056ae + 800576e: ebc0 1085 rsb r0, r0, r5, lsl #6 + 8005772: b204 sxth r4, r0 + wordcount_t word_shift = shift / uECC_WORD_BITS; + 8005774: 2c00 cmp r4, #0 + 8005776: 4626 mov r6, r4 + 8005778: bfb8 it lt + 800577a: f104 061f addlt.w r6, r4, #31 + wordcount_t bit_shift = shift % uECC_WORD_BITS; + 800577e: 4263 negs r3, r4 + wordcount_t word_shift = shift / uECC_WORD_BITS; + 8005780: f346 1647 sbfx r6, r6, #5, #8 + wordcount_t bit_shift = shift % uECC_WORD_BITS; + 8005784: f003 031f and.w r3, r3, #31 + 8005788: f004 091f and.w r9, r4, #31 + uECC_vli_clear(mod_multiple, word_shift); + 800578c: 4631 mov r1, r6 + wordcount_t bit_shift = shift % uECC_WORD_BITS; + 800578e: bf58 it pl + 8005790: f1c3 0900 rsbpl r9, r3, #0 + uECC_vli_clear(mod_multiple, word_shift); + 8005794: a814 add r0, sp, #80 ; 0x50 + 8005796: f7ff ff6b bl 8005670 + if (bit_shift > 0) { + 800579a: f1b9 0f00 cmp.w r9, #0 + 800579e: b236 sxth r6, r6 + 80057a0: dd2b ble.n 80057fa + 80057a2: ab14 add r3, sp, #80 ; 0x50 + uECC_word_t carry = 0; + 80057a4: 2200 movs r2, #0 + 80057a6: eb03 0686 add.w r6, r3, r6, lsl #2 + carry = mod[index] >> (uECC_WORD_BITS - bit_shift); + 80057aa: f1c9 0c20 rsb ip, r9, #32 + for(index = 0; index < (uECC_word_t)num_words; ++index) { + 80057ae: 4613 mov r3, r2 + 80057b0: 42ab cmp r3, r5 + 80057b2: d317 bcc.n 80057e4 + for (i = 0; i < num_words * 2; ++i) { + 80057b4: 006b lsls r3, r5, #1 + 80057b6: 9301 str r3, [sp, #4] + uECC_vli_rshift1(mod_multiple + num_words, num_words); + 80057b8: ab14 add r3, sp, #80 ; 0x50 + 80057ba: eb03 0985 add.w r9, r3, r5, lsl #2 + mod_multiple[num_words - 1] |= mod_multiple[num_words] << (uECC_WORD_BITS - 1); + 80057be: 1e6f subs r7, r5, #1 + 80057c0: ab34 add r3, sp, #208 ; 0xd0 + uECC_vli_rshift1(mod_multiple + num_words, num_words); + 80057c2: 2601 movs r6, #1 + mod_multiple[num_words - 1] |= mod_multiple[num_words] << (uECC_WORD_BITS - 1); + 80057c4: eb03 0787 add.w r7, r3, r7, lsl #2 + for (index = 1; shift >= 0; --shift) { + 80057c8: 2c00 cmp r4, #0 + 80057ca: da54 bge.n 8005876 + uECC_vli_set(result, v[index], num_words); + 80057cc: ab34 add r3, sp, #208 ; 0xd0 + 80057ce: eb03 0686 add.w r6, r3, r6, lsl #2 + 80057d2: 462a mov r2, r5 + 80057d4: f856 1cc8 ldr.w r1, [r6, #-200] + 80057d8: 4640 mov r0, r8 + 80057da: f7ff ff88 bl 80056ee + uECC_vli_mmod(result, product, mod, num_words); +} + 80057de: b035 add sp, #212 ; 0xd4 + 80057e0: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + mod_multiple[word_shift + index] = (mod[index] << bit_shift) | carry; + 80057e4: f857 0023 ldr.w r0, [r7, r3, lsl #2] + 80057e8: fa00 f109 lsl.w r1, r0, r9 + 80057ec: 430a orrs r2, r1 + 80057ee: f846 2b04 str.w r2, [r6], #4 + for(index = 0; index < (uECC_word_t)num_words; ++index) { + 80057f2: 3301 adds r3, #1 + carry = mod[index] >> (uECC_WORD_BITS - bit_shift); + 80057f4: fa20 f20c lsr.w r2, r0, ip + for(index = 0; index < (uECC_word_t)num_words; ++index) { + 80057f8: e7da b.n 80057b0 + uECC_vli_set(mod_multiple + word_shift, mod, num_words); + 80057fa: ab14 add r3, sp, #80 ; 0x50 + 80057fc: 462a mov r2, r5 + 80057fe: 4639 mov r1, r7 + 8005800: eb03 0086 add.w r0, r3, r6, lsl #2 + 8005804: f7ff ff73 bl 80056ee + 8005808: e7d4 b.n 80057b4 + uECC_word_t diff = v[index][i] - mod_multiple[i] - borrow; + 800580a: fa0f fe82 sxth.w lr, r2 + 800580e: f85a 3cc8 ldr.w r3, [sl, #-200] + 8005812: f853 b02e ldr.w fp, [r3, lr, lsl #2] + 8005816: ab34 add r3, sp, #208 ; 0xd0 + 8005818: eb03 0282 add.w r2, r3, r2, lsl #2 + 800581c: 3001 adds r0, #1 + 800581e: f852 3c80 ldr.w r3, [r2, #-128] + 8005822: 440b add r3, r1 + 8005824: ebbb 0303 subs.w r3, fp, r3 + 8005828: bf34 ite cc + 800582a: 2201 movcc r2, #1 + 800582c: 2200 movcs r2, #0 + if (diff != v[index][i]) { + 800582e: 459b cmp fp, r3 + borrow = (diff > v[index][i]); + 8005830: bf18 it ne + 8005832: 4611 movne r1, r2 + v[1 - index][i] = diff; + 8005834: f85c 2cc8 ldr.w r2, [ip, #-200] + 8005838: f842 302e str.w r3, [r2, lr, lsl #2] + for (i = 0; i < num_words * 2; ++i) { + 800583c: 9b01 ldr r3, [sp, #4] + 800583e: b242 sxtb r2, r0 + 8005840: 429a cmp r2, r3 + 8005842: dbe2 blt.n 800580a + index = !(index ^ borrow); /* Swap the index if there was no borrow */ + 8005844: 1a73 subs r3, r6, r1 + 8005846: 425e negs r6, r3 + uECC_vli_rshift1(mod_multiple, num_words); + 8005848: 4629 mov r1, r5 + 800584a: a814 add r0, sp, #80 ; 0x50 + index = !(index ^ borrow); /* Swap the index if there was no borrow */ + 800584c: 415e adcs r6, r3 + uECC_vli_rshift1(mod_multiple, num_words); + 800584e: f7ff ff6f bl 8005730 + mod_multiple[num_words - 1] |= mod_multiple[num_words] << (uECC_WORD_BITS - 1); + 8005852: ab34 add r3, sp, #208 ; 0xd0 + 8005854: eb03 0385 add.w r3, r3, r5, lsl #2 + uECC_vli_rshift1(mod_multiple + num_words, num_words); + 8005858: 4629 mov r1, r5 + mod_multiple[num_words - 1] |= mod_multiple[num_words] << (uECC_WORD_BITS - 1); + 800585a: f853 2c80 ldr.w r2, [r3, #-128] + 800585e: f857 3c80 ldr.w r3, [r7, #-128] + 8005862: ea43 73c2 orr.w r3, r3, r2, lsl #31 + 8005866: f847 3c80 str.w r3, [r7, #-128] + uECC_vli_rshift1(mod_multiple + num_words, num_words); + 800586a: 4648 mov r0, r9 + 800586c: 3c01 subs r4, #1 + 800586e: f7ff ff5f bl 8005730 + for (index = 1; shift >= 0; --shift) { + 8005872: b224 sxth r4, r4 + 8005874: e7a8 b.n 80057c8 + uECC_word_t diff = v[index][i] - mod_multiple[i] - borrow; + 8005876: ab34 add r3, sp, #208 ; 0xd0 + 8005878: 2000 movs r0, #0 + v[1 - index][i] = diff; + 800587a: f1c6 0c01 rsb ip, r6, #1 + uECC_word_t borrow = 0; + 800587e: 4601 mov r1, r0 + uECC_word_t diff = v[index][i] - mod_multiple[i] - borrow; + 8005880: eb03 0a86 add.w sl, r3, r6, lsl #2 + v[1 - index][i] = diff; + 8005884: eb03 0c8c add.w ip, r3, ip, lsl #2 + 8005888: e7d8 b.n 800583c + +0800588a : + +uECC_VLI_API void uECC_vli_modMult_fast(uECC_word_t *result, + const uECC_word_t *left, + const uECC_word_t *right, + uECC_Curve curve) { + 800588a: b530 push {r4, r5, lr} + 800588c: 461c mov r4, r3 + 800588e: b091 sub sp, #68 ; 0x44 + 8005890: 4605 mov r5, r0 + uECC_word_t product[2 * uECC_MAX_WORDS]; + uECC_vli_mult(product, left, right, curve->num_words); + 8005892: f993 3000 ldrsb.w r3, [r3] + 8005896: 4668 mov r0, sp + 8005898: f7ff feaa bl 80055f0 +#if (uECC_OPTIMIZATION_LEVEL > 0) + curve->mmod_fast(result, product); + 800589c: 4601 mov r1, r0 + 800589e: f8d4 30b0 ldr.w r3, [r4, #176] ; 0xb0 + 80058a2: 4628 mov r0, r5 + 80058a4: 4798 blx r3 +#else + uECC_vli_mmod(result, product, curve->p, curve->num_words); +#endif +} + 80058a6: b011 add sp, #68 ; 0x44 + 80058a8: bd30 pop {r4, r5, pc} + +080058aa : +} +#endif /* uECC_ENABLE_VLI_API */ + +uECC_VLI_API void uECC_vli_modSquare_fast(uECC_word_t *result, + const uECC_word_t *left, + uECC_Curve curve) { + 80058aa: 4613 mov r3, r2 + uECC_vli_modMult_fast(result, left, left, curve); + 80058ac: 460a mov r2, r1 + 80058ae: f7ff bfec b.w 800588a + +080058b2 : + +/* Modify (x1, y1) => (x1 * z^2, y1 * z^3) */ +static void apply_z(uECC_word_t * X1, + uECC_word_t * Y1, + const uECC_word_t * const Z, + uECC_Curve curve) { + 80058b2: b570 push {r4, r5, r6, lr} + 80058b4: 4614 mov r4, r2 + 80058b6: b08a sub sp, #40 ; 0x28 + 80058b8: 4606 mov r6, r0 + 80058ba: 460d mov r5, r1 + uECC_word_t t1[uECC_MAX_WORDS]; + + uECC_vli_modSquare_fast(t1, Z, curve); /* z^2 */ + 80058bc: 461a mov r2, r3 + 80058be: 4621 mov r1, r4 + 80058c0: a802 add r0, sp, #8 + 80058c2: 9301 str r3, [sp, #4] + 80058c4: f7ff fff1 bl 80058aa + uECC_vli_modMult_fast(X1, X1, t1, curve); /* x1 * z^2 */ + 80058c8: 9b01 ldr r3, [sp, #4] + 80058ca: aa02 add r2, sp, #8 + 80058cc: 4631 mov r1, r6 + 80058ce: 4630 mov r0, r6 + 80058d0: f7ff ffdb bl 800588a + uECC_vli_modMult_fast(t1, t1, Z, curve); /* z^3 */ + 80058d4: a902 add r1, sp, #8 + 80058d6: 9b01 ldr r3, [sp, #4] + 80058d8: 4622 mov r2, r4 + 80058da: 4608 mov r0, r1 + 80058dc: f7ff ffd5 bl 800588a + uECC_vli_modMult_fast(Y1, Y1, t1, curve); /* y1 * z^3 */ + 80058e0: 9b01 ldr r3, [sp, #4] + 80058e2: aa02 add r2, sp, #8 + 80058e4: 4629 mov r1, r5 + 80058e6: 4628 mov r0, r5 + 80058e8: f7ff ffcf bl 800588a +} + 80058ec: b00a add sp, #40 ; 0x28 + 80058ee: bd70 pop {r4, r5, r6, pc} + +080058f0 : + +#else + +uECC_VLI_API void uECC_vli_nativeToBytes(uint8_t *bytes, + int num_bytes, + const uECC_word_t *native) { + 80058f0: b5f0 push {r4, r5, r6, r7, lr} + wordcount_t i; + for (i = 0; i < num_bytes; ++i) { + 80058f2: 2500 movs r5, #0 + unsigned b = num_bytes - 1 - i; + 80058f4: 1e4f subs r7, r1, #1 + 80058f6: b26c sxtb r4, r5 + for (i = 0; i < num_bytes; ++i) { + 80058f8: 428c cmp r4, r1 + 80058fa: f105 0501 add.w r5, r5, #1 + 80058fe: db00 blt.n 8005902 + bytes[i] = native[b / uECC_WORD_SIZE] >> (8 * (b % uECC_WORD_SIZE)); + } +} + 8005900: bdf0 pop {r4, r5, r6, r7, pc} + unsigned b = num_bytes - 1 - i; + 8005902: 1b3b subs r3, r7, r4 + bytes[i] = native[b / uECC_WORD_SIZE] >> (8 * (b % uECC_WORD_SIZE)); + 8005904: f023 0603 bic.w r6, r3, #3 + 8005908: f003 0303 and.w r3, r3, #3 + 800590c: 5996 ldr r6, [r2, r6] + 800590e: 00db lsls r3, r3, #3 + 8005910: fa26 f303 lsr.w r3, r6, r3 + 8005914: 5503 strb r3, [r0, r4] + for (i = 0; i < num_bytes; ++i) { + 8005916: e7ee b.n 80058f6 + +08005918 : + +uECC_VLI_API void uECC_vli_bytesToNative(uECC_word_t *native, + const uint8_t *bytes, + int num_bytes) { + 8005918: b5f8 push {r3, r4, r5, r6, r7, lr} + 800591a: 460e mov r6, r1 + wordcount_t i; + uECC_vli_clear(native, (num_bytes + (uECC_WORD_SIZE - 1)) / uECC_WORD_SIZE); + 800591c: 1cd1 adds r1, r2, #3 + 800591e: bf48 it mi + 8005920: 1d91 addmi r1, r2, #6 + int num_bytes) { + 8005922: 4614 mov r4, r2 + uECC_vli_clear(native, (num_bytes + (uECC_WORD_SIZE - 1)) / uECC_WORD_SIZE); + 8005924: f341 0187 sbfx r1, r1, #2, #8 + int num_bytes) { + 8005928: 4605 mov r5, r0 + for (i = 0; i < num_bytes; ++i) { + unsigned b = num_bytes - 1 - i; + 800592a: 1e67 subs r7, r4, #1 + uECC_vli_clear(native, (num_bytes + (uECC_WORD_SIZE - 1)) / uECC_WORD_SIZE); + 800592c: f7ff fea0 bl 8005670 + for (i = 0; i < num_bytes; ++i) { + 8005930: 2000 movs r0, #0 + 8005932: b242 sxtb r2, r0 + 8005934: 42a2 cmp r2, r4 + 8005936: f100 0001 add.w r0, r0, #1 + 800593a: db00 blt.n 800593e + native[b / uECC_WORD_SIZE] |= + (uECC_word_t)bytes[i] << (8 * (b % uECC_WORD_SIZE)); + } +} + 800593c: bdf8 pop {r3, r4, r5, r6, r7, pc} + unsigned b = num_bytes - 1 - i; + 800593e: 1abb subs r3, r7, r2 + native[b / uECC_WORD_SIZE] |= + 8005940: f023 0103 bic.w r1, r3, #3 + (uECC_word_t)bytes[i] << (8 * (b % uECC_WORD_SIZE)); + 8005944: 5cb2 ldrb r2, [r6, r2] + 8005946: f003 0303 and.w r3, r3, #3 + 800594a: 00db lsls r3, r3, #3 + 800594c: fa02 f303 lsl.w r3, r2, r3 + native[b / uECC_WORD_SIZE] |= + 8005950: 586a ldr r2, [r5, r1] + 8005952: 431a orrs r2, r3 + 8005954: 506a str r2, [r5, r1] + for (i = 0; i < num_bytes; ++i) { + 8005956: e7ec b.n 8005932 + +08005958 : + return 0; +} + +/* Compute an HMAC using K as a key (as in RFC 6979). Note that K is always + the same size as the hash result size. */ +static void HMAC_init(uECC_HashContext *hash_context, const uint8_t *K) { + 8005958: b570 push {r4, r5, r6, lr} + uint8_t *pad = hash_context->tmp + 2 * hash_context->result_size; + 800595a: e9d0 3504 ldrd r3, r5, [r0, #16] +static void HMAC_init(uECC_HashContext *hash_context, const uint8_t *K) { + 800595e: 4604 mov r4, r0 + uint8_t *pad = hash_context->tmp + 2 * hash_context->result_size; + 8005960: eb05 0543 add.w r5, r5, r3, lsl #1 + unsigned i; + for (i = 0; i < hash_context->result_size; ++i) + 8005964: 2300 movs r3, #0 + 8005966: 6922 ldr r2, [r4, #16] + 8005968: 429a cmp r2, r3 + 800596a: d80d bhi.n 8005988 + pad[i] = K[i] ^ 0x36; + for (; i < hash_context->block_size; ++i) + pad[i] = 0x36; + 800596c: 2136 movs r1, #54 ; 0x36 + for (; i < hash_context->block_size; ++i) + 800596e: 68e2 ldr r2, [r4, #12] + 8005970: 429a cmp r2, r3 + 8005972: d80f bhi.n 8005994 + + hash_context->init_hash(hash_context); + 8005974: 6823 ldr r3, [r4, #0] + 8005976: 4620 mov r0, r4 + 8005978: 4798 blx r3 + hash_context->update_hash(hash_context, pad, hash_context->block_size); + 800597a: 6863 ldr r3, [r4, #4] + 800597c: 68e2 ldr r2, [r4, #12] + 800597e: 4629 mov r1, r5 + 8005980: 4620 mov r0, r4 +} + 8005982: e8bd 4070 ldmia.w sp!, {r4, r5, r6, lr} + hash_context->update_hash(hash_context, pad, hash_context->block_size); + 8005986: 4718 bx r3 + pad[i] = K[i] ^ 0x36; + 8005988: 5cca ldrb r2, [r1, r3] + 800598a: f082 0236 eor.w r2, r2, #54 ; 0x36 + 800598e: 54ea strb r2, [r5, r3] + for (i = 0; i < hash_context->result_size; ++i) + 8005990: 3301 adds r3, #1 + 8005992: e7e8 b.n 8005966 + pad[i] = 0x36; + 8005994: 54e9 strb r1, [r5, r3] + for (; i < hash_context->block_size; ++i) + 8005996: 3301 adds r3, #1 + 8005998: e7e9 b.n 800596e + +0800599a : + +static void HMAC_update(uECC_HashContext *hash_context, + const uint8_t *message, + unsigned message_size) { + hash_context->update_hash(hash_context, message, message_size); + 800599a: 6843 ldr r3, [r0, #4] + 800599c: 4718 bx r3 + +0800599e : +} + +static void HMAC_finish(uECC_HashContext *hash_context, const uint8_t *K, uint8_t *result) { + 800599e: b570 push {r4, r5, r6, lr} + uint8_t *pad = hash_context->tmp + 2 * hash_context->result_size; + 80059a0: e9d0 3604 ldrd r3, r6, [r0, #16] +static void HMAC_finish(uECC_HashContext *hash_context, const uint8_t *K, uint8_t *result) { + 80059a4: 4604 mov r4, r0 + uint8_t *pad = hash_context->tmp + 2 * hash_context->result_size; + 80059a6: eb06 0643 add.w r6, r6, r3, lsl #1 +static void HMAC_finish(uECC_HashContext *hash_context, const uint8_t *K, uint8_t *result) { + 80059aa: 4615 mov r5, r2 + unsigned i; + for (i = 0; i < hash_context->result_size; ++i) + 80059ac: 2300 movs r3, #0 + 80059ae: 6922 ldr r2, [r4, #16] + 80059b0: 429a cmp r2, r3 + 80059b2: d81a bhi.n 80059ea + pad[i] = K[i] ^ 0x5c; + for (; i < hash_context->block_size; ++i) + pad[i] = 0x5c; + 80059b4: 215c movs r1, #92 ; 0x5c + for (; i < hash_context->block_size; ++i) + 80059b6: 68e2 ldr r2, [r4, #12] + 80059b8: 429a cmp r2, r3 + 80059ba: d81c bhi.n 80059f6 + + hash_context->finish_hash(hash_context, result); + 80059bc: 4629 mov r1, r5 + 80059be: 68a3 ldr r3, [r4, #8] + 80059c0: 4620 mov r0, r4 + 80059c2: 4798 blx r3 + + hash_context->init_hash(hash_context); + 80059c4: 6823 ldr r3, [r4, #0] + 80059c6: 4620 mov r0, r4 + 80059c8: 4798 blx r3 + hash_context->update_hash(hash_context, pad, hash_context->block_size); + 80059ca: 6863 ldr r3, [r4, #4] + 80059cc: 68e2 ldr r2, [r4, #12] + 80059ce: 4631 mov r1, r6 + 80059d0: 4620 mov r0, r4 + 80059d2: 4798 blx r3 + hash_context->update_hash(hash_context, result, hash_context->result_size); + 80059d4: 6863 ldr r3, [r4, #4] + 80059d6: 6922 ldr r2, [r4, #16] + 80059d8: 4629 mov r1, r5 + 80059da: 4620 mov r0, r4 + 80059dc: 4798 blx r3 + hash_context->finish_hash(hash_context, result); + 80059de: 68a3 ldr r3, [r4, #8] + 80059e0: 4629 mov r1, r5 + 80059e2: 4620 mov r0, r4 +} + 80059e4: e8bd 4070 ldmia.w sp!, {r4, r5, r6, lr} + hash_context->finish_hash(hash_context, result); + 80059e8: 4718 bx r3 + pad[i] = K[i] ^ 0x5c; + 80059ea: 5cca ldrb r2, [r1, r3] + 80059ec: f082 025c eor.w r2, r2, #92 ; 0x5c + 80059f0: 54f2 strb r2, [r6, r3] + for (i = 0; i < hash_context->result_size; ++i) + 80059f2: 3301 adds r3, #1 + 80059f4: e7db b.n 80059ae + pad[i] = 0x5c; + 80059f6: 54f1 strb r1, [r6, r3] + for (; i < hash_context->block_size; ++i) + 80059f8: 3301 adds r3, #1 + 80059fa: e7dc b.n 80059b6 + +080059fc : + +/* V = HMAC_K(V) */ +static void update_V(uECC_HashContext *hash_context, uint8_t *K, uint8_t *V) { + 80059fc: b570 push {r4, r5, r6, lr} + 80059fe: 4604 mov r4, r0 + 8005a00: 4615 mov r5, r2 + 8005a02: 460e mov r6, r1 + HMAC_init(hash_context, K); + 8005a04: f7ff ffa8 bl 8005958 + HMAC_update(hash_context, V, hash_context->result_size); + 8005a08: 6922 ldr r2, [r4, #16] + 8005a0a: 4629 mov r1, r5 + 8005a0c: 4620 mov r0, r4 + 8005a0e: f7ff ffc4 bl 800599a + HMAC_finish(hash_context, K, V); + 8005a12: 462a mov r2, r5 + 8005a14: 4631 mov r1, r6 + 8005a16: 4620 mov r0, r4 +} + 8005a18: e8bd 4070 ldmia.w sp!, {r4, r5, r6, lr} + HMAC_finish(hash_context, K, V); + 8005a1c: f7ff bfbf b.w 800599e + +08005a20 : +uECC_VLI_API uECC_word_t uECC_vli_sub(uECC_word_t *result, + 8005a20: b530 push {r4, r5, lr} + __asm__ volatile ( + 8005a22: 2300 movs r3, #0 + 8005a24: c910 ldmia r1!, {r4} + 8005a26: ca20 ldmia r2!, {r5} + 8005a28: 1b64 subs r4, r4, r5 + 8005a2a: c010 stmia r0!, {r4} + 8005a2c: c910 ldmia r1!, {r4} + 8005a2e: ca20 ldmia r2!, {r5} + 8005a30: 41ac sbcs r4, r5 + 8005a32: c010 stmia r0!, {r4} + 8005a34: c910 ldmia r1!, {r4} + 8005a36: ca20 ldmia r2!, {r5} + 8005a38: 41ac sbcs r4, r5 + 8005a3a: c010 stmia r0!, {r4} + 8005a3c: c910 ldmia r1!, {r4} + 8005a3e: ca20 ldmia r2!, {r5} + 8005a40: 41ac sbcs r4, r5 + 8005a42: c010 stmia r0!, {r4} + 8005a44: c910 ldmia r1!, {r4} + 8005a46: ca20 ldmia r2!, {r5} + 8005a48: 41ac sbcs r4, r5 + 8005a4a: c010 stmia r0!, {r4} + 8005a4c: c910 ldmia r1!, {r4} + 8005a4e: ca20 ldmia r2!, {r5} + 8005a50: 41ac sbcs r4, r5 + 8005a52: c010 stmia r0!, {r4} + 8005a54: c910 ldmia r1!, {r4} + 8005a56: ca20 ldmia r2!, {r5} + 8005a58: 41ac sbcs r4, r5 + 8005a5a: c010 stmia r0!, {r4} + 8005a5c: c910 ldmia r1!, {r4} + 8005a5e: ca20 ldmia r2!, {r5} + 8005a60: 41ac sbcs r4, r5 + 8005a62: c010 stmia r0!, {r4} + 8005a64: 415b adcs r3, r3 +} + 8005a66: fab3 f083 clz r0, r3 + 8005a6a: 0940 lsrs r0, r0, #5 + 8005a6c: bd30 pop {r4, r5, pc} + +08005a6e : + uECC_Curve curve) { + 8005a6e: e92d 43f8 stmdb sp!, {r3, r4, r5, r6, r7, r8, r9, lr} + 8005a72: 4698 mov r8, r3 + unsigned num_n_bytes = BITS_TO_BYTES(curve->num_n_bits); + 8005a74: f9b3 3002 ldrsh.w r3, [r3, #2] + unsigned num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8005a78: f113 041f adds.w r4, r3, #31 + 8005a7c: bf48 it mi + 8005a7e: f103 043e addmi.w r4, r3, #62 ; 0x3e + unsigned num_n_bytes = BITS_TO_BYTES(curve->num_n_bits); + 8005a82: 1ddd adds r5, r3, #7 + 8005a84: bf48 it mi + 8005a86: f103 050e addmi.w r5, r3, #14 + unsigned num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8005a8a: 1166 asrs r6, r4, #5 + unsigned num_n_bytes = BITS_TO_BYTES(curve->num_n_bits); + 8005a8c: 10ec asrs r4, r5, #3 + 8005a8e: 4294 cmp r4, r2 + uECC_vli_clear(native, num_n_words); + 8005a90: b275 sxtb r5, r6 + 8005a92: bf28 it cs + 8005a94: 4614 movcs r4, r2 + uECC_Curve curve) { + 8005a96: 4607 mov r7, r0 + 8005a98: 4689 mov r9, r1 + uECC_vli_clear(native, num_n_words); + 8005a9a: 4629 mov r1, r5 + 8005a9c: f7ff fde8 bl 8005670 + uECC_vli_bytesToNative(native, bits, bits_size); + 8005aa0: 4622 mov r2, r4 + 8005aa2: 4649 mov r1, r9 + 8005aa4: 4638 mov r0, r7 + 8005aa6: f7ff ff37 bl 8005918 + if (bits_size * 8 <= (unsigned)curve->num_n_bits) { + 8005aaa: f9b8 2002 ldrsh.w r2, [r8, #2] + 8005aae: ebb2 0fc4 cmp.w r2, r4, lsl #3 + 8005ab2: ea4f 03c4 mov.w r3, r4, lsl #3 + 8005ab6: d21f bcs.n 8005af8 + int shift = bits_size * 8 - curve->num_n_bits; + 8005ab8: 1a9b subs r3, r3, r2 + uECC_word_t *ptr = native + num_n_words; + 8005aba: eb07 0486 add.w r4, r7, r6, lsl #2 + uECC_word_t carry = 0; + 8005abe: 2100 movs r1, #0 + carry = temp << (uECC_WORD_BITS - shift); + 8005ac0: f1c3 0620 rsb r6, r3, #32 + while (ptr-- > native) { + 8005ac4: 42a7 cmp r7, r4 + 8005ac6: d30e bcc.n 8005ae6 + if (uECC_vli_cmp_unsafe(curve->n, native, num_n_words) != 1) { + 8005ac8: f108 0824 add.w r8, r8, #36 ; 0x24 + 8005acc: 462a mov r2, r5 + 8005ace: 4639 mov r1, r7 + 8005ad0: 4640 mov r0, r8 + 8005ad2: f7ff fe18 bl 8005706 + 8005ad6: 2801 cmp r0, #1 + 8005ad8: d00e beq.n 8005af8 + uECC_vli_sub(native, native, curve->n, num_n_words); + 8005ada: 4642 mov r2, r8 + 8005adc: 4638 mov r0, r7 +} + 8005ade: e8bd 43f8 ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, lr} + uECC_vli_sub(native, native, curve->n, num_n_words); + 8005ae2: f7ff bf9d b.w 8005a20 + uECC_word_t temp = *ptr; + 8005ae6: f854 0d04 ldr.w r0, [r4, #-4]! + *ptr = (temp >> shift) | carry; + 8005aea: fa20 f203 lsr.w r2, r0, r3 + 8005aee: 430a orrs r2, r1 + 8005af0: 6022 str r2, [r4, #0] + carry = temp << (uECC_WORD_BITS - shift); + 8005af2: fa00 f106 lsl.w r1, r0, r6 + 8005af6: e7e5 b.n 8005ac4 +} + 8005af8: e8bd 83f8 ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, pc} + +08005afc : + wordcount_t num_words) { + 8005afc: b530 push {r4, r5, lr} + 8005afe: b089 sub sp, #36 ; 0x24 + 8005b00: 4615 mov r5, r2 + uECC_word_t neg = !!uECC_vli_sub(tmp, left, right, num_words); + 8005b02: 460a mov r2, r1 + 8005b04: 4601 mov r1, r0 + 8005b06: 4668 mov r0, sp + 8005b08: f7ff ff8a bl 8005a20 + uECC_word_t equal = uECC_vli_isZero(tmp, num_words); + 8005b0c: 4629 mov r1, r5 + uECC_word_t neg = !!uECC_vli_sub(tmp, left, right, num_words); + 8005b0e: 4604 mov r4, r0 + uECC_word_t equal = uECC_vli_isZero(tmp, num_words); + 8005b10: 4668 mov r0, sp + 8005b12: f7ff fdb3 bl 800567c + uECC_word_t neg = !!uECC_vli_sub(tmp, left, right, num_words); + 8005b16: 3c00 subs r4, #0 + 8005b18: bf18 it ne + 8005b1a: 2401 movne r4, #1 + return (!equal - 2 * neg); + 8005b1c: 0064 lsls r4, r4, #1 +} + 8005b1e: 2800 cmp r0, #0 + 8005b20: bf14 ite ne + 8005b22: 4260 negne r0, r4 + 8005b24: f1c4 0001 rsbeq r0, r4, #1 + 8005b28: b009 add sp, #36 ; 0x24 + 8005b2a: bd30 pop {r4, r5, pc} + +08005b2c : + wordcount_t num_words) { + 8005b2c: e92d 4ff8 stmdb sp!, {r3, r4, r5, r6, r7, r8, r9, sl, fp, lr} + 8005b30: 460f mov r7, r1 + if (!g_rng_function) { + 8005b32: f8df a06c ldr.w sl, [pc, #108] ; 8005ba0 + wordcount_t num_words) { + 8005b36: 4606 mov r6, r0 + bitcount_t num_bits = uECC_vli_numBits(top, num_words); + 8005b38: 4611 mov r1, r2 + 8005b3a: 4638 mov r0, r7 + wordcount_t num_words) { + 8005b3c: 4614 mov r4, r2 + bitcount_t num_bits = uECC_vli_numBits(top, num_words); + 8005b3e: f7ff fdb6 bl 80056ae + if (!g_rng_function) { + 8005b42: f8da 3000 ldr.w r3, [sl] + 8005b46: b303 cbz r3, 8005b8a + if (!g_rng_function((uint8_t *)random, num_words * uECC_WORD_SIZE)) { + 8005b48: 2504 movs r5, #4 + random[num_words - 1] &= mask >> ((bitcount_t)(num_words * uECC_WORD_SIZE * 8 - num_bits)); + 8005b4a: ebc0 1044 rsb r0, r0, r4, lsl #5 + if (!g_rng_function((uint8_t *)random, num_words * uECC_WORD_SIZE)) { + 8005b4e: fb14 fb05 smulbb fp, r4, r5 + random[num_words - 1] &= mask >> ((bitcount_t)(num_words * uECC_WORD_SIZE * 8 - num_bits)); + 8005b52: b200 sxth r0, r0 + 8005b54: fb05 6504 mla r5, r5, r4, r6 + 8005b58: f04f 38ff mov.w r8, #4294967295 ; 0xffffffff + 8005b5c: 3d04 subs r5, #4 + 8005b5e: fa28 f800 lsr.w r8, r8, r0 + 8005b62: f04f 0940 mov.w r9, #64 ; 0x40 + if (!g_rng_function((uint8_t *)random, num_words * uECC_WORD_SIZE)) { + 8005b66: f8da 3000 ldr.w r3, [sl] + 8005b6a: 4659 mov r1, fp + 8005b6c: 4630 mov r0, r6 + 8005b6e: 4798 blx r3 + 8005b70: b158 cbz r0, 8005b8a + random[num_words - 1] &= mask >> ((bitcount_t)(num_words * uECC_WORD_SIZE * 8 - num_bits)); + 8005b72: 682b ldr r3, [r5, #0] + 8005b74: ea03 0308 and.w r3, r3, r8 + 8005b78: 602b str r3, [r5, #0] + if (!uECC_vli_isZero(random, num_words) && + 8005b7a: 4621 mov r1, r4 + 8005b7c: 4630 mov r0, r6 + 8005b7e: f7ff fd7d bl 800567c + 8005b82: b120 cbz r0, 8005b8e + for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) { + 8005b84: f1b9 0901 subs.w r9, r9, #1 + 8005b88: d1ed bne.n 8005b66 + return 0; + 8005b8a: 2000 movs r0, #0 + 8005b8c: e006 b.n 8005b9c + uECC_vli_cmp(top, random, num_words) == 1) { + 8005b8e: 4622 mov r2, r4 + 8005b90: 4631 mov r1, r6 + 8005b92: 4638 mov r0, r7 + 8005b94: f7ff ffb2 bl 8005afc + if (!uECC_vli_isZero(random, num_words) && + 8005b98: 2801 cmp r0, #1 + 8005b9a: d1f3 bne.n 8005b84 +} + 8005b9c: e8bd 8ff8 ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, sl, fp, pc} + 8005ba0: 2009e2a0 .word 0x2009e2a0 + +08005ba4 : +uECC_VLI_API uECC_word_t uECC_vli_add(uECC_word_t *result, + 8005ba4: b530 push {r4, r5, lr} + __asm__ volatile ( + 8005ba6: 4603 mov r3, r0 + 8005ba8: 2000 movs r0, #0 + 8005baa: c910 ldmia r1!, {r4} + 8005bac: ca20 ldmia r2!, {r5} + 8005bae: 1964 adds r4, r4, r5 + 8005bb0: c310 stmia r3!, {r4} + 8005bb2: c910 ldmia r1!, {r4} + 8005bb4: ca20 ldmia r2!, {r5} + 8005bb6: 416c adcs r4, r5 + 8005bb8: c310 stmia r3!, {r4} + 8005bba: c910 ldmia r1!, {r4} + 8005bbc: ca20 ldmia r2!, {r5} + 8005bbe: 416c adcs r4, r5 + 8005bc0: c310 stmia r3!, {r4} + 8005bc2: c910 ldmia r1!, {r4} + 8005bc4: ca20 ldmia r2!, {r5} + 8005bc6: 416c adcs r4, r5 + 8005bc8: c310 stmia r3!, {r4} + 8005bca: c910 ldmia r1!, {r4} + 8005bcc: ca20 ldmia r2!, {r5} + 8005bce: 416c adcs r4, r5 + 8005bd0: c310 stmia r3!, {r4} + 8005bd2: c910 ldmia r1!, {r4} + 8005bd4: ca20 ldmia r2!, {r5} + 8005bd6: 416c adcs r4, r5 + 8005bd8: c310 stmia r3!, {r4} + 8005bda: c910 ldmia r1!, {r4} + 8005bdc: ca20 ldmia r2!, {r5} + 8005bde: 416c adcs r4, r5 + 8005be0: c310 stmia r3!, {r4} + 8005be2: c910 ldmia r1!, {r4} + 8005be4: ca20 ldmia r2!, {r5} + 8005be6: 416c adcs r4, r5 + 8005be8: c310 stmia r3!, {r4} + 8005bea: 4140 adcs r0, r0 +} + 8005bec: bd30 pop {r4, r5, pc} + +08005bee : + uECC_Curve curve) { + 8005bee: b573 push {r0, r1, r4, r5, r6, lr} + 8005bf0: 460d mov r5, r1 + 8005bf2: 4616 mov r6, r2 + uECC_word_t carry = uECC_vli_add(k0, k, curve->n, num_n_words) || + 8005bf4: 4601 mov r1, r0 + 8005bf6: f103 0224 add.w r2, r3, #36 ; 0x24 + 8005bfa: 4628 mov r0, r5 + 8005bfc: 9201 str r2, [sp, #4] + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8005bfe: f9b3 4002 ldrsh.w r4, [r3, #2] + uECC_word_t carry = uECC_vli_add(k0, k, curve->n, num_n_words) || + 8005c02: f7ff ffcf bl 8005ba4 + 8005c06: 9a01 ldr r2, [sp, #4] + 8005c08: b9c8 cbnz r0, 8005c3e + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8005c0a: f114 031f adds.w r3, r4, #31 + 8005c0e: bf48 it mi + 8005c10: f104 033e addmi.w r3, r4, #62 ; 0x3e + (num_n_bits < ((bitcount_t)num_n_words * uECC_WORD_SIZE * 8) && + 8005c14: f343 1347 sbfx r3, r3, #5, #8 + uECC_word_t carry = uECC_vli_add(k0, k, curve->n, num_n_words) || + 8005c18: ebb4 1f43 cmp.w r4, r3, lsl #5 + 8005c1c: da11 bge.n 8005c42 + uECC_vli_testBit(k0, num_n_bits)); + 8005c1e: 4621 mov r1, r4 + 8005c20: 4628 mov r0, r5 + 8005c22: 9201 str r2, [sp, #4] + 8005c24: f7ff fd39 bl 800569a + 8005c28: 9a01 ldr r2, [sp, #4] + (num_n_bits < ((bitcount_t)num_n_words * uECC_WORD_SIZE * 8) && + 8005c2a: 1e04 subs r4, r0, #0 + 8005c2c: bf18 it ne + 8005c2e: 2401 movne r4, #1 + uECC_vli_add(k1, k0, curve->n, num_n_words); + 8005c30: 4629 mov r1, r5 + 8005c32: 4630 mov r0, r6 + 8005c34: f7ff ffb6 bl 8005ba4 +} + 8005c38: 4620 mov r0, r4 + 8005c3a: b002 add sp, #8 + 8005c3c: bd70 pop {r4, r5, r6, pc} + uECC_word_t carry = uECC_vli_add(k0, k, curve->n, num_n_words) || + 8005c3e: 2401 movs r4, #1 + 8005c40: e7f6 b.n 8005c30 + 8005c42: 2400 movs r4, #0 + 8005c44: e7f4 b.n 8005c30 + +08005c46 : + /* add the 2^32 multiple */ + result[4 + num_words_secp256k1] = + uECC_vli_add(result + 4, result + 4, right, num_words_secp256k1); +} +#elif uECC_WORD_SIZE == 4 +static void omega_mult_secp256k1(uint32_t * result, const uint32_t * right) { + 8005c46: b5f8 push {r3, r4, r5, r6, r7, lr} + 8005c48: 460a mov r2, r1 + /* Multiply by (2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1). */ + uint32_t carry = 0; + 8005c4a: 2300 movs r3, #0 +static void omega_mult_secp256k1(uint32_t * result, const uint32_t * right) { + 8005c4c: 4604 mov r4, r0 + 8005c4e: 3904 subs r1, #4 + 8005c50: 3804 subs r0, #4 + 8005c52: f102 071c add.w r7, r2, #28 + wordcount_t k; + + for (k = 0; k < num_words_secp256k1; ++k) { + uint64_t p = (uint64_t)0x3D1 * right[k] + carry; + 8005c56: 469e mov lr, r3 + 8005c58: f240 35d1 movw r5, #977 ; 0x3d1 + 8005c5c: f851 6f04 ldr.w r6, [r1, #4]! + 8005c60: 46f4 mov ip, lr + 8005c62: fbe6 3c05 umlal r3, ip, r6, r5 + for (k = 0; k < num_words_secp256k1; ++k) { + 8005c66: 428f cmp r7, r1 + result[k] = p; + 8005c68: f840 3f04 str.w r3, [r0, #4]! + carry = p >> 32; + 8005c6c: 4663 mov r3, ip + for (k = 0; k < num_words_secp256k1; ++k) { + 8005c6e: d1f5 bne.n 8005c5c + } + result[num_words_secp256k1] = carry; + /* add the 2^32 multiple */ + result[1 + num_words_secp256k1] = + uECC_vli_add(result + 1, result + 1, right, num_words_secp256k1); + 8005c70: 1d21 adds r1, r4, #4 + result[num_words_secp256k1] = carry; + 8005c72: f8c4 c020 str.w ip, [r4, #32] + uECC_vli_add(result + 1, result + 1, right, num_words_secp256k1); + 8005c76: 4608 mov r0, r1 + 8005c78: f7ff ff94 bl 8005ba4 + result[1 + num_words_secp256k1] = + 8005c7c: 6260 str r0, [r4, #36] ; 0x24 +} + 8005c7e: bdf8 pop {r3, r4, r5, r6, r7, pc} + +08005c80 : +static void vli_mmod_fast_secp256k1(uECC_word_t *result, uECC_word_t *product) { + 8005c80: b570 push {r4, r5, r6, lr} + 8005c82: b090 sub sp, #64 ; 0x40 + 8005c84: 460e mov r6, r1 + 8005c86: 4604 mov r4, r0 + uECC_vli_clear(tmp, num_words_secp256k1); + 8005c88: 2108 movs r1, #8 + 8005c8a: 4668 mov r0, sp + 8005c8c: f7ff fcf0 bl 8005670 + uECC_vli_clear(tmp + num_words_secp256k1, num_words_secp256k1); + 8005c90: 2108 movs r1, #8 + 8005c92: a808 add r0, sp, #32 + 8005c94: f7ff fcec bl 8005670 + omega_mult_secp256k1(tmp, product + num_words_secp256k1); /* (Rq, q) = q * c */ + 8005c98: f106 0120 add.w r1, r6, #32 + 8005c9c: 4668 mov r0, sp + 8005c9e: f7ff ffd2 bl 8005c46 + carry = uECC_vli_add(result, product, tmp, num_words_secp256k1); /* (C, r) = r + q */ + 8005ca2: 466a mov r2, sp + 8005ca4: 4631 mov r1, r6 + 8005ca6: 4620 mov r0, r4 + 8005ca8: f7ff ff7c bl 8005ba4 + uECC_vli_clear(product, num_words_secp256k1); + 8005cac: 2108 movs r1, #8 + carry = uECC_vli_add(result, product, tmp, num_words_secp256k1); /* (C, r) = r + q */ + 8005cae: 4605 mov r5, r0 + uECC_vli_clear(product, num_words_secp256k1); + 8005cb0: 4630 mov r0, r6 + 8005cb2: f7ff fcdd bl 8005670 + omega_mult_secp256k1(product, tmp + num_words_secp256k1); /* Rq*c */ + 8005cb6: 4630 mov r0, r6 + 8005cb8: a908 add r1, sp, #32 + 8005cba: f7ff ffc4 bl 8005c46 + carry += uECC_vli_add(result, result, product, num_words_secp256k1); /* (C1, r) = r + Rq*c */ + 8005cbe: 4632 mov r2, r6 + 8005cc0: 4621 mov r1, r4 + 8005cc2: 4620 mov r0, r4 + 8005cc4: f7ff ff6e bl 8005ba4 + uECC_vli_sub(result, result, curve_secp256k1.p, num_words_secp256k1); + 8005cc8: 4e0b ldr r6, [pc, #44] ; (8005cf8 ) + carry += uECC_vli_add(result, result, product, num_words_secp256k1); /* (C1, r) = r + Rq*c */ + 8005cca: 4405 add r5, r0 + while (carry > 0) { + 8005ccc: b96d cbnz r5, 8005cea + if (uECC_vli_cmp_unsafe(result, curve_secp256k1.p, num_words_secp256k1) > 0) { + 8005cce: 490a ldr r1, [pc, #40] ; (8005cf8 ) + 8005cd0: 2208 movs r2, #8 + 8005cd2: 4620 mov r0, r4 + 8005cd4: f7ff fd17 bl 8005706 + 8005cd8: 2800 cmp r0, #0 + 8005cda: dd04 ble.n 8005ce6 + uECC_vli_sub(result, result, curve_secp256k1.p, num_words_secp256k1); + 8005cdc: 460a mov r2, r1 + 8005cde: 4620 mov r0, r4 + 8005ce0: 4621 mov r1, r4 + 8005ce2: f7ff fe9d bl 8005a20 +} + 8005ce6: b010 add sp, #64 ; 0x40 + 8005ce8: bd70 pop {r4, r5, r6, pc} + uECC_vli_sub(result, result, curve_secp256k1.p, num_words_secp256k1); + 8005cea: 4632 mov r2, r6 + 8005cec: 4621 mov r1, r4 + 8005cee: 4620 mov r0, r4 + --carry; + 8005cf0: 3d01 subs r5, #1 + uECC_vli_sub(result, result, curve_secp256k1.p, num_words_secp256k1); + 8005cf2: f7ff fe95 bl 8005a20 + 8005cf6: e7e9 b.n 8005ccc + 8005cf8: 0800e7ec .word 0x0800e7ec + +08005cfc : +static void vli_mmod_fast_secp256r1(uint32_t *result, uint32_t *product) { + 8005cfc: e92d 44f0 stmdb sp!, {r4, r5, r6, r7, sl, lr} + uECC_vli_set(result, product, num_words_secp256r1); + 8005d00: 2208 movs r2, #8 +static void vli_mmod_fast_secp256r1(uint32_t *result, uint32_t *product) { + 8005d02: b088 sub sp, #32 + uECC_vli_set(result, product, num_words_secp256r1); + 8005d04: f7ff fcf3 bl 80056ee + tmp[3] = product[11]; + 8005d08: 6acb ldr r3, [r1, #44] ; 0x2c + 8005d0a: 9303 str r3, [sp, #12] + tmp[4] = product[12]; + 8005d0c: 6b0b ldr r3, [r1, #48] ; 0x30 + 8005d0e: 9304 str r3, [sp, #16] + tmp[5] = product[13]; + 8005d10: 6b4b ldr r3, [r1, #52] ; 0x34 + 8005d12: 9305 str r3, [sp, #20] + tmp[6] = product[14]; + 8005d14: 6b8b ldr r3, [r1, #56] ; 0x38 + 8005d16: 9306 str r3, [sp, #24] +static void vli_mmod_fast_secp256r1(uint32_t *result, uint32_t *product) { + 8005d18: 460c mov r4, r1 + 8005d1a: 4682 mov sl, r0 + tmp[0] = tmp[1] = tmp[2] = 0; + 8005d1c: 2700 movs r7, #0 + tmp[7] = product[15]; + 8005d1e: 6bcb ldr r3, [r1, #60] ; 0x3c + 8005d20: 9307 str r3, [sp, #28] + carry = uECC_vli_add(tmp, tmp, tmp, num_words_secp256r1); + 8005d22: 466a mov r2, sp + 8005d24: 4669 mov r1, sp + 8005d26: 4668 mov r0, sp + tmp[0] = tmp[1] = tmp[2] = 0; + 8005d28: e9cd 7701 strd r7, r7, [sp, #4] + 8005d2c: 9700 str r7, [sp, #0] + carry = uECC_vli_add(tmp, tmp, tmp, num_words_secp256r1); + 8005d2e: f7ff ff39 bl 8005ba4 + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 8005d32: 466a mov r2, sp + carry = uECC_vli_add(tmp, tmp, tmp, num_words_secp256r1); + 8005d34: 4605 mov r5, r0 + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 8005d36: 4651 mov r1, sl + 8005d38: 4650 mov r0, sl + 8005d3a: f7ff ff33 bl 8005ba4 + tmp[3] = product[12]; + 8005d3e: 6b23 ldr r3, [r4, #48] ; 0x30 + 8005d40: 9303 str r3, [sp, #12] + tmp[4] = product[13]; + 8005d42: 6b63 ldr r3, [r4, #52] ; 0x34 + 8005d44: 9304 str r3, [sp, #16] + tmp[5] = product[14]; + 8005d46: 6ba3 ldr r3, [r4, #56] ; 0x38 + 8005d48: 9305 str r3, [sp, #20] + tmp[6] = product[15]; + 8005d4a: 6be3 ldr r3, [r4, #60] ; 0x3c + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 8005d4c: 4405 add r5, r0 + carry += uECC_vli_add(tmp, tmp, tmp, num_words_secp256r1); + 8005d4e: 466a mov r2, sp + 8005d50: 4669 mov r1, sp + 8005d52: 4668 mov r0, sp + tmp[7] = 0; + 8005d54: e9cd 3706 strd r3, r7, [sp, #24] + carry += uECC_vli_add(tmp, tmp, tmp, num_words_secp256r1); + 8005d58: f7ff ff24 bl 8005ba4 + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 8005d5c: 466a mov r2, sp + carry += uECC_vli_add(tmp, tmp, tmp, num_words_secp256r1); + 8005d5e: 4405 add r5, r0 + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 8005d60: 4651 mov r1, sl + 8005d62: 4650 mov r0, sl + 8005d64: f7ff ff1e bl 8005ba4 + tmp[0] = product[8]; + 8005d68: 6a23 ldr r3, [r4, #32] + 8005d6a: 9300 str r3, [sp, #0] + tmp[1] = product[9]; + 8005d6c: 6a63 ldr r3, [r4, #36] ; 0x24 + 8005d6e: 9301 str r3, [sp, #4] + tmp[2] = product[10]; + 8005d70: 6aa3 ldr r3, [r4, #40] ; 0x28 + 8005d72: 9302 str r3, [sp, #8] + tmp[6] = product[14]; + 8005d74: 6ba3 ldr r3, [r4, #56] ; 0x38 + 8005d76: 9306 str r3, [sp, #24] + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 8005d78: 4405 add r5, r0 + tmp[7] = product[15]; + 8005d7a: 6be3 ldr r3, [r4, #60] ; 0x3c + 8005d7c: 9307 str r3, [sp, #28] + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 8005d7e: 466a mov r2, sp + 8005d80: 4651 mov r1, sl + 8005d82: 4650 mov r0, sl + tmp[3] = tmp[4] = tmp[5] = 0; + 8005d84: e9cd 7704 strd r7, r7, [sp, #16] + 8005d88: 9703 str r7, [sp, #12] + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 8005d8a: f7ff ff0b bl 8005ba4 + tmp[0] = product[9]; + 8005d8e: 6a63 ldr r3, [r4, #36] ; 0x24 + 8005d90: 9300 str r3, [sp, #0] + tmp[1] = product[10]; + 8005d92: 6aa3 ldr r3, [r4, #40] ; 0x28 + tmp[4] = product[14]; + 8005d94: 6ba2 ldr r2, [r4, #56] ; 0x38 + tmp[1] = product[10]; + 8005d96: 9301 str r3, [sp, #4] + tmp[2] = product[11]; + 8005d98: 6ae3 ldr r3, [r4, #44] ; 0x2c + 8005d9a: 9302 str r3, [sp, #8] + tmp[4] = product[14]; + 8005d9c: 9204 str r2, [sp, #16] + tmp[3] = product[13]; + 8005d9e: 6b63 ldr r3, [r4, #52] ; 0x34 + tmp[5] = product[15]; + 8005da0: 6be2 ldr r2, [r4, #60] ; 0x3c + tmp[3] = product[13]; + 8005da2: 9303 str r3, [sp, #12] + tmp[6] = product[13]; + 8005da4: e9cd 2305 strd r2, r3, [sp, #20] + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 8005da8: 182e adds r6, r5, r0 + tmp[7] = product[8]; + 8005daa: 6a23 ldr r3, [r4, #32] + 8005dac: 9307 str r3, [sp, #28] + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 8005dae: 466a mov r2, sp + 8005db0: 4651 mov r1, sl + 8005db2: 4650 mov r0, sl + 8005db4: f7ff fef6 bl 8005ba4 + tmp[0] = product[11]; + 8005db8: 6ae3 ldr r3, [r4, #44] ; 0x2c + 8005dba: 9300 str r3, [sp, #0] + tmp[1] = product[12]; + 8005dbc: 6b23 ldr r3, [r4, #48] ; 0x30 + 8005dbe: 9301 str r3, [sp, #4] + tmp[2] = product[13]; + 8005dc0: 6b63 ldr r3, [r4, #52] ; 0x34 + 8005dc2: 9302 str r3, [sp, #8] + tmp[6] = product[8]; + 8005dc4: 6a23 ldr r3, [r4, #32] + 8005dc6: 9306 str r3, [sp, #24] + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 8005dc8: 1835 adds r5, r6, r0 + tmp[7] = product[10]; + 8005dca: 6aa3 ldr r3, [r4, #40] ; 0x28 + 8005dcc: 9307 str r3, [sp, #28] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8005dce: 466a mov r2, sp + 8005dd0: 4651 mov r1, sl + 8005dd2: 4650 mov r0, sl + tmp[3] = tmp[4] = tmp[5] = 0; + 8005dd4: e9cd 7704 strd r7, r7, [sp, #16] + 8005dd8: 9703 str r7, [sp, #12] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8005dda: f7ff fe21 bl 8005a20 + tmp[0] = product[12]; + 8005dde: 6b23 ldr r3, [r4, #48] ; 0x30 + 8005de0: 9300 str r3, [sp, #0] + tmp[1] = product[13]; + 8005de2: 6b63 ldr r3, [r4, #52] ; 0x34 + 8005de4: 9301 str r3, [sp, #4] + tmp[2] = product[14]; + 8005de6: 6ba3 ldr r3, [r4, #56] ; 0x38 + 8005de8: 9302 str r3, [sp, #8] + tmp[3] = product[15]; + 8005dea: 6be3 ldr r3, [r4, #60] ; 0x3c + 8005dec: 9303 str r3, [sp, #12] + tmp[6] = product[9]; + 8005dee: 6a63 ldr r3, [r4, #36] ; 0x24 + 8005df0: 9306 str r3, [sp, #24] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8005df2: 1a2e subs r6, r5, r0 + tmp[7] = product[11]; + 8005df4: 6ae3 ldr r3, [r4, #44] ; 0x2c + 8005df6: 9307 str r3, [sp, #28] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8005df8: 466a mov r2, sp + 8005dfa: 4651 mov r1, sl + 8005dfc: 4650 mov r0, sl + tmp[4] = tmp[5] = 0; + 8005dfe: e9cd 7704 strd r7, r7, [sp, #16] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8005e02: f7ff fe0d bl 8005a20 + tmp[0] = product[13]; + 8005e06: 6b63 ldr r3, [r4, #52] ; 0x34 + 8005e08: 9300 str r3, [sp, #0] + tmp[1] = product[14]; + 8005e0a: 6ba3 ldr r3, [r4, #56] ; 0x38 + 8005e0c: 9301 str r3, [sp, #4] + tmp[2] = product[15]; + 8005e0e: 6be3 ldr r3, [r4, #60] ; 0x3c + 8005e10: 9302 str r3, [sp, #8] + tmp[3] = product[8]; + 8005e12: 6a23 ldr r3, [r4, #32] + 8005e14: 9303 str r3, [sp, #12] + tmp[4] = product[9]; + 8005e16: 6a63 ldr r3, [r4, #36] ; 0x24 + 8005e18: 9304 str r3, [sp, #16] + tmp[5] = product[10]; + 8005e1a: 6aa3 ldr r3, [r4, #40] ; 0x28 + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8005e1c: 1a36 subs r6, r6, r0 + tmp[6] = 0; + 8005e1e: e9cd 3705 strd r3, r7, [sp, #20] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8005e22: 466a mov r2, sp + tmp[7] = product[12]; + 8005e24: 6b23 ldr r3, [r4, #48] ; 0x30 + 8005e26: 9307 str r3, [sp, #28] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8005e28: 4651 mov r1, sl + 8005e2a: 4650 mov r0, sl + 8005e2c: f7ff fdf8 bl 8005a20 + tmp[0] = product[14]; + 8005e30: 6ba3 ldr r3, [r4, #56] ; 0x38 + 8005e32: 9300 str r3, [sp, #0] + tmp[1] = product[15]; + 8005e34: 6be3 ldr r3, [r4, #60] ; 0x3c + tmp[2] = 0; + 8005e36: e9cd 3701 strd r3, r7, [sp, #4] + tmp[3] = product[9]; + 8005e3a: 6a63 ldr r3, [r4, #36] ; 0x24 + 8005e3c: 9303 str r3, [sp, #12] + tmp[4] = product[10]; + 8005e3e: 6aa3 ldr r3, [r4, #40] ; 0x28 + 8005e40: 9304 str r3, [sp, #16] + tmp[5] = product[11]; + 8005e42: 6ae3 ldr r3, [r4, #44] ; 0x2c + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8005e44: 1a36 subs r6, r6, r0 + tmp[6] = 0; + 8005e46: e9cd 3705 strd r3, r7, [sp, #20] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8005e4a: 466a mov r2, sp + tmp[7] = product[13]; + 8005e4c: 6b63 ldr r3, [r4, #52] ; 0x34 + 8005e4e: 9307 str r3, [sp, #28] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8005e50: 4651 mov r1, sl + 8005e52: 4650 mov r0, sl + 8005e54: f7ff fde4 bl 8005a20 + if (carry < 0) { + 8005e58: 1a36 subs r6, r6, r0 + carry += uECC_vli_add(result, result, curve_secp256r1.p, num_words_secp256r1); + 8005e5a: 4c0d ldr r4, [pc, #52] ; (8005e90 ) + if (carry < 0) { + 8005e5c: d40e bmi.n 8005e7c + while (carry || uECC_vli_cmp_unsafe(curve_secp256r1.p, result, num_words_secp256r1) != 1) { + 8005e5e: b936 cbnz r6, 8005e6e + 8005e60: 2208 movs r2, #8 + 8005e62: 4651 mov r1, sl + 8005e64: 4620 mov r0, r4 + 8005e66: f7ff fc4e bl 8005706 + 8005e6a: 2801 cmp r0, #1 + 8005e6c: d00d beq.n 8005e8a + carry -= uECC_vli_sub(result, result, curve_secp256r1.p, num_words_secp256r1); + 8005e6e: 4622 mov r2, r4 + 8005e70: 4651 mov r1, sl + 8005e72: 4650 mov r0, sl + 8005e74: f7ff fdd4 bl 8005a20 + 8005e78: 1a36 subs r6, r6, r0 + 8005e7a: e7f0 b.n 8005e5e + carry += uECC_vli_add(result, result, curve_secp256r1.p, num_words_secp256r1); + 8005e7c: 4622 mov r2, r4 + 8005e7e: 4651 mov r1, sl + 8005e80: 4650 mov r0, sl + 8005e82: f7ff fe8f bl 8005ba4 + } while (carry < 0); + 8005e86: 1836 adds r6, r6, r0 + 8005e88: d4f8 bmi.n 8005e7c +} + 8005e8a: b008 add sp, #32 + 8005e8c: e8bd 84f0 ldmia.w sp!, {r4, r5, r6, r7, sl, pc} + 8005e90: 0800e8a0 .word 0x0800e8a0 + +08005e94 : +static void mod_sqrt_default(uECC_word_t *a, uECC_Curve curve) { + 8005e94: b5f0 push {r4, r5, r6, r7, lr} + 8005e96: b091 sub sp, #68 ; 0x44 + 8005e98: 460d mov r5, r1 + uECC_word_t p1[uECC_MAX_WORDS] = {1}; + 8005e9a: 221c movs r2, #28 + 8005e9c: 2100 movs r1, #0 +static void mod_sqrt_default(uECC_word_t *a, uECC_Curve curve) { + 8005e9e: 4606 mov r6, r0 + uECC_word_t p1[uECC_MAX_WORDS] = {1}; + 8005ea0: a801 add r0, sp, #4 + 8005ea2: f007 fbb5 bl 800d610 + 8005ea6: 2401 movs r4, #1 + uECC_word_t l_result[uECC_MAX_WORDS] = {1}; + 8005ea8: 221c movs r2, #28 + 8005eaa: 2100 movs r1, #0 + 8005eac: a809 add r0, sp, #36 ; 0x24 + uECC_word_t p1[uECC_MAX_WORDS] = {1}; + 8005eae: 9400 str r4, [sp, #0] + uECC_word_t l_result[uECC_MAX_WORDS] = {1}; + 8005eb0: f007 fbae bl 800d610 + wordcount_t num_words = curve->num_words; + 8005eb4: 4629 mov r1, r5 + uECC_vli_add(p1, curve->p, p1, num_words); /* p1 = curve_p + 1 */ + 8005eb6: 466a mov r2, sp + wordcount_t num_words = curve->num_words; + 8005eb8: f911 7b04 ldrsb.w r7, [r1], #4 + uECC_word_t l_result[uECC_MAX_WORDS] = {1}; + 8005ebc: 9408 str r4, [sp, #32] + uECC_vli_add(p1, curve->p, p1, num_words); /* p1 = curve_p + 1 */ + 8005ebe: 4668 mov r0, sp + 8005ec0: f7ff fe70 bl 8005ba4 + for (i = uECC_vli_numBits(p1, num_words) - 1; i > 1; --i) { + 8005ec4: 4639 mov r1, r7 + 8005ec6: 4668 mov r0, sp + 8005ec8: f7ff fbf1 bl 80056ae + 8005ecc: 1e44 subs r4, r0, #1 + 8005ece: b224 sxth r4, r4 + 8005ed0: 2c01 cmp r4, #1 + 8005ed2: dc06 bgt.n 8005ee2 + uECC_vli_set(a, l_result, num_words); + 8005ed4: 463a mov r2, r7 + 8005ed6: a908 add r1, sp, #32 + 8005ed8: 4630 mov r0, r6 + 8005eda: f7ff fc08 bl 80056ee +} + 8005ede: b011 add sp, #68 ; 0x44 + 8005ee0: bdf0 pop {r4, r5, r6, r7, pc} + uECC_vli_modSquare_fast(l_result, l_result, curve); + 8005ee2: a908 add r1, sp, #32 + 8005ee4: 4608 mov r0, r1 + 8005ee6: 462a mov r2, r5 + 8005ee8: f7ff fcdf bl 80058aa + if (uECC_vli_testBit(p1, i)) { + 8005eec: 4621 mov r1, r4 + 8005eee: 4668 mov r0, sp + 8005ef0: f7ff fbd3 bl 800569a + 8005ef4: b128 cbz r0, 8005f02 + uECC_vli_modMult_fast(l_result, l_result, a, curve); + 8005ef6: a908 add r1, sp, #32 + 8005ef8: 462b mov r3, r5 + 8005efa: 4632 mov r2, r6 + 8005efc: 4608 mov r0, r1 + 8005efe: f7ff fcc4 bl 800588a + for (i = uECC_vli_numBits(p1, num_words) - 1; i > 1; --i) { + 8005f02: 3c01 subs r4, #1 + 8005f04: e7e3 b.n 8005ece + +08005f06 : + if (!EVEN(uv)) { + 8005f06: 6803 ldr r3, [r0, #0] + wordcount_t num_words) { + 8005f08: b570 push {r4, r5, r6, lr} + if (!EVEN(uv)) { + 8005f0a: f013 0601 ands.w r6, r3, #1 + wordcount_t num_words) { + 8005f0e: 4605 mov r5, r0 + 8005f10: 4614 mov r4, r2 + if (!EVEN(uv)) { + 8005f12: d004 beq.n 8005f1e + carry = uECC_vli_add(uv, uv, mod, num_words); + 8005f14: 460a mov r2, r1 + 8005f16: 4601 mov r1, r0 + 8005f18: f7ff fe44 bl 8005ba4 + 8005f1c: 4606 mov r6, r0 + uECC_vli_rshift1(uv, num_words); + 8005f1e: 4621 mov r1, r4 + 8005f20: 4628 mov r0, r5 + 8005f22: f7ff fc05 bl 8005730 + if (carry) { + 8005f26: b146 cbz r6, 8005f3a + uv[num_words - 1] |= HIGH_BIT_SET; + 8005f28: f104 4280 add.w r2, r4, #1073741824 ; 0x40000000 + 8005f2c: 3a01 subs r2, #1 + 8005f2e: f855 3022 ldr.w r3, [r5, r2, lsl #2] + 8005f32: f043 4300 orr.w r3, r3, #2147483648 ; 0x80000000 + 8005f36: f845 3022 str.w r3, [r5, r2, lsl #2] +} + 8005f3a: bd70 pop {r4, r5, r6, pc} + +08005f3c : + wordcount_t num_words) { + 8005f3c: b5f0 push {r4, r5, r6, r7, lr} + 8005f3e: 460f mov r7, r1 + 8005f40: b0a1 sub sp, #132 ; 0x84 + 8005f42: 4606 mov r6, r0 + if (uECC_vli_isZero(input, num_words)) { + 8005f44: 4619 mov r1, r3 + 8005f46: 4638 mov r0, r7 + wordcount_t num_words) { + 8005f48: 4615 mov r5, r2 + 8005f4a: 461c mov r4, r3 + if (uECC_vli_isZero(input, num_words)) { + 8005f4c: f7ff fb96 bl 800567c + 8005f50: b128 cbz r0, 8005f5e + uECC_vli_clear(result, num_words); + 8005f52: 4630 mov r0, r6 +} + 8005f54: b021 add sp, #132 ; 0x84 + 8005f56: e8bd 40f0 ldmia.w sp!, {r4, r5, r6, r7, lr} + uECC_vli_clear(result, num_words); + 8005f5a: f7ff bb89 b.w 8005670 + uECC_vli_set(a, input, num_words); + 8005f5e: 4622 mov r2, r4 + 8005f60: 4639 mov r1, r7 + 8005f62: 4668 mov r0, sp + 8005f64: f7ff fbc3 bl 80056ee + uECC_vli_set(b, mod, num_words); + 8005f68: 4629 mov r1, r5 + 8005f6a: a808 add r0, sp, #32 + 8005f6c: f7ff fbbf bl 80056ee + uECC_vli_clear(u, num_words); + 8005f70: 4621 mov r1, r4 + 8005f72: a810 add r0, sp, #64 ; 0x40 + 8005f74: f7ff fb7c bl 8005670 + u[0] = 1; + 8005f78: 2301 movs r3, #1 + uECC_vli_clear(v, num_words); + 8005f7a: 4621 mov r1, r4 + 8005f7c: a818 add r0, sp, #96 ; 0x60 + u[0] = 1; + 8005f7e: 9310 str r3, [sp, #64] ; 0x40 + uECC_vli_clear(v, num_words); + 8005f80: f7ff fb76 bl 8005670 + while ((cmpResult = uECC_vli_cmp_unsafe(a, b, num_words)) != 0) { + 8005f84: 4622 mov r2, r4 + 8005f86: a908 add r1, sp, #32 + 8005f88: 4668 mov r0, sp + 8005f8a: f7ff fbbc bl 8005706 + 8005f8e: b930 cbnz r0, 8005f9e + uECC_vli_set(result, u, num_words); + 8005f90: 4622 mov r2, r4 + 8005f92: a910 add r1, sp, #64 ; 0x40 + 8005f94: 4630 mov r0, r6 + 8005f96: f7ff fbaa bl 80056ee +} + 8005f9a: b021 add sp, #132 ; 0x84 + 8005f9c: bdf0 pop {r4, r5, r6, r7, pc} + if (EVEN(a)) { + 8005f9e: 9b00 ldr r3, [sp, #0] + 8005fa0: 07da lsls r2, r3, #31 + 8005fa2: d409 bmi.n 8005fb8 + uECC_vli_rshift1(a, num_words); + 8005fa4: 4621 mov r1, r4 + 8005fa6: 4668 mov r0, sp + 8005fa8: f7ff fbc2 bl 8005730 + vli_modInv_update(u, mod, num_words); + 8005fac: 4622 mov r2, r4 + 8005fae: 4629 mov r1, r5 + 8005fb0: a810 add r0, sp, #64 ; 0x40 + vli_modInv_update(v, mod, num_words); + 8005fb2: f7ff ffa8 bl 8005f06 + 8005fb6: e7e5 b.n 8005f84 + } else if (EVEN(b)) { + 8005fb8: 9b08 ldr r3, [sp, #32] + 8005fba: 07db lsls r3, r3, #31 + 8005fbc: d407 bmi.n 8005fce + uECC_vli_rshift1(b, num_words); + 8005fbe: 4621 mov r1, r4 + 8005fc0: a808 add r0, sp, #32 + 8005fc2: f7ff fbb5 bl 8005730 + vli_modInv_update(v, mod, num_words); + 8005fc6: 4622 mov r2, r4 + 8005fc8: 4629 mov r1, r5 + 8005fca: a818 add r0, sp, #96 ; 0x60 + 8005fcc: e7f1 b.n 8005fb2 + } else if (cmpResult > 0) { + 8005fce: 2800 cmp r0, #0 + 8005fd0: dd1a ble.n 8006008 + uECC_vli_sub(a, a, b, num_words); + 8005fd2: aa08 add r2, sp, #32 + 8005fd4: 4669 mov r1, sp + 8005fd6: 4668 mov r0, sp + 8005fd8: f7ff fd22 bl 8005a20 + uECC_vli_rshift1(a, num_words); + 8005fdc: 4621 mov r1, r4 + 8005fde: 4668 mov r0, sp + 8005fe0: f7ff fba6 bl 8005730 + if (uECC_vli_cmp_unsafe(u, v, num_words) < 0) { + 8005fe4: 4622 mov r2, r4 + 8005fe6: a918 add r1, sp, #96 ; 0x60 + 8005fe8: a810 add r0, sp, #64 ; 0x40 + 8005fea: f7ff fb8c bl 8005706 + 8005fee: 2800 cmp r0, #0 + 8005ff0: da04 bge.n 8005ffc + uECC_vli_add(u, u, mod, num_words); + 8005ff2: a910 add r1, sp, #64 ; 0x40 + 8005ff4: 462a mov r2, r5 + 8005ff6: 4608 mov r0, r1 + 8005ff8: f7ff fdd4 bl 8005ba4 + uECC_vli_sub(u, u, v, num_words); + 8005ffc: a910 add r1, sp, #64 ; 0x40 + 8005ffe: aa18 add r2, sp, #96 ; 0x60 + 8006000: 4608 mov r0, r1 + 8006002: f7ff fd0d bl 8005a20 + 8006006: e7d1 b.n 8005fac + uECC_vli_sub(b, b, a, num_words); + 8006008: 466a mov r2, sp + 800600a: a808 add r0, sp, #32 + 800600c: f7ff fd08 bl 8005a20 + uECC_vli_rshift1(b, num_words); + 8006010: 4621 mov r1, r4 + 8006012: a808 add r0, sp, #32 + 8006014: f7ff fb8c bl 8005730 + if (uECC_vli_cmp_unsafe(v, u, num_words) < 0) { + 8006018: 4622 mov r2, r4 + 800601a: a910 add r1, sp, #64 ; 0x40 + 800601c: a818 add r0, sp, #96 ; 0x60 + 800601e: f7ff fb72 bl 8005706 + 8006022: 2800 cmp r0, #0 + 8006024: da04 bge.n 8006030 + uECC_vli_add(v, v, mod, num_words); + 8006026: a918 add r1, sp, #96 ; 0x60 + 8006028: 462a mov r2, r5 + 800602a: 4608 mov r0, r1 + 800602c: f7ff fdba bl 8005ba4 + uECC_vli_sub(v, v, u, num_words); + 8006030: a918 add r1, sp, #96 ; 0x60 + 8006032: aa10 add r2, sp, #64 ; 0x40 + 8006034: 4608 mov r0, r1 + 8006036: f7ff fcf3 bl 8005a20 + 800603a: e7c4 b.n 8005fc6 + +0800603c : + wordcount_t num_words) { + 800603c: b570 push {r4, r5, r6, lr} + 800603e: 4604 mov r4, r0 + 8006040: f99d 6010 ldrsb.w r6, [sp, #16] + 8006044: 461d mov r5, r3 + uECC_word_t carry = uECC_vli_add(result, left, right, num_words); + 8006046: f7ff fdad bl 8005ba4 + if (carry || uECC_vli_cmp_unsafe(mod, result, num_words) != 1) { + 800604a: b930 cbnz r0, 800605a + 800604c: 4632 mov r2, r6 + 800604e: 4621 mov r1, r4 + 8006050: 4628 mov r0, r5 + 8006052: f7ff fb58 bl 8005706 + 8006056: 2801 cmp r0, #1 + 8006058: d006 beq.n 8006068 + uECC_vli_sub(result, result, mod, num_words); + 800605a: 462a mov r2, r5 + 800605c: 4621 mov r1, r4 + 800605e: 4620 mov r0, r4 +} + 8006060: e8bd 4070 ldmia.w sp!, {r4, r5, r6, lr} + uECC_vli_sub(result, result, mod, num_words); + 8006064: f7ff bcdc b.w 8005a20 +} + 8006068: bd70 pop {r4, r5, r6, pc} + +0800606a : +static void x_side_secp256k1(uECC_word_t *result, const uECC_word_t *x, uECC_Curve curve) { + 800606a: b573 push {r0, r1, r4, r5, r6, lr} + 800606c: 4604 mov r4, r0 + 800606e: 4615 mov r5, r2 + 8006070: 460e mov r6, r1 + uECC_vli_modSquare_fast(result, x, curve); /* r = x^2 */ + 8006072: f7ff fc1a bl 80058aa + uECC_vli_modMult_fast(result, result, x, curve); /* r = x^3 */ + 8006076: 462b mov r3, r5 + 8006078: 4632 mov r2, r6 + 800607a: 4621 mov r1, r4 + 800607c: 4620 mov r0, r4 + 800607e: f7ff fc04 bl 800588a + uECC_vli_modAdd(result, result, curve->b, curve->p, num_words_secp256k1); /* r = x^3 + b */ + 8006082: 2308 movs r3, #8 + 8006084: 9300 str r3, [sp, #0] + 8006086: f105 0284 add.w r2, r5, #132 ; 0x84 + 800608a: 1d2b adds r3, r5, #4 + 800608c: 4621 mov r1, r4 + 800608e: 4620 mov r0, r4 + 8006090: f7ff ffd4 bl 800603c +} + 8006094: b002 add sp, #8 + 8006096: bd70 pop {r4, r5, r6, pc} + +08006098 : +uECC_VLI_API void uECC_vli_modSub(uECC_word_t *result, + 8006098: b538 push {r3, r4, r5, lr} + 800609a: 4604 mov r4, r0 + 800609c: 461d mov r5, r3 + uECC_word_t l_borrow = uECC_vli_sub(result, left, right, num_words); + 800609e: f7ff fcbf bl 8005a20 + if (l_borrow) { + 80060a2: b130 cbz r0, 80060b2 + uECC_vli_add(result, result, mod, num_words); + 80060a4: 462a mov r2, r5 + 80060a6: 4621 mov r1, r4 + 80060a8: 4620 mov r0, r4 +} + 80060aa: e8bd 4038 ldmia.w sp!, {r3, r4, r5, lr} + uECC_vli_add(result, result, mod, num_words); + 80060ae: f7ff bd79 b.w 8005ba4 +} + 80060b2: bd38 pop {r3, r4, r5, pc} + +080060b4 : + uECC_Curve curve) { + 80060b4: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 80060b8: b09a sub sp, #104 ; 0x68 + 80060ba: 4615 mov r5, r2 + 80060bc: 9f22 ldr r7, [sp, #136] ; 0x88 + wordcount_t num_words = curve->num_words; + 80060be: 463c mov r4, r7 + uECC_Curve curve) { + 80060c0: 4698 mov r8, r3 + wordcount_t num_words = curve->num_words; + 80060c2: f914 ab04 ldrsb.w sl, [r4], #4 + uECC_Curve curve) { + 80060c6: 4606 mov r6, r0 + 80060c8: 4689 mov r9, r1 + uECC_vli_modSub(t5, X2, X1, curve->p, num_words); /* t5 = x2 - x1 */ + 80060ca: 4623 mov r3, r4 + 80060cc: 4602 mov r2, r0 + 80060ce: 4629 mov r1, r5 + 80060d0: a802 add r0, sp, #8 + 80060d2: f7ff ffe1 bl 8006098 + uECC_vli_modSquare_fast(t5, t5, curve); /* t5 = (x2 - x1)^2 = A */ + 80060d6: a902 add r1, sp, #8 + 80060d8: 463a mov r2, r7 + 80060da: 4608 mov r0, r1 + 80060dc: f7ff fbe5 bl 80058aa + uECC_vli_modMult_fast(X1, X1, t5, curve); /* t1 = x1*A = B */ + 80060e0: 463b mov r3, r7 + 80060e2: aa02 add r2, sp, #8 + 80060e4: 4631 mov r1, r6 + 80060e6: 4630 mov r0, r6 + 80060e8: f7ff fbcf bl 800588a + uECC_vli_modMult_fast(X2, X2, t5, curve); /* t3 = x2*A = C */ + 80060ec: 463b mov r3, r7 + 80060ee: aa02 add r2, sp, #8 + 80060f0: 4629 mov r1, r5 + 80060f2: 4628 mov r0, r5 + 80060f4: f7ff fbc9 bl 800588a + uECC_vli_modAdd(t5, Y2, Y1, curve->p, num_words); /* t5 = y2 + y1 */ + 80060f8: 4623 mov r3, r4 + 80060fa: 464a mov r2, r9 + 80060fc: 4641 mov r1, r8 + 80060fe: a802 add r0, sp, #8 + 8006100: f8cd a000 str.w sl, [sp] + 8006104: f7ff ff9a bl 800603c + uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y2 - y1 */ + 8006108: 4623 mov r3, r4 + 800610a: 464a mov r2, r9 + 800610c: 4641 mov r1, r8 + 800610e: 4640 mov r0, r8 + 8006110: f7ff ffc2 bl 8006098 + uECC_vli_modSub(t6, X2, X1, curve->p, num_words); /* t6 = C - B */ + 8006114: 4623 mov r3, r4 + 8006116: 4632 mov r2, r6 + 8006118: 4629 mov r1, r5 + 800611a: a80a add r0, sp, #40 ; 0x28 + 800611c: f7ff ffbc bl 8006098 + uECC_vli_modMult_fast(Y1, Y1, t6, curve); /* t2 = y1 * (C - B) = E */ + 8006120: 463b mov r3, r7 + 8006122: aa0a add r2, sp, #40 ; 0x28 + 8006124: 4649 mov r1, r9 + 8006126: 4648 mov r0, r9 + 8006128: f7ff fbaf bl 800588a + uECC_vli_modAdd(t6, X1, X2, curve->p, num_words); /* t6 = B + C */ + 800612c: 4623 mov r3, r4 + 800612e: 462a mov r2, r5 + 8006130: 4631 mov r1, r6 + 8006132: a80a add r0, sp, #40 ; 0x28 + 8006134: f8cd a000 str.w sl, [sp] + 8006138: f7ff ff80 bl 800603c + uECC_vli_modSquare_fast(X2, Y2, curve); /* t3 = (y2 - y1)^2 = D */ + 800613c: 463a mov r2, r7 + 800613e: 4641 mov r1, r8 + 8006140: 4628 mov r0, r5 + 8006142: f7ff fbb2 bl 80058aa + uECC_vli_modSub(X2, X2, t6, curve->p, num_words); /* t3 = D - (B + C) = x3 */ + 8006146: 4623 mov r3, r4 + 8006148: aa0a add r2, sp, #40 ; 0x28 + 800614a: 4629 mov r1, r5 + 800614c: 4628 mov r0, r5 + 800614e: f7ff ffa3 bl 8006098 + uECC_vli_modSub(t7, X1, X2, curve->p, num_words); /* t7 = B - x3 */ + 8006152: 4623 mov r3, r4 + 8006154: 462a mov r2, r5 + 8006156: 4631 mov r1, r6 + 8006158: a812 add r0, sp, #72 ; 0x48 + 800615a: f7ff ff9d bl 8006098 + uECC_vli_modMult_fast(Y2, Y2, t7, curve); /* t4 = (y2 - y1)*(B - x3) */ + 800615e: 463b mov r3, r7 + 8006160: aa12 add r2, sp, #72 ; 0x48 + 8006162: 4641 mov r1, r8 + 8006164: 4640 mov r0, r8 + 8006166: f7ff fb90 bl 800588a + uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = (y2 - y1)*(B - x3) - E = y3 */ + 800616a: 4623 mov r3, r4 + 800616c: 464a mov r2, r9 + 800616e: 4641 mov r1, r8 + 8006170: 4640 mov r0, r8 + 8006172: f7ff ff91 bl 8006098 + uECC_vli_modSquare_fast(t7, t5, curve); /* t7 = (y2 + y1)^2 = F */ + 8006176: 463a mov r2, r7 + 8006178: a902 add r1, sp, #8 + 800617a: a812 add r0, sp, #72 ; 0x48 + 800617c: f7ff fb95 bl 80058aa + uECC_vli_modSub(t7, t7, t6, curve->p, num_words); /* t7 = F - (B + C) = x3' */ + 8006180: a912 add r1, sp, #72 ; 0x48 + 8006182: 4623 mov r3, r4 + 8006184: aa0a add r2, sp, #40 ; 0x28 + 8006186: 4608 mov r0, r1 + 8006188: f7ff ff86 bl 8006098 + uECC_vli_modSub(t6, t7, X1, curve->p, num_words); /* t6 = x3' - B */ + 800618c: 4623 mov r3, r4 + 800618e: 4632 mov r2, r6 + 8006190: a912 add r1, sp, #72 ; 0x48 + 8006192: a80a add r0, sp, #40 ; 0x28 + 8006194: f7ff ff80 bl 8006098 + uECC_vli_modMult_fast(t6, t6, t5, curve); /* t6 = (y2+y1)*(x3' - B) */ + 8006198: a90a add r1, sp, #40 ; 0x28 + 800619a: 463b mov r3, r7 + 800619c: aa02 add r2, sp, #8 + 800619e: 4608 mov r0, r1 + 80061a0: f7ff fb73 bl 800588a + uECC_vli_modSub(Y1, t6, Y1, curve->p, num_words); /* t2 = (y2+y1)*(x3' - B) - E = y3' */ + 80061a4: 4623 mov r3, r4 + 80061a6: 464a mov r2, r9 + 80061a8: a90a add r1, sp, #40 ; 0x28 + 80061aa: 4648 mov r0, r9 + 80061ac: f7ff ff74 bl 8006098 + uECC_vli_set(X1, t7, num_words); + 80061b0: 4652 mov r2, sl + 80061b2: a912 add r1, sp, #72 ; 0x48 + 80061b4: 4630 mov r0, r6 + 80061b6: f7ff fa9a bl 80056ee +} + 80061ba: b01a add sp, #104 ; 0x68 + 80061bc: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + +080061c0 : + uECC_Curve curve) { + 80061c0: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 80061c4: b088 sub sp, #32 + 80061c6: 4614 mov r4, r2 + 80061c8: f8dd 8040 ldr.w r8, [sp, #64] ; 0x40 + wordcount_t num_words = curve->num_words; + 80061cc: 4645 mov r5, r8 + uECC_Curve curve) { + 80061ce: 461e mov r6, r3 + wordcount_t num_words = curve->num_words; + 80061d0: f915 ab04 ldrsb.w sl, [r5], #4 + uECC_Curve curve) { + 80061d4: 4607 mov r7, r0 + 80061d6: 4689 mov r9, r1 + uECC_vli_modSub(t5, X2, X1, curve->p, num_words); /* t5 = x2 - x1 */ + 80061d8: 462b mov r3, r5 + 80061da: 4602 mov r2, r0 + 80061dc: 4621 mov r1, r4 + 80061de: 4668 mov r0, sp + 80061e0: f7ff ff5a bl 8006098 + uECC_vli_modSquare_fast(t5, t5, curve); /* t5 = (x2 - x1)^2 = A */ + 80061e4: 4642 mov r2, r8 + 80061e6: 4669 mov r1, sp + 80061e8: 4668 mov r0, sp + 80061ea: f7ff fb5e bl 80058aa + uECC_vli_modMult_fast(X1, X1, t5, curve); /* t1 = x1*A = B */ + 80061ee: 4643 mov r3, r8 + 80061f0: 466a mov r2, sp + 80061f2: 4639 mov r1, r7 + 80061f4: 4638 mov r0, r7 + 80061f6: f7ff fb48 bl 800588a + uECC_vli_modMult_fast(X2, X2, t5, curve); /* t3 = x2*A = C */ + 80061fa: 4643 mov r3, r8 + 80061fc: 466a mov r2, sp + 80061fe: 4621 mov r1, r4 + 8006200: 4620 mov r0, r4 + 8006202: f7ff fb42 bl 800588a + uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y2 - y1 */ + 8006206: 462b mov r3, r5 + 8006208: 464a mov r2, r9 + 800620a: 4631 mov r1, r6 + 800620c: 4630 mov r0, r6 + 800620e: f7ff ff43 bl 8006098 + uECC_vli_modSquare_fast(t5, Y2, curve); /* t5 = (y2 - y1)^2 = D */ + 8006212: 4642 mov r2, r8 + 8006214: 4631 mov r1, r6 + 8006216: 4668 mov r0, sp + 8006218: f7ff fb47 bl 80058aa + uECC_vli_modSub(t5, t5, X1, curve->p, num_words); /* t5 = D - B */ + 800621c: 462b mov r3, r5 + 800621e: 463a mov r2, r7 + 8006220: 4669 mov r1, sp + 8006222: 4668 mov r0, sp + 8006224: f7ff ff38 bl 8006098 + uECC_vli_modSub(t5, t5, X2, curve->p, num_words); /* t5 = D - B - C = x3 */ + 8006228: 462b mov r3, r5 + 800622a: 4622 mov r2, r4 + 800622c: 4669 mov r1, sp + 800622e: 4668 mov r0, sp + 8006230: f7ff ff32 bl 8006098 + uECC_vli_modSub(X2, X2, X1, curve->p, num_words); /* t3 = C - B */ + 8006234: 462b mov r3, r5 + 8006236: 463a mov r2, r7 + 8006238: 4621 mov r1, r4 + 800623a: 4620 mov r0, r4 + 800623c: f7ff ff2c bl 8006098 + uECC_vli_modMult_fast(Y1, Y1, X2, curve); /* t2 = y1*(C - B) */ + 8006240: 4643 mov r3, r8 + 8006242: 4622 mov r2, r4 + 8006244: 4649 mov r1, r9 + 8006246: 4648 mov r0, r9 + 8006248: f7ff fb1f bl 800588a + uECC_vli_modSub(X2, X1, t5, curve->p, num_words); /* t3 = B - x3 */ + 800624c: 462b mov r3, r5 + 800624e: 466a mov r2, sp + 8006250: 4639 mov r1, r7 + 8006252: 4620 mov r0, r4 + 8006254: f7ff ff20 bl 8006098 + uECC_vli_modMult_fast(Y2, Y2, X2, curve); /* t4 = (y2 - y1)*(B - x3) */ + 8006258: 4643 mov r3, r8 + 800625a: 4622 mov r2, r4 + 800625c: 4631 mov r1, r6 + 800625e: 4630 mov r0, r6 + 8006260: f7ff fb13 bl 800588a + uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y3 */ + 8006264: 462b mov r3, r5 + 8006266: 464a mov r2, r9 + 8006268: 4631 mov r1, r6 + 800626a: 4630 mov r0, r6 + 800626c: f7ff ff14 bl 8006098 + uECC_vli_set(X2, t5, num_words); + 8006270: 4652 mov r2, sl + 8006272: 4669 mov r1, sp + 8006274: 4620 mov r0, r4 + 8006276: f7ff fa3a bl 80056ee +} + 800627a: b008 add sp, #32 + 800627c: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + +08006280 : + uECC_Curve curve) { + 8006280: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 8006284: b0b1 sub sp, #196 ; 0xc4 + 8006286: e9cd 0102 strd r0, r1, [sp, #8] + 800628a: 9c3b ldr r4, [sp, #236] ; 0xec + 800628c: 9204 str r2, [sp, #16] + wordcount_t num_words = curve->num_words; + 800628e: f994 9000 ldrsb.w r9, [r4] + uECC_vli_set(Rx[1], point, num_words); + 8006292: a818 add r0, sp, #96 ; 0x60 + 8006294: 464a mov r2, r9 + uECC_Curve curve) { + 8006296: 461d mov r5, r3 + uECC_vli_set(Rx[1], point, num_words); + 8006298: f7ff fa29 bl 80056ee + uECC_vli_set(Ry[1], point + num_words, num_words); + 800629c: ea4f 0389 mov.w r3, r9, lsl #2 + 80062a0: 9305 str r3, [sp, #20] + 80062a2: 9b03 ldr r3, [sp, #12] + 80062a4: eb03 0a89 add.w sl, r3, r9, lsl #2 + 80062a8: 4651 mov r1, sl + 80062aa: a828 add r0, sp, #160 ; 0xa0 + 80062ac: f7ff fa1f bl 80056ee + wordcount_t num_words = curve->num_words; + 80062b0: f994 2000 ldrsb.w r2, [r4] + if (initial_Z) { + 80062b4: 2d00 cmp r5, #0 + 80062b6: f000 8082 beq.w 80063be + uECC_vli_set(z, initial_Z, num_words); + 80062ba: 4629 mov r1, r5 + 80062bc: a808 add r0, sp, #32 + 80062be: f7ff fa16 bl 80056ee + uECC_vli_set(X2, X1, num_words); + 80062c2: af10 add r7, sp, #64 ; 0x40 + 80062c4: a918 add r1, sp, #96 ; 0x60 + 80062c6: 4638 mov r0, r7 + uECC_vli_set(Y2, Y1, num_words); + 80062c8: f10d 0880 add.w r8, sp, #128 ; 0x80 + uECC_vli_set(X2, X1, num_words); + 80062cc: f7ff fa0f bl 80056ee + uECC_vli_set(Y2, Y1, num_words); + 80062d0: a928 add r1, sp, #160 ; 0xa0 + 80062d2: 4640 mov r0, r8 + 80062d4: f7ff fa0b bl 80056ee + apply_z(X1, Y1, z, curve); + 80062d8: 4623 mov r3, r4 + 80062da: aa08 add r2, sp, #32 + 80062dc: a818 add r0, sp, #96 ; 0x60 + 80062de: f7ff fae8 bl 80058b2 + curve->double_jacobian(X1, Y1, z, curve); + 80062e2: f8d4 50a4 ldr.w r5, [r4, #164] ; 0xa4 + 80062e6: 4623 mov r3, r4 + 80062e8: aa08 add r2, sp, #32 + 80062ea: a928 add r1, sp, #160 ; 0xa0 + 80062ec: a818 add r0, sp, #96 ; 0x60 + 80062ee: 47a8 blx r5 + apply_z(X2, Y2, z, curve); + 80062f0: 4623 mov r3, r4 + 80062f2: aa08 add r2, sp, #32 + 80062f4: 4641 mov r1, r8 + 80062f6: 4638 mov r0, r7 + 80062f8: f7ff fadb bl 80058b2 + for (i = num_bits - 2; i > 0; --i) { + 80062fc: f9bd 50e8 ldrsh.w r5, [sp, #232] ; 0xe8 + 8006300: 3d02 subs r5, #2 + 8006302: b22d sxth r5, r5 + 8006304: 2d00 cmp r5, #0 + 8006306: dc63 bgt.n 80063d0 + return (vli[bit >> uECC_WORD_BITS_SHIFT] & ((uECC_word_t)1 << (bit & uECC_WORD_BITS_MASK))); + 8006308: 9b04 ldr r3, [sp, #16] + 800630a: 681d ldr r5, [r3, #0] + XYcZ_addC(Rx[1 - nb], Ry[1 - nb], Rx[nb], Ry[nb], curve); + 800630c: 9400 str r4, [sp, #0] + return (vli[bit >> uECC_WORD_BITS_SHIFT] & ((uECC_word_t)1 << (bit & uECC_WORD_BITS_MASK))); + 800630e: f005 0601 and.w r6, r5, #1 + XYcZ_addC(Rx[1 - nb], Ry[1 - nb], Rx[nb], Ry[nb], curve); + 8006312: ab10 add r3, sp, #64 ; 0x40 + 8006314: eb03 1746 add.w r7, r3, r6, lsl #5 + 8006318: 43ed mvns r5, r5 + 800631a: ab20 add r3, sp, #128 ; 0x80 + 800631c: eb03 1646 add.w r6, r3, r6, lsl #5 + 8006320: f005 0501 and.w r5, r5, #1 + 8006324: ab10 add r3, sp, #64 ; 0x40 + 8006326: eb03 1845 add.w r8, r3, r5, lsl #5 + 800632a: ab20 add r3, sp, #128 ; 0x80 + 800632c: eb03 1545 add.w r5, r3, r5, lsl #5 + 8006330: 462b mov r3, r5 + 8006332: 4642 mov r2, r8 + 8006334: 4631 mov r1, r6 + 8006336: 4638 mov r0, r7 + uECC_vli_modSub(z, Rx[1], Rx[0], curve->p, num_words); /* X1 - X0 */ + 8006338: f104 0b04 add.w fp, r4, #4 + XYcZ_addC(Rx[1 - nb], Ry[1 - nb], Rx[nb], Ry[nb], curve); + 800633c: f7ff feba bl 80060b4 + uECC_vli_modSub(z, Rx[1], Rx[0], curve->p, num_words); /* X1 - X0 */ + 8006340: 465b mov r3, fp + 8006342: aa10 add r2, sp, #64 ; 0x40 + 8006344: a918 add r1, sp, #96 ; 0x60 + 8006346: a808 add r0, sp, #32 + 8006348: f7ff fea6 bl 8006098 + uECC_vli_modMult_fast(z, z, Ry[1 - nb], curve); /* Yb * (X1 - X0) */ + 800634c: a908 add r1, sp, #32 + 800634e: 4623 mov r3, r4 + 8006350: 4632 mov r2, r6 + 8006352: 4608 mov r0, r1 + 8006354: f7ff fa99 bl 800588a + uECC_vli_modMult_fast(z, z, point, curve); /* xP * Yb * (X1 - X0) */ + 8006358: a908 add r1, sp, #32 + 800635a: 9a03 ldr r2, [sp, #12] + 800635c: 4623 mov r3, r4 + 800635e: 4608 mov r0, r1 + 8006360: f7ff fa93 bl 800588a + uECC_vli_modInv(z, z, curve->p, num_words); /* 1 / (xP * Yb * (X1 - X0)) */ + 8006364: a908 add r1, sp, #32 + 8006366: 464b mov r3, r9 + 8006368: 465a mov r2, fp + 800636a: 4608 mov r0, r1 + 800636c: f7ff fde6 bl 8005f3c + uECC_vli_modMult_fast(z, z, point + num_words, curve); + 8006370: a908 add r1, sp, #32 + 8006372: 4623 mov r3, r4 + 8006374: 4652 mov r2, sl + 8006376: 4608 mov r0, r1 + 8006378: f7ff fa87 bl 800588a + uECC_vli_modMult_fast(z, z, Rx[1 - nb], curve); /* Xb * yP / (xP * Yb * (X1 - X0)) */ + 800637c: a908 add r1, sp, #32 + 800637e: 4623 mov r3, r4 + 8006380: 463a mov r2, r7 + 8006382: 4608 mov r0, r1 + 8006384: f7ff fa81 bl 800588a + XYcZ_add(Rx[nb], Ry[nb], Rx[1 - nb], Ry[1 - nb], curve); + 8006388: 4633 mov r3, r6 + 800638a: 463a mov r2, r7 + 800638c: 4629 mov r1, r5 + 800638e: 4640 mov r0, r8 + 8006390: 9400 str r4, [sp, #0] + 8006392: f7ff ff15 bl 80061c0 + apply_z(Rx[0], Ry[0], z, curve); + 8006396: 4623 mov r3, r4 + 8006398: aa08 add r2, sp, #32 + 800639a: a920 add r1, sp, #128 ; 0x80 + 800639c: a810 add r0, sp, #64 ; 0x40 + 800639e: f7ff fa88 bl 80058b2 + uECC_vli_set(result, Rx[0], num_words); + 80063a2: 9802 ldr r0, [sp, #8] + 80063a4: 464a mov r2, r9 + 80063a6: a910 add r1, sp, #64 ; 0x40 + 80063a8: f7ff f9a1 bl 80056ee + uECC_vli_set(result + num_words, Ry[0], num_words); + 80063ac: 9802 ldr r0, [sp, #8] + 80063ae: 9b05 ldr r3, [sp, #20] + 80063b0: a920 add r1, sp, #128 ; 0x80 + 80063b2: 4418 add r0, r3 + 80063b4: f7ff f99b bl 80056ee +} + 80063b8: b031 add sp, #196 ; 0xc4 + 80063ba: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + uECC_vli_clear(z, num_words); + 80063be: 4611 mov r1, r2 + 80063c0: a808 add r0, sp, #32 + 80063c2: 9206 str r2, [sp, #24] + 80063c4: f7ff f954 bl 8005670 + z[0] = 1; + 80063c8: 2301 movs r3, #1 + 80063ca: 9a06 ldr r2, [sp, #24] + 80063cc: 9308 str r3, [sp, #32] + 80063ce: e778 b.n 80062c2 + nb = !uECC_vli_testBit(scalar, i); + 80063d0: 4629 mov r1, r5 + 80063d2: 9804 ldr r0, [sp, #16] + 80063d4: f7ff f961 bl 800569a + 80063d8: fab0 f680 clz r6, r0 + 80063dc: 0976 lsrs r6, r6, #5 + XYcZ_addC(Rx[1 - nb], Ry[1 - nb], Rx[nb], Ry[nb], curve); + 80063de: f1c6 0101 rsb r1, r6, #1 + 80063e2: eb07 1b46 add.w fp, r7, r6, lsl #5 + 80063e6: eb08 1646 add.w r6, r8, r6, lsl #5 + 80063ea: eb07 1041 add.w r0, r7, r1, lsl #5 + 80063ee: 4633 mov r3, r6 + 80063f0: eb08 1141 add.w r1, r8, r1, lsl #5 + 80063f4: 465a mov r2, fp + 80063f6: 9400 str r4, [sp, #0] + 80063f8: e9cd 0106 strd r0, r1, [sp, #24] + 80063fc: f7ff fe5a bl 80060b4 + XYcZ_add(Rx[nb], Ry[nb], Rx[1 - nb], Ry[1 - nb], curve); + 8006400: 9907 ldr r1, [sp, #28] + 8006402: 9806 ldr r0, [sp, #24] + 8006404: 9400 str r4, [sp, #0] + 8006406: 460b mov r3, r1 + 8006408: 4602 mov r2, r0 + 800640a: 4631 mov r1, r6 + 800640c: 4658 mov r0, fp + 800640e: f7ff fed7 bl 80061c0 + for (i = num_bits - 2; i > 0; --i) { + 8006412: 3d01 subs r5, #1 + 8006414: e775 b.n 8006302 + +08006416 : + uECC_Curve curve) { + 8006416: b530 push {r4, r5, lr} + 8006418: 4614 mov r4, r2 + 800641a: b095 sub sp, #84 ; 0x54 + 800641c: 4605 mov r5, r0 + uECC_word_t *p2[2] = {tmp1, tmp2}; + 800641e: aa0c add r2, sp, #48 ; 0x30 + carry = regularize_k(private, tmp1, tmp2, curve); + 8006420: 4623 mov r3, r4 + uECC_Curve curve) { + 8006422: 4608 mov r0, r1 + uECC_word_t *p2[2] = {tmp1, tmp2}; + 8006424: a904 add r1, sp, #16 + 8006426: 9102 str r1, [sp, #8] + 8006428: 9203 str r2, [sp, #12] + carry = regularize_k(private, tmp1, tmp2, curve); + 800642a: f7ff fbe0 bl 8005bee + EccPoint_mult(result, curve->G, p2[!carry], 0, curve->num_n_bits + 1, curve); + 800642e: fab0 f380 clz r3, r0 + 8006432: 095b lsrs r3, r3, #5 + 8006434: aa14 add r2, sp, #80 ; 0x50 + 8006436: eb02 0283 add.w r2, r2, r3, lsl #2 + 800643a: 8863 ldrh r3, [r4, #2] + 800643c: 9401 str r4, [sp, #4] + 800643e: 3301 adds r3, #1 + 8006440: b21b sxth r3, r3 + 8006442: 9300 str r3, [sp, #0] + 8006444: f852 2c48 ldr.w r2, [r2, #-72] + 8006448: 2300 movs r3, #0 + 800644a: f104 0144 add.w r1, r4, #68 ; 0x44 + 800644e: 4628 mov r0, r5 + 8006450: f7ff ff16 bl 8006280 + if (EccPoint_isZero(result, curve)) { + 8006454: 7821 ldrb r1, [r4, #0] + 8006456: 0049 lsls r1, r1, #1 + 8006458: b249 sxtb r1, r1 + 800645a: 4628 mov r0, r5 + 800645c: f7ff f90e bl 800567c +} + 8006460: fab0 f080 clz r0, r0 + 8006464: 0940 lsrs r0, r0, #5 + 8006466: b015 add sp, #84 ; 0x54 + 8006468: bd30 pop {r4, r5, pc} + ... + +0800646c : + uECC_Curve curve) { + 800646c: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 8006470: ed2d 8b02 vpush {d8} + 8006474: b0a7 sub sp, #156 ; 0x9c + 8006476: 461e mov r6, r3 + 8006478: 9d33 ldr r5, [sp, #204] ; 0xcc + wordcount_t num_words = curve->num_words; + 800647a: f995 a000 ldrsb.w sl, [r5] + uECC_Curve curve) { + 800647e: ee08 1a10 vmov s16, r1 + 8006482: 4683 mov fp, r0 + uECC_word_t *k2[2] = {tmp, s}; + 8006484: f10d 0918 add.w r9, sp, #24 + 8006488: ab0e add r3, sp, #56 ; 0x38 + if (uECC_vli_isZero(k, num_words) || uECC_vli_cmp(curve->n, k, num_n_words) != 1) { + 800648a: 4651 mov r1, sl + 800648c: 4630 mov r0, r6 + uECC_Curve curve) { + 800648e: ee08 2a90 vmov s17, r2 + uECC_word_t *k2[2] = {tmp, s}; + 8006492: f8cd 9010 str.w r9, [sp, #16] + 8006496: 9305 str r3, [sp, #20] + if (uECC_vli_isZero(k, num_words) || uECC_vli_cmp(curve->n, k, num_n_words) != 1) { + 8006498: f7ff f8f0 bl 800567c + 800649c: b128 cbz r0, 80064aa + return 0; + 800649e: 2000 movs r0, #0 +} + 80064a0: b027 add sp, #156 ; 0x9c + 80064a2: ecbd 8b02 vpop {d8} + 80064a6: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 80064aa: f9b5 8002 ldrsh.w r8, [r5, #2] + 80064ae: f118 041f adds.w r4, r8, #31 + 80064b2: bf48 it mi + 80064b4: f108 043e addmi.w r4, r8, #62 ; 0x3e + 80064b8: f344 1447 sbfx r4, r4, #5, #8 + if (uECC_vli_isZero(k, num_words) || uECC_vli_cmp(curve->n, k, num_n_words) != 1) { + 80064bc: f105 0724 add.w r7, r5, #36 ; 0x24 + 80064c0: 4622 mov r2, r4 + 80064c2: 4631 mov r1, r6 + 80064c4: 4638 mov r0, r7 + 80064c6: f7ff fb19 bl 8005afc + 80064ca: 2801 cmp r0, #1 + 80064cc: 9003 str r0, [sp, #12] + 80064ce: d1e6 bne.n 800649e + carry = regularize_k(k, tmp, s, curve); + 80064d0: 462b mov r3, r5 + 80064d2: aa0e add r2, sp, #56 ; 0x38 + 80064d4: 4649 mov r1, r9 + 80064d6: 4630 mov r0, r6 + 80064d8: f7ff fb89 bl 8005bee + EccPoint_mult(p, curve->G, k2[!carry], 0, num_n_bits + 1, curve); + 80064dc: fab0 f080 clz r0, r0 + 80064e0: ab26 add r3, sp, #152 ; 0x98 + 80064e2: 0940 lsrs r0, r0, #5 + 80064e4: f108 0801 add.w r8, r8, #1 + 80064e8: eb03 0080 add.w r0, r3, r0, lsl #2 + 80064ec: fa0f f388 sxth.w r3, r8 + 80064f0: 9300 str r3, [sp, #0] + 80064f2: 9501 str r5, [sp, #4] + 80064f4: f850 2c88 ldr.w r2, [r0, #-136] + 80064f8: f105 0144 add.w r1, r5, #68 ; 0x44 + 80064fc: a816 add r0, sp, #88 ; 0x58 + 80064fe: 2300 movs r3, #0 + 8006500: f7ff febe bl 8006280 + if (uECC_vli_isZero(p, num_words)) { + 8006504: 4651 mov r1, sl + 8006506: a816 add r0, sp, #88 ; 0x58 + 8006508: f7ff f8b8 bl 800567c + 800650c: 2800 cmp r0, #0 + 800650e: d1c6 bne.n 800649e + uECC_recid = (p[curve->num_words] & 0x01); + 8006510: f995 3000 ldrsb.w r3, [r5] + 8006514: aa26 add r2, sp, #152 ; 0x98 + 8006516: eb02 0383 add.w r3, r2, r3, lsl #2 + 800651a: 4a3b ldr r2, [pc, #236] ; (8006608 ) + 800651c: f853 3c40 ldr.w r3, [r3, #-64] + 8006520: f003 0301 and.w r3, r3, #1 + 8006524: 7013 strb r3, [r2, #0] + if (!g_rng_function) { + 8006526: 4b39 ldr r3, [pc, #228] ; (800660c ) + 8006528: 681b ldr r3, [r3, #0] + 800652a: 2b00 cmp r3, #0 + 800652c: d163 bne.n 80065f6 + uECC_vli_clear(tmp, num_n_words); + 800652e: 4621 mov r1, r4 + 8006530: 4648 mov r0, r9 + 8006532: f7ff f89d bl 8005670 + tmp[0] = 1; + 8006536: 9b03 ldr r3, [sp, #12] + 8006538: 9306 str r3, [sp, #24] + uECC_vli_modMult(k, k, tmp, curve->n, num_n_words); /* k' = rand * k */ + 800653a: 463b mov r3, r7 + 800653c: aa06 add r2, sp, #24 + 800653e: 4631 mov r1, r6 + 8006540: 4630 mov r0, r6 + 8006542: 9400 str r4, [sp, #0] + 8006544: f7ff f901 bl 800574a + uECC_vli_modInv(k, k, curve->n, num_n_words); /* k = 1 / k' */ + 8006548: 4623 mov r3, r4 + 800654a: 463a mov r2, r7 + 800654c: 4631 mov r1, r6 + 800654e: 4630 mov r0, r6 + 8006550: f7ff fcf4 bl 8005f3c + uECC_vli_modMult(k, k, tmp, curve->n, num_n_words); /* k = 1 / k */ + 8006554: 463b mov r3, r7 + 8006556: aa06 add r2, sp, #24 + 8006558: 4631 mov r1, r6 + 800655a: 4630 mov r0, r6 + 800655c: 9400 str r4, [sp, #0] + 800655e: f7ff f8f4 bl 800574a + uECC_vli_nativeToBytes(signature, curve->num_bytes, p); /* store r */ + 8006562: f995 1001 ldrsb.w r1, [r5, #1] + 8006566: 9832 ldr r0, [sp, #200] ; 0xc8 + 8006568: aa16 add r2, sp, #88 ; 0x58 + 800656a: f7ff f9c1 bl 80058f0 + uECC_vli_bytesToNative(tmp, private_key, BITS_TO_BYTES(curve->num_n_bits)); /* tmp = d */ + 800656e: f9b5 3002 ldrsh.w r3, [r5, #2] + 8006572: 1dda adds r2, r3, #7 + 8006574: bf48 it mi + 8006576: f103 020e addmi.w r2, r3, #14 + 800657a: 10d2 asrs r2, r2, #3 + 800657c: 4659 mov r1, fp + 800657e: a806 add r0, sp, #24 + 8006580: f7ff f9ca bl 8005918 + s[num_n_words - 1] = 0; + 8006584: aa26 add r2, sp, #152 ; 0x98 + 8006586: 1e63 subs r3, r4, #1 + 8006588: eb02 0383 add.w r3, r2, r3, lsl #2 + 800658c: 2200 movs r2, #0 + uECC_vli_set(s, p, num_words); + 800658e: a80e add r0, sp, #56 ; 0x38 + s[num_n_words - 1] = 0; + 8006590: f843 2c60 str.w r2, [r3, #-96] + uECC_vli_set(s, p, num_words); + 8006594: a916 add r1, sp, #88 ; 0x58 + 8006596: 4652 mov r2, sl + 8006598: f7ff f8a9 bl 80056ee + uECC_vli_modMult(s, tmp, s, curve->n, num_n_words); /* s = r*d */ + 800659c: 4602 mov r2, r0 + 800659e: 463b mov r3, r7 + 80065a0: a906 add r1, sp, #24 + 80065a2: 9400 str r4, [sp, #0] + 80065a4: f7ff f8d1 bl 800574a + bits2int(tmp, message_hash, hash_size, curve); + 80065a8: ee18 2a90 vmov r2, s17 + 80065ac: ee18 1a10 vmov r1, s16 + 80065b0: 462b mov r3, r5 + 80065b2: a806 add r0, sp, #24 + 80065b4: f7ff fa5b bl 8005a6e + uECC_vli_modAdd(s, tmp, s, curve->n, num_n_words); /* s = e + r*d */ + 80065b8: aa0e add r2, sp, #56 ; 0x38 + 80065ba: 4610 mov r0, r2 + 80065bc: 463b mov r3, r7 + 80065be: a906 add r1, sp, #24 + 80065c0: 9400 str r4, [sp, #0] + 80065c2: f7ff fd3b bl 800603c + uECC_vli_modMult(s, s, k, curve->n, num_n_words); /* s = (e + r*d) / k */ + 80065c6: a90e add r1, sp, #56 ; 0x38 + 80065c8: 4608 mov r0, r1 + 80065ca: 463b mov r3, r7 + 80065cc: 4632 mov r2, r6 + 80065ce: 9400 str r4, [sp, #0] + 80065d0: f7ff f8bb bl 800574a + if (uECC_vli_numBits(s, num_n_words) > (bitcount_t)curve->num_bytes * 8) { + 80065d4: 4621 mov r1, r4 + 80065d6: a80e add r0, sp, #56 ; 0x38 + 80065d8: f7ff f869 bl 80056ae + 80065dc: f995 1001 ldrsb.w r1, [r5, #1] + 80065e0: ebb0 0fc1 cmp.w r0, r1, lsl #3 + 80065e4: f73f af5b bgt.w 800649e + uECC_vli_nativeToBytes(signature + curve->num_bytes, curve->num_bytes, s); + 80065e8: 9b32 ldr r3, [sp, #200] ; 0xc8 + 80065ea: aa0e add r2, sp, #56 ; 0x38 + 80065ec: 1858 adds r0, r3, r1 + 80065ee: f7ff f97f bl 80058f0 + return 1; + 80065f2: 2001 movs r0, #1 + 80065f4: e754 b.n 80064a0 + } else if (!uECC_generate_random_int(tmp, curve->n, num_n_words)) { + 80065f6: 4622 mov r2, r4 + 80065f8: 4639 mov r1, r7 + 80065fa: 4648 mov r0, r9 + 80065fc: f7ff fa96 bl 8005b2c + 8006600: 2800 cmp r0, #0 + 8006602: d19a bne.n 800653a + 8006604: e74b b.n 800649e + 8006606: bf00 nop + 8006608: 2009e2a4 .word 0x2009e2a4 + 800660c: 2009e2a0 .word 0x2009e2a0 + +08006610 : + uECC_Curve curve) { + 8006610: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + 8006614: 4605 mov r5, r0 + 8006616: b093 sub sp, #76 ; 0x4c + 8006618: 460c mov r4, r1 + if (uECC_vli_isZero(Z1, num_words_secp256k1)) { + 800661a: 4610 mov r0, r2 + 800661c: 2108 movs r1, #8 + uECC_Curve curve) { + 800661e: 4617 mov r7, r2 + 8006620: 461e mov r6, r3 + if (uECC_vli_isZero(Z1, num_words_secp256k1)) { + 8006622: f7ff f82b bl 800567c + 8006626: 2800 cmp r0, #0 + 8006628: d161 bne.n 80066ee + uECC_vli_modSquare_fast(t5, Y1, curve); /* t5 = y1^2 */ + 800662a: 4632 mov r2, r6 + 800662c: 4621 mov r1, r4 + 800662e: a80a add r0, sp, #40 ; 0x28 + 8006630: f7ff f93b bl 80058aa + uECC_vli_modMult_fast(t4, X1, t5, curve); /* t4 = x1*y1^2 = A */ + 8006634: 4633 mov r3, r6 + 8006636: aa0a add r2, sp, #40 ; 0x28 + 8006638: 4629 mov r1, r5 + 800663a: a802 add r0, sp, #8 + 800663c: f7ff f925 bl 800588a + uECC_vli_modSquare_fast(X1, X1, curve); /* t1 = x1^2 */ + 8006640: 4632 mov r2, r6 + 8006642: 4629 mov r1, r5 + 8006644: 4628 mov r0, r5 + 8006646: f7ff f930 bl 80058aa + uECC_vli_modSquare_fast(t5, t5, curve); /* t5 = y1^4 */ + 800664a: a90a add r1, sp, #40 ; 0x28 + 800664c: 4608 mov r0, r1 + 800664e: 4632 mov r2, r6 + 8006650: f7ff f92b bl 80058aa + uECC_vli_modAdd(Y1, X1, X1, curve->p, num_words_secp256k1); /* t2 = 2*x1^2 */ + 8006654: f04f 0808 mov.w r8, #8 + uECC_vli_modMult_fast(Z1, Y1, Z1, curve); /* t3 = y1*z1 = z3 */ + 8006658: 463a mov r2, r7 + 800665a: 4638 mov r0, r7 + 800665c: 4633 mov r3, r6 + 800665e: 4621 mov r1, r4 + uECC_vli_modAdd(Y1, X1, X1, curve->p, num_words_secp256k1); /* t2 = 2*x1^2 */ + 8006660: 1d37 adds r7, r6, #4 + uECC_vli_modMult_fast(Z1, Y1, Z1, curve); /* t3 = y1*z1 = z3 */ + 8006662: f7ff f912 bl 800588a + uECC_vli_modAdd(Y1, X1, X1, curve->p, num_words_secp256k1); /* t2 = 2*x1^2 */ + 8006666: 463b mov r3, r7 + 8006668: 462a mov r2, r5 + 800666a: 4629 mov r1, r5 + 800666c: 4620 mov r0, r4 + 800666e: f8cd 8000 str.w r8, [sp] + 8006672: f7ff fce3 bl 800603c + uECC_vli_modAdd(Y1, Y1, X1, curve->p, num_words_secp256k1); /* t2 = 3*x1^2 */ + 8006676: 463b mov r3, r7 + 8006678: f8cd 8000 str.w r8, [sp] + 800667c: 462a mov r2, r5 + 800667e: 4621 mov r1, r4 + 8006680: 4620 mov r0, r4 + 8006682: f7ff fcdb bl 800603c + return (vli[bit >> uECC_WORD_BITS_SHIFT] & ((uECC_word_t)1 << (bit & uECC_WORD_BITS_MASK))); + 8006686: 6823 ldr r3, [r4, #0] + if (uECC_vli_testBit(Y1, 0)) { + 8006688: 07db lsls r3, r3, #31 + 800668a: d533 bpl.n 80066f4 + uECC_word_t carry = uECC_vli_add(Y1, Y1, curve->p, num_words_secp256k1); + 800668c: 463a mov r2, r7 + 800668e: 4621 mov r1, r4 + 8006690: 4620 mov r0, r4 + 8006692: f7ff fa87 bl 8005ba4 + uECC_vli_rshift1(Y1, num_words_secp256k1); + 8006696: 4641 mov r1, r8 + uECC_word_t carry = uECC_vli_add(Y1, Y1, curve->p, num_words_secp256k1); + 8006698: 4681 mov r9, r0 + uECC_vli_rshift1(Y1, num_words_secp256k1); + 800669a: 4620 mov r0, r4 + 800669c: f7ff f848 bl 8005730 + Y1[num_words_secp256k1 - 1] |= carry << (uECC_WORD_BITS - 1); + 80066a0: 69e3 ldr r3, [r4, #28] + 80066a2: ea43 73c9 orr.w r3, r3, r9, lsl #31 + 80066a6: 61e3 str r3, [r4, #28] + uECC_vli_modSquare_fast(X1, Y1, curve); /* t1 = B^2 */ + 80066a8: 4632 mov r2, r6 + 80066aa: 4621 mov r1, r4 + 80066ac: 4628 mov r0, r5 + 80066ae: f7ff f8fc bl 80058aa + uECC_vli_modSub(X1, X1, t4, curve->p, num_words_secp256k1); /* t1 = B^2 - A */ + 80066b2: 463b mov r3, r7 + 80066b4: aa02 add r2, sp, #8 + 80066b6: 4629 mov r1, r5 + 80066b8: 4628 mov r0, r5 + 80066ba: f7ff fced bl 8006098 + uECC_vli_modSub(X1, X1, t4, curve->p, num_words_secp256k1); /* t1 = B^2 - 2A = x3 */ + 80066be: 463b mov r3, r7 + 80066c0: aa02 add r2, sp, #8 + 80066c2: 4629 mov r1, r5 + 80066c4: 4628 mov r0, r5 + 80066c6: f7ff fce7 bl 8006098 + uECC_vli_modSub(t4, t4, X1, curve->p, num_words_secp256k1); /* t4 = A - x3 */ + 80066ca: a902 add r1, sp, #8 + 80066cc: 4608 mov r0, r1 + 80066ce: 463b mov r3, r7 + 80066d0: 462a mov r2, r5 + 80066d2: f7ff fce1 bl 8006098 + uECC_vli_modMult_fast(Y1, Y1, t4, curve); /* t2 = B * (A - x3) */ + 80066d6: 4633 mov r3, r6 + 80066d8: aa02 add r2, sp, #8 + 80066da: 4621 mov r1, r4 + 80066dc: 4620 mov r0, r4 + 80066de: f7ff f8d4 bl 800588a + uECC_vli_modSub(Y1, Y1, t5, curve->p, num_words_secp256k1); /* t2 = B * (A - x3) - y1^4 = y3 */ + 80066e2: 463b mov r3, r7 + 80066e4: aa0a add r2, sp, #40 ; 0x28 + 80066e6: 4621 mov r1, r4 + 80066e8: 4620 mov r0, r4 + 80066ea: f7ff fcd5 bl 8006098 +} + 80066ee: b013 add sp, #76 ; 0x4c + 80066f0: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + uECC_vli_rshift1(Y1, num_words_secp256k1); + 80066f4: 4641 mov r1, r8 + 80066f6: 4620 mov r0, r4 + 80066f8: f7ff f81a bl 8005730 + 80066fc: e7d4 b.n 80066a8 + +080066fe : +static void x_side_default(uECC_word_t *result, const uECC_word_t *x, uECC_Curve curve) { + 80066fe: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 8006702: b08a sub sp, #40 ; 0x28 + 8006704: 4604 mov r4, r0 + 8006706: 4615 mov r5, r2 + 8006708: 460e mov r6, r1 + uECC_word_t _3[uECC_MAX_WORDS] = {3}; /* -a = 3 */ + 800670a: 221c movs r2, #28 + 800670c: 2100 movs r1, #0 + 800670e: a803 add r0, sp, #12 + 8006710: f006 ff7e bl 800d610 + uECC_vli_modSub(result, result, _3, curve->p, num_words); /* r = x^2 - 3 */ + 8006714: 1d2f adds r7, r5, #4 + uECC_word_t _3[uECC_MAX_WORDS] = {3}; /* -a = 3 */ + 8006716: 2303 movs r3, #3 + uECC_vli_modSquare_fast(result, x, curve); /* r = x^2 */ + 8006718: 462a mov r2, r5 + 800671a: 4631 mov r1, r6 + 800671c: 4620 mov r0, r4 + wordcount_t num_words = curve->num_words; + 800671e: f995 8000 ldrsb.w r8, [r5] + uECC_word_t _3[uECC_MAX_WORDS] = {3}; /* -a = 3 */ + 8006722: 9302 str r3, [sp, #8] + uECC_vli_modSquare_fast(result, x, curve); /* r = x^2 */ + 8006724: f7ff f8c1 bl 80058aa + uECC_vli_modSub(result, result, _3, curve->p, num_words); /* r = x^2 - 3 */ + 8006728: 463b mov r3, r7 + 800672a: aa02 add r2, sp, #8 + 800672c: 4621 mov r1, r4 + 800672e: 4620 mov r0, r4 + 8006730: f7ff fcb2 bl 8006098 + uECC_vli_modMult_fast(result, result, x, curve); /* r = x^3 - 3x */ + 8006734: 462b mov r3, r5 + 8006736: 4632 mov r2, r6 + 8006738: 4621 mov r1, r4 + 800673a: 4620 mov r0, r4 + 800673c: f7ff f8a5 bl 800588a + uECC_vli_modAdd(result, result, curve->b, curve->p, num_words); /* r = x^3 - 3x + b */ + 8006740: f8cd 8000 str.w r8, [sp] + 8006744: 463b mov r3, r7 + 8006746: f105 0284 add.w r2, r5, #132 ; 0x84 + 800674a: 4621 mov r1, r4 + 800674c: 4620 mov r0, r4 + 800674e: f7ff fc75 bl 800603c +} + 8006752: b00a add sp, #40 ; 0x28 + 8006754: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + +08006758 : + uECC_Curve curve) { + 8006758: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + wordcount_t num_words = curve->num_words; + 800675c: f993 8000 ldrsb.w r8, [r3] + uECC_Curve curve) { + 8006760: b092 sub sp, #72 ; 0x48 + 8006762: 4604 mov r4, r0 + 8006764: 4689 mov r9, r1 + if (uECC_vli_isZero(Z1, num_words)) { + 8006766: 4610 mov r0, r2 + 8006768: 4641 mov r1, r8 + uECC_Curve curve) { + 800676a: 4615 mov r5, r2 + 800676c: 461e mov r6, r3 + if (uECC_vli_isZero(Z1, num_words)) { + 800676e: f7fe ff85 bl 800567c + 8006772: 2800 cmp r0, #0 + 8006774: f040 808e bne.w 8006894 + uECC_vli_modSquare_fast(t4, Y1, curve); /* t4 = y1^2 */ + 8006778: 4632 mov r2, r6 + 800677a: 4649 mov r1, r9 + 800677c: a802 add r0, sp, #8 + 800677e: f7ff f894 bl 80058aa + uECC_vli_modMult_fast(t5, X1, t4, curve); /* t5 = x1*y1^2 = A */ + 8006782: 4633 mov r3, r6 + 8006784: aa02 add r2, sp, #8 + 8006786: 4621 mov r1, r4 + 8006788: a80a add r0, sp, #40 ; 0x28 + 800678a: f7ff f87e bl 800588a + uECC_vli_modSquare_fast(t4, t4, curve); /* t4 = y1^4 */ + 800678e: a902 add r1, sp, #8 + 8006790: 4608 mov r0, r1 + 8006792: 4632 mov r2, r6 + 8006794: f7ff f889 bl 80058aa + uECC_vli_modMult_fast(Y1, Y1, Z1, curve); /* t2 = y1*z1 = z3 */ + 8006798: 4633 mov r3, r6 + 800679a: 462a mov r2, r5 + 800679c: 4649 mov r1, r9 + 800679e: 4648 mov r0, r9 + 80067a0: f7ff f873 bl 800588a + uECC_vli_modAdd(X1, X1, Z1, curve->p, num_words); /* t1 = x1 + z1^2 */ + 80067a4: 1d37 adds r7, r6, #4 + uECC_vli_modSquare_fast(Z1, Z1, curve); /* t3 = z1^2 */ + 80067a6: 4632 mov r2, r6 + 80067a8: 4629 mov r1, r5 + 80067aa: 4628 mov r0, r5 + 80067ac: f7ff f87d bl 80058aa + uECC_vli_modAdd(X1, X1, Z1, curve->p, num_words); /* t1 = x1 + z1^2 */ + 80067b0: 463b mov r3, r7 + 80067b2: 462a mov r2, r5 + 80067b4: 4621 mov r1, r4 + 80067b6: 4620 mov r0, r4 + 80067b8: f8cd 8000 str.w r8, [sp] + 80067bc: f7ff fc3e bl 800603c + uECC_vli_modAdd(Z1, Z1, Z1, curve->p, num_words); /* t3 = 2*z1^2 */ + 80067c0: 463b mov r3, r7 + 80067c2: 462a mov r2, r5 + 80067c4: 4629 mov r1, r5 + 80067c6: 4628 mov r0, r5 + 80067c8: f8cd 8000 str.w r8, [sp] + 80067cc: f7ff fc36 bl 800603c + uECC_vli_modSub(Z1, X1, Z1, curve->p, num_words); /* t3 = x1 - z1^2 */ + 80067d0: 463b mov r3, r7 + 80067d2: 462a mov r2, r5 + 80067d4: 4621 mov r1, r4 + 80067d6: 4628 mov r0, r5 + 80067d8: f7ff fc5e bl 8006098 + uECC_vli_modMult_fast(X1, X1, Z1, curve); /* t1 = x1^2 - z1^4 */ + 80067dc: 4633 mov r3, r6 + 80067de: 462a mov r2, r5 + 80067e0: 4621 mov r1, r4 + 80067e2: 4620 mov r0, r4 + 80067e4: f7ff f851 bl 800588a + uECC_vli_modAdd(Z1, X1, X1, curve->p, num_words); /* t3 = 2*(x1^2 - z1^4) */ + 80067e8: 463b mov r3, r7 + 80067ea: 4622 mov r2, r4 + 80067ec: 4621 mov r1, r4 + 80067ee: 4628 mov r0, r5 + 80067f0: f8cd 8000 str.w r8, [sp] + 80067f4: f7ff fc22 bl 800603c + uECC_vli_modAdd(X1, X1, Z1, curve->p, num_words); /* t1 = 3*(x1^2 - z1^4) */ + 80067f8: 463b mov r3, r7 + 80067fa: f8cd 8000 str.w r8, [sp] + 80067fe: 462a mov r2, r5 + 8006800: 4621 mov r1, r4 + 8006802: 4620 mov r0, r4 + 8006804: f7ff fc1a bl 800603c + 8006808: 6823 ldr r3, [r4, #0] + if (uECC_vli_testBit(X1, 0)) { + 800680a: 07db lsls r3, r3, #31 + 800680c: d545 bpl.n 800689a + uECC_word_t l_carry = uECC_vli_add(X1, X1, curve->p, num_words); + 800680e: 463a mov r2, r7 + 8006810: 4621 mov r1, r4 + 8006812: 4620 mov r0, r4 + 8006814: f7ff f9c6 bl 8005ba4 + uECC_vli_rshift1(X1, num_words); + 8006818: 4641 mov r1, r8 + uECC_word_t l_carry = uECC_vli_add(X1, X1, curve->p, num_words); + 800681a: 4682 mov sl, r0 + uECC_vli_rshift1(X1, num_words); + 800681c: 4620 mov r0, r4 + 800681e: f7fe ff87 bl 8005730 + X1[num_words - 1] |= l_carry << (uECC_WORD_BITS - 1); + 8006822: f108 4380 add.w r3, r8, #1073741824 ; 0x40000000 + 8006826: 3b01 subs r3, #1 + 8006828: f854 2023 ldr.w r2, [r4, r3, lsl #2] + 800682c: ea42 72ca orr.w r2, r2, sl, lsl #31 + 8006830: f844 2023 str.w r2, [r4, r3, lsl #2] + uECC_vli_modSquare_fast(Z1, X1, curve); /* t3 = B^2 */ + 8006834: 4632 mov r2, r6 + 8006836: 4621 mov r1, r4 + 8006838: 4628 mov r0, r5 + 800683a: f7ff f836 bl 80058aa + uECC_vli_modSub(Z1, Z1, t5, curve->p, num_words); /* t3 = B^2 - A */ + 800683e: 463b mov r3, r7 + 8006840: aa0a add r2, sp, #40 ; 0x28 + 8006842: 4629 mov r1, r5 + 8006844: 4628 mov r0, r5 + 8006846: f7ff fc27 bl 8006098 + uECC_vli_modSub(Z1, Z1, t5, curve->p, num_words); /* t3 = B^2 - 2A = x3 */ + 800684a: 463b mov r3, r7 + 800684c: aa0a add r2, sp, #40 ; 0x28 + 800684e: 4629 mov r1, r5 + 8006850: 4628 mov r0, r5 + 8006852: f7ff fc21 bl 8006098 + uECC_vli_modSub(t5, t5, Z1, curve->p, num_words); /* t5 = A - x3 */ + 8006856: a90a add r1, sp, #40 ; 0x28 + 8006858: 4608 mov r0, r1 + 800685a: 463b mov r3, r7 + 800685c: 462a mov r2, r5 + 800685e: f7ff fc1b bl 8006098 + uECC_vli_modMult_fast(X1, X1, t5, curve); /* t1 = B * (A - x3) */ + 8006862: 4633 mov r3, r6 + 8006864: aa0a add r2, sp, #40 ; 0x28 + 8006866: 4621 mov r1, r4 + 8006868: 4620 mov r0, r4 + 800686a: f7ff f80e bl 800588a + uECC_vli_modSub(t4, X1, t4, curve->p, num_words); /* t4 = B * (A - x3) - y1^4 = y3 */ + 800686e: aa02 add r2, sp, #8 + 8006870: 463b mov r3, r7 + 8006872: 4610 mov r0, r2 + 8006874: 4621 mov r1, r4 + 8006876: f7ff fc0f bl 8006098 + uECC_vli_set(X1, Z1, num_words); + 800687a: 4642 mov r2, r8 + 800687c: 4629 mov r1, r5 + 800687e: 4620 mov r0, r4 + 8006880: f7fe ff35 bl 80056ee + uECC_vli_set(Z1, Y1, num_words); + 8006884: 4649 mov r1, r9 + 8006886: 4628 mov r0, r5 + 8006888: f7fe ff31 bl 80056ee + uECC_vli_set(Y1, t4, num_words); + 800688c: a902 add r1, sp, #8 + 800688e: 4648 mov r0, r9 + 8006890: f7fe ff2d bl 80056ee +} + 8006894: b012 add sp, #72 ; 0x48 + 8006896: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + uECC_vli_rshift1(X1, num_words); + 800689a: 4641 mov r1, r8 + 800689c: 4620 mov r0, r4 + 800689e: f7fe ff47 bl 8005730 + 80068a2: e7c7 b.n 8006834 + +080068a4 : + g_rng_function = rng_function; + 80068a4: 4b01 ldr r3, [pc, #4] ; (80068ac ) + 80068a6: 6018 str r0, [r3, #0] +} + 80068a8: 4770 bx lr + 80068aa: bf00 nop + 80068ac: 2009e2a0 .word 0x2009e2a0 + +080068b0 : +uECC_Curve uECC_secp256r1(void) { return &curve_secp256r1; } + 80068b0: 4800 ldr r0, [pc, #0] ; (80068b4 ) + 80068b2: 4770 bx lr + 80068b4: 0800e89c .word 0x0800e89c + +080068b8 : +uECC_Curve uECC_secp256k1(void) { return &curve_secp256k1; } + 80068b8: 4800 ldr r0, [pc, #0] ; (80068bc ) + 80068ba: 4770 bx lr + 80068bc: 0800e7e8 .word 0x0800e7e8 + +080068c0 : + uECC_Curve curve) { + 80068c0: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 80068c4: 4605 mov r5, r0 + 80068c6: b098 sub sp, #96 ; 0x60 + 80068c8: 460f mov r7, r1 + 80068ca: 4614 mov r4, r2 + 80068cc: 2640 movs r6, #64 ; 0x40 + if (!uECC_generate_random_int(private, curve->n, BITS_TO_WORDS(curve->num_n_bits))) { + 80068ce: f102 0824 add.w r8, r2, #36 ; 0x24 + 80068d2: f9b4 3002 ldrsh.w r3, [r4, #2] + 80068d6: f113 021f adds.w r2, r3, #31 + 80068da: bf48 it mi + 80068dc: f103 023e addmi.w r2, r3, #62 ; 0x3e + 80068e0: f342 1247 sbfx r2, r2, #5, #8 + 80068e4: 4641 mov r1, r8 + 80068e6: 4668 mov r0, sp + 80068e8: f7ff f920 bl 8005b2c + 80068ec: b330 cbz r0, 800693c + if (EccPoint_compute_public_key(public, private, curve)) { + 80068ee: 4622 mov r2, r4 + 80068f0: 4669 mov r1, sp + 80068f2: a808 add r0, sp, #32 + 80068f4: f7ff fd8f bl 8006416 + 80068f8: b1f0 cbz r0, 8006938 + uECC_vli_nativeToBytes(private_key, BITS_TO_BYTES(curve->num_n_bits), private); + 80068fa: f9b4 3002 ldrsh.w r3, [r4, #2] + 80068fe: 1dd9 adds r1, r3, #7 + 8006900: bf48 it mi + 8006902: f103 010e addmi.w r1, r3, #14 + 8006906: 466a mov r2, sp + 8006908: 10c9 asrs r1, r1, #3 + 800690a: 4638 mov r0, r7 + 800690c: f7fe fff0 bl 80058f0 + uECC_vli_nativeToBytes(public_key, curve->num_bytes, public); + 8006910: f994 1001 ldrsb.w r1, [r4, #1] + 8006914: aa08 add r2, sp, #32 + 8006916: 4628 mov r0, r5 + 8006918: f7fe ffea bl 80058f0 + public_key + curve->num_bytes, curve->num_bytes, public + curve->num_words); + 800691c: f994 1001 ldrsb.w r1, [r4, #1] + 8006920: f994 2000 ldrsb.w r2, [r4] + uECC_vli_nativeToBytes( + 8006924: ab08 add r3, sp, #32 + 8006926: 1868 adds r0, r5, r1 + 8006928: eb03 0282 add.w r2, r3, r2, lsl #2 + 800692c: f7fe ffe0 bl 80058f0 + return 1; + 8006930: 2001 movs r0, #1 +} + 8006932: b018 add sp, #96 ; 0x60 + 8006934: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) { + 8006938: 3e01 subs r6, #1 + 800693a: d1ca bne.n 80068d2 + return 0; + 800693c: 2000 movs r0, #0 + 800693e: e7f8 b.n 8006932 + +08006940 : + uECC_Curve curve) { + 8006940: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 8006944: 461c mov r4, r3 + wordcount_t num_bytes = curve->num_bytes; + 8006946: f993 6001 ldrsb.w r6, [r3, #1] + wordcount_t num_words = curve->num_words; + 800694a: f993 9000 ldrsb.w r9, [r3] + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 800694e: f9b3 3002 ldrsh.w r3, [r3, #2] + uECC_Curve curve) { + 8006952: b0a6 sub sp, #152 ; 0x98 + 8006954: 4617 mov r7, r2 + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006956: 1dda adds r2, r3, #7 + 8006958: bf48 it mi + 800695a: f103 020e addmi.w r2, r3, #14 + uECC_word_t *p2[2] = {private, tmp}; + 800695e: f10d 0818 add.w r8, sp, #24 + uECC_Curve curve) { + 8006962: 4605 mov r5, r0 + uECC_word_t *p2[2] = {private, tmp}; + 8006964: f10d 0a38 add.w sl, sp, #56 ; 0x38 + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006968: 10d2 asrs r2, r2, #3 + 800696a: 4640 mov r0, r8 + uECC_word_t *p2[2] = {private, tmp}; + 800696c: f8cd 8010 str.w r8, [sp, #16] + 8006970: f8cd a014 str.w sl, [sp, #20] + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006974: f7fe ffd0 bl 8005918 + uECC_vli_bytesToNative(public, public_key, num_bytes); + 8006978: 4629 mov r1, r5 + 800697a: 4632 mov r2, r6 + 800697c: a816 add r0, sp, #88 ; 0x58 + 800697e: f7fe ffcb bl 8005918 + uECC_vli_bytesToNative(public + num_words, public_key + num_bytes, num_bytes); + 8006982: ab16 add r3, sp, #88 ; 0x58 + 8006984: 19a9 adds r1, r5, r6 + 8006986: eb03 0089 add.w r0, r3, r9, lsl #2 + 800698a: 4632 mov r2, r6 + 800698c: f7fe ffc4 bl 8005918 + carry = regularize_k(private, private, tmp, curve); + 8006990: 4623 mov r3, r4 + 8006992: 4652 mov r2, sl + 8006994: 4641 mov r1, r8 + 8006996: 4640 mov r0, r8 + 8006998: f7ff f929 bl 8005bee + if (g_rng_function) { + 800699c: 4b19 ldr r3, [pc, #100] ; (8006a04 ) + 800699e: 681b ldr r3, [r3, #0] + carry = regularize_k(private, private, tmp, curve); + 80069a0: 4605 mov r5, r0 + if (g_rng_function) { + 80069a2: b163 cbz r3, 80069be + if (!uECC_generate_random_int(p2[carry], curve->p, num_words)) { + 80069a4: ab26 add r3, sp, #152 ; 0x98 + 80069a6: eb03 0380 add.w r3, r3, r0, lsl #2 + 80069aa: 464a mov r2, r9 + 80069ac: f853 3c88 ldr.w r3, [r3, #-136] + 80069b0: 9303 str r3, [sp, #12] + 80069b2: 4618 mov r0, r3 + 80069b4: 1d21 adds r1, r4, #4 + 80069b6: f7ff f8b9 bl 8005b2c + 80069ba: 9b03 ldr r3, [sp, #12] + 80069bc: b1f0 cbz r0, 80069fc + EccPoint_mult(public, public, p2[!carry], initial_Z, curve->num_n_bits + 1, curve); + 80069be: fab5 f185 clz r1, r5 + 80069c2: aa26 add r2, sp, #152 ; 0x98 + 80069c4: 0949 lsrs r1, r1, #5 + 80069c6: eb02 0181 add.w r1, r2, r1, lsl #2 + 80069ca: 8862 ldrh r2, [r4, #2] + 80069cc: 9401 str r4, [sp, #4] + 80069ce: 3201 adds r2, #1 + 80069d0: b212 sxth r2, r2 + 80069d2: 9200 str r2, [sp, #0] + 80069d4: f851 2c88 ldr.w r2, [r1, #-136] + 80069d8: a916 add r1, sp, #88 ; 0x58 + 80069da: 4608 mov r0, r1 + 80069dc: f7ff fc50 bl 8006280 + uECC_vli_nativeToBytes(secret, num_bytes, public); + 80069e0: aa16 add r2, sp, #88 ; 0x58 + 80069e2: 4631 mov r1, r6 + 80069e4: 4638 mov r0, r7 + 80069e6: f7fe ff83 bl 80058f0 + return !EccPoint_isZero(public, curve); + 80069ea: 7821 ldrb r1, [r4, #0] + 80069ec: 0049 lsls r1, r1, #1 + 80069ee: b249 sxtb r1, r1 + 80069f0: 4610 mov r0, r2 + 80069f2: f7fe fe43 bl 800567c + 80069f6: fab0 f080 clz r0, r0 + 80069fa: 0940 lsrs r0, r0, #5 +} + 80069fc: b026 add sp, #152 ; 0x98 + 80069fe: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + 8006a02: bf00 nop + 8006a04: 2009e2a0 .word 0x2009e2a0 + +08006a08 : +void uECC_compress(const uint8_t *public_key, uint8_t *compressed, uECC_Curve curve) { + 8006a08: b530 push {r4, r5, lr} + for (i = 0; i < curve->num_bytes; ++i) { + 8006a0a: 2400 movs r4, #0 + 8006a0c: f992 5001 ldrsb.w r5, [r2, #1] + 8006a10: b263 sxtb r3, r4 + 8006a12: 429d cmp r5, r3 + 8006a14: dc08 bgt.n 8006a28 + compressed[0] = 2 + (public_key[curve->num_bytes * 2 - 1] & 0x01); + 8006a16: eb00 0045 add.w r0, r0, r5, lsl #1 + 8006a1a: f810 3c01 ldrb.w r3, [r0, #-1] + 8006a1e: f003 0301 and.w r3, r3, #1 + 8006a22: 3302 adds r3, #2 + 8006a24: 700b strb r3, [r1, #0] +} + 8006a26: bd30 pop {r4, r5, pc} + compressed[i+1] = public_key[i]; + 8006a28: 5cc5 ldrb r5, [r0, r3] + 8006a2a: 440b add r3, r1 + 8006a2c: 3401 adds r4, #1 + 8006a2e: 705d strb r5, [r3, #1] + for (i = 0; i < curve->num_bytes; ++i) { + 8006a30: e7ec b.n 8006a0c + +08006a32 : +void uECC_decompress(const uint8_t *compressed, uint8_t *public_key, uECC_Curve curve) { + 8006a32: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + uECC_word_t *y = point + curve->num_words; + 8006a36: f992 8000 ldrsb.w r8, [r2] +void uECC_decompress(const uint8_t *compressed, uint8_t *public_key, uECC_Curve curve) { + 8006a3a: b090 sub sp, #64 ; 0x40 + 8006a3c: 4614 mov r4, r2 + 8006a3e: 4607 mov r7, r0 + uECC_vli_bytesToNative(point, compressed + 1, curve->num_bytes); + 8006a40: f992 2001 ldrsb.w r2, [r2, #1] + uECC_word_t *y = point + curve->num_words; + 8006a44: eb0d 0588 add.w r5, sp, r8, lsl #2 +void uECC_decompress(const uint8_t *compressed, uint8_t *public_key, uECC_Curve curve) { + 8006a48: 460e mov r6, r1 + uECC_vli_bytesToNative(point, compressed + 1, curve->num_bytes); + 8006a4a: 1c41 adds r1, r0, #1 + 8006a4c: 4668 mov r0, sp + 8006a4e: f7fe ff63 bl 8005918 + curve->x_side(y, point, curve); + 8006a52: 4622 mov r2, r4 + 8006a54: f8d4 30ac ldr.w r3, [r4, #172] ; 0xac + 8006a58: 4669 mov r1, sp + 8006a5a: 4628 mov r0, r5 + 8006a5c: 4798 blx r3 + curve->mod_sqrt(y, curve); + 8006a5e: f8d4 30a8 ldr.w r3, [r4, #168] ; 0xa8 + 8006a62: 4621 mov r1, r4 + 8006a64: 4628 mov r0, r5 + 8006a66: 4798 blx r3 + if ((y[0] & 0x01) != (compressed[0] & 0x01)) { + 8006a68: 783b ldrb r3, [r7, #0] + 8006a6a: f85d 2028 ldr.w r2, [sp, r8, lsl #2] + 8006a6e: 4053 eors r3, r2 + 8006a70: 07db lsls r3, r3, #31 + 8006a72: d504 bpl.n 8006a7e + uECC_vli_sub(y, curve->p, y, curve->num_words); + 8006a74: 462a mov r2, r5 + 8006a76: 1d21 adds r1, r4, #4 + 8006a78: 4628 mov r0, r5 + 8006a7a: f7fe ffd1 bl 8005a20 + uECC_vli_nativeToBytes(public_key, curve->num_bytes, point); + 8006a7e: f994 1001 ldrsb.w r1, [r4, #1] + 8006a82: 466a mov r2, sp + 8006a84: 4630 mov r0, r6 + 8006a86: f7fe ff33 bl 80058f0 + uECC_vli_nativeToBytes(public_key + curve->num_bytes, curve->num_bytes, y); + 8006a8a: f994 1001 ldrsb.w r1, [r4, #1] + 8006a8e: 462a mov r2, r5 + 8006a90: 1870 adds r0, r6, r1 + 8006a92: f7fe ff2d bl 80058f0 +} + 8006a96: b010 add sp, #64 ; 0x40 + 8006a98: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + +08006a9c : +int uECC_valid_point(const uECC_word_t *point, uECC_Curve curve) { + 8006a9c: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + if (EccPoint_isZero(point, curve)) { + 8006aa0: 780d ldrb r5, [r1, #0] + wordcount_t num_words = curve->num_words; + 8006aa2: f991 2000 ldrsb.w r2, [r1] +int uECC_valid_point(const uECC_word_t *point, uECC_Curve curve) { + 8006aa6: b092 sub sp, #72 ; 0x48 + 8006aa8: 460e mov r6, r1 + if (EccPoint_isZero(point, curve)) { + 8006aaa: 0069 lsls r1, r5, #1 + 8006aac: b249 sxtb r1, r1 +int uECC_valid_point(const uECC_word_t *point, uECC_Curve curve) { + 8006aae: 4607 mov r7, r0 + wordcount_t num_words = curve->num_words; + 8006ab0: 9201 str r2, [sp, #4] + if (EccPoint_isZero(point, curve)) { + 8006ab2: f7fe fde3 bl 800567c + 8006ab6: 4604 mov r4, r0 + 8006ab8: bb80 cbnz r0, 8006b1c + if (uECC_vli_cmp_unsafe(curve->p, point, num_words) != 1 || + 8006aba: f106 0804 add.w r8, r6, #4 + 8006abe: 9a01 ldr r2, [sp, #4] + 8006ac0: 4639 mov r1, r7 + 8006ac2: 4640 mov r0, r8 + 8006ac4: f7fe fe1f bl 8005706 + 8006ac8: 2801 cmp r0, #1 + 8006aca: d11a bne.n 8006b02 + uECC_vli_cmp_unsafe(curve->p, point + num_words, num_words) != 1) { + 8006acc: 9a01 ldr r2, [sp, #4] + 8006ace: 4640 mov r0, r8 + 8006ad0: eb07 0182 add.w r1, r7, r2, lsl #2 + 8006ad4: f7fe fe17 bl 8005706 + if (uECC_vli_cmp_unsafe(curve->p, point, num_words) != 1 || + 8006ad8: 2801 cmp r0, #1 + 8006ada: d112 bne.n 8006b02 + uECC_vli_modSquare_fast(tmp1, point + num_words, curve); + 8006adc: 4632 mov r2, r6 + 8006ade: a802 add r0, sp, #8 + curve->x_side(tmp2, point, curve); /* tmp2 = x^3 + ax + b */ + 8006ae0: f10d 0828 add.w r8, sp, #40 ; 0x28 + uECC_vli_modSquare_fast(tmp1, point + num_words, curve); + 8006ae4: f7fe fee1 bl 80058aa + curve->x_side(tmp2, point, curve); /* tmp2 = x^3 + ax + b */ + 8006ae8: f8d6 30ac ldr.w r3, [r6, #172] ; 0xac + 8006aec: 4632 mov r2, r6 + 8006aee: 4639 mov r1, r7 + 8006af0: 4640 mov r0, r8 + 8006af2: 4798 blx r3 + for (i = num_words - 1; i >= 0; --i) { + 8006af4: 1e6b subs r3, r5, #1 + 8006af6: b25b sxtb r3, r3 + 8006af8: 061a lsls r2, r3, #24 + 8006afa: d506 bpl.n 8006b0a + return (diff == 0); + 8006afc: fab4 f484 clz r4, r4 + 8006b00: 0964 lsrs r4, r4, #5 +} + 8006b02: 4620 mov r0, r4 + 8006b04: b012 add sp, #72 ; 0x48 + 8006b06: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + diff |= (left[i] ^ right[i]); + 8006b0a: aa02 add r2, sp, #8 + 8006b0c: f858 1023 ldr.w r1, [r8, r3, lsl #2] + 8006b10: f852 2023 ldr.w r2, [r2, r3, lsl #2] + 8006b14: 404a eors r2, r1 + 8006b16: 4314 orrs r4, r2 + for (i = num_words - 1; i >= 0; --i) { + 8006b18: 3b01 subs r3, #1 + 8006b1a: e7ed b.n 8006af8 + return 0; + 8006b1c: 2400 movs r4, #0 + 8006b1e: e7f0 b.n 8006b02 + +08006b20 : +int uECC_valid_public_key(const uint8_t *public_key, uECC_Curve curve) { + 8006b20: b530 push {r4, r5, lr} + 8006b22: 460c mov r4, r1 + 8006b24: b091 sub sp, #68 ; 0x44 + uECC_vli_bytesToNative(public, public_key, curve->num_bytes); + 8006b26: f991 2001 ldrsb.w r2, [r1, #1] +int uECC_valid_public_key(const uint8_t *public_key, uECC_Curve curve) { + 8006b2a: 4605 mov r5, r0 + uECC_vli_bytesToNative(public, public_key, curve->num_bytes); + 8006b2c: 4601 mov r1, r0 + 8006b2e: 4668 mov r0, sp + 8006b30: f7fe fef2 bl 8005918 + public + curve->num_words, public_key + curve->num_bytes, curve->num_bytes); + 8006b34: f994 2001 ldrsb.w r2, [r4, #1] + 8006b38: f994 0000 ldrsb.w r0, [r4] + uECC_vli_bytesToNative( + 8006b3c: 18a9 adds r1, r5, r2 + 8006b3e: eb0d 0080 add.w r0, sp, r0, lsl #2 + 8006b42: f7fe fee9 bl 8005918 + return uECC_valid_point(public, curve); + 8006b46: 4621 mov r1, r4 + 8006b48: 4668 mov r0, sp + 8006b4a: f7ff ffa7 bl 8006a9c +} + 8006b4e: b011 add sp, #68 ; 0x44 + 8006b50: bd30 pop {r4, r5, pc} + +08006b52 : +int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key, uECC_Curve curve) { + 8006b52: b570 push {r4, r5, r6, lr} + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006b54: f9b2 3002 ldrsh.w r3, [r2, #2] +int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key, uECC_Curve curve) { + 8006b58: 4614 mov r4, r2 + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006b5a: 1dda adds r2, r3, #7 + 8006b5c: bf48 it mi + 8006b5e: f103 020e addmi.w r2, r3, #14 +int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key, uECC_Curve curve) { + 8006b62: b098 sub sp, #96 ; 0x60 + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006b64: 10d2 asrs r2, r2, #3 +int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key, uECC_Curve curve) { + 8006b66: 460e mov r6, r1 + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006b68: 4601 mov r1, r0 + 8006b6a: 4668 mov r0, sp + 8006b6c: f7fe fed4 bl 8005918 + if (uECC_vli_isZero(private, BITS_TO_WORDS(curve->num_n_bits))) { + 8006b70: f9b4 3002 ldrsh.w r3, [r4, #2] + 8006b74: f113 021f adds.w r2, r3, #31 + 8006b78: bf48 it mi + 8006b7a: f103 023e addmi.w r2, r3, #62 ; 0x3e + 8006b7e: f342 1147 sbfx r1, r2, #5, #8 + 8006b82: 4668 mov r0, sp + 8006b84: f7fe fd7a bl 800567c + 8006b88: b110 cbz r0, 8006b90 + return 0; + 8006b8a: 2000 movs r0, #0 +} + 8006b8c: b018 add sp, #96 ; 0x60 + 8006b8e: bd70 pop {r4, r5, r6, pc} + if (uECC_vli_cmp(curve->n, private, BITS_TO_WORDS(curve->num_n_bits)) != 1) { + 8006b90: 460a mov r2, r1 + 8006b92: f104 0024 add.w r0, r4, #36 ; 0x24 + 8006b96: 4669 mov r1, sp + 8006b98: f7fe ffb0 bl 8005afc + 8006b9c: 2801 cmp r0, #1 + 8006b9e: 4605 mov r5, r0 + 8006ba0: d1f3 bne.n 8006b8a + if (!EccPoint_compute_public_key(public, private, curve)) { + 8006ba2: 4622 mov r2, r4 + 8006ba4: 4669 mov r1, sp + 8006ba6: a808 add r0, sp, #32 + 8006ba8: f7ff fc35 bl 8006416 + 8006bac: 2800 cmp r0, #0 + 8006bae: d0ec beq.n 8006b8a + uECC_vli_nativeToBytes(public_key, curve->num_bytes, public); + 8006bb0: f994 1001 ldrsb.w r1, [r4, #1] + 8006bb4: aa08 add r2, sp, #32 + 8006bb6: 4630 mov r0, r6 + 8006bb8: f7fe fe9a bl 80058f0 + public_key + curve->num_bytes, curve->num_bytes, public + curve->num_words); + 8006bbc: f994 1001 ldrsb.w r1, [r4, #1] + 8006bc0: f994 2000 ldrsb.w r2, [r4] + uECC_vli_nativeToBytes( + 8006bc4: ab08 add r3, sp, #32 + 8006bc6: 1870 adds r0, r6, r1 + 8006bc8: eb03 0282 add.w r2, r3, r2, lsl #2 + 8006bcc: f7fe fe90 bl 80058f0 + return 1; + 8006bd0: 4628 mov r0, r5 + 8006bd2: e7db b.n 8006b8c + +08006bd4 : + uECC_Curve curve) { + 8006bd4: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 8006bd8: b08a sub sp, #40 ; 0x28 + 8006bda: 4605 mov r5, r0 + 8006bdc: f8dd 9048 ldr.w r9, [sp, #72] ; 0x48 + 8006be0: 460e mov r6, r1 + 8006be2: 4617 mov r7, r2 + 8006be4: 4698 mov r8, r3 + 8006be6: 2440 movs r4, #64 ; 0x40 + if (!uECC_generate_random_int(k, curve->n, BITS_TO_WORDS(curve->num_n_bits))) { + 8006be8: f109 0a24 add.w sl, r9, #36 ; 0x24 + 8006bec: f9b9 3002 ldrsh.w r3, [r9, #2] + 8006bf0: f113 021f adds.w r2, r3, #31 + 8006bf4: bf48 it mi + 8006bf6: f103 023e addmi.w r2, r3, #62 ; 0x3e + 8006bfa: f342 1247 sbfx r2, r2, #5, #8 + 8006bfe: 4651 mov r1, sl + 8006c00: a802 add r0, sp, #8 + 8006c02: f7fe ff93 bl 8005b2c + 8006c06: b150 cbz r0, 8006c1e + if (uECC_sign_with_k(private_key, message_hash, hash_size, k, signature, curve)) { + 8006c08: e9cd 8900 strd r8, r9, [sp] + 8006c0c: ab02 add r3, sp, #8 + 8006c0e: 463a mov r2, r7 + 8006c10: 4631 mov r1, r6 + 8006c12: 4628 mov r0, r5 + 8006c14: f7ff fc2a bl 800646c + 8006c18: b928 cbnz r0, 8006c26 + for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) { + 8006c1a: 3c01 subs r4, #1 + 8006c1c: d1e6 bne.n 8006bec + return 0; + 8006c1e: 2000 movs r0, #0 +} + 8006c20: b00a add sp, #40 ; 0x28 + 8006c22: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + return 1; + 8006c26: 2001 movs r0, #1 + 8006c28: e7fa b.n 8006c20 + +08006c2a : +int uECC_sign_deterministic(const uint8_t *private_key, + const uint8_t *message_hash, + unsigned hash_size, + uECC_HashContext *hash_context, + uint8_t *signature, + uECC_Curve curve) { + 8006c2a: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 8006c2e: b091 sub sp, #68 ; 0x44 + 8006c30: 4693 mov fp, r2 + uint8_t *K = hash_context->tmp; + uint8_t *V = K + hash_context->result_size; + wordcount_t num_bytes = curve->num_bytes; + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8006c32: 9a1b ldr r2, [sp, #108] ; 0x6c + 8006c34: f9b2 8002 ldrsh.w r8, [r2, #2] + uint8_t *V = K + hash_context->result_size; + 8006c38: e9d3 6504 ldrd r6, r5, [r3, #16] + uECC_Curve curve) { + 8006c3c: 461c mov r4, r3 + wordcount_t num_bytes = curve->num_bytes; + 8006c3e: 9b1b ldr r3, [sp, #108] ; 0x6c + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8006c40: f118 071f adds.w r7, r8, #31 + 8006c44: bf48 it mi + 8006c46: f108 073e addmi.w r7, r8, #62 ; 0x3e + bitcount_t num_n_bits = curve->num_n_bits; + uECC_word_t tries; + unsigned i; + for (i = 0; i < hash_context->result_size; ++i) { + 8006c4a: 2200 movs r2, #0 + wordcount_t num_bytes = curve->num_bytes; + 8006c4c: f993 3001 ldrsb.w r3, [r3, #1] + uECC_Curve curve) { + 8006c50: 4681 mov r9, r0 + 8006c52: 468a mov sl, r1 + uint8_t *V = K + hash_context->result_size; + 8006c54: 442e add r6, r5 + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8006c56: f347 1747 sbfx r7, r7, #5, #8 + V[i] = 0x01; + 8006c5a: 2001 movs r0, #1 + K[i] = 0; + 8006c5c: 4694 mov ip, r2 + for (i = 0; i < hash_context->result_size; ++i) { + 8006c5e: 6921 ldr r1, [r4, #16] + 8006c60: 4291 cmp r1, r2 + 8006c62: f200 8086 bhi.w 8006d72 + } + + /* K = HMAC_K(V || 0x00 || int2octets(x) || h(m)) */ + HMAC_init(hash_context, K); + 8006c66: 4629 mov r1, r5 + 8006c68: 4620 mov r0, r4 + 8006c6a: 9303 str r3, [sp, #12] + 8006c6c: f7fe fe74 bl 8005958 + V[hash_context->result_size] = 0x00; + 8006c70: 6922 ldr r2, [r4, #16] + 8006c72: 2100 movs r1, #0 + 8006c74: 54b1 strb r1, [r6, r2] + HMAC_update(hash_context, V, hash_context->result_size + 1); + 8006c76: 6922 ldr r2, [r4, #16] + 8006c78: 4631 mov r1, r6 + 8006c7a: 3201 adds r2, #1 + 8006c7c: 4620 mov r0, r4 + 8006c7e: f7fe fe8c bl 800599a + HMAC_update(hash_context, private_key, num_bytes); + 8006c82: 9b03 ldr r3, [sp, #12] + 8006c84: 4649 mov r1, r9 + 8006c86: 461a mov r2, r3 + 8006c88: 4620 mov r0, r4 + 8006c8a: f7fe fe86 bl 800599a + HMAC_update(hash_context, message_hash, hash_size); + 8006c8e: 465a mov r2, fp + 8006c90: 4651 mov r1, sl + 8006c92: 4620 mov r0, r4 + 8006c94: f7fe fe81 bl 800599a + HMAC_finish(hash_context, K, K); + 8006c98: 462a mov r2, r5 + 8006c9a: 4629 mov r1, r5 + 8006c9c: 4620 mov r0, r4 + 8006c9e: f7fe fe7e bl 800599e + + update_V(hash_context, K, V); + 8006ca2: 4632 mov r2, r6 + 8006ca4: 4629 mov r1, r5 + 8006ca6: 4620 mov r0, r4 + 8006ca8: f7fe fea8 bl 80059fc + + /* K = HMAC_K(V || 0x01 || int2octets(x) || h(m)) */ + HMAC_init(hash_context, K); + 8006cac: 4629 mov r1, r5 + 8006cae: 4620 mov r0, r4 + 8006cb0: f7fe fe52 bl 8005958 + V[hash_context->result_size] = 0x01; + 8006cb4: 6922 ldr r2, [r4, #16] + 8006cb6: 2101 movs r1, #1 + 8006cb8: 54b1 strb r1, [r6, r2] + HMAC_update(hash_context, V, hash_context->result_size + 1); + 8006cba: 6922 ldr r2, [r4, #16] + 8006cbc: 4620 mov r0, r4 + 8006cbe: 440a add r2, r1 + 8006cc0: 4631 mov r1, r6 + 8006cc2: f7fe fe6a bl 800599a + HMAC_update(hash_context, private_key, num_bytes); + 8006cc6: 9b03 ldr r3, [sp, #12] + 8006cc8: 4649 mov r1, r9 + 8006cca: 461a mov r2, r3 + 8006ccc: 4620 mov r0, r4 + 8006cce: f7fe fe64 bl 800599a + HMAC_update(hash_context, message_hash, hash_size); + 8006cd2: 465a mov r2, fp + 8006cd4: 4651 mov r1, sl + 8006cd6: 4620 mov r0, r4 + 8006cd8: f7fe fe5f bl 800599a + HMAC_finish(hash_context, K, K); + 8006cdc: 462a mov r2, r5 + 8006cde: 4629 mov r1, r5 + 8006ce0: 4620 mov r0, r4 + 8006ce2: f7fe fe5c bl 800599e + + update_V(hash_context, K, V); + 8006ce6: 4632 mov r2, r6 + 8006ce8: 4629 mov r1, r5 + 8006cea: 4620 mov r0, r4 + 8006cec: f7fe fe86 bl 80059fc + wordcount_t T_bytes = 0; + for (;;) { + update_V(hash_context, K, V); + for (i = 0; i < hash_context->result_size; ++i) { + T_ptr[T_bytes++] = V[i]; + if (T_bytes >= num_n_words * uECC_WORD_SIZE) { + 8006cf0: 00bb lsls r3, r7, #2 + 8006cf2: 9304 str r3, [sp, #16] + goto filled; + } + } + } + filled: + if ((bitcount_t)num_n_words * uECC_WORD_SIZE * 8 > num_n_bits) { + 8006cf4: 017b lsls r3, r7, #5 + 8006cf6: 9305 str r3, [sp, #20] + uECC_word_t mask = (uECC_word_t)-1; + T[num_n_words - 1] &= + mask >> ((bitcount_t)(num_n_words * uECC_WORD_SIZE * 8 - num_n_bits)); + 8006cf8: ebc8 1347 rsb r3, r8, r7, lsl #5 + 8006cfc: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 8006d00: b21b sxth r3, r3 + 8006d02: fa22 f303 lsr.w r3, r2, r3 + 8006d06: 9306 str r3, [sp, #24] + 8006d08: 2340 movs r3, #64 ; 0x40 + 8006d0a: 9303 str r3, [sp, #12] + T[num_n_words - 1] &= + 8006d0c: 4417 add r7, r2 + 8006d0e: 446b add r3, sp + 8006d10: eb03 0787 add.w r7, r3, r7, lsl #2 + wordcount_t T_bytes = 0; + 8006d14: 2300 movs r3, #0 + update_V(hash_context, K, V); + 8006d16: 4632 mov r2, r6 + 8006d18: 4629 mov r1, r5 + 8006d1a: 4620 mov r0, r4 + 8006d1c: 9307 str r3, [sp, #28] + 8006d1e: f7fe fe6d bl 80059fc + for (i = 0; i < hash_context->result_size; ++i) { + 8006d22: 6920 ldr r0, [r4, #16] + 8006d24: 9b07 ldr r3, [sp, #28] + 8006d26: 4631 mov r1, r6 + 8006d28: 4430 add r0, r6 + 8006d2a: 461a mov r2, r3 + T_ptr[T_bytes++] = V[i]; + 8006d2c: ab08 add r3, sp, #32 + 8006d2e: eb03 0c02 add.w ip, r3, r2 + for (i = 0; i < hash_context->result_size; ++i) { + 8006d32: 4288 cmp r0, r1 + 8006d34: 4613 mov r3, r2 + 8006d36: f102 0201 add.w r2, r2, #1 + 8006d3a: b252 sxtb r2, r2 + 8006d3c: d0eb beq.n 8006d16 + T_ptr[T_bytes++] = V[i]; + 8006d3e: f811 3b01 ldrb.w r3, [r1], #1 + 8006d42: f88c 3000 strb.w r3, [ip] + if (T_bytes >= num_n_words * uECC_WORD_SIZE) { + 8006d46: 9b04 ldr r3, [sp, #16] + 8006d48: 4293 cmp r3, r2 + 8006d4a: dcef bgt.n 8006d2c + if ((bitcount_t)num_n_words * uECC_WORD_SIZE * 8 > num_n_bits) { + 8006d4c: 9b05 ldr r3, [sp, #20] + 8006d4e: 4598 cmp r8, r3 + 8006d50: db14 blt.n 8006d7c + } + + if (uECC_sign_with_k(private_key, message_hash, hash_size, T, signature, curve)) { + 8006d52: 9b1b ldr r3, [sp, #108] ; 0x6c + 8006d54: 9301 str r3, [sp, #4] + 8006d56: 9b1a ldr r3, [sp, #104] ; 0x68 + 8006d58: 9300 str r3, [sp, #0] + 8006d5a: 465a mov r2, fp + 8006d5c: ab08 add r3, sp, #32 + 8006d5e: 4651 mov r1, sl + 8006d60: 4648 mov r0, r9 + 8006d62: f7ff fb83 bl 800646c + 8006d66: b180 cbz r0, 8006d8a + return 1; + 8006d68: 2301 movs r3, #1 + HMAC_finish(hash_context, K, K); + + update_V(hash_context, K, V); + } + return 0; +} + 8006d6a: 4618 mov r0, r3 + 8006d6c: b011 add sp, #68 ; 0x44 + 8006d6e: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + V[i] = 0x01; + 8006d72: 54b0 strb r0, [r6, r2] + K[i] = 0; + 8006d74: f805 c002 strb.w ip, [r5, r2] + for (i = 0; i < hash_context->result_size; ++i) { + 8006d78: 3201 adds r2, #1 + 8006d7a: e770 b.n 8006c5e + T[num_n_words - 1] &= + 8006d7c: f857 3c20 ldr.w r3, [r7, #-32] + 8006d80: 9a06 ldr r2, [sp, #24] + 8006d82: 4013 ands r3, r2 + 8006d84: f847 3c20 str.w r3, [r7, #-32] + 8006d88: e7e3 b.n 8006d52 + 8006d8a: 9007 str r0, [sp, #28] + HMAC_init(hash_context, K); + 8006d8c: 4629 mov r1, r5 + 8006d8e: 4620 mov r0, r4 + 8006d90: f7fe fde2 bl 8005958 + V[hash_context->result_size] = 0x00; + 8006d94: 6922 ldr r2, [r4, #16] + 8006d96: 9b07 ldr r3, [sp, #28] + 8006d98: 54b3 strb r3, [r6, r2] + HMAC_update(hash_context, V, hash_context->result_size + 1); + 8006d9a: 6922 ldr r2, [r4, #16] + 8006d9c: 4631 mov r1, r6 + 8006d9e: 3201 adds r2, #1 + 8006da0: 4620 mov r0, r4 + 8006da2: f7fe fdfa bl 800599a + HMAC_finish(hash_context, K, K); + 8006da6: 462a mov r2, r5 + 8006da8: 4629 mov r1, r5 + 8006daa: 4620 mov r0, r4 + 8006dac: f7fe fdf7 bl 800599e + update_V(hash_context, K, V); + 8006db0: 4632 mov r2, r6 + 8006db2: 4629 mov r1, r5 + 8006db4: 4620 mov r0, r4 + 8006db6: f7fe fe21 bl 80059fc + for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) { + 8006dba: 9b03 ldr r3, [sp, #12] + 8006dbc: 3b01 subs r3, #1 + 8006dbe: 9303 str r3, [sp, #12] + 8006dc0: 9b07 ldr r3, [sp, #28] + 8006dc2: d1a7 bne.n 8006d14 + 8006dc4: e7d1 b.n 8006d6a + +08006dc6 : + +int uECC_verify(const uint8_t *public_key, + const uint8_t *message_hash, + unsigned hash_size, + const uint8_t *signature, + uECC_Curve curve) { + 8006dc6: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 8006dca: ed2d 8b02 vpush {d8} + 8006dce: b0fb sub sp, #492 ; 0x1ec + 8006dd0: 461c mov r4, r3 + 8006dd2: 9d86 ldr r5, [sp, #536] ; 0x218 + const uECC_word_t *point; + bitcount_t num_bits; + bitcount_t i; + uECC_word_t r[uECC_MAX_WORDS], s[uECC_MAX_WORDS]; + wordcount_t num_words = curve->num_words; + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8006dd4: f9b5 3002 ldrsh.w r3, [r5, #2] + wordcount_t num_words = curve->num_words; + 8006dd8: f995 8000 ldrsb.w r8, [r5] + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8006ddc: f113 061f adds.w r6, r3, #31 + 8006de0: bf48 it mi + 8006de2: f103 063e addmi.w r6, r3, #62 ; 0x3e + 8006de6: f346 1647 sbfx r6, r6, #5, #8 + + rx[num_n_words - 1] = 0; + 8006dea: f106 3aff add.w sl, r6, #4294967295 ; 0xffffffff + uECC_Curve curve) { + 8006dee: 4691 mov r9, r2 + rx[num_n_words - 1] = 0; + 8006df0: aa22 add r2, sp, #136 ; 0x88 + 8006df2: 2300 movs r3, #0 + 8006df4: f842 302a str.w r3, [r2, sl, lsl #2] + r[num_n_words - 1] = 0; + 8006df8: aa7a add r2, sp, #488 ; 0x1e8 + 8006dfa: eb02 028a add.w r2, r2, sl, lsl #2 + uECC_Curve curve) { + 8006dfe: 4607 mov r7, r0 + r[num_n_words - 1] = 0; + 8006e00: f842 3cc0 str.w r3, [r2, #-192] + s[num_n_words - 1] = 0; + 8006e04: f842 3ca0 str.w r3, [r2, #-160] + uECC_Curve curve) { + 8006e08: ee08 1a90 vmov s17, r1 + + uECC_vli_bytesToNative(public, public_key, curve->num_bytes); + 8006e0c: f995 2001 ldrsb.w r2, [r5, #1] + 8006e10: 4601 mov r1, r0 + 8006e12: a85a add r0, sp, #360 ; 0x168 + 8006e14: f7fe fd80 bl 8005918 + uECC_vli_bytesToNative( + public + num_words, public_key + curve->num_bytes, curve->num_bytes); + 8006e18: ea4f 0388 mov.w r3, r8, lsl #2 + 8006e1c: f995 2001 ldrsb.w r2, [r5, #1] + 8006e20: 9304 str r3, [sp, #16] + uECC_vli_bytesToNative( + 8006e22: ab5a add r3, sp, #360 ; 0x168 + 8006e24: eb03 0388 add.w r3, r3, r8, lsl #2 + 8006e28: 4618 mov r0, r3 + 8006e2a: 18b9 adds r1, r7, r2 + 8006e2c: ee08 3a10 vmov s16, r3 + 8006e30: f7fe fd72 bl 8005918 + uECC_vli_bytesToNative(r, signature, curve->num_bytes); + 8006e34: 4621 mov r1, r4 + 8006e36: f995 2001 ldrsb.w r2, [r5, #1] + 8006e3a: a84a add r0, sp, #296 ; 0x128 + 8006e3c: f7fe fd6c bl 8005918 + uECC_vli_bytesToNative(s, signature + curve->num_bytes, curve->num_bytes); + 8006e40: f995 2001 ldrsb.w r2, [r5, #1] + 8006e44: a852 add r0, sp, #328 ; 0x148 + 8006e46: 18a1 adds r1, r4, r2 + 8006e48: f7fe fd66 bl 8005918 + + /* r, s must not be 0. */ + if (uECC_vli_isZero(r, num_words) || uECC_vli_isZero(s, num_words)) { + 8006e4c: 4641 mov r1, r8 + 8006e4e: a84a add r0, sp, #296 ; 0x128 + 8006e50: f7fe fc14 bl 800567c + 8006e54: 2300 movs r3, #0 + 8006e56: 4604 mov r4, r0 + 8006e58: 2800 cmp r0, #0 + 8006e5a: f040 812b bne.w 80070b4 + 8006e5e: a852 add r0, sp, #328 ; 0x148 + 8006e60: f7fe fc0c bl 800567c + 8006e64: 9002 str r0, [sp, #8] + 8006e66: 2800 cmp r0, #0 + 8006e68: f040 8126 bne.w 80070b8 + return 0; + } + + /* r, s must be < n. */ + if (uECC_vli_cmp_unsafe(curve->n, r, num_n_words) != 1 || + 8006e6c: f105 0b24 add.w fp, r5, #36 ; 0x24 + 8006e70: 4632 mov r2, r6 + 8006e72: a94a add r1, sp, #296 ; 0x128 + 8006e74: 4658 mov r0, fp + 8006e76: f7fe fc46 bl 8005706 + 8006e7a: 2801 cmp r0, #1 + 8006e7c: f040 811e bne.w 80070bc + uECC_vli_cmp_unsafe(curve->n, s, num_n_words) != 1) { + 8006e80: 4632 mov r2, r6 + 8006e82: a952 add r1, sp, #328 ; 0x148 + 8006e84: 4658 mov r0, fp + 8006e86: f7fe fc3e bl 8005706 + if (uECC_vli_cmp_unsafe(curve->n, r, num_n_words) != 1 || + 8006e8a: 2801 cmp r0, #1 + uECC_vli_cmp_unsafe(curve->n, s, num_n_words) != 1) { + 8006e8c: 9005 str r0, [sp, #20] + if (uECC_vli_cmp_unsafe(curve->n, r, num_n_words) != 1 || + 8006e8e: f040 8115 bne.w 80070bc + return 0; + } + + /* Calculate u1 and u2. */ + uECC_vli_modInv(z, s, curve->n, num_n_words); /* z = 1/s */ + 8006e92: ac1a add r4, sp, #104 ; 0x68 + u1[num_n_words - 1] = 0; + 8006e94: af0a add r7, sp, #40 ; 0x28 + uECC_vli_modInv(z, s, curve->n, num_n_words); /* z = 1/s */ + 8006e96: 4633 mov r3, r6 + 8006e98: 465a mov r2, fp + 8006e9a: 4620 mov r0, r4 + 8006e9c: f7ff f84e bl 8005f3c + u1[num_n_words - 1] = 0; + 8006ea0: 9b02 ldr r3, [sp, #8] + 8006ea2: f847 302a str.w r3, [r7, sl, lsl #2] + bits2int(u1, message_hash, hash_size, curve); + 8006ea6: 464a mov r2, r9 + 8006ea8: 4638 mov r0, r7 + 8006eaa: ee18 1a90 vmov r1, s17 + 8006eae: 462b mov r3, r5 + 8006eb0: f7fe fddd bl 8005a6e + uECC_vli_modMult(u1, u1, z, curve->n, num_n_words); /* u1 = e/s */ + 8006eb4: 4639 mov r1, r7 + 8006eb6: 4638 mov r0, r7 + 8006eb8: 465b mov r3, fp + 8006eba: 4622 mov r2, r4 + 8006ebc: 9600 str r6, [sp, #0] + 8006ebe: f7fe fc44 bl 800574a + uECC_vli_modMult(u2, r, z, curve->n, num_n_words); /* u2 = r/s */ + + /* Calculate sum = G + Q. */ + uECC_vli_set(sum, public, num_words); + 8006ec2: f50d 7ad4 add.w sl, sp, #424 ; 0x1a8 + uECC_vli_modMult(u2, r, z, curve->n, num_n_words); /* u2 = r/s */ + 8006ec6: 465b mov r3, fp + 8006ec8: 4622 mov r2, r4 + 8006eca: a94a add r1, sp, #296 ; 0x128 + 8006ecc: a812 add r0, sp, #72 ; 0x48 + 8006ece: 9600 str r6, [sp, #0] + 8006ed0: f7fe fc3b bl 800574a + uECC_vli_set(sum, public, num_words); + 8006ed4: 4642 mov r2, r8 + 8006ed6: 4650 mov r0, sl + 8006ed8: a95a add r1, sp, #360 ; 0x168 + 8006eda: f7fe fc08 bl 80056ee + uECC_vli_set(sum + num_words, public + num_words, num_words); + 8006ede: 9b04 ldr r3, [sp, #16] + 8006ee0: eb0a 0903 add.w r9, sl, r3 + 8006ee4: ee18 1a10 vmov r1, s16 + 8006ee8: 4648 mov r0, r9 + 8006eea: f7fe fc00 bl 80056ee + uECC_vli_set(tx, curve->G, num_words); + 8006eee: f105 0344 add.w r3, r5, #68 ; 0x44 + 8006ef2: 4619 mov r1, r3 + 8006ef4: a832 add r0, sp, #200 ; 0xc8 + 8006ef6: 9303 str r3, [sp, #12] + 8006ef8: f7fe fbf9 bl 80056ee + uECC_vli_set(ty, curve->G + num_words, num_words); + 8006efc: e9dd 3103 ldrd r3, r1, [sp, #12] + 8006f00: a83a add r0, sp, #232 ; 0xe8 + 8006f02: 1859 adds r1, r3, r1 + 8006f04: f7fe fbf3 bl 80056ee + uECC_vli_modSub(z, sum, tx, curve->p, num_words); /* z = x2 - x1 */ + 8006f08: 1d2b adds r3, r5, #4 + 8006f0a: ee08 3a10 vmov s16, r3 + 8006f0e: 4651 mov r1, sl + 8006f10: aa32 add r2, sp, #200 ; 0xc8 + 8006f12: 4620 mov r0, r4 + 8006f14: f7ff f8c0 bl 8006098 + XYcZ_add(tx, ty, sum, sum + num_words, curve); + 8006f18: 464b mov r3, r9 + 8006f1a: 4652 mov r2, sl + 8006f1c: a93a add r1, sp, #232 ; 0xe8 + 8006f1e: a832 add r0, sp, #200 ; 0xc8 + 8006f20: 9500 str r5, [sp, #0] + 8006f22: f7ff f94d bl 80061c0 + uECC_vli_modInv(z, z, curve->p, num_words); /* z = 1/z */ + 8006f26: ee18 2a10 vmov r2, s16 + 8006f2a: 4643 mov r3, r8 + 8006f2c: 4621 mov r1, r4 + 8006f2e: 4620 mov r0, r4 + 8006f30: f7ff f804 bl 8005f3c + apply_z(sum, sum + num_words, z, curve); + 8006f34: 462b mov r3, r5 + 8006f36: 4649 mov r1, r9 + 8006f38: 4650 mov r0, sl + 8006f3a: 4622 mov r2, r4 + 8006f3c: f7fe fcb9 bl 80058b2 + + /* Use Shamir's trick to calculate u1*G + u2*Q */ + points[0] = 0; + 8006f40: 9a02 ldr r2, [sp, #8] + 8006f42: 9206 str r2, [sp, #24] + points[1] = curve->G; + 8006f44: 9a03 ldr r2, [sp, #12] + 8006f46: 9207 str r2, [sp, #28] + points[2] = public; + points[3] = sum; + num_bits = smax(uECC_vli_numBits(u1, num_n_words), + 8006f48: 4631 mov r1, r6 + points[2] = public; + 8006f4a: aa5a add r2, sp, #360 ; 0x168 + num_bits = smax(uECC_vli_numBits(u1, num_n_words), + 8006f4c: 4638 mov r0, r7 + points[3] = sum; + 8006f4e: e9cd 2a08 strd r2, sl, [sp, #32] + num_bits = smax(uECC_vli_numBits(u1, num_n_words), + 8006f52: f7fe fbac bl 80056ae + 8006f56: 4631 mov r1, r6 + 8006f58: 4682 mov sl, r0 + 8006f5a: a812 add r0, sp, #72 ; 0x48 + 8006f5c: f7fe fba7 bl 80056ae + return (a > b ? a : b); + 8006f60: 4550 cmp r0, sl + 8006f62: bfb8 it lt + 8006f64: 4650 movlt r0, sl + uECC_vli_numBits(u2, num_n_words)); + + point = points[(!!uECC_vli_testBit(u1, num_bits - 1)) | + 8006f66: fa1f f980 uxth.w r9, r0 + 8006f6a: f109 31ff add.w r1, r9, #4294967295 ; 0xffffffff + 8006f6e: b209 sxth r1, r1 + 8006f70: 4638 mov r0, r7 + 8006f72: 9103 str r1, [sp, #12] + 8006f74: f7fe fb91 bl 800569a + ((!!uECC_vli_testBit(u2, num_bits - 1)) << 1)]; + 8006f78: 9903 ldr r1, [sp, #12] + point = points[(!!uECC_vli_testBit(u1, num_bits - 1)) | + 8006f7a: 1e07 subs r7, r0, #0 + ((!!uECC_vli_testBit(u2, num_bits - 1)) << 1)]; + 8006f7c: a812 add r0, sp, #72 ; 0x48 + point = points[(!!uECC_vli_testBit(u1, num_bits - 1)) | + 8006f7e: bf18 it ne + 8006f80: 2701 movne r7, #1 + ((!!uECC_vli_testBit(u2, num_bits - 1)) << 1)]; + 8006f82: f7fe fb8a bl 800569a + 8006f86: 2800 cmp r0, #0 + 8006f88: bf14 ite ne + 8006f8a: 2002 movne r0, #2 + 8006f8c: 2000 moveq r0, #0 + point = points[(!!uECC_vli_testBit(u1, num_bits - 1)) | + 8006f8e: ab06 add r3, sp, #24 + 8006f90: 4307 orrs r7, r0 + uECC_vli_set(rx, point, num_words); + 8006f92: 4642 mov r2, r8 + point = points[(!!uECC_vli_testBit(u1, num_bits - 1)) | + 8006f94: f853 1027 ldr.w r1, [r3, r7, lsl #2] + uECC_vli_set(rx, point, num_words); + 8006f98: a822 add r0, sp, #136 ; 0x88 + 8006f9a: f7fe fba8 bl 80056ee + uECC_vli_set(ry, point + num_words, num_words); + 8006f9e: 9b04 ldr r3, [sp, #16] + 8006fa0: f10d 0aa8 add.w sl, sp, #168 ; 0xa8 + 8006fa4: 4419 add r1, r3 + 8006fa6: 4650 mov r0, sl + 8006fa8: f7fe fba1 bl 80056ee + uECC_vli_clear(z, num_words); + 8006fac: 4641 mov r1, r8 + 8006fae: 4620 mov r0, r4 + 8006fb0: f7fe fb5e bl 8005670 + z[0] = 1; + 8006fb4: 9b05 ldr r3, [sp, #20] + 8006fb6: 6023 str r3, [r4, #0] + + for (i = num_bits - 2; i >= 0; --i) { + 8006fb8: f1a9 0902 sub.w r9, r9, #2 + 8006fbc: ab22 add r3, sp, #136 ; 0x88 + 8006fbe: fa0f f989 sxth.w r9, r9 + 8006fc2: 9303 str r3, [sp, #12] + 8006fc4: f1b9 0f00 cmp.w r9, #0 + 8006fc8: da26 bge.n 8007018 + XYcZ_add(tx, ty, rx, ry, curve); + uECC_vli_modMult_fast(z, z, tz, curve); + } + } + + uECC_vli_modInv(z, z, curve->p, num_words); /* Z = 1/Z */ + 8006fca: ee18 2a10 vmov r2, s16 + 8006fce: 4643 mov r3, r8 + 8006fd0: 4621 mov r1, r4 + 8006fd2: 4620 mov r0, r4 + 8006fd4: f7fe ffb2 bl 8005f3c + apply_z(rx, ry, z, curve); + 8006fd8: 9803 ldr r0, [sp, #12] + 8006fda: 462b mov r3, r5 + 8006fdc: 4622 mov r2, r4 + 8006fde: 4651 mov r1, sl + 8006fe0: f7fe fc67 bl 80058b2 + + /* v = x1 (mod n) */ + if (uECC_vli_cmp_unsafe(curve->n, rx, num_n_words) != 1) { + 8006fe4: 9903 ldr r1, [sp, #12] + 8006fe6: 4632 mov r2, r6 + 8006fe8: 4658 mov r0, fp + 8006fea: f7fe fb8c bl 8005706 + 8006fee: 2801 cmp r0, #1 + 8006ff0: d003 beq.n 8006ffa + uECC_vli_sub(rx, rx, curve->n, num_n_words); + 8006ff2: 465a mov r2, fp + 8006ff4: 4608 mov r0, r1 + 8006ff6: f7fe fd13 bl 8005a20 + for (i = num_words - 1; i >= 0; --i) { + 8006ffa: f108 33ff add.w r3, r8, #4294967295 ; 0xffffffff + 8006ffe: b25b sxtb r3, r3 + diff |= (left[i] ^ right[i]); + 8007000: a94a add r1, sp, #296 ; 0x128 + for (i = num_words - 1; i >= 0; --i) { + 8007002: 061a lsls r2, r3, #24 + 8007004: d54b bpl.n 800709e + return (diff == 0); + 8007006: 9b02 ldr r3, [sp, #8] + 8007008: fab3 f083 clz r0, r3 + 800700c: 0940 lsrs r0, r0, #5 + } + + /* Accept only if v == r. */ + return (int)(uECC_vli_equal(rx, r, num_words)); +} + 800700e: b07b add sp, #492 ; 0x1ec + 8007010: ecbd 8b02 vpop {d8} + 8007014: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + curve->double_jacobian(rx, ry, z, curve); + 8007018: 462b mov r3, r5 + 800701a: 4622 mov r2, r4 + 800701c: f8d5 70a4 ldr.w r7, [r5, #164] ; 0xa4 + 8007020: 9803 ldr r0, [sp, #12] + 8007022: 4651 mov r1, sl + 8007024: 47b8 blx r7 + index = (!!uECC_vli_testBit(u1, i)) | ((!!uECC_vli_testBit(u2, i)) << 1); + 8007026: 4649 mov r1, r9 + 8007028: a80a add r0, sp, #40 ; 0x28 + 800702a: f7fe fb36 bl 800569a + 800702e: 4649 mov r1, r9 + 8007030: 1e07 subs r7, r0, #0 + 8007032: a812 add r0, sp, #72 ; 0x48 + 8007034: bf18 it ne + 8007036: 2701 movne r7, #1 + 8007038: f7fe fb2f bl 800569a + 800703c: 2800 cmp r0, #0 + 800703e: bf14 ite ne + 8007040: 2002 movne r0, #2 + 8007042: 2000 moveq r0, #0 + 8007044: 4307 orrs r7, r0 + point = points[index]; + 8007046: ab06 add r3, sp, #24 + 8007048: f853 1027 ldr.w r1, [r3, r7, lsl #2] + if (point) { + 800704c: b311 cbz r1, 8007094 + uECC_vli_set(tx, point, num_words); + 800704e: 4642 mov r2, r8 + 8007050: a832 add r0, sp, #200 ; 0xc8 + 8007052: f7fe fb4c bl 80056ee + uECC_vli_set(ty, point + num_words, num_words); + 8007056: 9b04 ldr r3, [sp, #16] + 8007058: a83a add r0, sp, #232 ; 0xe8 + 800705a: 4419 add r1, r3 + 800705c: f7fe fb47 bl 80056ee + apply_z(tx, ty, z, curve); + 8007060: 4601 mov r1, r0 + 8007062: 462b mov r3, r5 + 8007064: 4622 mov r2, r4 + 8007066: a832 add r0, sp, #200 ; 0xc8 + 8007068: f7fe fc23 bl 80058b2 + uECC_vli_modSub(tz, rx, tx, curve->p, num_words); /* Z = x2 - x1 */ + 800706c: ee18 3a10 vmov r3, s16 + 8007070: 9903 ldr r1, [sp, #12] + 8007072: aa32 add r2, sp, #200 ; 0xc8 + 8007074: a842 add r0, sp, #264 ; 0x108 + 8007076: f7ff f80f bl 8006098 + XYcZ_add(tx, ty, rx, ry, curve); + 800707a: 9a03 ldr r2, [sp, #12] + 800707c: 9500 str r5, [sp, #0] + 800707e: 4653 mov r3, sl + 8007080: a93a add r1, sp, #232 ; 0xe8 + 8007082: a832 add r0, sp, #200 ; 0xc8 + 8007084: f7ff f89c bl 80061c0 + uECC_vli_modMult_fast(z, z, tz, curve); + 8007088: 462b mov r3, r5 + 800708a: aa42 add r2, sp, #264 ; 0x108 + 800708c: 4621 mov r1, r4 + 800708e: 4620 mov r0, r4 + 8007090: f7fe fbfb bl 800588a + for (i = num_bits - 2; i >= 0; --i) { + 8007094: f109 39ff add.w r9, r9, #4294967295 ; 0xffffffff + 8007098: fa0f f989 sxth.w r9, r9 + 800709c: e792 b.n 8006fc4 + diff |= (left[i] ^ right[i]); + 800709e: 9a03 ldr r2, [sp, #12] + 80070a0: f851 0023 ldr.w r0, [r1, r3, lsl #2] + 80070a4: f852 2023 ldr.w r2, [r2, r3, lsl #2] + 80070a8: 4042 eors r2, r0 + 80070aa: 9802 ldr r0, [sp, #8] + 80070ac: 4310 orrs r0, r2 + 80070ae: 9002 str r0, [sp, #8] + for (i = num_words - 1; i >= 0; --i) { + 80070b0: 3b01 subs r3, #1 + 80070b2: e7a6 b.n 8007002 + return 0; + 80070b4: 4618 mov r0, r3 + 80070b6: e7aa b.n 800700e + 80070b8: 4620 mov r0, r4 + 80070ba: e7a8 b.n 800700e + 80070bc: 9802 ldr r0, [sp, #8] + 80070be: e7a6 b.n 800700e + +080070c0 : +const uint32_t MSIRangeTable[12] = {100000, 200000, 400000, 800000, 1000000, 2000000, \ + 4000000, 8000000, 16000000, 24000000, 32000000, 48000000}; +uint32_t SystemCoreClock; + +// TODO: cleanup HAL stuff to not use this +uint32_t HAL_GetTick(void) { return 53; } + 80070c0: 2035 movs r0, #53 ; 0x35 + 80070c2: 4770 bx lr + +080070c4 : +uint32_t uwTickPrio = 0; /* (1UL << __NVIC_PRIO_BITS); * Invalid priority */ + +// unwanted junk from stm32l4xx_hal_rcc.c +HAL_StatusTypeDef HAL_InitTick (uint32_t TickPriority) { return 0; } + 80070c4: 2000 movs r0, #0 + 80070c6: 4770 bx lr + +080070c8 : + * or PWR_REGULATOR_VOLTAGE_SCALE1_BOOST when applicable) + */ +uint32_t HAL_PWREx_GetVoltageRange(void) +{ +#if defined(PWR_CR5_R1MODE) + if (READ_BIT(PWR->CR1, PWR_CR1_VOS) == PWR_REGULATOR_VOLTAGE_SCALE2) + 80070c8: 4b07 ldr r3, [pc, #28] ; (80070e8 ) + 80070ca: 6818 ldr r0, [r3, #0] + 80070cc: f400 60c0 and.w r0, r0, #1536 ; 0x600 + 80070d0: f5b0 6f80 cmp.w r0, #1024 ; 0x400 + 80070d4: d006 beq.n 80070e4 + { + return PWR_REGULATOR_VOLTAGE_SCALE2; + } + else if (READ_BIT(PWR->CR5, PWR_CR5_R1MODE) == PWR_CR5_R1MODE) + 80070d6: f8d3 0080 ldr.w r0, [r3, #128] ; 0x80 + { + /* PWR_CR5_R1MODE bit set means that Range 1 Boost is disabled */ + return PWR_REGULATOR_VOLTAGE_SCALE1; + 80070da: f410 7080 ands.w r0, r0, #256 ; 0x100 + 80070de: bf18 it ne + 80070e0: f44f 7000 movne.w r0, #512 ; 0x200 + return PWR_REGULATOR_VOLTAGE_SCALE1_BOOST; + } +#else + return (PWR->CR1 & PWR_CR1_VOS); +#endif +} + 80070e4: 4770 bx lr + 80070e6: bf00 nop + 80070e8: 40007000 .word 0x40007000 + +080070ec : + uint32_t wait_loop_index; + + assert_param(IS_PWR_VOLTAGE_SCALING_RANGE(VoltageScaling)); + +#if defined(PWR_CR5_R1MODE) + if (VoltageScaling == PWR_REGULATOR_VOLTAGE_SCALE1_BOOST) + 80070ec: 4b29 ldr r3, [pc, #164] ; (8007194 ) + { + /* If current range is range 2 */ + if (READ_BIT(PWR->CR1, PWR_CR1_VOS) == PWR_REGULATOR_VOLTAGE_SCALE2) + 80070ee: 681a ldr r2, [r3, #0] + if (VoltageScaling == PWR_REGULATOR_VOLTAGE_SCALE1_BOOST) + 80070f0: bb30 cbnz r0, 8007140 + if (READ_BIT(PWR->CR1, PWR_CR1_VOS) == PWR_REGULATOR_VOLTAGE_SCALE2) + 80070f2: f402 62c0 and.w r2, r2, #1536 ; 0x600 + 80070f6: f5b2 6f80 cmp.w r2, #1024 ; 0x400 + { + /* Make sure Range 1 Boost is enabled */ + CLEAR_BIT(PWR->CR5, PWR_CR5_R1MODE); + 80070fa: f8d3 2080 ldr.w r2, [r3, #128] ; 0x80 + 80070fe: f422 7280 bic.w r2, r2, #256 ; 0x100 + 8007102: f8c3 2080 str.w r2, [r3, #128] ; 0x80 + if (READ_BIT(PWR->CR1, PWR_CR1_VOS) == PWR_REGULATOR_VOLTAGE_SCALE2) + 8007106: d11a bne.n 800713e + + /* Set Range 1 */ + MODIFY_REG(PWR->CR1, PWR_CR1_VOS, PWR_REGULATOR_VOLTAGE_SCALE1); + 8007108: 681a ldr r2, [r3, #0] + 800710a: f422 62c0 bic.w r2, r2, #1536 ; 0x600 + 800710e: f442 7200 orr.w r2, r2, #512 ; 0x200 + 8007112: 601a str r2, [r3, #0] + + /* Wait until VOSF is cleared */ + wait_loop_index = ((PWR_FLAG_SETTING_DELAY_US * SystemCoreClock) / 1000000U) + 1; + 8007114: 4a20 ldr r2, [pc, #128] ; (8007198 ) + 8007116: 6812 ldr r2, [r2, #0] + 8007118: 2132 movs r1, #50 ; 0x32 + 800711a: 434a muls r2, r1 + 800711c: 491f ldr r1, [pc, #124] ; (800719c ) + 800711e: fbb2 f2f1 udiv r2, r2, r1 + 8007122: 3201 adds r2, #1 + while ((HAL_IS_BIT_SET(PWR->SR2, PWR_SR2_VOSF)) && (wait_loop_index != 0U)) + 8007124: 6959 ldr r1, [r3, #20] + 8007126: 0549 lsls r1, r1, #21 + 8007128: d500 bpl.n 800712c + 800712a: b922 cbnz r2, 8007136 + { + wait_loop_index--; + } + if (HAL_IS_BIT_SET(PWR->SR2, PWR_SR2_VOSF)) + 800712c: 695b ldr r3, [r3, #20] + 800712e: 0558 lsls r0, r3, #21 + 8007130: d403 bmi.n 800713a + /* No need to wait for VOSF to be cleared for this transition */ + } + } +#endif + + return HAL_OK; + 8007132: 2000 movs r0, #0 +} + 8007134: 4770 bx lr + wait_loop_index--; + 8007136: 3a01 subs r2, #1 + 8007138: e7f4 b.n 8007124 + return HAL_TIMEOUT; + 800713a: 2003 movs r0, #3 + 800713c: 4770 bx lr + CLEAR_BIT(PWR->CR5, PWR_CR5_R1MODE); + 800713e: 4770 bx lr + else if (VoltageScaling == PWR_REGULATOR_VOLTAGE_SCALE1) + 8007140: f5b0 7f00 cmp.w r0, #512 ; 0x200 + 8007144: d11f bne.n 8007186 + if (READ_BIT(PWR->CR1, PWR_CR1_VOS) == PWR_REGULATOR_VOLTAGE_SCALE2) + 8007146: f402 62c0 and.w r2, r2, #1536 ; 0x600 + 800714a: f5b2 6f80 cmp.w r2, #1024 ; 0x400 + SET_BIT(PWR->CR5, PWR_CR5_R1MODE); + 800714e: f8d3 2080 ldr.w r2, [r3, #128] ; 0x80 + 8007152: f442 7280 orr.w r2, r2, #256 ; 0x100 + 8007156: f8c3 2080 str.w r2, [r3, #128] ; 0x80 + if (READ_BIT(PWR->CR1, PWR_CR1_VOS) == PWR_REGULATOR_VOLTAGE_SCALE2) + 800715a: d1ea bne.n 8007132 + MODIFY_REG(PWR->CR1, PWR_CR1_VOS, PWR_REGULATOR_VOLTAGE_SCALE1); + 800715c: 681a ldr r2, [r3, #0] + 800715e: f422 62c0 bic.w r2, r2, #1536 ; 0x600 + 8007162: f442 7200 orr.w r2, r2, #512 ; 0x200 + 8007166: 601a str r2, [r3, #0] + wait_loop_index = ((PWR_FLAG_SETTING_DELAY_US * SystemCoreClock) / 1000000U) + 1; + 8007168: 4a0b ldr r2, [pc, #44] ; (8007198 ) + 800716a: 6812 ldr r2, [r2, #0] + 800716c: 2132 movs r1, #50 ; 0x32 + 800716e: 434a muls r2, r1 + 8007170: 490a ldr r1, [pc, #40] ; (800719c ) + 8007172: fbb2 f2f1 udiv r2, r2, r1 + 8007176: 3201 adds r2, #1 + while ((HAL_IS_BIT_SET(PWR->SR2, PWR_SR2_VOSF)) && (wait_loop_index != 0U)) + 8007178: 6959 ldr r1, [r3, #20] + 800717a: 0549 lsls r1, r1, #21 + 800717c: d5d6 bpl.n 800712c + 800717e: 2a00 cmp r2, #0 + 8007180: d0d4 beq.n 800712c + wait_loop_index--; + 8007182: 3a01 subs r2, #1 + 8007184: e7f8 b.n 8007178 + MODIFY_REG(PWR->CR1, PWR_CR1_VOS, PWR_REGULATOR_VOLTAGE_SCALE2); + 8007186: f422 62c0 bic.w r2, r2, #1536 ; 0x600 + 800718a: f442 6280 orr.w r2, r2, #1024 ; 0x400 + 800718e: 601a str r2, [r3, #0] + 8007190: e7cf b.n 8007132 + 8007192: bf00 nop + 8007194: 40007000 .word 0x40007000 + 8007198: 2009e2a8 .word 0x2009e2a8 + 800719c: 000f4240 .word 0x000f4240 + +080071a0 : + +__weak void HAL_SDEx_DriveTransceiver_1_8V_Callback(FlagStatus status) +{ + // unused? +} + 80071a0: 4770 bx lr + +080071a2 : +{ + 80071a2: b510 push {r4, lr} + 80071a4: 3801 subs r0, #1 + 80071a6: 440a add r2, r1 + *(acc) ^= *(more); + 80071a8: f811 4b01 ldrb.w r4, [r1], #1 + 80071ac: f810 3f01 ldrb.w r3, [r0, #1]! + for(; len; len--, more++, acc++) { + 80071b0: 4291 cmp r1, r2 + *(acc) ^= *(more); + 80071b2: ea83 0304 eor.w r3, r3, r4 + 80071b6: 7003 strb r3, [r0, #0] + for(; len; len--, more++, acc++) { + 80071b8: d1f6 bne.n 80071a8 + } +} + 80071ba: bd10 pop {r4, pc} + +080071bc : + +// se2_write1() +// + static bool +se2_write1(uint8_t cmd, uint8_t arg) +{ + 80071bc: b51f push {r0, r1, r2, r3, r4, lr} + uint8_t data[3] = { cmd, 1, arg }; + 80071be: 2301 movs r3, #1 + 80071c0: f88d 300d strb.w r3, [sp, #13] + + HAL_StatusTypeDef rv = HAL_I2C_Master_Transmit(&i2c_port, I2C_ADDR, + 80071c4: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + uint8_t data[3] = { cmd, 1, arg }; + 80071c8: f88d 000c strb.w r0, [sp, #12] + 80071cc: f88d 100e strb.w r1, [sp, #14] + HAL_StatusTypeDef rv = HAL_I2C_Master_Transmit(&i2c_port, I2C_ADDR, + 80071d0: 9300 str r3, [sp, #0] + 80071d2: aa03 add r2, sp, #12 + 80071d4: 2303 movs r3, #3 + 80071d6: 2136 movs r1, #54 ; 0x36 + 80071d8: 4804 ldr r0, [pc, #16] ; (80071ec ) + 80071da: f004 fb77 bl 800b8cc + data, sizeof(data), HAL_MAX_DELAY); + + return (rv != HAL_OK); +} + 80071de: 3800 subs r0, #0 + 80071e0: bf18 it ne + 80071e2: 2001 movne r0, #1 + 80071e4: b005 add sp, #20 + 80071e6: f85d fb04 ldr.w pc, [sp], #4 + 80071ea: bf00 nop + 80071ec: 2009e3ec .word 0x2009e3ec + +080071f0 : + +// se2_write2() +// + static bool +se2_write2(uint8_t cmd, uint8_t arg1, uint8_t arg2) +{ + 80071f0: b51f push {r0, r1, r2, r3, r4, lr} + uint8_t data[4] = { cmd, 2, arg1, arg2 }; + 80071f2: 2302 movs r3, #2 + 80071f4: f88d 300d strb.w r3, [sp, #13] + + HAL_StatusTypeDef rv = HAL_I2C_Master_Transmit(&i2c_port, I2C_ADDR, + 80071f8: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + uint8_t data[4] = { cmd, 2, arg1, arg2 }; + 80071fc: f88d 000c strb.w r0, [sp, #12] + 8007200: f88d 100e strb.w r1, [sp, #14] + 8007204: f88d 200f strb.w r2, [sp, #15] + HAL_StatusTypeDef rv = HAL_I2C_Master_Transmit(&i2c_port, I2C_ADDR, + 8007208: 9300 str r3, [sp, #0] + 800720a: aa03 add r2, sp, #12 + 800720c: 2304 movs r3, #4 + 800720e: 2136 movs r1, #54 ; 0x36 + 8007210: 4804 ldr r0, [pc, #16] ; (8007224 ) + 8007212: f004 fb5b bl 800b8cc + data, sizeof(data), HAL_MAX_DELAY); + + return (rv != HAL_OK); +} + 8007216: 3800 subs r0, #0 + 8007218: bf18 it ne + 800721a: 2001 movne r0, #1 + 800721c: b005 add sp, #20 + 800721e: f85d fb04 ldr.w pc, [sp], #4 + 8007222: bf00 nop + 8007224: 2009e3ec .word 0x2009e3ec + +08007228 : + +// se2_write_n() +// + static bool +se2_write_n(uint8_t cmd, uint8_t *param1, const uint8_t *data_in, uint8_t len) +{ + 8007228: b5f0 push {r4, r5, r6, r7, lr} + 800722a: 460d mov r5, r1 + uint8_t data[2 + (param1?1:0) + len], *p = data; + 800722c: 2d00 cmp r5, #0 + 800722e: bf14 ite ne + 8007230: 2403 movne r4, #3 + 8007232: 2402 moveq r4, #2 + 8007234: 441c add r4, r3 +{ + 8007236: 4611 mov r1, r2 + uint8_t data[2 + (param1?1:0) + len], *p = data; + 8007238: f104 0207 add.w r2, r4, #7 +{ + 800723c: b083 sub sp, #12 + uint8_t data[2 + (param1?1:0) + len], *p = data; + 800723e: f402 727e and.w r2, r2, #1016 ; 0x3f8 +{ + 8007242: af02 add r7, sp, #8 + uint8_t data[2 + (param1?1:0) + len], *p = data; + 8007244: ebad 0d02 sub.w sp, sp, r2 + 8007248: ae02 add r6, sp, #8 + + *(p++) = cmd; + *(p++) = sizeof(data) - 2; + 800724a: f1a4 0202 sub.w r2, r4, #2 + *(p++) = cmd; + 800724e: f88d 0008 strb.w r0, [sp, #8] + *(p++) = sizeof(data) - 2; + 8007252: 7072 strb r2, [r6, #1] + if(param1) { + *(p++) = *param1; + 8007254: bf1b ittet ne + 8007256: 782a ldrbne r2, [r5, #0] + 8007258: 70b2 strbne r2, [r6, #2] + *(p++) = sizeof(data) - 2; + 800725a: f10d 000a addeq.w r0, sp, #10 + *(p++) = *param1; + 800725e: f10d 000b addne.w r0, sp, #11 + } + if(len) { + 8007262: b113 cbz r3, 800726a + memcpy(p, data_in, len); + 8007264: 461a mov r2, r3 + 8007266: f006 f9ab bl 800d5c0 + } + + HAL_StatusTypeDef rv = HAL_I2C_Master_Transmit(&i2c_port, I2C_ADDR, + 800726a: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 800726e: 9300 str r3, [sp, #0] + 8007270: 4632 mov r2, r6 + 8007272: 4623 mov r3, r4 + 8007274: 2136 movs r1, #54 ; 0x36 + 8007276: 4804 ldr r0, [pc, #16] ; (8007288 ) + 8007278: f004 fb28 bl 800b8cc + data, sizeof(data), HAL_MAX_DELAY); + + return (rv != HAL_OK); +} + 800727c: 3800 subs r0, #0 + 800727e: bf18 it ne + 8007280: 2001 movne r0, #1 + 8007282: 3704 adds r7, #4 + 8007284: 46bd mov sp, r7 + 8007286: bdf0 pop {r4, r5, r6, r7, pc} + 8007288: 2009e3ec .word 0x2009e3ec + +0800728c : + +// rng_for_uECC() +// + static int +rng_for_uECC(uint8_t *dest, unsigned size) +{ + 800728c: b508 push {r3, lr} + 'dest' was filled with random data, or 0 if the random data could not be generated. + The filled-in values should be either truly random, or from a cryptographically-secure PRNG. + + typedef int (*uECC_RNG_Function)(uint8_t *dest, unsigned size); + */ + rng_buffer(dest, size); + 800728e: f7fb fa4f bl 8002730 + + return 1; +} + 8007292: 2001 movs r0, #1 + 8007294: bd08 pop {r3, pc} + ... + +08007298 : +{ + 8007298: b508 push {r3, lr} + 800729a: 4602 mov r2, r0 + CALL_CHECK(se2_write_n(0x87, NULL, data, len)); + 800729c: b2cb uxtb r3, r1 + 800729e: 2087 movs r0, #135 ; 0x87 + 80072a0: 2100 movs r1, #0 + 80072a2: f7ff ffc1 bl 8007228 + 80072a6: b118 cbz r0, 80072b0 + 80072a8: 4802 ldr r0, [pc, #8] ; (80072b4 ) + 80072aa: 21c1 movs r1, #193 ; 0xc1 + 80072ac: f006 f9be bl 800d62c +} + 80072b0: bd08 pop {r3, pc} + 80072b2: bf00 nop + 80072b4: 2009e390 .word 0x2009e390 + +080072b8 : +{ + 80072b8: e92d 43f7 stmdb sp!, {r0, r1, r2, r4, r5, r6, r7, r8, r9, lr} + HAL_StatusTypeDef rv = HAL_I2C_Master_Receive(&i2c_port, I2C_ADDR, rx, len, HAL_MAX_DELAY); + 80072bc: f8df 9044 ldr.w r9, [pc, #68] ; 8007304 +{ + 80072c0: 4604 mov r4, r0 + 80072c2: 460d mov r5, r1 + 80072c4: f44f 7696 mov.w r6, #300 ; 0x12c + HAL_StatusTypeDef rv = HAL_I2C_Master_Receive(&i2c_port, I2C_ADDR, rx, len, HAL_MAX_DELAY); + 80072c8: b287 uxth r7, r0 + 80072ca: f04f 38ff mov.w r8, #4294967295 ; 0xffffffff + 80072ce: f8cd 8000 str.w r8, [sp] + 80072d2: 463b mov r3, r7 + 80072d4: 462a mov r2, r5 + 80072d6: 2136 movs r1, #54 ; 0x36 + 80072d8: 4648 mov r0, r9 + 80072da: f004 fbab bl 800ba34 + if(rv == HAL_OK) { + 80072de: b938 cbnz r0, 80072f0 + if(rx[0] != len-1) { + 80072e0: 782b ldrb r3, [r5, #0] + 80072e2: 3c01 subs r4, #1 + 80072e4: 42a3 cmp r3, r4 + 80072e6: d10a bne.n 80072fe + return rx[1]; + 80072e8: 7868 ldrb r0, [r5, #1] +} + 80072ea: b003 add sp, #12 + 80072ec: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + delay_ms(1); + 80072f0: 2001 movs r0, #1 + 80072f2: f7fc faf1 bl 80038d8 + for(int tries=0; tries<300; tries++) { + 80072f6: 3e01 subs r6, #1 + 80072f8: d1e9 bne.n 80072ce + return RC_NO_ACK; + 80072fa: 200f movs r0, #15 + 80072fc: e7f5 b.n 80072ea + return RC_WRONG_SIZE; + 80072fe: 201f movs r0, #31 + 8007300: e7f3 b.n 80072ea + 8007302: bf00 nop + 8007304: 2009e3ec .word 0x2009e3ec + +08007308 : +{ + 8007308: b507 push {r0, r1, r2, lr} + return se2_read_n(2, rx); + 800730a: 2002 movs r0, #2 + 800730c: a901 add r1, sp, #4 + 800730e: f7ff ffd3 bl 80072b8 +} + 8007312: b003 add sp, #12 + 8007314: f85d fb04 ldr.w pc, [sp], #4 + +08007318 : +{ + 8007318: b507 push {r0, r1, r2, lr} + CALL_CHECK(se2_write_n(0x96, &page_num, data, 32)); + 800731a: 2320 movs r3, #32 +{ + 800731c: 460a mov r2, r1 + 800731e: f88d 0007 strb.w r0, [sp, #7] + CALL_CHECK(se2_write_n(0x96, &page_num, data, 32)); + 8007322: f10d 0107 add.w r1, sp, #7 + 8007326: 2096 movs r0, #150 ; 0x96 + 8007328: f7ff ff7e bl 8007228 + 800732c: b118 cbz r0, 8007336 + 800732e: 21cb movs r1, #203 ; 0xcb + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 8007330: 4805 ldr r0, [pc, #20] ; (8007348 ) + 8007332: f006 f97b bl 800d62c + 8007336: f7ff ffe7 bl 8007308 + 800733a: 28aa cmp r0, #170 ; 0xaa + 800733c: d001 beq.n 8007342 + 800733e: 21cd movs r1, #205 ; 0xcd + 8007340: e7f6 b.n 8007330 +} + 8007342: b003 add sp, #12 + 8007344: f85d fb04 ldr.w pc, [sp], #4 + 8007348: 2009e390 .word 0x2009e390 + +0800734c : + ASSERT(pubkey_num < 2); + 800734c: 2801 cmp r0, #1 +{ + 800734e: b508 push {r3, lr} + ASSERT(pubkey_num < 2); + 8007350: d902 bls.n 8007358 + 8007352: 480a ldr r0, [pc, #40] ; (800737c ) + 8007354: f7f9 fb66 bl 8000a24 + CALL_CHECK(se2_write1(0xcb, (wpe <<6) | pubkey_num)); + 8007358: ea40 1181 orr.w r1, r0, r1, lsl #6 + 800735c: b2c9 uxtb r1, r1 + 800735e: 20cb movs r0, #203 ; 0xcb + 8007360: f7ff ff2c bl 80071bc + 8007364: b118 cbz r0, 800736e + 8007366: 21d9 movs r1, #217 ; 0xd9 + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 8007368: 4805 ldr r0, [pc, #20] ; (8007380 ) + 800736a: f006 f95f bl 800d62c + 800736e: f7ff ffcb bl 8007308 + 8007372: 28aa cmp r0, #170 ; 0xaa + 8007374: d001 beq.n 800737a + 8007376: 21db movs r1, #219 ; 0xdb + 8007378: e7f6 b.n 8007368 +} + 800737a: bd08 pop {r3, pc} + 800737c: 0800e354 .word 0x0800e354 + 8007380: 2009e390 .word 0x2009e390 + +08007384 : +{ + 8007384: b570 push {r4, r5, r6, lr} + 8007386: b0dc sub sp, #368 ; 0x170 + 8007388: 460d mov r5, r1 + 800738a: f88d 0007 strb.w r0, [sp, #7] + rng_buffer(chal, sizeof(chal)); + 800738e: 2120 movs r1, #32 + 8007390: a802 add r0, sp, #8 +{ + 8007392: 4616 mov r6, r2 + 8007394: 461c mov r4, r3 + rng_buffer(chal, sizeof(chal)); + 8007396: f7fb f9cb bl 8002730 + se2_write_buffer(chal, sizeof(chal)); + 800739a: 2120 movs r1, #32 + 800739c: a802 add r0, sp, #8 + 800739e: f7ff ff7b bl 8007298 + CALL_CHECK(se2_write1(0xa5, (keynum<<5) | page_num)); + 80073a2: f89d 3007 ldrb.w r3, [sp, #7] + 80073a6: ea43 1146 orr.w r1, r3, r6, lsl #5 + 80073aa: b2c9 uxtb r1, r1 + 80073ac: 20a5 movs r0, #165 ; 0xa5 + 80073ae: f7ff ff05 bl 80071bc + 80073b2: b118 cbz r0, 80073bc + 80073b4: 21eb movs r1, #235 ; 0xeb + CHECK_RIGHT(se2_read_n(sizeof(check), check) == RC_SUCCESS); + 80073b6: 481e ldr r0, [pc, #120] ; (8007430 ) + 80073b8: f006 f938 bl 800d62c + 80073bc: a912 add r1, sp, #72 ; 0x48 + 80073be: 2022 movs r0, #34 ; 0x22 + 80073c0: f7ff ff7a bl 80072b8 + 80073c4: 28aa cmp r0, #170 ; 0xaa + 80073c6: d001 beq.n 80073cc + 80073c8: 21ee movs r1, #238 ; 0xee + 80073ca: e7f4 b.n 80073b6 + hmac_sha256_init(&ctx); + 80073cc: a81b add r0, sp, #108 ; 0x6c + 80073ce: f7fe f8cf bl 8005570 + hmac_sha256_update(&ctx, SE2_SECRETS->romid, 8); + 80073d2: 4b18 ldr r3, [pc, #96] ; (8007434 ) + 80073d4: 4918 ldr r1, [pc, #96] ; (8007438 ) + 80073d6: f893 20b0 ldrb.w r2, [r3, #176] ; 0xb0 + 80073da: 33b0 adds r3, #176 ; 0xb0 + 80073dc: 2aff cmp r2, #255 ; 0xff + 80073de: bf18 it ne + 80073e0: 4619 movne r1, r3 + 80073e2: a81b add r0, sp, #108 ; 0x6c + 80073e4: 2208 movs r2, #8 + 80073e6: 3160 adds r1, #96 ; 0x60 + 80073e8: f7fe f8c8 bl 800557c + hmac_sha256_update(&ctx, data, 32); + 80073ec: 4629 mov r1, r5 + 80073ee: a81b add r0, sp, #108 ; 0x6c + 80073f0: 2220 movs r2, #32 + 80073f2: f7fe f8c3 bl 800557c + hmac_sha256_update(&ctx, chal, 32); + 80073f6: a902 add r1, sp, #8 + 80073f8: a81b add r0, sp, #108 ; 0x6c + 80073fa: 2220 movs r2, #32 + 80073fc: f7fe f8be bl 800557c + hmac_sha256_update(&ctx, &page_num, 1); + 8007400: f10d 0107 add.w r1, sp, #7 + 8007404: a81b add r0, sp, #108 ; 0x6c + 8007406: 2201 movs r2, #1 + 8007408: f7fe f8b8 bl 800557c + hmac_sha256_update(&ctx, DEV_MANID, 2); + 800740c: a81b add r0, sp, #108 ; 0x6c + 800740e: 490b ldr r1, [pc, #44] ; (800743c ) + 8007410: 2202 movs r2, #2 + 8007412: f7fe f8b3 bl 800557c + hmac_sha256_final(&ctx, secret, expect); + 8007416: aa0a add r2, sp, #40 ; 0x28 + 8007418: 4621 mov r1, r4 + 800741a: a81b add r0, sp, #108 ; 0x6c + 800741c: f7fe f8c4 bl 80055a8 + return check_equal(expect, check+2, 32); + 8007420: 2220 movs r2, #32 + 8007422: f10d 014a add.w r1, sp, #74 ; 0x4a + 8007426: a80a add r0, sp, #40 ; 0x28 + 8007428: f7fb f933 bl 8002692 +} + 800742c: b05c add sp, #368 ; 0x170 + 800742e: bd70 pop {r4, r5, r6, pc} + 8007430: 2009e390 .word 0x2009e390 + 8007434: 0801c000 .word 0x0801c000 + 8007438: 2009e2b0 .word 0x2009e2b0 + 800743c: 0800e9b8 .word 0x0800e9b8 + +08007440 : +{ + 8007440: b570 push {r4, r5, r6, lr} + 8007442: 4604 mov r4, r0 + 8007444: b08a sub sp, #40 ; 0x28 + 8007446: 460d mov r5, r1 + CALL_CHECK(se2_write1(0x69, page_num)); + 8007448: 4601 mov r1, r0 + 800744a: 2069 movs r0, #105 ; 0x69 +{ + 800744c: 4616 mov r6, r2 + CALL_CHECK(se2_write1(0x69, page_num)); + 800744e: f7ff feb5 bl 80071bc + 8007452: b120 cbz r0, 800745e + 8007454: f44f 7185 mov.w r1, #266 ; 0x10a + CHECK_RIGHT(se2_read_n(sizeof(rx), rx) == RC_SUCCESS); + 8007458: 481c ldr r0, [pc, #112] ; (80074cc ) + 800745a: f006 f8e7 bl 800d62c + 800745e: a901 add r1, sp, #4 + 8007460: 2022 movs r0, #34 ; 0x22 + 8007462: f7ff ff29 bl 80072b8 + 8007466: 28aa cmp r0, #170 ; 0xaa + 8007468: d002 beq.n 8007470 + 800746a: f240 110d movw r1, #269 ; 0x10d + 800746e: e7f3 b.n 8007458 + CHECK_RIGHT(rx[0] == 33); + 8007470: f89d 3004 ldrb.w r3, [sp, #4] + 8007474: 2b21 cmp r3, #33 ; 0x21 + 8007476: d002 beq.n 800747e + 8007478: f240 110f movw r1, #271 ; 0x10f + 800747c: e7ec b.n 8007458 + CHECK_RIGHT(rx[1] == RC_SUCCESS); + 800747e: f89d 3005 ldrb.w r3, [sp, #5] + 8007482: 2baa cmp r3, #170 ; 0xaa + 8007484: d002 beq.n 800748c + 8007486: f44f 7188 mov.w r1, #272 ; 0x110 + 800748a: e7e5 b.n 8007458 + memcpy(data, rx+2, 32); + 800748c: f10d 0306 add.w r3, sp, #6 + 8007490: 462a mov r2, r5 + 8007492: f10d 0126 add.w r1, sp, #38 ; 0x26 + 8007496: f853 0b04 ldr.w r0, [r3], #4 + 800749a: f842 0b04 str.w r0, [r2], #4 + 800749e: 428b cmp r3, r1 + 80074a0: d1f9 bne.n 8007496 + if(!verify) return; + 80074a2: b186 cbz r6, 80074c6 + CHECK_RIGHT(se2_verify_page(page_num, data, 0, SE2_SECRETS->pairing)); + 80074a4: 4b0a ldr r3, [pc, #40] ; (80074d0 ) + 80074a6: 4a0b ldr r2, [pc, #44] ; (80074d4 ) + 80074a8: f893 10b0 ldrb.w r1, [r3, #176] ; 0xb0 + 80074ac: 4b0a ldr r3, [pc, #40] ; (80074d8 ) + 80074ae: 4620 mov r0, r4 + 80074b0: 29ff cmp r1, #255 ; 0xff + 80074b2: bf18 it ne + 80074b4: 4613 movne r3, r2 + 80074b6: 2200 movs r2, #0 + 80074b8: 4629 mov r1, r5 + 80074ba: f7ff ff63 bl 8007384 + 80074be: b910 cbnz r0, 80074c6 + 80074c0: f44f 718b mov.w r1, #278 ; 0x116 + 80074c4: e7c8 b.n 8007458 +} + 80074c6: b00a add sp, #40 ; 0x28 + 80074c8: bd70 pop {r4, r5, r6, pc} + 80074ca: bf00 nop + 80074cc: 2009e390 .word 0x2009e390 + 80074d0: 0801c000 .word 0x0801c000 + 80074d4: 0801c0b0 .word 0x0801c0b0 + 80074d8: 2009e2b0 .word 0x2009e2b0 + +080074dc : +{ + 80074dc: b570 push {r4, r5, r6, lr} + 80074de: b0d6 sub sp, #344 ; 0x158 + 80074e0: 461e mov r6, r3 + ASSERT((keynum == 0) || (keynum == 2)); + 80074e2: f032 0302 bics.w r3, r2, #2 +{ + 80074e6: 460c mov r4, r1 + 80074e8: 4615 mov r5, r2 + 80074ea: f88d 0007 strb.w r0, [sp, #7] + ASSERT((keynum == 0) || (keynum == 2)); + 80074ee: d002 beq.n 80074f6 + 80074f0: 4831 ldr r0, [pc, #196] ; (80075b8 ) + 80074f2: f7f9 fa97 bl 8000a24 + CALL_CHECK(se2_write1(0x4b, (keynum << 6) | page_num)); + 80074f6: f89d 1007 ldrb.w r1, [sp, #7] + 80074fa: ea41 1182 orr.w r1, r1, r2, lsl #6 + 80074fe: b2c9 uxtb r1, r1 + 8007500: 204b movs r0, #75 ; 0x4b + 8007502: f7ff fe5b bl 80071bc + 8007506: b120 cbz r0, 8007512 + 8007508: f44f 71b3 mov.w r1, #358 ; 0x166 + CHECK_RIGHT(se2_read_n(sizeof(rx), rx) == RC_SUCCESS); + 800750c: 482b ldr r0, [pc, #172] ; (80075bc ) + 800750e: f006 f88d bl 800d62c + 8007512: a90a add r1, sp, #40 ; 0x28 + 8007514: 202a movs r0, #42 ; 0x2a + 8007516: f7ff fecf bl 80072b8 + 800751a: 28aa cmp r0, #170 ; 0xaa + 800751c: d002 beq.n 8007524 + 800751e: f240 1169 movw r1, #361 ; 0x169 + 8007522: e7f3 b.n 800750c + CHECK_RIGHT(rx[1] == RC_SUCCESS); + 8007524: f89d 3029 ldrb.w r3, [sp, #41] ; 0x29 + 8007528: 2baa cmp r3, #170 ; 0xaa + 800752a: d002 beq.n 8007532 + 800752c: f240 116b movw r1, #363 ; 0x16b + 8007530: e7ec b.n 800750c + memcpy(data, rx+2+8, 32); + 8007532: f10d 0332 add.w r3, sp, #50 ; 0x32 + 8007536: 4622 mov r2, r4 + 8007538: f10d 0152 add.w r1, sp, #82 ; 0x52 + 800753c: f853 0b04 ldr.w r0, [r3], #4 + 8007540: f842 0b04 str.w r0, [r2], #4 + 8007544: 428b cmp r3, r1 + 8007546: d1f9 bne.n 800753c + hmac_sha256_init(&ctx); + 8007548: a815 add r0, sp, #84 ; 0x54 + 800754a: f7fe f811 bl 8005570 + hmac_sha256_update(&ctx, chal, 8); + 800754e: 2208 movs r2, #8 + 8007550: f10d 012a add.w r1, sp, #42 ; 0x2a + 8007554: a815 add r0, sp, #84 ; 0x54 + 8007556: f7fe f811 bl 800557c + hmac_sha256_update(&ctx, SE2_SECRETS->romid, 8); + 800755a: 4b19 ldr r3, [pc, #100] ; (80075c0 ) + 800755c: 4919 ldr r1, [pc, #100] ; (80075c4 ) + 800755e: f893 20b0 ldrb.w r2, [r3, #176] ; 0xb0 + 8007562: 33b0 adds r3, #176 ; 0xb0 + 8007564: 2aff cmp r2, #255 ; 0xff + 8007566: bf18 it ne + 8007568: 4619 movne r1, r3 + 800756a: 3160 adds r1, #96 ; 0x60 + 800756c: 2208 movs r2, #8 + 800756e: a815 add r0, sp, #84 ; 0x54 + 8007570: f7fe f804 bl 800557c + hmac_sha256_update(&ctx, &page_num, 1); + 8007574: 2201 movs r2, #1 + 8007576: f10d 0107 add.w r1, sp, #7 + 800757a: a815 add r0, sp, #84 ; 0x54 + 800757c: f7fd fffe bl 800557c + hmac_sha256_update(&ctx, DEV_MANID, 2); + 8007580: 4911 ldr r1, [pc, #68] ; (80075c8 ) + 8007582: 2202 movs r2, #2 + 8007584: a815 add r0, sp, #84 ; 0x54 + 8007586: f7fd fff9 bl 800557c + hmac_sha256_final(&ctx, secret, otp); + 800758a: aa02 add r2, sp, #8 + 800758c: 4631 mov r1, r6 + 800758e: a815 add r0, sp, #84 ; 0x54 + 8007590: f7fe f80a bl 80055a8 + xor_mixin(data, otp, 32); + 8007594: 2220 movs r2, #32 + 8007596: a902 add r1, sp, #8 + 8007598: 4620 mov r0, r4 + 800759a: f7ff fe02 bl 80071a2 + CHECK_RIGHT(se2_verify_page(page_num, data, keynum, secret)); + 800759e: f89d 0007 ldrb.w r0, [sp, #7] + 80075a2: 4633 mov r3, r6 + 80075a4: 462a mov r2, r5 + 80075a6: 4621 mov r1, r4 + 80075a8: f7ff feec bl 8007384 + 80075ac: b910 cbnz r0, 80075b4 + 80075ae: f44f 71c0 mov.w r1, #384 ; 0x180 + 80075b2: e7ab b.n 800750c +} + 80075b4: b056 add sp, #344 ; 0x158 + 80075b6: bd70 pop {r4, r5, r6, pc} + 80075b8: 0800e354 .word 0x0800e354 + 80075bc: 2009e390 .word 0x2009e390 + 80075c0: 0801c000 .word 0x0801c000 + 80075c4: 2009e2b0 .word 0x2009e2b0 + 80075c8: 0800e9b8 .word 0x0800e9b8 + +080075cc : +{ + 80075cc: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 80075d0: 460e mov r6, r1 + ASSERT((keynum == 0) || (keynum == 2)); + 80075d2: f032 0102 bics.w r1, r2, #2 +{ + 80075d6: b0e4 sub sp, #400 ; 0x190 + 80075d8: 4604 mov r4, r0 + 80075da: 4617 mov r7, r2 + 80075dc: 4698 mov r8, r3 + ASSERT((keynum == 0) || (keynum == 2)); + 80075de: d002 beq.n 80075e6 + 80075e0: 4849 ldr r0, [pc, #292] ; (8007708 ) + 80075e2: f7f9 fa1f bl 8000a24 + se2_read_encrypted(page_num, old_data, keynum, secret); + 80075e6: a901 add r1, sp, #4 + 80075e8: f7ff ff78 bl 80074dc + uint8_t PGDV = page_num | 0x80; + 80075ec: f064 037f orn r3, r4, #127 ; 0x7f + rng_buffer(&chal_check[32], 8); + 80075f0: 2108 movs r1, #8 + 80075f2: a821 add r0, sp, #132 ; 0x84 + uint8_t PGDV = page_num | 0x80; + 80075f4: f88d 3002 strb.w r3, [sp, #2] + rng_buffer(&chal_check[32], 8); + 80075f8: f7fb f89a bl 8002730 + hmac_sha256_init(&ctx); + 80075fc: a823 add r0, sp, #140 ; 0x8c + 80075fe: f7fd ffb7 bl 8005570 + hmac_sha256_update(&ctx, &chal_check[32], 8); + 8007602: 2208 movs r2, #8 + 8007604: a921 add r1, sp, #132 ; 0x84 + 8007606: a823 add r0, sp, #140 ; 0x8c + 8007608: f7fd ffb8 bl 800557c + hmac_sha256_update(&ctx, SE2_SECRETS->romid, 8); + 800760c: 4b3f ldr r3, [pc, #252] ; (800770c ) + 800760e: 4940 ldr r1, [pc, #256] ; (8007710 ) + 8007610: f893 20b0 ldrb.w r2, [r3, #176] ; 0xb0 + 8007614: 33b0 adds r3, #176 ; 0xb0 + 8007616: 2aff cmp r2, #255 ; 0xff + 8007618: bf18 it ne + 800761a: 4619 movne r1, r3 + 800761c: 3160 adds r1, #96 ; 0x60 + 800761e: 2208 movs r2, #8 + 8007620: a823 add r0, sp, #140 ; 0x8c + 8007622: f7fd ffab bl 800557c + hmac_sha256_update(&ctx, &PGDV, 1); + 8007626: 2201 movs r2, #1 + 8007628: f10d 0102 add.w r1, sp, #2 + 800762c: a823 add r0, sp, #140 ; 0x8c + 800762e: f7fd ffa5 bl 800557c + hmac_sha256_update(&ctx, DEV_MANID, 2); + 8007632: 4938 ldr r1, [pc, #224] ; (8007714 ) + 8007634: 2202 movs r2, #2 + 8007636: a823 add r0, sp, #140 ; 0x8c + 8007638: f7fd ffa0 bl 800557c + ASSERT(ctx.num_pending == 19); + 800763c: 9b63 ldr r3, [sp, #396] ; 0x18c + 800763e: 2b13 cmp r3, #19 + 8007640: d1ce bne.n 80075e0 + hmac_sha256_final(&ctx, secret, otp); + 8007642: aa09 add r2, sp, #36 ; 0x24 + 8007644: 4641 mov r1, r8 + 8007646: a823 add r0, sp, #140 ; 0x8c + 8007648: f7fd ffae bl 80055a8 + memcpy(tmp, data, 32); + 800764c: 4635 mov r5, r6 + 800764e: aa11 add r2, sp, #68 ; 0x44 + 8007650: f106 0c20 add.w ip, r6, #32 + 8007654: 6828 ldr r0, [r5, #0] + 8007656: 6869 ldr r1, [r5, #4] + 8007658: 4613 mov r3, r2 + 800765a: c303 stmia r3!, {r0, r1} + 800765c: 3508 adds r5, #8 + 800765e: 4565 cmp r5, ip + 8007660: 461a mov r2, r3 + 8007662: d1f7 bne.n 8007654 + xor_mixin(tmp, otp, 32); + 8007664: 2220 movs r2, #32 + 8007666: a909 add r1, sp, #36 ; 0x24 + 8007668: a811 add r0, sp, #68 ; 0x44 + 800766a: f7ff fd9a bl 80071a2 + hmac_sha256_init(&ctx); + 800766e: a823 add r0, sp, #140 ; 0x8c + 8007670: f7fd ff7e bl 8005570 + hmac_sha256_update(&ctx, SE2_SECRETS->romid, 8); + 8007674: 4b25 ldr r3, [pc, #148] ; (800770c ) + 8007676: 4926 ldr r1, [pc, #152] ; (8007710 ) + 8007678: f893 20b0 ldrb.w r2, [r3, #176] ; 0xb0 + 800767c: 33b0 adds r3, #176 ; 0xb0 + 800767e: 2aff cmp r2, #255 ; 0xff + 8007680: bf18 it ne + 8007682: 4619 movne r1, r3 + 8007684: 3160 adds r1, #96 ; 0x60 + 8007686: 2208 movs r2, #8 + 8007688: a823 add r0, sp, #140 ; 0x8c + 800768a: f7fd ff77 bl 800557c + hmac_sha256_update(&ctx, old_data, 32); + 800768e: 2220 movs r2, #32 + 8007690: a901 add r1, sp, #4 + 8007692: a823 add r0, sp, #140 ; 0x8c + 8007694: f7fd ff72 bl 800557c + hmac_sha256_update(&ctx, data, 32); + 8007698: 2220 movs r2, #32 + 800769a: 4631 mov r1, r6 + 800769c: a823 add r0, sp, #140 ; 0x8c + 800769e: f7fd ff6d bl 800557c + hmac_sha256_update(&ctx, &PGDV, 1); + 80076a2: 2201 movs r2, #1 + 80076a4: f10d 0102 add.w r1, sp, #2 + 80076a8: a823 add r0, sp, #140 ; 0x8c + 80076aa: f7fd ff67 bl 800557c + hmac_sha256_update(&ctx, DEV_MANID, 2); + 80076ae: 4919 ldr r1, [pc, #100] ; (8007714 ) + 80076b0: 2202 movs r2, #2 + 80076b2: a823 add r0, sp, #140 ; 0x8c + 80076b4: f7fd ff62 bl 800557c + ASSERT(ctx.num_pending == 75); + 80076b8: 9b63 ldr r3, [sp, #396] ; 0x18c + 80076ba: 2b4b cmp r3, #75 ; 0x4b + 80076bc: d190 bne.n 80075e0 + hmac_sha256_final(&ctx, secret, chal_check); + 80076be: aa19 add r2, sp, #100 ; 0x64 + 80076c0: 4641 mov r1, r8 + 80076c2: a823 add r0, sp, #140 ; 0x8c + 80076c4: f7fd ff70 bl 80055a8 + se2_write_buffer(chal_check, sizeof(chal_check)); + 80076c8: 2128 movs r1, #40 ; 0x28 + 80076ca: a819 add r0, sp, #100 ; 0x64 + 80076cc: f7ff fde4 bl 8007298 + uint8_t pn = (keynum << 6) | page_num; + 80076d0: ea44 1487 orr.w r4, r4, r7, lsl #6 + CALL_CHECK(se2_write_n(0x99, &pn, tmp, 32)); + 80076d4: 2320 movs r3, #32 + 80076d6: aa11 add r2, sp, #68 ; 0x44 + 80076d8: f10d 0103 add.w r1, sp, #3 + 80076dc: 2099 movs r0, #153 ; 0x99 + uint8_t pn = (keynum << 6) | page_num; + 80076de: f88d 4003 strb.w r4, [sp, #3] + CALL_CHECK(se2_write_n(0x99, &pn, tmp, 32)); + 80076e2: f7ff fda1 bl 8007228 + 80076e6: b120 cbz r0, 80076f2 + 80076e8: f44f 71aa mov.w r1, #340 ; 0x154 + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 80076ec: 480a ldr r0, [pc, #40] ; (8007718 ) + 80076ee: f005 ff9d bl 800d62c + 80076f2: f7ff fe09 bl 8007308 + 80076f6: 28aa cmp r0, #170 ; 0xaa + 80076f8: d002 beq.n 8007700 + 80076fa: f44f 71ab mov.w r1, #342 ; 0x156 + 80076fe: e7f5 b.n 80076ec +} + 8007700: b064 add sp, #400 ; 0x190 + 8007702: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + 8007706: bf00 nop + 8007708: 0800e354 .word 0x0800e354 + 800770c: 0801c000 .word 0x0801c000 + 8007710: 2009e2b0 .word 0x2009e2b0 + 8007714: 0800e9b8 .word 0x0800e9b8 + 8007718: 2009e390 .word 0x2009e390 + +0800771c : +{ + 800771c: b508 push {r3, lr} + 800771e: 4601 mov r1, r0 + CALL_CHECK(se2_write1(0xaa, page_num)); + 8007720: 20aa movs r0, #170 ; 0xaa + 8007722: f7ff fd4b bl 80071bc + 8007726: b120 cbz r0, 8007732 + 8007728: 4804 ldr r0, [pc, #16] ; (800773c ) + 800772a: f240 118b movw r1, #395 ; 0x18b + 800772e: f005 ff7d bl 800d62c +} + 8007732: e8bd 4008 ldmia.w sp!, {r3, lr} + return se2_read1(); + 8007736: f7ff bde7 b.w 8007308 + 800773a: bf00 nop + 800773c: 2009e390 .word 0x2009e390 + +08007740 : +{ + 8007740: b538 push {r3, r4, r5, lr} + 8007742: 460c mov r4, r1 + 8007744: 4605 mov r5, r0 + if(se2_get_protection(page_num) == flags) { + 8007746: f7ff ffe9 bl 800771c + 800774a: 42a0 cmp r0, r4 + 800774c: d011 beq.n 8007772 + CALL_CHECK(se2_write2(0xc3, page_num, flags)); + 800774e: 4622 mov r2, r4 + 8007750: 4629 mov r1, r5 + 8007752: 20c3 movs r0, #195 ; 0xc3 + 8007754: f7ff fd4c bl 80071f0 + 8007758: b120 cbz r0, 8007764 + 800775a: f240 119b movw r1, #411 ; 0x19b + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 800775e: 4805 ldr r0, [pc, #20] ; (8007774 ) + 8007760: f005 ff64 bl 800d62c + 8007764: f7ff fdd0 bl 8007308 + 8007768: 28aa cmp r0, #170 ; 0xaa + 800776a: d002 beq.n 8007772 + 800776c: f240 119d movw r1, #413 ; 0x19d + 8007770: e7f5 b.n 800775e +} + 8007772: bd38 pop {r3, r4, r5, pc} + 8007774: 2009e390 .word 0x2009e390 + +08007778 : +{ + 8007778: b500 push {lr} + if(setjmp(error_env)) { + 800777a: 4812 ldr r0, [pc, #72] ; (80077c4 ) +{ + 800777c: b089 sub sp, #36 ; 0x24 + if(setjmp(error_env)) { + 800777e: f005 ff4f bl 800d620 + 8007782: b120 cbz r0, 800778e + oled_show(screen_se2_issue); + 8007784: 4810 ldr r0, [pc, #64] ; (80077c8 ) + 8007786: f7f9 fb4d bl 8000e24 + LOCKUP_FOREVER(); + 800778a: bf30 wfi + 800778c: e7fd b.n 800778a + rng_delay(); + 800778e: f7fa ffe5 bl 800275c + if(rom_secrets->se2.pairing[0] == 0xff) { + 8007792: 4b0e ldr r3, [pc, #56] ; (80077cc ) + 8007794: f893 30b0 ldrb.w r3, [r3, #176] ; 0xb0 + 8007798: 2bff cmp r3, #255 ; 0xff + 800779a: d00f beq.n 80077bc + se2_read_page(PGN_ROM_OPTIONS, tmp, true); + 800779c: 2201 movs r2, #1 + 800779e: 4669 mov r1, sp + 80077a0: 201c movs r0, #28 + 80077a2: f7ff fe4d bl 8007440 + CHECK_RIGHT(check_equal(&tmp[24], rom_secrets->se2.romid, 8)); + 80077a6: 490a ldr r1, [pc, #40] ; (80077d0 ) + 80077a8: 2208 movs r2, #8 + 80077aa: a806 add r0, sp, #24 + 80077ac: f7fa ff71 bl 8002692 + 80077b0: b920 cbnz r0, 80077bc + 80077b2: 4804 ldr r0, [pc, #16] ; (80077c4 ) + 80077b4: f240 11b5 movw r1, #437 ; 0x1b5 + 80077b8: f005 ff38 bl 800d62c +} + 80077bc: b009 add sp, #36 ; 0x24 + 80077be: f85d fb04 ldr.w pc, [sp], #4 + 80077c2: bf00 nop + 80077c4: 2009e390 .word 0x2009e390 + 80077c8: 0800df42 .word 0x0800df42 + 80077cc: 0801c000 .word 0x0801c000 + 80077d0: 0801c110 .word 0x0801c110 + +080077d4 : +{ + 80077d4: b510 push {r4, lr} + if(setjmp(error_env)) fatal_mitm(); + 80077d6: 4817 ldr r0, [pc, #92] ; (8007834 ) +{ + 80077d8: b088 sub sp, #32 + if(setjmp(error_env)) fatal_mitm(); + 80077da: f005 ff21 bl 800d620 + 80077de: 4604 mov r4, r0 + 80077e0: b108 cbz r0, 80077e6 + 80077e2: f7f9 f929 bl 8000a38 + uint8_t z32[32] = {0}; + 80077e6: 221c movs r2, #28 + 80077e8: 4601 mov r1, r0 + 80077ea: 9000 str r0, [sp, #0] + 80077ec: a801 add r0, sp, #4 + 80077ee: f005 ff0f bl 800d610 + se2_write_page(PGN_PUBKEY_S+0, z32); + 80077f2: 4669 mov r1, sp + 80077f4: 201e movs r0, #30 + 80077f6: f7ff fd8f bl 8007318 + se2_write_page(PGN_PUBKEY_S+1, z32); + 80077fa: 4669 mov r1, sp + 80077fc: 201f movs r0, #31 + 80077fe: f7ff fd8b bl 8007318 + se2_write_buffer(z32, 32); + 8007802: 2120 movs r1, #32 + 8007804: 4668 mov r0, sp + 8007806: f7ff fd47 bl 8007298 + CALL_CHECK(se2_write2(0x3c, (2<<6), 0)); + 800780a: 4622 mov r2, r4 + 800780c: 2180 movs r1, #128 ; 0x80 + 800780e: 203c movs r0, #60 ; 0x3c + 8007810: f7ff fcee bl 80071f0 + 8007814: b120 cbz r0, 8007820 + 8007816: f240 11cd movw r1, #461 ; 0x1cd + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 800781a: 4806 ldr r0, [pc, #24] ; (8007834 ) + 800781c: f005 ff06 bl 800d62c + 8007820: f7ff fd72 bl 8007308 + 8007824: 28aa cmp r0, #170 ; 0xaa + 8007826: d002 beq.n 800782e + 8007828: f44f 71e7 mov.w r1, #462 ; 0x1ce + 800782c: e7f5 b.n 800781a +} + 800782e: b008 add sp, #32 + 8007830: bd10 pop {r4, pc} + 8007832: bf00 nop + 8007834: 2009e390 .word 0x2009e390 + +08007838 : +{ + 8007838: b570 push {r4, r5, r6, lr} + if((setjmp(error_env))) { + 800783a: 485b ldr r0, [pc, #364] ; (80079a8 ) +{ + 800783c: b090 sub sp, #64 ; 0x40 + if((setjmp(error_env))) { + 800783e: f005 feef bl 800d620 + 8007842: 4604 mov r4, r0 + 8007844: b120 cbz r0, 8007850 + oled_show(screen_se2_issue); + 8007846: 4859 ldr r0, [pc, #356] ; (80079ac ) + 8007848: f7f9 faec bl 8000e24 + LOCKUP_FOREVER(); + 800784c: bf30 wfi + 800784e: e7fd b.n 800784c + if(rom_secrets->se2.pairing[0] != 0xff) { + 8007850: 4b57 ldr r3, [pc, #348] ; (80079b0 ) + 8007852: f893 10b0 ldrb.w r1, [r3, #176] ; 0xb0 + 8007856: 29ff cmp r1, #255 ; 0xff + 8007858: f040 80a0 bne.w 800799c + memset(&_tbd, 0xff, sizeof(_tbd)); + 800785c: 4d55 ldr r5, [pc, #340] ; (80079b4 ) + 800785e: 22e0 movs r2, #224 ; 0xe0 + 8007860: 4628 mov r0, r5 + 8007862: f005 fed5 bl 800d610 + rng_buffer(_tbd.tpin_key, 32); + 8007866: 2120 movs r1, #32 + 8007868: f105 0080 add.w r0, r5, #128 ; 0x80 + 800786c: f7fa ff60 bl 8002730 + se2_read_page(PGN_ROM_OPTIONS, tmp, false); + 8007870: 4622 mov r2, r4 + 8007872: 4669 mov r1, sp + 8007874: 201c movs r0, #28 + 8007876: f7ff fde3 bl 8007440 + ASSERT(tmp[1] == 0x00); // check ANON is not set + 800787a: f89d 3001 ldrb.w r3, [sp, #1] + 800787e: b113 cbz r3, 8007886 + 8007880: 484d ldr r0, [pc, #308] ; (80079b8 ) + 8007882: f7f9 f8cf bl 8000a24 + memcpy(_tbd.romid, tmp+24, 8); + 8007886: ab06 add r3, sp, #24 + 8007888: cb03 ldmia r3!, {r0, r1} + 800788a: 6628 str r0, [r5, #96] ; 0x60 + 800788c: 6669 str r1, [r5, #100] ; 0x64 + rng_buffer(tmp, 32); + 800788e: 4668 mov r0, sp + 8007890: 2120 movs r1, #32 + 8007892: f7fa ff4d bl 8002730 + se2_write_page(PGN_SECRET_B, tmp); + 8007896: 4669 mov r1, sp + 8007898: 201a movs r0, #26 + 800789a: f7ff fd3d bl 8007318 + se2_pick_keypair(0, true); + 800789e: 2101 movs r1, #1 + 80078a0: 4620 mov r0, r4 + 80078a2: f7ff fd53 bl 800734c + se2_read_page(PGN_PUBKEY_A, &_tbd.pubkey_A[0], false); + 80078a6: 4622 mov r2, r4 + 80078a8: f105 0120 add.w r1, r5, #32 + 80078ac: 2010 movs r0, #16 + 80078ae: f7ff fdc7 bl 8007440 + memset(tmp, 0, 32); + 80078b2: 2620 movs r6, #32 + se2_read_page(PGN_PUBKEY_A+1, &_tbd.pubkey_A[32], false); + 80078b4: 4622 mov r2, r4 + 80078b6: f105 0140 add.w r1, r5, #64 ; 0x40 + 80078ba: 2011 movs r0, #17 + 80078bc: f7ff fdc0 bl 8007440 + memset(tmp, 0, 32); + 80078c0: 4632 mov r2, r6 + 80078c2: 4621 mov r1, r4 + 80078c4: 4668 mov r0, sp + 80078c6: f005 fea3 bl 800d610 + se2_write_page(PGN_PRIVKEY_B, tmp); + 80078ca: 4669 mov r1, sp + 80078cc: 2017 movs r0, #23 + 80078ce: f7ff fd23 bl 8007318 + se2_write_page(PGN_PRIVKEY_B+1, tmp); + 80078d2: 4669 mov r1, sp + 80078d4: 2018 movs r0, #24 + 80078d6: f7ff fd1f bl 8007318 + se2_write_page(PGN_PUBKEY_B, tmp); + 80078da: 4669 mov r1, sp + 80078dc: 2012 movs r0, #18 + 80078de: f7ff fd1b bl 8007318 + se2_write_page(PGN_PUBKEY_B+1, tmp); + 80078e2: 4669 mov r1, sp + 80078e4: 2013 movs r0, #19 + 80078e6: f7ff fd17 bl 8007318 + rng_buffer(_tbd.pairing, 32); + 80078ea: 4631 mov r1, r6 + 80078ec: 4628 mov r0, r5 + 80078ee: f7fa ff1f bl 8002730 + } while(_tbd.pairing[0] == 0xff); + 80078f2: 782b ldrb r3, [r5, #0] + 80078f4: 2bff cmp r3, #255 ; 0xff + 80078f6: d0f8 beq.n 80078ea + se2_write_page(PGN_SECRET_A, _tbd.pairing); + 80078f8: 4629 mov r1, r5 + 80078fa: 2019 movs r0, #25 + rng_buffer(tmp, 32); + 80078fc: 466d mov r5, sp + se2_write_page(PGN_SECRET_A, _tbd.pairing); + 80078fe: f7ff fd0b bl 8007318 + rng_buffer(tmp, 32); + 8007902: 2120 movs r1, #32 + 8007904: 4628 mov r0, r5 + 8007906: f7fa ff13 bl 8002730 + se2_write_page(PGN_SE2_EASY_KEY, tmp); + 800790a: 4629 mov r1, r5 + 800790c: 200e movs r0, #14 + 800790e: f7ff fd03 bl 8007318 + memset(tmp, 0, 32); + 8007912: 2220 movs r2, #32 + 8007914: 2100 movs r1, #0 + 8007916: 4628 mov r0, r5 + 8007918: f005 fe7a bl 800d610 + for(int pn=0; pn <= PGN_LAST_TRICK; pn++) { + 800791c: 4626 mov r6, r4 + se2_write_page(pn, tmp); + 800791e: b2f0 uxtb r0, r6 + 8007920: 4629 mov r1, r5 + for(int pn=0; pn <= PGN_LAST_TRICK; pn++) { + 8007922: 3601 adds r6, #1 + se2_write_page(pn, tmp); + 8007924: f7ff fcf8 bl 8007318 + for(int pn=0; pn <= PGN_LAST_TRICK; pn++) { + 8007928: 2e0e cmp r6, #14 + 800792a: d1f8 bne.n 800791e + flash_save_se2_data(&_tbd); + 800792c: 4821 ldr r0, [pc, #132] ; (80079b4 ) + 800792e: f7fa fc45 bl 80021bc + se2_set_protection(PGN_SECRET_A, PROT_WP); + 8007932: 2102 movs r1, #2 + 8007934: 2019 movs r0, #25 + 8007936: f7ff ff03 bl 8007740 + se2_set_protection(PGN_SECRET_B, PROT_WP); + 800793a: 2102 movs r1, #2 + 800793c: 201a movs r0, #26 + 800793e: f7ff feff bl 8007740 + se2_set_protection(PGN_PUBKEY_A, PROT_WP); + 8007942: 2102 movs r1, #2 + 8007944: 2010 movs r0, #16 + 8007946: f7ff fefb bl 8007740 + se2_set_protection(PGN_PUBKEY_B, PROT_WP); + 800794a: 2102 movs r1, #2 + 800794c: 2012 movs r0, #18 + 800794e: f7ff fef7 bl 8007740 + se2_set_protection(PGN_SE2_EASY_KEY, PROT_EPH); + 8007952: 2110 movs r1, #16 + 8007954: 4630 mov r0, r6 + 8007956: f7ff fef3 bl 8007740 + se2_set_protection(pn, PROT_EPH); + 800795a: 2510 movs r5, #16 + 800795c: b2e0 uxtb r0, r4 + 800795e: 4629 mov r1, r5 + for(int pn=0; pn <= PGN_LAST_TRICK; pn++) { + 8007960: 3401 adds r4, #1 + se2_set_protection(pn, PROT_EPH); + 8007962: f7ff feed bl 8007740 + for(int pn=0; pn <= PGN_LAST_TRICK; pn++) { + 8007966: 2c0e cmp r4, #14 + 8007968: d1f8 bne.n 800795c + se2_set_protection(PGN_ROM_OPTIONS, PROT_APH); // not planning to change + 800796a: 2108 movs r1, #8 + 800796c: 201c movs r0, #28 + 800796e: f7ff fee7 bl 8007740 + se2_read_page(PGN_DEC_COUNTER, tmp, false); + 8007972: 2200 movs r2, #0 + 8007974: a908 add r1, sp, #32 + 8007976: 201b movs r0, #27 + 8007978: f7ff fd62 bl 8007440 + if(tmp[2] == 0xff) { + 800797c: f89d 3022 ldrb.w r3, [sp, #34] ; 0x22 + 8007980: 2bff cmp r3, #255 ; 0xff + 8007982: d10d bne.n 80079a0 + tmp[0] = val & 0x0ff; + 8007984: 2380 movs r3, #128 ; 0x80 + 8007986: f88d 3020 strb.w r3, [sp, #32] + se2_write_page(PGN_DEC_COUNTER, tmp); + 800798a: a908 add r1, sp, #32 + tmp[1] = (val >> 8) & 0x0ff; + 800798c: 2300 movs r3, #0 + se2_write_page(PGN_DEC_COUNTER, tmp); + 800798e: 201b movs r0, #27 + tmp[1] = (val >> 8) & 0x0ff; + 8007990: f88d 3021 strb.w r3, [sp, #33] ; 0x21 + tmp[2] = (val >> 16) & 0x01; + 8007994: f88d 3022 strb.w r3, [sp, #34] ; 0x22 + se2_write_page(PGN_DEC_COUNTER, tmp); + 8007998: f7ff fcbe bl 8007318 +} + 800799c: b010 add sp, #64 ; 0x40 + 800799e: bd70 pop {r4, r5, r6, pc} + puts("ctr set?"); // not expected, but keep going + 80079a0: 4806 ldr r0, [pc, #24] ; (80079bc ) + 80079a2: f7fd f9d1 bl 8004d48 + 80079a6: e7f9 b.n 800799c + 80079a8: 2009e390 .word 0x2009e390 + 80079ac: 0800df42 .word 0x0800df42 + 80079b0: 0801c000 .word 0x0801c000 + 80079b4: 2009e2b0 .word 0x2009e2b0 + 80079b8: 0800e354 .word 0x0800e354 + 80079bc: 0800e998 .word 0x0800e998 + +080079c0 : +{ + 80079c0: b510 push {r4, lr} + 80079c2: b08a sub sp, #40 ; 0x28 + 80079c4: 9001 str r0, [sp, #4] + if(setjmp(error_env)) fatal_mitm(); + 80079c6: 481e ldr r0, [pc, #120] ; (8007a40 ) + 80079c8: f005 fe2a bl 800d620 + 80079cc: b108 cbz r0, 80079d2 + 80079ce: f7f9 f833 bl 8000a38 + ASSERT(check_all_ones(rom_secrets->se2.auth_pubkey, 64)); + 80079d2: 481c ldr r0, [pc, #112] ; (8007a44 ) + 80079d4: 2140 movs r1, #64 ; 0x40 + 80079d6: f7fa fe43 bl 8002660 + 80079da: b910 cbnz r0, 80079e2 + 80079dc: 481a ldr r0, [pc, #104] ; (8007a48 ) + 80079de: f7f9 f821 bl 8000a24 + memcpy(&_tbd, &rom_secrets->se2, sizeof(_tbd)); + 80079e2: 4c1a ldr r4, [pc, #104] ; (8007a4c ) + 80079e4: 491a ldr r1, [pc, #104] ; (8007a50 ) + 80079e6: 22e0 movs r2, #224 ; 0xe0 + 80079e8: 4620 mov r0, r4 + 80079ea: f005 fde9 bl 800d5c0 + rng_buffer(tmp, 32); + 80079ee: 2120 movs r1, #32 + 80079f0: a802 add r0, sp, #8 + 80079f2: f7fa fe9d bl 8002730 + se2_write_page(PGN_SE2_HARD_KEY, tmp); + 80079f6: a902 add r1, sp, #8 + 80079f8: 200f movs r0, #15 + 80079fa: f7ff fc8d bl 8007318 + se2_write_page(PGN_PUBKEY_C, &pubkey[0]); + 80079fe: 9901 ldr r1, [sp, #4] + 8007a00: 2014 movs r0, #20 + 8007a02: f7ff fc89 bl 8007318 + se2_write_page(PGN_PUBKEY_C+1, &pubkey[32]); + 8007a06: 9b01 ldr r3, [sp, #4] + 8007a08: 2015 movs r0, #21 + 8007a0a: f103 0120 add.w r1, r3, #32 + 8007a0e: f7ff fc83 bl 8007318 + memcpy(_tbd.auth_pubkey, pubkey, 64); + 8007a12: 9b01 ldr r3, [sp, #4] + 8007a14: 34a0 adds r4, #160 ; 0xa0 + 8007a16: f103 0240 add.w r2, r3, #64 ; 0x40 + 8007a1a: f853 1b04 ldr.w r1, [r3], #4 + 8007a1e: f844 1b04 str.w r1, [r4], #4 + 8007a22: 4293 cmp r3, r2 + 8007a24: d1f9 bne.n 8007a1a + flash_save_se2_data(&_tbd); + 8007a26: 4809 ldr r0, [pc, #36] ; (8007a4c ) + 8007a28: f7fa fbc8 bl 80021bc + se2_set_protection(PGN_SE2_HARD_KEY, PROT_WP | PROT_ECH | PROT_ECW); + 8007a2c: 21c2 movs r1, #194 ; 0xc2 + 8007a2e: 200f movs r0, #15 + 8007a30: f7ff fe86 bl 8007740 + se2_set_protection(PGN_PUBKEY_C, PROT_WP | PROT_RP | PROT_AUTH); + 8007a34: 2123 movs r1, #35 ; 0x23 + 8007a36: 2014 movs r0, #20 + 8007a38: f7ff fe82 bl 8007740 +} + 8007a3c: b00a add sp, #40 ; 0x28 + 8007a3e: bd10 pop {r4, pc} + 8007a40: 2009e390 .word 0x2009e390 + 8007a44: 0801c150 .word 0x0801c150 + 8007a48: 0800e354 .word 0x0800e354 + 8007a4c: 2009e2b0 .word 0x2009e2b0 + 8007a50: 0801c0b0 .word 0x0801c0b0 + +08007a54 : +{ + 8007a54: b530 push {r4, r5, lr} + 8007a56: 4614 mov r4, r2 + ASSERT(pin_len >= 0); // 12-12 typical, but empty = blank PIN + 8007a58: 1e0a subs r2, r1, #0 +{ + 8007a5a: b0c5 sub sp, #276 ; 0x114 + 8007a5c: 4605 mov r5, r0 + ASSERT(pin_len >= 0); // 12-12 typical, but empty = blank PIN + 8007a5e: da02 bge.n 8007a66 + 8007a60: 4812 ldr r0, [pc, #72] ; (8007aac ) + 8007a62: f7f8 ffdf bl 8000a24 + hmac_sha256_init(&ctx); + 8007a66: a803 add r0, sp, #12 + 8007a68: 9201 str r2, [sp, #4] + 8007a6a: f7fd fd81 bl 8005570 + hmac_sha256_update(&ctx, (uint8_t *)pin, pin_len); + 8007a6e: 9a01 ldr r2, [sp, #4] + 8007a70: 4629 mov r1, r5 + 8007a72: a803 add r0, sp, #12 + 8007a74: f7fd fd82 bl 800557c + hmac_sha256_final(&ctx, SE2_SECRETS->tpin_key, tpin_hash); + 8007a78: 4b0d ldr r3, [pc, #52] ; (8007ab0 ) + 8007a7a: 490e ldr r1, [pc, #56] ; (8007ab4 ) + 8007a7c: f893 20b0 ldrb.w r2, [r3, #176] ; 0xb0 + 8007a80: 33b0 adds r3, #176 ; 0xb0 + 8007a82: 2aff cmp r2, #255 ; 0xff + 8007a84: bf18 it ne + 8007a86: 4619 movne r1, r3 + 8007a88: a803 add r0, sp, #12 + 8007a8a: 4622 mov r2, r4 + 8007a8c: 3180 adds r1, #128 ; 0x80 + 8007a8e: f7fd fd8b bl 80055a8 + sha256_single(tpin_hash, 32, tpin_hash); + 8007a92: 4622 mov r2, r4 + 8007a94: 4620 mov r0, r4 + 8007a96: 2120 movs r1, #32 + 8007a98: f7fd fd4a bl 8005530 + sha256_single(tpin_hash, 32, tpin_hash); + 8007a9c: 4622 mov r2, r4 + 8007a9e: 2120 movs r1, #32 + 8007aa0: 4620 mov r0, r4 + 8007aa2: f7fd fd45 bl 8005530 +} + 8007aa6: b045 add sp, #276 ; 0x114 + 8007aa8: bd30 pop {r4, r5, pc} + 8007aaa: bf00 nop + 8007aac: 0800e354 .word 0x0800e354 + 8007ab0: 0801c000 .word 0x0801c000 + 8007ab4: 2009e2b0 .word 0x2009e2b0 + +08007ab8 : + +// p256_gen_keypair() +// + void +p256_gen_keypair(uint8_t privkey[32], uint8_t pubkey[64]) +{ + 8007ab8: b538 push {r3, r4, r5, lr} + 8007aba: 4605 mov r5, r0 + uECC_set_rng(rng_for_uECC); + 8007abc: 4808 ldr r0, [pc, #32] ; (8007ae0 ) +{ + 8007abe: 460c mov r4, r1 + uECC_set_rng(rng_for_uECC); + 8007ac0: f7fe fef0 bl 80068a4 + + int ok = uECC_make_key(pubkey, privkey, uECC_secp256r1()); + 8007ac4: f7fe fef4 bl 80068b0 + 8007ac8: 4629 mov r1, r5 + 8007aca: 4602 mov r2, r0 + 8007acc: 4620 mov r0, r4 + 8007ace: f7fe fef7 bl 80068c0 + ASSERT(ok == 1); + 8007ad2: 2801 cmp r0, #1 + 8007ad4: d002 beq.n 8007adc + 8007ad6: 4803 ldr r0, [pc, #12] ; (8007ae4 ) + 8007ad8: f7f8 ffa4 bl 8000a24 +} + 8007adc: bd38 pop {r3, r4, r5, pc} + 8007ade: bf00 nop + 8007ae0: 0800728d .word 0x0800728d + 8007ae4: 0800e354 .word 0x0800e354 + +08007ae8 : + +// ps256_ecdh() +// + void +ps256_ecdh(const uint8_t pubkey[64], const uint8_t privkey[32], uint8_t result[32]) +{ + 8007ae8: b513 push {r0, r1, r4, lr} + 8007aea: 4604 mov r4, r0 + uECC_set_rng(rng_for_uECC); + 8007aec: 4809 ldr r0, [pc, #36] ; (8007b14 ) +{ + 8007aee: e9cd 2100 strd r2, r1, [sp] + uECC_set_rng(rng_for_uECC); + 8007af2: f7fe fed7 bl 80068a4 + + int ok = uECC_shared_secret(pubkey, privkey, result, uECC_secp256r1()); + 8007af6: f7fe fedb bl 80068b0 + 8007afa: e9dd 2100 ldrd r2, r1, [sp] + 8007afe: 4603 mov r3, r0 + 8007b00: 4620 mov r0, r4 + 8007b02: f7fe ff1d bl 8006940 + ASSERT(ok == 1); + 8007b06: 2801 cmp r0, #1 + 8007b08: d002 beq.n 8007b10 + 8007b0a: 4803 ldr r0, [pc, #12] ; (8007b18 ) + 8007b0c: f7f8 ff8a bl 8000a24 +} + 8007b10: b002 add sp, #8 + 8007b12: bd10 pop {r4, pc} + 8007b14: 0800728d .word 0x0800728d + 8007b18: 0800e354 .word 0x0800e354 + +08007b1c : + +// se2_read_hard_secret() +// + static bool +se2_read_hard_secret(uint8_t hard_key[32], const uint8_t pin_digest[32]) +{ + 8007b1c: b510 push {r4, lr} + 8007b1e: b0e8 sub sp, #416 ; 0x1a0 + 8007b20: e9cd 0102 strd r0, r1, [sp, #8] + if(setjmp(error_env)) { + 8007b24: 4836 ldr r0, [pc, #216] ; (8007c00 ) + 8007b26: f005 fd7b bl 800d620 + 8007b2a: 2800 cmp r0, #0 + 8007b2c: d165 bne.n 8007bfa + // + SHA256_CTX ctx; + + // pick a temp key pair, share public part w/ SE2 + uint8_t tmp_privkey[32], tmp_pubkey[64]; + p256_gen_keypair(tmp_privkey, tmp_pubkey); + 8007b2e: a925 add r1, sp, #148 ; 0x94 + 8007b30: a805 add r0, sp, #20 + 8007b32: f7ff ffc1 bl 8007ab8 + + // - this can be mitm-ed, but we sign it next so doesn't matter + se2_write_page(PGN_PUBKEY_S, &tmp_pubkey[0]); + 8007b36: a925 add r1, sp, #148 ; 0x94 + 8007b38: 201e movs r0, #30 + 8007b3a: f7ff fbed bl 8007318 + se2_write_page(PGN_PUBKEY_S+1, &tmp_pubkey[32]); + 8007b3e: a92d add r1, sp, #180 ; 0xb4 + 8007b40: 201f movs r0, #31 + 8007b42: f7ff fbe9 bl 8007318 + + // pick nonce + uint8_t chal[32+32]; + rng_buffer(chal, sizeof(chal)); + 8007b46: 2140 movs r1, #64 ; 0x40 + 8007b48: a835 add r0, sp, #212 ; 0xd4 + 8007b4a: f7fa fdf1 bl 8002730 + se2_write_buffer(chal, sizeof(chal)); + 8007b4e: 2140 movs r1, #64 ; 0x40 + 8007b50: a835 add r0, sp, #212 ; 0xd4 + 8007b52: f7ff fba1 bl 8007298 + + // md = ngu.hash.sha256s(T_pubkey + chal[0:32]) + sha256_init(&ctx); + 8007b56: a855 add r0, sp, #340 ; 0x154 + 8007b58: f7fd fc82 bl 8005460 + sha256_update(&ctx, tmp_pubkey, 64); + 8007b5c: 2240 movs r2, #64 ; 0x40 + 8007b5e: a925 add r1, sp, #148 ; 0x94 + 8007b60: a855 add r0, sp, #340 ; 0x154 + 8007b62: f7fd fc8b bl 800547c + sha256_update(&ctx, chal, 32); // only first 32 bytes + 8007b66: 2220 movs r2, #32 + 8007b68: a935 add r1, sp, #212 ; 0xd4 + 8007b6a: a855 add r0, sp, #340 ; 0x154 + 8007b6c: f7fd fc86 bl 800547c + + uint8_t md[32]; + sha256_final(&ctx, md); + 8007b70: a90d add r1, sp, #52 ; 0x34 + 8007b72: a855 add r0, sp, #340 ; 0x154 + 8007b74: f7fd fcc8 bl 8005508 + // Get that digest signed by SE1 now, and doing that requires + // the main pin, because the required slot requires auth by that key. + // - this is the critical step attackers would not be able to emulate w/o SE1 contents + // - fails here if PIN wrong + uint8_t signature[64]; + int arc = ae_sign_authed(KEYNUM_joiner_key, md, signature, KEYNUM_main_pin, pin_digest); + 8007b78: 9b03 ldr r3, [sp, #12] + 8007b7a: 9300 str r3, [sp, #0] + 8007b7c: aa45 add r2, sp, #276 ; 0x114 + 8007b7e: 2303 movs r3, #3 + 8007b80: a90d add r1, sp, #52 ; 0x34 + 8007b82: 2007 movs r0, #7 + 8007b84: f7fb f90a bl 8002d9c + CHECK_RIGHT(arc == 0); + 8007b88: 4604 mov r4, r0 + 8007b8a: b120 cbz r0, 8007b96 + 8007b8c: f240 4141 movw r1, #1089 ; 0x441 + + // "Authenticate ECDSA Public Key" = 0xA8 + // cs_offset=32 ecdh_keynum=0=pubA ECDH=1 WR=0 + uint8_t param = ((32-1) << 3) | (0 << 2) | 0x2; + se2_write_n(0xA8, ¶m, signature, 64); + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 8007b90: 481b ldr r0, [pc, #108] ; (8007c00 ) + 8007b92: f005 fd4b bl 800d62c + uint8_t param = ((32-1) << 3) | (0 << 2) | 0x2; + 8007b96: 23fa movs r3, #250 ; 0xfa + 8007b98: f88d 3013 strb.w r3, [sp, #19] + se2_write_n(0xA8, ¶m, signature, 64); + 8007b9c: aa45 add r2, sp, #276 ; 0x114 + 8007b9e: 2340 movs r3, #64 ; 0x40 + 8007ba0: f10d 0113 add.w r1, sp, #19 + 8007ba4: 20a8 movs r0, #168 ; 0xa8 + 8007ba6: f7ff fb3f bl 8007228 + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 8007baa: f7ff fbad bl 8007308 + 8007bae: 28aa cmp r0, #170 ; 0xaa + 8007bb0: d002 beq.n 8007bb8 + 8007bb2: f240 4147 movw r1, #1095 ; 0x447 + 8007bb6: e7eb b.n 8007b90 + + uint8_t shared_x[32], shared_secret[32]; + ps256_ecdh(rom_secrets->se2.pubkey_A, tmp_privkey, shared_x); + 8007bb8: aa15 add r2, sp, #84 ; 0x54 + 8007bba: a905 add r1, sp, #20 + 8007bbc: 4811 ldr r0, [pc, #68] ; (8007c04 ) + 8007bbe: f7ff ff93 bl 8007ae8 + + // shared secret S will be SHA over X of shared ECDH point + chal[32:] + // s = ngu.hash.sha256s(x + chal[32:]) + sha256_init(&ctx); + 8007bc2: a855 add r0, sp, #340 ; 0x154 + 8007bc4: f7fd fc4c bl 8005460 + sha256_update(&ctx, shared_x, 32); + 8007bc8: 2220 movs r2, #32 + 8007bca: a915 add r1, sp, #84 ; 0x54 + 8007bcc: a855 add r0, sp, #340 ; 0x154 + 8007bce: f7fd fc55 bl 800547c + sha256_update(&ctx, &chal[32], 32); // second half + 8007bd2: 2220 movs r2, #32 + 8007bd4: a93d add r1, sp, #244 ; 0xf4 + 8007bd6: a855 add r0, sp, #340 ; 0x154 + 8007bd8: f7fd fc50 bl 800547c + sha256_final(&ctx, shared_secret); + 8007bdc: a91d add r1, sp, #116 ; 0x74 + 8007bde: a855 add r0, sp, #340 ; 0x154 + 8007be0: f7fd fc92 bl 8005508 + + se2_read_encrypted(PGN_SE2_HARD_KEY, hard_key, 2, shared_secret); + 8007be4: 200f movs r0, #15 + 8007be6: 9902 ldr r1, [sp, #8] + 8007be8: ab1d add r3, sp, #116 ; 0x74 + 8007bea: 2202 movs r2, #2 + 8007bec: f7ff fc76 bl 80074dc + + // CONCERN: secret "S" is retained in SE2's sram. No API to clear it. + // - but you'd need to see our copy of that value to make use of it + // - and PIN checked already to get here, so you could re-do anyway + se2_clear_volatile(); + 8007bf0: f7ff fdf0 bl 80077d4 + + return false; + 8007bf4: 4620 mov r0, r4 +} + 8007bf6: b068 add sp, #416 ; 0x1a0 + 8007bf8: bd10 pop {r4, pc} + return true; + 8007bfa: 2001 movs r0, #1 + 8007bfc: e7fb b.n 8007bf6 + 8007bfe: bf00 nop + 8007c00: 2009e390 .word 0x2009e390 + 8007c04: 0801c0d0 .word 0x0801c0d0 + +08007c08 : + +// se2_calc_seed_key() +// + static bool +se2_calc_seed_key(uint8_t aes_key[32], const mcu_key_t *mcu_key, const uint8_t pin_digest[32]) +{ + 8007c08: b570 push {r4, r5, r6, lr} + 8007c0a: b0d2 sub sp, #328 ; 0x148 + 8007c0c: 4614 mov r4, r2 + // Gather key parts from all over. Combine them w/ HMAC into a AES-256 key + uint8_t se1_easy_key[32], se1_hard_key[32]; + se2_read_encrypted(PGN_SE2_EASY_KEY, se1_easy_key, 0, rom_secrets->se2.pairing); + 8007c0e: 4b15 ldr r3, [pc, #84] ; (8007c64 ) + 8007c10: 2200 movs r2, #0 +{ + 8007c12: 4605 mov r5, r0 + 8007c14: 460e mov r6, r1 + se2_read_encrypted(PGN_SE2_EASY_KEY, se1_easy_key, 0, rom_secrets->se2.pairing); + 8007c16: 200e movs r0, #14 + 8007c18: a901 add r1, sp, #4 + 8007c1a: f7ff fc5f bl 80074dc + + if(se2_read_hard_secret(se1_hard_key, pin_digest)) return true; + 8007c1e: 4621 mov r1, r4 + 8007c20: a809 add r0, sp, #36 ; 0x24 + 8007c22: f7ff ff7b bl 8007b1c + 8007c26: 4604 mov r4, r0 + 8007c28: b9c8 cbnz r0, 8007c5e + + HMAC_CTX ctx; + hmac_sha256_init(&ctx); + 8007c2a: a811 add r0, sp, #68 ; 0x44 + 8007c2c: f7fd fca0 bl 8005570 + hmac_sha256_update(&ctx, mcu_key->value, 32); + 8007c30: 2220 movs r2, #32 + 8007c32: 4631 mov r1, r6 + 8007c34: a811 add r0, sp, #68 ; 0x44 + 8007c36: f7fd fca1 bl 800557c + hmac_sha256_update(&ctx, se1_hard_key, 32); + 8007c3a: 2220 movs r2, #32 + 8007c3c: a909 add r1, sp, #36 ; 0x24 + 8007c3e: a811 add r0, sp, #68 ; 0x44 + 8007c40: f7fd fc9c bl 800557c + hmac_sha256_update(&ctx, se1_easy_key, 32); + 8007c44: 2220 movs r2, #32 + 8007c46: a901 add r1, sp, #4 + 8007c48: a811 add r0, sp, #68 ; 0x44 + 8007c4a: f7fd fc97 bl 800557c + + // combine them all using anther MCU key via HMAC-SHA256 + hmac_sha256_final(&ctx, rom_secrets->mcu_hmac_key, aes_key); + 8007c4e: a811 add r0, sp, #68 ; 0x44 + 8007c50: 4905 ldr r1, [pc, #20] ; (8007c68 ) + 8007c52: 462a mov r2, r5 + 8007c54: f7fd fca8 bl 80055a8 + hmac_sha256_init(&ctx); // clear secrets + 8007c58: a811 add r0, sp, #68 ; 0x44 + 8007c5a: f7fd fc89 bl 8005570 + + return false; +} + 8007c5e: 4620 mov r0, r4 + 8007c60: b052 add sp, #328 ; 0x148 + 8007c62: bd70 pop {r4, r5, r6, pc} + 8007c64: 0801c0b0 .word 0x0801c0b0 + 8007c68: 0801c090 .word 0x0801c090 + +08007c6c : +{ + 8007c6c: b5f0 push {r4, r5, r6, r7, lr} + if(i2c_port.Instance == I2C2) { + 8007c6e: 4e1b ldr r6, [pc, #108] ; (8007cdc ) + 8007c70: 4f1b ldr r7, [pc, #108] ; (8007ce0 ) + 8007c72: 6833 ldr r3, [r6, #0] + 8007c74: 42bb cmp r3, r7 +{ + 8007c76: b089 sub sp, #36 ; 0x24 + if(i2c_port.Instance == I2C2) { + 8007c78: d02e beq.n 8007cd8 + __HAL_RCC_GPIOB_CLK_ENABLE(); + 8007c7a: 4b1a ldr r3, [pc, #104] ; (8007ce4 ) + GPIO_InitTypeDef setup = { + 8007c7c: 4d1a ldr r5, [pc, #104] ; (8007ce8 ) + __HAL_RCC_GPIOB_CLK_ENABLE(); + 8007c7e: 6cda ldr r2, [r3, #76] ; 0x4c + 8007c80: f042 0202 orr.w r2, r2, #2 + 8007c84: 64da str r2, [r3, #76] ; 0x4c + 8007c86: 6cda ldr r2, [r3, #76] ; 0x4c + 8007c88: f002 0202 and.w r2, r2, #2 + 8007c8c: 9201 str r2, [sp, #4] + 8007c8e: 9a01 ldr r2, [sp, #4] + __HAL_RCC_I2C2_CLK_ENABLE(); + 8007c90: 6d9a ldr r2, [r3, #88] ; 0x58 + 8007c92: f442 0280 orr.w r2, r2, #4194304 ; 0x400000 + 8007c96: 659a str r2, [r3, #88] ; 0x58 + 8007c98: 6d9b ldr r3, [r3, #88] ; 0x58 + 8007c9a: f403 0380 and.w r3, r3, #4194304 ; 0x400000 + 8007c9e: 9302 str r3, [sp, #8] + 8007ca0: 9b02 ldr r3, [sp, #8] + GPIO_InitTypeDef setup = { + 8007ca2: cd0f ldmia r5!, {r0, r1, r2, r3} + 8007ca4: ac03 add r4, sp, #12 + 8007ca6: c40f stmia r4!, {r0, r1, r2, r3} + 8007ca8: 682b ldr r3, [r5, #0] + HAL_GPIO_Init(GPIOB, &setup); + 8007caa: 4810 ldr r0, [pc, #64] ; (8007cec ) + GPIO_InitTypeDef setup = { + 8007cac: 6023 str r3, [r4, #0] + HAL_GPIO_Init(GPIOB, &setup); + 8007cae: a903 add r1, sp, #12 + 8007cb0: f7f9 f99e bl 8000ff0 + memset(&i2c_port, 0, sizeof(i2c_port)); + 8007cb4: 2244 movs r2, #68 ; 0x44 + 8007cb6: 2100 movs r1, #0 + 8007cb8: f106 0008 add.w r0, r6, #8 + 8007cbc: f005 fca8 bl 800d610 + i2c_port.Init.AddressingMode = I2C_ADDRESSINGMODE_7BIT; + 8007cc0: 2301 movs r3, #1 + 8007cc2: 60f3 str r3, [r6, #12] + HAL_StatusTypeDef rv = HAL_I2C_Init(&i2c_port); + 8007cc4: 4630 mov r0, r6 + i2c_port.Init.Timing = 0x00b03fb8; // 400khz "fast mode" in CubeMX @ 120Mhz (measured ok) + 8007cc6: 4b0a ldr r3, [pc, #40] ; (8007cf0 ) + i2c_port.Instance = I2C2; + 8007cc8: 6037 str r7, [r6, #0] + i2c_port.Init.Timing = 0x00b03fb8; // 400khz "fast mode" in CubeMX @ 120Mhz (measured ok) + 8007cca: 6073 str r3, [r6, #4] + HAL_StatusTypeDef rv = HAL_I2C_Init(&i2c_port); + 8007ccc: f003 fdac bl 800b828 + ASSERT(rv == HAL_OK); + 8007cd0: b110 cbz r0, 8007cd8 + 8007cd2: 4808 ldr r0, [pc, #32] ; (8007cf4 ) + 8007cd4: f7f8 fea6 bl 8000a24 +} + 8007cd8: b009 add sp, #36 ; 0x24 + 8007cda: bdf0 pop {r4, r5, r6, r7, pc} + 8007cdc: 2009e3ec .word 0x2009e3ec + 8007ce0: 40005800 .word 0x40005800 + 8007ce4: 40021000 .word 0x40021000 + 8007ce8: 0800e9a4 .word 0x0800e9a4 + 8007cec: 48000400 .word 0x48000400 + 8007cf0: 00b03fb8 .word 0x00b03fb8 + 8007cf4: 0800e354 .word 0x0800e354 + +08007cf8 : +{ + 8007cf8: b5f0 push {r4, r5, r6, r7, lr} + 8007cfa: b089 sub sp, #36 ; 0x24 + se2_setup(); + 8007cfc: f7ff ffb6 bl 8007c6c + if(setjmp(error_env)) fatal_mitm(); + 8007d00: 480f ldr r0, [pc, #60] ; (8007d40 ) + 8007d02: f005 fc8d bl 800d620 + 8007d06: 4604 mov r4, r0 + 8007d08: b108 cbz r0, 8007d0e + 8007d0a: f7f8 fe95 bl 8000a38 + uint8_t tmp[32] = {0}; + 8007d0e: 9000 str r0, [sp, #0] + 8007d10: 4601 mov r1, r0 + 8007d12: 221c movs r2, #28 + 8007d14: a801 add r0, sp, #4 + 8007d16: f005 fc7b bl 800d610 + se2_write_encrypted(pn, tmp, 0, SE2_SECRETS->pairing); + 8007d1a: 4f0a ldr r7, [pc, #40] ; (8007d44 ) + 8007d1c: 4e0a ldr r6, [pc, #40] ; (8007d48 ) + 8007d1e: 4d0b ldr r5, [pc, #44] ; (8007d4c ) + 8007d20: f897 30b0 ldrb.w r3, [r7, #176] ; 0xb0 + 8007d24: b2e0 uxtb r0, r4 + 8007d26: 2bff cmp r3, #255 ; 0xff + 8007d28: bf0c ite eq + 8007d2a: 4633 moveq r3, r6 + 8007d2c: 462b movne r3, r5 + 8007d2e: 2200 movs r2, #0 + 8007d30: 4669 mov r1, sp + for(int pn=0; pn <= PGN_LAST_TRICK; pn++) { + 8007d32: 3401 adds r4, #1 + se2_write_encrypted(pn, tmp, 0, SE2_SECRETS->pairing); + 8007d34: f7ff fc4a bl 80075cc + for(int pn=0; pn <= PGN_LAST_TRICK; pn++) { + 8007d38: 2c0e cmp r4, #14 + 8007d3a: d1f1 bne.n 8007d20 +} + 8007d3c: b009 add sp, #36 ; 0x24 + 8007d3e: bdf0 pop {r4, r5, r6, r7, pc} + 8007d40: 2009e390 .word 0x2009e390 + 8007d44: 0801c000 .word 0x0801c000 + 8007d48: 2009e2b0 .word 0x2009e2b0 + 8007d4c: 0801c0b0 .word 0x0801c0b0 + +08007d50 : +{ + 8007d50: b5f0 push {r4, r5, r6, r7, lr} + 8007d52: b087 sub sp, #28 + 8007d54: e9cd 0102 strd r0, r1, [sp, #8] + if(setjmp(error_env)) fatal_mitm(); + 8007d58: 4816 ldr r0, [pc, #88] ; (8007db4 ) +{ + 8007d5a: 9201 str r2, [sp, #4] + if(setjmp(error_env)) fatal_mitm(); + 8007d5c: f005 fc60 bl 800d620 + 8007d60: b108 cbz r0, 8007d66 + 8007d62: f7f8 fe69 bl 8000a38 + se2_read_encrypted(slot_num+1, &data[0], 0, SE2_SECRETS->pairing); + 8007d66: 4f14 ldr r7, [pc, #80] ; (8007db8 ) + 8007d68: 9005 str r0, [sp, #20] + se2_setup(); + 8007d6a: f7ff ff7f bl 8007c6c + se2_read_encrypted(slot_num+1, &data[0], 0, SE2_SECRETS->pairing); + 8007d6e: f89d 4008 ldrb.w r4, [sp, #8] + 8007d72: f897 30b0 ldrb.w r3, [r7, #176] ; 0xb0 + 8007d76: 4e11 ldr r6, [pc, #68] ; (8007dbc ) + 8007d78: 4d11 ldr r5, [pc, #68] ; (8007dc0 ) + 8007d7a: 9a05 ldr r2, [sp, #20] + 8007d7c: 9901 ldr r1, [sp, #4] + 8007d7e: 9204 str r2, [sp, #16] + 8007d80: 1c60 adds r0, r4, #1 + 8007d82: 2bff cmp r3, #255 ; 0xff + 8007d84: bf0c ite eq + 8007d86: 4633 moveq r3, r6 + 8007d88: 462b movne r3, r5 + 8007d8a: b2c0 uxtb r0, r0 + 8007d8c: f7ff fba6 bl 80074dc + if(tc_flags & TC_XPRV_WALLET) { + 8007d90: 9b03 ldr r3, [sp, #12] + 8007d92: 051b lsls r3, r3, #20 + 8007d94: d50c bpl.n 8007db0 + se2_read_encrypted(slot_num+2, &data[32], 0, SE2_SECRETS->pairing); + 8007d96: f897 30b0 ldrb.w r3, [r7, #176] ; 0xb0 + 8007d9a: 9901 ldr r1, [sp, #4] + 8007d9c: 9a04 ldr r2, [sp, #16] + 8007d9e: 3402 adds r4, #2 + 8007da0: 2bff cmp r3, #255 ; 0xff + 8007da2: bf0c ite eq + 8007da4: 4633 moveq r3, r6 + 8007da6: 462b movne r3, r5 + 8007da8: 3120 adds r1, #32 + 8007daa: b2e0 uxtb r0, r4 + 8007dac: f7ff fb96 bl 80074dc +} + 8007db0: b007 add sp, #28 + 8007db2: bdf0 pop {r4, r5, r6, r7, pc} + 8007db4: 2009e390 .word 0x2009e390 + 8007db8: 0801c000 .word 0x0801c000 + 8007dbc: 2009e2b0 .word 0x2009e2b0 + 8007dc0: 0801c0b0 .word 0x0801c0b0 + +08007dc4 : +{ + 8007dc4: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 8007dc8: b0fe sub sp, #504 ; 0x1f8 + 8007dca: e9cd 1002 strd r1, r0, [sp, #8] + 8007dce: e9cd 2300 strd r2, r3, [sp] + se2_setup(); + 8007dd2: f7ff ff4b bl 8007c6c + if(setjmp(error_env)) { + 8007dd6: 486a ldr r0, [pc, #424] ; (8007f80 ) + 8007dd8: f005 fc22 bl 800d620 + 8007ddc: 4604 mov r4, r0 + 8007dde: b138 cbz r0, 8007df0 + if(!safety_mode) fatal_mitm(); + 8007de0: 9b01 ldr r3, [sp, #4] + 8007de2: b11b cbz r3, 8007dec + return false; + 8007de4: 2000 movs r0, #0 +} + 8007de6: b07e add sp, #504 ; 0x1f8 + 8007de8: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + if(!safety_mode) fatal_mitm(); + 8007dec: f7f8 fe24 bl 8000a38 + if(!pin_len) return false; + 8007df0: 9b02 ldr r3, [sp, #8] + 8007df2: 2b00 cmp r3, #0 + 8007df4: d0f6 beq.n 8007de4 + trick_pin_hash(pin, pin_len, tpin_hash); + 8007df6: 9803 ldr r0, [sp, #12] + se2_read_encrypted(pn, slots[i], 0, SE2_SECRETS->pairing); + 8007df8: f8df a194 ldr.w sl, [pc, #404] ; 8007f90 + 8007dfc: f8df 9194 ldr.w r9, [pc, #404] ; 8007f94 + 8007e00: f8df 8194 ldr.w r8, [pc, #404] ; 8007f98 + trick_pin_hash(pin, pin_len, tpin_hash); + 8007e04: aa06 add r2, sp, #24 + 8007e06: 4619 mov r1, r3 + 8007e08: f7ff fe24 bl 8007a54 + 8007e0c: ad0e add r5, sp, #56 ; 0x38 + 8007e0e: 462f mov r7, r5 + int pn = PGN_TRICK(0); + 8007e10: 4626 mov r6, r4 + se2_read_encrypted(pn, slots[i], 0, SE2_SECRETS->pairing); + 8007e12: f89a 30b0 ldrb.w r3, [sl, #176] ; 0xb0 + 8007e16: 4639 mov r1, r7 + 8007e18: 2bff cmp r3, #255 ; 0xff + 8007e1a: bf0c ite eq + 8007e1c: 464b moveq r3, r9 + 8007e1e: 4643 movne r3, r8 + 8007e20: b2f0 uxtb r0, r6 + 8007e22: 2200 movs r2, #0 + for(int i=0; ipairing); + 8007e26: f7ff fb59 bl 80074dc + for(int i=0; i + se2_clear_volatile(); + 8007e32: f7ff fccf bl 80077d4 + uint32_t blank = 0; + 8007e36: 2700 movs r7, #0 + int found = -1; + 8007e38: f04f 36ff mov.w r6, #4294967295 ; 0xffffffff + if(check_equal(here, tpin_hash, 28)) { + 8007e3c: f04f 091c mov.w r9, #28 + blank |= (!!check_all_zeros(here, 32)) << i; + 8007e40: f04f 0820 mov.w r8, #32 + if(check_equal(here, tpin_hash, 28)) { + 8007e44: 464a mov r2, r9 + 8007e46: a906 add r1, sp, #24 + 8007e48: 4628 mov r0, r5 + 8007e4a: f7fa fc22 bl 8002692 + blank |= (!!check_all_zeros(here, 32)) << i; + 8007e4e: 4641 mov r1, r8 + if(check_equal(here, tpin_hash, 28)) { + 8007e50: 2800 cmp r0, #0 + 8007e52: bf18 it ne + 8007e54: 4626 movne r6, r4 + blank |= (!!check_all_zeros(here, 32)) << i; + 8007e56: 4628 mov r0, r5 + 8007e58: f7fa fc0c bl 8002674 + 8007e5c: 40a0 lsls r0, r4 + for(int i=0; i + rng_delay(); + 8007e6c: f7fa fc76 bl 800275c + memset(found_slot, 0, sizeof(trick_slot_t)); + 8007e70: 9800 ldr r0, [sp, #0] + 8007e72: 2280 movs r2, #128 ; 0x80 + 8007e74: 2100 movs r1, #0 + 8007e76: f005 fbcb bl 800d610 + if(safety_mode) { + 8007e7a: 9b01 ldr r3, [sp, #4] + 8007e7c: b10b cbz r3, 8007e82 + found_slot->blank_slots = blank; + 8007e7e: 9b00 ldr r3, [sp, #0] + 8007e80: 65df str r7, [r3, #92] ; 0x5c + if(found >= 0) { + 8007e82: 1c72 adds r2, r6, #1 + 8007e84: d074 beq.n 8007f70 + found_slot->slot_num = found; + 8007e86: 9b00 ldr r3, [sp, #0] + 8007e88: 0174 lsls r4, r6, #5 + 8007e8a: 601e str r6, [r3, #0] + memcpy(meta, &slots[found][28], 4); + 8007e8c: ab15 add r3, sp, #84 ; 0x54 + xor_mixin(meta, &tpin_hash[28], 4); + 8007e8e: 2204 movs r2, #4 + memcpy(meta, &slots[found][28], 4); + 8007e90: 591b ldr r3, [r3, r4] + 8007e92: 9305 str r3, [sp, #20] + xor_mixin(meta, &tpin_hash[28], 4); + 8007e94: a90d add r1, sp, #52 ; 0x34 + 8007e96: a805 add r0, sp, #20 + 8007e98: f7ff f983 bl 80071a2 + memcpy(&found_slot->tc_flags, &meta[0], 2); + 8007e9c: 9b00 ldr r3, [sp, #0] + 8007e9e: f8bd 5014 ldrh.w r5, [sp, #20] + memcpy(&found_slot->tc_arg, &meta[2], 2); + 8007ea2: 9a00 ldr r2, [sp, #0] + memcpy(&found_slot->tc_flags, &meta[0], 2); + 8007ea4: 809d strh r5, [r3, #4] + memcpy(&found_slot->tc_arg, &meta[2], 2); + 8007ea6: f8bd 3016 ldrh.w r3, [sp, #22] + 8007eaa: 80d3 strh r3, [r2, #6] + if(found_slot->tc_flags & TC_WORD_WALLET) { + 8007eac: 04eb lsls r3, r5, #19 + 8007eae: d513 bpl.n 8007ed8 + if(found+1 < NUM_TRICKS) { + 8007eb0: 2e0c cmp r6, #12 + 8007eb2: dc0e bgt.n 8007ed2 + memcpy(found_slot->xdata, &slots[found+1][0], 32); + 8007eb4: f504 73fc add.w r3, r4, #504 ; 0x1f8 + 8007eb8: eb0d 0403 add.w r4, sp, r3 + 8007ebc: f5a4 73d0 sub.w r3, r4, #416 ; 0x1a0 + 8007ec0: 3208 adds r2, #8 + 8007ec2: f5a4 74c0 sub.w r4, r4, #384 ; 0x180 + 8007ec6: f853 1b04 ldr.w r1, [r3], #4 + 8007eca: f842 1b04 str.w r1, [r2], #4 + 8007ece: 42a3 cmp r3, r4 + 8007ed0: d1f9 bne.n 8007ec6 + if(!safety_mode && todo) { + 8007ed2: 9b01 ldr r3, [sp, #4] + 8007ed4: b33b cbz r3, 8007f26 + 8007ed6: e049 b.n 8007f6c + } else if(found_slot->tc_flags & TC_XPRV_WALLET) { + 8007ed8: 052f lsls r7, r5, #20 + 8007eda: d521 bpl.n 8007f20 + if(found+2 < NUM_TRICKS) { + 8007edc: 2e0b cmp r6, #11 + 8007ede: dcf8 bgt.n 8007ed2 + memcpy(&found_slot->xdata[0], &slots[found+1][0], 32); + 8007ee0: 9900 ldr r1, [sp, #0] + 8007ee2: f504 73fc add.w r3, r4, #504 ; 0x1f8 + 8007ee6: 446b add r3, sp + 8007ee8: f5a3 72d0 sub.w r2, r3, #416 ; 0x1a0 + 8007eec: 3108 adds r1, #8 + 8007eee: f5a3 73c0 sub.w r3, r3, #384 ; 0x180 + 8007ef2: f852 0b04 ldr.w r0, [r2], #4 + 8007ef6: f841 0b04 str.w r0, [r1], #4 + 8007efa: 429a cmp r2, r3 + 8007efc: d1f9 bne.n 8007ef2 + memcpy(&found_slot->xdata[32], &slots[found+2][0], 32); + 8007efe: f504 73fc add.w r3, r4, #504 ; 0x1f8 + 8007f02: 9a00 ldr r2, [sp, #0] + 8007f04: eb0d 0403 add.w r4, sp, r3 + 8007f08: f5a4 73c0 sub.w r3, r4, #384 ; 0x180 + 8007f0c: 3228 adds r2, #40 ; 0x28 + 8007f0e: f5a4 74b0 sub.w r4, r4, #352 ; 0x160 + 8007f12: f853 1b04 ldr.w r1, [r3], #4 + 8007f16: f842 1b04 str.w r1, [r2], #4 + 8007f1a: 42a3 cmp r3, r4 + 8007f1c: d1f9 bne.n 8007f12 + 8007f1e: e7d8 b.n 8007ed2 + if(!safety_mode && todo) { + 8007f20: 9b01 ldr r3, [sp, #4] + 8007f22: bb1b cbnz r3, 8007f6c + 8007f24: b315 cbz r5, 8007f6c + if(todo & TC_WIPE) { + 8007f26: 0428 lsls r0, r5, #16 + 8007f28: d50a bpl.n 8007f40 + mcu_key_clear(NULL); + 8007f2a: 2000 movs r0, #0 + 8007f2c: f7fa fa84 bl 8002438 + if(todo == TC_WIPE) { + 8007f30: f5b5 4f00 cmp.w r5, #32768 ; 0x8000 + 8007f34: d104 bne.n 8007f40 + oled_show(screen_wiped); + 8007f36: 4813 ldr r0, [pc, #76] ; (8007f84 ) + 8007f38: f7f8 ff74 bl 8000e24 + LOCKUP_FOREVER(); + 8007f3c: bf30 wfi + 8007f3e: e7fd b.n 8007f3c + if(todo & TC_BRICK) { + 8007f40: 0469 lsls r1, r5, #17 + 8007f42: d40e bmi.n 8007f62 + if(todo & TC_REBOOT) { + 8007f44: 05aa lsls r2, r5, #22 + 8007f46: d50f bpl.n 8007f68 + 8007f48: f3bf 8f4f dsb sy + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 8007f4c: 490e ldr r1, [pc, #56] ; (8007f88 ) + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 8007f4e: 4b0f ldr r3, [pc, #60] ; (8007f8c ) + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 8007f50: 68ca ldr r2, [r1, #12] + 8007f52: f402 62e0 and.w r2, r2, #1792 ; 0x700 + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 8007f56: 4313 orrs r3, r2 + 8007f58: 60cb str r3, [r1, #12] + 8007f5a: f3bf 8f4f dsb sy + __NOP(); + 8007f5e: bf00 nop + for(;;) /* wait until reset */ + 8007f60: e7fd b.n 8007f5e + fast_brick(); + 8007f62: f7fa fb2d bl 80025c0 + 8007f66: e7ed b.n 8007f44 + if(todo & TC_FAKE_OUT) { + 8007f68: 04ab lsls r3, r5, #18 + 8007f6a: d401 bmi.n 8007f70 + return true; + 8007f6c: 2001 movs r0, #1 + 8007f6e: e73a b.n 8007de6 + found_slot->slot_num = -1; + 8007f70: 9a00 ldr r2, [sp, #0] + 8007f72: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 8007f76: 6013 str r3, [r2, #0] + rng_delay(); + 8007f78: f7fa fbf0 bl 800275c + 8007f7c: e732 b.n 8007de4 + 8007f7e: bf00 nop + 8007f80: 2009e390 .word 0x2009e390 + 8007f84: 0800e284 .word 0x0800e284 + 8007f88: e000ed00 .word 0xe000ed00 + 8007f8c: 05fa0004 .word 0x05fa0004 + 8007f90: 0801c000 .word 0x0801c000 + 8007f94: 2009e2b0 .word 0x2009e2b0 + 8007f98: 0801c0b0 .word 0x0801c0b0 + +08007f9c : +{ + 8007f9c: b510 push {r4, lr} + 8007f9e: b0a2 sub sp, #136 ; 0x88 + 8007fa0: 4604 mov r4, r0 + bool is_trick = se2_test_trick_pin("!p", 2, &slot, true); + 8007fa2: 2301 movs r3, #1 + 8007fa4: 4811 ldr r0, [pc, #68] ; (8007fec ) + 8007fa6: aa02 add r2, sp, #8 + 8007fa8: 2102 movs r1, #2 + 8007faa: f7ff ff0b bl 8007dc4 + if(!is_trick) return; + 8007fae: b1d8 cbz r0, 8007fe8 + if(num_fails >= slot.tc_arg) { + 8007fb0: f8bd 300e ldrh.w r3, [sp, #14] + 8007fb4: 42a3 cmp r3, r4 + 8007fb6: dc17 bgt.n 8007fe8 + if(slot.tc_flags & TC_WIPE) { + 8007fb8: f9bd 300c ldrsh.w r3, [sp, #12] + 8007fbc: 2b00 cmp r3, #0 + 8007fbe: da0d bge.n 8007fdc + const mcu_key_t *cur = mcu_key_get(&valid); + 8007fc0: f10d 0007 add.w r0, sp, #7 + 8007fc4: f7fa fa18 bl 80023f8 + if(valid) { + 8007fc8: f89d 3007 ldrb.w r3, [sp, #7] + 8007fcc: b133 cbz r3, 8007fdc + mcu_key_clear(cur); + 8007fce: f7fa fa33 bl 8002438 + oled_show(screen_wiped); + 8007fd2: 4807 ldr r0, [pc, #28] ; (8007ff0 ) + 8007fd4: f7f8 ff26 bl 8000e24 + LOCKUP_FOREVER(); + 8007fd8: bf30 wfi + 8007fda: e7fd b.n 8007fd8 + if(slot.tc_flags & TC_BRICK) { + 8007fdc: f8bd 300c ldrh.w r3, [sp, #12] + 8007fe0: 045b lsls r3, r3, #17 + 8007fe2: d501 bpl.n 8007fe8 + fast_brick(); + 8007fe4: f7fa faec bl 80025c0 +} + 8007fe8: b022 add sp, #136 ; 0x88 + 8007fea: bd10 pop {r4, pc} + 8007fec: 0800e9a1 .word 0x0800e9a1 + 8007ff0: 0800e284 .word 0x0800e284 + +08007ff4 : +{ + 8007ff4: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 8007ff8: b094 sub sp, #80 ; 0x50 + 8007ffa: 9001 str r0, [sp, #4] + se2_setup(); + 8007ffc: f7ff fe36 bl 8007c6c + if(setjmp(error_env)) { + 8008000: 4848 ldr r0, [pc, #288] ; (8008124 ) + 8008002: f005 fb0d bl 800d620 + 8008006: 4604 mov r4, r0 + 8008008: 2800 cmp r0, #0 + 800800a: f040 8088 bne.w 800811e + if((config->slot_num < 0) || (config->slot_num >= NUM_TRICKS) ) { + 800800e: 9b01 ldr r3, [sp, #4] + 8008010: 681b ldr r3, [r3, #0] + 8008012: 2b0d cmp r3, #13 + 8008014: d804 bhi.n 8008020 + if((config->slot_num >= NUM_TRICKS-1) && (config->tc_flags & TC_WORD_WALLET) ) { + 8008016: d106 bne.n 8008026 + 8008018: 9b01 ldr r3, [sp, #4] + 800801a: 889b ldrh r3, [r3, #4] + 800801c: 04d9 lsls r1, r3, #19 + 800801e: d504 bpl.n 800802a + return EPIN_RANGE_ERR; + 8008020: f06f 0466 mvn.w r4, #102 ; 0x66 + 8008024: e01f b.n 8008066 + if((config->slot_num >= NUM_TRICKS-2) && (config->tc_flags & TC_XPRV_WALLET) ) { + 8008026: 2b0c cmp r3, #12 + 8008028: d103 bne.n 8008032 + 800802a: 9b01 ldr r3, [sp, #4] + 800802c: 889b ldrh r3, [r3, #4] + 800802e: 051a lsls r2, r3, #20 + 8008030: d4f6 bmi.n 8008020 + if(config->pin_len > sizeof(config->pin)) { + 8008032: 9b01 ldr r3, [sp, #4] + 8008034: 6d99 ldr r1, [r3, #88] ; 0x58 + 8008036: 2910 cmp r1, #16 + 8008038: d8f2 bhi.n 8008020 + if(config->blank_slots) { + 800803a: 6ddd ldr r5, [r3, #92] ; 0x5c + 800803c: b31d cbz r5, 8008086 + uint8_t zeros[32] = { 0 }; + 800803e: 2100 movs r1, #0 + 8008040: 221c movs r2, #28 + 8008042: a805 add r0, sp, #20 + 8008044: 9104 str r1, [sp, #16] + 8008046: f005 fae3 bl 800d610 + se2_write_encrypted(PGN_TRICK(i), zeros, 0, SE2_SECRETS->pairing); + 800804a: f8df 80e4 ldr.w r8, [pc, #228] ; 8008130 + 800804e: 4f36 ldr r7, [pc, #216] ; (8008128 ) + 8008050: 4e36 ldr r6, [pc, #216] ; (800812c ) + for(int i=0; iblank_slots) { + 8008054: 9a01 ldr r2, [sp, #4] + uint32_t mask = (1 << i); + 8008056: 2301 movs r3, #1 + if(mask & config->blank_slots) { + 8008058: 6dd2 ldr r2, [r2, #92] ; 0x5c + uint32_t mask = (1 << i); + 800805a: 40ab lsls r3, r5 + if(mask & config->blank_slots) { + 800805c: 4213 tst r3, r2 + 800805e: d106 bne.n 800806e + for(int i=0; i +} + 8008066: 4620 mov r0, r4 + 8008068: b014 add sp, #80 ; 0x50 + 800806a: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + se2_write_encrypted(PGN_TRICK(i), zeros, 0, SE2_SECRETS->pairing); + 800806e: f898 30b0 ldrb.w r3, [r8, #176] ; 0xb0 + 8008072: 2200 movs r2, #0 + 8008074: 2bff cmp r3, #255 ; 0xff + 8008076: bf0c ite eq + 8008078: 463b moveq r3, r7 + 800807a: 4633 movne r3, r6 + 800807c: a904 add r1, sp, #16 + 800807e: b2e8 uxtb r0, r5 + 8008080: f7ff faa4 bl 80075cc + 8008084: e7ec b.n 8008060 + trick_pin_hash(config->pin, config->pin_len, tpin_digest); + 8008086: 9b01 ldr r3, [sp, #4] + se2_write_encrypted(PGN_TRICK(config->slot_num), tpin_digest, 0, SE2_SECRETS->pairing); + 8008088: f8df 80a4 ldr.w r8, [pc, #164] ; 8008130 + 800808c: 4f26 ldr r7, [pc, #152] ; (8008128 ) + 800808e: 4e27 ldr r6, [pc, #156] ; (800812c ) + trick_pin_hash(config->pin, config->pin_len, tpin_digest); + 8008090: f103 0048 add.w r0, r3, #72 ; 0x48 + 8008094: aa0c add r2, sp, #48 ; 0x30 + 8008096: f7ff fcdd bl 8007a54 + memcpy(&meta[0], &config->tc_flags, 2); + 800809a: 9b01 ldr r3, [sp, #4] + 800809c: 889b ldrh r3, [r3, #4] + 800809e: f8ad 300c strh.w r3, [sp, #12] + memcpy(&meta[2], &config->tc_arg, 2); + 80080a2: 9b01 ldr r3, [sp, #4] + xor_mixin(&tpin_digest[28], meta, 4); + 80080a4: 2204 movs r2, #4 + memcpy(&meta[2], &config->tc_arg, 2); + 80080a6: 88db ldrh r3, [r3, #6] + 80080a8: f8ad 300e strh.w r3, [sp, #14] + xor_mixin(&tpin_digest[28], meta, 4); + 80080ac: a903 add r1, sp, #12 + 80080ae: a813 add r0, sp, #76 ; 0x4c + 80080b0: f7ff f877 bl 80071a2 + se2_write_encrypted(PGN_TRICK(config->slot_num), tpin_digest, 0, SE2_SECRETS->pairing); + 80080b4: f898 30b0 ldrb.w r3, [r8, #176] ; 0xb0 + 80080b8: 9801 ldr r0, [sp, #4] + 80080ba: 2bff cmp r3, #255 ; 0xff + 80080bc: bf0c ite eq + 80080be: 463b moveq r3, r7 + 80080c0: 4633 movne r3, r6 + 80080c2: 7800 ldrb r0, [r0, #0] + 80080c4: 462a mov r2, r5 + 80080c6: a90c add r1, sp, #48 ; 0x30 + 80080c8: f7ff fa80 bl 80075cc + if(config->tc_flags & (TC_WORD_WALLET | TC_XPRV_WALLET)) { + 80080cc: 9b01 ldr r3, [sp, #4] + 80080ce: 889b ldrh r3, [r3, #4] + 80080d0: f403 53c0 and.w r3, r3, #6144 ; 0x1800 + 80080d4: b9a3 cbnz r3, 8008100 + if(config->tc_flags & TC_XPRV_WALLET) { + 80080d6: 9b01 ldr r3, [sp, #4] + 80080d8: 889b ldrh r3, [r3, #4] + 80080da: 051b lsls r3, r3, #20 + 80080dc: d5c3 bpl.n 8008066 + se2_write_encrypted(PGN_TRICK(config->slot_num+2), &config->xdata[32], + 80080de: 9901 ldr r1, [sp, #4] + 0, SE2_SECRETS->pairing); + 80080e0: 4b13 ldr r3, [pc, #76] ; (8008130 ) + se2_write_encrypted(PGN_TRICK(config->slot_num+2), &config->xdata[32], + 80080e2: f851 0b28 ldr.w r0, [r1], #40 + 0, SE2_SECRETS->pairing); + 80080e6: f893 50b0 ldrb.w r5, [r3, #176] ; 0xb0 + se2_write_encrypted(PGN_TRICK(config->slot_num+2), &config->xdata[32], + 80080ea: 4a10 ldr r2, [pc, #64] ; (800812c ) + 80080ec: 4b0e ldr r3, [pc, #56] ; (8008128 ) + 80080ee: 3002 adds r0, #2 + 80080f0: 2dff cmp r5, #255 ; 0xff + 80080f2: bf18 it ne + 80080f4: 4613 movne r3, r2 + 80080f6: b2c0 uxtb r0, r0 + 80080f8: 2200 movs r2, #0 + 80080fa: f7ff fa67 bl 80075cc + 80080fe: e7b2 b.n 8008066 + se2_write_encrypted(PGN_TRICK(config->slot_num+1), &config->xdata[0], + 8008100: 9901 ldr r1, [sp, #4] + 0, SE2_SECRETS->pairing); + 8008102: f898 30b0 ldrb.w r3, [r8, #176] ; 0xb0 + se2_write_encrypted(PGN_TRICK(config->slot_num+1), &config->xdata[0], + 8008106: f851 0b08 ldr.w r0, [r1], #8 + 800810a: 3001 adds r0, #1 + 800810c: 2bff cmp r3, #255 ; 0xff + 800810e: bf0c ite eq + 8008110: 463b moveq r3, r7 + 8008112: 4633 movne r3, r6 + 8008114: 462a mov r2, r5 + 8008116: b2c0 uxtb r0, r0 + 8008118: f7ff fa58 bl 80075cc + 800811c: e7db b.n 80080d6 + return EPIN_SE2_FAIL; + 800811e: f06f 0472 mvn.w r4, #114 ; 0x72 + 8008122: e7a0 b.n 8008066 + 8008124: 2009e390 .word 0x2009e390 + 8008128: 2009e2b0 .word 0x2009e2b0 + 800812c: 0801c0b0 .word 0x0801c0b0 + 8008130: 0801c000 .word 0x0801c000 + +08008134 : +// + bool +se2_encrypt_secret(const uint8_t secret[], int secret_len, int offset, + uint8_t main_slot[], uint8_t *check_value, + const uint8_t pin_digest[32]) +{ + 8008134: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 8008138: f5ad 7d10 sub.w sp, sp, #576 ; 0x240 + 800813c: 4699 mov r9, r3 + 800813e: 4682 mov sl, r0 + 8008140: 460f mov r7, r1 + 8008142: 4614 mov r4, r2 + 8008144: f8dd 8260 ldr.w r8, [sp, #608] ; 0x260 + se2_setup(); + 8008148: f7ff fd90 bl 8007c6c + + bool is_valid; + const mcu_key_t *cur = mcu_key_get(&is_valid); + 800814c: f10d 000b add.w r0, sp, #11 + 8008150: f7fa f952 bl 80023f8 + + if(!is_valid) { + 8008154: f89d 300b ldrb.w r3, [sp, #11] + 8008158: b953 cbnz r3, 8008170 + if(!check_value) { + 800815a: f1b8 0f00 cmp.w r8, #0 + 800815e: d105 bne.n 800816c + // problem: we are not writing the check value but it would be changed. + // ie: change long secret before real secret--unlikely + return true; + 8008160: 2501 movs r5, #1 + ctx.num_pending = 32; + aes_done(&ctx, check_value, 32, aes_key, nonce); + } + + return false; +} + 8008162: 4628 mov r0, r5 + 8008164: f50d 7d10 add.w sp, sp, #576 ; 0x240 + 8008168: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + cur = mcu_key_pick(); + 800816c: f7fa f9ac bl 80024c8 + if(se2_calc_seed_key(aes_key, cur, pin_digest)) return true; + 8008170: 4601 mov r1, r0 + 8008172: 9a99 ldr r2, [sp, #612] ; 0x264 + 8008174: a807 add r0, sp, #28 + 8008176: f7ff fd47 bl 8007c08 + 800817a: 4605 mov r5, r0 + 800817c: 2800 cmp r0, #0 + 800817e: d1ef bne.n 8008160 + memcpy(nonce, rom_secrets->mcu_hmac_key, sizeof(nonce)-1); + 8008180: 4b16 ldr r3, [pc, #88] ; (80081dc ) + 8008182: cb0f ldmia r3, {r0, r1, r2, r3} + 8008184: ae03 add r6, sp, #12 + 8008186: 46b4 mov ip, r6 + 8008188: e8ac 0007 stmia.w ip!, {r0, r1, r2} + nonce[15] = offset / AES_BLOCK_SIZE; + 800818c: 2c00 cmp r4, #0 + memcpy(nonce, rom_secrets->mcu_hmac_key, sizeof(nonce)-1); + 800818e: f82c 3b02 strh.w r3, [ip], #2 + nonce[15] = offset / AES_BLOCK_SIZE; + 8008192: bfb8 it lt + 8008194: 340f addlt r4, #15 + memcpy(nonce, rom_secrets->mcu_hmac_key, sizeof(nonce)-1); + 8008196: 0c1b lsrs r3, r3, #16 + 8008198: f88c 3000 strb.w r3, [ip] + aes_init(&ctx); + 800819c: a80f add r0, sp, #60 ; 0x3c + nonce[15] = offset / AES_BLOCK_SIZE; + 800819e: 1124 asrs r4, r4, #4 + 80081a0: 73f4 strb r4, [r6, #15] + aes_init(&ctx); + 80081a2: f000 f92b bl 80083fc + aes_add(&ctx, secret, secret_len); + 80081a6: 463a mov r2, r7 + 80081a8: 4651 mov r1, sl + 80081aa: a80f add r0, sp, #60 ; 0x3c + 80081ac: f000 f92c bl 8008408 + aes_done(&ctx, main_slot, secret_len, aes_key, nonce); + 80081b0: 9600 str r6, [sp, #0] + 80081b2: ab07 add r3, sp, #28 + 80081b4: 463a mov r2, r7 + 80081b6: 4649 mov r1, r9 + 80081b8: a80f add r0, sp, #60 ; 0x3c + 80081ba: f000 f93b bl 8008434 + if(check_value) { + 80081be: f1b8 0f00 cmp.w r8, #0 + 80081c2: d0ce beq.n 8008162 + aes_init(&ctx); + 80081c4: a80f add r0, sp, #60 ; 0x3c + 80081c6: f000 f919 bl 80083fc + ctx.num_pending = 32; + 80081ca: 2220 movs r2, #32 + aes_done(&ctx, check_value, 32, aes_key, nonce); + 80081cc: 9600 str r6, [sp, #0] + 80081ce: ab07 add r3, sp, #28 + 80081d0: 4641 mov r1, r8 + 80081d2: a80f add r0, sp, #60 ; 0x3c + ctx.num_pending = 32; + 80081d4: 928f str r2, [sp, #572] ; 0x23c + aes_done(&ctx, check_value, 32, aes_key, nonce); + 80081d6: f000 f92d bl 8008434 + 80081da: e7c2 b.n 8008162 + 80081dc: 0801c090 .word 0x0801c090 + +080081e0 : +// + void +se2_decrypt_secret(uint8_t secret[], int secret_len, int offset, + const uint8_t main_slot[], const uint8_t *check_value, + const uint8_t pin_digest[32], bool *is_valid) +{ + 80081e0: b530 push {r4, r5, lr} + 80081e2: f5ad 7d1f sub.w sp, sp, #636 ; 0x27c + 80081e6: e9cd 2306 strd r2, r3, [sp, #24] + 80081ea: 9005 str r0, [sp, #20] + 80081ec: 9103 str r1, [sp, #12] + se2_setup(); + 80081ee: f7ff fd3d bl 8007c6c + + const mcu_key_t *cur = mcu_key_get(is_valid); + 80081f2: 98a4 ldr r0, [sp, #656] ; 0x290 + 80081f4: f7fa f900 bl 80023f8 + if(!*is_valid) { + 80081f8: 9ba4 ldr r3, [sp, #656] ; 0x290 + const mcu_key_t *cur = mcu_key_get(is_valid); + 80081fa: 9004 str r0, [sp, #16] + if(!*is_valid) { + 80081fc: 781b ldrb r3, [r3, #0] + 80081fe: b133 cbz r3, 800820e + // no key set? won't be able to decrypt. + return; + } + + int line_num; + if((line_num = setjmp(error_env))) { + 8008200: 4825 ldr r0, [pc, #148] ; (8008298 ) + 8008202: f005 fa0d bl 800d620 + 8008206: b128 cbz r0, 8008214 + // internal failures / broken i2c buses will come here + *is_valid = false; + 8008208: 9aa4 ldr r2, [sp, #656] ; 0x290 + 800820a: 2300 movs r3, #0 + 800820c: 7013 strb r3, [r2, #0] + + // decrypt the real data + aes_init(&ctx); + aes_add(&ctx, main_slot, secret_len); + aes_done(&ctx, secret, secret_len, aes_key, nonce); +} + 800820e: f50d 7d1f add.w sp, sp, #636 ; 0x27c + 8008212: bd30 pop {r4, r5, pc} + if(se2_calc_seed_key(aes_key, cur, pin_digest)) { + 8008214: 9aa3 ldr r2, [sp, #652] ; 0x28c + 8008216: 9904 ldr r1, [sp, #16] + 8008218: a80d add r0, sp, #52 ; 0x34 + 800821a: f7ff fcf5 bl 8007c08 + 800821e: 2800 cmp r0, #0 + 8008220: d1f2 bne.n 8008208 + memcpy(nonce, rom_secrets->mcu_hmac_key, sizeof(nonce)-1); + 8008222: 4b1e ldr r3, [pc, #120] ; (800829c ) + 8008224: cb0f ldmia r3, {r0, r1, r2, r3} + 8008226: ad09 add r5, sp, #36 ; 0x24 + 8008228: 462c mov r4, r5 + 800822a: c407 stmia r4!, {r0, r1, r2} + 800822c: f824 3b02 strh.w r3, [r4], #2 + 8008230: 0c1b lsrs r3, r3, #16 + 8008232: 7023 strb r3, [r4, #0] + nonce[15] = offset / AES_BLOCK_SIZE; + 8008234: 9b06 ldr r3, [sp, #24] + 8008236: 2b00 cmp r3, #0 + 8008238: bfb8 it lt + 800823a: 330f addlt r3, #15 + 800823c: 111b asrs r3, r3, #4 + 800823e: 73eb strb r3, [r5, #15] + if(check_value) { + 8008240: 9ba2 ldr r3, [sp, #648] ; 0x288 + 8008242: b1bb cbz r3, 8008274 + aes_init(&ctx); + 8008244: a81d add r0, sp, #116 ; 0x74 + 8008246: f000 f8d9 bl 80083fc + aes_add(&ctx, check_value, 32); + 800824a: 99a2 ldr r1, [sp, #648] ; 0x288 + 800824c: 2220 movs r2, #32 + 800824e: a81d add r0, sp, #116 ; 0x74 + 8008250: f000 f8da bl 8008408 + aes_done(&ctx, got, 32, aes_key, nonce); + 8008254: ab09 add r3, sp, #36 ; 0x24 + 8008256: 9300 str r3, [sp, #0] + 8008258: a915 add r1, sp, #84 ; 0x54 + 800825a: a81d add r0, sp, #116 ; 0x74 + 800825c: ab0d add r3, sp, #52 ; 0x34 + 800825e: 2220 movs r2, #32 + 8008260: f000 f8e8 bl 8008434 + if(!check_all_zeros(got, 32)) { + 8008264: 2120 movs r1, #32 + 8008266: a815 add r0, sp, #84 ; 0x54 + 8008268: f7fa fa04 bl 8002674 + 800826c: b910 cbnz r0, 8008274 + *is_valid = false; + 800826e: 9ba4 ldr r3, [sp, #656] ; 0x290 + 8008270: 7018 strb r0, [r3, #0] + return; + 8008272: e7cc b.n 800820e + aes_init(&ctx); + 8008274: a81d add r0, sp, #116 ; 0x74 + 8008276: f000 f8c1 bl 80083fc + aes_add(&ctx, main_slot, secret_len); + 800827a: 9a03 ldr r2, [sp, #12] + 800827c: 9907 ldr r1, [sp, #28] + 800827e: a81d add r0, sp, #116 ; 0x74 + 8008280: f000 f8c2 bl 8008408 + aes_done(&ctx, secret, secret_len, aes_key, nonce); + 8008284: ab09 add r3, sp, #36 ; 0x24 + 8008286: 9300 str r3, [sp, #0] + 8008288: 9a03 ldr r2, [sp, #12] + 800828a: 9905 ldr r1, [sp, #20] + 800828c: ab0d add r3, sp, #52 ; 0x34 + 800828e: a81d add r0, sp, #116 ; 0x74 + 8008290: f000 f8d0 bl 8008434 + 8008294: e7bb b.n 800820e + 8008296: bf00 nop + 8008298: 2009e390 .word 0x2009e390 + 800829c: 0801c090 .word 0x0801c090 + +080082a0 : +// +// Hash up a PIN code for login attempt: to tie it into SE2's contents. +// + void +se2_pin_hash(uint8_t digest_io[32], uint32_t purpose) +{ + 80082a0: b5f0 push {r4, r5, r6, r7, lr} + if(purpose != PIN_PURPOSE_NORMAL) { + 80082a2: 4b41 ldr r3, [pc, #260] ; (80083a8 ) +{ + 80082a4: b0d5 sub sp, #340 ; 0x154 + if(purpose != PIN_PURPOSE_NORMAL) { + 80082a6: 4299 cmp r1, r3 +{ + 80082a8: e9cd 0100 strd r0, r1, [sp] + if(purpose != PIN_PURPOSE_NORMAL) { + 80082ac: d17a bne.n 80083a4 + // do nothing except for real PIN case (ie. not for prefix words) + return; + } + + se2_setup(); + 80082ae: f7ff fcdd bl 8007c6c + if((setjmp(error_env))) { + 80082b2: 483e ldr r0, [pc, #248] ; (80083ac ) + 80082b4: f005 f9b4 bl 800d620 + 80082b8: 4604 mov r4, r0 + 80082ba: b120 cbz r0, 80082c6 + oled_show(screen_se2_issue); + 80082bc: 483c ldr r0, [pc, #240] ; (80083b0 ) + 80082be: f7f8 fdb1 bl 8000e24 + + LOCKUP_FOREVER(); + 80082c2: bf30 wfi + 80082c4: e7fd b.n 80082c2 + uint8_t rx[34]; // 2 bytes of len+status, then 32 bytes of data + uint8_t tmp[32]; + HMAC_CTX ctx; + + // HMAC(key=tpin_key, msg=given hash so far) + hmac_sha256_init(&ctx); + 80082c6: a813 add r0, sp, #76 ; 0x4c + 80082c8: f7fd f952 bl 8005570 + hmac_sha256_update(&ctx, digest_io, 32); + 80082cc: 9900 ldr r1, [sp, #0] + 80082ce: 2220 movs r2, #32 + 80082d0: a813 add r0, sp, #76 ; 0x4c + 80082d2: f7fd f953 bl 800557c + hmac_sha256_update(&ctx, (uint8_t *)&purpose, 4); + 80082d6: 2204 movs r2, #4 + 80082d8: eb0d 0102 add.w r1, sp, r2 + 80082dc: a813 add r0, sp, #76 ; 0x4c + 80082de: f7fd f94d bl 800557c + hmac_sha256_final(&ctx, SE2_SECRETS->tpin_key, tmp); + 80082e2: 4b34 ldr r3, [pc, #208] ; (80083b4 ) + 80082e4: 4934 ldr r1, [pc, #208] ; (80083b8 ) + 80082e6: f893 20b0 ldrb.w r2, [r3, #176] ; 0xb0 + 80082ea: 33b0 adds r3, #176 ; 0xb0 + 80082ec: 2aff cmp r2, #255 ; 0xff + 80082ee: bf18 it ne + 80082f0: 4619 movne r1, r3 + 80082f2: 3180 adds r1, #128 ; 0x80 + 80082f4: aa02 add r2, sp, #8 + 80082f6: a813 add r0, sp, #76 ; 0x4c + 80082f8: f7fd f956 bl 80055a8 + + // NOTE: exposed as cleartext here + se2_write_buffer(tmp, 32); + 80082fc: 2120 movs r1, #32 + 80082fe: a802 add r0, sp, #8 + 8008300: f7fe ffca bl 8007298 + 8008304: 25aa movs r5, #170 ; 0xaa + se2_write_buffer(rx+2, 32); + } + + // HMAC(key=secret-B (we dont know it, but set random), msg=secret-B+buffer+junk) + // - result put in secret-S (ram) + CALL_CHECK(se2_write2(0x3c, (2<<6) | (1<<4) | PGN_SECRET_B, 0)); + 8008306: 269a movs r6, #154 ; 0x9a + 8008308: 273c movs r7, #60 ; 0x3c + 800830a: 4622 mov r2, r4 + 800830c: 4631 mov r1, r6 + 800830e: 4638 mov r0, r7 + 8008310: f7fe ff6e bl 80071f0 + 8008314: b150 cbz r0, 800832c + 8008316: f240 510c movw r1, #1292 ; 0x50c + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 800831a: 4824 ldr r0, [pc, #144] ; (80083ac ) + 800831c: f005 f986 bl 800d62c + se2_write_buffer(rx+2, 32); + 8008320: 2120 movs r1, #32 + 8008322: f10d 002a add.w r0, sp, #42 ; 0x2a + 8008326: f7fe ffb7 bl 8007298 + 800832a: e7ee b.n 800830a + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 800832c: f7fe ffec bl 8007308 + 8008330: 28aa cmp r0, #170 ; 0xaa + 8008332: d002 beq.n 800833a + 8008334: f240 510d movw r1, #1293 ; 0x50d + 8008338: e7ef b.n 800831a + + // HMAC(key=S, msg=counter+junk), so we have something to read out + // - not clear what contents of 'buffer' are here, but seems to be deterministic + // and probably unchanged from prev command + CALL_CHECK(se2_write1(0xa5, (2<<5) | PGN_DEC_COUNTER)); + 800833a: 215b movs r1, #91 ; 0x5b + 800833c: 20a5 movs r0, #165 ; 0xa5 + 800833e: f7fe ff3d bl 80071bc + 8008342: b110 cbz r0, 800834a + 8008344: f240 5112 movw r1, #1298 ; 0x512 + 8008348: e7e7 b.n 800831a + + CHECK_RIGHT(se2_read_n(sizeof(rx), rx) == RC_SUCCESS); + 800834a: a90a add r1, sp, #40 ; 0x28 + 800834c: 2022 movs r0, #34 ; 0x22 + 800834e: f7fe ffb3 bl 80072b8 + 8008352: 28aa cmp r0, #170 ; 0xaa + 8008354: d002 beq.n 800835c + 8008356: f240 5114 movw r1, #1300 ; 0x514 + 800835a: e7de b.n 800831a + CHECK_RIGHT(rx[1] == RC_SUCCESS); + 800835c: f89d 3029 ldrb.w r3, [sp, #41] ; 0x29 + 8008360: 2baa cmp r3, #170 ; 0xaa + 8008362: d002 beq.n 800836a + 8008364: f240 5115 movw r1, #1301 ; 0x515 + 8008368: e7d7 b.n 800831a + for(int i=0; i + } + + // one final HMAC because we had to read cleartext from bus + hmac_sha256_init(&ctx); + 800836e: a813 add r0, sp, #76 ; 0x4c + 8008370: f7fd f8fe bl 8005570 + hmac_sha256_update(&ctx, rx+2, 32); + 8008374: 2220 movs r2, #32 + 8008376: f10d 012a add.w r1, sp, #42 ; 0x2a + 800837a: a813 add r0, sp, #76 ; 0x4c + 800837c: f7fd f8fe bl 800557c + hmac_sha256_update(&ctx, digest_io, 32); + 8008380: 9900 ldr r1, [sp, #0] + 8008382: 2220 movs r2, #32 + 8008384: a813 add r0, sp, #76 ; 0x4c + 8008386: f7fd f8f9 bl 800557c + hmac_sha256_final(&ctx, SE2_SECRETS->tpin_key, digest_io); + 800838a: 4b0a ldr r3, [pc, #40] ; (80083b4 ) + 800838c: 490a ldr r1, [pc, #40] ; (80083b8 ) + 800838e: f893 20b0 ldrb.w r2, [r3, #176] ; 0xb0 + 8008392: 33b0 adds r3, #176 ; 0xb0 + 8008394: 2aff cmp r2, #255 ; 0xff + 8008396: bf18 it ne + 8008398: 4619 movne r1, r3 + 800839a: 3180 adds r1, #128 ; 0x80 + 800839c: 9a00 ldr r2, [sp, #0] + 800839e: a813 add r0, sp, #76 ; 0x4c + 80083a0: f7fd f902 bl 80055a8 +} + 80083a4: b055 add sp, #340 ; 0x154 + 80083a6: bdf0 pop {r4, r5, r6, r7, pc} + 80083a8: 334d1858 .word 0x334d1858 + 80083ac: 2009e390 .word 0x2009e390 + 80083b0: 0800df42 .word 0x0800df42 + 80083b4: 0801c000 .word 0x0801c000 + 80083b8: 2009e2b0 .word 0x2009e2b0 + +080083bc : +// +// Read some random bytes, which we know cannot be MitM'ed. +// + void +se2_read_rng(uint8_t value[8]) +{ + 80083bc: b500 push {lr} + 80083be: b08b sub sp, #44 ; 0x2c + 80083c0: 9001 str r0, [sp, #4] + // funny business means MitM here + se2_setup(); + 80083c2: f7ff fc53 bl 8007c6c + if(setjmp(error_env)) fatal_mitm(); + 80083c6: 4809 ldr r0, [pc, #36] ; (80083ec ) + 80083c8: f005 f92a bl 800d620 + 80083cc: b108 cbz r0, 80083d2 + 80083ce: f7f8 fb33 bl 8000a38 + + // read a field with "RPS" bytes, and verify those were read true + uint8_t tmp[32]; + se2_read_page(PGN_ROM_OPTIONS, tmp, true); + 80083d2: a902 add r1, sp, #8 + 80083d4: 2201 movs r2, #1 + 80083d6: 201c movs r0, #28 + 80083d8: f7ff f832 bl 8007440 + + memcpy(value, &tmp[4], 8); + 80083dc: ab03 add r3, sp, #12 + 80083de: cb03 ldmia r3!, {r0, r1} + 80083e0: 9b01 ldr r3, [sp, #4] + 80083e2: 6018 str r0, [r3, #0] + 80083e4: 6059 str r1, [r3, #4] +} + 80083e6: b00b add sp, #44 ; 0x2c + 80083e8: f85d fb04 ldr.w pc, [sp], #4 + 80083ec: 2009e390 .word 0x2009e390 + +080083f0 : + uint32_t rv; + + if(((uint32_t)src) & 0x3) { + memcpy(&rv, *src, 4); + } else { + rv = *(uint32_t *)(*src); + 80083f0: 6803 ldr r3, [r0, #0] + 80083f2: f853 2b04 ldr.w r2, [r3], #4 + } + (*src) += 4; + 80083f6: 6003 str r3, [r0, #0] + + return __REV(rv); +} + 80083f8: ba10 rev r0, r2 + 80083fa: 4770 bx lr + +080083fc : + memset(ctx, 0, sizeof(AES_CTX)); + 80083fc: f44f 7201 mov.w r2, #516 ; 0x204 + 8008400: 2100 movs r1, #0 + 8008402: f005 b905 b.w 800d610 + ... + +08008408 : +{ + 8008408: b538 push {r3, r4, r5, lr} + 800840a: 4605 mov r5, r0 + memcpy(ctx->pending+ctx->num_pending, data_in, len); + 800840c: f8d0 0200 ldr.w r0, [r0, #512] ; 0x200 + 8008410: 4428 add r0, r5 +{ + 8008412: 4614 mov r4, r2 + memcpy(ctx->pending+ctx->num_pending, data_in, len); + 8008414: f005 f8d4 bl 800d5c0 + ctx->num_pending += len; + 8008418: f8d5 2200 ldr.w r2, [r5, #512] ; 0x200 + 800841c: 4422 add r2, r4 + ASSERT(ctx->num_pending < sizeof(ctx->pending)); + 800841e: f5b2 7f00 cmp.w r2, #512 ; 0x200 + ctx->num_pending += len; + 8008422: f8c5 2200 str.w r2, [r5, #512] ; 0x200 + ASSERT(ctx->num_pending < sizeof(ctx->pending)); + 8008426: d302 bcc.n 800842e + 8008428: 4801 ldr r0, [pc, #4] ; (8008430 ) + 800842a: f7f8 fafb bl 8000a24 +} + 800842e: bd38 pop {r3, r4, r5, pc} + 8008430: 0800e354 .word 0x0800e354 + +08008434 : +// +// Do the decryption. +// + void +aes_done(AES_CTX *ctx, uint8_t data_out[], uint32_t len, const uint8_t key[32], const uint8_t nonce[AES_BLOCK_SIZE]) +{ + 8008434: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + 8008438: 4688 mov r8, r1 + 800843a: 4611 mov r1, r2 + ASSERT(len <= ctx->num_pending); + 800843c: f8d0 2200 ldr.w r2, [r0, #512] ; 0x200 +{ + 8008440: b085 sub sp, #20 + ASSERT(len <= ctx->num_pending); + 8008442: 428a cmp r2, r1 +{ + 8008444: f8dd 9030 ldr.w r9, [sp, #48] ; 0x30 + 8008448: 4606 mov r6, r0 + ASSERT(len <= ctx->num_pending); + 800844a: d202 bcs.n 8008452 + 800844c: 4858 ldr r0, [pc, #352] ; (80085b0 ) + 800844e: f7f8 fae9 bl 8000a24 + + // enable clock to block + __HAL_RCC_AES_CLK_ENABLE(); + 8008452: 4d58 ldr r5, [pc, #352] ; (80085b4 ) + + // most changes have to be made w/ module disabled + AES->CR &= ~AES_CR_EN; + 8008454: 4c58 ldr r4, [pc, #352] ; (80085b8 ) + __HAL_RCC_AES_CLK_ENABLE(); + 8008456: 6cea ldr r2, [r5, #76] ; 0x4c + 8008458: f442 3280 orr.w r2, r2, #65536 ; 0x10000 + 800845c: 64ea str r2, [r5, #76] ; 0x4c + 800845e: 6cea ldr r2, [r5, #76] ; 0x4c + 8008460: f402 3280 and.w r2, r2, #65536 ; 0x10000 + 8008464: 9201 str r2, [sp, #4] + 8008466: 9a01 ldr r2, [sp, #4] + AES->CR &= ~AES_CR_EN; + 8008468: 6822 ldr r2, [r4, #0] + 800846a: f022 0201 bic.w r2, r2, #1 + 800846e: 6022 str r2, [r4, #0] + + // set the key size and operation mode + MODIFY_REG(AES->CR, AES_CR_KEYSIZE, CRYP_KEYSIZE_256B); + 8008470: 6822 ldr r2, [r4, #0] + 8008472: f442 2280 orr.w r2, r2, #262144 ; 0x40000 + 8008476: 6022 str r2, [r4, #0] + MODIFY_REG(AES->CR, AES_CR_DATATYPE|AES_CR_MODE|AES_CR_CHMOD, + 8008478: 6827 ldr r7, [r4, #0] + 800847a: f427 3780 bic.w r7, r7, #65536 ; 0x10000 + 800847e: f027 077e bic.w r7, r7, #126 ; 0x7e + 8008482: f047 0744 orr.w r7, r7, #68 ; 0x44 + 8008486: 6027 str r7, [r4, #0] + CRYP_DATATYPE_8B | CRYP_ALGOMODE_ENCRYPT | CRYP_CHAINMODE_AES_CTR); + + // load key and IV values + const uint8_t *K = key; + AES->KEYR7 = word_pump_bytes(&K); + 8008488: a802 add r0, sp, #8 + const uint8_t *K = key; + 800848a: 9302 str r3, [sp, #8] + AES->KEYR7 = word_pump_bytes(&K); + 800848c: f7ff ffb0 bl 80083f0 + 8008490: 63e0 str r0, [r4, #60] ; 0x3c + AES->KEYR6 = word_pump_bytes(&K); + 8008492: a802 add r0, sp, #8 + 8008494: f7ff ffac bl 80083f0 + 8008498: 63a0 str r0, [r4, #56] ; 0x38 + AES->KEYR5 = word_pump_bytes(&K); + 800849a: a802 add r0, sp, #8 + 800849c: f7ff ffa8 bl 80083f0 + 80084a0: 6360 str r0, [r4, #52] ; 0x34 + AES->KEYR4 = word_pump_bytes(&K); + 80084a2: a802 add r0, sp, #8 + 80084a4: f7ff ffa4 bl 80083f0 + 80084a8: 6320 str r0, [r4, #48] ; 0x30 + AES->KEYR3 = word_pump_bytes(&K); + 80084aa: a802 add r0, sp, #8 + 80084ac: f7ff ffa0 bl 80083f0 + 80084b0: 61e0 str r0, [r4, #28] + AES->KEYR2 = word_pump_bytes(&K); + 80084b2: a802 add r0, sp, #8 + 80084b4: f7ff ff9c bl 80083f0 + 80084b8: 61a0 str r0, [r4, #24] + AES->KEYR1 = word_pump_bytes(&K); + 80084ba: a802 add r0, sp, #8 + 80084bc: f7ff ff98 bl 80083f0 + 80084c0: 6160 str r0, [r4, #20] + AES->KEYR0 = word_pump_bytes(&K); + 80084c2: a802 add r0, sp, #8 + 80084c4: f7ff ff94 bl 80083f0 + 80084c8: 6120 str r0, [r4, #16] + + if(nonce) { + 80084ca: f1b9 0f00 cmp.w r9, #0 + 80084ce: d045 beq.n 800855c + const uint8_t *N = nonce; + AES->IVR3 = word_pump_bytes(&N); + 80084d0: a803 add r0, sp, #12 + const uint8_t *N = nonce; + 80084d2: f8cd 900c str.w r9, [sp, #12] + AES->IVR3 = word_pump_bytes(&N); + 80084d6: f7ff ff8b bl 80083f0 + 80084da: 62e0 str r0, [r4, #44] ; 0x2c + AES->IVR2 = word_pump_bytes(&N); + 80084dc: a803 add r0, sp, #12 + 80084de: f7ff ff87 bl 80083f0 + 80084e2: 62a0 str r0, [r4, #40] ; 0x28 + AES->IVR1 = word_pump_bytes(&N); + 80084e4: a803 add r0, sp, #12 + 80084e6: f7ff ff83 bl 80083f0 + 80084ea: 6260 str r0, [r4, #36] ; 0x24 + AES->IVR0 = word_pump_bytes(&N); + 80084ec: a803 add r0, sp, #12 + 80084ee: f7ff ff7f bl 80083f0 + 80084f2: 6220 str r0, [r4, #32] + AES->IVR1 = 0; + AES->IVR0 = 0; // maybe should be byte-swapped one, but whatever + } + + // Enable the Peripheral + AES->CR |= AES_CR_EN; + 80084f4: 4b30 ldr r3, [pc, #192] ; (80085b8 ) + 80084f6: 681a ldr r2, [r3, #0] + + ASSERT((((uint32_t)&ctx->pending) & 3) == 0); // safe because of special attr + 80084f8: 07b0 lsls r0, r6, #30 + AES->CR |= AES_CR_EN; + 80084fa: f042 0201 orr.w r2, r2, #1 + 80084fe: 601a str r2, [r3, #0] + ASSERT((((uint32_t)&ctx->pending) & 3) == 0); // safe because of special attr + 8008500: d1a4 bne.n 800844c + + uint32_t *p = (uint32_t *)ctx->pending; + for(int i=0; i < ctx->num_pending; i += 16) { + 8008502: f06f 070f mvn.w r7, #15 + 8008506: f8d6 0200 ldr.w r0, [r6, #512] ; 0x200 + 800850a: f106 0410 add.w r4, r6, #16 + 800850e: 1bbf subs r7, r7, r6 + 8008510: 193a adds r2, r7, r4 + 8008512: 4282 cmp r2, r0 + 8008514: db2b blt.n 800856e + *out = AES->DOUTR; out++; + *out = AES->DOUTR; out++; + *out = AES->DOUTR; + } + + memcpy(data_out, ctx->pending, len); + 8008516: 460a mov r2, r1 + 8008518: 4640 mov r0, r8 + 800851a: 4631 mov r1, r6 + 800851c: f005 f850 bl 800d5c0 + + memset(ctx, 0, sizeof(AES_CTX)); + 8008520: f44f 7201 mov.w r2, #516 ; 0x204 + 8008524: 2100 movs r1, #0 + 8008526: 4630 mov r0, r6 + 8008528: f005 f872 bl 800d610 + + // reset state of chip block, and leave clock off as well + __HAL_RCC_AES_CLK_ENABLE(); + 800852c: 6ceb ldr r3, [r5, #76] ; 0x4c + 800852e: f443 3380 orr.w r3, r3, #65536 ; 0x10000 + 8008532: 64eb str r3, [r5, #76] ; 0x4c + 8008534: 6ceb ldr r3, [r5, #76] ; 0x4c + 8008536: f403 3380 and.w r3, r3, #65536 ; 0x10000 + 800853a: 9303 str r3, [sp, #12] + 800853c: 9b03 ldr r3, [sp, #12] + __HAL_RCC_AES_FORCE_RESET(); + 800853e: 6aeb ldr r3, [r5, #44] ; 0x2c + 8008540: f443 3380 orr.w r3, r3, #65536 ; 0x10000 + 8008544: 62eb str r3, [r5, #44] ; 0x2c + __HAL_RCC_AES_RELEASE_RESET(); + 8008546: 6aeb ldr r3, [r5, #44] ; 0x2c + 8008548: f423 3380 bic.w r3, r3, #65536 ; 0x10000 + 800854c: 62eb str r3, [r5, #44] ; 0x2c + __HAL_RCC_AES_CLK_DISABLE(); + 800854e: 6ceb ldr r3, [r5, #76] ; 0x4c + 8008550: f423 3380 bic.w r3, r3, #65536 ; 0x10000 + 8008554: 64eb str r3, [r5, #76] ; 0x4c +} + 8008556: b005 add sp, #20 + 8008558: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + AES->IVR3 = 0; + 800855c: f8c4 902c str.w r9, [r4, #44] ; 0x2c + AES->IVR2 = 0; + 8008560: f8c4 9028 str.w r9, [r4, #40] ; 0x28 + AES->IVR1 = 0; + 8008564: f8c4 9024 str.w r9, [r4, #36] ; 0x24 + AES->IVR0 = 0; // maybe should be byte-swapped one, but whatever + 8008568: f8c4 9020 str.w r9, [r4, #32] + 800856c: e7c2 b.n 80084f4 + AES->DINR = *p; p++; + 800856e: f854 2c10 ldr.w r2, [r4, #-16] + 8008572: 609a str r2, [r3, #8] + AES->DINR = *p; p++; + 8008574: f854 2c0c ldr.w r2, [r4, #-12] + 8008578: 609a str r2, [r3, #8] + AES->DINR = *p; p++; + 800857a: f854 2c08 ldr.w r2, [r4, #-8] + 800857e: 609a str r2, [r3, #8] + AES->DINR = *p; p++; + 8008580: f854 2c04 ldr.w r2, [r4, #-4] + 8008584: 609a str r2, [r3, #8] + while(HAL_IS_BIT_CLR(AES->SR, AES_SR_CCF)) { + 8008586: 685a ldr r2, [r3, #4] + 8008588: 07d2 lsls r2, r2, #31 + 800858a: d5fc bpl.n 8008586 + SET_BIT(AES->CR, CRYP_CCF_CLEAR); + 800858c: 681a ldr r2, [r3, #0] + 800858e: f042 0280 orr.w r2, r2, #128 ; 0x80 + 8008592: 601a str r2, [r3, #0] + *out = AES->DOUTR; out++; + 8008594: 68da ldr r2, [r3, #12] + 8008596: f844 2c10 str.w r2, [r4, #-16] + *out = AES->DOUTR; out++; + 800859a: 68da ldr r2, [r3, #12] + 800859c: f844 2c0c str.w r2, [r4, #-12] + *out = AES->DOUTR; out++; + 80085a0: 68da ldr r2, [r3, #12] + 80085a2: f844 2c08 str.w r2, [r4, #-8] + *out = AES->DOUTR; + 80085a6: 68da ldr r2, [r3, #12] + 80085a8: f844 2c04 str.w r2, [r4, #-4] + for(int i=0; i < ctx->num_pending; i += 16) { + 80085ac: 3410 adds r4, #16 + 80085ae: e7af b.n 8008510 + 80085b0: 0800e354 .word 0x0800e354 + 80085b4: 40021000 .word 0x40021000 + 80085b8: 50060000 .word 0x50060000 + +080085bc : + voltage range. + * @param msirange MSI range value from RCC_MSIRANGE_0 to RCC_MSIRANGE_11 + * @retval HAL status + */ +static HAL_StatusTypeDef RCC_SetFlashLatencyFromMSIRange(uint32_t msirange) +{ + 80085bc: b537 push {r0, r1, r2, r4, r5, lr} + uint32_t vos; + uint32_t latency = FLASH_LATENCY_0; /* default value 0WS */ + + if(__HAL_RCC_PWR_IS_CLK_ENABLED()) + 80085be: 4d1c ldr r5, [pc, #112] ; (8008630 ) + 80085c0: 6dab ldr r3, [r5, #88] ; 0x58 + 80085c2: 00da lsls r2, r3, #3 +{ + 80085c4: 4604 mov r4, r0 + if(__HAL_RCC_PWR_IS_CLK_ENABLED()) + 80085c6: d518 bpl.n 80085fa + { + vos = HAL_PWREx_GetVoltageRange(); + 80085c8: f7fe fd7e bl 80070c8 + __HAL_RCC_PWR_CLK_ENABLE(); + vos = HAL_PWREx_GetVoltageRange(); + __HAL_RCC_PWR_CLK_DISABLE(); + } + + if(vos == PWR_REGULATOR_VOLTAGE_SCALE1) + 80085cc: f5b0 7f00 cmp.w r0, #512 ; 0x200 + 80085d0: d123 bne.n 800861a + { + if(msirange > RCC_MSIRANGE_8) + 80085d2: 2c80 cmp r4, #128 ; 0x80 + 80085d4: d928 bls.n 8008628 + latency = FLASH_LATENCY_2; /* 2WS */ + } + else + { + /* MSI 24Mhz or 32Mhz */ + latency = FLASH_LATENCY_1; /* 1WS */ + 80085d6: 2ca0 cmp r4, #160 ; 0xa0 + 80085d8: bf8c ite hi + 80085da: 2002 movhi r0, #2 + 80085dc: 2001 movls r0, #1 + /* else MSI < 8Mhz default FLASH_LATENCY_0 0WS */ + } +#endif + } + + __HAL_FLASH_SET_LATENCY(latency); + 80085de: 4a15 ldr r2, [pc, #84] ; (8008634 ) + 80085e0: 6813 ldr r3, [r2, #0] + 80085e2: f023 030f bic.w r3, r3, #15 + 80085e6: 4303 orrs r3, r0 + 80085e8: 6013 str r3, [r2, #0] + + /* Check that the new number of wait states is taken into account to access the Flash + memory by reading the FLASH_ACR register */ + if(__HAL_FLASH_GET_LATENCY() != latency) + 80085ea: 6813 ldr r3, [r2, #0] + 80085ec: f003 030f and.w r3, r3, #15 + { + return HAL_ERROR; + } + + return HAL_OK; +} + 80085f0: 1a18 subs r0, r3, r0 + 80085f2: bf18 it ne + 80085f4: 2001 movne r0, #1 + 80085f6: b003 add sp, #12 + 80085f8: bd30 pop {r4, r5, pc} + __HAL_RCC_PWR_CLK_ENABLE(); + 80085fa: 6dab ldr r3, [r5, #88] ; 0x58 + 80085fc: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + 8008600: 65ab str r3, [r5, #88] ; 0x58 + 8008602: 6dab ldr r3, [r5, #88] ; 0x58 + 8008604: f003 5380 and.w r3, r3, #268435456 ; 0x10000000 + 8008608: 9301 str r3, [sp, #4] + 800860a: 9b01 ldr r3, [sp, #4] + vos = HAL_PWREx_GetVoltageRange(); + 800860c: f7fe fd5c bl 80070c8 + __HAL_RCC_PWR_CLK_DISABLE(); + 8008610: 6dab ldr r3, [r5, #88] ; 0x58 + 8008612: f023 5380 bic.w r3, r3, #268435456 ; 0x10000000 + 8008616: 65ab str r3, [r5, #88] ; 0x58 + 8008618: e7d8 b.n 80085cc + if(msirange >= RCC_MSIRANGE_8) + 800861a: 2c7f cmp r4, #127 ; 0x7f + 800861c: d806 bhi.n 800862c + if(msirange == RCC_MSIRANGE_7) + 800861e: f1a4 0370 sub.w r3, r4, #112 ; 0x70 + 8008622: 4258 negs r0, r3 + 8008624: 4158 adcs r0, r3 + 8008626: e7da b.n 80085de + uint32_t latency = FLASH_LATENCY_0; /* default value 0WS */ + 8008628: 2000 movs r0, #0 + 800862a: e7d8 b.n 80085de + latency = FLASH_LATENCY_2; /* 2WS */ + 800862c: 2002 movs r0, #2 + 800862e: e7d6 b.n 80085de + 8008630: 40021000 .word 0x40021000 + 8008634: 40022000 .word 0x40022000 + +08008638 : +{ + 8008638: b5f8 push {r3, r4, r5, r6, r7, lr} + SET_BIT(RCC->CR, RCC_CR_MSION); + 800863a: 4c32 ldr r4, [pc, #200] ; (8008704 ) + 800863c: 6823 ldr r3, [r4, #0] + 800863e: f043 0301 orr.w r3, r3, #1 + 8008642: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8008644: f7fe fd3c bl 80070c0 + 8008648: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_MSIRDY) == 0U) + 800864a: 6823 ldr r3, [r4, #0] + 800864c: 079b lsls r3, r3, #30 + 800864e: d543 bpl.n 80086d8 + MODIFY_REG(RCC->CR, RCC_CR_MSIRANGE, RCC_MSIRANGE_6); + 8008650: 6823 ldr r3, [r4, #0] + SystemCoreClock = MSI_VALUE; + 8008652: 4a2d ldr r2, [pc, #180] ; (8008708 ) + MODIFY_REG(RCC->CR, RCC_CR_MSIRANGE, RCC_MSIRANGE_6); + 8008654: f023 03f0 bic.w r3, r3, #240 ; 0xf0 + 8008658: f043 0360 orr.w r3, r3, #96 ; 0x60 + 800865c: 6023 str r3, [r4, #0] + CLEAR_REG(RCC->CFGR); + 800865e: 2300 movs r3, #0 + 8008660: 60a3 str r3, [r4, #8] + SystemCoreClock = MSI_VALUE; + 8008662: 4b2a ldr r3, [pc, #168] ; (800870c ) + 8008664: 601a str r2, [r3, #0] + if(HAL_InitTick(uwTickPrio) != HAL_OK) + 8008666: 4b2a ldr r3, [pc, #168] ; (8008710 ) + 8008668: 6818 ldr r0, [r3, #0] + 800866a: f7fe fd2b bl 80070c4 + 800866e: 4605 mov r5, r0 + 8008670: 2800 cmp r0, #0 + 8008672: d145 bne.n 8008700 + tickstart = HAL_GetTick(); + 8008674: f7fe fd24 bl 80070c0 + if((HAL_GetTick() - tickstart) > CLOCKSWITCH_TIMEOUT_VALUE) + 8008678: f241 3788 movw r7, #5000 ; 0x1388 + tickstart = HAL_GetTick(); + 800867c: 4606 mov r6, r0 + while(READ_BIT(RCC->CFGR, RCC_CFGR_SWS) != RCC_CFGR_SWS_MSI) + 800867e: 68a3 ldr r3, [r4, #8] + 8008680: f013 0f0c tst.w r3, #12 + 8008684: d130 bne.n 80086e8 + CLEAR_BIT(RCC->CR, RCC_CR_HSEON | RCC_CR_HSION | RCC_CR_HSIKERON| RCC_CR_HSIASFS | RCC_CR_PLLON | RCC_CR_PLLSAI1ON | RCC_CR_PLLSAI2ON); + 8008686: 6822 ldr r2, [r4, #0] + 8008688: 4b22 ldr r3, [pc, #136] ; (8008714 ) + 800868a: 4013 ands r3, r2 + 800868c: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 800868e: f7fe fd17 bl 80070c0 + 8008692: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLRDY | RCC_CR_PLLSAI1RDY | RCC_CR_PLLSAI2RDY) != 0U) + 8008694: 6823 ldr r3, [r4, #0] + 8008696: f013 5328 ands.w r3, r3, #704643072 ; 0x2a000000 + 800869a: d12b bne.n 80086f4 + CLEAR_REG(RCC->PLLCFGR); + 800869c: 60e3 str r3, [r4, #12] + SET_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN_4 ); + 800869e: 68e2 ldr r2, [r4, #12] + 80086a0: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 80086a4: 60e2 str r2, [r4, #12] + CLEAR_REG(RCC->PLLSAI1CFGR); + 80086a6: 6123 str r3, [r4, #16] + SET_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1N_4 ); + 80086a8: 6922 ldr r2, [r4, #16] + 80086aa: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 80086ae: 6122 str r2, [r4, #16] + CLEAR_REG(RCC->PLLSAI2CFGR); + 80086b0: 6163 str r3, [r4, #20] + SET_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2N_4 ); + 80086b2: 6962 ldr r2, [r4, #20] + 80086b4: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 80086b8: 6162 str r2, [r4, #20] + CLEAR_BIT(RCC->CR, RCC_CR_HSEBYP); + 80086ba: 6822 ldr r2, [r4, #0] + 80086bc: f422 2280 bic.w r2, r2, #262144 ; 0x40000 + 80086c0: 6022 str r2, [r4, #0] + CLEAR_REG(RCC->CIER); + 80086c2: 61a3 str r3, [r4, #24] + WRITE_REG(RCC->CICR, 0xFFFFFFFFU); + 80086c4: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 80086c8: 6223 str r3, [r4, #32] + SET_BIT(RCC->CSR, RCC_CSR_RMVF); + 80086ca: f8d4 3094 ldr.w r3, [r4, #148] ; 0x94 + 80086ce: f443 0300 orr.w r3, r3, #8388608 ; 0x800000 + 80086d2: f8c4 3094 str.w r3, [r4, #148] ; 0x94 + return HAL_OK; + 80086d6: e005 b.n 80086e4 + if((HAL_GetTick() - tickstart) > MSI_TIMEOUT_VALUE) + 80086d8: f7fe fcf2 bl 80070c0 + 80086dc: 1b40 subs r0, r0, r5 + 80086de: 2802 cmp r0, #2 + 80086e0: d9b3 bls.n 800864a + return HAL_TIMEOUT; + 80086e2: 2503 movs r5, #3 +} + 80086e4: 4628 mov r0, r5 + 80086e6: bdf8 pop {r3, r4, r5, r6, r7, pc} + if((HAL_GetTick() - tickstart) > CLOCKSWITCH_TIMEOUT_VALUE) + 80086e8: f7fe fcea bl 80070c0 + 80086ec: 1b80 subs r0, r0, r6 + 80086ee: 42b8 cmp r0, r7 + 80086f0: d9c5 bls.n 800867e + 80086f2: e7f6 b.n 80086e2 + if((HAL_GetTick() - tickstart) > PLL_TIMEOUT_VALUE) + 80086f4: f7fe fce4 bl 80070c0 + 80086f8: 1b80 subs r0, r0, r6 + 80086fa: 2802 cmp r0, #2 + 80086fc: d9ca bls.n 8008694 + 80086fe: e7f0 b.n 80086e2 + return HAL_ERROR; + 8008700: 2501 movs r5, #1 + 8008702: e7ef b.n 80086e4 + 8008704: 40021000 .word 0x40021000 + 8008708: 003d0900 .word 0x003d0900 + 800870c: 2009e2a8 .word 0x2009e2a8 + 8008710: 2009e2ac .word 0x2009e2ac + 8008714: eafef4ff .word 0xeafef4ff + +08008718 : +{ + 8008718: b570 push {r4, r5, r6, lr} + __MCO1_CLK_ENABLE(); + 800871a: 4c12 ldr r4, [pc, #72] ; (8008764 ) + 800871c: 6ce3 ldr r3, [r4, #76] ; 0x4c + 800871e: f043 0301 orr.w r3, r3, #1 + 8008722: 64e3 str r3, [r4, #76] ; 0x4c + 8008724: 6ce3 ldr r3, [r4, #76] ; 0x4c +{ + 8008726: b086 sub sp, #24 + __MCO1_CLK_ENABLE(); + 8008728: f003 0301 and.w r3, r3, #1 + 800872c: 9300 str r3, [sp, #0] + 800872e: 9b00 ldr r3, [sp, #0] +{ + 8008730: 4616 mov r6, r2 + GPIO_InitStruct.Mode = GPIO_MODE_AF_PP; + 8008732: 2302 movs r3, #2 + 8008734: f44f 7280 mov.w r2, #256 ; 0x100 + 8008738: e9cd 2301 strd r2, r3, [sp, #4] +{ + 800873c: 460d mov r5, r1 + GPIO_InitStruct.Speed = GPIO_SPEED_FREQ_HIGH; + 800873e: 9304 str r3, [sp, #16] + HAL_GPIO_Init(MCO1_GPIO_PORT, &GPIO_InitStruct); + 8008740: a901 add r1, sp, #4 + GPIO_InitStruct.Pull = GPIO_NOPULL; + 8008742: 2300 movs r3, #0 + HAL_GPIO_Init(MCO1_GPIO_PORT, &GPIO_InitStruct); + 8008744: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + GPIO_InitStruct.Pull = GPIO_NOPULL; + 8008748: 9303 str r3, [sp, #12] + GPIO_InitStruct.Alternate = GPIO_AF0_MCO; + 800874a: 9305 str r3, [sp, #20] + HAL_GPIO_Init(MCO1_GPIO_PORT, &GPIO_InitStruct); + 800874c: f7f8 fc50 bl 8000ff0 + MODIFY_REG(RCC->CFGR, (RCC_CFGR_MCOSEL | RCC_CFGR_MCOPRE), (RCC_MCOSource | RCC_MCODiv )); + 8008750: 68a3 ldr r3, [r4, #8] + 8008752: f023 43fe bic.w r3, r3, #2130706432 ; 0x7f000000 + 8008756: ea43 0206 orr.w r2, r3, r6 + 800875a: 432a orrs r2, r5 + 800875c: 60a2 str r2, [r4, #8] +} + 800875e: b006 add sp, #24 + 8008760: bd70 pop {r4, r5, r6, pc} + 8008762: bf00 nop + 8008764: 40021000 .word 0x40021000 + +08008768 : + sysclk_source = __HAL_RCC_GET_SYSCLK_SOURCE(); + 8008768: 4b22 ldr r3, [pc, #136] ; (80087f4 ) + 800876a: 689a ldr r2, [r3, #8] + pll_oscsource = __HAL_RCC_GET_PLL_OSCSOURCE(); + 800876c: 68d9 ldr r1, [r3, #12] + if((sysclk_source == RCC_CFGR_SWS_MSI) || + 800876e: f012 020c ands.w r2, r2, #12 + 8008772: d005 beq.n 8008780 + 8008774: 2a0c cmp r2, #12 + 8008776: d115 bne.n 80087a4 + pll_oscsource = __HAL_RCC_GET_PLL_OSCSOURCE(); + 8008778: f001 0103 and.w r1, r1, #3 + ((sysclk_source == RCC_CFGR_SWS_PLL) && (pll_oscsource == RCC_PLLSOURCE_MSI))) + 800877c: 2901 cmp r1, #1 + 800877e: d118 bne.n 80087b2 + if(READ_BIT(RCC->CR, RCC_CR_MSIRGSEL) == 0U) + 8008780: 6819 ldr r1, [r3, #0] + msirange = MSIRangeTable[msirange]; + 8008782: 481d ldr r0, [pc, #116] ; (80087f8 ) + if(READ_BIT(RCC->CR, RCC_CR_MSIRGSEL) == 0U) + 8008784: 0709 lsls r1, r1, #28 + msirange = READ_BIT(RCC->CSR, RCC_CSR_MSISRANGE) >> RCC_CSR_MSISRANGE_Pos; + 8008786: bf55 itete pl + 8008788: f8d3 1094 ldrpl.w r1, [r3, #148] ; 0x94 + msirange = READ_BIT(RCC->CR, RCC_CR_MSIRANGE) >> RCC_CR_MSIRANGE_Pos; + 800878c: 6819 ldrmi r1, [r3, #0] + msirange = READ_BIT(RCC->CSR, RCC_CSR_MSISRANGE) >> RCC_CSR_MSISRANGE_Pos; + 800878e: f3c1 2103 ubfxpl r1, r1, #8, #4 + msirange = READ_BIT(RCC->CR, RCC_CR_MSIRANGE) >> RCC_CR_MSIRANGE_Pos; + 8008792: f3c1 1103 ubfxmi r1, r1, #4, #4 + msirange = MSIRangeTable[msirange]; + 8008796: f850 0021 ldr.w r0, [r0, r1, lsl #2] + if(sysclk_source == RCC_CFGR_SWS_MSI) + 800879a: b34a cbz r2, 80087f0 + if(sysclk_source == RCC_CFGR_SWS_PLL) + 800879c: 2a0c cmp r2, #12 + 800879e: d009 beq.n 80087b4 + 80087a0: 2000 movs r0, #0 + return sysclockfreq; + 80087a2: 4770 bx lr + else if(sysclk_source == RCC_CFGR_SWS_HSI) + 80087a4: 2a04 cmp r2, #4 + 80087a6: d022 beq.n 80087ee + else if(sysclk_source == RCC_CFGR_SWS_HSE) + 80087a8: 2a08 cmp r2, #8 + 80087aa: 4814 ldr r0, [pc, #80] ; (80087fc ) + 80087ac: bf18 it ne + 80087ae: 2000 movne r0, #0 + 80087b0: 4770 bx lr + uint32_t msirange = 0U, sysclockfreq = 0U; + 80087b2: 2000 movs r0, #0 + pllsource = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC); + 80087b4: 68da ldr r2, [r3, #12] + 80087b6: f002 0203 and.w r2, r2, #3 + switch (pllsource) + 80087ba: 2a02 cmp r2, #2 + 80087bc: d015 beq.n 80087ea + 80087be: 490f ldr r1, [pc, #60] ; (80087fc ) + 80087c0: 2a03 cmp r2, #3 + 80087c2: bf08 it eq + 80087c4: 4608 moveq r0, r1 + pllm = (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U ; + 80087c6: 68d9 ldr r1, [r3, #12] + pllvco = (pllvco * (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos)) / pllm; + 80087c8: 68da ldr r2, [r3, #12] + 80087ca: f3c2 2206 ubfx r2, r2, #8, #7 + 80087ce: 4342 muls r2, r0 + pllr = ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLR) >> RCC_PLLCFGR_PLLR_Pos) + 1U ) * 2U; + 80087d0: 68d8 ldr r0, [r3, #12] + 80087d2: f3c0 6041 ubfx r0, r0, #25, #2 + pllm = (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U ; + 80087d6: f3c1 1103 ubfx r1, r1, #4, #4 + pllr = ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLR) >> RCC_PLLCFGR_PLLR_Pos) + 1U ) * 2U; + 80087da: 3001 adds r0, #1 + pllm = (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U ; + 80087dc: 3101 adds r1, #1 + pllr = ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLR) >> RCC_PLLCFGR_PLLR_Pos) + 1U ) * 2U; + 80087de: 0040 lsls r0, r0, #1 + pllvco = (pllvco * (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos)) / pllm; + 80087e0: fbb2 f2f1 udiv r2, r2, r1 + sysclockfreq = pllvco / pllr; + 80087e4: fbb2 f0f0 udiv r0, r2, r0 + 80087e8: 4770 bx lr + pllvco = HSI_VALUE; + 80087ea: 4805 ldr r0, [pc, #20] ; (8008800 ) + 80087ec: e7eb b.n 80087c6 + sysclockfreq = HSI_VALUE; + 80087ee: 4804 ldr r0, [pc, #16] ; (8008800 ) +} + 80087f0: 4770 bx lr + 80087f2: bf00 nop + 80087f4: 40021000 .word 0x40021000 + 80087f8: 0800e968 .word 0x0800e968 + 80087fc: 007a1200 .word 0x007a1200 + 8008800: 00f42400 .word 0x00f42400 + +08008804 : +{ + 8008804: e92d 43f7 stmdb sp!, {r0, r1, r2, r4, r5, r6, r7, r8, r9, lr} + if(RCC_OscInitStruct == NULL) + 8008808: 4605 mov r5, r0 + 800880a: b908 cbnz r0, 8008810 + return HAL_ERROR; + 800880c: 2001 movs r0, #1 + 800880e: e047 b.n 80088a0 + sysclk_source = __HAL_RCC_GET_SYSCLK_SOURCE(); + 8008810: 4c94 ldr r4, [pc, #592] ; (8008a64 ) + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_MSI) == RCC_OSCILLATORTYPE_MSI) + 8008812: 6803 ldr r3, [r0, #0] + sysclk_source = __HAL_RCC_GET_SYSCLK_SOURCE(); + 8008814: 68a6 ldr r6, [r4, #8] + pll_config = __HAL_RCC_GET_PLL_OSCSOURCE(); + 8008816: 68e7 ldr r7, [r4, #12] + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_MSI) == RCC_OSCILLATORTYPE_MSI) + 8008818: 06db lsls r3, r3, #27 + sysclk_source = __HAL_RCC_GET_SYSCLK_SOURCE(); + 800881a: f006 060c and.w r6, r6, #12 + pll_config = __HAL_RCC_GET_PLL_OSCSOURCE(); + 800881e: f007 0703 and.w r7, r7, #3 + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_MSI) == RCC_OSCILLATORTYPE_MSI) + 8008822: d575 bpl.n 8008910 + if((sysclk_source == RCC_CFGR_SWS_MSI) || + 8008824: b11e cbz r6, 800882e + 8008826: 2e0c cmp r6, #12 + 8008828: d154 bne.n 80088d4 + ((sysclk_source == RCC_CFGR_SWS_PLL) && (pll_config == RCC_PLLSOURCE_MSI))) + 800882a: 2f01 cmp r7, #1 + 800882c: d152 bne.n 80088d4 + if((READ_BIT(RCC->CR, RCC_CR_MSIRDY) != 0U) && (RCC_OscInitStruct->MSIState == RCC_MSI_OFF)) + 800882e: 6823 ldr r3, [r4, #0] + 8008830: 0798 lsls r0, r3, #30 + 8008832: d502 bpl.n 800883a + 8008834: 69ab ldr r3, [r5, #24] + 8008836: 2b00 cmp r3, #0 + 8008838: d0e8 beq.n 800880c + if(RCC_OscInitStruct->MSIClockRange > __HAL_RCC_GET_MSI_RANGE()) + 800883a: 6823 ldr r3, [r4, #0] + 800883c: 6a28 ldr r0, [r5, #32] + 800883e: 0719 lsls r1, r3, #28 + 8008840: bf56 itet pl + 8008842: f8d4 3094 ldrpl.w r3, [r4, #148] ; 0x94 + 8008846: 6823 ldrmi r3, [r4, #0] + 8008848: 091b lsrpl r3, r3, #4 + 800884a: f003 03f0 and.w r3, r3, #240 ; 0xf0 + 800884e: 4298 cmp r0, r3 + 8008850: d929 bls.n 80088a6 + if(RCC_SetFlashLatencyFromMSIRange(RCC_OscInitStruct->MSIClockRange) != HAL_OK) + 8008852: f7ff feb3 bl 80085bc + 8008856: 2800 cmp r0, #0 + 8008858: d1d8 bne.n 800880c + __HAL_RCC_MSI_RANGE_CONFIG(RCC_OscInitStruct->MSIClockRange); + 800885a: 6823 ldr r3, [r4, #0] + 800885c: f043 0308 orr.w r3, r3, #8 + 8008860: 6023 str r3, [r4, #0] + 8008862: 6823 ldr r3, [r4, #0] + 8008864: 6a2a ldr r2, [r5, #32] + 8008866: f023 03f0 bic.w r3, r3, #240 ; 0xf0 + 800886a: 4313 orrs r3, r2 + 800886c: 6023 str r3, [r4, #0] + __HAL_RCC_MSI_CALIBRATIONVALUE_ADJUST(RCC_OscInitStruct->MSICalibrationValue); + 800886e: 6863 ldr r3, [r4, #4] + 8008870: 69ea ldr r2, [r5, #28] + 8008872: f423 437f bic.w r3, r3, #65280 ; 0xff00 + 8008876: ea43 2302 orr.w r3, r3, r2, lsl #8 + 800887a: 6063 str r3, [r4, #4] + SystemCoreClock = HAL_RCC_GetSysClockFreq() >> (AHBPrescTable[READ_BIT(RCC->CFGR, RCC_CFGR_HPRE) >> RCC_CFGR_HPRE_Pos] & 0x1FU); + 800887c: f7ff ff74 bl 8008768 + 8008880: 68a3 ldr r3, [r4, #8] + 8008882: 4a79 ldr r2, [pc, #484] ; (8008a68 ) + 8008884: f3c3 1303 ubfx r3, r3, #4, #4 + 8008888: 5cd3 ldrb r3, [r2, r3] + 800888a: f003 031f and.w r3, r3, #31 + 800888e: 40d8 lsrs r0, r3 + 8008890: 4b76 ldr r3, [pc, #472] ; (8008a6c ) + 8008892: 6018 str r0, [r3, #0] + status = HAL_InitTick(uwTickPrio); + 8008894: 4b76 ldr r3, [pc, #472] ; (8008a70 ) + 8008896: 6818 ldr r0, [r3, #0] + 8008898: f7fe fc14 bl 80070c4 + if(status != HAL_OK) + 800889c: 2800 cmp r0, #0 + 800889e: d037 beq.n 8008910 +} + 80088a0: b003 add sp, #12 + 80088a2: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + __HAL_RCC_MSI_RANGE_CONFIG(RCC_OscInitStruct->MSIClockRange); + 80088a6: 6823 ldr r3, [r4, #0] + 80088a8: f043 0308 orr.w r3, r3, #8 + 80088ac: 6023 str r3, [r4, #0] + 80088ae: 6823 ldr r3, [r4, #0] + 80088b0: f023 03f0 bic.w r3, r3, #240 ; 0xf0 + 80088b4: 4303 orrs r3, r0 + 80088b6: 6023 str r3, [r4, #0] + __HAL_RCC_MSI_CALIBRATIONVALUE_ADJUST(RCC_OscInitStruct->MSICalibrationValue); + 80088b8: 6863 ldr r3, [r4, #4] + 80088ba: 69ea ldr r2, [r5, #28] + 80088bc: f423 437f bic.w r3, r3, #65280 ; 0xff00 + 80088c0: ea43 2302 orr.w r3, r3, r2, lsl #8 + 80088c4: 6063 str r3, [r4, #4] + if(sysclk_source == RCC_CFGR_SWS_MSI) + 80088c6: 2e00 cmp r6, #0 + 80088c8: d1d8 bne.n 800887c + if(RCC_SetFlashLatencyFromMSIRange(RCC_OscInitStruct->MSIClockRange) != HAL_OK) + 80088ca: f7ff fe77 bl 80085bc + 80088ce: 2800 cmp r0, #0 + 80088d0: d0d4 beq.n 800887c + 80088d2: e79b b.n 800880c + if(RCC_OscInitStruct->MSIState != RCC_MSI_OFF) + 80088d4: 69ab ldr r3, [r5, #24] + 80088d6: 2b00 cmp r3, #0 + 80088d8: d03a beq.n 8008950 + __HAL_RCC_MSI_ENABLE(); + 80088da: 6823 ldr r3, [r4, #0] + 80088dc: f043 0301 orr.w r3, r3, #1 + 80088e0: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 80088e2: f7fe fbed bl 80070c0 + 80088e6: 4680 mov r8, r0 + while(READ_BIT(RCC->CR, RCC_CR_MSIRDY) == 0U) + 80088e8: 6823 ldr r3, [r4, #0] + 80088ea: 079a lsls r2, r3, #30 + 80088ec: d528 bpl.n 8008940 + __HAL_RCC_MSI_RANGE_CONFIG(RCC_OscInitStruct->MSIClockRange); + 80088ee: 6823 ldr r3, [r4, #0] + 80088f0: f043 0308 orr.w r3, r3, #8 + 80088f4: 6023 str r3, [r4, #0] + 80088f6: 6823 ldr r3, [r4, #0] + 80088f8: 6a2a ldr r2, [r5, #32] + 80088fa: f023 03f0 bic.w r3, r3, #240 ; 0xf0 + 80088fe: 4313 orrs r3, r2 + 8008900: 6023 str r3, [r4, #0] + __HAL_RCC_MSI_CALIBRATIONVALUE_ADJUST(RCC_OscInitStruct->MSICalibrationValue); + 8008902: 6863 ldr r3, [r4, #4] + 8008904: 69ea ldr r2, [r5, #28] + 8008906: f423 437f bic.w r3, r3, #65280 ; 0xff00 + 800890a: ea43 2302 orr.w r3, r3, r2, lsl #8 + 800890e: 6063 str r3, [r4, #4] + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_HSE) == RCC_OSCILLATORTYPE_HSE) + 8008910: 682b ldr r3, [r5, #0] + 8008912: 07d8 lsls r0, r3, #31 + 8008914: d42d bmi.n 8008972 + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_HSI) == RCC_OSCILLATORTYPE_HSI) + 8008916: 682b ldr r3, [r5, #0] + 8008918: 0799 lsls r1, r3, #30 + 800891a: d46b bmi.n 80089f4 + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_LSI) == RCC_OSCILLATORTYPE_LSI) + 800891c: 682b ldr r3, [r5, #0] + 800891e: 0718 lsls r0, r3, #28 + 8008920: f100 80a8 bmi.w 8008a74 + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_LSE) == RCC_OSCILLATORTYPE_LSE) + 8008924: 682b ldr r3, [r5, #0] + 8008926: 0759 lsls r1, r3, #29 + 8008928: f100 80ce bmi.w 8008ac8 + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_HSI48) == RCC_OSCILLATORTYPE_HSI48) + 800892c: 682b ldr r3, [r5, #0] + 800892e: 069f lsls r7, r3, #26 + 8008930: f100 8137 bmi.w 8008ba2 + if(RCC_OscInitStruct->PLL.PLLState != RCC_PLL_NONE) + 8008934: 6aab ldr r3, [r5, #40] ; 0x28 + 8008936: 2b00 cmp r3, #0 + 8008938: f040 815d bne.w 8008bf6 + return HAL_OK; + 800893c: 2000 movs r0, #0 + 800893e: e7af b.n 80088a0 + if((HAL_GetTick() - tickstart) > MSI_TIMEOUT_VALUE) + 8008940: f7fe fbbe bl 80070c0 + 8008944: eba0 0008 sub.w r0, r0, r8 + 8008948: 2802 cmp r0, #2 + 800894a: d9cd bls.n 80088e8 + return HAL_TIMEOUT; + 800894c: 2003 movs r0, #3 + 800894e: e7a7 b.n 80088a0 + __HAL_RCC_MSI_DISABLE(); + 8008950: 6823 ldr r3, [r4, #0] + 8008952: f023 0301 bic.w r3, r3, #1 + 8008956: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8008958: f7fe fbb2 bl 80070c0 + 800895c: 4680 mov r8, r0 + while(READ_BIT(RCC->CR, RCC_CR_MSIRDY) != 0U) + 800895e: 6823 ldr r3, [r4, #0] + 8008960: 079b lsls r3, r3, #30 + 8008962: d5d5 bpl.n 8008910 + if((HAL_GetTick() - tickstart) > MSI_TIMEOUT_VALUE) + 8008964: f7fe fbac bl 80070c0 + 8008968: eba0 0008 sub.w r0, r0, r8 + 800896c: 2802 cmp r0, #2 + 800896e: d9f6 bls.n 800895e + 8008970: e7ec b.n 800894c + if((sysclk_source == RCC_CFGR_SWS_HSE) || + 8008972: 2e08 cmp r6, #8 + 8008974: d003 beq.n 800897e + 8008976: 2e0c cmp r6, #12 + 8008978: d108 bne.n 800898c + ((sysclk_source == RCC_CFGR_SWS_PLL) && (pll_config == RCC_PLLSOURCE_HSE))) + 800897a: 2f03 cmp r7, #3 + 800897c: d106 bne.n 800898c + if((READ_BIT(RCC->CR, RCC_CR_HSERDY) != 0U) && (RCC_OscInitStruct->HSEState == RCC_HSE_OFF)) + 800897e: 6823 ldr r3, [r4, #0] + 8008980: 039a lsls r2, r3, #14 + 8008982: d5c8 bpl.n 8008916 + 8008984: 686b ldr r3, [r5, #4] + 8008986: 2b00 cmp r3, #0 + 8008988: d1c5 bne.n 8008916 + 800898a: e73f b.n 800880c + __HAL_RCC_HSE_CONFIG(RCC_OscInitStruct->HSEState); + 800898c: 686b ldr r3, [r5, #4] + 800898e: f5b3 3f80 cmp.w r3, #65536 ; 0x10000 + 8008992: d110 bne.n 80089b6 + 8008994: 6823 ldr r3, [r4, #0] + 8008996: f443 3380 orr.w r3, r3, #65536 ; 0x10000 + 800899a: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 800899c: f7fe fb90 bl 80070c0 + 80089a0: 4680 mov r8, r0 + while(READ_BIT(RCC->CR, RCC_CR_HSERDY) == 0U) + 80089a2: 6823 ldr r3, [r4, #0] + 80089a4: 039b lsls r3, r3, #14 + 80089a6: d4b6 bmi.n 8008916 + if((HAL_GetTick() - tickstart) > HSE_TIMEOUT_VALUE) + 80089a8: f7fe fb8a bl 80070c0 + 80089ac: eba0 0008 sub.w r0, r0, r8 + 80089b0: 2864 cmp r0, #100 ; 0x64 + 80089b2: d9f6 bls.n 80089a2 + 80089b4: e7ca b.n 800894c + __HAL_RCC_HSE_CONFIG(RCC_OscInitStruct->HSEState); + 80089b6: f5b3 2fa0 cmp.w r3, #327680 ; 0x50000 + 80089ba: d104 bne.n 80089c6 + 80089bc: 6823 ldr r3, [r4, #0] + 80089be: f443 2380 orr.w r3, r3, #262144 ; 0x40000 + 80089c2: 6023 str r3, [r4, #0] + 80089c4: e7e6 b.n 8008994 + 80089c6: 6822 ldr r2, [r4, #0] + 80089c8: f422 3280 bic.w r2, r2, #65536 ; 0x10000 + 80089cc: 6022 str r2, [r4, #0] + 80089ce: 6822 ldr r2, [r4, #0] + 80089d0: f422 2280 bic.w r2, r2, #262144 ; 0x40000 + 80089d4: 6022 str r2, [r4, #0] + if(RCC_OscInitStruct->HSEState != RCC_HSE_OFF) + 80089d6: 2b00 cmp r3, #0 + 80089d8: d1e0 bne.n 800899c + tickstart = HAL_GetTick(); + 80089da: f7fe fb71 bl 80070c0 + 80089de: 4680 mov r8, r0 + while(READ_BIT(RCC->CR, RCC_CR_HSERDY) != 0U) + 80089e0: 6823 ldr r3, [r4, #0] + 80089e2: 0398 lsls r0, r3, #14 + 80089e4: d597 bpl.n 8008916 + if((HAL_GetTick() - tickstart) > HSE_TIMEOUT_VALUE) + 80089e6: f7fe fb6b bl 80070c0 + 80089ea: eba0 0008 sub.w r0, r0, r8 + 80089ee: 2864 cmp r0, #100 ; 0x64 + 80089f0: d9f6 bls.n 80089e0 + 80089f2: e7ab b.n 800894c + if((sysclk_source == RCC_CFGR_SWS_HSI) || + 80089f4: 2e04 cmp r6, #4 + 80089f6: d003 beq.n 8008a00 + 80089f8: 2e0c cmp r6, #12 + 80089fa: d110 bne.n 8008a1e + ((sysclk_source == RCC_CFGR_SWS_PLL) && (pll_config == RCC_PLLSOURCE_HSI))) + 80089fc: 2f02 cmp r7, #2 + 80089fe: d10e bne.n 8008a1e + if((READ_BIT(RCC->CR, RCC_CR_HSIRDY) != 0U) && (RCC_OscInitStruct->HSIState == RCC_HSI_OFF)) + 8008a00: 6823 ldr r3, [r4, #0] + 8008a02: 0559 lsls r1, r3, #21 + 8008a04: d503 bpl.n 8008a0e + 8008a06: 68eb ldr r3, [r5, #12] + 8008a08: 2b00 cmp r3, #0 + 8008a0a: f43f aeff beq.w 800880c + __HAL_RCC_HSI_CALIBRATIONVALUE_ADJUST(RCC_OscInitStruct->HSICalibrationValue); + 8008a0e: 6863 ldr r3, [r4, #4] + 8008a10: 692a ldr r2, [r5, #16] + 8008a12: f023 43fe bic.w r3, r3, #2130706432 ; 0x7f000000 + 8008a16: ea43 6302 orr.w r3, r3, r2, lsl #24 + 8008a1a: 6063 str r3, [r4, #4] + 8008a1c: e77e b.n 800891c + if(RCC_OscInitStruct->HSIState != RCC_HSI_OFF) + 8008a1e: 68eb ldr r3, [r5, #12] + 8008a20: b17b cbz r3, 8008a42 + __HAL_RCC_HSI_ENABLE(); + 8008a22: 6823 ldr r3, [r4, #0] + 8008a24: f443 7380 orr.w r3, r3, #256 ; 0x100 + 8008a28: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8008a2a: f7fe fb49 bl 80070c0 + 8008a2e: 4607 mov r7, r0 + while(READ_BIT(RCC->CR, RCC_CR_HSIRDY) == 0U) + 8008a30: 6823 ldr r3, [r4, #0] + 8008a32: 055a lsls r2, r3, #21 + 8008a34: d4eb bmi.n 8008a0e + if((HAL_GetTick() - tickstart) > HSI_TIMEOUT_VALUE) + 8008a36: f7fe fb43 bl 80070c0 + 8008a3a: 1bc0 subs r0, r0, r7 + 8008a3c: 2802 cmp r0, #2 + 8008a3e: d9f7 bls.n 8008a30 + 8008a40: e784 b.n 800894c + __HAL_RCC_HSI_DISABLE(); + 8008a42: 6823 ldr r3, [r4, #0] + 8008a44: f423 7380 bic.w r3, r3, #256 ; 0x100 + 8008a48: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8008a4a: f7fe fb39 bl 80070c0 + 8008a4e: 4607 mov r7, r0 + while(READ_BIT(RCC->CR, RCC_CR_HSIRDY) != 0U) + 8008a50: 6823 ldr r3, [r4, #0] + 8008a52: 055b lsls r3, r3, #21 + 8008a54: f57f af62 bpl.w 800891c + if((HAL_GetTick() - tickstart) > HSI_TIMEOUT_VALUE) + 8008a58: f7fe fb32 bl 80070c0 + 8008a5c: 1bc0 subs r0, r0, r7 + 8008a5e: 2802 cmp r0, #2 + 8008a60: d9f6 bls.n 8008a50 + 8008a62: e773 b.n 800894c + 8008a64: 40021000 .word 0x40021000 + 8008a68: 0800e950 .word 0x0800e950 + 8008a6c: 2009e2a8 .word 0x2009e2a8 + 8008a70: 2009e2ac .word 0x2009e2ac + if(RCC_OscInitStruct->LSIState != RCC_LSI_OFF) + 8008a74: 696b ldr r3, [r5, #20] + 8008a76: b19b cbz r3, 8008aa0 + __HAL_RCC_LSI_ENABLE(); + 8008a78: f8d4 3094 ldr.w r3, [r4, #148] ; 0x94 + 8008a7c: f043 0301 orr.w r3, r3, #1 + 8008a80: f8c4 3094 str.w r3, [r4, #148] ; 0x94 + tickstart = HAL_GetTick(); + 8008a84: f7fe fb1c bl 80070c0 + 8008a88: 4607 mov r7, r0 + while(READ_BIT(RCC->CSR, RCC_CSR_LSIRDY) == 0U) + 8008a8a: f8d4 3094 ldr.w r3, [r4, #148] ; 0x94 + 8008a8e: 079a lsls r2, r3, #30 + 8008a90: f53f af48 bmi.w 8008924 + if((HAL_GetTick() - tickstart) > LSI_TIMEOUT_VALUE) + 8008a94: f7fe fb14 bl 80070c0 + 8008a98: 1bc0 subs r0, r0, r7 + 8008a9a: 2802 cmp r0, #2 + 8008a9c: d9f5 bls.n 8008a8a + 8008a9e: e755 b.n 800894c + __HAL_RCC_LSI_DISABLE(); + 8008aa0: f8d4 3094 ldr.w r3, [r4, #148] ; 0x94 + 8008aa4: f023 0301 bic.w r3, r3, #1 + 8008aa8: f8c4 3094 str.w r3, [r4, #148] ; 0x94 + tickstart = HAL_GetTick(); + 8008aac: f7fe fb08 bl 80070c0 + 8008ab0: 4607 mov r7, r0 + while(READ_BIT(RCC->CSR, RCC_CSR_LSIRDY) != 0U) + 8008ab2: f8d4 3094 ldr.w r3, [r4, #148] ; 0x94 + 8008ab6: 079b lsls r3, r3, #30 + 8008ab8: f57f af34 bpl.w 8008924 + if((HAL_GetTick() - tickstart) > LSI_TIMEOUT_VALUE) + 8008abc: f7fe fb00 bl 80070c0 + 8008ac0: 1bc0 subs r0, r0, r7 + 8008ac2: 2802 cmp r0, #2 + 8008ac4: d9f5 bls.n 8008ab2 + 8008ac6: e741 b.n 800894c + if(HAL_IS_BIT_CLR(RCC->APB1ENR1, RCC_APB1ENR1_PWREN)) + 8008ac8: 6da3 ldr r3, [r4, #88] ; 0x58 + 8008aca: 00df lsls r7, r3, #3 + 8008acc: d429 bmi.n 8008b22 + __HAL_RCC_PWR_CLK_ENABLE(); + 8008ace: 6da3 ldr r3, [r4, #88] ; 0x58 + 8008ad0: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + 8008ad4: 65a3 str r3, [r4, #88] ; 0x58 + 8008ad6: 6da3 ldr r3, [r4, #88] ; 0x58 + 8008ad8: f003 5380 and.w r3, r3, #268435456 ; 0x10000000 + 8008adc: 9301 str r3, [sp, #4] + 8008ade: 9b01 ldr r3, [sp, #4] + pwrclkchanged = SET; + 8008ae0: f04f 0801 mov.w r8, #1 + if(HAL_IS_BIT_CLR(PWR->CR1, PWR_CR1_DBP)) + 8008ae4: 4f9c ldr r7, [pc, #624] ; (8008d58 ) + 8008ae6: 683b ldr r3, [r7, #0] + 8008ae8: 05d8 lsls r0, r3, #23 + 8008aea: d51d bpl.n 8008b28 + __HAL_RCC_LSE_CONFIG(RCC_OscInitStruct->LSEState); + 8008aec: 68ab ldr r3, [r5, #8] + 8008aee: 2b01 cmp r3, #1 + 8008af0: d12b bne.n 8008b4a + 8008af2: f8d4 3090 ldr.w r3, [r4, #144] ; 0x90 + 8008af6: f043 0301 orr.w r3, r3, #1 + 8008afa: f8c4 3090 str.w r3, [r4, #144] ; 0x90 + tickstart = HAL_GetTick(); + 8008afe: f7fe fadf bl 80070c0 + if((HAL_GetTick() - tickstart) > RCC_LSE_TIMEOUT_VALUE) + 8008b02: f241 3988 movw r9, #5000 ; 0x1388 + tickstart = HAL_GetTick(); + 8008b06: 4607 mov r7, r0 + while(READ_BIT(RCC->BDCR, RCC_BDCR_LSERDY) == 0U) + 8008b08: f8d4 3090 ldr.w r3, [r4, #144] ; 0x90 + 8008b0c: 079a lsls r2, r3, #30 + 8008b0e: d542 bpl.n 8008b96 + if(pwrclkchanged == SET) + 8008b10: f1b8 0f00 cmp.w r8, #0 + 8008b14: f43f af0a beq.w 800892c + __HAL_RCC_PWR_CLK_DISABLE(); + 8008b18: 6da3 ldr r3, [r4, #88] ; 0x58 + 8008b1a: f023 5380 bic.w r3, r3, #268435456 ; 0x10000000 + 8008b1e: 65a3 str r3, [r4, #88] ; 0x58 + 8008b20: e704 b.n 800892c + FlagStatus pwrclkchanged = RESET; + 8008b22: f04f 0800 mov.w r8, #0 + 8008b26: e7dd b.n 8008ae4 + SET_BIT(PWR->CR1, PWR_CR1_DBP); + 8008b28: 683b ldr r3, [r7, #0] + 8008b2a: f443 7380 orr.w r3, r3, #256 ; 0x100 + 8008b2e: 603b str r3, [r7, #0] + tickstart = HAL_GetTick(); + 8008b30: f7fe fac6 bl 80070c0 + 8008b34: 4681 mov r9, r0 + while(HAL_IS_BIT_CLR(PWR->CR1, PWR_CR1_DBP)) + 8008b36: 683b ldr r3, [r7, #0] + 8008b38: 05d9 lsls r1, r3, #23 + 8008b3a: d4d7 bmi.n 8008aec + if((HAL_GetTick() - tickstart) > RCC_DBP_TIMEOUT_VALUE) + 8008b3c: f7fe fac0 bl 80070c0 + 8008b40: eba0 0009 sub.w r0, r0, r9 + 8008b44: 2802 cmp r0, #2 + 8008b46: d9f6 bls.n 8008b36 + 8008b48: e700 b.n 800894c + __HAL_RCC_LSE_CONFIG(RCC_OscInitStruct->LSEState); + 8008b4a: 2b05 cmp r3, #5 + 8008b4c: d106 bne.n 8008b5c + 8008b4e: f8d4 3090 ldr.w r3, [r4, #144] ; 0x90 + 8008b52: f043 0304 orr.w r3, r3, #4 + 8008b56: f8c4 3090 str.w r3, [r4, #144] ; 0x90 + 8008b5a: e7ca b.n 8008af2 + 8008b5c: f8d4 2090 ldr.w r2, [r4, #144] ; 0x90 + 8008b60: f022 0201 bic.w r2, r2, #1 + 8008b64: f8c4 2090 str.w r2, [r4, #144] ; 0x90 + 8008b68: f8d4 2090 ldr.w r2, [r4, #144] ; 0x90 + 8008b6c: f022 0204 bic.w r2, r2, #4 + 8008b70: f8c4 2090 str.w r2, [r4, #144] ; 0x90 + if(RCC_OscInitStruct->LSEState != RCC_LSE_OFF) + 8008b74: 2b00 cmp r3, #0 + 8008b76: d1c2 bne.n 8008afe + tickstart = HAL_GetTick(); + 8008b78: f7fe faa2 bl 80070c0 + if((HAL_GetTick() - tickstart) > RCC_LSE_TIMEOUT_VALUE) + 8008b7c: f241 3988 movw r9, #5000 ; 0x1388 + tickstart = HAL_GetTick(); + 8008b80: 4607 mov r7, r0 + while(READ_BIT(RCC->BDCR, RCC_BDCR_LSERDY) != 0U) + 8008b82: f8d4 3090 ldr.w r3, [r4, #144] ; 0x90 + 8008b86: 079b lsls r3, r3, #30 + 8008b88: d5c2 bpl.n 8008b10 + if((HAL_GetTick() - tickstart) > RCC_LSE_TIMEOUT_VALUE) + 8008b8a: f7fe fa99 bl 80070c0 + 8008b8e: 1bc0 subs r0, r0, r7 + 8008b90: 4548 cmp r0, r9 + 8008b92: d9f6 bls.n 8008b82 + 8008b94: e6da b.n 800894c + if((HAL_GetTick() - tickstart) > RCC_LSE_TIMEOUT_VALUE) + 8008b96: f7fe fa93 bl 80070c0 + 8008b9a: 1bc0 subs r0, r0, r7 + 8008b9c: 4548 cmp r0, r9 + 8008b9e: d9b3 bls.n 8008b08 + 8008ba0: e6d4 b.n 800894c + if(RCC_OscInitStruct->HSI48State != RCC_HSI48_OFF) + 8008ba2: 6a6b ldr r3, [r5, #36] ; 0x24 + 8008ba4: b19b cbz r3, 8008bce + __HAL_RCC_HSI48_ENABLE(); + 8008ba6: f8d4 3098 ldr.w r3, [r4, #152] ; 0x98 + 8008baa: f043 0301 orr.w r3, r3, #1 + 8008bae: f8c4 3098 str.w r3, [r4, #152] ; 0x98 + tickstart = HAL_GetTick(); + 8008bb2: f7fe fa85 bl 80070c0 + 8008bb6: 4607 mov r7, r0 + while(READ_BIT(RCC->CRRCR, RCC_CRRCR_HSI48RDY) == 0U) + 8008bb8: f8d4 3098 ldr.w r3, [r4, #152] ; 0x98 + 8008bbc: 0798 lsls r0, r3, #30 + 8008bbe: f53f aeb9 bmi.w 8008934 + if((HAL_GetTick() - tickstart) > HSI48_TIMEOUT_VALUE) + 8008bc2: f7fe fa7d bl 80070c0 + 8008bc6: 1bc0 subs r0, r0, r7 + 8008bc8: 2802 cmp r0, #2 + 8008bca: d9f5 bls.n 8008bb8 + 8008bcc: e6be b.n 800894c + __HAL_RCC_HSI48_DISABLE(); + 8008bce: f8d4 3098 ldr.w r3, [r4, #152] ; 0x98 + 8008bd2: f023 0301 bic.w r3, r3, #1 + 8008bd6: f8c4 3098 str.w r3, [r4, #152] ; 0x98 + tickstart = HAL_GetTick(); + 8008bda: f7fe fa71 bl 80070c0 + 8008bde: 4607 mov r7, r0 + while(READ_BIT(RCC->CRRCR, RCC_CRRCR_HSI48RDY) != 0U) + 8008be0: f8d4 3098 ldr.w r3, [r4, #152] ; 0x98 + 8008be4: 0799 lsls r1, r3, #30 + 8008be6: f57f aea5 bpl.w 8008934 + if((HAL_GetTick() - tickstart) > HSI48_TIMEOUT_VALUE) + 8008bea: f7fe fa69 bl 80070c0 + 8008bee: 1bc0 subs r0, r0, r7 + 8008bf0: 2802 cmp r0, #2 + 8008bf2: d9f5 bls.n 8008be0 + 8008bf4: e6aa b.n 800894c + if(RCC_OscInitStruct->PLL.PLLState == RCC_PLL_ON) + 8008bf6: 2b02 cmp r3, #2 + 8008bf8: f040 808c bne.w 8008d14 + pll_config = RCC->PLLCFGR; + 8008bfc: 68e3 ldr r3, [r4, #12] + if((READ_BIT(pll_config, RCC_PLLCFGR_PLLSRC) != RCC_OscInitStruct->PLL.PLLSource) || + 8008bfe: 6aea ldr r2, [r5, #44] ; 0x2c + 8008c00: f003 0103 and.w r1, r3, #3 + 8008c04: 4291 cmp r1, r2 + 8008c06: d122 bne.n 8008c4e + (READ_BIT(pll_config, RCC_PLLCFGR_PLLM) != ((RCC_OscInitStruct->PLL.PLLM - 1U) << RCC_PLLCFGR_PLLM_Pos)) || + 8008c08: 6b29 ldr r1, [r5, #48] ; 0x30 + 8008c0a: f003 02f0 and.w r2, r3, #240 ; 0xf0 + 8008c0e: 3901 subs r1, #1 + if((READ_BIT(pll_config, RCC_PLLCFGR_PLLSRC) != RCC_OscInitStruct->PLL.PLLSource) || + 8008c10: ebb2 1f01 cmp.w r2, r1, lsl #4 + 8008c14: d11b bne.n 8008c4e + (READ_BIT(pll_config, RCC_PLLCFGR_PLLN) != (RCC_OscInitStruct->PLL.PLLN << RCC_PLLCFGR_PLLN_Pos)) || + 8008c16: 6b69 ldr r1, [r5, #52] ; 0x34 + 8008c18: f403 42fe and.w r2, r3, #32512 ; 0x7f00 + (READ_BIT(pll_config, RCC_PLLCFGR_PLLM) != ((RCC_OscInitStruct->PLL.PLLM - 1U) << RCC_PLLCFGR_PLLM_Pos)) || + 8008c1c: ebb2 2f01 cmp.w r2, r1, lsl #8 + 8008c20: d115 bne.n 8008c4e + (READ_BIT(pll_config, RCC_PLLCFGR_PLLPDIV) != (RCC_OscInitStruct->PLL.PLLP << RCC_PLLCFGR_PLLPDIV_Pos)) || + 8008c22: 6ba9 ldr r1, [r5, #56] ; 0x38 + 8008c24: f003 4278 and.w r2, r3, #4160749568 ; 0xf8000000 + (READ_BIT(pll_config, RCC_PLLCFGR_PLLN) != (RCC_OscInitStruct->PLL.PLLN << RCC_PLLCFGR_PLLN_Pos)) || + 8008c28: ebb2 6fc1 cmp.w r2, r1, lsl #27 + 8008c2c: d10f bne.n 8008c4e + (READ_BIT(pll_config, RCC_PLLCFGR_PLLQ) != ((((RCC_OscInitStruct->PLL.PLLQ) >> 1U) - 1U) << RCC_PLLCFGR_PLLQ_Pos)) || + 8008c2e: 6bea ldr r2, [r5, #60] ; 0x3c + 8008c30: 0852 lsrs r2, r2, #1 + 8008c32: f403 01c0 and.w r1, r3, #6291456 ; 0x600000 + 8008c36: 3a01 subs r2, #1 + (READ_BIT(pll_config, RCC_PLLCFGR_PLLPDIV) != (RCC_OscInitStruct->PLL.PLLP << RCC_PLLCFGR_PLLPDIV_Pos)) || + 8008c38: ebb1 5f42 cmp.w r1, r2, lsl #21 + 8008c3c: d107 bne.n 8008c4e + (READ_BIT(pll_config, RCC_PLLCFGR_PLLR) != ((((RCC_OscInitStruct->PLL.PLLR) >> 1U) - 1U) << RCC_PLLCFGR_PLLR_Pos))) + 8008c3e: 6c2a ldr r2, [r5, #64] ; 0x40 + 8008c40: 0852 lsrs r2, r2, #1 + 8008c42: f003 63c0 and.w r3, r3, #100663296 ; 0x6000000 + 8008c46: 3a01 subs r2, #1 + (READ_BIT(pll_config, RCC_PLLCFGR_PLLQ) != ((((RCC_OscInitStruct->PLL.PLLQ) >> 1U) - 1U) << RCC_PLLCFGR_PLLQ_Pos)) || + 8008c48: ebb3 6f42 cmp.w r3, r2, lsl #25 + 8008c4c: d049 beq.n 8008ce2 + if(sysclk_source != RCC_CFGR_SWS_PLL) + 8008c4e: 2e0c cmp r6, #12 + 8008c50: f43f addc beq.w 800880c + if((READ_BIT(RCC->CR, RCC_CR_PLLSAI1ON) != 0U) + 8008c54: 6823 ldr r3, [r4, #0] + 8008c56: 015a lsls r2, r3, #5 + 8008c58: f53f add8 bmi.w 800880c + || (READ_BIT(RCC->CR, RCC_CR_PLLSAI2ON) != 0U) + 8008c5c: 6823 ldr r3, [r4, #0] + 8008c5e: 00db lsls r3, r3, #3 + 8008c60: f53f add4 bmi.w 800880c + __HAL_RCC_PLL_DISABLE(); + 8008c64: 6823 ldr r3, [r4, #0] + 8008c66: f023 7380 bic.w r3, r3, #16777216 ; 0x1000000 + 8008c6a: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8008c6c: f7fe fa28 bl 80070c0 + 8008c70: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLRDY) != 0U) + 8008c72: 6823 ldr r3, [r4, #0] + 8008c74: 019f lsls r7, r3, #6 + 8008c76: d42e bmi.n 8008cd6 + __HAL_RCC_PLL_CONFIG(RCC_OscInitStruct->PLL.PLLSource, + 8008c78: 68e2 ldr r2, [r4, #12] + 8008c7a: 4b38 ldr r3, [pc, #224] ; (8008d5c ) + 8008c7c: 4013 ands r3, r2 + 8008c7e: 6aea ldr r2, [r5, #44] ; 0x2c + 8008c80: 4313 orrs r3, r2 + 8008c82: 6b6a ldr r2, [r5, #52] ; 0x34 + 8008c84: ea43 2302 orr.w r3, r3, r2, lsl #8 + 8008c88: 6baa ldr r2, [r5, #56] ; 0x38 + 8008c8a: ea43 63c2 orr.w r3, r3, r2, lsl #27 + 8008c8e: 6b2a ldr r2, [r5, #48] ; 0x30 + 8008c90: 3a01 subs r2, #1 + 8008c92: ea43 1302 orr.w r3, r3, r2, lsl #4 + 8008c96: 6bea ldr r2, [r5, #60] ; 0x3c + 8008c98: 0852 lsrs r2, r2, #1 + 8008c9a: 3a01 subs r2, #1 + 8008c9c: ea43 5342 orr.w r3, r3, r2, lsl #21 + 8008ca0: 6c2a ldr r2, [r5, #64] ; 0x40 + 8008ca2: 0852 lsrs r2, r2, #1 + 8008ca4: 3a01 subs r2, #1 + 8008ca6: ea43 6342 orr.w r3, r3, r2, lsl #25 + 8008caa: 60e3 str r3, [r4, #12] + __HAL_RCC_PLL_ENABLE(); + 8008cac: 6823 ldr r3, [r4, #0] + 8008cae: f043 7380 orr.w r3, r3, #16777216 ; 0x1000000 + 8008cb2: 6023 str r3, [r4, #0] + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_SYSCLK); + 8008cb4: 68e3 ldr r3, [r4, #12] + 8008cb6: f043 7380 orr.w r3, r3, #16777216 ; 0x1000000 + 8008cba: 60e3 str r3, [r4, #12] + tickstart = HAL_GetTick(); + 8008cbc: f7fe fa00 bl 80070c0 + 8008cc0: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLRDY) == 0U) + 8008cc2: 6823 ldr r3, [r4, #0] + 8008cc4: 0198 lsls r0, r3, #6 + 8008cc6: f53f ae39 bmi.w 800893c + if((HAL_GetTick() - tickstart) > PLL_TIMEOUT_VALUE) + 8008cca: f7fe f9f9 bl 80070c0 + 8008cce: 1b40 subs r0, r0, r5 + 8008cd0: 2802 cmp r0, #2 + 8008cd2: d9f6 bls.n 8008cc2 + 8008cd4: e63a b.n 800894c + if((HAL_GetTick() - tickstart) > PLL_TIMEOUT_VALUE) + 8008cd6: f7fe f9f3 bl 80070c0 + 8008cda: 1b80 subs r0, r0, r6 + 8008cdc: 2802 cmp r0, #2 + 8008cde: d9c8 bls.n 8008c72 + 8008ce0: e634 b.n 800894c + if(READ_BIT(RCC->CR, RCC_CR_PLLRDY) == 0U) + 8008ce2: 6823 ldr r3, [r4, #0] + 8008ce4: 0199 lsls r1, r3, #6 + 8008ce6: f53f ae29 bmi.w 800893c + __HAL_RCC_PLL_ENABLE(); + 8008cea: 6823 ldr r3, [r4, #0] + 8008cec: f043 7380 orr.w r3, r3, #16777216 ; 0x1000000 + 8008cf0: 6023 str r3, [r4, #0] + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_SYSCLK); + 8008cf2: 68e3 ldr r3, [r4, #12] + 8008cf4: f043 7380 orr.w r3, r3, #16777216 ; 0x1000000 + 8008cf8: 60e3 str r3, [r4, #12] + tickstart = HAL_GetTick(); + 8008cfa: f7fe f9e1 bl 80070c0 + 8008cfe: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLRDY) == 0U) + 8008d00: 6823 ldr r3, [r4, #0] + 8008d02: 019a lsls r2, r3, #6 + 8008d04: f53f ae1a bmi.w 800893c + if((HAL_GetTick() - tickstart) > PLL_TIMEOUT_VALUE) + 8008d08: f7fe f9da bl 80070c0 + 8008d0c: 1b40 subs r0, r0, r5 + 8008d0e: 2802 cmp r0, #2 + 8008d10: d9f6 bls.n 8008d00 + 8008d12: e61b b.n 800894c + if(sysclk_source != RCC_CFGR_SWS_PLL) + 8008d14: 2e0c cmp r6, #12 + 8008d16: f43f ad79 beq.w 800880c + __HAL_RCC_PLL_DISABLE(); + 8008d1a: 6823 ldr r3, [r4, #0] + 8008d1c: f023 7380 bic.w r3, r3, #16777216 ; 0x1000000 + 8008d20: 6023 str r3, [r4, #0] + if(READ_BIT(RCC->CR, (RCC_CR_PLLSAI1RDY | RCC_CR_PLLSAI2RDY)) == 0U) + 8008d22: 6823 ldr r3, [r4, #0] + 8008d24: f013 5f20 tst.w r3, #671088640 ; 0x28000000 + MODIFY_REG(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC, RCC_PLLSOURCE_NONE); + 8008d28: bf02 ittt eq + 8008d2a: 68e3 ldreq r3, [r4, #12] + 8008d2c: f023 0303 biceq.w r3, r3, #3 + 8008d30: 60e3 streq r3, [r4, #12] + __HAL_RCC_PLLCLKOUT_DISABLE(RCC_PLL_SYSCLK | RCC_PLL_48M1CLK | RCC_PLL_SAI3CLK); + 8008d32: 68e3 ldr r3, [r4, #12] + 8008d34: f023 7388 bic.w r3, r3, #17825792 ; 0x1100000 + 8008d38: f423 3380 bic.w r3, r3, #65536 ; 0x10000 + 8008d3c: 60e3 str r3, [r4, #12] + tickstart = HAL_GetTick(); + 8008d3e: f7fe f9bf bl 80070c0 + 8008d42: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLRDY) != 0U) + 8008d44: 6823 ldr r3, [r4, #0] + 8008d46: 019b lsls r3, r3, #6 + 8008d48: f57f adf8 bpl.w 800893c + if((HAL_GetTick() - tickstart) > PLL_TIMEOUT_VALUE) + 8008d4c: f7fe f9b8 bl 80070c0 + 8008d50: 1b40 subs r0, r0, r5 + 8008d52: 2802 cmp r0, #2 + 8008d54: d9f6 bls.n 8008d44 + 8008d56: e5f9 b.n 800894c + 8008d58: 40007000 .word 0x40007000 + 8008d5c: 019d800c .word 0x019d800c + +08008d60 : +{ + 8008d60: e92d 43f8 stmdb sp!, {r3, r4, r5, r6, r7, r8, r9, lr} + 8008d64: 460e mov r6, r1 + if(RCC_ClkInitStruct == NULL) + 8008d66: 4605 mov r5, r0 + 8008d68: b910 cbnz r0, 8008d70 + return HAL_ERROR; + 8008d6a: 2001 movs r0, #1 +} + 8008d6c: e8bd 83f8 ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, pc} + if(FLatency > __HAL_FLASH_GET_LATENCY()) + 8008d70: 4a6f ldr r2, [pc, #444] ; (8008f30 ) + 8008d72: 6813 ldr r3, [r2, #0] + 8008d74: f003 030f and.w r3, r3, #15 + 8008d78: 428b cmp r3, r1 + 8008d7a: d335 bcc.n 8008de8 + if(((RCC_ClkInitStruct->ClockType) & RCC_CLOCKTYPE_SYSCLK) == RCC_CLOCKTYPE_SYSCLK) + 8008d7c: 6829 ldr r1, [r5, #0] + 8008d7e: f011 0701 ands.w r7, r1, #1 + 8008d82: d13c bne.n 8008dfe + if(((RCC_ClkInitStruct->ClockType) & RCC_CLOCKTYPE_HCLK) == RCC_CLOCKTYPE_HCLK) + 8008d84: 682a ldr r2, [r5, #0] + 8008d86: 0791 lsls r1, r2, #30 + 8008d88: f140 80b7 bpl.w 8008efa + MODIFY_REG(RCC->CFGR, RCC_CFGR_HPRE, RCC_ClkInitStruct->AHBCLKDivider); + 8008d8c: 4969 ldr r1, [pc, #420] ; (8008f34 ) + 8008d8e: 68a8 ldr r0, [r5, #8] + 8008d90: 688b ldr r3, [r1, #8] + 8008d92: f023 03f0 bic.w r3, r3, #240 ; 0xf0 + 8008d96: 4303 orrs r3, r0 + MODIFY_REG(RCC->CFGR, RCC_CFGR_HPRE, RCC_SYSCLK_DIV1); + 8008d98: 608b str r3, [r1, #8] + if(FLatency < __HAL_FLASH_GET_LATENCY()) + 8008d9a: 4965 ldr r1, [pc, #404] ; (8008f30 ) + 8008d9c: 680b ldr r3, [r1, #0] + 8008d9e: f003 030f and.w r3, r3, #15 + 8008da2: 42b3 cmp r3, r6 + 8008da4: f200 80b1 bhi.w 8008f0a + if(((RCC_ClkInitStruct->ClockType) & RCC_CLOCKTYPE_PCLK1) == RCC_CLOCKTYPE_PCLK1) + 8008da8: f012 0f04 tst.w r2, #4 + 8008dac: 4c61 ldr r4, [pc, #388] ; (8008f34 ) + 8008dae: f040 80b8 bne.w 8008f22 + if(((RCC_ClkInitStruct->ClockType) & RCC_CLOCKTYPE_PCLK2) == RCC_CLOCKTYPE_PCLK2) + 8008db2: 0713 lsls r3, r2, #28 + 8008db4: d506 bpl.n 8008dc4 + MODIFY_REG(RCC->CFGR, RCC_CFGR_PPRE2, ((RCC_ClkInitStruct->APB2CLKDivider) << 3U)); + 8008db6: 68a3 ldr r3, [r4, #8] + 8008db8: 692a ldr r2, [r5, #16] + 8008dba: f423 5360 bic.w r3, r3, #14336 ; 0x3800 + 8008dbe: ea43 03c2 orr.w r3, r3, r2, lsl #3 + 8008dc2: 60a3 str r3, [r4, #8] + SystemCoreClock = HAL_RCC_GetSysClockFreq() >> (AHBPrescTable[READ_BIT(RCC->CFGR, RCC_CFGR_HPRE) >> RCC_CFGR_HPRE_Pos] & 0x1FU); + 8008dc4: f7ff fcd0 bl 8008768 + 8008dc8: 68a3 ldr r3, [r4, #8] + 8008dca: 4a5b ldr r2, [pc, #364] ; (8008f38 ) + 8008dcc: f3c3 1303 ubfx r3, r3, #4, #4 + 8008dd0: 5cd3 ldrb r3, [r2, r3] + 8008dd2: f003 031f and.w r3, r3, #31 + 8008dd6: 40d8 lsrs r0, r3 + 8008dd8: 4b58 ldr r3, [pc, #352] ; (8008f3c ) + 8008dda: 6018 str r0, [r3, #0] + status = HAL_InitTick(uwTickPrio); + 8008ddc: 4b58 ldr r3, [pc, #352] ; (8008f40 ) + 8008dde: 6818 ldr r0, [r3, #0] +} + 8008de0: e8bd 43f8 ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, lr} + status = HAL_InitTick(uwTickPrio); + 8008de4: f7fe b96e b.w 80070c4 + __HAL_FLASH_SET_LATENCY(FLatency); + 8008de8: 6813 ldr r3, [r2, #0] + 8008dea: f023 030f bic.w r3, r3, #15 + 8008dee: 430b orrs r3, r1 + 8008df0: 6013 str r3, [r2, #0] + if(__HAL_FLASH_GET_LATENCY() != FLatency) + 8008df2: 6813 ldr r3, [r2, #0] + 8008df4: f003 030f and.w r3, r3, #15 + 8008df8: 428b cmp r3, r1 + 8008dfa: d1b6 bne.n 8008d6a + 8008dfc: e7be b.n 8008d7c + if(RCC_ClkInitStruct->SYSCLKSource == RCC_SYSCLKSOURCE_PLLCLK) + 8008dfe: 686b ldr r3, [r5, #4] + 8008e00: 4c4c ldr r4, [pc, #304] ; (8008f34 ) + 8008e02: 2b03 cmp r3, #3 + 8008e04: d163 bne.n 8008ece + if(READ_BIT(RCC->CR, RCC_CR_PLLRDY) == 0U) + 8008e06: 6823 ldr r3, [r4, #0] + 8008e08: 019b lsls r3, r3, #6 + 8008e0a: d5ae bpl.n 8008d6a +static uint32_t RCC_GetSysClockFreqFromPLLSource(void) +{ + uint32_t msirange = 0U; + uint32_t pllvco, pllsource, pllr, pllm, sysclockfreq; /* no init needed */ + + if(__HAL_RCC_GET_PLL_OSCSOURCE() == RCC_PLLSOURCE_MSI) + 8008e0c: 68e3 ldr r3, [r4, #12] + 8008e0e: f003 0303 and.w r3, r3, #3 + 8008e12: 2b01 cmp r3, #1 + 8008e14: d145 bne.n 8008ea2 + { + /* Get MSI range source */ + if(READ_BIT(RCC->CR, RCC_CR_MSIRGSEL) == 0U) + 8008e16: 6823 ldr r3, [r4, #0] + else + { /* MSIRANGE from RCC_CR applies */ + msirange = READ_BIT(RCC->CR, RCC_CR_MSIRANGE) >> RCC_CR_MSIRANGE_Pos; + } + /*MSI frequency range in HZ*/ + msirange = MSIRangeTable[msirange]; + 8008e18: 4a4a ldr r2, [pc, #296] ; (8008f44 ) + if(READ_BIT(RCC->CR, RCC_CR_MSIRGSEL) == 0U) + 8008e1a: 071f lsls r7, r3, #28 + msirange = READ_BIT(RCC->CSR, RCC_CSR_MSISRANGE) >> RCC_CSR_MSISRANGE_Pos; + 8008e1c: bf55 itete pl + 8008e1e: f8d4 3094 ldrpl.w r3, [r4, #148] ; 0x94 + msirange = READ_BIT(RCC->CR, RCC_CR_MSIRANGE) >> RCC_CR_MSIRANGE_Pos; + 8008e22: 6823 ldrmi r3, [r4, #0] + msirange = READ_BIT(RCC->CSR, RCC_CSR_MSISRANGE) >> RCC_CSR_MSISRANGE_Pos; + 8008e24: f3c3 2303 ubfxpl r3, r3, #8, #4 + msirange = READ_BIT(RCC->CR, RCC_CR_MSIRANGE) >> RCC_CR_MSIRANGE_Pos; + 8008e28: f3c3 1303 ubfxmi r3, r3, #4, #4 + msirange = MSIRangeTable[msirange]; + 8008e2c: f852 2023 ldr.w r2, [r2, r3, lsl #2] + } + + /* PLL_VCO = (HSE_VALUE or HSI_VALUE or MSI_VALUE) * PLLN / PLLM + SYSCLK = PLL_VCO / PLLR + */ + pllsource = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC); + 8008e30: 68e3 ldr r3, [r4, #12] + 8008e32: f003 0303 and.w r3, r3, #3 + + switch (pllsource) + 8008e36: 2b02 cmp r3, #2 + 8008e38: d035 beq.n 8008ea6 + 8008e3a: 4843 ldr r0, [pc, #268] ; (8008f48 ) + 8008e3c: 2b03 cmp r3, #3 + 8008e3e: bf08 it eq + 8008e40: 4602 moveq r2, r0 + case RCC_PLLSOURCE_MSI: /* MSI used as PLL clock source */ + default: + pllvco = msirange; + break; + } + pllm = (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U ; + 8008e42: 68e0 ldr r0, [r4, #12] + pllvco = (pllvco * (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos)) / pllm; + 8008e44: 68e3 ldr r3, [r4, #12] + 8008e46: f3c3 2306 ubfx r3, r3, #8, #7 + 8008e4a: 4353 muls r3, r2 + pllr = ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLR) >> RCC_PLLCFGR_PLLR_Pos) + 1U ) * 2U; + 8008e4c: 68e2 ldr r2, [r4, #12] + 8008e4e: f3c2 6241 ubfx r2, r2, #25, #2 + pllm = (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U ; + 8008e52: f3c0 1003 ubfx r0, r0, #4, #4 + pllr = ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLR) >> RCC_PLLCFGR_PLLR_Pos) + 1U ) * 2U; + 8008e56: 3201 adds r2, #1 + 8008e58: 0052 lsls r2, r2, #1 + pllm = (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U ; + 8008e5a: 3001 adds r0, #1 + pllvco = (pllvco * (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos)) / pllm; + 8008e5c: fbb3 f3f0 udiv r3, r3, r0 + sysclockfreq = pllvco / pllr; + 8008e60: fbb3 f3f2 udiv r3, r3, r2 + if(RCC_GetSysClockFreqFromPLLSource() > 80000000U) + 8008e64: 4a39 ldr r2, [pc, #228] ; (8008f4c ) + 8008e66: 4293 cmp r3, r2 + 8008e68: d81f bhi.n 8008eaa + uint32_t hpre = RCC_SYSCLK_DIV1; + 8008e6a: 2700 movs r7, #0 + MODIFY_REG(RCC->CFGR, RCC_CFGR_SW, RCC_ClkInitStruct->SYSCLKSource); + 8008e6c: 68a3 ldr r3, [r4, #8] + 8008e6e: 686a ldr r2, [r5, #4] + 8008e70: f023 0303 bic.w r3, r3, #3 + 8008e74: 4313 orrs r3, r2 + 8008e76: 60a3 str r3, [r4, #8] + tickstart = HAL_GetTick(); + 8008e78: f7fe f922 bl 80070c0 + if((HAL_GetTick() - tickstart) > CLOCKSWITCH_TIMEOUT_VALUE) + 8008e7c: f241 3988 movw r9, #5000 ; 0x1388 + tickstart = HAL_GetTick(); + 8008e80: 4680 mov r8, r0 + while(__HAL_RCC_GET_SYSCLK_SOURCE() != (RCC_ClkInitStruct->SYSCLKSource << RCC_CFGR_SWS_Pos)) + 8008e82: 68a3 ldr r3, [r4, #8] + 8008e84: 686a ldr r2, [r5, #4] + 8008e86: f003 030c and.w r3, r3, #12 + 8008e8a: ebb3 0f82 cmp.w r3, r2, lsl #2 + 8008e8e: f43f af79 beq.w 8008d84 + if((HAL_GetTick() - tickstart) > CLOCKSWITCH_TIMEOUT_VALUE) + 8008e92: f7fe f915 bl 80070c0 + 8008e96: eba0 0008 sub.w r0, r0, r8 + 8008e9a: 4548 cmp r0, r9 + 8008e9c: d9f1 bls.n 8008e82 + return HAL_TIMEOUT; + 8008e9e: 2003 movs r0, #3 + 8008ea0: e764 b.n 8008d6c + uint32_t msirange = 0U; + 8008ea2: 2200 movs r2, #0 + 8008ea4: e7c4 b.n 8008e30 + pllvco = HSI_VALUE; + 8008ea6: 4a2a ldr r2, [pc, #168] ; (8008f50 ) + 8008ea8: e7cb b.n 8008e42 + if(READ_BIT(RCC->CFGR, RCC_CFGR_HPRE) == RCC_SYSCLK_DIV1) + 8008eaa: 68a3 ldr r3, [r4, #8] + 8008eac: f013 0ff0 tst.w r3, #240 ; 0xf0 + 8008eb0: d107 bne.n 8008ec2 + MODIFY_REG(RCC->CFGR, RCC_CFGR_HPRE, RCC_SYSCLK_DIV2); + 8008eb2: 68a3 ldr r3, [r4, #8] + 8008eb4: f023 03f0 bic.w r3, r3, #240 ; 0xf0 + 8008eb8: f043 0380 orr.w r3, r3, #128 ; 0x80 + 8008ebc: 60a3 str r3, [r4, #8] + hpre = RCC_SYSCLK_DIV2; + 8008ebe: 2780 movs r7, #128 ; 0x80 + 8008ec0: e7d4 b.n 8008e6c + else if((((RCC_ClkInitStruct->ClockType) & RCC_CLOCKTYPE_HCLK) == RCC_CLOCKTYPE_HCLK) && (RCC_ClkInitStruct->AHBCLKDivider == RCC_SYSCLK_DIV1)) + 8008ec2: 0788 lsls r0, r1, #30 + 8008ec4: d5d1 bpl.n 8008e6a + 8008ec6: 68ab ldr r3, [r5, #8] + 8008ec8: 2b00 cmp r3, #0 + 8008eca: d1ce bne.n 8008e6a + 8008ecc: e7f1 b.n 8008eb2 + if(RCC_ClkInitStruct->SYSCLKSource == RCC_SYSCLKSOURCE_HSE) + 8008ece: 2b02 cmp r3, #2 + 8008ed0: d10a bne.n 8008ee8 + if(READ_BIT(RCC->CR, RCC_CR_HSERDY) == 0U) + 8008ed2: 6823 ldr r3, [r4, #0] + 8008ed4: f413 3f00 tst.w r3, #131072 ; 0x20000 + if(READ_BIT(RCC->CR, RCC_CR_HSIRDY) == 0U) + 8008ed8: f43f af47 beq.w 8008d6a + if(HAL_RCC_GetSysClockFreq() > 80000000U) + 8008edc: f7ff fc44 bl 8008768 + 8008ee0: 4b1a ldr r3, [pc, #104] ; (8008f4c ) + 8008ee2: 4298 cmp r0, r3 + 8008ee4: d9c1 bls.n 8008e6a + 8008ee6: e7e4 b.n 8008eb2 + else if(RCC_ClkInitStruct->SYSCLKSource == RCC_SYSCLKSOURCE_MSI) + 8008ee8: b91b cbnz r3, 8008ef2 + if(READ_BIT(RCC->CR, RCC_CR_MSIRDY) == 0U) + 8008eea: 6823 ldr r3, [r4, #0] + 8008eec: f013 0f02 tst.w r3, #2 + 8008ef0: e7f2 b.n 8008ed8 + if(READ_BIT(RCC->CR, RCC_CR_HSIRDY) == 0U) + 8008ef2: 6823 ldr r3, [r4, #0] + 8008ef4: f413 6f80 tst.w r3, #1024 ; 0x400 + 8008ef8: e7ee b.n 8008ed8 + if(hpre == RCC_SYSCLK_DIV2) + 8008efa: 2f80 cmp r7, #128 ; 0x80 + 8008efc: f47f af4d bne.w 8008d9a + MODIFY_REG(RCC->CFGR, RCC_CFGR_HPRE, RCC_SYSCLK_DIV1); + 8008f00: 490c ldr r1, [pc, #48] ; (8008f34 ) + 8008f02: 688b ldr r3, [r1, #8] + 8008f04: f023 03f0 bic.w r3, r3, #240 ; 0xf0 + 8008f08: e746 b.n 8008d98 + __HAL_FLASH_SET_LATENCY(FLatency); + 8008f0a: 680b ldr r3, [r1, #0] + 8008f0c: f023 030f bic.w r3, r3, #15 + 8008f10: 4333 orrs r3, r6 + 8008f12: 600b str r3, [r1, #0] + if(__HAL_FLASH_GET_LATENCY() != FLatency) + 8008f14: 680b ldr r3, [r1, #0] + 8008f16: f003 030f and.w r3, r3, #15 + 8008f1a: 42b3 cmp r3, r6 + 8008f1c: f47f af25 bne.w 8008d6a + 8008f20: e742 b.n 8008da8 + MODIFY_REG(RCC->CFGR, RCC_CFGR_PPRE1, RCC_ClkInitStruct->APB1CLKDivider); + 8008f22: 68a3 ldr r3, [r4, #8] + 8008f24: 68e9 ldr r1, [r5, #12] + 8008f26: f423 63e0 bic.w r3, r3, #1792 ; 0x700 + 8008f2a: 430b orrs r3, r1 + 8008f2c: 60a3 str r3, [r4, #8] + 8008f2e: e740 b.n 8008db2 + 8008f30: 40022000 .word 0x40022000 + 8008f34: 40021000 .word 0x40021000 + 8008f38: 0800e950 .word 0x0800e950 + 8008f3c: 2009e2a8 .word 0x2009e2a8 + 8008f40: 2009e2ac .word 0x2009e2ac + 8008f44: 0800e968 .word 0x0800e968 + 8008f48: 007a1200 .word 0x007a1200 + 8008f4c: 04c4b400 .word 0x04c4b400 + 8008f50: 00f42400 .word 0x00f42400 + +08008f54 : +} + 8008f54: 4b01 ldr r3, [pc, #4] ; (8008f5c ) + 8008f56: 6818 ldr r0, [r3, #0] + 8008f58: 4770 bx lr + 8008f5a: bf00 nop + 8008f5c: 2009e2a8 .word 0x2009e2a8 + +08008f60 : + return (HAL_RCC_GetHCLKFreq() >> (APBPrescTable[READ_BIT(RCC->CFGR, RCC_CFGR_PPRE1) >> RCC_CFGR_PPRE1_Pos] & 0x1FU)); + 8008f60: 4b05 ldr r3, [pc, #20] ; (8008f78 ) + 8008f62: 4a06 ldr r2, [pc, #24] ; (8008f7c ) + 8008f64: 689b ldr r3, [r3, #8] + 8008f66: f3c3 2302 ubfx r3, r3, #8, #3 + 8008f6a: 5cd3 ldrb r3, [r2, r3] + 8008f6c: 4a04 ldr r2, [pc, #16] ; (8008f80 ) + 8008f6e: 6810 ldr r0, [r2, #0] + 8008f70: f003 031f and.w r3, r3, #31 +} + 8008f74: 40d8 lsrs r0, r3 + 8008f76: 4770 bx lr + 8008f78: 40021000 .word 0x40021000 + 8008f7c: 0800e960 .word 0x0800e960 + 8008f80: 2009e2a8 .word 0x2009e2a8 + +08008f84 : + return (HAL_RCC_GetHCLKFreq()>> (APBPrescTable[READ_BIT(RCC->CFGR, RCC_CFGR_PPRE2) >> RCC_CFGR_PPRE2_Pos] & 0x1FU)); + 8008f84: 4b05 ldr r3, [pc, #20] ; (8008f9c ) + 8008f86: 4a06 ldr r2, [pc, #24] ; (8008fa0 ) + 8008f88: 689b ldr r3, [r3, #8] + 8008f8a: f3c3 23c2 ubfx r3, r3, #11, #3 + 8008f8e: 5cd3 ldrb r3, [r2, r3] + 8008f90: 4a04 ldr r2, [pc, #16] ; (8008fa4 ) + 8008f92: 6810 ldr r0, [r2, #0] + 8008f94: f003 031f and.w r3, r3, #31 +} + 8008f98: 40d8 lsrs r0, r3 + 8008f9a: 4770 bx lr + 8008f9c: 40021000 .word 0x40021000 + 8008fa0: 0800e960 .word 0x0800e960 + 8008fa4: 2009e2a8 .word 0x2009e2a8 + +08008fa8 : + RCC_OscInitStruct->OscillatorType = RCC_OSCILLATORTYPE_HSE | RCC_OSCILLATORTYPE_HSI | RCC_OSCILLATORTYPE_MSI | \ + 8008fa8: 233f movs r3, #63 ; 0x3f + 8008faa: 6003 str r3, [r0, #0] + if(READ_BIT(RCC->CR, RCC_CR_HSEBYP) == RCC_CR_HSEBYP) + 8008fac: 4b2e ldr r3, [pc, #184] ; (8009068 ) + 8008fae: 681a ldr r2, [r3, #0] + 8008fb0: 0351 lsls r1, r2, #13 + 8008fb2: d54a bpl.n 800904a + RCC_OscInitStruct->HSEState = RCC_HSE_BYPASS; + 8008fb4: f44f 22a0 mov.w r2, #327680 ; 0x50000 + RCC_OscInitStruct->HSEState = RCC_HSE_OFF; + 8008fb8: 6042 str r2, [r0, #4] + if(READ_BIT(RCC->CR, RCC_CR_MSION) == RCC_CR_MSION) + 8008fba: 681a ldr r2, [r3, #0] + 8008fbc: f002 0201 and.w r2, r2, #1 + 8008fc0: 6182 str r2, [r0, #24] + RCC_OscInitStruct->MSICalibrationValue = READ_BIT(RCC->ICSCR, RCC_ICSCR_MSITRIM) >> RCC_ICSCR_MSITRIM_Pos; + 8008fc2: 685a ldr r2, [r3, #4] + 8008fc4: f3c2 2207 ubfx r2, r2, #8, #8 + 8008fc8: 61c2 str r2, [r0, #28] + RCC_OscInitStruct->MSIClockRange = READ_BIT(RCC->CR, RCC_CR_MSIRANGE); + 8008fca: 681a ldr r2, [r3, #0] + 8008fcc: f002 02f0 and.w r2, r2, #240 ; 0xf0 + 8008fd0: 6202 str r2, [r0, #32] + if(READ_BIT(RCC->CR, RCC_CR_HSION) == RCC_CR_HSION) + 8008fd2: 681a ldr r2, [r3, #0] + RCC_OscInitStruct->HSIState = RCC_HSI_ON; + 8008fd4: f402 7280 and.w r2, r2, #256 ; 0x100 + 8008fd8: 60c2 str r2, [r0, #12] + RCC_OscInitStruct->HSICalibrationValue = READ_BIT(RCC->ICSCR, RCC_ICSCR_HSITRIM) >> RCC_ICSCR_HSITRIM_Pos; + 8008fda: 685a ldr r2, [r3, #4] + 8008fdc: f3c2 6206 ubfx r2, r2, #24, #7 + 8008fe0: 6102 str r2, [r0, #16] + if(READ_BIT(RCC->BDCR, RCC_BDCR_LSEBYP) == RCC_BDCR_LSEBYP) + 8008fe2: f8d3 2090 ldr.w r2, [r3, #144] ; 0x90 + 8008fe6: 0752 lsls r2, r2, #29 + 8008fe8: d536 bpl.n 8009058 + RCC_OscInitStruct->LSEState = RCC_LSE_BYPASS; + 8008fea: 2205 movs r2, #5 + RCC_OscInitStruct->LSEState = RCC_LSE_OFF; + 8008fec: 6082 str r2, [r0, #8] + if(READ_BIT(RCC->CSR, RCC_CSR_LSION) == RCC_CSR_LSION) + 8008fee: f8d3 2094 ldr.w r2, [r3, #148] ; 0x94 + 8008ff2: f002 0201 and.w r2, r2, #1 + 8008ff6: 6142 str r2, [r0, #20] + if(READ_BIT(RCC->CRRCR, RCC_CRRCR_HSI48ON) == RCC_CRRCR_HSI48ON) + 8008ff8: f8d3 2098 ldr.w r2, [r3, #152] ; 0x98 + 8008ffc: f002 0201 and.w r2, r2, #1 + 8009000: 6242 str r2, [r0, #36] ; 0x24 + if(READ_BIT(RCC->CR, RCC_CR_PLLON) == RCC_CR_PLLON) + 8009002: 681a ldr r2, [r3, #0] + RCC_OscInitStruct->PLL.PLLState = RCC_PLL_OFF; + 8009004: f012 7f80 tst.w r2, #16777216 ; 0x1000000 + 8009008: bf14 ite ne + 800900a: 2202 movne r2, #2 + 800900c: 2201 moveq r2, #1 + 800900e: 6282 str r2, [r0, #40] ; 0x28 + RCC_OscInitStruct->PLL.PLLSource = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC); + 8009010: 68da ldr r2, [r3, #12] + 8009012: f002 0203 and.w r2, r2, #3 + 8009016: 62c2 str r2, [r0, #44] ; 0x2c + RCC_OscInitStruct->PLL.PLLM = (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U; + 8009018: 68da ldr r2, [r3, #12] + 800901a: f3c2 1203 ubfx r2, r2, #4, #4 + 800901e: 3201 adds r2, #1 + 8009020: 6302 str r2, [r0, #48] ; 0x30 + RCC_OscInitStruct->PLL.PLLN = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 8009022: 68da ldr r2, [r3, #12] + 8009024: f3c2 2206 ubfx r2, r2, #8, #7 + 8009028: 6342 str r2, [r0, #52] ; 0x34 + RCC_OscInitStruct->PLL.PLLQ = (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U); + 800902a: 68da ldr r2, [r3, #12] + 800902c: f3c2 5241 ubfx r2, r2, #21, #2 + 8009030: 3201 adds r2, #1 + 8009032: 0052 lsls r2, r2, #1 + 8009034: 63c2 str r2, [r0, #60] ; 0x3c + RCC_OscInitStruct->PLL.PLLR = (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLR) >> RCC_PLLCFGR_PLLR_Pos) + 1U) << 1U); + 8009036: 68da ldr r2, [r3, #12] + 8009038: f3c2 6241 ubfx r2, r2, #25, #2 + 800903c: 3201 adds r2, #1 + 800903e: 0052 lsls r2, r2, #1 + 8009040: 6402 str r2, [r0, #64] ; 0x40 + RCC_OscInitStruct->PLL.PLLP = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLPDIV) >> RCC_PLLCFGR_PLLPDIV_Pos; + 8009042: 68db ldr r3, [r3, #12] + 8009044: 0edb lsrs r3, r3, #27 + 8009046: 6383 str r3, [r0, #56] ; 0x38 +} + 8009048: 4770 bx lr + else if(READ_BIT(RCC->CR, RCC_CR_HSEON) == RCC_CR_HSEON) + 800904a: 681a ldr r2, [r3, #0] + 800904c: f412 3280 ands.w r2, r2, #65536 ; 0x10000 + RCC_OscInitStruct->HSEState = RCC_HSE_ON; + 8009050: bf18 it ne + 8009052: f44f 3280 movne.w r2, #65536 ; 0x10000 + 8009056: e7af b.n 8008fb8 + else if(READ_BIT(RCC->BDCR, RCC_BDCR_LSEON) == RCC_BDCR_LSEON) + 8009058: f8d3 2090 ldr.w r2, [r3, #144] ; 0x90 + 800905c: f012 0201 ands.w r2, r2, #1 + RCC_OscInitStruct->LSEState = RCC_LSE_ON; + 8009060: bf18 it ne + 8009062: 2201 movne r2, #1 + 8009064: e7c2 b.n 8008fec + 8009066: bf00 nop + 8009068: 40021000 .word 0x40021000 + +0800906c : + RCC_ClkInitStruct->ClockType = RCC_CLOCKTYPE_SYSCLK | RCC_CLOCKTYPE_HCLK | RCC_CLOCKTYPE_PCLK1 | RCC_CLOCKTYPE_PCLK2; + 800906c: 230f movs r3, #15 + 800906e: 6003 str r3, [r0, #0] + RCC_ClkInitStruct->SYSCLKSource = READ_BIT(RCC->CFGR, RCC_CFGR_SW); + 8009070: 4b0b ldr r3, [pc, #44] ; (80090a0 ) + 8009072: 689a ldr r2, [r3, #8] + 8009074: f002 0203 and.w r2, r2, #3 + 8009078: 6042 str r2, [r0, #4] + RCC_ClkInitStruct->AHBCLKDivider = READ_BIT(RCC->CFGR, RCC_CFGR_HPRE); + 800907a: 689a ldr r2, [r3, #8] + 800907c: f002 02f0 and.w r2, r2, #240 ; 0xf0 + 8009080: 6082 str r2, [r0, #8] + RCC_ClkInitStruct->APB1CLKDivider = READ_BIT(RCC->CFGR, RCC_CFGR_PPRE1); + 8009082: 689a ldr r2, [r3, #8] + 8009084: f402 62e0 and.w r2, r2, #1792 ; 0x700 + 8009088: 60c2 str r2, [r0, #12] + RCC_ClkInitStruct->APB2CLKDivider = (READ_BIT(RCC->CFGR, RCC_CFGR_PPRE2) >> 3U); + 800908a: 689b ldr r3, [r3, #8] + 800908c: 08db lsrs r3, r3, #3 + 800908e: f403 63e0 and.w r3, r3, #1792 ; 0x700 + 8009092: 6103 str r3, [r0, #16] + *pFLatency = __HAL_FLASH_GET_LATENCY(); + 8009094: 4b03 ldr r3, [pc, #12] ; (80090a4 ) + 8009096: 681b ldr r3, [r3, #0] + 8009098: f003 030f and.w r3, r3, #15 + 800909c: 600b str r3, [r1, #0] +} + 800909e: 4770 bx lr + 80090a0: 40021000 .word 0x40021000 + 80090a4: 40022000 .word 0x40022000 + +080090a8 : + SET_BIT(RCC->CR, RCC_CR_CSSON) ; + 80090a8: 4a02 ldr r2, [pc, #8] ; (80090b4 ) + 80090aa: 6813 ldr r3, [r2, #0] + 80090ac: f443 2300 orr.w r3, r3, #524288 ; 0x80000 + 80090b0: 6013 str r3, [r2, #0] +} + 80090b2: 4770 bx lr + 80090b4: 40021000 .word 0x40021000 + +080090b8 : +} + 80090b8: 4770 bx lr + ... + +080090bc : +{ + 80090bc: b510 push {r4, lr} + if(__HAL_RCC_GET_IT(RCC_IT_CSS)) + 80090be: 4c05 ldr r4, [pc, #20] ; (80090d4 ) + 80090c0: 69e3 ldr r3, [r4, #28] + 80090c2: 05db lsls r3, r3, #23 + 80090c4: d504 bpl.n 80090d0 + HAL_RCC_CSSCallback(); + 80090c6: f7ff fff7 bl 80090b8 + __HAL_RCC_CLEAR_IT(RCC_IT_CSS); + 80090ca: f44f 7380 mov.w r3, #256 ; 0x100 + 80090ce: 6223 str r3, [r4, #32] +} + 80090d0: bd10 pop {r4, pc} + 80090d2: bf00 nop + 80090d4: 40021000 .word 0x40021000 + +080090d8 : +#if defined(RCC_PLLP_SUPPORT) + uint32_t pllp = 0U; +#endif /* RCC_PLLP_SUPPORT */ + + /* Handle SAIs */ + if(PeriphClk == RCC_PERIPHCLK_SAI1) + 80090d8: f5b0 6f00 cmp.w r0, #2048 ; 0x800 + 80090dc: 4a3d ldr r2, [pc, #244] ; (80091d4 ) + 80090de: d108 bne.n 80090f2 + { + srcclk = __HAL_RCC_GET_SAI1_SOURCE(); + 80090e0: f8d2 309c ldr.w r3, [r2, #156] ; 0x9c + 80090e4: f003 03e0 and.w r3, r3, #224 ; 0xe0 + if(srcclk == RCC_SAI1CLKSOURCE_PIN) + 80090e8: 2b60 cmp r3, #96 ; 0x60 + 80090ea: d12d bne.n 8009148 + { + frequency = EXTERNAL_SAI1_CLOCK_VALUE; + 80090ec: f64b 3080 movw r0, #48000 ; 0xbb80 + 80090f0: 4770 bx lr + /* Else, PLL clock output to check below */ + } +#if defined(SAI2) + else + { + if(PeriphClk == RCC_PERIPHCLK_SAI2) + 80090f2: f5b0 5f80 cmp.w r0, #4096 ; 0x1000 + 80090f6: d12a bne.n 800914e + { + srcclk = __HAL_RCC_GET_SAI2_SOURCE(); + 80090f8: f8d2 309c ldr.w r3, [r2, #156] ; 0x9c + 80090fc: f403 63e0 and.w r3, r3, #1792 ; 0x700 + if(srcclk == RCC_SAI2CLKSOURCE_PIN) + 8009100: f5b3 7f40 cmp.w r3, #768 ; 0x300 + 8009104: d0f2 beq.n 80090ec + if(frequency == 0U) + { + pllvco = InputFrequency; + +#if defined(SAI2) + if((srcclk == RCC_SAI1CLKSOURCE_PLL) || (srcclk == RCC_SAI2CLKSOURCE_PLL)) + 8009106: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800910a: d15c bne.n 80091c6 + { + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLRDY) && (__HAL_RCC_GET_PLLCLKOUT_CONFIG(RCC_PLL_SAI3CLK) != 0U)) + 800910c: 6810 ldr r0, [r2, #0] + 800910e: f010 7000 ands.w r0, r0, #33554432 ; 0x2000000 + 8009112: d05d beq.n 80091d0 + 8009114: 68d0 ldr r0, [r2, #12] + 8009116: f410 3080 ands.w r0, r0, #65536 ; 0x10000 + 800911a: d059 beq.n 80091d0 + { + /* f(PLL Source) / PLLM */ + pllvco = (pllvco / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 800911c: 68d0 ldr r0, [r2, #12] + 800911e: f3c0 1003 ubfx r0, r0, #4, #4 + 8009122: 3001 adds r0, #1 + 8009124: fbb1 f0f0 udiv r0, r1, r0 + /* f(PLLSAI3CLK) = f(VCO input) * PLLN / PLLP */ + plln = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 8009128: 68d1 ldr r1, [r2, #12] +#if defined(RCC_PLLP_DIV_2_31_SUPPORT) + pllp = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLPDIV) >> RCC_PLLCFGR_PLLPDIV_Pos; + 800912a: 68d3 ldr r3, [r2, #12] +#endif + if(pllp == 0U) + 800912c: 0edb lsrs r3, r3, #27 + plln = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 800912e: f3c1 2106 ubfx r1, r1, #8, #7 + if(pllp == 0U) + 8009132: d105 bne.n 8009140 + { + if(READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLP) != 0U) + 8009134: 68d3 ldr r3, [r2, #12] + { + pllp = 17U; + } + else + { + pllp = 7U; + 8009136: f413 3f00 tst.w r3, #131072 ; 0x20000 + 800913a: bf14 ite ne + 800913c: 2311 movne r3, #17 + 800913e: 2307 moveq r3, #7 + } + } + frequency = (pllvco * plln) / pllp; + 8009140: 4348 muls r0, r1 + 8009142: fbb0 f0f3 udiv r0, r0, r3 + 8009146: 4770 bx lr + if((srcclk == RCC_SAI1CLKSOURCE_PLL) || (srcclk == RCC_SAI2CLKSOURCE_PLL)) + 8009148: 2b40 cmp r3, #64 ; 0x40 + 800914a: d0df beq.n 800910c + else if(srcclk == 0U) /* RCC_SAI1CLKSOURCE_PLLSAI1 || RCC_SAI2CLKSOURCE_PLLSAI1 */ + 800914c: b9ab cbnz r3, 800917a + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLSAI1RDY) && (__HAL_RCC_GET_PLLSAI1CLKOUT_CONFIG(RCC_PLLSAI1_SAI1CLK) != 0U)) + 800914e: 6810 ldr r0, [r2, #0] + 8009150: f010 6000 ands.w r0, r0, #134217728 ; 0x8000000 + 8009154: d03c beq.n 80091d0 + 8009156: 6910 ldr r0, [r2, #16] + 8009158: f410 3080 ands.w r0, r0, #65536 ; 0x10000 + 800915c: d038 beq.n 80091d0 + pllvco = (pllvco / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 800915e: 6913 ldr r3, [r2, #16] + plln = READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1N) >> RCC_PLLSAI1CFGR_PLLSAI1N_Pos; + 8009160: 6910 ldr r0, [r2, #16] + pllvco = (pllvco / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009162: f3c3 1303 ubfx r3, r3, #4, #4 + 8009166: 3301 adds r3, #1 + 8009168: fbb1 f1f3 udiv r1, r1, r3 + pllp = READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1PDIV) >> RCC_PLLSAI1CFGR_PLLSAI1PDIV_Pos; + 800916c: 6913 ldr r3, [r2, #16] + if(pllp == 0U) + 800916e: 0edb lsrs r3, r3, #27 + plln = READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1N) >> RCC_PLLSAI1CFGR_PLLSAI1N_Pos; + 8009170: f3c0 2006 ubfx r0, r0, #8, #7 + if(pllp == 0U) + 8009174: d1e4 bne.n 8009140 + if(READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1P) != 0U) + 8009176: 6913 ldr r3, [r2, #16] + 8009178: e7dd b.n 8009136 + else if((srcclk == RCC_SAI1CLKSOURCE_HSI) || (srcclk == RCC_SAI2CLKSOURCE_HSI)) + 800917a: 2b80 cmp r3, #128 ; 0x80 + 800917c: d106 bne.n 800918c + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_HSIRDY)) + 800917e: 6810 ldr r0, [r2, #0] + frequency = HSI_VALUE; + 8009180: 4b15 ldr r3, [pc, #84] ; (80091d8 ) + 8009182: f410 6080 ands.w r0, r0, #1024 ; 0x400 + 8009186: bf18 it ne + 8009188: 4618 movne r0, r3 + 800918a: 4770 bx lr + else if((srcclk == RCC_SAI1CLKSOURCE_PLLSAI2) || (srcclk == RCC_SAI2CLKSOURCE_PLLSAI2)) + 800918c: 2b20 cmp r3, #32 + 800918e: d002 beq.n 8009196 + 8009190: f5b3 7f80 cmp.w r3, #256 ; 0x100 + 8009194: d115 bne.n 80091c2 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLSAI2RDY) && (__HAL_RCC_GET_PLLSAI2CLKOUT_CONFIG(RCC_PLLSAI2_SAI2CLK) != 0U)) + 8009196: 6810 ldr r0, [r2, #0] + 8009198: f010 5000 ands.w r0, r0, #536870912 ; 0x20000000 + 800919c: d018 beq.n 80091d0 + 800919e: 6950 ldr r0, [r2, #20] + 80091a0: f410 3080 ands.w r0, r0, #65536 ; 0x10000 + 80091a4: d014 beq.n 80091d0 + pllvco = (pllvco / ((READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2M) >> RCC_PLLSAI2CFGR_PLLSAI2M_Pos) + 1U)); + 80091a6: 6953 ldr r3, [r2, #20] + 80091a8: f3c3 1303 ubfx r3, r3, #4, #4 + 80091ac: 3301 adds r3, #1 + 80091ae: fbb1 f0f3 udiv r0, r1, r3 + plln = READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2N) >> RCC_PLLSAI2CFGR_PLLSAI2N_Pos; + 80091b2: 6951 ldr r1, [r2, #20] + pllp = READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2PDIV) >> RCC_PLLSAI2CFGR_PLLSAI2PDIV_Pos; + 80091b4: 6953 ldr r3, [r2, #20] + if(pllp == 0U) + 80091b6: 0edb lsrs r3, r3, #27 + plln = READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2N) >> RCC_PLLSAI2CFGR_PLLSAI2N_Pos; + 80091b8: f3c1 2106 ubfx r1, r1, #8, #7 + if(pllp == 0U) + 80091bc: d1c0 bne.n 8009140 + if(READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2P) != 0U) + 80091be: 6953 ldr r3, [r2, #20] + 80091c0: e7b9 b.n 8009136 + 80091c2: 2000 movs r0, #0 + /* No clock source, frequency default init at 0 */ + } + } + + + return frequency; + 80091c4: 4770 bx lr + else if(srcclk == 0U) /* RCC_SAI1CLKSOURCE_PLLSAI1 || RCC_SAI2CLKSOURCE_PLLSAI1 */ + 80091c6: 2b00 cmp r3, #0 + 80091c8: d0c1 beq.n 800914e + else if((srcclk == RCC_SAI1CLKSOURCE_HSI) || (srcclk == RCC_SAI2CLKSOURCE_HSI)) + 80091ca: f5b3 6f80 cmp.w r3, #1024 ; 0x400 + 80091ce: e7d5 b.n 800917c +} + 80091d0: 4770 bx lr + 80091d2: bf00 nop + 80091d4: 40021000 .word 0x40021000 + 80091d8: 00f42400 .word 0x00f42400 + +080091dc : +{ + 80091dc: b5f8 push {r3, r4, r5, r6, r7, lr} + if(__HAL_RCC_GET_PLL_OSCSOURCE() != RCC_PLLSOURCE_NONE) + 80091de: 4c3c ldr r4, [pc, #240] ; (80092d0 ) + if((__HAL_RCC_GET_PLL_OSCSOURCE() != PllSai1->PLLSAI1Source) + 80091e0: 6803 ldr r3, [r0, #0] + if(__HAL_RCC_GET_PLL_OSCSOURCE() != RCC_PLLSOURCE_NONE) + 80091e2: 68e2 ldr r2, [r4, #12] +{ + 80091e4: 4605 mov r5, r0 + if(__HAL_RCC_GET_PLL_OSCSOURCE() != RCC_PLLSOURCE_NONE) + 80091e6: 0790 lsls r0, r2, #30 +{ + 80091e8: 460f mov r7, r1 + if(__HAL_RCC_GET_PLL_OSCSOURCE() != RCC_PLLSOURCE_NONE) + 80091ea: d023 beq.n 8009234 + if((__HAL_RCC_GET_PLL_OSCSOURCE() != PllSai1->PLLSAI1Source) + 80091ec: 68e2 ldr r2, [r4, #12] + 80091ee: f002 0203 and.w r2, r2, #3 + 80091f2: 429a cmp r2, r3 + 80091f4: d16a bne.n 80092cc + || + 80091f6: 2a00 cmp r2, #0 + 80091f8: d068 beq.n 80092cc + __HAL_RCC_PLLSAI1_DISABLE(); + 80091fa: 6823 ldr r3, [r4, #0] + 80091fc: f023 6380 bic.w r3, r3, #67108864 ; 0x4000000 + 8009200: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8009202: f7fd ff5d bl 80070c0 + 8009206: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI1RDY) != 0U) + 8009208: 6823 ldr r3, [r4, #0] + 800920a: 011a lsls r2, r3, #4 + 800920c: d42d bmi.n 800926a + MODIFY_REG(RCC->PLLSAI1CFGR, + 800920e: 68ab ldr r3, [r5, #8] + 8009210: 021e lsls r6, r3, #8 + 8009212: 686b ldr r3, [r5, #4] + 8009214: 3b01 subs r3, #1 + 8009216: 0118 lsls r0, r3, #4 + if(Divider == DIVIDER_P_UPDATE) + 8009218: b377 cbz r7, 8009278 + else if(Divider == DIVIDER_Q_UPDATE) + 800921a: 2f01 cmp r7, #1 + 800921c: d145 bne.n 80092aa + MODIFY_REG(RCC->PLLSAI1CFGR, + 800921e: 692b ldr r3, [r5, #16] + 8009220: 6927 ldr r7, [r4, #16] + 8009222: 085b lsrs r3, r3, #1 + 8009224: 1e59 subs r1, r3, #1 + 8009226: 4b2b ldr r3, [pc, #172] ; (80092d4 ) + 8009228: 403b ands r3, r7 + 800922a: 4333 orrs r3, r6 + 800922c: 4303 orrs r3, r0 + 800922e: ea43 5341 orr.w r3, r3, r1, lsl #21 + 8009232: e029 b.n 8009288 + switch(PllSai1->PLLSAI1Source) + 8009234: 2b02 cmp r3, #2 + 8009236: d00d beq.n 8009254 + 8009238: 2b03 cmp r3, #3 + 800923a: d00f beq.n 800925c + 800923c: 2b01 cmp r3, #1 + 800923e: d145 bne.n 80092cc + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_MSIRDY)) + 8009240: 6822 ldr r2, [r4, #0] + 8009242: f012 0f02 tst.w r2, #2 + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSEBYP)) + 8009246: d041 beq.n 80092cc + MODIFY_REG(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC, PllSai1->PLLSAI1Source); + 8009248: 68e0 ldr r0, [r4, #12] + 800924a: f020 0003 bic.w r0, r0, #3 + 800924e: 4318 orrs r0, r3 + 8009250: 60e0 str r0, [r4, #12] + if(status == HAL_OK) + 8009252: e7d2 b.n 80091fa + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSIRDY)) + 8009254: 6822 ldr r2, [r4, #0] + 8009256: f412 6f80 tst.w r2, #1024 ; 0x400 + 800925a: e7f4 b.n 8009246 + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSERDY)) + 800925c: 6822 ldr r2, [r4, #0] + 800925e: 0391 lsls r1, r2, #14 + 8009260: d4f2 bmi.n 8009248 + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSEBYP)) + 8009262: 6822 ldr r2, [r4, #0] + 8009264: f412 2f80 tst.w r2, #262144 ; 0x40000 + 8009268: e7ed b.n 8009246 + if((HAL_GetTick() - tickstart) > PLLSAI1_TIMEOUT_VALUE) + 800926a: f7fd ff29 bl 80070c0 + 800926e: 1b80 subs r0, r0, r6 + 8009270: 2802 cmp r0, #2 + 8009272: d9c9 bls.n 8009208 + status = HAL_TIMEOUT; + 8009274: 2003 movs r0, #3 +} + 8009276: bdf8 pop {r3, r4, r5, r6, r7, pc} + MODIFY_REG(RCC->PLLSAI1CFGR, + 8009278: 68e9 ldr r1, [r5, #12] + 800927a: 6922 ldr r2, [r4, #16] + 800927c: ea46 63c1 orr.w r3, r6, r1, lsl #27 + 8009280: 4915 ldr r1, [pc, #84] ; (80092d8 ) + 8009282: 4011 ands r1, r2 + 8009284: 430b orrs r3, r1 + 8009286: 4303 orrs r3, r0 + MODIFY_REG(RCC->PLLSAI1CFGR, + 8009288: 6123 str r3, [r4, #16] + __HAL_RCC_PLLSAI1_ENABLE(); + 800928a: 6823 ldr r3, [r4, #0] + 800928c: f043 6380 orr.w r3, r3, #67108864 ; 0x4000000 + 8009290: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8009292: f7fd ff15 bl 80070c0 + 8009296: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI1RDY) == 0U) + 8009298: 6823 ldr r3, [r4, #0] + 800929a: 011b lsls r3, r3, #4 + 800929c: d510 bpl.n 80092c0 + __HAL_RCC_PLLSAI1CLKOUT_ENABLE(PllSai1->PLLSAI1ClockOut); + 800929e: 6923 ldr r3, [r4, #16] + 80092a0: 69aa ldr r2, [r5, #24] + 80092a2: 4313 orrs r3, r2 + 80092a4: 6123 str r3, [r4, #16] + 80092a6: 2000 movs r0, #0 + return status; + 80092a8: e7e5 b.n 8009276 + MODIFY_REG(RCC->PLLSAI1CFGR, + 80092aa: 696b ldr r3, [r5, #20] + 80092ac: 6921 ldr r1, [r4, #16] + 80092ae: 085b lsrs r3, r3, #1 + 80092b0: 1e5a subs r2, r3, #1 + 80092b2: 4b0a ldr r3, [pc, #40] ; (80092dc ) + 80092b4: 400b ands r3, r1 + 80092b6: 4333 orrs r3, r6 + 80092b8: 4303 orrs r3, r0 + 80092ba: ea43 6342 orr.w r3, r3, r2, lsl #25 + 80092be: e7e3 b.n 8009288 + if((HAL_GetTick() - tickstart) > PLLSAI1_TIMEOUT_VALUE) + 80092c0: f7fd fefe bl 80070c0 + 80092c4: 1b80 subs r0, r0, r6 + 80092c6: 2802 cmp r0, #2 + 80092c8: d9e6 bls.n 8009298 + 80092ca: e7d3 b.n 8009274 + status = HAL_ERROR; + 80092cc: 2001 movs r0, #1 + 80092ce: e7d2 b.n 8009276 + 80092d0: 40021000 .word 0x40021000 + 80092d4: ff9f800f .word 0xff9f800f + 80092d8: 07ff800f .word 0x07ff800f + 80092dc: f9ff800f .word 0xf9ff800f + +080092e0 : +static HAL_StatusTypeDef RCCEx_PLLSAI2_Config(RCC_PLLSAI2InitTypeDef *PllSai2, uint32_t Divider) + 80092e0: b570 push {r4, r5, r6, lr} + if(__HAL_RCC_GET_PLL_OSCSOURCE() != RCC_PLLSOURCE_NONE) + 80092e2: 4c2f ldr r4, [pc, #188] ; (80093a0 ) + if((__HAL_RCC_GET_PLL_OSCSOURCE() != PllSai2->PLLSAI2Source) + 80092e4: 6803 ldr r3, [r0, #0] + if(__HAL_RCC_GET_PLL_OSCSOURCE() != RCC_PLLSOURCE_NONE) + 80092e6: 68e2 ldr r2, [r4, #12] +static HAL_StatusTypeDef RCCEx_PLLSAI2_Config(RCC_PLLSAI2InitTypeDef *PllSai2, uint32_t Divider) + 80092e8: 4605 mov r5, r0 + if(__HAL_RCC_GET_PLL_OSCSOURCE() != RCC_PLLSOURCE_NONE) + 80092ea: 0790 lsls r0, r2, #30 + 80092ec: d026 beq.n 800933c + if((__HAL_RCC_GET_PLL_OSCSOURCE() != PllSai2->PLLSAI2Source) + 80092ee: 68e2 ldr r2, [r4, #12] + 80092f0: f002 0203 and.w r2, r2, #3 + 80092f4: 429a cmp r2, r3 + 80092f6: d151 bne.n 800939c + || + 80092f8: 2a00 cmp r2, #0 + 80092fa: d04f beq.n 800939c + __HAL_RCC_PLLSAI2_DISABLE(); + 80092fc: 6823 ldr r3, [r4, #0] + 80092fe: f023 5380 bic.w r3, r3, #268435456 ; 0x10000000 + 8009302: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8009304: f7fd fedc bl 80070c0 + 8009308: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI2RDY) != 0U) + 800930a: 6823 ldr r3, [r4, #0] + 800930c: 009a lsls r2, r3, #2 + 800930e: d430 bmi.n 8009372 + MODIFY_REG(RCC->PLLSAI2CFGR, + 8009310: e9d5 2302 ldrd r2, r3, [r5, #8] + 8009314: 06db lsls r3, r3, #27 + 8009316: 6961 ldr r1, [r4, #20] + 8009318: ea43 2302 orr.w r3, r3, r2, lsl #8 + 800931c: 4a21 ldr r2, [pc, #132] ; (80093a4 ) + 800931e: 400a ands r2, r1 + 8009320: 4313 orrs r3, r2 + 8009322: 686a ldr r2, [r5, #4] + 8009324: 3a01 subs r2, #1 + 8009326: ea43 1302 orr.w r3, r3, r2, lsl #4 + 800932a: 6163 str r3, [r4, #20] + __HAL_RCC_PLLSAI2_ENABLE(); + 800932c: 6823 ldr r3, [r4, #0] + 800932e: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + 8009332: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8009334: f7fd fec4 bl 80070c0 + 8009338: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI2RDY) == 0U) + 800933a: e026 b.n 800938a + switch(PllSai2->PLLSAI2Source) + 800933c: 2b02 cmp r3, #2 + 800933e: d00d beq.n 800935c + 8009340: 2b03 cmp r3, #3 + 8009342: d00f beq.n 8009364 + 8009344: 2b01 cmp r3, #1 + 8009346: d129 bne.n 800939c + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_MSIRDY)) + 8009348: 6822 ldr r2, [r4, #0] + 800934a: f012 0f02 tst.w r2, #2 + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSEBYP)) + 800934e: d025 beq.n 800939c + MODIFY_REG(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC, PllSai2->PLLSAI2Source); + 8009350: 68e0 ldr r0, [r4, #12] + 8009352: f020 0003 bic.w r0, r0, #3 + 8009356: 4318 orrs r0, r3 + 8009358: 60e0 str r0, [r4, #12] + if(status == HAL_OK) + 800935a: e7cf b.n 80092fc + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSIRDY)) + 800935c: 6822 ldr r2, [r4, #0] + 800935e: f412 6f80 tst.w r2, #1024 ; 0x400 + 8009362: e7f4 b.n 800934e + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSERDY)) + 8009364: 6822 ldr r2, [r4, #0] + 8009366: 0391 lsls r1, r2, #14 + 8009368: d4f2 bmi.n 8009350 + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSEBYP)) + 800936a: 6822 ldr r2, [r4, #0] + 800936c: f412 2f80 tst.w r2, #262144 ; 0x40000 + 8009370: e7ed b.n 800934e + if((HAL_GetTick() - tickstart) > PLLSAI2_TIMEOUT_VALUE) + 8009372: f7fd fea5 bl 80070c0 + 8009376: 1b80 subs r0, r0, r6 + 8009378: 2802 cmp r0, #2 + 800937a: d9c6 bls.n 800930a + status = HAL_TIMEOUT; + 800937c: 2003 movs r0, #3 +} + 800937e: bd70 pop {r4, r5, r6, pc} + if((HAL_GetTick() - tickstart) > PLLSAI2_TIMEOUT_VALUE) + 8009380: f7fd fe9e bl 80070c0 + 8009384: 1b80 subs r0, r0, r6 + 8009386: 2802 cmp r0, #2 + 8009388: d8f8 bhi.n 800937c + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI2RDY) == 0U) + 800938a: 6823 ldr r3, [r4, #0] + 800938c: 009b lsls r3, r3, #2 + 800938e: d5f7 bpl.n 8009380 + __HAL_RCC_PLLSAI2CLKOUT_ENABLE(PllSai2->PLLSAI2ClockOut); + 8009390: 6963 ldr r3, [r4, #20] + 8009392: 69aa ldr r2, [r5, #24] + 8009394: 4313 orrs r3, r2 + 8009396: 6163 str r3, [r4, #20] + 8009398: 2000 movs r0, #0 + return status; + 800939a: e7f0 b.n 800937e + status = HAL_ERROR; + 800939c: 2001 movs r0, #1 + 800939e: e7ee b.n 800937e + 80093a0: 40021000 .word 0x40021000 + 80093a4: 07ff800f .word 0x07ff800f + +080093a8 : +{ + 80093a8: e92d 47f3 stmdb sp!, {r0, r1, r4, r5, r6, r7, r8, r9, sl, lr} + if((((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_SAI1) == RCC_PERIPHCLK_SAI1)) + 80093ac: 6806 ldr r6, [r0, #0] + 80093ae: f416 6600 ands.w r6, r6, #2048 ; 0x800 +{ + 80093b2: 4604 mov r4, r0 + if((((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_SAI1) == RCC_PERIPHCLK_SAI1)) + 80093b4: d007 beq.n 80093c6 + switch(PeriphClkInit->Sai1ClockSelection) + 80093b6: 6ec1 ldr r1, [r0, #108] ; 0x6c + 80093b8: 2940 cmp r1, #64 ; 0x40 + 80093ba: d022 beq.n 8009402 + 80093bc: d812 bhi.n 80093e4 + 80093be: b331 cbz r1, 800940e + 80093c0: 2920 cmp r1, #32 + 80093c2: d02b beq.n 800941c + 80093c4: 2601 movs r6, #1 + if((((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_SAI2) == RCC_PERIPHCLK_SAI2)) + 80093c6: 6823 ldr r3, [r4, #0] + 80093c8: 04db lsls r3, r3, #19 + 80093ca: d509 bpl.n 80093e0 + switch(PeriphClkInit->Sai2ClockSelection) + 80093cc: 6f21 ldr r1, [r4, #112] ; 0x70 + 80093ce: f5b1 7f00 cmp.w r1, #512 ; 0x200 + 80093d2: d02f beq.n 8009434 + 80093d4: d826 bhi.n 8009424 + 80093d6: b399 cbz r1, 8009440 + 80093d8: f5b1 7f80 cmp.w r1, #256 ; 0x100 + 80093dc: d073 beq.n 80094c6 + 80093de: 2601 movs r6, #1 + 80093e0: 4635 mov r5, r6 + 80093e2: e03c b.n 800945e + switch(PeriphClkInit->Sai1ClockSelection) + 80093e4: 2960 cmp r1, #96 ; 0x60 + 80093e6: d001 beq.n 80093ec + 80093e8: 2980 cmp r1, #128 ; 0x80 + 80093ea: d1eb bne.n 80093c4 + __HAL_RCC_SAI1_CONFIG(PeriphClkInit->Sai1ClockSelection); + 80093ec: 4a3b ldr r2, [pc, #236] ; (80094dc ) + 80093ee: 6ee1 ldr r1, [r4, #108] ; 0x6c + 80093f0: f8d2 309c ldr.w r3, [r2, #156] ; 0x9c + 80093f4: f023 03e0 bic.w r3, r3, #224 ; 0xe0 + 80093f8: 430b orrs r3, r1 + 80093fa: f8c2 309c str.w r3, [r2, #156] ; 0x9c + 80093fe: 2600 movs r6, #0 + 8009400: e7e1 b.n 80093c6 + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_SAI3CLK); + 8009402: 4a36 ldr r2, [pc, #216] ; (80094dc ) + 8009404: 68d3 ldr r3, [r2, #12] + 8009406: f443 3380 orr.w r3, r3, #65536 ; 0x10000 + 800940a: 60d3 str r3, [r2, #12] + if(ret == HAL_OK) + 800940c: e7ee b.n 80093ec + ret = RCCEx_PLLSAI1_Config(&(PeriphClkInit->PLLSAI1), DIVIDER_P_UPDATE); + 800940e: 3004 adds r0, #4 + 8009410: f7ff fee4 bl 80091dc + ret = RCCEx_PLLSAI2_Config(&(PeriphClkInit->PLLSAI2), DIVIDER_P_UPDATE); + 8009414: 4606 mov r6, r0 + if(ret == HAL_OK) + 8009416: 2800 cmp r0, #0 + 8009418: d1d5 bne.n 80093c6 + 800941a: e7e7 b.n 80093ec + ret = RCCEx_PLLSAI2_Config(&(PeriphClkInit->PLLSAI2), DIVIDER_P_UPDATE); + 800941c: 3020 adds r0, #32 + 800941e: f7ff ff5f bl 80092e0 + 8009422: e7f7 b.n 8009414 + switch(PeriphClkInit->Sai2ClockSelection) + 8009424: f5b1 7f40 cmp.w r1, #768 ; 0x300 + 8009428: d002 beq.n 8009430 + 800942a: f5b1 6f80 cmp.w r1, #1024 ; 0x400 + 800942e: d1d6 bne.n 80093de + 8009430: 4635 mov r5, r6 + 8009432: e009 b.n 8009448 + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_SAI3CLK); + 8009434: 4a29 ldr r2, [pc, #164] ; (80094dc ) + 8009436: 68d3 ldr r3, [r2, #12] + 8009438: f443 3380 orr.w r3, r3, #65536 ; 0x10000 + 800943c: 60d3 str r3, [r2, #12] + break; + 800943e: e7f7 b.n 8009430 + ret = RCCEx_PLLSAI1_Config(&(PeriphClkInit->PLLSAI1), DIVIDER_P_UPDATE); + 8009440: 1d20 adds r0, r4, #4 + 8009442: f7ff fecb bl 80091dc + ret = RCCEx_PLLSAI2_Config(&(PeriphClkInit->PLLSAI2), DIVIDER_P_UPDATE); + 8009446: 4605 mov r5, r0 + if(ret == HAL_OK) + 8009448: 2d00 cmp r5, #0 + 800944a: d141 bne.n 80094d0 + __HAL_RCC_SAI2_CONFIG(PeriphClkInit->Sai2ClockSelection); + 800944c: 4a23 ldr r2, [pc, #140] ; (80094dc ) + 800944e: 6f21 ldr r1, [r4, #112] ; 0x70 + 8009450: f8d2 309c ldr.w r3, [r2, #156] ; 0x9c + 8009454: f423 63e0 bic.w r3, r3, #1792 ; 0x700 + 8009458: 430b orrs r3, r1 + 800945a: f8c2 309c str.w r3, [r2, #156] ; 0x9c + if((PeriphClkInit->PeriphClockSelection & RCC_PERIPHCLK_RTC) == RCC_PERIPHCLK_RTC) + 800945e: 6823 ldr r3, [r4, #0] + 8009460: 039f lsls r7, r3, #14 + 8009462: f140 817d bpl.w 8009760 + if(__HAL_RCC_PWR_IS_CLK_DISABLED() != 0U) + 8009466: 4f1d ldr r7, [pc, #116] ; (80094dc ) + 8009468: 6dbb ldr r3, [r7, #88] ; 0x58 + 800946a: 00d8 lsls r0, r3, #3 + 800946c: d432 bmi.n 80094d4 + __HAL_RCC_PWR_CLK_ENABLE(); + 800946e: 6dbb ldr r3, [r7, #88] ; 0x58 + 8009470: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + 8009474: 65bb str r3, [r7, #88] ; 0x58 + 8009476: 6dbb ldr r3, [r7, #88] ; 0x58 + 8009478: f003 5380 and.w r3, r3, #268435456 ; 0x10000000 + 800947c: 9301 str r3, [sp, #4] + 800947e: 9b01 ldr r3, [sp, #4] + pwrclkchanged = SET; + 8009480: f04f 0801 mov.w r8, #1 + SET_BIT(PWR->CR1, PWR_CR1_DBP); + 8009484: f8df 9058 ldr.w r9, [pc, #88] ; 80094e0 + 8009488: f8d9 3000 ldr.w r3, [r9] + 800948c: f443 7380 orr.w r3, r3, #256 ; 0x100 + 8009490: f8c9 3000 str.w r3, [r9] + tickstart = HAL_GetTick(); + 8009494: f7fd fe14 bl 80070c0 + 8009498: 4682 mov sl, r0 + while(READ_BIT(PWR->CR1, PWR_CR1_DBP) == 0U) + 800949a: f8d9 3000 ldr.w r3, [r9] + 800949e: 05d9 lsls r1, r3, #23 + 80094a0: d520 bpl.n 80094e4 + if(ret == HAL_OK) + 80094a2: bb35 cbnz r5, 80094f2 + tmpregister = READ_BIT(RCC->BDCR, RCC_BDCR_RTCSEL); + 80094a4: f8d7 3090 ldr.w r3, [r7, #144] ; 0x90 + if((tmpregister != RCC_RTCCLKSOURCE_NONE) && (tmpregister != PeriphClkInit->RTCClockSelection)) + 80094a8: f413 7340 ands.w r3, r3, #768 ; 0x300 + 80094ac: f040 812e bne.w 800970c + __HAL_RCC_RTC_CONFIG(PeriphClkInit->RTCClockSelection); + 80094b0: f8d7 3090 ldr.w r3, [r7, #144] ; 0x90 + 80094b4: f8d4 2090 ldr.w r2, [r4, #144] ; 0x90 + 80094b8: f423 7340 bic.w r3, r3, #768 ; 0x300 + 80094bc: 4313 orrs r3, r2 + 80094be: f8c7 3090 str.w r3, [r7, #144] ; 0x90 + 80094c2: 4635 mov r5, r6 + 80094c4: e015 b.n 80094f2 + ret = RCCEx_PLLSAI2_Config(&(PeriphClkInit->PLLSAI2), DIVIDER_P_UPDATE); + 80094c6: f104 0020 add.w r0, r4, #32 + 80094ca: f7ff ff09 bl 80092e0 + 80094ce: e7ba b.n 8009446 + 80094d0: 462e mov r6, r5 + 80094d2: e7c4 b.n 800945e + FlagStatus pwrclkchanged = RESET; + 80094d4: f04f 0800 mov.w r8, #0 + 80094d8: e7d4 b.n 8009484 + 80094da: bf00 nop + 80094dc: 40021000 .word 0x40021000 + 80094e0: 40007000 .word 0x40007000 + if((HAL_GetTick() - tickstart) > RCC_DBP_TIMEOUT_VALUE) + 80094e4: f7fd fdec bl 80070c0 + 80094e8: eba0 000a sub.w r0, r0, sl + 80094ec: 2802 cmp r0, #2 + 80094ee: d9d4 bls.n 800949a + ret = HAL_TIMEOUT; + 80094f0: 2503 movs r5, #3 + if(pwrclkchanged == SET) + 80094f2: f1b8 0f00 cmp.w r8, #0 + 80094f6: d003 beq.n 8009500 + __HAL_RCC_PWR_CLK_DISABLE(); + 80094f8: 6dbb ldr r3, [r7, #88] ; 0x58 + 80094fa: f023 5380 bic.w r3, r3, #268435456 ; 0x10000000 + 80094fe: 65bb str r3, [r7, #88] ; 0x58 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_USART1) == RCC_PERIPHCLK_USART1) + 8009500: 6823 ldr r3, [r4, #0] + 8009502: 07d8 lsls r0, r3, #31 + 8009504: d508 bpl.n 8009518 + __HAL_RCC_USART1_CONFIG(PeriphClkInit->Usart1ClockSelection); + 8009506: 49b2 ldr r1, [pc, #712] ; (80097d0 ) + 8009508: 6be0 ldr r0, [r4, #60] ; 0x3c + 800950a: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 800950e: f022 0203 bic.w r2, r2, #3 + 8009512: 4302 orrs r2, r0 + 8009514: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_USART2) == RCC_PERIPHCLK_USART2) + 8009518: 0799 lsls r1, r3, #30 + 800951a: d508 bpl.n 800952e + __HAL_RCC_USART2_CONFIG(PeriphClkInit->Usart2ClockSelection); + 800951c: 49ac ldr r1, [pc, #688] ; (80097d0 ) + 800951e: 6c20 ldr r0, [r4, #64] ; 0x40 + 8009520: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 8009524: f022 020c bic.w r2, r2, #12 + 8009528: 4302 orrs r2, r0 + 800952a: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_USART3) == RCC_PERIPHCLK_USART3) + 800952e: 075a lsls r2, r3, #29 + 8009530: d508 bpl.n 8009544 + __HAL_RCC_USART3_CONFIG(PeriphClkInit->Usart3ClockSelection); + 8009532: 49a7 ldr r1, [pc, #668] ; (80097d0 ) + 8009534: 6c60 ldr r0, [r4, #68] ; 0x44 + 8009536: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 800953a: f022 0230 bic.w r2, r2, #48 ; 0x30 + 800953e: 4302 orrs r2, r0 + 8009540: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_UART4) == RCC_PERIPHCLK_UART4) + 8009544: 071f lsls r7, r3, #28 + 8009546: d508 bpl.n 800955a + __HAL_RCC_UART4_CONFIG(PeriphClkInit->Uart4ClockSelection); + 8009548: 49a1 ldr r1, [pc, #644] ; (80097d0 ) + 800954a: 6ca0 ldr r0, [r4, #72] ; 0x48 + 800954c: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 8009550: f022 02c0 bic.w r2, r2, #192 ; 0xc0 + 8009554: 4302 orrs r2, r0 + 8009556: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_UART5) == RCC_PERIPHCLK_UART5) + 800955a: 06de lsls r6, r3, #27 + 800955c: d508 bpl.n 8009570 + __HAL_RCC_UART5_CONFIG(PeriphClkInit->Uart5ClockSelection); + 800955e: 499c ldr r1, [pc, #624] ; (80097d0 ) + 8009560: 6ce0 ldr r0, [r4, #76] ; 0x4c + 8009562: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 8009566: f422 7240 bic.w r2, r2, #768 ; 0x300 + 800956a: 4302 orrs r2, r0 + 800956c: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_LPUART1) == RCC_PERIPHCLK_LPUART1) + 8009570: 0698 lsls r0, r3, #26 + 8009572: d508 bpl.n 8009586 + __HAL_RCC_LPUART1_CONFIG(PeriphClkInit->Lpuart1ClockSelection); + 8009574: 4996 ldr r1, [pc, #600] ; (80097d0 ) + 8009576: 6d20 ldr r0, [r4, #80] ; 0x50 + 8009578: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 800957c: f422 6240 bic.w r2, r2, #3072 ; 0xc00 + 8009580: 4302 orrs r2, r0 + 8009582: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_LPTIM1) == (RCC_PERIPHCLK_LPTIM1)) + 8009586: 0599 lsls r1, r3, #22 + 8009588: d508 bpl.n 800959c + __HAL_RCC_LPTIM1_CONFIG(PeriphClkInit->Lptim1ClockSelection); + 800958a: 4991 ldr r1, [pc, #580] ; (80097d0 ) + 800958c: 6e60 ldr r0, [r4, #100] ; 0x64 + 800958e: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 8009592: f422 2240 bic.w r2, r2, #786432 ; 0xc0000 + 8009596: 4302 orrs r2, r0 + 8009598: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_LPTIM2) == (RCC_PERIPHCLK_LPTIM2)) + 800959c: 055a lsls r2, r3, #21 + 800959e: d508 bpl.n 80095b2 + __HAL_RCC_LPTIM2_CONFIG(PeriphClkInit->Lptim2ClockSelection); + 80095a0: 498b ldr r1, [pc, #556] ; (80097d0 ) + 80095a2: 6ea0 ldr r0, [r4, #104] ; 0x68 + 80095a4: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 80095a8: f422 1240 bic.w r2, r2, #3145728 ; 0x300000 + 80095ac: 4302 orrs r2, r0 + 80095ae: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_I2C1) == RCC_PERIPHCLK_I2C1) + 80095b2: 065f lsls r7, r3, #25 + 80095b4: d508 bpl.n 80095c8 + __HAL_RCC_I2C1_CONFIG(PeriphClkInit->I2c1ClockSelection); + 80095b6: 4986 ldr r1, [pc, #536] ; (80097d0 ) + 80095b8: 6d60 ldr r0, [r4, #84] ; 0x54 + 80095ba: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 80095be: f422 5240 bic.w r2, r2, #12288 ; 0x3000 + 80095c2: 4302 orrs r2, r0 + 80095c4: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_I2C2) == RCC_PERIPHCLK_I2C2) + 80095c8: 061e lsls r6, r3, #24 + 80095ca: d508 bpl.n 80095de + __HAL_RCC_I2C2_CONFIG(PeriphClkInit->I2c2ClockSelection); + 80095cc: 4980 ldr r1, [pc, #512] ; (80097d0 ) + 80095ce: 6da0 ldr r0, [r4, #88] ; 0x58 + 80095d0: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 80095d4: f422 4240 bic.w r2, r2, #49152 ; 0xc000 + 80095d8: 4302 orrs r2, r0 + 80095da: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_I2C3) == RCC_PERIPHCLK_I2C3) + 80095de: 05d8 lsls r0, r3, #23 + 80095e0: d508 bpl.n 80095f4 + __HAL_RCC_I2C3_CONFIG(PeriphClkInit->I2c3ClockSelection); + 80095e2: 497b ldr r1, [pc, #492] ; (80097d0 ) + 80095e4: 6de0 ldr r0, [r4, #92] ; 0x5c + 80095e6: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 80095ea: f422 3240 bic.w r2, r2, #196608 ; 0x30000 + 80095ee: 4302 orrs r2, r0 + 80095f0: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_I2C4) == RCC_PERIPHCLK_I2C4) + 80095f4: 02d9 lsls r1, r3, #11 + 80095f6: d508 bpl.n 800960a + __HAL_RCC_I2C4_CONFIG(PeriphClkInit->I2c4ClockSelection); + 80095f8: 4975 ldr r1, [pc, #468] ; (80097d0 ) + 80095fa: 6e20 ldr r0, [r4, #96] ; 0x60 + 80095fc: f8d1 209c ldr.w r2, [r1, #156] ; 0x9c + 8009600: f022 0203 bic.w r2, r2, #3 + 8009604: 4302 orrs r2, r0 + 8009606: f8c1 209c str.w r2, [r1, #156] ; 0x9c + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_USB) == (RCC_PERIPHCLK_USB)) + 800960a: 049a lsls r2, r3, #18 + 800960c: d510 bpl.n 8009630 + __HAL_RCC_USB_CONFIG(PeriphClkInit->UsbClockSelection); + 800960e: 4a70 ldr r2, [pc, #448] ; (80097d0 ) + 8009610: 6f61 ldr r1, [r4, #116] ; 0x74 + 8009612: f8d2 3088 ldr.w r3, [r2, #136] ; 0x88 + 8009616: f023 6340 bic.w r3, r3, #201326592 ; 0xc000000 + 800961a: 430b orrs r3, r1 + if(PeriphClkInit->UsbClockSelection == RCC_USBCLKSOURCE_PLL) + 800961c: f1b1 6f00 cmp.w r1, #134217728 ; 0x8000000 + __HAL_RCC_USB_CONFIG(PeriphClkInit->UsbClockSelection); + 8009620: f8c2 3088 str.w r3, [r2, #136] ; 0x88 + if(PeriphClkInit->UsbClockSelection == RCC_USBCLKSOURCE_PLL) + 8009624: f040 809e bne.w 8009764 + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_48M1CLK); + 8009628: 68d3 ldr r3, [r2, #12] + 800962a: f443 1380 orr.w r3, r3, #1048576 ; 0x100000 + 800962e: 60d3 str r3, [r2, #12] + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_SDMMC1) == (RCC_PERIPHCLK_SDMMC1)) + 8009630: 6823 ldr r3, [r4, #0] + 8009632: 031b lsls r3, r3, #12 + 8009634: d50f bpl.n 8009656 + __HAL_RCC_SDMMC1_CONFIG(PeriphClkInit->Sdmmc1ClockSelection); + 8009636: 6fa1 ldr r1, [r4, #120] ; 0x78 + 8009638: 4b65 ldr r3, [pc, #404] ; (80097d0 ) + 800963a: f5b1 4f80 cmp.w r1, #16384 ; 0x4000 + 800963e: f8d3 209c ldr.w r2, [r3, #156] ; 0x9c + 8009642: f040 809b bne.w 800977c + 8009646: f442 4280 orr.w r2, r2, #16384 ; 0x4000 + 800964a: f8c3 209c str.w r2, [r3, #156] ; 0x9c + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_SAI3CLK); + 800964e: 68da ldr r2, [r3, #12] + 8009650: f442 3280 orr.w r2, r2, #65536 ; 0x10000 + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_48M1CLK); + 8009654: 60da str r2, [r3, #12] + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_RNG) == (RCC_PERIPHCLK_RNG)) + 8009656: 6823 ldr r3, [r4, #0] + 8009658: 035f lsls r7, r3, #13 + 800965a: d510 bpl.n 800967e + __HAL_RCC_RNG_CONFIG(PeriphClkInit->RngClockSelection); + 800965c: 4a5c ldr r2, [pc, #368] ; (80097d0 ) + 800965e: 6fe1 ldr r1, [r4, #124] ; 0x7c + 8009660: f8d2 3088 ldr.w r3, [r2, #136] ; 0x88 + 8009664: f023 6340 bic.w r3, r3, #201326592 ; 0xc000000 + 8009668: 430b orrs r3, r1 + if(PeriphClkInit->RngClockSelection == RCC_RNGCLKSOURCE_PLL) + 800966a: f1b1 6f00 cmp.w r1, #134217728 ; 0x8000000 + __HAL_RCC_RNG_CONFIG(PeriphClkInit->RngClockSelection); + 800966e: f8c2 3088 str.w r3, [r2, #136] ; 0x88 + if(PeriphClkInit->RngClockSelection == RCC_RNGCLKSOURCE_PLL) + 8009672: f040 80a1 bne.w 80097b8 + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_48M1CLK); + 8009676: 68d3 ldr r3, [r2, #12] + 8009678: f443 1380 orr.w r3, r3, #1048576 ; 0x100000 + 800967c: 60d3 str r3, [r2, #12] + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_ADC) == RCC_PERIPHCLK_ADC) + 800967e: 6823 ldr r3, [r4, #0] + 8009680: 045e lsls r6, r3, #17 + 8009682: d513 bpl.n 80096ac + __HAL_RCC_ADC_CONFIG(PeriphClkInit->AdcClockSelection); + 8009684: 4952 ldr r1, [pc, #328] ; (80097d0 ) + 8009686: f8d4 2080 ldr.w r2, [r4, #128] ; 0x80 + 800968a: f8d1 3088 ldr.w r3, [r1, #136] ; 0x88 + 800968e: f023 5340 bic.w r3, r3, #805306368 ; 0x30000000 + 8009692: 4313 orrs r3, r2 + if(PeriphClkInit->AdcClockSelection == RCC_ADCCLKSOURCE_PLLSAI1) + 8009694: f1b2 5f80 cmp.w r2, #268435456 ; 0x10000000 + __HAL_RCC_ADC_CONFIG(PeriphClkInit->AdcClockSelection); + 8009698: f8c1 3088 str.w r3, [r1, #136] ; 0x88 + if(PeriphClkInit->AdcClockSelection == RCC_ADCCLKSOURCE_PLLSAI1) + 800969c: d106 bne.n 80096ac + ret = RCCEx_PLLSAI1_Config(&(PeriphClkInit->PLLSAI1), DIVIDER_R_UPDATE); + 800969e: 2102 movs r1, #2 + 80096a0: 1d20 adds r0, r4, #4 + 80096a2: f7ff fd9b bl 80091dc + if(ret != HAL_OK) + 80096a6: 2800 cmp r0, #0 + 80096a8: bf18 it ne + 80096aa: 4605 movne r5, r0 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_DFSDM1) == RCC_PERIPHCLK_DFSDM1) + 80096ac: 6822 ldr r2, [r4, #0] + 80096ae: 03d0 lsls r0, r2, #15 + 80096b0: d509 bpl.n 80096c6 + __HAL_RCC_DFSDM1_CONFIG(PeriphClkInit->Dfsdm1ClockSelection); + 80096b2: 4947 ldr r1, [pc, #284] ; (80097d0 ) + 80096b4: f8d4 0084 ldr.w r0, [r4, #132] ; 0x84 + 80096b8: f8d1 309c ldr.w r3, [r1, #156] ; 0x9c + 80096bc: f023 0304 bic.w r3, r3, #4 + 80096c0: 4303 orrs r3, r0 + 80096c2: f8c1 309c str.w r3, [r1, #156] ; 0x9c + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_DFSDM1AUDIO) == RCC_PERIPHCLK_DFSDM1AUDIO) + 80096c6: 0291 lsls r1, r2, #10 + 80096c8: d509 bpl.n 80096de + __HAL_RCC_DFSDM1AUDIO_CONFIG(PeriphClkInit->Dfsdm1AudioClockSelection); + 80096ca: 4941 ldr r1, [pc, #260] ; (80097d0 ) + 80096cc: f8d4 0088 ldr.w r0, [r4, #136] ; 0x88 + 80096d0: f8d1 309c ldr.w r3, [r1, #156] ; 0x9c + 80096d4: f023 0318 bic.w r3, r3, #24 + 80096d8: 4303 orrs r3, r0 + 80096da: f8c1 309c str.w r3, [r1, #156] ; 0x9c + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_OSPI) == RCC_PERIPHCLK_OSPI) + 80096de: 01d3 lsls r3, r2, #7 + 80096e0: d510 bpl.n 8009704 + __HAL_RCC_OSPI_CONFIG(PeriphClkInit->OspiClockSelection); + 80096e2: 4a3b ldr r2, [pc, #236] ; (80097d0 ) + 80096e4: f8d4 108c ldr.w r1, [r4, #140] ; 0x8c + 80096e8: f8d2 309c ldr.w r3, [r2, #156] ; 0x9c + 80096ec: f423 1340 bic.w r3, r3, #3145728 ; 0x300000 + 80096f0: 430b orrs r3, r1 + 80096f2: f8c2 309c str.w r3, [r2, #156] ; 0x9c + if(PeriphClkInit->OspiClockSelection == RCC_OSPICLKSOURCE_PLL) + 80096f6: f5b1 1f00 cmp.w r1, #2097152 ; 0x200000 + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_48M1CLK); + 80096fa: bf02 ittt eq + 80096fc: 68d3 ldreq r3, [r2, #12] + 80096fe: f443 1380 orreq.w r3, r3, #1048576 ; 0x100000 + 8009702: 60d3 streq r3, [r2, #12] +} + 8009704: 4628 mov r0, r5 + 8009706: b002 add sp, #8 + 8009708: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + if((tmpregister != RCC_RTCCLKSOURCE_NONE) && (tmpregister != PeriphClkInit->RTCClockSelection)) + 800970c: f8d4 2090 ldr.w r2, [r4, #144] ; 0x90 + 8009710: 429a cmp r2, r3 + 8009712: f43f aecd beq.w 80094b0 + tmpregister = READ_BIT(RCC->BDCR, ~(RCC_BDCR_RTCSEL)); + 8009716: f8d7 2090 ldr.w r2, [r7, #144] ; 0x90 + __HAL_RCC_BACKUPRESET_FORCE(); + 800971a: f8d7 3090 ldr.w r3, [r7, #144] ; 0x90 + 800971e: f443 3380 orr.w r3, r3, #65536 ; 0x10000 + 8009722: f8c7 3090 str.w r3, [r7, #144] ; 0x90 + __HAL_RCC_BACKUPRESET_RELEASE(); + 8009726: f8d7 3090 ldr.w r3, [r7, #144] ; 0x90 + tmpregister = READ_BIT(RCC->BDCR, ~(RCC_BDCR_RTCSEL)); + 800972a: f422 7140 bic.w r1, r2, #768 ; 0x300 + __HAL_RCC_BACKUPRESET_RELEASE(); + 800972e: f423 3380 bic.w r3, r3, #65536 ; 0x10000 + if (HAL_IS_BIT_SET(tmpregister, RCC_BDCR_LSEON)) + 8009732: 07d2 lsls r2, r2, #31 + __HAL_RCC_BACKUPRESET_RELEASE(); + 8009734: f8c7 3090 str.w r3, [r7, #144] ; 0x90 + RCC->BDCR = tmpregister; + 8009738: f8c7 1090 str.w r1, [r7, #144] ; 0x90 + if (HAL_IS_BIT_SET(tmpregister, RCC_BDCR_LSEON)) + 800973c: f57f aeb8 bpl.w 80094b0 + tickstart = HAL_GetTick(); + 8009740: f7fd fcbe bl 80070c0 + if((HAL_GetTick() - tickstart) > RCC_LSE_TIMEOUT_VALUE) + 8009744: f241 3988 movw r9, #5000 ; 0x1388 + tickstart = HAL_GetTick(); + 8009748: 4605 mov r5, r0 + while(READ_BIT(RCC->BDCR, RCC_BDCR_LSERDY) == 0U) + 800974a: f8d7 3090 ldr.w r3, [r7, #144] ; 0x90 + 800974e: 079b lsls r3, r3, #30 + 8009750: f53f aeae bmi.w 80094b0 + if((HAL_GetTick() - tickstart) > RCC_LSE_TIMEOUT_VALUE) + 8009754: f7fd fcb4 bl 80070c0 + 8009758: 1b40 subs r0, r0, r5 + 800975a: 4548 cmp r0, r9 + 800975c: d9f5 bls.n 800974a + 800975e: e6c7 b.n 80094f0 + 8009760: 4635 mov r5, r6 + 8009762: e6cd b.n 8009500 + if(PeriphClkInit->UsbClockSelection == RCC_USBCLKSOURCE_PLLSAI1) + 8009764: f1b1 6f80 cmp.w r1, #67108864 ; 0x4000000 + 8009768: f47f af62 bne.w 8009630 + ret = RCCEx_PLLSAI1_Config(&(PeriphClkInit->PLLSAI1), DIVIDER_Q_UPDATE); + 800976c: 2101 movs r1, #1 + 800976e: 1d20 adds r0, r4, #4 + 8009770: f7ff fd34 bl 80091dc + if(ret != HAL_OK) + 8009774: 2800 cmp r0, #0 + 8009776: bf18 it ne + 8009778: 4605 movne r5, r0 + 800977a: e759 b.n 8009630 + __HAL_RCC_SDMMC1_CONFIG(PeriphClkInit->Sdmmc1ClockSelection); + 800977c: f422 4280 bic.w r2, r2, #16384 ; 0x4000 + 8009780: f8c3 209c str.w r2, [r3, #156] ; 0x9c + 8009784: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009788: f022 6240 bic.w r2, r2, #201326592 ; 0xc000000 + 800978c: 430a orrs r2, r1 + if(PeriphClkInit->Sdmmc1ClockSelection == RCC_SDMMC1CLKSOURCE_PLL) /* PLL "Q" ? */ + 800978e: f1b1 6f00 cmp.w r1, #134217728 ; 0x8000000 + __HAL_RCC_SDMMC1_CONFIG(PeriphClkInit->Sdmmc1ClockSelection); + 8009792: f8c3 2088 str.w r2, [r3, #136] ; 0x88 + if(PeriphClkInit->Sdmmc1ClockSelection == RCC_SDMMC1CLKSOURCE_PLL) /* PLL "Q" ? */ + 8009796: d103 bne.n 80097a0 + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_48M1CLK); + 8009798: 68da ldr r2, [r3, #12] + 800979a: f442 1280 orr.w r2, r2, #1048576 ; 0x100000 + 800979e: e759 b.n 8009654 + else if(PeriphClkInit->Sdmmc1ClockSelection == RCC_SDMMC1CLKSOURCE_PLLSAI1) + 80097a0: f1b1 6f80 cmp.w r1, #67108864 ; 0x4000000 + 80097a4: f47f af57 bne.w 8009656 + ret = RCCEx_PLLSAI1_Config(&(PeriphClkInit->PLLSAI1), DIVIDER_Q_UPDATE); + 80097a8: 2101 movs r1, #1 + 80097aa: 1d20 adds r0, r4, #4 + 80097ac: f7ff fd16 bl 80091dc + if(ret != HAL_OK) + 80097b0: 2800 cmp r0, #0 + 80097b2: bf18 it ne + 80097b4: 4605 movne r5, r0 + 80097b6: e74e b.n 8009656 + else if(PeriphClkInit->RngClockSelection == RCC_RNGCLKSOURCE_PLLSAI1) + 80097b8: f1b1 6f80 cmp.w r1, #67108864 ; 0x4000000 + 80097bc: f47f af5f bne.w 800967e + ret = RCCEx_PLLSAI1_Config(&(PeriphClkInit->PLLSAI1), DIVIDER_Q_UPDATE); + 80097c0: 2101 movs r1, #1 + 80097c2: 1d20 adds r0, r4, #4 + 80097c4: f7ff fd0a bl 80091dc + if(ret != HAL_OK) + 80097c8: 2800 cmp r0, #0 + 80097ca: bf18 it ne + 80097cc: 4605 movne r5, r0 + 80097ce: e756 b.n 800967e + 80097d0: 40021000 .word 0x40021000 + +080097d4 : + PeriphClkInit->PeriphClockSelection = RCC_PERIPHCLK_USART1 | RCC_PERIPHCLK_USART2 | RCC_PERIPHCLK_USART3 | RCC_PERIPHCLK_UART4 | RCC_PERIPHCLK_UART5 | \ + 80097d4: 4b5b ldr r3, [pc, #364] ; (8009944 ) + 80097d6: 6003 str r3, [r0, #0] + PeriphClkInit->PLLSAI1.PLLSAI1Source = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC) >> RCC_PLLCFGR_PLLSRC_Pos; + 80097d8: 4b5b ldr r3, [pc, #364] ; (8009948 ) + 80097da: 68d9 ldr r1, [r3, #12] + 80097dc: f001 0103 and.w r1, r1, #3 + 80097e0: 6041 str r1, [r0, #4] + PeriphClkInit->PLLSAI1.PLLSAI1M = (READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U; + 80097e2: 691a ldr r2, [r3, #16] + 80097e4: f3c2 1203 ubfx r2, r2, #4, #4 + 80097e8: 3201 adds r2, #1 + 80097ea: 6082 str r2, [r0, #8] + PeriphClkInit->PLLSAI1.PLLSAI1N = READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1N) >> RCC_PLLSAI1CFGR_PLLSAI1N_Pos; + 80097ec: 691a ldr r2, [r3, #16] + 80097ee: f3c2 2206 ubfx r2, r2, #8, #7 + 80097f2: 60c2 str r2, [r0, #12] + PeriphClkInit->PLLSAI1.PLLSAI1P = ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1P) >> RCC_PLLSAI1CFGR_PLLSAI1P_Pos) << 4U) + 7U; + 80097f4: 691a ldr r2, [r3, #16] + 80097f6: 0b52 lsrs r2, r2, #13 + 80097f8: f002 0210 and.w r2, r2, #16 + 80097fc: 3207 adds r2, #7 + 80097fe: 6102 str r2, [r0, #16] + PeriphClkInit->PLLSAI1.PLLSAI1Q = ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1Q) >> RCC_PLLSAI1CFGR_PLLSAI1Q_Pos) + 1U) * 2U; + 8009800: 691a ldr r2, [r3, #16] + 8009802: f3c2 5241 ubfx r2, r2, #21, #2 + 8009806: 3201 adds r2, #1 + 8009808: 0052 lsls r2, r2, #1 + 800980a: 6142 str r2, [r0, #20] + PeriphClkInit->PLLSAI1.PLLSAI1R = ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1R) >> RCC_PLLSAI1CFGR_PLLSAI1R_Pos) + 1U) * 2U; + 800980c: 691a ldr r2, [r3, #16] + PeriphClkInit->PLLSAI2.PLLSAI2Source = PeriphClkInit->PLLSAI1.PLLSAI1Source; + 800980e: 6201 str r1, [r0, #32] + PeriphClkInit->PLLSAI1.PLLSAI1R = ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1R) >> RCC_PLLSAI1CFGR_PLLSAI1R_Pos) + 1U) * 2U; + 8009810: f3c2 6241 ubfx r2, r2, #25, #2 + 8009814: 3201 adds r2, #1 + 8009816: 0052 lsls r2, r2, #1 + 8009818: 6182 str r2, [r0, #24] + PeriphClkInit->PLLSAI2.PLLSAI2M = (READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2M) >> RCC_PLLSAI2CFGR_PLLSAI2M_Pos) + 1U; + 800981a: 695a ldr r2, [r3, #20] + 800981c: f3c2 1203 ubfx r2, r2, #4, #4 + 8009820: 3201 adds r2, #1 + 8009822: 6242 str r2, [r0, #36] ; 0x24 + PeriphClkInit->PLLSAI2.PLLSAI2N = READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2N) >> RCC_PLLSAI2CFGR_PLLSAI2N_Pos; + 8009824: 695a ldr r2, [r3, #20] + 8009826: f3c2 2206 ubfx r2, r2, #8, #7 + 800982a: 6282 str r2, [r0, #40] ; 0x28 + PeriphClkInit->PLLSAI2.PLLSAI2P = ((READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2P) >> RCC_PLLSAI2CFGR_PLLSAI2P_Pos) << 4U) + 7U; + 800982c: 695a ldr r2, [r3, #20] + 800982e: 0b52 lsrs r2, r2, #13 + 8009830: f002 0210 and.w r2, r2, #16 + 8009834: 3207 adds r2, #7 + 8009836: 62c2 str r2, [r0, #44] ; 0x2c + PeriphClkInit->PLLSAI2.PLLSAI2Q = ((READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2Q) >> RCC_PLLSAI2CFGR_PLLSAI2Q_Pos) + 1U) * 2U; + 8009838: 695a ldr r2, [r3, #20] + 800983a: f3c2 5241 ubfx r2, r2, #21, #2 + 800983e: 3201 adds r2, #1 + 8009840: 0052 lsls r2, r2, #1 + 8009842: 6302 str r2, [r0, #48] ; 0x30 + PeriphClkInit->PLLSAI2.PLLSAI2R = ((READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2R)>> RCC_PLLSAI2CFGR_PLLSAI2R_Pos) + 1U) * 2U; + 8009844: 695a ldr r2, [r3, #20] + 8009846: f3c2 6241 ubfx r2, r2, #25, #2 + 800984a: 3201 adds r2, #1 + 800984c: 0052 lsls r2, r2, #1 + 800984e: 6342 str r2, [r0, #52] ; 0x34 + PeriphClkInit->Usart1ClockSelection = __HAL_RCC_GET_USART1_SOURCE(); + 8009850: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009854: f002 0203 and.w r2, r2, #3 + 8009858: 63c2 str r2, [r0, #60] ; 0x3c + PeriphClkInit->Usart2ClockSelection = __HAL_RCC_GET_USART2_SOURCE(); + 800985a: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 800985e: f002 020c and.w r2, r2, #12 + 8009862: 6402 str r2, [r0, #64] ; 0x40 + PeriphClkInit->Usart3ClockSelection = __HAL_RCC_GET_USART3_SOURCE(); + 8009864: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009868: f002 0230 and.w r2, r2, #48 ; 0x30 + 800986c: 6442 str r2, [r0, #68] ; 0x44 + PeriphClkInit->Uart4ClockSelection = __HAL_RCC_GET_UART4_SOURCE(); + 800986e: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009872: f002 02c0 and.w r2, r2, #192 ; 0xc0 + 8009876: 6482 str r2, [r0, #72] ; 0x48 + PeriphClkInit->Uart5ClockSelection = __HAL_RCC_GET_UART5_SOURCE(); + 8009878: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 800987c: f402 7240 and.w r2, r2, #768 ; 0x300 + 8009880: 64c2 str r2, [r0, #76] ; 0x4c + PeriphClkInit->Lpuart1ClockSelection = __HAL_RCC_GET_LPUART1_SOURCE(); + 8009882: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009886: f402 6240 and.w r2, r2, #3072 ; 0xc00 + 800988a: 6502 str r2, [r0, #80] ; 0x50 + PeriphClkInit->I2c1ClockSelection = __HAL_RCC_GET_I2C1_SOURCE(); + 800988c: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009890: f402 5240 and.w r2, r2, #12288 ; 0x3000 + 8009894: 6542 str r2, [r0, #84] ; 0x54 + PeriphClkInit->I2c2ClockSelection = __HAL_RCC_GET_I2C2_SOURCE(); + 8009896: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 800989a: f402 4240 and.w r2, r2, #49152 ; 0xc000 + 800989e: 6582 str r2, [r0, #88] ; 0x58 + PeriphClkInit->I2c3ClockSelection = __HAL_RCC_GET_I2C3_SOURCE(); + 80098a0: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 80098a4: f402 3240 and.w r2, r2, #196608 ; 0x30000 + 80098a8: 65c2 str r2, [r0, #92] ; 0x5c + PeriphClkInit->I2c4ClockSelection = __HAL_RCC_GET_I2C4_SOURCE(); + 80098aa: f8d3 209c ldr.w r2, [r3, #156] ; 0x9c + 80098ae: f002 0203 and.w r2, r2, #3 + 80098b2: 6602 str r2, [r0, #96] ; 0x60 + PeriphClkInit->Lptim1ClockSelection = __HAL_RCC_GET_LPTIM1_SOURCE(); + 80098b4: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 80098b8: f402 2240 and.w r2, r2, #786432 ; 0xc0000 + 80098bc: 6642 str r2, [r0, #100] ; 0x64 + PeriphClkInit->Lptim2ClockSelection = __HAL_RCC_GET_LPTIM2_SOURCE(); + 80098be: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 80098c2: f402 1240 and.w r2, r2, #3145728 ; 0x300000 + 80098c6: 6682 str r2, [r0, #104] ; 0x68 + PeriphClkInit->Sai1ClockSelection = __HAL_RCC_GET_SAI1_SOURCE(); + 80098c8: f8d3 209c ldr.w r2, [r3, #156] ; 0x9c + 80098cc: f002 02e0 and.w r2, r2, #224 ; 0xe0 + 80098d0: 66c2 str r2, [r0, #108] ; 0x6c + PeriphClkInit->Sai2ClockSelection = __HAL_RCC_GET_SAI2_SOURCE(); + 80098d2: f8d3 209c ldr.w r2, [r3, #156] ; 0x9c + 80098d6: f402 62e0 and.w r2, r2, #1792 ; 0x700 + 80098da: 6702 str r2, [r0, #112] ; 0x70 + PeriphClkInit->RTCClockSelection = __HAL_RCC_GET_RTC_SOURCE(); + 80098dc: f8d3 2090 ldr.w r2, [r3, #144] ; 0x90 + 80098e0: f402 7240 and.w r2, r2, #768 ; 0x300 + 80098e4: f8c0 2090 str.w r2, [r0, #144] ; 0x90 + PeriphClkInit->UsbClockSelection = __HAL_RCC_GET_USB_SOURCE(); + 80098e8: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 80098ec: f002 6240 and.w r2, r2, #201326592 ; 0xc000000 + 80098f0: 6742 str r2, [r0, #116] ; 0x74 + PeriphClkInit->Sdmmc1ClockSelection = __HAL_RCC_GET_SDMMC1_SOURCE(); + 80098f2: f8d3 209c ldr.w r2, [r3, #156] ; 0x9c + 80098f6: 0452 lsls r2, r2, #17 + 80098f8: bf56 itet pl + 80098fa: f8d3 2088 ldrpl.w r2, [r3, #136] ; 0x88 + 80098fe: f44f 4280 movmi.w r2, #16384 ; 0x4000 + 8009902: f002 6240 andpl.w r2, r2, #201326592 ; 0xc000000 + 8009906: 6782 str r2, [r0, #120] ; 0x78 + PeriphClkInit->RngClockSelection = __HAL_RCC_GET_RNG_SOURCE(); + 8009908: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 800990c: f002 6240 and.w r2, r2, #201326592 ; 0xc000000 + 8009910: 67c2 str r2, [r0, #124] ; 0x7c + PeriphClkInit->AdcClockSelection = __HAL_RCC_GET_ADC_SOURCE(); + 8009912: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009916: f002 5240 and.w r2, r2, #805306368 ; 0x30000000 + 800991a: f8c0 2080 str.w r2, [r0, #128] ; 0x80 + PeriphClkInit->Dfsdm1ClockSelection = __HAL_RCC_GET_DFSDM1_SOURCE(); + 800991e: f8d3 209c ldr.w r2, [r3, #156] ; 0x9c + 8009922: f002 0204 and.w r2, r2, #4 + 8009926: f8c0 2084 str.w r2, [r0, #132] ; 0x84 + PeriphClkInit->Dfsdm1AudioClockSelection = __HAL_RCC_GET_DFSDM1AUDIO_SOURCE(); + 800992a: f8d3 209c ldr.w r2, [r3, #156] ; 0x9c + 800992e: f002 0218 and.w r2, r2, #24 + 8009932: f8c0 2088 str.w r2, [r0, #136] ; 0x88 + PeriphClkInit->OspiClockSelection = __HAL_RCC_GET_OSPI_SOURCE(); + 8009936: f8d3 309c ldr.w r3, [r3, #156] ; 0x9c + 800993a: f403 1340 and.w r3, r3, #3145728 ; 0x300000 + 800993e: f8c0 308c str.w r3, [r0, #140] ; 0x8c +} + 8009942: 4770 bx lr + 8009944: 013f7fff .word 0x013f7fff + 8009948: 40021000 .word 0x40021000 + +0800994c : + if(PeriphClk == RCC_PERIPHCLK_RTC) + 800994c: f5b0 3f00 cmp.w r0, #131072 ; 0x20000 +{ + 8009950: b4f0 push {r4, r5, r6, r7} + 8009952: 4d9a ldr r5, [pc, #616] ; (8009bbc ) + if(PeriphClk == RCC_PERIPHCLK_RTC) + 8009954: d11c bne.n 8009990 + srcclk = __HAL_RCC_GET_RTC_SOURCE(); + 8009956: f8d5 3090 ldr.w r3, [r5, #144] ; 0x90 + 800995a: f403 7340 and.w r3, r3, #768 ; 0x300 + switch(srcclk) + 800995e: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 8009962: f000 8085 beq.w 8009a70 + 8009966: f5b3 7f40 cmp.w r3, #768 ; 0x300 + 800996a: d00a beq.n 8009982 + 800996c: f5b3 7f80 cmp.w r3, #256 ; 0x100 + 8009970: d154 bne.n 8009a1c + if(HAL_IS_BIT_SET(RCC->BDCR, RCC_BDCR_LSERDY)) + 8009972: f8d5 0090 ldr.w r0, [r5, #144] ; 0x90 + frequency = LSE_VALUE; + 8009976: f010 0002 ands.w r0, r0, #2 + 800997a: bf18 it ne + 800997c: f44f 4000 movne.w r0, #32768 ; 0x8000 + 8009980: e11a b.n 8009bb8 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_HSERDY)) + 8009982: 6828 ldr r0, [r5, #0] + frequency = HSE_VALUE / 32U; + 8009984: 4b8e ldr r3, [pc, #568] ; (8009bc0 ) + 8009986: f410 3000 ands.w r0, r0, #131072 ; 0x20000 + frequency = HSI_VALUE; + 800998a: bf18 it ne + 800998c: 4618 movne r0, r3 + 800998e: e113 b.n 8009bb8 + pll_oscsource = __HAL_RCC_GET_PLL_OSCSOURCE(); + 8009990: 68eb ldr r3, [r5, #12] + 8009992: f003 0303 and.w r3, r3, #3 + switch(pll_oscsource) + 8009996: 2b02 cmp r3, #2 + 8009998: d02f beq.n 80099fa + 800999a: 2b03 cmp r3, #3 + 800999c: d034 beq.n 8009a08 + 800999e: 2b01 cmp r3, #1 + 80099a0: d137 bne.n 8009a12 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_MSIRDY)) + 80099a2: 6829 ldr r1, [r5, #0] + 80099a4: f011 0102 ands.w r1, r1, #2 + 80099a8: d00c beq.n 80099c4 + pllvco = MSIRangeTable[(__HAL_RCC_GET_MSI_RANGE() >> 4U)]; + 80099aa: 682b ldr r3, [r5, #0] + 80099ac: 4a85 ldr r2, [pc, #532] ; (8009bc4 ) + 80099ae: 0719 lsls r1, r3, #28 + 80099b0: bf4b itete mi + 80099b2: 682b ldrmi r3, [r5, #0] + 80099b4: f8d5 3094 ldrpl.w r3, [r5, #148] ; 0x94 + 80099b8: f3c3 1303 ubfxmi r3, r3, #4, #4 + 80099bc: f3c3 2303 ubfxpl r3, r3, #8, #4 + 80099c0: f852 1023 ldr.w r1, [r2, r3, lsl #2] + switch(PeriphClk) + 80099c4: f5b0 6f80 cmp.w r0, #1024 ; 0x400 + 80099c8: f000 8226 beq.w 8009e18 + 80099cc: d858 bhi.n 8009a80 + 80099ce: 2820 cmp r0, #32 + 80099d0: f000 81be beq.w 8009d50 + 80099d4: d824 bhi.n 8009a20 + 80099d6: 2808 cmp r0, #8 + 80099d8: d81d bhi.n 8009a16 + 80099da: 2800 cmp r0, #0 + 80099dc: f000 80ec beq.w 8009bb8 + 80099e0: 3801 subs r0, #1 + 80099e2: 2807 cmp r0, #7 + 80099e4: d81a bhi.n 8009a1c + 80099e6: e8df f010 tbh [pc, r0, lsl #1] + 80099ea: 0164 .short 0x0164 + 80099ec: 00190177 .word 0x00190177 + 80099f0: 00190189 .word 0x00190189 + 80099f4: 00190019 .word 0x00190019 + 80099f8: 0196 .short 0x0196 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_HSIRDY)) + 80099fa: 6829 ldr r1, [r5, #0] + pllvco = HSI_VALUE; + 80099fc: 4b72 ldr r3, [pc, #456] ; (8009bc8 ) + 80099fe: f411 6180 ands.w r1, r1, #1024 ; 0x400 + pllvco = HSE_VALUE; + 8009a02: bf18 it ne + 8009a04: 4619 movne r1, r3 + 8009a06: e7dd b.n 80099c4 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_HSERDY)) + 8009a08: 6829 ldr r1, [r5, #0] + pllvco = HSE_VALUE; + 8009a0a: 4b70 ldr r3, [pc, #448] ; (8009bcc ) + 8009a0c: f411 3100 ands.w r1, r1, #131072 ; 0x20000 + 8009a10: e7f7 b.n 8009a02 + switch(pll_oscsource) + 8009a12: 2100 movs r1, #0 + 8009a14: e7d6 b.n 80099c4 + switch(PeriphClk) + 8009a16: 2810 cmp r0, #16 + 8009a18: f000 818a beq.w 8009d30 + 8009a1c: 2000 movs r0, #0 + 8009a1e: e0cb b.n 8009bb8 + 8009a20: f5b0 7f80 cmp.w r0, #256 ; 0x100 + 8009a24: f000 81ea beq.w 8009dfc + 8009a28: d80f bhi.n 8009a4a + 8009a2a: 2840 cmp r0, #64 ; 0x40 + 8009a2c: f000 81d5 beq.w 8009dda + 8009a30: 2880 cmp r0, #128 ; 0x80 + 8009a32: d1f3 bne.n 8009a1c + srcclk = __HAL_RCC_GET_I2C2_SOURCE(); + 8009a34: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009a38: f403 4340 and.w r3, r3, #49152 ; 0xc000 + switch(srcclk) + 8009a3c: f5b3 4f80 cmp.w r3, #16384 ; 0x4000 + 8009a40: f000 8157 beq.w 8009cf2 + 8009a44: f5b3 4f00 cmp.w r3, #32768 ; 0x8000 + 8009a48: e1d0 b.n 8009dec + switch(PeriphClk) + 8009a4a: f5b0 7f00 cmp.w r0, #512 ; 0x200 + 8009a4e: d1e5 bne.n 8009a1c + srcclk = __HAL_RCC_GET_LPTIM1_SOURCE(); + 8009a50: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009a54: f403 2340 and.w r3, r3, #786432 ; 0xc0000 + switch(srcclk) + 8009a58: f5b3 2f00 cmp.w r3, #524288 ; 0x80000 + 8009a5c: f000 8137 beq.w 8009cce + 8009a60: f200 81d7 bhi.w 8009e12 + 8009a64: 2b00 cmp r3, #0 + 8009a66: f000 81c6 beq.w 8009df6 + 8009a6a: f5b3 2f80 cmp.w r3, #262144 ; 0x40000 + 8009a6e: d1d5 bne.n 8009a1c + if(HAL_IS_BIT_SET(RCC->CSR, RCC_CSR_LSIRDY)) + 8009a70: f8d5 0094 ldr.w r0, [r5, #148] ; 0x94 + frequency = LSI_VALUE; + 8009a74: f010 0002 ands.w r0, r0, #2 + 8009a78: bf18 it ne + 8009a7a: f44f 40fa movne.w r0, #32000 ; 0x7d00 + 8009a7e: e09b b.n 8009bb8 + switch(PeriphClk) + 8009a80: f5b0 2f80 cmp.w r0, #262144 ; 0x40000 + 8009a84: d040 beq.n 8009b08 + 8009a86: d819 bhi.n 8009abc + 8009a88: f5b0 5f00 cmp.w r0, #8192 ; 0x2000 + 8009a8c: d03c beq.n 8009b08 + 8009a8e: d808 bhi.n 8009aa2 + 8009a90: f5b0 6f00 cmp.w r0, #2048 ; 0x800 + 8009a94: d002 beq.n 8009a9c + 8009a96: f5b0 5f80 cmp.w r0, #4096 ; 0x1000 + 8009a9a: d1bf bne.n 8009a1c +} + 8009a9c: bcf0 pop {r4, r5, r6, r7} + frequency = RCCEx_GetSAIxPeriphCLKFreq(RCC_PERIPHCLK_SAI1, pllvco); + 8009a9e: f7ff bb1b b.w 80090d8 + switch(PeriphClk) + 8009aa2: f5b0 4f80 cmp.w r0, #16384 ; 0x4000 + 8009aa6: f000 8163 beq.w 8009d70 + 8009aaa: f5b0 3f80 cmp.w r0, #65536 ; 0x10000 + 8009aae: d1b5 bne.n 8009a1c + srcclk = __HAL_RCC_GET_DFSDM1_SOURCE(); + 8009ab0: f8d5 309c ldr.w r3, [r5, #156] ; 0x9c + if(srcclk == RCC_DFSDM1CLKSOURCE_PCLK2) + 8009ab4: 075a lsls r2, r3, #29 + 8009ab6: f100 811c bmi.w 8009cf2 + 8009aba: e105 b.n 8009cc8 + switch(PeriphClk) + 8009abc: f5b0 1f00 cmp.w r0, #2097152 ; 0x200000 + 8009ac0: f000 817c beq.w 8009dbc + 8009ac4: d80f bhi.n 8009ae6 + 8009ac6: f5b0 2f00 cmp.w r0, #524288 ; 0x80000 + 8009aca: f000 8081 beq.w 8009bd0 + 8009ace: f5b0 1f80 cmp.w r0, #1048576 ; 0x100000 + 8009ad2: d1a3 bne.n 8009a1c + srcclk = __HAL_RCC_GET_I2C4_SOURCE(); + 8009ad4: f8d5 309c ldr.w r3, [r5, #156] ; 0x9c + 8009ad8: f003 0303 and.w r3, r3, #3 + switch(srcclk) + 8009adc: 2b01 cmp r3, #1 + 8009ade: f000 8108 beq.w 8009cf2 + 8009ae2: 2b02 cmp r3, #2 + 8009ae4: e182 b.n 8009dec + switch(PeriphClk) + 8009ae6: f1b0 7f80 cmp.w r0, #16777216 ; 0x1000000 + 8009aea: d197 bne.n 8009a1c + srcclk = __HAL_RCC_GET_OSPI_SOURCE(); + 8009aec: f8d5 309c ldr.w r3, [r5, #156] ; 0x9c + 8009af0: f403 1340 and.w r3, r3, #3145728 ; 0x300000 + switch(srcclk) + 8009af4: f5b3 1f80 cmp.w r3, #1048576 ; 0x100000 + 8009af8: d033 beq.n 8009b62 + 8009afa: f5b3 1f00 cmp.w r3, #2097152 ; 0x200000 + 8009afe: f000 819c beq.w 8009e3a + 8009b02: 2b00 cmp r3, #0 + 8009b04: d18a bne.n 8009a1c + 8009b06: e0f4 b.n 8009cf2 + srcclk = READ_BIT(RCC->CCIPR, RCC_CCIPR_CLK48SEL); + 8009b08: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009b0c: f003 6340 and.w r3, r3, #201326592 ; 0xc000000 + switch(srcclk) + 8009b10: f1b3 6f00 cmp.w r3, #134217728 ; 0x8000000 + 8009b14: d037 beq.n 8009b86 + 8009b16: d820 bhi.n 8009b5a + 8009b18: 2b00 cmp r3, #0 + 8009b1a: f000 80c4 beq.w 8009ca6 + 8009b1e: f1b3 6f80 cmp.w r3, #67108864 ; 0x4000000 + 8009b22: f47f af7b bne.w 8009a1c + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLSAI1RDY)) + 8009b26: 6828 ldr r0, [r5, #0] + 8009b28: f010 6000 ands.w r0, r0, #134217728 ; 0x8000000 + 8009b2c: d044 beq.n 8009bb8 + if(HAL_IS_BIT_SET(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1QEN)) + 8009b2e: 6928 ldr r0, [r5, #16] + 8009b30: f410 1080 ands.w r0, r0, #1048576 ; 0x100000 + 8009b34: d040 beq.n 8009bb8 + plln = READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1N) >> RCC_PLLSAI1CFGR_PLLSAI1N_Pos; + 8009b36: 692f ldr r7, [r5, #16] + 8009b38: f3c7 2706 ubfx r7, r7, #8, #7 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009b3c: 4379 muls r1, r7 + 8009b3e: 692f ldr r7, [r5, #16] + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1Q) >> RCC_PLLSAI1CFGR_PLLSAI1Q_Pos) + 1U) << 1U)); + 8009b40: 6928 ldr r0, [r5, #16] + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009b42: f3c7 1703 ubfx r7, r7, #4, #4 + 8009b46: 3701 adds r7, #1 + 8009b48: fbb1 f1f7 udiv r1, r1, r7 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009b4c: f3c0 5041 ubfx r0, r0, #21, #2 + 8009b50: 3001 adds r0, #1 + 8009b52: 0040 lsls r0, r0, #1 + 8009b54: fbb1 f0f0 udiv r0, r1, r0 + 8009b58: e02e b.n 8009bb8 + 8009b5a: f1b3 6f40 cmp.w r3, #201326592 ; 0xc000000 + 8009b5e: f47f af5d bne.w 8009a1c + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_MSIRDY)) + 8009b62: 6828 ldr r0, [r5, #0] + 8009b64: f010 0002 ands.w r0, r0, #2 + 8009b68: d026 beq.n 8009bb8 + frequency = MSIRangeTable[(__HAL_RCC_GET_MSI_RANGE() >> 4U)]; + 8009b6a: 682b ldr r3, [r5, #0] + 8009b6c: 4a15 ldr r2, [pc, #84] ; (8009bc4 ) + 8009b6e: 071b lsls r3, r3, #28 + 8009b70: bf4b itete mi + 8009b72: 682b ldrmi r3, [r5, #0] + 8009b74: f8d5 3094 ldrpl.w r3, [r5, #148] ; 0x94 + 8009b78: f3c3 1303 ubfxmi r3, r3, #4, #4 + 8009b7c: f3c3 2303 ubfxpl r3, r3, #8, #4 + 8009b80: f852 0023 ldr.w r0, [r2, r3, lsl #2] + 8009b84: e018 b.n 8009bb8 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLRDY)) + 8009b86: 6828 ldr r0, [r5, #0] + 8009b88: f010 7000 ands.w r0, r0, #33554432 ; 0x2000000 + 8009b8c: d014 beq.n 8009bb8 + if(HAL_IS_BIT_SET(RCC->PLLCFGR, RCC_PLLCFGR_PLLQEN)) + 8009b8e: 68e8 ldr r0, [r5, #12] + 8009b90: f410 1080 ands.w r0, r0, #1048576 ; 0x100000 + 8009b94: d010 beq.n 8009bb8 + plln = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 8009b96: 68e8 ldr r0, [r5, #12] + 8009b98: f3c0 2006 ubfx r0, r0, #8, #7 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009b9c: 4348 muls r0, r1 + 8009b9e: 68e9 ldr r1, [r5, #12] + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009ba0: 68ed ldr r5, [r5, #12] + 8009ba2: f3c5 5541 ubfx r5, r5, #21, #2 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009ba6: f3c1 1103 ubfx r1, r1, #4, #4 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009baa: 3501 adds r5, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009bac: 3101 adds r1, #1 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009bae: 006d lsls r5, r5, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009bb0: fbb0 f0f1 udiv r0, r0, r1 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009bb4: fbb0 f0f5 udiv r0, r0, r5 +} + 8009bb8: bcf0 pop {r4, r5, r6, r7} + 8009bba: 4770 bx lr + 8009bbc: 40021000 .word 0x40021000 + 8009bc0: 0003d090 .word 0x0003d090 + 8009bc4: 0800e968 .word 0x0800e968 + 8009bc8: 00f42400 .word 0x00f42400 + 8009bcc: 007a1200 .word 0x007a1200 + if(HAL_IS_BIT_SET(RCC->CCIPR2, RCC_CCIPR2_SDMMCSEL)) /* PLL "P" ? */ + 8009bd0: f8d5 009c ldr.w r0, [r5, #156] ; 0x9c + 8009bd4: f410 4080 ands.w r0, r0, #16384 ; 0x4000 + 8009bd8: d01f beq.n 8009c1a + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLRDY)) + 8009bda: 6828 ldr r0, [r5, #0] + 8009bdc: f010 7000 ands.w r0, r0, #33554432 ; 0x2000000 + 8009be0: d0ea beq.n 8009bb8 + if(HAL_IS_BIT_SET(RCC->PLLCFGR, RCC_PLLCFGR_PLLPEN)) + 8009be2: 68e8 ldr r0, [r5, #12] + 8009be4: f410 3080 ands.w r0, r0, #65536 ; 0x10000 + 8009be8: d0e6 beq.n 8009bb8 + plln = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 8009bea: 68ee ldr r6, [r5, #12] + 8009bec: f3c6 2606 ubfx r6, r6, #8, #7 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009bf0: fb01 f006 mul.w r0, r1, r6 + 8009bf4: 68ee ldr r6, [r5, #12] + pllp = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLPDIV) >> RCC_PLLCFGR_PLLPDIV_Pos; + 8009bf6: 68eb ldr r3, [r5, #12] + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009bf8: f3c6 1603 ubfx r6, r6, #4, #4 + if(pllp == 0U) + 8009bfc: 0edb lsrs r3, r3, #27 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009bfe: f106 0601 add.w r6, r6, #1 + 8009c02: fbb0 f0f6 udiv r0, r0, r6 + if(pllp == 0U) + 8009c06: d105 bne.n 8009c14 + if(READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLP) != 0U) + 8009c08: 68eb ldr r3, [r5, #12] + pllp = 7U; + 8009c0a: f413 3f00 tst.w r3, #131072 ; 0x20000 + 8009c0e: bf14 ite ne + 8009c10: 2311 movne r3, #17 + 8009c12: 2307 moveq r3, #7 + frequency = (pllvco / pllp); + 8009c14: fbb0 f0f3 udiv r0, r0, r3 + 8009c18: e7ce b.n 8009bb8 + srcclk = READ_BIT(RCC->CCIPR, RCC_CCIPR_CLK48SEL); + 8009c1a: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009c1e: f003 6340 and.w r3, r3, #201326592 ; 0xc000000 + switch(srcclk) + 8009c22: f1b3 6f00 cmp.w r3, #134217728 ; 0x8000000 + 8009c26: d024 beq.n 8009c72 + 8009c28: d81e bhi.n 8009c68 + 8009c2a: 2b00 cmp r3, #0 + 8009c2c: d03b beq.n 8009ca6 + 8009c2e: f1b3 6f80 cmp.w r3, #67108864 ; 0x4000000 + 8009c32: d1c1 bne.n 8009bb8 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLSAI1RDY)) + 8009c34: 6828 ldr r0, [r5, #0] + 8009c36: f010 6000 ands.w r0, r0, #134217728 ; 0x8000000 + 8009c3a: d0bd beq.n 8009bb8 + if(HAL_IS_BIT_SET(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1QEN)) + 8009c3c: 6928 ldr r0, [r5, #16] + 8009c3e: f410 1080 ands.w r0, r0, #1048576 ; 0x100000 + 8009c42: d0b9 beq.n 8009bb8 + plln = READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1N) >> RCC_PLLSAI1CFGR_PLLSAI1N_Pos; + 8009c44: 692a ldr r2, [r5, #16] + 8009c46: f3c2 2206 ubfx r2, r2, #8, #7 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009c4a: 434a muls r2, r1 + 8009c4c: 6929 ldr r1, [r5, #16] + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1Q) >> RCC_PLLSAI1CFGR_PLLSAI1Q_Pos) + 1U) << 1U)); + 8009c4e: 6928 ldr r0, [r5, #16] + 8009c50: f3c0 5041 ubfx r0, r0, #21, #2 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009c54: f3c1 1103 ubfx r1, r1, #4, #4 + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1Q) >> RCC_PLLSAI1CFGR_PLLSAI1Q_Pos) + 1U) << 1U)); + 8009c58: 3001 adds r0, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009c5a: 3101 adds r1, #1 + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1Q) >> RCC_PLLSAI1CFGR_PLLSAI1Q_Pos) + 1U) << 1U)); + 8009c5c: 0040 lsls r0, r0, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009c5e: fbb2 f2f1 udiv r2, r2, r1 + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1Q) >> RCC_PLLSAI1CFGR_PLLSAI1Q_Pos) + 1U) << 1U)); + 8009c62: fbb2 f0f0 udiv r0, r2, r0 + 8009c66: e7a7 b.n 8009bb8 + 8009c68: f1b3 6f40 cmp.w r3, #201326592 ; 0xc000000 + 8009c6c: f43f af79 beq.w 8009b62 + 8009c70: e7a2 b.n 8009bb8 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLRDY)) + 8009c72: 6828 ldr r0, [r5, #0] + 8009c74: f010 7000 ands.w r0, r0, #33554432 ; 0x2000000 + 8009c78: d09e beq.n 8009bb8 + if(HAL_IS_BIT_SET(RCC->PLLCFGR, RCC_PLLCFGR_PLLQEN)) + 8009c7a: 68e8 ldr r0, [r5, #12] + 8009c7c: f410 1080 ands.w r0, r0, #1048576 ; 0x100000 + 8009c80: d09a beq.n 8009bb8 + plln = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 8009c82: 68ec ldr r4, [r5, #12] + 8009c84: f3c4 2406 ubfx r4, r4, #8, #7 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009c88: 434c muls r4, r1 + 8009c8a: 68e9 ldr r1, [r5, #12] + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009c8c: 68e8 ldr r0, [r5, #12] + 8009c8e: f3c0 5041 ubfx r0, r0, #21, #2 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009c92: f3c1 1103 ubfx r1, r1, #4, #4 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009c96: 3001 adds r0, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009c98: 3101 adds r1, #1 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009c9a: 0040 lsls r0, r0, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009c9c: fbb4 f4f1 udiv r4, r4, r1 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009ca0: fbb4 f0f0 udiv r0, r4, r0 + 8009ca4: e788 b.n 8009bb8 + if(HAL_IS_BIT_SET(RCC->CRRCR, RCC_CRRCR_HSI48RDY)) /* HSI48 ? */ + 8009ca6: f8d5 0098 ldr.w r0, [r5, #152] ; 0x98 + frequency = HSI48_VALUE; + 8009caa: 4b6f ldr r3, [pc, #444] ; (8009e68 ) + 8009cac: f010 0002 ands.w r0, r0, #2 + 8009cb0: e66b b.n 800998a + srcclk = __HAL_RCC_GET_USART1_SOURCE(); + 8009cb2: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009cb6: f003 0303 and.w r3, r3, #3 + switch(srcclk) + 8009cba: 2b02 cmp r3, #2 + 8009cbc: d007 beq.n 8009cce + 8009cbe: 2b03 cmp r3, #3 + 8009cc0: f43f ae57 beq.w 8009972 + 8009cc4: 2b01 cmp r3, #1 + 8009cc6: d014 beq.n 8009cf2 +} + 8009cc8: bcf0 pop {r4, r5, r6, r7} + frequency = HAL_RCC_GetPCLK2Freq(); + 8009cca: f7ff b95b b.w 8008f84 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_HSIRDY)) + 8009cce: 6828 ldr r0, [r5, #0] + frequency = HSI_VALUE; + 8009cd0: 4b66 ldr r3, [pc, #408] ; (8009e6c ) + 8009cd2: f410 6080 ands.w r0, r0, #1024 ; 0x400 + 8009cd6: e658 b.n 800998a + srcclk = __HAL_RCC_GET_USART2_SOURCE(); + 8009cd8: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009cdc: f003 030c and.w r3, r3, #12 + switch(srcclk) + 8009ce0: 2b08 cmp r3, #8 + 8009ce2: d0f4 beq.n 8009cce + 8009ce4: d808 bhi.n 8009cf8 + 8009ce6: 2b00 cmp r3, #0 + 8009ce8: f000 8085 beq.w 8009df6 + 8009cec: 2b04 cmp r3, #4 + 8009cee: f47f ae95 bne.w 8009a1c +} + 8009cf2: bcf0 pop {r4, r5, r6, r7} + frequency = HAL_RCC_GetSysClockFreq(); + 8009cf4: f7fe bd38 b.w 8008768 + 8009cf8: 2b0c cmp r3, #12 + 8009cfa: e639 b.n 8009970 + srcclk = __HAL_RCC_GET_USART3_SOURCE(); + 8009cfc: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009d00: f003 0330 and.w r3, r3, #48 ; 0x30 + switch(srcclk) + 8009d04: 2b20 cmp r3, #32 + 8009d06: d0e2 beq.n 8009cce + 8009d08: d803 bhi.n 8009d12 + 8009d0a: 2b00 cmp r3, #0 + 8009d0c: d073 beq.n 8009df6 + 8009d0e: 2b10 cmp r3, #16 + 8009d10: e7ed b.n 8009cee + 8009d12: 2b30 cmp r3, #48 ; 0x30 + 8009d14: e62c b.n 8009970 + srcclk = __HAL_RCC_GET_UART4_SOURCE(); + 8009d16: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009d1a: f003 03c0 and.w r3, r3, #192 ; 0xc0 + switch(srcclk) + 8009d1e: 2b80 cmp r3, #128 ; 0x80 + 8009d20: d0d5 beq.n 8009cce + 8009d22: d803 bhi.n 8009d2c + 8009d24: 2b00 cmp r3, #0 + 8009d26: d066 beq.n 8009df6 + 8009d28: 2b40 cmp r3, #64 ; 0x40 + 8009d2a: e7e0 b.n 8009cee + 8009d2c: 2bc0 cmp r3, #192 ; 0xc0 + 8009d2e: e61f b.n 8009970 + srcclk = __HAL_RCC_GET_UART5_SOURCE(); + 8009d30: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009d34: f403 7340 and.w r3, r3, #768 ; 0x300 + switch(srcclk) + 8009d38: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 8009d3c: d0c7 beq.n 8009cce + 8009d3e: d804 bhi.n 8009d4a + 8009d40: 2b00 cmp r3, #0 + 8009d42: d058 beq.n 8009df6 + 8009d44: f5b3 7f80 cmp.w r3, #256 ; 0x100 + 8009d48: e7d1 b.n 8009cee + 8009d4a: f5b3 7f40 cmp.w r3, #768 ; 0x300 + 8009d4e: e60f b.n 8009970 + srcclk = __HAL_RCC_GET_LPUART1_SOURCE(); + 8009d50: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009d54: f403 6340 and.w r3, r3, #3072 ; 0xc00 + switch(srcclk) + 8009d58: f5b3 6f00 cmp.w r3, #2048 ; 0x800 + 8009d5c: d0b7 beq.n 8009cce + 8009d5e: d804 bhi.n 8009d6a + 8009d60: 2b00 cmp r3, #0 + 8009d62: d048 beq.n 8009df6 + 8009d64: f5b3 6f80 cmp.w r3, #1024 ; 0x400 + 8009d68: e7c1 b.n 8009cee + 8009d6a: f5b3 6f40 cmp.w r3, #3072 ; 0xc00 + 8009d6e: e5ff b.n 8009970 + srcclk = __HAL_RCC_GET_ADC_SOURCE(); + 8009d70: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009d74: f003 5340 and.w r3, r3, #805306368 ; 0x30000000 + switch(srcclk) + 8009d78: f1b3 5f80 cmp.w r3, #268435456 ; 0x10000000 + 8009d7c: d002 beq.n 8009d84 + 8009d7e: f1b3 5f40 cmp.w r3, #805306368 ; 0x30000000 + 8009d82: e7b4 b.n 8009cee + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLSAI1RDY) && (__HAL_RCC_GET_PLLSAI1CLKOUT_CONFIG(RCC_PLLSAI1_ADC1CLK) != 0U)) + 8009d84: 6828 ldr r0, [r5, #0] + 8009d86: f010 6000 ands.w r0, r0, #134217728 ; 0x8000000 + 8009d8a: f43f af15 beq.w 8009bb8 + 8009d8e: 6928 ldr r0, [r5, #16] + 8009d90: f010 7080 ands.w r0, r0, #16777216 ; 0x1000000 + 8009d94: f43f af10 beq.w 8009bb8 + plln = READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1N) >> RCC_PLLSAI1CFGR_PLLSAI1N_Pos; + 8009d98: 692b ldr r3, [r5, #16] + 8009d9a: f3c3 2306 ubfx r3, r3, #8, #7 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009d9e: 434b muls r3, r1 + 8009da0: 6929 ldr r1, [r5, #16] + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1R) >> RCC_PLLSAI1CFGR_PLLSAI1R_Pos) + 1U) << 1U)); + 8009da2: 6928 ldr r0, [r5, #16] + 8009da4: f3c0 6041 ubfx r0, r0, #25, #2 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009da8: f3c1 1103 ubfx r1, r1, #4, #4 + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1R) >> RCC_PLLSAI1CFGR_PLLSAI1R_Pos) + 1U) << 1U)); + 8009dac: 3001 adds r0, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009dae: 3101 adds r1, #1 + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1R) >> RCC_PLLSAI1CFGR_PLLSAI1R_Pos) + 1U) << 1U)); + 8009db0: 0040 lsls r0, r0, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009db2: fbb3 f3f1 udiv r3, r3, r1 + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1R) >> RCC_PLLSAI1CFGR_PLLSAI1R_Pos) + 1U) << 1U)); + 8009db6: fbb3 f0f0 udiv r0, r3, r0 + 8009dba: e6fd b.n 8009bb8 + srcclk = __HAL_RCC_GET_DFSDM1AUDIO_SOURCE(); + 8009dbc: f8d5 309c ldr.w r3, [r5, #156] ; 0x9c + 8009dc0: f003 0318 and.w r3, r3, #24 + switch(srcclk) + 8009dc4: 2b08 cmp r3, #8 + 8009dc6: d082 beq.n 8009cce + 8009dc8: 2b10 cmp r3, #16 + 8009dca: f43f aeca beq.w 8009b62 + 8009dce: 2b00 cmp r3, #0 + 8009dd0: f47f ae24 bne.w 8009a1c + frequency = RCCEx_GetSAIxPeriphCLKFreq(RCC_PERIPHCLK_SAI1, pllvco); + 8009dd4: f44f 6000 mov.w r0, #2048 ; 0x800 + 8009dd8: e660 b.n 8009a9c + srcclk = __HAL_RCC_GET_I2C1_SOURCE(); + 8009dda: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009dde: f403 5340 and.w r3, r3, #12288 ; 0x3000 + switch(srcclk) + 8009de2: f5b3 5f80 cmp.w r3, #4096 ; 0x1000 + 8009de6: d084 beq.n 8009cf2 + 8009de8: f5b3 5f00 cmp.w r3, #8192 ; 0x2000 + 8009dec: f43f af6f beq.w 8009cce + 8009df0: 2b00 cmp r3, #0 + 8009df2: f47f ae13 bne.w 8009a1c +} + 8009df6: bcf0 pop {r4, r5, r6, r7} + frequency = HAL_RCC_GetPCLK1Freq(); + 8009df8: f7ff b8b2 b.w 8008f60 + srcclk = __HAL_RCC_GET_I2C3_SOURCE(); + 8009dfc: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009e00: f403 3340 and.w r3, r3, #196608 ; 0x30000 + switch(srcclk) + 8009e04: f5b3 3f80 cmp.w r3, #65536 ; 0x10000 + 8009e08: f43f af73 beq.w 8009cf2 + 8009e0c: f5b3 3f00 cmp.w r3, #131072 ; 0x20000 + 8009e10: e7ec b.n 8009dec + 8009e12: f5b3 2f40 cmp.w r3, #786432 ; 0xc0000 + 8009e16: e5ab b.n 8009970 + srcclk = __HAL_RCC_GET_LPTIM2_SOURCE(); + 8009e18: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009e1c: f403 1340 and.w r3, r3, #3145728 ; 0x300000 + switch(srcclk) + 8009e20: f5b3 1f00 cmp.w r3, #2097152 ; 0x200000 + 8009e24: f43f af53 beq.w 8009cce + 8009e28: d804 bhi.n 8009e34 + 8009e2a: 2b00 cmp r3, #0 + 8009e2c: d0e3 beq.n 8009df6 + 8009e2e: f5b3 1f80 cmp.w r3, #1048576 ; 0x100000 + 8009e32: e61c b.n 8009a6e + 8009e34: f5b3 1f40 cmp.w r3, #3145728 ; 0x300000 + 8009e38: e59a b.n 8009970 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLRDY)) + 8009e3a: 6828 ldr r0, [r5, #0] + 8009e3c: f010 7000 ands.w r0, r0, #33554432 ; 0x2000000 + 8009e40: f43f aeba beq.w 8009bb8 + if(HAL_IS_BIT_SET(RCC->PLLCFGR, RCC_PLLCFGR_PLLQEN)) + 8009e44: 68e8 ldr r0, [r5, #12] + 8009e46: f410 1080 ands.w r0, r0, #1048576 ; 0x100000 + 8009e4a: f43f aeb5 beq.w 8009bb8 + plln = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 8009e4e: 68e8 ldr r0, [r5, #12] + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009e50: 68eb ldr r3, [r5, #12] + plln = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 8009e52: f3c0 2006 ubfx r0, r0, #8, #7 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009e56: f3c3 1303 ubfx r3, r3, #4, #4 + 8009e5a: 4341 muls r1, r0 + 8009e5c: 3301 adds r3, #1 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009e5e: 68e8 ldr r0, [r5, #12] + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009e60: fbb1 f1f3 udiv r1, r1, r3 + 8009e64: e672 b.n 8009b4c + 8009e66: bf00 nop + 8009e68: 02dc6c00 .word 0x02dc6c00 + 8009e6c: 00f42400 .word 0x00f42400 + +08009e70 : +{ + 8009e70: b570 push {r4, r5, r6, lr} + __HAL_RCC_PLLSAI1_DISABLE(); + 8009e72: 4c20 ldr r4, [pc, #128] ; (8009ef4 ) + 8009e74: 6823 ldr r3, [r4, #0] + 8009e76: f023 6380 bic.w r3, r3, #67108864 ; 0x4000000 + 8009e7a: 6023 str r3, [r4, #0] +{ + 8009e7c: 4605 mov r5, r0 + tickstart = HAL_GetTick(); + 8009e7e: f7fd f91f bl 80070c0 + 8009e82: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI1RDY) != 0U) + 8009e84: 6823 ldr r3, [r4, #0] + 8009e86: 011a lsls r2, r3, #4 + 8009e88: d423 bmi.n 8009ed2 + __HAL_RCC_PLLSAI1_CONFIG(PLLSAI1Init->PLLSAI1M, PLLSAI1Init->PLLSAI1N, PLLSAI1Init->PLLSAI1P, PLLSAI1Init->PLLSAI1Q, PLLSAI1Init->PLLSAI1R); + 8009e8a: e9d5 2302 ldrd r2, r3, [r5, #8] + 8009e8e: 06db lsls r3, r3, #27 + 8009e90: 6921 ldr r1, [r4, #16] + 8009e92: ea43 2302 orr.w r3, r3, r2, lsl #8 + 8009e96: 4a18 ldr r2, [pc, #96] ; (8009ef8 ) + 8009e98: 400a ands r2, r1 + 8009e9a: 4313 orrs r3, r2 + 8009e9c: 686a ldr r2, [r5, #4] + 8009e9e: 3a01 subs r2, #1 + 8009ea0: ea43 1302 orr.w r3, r3, r2, lsl #4 + 8009ea4: 692a ldr r2, [r5, #16] + 8009ea6: 0852 lsrs r2, r2, #1 + 8009ea8: 3a01 subs r2, #1 + 8009eaa: ea43 5342 orr.w r3, r3, r2, lsl #21 + 8009eae: 696a ldr r2, [r5, #20] + 8009eb0: 0852 lsrs r2, r2, #1 + 8009eb2: 3a01 subs r2, #1 + 8009eb4: ea43 6342 orr.w r3, r3, r2, lsl #25 + 8009eb8: 6123 str r3, [r4, #16] + __HAL_RCC_PLLSAI1CLKOUT_ENABLE(PLLSAI1Init->PLLSAI1ClockOut); + 8009eba: 6923 ldr r3, [r4, #16] + 8009ebc: 69aa ldr r2, [r5, #24] + 8009ebe: 4313 orrs r3, r2 + 8009ec0: 6123 str r3, [r4, #16] + __HAL_RCC_PLLSAI1_ENABLE(); + 8009ec2: 6823 ldr r3, [r4, #0] + 8009ec4: f043 6380 orr.w r3, r3, #67108864 ; 0x4000000 + 8009ec8: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8009eca: f7fd f8f9 bl 80070c0 + 8009ece: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI1RDY) == 0U) + 8009ed0: e00b b.n 8009eea + if((HAL_GetTick() - tickstart) > PLLSAI1_TIMEOUT_VALUE) + 8009ed2: f7fd f8f5 bl 80070c0 + 8009ed6: 1b80 subs r0, r0, r6 + 8009ed8: 2802 cmp r0, #2 + 8009eda: d9d3 bls.n 8009e84 + status = HAL_TIMEOUT; + 8009edc: 2003 movs r0, #3 +} + 8009ede: bd70 pop {r4, r5, r6, pc} + if((HAL_GetTick() - tickstart) > PLLSAI1_TIMEOUT_VALUE) + 8009ee0: f7fd f8ee bl 80070c0 + 8009ee4: 1b40 subs r0, r0, r5 + 8009ee6: 2802 cmp r0, #2 + 8009ee8: d8f8 bhi.n 8009edc + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI1RDY) == 0U) + 8009eea: 6823 ldr r3, [r4, #0] + 8009eec: 011b lsls r3, r3, #4 + 8009eee: d5f7 bpl.n 8009ee0 + 8009ef0: 2000 movs r0, #0 + return status; + 8009ef2: e7f4 b.n 8009ede + 8009ef4: 40021000 .word 0x40021000 + 8009ef8: 019d800f .word 0x019d800f + +08009efc : +{ + 8009efc: b538 push {r3, r4, r5, lr} + __HAL_RCC_PLLSAI1_DISABLE(); + 8009efe: 4c11 ldr r4, [pc, #68] ; (8009f44 ) + 8009f00: 6823 ldr r3, [r4, #0] + 8009f02: f023 6380 bic.w r3, r3, #67108864 ; 0x4000000 + 8009f06: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8009f08: f7fd f8da bl 80070c0 + 8009f0c: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI1RDY) != 0U) + 8009f0e: 6823 ldr r3, [r4, #0] + 8009f10: f013 6300 ands.w r3, r3, #134217728 ; 0x8000000 + 8009f14: d10f bne.n 8009f36 + HAL_StatusTypeDef status = HAL_OK; + 8009f16: 4618 mov r0, r3 + __HAL_RCC_PLLSAI1CLKOUT_DISABLE(RCC_PLLSAI1CFGR_PLLSAI1PEN|RCC_PLLSAI1CFGR_PLLSAI1QEN|RCC_PLLSAI1CFGR_PLLSAI1REN); + 8009f18: 6923 ldr r3, [r4, #16] + 8009f1a: f023 7388 bic.w r3, r3, #17825792 ; 0x1100000 + 8009f1e: f423 3380 bic.w r3, r3, #65536 ; 0x10000 + 8009f22: 6123 str r3, [r4, #16] + if(READ_BIT(RCC->CR, (RCC_CR_PLLRDY | RCC_CR_PLLSAI2RDY)) == 0U) + 8009f24: 6823 ldr r3, [r4, #0] + 8009f26: f013 5f08 tst.w r3, #570425344 ; 0x22000000 + MODIFY_REG(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC, RCC_PLLSOURCE_NONE); + 8009f2a: bf02 ittt eq + 8009f2c: 68e3 ldreq r3, [r4, #12] + 8009f2e: f023 0303 biceq.w r3, r3, #3 + 8009f32: 60e3 streq r3, [r4, #12] +} + 8009f34: bd38 pop {r3, r4, r5, pc} + if((HAL_GetTick() - tickstart) > PLLSAI1_TIMEOUT_VALUE) + 8009f36: f7fd f8c3 bl 80070c0 + 8009f3a: 1b40 subs r0, r0, r5 + 8009f3c: 2802 cmp r0, #2 + 8009f3e: d9e6 bls.n 8009f0e + status = HAL_TIMEOUT; + 8009f40: 2003 movs r0, #3 + 8009f42: e7e9 b.n 8009f18 + 8009f44: 40021000 .word 0x40021000 + +08009f48 : +{ + 8009f48: b570 push {r4, r5, r6, lr} + __HAL_RCC_PLLSAI2_DISABLE(); + 8009f4a: 4c20 ldr r4, [pc, #128] ; (8009fcc ) + 8009f4c: 6823 ldr r3, [r4, #0] + 8009f4e: f023 5380 bic.w r3, r3, #268435456 ; 0x10000000 + 8009f52: 6023 str r3, [r4, #0] +{ + 8009f54: 4605 mov r5, r0 + tickstart = HAL_GetTick(); + 8009f56: f7fd f8b3 bl 80070c0 + 8009f5a: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI2RDY) != 0U) + 8009f5c: 6823 ldr r3, [r4, #0] + 8009f5e: 009a lsls r2, r3, #2 + 8009f60: d423 bmi.n 8009faa + __HAL_RCC_PLLSAI2_CONFIG(PLLSAI2Init->PLLSAI2M, PLLSAI2Init->PLLSAI2N, PLLSAI2Init->PLLSAI2P, PLLSAI2Init->PLLSAI2Q, PLLSAI2Init->PLLSAI2R); + 8009f62: e9d5 2302 ldrd r2, r3, [r5, #8] + 8009f66: 06db lsls r3, r3, #27 + 8009f68: 6961 ldr r1, [r4, #20] + 8009f6a: ea43 2302 orr.w r3, r3, r2, lsl #8 + 8009f6e: 4a18 ldr r2, [pc, #96] ; (8009fd0 ) + 8009f70: 400a ands r2, r1 + 8009f72: 4313 orrs r3, r2 + 8009f74: 686a ldr r2, [r5, #4] + 8009f76: 3a01 subs r2, #1 + 8009f78: ea43 1302 orr.w r3, r3, r2, lsl #4 + 8009f7c: 692a ldr r2, [r5, #16] + 8009f7e: 0852 lsrs r2, r2, #1 + 8009f80: 3a01 subs r2, #1 + 8009f82: ea43 5342 orr.w r3, r3, r2, lsl #21 + 8009f86: 696a ldr r2, [r5, #20] + 8009f88: 0852 lsrs r2, r2, #1 + 8009f8a: 3a01 subs r2, #1 + 8009f8c: ea43 6342 orr.w r3, r3, r2, lsl #25 + 8009f90: 6163 str r3, [r4, #20] + __HAL_RCC_PLLSAI2CLKOUT_ENABLE(PLLSAI2Init->PLLSAI2ClockOut); + 8009f92: 6963 ldr r3, [r4, #20] + 8009f94: 69aa ldr r2, [r5, #24] + 8009f96: 4313 orrs r3, r2 + 8009f98: 6163 str r3, [r4, #20] + __HAL_RCC_PLLSAI2_ENABLE(); + 8009f9a: 6823 ldr r3, [r4, #0] + 8009f9c: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + 8009fa0: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8009fa2: f7fd f88d bl 80070c0 + 8009fa6: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI2RDY) == 0U) + 8009fa8: e00b b.n 8009fc2 + if((HAL_GetTick() - tickstart) > PLLSAI2_TIMEOUT_VALUE) + 8009faa: f7fd f889 bl 80070c0 + 8009fae: 1b80 subs r0, r0, r6 + 8009fb0: 2802 cmp r0, #2 + 8009fb2: d9d3 bls.n 8009f5c + status = HAL_TIMEOUT; + 8009fb4: 2003 movs r0, #3 +} + 8009fb6: bd70 pop {r4, r5, r6, pc} + if((HAL_GetTick() - tickstart) > PLLSAI2_TIMEOUT_VALUE) + 8009fb8: f7fd f882 bl 80070c0 + 8009fbc: 1b40 subs r0, r0, r5 + 8009fbe: 2802 cmp r0, #2 + 8009fc0: d8f8 bhi.n 8009fb4 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI2RDY) == 0U) + 8009fc2: 6823 ldr r3, [r4, #0] + 8009fc4: 009b lsls r3, r3, #2 + 8009fc6: d5f7 bpl.n 8009fb8 + 8009fc8: 2000 movs r0, #0 + return status; + 8009fca: e7f4 b.n 8009fb6 + 8009fcc: 40021000 .word 0x40021000 + 8009fd0: 019d800f .word 0x019d800f + +08009fd4 : +{ + 8009fd4: b538 push {r3, r4, r5, lr} + __HAL_RCC_PLLSAI2_DISABLE(); + 8009fd6: 4c11 ldr r4, [pc, #68] ; (800a01c ) + 8009fd8: 6823 ldr r3, [r4, #0] + 8009fda: f023 5380 bic.w r3, r3, #268435456 ; 0x10000000 + 8009fde: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8009fe0: f7fd f86e bl 80070c0 + 8009fe4: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI2RDY) != 0U) + 8009fe6: 6823 ldr r3, [r4, #0] + 8009fe8: f013 5300 ands.w r3, r3, #536870912 ; 0x20000000 + 8009fec: d10f bne.n 800a00e + HAL_StatusTypeDef status = HAL_OK; + 8009fee: 4618 mov r0, r3 + __HAL_RCC_PLLSAI2CLKOUT_DISABLE(RCC_PLLSAI2CFGR_PLLSAI2PEN|RCC_PLLSAI2CFGR_PLLSAI2QEN|RCC_PLLSAI2CFGR_PLLSAI2REN); + 8009ff0: 6963 ldr r3, [r4, #20] + 8009ff2: f023 7388 bic.w r3, r3, #17825792 ; 0x1100000 + 8009ff6: f423 3380 bic.w r3, r3, #65536 ; 0x10000 + 8009ffa: 6163 str r3, [r4, #20] + if(READ_BIT(RCC->CR, (RCC_CR_PLLRDY | RCC_CR_PLLSAI1RDY)) == 0U) + 8009ffc: 6823 ldr r3, [r4, #0] + 8009ffe: f013 6f20 tst.w r3, #167772160 ; 0xa000000 + MODIFY_REG(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC, RCC_PLLSOURCE_NONE); + 800a002: bf02 ittt eq + 800a004: 68e3 ldreq r3, [r4, #12] + 800a006: f023 0303 biceq.w r3, r3, #3 + 800a00a: 60e3 streq r3, [r4, #12] +} + 800a00c: bd38 pop {r3, r4, r5, pc} + if((HAL_GetTick() - tickstart) > PLLSAI2_TIMEOUT_VALUE) + 800a00e: f7fd f857 bl 80070c0 + 800a012: 1b40 subs r0, r0, r5 + 800a014: 2802 cmp r0, #2 + 800a016: d9e6 bls.n 8009fe6 + status = HAL_TIMEOUT; + 800a018: 2003 movs r0, #3 + 800a01a: e7e9 b.n 8009ff0 + 800a01c: 40021000 .word 0x40021000 + +0800a020 : + __HAL_RCC_WAKEUPSTOP_CLK_CONFIG(WakeUpClk); + 800a020: 4a03 ldr r2, [pc, #12] ; (800a030 ) + 800a022: 6893 ldr r3, [r2, #8] + 800a024: f423 4300 bic.w r3, r3, #32768 ; 0x8000 + 800a028: 4318 orrs r0, r3 + 800a02a: 6090 str r0, [r2, #8] +} + 800a02c: 4770 bx lr + 800a02e: bf00 nop + 800a030: 40021000 .word 0x40021000 + +0800a034 : + __HAL_RCC_MSI_STANDBY_RANGE_CONFIG(MSIRange); + 800a034: 4a04 ldr r2, [pc, #16] ; (800a048 ) + 800a036: f8d2 3094 ldr.w r3, [r2, #148] ; 0x94 + 800a03a: f423 6370 bic.w r3, r3, #3840 ; 0xf00 + 800a03e: ea43 1000 orr.w r0, r3, r0, lsl #4 + 800a042: f8c2 0094 str.w r0, [r2, #148] ; 0x94 +} + 800a046: 4770 bx lr + 800a048: 40021000 .word 0x40021000 + +0800a04c : + SET_BIT(RCC->BDCR, RCC_BDCR_LSECSSON); + 800a04c: 4a03 ldr r2, [pc, #12] ; (800a05c ) + 800a04e: f8d2 3090 ldr.w r3, [r2, #144] ; 0x90 + 800a052: f043 0320 orr.w r3, r3, #32 + 800a056: f8c2 3090 str.w r3, [r2, #144] ; 0x90 +} + 800a05a: 4770 bx lr + 800a05c: 40021000 .word 0x40021000 + +0800a060 : + CLEAR_BIT(RCC->BDCR, RCC_BDCR_LSECSSON) ; + 800a060: 4b05 ldr r3, [pc, #20] ; (800a078 ) + 800a062: f8d3 2090 ldr.w r2, [r3, #144] ; 0x90 + 800a066: f022 0220 bic.w r2, r2, #32 + 800a06a: f8c3 2090 str.w r2, [r3, #144] ; 0x90 + __HAL_RCC_DISABLE_IT(RCC_IT_LSECSS); + 800a06e: 699a ldr r2, [r3, #24] + 800a070: f422 7200 bic.w r2, r2, #512 ; 0x200 + 800a074: 619a str r2, [r3, #24] +} + 800a076: 4770 bx lr + 800a078: 40021000 .word 0x40021000 + +0800a07c : + SET_BIT(RCC->BDCR, RCC_BDCR_LSECSSON) ; + 800a07c: 4b0a ldr r3, [pc, #40] ; (800a0a8 ) + 800a07e: f8d3 2090 ldr.w r2, [r3, #144] ; 0x90 + 800a082: f042 0220 orr.w r2, r2, #32 + 800a086: f8c3 2090 str.w r2, [r3, #144] ; 0x90 + __HAL_RCC_ENABLE_IT(RCC_IT_LSECSS); + 800a08a: 699a ldr r2, [r3, #24] + 800a08c: f442 7200 orr.w r2, r2, #512 ; 0x200 + 800a090: 619a str r2, [r3, #24] + __HAL_RCC_LSECSS_EXTI_ENABLE_IT(); + 800a092: f5a3 3386 sub.w r3, r3, #68608 ; 0x10c00 + 800a096: 681a ldr r2, [r3, #0] + 800a098: f442 2200 orr.w r2, r2, #524288 ; 0x80000 + 800a09c: 601a str r2, [r3, #0] + __HAL_RCC_LSECSS_EXTI_ENABLE_RISING_EDGE(); + 800a09e: 689a ldr r2, [r3, #8] + 800a0a0: f442 2200 orr.w r2, r2, #524288 ; 0x80000 + 800a0a4: 609a str r2, [r3, #8] +} + 800a0a6: 4770 bx lr + 800a0a8: 40021000 .word 0x40021000 + +0800a0ac : +} + 800a0ac: 4770 bx lr + ... + +0800a0b0 : +{ + 800a0b0: b510 push {r4, lr} + if(__HAL_RCC_GET_IT(RCC_IT_LSECSS)) + 800a0b2: 4c05 ldr r4, [pc, #20] ; (800a0c8 ) + 800a0b4: 69e3 ldr r3, [r4, #28] + 800a0b6: 059b lsls r3, r3, #22 + 800a0b8: d504 bpl.n 800a0c4 + HAL_RCCEx_LSECSS_Callback(); + 800a0ba: f7ff fff7 bl 800a0ac + __HAL_RCC_CLEAR_IT(RCC_IT_LSECSS); + 800a0be: f44f 7300 mov.w r3, #512 ; 0x200 + 800a0c2: 6223 str r3, [r4, #32] +} + 800a0c4: bd10 pop {r4, pc} + 800a0c6: bf00 nop + 800a0c8: 40021000 .word 0x40021000 + +0800a0cc : + SET_BIT(RCC->CR, RCC_CR_MSIPLLEN) ; + 800a0cc: 4a02 ldr r2, [pc, #8] ; (800a0d8 ) + 800a0ce: 6813 ldr r3, [r2, #0] + 800a0d0: f043 0304 orr.w r3, r3, #4 + 800a0d4: 6013 str r3, [r2, #0] +} + 800a0d6: 4770 bx lr + 800a0d8: 40021000 .word 0x40021000 + +0800a0dc : + CLEAR_BIT(RCC->CR, RCC_CR_MSIPLLEN) ; + 800a0dc: 4a02 ldr r2, [pc, #8] ; (800a0e8 ) + 800a0de: 6813 ldr r3, [r2, #0] + 800a0e0: f023 0304 bic.w r3, r3, #4 + 800a0e4: 6013 str r3, [r2, #0] +} + 800a0e6: 4770 bx lr + 800a0e8: 40021000 .word 0x40021000 + +0800a0ec : + MODIFY_REG(RCC->DLYCFGR, RCC_DLYCFGR_OCTOSPI1_DLY|RCC_DLYCFGR_OCTOSPI2_DLY, (Delay1 | (Delay2 << RCC_DLYCFGR_OCTOSPI2_DLY_Pos))) ; + 800a0ec: 4a05 ldr r2, [pc, #20] ; (800a104 ) + 800a0ee: f8d2 30a4 ldr.w r3, [r2, #164] ; 0xa4 + 800a0f2: f023 03ff bic.w r3, r3, #255 ; 0xff + 800a0f6: 4318 orrs r0, r3 + 800a0f8: ea40 1101 orr.w r1, r0, r1, lsl #4 + 800a0fc: f8c2 10a4 str.w r1, [r2, #164] ; 0xa4 +} + 800a100: 4770 bx lr + 800a102: bf00 nop + 800a104: 40021000 .word 0x40021000 + +0800a108 : + __HAL_RCC_CRS_FORCE_RESET(); + 800a108: 4b10 ldr r3, [pc, #64] ; (800a14c ) + 800a10a: 6b9a ldr r2, [r3, #56] ; 0x38 + 800a10c: f042 7280 orr.w r2, r2, #16777216 ; 0x1000000 + 800a110: 639a str r2, [r3, #56] ; 0x38 + __HAL_RCC_CRS_RELEASE_RESET(); + 800a112: 6b9a ldr r2, [r3, #56] ; 0x38 + 800a114: f022 7280 bic.w r2, r2, #16777216 ; 0x1000000 + 800a118: 639a str r2, [r3, #56] ; 0x38 + value = (pInit->Prescaler | pInit->Source | pInit->Polarity); + 800a11a: e9d0 3200 ldrd r3, r2, [r0] + 800a11e: 4313 orrs r3, r2 + 800a120: 6882 ldr r2, [r0, #8] + 800a122: 4313 orrs r3, r2 + value |= pInit->ReloadValue; + 800a124: 68c2 ldr r2, [r0, #12] + 800a126: 4313 orrs r3, r2 + value |= (pInit->ErrorLimitValue << CRS_CFGR_FELIM_Pos); + 800a128: 6902 ldr r2, [r0, #16] + 800a12a: ea43 4302 orr.w r3, r3, r2, lsl #16 + WRITE_REG(CRS->CFGR, value); + 800a12e: 4a08 ldr r2, [pc, #32] ; (800a150 ) + 800a130: 6053 str r3, [r2, #4] + MODIFY_REG(CRS->CR, CRS_CR_TRIM, (pInit->HSI48CalibrationValue << CRS_CR_TRIM_Pos)); + 800a132: 6813 ldr r3, [r2, #0] + 800a134: 6941 ldr r1, [r0, #20] + 800a136: f423 537c bic.w r3, r3, #16128 ; 0x3f00 + 800a13a: ea43 2301 orr.w r3, r3, r1, lsl #8 + 800a13e: 6013 str r3, [r2, #0] + SET_BIT(CRS->CR, CRS_CR_AUTOTRIMEN | CRS_CR_CEN); + 800a140: 6813 ldr r3, [r2, #0] + 800a142: f043 0360 orr.w r3, r3, #96 ; 0x60 + 800a146: 6013 str r3, [r2, #0] +} + 800a148: 4770 bx lr + 800a14a: bf00 nop + 800a14c: 40021000 .word 0x40021000 + 800a150: 40006000 .word 0x40006000 + +0800a154 : + SET_BIT(CRS->CR, CRS_CR_SWSYNC); + 800a154: 4a02 ldr r2, [pc, #8] ; (800a160 ) + 800a156: 6813 ldr r3, [r2, #0] + 800a158: f043 0380 orr.w r3, r3, #128 ; 0x80 + 800a15c: 6013 str r3, [r2, #0] +} + 800a15e: 4770 bx lr + 800a160: 40006000 .word 0x40006000 + +0800a164 : + pSynchroInfo->ReloadValue = (READ_BIT(CRS->CFGR, CRS_CFGR_RELOAD)); + 800a164: 4b07 ldr r3, [pc, #28] ; (800a184 ) + 800a166: 685a ldr r2, [r3, #4] + 800a168: b292 uxth r2, r2 + 800a16a: 6002 str r2, [r0, #0] + pSynchroInfo->HSI48CalibrationValue = (READ_BIT(CRS->CR, CRS_CR_TRIM) >> CRS_CR_TRIM_Pos); + 800a16c: 681a ldr r2, [r3, #0] + 800a16e: f3c2 2205 ubfx r2, r2, #8, #6 + 800a172: 6042 str r2, [r0, #4] + pSynchroInfo->FreqErrorCapture = (READ_BIT(CRS->ISR, CRS_ISR_FECAP) >> CRS_ISR_FECAP_Pos); + 800a174: 689a ldr r2, [r3, #8] + 800a176: 0c12 lsrs r2, r2, #16 + 800a178: 6082 str r2, [r0, #8] + pSynchroInfo->FreqErrorDirection = (READ_BIT(CRS->ISR, CRS_ISR_FEDIR)); + 800a17a: 689b ldr r3, [r3, #8] + 800a17c: f403 4300 and.w r3, r3, #32768 ; 0x8000 + 800a180: 60c3 str r3, [r0, #12] +} + 800a182: 4770 bx lr + 800a184: 40006000 .word 0x40006000 + +0800a188 : +{ + 800a188: b5f8 push {r3, r4, r5, r6, r7, lr} + 800a18a: 4605 mov r5, r0 + tickstart = HAL_GetTick(); + 800a18c: f7fc ff98 bl 80070c0 + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCOK)) + 800a190: 4c1e ldr r4, [pc, #120] ; (800a20c ) + tickstart = HAL_GetTick(); + 800a192: 4606 mov r6, r0 + __HAL_RCC_CRS_CLEAR_FLAG(RCC_CRS_FLAG_SYNCOK); + 800a194: 2701 movs r7, #1 + if(Timeout != HAL_MAX_DELAY) + 800a196: 1c68 adds r0, r5, #1 + 800a198: d12f bne.n 800a1fa + crsstatus = RCC_CRS_TIMEOUT; + 800a19a: 2000 movs r0, #0 + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCOK)) + 800a19c: 68a2 ldr r2, [r4, #8] + 800a19e: 07d1 lsls r1, r2, #31 + __HAL_RCC_CRS_CLEAR_FLAG(RCC_CRS_FLAG_SYNCOK); + 800a1a0: bf48 it mi + 800a1a2: 60e7 strmi r7, [r4, #12] + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCWARN)) + 800a1a4: 68a2 ldr r2, [r4, #8] + crsstatus |= RCC_CRS_SYNCOK; + 800a1a6: bf48 it mi + 800a1a8: f040 0002 orrmi.w r0, r0, #2 + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCWARN)) + 800a1ac: 0792 lsls r2, r2, #30 + __HAL_RCC_CRS_CLEAR_FLAG(RCC_CRS_FLAG_SYNCWARN); + 800a1ae: bf44 itt mi + 800a1b0: 2202 movmi r2, #2 + 800a1b2: 60e2 strmi r2, [r4, #12] + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_TRIMOVF)) + 800a1b4: 68a2 ldr r2, [r4, #8] + crsstatus |= RCC_CRS_SYNCWARN; + 800a1b6: bf48 it mi + 800a1b8: f040 0004 orrmi.w r0, r0, #4 + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_TRIMOVF)) + 800a1bc: 0553 lsls r3, r2, #21 + __HAL_RCC_CRS_CLEAR_FLAG(RCC_CRS_FLAG_TRIMOVF); + 800a1be: bf44 itt mi + 800a1c0: 2204 movmi r2, #4 + 800a1c2: 60e2 strmi r2, [r4, #12] + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCERR)) + 800a1c4: 68a2 ldr r2, [r4, #8] + crsstatus |= RCC_CRS_TRIMOVF; + 800a1c6: bf48 it mi + 800a1c8: f040 0020 orrmi.w r0, r0, #32 + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCERR)) + 800a1cc: 05d1 lsls r1, r2, #23 + __HAL_RCC_CRS_CLEAR_FLAG(RCC_CRS_FLAG_SYNCERR); + 800a1ce: bf44 itt mi + 800a1d0: 2204 movmi r2, #4 + 800a1d2: 60e2 strmi r2, [r4, #12] + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCMISS)) + 800a1d4: 68a2 ldr r2, [r4, #8] + crsstatus |= RCC_CRS_SYNCERR; + 800a1d6: bf48 it mi + 800a1d8: f040 0008 orrmi.w r0, r0, #8 + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCMISS)) + 800a1dc: 0592 lsls r2, r2, #22 + __HAL_RCC_CRS_CLEAR_FLAG(RCC_CRS_FLAG_SYNCMISS); + 800a1de: bf44 itt mi + 800a1e0: 2204 movmi r2, #4 + 800a1e2: 60e2 strmi r2, [r4, #12] + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_ESYNC)) + 800a1e4: 68a2 ldr r2, [r4, #8] + crsstatus |= RCC_CRS_SYNCMISS; + 800a1e6: bf48 it mi + 800a1e8: f040 0010 orrmi.w r0, r0, #16 + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_ESYNC)) + 800a1ec: 0713 lsls r3, r2, #28 + __HAL_RCC_CRS_CLEAR_FLAG(RCC_CRS_FLAG_ESYNC); + 800a1ee: bf44 itt mi + 800a1f0: 2208 movmi r2, #8 + 800a1f2: 60e2 strmi r2, [r4, #12] + } while(RCC_CRS_NONE == crsstatus); + 800a1f4: 2800 cmp r0, #0 + 800a1f6: d0ce beq.n 800a196 +} + 800a1f8: bdf8 pop {r3, r4, r5, r6, r7, pc} + if(((HAL_GetTick() - tickstart) > Timeout) || (Timeout == 0U)) + 800a1fa: f7fc ff61 bl 80070c0 + 800a1fe: 1b80 subs r0, r0, r6 + 800a200: 42a8 cmp r0, r5 + 800a202: d801 bhi.n 800a208 + 800a204: 2d00 cmp r5, #0 + 800a206: d1c8 bne.n 800a19a + crsstatus = RCC_CRS_TIMEOUT; + 800a208: 2001 movs r0, #1 + 800a20a: e7c7 b.n 800a19c + 800a20c: 40006000 .word 0x40006000 + +0800a210 : + 800a210: 4770 bx lr + +0800a212 : + 800a212: 4770 bx lr + +0800a214 : + 800a214: 4770 bx lr + +0800a216 : +} + 800a216: 4770 bx lr + +0800a218 : + uint32_t itflags = READ_REG(CRS->ISR); + 800a218: 491b ldr r1, [pc, #108] ; (800a288 ) +{ + 800a21a: b508 push {r3, lr} + uint32_t itflags = READ_REG(CRS->ISR); + 800a21c: 688b ldr r3, [r1, #8] + uint32_t itsources = READ_REG(CRS->CR); + 800a21e: 680a ldr r2, [r1, #0] + if(((itflags & RCC_CRS_FLAG_SYNCOK) != 0U) && ((itsources & RCC_CRS_IT_SYNCOK) != 0U)) + 800a220: 07d8 lsls r0, r3, #31 + 800a222: d506 bpl.n 800a232 + 800a224: 07d0 lsls r0, r2, #31 + 800a226: d504 bpl.n 800a232 + WRITE_REG(CRS->ICR, CRS_ICR_SYNCOKC); + 800a228: 2301 movs r3, #1 + 800a22a: 60cb str r3, [r1, #12] + HAL_RCCEx_CRS_SyncOkCallback(); + 800a22c: f7ff fff0 bl 800a210 +} + 800a230: bd08 pop {r3, pc} + else if(((itflags & RCC_CRS_FLAG_SYNCWARN) != 0U) && ((itsources & RCC_CRS_IT_SYNCWARN) != 0U)) + 800a232: 0798 lsls r0, r3, #30 + 800a234: d507 bpl.n 800a246 + 800a236: 0791 lsls r1, r2, #30 + 800a238: d505 bpl.n 800a246 + WRITE_REG(CRS->ICR, CRS_ICR_SYNCWARNC); + 800a23a: 4b13 ldr r3, [pc, #76] ; (800a288 ) + 800a23c: 2202 movs r2, #2 + 800a23e: 60da str r2, [r3, #12] + HAL_RCCEx_CRS_SyncWarnCallback(); + 800a240: f7ff ffe7 bl 800a212 + 800a244: e7f4 b.n 800a230 + else if(((itflags & RCC_CRS_FLAG_ESYNC) != 0U) && ((itsources & RCC_CRS_IT_ESYNC) != 0U)) + 800a246: 0718 lsls r0, r3, #28 + 800a248: d507 bpl.n 800a25a + 800a24a: 0711 lsls r1, r2, #28 + 800a24c: d505 bpl.n 800a25a + WRITE_REG(CRS->ICR, CRS_ICR_ESYNCC); + 800a24e: 4b0e ldr r3, [pc, #56] ; (800a288 ) + 800a250: 2208 movs r2, #8 + 800a252: 60da str r2, [r3, #12] + HAL_RCCEx_CRS_ExpectedSyncCallback(); + 800a254: f7ff ffde bl 800a214 + 800a258: e7ea b.n 800a230 + if(((itflags & RCC_CRS_FLAG_ERR) != 0U) && ((itsources & RCC_CRS_IT_ERR) != 0U)) + 800a25a: 0758 lsls r0, r3, #29 + 800a25c: d5e8 bpl.n 800a230 + 800a25e: 0751 lsls r1, r2, #29 + 800a260: d5e6 bpl.n 800a230 + crserror |= RCC_CRS_SYNCERR; + 800a262: f413 7080 ands.w r0, r3, #256 ; 0x100 + 800a266: bf18 it ne + 800a268: 2008 movne r0, #8 + if((itflags & RCC_CRS_FLAG_SYNCMISS) != 0U) + 800a26a: 059a lsls r2, r3, #22 + crserror |= RCC_CRS_SYNCMISS; + 800a26c: bf48 it mi + 800a26e: f040 0010 orrmi.w r0, r0, #16 + if((itflags & RCC_CRS_FLAG_TRIMOVF) != 0U) + 800a272: 055b lsls r3, r3, #21 + WRITE_REG(CRS->ICR, CRS_ICR_ERRC); + 800a274: 4b04 ldr r3, [pc, #16] ; (800a288 ) + 800a276: f04f 0204 mov.w r2, #4 + crserror |= RCC_CRS_TRIMOVF; + 800a27a: bf48 it mi + 800a27c: f040 0020 orrmi.w r0, r0, #32 + WRITE_REG(CRS->ICR, CRS_ICR_ERRC); + 800a280: 60da str r2, [r3, #12] + HAL_RCCEx_CRS_ErrorCallback(crserror); + 800a282: f7ff ffc8 bl 800a216 +} + 800a286: e7d3 b.n 800a230 + 800a288: 40006000 .word 0x40006000 + +0800a28c : + * processing is suspended when possible and the Peripheral feeding point reached at + * suspension time is stored in the handle for resumption later on. + * @retval HAL status + */ +static HAL_StatusTypeDef HASH_WriteData(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size) +{ + 800a28c: b573 push {r0, r1, r4, r5, r6, lr} + __IO uint32_t inputaddr = (uint32_t) pInBuffer; + + for(buffercounter = 0U; buffercounter < Size; buffercounter+=4U) + { + /* Write input data 4 bytes at a time */ + HASH->DIN = *(uint32_t*)inputaddr; + 800a28e: 4d1e ldr r5, [pc, #120] ; (800a308 ) + __IO uint32_t inputaddr = (uint32_t) pInBuffer; + 800a290: 9101 str r1, [sp, #4] +{ + 800a292: 4604 mov r4, r0 + for(buffercounter = 0U; buffercounter < Size; buffercounter+=4U) + 800a294: 2100 movs r1, #0 + 800a296: 4291 cmp r1, r2 + 800a298: d221 bcs.n 800a2de + HASH->DIN = *(uint32_t*)inputaddr; + 800a29a: 9b01 ldr r3, [sp, #4] + 800a29c: 681b ldr r3, [r3, #0] + 800a29e: 606b str r3, [r5, #4] + inputaddr+=4U; + 800a2a0: 9b01 ldr r3, [sp, #4] + + /* If the suspension flag has been raised and if the processing is not about + to end, suspend processing */ + if ((hhash->SuspendRequest == HAL_HASH_SUSPEND) && ((buffercounter+4U) < Size)) + 800a2a2: f894 0036 ldrb.w r0, [r4, #54] ; 0x36 + inputaddr+=4U; + 800a2a6: 3304 adds r3, #4 + if ((hhash->SuspendRequest == HAL_HASH_SUSPEND) && ((buffercounter+4U) < Size)) + 800a2a8: 2801 cmp r0, #1 + inputaddr+=4U; + 800a2aa: 9301 str r3, [sp, #4] + if ((hhash->SuspendRequest == HAL_HASH_SUSPEND) && ((buffercounter+4U) < Size)) + 800a2ac: f101 0304 add.w r3, r1, #4 + 800a2b0: d127 bne.n 800a302 + 800a2b2: 4293 cmp r3, r2 + 800a2b4: d225 bcs.n 800a302 + { + /* Wait for DINIS = 1, which occurs when 16 32-bit locations are free + in the input buffer */ + if (__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS)) + 800a2b6: 6a6e ldr r6, [r5, #36] ; 0x24 + 800a2b8: 07f6 lsls r6, r6, #31 + 800a2ba: d522 bpl.n 800a302 + /* Reset SuspendRequest */ + hhash->SuspendRequest = HAL_HASH_SUSPEND_NONE; + + /* Depending whether the key or the input data were fed to the Peripheral, the feeding point + reached at suspension time is not saved in the same handle fields */ + if ((hhash->Phase == HAL_HASH_PHASE_PROCESS) || (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_2)) + 800a2bc: f894 302d ldrb.w r3, [r4, #45] ; 0x2d + hhash->SuspendRequest = HAL_HASH_SUSPEND_NONE; + 800a2c0: 2500 movs r5, #0 + if ((hhash->Phase == HAL_HASH_PHASE_PROCESS) || (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_2)) + 800a2c2: 2b02 cmp r3, #2 + hhash->SuspendRequest = HAL_HASH_SUSPEND_NONE; + 800a2c4: f884 5036 strb.w r5, [r4, #54] ; 0x36 + if ((hhash->Phase == HAL_HASH_PHASE_PROCESS) || (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_2)) + 800a2c8: d001 beq.n 800a2ce + 800a2ca: 2b04 cmp r3, #4 + 800a2cc: d109 bne.n 800a2e2 + { + /* Save current reading and writing locations of Input and Output buffers */ + hhash->pHashInBuffPtr = (uint8_t *)inputaddr; + /* Save the number of bytes that remain to be processed at this point */ + hhash->HashInCount = Size - (buffercounter + 4U); + 800a2ce: 3a04 subs r2, #4 + hhash->pHashInBuffPtr = (uint8_t *)inputaddr; + 800a2d0: 9b01 ldr r3, [sp, #4] + 800a2d2: 60e3 str r3, [r4, #12] + hhash->HashInCount = Size - (buffercounter + 4U); + 800a2d4: 1a52 subs r2, r2, r1 + 800a2d6: 6222 str r2, [r4, #32] + __HAL_UNLOCK(hhash); + return HAL_ERROR; + } + + /* Set the HASH state to Suspended and exit to stop entering data */ + hhash->State = HAL_HASH_STATE_SUSPENDED; + 800a2d8: 2308 movs r3, #8 + 800a2da: f884 3035 strb.w r3, [r4, #53] ; 0x35 + } /* if (__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS)) */ + } /* if ((hhash->SuspendRequest == HAL_HASH_SUSPEND) && ((buffercounter+4) < Size)) */ + } /* for(buffercounter = 0; buffercounter < Size; buffercounter+=4) */ + + /* At this point, all the data have been entered to the Peripheral: exit */ + return HAL_OK; + 800a2de: 2000 movs r0, #0 + 800a2e0: e00d b.n 800a2fe + else if ((hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_1) || (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_3)) + 800a2e2: 2b03 cmp r3, #3 + 800a2e4: d001 beq.n 800a2ea + 800a2e6: 2b05 cmp r3, #5 + 800a2e8: d105 bne.n 800a2f6 + hhash->HashKeyCount = Size - (buffercounter + 4U); + 800a2ea: 3a04 subs r2, #4 + hhash->pHashKeyBuffPtr = (uint8_t *)inputaddr; + 800a2ec: 9b01 ldr r3, [sp, #4] + 800a2ee: 6163 str r3, [r4, #20] + hhash->HashKeyCount = Size - (buffercounter + 4U); + 800a2f0: 1a52 subs r2, r2, r1 + 800a2f2: 62a2 str r2, [r4, #40] ; 0x28 + 800a2f4: e7f0 b.n 800a2d8 + hhash->State = HAL_HASH_STATE_READY; + 800a2f6: f884 0035 strb.w r0, [r4, #53] ; 0x35 + __HAL_UNLOCK(hhash); + 800a2fa: f884 5034 strb.w r5, [r4, #52] ; 0x34 +} + 800a2fe: b002 add sp, #8 + 800a300: bd70 pop {r4, r5, r6, pc} + 800a302: 4619 mov r1, r3 + 800a304: e7c7 b.n 800a296 + 800a306: bf00 nop + 800a308: 50060400 .word 0x50060400 + +0800a30c : + */ +static void HASH_GetDigest(uint8_t *pMsgDigest, uint8_t Size) +{ + uint32_t msgdigest = (uint32_t)pMsgDigest; + + switch(Size) + 800a30c: 291c cmp r1, #28 + 800a30e: d027 beq.n 800a360 + 800a310: d804 bhi.n 800a31c + 800a312: 2910 cmp r1, #16 + 800a314: d005 beq.n 800a322 + 800a316: 2914 cmp r1, #20 + 800a318: d011 beq.n 800a33e + 800a31a: 4770 bx lr + 800a31c: 2920 cmp r1, #32 + 800a31e: d037 beq.n 800a390 + 800a320: 4770 bx lr + { + /* Read the message digest */ + case 16: /* MD5 */ + *(uint32_t*)(msgdigest) = __REV(HASH->HR[0]); + 800a322: 4b29 ldr r3, [pc, #164] ; (800a3c8 ) + 800a324: 68da ldr r2, [r3, #12] + \return Reversed value + */ +__STATIC_FORCEINLINE uint32_t __REV(uint32_t value) +{ +#if (__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) + return __builtin_bswap32(value); + 800a326: ba12 rev r2, r2 + 800a328: 6002 str r2, [r0, #0] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[1]); + 800a32a: 691a ldr r2, [r3, #16] + 800a32c: ba12 rev r2, r2 + 800a32e: 6042 str r2, [r0, #4] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[2]); + 800a330: 695a ldr r2, [r3, #20] + 800a332: ba12 rev r2, r2 + 800a334: 6082 str r2, [r0, #8] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[3]); + 800a336: 699b ldr r3, [r3, #24] + 800a338: ba1b rev r3, r3 + 800a33a: 60c3 str r3, [r0, #12] + break; + 800a33c: 4770 bx lr + case 20: /* SHA1 */ + *(uint32_t*)(msgdigest) = __REV(HASH->HR[0]); + 800a33e: 4b22 ldr r3, [pc, #136] ; (800a3c8 ) + 800a340: 68da ldr r2, [r3, #12] + 800a342: ba12 rev r2, r2 + 800a344: 6002 str r2, [r0, #0] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[1]); + 800a346: 691a ldr r2, [r3, #16] + 800a348: ba12 rev r2, r2 + 800a34a: 6042 str r2, [r0, #4] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[2]); + 800a34c: 695a ldr r2, [r3, #20] + 800a34e: ba12 rev r2, r2 + 800a350: 6082 str r2, [r0, #8] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[3]); + 800a352: 699a ldr r2, [r3, #24] + 800a354: ba12 rev r2, r2 + 800a356: 60c2 str r2, [r0, #12] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[4]); + 800a358: 69db ldr r3, [r3, #28] + 800a35a: ba1b rev r3, r3 + 800a35c: 6103 str r3, [r0, #16] + break; + 800a35e: 4770 bx lr + case 28: /* SHA224 */ + *(uint32_t*)(msgdigest) = __REV(HASH->HR[0]); + 800a360: 4b19 ldr r3, [pc, #100] ; (800a3c8 ) + 800a362: 68da ldr r2, [r3, #12] + 800a364: ba12 rev r2, r2 + 800a366: 6002 str r2, [r0, #0] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[1]); + 800a368: 691a ldr r2, [r3, #16] + 800a36a: ba12 rev r2, r2 + 800a36c: 6042 str r2, [r0, #4] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[2]); + 800a36e: 695a ldr r2, [r3, #20] + 800a370: ba12 rev r2, r2 + 800a372: 6082 str r2, [r0, #8] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[3]); + 800a374: 699a ldr r2, [r3, #24] + 800a376: ba12 rev r2, r2 + 800a378: 60c2 str r2, [r0, #12] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[4]); + 800a37a: 69db ldr r3, [r3, #28] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH_DIGEST->HR[5]); + 800a37c: 4a13 ldr r2, [pc, #76] ; (800a3cc ) + 800a37e: ba1b rev r3, r3 + *(uint32_t*)(msgdigest) = __REV(HASH->HR[4]); + 800a380: 6103 str r3, [r0, #16] + *(uint32_t*)(msgdigest) = __REV(HASH_DIGEST->HR[5]); + 800a382: 6a53 ldr r3, [r2, #36] ; 0x24 + 800a384: ba1b rev r3, r3 + 800a386: 6143 str r3, [r0, #20] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH_DIGEST->HR[6]); + 800a388: 6a93 ldr r3, [r2, #40] ; 0x28 + 800a38a: ba1b rev r3, r3 + 800a38c: 6183 str r3, [r0, #24] + break; + 800a38e: 4770 bx lr + case 32: /* SHA256 */ + *(uint32_t*)(msgdigest) = __REV(HASH->HR[0]); + 800a390: 4b0d ldr r3, [pc, #52] ; (800a3c8 ) + 800a392: 68da ldr r2, [r3, #12] + 800a394: ba12 rev r2, r2 + 800a396: 6002 str r2, [r0, #0] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[1]); + 800a398: 691a ldr r2, [r3, #16] + 800a39a: ba12 rev r2, r2 + 800a39c: 6042 str r2, [r0, #4] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[2]); + 800a39e: 695a ldr r2, [r3, #20] + 800a3a0: ba12 rev r2, r2 + 800a3a2: 6082 str r2, [r0, #8] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[3]); + 800a3a4: 699a ldr r2, [r3, #24] + 800a3a6: ba12 rev r2, r2 + 800a3a8: 60c2 str r2, [r0, #12] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[4]); + 800a3aa: 69db ldr r3, [r3, #28] + 800a3ac: ba1b rev r3, r3 + 800a3ae: 6103 str r3, [r0, #16] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH_DIGEST->HR[5]); + 800a3b0: 4b06 ldr r3, [pc, #24] ; (800a3cc ) + 800a3b2: 6a5a ldr r2, [r3, #36] ; 0x24 + 800a3b4: ba12 rev r2, r2 + 800a3b6: 6142 str r2, [r0, #20] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH_DIGEST->HR[6]); + 800a3b8: 6a9a ldr r2, [r3, #40] ; 0x28 + 800a3ba: ba12 rev r2, r2 + 800a3bc: 6182 str r2, [r0, #24] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH_DIGEST->HR[7]); + 800a3be: 6adb ldr r3, [r3, #44] ; 0x2c + 800a3c0: ba1b rev r3, r3 + 800a3c2: 61c3 str r3, [r0, #28] + break; + default: + break; + } +} + 800a3c4: 4770 bx lr + 800a3c6: bf00 nop + 800a3c8: 50060400 .word 0x50060400 + 800a3cc: 50060700 .word 0x50060700 + +0800a3d0 : + * @param Status the Flag status (SET or RESET). + * @param Timeout Timeout duration. + * @retval HAL status + */ +static HAL_StatusTypeDef HASH_WaitOnFlagUntilTimeout(HASH_HandleTypeDef *hhash, uint32_t Flag, FlagStatus Status, uint32_t Timeout) +{ + 800a3d0: e92d 43f8 stmdb sp!, {r3, r4, r5, r6, r7, r8, r9, lr} + 800a3d4: 4604 mov r4, r0 + 800a3d6: 460e mov r6, r1 + 800a3d8: 4691 mov r9, r2 + 800a3da: 461d mov r5, r3 + uint32_t tickstart = HAL_GetTick(); + 800a3dc: f7fc fe70 bl 80070c0 + 800a3e0: f8df 805c ldr.w r8, [pc, #92] ; 800a440 + 800a3e4: 4607 mov r7, r0 + + /* Wait until flag is set */ + if(Status == RESET) + 800a3e6: f1b9 0f00 cmp.w r9, #0 + 800a3ea: d021 beq.n 800a430 + } + } + } + else + { + while(__HAL_HASH_GET_FLAG(Flag) != RESET) + 800a3ec: f8d8 3024 ldr.w r3, [r8, #36] ; 0x24 + 800a3f0: ea36 0303 bics.w r3, r6, r3 + 800a3f4: d121 bne.n 800a43a + { + /* Check for the Timeout */ + if(Timeout != HAL_MAX_DELAY) + 800a3f6: 1c6b adds r3, r5, #1 + 800a3f8: d0f8 beq.n 800a3ec + { + if(((HAL_GetTick()-tickstart) > Timeout) || (Timeout == 0U)) + 800a3fa: f7fc fe61 bl 80070c0 + 800a3fe: 1bc0 subs r0, r0, r7 + 800a400: 42a8 cmp r0, r5 + 800a402: d80a bhi.n 800a41a + 800a404: 2d00 cmp r5, #0 + 800a406: d1f1 bne.n 800a3ec + 800a408: e007 b.n 800a41a + if(Timeout != HAL_MAX_DELAY) + 800a40a: 1c6a adds r2, r5, #1 + 800a40c: d010 beq.n 800a430 + if(((HAL_GetTick()-tickstart) > Timeout) || (Timeout == 0U)) + 800a40e: f7fc fe57 bl 80070c0 + 800a412: 1bc0 subs r0, r0, r7 + 800a414: 42a8 cmp r0, r5 + 800a416: d800 bhi.n 800a41a + 800a418: b955 cbnz r5, 800a430 + { + /* Set State to Ready to be able to restart later on */ + hhash->State = HAL_HASH_STATE_READY; + 800a41a: 2301 movs r3, #1 + 800a41c: f884 3035 strb.w r3, [r4, #53] ; 0x35 + /* Store time out issue in handle status */ + hhash->Status = HAL_TIMEOUT; + + /* Process Unlocked */ + __HAL_UNLOCK(hhash); + 800a420: 2200 movs r2, #0 + hhash->Status = HAL_TIMEOUT; + 800a422: 2303 movs r3, #3 + 800a424: f884 302c strb.w r3, [r4, #44] ; 0x2c + __HAL_UNLOCK(hhash); + 800a428: f884 2034 strb.w r2, [r4, #52] ; 0x34 + + return HAL_TIMEOUT; + 800a42c: 4618 mov r0, r3 + 800a42e: e005 b.n 800a43c + while(__HAL_HASH_GET_FLAG(Flag) == RESET) + 800a430: f8d8 3024 ldr.w r3, [r8, #36] ; 0x24 + 800a434: ea36 0303 bics.w r3, r6, r3 + 800a438: d1e7 bne.n 800a40a + } + } + } + } + return HAL_OK; + 800a43a: 2000 movs r0, #0 +} + 800a43c: e8bd 83f8 ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, pc} + 800a440: 50060400 .word 0x50060400 + +0800a444 : +} + 800a444: 4770 bx lr + ... + +0800a448 : +{ + 800a448: b538 push {r3, r4, r5, lr} + if(hhash == NULL) + 800a44a: 4604 mov r4, r0 + 800a44c: b328 cbz r0, 800a49a + if(hhash->State == HAL_HASH_STATE_RESET) + 800a44e: f890 3035 ldrb.w r3, [r0, #53] ; 0x35 + 800a452: f003 02ff and.w r2, r3, #255 ; 0xff + 800a456: b91b cbnz r3, 800a460 + hhash->Lock = HAL_UNLOCKED; + 800a458: f880 2034 strb.w r2, [r0, #52] ; 0x34 + HAL_HASH_MspInit(hhash); + 800a45c: f7ff fff2 bl 800a444 + hhash->HashInCount = 0; + 800a460: 2000 movs r0, #0 + MODIFY_REG(HASH->CR, HASH_CR_DATATYPE, hhash->Init.DataType); + 800a462: 4a0f ldr r2, [pc, #60] ; (800a4a0 ) + hhash->HashBuffSize = 0; + 800a464: 61e0 str r0, [r4, #28] + hhash->State = HAL_HASH_STATE_BUSY; + 800a466: 2302 movs r3, #2 + hhash->Phase = HAL_HASH_PHASE_READY; + 800a468: 2101 movs r1, #1 + hhash->State = HAL_HASH_STATE_BUSY; + 800a46a: f884 3035 strb.w r3, [r4, #53] ; 0x35 + hhash->Phase = HAL_HASH_PHASE_READY; + 800a46e: f884 102d strb.w r1, [r4, #45] ; 0x2d + hhash->HashInCount = 0; + 800a472: 6220 str r0, [r4, #32] + hhash->SuspendRequest = HAL_HASH_SUSPEND_NONE; + 800a474: 86e0 strh r0, [r4, #54] ; 0x36 + hhash->HashITCounter = 0; + 800a476: 6260 str r0, [r4, #36] ; 0x24 + hhash->NbWordsAlreadyPushed = 0; + 800a478: 63a0 str r0, [r4, #56] ; 0x38 + MODIFY_REG(HASH->CR, HASH_CR_DATATYPE, hhash->Init.DataType); + 800a47a: 6813 ldr r3, [r2, #0] + 800a47c: 6825 ldr r5, [r4, #0] + 800a47e: f023 0330 bic.w r3, r3, #48 ; 0x30 + 800a482: 432b orrs r3, r5 + 800a484: 6013 str r3, [r2, #0] +__HAL_HASH_RESET_MDMAT(); + 800a486: 6813 ldr r3, [r2, #0] + 800a488: f423 5300 bic.w r3, r3, #8192 ; 0x2000 + 800a48c: 6013 str r3, [r2, #0] + hhash->State = HAL_HASH_STATE_READY; + 800a48e: f884 1035 strb.w r1, [r4, #53] ; 0x35 + hhash->Status = HAL_OK; + 800a492: f884 002c strb.w r0, [r4, #44] ; 0x2c + hhash->ErrorCode = HAL_HASH_ERROR_NONE; + 800a496: 63e0 str r0, [r4, #60] ; 0x3c +} + 800a498: bd38 pop {r3, r4, r5, pc} + return HAL_ERROR; + 800a49a: 2001 movs r0, #1 + 800a49c: e7fc b.n 800a498 + 800a49e: bf00 nop + 800a4a0: 50060400 .word 0x50060400 + +0800a4a4 : + 800a4a4: 4770 bx lr + +0800a4a6 : + 800a4a6: 4770 bx lr + +0800a4a8 : + 800a4a8: 4770 bx lr + +0800a4aa : + 800a4aa: 4770 bx lr + +0800a4ac : +{ + 800a4ac: b570 push {r4, r5, r6, lr} + * suspension time is stored in the handle for resumption later on. + * @retval HAL status + */ +static HAL_StatusTypeDef HASH_IT(HASH_HandleTypeDef *hhash) +{ + if (hhash->State == HAL_HASH_STATE_BUSY) + 800a4ae: f890 3035 ldrb.w r3, [r0, #53] ; 0x35 + 800a4b2: 2b02 cmp r3, #2 +{ + 800a4b4: 4604 mov r4, r0 + if (hhash->State == HAL_HASH_STATE_BUSY) + 800a4b6: b2da uxtb r2, r3 + 800a4b8: f040 80e7 bne.w 800a68a + { + /* ITCounter must not be equal to 0 at this point. Report an error if this is the case. */ + if(hhash->HashITCounter == 0U) + 800a4bc: 6a43 ldr r3, [r0, #36] ; 0x24 + 800a4be: 4d74 ldr r5, [pc, #464] ; (800a690 ) + 800a4c0: b94b cbnz r3, 800a4d6 + { + /* Disable Interrupts */ + __HAL_HASH_DISABLE_IT(HASH_IT_DINI|HASH_IT_DCI); + 800a4c2: 6a2b ldr r3, [r5, #32] + 800a4c4: f023 0303 bic.w r3, r3, #3 + 800a4c8: 622b str r3, [r5, #32] + /* HASH state set back to Ready to prevent any issue in user code + present in HAL_HASH_ErrorCallback() */ + hhash->State = HAL_HASH_STATE_READY; + 800a4ca: 2301 movs r3, #1 + 800a4cc: f880 3035 strb.w r3, [r0, #53] ; 0x35 + hhash->Status = HASH_IT(hhash); + 800a4d0: f884 302c strb.w r3, [r4, #44] ; 0x2c + if (hhash->Status != HAL_OK) + 800a4d4: e099 b.n 800a60a + return HAL_ERROR; + } + else if (hhash->HashITCounter == 1U) + 800a4d6: 6a43 ldr r3, [r0, #36] ; 0x24 + 800a4d8: 2b01 cmp r3, #1 + } + else + { + /* Cruise speed reached, HashITCounter remains equal to 3 until the end of + the HASH processing or the end of the current step for HMAC processing. */ + hhash->HashITCounter = 3U; + 800a4da: bf16 itet ne + 800a4dc: 2303 movne r3, #3 + hhash->HashITCounter = 2U; + 800a4de: 6242 streq r2, [r0, #36] ; 0x24 + hhash->HashITCounter = 3U; + 800a4e0: 6243 strne r3, [r0, #36] ; 0x24 + } + + /* If digest is ready */ + if (__HAL_HASH_GET_FLAG(HASH_FLAG_DCIS)) + 800a4e2: 6a6b ldr r3, [r5, #36] ; 0x24 + 800a4e4: f013 0302 ands.w r3, r3, #2 + 800a4e8: d022 beq.n 800a530 + { + /* Read the digest */ + HASH_GetDigest(hhash->pHashOutBuffPtr, HASH_DIGEST_LENGTH()); + 800a4ea: 682a ldr r2, [r5, #0] + 800a4ec: 4b69 ldr r3, [pc, #420] ; (800a694 ) + 800a4ee: 6900 ldr r0, [r0, #16] + 800a4f0: 421a tst r2, r3 + 800a4f2: d019 beq.n 800a528 + 800a4f4: 682a ldr r2, [r5, #0] + 800a4f6: 401a ands r2, r3 + 800a4f8: f5b2 2f80 cmp.w r2, #262144 ; 0x40000 + 800a4fc: d016 beq.n 800a52c + 800a4fe: 682a ldr r2, [r5, #0] + 800a500: 4393 bics r3, r2 + 800a502: bf0c ite eq + 800a504: 2120 moveq r1, #32 + 800a506: 2110 movne r1, #16 + 800a508: f7ff ff00 bl 800a30c + + /* Disable Interrupts */ + __HAL_HASH_DISABLE_IT(HASH_IT_DINI|HASH_IT_DCI); + 800a50c: 6a2b ldr r3, [r5, #32] + 800a50e: f023 0303 bic.w r3, r3, #3 + 800a512: 622b str r3, [r5, #32] + /* Change the HASH state */ + hhash->State = HAL_HASH_STATE_READY; + 800a514: 2301 movs r3, #1 + 800a516: f884 3035 strb.w r3, [r4, #53] ; 0x35 + /* Reset HASH state machine */ + hhash->Phase = HAL_HASH_PHASE_READY; + 800a51a: f884 302d strb.w r3, [r4, #45] ; 0x2d + /* Call digest computation complete call back */ +#if (USE_HAL_HASH_REGISTER_CALLBACKS == 1) + hhash->DgstCpltCallback(hhash); +#else + HAL_HASH_DgstCpltCallback(hhash); + 800a51e: 4620 mov r0, r4 + 800a520: f7ff ffc2 bl 800a4a8 + hhash->Status = HAL_OK; + 800a524: 2300 movs r3, #0 + 800a526: e015 b.n 800a554 + HASH_GetDigest(hhash->pHashOutBuffPtr, HASH_DIGEST_LENGTH()); + 800a528: 2114 movs r1, #20 + 800a52a: e7ed b.n 800a508 + 800a52c: 211c movs r1, #28 + 800a52e: e7eb b.n 800a508 + + return HAL_OK; + } + + /* If Peripheral ready to accept new data */ + if (__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS)) + 800a530: 6a6a ldr r2, [r5, #36] ; 0x24 + 800a532: 07d2 lsls r2, r2, #31 + 800a534: d5f6 bpl.n 800a524 + { + + /* If the suspension flag has been raised and if the processing is not about + to end, suspend processing */ + if ( (hhash->HashInCount != 0U) && (hhash->SuspendRequest == HAL_HASH_SUSPEND)) + 800a536: 6a02 ldr r2, [r0, #32] + 800a538: b17a cbz r2, 800a55a + 800a53a: f890 2036 ldrb.w r2, [r0, #54] ; 0x36 + 800a53e: 2a01 cmp r2, #1 + 800a540: d10b bne.n 800a55a + { + /* Disable Interrupts */ + __HAL_HASH_DISABLE_IT(HASH_IT_DINI|HASH_IT_DCI); + 800a542: 6a2a ldr r2, [r5, #32] + 800a544: f022 0203 bic.w r2, r2, #3 + 800a548: 622a str r2, [r5, #32] + + /* Reset SuspendRequest */ + hhash->SuspendRequest = HAL_HASH_SUSPEND_NONE; + + /* Change the HASH state */ + hhash->State = HAL_HASH_STATE_SUSPENDED; + 800a54a: 2208 movs r2, #8 + hhash->SuspendRequest = HAL_HASH_SUSPEND_NONE; + 800a54c: f880 3036 strb.w r3, [r0, #54] ; 0x36 + hhash->State = HAL_HASH_STATE_SUSPENDED; + 800a550: f880 2035 strb.w r2, [r0, #53] ; 0x35 + hhash->Status = HAL_OK; + 800a554: f884 302c strb.w r3, [r4, #44] ; 0x2c +} + 800a558: e076 b.n 800a648 + uint32_t buffercounter; + uint32_t inputcounter; + uint32_t ret = HASH_DIGEST_CALCULATION_NOT_STARTED; + + /* If there are more than 64 bytes remaining to be entered */ + if(hhash->HashInCount > 64U) + 800a55a: 6a21 ldr r1, [r4, #32] + { + inputaddr = (uint32_t)hhash->pHashInBuffPtr; + 800a55c: 68e3 ldr r3, [r4, #12] + if(hhash->HashInCount > 64U) + 800a55e: 2940 cmp r1, #64 ; 0x40 + inputaddr = (uint32_t)hhash->pHashInBuffPtr; + 800a560: 461a mov r2, r3 + if(hhash->HashInCount > 64U) + 800a562: d91c bls.n 800a59e + 800a564: f103 0140 add.w r1, r3, #64 ; 0x40 + /* Write the Input block in the Data IN register + (16 32-bit words, or 64 bytes are entered) */ + for(buffercounter = 0U; buffercounter < 64U; buffercounter+=4U) + { + HASH->DIN = *(uint32_t*)inputaddr; + 800a568: f853 0b04 ldr.w r0, [r3], #4 + 800a56c: 6068 str r0, [r5, #4] + for(buffercounter = 0U; buffercounter < 64U; buffercounter+=4U) + 800a56e: 4299 cmp r1, r3 + 800a570: d1fa bne.n 800a568 + inputaddr+=4U; + } + /* If this is the start of input data entering, an additional word + must be entered to start up the HASH processing */ + if(hhash->HashITCounter == 2U) + 800a572: 6a63 ldr r3, [r4, #36] ; 0x24 + 800a574: 2b02 cmp r3, #2 + 800a576: d10d bne.n 800a594 + { + HASH->DIN = *(uint32_t*)inputaddr; + 800a578: 680b ldr r3, [r1, #0] + 800a57a: 606b str r3, [r5, #4] + if(hhash->HashInCount >= 68U) + 800a57c: 6a23 ldr r3, [r4, #32] + 800a57e: 2b43 cmp r3, #67 ; 0x43 + 800a580: d905 bls.n 800a58e + { + /* There are still data waiting to be entered in the Peripheral. + Decrement buffer counter and set pointer to the proper + memory location for the next data entering round. */ + hhash->HashInCount -= 68U; + 800a582: 6a23 ldr r3, [r4, #32] + 800a584: 3b44 subs r3, #68 ; 0x44 + 800a586: 6223 str r3, [r4, #32] + hhash->pHashInBuffPtr+= 68U; + 800a588: 3244 adds r2, #68 ; 0x44 + { + /* 64 bytes have been entered and there are still some remaining: + Decrement buffer counter and set pointer to the proper + memory location for the next data entering round.*/ + hhash->HashInCount -= 64U; + hhash->pHashInBuffPtr+= 64U; + 800a58a: 60e2 str r2, [r4, #12] + /* Reset buffer counter */ + hhash->HashInCount = 0; + } + + /* Return whether or digest calculation has started */ + return ret; + 800a58c: e7ca b.n 800a524 + hhash->HashInCount = 0U; + 800a58e: 2300 movs r3, #0 + 800a590: 6223 str r3, [r4, #32] + return ret; + 800a592: e7c7 b.n 800a524 + hhash->HashInCount -= 64U; + 800a594: 6a23 ldr r3, [r4, #32] + 800a596: 3b40 subs r3, #64 ; 0x40 + 800a598: 6223 str r3, [r4, #32] + hhash->pHashInBuffPtr+= 64U; + 800a59a: 3240 adds r2, #64 ; 0x40 + 800a59c: e7f5 b.n 800a58a + inputcounter = hhash->HashInCount; + 800a59e: 6a22 ldr r2, [r4, #32] + __HAL_HASH_DISABLE_IT(HASH_IT_DINI); + 800a5a0: 6a29 ldr r1, [r5, #32] + for(buffercounter = 0U; buffercounter < ((inputcounter+3U)/4U); buffercounter++) + 800a5a2: 3203 adds r2, #3 + __HAL_HASH_DISABLE_IT(HASH_IT_DINI); + 800a5a4: f021 0101 bic.w r1, r1, #1 + 800a5a8: f022 0203 bic.w r2, r2, #3 + 800a5ac: 6229 str r1, [r5, #32] + for(buffercounter = 0U; buffercounter < ((inputcounter+3U)/4U); buffercounter++) + 800a5ae: 441a add r2, r3 + 800a5b0: 4293 cmp r3, r2 + 800a5b2: d10b bne.n 800a5cc + if (hhash->Accumulation == 1U) + 800a5b4: 6c23 ldr r3, [r4, #64] ; 0x40 + 800a5b6: 2b01 cmp r3, #1 + 800a5b8: d10c bne.n 800a5d4 + hhash->Accumulation = 0U; + 800a5ba: 2500 movs r5, #0 + 800a5bc: 6425 str r5, [r4, #64] ; 0x40 + HAL_HASH_InCpltCallback(hhash); + 800a5be: 4620 mov r0, r4 + hhash->State = HAL_HASH_STATE_READY; + 800a5c0: f884 3035 strb.w r3, [r4, #53] ; 0x35 + HAL_HASH_InCpltCallback(hhash); + 800a5c4: f7ff ff6f bl 800a4a6 + hhash->HashInCount = 0; + 800a5c8: 6225 str r5, [r4, #32] + return ret; + 800a5ca: e7ab b.n 800a524 + HASH->DIN = *(uint32_t*)inputaddr; + 800a5cc: f853 1b04 ldr.w r1, [r3], #4 + 800a5d0: 6069 str r1, [r5, #4] + for(buffercounter = 0U; buffercounter < ((inputcounter+3U)/4U); buffercounter++) + 800a5d2: e7ed b.n 800a5b0 + __HAL_HASH_START_DIGEST(); + 800a5d4: 68ab ldr r3, [r5, #8] + 800a5d6: f443 7380 orr.w r3, r3, #256 ; 0x100 + 800a5da: 60ab str r3, [r5, #8] + hhash->HashInCount = 0; + 800a5dc: 2300 movs r3, #0 + 800a5de: 6223 str r3, [r4, #32] + HAL_HASH_InCpltCallback(hhash); + 800a5e0: 4620 mov r0, r4 + 800a5e2: f7ff ff60 bl 800a4a6 + if (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_1) + 800a5e6: f894 602d ldrb.w r6, [r4, #45] ; 0x2d + 800a5ea: 2e03 cmp r6, #3 + 800a5ec: d12d bne.n 800a64a + if (HASH_WaitOnFlagUntilTimeout(hhash, HASH_FLAG_BUSY, SET, HASH_TIMEOUTVALUE) != HAL_OK) + 800a5ee: f44f 737a mov.w r3, #1000 ; 0x3e8 + 800a5f2: 2201 movs r2, #1 + 800a5f4: 2108 movs r1, #8 + 800a5f6: 4620 mov r0, r4 + 800a5f8: f7ff feea bl 800a3d0 + 800a5fc: b168 cbz r0, 800a61a + __HAL_HASH_DISABLE_IT(HASH_IT_DINI|HASH_IT_DCI); + 800a5fe: 6a2b ldr r3, [r5, #32] + 800a600: f023 0303 bic.w r3, r3, #3 + 800a604: 622b str r3, [r5, #32] + hhash->Status = HASH_IT(hhash); + 800a606: f884 602c strb.w r6, [r4, #44] ; 0x2c + hhash->ErrorCode |= HAL_HASH_ERROR_IT; + 800a60a: 6be3 ldr r3, [r4, #60] ; 0x3c + 800a60c: f043 0301 orr.w r3, r3, #1 + 800a610: 63e3 str r3, [r4, #60] ; 0x3c + HAL_HASH_ErrorCallback(hhash); + 800a612: 4620 mov r0, r4 + 800a614: f7ff ff49 bl 800a4aa + 800a618: e784 b.n 800a524 + hhash->Phase = HAL_HASH_PHASE_HMAC_STEP_2; /* Move phase from Step 1 to Step 2 */ + 800a61a: 2304 movs r3, #4 + 800a61c: f884 302d strb.w r3, [r4, #45] ; 0x2d + __HAL_HASH_SET_NBVALIDBITS(hhash->HashBuffSize); /* Set NBLW for the input message */ + 800a620: 68ab ldr r3, [r5, #8] + 800a622: 69e2 ldr r2, [r4, #28] + 800a624: f023 031f bic.w r3, r3, #31 + 800a628: f002 0103 and.w r1, r2, #3 + 800a62c: ea43 03c1 orr.w r3, r3, r1, lsl #3 + 800a630: 60ab str r3, [r5, #8] + hhash->pHashInBuffPtr = hhash->pHashMsgBuffPtr; /* Set the input data address */ + 800a632: 69a3 ldr r3, [r4, #24] + hhash->HashInCount = hhash->HashBuffSize; /* Set the input data size (in bytes) */ + 800a634: 6222 str r2, [r4, #32] + hhash->pHashInBuffPtr = hhash->Init.pKey; /* Set the key address */ + 800a636: 60e3 str r3, [r4, #12] + hhash->HashITCounter = 1; /* Set ITCounter to 1 to indicate the start of a new phase */ + 800a638: 2301 movs r3, #1 + 800a63a: 6263 str r3, [r4, #36] ; 0x24 + __HAL_HASH_ENABLE_IT(HASH_IT_DINI); /* Enable IT (was disabled in HASH_Write_Block_Data) */ + 800a63c: 6a2b ldr r3, [r5, #32] + 800a63e: f043 0301 orr.w r3, r3, #1 + 800a642: 622b str r3, [r5, #32] + hhash->Status = HASH_IT(hhash); + 800a644: f884 002c strb.w r0, [r4, #44] ; 0x2c +} + 800a648: bd70 pop {r4, r5, r6, pc} + else if (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_2) + 800a64a: 2e04 cmp r6, #4 + 800a64c: f47f af6a bne.w 800a524 + if (HASH_WaitOnFlagUntilTimeout(hhash, HASH_FLAG_BUSY, SET, HASH_TIMEOUTVALUE) != HAL_OK) + 800a650: f44f 737a mov.w r3, #1000 ; 0x3e8 + 800a654: 2201 movs r2, #1 + 800a656: 2108 movs r1, #8 + 800a658: 4620 mov r0, r4 + 800a65a: f7ff feb9 bl 800a3d0 + 800a65e: b128 cbz r0, 800a66c + __HAL_HASH_DISABLE_IT(HASH_IT_DINI|HASH_IT_DCI); + 800a660: 6a2b ldr r3, [r5, #32] + 800a662: f023 0303 bic.w r3, r3, #3 + 800a666: 622b str r3, [r5, #32] + hhash->Status = HASH_IT(hhash); + 800a668: 2303 movs r3, #3 + 800a66a: e731 b.n 800a4d0 + hhash->Phase = HAL_HASH_PHASE_HMAC_STEP_3; /* Move phase from Step 2 to Step 3 */ + 800a66c: 2305 movs r3, #5 + 800a66e: f884 302d strb.w r3, [r4, #45] ; 0x2d + __HAL_HASH_SET_NBVALIDBITS(hhash->Init.KeySize); /* Set NBLW for the key */ + 800a672: 68ab ldr r3, [r5, #8] + 800a674: 6862 ldr r2, [r4, #4] + 800a676: f023 031f bic.w r3, r3, #31 + 800a67a: f002 0103 and.w r1, r2, #3 + 800a67e: ea43 03c1 orr.w r3, r3, r1, lsl #3 + 800a682: 60ab str r3, [r5, #8] + hhash->pHashInBuffPtr = hhash->Init.pKey; /* Set the key address */ + 800a684: 68a3 ldr r3, [r4, #8] + hhash->HashInCount = hhash->Init.KeySize; /* Set the key size (in bytes) */ + 800a686: 6222 str r2, [r4, #32] + hhash->pHashInBuffPtr = hhash->Init.pKey; /* Set the key address */ + 800a688: e7d5 b.n 800a636 + hhash->Status = HASH_IT(hhash); + 800a68a: 2302 movs r3, #2 + 800a68c: e720 b.n 800a4d0 + 800a68e: bf00 nop + 800a690: 50060400 .word 0x50060400 + 800a694: 00040080 .word 0x00040080 + +0800a698 : + return hhash->State; + 800a698: f890 0035 ldrb.w r0, [r0, #53] ; 0x35 +} + 800a69c: 4770 bx lr + +0800a69e : +} + 800a69e: f890 002c ldrb.w r0, [r0, #44] ; 0x2c + 800a6a2: 4770 bx lr + +0800a6a4 : + *(uint32_t*)(mem_ptr) = READ_BIT(HASH->IMR,HASH_IT_DINI|HASH_IT_DCI); + 800a6a4: 4b0e ldr r3, [pc, #56] ; (800a6e0 ) + 800a6a6: 6a1a ldr r2, [r3, #32] + 800a6a8: f002 0203 and.w r2, r2, #3 + 800a6ac: 600a str r2, [r1, #0] + *(uint32_t*)(mem_ptr) = READ_BIT(HASH->STR,HASH_STR_NBLW); + 800a6ae: 689a ldr r2, [r3, #8] + 800a6b0: f002 021f and.w r2, r2, #31 + 800a6b4: 604a str r2, [r1, #4] + *(uint32_t*)(mem_ptr) = READ_BIT(HASH->CR,HASH_CR_DMAE|HASH_CR_DATATYPE|HASH_CR_MODE|HASH_CR_ALGO|HASH_CR_LKEY|HASH_CR_MDMAT); + 800a6b6: 681b ldr r3, [r3, #0] + for (i = HASH_NUMBER_OF_CSR_REGISTERS; i >0U; i--) + 800a6b8: 4a0a ldr r2, [pc, #40] ; (800a6e4 ) + *(uint32_t*)(mem_ptr) = READ_BIT(HASH->CR,HASH_CR_DMAE|HASH_CR_DATATYPE|HASH_CR_MODE|HASH_CR_ALGO|HASH_CR_LKEY|HASH_CR_MDMAT); + 800a6ba: f023 437f bic.w r3, r3, #4278190080 ; 0xff000000 + 800a6be: f423 037a bic.w r3, r3, #16384000 ; 0xfa0000 + 800a6c2: f423 435f bic.w r3, r3, #57088 ; 0xdf00 + 800a6c6: f023 0307 bic.w r3, r3, #7 + 800a6ca: 608b str r3, [r1, #8] + uint32_t csr_ptr = (uint32_t)HASH->CSR; + 800a6cc: 4b06 ldr r3, [pc, #24] ; (800a6e8 ) + mem_ptr+=4U; + 800a6ce: 310c adds r1, #12 + *(uint32_t*)(mem_ptr) = *(uint32_t*)(csr_ptr); + 800a6d0: f853 0b04 ldr.w r0, [r3], #4 + 800a6d4: f841 0b04 str.w r0, [r1], #4 + for (i = HASH_NUMBER_OF_CSR_REGISTERS; i >0U; i--) + 800a6d8: 4293 cmp r3, r2 + 800a6da: d1f9 bne.n 800a6d0 +} + 800a6dc: 4770 bx lr + 800a6de: bf00 nop + 800a6e0: 50060400 .word 0x50060400 + 800a6e4: 500605d0 .word 0x500605d0 + 800a6e8: 500604f8 .word 0x500604f8 + +0800a6ec : + WRITE_REG(HASH->IMR, (*(uint32_t*)(mem_ptr))); + 800a6ec: 4b0a ldr r3, [pc, #40] ; (800a718 ) + 800a6ee: 680a ldr r2, [r1, #0] + 800a6f0: 621a str r2, [r3, #32] + WRITE_REG(HASH->STR, (*(uint32_t*)(mem_ptr))); + 800a6f2: 684a ldr r2, [r1, #4] + 800a6f4: 609a str r2, [r3, #8] + WRITE_REG(HASH->CR, (*(uint32_t*)(mem_ptr))); + 800a6f6: 688a ldr r2, [r1, #8] + 800a6f8: 601a str r2, [r3, #0] + __HAL_HASH_INIT(); + 800a6fa: 681a ldr r2, [r3, #0] + 800a6fc: f042 0204 orr.w r2, r2, #4 + 800a700: 601a str r2, [r3, #0] + for (i = HASH_NUMBER_OF_CSR_REGISTERS; i >0U; i--) + 800a702: 4a06 ldr r2, [pc, #24] ; (800a71c ) + mem_ptr+=4U; + 800a704: 310c adds r1, #12 + uint32_t csr_ptr = (uint32_t)HASH->CSR; + 800a706: 33f8 adds r3, #248 ; 0xf8 + WRITE_REG((*(uint32_t*)(csr_ptr)), (*(uint32_t*)(mem_ptr))); + 800a708: f851 0b04 ldr.w r0, [r1], #4 + 800a70c: f843 0b04 str.w r0, [r3], #4 + for (i = HASH_NUMBER_OF_CSR_REGISTERS; i >0U; i--) + 800a710: 4293 cmp r3, r2 + 800a712: d1f9 bne.n 800a708 +} + 800a714: 4770 bx lr + 800a716: bf00 nop + 800a718: 50060400 .word 0x50060400 + 800a71c: 500605d0 .word 0x500605d0 + +0800a720 : + hhash->SuspendRequest = HAL_HASH_SUSPEND; + 800a720: 2301 movs r3, #1 + 800a722: f880 3036 strb.w r3, [r0, #54] ; 0x36 +} + 800a726: 4770 bx lr + +0800a728 : + return hhash->ErrorCode; + 800a728: 6bc0 ldr r0, [r0, #60] ; 0x3c +} + 800a72a: 4770 bx lr + +0800a72c : + * @param Timeout Timeout value. + * @param Algorithm HASH algorithm. + * @retval HAL status + */ +HAL_StatusTypeDef HASH_Start(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size, uint8_t* pOutBuffer, uint32_t Timeout, uint32_t Algorithm) +{ + 800a72c: b5f8 push {r3, r4, r5, r6, r7, lr} + 800a72e: 461e mov r6, r3 + uint8_t *pInBuffer_tmp; /* input data address, input parameter of HASH_WriteData() */ + uint32_t Size_tmp; /* input data size (in bytes), input parameter of HASH_WriteData() */ + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800a730: f890 3035 ldrb.w r3, [r0, #53] ; 0x35 + + + /* Initiate HASH processing in case of start or resumption */ +if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800a734: 2b01 cmp r3, #1 +{ + 800a736: 4604 mov r4, r0 + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800a738: b2d8 uxtb r0, r3 +if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800a73a: d001 beq.n 800a740 + 800a73c: 2808 cmp r0, #8 + 800a73e: d17a bne.n 800a836 + { + /* Check input parameters */ + if ((pInBuffer == NULL) || (pOutBuffer == NULL)) + 800a740: b101 cbz r1, 800a744 + 800a742: b926 cbnz r6, 800a74e + { + hhash->State = HAL_HASH_STATE_READY; + 800a744: 2501 movs r5, #1 + 800a746: f884 5035 strb.w r5, [r4, #53] ; 0x35 + } + else + { + return HAL_BUSY; + } +} + 800a74a: 4628 mov r0, r5 + 800a74c: bdf8 pop {r3, r4, r5, r6, r7, pc} + __HAL_LOCK(hhash); + 800a74e: f894 3034 ldrb.w r3, [r4, #52] ; 0x34 + 800a752: 2b01 cmp r3, #1 + 800a754: d06f beq.n 800a836 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800a756: f894 302d ldrb.w r3, [r4, #45] ; 0x2d + __HAL_LOCK(hhash); + 800a75a: 2501 movs r5, #1 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800a75c: 42ab cmp r3, r5 + __HAL_LOCK(hhash); + 800a75e: f884 5034 strb.w r5, [r4, #52] ; 0x34 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800a762: d148 bne.n 800a7f6 + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_CR_INIT); + 800a764: 4f36 ldr r7, [pc, #216] ; (800a840 ) + 800a766: 9b07 ldr r3, [sp, #28] + hhash->State = HAL_HASH_STATE_BUSY; + 800a768: f04f 0c02 mov.w ip, #2 + 800a76c: f884 c035 strb.w ip, [r4, #53] ; 0x35 + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_CR_INIT); + 800a770: 683d ldr r5, [r7, #0] + 800a772: f425 25a0 bic.w r5, r5, #327680 ; 0x50000 + 800a776: f025 05c4 bic.w r5, r5, #196 ; 0xc4 + 800a77a: 431d orrs r5, r3 + 800a77c: f045 0504 orr.w r5, r5, #4 + 800a780: 603d str r5, [r7, #0] + __HAL_HASH_SET_NBVALIDBITS(Size); + 800a782: 68b8 ldr r0, [r7, #8] + 800a784: f002 0303 and.w r3, r2, #3 + 800a788: f020 001f bic.w r0, r0, #31 + 800a78c: ea40 03c3 orr.w r3, r0, r3, lsl #3 + 800a790: 60bb str r3, [r7, #8] + hhash->Phase = HAL_HASH_PHASE_PROCESS; + 800a792: f884 c02d strb.w ip, [r4, #45] ; 0x2d + hhash->Status = HASH_WriteData(hhash, pInBuffer_tmp, Size_tmp); + 800a796: 4620 mov r0, r4 + 800a798: f7ff fd78 bl 800a28c + 800a79c: 4605 mov r5, r0 + 800a79e: f884 002c strb.w r0, [r4, #44] ; 0x2c + if (hhash->Status != HAL_OK) + 800a7a2: 2800 cmp r0, #0 + 800a7a4: d1d1 bne.n 800a74a + if (hhash->State != HAL_HASH_STATE_SUSPENDED) + 800a7a6: f894 3035 ldrb.w r3, [r4, #53] ; 0x35 + 800a7aa: 2b08 cmp r3, #8 + 800a7ac: d03b beq.n 800a826 + __HAL_HASH_START_DIGEST(); + 800a7ae: 4f24 ldr r7, [pc, #144] ; (800a840 ) + 800a7b0: 68bb ldr r3, [r7, #8] + 800a7b2: f443 7380 orr.w r3, r3, #256 ; 0x100 + 800a7b6: 60bb str r3, [r7, #8] + if (HASH_WaitOnFlagUntilTimeout(hhash, HASH_FLAG_DCIS, RESET, Timeout) != HAL_OK) + 800a7b8: 4602 mov r2, r0 + 800a7ba: 9b06 ldr r3, [sp, #24] + 800a7bc: 2102 movs r1, #2 + 800a7be: 4620 mov r0, r4 + 800a7c0: f7ff fe06 bl 800a3d0 + 800a7c4: 2800 cmp r0, #0 + 800a7c6: d138 bne.n 800a83a + HASH_GetDigest(pOutBuffer, HASH_DIGEST_LENGTH()); + 800a7c8: 683a ldr r2, [r7, #0] + 800a7ca: 4b1e ldr r3, [pc, #120] ; (800a844 ) + 800a7cc: 421a tst r2, r3 + 800a7ce: d02e beq.n 800a82e + 800a7d0: 683a ldr r2, [r7, #0] + 800a7d2: 401a ands r2, r3 + 800a7d4: f5b2 2f80 cmp.w r2, #262144 ; 0x40000 + 800a7d8: d02b beq.n 800a832 + 800a7da: 683a ldr r2, [r7, #0] + 800a7dc: 4393 bics r3, r2 + 800a7de: bf0c ite eq + 800a7e0: 2120 moveq r1, #32 + 800a7e2: 2110 movne r1, #16 + 800a7e4: 4630 mov r0, r6 + 800a7e6: f7ff fd91 bl 800a30c + hhash->State = HAL_HASH_STATE_READY; + 800a7ea: 2301 movs r3, #1 + 800a7ec: f884 3035 strb.w r3, [r4, #53] ; 0x35 + hhash->Phase = HAL_HASH_PHASE_READY; + 800a7f0: f884 302d strb.w r3, [r4, #45] ; 0x2d + 800a7f4: e017 b.n 800a826 + else if (hhash->Phase == HAL_HASH_PHASE_PROCESS) + 800a7f6: 2b02 cmp r3, #2 + 800a7f8: d113 bne.n 800a822 + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800a7fa: f894 3035 ldrb.w r3, [r4, #53] ; 0x35 + 800a7fe: 2b08 cmp r3, #8 + __HAL_HASH_SET_NBVALIDBITS(Size); + 800a800: bf15 itete ne + 800a802: 4d0f ldrne r5, [pc, #60] ; (800a840 ) + Size_tmp = hhash->HashInCount; + 800a804: 6a22 ldreq r2, [r4, #32] + __HAL_HASH_SET_NBVALIDBITS(Size); + 800a806: 68a8 ldrne r0, [r5, #8] + pInBuffer_tmp = hhash->pHashInBuffPtr; + 800a808: 68e1 ldreq r1, [r4, #12] + __HAL_HASH_SET_NBVALIDBITS(Size); + 800a80a: bf1f itttt ne + 800a80c: f002 0303 andne.w r3, r2, #3 + 800a810: f020 001f bicne.w r0, r0, #31 + 800a814: ea40 03c3 orrne.w r3, r0, r3, lsl #3 + 800a818: 60ab strne r3, [r5, #8] + hhash->State = HAL_HASH_STATE_BUSY; + 800a81a: 2302 movs r3, #2 + 800a81c: f884 3035 strb.w r3, [r4, #53] ; 0x35 + 800a820: e7b9 b.n 800a796 + hhash->State = HAL_HASH_STATE_READY; + 800a822: f884 5035 strb.w r5, [r4, #53] ; 0x35 + __HAL_UNLOCK(hhash); + 800a826: 2300 movs r3, #0 + 800a828: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_OK; + 800a82c: e78d b.n 800a74a + HASH_GetDigest(pOutBuffer, HASH_DIGEST_LENGTH()); + 800a82e: 2114 movs r1, #20 + 800a830: e7d8 b.n 800a7e4 + 800a832: 211c movs r1, #28 + 800a834: e7d6 b.n 800a7e4 + return HAL_BUSY; + 800a836: 2502 movs r5, #2 + 800a838: e787 b.n 800a74a + return HAL_TIMEOUT; + 800a83a: 2503 movs r5, #3 + 800a83c: e785 b.n 800a74a + 800a83e: bf00 nop + 800a840: 50060400 .word 0x50060400 + 800a844: 00040080 .word 0x00040080 + +0800a848 : +{ + 800a848: b513 push {r0, r1, r4, lr} + return HASH_Start(hhash, pInBuffer, Size, pOutBuffer, Timeout, HASH_ALGOSELECTION_MD5); + 800a84a: 2480 movs r4, #128 ; 0x80 + 800a84c: 9401 str r4, [sp, #4] + 800a84e: 9c04 ldr r4, [sp, #16] + 800a850: 9400 str r4, [sp, #0] + 800a852: f7ff ff6b bl 800a72c +} + 800a856: b002 add sp, #8 + 800a858: bd10 pop {r4, pc} + +0800a85a : + 800a85a: f7ff bff5 b.w 800a848 + +0800a85e : +{ + 800a85e: b513 push {r0, r1, r4, lr} + return HASH_Start(hhash, pInBuffer, Size, pOutBuffer, Timeout, HASH_ALGOSELECTION_SHA1); + 800a860: 2400 movs r4, #0 + 800a862: 9401 str r4, [sp, #4] + 800a864: 9c04 ldr r4, [sp, #16] + 800a866: 9400 str r4, [sp, #0] + 800a868: f7ff ff60 bl 800a72c +} + 800a86c: b002 add sp, #8 + 800a86e: bd10 pop {r4, pc} + +0800a870 : + 800a870: f7ff bff5 b.w 800a85e + +0800a874 : + * @param Size length of the input buffer in bytes, must be a multiple of 4. + * @param Algorithm HASH algorithm. + * @retval HAL status + */ +HAL_StatusTypeDef HASH_Accumulate(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size, uint32_t Algorithm) +{ + 800a874: b570 push {r4, r5, r6, lr} + uint8_t *pInBuffer_tmp; /* input data address, input parameter of HASH_WriteData() */ + uint32_t Size_tmp; /* input data size (in bytes), input parameter of HASH_WriteData() */ + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800a876: f890 5035 ldrb.w r5, [r0, #53] ; 0x35 +{ + 800a87a: 4604 mov r4, r0 + + /* Make sure the input buffer size (in bytes) is a multiple of 4 */ + if ((Size % 4U) != 0U) + 800a87c: 0790 lsls r0, r2, #30 + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800a87e: b2ed uxtb r5, r5 + if ((Size % 4U) != 0U) + 800a880: d13e bne.n 800a900 + { + return HAL_ERROR; + } + + /* Initiate HASH processing in case of start or resumption */ +if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800a882: 2d01 cmp r5, #1 + 800a884: d001 beq.n 800a88a + 800a886: 2d08 cmp r5, #8 + 800a888: d13c bne.n 800a904 + { + /* Check input parameters */ + if ((pInBuffer == NULL) || (Size == 0U)) + 800a88a: b101 cbz r1, 800a88e + 800a88c: b91a cbnz r2, 800a896 + { + hhash->State = HAL_HASH_STATE_READY; + 800a88e: 2001 movs r0, #1 + 800a890: f884 0035 strb.w r0, [r4, #53] ; 0x35 + { + return HAL_BUSY; + } + + +} + 800a894: bd70 pop {r4, r5, r6, pc} + __HAL_LOCK(hhash); + 800a896: f894 0034 ldrb.w r0, [r4, #52] ; 0x34 + 800a89a: 2801 cmp r0, #1 + 800a89c: d032 beq.n 800a904 + 800a89e: 2001 movs r0, #1 + 800a8a0: f884 0034 strb.w r0, [r4, #52] ; 0x34 + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800a8a4: f894 0035 ldrb.w r0, [r4, #53] ; 0x35 + 800a8a8: 2808 cmp r0, #8 + 800a8aa: f04f 0002 mov.w r0, #2 + hhash->State = HAL_HASH_STATE_BUSY; + 800a8ae: f884 0035 strb.w r0, [r4, #53] ; 0x35 + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800a8b2: d113 bne.n 800a8dc + pInBuffer_tmp = hhash->pHashInBuffPtr; /* pInBuffer_tmp is set to the input data address */ + 800a8b4: 68e1 ldr r1, [r4, #12] + Size_tmp = hhash->HashInCount; /* Size_tmp contains the input data size in bytes */ + 800a8b6: 6a22 ldr r2, [r4, #32] + hhash->Status = HASH_WriteData(hhash, pInBuffer_tmp, Size_tmp); + 800a8b8: 4620 mov r0, r4 + 800a8ba: f7ff fce7 bl 800a28c + 800a8be: f884 002c strb.w r0, [r4, #44] ; 0x2c + if (hhash->Status != HAL_OK) + 800a8c2: 2800 cmp r0, #0 + 800a8c4: d1e6 bne.n 800a894 + if (hhash->State != HAL_HASH_STATE_SUSPENDED) + 800a8c6: f894 3035 ldrb.w r3, [r4, #53] ; 0x35 + 800a8ca: 2b08 cmp r3, #8 + hhash->State = HAL_HASH_STATE_READY; + 800a8cc: bf1c itt ne + 800a8ce: 2301 movne r3, #1 + 800a8d0: f884 3035 strbne.w r3, [r4, #53] ; 0x35 + __HAL_UNLOCK(hhash); + 800a8d4: 2300 movs r3, #0 + 800a8d6: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_OK; + 800a8da: e7db b.n 800a894 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800a8dc: f894 002d ldrb.w r0, [r4, #45] ; 0x2d + 800a8e0: 2801 cmp r0, #1 + 800a8e2: d109 bne.n 800a8f8 + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_CR_INIT); + 800a8e4: 4e08 ldr r6, [pc, #32] ; (800a908 ) + 800a8e6: 6830 ldr r0, [r6, #0] + 800a8e8: f420 20a0 bic.w r0, r0, #327680 ; 0x50000 + 800a8ec: f020 00c4 bic.w r0, r0, #196 ; 0xc4 + 800a8f0: 4318 orrs r0, r3 + 800a8f2: f040 0004 orr.w r0, r0, #4 + 800a8f6: 6030 str r0, [r6, #0] + hhash->Phase = HAL_HASH_PHASE_PROCESS; + 800a8f8: 2302 movs r3, #2 + 800a8fa: f884 302d strb.w r3, [r4, #45] ; 0x2d + 800a8fe: e7db b.n 800a8b8 + return HAL_ERROR; + 800a900: 2001 movs r0, #1 + 800a902: e7c7 b.n 800a894 + return HAL_BUSY; + 800a904: 2002 movs r0, #2 + 800a906: e7c5 b.n 800a894 + 800a908: 50060400 .word 0x50060400 + +0800a90c : + return HASH_Accumulate(hhash, pInBuffer, Size,HASH_ALGOSELECTION_MD5); + 800a90c: 2380 movs r3, #128 ; 0x80 + 800a90e: f7ff bfb1 b.w 800a874 + +0800a912 : + return HASH_Accumulate(hhash, pInBuffer, Size,HASH_ALGOSELECTION_SHA1); + 800a912: 2300 movs r3, #0 + 800a914: f7ff bfae b.w 800a874 + +0800a918 : + * @param Size length of the input buffer in bytes, must be a multiple of 4. + * @param Algorithm HASH algorithm. + * @retval HAL status + */ +HAL_StatusTypeDef HASH_Accumulate_IT(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size, uint32_t Algorithm) +{ + 800a918: b567 push {r0, r1, r2, r5, r6, lr} + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800a91a: f890 5035 ldrb.w r5, [r0, #53] ; 0x35 + __IO uint32_t inputaddr = (uint32_t) pInBuffer; + 800a91e: 9101 str r1, [sp, #4] + uint32_t SizeVar = Size; + + /* Make sure the input buffer size (in bytes) is a multiple of 4 */ + if ((Size % 4U) != 0U) + 800a920: 0796 lsls r6, r2, #30 + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800a922: b2ed uxtb r5, r5 + if ((Size % 4U) != 0U) + 800a924: d154 bne.n 800a9d0 + { + return HAL_ERROR; + } + + /* Initiate HASH processing in case of start or resumption */ + if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800a926: 2d01 cmp r5, #1 + 800a928: d001 beq.n 800a92e + 800a92a: 2d08 cmp r5, #8 + 800a92c: d152 bne.n 800a9d4 + { + /* Check input parameters */ + if ((pInBuffer == NULL) || (Size == 0U)) + 800a92e: b101 cbz r1, 800a932 + 800a930: b92a cbnz r2, 800a93e + { + hhash->State = HAL_HASH_STATE_READY; + 800a932: 2301 movs r3, #1 + 800a934: f880 3035 strb.w r3, [r0, #53] ; 0x35 + else + { + return HAL_BUSY; + } + +} + 800a938: 4618 mov r0, r3 + 800a93a: b003 add sp, #12 + 800a93c: bd60 pop {r5, r6, pc} + __HAL_LOCK(hhash); + 800a93e: f890 1034 ldrb.w r1, [r0, #52] ; 0x34 + 800a942: 2901 cmp r1, #1 + 800a944: d046 beq.n 800a9d4 + 800a946: 2101 movs r1, #1 + 800a948: f880 1034 strb.w r1, [r0, #52] ; 0x34 + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800a94c: f890 1035 ldrb.w r1, [r0, #53] ; 0x35 + 800a950: 4d21 ldr r5, [pc, #132] ; (800a9d8 ) + 800a952: 2908 cmp r1, #8 + 800a954: f04f 0102 mov.w r1, #2 + hhash->State = HAL_HASH_STATE_BUSY; + 800a958: f880 1035 strb.w r1, [r0, #53] ; 0x35 + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800a95c: d109 bne.n 800a972 + hhash->Accumulation = 1U; + 800a95e: 2301 movs r3, #1 + 800a960: 6403 str r3, [r0, #64] ; 0x40 + __HAL_UNLOCK(hhash); + 800a962: 2300 movs r3, #0 + 800a964: f880 3034 strb.w r3, [r0, #52] ; 0x34 + __HAL_HASH_ENABLE_IT(HASH_IT_DINI); + 800a968: 6a2a ldr r2, [r5, #32] + 800a96a: f042 0201 orr.w r2, r2, #1 + 800a96e: 622a str r2, [r5, #32] + return HAL_OK; + 800a970: e7e2 b.n 800a938 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800a972: f890 602d ldrb.w r6, [r0, #45] ; 0x2d + 800a976: 2e01 cmp r6, #1 + 800a978: d11b bne.n 800a9b2 + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_CR_INIT); + 800a97a: 6829 ldr r1, [r5, #0] + 800a97c: f421 21a0 bic.w r1, r1, #327680 ; 0x50000 + 800a980: f021 01c4 bic.w r1, r1, #196 ; 0xc4 + 800a984: 4319 orrs r1, r3 + 800a986: f041 0104 orr.w r1, r1, #4 + 800a98a: 6029 str r1, [r5, #0] + hhash->HashITCounter = 1; + 800a98c: 6246 str r6, [r0, #36] ; 0x24 + hhash->Phase = HAL_HASH_PHASE_PROCESS; + 800a98e: 2302 movs r3, #2 + 800a990: f880 302d strb.w r3, [r0, #45] ; 0x2d + while((!(__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS))) && (SizeVar > 0U)) + 800a994: 6a6b ldr r3, [r5, #36] ; 0x24 + 800a996: 07d9 lsls r1, r3, #31 + 800a998: d400 bmi.n 800a99c + 800a99a: b96a cbnz r2, 800a9b8 + if ((!(__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS))) || (SizeVar == 0U)) + 800a99c: 6a6b ldr r3, [r5, #36] ; 0x24 + 800a99e: 07db lsls r3, r3, #31 + 800a9a0: d500 bpl.n 800a9a4 + 800a9a2: b98a cbnz r2, 800a9c8 + hhash->State = HAL_HASH_STATE_READY; + 800a9a4: 2301 movs r3, #1 + 800a9a6: f880 3035 strb.w r3, [r0, #53] ; 0x35 + __HAL_UNLOCK(hhash); + 800a9aa: 2300 movs r3, #0 + 800a9ac: f880 3034 strb.w r3, [r0, #52] ; 0x34 + return HAL_OK; + 800a9b0: e7c2 b.n 800a938 + hhash->HashITCounter = 3; /* 'cruise-speed' reached during a previous buffer processing */ + 800a9b2: 2303 movs r3, #3 + 800a9b4: 6243 str r3, [r0, #36] ; 0x24 + 800a9b6: e7ea b.n 800a98e + HASH->DIN = *(uint32_t*)inputaddr; + 800a9b8: 9b01 ldr r3, [sp, #4] + 800a9ba: 681b ldr r3, [r3, #0] + 800a9bc: 606b str r3, [r5, #4] + inputaddr+=4U; + 800a9be: 9b01 ldr r3, [sp, #4] + 800a9c0: 3304 adds r3, #4 + 800a9c2: 9301 str r3, [sp, #4] + SizeVar-=4U; + 800a9c4: 3a04 subs r2, #4 + 800a9c6: e7e5 b.n 800a994 + hhash->HashInCount = SizeVar; /* Counter used to keep track of number of data + 800a9c8: 6202 str r2, [r0, #32] + hhash->pHashInBuffPtr = (uint8_t *)inputaddr; /* Points at data which will be fed to the Peripheral at + 800a9ca: 9b01 ldr r3, [sp, #4] + 800a9cc: 60c3 str r3, [r0, #12] + 800a9ce: e7c6 b.n 800a95e + return HAL_ERROR; + 800a9d0: 2301 movs r3, #1 + 800a9d2: e7b1 b.n 800a938 + return HAL_BUSY; + 800a9d4: 2302 movs r3, #2 + 800a9d6: e7af b.n 800a938 + 800a9d8: 50060400 .word 0x50060400 + +0800a9dc : + return HASH_Accumulate_IT(hhash, pInBuffer, Size,HASH_ALGOSELECTION_MD5); + 800a9dc: 2380 movs r3, #128 ; 0x80 + 800a9de: f7ff bf9b b.w 800a918 + +0800a9e2 : + return HASH_Accumulate_IT(hhash, pInBuffer, Size,HASH_ALGOSELECTION_SHA1); + 800a9e2: 2300 movs r3, #0 + 800a9e4: f7ff bf98 b.w 800a918 + +0800a9e8 : + * @param pOutBuffer pointer to the computed digest. + * @param Algorithm HASH algorithm. + * @retval HAL status + */ +HAL_StatusTypeDef HASH_Start_IT(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size, uint8_t* pOutBuffer, uint32_t Algorithm) +{ + 800a9e8: b573 push {r0, r1, r4, r5, r6, lr} + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800a9ea: f890 4035 ldrb.w r4, [r0, #53] ; 0x35 + __IO uint32_t inputaddr = (uint32_t) pInBuffer; + 800a9ee: 9101 str r1, [sp, #4] + uint32_t polling_step = 0U; + uint32_t initialization_skipped = 0U; + uint32_t SizeVar = Size; + + /* If State is ready or suspended, start or resume IT-based HASH processing */ +if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800a9f0: 2c01 cmp r4, #1 + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800a9f2: b2e5 uxtb r5, r4 +if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800a9f4: d001 beq.n 800a9fa + 800a9f6: 2d08 cmp r5, #8 + 800a9f8: d17f bne.n 800aafa + { + /* Check input parameters */ + if ((pInBuffer == NULL) || (Size == 0U) || (pOutBuffer == NULL)) + 800a9fa: b109 cbz r1, 800aa00 + 800a9fc: b102 cbz r2, 800aa00 + 800a9fe: b92b cbnz r3, 800aa0c + { + hhash->State = HAL_HASH_STATE_READY; + 800aa00: 2201 movs r2, #1 + 800aa02: f880 2035 strb.w r2, [r0, #53] ; 0x35 + else + { + return HAL_BUSY; + } + +} + 800aa06: 4610 mov r0, r2 + 800aa08: b002 add sp, #8 + 800aa0a: bd70 pop {r4, r5, r6, pc} + __HAL_LOCK(hhash); + 800aa0c: f890 4034 ldrb.w r4, [r0, #52] ; 0x34 + 800aa10: 2c01 cmp r4, #1 + 800aa12: f04f 0402 mov.w r4, #2 + 800aa16: d072 beq.n 800aafe + hhash->State = HAL_HASH_STATE_BUSY; + 800aa18: f880 4035 strb.w r4, [r0, #53] ; 0x35 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800aa1c: f890 402d ldrb.w r4, [r0, #45] ; 0x2d + __HAL_LOCK(hhash); + 800aa20: 2601 movs r6, #1 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800aa22: 42b4 cmp r4, r6 + __HAL_LOCK(hhash); + 800aa24: f880 6034 strb.w r6, [r0, #52] ; 0x34 + hhash->HashITCounter = 1; + 800aa28: 4c36 ldr r4, [pc, #216] ; (800ab04 ) + 800aa2a: 6246 str r6, [r0, #36] ; 0x24 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800aa2c: d115 bne.n 800aa5a + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_CR_INIT); + 800aa2e: 6825 ldr r5, [r4, #0] + 800aa30: 9e06 ldr r6, [sp, #24] + 800aa32: f425 25a0 bic.w r5, r5, #327680 ; 0x50000 + 800aa36: f025 05c4 bic.w r5, r5, #196 ; 0xc4 + 800aa3a: 4335 orrs r5, r6 + 800aa3c: f045 0504 orr.w r5, r5, #4 + 800aa40: 6025 str r5, [r4, #0] + __HAL_HASH_SET_NBVALIDBITS(SizeVar); + 800aa42: 68a6 ldr r6, [r4, #8] + 800aa44: f002 0503 and.w r5, r2, #3 + 800aa48: f026 061f bic.w r6, r6, #31 + 800aa4c: ea46 05c5 orr.w r5, r6, r5, lsl #3 + 800aa50: 60a5 str r5, [r4, #8] + hhash->pHashOutBuffPtr = pOutBuffer; /* Points at the computed digest */ + 800aa52: e9c0 1303 strd r1, r3, [r0, #12] + hhash->HashInCount = SizeVar; /* Counter used to keep track of number of data + 800aa56: 6202 str r2, [r0, #32] + uint32_t initialization_skipped = 0U; + 800aa58: 2600 movs r6, #0 + hhash->Phase = HAL_HASH_PHASE_PROCESS; + 800aa5a: 2102 movs r1, #2 + 800aa5c: f880 102d strb.w r1, [r0, #45] ; 0x2d + uint32_t polling_step = 0U; + 800aa60: 2100 movs r1, #0 + while((!(__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS))) && (SizeVar > 3U)) + 800aa62: 6a65 ldr r5, [r4, #36] ; 0x24 + 800aa64: 07ed lsls r5, r5, #31 + 800aa66: d401 bmi.n 800aa6c + 800aa68: 2a03 cmp r2, #3 + 800aa6a: d80d bhi.n 800aa88 + if (polling_step == 1U) + 800aa6c: b349 cbz r1, 800aac2 + if (SizeVar == 0U) + 800aa6e: b9a2 cbnz r2, 800aa9a + hhash->pHashOutBuffPtr = pOutBuffer; /* Points at the computed digest */ + 800aa70: 6103 str r3, [r0, #16] + __HAL_HASH_START_DIGEST(); + 800aa72: 68a3 ldr r3, [r4, #8] + 800aa74: f443 7380 orr.w r3, r3, #256 ; 0x100 + 800aa78: 60a3 str r3, [r4, #8] + __HAL_UNLOCK(hhash); + 800aa7a: f880 2034 strb.w r2, [r0, #52] ; 0x34 + __HAL_HASH_ENABLE_IT(HASH_IT_DCI); + 800aa7e: 6a23 ldr r3, [r4, #32] + 800aa80: f043 0302 orr.w r3, r3, #2 + __HAL_HASH_ENABLE_IT(HASH_IT_DINI|HASH_IT_DCI); + 800aa84: 6223 str r3, [r4, #32] + return HAL_OK; + 800aa86: e7be b.n 800aa06 + HASH->DIN = *(uint32_t*)inputaddr; + 800aa88: 9901 ldr r1, [sp, #4] + 800aa8a: 6809 ldr r1, [r1, #0] + 800aa8c: 6061 str r1, [r4, #4] + inputaddr+=4U; + 800aa8e: 9901 ldr r1, [sp, #4] + 800aa90: 3104 adds r1, #4 + 800aa92: 9101 str r1, [sp, #4] + SizeVar-=4U; + 800aa94: 3a04 subs r2, #4 + polling_step = 1U; /* note that some words are entered before enabling the interrupt */ + 800aa96: 2101 movs r1, #1 + 800aa98: e7e3 b.n 800aa62 + else if (__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS)) + 800aa9a: 6a61 ldr r1, [r4, #36] ; 0x24 + __HAL_HASH_SET_NBVALIDBITS(SizeVar); /* Update the configuration of the number of valid bits in last word of the message */ + 800aa9c: f002 0503 and.w r5, r2, #3 + else if (__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS)) + 800aaa0: f011 0101 ands.w r1, r1, #1 + __HAL_HASH_SET_NBVALIDBITS(SizeVar); /* Update the configuration of the number of valid bits in last word of the message */ + 800aaa4: ea4f 05c5 mov.w r5, r5, lsl #3 + else if (__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS)) + 800aaa8: d012 beq.n 800aad0 + hhash->HashInCount = SizeVar; + 800aaaa: 6202 str r2, [r0, #32] + hhash->pHashInBuffPtr = (uint8_t *)inputaddr; + 800aaac: 9a01 ldr r2, [sp, #4] + 800aaae: 60c2 str r2, [r0, #12] + __HAL_HASH_SET_NBVALIDBITS(SizeVar); /* Update the configuration of the number of valid bits in last word of the message */ + 800aab0: 68a2 ldr r2, [r4, #8] + 800aab2: f022 021f bic.w r2, r2, #31 + 800aab6: 432a orrs r2, r5 + 800aab8: 60a2 str r2, [r4, #8] + hhash->pHashOutBuffPtr = pOutBuffer; /* Points at the computed digest */ + 800aaba: 6103 str r3, [r0, #16] + if (initialization_skipped == 1U) + 800aabc: b10e cbz r6, 800aac2 + hhash->HashITCounter = 3; /* 'cruise-speed' reached during a previous buffer processing */ + 800aabe: 2303 movs r3, #3 + 800aac0: 6243 str r3, [r0, #36] ; 0x24 + __HAL_UNLOCK(hhash); + 800aac2: 2200 movs r2, #0 + 800aac4: f880 2034 strb.w r2, [r0, #52] ; 0x34 + __HAL_HASH_ENABLE_IT(HASH_IT_DINI|HASH_IT_DCI); + 800aac8: 6a23 ldr r3, [r4, #32] + 800aaca: f043 0303 orr.w r3, r3, #3 + 800aace: e7d9 b.n 800aa84 + __HAL_HASH_SET_NBVALIDBITS(SizeVar); + 800aad0: 68a2 ldr r2, [r4, #8] + 800aad2: f022 021f bic.w r2, r2, #31 + 800aad6: 432a orrs r2, r5 + 800aad8: 60a2 str r2, [r4, #8] + HASH->DIN = *(uint32_t*)inputaddr; + 800aada: 9a01 ldr r2, [sp, #4] + 800aadc: 6812 ldr r2, [r2, #0] + 800aade: 6062 str r2, [r4, #4] + hhash->pHashOutBuffPtr = pOutBuffer; /* Points at the computed digest */ + 800aae0: 6103 str r3, [r0, #16] + __HAL_HASH_START_DIGEST(); + 800aae2: 68a3 ldr r3, [r4, #8] + 800aae4: f443 7380 orr.w r3, r3, #256 ; 0x100 + 800aae8: 60a3 str r3, [r4, #8] + __HAL_UNLOCK(hhash); + 800aaea: f880 1034 strb.w r1, [r0, #52] ; 0x34 + __HAL_HASH_ENABLE_IT(HASH_IT_DCI); + 800aaee: 6a23 ldr r3, [r4, #32] + 800aaf0: f043 0302 orr.w r3, r3, #2 + 800aaf4: 6223 str r3, [r4, #32] + return HAL_OK; + 800aaf6: 460a mov r2, r1 + 800aaf8: e785 b.n 800aa06 + return HAL_BUSY; + 800aafa: 2202 movs r2, #2 + 800aafc: e783 b.n 800aa06 + 800aafe: 4622 mov r2, r4 + 800ab00: e781 b.n 800aa06 + 800ab02: bf00 nop + 800ab04: 50060400 .word 0x50060400 + +0800ab08 : +{ + 800ab08: b513 push {r0, r1, r4, lr} + return HASH_Start_IT(hhash, pInBuffer, Size, pOutBuffer,HASH_ALGOSELECTION_MD5); + 800ab0a: 2480 movs r4, #128 ; 0x80 + 800ab0c: 9400 str r4, [sp, #0] + 800ab0e: f7ff ff6b bl 800a9e8 +} + 800ab12: b002 add sp, #8 + 800ab14: bd10 pop {r4, pc} + +0800ab16 : + 800ab16: f7ff bff7 b.w 800ab08 + +0800ab1a : +{ + 800ab1a: b513 push {r0, r1, r4, lr} + return HASH_Start_IT(hhash, pInBuffer, Size, pOutBuffer,HASH_ALGOSELECTION_SHA1); + 800ab1c: 2400 movs r4, #0 + 800ab1e: 9400 str r4, [sp, #0] + 800ab20: f7ff ff62 bl 800a9e8 +} + 800ab24: b002 add sp, #8 + 800ab26: bd10 pop {r4, pc} + +0800ab28 : + 800ab28: f7ff bff7 b.w 800ab1a + +0800ab2c : + * @param pOutBuffer pointer to the computed digest. + * @param Timeout Timeout value. + * @retval HAL status + */ +HAL_StatusTypeDef HASH_Finish(HASH_HandleTypeDef *hhash, uint8_t* pOutBuffer, uint32_t Timeout) +{ + 800ab2c: b570 push {r4, r5, r6, lr} + 800ab2e: 4613 mov r3, r2 + + if(hhash->State == HAL_HASH_STATE_READY) + 800ab30: f890 2035 ldrb.w r2, [r0, #53] ; 0x35 + 800ab34: 2a01 cmp r2, #1 +{ + 800ab36: 4605 mov r5, r0 + 800ab38: 460e mov r6, r1 + if(hhash->State == HAL_HASH_STATE_READY) + 800ab3a: b2d4 uxtb r4, r2 + 800ab3c: d12f bne.n 800ab9e + { + /* Check parameter */ + if (pOutBuffer == NULL) + 800ab3e: b341 cbz r1, 800ab92 + { + return HAL_ERROR; + } + + /* Process Locked */ + __HAL_LOCK(hhash); + 800ab40: f890 2034 ldrb.w r2, [r0, #52] ; 0x34 + 800ab44: 2a01 cmp r2, #1 + 800ab46: f04f 0102 mov.w r1, #2 + 800ab4a: d028 beq.n 800ab9e + 800ab4c: f880 4034 strb.w r4, [r0, #52] ; 0x34 + + /* Change the HASH state to busy */ + hhash->State = HAL_HASH_STATE_BUSY; + 800ab50: f880 1035 strb.w r1, [r0, #53] ; 0x35 + + /* Wait for DCIS flag to be set */ + if (HASH_WaitOnFlagUntilTimeout(hhash, HASH_FLAG_DCIS, RESET, Timeout) != HAL_OK) + 800ab54: 2200 movs r2, #0 + 800ab56: f7ff fc3b bl 800a3d0 + 800ab5a: 4604 mov r4, r0 + 800ab5c: bb08 cbnz r0, 800aba2 + { + return HAL_TIMEOUT; + } + + /* Read the message digest */ + HASH_GetDigest(pOutBuffer, HASH_DIGEST_LENGTH()); + 800ab5e: 4a12 ldr r2, [pc, #72] ; (800aba8 ) + 800ab60: 4b12 ldr r3, [pc, #72] ; (800abac ) + 800ab62: 6811 ldr r1, [r2, #0] + 800ab64: 4219 tst r1, r3 + 800ab66: d016 beq.n 800ab96 + 800ab68: 6811 ldr r1, [r2, #0] + 800ab6a: 4019 ands r1, r3 + 800ab6c: f5b1 2f80 cmp.w r1, #262144 ; 0x40000 + 800ab70: d013 beq.n 800ab9a + 800ab72: 6812 ldr r2, [r2, #0] + 800ab74: 4393 bics r3, r2 + 800ab76: bf0c ite eq + 800ab78: 2120 moveq r1, #32 + 800ab7a: 2110 movne r1, #16 + 800ab7c: 4630 mov r0, r6 + 800ab7e: f7ff fbc5 bl 800a30c + + /* Change the HASH state to ready */ + hhash->State = HAL_HASH_STATE_READY; + 800ab82: 2301 movs r3, #1 + 800ab84: f885 3035 strb.w r3, [r5, #53] ; 0x35 + + /* Reset HASH state machine */ + hhash->Phase = HAL_HASH_PHASE_READY; + 800ab88: f885 302d strb.w r3, [r5, #45] ; 0x2d + + /* Process UnLock */ + __HAL_UNLOCK(hhash); + 800ab8c: 2300 movs r3, #0 + 800ab8e: f885 3034 strb.w r3, [r5, #52] ; 0x34 + else + { + return HAL_BUSY; + } + +} + 800ab92: 4620 mov r0, r4 + 800ab94: bd70 pop {r4, r5, r6, pc} + HASH_GetDigest(pOutBuffer, HASH_DIGEST_LENGTH()); + 800ab96: 2114 movs r1, #20 + 800ab98: e7f0 b.n 800ab7c + 800ab9a: 211c movs r1, #28 + 800ab9c: e7ee b.n 800ab7c + return HAL_BUSY; + 800ab9e: 2402 movs r4, #2 + 800aba0: e7f7 b.n 800ab92 + return HAL_TIMEOUT; + 800aba2: 2403 movs r4, #3 + 800aba4: e7f5 b.n 800ab92 + 800aba6: bf00 nop + 800aba8: 50060400 .word 0x50060400 + 800abac: 00040080 .word 0x00040080 + +0800abb0 : + * @param Timeout Timeout value. + * @param Algorithm HASH algorithm. + * @retval HAL status + */ +HAL_StatusTypeDef HMAC_Start(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size, uint8_t* pOutBuffer, uint32_t Timeout, uint32_t Algorithm) +{ + 800abb0: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 800abb4: 4604 mov r4, r0 + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800abb6: f890 0035 ldrb.w r0, [r0, #53] ; 0x35 + + /* If State is ready or suspended, start or resume polling-based HASH processing */ +if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800abba: 2801 cmp r0, #1 +{ + 800abbc: e9dd 7e06 ldrd r7, lr, [sp, #24] + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800abc0: b2c5 uxtb r5, r0 +if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800abc2: d002 beq.n 800abca + 800abc4: 2d08 cmp r5, #8 + 800abc6: f040 80df bne.w 800ad88 + { + /* Check input parameters */ + if ((pInBuffer == NULL) || /*(Size == 0U) ||*/ (hhash->Init.pKey == NULL) || (hhash->Init.KeySize == 0U) || (pOutBuffer == NULL)) + 800abca: b139 cbz r1, 800abdc + 800abcc: f8d4 c008 ldr.w ip, [r4, #8] + 800abd0: f1bc 0f00 cmp.w ip, #0 + 800abd4: d002 beq.n 800abdc + 800abd6: 6865 ldr r5, [r4, #4] + 800abd8: b105 cbz r5, 800abdc + 800abda: b923 cbnz r3, 800abe6 + { + hhash->State = HAL_HASH_STATE_READY; + 800abdc: 2001 movs r0, #1 + 800abde: f884 0035 strb.w r0, [r4, #53] ; 0x35 + return HMAC_Processing(hhash, Timeout); + + } + else + { + return HAL_BUSY; + 800abe2: 4605 mov r5, r0 + 800abe4: e05b b.n 800ac9e + __HAL_LOCK(hhash); + 800abe6: f894 0034 ldrb.w r0, [r4, #52] ; 0x34 + 800abea: 2801 cmp r0, #1 + 800abec: f04f 0002 mov.w r0, #2 + 800abf0: d0f7 beq.n 800abe2 + hhash->State = HAL_HASH_STATE_BUSY; + 800abf2: f884 0035 strb.w r0, [r4, #53] ; 0x35 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800abf6: f894 002d ldrb.w r0, [r4, #45] ; 0x2d + __HAL_LOCK(hhash); + 800abfa: 2601 movs r6, #1 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800abfc: 42b0 cmp r0, r6 + __HAL_LOCK(hhash); + 800abfe: f884 6034 strb.w r6, [r4, #52] ; 0x34 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800ac02: d118 bne.n 800ac36 + if(hhash->Init.KeySize > 64U) + 800ac04: 4e61 ldr r6, [pc, #388] ; (800ad8c ) + 800ac06: f8df 818c ldr.w r8, [pc, #396] ; 800ad94 + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_ALGOMODE_HMAC | HASH_HMAC_KEYTYPE_LONGKEY | HASH_CR_INIT); + 800ac0a: 6830 ldr r0, [r6, #0] + 800ac0c: ea00 0008 and.w r0, r0, r8 + 800ac10: ea40 000e orr.w r0, r0, lr + if(hhash->Init.KeySize > 64U) + 800ac14: 2d40 cmp r5, #64 ; 0x40 + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_ALGOMODE_HMAC | HASH_HMAC_KEYTYPE_LONGKEY | HASH_CR_INIT); + 800ac16: bf88 it hi + 800ac18: f440 3080 orrhi.w r0, r0, #65536 ; 0x10000 + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_ALGOMODE_HMAC | HASH_CR_INIT); + 800ac1c: f040 0044 orr.w r0, r0, #68 ; 0x44 + 800ac20: 6030 str r0, [r6, #0] + hhash->pHashInBuffPtr = pInBuffer; /* Input data address, HMAC_Processing input parameter for Step 2 */ + 800ac22: e9c4 1303 strd r1, r3, [r4, #12] + hhash->Phase = HAL_HASH_PHASE_HMAC_STEP_1; + 800ac26: 2003 movs r0, #3 + hhash->HashInCount = Size; /* Input data size, HMAC_Processing input parameter for Step 2 */ + 800ac28: 6222 str r2, [r4, #32] + hhash->Phase = HAL_HASH_PHASE_HMAC_STEP_1; + 800ac2a: f884 002d strb.w r0, [r4, #45] ; 0x2d + hhash->HashBuffSize = Size; /* Store the input buffer size for the whole HMAC process */ + 800ac2e: 61e2 str r2, [r4, #28] + hhash->pHashKeyBuffPtr = hhash->Init.pKey; /* Key address, HMAC_Processing input parameter for Step 1 and Step 3 */ + 800ac30: f8c4 c014 str.w ip, [r4, #20] + hhash->HashKeyCount = hhash->Init.KeySize; /* Key size, HMAC_Processing input parameter for Step 1 and Step 3 */ + 800ac34: 62a5 str r5, [r4, #40] ; 0x28 + if ((hhash->Phase != HAL_HASH_PHASE_HMAC_STEP_1) && (hhash->Phase != HAL_HASH_PHASE_HMAC_STEP_2) && (hhash->Phase != HAL_HASH_PHASE_HMAC_STEP_3)) + 800ac36: f894 302d ldrb.w r3, [r4, #45] ; 0x2d + 800ac3a: 1eda subs r2, r3, #3 + 800ac3c: 2a02 cmp r2, #2 + 800ac3e: d906 bls.n 800ac4e + hhash->State = HAL_HASH_STATE_READY; + 800ac40: 2001 movs r0, #1 + __HAL_UNLOCK(hhash); + 800ac42: 2300 movs r3, #0 + hhash->State = HAL_HASH_STATE_READY; + 800ac44: f884 0035 strb.w r0, [r4, #53] ; 0x35 + __HAL_UNLOCK(hhash); + 800ac48: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_ERROR; + 800ac4c: e7c9 b.n 800abe2 + if (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_1) + 800ac4e: 2b03 cmp r3, #3 + 800ac50: 4e4e ldr r6, [pc, #312] ; (800ad8c ) + 800ac52: d155 bne.n 800ad00 + __HAL_HASH_SET_NBVALIDBITS(hhash->Init.KeySize); + 800ac54: 68b3 ldr r3, [r6, #8] + hhash->Status = HASH_WriteData(hhash, hhash->pHashKeyBuffPtr, hhash->HashKeyCount); + 800ac56: 6961 ldr r1, [r4, #20] + __HAL_HASH_SET_NBVALIDBITS(hhash->Init.KeySize); + 800ac58: f023 031f bic.w r3, r3, #31 + 800ac5c: f005 0503 and.w r5, r5, #3 + 800ac60: ea43 05c5 orr.w r5, r3, r5, lsl #3 + 800ac64: 60b5 str r5, [r6, #8] + hhash->Status = HASH_WriteData(hhash, hhash->pHashKeyBuffPtr, hhash->HashKeyCount); + 800ac66: 6aa2 ldr r2, [r4, #40] ; 0x28 + 800ac68: 4620 mov r0, r4 + 800ac6a: f7ff fb0f bl 800a28c + 800ac6e: 4605 mov r5, r0 + 800ac70: f884 002c strb.w r0, [r4, #44] ; 0x2c + if (hhash->Status != HAL_OK) + 800ac74: b998 cbnz r0, 800ac9e + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800ac76: f894 3035 ldrb.w r3, [r4, #53] ; 0x35 + 800ac7a: 2b08 cmp r3, #8 + 800ac7c: d103 bne.n 800ac86 + __HAL_UNLOCK(hhash); + 800ac7e: 2000 movs r0, #0 + 800ac80: f884 0034 strb.w r0, [r4, #52] ; 0x34 + return HAL_OK; + 800ac84: e7ad b.n 800abe2 + __HAL_HASH_START_DIGEST(); + 800ac86: 68b3 ldr r3, [r6, #8] + 800ac88: f443 7380 orr.w r3, r3, #256 ; 0x100 + 800ac8c: 60b3 str r3, [r6, #8] + if (HASH_WaitOnFlagUntilTimeout(hhash, HASH_FLAG_BUSY, SET, Timeout) != HAL_OK) + 800ac8e: 2201 movs r2, #1 + 800ac90: 463b mov r3, r7 + 800ac92: 2108 movs r1, #8 + 800ac94: 4620 mov r0, r4 + 800ac96: f7ff fb9b bl 800a3d0 + 800ac9a: b118 cbz r0, 800aca4 + return HAL_TIMEOUT; + 800ac9c: 2503 movs r5, #3 + } +} + 800ac9e: 4628 mov r0, r5 + 800aca0: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + hhash->Phase = HAL_HASH_PHASE_HMAC_STEP_2; + 800aca4: 2304 movs r3, #4 + 800aca6: f884 302d strb.w r3, [r4, #45] ; 0x2d + __HAL_HASH_SET_NBVALIDBITS(hhash->HashBuffSize); + 800acaa: 68b3 ldr r3, [r6, #8] + 800acac: 69e2 ldr r2, [r4, #28] + hhash->Status = HASH_WriteData(hhash, hhash->pHashInBuffPtr, hhash->HashInCount); + 800acae: 68e1 ldr r1, [r4, #12] + __HAL_HASH_SET_NBVALIDBITS(hhash->HashBuffSize); + 800acb0: f002 0203 and.w r2, r2, #3 + 800acb4: f023 031f bic.w r3, r3, #31 + 800acb8: ea43 03c2 orr.w r3, r3, r2, lsl #3 + 800acbc: 60b3 str r3, [r6, #8] + hhash->Status = HASH_WriteData(hhash, hhash->pHashInBuffPtr, hhash->HashInCount); + 800acbe: 6a22 ldr r2, [r4, #32] + 800acc0: 4620 mov r0, r4 + 800acc2: f7ff fae3 bl 800a28c + 800acc6: 4605 mov r5, r0 + 800acc8: f884 002c strb.w r0, [r4, #44] ; 0x2c + if (hhash->Status != HAL_OK) + 800accc: 2800 cmp r0, #0 + 800acce: d1e6 bne.n 800ac9e + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800acd0: f894 3035 ldrb.w r3, [r4, #53] ; 0x35 + 800acd4: 2b08 cmp r3, #8 + 800acd6: d0d2 beq.n 800ac7e + __HAL_HASH_START_DIGEST(); + 800acd8: 68b3 ldr r3, [r6, #8] + 800acda: f443 7380 orr.w r3, r3, #256 ; 0x100 + 800acde: 60b3 str r3, [r6, #8] + if (HASH_WaitOnFlagUntilTimeout(hhash, HASH_FLAG_BUSY, SET, Timeout) != HAL_OK) + 800ace0: 2201 movs r2, #1 + 800ace2: 463b mov r3, r7 + 800ace4: 2108 movs r1, #8 + 800ace6: 4620 mov r0, r4 + 800ace8: f7ff fb72 bl 800a3d0 + 800acec: 2800 cmp r0, #0 + 800acee: d1d5 bne.n 800ac9c + hhash->Phase = HAL_HASH_PHASE_HMAC_STEP_3; + 800acf0: 2305 movs r3, #5 + 800acf2: f884 302d strb.w r3, [r4, #45] ; 0x2d + hhash->pHashKeyBuffPtr = hhash->Init.pKey; + 800acf6: 68a3 ldr r3, [r4, #8] + 800acf8: 6163 str r3, [r4, #20] + hhash->HashKeyCount = hhash->Init.KeySize; + 800acfa: 6863 ldr r3, [r4, #4] + 800acfc: 62a3 str r3, [r4, #40] ; 0x28 + if (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_3) + 800acfe: e001 b.n 800ad04 + if (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_2) + 800ad00: 2b04 cmp r3, #4 + 800ad02: d0d2 beq.n 800acaa + __HAL_HASH_SET_NBVALIDBITS(hhash->Init.KeySize); + 800ad04: 68b3 ldr r3, [r6, #8] + 800ad06: 6862 ldr r2, [r4, #4] + hhash->Status = HASH_WriteData(hhash, hhash->pHashKeyBuffPtr, hhash->HashKeyCount); + 800ad08: 6961 ldr r1, [r4, #20] + __HAL_HASH_SET_NBVALIDBITS(hhash->Init.KeySize); + 800ad0a: f002 0203 and.w r2, r2, #3 + 800ad0e: f023 031f bic.w r3, r3, #31 + 800ad12: ea43 03c2 orr.w r3, r3, r2, lsl #3 + 800ad16: 60b3 str r3, [r6, #8] + hhash->Status = HASH_WriteData(hhash, hhash->pHashKeyBuffPtr, hhash->HashKeyCount); + 800ad18: 6aa2 ldr r2, [r4, #40] ; 0x28 + 800ad1a: 4620 mov r0, r4 + 800ad1c: f7ff fab6 bl 800a28c + 800ad20: 4605 mov r5, r0 + 800ad22: f884 002c strb.w r0, [r4, #44] ; 0x2c + if (hhash->Status != HAL_OK) + 800ad26: 2800 cmp r0, #0 + 800ad28: d1b9 bne.n 800ac9e + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800ad2a: f894 3035 ldrb.w r3, [r4, #53] ; 0x35 + 800ad2e: 2b08 cmp r3, #8 + 800ad30: d0a5 beq.n 800ac7e + __HAL_HASH_START_DIGEST(); + 800ad32: 68b3 ldr r3, [r6, #8] + 800ad34: f443 7380 orr.w r3, r3, #256 ; 0x100 + 800ad38: 60b3 str r3, [r6, #8] + if (HASH_WaitOnFlagUntilTimeout(hhash, HASH_FLAG_DCIS, RESET, Timeout) != HAL_OK) + 800ad3a: 4602 mov r2, r0 + 800ad3c: 463b mov r3, r7 + 800ad3e: 2102 movs r1, #2 + 800ad40: 4620 mov r0, r4 + 800ad42: f7ff fb45 bl 800a3d0 + 800ad46: 4605 mov r5, r0 + 800ad48: 2800 cmp r0, #0 + 800ad4a: d1a7 bne.n 800ac9c + HASH_GetDigest(hhash->pHashOutBuffPtr, HASH_DIGEST_LENGTH()); + 800ad4c: 6832 ldr r2, [r6, #0] + 800ad4e: 4b10 ldr r3, [pc, #64] ; (800ad90 ) + 800ad50: 6920 ldr r0, [r4, #16] + 800ad52: 421a tst r2, r3 + 800ad54: d014 beq.n 800ad80 + 800ad56: 6832 ldr r2, [r6, #0] + 800ad58: 401a ands r2, r3 + 800ad5a: f5b2 2f80 cmp.w r2, #262144 ; 0x40000 + 800ad5e: d011 beq.n 800ad84 + 800ad60: 6832 ldr r2, [r6, #0] + 800ad62: 4393 bics r3, r2 + 800ad64: bf0c ite eq + 800ad66: 2120 moveq r1, #32 + 800ad68: 2110 movne r1, #16 + 800ad6a: f7ff facf bl 800a30c + hhash->Phase = HAL_HASH_PHASE_READY; + 800ad6e: 2301 movs r3, #1 + 800ad70: f884 302d strb.w r3, [r4, #45] ; 0x2d + hhash->State = HAL_HASH_STATE_READY; + 800ad74: f884 3035 strb.w r3, [r4, #53] ; 0x35 + __HAL_UNLOCK(hhash); + 800ad78: 2300 movs r3, #0 + 800ad7a: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_OK; + 800ad7e: e78e b.n 800ac9e + HASH_GetDigest(hhash->pHashOutBuffPtr, HASH_DIGEST_LENGTH()); + 800ad80: 2114 movs r1, #20 + 800ad82: e7f2 b.n 800ad6a + 800ad84: 211c movs r1, #28 + 800ad86: e7f0 b.n 800ad6a + return HAL_BUSY; + 800ad88: 2502 movs r5, #2 + 800ad8a: e788 b.n 800ac9e + 800ad8c: 50060400 .word 0x50060400 + 800ad90: 00040080 .word 0x00040080 + 800ad94: fffaff3b .word 0xfffaff3b + +0800ad98 : + * @param Tickstart : Tick start value + * @retval HAL status + */ +static HAL_StatusTypeDef OSPI_WaitFlagStateUntilTimeout(OSPI_HandleTypeDef *hospi, uint32_t Flag, + FlagStatus State, uint32_t Tickstart, uint32_t Timeout) +{ + 800ad98: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 800ad9c: f8dd 8018 ldr.w r8, [sp, #24] + 800ada0: 4604 mov r4, r0 + 800ada2: 460e mov r6, r1 + 800ada4: 4615 mov r5, r2 + 800ada6: 461f mov r7, r3 + /* Wait until flag is in expected state */ + while((__HAL_OSPI_GET_FLAG(hospi, Flag)) != State) + 800ada8: 6822 ldr r2, [r4, #0] + 800adaa: 6a13 ldr r3, [r2, #32] + 800adac: 4233 tst r3, r6 + 800adae: bf14 ite ne + 800adb0: 2301 movne r3, #1 + 800adb2: 2300 moveq r3, #0 + 800adb4: 42ab cmp r3, r5 + 800adb6: d101 bne.n 800adbc + + return HAL_ERROR; + } + } + } + return HAL_OK; + 800adb8: 2000 movs r0, #0 + 800adba: e012 b.n 800ade2 + if (Timeout != HAL_MAX_DELAY) + 800adbc: f1b8 3fff cmp.w r8, #4294967295 ; 0xffffffff + 800adc0: d0f3 beq.n 800adaa + if(((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 800adc2: f7fc f97d bl 80070c0 + 800adc6: 1bc0 subs r0, r0, r7 + 800adc8: 4540 cmp r0, r8 + 800adca: d802 bhi.n 800add2 + 800adcc: f1b8 0f00 cmp.w r8, #0 + 800add0: d1ea bne.n 800ada8 + hospi->State = HAL_OSPI_STATE_ERROR; + 800add2: f44f 7300 mov.w r3, #512 ; 0x200 + 800add6: 6463 str r3, [r4, #68] ; 0x44 + hospi->ErrorCode |= HAL_OSPI_ERROR_TIMEOUT; + 800add8: 6ca3 ldr r3, [r4, #72] ; 0x48 + 800adda: f043 0301 orr.w r3, r3, #1 + 800adde: 64a3 str r3, [r4, #72] ; 0x48 + 800ade0: 2001 movs r0, #1 +} + 800ade2: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + +0800ade6 : +} + 800ade6: 4770 bx lr + +0800ade8 : +{ + 800ade8: b5f0 push {r4, r5, r6, r7, lr} + 800adea: b085 sub sp, #20 + 800adec: 4604 mov r4, r0 + uint32_t tickstart = HAL_GetTick(); + 800adee: f7fc f967 bl 80070c0 + 800adf2: 4603 mov r3, r0 + if (hospi == NULL) + 800adf4: 2c00 cmp r4, #0 + 800adf6: d05d beq.n 800aeb4 + hospi->ErrorCode = HAL_OSPI_ERROR_NONE; + 800adf8: 2000 movs r0, #0 + 800adfa: 64a0 str r0, [r4, #72] ; 0x48 + if (hospi->State == HAL_OSPI_STATE_RESET) + 800adfc: 6c66 ldr r6, [r4, #68] ; 0x44 + 800adfe: 2e00 cmp r6, #0 + 800ae00: d156 bne.n 800aeb0 + HAL_OSPI_MspInit(hospi); + 800ae02: 4620 mov r0, r4 + 800ae04: 9303 str r3, [sp, #12] + 800ae06: f7ff ffee bl 800ade6 + MODIFY_REG(hospi->Instance->DCR1, + 800ae0a: 6b20 ldr r0, [r4, #48] ; 0x30 + 800ae0c: 68e1 ldr r1, [r4, #12] + 800ae0e: 6825 ldr r5, [r4, #0] + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_BUSY, RESET, tickstart, hospi->Timeout); + 800ae10: 9b03 ldr r3, [sp, #12] + MODIFY_REG(hospi->Instance->DCR1, + 800ae12: 68af ldr r7, [r5, #8] + 800ae14: 4301 orrs r1, r0 + 800ae16: 69e0 ldr r0, [r4, #28] + 800ae18: 4301 orrs r1, r0 + 800ae1a: 4827 ldr r0, [pc, #156] ; (800aeb8 ) + 800ae1c: 4038 ands r0, r7 + 800ae1e: 4301 orrs r1, r0 + 800ae20: 6920 ldr r0, [r4, #16] + 800ae22: 3801 subs r0, #1 + 800ae24: ea41 4100 orr.w r1, r1, r0, lsl #16 + 800ae28: 6960 ldr r0, [r4, #20] + 800ae2a: 3801 subs r0, #1 + hospi->Timeout = Timeout; + 800ae2c: f241 3288 movw r2, #5000 ; 0x1388 + MODIFY_REG(hospi->Instance->DCR1, + 800ae30: ea41 2100 orr.w r1, r1, r0, lsl #8 + hospi->Timeout = Timeout; + 800ae34: 64e2 str r2, [r4, #76] ; 0x4c + MODIFY_REG(hospi->Instance->DCR1, + 800ae36: 60a9 str r1, [r5, #8] + hospi->Instance->DCR3 = (hospi->Init.ChipSelectBoundary << OCTOSPI_DCR3_CSBOUND_Pos); + 800ae38: 6ae1 ldr r1, [r4, #44] ; 0x2c + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FTHRES, ((hospi->Init.FifoThreshold - 1U) << OCTOSPI_CR_FTHRES_Pos)); + 800ae3a: 6860 ldr r0, [r4, #4] + hospi->Instance->DCR3 = (hospi->Init.ChipSelectBoundary << OCTOSPI_DCR3_CSBOUND_Pos); + 800ae3c: 0409 lsls r1, r1, #16 + 800ae3e: 6129 str r1, [r5, #16] + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FTHRES, ((hospi->Init.FifoThreshold - 1U) << OCTOSPI_CR_FTHRES_Pos)); + 800ae40: 6829 ldr r1, [r5, #0] + 800ae42: 3801 subs r0, #1 + 800ae44: f421 51f8 bic.w r1, r1, #7936 ; 0x1f00 + 800ae48: ea41 2100 orr.w r1, r1, r0, lsl #8 + 800ae4c: 6029 str r1, [r5, #0] + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_BUSY, RESET, tickstart, hospi->Timeout); + 800ae4e: 4620 mov r0, r4 + 800ae50: 9200 str r2, [sp, #0] + 800ae52: 2120 movs r1, #32 + 800ae54: 4632 mov r2, r6 + 800ae56: f7ff ff9f bl 800ad98 + if (status == HAL_OK) + 800ae5a: bb48 cbnz r0, 800aeb0 + MODIFY_REG(hospi->Instance->DCR2, OCTOSPI_DCR2_PRESCALER, ((hospi->Init.ClockPrescaler - 1U) << OCTOSPI_DCR2_PRESCALER_Pos)); + 800ae5c: 6823 ldr r3, [r4, #0] + 800ae5e: 6a22 ldr r2, [r4, #32] + 800ae60: 68d9 ldr r1, [r3, #12] + 800ae62: 3a01 subs r2, #1 + 800ae64: f021 01ff bic.w r1, r1, #255 ; 0xff + 800ae68: 430a orrs r2, r1 + 800ae6a: 60da str r2, [r3, #12] + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_DQM, hospi->Init.DualQuad); + 800ae6c: 681a ldr r2, [r3, #0] + 800ae6e: 68a1 ldr r1, [r4, #8] + 800ae70: f022 0240 bic.w r2, r2, #64 ; 0x40 + 800ae74: 430a orrs r2, r1 + 800ae76: 601a str r2, [r3, #0] + MODIFY_REG(hospi->Instance->TCR, (OCTOSPI_TCR_SSHIFT | OCTOSPI_TCR_DHQC), (hospi->Init.SampleShifting | hospi->Init.DelayHoldQuarterCycle)); + 800ae78: e9d4 2509 ldrd r2, r5, [r4, #36] ; 0x24 + 800ae7c: f8d3 1108 ldr.w r1, [r3, #264] ; 0x108 + 800ae80: 432a orrs r2, r5 + 800ae82: f021 41a0 bic.w r1, r1, #1342177280 ; 0x50000000 + 800ae86: 430a orrs r2, r1 + 800ae88: f8c3 2108 str.w r2, [r3, #264] ; 0x108 + __HAL_OSPI_ENABLE(hospi); + 800ae8c: 681a ldr r2, [r3, #0] + 800ae8e: f042 0201 orr.w r2, r2, #1 + 800ae92: 601a str r2, [r3, #0] + if (hospi->Init.FreeRunningClock == HAL_OSPI_FREERUNCLK_ENABLE) + 800ae94: 69a2 ldr r2, [r4, #24] + 800ae96: 2a02 cmp r2, #2 + SET_BIT(hospi->Instance->DCR1, OCTOSPI_DCR1_FRCK); + 800ae98: bf02 ittt eq + 800ae9a: 689a ldreq r2, [r3, #8] + 800ae9c: f042 0202 orreq.w r2, r2, #2 + 800aea0: 609a streq r2, [r3, #8] + if (hospi->Init.MemoryType == HAL_OSPI_MEMTYPE_HYPERBUS) + 800aea2: 68e3 ldr r3, [r4, #12] + 800aea4: f1b3 6f80 cmp.w r3, #67108864 ; 0x4000000 + hospi->State = HAL_OSPI_STATE_HYPERBUS_INIT; + 800aea8: bf0c ite eq + 800aeaa: 2301 moveq r3, #1 + hospi->State = HAL_OSPI_STATE_READY; + 800aeac: 2302 movne r3, #2 + 800aeae: 6463 str r3, [r4, #68] ; 0x44 +} + 800aeb0: b005 add sp, #20 + 800aeb2: bdf0 pop {r4, r5, r6, r7, pc} + status = HAL_ERROR; + 800aeb4: 2001 movs r0, #1 + 800aeb6: e7fb b.n 800aeb0 + 800aeb8: f8e0f8f4 .word 0xf8e0f8f4 + +0800aebc : +{ + 800aebc: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 800aec0: 4605 mov r5, r0 + 800aec2: b085 sub sp, #20 + 800aec4: 460c mov r4, r1 + 800aec6: 9202 str r2, [sp, #8] + uint32_t tickstart = HAL_GetTick(); + 800aec8: f7fc f8fa bl 80070c0 + state = hospi->State; + 800aecc: 6c6a ldr r2, [r5, #68] ; 0x44 + if (((state == HAL_OSPI_STATE_READY) && (hospi->Init.MemoryType != HAL_OSPI_MEMTYPE_HYPERBUS)) || + 800aece: 2a02 cmp r2, #2 + uint32_t tickstart = HAL_GetTick(); + 800aed0: ee07 0a90 vmov s15, r0 + if (((state == HAL_OSPI_STATE_READY) && (hospi->Init.MemoryType != HAL_OSPI_MEMTYPE_HYPERBUS)) || + 800aed4: d105 bne.n 800aee2 + 800aed6: 68ea ldr r2, [r5, #12] + 800aed8: f1b2 6f80 cmp.w r2, #67108864 ; 0x4000000 + 800aedc: d107 bne.n 800aeee + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800aede: 2310 movs r3, #16 + 800aee0: e109 b.n 800b0f6 + if (((state == HAL_OSPI_STATE_READY) && (hospi->Init.MemoryType != HAL_OSPI_MEMTYPE_HYPERBUS)) || + 800aee2: 2a14 cmp r2, #20 + 800aee4: f040 8084 bne.w 800aff0 + ((state == HAL_OSPI_STATE_READ_CMD_CFG) && (cmd->OperationType == HAL_OSPI_OPTYPE_WRITE_CFG)) || + 800aee8: 6822 ldr r2, [r4, #0] + 800aeea: 2a02 cmp r2, #2 + ((state == HAL_OSPI_STATE_WRITE_CMD_CFG) && (cmd->OperationType == HAL_OSPI_OPTYPE_READ_CFG))) + 800aeec: d1f7 bne.n 800aede + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_BUSY, RESET, tickstart, Timeout); + 800aeee: 9a02 ldr r2, [sp, #8] + 800aef0: 9200 str r2, [sp, #0] + 800aef2: ee17 3a90 vmov r3, s15 + 800aef6: 2200 movs r2, #0 + 800aef8: 2120 movs r1, #32 + 800aefa: 4628 mov r0, r5 + 800aefc: edcd 7a03 vstr s15, [sp, #12] + 800af00: f7ff ff4a bl 800ad98 + if (status == HAL_OK) + 800af04: eddd 7a03 vldr s15, [sp, #12] + 800af08: 2800 cmp r0, #0 + 800af0a: f040 80b9 bne.w 800b080 +{ + HAL_StatusTypeDef status = HAL_OK; + __IO uint32_t *ccr_reg, *tcr_reg, *ir_reg, *abr_reg; + + /* Re-initialize the value of the functional mode */ + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FMODE, 0U); + 800af0e: 6829 ldr r1, [r5, #0] + hospi->ErrorCode = HAL_OSPI_ERROR_NONE; + 800af10: 64a8 str r0, [r5, #72] ; 0x48 + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FMODE, 0U); + 800af12: 680a ldr r2, [r1, #0] + 800af14: f022 5240 bic.w r2, r2, #805306368 ; 0x30000000 + 800af18: 600a str r2, [r1, #0] + + /* Configure the flash ID */ + if (hospi->Init.DualQuad == HAL_OSPI_DUALQUAD_DISABLE) + 800af1a: 68aa ldr r2, [r5, #8] + 800af1c: b92a cbnz r2, 800af2a + { + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FSEL, cmd->FlashId); + 800af1e: 680a ldr r2, [r1, #0] + 800af20: 6866 ldr r6, [r4, #4] + 800af22: f022 0280 bic.w r2, r2, #128 ; 0x80 + 800af26: 4332 orrs r2, r6 + 800af28: 600a str r2, [r1, #0] + } + + if (cmd->OperationType == HAL_OSPI_OPTYPE_WRITE_CFG) + 800af2a: 6822 ldr r2, [r4, #0] + ir_reg = &(hospi->Instance->IR); + abr_reg = &(hospi->Instance->ABR); + } + + /* Configure the CCR register with DQS and SIOO modes */ + *ccr_reg = (cmd->DQSMode | cmd->SIOOMode); + 800af2c: e9d4 6712 ldrd r6, r7, [r4, #72] ; 0x48 + if (cmd->OperationType == HAL_OSPI_OPTYPE_WRITE_CFG) + 800af30: 2a02 cmp r2, #2 + ccr_reg = &(hospi->Instance->WCCR); + 800af32: bf0c ite eq + 800af34: f501 72c0 addeq.w r2, r1, #384 ; 0x180 + ccr_reg = &(hospi->Instance->CCR); + 800af38: f501 7280 addne.w r2, r1, #256 ; 0x100 + *ccr_reg = (cmd->DQSMode | cmd->SIOOMode); + 800af3c: ea46 0607 orr.w r6, r6, r7 + 800af40: 6016 str r6, [r2, #0] + + if (cmd->AlternateBytesMode != HAL_OSPI_ALTERNATE_BYTES_NONE) + 800af42: 6ae6 ldr r6, [r4, #44] ; 0x2c + tcr_reg = &(hospi->Instance->WTCR); + 800af44: bf03 ittte eq + 800af46: f501 7cc4 addeq.w ip, r1, #392 ; 0x188 + ir_reg = &(hospi->Instance->WIR); + 800af4a: f501 7ec8 addeq.w lr, r1, #400 ; 0x190 + abr_reg = &(hospi->Instance->WABR); + 800af4e: f501 78d0 addeq.w r8, r1, #416 ; 0x1a0 + tcr_reg = &(hospi->Instance->TCR); + 800af52: f501 7c84 addne.w ip, r1, #264 ; 0x108 + ir_reg = &(hospi->Instance->IR); + 800af56: bf1c itt ne + 800af58: f501 7e88 addne.w lr, r1, #272 ; 0x110 + abr_reg = &(hospi->Instance->ABR); + 800af5c: f501 7890 addne.w r8, r1, #288 ; 0x120 + if (cmd->AlternateBytesMode != HAL_OSPI_ALTERNATE_BYTES_NONE) + 800af60: b16e cbz r6, 800af7e + { + /* Configure the ABR register with alternate bytes value */ + *abr_reg = cmd->AlternateBytes; + 800af62: 6aa6 ldr r6, [r4, #40] ; 0x28 + 800af64: f8c8 6000 str.w r6, [r8] + + /* Configure the CCR register with alternate bytes communication parameters */ + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_ABMODE | OCTOSPI_CCR_ABDTR | OCTOSPI_CCR_ABSIZE), + 800af68: 6ae3 ldr r3, [r4, #44] ; 0x2c + 800af6a: 6b67 ldr r7, [r4, #52] ; 0x34 + 800af6c: 6816 ldr r6, [r2, #0] + 800af6e: 431f orrs r7, r3 + 800af70: 6b23 ldr r3, [r4, #48] ; 0x30 + 800af72: f426 187c bic.w r8, r6, #4128768 ; 0x3f0000 + 800af76: 431f orrs r7, r3 + 800af78: ea47 0708 orr.w r7, r7, r8 + 800af7c: 6017 str r7, [r2, #0] + (cmd->AlternateBytesMode | cmd->AlternateBytesDtrMode | cmd->AlternateBytesSize)); + } + + /* Configure the TCR register with the number of dummy cycles */ + MODIFY_REG((*tcr_reg), OCTOSPI_TCR_DCYC, cmd->DummyCycles); + 800af7e: f8dc 7000 ldr.w r7, [ip] + 800af82: 6c66 ldr r6, [r4, #68] ; 0x44 + 800af84: f027 071f bic.w r7, r7, #31 + 800af88: 433e orrs r6, r7 + 800af8a: f8cc 6000 str.w r6, [ip] + + if (cmd->DataMode != HAL_OSPI_DATA_NONE) + 800af8e: f8d4 c038 ldr.w ip, [r4, #56] ; 0x38 + 800af92: f1bc 0f00 cmp.w ip, #0 + 800af96: d004 beq.n 800afa2 + { + if (cmd->OperationType == HAL_OSPI_OPTYPE_COMMON_CFG) + 800af98: 6827 ldr r7, [r4, #0] + 800af9a: b917 cbnz r7, 800afa2 + { + /* Configure the DLR register with the number of data */ + hospi->Instance->DLR = (cmd->NbData - 1U); + 800af9c: 6be7 ldr r7, [r4, #60] ; 0x3c + 800af9e: 3f01 subs r7, #1 + 800afa0: 640f str r7, [r1, #64] ; 0x40 + } + } + + if (cmd->InstructionMode != HAL_OSPI_INSTRUCTION_NONE) + 800afa2: 68e6 ldr r6, [r4, #12] + { + if (cmd->AddressMode != HAL_OSPI_ADDRESS_NONE) + 800afa4: 69e7 ldr r7, [r4, #28] + if (cmd->InstructionMode != HAL_OSPI_INSTRUCTION_NONE) + 800afa6: 2e00 cmp r6, #0 + 800afa8: f000 8082 beq.w 800b0b0 + if (cmd->DataMode != HAL_OSPI_DATA_NONE) + { + /* ---- Command with instruction, address and data ---- */ + + /* Configure the CCR register with all communication parameters */ + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_IMODE | OCTOSPI_CCR_IDTR | OCTOSPI_CCR_ISIZE | + 800afac: e9d4 8904 ldrd r8, r9, [r4, #16] + if (cmd->AddressMode != HAL_OSPI_ADDRESS_NONE) + 800afb0: 2f00 cmp r7, #0 + 800afb2: d040 beq.n 800b036 + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_IMODE | OCTOSPI_CCR_IDTR | OCTOSPI_CCR_ISIZE | + 800afb4: e9d4 ab08 ldrd sl, fp, [r4, #32] + if (cmd->DataMode != HAL_OSPI_DATA_NONE) + 800afb8: f1bc 0f00 cmp.w ip, #0 + 800afbc: d01e beq.n 800affc + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_IMODE | OCTOSPI_CCR_IDTR | OCTOSPI_CCR_ISIZE | + 800afbe: ea4c 0606 orr.w r6, ip, r6 + 800afc2: 433e orrs r6, r7 + 800afc4: ea46 0909 orr.w r9, r6, r9 + 800afc8: ea49 0808 orr.w r8, r9, r8 + 800afcc: 6813 ldr r3, [r2, #0] + 800afce: 6c26 ldr r6, [r4, #64] ; 0x40 + 800afd0: 4f52 ldr r7, [pc, #328] ; (800b11c ) + 800afd2: ea48 0b0b orr.w fp, r8, fp + 800afd6: ea4b 0b0a orr.w fp, fp, sl + 800afda: ea4b 0606 orr.w r6, fp, r6 + 800afde: 401f ands r7, r3 + 800afe0: 433e orrs r6, r7 + + /* The DHQC bit is linked with DDTR bit which should be activated */ + if ((hospi->Init.DelayHoldQuarterCycle == HAL_OSPI_DHQC_ENABLE) && + (cmd->InstructionDtrMode == HAL_OSPI_INSTRUCTION_DTR_ENABLE)) + { + MODIFY_REG((*ccr_reg), OCTOSPI_CCR_DDTR, HAL_OSPI_DATA_DTR_ENABLE); + 800afe2: 6016 str r6, [r2, #0] + } + } + + /* Configure the IR register with the instruction value */ + *ir_reg = cmd->Instruction; + 800afe4: 68a2 ldr r2, [r4, #8] + 800afe6: f8ce 2000 str.w r2, [lr] + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_ADMODE | OCTOSPI_CCR_ADDTR | OCTOSPI_CCR_ADSIZE), + (cmd->AddressMode | cmd->AddressDtrMode | cmd->AddressSize)); + } + + /* Configure the AR register with the instruction value */ + hospi->Instance->AR = cmd->Address; + 800afea: 69a2 ldr r2, [r4, #24] + 800afec: 648a str r2, [r1, #72] ; 0x48 + if (status == HAL_OK) + 800afee: e038 b.n 800b062 + ((state == HAL_OSPI_STATE_READ_CMD_CFG) && (cmd->OperationType == HAL_OSPI_OPTYPE_WRITE_CFG)) || + 800aff0: 2a24 cmp r2, #36 ; 0x24 + 800aff2: f47f af74 bne.w 800aede + ((state == HAL_OSPI_STATE_WRITE_CMD_CFG) && (cmd->OperationType == HAL_OSPI_OPTYPE_READ_CFG))) + 800aff6: 6822 ldr r2, [r4, #0] + 800aff8: 2a01 cmp r2, #1 + 800affa: e777 b.n 800aeec + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_IMODE | OCTOSPI_CCR_IDTR | OCTOSPI_CCR_ISIZE | + 800affc: 433e orrs r6, r7 + 800affe: f8d2 c000 ldr.w ip, [r2] + 800b002: ea46 0609 orr.w r6, r6, r9 + 800b006: ea46 0608 orr.w r6, r6, r8 + 800b00a: ea46 060b orr.w r6, r6, fp + 800b00e: f42c 5c7c bic.w ip, ip, #16128 ; 0x3f00 + 800b012: ea46 060a orr.w r6, r6, sl + 800b016: f02c 0c3f bic.w ip, ip, #63 ; 0x3f + 800b01a: ea46 060c orr.w r6, r6, ip + 800b01e: 6016 str r6, [r2, #0] + if ((hospi->Init.DelayHoldQuarterCycle == HAL_OSPI_DHQC_ENABLE) && + 800b020: 6aae ldr r6, [r5, #40] ; 0x28 + 800b022: f1b6 5f80 cmp.w r6, #268435456 ; 0x10000000 + 800b026: d1dd bne.n 800afe4 + 800b028: 6966 ldr r6, [r4, #20] + 800b02a: 2e08 cmp r6, #8 + 800b02c: d1da bne.n 800afe4 + MODIFY_REG((*ccr_reg), OCTOSPI_CCR_DDTR, HAL_OSPI_DATA_DTR_ENABLE); + 800b02e: 6816 ldr r6, [r2, #0] + 800b030: f046 6600 orr.w r6, r6, #134217728 ; 0x8000000 + 800b034: e7d5 b.n 800afe2 + if (cmd->DataMode != HAL_OSPI_DATA_NONE) + 800b036: f1bc 0f00 cmp.w ip, #0 + 800b03a: d024 beq.n 800b086 + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_IMODE | OCTOSPI_CCR_IDTR | OCTOSPI_CCR_ISIZE | + 800b03c: ea4c 0106 orr.w r1, ip, r6 + 800b040: 6817 ldr r7, [r2, #0] + 800b042: 6c26 ldr r6, [r4, #64] ; 0x40 + 800b044: ea41 0109 orr.w r1, r1, r9 + 800b048: ea41 0108 orr.w r1, r1, r8 + 800b04c: f027 6a70 bic.w sl, r7, #251658240 ; 0xf000000 + 800b050: 4331 orrs r1, r6 + 800b052: f02a 0a3f bic.w sl, sl, #63 ; 0x3f + 800b056: ea41 010a orr.w r1, r1, sl + MODIFY_REG((*ccr_reg), OCTOSPI_CCR_DDTR, HAL_OSPI_DATA_DTR_ENABLE); + 800b05a: 6011 str r1, [r2, #0] + *ir_reg = cmd->Instruction; + 800b05c: 68a2 ldr r2, [r4, #8] + 800b05e: f8ce 2000 str.w r2, [lr] + if (cmd->DataMode == HAL_OSPI_DATA_NONE) + 800b062: 6ba2 ldr r2, [r4, #56] ; 0x38 + 800b064: 2a00 cmp r2, #0 + 800b066: d149 bne.n 800b0fc + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_TC, SET, tickstart, Timeout); + 800b068: 9b02 ldr r3, [sp, #8] + 800b06a: 9300 str r3, [sp, #0] + 800b06c: 2201 movs r2, #1 + 800b06e: ee17 3a90 vmov r3, s15 + 800b072: 2102 movs r1, #2 + 800b074: 4628 mov r0, r5 + 800b076: f7ff fe8f bl 800ad98 + __HAL_OSPI_CLEAR_FLAG(hospi, HAL_OSPI_FLAG_TC); + 800b07a: 682b ldr r3, [r5, #0] + 800b07c: 2202 movs r2, #2 + 800b07e: 625a str r2, [r3, #36] ; 0x24 +} + 800b080: b005 add sp, #20 + 800b082: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_IMODE | OCTOSPI_CCR_IDTR | OCTOSPI_CCR_ISIZE), + 800b086: 6811 ldr r1, [r2, #0] + 800b088: ea46 0609 orr.w r6, r6, r9 + 800b08c: ea46 0808 orr.w r8, r6, r8 + 800b090: f021 063f bic.w r6, r1, #63 ; 0x3f + 800b094: ea48 0606 orr.w r6, r8, r6 + 800b098: 6016 str r6, [r2, #0] + if ((hospi->Init.DelayHoldQuarterCycle == HAL_OSPI_DHQC_ENABLE) && + 800b09a: 6aa9 ldr r1, [r5, #40] ; 0x28 + 800b09c: f1b1 5f80 cmp.w r1, #268435456 ; 0x10000000 + 800b0a0: d1dc bne.n 800b05c + 800b0a2: 6961 ldr r1, [r4, #20] + 800b0a4: 2908 cmp r1, #8 + 800b0a6: d1d9 bne.n 800b05c + MODIFY_REG((*ccr_reg), OCTOSPI_CCR_DDTR, HAL_OSPI_DATA_DTR_ENABLE); + 800b0a8: 6811 ldr r1, [r2, #0] + 800b0aa: f041 6100 orr.w r1, r1, #134217728 ; 0x8000000 + 800b0ae: e7d4 b.n 800b05a + if (cmd->AddressMode != HAL_OSPI_ADDRESS_NONE) + 800b0b0: b307 cbz r7, 800b0f4 + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_IMODE | OCTOSPI_CCR_IDTR | OCTOSPI_CCR_ISIZE | + 800b0b2: e9d4 9808 ldrd r9, r8, [r4, #32] + if (cmd->DataMode != HAL_OSPI_DATA_NONE) + 800b0b6: f1bc 0f00 cmp.w ip, #0 + 800b0ba: d011 beq.n 800b0e0 + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_ADMODE | OCTOSPI_CCR_ADDTR | OCTOSPI_CCR_ADSIZE | + 800b0bc: f8d2 e000 ldr.w lr, [r2] + 800b0c0: 6c23 ldr r3, [r4, #64] ; 0x40 + 800b0c2: ea4c 0607 orr.w r6, ip, r7 + 800b0c6: ea46 0608 orr.w r6, r6, r8 + 800b0ca: ea46 0609 orr.w r6, r6, r9 + 800b0ce: f02e 6e70 bic.w lr, lr, #251658240 ; 0xf000000 + 800b0d2: 431e orrs r6, r3 + 800b0d4: f42e 5e7c bic.w lr, lr, #16128 ; 0x3f00 + 800b0d8: ea46 060e orr.w r6, r6, lr + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_ADMODE | OCTOSPI_CCR_ADDTR | OCTOSPI_CCR_ADSIZE), + 800b0dc: 6016 str r6, [r2, #0] + 800b0de: e784 b.n 800afea + 800b0e0: f8d2 c000 ldr.w ip, [r2] + 800b0e4: ea48 0607 orr.w r6, r8, r7 + 800b0e8: ea46 0609 orr.w r6, r6, r9 + 800b0ec: f42c 577c bic.w r7, ip, #16128 ; 0x3f00 + 800b0f0: 433e orrs r6, r7 + 800b0f2: e7f3 b.n 800b0dc + } + else + { + /* ---- Invalid command configuration (no instruction, no address) ---- */ + status = HAL_ERROR; + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_PARAM; + 800b0f4: 2308 movs r3, #8 + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b0f6: 64ab str r3, [r5, #72] ; 0x48 + status = HAL_ERROR; + 800b0f8: 2001 movs r0, #1 + 800b0fa: e7c1 b.n 800b080 + if (cmd->OperationType == HAL_OSPI_OPTYPE_COMMON_CFG) + 800b0fc: 6823 ldr r3, [r4, #0] + 800b0fe: b90b cbnz r3, 800b104 + hospi->State = HAL_OSPI_STATE_CMD_CFG; + 800b100: 2304 movs r3, #4 + 800b102: e005 b.n 800b110 + else if (cmd->OperationType == HAL_OSPI_OPTYPE_READ_CFG) + 800b104: 2b01 cmp r3, #1 + if (hospi->State == HAL_OSPI_STATE_WRITE_CMD_CFG) + 800b106: 6c6b ldr r3, [r5, #68] ; 0x44 + else if (cmd->OperationType == HAL_OSPI_OPTYPE_READ_CFG) + 800b108: d104 bne.n 800b114 + if (hospi->State == HAL_OSPI_STATE_WRITE_CMD_CFG) + 800b10a: 2b24 cmp r3, #36 ; 0x24 + 800b10c: d0f8 beq.n 800b100 + hospi->State = HAL_OSPI_STATE_READ_CMD_CFG; + 800b10e: 2314 movs r3, #20 + hospi->State = HAL_OSPI_STATE_WRITE_CMD_CFG; + 800b110: 646b str r3, [r5, #68] ; 0x44 + 800b112: e7b5 b.n 800b080 + if (hospi->State == HAL_OSPI_STATE_READ_CMD_CFG) + 800b114: 2b14 cmp r3, #20 + 800b116: d0f3 beq.n 800b100 + hospi->State = HAL_OSPI_STATE_WRITE_CMD_CFG; + 800b118: 2324 movs r3, #36 ; 0x24 + 800b11a: e7f9 b.n 800b110 + 800b11c: f0ffc0c0 .word 0xf0ffc0c0 + +0800b120 : +{ + 800b120: b5f0 push {r4, r5, r6, r7, lr} + 800b122: 4604 mov r4, r0 + 800b124: b085 sub sp, #20 + 800b126: 460f mov r7, r1 + 800b128: 4616 mov r6, r2 + uint32_t tickstart = HAL_GetTick(); + 800b12a: f7fb ffc9 bl 80070c0 + __IO uint32_t *data_reg = &hospi->Instance->DR; + 800b12e: 6825 ldr r5, [r4, #0] + uint32_t tickstart = HAL_GetTick(); + 800b130: 4603 mov r3, r0 + uint32_t addr_reg = hospi->Instance->AR; + 800b132: 6ca8 ldr r0, [r5, #72] ; 0x48 + uint32_t ir_reg = hospi->Instance->IR; + 800b134: f8d5 c110 ldr.w ip, [r5, #272] ; 0x110 + if (pData == NULL) + 800b138: b91f cbnz r7, 800b142 + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_PARAM; + 800b13a: 2308 movs r3, #8 + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b13c: 64a3 str r3, [r4, #72] ; 0x48 + status = HAL_ERROR; + 800b13e: 2001 movs r0, #1 + 800b140: e034 b.n 800b1ac + if (hospi->State == HAL_OSPI_STATE_CMD_CFG) + 800b142: 6c62 ldr r2, [r4, #68] ; 0x44 + 800b144: 2a04 cmp r2, #4 + 800b146: d13b bne.n 800b1c0 + hospi->XferCount = READ_REG(hospi->Instance->DLR) + 1U; + 800b148: 6c2a ldr r2, [r5, #64] ; 0x40 + hospi->pBuffPtr = pData; + 800b14a: 6367 str r7, [r4, #52] ; 0x34 + hospi->XferCount = READ_REG(hospi->Instance->DLR) + 1U; + 800b14c: 3201 adds r2, #1 + 800b14e: 63e2 str r2, [r4, #60] ; 0x3c + hospi->XferSize = hospi->XferCount; + 800b150: 6be2 ldr r2, [r4, #60] ; 0x3c + 800b152: 63a2 str r2, [r4, #56] ; 0x38 + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FMODE, OSPI_FUNCTIONAL_MODE_INDIRECT_READ); + 800b154: 6829 ldr r1, [r5, #0] + if (hospi->Init.MemoryType == HAL_OSPI_MEMTYPE_HYPERBUS) + 800b156: 68e2 ldr r2, [r4, #12] + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FMODE, OSPI_FUNCTIONAL_MODE_INDIRECT_READ); + 800b158: f021 5140 bic.w r1, r1, #805306368 ; 0x30000000 + 800b15c: f041 5180 orr.w r1, r1, #268435456 ; 0x10000000 + if (hospi->Init.MemoryType == HAL_OSPI_MEMTYPE_HYPERBUS) + 800b160: f1b2 6f80 cmp.w r2, #67108864 ; 0x4000000 + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FMODE, OSPI_FUNCTIONAL_MODE_INDIRECT_READ); + 800b164: 6029 str r1, [r5, #0] + if (hospi->Init.MemoryType == HAL_OSPI_MEMTYPE_HYPERBUS) + 800b166: d123 bne.n 800b1b0 + WRITE_REG(hospi->Instance->AR, addr_reg); + 800b168: 64a8 str r0, [r5, #72] ; 0x48 + status = OSPI_WaitFlagStateUntilTimeout(hospi, (HAL_OSPI_FLAG_FT | HAL_OSPI_FLAG_TC), SET, tickstart, Timeout); + 800b16a: 9600 str r6, [sp, #0] + 800b16c: 2201 movs r2, #1 + 800b16e: 2106 movs r1, #6 + 800b170: 4620 mov r0, r4 + 800b172: 9303 str r3, [sp, #12] + 800b174: f7ff fe10 bl 800ad98 + if (status != HAL_OK) + 800b178: b9c0 cbnz r0, 800b1ac + *hospi->pBuffPtr = *((__IO uint8_t *)data_reg); + 800b17a: 6b62 ldr r2, [r4, #52] ; 0x34 + 800b17c: f895 1050 ldrb.w r1, [r5, #80] ; 0x50 + 800b180: 7011 strb r1, [r2, #0] + hospi->pBuffPtr++; + 800b182: 6b62 ldr r2, [r4, #52] ; 0x34 + } while(hospi->XferCount > 0U); + 800b184: 9b03 ldr r3, [sp, #12] + hospi->pBuffPtr++; + 800b186: 3201 adds r2, #1 + 800b188: 6362 str r2, [r4, #52] ; 0x34 + hospi->XferCount--; + 800b18a: 6be2 ldr r2, [r4, #60] ; 0x3c + 800b18c: 3a01 subs r2, #1 + 800b18e: 63e2 str r2, [r4, #60] ; 0x3c + } while(hospi->XferCount > 0U); + 800b190: 6be2 ldr r2, [r4, #60] ; 0x3c + 800b192: 2a00 cmp r2, #0 + 800b194: d1e9 bne.n 800b16a + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_TC, SET, tickstart, Timeout); + 800b196: 9600 str r6, [sp, #0] + 800b198: 2201 movs r2, #1 + 800b19a: 2102 movs r1, #2 + 800b19c: 4620 mov r0, r4 + 800b19e: f7ff fdfb bl 800ad98 + if (status == HAL_OK) + 800b1a2: b918 cbnz r0, 800b1ac + __HAL_OSPI_CLEAR_FLAG(hospi, HAL_OSPI_FLAG_TC); + 800b1a4: 6822 ldr r2, [r4, #0] + 800b1a6: 2302 movs r3, #2 + 800b1a8: 6253 str r3, [r2, #36] ; 0x24 + hospi->State = HAL_OSPI_STATE_READY; + 800b1aa: 6463 str r3, [r4, #68] ; 0x44 +} + 800b1ac: b005 add sp, #20 + 800b1ae: bdf0 pop {r4, r5, r6, r7, pc} + if (READ_BIT(hospi->Instance->CCR, OCTOSPI_CCR_ADMODE) != HAL_OSPI_ADDRESS_NONE) + 800b1b0: f8d5 2100 ldr.w r2, [r5, #256] ; 0x100 + 800b1b4: f412 6fe0 tst.w r2, #1792 ; 0x700 + 800b1b8: d1d6 bne.n 800b168 + WRITE_REG(hospi->Instance->IR, ir_reg); + 800b1ba: f8c5 c110 str.w ip, [r5, #272] ; 0x110 + 800b1be: e7d4 b.n 800b16a + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b1c0: 2310 movs r3, #16 + 800b1c2: e7bb b.n 800b13c + +0800b1c4 : +{ + 800b1c4: e92d 41ff stmdb sp!, {r0, r1, r2, r3, r4, r5, r6, r7, r8, lr} + 800b1c8: 4604 mov r4, r0 + 800b1ca: 4616 mov r6, r2 + 800b1cc: 460d mov r5, r1 + uint32_t tickstart = HAL_GetTick(); + 800b1ce: f7fb ff77 bl 80070c0 + uint32_t addr_reg = hospi->Instance->AR; + 800b1d2: 6822 ldr r2, [r4, #0] + 800b1d4: 6c97 ldr r7, [r2, #72] ; 0x48 + uint32_t ir_reg = hospi->Instance->IR; + 800b1d6: f8d2 8110 ldr.w r8, [r2, #272] ; 0x110 + if ((hospi->State == HAL_OSPI_STATE_CMD_CFG) && (cfg->AutomaticStop == HAL_OSPI_AUTOMATIC_STOP_ENABLE)) + 800b1da: 6c62 ldr r2, [r4, #68] ; 0x44 + 800b1dc: 2a04 cmp r2, #4 + uint32_t tickstart = HAL_GetTick(); + 800b1de: 4603 mov r3, r0 + if ((hospi->State == HAL_OSPI_STATE_CMD_CFG) && (cfg->AutomaticStop == HAL_OSPI_AUTOMATIC_STOP_ENABLE)) + 800b1e0: d13c bne.n 800b25c + 800b1e2: 68ea ldr r2, [r5, #12] + 800b1e4: f5b2 0f80 cmp.w r2, #4194304 ; 0x400000 + 800b1e8: d138 bne.n 800b25c + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_BUSY, RESET, tickstart, Timeout); + 800b1ea: 9003 str r0, [sp, #12] + 800b1ec: 9600 str r6, [sp, #0] + 800b1ee: 2200 movs r2, #0 + 800b1f0: 2120 movs r1, #32 + 800b1f2: 4620 mov r0, r4 + 800b1f4: f7ff fdd0 bl 800ad98 + if (status == HAL_OK) + 800b1f8: bb28 cbnz r0, 800b246 + WRITE_REG (hospi->Instance->PSMAR, cfg->Match); + 800b1fa: 6822 ldr r2, [r4, #0] + 800b1fc: 6829 ldr r1, [r5, #0] + 800b1fe: f8c2 1088 str.w r1, [r2, #136] ; 0x88 + WRITE_REG (hospi->Instance->PSMKR, cfg->Mask); + 800b202: 6869 ldr r1, [r5, #4] + 800b204: f8c2 1080 str.w r1, [r2, #128] ; 0x80 + WRITE_REG (hospi->Instance->PIR, cfg->Interval); + 800b208: 6929 ldr r1, [r5, #16] + 800b20a: f8c2 1090 str.w r1, [r2, #144] ; 0x90 + MODIFY_REG(hospi->Instance->CR, (OCTOSPI_CR_PMM | OCTOSPI_CR_APMS | OCTOSPI_CR_FMODE), + 800b20e: e9d5 1502 ldrd r1, r5, [r5, #8] + 800b212: 6810 ldr r0, [r2, #0] + if (hospi->Init.MemoryType == HAL_OSPI_MEMTYPE_HYPERBUS) + 800b214: 9b03 ldr r3, [sp, #12] + MODIFY_REG(hospi->Instance->CR, (OCTOSPI_CR_PMM | OCTOSPI_CR_APMS | OCTOSPI_CR_FMODE), + 800b216: 4329 orrs r1, r5 + 800b218: f020 5043 bic.w r0, r0, #817889280 ; 0x30c00000 + 800b21c: 4301 orrs r1, r0 + 800b21e: f041 5100 orr.w r1, r1, #536870912 ; 0x20000000 + 800b222: 6011 str r1, [r2, #0] + if (hospi->Init.MemoryType == HAL_OSPI_MEMTYPE_HYPERBUS) + 800b224: 68e1 ldr r1, [r4, #12] + 800b226: f1b1 6f80 cmp.w r1, #67108864 ; 0x4000000 + 800b22a: d10f bne.n 800b24c + WRITE_REG(hospi->Instance->AR, addr_reg); + 800b22c: 6497 str r7, [r2, #72] ; 0x48 + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_SM, SET, tickstart, Timeout); + 800b22e: 9600 str r6, [sp, #0] + 800b230: 2201 movs r2, #1 + 800b232: 2108 movs r1, #8 + 800b234: 4620 mov r0, r4 + 800b236: f7ff fdaf bl 800ad98 + if (status == HAL_OK) + 800b23a: b920 cbnz r0, 800b246 + __HAL_OSPI_CLEAR_FLAG(hospi, HAL_OSPI_FLAG_SM); + 800b23c: 6823 ldr r3, [r4, #0] + 800b23e: 2208 movs r2, #8 + 800b240: 625a str r2, [r3, #36] ; 0x24 + hospi->State = HAL_OSPI_STATE_READY; + 800b242: 2302 movs r3, #2 + 800b244: 6463 str r3, [r4, #68] ; 0x44 +} + 800b246: b004 add sp, #16 + 800b248: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + if (READ_BIT(hospi->Instance->CCR, OCTOSPI_CCR_ADMODE) != HAL_OSPI_ADDRESS_NONE) + 800b24c: f8d2 1100 ldr.w r1, [r2, #256] ; 0x100 + 800b250: f411 6fe0 tst.w r1, #1792 ; 0x700 + 800b254: d1ea bne.n 800b22c + WRITE_REG(hospi->Instance->IR, ir_reg); + 800b256: f8c2 8110 str.w r8, [r2, #272] ; 0x110 + 800b25a: e7e8 b.n 800b22e + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b25c: 2310 movs r3, #16 + 800b25e: 64a3 str r3, [r4, #72] ; 0x48 + status = HAL_ERROR; + 800b260: 2001 movs r0, #1 + 800b262: e7f0 b.n 800b246 + +0800b264 : +{ + 800b264: b5f7 push {r0, r1, r2, r4, r5, r6, r7, lr} + 800b266: 4604 mov r4, r0 + 800b268: 460f mov r7, r1 + uint32_t tickstart = HAL_GetTick(); + 800b26a: f7fb ff29 bl 80070c0 + uint32_t addr_reg = hospi->Instance->AR; + 800b26e: 6822 ldr r2, [r4, #0] + 800b270: 6c95 ldr r5, [r2, #72] ; 0x48 + uint32_t ir_reg = hospi->Instance->IR; + 800b272: f8d2 6110 ldr.w r6, [r2, #272] ; 0x110 + if (hospi->State == HAL_OSPI_STATE_CMD_CFG) + 800b276: 6c62 ldr r2, [r4, #68] ; 0x44 + 800b278: 2a04 cmp r2, #4 + uint32_t tickstart = HAL_GetTick(); + 800b27a: 4603 mov r3, r0 + if (hospi->State == HAL_OSPI_STATE_CMD_CFG) + 800b27c: d132 bne.n 800b2e4 + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_BUSY, RESET, tickstart, hospi->Timeout); + 800b27e: 6ce2 ldr r2, [r4, #76] ; 0x4c + 800b280: 9200 str r2, [sp, #0] + 800b282: 2120 movs r1, #32 + 800b284: 2200 movs r2, #0 + 800b286: 4620 mov r0, r4 + 800b288: f7ff fd86 bl 800ad98 + if (status == HAL_OK) + 800b28c: bb00 cbnz r0, 800b2d0 + WRITE_REG (hospi->Instance->PSMAR, cfg->Match); + 800b28e: 6823 ldr r3, [r4, #0] + 800b290: 683a ldr r2, [r7, #0] + 800b292: f8c3 2088 str.w r2, [r3, #136] ; 0x88 + WRITE_REG (hospi->Instance->PSMKR, cfg->Mask); + 800b296: 687a ldr r2, [r7, #4] + 800b298: f8c3 2080 str.w r2, [r3, #128] ; 0x80 + WRITE_REG (hospi->Instance->PIR, cfg->Interval); + 800b29c: 693a ldr r2, [r7, #16] + 800b29e: f8c3 2090 str.w r2, [r3, #144] ; 0x90 + MODIFY_REG(hospi->Instance->CR, (OCTOSPI_CR_PMM | OCTOSPI_CR_APMS | OCTOSPI_CR_FMODE), + 800b2a2: e9d7 2702 ldrd r2, r7, [r7, #8] + 800b2a6: 6819 ldr r1, [r3, #0] + 800b2a8: 433a orrs r2, r7 + 800b2aa: f021 5143 bic.w r1, r1, #817889280 ; 0x30c00000 + 800b2ae: 430a orrs r2, r1 + 800b2b0: f042 5200 orr.w r2, r2, #536870912 ; 0x20000000 + 800b2b4: 601a str r2, [r3, #0] + __HAL_OSPI_CLEAR_FLAG(hospi, HAL_OSPI_FLAG_TE | HAL_OSPI_FLAG_SM); + 800b2b6: 2209 movs r2, #9 + 800b2b8: 625a str r2, [r3, #36] ; 0x24 + hospi->State = HAL_OSPI_STATE_BUSY_AUTO_POLLING; + 800b2ba: 2248 movs r2, #72 ; 0x48 + 800b2bc: 6462 str r2, [r4, #68] ; 0x44 + __HAL_OSPI_ENABLE_IT(hospi, HAL_OSPI_IT_SM | HAL_OSPI_IT_TE); + 800b2be: 681a ldr r2, [r3, #0] + 800b2c0: f442 2210 orr.w r2, r2, #589824 ; 0x90000 + 800b2c4: 601a str r2, [r3, #0] + if (hospi->Init.MemoryType == HAL_OSPI_MEMTYPE_HYPERBUS) + 800b2c6: 68e2 ldr r2, [r4, #12] + 800b2c8: f1b2 6f80 cmp.w r2, #67108864 ; 0x4000000 + 800b2cc: d102 bne.n 800b2d4 + WRITE_REG(hospi->Instance->AR, addr_reg); + 800b2ce: 649d str r5, [r3, #72] ; 0x48 +} + 800b2d0: b003 add sp, #12 + 800b2d2: bdf0 pop {r4, r5, r6, r7, pc} + if (READ_BIT(hospi->Instance->CCR, OCTOSPI_CCR_ADMODE) != HAL_OSPI_ADDRESS_NONE) + 800b2d4: f8d3 2100 ldr.w r2, [r3, #256] ; 0x100 + 800b2d8: f412 6fe0 tst.w r2, #1792 ; 0x700 + 800b2dc: d1f7 bne.n 800b2ce + WRITE_REG(hospi->Instance->IR, ir_reg); + 800b2de: f8c3 6110 str.w r6, [r3, #272] ; 0x110 + 800b2e2: e7f5 b.n 800b2d0 + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b2e4: 2310 movs r3, #16 + 800b2e6: 64a3 str r3, [r4, #72] ; 0x48 + status = HAL_ERROR; + 800b2e8: 2001 movs r0, #1 + 800b2ea: e7f1 b.n 800b2d0 + +0800b2ec : +{ + 800b2ec: b573 push {r0, r1, r4, r5, r6, lr} + 800b2ee: 4604 mov r4, r0 + 800b2f0: 460d mov r5, r1 + uint32_t tickstart = HAL_GetTick(); + 800b2f2: f7fb fee5 bl 80070c0 + if (hospi->State == HAL_OSPI_STATE_CMD_CFG) + 800b2f6: 6c62 ldr r2, [r4, #68] ; 0x44 + 800b2f8: 2a04 cmp r2, #4 + uint32_t tickstart = HAL_GetTick(); + 800b2fa: 4603 mov r3, r0 + if (hospi->State == HAL_OSPI_STATE_CMD_CFG) + 800b2fc: d121 bne.n 800b342 + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_BUSY, RESET, tickstart, hospi->Timeout); + 800b2fe: 6ce2 ldr r2, [r4, #76] ; 0x4c + 800b300: 9200 str r2, [sp, #0] + 800b302: 2120 movs r1, #32 + 800b304: 2200 movs r2, #0 + 800b306: 4620 mov r0, r4 + 800b308: f7ff fd46 bl 800ad98 + if (status == HAL_OK) + 800b30c: b9b8 cbnz r0, 800b33e + if (cfg->TimeOutActivation == HAL_OSPI_TIMEOUT_COUNTER_ENABLE) + 800b30e: 682e ldr r6, [r5, #0] + WRITE_REG(hospi->Instance->LPTR, cfg->TimeOutPeriod); + 800b310: 6822 ldr r2, [r4, #0] + hospi->State = HAL_OSPI_STATE_BUSY_MEM_MAPPED; + 800b312: 2388 movs r3, #136 ; 0x88 + if (cfg->TimeOutActivation == HAL_OSPI_TIMEOUT_COUNTER_ENABLE) + 800b314: 2e08 cmp r6, #8 + hospi->State = HAL_OSPI_STATE_BUSY_MEM_MAPPED; + 800b316: 6463 str r3, [r4, #68] ; 0x44 + if (cfg->TimeOutActivation == HAL_OSPI_TIMEOUT_COUNTER_ENABLE) + 800b318: d108 bne.n 800b32c + WRITE_REG(hospi->Instance->LPTR, cfg->TimeOutPeriod); + 800b31a: 686b ldr r3, [r5, #4] + 800b31c: f8c2 3130 str.w r3, [r2, #304] ; 0x130 + __HAL_OSPI_CLEAR_FLAG(hospi, HAL_OSPI_FLAG_TO); + 800b320: 2310 movs r3, #16 + 800b322: 6253 str r3, [r2, #36] ; 0x24 + __HAL_OSPI_ENABLE_IT(hospi, HAL_OSPI_IT_TO); + 800b324: 6811 ldr r1, [r2, #0] + 800b326: f441 1180 orr.w r1, r1, #1048576 ; 0x100000 + 800b32a: 6011 str r1, [r2, #0] + MODIFY_REG(hospi->Instance->CR, (OCTOSPI_CR_TCEN | OCTOSPI_CR_FMODE), + 800b32c: 6813 ldr r3, [r2, #0] + 800b32e: f023 5340 bic.w r3, r3, #805306368 ; 0x30000000 + 800b332: f023 0308 bic.w r3, r3, #8 + 800b336: 4333 orrs r3, r6 + 800b338: f043 5340 orr.w r3, r3, #805306368 ; 0x30000000 + 800b33c: 6013 str r3, [r2, #0] +} + 800b33e: b002 add sp, #8 + 800b340: bd70 pop {r4, r5, r6, pc} + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b342: 2310 movs r3, #16 + 800b344: 64a3 str r3, [r4, #72] ; 0x48 + status = HAL_ERROR; + 800b346: 2001 movs r0, #1 + 800b348: e7f9 b.n 800b33e + +0800b34a : + if ((hospi->State & OSPI_BUSY_STATE_MASK) == 0U) + 800b34a: 6c43 ldr r3, [r0, #68] ; 0x44 + 800b34c: f013 0308 ands.w r3, r3, #8 + 800b350: d10a bne.n 800b368 + hospi->Init.FifoThreshold = Threshold; + 800b352: 6041 str r1, [r0, #4] + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FTHRES, ((hospi->Init.FifoThreshold-1U) << OCTOSPI_CR_FTHRES_Pos)); + 800b354: 6800 ldr r0, [r0, #0] + 800b356: 6802 ldr r2, [r0, #0] + 800b358: 3901 subs r1, #1 + 800b35a: f422 52f8 bic.w r2, r2, #7936 ; 0x1f00 + 800b35e: ea42 2101 orr.w r1, r2, r1, lsl #8 + 800b362: 6001 str r1, [r0, #0] + HAL_StatusTypeDef status = HAL_OK; + 800b364: 4618 mov r0, r3 + 800b366: 4770 bx lr + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b368: 2310 movs r3, #16 + 800b36a: 6483 str r3, [r0, #72] ; 0x48 + status = HAL_ERROR; + 800b36c: 2001 movs r0, #1 +} + 800b36e: 4770 bx lr + +0800b370 : + return ((READ_BIT(hospi->Instance->CR, OCTOSPI_CR_FTHRES) >> OCTOSPI_CR_FTHRES_Pos) + 1U); + 800b370: 6803 ldr r3, [r0, #0] + 800b372: 6818 ldr r0, [r3, #0] + 800b374: f3c0 2004 ubfx r0, r0, #8, #5 +} + 800b378: 3001 adds r0, #1 + 800b37a: 4770 bx lr + +0800b37c : + hospi->Timeout = Timeout; + 800b37c: 64c1 str r1, [r0, #76] ; 0x4c +} + 800b37e: 2000 movs r0, #0 + 800b380: 4770 bx lr + +0800b382 : + return hospi->ErrorCode; + 800b382: 6c80 ldr r0, [r0, #72] ; 0x48 +} + 800b384: 4770 bx lr + +0800b386 : + return hospi->State; + 800b386: 6c40 ldr r0, [r0, #68] ; 0x44 +} + 800b388: 4770 bx lr + ... + +0800b38c : +{ + 800b38c: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + if (hospi->Instance == OCTOSPI1) + 800b390: 6802 ldr r2, [r0, #0] + other_instance = 0U; + 800b392: 4bbf ldr r3, [pc, #764] ; (800b690 ) + * @retval HAL status + */ +static HAL_StatusTypeDef OSPIM_GetConfig(uint8_t instance_nb, OSPIM_CfgTypeDef *cfg) +{ + HAL_StatusTypeDef status = HAL_OK; + uint32_t reg, value = 0U; + 800b394: f8df 8304 ldr.w r8, [pc, #772] ; 800b69c + other_instance = 0U; + 800b398: 429a cmp r2, r3 +{ + 800b39a: b08b sub sp, #44 ; 0x2c + } + + /* Get the information about the instance */ + for (index = 0U; index < OSPI_IOM_NB_PORTS; index ++) + { + reg = OCTOSPIM->PCR[index]; + 800b39c: 4bbd ldr r3, [pc, #756] ; (800b694 ) + other_instance = 0U; + 800b39e: bf0b itete eq + 800b3a0: f04f 0a01 moveq.w sl, #1 + 800b3a4: f04f 0a00 movne.w sl, #0 + 800b3a8: 2000 moveq r0, #0 + 800b3aa: 2001 movne r0, #1 + for (index = 0U; index < OSPI_NB_INSTANCE; index++) + 800b3ac: 466a mov r2, sp + instance = 1U; + 800b3ae: 2501 movs r5, #1 + cfg->ClkPort = 0U; + 800b3b0: 2700 movs r7, #0 + cfg->DQSPort = 0U; + 800b3b2: e9c2 7700 strd r7, r7, [r2] + cfg->IOLowPort = 0U; + 800b3b6: e9c2 7702 strd r7, r7, [r2, #8] + uint32_t reg, value = 0U; + 800b3ba: 2d02 cmp r5, #2 + 800b3bc: bf0c ite eq + 800b3be: 46c4 moveq ip, r8 + 800b3c0: f04f 0c00 movne.w ip, #0 + cfg->IOHighPort = 0U; + 800b3c4: 6117 str r7, [r2, #16] + for (index = 0U; index < OSPI_IOM_NB_PORTS; index ++) + 800b3c6: f04f 0e00 mov.w lr, #0 + reg = OCTOSPIM->PCR[index]; + 800b3ca: eb03 048e add.w r4, r3, lr, lsl #2 + { + /* The clock is enabled on this port */ + if ((reg & OCTOSPIM_PCR_CLKSRC) == (value & OCTOSPIM_PCR_CLKSRC)) + { + /* The clock correspond to the instance passed as parameter */ + cfg->ClkPort = index+1U; + 800b3ce: f10e 0601 add.w r6, lr, #1 + reg = OCTOSPIM->PCR[index]; + 800b3d2: 6864 ldr r4, [r4, #4] + if ((reg & OCTOSPIM_PCR_CLKEN) != 0U) + 800b3d4: f014 0f01 tst.w r4, #1 + 800b3d8: d005 beq.n 800b3e6 + if ((reg & OCTOSPIM_PCR_CLKSRC) == (value & OCTOSPIM_PCR_CLKSRC)) + 800b3da: ea84 0e0c eor.w lr, r4, ip + 800b3de: f01e 0f02 tst.w lr, #2 + cfg->ClkPort = index+1U; + 800b3e2: bf08 it eq + 800b3e4: 6016 streq r6, [r2, #0] + } + } + + if ((reg & OCTOSPIM_PCR_DQSEN) != 0U) + 800b3e6: f014 0f10 tst.w r4, #16 + 800b3ea: d005 beq.n 800b3f8 + { + /* The DQS is enabled on this port */ + if ((reg & OCTOSPIM_PCR_DQSSRC) == (value & OCTOSPIM_PCR_DQSSRC)) + 800b3ec: ea84 0e0c eor.w lr, r4, ip + 800b3f0: f01e 0f20 tst.w lr, #32 + { + /* The DQS correspond to the instance passed as parameter */ + cfg->DQSPort = index+1U; + 800b3f4: bf08 it eq + 800b3f6: 6056 streq r6, [r2, #4] + } + } + + if ((reg & OCTOSPIM_PCR_NCSEN) != 0U) + 800b3f8: f414 7f80 tst.w r4, #256 ; 0x100 + 800b3fc: d005 beq.n 800b40a + { + /* The nCS is enabled on this port */ + if ((reg & OCTOSPIM_PCR_NCSSRC) == (value & OCTOSPIM_PCR_NCSSRC)) + 800b3fe: ea84 0e0c eor.w lr, r4, ip + 800b402: f41e 7f00 tst.w lr, #512 ; 0x200 + { + /* The nCS correspond to the instance passed as parameter */ + cfg->NCSPort = index+1U; + 800b406: bf08 it eq + 800b408: 6096 streq r6, [r2, #8] + } + } + + if ((reg & OCTOSPIM_PCR_IOLEN) != 0U) + 800b40a: f414 3f80 tst.w r4, #65536 ; 0x10000 + 800b40e: d00d beq.n 800b42c + { + /* The IO Low is enabled on this port */ + if ((reg & OCTOSPIM_PCR_IOLSRC_1) == (value & OCTOSPIM_PCR_IOLSRC_1)) + 800b410: ea84 0e0c eor.w lr, r4, ip + 800b414: f41e 2f80 tst.w lr, #262144 ; 0x40000 + 800b418: d108 bne.n 800b42c + { + /* The IO Low correspond to the instance passed as parameter */ + if ((reg & OCTOSPIM_PCR_IOLSRC_0) == 0U) + 800b41a: f414 3f00 tst.w r4, #131072 ; 0x20000 + { + cfg->IOLowPort = (OCTOSPIM_PCR_IOLEN | (index+1U)); + 800b41e: bf0c ite eq + 800b420: f446 3e80 orreq.w lr, r6, #65536 ; 0x10000 + } + else + { + cfg->IOLowPort = (OCTOSPIM_PCR_IOHEN | (index+1U)); + 800b424: f046 7e80 orrne.w lr, r6, #16777216 ; 0x1000000 + 800b428: f8c2 e00c str.w lr, [r2, #12] + } + } + } + + if ((reg & OCTOSPIM_PCR_IOHEN) != 0U) + 800b42c: f014 7f80 tst.w r4, #16777216 ; 0x1000000 + 800b430: d00b beq.n 800b44a + { + /* The IO High is enabled on this port */ + if ((reg & OCTOSPIM_PCR_IOHSRC_1) == (value & OCTOSPIM_PCR_IOHSRC_1)) + 800b432: ea84 0e0c eor.w lr, r4, ip + 800b436: f01e 6f80 tst.w lr, #67108864 ; 0x4000000 + 800b43a: d106 bne.n 800b44a + { + /* The IO High correspond to the instance passed as parameter */ + if ((reg & OCTOSPIM_PCR_IOHSRC_0) == 0U) + 800b43c: 01a4 lsls r4, r4, #6 + { + cfg->IOHighPort = (OCTOSPIM_PCR_IOLEN | (index+1U)); + 800b43e: bf54 ite pl + 800b440: f446 3480 orrpl.w r4, r6, #65536 ; 0x10000 + } + else + { + cfg->IOHighPort = (OCTOSPIM_PCR_IOHEN | (index+1U)); + 800b444: f046 7480 orrmi.w r4, r6, #16777216 ; 0x1000000 + 800b448: 6114 str r4, [r2, #16] + for (index = 0U; index < OSPI_IOM_NB_PORTS; index ++) + 800b44a: 2e02 cmp r6, #2 + 800b44c: f04f 0e01 mov.w lr, #1 + 800b450: d1bb bne.n 800b3ca + for (index = 0U; index < OSPI_NB_INSTANCE; index++) + 800b452: 2d02 cmp r5, #2 + 800b454: f102 0214 add.w r2, r2, #20 + 800b458: f040 8117 bne.w 800b68a + if ((OCTOSPI1->CR & OCTOSPI_CR_EN) != 0U) + 800b45c: 4c8c ldr r4, [pc, #560] ; (800b690 ) + 800b45e: 6825 ldr r5, [r4, #0] + 800b460: ea15 050e ands.w r5, r5, lr + CLEAR_BIT(OCTOSPI1->CR, OCTOSPI_CR_EN); + 800b464: bf1e ittt ne + 800b466: 6822 ldrne r2, [r4, #0] + 800b468: f022 0201 bicne.w r2, r2, #1 + 800b46c: 6022 strne r2, [r4, #0] + if ((OCTOSPI2->CR & OCTOSPI_CR_EN) != 0U) + 800b46e: 4a8a ldr r2, [pc, #552] ; (800b698 ) + 800b470: 6814 ldr r4, [r2, #0] + ospi_enabled |= 0x1U; + 800b472: bf18 it ne + 800b474: 4675 movne r5, lr + if ((OCTOSPI2->CR & OCTOSPI_CR_EN) != 0U) + 800b476: 07e6 lsls r6, r4, #31 + CLEAR_BIT(OCTOSPI2->CR, OCTOSPI_CR_EN); + 800b478: bf42 ittt mi + 800b47a: 6814 ldrmi r4, [r2, #0] + 800b47c: f024 0401 bicmi.w r4, r4, #1 + 800b480: 6014 strmi r4, [r2, #0] + CLEAR_BIT(OCTOSPIM->PCR[(IOM_cfg[instance].NCSPort-1U)], OCTOSPIM_PCR_NCSEN); + 800b482: aa0a add r2, sp, #40 ; 0x28 + 800b484: f04f 0414 mov.w r4, #20 + 800b488: fb04 2400 mla r4, r4, r0, r2 + ospi_enabled |= 0x2U; + 800b48c: bf48 it mi + 800b48e: f045 0b02 orrmi.w fp, r5, #2 + CLEAR_BIT(OCTOSPIM->PCR[(IOM_cfg[instance].NCSPort-1U)], OCTOSPIM_PCR_NCSEN); + 800b492: f854 2c20 ldr.w r2, [r4, #-32] + 800b496: f102 32ff add.w r2, r2, #4294967295 ; 0xffffffff + 800b49a: eb03 0282 add.w r2, r3, r2, lsl #2 + 800b49e: bf58 it pl + 800b4a0: 46ab movpl fp, r5 + 800b4a2: 6856 ldr r6, [r2, #4] + 800b4a4: f426 7680 bic.w r6, r6, #256 ; 0x100 + 800b4a8: 6056 str r6, [r2, #4] + if (IOM_cfg[instance].ClkPort != 0U) + 800b4aa: f854 2c28 ldr.w r2, [r4, #-40] + 800b4ae: b382 cbz r2, 800b512 + CLEAR_BIT(OCTOSPIM->PCR[(IOM_cfg[instance].ClkPort-1U)], OCTOSPIM_PCR_CLKEN); + 800b4b0: 3a01 subs r2, #1 + 800b4b2: eb03 0282 add.w r2, r3, r2, lsl #2 + 800b4b6: 6856 ldr r6, [r2, #4] + 800b4b8: f026 0601 bic.w r6, r6, #1 + 800b4bc: 6056 str r6, [r2, #4] + if (IOM_cfg[instance].DQSPort != 0U) + 800b4be: f854 2c24 ldr.w r2, [r4, #-36] + 800b4c2: b132 cbz r2, 800b4d2 + CLEAR_BIT(OCTOSPIM->PCR[(IOM_cfg[instance].DQSPort-1U)], OCTOSPIM_PCR_DQSEN); + 800b4c4: 3a01 subs r2, #1 + 800b4c6: eb03 0282 add.w r2, r3, r2, lsl #2 + 800b4ca: 6854 ldr r4, [r2, #4] + 800b4cc: f024 0410 bic.w r4, r4, #16 + 800b4d0: 6054 str r4, [r2, #4] + if (IOM_cfg[instance].IOLowPort != HAL_OSPIM_IOPORT_NONE) + 800b4d2: 2214 movs r2, #20 + 800b4d4: ac0a add r4, sp, #40 ; 0x28 + 800b4d6: fb02 4200 mla r2, r2, r0, r4 + 800b4da: f852 2c1c ldr.w r2, [r2, #-28] + 800b4de: b142 cbz r2, 800b4f2 + CLEAR_BIT(OCTOSPIM->PCR[((IOM_cfg[instance].IOLowPort-1U)& OSPI_IOM_PORT_MASK)], OCTOSPIM_PCR_IOLEN); + 800b4e0: 3a01 subs r2, #1 + 800b4e2: f002 0201 and.w r2, r2, #1 + 800b4e6: eb03 0282 add.w r2, r3, r2, lsl #2 + 800b4ea: 6854 ldr r4, [r2, #4] + 800b4ec: f424 3480 bic.w r4, r4, #65536 ; 0x10000 + 800b4f0: 6054 str r4, [r2, #4] + if (IOM_cfg[instance].IOHighPort != HAL_OSPIM_IOPORT_NONE) + 800b4f2: 2214 movs r2, #20 + 800b4f4: ac0a add r4, sp, #40 ; 0x28 + 800b4f6: fb02 4200 mla r2, r2, r0, r4 + 800b4fa: f852 2c18 ldr.w r2, [r2, #-24] + 800b4fe: b142 cbz r2, 800b512 + CLEAR_BIT(OCTOSPIM->PCR[((IOM_cfg[instance].IOHighPort-1U)& OSPI_IOM_PORT_MASK)], OCTOSPIM_PCR_IOHEN); + 800b500: 3a01 subs r2, #1 + 800b502: f002 0201 and.w r2, r2, #1 + 800b506: eb03 0282 add.w r2, r3, r2, lsl #2 + 800b50a: 6854 ldr r4, [r2, #4] + 800b50c: f024 7480 bic.w r4, r4, #16777216 ; 0x1000000 + 800b510: 6054 str r4, [r2, #4] + if ((cfg->ClkPort == IOM_cfg[other_instance].ClkPort) || (cfg->DQSPort == IOM_cfg[other_instance].DQSPort) || + 800b512: aa0a add r2, sp, #40 ; 0x28 + 800b514: f04f 0914 mov.w r9, #20 + 800b518: fb09 290a mla r9, r9, sl, r2 + 800b51c: f8d1 c000 ldr.w ip, [r1] + 800b520: f859 8c28 ldr.w r8, [r9, #-40] + (cfg->IOHighPort == IOM_cfg[other_instance].IOHighPort)) + 800b524: f859 4c18 ldr.w r4, [r9, #-24] + if ((cfg->ClkPort == IOM_cfg[other_instance].ClkPort) || (cfg->DQSPort == IOM_cfg[other_instance].DQSPort) || + 800b528: 45c4 cmp ip, r8 + (cfg->NCSPort == IOM_cfg[other_instance].NCSPort) || (cfg->IOLowPort == IOM_cfg[other_instance].IOLowPort) || + 800b52a: e9d1 6e01 ldrd r6, lr, [r1, #4] + (cfg->IOHighPort == IOM_cfg[other_instance].IOHighPort)) + 800b52e: e9d1 2103 ldrd r2, r1, [r1, #12] + if ((cfg->ClkPort == IOM_cfg[other_instance].ClkPort) || (cfg->DQSPort == IOM_cfg[other_instance].DQSPort) || + 800b532: d00d beq.n 800b550 + 800b534: f859 7c24 ldr.w r7, [r9, #-36] + 800b538: 42b7 cmp r7, r6 + 800b53a: d009 beq.n 800b550 + 800b53c: f859 7c20 ldr.w r7, [r9, #-32] + 800b540: 45be cmp lr, r7 + 800b542: d005 beq.n 800b550 + (cfg->NCSPort == IOM_cfg[other_instance].NCSPort) || (cfg->IOLowPort == IOM_cfg[other_instance].IOLowPort) || + 800b544: f859 7c1c ldr.w r7, [r9, #-28] + 800b548: 4297 cmp r7, r2 + 800b54a: d001 beq.n 800b550 + 800b54c: 428c cmp r4, r1 + 800b54e: d142 bne.n 800b5d6 + CLEAR_BIT(OCTOSPIM->PCR[(IOM_cfg[other_instance].ClkPort-1U)], OCTOSPIM_PCR_CLKEN); + 800b550: f108 38ff add.w r8, r8, #4294967295 ; 0xffffffff + 800b554: eb03 0888 add.w r8, r3, r8, lsl #2 + 800b558: f8d8 7004 ldr.w r7, [r8, #4] + 800b55c: f027 0701 bic.w r7, r7, #1 + 800b560: f8c8 7004 str.w r7, [r8, #4] + if (IOM_cfg[other_instance].DQSPort != 0U) + 800b564: 2714 movs r7, #20 + 800b566: f10d 0828 add.w r8, sp, #40 ; 0x28 + 800b56a: fb07 870a mla r7, r7, sl, r8 + 800b56e: f857 7c24 ldr.w r7, [r7, #-36] + 800b572: b147 cbz r7, 800b586 + CLEAR_BIT(OCTOSPIM->PCR[(IOM_cfg[other_instance].DQSPort-1U)], OCTOSPIM_PCR_DQSEN); + 800b574: 3f01 subs r7, #1 + 800b576: eb03 0787 add.w r7, r3, r7, lsl #2 + 800b57a: f8d7 8004 ldr.w r8, [r7, #4] + 800b57e: f028 0810 bic.w r8, r8, #16 + 800b582: f8c7 8004 str.w r8, [r7, #4] + CLEAR_BIT(OCTOSPIM->PCR[(IOM_cfg[other_instance].NCSPort-1U)], OCTOSPIM_PCR_NCSEN); + 800b586: 2714 movs r7, #20 + 800b588: f10d 0828 add.w r8, sp, #40 ; 0x28 + 800b58c: fb07 8a0a mla sl, r7, sl, r8 + 800b590: f85a 7c20 ldr.w r7, [sl, #-32] + 800b594: 3f01 subs r7, #1 + 800b596: eb03 0787 add.w r7, r3, r7, lsl #2 + 800b59a: f8d7 8004 ldr.w r8, [r7, #4] + 800b59e: f428 7880 bic.w r8, r8, #256 ; 0x100 + 800b5a2: f8c7 8004 str.w r8, [r7, #4] + if (IOM_cfg[other_instance].IOLowPort != HAL_OSPIM_IOPORT_NONE) + 800b5a6: f85a 7c1c ldr.w r7, [sl, #-28] + 800b5aa: b157 cbz r7, 800b5c2 + CLEAR_BIT(OCTOSPIM->PCR[((IOM_cfg[other_instance].IOLowPort-1U)& OSPI_IOM_PORT_MASK)], OCTOSPIM_PCR_IOLEN); + 800b5ac: 3f01 subs r7, #1 + 800b5ae: f007 0701 and.w r7, r7, #1 + 800b5b2: eb03 0787 add.w r7, r3, r7, lsl #2 + 800b5b6: f8d7 8004 ldr.w r8, [r7, #4] + 800b5ba: f428 3880 bic.w r8, r8, #65536 ; 0x10000 + 800b5be: f8c7 8004 str.w r8, [r7, #4] + if (IOM_cfg[other_instance].IOHighPort != HAL_OSPIM_IOPORT_NONE) + 800b5c2: b144 cbz r4, 800b5d6 + CLEAR_BIT(OCTOSPIM->PCR[((IOM_cfg[other_instance].IOHighPort-1U)& OSPI_IOM_PORT_MASK)], OCTOSPIM_PCR_IOHEN); + 800b5c4: 3c01 subs r4, #1 + 800b5c6: f004 0401 and.w r4, r4, #1 + 800b5ca: eb03 0484 add.w r4, r3, r4, lsl #2 + 800b5ce: 6867 ldr r7, [r4, #4] + 800b5d0: f027 7780 bic.w r7, r7, #16777216 ; 0x1000000 + 800b5d4: 6067 str r7, [r4, #4] + MODIFY_REG(OCTOSPIM->PCR[(cfg->NCSPort-1U)], (OCTOSPIM_PCR_NCSEN | OCTOSPIM_PCR_NCSSRC), (OCTOSPIM_PCR_NCSEN | (instance << OCTOSPIM_PCR_NCSSRC_Pos))); + 800b5d6: f10e 3eff add.w lr, lr, #4294967295 ; 0xffffffff + 800b5da: eb03 0e8e add.w lr, r3, lr, lsl #2 + MODIFY_REG(OCTOSPIM->PCR[(cfg->ClkPort-1U)], (OCTOSPIM_PCR_CLKEN | OCTOSPIM_PCR_CLKSRC), (OCTOSPIM_PCR_CLKEN | (instance << OCTOSPIM_PCR_CLKSRC_Pos))); + 800b5de: f10c 3cff add.w ip, ip, #4294967295 ; 0xffffffff + MODIFY_REG(OCTOSPIM->PCR[(cfg->NCSPort-1U)], (OCTOSPIM_PCR_NCSEN | OCTOSPIM_PCR_NCSSRC), (OCTOSPIM_PCR_NCSEN | (instance << OCTOSPIM_PCR_NCSSRC_Pos))); + 800b5e2: f8de 4004 ldr.w r4, [lr, #4] + 800b5e6: f424 7440 bic.w r4, r4, #768 ; 0x300 + 800b5ea: ea44 2440 orr.w r4, r4, r0, lsl #9 + 800b5ee: f444 7480 orr.w r4, r4, #256 ; 0x100 + MODIFY_REG(OCTOSPIM->PCR[(cfg->ClkPort-1U)], (OCTOSPIM_PCR_CLKEN | OCTOSPIM_PCR_CLKSRC), (OCTOSPIM_PCR_CLKEN | (instance << OCTOSPIM_PCR_CLKSRC_Pos))); + 800b5f2: eb03 0c8c add.w ip, r3, ip, lsl #2 + MODIFY_REG(OCTOSPIM->PCR[(cfg->NCSPort-1U)], (OCTOSPIM_PCR_NCSEN | OCTOSPIM_PCR_NCSSRC), (OCTOSPIM_PCR_NCSEN | (instance << OCTOSPIM_PCR_NCSSRC_Pos))); + 800b5f6: f8ce 4004 str.w r4, [lr, #4] + MODIFY_REG(OCTOSPIM->PCR[(cfg->ClkPort-1U)], (OCTOSPIM_PCR_CLKEN | OCTOSPIM_PCR_CLKSRC), (OCTOSPIM_PCR_CLKEN | (instance << OCTOSPIM_PCR_CLKSRC_Pos))); + 800b5fa: f8dc 4004 ldr.w r4, [ip, #4] + 800b5fe: f024 0403 bic.w r4, r4, #3 + 800b602: ea44 0440 orr.w r4, r4, r0, lsl #1 + 800b606: f044 0401 orr.w r4, r4, #1 + 800b60a: f8cc 4004 str.w r4, [ip, #4] + if (cfg->DQSPort != 0U) + 800b60e: b156 cbz r6, 800b626 + MODIFY_REG(OCTOSPIM->PCR[(cfg->DQSPort-1U)], (OCTOSPIM_PCR_DQSEN | OCTOSPIM_PCR_DQSSRC), (OCTOSPIM_PCR_DQSEN | (instance << OCTOSPIM_PCR_DQSSRC_Pos))); + 800b610: 3e01 subs r6, #1 + 800b612: eb03 0686 add.w r6, r3, r6, lsl #2 + 800b616: 6874 ldr r4, [r6, #4] + 800b618: f024 0430 bic.w r4, r4, #48 ; 0x30 + 800b61c: ea44 1440 orr.w r4, r4, r0, lsl #5 + 800b620: f044 0410 orr.w r4, r4, #16 + 800b624: 6074 str r4, [r6, #4] + if ((cfg->IOLowPort & OCTOSPIM_PCR_IOLEN) != 0U) + 800b626: 03d4 lsls r4, r2, #15 + 800b628: d53a bpl.n 800b6a0 + MODIFY_REG(OCTOSPIM->PCR[((cfg->IOLowPort-1U)& OSPI_IOM_PORT_MASK)], (OCTOSPIM_PCR_IOLEN | OCTOSPIM_PCR_IOLSRC), + 800b62a: 3a01 subs r2, #1 + 800b62c: f002 0201 and.w r2, r2, #1 + 800b630: eb03 0282 add.w r2, r3, r2, lsl #2 + 800b634: 6854 ldr r4, [r2, #4] + 800b636: f424 24e0 bic.w r4, r4, #458752 ; 0x70000 + 800b63a: ea44 4480 orr.w r4, r4, r0, lsl #18 + 800b63e: f444 3480 orr.w r4, r4, #65536 ; 0x10000 + MODIFY_REG(OCTOSPIM->PCR[((cfg->IOLowPort-1U)& OSPI_IOM_PORT_MASK)], (OCTOSPIM_PCR_IOHEN | OCTOSPIM_PCR_IOHSRC), + 800b642: 6054 str r4, [r2, #4] + if ((cfg->IOHighPort & OCTOSPIM_PCR_IOLEN) != 0U) + 800b644: 03ca lsls r2, r1, #15 + 800b646: d53a bpl.n 800b6be + MODIFY_REG(OCTOSPIM->PCR[((cfg->IOHighPort-1U)& OSPI_IOM_PORT_MASK)], (OCTOSPIM_PCR_IOLEN | OCTOSPIM_PCR_IOLSRC), + 800b648: 3901 subs r1, #1 + 800b64a: f001 0101 and.w r1, r1, #1 + 800b64e: eb03 0381 add.w r3, r3, r1, lsl #2 + 800b652: 685a ldr r2, [r3, #4] + 800b654: f422 22e0 bic.w r2, r2, #458752 ; 0x70000 + 800b658: ea42 4080 orr.w r0, r2, r0, lsl #18 + 800b65c: f440 3040 orr.w r0, r0, #196608 ; 0x30000 + MODIFY_REG(OCTOSPIM->PCR[((cfg->IOHighPort-1U)& OSPI_IOM_PORT_MASK)], (OCTOSPIM_PCR_IOHEN | OCTOSPIM_PCR_IOHSRC), + 800b660: 6058 str r0, [r3, #4] + if ((ospi_enabled & 0x1U) != 0U) + 800b662: b125 cbz r5, 800b66e + SET_BIT(OCTOSPI1->CR, OCTOSPI_CR_EN); + 800b664: 4a0a ldr r2, [pc, #40] ; (800b690 ) + 800b666: 6813 ldr r3, [r2, #0] + 800b668: f043 0301 orr.w r3, r3, #1 + 800b66c: 6013 str r3, [r2, #0] + if ((ospi_enabled & 0x2U) != 0U) + 800b66e: f01b 0f02 tst.w fp, #2 + SET_BIT(OCTOSPI2->CR, OCTOSPI_CR_EN); + 800b672: bf1c itt ne + 800b674: 4a08 ldrne r2, [pc, #32] ; (800b698 ) + 800b676: 6813 ldrne r3, [r2, #0] +} + 800b678: f04f 0000 mov.w r0, #0 + SET_BIT(OCTOSPI2->CR, OCTOSPI_CR_EN); + 800b67c: bf1c itt ne + 800b67e: f043 0301 orrne.w r3, r3, #1 + 800b682: 6013 strne r3, [r2, #0] +} + 800b684: b00b add sp, #44 ; 0x2c + 800b686: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + 800b68a: 4635 mov r5, r6 + 800b68c: e691 b.n 800b3b2 + 800b68e: bf00 nop + 800b690: a0001000 .word 0xa0001000 + 800b694: 50061c00 .word 0x50061c00 + 800b698: a0001400 .word 0xa0001400 + 800b69c: 04040222 .word 0x04040222 + else if (cfg->IOLowPort != HAL_OSPIM_IOPORT_NONE) + 800b6a0: 2a00 cmp r2, #0 + 800b6a2: d0cf beq.n 800b644 + MODIFY_REG(OCTOSPIM->PCR[((cfg->IOLowPort-1U)& OSPI_IOM_PORT_MASK)], (OCTOSPIM_PCR_IOHEN | OCTOSPIM_PCR_IOHSRC), + 800b6a4: 3a01 subs r2, #1 + 800b6a6: f002 0201 and.w r2, r2, #1 + 800b6aa: eb03 0282 add.w r2, r3, r2, lsl #2 + 800b6ae: 6854 ldr r4, [r2, #4] + 800b6b0: f024 64e0 bic.w r4, r4, #117440512 ; 0x7000000 + 800b6b4: ea44 6480 orr.w r4, r4, r0, lsl #26 + 800b6b8: f044 7480 orr.w r4, r4, #16777216 ; 0x1000000 + 800b6bc: e7c1 b.n 800b642 + else if (cfg->IOHighPort != HAL_OSPIM_IOPORT_NONE) + 800b6be: 2900 cmp r1, #0 + 800b6c0: d0cf beq.n 800b662 + MODIFY_REG(OCTOSPIM->PCR[((cfg->IOHighPort-1U)& OSPI_IOM_PORT_MASK)], (OCTOSPIM_PCR_IOHEN | OCTOSPIM_PCR_IOHSRC), + 800b6c2: 3901 subs r1, #1 + 800b6c4: f001 0101 and.w r1, r1, #1 + 800b6c8: eb03 0381 add.w r3, r3, r1, lsl #2 + 800b6cc: 685a ldr r2, [r3, #4] + 800b6ce: f022 62e0 bic.w r2, r2, #117440512 ; 0x7000000 + 800b6d2: ea42 6080 orr.w r0, r2, r0, lsl #26 + 800b6d6: f040 7040 orr.w r0, r0, #50331648 ; 0x3000000 + 800b6da: e7c1 b.n 800b660 + +0800b6dc : + * @arg @ref I2C_GENERATE_START_WRITE Generate Restart for write request. + * @retval None + */ +static void I2C_TransferConfig(I2C_HandleTypeDef *hi2c, uint16_t DevAddress, uint8_t Size, uint32_t Mode, + uint32_t Request) +{ + 800b6dc: b530 push {r4, r5, lr} + 800b6de: 9d03 ldr r5, [sp, #12] + assert_param(IS_I2C_ALL_INSTANCE(hi2c->Instance)); + assert_param(IS_TRANSFER_MODE(Mode)); + assert_param(IS_TRANSFER_REQUEST(Request)); + + /* update CR2 register */ + MODIFY_REG(hi2c->Instance->CR2, + 800b6e0: 6804 ldr r4, [r0, #0] + 800b6e2: ea45 4202 orr.w r2, r5, r2, lsl #16 + 800b6e6: 431a orrs r2, r3 + 800b6e8: 4b05 ldr r3, [pc, #20] ; (800b700 ) + 800b6ea: 6860 ldr r0, [r4, #4] + 800b6ec: f3c1 0109 ubfx r1, r1, #0, #10 + 800b6f0: ea43 5355 orr.w r3, r3, r5, lsr #21 + 800b6f4: 430a orrs r2, r1 + 800b6f6: ea20 0003 bic.w r0, r0, r3 + 800b6fa: 4302 orrs r2, r0 + 800b6fc: 6062 str r2, [r4, #4] + ((I2C_CR2_SADD | I2C_CR2_NBYTES | I2C_CR2_RELOAD | I2C_CR2_AUTOEND | \ + (I2C_CR2_RD_WRN & (uint32_t)(Request >> (31U - I2C_CR2_RD_WRN_Pos))) | I2C_CR2_START | I2C_CR2_STOP)), \ + (uint32_t)(((uint32_t)DevAddress & I2C_CR2_SADD) | + (((uint32_t)Size << I2C_CR2_NBYTES_Pos) & I2C_CR2_NBYTES) | (uint32_t)Mode | (uint32_t)Request)); +} + 800b6fe: bd30 pop {r4, r5, pc} + 800b700: 03ff63ff .word 0x03ff63ff + +0800b704 : + if (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_AF) == SET) + 800b704: 6803 ldr r3, [r0, #0] +{ + 800b706: b570 push {r4, r5, r6, lr} + 800b708: 4604 mov r4, r0 + if (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_AF) == SET) + 800b70a: 6998 ldr r0, [r3, #24] + 800b70c: f010 0010 ands.w r0, r0, #16 +{ + 800b710: 460d mov r5, r1 + 800b712: 4616 mov r6, r2 + if (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_AF) == SET) + 800b714: d116 bne.n 800b744 +} + 800b716: bd70 pop {r4, r5, r6, pc} + if (Timeout != HAL_MAX_DELAY) + 800b718: 1c6a adds r2, r5, #1 + 800b71a: d014 beq.n 800b746 + if (((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 800b71c: f7fb fcd0 bl 80070c0 + 800b720: 1b80 subs r0, r0, r6 + 800b722: 4285 cmp r5, r0 + 800b724: d300 bcc.n 800b728 + 800b726: b96d cbnz r5, 800b744 + hi2c->ErrorCode |= HAL_I2C_ERROR_TIMEOUT; + 800b728: 6c63 ldr r3, [r4, #68] ; 0x44 + 800b72a: f043 0320 orr.w r3, r3, #32 + hi2c->ErrorCode |= HAL_I2C_ERROR_AF; + 800b72e: 6463 str r3, [r4, #68] ; 0x44 + hi2c->State = HAL_I2C_STATE_READY; + 800b730: 2320 movs r3, #32 + 800b732: f884 3041 strb.w r3, [r4, #65] ; 0x41 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800b736: 2300 movs r3, #0 + 800b738: f884 3042 strb.w r3, [r4, #66] ; 0x42 + __HAL_UNLOCK(hi2c); + 800b73c: f884 3040 strb.w r3, [r4, #64] ; 0x40 + return HAL_ERROR; + 800b740: 2001 movs r0, #1 + 800b742: e7e8 b.n 800b716 + while (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_STOPF) == RESET) + 800b744: 6823 ldr r3, [r4, #0] + 800b746: 699a ldr r2, [r3, #24] + 800b748: 0690 lsls r0, r2, #26 + 800b74a: d5e5 bpl.n 800b718 + __HAL_I2C_CLEAR_FLAG(hi2c, I2C_FLAG_AF); + 800b74c: 2210 movs r2, #16 + 800b74e: 61da str r2, [r3, #28] + __HAL_I2C_CLEAR_FLAG(hi2c, I2C_FLAG_STOPF); + 800b750: 2220 movs r2, #32 + 800b752: 61da str r2, [r3, #28] + if (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_TXIS) != RESET) + 800b754: 699a ldr r2, [r3, #24] + 800b756: 0791 lsls r1, r2, #30 + hi2c->Instance->TXDR = 0x00U; + 800b758: bf44 itt mi + 800b75a: 2200 movmi r2, #0 + 800b75c: 629a strmi r2, [r3, #40] ; 0x28 + if (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_TXE) == RESET) + 800b75e: 699a ldr r2, [r3, #24] + 800b760: 07d2 lsls r2, r2, #31 + __HAL_I2C_CLEAR_FLAG(hi2c, I2C_FLAG_TXE); + 800b762: bf5e ittt pl + 800b764: 699a ldrpl r2, [r3, #24] + 800b766: f042 0201 orrpl.w r2, r2, #1 + 800b76a: 619a strpl r2, [r3, #24] + I2C_RESET_CR2(hi2c); + 800b76c: 685a ldr r2, [r3, #4] + 800b76e: f022 72ff bic.w r2, r2, #33423360 ; 0x1fe0000 + 800b772: f422 328b bic.w r2, r2, #71168 ; 0x11600 + 800b776: f422 72ff bic.w r2, r2, #510 ; 0x1fe + 800b77a: f022 0201 bic.w r2, r2, #1 + 800b77e: 605a str r2, [r3, #4] + hi2c->ErrorCode |= HAL_I2C_ERROR_AF; + 800b780: 6c63 ldr r3, [r4, #68] ; 0x44 + 800b782: f043 0304 orr.w r3, r3, #4 + 800b786: e7d2 b.n 800b72e + +0800b788 : +{ + 800b788: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 800b78c: 9f06 ldr r7, [sp, #24] + 800b78e: 4604 mov r4, r0 + 800b790: 4688 mov r8, r1 + 800b792: 4616 mov r6, r2 + 800b794: 461d mov r5, r3 + while (__HAL_I2C_GET_FLAG(hi2c, Flag) == Status) + 800b796: 6822 ldr r2, [r4, #0] + 800b798: 6993 ldr r3, [r2, #24] + 800b79a: ea38 0303 bics.w r3, r8, r3 + 800b79e: bf0c ite eq + 800b7a0: 2301 moveq r3, #1 + 800b7a2: 2300 movne r3, #0 + 800b7a4: 42b3 cmp r3, r6 + 800b7a6: d001 beq.n 800b7ac + return HAL_OK; + 800b7a8: 2000 movs r0, #0 + 800b7aa: e015 b.n 800b7d8 + if (Timeout != HAL_MAX_DELAY) + 800b7ac: 1c6b adds r3, r5, #1 + 800b7ae: d0f3 beq.n 800b798 + if (((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 800b7b0: f7fb fc86 bl 80070c0 + 800b7b4: 1bc0 subs r0, r0, r7 + 800b7b6: 42a8 cmp r0, r5 + 800b7b8: d801 bhi.n 800b7be + 800b7ba: 2d00 cmp r5, #0 + 800b7bc: d1eb bne.n 800b796 + hi2c->ErrorCode |= HAL_I2C_ERROR_TIMEOUT; + 800b7be: 6c63 ldr r3, [r4, #68] ; 0x44 + 800b7c0: f043 0320 orr.w r3, r3, #32 + 800b7c4: 6463 str r3, [r4, #68] ; 0x44 + hi2c->State = HAL_I2C_STATE_READY; + 800b7c6: 2320 movs r3, #32 + 800b7c8: f884 3041 strb.w r3, [r4, #65] ; 0x41 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800b7cc: 2300 movs r3, #0 + 800b7ce: f884 3042 strb.w r3, [r4, #66] ; 0x42 + __HAL_UNLOCK(hi2c); + 800b7d2: f884 3040 strb.w r3, [r4, #64] ; 0x40 + 800b7d6: 2001 movs r0, #1 +} + 800b7d8: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + +0800b7dc : +{ + 800b7dc: b570 push {r4, r5, r6, lr} + 800b7de: 4604 mov r4, r0 + 800b7e0: 460d mov r5, r1 + 800b7e2: 4616 mov r6, r2 + while (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_STOPF) == RESET) + 800b7e4: 6823 ldr r3, [r4, #0] + 800b7e6: 699b ldr r3, [r3, #24] + 800b7e8: 069b lsls r3, r3, #26 + 800b7ea: d501 bpl.n 800b7f0 + return HAL_OK; + 800b7ec: 2000 movs r0, #0 +} + 800b7ee: bd70 pop {r4, r5, r6, pc} + if (I2C_IsAcknowledgeFailed(hi2c, Timeout, Tickstart) != HAL_OK) + 800b7f0: 4632 mov r2, r6 + 800b7f2: 4629 mov r1, r5 + 800b7f4: 4620 mov r0, r4 + 800b7f6: f7ff ff85 bl 800b704 + 800b7fa: b990 cbnz r0, 800b822 + if (((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 800b7fc: f7fb fc60 bl 80070c0 + 800b800: 1b80 subs r0, r0, r6 + 800b802: 42a8 cmp r0, r5 + 800b804: d801 bhi.n 800b80a + 800b806: 2d00 cmp r5, #0 + 800b808: d1ec bne.n 800b7e4 + hi2c->ErrorCode |= HAL_I2C_ERROR_TIMEOUT; + 800b80a: 6c63 ldr r3, [r4, #68] ; 0x44 + 800b80c: f043 0320 orr.w r3, r3, #32 + 800b810: 6463 str r3, [r4, #68] ; 0x44 + hi2c->State = HAL_I2C_STATE_READY; + 800b812: 2320 movs r3, #32 + 800b814: f884 3041 strb.w r3, [r4, #65] ; 0x41 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800b818: 2300 movs r3, #0 + 800b81a: f884 3042 strb.w r3, [r4, #66] ; 0x42 + __HAL_UNLOCK(hi2c); + 800b81e: f884 3040 strb.w r3, [r4, #64] ; 0x40 + return HAL_ERROR; + 800b822: 2001 movs r0, #1 + 800b824: e7e3 b.n 800b7ee + +0800b826 : +} + 800b826: 4770 bx lr + +0800b828 : +{ + 800b828: b510 push {r4, lr} + if (hi2c == NULL) + 800b82a: 4604 mov r4, r0 + 800b82c: 2800 cmp r0, #0 + 800b82e: d04a beq.n 800b8c6 + if (hi2c->State == HAL_I2C_STATE_RESET) + 800b830: f890 3041 ldrb.w r3, [r0, #65] ; 0x41 + 800b834: f003 02ff and.w r2, r3, #255 ; 0xff + 800b838: b91b cbnz r3, 800b842 + hi2c->Lock = HAL_UNLOCKED; + 800b83a: f880 2040 strb.w r2, [r0, #64] ; 0x40 + HAL_I2C_MspInit(hi2c); + 800b83e: f7ff fff2 bl 800b826 + hi2c->State = HAL_I2C_STATE_BUSY; + 800b842: 2324 movs r3, #36 ; 0x24 + 800b844: f884 3041 strb.w r3, [r4, #65] ; 0x41 + __HAL_I2C_DISABLE(hi2c); + 800b848: 6823 ldr r3, [r4, #0] + 800b84a: 681a ldr r2, [r3, #0] + 800b84c: f022 0201 bic.w r2, r2, #1 + 800b850: 601a str r2, [r3, #0] + hi2c->Instance->TIMINGR = hi2c->Init.Timing & TIMING_CLEAR_MASK; + 800b852: 6862 ldr r2, [r4, #4] + 800b854: f022 6270 bic.w r2, r2, #251658240 ; 0xf000000 + 800b858: 611a str r2, [r3, #16] + hi2c->Instance->OAR1 &= ~I2C_OAR1_OA1EN; + 800b85a: 689a ldr r2, [r3, #8] + 800b85c: f422 4200 bic.w r2, r2, #32768 ; 0x8000 + 800b860: 609a str r2, [r3, #8] + hi2c->Instance->OAR1 = (I2C_OAR1_OA1EN | hi2c->Init.OwnAddress1); + 800b862: e9d4 2102 ldrd r2, r1, [r4, #8] + if (hi2c->Init.AddressingMode == I2C_ADDRESSINGMODE_7BIT) + 800b866: 2901 cmp r1, #1 + 800b868: d124 bne.n 800b8b4 + hi2c->Instance->OAR1 = (I2C_OAR1_OA1EN | hi2c->Init.OwnAddress1); + 800b86a: f442 4200 orr.w r2, r2, #32768 ; 0x8000 + 800b86e: 609a str r2, [r3, #8] + hi2c->Instance->CR2 |= (I2C_CR2_AUTOEND | I2C_CR2_NACK); + 800b870: 685a ldr r2, [r3, #4] + 800b872: f042 7200 orr.w r2, r2, #33554432 ; 0x2000000 + 800b876: f442 4200 orr.w r2, r2, #32768 ; 0x8000 + 800b87a: 605a str r2, [r3, #4] + hi2c->Instance->OAR2 &= ~I2C_DUALADDRESS_ENABLE; + 800b87c: 68da ldr r2, [r3, #12] + 800b87e: f422 4200 bic.w r2, r2, #32768 ; 0x8000 + 800b882: 60da str r2, [r3, #12] + hi2c->Instance->OAR2 = (hi2c->Init.DualAddressMode | hi2c->Init.OwnAddress2 | (hi2c->Init.OwnAddress2Masks << 8)); + 800b884: e9d4 2104 ldrd r2, r1, [r4, #16] + 800b888: 430a orrs r2, r1 + 800b88a: 69a1 ldr r1, [r4, #24] + 800b88c: ea42 2201 orr.w r2, r2, r1, lsl #8 + 800b890: 60da str r2, [r3, #12] + hi2c->Instance->CR1 = (hi2c->Init.GeneralCallMode | hi2c->Init.NoStretchMode); + 800b892: e9d4 2107 ldrd r2, r1, [r4, #28] + 800b896: 430a orrs r2, r1 + 800b898: 601a str r2, [r3, #0] + __HAL_I2C_ENABLE(hi2c); + 800b89a: 681a ldr r2, [r3, #0] + 800b89c: f042 0201 orr.w r2, r2, #1 + 800b8a0: 601a str r2, [r3, #0] + hi2c->ErrorCode = HAL_I2C_ERROR_NONE; + 800b8a2: 2000 movs r0, #0 + hi2c->State = HAL_I2C_STATE_READY; + 800b8a4: 2320 movs r3, #32 + hi2c->ErrorCode = HAL_I2C_ERROR_NONE; + 800b8a6: 6460 str r0, [r4, #68] ; 0x44 + hi2c->State = HAL_I2C_STATE_READY; + 800b8a8: f884 3041 strb.w r3, [r4, #65] ; 0x41 + hi2c->PreviousState = I2C_STATE_NONE; + 800b8ac: 6320 str r0, [r4, #48] ; 0x30 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800b8ae: f884 0042 strb.w r0, [r4, #66] ; 0x42 +} + 800b8b2: bd10 pop {r4, pc} + hi2c->Instance->OAR1 = (I2C_OAR1_OA1EN | I2C_OAR1_OA1MODE | hi2c->Init.OwnAddress1); + 800b8b4: f442 4204 orr.w r2, r2, #33792 ; 0x8400 + if (hi2c->Init.AddressingMode == I2C_ADDRESSINGMODE_10BIT) + 800b8b8: 2902 cmp r1, #2 + hi2c->Instance->OAR1 = (I2C_OAR1_OA1EN | I2C_OAR1_OA1MODE | hi2c->Init.OwnAddress1); + 800b8ba: 609a str r2, [r3, #8] + hi2c->Instance->CR2 = (I2C_CR2_ADD10); + 800b8bc: bf04 itt eq + 800b8be: f44f 6200 moveq.w r2, #2048 ; 0x800 + 800b8c2: 605a streq r2, [r3, #4] + 800b8c4: e7d4 b.n 800b870 + return HAL_ERROR; + 800b8c6: 2001 movs r0, #1 + 800b8c8: e7f3 b.n 800b8b2 + +0800b8ca : + 800b8ca: 4770 bx lr + +0800b8cc : +{ + 800b8cc: e92d 47f3 stmdb sp!, {r0, r1, r4, r5, r6, r7, r8, r9, sl, lr} + 800b8d0: 4698 mov r8, r3 + if (hi2c->State == HAL_I2C_STATE_READY) + 800b8d2: f890 3041 ldrb.w r3, [r0, #65] ; 0x41 +{ + 800b8d6: 9f0a ldr r7, [sp, #40] ; 0x28 + if (hi2c->State == HAL_I2C_STATE_READY) + 800b8d8: 2b20 cmp r3, #32 +{ + 800b8da: 4604 mov r4, r0 + 800b8dc: 460e mov r6, r1 + 800b8de: 4691 mov r9, r2 + if (hi2c->State == HAL_I2C_STATE_READY) + 800b8e0: f040 80a3 bne.w 800ba2a + __HAL_LOCK(hi2c); + 800b8e4: f890 3040 ldrb.w r3, [r0, #64] ; 0x40 + 800b8e8: 2b01 cmp r3, #1 + 800b8ea: f000 809e beq.w 800ba2a + 800b8ee: f04f 0a01 mov.w sl, #1 + 800b8f2: f880 a040 strb.w sl, [r0, #64] ; 0x40 + tickstart = HAL_GetTick(); + 800b8f6: f7fb fbe3 bl 80070c0 + if (I2C_WaitOnFlagUntilTimeout(hi2c, I2C_FLAG_BUSY, SET, I2C_TIMEOUT_BUSY, tickstart) != HAL_OK) + 800b8fa: 2319 movs r3, #25 + tickstart = HAL_GetTick(); + 800b8fc: 4605 mov r5, r0 + if (I2C_WaitOnFlagUntilTimeout(hi2c, I2C_FLAG_BUSY, SET, I2C_TIMEOUT_BUSY, tickstart) != HAL_OK) + 800b8fe: 9000 str r0, [sp, #0] + 800b900: 4652 mov r2, sl + 800b902: f44f 4100 mov.w r1, #32768 ; 0x8000 + 800b906: 4620 mov r0, r4 + 800b908: f7ff ff3e bl 800b788 + 800b90c: b118 cbz r0, 800b916 + return HAL_ERROR; + 800b90e: 2001 movs r0, #1 +} + 800b910: b002 add sp, #8 + 800b912: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + hi2c->State = HAL_I2C_STATE_BUSY_TX; + 800b916: 2321 movs r3, #33 ; 0x21 + 800b918: f884 3041 strb.w r3, [r4, #65] ; 0x41 + hi2c->Mode = HAL_I2C_MODE_MASTER; + 800b91c: 2310 movs r3, #16 + 800b91e: f884 3042 strb.w r3, [r4, #66] ; 0x42 + hi2c->ErrorCode = HAL_I2C_ERROR_NONE; + 800b922: 6460 str r0, [r4, #68] ; 0x44 + hi2c->XferCount = Size; + 800b924: f8a4 802a strh.w r8, [r4, #42] ; 0x2a + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800b928: 8d63 ldrh r3, [r4, #42] ; 0x2a + hi2c->pBuffPtr = pData; + 800b92a: f8c4 9024 str.w r9, [r4, #36] ; 0x24 + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800b92e: b29b uxth r3, r3 + 800b930: 2bff cmp r3, #255 ; 0xff + hi2c->XferISR = NULL; + 800b932: 6360 str r0, [r4, #52] ; 0x34 + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800b934: 4b3e ldr r3, [pc, #248] ; (800ba30 ) + 800b936: d927 bls.n 800b988 + hi2c->XferSize = MAX_NBYTE_SIZE; + 800b938: 22ff movs r2, #255 ; 0xff + 800b93a: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_RELOAD_MODE, I2C_GENERATE_START_WRITE); + 800b93c: 9300 str r3, [sp, #0] + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_RELOAD_MODE, I2C_NO_STARTSTOP); + 800b93e: f04f 7380 mov.w r3, #16777216 ; 0x1000000 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800b942: 4631 mov r1, r6 + 800b944: 4620 mov r0, r4 + 800b946: f7ff fec9 bl 800b6dc + while (hi2c->XferCount > 0U) + 800b94a: 8d63 ldrh r3, [r4, #42] ; 0x2a + 800b94c: b29b uxth r3, r3 + 800b94e: 2b00 cmp r3, #0 + 800b950: d13e bne.n 800b9d0 + if (I2C_WaitOnSTOPFlagUntilTimeout(hi2c, Timeout, tickstart) != HAL_OK) + 800b952: 462a mov r2, r5 + 800b954: 4639 mov r1, r7 + 800b956: 4620 mov r0, r4 + 800b958: f7ff ff40 bl 800b7dc + 800b95c: 2800 cmp r0, #0 + 800b95e: d1d6 bne.n 800b90e + __HAL_I2C_CLEAR_FLAG(hi2c, I2C_FLAG_STOPF); + 800b960: 6823 ldr r3, [r4, #0] + 800b962: 2120 movs r1, #32 + 800b964: 61d9 str r1, [r3, #28] + I2C_RESET_CR2(hi2c); + 800b966: 685a ldr r2, [r3, #4] + 800b968: f022 72ff bic.w r2, r2, #33423360 ; 0x1fe0000 + 800b96c: f422 328b bic.w r2, r2, #71168 ; 0x11600 + 800b970: f422 72ff bic.w r2, r2, #510 ; 0x1fe + 800b974: f022 0201 bic.w r2, r2, #1 + 800b978: 605a str r2, [r3, #4] + hi2c->State = HAL_I2C_STATE_READY; + 800b97a: f884 1041 strb.w r1, [r4, #65] ; 0x41 + __HAL_UNLOCK(hi2c); + 800b97e: f884 0040 strb.w r0, [r4, #64] ; 0x40 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800b982: f884 0042 strb.w r0, [r4, #66] ; 0x42 + return HAL_OK; + 800b986: e7c3 b.n 800b910 + hi2c->XferSize = hi2c->XferCount; + 800b988: 8d62 ldrh r2, [r4, #42] ; 0x2a + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_GENERATE_START_WRITE); + 800b98a: 9300 str r3, [sp, #0] + hi2c->XferSize = hi2c->XferCount; + 800b98c: b292 uxth r2, r2 + 800b98e: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800b990: f04f 7300 mov.w r3, #33554432 ; 0x2000000 + 800b994: b2d2 uxtb r2, r2 + 800b996: e7d4 b.n 800b942 + if (I2C_IsAcknowledgeFailed(hi2c, Timeout, Tickstart) != HAL_OK) + 800b998: 462a mov r2, r5 + 800b99a: 4639 mov r1, r7 + 800b99c: 4620 mov r0, r4 + 800b99e: f7ff feb1 bl 800b704 + 800b9a2: 2800 cmp r0, #0 + 800b9a4: d1b3 bne.n 800b90e + if (Timeout != HAL_MAX_DELAY) + 800b9a6: 1c7a adds r2, r7, #1 + 800b9a8: d012 beq.n 800b9d0 + if (((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 800b9aa: f7fb fb89 bl 80070c0 + 800b9ae: 1b40 subs r0, r0, r5 + 800b9b0: 4287 cmp r7, r0 + 800b9b2: d300 bcc.n 800b9b6 + 800b9b4: b967 cbnz r7, 800b9d0 + hi2c->ErrorCode |= HAL_I2C_ERROR_TIMEOUT; + 800b9b6: 6c63 ldr r3, [r4, #68] ; 0x44 + 800b9b8: f043 0320 orr.w r3, r3, #32 + 800b9bc: 6463 str r3, [r4, #68] ; 0x44 + hi2c->State = HAL_I2C_STATE_READY; + 800b9be: 2320 movs r3, #32 + 800b9c0: f884 3041 strb.w r3, [r4, #65] ; 0x41 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800b9c4: 2300 movs r3, #0 + 800b9c6: f884 3042 strb.w r3, [r4, #66] ; 0x42 + __HAL_UNLOCK(hi2c); + 800b9ca: f884 3040 strb.w r3, [r4, #64] ; 0x40 + 800b9ce: e79e b.n 800b90e + while (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_TXIS) == RESET) + 800b9d0: 6822 ldr r2, [r4, #0] + 800b9d2: 6993 ldr r3, [r2, #24] + 800b9d4: 079b lsls r3, r3, #30 + 800b9d6: d5df bpl.n 800b998 + hi2c->Instance->TXDR = *hi2c->pBuffPtr; + 800b9d8: 6a63 ldr r3, [r4, #36] ; 0x24 + 800b9da: f813 1b01 ldrb.w r1, [r3], #1 + 800b9de: 6291 str r1, [r2, #40] ; 0x28 + hi2c->pBuffPtr++; + 800b9e0: 6263 str r3, [r4, #36] ; 0x24 + hi2c->XferCount--; + 800b9e2: 8d63 ldrh r3, [r4, #42] ; 0x2a + hi2c->XferSize--; + 800b9e4: 8d22 ldrh r2, [r4, #40] ; 0x28 + hi2c->XferCount--; + 800b9e6: 3b01 subs r3, #1 + 800b9e8: b29b uxth r3, r3 + 800b9ea: 8563 strh r3, [r4, #42] ; 0x2a + if ((hi2c->XferCount != 0U) && (hi2c->XferSize == 0U)) + 800b9ec: 8d63 ldrh r3, [r4, #42] ; 0x2a + hi2c->XferSize--; + 800b9ee: 3a01 subs r2, #1 + 800b9f0: b292 uxth r2, r2 + if ((hi2c->XferCount != 0U) && (hi2c->XferSize == 0U)) + 800b9f2: b29b uxth r3, r3 + hi2c->XferSize--; + 800b9f4: 8522 strh r2, [r4, #40] ; 0x28 + if ((hi2c->XferCount != 0U) && (hi2c->XferSize == 0U)) + 800b9f6: 2b00 cmp r3, #0 + 800b9f8: d0a7 beq.n 800b94a + 800b9fa: 2a00 cmp r2, #0 + 800b9fc: d1a5 bne.n 800b94a + if (I2C_WaitOnFlagUntilTimeout(hi2c, I2C_FLAG_TCR, RESET, Timeout, tickstart) != HAL_OK) + 800b9fe: 9500 str r5, [sp, #0] + 800ba00: 463b mov r3, r7 + 800ba02: 2180 movs r1, #128 ; 0x80 + 800ba04: 4620 mov r0, r4 + 800ba06: f7ff febf bl 800b788 + 800ba0a: 2800 cmp r0, #0 + 800ba0c: f47f af7f bne.w 800b90e + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800ba10: 8d63 ldrh r3, [r4, #42] ; 0x2a + 800ba12: b29b uxth r3, r3 + 800ba14: 2bff cmp r3, #255 ; 0xff + 800ba16: d903 bls.n 800ba20 + hi2c->XferSize = MAX_NBYTE_SIZE; + 800ba18: 22ff movs r2, #255 ; 0xff + 800ba1a: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_RELOAD_MODE, I2C_NO_STARTSTOP); + 800ba1c: 9000 str r0, [sp, #0] + 800ba1e: e78e b.n 800b93e + hi2c->XferSize = hi2c->XferCount; + 800ba20: 8d62 ldrh r2, [r4, #42] ; 0x2a + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800ba22: 9000 str r0, [sp, #0] + hi2c->XferSize = hi2c->XferCount; + 800ba24: b292 uxth r2, r2 + 800ba26: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800ba28: e7b2 b.n 800b990 + return HAL_BUSY; + 800ba2a: 2002 movs r0, #2 + 800ba2c: e770 b.n 800b910 + 800ba2e: bf00 nop + 800ba30: 80002000 .word 0x80002000 + +0800ba34 : +{ + 800ba34: e92d 47f3 stmdb sp!, {r0, r1, r4, r5, r6, r7, r8, r9, sl, lr} + 800ba38: 4698 mov r8, r3 + if (hi2c->State == HAL_I2C_STATE_READY) + 800ba3a: f890 3041 ldrb.w r3, [r0, #65] ; 0x41 +{ + 800ba3e: 9f0a ldr r7, [sp, #40] ; 0x28 + if (hi2c->State == HAL_I2C_STATE_READY) + 800ba40: 2b20 cmp r3, #32 +{ + 800ba42: 4604 mov r4, r0 + 800ba44: 460e mov r6, r1 + 800ba46: 4691 mov r9, r2 + if (hi2c->State == HAL_I2C_STATE_READY) + 800ba48: f040 80be bne.w 800bbc8 + __HAL_LOCK(hi2c); + 800ba4c: f890 3040 ldrb.w r3, [r0, #64] ; 0x40 + 800ba50: 2b01 cmp r3, #1 + 800ba52: f000 80b9 beq.w 800bbc8 + 800ba56: f04f 0a01 mov.w sl, #1 + 800ba5a: f880 a040 strb.w sl, [r0, #64] ; 0x40 + tickstart = HAL_GetTick(); + 800ba5e: f7fb fb2f bl 80070c0 + if (I2C_WaitOnFlagUntilTimeout(hi2c, I2C_FLAG_BUSY, SET, I2C_TIMEOUT_BUSY, tickstart) != HAL_OK) + 800ba62: 2319 movs r3, #25 + tickstart = HAL_GetTick(); + 800ba64: 4605 mov r5, r0 + if (I2C_WaitOnFlagUntilTimeout(hi2c, I2C_FLAG_BUSY, SET, I2C_TIMEOUT_BUSY, tickstart) != HAL_OK) + 800ba66: 9000 str r0, [sp, #0] + 800ba68: 4652 mov r2, sl + 800ba6a: f44f 4100 mov.w r1, #32768 ; 0x8000 + 800ba6e: 4620 mov r0, r4 + 800ba70: f7ff fe8a bl 800b788 + 800ba74: b118 cbz r0, 800ba7e + return HAL_ERROR; + 800ba76: 2001 movs r0, #1 +} + 800ba78: b002 add sp, #8 + 800ba7a: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + hi2c->State = HAL_I2C_STATE_BUSY_RX; + 800ba7e: 2322 movs r3, #34 ; 0x22 + 800ba80: f884 3041 strb.w r3, [r4, #65] ; 0x41 + hi2c->Mode = HAL_I2C_MODE_MASTER; + 800ba84: 2310 movs r3, #16 + 800ba86: f884 3042 strb.w r3, [r4, #66] ; 0x42 + hi2c->ErrorCode = HAL_I2C_ERROR_NONE; + 800ba8a: 6460 str r0, [r4, #68] ; 0x44 + hi2c->XferCount = Size; + 800ba8c: f8a4 802a strh.w r8, [r4, #42] ; 0x2a + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800ba90: 8d63 ldrh r3, [r4, #42] ; 0x2a + hi2c->pBuffPtr = pData; + 800ba92: f8c4 9024 str.w r9, [r4, #36] ; 0x24 + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800ba96: b29b uxth r3, r3 + 800ba98: 2bff cmp r3, #255 ; 0xff + hi2c->XferISR = NULL; + 800ba9a: 6360 str r0, [r4, #52] ; 0x34 + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800ba9c: 4b4b ldr r3, [pc, #300] ; (800bbcc ) + 800ba9e: d909 bls.n 800bab4 + hi2c->XferSize = MAX_NBYTE_SIZE; + 800baa0: 22ff movs r2, #255 ; 0xff + 800baa2: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_RELOAD_MODE, I2C_GENERATE_START_READ); + 800baa4: 9300 str r3, [sp, #0] + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_RELOAD_MODE, I2C_NO_STARTSTOP); + 800baa6: f04f 7380 mov.w r3, #16777216 ; 0x1000000 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800baaa: 4631 mov r1, r6 + 800baac: 4620 mov r0, r4 + 800baae: f7ff fe15 bl 800b6dc + 800bab2: e052 b.n 800bb5a + hi2c->XferSize = hi2c->XferCount; + 800bab4: 8d62 ldrh r2, [r4, #42] ; 0x2a + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_GENERATE_START_READ); + 800bab6: 9300 str r3, [sp, #0] + hi2c->XferSize = hi2c->XferCount; + 800bab8: b292 uxth r2, r2 + 800baba: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800babc: f04f 7300 mov.w r3, #33554432 ; 0x2000000 + 800bac0: b2d2 uxtb r2, r2 + 800bac2: e7f2 b.n 800baaa + __HAL_I2C_CLEAR_FLAG(hi2c, I2C_FLAG_STOPF); + 800bac4: 2120 movs r1, #32 + 800bac6: 61d9 str r1, [r3, #28] + I2C_RESET_CR2(hi2c); + 800bac8: 685a ldr r2, [r3, #4] + 800baca: f022 72ff bic.w r2, r2, #33423360 ; 0x1fe0000 + 800bace: f422 328b bic.w r2, r2, #71168 ; 0x11600 + 800bad2: f422 72ff bic.w r2, r2, #510 ; 0x1fe + 800bad6: f022 0201 bic.w r2, r2, #1 + 800bada: 605a str r2, [r3, #4] + hi2c->ErrorCode = HAL_I2C_ERROR_NONE; + 800badc: 2300 movs r3, #0 + 800bade: 6463 str r3, [r4, #68] ; 0x44 + hi2c->State = HAL_I2C_STATE_READY; + 800bae0: f884 1041 strb.w r1, [r4, #65] ; 0x41 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800bae4: f884 3042 strb.w r3, [r4, #66] ; 0x42 + __HAL_UNLOCK(hi2c); + 800bae8: f884 3040 strb.w r3, [r4, #64] ; 0x40 + 800baec: e7c3 b.n 800ba76 + if (((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 800baee: f7fb fae7 bl 80070c0 + 800baf2: 1b40 subs r0, r0, r5 + 800baf4: 4287 cmp r7, r0 + 800baf6: d300 bcc.n 800bafa + 800baf8: b947 cbnz r7, 800bb0c + hi2c->ErrorCode |= HAL_I2C_ERROR_TIMEOUT; + 800bafa: 6c63 ldr r3, [r4, #68] ; 0x44 + 800bafc: f043 0320 orr.w r3, r3, #32 + 800bb00: 6463 str r3, [r4, #68] ; 0x44 + hi2c->State = HAL_I2C_STATE_READY; + 800bb02: 2320 movs r3, #32 + 800bb04: f884 3041 strb.w r3, [r4, #65] ; 0x41 + __HAL_UNLOCK(hi2c); + 800bb08: 2300 movs r3, #0 + 800bb0a: e7ed b.n 800bae8 + while (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_RXNE) == RESET) + 800bb0c: 6823 ldr r3, [r4, #0] + 800bb0e: 699b ldr r3, [r3, #24] + 800bb10: 075b lsls r3, r3, #29 + 800bb12: d410 bmi.n 800bb36 + if (I2C_IsAcknowledgeFailed(hi2c, Timeout, Tickstart) != HAL_OK) + 800bb14: 462a mov r2, r5 + 800bb16: 4639 mov r1, r7 + 800bb18: 4620 mov r0, r4 + 800bb1a: f7ff fdf3 bl 800b704 + 800bb1e: 2800 cmp r0, #0 + 800bb20: d1a9 bne.n 800ba76 + if (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_STOPF) == SET) + 800bb22: 6823 ldr r3, [r4, #0] + 800bb24: 699a ldr r2, [r3, #24] + 800bb26: 0691 lsls r1, r2, #26 + 800bb28: d5e1 bpl.n 800baee + if ((__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_RXNE) == SET) && (hi2c->XferSize > 0U)) + 800bb2a: 699a ldr r2, [r3, #24] + 800bb2c: 0752 lsls r2, r2, #29 + 800bb2e: d5c9 bpl.n 800bac4 + 800bb30: 8d22 ldrh r2, [r4, #40] ; 0x28 + 800bb32: 2a00 cmp r2, #0 + 800bb34: d0c6 beq.n 800bac4 + *hi2c->pBuffPtr = (uint8_t)hi2c->Instance->RXDR; + 800bb36: 6823 ldr r3, [r4, #0] + 800bb38: 6a5a ldr r2, [r3, #36] ; 0x24 + 800bb3a: 6a63 ldr r3, [r4, #36] ; 0x24 + 800bb3c: 701a strb r2, [r3, #0] + hi2c->pBuffPtr++; + 800bb3e: 6a63 ldr r3, [r4, #36] ; 0x24 + hi2c->XferSize--; + 800bb40: 8d22 ldrh r2, [r4, #40] ; 0x28 + hi2c->pBuffPtr++; + 800bb42: 3301 adds r3, #1 + 800bb44: 6263 str r3, [r4, #36] ; 0x24 + hi2c->XferCount--; + 800bb46: 8d63 ldrh r3, [r4, #42] ; 0x2a + 800bb48: 3b01 subs r3, #1 + 800bb4a: b29b uxth r3, r3 + 800bb4c: 8563 strh r3, [r4, #42] ; 0x2a + if ((hi2c->XferCount != 0U) && (hi2c->XferSize == 0U)) + 800bb4e: 8d63 ldrh r3, [r4, #42] ; 0x2a + hi2c->XferSize--; + 800bb50: 3a01 subs r2, #1 + 800bb52: b292 uxth r2, r2 + if ((hi2c->XferCount != 0U) && (hi2c->XferSize == 0U)) + 800bb54: b29b uxth r3, r3 + hi2c->XferSize--; + 800bb56: 8522 strh r2, [r4, #40] ; 0x28 + if ((hi2c->XferCount != 0U) && (hi2c->XferSize == 0U)) + 800bb58: b9f3 cbnz r3, 800bb98 + while (hi2c->XferCount > 0U) + 800bb5a: 8d63 ldrh r3, [r4, #42] ; 0x2a + 800bb5c: b29b uxth r3, r3 + 800bb5e: 2b00 cmp r3, #0 + 800bb60: d1d4 bne.n 800bb0c + if (I2C_WaitOnSTOPFlagUntilTimeout(hi2c, Timeout, tickstart) != HAL_OK) + 800bb62: 462a mov r2, r5 + 800bb64: 4639 mov r1, r7 + 800bb66: 4620 mov r0, r4 + 800bb68: f7ff fe38 bl 800b7dc + 800bb6c: 2800 cmp r0, #0 + 800bb6e: d182 bne.n 800ba76 + __HAL_I2C_CLEAR_FLAG(hi2c, I2C_FLAG_STOPF); + 800bb70: 6823 ldr r3, [r4, #0] + 800bb72: 2120 movs r1, #32 + 800bb74: 61d9 str r1, [r3, #28] + I2C_RESET_CR2(hi2c); + 800bb76: 685a ldr r2, [r3, #4] + 800bb78: f022 72ff bic.w r2, r2, #33423360 ; 0x1fe0000 + 800bb7c: f422 328b bic.w r2, r2, #71168 ; 0x11600 + 800bb80: f422 72ff bic.w r2, r2, #510 ; 0x1fe + 800bb84: f022 0201 bic.w r2, r2, #1 + 800bb88: 605a str r2, [r3, #4] + hi2c->State = HAL_I2C_STATE_READY; + 800bb8a: f884 1041 strb.w r1, [r4, #65] ; 0x41 + __HAL_UNLOCK(hi2c); + 800bb8e: f884 0040 strb.w r0, [r4, #64] ; 0x40 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800bb92: f884 0042 strb.w r0, [r4, #66] ; 0x42 + return HAL_OK; + 800bb96: e76f b.n 800ba78 + if ((hi2c->XferCount != 0U) && (hi2c->XferSize == 0U)) + 800bb98: 2a00 cmp r2, #0 + 800bb9a: d1de bne.n 800bb5a + if (I2C_WaitOnFlagUntilTimeout(hi2c, I2C_FLAG_TCR, RESET, Timeout, tickstart) != HAL_OK) + 800bb9c: 9500 str r5, [sp, #0] + 800bb9e: 463b mov r3, r7 + 800bba0: 2180 movs r1, #128 ; 0x80 + 800bba2: 4620 mov r0, r4 + 800bba4: f7ff fdf0 bl 800b788 + 800bba8: 2800 cmp r0, #0 + 800bbaa: f47f af64 bne.w 800ba76 + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800bbae: 8d63 ldrh r3, [r4, #42] ; 0x2a + 800bbb0: b29b uxth r3, r3 + 800bbb2: 2bff cmp r3, #255 ; 0xff + 800bbb4: d903 bls.n 800bbbe + hi2c->XferSize = MAX_NBYTE_SIZE; + 800bbb6: 22ff movs r2, #255 ; 0xff + 800bbb8: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_RELOAD_MODE, I2C_NO_STARTSTOP); + 800bbba: 9000 str r0, [sp, #0] + 800bbbc: e773 b.n 800baa6 + hi2c->XferSize = hi2c->XferCount; + 800bbbe: 8d62 ldrh r2, [r4, #42] ; 0x2a + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800bbc0: 9000 str r0, [sp, #0] + hi2c->XferSize = hi2c->XferCount; + 800bbc2: b292 uxth r2, r2 + 800bbc4: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800bbc6: e779 b.n 800babc + return HAL_BUSY; + 800bbc8: 2002 movs r0, #2 + 800bbca: e755 b.n 800ba78 + 800bbcc: 80002400 .word 0x80002400 + +0800bbd0 : + * @param hsd Pointer to SD handle + * @param pSCR pointer to the buffer that will contain the SCR value + * @retval error state + */ +static uint32_t SD_FindSCR(SD_HandleTypeDef *hsd, uint32_t *pSCR) +{ + 800bbd0: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 800bbd4: b086 sub sp, #24 + 800bbd6: 4605 mov r5, r0 + 800bbd8: 4688 mov r8, r1 + SDMMC_DataInitTypeDef config; + uint32_t errorstate; + uint32_t tickstart = HAL_GetTick(); + 800bbda: f7fb fa71 bl 80070c0 + uint32_t index = 0U; + uint32_t tempscr[2U] = {0UL, 0UL}; + uint32_t *scr = pSCR; + + /* Set Block Size To 8 Bytes */ + errorstate = SDMMC_CmdBlockLength(hsd->Instance, 8U); + 800bbde: 2108 movs r1, #8 + uint32_t tickstart = HAL_GetTick(); + 800bbe0: 4681 mov r9, r0 + errorstate = SDMMC_CmdBlockLength(hsd->Instance, 8U); + 800bbe2: 6828 ldr r0, [r5, #0] + 800bbe4: f001 f996 bl 800cf14 + if(errorstate != HAL_SD_ERROR_NONE) + 800bbe8: 4604 mov r4, r0 + 800bbea: bb48 cbnz r0, 800bc40 + { + return errorstate; + } + + /* Send CMD55 APP_CMD with argument as card's RCA */ + errorstate = SDMMC_CmdAppCommand(hsd->Instance, (uint32_t)((hsd->SdCard.RelCardAdd) << 16U)); + 800bbec: 6ca9 ldr r1, [r5, #72] ; 0x48 + 800bbee: 6828 ldr r0, [r5, #0] + 800bbf0: 0409 lsls r1, r1, #16 + 800bbf2: f001 fac8 bl 800d186 + if(errorstate != HAL_SD_ERROR_NONE) + 800bbf6: 4604 mov r4, r0 + 800bbf8: bb10 cbnz r0, 800bc40 + { + return errorstate; + } + + config.DataTimeOut = SDMMC_DATATIMEOUT; + config.DataLength = 8U; + 800bbfa: f04f 30ff mov.w r0, #4294967295 ; 0xffffffff + 800bbfe: 2308 movs r3, #8 + 800bc00: e9cd 0300 strd r0, r3, [sp] + config.DataBlockSize = SDMMC_DATABLOCK_SIZE_8B; + config.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800bc04: 2630 movs r6, #48 ; 0x30 + 800bc06: 2302 movs r3, #2 + 800bc08: e9cd 6302 strd r6, r3, [sp, #8] + config.TransferMode = SDMMC_TRANSFER_MODE_BLOCK; + config.DPSM = SDMMC_DPSM_ENABLE; + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800bc0c: 4669 mov r1, sp + config.DPSM = SDMMC_DPSM_ENABLE; + 800bc0e: 2301 movs r3, #1 + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800bc10: 6828 ldr r0, [r5, #0] + config.TransferMode = SDMMC_TRANSFER_MODE_BLOCK; + 800bc12: 9404 str r4, [sp, #16] + config.DPSM = SDMMC_DPSM_ENABLE; + 800bc14: 9305 str r3, [sp, #20] + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800bc16: f001 f8a1 bl 800cd5c + + /* Send ACMD51 SD_APP_SEND_SCR with argument as 0 */ + errorstate = SDMMC_CmdSendSCR(hsd->Instance); + 800bc1a: 6828 ldr r0, [r5, #0] + 800bc1c: f001 fae7 bl 800d1ee + if(errorstate != HAL_SD_ERROR_NONE) + 800bc20: 4604 mov r4, r0 + 800bc22: b968 cbnz r0, 800bc40 + uint32_t tempscr[2U] = {0UL, 0UL}; + 800bc24: 4607 mov r7, r0 + 800bc26: 4606 mov r6, r0 + { + return errorstate; + } + +#if defined(STM32L4P5xx) || defined(STM32L4Q5xx) || defined(STM32L4R5xx) || defined(STM32L4R7xx) || defined(STM32L4R9xx) || defined(STM32L4S5xx) || defined(STM32L4S7xx) || defined(STM32L4S9xx) + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DBCKEND | SDMMC_FLAG_DATAEND)) + 800bc28: f240 5a2a movw sl, #1322 ; 0x52a + 800bc2c: 6828 ldr r0, [r5, #0] + 800bc2e: 6b42 ldr r2, [r0, #52] ; 0x34 + 800bc30: ea12 0f0a tst.w r2, sl + { + if((!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXFIFOE)) && (index == 0U)) + 800bc34: 6b42 ldr r2, [r0, #52] ; 0x34 + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DBCKEND | SDMMC_FLAG_DATAEND)) + 800bc36: d007 beq.n 800bc48 + return HAL_SD_ERROR_TIMEOUT; + } + } +#endif /* STM32L4P5xx || STM32L4Q5xx || STM32L4R5xx || STM32L4R7xx || STM32L4R9xx || STM32L4S5xx || STM32L4S7xx || STM32L4S9xx */ + + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DTIMEOUT)) + 800bc38: 0712 lsls r2, r2, #28 + 800bc3a: d519 bpl.n 800bc70 + { + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DTIMEOUT); + 800bc3c: 2408 movs r4, #8 + + return HAL_SD_ERROR_DATA_CRC_FAIL; + } + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + { + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800bc3e: 6384 str r4, [r0, #56] ; 0x38 + ((tempscr[0] & SDMMC_16TO23BITS) >> 8) | ((tempscr[0] & SDMMC_24TO31BITS) >> 24)); + + } + + return HAL_SD_ERROR_NONE; +} + 800bc40: 4620 mov r0, r4 + 800bc42: b006 add sp, #24 + 800bc44: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + if((!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXFIFOE)) && (index == 0U)) + 800bc48: 0311 lsls r1, r2, #12 + 800bc4a: d408 bmi.n 800bc5e + 800bc4c: b93c cbnz r4, 800bc5e + tempscr[0] = SDMMC_ReadFIFO(hsd->Instance); + 800bc4e: f001 f849 bl 800cce4 + 800bc52: 4606 mov r6, r0 + tempscr[1] = SDMMC_ReadFIFO(hsd->Instance); + 800bc54: 6828 ldr r0, [r5, #0] + 800bc56: f001 f845 bl 800cce4 + index++; + 800bc5a: 2401 movs r4, #1 + tempscr[1] = SDMMC_ReadFIFO(hsd->Instance); + 800bc5c: 4607 mov r7, r0 + if((HAL_GetTick() - tickstart) >= SDMMC_DATATIMEOUT) + 800bc5e: f7fb fa2f bl 80070c0 + 800bc62: eba0 0009 sub.w r0, r0, r9 + 800bc66: 3001 adds r0, #1 + 800bc68: d1e0 bne.n 800bc2c + return HAL_SD_ERROR_TIMEOUT; + 800bc6a: f04f 4400 mov.w r4, #2147483648 ; 0x80000000 + 800bc6e: e7e7 b.n 800bc40 + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DCRCFAIL)) + 800bc70: 6b42 ldr r2, [r0, #52] ; 0x34 + 800bc72: 0793 lsls r3, r2, #30 + 800bc74: d501 bpl.n 800bc7a + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DCRCFAIL); + 800bc76: 2402 movs r4, #2 + 800bc78: e7e1 b.n 800bc3e + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + 800bc7a: 6b44 ldr r4, [r0, #52] ; 0x34 + 800bc7c: f014 0420 ands.w r4, r4, #32 + 800bc80: d001 beq.n 800bc86 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800bc82: 2420 movs r4, #32 + 800bc84: e7db b.n 800bc3e + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_DATA_FLAGS); + 800bc86: 4a04 ldr r2, [pc, #16] ; (800bc98 ) + 800bc88: 6382 str r2, [r0, #56] ; 0x38 + *scr = (((tempscr[1] & SDMMC_0TO7BITS) << 24) | ((tempscr[1] & SDMMC_8TO15BITS) << 8) |\ + 800bc8a: ba3f rev r7, r7 + 800bc8c: ba36 rev r6, r6 + 800bc8e: f8c8 7000 str.w r7, [r8] + *scr = (((tempscr[0] & SDMMC_0TO7BITS) << 24) | ((tempscr[0] & SDMMC_8TO15BITS) << 8) |\ + 800bc92: f8c8 6004 str.w r6, [r8, #4] + return HAL_SD_ERROR_NONE; + 800bc96: e7d3 b.n 800bc40 + 800bc98: 18000f3a .word 0x18000f3a + +0800bc9c : + * of PLL to have SDMMCCK clock between 50 and 120 MHz + * @param hsd SD handle + * @retval SD Card error state + */ +static uint32_t SD_UltraHighSpeed(SD_HandleTypeDef *hsd) +{ + 800bc9c: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + uint32_t errorstate = HAL_SD_ERROR_NONE; + SDMMC_DataInitTypeDef sdmmc_datainitstructure; + uint32_t SD_hs[16] = {0}; + 800bca0: 2640 movs r6, #64 ; 0x40 +{ + 800bca2: b096 sub sp, #88 ; 0x58 + 800bca4: 4605 mov r5, r0 + uint32_t SD_hs[16] = {0}; + 800bca6: 4632 mov r2, r6 + 800bca8: 2100 movs r1, #0 + 800bcaa: a806 add r0, sp, #24 + 800bcac: f001 fcb0 bl 800d610 + uint32_t count, loop = 0 ; + uint32_t Timeout = HAL_GetTick(); + 800bcb0: f7fb fa06 bl 80070c0 + + if(hsd->SdCard.CardSpeed == CARD_NORMAL_SPEED) + 800bcb4: 6deb ldr r3, [r5, #92] ; 0x5c + uint32_t Timeout = HAL_GetTick(); + 800bcb6: 4680 mov r8, r0 + if(hsd->SdCard.CardSpeed == CARD_NORMAL_SPEED) + 800bcb8: 2b00 cmp r3, #0 + 800bcba: d067 beq.n 800bd8c + { + /* Standard Speed Card <= 12.5Mhz */ + return HAL_SD_ERROR_REQUEST_NOT_APPLICABLE; + } + + if((hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) && + 800bcbc: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800bcc0: d167 bne.n 800bd92 + 800bcc2: 69af ldr r7, [r5, #24] + 800bcc4: 2f01 cmp r7, #1 + 800bcc6: d164 bne.n 800bd92 + (hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE)) + { + /* Initialize the Data control register */ + hsd->Instance->DCTRL = 0; + 800bcc8: 6828 ldr r0, [r5, #0] + 800bcca: 2300 movs r3, #0 + 800bccc: 62c3 str r3, [r0, #44] ; 0x2c + errorstate = SDMMC_CmdBlockLength(hsd->Instance, 64U); + 800bcce: 4631 mov r1, r6 + 800bcd0: f001 f920 bl 800cf14 + + if (errorstate != HAL_SD_ERROR_NONE) + 800bcd4: 4604 mov r4, r0 + 800bcd6: 2800 cmp r0, #0 + 800bcd8: d13e bne.n 800bd58 + { + return errorstate; + } + + /* Configure the SD DPSM (Data Path State Machine) */ + sdmmc_datainitstructure.DataTimeOut = SDMMC_DATATIMEOUT; + 800bcda: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + sdmmc_datainitstructure.DataLength = 64U; + 800bcde: e9cd 3600 strd r3, r6, [sp] + sdmmc_datainitstructure.DataBlockSize = SDMMC_DATABLOCK_SIZE_64B ; + sdmmc_datainitstructure.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + sdmmc_datainitstructure.TransferMode = SDMMC_TRANSFER_MODE_BLOCK; + sdmmc_datainitstructure.DPSM = SDMMC_DPSM_ENABLE; + 800bce2: e9cd 0704 strd r0, r7, [sp, #16] + sdmmc_datainitstructure.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800bce6: 2660 movs r6, #96 ; 0x60 + 800bce8: 2302 movs r3, #2 + + if ( SDMMC_ConfigData(hsd->Instance, &sdmmc_datainitstructure) != HAL_OK) + 800bcea: 6828 ldr r0, [r5, #0] + 800bcec: 4669 mov r1, sp + sdmmc_datainitstructure.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800bcee: e9cd 6302 strd r6, r3, [sp, #8] + if ( SDMMC_ConfigData(hsd->Instance, &sdmmc_datainitstructure) != HAL_OK) + 800bcf2: f001 f833 bl 800cd5c + 800bcf6: 2800 cmp r0, #0 + 800bcf8: d14d bne.n 800bd96 + { + return (HAL_SD_ERROR_GENERAL_UNKNOWN_ERR); + } + + errorstate = SDMMC_CmdSwitch(hsd->Instance, SDMMC_SDR104_SWITCH_PATTERN); + 800bcfa: 492a ldr r1, [pc, #168] ; (800bda4 ) + 800bcfc: 6828 ldr r0, [r5, #0] + 800bcfe: f001 fa74 bl 800d1ea + if(errorstate != HAL_SD_ERROR_NONE) + 800bd02: 4604 mov r4, r0 + 800bd04: bb40 cbnz r0, 800bd58 + uint32_t count, loop = 0 ; + 800bd06: 4607 mov r7, r0 + { + return errorstate; + } + + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DBCKEND| SDMMC_FLAG_DATAEND )) + 800bd08: f240 592a movw r9, #1322 ; 0x52a + 800bd0c: 682b ldr r3, [r5, #0] + 800bd0e: 6b5e ldr r6, [r3, #52] ; 0x34 + 800bd10: ea16 0609 ands.w r6, r6, r9 + 800bd14: d005 beq.n 800bd22 + hsd->State= HAL_SD_STATE_READY; + return HAL_SD_ERROR_TIMEOUT; + } + } + + if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DTIMEOUT)) + 800bd16: 6b5a ldr r2, [r3, #52] ; 0x34 + 800bd18: 0711 lsls r1, r2, #28 + 800bd1a: d521 bpl.n 800bd60 + { + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DTIMEOUT); + 800bd1c: 2208 movs r2, #8 + 800bd1e: 639a str r2, [r3, #56] ; 0x38 + + return errorstate; + 800bd20: e01a b.n 800bd58 + if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXFIFOHF)) + 800bd22: 6b5b ldr r3, [r3, #52] ; 0x34 + 800bd24: 0418 lsls r0, r3, #16 + 800bd26: d50b bpl.n 800bd40 + 800bd28: ab06 add r3, sp, #24 + 800bd2a: eb03 1a47 add.w sl, r3, r7, lsl #5 + SD_hs[(8U*loop)+count] = SDMMC_ReadFIFO(hsd->Instance); + 800bd2e: 6828 ldr r0, [r5, #0] + 800bd30: f000 ffd8 bl 800cce4 + for (count = 0U; count < 8U; count++) + 800bd34: 3601 adds r6, #1 + 800bd36: 2e08 cmp r6, #8 + SD_hs[(8U*loop)+count] = SDMMC_ReadFIFO(hsd->Instance); + 800bd38: f84a 0b04 str.w r0, [sl], #4 + for (count = 0U; count < 8U; count++) + 800bd3c: d1f7 bne.n 800bd2e + loop ++; + 800bd3e: 3701 adds r7, #1 + if((HAL_GetTick()-Timeout) >= SDMMC_DATATIMEOUT) + 800bd40: f7fb f9be bl 80070c0 + 800bd44: eba0 0008 sub.w r0, r0, r8 + 800bd48: 3001 adds r0, #1 + 800bd4a: d1df bne.n 800bd0c + hsd->ErrorCode = HAL_SD_ERROR_TIMEOUT; + 800bd4c: f04f 4400 mov.w r4, #2147483648 ; 0x80000000 + hsd->State= HAL_SD_STATE_READY; + 800bd50: 2301 movs r3, #1 + hsd->ErrorCode = HAL_SD_ERROR_TIMEOUT; + 800bd52: 63ac str r4, [r5, #56] ; 0x38 + hsd->State= HAL_SD_STATE_READY; + 800bd54: f885 3034 strb.w r3, [r5, #52] ; 0x34 +#endif /* (DLYB_SDMMC1) || (DLYB_SDMMC2) */ + } + } + + return errorstate; +} + 800bd58: 4620 mov r0, r4 + 800bd5a: b016 add sp, #88 ; 0x58 + 800bd5c: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + else if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DCRCFAIL)) + 800bd60: 6b5a ldr r2, [r3, #52] ; 0x34 + 800bd62: 0792 lsls r2, r2, #30 + 800bd64: d502 bpl.n 800bd6c + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DCRCFAIL); + 800bd66: 2402 movs r4, #2 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800bd68: 639c str r4, [r3, #56] ; 0x38 + return errorstate; + 800bd6a: e7f5 b.n 800bd58 + else if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + 800bd6c: 6b5c ldr r4, [r3, #52] ; 0x34 + 800bd6e: f014 0420 ands.w r4, r4, #32 + 800bd72: d001 beq.n 800bd78 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800bd74: 2420 movs r4, #32 + 800bd76: e7f7 b.n 800bd68 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_DATA_FLAGS); + 800bd78: 4a0b ldr r2, [pc, #44] ; (800bda8 ) + 800bd7a: 639a str r2, [r3, #56] ; 0x38 + if ((((uint8_t*)SD_hs)[13] & 2U) != 2U) + 800bd7c: f89d 3025 ldrb.w r3, [sp, #37] ; 0x25 + 800bd80: 079b lsls r3, r3, #30 + 800bd82: d50b bpl.n 800bd9c + HAL_SDEx_DriveTransceiver_1_8V_Callback(SET); + 800bd84: 2001 movs r0, #1 + 800bd86: f7fb fa0b bl 80071a0 + 800bd8a: e7e5 b.n 800bd58 + return HAL_SD_ERROR_REQUEST_NOT_APPLICABLE; + 800bd8c: f04f 6480 mov.w r4, #67108864 ; 0x4000000 + 800bd90: e7e2 b.n 800bd58 + uint32_t errorstate = HAL_SD_ERROR_NONE; + 800bd92: 2400 movs r4, #0 + 800bd94: e7e0 b.n 800bd58 + return (HAL_SD_ERROR_GENERAL_UNKNOWN_ERR); + 800bd96: f44f 3480 mov.w r4, #65536 ; 0x10000 + 800bd9a: e7dd b.n 800bd58 + errorstate = SDMMC_ERROR_UNSUPPORTED_FEATURE; + 800bd9c: f04f 5480 mov.w r4, #268435456 ; 0x10000000 + 800bda0: e7da b.n 800bd58 + 800bda2: bf00 nop + 800bda4: 80ff1f03 .word 0x80ff1f03 + 800bda8: 18000f3a .word 0x18000f3a + +0800bdac : +} + 800bdac: 4770 bx lr + +0800bdae : + 800bdae: 4770 bx lr + +0800bdb0 : +{ + 800bdb0: b510 push {r4, lr} + if(hsd == NULL) + 800bdb2: 4604 mov r4, r0 + 800bdb4: b198 cbz r0, 800bdde + hsd->State = HAL_SD_STATE_BUSY; + 800bdb6: 2303 movs r3, #3 + 800bdb8: f880 3034 strb.w r3, [r0, #52] ; 0x34 + if(hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE) + 800bdbc: 6983 ldr r3, [r0, #24] + 800bdbe: 2b01 cmp r3, #1 + 800bdc0: d102 bne.n 800bdc8 + HAL_SDEx_DriveTransceiver_1_8V_Callback(RESET); + 800bdc2: 2000 movs r0, #0 + 800bdc4: f7fb f9ec bl 80071a0 + (void)SDMMC_PowerState_OFF(hsd->Instance); + 800bdc8: 6820 ldr r0, [r4, #0] + 800bdca: f000 ffa3 bl 800cd14 + HAL_SD_MspDeInit(hsd); + 800bdce: 4620 mov r0, r4 + 800bdd0: f7ff ffed bl 800bdae + hsd->ErrorCode = HAL_SD_ERROR_NONE; + 800bdd4: 2000 movs r0, #0 + 800bdd6: 63a0 str r0, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_RESET; + 800bdd8: f884 0034 strb.w r0, [r4, #52] ; 0x34 +} + 800bddc: bd10 pop {r4, pc} + return HAL_ERROR; + 800bdde: 2001 movs r0, #1 + 800bde0: e7fc b.n 800bddc + ... + +0800bde4 : +{ + 800bde4: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 800bde8: b087 sub sp, #28 + 800bdea: 4604 mov r4, r0 + 800bdec: 460e mov r6, r1 + 800bdee: 4692 mov sl, r2 + 800bdf0: 461f mov r7, r3 + uint32_t tickstart = HAL_GetTick(); + 800bdf2: f7fb f965 bl 80070c0 + 800bdf6: 4681 mov r9, r0 + if(NULL == pData) + 800bdf8: b936 cbnz r6, 800be08 + hsd->ErrorCode |= HAL_SD_ERROR_PARAM; + 800bdfa: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800bdfc: f043 6300 orr.w r3, r3, #134217728 ; 0x8000000 + hsd->ErrorCode |= HAL_SD_ERROR_BUSY; + 800be00: 63a3 str r3, [r4, #56] ; 0x38 + return HAL_ERROR; + 800be02: f04f 0801 mov.w r8, #1 + 800be06: e011 b.n 800be2c + if(hsd->State == HAL_SD_STATE_READY) + 800be08: f894 3034 ldrb.w r3, [r4, #52] ; 0x34 + 800be0c: 2b01 cmp r3, #1 + 800be0e: fa5f f883 uxtb.w r8, r3 + 800be12: f040 80c3 bne.w 800bf9c + if((add + NumberOfBlocks) > (hsd->SdCard.LogBlockNbr)) + 800be16: 6d62 ldr r2, [r4, #84] ; 0x54 + 800be18: eb0a 0307 add.w r3, sl, r7 + hsd->ErrorCode = HAL_SD_ERROR_NONE; + 800be1c: 2100 movs r1, #0 + if((add + NumberOfBlocks) > (hsd->SdCard.LogBlockNbr)) + 800be1e: 4293 cmp r3, r2 + hsd->ErrorCode = HAL_SD_ERROR_NONE; + 800be20: 63a1 str r1, [r4, #56] ; 0x38 + if((add + NumberOfBlocks) > (hsd->SdCard.LogBlockNbr)) + 800be22: d907 bls.n 800be34 + hsd->ErrorCode |= HAL_SD_ERROR_ADDR_OUT_OF_RANGE; + 800be24: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800be26: f043 7300 orr.w r3, r3, #33554432 ; 0x2000000 + 800be2a: 63a3 str r3, [r4, #56] ; 0x38 +} + 800be2c: 4640 mov r0, r8 + 800be2e: b007 add sp, #28 + 800be30: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + hsd->State = HAL_SD_STATE_BUSY; + 800be34: 2303 movs r3, #3 + 800be36: f884 3034 strb.w r3, [r4, #52] ; 0x34 + if(hsd->SdCard.CardType != CARD_SDHC_SDXC) + 800be3a: 6be3 ldr r3, [r4, #60] ; 0x3c + hsd->Instance->DCTRL = 0U; + 800be3c: 6820 ldr r0, [r4, #0] + if(hsd->SdCard.CardType != CARD_SDHC_SDXC) + 800be3e: 2b01 cmp r3, #1 + config.DataTimeOut = SDMMC_DATATIMEOUT; + 800be40: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 800be44: 9300 str r3, [sp, #0] + config.DataLength = NumberOfBlocks * BLOCKSIZE; + 800be46: ea4f 2347 mov.w r3, r7, lsl #9 + 800be4a: 9301 str r3, [sp, #4] + config.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800be4c: f04f 0502 mov.w r5, #2 + 800be50: f04f 0390 mov.w r3, #144 ; 0x90 + 800be54: e9cd 3502 strd r3, r5, [sp, #8] + hsd->Instance->DCTRL = 0U; + 800be58: 62c1 str r1, [r0, #44] ; 0x2c + config.TransferMode = SDMMC_TRANSFER_MODE_BLOCK; + 800be5a: f04f 0300 mov.w r3, #0 + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800be5e: 4669 mov r1, sp + config.DPSM = SDMMC_DPSM_DISABLE; + 800be60: e9cd 3304 strd r3, r3, [sp, #16] + add *= 512U; + 800be64: bf18 it ne + 800be66: ea4f 2a4a movne.w sl, sl, lsl #9 + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800be6a: f000 ff77 bl 800cd5c + __SDMMC_CMDTRANS_ENABLE( hsd->Instance); + 800be6e: 6820 ldr r0, [r4, #0] + 800be70: 68c3 ldr r3, [r0, #12] + if(NumberOfBlocks > 1U) + 800be72: 2f01 cmp r7, #1 + __SDMMC_CMDTRANS_ENABLE( hsd->Instance); + 800be74: f043 0340 orr.w r3, r3, #64 ; 0x40 + 800be78: 60c3 str r3, [r0, #12] + if(NumberOfBlocks > 1U) + 800be7a: d910 bls.n 800be9e + hsd->Context = SD_CONTEXT_READ_MULTIPLE_BLOCK; + 800be7c: 6325 str r5, [r4, #48] ; 0x30 + errorstate = SDMMC_CmdReadMultiBlock(hsd->Instance, add); + 800be7e: 4651 mov r1, sl + 800be80: f001 f87a bl 800cf78 + if(errorstate != HAL_SD_ERROR_NONE) + 800be84: b188 cbz r0, 800beaa + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800be86: 6823 ldr r3, [r4, #0] + 800be88: 4a46 ldr r2, [pc, #280] ; (800bfa4 ) + 800be8a: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= errorstate; + 800be8c: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800be8e: 4318 orrs r0, r3 + 800be90: 63a0 str r0, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800be92: 2301 movs r3, #1 + 800be94: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800be98: 2300 movs r3, #0 + 800be9a: 6323 str r3, [r4, #48] ; 0x30 + return HAL_ERROR; + 800be9c: e7c6 b.n 800be2c + hsd->Context = SD_CONTEXT_READ_SINGLE_BLOCK; + 800be9e: 2301 movs r3, #1 + 800bea0: 6323 str r3, [r4, #48] ; 0x30 + errorstate = SDMMC_CmdReadSingleBlock(hsd->Instance, add); + 800bea2: 4651 mov r1, sl + 800bea4: f001 f84f bl 800cf46 + 800bea8: e7ec b.n 800be84 + dataremaining = config.DataLength; + 800beaa: 9d01 ldr r5, [sp, #4] + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DATAEND)) + 800beac: 6820 ldr r0, [r4, #0] + 800beae: 6b43 ldr r3, [r0, #52] ; 0x34 + 800beb0: f413 7f95 tst.w r3, #298 ; 0x12a + 800beb4: d01b beq.n 800beee + __SDMMC_CMDTRANS_DISABLE( hsd->Instance); + 800beb6: 68c3 ldr r3, [r0, #12] + 800beb8: f023 0340 bic.w r3, r3, #64 ; 0x40 + 800bebc: 60c3 str r3, [r0, #12] + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DATAEND) && (NumberOfBlocks > 1U)) + 800bebe: 6b43 ldr r3, [r0, #52] ; 0x34 + 800bec0: 05db lsls r3, r3, #23 + 800bec2: d508 bpl.n 800bed6 + 800bec4: 2f01 cmp r7, #1 + 800bec6: d906 bls.n 800bed6 + if(hsd->SdCard.CardType != CARD_SECURED) + 800bec8: 6be3 ldr r3, [r4, #60] ; 0x3c + 800beca: 2b03 cmp r3, #3 + 800becc: d003 beq.n 800bed6 + errorstate = SDMMC_CmdStopTransfer(hsd->Instance); + 800bece: f001 f91b bl 800d108 + if(errorstate != HAL_SD_ERROR_NONE) + 800bed2: 2800 cmp r0, #0 + 800bed4: d1d7 bne.n 800be86 + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DTIMEOUT)) + 800bed6: 6823 ldr r3, [r4, #0] + 800bed8: 6b58 ldr r0, [r3, #52] ; 0x34 + 800beda: f010 0008 ands.w r0, r0, #8 + 800bede: d038 beq.n 800bf52 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800bee0: 4a30 ldr r2, [pc, #192] ; (800bfa4 ) + 800bee2: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_DATA_TIMEOUT; + 800bee4: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800bee6: f043 0308 orr.w r3, r3, #8 + 800beea: 63a3 str r3, [r4, #56] ; 0x38 + 800beec: e7d1 b.n 800be92 + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXFIFOHF) && (dataremaining > 0U)) + 800beee: 6b43 ldr r3, [r0, #52] ; 0x34 + 800bef0: 041a lsls r2, r3, #16 + 800bef2: d518 bpl.n 800bf26 + 800bef4: b1bd cbz r5, 800bf26 + 800bef6: f106 0a04 add.w sl, r6, #4 + 800befa: f106 0b24 add.w fp, r6, #36 ; 0x24 + data = SDMMC_ReadFIFO(hsd->Instance); + 800befe: 6820 ldr r0, [r4, #0] + 800bf00: f000 fef0 bl 800cce4 + *tempbuff = (uint8_t)((data >> 8U) & 0xFFU); + 800bf04: 0a02 lsrs r2, r0, #8 + 800bf06: f80a 2c03 strb.w r2, [sl, #-3] + *tempbuff = (uint8_t)((data >> 16U) & 0xFFU); + 800bf0a: 0c02 lsrs r2, r0, #16 + 800bf0c: f80a 2c02 strb.w r2, [sl, #-2] + *tempbuff = (uint8_t)((data >> 24U) & 0xFFU); + 800bf10: 0e02 lsrs r2, r0, #24 + *tempbuff = (uint8_t)(data & 0xFFU); + 800bf12: f80a 0c04 strb.w r0, [sl, #-4] + *tempbuff = (uint8_t)((data >> 24U) & 0xFFU); + 800bf16: f80a 2c01 strb.w r2, [sl, #-1] + for(count = 0U; count < 8U; count++) + 800bf1a: f10a 0a04 add.w sl, sl, #4 + 800bf1e: 45d3 cmp fp, sl + 800bf20: d1ed bne.n 800befe + tempbuff++; + 800bf22: 3620 adds r6, #32 + dataremaining--; + 800bf24: 3d20 subs r5, #32 + if(((HAL_GetTick()-tickstart) >= Timeout) || (Timeout == 0U)) + 800bf26: f7fb f8cb bl 80070c0 + 800bf2a: 9b10 ldr r3, [sp, #64] ; 0x40 + 800bf2c: eba0 0009 sub.w r0, r0, r9 + 800bf30: 4298 cmp r0, r3 + 800bf32: d3bb bcc.n 800beac + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800bf34: 6823 ldr r3, [r4, #0] + 800bf36: 4a1b ldr r2, [pc, #108] ; (800bfa4 ) + 800bf38: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_TIMEOUT; + 800bf3a: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800bf3c: f043 4300 orr.w r3, r3, #2147483648 ; 0x80000000 + 800bf40: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State= HAL_SD_STATE_READY; + 800bf42: 2301 movs r3, #1 + 800bf44: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800bf48: 2300 movs r3, #0 + 800bf4a: 6323 str r3, [r4, #48] ; 0x30 + return HAL_TIMEOUT; + 800bf4c: f04f 0803 mov.w r8, #3 + 800bf50: e76c b.n 800be2c + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DCRCFAIL)) + 800bf52: 6b59 ldr r1, [r3, #52] ; 0x34 + 800bf54: f011 0102 ands.w r1, r1, #2 + 800bf58: d00a beq.n 800bf70 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800bf5a: 4a12 ldr r2, [pc, #72] ; (800bfa4 ) + 800bf5c: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_DATA_CRC_FAIL; + 800bf5e: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800bf60: f043 0302 orr.w r3, r3, #2 + 800bf64: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800bf66: 2301 movs r3, #1 + 800bf68: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800bf6c: 6320 str r0, [r4, #48] ; 0x30 + return HAL_ERROR; + 800bf6e: e75d b.n 800be2c + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + 800bf70: 6b5a ldr r2, [r3, #52] ; 0x34 + 800bf72: f012 0220 ands.w r2, r2, #32 + 800bf76: d00a beq.n 800bf8e + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800bf78: 4a0a ldr r2, [pc, #40] ; (800bfa4 ) + 800bf7a: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_RX_OVERRUN; + 800bf7c: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800bf7e: f043 0320 orr.w r3, r3, #32 + 800bf82: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800bf84: 2301 movs r3, #1 + 800bf86: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800bf8a: 6321 str r1, [r4, #48] ; 0x30 + return HAL_ERROR; + 800bf8c: e74e b.n 800be2c + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_DATA_FLAGS); + 800bf8e: 4906 ldr r1, [pc, #24] ; (800bfa8 ) + 800bf90: 6399 str r1, [r3, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800bf92: 2301 movs r3, #1 + 800bf94: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_OK; + 800bf98: 4690 mov r8, r2 + 800bf9a: e747 b.n 800be2c + hsd->ErrorCode |= HAL_SD_ERROR_BUSY; + 800bf9c: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800bf9e: f043 5300 orr.w r3, r3, #536870912 ; 0x20000000 + 800bfa2: e72d b.n 800be00 + 800bfa4: 1fe00fff .word 0x1fe00fff + 800bfa8: 18000f3a .word 0x18000f3a + +0800bfac : +{ + 800bfac: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 800bfb0: b089 sub sp, #36 ; 0x24 + 800bfb2: 4604 mov r4, r0 + 800bfb4: 460d mov r5, r1 + 800bfb6: 4692 mov sl, r2 + 800bfb8: 461f mov r7, r3 + uint32_t tickstart = HAL_GetTick(); + 800bfba: f7fb f881 bl 80070c0 + 800bfbe: 4681 mov r9, r0 + if(NULL == pData) + 800bfc0: b935 cbnz r5, 800bfd0 + hsd->ErrorCode |= HAL_SD_ERROR_PARAM; + 800bfc2: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800bfc4: f043 6300 orr.w r3, r3, #134217728 ; 0x8000000 + hsd->ErrorCode |= HAL_SD_ERROR_BUSY; + 800bfc8: 63a3 str r3, [r4, #56] ; 0x38 + return HAL_ERROR; + 800bfca: f04f 0801 mov.w r8, #1 + 800bfce: e011 b.n 800bff4 + if(hsd->State == HAL_SD_STATE_READY) + 800bfd0: f894 3034 ldrb.w r3, [r4, #52] ; 0x34 + 800bfd4: 2b01 cmp r3, #1 + 800bfd6: fa5f f883 uxtb.w r8, r3 + 800bfda: f040 80b4 bne.w 800c146 + if((add + NumberOfBlocks) > (hsd->SdCard.LogBlockNbr)) + 800bfde: 6d62 ldr r2, [r4, #84] ; 0x54 + 800bfe0: eb0a 0307 add.w r3, sl, r7 + hsd->ErrorCode = HAL_SD_ERROR_NONE; + 800bfe4: 2100 movs r1, #0 + if((add + NumberOfBlocks) > (hsd->SdCard.LogBlockNbr)) + 800bfe6: 4293 cmp r3, r2 + hsd->ErrorCode = HAL_SD_ERROR_NONE; + 800bfe8: 63a1 str r1, [r4, #56] ; 0x38 + if((add + NumberOfBlocks) > (hsd->SdCard.LogBlockNbr)) + 800bfea: d907 bls.n 800bffc + hsd->ErrorCode |= HAL_SD_ERROR_ADDR_OUT_OF_RANGE; + 800bfec: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800bfee: f043 7300 orr.w r3, r3, #33554432 ; 0x2000000 + 800bff2: 63a3 str r3, [r4, #56] ; 0x38 +} + 800bff4: 4640 mov r0, r8 + 800bff6: b009 add sp, #36 ; 0x24 + 800bff8: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + hsd->State = HAL_SD_STATE_BUSY; + 800bffc: 2303 movs r3, #3 + 800bffe: f884 3034 strb.w r3, [r4, #52] ; 0x34 + if(hsd->SdCard.CardType != CARD_SDHC_SDXC) + 800c002: 6be3 ldr r3, [r4, #60] ; 0x3c + hsd->Instance->DCTRL = 0U; + 800c004: 6820 ldr r0, [r4, #0] + if(hsd->SdCard.CardType != CARD_SDHC_SDXC) + 800c006: 2b01 cmp r3, #1 + config.DataTimeOut = SDMMC_DATATIMEOUT; + 800c008: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 800c00c: 9302 str r3, [sp, #8] + config.DataLength = NumberOfBlocks * BLOCKSIZE; + 800c00e: ea4f 2347 mov.w r3, r7, lsl #9 + hsd->Instance->DCTRL = 0U; + 800c012: 62c1 str r1, [r0, #44] ; 0x2c + config.DataLength = NumberOfBlocks * BLOCKSIZE; + 800c014: 9303 str r3, [sp, #12] + config.TransferDir = SDMMC_TRANSFER_DIR_TO_CARD; + 800c016: f04f 0190 mov.w r1, #144 ; 0x90 + 800c01a: f04f 0300 mov.w r3, #0 + 800c01e: e9cd 1304 strd r1, r3, [sp, #16] + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800c022: a902 add r1, sp, #8 + config.DPSM = SDMMC_DPSM_DISABLE; + 800c024: e9cd 3306 strd r3, r3, [sp, #24] + add *= 512U; + 800c028: bf18 it ne + 800c02a: ea4f 2a4a movne.w sl, sl, lsl #9 + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800c02e: f000 fe95 bl 800cd5c + __SDMMC_CMDTRANS_ENABLE( hsd->Instance); + 800c032: 6820 ldr r0, [r4, #0] + 800c034: 68c3 ldr r3, [r0, #12] + if(NumberOfBlocks > 1U) + 800c036: 2f01 cmp r7, #1 + __SDMMC_CMDTRANS_ENABLE( hsd->Instance); + 800c038: f043 0340 orr.w r3, r3, #64 ; 0x40 + 800c03c: 60c3 str r3, [r0, #12] + if(NumberOfBlocks > 1U) + 800c03e: d911 bls.n 800c064 + hsd->Context = SD_CONTEXT_WRITE_MULTIPLE_BLOCK; + 800c040: 2320 movs r3, #32 + 800c042: 6323 str r3, [r4, #48] ; 0x30 + errorstate = SDMMC_CmdWriteMultiBlock(hsd->Instance, add); + 800c044: 4651 mov r1, sl + 800c046: f000 ffc9 bl 800cfdc + if(errorstate != HAL_SD_ERROR_NONE) + 800c04a: b188 cbz r0, 800c070 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c04c: 6823 ldr r3, [r4, #0] + 800c04e: 4a40 ldr r2, [pc, #256] ; (800c150 ) + 800c050: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= errorstate; + 800c052: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c054: 4318 orrs r0, r3 + 800c056: 63a0 str r0, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c058: 2301 movs r3, #1 + 800c05a: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800c05e: 2300 movs r3, #0 + 800c060: 6323 str r3, [r4, #48] ; 0x30 + return HAL_ERROR; + 800c062: e7c7 b.n 800bff4 + hsd->Context = SD_CONTEXT_WRITE_SINGLE_BLOCK; + 800c064: 2310 movs r3, #16 + 800c066: 6323 str r3, [r4, #48] ; 0x30 + errorstate = SDMMC_CmdWriteSingleBlock(hsd->Instance, add); + 800c068: 4651 mov r1, sl + 800c06a: f000 ff9e bl 800cfaa + 800c06e: e7ec b.n 800c04a + dataremaining = config.DataLength; + 800c070: 9e03 ldr r6, [sp, #12] + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_TXUNDERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DATAEND)) + 800c072: 6820 ldr r0, [r4, #0] + 800c074: 6b43 ldr r3, [r0, #52] ; 0x34 + 800c076: f413 7f8d tst.w r3, #282 ; 0x11a + 800c07a: d01b beq.n 800c0b4 + __SDMMC_CMDTRANS_DISABLE( hsd->Instance); + 800c07c: 68c3 ldr r3, [r0, #12] + 800c07e: f023 0340 bic.w r3, r3, #64 ; 0x40 + 800c082: 60c3 str r3, [r0, #12] + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DATAEND) && (NumberOfBlocks > 1U)) + 800c084: 6b43 ldr r3, [r0, #52] ; 0x34 + 800c086: 05db lsls r3, r3, #23 + 800c088: d508 bpl.n 800c09c + 800c08a: 2f01 cmp r7, #1 + 800c08c: d906 bls.n 800c09c + if(hsd->SdCard.CardType != CARD_SECURED) + 800c08e: 6be3 ldr r3, [r4, #60] ; 0x3c + 800c090: 2b03 cmp r3, #3 + 800c092: d003 beq.n 800c09c + errorstate = SDMMC_CmdStopTransfer(hsd->Instance); + 800c094: f001 f838 bl 800d108 + if(errorstate != HAL_SD_ERROR_NONE) + 800c098: 2800 cmp r0, #0 + 800c09a: d1d7 bne.n 800c04c + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DTIMEOUT)) + 800c09c: 6823 ldr r3, [r4, #0] + 800c09e: 6b58 ldr r0, [r3, #52] ; 0x34 + 800c0a0: f010 0008 ands.w r0, r0, #8 + 800c0a4: d02a beq.n 800c0fc + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c0a6: 4a2a ldr r2, [pc, #168] ; (800c150 ) + 800c0a8: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_DATA_TIMEOUT; + 800c0aa: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c0ac: f043 0308 orr.w r3, r3, #8 + 800c0b0: 63a3 str r3, [r4, #56] ; 0x38 + 800c0b2: e7d1 b.n 800c058 + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_TXFIFOHE) && (dataremaining > 0U)) + 800c0b4: 6b43 ldr r3, [r0, #52] ; 0x34 + 800c0b6: 045a lsls r2, r3, #17 + 800c0b8: d50c bpl.n 800c0d4 + 800c0ba: b15e cbz r6, 800c0d4 + 800c0bc: f105 0b20 add.w fp, r5, #32 + data |= ((uint32_t)(*tempbuff) << 24U); + 800c0c0: f855 3b04 ldr.w r3, [r5], #4 + (void)SDMMC_WriteFIFO(hsd->Instance, &data); + 800c0c4: 6820 ldr r0, [r4, #0] + data |= ((uint32_t)(*tempbuff) << 24U); + 800c0c6: 9301 str r3, [sp, #4] + (void)SDMMC_WriteFIFO(hsd->Instance, &data); + 800c0c8: a901 add r1, sp, #4 + 800c0ca: f000 fe0e bl 800ccea + for(count = 0U; count < 8U; count++) + 800c0ce: 45ab cmp fp, r5 + 800c0d0: d1f6 bne.n 800c0c0 + dataremaining--; + 800c0d2: 3e20 subs r6, #32 + if(((HAL_GetTick()-tickstart) >= Timeout) || (Timeout == 0U)) + 800c0d4: f7fa fff4 bl 80070c0 + 800c0d8: 9b12 ldr r3, [sp, #72] ; 0x48 + 800c0da: eba0 0009 sub.w r0, r0, r9 + 800c0de: 4298 cmp r0, r3 + 800c0e0: d3c7 bcc.n 800c072 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c0e2: 6823 ldr r3, [r4, #0] + 800c0e4: 4a1a ldr r2, [pc, #104] ; (800c150 ) + 800c0e6: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= errorstate; + 800c0e8: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c0ea: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c0ec: 2301 movs r3, #1 + 800c0ee: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800c0f2: 2300 movs r3, #0 + 800c0f4: 6323 str r3, [r4, #48] ; 0x30 + return HAL_TIMEOUT; + 800c0f6: f04f 0803 mov.w r8, #3 + 800c0fa: e77b b.n 800bff4 + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DCRCFAIL)) + 800c0fc: 6b59 ldr r1, [r3, #52] ; 0x34 + 800c0fe: f011 0102 ands.w r1, r1, #2 + 800c102: d00a beq.n 800c11a + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c104: 4a12 ldr r2, [pc, #72] ; (800c150 ) + 800c106: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_DATA_CRC_FAIL; + 800c108: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c10a: f043 0302 orr.w r3, r3, #2 + 800c10e: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c110: 2301 movs r3, #1 + 800c112: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800c116: 6320 str r0, [r4, #48] ; 0x30 + return HAL_ERROR; + 800c118: e76c b.n 800bff4 + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_TXUNDERR)) + 800c11a: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c11c: f012 0210 ands.w r2, r2, #16 + 800c120: d00a beq.n 800c138 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c122: 4a0b ldr r2, [pc, #44] ; (800c150 ) + 800c124: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_TX_UNDERRUN; + 800c126: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c128: f043 0310 orr.w r3, r3, #16 + 800c12c: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c12e: 2301 movs r3, #1 + 800c130: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800c134: 6321 str r1, [r4, #48] ; 0x30 + return HAL_ERROR; + 800c136: e75d b.n 800bff4 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_DATA_FLAGS); + 800c138: 4906 ldr r1, [pc, #24] ; (800c154 ) + 800c13a: 6399 str r1, [r3, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c13c: 2301 movs r3, #1 + 800c13e: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_OK; + 800c142: 4690 mov r8, r2 + 800c144: e756 b.n 800bff4 + hsd->ErrorCode |= HAL_SD_ERROR_BUSY; + 800c146: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c148: f043 5300 orr.w r3, r3, #536870912 ; 0x20000000 + 800c14c: e73c b.n 800bfc8 + 800c14e: bf00 nop + 800c150: 1fe00fff .word 0x1fe00fff + 800c154: 18000f3a .word 0x18000f3a + +0800c158 : + return hsd->State; + 800c158: f890 0034 ldrb.w r0, [r0, #52] ; 0x34 +} + 800c15c: 4770 bx lr + +0800c15e : + return hsd->ErrorCode; + 800c15e: 6b80 ldr r0, [r0, #56] ; 0x38 +} + 800c160: 4770 bx lr + +0800c162 : + 800c162: 4770 bx lr + +0800c164 : + 800c164: 4770 bx lr + +0800c166 : + 800c166: 4770 bx lr + +0800c168 : + 800c168: 4770 bx lr + ... + +0800c16c : + pCSD->CSDStruct = (uint8_t)((hsd->CSD[0] & 0xC0000000U) >> 30U); + 800c16c: 6e03 ldr r3, [r0, #96] ; 0x60 + 800c16e: 0f9a lsrs r2, r3, #30 + 800c170: 700a strb r2, [r1, #0] + pCSD->SysSpecVersion = (uint8_t)((hsd->CSD[0] & 0x3C000000U) >> 26U); + 800c172: f3c3 6283 ubfx r2, r3, #26, #4 + 800c176: 704a strb r2, [r1, #1] + pCSD->Reserved1 = (uint8_t)((hsd->CSD[0] & 0x03000000U) >> 24U); + 800c178: f3c3 6201 ubfx r2, r3, #24, #2 + 800c17c: 708a strb r2, [r1, #2] + pCSD->TAAC = (uint8_t)((hsd->CSD[0] & 0x00FF0000U) >> 16U); + 800c17e: f3c3 4207 ubfx r2, r3, #16, #8 + 800c182: 70ca strb r2, [r1, #3] + pCSD->NSAC = (uint8_t)((hsd->CSD[0] & 0x0000FF00U) >> 8U); + 800c184: f3c3 2207 ubfx r2, r3, #8, #8 + pCSD->MaxBusClkFrec = (uint8_t)(hsd->CSD[0] & 0x000000FFU); + 800c188: b2db uxtb r3, r3 + pCSD->NSAC = (uint8_t)((hsd->CSD[0] & 0x0000FF00U) >> 8U); + 800c18a: 710a strb r2, [r1, #4] + pCSD->MaxBusClkFrec = (uint8_t)(hsd->CSD[0] & 0x000000FFU); + 800c18c: 714b strb r3, [r1, #5] + pCSD->CardComdClasses = (uint16_t)((hsd->CSD[1] & 0xFFF00000U) >> 20U); + 800c18e: 6e43 ldr r3, [r0, #100] ; 0x64 + 800c190: 0d1a lsrs r2, r3, #20 + 800c192: 80ca strh r2, [r1, #6] + pCSD->RdBlockLen = (uint8_t)((hsd->CSD[1] & 0x000F0000U) >> 16U); + 800c194: f3c3 4203 ubfx r2, r3, #16, #4 + 800c198: 720a strb r2, [r1, #8] + pCSD->PartBlockRead = (uint8_t)((hsd->CSD[1] & 0x00008000U) >> 15U); + 800c19a: f3c3 32c0 ubfx r2, r3, #15, #1 + 800c19e: 724a strb r2, [r1, #9] + pCSD->WrBlockMisalign = (uint8_t)((hsd->CSD[1] & 0x00004000U) >> 14U); + 800c1a0: f3c3 3280 ubfx r2, r3, #14, #1 + 800c1a4: 728a strb r2, [r1, #10] + pCSD->RdBlockMisalign = (uint8_t)((hsd->CSD[1] & 0x00002000U) >> 13U); + 800c1a6: f3c3 3240 ubfx r2, r3, #13, #1 + 800c1aa: 72ca strb r2, [r1, #11] + pCSD->DSRImpl = (uint8_t)((hsd->CSD[1] & 0x00001000U) >> 12U); + 800c1ac: f3c3 3200 ubfx r2, r3, #12, #1 + 800c1b0: 730a strb r2, [r1, #12] + pCSD->Reserved2 = 0U; /*!< Reserved */ + 800c1b2: 2200 movs r2, #0 + 800c1b4: 734a strb r2, [r1, #13] + if(hsd->SdCard.CardType == CARD_SDSC) + 800c1b6: 6bc2 ldr r2, [r0, #60] ; 0x3c +{ + 800c1b8: b510 push {r4, lr} + if(hsd->SdCard.CardType == CARD_SDSC) + 800c1ba: 2a00 cmp r2, #0 + 800c1bc: d16c bne.n 800c298 + pCSD->DeviceSize = (((hsd->CSD[1] & 0x000003FFU) << 2U) | ((hsd->CSD[2] & 0xC0000000U) >> 30U)); + 800c1be: 6e82 ldr r2, [r0, #104] ; 0x68 + 800c1c0: f640 74fc movw r4, #4092 ; 0xffc + 800c1c4: ea04 0383 and.w r3, r4, r3, lsl #2 + 800c1c8: ea43 7392 orr.w r3, r3, r2, lsr #30 + 800c1cc: 610b str r3, [r1, #16] + pCSD->MaxRdCurrentVDDMin = (uint8_t)((hsd->CSD[2] & 0x38000000U) >> 27U); + 800c1ce: f3c2 63c2 ubfx r3, r2, #27, #3 + 800c1d2: 750b strb r3, [r1, #20] + pCSD->MaxRdCurrentVDDMax = (uint8_t)((hsd->CSD[2] & 0x07000000U) >> 24U); + 800c1d4: f3c2 6302 ubfx r3, r2, #24, #3 + 800c1d8: 754b strb r3, [r1, #21] + pCSD->MaxWrCurrentVDDMin = (uint8_t)((hsd->CSD[2] & 0x00E00000U) >> 21U); + 800c1da: f3c2 5342 ubfx r3, r2, #21, #3 + 800c1de: 758b strb r3, [r1, #22] + pCSD->MaxWrCurrentVDDMax = (uint8_t)((hsd->CSD[2] & 0x001C0000U) >> 18U); + 800c1e0: f3c2 4382 ubfx r3, r2, #18, #3 + pCSD->DeviceSizeMul = (uint8_t)((hsd->CSD[2] & 0x00038000U) >> 15U); + 800c1e4: f3c2 32c2 ubfx r2, r2, #15, #3 + pCSD->MaxWrCurrentVDDMax = (uint8_t)((hsd->CSD[2] & 0x001C0000U) >> 18U); + 800c1e8: 75cb strb r3, [r1, #23] + pCSD->DeviceSizeMul = (uint8_t)((hsd->CSD[2] & 0x00038000U) >> 15U); + 800c1ea: 760a strb r2, [r1, #24] + hsd->SdCard.BlockNbr = (pCSD->DeviceSize + 1U) ; + 800c1ec: 690b ldr r3, [r1, #16] + hsd->SdCard.BlockNbr *= (1UL << ((pCSD->DeviceSizeMul & 0x07U) + 2U)); + 800c1ee: 7e0a ldrb r2, [r1, #24] + 800c1f0: f002 0207 and.w r2, r2, #7 + hsd->SdCard.BlockNbr = (pCSD->DeviceSize + 1U) ; + 800c1f4: 3301 adds r3, #1 + hsd->SdCard.BlockNbr *= (1UL << ((pCSD->DeviceSizeMul & 0x07U) + 2U)); + 800c1f6: 3202 adds r2, #2 + 800c1f8: fa03 f202 lsl.w r2, r3, r2 + 800c1fc: 64c2 str r2, [r0, #76] ; 0x4c + hsd->SdCard.BlockSize = (1UL << (pCSD->RdBlockLen & 0x0FU)); + 800c1fe: 7a0b ldrb r3, [r1, #8] + 800c200: f003 040f and.w r4, r3, #15 + 800c204: 2301 movs r3, #1 + 800c206: 40a3 lsls r3, r4 + 800c208: 6503 str r3, [r0, #80] ; 0x50 + hsd->SdCard.LogBlockNbr = (hsd->SdCard.BlockNbr) * ((hsd->SdCard.BlockSize) / 512U); + 800c20a: 0a5b lsrs r3, r3, #9 + 800c20c: 4353 muls r3, r2 + 800c20e: 6543 str r3, [r0, #84] ; 0x54 + hsd->SdCard.LogBlockSize = 512U; + 800c210: f44f 7300 mov.w r3, #512 ; 0x200 + hsd->SdCard.LogBlockSize = hsd->SdCard.BlockSize; + 800c214: 6583 str r3, [r0, #88] ; 0x58 + pCSD->EraseGrSize = (uint8_t)((hsd->CSD[2] & 0x00004000U) >> 14U); + 800c216: 6e83 ldr r3, [r0, #104] ; 0x68 + 800c218: f3c3 3280 ubfx r2, r3, #14, #1 + 800c21c: 764a strb r2, [r1, #25] + pCSD->EraseGrMul = (uint8_t)((hsd->CSD[2] & 0x00003F80U) >> 7U); + 800c21e: f3c3 12c6 ubfx r2, r3, #7, #7 + pCSD->WrProtectGrSize = (uint8_t)(hsd->CSD[2] & 0x0000007FU); + 800c222: f003 037f and.w r3, r3, #127 ; 0x7f + pCSD->EraseGrMul = (uint8_t)((hsd->CSD[2] & 0x00003F80U) >> 7U); + 800c226: 768a strb r2, [r1, #26] + pCSD->WrProtectGrSize = (uint8_t)(hsd->CSD[2] & 0x0000007FU); + 800c228: 76cb strb r3, [r1, #27] + pCSD->WrProtectGrEnable = (uint8_t)((hsd->CSD[3] & 0x80000000U) >> 31U); + 800c22a: 6ec3 ldr r3, [r0, #108] ; 0x6c + 800c22c: 0fda lsrs r2, r3, #31 + 800c22e: 770a strb r2, [r1, #28] + pCSD->ManDeflECC = (uint8_t)((hsd->CSD[3] & 0x60000000U) >> 29U); + 800c230: f3c3 7241 ubfx r2, r3, #29, #2 + 800c234: 774a strb r2, [r1, #29] + pCSD->WrSpeedFact = (uint8_t)((hsd->CSD[3] & 0x1C000000U) >> 26U); + 800c236: f3c3 6282 ubfx r2, r3, #26, #3 + 800c23a: 778a strb r2, [r1, #30] + pCSD->MaxWrBlockLen= (uint8_t)((hsd->CSD[3] & 0x03C00000U) >> 22U); + 800c23c: f3c3 5283 ubfx r2, r3, #22, #4 + 800c240: 77ca strb r2, [r1, #31] + pCSD->WriteBlockPaPartial = (uint8_t)((hsd->CSD[3] & 0x00200000U) >> 21U); + 800c242: f3c3 5240 ubfx r2, r3, #21, #1 + 800c246: f881 2020 strb.w r2, [r1, #32] + pCSD->Reserved3 = 0; + 800c24a: 2000 movs r0, #0 + pCSD->ContentProtectAppli = (uint8_t)((hsd->CSD[3] & 0x00010000U) >> 16U); + 800c24c: f3c3 4200 ubfx r2, r3, #16, #1 + pCSD->Reserved3 = 0; + 800c250: f881 0021 strb.w r0, [r1, #33] ; 0x21 + pCSD->ContentProtectAppli = (uint8_t)((hsd->CSD[3] & 0x00010000U) >> 16U); + 800c254: f881 2022 strb.w r2, [r1, #34] ; 0x22 + pCSD->FileFormatGroup = (uint8_t)((hsd->CSD[3] & 0x00008000U) >> 15U); + 800c258: f3c3 32c0 ubfx r2, r3, #15, #1 + 800c25c: f881 2023 strb.w r2, [r1, #35] ; 0x23 + pCSD->CopyFlag = (uint8_t)((hsd->CSD[3] & 0x00004000U) >> 14U); + 800c260: f3c3 3280 ubfx r2, r3, #14, #1 + 800c264: f881 2024 strb.w r2, [r1, #36] ; 0x24 + pCSD->PermWrProtect = (uint8_t)((hsd->CSD[3] & 0x00002000U) >> 13U); + 800c268: f3c3 3240 ubfx r2, r3, #13, #1 + 800c26c: f881 2025 strb.w r2, [r1, #37] ; 0x25 + pCSD->TempWrProtect = (uint8_t)((hsd->CSD[3] & 0x00001000U) >> 12U); + 800c270: f3c3 3200 ubfx r2, r3, #12, #1 + 800c274: f881 2026 strb.w r2, [r1, #38] ; 0x26 + pCSD->FileFormat = (uint8_t)((hsd->CSD[3] & 0x00000C00U) >> 10U); + 800c278: f3c3 2281 ubfx r2, r3, #10, #2 + 800c27c: f881 2027 strb.w r2, [r1, #39] ; 0x27 + pCSD->ECC= (uint8_t)((hsd->CSD[3] & 0x00000300U) >> 8U); + 800c280: f3c3 2201 ubfx r2, r3, #8, #2 + pCSD->CSD_CRC = (uint8_t)((hsd->CSD[3] & 0x000000FEU) >> 1U); + 800c284: f3c3 0346 ubfx r3, r3, #1, #7 + pCSD->ECC= (uint8_t)((hsd->CSD[3] & 0x00000300U) >> 8U); + 800c288: f881 2028 strb.w r2, [r1, #40] ; 0x28 + pCSD->CSD_CRC = (uint8_t)((hsd->CSD[3] & 0x000000FEU) >> 1U); + 800c28c: f881 3029 strb.w r3, [r1, #41] ; 0x29 + pCSD->Reserved4 = 1; + 800c290: 2301 movs r3, #1 + 800c292: f881 302a strb.w r3, [r1, #42] ; 0x2a +} + 800c296: bd10 pop {r4, pc} + else if(hsd->SdCard.CardType == CARD_SDHC_SDXC) + 800c298: 2a01 cmp r2, #1 + 800c29a: d10f bne.n 800c2bc + pCSD->DeviceSize = (((hsd->CSD[1] & 0x0000003FU) << 16U) | ((hsd->CSD[2] & 0xFFFF0000U) >> 16U)); + 800c29c: f8b0 206a ldrh.w r2, [r0, #106] ; 0x6a + 800c2a0: 041b lsls r3, r3, #16 + 800c2a2: f403 137c and.w r3, r3, #4128768 ; 0x3f0000 + 800c2a6: 4313 orrs r3, r2 + 800c2a8: 610b str r3, [r1, #16] + hsd->SdCard.BlockNbr = ((pCSD->DeviceSize + 1U) * 1024U); + 800c2aa: 690b ldr r3, [r1, #16] + 800c2ac: 3301 adds r3, #1 + 800c2ae: 029b lsls r3, r3, #10 + 800c2b0: 64c3 str r3, [r0, #76] ; 0x4c + hsd->SdCard.LogBlockNbr = hsd->SdCard.BlockNbr; + 800c2b2: 6543 str r3, [r0, #84] ; 0x54 + hsd->SdCard.BlockSize = 512U; + 800c2b4: f44f 7300 mov.w r3, #512 ; 0x200 + 800c2b8: 6503 str r3, [r0, #80] ; 0x50 + 800c2ba: e7ab b.n 800c214 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c2bc: 6803 ldr r3, [r0, #0] + 800c2be: 4a05 ldr r2, [pc, #20] ; (800c2d4 ) + 800c2c0: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_UNSUPPORTED_FEATURE; + 800c2c2: 6b83 ldr r3, [r0, #56] ; 0x38 + 800c2c4: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + 800c2c8: 6383 str r3, [r0, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c2ca: 2301 movs r3, #1 + 800c2cc: f880 3034 strb.w r3, [r0, #52] ; 0x34 + return HAL_ERROR; + 800c2d0: 4618 mov r0, r3 + 800c2d2: e7e0 b.n 800c296 + 800c2d4: 1fe00fff .word 0x1fe00fff + +0800c2d8 : +{ + 800c2d8: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + Init.ClockEdge = SDMMC_CLOCK_EDGE_RISING; + 800c2dc: 2300 movs r3, #0 +{ + 800c2de: b099 sub sp, #100 ; 0x64 + 800c2e0: 4604 mov r4, r0 + sdmmc_clk = HAL_RCCEx_GetPeriphCLKFreq(RCC_PERIPHCLK_SDMMC1); + 800c2e2: f44f 2000 mov.w r0, #524288 ; 0x80000 + Init.ClockPowerSave = SDMMC_CLOCK_POWER_SAVE_DISABLE; + 800c2e6: e9cd 3307 strd r3, r3, [sp, #28] + Init.HardwareFlowControl = SDMMC_HARDWARE_FLOW_CONTROL_DISABLE; + 800c2ea: e9cd 3309 strd r3, r3, [sp, #36] ; 0x24 + sdmmc_clk = HAL_RCCEx_GetPeriphCLKFreq(RCC_PERIPHCLK_SDMMC1); + 800c2ee: f7fd fb2d bl 800994c + if (sdmmc_clk == 0U) + 800c2f2: 4605 mov r5, r0 + 800c2f4: b948 cbnz r0, 800c30a + hsd->State = HAL_SD_STATE_READY; + 800c2f6: 2501 movs r5, #1 + hsd->ErrorCode = SDMMC_ERROR_INVALID_PARAMETER; + 800c2f8: f04f 6300 mov.w r3, #134217728 ; 0x8000000 + hsd->State = HAL_SD_STATE_READY; + 800c2fc: f884 5034 strb.w r5, [r4, #52] ; 0x34 + hsd->ErrorCode = SDMMC_ERROR_INVALID_PARAMETER; + 800c300: 63a3 str r3, [r4, #56] ; 0x38 +} + 800c302: 4628 mov r0, r5 + 800c304: b019 add sp, #100 ; 0x64 + 800c306: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + Init.Transceiver = hsd->Init.Transceiver; + 800c30a: 69a3 ldr r3, [r4, #24] + hsd->Instance->POWER |= SDMMC_POWER_DIRPOL; + 800c30c: 6827 ldr r7, [r4, #0] + Init.Transceiver = hsd->Init.Transceiver; + 800c30e: 930c str r3, [sp, #48] ; 0x30 + if(hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE) + 800c310: 2b01 cmp r3, #1 + hsd->Instance->POWER |= SDMMC_POWER_DIRPOL; + 800c312: bf08 it eq + 800c314: 683b ldreq r3, [r7, #0] + Init.ClockDiv = sdmmc_clk / (2U * SD_INIT_FREQ); + 800c316: 4e99 ldr r6, [pc, #612] ; (800c57c ) + 800c318: fbb0 f6f6 udiv r6, r0, r6 + hsd->Instance->POWER |= SDMMC_POWER_DIRPOL; + 800c31c: bf04 itt eq + 800c31e: f043 0310 orreq.w r3, r3, #16 + 800c322: 603b streq r3, [r7, #0] + status = SDMMC_Init(hsd->Instance, Init); + 800c324: 960b str r6, [sp, #44] ; 0x2c + 800c326: ab0a add r3, sp, #40 ; 0x28 + 800c328: e893 0007 ldmia.w r3, {r0, r1, r2} + 800c32c: e88d 0007 stmia.w sp, {r0, r1, r2} + 800c330: ab07 add r3, sp, #28 + 800c332: cb0e ldmia r3, {r1, r2, r3} + 800c334: 4638 mov r0, r7 + 800c336: f000 fcbb bl 800ccb0 + if(status != HAL_OK) + 800c33a: b108 cbz r0, 800c340 + return HAL_ERROR; + 800c33c: 2501 movs r5, #1 + 800c33e: e7e0 b.n 800c302 + status = SDMMC_PowerState_ON(hsd->Instance); + 800c340: 6820 ldr r0, [r4, #0] + 800c342: f000 fcd7 bl 800ccf4 + if(status != HAL_OK) + 800c346: 4607 mov r7, r0 + 800c348: 2800 cmp r0, #0 + 800c34a: d1f7 bne.n 800c33c + sdmmc_clk = sdmmc_clk/(2U*Init.ClockDiv); + 800c34c: 0076 lsls r6, r6, #1 + HAL_Delay(1U+ (74U*1000U/(sdmmc_clk))); + 800c34e: 488c ldr r0, [pc, #560] ; (800c580 ) + sdmmc_clk = sdmmc_clk/(2U*Init.ClockDiv); + 800c350: fbb5 f5f6 udiv r5, r5, r6 + HAL_Delay(1U+ (74U*1000U/(sdmmc_clk))); + 800c354: fbb0 f0f5 udiv r0, r0, r5 + 800c358: 3001 adds r0, #1 + 800c35a: f7f7 faca bl 80038f2 + __IO uint32_t count = 0U; + 800c35e: 9706 str r7, [sp, #24] + uint32_t tickstart = HAL_GetTick(); + 800c360: f7fa feae bl 80070c0 + 800c364: 4606 mov r6, r0 + errorstate = SDMMC_CmdGoIdleState(hsd->Instance); + 800c366: 6820 ldr r0, [r4, #0] + 800c368: f000 fd18 bl 800cd9c + if(errorstate != HAL_SD_ERROR_NONE) + 800c36c: 4605 mov r5, r0 + 800c36e: b940 cbnz r0, 800c382 + errorstate = SDMMC_CmdOperCond(hsd->Instance); + 800c370: 6820 ldr r0, [r4, #0] + 800c372: f001 f8fd bl 800d570 + if(errorstate != HAL_SD_ERROR_NONE) + 800c376: b158 cbz r0, 800c390 + errorstate = SDMMC_CmdGoIdleState(hsd->Instance); + 800c378: 6820 ldr r0, [r4, #0] + hsd->SdCard.CardVersion = CARD_V1_X; + 800c37a: 6425 str r5, [r4, #64] ; 0x40 + errorstate = SDMMC_CmdGoIdleState(hsd->Instance); + 800c37c: f000 fd0e bl 800cd9c + if(errorstate != HAL_SD_ERROR_NONE) + 800c380: b180 cbz r0, 800c3a4 + hsd->State = HAL_SD_STATE_READY; + 800c382: 2501 movs r5, #1 + 800c384: f884 5034 strb.w r5, [r4, #52] ; 0x34 + hsd->ErrorCode |= errorstate; + 800c388: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c38a: 4318 orrs r0, r3 + 800c38c: 63a0 str r0, [r4, #56] ; 0x38 + return HAL_ERROR; + 800c38e: e7b8 b.n 800c302 + hsd->SdCard.CardVersion = CARD_V2_X; + 800c390: 2301 movs r3, #1 + 800c392: 6423 str r3, [r4, #64] ; 0x40 + errorstate = SDMMC_CmdAppCommand(hsd->Instance, 0); + 800c394: 6820 ldr r0, [r4, #0] + 800c396: 2100 movs r1, #0 + 800c398: f000 fef5 bl 800d186 + if(errorstate != HAL_SD_ERROR_NONE) + 800c39c: b128 cbz r0, 800c3aa + return HAL_SD_ERROR_UNSUPPORTED_FEATURE; + 800c39e: f04f 5080 mov.w r0, #268435456 ; 0x10000000 + 800c3a2: e7ee b.n 800c382 + if( hsd->SdCard.CardVersion == CARD_V2_X) + 800c3a4: 6c23 ldr r3, [r4, #64] ; 0x40 + 800c3a6: 2b01 cmp r3, #1 + 800c3a8: d0f4 beq.n 800c394 + errorstate = SDMMC_CmdAppOperCommand(hsd->Instance, SDMMC_VOLTAGE_WINDOW_SD | SDMMC_HIGH_CAPACITY | SD_SWITCH_1_8V_CAPACITY); + 800c3aa: f8df 91dc ldr.w r9, [pc, #476] ; 800c588 +{ + 800c3ae: 2700 movs r7, #0 + while((count < SDMMC_MAX_VOLT_TRIAL) && (validvoltage == 0U)) + 800c3b0: f64f 78fe movw r8, #65534 ; 0xfffe + 800c3b4: 9b06 ldr r3, [sp, #24] + 800c3b6: 4543 cmp r3, r8 + 800c3b8: d800 bhi.n 800c3bc + 800c3ba: b12f cbz r7, 800c3c8 + if(count >= SDMMC_MAX_VOLT_TRIAL) + 800c3bc: 9b06 ldr r3, [sp, #24] + 800c3be: 4543 cmp r3, r8 + 800c3c0: d918 bls.n 800c3f4 + return HAL_SD_ERROR_INVALID_VOLTRANGE; + 800c3c2: f04f 7080 mov.w r0, #16777216 ; 0x1000000 + 800c3c6: e7dc b.n 800c382 + errorstate = SDMMC_CmdAppCommand(hsd->Instance, 0); + 800c3c8: 6820 ldr r0, [r4, #0] + 800c3ca: 4639 mov r1, r7 + 800c3cc: f000 fedb bl 800d186 + if(errorstate != HAL_SD_ERROR_NONE) + 800c3d0: 2800 cmp r0, #0 + 800c3d2: d1d6 bne.n 800c382 + errorstate = SDMMC_CmdAppOperCommand(hsd->Instance, SDMMC_VOLTAGE_WINDOW_SD | SDMMC_HIGH_CAPACITY | SD_SWITCH_1_8V_CAPACITY); + 800c3d4: 6820 ldr r0, [r4, #0] + 800c3d6: 4649 mov r1, r9 + 800c3d8: f001 f816 bl 800d408 + if(errorstate != HAL_SD_ERROR_NONE) + 800c3dc: 2800 cmp r0, #0 + 800c3de: d1de bne.n 800c39e + response = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1); + 800c3e0: 4639 mov r1, r7 + 800c3e2: 6820 ldr r0, [r4, #0] + 800c3e4: f000 fcb7 bl 800cd56 + count++; + 800c3e8: 9b06 ldr r3, [sp, #24] + 800c3ea: 3301 adds r3, #1 + response = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1); + 800c3ec: 4605 mov r5, r0 + validvoltage = (((response >> 31U) == 1U) ? 1U : 0U); + 800c3ee: 0fc7 lsrs r7, r0, #31 + count++; + 800c3f0: 9306 str r3, [sp, #24] + 800c3f2: e7df b.n 800c3b4 + if((response & SDMMC_HIGH_CAPACITY) == SDMMC_HIGH_CAPACITY) /* (response &= SD_HIGH_CAPACITY) */ + 800c3f4: f015 4380 ands.w r3, r5, #1073741824 ; 0x40000000 + 800c3f8: d04b beq.n 800c492 + hsd->SdCard.CardType = CARD_SDHC_SDXC; + 800c3fa: 2301 movs r3, #1 + 800c3fc: 63e3 str r3, [r4, #60] ; 0x3c + if(hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE) + 800c3fe: 69a3 ldr r3, [r4, #24] + errorstate = SDMMC_CmdAppCommand(hsd->Instance, 0); + 800c400: 6820 ldr r0, [r4, #0] + if(hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE) + 800c402: 2b01 cmp r3, #1 + 800c404: d12d bne.n 800c462 + if((response & SD_SWITCH_1_8V_CAPACITY) == SD_SWITCH_1_8V_CAPACITY) + 800c406: 01ef lsls r7, r5, #7 + 800c408: d52b bpl.n 800c462 + hsd->SdCard.CardSpeed = CARD_ULTRA_HIGH_SPEED; + 800c40a: f44f 7300 mov.w r3, #512 ; 0x200 + 800c40e: 65e3 str r3, [r4, #92] ; 0x5c + hsd->Instance->POWER |= SDMMC_POWER_VSWITCHEN; + 800c410: 6803 ldr r3, [r0, #0] + 800c412: f043 0308 orr.w r3, r3, #8 + 800c416: 6003 str r3, [r0, #0] + errorstate = SDMMC_CmdVoltageSwitch(hsd->Instance); + 800c418: f000 ff4e bl 800d2b8 + if(errorstate != HAL_SD_ERROR_NONE) + 800c41c: 2800 cmp r0, #0 + 800c41e: d1b0 bne.n 800c382 + while(( hsd->Instance->STA & SDMMC_FLAG_CKSTOP) != SDMMC_FLAG_CKSTOP) + 800c420: 6823 ldr r3, [r4, #0] + 800c422: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c424: 0155 lsls r5, r2, #5 + 800c426: d526 bpl.n 800c476 + hsd->Instance->ICR = SDMMC_FLAG_CKSTOP; + 800c428: f04f 6280 mov.w r2, #67108864 ; 0x4000000 + 800c42c: 639a str r2, [r3, #56] ; 0x38 + if(( hsd->Instance->STA & SDMMC_FLAG_BUSYD0) != SDMMC_FLAG_BUSYD0) + 800c42e: 6b5b ldr r3, [r3, #52] ; 0x34 + 800c430: 02d8 lsls r0, r3, #11 + 800c432: d5b4 bpl.n 800c39e + HAL_SDEx_DriveTransceiver_1_8V_Callback(SET); + 800c434: 2001 movs r0, #1 + 800c436: f7fa feb3 bl 80071a0 + hsd->Instance->POWER |= SDMMC_POWER_VSWITCH; + 800c43a: 6822 ldr r2, [r4, #0] + 800c43c: 6813 ldr r3, [r2, #0] + 800c43e: f043 0304 orr.w r3, r3, #4 + 800c442: 6013 str r3, [r2, #0] + while(( hsd->Instance->STA & SDMMC_FLAG_VSWEND) != SDMMC_FLAG_VSWEND) + 800c444: 6823 ldr r3, [r4, #0] + 800c446: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c448: 0191 lsls r1, r2, #6 + 800c44a: d51c bpl.n 800c486 + hsd->Instance->ICR = SDMMC_FLAG_VSWEND; + 800c44c: f04f 7200 mov.w r2, #33554432 ; 0x2000000 + 800c450: 639a str r2, [r3, #56] ; 0x38 + if(( hsd->Instance->STA & SDMMC_FLAG_BUSYD0) == SDMMC_FLAG_BUSYD0) + 800c452: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c454: 02d2 lsls r2, r2, #11 + 800c456: d4b4 bmi.n 800c3c2 + hsd->Instance->POWER = 0x13U; + 800c458: 2213 movs r2, #19 + 800c45a: 601a str r2, [r3, #0] + hsd->Instance->ICR = 0xFFFFFFFFU; + 800c45c: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 800c460: 639a str r2, [r3, #56] ; 0x38 + uint16_t sd_rca = 1U; + 800c462: 2301 movs r3, #1 + if(SDMMC_GetPowerState(hsd->Instance) == 0U) + 800c464: 6820 ldr r0, [r4, #0] + uint16_t sd_rca = 1U; + 800c466: f8ad 3016 strh.w r3, [sp, #22] + if(SDMMC_GetPowerState(hsd->Instance) == 0U) + 800c46a: f000 fc59 bl 800cd20 + 800c46e: b990 cbnz r0, 800c496 + return HAL_SD_ERROR_REQUEST_NOT_APPLICABLE; + 800c470: f04f 6080 mov.w r0, #67108864 ; 0x4000000 + 800c474: e785 b.n 800c382 + if((HAL_GetTick() - tickstart) >= SDMMC_DATATIMEOUT) + 800c476: f7fa fe23 bl 80070c0 + 800c47a: 1b80 subs r0, r0, r6 + 800c47c: 3001 adds r0, #1 + 800c47e: d1cf bne.n 800c420 + return HAL_SD_ERROR_TIMEOUT; + 800c480: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 + 800c484: e77d b.n 800c382 + if((HAL_GetTick() - tickstart) >= SDMMC_DATATIMEOUT) + 800c486: f7fa fe1b bl 80070c0 + 800c48a: 1b80 subs r0, r0, r6 + 800c48c: 3001 adds r0, #1 + 800c48e: d1d9 bne.n 800c444 + 800c490: e7f6 b.n 800c480 + hsd->SdCard.CardType = CARD_SDSC; + 800c492: 63e3 str r3, [r4, #60] ; 0x3c + if(errorstate != HAL_SD_ERROR_NONE) + 800c494: e7e5 b.n 800c462 + if(hsd->SdCard.CardType != CARD_SECURED) + 800c496: 6be3 ldr r3, [r4, #60] ; 0x3c + 800c498: 2b03 cmp r3, #3 + 800c49a: d045 beq.n 800c528 + errorstate = SDMMC_CmdSendCID(hsd->Instance); + 800c49c: 6820 ldr r0, [r4, #0] + 800c49e: f000 ff65 bl 800d36c + if(errorstate != HAL_SD_ERROR_NONE) + 800c4a2: 2800 cmp r0, #0 + 800c4a4: f47f af6d bne.w 800c382 + hsd->CID[0U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1); + 800c4a8: 4601 mov r1, r0 + 800c4aa: 6820 ldr r0, [r4, #0] + 800c4ac: f000 fc53 bl 800cd56 + hsd->CID[1U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP2); + 800c4b0: 2104 movs r1, #4 + hsd->CID[0U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1); + 800c4b2: 6720 str r0, [r4, #112] ; 0x70 + hsd->CID[1U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP2); + 800c4b4: 6820 ldr r0, [r4, #0] + 800c4b6: f000 fc4e bl 800cd56 + hsd->CID[2U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP3); + 800c4ba: 2108 movs r1, #8 + hsd->CID[1U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP2); + 800c4bc: 6760 str r0, [r4, #116] ; 0x74 + hsd->CID[2U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP3); + 800c4be: 6820 ldr r0, [r4, #0] + 800c4c0: f000 fc49 bl 800cd56 + hsd->CID[3U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP4); + 800c4c4: 210c movs r1, #12 + hsd->CID[2U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP3); + 800c4c6: 67a0 str r0, [r4, #120] ; 0x78 + hsd->CID[3U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP4); + 800c4c8: 6820 ldr r0, [r4, #0] + 800c4ca: f000 fc44 bl 800cd56 + if(hsd->SdCard.CardType != CARD_SECURED) + 800c4ce: 6be3 ldr r3, [r4, #60] ; 0x3c + hsd->CID[3U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP4); + 800c4d0: 67e0 str r0, [r4, #124] ; 0x7c + if(hsd->SdCard.CardType != CARD_SECURED) + 800c4d2: 2b03 cmp r3, #3 + 800c4d4: d028 beq.n 800c528 + errorstate = SDMMC_CmdSetRelAdd(hsd->Instance, &sd_rca); + 800c4d6: 6820 ldr r0, [r4, #0] + 800c4d8: f10d 0116 add.w r1, sp, #22 + 800c4dc: f001 f804 bl 800d4e8 + if(errorstate != HAL_SD_ERROR_NONE) + 800c4e0: 2800 cmp r0, #0 + 800c4e2: f47f af4e bne.w 800c382 + if(hsd->SdCard.CardType != CARD_SECURED) + 800c4e6: 6be3 ldr r3, [r4, #60] ; 0x3c + errorstate = SDMMC_CmdSendCSD(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800c4e8: 6820 ldr r0, [r4, #0] + if(hsd->SdCard.CardType != CARD_SECURED) + 800c4ea: 2b03 cmp r3, #3 + 800c4ec: d01c beq.n 800c528 + hsd->SdCard.RelCardAdd = sd_rca; + 800c4ee: f8bd 1016 ldrh.w r1, [sp, #22] + 800c4f2: 64a1 str r1, [r4, #72] ; 0x48 + errorstate = SDMMC_CmdSendCSD(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800c4f4: 0409 lsls r1, r1, #16 + 800c4f6: f000 ff4f bl 800d398 + if(errorstate != HAL_SD_ERROR_NONE) + 800c4fa: 2800 cmp r0, #0 + 800c4fc: f47f af41 bne.w 800c382 + hsd->CSD[0U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1); + 800c500: 4601 mov r1, r0 + 800c502: 6820 ldr r0, [r4, #0] + 800c504: f000 fc27 bl 800cd56 + hsd->CSD[1U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP2); + 800c508: 2104 movs r1, #4 + hsd->CSD[0U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1); + 800c50a: 6620 str r0, [r4, #96] ; 0x60 + hsd->CSD[1U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP2); + 800c50c: 6820 ldr r0, [r4, #0] + 800c50e: f000 fc22 bl 800cd56 + hsd->CSD[2U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP3); + 800c512: 2108 movs r1, #8 + hsd->CSD[1U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP2); + 800c514: 6660 str r0, [r4, #100] ; 0x64 + hsd->CSD[2U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP3); + 800c516: 6820 ldr r0, [r4, #0] + 800c518: f000 fc1d bl 800cd56 + hsd->CSD[3U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP4); + 800c51c: 210c movs r1, #12 + hsd->CSD[2U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP3); + 800c51e: 66a0 str r0, [r4, #104] ; 0x68 + hsd->CSD[3U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP4); + 800c520: 6820 ldr r0, [r4, #0] + 800c522: f000 fc18 bl 800cd56 + 800c526: 66e0 str r0, [r4, #108] ; 0x6c + hsd->SdCard.Class = (SDMMC_GetResponse(hsd->Instance, SDMMC_RESP2) >> 20U); + 800c528: 2104 movs r1, #4 + 800c52a: 6820 ldr r0, [r4, #0] + 800c52c: f000 fc13 bl 800cd56 + 800c530: 0d00 lsrs r0, r0, #20 + 800c532: 6460 str r0, [r4, #68] ; 0x44 + if (HAL_SD_GetCardCSD(hsd, &CSD) != HAL_OK) + 800c534: a90d add r1, sp, #52 ; 0x34 + 800c536: 4620 mov r0, r4 + 800c538: f7ff fe18 bl 800c16c + 800c53c: 4605 mov r5, r0 + 800c53e: 2800 cmp r0, #0 + 800c540: f47f af2d bne.w 800c39e + errorstate = SDMMC_CmdSelDesel(hsd->Instance, (uint32_t)(((uint32_t)hsd->SdCard.RelCardAdd) << 16U)); + 800c544: 6ca2 ldr r2, [r4, #72] ; 0x48 + 800c546: 4603 mov r3, r0 + 800c548: 0412 lsls r2, r2, #16 + 800c54a: 6820 ldr r0, [r4, #0] + 800c54c: f000 fe02 bl 800d154 + if(errorstate != HAL_SD_ERROR_NONE) + 800c550: 2800 cmp r0, #0 + 800c552: f47f af16 bne.w 800c382 + errorstate = SDMMC_CmdBlockLength(hsd->Instance, BLOCKSIZE); + 800c556: 6820 ldr r0, [r4, #0] + 800c558: f44f 7100 mov.w r1, #512 ; 0x200 + 800c55c: f000 fcda bl 800cf14 + if(errorstate != HAL_SD_ERROR_NONE) + 800c560: 2800 cmp r0, #0 + 800c562: f43f aece beq.w 800c302 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c566: 6823 ldr r3, [r4, #0] + 800c568: 4a06 ldr r2, [pc, #24] ; (800c584 ) + 800c56a: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= errorstate; + 800c56c: 6ba3 ldr r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c56e: 2501 movs r5, #1 + hsd->ErrorCode |= errorstate; + 800c570: 4318 orrs r0, r3 + 800c572: 63a0 str r0, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c574: f884 5034 strb.w r5, [r4, #52] ; 0x34 + return HAL_ERROR; + 800c578: e6c3 b.n 800c302 + 800c57a: bf00 nop + 800c57c: 000c3500 .word 0x000c3500 + 800c580: 00012110 .word 0x00012110 + 800c584: 1fe00fff .word 0x1fe00fff + 800c588: c1100000 .word 0xc1100000 + +0800c58c : +{ + 800c58c: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 800c590: b096 sub sp, #88 ; 0x58 + 800c592: 4604 mov r4, r0 + 800c594: 460d mov r5, r1 + uint32_t tickstart = HAL_GetTick(); + 800c596: f7fa fd93 bl 80070c0 + if((SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1) & SDMMC_CARD_LOCKED) == SDMMC_CARD_LOCKED) + 800c59a: 2100 movs r1, #0 + uint32_t tickstart = HAL_GetTick(); + 800c59c: 4606 mov r6, r0 + if((SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1) & SDMMC_CARD_LOCKED) == SDMMC_CARD_LOCKED) + 800c59e: 6820 ldr r0, [r4, #0] + 800c5a0: f000 fbd9 bl 800cd56 + 800c5a4: 0183 lsls r3, r0, #6 + 800c5a6: d50b bpl.n 800c5c0 + return HAL_SD_ERROR_LOCK_UNLOCK_FAILED; + 800c5a8: f44f 6000 mov.w r0, #2048 ; 0x800 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c5ac: 6823 ldr r3, [r4, #0] + 800c5ae: 4a54 ldr r2, [pc, #336] ; (800c700 ) + 800c5b0: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= errorstate; + 800c5b2: 6ba3 ldr r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c5b4: 2501 movs r5, #1 + hsd->ErrorCode |= errorstate; + 800c5b6: 4318 orrs r0, r3 + 800c5b8: 63a0 str r0, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c5ba: f884 5034 strb.w r5, [r4, #52] ; 0x34 + status = HAL_ERROR; + 800c5be: e08a b.n 800c6d6 + errorstate = SDMMC_CmdBlockLength(hsd->Instance, 64U); + 800c5c0: 6820 ldr r0, [r4, #0] + 800c5c2: 2140 movs r1, #64 ; 0x40 + 800c5c4: f000 fca6 bl 800cf14 + if(errorstate != HAL_SD_ERROR_NONE) + 800c5c8: b110 cbz r0, 800c5d0 + hsd->ErrorCode |= HAL_SD_ERROR_NONE; + 800c5ca: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c5cc: 63a3 str r3, [r4, #56] ; 0x38 + return errorstate; + 800c5ce: e7ed b.n 800c5ac + errorstate = SDMMC_CmdAppCommand(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800c5d0: 6ca1 ldr r1, [r4, #72] ; 0x48 + 800c5d2: 6820 ldr r0, [r4, #0] + 800c5d4: 0409 lsls r1, r1, #16 + 800c5d6: f000 fdd6 bl 800d186 + if(errorstate != HAL_SD_ERROR_NONE) + 800c5da: 2800 cmp r0, #0 + 800c5dc: d1f5 bne.n 800c5ca + config.DataLength = 64U; + 800c5de: 2340 movs r3, #64 ; 0x40 + 800c5e0: f04f 37ff mov.w r7, #4294967295 ; 0xffffffff + 800c5e4: e9cd 7300 strd r7, r3, [sp] + config.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800c5e8: f04f 0c60 mov.w ip, #96 ; 0x60 + 800c5ec: 2302 movs r3, #2 + 800c5ee: e9cd c302 strd ip, r3, [sp, #8] + config.TransferMode = SDMMC_TRANSFER_MODE_BLOCK; + 800c5f2: 9004 str r0, [sp, #16] + config.DPSM = SDMMC_DPSM_ENABLE; + 800c5f4: 2301 movs r3, #1 + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800c5f6: 6820 ldr r0, [r4, #0] + config.DPSM = SDMMC_DPSM_ENABLE; + 800c5f8: 9305 str r3, [sp, #20] + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800c5fa: 4669 mov r1, sp + 800c5fc: f000 fbae bl 800cd5c + errorstate = SDMMC_CmdStatusRegister(hsd->Instance); + 800c600: 6820 ldr r0, [r4, #0] + 800c602: f000 fe40 bl 800d286 + if(errorstate != HAL_SD_ERROR_NONE) + 800c606: 2800 cmp r0, #0 + 800c608: d1df bne.n 800c5ca + uint32_t *pData = pSDstatus; + 800c60a: af06 add r7, sp, #24 + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DATAEND)) + 800c60c: 6823 ldr r3, [r4, #0] + 800c60e: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c610: f412 7f95 tst.w r2, #298 ; 0x12a + 800c614: d00a beq.n 800c62c + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DTIMEOUT)) + 800c616: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c618: 0711 lsls r1, r2, #28 + 800c61a: d46f bmi.n 800c6fc + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DCRCFAIL)) + 800c61c: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c61e: 0792 lsls r2, r2, #30 + 800c620: d46a bmi.n 800c6f8 + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + 800c622: 6b5b ldr r3, [r3, #52] ; 0x34 + 800c624: 069b lsls r3, r3, #26 + 800c626: d51e bpl.n 800c666 + return HAL_SD_ERROR_RX_OVERRUN; + 800c628: 2020 movs r0, #32 + 800c62a: e7bf b.n 800c5ac + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXFIFOHF)) + 800c62c: 6b5b ldr r3, [r3, #52] ; 0x34 + 800c62e: 0418 lsls r0, r3, #16 + 800c630: d508 bpl.n 800c644 + 800c632: f107 0820 add.w r8, r7, #32 + *pData = SDMMC_ReadFIFO(hsd->Instance); + 800c636: 6820 ldr r0, [r4, #0] + 800c638: f000 fb54 bl 800cce4 + 800c63c: f847 0b04 str.w r0, [r7], #4 + for(count = 0U; count < 8U; count++) + 800c640: 45b8 cmp r8, r7 + 800c642: d1f8 bne.n 800c636 + if((HAL_GetTick() - tickstart) >= SDMMC_DATATIMEOUT) + 800c644: f7fa fd3c bl 80070c0 + 800c648: 1b80 subs r0, r0, r6 + 800c64a: 3001 adds r0, #1 + 800c64c: d1de bne.n 800c60c + return HAL_SD_ERROR_TIMEOUT; + 800c64e: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 + if(errorstate != HAL_SD_ERROR_NONE) + 800c652: e7ab b.n 800c5ac + *pData = SDMMC_ReadFIFO(hsd->Instance); + 800c654: f000 fb46 bl 800cce4 + 800c658: f847 0b04 str.w r0, [r7], #4 + if((HAL_GetTick() - tickstart) >= SDMMC_DATATIMEOUT) + 800c65c: f7fa fd30 bl 80070c0 + 800c660: 1b80 subs r0, r0, r6 + 800c662: 3001 adds r0, #1 + 800c664: d0f3 beq.n 800c64e + while ((__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DPSMACT))) + 800c666: 6820 ldr r0, [r4, #0] + 800c668: 6b43 ldr r3, [r0, #52] ; 0x34 + 800c66a: f413 5380 ands.w r3, r3, #4096 ; 0x1000 + 800c66e: d1f1 bne.n 800c654 + pStatus->DataBusWidth = (uint8_t)((sd_status[0] & 0xC0U) >> 6U); + 800c670: 9906 ldr r1, [sp, #24] + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_DATA_FLAGS); + 800c672: 4a24 ldr r2, [pc, #144] ; (800c704 ) + 800c674: 6382 str r2, [r0, #56] ; 0x38 + pStatus->DataBusWidth = (uint8_t)((sd_status[0] & 0xC0U) >> 6U); + 800c676: f3c1 1281 ubfx r2, r1, #6, #2 + 800c67a: 702a strb r2, [r5, #0] + pStatus->SecuredMode = (uint8_t)((sd_status[0] & 0x20U) >> 5U); + 800c67c: f3c1 1240 ubfx r2, r1, #5, #1 + 800c680: 706a strb r2, [r5, #1] + pStatus->CardType = (uint16_t)(((sd_status[0] & 0x00FF0000U) >> 8U) | ((sd_status[0] & 0xFF000000U) >> 24U)); + 800c682: 0a0a lsrs r2, r1, #8 + 800c684: f022 02ff bic.w r2, r2, #255 ; 0xff + 800c688: ea42 6211 orr.w r2, r2, r1, lsr #24 + 800c68c: b292 uxth r2, r2 + 800c68e: 806a strh r2, [r5, #2] + pStatus->ProtectedAreaSize = (((sd_status[1] & 0xFFU) << 24U) | ((sd_status[1] & 0xFF00U) << 8U) | + 800c690: 9a07 ldr r2, [sp, #28] + 800c692: ba12 rev r2, r2 + 800c694: 606a str r2, [r5, #4] + pStatus->SpeedClass = (uint8_t)(sd_status[2] & 0xFFU); + 800c696: 9a08 ldr r2, [sp, #32] + 800c698: b2d1 uxtb r1, r2 + 800c69a: 7229 strb r1, [r5, #8] + pStatus->PerformanceMove = (uint8_t)((sd_status[2] & 0xFF00U) >> 8U); + 800c69c: f3c2 2107 ubfx r1, r2, #8, #8 + 800c6a0: 7269 strb r1, [r5, #9] + pStatus->AllocationUnitSize = (uint8_t)((sd_status[2] & 0xF00000U) >> 20U); + 800c6a2: f3c2 5103 ubfx r1, r2, #20, #4 + 800c6a6: 72a9 strb r1, [r5, #10] + pStatus->EraseSize = (uint16_t)(((sd_status[2] & 0xFF000000U) >> 16U) | (sd_status[3] & 0xFFU)); + 800c6a8: 9909 ldr r1, [sp, #36] ; 0x24 + 800c6aa: 0c12 lsrs r2, r2, #16 + 800c6ac: b2c8 uxtb r0, r1 + 800c6ae: f022 02ff bic.w r2, r2, #255 ; 0xff + 800c6b2: 4302 orrs r2, r0 + 800c6b4: 81aa strh r2, [r5, #12] + pStatus->EraseTimeout = (uint8_t)((sd_status[3] & 0xFC00U) >> 10U); + 800c6b6: f3c1 2285 ubfx r2, r1, #10, #6 + 800c6ba: 73aa strb r2, [r5, #14] + pStatus->EraseOffset = (uint8_t)((sd_status[3] & 0x0300U) >> 8U); + 800c6bc: f3c1 2201 ubfx r2, r1, #8, #2 + 800c6c0: 73ea strb r2, [r5, #15] + pStatus->UhsSpeedGrade = (uint8_t)((sd_status[3] & 0x00F0U) >> 4U); + 800c6c2: f3c1 1203 ubfx r2, r1, #4, #4 + 800c6c6: 742a strb r2, [r5, #16] + pStatus->UhsAllocationUnitSize = (uint8_t)(sd_status[3] & 0x000FU) ; + 800c6c8: f001 010f and.w r1, r1, #15 + pStatus->VideoSpeedClass = (uint8_t)((sd_status[4] & 0xFF000000U) >> 24U); + 800c6cc: f89d 202b ldrb.w r2, [sp, #43] ; 0x2b + pStatus->UhsAllocationUnitSize = (uint8_t)(sd_status[3] & 0x000FU) ; + 800c6d0: 7469 strb r1, [r5, #17] + pStatus->VideoSpeedClass = (uint8_t)((sd_status[4] & 0xFF000000U) >> 24U); + 800c6d2: 74aa strb r2, [r5, #18] + HAL_StatusTypeDef status = HAL_OK; + 800c6d4: 461d mov r5, r3 + errorstate = SDMMC_CmdBlockLength(hsd->Instance, BLOCKSIZE); + 800c6d6: 6820 ldr r0, [r4, #0] + 800c6d8: f44f 7100 mov.w r1, #512 ; 0x200 + 800c6dc: f000 fc1a bl 800cf14 + if(errorstate != HAL_SD_ERROR_NONE) + 800c6e0: b130 cbz r0, 800c6f0 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c6e2: 6823 ldr r3, [r4, #0] + 800c6e4: 4a06 ldr r2, [pc, #24] ; (800c700 ) + 800c6e6: 639a str r2, [r3, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c6e8: 2501 movs r5, #1 + hsd->ErrorCode = errorstate; + 800c6ea: 63a0 str r0, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c6ec: f884 5034 strb.w r5, [r4, #52] ; 0x34 +} + 800c6f0: 4628 mov r0, r5 + 800c6f2: b016 add sp, #88 ; 0x58 + 800c6f4: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + return HAL_SD_ERROR_DATA_CRC_FAIL; + 800c6f8: 2002 movs r0, #2 + 800c6fa: e757 b.n 800c5ac + return HAL_SD_ERROR_DATA_TIMEOUT; + 800c6fc: 2008 movs r0, #8 + 800c6fe: e755 b.n 800c5ac + 800c700: 1fe00fff .word 0x1fe00fff + 800c704: 18000f3a .word 0x18000f3a + +0800c708 : + pCardInfo->CardType = (uint32_t)(hsd->SdCard.CardType); + 800c708: 6bc3 ldr r3, [r0, #60] ; 0x3c + 800c70a: 600b str r3, [r1, #0] + pCardInfo->CardVersion = (uint32_t)(hsd->SdCard.CardVersion); + 800c70c: 6c03 ldr r3, [r0, #64] ; 0x40 + 800c70e: 604b str r3, [r1, #4] + pCardInfo->Class = (uint32_t)(hsd->SdCard.Class); + 800c710: 6c43 ldr r3, [r0, #68] ; 0x44 + 800c712: 608b str r3, [r1, #8] + pCardInfo->RelCardAdd = (uint32_t)(hsd->SdCard.RelCardAdd); + 800c714: 6c83 ldr r3, [r0, #72] ; 0x48 + 800c716: 60cb str r3, [r1, #12] + pCardInfo->BlockNbr = (uint32_t)(hsd->SdCard.BlockNbr); + 800c718: 6cc3 ldr r3, [r0, #76] ; 0x4c + 800c71a: 610b str r3, [r1, #16] + pCardInfo->BlockSize = (uint32_t)(hsd->SdCard.BlockSize); + 800c71c: 6d03 ldr r3, [r0, #80] ; 0x50 + 800c71e: 614b str r3, [r1, #20] + pCardInfo->LogBlockNbr = (uint32_t)(hsd->SdCard.LogBlockNbr); + 800c720: 6d43 ldr r3, [r0, #84] ; 0x54 + 800c722: 618b str r3, [r1, #24] + pCardInfo->LogBlockSize = (uint32_t)(hsd->SdCard.LogBlockSize); + 800c724: 6d83 ldr r3, [r0, #88] ; 0x58 + 800c726: 61cb str r3, [r1, #28] +} + 800c728: 2000 movs r0, #0 + 800c72a: 4770 bx lr + +0800c72c : +{ + 800c72c: b530 push {r4, r5, lr} + hsd->State = HAL_SD_STATE_BUSY; + 800c72e: 2303 movs r3, #3 + 800c730: f880 3034 strb.w r3, [r0, #52] ; 0x34 + if(hsd->SdCard.CardType != CARD_SECURED) + 800c734: 6bc3 ldr r3, [r0, #60] ; 0x3c + 800c736: 2b03 cmp r3, #3 +{ + 800c738: b08b sub sp, #44 ; 0x2c + 800c73a: 4604 mov r4, r0 + 800c73c: 460d mov r5, r1 + if(hsd->SdCard.CardType != CARD_SECURED) + 800c73e: d002 beq.n 800c746 + if(WideMode == SDMMC_BUS_WIDE_8B) + 800c740: f5b1 4f00 cmp.w r1, #32768 ; 0x8000 + 800c744: d103 bne.n 800c74e + hsd->ErrorCode |= HAL_SD_ERROR_UNSUPPORTED_FEATURE; + 800c746: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c748: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + 800c74c: e049 b.n 800c7e2 + else if(WideMode == SDMMC_BUS_WIDE_4B) + 800c74e: f5b1 4f80 cmp.w r1, #16384 ; 0x4000 + 800c752: d123 bne.n 800c79c + uint32_t scr[2U] = {0UL, 0UL}; + 800c754: 2100 movs r1, #0 + if((SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1) & SDMMC_CARD_LOCKED) == SDMMC_CARD_LOCKED) + 800c756: 6800 ldr r0, [r0, #0] + uint32_t scr[2U] = {0UL, 0UL}; + 800c758: e9cd 1104 strd r1, r1, [sp, #16] + if((SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1) & SDMMC_CARD_LOCKED) == SDMMC_CARD_LOCKED) + 800c75c: f000 fafb bl 800cd56 + 800c760: 0180 lsls r0, r0, #6 + 800c762: d435 bmi.n 800c7d0 + errorstate = SD_FindSCR(hsd, scr); + 800c764: a904 add r1, sp, #16 + 800c766: 4620 mov r0, r4 + 800c768: f7ff fa32 bl 800bbd0 + if(errorstate != HAL_SD_ERROR_NONE) + 800c76c: b960 cbnz r0, 800c788 + if((scr[1U] & SDMMC_WIDE_BUS_SUPPORT) != SDMMC_ALLZERO) + 800c76e: 9b05 ldr r3, [sp, #20] + 800c770: 0359 lsls r1, r3, #13 + 800c772: d530 bpl.n 800c7d6 + errorstate = SDMMC_CmdAppCommand(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800c774: 6ca1 ldr r1, [r4, #72] ; 0x48 + 800c776: 6820 ldr r0, [r4, #0] + 800c778: 0409 lsls r1, r1, #16 + 800c77a: f000 fd04 bl 800d186 + if(errorstate != HAL_SD_ERROR_NONE) + 800c77e: b918 cbnz r0, 800c788 + errorstate = SDMMC_CmdBusWidth(hsd->Instance, 2U); + 800c780: 2102 movs r1, #2 + errorstate = SDMMC_CmdBusWidth(hsd->Instance, 0U); + 800c782: 6820 ldr r0, [r4, #0] + 800c784: f000 fd18 bl 800d1b8 + hsd->ErrorCode |= errorstate; + 800c788: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c78a: 4318 orrs r0, r3 + 800c78c: 63a0 str r0, [r4, #56] ; 0x38 + if(hsd->ErrorCode != HAL_SD_ERROR_NONE) + 800c78e: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c790: b34b cbz r3, 800c7e6 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c792: 6823 ldr r3, [r4, #0] + 800c794: 4a42 ldr r2, [pc, #264] ; (800c8a0 ) + 800c796: 639a str r2, [r3, #56] ; 0x38 + status = HAL_ERROR; + 800c798: 2501 movs r5, #1 + 800c79a: e054 b.n 800c846 + else if(WideMode == SDMMC_BUS_WIDE_1B) + 800c79c: b9f1 cbnz r1, 800c7dc + if((SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1) & SDMMC_CARD_LOCKED) == SDMMC_CARD_LOCKED) + 800c79e: 6800 ldr r0, [r0, #0] + uint32_t scr[2U] = {0UL, 0UL}; + 800c7a0: e9cd 1104 strd r1, r1, [sp, #16] + if((SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1) & SDMMC_CARD_LOCKED) == SDMMC_CARD_LOCKED) + 800c7a4: f000 fad7 bl 800cd56 + 800c7a8: 0182 lsls r2, r0, #6 + 800c7aa: d411 bmi.n 800c7d0 + errorstate = SD_FindSCR(hsd, scr); + 800c7ac: a904 add r1, sp, #16 + 800c7ae: 4620 mov r0, r4 + 800c7b0: f7ff fa0e bl 800bbd0 + if(errorstate != HAL_SD_ERROR_NONE) + 800c7b4: 2800 cmp r0, #0 + 800c7b6: d1e7 bne.n 800c788 + if((scr[1U] & SDMMC_SINGLE_BUS_SUPPORT) != SDMMC_ALLZERO) + 800c7b8: 9b05 ldr r3, [sp, #20] + 800c7ba: 03db lsls r3, r3, #15 + 800c7bc: d50b bpl.n 800c7d6 + errorstate = SDMMC_CmdAppCommand(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800c7be: 6ca1 ldr r1, [r4, #72] ; 0x48 + 800c7c0: 6820 ldr r0, [r4, #0] + 800c7c2: 0409 lsls r1, r1, #16 + 800c7c4: f000 fcdf bl 800d186 + if(errorstate != HAL_SD_ERROR_NONE) + 800c7c8: 2800 cmp r0, #0 + 800c7ca: d1dd bne.n 800c788 + errorstate = SDMMC_CmdBusWidth(hsd->Instance, 0U); + 800c7cc: 4601 mov r1, r0 + 800c7ce: e7d8 b.n 800c782 + return HAL_SD_ERROR_LOCK_UNLOCK_FAILED; + 800c7d0: f44f 6000 mov.w r0, #2048 ; 0x800 + 800c7d4: e7d8 b.n 800c788 + return HAL_SD_ERROR_REQUEST_NOT_APPLICABLE; + 800c7d6: f04f 6080 mov.w r0, #67108864 ; 0x4000000 + 800c7da: e7d5 b.n 800c788 + hsd->ErrorCode |= HAL_SD_ERROR_PARAM; + 800c7dc: 6b83 ldr r3, [r0, #56] ; 0x38 + 800c7de: f043 6300 orr.w r3, r3, #134217728 ; 0x8000000 + hsd->ErrorCode |= HAL_SD_ERROR_UNSUPPORTED_FEATURE; + 800c7e2: 63a3 str r3, [r4, #56] ; 0x38 + 800c7e4: e7d3 b.n 800c78e + sdmmc_clk = HAL_RCCEx_GetPeriphCLKFreq(RCC_PERIPHCLK_SDMMC1); + 800c7e6: f44f 2000 mov.w r0, #524288 ; 0x80000 + 800c7ea: f7fd f8af bl 800994c + if (sdmmc_clk != 0U) + 800c7ee: 2800 cmp r0, #0 + 800c7f0: d051 beq.n 800c896 + Init.ClockEdge = hsd->Init.ClockEdge; + 800c7f2: 6863 ldr r3, [r4, #4] + 800c7f4: 9304 str r3, [sp, #16] + Init.ClockPowerSave = hsd->Init.ClockPowerSave; + 800c7f6: 68a3 ldr r3, [r4, #8] + if (hsd->Init.ClockDiv >= (sdmmc_clk / (2U * SD_NORMAL_SPEED_FREQ))) + 800c7f8: 492a ldr r1, [pc, #168] ; (800c8a4 ) + 800c7fa: fbb0 f2f1 udiv r2, r0, r1 + Init.BusWide = WideMode; + 800c7fe: e9cd 3505 strd r3, r5, [sp, #20] + Init.HardwareFlowControl = hsd->Init.HardwareFlowControl; + 800c802: 6923 ldr r3, [r4, #16] + 800c804: 9307 str r3, [sp, #28] + if (hsd->Init.ClockDiv >= (sdmmc_clk / (2U * SD_NORMAL_SPEED_FREQ))) + 800c806: 6963 ldr r3, [r4, #20] + 800c808: 4293 cmp r3, r2 + 800c80a: d301 bcc.n 800c810 + Init.ClockDiv = sdmmc_clk / (2U * SD_NORMAL_SPEED_FREQ); + 800c80c: 9308 str r3, [sp, #32] + 800c80e: e00d b.n 800c82c + else if (hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) + 800c810: 6de5 ldr r5, [r4, #92] ; 0x5c + 800c812: f5b5 7f00 cmp.w r5, #512 ; 0x200 + 800c816: d0f9 beq.n 800c80c + else if (hsd->SdCard.CardSpeed == CARD_HIGH_SPEED) + 800c818: f5b5 7f80 cmp.w r5, #256 ; 0x100 + 800c81c: d12e bne.n 800c87c + if (hsd->Init.ClockDiv == 0U) + 800c81e: bb3b cbnz r3, 800c870 + if (sdmmc_clk > SD_HIGH_SPEED_FREQ) + 800c820: 4288 cmp r0, r1 + 800c822: d923 bls.n 800c86c + Init.ClockDiv = sdmmc_clk / (2U * SD_HIGH_SPEED_FREQ); + 800c824: 4b20 ldr r3, [pc, #128] ; (800c8a8 ) + 800c826: fbb0 f0f3 udiv r0, r0, r3 + 800c82a: 9008 str r0, [sp, #32] + Init.Transceiver = hsd->Init.Transceiver; + 800c82c: 69a3 ldr r3, [r4, #24] + 800c82e: 9309 str r3, [sp, #36] ; 0x24 + (void)SDMMC_Init(hsd->Instance, Init); + 800c830: ab0a add r3, sp, #40 ; 0x28 + 800c832: e913 0007 ldmdb r3, {r0, r1, r2} + 800c836: e88d 0007 stmia.w sp, {r0, r1, r2} + 800c83a: ab04 add r3, sp, #16 + 800c83c: cb0e ldmia r3, {r1, r2, r3} + 800c83e: 6820 ldr r0, [r4, #0] + 800c840: f000 fa36 bl 800ccb0 + HAL_StatusTypeDef status = HAL_OK; + 800c844: 2500 movs r5, #0 + errorstate = SDMMC_CmdBlockLength(hsd->Instance, BLOCKSIZE); + 800c846: 6820 ldr r0, [r4, #0] + 800c848: f44f 7100 mov.w r1, #512 ; 0x200 + 800c84c: f000 fb62 bl 800cf14 + if(errorstate != HAL_SD_ERROR_NONE) + 800c850: b130 cbz r0, 800c860 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c852: 6823 ldr r3, [r4, #0] + 800c854: 4a12 ldr r2, [pc, #72] ; (800c8a0 ) + 800c856: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= errorstate; + 800c858: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c85a: 4318 orrs r0, r3 + 800c85c: 63a0 str r0, [r4, #56] ; 0x38 + status = HAL_ERROR; + 800c85e: 2501 movs r5, #1 + hsd->State = HAL_SD_STATE_READY; + 800c860: 2301 movs r3, #1 +} + 800c862: 4628 mov r0, r5 + hsd->State = HAL_SD_STATE_READY; + 800c864: f884 3034 strb.w r3, [r4, #52] ; 0x34 +} + 800c868: b00b add sp, #44 ; 0x2c + 800c86a: bd30 pop {r4, r5, pc} + Init.ClockDiv = hsd->Init.ClockDiv; + 800c86c: 2300 movs r3, #0 + 800c86e: e7cd b.n 800c80c + if ((sdmmc_clk/(2U * hsd->Init.ClockDiv)) > SD_HIGH_SPEED_FREQ) + 800c870: 005a lsls r2, r3, #1 + 800c872: fbb0 f2f2 udiv r2, r0, r2 + 800c876: 428a cmp r2, r1 + 800c878: d9c8 bls.n 800c80c + 800c87a: e7d3 b.n 800c824 + if (hsd->Init.ClockDiv == 0U) + 800c87c: 490b ldr r1, [pc, #44] ; (800c8ac ) + 800c87e: b91b cbnz r3, 800c888 + if (sdmmc_clk > SD_NORMAL_SPEED_FREQ) + 800c880: 4288 cmp r0, r1 + 800c882: d9f3 bls.n 800c86c + Init.ClockDiv = sdmmc_clk / (2U * SD_NORMAL_SPEED_FREQ); + 800c884: 9208 str r2, [sp, #32] + 800c886: e7d1 b.n 800c82c + if ((sdmmc_clk/(2U * hsd->Init.ClockDiv)) > SD_NORMAL_SPEED_FREQ) + 800c888: 005d lsls r5, r3, #1 + 800c88a: fbb0 f0f5 udiv r0, r0, r5 + Init.ClockDiv = sdmmc_clk / (2U * SD_NORMAL_SPEED_FREQ); + 800c88e: 4288 cmp r0, r1 + 800c890: bf88 it hi + 800c892: 4613 movhi r3, r2 + 800c894: e7ba b.n 800c80c + hsd->ErrorCode |= SDMMC_ERROR_INVALID_PARAMETER; + 800c896: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c898: f043 6300 orr.w r3, r3, #134217728 ; 0x8000000 + 800c89c: 63a3 str r3, [r4, #56] ; 0x38 + 800c89e: e77b b.n 800c798 + 800c8a0: 1fe00fff .word 0x1fe00fff + 800c8a4: 02faf080 .word 0x02faf080 + 800c8a8: 05f5e100 .word 0x05f5e100 + 800c8ac: 017d7840 .word 0x017d7840 + +0800c8b0 : + errorstate = SDMMC_CmdSendStatus(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800c8b0: 6c81 ldr r1, [r0, #72] ; 0x48 +{ + 800c8b2: b510 push {r4, lr} + errorstate = SDMMC_CmdSendStatus(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800c8b4: 0409 lsls r1, r1, #16 +{ + 800c8b6: 4604 mov r4, r0 + errorstate = SDMMC_CmdSendStatus(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800c8b8: 6800 ldr r0, [r0, #0] + 800c8ba: f000 fccb bl 800d254 + if(errorstate != HAL_SD_ERROR_NONE) + 800c8be: 4601 mov r1, r0 + 800c8c0: b928 cbnz r0, 800c8ce + *pCardStatus = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1); + 800c8c2: 6820 ldr r0, [r4, #0] + 800c8c4: f000 fa47 bl 800cd56 +} + 800c8c8: f3c0 2043 ubfx r0, r0, #9, #4 + 800c8cc: bd10 pop {r4, pc} + hsd->ErrorCode |= errorstate; + 800c8ce: 6ba0 ldr r0, [r4, #56] ; 0x38 + 800c8d0: 4308 orrs r0, r1 + 800c8d2: 63a0 str r0, [r4, #56] ; 0x38 + uint32_t resp1 = 0; + 800c8d4: 2000 movs r0, #0 + 800c8d6: e7f7 b.n 800c8c8 + +0800c8d8 : +{ + 800c8d8: b570 push {r4, r5, r6, lr} + if(hsd == NULL) + 800c8da: 4604 mov r4, r0 +{ + 800c8dc: b086 sub sp, #24 + if(hsd == NULL) + 800c8de: b918 cbnz r0, 800c8e8 + return HAL_ERROR; + 800c8e0: 2501 movs r5, #1 +} + 800c8e2: 4628 mov r0, r5 + 800c8e4: b006 add sp, #24 + 800c8e6: bd70 pop {r4, r5, r6, pc} + if(hsd->State == HAL_SD_STATE_RESET) + 800c8e8: f890 3034 ldrb.w r3, [r0, #52] ; 0x34 + 800c8ec: f003 02ff and.w r2, r3, #255 ; 0xff + 800c8f0: b913 cbnz r3, 800c8f8 + hsd->Lock = HAL_UNLOCKED; + 800c8f2: 7702 strb r2, [r0, #28] + HAL_SD_MspInit(hsd); + 800c8f4: f7ff fa5a bl 800bdac + hsd->State = HAL_SD_STATE_BUSY; + 800c8f8: 2303 movs r3, #3 + 800c8fa: f884 3034 strb.w r3, [r4, #52] ; 0x34 + if (HAL_SD_InitCard(hsd) != HAL_OK) + 800c8fe: 4620 mov r0, r4 + 800c900: f7ff fcea bl 800c2d8 + 800c904: 2800 cmp r0, #0 + 800c906: d1eb bne.n 800c8e0 + if( HAL_SD_GetCardStatus(hsd, &CardStatus) != HAL_OK) + 800c908: a901 add r1, sp, #4 + 800c90a: 4620 mov r0, r4 + 800c90c: f7ff fe3e bl 800c58c + 800c910: 2800 cmp r0, #0 + 800c912: d1e5 bne.n 800c8e0 + if ((hsd->SdCard.CardType == CARD_SDHC_SDXC) && ((speedgrade != 0U) || (unitsize != 0U))) + 800c914: 6be1 ldr r1, [r4, #60] ; 0x3c + speedgrade = CardStatus.UhsSpeedGrade; + 800c916: f89d 2014 ldrb.w r2, [sp, #20] + unitsize = CardStatus.UhsAllocationUnitSize; + 800c91a: f89d 3015 ldrb.w r3, [sp, #21] + if ((hsd->SdCard.CardType == CARD_SDHC_SDXC) && ((speedgrade != 0U) || (unitsize != 0U))) + 800c91e: 2901 cmp r1, #1 + speedgrade = CardStatus.UhsSpeedGrade; + 800c920: b2d2 uxtb r2, r2 + unitsize = CardStatus.UhsAllocationUnitSize; + 800c922: b2db uxtb r3, r3 + if ((hsd->SdCard.CardType == CARD_SDHC_SDXC) && ((speedgrade != 0U) || (unitsize != 0U))) + 800c924: d11c bne.n 800c960 + 800c926: 4313 orrs r3, r2 + hsd->SdCard.CardSpeed = CARD_ULTRA_HIGH_SPEED; + 800c928: bf14 ite ne + 800c92a: f44f 7300 movne.w r3, #512 ; 0x200 + hsd->SdCard.CardSpeed = CARD_HIGH_SPEED; + 800c92e: f44f 7380 moveq.w r3, #256 ; 0x100 + 800c932: 65e3 str r3, [r4, #92] ; 0x5c + if(HAL_SD_ConfigWideBusOperation(hsd, hsd->Init.BusWide) != HAL_OK) + 800c934: 68e1 ldr r1, [r4, #12] + 800c936: 4620 mov r0, r4 + 800c938: f7ff fef8 bl 800c72c + 800c93c: 4605 mov r5, r0 + 800c93e: 2800 cmp r0, #0 + 800c940: d1ce bne.n 800c8e0 + tickstart = HAL_GetTick(); + 800c942: f7fa fbbd bl 80070c0 + 800c946: 4606 mov r6, r0 + while((HAL_SD_GetCardState(hsd) != HAL_SD_CARD_TRANSFER)) + 800c948: 4620 mov r0, r4 + 800c94a: f7ff ffb1 bl 800c8b0 + 800c94e: 2804 cmp r0, #4 + 800c950: d108 bne.n 800c964 + hsd->ErrorCode = HAL_SD_ERROR_NONE; + 800c952: 2300 movs r3, #0 + 800c954: 63a3 str r3, [r4, #56] ; 0x38 + hsd->Context = SD_CONTEXT_NONE; + 800c956: 6323 str r3, [r4, #48] ; 0x30 + hsd->State = HAL_SD_STATE_READY; + 800c958: 2301 movs r3, #1 + 800c95a: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_OK; + 800c95e: e7c0 b.n 800c8e2 + hsd->SdCard.CardSpeed = CARD_NORMAL_SPEED; + 800c960: 65e0 str r0, [r4, #92] ; 0x5c + 800c962: e7e7 b.n 800c934 + if((HAL_GetTick()-tickstart) >= SDMMC_DATATIMEOUT) + 800c964: f7fa fbac bl 80070c0 + 800c968: 1b80 subs r0, r0, r6 + 800c96a: 3001 adds r0, #1 + 800c96c: d1ec bne.n 800c948 + hsd->ErrorCode = HAL_SD_ERROR_TIMEOUT; + 800c96e: f04f 4300 mov.w r3, #2147483648 ; 0x80000000 + 800c972: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State= HAL_SD_STATE_READY; + 800c974: 2301 movs r3, #1 + 800c976: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800c97a: 2300 movs r3, #0 + 800c97c: 6323 str r3, [r4, #48] ; 0x30 + return HAL_TIMEOUT; + 800c97e: 2503 movs r5, #3 + 800c980: e7af b.n 800c8e2 + ... + +0800c984 : +{ + 800c984: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + uint32_t SD_hs[16] = {0}; + 800c988: 2640 movs r6, #64 ; 0x40 +{ + 800c98a: b096 sub sp, #88 ; 0x58 + 800c98c: 4605 mov r5, r0 + uint32_t SD_hs[16] = {0}; + 800c98e: 4632 mov r2, r6 + 800c990: 2100 movs r1, #0 + 800c992: a806 add r0, sp, #24 + 800c994: f000 fe3c bl 800d610 + uint32_t Timeout = HAL_GetTick(); + 800c998: f7fa fb92 bl 80070c0 + if(hsd->SdCard.CardSpeed == CARD_NORMAL_SPEED) + 800c99c: 6deb ldr r3, [r5, #92] ; 0x5c + uint32_t Timeout = HAL_GetTick(); + 800c99e: 4680 mov r8, r0 + if(hsd->SdCard.CardSpeed == CARD_NORMAL_SPEED) + 800c9a0: 2b00 cmp r3, #0 + 800c9a2: d066 beq.n 800ca72 + if(hsd->SdCard.CardSpeed == CARD_HIGH_SPEED) + 800c9a4: f5b3 7f80 cmp.w r3, #256 ; 0x100 + 800c9a8: d004 beq.n 800c9b4 + uint32_t errorstate = HAL_SD_ERROR_NONE; + 800c9aa: 2400 movs r4, #0 +} + 800c9ac: 4620 mov r0, r4 + 800c9ae: b016 add sp, #88 ; 0x58 + 800c9b0: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + hsd->Instance->DCTRL = 0; + 800c9b4: 6828 ldr r0, [r5, #0] + 800c9b6: 2300 movs r3, #0 + 800c9b8: 62c3 str r3, [r0, #44] ; 0x2c + errorstate = SDMMC_CmdBlockLength(hsd->Instance, 64U); + 800c9ba: 4631 mov r1, r6 + 800c9bc: f000 faaa bl 800cf14 + if (errorstate != HAL_SD_ERROR_NONE) + 800c9c0: 4604 mov r4, r0 + 800c9c2: 2800 cmp r0, #0 + 800c9c4: d1f2 bne.n 800c9ac + sdmmc_datainitstructure.DataTimeOut = SDMMC_DATATIMEOUT; + 800c9c6: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + sdmmc_datainitstructure.DataLength = 64U; + 800c9ca: e9cd 3600 strd r3, r6, [sp] + sdmmc_datainitstructure.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800c9ce: 2260 movs r2, #96 ; 0x60 + 800c9d0: 2302 movs r3, #2 + 800c9d2: e9cd 2302 strd r2, r3, [sp, #8] + sdmmc_datainitstructure.TransferMode = SDMMC_TRANSFER_MODE_BLOCK; + 800c9d6: 9004 str r0, [sp, #16] + sdmmc_datainitstructure.DPSM = SDMMC_DPSM_ENABLE; + 800c9d8: 2301 movs r3, #1 + if ( SDMMC_ConfigData(hsd->Instance, &sdmmc_datainitstructure) != HAL_OK) + 800c9da: 6828 ldr r0, [r5, #0] + sdmmc_datainitstructure.DPSM = SDMMC_DPSM_ENABLE; + 800c9dc: 9305 str r3, [sp, #20] + if ( SDMMC_ConfigData(hsd->Instance, &sdmmc_datainitstructure) != HAL_OK) + 800c9de: 4669 mov r1, sp + 800c9e0: f000 f9bc bl 800cd5c + 800c9e4: 2800 cmp r0, #0 + 800c9e6: d147 bne.n 800ca78 + errorstate = SDMMC_CmdSwitch(hsd->Instance,SDMMC_SDR25_SWITCH_PATTERN); + 800c9e8: 4925 ldr r1, [pc, #148] ; (800ca80 ) + 800c9ea: 6828 ldr r0, [r5, #0] + 800c9ec: f000 fbfd bl 800d1ea + if(errorstate != HAL_SD_ERROR_NONE) + 800c9f0: 4604 mov r4, r0 + 800c9f2: 2800 cmp r0, #0 + 800c9f4: d1da bne.n 800c9ac + uint32_t count, loop = 0 ; + 800c9f6: 4607 mov r7, r0 + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DBCKEND| SDMMC_FLAG_DATAEND )) + 800c9f8: f240 592a movw r9, #1322 ; 0x52a + 800c9fc: 682b ldr r3, [r5, #0] + 800c9fe: 6b5e ldr r6, [r3, #52] ; 0x34 + 800ca00: ea16 0609 ands.w r6, r6, r9 + 800ca04: d005 beq.n 800ca12 + if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DTIMEOUT)) + 800ca06: 6b5a ldr r2, [r3, #52] ; 0x34 + 800ca08: 0710 lsls r0, r2, #28 + 800ca0a: d51e bpl.n 800ca4a + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DTIMEOUT); + 800ca0c: 2208 movs r2, #8 + 800ca0e: 639a str r2, [r3, #56] ; 0x38 + return errorstate; + 800ca10: e7cc b.n 800c9ac + if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXFIFOHF)) + 800ca12: 6b5b ldr r3, [r3, #52] ; 0x34 + 800ca14: 041b lsls r3, r3, #16 + 800ca16: d50b bpl.n 800ca30 + 800ca18: ab06 add r3, sp, #24 + 800ca1a: eb03 1a47 add.w sl, r3, r7, lsl #5 + SD_hs[(8U*loop)+count] = SDMMC_ReadFIFO(hsd->Instance); + 800ca1e: 6828 ldr r0, [r5, #0] + 800ca20: f000 f960 bl 800cce4 + for (count = 0U; count < 8U; count++) + 800ca24: 3601 adds r6, #1 + 800ca26: 2e08 cmp r6, #8 + SD_hs[(8U*loop)+count] = SDMMC_ReadFIFO(hsd->Instance); + 800ca28: f84a 0b04 str.w r0, [sl], #4 + for (count = 0U; count < 8U; count++) + 800ca2c: d1f7 bne.n 800ca1e + loop ++; + 800ca2e: 3701 adds r7, #1 + if((HAL_GetTick()-Timeout) >= SDMMC_DATATIMEOUT) + 800ca30: f7fa fb46 bl 80070c0 + 800ca34: eba0 0008 sub.w r0, r0, r8 + 800ca38: 3001 adds r0, #1 + 800ca3a: d1df bne.n 800c9fc + hsd->ErrorCode = HAL_SD_ERROR_TIMEOUT; + 800ca3c: f04f 4400 mov.w r4, #2147483648 ; 0x80000000 + hsd->State= HAL_SD_STATE_READY; + 800ca40: 2301 movs r3, #1 + hsd->ErrorCode = HAL_SD_ERROR_TIMEOUT; + 800ca42: 63ac str r4, [r5, #56] ; 0x38 + hsd->State= HAL_SD_STATE_READY; + 800ca44: f885 3034 strb.w r3, [r5, #52] ; 0x34 + return HAL_SD_ERROR_TIMEOUT; + 800ca48: e7b0 b.n 800c9ac + else if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DCRCFAIL)) + 800ca4a: 6b5a ldr r2, [r3, #52] ; 0x34 + 800ca4c: 0791 lsls r1, r2, #30 + 800ca4e: d502 bpl.n 800ca56 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DCRCFAIL); + 800ca50: 2402 movs r4, #2 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800ca52: 639c str r4, [r3, #56] ; 0x38 + return errorstate; + 800ca54: e7aa b.n 800c9ac + else if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + 800ca56: 6b5a ldr r2, [r3, #52] ; 0x34 + 800ca58: 0692 lsls r2, r2, #26 + 800ca5a: d501 bpl.n 800ca60 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800ca5c: 2420 movs r4, #32 + 800ca5e: e7f8 b.n 800ca52 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_DATA_FLAGS); + 800ca60: 4a08 ldr r2, [pc, #32] ; (800ca84 ) + 800ca62: 639a str r2, [r3, #56] ; 0x38 + if ((((uint8_t*)SD_hs)[13] & 2U) != 2U) + 800ca64: f89d 3025 ldrb.w r3, [sp, #37] ; 0x25 + 800ca68: 079b lsls r3, r3, #30 + 800ca6a: d49e bmi.n 800c9aa + errorstate = SDMMC_ERROR_UNSUPPORTED_FEATURE; + 800ca6c: f04f 5480 mov.w r4, #268435456 ; 0x10000000 + 800ca70: e79c b.n 800c9ac + return HAL_SD_ERROR_REQUEST_NOT_APPLICABLE; + 800ca72: f04f 6480 mov.w r4, #67108864 ; 0x4000000 + 800ca76: e799 b.n 800c9ac + return (HAL_SD_ERROR_GENERAL_UNKNOWN_ERR); + 800ca78: f44f 3480 mov.w r4, #65536 ; 0x10000 + 800ca7c: e796 b.n 800c9ac + 800ca7e: bf00 nop + 800ca80: 80ffff01 .word 0x80ffff01 + 800ca84: 18000f3a .word 0x18000f3a + +0800ca88 : +{ + 800ca88: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + hsd->State = HAL_SD_STATE_BUSY; + 800ca8c: 2303 movs r3, #3 + 800ca8e: f880 3034 strb.w r3, [r0, #52] ; 0x34 + if(hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE) + 800ca92: 6983 ldr r3, [r0, #24] + 800ca94: 2b01 cmp r3, #1 +{ + 800ca96: b096 sub sp, #88 ; 0x58 + 800ca98: 4604 mov r4, r0 + if(hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE) + 800ca9a: f040 80cf bne.w 800cc3c + switch (SpeedMode) + 800ca9e: 2904 cmp r1, #4 + 800caa0: f200 80eb bhi.w 800cc7a + 800caa4: e8df f011 tbh [pc, r1, lsl #1] + 800caa8: 00150005 .word 0x00150005 + 800caac: 001e00dc .word 0x001e00dc + 800cab0: 0031 .short 0x0031 + if ((hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) || + 800cab2: 6dc3 ldr r3, [r0, #92] ; 0x5c + 800cab4: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800cab8: d002 beq.n 800cac0 + 800caba: 6bc2 ldr r2, [r0, #60] ; 0x3c + 800cabc: 2a01 cmp r2, #1 + 800cabe: d10a bne.n 800cad6 + hsd->Instance->CLKCR |= 0x00100000U; + 800cac0: 6822 ldr r2, [r4, #0] + 800cac2: 6853 ldr r3, [r2, #4] + 800cac4: f443 1380 orr.w r3, r3, #1048576 ; 0x100000 + 800cac8: 6053 str r3, [r2, #4] + if (SD_UltraHighSpeed(hsd) != HAL_SD_ERROR_NONE) + 800caca: 4620 mov r0, r4 + 800cacc: f7ff f8e6 bl 800bc9c + 800cad0: b920 cbnz r0, 800cadc + switch (SpeedMode) + 800cad2: 2500 movs r5, #0 + 800cad4: e063 b.n 800cb9e + else if (hsd->SdCard.CardSpeed == CARD_HIGH_SPEED) + 800cad6: f5b3 7f80 cmp.w r3, #256 ; 0x100 + (hsd->SdCard.CardSpeed == CARD_HIGH_SPEED) || + 800cada: d1fa bne.n 800cad2 + if (SD_HighSpeed(hsd) != HAL_SD_ERROR_NONE) + 800cadc: 4620 mov r0, r4 + 800cade: f7ff ff51 bl 800c984 + 800cae2: e00f b.n 800cb04 + if ((hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) || + 800cae4: 6dc3 ldr r3, [r0, #92] ; 0x5c + 800cae6: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800caea: d003 beq.n 800caf4 + 800caec: 6bc3 ldr r3, [r0, #60] ; 0x3c + 800caee: 2b01 cmp r3, #1 + 800caf0: f040 8089 bne.w 800cc06 + hsd->Instance->CLKCR |= 0x00100000U; + 800caf4: 6822 ldr r2, [r4, #0] + 800caf6: 6853 ldr r3, [r2, #4] + 800caf8: f443 1380 orr.w r3, r3, #1048576 ; 0x100000 + 800cafc: 6053 str r3, [r2, #4] + if (SD_UltraHighSpeed(hsd) != HAL_SD_ERROR_NONE) + 800cafe: 4620 mov r0, r4 + 800cb00: f7ff f8cc bl 800bc9c + if (SD_HighSpeed(hsd) != HAL_SD_ERROR_NONE) + 800cb04: 2800 cmp r0, #0 + 800cb06: d0e4 beq.n 800cad2 + 800cb08: e07d b.n 800cc06 + if ((hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) || + 800cb0a: 6dc3 ldr r3, [r0, #92] ; 0x5c + 800cb0c: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800cb10: d002 beq.n 800cb18 + 800cb12: 6bc3 ldr r3, [r0, #60] ; 0x3c + 800cb14: 2b01 cmp r3, #1 + 800cb16: d176 bne.n 800cc06 + hsd->Instance->CLKCR |= 0x00100000U; + 800cb18: 6822 ldr r2, [r4, #0] + 800cb1a: 6853 ldr r3, [r2, #4] + */ +static uint32_t SD_DDR_Mode(SD_HandleTypeDef *hsd) +{ + uint32_t errorstate = HAL_SD_ERROR_NONE; + SDMMC_DataInitTypeDef sdmmc_datainitstructure; + uint32_t SD_hs[16] = {0}; + 800cb1c: 2540 movs r5, #64 ; 0x40 + hsd->Instance->CLKCR |= 0x00100000U; + 800cb1e: f443 1380 orr.w r3, r3, #1048576 ; 0x100000 + 800cb22: 6053 str r3, [r2, #4] + uint32_t SD_hs[16] = {0}; + 800cb24: 2100 movs r1, #0 + 800cb26: 462a mov r2, r5 + 800cb28: a806 add r0, sp, #24 + 800cb2a: f000 fd71 bl 800d610 + uint32_t count, loop = 0 ; + uint32_t Timeout = HAL_GetTick(); + 800cb2e: f7fa fac7 bl 80070c0 + + if(hsd->SdCard.CardSpeed == CARD_NORMAL_SPEED) + 800cb32: 6de3 ldr r3, [r4, #92] ; 0x5c + uint32_t Timeout = HAL_GetTick(); + 800cb34: 4680 mov r8, r0 + if(hsd->SdCard.CardSpeed == CARD_NORMAL_SPEED) + 800cb36: 2b00 cmp r3, #0 + 800cb38: d065 beq.n 800cc06 + { + /* Standard Speed Card <= 12.5Mhz */ + return HAL_SD_ERROR_REQUEST_NOT_APPLICABLE; + } + + if((hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) && + 800cb3a: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800cb3e: d1c8 bne.n 800cad2 + 800cb40: 69a6 ldr r6, [r4, #24] + 800cb42: 2e01 cmp r6, #1 + 800cb44: d1c5 bne.n 800cad2 + (hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE)) + { + /* Initialize the Data control register */ + hsd->Instance->DCTRL = 0; + 800cb46: 6820 ldr r0, [r4, #0] + 800cb48: 2300 movs r3, #0 + 800cb4a: 62c3 str r3, [r0, #44] ; 0x2c + errorstate = SDMMC_CmdBlockLength(hsd->Instance, 64U); + 800cb4c: 4629 mov r1, r5 + 800cb4e: f000 f9e1 bl 800cf14 + + if (errorstate != HAL_SD_ERROR_NONE) + 800cb52: 2800 cmp r0, #0 + 800cb54: d157 bne.n 800cc06 + { + return errorstate; + } + + /* Configure the SD DPSM (Data Path State Machine) */ + sdmmc_datainitstructure.DataTimeOut = SDMMC_DATATIMEOUT; + 800cb56: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + sdmmc_datainitstructure.DataLength = 64U; + 800cb5a: e9cd 3500 strd r3, r5, [sp] + sdmmc_datainitstructure.DataBlockSize = SDMMC_DATABLOCK_SIZE_64B ; + sdmmc_datainitstructure.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + sdmmc_datainitstructure.TransferMode = SDMMC_TRANSFER_MODE_BLOCK; + sdmmc_datainitstructure.DPSM = SDMMC_DPSM_ENABLE; + 800cb5e: e9cd 0604 strd r0, r6, [sp, #16] + sdmmc_datainitstructure.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800cb62: 2260 movs r2, #96 ; 0x60 + 800cb64: 2302 movs r3, #2 + + if ( SDMMC_ConfigData(hsd->Instance, &sdmmc_datainitstructure) != HAL_OK) + 800cb66: 6820 ldr r0, [r4, #0] + 800cb68: 4669 mov r1, sp + sdmmc_datainitstructure.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800cb6a: e9cd 2302 strd r2, r3, [sp, #8] + if ( SDMMC_ConfigData(hsd->Instance, &sdmmc_datainitstructure) != HAL_OK) + 800cb6e: f000 f8f5 bl 800cd5c + 800cb72: 4605 mov r5, r0 + 800cb74: 2800 cmp r0, #0 + 800cb76: d146 bne.n 800cc06 + { + return (HAL_SD_ERROR_GENERAL_UNKNOWN_ERR); + } + + errorstate = SDMMC_CmdSwitch(hsd->Instance, SDMMC_DDR50_SWITCH_PATTERN); + 800cb78: 494a ldr r1, [pc, #296] ; (800cca4 ) + 800cb7a: 6820 ldr r0, [r4, #0] + 800cb7c: f000 fb35 bl 800d1ea + if(errorstate != HAL_SD_ERROR_NONE) + 800cb80: 4607 mov r7, r0 + 800cb82: 2800 cmp r0, #0 + 800cb84: d13f bne.n 800cc06 + { + return errorstate; + } + + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DBCKEND| SDMMC_FLAG_DATAEND )) + 800cb86: f240 592a movw r9, #1322 ; 0x52a + 800cb8a: 6823 ldr r3, [r4, #0] + 800cb8c: 6b5e ldr r6, [r3, #52] ; 0x34 + 800cb8e: ea16 0609 ands.w r6, r6, r9 + 800cb92: d01d beq.n 800cbd0 + hsd->State= HAL_SD_STATE_READY; + return HAL_SD_ERROR_TIMEOUT; + } + } + + if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DTIMEOUT)) + 800cb94: 6b5a ldr r2, [r3, #52] ; 0x34 + 800cb96: 0710 lsls r0, r2, #28 + 800cb98: d53b bpl.n 800cc12 + { + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DTIMEOUT); + 800cb9a: 2208 movs r2, #8 + 800cb9c: 639a str r2, [r3, #56] ; 0x38 + tickstart = HAL_GetTick(); + 800cb9e: f7fa fa8f bl 80070c0 + 800cba2: 4606 mov r6, r0 + while ((HAL_SD_GetCardState(hsd) != HAL_SD_CARD_TRANSFER)) + 800cba4: 4620 mov r0, r4 + 800cba6: f7ff fe83 bl 800c8b0 + 800cbaa: 2804 cmp r0, #4 + 800cbac: d169 bne.n 800cc82 + errorstate = SDMMC_CmdBlockLength(hsd->Instance, BLOCKSIZE); + 800cbae: 6820 ldr r0, [r4, #0] + 800cbb0: f44f 7100 mov.w r1, #512 ; 0x200 + 800cbb4: f000 f9ae bl 800cf14 + if(errorstate != HAL_SD_ERROR_NONE) + 800cbb8: b130 cbz r0, 800cbc8 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800cbba: 6823 ldr r3, [r4, #0] + 800cbbc: 4a3a ldr r2, [pc, #232] ; (800cca8 ) + 800cbbe: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= errorstate; + 800cbc0: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800cbc2: 4318 orrs r0, r3 + 800cbc4: 63a0 str r0, [r4, #56] ; 0x38 + status = HAL_ERROR; + 800cbc6: 2501 movs r5, #1 + hsd->State = HAL_SD_STATE_READY; + 800cbc8: 2301 movs r3, #1 + 800cbca: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return status; + 800cbce: e064 b.n 800cc9a + if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXFIFOHF)) + 800cbd0: 6b5b ldr r3, [r3, #52] ; 0x34 + 800cbd2: 041b lsls r3, r3, #16 + 800cbd4: d50b bpl.n 800cbee + 800cbd6: ab06 add r3, sp, #24 + 800cbd8: eb03 1a47 add.w sl, r3, r7, lsl #5 + SD_hs[(8U*loop)+count] = SDMMC_ReadFIFO(hsd->Instance); + 800cbdc: 6820 ldr r0, [r4, #0] + 800cbde: f000 f881 bl 800cce4 + for (count = 0U; count < 8U; count++) + 800cbe2: 3601 adds r6, #1 + 800cbe4: 2e08 cmp r6, #8 + SD_hs[(8U*loop)+count] = SDMMC_ReadFIFO(hsd->Instance); + 800cbe6: f84a 0b04 str.w r0, [sl], #4 + for (count = 0U; count < 8U; count++) + 800cbea: d1f7 bne.n 800cbdc + loop ++; + 800cbec: 3701 adds r7, #1 + if((HAL_GetTick()-Timeout) >= SDMMC_DATATIMEOUT) + 800cbee: f7fa fa67 bl 80070c0 + 800cbf2: eba0 0008 sub.w r0, r0, r8 + 800cbf6: 3001 adds r0, #1 + 800cbf8: d1c7 bne.n 800cb8a + hsd->ErrorCode = HAL_SD_ERROR_TIMEOUT; + 800cbfa: f04f 4300 mov.w r3, #2147483648 ; 0x80000000 + 800cbfe: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State= HAL_SD_STATE_READY; + 800cc00: 2301 movs r3, #1 + 800cc02: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->ErrorCode |= HAL_SD_ERROR_UNSUPPORTED_FEATURE; + 800cc06: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800cc08: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + hsd->ErrorCode |= HAL_SD_ERROR_PARAM; + 800cc0c: 63a3 str r3, [r4, #56] ; 0x38 + status = HAL_ERROR; + 800cc0e: 2501 movs r5, #1 + break; + 800cc10: e7c5 b.n 800cb9e + + return errorstate; + } + else if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DCRCFAIL)) + 800cc12: 6b5a ldr r2, [r3, #52] ; 0x34 + 800cc14: 0791 lsls r1, r2, #30 + 800cc16: d502 bpl.n 800cc1e + { + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DCRCFAIL); + 800cc18: 2202 movs r2, #2 + + return errorstate; + } + else if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + { + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800cc1a: 639a str r2, [r3, #56] ; 0x38 + + errorstate = SDMMC_ERROR_RX_OVERRUN; + + return errorstate; + 800cc1c: e7f3 b.n 800cc06 + else if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + 800cc1e: 6b5a ldr r2, [r3, #52] ; 0x34 + 800cc20: 0692 lsls r2, r2, #26 + 800cc22: d501 bpl.n 800cc28 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800cc24: 2220 movs r2, #32 + 800cc26: e7f8 b.n 800cc1a + { + /* No error flag set */ + } + + /* Clear all the static flags */ + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_DATA_FLAGS); + 800cc28: 4a20 ldr r2, [pc, #128] ; (800ccac ) + 800cc2a: 639a str r2, [r3, #56] ; 0x38 + + /* Test if the switch mode is ok */ + if ((((uint8_t*)SD_hs)[13] & 2U) != 2U) + 800cc2c: f89d 3025 ldrb.w r3, [sp, #37] ; 0x25 + 800cc30: 079b lsls r3, r3, #30 + 800cc32: d5e8 bpl.n 800cc06 + else + { +#if defined (USE_HAL_SD_REGISTER_CALLBACKS) && (USE_HAL_SD_REGISTER_CALLBACKS == 1U) + hsd->DriveTransceiver_1_8V_Callback(SET); +#else + HAL_SDEx_DriveTransceiver_1_8V_Callback(SET); + 800cc34: 2001 movs r0, #1 + 800cc36: f7fa fab3 bl 80071a0 + 800cc3a: e7b0 b.n 800cb9e + switch (SpeedMode) + 800cc3c: 2901 cmp r1, #1 + 800cc3e: f43f af48 beq.w 800cad2 + 800cc42: 2902 cmp r1, #2 + 800cc44: d00c beq.n 800cc60 + 800cc46: b9c1 cbnz r1, 800cc7a + if ((hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) || + 800cc48: 6dc3 ldr r3, [r0, #92] ; 0x5c + 800cc4a: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800cc4e: f43f af45 beq.w 800cadc + 800cc52: f5b3 7f80 cmp.w r3, #256 ; 0x100 + 800cc56: f43f af41 beq.w 800cadc + (hsd->SdCard.CardSpeed == CARD_HIGH_SPEED) || + 800cc5a: 6bc3 ldr r3, [r0, #60] ; 0x3c + 800cc5c: 2b01 cmp r3, #1 + 800cc5e: e73c b.n 800cada + if ((hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) || + 800cc60: 6de3 ldr r3, [r4, #92] ; 0x5c + 800cc62: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800cc66: f43f af39 beq.w 800cadc + 800cc6a: f5b3 7f80 cmp.w r3, #256 ; 0x100 + 800cc6e: f43f af35 beq.w 800cadc + (hsd->SdCard.CardSpeed == CARD_HIGH_SPEED) || + 800cc72: 6be3 ldr r3, [r4, #60] ; 0x3c + 800cc74: 2b01 cmp r3, #1 + 800cc76: d1c6 bne.n 800cc06 + 800cc78: e730 b.n 800cadc + hsd->ErrorCode |= HAL_SD_ERROR_PARAM; + 800cc7a: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800cc7c: f043 6300 orr.w r3, r3, #134217728 ; 0x8000000 + 800cc80: e7c4 b.n 800cc0c + if ((HAL_GetTick() - tickstart) >= SDMMC_DATATIMEOUT) + 800cc82: f7fa fa1d bl 80070c0 + 800cc86: 1b80 subs r0, r0, r6 + 800cc88: 3001 adds r0, #1 + 800cc8a: d18b bne.n 800cba4 + hsd->ErrorCode = HAL_SD_ERROR_TIMEOUT; + 800cc8c: f04f 4300 mov.w r3, #2147483648 ; 0x80000000 + 800cc90: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800cc92: 2301 movs r3, #1 + 800cc94: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_TIMEOUT; + 800cc98: 2503 movs r5, #3 +} + 800cc9a: 4628 mov r0, r5 + 800cc9c: b016 add sp, #88 ; 0x58 + 800cc9e: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + 800cca2: bf00 nop + 800cca4: 80ffff04 .word 0x80ffff04 + 800cca8: 1fe00fff .word 0x1fe00fff + 800ccac: 18000f3a .word 0x18000f3a + +0800ccb0 : + * @param SDMMCx Pointer to SDMMC register base + * @param Init SDMMC initialization structure + * @retval HAL status + */ +HAL_StatusTypeDef SDMMC_Init(SDMMC_TypeDef *SDMMCx, SDMMC_InitTypeDef Init) +{ + 800ccb0: b084 sub sp, #16 + 800ccb2: b510 push {r4, lr} + 800ccb4: ac03 add r4, sp, #12 + 800ccb6: e884 000e stmia.w r4, {r1, r2, r3} + + /* Set SDMMC configuration parameters */ +#if !defined(STM32L4P5xx) && !defined(STM32L4Q5xx) && !defined(STM32L4R5xx) && !defined(STM32L4R7xx) && !defined(STM32L4R9xx) && !defined(STM32L4S5xx) && !defined(STM32L4S7xx) && !defined(STM32L4S9xx) + tmpreg |= Init.ClockBypass; +#endif + tmpreg |= (Init.ClockEdge |\ + 800ccba: 9b03 ldr r3, [sp, #12] + Init.HardwareFlowControl |\ + Init.ClockDiv + ); + + /* Write to SDMMC CLKCR */ + MODIFY_REG(SDMMCx->CLKCR, CLKCR_CLEAR_MASK, tmpreg); + 800ccbc: 6841 ldr r1, [r0, #4] + tmpreg |= (Init.ClockEdge |\ + 800ccbe: 4313 orrs r3, r2 + Init.ClockPowerSave |\ + 800ccc0: 9a05 ldr r2, [sp, #20] + 800ccc2: 4313 orrs r3, r2 + Init.BusWide |\ + 800ccc4: 9a06 ldr r2, [sp, #24] + 800ccc6: 4313 orrs r3, r2 + Init.HardwareFlowControl |\ + 800ccc8: 9a07 ldr r2, [sp, #28] + + return HAL_OK; +} + 800ccca: e8bd 4010 ldmia.w sp!, {r4, lr} + Init.HardwareFlowControl |\ + 800ccce: 4313 orrs r3, r2 + MODIFY_REG(SDMMCx->CLKCR, CLKCR_CLEAR_MASK, tmpreg); + 800ccd0: 4a03 ldr r2, [pc, #12] ; (800cce0 ) + 800ccd2: 400a ands r2, r1 + 800ccd4: 4313 orrs r3, r2 + 800ccd6: 6043 str r3, [r0, #4] +} + 800ccd8: b004 add sp, #16 + 800ccda: 2000 movs r0, #0 + 800ccdc: 4770 bx lr + 800ccde: bf00 nop + 800cce0: ffc02c00 .word 0xffc02c00 + +0800cce4 : + * @retval HAL status + */ +uint32_t SDMMC_ReadFIFO(SDMMC_TypeDef *SDMMCx) +{ + /* Read data from Rx FIFO */ + return (SDMMCx->FIFO); + 800cce4: f8d0 0080 ldr.w r0, [r0, #128] ; 0x80 +} + 800cce8: 4770 bx lr + +0800ccea : + * @retval HAL status + */ +HAL_StatusTypeDef SDMMC_WriteFIFO(SDMMC_TypeDef *SDMMCx, uint32_t *pWriteData) +{ + /* Write data to FIFO */ + SDMMCx->FIFO = *pWriteData; + 800ccea: 680b ldr r3, [r1, #0] + 800ccec: f8c0 3080 str.w r3, [r0, #128] ; 0x80 + + return HAL_OK; +} + 800ccf0: 2000 movs r0, #0 + 800ccf2: 4770 bx lr + +0800ccf4 : + * @brief Set SDMMC Power state to ON. + * @param SDMMCx Pointer to SDMMC register base + * @retval HAL status + */ +HAL_StatusTypeDef SDMMC_PowerState_ON(SDMMC_TypeDef *SDMMCx) +{ + 800ccf4: b508 push {r3, lr} + /* Set power state to ON */ +#if defined(STM32L4P5xx) || defined(STM32L4Q5xx) || defined(STM32L4R5xx) || defined(STM32L4R7xx) || defined(STM32L4R9xx) || defined(STM32L4S5xx) || defined(STM32L4S7xx) || defined(STM32L4S9xx) + SDMMCx->POWER |= SDMMC_POWER_PWRCTRL; + 800ccf6: 6803 ldr r3, [r0, #0] + 800ccf8: f043 0303 orr.w r3, r3, #3 + 800ccfc: 6003 str r3, [r0, #0] + SDMMCx->POWER = SDMMC_POWER_PWRCTRL; +#endif /* STM32L4P5xx || STM32L4Q5xx || STM32L4R5xx || STM32L4R7xx || STM32L4R9xx || STM32L4S5xx || STM32L4S7xx || STM32L4S9xx */ + + /* 1ms: required power up waiting time before starting the SD initialization + sequence */ + HAL_Delay(2); + 800ccfe: 2002 movs r0, #2 + 800cd00: f7f6 fdf7 bl 80038f2 + + return HAL_OK; +} + 800cd04: 2000 movs r0, #0 + 800cd06: bd08 pop {r3, pc} + +0800cd08 : + * @retval HAL status + */ +HAL_StatusTypeDef SDMMC_PowerState_Cycle(SDMMC_TypeDef *SDMMCx) +{ + /* Set power state to Power Cycle*/ + SDMMCx->POWER |= SDMMC_POWER_PWRCTRL_1; + 800cd08: 6803 ldr r3, [r0, #0] + 800cd0a: f043 0302 orr.w r3, r3, #2 + 800cd0e: 6003 str r3, [r0, #0] + + return HAL_OK; +} + 800cd10: 2000 movs r0, #0 + 800cd12: 4770 bx lr + +0800cd14 : + */ +HAL_StatusTypeDef SDMMC_PowerState_OFF(SDMMC_TypeDef *SDMMCx) +{ + /* Set power state to OFF */ +#if defined(STM32L4P5xx) || defined(STM32L4Q5xx) || defined(STM32L4R5xx) || defined(STM32L4R7xx) || defined(STM32L4R9xx) || defined(STM32L4S5xx) || defined(STM32L4S7xx) || defined(STM32L4S9xx) + SDMMCx->POWER &= ~(SDMMC_POWER_PWRCTRL); + 800cd14: 6803 ldr r3, [r0, #0] + 800cd16: f023 0303 bic.w r3, r3, #3 + 800cd1a: 6003 str r3, [r0, #0] +#else + SDMMCx->POWER = (uint32_t)0x00000000; +#endif /* STM32L4P5xx || STM32L4Q5xx || STM32L4R5xx || STM32L4R7xx || STM32L4R9xx || STM32L4S5xx || STM32L4S7xx || STM32L4S9xx */ + + return HAL_OK; +} + 800cd1c: 2000 movs r0, #0 + 800cd1e: 4770 bx lr + +0800cd20 : + * - 0x02: Power UP + * - 0x03: Power ON + */ +uint32_t SDMMC_GetPowerState(SDMMC_TypeDef *SDMMCx) +{ + return (SDMMCx->POWER & SDMMC_POWER_PWRCTRL); + 800cd20: 6800 ldr r0, [r0, #0] +} + 800cd22: f000 0003 and.w r0, r0, #3 + 800cd26: 4770 bx lr + +0800cd28 : + assert_param(IS_SDMMC_RESPONSE(Command->Response)); + assert_param(IS_SDMMC_WAIT(Command->WaitForInterrupt)); + assert_param(IS_SDMMC_CPSM(Command->CPSM)); + + /* Set the SDMMC Argument value */ + SDMMCx->ARG = Command->Argument; + 800cd28: 680b ldr r3, [r1, #0] +{ + 800cd2a: b510 push {r4, lr} + SDMMCx->ARG = Command->Argument; + 800cd2c: 6083 str r3, [r0, #8] + + /* Set SDMMC command parameters */ + tmpreg |= (uint32_t)(Command->CmdIndex |\ + 800cd2e: e9d1 3201 ldrd r3, r2, [r1, #4] + 800cd32: 4313 orrs r3, r2 + Command->Response |\ + 800cd34: 68ca ldr r2, [r1, #12] + Command->WaitForInterrupt |\ + Command->CPSM); + + /* Write to SDMMC CMD register */ + MODIFY_REG(SDMMCx->CMD, CMD_CLEAR_MASK, tmpreg); + 800cd36: 68c4 ldr r4, [r0, #12] + Command->Response |\ + 800cd38: 4313 orrs r3, r2 + Command->WaitForInterrupt |\ + 800cd3a: 690a ldr r2, [r1, #16] + 800cd3c: 4313 orrs r3, r2 + MODIFY_REG(SDMMCx->CMD, CMD_CLEAR_MASK, tmpreg); + 800cd3e: 4a03 ldr r2, [pc, #12] ; (800cd4c ) + 800cd40: 4022 ands r2, r4 + 800cd42: 4313 orrs r3, r2 + 800cd44: 60c3 str r3, [r0, #12] + + return HAL_OK; +} + 800cd46: 2000 movs r0, #0 + 800cd48: bd10 pop {r4, pc} + 800cd4a: bf00 nop + 800cd4c: fffee0c0 .word 0xfffee0c0 + +0800cd50 : + * @param SDMMCx Pointer to SDMMC register base + * @retval Command index of the last command response received + */ +uint8_t SDMMC_GetCommandResponse(SDMMC_TypeDef *SDMMCx) +{ + return (uint8_t)(SDMMCx->RESPCMD); + 800cd50: 6900 ldr r0, [r0, #16] +} + 800cd52: b2c0 uxtb r0, r0 + 800cd54: 4770 bx lr + +0800cd56 : + + /* Check the parameters */ + assert_param(IS_SDMMC_RESP(Response)); + + /* Get the response */ + tmp = (uint32_t)(&(SDMMCx->RESP1)) + Response; + 800cd56: 3014 adds r0, #20 + + return (*(__IO uint32_t *) tmp); + 800cd58: 5840 ldr r0, [r0, r1] +} + 800cd5a: 4770 bx lr + +0800cd5c : + assert_param(IS_SDMMC_TRANSFER_DIR(Data->TransferDir)); + assert_param(IS_SDMMC_TRANSFER_MODE(Data->TransferMode)); + assert_param(IS_SDMMC_DPSM(Data->DPSM)); + + /* Set the SDMMC Data TimeOut value */ + SDMMCx->DTIMER = Data->DataTimeOut; + 800cd5c: 680b ldr r3, [r1, #0] +{ + 800cd5e: b510 push {r4, lr} + SDMMCx->DTIMER = Data->DataTimeOut; + 800cd60: 6243 str r3, [r0, #36] ; 0x24 + + /* Set the SDMMC DataLength value */ + SDMMCx->DLEN = Data->DataLength; + 800cd62: 684b ldr r3, [r1, #4] + 800cd64: 6283 str r3, [r0, #40] ; 0x28 + + /* Set the SDMMC data configuration parameters */ + tmpreg |= (uint32_t)(Data->DataBlockSize |\ + 800cd66: e9d1 3402 ldrd r3, r4, [r1, #8] + 800cd6a: 4323 orrs r3, r4 + Data->TransferDir |\ + 800cd6c: 690c ldr r4, [r1, #16] + Data->TransferMode |\ + Data->DPSM); + + /* Write to SDMMC DCTRL */ + MODIFY_REG(SDMMCx->DCTRL, DCTRL_CLEAR_MASK, tmpreg); + 800cd6e: 6ac2 ldr r2, [r0, #44] ; 0x2c + Data->TransferMode |\ + 800cd70: 6949 ldr r1, [r1, #20] + Data->TransferDir |\ + 800cd72: 4323 orrs r3, r4 + Data->TransferMode |\ + 800cd74: 430b orrs r3, r1 + MODIFY_REG(SDMMCx->DCTRL, DCTRL_CLEAR_MASK, tmpreg); + 800cd76: f022 02ff bic.w r2, r2, #255 ; 0xff + 800cd7a: 4313 orrs r3, r2 + 800cd7c: 62c3 str r3, [r0, #44] ; 0x2c + + return HAL_OK; + +} + 800cd7e: 2000 movs r0, #0 + 800cd80: bd10 pop {r4, pc} + +0800cd82 : + * @param SDMMCx Pointer to SDMMC register base + * @retval Number of remaining data bytes to be transferred + */ +uint32_t SDMMC_GetDataCounter(SDMMC_TypeDef *SDMMCx) +{ + return (SDMMCx->DCOUNT); + 800cd82: 6b00 ldr r0, [r0, #48] ; 0x30 +} + 800cd84: 4770 bx lr + +0800cd86 : + 800cd86: f8d0 0080 ldr.w r0, [r0, #128] ; 0x80 + 800cd8a: 4770 bx lr + +0800cd8c : +{ + /* Check the parameters */ + assert_param(IS_SDMMC_READWAIT_MODE(SDMMC_ReadWaitMode)); + + /* Set SDMMC read wait mode */ + MODIFY_REG(SDMMCx->DCTRL, SDMMC_DCTRL_RWMOD, SDMMC_ReadWaitMode); + 800cd8c: 6ac3 ldr r3, [r0, #44] ; 0x2c + 800cd8e: f423 6380 bic.w r3, r3, #1024 ; 0x400 + 800cd92: 4319 orrs r1, r3 + 800cd94: 62c1 str r1, [r0, #44] ; 0x2c + + return HAL_OK; +} + 800cd96: 2000 movs r0, #0 + 800cd98: 4770 bx lr + ... + +0800cd9c : + * @brief Send the Go Idle State command and check the response. + * @param SDMMCx Pointer to SDMMC register base + * @retval HAL status + */ +uint32_t SDMMC_CmdGoIdleState(SDMMC_TypeDef *SDMMCx) +{ + 800cd9c: b510 push {r4, lr} + SDMMC_CmdInitTypeDef sdmmc_cmdinit; + uint32_t errorstate; + + sdmmc_cmdinit.Argument = 0U; + 800cd9e: 2300 movs r3, #0 +{ + 800cda0: b086 sub sp, #24 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_GO_IDLE_STATE; + 800cda2: e9cd 3301 strd r3, r3, [sp, #4] + sdmmc_cmdinit.Response = SDMMC_RESPONSE_NO; + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800cda6: e9cd 3303 strd r3, r3, [sp, #12] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800cdaa: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cdac: f44f 5380 mov.w r3, #4096 ; 0x1000 + 800cdb0: 9305 str r3, [sp, #20] +{ + 800cdb2: 4604 mov r4, r0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800cdb4: f7ff ffb8 bl 800cd28 + */ +static uint32_t SDMMC_GetCmdError(SDMMC_TypeDef *SDMMCx) +{ + /* 8 is the number of required instructions cycles for the below loop statement. + The SDMMC_CMDTIMEOUT is expressed in ms */ + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800cdb8: 4b0a ldr r3, [pc, #40] ; (800cde4 ) + 800cdba: f44f 52fa mov.w r2, #8000 ; 0x1f40 + 800cdbe: 681b ldr r3, [r3, #0] + 800cdc0: fbb3 f3f2 udiv r3, r3, r2 + 800cdc4: f241 3288 movw r2, #5000 ; 0x1388 + 800cdc8: 4353 muls r3, r2 + + do + { + if (count-- == 0U) + 800cdca: 3b01 subs r3, #1 + 800cdcc: d307 bcc.n 800cdde + { + return SDMMC_ERROR_TIMEOUT; + } + + }while(!__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CMDSENT)); + 800cdce: 6b62 ldr r2, [r4, #52] ; 0x34 + 800cdd0: 0612 lsls r2, r2, #24 + 800cdd2: d5fa bpl.n 800cdca + + /* Clear all the static flags */ + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_STATIC_CMD_FLAGS); + 800cdd4: 4b04 ldr r3, [pc, #16] ; (800cde8 ) + 800cdd6: 63a3 str r3, [r4, #56] ; 0x38 + + return SDMMC_ERROR_NONE; + 800cdd8: 2000 movs r0, #0 +} + 800cdda: b006 add sp, #24 + 800cddc: bd10 pop {r4, pc} + return SDMMC_ERROR_TIMEOUT; + 800cdde: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 + return errorstate; + 800cde2: e7fa b.n 800cdda + 800cde4: 2009e2a8 .word 0x2009e2a8 + 800cde8: 002000c5 .word 0x002000c5 + +0800cdec : + uint32_t count = Timeout * (SystemCoreClock / 8U /1000U); + 800cdec: 4b45 ldr r3, [pc, #276] ; (800cf04 ) +{ + 800cdee: b510 push {r4, lr} + uint32_t count = Timeout * (SystemCoreClock / 8U /1000U); + 800cdf0: 681b ldr r3, [r3, #0] +{ + 800cdf2: 4604 mov r4, r0 + uint32_t count = Timeout * (SystemCoreClock / 8U /1000U); + 800cdf4: f44f 50fa mov.w r0, #8000 ; 0x1f40 + 800cdf8: fbb3 f3f0 udiv r3, r3, r0 + }while(((sta_reg & (SDMMC_FLAG_CCRCFAIL | SDMMC_FLAG_CMDREND | SDMMC_FLAG_CTIMEOUT | SDMMC_FLAG_BUSYD0END)) == 0U) || + 800cdfc: 4842 ldr r0, [pc, #264] ; (800cf08 ) + uint32_t count = Timeout * (SystemCoreClock / 8U /1000U); + 800cdfe: 435a muls r2, r3 + if (count-- == 0U) + 800ce00: 2a00 cmp r2, #0 + 800ce02: d048 beq.n 800ce96 + sta_reg = SDMMCx->STA; + 800ce04: 6b63 ldr r3, [r4, #52] ; 0x34 + ((sta_reg & SDMMC_FLAG_CMDACT) != 0U )); + 800ce06: 4203 tst r3, r0 + 800ce08: d007 beq.n 800ce1a + }while(((sta_reg & (SDMMC_FLAG_CCRCFAIL | SDMMC_FLAG_CMDREND | SDMMC_FLAG_CTIMEOUT | SDMMC_FLAG_BUSYD0END)) == 0U) || + 800ce0a: 049b lsls r3, r3, #18 + 800ce0c: d405 bmi.n 800ce1a + if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT)) + 800ce0e: 6b63 ldr r3, [r4, #52] ; 0x34 + 800ce10: 0758 lsls r0, r3, #29 + 800ce12: d504 bpl.n 800ce1e + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT); + 800ce14: 2004 movs r0, #4 + 800ce16: 63a0 str r0, [r4, #56] ; 0x38 +} + 800ce18: bd10 pop {r4, pc} + 800ce1a: 3a01 subs r2, #1 + 800ce1c: e7f0 b.n 800ce00 + else if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL)) + 800ce1e: 6b60 ldr r0, [r4, #52] ; 0x34 + 800ce20: f010 0001 ands.w r0, r0, #1 + 800ce24: d002 beq.n 800ce2c + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL); + 800ce26: 2301 movs r3, #1 + 800ce28: 63a3 str r3, [r4, #56] ; 0x38 + return SDMMC_ERROR_CMD_CRC_FAIL; + 800ce2a: e7f5 b.n 800ce18 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_STATIC_CMD_FLAGS); + 800ce2c: 4b37 ldr r3, [pc, #220] ; (800cf0c ) + 800ce2e: 63a3 str r3, [r4, #56] ; 0x38 + return (uint8_t)(SDMMCx->RESPCMD); + 800ce30: 6923 ldr r3, [r4, #16] + if(SDMMC_GetCommandResponse(SDMMCx) != SD_CMD) + 800ce32: b2db uxtb r3, r3 + 800ce34: 4299 cmp r1, r3 + 800ce36: d131 bne.n 800ce9c + return (*(__IO uint32_t *) tmp); + 800ce38: 6963 ldr r3, [r4, #20] + if((response_r1 & SDMMC_OCR_ERRORBITS) == SDMMC_ALLZERO) + 800ce3a: 4835 ldr r0, [pc, #212] ; (800cf10 ) + 800ce3c: 4018 ands r0, r3 + 800ce3e: 2800 cmp r0, #0 + 800ce40: d0ea beq.n 800ce18 + else if((response_r1 & SDMMC_OCR_ADDR_OUT_OF_RANGE) == SDMMC_OCR_ADDR_OUT_OF_RANGE) + 800ce42: 2b00 cmp r3, #0 + 800ce44: db2c blt.n 800cea0 + else if((response_r1 & SDMMC_OCR_ADDR_MISALIGNED) == SDMMC_OCR_ADDR_MISALIGNED) + 800ce46: 005a lsls r2, r3, #1 + 800ce48: d42d bmi.n 800cea6 + else if((response_r1 & SDMMC_OCR_BLOCK_LEN_ERR) == SDMMC_OCR_BLOCK_LEN_ERR) + 800ce4a: 009c lsls r4, r3, #2 + 800ce4c: d42d bmi.n 800ceaa + else if((response_r1 & SDMMC_OCR_ERASE_SEQ_ERR) == SDMMC_OCR_ERASE_SEQ_ERR) + 800ce4e: 00d9 lsls r1, r3, #3 + 800ce50: d42d bmi.n 800ceae + else if((response_r1 & SDMMC_OCR_BAD_ERASE_PARAM) == SDMMC_OCR_BAD_ERASE_PARAM) + 800ce52: 011a lsls r2, r3, #4 + 800ce54: d42e bmi.n 800ceb4 + else if((response_r1 & SDMMC_OCR_WRITE_PROT_VIOLATION) == SDMMC_OCR_WRITE_PROT_VIOLATION) + 800ce56: 015c lsls r4, r3, #5 + 800ce58: d42f bmi.n 800ceba + else if((response_r1 & SDMMC_OCR_LOCK_UNLOCK_FAILED) == SDMMC_OCR_LOCK_UNLOCK_FAILED) + 800ce5a: 01d9 lsls r1, r3, #7 + 800ce5c: d430 bmi.n 800cec0 + else if((response_r1 & SDMMC_OCR_COM_CRC_FAILED) == SDMMC_OCR_COM_CRC_FAILED) + 800ce5e: 021a lsls r2, r3, #8 + 800ce60: d431 bmi.n 800cec6 + else if((response_r1 & SDMMC_OCR_ILLEGAL_CMD) == SDMMC_OCR_ILLEGAL_CMD) + 800ce62: 025c lsls r4, r3, #9 + 800ce64: d432 bmi.n 800cecc + else if((response_r1 & SDMMC_OCR_CARD_ECC_FAILED) == SDMMC_OCR_CARD_ECC_FAILED) + 800ce66: 0299 lsls r1, r3, #10 + 800ce68: d433 bmi.n 800ced2 + else if((response_r1 & SDMMC_OCR_CC_ERROR) == SDMMC_OCR_CC_ERROR) + 800ce6a: 02da lsls r2, r3, #11 + 800ce6c: d434 bmi.n 800ced8 + else if((response_r1 & SDMMC_OCR_STREAM_READ_UNDERRUN) == SDMMC_OCR_STREAM_READ_UNDERRUN) + 800ce6e: 035c lsls r4, r3, #13 + 800ce70: d435 bmi.n 800cede + else if((response_r1 & SDMMC_OCR_STREAM_WRITE_OVERRUN) == SDMMC_OCR_STREAM_WRITE_OVERRUN) + 800ce72: 0399 lsls r1, r3, #14 + 800ce74: d436 bmi.n 800cee4 + else if((response_r1 & SDMMC_OCR_CID_CSD_OVERWRITE) == SDMMC_OCR_CID_CSD_OVERWRITE) + 800ce76: 03da lsls r2, r3, #15 + 800ce78: d437 bmi.n 800ceea + else if((response_r1 & SDMMC_OCR_WP_ERASE_SKIP) == SDMMC_OCR_WP_ERASE_SKIP) + 800ce7a: 041c lsls r4, r3, #16 + 800ce7c: d438 bmi.n 800cef0 + else if((response_r1 & SDMMC_OCR_CARD_ECC_DISABLED) == SDMMC_OCR_CARD_ECC_DISABLED) + 800ce7e: 0459 lsls r1, r3, #17 + 800ce80: d439 bmi.n 800cef6 + else if((response_r1 & SDMMC_OCR_ERASE_RESET) == SDMMC_OCR_ERASE_RESET) + 800ce82: 049a lsls r2, r3, #18 + 800ce84: d43a bmi.n 800cefc + return SDMMC_ERROR_GENERAL_UNKNOWN_ERR; + 800ce86: f013 0f08 tst.w r3, #8 + 800ce8a: bf14 ite ne + 800ce8c: f44f 0000 movne.w r0, #8388608 ; 0x800000 + 800ce90: f44f 3080 moveq.w r0, #65536 ; 0x10000 + 800ce94: e7c0 b.n 800ce18 + return SDMMC_ERROR_TIMEOUT; + 800ce96: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 + 800ce9a: e7bd b.n 800ce18 + return SDMMC_ERROR_CMD_CRC_FAIL; + 800ce9c: 2001 movs r0, #1 + 800ce9e: e7bb b.n 800ce18 + return SDMMC_ERROR_ADDR_OUT_OF_RANGE; + 800cea0: f04f 7000 mov.w r0, #33554432 ; 0x2000000 + 800cea4: e7b8 b.n 800ce18 + return SDMMC_ERROR_ADDR_MISALIGNED; + 800cea6: 2040 movs r0, #64 ; 0x40 + 800cea8: e7b6 b.n 800ce18 + return SDMMC_ERROR_BLOCK_LEN_ERR; + 800ceaa: 2080 movs r0, #128 ; 0x80 + 800ceac: e7b4 b.n 800ce18 + return SDMMC_ERROR_ERASE_SEQ_ERR; + 800ceae: f44f 7080 mov.w r0, #256 ; 0x100 + 800ceb2: e7b1 b.n 800ce18 + return SDMMC_ERROR_BAD_ERASE_PARAM; + 800ceb4: f44f 7000 mov.w r0, #512 ; 0x200 + 800ceb8: e7ae b.n 800ce18 + return SDMMC_ERROR_WRITE_PROT_VIOLATION; + 800ceba: f44f 6080 mov.w r0, #1024 ; 0x400 + 800cebe: e7ab b.n 800ce18 + return SDMMC_ERROR_LOCK_UNLOCK_FAILED; + 800cec0: f44f 6000 mov.w r0, #2048 ; 0x800 + 800cec4: e7a8 b.n 800ce18 + return SDMMC_ERROR_COM_CRC_FAILED; + 800cec6: f44f 5080 mov.w r0, #4096 ; 0x1000 + 800ceca: e7a5 b.n 800ce18 + return SDMMC_ERROR_ILLEGAL_CMD; + 800cecc: f44f 5000 mov.w r0, #8192 ; 0x2000 + 800ced0: e7a2 b.n 800ce18 + return SDMMC_ERROR_CARD_ECC_FAILED; + 800ced2: f44f 4080 mov.w r0, #16384 ; 0x4000 + 800ced6: e79f b.n 800ce18 + return SDMMC_ERROR_CC_ERR; + 800ced8: f44f 4000 mov.w r0, #32768 ; 0x8000 + 800cedc: e79c b.n 800ce18 + return SDMMC_ERROR_STREAM_READ_UNDERRUN; + 800cede: f44f 3000 mov.w r0, #131072 ; 0x20000 + 800cee2: e799 b.n 800ce18 + return SDMMC_ERROR_STREAM_WRITE_OVERRUN; + 800cee4: f44f 2080 mov.w r0, #262144 ; 0x40000 + 800cee8: e796 b.n 800ce18 + return SDMMC_ERROR_CID_CSD_OVERWRITE; + 800ceea: f44f 2000 mov.w r0, #524288 ; 0x80000 + 800ceee: e793 b.n 800ce18 + return SDMMC_ERROR_WP_ERASE_SKIP; + 800cef0: f44f 1080 mov.w r0, #1048576 ; 0x100000 + 800cef4: e790 b.n 800ce18 + return SDMMC_ERROR_CARD_ECC_DISABLED; + 800cef6: f44f 1000 mov.w r0, #2097152 ; 0x200000 + 800cefa: e78d b.n 800ce18 + return SDMMC_ERROR_ERASE_RESET; + 800cefc: f44f 0080 mov.w r0, #4194304 ; 0x400000 + 800cf00: e78a b.n 800ce18 + 800cf02: bf00 nop + 800cf04: 2009e2a8 .word 0x2009e2a8 + 800cf08: 00200045 .word 0x00200045 + 800cf0c: 002000c5 .word 0x002000c5 + 800cf10: fdffe008 .word 0xfdffe008 + +0800cf14 : +{ + 800cf14: b530 push {r4, r5, lr} + 800cf16: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800cf18: 2510 movs r5, #16 + 800cf1a: f44f 7380 mov.w r3, #256 ; 0x100 + 800cf1e: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800cf22: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cf24: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)BlockSize; + 800cf28: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cf2a: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800cf2c: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cf2e: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800cf32: f7ff fef9 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SET_BLOCKLEN, SDMMC_CMDTIMEOUT); + 800cf36: f241 3288 movw r2, #5000 ; 0x1388 + 800cf3a: 4629 mov r1, r5 + 800cf3c: 4620 mov r0, r4 + 800cf3e: f7ff ff55 bl 800cdec +} + 800cf42: b007 add sp, #28 + 800cf44: bd30 pop {r4, r5, pc} + +0800cf46 : +{ + 800cf46: b530 push {r4, r5, lr} + 800cf48: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800cf4a: 2511 movs r5, #17 + 800cf4c: f44f 7380 mov.w r3, #256 ; 0x100 + 800cf50: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800cf54: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cf56: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)ReadAdd; + 800cf5a: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cf5c: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800cf5e: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cf60: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800cf64: f7ff fee0 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_READ_SINGLE_BLOCK, SDMMC_CMDTIMEOUT); + 800cf68: f241 3288 movw r2, #5000 ; 0x1388 + 800cf6c: 4629 mov r1, r5 + 800cf6e: 4620 mov r0, r4 + 800cf70: f7ff ff3c bl 800cdec +} + 800cf74: b007 add sp, #28 + 800cf76: bd30 pop {r4, r5, pc} + +0800cf78 : +{ + 800cf78: b530 push {r4, r5, lr} + 800cf7a: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800cf7c: 2512 movs r5, #18 + 800cf7e: f44f 7380 mov.w r3, #256 ; 0x100 + 800cf82: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800cf86: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cf88: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)ReadAdd; + 800cf8c: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cf8e: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800cf90: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cf92: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800cf96: f7ff fec7 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_READ_MULT_BLOCK, SDMMC_CMDTIMEOUT); + 800cf9a: f241 3288 movw r2, #5000 ; 0x1388 + 800cf9e: 4629 mov r1, r5 + 800cfa0: 4620 mov r0, r4 + 800cfa2: f7ff ff23 bl 800cdec +} + 800cfa6: b007 add sp, #28 + 800cfa8: bd30 pop {r4, r5, pc} + +0800cfaa : +{ + 800cfaa: b530 push {r4, r5, lr} + 800cfac: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800cfae: 2518 movs r5, #24 + 800cfb0: f44f 7380 mov.w r3, #256 ; 0x100 + 800cfb4: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800cfb8: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cfba: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)WriteAdd; + 800cfbe: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cfc0: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800cfc2: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cfc4: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800cfc8: f7ff feae bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_WRITE_SINGLE_BLOCK, SDMMC_CMDTIMEOUT); + 800cfcc: f241 3288 movw r2, #5000 ; 0x1388 + 800cfd0: 4629 mov r1, r5 + 800cfd2: 4620 mov r0, r4 + 800cfd4: f7ff ff0a bl 800cdec +} + 800cfd8: b007 add sp, #28 + 800cfda: bd30 pop {r4, r5, pc} + +0800cfdc : +{ + 800cfdc: b530 push {r4, r5, lr} + 800cfde: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800cfe0: 2519 movs r5, #25 + 800cfe2: f44f 7380 mov.w r3, #256 ; 0x100 + 800cfe6: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800cfea: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cfec: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)WriteAdd; + 800cff0: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cff2: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800cff4: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800cff6: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800cffa: f7ff fe95 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_WRITE_MULT_BLOCK, SDMMC_CMDTIMEOUT); + 800cffe: f241 3288 movw r2, #5000 ; 0x1388 + 800d002: 4629 mov r1, r5 + 800d004: 4620 mov r0, r4 + 800d006: f7ff fef1 bl 800cdec +} + 800d00a: b007 add sp, #28 + 800d00c: bd30 pop {r4, r5, pc} + +0800d00e : +{ + 800d00e: b530 push {r4, r5, lr} + 800d010: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d012: 2520 movs r5, #32 + 800d014: f44f 7380 mov.w r3, #256 ; 0x100 + 800d018: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d01c: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d01e: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)StartAdd; + 800d022: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d024: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d026: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d028: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d02c: f7ff fe7c bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SD_ERASE_GRP_START, SDMMC_CMDTIMEOUT); + 800d030: f241 3288 movw r2, #5000 ; 0x1388 + 800d034: 4629 mov r1, r5 + 800d036: 4620 mov r0, r4 + 800d038: f7ff fed8 bl 800cdec +} + 800d03c: b007 add sp, #28 + 800d03e: bd30 pop {r4, r5, pc} + +0800d040 : +{ + 800d040: b530 push {r4, r5, lr} + 800d042: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d044: 2521 movs r5, #33 ; 0x21 + 800d046: f44f 7380 mov.w r3, #256 ; 0x100 + 800d04a: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d04e: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d050: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)EndAdd; + 800d054: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d056: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d058: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d05a: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d05e: f7ff fe63 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SD_ERASE_GRP_END, SDMMC_CMDTIMEOUT); + 800d062: f241 3288 movw r2, #5000 ; 0x1388 + 800d066: 4629 mov r1, r5 + 800d068: 4620 mov r0, r4 + 800d06a: f7ff febf bl 800cdec +} + 800d06e: b007 add sp, #28 + 800d070: bd30 pop {r4, r5, pc} + +0800d072 : +{ + 800d072: b530 push {r4, r5, lr} + 800d074: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d076: 2523 movs r5, #35 ; 0x23 + 800d078: f44f 7380 mov.w r3, #256 ; 0x100 + 800d07c: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d080: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d082: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)StartAdd; + 800d086: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d088: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d08a: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d08c: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d090: f7ff fe4a bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_ERASE_GRP_START, SDMMC_CMDTIMEOUT); + 800d094: f241 3288 movw r2, #5000 ; 0x1388 + 800d098: 4629 mov r1, r5 + 800d09a: 4620 mov r0, r4 + 800d09c: f7ff fea6 bl 800cdec +} + 800d0a0: b007 add sp, #28 + 800d0a2: bd30 pop {r4, r5, pc} + +0800d0a4 : +{ + 800d0a4: b530 push {r4, r5, lr} + 800d0a6: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d0a8: 2524 movs r5, #36 ; 0x24 + 800d0aa: f44f 7380 mov.w r3, #256 ; 0x100 + 800d0ae: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d0b2: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d0b4: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)EndAdd; + 800d0b8: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d0ba: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d0bc: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d0be: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d0c2: f7ff fe31 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_ERASE_GRP_END, SDMMC_CMDTIMEOUT); + 800d0c6: f241 3288 movw r2, #5000 ; 0x1388 + 800d0ca: 4629 mov r1, r5 + 800d0cc: 4620 mov r0, r4 + 800d0ce: f7ff fe8d bl 800cdec +} + 800d0d2: b007 add sp, #28 + 800d0d4: bd30 pop {r4, r5, pc} + +0800d0d6 : +{ + 800d0d6: b530 push {r4, r5, lr} + 800d0d8: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d0da: 2526 movs r5, #38 ; 0x26 + 800d0dc: f44f 7380 mov.w r3, #256 ; 0x100 + 800d0e0: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d0e4: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d0e6: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = EraseType; + 800d0ea: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d0ec: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d0ee: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d0f0: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d0f4: f7ff fe18 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_ERASE, SDMMC_MAXERASETIMEOUT); + 800d0f8: f24f 6218 movw r2, #63000 ; 0xf618 + 800d0fc: 4629 mov r1, r5 + 800d0fe: 4620 mov r0, r4 + 800d100: f7ff fe74 bl 800cdec +} + 800d104: b007 add sp, #28 + 800d106: bd30 pop {r4, r5, pc} + +0800d108 : +{ + 800d108: b530 push {r4, r5, lr} + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_STOP_TRANSMISSION; + 800d10a: 2300 movs r3, #0 +{ + 800d10c: b087 sub sp, #28 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_STOP_TRANSMISSION; + 800d10e: 250c movs r5, #12 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d110: f44f 7280 mov.w r2, #256 ; 0x100 + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d114: e9cd 2303 strd r2, r3, [sp, #12] + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_STOP_TRANSMISSION; + 800d118: e9cd 3501 strd r3, r5, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d11c: f44f 5380 mov.w r3, #4096 ; 0x1000 + 800d120: 9305 str r3, [sp, #20] + __SDMMC_CMDSTOP_ENABLE(SDMMCx); + 800d122: 68c3 ldr r3, [r0, #12] + 800d124: f043 0380 orr.w r3, r3, #128 ; 0x80 + 800d128: 60c3 str r3, [r0, #12] + __SDMMC_CMDTRANS_DISABLE(SDMMCx); + 800d12a: 68c3 ldr r3, [r0, #12] + 800d12c: f023 0340 bic.w r3, r3, #64 ; 0x40 +{ + 800d130: 4604 mov r4, r0 + __SDMMC_CMDTRANS_DISABLE(SDMMCx); + 800d132: 60c3 str r3, [r0, #12] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d134: a901 add r1, sp, #4 + 800d136: f7ff fdf7 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_STOP_TRANSMISSION, SDMMC_STOPTRANSFERTIMEOUT); + 800d13a: 4a05 ldr r2, [pc, #20] ; (800d150 ) + 800d13c: 4629 mov r1, r5 + 800d13e: 4620 mov r0, r4 + 800d140: f7ff fe54 bl 800cdec + __SDMMC_CMDSTOP_DISABLE(SDMMCx); + 800d144: 68e3 ldr r3, [r4, #12] + 800d146: f023 0380 bic.w r3, r3, #128 ; 0x80 + 800d14a: 60e3 str r3, [r4, #12] +} + 800d14c: b007 add sp, #28 + 800d14e: bd30 pop {r4, r5, pc} + 800d150: 05f5e100 .word 0x05f5e100 + +0800d154 : +{ + 800d154: b530 push {r4, r5, lr} + 800d156: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d158: 2507 movs r5, #7 + 800d15a: f44f 7380 mov.w r3, #256 ; 0x100 + 800d15e: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d162: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d164: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)Addr; + 800d168: 9201 str r2, [sp, #4] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d16a: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d16c: 2200 movs r2, #0 + 800d16e: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d172: f7ff fdd9 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SEL_DESEL_CARD, SDMMC_CMDTIMEOUT); + 800d176: f241 3288 movw r2, #5000 ; 0x1388 + 800d17a: 4629 mov r1, r5 + 800d17c: 4620 mov r0, r4 + 800d17e: f7ff fe35 bl 800cdec +} + 800d182: b007 add sp, #28 + 800d184: bd30 pop {r4, r5, pc} + +0800d186 : +{ + 800d186: b530 push {r4, r5, lr} + 800d188: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d18a: 2537 movs r5, #55 ; 0x37 + 800d18c: f44f 7380 mov.w r3, #256 ; 0x100 + 800d190: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d194: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d196: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)Argument; + 800d19a: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d19c: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d19e: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d1a0: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d1a4: f7ff fdc0 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_APP_CMD, SDMMC_CMDTIMEOUT); + 800d1a8: f241 3288 movw r2, #5000 ; 0x1388 + 800d1ac: 4629 mov r1, r5 + 800d1ae: 4620 mov r0, r4 + 800d1b0: f7ff fe1c bl 800cdec +} + 800d1b4: b007 add sp, #28 + 800d1b6: bd30 pop {r4, r5, pc} + +0800d1b8 : +{ + 800d1b8: b530 push {r4, r5, lr} + 800d1ba: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d1bc: 2506 movs r5, #6 + 800d1be: f44f 7380 mov.w r3, #256 ; 0x100 + 800d1c2: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d1c6: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d1c8: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)BusWidth; + 800d1cc: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d1ce: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d1d0: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d1d2: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d1d6: f7ff fda7 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_APP_SD_SET_BUSWIDTH, SDMMC_CMDTIMEOUT); + 800d1da: f241 3288 movw r2, #5000 ; 0x1388 + 800d1de: 4629 mov r1, r5 + 800d1e0: 4620 mov r0, r4 + 800d1e2: f7ff fe03 bl 800cdec +} + 800d1e6: b007 add sp, #28 + 800d1e8: bd30 pop {r4, r5, pc} + +0800d1ea : + 800d1ea: f7ff bfe5 b.w 800d1b8 + +0800d1ee : +{ + 800d1ee: b530 push {r4, r5, lr} + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SD_APP_SEND_SCR; + 800d1f0: 2300 movs r3, #0 +{ + 800d1f2: b087 sub sp, #28 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SD_APP_SEND_SCR; + 800d1f4: 2533 movs r5, #51 ; 0x33 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d1f6: f44f 7280 mov.w r2, #256 ; 0x100 + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d1fa: e9cd 2303 strd r2, r3, [sp, #12] + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SD_APP_SEND_SCR; + 800d1fe: e9cd 3501 strd r3, r5, [sp, #4] +{ + 800d202: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d204: f44f 5380 mov.w r3, #4096 ; 0x1000 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d208: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d20a: 9305 str r3, [sp, #20] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d20c: f7ff fd8c bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SD_APP_SEND_SCR, SDMMC_CMDTIMEOUT); + 800d210: f241 3288 movw r2, #5000 ; 0x1388 + 800d214: 4629 mov r1, r5 + 800d216: 4620 mov r0, r4 + 800d218: f7ff fde8 bl 800cdec +} + 800d21c: b007 add sp, #28 + 800d21e: bd30 pop {r4, r5, pc} + +0800d220 : +{ + 800d220: b530 push {r4, r5, lr} + 800d222: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d224: 2503 movs r5, #3 + sdmmc_cmdinit.Argument = ((uint32_t)RCA << 16U); + 800d226: 0409 lsls r1, r1, #16 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d228: f44f 7380 mov.w r3, #256 ; 0x100 + 800d22c: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d230: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d232: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = ((uint32_t)RCA << 16U); + 800d236: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d238: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d23a: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d23c: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d240: f7ff fd72 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SET_REL_ADDR, SDMMC_CMDTIMEOUT); + 800d244: f241 3288 movw r2, #5000 ; 0x1388 + 800d248: 4629 mov r1, r5 + 800d24a: 4620 mov r0, r4 + 800d24c: f7ff fdce bl 800cdec +} + 800d250: b007 add sp, #28 + 800d252: bd30 pop {r4, r5, pc} + +0800d254 : +{ + 800d254: b530 push {r4, r5, lr} + 800d256: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d258: 250d movs r5, #13 + 800d25a: f44f 7380 mov.w r3, #256 ; 0x100 + 800d25e: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d262: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d264: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = Argument; + 800d268: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d26a: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d26c: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d26e: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d272: f7ff fd59 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SEND_STATUS, SDMMC_CMDTIMEOUT); + 800d276: f241 3288 movw r2, #5000 ; 0x1388 + 800d27a: 4629 mov r1, r5 + 800d27c: 4620 mov r0, r4 + 800d27e: f7ff fdb5 bl 800cdec +} + 800d282: b007 add sp, #28 + 800d284: bd30 pop {r4, r5, pc} + +0800d286 : +{ + 800d286: b530 push {r4, r5, lr} + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SD_APP_STATUS; + 800d288: 2300 movs r3, #0 +{ + 800d28a: b087 sub sp, #28 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SD_APP_STATUS; + 800d28c: 250d movs r5, #13 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d28e: f44f 7280 mov.w r2, #256 ; 0x100 + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d292: e9cd 2303 strd r2, r3, [sp, #12] + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SD_APP_STATUS; + 800d296: e9cd 3501 strd r3, r5, [sp, #4] +{ + 800d29a: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d29c: f44f 5380 mov.w r3, #4096 ; 0x1000 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d2a0: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d2a2: 9305 str r3, [sp, #20] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d2a4: f7ff fd40 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SD_APP_STATUS, SDMMC_CMDTIMEOUT); + 800d2a8: f241 3288 movw r2, #5000 ; 0x1388 + 800d2ac: 4629 mov r1, r5 + 800d2ae: 4620 mov r0, r4 + 800d2b0: f7ff fd9c bl 800cdec +} + 800d2b4: b007 add sp, #28 + 800d2b6: bd30 pop {r4, r5, pc} + +0800d2b8 : +{ + 800d2b8: b530 push {r4, r5, lr} + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_VOLTAGE_SWITCH; + 800d2ba: 2300 movs r3, #0 +{ + 800d2bc: b087 sub sp, #28 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_VOLTAGE_SWITCH; + 800d2be: 250b movs r5, #11 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d2c0: f44f 7280 mov.w r2, #256 ; 0x100 + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d2c4: e9cd 2303 strd r2, r3, [sp, #12] + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_VOLTAGE_SWITCH; + 800d2c8: e9cd 3501 strd r3, r5, [sp, #4] +{ + 800d2cc: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d2ce: f44f 5380 mov.w r3, #4096 ; 0x1000 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d2d2: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d2d4: 9305 str r3, [sp, #20] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d2d6: f7ff fd27 bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_VOLTAGE_SWITCH, SDMMC_CMDTIMEOUT); + 800d2da: f241 3288 movw r2, #5000 ; 0x1388 + 800d2de: 4629 mov r1, r5 + 800d2e0: 4620 mov r0, r4 + 800d2e2: f7ff fd83 bl 800cdec +} + 800d2e6: b007 add sp, #28 + 800d2e8: bd30 pop {r4, r5, pc} + +0800d2ea : +{ + 800d2ea: b530 push {r4, r5, lr} + 800d2ec: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d2ee: 2508 movs r5, #8 + 800d2f0: f44f 7380 mov.w r3, #256 ; 0x100 + 800d2f4: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d2f8: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d2fa: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = Argument; + 800d2fe: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d300: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d302: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d304: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d308: f7ff fd0e bl 800cd28 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_HS_SEND_EXT_CSD,SDMMC_CMDTIMEOUT); + 800d30c: f241 3288 movw r2, #5000 ; 0x1388 + 800d310: 4629 mov r1, r5 + 800d312: 4620 mov r0, r4 + 800d314: f7ff fd6a bl 800cdec +} + 800d318: b007 add sp, #28 + 800d31a: bd30 pop {r4, r5, pc} + +0800d31c : + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d31c: 4b11 ldr r3, [pc, #68] ; (800d364 ) + 800d31e: f44f 51fa mov.w r1, #8000 ; 0x1f40 + 800d322: 681b ldr r3, [r3, #0] + 800d324: fbb3 f3f1 udiv r3, r3, r1 + 800d328: f241 3188 movw r1, #5000 ; 0x1388 +{ + 800d32c: 4602 mov r2, r0 + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d32e: 434b muls r3, r1 + if (count-- == 0U) + 800d330: 3b01 subs r3, #1 + 800d332: d313 bcc.n 800d35c + sta_reg = SDMMCx->STA; + 800d334: 6b51 ldr r1, [r2, #52] ; 0x34 + ((sta_reg & SDMMC_FLAG_CMDACT) != 0U )); + 800d336: f011 0f45 tst.w r1, #69 ; 0x45 + 800d33a: d0f9 beq.n 800d330 + }while(((sta_reg & (SDMMC_FLAG_CCRCFAIL | SDMMC_FLAG_CMDREND | SDMMC_FLAG_CTIMEOUT)) == 0U) || + 800d33c: 0489 lsls r1, r1, #18 + 800d33e: d4f7 bmi.n 800d330 + if (__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT)) + 800d340: 6b53 ldr r3, [r2, #52] ; 0x34 + 800d342: 075b lsls r3, r3, #29 + 800d344: d502 bpl.n 800d34c + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT); + 800d346: 2004 movs r0, #4 + 800d348: 6390 str r0, [r2, #56] ; 0x38 + return SDMMC_ERROR_CMD_RSP_TIMEOUT; + 800d34a: 4770 bx lr + else if (__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL)) + 800d34c: 6b50 ldr r0, [r2, #52] ; 0x34 + 800d34e: f010 0001 ands.w r0, r0, #1 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_STATIC_CMD_FLAGS); + 800d352: bf0c ite eq + 800d354: 4b04 ldreq r3, [pc, #16] ; (800d368 ) + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL); + 800d356: 2301 movne r3, #1 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_STATIC_CMD_FLAGS); + 800d358: 6393 str r3, [r2, #56] ; 0x38 + return SDMMC_ERROR_NONE; + 800d35a: 4770 bx lr + return SDMMC_ERROR_TIMEOUT; + 800d35c: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 +} + 800d360: 4770 bx lr + 800d362: bf00 nop + 800d364: 2009e2a8 .word 0x2009e2a8 + 800d368: 002000c5 .word 0x002000c5 + +0800d36c : +{ + 800d36c: b510 push {r4, lr} + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_ALL_SEND_CID; + 800d36e: 2300 movs r3, #0 +{ + 800d370: b086 sub sp, #24 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_ALL_SEND_CID; + 800d372: 2202 movs r2, #2 + 800d374: e9cd 3201 strd r3, r2, [sp, #4] + sdmmc_cmdinit.Response = SDMMC_RESPONSE_LONG; + 800d378: f44f 7240 mov.w r2, #768 ; 0x300 + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d37c: e9cd 2303 strd r2, r3, [sp, #12] +{ + 800d380: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d382: f44f 5380 mov.w r3, #4096 ; 0x1000 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d386: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d388: 9305 str r3, [sp, #20] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d38a: f7ff fccd bl 800cd28 + errorstate = SDMMC_GetCmdResp2(SDMMCx); + 800d38e: 4620 mov r0, r4 + 800d390: f7ff ffc4 bl 800d31c +} + 800d394: b006 add sp, #24 + 800d396: bd10 pop {r4, pc} + +0800d398 : +{ + 800d398: b510 push {r4, lr} + 800d39a: b086 sub sp, #24 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_LONG; + 800d39c: 2209 movs r2, #9 + 800d39e: f44f 7340 mov.w r3, #768 ; 0x300 + 800d3a2: e9cd 2302 strd r2, r3, [sp, #8] + sdmmc_cmdinit.Argument = Argument; + 800d3a6: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d3a8: f44f 5380 mov.w r3, #4096 ; 0x1000 + 800d3ac: 2100 movs r1, #0 + 800d3ae: e9cd 1304 strd r1, r3, [sp, #16] +{ + 800d3b2: 4604 mov r4, r0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d3b4: a901 add r1, sp, #4 + 800d3b6: f7ff fcb7 bl 800cd28 + errorstate = SDMMC_GetCmdResp2(SDMMCx); + 800d3ba: 4620 mov r0, r4 + 800d3bc: f7ff ffae bl 800d31c +} + 800d3c0: b006 add sp, #24 + 800d3c2: bd10 pop {r4, pc} + +0800d3c4 : + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d3c4: 4b0e ldr r3, [pc, #56] ; (800d400 ) + 800d3c6: f44f 51fa mov.w r1, #8000 ; 0x1f40 + 800d3ca: 681b ldr r3, [r3, #0] + 800d3cc: fbb3 f3f1 udiv r3, r3, r1 + 800d3d0: f241 3188 movw r1, #5000 ; 0x1388 +{ + 800d3d4: 4602 mov r2, r0 + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d3d6: 434b muls r3, r1 + if (count-- == 0U) + 800d3d8: 3b01 subs r3, #1 + 800d3da: d30e bcc.n 800d3fa + sta_reg = SDMMCx->STA; + 800d3dc: 6b51 ldr r1, [r2, #52] ; 0x34 + ((sta_reg & SDMMC_FLAG_CMDACT) != 0U )); + 800d3de: f011 0f45 tst.w r1, #69 ; 0x45 + 800d3e2: d0f9 beq.n 800d3d8 + }while(((sta_reg & (SDMMC_FLAG_CCRCFAIL | SDMMC_FLAG_CMDREND | SDMMC_FLAG_CTIMEOUT)) == 0U) || + 800d3e4: 0489 lsls r1, r1, #18 + 800d3e6: d4f7 bmi.n 800d3d8 + if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT)) + 800d3e8: 6b50 ldr r0, [r2, #52] ; 0x34 + 800d3ea: f010 0004 ands.w r0, r0, #4 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT); + 800d3ee: bf15 itete ne + 800d3f0: 2004 movne r0, #4 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_STATIC_CMD_FLAGS); + 800d3f2: 4b04 ldreq r3, [pc, #16] ; (800d404 ) + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT); + 800d3f4: 6390 strne r0, [r2, #56] ; 0x38 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_STATIC_CMD_FLAGS); + 800d3f6: 6393 streq r3, [r2, #56] ; 0x38 + return SDMMC_ERROR_NONE; + 800d3f8: 4770 bx lr + return SDMMC_ERROR_TIMEOUT; + 800d3fa: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 +} + 800d3fe: 4770 bx lr + 800d400: 2009e2a8 .word 0x2009e2a8 + 800d404: 002000c5 .word 0x002000c5 + +0800d408 : +{ + 800d408: b510 push {r4, lr} + 800d40a: b086 sub sp, #24 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d40c: 2229 movs r2, #41 ; 0x29 + 800d40e: f44f 7380 mov.w r3, #256 ; 0x100 + 800d412: e9cd 2302 strd r2, r3, [sp, #8] + sdmmc_cmdinit.Argument = Argument; + 800d416: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d418: f44f 5380 mov.w r3, #4096 ; 0x1000 + 800d41c: 2100 movs r1, #0 + 800d41e: e9cd 1304 strd r1, r3, [sp, #16] +{ + 800d422: 4604 mov r4, r0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d424: a901 add r1, sp, #4 + 800d426: f7ff fc7f bl 800cd28 + errorstate = SDMMC_GetCmdResp3(SDMMCx); + 800d42a: 4620 mov r0, r4 + 800d42c: f7ff ffca bl 800d3c4 +} + 800d430: b006 add sp, #24 + 800d432: bd10 pop {r4, pc} + +0800d434 : +{ + 800d434: b510 push {r4, lr} + 800d436: b086 sub sp, #24 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d438: 2201 movs r2, #1 + 800d43a: f44f 7380 mov.w r3, #256 ; 0x100 + 800d43e: e9cd 2302 strd r2, r3, [sp, #8] + sdmmc_cmdinit.Argument = Argument; + 800d442: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d444: f44f 5380 mov.w r3, #4096 ; 0x1000 + 800d448: 2100 movs r1, #0 + 800d44a: e9cd 1304 strd r1, r3, [sp, #16] +{ + 800d44e: 4604 mov r4, r0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d450: a901 add r1, sp, #4 + 800d452: f7ff fc69 bl 800cd28 + errorstate = SDMMC_GetCmdResp3(SDMMCx); + 800d456: 4620 mov r0, r4 + 800d458: f7ff ffb4 bl 800d3c4 +} + 800d45c: b006 add sp, #24 + 800d45e: bd10 pop {r4, pc} + +0800d460 : + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d460: 4b1f ldr r3, [pc, #124] ; (800d4e0 ) +{ + 800d462: b510 push {r4, lr} + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d464: 681b ldr r3, [r3, #0] +{ + 800d466: 4604 mov r4, r0 + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d468: f44f 50fa mov.w r0, #8000 ; 0x1f40 + 800d46c: fbb3 f3f0 udiv r3, r3, r0 + 800d470: f241 3088 movw r0, #5000 ; 0x1388 + 800d474: 4343 muls r3, r0 + if (count-- == 0U) + 800d476: 3b01 subs r3, #1 + 800d478: d329 bcc.n 800d4ce + sta_reg = SDMMCx->STA; + 800d47a: 6b60 ldr r0, [r4, #52] ; 0x34 + ((sta_reg & SDMMC_FLAG_CMDACT) != 0U )); + 800d47c: f010 0f45 tst.w r0, #69 ; 0x45 + 800d480: d0f9 beq.n 800d476 + }while(((sta_reg & (SDMMC_FLAG_CCRCFAIL | SDMMC_FLAG_CMDREND | SDMMC_FLAG_CTIMEOUT)) == 0U) || + 800d482: 0480 lsls r0, r0, #18 + 800d484: d4f7 bmi.n 800d476 + if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT)) + 800d486: 6b63 ldr r3, [r4, #52] ; 0x34 + 800d488: 0758 lsls r0, r3, #29 + 800d48a: d502 bpl.n 800d492 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT); + 800d48c: 2004 movs r0, #4 + 800d48e: 63a0 str r0, [r4, #56] ; 0x38 +} + 800d490: bd10 pop {r4, pc} + else if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL)) + 800d492: 6b60 ldr r0, [r4, #52] ; 0x34 + 800d494: f010 0001 ands.w r0, r0, #1 + 800d498: d002 beq.n 800d4a0 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL); + 800d49a: 2301 movs r3, #1 + 800d49c: 63a3 str r3, [r4, #56] ; 0x38 + return SDMMC_ERROR_CMD_CRC_FAIL; + 800d49e: e7f7 b.n 800d490 + return (uint8_t)(SDMMCx->RESPCMD); + 800d4a0: 6923 ldr r3, [r4, #16] + if(SDMMC_GetCommandResponse(SDMMCx) != SD_CMD) + 800d4a2: b2db uxtb r3, r3 + 800d4a4: 4299 cmp r1, r3 + 800d4a6: d115 bne.n 800d4d4 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_STATIC_CMD_FLAGS); + 800d4a8: 4b0e ldr r3, [pc, #56] ; (800d4e4 ) + 800d4aa: 63a3 str r3, [r4, #56] ; 0x38 + return (*(__IO uint32_t *) tmp); + 800d4ac: 6963 ldr r3, [r4, #20] + if((response_r1 & (SDMMC_R6_GENERAL_UNKNOWN_ERROR | SDMMC_R6_ILLEGAL_CMD | SDMMC_R6_COM_CRC_FAILED)) == SDMMC_ALLZERO) + 800d4ae: f413 4060 ands.w r0, r3, #57344 ; 0xe000 + 800d4b2: d102 bne.n 800d4ba + *pRCA = (uint16_t) (response_r1 >> 16); + 800d4b4: 0c1b lsrs r3, r3, #16 + 800d4b6: 8013 strh r3, [r2, #0] + return SDMMC_ERROR_NONE; + 800d4b8: e7ea b.n 800d490 + else if((response_r1 & SDMMC_R6_ILLEGAL_CMD) == SDMMC_R6_ILLEGAL_CMD) + 800d4ba: 045a lsls r2, r3, #17 + 800d4bc: d40c bmi.n 800d4d8 + return SDMMC_ERROR_GENERAL_UNKNOWN_ERR; + 800d4be: f413 4f00 tst.w r3, #32768 ; 0x8000 + 800d4c2: bf14 ite ne + 800d4c4: f44f 5080 movne.w r0, #4096 ; 0x1000 + 800d4c8: f44f 3080 moveq.w r0, #65536 ; 0x10000 + 800d4cc: e7e0 b.n 800d490 + return SDMMC_ERROR_TIMEOUT; + 800d4ce: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 + 800d4d2: e7dd b.n 800d490 + return SDMMC_ERROR_CMD_CRC_FAIL; + 800d4d4: 2001 movs r0, #1 + 800d4d6: e7db b.n 800d490 + return SDMMC_ERROR_ILLEGAL_CMD; + 800d4d8: f44f 5000 mov.w r0, #8192 ; 0x2000 + 800d4dc: e7d8 b.n 800d490 + 800d4de: bf00 nop + 800d4e0: 2009e2a8 .word 0x2009e2a8 + 800d4e4: 002000c5 .word 0x002000c5 + +0800d4e8 : +{ + 800d4e8: b530 push {r4, r5, lr} + 800d4ea: b089 sub sp, #36 ; 0x24 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SET_REL_ADDR; + 800d4ec: 2300 movs r3, #0 +{ + 800d4ee: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SET_REL_ADDR; + 800d4f0: 2503 movs r5, #3 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d4f2: f44f 7180 mov.w r1, #256 ; 0x100 + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d4f6: e9cd 1305 strd r1, r3, [sp, #20] + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SET_REL_ADDR; + 800d4fa: e9cd 3503 strd r3, r5, [sp, #12] +{ + 800d4fe: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d500: f44f 5380 mov.w r3, #4096 ; 0x1000 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d504: a903 add r1, sp, #12 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d506: 9307 str r3, [sp, #28] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d508: f7ff fc0e bl 800cd28 + errorstate = SDMMC_GetCmdResp6(SDMMCx, SDMMC_CMD_SET_REL_ADDR, pRCA); + 800d50c: 9a01 ldr r2, [sp, #4] + 800d50e: 4629 mov r1, r5 + 800d510: 4620 mov r0, r4 + 800d512: f7ff ffa5 bl 800d460 +} + 800d516: b009 add sp, #36 ; 0x24 + 800d518: bd30 pop {r4, r5, pc} + ... + +0800d51c : + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d51c: 4b13 ldr r3, [pc, #76] ; (800d56c ) + 800d51e: f44f 51fa mov.w r1, #8000 ; 0x1f40 + 800d522: 681b ldr r3, [r3, #0] + 800d524: fbb3 f3f1 udiv r3, r3, r1 + 800d528: f241 3188 movw r1, #5000 ; 0x1388 +{ + 800d52c: 4602 mov r2, r0 + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d52e: 434b muls r3, r1 + if (count-- == 0U) + 800d530: 3b01 subs r3, #1 + 800d532: d317 bcc.n 800d564 + sta_reg = SDMMCx->STA; + 800d534: 6b51 ldr r1, [r2, #52] ; 0x34 + ((sta_reg & SDMMC_FLAG_CMDACT) != 0U )); + 800d536: f011 0f45 tst.w r1, #69 ; 0x45 + 800d53a: d0f9 beq.n 800d530 + }while(((sta_reg & (SDMMC_FLAG_CCRCFAIL | SDMMC_FLAG_CMDREND | SDMMC_FLAG_CTIMEOUT)) == 0U) || + 800d53c: 0488 lsls r0, r1, #18 + 800d53e: d4f7 bmi.n 800d530 + if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT)) + 800d540: 6b53 ldr r3, [r2, #52] ; 0x34 + 800d542: 0759 lsls r1, r3, #29 + 800d544: d502 bpl.n 800d54c + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT); + 800d546: 2004 movs r0, #4 + 800d548: 6390 str r0, [r2, #56] ; 0x38 + return SDMMC_ERROR_CMD_RSP_TIMEOUT; + 800d54a: 4770 bx lr + else if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL)) + 800d54c: 6b50 ldr r0, [r2, #52] ; 0x34 + 800d54e: f010 0001 ands.w r0, r0, #1 + 800d552: d002 beq.n 800d55a + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL); + 800d554: 2301 movs r3, #1 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CMDREND); + 800d556: 6393 str r3, [r2, #56] ; 0x38 + 800d558: 4770 bx lr + if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CMDREND)) + 800d55a: 6b53 ldr r3, [r2, #52] ; 0x34 + 800d55c: 065b lsls r3, r3, #25 + 800d55e: d503 bpl.n 800d568 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CMDREND); + 800d560: 2340 movs r3, #64 ; 0x40 + 800d562: e7f8 b.n 800d556 + return SDMMC_ERROR_TIMEOUT; + 800d564: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 +} + 800d568: 4770 bx lr + 800d56a: bf00 nop + 800d56c: 2009e2a8 .word 0x2009e2a8 + +0800d570 : +{ + 800d570: b510 push {r4, lr} + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_HS_SEND_EXT_CSD; + 800d572: f44f 72d5 mov.w r2, #426 ; 0x1aa +{ + 800d576: b086 sub sp, #24 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_HS_SEND_EXT_CSD; + 800d578: 2308 movs r3, #8 + 800d57a: e9cd 2301 strd r2, r3, [sp, #4] + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d57e: f44f 7180 mov.w r1, #256 ; 0x100 + 800d582: 2300 movs r3, #0 + 800d584: e9cd 1303 strd r1, r3, [sp, #12] +{ + 800d588: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d58a: f44f 5380 mov.w r3, #4096 ; 0x1000 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d58e: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d590: 9305 str r3, [sp, #20] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d592: f7ff fbc9 bl 800cd28 + errorstate = SDMMC_GetCmdResp7(SDMMCx); + 800d596: 4620 mov r0, r4 + 800d598: f7ff ffc0 bl 800d51c +} + 800d59c: b006 add sp, #24 + 800d59e: bd10 pop {r4, pc} + +0800d5a0 : + 800d5a0: b510 push {r4, lr} + 800d5a2: 3901 subs r1, #1 + 800d5a4: 4402 add r2, r0 + 800d5a6: 4290 cmp r0, r2 + 800d5a8: d101 bne.n 800d5ae + 800d5aa: 2000 movs r0, #0 + 800d5ac: e005 b.n 800d5ba + 800d5ae: 7803 ldrb r3, [r0, #0] + 800d5b0: f811 4f01 ldrb.w r4, [r1, #1]! + 800d5b4: 42a3 cmp r3, r4 + 800d5b6: d001 beq.n 800d5bc + 800d5b8: 1b18 subs r0, r3, r4 + 800d5ba: bd10 pop {r4, pc} + 800d5bc: 3001 adds r0, #1 + 800d5be: e7f2 b.n 800d5a6 + +0800d5c0 : + 800d5c0: 440a add r2, r1 + 800d5c2: 4291 cmp r1, r2 + 800d5c4: f100 33ff add.w r3, r0, #4294967295 ; 0xffffffff + 800d5c8: d100 bne.n 800d5cc + 800d5ca: 4770 bx lr + 800d5cc: b510 push {r4, lr} + 800d5ce: f811 4b01 ldrb.w r4, [r1], #1 + 800d5d2: f803 4f01 strb.w r4, [r3, #1]! + 800d5d6: 4291 cmp r1, r2 + 800d5d8: d1f9 bne.n 800d5ce + 800d5da: bd10 pop {r4, pc} + +0800d5dc : + 800d5dc: 4288 cmp r0, r1 + 800d5de: b510 push {r4, lr} + 800d5e0: eb01 0402 add.w r4, r1, r2 + 800d5e4: d902 bls.n 800d5ec + 800d5e6: 4284 cmp r4, r0 + 800d5e8: 4623 mov r3, r4 + 800d5ea: d807 bhi.n 800d5fc + 800d5ec: 1e43 subs r3, r0, #1 + 800d5ee: 42a1 cmp r1, r4 + 800d5f0: d008 beq.n 800d604 + 800d5f2: f811 2b01 ldrb.w r2, [r1], #1 + 800d5f6: f803 2f01 strb.w r2, [r3, #1]! + 800d5fa: e7f8 b.n 800d5ee + 800d5fc: 4402 add r2, r0 + 800d5fe: 4601 mov r1, r0 + 800d600: 428a cmp r2, r1 + 800d602: d100 bne.n 800d606 + 800d604: bd10 pop {r4, pc} + 800d606: f813 4d01 ldrb.w r4, [r3, #-1]! + 800d60a: f802 4d01 strb.w r4, [r2, #-1]! + 800d60e: e7f7 b.n 800d600 + +0800d610 : + 800d610: 4402 add r2, r0 + 800d612: 4603 mov r3, r0 + 800d614: 4293 cmp r3, r2 + 800d616: d100 bne.n 800d61a + 800d618: 4770 bx lr + 800d61a: f803 1b01 strb.w r1, [r3], #1 + 800d61e: e7f9 b.n 800d614 + +0800d620 : + 800d620: 46ec mov ip, sp + 800d622: e8a0 5ff0 stmia.w r0!, {r4, r5, r6, r7, r8, r9, sl, fp, ip, lr} + 800d626: f04f 0000 mov.w r0, #0 + 800d62a: 4770 bx lr + +0800d62c : + 800d62c: e8b0 5ff0 ldmia.w r0!, {r4, r5, r6, r7, r8, r9, sl, fp, ip, lr} + 800d630: 46e5 mov sp, ip + 800d632: 0008 movs r0, r1 + 800d634: bf08 it eq + 800d636: 2001 moveq r0, #1 + 800d638: 4770 bx lr + 800d63a: bf00 nop + +0800d63c : + 800d63c: b510 push {r4, lr} + 800d63e: 460b mov r3, r1 + 800d640: b162 cbz r2, 800d65c + 800d642: 3a01 subs r2, #1 + 800d644: d008 beq.n 800d658 + 800d646: f813 4b01 ldrb.w r4, [r3], #1 + 800d64a: f800 4b01 strb.w r4, [r0], #1 + 800d64e: 2c00 cmp r4, #0 + 800d650: d1f7 bne.n 800d642 + 800d652: 1a58 subs r0, r3, r1 + 800d654: 3801 subs r0, #1 + 800d656: bd10 pop {r4, pc} + 800d658: 2200 movs r2, #0 + 800d65a: 7002 strb r2, [r0, #0] + 800d65c: f813 2b01 ldrb.w r2, [r3], #1 + 800d660: 2a00 cmp r2, #0 + 800d662: d1fb bne.n 800d65c + 800d664: e7f5 b.n 800d652 + +0800d666 : + 800d666: 4603 mov r3, r0 + 800d668: f813 2b01 ldrb.w r2, [r3], #1 + 800d66c: 2a00 cmp r2, #0 + 800d66e: d1fb bne.n 800d668 + 800d670: 1a18 subs r0, r3, r0 + 800d672: 3801 subs r0, #1 + 800d674: 4770 bx lr + ... + +0800d678 <__flash_burn_veneer>: + 800d678: f85f f000 ldr.w pc, [pc] ; 800d67c <__flash_burn_veneer+0x4> + 800d67c: 2009e001 .word 0x2009e001 + +0800d680 <__flash_page_erase_veneer>: + 800d680: f85f f000 ldr.w pc, [pc] ; 800d684 <__flash_page_erase_veneer+0x4> + 800d684: 2009e08d .word 0x2009e08d + 800d688: 6f636e69 .word 0x6f636e69 + 800d68c: 006e .short 0x006e + 800d68e: 6944 .short 0x6944 + 800d690: 44203a65 .word 0x44203a65 + 800d694: 44005546 .word 0x44005546 + 800d698: 203a6569 .word 0x203a6569 + 800d69c: 6e776f44 .word 0x6e776f44 + 800d6a0: 64617267 .word 0x64617267 + 800d6a4: 69440065 .word 0x69440065 + 800d6a8: 42203a65 .word 0x42203a65 + 800d6ac: 6b6e616c .word 0x6b6e616c + 800d6b0: 00687369 .word 0x00687369 + 800d6b4: 3a656944 .word 0x3a656944 + 800d6b8: 69724220 .word 0x69724220 + 800d6bc: 42006b63 .word 0x42006b63 + 800d6c0: 32746f6f .word 0x32746f6f + 800d6c4: 00554644 .word 0x00554644 + 800d6c8: 524c .short 0x524c + 800d6ca: 00 .byte 0x00 + 800d6cb: 65 .byte 0x65 + 800d6cc: 7265746e .word 0x7265746e + 800d6d0: 7566645f .word 0x7566645f + 800d6d4: 2928 .short 0x2928 + 800d6d6: 00 .byte 0x00 + 800d6d7: 0d .byte 0x0d + 800d6d8: 6b4d0a0a .word 0x6b4d0a0a + 800d6dc: 6f422034 .word 0x6f422034 + 800d6e0: 6f6c746f .word 0x6f6c746f + 800d6e4: 72656461 .word 0x72656461 + 800d6e8: 3e00203a .word 0x3e00203a + 800d6ec: 45524946 .word 0x45524946 + 800d6f0: 4c4c4157 .word 0x4c4c4157 + 800d6f4: 003c4445 .word 0x003c4445 + 800d6f8: 72696170 .word 0x72696170 + 800d6fc: 6972622d .word 0x6972622d + 800d700: 64656b63 .word 0x64656b63 + 800d704: 72655600 .word 0x72655600 + 800d708: 3a796669 .word 0x3a796669 + 800d70c: 00000020 .word 0x00000020 + 800d710: 00000150 .word 0x00000150 + 800d714: 00000001 .word 0x00000001 + 800d718: 00000000 .word 0x00000000 + 800d71c: 00000001 .word 0x00000001 + 800d720: 00000000 .word 0x00000000 + +0800d724 : + 800d724: 0700262e ff000707 .&....../ + +0800d72d : + 800d72d: 227f0021 !..".. + +0800d733 : + 800d733: 400020ae c83fa8a1 12da00d3 f1d980d5 . .@..?......... + 800d743: ff8130db 148da6a4 .0....... + +0800d74c : + 800d74c: 227f0021 !..".. + +0800d752 : + 800d752: 007f007f 0034007f 000d8081 000d8081 ......4......... + 800d762: 00628081 01030183 0183000b 000b0103 ..b............. + 800d772: 01030183 007f007f 0034007f ..........4.. + +0800d77f : + 800d77f: 007f007f 002b007f 8803f881 0000f085 ......+......... + 800d78f: 400380c0 00008086 03d84040 04808100 ...@....@@...... + 800d79f: 00808a40 800000f8 80000040 80834004 @.......@....@.. + 800d7af: 40038000 50f88082 041f8100 000f8310 ...@...P........ + 800d7bf: 8100091f 8100031f 8a10040f 021f0008 ................ + 800d7cf: 10080403 12040f00 0f001383 08821003 ................ + 800d7df: 7f007f1f 2b007f00 .......+.. + +0800d7e9 : + 800d7e9: 0037007f 40c08086 03303060 05188190 ..7....@`00..... + 800d7f9: 08188510 68e0f018 f8808b00 38e1071c .......h.......8 + 800d809: 0103060c 82000b01 006820ff 0e7fc182 ......... h..... + 800d819: 80808700 0e3860c0 85006907 04060301 .....`8..i...... + 800d829: 82020406 02030606 01030383 f881005e ............^... + 800d839: 08868804 40400000 820003d8 400380c0 ......@@.......@ + 800d849: c000808a 40804040 04c00080 00c08300 ....@@.@........ + 800d859: 84400400 80c00080 80834003 40048000 ..@......@.....@ + 800d869: 08008087 30488808 1f810043 1f810009 ......H0C....... + 800d879: 1f810003 1f8f0006 00070000 100f001f ................ + 800d889: 0f100f08 11030e00 001f0984 8100061f ................ + 800d899: 8412040f 1b000013 0026007f ..........&.. + +0800d8a6 : + 800d8a6: 002c007f 00888003 98f09000 1640d0a0 ..,...........@. + 800d8b6: 80808400 180330e0 18031081 80e03084 .....0.......0.. + 800d8c6: 89004380 0c18f0c0 191373e6 89010519 .C.......s...... + 800d8d6: 07030100 000039ef 92001501 f9ede702 .....9.......... + 800d8e6: 783818c8 78381838 f9c81838 0042e7ed ..8x8.8x8.....B. + 800d8f6: e03d0f85 000a0180 70c08085 0017023f ..=........p?... + 800d906: 07fcf883 7e870304 640464fc 03047efc .......~.d.d.~.. + 800d916: f0fc0783 01840043 06020301 03028306 ....C........... + 800d926: 82001b01 06060703 06030781 06060781 ................ + 800d936: 2e030782 03f88100 e0108408 40040000 ...............@ + 800d946: c0008084 83400380 03800080 c0808440 ......@.....@... + 800d956: 40048000 c0008084 81400380 81000380 ...@......@..... + 800d966: 81000bf8 830804f0 04c00030 00c08300 ........0....... + 800d976: 84400480 f0400080 00834003 40048000 ..@...@..@.....@ + 800d986: c0008088 40804040 81000380 81001bf8 ....@@.@........ + 800d996: 8410031f 0e000708 09841103 041f001f ................ + 800d9a6: 001f8300 84880347 0f007f84 13831204 ....G........... + 800d9b6: 00081f00 000b1b81 10040f81 0f000c83 ................ + 800d9c6: 08841003 0409001f 000c8412 10030f00 ................ + 800d9d6: 0f000883 0f881004 00001f00 031f0007 ................ + 800d9e6: 7f1b8100 00001000 ........ + +0800d9ee : + 800d9ee: 0035007f 00f0f095 6060c080 10103030 ..5.......``00.. + 800d9fe: 10101818 60603030 006b80c0 0c040f04 ....00``..k..... + 800da0e: ff820003 840007ff e0fc0f03 c083006c ............l... + 800da1e: 00058080 0603018c 80800006 0f3c70c0 .............p<. + 800da2e: 8e006d01 03030101 06060202 03030202 .m.............. + 800da3e: 00570101 0803f881 00e01084 83400480 ..W...........@. + 800da4e: 04c00080 00c08400 400380c0 80008083 ...........@.... + 800da5e: 80854003 80c000c0 80834003 40040000 .@.......@.....@ + 800da6e: 80008083 80844003 048000f8 00808740 .....@......@... + 800da7e: 48880808 81003c30 8410031f 0f000708 ...H0<.......... + 800da8e: 0f8a1004 08100f00 000f100f 8300041f ................ + 800da9e: 0347001f 7f848488 00061f00 11030e81 ..G............. + 800daae: 001f0984 8410030f 0f001f08 13841204 ................ + 800dabe: 7f1b0000 00002200 .....".. + +0800dac6 : + 800dac6: 007f007f 0036007f 90fc9089 0090fc90 ......6......... + 800dad6: 4203fc40 f000048b 00c00000 fc4000f0 @..B..........@. + 800dae6: 04814203 03840066 03030000 05078100 .B..f........... + 800daf6: 04038900 03040302 7f070000 7f007f00 ................ + 800db06: 00003900 .9.. + +0800db0a : + 800db0a: 0035007f c0078081 00064081 6f808082 ..5......@.....o + 800db1a: ffff8200 c0070006 c7c3c189 f0f8dcce ................ + 800db2a: 0068c0e0 06ff7f82 068081c0 70608800 ..h...........`p + 800db3a: 070e1c38 007f0103 f8810050 80810006 8.......P....... + 800db4a: 80834004 40038000 00c08084 83400480 .@.....@......@. + 800db5a: 04c00080 00c08400 4003f040 f8810009 ........@..@.... + 800db6a: 10840803 048000e0 00808440 400380c0 ........@......@ + 800db7a: 80008083 80814004 1f810034 00821005 .....@..4....... + 800db8a: 8310040f 0347000f 7f848488 10040f00 ......G......... + 800db9a: 0f000f83 08851003 0f00001f 08811003 ................ + 800dbaa: 1f810008 08841003 040f0007 000f8310 ................ + 800dbba: 8300041f 040f001f 7f138112 00001b00 ................ + +0800dbca : + 800dbca: 007f007f 0043007f 0c30c083 01060073 ......C...0.s... + 800dbda: 0c300084 06000403 7f007f01 39007f00 ..0............9 + ... + +0800dbec : + 800dbec: 0031007f c0e06084 85001080 f030e0e0 ..1..`........0. + 800dbfc: 863008f0 6020f0f0 004f80c0 c189c00c ..0... `..O..... + 800dc0c: dccec7c3 c0e0f0f8 ff8f0009 0f0f00ff ................ + 800dc1c: cc8c0c0c cccc4ccc 00030f8f feff0183 .....L.......... + 800dc2c: 808a0057 3870e0c0 03070e1c 82000a01 W.....p8........ + 800dc3c: 0004ffff 301f0689 30302030 0004061f .......00 00.... + 800dc4c: 57ffff82 01018200 01820012 82031101 ...W............ + 800dc5c: 00410101 f8080889 00000808 400380c0 ..A............@ + 800dc6c: 80008083 80834004 40048000 c0008084 .....@.....@.... + 800dc7c: 84400380 f0400080 00094003 0804f081 ..@...@..@...... + 800dc8c: 00003083 80844004 0380c000 00808340 .0...@......@... + 800dc9c: 82400380 0034f880 1f101088 00001010 ..@...4......... + 800dcac: 8300041f 0409001f 000c8312 8312040f ................ + 800dcbc: 071f0013 030f8100 08088110 040f8100 ................ + 800dccc: 000c8310 8411030e 1f001f09 0f810006 ................ + 800dcdc: 08821003 1b007f1f .......... + +0800dce6 : + 800dce6: 002c007f 00888003 98f09000 1640d0a0 ..,...........@. + 800dcf6: 80808400 180330e0 18031081 80e03084 .....0.......0.. + 800dd06: 89004380 0c18f0c0 191373e6 89010519 .C.......s...... + 800dd16: 07030100 000039ef 92001501 f9ede702 .....9.......... + 800dd26: 783818c8 78381838 f9c81838 0042e7ed ..8x8.8x8.....B. + 800dd36: e03d0f85 000a0180 70c08085 0017023f ..=........p?... + 800dd46: 07fcf883 7e870304 640464fc 03047efc .......~.d.d.~.. + 800dd56: f0fc0783 01840043 06020301 03028306 ....C........... + 800dd66: 82001b01 06060703 06030781 06060781 ................ + 800dd76: 2b030782 03f88100 e0108408 40040000 ...+...........@ + 800dd86: c0008084 83400380 03800080 c0808440 ......@.....@... + 800dd96: 40048000 c0008084 81400380 81000380 ...@......@..... + 800dda6: 81000bf8 830804f0 04000030 00808340 ........0...@... + 800ddb6: 840004c0 f04000c0 00034003 d8404083 ......@..@...@@. + 800ddc6: 80810003 80844004 0380c000 03808140 .....@......@... + 800ddd6: 14f88100 031f8100 07088410 11030e00 ................ + 800dde6: 001f0984 8300041f 0347001f 7f848488 ..........G..... + 800ddf6: 12040f00 1f001383 1b810008 0f81000b ................ + 800de06: 0c831004 11030e00 001f0984 8510030f ................ + 800de16: 00001f08 8110030f 81000408 8100031f ................ + 800de26: 8310040f 041f000f 031f8100 7f1b8100 ................ + 800de36: 00000c00 .... + +0800de3a : + 800de3a: 007f007f 002f007f 0804f881 8000f083 ....../......... + 800de4a: 80844004 0380c000 00808440 0005f800 .@......@....... + 800de5a: 0004c081 8000c083 80824003 880057c0 .........@...W.. + 800de6a: 0503011f 0f001009 13841204 03047f00 ................ + 800de7a: 00078408 10030f00 0f000083 08841003 ................ + 800de8a: 0347001f 7f848288 007f007f 002e007f ..G............. + ... + +0800de9b : + 800de9b: 0035007f 04808082 60c08300 83180530 ..5........`0... + 800deab: 04c07030 6b808100 ff018600 070606fe 0p.....k........ + 800debb: e6810604 07860604 fffe0607 03006901 .............i.. + 800decb: bf078401 000580e0 0005ff81 bfe08084 ................ + 800dedb: 69010307 07068300 89010303 06060203 ...i............ + 800deeb: 02020607 83010303 62060703 04f88100 ...........b.... + 800defb: 00f88900 0830c000 060000f8 70008980 ......0........p + 800df0b: 08088888 04f80010 00088688 f8102040 ............@ .. + 800df1b: 0f810059 0f831004 02030300 00021f83 Y............... + 800df2b: 00890406 11101008 1f000e11 00041005 ................ + 800df3b: 007f1f81 ....... + +0800df42 : + 800df42: 0035007f 04808082 60c08300 83180530 ..5........`0... + 800df52: 04c07030 6b808100 ff018600 070606fe 0p.....k........ + 800df62: e6810604 07860604 fffe0607 03006901 .............i.. + 800df72: bf078401 000580e0 0005ff81 bfe08084 ................ + 800df82: 69010307 07068300 89010303 06060203 ...i............ + 800df92: 02020607 83010303 62060703 04f88100 ...........b.... + 800dfa2: 00f88300 824804f8 80060088 88700089 ......H.......p. + 800dfb2: 10080888 8804f800 30000883 88820803 ...........0.... + 800dfc2: 81005770 8310040f 0408000f 000f8210 pW.............. + 800dfd2: 00890406 11101008 1f000e11 00871005 ................ + 800dfe2: 11121418 007f1010 ........,.. + +0800dfed : + 800dfed: 0028007f 2060c085 18061030 60301085 ..(...` 0.....0` + 800dffd: 000f80c0 30e0e085 3008f0f0 20f0f086 .......0...0... + 800e00d: 4c80c060 fffc8300 82000e01 000eff03 `..L............ + 800e01d: 00ffff8f 0c0c0f0f 4ccccc8c 0f8fcccc ...........L.... + 800e02d: 01830003 004bfeff 0c060389 20303018 ......K......00 + 800e03d: 20036020 18103089 e0713f1e 000b80c0 `. .0...?q..... + 800e04d: 04ffff82 1f068900 30203030 04061f30 ........00 00... + 800e05d: ffff8200 0184005e 09060703 01018200 ....^........... + 800e06d: 01820311 88003c01 08888870 80001008 .....<..p....... + 800e07d: 80834004 40040000 c0008084 83400380 .@.....@......@. + 800e08d: 04800080 00808440 400380f8 00008086 ....@......@.... + 800e09d: 03d84040 80c08200 80834003 40038000 @@.......@.....@ + 800e0ad: 42c08082 10088800 0e111110 12040f00 ...B............ + 800e0bd: 0e001383 09841103 061f001f 040f8100 ................ + 800e0cd: 00088310 8100041f 8100041f 8100031f ................ + 800e0dd: 8300041f 0347001f 7f848788 38100000 ......G........8 + 800e0ed: 83000410 04103810 38108300 19007f10 .....8.....8.... + ... + +0800e0ff : + 800e0ff: 0035007f 0e80c082 6a800600 ffff8200 ..5........j.... + 800e10f: 80900005 603060c0 63c080c0 30181c37 .....`0`...c7..0 + 800e11f: 691e3f20 ffff8800 ceccc0c0 c005c1c7 ?.i............ + 800e12f: c009c181 007f8081 f8810056 f8840004 ........V....... + 800e13f: 0380c000 00808340 85400380 c000c080 ....@.....@..... + 800e14f: 83400380 04000080 00808340 87400380 ..@.....@.....@. + 800e15f: 0000f880 03d84040 80c08200 80834003 ....@@.......@.. + 800e16f: 40038000 42c08082 040f8100 000f8410 ...@...B........ + 800e17f: 0803047f 47000783 84848803 061f007f .......G........ + 800e18f: 030e8100 1f098411 10030f00 041f0882 ................ + 800e19f: 031f8100 041f8100 001f8300 82880347 ............G... + 800e1af: 007f7f84 ....".. + +0800e1b6 : + 800e1b6: 0038007f 60c08085 10033020 1018188a ..8....` 0...... + 800e1c6: 60303010 6b80c060 fce08400 00070107 .00``..k........ + 800e1d6: 07ffff82 0f038400 0068e0fc 380f0187 ..........h....8 + 800e1e6: 8080c060 018c0005 00060703 70c08080 `..............p + 800e1f6: 6d010f3c 01018e00 02020303 02020606 <..m............ + 800e206: 01010303 f881005a f8830004 40048000 ....Z..........@ + 800e216: c0008084 86400380 40000080 0004d840 ......@....@@... + 800e226: 0803f081 c0001083 c0860004 40400000 ..............@@ + 800e236: 820003d8 400380c0 80008083 80824003 .......@.....@.. + 800e246: 880042c0 18180601 0f000106 13831204 .B.............. + 800e256: 00091f00 00031f81 031f0182 00008301 ................ + 800e266: 82880347 00047f84 00031f81 00041f81 G............... + 800e276: 47001f83 84828803 22007f7f ...G.......".. + +0800e284 : + 800e284: 0038007f 60c08084 82000420 0004f8f8 ..8....` ....... + 800e294: c0606084 84006b80 0307fce0 ff820007 .``..k.......... + 800e2a4: 840007ff e0fc0f03 01870068 c060380f ........h....8`. + 800e2b4: 000a8080 c0808087 010f3c70 018e006d ........p<..m... + 800e2c4: 02030301 02060602 01030302 88005701 .............W.. + 800e2d4: 08888870 80001008 80834004 40048000 p........@.....@ + 800e2e4: 80008083 80824003 810008f8 860004f8 .....@.......... + 800e2f4: 400000f8 0003d840 0380c082 00808340 ...@@.......@... + 800e304: 83400480 03800080 f8808240 0888003b ..@.....@...;... + 800e314: 11111010 040f000e 00138312 8312040f ................ + 800e324: 030f0013 1f088210 07860008 18070718 ................ + 800e334: 81000407 8200031f 0803047f 0f000783 ................ + 800e344: 13831204 10030f00 7f1f0882 00001e00 ................ + 800e354: 65737361 64007472 676e776f 65646172 assert.downgrade + 800e364: 67697300 69616620 6f6e006c 72696620 .sig fail.no fir + 800e374: 7261776d 61460065 726f7463 6f622079 mware.Factory bo + 800e384: 5700746f 3a4e5241 64655220 67696c20 ot.WARN: Red lig + 800e394: 57007468 3a4e5241 736e5520 656e6769 ht.WARN: Unsigne + 800e3a4: 69662064 61776d72 47006572 20646f6f d firmware.Good + 800e3b4: 6d726966 65726177 726f6300 74707572 firmware.corrupt + 800e3c4: 72696620 7261776d firmware. + +0800e3ce : + 800e3ce: 2641cbb4 f36ce1f7 71b4f28f 0123fb1d ..A&..l....q..#. + 800e3de: 66d6760d 6ca38aa7 f6f9539b 0518587b .v.f...l.S..{X.. + 800e3ee: e93b0b58 b89fc431 113c0444 470f0896 X.;.1...D.<....G + 800e3fe: 37ed2581 4a9e237a 3818b7af da0438ba .%.7z#.J...8.8.. + 800e40e: 1dc8a2d6 df5e811c 6d290ca6 8d8f57b8 ......^...)m.W.. + 800e41e: 9269295e c178d1ce 31d7207b b596a17b ^)i...x.{ .1{... + 800e42e: 0c1bef3d c31a79aa c8c45845 ffeb2d8a =....y..EX...-.. + 800e43e: 01829bfe bc5e5f87 4fe5a596 9ffe68c7 ....._^....O.h.. + 800e44e: 0166ef42 95cfc456 38f0b5f4 c5261164 B.f.V......8d.&. + 800e45e: 66c13999 14120632 689c254c bad38c35 .9.f2...L%.h5... + 800e46e: 8cde7824 6cdfab52 7809bfb8 3a63bb03 $x..R..l...x..c: + 800e47e: 0ed90111 8f737aa4 7f3b18bf c87b0af0 .....zs...;...{. + 800e48e: 56546067 c5ec0c82 0882bc1d ef39c116 g`TV..........9. + 800e49e: 32babff5 e35fce7c d7621e74 4cc5fce9 ...2|._.t.b....L + 800e4ae: 8d11e88a 13c2adc3 2a4f2992 a4f8d2ea .........)O*.... + 800e4be: fe7cd5c4 3b450512 07598954 88d7d6da ..|...E;T.Y..... + 800e4ce: 37cfb143 1f897cd2 f3acfe5b 95fc33ba C..7.|..[....3.. + 800e4de: dde7d981 14ef9525 bb97efdd a7d8f333 ....%.......3... + 800e4ee: 977a2b34 73aab3ba 32419de7 17a1fcd8 4+z....s..A2.... + 800e4fe: fe0bb566 89214063 8e7b92c9 590bdf72 f...c@!...{.r..Y + ... + 800e54e: 20314553 666e6f63 66206769 006c6961 SE1 config fail. + 800e55e: 6c706572 72206775 69757165 00646572 replug required. + 800e56e: 72726f63 20747075 72696170 63657320 corrupt pair sec + 800e57e: 75636d00 6c756620 7562006c 66206e72 .mcu full.burn f + 800e58e: 3a6c6961 76210020 64696c61 6162003f ail: .!valid?.ba + 800e59e: 61762064 66003f6c 20747361 63697262 d val?.fast bric + 800e5ae: 2e2e2e6b 64200020 00656e6f 79706f43 k... . done.Copy + 800e5be: 68676972 30322074 202d3831 43207962 right 2018- by C + 800e5ce: 6b6e696f 20657469 2e636e49 206f6e00 oinkite Inc..no + 800e5de: 00726573 66206b77 0016006c 01410800 ser.wk fl.....A. + ... + 800e5fa: 000000ee 006100e1 218f0000 438f808f ......a....!...C + 800e60a: 430080af 20834300 43c343c3 43c343c3 ...C.C. .C.C.C.C + 800e61a: 43c343c3 0000438f ffffffff 00000000 .C.C.C.......... + 800e62a: ffffffff 00000000 00000000 000000f0 ................ + ... + 800e642: 00001502 003c0000 01bc005c 01bc01fc ......<.\....... + 800e652: 01dc01dc 03dc03d1 03dc03dc 03dc03dc ................ + 800e662: 01dc03dc 0001003c 00120000 00000000 ....<........... + 800e672: 00010000 00080000 02000000 00020000 ................ + 800e682: 00000000 00010000 00070000 .............. + +0800e690 : + 800e690: 0d0c0b09 .... + +0800e694 : + 800e694: 2e312e33 69742031 323d656d 30323230 3.1.1 time=20220 + 800e6a4: 2e343133 31333930 67203131 6d3d7469 314.093111 git=m + 800e6b4: 3840346b 62303033 0d003435 k4@8300b54.... + +0800e6c2 : + 800e6c2: 33323130 37363534 62613938 66656463 0123456789abcdef + 800e6d2: 41525350 6166204d 65006c69 65736172 PSRAM fail.erase + 800e6e2: 3d767220 72756200 7672206e 6120003d rv=.burn rv=. a + 800e6f2: 3d726464 52535000 616e203a 50006164 ddr=.PSR: nada.P + 800e702: 203a5253 65686321 50006b63 203a5253 SR: !check.PSR: + 800e712: 73726576 006e6f69 fc000000 00020000 version......... + 800e722: 00000000 00030000 000a0000 00080000 ................ + 800e732: 00100000 6f6c0000 7220676e 20646165 ......long read + 800e742: 6c696166 55464400 72617020 66206573 fail.DFU parse f + 800e752: 006c6961 646f6f67 72696620 7261776d ail.good firmwar + 800e762: 72770065 20676e6f 6c726f77 44530064 e.wrong world.SD + 800e772: 64726143 6900203a 2074696e 6c696166 Card: .init fail + 800e782: 65707300 77006465 00656469 7a697362 .speed.wide.bsiz + 800e792: 6f003f65 6166006b 72206c69 00646165 e?.ok.fail read. + 800e7a2: 53756644 6f660065 20646e75 52002040 DfuSe.found @ .R + 800e7b2: 766f6365 20797265 65646f6d 1f00002e ecovery mode.... + 800e7c2: 00020000 00010000 00030000 000c0000 ................ + 800e7d2: 00040000 00020000 00010000 00030000 ................ + 800e7e2: 000c0000 ...... + +0800e7e8 : + 800e7e8: 01002008 fffffc2f fffffffe ffffffff . ../........... + 800e7f8: ffffffff ffffffff ffffffff ffffffff ................ + 800e808: ffffffff d0364141 bfd25e8c af48a03b ....AA6..^..;.H. + 800e818: baaedce6 fffffffe ffffffff ffffffff ................ + 800e828: ffffffff 16f81798 59f2815b 2dce28d9 ........[..Y.(.- + 800e838: 029bfcdb ce870b07 55a06295 f9dcbbac .........b.U.... + 800e848: 79be667e fb10d4b8 9c47d08f a6855419 ~f.y......G..T.. + 800e858: fd17b448 0e1108a8 5da4fbfc 26a3c465 H..........]e..& + 800e868: 483ada77 00000007 00000000 00000000 w.:H............ + ... + 800e88c: 08006611 08005e95 0800606b 08005c81 .f...^..k`...\.. + +0800e89c : + 800e89c: 01002008 ffffffff ffffffff ffffffff . .............. + ... + 800e8b8: 00000001 ffffffff fc632551 f3b9cac2 ........Q%c..... + 800e8c8: a7179e84 bce6faad ffffffff ffffffff ................ + 800e8d8: 00000000 ffffffff d898c296 f4a13945 ............E9.. + 800e8e8: 2deb33a0 77037d81 63a440f2 f8bce6e5 .3.-.}.w.@.c.... + 800e8f8: e12c4247 6b17d1f2 37bf51f5 cbb64068 GB,....k.Q.7h@.. + 800e908: 6b315ece 2bce3357 7c0f9e16 8ee7eb4a .^1kW3.+...|J... + 800e918: fe1a7f9b 4fe342e2 27d2604b 3bce3c3e .....B.OK`.'><.; + 800e928: cc53b0f6 651d06b0 769886bc b3ebbd55 ..S....e...vU... + 800e938: aa3a93e7 5ac635d8 08006759 08005e95 ..:..5.ZYg...^.. + 800e948: 080066ff 08005cfd .f...\.. + +0800e950 : + ... + 800e958: 04030201 09080706 ........ + +0800e960 : + 800e960: 00000000 04030201 ........ + +0800e968 : + 800e968: 000186a0 00030d40 00061a80 000c3500 ....@........5.. + 800e978: 000f4240 001e8480 003d0900 007a1200 @B........=...z. + 800e988: 00f42400 016e3600 01e84800 02dc6c00 .$...6n..H...l.. + 800e998: 20727463 3f746573 00702100 00006000 ctr set?.!p..`.. + 800e9a8: 00000012 00000000 00000003 00000004 ................ + +0800e9b8 : + 800e9b8: 00008000 .... + +Disassembly of section .relocate: + +2009e000 : +{ +2009e000: b530 push {r4, r5, lr} + while(__HAL_FLASH_GET_FLAG(FLASH_FLAG_BSY)) { +2009e002: 4920 ldr r1, [pc, #128] ; (2009e084 ) +2009e004: 690c ldr r4, [r1, #16] +2009e006: 03e5 lsls r5, r4, #15 +2009e008: d4fc bmi.n 2009e004 + uint32_t error = (FLASH->SR & FLASH_FLAG_SR_ERRORS); +2009e00a: 690d ldr r5, [r1, #16] + if(error) { +2009e00c: 4c1e ldr r4, [pc, #120] ; (2009e088 ) +2009e00e: 4225 tst r5, r4 +2009e010: d104 bne.n 2009e01c + if (__HAL_FLASH_GET_FLAG(FLASH_FLAG_EOP)) { +2009e012: 690c ldr r4, [r1, #16] +2009e014: 07e4 lsls r4, r4, #31 + __HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP); +2009e016: bf44 itt mi +2009e018: 2401 movmi r4, #1 +2009e01a: 610c strmi r4, [r1, #16] + FLASH->SR = FLASH->SR & FLASH_FLAG_SR_ERRORS; +2009e01c: 4919 ldr r1, [pc, #100] ; (2009e084 ) +2009e01e: 4d1a ldr r5, [pc, #104] ; (2009e088 ) +2009e020: 690c ldr r4, [r1, #16] +2009e022: 402c ands r4, r5 +2009e024: 610c str r4, [r1, #16] + __HAL_FLASH_DATA_CACHE_DISABLE(); +2009e026: 680c ldr r4, [r1, #0] +2009e028: f424 6480 bic.w r4, r4, #1024 ; 0x400 +2009e02c: 600c str r4, [r1, #0] + CLEAR_BIT(FLASH->CR, (FLASH_CR_PG | FLASH_CR_MER1 | FLASH_CR_PER | FLASH_CR_PNB)); // added +2009e02e: 694c ldr r4, [r1, #20] +2009e030: f424 64ff bic.w r4, r4, #2040 ; 0x7f8 +2009e034: f024 0407 bic.w r4, r4, #7 +2009e038: 614c str r4, [r1, #20] + SET_BIT(FLASH->CR, FLASH_CR_PG); +2009e03a: 694c ldr r4, [r1, #20] +2009e03c: f044 0401 orr.w r4, r4, #1 +2009e040: 614c str r4, [r1, #20] + *(__IO uint32_t *)(address) = (uint32_t)val; +2009e042: 6002 str r2, [r0, #0] + __ASM volatile ("isb 0xF":::"memory"); +2009e044: f3bf 8f6f isb sy + *(__IO uint32_t *)(address+4) = (uint32_t)(val >> 32); +2009e048: 6043 str r3, [r0, #4] + while(__HAL_FLASH_GET_FLAG(FLASH_FLAG_BSY)) { +2009e04a: 690b ldr r3, [r1, #16] +2009e04c: 03da lsls r2, r3, #15 +2009e04e: d4fc bmi.n 2009e04a + uint32_t error = (FLASH->SR & FLASH_FLAG_SR_ERRORS); +2009e050: 6908 ldr r0, [r1, #16] + if(error) { +2009e052: 4028 ands r0, r5 +2009e054: d104 bne.n 2009e060 + if (__HAL_FLASH_GET_FLAG(FLASH_FLAG_EOP)) { +2009e056: 690b ldr r3, [r1, #16] +2009e058: 07db lsls r3, r3, #31 + __HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP); +2009e05a: bf44 itt mi +2009e05c: 2301 movmi r3, #1 +2009e05e: 610b strmi r3, [r1, #16] + CLEAR_BIT(FLASH->CR, FLASH_CR_PG); +2009e060: 4b08 ldr r3, [pc, #32] ; (2009e084 ) +2009e062: 695a ldr r2, [r3, #20] +2009e064: f022 0201 bic.w r2, r2, #1 +2009e068: 615a str r2, [r3, #20] + __HAL_FLASH_DATA_CACHE_RESET(); +2009e06a: 681a ldr r2, [r3, #0] +2009e06c: f442 5280 orr.w r2, r2, #4096 ; 0x1000 +2009e070: 601a str r2, [r3, #0] +2009e072: 681a ldr r2, [r3, #0] +2009e074: f422 5280 bic.w r2, r2, #4096 ; 0x1000 +2009e078: 601a str r2, [r3, #0] + __HAL_FLASH_DATA_CACHE_ENABLE(); +2009e07a: 681a ldr r2, [r3, #0] +2009e07c: f442 6280 orr.w r2, r2, #1024 ; 0x400 +2009e080: 601a str r2, [r3, #0] +} +2009e082: bd30 pop {r4, r5, pc} +2009e084: 40022000 .word 0x40022000 +2009e088: 0002c3fa .word 0x0002c3fa + +2009e08c : + if(page_num < ((BL_FLASH_SIZE + BL_NVROM_SIZE) / FLASH_ERASE_SIZE)) { +2009e08c: 4b2d ldr r3, [pc, #180] ; (2009e144 ) +2009e08e: 4003 ands r3, r0 +{ +2009e090: b510 push {r4, lr} + if(page_num < ((BL_FLASH_SIZE + BL_NVROM_SIZE) / FLASH_ERASE_SIZE)) { +2009e092: 2b00 cmp r3, #0 +2009e094: d054 beq.n 2009e140 + while(__HAL_FLASH_GET_FLAG(FLASH_FLAG_BSY)) { +2009e096: 4b2c ldr r3, [pc, #176] ; (2009e148 ) + page_num &= 0xff; +2009e098: f3c0 3207 ubfx r2, r0, #12, #8 + while(__HAL_FLASH_GET_FLAG(FLASH_FLAG_BSY)) { +2009e09c: 6919 ldr r1, [r3, #16] +2009e09e: 03c9 lsls r1, r1, #15 +2009e0a0: d4fc bmi.n 2009e09c + uint32_t error = (FLASH->SR & FLASH_FLAG_SR_ERRORS); +2009e0a2: 691c ldr r4, [r3, #16] + if(error) { +2009e0a4: 4929 ldr r1, [pc, #164] ; (2009e14c ) +2009e0a6: 420c tst r4, r1 +2009e0a8: d104 bne.n 2009e0b4 + if (__HAL_FLASH_GET_FLAG(FLASH_FLAG_EOP)) { +2009e0aa: 6919 ldr r1, [r3, #16] +2009e0ac: 07cc lsls r4, r1, #31 + __HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP); +2009e0ae: bf44 itt mi +2009e0b0: 2101 movmi r1, #1 +2009e0b2: 6119 strmi r1, [r3, #16] + FLASH->SR = FLASH->SR & 0xffff; +2009e0b4: 4b24 ldr r3, [pc, #144] ; (2009e148 ) +2009e0b6: 6919 ldr r1, [r3, #16] +2009e0b8: b289 uxth r1, r1 +2009e0ba: 6119 str r1, [r3, #16] + __HAL_FLASH_DATA_CACHE_DISABLE(); +2009e0bc: 6819 ldr r1, [r3, #0] +2009e0be: f421 6180 bic.w r1, r1, #1024 ; 0x400 +2009e0c2: 6019 str r1, [r3, #0] + SET_BIT(FLASH->CR, FLASH_CR_BKER); +2009e0c4: 6959 ldr r1, [r3, #20] + if(bank2) { +2009e0c6: f010 6ffe tst.w r0, #133169152 ; 0x7f00000 + SET_BIT(FLASH->CR, FLASH_CR_BKER); +2009e0ca: bf14 ite ne +2009e0cc: f441 6100 orrne.w r1, r1, #2048 ; 0x800 + CLEAR_BIT(FLASH->CR, FLASH_CR_BKER); +2009e0d0: f421 6100 biceq.w r1, r1, #2048 ; 0x800 +2009e0d4: 6159 str r1, [r3, #20] + MODIFY_REG(FLASH->CR, FLASH_CR_PNB, (page_num << POSITION_VAL(FLASH_CR_PNB))); +2009e0d6: 6959 ldr r1, [r3, #20] + uint32_t result; + +#if ((defined (__ARM_ARCH_7M__ ) && (__ARM_ARCH_7M__ == 1)) || \ + (defined (__ARM_ARCH_7EM__ ) && (__ARM_ARCH_7EM__ == 1)) || \ + (defined (__ARM_ARCH_8M_MAIN__ ) && (__ARM_ARCH_8M_MAIN__ == 1)) ) + __ASM volatile ("rbit %0, %1" : "=r" (result) : "r" (value) ); +2009e0d8: f44f 63ff mov.w r3, #2040 ; 0x7f8 +2009e0dc: f421 61ff bic.w r1, r1, #2040 ; 0x7f8 +2009e0e0: fa93 f3a3 rbit r3, r3 + */ + if (value == 0U) + { + return 32U; + } + return __builtin_clz(value); +2009e0e4: fab3 f383 clz r3, r3 +2009e0e8: 409a lsls r2, r3 +2009e0ea: 4b17 ldr r3, [pc, #92] ; (2009e148 ) +2009e0ec: 430a orrs r2, r1 +2009e0ee: 615a str r2, [r3, #20] + SET_BIT(FLASH->CR, FLASH_CR_PER); +2009e0f0: 695a ldr r2, [r3, #20] +2009e0f2: f042 0202 orr.w r2, r2, #2 +2009e0f6: 615a str r2, [r3, #20] + SET_BIT(FLASH->CR, FLASH_CR_STRT); +2009e0f8: 695a ldr r2, [r3, #20] +2009e0fa: f442 3280 orr.w r2, r2, #65536 ; 0x10000 +2009e0fe: 615a str r2, [r3, #20] + while(__HAL_FLASH_GET_FLAG(FLASH_FLAG_BSY)) { +2009e100: 691a ldr r2, [r3, #16] +2009e102: 03d1 lsls r1, r2, #15 +2009e104: d4fc bmi.n 2009e100 + uint32_t error = (FLASH->SR & FLASH_FLAG_SR_ERRORS); +2009e106: 6918 ldr r0, [r3, #16] +2009e108: 4a10 ldr r2, [pc, #64] ; (2009e14c ) + if(error) { +2009e10a: 4010 ands r0, r2 +2009e10c: d104 bne.n 2009e118 + if (__HAL_FLASH_GET_FLAG(FLASH_FLAG_EOP)) { +2009e10e: 691a ldr r2, [r3, #16] +2009e110: 07d2 lsls r2, r2, #31 + __HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP); +2009e112: bf44 itt mi +2009e114: 2201 movmi r2, #1 +2009e116: 611a strmi r2, [r3, #16] + CLEAR_BIT(FLASH->CR, (FLASH_CR_PER | FLASH_CR_PNB)); +2009e118: 4b0b ldr r3, [pc, #44] ; (2009e148 ) +2009e11a: 695a ldr r2, [r3, #20] +2009e11c: f422 62ff bic.w r2, r2, #2040 ; 0x7f8 +2009e120: f022 0202 bic.w r2, r2, #2 +2009e124: 615a str r2, [r3, #20] + __HAL_FLASH_DATA_CACHE_RESET(); +2009e126: 681a ldr r2, [r3, #0] +2009e128: f442 5280 orr.w r2, r2, #4096 ; 0x1000 +2009e12c: 601a str r2, [r3, #0] +2009e12e: 681a ldr r2, [r3, #0] +2009e130: f422 5280 bic.w r2, r2, #4096 ; 0x1000 +2009e134: 601a str r2, [r3, #0] + __HAL_FLASH_DATA_CACHE_ENABLE(); +2009e136: 681a ldr r2, [r3, #0] +2009e138: f442 6280 orr.w r2, r2, #1024 ; 0x400 +2009e13c: 601a str r2, [r3, #0] +} +2009e13e: bd10 pop {r4, pc} + return 1; +2009e140: 2001 movs r0, #1 +2009e142: e7fc b.n 2009e13e +2009e144: 07fe0000 .word 0x07fe0000 +2009e148: 40022000 .word 0x40022000 +2009e14c: 0002c3fa .word 0x0002c3fa