diff --git a/stm32/q1-bootloader/releases/1.0.3.txt b/stm32/q1-bootloader/releases/1.0.3.txt new file mode 100644 index 00000000..d696b7eb --- /dev/null +++ b/stm32/q1-bootloader/releases/1.0.3.txt @@ -0,0 +1,4 @@ +f88f4736b1d05d5b137beb16a20a32a7782c2ec965f1596f390d7e40f16ce163 bootloader.dfu +29b9e631d4ea1e0918bdbb96bfd4c375a448548e97e9ab2de92f2788129e996f bootloader.bin +68ac9176fe6cc2be2baca7b825b7ed171e7486bd496d3401d3449164c8efbc8e bootloader.lss +1.0.3 time=20240207.105030 git=Q@bd91f5f diff --git a/stm32/q1-bootloader/releases/1.0.3/bootloader.bin b/stm32/q1-bootloader/releases/1.0.3/bootloader.bin new file mode 100644 index 00000000..fae0f2e5 Binary files /dev/null and b/stm32/q1-bootloader/releases/1.0.3/bootloader.bin differ diff --git a/stm32/q1-bootloader/releases/1.0.3/bootloader.dfu b/stm32/q1-bootloader/releases/1.0.3/bootloader.dfu new file mode 100644 index 00000000..e5e7d0a1 Binary files /dev/null and b/stm32/q1-bootloader/releases/1.0.3/bootloader.dfu differ diff --git a/stm32/q1-bootloader/releases/1.0.3/bootloader.lss b/stm32/q1-bootloader/releases/1.0.3/bootloader.lss new file mode 100644 index 00000000..07daa71d --- /dev/null +++ b/stm32/q1-bootloader/releases/1.0.3/bootloader.lss @@ -0,0 +1,35446 @@ + +bootloader.elf: file format elf32-littlearm + +Sections: +Idx Name Size VMA LMA File off Algn + 0 .text 00010ac4 08000000 08000000 00010000 2**8 + CONTENTS, ALLOC, LOAD, READONLY, CODE + 1 .relocate 00000150 2009e000 08010ac4 0002e000 2**2 + CONTENTS, ALLOC, LOAD, READONLY, CODE + 2 .bss 000002ec 2009e150 08010c14 0002e150 2**2 + ALLOC + 3 .stack 00000804 2009e43c 08010f00 0002e150 2**0 + ALLOC + 4 .debug_info 0002c7d2 00000000 00000000 0002e150 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 5 .debug_abbrev 000060ce 00000000 00000000 0005a922 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 6 .debug_loc 000148fc 00000000 00000000 000609f0 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 7 .debug_aranges 000010e0 00000000 00000000 000752ec 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 8 .debug_ranges 00002208 00000000 00000000 000763cc 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 9 .debug_macro 000325ab 00000000 00000000 000785d4 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 10 .debug_line 0001e353 00000000 00000000 000aab7f 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 11 .debug_str 0011cf08 00000000 00000000 000c8ed2 2**0 + CONTENTS, READONLY, DEBUGGING, OCTETS + 12 .comment 00000049 00000000 00000000 001e5dda 2**0 + CONTENTS, READONLY + 13 .ARM.attributes 00000032 00000000 00000000 001e5e23 2**0 + CONTENTS, READONLY + 14 .debug_frame 0000372c 00000000 00000000 001e5e58 2**2 + CONTENTS, READONLY, DEBUGGING, OCTETS + +Disassembly of section .text: + +08000000 <_sfixed>: + 8000000: 200a0000 .word 0x200a0000 + 8000004: 080000b5 .word 0x080000b5 + 8000008: 0800001d .word 0x0800001d + 800000c: 0800001f .word 0x0800001f + 8000010: 08000021 .word 0x08000021 + 8000014: 08000023 .word 0x08000023 + 8000018: 08000025 .word 0x08000025 + +0800001c : + 800001c: be01 bkpt 0x0001 + +0800001e : + 800001e: be02 bkpt 0x0002 + +08000020 : + 8000020: be03 bkpt 0x0003 + +08000022 : + 8000022: be04 bkpt 0x0004 + +08000024 : + 8000024: be05 bkpt 0x0005 + 8000026: e7fe b.n 8000026 + +08000028 : + ... + 8000040: 08000305 .word 0x08000305 + +08000044 : + 8000044: 00000200 .word 0x00000200 + ... + 8000060: 20296328 .word 0x20296328 + 8000064: 79706f43 .word 0x79706f43 + 8000068: 68676972 .word 0x68676972 + 800006c: 30322074 .word 0x30322074 + 8000070: 322d3831 .word 0x322d3831 + 8000074: 20323230 .word 0x20323230 + 8000078: 43207962 .word 0x43207962 + 800007c: 6b6e696f .word 0x6b6e696f + 8000080: 20657469 .word 0x20657469 + 8000084: 2e636e49 .word 0x2e636e49 + 8000088: 0a200a20 .word 0x0a200a20 + 800008c: 73696854 .word 0x73696854 + 8000090: 61707320 .word 0x61707320 + 8000094: 66206563 .word 0x66206563 + 8000098: 7220726f .word 0x7220726f + 800009c: 21746e65 .word 0x21746e65 + 80000a0: 73754a20 .word 0x73754a20 + 80000a4: 42312074 .word 0x42312074 + 80000a8: 792f4354 .word 0x792f4354 + 80000ac: 2e726165 .word 0x2e726165 + 80000b0: 0a200a20 .word 0x0a200a20 + +080000b4 : + 80000b4: f000 f816 bl 80000e4 + 80000b8: f04f 30ff mov.w r0, #4294967295 ; 0xffffffff + 80000bc: f04f 0100 mov.w r1, #0 + 80000c0: f04f 0200 mov.w r2, #0 + 80000c4: f04f 0300 mov.w r3, #0 + 80000c8: f000 f91c bl 8000304 + 80000cc: f248 0120 movw r1, #32800 ; 0x8020 + 80000d0: ea4f 3101 mov.w r1, r1, lsl #12 + 80000d4: 6808 ldr r0, [r1, #0] + 80000d6: 4685 mov sp, r0 + 80000d8: f04f 0001 mov.w r0, #1 + 80000dc: f8d1 e004 ldr.w lr, [r1, #4] + 80000e0: 4770 bx lr + ... + +080000e4 : + void +firewall_setup(void) +{ + // This is critical: without the clock enabled to "SYSCFG" we + // can't tell the FW is enabled or not! Enabling it would also not work + __HAL_RCC_SYSCFG_CLK_ENABLE(); + 80000e4: 4b1b ldr r3, [pc, #108] ; (8000154 ) +{ + 80000e6: b500 push {lr} + __HAL_RCC_SYSCFG_CLK_ENABLE(); + 80000e8: 6e1a ldr r2, [r3, #96] ; 0x60 + 80000ea: f042 0201 orr.w r2, r2, #1 + 80000ee: 661a str r2, [r3, #96] ; 0x60 + 80000f0: 6e1b ldr r3, [r3, #96] ; 0x60 +{ + 80000f2: b08b sub sp, #44 ; 0x2c + __HAL_RCC_SYSCFG_CLK_ENABLE(); + 80000f4: f003 0301 and.w r3, r3, #1 + 80000f8: 9300 str r3, [sp, #0] + 80000fa: 9b00 ldr r3, [sp, #0] + + if(__HAL_FIREWALL_IS_ENABLED()) { + 80000fc: 4b16 ldr r3, [pc, #88] ; (8000158 ) + 80000fe: 685b ldr r3, [r3, #4] + 8000100: 07db lsls r3, r3, #31 + 8000102: d524 bpl.n 800014e + // REMINDERS: + // - cannot debug anything in boot loader w/ firewall enabled (no readback, no bkpt) + // - when RDP=2, this protection still important or else python can read pairing secret + // - in factory mode (RDP!=2), it's nice to have this disabled so we can debug still + // - could look at RDP level here, but it would be harder to completely reset the bag number! + if(check_all_ones_raw(rom_secrets->bag_number, sizeof(rom_secrets->bag_number))) { + 8000104: 4815 ldr r0, [pc, #84] ; (800015c ) + 8000106: 2120 movs r1, #32 + 8000108: f002 fb86 bl 8002818 + 800010c: b9f8 cbnz r0, 800014e + // for debug builds, never enable firewall + return; +#endif + + extern int firewall_starts; // see startup.S ... aligned@256 (0x08000300) + uint32_t start = (uint32_t)&firewall_starts; + 800010e: 4b14 ldr r3, [pc, #80] ; (8000160 ) + uint32_t len = BL_FLASH_SIZE - (start - BL_FLASH_BASE); + 8000110: 4a14 ldr r2, [pc, #80] ; (8000164 ) + // but sensitive stuff is still there (which would allow bypass) + // - so it's important to enable option bytes to set write-protect flash of entire bootloader + // - to disable debug and complete protection, must enable write-protect "level 2" (RDP=2) + // + + FIREWALL_InitTypeDef init = { + 8000112: 9302 str r3, [sp, #8] + uint32_t len = BL_FLASH_SIZE - (start - BL_FLASH_BASE); + 8000114: 1ad3 subs r3, r2, r3 + FIREWALL_InitTypeDef init = { + 8000116: e9cd 3203 strd r3, r2, [sp, #12] + 800011a: f44f 4380 mov.w r3, #16384 ; 0x4000 + 800011e: e9cd 3005 strd r3, r0, [sp, #20] + 8000122: e9cd 0007 strd r0, r0, [sp, #28] + 8000126: 9009 str r0, [sp, #36] ; 0x24 + .VDataSegmentLength = 0, + .VolatileDataExecution = 0, + .VolatileDataShared = 0, + }; + + int rv = HAL_FIREWALL_Config((FIREWALL_InitTypeDef *)&init); + 8000128: a802 add r0, sp, #8 + 800012a: f000 f821 bl 8000170 + if(rv) { + 800012e: b110 cbz r0, 8000136 + INCONSISTENT("fw"); + 8000130: 480d ldr r0, [pc, #52] ; (8000168 ) + 8000132: f000 fc93 bl 8000a5c + } + + __HAL_FIREWALL_PREARM_DISABLE(); + 8000136: 4b0d ldr r3, [pc, #52] ; (800016c ) + 8000138: 6a1a ldr r2, [r3, #32] + 800013a: f022 0201 bic.w r2, r2, #1 + 800013e: 621a str r2, [r3, #32] + 8000140: 6a1b ldr r3, [r3, #32] + 8000142: f003 0301 and.w r3, r3, #1 + 8000146: 9301 str r3, [sp, #4] + 8000148: 9b01 ldr r3, [sp, #4] + HAL_FIREWALL_EnableFirewall(); + 800014a: f000 f88b bl 8000264 +} + 800014e: b00b add sp, #44 ; 0x2c + 8000150: f85d fb04 ldr.w pc, [sp], #4 + 8000154: 40021000 .word 0x40021000 + 8000158: 40010000 .word 0x40010000 + 800015c: 0801c050 .word 0x0801c050 + 8000160: 08000300 .word 0x08000300 + 8000164: 0801c000 .word 0x0801c000 + 8000168: 0800d990 .word 0x0800d990 + 800016c: 40011c00 .word 0x40011c00 + +08000170 : + * @param fw_init: Firewall initialization structure + * @note The API returns HAL_ERROR if the Firewall is already enabled. + * @retval HAL status + */ +HAL_StatusTypeDef HAL_FIREWALL_Config(FIREWALL_InitTypeDef * fw_init) +{ + 8000170: b573 push {r0, r1, r4, r5, r6, lr} + /* Check the Firewall initialization structure allocation */ + if(fw_init == NULL) + 8000172: b910 cbnz r0, 800017a + { + return HAL_ERROR; + 8000174: 2001 movs r0, #1 + /* Set Firewall Configuration Register VDE and VDS bits + (volatile data execution and shared configuration) */ + MODIFY_REG(FIREWALL->CR, FW_CR_VDS|FW_CR_VDE, fw_init->VolatileDataExecution|fw_init->VolatileDataShared); + + return HAL_OK; +} + 8000176: b002 add sp, #8 + 8000178: bd70 pop {r4, r5, r6, pc} + __HAL_RCC_FIREWALL_CLK_ENABLE(); + 800017a: 4b19 ldr r3, [pc, #100] ; (80001e0 ) + 800017c: 6e1a ldr r2, [r3, #96] ; 0x60 + 800017e: f042 0280 orr.w r2, r2, #128 ; 0x80 + 8000182: 661a str r2, [r3, #96] ; 0x60 + 8000184: 6e1b ldr r3, [r3, #96] ; 0x60 + 8000186: f003 0380 and.w r3, r3, #128 ; 0x80 + 800018a: 9301 str r3, [sp, #4] + 800018c: 9b01 ldr r3, [sp, #4] + if (__HAL_FIREWALL_IS_ENABLED() != RESET) + 800018e: 4b15 ldr r3, [pc, #84] ; (80001e4 ) + 8000190: 685b ldr r3, [r3, #4] + 8000192: 07db lsls r3, r3, #31 + 8000194: d5ee bpl.n 8000174 + if (fw_init->CodeSegmentLength != 0U) + 8000196: 6841 ldr r1, [r0, #4] + if (fw_init->NonVDataSegmentLength < 0x100U) + 8000198: 68c2 ldr r2, [r0, #12] + if (fw_init->CodeSegmentLength != 0U) + 800019a: b109 cbz r1, 80001a0 + if (fw_init->NonVDataSegmentLength < 0x100U) + 800019c: 2aff cmp r2, #255 ; 0xff + 800019e: d9e9 bls.n 8000174 + WRITE_REG(FIREWALL->CSSA, (FW_CSSA_ADD & fw_init->CodeSegmentStartAddress)); + 80001a0: 6803 ldr r3, [r0, #0] + 80001a2: 4e11 ldr r6, [pc, #68] ; (80001e8 ) + if (fw_init->VDataSegmentLength != 0U) + 80001a4: 6944 ldr r4, [r0, #20] + WRITE_REG(FIREWALL->CSSA, (FW_CSSA_ADD & fw_init->CodeSegmentStartAddress)); + 80001a6: ea03 0506 and.w r5, r3, r6 + 80001aa: 4b10 ldr r3, [pc, #64] ; (80001ec ) + 80001ac: 601d str r5, [r3, #0] + WRITE_REG(FIREWALL->CSL, (FW_CSL_LENG & fw_init->CodeSegmentLength)); + 80001ae: 4d10 ldr r5, [pc, #64] ; (80001f0 ) + 80001b0: 4029 ands r1, r5 + 80001b2: 6059 str r1, [r3, #4] + WRITE_REG(FIREWALL->NVDSSA, (FW_NVDSSA_ADD & fw_init->NonVDataSegmentStartAddress)); + 80001b4: 6881 ldr r1, [r0, #8] + WRITE_REG(FIREWALL->NVDSL, (FW_NVDSL_LENG & fw_init->NonVDataSegmentLength)); + 80001b6: 402a ands r2, r5 + WRITE_REG(FIREWALL->NVDSSA, (FW_NVDSSA_ADD & fw_init->NonVDataSegmentStartAddress)); + 80001b8: 4031 ands r1, r6 + 80001ba: 6099 str r1, [r3, #8] + WRITE_REG(FIREWALL->NVDSL, (FW_NVDSL_LENG & fw_init->NonVDataSegmentLength)); + 80001bc: 60da str r2, [r3, #12] + WRITE_REG(FIREWALL->VDSSA, (FW_VDSSA_ADD & fw_init->VDataSegmentStartAddress)); + 80001be: 6901 ldr r1, [r0, #16] + 80001c0: 4a0c ldr r2, [pc, #48] ; (80001f4 ) + 80001c2: 4011 ands r1, r2 + WRITE_REG(FIREWALL->VDSL, (FW_VDSL_LENG & fw_init->VDataSegmentLength)); + 80001c4: 4022 ands r2, r4 + WRITE_REG(FIREWALL->VDSSA, (FW_VDSSA_ADD & fw_init->VDataSegmentStartAddress)); + 80001c6: 6119 str r1, [r3, #16] + WRITE_REG(FIREWALL->VDSL, (FW_VDSL_LENG & fw_init->VDataSegmentLength)); + 80001c8: 615a str r2, [r3, #20] + MODIFY_REG(FIREWALL->CR, FW_CR_VDS|FW_CR_VDE, fw_init->VolatileDataExecution|fw_init->VolatileDataShared); + 80001ca: e9d0 2006 ldrd r2, r0, [r0, #24] + 80001ce: 6a19 ldr r1, [r3, #32] + 80001d0: 4302 orrs r2, r0 + 80001d2: f021 0106 bic.w r1, r1, #6 + 80001d6: 430a orrs r2, r1 + 80001d8: 621a str r2, [r3, #32] + return HAL_OK; + 80001da: 2000 movs r0, #0 + 80001dc: e7cb b.n 8000176 + 80001de: bf00 nop + 80001e0: 40021000 .word 0x40021000 + 80001e4: 40010000 .word 0x40010000 + 80001e8: 00ffff00 .word 0x00ffff00 + 80001ec: 40011c00 .word 0x40011c00 + 80001f0: 003fff00 .word 0x003fff00 + 80001f4: 0003ffc0 .word 0x0003ffc0 + +080001f8 : +void HAL_FIREWALL_GetConfig(FIREWALL_InitTypeDef * fw_config) +{ + + /* Enable Firewall clock, in case no Firewall configuration has been carried + out up to this point */ + __HAL_RCC_FIREWALL_CLK_ENABLE(); + 80001f8: 4b15 ldr r3, [pc, #84] ; (8000250 ) + 80001fa: 6e1a ldr r2, [r3, #96] ; 0x60 +{ + 80001fc: b573 push {r0, r1, r4, r5, r6, lr} + __HAL_RCC_FIREWALL_CLK_ENABLE(); + 80001fe: f042 0280 orr.w r2, r2, #128 ; 0x80 + 8000202: 661a str r2, [r3, #96] ; 0x60 + 8000204: 6e1b ldr r3, [r3, #96] ; 0x60 + + /* Retrieve code segment protection setting */ + fw_config->CodeSegmentStartAddress = (READ_REG(FIREWALL->CSSA) & FW_CSSA_ADD); + 8000206: 4e13 ldr r6, [pc, #76] ; (8000254 ) + fw_config->CodeSegmentLength = (READ_REG(FIREWALL->CSL) & FW_CSL_LENG); + 8000208: 4d13 ldr r5, [pc, #76] ; (8000258 ) + __HAL_RCC_FIREWALL_CLK_ENABLE(); + 800020a: f003 0380 and.w r3, r3, #128 ; 0x80 + 800020e: 9301 str r3, [sp, #4] + 8000210: 9b01 ldr r3, [sp, #4] + fw_config->CodeSegmentStartAddress = (READ_REG(FIREWALL->CSSA) & FW_CSSA_ADD); + 8000212: 4b12 ldr r3, [pc, #72] ; (800025c ) + 8000214: 681a ldr r2, [r3, #0] + 8000216: 4032 ands r2, r6 + 8000218: 6002 str r2, [r0, #0] + fw_config->CodeSegmentLength = (READ_REG(FIREWALL->CSL) & FW_CSL_LENG); + 800021a: 685c ldr r4, [r3, #4] + 800021c: 402c ands r4, r5 + 800021e: 6044 str r4, [r0, #4] + + /* Retrieve non volatile data segment protection setting */ + fw_config->NonVDataSegmentStartAddress = (READ_REG(FIREWALL->NVDSSA) & FW_NVDSSA_ADD); + 8000220: 6899 ldr r1, [r3, #8] + fw_config->NonVDataSegmentLength = (READ_REG(FIREWALL->NVDSL) & FW_NVDSL_LENG); + + /* Retrieve volatile data segment protection setting */ + fw_config->VDataSegmentStartAddress = (READ_REG(FIREWALL->VDSSA) & FW_VDSSA_ADD); + 8000222: 4c0f ldr r4, [pc, #60] ; (8000260 ) + fw_config->NonVDataSegmentStartAddress = (READ_REG(FIREWALL->NVDSSA) & FW_NVDSSA_ADD); + 8000224: 4031 ands r1, r6 + 8000226: 6081 str r1, [r0, #8] + fw_config->NonVDataSegmentLength = (READ_REG(FIREWALL->NVDSL) & FW_NVDSL_LENG); + 8000228: 68da ldr r2, [r3, #12] + 800022a: 402a ands r2, r5 + 800022c: 60c2 str r2, [r0, #12] + fw_config->VDataSegmentStartAddress = (READ_REG(FIREWALL->VDSSA) & FW_VDSSA_ADD); + 800022e: 6919 ldr r1, [r3, #16] + 8000230: 4021 ands r1, r4 + 8000232: 6101 str r1, [r0, #16] + fw_config->VDataSegmentLength = (READ_REG(FIREWALL->VDSL) & FW_VDSL_LENG); + 8000234: 695a ldr r2, [r3, #20] + 8000236: 4022 ands r2, r4 + 8000238: 6142 str r2, [r0, #20] + + /* Retrieve volatile data execution setting */ + fw_config->VolatileDataExecution = (READ_REG(FIREWALL->CR) & FW_CR_VDE); + 800023a: 6a1a ldr r2, [r3, #32] + 800023c: f002 0204 and.w r2, r2, #4 + 8000240: 6182 str r2, [r0, #24] + + /* Retrieve volatile data shared setting */ + fw_config->VolatileDataShared = (READ_REG(FIREWALL->CR) & FW_CR_VDS); + 8000242: 6a1b ldr r3, [r3, #32] + 8000244: f003 0302 and.w r3, r3, #2 + 8000248: 61c3 str r3, [r0, #28] + + return; +} + 800024a: b002 add sp, #8 + 800024c: bd70 pop {r4, r5, r6, pc} + 800024e: bf00 nop + 8000250: 40021000 .word 0x40021000 + 8000254: 00ffff00 .word 0x00ffff00 + 8000258: 003fff00 .word 0x003fff00 + 800025c: 40011c00 .word 0x40011c00 + 8000260: 0003ffc0 .word 0x0003ffc0 + +08000264 : + * @retval None + */ +void HAL_FIREWALL_EnableFirewall(void) +{ + /* Clears FWDIS bit of SYSCFG CFGR1 register */ + CLEAR_BIT(SYSCFG->CFGR1, SYSCFG_CFGR1_FWDIS); + 8000264: 4a02 ldr r2, [pc, #8] ; (8000270 ) + 8000266: 6853 ldr r3, [r2, #4] + 8000268: f023 0301 bic.w r3, r3, #1 + 800026c: 6053 str r3, [r2, #4] + +} + 800026e: 4770 bx lr + 8000270: 40010000 .word 0x40010000 + +08000274 : + * @retval None + */ +void HAL_FIREWALL_EnablePreArmFlag(void) +{ + /* Set FPA bit */ + SET_BIT(FIREWALL->CR, FW_CR_FPA); + 8000274: 4a02 ldr r2, [pc, #8] ; (8000280 ) + 8000276: 6a13 ldr r3, [r2, #32] + 8000278: f043 0301 orr.w r3, r3, #1 + 800027c: 6213 str r3, [r2, #32] +} + 800027e: 4770 bx lr + 8000280: 40011c00 .word 0x40011c00 + +08000284 : + * @retval None + */ +void HAL_FIREWALL_DisablePreArmFlag(void) +{ + /* Clear FPA bit */ + CLEAR_BIT(FIREWALL->CR, FW_CR_FPA); + 8000284: 4a02 ldr r2, [pc, #8] ; (8000290 ) + 8000286: 6a13 ldr r3, [r2, #32] + 8000288: f023 0301 bic.w r3, r3, #1 + 800028c: 6213 str r3, [r2, #32] +} + 800028e: 4770 bx lr + 8000290: 40011c00 .word 0x40011c00 + ... + +08000300 <_firewall_start>: + 8000300: 0f193a11 .word 0x0f193a11 + +08000304 : + 8000304: f24e 0900 movw r9, #57344 ; 0xe000 + 8000308: f2c2 0909 movt r9, #8201 ; 0x2009 + 800030c: f44f 5a00 mov.w sl, #8192 ; 0x2000 + 8000310: 44ca add sl, r9 + +08000312 : + 8000312: f849 ab04 str.w sl, [r9], #4 + 8000316: 45d1 cmp r9, sl + 8000318: d1fb bne.n 8000312 + 800031a: 46ea mov sl, sp + 800031c: 46cd mov sp, r9 + 800031e: e92d 4400 stmdb sp!, {sl, lr} + +08000322 : + 8000322: f000 f841 bl 80003a8 + 8000326: e8bd 4400 ldmia.w sp!, {sl, lr} + 800032a: 46d5 mov sp, sl + 800032c: f24e 0900 movw r9, #57344 ; 0xe000 + 8000330: f2c2 0909 movt r9, #8201 ; 0x2009 + 8000334: f44f 5a00 mov.w sl, #8192 ; 0x2000 + 8000338: 44ca add sl, r9 + +0800033a : + 800033a: f849 0b04 str.w r0, [r9], #4 + 800033e: 45d1 cmp r9, sl + 8000340: d1fb bne.n 800033a + 8000342: 4770 bx lr + +08000344 <__NVIC_SystemReset>: + \details Acts as a special kind of Data Memory Barrier. + It completes when all explicit memory accesses before this instruction complete. + */ +__STATIC_FORCEINLINE void __DSB(void) +{ + __ASM volatile ("dsb 0xF":::"memory"); + 8000344: f3bf 8f4f dsb sy +__NO_RETURN __STATIC_INLINE void __NVIC_SystemReset(void) +{ + __DSB(); /* Ensure all outstanding memory accesses included + buffered write are completed before reset */ + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 8000348: 4905 ldr r1, [pc, #20] ; (8000360 <__NVIC_SystemReset+0x1c>) + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 800034a: 4b06 ldr r3, [pc, #24] ; (8000364 <__NVIC_SystemReset+0x20>) + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 800034c: 68ca ldr r2, [r1, #12] + 800034e: f402 62e0 and.w r2, r2, #1792 ; 0x700 + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 8000352: 4313 orrs r3, r2 + 8000354: 60cb str r3, [r1, #12] + 8000356: f3bf 8f4f dsb sy + SCB_AIRCR_SYSRESETREQ_Msk ); /* Keep priority group unchanged */ + __DSB(); /* Ensure completion of memory access */ + + for(;;) /* wait until reset */ + { + __NOP(); + 800035a: bf00 nop + for(;;) /* wait until reset */ + 800035c: e7fd b.n 800035a <__NVIC_SystemReset+0x16> + 800035e: bf00 nop + 8000360: e000ed00 .word 0xe000ed00 + 8000364: 05fa0004 .word 0x05fa0004 + +08000368 : +good_addr(const uint8_t *b, int minlen, int len, bool readonly) +{ + uint32_t x = (uint32_t)b; + + if(minlen) { + if(!b) return EFAULT; // gave no buffer + 8000368: b198 cbz r0, 8000392 + if(len < minlen) return ERANGE; // too small + 800036a: 4291 cmp r1, r2 + 800036c: dc13 bgt.n 8000396 + } + + if((x >= SRAM1_BASE) && ((x+len) <= BL_SRAM_BASE)) { + 800036e: f1b0 5f00 cmp.w r0, #536870912 ; 0x20000000 + 8000372: d303 bcc.n 800037c + 8000374: 490b ldr r1, [pc, #44] ; (80003a4 ) + 8000376: 4402 add r2, r0 + 8000378: 428a cmp r2, r1 + 800037a: d90e bls.n 800039a + // ok: it's inside the SRAM areas, up to where we start + return 0; + } + + if(!readonly) { + 800037c: b17b cbz r3, 800039e + return EPERM; + } + + if((x >= FIRMWARE_START) && (x - FIRMWARE_START) < FW_MAX_LENGTH_MK4) { + 800037e: f100 4077 add.w r0, r0, #4143972352 ; 0xf7000000 + 8000382: f500 007e add.w r0, r0, #16646144 ; 0xfe0000 + // inside flash of main firmware (happens for QSTR's) + return 0; + } + + return EACCES; + 8000386: f5b0 1ff0 cmp.w r0, #1966080 ; 0x1e0000 + 800038a: bf34 ite cc + 800038c: 2000 movcc r0, #0 + 800038e: 200d movcs r0, #13 + 8000390: 4770 bx lr + if(!b) return EFAULT; // gave no buffer + 8000392: 200e movs r0, #14 + 8000394: 4770 bx lr + if(len < minlen) return ERANGE; // too small + 8000396: 2022 movs r0, #34 ; 0x22 + 8000398: 4770 bx lr + return 0; + 800039a: 2000 movs r0, #0 + 800039c: 4770 bx lr + return EPERM; + 800039e: 2001 movs r0, #1 +} + 80003a0: 4770 bx lr + 80003a2: bf00 nop + 80003a4: 2009e000 .word 0x2009e000 + +080003a8 : +// + __attribute__ ((used)) + int +firewall_dispatch(int method_num, uint8_t *buf_io, int len_in, + uint32_t arg2, uint32_t incoming_sp, uint32_t incoming_lr) +{ + 80003a8: b570 push {r4, r5, r6, lr} + 80003aa: b09e sub sp, #120 ; 0x78 + 80003ac: 460d mov r5, r1 + 80003ae: 9c23 ldr r4, [sp, #140] ; 0x8c + 80003b0: 9301 str r3, [sp, #4] + __ASM volatile ("cpsid i" : : : "memory"); + 80003b2: b672 cpsid i + // in case the caller didn't already, but would just lead to a crash anyway + __disable_irq(); + + // "1=any code executed outside the protected segment will close the Firewall" + // "0=.. will reset the processor" + __HAL_FIREWALL_PREARM_DISABLE(); + 80003b4: 4baa ldr r3, [pc, #680] ; (8000660 ) + 80003b6: 6a19 ldr r1, [r3, #32] + 80003b8: f021 0101 bic.w r1, r1, #1 + 80003bc: 6219 str r1, [r3, #32] + 80003be: 6a1b ldr r3, [r3, #32] + 80003c0: f003 0301 and.w r3, r3, #1 + 80003c4: 9302 str r3, [sp, #8] + // using read/write in place. + // - use arg2 use when a simple number is needed; never a pointer! + // - mpy may provide a pointer to flash if we give it a qstr or small value, and if + // we're reading only, that's fine. + + if(len_in > 1024) { // arbitrary max, increase as needed + 80003c6: f5b2 6f80 cmp.w r2, #1024 ; 0x400 + __HAL_FIREWALL_PREARM_DISABLE(); + 80003ca: 9b02 ldr r3, [sp, #8] + if(len_in > 1024) { // arbitrary max, increase as needed + 80003cc: f300 82ee bgt.w 80009ac + + // Use these macros +#define REQUIRE_IN_ONLY(x) if((rv = good_addr(buf_io, (x), len_in, true))) { goto fail; } +#define REQUIRE_OUT(x) if((rv = good_addr(buf_io, (x), len_in, false))) { goto fail; } + + switch(method_num) { + 80003d0: 3001 adds r0, #1 + 80003d2: 281c cmp r0, #28 + 80003d4: f200 81c2 bhi.w 800075c + 80003d8: e8df f010 tbh [pc, r0, lsl #1] + 80003dc: 001d0304 .word 0x001d0304 + 80003e0: 00800034 .word 0x00800034 + 80003e4: 00db00bd .word 0x00db00bd + 80003e8: 01ff00fc .word 0x01ff00fc + 80003ec: 01c001c0 .word 0x01c001c0 + 80003f0: 01c001c0 .word 0x01c001c0 + 80003f4: 010401c0 .word 0x010401c0 + 80003f8: 01c001c0 .word 0x01c001c0 + 80003fc: 012e010f .word 0x012e010f + 8000400: 01730160 .word 0x01730160 + 8000404: 020301b7 .word 0x020301b7 + 8000408: 026b0212 .word 0x026b0212 + 800040c: 02c202ae .word 0x02c202ae + 8000410: 02da02ca .word 0x02da02ca + 8000414: 02f6 .short 0x02f6 + case 0: { + REQUIRE_OUT(64); + 8000416: 2300 movs r3, #0 + 8000418: 2140 movs r1, #64 ; 0x40 + 800041a: 4628 mov r0, r5 + 800041c: 9200 str r2, [sp, #0] + 800041e: f7ff ffa3 bl 8000368 + 8000422: 4604 mov r4, r0 + 8000424: bb48 cbnz r0, 800047a + + // Return my version string + memset(buf_io, 0, len_in); + 8000426: 4601 mov r1, r0 + 8000428: 9a00 ldr r2, [sp, #0] + 800042a: 4628 mov r0, r5 + 800042c: f00d fa6a bl 800d904 + strlcpy((char *)buf_io, version_string, len_in); + 8000430: 9a00 ldr r2, [sp, #0] + 8000432: 498c ldr r1, [pc, #560] ; (8000664 ) + 8000434: 4628 mov r0, r5 + 8000436: f00d fa83 bl 800d940 + + rv = strlen(version_string); + 800043a: 488a ldr r0, [pc, #552] ; (8000664 ) + 800043c: f00d fa95 bl 800d96a + ae_setup(); + ae_keep_alive(); + switch(arg2) { + default: + case 0: // read state + rv = ae_get_gpio(); + 8000440: 4604 mov r4, r0 + break; + 8000442: e01a b.n 800047a + REQUIRE_OUT(32); + 8000444: 2300 movs r3, #0 + 8000446: 2120 movs r1, #32 + 8000448: 4628 mov r0, r5 + 800044a: f7ff ff8d bl 8000368 + 800044e: 4604 mov r4, r0 + 8000450: b998 cbnz r0, 800047a + sha256_init(&ctx); + 8000452: a80b add r0, sp, #44 ; 0x2c + 8000454: f005 f998 bl 8005788 + sha256_update(&ctx, (void *)&arg2, 4); + 8000458: 2204 movs r2, #4 + 800045a: eb0d 0102 add.w r1, sp, r2 + 800045e: a80b add r0, sp, #44 ; 0x2c + 8000460: f005 f9a0 bl 80057a4 + sha256_update(&ctx, (void *)BL_FLASH_BASE, BL_FLASH_SIZE); + 8000464: f04f 6100 mov.w r1, #134217728 ; 0x8000000 + 8000468: a80b add r0, sp, #44 ; 0x2c + 800046a: f44f 32e0 mov.w r2, #114688 ; 0x1c000 + 800046e: f005 f999 bl 80057a4 + sha256_final(&ctx, buf_io); + 8000472: 4629 mov r1, r5 + 8000474: a80b add r0, sp, #44 ; 0x2c + 8000476: f005 f9db bl 8005830 + +fail: + + // Precaution: we don't want to leave ATECC508A authorized for any specific keys, + // perhaps due to an error path we didn't see. Always reset the chip. + ae_reset_chip(); + 800047a: f002 fb6d bl 8002b58 + + // Unlikely it matters, but clear flash memory cache. + __HAL_FLASH_DATA_CACHE_DISABLE(); + 800047e: 4b7a ldr r3, [pc, #488] ; (8000668 ) + 8000480: 681a ldr r2, [r3, #0] + 8000482: f422 6280 bic.w r2, r2, #1024 ; 0x400 + 8000486: 601a str r2, [r3, #0] + __HAL_FLASH_DATA_CACHE_RESET(); + 8000488: 681a ldr r2, [r3, #0] + 800048a: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 800048e: 601a str r2, [r3, #0] + 8000490: 681a ldr r2, [r3, #0] + 8000492: f422 5280 bic.w r2, r2, #4096 ; 0x1000 + 8000496: 601a str r2, [r3, #0] + __HAL_FLASH_DATA_CACHE_ENABLE(); + 8000498: 681a ldr r2, [r3, #0] + 800049a: f442 6280 orr.w r2, r2, #1024 ; 0x400 + 800049e: 601a str r2, [r3, #0] + + // .. and instruction memory (flash cache too?) + __HAL_FLASH_INSTRUCTION_CACHE_DISABLE(); + 80004a0: 681a ldr r2, [r3, #0] + 80004a2: f422 7200 bic.w r2, r2, #512 ; 0x200 + 80004a6: 601a str r2, [r3, #0] + __HAL_FLASH_INSTRUCTION_CACHE_RESET(); + 80004a8: 681a ldr r2, [r3, #0] + 80004aa: f442 6200 orr.w r2, r2, #2048 ; 0x800 + 80004ae: 601a str r2, [r3, #0] + 80004b0: 681a ldr r2, [r3, #0] + 80004b2: f422 6200 bic.w r2, r2, #2048 ; 0x800 + 80004b6: 601a str r2, [r3, #0] + __HAL_FLASH_INSTRUCTION_CACHE_ENABLE(); + 80004b8: 681a ldr r2, [r3, #0] + 80004ba: f442 7200 orr.w r2, r2, #512 ; 0x200 + 80004be: 601a str r2, [r3, #0] + + + // authorize return from firewall into user's code + __HAL_FIREWALL_PREARM_ENABLE(); + 80004c0: f5a3 3382 sub.w r3, r3, #66560 ; 0x10400 + + return rv; +} + 80004c4: 4620 mov r0, r4 + __HAL_FIREWALL_PREARM_ENABLE(); + 80004c6: 6a1a ldr r2, [r3, #32] + 80004c8: f042 0201 orr.w r2, r2, #1 + 80004cc: 621a str r2, [r3, #32] + 80004ce: 6a1b ldr r3, [r3, #32] + 80004d0: f003 0301 and.w r3, r3, #1 + 80004d4: 930b str r3, [sp, #44] ; 0x2c + 80004d6: 9b0b ldr r3, [sp, #44] ; 0x2c +} + 80004d8: b01e add sp, #120 ; 0x78 + 80004da: bd70 pop {r4, r5, r6, pc} +// Write bag number (probably a string) +void flash_save_bag_number(const uint8_t new_number[32]); + +// Are we operating in level2? +static inline bool flash_is_security_level2(void) { + rng_delay(); + 80004dc: f002 fa26 bl 800292c + return ((FLASH->OPTR & FLASH_OPTR_RDP_Msk) == 0xCC); + 80004e0: 4b61 ldr r3, [pc, #388] ; (8000668 ) + 80004e2: 6a1b ldr r3, [r3, #32] + 80004e4: b2db uxtb r3, r3 + 80004e6: f1a3 02cc sub.w r2, r3, #204 ; 0xcc + 80004ea: 4255 negs r5, r2 + 80004ec: 4155 adcs r5, r2 + switch(arg2) { + 80004ee: 9a01 ldr r2, [sp, #4] + 80004f0: 2a02 cmp r2, #2 + 80004f2: d01c beq.n 800052e + 80004f4: 2a03 cmp r2, #3 + 80004f6: d01f beq.n 8000538 + 80004f8: 2a01 cmp r2, #1 + 80004fa: d013 beq.n 8000524 + if(secure) { + 80004fc: 2bcc cmp r3, #204 ; 0xcc + 80004fe: f000 8222 beq.w 8000946 + puts("Die: DFU"); + 8000502: 485a ldr r0, [pc, #360] ; (800066c ) + scr = screen_upgrading; // was screen_dfu, but limited audience + 8000504: 4c5a ldr r4, [pc, #360] ; (8000670 ) + puts("Die: DFU"); + 8000506: f004 fdb5 bl 8005074 + bool secure = flash_is_security_level2(); + 800050a: 2500 movs r5, #0 + oled_setup(); + 800050c: f000 fc44 bl 8000d98 + oled_show(scr); + 8000510: 4620 mov r0, r4 + 8000512: f000 fdc1 bl 8001098 + wipe_all_sram(); + 8000516: f000 fa81 bl 8000a1c + psram_wipe(); + 800051a: f004 fed3 bl 80052c4 + if(secure) { + 800051e: b18d cbz r5, 8000544 + LOCKUP_FOREVER(); + 8000520: f003 fbbc bl 8003c9c + puts("Die: Downgrade"); + 8000524: 4853 ldr r0, [pc, #332] ; (8000674 ) + scr = screen_downgrade; + 8000526: 4c54 ldr r4, [pc, #336] ; (8000678 ) + puts("Die: Downgrade"); + 8000528: f004 fda4 bl 8005074 + break; + 800052c: e7ee b.n 800050c + puts("Die: Blankish"); + 800052e: 4853 ldr r0, [pc, #332] ; (800067c ) + scr = screen_blankish; + 8000530: 4c53 ldr r4, [pc, #332] ; (8000680 ) + puts("Die: Blankish"); + 8000532: f004 fd9f bl 8005074 + break; + 8000536: e7e9 b.n 800050c + puts("Die: Brick"); + 8000538: 4852 ldr r0, [pc, #328] ; (8000684 ) + scr = screen_brick; + 800053a: 4c53 ldr r4, [pc, #332] ; (8000688 ) + puts("Die: Brick"); + 800053c: f004 fd9a bl 8005074 + secure = true; // no point going into DFU, if even possible + 8000540: 2501 movs r5, #1 + break; + 8000542: e7e3 b.n 800050c + memcpy(dfu_flag->magic, REBOOT_TO_DFU, sizeof(dfu_flag->magic)); + 8000544: 4951 ldr r1, [pc, #324] ; (800068c ) + 8000546: 4a52 ldr r2, [pc, #328] ; (8000690 ) + 8000548: 6808 ldr r0, [r1, #0] + 800054a: 6849 ldr r1, [r1, #4] + 800054c: 4613 mov r3, r2 + 800054e: c303 stmia r3!, {r0, r1} + dfu_flag->screen = scr; + 8000550: 6094 str r4, [r2, #8] + NVIC_SystemReset(); + 8000552: f7ff fef7 bl 8000344 <__NVIC_SystemReset> + switch(arg2) { + 8000556: 9b01 ldr r3, [sp, #4] + 8000558: 2b02 cmp r3, #2 + 800055a: d002 beq.n 8000562 + 800055c: 2b03 cmp r3, #3 + 800055e: d016 beq.n 800058e + 8000560: b913 cbnz r3, 8000568 + oled_show(screen_logout); + 8000562: 484c ldr r0, [pc, #304] ; (8000694 ) + oled_show(screen_poweroff); + 8000564: f000 fd98 bl 8001098 + wipe_all_sram(); + 8000568: f000 fa58 bl 8000a1c + psram_wipe(); + 800056c: f004 feaa bl 80052c4 + if(arg2 == 3) { + 8000570: 9b01 ldr r3, [sp, #4] + 8000572: 2b03 cmp r3, #3 + 8000574: d104 bne.n 8000580 + delay_ms(100); + 8000576: 2064 movs r0, #100 ; 0x64 + 8000578: f003 fa96 bl 8003aa8 + turn_power_off(); + 800057c: f003 fb82 bl 8003c84 + if(arg2 == 2) { + 8000580: 9b01 ldr r3, [sp, #4] + 8000582: 2b02 cmp r3, #2 + 8000584: d1cc bne.n 8000520 + delay_ms(100); + 8000586: 2064 movs r0, #100 ; 0x64 + 8000588: f003 fa8e bl 8003aa8 + 800058c: e7e1 b.n 8000552 + oled_show(screen_poweroff); + 800058e: 4842 ldr r0, [pc, #264] ; (8000698 ) + 8000590: e7e8 b.n 8000564 + ae_setup(); + 8000592: f002 faef bl 8002b74 + ae_keep_alive(); + 8000596: f002 fb1f bl 8002bd8 + switch(arg2) { + 800059a: 9b01 ldr r3, [sp, #4] + 800059c: 2b02 cmp r3, #2 + 800059e: d00a beq.n 80005b6 + 80005a0: 2b03 cmp r3, #3 + 80005a2: d00a beq.n 80005ba + 80005a4: 2b01 cmp r3, #1 + 80005a6: d002 beq.n 80005ae + rv = ae_get_gpio(); + 80005a8: f003 f894 bl 80036d4 + 80005ac: e748 b.n 8000440 + rv = ae_set_gpio(0); + 80005ae: 2000 movs r0, #0 + rv = ae_set_gpio(1); + 80005b0: f003 f862 bl 8003678 + 80005b4: e744 b.n 8000440 + 80005b6: 2001 movs r0, #1 + 80005b8: e7fa b.n 80005b0 + checksum_flash(fw_digest, world_digest, 0); + 80005ba: 2200 movs r2, #0 + 80005bc: a90b add r1, sp, #44 ; 0x2c + 80005be: a803 add r0, sp, #12 + 80005c0: f001 fb3e bl 8001c40 + rv = ae_set_gpio_secure(world_digest); + 80005c4: a80b add r0, sp, #44 ; 0x2c + 80005c6: f003 f86d bl 80036a4 + 80005ca: 4604 mov r4, r0 + oled_show(screen_blankish); + 80005cc: 482c ldr r0, [pc, #176] ; (8000680 ) + 80005ce: f000 fd63 bl 8001098 + break; + 80005d2: e752 b.n 800047a + ae_setup(); + 80005d4: f002 face bl 8002b74 + rv = (ae_pair_unlock() != 0); + 80005d8: f002 fcc2 bl 8002f60 + 80005dc: 1e04 subs r4, r0, #0 + 80005de: bf18 it ne + 80005e0: 2401 movne r4, #1 + break; + 80005e2: e74a b.n 800047a + REQUIRE_OUT(1); + 80005e4: 2300 movs r3, #0 + 80005e6: 2101 movs r1, #1 + 80005e8: 4628 mov r0, r5 + 80005ea: f7ff febd bl 8000368 + 80005ee: 4604 mov r4, r0 + 80005f0: 2800 cmp r0, #0 + 80005f2: f47f af42 bne.w 800047a + buf_io[0] = 0; // NOT SUPPORTED on Mk4 + 80005f6: 7028 strb r0, [r5, #0] + break; + 80005f8: e73f b.n 800047a + if(len_in != 4 && len_in != 32 && len_in != 72) { + 80005fa: 2a04 cmp r2, #4 + 80005fc: d004 beq.n 8000608 + 80005fe: 2a20 cmp r2, #32 + 8000600: d002 beq.n 8000608 + 8000602: 2a48 cmp r2, #72 ; 0x48 + 8000604: f040 81d2 bne.w 80009ac + REQUIRE_OUT(4); + 8000608: 2300 movs r3, #0 + 800060a: 2104 movs r1, #4 + 800060c: 4628 mov r0, r5 + 800060e: 9200 str r2, [sp, #0] + 8000610: f7ff feaa bl 8000368 + 8000614: 4604 mov r4, r0 + 8000616: 2800 cmp r0, #0 + 8000618: f47f af2f bne.w 800047a + ae_setup(); + 800061c: f002 faaa bl 8002b74 + if(ae_read_data_slot(arg2 & 0xf, buf_io, len_in)) { + 8000620: 9801 ldr r0, [sp, #4] + 8000622: 9a00 ldr r2, [sp, #0] + 8000624: 4629 mov r1, r5 + 8000626: f000 000f and.w r0, r0, #15 + 800062a: f002 ffdf bl 80035ec + if(rv) { + 800062e: 2800 cmp r0, #0 + 8000630: f000 80d3 beq.w 80007da + rv = EIO; + 8000634: 2405 movs r4, #5 + 8000636: e720 b.n 800047a + REQUIRE_OUT(MAX_PIN_LEN); + 8000638: 2300 movs r3, #0 + 800063a: 2120 movs r1, #32 + 800063c: 4628 mov r0, r5 + 800063e: f7ff fe93 bl 8000368 + 8000642: 4604 mov r4, r0 + 8000644: 2800 cmp r0, #0 + 8000646: f47f af18 bne.w 800047a + if((arg2 < 1) || (arg2 > MAX_PIN_LEN)) { + 800064a: 9901 ldr r1, [sp, #4] + 800064c: 1e4b subs r3, r1, #1 + 800064e: 2b1f cmp r3, #31 + 8000650: f200 81ac bhi.w 80009ac + if(pin_prefix_words((char *)buf_io, arg2, (uint32_t *)buf_io)) { + 8000654: 462a mov r2, r5 + 8000656: 4628 mov r0, r5 + 8000658: f003 fdc2 bl 80041e0 + 800065c: e7e7 b.n 800062e + 800065e: bf00 nop + 8000660: 40011c00 .word 0x40011c00 + 8000664: 080107a0 .word 0x080107a0 + 8000668: 40022000 .word 0x40022000 + 800066c: 0800d996 .word 0x0800d996 + 8000670: 0800ff39 .word 0x0800ff39 + 8000674: 0800d99f .word 0x0800d99f + 8000678: 0800e2f6 .word 0x0800e2f6 + 800067c: 0800d9ae .word 0x0800d9ae + 8000680: 0800da4c .word 0x0800da4c + 8000684: 0800d9bc .word 0x0800d9bc + 8000688: 0800da65 .word 0x0800da65 + 800068c: 0800d9c7 .word 0x0800d9c7 + 8000690: 20008000 .word 0x20008000 + 8000694: 0800e5fc .word 0x0800e5fc + 8000698: 0800e75d .word 0x0800e75d + REQUIRE_OUT(32); + 800069c: 2300 movs r3, #0 + 800069e: 2120 movs r1, #32 + 80006a0: 4628 mov r0, r5 + 80006a2: f7ff fe61 bl 8000368 + 80006a6: 4604 mov r4, r0 + 80006a8: 2800 cmp r0, #0 + 80006aa: f47f aee6 bne.w 800047a + memset(buf_io, 0x55, 32); // to help show errors + 80006ae: 2220 movs r2, #32 + 80006b0: 2155 movs r1, #85 ; 0x55 + 80006b2: 4628 mov r0, r5 + 80006b4: f00d f926 bl 800d904 + rng_buffer(buf_io, 32); + 80006b8: 2120 movs r1, #32 + 80006ba: 4628 mov r0, r5 + 80006bc: f002 f920 bl 8002900 + break; + 80006c0: e6db b.n 800047a + REQUIRE_OUT(PIN_ATTEMPT_SIZE_V2); + 80006c2: 2300 movs r3, #0 + 80006c4: f44f 718c mov.w r1, #280 ; 0x118 + 80006c8: 4628 mov r0, r5 + 80006ca: 9200 str r2, [sp, #0] + 80006cc: f7ff fe4c bl 8000368 + 80006d0: 4604 mov r4, r0 + 80006d2: 2800 cmp r0, #0 + 80006d4: f47f aed1 bne.w 800047a + switch(arg2) { + 80006d8: e9dd 2300 ldrd r2, r3, [sp] + 80006dc: 2b08 cmp r3, #8 + 80006de: d83d bhi.n 800075c + 80006e0: e8df f003 tbb [pc, r3] + 80006e4: 110d0905 .word 0x110d0905 + 80006e8: 221d1915 .word 0x221d1915 + 80006ec: 26 .byte 0x26 + 80006ed: 00 .byte 0x00 + rv = pin_setup_attempt(args); + 80006ee: 4628 mov r0, r5 + 80006f0: f003 fd94 bl 800421c + 80006f4: e6a4 b.n 8000440 + rv = pin_delay(args); + 80006f6: 4628 mov r0, r5 + 80006f8: f003 fdfe bl 80042f8 + 80006fc: e6a0 b.n 8000440 + rv = pin_login_attempt(args); + 80006fe: 4628 mov r0, r5 + 8000700: f003 fdfc bl 80042fc + 8000704: e69c b.n 8000440 + rv = pin_change(args); + 8000706: 4628 mov r0, r5 + 8000708: f003 fefa bl 8004500 + 800070c: e698 b.n 8000440 + rv = pin_fetch_secret(args); + 800070e: 4628 mov r0, r5 + 8000710: f003 ffae bl 8004670 + 8000714: e694 b.n 8000440 + rv = pin_firmware_greenlight(args); + 8000716: 4628 mov r0, r5 + 8000718: f004 f96a bl 80049f0 + 800071c: e690 b.n 8000440 + rv = pin_long_secret(args, NULL); + 800071e: 2100 movs r1, #0 + rv = pin_long_secret(args, &buf_io[PIN_ATTEMPT_SIZE_V2]); + 8000720: 4628 mov r0, r5 + 8000722: f004 f8a7 bl 8004874 + 8000726: e68b b.n 8000440 + rv = pin_firmware_upgrade(args); + 8000728: 4628 mov r0, r5 + 800072a: f004 f9a1 bl 8004a70 + 800072e: e687 b.n 8000440 + REQUIRE_OUT(PIN_ATTEMPT_SIZE_V2 + AE_LONG_SECRET_LEN); + 8000730: 2300 movs r3, #0 + 8000732: f44f 712e mov.w r1, #696 ; 0x2b8 + 8000736: 4628 mov r0, r5 + 8000738: f7ff fe16 bl 8000368 + 800073c: 4604 mov r4, r0 + 800073e: 2800 cmp r0, #0 + 8000740: f47f ae9b bne.w 800047a + rv = pin_long_secret(args, &buf_io[PIN_ATTEMPT_SIZE_V2]); + 8000744: f505 718c add.w r1, r5, #280 ; 0x118 + 8000748: e7ea b.n 8000720 + switch(arg2) { + 800074a: 9b01 ldr r3, [sp, #4] + 800074c: 2b64 cmp r3, #100 ; 0x64 + 800074e: d041 beq.n 80007d4 + 8000750: d806 bhi.n 8000760 + 8000752: 2b01 cmp r3, #1 + 8000754: d01e beq.n 8000794 + 8000756: 2b02 cmp r3, #2 + 8000758: d028 beq.n 80007ac + 800075a: b13b cbz r3, 800076c + 800075c: 2402 movs r4, #2 + 800075e: e68c b.n 800047a + 8000760: 2b65 cmp r3, #101 ; 0x65 + 8000762: d03c beq.n 80007de + 8000764: 2b66 cmp r3, #102 ; 0x66 + 8000766: d1f9 bne.n 800075c + flash_lockdown_hard(OB_RDP_LEVEL_2); // No change possible after this. + 8000768: 20cc movs r0, #204 ; 0xcc + 800076a: e034 b.n 80007d6 + REQUIRE_OUT(32); + 800076c: 2120 movs r1, #32 + 800076e: 4628 mov r0, r5 + 8000770: f7ff fdfa bl 8000368 + 8000774: 4604 mov r4, r0 + 8000776: 2800 cmp r0, #0 + 8000778: f47f ae7f bne.w 800047a + memcpy(buf_io, rom_secrets->bag_number, 32); + 800077c: 4aa0 ldr r2, [pc, #640] ; (8000a00 ) + 800077e: 4ea1 ldr r6, [pc, #644] ; (8000a04 ) + 8000780: 4613 mov r3, r2 + 8000782: cb03 ldmia r3!, {r0, r1} + 8000784: 42b3 cmp r3, r6 + 8000786: 6028 str r0, [r5, #0] + 8000788: 6069 str r1, [r5, #4] + 800078a: 461a mov r2, r3 + 800078c: f105 0508 add.w r5, r5, #8 + 8000790: d1f6 bne.n 8000780 + 8000792: e672 b.n 800047a + REQUIRE_IN_ONLY(32); + 8000794: 2120 movs r1, #32 + 8000796: 4628 mov r0, r5 + 8000798: f7ff fde6 bl 8000368 + 800079c: 4604 mov r4, r0 + 800079e: 2800 cmp r0, #0 + 80007a0: f47f ae6b bne.w 800047a + flash_save_bag_number(buf_io); + 80007a4: 4628 mov r0, r5 + 80007a6: f001 fd8f bl 80022c8 + break; + 80007aa: e666 b.n 800047a + REQUIRE_OUT(1); + 80007ac: 2300 movs r3, #0 + 80007ae: 2101 movs r1, #1 + 80007b0: 4628 mov r0, r5 + 80007b2: f7ff fdd9 bl 8000368 + 80007b6: 4604 mov r4, r0 + 80007b8: 2800 cmp r0, #0 + 80007ba: f47f ae5e bne.w 800047a + rng_delay(); + 80007be: f002 f8b5 bl 800292c + return ((FLASH->OPTR & FLASH_OPTR_RDP_Msk) == 0xCC); + 80007c2: 4b91 ldr r3, [pc, #580] ; (8000a08 ) + 80007c4: 6a1b ldr r3, [r3, #32] + 80007c6: b2db uxtb r3, r3 + buf_io[0] = (flash_is_security_level2() ? 2 : 0xff); + 80007c8: 2bcc cmp r3, #204 ; 0xcc + 80007ca: bf0c ite eq + 80007cc: 2302 moveq r3, #2 + 80007ce: 23ff movne r3, #255 ; 0xff + buf_io[0] = 32; + 80007d0: 702b strb r3, [r5, #0] + break; + 80007d2: e652 b.n 800047a + flash_lockdown_hard(OB_RDP_LEVEL_0); // wipes contents of flash (1->0) + 80007d4: 20aa movs r0, #170 ; 0xaa + flash_lockdown_hard(OB_RDP_LEVEL_2); // No change possible after this. + 80007d6: f001 feaf bl 8002538 + int rv = 0; + 80007da: 2400 movs r4, #0 + break; + 80007dc: e64d b.n 800047a + flash_lockdown_hard(OB_RDP_LEVEL_1); // Can only do 0->1 (experiments) + 80007de: 20bb movs r0, #187 ; 0xbb + 80007e0: e7f9 b.n 80007d6 + REQUIRE_OUT(128); + 80007e2: 2300 movs r3, #0 + 80007e4: 2180 movs r1, #128 ; 0x80 + 80007e6: 4628 mov r0, r5 + 80007e8: f7ff fdbe bl 8000368 + 80007ec: 4604 mov r4, r0 + 80007ee: 2800 cmp r0, #0 + 80007f0: f47f ae43 bne.w 800047a + ae_setup(); + 80007f4: f002 f9be bl 8002b74 + rv = ae_config_read(buf_io); + 80007f8: 4628 mov r0, r5 + 80007fa: f002 ffbc bl 8003776 + 80007fe: e716 b.n 800062e + switch(arg2) { + 8000800: 9b01 ldr r3, [sp, #4] + 8000802: 2b03 cmp r3, #3 + 8000804: d8aa bhi.n 800075c + 8000806: e8df f003 tbb [pc, r3] + 800080a: 0f02 .short 0x0f02 + 800080c: 441d .short 0x441d + REQUIRE_OUT(8); + 800080e: 2300 movs r3, #0 + 8000810: 2108 movs r1, #8 + 8000812: 4628 mov r0, r5 + 8000814: f7ff fda8 bl 8000368 + 8000818: 4604 mov r4, r0 + 800081a: 2800 cmp r0, #0 + 800081c: f47f ae2d bne.w 800047a + get_min_version(buf_io); + 8000820: 4628 mov r0, r5 + 8000822: f001 fa9d bl 8001d60 + break; + 8000826: e628 b.n 800047a + REQUIRE_IN_ONLY(8); + 8000828: 2301 movs r3, #1 + 800082a: 2108 movs r1, #8 + 800082c: 4628 mov r0, r5 + 800082e: f7ff fd9b bl 8000368 + 8000832: 4604 mov r4, r0 + 8000834: 2800 cmp r0, #0 + 8000836: f47f ae20 bne.w 800047a + rv = check_is_downgrade(buf_io, NULL); + 800083a: 4601 mov r1, r0 + 800083c: 4628 mov r0, r5 + 800083e: f001 faaf bl 8001da0 + 8000842: e5fd b.n 8000440 + REQUIRE_IN_ONLY(8); + 8000844: 2301 movs r3, #1 + 8000846: 2108 movs r1, #8 + 8000848: 4628 mov r0, r5 + 800084a: f7ff fd8d bl 8000368 + 800084e: 4604 mov r4, r0 + 8000850: 2800 cmp r0, #0 + 8000852: f47f ae12 bne.w 800047a + if(buf_io[0] < 0x10 || buf_io[0] >= 0x40) { + 8000856: 782b ldrb r3, [r5, #0] + 8000858: 3b10 subs r3, #16 + rv = ERANGE; + 800085a: 2b2f cmp r3, #47 ; 0x2f + } if(check_is_downgrade(buf_io, NULL)) { + 800085c: 4601 mov r1, r0 + 800085e: 4628 mov r0, r5 + rv = ERANGE; + 8000860: bf88 it hi + 8000862: 2422 movhi r4, #34 ; 0x22 + } if(check_is_downgrade(buf_io, NULL)) { + 8000864: f001 fa9c bl 8001da0 + 8000868: 2800 cmp r0, #0 + 800086a: f040 80c7 bne.w 80009fc + get_min_version(min); + 800086e: a80b add r0, sp, #44 ; 0x2c + 8000870: f001 fa76 bl 8001d60 + if(memcmp(min, buf_io, 8) == 0) { + 8000874: 2208 movs r2, #8 + 8000876: 4629 mov r1, r5 + 8000878: a80b add r0, sp, #44 ; 0x2c + 800087a: f00d f825 bl 800d8c8 + 800087e: 2800 cmp r0, #0 + 8000880: f000 80bc beq.w 80009fc + if(record_highwater_version(buf_io)) { + 8000884: 4628 mov r0, r5 + 8000886: f001 fe71 bl 800256c + rv = ENOMEM; + 800088a: 2800 cmp r0, #0 + 800088c: bf18 it ne + 800088e: 240c movne r4, #12 + 8000890: e5f3 b.n 800047a + REQUIRE_OUT(4); + 8000892: 2300 movs r3, #0 + 8000894: 2104 movs r1, #4 + 8000896: 4628 mov r0, r5 + 8000898: f7ff fd66 bl 8000368 + 800089c: 4604 mov r4, r0 + 800089e: 2800 cmp r0, #0 + 80008a0: f47f adeb bne.w 800047a + ae_setup(); + 80008a4: f002 f966 bl 8002b74 + rv = ae_get_counter((uint32_t *)buf_io, 0) ? EIO: 0; + 80008a8: 4621 mov r1, r4 + 80008aa: 4628 mov r0, r5 + 80008ac: f002 fd53 bl 8003356 + 80008b0: e6bd b.n 800062e + REQUIRE_OUT(PIN_ATTEMPT_SIZE_V2 + sizeof(trick_slot_t)); + 80008b2: 2300 movs r3, #0 + 80008b4: f44f 71cc mov.w r1, #408 ; 0x198 + 80008b8: 4628 mov r0, r5 + 80008ba: f7ff fd55 bl 8000368 + 80008be: 4604 mov r4, r0 + 80008c0: 2800 cmp r0, #0 + 80008c2: f47f adda bne.w 800047a + rv = pin_check_logged_in(args, &trick_mode); + 80008c6: a90b add r1, sp, #44 ; 0x2c + 80008c8: 4628 mov r0, r5 + 80008ca: f003 fde7 bl 800449c + if(rv) goto fail; + 80008ce: 4604 mov r4, r0 + 80008d0: 2800 cmp r0, #0 + 80008d2: f47f add2 bne.w 800047a + if(trick_mode) { + 80008d6: f89d 302c ldrb.w r3, [sp, #44] ; 0x2c + 80008da: b10b cbz r3, 80008e0 + mcu_key_clear(NULL); + 80008dc: f001 fe94 bl 8002608 + switch(arg2) { + 80008e0: 9b01 ldr r3, [sp, #4] + 80008e2: 2b01 cmp r3, #1 + trick_slot_t *slot = (trick_slot_t *)(&buf_io[PIN_ATTEMPT_SIZE_V2]); + 80008e4: f505 728c add.w r2, r5, #280 ; 0x118 + switch(arg2) { + 80008e8: d00c beq.n 8000904 + 80008ea: 2b02 cmp r3, #2 + 80008ec: d01b beq.n 8000926 + 80008ee: 2b00 cmp r3, #0 + 80008f0: f47f af34 bne.w 800075c + if(!trick_mode) { + 80008f4: f89d 302c ldrb.w r3, [sp, #44] ; 0x2c + 80008f8: 2b00 cmp r3, #0 + 80008fa: f47f adbe bne.w 800047a + se2_clear_tricks(); + 80008fe: f007 fb8f bl 8008020 + 8000902: e5ba b.n 800047a + if(trick_mode) { + 8000904: f89d 102c ldrb.w r1, [sp, #44] ; 0x2c + 8000908: 2900 cmp r1, #0 + 800090a: f47f af27 bne.w 800075c + if(slot->pin_len > 16) { + 800090e: f8d5 1170 ldr.w r1, [r5, #368] ; 0x170 + 8000912: 2910 cmp r1, #16 + 8000914: dc4a bgt.n 80009ac + if(se2_test_trick_pin(slot->pin, slot->pin_len, slot, true)) { + 8000916: f505 70b0 add.w r0, r5, #352 ; 0x160 + 800091a: f007 fbe7 bl 80080ec + 800091e: 2800 cmp r0, #0 + 8000920: f47f adab bne.w 800047a + 8000924: e71a b.n 800075c + if(!trick_mode) { + 8000926: f89d 302c ldrb.w r3, [sp, #44] ; 0x2c + 800092a: 2b00 cmp r3, #0 + 800092c: f47f ada5 bne.w 800047a + rv = se2_save_trick(slot); + 8000930: 4610 mov r0, r2 + 8000932: f007 fcf3 bl 800831c + 8000936: e583 b.n 8000440 + if(arg2 == 0xBeef) { + 8000938: 9b01 ldr r3, [sp, #4] + 800093a: f64b 62ef movw r2, #48879 ; 0xbeef + 800093e: 4293 cmp r3, r2 + 8000940: d103 bne.n 800094a + fast_wipe(); + 8000942: f001 ff53 bl 80027ec + rv = EPERM; + 8000946: 2401 movs r4, #1 + 8000948: e597 b.n 800047a + } else if(arg2 == 0xDead) { + 800094a: f64d 62ad movw r2, #57005 ; 0xdead + 800094e: 4293 cmp r3, r2 + 8000950: d1f9 bne.n 8000946 + mcu_key_clear(NULL); + 8000952: 2000 movs r0, #0 + 8000954: f001 fe58 bl 8002608 + oled_show(screen_wiped); + 8000958: 482c ldr r0, [pc, #176] ; (8000a0c ) + 800095a: f000 fb9d bl 8001098 + 800095e: e5df b.n 8000520 + if(arg2 == 0xDead) fast_brick(); + 8000960: 9a01 ldr r2, [sp, #4] + 8000962: f64d 63ad movw r3, #57005 ; 0xdead + 8000966: 429a cmp r2, r3 + 8000968: d1ed bne.n 8000946 + 800096a: f001 ff11 bl 8002790 + 800096e: e7ea b.n 8000946 + REQUIRE_OUT(8); + 8000970: 2300 movs r3, #0 + 8000972: 2108 movs r1, #8 + 8000974: 4628 mov r0, r5 + 8000976: f7ff fcf7 bl 8000368 + 800097a: 4604 mov r4, r0 + 800097c: 2800 cmp r0, #0 + 800097e: f47f ad7c bne.w 800047a + mcu_key_usage(avail, consumed, total); + 8000982: f105 0208 add.w r2, r5, #8 + 8000986: 1d29 adds r1, r5, #4 + 8000988: 4628 mov r0, r5 + 800098a: f001 fe6b bl 8002664 + break; + 800098e: e574 b.n 800047a + REQUIRE_OUT(33); + 8000990: 2300 movs r3, #0 + 8000992: 2121 movs r1, #33 ; 0x21 + 8000994: 4628 mov r0, r5 + 8000996: f7ff fce7 bl 8000368 + 800099a: 4604 mov r4, r0 + 800099c: 2800 cmp r0, #0 + 800099e: f47f ad6c bne.w 800047a + switch(arg2) { + 80009a2: 9b01 ldr r3, [sp, #4] + 80009a4: 2b01 cmp r3, #1 + 80009a6: d003 beq.n 80009b0 + 80009a8: 2b02 cmp r3, #2 + 80009aa: d008 beq.n 80009be + rv = ERANGE; + 80009ac: 2422 movs r4, #34 ; 0x22 + 80009ae: e564 b.n 800047a + ae_setup(); + 80009b0: f002 f8e0 bl 8002b74 + ae_secure_random(&buf_io[1]); + 80009b4: 1c68 adds r0, r5, #1 + 80009b6: f002 fc45 bl 8003244 + buf_io[0] = 32; + 80009ba: 2320 movs r3, #32 + 80009bc: e708 b.n 80007d0 + se2_read_rng(&buf_io[1]); + 80009be: 1c68 adds r0, r5, #1 + 80009c0: f007 fe90 bl 80086e4 + buf_io[0] = 8; + 80009c4: 2308 movs r3, #8 + 80009c6: e703 b.n 80007d0 + REQUIRE_OUT(80); + 80009c8: 2300 movs r3, #0 + 80009ca: 2150 movs r1, #80 ; 0x50 + 80009cc: 4628 mov r0, r5 + 80009ce: f7ff fccb bl 8000368 + 80009d2: 4604 mov r4, r0 + 80009d4: 2800 cmp r0, #0 + 80009d6: f47f ad50 bne.w 800047a + strcpy((char *)buf_io, "ATECC608B\nDS28C36B"); + 80009da: 490d ldr r1, [pc, #52] ; (8000a10 ) + 80009dc: 4628 mov r0, r5 + 80009de: f00c ffa7 bl 800d930 + break; + 80009e2: e54a b.n 800047a + if(incoming_lr <= BL_FLASH_BASE || incoming_lr >= (uint32_t)&firewall_starts) { + 80009e4: f1b4 6f00 cmp.w r4, #134217728 ; 0x8000000 + 80009e8: d902 bls.n 80009f0 + 80009ea: 4b0a ldr r3, [pc, #40] ; (8000a14 ) + 80009ec: 429c cmp r4, r3 + 80009ee: d302 bcc.n 80009f6 + fatal_error("LR"); + 80009f0: 4809 ldr r0, [pc, #36] ; (8000a18 ) + 80009f2: f000 f833 bl 8000a5c + system_startup(); + 80009f6: f000 f88f bl 8000b18 + break; + 80009fa: e6ee b.n 80007da + rv = EAGAIN; + 80009fc: 240b movs r4, #11 + 80009fe: e53c b.n 800047a + 8000a00: 0801c050 .word 0x0801c050 + 8000a04: 0801c070 .word 0x0801c070 + 8000a08: 40022000 .word 0x40022000 + 8000a0c: 08010178 .word 0x08010178 + 8000a10: 0800d9d0 .word 0x0800d9d0 + 8000a14: 08000300 .word 0x08000300 + 8000a18: 0800d9e3 .word 0x0800d9e3 + +08000a1c : +// + static inline void +memset4(uint32_t *dest, uint32_t value, uint32_t byte_len) +{ + for(; byte_len; byte_len-=4, dest++) { + *dest = value; + 8000a1c: 4a0a ldr r2, [pc, #40] ; (8000a48 ) + for(; byte_len; byte_len-=4, dest++) { + 8000a1e: 490b ldr r1, [pc, #44] ; (8000a4c ) + +// wipe_all_sram() +// + void +wipe_all_sram(void) +{ + 8000a20: f04f 5300 mov.w r3, #536870912 ; 0x20000000 + *dest = value; + 8000a24: f843 2b04 str.w r2, [r3], #4 + for(; byte_len; byte_len-=4, dest++) { + 8000a28: 428b cmp r3, r1 + 8000a2a: d1fb bne.n 8000a24 + 8000a2c: 4908 ldr r1, [pc, #32] ; (8000a50 ) + 8000a2e: f04f 5380 mov.w r3, #268435456 ; 0x10000000 + *dest = value; + 8000a32: f843 2b04 str.w r2, [r3], #4 + for(; byte_len; byte_len-=4, dest++) { + 8000a36: 428b cmp r3, r1 + 8000a38: d1fb bne.n 8000a32 + 8000a3a: 4b06 ldr r3, [pc, #24] ; (8000a54 ) + 8000a3c: 4906 ldr r1, [pc, #24] ; (8000a58 ) + *dest = value; + 8000a3e: f843 2b04 str.w r2, [r3], #4 + for(; byte_len; byte_len-=4, dest++) { + 8000a42: 428b cmp r3, r1 + 8000a44: d1fb bne.n 8000a3e + STATIC_ASSERT((SRAM3_BASE + SRAM3_SIZE) - BL_SRAM_BASE == 8192); + + memset4((void *)SRAM1_BASE, noise, SRAM1_SIZE_MAX); + memset4((void *)SRAM2_BASE, noise, SRAM2_SIZE); + memset4((void *)SRAM3_BASE, noise, SRAM3_SIZE - (BL_SRAM_BASE - SRAM3_BASE)); +} + 8000a46: 4770 bx lr + 8000a48: deadbeef .word 0xdeadbeef + 8000a4c: 20030000 .word 0x20030000 + 8000a50: 10010000 .word 0x10010000 + 8000a54: 20040000 .word 0x20040000 + 8000a58: 20042000 .word 0x20042000 + +08000a5c : + +// fatal_error(const char *msg) +// + void __attribute__((noreturn)) +fatal_error(const char *msgvoid) +{ + 8000a5c: b508 push {r3, lr} + oled_setup(); + 8000a5e: f000 f99b bl 8000d98 + oled_show(screen_fatal); + 8000a62: 4802 ldr r0, [pc, #8] ; (8000a6c ) + 8000a64: f000 fb18 bl 8001098 + BREAKPOINT; +#endif + + // Maybe should do a reset after a delay, like with + // the watchdog timer or something. + LOCKUP_FOREVER(); + 8000a68: f003 f918 bl 8003c9c + 8000a6c: 0800e591 .word 0x0800e591 + +08000a70 : + +// fatal_mitm() +// + void __attribute__((noreturn)) +fatal_mitm(void) +{ + 8000a70: b508 push {r3, lr} + oled_setup(); + 8000a72: f000 f991 bl 8000d98 + oled_show(screen_mitm); + 8000a76: 4803 ldr r0, [pc, #12] ; (8000a84 ) + 8000a78: f000 fb0e bl 8001098 + +#ifdef RELEASE + wipe_all_sram(); + 8000a7c: f7ff ffce bl 8000a1c +#endif + + LOCKUP_FOREVER(); + 8000a80: f003 f90c bl 8003c9c + 8000a84: 0800e71b .word 0x0800e71b + +08000a88 : + +// enter_dfu() +// + void __attribute__((noreturn)) +enter_dfu(void) +{ + 8000a88: b507 push {r0, r1, r2, lr} + puts("enter_dfu()"); + 8000a8a: 481f ldr r0, [pc, #124] ; (8000b08 ) + 8000a8c: f004 faf2 bl 8005074 + + // clear the green light, if set + ae_setup(); + 8000a90: f002 f870 bl 8002b74 + ae_set_gpio(0); + 8000a94: 2000 movs r0, #0 + 8000a96: f002 fdef bl 8003678 + + // Reset huge parts of the chip + __HAL_RCC_APB1_FORCE_RESET(); + 8000a9a: 4b1c ldr r3, [pc, #112] ; (8000b0c ) + 8000a9c: f04f 31ff mov.w r1, #4294967295 ; 0xffffffff + __HAL_RCC_APB1_RELEASE_RESET(); + 8000aa0: 2200 movs r2, #0 + __HAL_RCC_APB1_FORCE_RESET(); + 8000aa2: 6399 str r1, [r3, #56] ; 0x38 + 8000aa4: 63d9 str r1, [r3, #60] ; 0x3c + __HAL_RCC_APB1_RELEASE_RESET(); + 8000aa6: 639a str r2, [r3, #56] ; 0x38 + 8000aa8: 63da str r2, [r3, #60] ; 0x3c + + __HAL_RCC_APB2_FORCE_RESET(); + 8000aaa: 6419 str r1, [r3, #64] ; 0x40 + __HAL_RCC_APB2_RELEASE_RESET(); + 8000aac: 641a str r2, [r3, #64] ; 0x40 + + __HAL_RCC_AHB1_FORCE_RESET(); + 8000aae: 6299 str r1, [r3, #40] ; 0x28 + __HAL_RCC_AHB1_RELEASE_RESET(); + 8000ab0: 629a str r2, [r3, #40] ; 0x28 + // But not this; it borks things. + __HAL_RCC_AHB2_FORCE_RESET(); + __HAL_RCC_AHB2_RELEASE_RESET(); +#endif + + __HAL_RCC_AHB3_FORCE_RESET(); + 8000ab2: 6319 str r1, [r3, #48] ; 0x30 + __HAL_RCC_AHB3_RELEASE_RESET(); + 8000ab4: 631a str r2, [r3, #48] ; 0x30 + + __HAL_FIREWALL_PREARM_ENABLE(); + 8000ab6: f5a3 4374 sub.w r3, r3, #62464 ; 0xf400 + 8000aba: 6a1a ldr r2, [r3, #32] + 8000abc: f042 0201 orr.w r2, r2, #1 + 8000ac0: 621a str r2, [r3, #32] + 8000ac2: 6a1b ldr r3, [r3, #32] + 8000ac4: f003 0301 and.w r3, r3, #1 + 8000ac8: 9301 str r3, [sp, #4] + 8000aca: 9b01 ldr r3, [sp, #4] + + // Wipe all of memory SRAM, just in case + // there is some way to trick us into DFU + // after sensitive content in place. + wipe_all_sram(); + 8000acc: f7ff ffa6 bl 8000a1c + rng_delay(); + 8000ad0: f001 ff2c bl 800292c + return ((FLASH->OPTR & FLASH_OPTR_RDP_Msk) == 0xCC); + 8000ad4: 4b0e ldr r3, [pc, #56] ; (8000b10 ) + 8000ad6: 6a1b ldr r3, [r3, #32] + 8000ad8: b2db uxtb r3, r3 + + if(flash_is_security_level2()) { + 8000ada: 2bcc cmp r3, #204 ; 0xcc + 8000adc: d101 bne.n 8000ae2 + // cannot do DFU in RDP=2, so just die. Helps to preserve screen + LOCKUP_FOREVER(); + 8000ade: f003 f8dd bl 8003c9c + } + + // Reset clocks. + HAL_RCC_DeInit(); + 8000ae2: f007 ff3d bl 8008960 + + // move system ROM into 0x0 + __HAL_SYSCFG_REMAPMEMORY_SYSTEMFLASH(); + 8000ae6: 4a0b ldr r2, [pc, #44] ; (8000b14 ) + 8000ae8: 6813 ldr r3, [r2, #0] + 8000aea: f023 0307 bic.w r3, r3, #7 + 8000aee: f043 0301 orr.w r3, r3, #1 + 8000af2: 6013 str r3, [r2, #0] + + // need this here?! + asm("nop; nop; nop; nop;"); + 8000af4: bf00 nop + 8000af6: bf00 nop + 8000af8: bf00 nop + 8000afa: bf00 nop + + // simulate a reset vector + __ASM volatile ("movs r0, #0\n" + 8000afc: 2000 movs r0, #0 + 8000afe: 6803 ldr r3, [r0, #0] + 8000b00: f383 8808 msr MSP, r3 + 8000b04: 6843 ldr r3, [r0, #4] + 8000b06: 4798 blx r3 + "ldr r3, [r0, #4]\n" + "blx r3" + : : : "r0", "r3"); // also SP + + // NOT-REACHED. + __builtin_unreachable(); + 8000b08: 0800d9e6 .word 0x0800d9e6 + 8000b0c: 40021000 .word 0x40021000 + 8000b10: 40022000 .word 0x40022000 + 8000b14: 40010000 .word 0x40010000 + +08000b18 : +{ + 8000b18: b510 push {r4, lr} + system_init0(); + 8000b1a: f001 fa77 bl 800200c + clocks_setup(); + 8000b1e: f001 fa97 bl 8002050 + rng_setup(); // needs to be super early + 8000b22: f001 fec1 bl 80028a8 + rng_delay(); + 8000b26: f001 ff01 bl 800292c + if(!check_all_ones(rom_secrets->bag_number, sizeof(rom_secrets->bag_number)) + 8000b2a: 4838 ldr r0, [pc, #224] ; (8000c0c ) + 8000b2c: 2120 movs r1, #32 + 8000b2e: f001 fe7f bl 8002830 + 8000b32: b948 cbnz r0, 8000b48 + rng_delay(); + 8000b34: f001 fefa bl 800292c + return ((FLASH->OPTR & FLASH_OPTR_RDP_Msk) == 0xCC); + 8000b38: 4b35 ldr r3, [pc, #212] ; (8000c10 ) + 8000b3a: 6a1b ldr r3, [r3, #32] + 8000b3c: b2db uxtb r3, r3 + && !flash_is_security_level2() + 8000b3e: 2bcc cmp r3, #204 ; 0xcc + 8000b40: d002 beq.n 8000b48 + flash_lockdown_hard(OB_RDP_LEVEL_2); + 8000b42: 20cc movs r0, #204 ; 0xcc + 8000b44: f001 fcf8 bl 8002538 + gpio_setup(); + 8000b48: f002 ffbe bl 8003ac8 + uint32_t reset_reason = RCC->CSR; + 8000b4c: 4c31 ldr r4, [pc, #196] ; (8000c14 ) + console_setup(); + 8000b4e: f004 f9b7 bl 8004ec0 + puts2(BOOT_BANNER); + 8000b52: 4831 ldr r0, [pc, #196] ; (8000c18 ) + 8000b54: f004 fa00 bl 8004f58 + puts(version_string); + 8000b58: 4830 ldr r0, [pc, #192] ; (8000c1c ) + 8000b5a: f004 fa8b bl 8005074 + uint32_t reset_reason = RCC->CSR; + 8000b5e: f8d4 3094 ldr.w r3, [r4, #148] ; 0x94 + if(reset_reason & RCC_CSR_FWRSTF) { + 8000b62: 01db lsls r3, r3, #7 + 8000b64: d502 bpl.n 8000b6c + puts(">FIREWALLED<"); + 8000b66: 482e ldr r0, [pc, #184] ; (8000c20 ) + 8000b68: f004 fa84 bl 8005074 + SET_BIT(RCC->CSR, RCC_CSR_RMVF); + 8000b6c: f8d4 3094 ldr.w r3, [r4, #148] ; 0x94 + 8000b70: f443 0300 orr.w r3, r3, #8388608 ; 0x800000 + 8000b74: f8c4 3094 str.w r3, [r4, #148] ; 0x94 + if(memcmp(dfu_flag->magic, REBOOT_TO_DFU, sizeof(dfu_flag->magic)) == 0) { + 8000b78: 4c2a ldr r4, [pc, #168] ; (8000c24 ) + pin_setup0(); + 8000b7a: f003 fa9b bl 80040b4 + rng_delay(); + 8000b7e: f001 fed5 bl 800292c + lcd_full_setup(); + 8000b82: f000 f981 bl 8000e88 + if(memcmp(dfu_flag->magic, REBOOT_TO_DFU, sizeof(dfu_flag->magic)) == 0) { + 8000b86: 4928 ldr r1, [pc, #160] ; (8000c28 ) + 8000b88: 2208 movs r2, #8 + 8000b8a: 4620 mov r0, r4 + 8000b8c: f00c fe9c bl 800d8c8 + 8000b90: b928 cbnz r0, 8000b9e + dfu_flag->magic[0] = 0; + 8000b92: 7020 strb r0, [r4, #0] + oled_show(dfu_flag->screen); + 8000b94: 68a0 ldr r0, [r4, #8] + 8000b96: f000 fa7f bl 8001098 + enter_dfu(); + 8000b9a: f7ff ff75 bl 8000a88 + rng_delay(); + 8000b9e: f001 fec5 bl 800292c + oled_show_progress(screen_verify, 0); + 8000ba2: 2100 movs r1, #0 + 8000ba4: 4821 ldr r0, [pc, #132] ; (8000c2c ) + 8000ba6: f000 faf1 bl 800118c + wipe_all_sram(); + 8000baa: f7ff ff37 bl 8000a1c + ae_setup(); + 8000bae: f001 ffe1 bl 8002b74 + ae_set_gpio(0); // turn light red + 8000bb2: 2000 movs r0, #0 + 8000bb4: f002 fd60 bl 8003678 + se2_setup(); + 8000bb8: f007 f9ec bl 8007f94 + se2_probe(); + 8000bbc: f006 ff70 bl 8007aa0 + flash_setup(); + 8000bc0: f001 fbee bl 80023a0 + psram_setup(); + 8000bc4: f004 fa8e bl 80050e4 + if(ae_pair_unlock() != 0) { + 8000bc8: f002 f9ca bl 8002f60 + 8000bcc: b138 cbz r0, 8000bde + oled_show(screen_brick); + 8000bce: 4818 ldr r0, [pc, #96] ; (8000c30 ) + 8000bd0: f000 fa62 bl 8001098 + puts("pair-bricked"); + 8000bd4: 4817 ldr r0, [pc, #92] ; (8000c34 ) + 8000bd6: f004 fa4d bl 8005074 + LOCKUP_FOREVER(); + 8000bda: f003 f85f bl 8003c9c + puts2("Verify: "); + 8000bde: 4816 ldr r0, [pc, #88] ; (8000c38 ) + 8000be0: f004 f9ba bl 8004f58 + bool main_ok = verify_firmware(); + 8000be4: f001 f996 bl 8001f14 + if(main_ok) { + 8000be8: b120 cbz r0, 8000bf4 +} + 8000bea: e8bd 4010 ldmia.w sp!, {r4, lr} + oled_show(screen_blankish); + 8000bee: 4813 ldr r0, [pc, #76] ; (8000c3c ) + 8000bf0: f000 ba52 b.w 8001098 + psram_recover_firmware(); + 8000bf4: f004 fbc4 bl 8005380 + rng_delay(); + 8000bf8: f001 fe98 bl 800292c + return ((FLASH->OPTR & FLASH_OPTR_RDP_Msk) == 0xCC); + 8000bfc: 4b04 ldr r3, [pc, #16] ; (8000c10 ) + 8000bfe: 6a1b ldr r3, [r3, #32] + 8000c00: b2db uxtb r3, r3 + if(!flash_is_security_level2()) { + 8000c02: 2bcc cmp r3, #204 ; 0xcc + 8000c04: d1c9 bne.n 8000b9a + while(1) sdcard_recovery(); + 8000c06: f004 fd85 bl 8005714 + 8000c0a: e7fc b.n 8000c06 + 8000c0c: 0801c050 .word 0x0801c050 + 8000c10: 40022000 .word 0x40022000 + 8000c14: 40021000 .word 0x40021000 + 8000c18: 0800d9f2 .word 0x0800d9f2 + 8000c1c: 080107a0 .word 0x080107a0 + 8000c20: 0800da05 .word 0x0800da05 + 8000c24: 20008000 .word 0x20008000 + 8000c28: 0800d9c7 .word 0x0800d9c7 + 8000c2c: 08010051 .word 0x08010051 + 8000c30: 0800da65 .word 0x0800da65 + 8000c34: 0800da12 .word 0x0800da12 + 8000c38: 0800da1f .word 0x0800da1f + 8000c3c: 0800da4c .word 0x0800da4c + +08000c40 : + +// lcd_write_data() +// + static void +lcd_write_data(int len, const uint8_t *pixels) +{ + 8000c40: b538 push {r3, r4, r5, lr} + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000c42: 2201 movs r2, #1 +{ + 8000c44: 4605 mov r5, r0 + 8000c46: 460c mov r4, r1 + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000c48: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000c4c: 2110 movs r1, #16 + 8000c4e: f000 fc5d bl 800150c + HAL_GPIO_WritePin(GPIOA, DC_PIN, 1); + 8000c52: 2201 movs r2, #1 + 8000c54: f44f 7180 mov.w r1, #256 ; 0x100 + 8000c58: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000c5c: f000 fc56 bl 800150c + HAL_GPIO_WritePin(GPIOA, CS_PIN, 0); + 8000c60: 2200 movs r2, #0 + 8000c62: 2110 movs r1, #16 + 8000c64: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000c68: f000 fc50 bl 800150c + HAL_SPI_Transmit(&spi_port, (uint8_t *)buf, len, HAL_MAX_DELAY); + 8000c6c: b2aa uxth r2, r5 + 8000c6e: 4621 mov r1, r4 + 8000c70: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 8000c74: 4805 ldr r0, [pc, #20] ; (8000c8c ) + 8000c76: f000 fce9 bl 800164c + + write_bytes(len, pixels); + + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); +} + 8000c7a: e8bd 4038 ldmia.w sp!, {r3, r4, r5, lr} + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000c7e: 2201 movs r2, #1 + 8000c80: 2110 movs r1, #16 + 8000c82: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000c86: f000 bc41 b.w 800150c + 8000c8a: bf00 nop + 8000c8c: 2009e158 .word 0x2009e158 + +08000c90 : + +// lcd_write_data1() +// + static void +lcd_write_data1(uint8_t data) +{ + 8000c90: b507 push {r0, r1, r2, lr} + 8000c92: f88d 0007 strb.w r0, [sp, #7] + lcd_write_data(1, &data); + 8000c96: f10d 0107 add.w r1, sp, #7 + 8000c9a: 2001 movs r0, #1 + 8000c9c: f7ff ffd0 bl 8000c40 +} + 8000ca0: b003 add sp, #12 + 8000ca2: f85d fb04 ldr.w pc, [sp], #4 + ... + +08000ca8 : +static inline void wait_vsync(void) { + 8000ca8: b538 push {r3, r4, r5, lr} + 8000caa: 4c08 ldr r4, [pc, #32] ; (8000ccc ) + if(HAL_GPIO_ReadPin(GPIOB, TEAR_PIN) != 0) { + 8000cac: 4d08 ldr r5, [pc, #32] ; (8000cd0 ) + 8000cae: f44f 6100 mov.w r1, #2048 ; 0x800 + 8000cb2: 4628 mov r0, r5 + 8000cb4: f000 fc24 bl 8001500 + 8000cb8: b930 cbnz r0, 8000cc8 + for(; timeout; timeout--) { + 8000cba: 3c01 subs r4, #1 + 8000cbc: d1f7 bne.n 8000cae +} + 8000cbe: e8bd 4038 ldmia.w sp!, {r3, r4, r5, lr} + puts("TEAR timeout"); + 8000cc2: 4804 ldr r0, [pc, #16] ; (8000cd4 ) + 8000cc4: f004 b9d6 b.w 8005074 +} + 8000cc8: bd38 pop {r3, r4, r5, pc} + 8000cca: bf00 nop + 8000ccc: 000f4240 .word 0x000f4240 + 8000cd0: 48000400 .word 0x48000400 + 8000cd4: 0800da28 .word 0x0800da28 + +08000cd8 : +{ + 8000cd8: b507 push {r0, r1, r2, lr} + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000cda: 2201 movs r2, #1 +{ + 8000cdc: f88d 0007 strb.w r0, [sp, #7] + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000ce0: 2110 movs r1, #16 + 8000ce2: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000ce6: f000 fc11 bl 800150c + HAL_GPIO_WritePin(GPIOA, DC_PIN, 0); + 8000cea: 2200 movs r2, #0 + 8000cec: f44f 7180 mov.w r1, #256 ; 0x100 + 8000cf0: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000cf4: f000 fc0a bl 800150c + HAL_GPIO_WritePin(GPIOA, CS_PIN, 0); + 8000cf8: 2200 movs r2, #0 + 8000cfa: 2110 movs r1, #16 + 8000cfc: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000d00: f000 fc04 bl 800150c + HAL_SPI_Transmit(&spi_port, (uint8_t *)buf, len, HAL_MAX_DELAY); + 8000d04: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 8000d08: f10d 0107 add.w r1, sp, #7 + 8000d0c: 2201 movs r2, #1 + 8000d0e: 4806 ldr r0, [pc, #24] ; (8000d28 ) + 8000d10: f000 fc9c bl 800164c + HAL_GPIO_WritePin(GPIOA, CS_PIN, 1); + 8000d14: 2201 movs r2, #1 + 8000d16: 2110 movs r1, #16 + 8000d18: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000d1c: f000 fbf6 bl 800150c +} + 8000d20: b003 add sp, #12 + 8000d22: f85d fb04 ldr.w pc, [sp], #4 + 8000d26: bf00 nop + 8000d28: 2009e158 .word 0x2009e158 + +08000d2c : +{ + 8000d2c: b537 push {r0, r1, r2, r4, r5, lr} + 8000d2e: 460d mov r5, r1 + 8000d30: 4614 mov r4, r2 + lcd_write_cmd(cmd); + 8000d32: f7ff ffd1 bl 8000cd8 + uint8_t d[4] = { (a>>8), a&0xff, (b>>8), b&0xff }; + 8000d36: 0a2b lsrs r3, r5, #8 + 8000d38: f88d 3004 strb.w r3, [sp, #4] + lcd_write_data(4, d); + 8000d3c: a901 add r1, sp, #4 + uint8_t d[4] = { (a>>8), a&0xff, (b>>8), b&0xff }; + 8000d3e: 0a23 lsrs r3, r4, #8 + lcd_write_data(4, d); + 8000d40: 2004 movs r0, #4 + uint8_t d[4] = { (a>>8), a&0xff, (b>>8), b&0xff }; + 8000d42: f88d 5005 strb.w r5, [sp, #5] + 8000d46: f88d 3006 strb.w r3, [sp, #6] + 8000d4a: f88d 4007 strb.w r4, [sp, #7] + lcd_write_data(4, d); + 8000d4e: f7ff ff77 bl 8000c40 +} + 8000d52: b003 add sp, #12 + 8000d54: bd30 pop {r4, r5, pc} + ... + +08000d58 : +// +// Just setup SPI, do not reset display, etc. +// + void +lcd_spi_setup(void) +{ + 8000d58: b538 push {r3, r4, r5, lr} +#ifndef DISABLE_LCD + // might already be setup + if(spi_port.Instance == SPI1) return; + 8000d5a: 4c0d ldr r4, [pc, #52] ; (8000d90 ) + 8000d5c: 4d0d ldr r5, [pc, #52] ; (8000d94 ) + 8000d5e: 6823 ldr r3, [r4, #0] + 8000d60: 42ab cmp r3, r5 + 8000d62: d014 beq.n 8000d8e + + memset(&spi_port, 0, sizeof(spi_port)); + 8000d64: f104 0008 add.w r0, r4, #8 + 8000d68: 225c movs r2, #92 ; 0x5c + 8000d6a: 2100 movs r1, #0 + 8000d6c: f00c fdca bl 800d904 + + spi_port.Instance = SPI1; + + // see SPI_InitTypeDef + spi_port.Init.Mode = SPI_MODE_MASTER; + 8000d70: f44f 7382 mov.w r3, #260 ; 0x104 + 8000d74: 6063 str r3, [r4, #4] + spi_port.Init.Direction = SPI_DIRECTION_2LINES; + spi_port.Init.DataSize = SPI_DATASIZE_8BIT; + 8000d76: f44f 63e0 mov.w r3, #1792 ; 0x700 + 8000d7a: 60e3 str r3, [r4, #12] + spi_port.Init.CLKPolarity = SPI_POLARITY_LOW; + spi_port.Init.CLKPhase = SPI_PHASE_1EDGE; + spi_port.Init.NSS = SPI_NSS_SOFT; + 8000d7c: f44f 7300 mov.w r3, #512 ; 0x200 + spi_port.Instance = SPI1; + 8000d80: 6025 str r5, [r4, #0] + spi_port.Init.NSS = SPI_NSS_SOFT; + 8000d82: 61a3 str r3, [r4, #24] + spi_port.Init.BaudRatePrescaler = SPI_BAUDRATEPRESCALER_2; + spi_port.Init.FirstBit = SPI_FIRSTBIT_MSB; + spi_port.Init.TIMode = SPI_TIMODE_DISABLED; + spi_port.Init.CRCCalculation = SPI_CRCCALCULATION_DISABLED; + + HAL_SPI_Init(&spi_port); + 8000d84: 4620 mov r0, r4 +#endif +} + 8000d86: e8bd 4038 ldmia.w sp!, {r3, r4, r5, lr} + HAL_SPI_Init(&spi_port); + 8000d8a: f000 bc01 b.w 8001590 +} + 8000d8e: bd38 pop {r3, r4, r5, pc} + 8000d90: 2009e158 .word 0x2009e158 + 8000d94: 40013000 .word 0x40013000 + +08000d98 : +// +// Ok to call this lots. +// + void +oled_setup(void) +{ + 8000d98: b530 push {r4, r5, lr} + puts("lcd disabled");return; // disable so I can use MCO +#endif + + static uint32_t inited; + + if(inited == 0x238a572F) { + 8000d9a: 4b23 ldr r3, [pc, #140] ; (8000e28 ) + 8000d9c: 4a23 ldr r2, [pc, #140] ; (8000e2c ) + 8000d9e: 6819 ldr r1, [r3, #0] + 8000da0: 4291 cmp r1, r2 +{ + 8000da2: b087 sub sp, #28 + if(inited == 0x238a572F) { + 8000da4: d03e beq.n 8000e24 + return; + } + inited = 0x238a572F; + 8000da6: 601a str r2, [r3, #0] + + // enable some internal clocks + __HAL_RCC_SPI1_CLK_ENABLE(); + 8000da8: 4b21 ldr r3, [pc, #132] ; (8000e30 ) + + // take over from GPU + // - can be issue when coming in via callgate from mpy which might have been showing menu + HAL_GPIO_WritePin(GPIOE, PIN_G_CTRL, 1); // set G_CTRL pin -- we have control + 8000daa: 4822 ldr r0, [pc, #136] ; (8000e34 ) + __HAL_RCC_SPI1_CLK_ENABLE(); + 8000dac: 6e1a ldr r2, [r3, #96] ; 0x60 + + // .. wait for GPU to finish it's work + // - might take 16+ms because waiting for next vsync, etc + for(int i=0; i<100; i++) { + if(HAL_GPIO_ReadPin(GPIOE, PIN_G_BUSY) == 0) break; + 8000dae: 4d21 ldr r5, [pc, #132] ; (8000e34 ) + __HAL_RCC_SPI1_CLK_ENABLE(); + 8000db0: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 8000db4: 661a str r2, [r3, #96] ; 0x60 + 8000db6: 6e1b ldr r3, [r3, #96] ; 0x60 + 8000db8: f403 5380 and.w r3, r3, #4096 ; 0x1000 + 8000dbc: 9300 str r3, [sp, #0] + HAL_GPIO_WritePin(GPIOE, PIN_G_CTRL, 1); // set G_CTRL pin -- we have control + 8000dbe: 2201 movs r2, #1 + 8000dc0: 2120 movs r1, #32 + __HAL_RCC_SPI1_CLK_ENABLE(); + 8000dc2: 9b00 ldr r3, [sp, #0] + HAL_GPIO_WritePin(GPIOE, PIN_G_CTRL, 1); // set G_CTRL pin -- we have control + 8000dc4: f000 fba2 bl 800150c + 8000dc8: 2464 movs r4, #100 ; 0x64 + if(HAL_GPIO_ReadPin(GPIOE, PIN_G_BUSY) == 0) break; + 8000dca: 2104 movs r1, #4 + 8000dcc: 4628 mov r0, r5 + 8000dce: f000 fb97 bl 8001500 + 8000dd2: b120 cbz r0, 8000dde + delay_ms(1); + 8000dd4: 2001 movs r0, #1 + 8000dd6: f002 fe67 bl 8003aa8 + for(int i=0; i<100; i++) { + 8000dda: 3c01 subs r4, #1 + 8000ddc: d1f5 bne.n 8000dca + } + + // Simple pins + // - must be opendrain to allow GPU to share + GPIO_InitTypeDef setup = { + 8000dde: 4d16 ldr r5, [pc, #88] ; (8000e38 ) + 8000de0: cd0f ldmia r5!, {r0, r1, r2, r3} + 8000de2: ac01 add r4, sp, #4 + 8000de4: c40f stmia r4!, {r0, r1, r2, r3} + 8000de6: 682b ldr r3, [r5, #0] + 8000de8: 6023 str r3, [r4, #0] + .Mode = GPIO_MODE_OUTPUT_OD, + .Pull = GPIO_PULLUP, + .Speed = GPIO_SPEED_FREQ_MEDIUM, + .Alternate = 0, + }; + HAL_GPIO_Init(GPIOA, &setup); + 8000dea: a901 add r1, sp, #4 + 8000dec: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000df0: f000 fa12 bl 8001218 + + // starting values + HAL_GPIO_WritePin(GPIOA, RESET_PIN | CS_PIN | DC_PIN, 1); + 8000df4: 2201 movs r2, #1 + 8000df6: f44f 71a8 mov.w r1, #336 ; 0x150 + 8000dfa: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000dfe: f000 fb85 bl 800150c + + // SPI pins (same but with AF) + setup.Pin = SPI_SCK | SPI_MOSI; + 8000e02: 23a0 movs r3, #160 ; 0xa0 + 8000e04: 9301 str r3, [sp, #4] + setup.Alternate = GPIO_AF5_SPI1; + 8000e06: 2305 movs r3, #5 + 8000e08: 9305 str r3, [sp, #20] + setup.Mode = GPIO_MODE_AF_PP; + 8000e0a: 2302 movs r3, #2 + setup.Speed = GPIO_SPEED_FREQ_VERY_HIGH; + HAL_GPIO_Init(GPIOA, &setup); + 8000e0c: a901 add r1, sp, #4 + 8000e0e: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + setup.Mode = GPIO_MODE_AF_PP; + 8000e12: 9302 str r3, [sp, #8] + setup.Speed = GPIO_SPEED_FREQ_VERY_HIGH; + 8000e14: 2303 movs r3, #3 + 8000e16: 9304 str r3, [sp, #16] + HAL_GPIO_Init(GPIOA, &setup); + 8000e18: f000 f9fe bl 8001218 + + // config SPI port + lcd_spi_setup(); + 8000e1c: f7ff ff9c bl 8000d58 + rng_delay(); + 8000e20: f001 fd84 bl 800292c +} + 8000e24: b007 add sp, #28 + 8000e26: bd30 pop {r4, r5, pc} + 8000e28: 2009e150 .word 0x2009e150 + 8000e2c: 238a572f .word 0x238a572f + 8000e30: 40021000 .word 0x40021000 + 8000e34: 48001000 .word 0x48001000 + 8000e38: 0800da38 .word 0x0800da38 + +08000e3c : + +// lcd_fill_solid() +// + void +lcd_fill_solid(uint16_t pattern) +{ + 8000e3c: b5b0 push {r4, r5, r7, lr} + // note, MADCTL MV/MX/MY setting causes row vs. col swap here + lcd_write_cmd4(0x2a, 0, LCD_WIDTH-1); // CASET - Column address set range (x) + 8000e3e: f240 123f movw r2, #319 ; 0x13f +{ + 8000e42: af00 add r7, sp, #0 + lcd_write_cmd4(0x2a, 0, LCD_WIDTH-1); // CASET - Column address set range (x) + 8000e44: 2100 movs r1, #0 +{ + 8000e46: 4604 mov r4, r0 + lcd_write_cmd4(0x2a, 0, LCD_WIDTH-1); // CASET - Column address set range (x) + 8000e48: 202a movs r0, #42 ; 0x2a + 8000e4a: f7ff ff6f bl 8000d2c + lcd_write_cmd4(0x2b, 0, LCD_HEIGHT-1); // RASET - Row address set range (y) + 8000e4e: 22ef movs r2, #239 ; 0xef + 8000e50: 2100 movs r1, #0 + 8000e52: 202b movs r0, #43 ; 0x2b + 8000e54: f7ff ff6a bl 8000d2c + + lcd_write_cmd(0x2c); // RAMWR - memory write + 8000e58: 202c movs r0, #44 ; 0x2c + 8000e5a: f7ff ff3d bl 8000cd8 + + uint16_t row[LCD_WIDTH]; + 8000e5e: f5ad 7d20 sub.w sp, sp, #640 ; 0x280 + 8000e62: 466d mov r5, sp + for(; byte_len; byte_len-=2, dest++) { + 8000e64: f505 7220 add.w r2, r5, #640 ; 0x280 + uint16_t row[LCD_WIDTH]; + 8000e68: 462b mov r3, r5 + *dest = value; + 8000e6a: f823 4b02 strh.w r4, [r3], #2 + for(; byte_len; byte_len-=2, dest++) { + 8000e6e: 429a cmp r2, r3 + 8000e70: d1fb bne.n 8000e6a + 8000e72: 24f0 movs r4, #240 ; 0xf0 + memset2(row, pattern, sizeof(row)); + + for(int y=0; y + for(int y=0; y + } +} + 8000e82: 46bd mov sp, r7 + 8000e84: bdb0 pop {r4, r5, r7, pc} + ... + +08000e88 : +{ + 8000e88: b508 push {r3, lr} + oled_setup(); + 8000e8a: f7ff ff85 bl 8000d98 + lcd_write_cmd(0x28); // DISPOFF + 8000e8e: 2028 movs r0, #40 ; 0x28 + 8000e90: f7ff ff22 bl 8000cd8 + lcd_write_cmd(0x36); // MADCTL: memory addr ctrl, page 215 + 8000e94: 2036 movs r0, #54 ; 0x36 + 8000e96: f7ff ff1f bl 8000cd8 + lcd_write_data1(0x60); // MV=1 => horz mode, first byte=top-left corner, RGB order + 8000e9a: 2060 movs r0, #96 ; 0x60 + 8000e9c: f7ff fef8 bl 8000c90 + lcd_fill_solid(COL_BLACK); // works only on second+ reboots/resets + 8000ea0: 2000 movs r0, #0 + 8000ea2: f7ff ffcb bl 8000e3c + delay_ms(1); + 8000ea6: 2001 movs r0, #1 + 8000ea8: f002 fdfe bl 8003aa8 + HAL_GPIO_WritePin(GPIOA, RESET_PIN, 0); + 8000eac: 2200 movs r2, #0 + 8000eae: 2140 movs r1, #64 ; 0x40 + 8000eb0: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000eb4: f000 fb2a bl 800150c + delay_ms(1); + 8000eb8: 2001 movs r0, #1 + 8000eba: f002 fdf5 bl 8003aa8 + HAL_GPIO_WritePin(GPIOA, RESET_PIN, 1); + 8000ebe: 2201 movs r2, #1 + 8000ec0: 2140 movs r1, #64 ; 0x40 + 8000ec2: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8000ec6: f000 fb21 bl 800150c + delay_ms(120); // 120ms - reset recovery time + 8000eca: 2078 movs r0, #120 ; 0x78 + 8000ecc: f002 fdec bl 8003aa8 + lcd_write_cmd(0x11); // SLPOUT: Sleep Out => turn off sleep mode + 8000ed0: 2011 movs r0, #17 + 8000ed2: f7ff ff01 bl 8000cd8 + delay_ms(5); // 5ms - wake up time + 8000ed6: 2005 movs r0, #5 + 8000ed8: f002 fde6 bl 8003aa8 + lcd_write_cmd(0x36); // MADCTL: memory addr ctrl, page 215 + 8000edc: 2036 movs r0, #54 ; 0x36 + 8000ede: f7ff fefb bl 8000cd8 + lcd_write_data1(0x60); // MV=1 => horz mode, first byte=top-left corner, RGB order + 8000ee2: 2060 movs r0, #96 ; 0x60 + 8000ee4: f7ff fed4 bl 8000c90 + lcd_write_cmd(0x3a); // COLMOD: pixel format + 8000ee8: 203a movs r0, #58 ; 0x3a + 8000eea: f7ff fef5 bl 8000cd8 + lcd_write_data1(0x05); // => 16bit/pixel + 8000eee: 2005 movs r0, #5 + 8000ef0: f7ff fece bl 8000c90 + lcd_write_cmd(0xb2); // PORCTRL - porch control + 8000ef4: 20b2 movs r0, #178 ; 0xb2 + 8000ef6: f7ff feef bl 8000cd8 + lcd_write_data1(0x0c); + 8000efa: 200c movs r0, #12 + 8000efc: f7ff fec8 bl 8000c90 + lcd_write_data1(0x0c); + 8000f00: 200c movs r0, #12 + 8000f02: f7ff fec5 bl 8000c90 + lcd_write_data1(0x00); + 8000f06: 2000 movs r0, #0 + 8000f08: f7ff fec2 bl 8000c90 + lcd_write_data1(0x33); + 8000f0c: 2033 movs r0, #51 ; 0x33 + 8000f0e: f7ff febf bl 8000c90 + lcd_write_data1(0x33); + 8000f12: 2033 movs r0, #51 ; 0x33 + 8000f14: f7ff febc bl 8000c90 + lcd_write_cmd(0xb7); + 8000f18: 20b7 movs r0, #183 ; 0xb7 + 8000f1a: f7ff fedd bl 8000cd8 + lcd_write_data1(0x35); + 8000f1e: 2035 movs r0, #53 ; 0x35 + 8000f20: f7ff feb6 bl 8000c90 + lcd_write_cmd(0xbb); // VCOMS + 8000f24: 20bb movs r0, #187 ; 0xbb + 8000f26: f7ff fed7 bl 8000cd8 + lcd_write_data1(0x25); //35 20 + 8000f2a: 2025 movs r0, #37 ; 0x25 + 8000f2c: f7ff feb0 bl 8000c90 + lcd_write_cmd(0xc0); // LCM + 8000f30: 20c0 movs r0, #192 ; 0xc0 + 8000f32: f7ff fed1 bl 8000cd8 + lcd_write_data1(0x2c); + 8000f36: 202c movs r0, #44 ; 0x2c + 8000f38: f7ff feaa bl 8000c90 + lcd_write_cmd(0xc2); // VDVVRHEN + 8000f3c: 20c2 movs r0, #194 ; 0xc2 + 8000f3e: f7ff fecb bl 8000cd8 + lcd_write_data1(0x01); + 8000f42: 2001 movs r0, #1 + 8000f44: f7ff fea4 bl 8000c90 + lcd_write_cmd(0xc3); // VRHS + 8000f48: 20c3 movs r0, #195 ; 0xc3 + 8000f4a: f7ff fec5 bl 8000cd8 + lcd_write_data1(0x13); //0e + 8000f4e: 2013 movs r0, #19 + 8000f50: f7ff fe9e bl 8000c90 + lcd_write_cmd(0xc4); // VDVSET + 8000f54: 20c4 movs r0, #196 ; 0xc4 + 8000f56: f7ff febf bl 8000cd8 + lcd_write_data1(0x20); + 8000f5a: 2020 movs r0, #32 + 8000f5c: f7ff fe98 bl 8000c90 + lcd_write_cmd(0xc6); // FRCTR2 + 8000f60: 20c6 movs r0, #198 ; 0xc6 + 8000f62: f7ff feb9 bl 8000cd8 + lcd_write_data1(0x0f); + 8000f66: 200f movs r0, #15 + 8000f68: f7ff fe92 bl 8000c90 + lcd_write_cmd(0xd0); // PWCTRL1 + 8000f6c: 20d0 movs r0, #208 ; 0xd0 + 8000f6e: f7ff feb3 bl 8000cd8 + lcd_write_data1(0xa4); + 8000f72: 20a4 movs r0, #164 ; 0xa4 + 8000f74: f7ff fe8c bl 8000c90 + lcd_write_data1(0xa1); + 8000f78: 20a1 movs r0, #161 ; 0xa1 + 8000f7a: f7ff fe89 bl 8000c90 + lcd_write_cmd(0xe0); // PVGAMCTRL + 8000f7e: 20e0 movs r0, #224 ; 0xe0 + 8000f80: f7ff feaa bl 8000cd8 + lcd_write_data1(0xd0); + 8000f84: 20d0 movs r0, #208 ; 0xd0 + 8000f86: f7ff fe83 bl 8000c90 + lcd_write_data1(0x00); + 8000f8a: 2000 movs r0, #0 + 8000f8c: f7ff fe80 bl 8000c90 + lcd_write_data1(0x03); + 8000f90: 2003 movs r0, #3 + 8000f92: f7ff fe7d bl 8000c90 + lcd_write_data1(0x09); + 8000f96: 2009 movs r0, #9 + 8000f98: f7ff fe7a bl 8000c90 + lcd_write_data1(0x13); + 8000f9c: 2013 movs r0, #19 + 8000f9e: f7ff fe77 bl 8000c90 + lcd_write_data1(0x1c); + 8000fa2: 201c movs r0, #28 + 8000fa4: f7ff fe74 bl 8000c90 + lcd_write_data1(0x3a); + 8000fa8: 203a movs r0, #58 ; 0x3a + 8000faa: f7ff fe71 bl 8000c90 + lcd_write_data1(0x55); + 8000fae: 2055 movs r0, #85 ; 0x55 + 8000fb0: f7ff fe6e bl 8000c90 + lcd_write_data1(0x48); + 8000fb4: 2048 movs r0, #72 ; 0x48 + 8000fb6: f7ff fe6b bl 8000c90 + lcd_write_data1(0x18); + 8000fba: 2018 movs r0, #24 + 8000fbc: f7ff fe68 bl 8000c90 + lcd_write_data1(0x12); + 8000fc0: 2012 movs r0, #18 + 8000fc2: f7ff fe65 bl 8000c90 + lcd_write_data1(0x0e); + 8000fc6: 200e movs r0, #14 + 8000fc8: f7ff fe62 bl 8000c90 + lcd_write_data1(0x19); + 8000fcc: 2019 movs r0, #25 + 8000fce: f7ff fe5f bl 8000c90 + lcd_write_data1(0x1e); + 8000fd2: 201e movs r0, #30 + 8000fd4: f7ff fe5c bl 8000c90 + lcd_write_cmd(0xe1); // NVGAMCTRL + 8000fd8: 20e1 movs r0, #225 ; 0xe1 + 8000fda: f7ff fe7d bl 8000cd8 + lcd_write_data1(0xd0); + 8000fde: 20d0 movs r0, #208 ; 0xd0 + 8000fe0: f7ff fe56 bl 8000c90 + lcd_write_data1(0x00); + 8000fe4: 2000 movs r0, #0 + 8000fe6: f7ff fe53 bl 8000c90 + lcd_write_data1(0x03); + 8000fea: 2003 movs r0, #3 + 8000fec: f7ff fe50 bl 8000c90 + lcd_write_data1(0x09); + 8000ff0: 2009 movs r0, #9 + 8000ff2: f7ff fe4d bl 8000c90 + lcd_write_data1(0x05); + 8000ff6: 2005 movs r0, #5 + 8000ff8: f7ff fe4a bl 8000c90 + lcd_write_data1(0x25); + 8000ffc: 2025 movs r0, #37 ; 0x25 + 8000ffe: f7ff fe47 bl 8000c90 + lcd_write_data1(0x3a); + 8001002: 203a movs r0, #58 ; 0x3a + 8001004: f7ff fe44 bl 8000c90 + lcd_write_data1(0x55); + 8001008: 2055 movs r0, #85 ; 0x55 + 800100a: f7ff fe41 bl 8000c90 + lcd_write_data1(0x50); + 800100e: 2050 movs r0, #80 ; 0x50 + 8001010: f7ff fe3e bl 8000c90 + lcd_write_data1(0x3d); + 8001014: 203d movs r0, #61 ; 0x3d + 8001016: f7ff fe3b bl 8000c90 + lcd_write_data1(0x1c); + 800101a: 201c movs r0, #28 + 800101c: f7ff fe38 bl 8000c90 + lcd_write_data1(0x1d); + 8001020: 201d movs r0, #29 + 8001022: f7ff fe35 bl 8000c90 + lcd_write_data1(0x1d); + 8001026: 201d movs r0, #29 + 8001028: f7ff fe32 bl 8000c90 + lcd_write_data1(0x1e); + 800102c: 201e movs r0, #30 + 800102e: f7ff fe2f bl 8000c90 + lcd_write_cmd(0x35); // TEON - Tear signal on + 8001032: 2035 movs r0, #53 ; 0x35 + 8001034: f7ff fe50 bl 8000cd8 + lcd_write_data1(0x0); + 8001038: 2000 movs r0, #0 + 800103a: f7ff fe29 bl 8000c90 + lcd_fill_solid(COL_BLACK); + 800103e: 2000 movs r0, #0 + 8001040: f7ff fefc bl 8000e3c + lcd_write_cmd(0x21); // INVON + 8001044: 2021 movs r0, #33 ; 0x21 + 8001046: f7ff fe47 bl 8000cd8 + lcd_write_cmd(0x29); // DISPON + 800104a: 2029 movs r0, #41 ; 0x29 + 800104c: f7ff fe44 bl 8000cd8 + delay_ms(50); + 8001050: 2032 movs r0, #50 ; 0x32 + 8001052: f002 fd29 bl 8003aa8 + last_screen = NULL; + 8001056: 4b02 ldr r3, [pc, #8] ; (8001060 ) + 8001058: 2200 movs r2, #0 + 800105a: 601a str r2, [r3, #0] +} + 800105c: bd08 pop {r3, pc} + 800105e: bf00 nop + 8001060: 2009e154 .word 0x2009e154 + +08001064 : + +// lcd_write_rows() +// + void +lcd_write_rows(int y, int num_rows, uint16_t *pixels) +{ + 8001064: b570 push {r4, r5, r6, lr} + 8001066: 4606 mov r6, r0 + 8001068: 460c mov r4, r1 + 800106a: 4615 mov r5, r2 + lcd_write_cmd4(0x2a, 0, LCD_WIDTH-1); // CASET - Column address set range (x) + 800106c: 2100 movs r1, #0 + 800106e: f240 123f movw r2, #319 ; 0x13f + 8001072: 202a movs r0, #42 ; 0x2a + 8001074: f7ff fe5a bl 8000d2c + lcd_write_cmd4(0x2b, y, LCD_HEIGHT-1); // RASET - Row address set range (y) + 8001078: b2b1 uxth r1, r6 + 800107a: 22ef movs r2, #239 ; 0xef + 800107c: 202b movs r0, #43 ; 0x2b + 800107e: f7ff fe55 bl 8000d2c + + lcd_write_cmd(0x2c); // RAMWR - memory write + 8001082: 202c movs r0, #44 ; 0x2c + 8001084: f7ff fe28 bl 8000cd8 + + lcd_write_data(num_rows * 2 * LCD_WIDTH, (uint8_t *)pixels); + 8001088: f44f 7020 mov.w r0, #640 ; 0x280 + 800108c: 4629 mov r1, r5 + 800108e: 4360 muls r0, r4 +} + 8001090: e8bd 4070 ldmia.w sp!, {r4, r5, r6, lr} + lcd_write_data(num_rows * 2 * LCD_WIDTH, (uint8_t *)pixels); + 8001094: f7ff bdd4 b.w 8000c40 + +08001098 : +// +// Perform simple RLE decompression, and pixel expansion. +// + void +oled_show(const uint8_t *pixels) +{ + 8001098: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 800109c: f5ad 6d07 sub.w sp, sp, #2160 ; 0x870 + 80010a0: af00 add r7, sp, #0 + 80010a2: 4606 mov r6, r0 + oled_setup(); + 80010a4: f7ff fe78 bl 8000d98 + + // we are NOT fast enough to send entire screen during the + // vblanking time, so either we show torn stuff, or we flash display off a little + wait_vsync(); + 80010a8: f7ff fdfe bl 8000ca8 + lcd_write_cmd(0x28); // DISPOFF + 80010ac: 2028 movs r0, #40 ; 0x28 + 80010ae: f7ff fe13 bl 8000cd8 + + // always full update: minus part we aren't saving "TOP_CROP" at top edge + lcd_write_cmd4(0x2a, 0, LCD_WIDTH-1); // CASET - Column address set range (x) + 80010b2: f240 123f movw r2, #319 ; 0x13f + 80010b6: 2100 movs r1, #0 + 80010b8: 202a movs r0, #42 ; 0x2a + 80010ba: f7ff fe37 bl 8000d2c + // RASET - Row address set range (y) + lcd_write_cmd4(0x2b, SCREEN_TOP_CROP, LCD_HEIGHT-1); + 80010be: 22ef movs r2, #239 ; 0xef + 80010c0: 210f movs r1, #15 + 80010c2: 202b movs r0, #43 ; 0x2b + 80010c4: f7ff fe32 bl 8000d2c + lcd_write_cmd(0x2c); // RAMWR - memory write + 80010c8: 202c movs r0, #44 ; 0x2c + 80010ca: f7ff fe05 bl 8000cd8 + + uint8_t buf[127]; + uint16_t expand[sizeof(buf)*8]; + const uint8_t *p = pixels; + + uint16_t blk_row[LCD_WIDTH]; + 80010ce: f5ad 7d20 sub.w sp, sp, #640 ; 0x280 + 80010d2: 46e8 mov r8, sp + *dest = value; + 80010d4: f44f 7220 mov.w r2, #640 ; 0x280 + 80010d8: 2100 movs r1, #0 + 80010da: 4640 mov r0, r8 + 80010dc: f00c fc12 bl 800d904 + const uint8_t *p = pixels; + 80010e0: 4634 mov r4, r6 + memset2(blk_row, COL_BLACK, sizeof(blk_row)); + + while(1) { + uint8_t hdr = *(p++); + 80010e2: 7823 ldrb r3, [r4, #0] + if(!hdr) break; // end marker + 80010e4: 2b00 cmp r3, #0 + 80010e6: d042 beq.n 800116e + + uint8_t len = hdr & 0x7f; + if(hdr & 0x80) { + 80010e8: 061a lsls r2, r3, #24 + uint8_t len = hdr & 0x7f; + 80010ea: f003 057f and.w r5, r3, #127 ; 0x7f + if(hdr & 0x80) { + 80010ee: d514 bpl.n 800111a + uint8_t hdr = *(p++); + 80010f0: 3401 adds r4, #1 + // random bytes follow + memcpy(buf, p, len); + 80010f2: 4621 mov r1, r4 + 80010f4: 462a mov r2, r5 + 80010f6: 4638 mov r0, r7 + 80010f8: f00c fbf6 bl 800d8e8 + p += len; + 80010fc: 442c add r4, r5 + p++; + } + + // expand 'len' packed monochrome into BGR565 16-bit data: buf => expand + uint16_t *out = expand; + for(int i=0; i>= 1, out++) { + if(packed & mask) { + *out = COL_FOREGROUND; + } else { + *out = COL_BLACK; + 8001106: f246 0cfd movw ip, #24829 ; 0x60fd + for(int i=0; i + } + } + } + lcd_write_data(len*8*2, (uint8_t *)expand); + 800110e: f107 0180 add.w r1, r7, #128 ; 0x80 + 8001112: 0128 lsls r0, r5, #4 + 8001114: f7ff fd94 bl 8000c40 + 8001118: e7e3 b.n 80010e2 + } else if(hdr == 0x7f) { + 800111a: 2b7f cmp r3, #127 ; 0x7f + for(int i=0; i + for(int i=0; i + lcd_write_data(2 * LCD_WIDTH, (uint8_t *)blk_row); + 800112a: 4641 mov r1, r8 + 800112c: f44f 7020 mov.w r0, #640 ; 0x280 + 8001130: f7ff fd86 bl 8000c40 + for(int i=0; i + 800113a: e7d2 b.n 80010e2 + memset(buf, *p, len); + 800113c: 462a mov r2, r5 + 800113e: 4649 mov r1, r9 + 8001140: 4638 mov r0, r7 + 8001142: f00c fbdf bl 800d904 + p++; + 8001146: e7da b.n 80010fe + uint8_t packed = buf[i]; + 8001148: f810 ab01 ldrb.w sl, [r0], #1 + for(uint8_t mask = 0x80; mask; mask >>= 1, out++) { + 800114c: 2180 movs r1, #128 ; 0x80 + 800114e: f103 0e10 add.w lr, r3, #16 + *out = COL_BLACK; + 8001152: ea1a 0f01 tst.w sl, r1 + 8001156: bf14 ite ne + 8001158: 46e1 movne r9, ip + 800115a: f04f 0900 moveq.w r9, #0 + 800115e: f823 9b02 strh.w r9, [r3], #2 + for(uint8_t mask = 0x80; mask; mask >>= 1, out++) { + 8001162: 4573 cmp r3, lr + 8001164: ea4f 0151 mov.w r1, r1, lsr #1 + 8001168: d1f3 bne.n 8001152 + for(int i=0; i + } + + lcd_write_cmd(0x29); // DISPON + 800116e: 2029 movs r0, #41 ; 0x29 + 8001170: f7ff fdb2 bl 8000cd8 + + last_screen = pixels; + 8001174: 4b04 ldr r3, [pc, #16] ; (8001188 ) + 8001176: 601e str r6, [r3, #0] + rng_delay(); + 8001178: f001 fbd8 bl 800292c +} + 800117c: f507 6707 add.w r7, r7, #2160 ; 0x870 + 8001180: 46bd mov sp, r7 + 8001182: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + 8001186: bf00 nop + 8001188: 2009e154 .word 0x2009e154 + +0800118c : +// +// Perform simple RLE decompression, and add a bar on final screen line. +// + void +oled_show_progress(const uint8_t *pixels, int progress) +{ + 800118c: b5b0 push {r4, r5, r7, lr} + 800118e: af00 add r7, sp, #0 + 8001190: 4605 mov r5, r0 + 8001192: 460c mov r4, r1 + oled_setup(); + 8001194: f7ff fe00 bl 8000d98 + + if(last_screen != pixels) { + 8001198: 4b1d ldr r3, [pc, #116] ; (8001210 ) + 800119a: 681b ldr r3, [r3, #0] + 800119c: 42ab cmp r3, r5 + 800119e: d002 beq.n 80011a6 + oled_show(pixels); + 80011a0: 4628 mov r0, r5 + 80011a2: f7ff ff79 bl 8001098 + } + + uint32_t p_count = LCD_WIDTH * 10 * progress / 1000; + 80011a6: f44f 6148 mov.w r1, #3200 ; 0xc80 + 80011aa: 4361 muls r1, r4 + 80011ac: f44f 737a mov.w r3, #1000 ; 0x3e8 + 80011b0: fb91 f1f3 sdiv r1, r1, r3 + if(p_count > LCD_WIDTH) p_count = LCD_WIDTH-1; + 80011b4: f240 133f movw r3, #319 ; 0x13f + 80011b8: f5b1 7fa0 cmp.w r1, #320 ; 0x140 + 80011bc: bf88 it hi + 80011be: 4619 movhi r1, r3 + if(p_count < 0) p_count = 0; + + // draw just the progress bar + uint16_t row[LCD_WIDTH]; + 80011c0: f5ad 7d20 sub.w sp, sp, #640 ; 0x280 + 80011c4: 466c mov r4, sp + memset2(row, COL_FOREGROUND, 2*p_count); + 80011c6: 004a lsls r2, r1, #1 + 80011c8: b293 uxth r3, r2 + for(; byte_len; byte_len-=2, dest++) { + 80011ca: 4620 mov r0, r4 + *dest = value; + 80011cc: f246 05fd movw r5, #24829 ; 0x60fd + for(; byte_len; byte_len-=2, dest++) { + 80011d0: b9a3 cbnz r3, 80011fc + memset2(&row[p_count], COL_BLACK, 2*(LCD_WIDTH-p_count)); + 80011d2: f5c1 71a0 rsb r1, r1, #320 ; 0x140 + 80011d6: 4422 add r2, r4 + 80011d8: 0049 lsls r1, r1, #1 + for(; byte_len; byte_len-=2, dest++) { + 80011da: b289 uxth r1, r1 + 80011dc: b999 cbnz r1, 8001206 + + wait_vsync(); + 80011de: f7ff fd63 bl 8000ca8 + 80011e2: 25eb movs r5, #235 ; 0xeb + + for(int i=0; i + for(int i=0; i + } + + rng_delay(); + 80011f4: f001 fb9a bl 800292c +} + 80011f8: 46bd mov sp, r7 + 80011fa: bdb0 pop {r4, r5, r7, pc} + for(; byte_len; byte_len-=2, dest++) { + 80011fc: 3b02 subs r3, #2 + *dest = value; + 80011fe: f820 5b02 strh.w r5, [r0], #2 + for(; byte_len; byte_len-=2, dest++) { + 8001202: b29b uxth r3, r3 + 8001204: e7e4 b.n 80011d0 + *dest = value; + 8001206: f822 3b02 strh.w r3, [r2], #2 + for(; byte_len; byte_len-=2, dest++) { + 800120a: 3902 subs r1, #2 + 800120c: e7e5 b.n 80011da + 800120e: bf00 nop + 8001210: 2009e154 .word 0x2009e154 + +08001214 : +// + void +oled_factory_busy(void) +{ + // not implemented: would need to talk to GPU for this +} + 8001214: 4770 bx lr + ... + +08001218 : + * @param GPIO_Init: pointer to a GPIO_InitTypeDef structure that contains + * the configuration information for the specified GPIO peripheral. + * @retval None + */ +void HAL_GPIO_Init(GPIO_TypeDef *GPIOx, GPIO_InitTypeDef *GPIO_Init) +{ + 8001218: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + /*--------------------- EXTI Mode Configuration ------------------------*/ + /* Configure the External Interrupt or event for the current IO */ + if((GPIO_Init->Mode & EXTI_MODE) == EXTI_MODE) + { + /* Enable SYSCFG Clock */ + __HAL_RCC_SYSCFG_CLK_ENABLE(); + 800121c: f8df 81b4 ldr.w r8, [pc, #436] ; 80013d4 + temp &= ~(((uint32_t)0x0F) << (4 * (position & 0x03))); + temp |= (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03))); + SYSCFG->EXTICR[position >> 2] = temp; + + /* Clear EXTI line configuration */ + temp = EXTI->IMR1; + 8001220: 4c6a ldr r4, [pc, #424] ; (80013cc ) + temp |= (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03))); + 8001222: f8df 91b4 ldr.w r9, [pc, #436] ; 80013d8 +{ + 8001226: b085 sub sp, #20 + uint32_t position = 0x00; + 8001228: 2300 movs r3, #0 + while (((GPIO_Init->Pin) >> position) != RESET) + 800122a: 680a ldr r2, [r1, #0] + 800122c: fa32 f503 lsrs.w r5, r2, r3 + 8001230: d102 bne.n 8001238 + } + } + + position++; + } +} + 8001232: b005 add sp, #20 + 8001234: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + iocurrent = (GPIO_Init->Pin) & (1U << position); + 8001238: 2701 movs r7, #1 + 800123a: 409f lsls r7, r3 + if(iocurrent) + 800123c: 403a ands r2, r7 + 800123e: f000 80b4 beq.w 80013aa + if((GPIO_Init->Mode == GPIO_MODE_AF_PP) || (GPIO_Init->Mode == GPIO_MODE_AF_OD)) + 8001242: 684d ldr r5, [r1, #4] + 8001244: f025 0a10 bic.w sl, r5, #16 + 8001248: f1ba 0f02 cmp.w sl, #2 + 800124c: d116 bne.n 800127c + temp = GPIOx->AFR[position >> 3]; + 800124e: ea4f 0ed3 mov.w lr, r3, lsr #3 + 8001252: eb00 0e8e add.w lr, r0, lr, lsl #2 + temp &= ~((uint32_t)0xF << ((uint32_t)(position & (uint32_t)0x07) * 4)) ; + 8001256: f003 0b07 and.w fp, r3, #7 + temp = GPIOx->AFR[position >> 3]; + 800125a: f8de 6020 ldr.w r6, [lr, #32] + temp &= ~((uint32_t)0xF << ((uint32_t)(position & (uint32_t)0x07) * 4)) ; + 800125e: ea4f 0b8b mov.w fp, fp, lsl #2 + 8001262: f04f 0c0f mov.w ip, #15 + 8001266: fa0c fc0b lsl.w ip, ip, fp + 800126a: ea26 0c0c bic.w ip, r6, ip + temp |= ((uint32_t)(GPIO_Init->Alternate) << (((uint32_t)position & (uint32_t)0x07) * 4)); + 800126e: 690e ldr r6, [r1, #16] + 8001270: fa06 f60b lsl.w r6, r6, fp + 8001274: ea46 060c orr.w r6, r6, ip + GPIOx->AFR[position >> 3] = temp; + 8001278: f8ce 6020 str.w r6, [lr, #32] + temp = GPIOx->MODER; + 800127c: f8d0 b000 ldr.w fp, [r0] + temp &= ~(GPIO_MODER_MODE0 << (position * 2)); + 8001280: ea4f 0e43 mov.w lr, r3, lsl #1 + 8001284: f04f 0c03 mov.w ip, #3 + 8001288: fa0c fc0e lsl.w ip, ip, lr + 800128c: ea6f 060c mvn.w r6, ip + 8001290: ea2b 0b0c bic.w fp, fp, ip + temp |= ((GPIO_Init->Mode & GPIO_MODE) << (position * 2)); + 8001294: f005 0c03 and.w ip, r5, #3 + 8001298: fa0c fc0e lsl.w ip, ip, lr + if((GPIO_Init->Mode == GPIO_MODE_OUTPUT_PP) || (GPIO_Init->Mode == GPIO_MODE_AF_PP) || + 800129c: f10a 3aff add.w sl, sl, #4294967295 ; 0xffffffff + temp |= ((GPIO_Init->Mode & GPIO_MODE) << (position * 2)); + 80012a0: ea4c 0c0b orr.w ip, ip, fp + if((GPIO_Init->Mode == GPIO_MODE_OUTPUT_PP) || (GPIO_Init->Mode == GPIO_MODE_AF_PP) || + 80012a4: f1ba 0f01 cmp.w sl, #1 + temp &= ~(GPIO_MODER_MODE0 << (position * 2)); + 80012a8: 9601 str r6, [sp, #4] + GPIOx->MODER = temp; + 80012aa: f8c0 c000 str.w ip, [r0] + if((GPIO_Init->Mode == GPIO_MODE_OUTPUT_PP) || (GPIO_Init->Mode == GPIO_MODE_AF_PP) || + 80012ae: d815 bhi.n 80012dc + temp = GPIOx->OSPEEDR; + 80012b0: f8d0 c008 ldr.w ip, [r0, #8] + temp &= ~(GPIO_OSPEEDR_OSPEED0 << (position * 2)); + 80012b4: ea06 0c0c and.w ip, r6, ip + temp |= (GPIO_Init->Speed << (position * 2)); + 80012b8: 68ce ldr r6, [r1, #12] + 80012ba: fa06 fa0e lsl.w sl, r6, lr + 80012be: ea4a 0c0c orr.w ip, sl, ip + GPIOx->OSPEEDR = temp; + 80012c2: f8c0 c008 str.w ip, [r0, #8] + temp = GPIOx->OTYPER; + 80012c6: f8d0 c004 ldr.w ip, [r0, #4] + temp &= ~(GPIO_OTYPER_OT0 << position) ; + 80012ca: ea2c 0707 bic.w r7, ip, r7 + temp |= (((GPIO_Init->Mode & GPIO_OUTPUT_TYPE) >> 4) << position); + 80012ce: f3c5 1c00 ubfx ip, r5, #4, #1 + 80012d2: fa0c fc03 lsl.w ip, ip, r3 + 80012d6: ea4c 0707 orr.w r7, ip, r7 + GPIOx->OTYPER = temp; + 80012da: 6047 str r7, [r0, #4] + temp = GPIOx->PUPDR; + 80012dc: 68c7 ldr r7, [r0, #12] + temp &= ~(GPIO_PUPDR_PUPD0 << (position * 2)); + 80012de: 9e01 ldr r6, [sp, #4] + 80012e0: 4037 ands r7, r6 + temp |= ((GPIO_Init->Pull) << (position * 2)); + 80012e2: 688e ldr r6, [r1, #8] + 80012e4: fa06 f60e lsl.w r6, r6, lr + 80012e8: 433e orrs r6, r7 + GPIOx->PUPDR = temp; + 80012ea: 60c6 str r6, [r0, #12] + if((GPIO_Init->Mode & EXTI_MODE) == EXTI_MODE) + 80012ec: 00ee lsls r6, r5, #3 + 80012ee: d55c bpl.n 80013aa + __HAL_RCC_SYSCFG_CLK_ENABLE(); + 80012f0: f8d8 6060 ldr.w r6, [r8, #96] ; 0x60 + 80012f4: f046 0601 orr.w r6, r6, #1 + 80012f8: f8c8 6060 str.w r6, [r8, #96] ; 0x60 + 80012fc: f8d8 6060 ldr.w r6, [r8, #96] ; 0x60 + 8001300: f023 0703 bic.w r7, r3, #3 + 8001304: f107 4780 add.w r7, r7, #1073741824 ; 0x40000000 + 8001308: f006 0601 and.w r6, r6, #1 + 800130c: f507 3780 add.w r7, r7, #65536 ; 0x10000 + 8001310: 9603 str r6, [sp, #12] + temp &= ~(((uint32_t)0x0F) << (4 * (position & 0x03))); + 8001312: f003 0c03 and.w ip, r3, #3 + __HAL_RCC_SYSCFG_CLK_ENABLE(); + 8001316: 9e03 ldr r6, [sp, #12] + temp = SYSCFG->EXTICR[position >> 2]; + 8001318: f8d7 a008 ldr.w sl, [r7, #8] + temp &= ~(((uint32_t)0x0F) << (4 * (position & 0x03))); + 800131c: f04f 0e0f mov.w lr, #15 + 8001320: ea4f 0c8c mov.w ip, ip, lsl #2 + 8001324: fa0e f60c lsl.w r6, lr, ip + temp |= (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03))); + 8001328: f1b0 4f90 cmp.w r0, #1207959552 ; 0x48000000 + temp &= ~(((uint32_t)0x0F) << (4 * (position & 0x03))); + 800132c: ea2a 0e06 bic.w lr, sl, r6 + temp |= (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03))); + 8001330: d03d beq.n 80013ae + 8001332: 4e27 ldr r6, [pc, #156] ; (80013d0 ) + 8001334: 42b0 cmp r0, r6 + 8001336: d03c beq.n 80013b2 + 8001338: f506 6680 add.w r6, r6, #1024 ; 0x400 + 800133c: 42b0 cmp r0, r6 + 800133e: d03a beq.n 80013b6 + 8001340: f506 6680 add.w r6, r6, #1024 ; 0x400 + 8001344: 42b0 cmp r0, r6 + 8001346: d038 beq.n 80013ba + 8001348: f506 6680 add.w r6, r6, #1024 ; 0x400 + 800134c: 42b0 cmp r0, r6 + 800134e: d036 beq.n 80013be + 8001350: f506 6680 add.w r6, r6, #1024 ; 0x400 + 8001354: 42b0 cmp r0, r6 + 8001356: d034 beq.n 80013c2 + 8001358: 4548 cmp r0, r9 + 800135a: d034 beq.n 80013c6 + 800135c: f506 6600 add.w r6, r6, #2048 ; 0x800 + 8001360: 42b0 cmp r0, r6 + 8001362: bf0c ite eq + 8001364: 2607 moveq r6, #7 + 8001366: 2608 movne r6, #8 + 8001368: fa06 f60c lsl.w r6, r6, ip + 800136c: ea46 060e orr.w r6, r6, lr + SYSCFG->EXTICR[position >> 2] = temp; + 8001370: 60be str r6, [r7, #8] + temp = EXTI->IMR1; + 8001372: 6826 ldr r6, [r4, #0] + temp &= ~((uint32_t)iocurrent); + 8001374: 43d7 mvns r7, r2 + if((GPIO_Init->Mode & GPIO_MODE_IT) == GPIO_MODE_IT) + 8001376: f415 3f80 tst.w r5, #65536 ; 0x10000 + temp &= ~((uint32_t)iocurrent); + 800137a: bf0c ite eq + 800137c: 403e andeq r6, r7 + temp |= iocurrent; + 800137e: 4316 orrne r6, r2 + EXTI->IMR1 = temp; + 8001380: 6026 str r6, [r4, #0] + temp = EXTI->EMR1; + 8001382: 6866 ldr r6, [r4, #4] + if((GPIO_Init->Mode & GPIO_MODE_EVT) == GPIO_MODE_EVT) + 8001384: f415 3f00 tst.w r5, #131072 ; 0x20000 + temp &= ~((uint32_t)iocurrent); + 8001388: bf0c ite eq + 800138a: 403e andeq r6, r7 + temp |= iocurrent; + 800138c: 4316 orrne r6, r2 + EXTI->EMR1 = temp; + 800138e: 6066 str r6, [r4, #4] + temp = EXTI->RTSR1; + 8001390: 68a6 ldr r6, [r4, #8] + if((GPIO_Init->Mode & RISING_EDGE) == RISING_EDGE) + 8001392: f415 1f80 tst.w r5, #1048576 ; 0x100000 + temp &= ~((uint32_t)iocurrent); + 8001396: bf0c ite eq + 8001398: 403e andeq r6, r7 + temp |= iocurrent; + 800139a: 4316 orrne r6, r2 + EXTI->RTSR1 = temp; + 800139c: 60a6 str r6, [r4, #8] + temp = EXTI->FTSR1; + 800139e: 68e6 ldr r6, [r4, #12] + if((GPIO_Init->Mode & FALLING_EDGE) == FALLING_EDGE) + 80013a0: 02ad lsls r5, r5, #10 + temp &= ~((uint32_t)iocurrent); + 80013a2: bf54 ite pl + 80013a4: 403e andpl r6, r7 + temp |= iocurrent; + 80013a6: 4316 orrmi r6, r2 + EXTI->FTSR1 = temp; + 80013a8: 60e6 str r6, [r4, #12] + position++; + 80013aa: 3301 adds r3, #1 + 80013ac: e73d b.n 800122a + temp |= (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03))); + 80013ae: 2600 movs r6, #0 + 80013b0: e7da b.n 8001368 + 80013b2: 2601 movs r6, #1 + 80013b4: e7d8 b.n 8001368 + 80013b6: 2602 movs r6, #2 + 80013b8: e7d6 b.n 8001368 + 80013ba: 2603 movs r6, #3 + 80013bc: e7d4 b.n 8001368 + 80013be: 2604 movs r6, #4 + 80013c0: e7d2 b.n 8001368 + 80013c2: 2605 movs r6, #5 + 80013c4: e7d0 b.n 8001368 + 80013c6: 2606 movs r6, #6 + 80013c8: e7ce b.n 8001368 + 80013ca: bf00 nop + 80013cc: 40010400 .word 0x40010400 + 80013d0: 48000400 .word 0x48000400 + 80013d4: 40021000 .word 0x40021000 + 80013d8: 48001800 .word 0x48001800 + +080013dc : + * @param GPIO_Pin: specifies the port bit to be written. + * This parameter can be one of GPIO_PIN_x where x can be (0..15). + * @retval None + */ +void HAL_GPIO_DeInit(GPIO_TypeDef *GPIOx, uint32_t GPIO_Pin) +{ + 80013dc: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + { + tmp = ((uint32_t)0x0F) << (4 * (position & 0x03)); + SYSCFG->EXTICR[position >> 2] &= ~tmp; + + /* Clear EXTI line configuration */ + EXTI->IMR1 &= ~((uint32_t)iocurrent); + 80013e0: 4c43 ldr r4, [pc, #268] ; (80014f0 ) + if(tmp == (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03)))) + 80013e2: f8df a114 ldr.w sl, [pc, #276] ; 80014f8 + 80013e6: f8df b114 ldr.w fp, [pc, #276] ; 80014fc + uint32_t position = 0x00; + 80013ea: 2200 movs r2, #0 + iocurrent = (GPIO_Pin) & (1U << position); + 80013ec: f04f 0901 mov.w r9, #1 + while ((GPIO_Pin >> position) != RESET) + 80013f0: fa31 f302 lsrs.w r3, r1, r2 + 80013f4: d101 bne.n 80013fa + } + } + + position++; + } +} + 80013f6: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + iocurrent = (GPIO_Pin) & (1U << position); + 80013fa: fa09 f802 lsl.w r8, r9, r2 + if (iocurrent) + 80013fe: ea18 0c01 ands.w ip, r8, r1 + 8001402: d064 beq.n 80014ce + GPIOx->MODER |= (GPIO_MODER_MODE0 << (position * 2)); + 8001404: 6805 ldr r5, [r0, #0] + 8001406: 2303 movs r3, #3 + 8001408: 0056 lsls r6, r2, #1 + 800140a: fa03 f606 lsl.w r6, r3, r6 + GPIOx->AFR[position >> 3] &= ~((uint32_t)0xF << ((uint32_t)(position & (uint32_t)0x07) * 4)) ; + 800140e: fa22 fe03 lsr.w lr, r2, r3 + GPIOx->MODER |= (GPIO_MODER_MODE0 << (position * 2)); + 8001412: 4335 orrs r5, r6 + 8001414: eb00 0e8e add.w lr, r0, lr, lsl #2 + 8001418: 6005 str r5, [r0, #0] + GPIOx->AFR[position >> 3] &= ~((uint32_t)0xF << ((uint32_t)(position & (uint32_t)0x07) * 4)) ; + 800141a: f8de 5020 ldr.w r5, [lr, #32] + 800141e: f002 0707 and.w r7, r2, #7 + 8001422: 462b mov r3, r5 + 8001424: 00bf lsls r7, r7, #2 + 8001426: 250f movs r5, #15 + 8001428: fa05 f707 lsl.w r7, r5, r7 + 800142c: ea23 0707 bic.w r7, r3, r7 + 8001430: f8ce 7020 str.w r7, [lr, #32] + GPIOx->OSPEEDR &= ~(GPIO_OSPEEDR_OSPEED0 << (position * 2)); + 8001434: 6887 ldr r7, [r0, #8] + 8001436: ea27 0706 bic.w r7, r7, r6 + 800143a: 6087 str r7, [r0, #8] + GPIOx->OTYPER &= ~(GPIO_OTYPER_OT0 << position) ; + 800143c: 6847 ldr r7, [r0, #4] + 800143e: ea27 0708 bic.w r7, r7, r8 + 8001442: 6047 str r7, [r0, #4] + GPIOx->PUPDR &= ~(GPIO_PUPDR_PUPD0 << (position * 2)); + 8001444: 68c7 ldr r7, [r0, #12] + 8001446: ea27 0606 bic.w r6, r7, r6 + 800144a: 60c6 str r6, [r0, #12] + tmp = SYSCFG->EXTICR[position >> 2]; + 800144c: f022 0603 bic.w r6, r2, #3 + 8001450: f106 4680 add.w r6, r6, #1073741824 ; 0x40000000 + 8001454: f506 3680 add.w r6, r6, #65536 ; 0x10000 + tmp &= (((uint32_t)0x0F) << (4 * (position & 0x03))); + 8001458: f002 0703 and.w r7, r2, #3 + tmp = SYSCFG->EXTICR[position >> 2]; + 800145c: f8d6 e008 ldr.w lr, [r6, #8] + tmp &= (((uint32_t)0x0F) << (4 * (position & 0x03))); + 8001460: 00bf lsls r7, r7, #2 + 8001462: 40bd lsls r5, r7 + if(tmp == (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03)))) + 8001464: f1b0 4f90 cmp.w r0, #1207959552 ; 0x48000000 + tmp &= (((uint32_t)0x0F) << (4 * (position & 0x03))); + 8001468: ea05 0e0e and.w lr, r5, lr + if(tmp == (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03)))) + 800146c: d031 beq.n 80014d2 + 800146e: 4b21 ldr r3, [pc, #132] ; (80014f4 ) + 8001470: 4298 cmp r0, r3 + 8001472: d030 beq.n 80014d6 + 8001474: f503 6380 add.w r3, r3, #1024 ; 0x400 + 8001478: 4298 cmp r0, r3 + 800147a: d02e beq.n 80014da + 800147c: f503 6380 add.w r3, r3, #1024 ; 0x400 + 8001480: 4298 cmp r0, r3 + 8001482: d02c beq.n 80014de + 8001484: f503 6380 add.w r3, r3, #1024 ; 0x400 + 8001488: 4298 cmp r0, r3 + 800148a: d02a beq.n 80014e2 + 800148c: f503 6380 add.w r3, r3, #1024 ; 0x400 + 8001490: 4298 cmp r0, r3 + 8001492: d028 beq.n 80014e6 + 8001494: 4550 cmp r0, sl + 8001496: d028 beq.n 80014ea + 8001498: 4558 cmp r0, fp + 800149a: bf0c ite eq + 800149c: 2307 moveq r3, #7 + 800149e: 2308 movne r3, #8 + 80014a0: 40bb lsls r3, r7 + 80014a2: 4573 cmp r3, lr + 80014a4: d113 bne.n 80014ce + SYSCFG->EXTICR[position >> 2] &= ~tmp; + 80014a6: 68b3 ldr r3, [r6, #8] + 80014a8: ea23 0505 bic.w r5, r3, r5 + 80014ac: 60b5 str r5, [r6, #8] + EXTI->IMR1 &= ~((uint32_t)iocurrent); + 80014ae: 6823 ldr r3, [r4, #0] + 80014b0: ea23 030c bic.w r3, r3, ip + 80014b4: 6023 str r3, [r4, #0] + EXTI->EMR1 &= ~((uint32_t)iocurrent); + 80014b6: 6863 ldr r3, [r4, #4] + 80014b8: ea23 030c bic.w r3, r3, ip + 80014bc: 6063 str r3, [r4, #4] + EXTI->RTSR1 &= ~((uint32_t)iocurrent); + 80014be: 68a3 ldr r3, [r4, #8] + 80014c0: ea23 030c bic.w r3, r3, ip + 80014c4: 60a3 str r3, [r4, #8] + EXTI->FTSR1 &= ~((uint32_t)iocurrent); + 80014c6: 68e3 ldr r3, [r4, #12] + 80014c8: ea23 030c bic.w r3, r3, ip + 80014cc: 60e3 str r3, [r4, #12] + position++; + 80014ce: 3201 adds r2, #1 + 80014d0: e78e b.n 80013f0 + if(tmp == (GPIO_GET_INDEX(GPIOx) << (4 * (position & 0x03)))) + 80014d2: 2300 movs r3, #0 + 80014d4: e7e4 b.n 80014a0 + 80014d6: 2301 movs r3, #1 + 80014d8: e7e2 b.n 80014a0 + 80014da: 2302 movs r3, #2 + 80014dc: e7e0 b.n 80014a0 + 80014de: 2303 movs r3, #3 + 80014e0: e7de b.n 80014a0 + 80014e2: 2304 movs r3, #4 + 80014e4: e7dc b.n 80014a0 + 80014e6: 2305 movs r3, #5 + 80014e8: e7da b.n 80014a0 + 80014ea: 2306 movs r3, #6 + 80014ec: e7d8 b.n 80014a0 + 80014ee: bf00 nop + 80014f0: 40010400 .word 0x40010400 + 80014f4: 48000400 .word 0x48000400 + 80014f8: 48001800 .word 0x48001800 + 80014fc: 48001c00 .word 0x48001c00 + +08001500 : + GPIO_PinState bitstatus; + + /* Check the parameters */ + assert_param(IS_GPIO_PIN(GPIO_Pin)); + + if((GPIOx->IDR & GPIO_Pin) != (uint32_t)GPIO_PIN_RESET) + 8001500: 6903 ldr r3, [r0, #16] + 8001502: 4219 tst r1, r3 + else + { + bitstatus = GPIO_PIN_RESET; + } + return bitstatus; +} + 8001504: bf14 ite ne + 8001506: 2001 movne r0, #1 + 8001508: 2000 moveq r0, #0 + 800150a: 4770 bx lr + +0800150c : +{ + /* Check the parameters */ + assert_param(IS_GPIO_PIN(GPIO_Pin)); + assert_param(IS_GPIO_PIN_ACTION(PinState)); + + if(PinState != GPIO_PIN_RESET) + 800150c: b10a cbz r2, 8001512 + { + GPIOx->BSRR = (uint32_t)GPIO_Pin; + 800150e: 6181 str r1, [r0, #24] + 8001510: 4770 bx lr + } + else + { + GPIOx->BRR = (uint32_t)GPIO_Pin; + 8001512: 6281 str r1, [r0, #40] ; 0x28 + } +} + 8001514: 4770 bx lr + +08001516 : +void HAL_GPIO_TogglePin(GPIO_TypeDef* GPIOx, uint16_t GPIO_Pin) +{ + /* Check the parameters */ + assert_param(IS_GPIO_PIN(GPIO_Pin)); + + GPIOx->ODR ^= GPIO_Pin; + 8001516: 6943 ldr r3, [r0, #20] + 8001518: 4059 eors r1, r3 + 800151a: 6141 str r1, [r0, #20] +} + 800151c: 4770 bx lr + +0800151e : + * @param GPIO_Pin: specifies the port bits to be locked. + * This parameter can be any combination of GPIO_Pin_x where x can be (0..15). + * @retval None + */ +HAL_StatusTypeDef HAL_GPIO_LockPin(GPIO_TypeDef* GPIOx, uint16_t GPIO_Pin) +{ + 800151e: b082 sub sp, #8 + __IO uint32_t tmp = GPIO_LCKR_LCKK; + 8001520: f44f 3380 mov.w r3, #65536 ; 0x10000 + 8001524: 9301 str r3, [sp, #4] + /* Check the parameters */ + assert_param(IS_GPIO_LOCK_INSTANCE(GPIOx)); + assert_param(IS_GPIO_PIN(GPIO_Pin)); + + /* Apply lock key write sequence */ + tmp |= GPIO_Pin; + 8001526: 9b01 ldr r3, [sp, #4] + 8001528: 430b orrs r3, r1 + 800152a: 9301 str r3, [sp, #4] + /* Set LCKx bit(s): LCKK='1' + LCK[15-0] */ + GPIOx->LCKR = tmp; + 800152c: 9b01 ldr r3, [sp, #4] + 800152e: 61c3 str r3, [r0, #28] + /* Reset LCKx bit(s): LCKK='0' + LCK[15-0] */ + GPIOx->LCKR = GPIO_Pin; + 8001530: 61c1 str r1, [r0, #28] + /* Set LCKx bit(s): LCKK='1' + LCK[15-0] */ + GPIOx->LCKR = tmp; + 8001532: 9b01 ldr r3, [sp, #4] + 8001534: 61c3 str r3, [r0, #28] + /* Read LCKK bit*/ + tmp = GPIOx->LCKR; + 8001536: 69c3 ldr r3, [r0, #28] + 8001538: 9301 str r3, [sp, #4] + + if((GPIOx->LCKR & GPIO_LCKR_LCKK) != RESET) + 800153a: 69c0 ldr r0, [r0, #28] + 800153c: f480 3080 eor.w r0, r0, #65536 ; 0x10000 + } + else + { + return HAL_ERROR; + } +} + 8001540: f3c0 4000 ubfx r0, r0, #16, #1 + 8001544: b002 add sp, #8 + 8001546: 4770 bx lr + +08001548 : + UNUSED(GPIO_Pin); + + /* NOTE: This function should not be modified, when the callback is needed, + the HAL_GPIO_EXTI_Callback could be implemented in the user file + */ +} + 8001548: 4770 bx lr + ... + +0800154c : + if(__HAL_GPIO_EXTI_GET_IT(GPIO_Pin) != RESET) + 800154c: 4a04 ldr r2, [pc, #16] ; (8001560 ) + 800154e: 6951 ldr r1, [r2, #20] + 8001550: 4201 tst r1, r0 +{ + 8001552: b508 push {r3, lr} + if(__HAL_GPIO_EXTI_GET_IT(GPIO_Pin) != RESET) + 8001554: d002 beq.n 800155c + __HAL_GPIO_EXTI_CLEAR_IT(GPIO_Pin); + 8001556: 6150 str r0, [r2, #20] + HAL_GPIO_EXTI_Callback(GPIO_Pin); + 8001558: f7ff fff6 bl 8001548 +} + 800155c: bd08 pop {r3, pc} + 800155e: bf00 nop + 8001560: 40010400 .word 0x40010400 + +08001564 : +static HAL_StatusTypeDef SPI_WaitFifoStateUntilTimeout(SPI_HandleTypeDef *hspi, uint32_t Fifo, uint32_t State, + uint32_t Timeout, uint32_t Tickstart) +{ + __IO uint8_t tmpreg; + + while ((hspi->Instance->SR & Fifo) != State) + 8001564: 6803 ldr r3, [r0, #0] +static HAL_StatusTypeDef SPI_EndRxTxTransaction(SPI_HandleTypeDef *hspi, uint32_t Timeout, uint32_t Tickstart) + 8001566: b082 sub sp, #8 + while ((hspi->Instance->SR & Fifo) != State) + 8001568: 689a ldr r2, [r3, #8] + 800156a: f412 5fc0 tst.w r2, #6144 ; 0x1800 + 800156e: d1fb bne.n 8001568 + * @retval HAL status + */ +static HAL_StatusTypeDef SPI_WaitFlagStateUntilTimeout(SPI_HandleTypeDef *hspi, uint32_t Flag, uint32_t State, + uint32_t Timeout, uint32_t Tickstart) +{ + while ((__HAL_SPI_GET_FLAG(hspi, Flag) ? SET : RESET) != State) + 8001570: 689a ldr r2, [r3, #8] + 8001572: 0612 lsls r2, r2, #24 + 8001574: d4fc bmi.n 8001570 + while ((hspi->Instance->SR & Fifo) != State) + 8001576: 6898 ldr r0, [r3, #8] + 8001578: f410 60c0 ands.w r0, r0, #1536 ; 0x600 + 800157c: d101 bne.n 8001582 +} + 800157e: b002 add sp, #8 + 8001580: 4770 bx lr + tmpreg = *((__IO uint8_t *)&hspi->Instance->DR); + 8001582: 7b1a ldrb r2, [r3, #12] + 8001584: b2d2 uxtb r2, r2 + 8001586: f88d 2007 strb.w r2, [sp, #7] + UNUSED(tmpreg); + 800158a: f89d 2007 ldrb.w r2, [sp, #7] + 800158e: e7f2 b.n 8001576 + +08001590 : +{ + 8001590: b5f0 push {r4, r5, r6, r7, lr} + if (hspi == NULL) + 8001592: 2800 cmp r0, #0 + 8001594: d054 beq.n 8001640 + if (hspi->State == HAL_SPI_STATE_RESET) + 8001596: f890 305d ldrb.w r3, [r0, #93] ; 0x5d + if (hspi->Init.TIMode == SPI_TIMODE_DISABLE) + 800159a: f8d0 c024 ldr.w ip, [r0, #36] ; 0x24 + if (hspi->State == HAL_SPI_STATE_RESET) + 800159e: f003 02ff and.w r2, r3, #255 ; 0xff + 80015a2: b90b cbnz r3, 80015a8 + hspi->Lock = HAL_UNLOCKED; + 80015a4: f880 205c strb.w r2, [r0, #92] ; 0x5c + __HAL_SPI_DISABLE(hspi); + 80015a8: 6801 ldr r1, [r0, #0] + if (hspi->Init.DataSize > SPI_DATASIZE_8BIT) + 80015aa: 68c2 ldr r2, [r0, #12] + hspi->State = HAL_SPI_STATE_BUSY; + 80015ac: 2302 movs r3, #2 + 80015ae: f880 305d strb.w r3, [r0, #93] ; 0x5d + __HAL_SPI_DISABLE(hspi); + 80015b2: 680b ldr r3, [r1, #0] + if (hspi->Init.DataSize > SPI_DATASIZE_8BIT) + 80015b4: f5b2 6fe0 cmp.w r2, #1792 ; 0x700 + __HAL_SPI_DISABLE(hspi); + 80015b8: f023 0340 bic.w r3, r3, #64 ; 0x40 + 80015bc: 600b str r3, [r1, #0] + if (hspi->Init.DataSize > SPI_DATASIZE_8BIT) + 80015be: f04f 0300 mov.w r3, #0 + 80015c2: d83f bhi.n 8001644 + frxth = SPI_RXFIFO_THRESHOLD_QF; + 80015c4: f44f 5580 mov.w r5, #4096 ; 0x1000 + if ((hspi->Init.DataSize != SPI_DATASIZE_16BIT) && (hspi->Init.DataSize != SPI_DATASIZE_8BIT)) + 80015c8: d000 beq.n 80015cc + hspi->Init.CRCCalculation = SPI_CRCCALCULATION_DISABLE; + 80015ca: 6283 str r3, [r0, #40] ; 0x28 + if (hspi->Init.CRCLength == SPI_CRC_LENGTH_DATASIZE) + 80015cc: 6b03 ldr r3, [r0, #48] ; 0x30 + 80015ce: b92b cbnz r3, 80015dc + if (hspi->Init.DataSize > SPI_DATASIZE_8BIT) + 80015d0: f5b2 6fe0 cmp.w r2, #1792 ; 0x700 + hspi->Init.CRCLength = SPI_CRC_LENGTH_16BIT; + 80015d4: bf8c ite hi + 80015d6: 2302 movhi r3, #2 + hspi->Init.CRCLength = SPI_CRC_LENGTH_8BIT; + 80015d8: 2301 movls r3, #1 + 80015da: 6303 str r3, [r0, #48] ; 0x30 + WRITE_REG(hspi->Instance->CR1, (hspi->Init.Mode | hspi->Init.Direction | + 80015dc: e9d0 3701 ldrd r3, r7, [r0, #4] + 80015e0: 433b orrs r3, r7 + 80015e2: 6907 ldr r7, [r0, #16] + 80015e4: 6984 ldr r4, [r0, #24] + 80015e6: 6a86 ldr r6, [r0, #40] ; 0x28 + 80015e8: 433b orrs r3, r7 + 80015ea: 6947 ldr r7, [r0, #20] + 80015ec: 433b orrs r3, r7 + 80015ee: 69c7 ldr r7, [r0, #28] + 80015f0: 433b orrs r3, r7 + 80015f2: 6a07 ldr r7, [r0, #32] + 80015f4: 433b orrs r3, r7 + 80015f6: 4333 orrs r3, r6 + 80015f8: f404 7700 and.w r7, r4, #512 ; 0x200 + 80015fc: 433b orrs r3, r7 + 80015fe: 600b str r3, [r1, #0] + if (hspi->Init.CRCLength == SPI_CRC_LENGTH_16BIT) + 8001600: 6b03 ldr r3, [r0, #48] ; 0x30 + 8001602: 2b02 cmp r3, #2 + hspi->Instance->CR1 |= SPI_CR1_CRCL; + 8001604: bf02 ittt eq + 8001606: 680b ldreq r3, [r1, #0] + 8001608: f443 6300 orreq.w r3, r3, #2048 ; 0x800 + 800160c: 600b streq r3, [r1, #0] + WRITE_REG(hspi->Instance->CR2, (((hspi->Init.NSS >> 16U) & SPI_CR2_SSOE) | hspi->Init.TIMode | + 800160e: 6b43 ldr r3, [r0, #52] ; 0x34 + 8001610: ea4c 0202 orr.w r2, ip, r2 + 8001614: 0c24 lsrs r4, r4, #16 + 8001616: 431a orrs r2, r3 + 8001618: f004 0404 and.w r4, r4, #4 + 800161c: 4322 orrs r2, r4 + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 800161e: f5b6 5f00 cmp.w r6, #8192 ; 0x2000 + WRITE_REG(hspi->Instance->CRCPR, hspi->Init.CRCPolynomial); + 8001622: bf08 it eq + 8001624: 6ac3 ldreq r3, [r0, #44] ; 0x2c + WRITE_REG(hspi->Instance->CR2, (((hspi->Init.NSS >> 16U) & SPI_CR2_SSOE) | hspi->Init.TIMode | + 8001626: ea45 0502 orr.w r5, r5, r2 + 800162a: 604d str r5, [r1, #4] + hspi->State = HAL_SPI_STATE_READY; + 800162c: f04f 0201 mov.w r2, #1 + WRITE_REG(hspi->Instance->CRCPR, hspi->Init.CRCPolynomial); + 8001630: bf08 it eq + 8001632: 610b streq r3, [r1, #16] + hspi->ErrorCode = HAL_SPI_ERROR_NONE; + 8001634: 2300 movs r3, #0 + 8001636: 6603 str r3, [r0, #96] ; 0x60 + hspi->State = HAL_SPI_STATE_READY; + 8001638: f880 205d strb.w r2, [r0, #93] ; 0x5d + return HAL_OK; + 800163c: 4618 mov r0, r3 +} + 800163e: bdf0 pop {r4, r5, r6, r7, pc} + return HAL_ERROR; + 8001640: 2001 movs r0, #1 + 8001642: e7fc b.n 800163e + frxth = SPI_RXFIFO_THRESHOLD_HF; + 8001644: 461d mov r5, r3 + if ((hspi->Init.DataSize != SPI_DATASIZE_16BIT) && (hspi->Init.DataSize != SPI_DATASIZE_8BIT)) + 8001646: f5b2 6f70 cmp.w r2, #3840 ; 0xf00 + 800164a: e7bd b.n 80015c8 + +0800164c : +{ + 800164c: e92d 41f3 stmdb sp!, {r0, r1, r4, r5, r6, r7, r8, lr} + 8001650: 461e mov r6, r3 + __HAL_LOCK(hspi); + 8001652: f890 305c ldrb.w r3, [r0, #92] ; 0x5c + 8001656: 2b01 cmp r3, #1 +{ + 8001658: 4604 mov r4, r0 + 800165a: 460d mov r5, r1 + 800165c: 4690 mov r8, r2 + __HAL_LOCK(hspi); + 800165e: f000 809c beq.w 800179a + 8001662: 2301 movs r3, #1 + 8001664: f880 305c strb.w r3, [r0, #92] ; 0x5c + tickstart = HAL_GetTick(); + 8001668: f005 febe bl 80073e8 + if (hspi->State != HAL_SPI_STATE_READY) + 800166c: f894 305d ldrb.w r3, [r4, #93] ; 0x5d + 8001670: 2b01 cmp r3, #1 + tickstart = HAL_GetTick(); + 8001672: 4607 mov r7, r0 + if (hspi->State != HAL_SPI_STATE_READY) + 8001674: b2d8 uxtb r0, r3 + 8001676: f040 808e bne.w 8001796 + if ((pData == NULL) || (Size == 0U)) + 800167a: 2d00 cmp r5, #0 + 800167c: d07a beq.n 8001774 + 800167e: f1b8 0f00 cmp.w r8, #0 + 8001682: d077 beq.n 8001774 + hspi->State = HAL_SPI_STATE_BUSY_TX; + 8001684: 2303 movs r3, #3 + 8001686: f884 305d strb.w r3, [r4, #93] ; 0x5d + if (hspi->Init.Direction == SPI_DIRECTION_1LINE) + 800168a: 68a3 ldr r3, [r4, #8] + SPI_1LINE_TX(hspi); + 800168c: 6822 ldr r2, [r4, #0] + hspi->pTxBuffPtr = (uint8_t *)pData; + 800168e: 63a5 str r5, [r4, #56] ; 0x38 + hspi->ErrorCode = HAL_SPI_ERROR_NONE; + 8001690: 2100 movs r1, #0 + if (hspi->Init.Direction == SPI_DIRECTION_1LINE) + 8001692: f5b3 4f00 cmp.w r3, #32768 ; 0x8000 + hspi->ErrorCode = HAL_SPI_ERROR_NONE; + 8001696: 6621 str r1, [r4, #96] ; 0x60 + hspi->TxXferCount = Size; + 8001698: f8a4 803e strh.w r8, [r4, #62] ; 0x3e + hspi->RxXferCount = 0U; + 800169c: f8a4 1046 strh.w r1, [r4, #70] ; 0x46 + SPI_1LINE_TX(hspi); + 80016a0: bf08 it eq + 80016a2: 6813 ldreq r3, [r2, #0] + hspi->TxXferSize = Size; + 80016a4: f8a4 803c strh.w r8, [r4, #60] ; 0x3c + SPI_1LINE_TX(hspi); + 80016a8: bf08 it eq + 80016aa: f443 4380 orreq.w r3, r3, #16384 ; 0x4000 + hspi->RxISR = NULL; + 80016ae: e9c4 1113 strd r1, r1, [r4, #76] ; 0x4c + hspi->pRxBuffPtr = (uint8_t *)NULL; + 80016b2: 6421 str r1, [r4, #64] ; 0x40 + hspi->RxXferSize = 0U; + 80016b4: f8a4 1044 strh.w r1, [r4, #68] ; 0x44 + SPI_1LINE_TX(hspi); + 80016b8: bf08 it eq + 80016ba: 6013 streq r3, [r2, #0] + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 80016bc: 6aa3 ldr r3, [r4, #40] ; 0x28 + 80016be: f5b3 5f00 cmp.w r3, #8192 ; 0x2000 + 80016c2: d107 bne.n 80016d4 + SPI_RESET_CRC(hspi); + 80016c4: 6813 ldr r3, [r2, #0] + 80016c6: f423 5300 bic.w r3, r3, #8192 ; 0x2000 + 80016ca: 6013 str r3, [r2, #0] + 80016cc: 6813 ldr r3, [r2, #0] + 80016ce: f443 5300 orr.w r3, r3, #8192 ; 0x2000 + 80016d2: 6013 str r3, [r2, #0] + if ((hspi->Instance->CR1 & SPI_CR1_SPE) != SPI_CR1_SPE) + 80016d4: 6813 ldr r3, [r2, #0] + 80016d6: 0659 lsls r1, r3, #25 + __HAL_SPI_ENABLE(hspi); + 80016d8: bf5e ittt pl + 80016da: 6813 ldrpl r3, [r2, #0] + 80016dc: f043 0340 orrpl.w r3, r3, #64 ; 0x40 + 80016e0: 6013 strpl r3, [r2, #0] + if ((hspi->Init.Mode == SPI_MODE_SLAVE) || (hspi->TxXferCount == 0x01U)) + 80016e2: 6863 ldr r3, [r4, #4] + 80016e4: b11b cbz r3, 80016ee + 80016e6: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 80016e8: b29b uxth r3, r3 + 80016ea: 2b01 cmp r3, #1 + 80016ec: d110 bne.n 8001710 + if (hspi->TxXferCount > 1U) + 80016ee: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 80016f0: b29b uxth r3, r3 + 80016f2: 2b01 cmp r3, #1 + 80016f4: d905 bls.n 8001702 + hspi->Instance->DR = *((uint16_t *)pData); + 80016f6: f835 3b02 ldrh.w r3, [r5], #2 + 80016fa: 60d3 str r3, [r2, #12] + hspi->TxXferCount -= 2U; + 80016fc: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 80016fe: 3b02 subs r3, #2 + 8001700: e004 b.n 800170c + *((__IO uint8_t *)&hspi->Instance->DR) = (*pData++); + 8001702: f815 3b01 ldrb.w r3, [r5], #1 + 8001706: 7313 strb r3, [r2, #12] + hspi->TxXferCount--; + 8001708: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 800170a: 3b01 subs r3, #1 + 800170c: b29b uxth r3, r3 + 800170e: 87e3 strh r3, [r4, #62] ; 0x3e + while (hspi->TxXferCount > 0U) + 8001710: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 8001712: b29b uxth r3, r3 + 8001714: b9e3 cbnz r3, 8001750 + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 8001716: 6aa3 ldr r3, [r4, #40] ; 0x28 + 8001718: f5b3 5f00 cmp.w r3, #8192 ; 0x2000 + SET_BIT(hspi->Instance->CR1, SPI_CR1_CRCNEXT); + 800171c: bf01 itttt eq + 800171e: 6822 ldreq r2, [r4, #0] + 8001720: 6813 ldreq r3, [r2, #0] + 8001722: f443 5380 orreq.w r3, r3, #4096 ; 0x1000 + 8001726: 6013 streq r3, [r2, #0] + if (SPI_EndRxTxTransaction(hspi, Timeout, tickstart) != HAL_OK) + 8001728: 4620 mov r0, r4 + 800172a: f7ff ff1b bl 8001564 + 800172e: b108 cbz r0, 8001734 + hspi->ErrorCode = HAL_SPI_ERROR_FLAG; + 8001730: 2320 movs r3, #32 + 8001732: 6623 str r3, [r4, #96] ; 0x60 + if (hspi->Init.Direction == SPI_DIRECTION_2LINES) + 8001734: 68a3 ldr r3, [r4, #8] + 8001736: b933 cbnz r3, 8001746 + __HAL_SPI_CLEAR_OVRFLAG(hspi); + 8001738: 9301 str r3, [sp, #4] + 800173a: 6823 ldr r3, [r4, #0] + 800173c: 68da ldr r2, [r3, #12] + 800173e: 9201 str r2, [sp, #4] + 8001740: 689b ldr r3, [r3, #8] + 8001742: 9301 str r3, [sp, #4] + 8001744: 9b01 ldr r3, [sp, #4] + if (hspi->ErrorCode != HAL_SPI_ERROR_NONE) + 8001746: 6e20 ldr r0, [r4, #96] ; 0x60 + errorcode = HAL_BUSY; + 8001748: 3800 subs r0, #0 + 800174a: bf18 it ne + 800174c: 2001 movne r0, #1 +error: + 800174e: e011 b.n 8001774 + if (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_TXE)) + 8001750: 6823 ldr r3, [r4, #0] + 8001752: 689a ldr r2, [r3, #8] + 8001754: 0792 lsls r2, r2, #30 + 8001756: d50b bpl.n 8001770 + if (hspi->TxXferCount > 1U) + 8001758: 8fe2 ldrh r2, [r4, #62] ; 0x3e + 800175a: b292 uxth r2, r2 + 800175c: 2a01 cmp r2, #1 + 800175e: d903 bls.n 8001768 + hspi->Instance->DR = *((uint16_t *)pData); + 8001760: f835 2b02 ldrh.w r2, [r5], #2 + 8001764: 60da str r2, [r3, #12] + 8001766: e7c9 b.n 80016fc + *((__IO uint8_t *)&hspi->Instance->DR) = (*pData++); + 8001768: f815 2b01 ldrb.w r2, [r5], #1 + 800176c: 731a strb r2, [r3, #12] + hspi->TxXferCount--; + 800176e: e7cb b.n 8001708 + if ((Timeout == 0U) || ((Timeout != HAL_MAX_DELAY) && ((HAL_GetTick() - tickstart) >= Timeout))) + 8001770: b94e cbnz r6, 8001786 + errorcode = HAL_TIMEOUT; + 8001772: 2003 movs r0, #3 + hspi->State = HAL_SPI_STATE_READY; + 8001774: 2301 movs r3, #1 + 8001776: f884 305d strb.w r3, [r4, #93] ; 0x5d + __HAL_UNLOCK(hspi); + 800177a: 2300 movs r3, #0 + 800177c: f884 305c strb.w r3, [r4, #92] ; 0x5c +} + 8001780: b002 add sp, #8 + 8001782: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + if ((Timeout == 0U) || ((Timeout != HAL_MAX_DELAY) && ((HAL_GetTick() - tickstart) >= Timeout))) + 8001786: 1c73 adds r3, r6, #1 + 8001788: d0c2 beq.n 8001710 + 800178a: f005 fe2d bl 80073e8 + 800178e: 1bc0 subs r0, r0, r7 + 8001790: 42b0 cmp r0, r6 + 8001792: d3bd bcc.n 8001710 + 8001794: e7ed b.n 8001772 + errorcode = HAL_BUSY; + 8001796: 2002 movs r0, #2 + 8001798: e7ec b.n 8001774 + __HAL_LOCK(hspi); + 800179a: 2002 movs r0, #2 + 800179c: e7f0 b.n 8001780 + +0800179e : + * @param Timeout: Timeout duration + * @retval HAL status + */ +HAL_StatusTypeDef HAL_SPI_TransmitReceive(SPI_HandleTypeDef *hspi, uint8_t *pTxData, uint8_t *pRxData, uint16_t Size, + uint32_t Timeout) +{ + 800179e: e92d 43f7 stmdb sp!, {r0, r1, r2, r4, r5, r6, r7, r8, r9, lr} + 80017a2: 461e mov r6, r3 + uint32_t tmp = 0U, tmp1 = 0U; +#if (USE_SPI_CRC != 0U) + __IO uint16_t tmpreg = 0U; + 80017a4: 2300 movs r3, #0 + 80017a6: f8ad 3006 strh.w r3, [sp, #6] + + /* Check Direction parameter */ + assert_param(IS_SPI_DIRECTION_2LINES(hspi->Init.Direction)); + + /* Process Locked */ + __HAL_LOCK(hspi); + 80017aa: f890 305c ldrb.w r3, [r0, #92] ; 0x5c +{ + 80017ae: f8dd 8028 ldr.w r8, [sp, #40] ; 0x28 + __HAL_LOCK(hspi); + 80017b2: 2b01 cmp r3, #1 +{ + 80017b4: 4604 mov r4, r0 + 80017b6: 460d mov r5, r1 + 80017b8: 4617 mov r7, r2 + __HAL_LOCK(hspi); + 80017ba: f000 8124 beq.w 8001a06 + 80017be: 2301 movs r3, #1 + 80017c0: f880 305c strb.w r3, [r0, #92] ; 0x5c + + /* Init tickstart for timeout management*/ + tickstart = HAL_GetTick(); + 80017c4: f005 fe10 bl 80073e8 + + tmp = hspi->State; + 80017c8: f894 305d ldrb.w r3, [r4, #93] ; 0x5d + tmp1 = hspi->Init.Mode; + 80017cc: 6861 ldr r1, [r4, #4] + + if (!((tmp == HAL_SPI_STATE_READY) || \ + 80017ce: 2b01 cmp r3, #1 + tickstart = HAL_GetTick(); + 80017d0: 4681 mov r9, r0 + tmp = hspi->State; + 80017d2: b2da uxtb r2, r3 + if (!((tmp == HAL_SPI_STATE_READY) || \ + 80017d4: d00a beq.n 80017ec + 80017d6: f5b1 7f82 cmp.w r1, #260 ; 0x104 + 80017da: f040 8112 bne.w 8001a02 + ((tmp1 == SPI_MODE_MASTER) && (hspi->Init.Direction == SPI_DIRECTION_2LINES) && (tmp == HAL_SPI_STATE_BUSY_RX)))) + 80017de: 68a3 ldr r3, [r4, #8] + 80017e0: 2b00 cmp r3, #0 + 80017e2: f040 810e bne.w 8001a02 + 80017e6: 2a04 cmp r2, #4 + 80017e8: f040 810b bne.w 8001a02 + { + errorcode = HAL_BUSY; + goto error; + } + + if ((pTxData == NULL) || (pRxData == NULL) || (Size == 0U)) + 80017ec: b955 cbnz r5, 8001804 + { + errorcode = HAL_ERROR; + 80017ee: 2101 movs r1, #1 + { + errorcode = HAL_ERROR; + } + +error : + hspi->State = HAL_SPI_STATE_READY; + 80017f0: 2301 movs r3, #1 + 80017f2: f884 305d strb.w r3, [r4, #93] ; 0x5d + __HAL_UNLOCK(hspi); + 80017f6: 2300 movs r3, #0 + 80017f8: f884 305c strb.w r3, [r4, #92] ; 0x5c + return errorcode; +} + 80017fc: 4608 mov r0, r1 + 80017fe: b003 add sp, #12 + 8001800: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + if ((pTxData == NULL) || (pRxData == NULL) || (Size == 0U)) + 8001804: 2f00 cmp r7, #0 + 8001806: d0f2 beq.n 80017ee + 8001808: 2e00 cmp r6, #0 + 800180a: d0f0 beq.n 80017ee + if (hspi->State != HAL_SPI_STATE_BUSY_RX) + 800180c: f894 305d ldrb.w r3, [r4, #93] ; 0x5d + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 8001810: 6aa2 ldr r2, [r4, #40] ; 0x28 + hspi->pRxBuffPtr = (uint8_t *)pRxData; + 8001812: 6427 str r7, [r4, #64] ; 0x40 + if (hspi->State != HAL_SPI_STATE_BUSY_RX) + 8001814: 2b04 cmp r3, #4 + hspi->State = HAL_SPI_STATE_BUSY_TX_RX; + 8001816: bf1c itt ne + 8001818: 2305 movne r3, #5 + 800181a: f884 305d strbne.w r3, [r4, #93] ; 0x5d + hspi->ErrorCode = HAL_SPI_ERROR_NONE; + 800181e: 2300 movs r3, #0 + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 8001820: f5b2 5f00 cmp.w r2, #8192 ; 0x2000 + hspi->ErrorCode = HAL_SPI_ERROR_NONE; + 8001824: 6623 str r3, [r4, #96] ; 0x60 + hspi->TxISR = NULL; + 8001826: e9c4 3313 strd r3, r3, [r4, #76] ; 0x4c + hspi->RxXferCount = Size; + 800182a: f8a4 6046 strh.w r6, [r4, #70] ; 0x46 + SPI_RESET_CRC(hspi); + 800182e: 6823 ldr r3, [r4, #0] + hspi->RxXferSize = Size; + 8001830: f8a4 6044 strh.w r6, [r4, #68] ; 0x44 + hspi->pTxBuffPtr = (uint8_t *)pTxData; + 8001834: 63a5 str r5, [r4, #56] ; 0x38 + hspi->TxXferCount = Size; + 8001836: 87e6 strh r6, [r4, #62] ; 0x3e + hspi->TxXferSize = Size; + 8001838: 87a6 strh r6, [r4, #60] ; 0x3c + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 800183a: d107 bne.n 800184c + SPI_RESET_CRC(hspi); + 800183c: 681a ldr r2, [r3, #0] + 800183e: f422 5200 bic.w r2, r2, #8192 ; 0x2000 + 8001842: 601a str r2, [r3, #0] + 8001844: 681a ldr r2, [r3, #0] + 8001846: f442 5200 orr.w r2, r2, #8192 ; 0x2000 + 800184a: 601a str r2, [r3, #0] + if ((hspi->Init.DataSize > SPI_DATASIZE_8BIT) || (hspi->RxXferCount > 1U)) + 800184c: 68e2 ldr r2, [r4, #12] + 800184e: f5b2 6fe0 cmp.w r2, #1792 ; 0x700 + 8001852: d804 bhi.n 800185e + 8001854: f8b4 2046 ldrh.w r2, [r4, #70] ; 0x46 + 8001858: b292 uxth r2, r2 + 800185a: 2a01 cmp r2, #1 + 800185c: d94e bls.n 80018fc + CLEAR_BIT(hspi->Instance->CR2, SPI_RXFIFO_THRESHOLD); + 800185e: 685a ldr r2, [r3, #4] + 8001860: f422 5280 bic.w r2, r2, #4096 ; 0x1000 + SET_BIT(hspi->Instance->CR2, SPI_RXFIFO_THRESHOLD); + 8001864: 605a str r2, [r3, #4] + if ((hspi->Instance->CR1 & SPI_CR1_SPE) != SPI_CR1_SPE) + 8001866: 681a ldr r2, [r3, #0] + 8001868: 0650 lsls r0, r2, #25 + __HAL_SPI_ENABLE(hspi); + 800186a: bf5e ittt pl + 800186c: 681a ldrpl r2, [r3, #0] + 800186e: f042 0240 orrpl.w r2, r2, #64 ; 0x40 + 8001872: 601a strpl r2, [r3, #0] + if ((hspi->Init.Mode == SPI_MODE_SLAVE) || (hspi->TxXferCount == 0x01U)) + 8001874: b119 cbz r1, 800187e + 8001876: 8fe2 ldrh r2, [r4, #62] ; 0x3e + 8001878: b292 uxth r2, r2 + 800187a: 2a01 cmp r2, #1 + 800187c: d10a bne.n 8001894 + if (hspi->TxXferCount > 1U) + 800187e: 8fe2 ldrh r2, [r4, #62] ; 0x3e + 8001880: b292 uxth r2, r2 + 8001882: 2a01 cmp r2, #1 + 8001884: d93e bls.n 8001904 + hspi->Instance->DR = *((uint16_t *)pTxData); + 8001886: f835 2b02 ldrh.w r2, [r5], #2 + 800188a: 60da str r2, [r3, #12] + hspi->TxXferCount -= 2U; + 800188c: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 800188e: 3b02 subs r3, #2 + 8001890: b29b uxth r3, r3 + 8001892: 87e3 strh r3, [r4, #62] ; 0x3e + txallowed = 1U; + 8001894: 2601 movs r6, #1 + while ((hspi->TxXferCount > 0U) || (hspi->RxXferCount > 0U)) + 8001896: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 8001898: b29b uxth r3, r3 + 800189a: 2b00 cmp r3, #0 + 800189c: d138 bne.n 8001910 + 800189e: f8b4 3046 ldrh.w r3, [r4, #70] ; 0x46 + 80018a2: b29b uxth r3, r3 + 80018a4: 2b00 cmp r3, #0 + 80018a6: d133 bne.n 8001910 + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 80018a8: 6aa2 ldr r2, [r4, #40] ; 0x28 + if (txallowed && (hspi->TxXferCount > 0U) && (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_TXE))) + 80018aa: 6823 ldr r3, [r4, #0] + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 80018ac: f5b2 5f00 cmp.w r2, #8192 ; 0x2000 + 80018b0: d10d bne.n 80018ce + while ((__HAL_SPI_GET_FLAG(hspi, Flag) ? SET : RESET) != State) + 80018b2: 689a ldr r2, [r3, #8] + 80018b4: 07d1 lsls r1, r2, #31 + 80018b6: d5fc bpl.n 80018b2 + if (hspi->Init.DataSize == SPI_DATASIZE_16BIT) + 80018b8: 68e2 ldr r2, [r4, #12] + 80018ba: f5b2 6f70 cmp.w r2, #3840 ; 0xf00 + 80018be: f040 8092 bne.w 80019e6 + tmpreg = hspi->Instance->DR; + 80018c2: 68da ldr r2, [r3, #12] + 80018c4: b292 uxth r2, r2 + tmpreg = *(__IO uint8_t *)&hspi->Instance->DR; + 80018c6: f8ad 2006 strh.w r2, [sp, #6] + UNUSED(tmpreg); + 80018ca: f8bd 2006 ldrh.w r2, [sp, #6] + if (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_CRCERR)) + 80018ce: 6899 ldr r1, [r3, #8] + 80018d0: f011 0110 ands.w r1, r1, #16 + 80018d4: d007 beq.n 80018e6 + SET_BIT(hspi->ErrorCode, HAL_SPI_ERROR_CRC); + 80018d6: 6e22 ldr r2, [r4, #96] ; 0x60 + 80018d8: f042 0202 orr.w r2, r2, #2 + 80018dc: 6622 str r2, [r4, #96] ; 0x60 + __HAL_SPI_CLEAR_CRCERRFLAG(hspi); + 80018de: f64f 72ef movw r2, #65519 ; 0xffef + 80018e2: 609a str r2, [r3, #8] + errorcode = HAL_ERROR; + 80018e4: 2101 movs r1, #1 + if (SPI_EndRxTxTransaction(hspi, Timeout, tickstart) != HAL_OK) + 80018e6: 4620 mov r0, r4 + 80018e8: f7ff fe3c bl 8001564 + 80018ec: b108 cbz r0, 80018f2 + hspi->ErrorCode = HAL_SPI_ERROR_FLAG; + 80018ee: 2320 movs r3, #32 + 80018f0: 6623 str r3, [r4, #96] ; 0x60 + if (hspi->ErrorCode != HAL_SPI_ERROR_NONE) + 80018f2: 6e23 ldr r3, [r4, #96] ; 0x60 + 80018f4: 2b00 cmp r3, #0 + 80018f6: f47f af7a bne.w 80017ee + 80018fa: e779 b.n 80017f0 + SET_BIT(hspi->Instance->CR2, SPI_RXFIFO_THRESHOLD); + 80018fc: 685a ldr r2, [r3, #4] + 80018fe: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 8001902: e7af b.n 8001864 + *(__IO uint8_t *)&hspi->Instance->DR = (*pTxData++); + 8001904: f815 2b01 ldrb.w r2, [r5], #1 + 8001908: 731a strb r2, [r3, #12] + hspi->TxXferCount--; + 800190a: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 800190c: 3b01 subs r3, #1 + 800190e: e7bf b.n 8001890 + if (txallowed && (hspi->TxXferCount > 0U) && (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_TXE))) + 8001910: 2e00 cmp r6, #0 + 8001912: d030 beq.n 8001976 + 8001914: 8fe3 ldrh r3, [r4, #62] ; 0x3e + 8001916: b29b uxth r3, r3 + 8001918: 2b00 cmp r3, #0 + 800191a: d02c beq.n 8001976 + 800191c: 6823 ldr r3, [r4, #0] + 800191e: 689a ldr r2, [r3, #8] + 8001920: 0792 lsls r2, r2, #30 + 8001922: d528 bpl.n 8001976 + if (hspi->TxXferCount > 1U) + 8001924: 8fe2 ldrh r2, [r4, #62] ; 0x3e + 8001926: b292 uxth r2, r2 + 8001928: 2a01 cmp r2, #1 + hspi->Instance->DR = *((uint16_t *)pTxData); + 800192a: bf8b itete hi + 800192c: f835 2b02 ldrhhi.w r2, [r5], #2 + *(__IO uint8_t *)&hspi->Instance->DR = (*pTxData++); + 8001930: f815 2b01 ldrbls.w r2, [r5], #1 + hspi->Instance->DR = *((uint16_t *)pTxData); + 8001934: 60da strhi r2, [r3, #12] + *(__IO uint8_t *)&hspi->Instance->DR = (*pTxData++); + 8001936: 731a strbls r2, [r3, #12] + hspi->TxXferCount -= 2U; + 8001938: bf8b itete hi + 800193a: 8fe3 ldrhhi r3, [r4, #62] ; 0x3e + hspi->TxXferCount--; + 800193c: 8fe3 ldrhls r3, [r4, #62] ; 0x3e + hspi->TxXferCount -= 2U; + 800193e: 3b02 subhi r3, #2 + hspi->TxXferCount--; + 8001940: f103 33ff addls.w r3, r3, #4294967295 ; 0xffffffff + 8001944: b29b uxth r3, r3 + 8001946: 87e3 strh r3, [r4, #62] ; 0x3e + if ((hspi->TxXferCount == 0U) && (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE)) + 8001948: 8fe6 ldrh r6, [r4, #62] ; 0x3e + 800194a: b2b6 uxth r6, r6 + 800194c: b996 cbnz r6, 8001974 + 800194e: 6aa3 ldr r3, [r4, #40] ; 0x28 + 8001950: f5b3 5f00 cmp.w r3, #8192 ; 0x2000 + 8001954: d10f bne.n 8001976 + if (((hspi->Instance->CR1 & SPI_CR1_MSTR) == 0U) && ((hspi->Instance->CR2 & SPI_CR2_NSSP) == SPI_CR2_NSSP)) + 8001956: 6823 ldr r3, [r4, #0] + 8001958: 681a ldr r2, [r3, #0] + 800195a: 0756 lsls r6, r2, #29 + 800195c: d406 bmi.n 800196c + 800195e: 685a ldr r2, [r3, #4] + 8001960: 0710 lsls r0, r2, #28 + SET_BIT(hspi->Instance->CR1, SPI_CR1_SSM); + 8001962: bf42 ittt mi + 8001964: 681a ldrmi r2, [r3, #0] + 8001966: f442 7200 orrmi.w r2, r2, #512 ; 0x200 + 800196a: 601a strmi r2, [r3, #0] + SET_BIT(hspi->Instance->CR1, SPI_CR1_CRCNEXT); + 800196c: 681a ldr r2, [r3, #0] + 800196e: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 8001972: 601a str r2, [r3, #0] + txallowed = 0U; + 8001974: 2600 movs r6, #0 + if ((hspi->RxXferCount > 0U) && (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_RXNE))) + 8001976: f8b4 3046 ldrh.w r3, [r4, #70] ; 0x46 + 800197a: b29b uxth r3, r3 + 800197c: b1e3 cbz r3, 80019b8 + 800197e: 6821 ldr r1, [r4, #0] + 8001980: 688b ldr r3, [r1, #8] + 8001982: f013 0301 ands.w r3, r3, #1 + 8001986: d017 beq.n 80019b8 + if (hspi->RxXferCount > 1U) + 8001988: f8b4 2046 ldrh.w r2, [r4, #70] ; 0x46 + 800198c: b292 uxth r2, r2 + 800198e: 2a01 cmp r2, #1 + 8001990: d91f bls.n 80019d2 + *((uint16_t *)pRxData) = hspi->Instance->DR; + 8001992: 68ca ldr r2, [r1, #12] + 8001994: f827 2b02 strh.w r2, [r7], #2 + hspi->RxXferCount -= 2U; + 8001998: f8b4 2046 ldrh.w r2, [r4, #70] ; 0x46 + 800199c: 3a02 subs r2, #2 + 800199e: b292 uxth r2, r2 + 80019a0: f8a4 2046 strh.w r2, [r4, #70] ; 0x46 + if (hspi->RxXferCount <= 1U) + 80019a4: f8b4 2046 ldrh.w r2, [r4, #70] ; 0x46 + 80019a8: b292 uxth r2, r2 + 80019aa: 2a01 cmp r2, #1 + 80019ac: d803 bhi.n 80019b6 + SET_BIT(hspi->Instance->CR2, SPI_RXFIFO_THRESHOLD); + 80019ae: 684a ldr r2, [r1, #4] + 80019b0: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 80019b4: 604a str r2, [r1, #4] + txallowed = 1U; + 80019b6: 461e mov r6, r3 + if ((Timeout != HAL_MAX_DELAY) && ((HAL_GetTick() - tickstart) >= Timeout)) + 80019b8: f1b8 3fff cmp.w r8, #4294967295 ; 0xffffffff + 80019bc: f43f af6b beq.w 8001896 + 80019c0: f005 fd12 bl 80073e8 + 80019c4: eba0 0009 sub.w r0, r0, r9 + 80019c8: 4540 cmp r0, r8 + 80019ca: f4ff af64 bcc.w 8001896 + errorcode = HAL_TIMEOUT; + 80019ce: 2103 movs r1, #3 + 80019d0: e70e b.n 80017f0 + (*(uint8_t *)pRxData++) = *(__IO uint8_t *)&hspi->Instance->DR; + 80019d2: 7b0a ldrb r2, [r1, #12] + 80019d4: f807 2b01 strb.w r2, [r7], #1 + hspi->RxXferCount--; + 80019d8: f8b4 1046 ldrh.w r1, [r4, #70] ; 0x46 + 80019dc: 3901 subs r1, #1 + 80019de: b289 uxth r1, r1 + 80019e0: f8a4 1046 strh.w r1, [r4, #70] ; 0x46 + 80019e4: e7e7 b.n 80019b6 + tmpreg = *(__IO uint8_t *)&hspi->Instance->DR; + 80019e6: 7b1a ldrb r2, [r3, #12] + 80019e8: f8ad 2006 strh.w r2, [sp, #6] + UNUSED(tmpreg); + 80019ec: f8bd 2006 ldrh.w r2, [sp, #6] + if (hspi->Init.CRCLength == SPI_CRC_LENGTH_16BIT) + 80019f0: 6b22 ldr r2, [r4, #48] ; 0x30 + 80019f2: 2a02 cmp r2, #2 + 80019f4: f47f af6b bne.w 80018ce + while ((__HAL_SPI_GET_FLAG(hspi, Flag) ? SET : RESET) != State) + 80019f8: 689a ldr r2, [r3, #8] + 80019fa: 07d2 lsls r2, r2, #31 + 80019fc: d5fc bpl.n 80019f8 + tmpreg = *(__IO uint8_t *)&hspi->Instance->DR; + 80019fe: 7b1a ldrb r2, [r3, #12] + 8001a00: e761 b.n 80018c6 + errorcode = HAL_BUSY; + 8001a02: 2102 movs r1, #2 + 8001a04: e6f4 b.n 80017f0 + __HAL_LOCK(hspi); + 8001a06: 2102 movs r1, #2 + 8001a08: e6f8 b.n 80017fc + +08001a0a : +{ + 8001a0a: e92d 41ff stmdb sp!, {r0, r1, r2, r3, r4, r5, r6, r7, r8, lr} + 8001a0e: 461f mov r7, r3 + __IO uint16_t tmpreg = 0U; + 8001a10: 2300 movs r3, #0 + 8001a12: f8ad 300e strh.w r3, [sp, #14] + if ((hspi->Init.Mode == SPI_MODE_MASTER) && (hspi->Init.Direction == SPI_DIRECTION_2LINES)) + 8001a16: 6843 ldr r3, [r0, #4] + 8001a18: f5b3 7f82 cmp.w r3, #260 ; 0x104 +{ + 8001a1c: 4604 mov r4, r0 + 8001a1e: 460e mov r6, r1 + 8001a20: 4615 mov r5, r2 + if ((hspi->Init.Mode == SPI_MODE_MASTER) && (hspi->Init.Direction == SPI_DIRECTION_2LINES)) + 8001a22: d10c bne.n 8001a3e + 8001a24: 6883 ldr r3, [r0, #8] + 8001a26: b953 cbnz r3, 8001a3e + hspi->State = HAL_SPI_STATE_BUSY_RX; + 8001a28: 2304 movs r3, #4 + 8001a2a: f880 305d strb.w r3, [r0, #93] ; 0x5d + return HAL_SPI_TransmitReceive(hspi, pData, pData, Size, Timeout); + 8001a2e: 4613 mov r3, r2 + 8001a30: 9700 str r7, [sp, #0] + 8001a32: 460a mov r2, r1 + 8001a34: f7ff feb3 bl 800179e +} + 8001a38: b004 add sp, #16 + 8001a3a: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + __HAL_LOCK(hspi); + 8001a3e: f894 305c ldrb.w r3, [r4, #92] ; 0x5c + 8001a42: 2b01 cmp r3, #1 + 8001a44: f000 80dd beq.w 8001c02 + 8001a48: 2301 movs r3, #1 + 8001a4a: f884 305c strb.w r3, [r4, #92] ; 0x5c + tickstart = HAL_GetTick(); + 8001a4e: f005 fccb bl 80073e8 + if (hspi->State != HAL_SPI_STATE_READY) + 8001a52: f894 305d ldrb.w r3, [r4, #93] ; 0x5d + 8001a56: 2b01 cmp r3, #1 + tickstart = HAL_GetTick(); + 8001a58: 4680 mov r8, r0 + if (hspi->State != HAL_SPI_STATE_READY) + 8001a5a: b2d8 uxtb r0, r3 + 8001a5c: f040 80cf bne.w 8001bfe + if ((pData == NULL) || (Size == 0U)) + 8001a60: 2e00 cmp r6, #0 + 8001a62: f000 8092 beq.w 8001b8a + 8001a66: 2d00 cmp r5, #0 + 8001a68: f000 808f beq.w 8001b8a + hspi->State = HAL_SPI_STATE_BUSY_RX; + 8001a6c: 2304 movs r3, #4 + 8001a6e: f884 305d strb.w r3, [r4, #93] ; 0x5d + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 8001a72: 6aa3 ldr r3, [r4, #40] ; 0x28 + hspi->RxXferSize = Size; + 8001a74: f8a4 5044 strh.w r5, [r4, #68] ; 0x44 + hspi->ErrorCode = HAL_SPI_ERROR_NONE; + 8001a78: 2100 movs r1, #0 + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 8001a7a: f5b3 5f00 cmp.w r3, #8192 ; 0x2000 + hspi->ErrorCode = HAL_SPI_ERROR_NONE; + 8001a7e: 6621 str r1, [r4, #96] ; 0x60 + hspi->TxISR = NULL; + 8001a80: e9c4 1113 strd r1, r1, [r4, #76] ; 0x4c + hspi->RxXferCount = Size; + 8001a84: f8a4 5046 strh.w r5, [r4, #70] ; 0x46 + hspi->pRxBuffPtr = (uint8_t *)pData; + 8001a88: 6426 str r6, [r4, #64] ; 0x40 + SPI_RESET_CRC(hspi); + 8001a8a: 6825 ldr r5, [r4, #0] + hspi->pTxBuffPtr = (uint8_t *)NULL; + 8001a8c: 63a1 str r1, [r4, #56] ; 0x38 + hspi->TxXferSize = 0U; + 8001a8e: 87a1 strh r1, [r4, #60] ; 0x3c + hspi->TxXferCount = 0U; + 8001a90: 87e1 strh r1, [r4, #62] ; 0x3e + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 8001a92: d10d bne.n 8001ab0 + SPI_RESET_CRC(hspi); + 8001a94: 682b ldr r3, [r5, #0] + 8001a96: f423 5300 bic.w r3, r3, #8192 ; 0x2000 + 8001a9a: 602b str r3, [r5, #0] + 8001a9c: 682b ldr r3, [r5, #0] + 8001a9e: f443 5300 orr.w r3, r3, #8192 ; 0x2000 + 8001aa2: 602b str r3, [r5, #0] + hspi->RxXferCount--; + 8001aa4: f8b4 3046 ldrh.w r3, [r4, #70] ; 0x46 + 8001aa8: 3b01 subs r3, #1 + 8001aaa: b29b uxth r3, r3 + 8001aac: f8a4 3046 strh.w r3, [r4, #70] ; 0x46 + if (hspi->Init.DataSize > SPI_DATASIZE_8BIT) + 8001ab0: 68e3 ldr r3, [r4, #12] + 8001ab2: f5b3 6fe0 cmp.w r3, #1792 ; 0x700 + CLEAR_BIT(hspi->Instance->CR2, SPI_RXFIFO_THRESHOLD); + 8001ab6: 686b ldr r3, [r5, #4] + 8001ab8: bf8c ite hi + 8001aba: f423 5380 bichi.w r3, r3, #4096 ; 0x1000 + SET_BIT(hspi->Instance->CR2, SPI_RXFIFO_THRESHOLD); + 8001abe: f443 5380 orrls.w r3, r3, #4096 ; 0x1000 + 8001ac2: 606b str r3, [r5, #4] + if (hspi->Init.Direction == SPI_DIRECTION_1LINE) + 8001ac4: 68a3 ldr r3, [r4, #8] + 8001ac6: f5b3 4f00 cmp.w r3, #32768 ; 0x8000 + SPI_1LINE_RX(hspi); + 8001aca: bf02 ittt eq + 8001acc: 682b ldreq r3, [r5, #0] + 8001ace: f423 4380 biceq.w r3, r3, #16384 ; 0x4000 + 8001ad2: 602b streq r3, [r5, #0] + if ((hspi->Instance->CR1 & SPI_CR1_SPE) != SPI_CR1_SPE) + 8001ad4: 682b ldr r3, [r5, #0] + 8001ad6: 0658 lsls r0, r3, #25 + 8001ad8: d403 bmi.n 8001ae2 + __HAL_SPI_ENABLE(hspi); + 8001ada: 682b ldr r3, [r5, #0] + 8001adc: f043 0340 orr.w r3, r3, #64 ; 0x40 + 8001ae0: 602b str r3, [r5, #0] + while (hspi->RxXferCount > 0U) + 8001ae2: f8b4 3046 ldrh.w r3, [r4, #70] ; 0x46 + if (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_RXNE)) + 8001ae6: 6822 ldr r2, [r4, #0] + while (hspi->RxXferCount > 0U) + 8001ae8: b29b uxth r3, r3 + 8001aea: 2b00 cmp r3, #0 + 8001aec: d13e bne.n 8001b6c + if (hspi->Init.CRCCalculation == SPI_CRCCALCULATION_ENABLE) + 8001aee: 6aa3 ldr r3, [r4, #40] ; 0x28 + 8001af0: f5b3 5f00 cmp.w r3, #8192 ; 0x2000 + 8001af4: d11c bne.n 8001b30 + SET_BIT(hspi->Instance->CR1, SPI_CR1_CRCNEXT); + 8001af6: 6813 ldr r3, [r2, #0] + 8001af8: f443 5380 orr.w r3, r3, #4096 ; 0x1000 + 8001afc: 6013 str r3, [r2, #0] + while ((__HAL_SPI_GET_FLAG(hspi, Flag) ? SET : RESET) != State) + 8001afe: 6893 ldr r3, [r2, #8] + 8001b00: 07df lsls r7, r3, #31 + 8001b02: d5fc bpl.n 8001afe + if (hspi->Init.DataSize > SPI_DATASIZE_8BIT) + 8001b04: 68e3 ldr r3, [r4, #12] + 8001b06: f5b3 6fe0 cmp.w r3, #1792 ; 0x700 + (*(uint8_t *)pData) = *(__IO uint8_t *)&hspi->Instance->DR; + 8001b0a: bf95 itete ls + 8001b0c: 7b13 ldrbls r3, [r2, #12] + *((uint16_t *)pData) = hspi->Instance->DR; + 8001b0e: 68d3 ldrhi r3, [r2, #12] + (*(uint8_t *)pData) = *(__IO uint8_t *)&hspi->Instance->DR; + 8001b10: 7033 strbls r3, [r6, #0] + *((uint16_t *)pData) = hspi->Instance->DR; + 8001b12: 8033 strhhi r3, [r6, #0] + while ((__HAL_SPI_GET_FLAG(hspi, Flag) ? SET : RESET) != State) + 8001b14: 6823 ldr r3, [r4, #0] + 8001b16: 689a ldr r2, [r3, #8] + 8001b18: 07d6 lsls r6, r2, #31 + 8001b1a: d5fc bpl.n 8001b16 + if (hspi->Init.DataSize == SPI_DATASIZE_16BIT) + 8001b1c: 68e1 ldr r1, [r4, #12] + 8001b1e: f5b1 6f70 cmp.w r1, #3840 ; 0xf00 + 8001b22: d142 bne.n 8001baa + tmpreg = hspi->Instance->DR; + 8001b24: 68db ldr r3, [r3, #12] + 8001b26: b29b uxth r3, r3 + tmpreg = *(__IO uint8_t *)&hspi->Instance->DR; + 8001b28: f8ad 300e strh.w r3, [sp, #14] + UNUSED(tmpreg); + 8001b2c: f8bd 300e ldrh.w r3, [sp, #14] + * @param Tickstart: tick start value + * @retval HAL status + */ +static HAL_StatusTypeDef SPI_EndRxTransaction(SPI_HandleTypeDef *hspi, uint32_t Timeout, uint32_t Tickstart) +{ + if ((hspi->Init.Mode == SPI_MODE_MASTER) && ((hspi->Init.Direction == SPI_DIRECTION_1LINE) + 8001b30: 6861 ldr r1, [r4, #4] + 8001b32: 6823 ldr r3, [r4, #0] + 8001b34: f5b1 7f82 cmp.w r1, #260 ; 0x104 + 8001b38: d10a bne.n 8001b50 + 8001b3a: 68a2 ldr r2, [r4, #8] + 8001b3c: f5b2 4f00 cmp.w r2, #32768 ; 0x8000 + 8001b40: d002 beq.n 8001b48 + || (hspi->Init.Direction == SPI_DIRECTION_2LINES_RXONLY))) + 8001b42: f5b2 6f80 cmp.w r2, #1024 ; 0x400 + 8001b46: d103 bne.n 8001b50 + { + /* Disable SPI peripheral */ + __HAL_SPI_DISABLE(hspi); + 8001b48: 681a ldr r2, [r3, #0] + 8001b4a: f022 0240 bic.w r2, r2, #64 ; 0x40 + 8001b4e: 601a str r2, [r3, #0] + while ((__HAL_SPI_GET_FLAG(hspi, Flag) ? SET : RESET) != State) + 8001b50: 689a ldr r2, [r3, #8] + 8001b52: 0610 lsls r0, r2, #24 + 8001b54: d4fc bmi.n 8001b50 + { + SET_BIT(hspi->ErrorCode, HAL_SPI_ERROR_FLAG); + return HAL_TIMEOUT; + } + + if ((hspi->Init.Mode == SPI_MODE_MASTER) && ((hspi->Init.Direction == SPI_DIRECTION_1LINE) + 8001b56: f5b1 7f82 cmp.w r1, #260 ; 0x104 + 8001b5a: d036 beq.n 8001bca + if (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_CRCERR)) + 8001b5c: 689a ldr r2, [r3, #8] + 8001b5e: 06d2 lsls r2, r2, #27 + 8001b60: d445 bmi.n 8001bee + if (hspi->ErrorCode != HAL_SPI_ERROR_NONE) + 8001b62: 6e20 ldr r0, [r4, #96] ; 0x60 + errorcode = HAL_BUSY; + 8001b64: 3800 subs r0, #0 + 8001b66: bf18 it ne + 8001b68: 2001 movne r0, #1 +error : + 8001b6a: e00e b.n 8001b8a + if (__HAL_SPI_GET_FLAG(hspi, SPI_FLAG_RXNE)) + 8001b6c: 6893 ldr r3, [r2, #8] + 8001b6e: 07d9 lsls r1, r3, #31 + 8001b70: d509 bpl.n 8001b86 + (* (uint8_t *)pData) = *(__IO uint8_t *)&hspi->Instance->DR; + 8001b72: 7b13 ldrb r3, [r2, #12] + 8001b74: f806 3b01 strb.w r3, [r6], #1 + hspi->RxXferCount--; + 8001b78: f8b4 3046 ldrh.w r3, [r4, #70] ; 0x46 + 8001b7c: 3b01 subs r3, #1 + 8001b7e: b29b uxth r3, r3 + 8001b80: f8a4 3046 strh.w r3, [r4, #70] ; 0x46 + 8001b84: e7ad b.n 8001ae2 + if ((Timeout == 0U) || ((Timeout != HAL_MAX_DELAY) && ((HAL_GetTick() - tickstart) >= Timeout))) + 8001b86: b93f cbnz r7, 8001b98 + errorcode = HAL_TIMEOUT; + 8001b88: 2003 movs r0, #3 + hspi->State = HAL_SPI_STATE_READY; + 8001b8a: 2301 movs r3, #1 + 8001b8c: f884 305d strb.w r3, [r4, #93] ; 0x5d + __HAL_UNLOCK(hspi); + 8001b90: 2300 movs r3, #0 + 8001b92: f884 305c strb.w r3, [r4, #92] ; 0x5c + return errorcode; + 8001b96: e74f b.n 8001a38 + if ((Timeout == 0U) || ((Timeout != HAL_MAX_DELAY) && ((HAL_GetTick() - tickstart) >= Timeout))) + 8001b98: 1c7b adds r3, r7, #1 + 8001b9a: d0a2 beq.n 8001ae2 + 8001b9c: f005 fc24 bl 80073e8 + 8001ba0: eba0 0008 sub.w r0, r0, r8 + 8001ba4: 42b8 cmp r0, r7 + 8001ba6: d39c bcc.n 8001ae2 + 8001ba8: e7ee b.n 8001b88 + tmpreg = *(__IO uint8_t *)&hspi->Instance->DR; + 8001baa: 7b1a ldrb r2, [r3, #12] + 8001bac: f8ad 200e strh.w r2, [sp, #14] + if ((hspi->Init.DataSize == SPI_DATASIZE_8BIT) && (hspi->Init.CRCLength == SPI_CRC_LENGTH_16BIT)) + 8001bb0: f5b1 6fe0 cmp.w r1, #1792 ; 0x700 + UNUSED(tmpreg); + 8001bb4: f8bd 200e ldrh.w r2, [sp, #14] + if ((hspi->Init.DataSize == SPI_DATASIZE_8BIT) && (hspi->Init.CRCLength == SPI_CRC_LENGTH_16BIT)) + 8001bb8: d1ba bne.n 8001b30 + 8001bba: 6b22 ldr r2, [r4, #48] ; 0x30 + 8001bbc: 2a02 cmp r2, #2 + 8001bbe: d1b7 bne.n 8001b30 + while ((__HAL_SPI_GET_FLAG(hspi, Flag) ? SET : RESET) != State) + 8001bc0: 689a ldr r2, [r3, #8] + 8001bc2: 07d5 lsls r5, r2, #31 + 8001bc4: d5fc bpl.n 8001bc0 + tmpreg = *(__IO uint8_t *)&hspi->Instance->DR; + 8001bc6: 7b1b ldrb r3, [r3, #12] + 8001bc8: e7ae b.n 8001b28 + if ((hspi->Init.Mode == SPI_MODE_MASTER) && ((hspi->Init.Direction == SPI_DIRECTION_1LINE) + 8001bca: 68a2 ldr r2, [r4, #8] + 8001bcc: f5b2 4f00 cmp.w r2, #32768 ; 0x8000 + 8001bd0: d002 beq.n 8001bd8 + || (hspi->Init.Direction == SPI_DIRECTION_2LINES_RXONLY))) + 8001bd2: f5b2 6f80 cmp.w r2, #1024 ; 0x400 + 8001bd6: d1c1 bne.n 8001b5c + while ((hspi->Instance->SR & Fifo) != State) + 8001bd8: 689a ldr r2, [r3, #8] + 8001bda: f412 6fc0 tst.w r2, #1536 ; 0x600 + 8001bde: d0bd beq.n 8001b5c + tmpreg = *((__IO uint8_t *)&hspi->Instance->DR); + 8001be0: 7b1a ldrb r2, [r3, #12] + 8001be2: b2d2 uxtb r2, r2 + 8001be4: f88d 200d strb.w r2, [sp, #13] + UNUSED(tmpreg); + 8001be8: f89d 200d ldrb.w r2, [sp, #13] + 8001bec: e7f4 b.n 8001bd8 + SET_BIT(hspi->ErrorCode, HAL_SPI_ERROR_CRC); + 8001bee: 6e22 ldr r2, [r4, #96] ; 0x60 + 8001bf0: f042 0202 orr.w r2, r2, #2 + 8001bf4: 6622 str r2, [r4, #96] ; 0x60 + __HAL_SPI_CLEAR_CRCERRFLAG(hspi); + 8001bf6: f64f 72ef movw r2, #65519 ; 0xffef + 8001bfa: 609a str r2, [r3, #8] + 8001bfc: e7b1 b.n 8001b62 + errorcode = HAL_BUSY; + 8001bfe: 2002 movs r0, #2 + 8001c00: e7c3 b.n 8001b8a + __HAL_LOCK(hspi); + 8001c02: 2002 movs r0, #2 + 8001c04: e718 b.n 8001a38 + ... + +08001c08 : + +// checksum_more() +// + static void +checksum_more(SHA256_CTX *ctx, uint32_t *total, const uint8_t *addr, int len) +{ + 8001c08: b5f8 push {r3, r4, r5, r6, r7, lr} + 8001c0a: 460c mov r4, r1 + // mk4 has hardware hash engine, and no DFU button + int percent = ((*total) * 100) / TOTAL_CHECKSUM_LEN; + 8001c0c: 6809 ldr r1, [r1, #0] +{ + 8001c0e: 461d mov r5, r3 + int percent = ((*total) * 100) / TOTAL_CHECKSUM_LEN; + 8001c10: 2364 movs r3, #100 ; 0x64 +{ + 8001c12: 4617 mov r7, r2 + 8001c14: 4606 mov r6, r0 + int percent = ((*total) * 100) / TOTAL_CHECKSUM_LEN; + 8001c16: 4359 muls r1, r3 + puts2("Verify %0x"); + puthex2(percent); + putchar('\n'); +#endif + + oled_show_progress(screen_verify, percent); + 8001c18: 4807 ldr r0, [pc, #28] ; (8001c38 ) + 8001c1a: 4b08 ldr r3, [pc, #32] ; (8001c3c ) + 8001c1c: fbb1 f1f3 udiv r1, r1, r3 + 8001c20: f7ff fab4 bl 800118c + + sha256_update(ctx, addr, len); + 8001c24: 462a mov r2, r5 + 8001c26: 4639 mov r1, r7 + 8001c28: 4630 mov r0, r6 + 8001c2a: f003 fdbb bl 80057a4 + *total += len; + 8001c2e: 6823 ldr r3, [r4, #0] + 8001c30: 442b add r3, r5 + 8001c32: 6023 str r3, [r4, #0] +} + 8001c34: bdf8 pop {r3, r4, r5, r6, r7, pc} + 8001c36: bf00 nop + 8001c38: 08010051 .word 0x08010051 + 8001c3c: 0018541c .word 0x0018541c + +08001c40 : + +// checksum_flash() +// + void +checksum_flash(uint8_t fw_digest[32], uint8_t world_digest[32], uint32_t fw_length) +{ + 8001c40: b570 push {r4, r5, r6, lr} + 8001c42: b09c sub sp, #112 ; 0x70 + 8001c44: 4606 mov r6, r0 + 8001c46: 460d mov r5, r1 + 8001c48: 4614 mov r4, r2 + const uint8_t *start = (const uint8_t *)FIRMWARE_START; + + rng_delay(); + 8001c4a: f000 fe6f bl 800292c + + SHA256_CTX ctx; + uint32_t total_len = 0; + 8001c4e: 2300 movs r3, #0 + 8001c50: 9300 str r3, [sp, #0] + + if(fw_length == 0) { + 8001c52: 2c00 cmp r4, #0 + 8001c54: d15f bne.n 8001d16 + uint8_t first[32]; + sha256_init(&ctx); + 8001c56: a809 add r0, sp, #36 ; 0x24 + 8001c58: f003 fd96 bl 8005788 + + // use length from header in flash + fw_length = FW_HDR->firmware_length; + 8001c5c: 4b36 ldr r3, [pc, #216] ; (8001d38 ) + + // start of firmware (just after we end) to header + checksum_more(&ctx, &total_len, start, FW_HEADER_OFFSET + FW_HEADER_SIZE - 64); + 8001c5e: 4a37 ldr r2, [pc, #220] ; (8001d3c ) + fw_length = FW_HDR->firmware_length; + 8001c60: f8d3 4098 ldr.w r4, [r3, #152] ; 0x98 + checksum_more(&ctx, &total_len, start, FW_HEADER_OFFSET + FW_HEADER_SIZE - 64); + 8001c64: 4669 mov r1, sp + 8001c66: f44f 537f mov.w r3, #16320 ; 0x3fc0 + 8001c6a: a809 add r0, sp, #36 ; 0x24 + 8001c6c: f7ff ffcc bl 8001c08 + + // from after header to end + checksum_more(&ctx, &total_len, start + FW_HEADER_OFFSET + FW_HEADER_SIZE, + 8001c70: 4a33 ldr r2, [pc, #204] ; (8001d40 ) + 8001c72: f5a4 4380 sub.w r3, r4, #16384 ; 0x4000 + 8001c76: 4669 mov r1, sp + 8001c78: a809 add r0, sp, #36 ; 0x24 + 8001c7a: f7ff ffc5 bl 8001c08 + fw_length - (FW_HEADER_OFFSET + FW_HEADER_SIZE)); + + sha256_final(&ctx, first); + 8001c7e: a901 add r1, sp, #4 + 8001c80: a809 add r0, sp, #36 ; 0x24 + 8001c82: f003 fdd5 bl 8005830 + + // double SHA256 + sha256_single(first, sizeof(first), fw_digest); + 8001c86: 4632 mov r2, r6 + 8001c88: 2120 movs r1, #32 + 8001c8a: a801 add r0, sp, #4 + 8001c8c: f003 fde4 bl 8005858 + // fw_digest should already be populated by caller + total_len = fw_length - 64; + } + + // start over, and get the rest of flash. All of it. + sha256_init(&ctx); + 8001c90: a809 add r0, sp, #36 ; 0x24 + 8001c92: f003 fd79 bl 8005788 + + // .. and chain in what we have so far + sha256_update(&ctx, fw_digest, 32); + 8001c96: 2220 movs r2, #32 + 8001c98: 4631 mov r1, r6 + 8001c9a: a809 add r0, sp, #36 ; 0x24 + 8001c9c: f003 fd82 bl 80057a4 + + // Bootloader, including pairing secret area, but excluding MCU keys. + const uint8_t *base = (const uint8_t *)BL_FLASH_BASE; + checksum_more(&ctx, &total_len, base, ((uint8_t *)MCU_KEYS)-base); + 8001ca0: f44f 33f0 mov.w r3, #122880 ; 0x1e000 + 8001ca4: f04f 6200 mov.w r2, #134217728 ; 0x8000000 + 8001ca8: 4669 mov r1, sp + 8001caa: a809 add r0, sp, #36 ; 0x24 + 8001cac: f7ff ffac bl 8001c08 + + // Probably-blank area after firmware, and filesystem area. + // Important: firmware images (fw_length) must be aligned with flash erase unit size (4k). + const uint8_t *fs = start + fw_length; + const uint8_t *last = base + MAIN_FLASH_SIZE; + checksum_more(&ctx, &total_len, fs, last-fs); + 8001cb0: f104 6200 add.w r2, r4, #134217728 ; 0x8000000 + 8001cb4: f5c4 13b0 rsb r3, r4, #1441792 ; 0x160000 + 8001cb8: f502 3200 add.w r2, r2, #131072 ; 0x20000 + 8001cbc: 4669 mov r1, sp + 8001cbe: a809 add r0, sp, #36 ; 0x24 + 8001cc0: f7ff ffa2 bl 8001c08 + + rng_delay(); + 8001cc4: f000 fe32 bl 800292c + + // OTP area + checksum_more(&ctx, &total_len, (void *)0x1fff7000, 0x400); + 8001cc8: 4a1e ldr r2, [pc, #120] ; (8001d44 ) + 8001cca: f44f 6380 mov.w r3, #1024 ; 0x400 + 8001cce: 4669 mov r1, sp + 8001cd0: a809 add r0, sp, #36 ; 0x24 + 8001cd2: f7ff ff99 bl 8001c08 + + // "just in case" ... the option bytes (2 banks) + checksum_more(&ctx, &total_len, (void *)0x1fff7800, 0x28); + 8001cd6: 4a1c ldr r2, [pc, #112] ; (8001d48 ) + 8001cd8: 2328 movs r3, #40 ; 0x28 + 8001cda: 4669 mov r1, sp + 8001cdc: a809 add r0, sp, #36 ; 0x24 + 8001cde: f7ff ff93 bl 8001c08 + checksum_more(&ctx, &total_len, (void *)0x1ffff800, 0x28); + 8001ce2: 4a1a ldr r2, [pc, #104] ; (8001d4c ) + 8001ce4: 2328 movs r3, #40 ; 0x28 + 8001ce6: 4669 mov r1, sp + 8001ce8: a809 add r0, sp, #36 ; 0x24 + 8001cea: f7ff ff8d bl 8001c08 + + // System ROM (they say it can't change, but clearly + // implemented as flash cells) + checksum_more(&ctx, &total_len, (void *)0x1fff0000, 0x7000); + 8001cee: 4a18 ldr r2, [pc, #96] ; (8001d50 ) + 8001cf0: f44f 43e0 mov.w r3, #28672 ; 0x7000 + 8001cf4: 4669 mov r1, sp + 8001cf6: a809 add r0, sp, #36 ; 0x24 + 8001cf8: f7ff ff86 bl 8001c08 + + // device serial number, just for kicks + checksum_more(&ctx, &total_len, (void *)0x1fff7590, 12); + 8001cfc: 4a15 ldr r2, [pc, #84] ; (8001d54 ) + 8001cfe: 230c movs r3, #12 + 8001d00: 4669 mov r1, sp + 8001d02: a809 add r0, sp, #36 ; 0x24 + 8001d04: f7ff ff80 bl 8001c08 + + ASSERT(total_len == TOTAL_CHECKSUM_LEN); + 8001d08: 4b13 ldr r3, [pc, #76] ; (8001d58 ) + 8001d0a: 9a00 ldr r2, [sp, #0] + 8001d0c: 429a cmp r2, r3 + 8001d0e: d006 beq.n 8001d1e + 8001d10: 4812 ldr r0, [pc, #72] ; (8001d5c ) + 8001d12: f7fe fea3 bl 8000a5c + total_len = fw_length - 64; + 8001d16: f1a4 0340 sub.w r3, r4, #64 ; 0x40 + 8001d1a: 9300 str r3, [sp, #0] + 8001d1c: e7b8 b.n 8001c90 + + sha256_final(&ctx, world_digest); + 8001d1e: 4629 mov r1, r5 + 8001d20: a809 add r0, sp, #36 ; 0x24 + 8001d22: f003 fd85 bl 8005830 + + // double SHA256 (a bitcoin fetish) + sha256_single(world_digest, 32, world_digest); + 8001d26: 462a mov r2, r5 + 8001d28: 2120 movs r1, #32 + 8001d2a: 4628 mov r0, r5 + 8001d2c: f003 fd94 bl 8005858 + + rng_delay(); + 8001d30: f000 fdfc bl 800292c +} + 8001d34: b01c add sp, #112 ; 0x70 + 8001d36: bd70 pop {r4, r5, r6, pc} + 8001d38: 08023f00 .word 0x08023f00 + 8001d3c: 08020000 .word 0x08020000 + 8001d40: 08024000 .word 0x08024000 + 8001d44: 1fff7000 .word 0x1fff7000 + 8001d48: 1fff7800 .word 0x1fff7800 + 8001d4c: 1ffff800 .word 0x1ffff800 + 8001d50: 1fff0000 .word 0x1fff0000 + 8001d54: 1fff7590 .word 0x1fff7590 + 8001d58: 0018541c .word 0x0018541c + 8001d5c: 08010470 .word 0x08010470 + +08001d60 : +// Scan the OTP area and determine what the current min-version (timestamp) +// we can allow. All zeros if any if okay. +// + void +get_min_version(uint8_t min_version[8]) +{ + 8001d60: b570 push {r4, r5, r6, lr} + 8001d62: 4604 mov r4, r0 + const uint8_t *otp = (const uint8_t *)OPT_FLASH_BASE; + 8001d64: 4d0c ldr r5, [pc, #48] ; (8001d98 ) + + rng_delay(); + memset(min_version, 0, 8); + + for(int i=0; i) + rng_delay(); + 8001d68: f000 fde0 bl 800292c + memset(min_version, 0, 8); + 8001d6c: 2300 movs r3, #0 + 8001d6e: 6023 str r3, [r4, #0] + 8001d70: 6063 str r3, [r4, #4] + // is it programmed? + if(otp[0] == 0xff) continue; + + // is it a timestamp value? + if(otp[0] >= 0x40) continue; + if(otp[0] < 0x10) continue; + 8001d72: 782b ldrb r3, [r5, #0] + 8001d74: 3b10 subs r3, #16 + 8001d76: 2b2f cmp r3, #47 ; 0x2f + 8001d78: d80a bhi.n 8001d90 + + if(memcmp(otp, min_version, 8) > 0) { + 8001d7a: 4621 mov r1, r4 + 8001d7c: 2208 movs r2, #8 + 8001d7e: 4628 mov r0, r5 + 8001d80: f00b fda2 bl 800d8c8 + 8001d84: 2800 cmp r0, #0 + memcpy(min_version, otp, 8); + 8001d86: bfc1 itttt gt + 8001d88: 462b movgt r3, r5 + 8001d8a: cb03 ldmiagt r3!, {r0, r1} + 8001d8c: 6020 strgt r0, [r4, #0] + 8001d8e: 6061 strgt r1, [r4, #4] + for(int i=0; i + } + } +} + 8001d96: bd70 pop {r4, r5, r6, pc} + 8001d98: 1fff7000 .word 0x1fff7000 + 8001d9c: 1fff7400 .word 0x1fff7400 + +08001da0 : + +// check_is_downgrade() +// + bool +check_is_downgrade(const uint8_t timestamp[8], const char *version) +{ + 8001da0: b513 push {r0, r1, r4, lr} + 8001da2: 4604 mov r4, r0 + } +#endif + + // look at FW_HDR->timestamp and compare to a growing list in main flash OTP + uint8_t min[8]; + get_min_version(min); + 8001da4: 4668 mov r0, sp + 8001da6: f7ff ffdb bl 8001d60 + + return (memcmp(timestamp, min, 8) < 0); + 8001daa: 2208 movs r2, #8 + 8001dac: 4669 mov r1, sp + 8001dae: 4620 mov r0, r4 + 8001db0: f00b fd8a bl 800d8c8 +} + 8001db4: 0fc0 lsrs r0, r0, #31 + 8001db6: b002 add sp, #8 + 8001db8: bd10 pop {r4, pc} + +08001dba : + +// warn_fishy_firmware() +// + void +warn_fishy_firmware(const uint8_t *pixels) +{ + 8001dba: b538 push {r3, r4, r5, lr} + 8001dbc: 4605 mov r5, r0 + const int wait = 100; +#else + const int wait = 10; +#endif + + for(int i=0; i < wait; i++) { + 8001dbe: 2400 movs r4, #0 + oled_show_progress(pixels, (i*100)/wait); + 8001dc0: 4621 mov r1, r4 + 8001dc2: 4628 mov r0, r5 + 8001dc4: f7ff f9e2 bl 800118c + for(int i=0; i < wait; i++) { + 8001dc8: 3401 adds r4, #1 + + delay_ms(250); + 8001dca: 20fa movs r0, #250 ; 0xfa + 8001dcc: f001 fe6c bl 8003aa8 + for(int i=0; i < wait; i++) { + 8001dd0: 2c64 cmp r4, #100 ; 0x64 + 8001dd2: d1f5 bne.n 8001dc0 + } +} + 8001dd4: bd38 pop {r3, r4, r5, pc} + ... + +08001dd8 : + +// verify_header() +// + bool +verify_header(const coldcardFirmwareHeader_t *hdr) +{ + 8001dd8: b510 push {r4, lr} + 8001dda: 4604 mov r4, r0 + rng_delay(); + 8001ddc: f000 fda6 bl 800292c + + if(hdr->magic_value != FW_HEADER_MAGIC) goto fail; + 8001de0: 6822 ldr r2, [r4, #0] + 8001de2: 4b0b ldr r3, [pc, #44] ; (8001e10 ) + 8001de4: 429a cmp r2, r3 + 8001de6: d110 bne.n 8001e0a + if(hdr->version_string[0] == 0x0) goto fail; + 8001de8: 7b20 ldrb r0, [r4, #12] + 8001dea: b168 cbz r0, 8001e08 + if(hdr->timestamp[0] >= 0x40) goto fail; // 22 yr product lifetime + 8001dec: 7923 ldrb r3, [r4, #4] + 8001dee: 2b3f cmp r3, #63 ; 0x3f + 8001df0: d80b bhi.n 8001e0a + if(hdr->firmware_length < FW_MIN_LENGTH) goto fail; + 8001df2: 69a3 ldr r3, [r4, #24] + 8001df4: f5a3 2380 sub.w r3, r3, #262144 ; 0x40000 + 8001df8: f5b3 1fd0 cmp.w r3, #1703936 ; 0x1a0000 + 8001dfc: d205 bcs.n 8001e0a + if(hdr->firmware_length >= FW_MAX_LENGTH_MK4) goto fail; + if(hdr->pubkey_num >= NUM_KNOWN_PUBKEYS) goto fail; + 8001dfe: 6960 ldr r0, [r4, #20] + 8001e00: 2805 cmp r0, #5 + 8001e02: bf8c ite hi + 8001e04: 2000 movhi r0, #0 + 8001e06: 2001 movls r0, #1 + + return true; +fail: + return false; +} + 8001e08: bd10 pop {r4, pc} + return false; + 8001e0a: 2000 movs r0, #0 + 8001e0c: e7fc b.n 8001e08 + 8001e0e: bf00 nop + 8001e10: cc001234 .word 0xcc001234 + +08001e14 : +// +// Given double-sha256 over the firmware bytes, check the signature. +// + bool +verify_signature(const coldcardFirmwareHeader_t *hdr, const uint8_t fw_check[32]) +{ + 8001e14: b530 push {r4, r5, lr} + // this takes a few ms at least, not fast. + int ok = uECC_verify(approved_pubkeys[hdr->pubkey_num], fw_check, 32, + 8001e16: 6943 ldr r3, [r0, #20] + 8001e18: 4d0b ldr r5, [pc, #44] ; (8001e48 ) +{ + 8001e1a: b085 sub sp, #20 + int ok = uECC_verify(approved_pubkeys[hdr->pubkey_num], fw_check, 32, + 8001e1c: eb05 1583 add.w r5, r5, r3, lsl #6 +{ + 8001e20: 4604 mov r4, r0 + 8001e22: 9103 str r1, [sp, #12] + int ok = uECC_verify(approved_pubkeys[hdr->pubkey_num], fw_check, 32, + 8001e24: f004 fedc bl 8006be0 + 8001e28: f104 0340 add.w r3, r4, #64 ; 0x40 + 8001e2c: 9903 ldr r1, [sp, #12] + 8001e2e: 9000 str r0, [sp, #0] + 8001e30: 2220 movs r2, #32 + 8001e32: 4628 mov r0, r5 + 8001e34: f005 f95b bl 80070ee + 8001e38: 4604 mov r4, r0 + hdr->signature, uECC_secp256k1()); + + //puts(ok ? "Sig ok" : "Sig fail"); + rng_delay(); + 8001e3a: f000 fd77 bl 800292c + + return ok; +} + 8001e3e: 1e20 subs r0, r4, #0 + 8001e40: bf18 it ne + 8001e42: 2001 movne r0, #1 + 8001e44: b005 add sp, #20 + 8001e46: bd30 pop {r4, r5, pc} + 8001e48: 080104ea .word 0x080104ea + +08001e4c : +// Check hdr, and even signature of protential new firmware in PSRAM. +// Returns checksum needed for 608 +// + bool +verify_firmware_in_ram(const uint8_t *start, uint32_t len, uint8_t world_check[32]) +{ + 8001e4c: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + const coldcardFirmwareHeader_t *hdr = (const coldcardFirmwareHeader_t *) + 8001e50: f500 567e add.w r6, r0, #16256 ; 0x3f80 +{ + 8001e54: b09c sub sp, #112 ; 0x70 + 8001e56: 4605 mov r5, r0 + (start + FW_HEADER_OFFSET); + uint8_t fw_digest[32]; + + // check basics like verison, hw compat, etc + if(!verify_header(hdr)) goto fail; + 8001e58: 4630 mov r0, r6 +{ + 8001e5a: 4617 mov r7, r2 + if(!verify_header(hdr)) goto fail; + 8001e5c: f7ff ffbc bl 8001dd8 + 8001e60: 4604 mov r4, r0 + 8001e62: b150 cbz r0, 8001e7a + + if(check_is_downgrade(hdr->timestamp, (const char *)hdr->version_string)) { + 8001e64: f106 010c add.w r1, r6, #12 + 8001e68: 1d30 adds r0, r6, #4 + 8001e6a: f7ff ff99 bl 8001da0 + 8001e6e: 4604 mov r4, r0 + 8001e70: b138 cbz r0, 8001e82 + puts("downgrade"); + 8001e72: 481e ldr r0, [pc, #120] ; (8001eec ) + 8001e74: f003 f8fe bl 8005074 + + checksum_flash(fw_digest, world_check, hdr->firmware_length); + + return true; +fail: + return false; + 8001e78: 2400 movs r4, #0 +} + 8001e7a: 4620 mov r0, r4 + 8001e7c: b01c add sp, #112 ; 0x70 + 8001e7e: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + rng_delay(); + 8001e82: f000 fd53 bl 800292c + hdr->firmware_length - (FW_HEADER_OFFSET + FW_HEADER_SIZE)); + 8001e86: f505 5840 add.w r8, r5, #12288 ; 0x3000 + sha256_init(&ctx); + 8001e8a: a809 add r0, sp, #36 ; 0x24 + uint32_t total_len = 0; + 8001e8c: 9400 str r4, [sp, #0] + sha256_init(&ctx); + 8001e8e: f003 fc7b bl 8005788 + checksum_more(&ctx, &total_len, start, FW_HEADER_OFFSET + FW_HEADER_SIZE - 64); + 8001e92: f44f 537f mov.w r3, #16320 ; 0x3fc0 + 8001e96: 462a mov r2, r5 + 8001e98: 4669 mov r1, sp + 8001e9a: a809 add r0, sp, #36 ; 0x24 + 8001e9c: f7ff feb4 bl 8001c08 + hdr->firmware_length - (FW_HEADER_OFFSET + FW_HEADER_SIZE)); + 8001ea0: f8d8 3f98 ldr.w r3, [r8, #3992] ; 0xf98 + checksum_more(&ctx, &total_len, start + FW_HEADER_OFFSET + FW_HEADER_SIZE, + 8001ea4: f505 4280 add.w r2, r5, #16384 ; 0x4000 + 8001ea8: f5a3 4380 sub.w r3, r3, #16384 ; 0x4000 + 8001eac: 4669 mov r1, sp + 8001eae: a809 add r0, sp, #36 ; 0x24 + 8001eb0: f7ff feaa bl 8001c08 + sha256_final(&ctx, fw_digest); + 8001eb4: a901 add r1, sp, #4 + 8001eb6: a809 add r0, sp, #36 ; 0x24 + 8001eb8: f003 fcba bl 8005830 + sha256_single(fw_digest, 32, fw_digest); + 8001ebc: aa01 add r2, sp, #4 + 8001ebe: 4610 mov r0, r2 + 8001ec0: 2120 movs r1, #32 + 8001ec2: f003 fcc9 bl 8005858 + rng_delay(); + 8001ec6: f000 fd31 bl 800292c + if(!verify_signature(hdr, fw_digest)) { + 8001eca: a901 add r1, sp, #4 + 8001ecc: 4630 mov r0, r6 + 8001ece: f7ff ffa1 bl 8001e14 + 8001ed2: 4604 mov r4, r0 + 8001ed4: b918 cbnz r0, 8001ede + puts("sig fail"); + 8001ed6: 4806 ldr r0, [pc, #24] ; (8001ef0 ) + 8001ed8: f003 f8cc bl 8005074 + goto fail; + 8001edc: e7cd b.n 8001e7a + checksum_flash(fw_digest, world_check, hdr->firmware_length); + 8001ede: f8d8 2f98 ldr.w r2, [r8, #3992] ; 0xf98 + 8001ee2: 4639 mov r1, r7 + 8001ee4: a801 add r0, sp, #4 + 8001ee6: f7ff feab bl 8001c40 + return true; + 8001eea: e7c6 b.n 8001e7a + 8001eec: 08010477 .word 0x08010477 + 8001ef0: 08010481 .word 0x08010481 + +08001ef4 : +// - don't set the light at this point. +// - requires bootloader to have been unchanged since world_check recorded (debug issue) +// + bool +verify_world_checksum(const uint8_t world_check[32]) +{ + 8001ef4: b507 push {r0, r1, r2, lr} + 8001ef6: 9001 str r0, [sp, #4] + ae_setup(); + 8001ef8: f000 fe3c bl 8002b74 + ae_pair_unlock(); + 8001efc: f001 f830 bl 8002f60 + + return (ae_checkmac_hard(KEYNUM_firmware, world_check) == 0); + 8001f00: 9901 ldr r1, [sp, #4] + 8001f02: 200e movs r0, #14 + 8001f04: f001 f9ba bl 800327c +} + 8001f08: fab0 f080 clz r0, r0 + 8001f0c: 0940 lsrs r0, r0, #5 + 8001f0e: b003 add sp, #12 + 8001f10: f85d fb04 ldr.w pc, [sp], #4 + +08001f14 : + +// verify_firmware() +// + bool +verify_firmware(void) +{ + 8001f14: b570 push {r4, r5, r6, lr} + STATIC_ASSERT(sizeof(coldcardFirmwareHeader_t) == FW_HEADER_SIZE); + + rng_delay(); + + // watch for unprogrammed header. and some + if(FW_HDR->version_string[0] == 0xff) goto blank; + 8001f16: 4e2a ldr r6, [pc, #168] ; (8001fc0 ) +{ + 8001f18: b090 sub sp, #64 ; 0x40 + rng_delay(); + 8001f1a: f000 fd07 bl 800292c + if(FW_HDR->version_string[0] == 0xff) goto blank; + 8001f1e: f896 308c ldrb.w r3, [r6, #140] ; 0x8c + 8001f22: 2bff cmp r3, #255 ; 0xff + 8001f24: d107 bne.n 8001f36 + puts("corrupt firmware"); + oled_show(screen_corrupt); + return false; + +blank: + puts("no firmware"); + 8001f26: 4827 ldr r0, [pc, #156] ; (8001fc4 ) + puts("corrupt firmware"); + 8001f28: f003 f8a4 bl 8005074 + oled_show(screen_corrupt); + 8001f2c: 4826 ldr r0, [pc, #152] ; (8001fc8 ) + 8001f2e: f7ff f8b3 bl 8001098 + return false; + 8001f32: 2400 movs r4, #0 + 8001f34: e030 b.n 8001f98 + if(!verify_header(FW_HDR)) goto fail; + 8001f36: 4825 ldr r0, [pc, #148] ; (8001fcc ) + 8001f38: f7ff ff4e bl 8001dd8 + 8001f3c: 2800 cmp r0, #0 + 8001f3e: d03c beq.n 8001fba + rng_delay(); + 8001f40: f000 fcf4 bl 800292c + checksum_flash(fw_check, world_check, 0); + 8001f44: 2200 movs r2, #0 + 8001f46: a908 add r1, sp, #32 + 8001f48: 4668 mov r0, sp + 8001f4a: f7ff fe79 bl 8001c40 + rng_delay(); + 8001f4e: f000 fced bl 800292c + if(!verify_signature(FW_HDR, fw_check)) goto fail; + 8001f52: 481e ldr r0, [pc, #120] ; (8001fcc ) + 8001f54: 4669 mov r1, sp + 8001f56: f7ff ff5d bl 8001e14 + 8001f5a: 4604 mov r4, r0 + 8001f5c: b368 cbz r0, 8001fba + int not_green = ae_set_gpio_secure(world_check); + 8001f5e: a808 add r0, sp, #32 + 8001f60: f001 fba0 bl 80036a4 + 8001f64: 4605 mov r5, r0 + rng_delay(); + 8001f66: f000 fce1 bl 800292c + rng_delay(); + 8001f6a: f000 fcdf bl 800292c + return ((FLASH->OPTR & FLASH_OPTR_RDP_Msk) == 0xCC); + 8001f6e: 4b18 ldr r3, [pc, #96] ; (8001fd0 ) + 8001f70: 6a1b ldr r3, [r3, #32] + 8001f72: b2db uxtb r3, r3 + if(!flash_is_security_level2() && not_green) { + 8001f74: 2bcc cmp r3, #204 ; 0xcc + 8001f76: d008 beq.n 8001f8a + 8001f78: b18d cbz r5, 8001f9e + oled_show_progress(screen_verify, 100); + 8001f7a: 4816 ldr r0, [pc, #88] ; (8001fd4 ) + 8001f7c: 2164 movs r1, #100 ; 0x64 + 8001f7e: f7ff f905 bl 800118c + puts("Factory boot"); + 8001f82: 4815 ldr r0, [pc, #84] ; (8001fd8 ) + puts("Good firmware"); + 8001f84: f003 f876 bl 8005074 + 8001f88: e006 b.n 8001f98 + } else if(not_green) { + 8001f8a: b145 cbz r5, 8001f9e + puts("WARN: Red light"); + 8001f8c: 4813 ldr r0, [pc, #76] ; (8001fdc ) + 8001f8e: f003 f871 bl 8005074 + warn_fishy_firmware(screen_red_light); + 8001f92: 4813 ldr r0, [pc, #76] ; (8001fe0 ) + warn_fishy_firmware(screen_devmode); + 8001f94: f7ff ff11 bl 8001dba + oled_show(screen_corrupt); + + return false; +} + 8001f98: 4620 mov r0, r4 + 8001f9a: b010 add sp, #64 ; 0x40 + 8001f9c: bd70 pop {r4, r5, r6, pc} + } else if(FW_HDR->pubkey_num == 0) { + 8001f9e: f8d6 3094 ldr.w r3, [r6, #148] ; 0x94 + 8001fa2: b923 cbnz r3, 8001fae + puts("WARN: Unsigned firmware"); + 8001fa4: 480f ldr r0, [pc, #60] ; (8001fe4 ) + 8001fa6: f003 f865 bl 8005074 + warn_fishy_firmware(screen_devmode); + 8001faa: 480f ldr r0, [pc, #60] ; (8001fe8 ) + 8001fac: e7f2 b.n 8001f94 + oled_show_progress(screen_verify, 100); + 8001fae: 4809 ldr r0, [pc, #36] ; (8001fd4 ) + 8001fb0: 2164 movs r1, #100 ; 0x64 + 8001fb2: f7ff f8eb bl 800118c + puts("Good firmware"); + 8001fb6: 480d ldr r0, [pc, #52] ; (8001fec ) + 8001fb8: e7e4 b.n 8001f84 + puts("corrupt firmware"); + 8001fba: 480d ldr r0, [pc, #52] ; (8001ff0 ) + 8001fbc: e7b4 b.n 8001f28 + 8001fbe: bf00 nop + 8001fc0: 08023f00 .word 0x08023f00 + 8001fc4: 0801048a .word 0x0801048a + 8001fc8: 0800db11 .word 0x0800db11 + 8001fcc: 08023f80 .word 0x08023f80 + 8001fd0: 40022000 .word 0x40022000 + 8001fd4: 08010051 .word 0x08010051 + 8001fd8: 08010496 .word 0x08010496 + 8001fdc: 080104a3 .word 0x080104a3 + 8001fe0: 0800ec19 .word 0x0800ec19 + 8001fe4: 080104b3 .word 0x080104b3 + 8001fe8: 0800ddd3 .word 0x0800ddd3 + 8001fec: 080104cb .word 0x080104cb + 8001ff0: 080104d9 .word 0x080104d9 + +08001ff4 : + void +systick_setup(void) +{ + const uint32_t ticks = HCLK_FREQUENCY/1000; + + SysTick->LOAD = (ticks - 1); + 8001ff4: f04f 23e0 mov.w r3, #3758153728 ; 0xe000e000 + 8001ff8: 4a03 ldr r2, [pc, #12] ; (8002008 ) + 8001ffa: 615a str r2, [r3, #20] + SysTick->VAL = 0; + 8001ffc: 2200 movs r2, #0 + 8001ffe: 619a str r2, [r3, #24] + SysTick->CTRL = SYSTICK_CLKSOURCE_HCLK | SysTick_CTRL_ENABLE_Msk; + 8002000: 2205 movs r2, #5 + 8002002: 611a str r2, [r3, #16] +} + 8002004: 4770 bx lr + 8002006: bf00 nop + 8002008: 0001d4bf .word 0x0001d4bf + +0800200c : + SCB->VTOR = VECT_TAB_BASE_ADDRESS | VECT_TAB_OFFSET; +#endif + + /* FPU settings ------------------------------------------------------------*/ +#if (__FPU_PRESENT == 1) && (__FPU_USED == 1) + SCB->CPACR |= ((3UL << 20U)|(3UL << 22U)); /* set CP10 and CP11 Full Access */ + 800200c: 4a0e ldr r2, [pc, #56] ; (8002048 ) + 800200e: f8d2 3088 ldr.w r3, [r2, #136] ; 0x88 + 8002012: f443 0370 orr.w r3, r3, #15728640 ; 0xf00000 + 8002016: f8c2 3088 str.w r3, [r2, #136] ; 0x88 +#endif + + /* Reset the RCC clock configuration to the default reset state ------------*/ + /* Set MSION bit */ + RCC->CR |= RCC_CR_MSION; + 800201a: 4b0c ldr r3, [pc, #48] ; (800204c ) + 800201c: 681a ldr r2, [r3, #0] + + /* Reset CFGR register */ + RCC->CFGR = 0x00000000U; + 800201e: 2100 movs r1, #0 + RCC->CR |= RCC_CR_MSION; + 8002020: f042 0201 orr.w r2, r2, #1 + 8002024: 601a str r2, [r3, #0] + RCC->CFGR = 0x00000000U; + 8002026: 6099 str r1, [r3, #8] + + /* Reset HSEON, CSSON , HSION, and PLLON bits */ + RCC->CR &= 0xEAF6FFFFU; + 8002028: 681a ldr r2, [r3, #0] + 800202a: f022 52a8 bic.w r2, r2, #352321536 ; 0x15000000 + 800202e: f422 2210 bic.w r2, r2, #589824 ; 0x90000 + 8002032: 601a str r2, [r3, #0] + + /* Reset PLLCFGR register */ + RCC->PLLCFGR = 0x00001000U; + 8002034: f44f 5280 mov.w r2, #4096 ; 0x1000 + 8002038: 60da str r2, [r3, #12] + + /* Reset HSEBYP bit */ + RCC->CR &= 0xFFFBFFFFU; + 800203a: 681a ldr r2, [r3, #0] + 800203c: f422 2280 bic.w r2, r2, #262144 ; 0x40000 + 8002040: 601a str r2, [r3, #0] + + /* Disable all interrupts */ + RCC->CIER = 0x00000000U; + 8002042: 6199 str r1, [r3, #24] +} + 8002044: 4770 bx lr + 8002046: bf00 nop + 8002048: e000ed00 .word 0xe000ed00 + 800204c: 40021000 .word 0x40021000 + +08002050 : + +// clocks_setup() +// + void +clocks_setup(void) +{ + 8002050: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + + // setup power supplies + HAL_PWREx_ControlVoltageScaling(PWR_REGULATOR_VOLTAGE_SCALE1_BOOST); + + // Configure LSE Drive Capability + __HAL_RCC_LSEDRIVE_CONFIG(RCC_LSEDRIVE_LOW); + 8002054: 4c41 ldr r4, [pc, #260] ; (800215c ) +{ + 8002056: b0c1 sub sp, #260 ; 0x104 + HAL_PWREx_ControlVoltageScaling(PWR_REGULATOR_VOLTAGE_SCALE1_BOOST); + 8002058: 2000 movs r0, #0 + 800205a: f005 f9db bl 8007414 + __HAL_RCC_LSEDRIVE_CONFIG(RCC_LSEDRIVE_LOW); + 800205e: f8d4 3090 ldr.w r3, [r4, #144] ; 0x90 + 8002062: f023 0318 bic.w r3, r3, #24 + 8002066: f8c4 3090 str.w r3, [r4, #144] ; 0x90 + + // Enable HSE Oscillator and activate PLL with HSE as source + RCC_OscInitStruct.OscillatorType = RCC_OSCILLATORTYPE_HSE; + + RCC_OscInitStruct.HSEState = RCC_HSE_ON; + 800206a: 2201 movs r2, #1 + 800206c: f44f 3380 mov.w r3, #65536 ; 0x10000 + 8002070: e9cd 230a strd r2, r3, [sp, #40] ; 0x28 + RCC_OscInitStruct.LSEState = RCC_LSE_OFF; + RCC_OscInitStruct.MSIState = RCC_MSI_OFF; + + RCC_OscInitStruct.PLL.PLLSource = RCC_PLLSOURCE_HSE; + RCC_OscInitStruct.PLL.PLLState = RCC_PLL_ON; + 8002074: 2703 movs r7, #3 + + // Select PLL as system clock source and configure + // the HCLK, PCLK1 and PCLK2 clocks dividers + RCC_ClkInitStruct.ClockType = (RCC_CLOCKTYPE_SYSCLK | RCC_CLOCKTYPE_HCLK + 8002076: 230f movs r3, #15 + RCC_OscInitStruct.LSEState = RCC_LSE_OFF; + 8002078: 2500 movs r5, #0 + RCC_OscInitStruct.PLL.PLLState = RCC_PLL_ON; + 800207a: 2602 movs r6, #2 + | RCC_CLOCKTYPE_PCLK1 | RCC_CLOCKTYPE_PCLK2); + RCC_ClkInitStruct.SYSCLKSource = RCC_SYSCLKSOURCE_PLLCLK; + 800207c: e9cd 3705 strd r3, r7, [sp, #20] + + RCC_OscInitStruct.PLL.PLLM = CKCC_CLK_PLLM; + RCC_OscInitStruct.PLL.PLLN = CKCC_CLK_PLLN; + RCC_OscInitStruct.PLL.PLLP = CKCC_CLK_PLLP; + 8002080: f04f 0807 mov.w r8, #7 + 8002084: 233c movs r3, #60 ; 0x3c + RCC_OscInitStruct.PLL.PLLQ = CKCC_CLK_PLLQ; + 8002086: f04f 0905 mov.w r9, #5 + + RCC_ClkInitStruct.AHBCLKDivider = RCC_SYSCLK_DIV1; + RCC_ClkInitStruct.APB1CLKDivider = RCC_HCLK_DIV1; + RCC_ClkInitStruct.APB2CLKDivider = RCC_HCLK_DIV1; + + HAL_RCC_OscConfig(&RCC_OscInitStruct); + 800208a: a80a add r0, sp, #40 ; 0x28 + RCC_OscInitStruct.PLL.PLLP = CKCC_CLK_PLLP; + 800208c: e9cd 3817 strd r3, r8, [sp, #92] ; 0x5c + RCC_OscInitStruct.PLL.PLLState = RCC_PLL_ON; + 8002090: e9cd 6714 strd r6, r7, [sp, #80] ; 0x50 + RCC_OscInitStruct.PLL.PLLR = CKCC_CLK_PLLR; + 8002094: e9cd 9619 strd r9, r6, [sp, #100] ; 0x64 + RCC_ClkInitStruct.APB1CLKDivider = RCC_HCLK_DIV1; + 8002098: e9cd 5507 strd r5, r5, [sp, #28] + RCC_OscInitStruct.LSEState = RCC_LSE_OFF; + 800209c: 950c str r5, [sp, #48] ; 0x30 + RCC_OscInitStruct.MSIState = RCC_MSI_OFF; + 800209e: 9510 str r5, [sp, #64] ; 0x40 + RCC_OscInitStruct.PLL.PLLM = CKCC_CLK_PLLM; + 80020a0: 9616 str r6, [sp, #88] ; 0x58 + RCC_ClkInitStruct.APB2CLKDivider = RCC_HCLK_DIV1; + 80020a2: 9509 str r5, [sp, #36] ; 0x24 + HAL_RCC_OscConfig(&RCC_OscInitStruct); + 80020a4: f006 fd42 bl 8008b2c + + HAL_RCC_ClockConfig(&RCC_ClkInitStruct, FLASH_LATENCY_5); + 80020a8: 4649 mov r1, r9 + 80020aa: a805 add r0, sp, #20 + 80020ac: f006 ffec bl 8009088 + + // DIS-able MSI-Hardware auto calibration mode with LSE + CLEAR_BIT(RCC->CR, RCC_CR_MSIPLLEN); + 80020b0: 6823 ldr r3, [r4, #0] + 80020b2: f023 0304 bic.w r3, r3, #4 + 80020b6: 6023 str r3, [r4, #0] + + RCC_PeriphCLKInitTypeDef PeriphClkInitStruct; + PeriphClkInitStruct.PeriphClockSelection = RCC_PERIPHCLK_SAI1|RCC_PERIPHCLK_I2C2 + 80020b8: 4b29 ldr r3, [pc, #164] ; (8002160 ) + 80020ba: 931b str r3, [sp, #108] ; 0x6c + + // PLLSAI is used to clock USB, ADC, I2C1 and RNG. The frequency is + // HSE(8MHz)/PLLM(2)*PLLSAI1N(24)/PLLSAIQ(2) = 48MHz. + // + PeriphClkInitStruct.Sai1ClockSelection = RCC_SAI1CLKSOURCE_PLLSAI1; + PeriphClkInitStruct.AdcClockSelection = RCC_ADCCLKSOURCE_PLLSAI1; + 80020bc: f04f 5380 mov.w r3, #268435456 ; 0x10000000 + 80020c0: 933b str r3, [sp, #236] ; 0xec + PeriphClkInitStruct.UsbClockSelection = RCC_USBCLKSOURCE_PLLSAI1; + 80020c2: f04f 6380 mov.w r3, #67108864 ; 0x4000000 + 80020c6: 9338 str r3, [sp, #224] ; 0xe0 + PeriphClkInitStruct.RTCClockSelection = RCC_RTCCLKSOURCE_HSE_DIV32; // but unused + PeriphClkInitStruct.RngClockSelection = RCC_RNGCLKSOURCE_PLLSAI1; + 80020c8: 933a str r3, [sp, #232] ; 0xe8 + + PeriphClkInitStruct.PLLSAI1.PLLSAI1Source = RCC_PLLSOURCE_HSE; + PeriphClkInitStruct.PLLSAI1.PLLSAI1M = 2; + PeriphClkInitStruct.PLLSAI1.PLLSAI1N = 24; + 80020ca: 2318 movs r3, #24 + PeriphClkInitStruct.RTCClockSelection = RCC_RTCCLKSOURCE_HSE_DIV32; // but unused + 80020cc: f44f 7240 mov.w r2, #768 ; 0x300 + PeriphClkInitStruct.PLLSAI1.PLLSAI1P = RCC_PLLP_DIV7; + 80020d0: e9cd 381e strd r3, r8, [sp, #120] ; 0x78 + PeriphClkInitStruct.PLLSAI1.PLLSAI1R = RCC_PLLR_DIV2; + PeriphClkInitStruct.PLLSAI1.PLLSAI1ClockOut = RCC_PLLSAI1_SAI1CLK + |RCC_PLLSAI1_48M2CLK + |RCC_PLLSAI1_ADC1CLK; + + HAL_RCCEx_PeriphCLKConfig(&PeriphClkInitStruct); + 80020d4: a81b add r0, sp, #108 ; 0x6c + PeriphClkInitStruct.PLLSAI1.PLLSAI1ClockOut = RCC_PLLSAI1_SAI1CLK + 80020d6: 4b23 ldr r3, [pc, #140] ; (8002164 ) + PeriphClkInitStruct.RTCClockSelection = RCC_RTCCLKSOURCE_HSE_DIV32; // but unused + 80020d8: 923f str r2, [sp, #252] ; 0xfc + PeriphClkInitStruct.PLLSAI1.PLLSAI1ClockOut = RCC_PLLSAI1_SAI1CLK + 80020da: 9322 str r3, [sp, #136] ; 0x88 + PeriphClkInitStruct.PLLSAI1.PLLSAI1M = 2; + 80020dc: e9cd 761c strd r7, r6, [sp, #112] ; 0x70 + PeriphClkInitStruct.PLLSAI1.PLLSAI1R = RCC_PLLR_DIV2; + 80020e0: e9cd 6620 strd r6, r6, [sp, #128] ; 0x80 + PeriphClkInitStruct.I2c2ClockSelection = RCC_I2C2CLKSOURCE_PCLK1; + 80020e4: 9531 str r5, [sp, #196] ; 0xc4 + PeriphClkInitStruct.Sai1ClockSelection = RCC_SAI1CLKSOURCE_PLLSAI1; + 80020e6: 9536 str r5, [sp, #216] ; 0xd8 + HAL_RCCEx_PeriphCLKConfig(&PeriphClkInitStruct); + 80020e8: f007 faf2 bl 80096d0 + + __HAL_RCC_RTC_ENABLE(); + 80020ec: f8d4 3090 ldr.w r3, [r4, #144] ; 0x90 + 80020f0: f443 4300 orr.w r3, r3, #32768 ; 0x8000 + 80020f4: f8c4 3090 str.w r3, [r4, #144] ; 0x90 + __HAL_RCC_HASH_CLK_ENABLE(); // for SHA256 + 80020f8: 6ce3 ldr r3, [r4, #76] ; 0x4c + 80020fa: f443 3300 orr.w r3, r3, #131072 ; 0x20000 + 80020fe: 64e3 str r3, [r4, #76] ; 0x4c + 8002100: 6ce3 ldr r3, [r4, #76] ; 0x4c + 8002102: f403 3300 and.w r3, r3, #131072 ; 0x20000 + 8002106: 9301 str r3, [sp, #4] + 8002108: 9b01 ldr r3, [sp, #4] + __HAL_RCC_SPI1_CLK_ENABLE(); // for OLED + 800210a: 6e23 ldr r3, [r4, #96] ; 0x60 + 800210c: f443 5380 orr.w r3, r3, #4096 ; 0x1000 + 8002110: 6623 str r3, [r4, #96] ; 0x60 + 8002112: 6e23 ldr r3, [r4, #96] ; 0x60 + 8002114: f403 5380 and.w r3, r3, #4096 ; 0x1000 + 8002118: 9302 str r3, [sp, #8] + 800211a: 9b02 ldr r3, [sp, #8] + //__HAL_RCC_SPI2_CLK_ENABLE(); // for SPI flash + __HAL_RCC_DMAMUX1_CLK_ENABLE(); // (need this) because code missing in mpy? + 800211c: 6ca3 ldr r3, [r4, #72] ; 0x48 + 800211e: f043 0304 orr.w r3, r3, #4 + 8002122: 64a3 str r3, [r4, #72] ; 0x48 + 8002124: 6ca3 ldr r3, [r4, #72] ; 0x48 + 8002126: f003 0304 and.w r3, r3, #4 + 800212a: 9303 str r3, [sp, #12] + 800212c: 9b03 ldr r3, [sp, #12] + + // for SE2 + __HAL_RCC_I2C2_CLK_ENABLE(); + 800212e: 6da3 ldr r3, [r4, #88] ; 0x58 + 8002130: f443 0380 orr.w r3, r3, #4194304 ; 0x400000 + 8002134: 65a3 str r3, [r4, #88] ; 0x58 + 8002136: 6da3 ldr r3, [r4, #88] ; 0x58 + 8002138: f403 0380 and.w r3, r3, #4194304 ; 0x400000 + 800213c: 9304 str r3, [sp, #16] + 800213e: 9b04 ldr r3, [sp, #16] + __HAL_RCC_I2C2_FORCE_RESET(); + 8002140: 6ba3 ldr r3, [r4, #56] ; 0x38 + 8002142: f443 0380 orr.w r3, r3, #4194304 ; 0x400000 + 8002146: 63a3 str r3, [r4, #56] ; 0x38 + __HAL_RCC_I2C2_RELEASE_RESET(); + 8002148: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800214a: f423 0380 bic.w r3, r3, #4194304 ; 0x400000 + 800214e: 63a3 str r3, [r4, #56] ; 0x38 + + // setup SYSTICK, but we don't have the irq hooked up and not using HAL + // but we use it in polling mode for delay_ms() + systick_setup(); + 8002150: f7ff ff50 bl 8001ff4 + +} + 8002154: b041 add sp, #260 ; 0x104 + 8002156: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + 800215a: bf00 nop + 800215c: 40021000 .word 0x40021000 + 8002160: 00066880 .word 0x00066880 + 8002164: 01110000 .word 0x01110000 + +08002168 : + } else { + + // write changes to OB flash bytes + + // Set OPTSTRT bit + SET_BIT(FLASH->CR, FLASH_CR_OPTSTRT); + 8002168: 4b13 ldr r3, [pc, #76] ; (80021b8 ) + 800216a: 695a ldr r2, [r3, #20] + 800216c: f442 3200 orr.w r2, r2, #131072 ; 0x20000 + 8002170: 615a str r2, [r3, #20] + while(__HAL_FLASH_GET_FLAG(FLASH_FLAG_BSY)) { + 8002172: 691a ldr r2, [r3, #16] + 8002174: 03d2 lsls r2, r2, #15 + 8002176: d4fc bmi.n 8002172 + uint32_t error = (FLASH->SR & FLASH_FLAG_SR_ERRORS); + 8002178: 6919 ldr r1, [r3, #16] + if(error) { + 800217a: 4a10 ldr r2, [pc, #64] ; (80021bc ) + 800217c: 4211 tst r1, r2 + 800217e: d104 bne.n 800218a + if (__HAL_FLASH_GET_FLAG(FLASH_FLAG_EOP)) { + 8002180: 691a ldr r2, [r3, #16] + 8002182: 07d0 lsls r0, r2, #31 + __HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP); + 8002184: bf44 itt mi + 8002186: 2201 movmi r2, #1 + 8002188: 611a strmi r2, [r3, #16] + + /// Wait for update to complete + _flash_wait_done(); + + // lock OB again. + SET_BIT(FLASH->CR, FLASH_CR_OPTLOCK); + 800218a: 4b0b ldr r3, [pc, #44] ; (80021b8 ) + 800218c: 695a ldr r2, [r3, #20] + 800218e: f042 4280 orr.w r2, r2, #1073741824 ; 0x40000000 + 8002192: 615a str r2, [r3, #20] + + // include "launch" to make them take effect NOW + SET_BIT(FLASH->CR, FLASH_CR_OBL_LAUNCH); + 8002194: 695a ldr r2, [r3, #20] + 8002196: f042 6200 orr.w r2, r2, #134217728 ; 0x8000000 + 800219a: 615a str r2, [r3, #20] + while(__HAL_FLASH_GET_FLAG(FLASH_FLAG_BSY)) { + 800219c: 691a ldr r2, [r3, #16] + 800219e: 03d1 lsls r1, r2, #15 + 80021a0: d4fc bmi.n 800219c + uint32_t error = (FLASH->SR & FLASH_FLAG_SR_ERRORS); + 80021a2: 6919 ldr r1, [r3, #16] + if(error) { + 80021a4: 4a05 ldr r2, [pc, #20] ; (80021bc ) + 80021a6: 4211 tst r1, r2 + 80021a8: d104 bne.n 80021b4 + if (__HAL_FLASH_GET_FLAG(FLASH_FLAG_EOP)) { + 80021aa: 691a ldr r2, [r3, #16] + 80021ac: 07d2 lsls r2, r2, #31 + __HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP); + 80021ae: bf44 itt mi + 80021b0: 2201 movmi r2, #1 + 80021b2: 611a strmi r2, [r3, #16] + + _flash_wait_done(); + } +} + 80021b4: 4770 bx lr + 80021b6: bf00 nop + 80021b8: 40022000 .word 0x40022000 + 80021bc: 0002c3fa .word 0x0002c3fa + +080021c0 : +{ + 80021c0: b507 push {r0, r1, r2, lr} + memcpy(&_srelocate, &_etext, ((uint32_t)&_erelocate)-(uint32_t)&_srelocate); + 80021c2: 4809 ldr r0, [pc, #36] ; (80021e8 ) + 80021c4: 4a09 ldr r2, [pc, #36] ; (80021ec ) + 80021c6: 490a ldr r1, [pc, #40] ; (80021f0 ) + 80021c8: 1a12 subs r2, r2, r0 + 80021ca: f00b fb8d bl 800d8e8 + __HAL_RCC_FLASH_CLK_ENABLE(); + 80021ce: 4b09 ldr r3, [pc, #36] ; (80021f4 ) + 80021d0: 6c9a ldr r2, [r3, #72] ; 0x48 + 80021d2: f442 7280 orr.w r2, r2, #256 ; 0x100 + 80021d6: 649a str r2, [r3, #72] ; 0x48 + 80021d8: 6c9b ldr r3, [r3, #72] ; 0x48 + 80021da: f403 7380 and.w r3, r3, #256 ; 0x100 + 80021de: 9301 str r3, [sp, #4] + 80021e0: 9b01 ldr r3, [sp, #4] +} + 80021e2: b003 add sp, #12 + 80021e4: f85d fb04 ldr.w pc, [sp], #4 + 80021e8: 2009e000 .word 0x2009e000 + 80021ec: 2009e150 .word 0x2009e150 + 80021f0: 08010ac4 .word 0x08010ac4 + 80021f4: 40021000 .word 0x40021000 + +080021f8 : + SET_BIT(FLASH->CR, FLASH_CR_LOCK); + 80021f8: 4a02 ldr r2, [pc, #8] ; (8002204 ) + 80021fa: 6953 ldr r3, [r2, #20] + 80021fc: f043 4300 orr.w r3, r3, #2147483648 ; 0x80000000 + 8002200: 6153 str r3, [r2, #20] +} + 8002202: 4770 bx lr + 8002204: 40022000 .word 0x40022000 + +08002208 : +{ + 8002208: b508 push {r3, lr} + if(READ_BIT(FLASH->CR, FLASH_CR_LOCK)) { + 800220a: 4b08 ldr r3, [pc, #32] ; (800222c ) + 800220c: 695a ldr r2, [r3, #20] + 800220e: 2a00 cmp r2, #0 + 8002210: da0a bge.n 8002228 + WRITE_REG(FLASH->KEYR, FLASH_KEY1); + 8002212: 4a07 ldr r2, [pc, #28] ; (8002230 ) + 8002214: 609a str r2, [r3, #8] + WRITE_REG(FLASH->KEYR, FLASH_KEY2); + 8002216: f102 3288 add.w r2, r2, #2290649224 ; 0x88888888 + 800221a: 609a str r2, [r3, #8] + if(READ_BIT(FLASH->CR, FLASH_CR_LOCK)) { + 800221c: 695b ldr r3, [r3, #20] + 800221e: 2b00 cmp r3, #0 + 8002220: da02 bge.n 8002228 + INCONSISTENT("failed to unlock"); + 8002222: 4804 ldr r0, [pc, #16] ; (8002234 ) + 8002224: f7fe fc1a bl 8000a5c +} + 8002228: bd08 pop {r3, pc} + 800222a: bf00 nop + 800222c: 40022000 .word 0x40022000 + 8002230: 45670123 .word 0x45670123 + 8002234: 0800d990 .word 0x0800d990 + +08002238 : +{ + 8002238: b510 push {r4, lr} + if(!lock) { + 800223a: b980 cbnz r0, 800225e + if(READ_BIT(FLASH->CR, FLASH_CR_OPTLOCK)) { + 800223c: 4c0a ldr r4, [pc, #40] ; (8002268 ) + 800223e: 6963 ldr r3, [r4, #20] + 8002240: 005a lsls r2, r3, #1 + 8002242: d510 bpl.n 8002266 + flash_unlock(); + 8002244: f7ff ffe0 bl 8002208 + WRITE_REG(FLASH->OPTKEYR, FLASH_OPTKEY1); + 8002248: 4b08 ldr r3, [pc, #32] ; (800226c ) + 800224a: 60e3 str r3, [r4, #12] + WRITE_REG(FLASH->OPTKEYR, FLASH_OPTKEY2); + 800224c: f103 3344 add.w r3, r3, #1145324612 ; 0x44444444 + 8002250: 60e3 str r3, [r4, #12] + if(READ_BIT(FLASH->CR, FLASH_CR_OPTLOCK)) { + 8002252: 6963 ldr r3, [r4, #20] + 8002254: 005b lsls r3, r3, #1 + 8002256: d506 bpl.n 8002266 + INCONSISTENT("failed to OB unlock"); + 8002258: 4805 ldr r0, [pc, #20] ; (8002270 ) + 800225a: f7fe fbff bl 8000a5c +} + 800225e: e8bd 4010 ldmia.w sp!, {r4, lr} + 8002262: f7ff bf81 b.w 8002168 + 8002266: bd10 pop {r4, pc} + 8002268: 40022000 .word 0x40022000 + 800226c: 08192a3b .word 0x08192a3b + 8002270: 0800d990 .word 0x0800d990 + +08002274 : +// +// Write the serial number of ATECC608 into flash forever. +// + void +flash_save_ae_serial(const uint8_t serial[9]) +{ + 8002274: b51f push {r0, r1, r2, r3, r4, lr} + 8002276: 4602 mov r2, r0 + uint64_t tmp[2]; + memset(&tmp, 0x0, sizeof(tmp)); + 8002278: 2300 movs r3, #0 + memcpy(&tmp, serial, 9); + 800227a: 6800 ldr r0, [r0, #0] + 800227c: 6851 ldr r1, [r2, #4] + 800227e: 7a12 ldrb r2, [r2, #8] + memset(&tmp, 0x0, sizeof(tmp)); + 8002280: e9cd 3302 strd r3, r3, [sp, #8] + memcpy(&tmp, serial, 9); + 8002284: 466b mov r3, sp + 8002286: c303 stmia r3!, {r0, r1} + 8002288: 701a strb r2, [r3, #0] + + flash_setup0(); + 800228a: f7ff ff99 bl 80021c0 + flash_unlock(); + 800228e: f7ff ffbb bl 8002208 + + if(flash_burn((uint32_t)&rom_secrets->ae_serial_number[0], tmp[0])) { + 8002292: e9dd 2300 ldrd r2, r3, [sp] + 8002296: 4809 ldr r0, [pc, #36] ; (80022bc ) + 8002298: f00b fb76 bl 800d988 <__flash_burn_veneer> + 800229c: b110 cbz r0, 80022a4 + INCONSISTENT("fail1"); + 800229e: 4808 ldr r0, [pc, #32] ; (80022c0 ) + 80022a0: f7fe fbdc bl 8000a5c + } + if(flash_burn((uint32_t)&rom_secrets->ae_serial_number[1], tmp[1])) { + 80022a4: e9dd 2302 ldrd r2, r3, [sp, #8] + 80022a8: 4806 ldr r0, [pc, #24] ; (80022c4 ) + 80022aa: f00b fb6d bl 800d988 <__flash_burn_veneer> + 80022ae: 2800 cmp r0, #0 + 80022b0: d1f5 bne.n 800229e + INCONSISTENT("fail2"); + } + + flash_lock(); +} + 80022b2: b005 add sp, #20 + 80022b4: f85d eb04 ldr.w lr, [sp], #4 + flash_lock(); + 80022b8: f7ff bf9e b.w 80021f8 + 80022bc: 0801c040 .word 0x0801c040 + 80022c0: 0800d990 .word 0x0800d990 + 80022c4: 0801c048 .word 0x0801c048 + +080022c8 : +// +// Write bag number (probably a string) +// + void +flash_save_bag_number(const uint8_t new_number[32]) +{ + 80022c8: b570 push {r4, r5, r6, lr} + 80022ca: b088 sub sp, #32 + uint32_t dest = (uint32_t)&rom_secrets->bag_number[0]; + uint64_t tmp[4] = { 0 }; + uint64_t *src = tmp; + + STATIC_ASSERT(sizeof(tmp) == 32); + memcpy(tmp, new_number, 32); + 80022cc: 4603 mov r3, r0 + 80022ce: 466c mov r4, sp + 80022d0: f100 0520 add.w r5, r0, #32 + 80022d4: 6818 ldr r0, [r3, #0] + 80022d6: 6859 ldr r1, [r3, #4] + 80022d8: 4622 mov r2, r4 + 80022da: c203 stmia r2!, {r0, r1} + 80022dc: 3308 adds r3, #8 + 80022de: 42ab cmp r3, r5 + 80022e0: 4614 mov r4, r2 + 80022e2: d1f7 bne.n 80022d4 + + flash_setup0(); + 80022e4: f7ff ff6c bl 80021c0 + flash_unlock(); + 80022e8: f7ff ff8e bl 8002208 + uint32_t dest = (uint32_t)&rom_secrets->bag_number[0]; + 80022ec: 4d09 ldr r5, [pc, #36] ; (8002314 ) + + // NOTE: can only write once! No provision for read/check/update. + for(int i=0; i<(32/8); i++, dest+=8, src++) { + 80022ee: 4e0a ldr r6, [pc, #40] ; (8002318 ) + 80022f0: 466c mov r4, sp + if(flash_burn(dest, *src)) { + 80022f2: e8f4 2302 ldrd r2, r3, [r4], #8 + 80022f6: 4628 mov r0, r5 + 80022f8: f00b fb46 bl 800d988 <__flash_burn_veneer> + 80022fc: b110 cbz r0, 8002304 + INCONSISTENT("fail write"); + 80022fe: 4807 ldr r0, [pc, #28] ; (800231c ) + 8002300: f7fe fbac bl 8000a5c + for(int i=0; i<(32/8); i++, dest+=8, src++) { + 8002304: 3508 adds r5, #8 + 8002306: 42b5 cmp r5, r6 + 8002308: d1f3 bne.n 80022f2 + } + } + + flash_lock(); +} + 800230a: b008 add sp, #32 + 800230c: e8bd 4070 ldmia.w sp!, {r4, r5, r6, lr} + flash_lock(); + 8002310: f7ff bf72 b.w 80021f8 + 8002314: 0801c050 .word 0x0801c050 + 8002318: 0801c070 .word 0x0801c070 + 800231c: 0800d990 .word 0x0800d990 + +08002320 : +// Save bunch of stuff related to SE2. Allow updates to sections that are +// given as ones at this point. +// + void +flash_save_se2_data(const se2_secrets_t *se2) +{ + 8002320: e92d 41f3 stmdb sp!, {r0, r1, r4, r5, r6, r7, r8, lr} + 8002324: 4605 mov r5, r0 + uint8_t *dest = (uint8_t *)&rom_secrets->se2; + 8002326: 4c1a ldr r4, [pc, #104] ; (8002390 ) + STATIC_ASSERT(offsetof(rom_secrets_t, se2) % 8 == 0); + + flash_setup0(); + flash_unlock(); + + for(int i=0; i<(sizeof(se2_secrets_t)/8); i++, dest+=8, src+=8) { + 8002328: f8df 8070 ldr.w r8, [pc, #112] ; 800239c + flash_setup0(); + 800232c: f7ff ff48 bl 80021c0 + flash_unlock(); + 8002330: f7ff ff6a bl 8002208 + for(int i=0; i<(sizeof(se2_secrets_t)/8); i++, dest+=8, src+=8) { + 8002334: 1b2d subs r5, r5, r4 + 8002336: eb05 0c04 add.w ip, r5, r4 + uint64_t val; + memcpy(&val, src, sizeof(val)); + 800233a: 5928 ldr r0, [r5, r4] + 800233c: f8dc 1004 ldr.w r1, [ip, #4] + 8002340: 466b mov r3, sp + + // don't write if all ones or already written correctly + if(val == ~0) continue; + 8002342: f1b1 3fff cmp.w r1, #4294967295 ; 0xffffffff + 8002346: bf08 it eq + 8002348: f1b0 3fff cmpeq.w r0, #4294967295 ; 0xffffffff + memcpy(&val, src, sizeof(val)); + 800234c: c303 stmia r3!, {r0, r1} + if(val == ~0) continue; + 800234e: 4607 mov r7, r0 + 8002350: 460e mov r6, r1 + 8002352: d015 beq.n 8002380 + if(check_equal(dest, src, 8)) continue; + 8002354: 2208 movs r2, #8 + 8002356: 4661 mov r1, ip + 8002358: 4620 mov r0, r4 + 800235a: f000 fa82 bl 8002862 + 800235e: b978 cbnz r0, 8002380 + + // can't write if not ones already + ASSERT(check_all_ones(dest, 8)); + 8002360: 2108 movs r1, #8 + 8002362: 4620 mov r0, r4 + 8002364: f000 fa64 bl 8002830 + 8002368: b910 cbnz r0, 8002370 + 800236a: 480a ldr r0, [pc, #40] ; (8002394 ) + + if(flash_burn((uint32_t)dest, val)) { + INCONSISTENT("fail write"); + 800236c: f7fe fb76 bl 8000a5c + if(flash_burn((uint32_t)dest, val)) { + 8002370: 463a mov r2, r7 + 8002372: 4633 mov r3, r6 + 8002374: 4620 mov r0, r4 + 8002376: f00b fb07 bl 800d988 <__flash_burn_veneer> + 800237a: b108 cbz r0, 8002380 + INCONSISTENT("fail write"); + 800237c: 4806 ldr r0, [pc, #24] ; (8002398 ) + 800237e: e7f5 b.n 800236c + for(int i=0; i<(sizeof(se2_secrets_t)/8); i++, dest+=8, src+=8) { + 8002380: 3408 adds r4, #8 + 8002382: 4544 cmp r4, r8 + 8002384: d1d7 bne.n 8002336 + } + } + + flash_lock(); +} + 8002386: b002 add sp, #8 + 8002388: e8bd 41f0 ldmia.w sp!, {r4, r5, r6, r7, r8, lr} + flash_lock(); + 800238c: f7ff bf34 b.w 80021f8 + 8002390: 0801c0b0 .word 0x0801c0b0 + 8002394: 08010470 .word 0x08010470 + 8002398: 0800d990 .word 0x0800d990 + 800239c: 0801c190 .word 0x0801c190 + +080023a0 : +// +// This is really a state-machine, to recover boards that are booted w/ missing AE chip. +// + void +flash_setup(void) +{ + 80023a0: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + + // see if we have picked a pairing secret yet. + // NOTE: critical section for glitching (at least in past versions) + // - check_all.. functions have a rng_delay in them already + rng_delay(); + bool blank_ps = check_all_ones(rom_secrets->pairing_secret, 32); + 80023a4: 4e58 ldr r6, [pc, #352] ; (8002508 ) +{ + 80023a6: b08b sub sp, #44 ; 0x2c + flash_setup0(); + 80023a8: f7ff ff0a bl 80021c0 + rng_delay(); + 80023ac: f000 fabe bl 800292c + bool blank_ps = check_all_ones(rom_secrets->pairing_secret, 32); + 80023b0: 2120 movs r1, #32 + 80023b2: 4630 mov r0, r6 + 80023b4: f000 fa3c bl 8002830 + bool zeroed_ps = check_all_zeros(rom_secrets->pairing_secret, 32); + 80023b8: 2120 movs r1, #32 + bool blank_ps = check_all_ones(rom_secrets->pairing_secret, 32); + 80023ba: 4681 mov r9, r0 + bool zeroed_ps = check_all_zeros(rom_secrets->pairing_secret, 32); + 80023bc: 4630 mov r0, r6 + 80023be: f000 fa41 bl 8002844 + bool blank_xor = check_all_ones(rom_secrets->pairing_secret_xor, 32); + 80023c2: 2120 movs r1, #32 + bool zeroed_ps = check_all_zeros(rom_secrets->pairing_secret, 32); + 80023c4: 4604 mov r4, r0 + bool blank_xor = check_all_ones(rom_secrets->pairing_secret_xor, 32); + 80023c6: 4851 ldr r0, [pc, #324] ; (800250c ) + 80023c8: f000 fa32 bl 8002830 + bool blank_ae = (~rom_secrets->ae_serial_number[0] == 0); + 80023cc: e9d6 7810 ldrd r7, r8, [r6, #64] ; 0x40 + bool blank_xor = check_all_ones(rom_secrets->pairing_secret_xor, 32); + 80023d0: 4605 mov r5, r0 + rng_delay(); + 80023d2: f000 faab bl 800292c + + if(zeroed_ps) { + 80023d6: b124 cbz r4, 80023e2 + // fast brick process leaves us w/ zero pairing secret + oled_show(screen_brick); + 80023d8: 484d ldr r0, [pc, #308] ; (8002510 ) + 80023da: f7fe fe5d bl 8001098 + // Hardware fail speaking to AE chip ... be careful not to brick here. + // Do not continue!! We might fix the board, or add missing pullup, etc. + oled_show(screen_se1_issue); + puts("SE1 config fail"); + + LOCKUP_FOREVER(); + 80023de: f001 fc5d bl 8003c9c + if(blank_ps) { + 80023e2: f1b9 0f00 cmp.w r9, #0 + 80023e6: d03e beq.n 8002466 + rng_setup(); + 80023e8: f000 fa5e bl 80028a8 + oled_show(screen_se_setup); + 80023ec: 4849 ldr r0, [pc, #292] ; (8002514 ) + 80023ee: f7fe fe53 bl 8001098 + for(int i=0; i<8; i++) { + 80023f2: ae02 add r6, sp, #8 + oled_show(screen_se_setup); + 80023f4: 46b1 mov r9, r6 + secret[i] = rng_sample(); + 80023f6: f000 fa45 bl 8002884 + for(int i=0; i<8; i++) { + 80023fa: 3401 adds r4, #1 + 80023fc: 2c08 cmp r4, #8 + secret[i] = rng_sample(); + 80023fe: f849 0b04 str.w r0, [r9], #4 + for(int i=0; i<8; i++) { + 8002402: d1f8 bne.n 80023f6 + while(secret[0] == ~0) { + 8002404: 9b02 ldr r3, [sp, #8] + 8002406: 3301 adds r3, #1 + 8002408: d00d beq.n 8002426 + flash_unlock(); + 800240a: f7ff fefd bl 8002208 + uint32_t dest = (uint32_t)&rom_secrets->pairing_secret; + 800240e: 4c3e ldr r4, [pc, #248] ; (8002508 ) + for(int i=0; i<8; i+=2, dest += 8) { + 8002410: f8df 90f8 ldr.w r9, [pc, #248] ; 800250c + if(flash_burn(dest, val)) { + 8002414: e9d6 3200 ldrd r3, r2, [r6] + 8002418: 4620 mov r0, r4 + 800241a: f00b fab5 bl 800d988 <__flash_burn_veneer> + 800241e: b130 cbz r0, 800242e + INCONSISTENT("flash fail"); + 8002420: 483d ldr r0, [pc, #244] ; (8002518 ) + 8002422: f7fe fb1b bl 8000a5c + secret[0] = rng_sample(); + 8002426: f000 fa2d bl 8002884 + 800242a: 9002 str r0, [sp, #8] + 800242c: e7ea b.n 8002404 + for(int i=0; i<8; i+=2, dest += 8) { + 800242e: 3408 adds r4, #8 + 8002430: 454c cmp r4, r9 + 8002432: f106 0608 add.w r6, r6, #8 + 8002436: d1ed bne.n 8002414 + flash_lock(); + 8002438: f7ff fede bl 80021f8 + flash_unlock(); + 800243c: f7ff fee4 bl 8002208 + uint32_t dest = (uint32_t)&rom_secrets->hash_cache_secret; + 8002440: 4c36 ldr r4, [pc, #216] ; (800251c ) + for(int i=0; i) + uint64_t val = ((uint64_t)rng_sample() << 32) | rng_sample(); + 8002444: f000 fa1e bl 8002884 + 8002448: 9001 str r0, [sp, #4] + 800244a: f000 fa1b bl 8002884 + if(flash_burn(dest, val)) { + 800244e: 9b01 ldr r3, [sp, #4] + uint64_t val = ((uint64_t)rng_sample() << 32) | rng_sample(); + 8002450: 4602 mov r2, r0 + if(flash_burn(dest, val)) { + 8002452: 4620 mov r0, r4 + 8002454: f00b fa98 bl 800d988 <__flash_burn_veneer> + 8002458: 2800 cmp r0, #0 + 800245a: d1e1 bne.n 8002420 + for(int i=0; i + flash_lock(); + 8002462: f7ff fec9 bl 80021f8 + if(blank_xor || blank_ae) { + 8002466: b92d cbnz r5, 8002474 + 8002468: f1b8 3fff cmp.w r8, #4294967295 ; 0xffffffff + 800246c: bf08 it eq + 800246e: f1b7 3fff cmpeq.w r7, #4294967295 ; 0xffffffff + 8002472: d126 bne.n 80024c2 + se2_setup_config(); + 8002474: f005 fb74 bl 8007b60 + int rv = ae_setup_config(); + 8002478: f001 f992 bl 80037a0 + 800247c: 4604 mov r4, r0 + rng_delay(); + 800247e: f000 fa55 bl 800292c + if(rv) { + 8002482: b134 cbz r4, 8002492 + oled_show(screen_se1_issue); + 8002484: 4827 ldr r0, [pc, #156] ; (8002524 ) + 8002486: f7fe fe07 bl 8001098 + puts("SE1 config fail"); + 800248a: 4827 ldr r0, [pc, #156] ; (8002528 ) + 800248c: f002 fdf2 bl 8005074 + 8002490: e7a5 b.n 80023de + } + + rng_delay(); + 8002492: f000 fa4b bl 800292c + if(blank_xor) { + 8002496: b195 cbz r5, 80024be + flash_unlock(); + 8002498: f7ff feb6 bl 8002208 + uint64_t *src = (uint64_t *)&rom_secrets->pairing_secret; + 800249c: 4c1a ldr r4, [pc, #104] ; (8002508 ) + for(int i=0; i<(32/8); i++, dest+=8, src++) { + 800249e: 4e1b ldr r6, [pc, #108] ; (800250c ) + uint64_t val = ~(*src); + 80024a0: e9d4 2300 ldrd r2, r3, [r4] + if(flash_burn(dest, val)) { + 80024a4: f104 0020 add.w r0, r4, #32 + 80024a8: 43d2 mvns r2, r2 + 80024aa: 43db mvns r3, r3 + 80024ac: f00b fa6c bl 800d988 <__flash_burn_veneer> + 80024b0: 2800 cmp r0, #0 + 80024b2: d1b5 bne.n 8002420 + for(int i=0; i<(32/8); i++, dest+=8, src++) { + 80024b4: 3408 adds r4, #8 + 80024b6: 42b4 cmp r4, r6 + 80024b8: d1f2 bne.n 80024a0 + flash_lock(); + 80024ba: f7ff fe9d bl 80021f8 + + // real power cycle required now. +#ifdef FOR_Q1_ONLY + // Q: just do it (we warned them) + extern void turn_power_off(void); + turn_power_off(); + 80024be: f001 fbe1 bl 8003c84 + puts("replug required"); + LOCKUP_FOREVER(); +#endif + } + + rng_delay(); + 80024c2: f000 fa33 bl 800292c + if(!blank_ps && !blank_xor) { + 80024c6: b9e5 cbnz r5, 8002502 + // check the XOR value also written: 2 phase commit + uint8_t tmp[32]; + memcpy(tmp, rom_secrets->pairing_secret, 32); + 80024c8: 4d0f ldr r5, [pc, #60] ; (8002508 ) + 80024ca: cd0f ldmia r5!, {r0, r1, r2, r3} + 80024cc: ac02 add r4, sp, #8 + 80024ce: c40f stmia r4!, {r0, r1, r2, r3} + 80024d0: e895 000f ldmia.w r5, {r0, r1, r2, r3} + 80024d4: e884 000f stmia.w r4, {r0, r1, r2, r3} + 80024d8: ab02 add r3, sp, #8 + 80024da: 4a0c ldr r2, [pc, #48] ; (800250c ) +bool check_equal(const void *aV, const void *bV, int len); + +// XOR-mixin more bytes; acc = acc XOR more for each byte +void static inline xor_mixin(uint8_t *acc, const uint8_t *more, int len) +{ + for(; len; len--, more++, acc++) { + 80024dc: 4c13 ldr r4, [pc, #76] ; (800252c ) + 80024de: 4618 mov r0, r3 + *(acc) ^= *(more); + 80024e0: 7819 ldrb r1, [r3, #0] + 80024e2: f812 5b01 ldrb.w r5, [r2], #1 + 80024e6: 4069 eors r1, r5 + for(; len; len--, more++, acc++) { + 80024e8: 42a2 cmp r2, r4 + *(acc) ^= *(more); + 80024ea: f803 1b01 strb.w r1, [r3], #1 + for(; len; len--, more++, acc++) { + 80024ee: d1f7 bne.n 80024e0 + xor_mixin(tmp, rom_secrets->pairing_secret_xor, 32); + + if(!check_all_ones(tmp, 32)) { + 80024f0: 2120 movs r1, #32 + 80024f2: f000 f99d bl 8002830 + 80024f6: b920 cbnz r0, 8002502 + oled_show(screen_corrupt); + 80024f8: 480d ldr r0, [pc, #52] ; (8002530 ) + 80024fa: f7fe fdcd bl 8001098 + puts("corrupt pair sec"); + 80024fe: 480d ldr r0, [pc, #52] ; (8002534 ) + 8002500: e7c4 b.n 800248c + // That's fine if we intend to ship units locked already. + + // Do NOT do write every boot, as it might wear-out + // the flash bits in OB. + +} + 8002502: b00b add sp, #44 ; 0x2c + 8002504: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + 8002508: 0801c000 .word 0x0801c000 + 800250c: 0801c020 .word 0x0801c020 + 8002510: 0800da65 .word 0x0800da65 + 8002514: 0800f675 .word 0x0800f675 + 8002518: 0800d990 .word 0x0800d990 + 800251c: 0801c070 .word 0x0801c070 + 8002520: 0801c0b0 .word 0x0801c0b0 + 8002524: 0800f13e .word 0x0800f13e + 8002528: 0801066a .word 0x0801066a + 800252c: 0801c040 .word 0x0801c040 + 8002530: 0800db11 .word 0x0800db11 + 8002534: 0801067a .word 0x0801067a + +08002538 : +// +// This is a one-way trip. Might need power cycle to (fully?) take effect. +// + void +flash_lockdown_hard(uint8_t rdp_level_code) +{ + 8002538: b510 push {r4, lr} + 800253a: 4604 mov r4, r0 +#if RELEASE + flash_setup0(); + 800253c: f7ff fe40 bl 80021c0 + + // see FLASH_OB_WRPConfig() + + flash_ob_lock(false); + 8002540: 2000 movs r0, #0 + 8002542: f7ff fe79 bl 8002238 + // lock first 128k-8k against any writes + FLASH->WRP1AR = (num_pages_locked << 16); + 8002546: 4b08 ldr r3, [pc, #32] ; (8002568 ) + 8002548: f44f 2260 mov.w r2, #917504 ; 0xe0000 + 800254c: 62da str r2, [r3, #44] ; 0x2c + FLASH->WRP1BR = 0xff; // unused. + 800254e: 22ff movs r2, #255 ; 0xff + 8002550: 631a str r2, [r3, #48] ; 0x30 + FLASH->WRP2AR = 0xff; // unused. + 8002552: 64da str r2, [r3, #76] ; 0x4c + FLASH->WRP2BR = 0xff; // unused. + 8002554: 651a str r2, [r3, #80] ; 0x50 + // the RDP level is decreased from Level 1 to Level 0)." + // - D-bus access blocked, even for code running inside the PCROP area! (AN4758) + // So literal values and constant tables and such would need special linking. + + // set protection level + uint32_t was = FLASH->OPTR & ~0xff; + 8002556: 6a1a ldr r2, [r3, #32] + 8002558: f022 02ff bic.w r2, r2, #255 ; 0xff + FLASH->OPTR = was | rdp_level_code; // select level X, other values as observed + 800255c: 4322 orrs r2, r4 + 800255e: 621a str r2, [r3, #32] +#else + puts2("flash_lockdown_hard("); + puthex2(rdp_level_code); + puts(") skipped"); +#endif +} + 8002560: e8bd 4010 ldmia.w sp!, {r4, lr} + 8002564: f7ff be00 b.w 8002168 + 8002568: 40022000 .word 0x40022000 + +0800256c : + +// record_highwater_version() +// + int +record_highwater_version(const uint8_t timestamp[8]) +{ + 800256c: b537 push {r0, r1, r2, r4, r5, lr} + const uint8_t *otp = (const uint8_t *)OPT_FLASH_BASE; + + ASSERT(timestamp[0] < 0x40); + ASSERT(timestamp[0] >= 0x10); + 800256e: 7802 ldrb r2, [r0, #0] + 8002570: 3a10 subs r2, #16 + 8002572: 2a2f cmp r2, #47 ; 0x2f +{ + 8002574: 4603 mov r3, r0 + ASSERT(timestamp[0] >= 0x10); + 8002576: d902 bls.n 800257e + ASSERT(timestamp[0] < 0x40); + 8002578: 4810 ldr r0, [pc, #64] ; (80025bc ) + 800257a: f7fe fa6f bl 8000a5c + + uint64_t val = 0; + memcpy(&val, timestamp, 8); + 800257e: 6800 ldr r0, [r0, #0] + 8002580: 6859 ldr r1, [r3, #4] + const uint8_t *otp = (const uint8_t *)OPT_FLASH_BASE; + 8002582: 4c0f ldr r4, [pc, #60] ; (80025c0 ) + + // just write to first blank slot we can find. + for(int i=0; i) + memcpy(&val, timestamp, 8); + 8002586: 466a mov r2, sp + 8002588: c203 stmia r2!, {r0, r1} + if(check_all_ones(otp, 8)) { + 800258a: 2108 movs r1, #8 + 800258c: 4620 mov r0, r4 + 800258e: f000 f94f bl 8002830 + 8002592: b168 cbz r0, 80025b0 + // write here. + flash_setup0(); + 8002594: f7ff fe14 bl 80021c0 + flash_unlock(); + 8002598: f7ff fe36 bl 8002208 + flash_burn((uint32_t)otp, val); + 800259c: e9dd 2300 ldrd r2, r3, [sp] + 80025a0: 4620 mov r0, r4 + 80025a2: f00b f9f1 bl 800d988 <__flash_burn_veneer> + flash_lock(); + 80025a6: f7ff fe27 bl 80021f8 + + return 0; + 80025aa: 2000 movs r0, #0 + } + } + + // no space. + return 1; +} + 80025ac: b003 add sp, #12 + 80025ae: bd30 pop {r4, r5, pc} + for(int i=0; i + return 1; + 80025b6: 2001 movs r0, #1 + 80025b8: e7f8 b.n 80025ac + 80025ba: bf00 nop + 80025bc: 08010470 .word 0x08010470 + 80025c0: 1fff7000 .word 0x1fff7000 + 80025c4: 1fff7400 .word 0x1fff7400 + +080025c8 : + +// mcu_key_get() +// + const mcu_key_t * +mcu_key_get(bool *valid) +{ + 80025c8: b570 push {r4, r5, r6, lr} + // get current "mcu_key" value; first byte will never be 0x0 or 0xff + // - except if no key set yet/recently wiped + // - if none set, returns ptr to first available slot which will be all ones + const mcu_key_t *ptr = MCU_KEYS, *avail=NULL; + + for(int i=0; i) + const mcu_key_t *ptr = MCU_KEYS, *avail=NULL; + 80025cc: 4c0d ldr r4, [pc, #52] ; (8002604 ) +{ + 80025ce: 4606 mov r6, r0 + const mcu_key_t *ptr = MCU_KEYS, *avail=NULL; + 80025d0: 2500 movs r5, #0 + if(ptr->value[0] == 0xff) { + 80025d2: 7823 ldrb r3, [r4, #0] + 80025d4: 2bff cmp r3, #255 ; 0xff + 80025d6: d10b bne.n 80025f0 + if(!avail) { + 80025d8: 2d00 cmp r5, #0 + 80025da: bf08 it eq + 80025dc: 4625 moveq r5, r4 + for(int i=0; i + *valid = true; + return ptr; + } + } + + rng_delay(); + 80025e4: f000 f9a2 bl 800292c + *valid = false; + 80025e8: 2300 movs r3, #0 + 80025ea: 7033 strb r3, [r6, #0] + return avail; + 80025ec: 462c mov r4, r5 + 80025ee: e005 b.n 80025fc + } else if(ptr->value[0] != 0x00) { + 80025f0: 2b00 cmp r3, #0 + 80025f2: d0f4 beq.n 80025de + rng_delay(); + 80025f4: f000 f99a bl 800292c + *valid = true; + 80025f8: 2301 movs r3, #1 + 80025fa: 7033 strb r3, [r6, #0] +} + 80025fc: 4620 mov r0, r4 + 80025fe: bd70 pop {r4, r5, r6, pc} + 8002600: 08020000 .word 0x08020000 + 8002604: 0801e000 .word 0x0801e000 + +08002608 : + +// mcu_key_clear() +// + void +mcu_key_clear(const mcu_key_t *cur) +{ + 8002608: b513 push {r0, r1, r4, lr} + if(!cur) { + 800260a: 4604 mov r4, r0 + 800260c: b938 cbnz r0, 800261e + bool valid; + cur = mcu_key_get(&valid); + 800260e: f10d 0007 add.w r0, sp, #7 + 8002612: f7ff ffd9 bl 80025c8 + + if(!valid) return; + 8002616: f89d 3007 ldrb.w r3, [sp, #7] + cur = mcu_key_get(&valid); + 800261a: 4604 mov r4, r0 + if(!valid) return; + 800261c: b1fb cbz r3, 800265e + } + + // no delays here since decision has been made, and don't + // want to give them more time to interrupt us + flash_setup0(); + 800261e: f7ff fdcf bl 80021c0 + flash_unlock(); + 8002622: f7ff fdf1 bl 8002208 + uint32_t pos = (uint32_t)cur; + flash_burn(pos, 0); pos += 8; + 8002626: 2200 movs r2, #0 + 8002628: 2300 movs r3, #0 + 800262a: 4620 mov r0, r4 + 800262c: f00b f9ac bl 800d988 <__flash_burn_veneer> + flash_burn(pos, 0); pos += 8; + 8002630: 2200 movs r2, #0 + 8002632: 2300 movs r3, #0 + 8002634: f104 0008 add.w r0, r4, #8 + 8002638: f00b f9a6 bl 800d988 <__flash_burn_veneer> + flash_burn(pos, 0); pos += 8; + 800263c: 2200 movs r2, #0 + 800263e: 2300 movs r3, #0 + 8002640: f104 0010 add.w r0, r4, #16 + 8002644: f00b f9a0 bl 800d988 <__flash_burn_veneer> + flash_burn(pos, 0); + 8002648: 2200 movs r2, #0 + 800264a: 2300 movs r3, #0 + 800264c: f104 0018 add.w r0, r4, #24 + 8002650: f00b f99a bl 800d988 <__flash_burn_veneer> + flash_lock(); +} + 8002654: b002 add sp, #8 + 8002656: e8bd 4010 ldmia.w sp!, {r4, lr} + flash_lock(); + 800265a: f7ff bdcd b.w 80021f8 +} + 800265e: b002 add sp, #8 + 8002660: bd10 pop {r4, pc} + ... + +08002664 : + +// mcu_key_usage() +// + void +mcu_key_usage(int *avail_out, int *consumed_out, int *total_out) +{ + 8002664: b5f0 push {r4, r5, r6, r7, lr} + const mcu_key_t *ptr = MCU_KEYS; + int avail = 0, used = 0; + 8002666: 2300 movs r3, #0 + const mcu_key_t *ptr = MCU_KEYS; + 8002668: 4c09 ldr r4, [pc, #36] ; (8002690 ) + + for(int i=0; i) + int avail = 0, used = 0; + 800266c: 461d mov r5, r3 + if(ptr->value[0] == 0xff) { + 800266e: 7826 ldrb r6, [r4, #0] + 8002670: 2eff cmp r6, #255 ; 0xff + 8002672: d109 bne.n 8002688 + avail ++; + 8002674: 3501 adds r5, #1 + for(int i=0; i + } else if(ptr->value[0] == 0x00) { + used ++; + } + } + + *avail_out = avail; + 800267c: 6005 str r5, [r0, #0] + *consumed_out = used; + 800267e: 600b str r3, [r1, #0] + *total_out = NUM_MCU_KEYS; + 8002680: f44f 7380 mov.w r3, #256 ; 0x100 + 8002684: 6013 str r3, [r2, #0] +} + 8002686: bdf0 pop {r4, r5, r6, r7, pc} + } else if(ptr->value[0] == 0x00) { + 8002688: 2e00 cmp r6, #0 + 800268a: d1f4 bne.n 8002676 + used ++; + 800268c: 3301 adds r3, #1 + 800268e: e7f2 b.n 8002676 + 8002690: 0801e000 .word 0x0801e000 + 8002694: 08020000 .word 0x08020000 + +08002698 : + +// mcu_key_pick() +// + const mcu_key_t * +mcu_key_pick(void) +{ + 8002698: b5f0 push {r4, r5, r6, r7, lr} + 800269a: b08b sub sp, #44 ; 0x2c + mcu_key_t n; + + // get some good entropy, and whiten it just in case. + do { + rng_buffer(n.value, 32); + 800269c: ad02 add r5, sp, #8 + 800269e: 2120 movs r1, #32 + 80026a0: 4628 mov r0, r5 + 80026a2: f000 f92d bl 8002900 + sha256_single(n.value, 32, n.value); + 80026a6: 462a mov r2, r5 + 80026a8: 2120 movs r1, #32 + 80026aa: 4628 mov r0, r5 + 80026ac: f003 f8d4 bl 8005858 + sha256_single(n.value, 32, n.value); + 80026b0: 462a mov r2, r5 + 80026b2: 2120 movs r1, #32 + 80026b4: 4628 mov r0, r5 + 80026b6: f003 f8cf bl 8005858 + } while(n.value[0] == 0x0 || n.value[0] == 0xff); + 80026ba: f89d 3008 ldrb.w r3, [sp, #8] + 80026be: 3b01 subs r3, #1 + 80026c0: b2db uxtb r3, r3 + 80026c2: 2bfd cmp r3, #253 ; 0xfd + 80026c4: d8eb bhi.n 800269e + + int err = 0; + const mcu_key_t *cur; + + do { + bool valid = false; + 80026c6: 2300 movs r3, #0 + cur = mcu_key_get(&valid); + 80026c8: 4668 mov r0, sp + bool valid = false; + 80026ca: f88d 3000 strb.w r3, [sp] + cur = mcu_key_get(&valid); + 80026ce: f7ff ff7b bl 80025c8 + + if(!cur) { + 80026d2: 4604 mov r4, r0 + 80026d4: b938 cbnz r0, 80026e6 + // no free slots. we are brick. + puts("mcu full"); + 80026d6: 4828 ldr r0, [pc, #160] ; (8002778 ) + 80026d8: f002 fccc bl 8005074 + oled_show(screen_brick); + 80026dc: 4827 ldr r0, [pc, #156] ; (800277c ) + 80026de: f7fe fcdb bl 8001098 + + LOCKUP_FOREVER(); + 80026e2: f001 fadb bl 8003c9c + } + + if(valid) { + 80026e6: f89d 3000 ldrb.w r3, [sp] + 80026ea: b14b cbz r3, 8002700 + // clear existing key, if it's defined. + ASSERT(cur->value[0] != 0x00); + 80026ec: 7803 ldrb r3, [r0, #0] + 80026ee: 3b01 subs r3, #1 + 80026f0: b2db uxtb r3, r3 + 80026f2: 2bfd cmp r3, #253 ; 0xfd + 80026f4: d902 bls.n 80026fc + 80026f6: 4822 ldr r0, [pc, #136] ; (8002780 ) + 80026f8: f7fe f9b0 bl 8000a5c + ASSERT(cur->value[0] != 0xff); + + mcu_key_clear(cur); + 80026fc: f7ff ff84 bl 8002608 + continue; + } + } while(0); + + // burn it + flash_setup0(); + 8002700: f7ff fd5e bl 80021c0 + flash_unlock(); + 8002704: f7ff fd80 bl 8002208 + uint32_t pos = (uint32_t)cur; + const uint8_t *fr = n.value; + + for(int i=0; i<32; i+= 8, pos += 8, fr += 8) { + 8002708: 2700 movs r7, #0 + uint64_t v; + memcpy(&v, fr, sizeof(v)); + 800270a: 19ea adds r2, r5, r7 + 800270c: 59e8 ldr r0, [r5, r7] + 800270e: 6851 ldr r1, [r2, #4] + 8002710: 466b mov r3, sp + 8002712: c303 stmia r3!, {r0, r1} + + err = flash_burn(pos, v); + 8002714: 19e0 adds r0, r4, r7 + 8002716: e9dd 2300 ldrd r2, r3, [sp] + 800271a: f00b f935 bl 800d988 <__flash_burn_veneer> + if(err) break; + 800271e: 4606 mov r6, r0 + 8002720: b910 cbnz r0, 8002728 + for(int i=0; i<32; i+= 8, pos += 8, fr += 8) { + 8002722: 3708 adds r7, #8 + 8002724: 2f20 cmp r7, #32 + 8002726: d1f0 bne.n 800270a + } + flash_lock(); + 8002728: f7ff fd66 bl 80021f8 + + // NOTE: Errors not expected, but lets be graceful about them. + + if(err) { + 800272c: b166 cbz r6, 8002748 + // what to do? + puts("burn fail: "); + 800272e: 4815 ldr r0, [pc, #84] ; (8002784 ) + 8002730: f002 fca0 bl 8005074 + puthex2(err); + 8002734: b2f0 uxtb r0, r6 + 8002736: f002 fc41 bl 8004fbc + putchar('\n'); + 800273a: 200a movs r0, #10 + 800273c: f002 fc20 bl 8004f80 + return NULL; + } + + if(after != cur || !check_equal(after->value, n.value, 32)) { + puts("bad val?"); + return NULL; + 8002740: 2400 movs r4, #0 + } + + return cur; +} + 8002742: 4620 mov r0, r4 + 8002744: b00b add sp, #44 ; 0x2c + 8002746: bdf0 pop {r4, r5, r6, r7, pc} + const mcu_key_t *after = mcu_key_get(&valid); + 8002748: 4668 mov r0, sp + bool valid = false; + 800274a: f88d 6000 strb.w r6, [sp] + const mcu_key_t *after = mcu_key_get(&valid); + 800274e: f7ff ff3b bl 80025c8 + if(!valid) { + 8002752: f89d 2000 ldrb.w r2, [sp] + 8002756: b91a cbnz r2, 8002760 + puts("!valid?"); + 8002758: 480b ldr r0, [pc, #44] ; (8002788 ) + puts("bad val?"); + 800275a: f002 fc8b bl 8005074 + 800275e: e7ef b.n 8002740 + if(after != cur || !check_equal(after->value, n.value, 32)) { + 8002760: 4284 cmp r4, r0 + 8002762: d001 beq.n 8002768 + puts("bad val?"); + 8002764: 4809 ldr r0, [pc, #36] ; (800278c ) + 8002766: e7f8 b.n 800275a + if(after != cur || !check_equal(after->value, n.value, 32)) { + 8002768: 2220 movs r2, #32 + 800276a: 4629 mov r1, r5 + 800276c: f000 f879 bl 8002862 + 8002770: 2800 cmp r0, #0 + 8002772: d1e6 bne.n 8002742 + 8002774: e7f6 b.n 8002764 + 8002776: bf00 nop + 8002778: 0801068b .word 0x0801068b + 800277c: 0800da65 .word 0x0800da65 + 8002780: 08010470 .word 0x08010470 + 8002784: 08010694 .word 0x08010694 + 8002788: 080106a0 .word 0x080106a0 + 800278c: 080106a8 .word 0x080106a8 + +08002790 : + +// fast_brick() +// + void +fast_brick(void) +{ + 8002790: b538 push {r3, r4, r5, lr} +#ifndef RELEASE + puts2("DISABLED fast brick... "); + oled_show(screen_brick); +#else + // do a fast wipe of our key + mcu_key_clear(NULL); + 8002792: 2000 movs r0, #0 + 8002794: f7ff ff38 bl 8002608 + + // brick SE1 for future + ae_brick_myself(); + 8002798: f001 f970 bl 8003a7c + + // NOTE: could brick SE1 (somewhat) by dec'ing the counter, which will + // invalidate all PIN hashes + + // no going back from that -- but for privacy, wipe more stuff + oled_show(screen_brick); + 800279c: 480e ldr r0, [pc, #56] ; (80027d8 ) + uint32_t bot = (uint32_t)MCU_KEYS; + flash_page_erase(bot); + + // 2: LFS area first, since holds settings (AES'ed w/ lost key, but yeah) + // 3: the firmware, not a secret anyway + for(uint32_t pos=(FLASH_BASE + 0x200000 - FLASH_ERASE_SIZE); + 800279e: 4c0f ldr r4, [pc, #60] ; (80027dc ) + 80027a0: 4d0f ldr r5, [pc, #60] ; (80027e0 ) + oled_show(screen_brick); + 80027a2: f7fe fc79 bl 8001098 + puts2("fast brick... "); + 80027a6: 480f ldr r0, [pc, #60] ; (80027e4 ) + 80027a8: f002 fbd6 bl 8004f58 + flash_setup0(); + 80027ac: f7ff fd08 bl 80021c0 + flash_unlock(); + 80027b0: f7ff fd2a bl 8002208 + flash_page_erase(bot); + 80027b4: 480a ldr r0, [pc, #40] ; (80027e0 ) + 80027b6: f00b f8e3 bl 800d980 <__flash_page_erase_veneer> + pos > bot; pos -= FLASH_ERASE_SIZE) { + flash_page_erase(pos); + 80027ba: 4620 mov r0, r4 + pos > bot; pos -= FLASH_ERASE_SIZE) { + 80027bc: f5a4 5480 sub.w r4, r4, #4096 ; 0x1000 + flash_page_erase(pos); + 80027c0: f00b f8de bl 800d980 <__flash_page_erase_veneer> + for(uint32_t pos=(FLASH_BASE + 0x200000 - FLASH_ERASE_SIZE); + 80027c4: 42ac cmp r4, r5 + 80027c6: d1f8 bne.n 80027ba + } + flash_lock(); + puts(" done"); + 80027c8: 4807 ldr r0, [pc, #28] ; (80027e8 ) + flash_lock(); + 80027ca: f7ff fd15 bl 80021f8 + puts(" done"); + 80027ce: f002 fc51 bl 8005074 +#endif + + LOCKUP_FOREVER(); + 80027d2: f001 fa63 bl 8003c9c + 80027d6: bf00 nop + 80027d8: 0800da65 .word 0x0800da65 + 80027dc: 081ff000 .word 0x081ff000 + 80027e0: 0801e000 .word 0x0801e000 + 80027e4: 080106b1 .word 0x080106b1 + 80027e8: 080106c0 .word 0x080106c0 + +080027ec : + +// fast_wipe() +// + void +fast_wipe(void) +{ + 80027ec: b508 push {r3, lr} + // dump (part of) the main seed key and become a new Coldcard + // - lots of other code can and will detect a missing MCU key as "blank" + // - and the check value on main seed will be garbage now + mcu_key_clear(NULL); + 80027ee: 2000 movs r0, #0 + 80027f0: f7ff ff0a bl 8002608 + __ASM volatile ("dsb 0xF":::"memory"); + 80027f4: f3bf 8f4f dsb sy + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 80027f8: 4905 ldr r1, [pc, #20] ; (8002810 ) + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 80027fa: 4b06 ldr r3, [pc, #24] ; (8002814 ) + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 80027fc: 68ca ldr r2, [r1, #12] + 80027fe: f402 62e0 and.w r2, r2, #1792 ; 0x700 + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 8002802: 4313 orrs r3, r2 + 8002804: 60cb str r3, [r1, #12] + 8002806: f3bf 8f4f dsb sy + __NOP(); + 800280a: bf00 nop + for(;;) /* wait until reset */ + 800280c: e7fd b.n 800280a + 800280e: bf00 nop + 8002810: e000ed00 .word 0xe000ed00 + 8002814: 05fa0004 .word 0x05fa0004 + +08002818 : +check_all_ones_raw(const void *ptrV, int len) +{ + uint8_t rv = 0xff; + const uint8_t *ptr = (const uint8_t *)ptrV; + + for(; len; len--, ptr++) { + 8002818: 4401 add r1, r0 + uint8_t rv = 0xff; + 800281a: 23ff movs r3, #255 ; 0xff + for(; len; len--, ptr++) { + 800281c: 4288 cmp r0, r1 + 800281e: d103 bne.n 8002828 + rv &= *ptr; + } + + return (rv == 0xff); +} + 8002820: 3bff subs r3, #255 ; 0xff + 8002822: 4258 negs r0, r3 + 8002824: 4158 adcs r0, r3 + 8002826: 4770 bx lr + rv &= *ptr; + 8002828: f810 2b01 ldrb.w r2, [r0], #1 + 800282c: 4013 ands r3, r2 + for(; len; len--, ptr++) { + 800282e: e7f5 b.n 800281c + +08002830 : +// +// Return T if all bytes are 0xFF +// + bool +check_all_ones(const void *ptrV, int len) +{ + 8002830: b507 push {r0, r1, r2, lr} + bool rv = check_all_ones_raw(ptrV, len); + 8002832: f7ff fff1 bl 8002818 + 8002836: 9001 str r0, [sp, #4] + + rng_delay(); + 8002838: f000 f878 bl 800292c + + return rv; +} + 800283c: 9801 ldr r0, [sp, #4] + 800283e: b003 add sp, #12 + 8002840: f85d fb04 ldr.w pc, [sp], #4 + +08002844 : +// +// Return T if all bytes are 0x00 +// + bool +check_all_zeros(const void *ptrV, int len) +{ + 8002844: b510 push {r4, lr} + 8002846: 4401 add r1, r0 + uint8_t rv = 0x0; + 8002848: 2400 movs r4, #0 + const uint8_t *ptr = (const uint8_t *)ptrV; + + for(; len; len--, ptr++) { + 800284a: 4288 cmp r0, r1 + 800284c: d105 bne.n 800285a + rv |= *ptr; + } + + rng_delay(); + 800284e: f000 f86d bl 800292c + return (rv == 0x00); +} + 8002852: fab4 f084 clz r0, r4 + 8002856: 0940 lsrs r0, r0, #5 + 8002858: bd10 pop {r4, pc} + rv |= *ptr; + 800285a: f810 3b01 ldrb.w r3, [r0], #1 + 800285e: 431c orrs r4, r3 + for(; len; len--, ptr++) { + 8002860: e7f3 b.n 800284a + +08002862 : + const uint8_t *left = (const uint8_t *)aV; + const uint8_t *right = (const uint8_t *)bV; + uint8_t diff = 0; + int i; + + for (i = 0; i < len; i++) { + 8002862: 2300 movs r3, #0 +{ + 8002864: b570 push {r4, r5, r6, lr} + uint8_t diff = 0; + 8002866: 461c mov r4, r3 + for (i = 0; i < len; i++) { + 8002868: 4293 cmp r3, r2 + 800286a: db05 blt.n 8002878 + diff |= (left[i] ^ right[i]); + } + + rng_delay(); + 800286c: f000 f85e bl 800292c + return (diff == 0); +} + 8002870: fab4 f084 clz r0, r4 + 8002874: 0940 lsrs r0, r0, #5 + 8002876: bd70 pop {r4, r5, r6, pc} + diff |= (left[i] ^ right[i]); + 8002878: 5cc5 ldrb r5, [r0, r3] + 800287a: 5cce ldrb r6, [r1, r3] + 800287c: 4075 eors r5, r6 + 800287e: 432c orrs r4, r5 + for (i = 0; i < len; i++) { + 8002880: 3301 adds r3, #1 + 8002882: e7f1 b.n 8002868 + +08002884 : + } + + // Get the new number + uint32_t rv = RNG->DR; + + if(rv != last_rng_result && rv) { + 8002884: 4b06 ldr r3, [pc, #24] ; (80028a0 ) + while(!(RNG->SR & RNG_FLAG_DRDY)) { + 8002886: 4a07 ldr r2, [pc, #28] ; (80028a4 ) + if(rv != last_rng_result && rv) { + 8002888: 6819 ldr r1, [r3, #0] + while(!(RNG->SR & RNG_FLAG_DRDY)) { + 800288a: 6850 ldr r0, [r2, #4] + 800288c: 07c0 lsls r0, r0, #31 + 800288e: d5fc bpl.n 800288a + uint32_t rv = RNG->DR; + 8002890: 6890 ldr r0, [r2, #8] + if(rv != last_rng_result && rv) { + 8002892: 4281 cmp r1, r0 + 8002894: d0f9 beq.n 800288a + 8002896: 2800 cmp r0, #0 + 8002898: d0f7 beq.n 800288a + last_rng_result = rv; + 800289a: 6018 str r0, [r3, #0] + + // keep trying if not a new number + } + + // NOT-REACHED +} + 800289c: 4770 bx lr + 800289e: bf00 nop + 80028a0: 2009e1bc .word 0x2009e1bc + 80028a4: 50060800 .word 0x50060800 + +080028a8 : + if(RNG->CR & RNG_CR_RNGEN) { + 80028a8: 4b12 ldr r3, [pc, #72] ; (80028f4 ) + 80028aa: 681a ldr r2, [r3, #0] + 80028ac: 0752 lsls r2, r2, #29 +{ + 80028ae: b513 push {r0, r1, r4, lr} + if(RNG->CR & RNG_CR_RNGEN) { + 80028b0: d41d bmi.n 80028ee + __HAL_RCC_RNG_CLK_ENABLE(); + 80028b2: 4a11 ldr r2, [pc, #68] ; (80028f8 ) + 80028b4: 6cd1 ldr r1, [r2, #76] ; 0x4c + 80028b6: f441 2180 orr.w r1, r1, #262144 ; 0x40000 + 80028ba: 64d1 str r1, [r2, #76] ; 0x4c + 80028bc: 6cd2 ldr r2, [r2, #76] ; 0x4c + 80028be: f402 2280 and.w r2, r2, #262144 ; 0x40000 + 80028c2: 9201 str r2, [sp, #4] + 80028c4: 9a01 ldr r2, [sp, #4] + RNG->CR |= RNG_CR_RNGEN; + 80028c6: 681a ldr r2, [r3, #0] + 80028c8: f042 0204 orr.w r2, r2, #4 + 80028cc: 601a str r2, [r3, #0] + uint32_t chk = rng_sample(); + 80028ce: f7ff ffd9 bl 8002884 + 80028d2: 4604 mov r4, r0 + uint32_t chk2 = rng_sample(); + 80028d4: f7ff ffd6 bl 8002884 + if(chk == 0 || chk == ~0 + 80028d8: 1e63 subs r3, r4, #1 + 80028da: 3303 adds r3, #3 + 80028dc: d804 bhi.n 80028e8 + || chk2 == 0 || chk2 == ~0 + 80028de: 1e43 subs r3, r0, #1 + 80028e0: 3303 adds r3, #3 + 80028e2: d801 bhi.n 80028e8 + || chk == chk2 + 80028e4: 4284 cmp r4, r0 + 80028e6: d102 bne.n 80028ee + INCONSISTENT("bad rng"); + 80028e8: 4804 ldr r0, [pc, #16] ; (80028fc ) + 80028ea: f7fe f8b7 bl 8000a5c +} + 80028ee: b002 add sp, #8 + 80028f0: bd10 pop {r4, pc} + 80028f2: bf00 nop + 80028f4: 50060800 .word 0x50060800 + 80028f8: 40021000 .word 0x40021000 + 80028fc: 0800d990 .word 0x0800d990 + +08002900 : + +// rng_buffer() +// + void +rng_buffer(uint8_t *result, int len) +{ + 8002900: b573 push {r0, r1, r4, r5, r6, lr} + 8002902: 460c mov r4, r1 + 8002904: 1845 adds r5, r0, r1 + while(len > 0) { + 8002906: 2c00 cmp r4, #0 + 8002908: eba5 0604 sub.w r6, r5, r4 + 800290c: dc01 bgt.n 8002912 + memcpy(result, &t, MIN(4, len)); + + len -= 4; + result += 4; + } +} + 800290e: b002 add sp, #8 + 8002910: bd70 pop {r4, r5, r6, pc} + uint32_t t = rng_sample(); + 8002912: f7ff ffb7 bl 8002884 + memcpy(result, &t, MIN(4, len)); + 8002916: 2c04 cmp r4, #4 + 8002918: 4622 mov r2, r4 + uint32_t t = rng_sample(); + 800291a: 9001 str r0, [sp, #4] + memcpy(result, &t, MIN(4, len)); + 800291c: bfa8 it ge + 800291e: 2204 movge r2, #4 + 8002920: a901 add r1, sp, #4 + 8002922: 4630 mov r0, r6 + 8002924: f00a ffe0 bl 800d8e8 + len -= 4; + 8002928: 3c04 subs r4, #4 + result += 4; + 800292a: e7ec b.n 8002906 + +0800292c : +// +// Call anytime. Delays for a random time period to fustrate glitchers. +// + void +rng_delay(void) +{ + 800292c: b508 push {r3, lr} + uint32_t r = rng_sample() % 8; + 800292e: f7ff ffa9 bl 8002884 + uint32_t cnt = (1< + cnt--; + } +} + 8002942: bd08 pop {r3, pc} + +08002944 <_send_byte>: + static inline void +_send_byte(uint8_t ch) +{ + // reset timeout timer (Systick) + uint32_t ticks = 0; + SysTick->VAL = 0; + 8002944: f04f 22e0 mov.w r2, #3758153728 ; 0xe000e000 +{ + 8002948: b510 push {r4, lr} + SysTick->VAL = 0; + 800294a: 2300 movs r3, #0 + + while(!(MY_UART->ISR & UART_FLAG_TXE)) { + 800294c: 4c07 ldr r4, [pc, #28] ; (800296c <_send_byte+0x28>) + SysTick->VAL = 0; + 800294e: 6193 str r3, [r2, #24] + while(!(MY_UART->ISR & UART_FLAG_TXE)) { + 8002950: 230b movs r3, #11 + 8002952: 69e1 ldr r1, [r4, #28] + 8002954: 0609 lsls r1, r1, #24 + 8002956: d404 bmi.n 8002962 <_send_byte+0x1e> + // busy-wait until able to send (no fifo?) + if(SysTick->CTRL & SysTick_CTRL_COUNTFLAG_Msk) { + 8002958: 6911 ldr r1, [r2, #16] + 800295a: 03c9 lsls r1, r1, #15 + 800295c: d5f9 bpl.n 8002952 <_send_byte+0xe> + // failsafe timeout + ticks += 1; + if(ticks > 10) break; + 800295e: 3b01 subs r3, #1 + 8002960: d1f7 bne.n 8002952 <_send_byte+0xe> + } + } + MY_UART->TDR = ch; + 8002962: 4b02 ldr r3, [pc, #8] ; (800296c <_send_byte+0x28>) + 8002964: b280 uxth r0, r0 + 8002966: 8518 strh r0, [r3, #40] ; 0x28 +} + 8002968: bd10 pop {r4, pc} + 800296a: bf00 nop + 800296c: 40004c00 .word 0x40004c00 + +08002970 <_send_bits>: + +// _send_bits() +// + static void +_send_bits(uint8_t tx) +{ + 8002970: b570 push {r4, r5, r6, lr} + 8002972: 4606 mov r6, r0 + 8002974: 2508 movs r5, #8 + // serialize and send one byte + uint8_t mask = 0x1; + 8002976: 2401 movs r4, #1 + + for(int i=0; i<8; i++, mask <<= 1) { + uint8_t h = (tx & mask) ? BIT1 : BIT0; + 8002978: 4226 tst r6, r4 + + _send_byte(h); + 800297a: bf14 ite ne + 800297c: 207f movne r0, #127 ; 0x7f + 800297e: 207d moveq r0, #125 ; 0x7d + 8002980: f7ff ffe0 bl 8002944 <_send_byte> + for(int i=0; i<8; i++, mask <<= 1) { + 8002984: 0064 lsls r4, r4, #1 + 8002986: 3d01 subs r5, #1 + 8002988: b2e4 uxtb r4, r4 + 800298a: d1f5 bne.n 8002978 <_send_bits+0x8> + } +} + 800298c: bd70 pop {r4, r5, r6, pc} + +0800298e <_send_serialized>: + +// _send_serialized() +// + static void +_send_serialized(const uint8_t *buf, int len) +{ + 800298e: b538 push {r3, r4, r5, lr} + 8002990: 4604 mov r4, r0 + 8002992: 1845 adds r5, r0, r1 + for(int i=0; i + for(int i=0; i + } +} + 80029a0: bd38 pop {r3, r4, r5, pc} + ... + +080029a4 <_flush_rx>: +// + static inline void +_flush_rx(void) +{ + // reset timeout timer (Systick) + SysTick->VAL = 0; + 80029a4: f04f 23e0 mov.w r3, #3758153728 ; 0xe000e000 + 80029a8: 2200 movs r2, #0 + + while(!(MY_UART->ISR & UART_FLAG_TC)) { + 80029aa: 490b ldr r1, [pc, #44] ; (80029d8 <_flush_rx+0x34>) + SysTick->VAL = 0; + 80029ac: 619a str r2, [r3, #24] + while(!(MY_UART->ISR & UART_FLAG_TC)) { + 80029ae: 69ca ldr r2, [r1, #28] + 80029b0: 0652 lsls r2, r2, #25 + 80029b2: d402 bmi.n 80029ba <_flush_rx+0x16> + // wait for last bit(byte) to be serialized and sent + + if(SysTick->CTRL & SysTick_CTRL_COUNTFLAG_Msk) { + 80029b4: 691a ldr r2, [r3, #16] + 80029b6: 03d0 lsls r0, r2, #15 + 80029b8: d5f9 bpl.n 80029ae <_flush_rx+0xa> + break; + } + } + + // We actually need this delay here! + __NOP(); + 80029ba: bf00 nop + __NOP(); + 80029bc: bf00 nop + __NOP(); + 80029be: bf00 nop + __NOP(); + 80029c0: bf00 nop + __NOP(); + 80029c2: bf00 nop + __NOP(); + 80029c4: bf00 nop + __NOP(); + 80029c6: bf00 nop + __NOP(); + 80029c8: bf00 nop + + // clear junk in rx buffer + MY_UART->RQR = USART_RQR_RXFRQ; + 80029ca: 4b03 ldr r3, [pc, #12] ; (80029d8 <_flush_rx+0x34>) + 80029cc: 2208 movs r2, #8 + 80029ce: 831a strh r2, [r3, #24] + + // clear overrun error + // clear rx timeout flag + // clear framing error + MY_UART->ICR = USART_ICR_ORECF | USART_ICR_RTOCF | USART_ICR_FECF; + 80029d0: f640 020a movw r2, #2058 ; 0x80a + 80029d4: 621a str r2, [r3, #32] +} + 80029d6: 4770 bx lr + 80029d8: 40004c00 .word 0x40004c00 + +080029dc : + uint16_t crc_register = 0; + uint16_t polynom = 0x8005; + uint8_t shift_register; + uint8_t data_bit, crc_bit; + + crc_register = (((uint16_t) crc[0]) & 0x00FF) | (((uint16_t) crc[1]) << 8); + 80029dc: 8813 ldrh r3, [r2, #0] +{ + 80029de: b5f0 push {r4, r5, r6, r7, lr} + 80029e0: 4408 add r0, r1 + + // Shift CRC to the left by 1. + crc_register <<= 1; + + if ((data_bit ^ crc_bit) != 0) + crc_register ^= polynom; + 80029e2: f248 0605 movw r6, #32773 ; 0x8005 + for (counter = 0; counter < length; counter++) { + 80029e6: 4281 cmp r1, r0 + 80029e8: d103 bne.n 80029f2 + } + } + + crc[0] = (uint8_t) (crc_register & 0x00FF); + 80029ea: 7013 strb r3, [r2, #0] + crc[1] = (uint8_t) (crc_register >> 8); + 80029ec: 0a1b lsrs r3, r3, #8 + 80029ee: 7053 strb r3, [r2, #1] +} + 80029f0: bdf0 pop {r4, r5, r6, r7, pc} + data_bit = (data[counter] & shift_register) ? 1 : 0; + 80029f2: f811 7b01 ldrb.w r7, [r1], #1 + 80029f6: 2508 movs r5, #8 + for (shift_register = 0x01; shift_register > 0x00; shift_register <<= 1) { + 80029f8: 2401 movs r4, #1 + data_bit = (data[counter] & shift_register) ? 1 : 0; + 80029fa: 4227 tst r7, r4 + crc_bit = crc_register >> 15; + 80029fc: ea4f 3cd3 mov.w ip, r3, lsr #15 + if ((data_bit ^ crc_bit) != 0) + 8002a00: bf18 it ne + 8002a02: f04f 0e01 movne.w lr, #1 + crc_register <<= 1; + 8002a06: ea4f 0343 mov.w r3, r3, lsl #1 + if ((data_bit ^ crc_bit) != 0) + 8002a0a: bf08 it eq + 8002a0c: f04f 0e00 moveq.w lr, #0 + 8002a10: 45e6 cmp lr, ip + crc_register <<= 1; + 8002a12: b29b uxth r3, r3 + crc_register ^= polynom; + 8002a14: bf18 it ne + 8002a16: 4073 eorne r3, r6 + for (shift_register = 0x01; shift_register > 0x00; shift_register <<= 1) { + 8002a18: 0064 lsls r4, r4, #1 + 8002a1a: 3d01 subs r5, #1 + 8002a1c: b2e4 uxtb r4, r4 + 8002a1e: d1ec bne.n 80029fa + 8002a20: e7e1 b.n 80029e6 + +08002a22 : + +// ae_check_crc() +// + static bool +ae_check_crc(const uint8_t *data, uint8_t length) +{ + 8002a22: b573 push {r0, r1, r4, r5, r6, lr} + uint8_t obs[2] = { 0, 0 }; + + if(data[0] != length) { + 8002a24: 7806 ldrb r6, [r0, #0] + uint8_t obs[2] = { 0, 0 }; + 8002a26: 2400 movs r4, #0 + if(data[0] != length) { + 8002a28: 428e cmp r6, r1 +{ + 8002a2a: 4605 mov r5, r0 + uint8_t obs[2] = { 0, 0 }; + 8002a2c: f8ad 4004 strh.w r4, [sp, #4] + if(data[0] != length) { + 8002a30: d113 bne.n 8002a5a + // length is wrong + STATS(crc_len_error++); + return false; + } + + crc16_chain(length-2, data, obs); + 8002a32: 4629 mov r1, r5 + 8002a34: 1eb0 subs r0, r6, #2 + + return (obs[0] == data[length-2] && obs[1] == data[length-1]); + 8002a36: 4435 add r5, r6 + crc16_chain(length-2, data, obs); + 8002a38: aa01 add r2, sp, #4 + 8002a3a: b2c0 uxtb r0, r0 + 8002a3c: f7ff ffce bl 80029dc + return (obs[0] == data[length-2] && obs[1] == data[length-1]); + 8002a40: f89d 2004 ldrb.w r2, [sp, #4] + 8002a44: f815 3c02 ldrb.w r3, [r5, #-2] + 8002a48: 429a cmp r2, r3 + 8002a4a: d106 bne.n 8002a5a + 8002a4c: f815 4c01 ldrb.w r4, [r5, #-1] + 8002a50: f89d 0005 ldrb.w r0, [sp, #5] + 8002a54: 1a23 subs r3, r4, r0 + 8002a56: 425c negs r4, r3 + 8002a58: 415c adcs r4, r3 + return false; + 8002a5a: 4620 mov r0, r4 +} + 8002a5c: b002 add sp, #8 + 8002a5e: bd70 pop {r4, r5, r6, pc} + +08002a60 : +{ + 8002a60: b508 push {r3, lr} + _send_byte(0x00); + 8002a62: 2000 movs r0, #0 + 8002a64: f7ff ff6e bl 8002944 <_send_byte> + delay_ms(3); // measured: ~2.9ms + 8002a68: 2003 movs r0, #3 + 8002a6a: f001 f81d bl 8003aa8 +} + 8002a6e: e8bd 4008 ldmia.w sp!, {r3, lr} + _flush_rx(); + 8002a72: f7ff bf97 b.w 80029a4 <_flush_rx> + +08002a76 : +{ + 8002a76: b508 push {r3, lr} + ae_wake(); + 8002a78: f7ff fff2 bl 8002a60 +} + 8002a7c: e8bd 4008 ldmia.w sp!, {r3, lr} + _send_bits(IOFLAG_IDLE); + 8002a80: 20bb movs r0, #187 ; 0xbb + 8002a82: f7ff bf75 b.w 8002970 <_send_bits> + ... + +08002a88 : +{ + 8002a88: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + int max_expect = (max_len+1) * 8; + 8002a8c: 3101 adds r1, #1 + uint8_t raw[max_expect]; + 8002a8e: 466b mov r3, sp + 8002a90: eba3 03c1 sub.w r3, r3, r1, lsl #3 +{ + 8002a94: af00 add r7, sp, #0 + 8002a96: 4606 mov r6, r0 + uint8_t raw[max_expect]; + 8002a98: 469d mov sp, r3 + _send_bits(IOFLAG_TX); + 8002a9a: 2088 movs r0, #136 ; 0x88 + int max_expect = (max_len+1) * 8; + 8002a9c: 00cd lsls r5, r1, #3 + _send_bits(IOFLAG_TX); + 8002a9e: f7ff ff67 bl 8002970 <_send_bits> + _flush_rx(); + 8002aa2: f7ff ff7f bl 80029a4 <_flush_rx> + int actual = 0; + 8002aa6: 2200 movs r2, #0 + while(!(MY_UART->ISR & UART_FLAG_RXNE) && !(MY_UART->ISR & UART_FLAG_RTOF)) { + 8002aa8: 4829 ldr r0, [pc, #164] ; (8002b50 ) + uint8_t raw[max_expect]; + 8002aaa: 466c mov r4, sp + for(uint8_t *p = raw; ; actual++) { + 8002aac: 4669 mov r1, sp + SysTick->VAL = 0; + 8002aae: f04f 2ce0 mov.w ip, #3758153728 ; 0xe000e000 + 8002ab2: 4696 mov lr, r2 + 8002ab4: f8cc e018 str.w lr, [ip, #24] + while(!(MY_UART->ISR & UART_FLAG_RXNE) && !(MY_UART->ISR & UART_FLAG_RTOF)) { + 8002ab8: 2305 movs r3, #5 + 8002aba: f8d0 801c ldr.w r8, [r0, #28] + 8002abe: f018 0f20 tst.w r8, #32 + 8002ac2: d104 bne.n 8002ace + 8002ac4: f8d0 801c ldr.w r8, [r0, #28] + 8002ac8: f418 6f00 tst.w r8, #2048 ; 0x800 + 8002acc: d008 beq.n 8002ae0 + if(MY_UART->ISR & UART_FLAG_RXNE) { + 8002ace: 69c3 ldr r3, [r0, #28] + 8002ad0: 069b lsls r3, r3, #26 + 8002ad2: d52e bpl.n 8002b32 + return MY_UART->RDR & 0x7f; + 8002ad4: 8c83 ldrh r3, [r0, #36] ; 0x24 + if(actual < max_expect) { + 8002ad6: 42aa cmp r2, r5 + return MY_UART->RDR & 0x7f; + 8002ad8: b29b uxth r3, r3 + if(actual < max_expect) { + 8002ada: db34 blt.n 8002b46 + for(uint8_t *p = raw; ; actual++) { + 8002adc: 3201 adds r2, #1 + 8002ade: e7e9 b.n 8002ab4 + if(SysTick->CTRL & SysTick_CTRL_COUNTFLAG_Msk) { + 8002ae0: f8dc 8010 ldr.w r8, [ip, #16] + 8002ae4: f418 3f80 tst.w r8, #65536 ; 0x10000 + 8002ae8: d0e7 beq.n 8002aba + if(ticks >= 5) { + 8002aea: 3b01 subs r3, #1 + 8002aec: d1e5 bne.n 8002aba + actual &= ~7; + 8002aee: f022 0107 bic.w r1, r2, #7 + while(from_len > 0) { + 8002af2: 3d08 subs r5, #8 + 8002af4: 4425 add r5, r4 + 8002af6: 4623 mov r3, r4 + 8002af8: 4421 add r1, r4 + 8002afa: 1ac8 subs r0, r1, r3 + 8002afc: 2800 cmp r0, #0 + 8002afe: dd14 ble.n 8002b2a + 8002b00: f103 3cff add.w ip, r3, #4294967295 ; 0xffffffff + uint8_t rv = 0, mask = 0x1; + 8002b04: 2001 movs r0, #1 + 8002b06: 2400 movs r4, #0 + for(int i=0; i<8; i++, mask <<= 1) { + 8002b08: f103 0e07 add.w lr, r3, #7 + if(from[i] == BIT1) { + 8002b0c: f81c 8f01 ldrb.w r8, [ip, #1]! + 8002b10: f1b8 0f7f cmp.w r8, #127 ; 0x7f + rv |= mask; + 8002b14: bf08 it eq + 8002b16: 4304 orreq r4, r0 + for(int i=0; i<8; i++, mask <<= 1) { + 8002b18: 0040 lsls r0, r0, #1 + 8002b1a: 45f4 cmp ip, lr + 8002b1c: b2c0 uxtb r0, r0 + 8002b1e: d1f5 bne.n 8002b0c + from += 8; + 8002b20: 3308 adds r3, #8 + if(max_into <= 0) break; + 8002b22: 42ab cmp r3, r5 + *(into++) = rv; + 8002b24: f806 4b01 strb.w r4, [r6], #1 + if(max_into <= 0) break; + 8002b28: d1e7 bne.n 8002afa + return actual / 8; + 8002b2a: 10d0 asrs r0, r2, #3 +} + 8002b2c: 46bd mov sp, r7 + 8002b2e: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + if(MY_UART->ISR & UART_FLAG_RTOF) { + 8002b32: 69c3 ldr r3, [r0, #28] + 8002b34: 051b lsls r3, r3, #20 + 8002b36: d503 bpl.n 8002b40 + MY_UART->ICR = USART_ICR_RTOCF; + 8002b38: f44f 6300 mov.w r3, #2048 ; 0x800 + 8002b3c: 6203 str r3, [r0, #32] + if(ch < 0) { + 8002b3e: e7d6 b.n 8002aee + INCONSISTENT("rxf"); + 8002b40: 4804 ldr r0, [pc, #16] ; (8002b54 ) + 8002b42: f7fd ff8b bl 8000a5c + *(p++) = ch; + 8002b46: f003 037f and.w r3, r3, #127 ; 0x7f + 8002b4a: f801 3b01 strb.w r3, [r1], #1 + 8002b4e: e7c5 b.n 8002adc + 8002b50: 40004c00 .word 0x40004c00 + 8002b54: 0800d990 .word 0x0800d990 + +08002b58 : + if(ae_chip_is_setup == AE_CHIP_IS_SETUP) { + 8002b58: 4b04 ldr r3, [pc, #16] ; (8002b6c ) + 8002b5a: 681a ldr r2, [r3, #0] + 8002b5c: 4b04 ldr r3, [pc, #16] ; (8002b70 ) + 8002b5e: 429a cmp r2, r3 + 8002b60: d102 bne.n 8002b68 + _send_bits(IOFLAG_SLEEP); + 8002b62: 20cc movs r0, #204 ; 0xcc + 8002b64: f7ff bf04 b.w 8002970 <_send_bits> +} + 8002b68: 4770 bx lr + 8002b6a: bf00 nop + 8002b6c: 2009e1c0 .word 0x2009e1c0 + 8002b70: 35d25d63 .word 0x35d25d63 + +08002b74 : + __HAL_RCC_UART4_CLK_ENABLE(); + 8002b74: 4b13 ldr r3, [pc, #76] ; (8002bc4 ) + 8002b76: 6d9a ldr r2, [r3, #88] ; 0x58 + 8002b78: f442 2200 orr.w r2, r2, #524288 ; 0x80000 + 8002b7c: 659a str r2, [r3, #88] ; 0x58 + 8002b7e: 6d9b ldr r3, [r3, #88] ; 0x58 +{ + 8002b80: b082 sub sp, #8 + __HAL_RCC_UART4_CLK_ENABLE(); + 8002b82: f403 2300 and.w r3, r3, #524288 ; 0x80000 + 8002b86: 9301 str r3, [sp, #4] + 8002b88: 9b01 ldr r3, [sp, #4] + MY_UART->CR1 = 0; + 8002b8a: 4b0f ldr r3, [pc, #60] ; (8002bc8 ) + 8002b8c: 2200 movs r2, #0 + 8002b8e: 601a str r2, [r3, #0] + MY_UART->CR1 = 0x1000002d & ~(0 + 8002b90: 4a0e ldr r2, [pc, #56] ; (8002bcc ) + 8002b92: 601a str r2, [r3, #0] + MY_UART->RTOR = 24; // timeout in bit periods: 3 chars or so + 8002b94: 2218 movs r2, #24 + 8002b96: 615a str r2, [r3, #20] + MY_UART->CR2 = USART_CR2_RTOEN; // rx timeout enable + 8002b98: f44f 0200 mov.w r2, #8388608 ; 0x800000 + 8002b9c: 605a str r2, [r3, #4] + MY_UART->CR3 = USART_CR3_HDSEL | USART_CR3_ONEBIT; + 8002b9e: f640 0208 movw r2, #2056 ; 0x808 + 8002ba2: 609a str r2, [r3, #8] + MY_UART->BRR = 521; // 230400 bps @ 120 Mhz SYSCLK + 8002ba4: f240 2209 movw r2, #521 ; 0x209 + 8002ba8: 60da str r2, [r3, #12] + MY_UART->ICR = USART_ICR_RTOCF; + 8002baa: f44f 6200 mov.w r2, #2048 ; 0x800 + 8002bae: 621a str r2, [r3, #32] + MY_UART->CR1 |= USART_CR1_UE; + 8002bb0: 681a ldr r2, [r3, #0] + 8002bb2: f042 0201 orr.w r2, r2, #1 + 8002bb6: 601a str r2, [r3, #0] + ae_chip_is_setup = AE_CHIP_IS_SETUP; + 8002bb8: 4b05 ldr r3, [pc, #20] ; (8002bd0 ) + 8002bba: 4a06 ldr r2, [pc, #24] ; (8002bd4 ) + 8002bbc: 601a str r2, [r3, #0] +} + 8002bbe: b002 add sp, #8 + 8002bc0: 4770 bx lr + 8002bc2: bf00 nop + 8002bc4: 40021000 .word 0x40021000 + 8002bc8: 40004c00 .word 0x40004c00 + 8002bcc: 1000002c .word 0x1000002c + 8002bd0: 2009e1c0 .word 0x2009e1c0 + 8002bd4: 35d25d63 .word 0x35d25d63 + +08002bd8 : + ae_send_idle(); + 8002bd8: f7ff bf4d b.w 8002a76 + +08002bdc : +// Read a one-byte status/error code response from chip. It's wrapped as 4 bytes: +// (len=4) (value) (crc16) (crc16) +// + int +ae_read1(void) +{ + 8002bdc: b513 push {r0, r1, r4, lr} + 8002bde: 2408 movs r4, #8 + uint8_t msg[4]; + + for(int retry=7; retry >= 0; retry--) { + // tell it we want to read a response, read it, and deserialize + int rv = ae_read_response(msg, 4); + 8002be0: 2104 movs r1, #4 + 8002be2: eb0d 0001 add.w r0, sp, r1 + 8002be6: f7ff ff4f bl 8002a88 + + if(rv == 0) { + 8002bea: 4601 mov r1, r0 + 8002bec: b938 cbnz r0, 8002bfe + // nothing heard, it's probably still processing + ERR("not rdy"); + STATS(not_ready++); + + delay_ms(5); + 8002bee: 2005 movs r0, #5 + 8002bf0: f000 ff5a bl 8003aa8 + for(int retry=7; retry >= 0; retry--) { + 8002bf4: 3c01 subs r4, #1 + 8002bf6: d1f3 bne.n 8002be0 + try_again: + STATS(l1_retry++); + } + + // fail. + return -1; + 8002bf8: f04f 30ff mov.w r0, #4294967295 ; 0xffffffff + 8002bfc: e008 b.n 8002c10 + if(rv != 4) { + 8002bfe: 2804 cmp r0, #4 + 8002c00: d1f8 bne.n 8002bf4 + if(!ae_check_crc(msg, 4)) { + 8002c02: a801 add r0, sp, #4 + 8002c04: f7ff ff0d bl 8002a22 + 8002c08: 2800 cmp r0, #0 + 8002c0a: d0f3 beq.n 8002bf4 + return msg[1]; + 8002c0c: f89d 0005 ldrb.w r0, [sp, #5] +} + 8002c10: b002 add sp, #8 + 8002c12: bd10 pop {r4, pc} + +08002c14 : +// Read and check CRC over N bytes, wrapped in 3-bytes of framing overhead. +// Return -1 for timeout, zero for normal, and one-byte error code otherwise. +// + int +ae_read_n(uint8_t len, uint8_t *body) +{ + 8002c14: e92d 43f8 stmdb sp!, {r3, r4, r5, r6, r7, r8, r9, lr} + uint8_t tmp[1+len+2]; + 8002c18: f100 030a add.w r3, r0, #10 + 8002c1c: f403 73fc and.w r3, r3, #504 ; 0x1f8 +{ + 8002c20: af00 add r7, sp, #0 + uint8_t tmp[1+len+2]; + 8002c22: ebad 0d03 sub.w sp, sp, r3 +{ + 8002c26: 460d mov r5, r1 + uint8_t tmp[1+len+2]; + 8002c28: 1cc6 adds r6, r0, #3 + 8002c2a: 46e8 mov r8, sp + 8002c2c: f04f 0908 mov.w r9, #8 + + for(int retry=7; retry >= 0; retry--) { + + int actual = ae_read_response(tmp, len+3); + 8002c30: 4631 mov r1, r6 + 8002c32: 4640 mov r0, r8 + 8002c34: f7ff ff28 bl 8002a88 + if(actual < 4) { + 8002c38: 2803 cmp r0, #3 + int actual = ae_read_response(tmp, len+3); + 8002c3a: 4604 mov r4, r0 + if(actual < 4) { + 8002c3c: dc0b bgt.n 8002c56 + + if(actual == 0) { + 8002c3e: b910 cbnz r0, 8002c46 + // nothing heard, it's probably still processing + delay_ms(5); + 8002c40: 2005 movs r0, #5 + 8002c42: f000 ff31 bl 8003aa8 + + return 0; + + try_again: + STATS(ln_retry++); + ae_wake(); + 8002c46: f7ff ff0b bl 8002a60 + for(int retry=7; retry >= 0; retry--) { + 8002c4a: f1b9 0901 subs.w r9, r9, #1 + 8002c4e: d1ef bne.n 8002c30 + } + + return -1; + 8002c50: f04f 30ff mov.w r0, #4294967295 ; 0xffffffff + 8002c54: e007 b.n 8002c66 + uint8_t resp_len = tmp[0]; + 8002c56: f898 3000 ldrb.w r3, [r8] + if(resp_len != (len + 3)) { + 8002c5a: 42b3 cmp r3, r6 + 8002c5c: d006 beq.n 8002c6c + if(resp_len == 4) { + 8002c5e: 2b04 cmp r3, #4 + 8002c60: d1f1 bne.n 8002c46 + return tmp[1]; + 8002c62: f898 0001 ldrb.w r0, [r8, #1] +} + 8002c66: 46bd mov sp, r7 + 8002c68: e8bd 83f8 ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, pc} + if(!ae_check_crc(tmp, actual)) { + 8002c6c: b2c1 uxtb r1, r0 + 8002c6e: 4640 mov r0, r8 + 8002c70: f7ff fed7 bl 8002a22 + 8002c74: 2800 cmp r0, #0 + 8002c76: d0e6 beq.n 8002c46 + memcpy(body, tmp+1, actual-3); + 8002c78: 1ee2 subs r2, r4, #3 + 8002c7a: f108 0101 add.w r1, r8, #1 + 8002c7e: 4628 mov r0, r5 + 8002c80: f00a fe32 bl 800d8e8 + return 0; + 8002c84: 2000 movs r0, #0 + 8002c86: e7ee b.n 8002c66 + +08002c88 : + +// ae_send_n() +// + void +ae_send_n(aeopcode_t opcode, uint8_t p1, uint16_t p2, const uint8_t *data, uint8_t data_len) +{ + 8002c88: b530 push {r4, r5, lr} + 8002c8a: b085 sub sp, #20 + 8002c8c: 461d mov r5, r3 + 8002c8e: f89d 4020 ldrb.w r4, [sp, #32] + uint8_t framed_len; + uint8_t op; + uint8_t p1; + uint8_t p2_lsb; + uint8_t p2_msb; + } known = { + 8002c92: f88d 200c strb.w r2, [sp, #12] + 8002c96: 2377 movs r3, #119 ; 0x77 + 8002c98: 0a12 lsrs r2, r2, #8 + 8002c9a: f88d 3008 strb.w r3, [sp, #8] + .ioflag = IOFLAG_CMD, + .framed_len = (data_len + 7), // 7 = (1 len) + (4 bytes of msg) + (2 crc) + 8002c9e: 1de3 adds r3, r4, #7 + } known = { + 8002ca0: f88d 3009 strb.w r3, [sp, #9] + 8002ca4: f88d 200d strb.w r2, [sp, #13] + 8002ca8: f88d 000a strb.w r0, [sp, #10] + 8002cac: f88d 100b strb.w r1, [sp, #11] + STATS(last_op = opcode); + STATS(last_p1 = p1); + STATS(last_p2 = p2); + + // important to wake chip at this point. + ae_wake(); + 8002cb0: f7ff fed6 bl 8002a60 + + _send_serialized((const uint8_t *)&known, sizeof(known)); + 8002cb4: 2106 movs r1, #6 + 8002cb6: a802 add r0, sp, #8 + 8002cb8: f7ff fe69 bl 800298e <_send_serialized> + + // CRC will start from frame_len onwards + uint8_t crc[2] = {0, 0}; + 8002cbc: 2300 movs r3, #0 + crc16_chain(sizeof(known)-1, &known.framed_len, crc); + 8002cbe: aa01 add r2, sp, #4 + 8002cc0: f10d 0109 add.w r1, sp, #9 + 8002cc4: 2005 movs r0, #5 + uint8_t crc[2] = {0, 0}; + 8002cc6: f8ad 3004 strh.w r3, [sp, #4] + crc16_chain(sizeof(known)-1, &known.framed_len, crc); + 8002cca: f7ff fe87 bl 80029dc + + // insert a variable-length body area (sometimes) + if(data_len) { + 8002cce: b144 cbz r4, 8002ce2 + _send_serialized(data, data_len); + 8002cd0: 4621 mov r1, r4 + 8002cd2: 4628 mov r0, r5 + 8002cd4: f7ff fe5b bl 800298e <_send_serialized> + + crc16_chain(data_len, data, crc); + 8002cd8: aa01 add r2, sp, #4 + 8002cda: 4629 mov r1, r5 + 8002cdc: 4620 mov r0, r4 + 8002cde: f7ff fe7d bl 80029dc + } + + // send final CRC bytes + _send_serialized(crc, 2); + 8002ce2: 2102 movs r1, #2 + 8002ce4: a801 add r0, sp, #4 + 8002ce6: f7ff fe52 bl 800298e <_send_serialized> +} + 8002cea: b005 add sp, #20 + 8002cec: bd30 pop {r4, r5, pc} + +08002cee : +{ + 8002cee: b507 push {r0, r1, r2, lr} + ae_send_n(opcode, p1, p2, NULL, 0); + 8002cf0: 2300 movs r3, #0 + 8002cf2: 9300 str r3, [sp, #0] + 8002cf4: f7ff ffc8 bl 8002c88 +} + 8002cf8: b003 add sp, #12 + 8002cfa: f85d fb04 ldr.w pc, [sp], #4 + +08002cfe : +// +// Do Info(p1=2) command, and return result. +// + uint16_t +ae_get_info(void) +{ + 8002cfe: b507 push {r0, r1, r2, lr} + // not doing error checking here + ae_send(OP_Info, 0x2, 0); + 8002d00: 2200 movs r2, #0 + 8002d02: 2102 movs r1, #2 + 8002d04: 2030 movs r0, #48 ; 0x30 + 8002d06: f7ff fff2 bl 8002cee + + // note: always returns 4 bytes, but most are garbage and unused. + uint8_t tmp[4]; + ae_read_n(4, tmp); + 8002d0a: a901 add r1, sp, #4 + 8002d0c: 2004 movs r0, #4 + 8002d0e: f7ff ff81 bl 8002c14 + + return (tmp[0] << 8) | tmp[1]; + 8002d12: f8bd 0004 ldrh.w r0, [sp, #4] + 8002d16: ba40 rev16 r0, r0 +} + 8002d18: b280 uxth r0, r0 + 8002d1a: b003 add sp, #12 + 8002d1c: f85d fb04 ldr.w pc, [sp], #4 + +08002d20 : +// Load Tempkey with a specific value. Resulting Tempkey cannot be +// used with many commands/keys, but is needed for signing. +// + int +ae_load_nonce(const uint8_t nonce[32]) +{ + 8002d20: b507 push {r0, r1, r2, lr} + // p1=3 + ae_send_n(OP_Nonce, 3, 0, nonce, 32); // 608a ok + 8002d22: 2220 movs r2, #32 +{ + 8002d24: 4603 mov r3, r0 + ae_send_n(OP_Nonce, 3, 0, nonce, 32); // 608a ok + 8002d26: 9200 str r2, [sp, #0] + 8002d28: 2103 movs r1, #3 + 8002d2a: 2200 movs r2, #0 + 8002d2c: 2016 movs r0, #22 + 8002d2e: f7ff ffab bl 8002c88 + + return ae_read1(); +} + 8002d32: b003 add sp, #12 + 8002d34: f85d eb04 ldr.w lr, [sp], #4 + return ae_read1(); + 8002d38: f7ff bf50 b.w 8002bdc + +08002d3c : +// Load 32bytes of message digest with a specific value. +// Needed for signing. +// + int +ae_load_msgdigest(const uint8_t md[32]) +{ + 8002d3c: b507 push {r0, r1, r2, lr} + ae_send_n(OP_Nonce, (1<<6) | 3, 0, md, 32); + 8002d3e: 2220 movs r2, #32 +{ + 8002d40: 4603 mov r3, r0 + ae_send_n(OP_Nonce, (1<<6) | 3, 0, md, 32); + 8002d42: 9200 str r2, [sp, #0] + 8002d44: 2143 movs r1, #67 ; 0x43 + 8002d46: 2200 movs r2, #0 + 8002d48: 2016 movs r0, #22 + 8002d4a: f7ff ff9d bl 8002c88 + + return ae_read1(); +} + 8002d4e: b003 add sp, #12 + 8002d50: f85d eb04 ldr.w lr, [sp], #4 + return ae_read1(); + 8002d54: f7ff bf42 b.w 8002bdc + +08002d58 : +// Load Tempkey with a nonce value that we both know, but +// is random and we both know is random! Tricky! +// + int +ae_pick_nonce(const uint8_t num_in[20], uint8_t tempkey[32]) +{ + 8002d58: b5f0 push {r4, r5, r6, r7, lr} + 8002d5a: b09f sub sp, #124 ; 0x7c + // We provide some 20 bytes of randomness to chip + // The chip must provide 32-bytes of random-ness, + // so no choice in args to OP.Nonce here (due to ReqRandom). + ae_send_n(OP_Nonce, 0, 0, num_in, 20); + 8002d5c: 2200 movs r2, #0 + 8002d5e: 2714 movs r7, #20 + 8002d60: 4603 mov r3, r0 +{ + 8002d62: 4605 mov r5, r0 + 8002d64: 460e mov r6, r1 + ae_send_n(OP_Nonce, 0, 0, num_in, 20); + 8002d66: 2016 movs r0, #22 + 8002d68: 4611 mov r1, r2 + 8002d6a: 9700 str r7, [sp, #0] + 8002d6c: f7ff ff8c bl 8002c88 + + // Nonce command returns the RNG result, but not contents of TempKey + uint8_t randout[32]; + int rv = ae_read_n(32, randout); + 8002d70: a903 add r1, sp, #12 + 8002d72: 2020 movs r0, #32 + 8002d74: f7ff ff4e bl 8002c14 + RET_IF_BAD(rv); + 8002d78: 4604 mov r4, r0 + 8002d7a: b9e0 cbnz r0, 8002db6 + // + // return sha256(rndout + num_in + b'\x16\0\0').digest() + // + SHA256_CTX ctx; + + sha256_init(&ctx); + 8002d7c: a80b add r0, sp, #44 ; 0x2c + 8002d7e: f002 fd03 bl 8005788 + sha256_update(&ctx, randout, 32); + 8002d82: 2220 movs r2, #32 + 8002d84: a903 add r1, sp, #12 + 8002d86: a80b add r0, sp, #44 ; 0x2c + 8002d88: f002 fd0c bl 80057a4 + sha256_update(&ctx, num_in, 20); + 8002d8c: 463a mov r2, r7 + 8002d8e: 4629 mov r1, r5 + 8002d90: a80b add r0, sp, #44 ; 0x2c + 8002d92: f002 fd07 bl 80057a4 + const uint8_t fixed[3] = { 0x16, 0, 0 }; + 8002d96: 4b09 ldr r3, [pc, #36] ; (8002dbc ) + 8002d98: 881a ldrh r2, [r3, #0] + 8002d9a: f8ad 2008 strh.w r2, [sp, #8] + 8002d9e: 789b ldrb r3, [r3, #2] + 8002da0: f88d 300a strb.w r3, [sp, #10] + sha256_update(&ctx, fixed, 3); + 8002da4: a902 add r1, sp, #8 + 8002da6: a80b add r0, sp, #44 ; 0x2c + 8002da8: 2203 movs r2, #3 + 8002daa: f002 fcfb bl 80057a4 + + sha256_final(&ctx, tempkey); + 8002dae: 4631 mov r1, r6 + 8002db0: a80b add r0, sp, #44 ; 0x2c + 8002db2: f002 fd3d bl 8005830 + + return 0; +} + 8002db6: 4620 mov r0, r4 + 8002db8: b01f add sp, #124 ; 0x7c + 8002dba: bdf0 pop {r4, r5, r6, r7, pc} + 8002dbc: 080106f4 .word 0x080106f4 + +08002dc0 : +// Check that TempKey is holding what we think it does. Uses the MAC +// command over contents of Tempkey and our shared secret. +// + bool +ae_is_correct_tempkey(const uint8_t expected_tempkey[32]) +{ + 8002dc0: b570 push {r4, r5, r6, lr} + const uint8_t mode = (1<<6) // include full serial number + | (0<<2) // TempKey.SourceFlag == 0 == 'rand' + | (0<<1) // first 32 bytes are the shared secret + | (1<<0); // second 32 bytes are tempkey + + ae_send(OP_MAC, mode, KEYNUM_pairing); + 8002dc2: 2141 movs r1, #65 ; 0x41 +{ + 8002dc4: b0a8 sub sp, #160 ; 0xa0 + 8002dc6: 4604 mov r4, r0 + ae_send(OP_MAC, mode, KEYNUM_pairing); + 8002dc8: 2201 movs r2, #1 + 8002dca: 2008 movs r0, #8 + 8002dcc: f7ff ff8f bl 8002cee + + // read chip's answer + uint8_t resp[32]; + int rv = ae_read_n(32, resp); + 8002dd0: a905 add r1, sp, #20 + 8002dd2: 2020 movs r0, #32 + 8002dd4: f7ff ff1e bl 8002c14 + if(rv) return false; + 8002dd8: 2800 cmp r0, #0 + 8002dda: d135 bne.n 8002e48 + ae_send_idle(); + 8002ddc: f7ff fe4b bl 8002a76 + ae_keep_alive(); + + // Duplicate the hash process, and then compare. + SHA256_CTX ctx; + + sha256_init(&ctx); + 8002de0: a815 add r0, sp, #84 ; 0x54 + 8002de2: f002 fcd1 bl 8005788 + sha256_update(&ctx, rom_secrets->pairing_secret, 32); + 8002de6: 4919 ldr r1, [pc, #100] ; (8002e4c ) + 8002de8: 2220 movs r2, #32 + 8002dea: a815 add r0, sp, #84 ; 0x54 + 8002dec: f002 fcda bl 80057a4 + sha256_update(&ctx, expected_tempkey, 32); + 8002df0: 2220 movs r2, #32 + 8002df2: 4621 mov r1, r4 + 8002df4: a815 add r0, sp, #84 ; 0x54 + 8002df6: f002 fcd5 bl 80057a4 + + const uint8_t fixed[16] = { OP_MAC, mode, KEYNUM_pairing, 0x0, + 8002dfa: 4b15 ldr r3, [pc, #84] ; (8002e50 ) + 8002dfc: aa01 add r2, sp, #4 + 8002dfe: f103 0610 add.w r6, r3, #16 + 8002e02: 4615 mov r5, r2 + 8002e04: 6818 ldr r0, [r3, #0] + 8002e06: 6859 ldr r1, [r3, #4] + 8002e08: 4614 mov r4, r2 + 8002e0a: c403 stmia r4!, {r0, r1} + 8002e0c: 3308 adds r3, #8 + 8002e0e: 42b3 cmp r3, r6 + 8002e10: 4622 mov r2, r4 + 8002e12: d1f7 bne.n 8002e04 + 0,0,0,0, 0,0,0,0, // eight zeros + 0,0,0, // three zeros + 0xEE }; + sha256_update(&ctx, fixed, sizeof(fixed)); + 8002e14: 2210 movs r2, #16 + 8002e16: 4629 mov r1, r5 + 8002e18: a815 add r0, sp, #84 ; 0x54 + 8002e1a: f002 fcc3 bl 80057a4 + + sha256_update(&ctx, ((const uint8_t *)rom_secrets->ae_serial_number)+4, 4); + 8002e1e: 490d ldr r1, [pc, #52] ; (8002e54 ) + 8002e20: 2204 movs r2, #4 + 8002e22: a815 add r0, sp, #84 ; 0x54 + 8002e24: f002 fcbe bl 80057a4 + sha256_update(&ctx, ((const uint8_t *)rom_secrets->ae_serial_number)+0, 4); + 8002e28: 2204 movs r2, #4 + 8002e2a: 490b ldr r1, [pc, #44] ; (8002e58 ) + 8002e2c: a815 add r0, sp, #84 ; 0x54 + 8002e2e: f002 fcb9 bl 80057a4 + // this verifies no problem. + ASSERT(ctx.datalen + (ctx.bitlen/8) == 32+32+1+1+2+8+3+1+4+2+2); // == 88 +#endif + + uint8_t actual[32]; + sha256_final(&ctx, actual); + 8002e32: a90d add r1, sp, #52 ; 0x34 + 8002e34: a815 add r0, sp, #84 ; 0x54 + 8002e36: f002 fcfb bl 8005830 + + return check_equal(actual, resp, 32); + 8002e3a: 2220 movs r2, #32 + 8002e3c: a905 add r1, sp, #20 + 8002e3e: a80d add r0, sp, #52 ; 0x34 + 8002e40: f7ff fd0f bl 8002862 +} + 8002e44: b028 add sp, #160 ; 0xa0 + 8002e46: bd70 pop {r4, r5, r6, pc} + if(rv) return false; + 8002e48: 2000 movs r0, #0 + 8002e4a: e7fb b.n 8002e44 + 8002e4c: 0801c000 .word 0x0801c000 + 8002e50: 080106f7 .word 0x080106f7 + 8002e54: 0801c044 .word 0x0801c044 + 8002e58: 0801c040 .word 0x0801c040 + +08002e5c : +// inside the 508a/608a, like use of a specific key, but not for us to +// authenticate the 508a/608a or its contents/state. +// + int +ae_checkmac(uint8_t keynum, const uint8_t secret[32]) +{ + 8002e5c: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 8002e60: b0c2 sub sp, #264 ; 0x108 + + // Since this is part of the hash, we want random bytes + // for our "other data". Also a number for "numin" of nonce + uint8_t od[32], numin[20]; + + rng_buffer(od, sizeof(od)); + 8002e62: ad0b add r5, sp, #44 ; 0x2c +{ + 8002e64: 4607 mov r7, r0 + 8002e66: 460e mov r6, r1 + rng_buffer(od, sizeof(od)); + 8002e68: 4628 mov r0, r5 + 8002e6a: 2120 movs r1, #32 + 8002e6c: f7ff fd48 bl 8002900 + rng_buffer(numin, sizeof(numin)); + 8002e70: 2114 movs r1, #20 + 8002e72: a806 add r0, sp, #24 + 8002e74: f7ff fd44 bl 8002900 + ae_send_idle(); + 8002e78: f7ff fdfd bl 8002a76 + + // need this one, want to reset watchdog to this point. + ae_keep_alive(); + + // - load tempkey with a known nonce value + uint8_t zeros[8] = {0}; + 8002e7c: 2300 movs r3, #0 + uint8_t tempkey[32]; + rv = ae_pick_nonce(numin, tempkey); + 8002e7e: a913 add r1, sp, #76 ; 0x4c + 8002e80: a806 add r0, sp, #24 + uint8_t zeros[8] = {0}; + 8002e82: e9cd 3304 strd r3, r3, [sp, #16] + rv = ae_pick_nonce(numin, tempkey); + 8002e86: f7ff ff67 bl 8002d58 + RET_IF_BAD(rv); + 8002e8a: 4604 mov r4, r0 + 8002e8c: 2800 cmp r0, #0 + 8002e8e: d15d bne.n 8002f4c + + // - hash nonce and lots of other bits together + SHA256_CTX ctx; + sha256_init(&ctx); + 8002e90: a81b add r0, sp, #108 ; 0x6c + 8002e92: f002 fc79 bl 8005788 + + // shared secret is 32 bytes from flash + sha256_update(&ctx, secret, 32); + 8002e96: 2220 movs r2, #32 + 8002e98: 4631 mov r1, r6 + 8002e9a: a81b add r0, sp, #108 ; 0x6c + 8002e9c: f002 fc82 bl 80057a4 + + sha256_update(&ctx, tempkey, 32); + 8002ea0: 2220 movs r2, #32 + 8002ea2: a913 add r1, sp, #76 ; 0x4c + 8002ea4: a81b add r0, sp, #108 ; 0x6c + 8002ea6: f002 fc7d bl 80057a4 + sha256_update(&ctx, &od[0], 4); + 8002eaa: 2204 movs r2, #4 + 8002eac: 4629 mov r1, r5 + 8002eae: a81b add r0, sp, #108 ; 0x6c + 8002eb0: f002 fc78 bl 80057a4 + + sha256_update(&ctx, zeros, 8); + 8002eb4: 2208 movs r2, #8 + 8002eb6: a904 add r1, sp, #16 + 8002eb8: a81b add r0, sp, #108 ; 0x6c + 8002eba: f002 fc73 bl 80057a4 + + sha256_update(&ctx, &od[4], 3); + 8002ebe: 2203 movs r2, #3 + 8002ec0: a90c add r1, sp, #48 ; 0x30 + 8002ec2: a81b add r0, sp, #108 ; 0x6c + 8002ec4: f002 fc6e bl 80057a4 + + uint8_t ee = 0xEE; + 8002ec8: 23ee movs r3, #238 ; 0xee + sha256_update(&ctx, &ee, 1); + 8002eca: 2201 movs r2, #1 + 8002ecc: f10d 010b add.w r1, sp, #11 + 8002ed0: a81b add r0, sp, #108 ; 0x6c + uint8_t ee = 0xEE; + 8002ed2: f88d 300b strb.w r3, [sp, #11] + sha256_update(&ctx, &ee, 1); + 8002ed6: f002 fc65 bl 80057a4 + sha256_update(&ctx, &od[7], 4); + 8002eda: 2204 movs r2, #4 + 8002edc: f10d 0133 add.w r1, sp, #51 ; 0x33 + 8002ee0: a81b add r0, sp, #108 ; 0x6c + 8002ee2: f002 fc5f bl 80057a4 + + uint8_t snp[2] = { 0x01, 0x23 }; + 8002ee6: f242 3301 movw r3, #8961 ; 0x2301 + sha256_update(&ctx, snp, 2); + 8002eea: 2202 movs r2, #2 + 8002eec: a903 add r1, sp, #12 + 8002eee: a81b add r0, sp, #108 ; 0x6c + uint8_t snp[2] = { 0x01, 0x23 }; + 8002ef0: f8ad 300c strh.w r3, [sp, #12] + sha256_update(&ctx, snp, 2); + 8002ef4: f002 fc56 bl 80057a4 + sha256_update(&ctx, &od[11], 2); + 8002ef8: 2202 movs r2, #2 + 8002efa: f10d 0137 add.w r1, sp, #55 ; 0x37 + 8002efe: a81b add r0, sp, #108 ; 0x6c + 8002f00: f002 fc50 bl 80057a4 + uint8_t resp[32]; + uint8_t od[13]; + } req; + + // content doesn't matter, but nice and visible: + memcpy(req.ch3, copyright_msg, 32); + 8002f04: 4b15 ldr r3, [pc, #84] ; (8002f5c ) + 8002f06: ac2e add r4, sp, #184 ; 0xb8 + 8002f08: f103 0220 add.w r2, r3, #32 + 8002f0c: 46a0 mov r8, r4 + 8002f0e: 6818 ldr r0, [r3, #0] + 8002f10: 6859 ldr r1, [r3, #4] + 8002f12: 4626 mov r6, r4 + 8002f14: c603 stmia r6!, {r0, r1} + 8002f16: 3308 adds r3, #8 + 8002f18: 4293 cmp r3, r2 + 8002f1a: 4634 mov r4, r6 + 8002f1c: d1f7 bne.n 8002f0e + // this verifies no problem. + int l = (ctx.blocks * 64) + ctx.npartial; + ASSERT(l == 32+32+4+8+3+1+4+2+2); // == 88 +#endif + + sha256_final(&ctx, req.resp); + 8002f1e: a936 add r1, sp, #216 ; 0xd8 + 8002f20: a81b add r0, sp, #108 ; 0x6c + 8002f22: f002 fc85 bl 8005830 + memcpy(req.od, od, 13); + 8002f26: e895 000f ldmia.w r5, {r0, r1, r2, r3} + 8002f2a: ac3e add r4, sp, #248 ; 0xf8 + 8002f2c: c407 stmia r4!, {r0, r1, r2} + 8002f2e: 7023 strb r3, [r4, #0] + + STATIC_ASSERT(sizeof(req) == 32 + 32 + 13); + + // Give our answer to the chip. + ae_send_n(OP_CheckMac, 0x01, keynum, (uint8_t *)&req, sizeof(req)); + 8002f30: 234d movs r3, #77 ; 0x4d + 8002f32: 9300 str r3, [sp, #0] + 8002f34: 463a mov r2, r7 + 8002f36: 4643 mov r3, r8 + 8002f38: 2101 movs r1, #1 + 8002f3a: 2028 movs r0, #40 ; 0x28 + 8002f3c: f7ff fea4 bl 8002c88 + + rv = ae_read1(); + 8002f40: f7ff fe4c bl 8002bdc + if(rv != 0) { + 8002f44: 4604 mov r4, r0 + 8002f46: b928 cbnz r0, 8002f54 + ae_send_idle(); + 8002f48: f7ff fd95 bl 8002a76 + + // just in case ... always restart watchdog timer. + ae_keep_alive(); + + return 0; +} + 8002f4c: 4620 mov r0, r4 + 8002f4e: b042 add sp, #264 ; 0x108 + 8002f50: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + return -1; + 8002f54: f04f 34ff mov.w r4, #4294967295 ; 0xffffffff + 8002f58: e7f8 b.n 8002f4c + 8002f5a: bf00 nop + 8002f5c: 080106c6 .word 0x080106c6 + +08002f60 : + return ae_checkmac(KEYNUM_pairing, rom_secrets->pairing_secret); + 8002f60: 4901 ldr r1, [pc, #4] ; (8002f68 ) + 8002f62: 2001 movs r0, #1 + 8002f64: f7ff bf7a b.w 8002e5c + 8002f68: 0801c000 .word 0x0801c000 + +08002f6c : +// Sign a message (already digested) +// + int +ae_sign_authed(uint8_t keynum, const uint8_t msg_hash[32], + uint8_t signature[64], int auth_kn, const uint8_t auth_digest[32]) +{ + 8002f6c: b570 push {r4, r5, r6, lr} + 8002f6e: 460e mov r6, r1 + 8002f70: 4604 mov r4, r0 + 8002f72: 4615 mov r5, r2 + // indicate we know the PIN + ae_pair_unlock(); + 8002f74: f7ff fff4 bl 8002f60 + int rv = ae_checkmac(KEYNUM_main_pin, auth_digest); + 8002f78: 9904 ldr r1, [sp, #16] + 8002f7a: 2003 movs r0, #3 + 8002f7c: f7ff ff6e bl 8002e5c + RET_IF_BAD(rv); + 8002f80: b990 cbnz r0, 8002fa8 + + // send what we need signed + rv = ae_load_msgdigest(msg_hash); + 8002f82: 4630 mov r0, r6 + 8002f84: f7ff feda bl 8002d3c + RET_IF_BAD(rv); + 8002f88: b970 cbnz r0, 8002fa8 + + do { + ae_send(OP_Sign, (7<<5), keynum); + 8002f8a: b2a4 uxth r4, r4 + 8002f8c: 4622 mov r2, r4 + 8002f8e: 21e0 movs r1, #224 ; 0xe0 + 8002f90: 2041 movs r0, #65 ; 0x41 + 8002f92: f7ff feac bl 8002cee + + delay_ms(60); // min time for processing + 8002f96: 203c movs r0, #60 ; 0x3c + 8002f98: f000 fd86 bl 8003aa8 + + rv = ae_read_n(64, signature); + 8002f9c: 4629 mov r1, r5 + 8002f9e: 2040 movs r0, #64 ; 0x40 + 8002fa0: f7ff fe38 bl 8002c14 + } while(rv == AE_ECC_FAULT); + 8002fa4: 2805 cmp r0, #5 + 8002fa6: d0f1 beq.n 8002f8c + + return rv; +} + 8002fa8: bd70 pop {r4, r5, r6, pc} + ... + +08002fac : + +// ae_gen_ecc_key() +// + int +ae_gen_ecc_key(uint8_t keynum, uint8_t pubkey_out[64]) +{ + 8002fac: b530 push {r4, r5, lr} + int rv; + uint8_t junk[3] = { 0 }; + 8002fae: 4b0f ldr r3, [pc, #60] ; (8002fec ) +{ + 8002fb0: b085 sub sp, #20 + uint8_t junk[3] = { 0 }; + 8002fb2: f8b3 3013 ldrh.w r3, [r3, #19] + 8002fb6: f8ad 300c strh.w r3, [sp, #12] + 8002fba: 2300 movs r3, #0 +{ + 8002fbc: 460c mov r4, r1 + uint8_t junk[3] = { 0 }; + 8002fbe: f88d 300e strb.w r3, [sp, #14] + + do { + ae_send_n(OP_GenKey, (1<<2), keynum, junk, 3); + 8002fc2: 4605 mov r5, r0 + 8002fc4: 2303 movs r3, #3 + 8002fc6: 462a mov r2, r5 + 8002fc8: 2104 movs r1, #4 + 8002fca: 9300 str r3, [sp, #0] + 8002fcc: 2040 movs r0, #64 ; 0x40 + 8002fce: ab03 add r3, sp, #12 + 8002fd0: f7ff fe5a bl 8002c88 + + delay_ms(100); // to avoid timeouts + 8002fd4: 2064 movs r0, #100 ; 0x64 + 8002fd6: f000 fd67 bl 8003aa8 + + rv = ae_read_n(64, pubkey_out); + 8002fda: 4621 mov r1, r4 + 8002fdc: 2040 movs r0, #64 ; 0x40 + 8002fde: f7ff fe19 bl 8002c14 + } while(rv == AE_ECC_FAULT); + 8002fe2: 2805 cmp r0, #5 + 8002fe4: d0ee beq.n 8002fc4 + + return rv; +} + 8002fe6: b005 add sp, #20 + 8002fe8: bd30 pop {r4, r5, pc} + 8002fea: bf00 nop + 8002fec: 080106f4 .word 0x080106f4 + +08002ff0 : +// 508a: Different opcode, OP_HMAC does exactly 32 bytes w/ less steps. +// 608a: Use old SHA256 command, but with new flags. +// + int +ae_hmac32(uint8_t keynum, const uint8_t msg[32], uint8_t digest[32]) +{ + 8002ff0: b530 push {r4, r5, lr} + 8002ff2: b085 sub sp, #20 + 8002ff4: 4615 mov r5, r2 + 8002ff6: 9103 str r1, [sp, #12] + // Start SHA w/ HMAC setup + ae_send(OP_SHA, 4, keynum); // 4 = HMAC_Init + 8002ff8: 4602 mov r2, r0 + 8002ffa: 2104 movs r1, #4 + 8002ffc: 2047 movs r0, #71 ; 0x47 + 8002ffe: f7ff fe76 bl 8002cee + + // expect zero, meaning "ready" + int rv = ae_read1(); + 8003002: f7ff fdeb bl 8002bdc + RET_IF_BAD(rv); + 8003006: b970 cbnz r0, 8003026 + + // send the contents to be hashed + ae_send_n(OP_SHA, (3<<6) | 2, 32, msg, 32); // 2 = Finalize, 3=Place output + 8003008: 2420 movs r4, #32 + 800300a: 9b03 ldr r3, [sp, #12] + 800300c: 9400 str r4, [sp, #0] + 800300e: 4622 mov r2, r4 + 8003010: 21c2 movs r1, #194 ; 0xc2 + 8003012: 2047 movs r0, #71 ; 0x47 + 8003014: f7ff fe38 bl 8002c88 + + // read result + return ae_read_n(32, digest); + 8003018: 4629 mov r1, r5 + 800301a: 4620 mov r0, r4 +} + 800301c: b005 add sp, #20 + 800301e: e8bd 4030 ldmia.w sp!, {r4, r5, lr} + return ae_read_n(32, digest); + 8003022: f7ff bdf7 b.w 8002c14 +} + 8003026: b005 add sp, #20 + 8003028: bd30 pop {r4, r5, pc} + +0800302a : +// +// Return the serial number: it's 9 bytes, altho 3 are fixed. +// + int +ae_get_serial(uint8_t serial[6]) +{ + 800302a: b510 push {r4, lr} + ae_send(OP_Read, 0x80, 0x0); + 800302c: 2200 movs r2, #0 +{ + 800302e: b08c sub sp, #48 ; 0x30 + ae_send(OP_Read, 0x80, 0x0); + 8003030: 2180 movs r1, #128 ; 0x80 +{ + 8003032: 4604 mov r4, r0 + ae_send(OP_Read, 0x80, 0x0); + 8003034: 2002 movs r0, #2 + 8003036: f7ff fe5a bl 8002cee + + uint8_t temp[32]; + int rv = ae_read_n(32, temp); + 800303a: a904 add r1, sp, #16 + 800303c: 2020 movs r0, #32 + 800303e: f7ff fde9 bl 8002c14 + RET_IF_BAD(rv); + 8003042: 4603 mov r3, r0 + 8003044: b9b8 cbnz r0, 8003076 + + // reformat to 9 bytes. + uint8_t ts[9]; + memcpy(ts, &temp[0], 4); + memcpy(&ts[4], &temp[8], 5); + 8003046: e9dd 0106 ldrd r0, r1, [sp, #24] + 800304a: 9a04 ldr r2, [sp, #16] + 800304c: f88d 100c strb.w r1, [sp, #12] + + // check the hard-coded values + if((ts[0] != 0x01) || (ts[1] != 0x23) || (ts[8] != 0xEE)) return 1; + 8003050: b2d1 uxtb r1, r2 + 8003052: 2901 cmp r1, #1 + memcpy(ts, &temp[0], 4); + 8003054: 9201 str r2, [sp, #4] + memcpy(&ts[4], &temp[8], 5); + 8003056: 9002 str r0, [sp, #8] + if((ts[0] != 0x01) || (ts[1] != 0x23) || (ts[8] != 0xEE)) return 1; + 8003058: d110 bne.n 800307c + 800305a: f3c2 2207 ubfx r2, r2, #8, #8 + 800305e: 2a23 cmp r2, #35 ; 0x23 + 8003060: d10c bne.n 800307c + 8003062: f89d 200c ldrb.w r2, [sp, #12] + 8003066: 2aee cmp r2, #238 ; 0xee + 8003068: d10a bne.n 8003080 + + // save only the unique bits. + memcpy(serial, ts+2, 6); + 800306a: f8dd 2006 ldr.w r2, [sp, #6] + 800306e: 6022 str r2, [r4, #0] + 8003070: f8bd 200a ldrh.w r2, [sp, #10] + 8003074: 80a2 strh r2, [r4, #4] + + return 0; +} + 8003076: 4618 mov r0, r3 + 8003078: b00c add sp, #48 ; 0x30 + 800307a: bd10 pop {r4, pc} + if((ts[0] != 0x01) || (ts[1] != 0x23) || (ts[8] != 0xEE)) return 1; + 800307c: 2301 movs r3, #1 + 800307e: e7fa b.n 8003076 + 8003080: 460b mov r3, r1 + 8003082: e7f8 b.n 8003076 + +08003084 : +{ + 8003084: b513 push {r0, r1, r4, lr} + ae_wake(); + 8003086: f7ff fceb bl 8002a60 + _send_bits(IOFLAG_SLEEP); + 800308a: 20cc movs r0, #204 ; 0xcc + 800308c: f7ff fc70 bl 8002970 <_send_bits> + ae_wake(); + 8003090: f7ff fce6 bl 8002a60 + ae_read1(); + 8003094: f7ff fda2 bl 8002bdc + uint8_t chk = ae_read1(); + 8003098: f7ff fda0 bl 8002bdc + if(chk != AE_AFTER_WAKE) return "wk fl"; + 800309c: b2c0 uxtb r0, r0 + 800309e: 2811 cmp r0, #17 + 80030a0: d10e bne.n 80030c0 + if(ae_get_serial(serial)) return "no ser"; + 80030a2: 4668 mov r0, sp + 80030a4: f7ff ffc1 bl 800302a + 80030a8: 4604 mov r4, r0 + 80030aa: b938 cbnz r0, 80030bc + ae_wake(); + 80030ac: f7ff fcd8 bl 8002a60 + _send_bits(IOFLAG_SLEEP); + 80030b0: 20cc movs r0, #204 ; 0xcc + 80030b2: f7ff fc5d bl 8002970 <_send_bits> + return NULL; + 80030b6: 4620 mov r0, r4 +} + 80030b8: b002 add sp, #8 + 80030ba: bd10 pop {r4, pc} + if(ae_get_serial(serial)) return "no ser"; + 80030bc: 4801 ldr r0, [pc, #4] ; (80030c4 ) + 80030be: e7fb b.n 80030b8 + if(chk != AE_AFTER_WAKE) return "wk fl"; + 80030c0: 4801 ldr r0, [pc, #4] ; (80030c8 ) + 80030c2: e7f9 b.n 80030b8 + 80030c4: 080106e7 .word 0x080106e7 + 80030c8: 080106ee .word 0x080106ee + +080030cc : +// +// -- can also lock it. +// + int +ae_write_data_slot(int slot_num, const uint8_t *data, int len, bool lock_it) +{ + 80030cc: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 80030d0: 4699 mov r9, r3 + ASSERT(len >= 32); + 80030d2: f1a2 0320 sub.w r3, r2, #32 +{ + 80030d6: b085 sub sp, #20 + ASSERT(len >= 32); + 80030d8: f5b3 7fc0 cmp.w r3, #384 ; 0x180 +{ + 80030dc: 4604 mov r4, r0 + 80030de: af02 add r7, sp, #8 + 80030e0: 460d mov r5, r1 + 80030e2: 4690 mov r8, r2 + ASSERT(len >= 32); + 80030e4: d902 bls.n 80030ec + 80030e6: 482d ldr r0, [pc, #180] ; (800319c ) + 80030e8: f7fd fcb8 bl 8000a5c + ASSERT(len <= 416); + + for(int blk=0, xlen=len; xlen>0; blk++, xlen-=32) { + // have to write each "block" of 32-bytes, separately + // zone => data + ae_send_n(OP_Write, 0x80|2, (blk<<8) | (slot_num<<3), data+(blk*32), 32); + 80030ec: ea4f 0ac0 mov.w sl, r0, lsl #3 + 80030f0: fa0f fa8a sxth.w sl, sl + 80030f4: 2600 movs r6, #0 + 80030f6: f04f 0b20 mov.w fp, #32 + 80030fa: ebc6 3246 rsb r2, r6, r6, lsl #13 + 80030fe: ea4a 02c2 orr.w r2, sl, r2, lsl #3 + 8003102: b292 uxth r2, r2 + 8003104: 1bab subs r3, r5, r6 + 8003106: 2182 movs r1, #130 ; 0x82 + 8003108: 2012 movs r0, #18 + 800310a: f8cd b000 str.w fp, [sp] + 800310e: f7ff fdbb bl 8002c88 + + int rv = ae_read1(); + 8003112: f7ff fd63 bl 8002bdc + RET_IF_BAD(rv); + 8003116: 2800 cmp r0, #0 + 8003118: d13c bne.n 8003194 + for(int blk=0, xlen=len; xlen>0; blk++, xlen-=32) { + 800311a: 3e20 subs r6, #32 + 800311c: eb06 0308 add.w r3, r6, r8 + 8003120: 2b00 cmp r3, #0 + 8003122: dcea bgt.n 80030fa + } + + if(lock_it) { + 8003124: f1b9 0f00 cmp.w r9, #0 + 8003128: d034 beq.n 8003194 + ASSERT(slot_num != 8); // no support for mega slot 8 + 800312a: 2c08 cmp r4, #8 + if(lock_it) { + 800312c: 466e mov r6, sp + ASSERT(slot_num != 8); // no support for mega slot 8 + 800312e: d0da beq.n 80030e6 + ASSERT(len == 32); // probably not a limitation here + 8003130: f1b8 0f20 cmp.w r8, #32 + 8003134: d1d7 bne.n 80030e6 + + // Assume 36/72-byte long slot, which will be partially written, and rest + // should be ones. + const int slot_len = (slot_num <= 7) ? 36 : 72; + 8003136: 2c08 cmp r4, #8 + 8003138: bfb4 ite lt + 800313a: f04f 0824 movlt.w r8, #36 ; 0x24 + 800313e: f04f 0848 movge.w r8, #72 ; 0x48 + uint8_t copy[slot_len]; + 8003142: f108 0307 add.w r3, r8, #7 + 8003146: f003 03f8 and.w r3, r3, #248 ; 0xf8 + 800314a: ebad 0d03 sub.w sp, sp, r3 + 800314e: ab02 add r3, sp, #8 + + memset(copy, 0xff, slot_len); + 8003150: 4642 mov r2, r8 + 8003152: 21ff movs r1, #255 ; 0xff + 8003154: 4618 mov r0, r3 + 8003156: f00a fbd5 bl 800d904 + memcpy(copy, data, len); + 800315a: f105 0120 add.w r1, r5, #32 + memset(copy, 0xff, slot_len); + 800315e: 4603 mov r3, r0 + memcpy(copy, data, len); + 8003160: 4602 mov r2, r0 + 8003162: f855 0b04 ldr.w r0, [r5], #4 + 8003166: f842 0b04 str.w r0, [r2], #4 + 800316a: 428d cmp r5, r1 + 800316c: d1f9 bne.n 8003162 + + // calc expected CRC + uint8_t crc[2] = {0, 0}; + 800316e: 2200 movs r2, #0 + crc16_chain(slot_len, copy, crc); + 8003170: 4619 mov r1, r3 + uint8_t crc[2] = {0, 0}; + 8003172: 80ba strh r2, [r7, #4] + crc16_chain(slot_len, copy, crc); + 8003174: 4640 mov r0, r8 + 8003176: 1d3a adds r2, r7, #4 + 8003178: f7ff fc30 bl 80029dc + + // do the lock + ae_send(OP_Lock, 2 | (slot_num << 2), (crc[1]<<8) | crc[0]); + 800317c: 00a1 lsls r1, r4, #2 + 800317e: f041 0102 orr.w r1, r1, #2 + 8003182: 88ba ldrh r2, [r7, #4] + 8003184: f001 01fe and.w r1, r1, #254 ; 0xfe + 8003188: 2017 movs r0, #23 + 800318a: f7ff fdb0 bl 8002cee + + int rv = ae_read1(); + 800318e: f7ff fd25 bl 8002bdc + RET_IF_BAD(rv); + 8003192: 46b5 mov sp, r6 + } + + return 0; +} + 8003194: 370c adds r7, #12 + 8003196: 46bd mov sp, r7 + 8003198: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + 800319c: 08010470 .word 0x08010470 + +080031a0 : + +// ae_gendig_slot() +// + int +ae_gendig_slot(int slot_num, const uint8_t slot_contents[32], uint8_t digest[32]) +{ + 80031a0: b5f0 push {r4, r5, r6, r7, lr} + 80031a2: b0ab sub sp, #172 ; 0xac + 80031a4: 4605 mov r5, r0 + 80031a6: 460f mov r7, r1 + // Construct a digest on the device (and here) that depends on the secret + // contents of a specific slot. + uint8_t num_in[20], tempkey[32]; + + rng_buffer(num_in, sizeof(num_in)); + 80031a8: a803 add r0, sp, #12 + 80031aa: 2114 movs r1, #20 +{ + 80031ac: 4616 mov r6, r2 + rng_buffer(num_in, sizeof(num_in)); + 80031ae: f7ff fba7 bl 8002900 + int rv = ae_pick_nonce(num_in, tempkey); + 80031b2: a90f add r1, sp, #60 ; 0x3c + 80031b4: a803 add r0, sp, #12 + 80031b6: f7ff fdcf bl 8002d58 + RET_IF_BAD(rv); + 80031ba: 4604 mov r4, r0 + 80031bc: 2800 cmp r0, #0 + 80031be: d13d bne.n 800323c + + //using Zone=2="Data" => "KeyID specifies a slot in the Data zone" + ae_send(OP_GenDig, 0x2, slot_num); + 80031c0: b2aa uxth r2, r5 + 80031c2: 2102 movs r1, #2 + 80031c4: 2015 movs r0, #21 + 80031c6: f7ff fd92 bl 8002cee + + rv = ae_read1(); + 80031ca: f7ff fd07 bl 8002bdc + RET_IF_BAD(rv); + 80031ce: 4604 mov r4, r0 + 80031d0: bba0 cbnz r0, 800323c + ae_send_idle(); + 80031d2: f7ff fc50 bl 8002a76 + // msg = hkey + b'\x15\x02' + ustruct.pack(" + + uint8_t args[7] = { OP_GenDig, 2, slot_num, 0, 0xEE, 0x01, 0x23 }; + 80031dc: 2302 movs r3, #2 + 80031de: f88d 3005 strb.w r3, [sp, #5] + 80031e2: 23ee movs r3, #238 ; 0xee + 80031e4: f88d 3008 strb.w r3, [sp, #8] + 80031e8: 2301 movs r3, #1 + 80031ea: 2215 movs r2, #21 + 80031ec: f88d 3009 strb.w r3, [sp, #9] + uint8_t zeros[25] = { 0 }; + 80031f0: 4621 mov r1, r4 + uint8_t args[7] = { OP_GenDig, 2, slot_num, 0, 0xEE, 0x01, 0x23 }; + 80031f2: 2323 movs r3, #35 ; 0x23 + uint8_t zeros[25] = { 0 }; + 80031f4: a809 add r0, sp, #36 ; 0x24 + uint8_t args[7] = { OP_GenDig, 2, slot_num, 0, 0xEE, 0x01, 0x23 }; + 80031f6: f88d 300a strb.w r3, [sp, #10] + 80031fa: f88d 2004 strb.w r2, [sp, #4] + 80031fe: f88d 5006 strb.w r5, [sp, #6] + 8003202: f88d 4007 strb.w r4, [sp, #7] + uint8_t zeros[25] = { 0 }; + 8003206: 9408 str r4, [sp, #32] + 8003208: f00a fb7c bl 800d904 + + sha256_update(&ctx, slot_contents, 32); + 800320c: 2220 movs r2, #32 + 800320e: 4639 mov r1, r7 + 8003210: a817 add r0, sp, #92 ; 0x5c + 8003212: f002 fac7 bl 80057a4 + sha256_update(&ctx, args, sizeof(args)); + 8003216: 2207 movs r2, #7 + 8003218: a901 add r1, sp, #4 + 800321a: a817 add r0, sp, #92 ; 0x5c + 800321c: f002 fac2 bl 80057a4 + sha256_update(&ctx, zeros, sizeof(zeros)); + 8003220: 2219 movs r2, #25 + 8003222: a908 add r1, sp, #32 + 8003224: a817 add r0, sp, #92 ; 0x5c + 8003226: f002 fabd bl 80057a4 + sha256_update(&ctx, tempkey, 32); + 800322a: a90f add r1, sp, #60 ; 0x3c + 800322c: a817 add r0, sp, #92 ; 0x5c + 800322e: 2220 movs r2, #32 + 8003230: f002 fab8 bl 80057a4 + + sha256_final(&ctx, digest); + 8003234: 4631 mov r1, r6 + 8003236: a817 add r0, sp, #92 ; 0x5c + 8003238: f002 fafa bl 8005830 + + return 0; +} + 800323c: 4620 mov r0, r4 + 800323e: b02b add sp, #172 ; 0xac + 8003240: bdf0 pop {r4, r5, r6, r7, pc} + ... + +08003244 : +{ + 8003244: b507 push {r0, r1, r2, lr} + 8003246: 4602 mov r2, r0 + int rv = ae_gendig_slot(KEYNUM_pairing, rom_secrets->pairing_secret, randout); + 8003248: 9001 str r0, [sp, #4] + 800324a: 490b ldr r1, [pc, #44] ; (8003278 ) + 800324c: 2001 movs r0, #1 + 800324e: f7ff ffa7 bl 80031a0 + if(rv || !ae_is_correct_tempkey(randout)) { + 8003252: 9a01 ldr r2, [sp, #4] + 8003254: b108 cbz r0, 800325a + fatal_mitm(); + 8003256: f7fd fc0b bl 8000a70 + if(rv || !ae_is_correct_tempkey(randout)) { + 800325a: 4610 mov r0, r2 + 800325c: 9201 str r2, [sp, #4] + 800325e: f7ff fdaf bl 8002dc0 + 8003262: 2800 cmp r0, #0 + 8003264: d0f7 beq.n 8003256 + sha256_single(randout, 32, randout); + 8003266: 9a01 ldr r2, [sp, #4] + 8003268: 2120 movs r1, #32 + 800326a: 4610 mov r0, r2 +} + 800326c: b003 add sp, #12 + 800326e: f85d eb04 ldr.w lr, [sp], #4 + sha256_single(randout, 32, randout); + 8003272: f002 baf1 b.w 8005858 + 8003276: bf00 nop + 8003278: 0801c000 .word 0x0801c000 + +0800327c : +{ + 800327c: b510 push {r4, lr} + 800327e: b088 sub sp, #32 + int rv = ae_gendig_slot(keynum, secret, digest); + 8003280: 466a mov r2, sp + 8003282: f7ff ff8d bl 80031a0 + RET_IF_BAD(rv); + 8003286: 4604 mov r4, r0 + 8003288: b930 cbnz r0, 8003298 + if(!ae_is_correct_tempkey(digest)) return -2; + 800328a: 4668 mov r0, sp + 800328c: f7ff fd98 bl 8002dc0 + 8003290: 2800 cmp r0, #0 + 8003292: bf08 it eq + 8003294: f06f 0401 mvneq.w r4, #1 +} + 8003298: 4620 mov r0, r4 + 800329a: b008 add sp, #32 + 800329c: bd10 pop {r4, pc} + +0800329e : +// the digest should be, and ask the chip to do the same. Verify we match +// using MAC command (done elsewhere). +// + int +ae_gendig_counter(int counter_num, const uint32_t expected_value, uint8_t digest[32]) +{ + 800329e: b5f0 push {r4, r5, r6, r7, lr} + 80032a0: b0ad sub sp, #180 ; 0xb4 + 80032a2: 4605 mov r5, r0 + 80032a4: 9101 str r1, [sp, #4] + uint8_t num_in[20], tempkey[32]; + + rng_buffer(num_in, sizeof(num_in)); + 80032a6: a804 add r0, sp, #16 + 80032a8: 2114 movs r1, #20 +{ + 80032aa: 4616 mov r6, r2 + rng_buffer(num_in, sizeof(num_in)); + 80032ac: f7ff fb28 bl 8002900 + int rv = ae_pick_nonce(num_in, tempkey); + 80032b0: a909 add r1, sp, #36 ; 0x24 + 80032b2: a804 add r0, sp, #16 + 80032b4: f7ff fd50 bl 8002d58 + RET_IF_BAD(rv); + 80032b8: 4604 mov r4, r0 + 80032ba: 2800 cmp r0, #0 + 80032bc: d148 bne.n 8003350 + + //using Zone=4="Counter" => "KeyID specifies the monotonic counter ID" + ae_send(OP_GenDig, 0x4, counter_num); + 80032be: b2aa uxth r2, r5 + 80032c0: 2104 movs r1, #4 + 80032c2: 2015 movs r0, #21 + 80032c4: f7ff fd13 bl 8002cee + + rv = ae_read1(); + 80032c8: f7ff fc88 bl 8002bdc + RET_IF_BAD(rv); + 80032cc: 4604 mov r4, r0 + 80032ce: 2800 cmp r0, #0 + 80032d0: d13e bne.n 8003350 + ae_send_idle(); + 80032d2: f7ff fbd0 bl 8002a76 + // msg = hkey + b'\x15\x02' + ustruct.pack(" + + uint8_t zeros[32] = { 0 }; + 80032dc: 221c movs r2, #28 + 80032de: 4621 mov r1, r4 + 80032e0: a812 add r0, sp, #72 ; 0x48 + 80032e2: 9411 str r4, [sp, #68] ; 0x44 + 80032e4: f00a fb0e bl 800d904 + uint8_t args[8] = { OP_GenDig, 0x4, counter_num, 0, 0xEE, 0x01, 0x23, 0x0 }; + 80032e8: 2315 movs r3, #21 + 80032ea: f88d 3008 strb.w r3, [sp, #8] + 80032ee: 23ee movs r3, #238 ; 0xee + 80032f0: f88d 300c strb.w r3, [sp, #12] + 80032f4: 2301 movs r3, #1 + 80032f6: 2704 movs r7, #4 + 80032f8: f88d 300d strb.w r3, [sp, #13] + + sha256_update(&ctx, zeros, 32); + 80032fc: 2220 movs r2, #32 + uint8_t args[8] = { OP_GenDig, 0x4, counter_num, 0, 0xEE, 0x01, 0x23, 0x0 }; + 80032fe: 2323 movs r3, #35 ; 0x23 + sha256_update(&ctx, zeros, 32); + 8003300: a911 add r1, sp, #68 ; 0x44 + 8003302: a819 add r0, sp, #100 ; 0x64 + uint8_t args[8] = { OP_GenDig, 0x4, counter_num, 0, 0xEE, 0x01, 0x23, 0x0 }; + 8003304: f88d 300e strb.w r3, [sp, #14] + 8003308: f88d 7009 strb.w r7, [sp, #9] + 800330c: f88d 500a strb.w r5, [sp, #10] + 8003310: f88d 400b strb.w r4, [sp, #11] + 8003314: f88d 400f strb.w r4, [sp, #15] + sha256_update(&ctx, zeros, 32); + 8003318: f002 fa44 bl 80057a4 + sha256_update(&ctx, args, sizeof(args)); + 800331c: 2208 movs r2, #8 + 800331e: eb0d 0102 add.w r1, sp, r2 + 8003322: a819 add r0, sp, #100 ; 0x64 + 8003324: f002 fa3e bl 80057a4 + sha256_update(&ctx, (const uint8_t *)&expected_value, 4); + 8003328: 463a mov r2, r7 + 800332a: eb0d 0107 add.w r1, sp, r7 + 800332e: a819 add r0, sp, #100 ; 0x64 + 8003330: f002 fa38 bl 80057a4 + sha256_update(&ctx, zeros, 20); + 8003334: 2214 movs r2, #20 + 8003336: a911 add r1, sp, #68 ; 0x44 + 8003338: a819 add r0, sp, #100 ; 0x64 + 800333a: f002 fa33 bl 80057a4 + sha256_update(&ctx, tempkey, 32); + 800333e: a909 add r1, sp, #36 ; 0x24 + 8003340: a819 add r0, sp, #100 ; 0x64 + 8003342: 2220 movs r2, #32 + 8003344: f002 fa2e bl 80057a4 + + sha256_final(&ctx, digest); + 8003348: 4631 mov r1, r6 + 800334a: a819 add r0, sp, #100 ; 0x64 + 800334c: f002 fa70 bl 8005830 + + return 0; +} + 8003350: 4620 mov r0, r4 + 8003352: b02d add sp, #180 ; 0xb4 + 8003354: bdf0 pop {r4, r5, r6, r7, pc} + +08003356 : +{ + 8003356: b570 push {r4, r5, r6, lr} + ae_send(OP_Counter, 0x0, counter_number); + 8003358: 460a mov r2, r1 +{ + 800335a: b088 sub sp, #32 + 800335c: 4606 mov r6, r0 + 800335e: 460d mov r5, r1 + ae_send(OP_Counter, 0x0, counter_number); + 8003360: 2024 movs r0, #36 ; 0x24 + 8003362: 2100 movs r1, #0 + 8003364: f7ff fcc3 bl 8002cee + int rv = ae_read_n(4, (uint8_t *)result); + 8003368: 4631 mov r1, r6 + 800336a: 2004 movs r0, #4 + 800336c: f7ff fc52 bl 8002c14 + RET_IF_BAD(rv); + 8003370: 4604 mov r4, r0 + 8003372: b960 cbnz r0, 800338e + rv = ae_gendig_counter(counter_number, *result, digest); + 8003374: 6831 ldr r1, [r6, #0] + 8003376: 466a mov r2, sp + 8003378: 4628 mov r0, r5 + 800337a: f7ff ff90 bl 800329e + RET_IF_BAD(rv); + 800337e: 4604 mov r4, r0 + 8003380: b928 cbnz r0, 800338e + if(!ae_is_correct_tempkey(digest)) { + 8003382: 4668 mov r0, sp + 8003384: f7ff fd1c bl 8002dc0 + 8003388: b908 cbnz r0, 800338e + fatal_mitm(); + 800338a: f7fd fb71 bl 8000a70 +} + 800338e: 4620 mov r0, r4 + 8003390: b008 add sp, #32 + 8003392: bd70 pop {r4, r5, r6, pc} + +08003394 : +{ + 8003394: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + 8003398: 4606 mov r6, r0 + 800339a: b089 sub sp, #36 ; 0x24 + 800339c: 460d mov r5, r1 + 800339e: 4617 mov r7, r2 + for(int i=0; i + int rv = ae_gendig_counter(counter_number, *result, digest); + 80033ac: 6831 ldr r1, [r6, #0] + 80033ae: 466a mov r2, sp + 80033b0: 4628 mov r0, r5 + 80033b2: f7ff ff74 bl 800329e + RET_IF_BAD(rv); + 80033b6: 4604 mov r4, r0 + 80033b8: b998 cbnz r0, 80033e2 + if(!ae_is_correct_tempkey(digest)) { + 80033ba: 4668 mov r0, sp + 80033bc: f7ff fd00 bl 8002dc0 + 80033c0: b978 cbnz r0, 80033e2 + fatal_mitm(); + 80033c2: f7fd fb55 bl 8000a70 + ae_send(OP_Counter, 0x1, counter_number); + 80033c6: 464a mov r2, r9 + 80033c8: 2101 movs r1, #1 + 80033ca: 2024 movs r0, #36 ; 0x24 + 80033cc: f7ff fc8f bl 8002cee + int rv = ae_read_n(4, (uint8_t *)result); + 80033d0: 4631 mov r1, r6 + 80033d2: 2004 movs r0, #4 + 80033d4: f7ff fc1e bl 8002c14 + RET_IF_BAD(rv); + 80033d8: 4604 mov r4, r0 + 80033da: b910 cbnz r0, 80033e2 + for(int i=0; i +} + 80033e2: 4620 mov r0, r4 + 80033e4: b009 add sp, #36 ; 0x24 + 80033e6: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + +080033ea : +// ae_encrypted_read32() +// + int +ae_encrypted_read32(int data_slot, int blk, + int read_kn, const uint8_t read_key[32], uint8_t data[32]) +{ + 80033ea: b5f0 push {r4, r5, r6, r7, lr} + 80033ec: b08b sub sp, #44 ; 0x2c + 80033ee: 4617 mov r7, r2 + 80033f0: 460e mov r6, r1 + 80033f2: 9d10 ldr r5, [sp, #64] ; 0x40 + 80033f4: 9301 str r3, [sp, #4] + 80033f6: 4604 mov r4, r0 + uint8_t digest[32]; + + ae_pair_unlock(); + 80033f8: f7ff fdb2 bl 8002f60 + + int rv = ae_gendig_slot(read_kn, read_key, digest); + 80033fc: 9901 ldr r1, [sp, #4] + 80033fe: aa02 add r2, sp, #8 + 8003400: 4638 mov r0, r7 + 8003402: f7ff fecd bl 80031a0 + RET_IF_BAD(rv); + 8003406: b9c0 cbnz r0, 800343a + + // read nth 32-byte "block" + ae_send(OP_Read, 0x82, (blk << 8) | (data_slot<<3)); + 8003408: 00e4 lsls r4, r4, #3 + 800340a: ea44 2206 orr.w r2, r4, r6, lsl #8 + 800340e: 2182 movs r1, #130 ; 0x82 + 8003410: 2002 movs r0, #2 + 8003412: b292 uxth r2, r2 + 8003414: f7ff fc6b bl 8002cee + + rv = ae_read_n(32, data); + 8003418: 4629 mov r1, r5 + 800341a: 2020 movs r0, #32 + 800341c: f7ff fbfa bl 8002c14 + RET_IF_BAD(rv); + 8003420: b958 cbnz r0, 800343a + 8003422: 1e6a subs r2, r5, #1 + 8003424: ab02 add r3, sp, #8 + 8003426: 351f adds r5, #31 + *(acc) ^= *(more); + 8003428: f812 1f01 ldrb.w r1, [r2, #1]! + 800342c: f813 4b01 ldrb.w r4, [r3], #1 + for(; len; len--, more++, acc++) { + 8003430: 4295 cmp r5, r2 + *(acc) ^= *(more); + 8003432: ea81 0104 eor.w r1, r1, r4 + 8003436: 7011 strb r1, [r2, #0] + for(; len; len--, more++, acc++) { + 8003438: d1f6 bne.n 8003428 + + xor_mixin(data, digest, 32); + + return 0; +} + 800343a: b00b add sp, #44 ; 0x2c + 800343c: bdf0 pop {r4, r5, r6, r7, pc} + ... + +08003440 : + +// ae_encrypted_read() +// + int +ae_encrypted_read(int data_slot, int read_kn, const uint8_t read_key[32], uint8_t *data, int len) +{ + 8003440: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + 8003444: b08b sub sp, #44 ; 0x2c + 8003446: 4607 mov r7, r0 + 8003448: 9d12 ldr r5, [sp, #72] ; 0x48 + // not clear if chip supports 4-byte encrypted reads + ASSERT((len == 32) || (len == 72)); + 800344a: 2d20 cmp r5, #32 +{ + 800344c: 4688 mov r8, r1 + 800344e: 4691 mov r9, r2 + 8003450: 461e mov r6, r3 + ASSERT((len == 32) || (len == 72)); + 8003452: d004 beq.n 800345e + 8003454: 2d48 cmp r5, #72 ; 0x48 + 8003456: d002 beq.n 800345e + 8003458: 4815 ldr r0, [pc, #84] ; (80034b0 ) + 800345a: f7fd faff bl 8000a5c + + int rv = ae_encrypted_read32(data_slot, 0, read_kn, read_key, data); + 800345e: 9600 str r6, [sp, #0] + 8003460: 464b mov r3, r9 + 8003462: 4642 mov r2, r8 + 8003464: 2100 movs r1, #0 + 8003466: 4638 mov r0, r7 + 8003468: f7ff ffbf bl 80033ea + RET_IF_BAD(rv); + 800346c: 4604 mov r4, r0 + 800346e: b9d0 cbnz r0, 80034a6 + + if(len == 32) return 0; + 8003470: 2d20 cmp r5, #32 + 8003472: d018 beq.n 80034a6 + + rv = ae_encrypted_read32(data_slot, 1, read_kn, read_key, data+32); + 8003474: f106 0320 add.w r3, r6, #32 + 8003478: 9300 str r3, [sp, #0] + 800347a: 4642 mov r2, r8 + 800347c: 464b mov r3, r9 + 800347e: 2101 movs r1, #1 + 8003480: 4638 mov r0, r7 + 8003482: f7ff ffb2 bl 80033ea + RET_IF_BAD(rv); + 8003486: 4604 mov r4, r0 + 8003488: b968 cbnz r0, 80034a6 + + uint8_t tmp[32]; + rv = ae_encrypted_read32(data_slot, 2, read_kn, read_key, tmp); + 800348a: ad02 add r5, sp, #8 + 800348c: 9500 str r5, [sp, #0] + 800348e: 464b mov r3, r9 + 8003490: 4642 mov r2, r8 + 8003492: 2102 movs r1, #2 + 8003494: 4638 mov r0, r7 + 8003496: f7ff ffa8 bl 80033ea + RET_IF_BAD(rv); + 800349a: 4604 mov r4, r0 + 800349c: b918 cbnz r0, 80034a6 + + memcpy(data+64, tmp, 72-64); + 800349e: 462a mov r2, r5 + 80034a0: ca03 ldmia r2!, {r0, r1} + 80034a2: 6430 str r0, [r6, #64] ; 0x40 + 80034a4: 6471 str r1, [r6, #68] ; 0x44 + + return 0; +} + 80034a6: 4620 mov r0, r4 + 80034a8: b00b add sp, #44 ; 0x2c + 80034aa: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + 80034ae: bf00 nop + 80034b0: 08010470 .word 0x08010470 + +080034b4 : +// ae_encrypted_write() +// + int +ae_encrypted_write32(int data_slot, int blk, int write_kn, + const uint8_t write_key[32], const uint8_t data[32]) +{ + 80034b4: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 80034b8: b0b8 sub sp, #224 ; 0xe0 + 80034ba: 4617 mov r7, r2 + 80034bc: 460d mov r5, r1 + 80034be: 9e3e ldr r6, [sp, #248] ; 0xf8 + 80034c0: 9303 str r3, [sp, #12] + 80034c2: 4604 mov r4, r0 + uint8_t digest[32]; + + ae_pair_unlock(); + 80034c4: f7ff fd4c bl 8002f60 + + // generate a hash over shared secret and rng + int rv = ae_gendig_slot(write_kn, write_key, digest); + 80034c8: 9903 ldr r1, [sp, #12] + 80034ca: aa0d add r2, sp, #52 ; 0x34 + 80034cc: 4638 mov r0, r7 + 80034ce: f7ff fe67 bl 80031a0 + RET_IF_BAD(rv); + 80034d2: 2800 cmp r0, #0 + 80034d4: d151 bne.n 800357a + 80034d6: 1e72 subs r2, r6, #1 + 80034d8: af0d add r7, sp, #52 ; 0x34 + 80034da: a915 add r1, sp, #84 ; 0x54 + 80034dc: f106 0c1f add.w ip, r6, #31 + + // encrypt the data to be written, and append an authenticating MAC + uint8_t body[32 + 32]; + + for(int i=0; i<32; i++) { + body[i] = data[i] ^ digest[i]; + 80034e0: f812 ef01 ldrb.w lr, [r2, #1]! + 80034e4: f817 0b01 ldrb.w r0, [r7], #1 + for(int i=0; i<32; i++) { + 80034e8: 4562 cmp r2, ip + body[i] = data[i] ^ digest[i]; + 80034ea: ea80 000e eor.w r0, r0, lr + 80034ee: f801 0b01 strb.w r0, [r1], #1 + for(int i=0; i<32; i++) { + 80034f2: d1f5 bne.n 80034e0 + // + (b'\0'*25) + // + new_value) + // assert len(msg) == 32+1+1+2+1+2+25+32 + // + SHA256_CTX ctx; + sha256_init(&ctx); + 80034f4: a825 add r0, sp, #148 ; 0x94 + 80034f6: f002 f947 bl 8005788 + + uint8_t p1 = 0x80|2; // 32 bytes into a data slot + uint8_t p2_lsb = (data_slot << 3); + uint8_t p2_msb = blk; + + uint8_t args[7] = { OP_Write, p1, p2_lsb, p2_msb, 0xEE, 0x01, 0x23 }; + 80034fa: 22ee movs r2, #238 ; 0xee + 80034fc: f88d 2014 strb.w r2, [sp, #20] + 8003500: 2201 movs r2, #1 + 8003502: f88d 2015 strb.w r2, [sp, #21] + uint8_t p2_lsb = (data_slot << 3); + 8003506: 00e4 lsls r4, r4, #3 + uint8_t args[7] = { OP_Write, p1, p2_lsb, p2_msb, 0xEE, 0x01, 0x23 }; + 8003508: 2223 movs r2, #35 ; 0x23 + uint8_t zeros[25] = { 0 }; + 800350a: 2100 movs r1, #0 + uint8_t p2_lsb = (data_slot << 3); + 800350c: b2e4 uxtb r4, r4 + uint8_t args[7] = { OP_Write, p1, p2_lsb, p2_msb, 0xEE, 0x01, 0x23 }; + 800350e: 2712 movs r7, #18 + 8003510: f04f 0882 mov.w r8, #130 ; 0x82 + 8003514: f88d 2016 strb.w r2, [sp, #22] + uint8_t zeros[25] = { 0 }; + 8003518: a807 add r0, sp, #28 + 800351a: 2215 movs r2, #21 + 800351c: 9106 str r1, [sp, #24] + uint8_t args[7] = { OP_Write, p1, p2_lsb, p2_msb, 0xEE, 0x01, 0x23 }; + 800351e: f88d 7010 strb.w r7, [sp, #16] + 8003522: f88d 8011 strb.w r8, [sp, #17] + 8003526: f88d 4012 strb.w r4, [sp, #18] + uint8_t p2_msb = blk; + 800352a: f88d 5013 strb.w r5, [sp, #19] + uint8_t zeros[25] = { 0 }; + 800352e: f00a f9e9 bl 800d904 + + sha256_update(&ctx, digest, 32); + 8003532: 2220 movs r2, #32 + 8003534: a90d add r1, sp, #52 ; 0x34 + 8003536: a825 add r0, sp, #148 ; 0x94 + 8003538: f002 f934 bl 80057a4 + sha256_update(&ctx, args, sizeof(args)); + 800353c: 2207 movs r2, #7 + 800353e: a904 add r1, sp, #16 + 8003540: a825 add r0, sp, #148 ; 0x94 + 8003542: f002 f92f bl 80057a4 + sha256_update(&ctx, zeros, sizeof(zeros)); + 8003546: 2219 movs r2, #25 + 8003548: a906 add r1, sp, #24 + 800354a: a825 add r0, sp, #148 ; 0x94 + 800354c: f002 f92a bl 80057a4 + sha256_update(&ctx, data, 32); + 8003550: 2220 movs r2, #32 + 8003552: 4631 mov r1, r6 + 8003554: a825 add r0, sp, #148 ; 0x94 + 8003556: f002 f925 bl 80057a4 + + sha256_final(&ctx, &body[32]); + 800355a: a91d add r1, sp, #116 ; 0x74 + 800355c: a825 add r0, sp, #148 ; 0x94 + 800355e: f002 f967 bl 8005830 + + ae_send_n(OP_Write, p1, (p2_msb << 8) | p2_lsb, body, sizeof(body)); + 8003562: 2140 movs r1, #64 ; 0x40 + 8003564: ea44 2205 orr.w r2, r4, r5, lsl #8 + 8003568: b292 uxth r2, r2 + 800356a: 9100 str r1, [sp, #0] + 800356c: ab15 add r3, sp, #84 ; 0x54 + 800356e: 4641 mov r1, r8 + 8003570: 4638 mov r0, r7 + 8003572: f7ff fb89 bl 8002c88 + + return ae_read1(); + 8003576: f7ff fb31 bl 8002bdc +} + 800357a: b038 add sp, #224 ; 0xe0 + 800357c: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + +08003580 : +// ae_encrypted_write() +// + int +ae_encrypted_write(int data_slot, int write_kn, const uint8_t write_key[32], + const uint8_t *data, int len) +{ + 8003580: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 8003584: b08a sub sp, #40 ; 0x28 + ASSERT(data_slot >= 0); + ASSERT(data_slot <= 15); + 8003586: 280f cmp r0, #15 +{ + 8003588: 9d12 ldr r5, [sp, #72] ; 0x48 + 800358a: 4606 mov r6, r0 + 800358c: 460f mov r7, r1 + 800358e: 4690 mov r8, r2 + 8003590: 4699 mov r9, r3 + ASSERT(data_slot <= 15); + 8003592: d902 bls.n 800359a + ASSERT(data_slot >= 0); + 8003594: 4814 ldr r0, [pc, #80] ; (80035e8 ) + 8003596: f7fd fa61 bl 8000a5c + + for(int blk=0; blk<3 && len>0; blk++, len-=32) { + 800359a: 2400 movs r4, #0 + int here = MIN(32, len); + + // be nice and don't read past end of input buffer + uint8_t tmp[32] = { 0 }; + 800359c: 46a2 mov sl, r4 + for(int blk=0; blk<3 && len>0; blk++, len-=32) { + 800359e: 2d00 cmp r5, #0 + 80035a0: dd1d ble.n 80035de + uint8_t tmp[32] = { 0 }; + 80035a2: 221c movs r2, #28 + 80035a4: 2100 movs r1, #0 + 80035a6: a803 add r0, sp, #12 + 80035a8: f8cd a008 str.w sl, [sp, #8] + 80035ac: f00a f9aa bl 800d904 + memcpy(tmp, data+(32*blk), here); + 80035b0: ab02 add r3, sp, #8 + 80035b2: 2d20 cmp r5, #32 + 80035b4: 462a mov r2, r5 + 80035b6: eb09 1144 add.w r1, r9, r4, lsl #5 + 80035ba: bfa8 it ge + 80035bc: 2220 movge r2, #32 + 80035be: 4618 mov r0, r3 + 80035c0: f00a f992 bl 800d8e8 + + int rv = ae_encrypted_write32(data_slot, blk, write_kn, write_key, tmp); + 80035c4: 4643 mov r3, r8 + 80035c6: 9000 str r0, [sp, #0] + 80035c8: 463a mov r2, r7 + 80035ca: 4621 mov r1, r4 + 80035cc: 4630 mov r0, r6 + 80035ce: f7ff ff71 bl 80034b4 + RET_IF_BAD(rv); + 80035d2: b928 cbnz r0, 80035e0 + for(int blk=0; blk<3 && len>0; blk++, len-=32) { + 80035d4: 3401 adds r4, #1 + 80035d6: 2c03 cmp r4, #3 + 80035d8: f1a5 0520 sub.w r5, r5, #32 + 80035dc: d1df bne.n 800359e + } + + return 0; + 80035de: 2000 movs r0, #0 +} + 80035e0: b00a add sp, #40 ; 0x28 + 80035e2: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + 80035e6: bf00 nop + 80035e8: 08010470 .word 0x08010470 + +080035ec : + +// ae_read_data_slot() +// + int +ae_read_data_slot(int slot_num, uint8_t *data, int len) +{ + 80035ec: b570 push {r4, r5, r6, lr} + ASSERT((len == 4) || (len == 32) || (len == 72)); + 80035ee: 2a04 cmp r2, #4 +{ + 80035f0: b088 sub sp, #32 + 80035f2: 460d mov r5, r1 + 80035f4: 4616 mov r6, r2 + ASSERT((len == 4) || (len == 32) || (len == 72)); + 80035f6: d006 beq.n 8003606 + 80035f8: 2a20 cmp r2, #32 + 80035fa: d038 beq.n 800366e + 80035fc: 2a48 cmp r2, #72 ; 0x48 + 80035fe: d036 beq.n 800366e + 8003600: 481c ldr r0, [pc, #112] ; (8003674 ) + 8003602: f7fd fa2b bl 8000a5c + + // zone => data + // only reading first block of 32 bytes. ignore the rest + ae_send(OP_Read, (len == 4 ? 0x00 : 0x80) | 2, (slot_num<<3)); + 8003606: 2102 movs r1, #2 + 8003608: 00c4 lsls r4, r0, #3 + 800360a: b2a2 uxth r2, r4 + 800360c: 2002 movs r0, #2 + 800360e: f7ff fb6e bl 8002cee + + int rv = ae_read_n((len == 4) ? 4 : 32, data); + 8003612: 2e04 cmp r6, #4 + 8003614: 4629 mov r1, r5 + 8003616: bf0c ite eq + 8003618: 2004 moveq r0, #4 + 800361a: 2020 movne r0, #32 + 800361c: f7ff fafa bl 8002c14 + RET_IF_BAD(rv); + 8003620: 4603 mov r3, r0 + 8003622: bb08 cbnz r0, 8003668 + + if(len == 72) { + 8003624: 2e48 cmp r6, #72 ; 0x48 + 8003626: d11f bne.n 8003668 + // read second block + ae_send(OP_Read, 0x82, (1<<8) | (slot_num<<3)); + 8003628: b224 sxth r4, r4 + 800362a: f444 7280 orr.w r2, r4, #256 ; 0x100 + 800362e: b292 uxth r2, r2 + 8003630: 2182 movs r1, #130 ; 0x82 + 8003632: 2002 movs r0, #2 + 8003634: f7ff fb5b bl 8002cee + + int rv = ae_read_n(32, data+32); + 8003638: f105 0120 add.w r1, r5, #32 + 800363c: 2020 movs r0, #32 + 800363e: f7ff fae9 bl 8002c14 + RET_IF_BAD(rv); + 8003642: 4603 mov r3, r0 + 8003644: b980 cbnz r0, 8003668 + + // read third block, but only using part of it + uint8_t tmp[32]; + ae_send(OP_Read, 0x82, (2<<8) | (slot_num<<3)); + 8003646: f444 7400 orr.w r4, r4, #512 ; 0x200 + 800364a: b2a2 uxth r2, r4 + 800364c: 2182 movs r1, #130 ; 0x82 + 800364e: 2002 movs r0, #2 + 8003650: f7ff fb4d bl 8002cee + + rv = ae_read_n(32, tmp); + 8003654: 4669 mov r1, sp + 8003656: 2020 movs r0, #32 + 8003658: f7ff fadc bl 8002c14 + RET_IF_BAD(rv); + 800365c: 4603 mov r3, r0 + 800365e: b918 cbnz r0, 8003668 + + memcpy(data+64, tmp, 72-64); + 8003660: 466a mov r2, sp + 8003662: ca03 ldmia r2!, {r0, r1} + 8003664: 6428 str r0, [r5, #64] ; 0x40 + 8003666: 6469 str r1, [r5, #68] ; 0x44 + } + + return 0; +} + 8003668: 4618 mov r0, r3 + 800366a: b008 add sp, #32 + 800366c: bd70 pop {r4, r5, r6, pc} + ae_send(OP_Read, (len == 4 ? 0x00 : 0x80) | 2, (slot_num<<3)); + 800366e: 2182 movs r1, #130 ; 0x82 + 8003670: e7ca b.n 8003608 + 8003672: bf00 nop + 8003674: 08010470 .word 0x08010470 + +08003678 : + +// ae_set_gpio() +// + int +ae_set_gpio(int state) +{ + 8003678: b513 push {r0, r1, r4, lr} + // 1=turn on green, 0=red light (if not yet configured to be secure) + ae_send(OP_Info, 3, 2 | (!!state)); + 800367a: 1e04 subs r4, r0, #0 + 800367c: bf14 ite ne + 800367e: 2203 movne r2, #3 + 8003680: 2202 moveq r2, #2 + 8003682: 2103 movs r1, #3 + 8003684: 2030 movs r0, #48 ; 0x30 + 8003686: f7ff fb32 bl 8002cee + + // "Always return the current state in the first byte followed by three bytes of 0x00" + // - simple 1/0, in LSB. + uint8_t resp[4]; + + int rv = ae_read_n(4, resp); + 800368a: a901 add r1, sp, #4 + 800368c: 2004 movs r0, #4 + 800368e: f7ff fac1 bl 8002c14 + RET_IF_BAD(rv); + 8003692: b928 cbnz r0, 80036a0 + + return (resp[0] != state) ? -1 : 0; + 8003694: f89d 0004 ldrb.w r0, [sp, #4] + 8003698: 1b00 subs r0, r0, r4 + 800369a: bf18 it ne + 800369c: f04f 30ff movne.w r0, #4294967295 ; 0xffffffff +} + 80036a0: b002 add sp, #8 + 80036a2: bd10 pop {r4, pc} + +080036a4 : +// +// Set the GPIO using secure hash generated somehow already. +// + int +ae_set_gpio_secure(uint8_t digest[32]) +{ + 80036a4: b538 push {r3, r4, r5, lr} + 80036a6: 4605 mov r5, r0 + ae_pair_unlock(); + 80036a8: f7ff fc5a bl 8002f60 + ae_checkmac(KEYNUM_firmware, digest); + 80036ac: 4629 mov r1, r5 + 80036ae: 200e movs r0, #14 + 80036b0: f7ff fbd4 bl 8002e5c + + int rv = ae_set_gpio(1); + 80036b4: 2001 movs r0, #1 + 80036b6: f7ff ffdf bl 8003678 + + if(rv == 0) { + 80036ba: 4604 mov r4, r0 + 80036bc: b940 cbnz r0, 80036d0 + // trust that readback, and so do a verify that the chip has + // the digest we think it does. If MitM wanted to turn off the output, + // they can do that anytime regardless. We just don't want them to be + // able to fake it being set, and therefore bypass the + // "unsigned firmware" delay and warning. + ae_pair_unlock(); + 80036be: f7ff fc4f bl 8002f60 + + if(ae_checkmac_hard(KEYNUM_firmware, digest) != 0) { + 80036c2: 4629 mov r1, r5 + 80036c4: 200e movs r0, #14 + 80036c6: f7ff fdd9 bl 800327c + 80036ca: b108 cbz r0, 80036d0 + fatal_mitm(); + 80036cc: f7fd f9d0 bl 8000a70 + } + } + + return rv; +} + 80036d0: 4620 mov r0, r4 + 80036d2: bd38 pop {r3, r4, r5, pc} + +080036d4 : +// +// IMPORTANT: do not trust this result, could be MitM'ed. +// + uint8_t +ae_get_gpio(void) +{ + 80036d4: b507 push {r0, r1, r2, lr} + // not doing error checking here + ae_send(OP_Info, 0x3, 0); + 80036d6: 2200 movs r2, #0 + 80036d8: 2103 movs r1, #3 + 80036da: 2030 movs r0, #48 ; 0x30 + 80036dc: f7ff fb07 bl 8002cee + + // note: always returns 4 bytes, but most are garbage and unused. + uint8_t tmp[4]; + ae_read_n(4, tmp); + 80036e0: a901 add r1, sp, #4 + 80036e2: 2004 movs r0, #4 + 80036e4: f7ff fa96 bl 8002c14 + + return tmp[0]; +} + 80036e8: f89d 0004 ldrb.w r0, [sp, #4] + 80036ec: b003 add sp, #12 + 80036ee: f85d fb04 ldr.w pc, [sp], #4 + +080036f2 : +// +// Read a 4-byte area from config area, or -1 if fail. +// + int +ae_read_config_word(int offset, uint8_t *dest) +{ + 80036f2: b510 push {r4, lr} + offset &= 0x7f; + + // read 32 bits (aligned) + ae_send(OP_Read, 0x00, offset/4); + 80036f4: f3c0 0284 ubfx r2, r0, #2, #5 +{ + 80036f8: 460c mov r4, r1 + ae_send(OP_Read, 0x00, offset/4); + 80036fa: 2002 movs r0, #2 + 80036fc: 2100 movs r1, #0 + 80036fe: f7ff faf6 bl 8002cee + + int rv = ae_read_n(4, dest); + 8003702: 4621 mov r1, r4 + 8003704: 2004 movs r0, #4 + 8003706: f7ff fa85 bl 8002c14 + if(rv) return -1; + 800370a: 3800 subs r0, #0 + 800370c: bf18 it ne + 800370e: 2001 movne r0, #1 + + return 0; +} + 8003710: 4240 negs r0, r0 + 8003712: bd10 pop {r4, pc} + +08003714 : +{ + 8003714: b513 push {r0, r1, r4, lr} + 8003716: 4604 mov r4, r0 + ae_read_config_word(offset, tmp); + 8003718: a901 add r1, sp, #4 + 800371a: f7ff ffea bl 80036f2 + return tmp[offset % 4]; + 800371e: 4263 negs r3, r4 + 8003720: f003 0303 and.w r3, r3, #3 + 8003724: f004 0403 and.w r4, r4, #3 + 8003728: bf58 it pl + 800372a: 425c negpl r4, r3 + 800372c: f104 0308 add.w r3, r4, #8 + 8003730: eb0d 0403 add.w r4, sp, r3 +} + 8003734: f814 0c04 ldrb.w r0, [r4, #-4] + 8003738: b002 add sp, #8 + 800373a: bd10 pop {r4, pc} + +0800373c : + +// ae_destroy_key() +// + int +ae_destroy_key(int keynum) +{ + 800373c: b510 push {r4, lr} + 800373e: b090 sub sp, #64 ; 0x40 + uint8_t numin[20]; + + // Load tempkey with a known (random) nonce value + rng_buffer(numin, sizeof(numin)); + 8003740: 2114 movs r1, #20 +{ + 8003742: 4604 mov r4, r0 + rng_buffer(numin, sizeof(numin)); + 8003744: a803 add r0, sp, #12 + 8003746: f7ff f8db bl 8002900 + ae_send_n(OP_Nonce, 0, 0, numin, 20); + 800374a: 2314 movs r3, #20 + 800374c: 2200 movs r2, #0 + 800374e: 9300 str r3, [sp, #0] + 8003750: 4611 mov r1, r2 + 8003752: 2016 movs r0, #22 + 8003754: ab03 add r3, sp, #12 + 8003756: f7ff fa97 bl 8002c88 + + // Nonce command returns the RNG result, not contents of TempKey, + // but since we are destroying, no need to calculate what it is. + uint8_t randout[32]; + int rv = ae_read_n(32, randout); + 800375a: a908 add r1, sp, #32 + 800375c: 2020 movs r0, #32 + 800375e: f7ff fa59 bl 8002c14 + RET_IF_BAD(rv); + 8003762: b930 cbnz r0, 8003772 + + // do a "DeriveKey" operation, based on that! + ae_send(OP_DeriveKey, 0x00, keynum); + 8003764: 4601 mov r1, r0 + 8003766: b2a2 uxth r2, r4 + 8003768: 201c movs r0, #28 + 800376a: f7ff fac0 bl 8002cee + + return ae_read1(); + 800376e: f7ff fa35 bl 8002bdc +} + 8003772: b010 add sp, #64 ; 0x40 + 8003774: bd10 pop {r4, pc} + +08003776 : + +// ae_config_read() +// + int +ae_config_read(uint8_t config[128]) +{ + 8003776: b538 push {r3, r4, r5, lr} + 8003778: 4605 mov r5, r0 + for(int blk=0; blk<4; blk++) { + 800377a: 2400 movs r4, #0 + // read 32 bytes (aligned) from config "zone" + ae_send(OP_Read, 0x80, blk<<3); + 800377c: 00e2 lsls r2, r4, #3 + 800377e: 2180 movs r1, #128 ; 0x80 + 8003780: 2002 movs r0, #2 + 8003782: b292 uxth r2, r2 + 8003784: f7ff fab3 bl 8002cee + + int rv = ae_read_n(32, &config[32*blk]); + 8003788: eb05 1144 add.w r1, r5, r4, lsl #5 + 800378c: 2020 movs r0, #32 + 800378e: f7ff fa41 bl 8002c14 + if(rv) return EIO; + 8003792: b918 cbnz r0, 800379c + for(int blk=0; blk<4; blk++) { + 8003794: 3401 adds r4, #1 + 8003796: 2c04 cmp r4, #4 + 8003798: d1f0 bne.n 800377c + } + + return 0; +} + 800379a: bd38 pop {r3, r4, r5, pc} + if(rv) return EIO; + 800379c: 2005 movs r0, #5 + 800379e: e7fc b.n 800379a + +080037a0 : +// us to write the (existing) pairing secret into, they would see the pairing +// secret in cleartext. They could then restore original chip and access freely. +// + int +ae_setup_config(void) +{ + 80037a0: b5f0 push {r4, r5, r6, r7, lr} + 80037a2: 2405 movs r4, #5 + 80037a4: f5ad 7d41 sub.w sp, sp, #772 ; 0x304 + // Need to wake up AE, since many things happen before this point. + for(int retry=0; retry<5; retry++) { + if(!ae_probe()) break; + 80037a8: f7ff fc6c bl 8003084 + 80037ac: b108 cbz r0, 80037b2 + for(int retry=0; retry<5; retry++) { + 80037ae: 3c01 subs r4, #1 + 80037b0: d1fa bne.n 80037a8 + // Is data zone is locked? + // Allow rest of function to happen if it's not. + +#if 1 + // 0x55 = unlocked; 0x00 = locked + bool data_locked = (ae_read_config_byte(86) != 0x55); + 80037b2: 2056 movs r0, #86 ; 0x56 + 80037b4: f7ff ffae bl 8003714 + if(data_locked) return 0; // basically success + 80037b8: 2855 cmp r0, #85 ; 0x55 + 80037ba: f040 80df bne.w 800397c + + // To lock, we need a CRC over whole thing, but we + // only set a few values... plus the serial number is + // in there, so start with some readout. + uint8_t config[128]; + int rv = ae_config_read(config); + 80037be: a838 add r0, sp, #224 ; 0xe0 + 80037c0: f7ff ffd9 bl 8003776 + if(rv) return rv; + 80037c4: 4604 mov r4, r0 + 80037c6: 2800 cmp r0, #0 + 80037c8: f040 80d9 bne.w 800397e + uint8_t config[128]; + while(ae_config_read(config)) ; +#endif + + // verify some fixed values + ASSERT(config[0] == 0x01); + 80037cc: f89d 30e0 ldrb.w r3, [sp, #224] ; 0xe0 + 80037d0: 2b01 cmp r3, #1 + 80037d2: d002 beq.n 80037da + 80037d4: 486f ldr r0, [pc, #444] ; (8003994 ) + + ae_keep_alive(); + + // lock config zone + if(ae_lock_config_zone(config)) { + INCONSISTENT("conf lock"); + 80037d6: f7fd f941 bl 8000a5c + ASSERT(config[1] == 0x23); + 80037da: f89d 30e1 ldrb.w r3, [sp, #225] ; 0xe1 + 80037de: 2b23 cmp r3, #35 ; 0x23 + 80037e0: d1f8 bne.n 80037d4 + ASSERT(config[12] == 0xee); + 80037e2: f89d 30ec ldrb.w r3, [sp, #236] ; 0xec + 80037e6: 2bee cmp r3, #238 ; 0xee + 80037e8: d1f4 bne.n 80037d4 + int8_t partno = ((config[6]>>4)&0xf); + 80037ea: f89d 30e6 ldrb.w r3, [sp, #230] ; 0xe6 + ASSERT(partno == 6); + 80037ee: 091b lsrs r3, r3, #4 + 80037f0: 2b06 cmp r3, #6 + 80037f2: d1ef bne.n 80037d4 + memcpy(serial, &config[0], 4); + 80037f4: 9b38 ldr r3, [sp, #224] ; 0xe0 + 80037f6: 9303 str r3, [sp, #12] + memcpy(&serial[4], &config[8], 5); + 80037f8: ab3a add r3, sp, #232 ; 0xe8 + 80037fa: e893 0003 ldmia.w r3, {r0, r1} + 80037fe: 9004 str r0, [sp, #16] + 8003800: f88d 1014 strb.w r1, [sp, #20] + if(check_all_ones(rom_secrets->ae_serial_number, 9)) { + 8003804: 4864 ldr r0, [pc, #400] ; (8003998 ) + 8003806: 2109 movs r1, #9 + 8003808: f7ff f812 bl 8002830 + 800380c: b110 cbz r0, 8003814 + flash_save_ae_serial(serial); + 800380e: a803 add r0, sp, #12 + 8003810: f7fe fd30 bl 8002274 + if(!check_equal(rom_secrets->ae_serial_number, serial, 9)) { + 8003814: 4860 ldr r0, [pc, #384] ; (8003998 ) + 8003816: 2209 movs r2, #9 + 8003818: a903 add r1, sp, #12 + 800381a: f7ff f822 bl 8002862 + 800381e: 2800 cmp r0, #0 + 8003820: f000 80b6 beq.w 8003990 + if(config[87] == 0x55) { + 8003824: f89d 3137 ldrb.w r3, [sp, #311] ; 0x137 + 8003828: 2b55 cmp r3, #85 ; 0x55 + 800382a: d12b bne.n 8003884 + memcpy(&config[16], config_1, sizeof(config_1)); + 800382c: 495b ldr r1, [pc, #364] ; (800399c ) + 800382e: 2244 movs r2, #68 ; 0x44 + 8003830: a83c add r0, sp, #240 ; 0xf0 + 8003832: f00a f859 bl 800d8e8 + memcpy(&config[90], config_2, sizeof(config_2)); + 8003836: 4b5a ldr r3, [pc, #360] ; (80039a0 ) + 8003838: f50d 729d add.w r2, sp, #314 ; 0x13a + 800383c: f103 0124 add.w r1, r3, #36 ; 0x24 + 8003840: f853 0b04 ldr.w r0, [r3], #4 + 8003844: f842 0b04 str.w r0, [r2], #4 + 8003848: 428b cmp r3, r1 + 800384a: d1f9 bne.n 8003840 + 800384c: 881b ldrh r3, [r3, #0] + 800384e: 8013 strh r3, [r2, #0] + for(int n=16; n<128; n+= 4) { + 8003850: 2510 movs r5, #16 + ae_send_n(OP_Write, 0, n/4, &config[n], 4); + 8003852: 2604 movs r6, #4 + if(n == 84) continue; // that word not writable + 8003854: 2d54 cmp r5, #84 ; 0x54 + 8003856: d130 bne.n 80038ba + for(int n=16; n<128; n+= 4) { + 8003858: 3504 adds r5, #4 + 800385a: 2d80 cmp r5, #128 ; 0x80 + 800385c: d1fa bne.n 8003854 + ae_send_idle(); + 800385e: f7ff f90a bl 8002a76 + uint8_t crc[2] = {0, 0}; + 8003862: 2600 movs r6, #0 + crc16_chain(128, config, crc); + 8003864: aa58 add r2, sp, #352 ; 0x160 + 8003866: a938 add r1, sp, #224 ; 0xe0 + 8003868: 4628 mov r0, r5 + uint8_t crc[2] = {0, 0}; + 800386a: f8ad 6160 strh.w r6, [sp, #352] ; 0x160 + crc16_chain(128, config, crc); + 800386e: f7ff f8b5 bl 80029dc + ae_send(OP_Lock, 0x0, (crc[1]<<8) | crc[0]); + 8003872: f8bd 2160 ldrh.w r2, [sp, #352] ; 0x160 + 8003876: 4631 mov r1, r6 + 8003878: 2017 movs r0, #23 + 800387a: f7ff fa38 bl 8002cee + return ae_read1(); + 800387e: f7ff f9ad bl 8002bdc + if(ae_lock_config_zone(config)) { + 8003882: bb38 cbnz r0, 80038d4 + // Load data zone with some known values. + // The datazone still unlocked, so no encryption needed (nor possible). + + // will use zeros for all PIN codes, and customer-defined-secret starting values + uint8_t zeros[72]; + memset(zeros, 0, sizeof(zeros)); + 8003884: 2248 movs r2, #72 ; 0x48 + 8003886: 2100 movs r1, #0 + 8003888: a826 add r0, sp, #152 ; 0x98 + 800388a: f00a f83b bl 800d904 + se2_save_auth_pubkey(pubkey); + break; + } + + case 0: + if(ae_write_data_slot(kn, (const uint8_t *)copyright_msg, 32, true)) { + 800388e: 4e45 ldr r6, [pc, #276] ; (80039a4 ) + 8003890: f8bd 5138 ldrh.w r5, [sp, #312] ; 0x138 + if(ae_write_data_slot(kn, rom_secrets->pairing_secret, 32, false)) { + 8003894: 4f44 ldr r7, [pc, #272] ; (80039a8 ) + ae_send_idle(); + 8003896: f7ff f8ee bl 8002a76 + if(!(unlocked & (1< + switch(kn) { + 80038a2: 2c0e cmp r4, #14 + 80038a4: d85c bhi.n 8003960 + 80038a6: e8df f004 tbb [pc, r4] + 80038aa: 176e .short 0x176e + 80038ac: 29202920 .word 0x29202920 + 80038b0: 2d304c3e .word 0x2d304c3e + 80038b4: 2d2d2d2d .word 0x2d2d2d2d + 80038b8: 29 .byte 0x29 + 80038b9: 00 .byte 0x00 + ae_send_n(OP_Write, 0, n/4, &config[n], 4); + 80038ba: ab38 add r3, sp, #224 ; 0xe0 + 80038bc: 442b add r3, r5 + 80038be: f3c5 028f ubfx r2, r5, #2, #16 + 80038c2: 2100 movs r1, #0 + 80038c4: 2012 movs r0, #18 + 80038c6: 9600 str r6, [sp, #0] + 80038c8: f7ff f9de bl 8002c88 + int rv = ae_read1(); + 80038cc: f7ff f986 bl 8002bdc + if(rv) return rv; + 80038d0: 2800 cmp r0, #0 + 80038d2: d0c1 beq.n 8003858 + INCONSISTENT("conf lock"); + 80038d4: 4835 ldr r0, [pc, #212] ; (80039ac ) + 80038d6: e77e b.n 80037d6 + if(ae_write_data_slot(kn, rom_secrets->pairing_secret, 32, false)) { + 80038d8: 2300 movs r3, #0 + 80038da: 2220 movs r2, #32 + 80038dc: 4639 mov r1, r7 + 80038de: 2001 movs r0, #1 + if(ae_write_data_slot(kn, (const uint8_t *)copyright_msg, 32, true)) { + 80038e0: f7ff fbf4 bl 80030cc + 80038e4: 2800 cmp r0, #0 + 80038e6: d03b beq.n 8003960 + 80038e8: e7f4 b.n 80038d4 + rng_buffer(tmp, sizeof(tmp)); + 80038ea: 2120 movs r1, #32 + 80038ec: a806 add r0, sp, #24 + 80038ee: f7ff f807 bl 8002900 + if(ae_write_data_slot(kn, tmp, 32, true)) { + 80038f2: 2301 movs r3, #1 + 80038f4: 2220 movs r2, #32 + 80038f6: a906 add r1, sp, #24 + if(ae_write_data_slot(kn, zeros, 32, false)) { + 80038f8: 4620 mov r0, r4 + 80038fa: e7f1 b.n 80038e0 + 80038fc: 2300 movs r3, #0 + 80038fe: 2220 movs r2, #32 + 8003900: a926 add r1, sp, #152 ; 0x98 + 8003902: e7f9 b.n 80038f8 + if(ae_write_data_slot(kn, zeros, 72, false)) { + 8003904: 2300 movs r3, #0 + 8003906: 2248 movs r2, #72 ; 0x48 + 8003908: e7fa b.n 8003900 + uint8_t long_zeros[416] = {0}; + 800390a: 2300 movs r3, #0 + 800390c: 4619 mov r1, r3 + 800390e: f44f 72ce mov.w r2, #412 ; 0x19c + 8003912: a859 add r0, sp, #356 ; 0x164 + 8003914: 9358 str r3, [sp, #352] ; 0x160 + 8003916: f009 fff5 bl 800d904 + if(ae_write_data_slot(kn, long_zeros, 416, false)) { + 800391a: 2300 movs r3, #0 + 800391c: f44f 72d0 mov.w r2, #416 ; 0x1a0 + 8003920: a958 add r1, sp, #352 ; 0x160 + 8003922: 2008 movs r0, #8 + 8003924: e7dc b.n 80038e0 + uint32_t buf[32/4] = { 1024, 1024 }; + 8003926: 2218 movs r2, #24 + 8003928: 2100 movs r1, #0 + 800392a: a810 add r0, sp, #64 ; 0x40 + 800392c: f009 ffea bl 800d904 + 8003930: f44f 6380 mov.w r3, #1024 ; 0x400 + 8003934: e9cd 330e strd r3, r3, [sp, #56] ; 0x38 + if(ae_write_data_slot(KEYNUM_match_count, (const uint8_t *)buf,sizeof(buf),false)) { + 8003938: 2220 movs r2, #32 + 800393a: 2300 movs r3, #0 + 800393c: a90e add r1, sp, #56 ; 0x38 + 800393e: 2006 movs r0, #6 + 8003940: e7ce b.n 80038e0 + if(ae_checkmac_hard(KEYNUM_main_pin, zeros) != 0) { + 8003942: a926 add r1, sp, #152 ; 0x98 + 8003944: 2003 movs r0, #3 + 8003946: f7ff fc99 bl 800327c + 800394a: 2800 cmp r0, #0 + 800394c: d1c2 bne.n 80038d4 + if(ae_gen_ecc_key(KEYNUM_joiner_key, pubkey)) { + 800394e: a916 add r1, sp, #88 ; 0x58 + 8003950: 2007 movs r0, #7 + 8003952: f7ff fb2b bl 8002fac + 8003956: 2800 cmp r0, #0 + 8003958: d1bc bne.n 80038d4 + se2_save_auth_pubkey(pubkey); + 800395a: a816 add r0, sp, #88 ; 0x58 + 800395c: f004 f9c4 bl 8007ce8 + for(int kn=0; kn<16; kn++) { + 8003960: 3401 adds r4, #1 + 8003962: 2c10 cmp r4, #16 + 8003964: d197 bne.n 8003896 + ae_send_idle(); + 8003966: f7ff f886 bl 8002a76 + ae_send(OP_Lock, 0x81, 0x0000); + 800396a: 2200 movs r2, #0 + 800396c: 2181 movs r1, #129 ; 0x81 + 800396e: 2017 movs r0, #23 + 8003970: f7ff f9bd bl 8002cee + return ae_read1(); + 8003974: f7ff f932 bl 8002bdc + } + } + + // lock the data zone and effectively enter normal operation. + ae_keep_alive(); + if(ae_lock_data_zone()) { + 8003978: 2800 cmp r0, #0 + 800397a: d1ab bne.n 80038d4 + if(data_locked) return 0; // basically success + 800397c: 2400 movs r4, #0 + INCONSISTENT("data lock"); + } + + return 0; +} + 800397e: 4620 mov r0, r4 + 8003980: f50d 7d41 add.w sp, sp, #772 ; 0x304 + 8003984: bdf0 pop {r4, r5, r6, r7, pc} + if(ae_write_data_slot(kn, (const uint8_t *)copyright_msg, 32, true)) { + 8003986: 2301 movs r3, #1 + 8003988: 2220 movs r2, #32 + 800398a: 4631 mov r1, r6 + 800398c: 2000 movs r0, #0 + 800398e: e7a7 b.n 80038e0 + return EPERM; + 8003990: 2401 movs r4, #1 + 8003992: e7f4 b.n 800397e + 8003994: 08010470 .word 0x08010470 + 8003998: 0801c040 .word 0x0801c040 + 800399c: 0801070a .word 0x0801070a + 80039a0: 0801074e .word 0x0801074e + 80039a4: 080106c6 .word 0x080106c6 + 80039a8: 0801c000 .word 0x0801c000 + 80039ac: 0800d990 .word 0x0800d990 + +080039b0 : +// - but our time to do each iteration is limited by software SHA256 in ae_pair_unlock +// + int +ae_stretch_iter(const uint8_t start[32], uint8_t end[32], int iterations) +{ + ASSERT(start != end); // we can't work inplace + 80039b0: 4288 cmp r0, r1 +{ + 80039b2: b570 push {r4, r5, r6, lr} + 80039b4: 460c mov r4, r1 + 80039b6: 4615 mov r5, r2 + ASSERT(start != end); // we can't work inplace + 80039b8: d102 bne.n 80039c0 + 80039ba: 4810 ldr r0, [pc, #64] ; (80039fc ) + 80039bc: f7fd f84e bl 8000a5c + memcpy(end, start, 32); + 80039c0: 460b mov r3, r1 + 80039c2: f100 0220 add.w r2, r0, #32 + 80039c6: f850 1b04 ldr.w r1, [r0], #4 + 80039ca: f843 1b04 str.w r1, [r3], #4 + 80039ce: 4290 cmp r0, r2 + 80039d0: d1f9 bne.n 80039c6 + + for(int i=0; i + + int rv = ae_hmac32(KEYNUM_pin_stretch, end, end); + RET_IF_BAD(rv); + } + + return 0; + 80039d8: 2000 movs r0, #0 +} + 80039da: bd70 pop {r4, r5, r6, pc} + if(ae_pair_unlock()) return -2; + 80039dc: f7ff fac0 bl 8002f60 + 80039e0: b940 cbnz r0, 80039f4 + int rv = ae_hmac32(KEYNUM_pin_stretch, end, end); + 80039e2: 4622 mov r2, r4 + 80039e4: 4621 mov r1, r4 + 80039e6: 2002 movs r0, #2 + 80039e8: f7ff fb02 bl 8002ff0 + RET_IF_BAD(rv); + 80039ec: 2800 cmp r0, #0 + 80039ee: d1f4 bne.n 80039da + for(int i=0; i + if(ae_pair_unlock()) return -2; + 80039f4: f06f 0001 mvn.w r0, #1 + 80039f8: e7ef b.n 80039da + 80039fa: bf00 nop + 80039fc: 08010470 .word 0x08010470 + +08003a00 : +// Apply HMAC using secret in chip as a HMAC key, then encrypt +// the result a little because read in clear over bus. +// + int +ae_mixin_key(uint8_t keynum, const uint8_t start[32], uint8_t end[32]) +{ + 8003a00: b570 push {r4, r5, r6, lr} + 8003a02: b096 sub sp, #88 ; 0x58 + ASSERT(start != end); // we can't work inplace + 8003a04: 4291 cmp r1, r2 +{ + 8003a06: 460e mov r6, r1 + 8003a08: 4614 mov r4, r2 + 8003a0a: f88d 0007 strb.w r0, [sp, #7] + ASSERT(start != end); // we can't work inplace + 8003a0e: d102 bne.n 8003a16 + 8003a10: 4818 ldr r0, [pc, #96] ; (8003a74 ) + 8003a12: f7fd f823 bl 8000a5c + + if(ae_pair_unlock()) return -1; + 8003a16: f7ff faa3 bl 8002f60 + 8003a1a: bb40 cbnz r0, 8003a6e + + ASSERT(keynum != 0); + 8003a1c: f89d 0007 ldrb.w r0, [sp, #7] + 8003a20: 2800 cmp r0, #0 + 8003a22: d0f5 beq.n 8003a10 + int rv = ae_hmac32(keynum, start, end); + 8003a24: 4622 mov r2, r4 + 8003a26: 4631 mov r1, r6 + 8003a28: f7ff fae2 bl 8002ff0 + RET_IF_BAD(rv); + 8003a2c: 4605 mov r5, r0 + 8003a2e: b9d8 cbnz r0, 8003a68 + // use the value provided in cleartext[sic--it's not] write back shortly (to test it). + // Solution: one more SHA256, and to be safe, mixin lots of values! + + SHA256_CTX ctx; + + sha256_init(&ctx); + 8003a30: a803 add r0, sp, #12 + 8003a32: f001 fea9 bl 8005788 + sha256_update(&ctx, rom_secrets->pairing_secret, 32); + 8003a36: 4910 ldr r1, [pc, #64] ; (8003a78 ) + 8003a38: 2220 movs r2, #32 + 8003a3a: a803 add r0, sp, #12 + 8003a3c: f001 feb2 bl 80057a4 + sha256_update(&ctx, start, 32); + 8003a40: 2220 movs r2, #32 + 8003a42: 4631 mov r1, r6 + 8003a44: a803 add r0, sp, #12 + 8003a46: f001 fead bl 80057a4 + sha256_update(&ctx, &keynum, 1); + 8003a4a: 2201 movs r2, #1 + 8003a4c: f10d 0107 add.w r1, sp, #7 + 8003a50: a803 add r0, sp, #12 + 8003a52: f001 fea7 bl 80057a4 + sha256_update(&ctx, end, 32); + 8003a56: 4621 mov r1, r4 + 8003a58: a803 add r0, sp, #12 + 8003a5a: 2220 movs r2, #32 + 8003a5c: f001 fea2 bl 80057a4 + sha256_final(&ctx, end); + 8003a60: 4621 mov r1, r4 + 8003a62: a803 add r0, sp, #12 + 8003a64: f001 fee4 bl 8005830 + + return 0; +} + 8003a68: 4628 mov r0, r5 + 8003a6a: b016 add sp, #88 ; 0x58 + 8003a6c: bd70 pop {r4, r5, r6, pc} + if(ae_pair_unlock()) return -1; + 8003a6e: f04f 35ff mov.w r5, #4294967295 ; 0xffffffff + 8003a72: e7f9 b.n 8003a68 + 8003a74: 08010470 .word 0x08010470 + 8003a78: 0801c000 .word 0x0801c000 + +08003a7c : +// Immediately destroy the pairing secret so that we become +// a useless brick. Ignore errors but retry. +// + void +ae_brick_myself(void) +{ + 8003a7c: b510 push {r4, lr} + for(int retry=0; retry<10; retry++) { + 8003a7e: 2400 movs r4, #0 + ae_reset_chip(); + 8003a80: f7ff f86a bl 8002b58 + + if(retry) rng_delay(); + 8003a84: b10c cbz r4, 8003a8a + 8003a86: f7fe ff51 bl 800292c + + ae_pair_unlock(); + 8003a8a: f7ff fa69 bl 8002f60 + + // Concern: MitM could block this by trashing our write + // - but they have to do it without causing CRC or other comm error + // - ten times + int rv = ae_destroy_key(KEYNUM_pairing); + 8003a8e: 2001 movs r0, #1 + 8003a90: f7ff fe54 bl 800373c + if(rv == 0) break; + 8003a94: b120 cbz r0, 8003aa0 + for(int retry=0; retry<10; retry++) { + 8003a96: 3401 adds r4, #1 + + rng_delay(); + 8003a98: f7fe ff48 bl 800292c + for(int retry=0; retry<10; retry++) { + 8003a9c: 2c0a cmp r4, #10 + 8003a9e: d1ef bne.n 8003a80 + } + + ae_reset_chip(); +} + 8003aa0: e8bd 4010 ldmia.w sp!, {r4, lr} + ae_reset_chip(); + 8003aa4: f7ff b858 b.w 8002b58 + +08003aa8 : +// + void +delay_ms(int ms) +{ + // Clear the COUNTFLAG and reset value to zero + SysTick->VAL = 0; + 8003aa8: f04f 23e0 mov.w r3, #3758153728 ; 0xe000e000 + 8003aac: 2200 movs r2, #0 + 8003aae: 619a str r2, [r3, #24] + //SysTick->CTRL; + + // Wait for ticks to happen + while(ms > 0) { + 8003ab0: 2800 cmp r0, #0 + 8003ab2: dc00 bgt.n 8003ab6 + if(SysTick->CTRL & SysTick_CTRL_COUNTFLAG_Msk) { + ms--; + } + } +} + 8003ab4: 4770 bx lr + if(SysTick->CTRL & SysTick_CTRL_COUNTFLAG_Msk) { + 8003ab6: 691a ldr r2, [r3, #16] + 8003ab8: 03d2 lsls r2, r2, #15 + ms--; + 8003aba: bf48 it mi + 8003abc: f100 30ff addmi.w r0, r0, #4294967295 ; 0xffffffff + 8003ac0: e7f6 b.n 8003ab0 + +08003ac2 : +// Replace HAL version which needs interrupts +// + void +HAL_Delay(uint32_t Delay) +{ + delay_ms(Delay); + 8003ac2: f7ff bff1 b.w 8003aa8 + ... + +08003ac8 : + // NOTES: + // - try not to limit PCB changes for future revs; leave unused unchanged. + // - lcd.c controls some pins as well. + + // enable clock to GPIO's ... we will be using them all at some point + __HAL_RCC_GPIOA_CLK_ENABLE(); + 8003ac8: 4b67 ldr r3, [pc, #412] ; (8003c68 ) +{ + 8003aca: b570 push {r4, r5, r6, lr} + __HAL_RCC_GPIOA_CLK_ENABLE(); + 8003acc: 6cda ldr r2, [r3, #76] ; 0x4c + __HAL_RCC_GPIOC_CLK_ENABLE(); + __HAL_RCC_GPIOD_CLK_ENABLE(); + __HAL_RCC_GPIOE_CLK_ENABLE(); + + { // Onewire bus pins used for ATECC608 comms + GPIO_InitTypeDef setup = { + 8003ace: 4c67 ldr r4, [pc, #412] ; (8003c6c ) + __HAL_RCC_GPIOA_CLK_ENABLE(); + 8003ad0: f042 0201 orr.w r2, r2, #1 + 8003ad4: 64da str r2, [r3, #76] ; 0x4c + 8003ad6: 6cda ldr r2, [r3, #76] ; 0x4c +{ + 8003ad8: b08a sub sp, #40 ; 0x28 + __HAL_RCC_GPIOA_CLK_ENABLE(); + 8003ada: f002 0201 and.w r2, r2, #1 + 8003ade: 9200 str r2, [sp, #0] + 8003ae0: 9a00 ldr r2, [sp, #0] + __HAL_RCC_GPIOB_CLK_ENABLE(); + 8003ae2: 6cda ldr r2, [r3, #76] ; 0x4c + 8003ae4: f042 0202 orr.w r2, r2, #2 + 8003ae8: 64da str r2, [r3, #76] ; 0x4c + 8003aea: 6cda ldr r2, [r3, #76] ; 0x4c + 8003aec: f002 0202 and.w r2, r2, #2 + 8003af0: 9201 str r2, [sp, #4] + 8003af2: 9a01 ldr r2, [sp, #4] + __HAL_RCC_GPIOC_CLK_ENABLE(); + 8003af4: 6cda ldr r2, [r3, #76] ; 0x4c + 8003af6: f042 0204 orr.w r2, r2, #4 + 8003afa: 64da str r2, [r3, #76] ; 0x4c + 8003afc: 6cda ldr r2, [r3, #76] ; 0x4c + 8003afe: f002 0204 and.w r2, r2, #4 + 8003b02: 9202 str r2, [sp, #8] + 8003b04: 9a02 ldr r2, [sp, #8] + __HAL_RCC_GPIOD_CLK_ENABLE(); + 8003b06: 6cda ldr r2, [r3, #76] ; 0x4c + 8003b08: f042 0208 orr.w r2, r2, #8 + 8003b0c: 64da str r2, [r3, #76] ; 0x4c + 8003b0e: 6cda ldr r2, [r3, #76] ; 0x4c + 8003b10: f002 0208 and.w r2, r2, #8 + 8003b14: 9203 str r2, [sp, #12] + 8003b16: 9a03 ldr r2, [sp, #12] + __HAL_RCC_GPIOE_CLK_ENABLE(); + 8003b18: 6cda ldr r2, [r3, #76] ; 0x4c + 8003b1a: f042 0210 orr.w r2, r2, #16 + 8003b1e: 64da str r2, [r3, #76] ; 0x4c + 8003b20: 6cdb ldr r3, [r3, #76] ; 0x4c + 8003b22: f003 0310 and.w r3, r3, #16 + 8003b26: 9304 str r3, [sp, #16] + 8003b28: 9b04 ldr r3, [sp, #16] + GPIO_InitTypeDef setup = { + 8003b2a: cc0f ldmia r4!, {r0, r1, r2, r3} + 8003b2c: ad05 add r5, sp, #20 + 8003b2e: c50f stmia r5!, {r0, r1, r2, r3} + 8003b30: 6823 ldr r3, [r4, #0] + 8003b32: 602b str r3, [r5, #0] + .Mode = GPIO_MODE_AF_OD, + .Pull = GPIO_NOPULL, + .Speed = GPIO_SPEED_FREQ_MEDIUM, + .Alternate = GPIO_AF8_UART4, + }; + HAL_GPIO_Init(ONEWIRE_PORT, &setup); + 8003b34: a905 add r1, sp, #20 + 8003b36: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8003b3a: f7fd fb6d bl 8001218 + } + + // Bugfix: re-init of console port pins seems to wreck + // the mpy uart code, so avoid after first time. + if(USART1->BRR == 0) { + 8003b3e: 4b4c ldr r3, [pc, #304] ; (8003c70 ) + 8003b40: 68de ldr r6, [r3, #12] + 8003b42: b9ae cbnz r6, 8003b70 + // debug console: USART1 = PA9=Tx & PA10=Rx + GPIO_InitTypeDef setup = { + 8003b44: 3404 adds r4, #4 + 8003b46: cc0f ldmia r4!, {r0, r1, r2, r3} + 8003b48: ad05 add r5, sp, #20 + 8003b4a: c50f stmia r5!, {r0, r1, r2, r3} + 8003b4c: 6823 ldr r3, [r4, #0] + 8003b4e: 602b str r3, [r5, #0] + .Mode = GPIO_MODE_AF_PP, + .Pull = GPIO_NOPULL, + .Speed = GPIO_SPEED_FREQ_MEDIUM, + .Alternate = GPIO_AF7_USART1, + }; + HAL_GPIO_Init(GPIOA, &setup); + 8003b50: a905 add r1, sp, #20 + 8003b52: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + 8003b56: f7fd fb5f bl 8001218 + + setup.Pin = GPIO_PIN_10; + 8003b5a: f44f 6380 mov.w r3, #1024 ; 0x400 + setup.Mode = GPIO_MODE_INPUT; + 8003b5e: e9cd 3605 strd r3, r6, [sp, #20] + setup.Pull = GPIO_PULLUP; + HAL_GPIO_Init(GPIOA, &setup); + 8003b62: a905 add r1, sp, #20 + setup.Pull = GPIO_PULLUP; + 8003b64: 2301 movs r3, #1 + HAL_GPIO_Init(GPIOA, &setup); + 8003b66: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + setup.Pull = GPIO_PULLUP; + 8003b6a: 9307 str r3, [sp, #28] + HAL_GPIO_Init(GPIOA, &setup); + 8003b6c: f7fd fb54 bl 8001218 + } + + { // Port B - mostly unused, but want TEAR input and pwr btn + // TEAR from LCD: PB11 + // PWR_BTN: PB12 + GPIO_InitTypeDef setup = { + 8003b70: 2400 movs r4, #0 + // Port C - Outputs + // SD1 active LED: PC7 + // USB active LED: PC6 + // TURN OFF: PC0 + // SD mux: PC13 + { GPIO_InitTypeDef setup = { + 8003b72: 2501 movs r5, #1 + GPIO_InitTypeDef setup = { + 8003b74: f44f 53c0 mov.w r3, #6144 ; 0x1800 + HAL_GPIO_Init(GPIOB, &setup); + 8003b78: a905 add r1, sp, #20 + 8003b7a: 483e ldr r0, [pc, #248] ; (8003c74 ) + GPIO_InitTypeDef setup = { + 8003b7c: 9409 str r4, [sp, #36] ; 0x24 + 8003b7e: e9cd 3405 strd r3, r4, [sp, #20] + 8003b82: e9cd 4407 strd r4, r4, [sp, #28] + HAL_GPIO_Init(GPIOB, &setup); + 8003b86: f7fd fb47 bl 8001218 + { GPIO_InitTypeDef setup = { + 8003b8a: 23c1 movs r3, #193 ; 0xc1 + .Pin = GPIO_PIN_7 | GPIO_PIN_6 | GPIO_PIN_0, GPIO_PIN_13, + .Mode = GPIO_MODE_OUTPUT_PP, + .Pull = GPIO_NOPULL, + .Speed = GPIO_SPEED_FREQ_LOW, + }; + HAL_GPIO_WritePin(GPIOC, GPIO_PIN_0, 0); // keep power on! + 8003b8c: 4622 mov r2, r4 + 8003b8e: 4629 mov r1, r5 + 8003b90: 4839 ldr r0, [pc, #228] ; (8003c78 ) + { GPIO_InitTypeDef setup = { + 8003b92: 9409 str r4, [sp, #36] ; 0x24 + 8003b94: e9cd 3505 strd r3, r5, [sp, #20] + 8003b98: e9cd 4407 strd r4, r4, [sp, #28] + HAL_GPIO_WritePin(GPIOC, GPIO_PIN_0, 0); // keep power on! + 8003b9c: f7fd fcb6 bl 800150c + HAL_GPIO_Init(GPIOC, &setup); + 8003ba0: a905 add r1, sp, #20 + 8003ba2: 4835 ldr r0, [pc, #212] ; (8003c78 ) + 8003ba4: f7fd fb38 bl 8001218 + + // turn LEDs off, SD mux to A + HAL_GPIO_WritePin(GPIOC, GPIO_PIN_7|GPIO_PIN_6|GPIO_PIN_13, 0); + 8003ba8: 4622 mov r2, r4 + 8003baa: 4833 ldr r0, [pc, #204] ; (8003c78 ) + 8003bac: f44f 5103 mov.w r1, #8384 ; 0x20c0 + 8003bb0: f7fd fcac bl 800150c + } + + // Port C - Inputs + // SD card detect switch: PC1 battery/not + { GPIO_InitTypeDef setup = { + 8003bb4: 2210 movs r2, #16 + 8003bb6: 4621 mov r1, r4 + 8003bb8: a806 add r0, sp, #24 + 8003bba: f009 fea3 bl 800d904 + 8003bbe: f242 0302 movw r3, #8194 ; 0x2002 + .Pin = GPIO_PIN_13 | GPIO_PIN_1, + .Mode = GPIO_MODE_INPUT, + .Pull = GPIO_PULLUP, + .Speed = GPIO_SPEED_FREQ_LOW, + }; + HAL_GPIO_Init(GPIOC, &setup); + 8003bc2: a905 add r1, sp, #20 + 8003bc4: 482c ldr r0, [pc, #176] ; (8003c78 ) + { GPIO_InitTypeDef setup = { + 8003bc6: 9305 str r3, [sp, #20] + 8003bc8: 9507 str r5, [sp, #28] + HAL_GPIO_Init(GPIOC, &setup); + 8003bca: f7fd fb25 bl 8001218 + .Pin = GPIO_PIN_0, + .Mode = GPIO_MODE_OUTPUT_PP, + .Pull = GPIO_NOPULL, + .Speed = GPIO_SPEED_FREQ_LOW, + }; + HAL_GPIO_Init(GPIOD, &setup); + 8003bce: a905 add r1, sp, #20 + 8003bd0: 482a ldr r0, [pc, #168] ; (8003c7c ) + { GPIO_InitTypeDef setup = { + 8003bd2: 9409 str r4, [sp, #36] ; 0x24 + 8003bd4: e9cd 4407 strd r4, r4, [sp, #28] + 8003bd8: e9cd 5505 strd r5, r5, [sp, #20] + HAL_GPIO_Init(GPIOD, &setup); + 8003bdc: f7fd fb1c bl 8001218 + + HAL_GPIO_WritePin(GPIOD, GPIO_PIN_0, 0); // turn off + 8003be0: 4622 mov r2, r4 + 8003be2: 4629 mov r1, r5 + 8003be4: 4825 ldr r0, [pc, #148] ; (8003c7c ) + 8003be6: f7fd fc91 bl 800150c + } + + // Port D - Inputs + // SD slots detects: PD3/4 + { GPIO_InitTypeDef setup = { + 8003bea: 2210 movs r2, #16 + 8003bec: 4621 mov r1, r4 + 8003bee: a806 add r0, sp, #24 + 8003bf0: f009 fe88 bl 800d904 + 8003bf4: 2618 movs r6, #24 + .Pin = GPIO_PIN_3 | GPIO_PIN_4, + .Mode = GPIO_MODE_INPUT, + .Pull = GPIO_PULLUP, // required + .Speed = GPIO_SPEED_FREQ_LOW, + }; + HAL_GPIO_Init(GPIOD, &setup); + 8003bf6: a905 add r1, sp, #20 + 8003bf8: 4820 ldr r0, [pc, #128] ; (8003c7c ) + { GPIO_InitTypeDef setup = { + 8003bfa: 9605 str r6, [sp, #20] + 8003bfc: 9507 str r5, [sp, #28] + HAL_GPIO_Init(GPIOD, &setup); + 8003bfe: f7fd fb0b bl 8001218 + .Pin = GPIO_PIN_3 | GPIO_PIN_4, + .Mode = GPIO_MODE_OUTPUT_PP, + .Pull = GPIO_NOPULL, + .Speed = GPIO_SPEED_FREQ_LOW, + }; + HAL_GPIO_Init(GPIOE, &setup); + 8003c02: a905 add r1, sp, #20 + 8003c04: 481e ldr r0, [pc, #120] ; (8003c80 ) + { GPIO_InitTypeDef setup = { + 8003c06: 9409 str r4, [sp, #36] ; 0x24 + 8003c08: e9cd 4407 strd r4, r4, [sp, #28] + 8003c0c: e9cd 6505 strd r6, r5, [sp, #20] + HAL_GPIO_Init(GPIOE, &setup); + 8003c10: f7fd fb02 bl 8001218 + + HAL_GPIO_WritePin(GPIOE, GPIO_PIN_4, 0); // turn off NFC LED + 8003c14: 4622 mov r2, r4 + 8003c16: 481a ldr r0, [pc, #104] ; (8003c80 ) + 8003c18: 2110 movs r1, #16 + 8003c1a: f7fd fc77 bl 800150c + HAL_GPIO_WritePin(GPIOE, GPIO_PIN_3, 1); // turn on Backlight: 100% + 8003c1e: 462a mov r2, r5 + 8003c20: 4817 ldr r0, [pc, #92] ; (8003c80 ) + 8003c22: 2108 movs r1, #8 + 8003c24: f7fd fc72 bl 800150c + + // GPU control: Port E: PE2=G_SWCLK_BOOT0=G_BUSY, PE5=G_CTRL, PE6=G_RESET + // - want open-drain on these outputs, so the SWD debugger can override + // - and PE2 needs to be pull-down input, because active high signal and + // GPU may not be running yet + { GPIO_InitTypeDef setup = { + 8003c28: 2260 movs r2, #96 ; 0x60 + 8003c2a: 2311 movs r3, #17 + .Mode = GPIO_MODE_OUTPUT_OD, + .Pull = GPIO_PULLUP, + .Speed = GPIO_SPEED_FREQ_LOW, + }; + + HAL_GPIO_Init(GPIOE, &setup); + 8003c2c: a905 add r1, sp, #20 + 8003c2e: 4814 ldr r0, [pc, #80] ; (8003c80 ) + { GPIO_InitTypeDef setup = { + 8003c30: 9507 str r5, [sp, #28] + 8003c32: e9cd 2305 strd r2, r3, [sp, #20] + 8003c36: e9cd 4408 strd r4, r4, [sp, #32] + HAL_GPIO_Init(GPIOE, &setup); + 8003c3a: f7fd faed bl 8001218 + + // G_BUSY: input, pull down + setup.Pin = PIN_G_BUSY; + 8003c3e: 2304 movs r3, #4 + 8003c40: 9305 str r3, [sp, #20] + setup.Pull = GPIO_PULLDOWN; + HAL_GPIO_Init(GPIOE, &setup); + 8003c42: a905 add r1, sp, #20 + setup.Pull = GPIO_PULLDOWN; + 8003c44: 2302 movs r3, #2 + HAL_GPIO_Init(GPIOE, &setup); + 8003c46: 480e ldr r0, [pc, #56] ; (8003c80 ) + setup.Pull = GPIO_PULLDOWN; + 8003c48: 9307 str r3, [sp, #28] + HAL_GPIO_Init(GPIOE, &setup); + 8003c4a: f7fd fae5 bl 8001218 + + // assert reset, leave others high + HAL_GPIO_WritePin(GPIOE, PIN_G_CTRL, 1); + 8003c4e: 462a mov r2, r5 + 8003c50: 480b ldr r0, [pc, #44] ; (8003c80 ) + 8003c52: 2120 movs r1, #32 + 8003c54: f7fd fc5a bl 800150c + HAL_GPIO_WritePin(GPIOE, PIN_G_RESET, 0); + 8003c58: 4809 ldr r0, [pc, #36] ; (8003c80 ) + 8003c5a: 4622 mov r2, r4 + 8003c5c: 2140 movs r1, #64 ; 0x40 + 8003c5e: f7fd fc55 bl 800150c + // RCC_MCO1SOURCE_PLLCLK (PLL R output) => (same os SYSCLK) + // RCC_MCO1SOURCE_HSI48 => 48Mhz + // RCC_MCO1SOURCE_HSE => 8Mhz (correct) + __HAL_RCC_MCO1_CONFIG(RCC_MCO1SOURCE_SYSCLK, RCC_MCODIV_1); +#endif +} + 8003c62: b00a add sp, #40 ; 0x28 + 8003c64: bd70 pop {r4, r5, r6, pc} + 8003c66: bf00 nop + 8003c68: 40021000 .word 0x40021000 + 8003c6c: 08010774 .word 0x08010774 + 8003c70: 40013800 .word 0x40013800 + 8003c74: 48000400 .word 0x48000400 + 8003c78: 48000800 .word 0x48000800 + 8003c7c: 48000c00 .word 0x48000c00 + 8003c80: 48001000 .word 0x48001000 + +08003c84 : +// +// Kill system power; instant. +// + void +turn_power_off(void) +{ + 8003c84: b508 push {r3, lr} + gpio_setup(); + 8003c86: f7ff ff1f bl 8003ac8 + + HAL_GPIO_WritePin(GPIOC, GPIO_PIN_0, 1); + 8003c8a: 2201 movs r2, #1 + 8003c8c: 4802 ldr r0, [pc, #8] ; (8003c98 ) + 8003c8e: 4611 mov r1, r2 + 8003c90: f7fd fc3c bl 800150c + + while(1) { + __WFI(); + 8003c94: bf30 wfi + while(1) { + 8003c96: e7fd b.n 8003c94 + 8003c98: 48000800 .word 0x48000800 + +08003c9c : +// Showing a fatal msg to user; power down after a long delay +// or instantly if they touch power btn. Replaces LOCKUP_FOREVER +// + void +q1_wait_powerdown(void) +{ + 8003c9c: b508 push {r3, lr} + gpio_setup(); + 8003c9e: f7ff ff13 bl 8003ac8 + + // wait for release (often problem occurs close to power up) + for(uint32_t i=0; i) + gpio_setup(); + 8003ca4: 2496 movs r4, #150 ; 0x96 + if(HAL_GPIO_ReadPin(GPIOB, GPIO_PIN_12) == 1) { + 8003ca6: f44f 5180 mov.w r1, #4096 ; 0x1000 + 8003caa: 4628 mov r0, r5 + 8003cac: f7fd fc28 bl 8001500 + 8003cb0: 2801 cmp r0, #1 + 8003cb2: d004 beq.n 8003cbe + break; + } + + delay_ms(100); + 8003cb4: 2064 movs r0, #100 ; 0x64 + 8003cb6: f7ff fef7 bl 8003aa8 + for(uint32_t i=0; i + } + + // wait for press + for(uint32_t i=0; i) + gpio_setup(); + 8003cc0: 2496 movs r4, #150 ; 0x96 + if(HAL_GPIO_ReadPin(GPIOB, GPIO_PIN_12) == 0) { + 8003cc2: f44f 5180 mov.w r1, #4096 ; 0x1000 + 8003cc6: 4628 mov r0, r5 + 8003cc8: f7fd fc1a bl 8001500 + 8003ccc: b120 cbz r0, 8003cd8 + break; + } + + delay_ms(100); + 8003cce: 2064 movs r0, #100 ; 0x64 + 8003cd0: f7ff feea bl 8003aa8 + for(uint32_t i=0; i + } + + // turn off power + HAL_GPIO_WritePin(GPIOC, GPIO_PIN_0, 1); + 8003cd8: 2201 movs r2, #1 + 8003cda: 4804 ldr r0, [pc, #16] ; (8003cec ) + 8003cdc: 4611 mov r1, r2 + 8003cde: f7fd fc15 bl 800150c + + // not reached. + while(1) { + __WFI(); + 8003ce2: bf30 wfi + while(1) { + 8003ce4: e7fd b.n 8003ce2 + 8003ce6: bf00 nop + 8003ce8: 48000400 .word 0x48000400 + 8003cec: 48000800 .word 0x48000800 + +08003cf0 : + +// reboot_nonce() +// + static inline void +reboot_nonce(SHA256_CTX *ctx) +{ + 8003cf0: b537 push {r0, r1, r2, r4, r5, lr} + uint32_t a = CRC->INIT; + 8003cf2: 4d09 ldr r5, [pc, #36] ; (8003d18 ) + sha256_update(ctx, (const uint8_t *)&a, 4); + 8003cf4: 2204 movs r2, #4 + uint32_t a = CRC->INIT; + 8003cf6: 692b ldr r3, [r5, #16] + 8003cf8: 9301 str r3, [sp, #4] + sha256_update(ctx, (const uint8_t *)&a, 4); + 8003cfa: eb0d 0102 add.w r1, sp, r2 +{ + 8003cfe: 4604 mov r4, r0 + sha256_update(ctx, (const uint8_t *)&a, 4); + 8003d00: f001 fd50 bl 80057a4 + + a = CRC->POL; + sha256_update(ctx, (const uint8_t *)&a, 4); + 8003d04: 2204 movs r2, #4 + a = CRC->POL; + 8003d06: 696b ldr r3, [r5, #20] + 8003d08: 9301 str r3, [sp, #4] + sha256_update(ctx, (const uint8_t *)&a, 4); + 8003d0a: eb0d 0102 add.w r1, sp, r2 + 8003d0e: 4620 mov r0, r4 + 8003d10: f001 fd48 bl 80057a4 +} + 8003d14: b003 add sp, #12 + 8003d16: bd30 pop {r4, r5, pc} + 8003d18: 40023000 .word 0x40023000 + +08003d1c : +// +// Hash up a string of digits into 32-bytes of goodness. +// + static void +pin_hash(const char *pin, int pin_len, uint8_t result[32], uint32_t purpose) +{ + 8003d1c: b570 push {r4, r5, r6, lr} + 8003d1e: b096 sub sp, #88 ; 0x58 + ASSERT(pin_len <= MAX_PIN_LEN); + 8003d20: 2920 cmp r1, #32 +{ + 8003d22: 4606 mov r6, r0 + 8003d24: 460d mov r5, r1 + 8003d26: 4614 mov r4, r2 + 8003d28: 9301 str r3, [sp, #4] + ASSERT(pin_len <= MAX_PIN_LEN); + 8003d2a: dd02 ble.n 8003d32 + 8003d2c: 4817 ldr r0, [pc, #92] ; (8003d8c ) + 8003d2e: f7fc fe95 bl 8000a5c + + if(pin_len == 0) { + 8003d32: b929 cbnz r1, 8003d40 + // zero-length PIN is considered the "blank" one: all zero + memset(result, 0, 32); + 8003d34: 2220 movs r2, #32 + 8003d36: 4620 mov r0, r4 + 8003d38: f009 fde4 bl 800d904 + // and run that thru SE2 as well + se2_pin_hash(result, purpose); + + // and a second-sha256 on that, just in case. + sha256_single(result, 32, result); +} + 8003d3c: b016 add sp, #88 ; 0x58 + 8003d3e: bd70 pop {r4, r5, r6, pc} + sha256_init(&ctx); + 8003d40: a803 add r0, sp, #12 + 8003d42: f001 fd21 bl 8005788 + sha256_update(&ctx, rom_secrets->hash_cache_secret, 32); + 8003d46: a803 add r0, sp, #12 + 8003d48: 4911 ldr r1, [pc, #68] ; (8003d90 ) + 8003d4a: 2220 movs r2, #32 + 8003d4c: f001 fd2a bl 80057a4 + sha256_update(&ctx, (uint8_t *)&purpose, 4); + 8003d50: 2204 movs r2, #4 + 8003d52: eb0d 0102 add.w r1, sp, r2 + 8003d56: a803 add r0, sp, #12 + 8003d58: f001 fd24 bl 80057a4 + sha256_update(&ctx, (uint8_t *)pin, pin_len); + 8003d5c: 462a mov r2, r5 + 8003d5e: 4631 mov r1, r6 + 8003d60: a803 add r0, sp, #12 + 8003d62: f001 fd1f bl 80057a4 + sha256_update(&ctx, rom_secrets->pairing_secret, 32); + 8003d66: 2220 movs r2, #32 + 8003d68: a803 add r0, sp, #12 + 8003d6a: 490a ldr r1, [pc, #40] ; (8003d94 ) + 8003d6c: f001 fd1a bl 80057a4 + sha256_final(&ctx, result); + 8003d70: 4621 mov r1, r4 + 8003d72: a803 add r0, sp, #12 + 8003d74: f001 fd5c bl 8005830 + se2_pin_hash(result, purpose); + 8003d78: 9901 ldr r1, [sp, #4] + 8003d7a: 4620 mov r0, r4 + 8003d7c: f004 fc24 bl 80085c8 + sha256_single(result, 32, result); + 8003d80: 4622 mov r2, r4 + 8003d82: 2120 movs r1, #32 + 8003d84: 4620 mov r0, r4 + 8003d86: f001 fd67 bl 8005858 + 8003d8a: e7d7 b.n 8003d3c + 8003d8c: 08010470 .word 0x08010470 + 8003d90: 0801c070 .word 0x0801c070 + 8003d94: 0801c000 .word 0x0801c000 + +08003d98 <_hmac_attempt>: +// +// Maybe should be proper HMAC from fips std? Can be changed later. +// + static void +_hmac_attempt(const pinAttempt_t *args, uint8_t result[32]) +{ + 8003d98: b530 push {r4, r5, lr} + 8003d9a: b095 sub sp, #84 ; 0x54 + 8003d9c: 4604 mov r4, r0 + SHA256_CTX ctx; + + sha256_init(&ctx); + 8003d9e: a801 add r0, sp, #4 +{ + 8003da0: 460d mov r5, r1 + sha256_init(&ctx); + 8003da2: f001 fcf1 bl 8005788 + sha256_update(&ctx, rom_secrets->pairing_secret, 32); + 8003da6: 4911 ldr r1, [pc, #68] ; (8003dec <_hmac_attempt+0x54>) + 8003da8: 2220 movs r2, #32 + 8003daa: a801 add r0, sp, #4 + 8003dac: f001 fcfa bl 80057a4 + reboot_nonce(&ctx); + 8003db0: a801 add r0, sp, #4 + 8003db2: f7ff ff9d bl 8003cf0 + sha256_update(&ctx, (uint8_t *)args, offsetof(pinAttempt_t, hmac)); + 8003db6: 2244 movs r2, #68 ; 0x44 + 8003db8: 4621 mov r1, r4 + 8003dba: a801 add r0, sp, #4 + 8003dbc: f001 fcf2 bl 80057a4 + + if(args->magic_value == PA_MAGIC_V2) { + 8003dc0: 6822 ldr r2, [r4, #0] + 8003dc2: 4b0b ldr r3, [pc, #44] ; (8003df0 <_hmac_attempt+0x58>) + 8003dc4: 429a cmp r2, r3 + 8003dc6: d105 bne.n 8003dd4 <_hmac_attempt+0x3c> + sha256_update(&ctx, (uint8_t *)args->cached_main_pin, + 8003dc8: 2220 movs r2, #32 + 8003dca: f104 01f8 add.w r1, r4, #248 ; 0xf8 + 8003dce: a801 add r0, sp, #4 + 8003dd0: f001 fce8 bl 80057a4 + msizeof(pinAttempt_t, cached_main_pin)); + } + + sha256_final(&ctx, result); + 8003dd4: 4629 mov r1, r5 + 8003dd6: a801 add r0, sp, #4 + 8003dd8: f001 fd2a bl 8005830 + + // and a second-sha256 on that, just in case. + sha256_single(result, 32, result); + 8003ddc: 462a mov r2, r5 + 8003dde: 2120 movs r1, #32 + 8003de0: 4628 mov r0, r5 + 8003de2: f001 fd39 bl 8005858 +} + 8003de6: b015 add sp, #84 ; 0x54 + 8003de8: bd30 pop {r4, r5, pc} + 8003dea: bf00 nop + 8003dec: 0801c000 .word 0x0801c000 + 8003df0: 2eaf6312 .word 0x2eaf6312 + +08003df4 <_validate_attempt>: + +// _validate_attempt() +// + static int +_validate_attempt(const pinAttempt_t *args, bool first_time) +{ + 8003df4: b510 push {r4, lr} + 8003df6: 4604 mov r4, r0 + 8003df8: b088 sub sp, #32 + if(first_time) { + 8003dfa: b969 cbnz r1, 8003e18 <_validate_attempt+0x24> + // no hmac needed for setup call + } else { + // if hmac is defined, better be right. + uint8_t actual[32]; + + _hmac_attempt(args, actual); + 8003dfc: 4669 mov r1, sp + 8003dfe: f7ff ffcb bl 8003d98 <_hmac_attempt> + + if(!check_equal(actual, args->hmac, 32)) { + 8003e02: 2220 movs r2, #32 + 8003e04: f104 0144 add.w r1, r4, #68 ; 0x44 + 8003e08: 4668 mov r0, sp + 8003e0a: f7fe fd2a bl 8002862 + 8003e0e: b918 cbnz r0, 8003e18 <_validate_attempt+0x24> + // hmac is wrong? + return EPIN_HMAC_FAIL; + 8003e10: f06f 0063 mvn.w r0, #99 ; 0x63 + if((args->change_flags & CHANGE__MASK) != args->change_flags) return EPIN_RANGE_ERR; + + if((args->is_secondary & 0x1) != args->is_secondary) return EPIN_RANGE_ERR; + + return 0; +} + 8003e14: b008 add sp, #32 + 8003e16: bd10 pop {r4, pc} + if(args->magic_value == PA_MAGIC_V2) { + 8003e18: 6822 ldr r2, [r4, #0] + 8003e1a: 4b10 ldr r3, [pc, #64] ; (8003e5c <_validate_attempt+0x68>) + 8003e1c: 429a cmp r2, r3 + 8003e1e: d117 bne.n 8003e50 <_validate_attempt+0x5c> + if(args->pin_len > MAX_PIN_LEN) return EPIN_RANGE_ERR; + 8003e20: 6aa3 ldr r3, [r4, #40] ; 0x28 + 8003e22: 2b20 cmp r3, #32 + 8003e24: dc17 bgt.n 8003e56 <_validate_attempt+0x62> + if(args->old_pin_len > MAX_PIN_LEN) return EPIN_RANGE_ERR; + 8003e26: f8d4 3088 ldr.w r3, [r4, #136] ; 0x88 + 8003e2a: 2b20 cmp r3, #32 + 8003e2c: dc13 bgt.n 8003e56 <_validate_attempt+0x62> + if(args->new_pin_len > MAX_PIN_LEN) return EPIN_RANGE_ERR; + 8003e2e: f8d4 30ac ldr.w r3, [r4, #172] ; 0xac + 8003e32: 2b20 cmp r3, #32 + 8003e34: dc0f bgt.n 8003e56 <_validate_attempt+0x62> + if((args->change_flags & CHANGE__MASK) != args->change_flags) return EPIN_RANGE_ERR; + 8003e36: 6e63 ldr r3, [r4, #100] ; 0x64 + 8003e38: f640 727f movw r2, #3967 ; 0xf7f + 8003e3c: 4393 bics r3, r2 + 8003e3e: d10a bne.n 8003e56 <_validate_attempt+0x62> + if((args->is_secondary & 0x1) != args->is_secondary) return EPIN_RANGE_ERR; + 8003e40: 6863 ldr r3, [r4, #4] + return 0; + 8003e42: f033 0301 bics.w r3, r3, #1 + 8003e46: bf14 ite ne + 8003e48: f06f 0066 mvnne.w r0, #102 ; 0x66 + 8003e4c: 2000 moveq r0, #0 + 8003e4e: e7e1 b.n 8003e14 <_validate_attempt+0x20> + return EPIN_BAD_MAGIC; + 8003e50: f06f 0065 mvn.w r0, #101 ; 0x65 + 8003e54: e7de b.n 8003e14 <_validate_attempt+0x20> + if((args->is_secondary & 0x1) != args->is_secondary) return EPIN_RANGE_ERR; + 8003e56: f06f 0066 mvn.w r0, #102 ; 0x66 + 8003e5a: e7db b.n 8003e14 <_validate_attempt+0x20> + 8003e5c: 2eaf6312 .word 0x2eaf6312 + +08003e60 : + +// warmup_ae() +// + static int +warmup_ae(void) +{ + 8003e60: b510 push {r4, lr} + ae_setup(); + 8003e62: f7fe fe87 bl 8002b74 + 8003e66: 2405 movs r4, #5 + + for(int retry=0; retry<5; retry++) { + if(!ae_probe()) break; + 8003e68: f7ff f90c bl 8003084 + 8003e6c: b108 cbz r0, 8003e72 + for(int retry=0; retry<5; retry++) { + 8003e6e: 3c01 subs r4, #1 + 8003e70: d1fa bne.n 8003e68 + } + + if(ae_pair_unlock()) return -1; + 8003e72: f7ff f875 bl 8002f60 + 8003e76: 4604 mov r4, r0 + 8003e78: b918 cbnz r0, 8003e82 + + // reset watchdog timer + ae_keep_alive(); + 8003e7a: f7fe fead bl 8002bd8 + + return 0; +} + 8003e7e: 4620 mov r0, r4 + 8003e80: bd10 pop {r4, pc} + if(ae_pair_unlock()) return -1; + 8003e82: f04f 34ff mov.w r4, #4294967295 ; 0xffffffff + 8003e86: e7fa b.n 8003e7e + +08003e88 <_read_slot_as_counter>: +{ + 8003e88: b530 push {r4, r5, lr} + 8003e8a: b091 sub sp, #68 ; 0x44 + uint32_t padded[32/4] = { 0 }; + 8003e8c: 2220 movs r2, #32 +{ + 8003e8e: 4604 mov r4, r0 + 8003e90: 460d mov r5, r1 + uint32_t padded[32/4] = { 0 }; + 8003e92: 4668 mov r0, sp + 8003e94: 2100 movs r1, #0 + 8003e96: f009 fd35 bl 800d904 + ae_pair_unlock(); + 8003e9a: f7ff f861 bl 8002f60 + if(ae_read_data_slot(slot, (uint8_t *)padded, 32)) return -1; + 8003e9e: 2220 movs r2, #32 + 8003ea0: 4669 mov r1, sp + 8003ea2: 4620 mov r0, r4 + 8003ea4: f7ff fba2 bl 80035ec + 8003ea8: b120 cbz r0, 8003eb4 <_read_slot_as_counter+0x2c> + 8003eaa: f04f 34ff mov.w r4, #4294967295 ; 0xffffffff +} + 8003eae: 4620 mov r0, r4 + 8003eb0: b011 add sp, #68 ; 0x44 + 8003eb2: bd30 pop {r4, r5, pc} + ae_pair_unlock(); + 8003eb4: f7ff f854 bl 8002f60 + if(ae_gendig_slot(slot, (const uint8_t *)padded, tempkey)) return -1; + 8003eb8: 4620 mov r0, r4 + 8003eba: aa08 add r2, sp, #32 + 8003ebc: 4669 mov r1, sp + 8003ebe: f7ff f96f bl 80031a0 + 8003ec2: 4604 mov r4, r0 + 8003ec4: 2800 cmp r0, #0 + 8003ec6: d1f0 bne.n 8003eaa <_read_slot_as_counter+0x22> + if(!ae_is_correct_tempkey(tempkey)) fatal_mitm(); + 8003ec8: a808 add r0, sp, #32 + 8003eca: f7fe ff79 bl 8002dc0 + 8003ece: b908 cbnz r0, 8003ed4 <_read_slot_as_counter+0x4c> + 8003ed0: f7fc fdce bl 8000a70 + *dest = padded[0]; + 8003ed4: 9b00 ldr r3, [sp, #0] + 8003ed6: 602b str r3, [r5, #0] + return 0; + 8003ed8: e7e9 b.n 8003eae <_read_slot_as_counter+0x26> + +08003eda : +{ + 8003eda: b530 push {r4, r5, lr} + 8003edc: b095 sub sp, #84 ; 0x54 + 8003ede: 4605 mov r5, r0 + ae_pair_unlock(); + 8003ee0: f7ff f83e bl 8002f60 + uint32_t padded[32/4] = { 0 }; + 8003ee4: 2220 movs r2, #32 + 8003ee6: 2100 movs r1, #0 + 8003ee8: a804 add r0, sp, #16 + 8003eea: f009 fd0b bl 800d904 + if(ae_read_data_slot(slot, (uint8_t *)padded, 32)) return -1; + 8003eee: 2220 movs r2, #32 + 8003ef0: a904 add r1, sp, #16 + 8003ef2: 2005 movs r0, #5 + 8003ef4: f7ff fb7a bl 80035ec + 8003ef8: b118 cbz r0, 8003f02 + 8003efa: f04f 30ff mov.w r0, #4294967295 ; 0xffffffff +} + 8003efe: b015 add sp, #84 ; 0x54 + 8003f00: bd30 pop {r4, r5, pc} + ae_pair_unlock(); + 8003f02: f7ff f82d bl 8002f60 + if(ae_gendig_slot(slot, (const uint8_t *)padded, tempkey)) return -1; + 8003f06: aa0c add r2, sp, #48 ; 0x30 + 8003f08: a904 add r1, sp, #16 + 8003f0a: 2005 movs r0, #5 + 8003f0c: f7ff f948 bl 80031a0 + 8003f10: 4604 mov r4, r0 + 8003f12: 2800 cmp r0, #0 + 8003f14: d1f1 bne.n 8003efa + if(!ae_is_correct_tempkey(tempkey)) fatal_mitm(); + 8003f16: a80c add r0, sp, #48 ; 0x30 + 8003f18: f7fe ff52 bl 8002dc0 + 8003f1c: b908 cbnz r0, 8003f22 + 8003f1e: f7fc fda7 bl 8000a70 + if(_read_slot_as_counter(KEYNUM_lastgood, &lastgood)) return -1; + 8003f22: a901 add r1, sp, #4 + 8003f24: 2005 movs r0, #5 + uint32_t lastgood=0, match_count=0, counter=0; + 8003f26: e9cd 4401 strd r4, r4, [sp, #4] + 8003f2a: 9403 str r4, [sp, #12] + if(_read_slot_as_counter(KEYNUM_lastgood, &lastgood)) return -1; + 8003f2c: f7ff ffac bl 8003e88 <_read_slot_as_counter> + 8003f30: 2800 cmp r0, #0 + 8003f32: d1e2 bne.n 8003efa + if(_read_slot_as_counter(KEYNUM_match_count, &match_count)) return -1; + 8003f34: a902 add r1, sp, #8 + 8003f36: 2006 movs r0, #6 + 8003f38: f7ff ffa6 bl 8003e88 <_read_slot_as_counter> + 8003f3c: 4601 mov r1, r0 + 8003f3e: 2800 cmp r0, #0 + 8003f40: d1db bne.n 8003efa + if(ae_get_counter(&counter, 0)) return -1; + 8003f42: a803 add r0, sp, #12 + 8003f44: f7ff fa07 bl 8003356 + 8003f48: 2800 cmp r0, #0 + 8003f4a: d1d6 bne.n 8003efa + if(lastgood > counter) { + 8003f4c: 9a01 ldr r2, [sp, #4] + 8003f4e: 9903 ldr r1, [sp, #12] + match_count &= ~31; + 8003f50: 9b02 ldr r3, [sp, #8] + if(lastgood > counter) { + 8003f52: 428a cmp r2, r1 + match_count &= ~31; + 8003f54: f023 031f bic.w r3, r3, #31 + args->num_fails = counter - lastgood; + 8003f58: bf94 ite ls + 8003f5a: 1a8a subls r2, r1, r2 + args->num_fails = 99; + 8003f5c: 2263 movhi r2, #99 ; 0x63 + if(counter < match_count) { + 8003f5e: 4299 cmp r1, r3 + args->attempts_left = match_count - counter; + 8003f60: bf34 ite cc + 8003f62: 1a5b subcc r3, r3, r1 + args->attempts_left = 0; + 8003f64: 2300 movcs r3, #0 + 8003f66: 636a str r2, [r5, #52] ; 0x34 + 8003f68: 63ab str r3, [r5, #56] ; 0x38 + 8003f6a: e7c8 b.n 8003efe + +08003f6c : + +// updates_for_good_login() +// + static int +updates_for_good_login(uint8_t digest[32]) +{ + 8003f6c: b5f0 push {r4, r5, r6, r7, lr} + 8003f6e: b08d sub sp, #52 ; 0x34 + // User got the main PIN right: update the attempt counters, + // to document this (lastgood) and also bump the match counter if needed + + uint32_t count; + int rv = ae_get_counter(&count, 0); + 8003f70: 2100 movs r1, #0 +{ + 8003f72: 4606 mov r6, r0 + int rv = ae_get_counter(&count, 0); + 8003f74: a802 add r0, sp, #8 + 8003f76: f7ff f9ee bl 8003356 + if(rv) goto fail; + 8003f7a: 4601 mov r1, r0 + 8003f7c: 2800 cmp r0, #0 + 8003f7e: d13b bne.n 8003ff8 + + // Challenge: Have to update both the counter, and the target match value because + // no other way to have exact value. + + uint32_t mc = (count + MAX_TARGET_ATTEMPTS + 32) & ~31; + 8003f80: 9b02 ldr r3, [sp, #8] + 8003f82: f103 042d add.w r4, r3, #45 ; 0x2d + 8003f86: f024 041f bic.w r4, r4, #31 + ASSERT(mc >= count); + 8003f8a: 42a3 cmp r3, r4 + 8003f8c: d902 bls.n 8003f94 + 8003f8e: 481d ldr r0, [pc, #116] ; (8004004 ) + 8003f90: f7fc fd64 bl 8000a5c + + int bump = (mc - MAX_TARGET_ATTEMPTS) - count; + 8003f94: 1ae3 subs r3, r4, r3 + 8003f96: f1a3 050d sub.w r5, r3, #13 + ASSERT(bump >= 1); + 8003f9a: 3b0e subs r3, #14 + 8003f9c: 2b1f cmp r3, #31 + 8003f9e: d8f6 bhi.n 8003f8e + // Would rather update the counter first, so that a hostile interruption can't increase + // attempts (altho the attacker knows the pin at that point?!) .. but chip won't + // let the counter go past the match value, so that has to be first. + + // set the new "match count" + { uint32_t tmp[32/4] = {mc, mc} ; + 8003fa0: 2218 movs r2, #24 + 8003fa2: eb0d 0002 add.w r0, sp, r2 + rv = ae_encrypted_write(KEYNUM_match_count, KEYNUM_main_pin, digest, (void *)tmp, 32); + 8003fa6: 2720 movs r7, #32 + { uint32_t tmp[32/4] = {mc, mc} ; + 8003fa8: f009 fcac bl 800d904 + rv = ae_encrypted_write(KEYNUM_match_count, KEYNUM_main_pin, digest, (void *)tmp, 32); + 8003fac: 2103 movs r1, #3 + 8003fae: 9700 str r7, [sp, #0] + 8003fb0: ab04 add r3, sp, #16 + 8003fb2: 4632 mov r2, r6 + 8003fb4: 2006 movs r0, #6 + { uint32_t tmp[32/4] = {mc, mc} ; + 8003fb6: e9cd 4404 strd r4, r4, [sp, #16] + rv = ae_encrypted_write(KEYNUM_match_count, KEYNUM_main_pin, digest, (void *)tmp, 32); + 8003fba: f7ff fae1 bl 8003580 + if(rv) goto fail; + 8003fbe: 4601 mov r1, r0 + 8003fc0: b9d0 cbnz r0, 8003ff8 + } + + // incr the counter a bunch to get to that-13 + uint32_t new_count = 0; + 8003fc2: 9003 str r0, [sp, #12] + rv = ae_add_counter(&new_count, 0, bump); + 8003fc4: 462a mov r2, r5 + 8003fc6: a803 add r0, sp, #12 + 8003fc8: f7ff f9e4 bl 8003394 + if(rv) goto fail; + 8003fcc: 4601 mov r1, r0 + 8003fce: b998 cbnz r0, 8003ff8 + + ASSERT(new_count == count + bump); + 8003fd0: 9b02 ldr r3, [sp, #8] + 8003fd2: 441d add r5, r3 + 8003fd4: 9b03 ldr r3, [sp, #12] + 8003fd6: 429d cmp r5, r3 + 8003fd8: d1d9 bne.n 8003f8e + ASSERT(mc > new_count); + 8003fda: 42a5 cmp r5, r4 + 8003fdc: d2d7 bcs.n 8003f8e + + // Update the "last good" counter + { uint32_t tmp[32/4] = {new_count, 0 }; + 8003fde: 221c movs r2, #28 + 8003fe0: a805 add r0, sp, #20 + 8003fe2: f009 fc8f bl 800d904 + rv = ae_encrypted_write(KEYNUM_lastgood, KEYNUM_main_pin, digest, (void *)tmp, 32); + 8003fe6: 9700 str r7, [sp, #0] + 8003fe8: ab04 add r3, sp, #16 + 8003fea: 4632 mov r2, r6 + 8003fec: 2103 movs r1, #3 + 8003fee: 2005 movs r0, #5 + { uint32_t tmp[32/4] = {new_count, 0 }; + 8003ff0: 9504 str r5, [sp, #16] + rv = ae_encrypted_write(KEYNUM_lastgood, KEYNUM_main_pin, digest, (void *)tmp, 32); + 8003ff2: f7ff fac5 bl 8003580 + if(rv) goto fail; + 8003ff6: b118 cbz r0, 8004000 + // just be reducing attempts. + + return 0; + +fail: + ae_reset_chip(); + 8003ff8: f7fe fdae bl 8002b58 + return EPIN_AE_FAIL; + 8003ffc: f06f 0069 mvn.w r0, #105 ; 0x69 +} + 8004000: b00d add sp, #52 ; 0x34 + 8004002: bdf0 pop {r4, r5, r6, r7, pc} + 8004004: 08010470 .word 0x08010470 + +08004008 : +{ + 8004008: b5f0 push {r4, r5, r6, r7, lr} + 800400a: 4615 mov r5, r2 + 800400c: b089 sub sp, #36 ; 0x24 + if(pin_len == 0) { + 800400e: 460c mov r4, r1 + 8004010: b931 cbnz r1, 8004020 + memset(result, 0, 32); + 8004012: 2220 movs r2, #32 + 8004014: 4628 mov r0, r5 + 8004016: f009 fc75 bl 800d904 +} + 800401a: 4620 mov r0, r4 + 800401c: b009 add sp, #36 ; 0x24 + 800401e: bdf0 pop {r4, r5, r6, r7, pc} + pin_hash(pin, pin_len, tmp, PIN_PURPOSE_NORMAL); + 8004020: 4b0f ldr r3, [pc, #60] ; (8004060 ) + 8004022: 466a mov r2, sp + 8004024: f7ff fe7a bl 8003d1c + int rv = ae_stretch_iter(tmp, result, KDF_ITER_PIN); + 8004028: 2208 movs r2, #8 + 800402a: 4629 mov r1, r5 + 800402c: 4668 mov r0, sp + 800402e: f7ff fcbf bl 80039b0 + if(rv) return EPIN_AE_FAIL; + 8004032: 4604 mov r4, r0 + 8004034: b988 cbnz r0, 800405a + memcpy(tmp, result, 32); + 8004036: 462b mov r3, r5 + 8004038: 466e mov r6, sp + 800403a: f105 0720 add.w r7, r5, #32 + 800403e: 6818 ldr r0, [r3, #0] + 8004040: 6859 ldr r1, [r3, #4] + 8004042: 4632 mov r2, r6 + 8004044: c203 stmia r2!, {r0, r1} + 8004046: 3308 adds r3, #8 + 8004048: 42bb cmp r3, r7 + 800404a: 4616 mov r6, r2 + 800404c: d1f7 bne.n 800403e + ae_mixin_key(KEYNUM_pin_attempt, tmp, result); + 800404e: 462a mov r2, r5 + 8004050: 4669 mov r1, sp + 8004052: 2004 movs r0, #4 + 8004054: f7ff fcd4 bl 8003a00 + return 0; + 8004058: e7df b.n 800401a + if(rv) return EPIN_AE_FAIL; + 800405a: f06f 0469 mvn.w r4, #105 ; 0x69 + 800405e: e7dc b.n 800401a + 8004060: 334d1858 .word 0x334d1858 + +08004064 : +set_is_trick(pinAttempt_t *args, const trick_slot_t *slot) + 8004064: b5f0 push {r4, r5, r6, r7, lr} + args->delay_achieved = slot->tc_arg; + 8004066: 88cb ldrh r3, [r1, #6] + 8004068: 62c3 str r3, [r0, #44] ; 0x2c +set_is_trick(pinAttempt_t *args, const trick_slot_t *slot) + 800406a: f5ad 7d0d sub.w sp, sp, #564 ; 0x234 + memcpy(key, &args->private_state, sizeof(args->private_state)); + 800406e: 6c03 ldr r3, [r0, #64] ; 0x40 + memcpy(key+4, rom_secrets->hash_cache_secret+4, sizeof(rom_secrets->hash_cache_secret)-4); + 8004070: 4d0f ldr r5, [pc, #60] ; (80040b0 ) + memcpy(key, &args->private_state, sizeof(args->private_state)); + 8004072: 9303 str r3, [sp, #12] +set_is_trick(pinAttempt_t *args, const trick_slot_t *slot) + 8004074: 4606 mov r6, r0 + 8004076: 460f mov r7, r1 + memcpy(key+4, rom_secrets->hash_cache_secret+4, sizeof(rom_secrets->hash_cache_secret)-4); + 8004078: cd0f ldmia r5!, {r0, r1, r2, r3} + 800407a: ac04 add r4, sp, #16 + 800407c: c40f stmia r4!, {r0, r1, r2, r3} + 800407e: e895 0007 ldmia.w r5, {r0, r1, r2} + 8004082: e884 0007 stmia.w r4, {r0, r1, r2} + aes_init(&ctx); + 8004086: a80b add r0, sp, #44 ; 0x2c + 8004088: f004 fb4c bl 8008724 + aes_add(&ctx, (uint8_t *)slot, 32); + 800408c: 4639 mov r1, r7 + 800408e: a80b add r0, sp, #44 ; 0x2c + 8004090: 2220 movs r2, #32 + 8004092: f004 fb4d bl 8008730 + aes_done(&ctx, args->cached_main_pin, 32, key, NULL); + 8004096: 2300 movs r3, #0 + 8004098: 9300 str r3, [sp, #0] + 800409a: 2220 movs r2, #32 + 800409c: ab03 add r3, sp, #12 + 800409e: f106 01f8 add.w r1, r6, #248 ; 0xf8 + 80040a2: a80b add r0, sp, #44 ; 0x2c + 80040a4: f004 fb5a bl 800875c +} + 80040a8: f50d 7d0d add.w sp, sp, #564 ; 0x234 + 80040ac: bdf0 pop {r4, r5, r6, r7, pc} + 80040ae: bf00 nop + 80040b0: 0801c074 .word 0x0801c074 + +080040b4 : + __HAL_RCC_CRC_CLK_ENABLE(); + 80040b4: 4b09 ldr r3, [pc, #36] ; (80040dc ) + 80040b6: 6c9a ldr r2, [r3, #72] ; 0x48 +{ + 80040b8: b513 push {r0, r1, r4, lr} + __HAL_RCC_CRC_CLK_ENABLE(); + 80040ba: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 80040be: 649a str r2, [r3, #72] ; 0x48 + 80040c0: 6c9b ldr r3, [r3, #72] ; 0x48 + CRC->INIT = rng_sample(); + 80040c2: 4c07 ldr r4, [pc, #28] ; (80040e0 ) + __HAL_RCC_CRC_CLK_ENABLE(); + 80040c4: f403 5380 and.w r3, r3, #4096 ; 0x1000 + 80040c8: 9301 str r3, [sp, #4] + 80040ca: 9b01 ldr r3, [sp, #4] + CRC->INIT = rng_sample(); + 80040cc: f7fe fbda bl 8002884 + 80040d0: 6120 str r0, [r4, #16] + CRC->POL = rng_sample(); + 80040d2: f7fe fbd7 bl 8002884 + 80040d6: 6160 str r0, [r4, #20] +} + 80040d8: b002 add sp, #8 + 80040da: bd10 pop {r4, pc} + 80040dc: 40021000 .word 0x40021000 + 80040e0: 40023000 .word 0x40023000 + +080040e4 : +{ + 80040e4: b510 push {r4, lr} + 80040e6: b094 sub sp, #80 ; 0x50 + 80040e8: 4604 mov r4, r0 + sha256_init(&ctx); + 80040ea: a801 add r0, sp, #4 + 80040ec: f001 fb4c bl 8005788 + reboot_nonce(&ctx); + 80040f0: a801 add r0, sp, #4 + 80040f2: f7ff fdfd bl 8003cf0 + sha256_update(&ctx, rom_secrets->hash_cache_secret, 32); + 80040f6: 2220 movs r2, #32 + 80040f8: a801 add r0, sp, #4 + 80040fa: 4904 ldr r1, [pc, #16] ; (800410c ) + 80040fc: f001 fb52 bl 80057a4 + sha256_final(&ctx, key); + 8004100: 4621 mov r1, r4 + 8004102: a801 add r0, sp, #4 + 8004104: f001 fb94 bl 8005830 +} + 8004108: b014 add sp, #80 ; 0x50 + 800410a: bd10 pop {r4, pc} + 800410c: 0801c070 .word 0x0801c070 + +08004110 : +{ + 8004110: b530 push {r4, r5, lr} + 8004112: 460d mov r5, r1 + 8004114: b089 sub sp, #36 ; 0x24 + 8004116: 4604 mov r4, r0 + if(!check_all_zeros(digest, 32)) { + 8004118: 2120 movs r1, #32 + 800411a: 4628 mov r0, r5 + 800411c: f7fe fb92 bl 8002844 + 8004120: b9a0 cbnz r0, 800414c + pin_cache_get_key(value); + 8004122: 4668 mov r0, sp + 8004124: f7ff ffde bl 80040e4 + 8004128: 466b mov r3, sp + 800412a: f105 0120 add.w r1, r5, #32 + *(acc) ^= *(more); + 800412e: 781a ldrb r2, [r3, #0] + 8004130: f815 0b01 ldrb.w r0, [r5], #1 + 8004134: 4042 eors r2, r0 + for(; len; len--, more++, acc++) { + 8004136: 428d cmp r5, r1 + *(acc) ^= *(more); + 8004138: f803 2b01 strb.w r2, [r3], #1 + for(; len; len--, more++, acc++) { + 800413c: d1f7 bne.n 800412e + ASSERT(args->magic_value == PA_MAGIC_V2); + 800413e: 6822 ldr r2, [r4, #0] + 8004140: 4b0d ldr r3, [pc, #52] ; (8004178 ) + 8004142: 429a cmp r2, r3 + 8004144: d008 beq.n 8004158 + 8004146: 480d ldr r0, [pc, #52] ; (800417c ) + 8004148: f7fc fc88 bl 8000a5c + memset(value, 0, 32); + 800414c: 2220 movs r2, #32 + 800414e: 2100 movs r1, #0 + 8004150: 4668 mov r0, sp + 8004152: f009 fbd7 bl 800d904 + 8004156: e7f2 b.n 800413e + memcpy(args->cached_main_pin, value, 32); + 8004158: 466b mov r3, sp + 800415a: f104 02f8 add.w r2, r4, #248 ; 0xf8 + 800415e: ad08 add r5, sp, #32 + 8004160: 461c mov r4, r3 + 8004162: cc03 ldmia r4!, {r0, r1} + 8004164: 42ac cmp r4, r5 + 8004166: 6010 str r0, [r2, #0] + 8004168: 6051 str r1, [r2, #4] + 800416a: 4623 mov r3, r4 + 800416c: f102 0208 add.w r2, r2, #8 + 8004170: d1f6 bne.n 8004160 +} + 8004172: b009 add sp, #36 ; 0x24 + 8004174: bd30 pop {r4, r5, pc} + 8004176: bf00 nop + 8004178: 2eaf6312 .word 0x2eaf6312 + 800417c: 08010470 .word 0x08010470 + +08004180 : +{ + 8004180: b510 push {r4, lr} + ASSERT(args->magic_value == PA_MAGIC_V2); + 8004182: 6802 ldr r2, [r0, #0] + 8004184: 4b14 ldr r3, [pc, #80] ; (80041d8 ) + 8004186: 429a cmp r2, r3 +{ + 8004188: b088 sub sp, #32 + 800418a: 460c mov r4, r1 + ASSERT(args->magic_value == PA_MAGIC_V2); + 800418c: d002 beq.n 8004194 + 800418e: 4813 ldr r0, [pc, #76] ; (80041dc ) + 8004190: f7fc fc64 bl 8000a5c + memcpy(digest, args->cached_main_pin, 32); + 8004194: f100 03f8 add.w r3, r0, #248 ; 0xf8 + 8004198: 460a mov r2, r1 + 800419a: f500 708c add.w r0, r0, #280 ; 0x118 + 800419e: f853 1b04 ldr.w r1, [r3], #4 + 80041a2: f842 1b04 str.w r1, [r2], #4 + 80041a6: 4283 cmp r3, r0 + 80041a8: d1f9 bne.n 800419e + if(!check_all_zeros(digest, 32)) { + 80041aa: 2120 movs r1, #32 + 80041ac: 4620 mov r0, r4 + 80041ae: f7fe fb49 bl 8002844 + 80041b2: b970 cbnz r0, 80041d2 + pin_cache_get_key(key); + 80041b4: 4668 mov r0, sp + 80041b6: f7ff ff95 bl 80040e4 + 80041ba: 1e62 subs r2, r4, #1 + 80041bc: 466b mov r3, sp + 80041be: 341f adds r4, #31 + *(acc) ^= *(more); + 80041c0: f812 1f01 ldrb.w r1, [r2, #1]! + 80041c4: f813 0b01 ldrb.w r0, [r3], #1 + for(; len; len--, more++, acc++) { + 80041c8: 42a2 cmp r2, r4 + *(acc) ^= *(more); + 80041ca: ea81 0100 eor.w r1, r1, r0 + 80041ce: 7011 strb r1, [r2, #0] + for(; len; len--, more++, acc++) { + 80041d0: d1f6 bne.n 80041c0 +} + 80041d2: b008 add sp, #32 + 80041d4: bd10 pop {r4, pc} + 80041d6: bf00 nop + 80041d8: 2eaf6312 .word 0x2eaf6312 + 80041dc: 08010470 .word 0x08010470 + +080041e0 : +{ + 80041e0: b530 push {r4, r5, lr} + 80041e2: b091 sub sp, #68 ; 0x44 + pin_hash(pin_prefix, prefix_len, tmp, PIN_PURPOSE_WORDS); + 80041e4: 4b0b ldr r3, [pc, #44] ; (8004214 ) +{ + 80041e6: 4615 mov r5, r2 + pin_hash(pin_prefix, prefix_len, tmp, PIN_PURPOSE_WORDS); + 80041e8: 466a mov r2, sp + 80041ea: f7ff fd97 bl 8003d1c + ae_setup(); + 80041ee: f7fe fcc1 bl 8002b74 + int rv = ae_stretch_iter(tmp, digest, KDF_ITER_WORDS); + 80041f2: 2206 movs r2, #6 + 80041f4: a908 add r1, sp, #32 + 80041f6: 4668 mov r0, sp + 80041f8: f7ff fbda bl 80039b0 + 80041fc: 4604 mov r4, r0 + ae_reset_chip(); + 80041fe: f7fe fcab bl 8002b58 + if(rv) return -1; + 8004202: b924 cbnz r4, 800420e + memcpy(result, digest, 4); + 8004204: 9b08 ldr r3, [sp, #32] + 8004206: 602b str r3, [r5, #0] +} + 8004208: 4620 mov r0, r4 + 800420a: b011 add sp, #68 ; 0x44 + 800420c: bd30 pop {r4, r5, pc} + if(rv) return -1; + 800420e: f04f 34ff mov.w r4, #4294967295 ; 0xffffffff + 8004212: e7f9 b.n 8004208 + 8004214: 2e6d6773 .word 0x2e6d6773 + +08004218 : +} + 8004218: 2000 movs r0, #0 + 800421a: 4770 bx lr + +0800421c : +{ + 800421c: b5f0 push {r4, r5, r6, r7, lr} + int rv = _validate_attempt(args, true); + 800421e: 2101 movs r1, #1 +{ + 8004220: b091 sub sp, #68 ; 0x44 + 8004222: 4605 mov r5, r0 + int rv = _validate_attempt(args, true); + 8004224: f7ff fde6 bl 8003df4 <_validate_attempt> + if(rv) return rv; + 8004228: 4604 mov r4, r0 + 800422a: bb28 cbnz r0, 8004278 + if(args->is_secondary) { + 800422c: 686b ldr r3, [r5, #4] + 800422e: 2b00 cmp r3, #0 + 8004230: d158 bne.n 80042e4 + int pin_len = args->pin_len; + 8004232: 6aaf ldr r7, [r5, #40] ; 0x28 + memcpy(pin_copy, args->pin, pin_len); + 8004234: f105 0608 add.w r6, r5, #8 + 8004238: 463a mov r2, r7 + 800423a: 4631 mov r1, r6 + 800423c: 4668 mov r0, sp + 800423e: f009 fb53 bl 800d8e8 + memset(args, 0, PIN_ATTEMPT_SIZE_V2); + 8004242: f44f 728c mov.w r2, #280 ; 0x118 + 8004246: 4621 mov r1, r4 + 8004248: 4628 mov r0, r5 + 800424a: f009 fb5b bl 800d904 + args->magic_value = PA_MAGIC_V2; + 800424e: 4b28 ldr r3, [pc, #160] ; (80042f0 ) + 8004250: 602b str r3, [r5, #0] + memcpy(args->pin, pin_copy, pin_len); + 8004252: 463a mov r2, r7 + 8004254: 4669 mov r1, sp + args->pin_len = pin_len; + 8004256: 62af str r7, [r5, #40] ; 0x28 + memcpy(args->pin, pin_copy, pin_len); + 8004258: 4630 mov r0, r6 + 800425a: f009 fb45 bl 800d8e8 + if(warmup_ae()) { + 800425e: f7ff fdff bl 8003e60 + 8004262: 2800 cmp r0, #0 + 8004264: d141 bne.n 80042ea + if(get_last_success(args)) { + 8004266: 4628 mov r0, r5 + 8004268: f7ff fe37 bl 8003eda + 800426c: 4604 mov r4, r0 + 800426e: b130 cbz r0, 800427e + ae_reset_chip(); + 8004270: f7fe fc72 bl 8002b58 + return EPIN_AE_FAIL; + 8004274: f06f 0469 mvn.w r4, #105 ; 0x69 +} + 8004278: 4620 mov r0, r4 + 800427a: b011 add sp, #68 ; 0x44 + 800427c: bdf0 pop {r4, r5, r6, r7, pc} + uint8_t blank[32] = {0}; + 800427e: 4601 mov r1, r0 + 8004280: 221c movs r2, #28 + args->delay_achieved = 0; + 8004282: e9c5 000b strd r0, r0, [r5, #44] ; 0x2c + uint8_t blank[32] = {0}; + 8004286: 9008 str r0, [sp, #32] + 8004288: a809 add r0, sp, #36 ; 0x24 + 800428a: f009 fb3b bl 800d904 + ae_reset_chip(); + 800428e: f7fe fc63 bl 8002b58 + ae_pair_unlock(); + 8004292: f7fe fe65 bl 8002f60 + int is_blank = (ae_checkmac_hard(keynum, blank) == 0); + 8004296: a908 add r1, sp, #32 + 8004298: 2003 movs r0, #3 + 800429a: f7fe ffef bl 800327c + 800429e: 4606 mov r6, r0 + ae_reset_chip(); + 80042a0: f7fe fc5a bl 8002b58 + if(pin_is_blank(KEYNUM_main_pin)) { + 80042a4: b9c6 cbnz r6, 80042d8 + args->state_flags |= PA_SUCCESSFUL | PA_IS_BLANK; + 80042a6: 6beb ldr r3, [r5, #60] ; 0x3c + const uint8_t zeros[32] = {0}; + 80042a8: 9408 str r4, [sp, #32] + args->state_flags |= PA_SUCCESSFUL | PA_IS_BLANK; + 80042aa: f043 0303 orr.w r3, r3, #3 + 80042ae: 63eb str r3, [r5, #60] ; 0x3c + const uint8_t zeros[32] = {0}; + 80042b0: 221c movs r2, #28 + 80042b2: 4621 mov r1, r4 + 80042b4: a809 add r0, sp, #36 ; 0x24 + 80042b6: f009 fb25 bl 800d904 + pin_cache_save(args, zeros); + 80042ba: a908 add r1, sp, #32 + 80042bc: 4628 mov r0, r5 + 80042be: f7ff ff27 bl 8004110 + args->private_state = ((rng_sample() & ~1) | is_trick_pin) ^ rom_secrets->hash_cache_secret[0]; + 80042c2: f7fe fadf bl 8002884 + 80042c6: 4b0b ldr r3, [pc, #44] ; (80042f4 ) + 80042c8: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 80042cc: f020 0001 bic.w r0, r0, #1 + args->delay_achieved = 0; + 80042d0: e9c5 440b strd r4, r4, [r5, #44] ; 0x2c + args->private_state = ((rng_sample() & ~1) | is_trick_pin) ^ rom_secrets->hash_cache_secret[0]; + 80042d4: 4058 eors r0, r3 + 80042d6: 6428 str r0, [r5, #64] ; 0x40 + _hmac_attempt(args, args->hmac); + 80042d8: f105 0144 add.w r1, r5, #68 ; 0x44 + 80042dc: 4628 mov r0, r5 + 80042de: f7ff fd5b bl 8003d98 <_hmac_attempt> +} + 80042e2: e7c9 b.n 8004278 + return EPIN_PRIMARY_ONLY; + 80042e4: f06f 0471 mvn.w r4, #113 ; 0x71 + 80042e8: e7c6 b.n 8004278 + return EPIN_I_AM_BRICK; + 80042ea: f06f 0468 mvn.w r4, #104 ; 0x68 + 80042ee: e7c3 b.n 8004278 + 80042f0: 2eaf6312 .word 0x2eaf6312 + 80042f4: 0801c000 .word 0x0801c000 + +080042f8 : +} + 80042f8: 2000 movs r0, #0 + 80042fa: 4770 bx lr + +080042fc : +// +// Do the PIN check, and return a value. Or fail. +// + int +pin_login_attempt(pinAttempt_t *args) +{ + 80042fc: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + bool deltamode = false; + char tmp_pin[32]; + + int rv = _validate_attempt(args, false); + 8004300: 2100 movs r1, #0 +{ + 8004302: b0c7 sub sp, #284 ; 0x11c + 8004304: 4604 mov r4, r0 + int rv = _validate_attempt(args, false); + 8004306: f7ff fd75 bl 8003df4 <_validate_attempt> + if(rv) return rv; + 800430a: 4605 mov r5, r0 + 800430c: 2800 cmp r0, #0 + 800430e: d16e bne.n 80043ee + + if(args->state_flags & PA_SUCCESSFUL) { + 8004310: 6be3 ldr r3, [r4, #60] ; 0x3c + 8004312: 07d9 lsls r1, r3, #31 + 8004314: f100 80ba bmi.w 800448c + } + + // Mk4: Check SE2 first to see if this is a "trick" pin. + // - this call may have side-effects, like wiping keys, bricking, etc. + trick_slot_t slot; + bool is_trick = se2_test_trick_pin(args->pin, args->pin_len, &slot, false); + 8004318: f104 0808 add.w r8, r4, #8 + 800431c: 4603 mov r3, r0 + 800431e: 6aa1 ldr r1, [r4, #40] ; 0x28 + 8004320: aa26 add r2, sp, #152 ; 0x98 + 8004322: 4640 mov r0, r8 + 8004324: f003 fee2 bl 80080ec + + if(is_trick) { + 8004328: 4606 mov r6, r0 + 800432a: 2800 cmp r0, #0 + 800432c: d042 beq.n 80043b4 + // They gave a trick PIN. Implement it. + + // Mark as success + args->state_flags = PA_SUCCESSFUL; + 800432e: 2301 movs r3, #1 + 8004330: 63e3 str r3, [r4, #60] ; 0x3c + args->num_fails = 0; + args->attempts_left = MAX_TARGET_ATTEMPTS; + 8004332: 230d movs r3, #13 + args->num_fails = 0; + 8004334: 6365 str r5, [r4, #52] ; 0x34 + args->attempts_left = MAX_TARGET_ATTEMPTS; + 8004336: 63a3 str r3, [r4, #56] ; 0x38 + + if(check_all_zeros(slot.xdata, 32) || (slot.tc_flags & TC_WIPE)) { + 8004338: 2120 movs r1, #32 + 800433a: a828 add r0, sp, #160 ; 0xa0 + 800433c: f7fe fa82 bl 8002844 + 8004340: b918 cbnz r0, 800434a + 8004342: f9bd 309c ldrsh.w r3, [sp, #156] ; 0x9c + 8004346: 2b00 cmp r3, #0 + 8004348: da03 bge.n 8004352 + args->state_flags |= PA_ZERO_SECRET; + 800434a: 6be3 ldr r3, [r4, #60] ; 0x3c + 800434c: f043 0310 orr.w r3, r3, #16 + 8004350: 63e3 str r3, [r4, #60] ; 0x3c + args->private_state = ((rng_sample() & ~1) | is_trick_pin) ^ rom_secrets->hash_cache_secret[0]; + 8004352: f7fe fa97 bl 8002884 + 8004356: 4b50 ldr r3, [pc, #320] ; (8004498 ) + 8004358: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 800435c: f040 0001 orr.w r0, r0, #1 + 8004360: 4058 eors r0, r3 + args->delay_required = (slot->tc_flags & ~TC_HIDDEN_MASK); + 8004362: f8bd 309c ldrh.w r3, [sp, #156] ; 0x9c + args->private_state = ((rng_sample() & ~1) | is_trick_pin) ^ rom_secrets->hash_cache_secret[0]; + 8004366: 6420 str r0, [r4, #64] ; 0x40 + args->delay_required = (slot->tc_flags & ~TC_HIDDEN_MASK); + 8004368: f423 4278 bic.w r2, r3, #63488 ; 0xf800 + 800436c: 6322 str r2, [r4, #48] ; 0x30 + if(slot->tc_flags & TC_DELTA_MODE) { + 800436e: 055a lsls r2, r3, #21 + 8004370: d530 bpl.n 80043d4 + args->delay_achieved = 0; + 8004372: 2300 movs r3, #0 + 8004374: 62e3 str r3, [r4, #44] ; 0x2c + memcpy(tmp_pin, pin, pin_len); + 8004376: 6aa7 ldr r7, [r4, #40] ; 0x28 + // Thug gave wrong PIN, but we are going to let them + // past (by calculating correct PIN, up to 4 digits different), + // and the mpy firmware can do tricky stuff to protect funds + // even though the private key is known at that point. + deltamode = true; + apply_pin_delta(args->pin, args->pin_len, slot.tc_arg, tmp_pin); + 8004378: f8bd 909e ldrh.w r9, [sp, #158] ; 0x9e + memcpy(tmp_pin, pin, pin_len); + 800437c: ab04 add r3, sp, #16 + 800437e: 463a mov r2, r7 + 8004380: 4641 mov r1, r8 + 8004382: 4618 mov r0, r3 + 8004384: f009 fab0 bl 800d8e8 + tmp_pin[pin_len] = 0; + 8004388: 2200 movs r2, #0 + 800438a: 55c2 strb r2, [r0, r7] + char *p = &tmp_pin[pin_len-1]; + 800438c: 1e7a subs r2, r7, #1 + 800438e: 4402 add r2, r0 + 8004390: 2104 movs r1, #4 + if(*p == '-') p--; + 8004392: 7813 ldrb r3, [r2, #0] + 8004394: 2b2d cmp r3, #45 ; 0x2d + 8004396: f009 030f and.w r3, r9, #15 + 800439a: bf08 it eq + 800439c: f102 32ff addeq.w r2, r2, #4294967295 ; 0xffffffff + if((here >= 0) && (here <= 9)) { + 80043a0: 2b09 cmp r3, #9 + *p = '0' + here; + 80043a2: bf9c itt ls + 80043a4: 3330 addls r3, #48 ; 0x30 + 80043a6: 7013 strbls r3, [r2, #0] + for(int i=0; i<4; i++, p--) { + 80043a8: 3901 subs r1, #1 + replacement >>= 4; + 80043aa: ea4f 1919 mov.w r9, r9, lsr #4 + for(int i=0; i<4; i++, p--) { + 80043ae: f102 32ff add.w r2, r2, #4294967295 ; 0xffffffff + 80043b2: d1ee bne.n 8004392 + return 0; + } + +real_login: + // unlock the AE chip + if(warmup_ae()) return EPIN_I_AM_BRICK; + 80043b4: f7ff fd54 bl 8003e60 + 80043b8: 2800 cmp r0, #0 + 80043ba: d16a bne.n 8004492 + + // hash up the pin now, assuming we'll use it on main PIN + uint8_t digest[32]; + rv = pin_hash_attempt(deltamode ? tmp_pin : args->pin, args->pin_len, digest); + 80043bc: b10e cbz r6, 80043c2 + 80043be: f10d 0810 add.w r8, sp, #16 + 80043c2: 6aa1 ldr r1, [r4, #40] ; 0x28 + 80043c4: aa0c add r2, sp, #48 ; 0x30 + 80043c6: 4640 mov r0, r8 + 80043c8: f7ff fe1e bl 8004008 + if(rv) return EPIN_AE_FAIL; + 80043cc: b198 cbz r0, 80043f6 + + rv = ae_encrypted_read(KEYNUM_secret, KEYNUM_main_pin, digest, ts, AE_SECRET_LEN); + if(rv) { + ae_reset_chip(); + + return EPIN_AE_FAIL; + 80043ce: f06f 0569 mvn.w r5, #105 ; 0x69 + 80043d2: e00c b.n 80043ee + 80043d4: a926 add r1, sp, #152 ; 0x98 + 80043d6: 4620 mov r0, r4 + 80043d8: f7ff fe44 bl 8004064 + if(slot.tc_flags & TC_DELTA_MODE) { + 80043dc: f8bd 309c ldrh.w r3, [sp, #156] ; 0x9c + 80043e0: 055b lsls r3, r3, #21 + 80043e2: d4c8 bmi.n 8004376 + _hmac_attempt(args, args->hmac); + 80043e4: f104 0144 add.w r1, r4, #68 ; 0x44 + 80043e8: 4620 mov r0, r4 + 80043ea: f7ff fcd5 bl 8003d98 <_hmac_attempt> + } + + _sign_attempt(args); + + return 0; +} + 80043ee: 4628 mov r0, r5 + 80043f0: b047 add sp, #284 ; 0x11c + 80043f2: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + ae_reset_chip(); + 80043f6: f7fe fbaf bl 8002b58 + ae_pair_unlock(); + 80043fa: f7fe fdb1 bl 8002f60 + return (ae_checkmac_hard(KEYNUM_main_pin, digest) == 0); + 80043fe: a90c add r1, sp, #48 ; 0x30 + 8004400: 2003 movs r0, #3 + 8004402: f7fe ff3b bl 800327c + if(!is_main_pin(digest)) { + 8004406: b130 cbz r0, 8004416 + se2_handle_bad_pin(args->num_fails + 1); + 8004408: 6b60 ldr r0, [r4, #52] ; 0x34 + 800440a: 3001 adds r0, #1 + 800440c: f003 ff5a bl 80082c4 + return EPIN_AUTH_FAIL; + 8004410: f06f 056f mvn.w r5, #111 ; 0x6f + 8004414: e7eb b.n 80043ee + rv = updates_for_good_login(digest); + 8004416: a80c add r0, sp, #48 ; 0x30 + 8004418: f7ff fda8 bl 8003f6c + if(rv) return EPIN_AE_FAIL; + 800441c: 4607 mov r7, r0 + 800441e: 2800 cmp r0, #0 + 8004420: d1d5 bne.n 80043ce + pin_cache_save(args, digest); + 8004422: a90c add r1, sp, #48 ; 0x30 + 8004424: 4620 mov r0, r4 + 8004426: f7ff fe73 bl 8004110 + args->state_flags = PA_SUCCESSFUL; + 800442a: 2301 movs r3, #1 + 800442c: 63e3 str r3, [r4, #60] ; 0x3c + args->num_fails = 0; + 800442e: 6367 str r7, [r4, #52] ; 0x34 + args->attempts_left = MAX_TARGET_ATTEMPTS; + 8004430: 230d movs r3, #13 + rv = ae_encrypted_read(KEYNUM_secret, KEYNUM_main_pin, digest, ts, AE_SECRET_LEN); + 8004432: 2748 movs r7, #72 ; 0x48 + args->attempts_left = MAX_TARGET_ATTEMPTS; + 8004434: 63a3 str r3, [r4, #56] ; 0x38 + rv = ae_encrypted_read(KEYNUM_secret, KEYNUM_main_pin, digest, ts, AE_SECRET_LEN); + 8004436: 9700 str r7, [sp, #0] + 8004438: ab14 add r3, sp, #80 ; 0x50 + 800443a: aa0c add r2, sp, #48 ; 0x30 + 800443c: 2103 movs r1, #3 + 800443e: 2009 movs r0, #9 + 8004440: f7fe fffe bl 8003440 + if(rv) { + 8004444: b110 cbz r0, 800444c + ae_reset_chip(); + 8004446: f7fe fb87 bl 8002b58 + 800444a: e7c0 b.n 80043ce + ae_reset_chip(); + 800444c: f7fe fb84 bl 8002b58 + mcu_key_get(&mcu_key_valid); + 8004450: f10d 000f add.w r0, sp, #15 + 8004454: f7fe f8b8 bl 80025c8 + if(check_all_zeros(ts, AE_SECRET_LEN) || !mcu_key_valid) { + 8004458: 4639 mov r1, r7 + 800445a: a814 add r0, sp, #80 ; 0x50 + 800445c: f7fe f9f2 bl 8002844 + 8004460: b910 cbnz r0, 8004468 + 8004462: f89d 300f ldrb.w r3, [sp, #15] + 8004466: b91b cbnz r3, 8004470 + args->state_flags |= PA_ZERO_SECRET; + 8004468: 6be3 ldr r3, [r4, #60] ; 0x3c + 800446a: f043 0310 orr.w r3, r3, #16 + 800446e: 63e3 str r3, [r4, #60] ; 0x3c + if(!deltamode) { + 8004470: 2e00 cmp r6, #0 + 8004472: d1b7 bne.n 80043e4 + args->private_state = ((rng_sample() & ~1) | is_trick_pin) ^ rom_secrets->hash_cache_secret[0]; + 8004474: f7fe fa06 bl 8002884 + 8004478: 4b07 ldr r3, [pc, #28] ; (8004498 ) + 800447a: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 800447e: f020 0001 bic.w r0, r0, #1 + 8004482: 4058 eors r0, r3 + args->delay_achieved = 0; + 8004484: e9c4 660b strd r6, r6, [r4, #44] ; 0x2c + args->private_state = ((rng_sample() & ~1) | is_trick_pin) ^ rom_secrets->hash_cache_secret[0]; + 8004488: 6420 str r0, [r4, #64] ; 0x40 + return; + 800448a: e7ab b.n 80043e4 + return EPIN_WRONG_SUCCESS; + 800448c: f06f 056c mvn.w r5, #108 ; 0x6c + 8004490: e7ad b.n 80043ee + if(warmup_ae()) return EPIN_I_AM_BRICK; + 8004492: f06f 0568 mvn.w r5, #104 ; 0x68 + 8004496: e7aa b.n 80043ee + 8004498: 0801c000 .word 0x0801c000 + +0800449c : +// +// Verify we know the main PIN, but don't do anything with it. +// + int +pin_check_logged_in(const pinAttempt_t *args, bool *is_trick) +{ + 800449c: b570 push {r4, r5, r6, lr} + 800449e: 460e mov r6, r1 + 80044a0: b088 sub sp, #32 + int rv = _validate_attempt(args, false); + 80044a2: 2100 movs r1, #0 +{ + 80044a4: 4605 mov r5, r0 + int rv = _validate_attempt(args, false); + 80044a6: f7ff fca5 bl 8003df4 <_validate_attempt> + if(rv) return rv; + 80044aa: 4604 mov r4, r0 + 80044ac: b980 cbnz r0, 80044d0 + + if((args->state_flags & PA_SUCCESSFUL) != PA_SUCCESSFUL) { + 80044ae: 6beb ldr r3, [r5, #60] ; 0x3c + 80044b0: 07da lsls r2, r3, #31 + 80044b2: d520 bpl.n 80044f6 + bool is_trick = ((args->private_state ^ rom_secrets->hash_cache_secret[0]) & 0x1); + 80044b4: 4b11 ldr r3, [pc, #68] ; (80044fc ) + 80044b6: 6c2a ldr r2, [r5, #64] ; 0x40 + 80044b8: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 80044bc: 4053 eors r3, r2 + // must come here with a successful PIN login (so it's rate limited nicely) + return EPIN_WRONG_SUCCESS; + } + + if(get_is_trick(args, NULL)) { + 80044be: 07db lsls r3, r3, #31 + 80044c0: d509 bpl.n 80044d6 + // they used a trick pin to get this far. Amuse them more. + *is_trick = true; + 80044c2: 2301 movs r3, #1 + 80044c4: 7033 strb r3, [r6, #0] + + // should calibrate this, but smart money will just look at the bus + delay_ms(10); + 80044c6: 200a movs r0, #10 + 80044c8: f7ff faee bl 8003aa8 + rng_delay(); + 80044cc: f7fe fa2e bl 800292c + int rv = ae_checkmac(KEYNUM_main_pin, auth_digest); + if(rv) return EPIN_AUTH_FAIL; + } + + return 0; +} + 80044d0: 4620 mov r0, r4 + 80044d2: b008 add sp, #32 + 80044d4: bd70 pop {r4, r5, r6, pc} + pin_cache_restore(args, auth_digest); + 80044d6: 4669 mov r1, sp + *is_trick = false; + 80044d8: 7030 strb r0, [r6, #0] + pin_cache_restore(args, auth_digest); + 80044da: 4628 mov r0, r5 + 80044dc: f7ff fe50 bl 8004180 + ae_pair_unlock(); + 80044e0: f7fe fd3e bl 8002f60 + int rv = ae_checkmac(KEYNUM_main_pin, auth_digest); + 80044e4: 4669 mov r1, sp + 80044e6: 2003 movs r0, #3 + 80044e8: f7fe fcb8 bl 8002e5c + if(rv) return EPIN_AUTH_FAIL; + 80044ec: 1e04 subs r4, r0, #0 + 80044ee: bf18 it ne + 80044f0: f06f 046f mvnne.w r4, #111 ; 0x6f + 80044f4: e7ec b.n 80044d0 + return EPIN_WRONG_SUCCESS; + 80044f6: f06f 046c mvn.w r4, #108 ; 0x6c + 80044fa: e7e9 b.n 80044d0 + 80044fc: 0801c000 .word 0x0801c000 + +08004500 : +// +// Change the PIN and/or the secret. (Must also know the previous value, or it must be blank) +// + int +pin_change(pinAttempt_t *args) +{ + 8004500: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + // Validate args and signature + int rv = _validate_attempt(args, false); + 8004504: 2100 movs r1, #0 +{ + 8004506: b0a4 sub sp, #144 ; 0x90 + 8004508: 4604 mov r4, r0 + int rv = _validate_attempt(args, false); + 800450a: f7ff fc73 bl 8003df4 <_validate_attempt> + if(rv) return rv; + 800450e: 4605 mov r5, r0 + 8004510: 2800 cmp r0, #0 + 8004512: f040 8094 bne.w 800463e + + if((args->state_flags & PA_SUCCESSFUL) != PA_SUCCESSFUL) { + 8004516: 6be3 ldr r3, [r4, #60] ; 0x3c + 8004518: 07d9 lsls r1, r3, #31 + 800451a: f140 809c bpl.w 8004656 + // must come here with a successful PIN login (so it's rate limited nicely) + return EPIN_WRONG_SUCCESS; + } + + if(args->state_flags & PA_IS_BLANK) { + 800451e: 079a lsls r2, r3, #30 + 8004520: d502 bpl.n 8004528 + // if blank, must provide blank value + if(args->pin_len) return EPIN_RANGE_ERR; + 8004522: 6aa3 ldr r3, [r4, #40] ; 0x28 + 8004524: 2b00 cmp r3, #0 + 8004526: d158 bne.n 80045da + } + + // Look at change flags. + const uint32_t cf = args->change_flags; + + ASSERT(!args->is_secondary); + 8004528: 6863 ldr r3, [r4, #4] + const uint32_t cf = args->change_flags; + 800452a: f8d4 9064 ldr.w r9, [r4, #100] ; 0x64 + ASSERT(!args->is_secondary); + 800452e: b113 cbz r3, 8004536 + 8004530: 484c ldr r0, [pc, #304] ; (8004664 ) + 8004532: f7fc fa93 bl 8000a5c + if(cf & CHANGE_SECONDARY_WALLET_PIN) { + // obsolete secondary support, can't support. + return EPIN_BAD_REQUEST; + } + if(cf & (CHANGE_DURESS_PIN | CHANGE_DURESS_SECRET | CHANGE_BRICKME_PIN)) { + 8004536: f019 0f36 tst.w r9, #54 ; 0x36 + 800453a: d10b bne.n 8004554 + // we need some new API for trick PIN lookup/changes. + return EPIN_BAD_REQUEST; + } + if(!(cf & (CHANGE_WALLET_PIN | CHANGE_SECRET))) { + 800453c: f019 0f09 tst.w r9, #9 + 8004540: d04b beq.n 80045da + bool is_trick = ((args->private_state ^ rom_secrets->hash_cache_secret[0]) & 0x1); + 8004542: 4b49 ldr r3, [pc, #292] ; (8004668 ) + 8004544: 6c22 ldr r2, [r4, #64] ; 0x40 + 8004546: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 800454a: 4053 eors r3, r2 + // If they authorized w/ a trick PIN, new policy is to wipe ourselves if + // they try to change PIN code or the secret. + // - it's hard to fake them out here, and they may be onto us. + // - this protects the seed, but does end the game somewhat + // - all trick PINs will still be in effect, and looks like random reset + if(get_is_trick(args, NULL)) { + 800454c: 07db lsls r3, r3, #31 + 800454e: d504 bpl.n 800455a + // User is a thug.. kill secret and reboot w/o any notice + fast_wipe(); + 8004550: f7fe f94c bl 80027ec + return EPIN_BAD_REQUEST; + 8004554: f06f 0567 mvn.w r5, #103 ; 0x67 + 8004558: e071 b.n 800463e + // NOT-REACHED + return EPIN_BAD_REQUEST; + } + + // unlock the AE chip + if(warmup_ae()) return EPIN_I_AM_BRICK; + 800455a: f7ff fc81 bl 8003e60 + 800455e: 4605 mov r5, r0 + 8004560: 2800 cmp r0, #0 + 8004562: d17b bne.n 800465c + // If they tricked us to get to this point, doesn't matter as + // below SE1 validates it all again. + + // Restore cached version of PIN digest: fast + uint8_t required_digest[32]; + pin_cache_restore(args, required_digest); + 8004564: f10d 0808 add.w r8, sp, #8 + 8004568: 4641 mov r1, r8 + 800456a: 4620 mov r0, r4 + 800456c: f7ff fe08 bl 8004180 + + // Calculate new PIN hashed value: will be slow to do + if(cf & CHANGE_WALLET_PIN) { + 8004570: f019 0f01 tst.w r9, #1 + 8004574: d021 beq.n 80045ba + uint8_t new_digest[32]; + rv = pin_hash_attempt(args->new_pin, args->new_pin_len, new_digest); + 8004576: f8d4 10ac ldr.w r1, [r4, #172] ; 0xac + 800457a: aa12 add r2, sp, #72 ; 0x48 + 800457c: f104 008c add.w r0, r4, #140 ; 0x8c + 8004580: f7ff fd42 bl 8004008 + if(rv) goto ae_fail; + 8004584: 2800 cmp r0, #0 + 8004586: d161 bne.n 800464c + + if(ae_encrypted_write(KEYNUM_main_pin, KEYNUM_main_pin, required_digest, new_digest, 32)) { + 8004588: 2320 movs r3, #32 + 800458a: 2103 movs r1, #3 + 800458c: 9300 str r3, [sp, #0] + 800458e: 4642 mov r2, r8 + 8004590: ab12 add r3, sp, #72 ; 0x48 + 8004592: 4608 mov r0, r1 + 8004594: f7fe fff4 bl 8003580 + 8004598: 2800 cmp r0, #0 + 800459a: d157 bne.n 800464c + goto ae_fail; + } + + memcpy(required_digest, new_digest, 32); + 800459c: af12 add r7, sp, #72 ; 0x48 + 800459e: cf0f ldmia r7!, {r0, r1, r2, r3} + 80045a0: 4646 mov r6, r8 + 80045a2: c60f stmia r6!, {r0, r1, r2, r3} + 80045a4: e897 000f ldmia.w r7, {r0, r1, r2, r3} + 80045a8: e886 000f stmia.w r6, {r0, r1, r2, r3} + + // main pin is changing; reset counter to zero (good login) and our cache + pin_cache_save(args, new_digest); + 80045ac: 4620 mov r0, r4 + 80045ae: a912 add r1, sp, #72 ; 0x48 + 80045b0: f7ff fdae bl 8004110 + + updates_for_good_login(new_digest); + 80045b4: a812 add r0, sp, #72 ; 0x48 + 80045b6: f7ff fcd9 bl 8003f6c + } + + // Recording new secret. + // Note the required_digest might have just changed above. + if(cf & CHANGE_SECRET) { + 80045ba: f019 0f08 tst.w r9, #8 + 80045be: d037 beq.n 8004630 + int which = (args->change_flags >> 8) & 0xf; + 80045c0: 6e63 ldr r3, [r4, #100] ; 0x64 + 80045c2: 121b asrs r3, r3, #8 + switch(which) { + 80045c4: f013 020c ands.w r2, r3, #12 + 80045c8: d107 bne.n 80045da + 80045ca: 4928 ldr r1, [pc, #160] ; (800466c ) + int which = (args->change_flags >> 8) & 0xf; + 80045cc: f003 030f and.w r3, r3, #15 + 80045d0: f911 a003 ldrsb.w sl, [r1, r3] + uint8_t tmp[AE_SECRET_LEN]; + uint8_t check[32]; + + // what slot (key number) are updating? (probably: KEYNUM_secret) + int target_slot = keynum_for_secret(args); + if(target_slot < 0) return EPIN_RANGE_ERR; + 80045d4: f1ba 0f00 cmp.w sl, #0 + 80045d8: da02 bge.n 80045e0 + if(args->pin_len) return EPIN_RANGE_ERR; + 80045da: f06f 0566 mvn.w r5, #102 ; 0x66 + 80045de: e02e b.n 800463e + + se2_encrypt_secret(args->secret, AE_SECRET_LEN, 0, tmp, check, required_digest); + 80045e0: f104 07b0 add.w r7, r4, #176 ; 0xb0 + 80045e4: ae0a add r6, sp, #40 ; 0x28 + 80045e6: ab12 add r3, sp, #72 ; 0x48 + 80045e8: 2148 movs r1, #72 ; 0x48 + + // write into two slots + if(ae_encrypted_write(target_slot, KEYNUM_main_pin, + 80045ea: f04f 0948 mov.w r9, #72 ; 0x48 + se2_encrypt_secret(args->secret, AE_SECRET_LEN, 0, tmp, check, required_digest); + 80045ee: f8cd 8004 str.w r8, [sp, #4] + 80045f2: 9600 str r6, [sp, #0] + 80045f4: 4638 mov r0, r7 + 80045f6: f003 ff31 bl 800845c + if(ae_encrypted_write(target_slot, KEYNUM_main_pin, + 80045fa: 2103 movs r1, #3 + 80045fc: f8cd 9000 str.w r9, [sp] + 8004600: eb0d 0309 add.w r3, sp, r9 + 8004604: 4642 mov r2, r8 + 8004606: 4650 mov r0, sl + 8004608: f7fe ffba bl 8003580 + 800460c: 4601 mov r1, r0 + 800460e: b9e8 cbnz r0, 800464c + required_digest, tmp, AE_SECRET_LEN)){ + goto ae_fail; + } + if(ae_encrypted_write32(KEYNUM_check_secret, 0, KEYNUM_main_pin, required_digest, check)){ + 8004610: 9600 str r6, [sp, #0] + 8004612: 4643 mov r3, r8 + 8004614: 2203 movs r2, #3 + 8004616: 200a movs r0, #10 + 8004618: f7fe ff4c bl 80034b4 + 800461c: b9b0 cbnz r0, 800464c + goto ae_fail; + } + + // update the zero-secret flag to be correct. + if(cf & CHANGE_SECRET) { + if(check_all_zeros(args->secret, AE_SECRET_LEN)) { + 800461e: 4649 mov r1, r9 + 8004620: 4638 mov r0, r7 + 8004622: f7fe f90f bl 8002844 + 8004626: 6be3 ldr r3, [r4, #60] ; 0x3c + 8004628: b168 cbz r0, 8004646 + args->state_flags |= PA_ZERO_SECRET; + 800462a: f043 0310 orr.w r3, r3, #16 + 800462e: 63e3 str r3, [r4, #60] ; 0x3c + args->state_flags &= ~PA_ZERO_SECRET; + } + } + } + + ae_reset_chip(); + 8004630: f7fe fa92 bl 8002b58 + _hmac_attempt(args, args->hmac); + 8004634: f104 0144 add.w r1, r4, #68 ; 0x44 + 8004638: 4620 mov r0, r4 + 800463a: f7ff fbad bl 8003d98 <_hmac_attempt> + +ae_fail: + ae_reset_chip(); + + return EPIN_AE_FAIL; +} + 800463e: 4628 mov r0, r5 + 8004640: b024 add sp, #144 ; 0x90 + 8004642: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + args->state_flags &= ~PA_ZERO_SECRET; + 8004646: f023 0310 bic.w r3, r3, #16 + 800464a: e7f0 b.n 800462e + ae_reset_chip(); + 800464c: f7fe fa84 bl 8002b58 + return EPIN_AE_FAIL; + 8004650: f06f 0569 mvn.w r5, #105 ; 0x69 + 8004654: e7f3 b.n 800463e + return EPIN_WRONG_SUCCESS; + 8004656: f06f 056c mvn.w r5, #108 ; 0x6c + 800465a: e7f0 b.n 800463e + if(warmup_ae()) return EPIN_I_AM_BRICK; + 800465c: f06f 0568 mvn.w r5, #104 ; 0x68 + 8004660: e7ed b.n 800463e + 8004662: bf00 nop + 8004664: 08010470 .word 0x08010470 + 8004668: 0801c000 .word 0x0801c000 + 800466c: 0801079c .word 0x0801079c + +08004670 : +// To encourage not keeping the secret in memory, a way to fetch it after you've already +// proven you know the PIN. +// + int +pin_fetch_secret(pinAttempt_t *args) +{ + 8004670: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + // Validate args and signature + int rv = _validate_attempt(args, false); + 8004674: 2100 movs r1, #0 +{ + 8004676: f5ad 7d38 sub.w sp, sp, #736 ; 0x2e0 + 800467a: 4604 mov r4, r0 + int rv = _validate_attempt(args, false); + 800467c: f7ff fbba bl 8003df4 <_validate_attempt> + if(rv) return rv; + 8004680: 4605 mov r5, r0 + 8004682: 2800 cmp r0, #0 + 8004684: d144 bne.n 8004710 + + if((args->state_flags & PA_SUCCESSFUL) != PA_SUCCESSFUL) { + 8004686: 6be3 ldr r3, [r4, #60] ; 0x3c + 8004688: 07db lsls r3, r3, #31 + 800468a: f140 80e3 bpl.w 8004854 + // must come here with a successful PIN login (so it's rate limited nicely) + return EPIN_WRONG_SUCCESS; + } + if(args->change_flags & CHANGE_DURESS_SECRET) { + 800468e: 6e65 ldr r5, [r4, #100] ; 0x64 + 8004690: f015 0510 ands.w r5, r5, #16 + 8004694: f040 80e1 bne.w 800485a + + // fetch the already-hashed pin + // - no real need to re-prove PIN knowledge. + // - if they tricked us, doesn't matter as below the SE validates it all again + uint8_t digest[32]; + pin_cache_restore(args, digest); + 8004698: f10d 081c add.w r8, sp, #28 + 800469c: 4641 mov r1, r8 + 800469e: 4620 mov r0, r4 + 80046a0: f7ff fd6e bl 8004180 + bool is_trick = ((args->private_state ^ rom_secrets->hash_cache_secret[0]) & 0x1); + 80046a4: 4b70 ldr r3, [pc, #448] ; (8004868 ) + 80046a6: 6c26 ldr r6, [r4, #64] ; 0x40 + 80046a8: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 80046ac: 4073 eors r3, r6 + if(!slot || !is_trick) return is_trick; + 80046ae: 07df lsls r7, r3, #31 + 80046b0: d577 bpl.n 80047a2 + memset(slot, 0, sizeof(trick_slot_t)); + 80046b2: 2280 movs r2, #128 ; 0x80 + 80046b4: 4629 mov r1, r5 + 80046b6: a817 add r0, sp, #92 ; 0x5c + 80046b8: f009 f924 bl 800d904 + if(args->delay_required & TC_DELTA_MODE) { + 80046bc: 6b23 ldr r3, [r4, #48] ; 0x30 + 80046be: 0558 lsls r0, r3, #21 + 80046c0: d52b bpl.n 800471a + slot->tc_flags = args->delay_required; + 80046c2: f8ad 3060 strh.w r3, [sp, #96] ; 0x60 + slot->slot_num = -1; // unknown + 80046c6: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 80046ca: 9317 str r3, [sp, #92] ; 0x5c + + // determine if we should proceed under duress + trick_slot_t slot; + bool is_trick = get_is_trick(args, &slot); + + if(is_trick && !(slot.tc_flags & TC_DELTA_MODE)) { + 80046cc: f8bd 6060 ldrh.w r6, [sp, #96] ; 0x60 + 80046d0: f416 6180 ands.w r1, r6, #1024 ; 0x400 + 80046d4: d165 bne.n 80047a2 + // emulate a 24-word wallet, or xprv based wallet + // see stash.py for encoding details + memset(args->secret, 0, AE_SECRET_LEN); + 80046d6: 2248 movs r2, #72 ; 0x48 + 80046d8: f104 00b0 add.w r0, r4, #176 ; 0xb0 + 80046dc: f009 f912 bl 800d904 + + if(slot.tc_flags & TC_WORD_WALLET) { + 80046e0: 04f1 lsls r1, r6, #19 + 80046e2: d54c bpl.n 800477e + if(check_all_zeros(&slot.xdata[16], 16)) { + 80046e4: ae1d add r6, sp, #116 ; 0x74 + 80046e6: 2110 movs r1, #16 + 80046e8: 4630 mov r0, r6 + 80046ea: f7fe f8ab bl 8002844 + // 2nd half is zeros, must be 12-word wallet + args->secret[0] = 0x80; // 12 word phrase + memcpy(&args->secret[1], slot.xdata, 16); + 80046ee: f104 03b1 add.w r3, r4, #177 ; 0xb1 + if(check_all_zeros(&slot.xdata[16], 16)) { + 80046f2: 2800 cmp r0, #0 + 80046f4: d034 beq.n 8004760 + args->secret[0] = 0x80; // 12 word phrase + 80046f6: 2280 movs r2, #128 ; 0x80 + 80046f8: f884 20b0 strb.w r2, [r4, #176] ; 0xb0 + memcpy(&args->secret[1], slot.xdata, 16); + 80046fc: ac19 add r4, sp, #100 ; 0x64 + 80046fe: 4622 mov r2, r4 + 8004700: ca03 ldmia r2!, {r0, r1} + 8004702: 42b2 cmp r2, r6 + 8004704: 6018 str r0, [r3, #0] + 8004706: 6059 str r1, [r3, #4] + 8004708: 4614 mov r4, r2 + 800470a: f103 0308 add.w r3, r3, #8 + 800470e: d1f6 bne.n 80046fe + ae_reset_chip(); + + if(rv) return EPIN_AE_FAIL; + + return 0; +} + 8004710: 4628 mov r0, r5 + 8004712: f50d 7d38 add.w sp, sp, #736 ; 0x2e0 + 8004716: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + memcpy(key+4, rom_secrets->hash_cache_secret+4, sizeof(rom_secrets->hash_cache_secret)-4); + 800471a: 4f54 ldr r7, [pc, #336] ; (800486c ) + memcpy(key, &args->private_state, sizeof(args->private_state)); + 800471c: 960f str r6, [sp, #60] ; 0x3c + memcpy(key+4, rom_secrets->hash_cache_secret+4, sizeof(rom_secrets->hash_cache_secret)-4); + 800471e: cf0f ldmia r7!, {r0, r1, r2, r3} + 8004720: ae10 add r6, sp, #64 ; 0x40 + 8004722: c60f stmia r6!, {r0, r1, r2, r3} + 8004724: e897 0007 ldmia.w r7, {r0, r1, r2} + 8004728: e886 0007 stmia.w r6, {r0, r1, r2} + aes_init(&ctx); + 800472c: a837 add r0, sp, #220 ; 0xdc + 800472e: f003 fff9 bl 8008724 + aes_add(&ctx, args->cached_main_pin, 32); + 8004732: 2220 movs r2, #32 + 8004734: f104 01f8 add.w r1, r4, #248 ; 0xf8 + 8004738: a837 add r0, sp, #220 ; 0xdc + 800473a: f003 fff9 bl 8008730 + aes_done(&ctx, (uint8_t *)slot, 32, key, NULL); + 800473e: a917 add r1, sp, #92 ; 0x5c + 8004740: 9500 str r5, [sp, #0] + 8004742: ab0f add r3, sp, #60 ; 0x3c + 8004744: 2220 movs r2, #32 + 8004746: a837 add r0, sp, #220 ; 0xdc + 8004748: f004 f808 bl 800875c + if(slot->tc_flags & (TC_WORD_WALLET|TC_XPRV_WALLET)) { + 800474c: f8bd 1060 ldrh.w r1, [sp, #96] ; 0x60 + 8004750: f411 5fc0 tst.w r1, #6144 ; 0x1800 + 8004754: d0ba beq.n 80046cc + se2_read_trick_data(slot->slot_num, slot->tc_flags, slot->xdata); + 8004756: 9817 ldr r0, [sp, #92] ; 0x5c + 8004758: aa19 add r2, sp, #100 ; 0x64 + 800475a: f003 fc8d bl 8008078 + if(is_trick && !(slot.tc_flags & TC_DELTA_MODE)) { + 800475e: e7b5 b.n 80046cc + args->secret[0] = 0x82; // 24 word phrase + 8004760: 2282 movs r2, #130 ; 0x82 + 8004762: f884 20b0 strb.w r2, [r4, #176] ; 0xb0 + memcpy(&args->secret[1], slot.xdata, 32); + 8004766: ae21 add r6, sp, #132 ; 0x84 + 8004768: aa19 add r2, sp, #100 ; 0x64 + 800476a: 4614 mov r4, r2 + 800476c: cc03 ldmia r4!, {r0, r1} + 800476e: 42b4 cmp r4, r6 + 8004770: 6018 str r0, [r3, #0] + 8004772: 6059 str r1, [r3, #4] + 8004774: 4622 mov r2, r4 + 8004776: f103 0308 add.w r3, r3, #8 + 800477a: d1f6 bne.n 800476a + 800477c: e7c8 b.n 8004710 + } else if(slot.tc_flags & TC_XPRV_WALLET) { + 800477e: 0532 lsls r2, r6, #20 + 8004780: d5c6 bpl.n 8004710 + args->secret[0] = 0x01; // XPRV mode + 8004782: 2301 movs r3, #1 + 8004784: f884 30b0 strb.w r3, [r4, #176] ; 0xb0 + memcpy(&args->secret[1], slot.xdata, 64); + 8004788: aa19 add r2, sp, #100 ; 0x64 + 800478a: 34b1 adds r4, #177 ; 0xb1 + 800478c: ae29 add r6, sp, #164 ; 0xa4 + 800478e: 4613 mov r3, r2 + 8004790: cb03 ldmia r3!, {r0, r1} + 8004792: 42b3 cmp r3, r6 + 8004794: 6020 str r0, [r4, #0] + 8004796: 6061 str r1, [r4, #4] + 8004798: 461a mov r2, r3 + 800479a: f104 0408 add.w r4, r4, #8 + 800479e: d1f6 bne.n 800478e + 80047a0: e7b6 b.n 8004710 + int which = (args->change_flags >> 8) & 0xf; + 80047a2: 6e63 ldr r3, [r4, #100] ; 0x64 + 80047a4: 121b asrs r3, r3, #8 + switch(which) { + 80047a6: f013 0f0c tst.w r3, #12 + 80047aa: d159 bne.n 8004860 + 80047ac: 4a30 ldr r2, [pc, #192] ; (8004870 ) + int which = (args->change_flags >> 8) & 0xf; + 80047ae: f003 030f and.w r3, r3, #15 + 80047b2: f912 9003 ldrsb.w r9, [r2, r3] + if(kn < 0) return EPIN_RANGE_ERR; + 80047b6: f1b9 0f00 cmp.w r9, #0 + 80047ba: db51 blt.n 8004860 + 80047bc: 2703 movs r7, #3 + rv = ae_encrypted_read(kn, KEYNUM_main_pin, digest, tmp, AE_SECRET_LEN); + 80047be: f04f 0a48 mov.w sl, #72 ; 0x48 + 80047c2: 2103 movs r1, #3 + 80047c4: f8cd a000 str.w sl, [sp] + 80047c8: ab37 add r3, sp, #220 ; 0xdc + 80047ca: 4642 mov r2, r8 + 80047cc: 4648 mov r0, r9 + 80047ce: f7fe fe37 bl 8003440 + if(rv) continue; + 80047d2: 4601 mov r1, r0 + 80047d4: b130 cbz r0, 80047e4 + for(int retry=0; retry<3; retry++) { + 80047d6: 3f01 subs r7, #1 + 80047d8: d1f3 bne.n 80047c2 + ae_reset_chip(); + 80047da: f7fe f9bd bl 8002b58 + if(rv) return EPIN_AE_FAIL; + 80047de: f06f 0569 mvn.w r5, #105 ; 0x69 + 80047e2: e795 b.n 8004710 + rv = ae_encrypted_read32(KEYNUM_check_secret, 0, KEYNUM_main_pin, digest, check); + 80047e4: ae0f add r6, sp, #60 ; 0x3c + 80047e6: 9600 str r6, [sp, #0] + 80047e8: 4643 mov r3, r8 + 80047ea: 2203 movs r2, #3 + 80047ec: 200a movs r0, #10 + 80047ee: f7fe fdfc bl 80033ea + if(rv) continue; + 80047f2: 4605 mov r5, r0 + 80047f4: 2800 cmp r0, #0 + 80047f6: d1ee bne.n 80047d6 + se2_decrypt_secret(args->secret, AE_SECRET_LEN, 0, tmp, check, digest, &is_valid); + 80047f8: f10d 071b add.w r7, sp, #27 + 80047fc: f104 00b0 add.w r0, r4, #176 ; 0xb0 + 8004800: ab37 add r3, sp, #220 ; 0xdc + 8004802: e9cd 8701 strd r8, r7, [sp, #4] + 8004806: 9600 str r6, [sp, #0] + 8004808: 462a mov r2, r5 + 800480a: 2148 movs r1, #72 ; 0x48 + 800480c: 9005 str r0, [sp, #20] + 800480e: f003 fe7b bl 8008508 + if(!is_valid) { + 8004812: f89d 301b ldrb.w r3, [sp, #27] + 8004816: 9805 ldr r0, [sp, #20] + 8004818: b993 cbnz r3, 8004840 + memset(args->secret, 0, AE_SECRET_LEN); + 800481a: 2248 movs r2, #72 ; 0x48 + 800481c: 4629 mov r1, r5 + 800481e: f009 f871 bl 800d904 + if(!(args->state_flags & PA_ZERO_SECRET)) { + 8004822: 6be3 ldr r3, [r4, #60] ; 0x3c + 8004824: 06db lsls r3, r3, #27 + 8004826: d408 bmi.n 800483a + args->state_flags |= PA_ZERO_SECRET; + 8004828: 6be3 ldr r3, [r4, #60] ; 0x3c + 800482a: f043 0310 orr.w r3, r3, #16 + 800482e: 63e3 str r3, [r4, #60] ; 0x3c + _hmac_attempt(args, args->hmac); + 8004830: f104 0144 add.w r1, r4, #68 ; 0x44 + 8004834: 4620 mov r0, r4 + 8004836: f7ff faaf bl 8003d98 <_hmac_attempt> + ae_reset_chip(); + 800483a: f7fe f98d bl 8002b58 + if(rv) return EPIN_AE_FAIL; + 800483e: e767 b.n 8004710 + if(!args->secret[0] && check_all_zeros(args->secret, AE_SECRET_LEN)) { + 8004840: f894 30b0 ldrb.w r3, [r4, #176] ; 0xb0 + 8004844: 2b00 cmp r3, #0 + 8004846: d1f8 bne.n 800483a + 8004848: 2148 movs r1, #72 ; 0x48 + 800484a: f7fd fffb bl 8002844 + 800484e: 2800 cmp r0, #0 + 8004850: d0f3 beq.n 800483a + 8004852: e7e9 b.n 8004828 + return EPIN_WRONG_SUCCESS; + 8004854: f06f 056c mvn.w r5, #108 ; 0x6c + 8004858: e75a b.n 8004710 + return EPIN_BAD_REQUEST; + 800485a: f06f 0567 mvn.w r5, #103 ; 0x67 + 800485e: e757 b.n 8004710 + if(kn < 0) return EPIN_RANGE_ERR; + 8004860: f06f 0566 mvn.w r5, #102 ; 0x66 + 8004864: e754 b.n 8004710 + 8004866: bf00 nop + 8004868: 0801c000 .word 0x0801c000 + 800486c: 0801c074 .word 0x0801c074 + 8004870: 0801079c .word 0x0801079c + +08004874 : +// - new API so whole thing provided in one shot? encryption issues: provide +// "dest" and all 416 bytes end up there (read case only). +// + int +pin_long_secret(pinAttempt_t *args, uint8_t *dest) +{ + 8004874: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + 8004878: 460f mov r7, r1 + 800487a: b099 sub sp, #100 ; 0x64 + // Validate args and signature + int rv = _validate_attempt(args, false); + 800487c: 2100 movs r1, #0 +{ + 800487e: 4606 mov r6, r0 + int rv = _validate_attempt(args, false); + 8004880: f7ff fab8 bl 8003df4 <_validate_attempt> + if(rv) return rv; + 8004884: 4604 mov r4, r0 + 8004886: b9b8 cbnz r0, 80048b8 + + if((args->state_flags & PA_SUCCESSFUL) != PA_SUCCESSFUL) { + 8004888: 6bf3 ldr r3, [r6, #60] ; 0x3c + 800488a: 07da lsls r2, r3, #31 + 800488c: f140 80a5 bpl.w 80049da + bool is_trick = ((args->private_state ^ rom_secrets->hash_cache_secret[0]) & 0x1); + 8004890: 4b55 ldr r3, [pc, #340] ; (80049e8 ) + 8004892: 6c32 ldr r2, [r6, #64] ; 0x40 + 8004894: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 8004898: 4053 eors r3, r2 + } + + // determine if we should proceed under duress/in some trick way + bool is_trick = get_is_trick(args, NULL); + + if(is_trick) { + 800489a: 07db lsls r3, r3, #31 + 800489c: d510 bpl.n 80048c0 + // Not supported in trick mode. Pretend it's all zeros. Accept all writes. + memset(args->secret, 0, 32); + 800489e: 4601 mov r1, r0 + 80048a0: 2220 movs r2, #32 + 80048a2: f106 00b0 add.w r0, r6, #176 ; 0xb0 + 80048a6: f009 f82d bl 800d904 + if(dest) memset(dest, 0, AE_LONG_SECRET_LEN); + 80048aa: b12f cbz r7, 80048b8 + 80048ac: f44f 72d0 mov.w r2, #416 ; 0x1a0 + 80048b0: 4621 mov r1, r4 + 80048b2: 4638 mov r0, r7 + 80048b4: f009 f826 bl 800d904 + +se2_fail: + ae_reset_chip(); + + return EPIN_SE2_FAIL; +} + 80048b8: 4620 mov r0, r4 + 80048ba: b019 add sp, #100 ; 0x64 + 80048bc: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + int blk = (args->change_flags >> 8) & 0xf; + 80048c0: 6e73 ldr r3, [r6, #100] ; 0x64 + 80048c2: f3c3 2803 ubfx r8, r3, #8, #4 + if(blk > 13) return EPIN_RANGE_ERR; + 80048c6: f1b8 0f0d cmp.w r8, #13 + 80048ca: f300 8089 bgt.w 80049e0 + pin_cache_restore(args, digest); + 80048ce: a908 add r1, sp, #32 + 80048d0: 4630 mov r0, r6 + 80048d2: f7ff fc55 bl 8004180 + if(!(args->change_flags & CHANGE_SECRET)) { + 80048d6: 6e71 ldr r1, [r6, #100] ; 0x64 + 80048d8: f011 0908 ands.w r9, r1, #8 + 80048dc: d156 bne.n 800498c + if(!dest) { + 80048de: bb27 cbnz r7, 800492a + rv = ae_encrypted_read32(KEYNUM_long_secret, blk, KEYNUM_main_pin, digest, tmp); + 80048e0: af10 add r7, sp, #64 ; 0x40 + 80048e2: 9700 str r7, [sp, #0] + 80048e4: ab08 add r3, sp, #32 + 80048e6: 2203 movs r2, #3 + 80048e8: 4641 mov r1, r8 + 80048ea: 2008 movs r0, #8 + 80048ec: f7fe fd7d bl 80033ea + if(rv) goto fail; + 80048f0: 4605 mov r5, r0 + 80048f2: 2800 cmp r0, #0 + 80048f4: d16a bne.n 80049cc + se2_decrypt_secret(args->secret, 32, blk*32, tmp, NULL, digest, &is_valid); + 80048f6: f10d 031f add.w r3, sp, #31 + 80048fa: 9302 str r3, [sp, #8] + 80048fc: ab08 add r3, sp, #32 + 80048fe: f106 00b0 add.w r0, r6, #176 ; 0xb0 + 8004902: e9cd 4300 strd r4, r3, [sp] + 8004906: ea4f 1248 mov.w r2, r8, lsl #5 + 800490a: 463b mov r3, r7 + 800490c: 2120 movs r1, #32 + 800490e: 9005 str r0, [sp, #20] + 8004910: f003 fdfa bl 8008508 + if(!is_valid) { + 8004914: f89d 301f ldrb.w r3, [sp, #31] + 8004918: 9805 ldr r0, [sp, #20] + 800491a: b91b cbnz r3, 8004924 + memset(args->secret, 0, 32); + 800491c: 2220 movs r2, #32 + 800491e: 4621 mov r1, r4 + memset(dest, 0, AE_LONG_SECRET_LEN); + 8004920: f008 fff0 bl 800d904 + ae_reset_chip(); + 8004924: f7fe f918 bl 8002b58 + if(rv) return EPIN_AE_FAIL; + 8004928: e7c6 b.n 80048b8 + 800492a: 463e mov r6, r7 + rv = ae_encrypted_read32(KEYNUM_long_secret, blk, KEYNUM_main_pin, digest, p); + 800492c: 9600 str r6, [sp, #0] + 800492e: ab08 add r3, sp, #32 + 8004930: 2203 movs r2, #3 + 8004932: 4649 mov r1, r9 + 8004934: 2008 movs r0, #8 + 8004936: f7fe fd58 bl 80033ea + if(rv) goto fail; + 800493a: 4605 mov r5, r0 + 800493c: 2800 cmp r0, #0 + 800493e: d145 bne.n 80049cc + for(blk=0; blk<13; blk++, p += 32) { + 8004940: f109 0901 add.w r9, r9, #1 + 8004944: f1b9 0f0d cmp.w r9, #13 + 8004948: f106 0620 add.w r6, r6, #32 + 800494c: d1ee bne.n 800492c + ASSERT(p == dest+AE_LONG_SECRET_LEN); + 800494e: f507 73d0 add.w r3, r7, #416 ; 0x1a0 + 8004952: 429e cmp r6, r3 + 8004954: d002 beq.n 800495c + 8004956: 4825 ldr r0, [pc, #148] ; (80049ec ) + 8004958: f7fc f880 bl 8000a5c + se2_decrypt_secret(dest, AE_LONG_SECRET_LEN, 0, dest, NULL, digest, &is_valid); + 800495c: ab10 add r3, sp, #64 ; 0x40 + 800495e: 9302 str r3, [sp, #8] + 8004960: ab08 add r3, sp, #32 + 8004962: e9cd 0300 strd r0, r3, [sp] + 8004966: 4602 mov r2, r0 + 8004968: 463b mov r3, r7 + 800496a: f44f 71d0 mov.w r1, #416 ; 0x1a0 + 800496e: 4638 mov r0, r7 + 8004970: f003 fdca bl 8008508 + if(!is_valid) { + 8004974: f89d 4040 ldrb.w r4, [sp, #64] ; 0x40 + 8004978: b924 cbnz r4, 8004984 + memset(dest, 0, AE_LONG_SECRET_LEN); + 800497a: f44f 72d0 mov.w r2, #416 ; 0x1a0 + 800497e: 4621 mov r1, r4 + 8004980: 4638 mov r0, r7 + 8004982: e7cd b.n 8004920 + ae_reset_chip(); + 8004984: f7fe f8e8 bl 8002b58 + return 0; + 8004988: 462c mov r4, r5 + 800498a: e795 b.n 80048b8 + uint8_t tmp[32] = {0}; + 800498c: 221c movs r2, #28 + 800498e: 4621 mov r1, r4 + 8004990: a811 add r0, sp, #68 ; 0x44 + 8004992: 9410 str r4, [sp, #64] ; 0x40 + if(se2_encrypt_secret(args->secret, 32, blk*32, tmp, NULL, digest)) { + 8004994: ad10 add r5, sp, #64 ; 0x40 + uint8_t tmp[32] = {0}; + 8004996: f008 ffb5 bl 800d904 + if(se2_encrypt_secret(args->secret, 32, blk*32, tmp, NULL, digest)) { + 800499a: ab08 add r3, sp, #32 + 800499c: e9cd 4300 strd r4, r3, [sp] + 80049a0: ea4f 1248 mov.w r2, r8, lsl #5 + 80049a4: 462b mov r3, r5 + 80049a6: 2120 movs r1, #32 + 80049a8: f106 00b0 add.w r0, r6, #176 ; 0xb0 + 80049ac: f003 fd56 bl 800845c + 80049b0: b120 cbz r0, 80049bc + ae_reset_chip(); + 80049b2: f7fe f8d1 bl 8002b58 + return EPIN_SE2_FAIL; + 80049b6: f06f 0472 mvn.w r4, #114 ; 0x72 + 80049ba: e77d b.n 80048b8 + rv = ae_encrypted_write32(KEYNUM_long_secret, blk, KEYNUM_main_pin, digest, tmp); + 80049bc: 9500 str r5, [sp, #0] + 80049be: ab08 add r3, sp, #32 + 80049c0: 2203 movs r2, #3 + 80049c2: 4641 mov r1, r8 + 80049c4: 2008 movs r0, #8 + 80049c6: f7fe fd75 bl 80034b4 + 80049ca: 4605 mov r5, r0 + ae_reset_chip(); + 80049cc: f7fe f8c4 bl 8002b58 + if(rv) return EPIN_AE_FAIL; + 80049d0: 2d00 cmp r5, #0 + 80049d2: bf18 it ne + 80049d4: f06f 0469 mvnne.w r4, #105 ; 0x69 + 80049d8: e76e b.n 80048b8 + return EPIN_WRONG_SUCCESS; + 80049da: f06f 046c mvn.w r4, #108 ; 0x6c + 80049de: e76b b.n 80048b8 + if(blk > 13) return EPIN_RANGE_ERR; + 80049e0: f06f 0466 mvn.w r4, #102 ; 0x66 + 80049e4: e768 b.n 80048b8 + 80049e6: bf00 nop + 80049e8: 0801c000 .word 0x0801c000 + 80049ec: 08010470 .word 0x08010470 + +080049f0 : +// +// Record current flash checksum and make green light go on. +// + int +pin_firmware_greenlight(pinAttempt_t *args) +{ + 80049f0: b530 push {r4, r5, lr} + // Validate args and signature + int rv = _validate_attempt(args, false); + 80049f2: 2100 movs r1, #0 +{ + 80049f4: b09b sub sp, #108 ; 0x6c + 80049f6: 4604 mov r4, r0 + int rv = _validate_attempt(args, false); + 80049f8: f7ff f9fc bl 8003df4 <_validate_attempt> + if(rv) return rv; + 80049fc: bb20 cbnz r0, 8004a48 + + if((args->state_flags & PA_SUCCESSFUL) != PA_SUCCESSFUL) { + 80049fe: 6be3 ldr r3, [r4, #60] ; 0x3c + 8004a00: 07da lsls r2, r3, #31 + 8004a02: d529 bpl.n 8004a58 + // must come here with a successful PIN login (so it's rate limited nicely) + return EPIN_WRONG_SUCCESS; + } + + if(args->is_secondary) { + 8004a04: 6865 ldr r5, [r4, #4] + 8004a06: bb55 cbnz r5, 8004a5e + return EPIN_PRIMARY_ONLY; + } + + // load existing PIN's hash + uint8_t digest[32]; + pin_cache_restore(args, digest); + 8004a08: a902 add r1, sp, #8 + 8004a0a: 4620 mov r0, r4 + 8004a0c: f7ff fbb8 bl 8004180 + + // step 1: calc the value to use + uint8_t fw_check[32], world_check[32]; + checksum_flash(fw_check, world_check, 0); + 8004a10: 462a mov r2, r5 + 8004a12: a912 add r1, sp, #72 ; 0x48 + 8004a14: a80a add r0, sp, #40 ; 0x28 + 8004a16: f7fd f913 bl 8001c40 + + // step 2: write it out to chip. + if(warmup_ae()) return EPIN_I_AM_BRICK; + 8004a1a: f7ff fa21 bl 8003e60 + 8004a1e: bb08 cbnz r0, 8004a64 + bool is_trick = ((args->private_state ^ rom_secrets->hash_cache_secret[0]) & 0x1); + 8004a20: 4b12 ldr r3, [pc, #72] ; (8004a6c ) + 8004a22: 6c22 ldr r2, [r4, #64] ; 0x40 + 8004a24: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 8004a28: 4053 eors r3, r2 + + // under duress, we can't fake this, but we go through the motions anyway + if(!get_is_trick(args, NULL)) { + 8004a2a: 07db lsls r3, r3, #31 + 8004a2c: d40e bmi.n 8004a4c + rv = ae_encrypted_write(KEYNUM_firmware, KEYNUM_main_pin, digest, world_check, 32); + 8004a2e: 2320 movs r3, #32 + 8004a30: 9300 str r3, [sp, #0] + 8004a32: aa02 add r2, sp, #8 + 8004a34: ab12 add r3, sp, #72 ; 0x48 + 8004a36: 2103 movs r1, #3 + 8004a38: 200e movs r0, #14 + 8004a3a: f7fe fda1 bl 8003580 + + if(rv) { + 8004a3e: b128 cbz r0, 8004a4c + ae_reset_chip(); + 8004a40: f7fe f88a bl 8002b58 + + return EPIN_AE_FAIL; + 8004a44: f06f 0069 mvn.w r0, #105 ; 0x69 + + return EPIN_AE_FAIL; + } + + return 0; +} + 8004a48: b01b add sp, #108 ; 0x6c + 8004a4a: bd30 pop {r4, r5, pc} + rv = ae_set_gpio_secure(world_check); + 8004a4c: a812 add r0, sp, #72 ; 0x48 + 8004a4e: f7fe fe29 bl 80036a4 + if(rv) { + 8004a52: 2800 cmp r0, #0 + 8004a54: d0f8 beq.n 8004a48 + 8004a56: e7f3 b.n 8004a40 + return EPIN_WRONG_SUCCESS; + 8004a58: f06f 006c mvn.w r0, #108 ; 0x6c + 8004a5c: e7f4 b.n 8004a48 + return EPIN_PRIMARY_ONLY; + 8004a5e: f06f 0071 mvn.w r0, #113 ; 0x71 + 8004a62: e7f1 b.n 8004a48 + if(warmup_ae()) return EPIN_I_AM_BRICK; + 8004a64: f06f 0068 mvn.w r0, #104 ; 0x68 + 8004a68: e7ee b.n 8004a48 + 8004a6a: bf00 nop + 8004a6c: 0801c000 .word 0x0801c000 + +08004a70 : +// Update the system firmware via file in PSRAM. Arrange for +// light to stay green through out process. +// + int +pin_firmware_upgrade(pinAttempt_t *args) +{ + 8004a70: b570 push {r4, r5, r6, lr} + // Validate args and signature + int rv = _validate_attempt(args, false); + 8004a72: 2100 movs r1, #0 +{ + 8004a74: b092 sub sp, #72 ; 0x48 + 8004a76: 4604 mov r4, r0 + int rv = _validate_attempt(args, false); + 8004a78: f7ff f9bc bl 8003df4 <_validate_attempt> + if(rv) return rv; + 8004a7c: 2800 cmp r0, #0 + 8004a7e: d14e bne.n 8004b1e + + if((args->state_flags & PA_SUCCESSFUL) != PA_SUCCESSFUL) { + 8004a80: 6be3 ldr r3, [r4, #60] ; 0x3c + 8004a82: 07da lsls r2, r3, #31 + 8004a84: d54d bpl.n 8004b22 + // must come here with a successful PIN login + return EPIN_WRONG_SUCCESS; + } + + if(args->change_flags != CHANGE_FIRMWARE) { + 8004a86: 6e63 ldr r3, [r4, #100] ; 0x64 + 8004a88: 2b40 cmp r3, #64 ; 0x40 + 8004a8a: d11c bne.n 8004ac6 + } + + // expecting start/length relative to psram start + uint32_t *about = (uint32_t *)args->secret; + uint32_t start = about[0]; + uint32_t len = about[1]; + 8004a8c: e9d4 562c ldrd r5, r6, [r4, #176] ; 0xb0 + + if(len < 32768) return EPIN_RANGE_ERR; + 8004a90: f5a6 4300 sub.w r3, r6, #32768 ; 0x8000 + 8004a94: f5b3 1ffc cmp.w r3, #2064384 ; 0x1f8000 + 8004a98: d846 bhi.n 8004b28 + if(len > 2<<20) return EPIN_RANGE_ERR; + if(start+len > PSRAM_SIZE) return EPIN_RANGE_ERR; + 8004a9a: 19ab adds r3, r5, r6 + 8004a9c: f5b3 0f00 cmp.w r3, #8388608 ; 0x800000 + 8004aa0: d842 bhi.n 8004b28 + + const uint8_t *data = (const uint8_t *)PSRAM_BASE+start; + 8004aa2: f105 4510 add.w r5, r5, #2415919104 ; 0x90000000 + + // verify a firmware image that's in RAM, and calc its digest + // - also applies watermark policy, etc + uint8_t world_check[32]; + bool ok = verify_firmware_in_ram(data, len, world_check); + 8004aa6: aa02 add r2, sp, #8 + 8004aa8: 4631 mov r1, r6 + 8004aaa: 4628 mov r0, r5 + 8004aac: f7fd f9ce bl 8001e4c + if(!ok) { + 8004ab0: 2800 cmp r0, #0 + 8004ab2: d03c beq.n 8004b2e + bool is_trick = ((args->private_state ^ rom_secrets->hash_cache_secret[0]) & 0x1); + 8004ab4: 4b21 ldr r3, [pc, #132] ; (8004b3c ) + 8004ab6: 6c22 ldr r2, [r4, #64] ; 0x40 + 8004ab8: f893 3070 ldrb.w r3, [r3, #112] ; 0x70 + 8004abc: 4053 eors r3, r2 + return EPIN_AUTH_FAIL; + } + + // under duress, we can't fake this, so kill ourselves. + if(get_is_trick(args, NULL)) { + 8004abe: 07db lsls r3, r3, #31 + 8004ac0: d504 bpl.n 8004acc + // User is a thug.. kill secret and reboot w/o any notice + fast_wipe(); + 8004ac2: f7fd fe93 bl 80027ec + return EPIN_BAD_REQUEST; + 8004ac6: f06f 0067 mvn.w r0, #103 ; 0x67 + 8004aca: e028 b.n 8004b1e + return EPIN_BAD_REQUEST; + } + + // load existing PIN's hash + uint8_t digest[32]; + pin_cache_restore(args, digest); + 8004acc: a90a add r1, sp, #40 ; 0x28 + 8004ace: 4620 mov r0, r4 + 8004ad0: f7ff fb56 bl 8004180 + + // step 1: calc the value to use, see above + if(warmup_ae()) return EPIN_I_AM_BRICK; + 8004ad4: f7ff f9c4 bl 8003e60 + 8004ad8: bb60 cbnz r0, 8004b34 + + // step 2: write it out to chip. + rv = ae_encrypted_write(KEYNUM_firmware, KEYNUM_main_pin, digest, world_check, 32); + 8004ada: 2320 movs r3, #32 + 8004adc: 9300 str r3, [sp, #0] + 8004ade: aa0a add r2, sp, #40 ; 0x28 + 8004ae0: ab02 add r3, sp, #8 + 8004ae2: 2103 movs r1, #3 + 8004ae4: 200e movs r0, #14 + 8004ae6: f7fe fd4b bl 8003580 + if(rv) goto fail; + 8004aea: b9a0 cbnz r0, 8004b16 + + // this turns on green light + rv = ae_set_gpio_secure(world_check); + 8004aec: a802 add r0, sp, #8 + 8004aee: f7fe fdd9 bl 80036a4 + if(rv) goto fail; + 8004af2: b980 cbnz r0, 8004b16 + + // -- point of no return -- + + // burn it, shows progress + psram_do_upgrade(data, len); + 8004af4: 4631 mov r1, r6 + 8004af6: 4628 mov r0, r5 + 8004af8: f000 fbf4 bl 80052e4 + 8004afc: f3bf 8f4f dsb sy + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 8004b00: 490f ldr r1, [pc, #60] ; (8004b40 ) + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 8004b02: 4b10 ldr r3, [pc, #64] ; (8004b44 ) + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 8004b04: 68ca ldr r2, [r1, #12] + 8004b06: f402 62e0 and.w r2, r2, #1792 ; 0x700 + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 8004b0a: 4313 orrs r3, r2 + 8004b0c: 60cb str r3, [r1, #12] + 8004b0e: f3bf 8f4f dsb sy + __NOP(); + 8004b12: bf00 nop + for(;;) /* wait until reset */ + 8004b14: e7fd b.n 8004b12 + NVIC_SystemReset(); + + return 0; + +fail: + ae_reset_chip(); + 8004b16: f7fe f81f bl 8002b58 + + return EPIN_AE_FAIL; + 8004b1a: f06f 0069 mvn.w r0, #105 ; 0x69 +} + 8004b1e: b012 add sp, #72 ; 0x48 + 8004b20: bd70 pop {r4, r5, r6, pc} + return EPIN_WRONG_SUCCESS; + 8004b22: f06f 006c mvn.w r0, #108 ; 0x6c + 8004b26: e7fa b.n 8004b1e + if(len < 32768) return EPIN_RANGE_ERR; + 8004b28: f06f 0066 mvn.w r0, #102 ; 0x66 + 8004b2c: e7f7 b.n 8004b1e + return EPIN_AUTH_FAIL; + 8004b2e: f06f 006f mvn.w r0, #111 ; 0x6f + 8004b32: e7f4 b.n 8004b1e + if(warmup_ae()) return EPIN_I_AM_BRICK; + 8004b34: f06f 0068 mvn.w r0, #104 ; 0x68 + 8004b38: e7f1 b.n 8004b1e + 8004b3a: bf00 nop + 8004b3c: 0801c000 .word 0x0801c000 + 8004b40: e000ed00 .word 0xe000ed00 + 8004b44: 05fa0004 .word 0x05fa0004 + +08004b48 : + +// strcat_hex() +// + void +strcat_hex(char *msg, const void *d, int len) +{ + 8004b48: b570 push {r4, r5, r6, lr} + 8004b4a: 4616 mov r6, r2 + 8004b4c: 4604 mov r4, r0 + 8004b4e: 460d mov r5, r1 + char *p = msg+strlen(msg); + 8004b50: f008 ff0b bl 800d96a + const uint8_t *h = (const uint8_t *)d; + + for(; len; len--, h++) { + *(p++) = hexmap[(*h>>4) & 0xf]; + 8004b54: 4a0b ldr r2, [pc, #44] ; (8004b84 ) + char *p = msg+strlen(msg); + 8004b56: 4420 add r0, r4 + for(; len; len--, h++) { + 8004b58: 1e69 subs r1, r5, #1 + 8004b5a: eb00 0646 add.w r6, r0, r6, lsl #1 + 8004b5e: 42b0 cmp r0, r6 + 8004b60: d102 bne.n 8004b68 + *(p++) = hexmap[(*h>>0) & 0xf]; + } + + *(p++) = 0; + 8004b62: 2300 movs r3, #0 + 8004b64: 7003 strb r3, [r0, #0] +} + 8004b66: bd70 pop {r4, r5, r6, pc} + *(p++) = hexmap[(*h>>4) & 0xf]; + 8004b68: f811 3f01 ldrb.w r3, [r1, #1]! + 8004b6c: 091b lsrs r3, r3, #4 + 8004b6e: 5cd3 ldrb r3, [r2, r3] + 8004b70: f800 3b02 strb.w r3, [r0], #2 + *(p++) = hexmap[(*h>>0) & 0xf]; + 8004b74: 780b ldrb r3, [r1, #0] + 8004b76: f003 030f and.w r3, r3, #15 + 8004b7a: 5cd3 ldrb r3, [r2, r3] + 8004b7c: f800 3c01 strb.w r3, [r0, #-1] + for(; len; len--, h++) { + 8004b80: e7ed b.n 8004b5e + 8004b82: bf00 nop + 8004b84: 080107cc .word 0x080107cc + +08004b88 : + * parameters in the USART_InitTypeDef and initialize the associated handle. + * @param husart USART handle. + * @retval HAL status + */ +HAL_StatusTypeDef HAL_USART_Init(USART_HandleTypeDef *husart) +{ + 8004b88: b5f8 push {r3, r4, r5, r6, r7, lr} + /* Check the USART handle allocation */ + if (husart == NULL) + 8004b8a: 4604 mov r4, r0 + 8004b8c: b910 cbnz r0, 8004b94 + { + return HAL_ERROR; + 8004b8e: 2501 movs r5, #1 + /* Enable the Peripheral */ + __HAL_USART_ENABLE(husart); + + /* TEACK and/or REACK to check before moving husart->State to Ready */ + return (USART_CheckIdleState(husart)); +} + 8004b90: 4628 mov r0, r5 + 8004b92: bdf8 pop {r3, r4, r5, r6, r7, pc} + if (husart->State == HAL_USART_STATE_RESET) + 8004b94: f890 3059 ldrb.w r3, [r0, #89] ; 0x59 + 8004b98: f003 02ff and.w r2, r3, #255 ; 0xff + 8004b9c: b90b cbnz r3, 8004ba2 + husart->Lock = HAL_UNLOCKED; + 8004b9e: f880 2058 strb.w r2, [r0, #88] ; 0x58 + __HAL_USART_DISABLE(husart); + 8004ba2: 6823 ldr r3, [r4, #0] + tmpreg = (uint32_t)husart->Init.WordLength | husart->Init.Parity | husart->Init.Mode | USART_CR1_OVER8; + 8004ba4: 6921 ldr r1, [r4, #16] + husart->State = HAL_USART_STATE_BUSY; + 8004ba6: 2502 movs r5, #2 + 8004ba8: f884 5059 strb.w r5, [r4, #89] ; 0x59 + __HAL_USART_DISABLE(husart); + 8004bac: 681a ldr r2, [r3, #0] + 8004bae: f022 0201 bic.w r2, r2, #1 + 8004bb2: 601a str r2, [r3, #0] + tmpreg = (uint32_t)husart->Init.WordLength | husart->Init.Parity | husart->Init.Mode | USART_CR1_OVER8; + 8004bb4: 68a2 ldr r2, [r4, #8] + MODIFY_REG(husart->Instance->CR1, USART_CR1_FIELDS, tmpreg); + 8004bb6: 6818 ldr r0, [r3, #0] + tmpreg = (uint32_t)husart->Init.WordLength | husart->Init.Parity | husart->Init.Mode | USART_CR1_OVER8; + 8004bb8: 430a orrs r2, r1 + MODIFY_REG(husart->Instance->CR1, USART_CR1_FIELDS, tmpreg); + 8004bba: 49a9 ldr r1, [pc, #676] ; (8004e60 ) + 8004bbc: 4001 ands r1, r0 + 8004bbe: 430a orrs r2, r1 + 8004bc0: 6961 ldr r1, [r4, #20] + MODIFY_REG(husart->Instance->CR2, USART_CR2_FIELDS, tmpreg); + 8004bc2: 69a0 ldr r0, [r4, #24] + MODIFY_REG(husart->Instance->CR1, USART_CR1_FIELDS, tmpreg); + 8004bc4: 430a orrs r2, r1 + 8004bc6: f442 4200 orr.w r2, r2, #32768 ; 0x8000 + 8004bca: 601a str r2, [r3, #0] + MODIFY_REG(husart->Instance->CR2, USART_CR2_FIELDS, tmpreg); + 8004bcc: 6859 ldr r1, [r3, #4] + 8004bce: 6a22 ldr r2, [r4, #32] + 8004bd0: f421 517c bic.w r1, r1, #16128 ; 0x3f00 + 8004bd4: f021 0109 bic.w r1, r1, #9 + 8004bd8: 4302 orrs r2, r0 + 8004bda: 430a orrs r2, r1 + 8004bdc: 69e1 ldr r1, [r4, #28] + 8004bde: 430a orrs r2, r1 + 8004be0: 68e1 ldr r1, [r4, #12] + 8004be2: 430a orrs r2, r1 + 8004be4: f442 6200 orr.w r2, r2, #2048 ; 0x800 + 8004be8: 605a str r2, [r3, #4] + MODIFY_REG(husart->Instance->PRESC, USART_PRESC_PRESCALER, husart->Init.ClockPrescaler); + 8004bea: 6ad9 ldr r1, [r3, #44] ; 0x2c + 8004bec: 6a62 ldr r2, [r4, #36] ; 0x24 + 8004bee: f021 010f bic.w r1, r1, #15 + 8004bf2: 4311 orrs r1, r2 + 8004bf4: 62d9 str r1, [r3, #44] ; 0x2c + USART_GETCLOCKSOURCE(husart, clocksource); + 8004bf6: 499b ldr r1, [pc, #620] ; (8004e64 ) + 8004bf8: 428b cmp r3, r1 + 8004bfa: d10e bne.n 8004c1a + 8004bfc: 4b9a ldr r3, [pc, #616] ; (8004e68 ) + 8004bfe: f8d3 3088 ldr.w r3, [r3, #136] ; 0x88 + 8004c02: f003 0303 and.w r3, r3, #3 + 8004c06: 42ab cmp r3, r5 + 8004c08: f000 80cd beq.w 8004da6 + 8004c0c: 2b03 cmp r3, #3 + 8004c0e: d01a beq.n 8004c46 + 8004c10: 2b01 cmp r3, #1 + 8004c12: d153 bne.n 8004cbc + pclk = HAL_RCC_GetSysClockFreq(); + 8004c14: f003 ff3c bl 8008a90 + 8004c18: e052 b.n 8004cc0 + USART_GETCLOCKSOURCE(husart, clocksource); + 8004c1a: 4994 ldr r1, [pc, #592] ; (8004e6c ) + 8004c1c: 428b cmp r3, r1 + 8004c1e: d13c bne.n 8004c9a + 8004c20: 4b91 ldr r3, [pc, #580] ; (8004e68 ) + 8004c22: f8d3 3088 ldr.w r3, [r3, #136] ; 0x88 + 8004c26: f003 030c and.w r3, r3, #12 + 8004c2a: 2b08 cmp r3, #8 + 8004c2c: f000 80bb beq.w 8004da6 + 8004c30: d807 bhi.n 8004c42 + 8004c32: 2b00 cmp r3, #0 + 8004c34: f000 80b4 beq.w 8004da0 + 8004c38: 2b04 cmp r3, #4 + 8004c3a: d0eb beq.n 8004c14 + uint32_t usartdiv = 0x00000000; + 8004c3c: 2300 movs r3, #0 + ret = HAL_ERROR; + 8004c3e: 2501 movs r5, #1 + 8004c40: e06e b.n 8004d20 + USART_GETCLOCKSOURCE(husart, clocksource); + 8004c42: 2b0c cmp r3, #12 + 8004c44: d1fa bne.n 8004c3c + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(LSE_VALUE, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004c46: 2a00 cmp r2, #0 + 8004c48: f000 80fb beq.w 8004e42 + 8004c4c: 2a01 cmp r2, #1 + 8004c4e: f000 80fa beq.w 8004e46 + 8004c52: 2a02 cmp r2, #2 + 8004c54: f000 80f9 beq.w 8004e4a + 8004c58: 2a03 cmp r2, #3 + 8004c5a: f000 80f8 beq.w 8004e4e + 8004c5e: 2a04 cmp r2, #4 + 8004c60: f000 80f7 beq.w 8004e52 + 8004c64: 2a05 cmp r2, #5 + 8004c66: f000 80f6 beq.w 8004e56 + 8004c6a: 2a06 cmp r2, #6 + 8004c6c: f000 80f5 beq.w 8004e5a + 8004c70: 2a07 cmp r2, #7 + 8004c72: f000 8101 beq.w 8004e78 + 8004c76: 2a08 cmp r2, #8 + 8004c78: f000 8100 beq.w 8004e7c + 8004c7c: 2a09 cmp r2, #9 + 8004c7e: f000 80ff beq.w 8004e80 + 8004c82: 2a0a cmp r2, #10 + 8004c84: f000 80fe beq.w 8004e84 + 8004c88: 2a0b cmp r2, #11 + 8004c8a: bf14 ite ne + 8004c8c: 2201 movne r2, #1 + 8004c8e: f44f 7280 moveq.w r2, #256 ; 0x100 + 8004c92: 6861 ldr r1, [r4, #4] + 8004c94: f44f 4300 mov.w r3, #32768 ; 0x8000 + 8004c98: e0a1 b.n 8004dde + USART_GETCLOCKSOURCE(husart, clocksource); + 8004c9a: 4975 ldr r1, [pc, #468] ; (8004e70 ) + 8004c9c: 428b cmp r3, r1 + 8004c9e: d1cd bne.n 8004c3c + 8004ca0: 4b71 ldr r3, [pc, #452] ; (8004e68 ) + 8004ca2: f8d3 3088 ldr.w r3, [r3, #136] ; 0x88 + 8004ca6: f003 0330 and.w r3, r3, #48 ; 0x30 + 8004caa: 2b20 cmp r3, #32 + 8004cac: d07b beq.n 8004da6 + 8004cae: d803 bhi.n 8004cb8 + 8004cb0: 2b00 cmp r3, #0 + 8004cb2: d075 beq.n 8004da0 + 8004cb4: 2b10 cmp r3, #16 + 8004cb6: e7c0 b.n 8004c3a + 8004cb8: 2b30 cmp r3, #48 ; 0x30 + 8004cba: e7c3 b.n 8004c44 + pclk = HAL_RCC_GetPCLK2Freq(); + 8004cbc: f004 faf6 bl 80092ac + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(pclk, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004cc0: 6a62 ldr r2, [r4, #36] ; 0x24 + 8004cc2: 2a00 cmp r2, #0 + 8004cc4: f000 80a7 beq.w 8004e16 + 8004cc8: 2a01 cmp r2, #1 + 8004cca: f000 80a6 beq.w 8004e1a + 8004cce: 2a02 cmp r2, #2 + 8004cd0: f000 80a5 beq.w 8004e1e + 8004cd4: 2a03 cmp r2, #3 + 8004cd6: f000 80a4 beq.w 8004e22 + 8004cda: 2a04 cmp r2, #4 + 8004cdc: f000 80a3 beq.w 8004e26 + 8004ce0: 2a05 cmp r2, #5 + 8004ce2: f000 80a2 beq.w 8004e2a + 8004ce6: 2a06 cmp r2, #6 + 8004ce8: f000 80a1 beq.w 8004e2e + 8004cec: 2a07 cmp r2, #7 + 8004cee: f000 80a0 beq.w 8004e32 + 8004cf2: 2a08 cmp r2, #8 + 8004cf4: f000 809f beq.w 8004e36 + 8004cf8: 2a09 cmp r2, #9 + 8004cfa: f000 809e beq.w 8004e3a + 8004cfe: 2a0a cmp r2, #10 + 8004d00: f000 809d beq.w 8004e3e + 8004d04: 2a0b cmp r2, #11 + 8004d06: bf14 ite ne + 8004d08: 2201 movne r2, #1 + 8004d0a: f44f 7280 moveq.w r2, #256 ; 0x100 + 8004d0e: 6861 ldr r1, [r4, #4] + 8004d10: fbb0 f0f2 udiv r0, r0, r2 + 8004d14: 084b lsrs r3, r1, #1 + 8004d16: eb03 0340 add.w r3, r3, r0, lsl #1 + HAL_StatusTypeDef ret = HAL_OK; + 8004d1a: 2500 movs r5, #0 + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(LSE_VALUE, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004d1c: fbb3 f3f1 udiv r3, r3, r1 + if ((usartdiv >= USART_BRR_MIN) && (usartdiv <= USART_BRR_MAX)) + 8004d20: f1a3 0110 sub.w r1, r3, #16 + 8004d24: f64f 72ef movw r2, #65519 ; 0xffef + 8004d28: 4291 cmp r1, r2 + brrtemp = (uint16_t)(usartdiv & 0xFFF0U); + 8004d2a: bf9f itttt ls + 8004d2c: f023 020f bicls.w r2, r3, #15 + 8004d30: b292 uxthls r2, r2 + brrtemp |= (uint16_t)((usartdiv & (uint16_t)0x000FU) >> 1U); + 8004d32: f3c3 0342 ubfxls r3, r3, #1, #3 + husart->Instance->BRR = brrtemp; + 8004d36: 6821 ldrls r1, [r4, #0] + 8004d38: bf9a itte ls + 8004d3a: 4313 orrls r3, r2 + 8004d3c: 60cb strls r3, [r1, #12] + ret = HAL_ERROR; + 8004d3e: 2501 movhi r5, #1 + husart->NbTxDataToProcess = 1U; + 8004d40: 2301 movs r3, #1 + husart->RxISR = NULL; + 8004d42: 2200 movs r2, #0 + if (USART_SetConfig(husart) == HAL_ERROR) + 8004d44: 429d cmp r5, r3 + husart->TxISR = NULL; + 8004d46: e9c4 2212 strd r2, r2, [r4, #72] ; 0x48 + husart->NbTxDataToProcess = 1U; + 8004d4a: 87a3 strh r3, [r4, #60] ; 0x3c + husart->NbRxDataToProcess = 1U; + 8004d4c: 8763 strh r3, [r4, #58] ; 0x3a + if (USART_SetConfig(husart) == HAL_ERROR) + 8004d4e: f43f af1e beq.w 8004b8e + husart->Instance->CR2 &= ~USART_CR2_LINEN; + 8004d52: 6823 ldr r3, [r4, #0] + 8004d54: 6859 ldr r1, [r3, #4] + 8004d56: f421 4180 bic.w r1, r1, #16384 ; 0x4000 + 8004d5a: 6059 str r1, [r3, #4] + husart->Instance->CR3 &= ~(USART_CR3_SCEN | USART_CR3_HDSEL | USART_CR3_IREN); + 8004d5c: 6899 ldr r1, [r3, #8] + 8004d5e: f021 012a bic.w r1, r1, #42 ; 0x2a + 8004d62: 6099 str r1, [r3, #8] + __HAL_USART_ENABLE(husart); + 8004d64: 6819 ldr r1, [r3, #0] + 8004d66: f041 0101 orr.w r1, r1, #1 + 8004d6a: 6019 str r1, [r3, #0] + husart->ErrorCode = HAL_USART_ERROR_NONE; + 8004d6c: 65e2 str r2, [r4, #92] ; 0x5c + tickstart = HAL_GetTick(); + 8004d6e: f002 fb3b bl 80073e8 + if ((husart->Instance->CR1 & USART_CR1_TE) == USART_CR1_TE) + 8004d72: 6823 ldr r3, [r4, #0] + 8004d74: 681b ldr r3, [r3, #0] + 8004d76: 071a lsls r2, r3, #28 + tickstart = HAL_GetTick(); + 8004d78: 4607 mov r7, r0 + if ((husart->Instance->CR1 & USART_CR1_TE) == USART_CR1_TE) + 8004d7a: f100 8085 bmi.w 8004e88 + if ((husart->Instance->CR1 & USART_CR1_RE) == USART_CR1_RE) + 8004d7e: 6823 ldr r3, [r4, #0] + 8004d80: 681b ldr r3, [r3, #0] + 8004d82: 075b lsls r3, r3, #29 + 8004d84: d505 bpl.n 8004d92 + while ((__HAL_USART_GET_FLAG(husart, Flag) ? SET : RESET) == Status) + 8004d86: 6823 ldr r3, [r4, #0] + 8004d88: 69de ldr r6, [r3, #28] + 8004d8a: f416 0680 ands.w r6, r6, #4194304 ; 0x400000 + 8004d8e: f000 808e beq.w 8004eae + husart->State = HAL_USART_STATE_READY; + 8004d92: 2301 movs r3, #1 + 8004d94: f884 3059 strb.w r3, [r4, #89] ; 0x59 + __HAL_UNLOCK(husart); + 8004d98: 2300 movs r3, #0 + 8004d9a: f884 3058 strb.w r3, [r4, #88] ; 0x58 + return HAL_OK; + 8004d9e: e6f7 b.n 8004b90 + pclk = HAL_RCC_GetPCLK1Freq(); + 8004da0: f004 fa72 bl 8009288 + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(pclk, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004da4: e78c b.n 8004cc0 + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(HSI_VALUE, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004da6: b302 cbz r2, 8004dea + 8004da8: 2a01 cmp r2, #1 + 8004daa: d020 beq.n 8004dee + 8004dac: 2a02 cmp r2, #2 + 8004dae: d020 beq.n 8004df2 + 8004db0: 2a03 cmp r2, #3 + 8004db2: d020 beq.n 8004df6 + 8004db4: 2a04 cmp r2, #4 + 8004db6: d020 beq.n 8004dfa + 8004db8: 2a05 cmp r2, #5 + 8004dba: d020 beq.n 8004dfe + 8004dbc: 2a06 cmp r2, #6 + 8004dbe: d020 beq.n 8004e02 + 8004dc0: 2a07 cmp r2, #7 + 8004dc2: d020 beq.n 8004e06 + 8004dc4: 2a08 cmp r2, #8 + 8004dc6: d020 beq.n 8004e0a + 8004dc8: 2a09 cmp r2, #9 + 8004dca: d020 beq.n 8004e0e + 8004dcc: 2a0a cmp r2, #10 + 8004dce: d020 beq.n 8004e12 + 8004dd0: 2a0b cmp r2, #11 + 8004dd2: bf14 ite ne + 8004dd4: 2201 movne r2, #1 + 8004dd6: f44f 7280 moveq.w r2, #256 ; 0x100 + 8004dda: 6861 ldr r1, [r4, #4] + 8004ddc: 4b25 ldr r3, [pc, #148] ; (8004e74 ) + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(LSE_VALUE, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004dde: fbb3 f2f2 udiv r2, r3, r2 + 8004de2: 084b lsrs r3, r1, #1 + 8004de4: eb03 0342 add.w r3, r3, r2, lsl #1 + 8004de8: e797 b.n 8004d1a + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(HSI_VALUE, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004dea: 2201 movs r2, #1 + 8004dec: e7f5 b.n 8004dda + 8004dee: 2202 movs r2, #2 + 8004df0: e7f3 b.n 8004dda + 8004df2: 2204 movs r2, #4 + 8004df4: e7f1 b.n 8004dda + 8004df6: 2206 movs r2, #6 + 8004df8: e7ef b.n 8004dda + 8004dfa: 2208 movs r2, #8 + 8004dfc: e7ed b.n 8004dda + 8004dfe: 220a movs r2, #10 + 8004e00: e7eb b.n 8004dda + 8004e02: 220c movs r2, #12 + 8004e04: e7e9 b.n 8004dda + 8004e06: 2210 movs r2, #16 + 8004e08: e7e7 b.n 8004dda + 8004e0a: 2220 movs r2, #32 + 8004e0c: e7e5 b.n 8004dda + 8004e0e: 2240 movs r2, #64 ; 0x40 + 8004e10: e7e3 b.n 8004dda + 8004e12: 2280 movs r2, #128 ; 0x80 + 8004e14: e7e1 b.n 8004dda + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(pclk, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004e16: 2201 movs r2, #1 + 8004e18: e779 b.n 8004d0e + 8004e1a: 2202 movs r2, #2 + 8004e1c: e777 b.n 8004d0e + 8004e1e: 2204 movs r2, #4 + 8004e20: e775 b.n 8004d0e + 8004e22: 2206 movs r2, #6 + 8004e24: e773 b.n 8004d0e + 8004e26: 2208 movs r2, #8 + 8004e28: e771 b.n 8004d0e + 8004e2a: 220a movs r2, #10 + 8004e2c: e76f b.n 8004d0e + 8004e2e: 220c movs r2, #12 + 8004e30: e76d b.n 8004d0e + 8004e32: 2210 movs r2, #16 + 8004e34: e76b b.n 8004d0e + 8004e36: 2220 movs r2, #32 + 8004e38: e769 b.n 8004d0e + 8004e3a: 2240 movs r2, #64 ; 0x40 + 8004e3c: e767 b.n 8004d0e + 8004e3e: 2280 movs r2, #128 ; 0x80 + 8004e40: e765 b.n 8004d0e + usartdiv = (uint32_t)(USART_DIV_SAMPLING8(LSE_VALUE, husart->Init.BaudRate, husart->Init.ClockPrescaler)); + 8004e42: 2201 movs r2, #1 + 8004e44: e725 b.n 8004c92 + 8004e46: 2202 movs r2, #2 + 8004e48: e723 b.n 8004c92 + 8004e4a: 2204 movs r2, #4 + 8004e4c: e721 b.n 8004c92 + 8004e4e: 2206 movs r2, #6 + 8004e50: e71f b.n 8004c92 + 8004e52: 2208 movs r2, #8 + 8004e54: e71d b.n 8004c92 + 8004e56: 220a movs r2, #10 + 8004e58: e71b b.n 8004c92 + 8004e5a: 220c movs r2, #12 + 8004e5c: e719 b.n 8004c92 + 8004e5e: bf00 nop + 8004e60: cfff69f3 .word 0xcfff69f3 + 8004e64: 40013800 .word 0x40013800 + 8004e68: 40021000 .word 0x40021000 + 8004e6c: 40004400 .word 0x40004400 + 8004e70: 40004800 .word 0x40004800 + 8004e74: 00f42400 .word 0x00f42400 + 8004e78: 2210 movs r2, #16 + 8004e7a: e70a b.n 8004c92 + 8004e7c: 2220 movs r2, #32 + 8004e7e: e708 b.n 8004c92 + 8004e80: 2240 movs r2, #64 ; 0x40 + 8004e82: e706 b.n 8004c92 + 8004e84: 2280 movs r2, #128 ; 0x80 + 8004e86: e704 b.n 8004c92 + while ((__HAL_USART_GET_FLAG(husart, Flag) ? SET : RESET) == Status) + 8004e88: 6823 ldr r3, [r4, #0] + 8004e8a: 69de ldr r6, [r3, #28] + 8004e8c: f416 1600 ands.w r6, r6, #2097152 ; 0x200000 + 8004e90: f47f af75 bne.w 8004d7e + if (((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 8004e94: f002 faa8 bl 80073e8 + 8004e98: 1bc0 subs r0, r0, r7 + 8004e9a: f5b0 7f7a cmp.w r0, #1000 ; 0x3e8 + 8004e9e: d9f3 bls.n 8004e88 + husart->State = HAL_USART_STATE_READY; + 8004ea0: 2301 movs r3, #1 + 8004ea2: f884 3059 strb.w r3, [r4, #89] ; 0x59 + __HAL_UNLOCK(husart); + 8004ea6: f884 6058 strb.w r6, [r4, #88] ; 0x58 + return HAL_TIMEOUT; + 8004eaa: 2503 movs r5, #3 + 8004eac: e670 b.n 8004b90 + if (((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 8004eae: f002 fa9b bl 80073e8 + 8004eb2: 1bc0 subs r0, r0, r7 + 8004eb4: f5b0 7f7a cmp.w r0, #1000 ; 0x3e8 + 8004eb8: f67f af65 bls.w 8004d86 + 8004ebc: e7f0 b.n 8004ea0 + 8004ebe: bf00 nop + +08004ec0 : + __HAL_RCC_USART1_CONFIG(RCC_USART1CLKSOURCE_SYSCLK); + 8004ec0: 4b14 ldr r3, [pc, #80] ; (8004f14 ) + 8004ec2: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8004ec6: f022 0203 bic.w r2, r2, #3 + 8004eca: f042 0201 orr.w r2, r2, #1 +{ + 8004ece: b513 push {r0, r1, r4, lr} + __HAL_RCC_USART1_CONFIG(RCC_USART1CLKSOURCE_SYSCLK); + 8004ed0: f8c3 2088 str.w r2, [r3, #136] ; 0x88 + __HAL_RCC_USART1_CLK_ENABLE(); + 8004ed4: 6e1a ldr r2, [r3, #96] ; 0x60 + memset(&con, 0, sizeof(con)); + 8004ed6: 4c10 ldr r4, [pc, #64] ; (8004f18 ) + __HAL_RCC_USART1_CLK_ENABLE(); + 8004ed8: f442 4280 orr.w r2, r2, #16384 ; 0x4000 + 8004edc: 661a str r2, [r3, #96] ; 0x60 + 8004ede: 6e1b ldr r3, [r3, #96] ; 0x60 + 8004ee0: f403 4380 and.w r3, r3, #16384 ; 0x4000 + 8004ee4: 9301 str r3, [sp, #4] + memset(&con, 0, sizeof(con)); + 8004ee6: 2258 movs r2, #88 ; 0x58 + 8004ee8: 2100 movs r1, #0 + 8004eea: f104 0008 add.w r0, r4, #8 + __HAL_RCC_USART1_CLK_ENABLE(); + 8004eee: 9b01 ldr r3, [sp, #4] + memset(&con, 0, sizeof(con)); + 8004ef0: f008 fd08 bl 800d904 + con.Init.BaudRate = 115200; + 8004ef4: 4a09 ldr r2, [pc, #36] ; (8004f1c ) + 8004ef6: f44f 33e1 mov.w r3, #115200 ; 0x1c200 + 8004efa: e9c4 2300 strd r2, r3, [r4] + HAL_StatusTypeDef rv = HAL_USART_Init(&con); + 8004efe: 4620 mov r0, r4 + con.Init.Mode = USART_MODE_TX_RX; + 8004f00: 230c movs r3, #12 + 8004f02: 6163 str r3, [r4, #20] + HAL_StatusTypeDef rv = HAL_USART_Init(&con); + 8004f04: f7ff fe40 bl 8004b88 + ASSERT(rv == HAL_OK); + 8004f08: b110 cbz r0, 8004f10 + 8004f0a: 4805 ldr r0, [pc, #20] ; (8004f20 ) + 8004f0c: f7fb fda6 bl 8000a5c +} + 8004f10: b002 add sp, #8 + 8004f12: bd10 pop {r4, pc} + 8004f14: 40021000 .word 0x40021000 + 8004f18: 2009e1c4 .word 0x2009e1c4 + 8004f1c: 40013800 .word 0x40013800 + 8004f20: 08010470 .word 0x08010470 + +08004f24 : + * @param Timeout Timeout duration. + * @retval HAL status + */ +HAL_StatusTypeDef HAL_USART_Transmit(USART_HandleTypeDef *husart, uint8_t *pTxData, uint16_t Size, uint32_t Timeout) +{ + while(Size > 0U) { + 8004f24: 4b0b ldr r3, [pc, #44] ; (8004f54 ) + 8004f26: 440a add r2, r1 + 8004f28: 4291 cmp r1, r2 + 8004f2a: d10b bne.n 8004f44 + MY_UART->TDR = *pTxData; + pTxData++; + Size --; + } + + while(!(MY_UART->ISR & UART_FLAG_TC)) { + 8004f2c: 69da ldr r2, [r3, #28] + 8004f2e: 0652 lsls r2, r2, #25 + 8004f30: d5fc bpl.n 8004f2c + // wait for final byte to be sent + } + + // Clear Transmission Complete Flag + MY_UART->ICR = USART_CLEAR_TCF; + 8004f32: 2240 movs r2, #64 ; 0x40 + 8004f34: 621a str r2, [r3, #32] + + // Clear overrun flag and discard the received data + MY_UART->ICR = USART_CLEAR_OREF; + 8004f36: 2208 movs r2, #8 + 8004f38: 621a str r2, [r3, #32] + MY_UART->RQR = USART_RXDATA_FLUSH_REQUEST; + 8004f3a: 831a strh r2, [r3, #24] + MY_UART->RQR = USART_TXDATA_FLUSH_REQUEST; + 8004f3c: 2210 movs r2, #16 + 8004f3e: 831a strh r2, [r3, #24] + + return HAL_OK; +} + 8004f40: 2000 movs r0, #0 + 8004f42: 4770 bx lr + while(!(MY_UART->ISR & UART_FLAG_TXE)) { + 8004f44: 69d8 ldr r0, [r3, #28] + 8004f46: 0600 lsls r0, r0, #24 + 8004f48: d5fc bpl.n 8004f44 + MY_UART->TDR = *pTxData; + 8004f4a: f811 0b01 ldrb.w r0, [r1], #1 + 8004f4e: 8518 strh r0, [r3, #40] ; 0x28 + Size --; + 8004f50: e7ea b.n 8004f28 + 8004f52: bf00 nop + 8004f54: 40013800 .word 0x40013800 + +08004f58 : +{ + 8004f58: b510 push {r4, lr} + 8004f5a: 4604 mov r4, r0 + rng_delay(); + 8004f5c: f7fd fce6 bl 800292c + HAL_USART_Transmit(&con, (uint8_t *)msg, strlen(msg), HAL_MAX_DELAY); + 8004f60: 4620 mov r0, r4 + 8004f62: f008 fd02 bl 800d96a + 8004f66: 4621 mov r1, r4 + 8004f68: b282 uxth r2, r0 + 8004f6a: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 8004f6e: 4803 ldr r0, [pc, #12] ; (8004f7c ) + 8004f70: f7ff ffd8 bl 8004f24 +} + 8004f74: e8bd 4010 ldmia.w sp!, {r4, lr} + rng_delay(); + 8004f78: f7fd bcd8 b.w 800292c + 8004f7c: 2009e1c4 .word 0x2009e1c4 + +08004f80 : +{ + 8004f80: b513 push {r0, r1, r4, lr} + 8004f82: 4604 mov r4, r0 + uint8_t cb = c; + 8004f84: f88d 0007 strb.w r0, [sp, #7] + rng_delay(); + 8004f88: f7fd fcd0 bl 800292c + if(cb != '\n') { + 8004f8c: f89d 3007 ldrb.w r3, [sp, #7] + HAL_USART_Transmit(&con, (uint8_t *)CRLF, 2, HAL_MAX_DELAY); + 8004f90: 4808 ldr r0, [pc, #32] ; (8004fb4 ) + if(cb != '\n') { + 8004f92: 2b0a cmp r3, #10 + HAL_USART_Transmit(&con, (uint8_t *)CRLF, 2, HAL_MAX_DELAY); + 8004f94: bf08 it eq + 8004f96: 4908 ldreq r1, [pc, #32] ; (8004fb8 ) + HAL_USART_Transmit(&con, &cb, 1, HAL_MAX_DELAY); + 8004f98: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 8004f9c: bf1a itte ne + 8004f9e: 2201 movne r2, #1 + 8004fa0: f10d 0107 addne.w r1, sp, #7 + HAL_USART_Transmit(&con, (uint8_t *)CRLF, 2, HAL_MAX_DELAY); + 8004fa4: 2202 moveq r2, #2 + 8004fa6: f7ff ffbd bl 8004f24 + rng_delay(); + 8004faa: f7fd fcbf bl 800292c +} + 8004fae: 4620 mov r0, r4 + 8004fb0: b002 add sp, #8 + 8004fb2: bd10 pop {r4, pc} + 8004fb4: 2009e1c4 .word 0x2009e1c4 + 8004fb8: 080107c9 .word 0x080107c9 + +08004fbc : +{ + 8004fbc: b538 push {r3, r4, r5, lr} + putchar(hexmap[(b>>4) & 0xf]); + 8004fbe: 4d06 ldr r5, [pc, #24] ; (8004fd8 ) + 8004fc0: 0903 lsrs r3, r0, #4 +{ + 8004fc2: 4604 mov r4, r0 + putchar(hexmap[(b>>0) & 0xf]); + 8004fc4: f004 040f and.w r4, r4, #15 + putchar(hexmap[(b>>4) & 0xf]); + 8004fc8: 5ce8 ldrb r0, [r5, r3] + 8004fca: f7ff ffd9 bl 8004f80 + putchar(hexmap[(b>>0) & 0xf]); + 8004fce: 5d28 ldrb r0, [r5, r4] +} + 8004fd0: e8bd 4038 ldmia.w sp!, {r3, r4, r5, lr} + putchar(hexmap[(b>>0) & 0xf]); + 8004fd4: f7ff bfd4 b.w 8004f80 + 8004fd8: 080107cc .word 0x080107cc + +08004fdc : +{ + 8004fdc: b538 push {r3, r4, r5, lr} + putchar(hexmap[(w>>12) & 0xf]); + 8004fde: 4d0b ldr r5, [pc, #44] ; (800500c ) + 8004fe0: 0b03 lsrs r3, r0, #12 +{ + 8004fe2: 4604 mov r4, r0 + putchar(hexmap[(w>>12) & 0xf]); + 8004fe4: 5ce8 ldrb r0, [r5, r3] + 8004fe6: f7ff ffcb bl 8004f80 + putchar(hexmap[(w>>8) & 0xf]); + 8004fea: f3c4 2303 ubfx r3, r4, #8, #4 + 8004fee: 5ce8 ldrb r0, [r5, r3] + 8004ff0: f7ff ffc6 bl 8004f80 + putchar(hexmap[(w>>4) & 0xf]); + 8004ff4: f3c4 1303 ubfx r3, r4, #4, #4 + putchar(hexmap[(w>>0) & 0xf]); + 8004ff8: f004 040f and.w r4, r4, #15 + putchar(hexmap[(w>>4) & 0xf]); + 8004ffc: 5ce8 ldrb r0, [r5, r3] + 8004ffe: f7ff ffbf bl 8004f80 + putchar(hexmap[(w>>0) & 0xf]); + 8005002: 5d28 ldrb r0, [r5, r4] +} + 8005004: e8bd 4038 ldmia.w sp!, {r3, r4, r5, lr} + putchar(hexmap[(w>>0) & 0xf]); + 8005008: f7ff bfba b.w 8004f80 + 800500c: 080107cc .word 0x080107cc + +08005010 : +{ + 8005010: b510 push {r4, lr} + 8005012: 4604 mov r4, r0 + puthex4(w >> 16); + 8005014: 0c00 lsrs r0, r0, #16 + 8005016: f7ff ffe1 bl 8004fdc + puthex4(w & 0xffff); + 800501a: b2a0 uxth r0, r4 +} + 800501c: e8bd 4010 ldmia.w sp!, {r4, lr} + puthex4(w & 0xffff); + 8005020: f7ff bfdc b.w 8004fdc + +08005024 : +{ + 8005024: b5f8 push {r3, r4, r5, r6, r7, lr} + 8005026: 4605 mov r5, r0 + 8005028: 2604 movs r6, #4 + for(int m=1000; m; m /= 10) { + 800502a: f44f 747a mov.w r4, #1000 ; 0x3e8 + char n = '0' + ((w / m) % 10); + 800502e: 270a movs r7, #10 + if(w >= m) { + 8005030: 42a5 cmp r5, r4 + 8005032: db09 blt.n 8005048 + char n = '0' + ((w / m) % 10); + 8005034: fb95 f3f4 sdiv r3, r5, r4 + 8005038: fb93 f0f7 sdiv r0, r3, r7 + 800503c: fb07 3310 mls r3, r7, r0, r3 + 8005040: 3330 adds r3, #48 ; 0x30 + putchar(n); + 8005042: b2d8 uxtb r0, r3 + 8005044: f7ff ff9c bl 8004f80 + for(int m=1000; m; m /= 10) { + 8005048: fb94 f4f7 sdiv r4, r4, r7 + 800504c: 3e01 subs r6, #1 + 800504e: d1ef bne.n 8005030 +} + 8005050: bdf8 pop {r3, r4, r5, r6, r7, pc} + +08005052 : +{ + 8005052: b570 push {r4, r5, r6, lr} + 8005054: 4606 mov r6, r0 + 8005056: 460d mov r5, r1 + for(int i=0; i +} + 800505e: e8bd 4070 ldmia.w sp!, {r4, r5, r6, lr} + putchar('\n'); + 8005062: 200a movs r0, #10 + 8005064: f7ff bf8c b.w 8004f80 + puthex2(data[i]); + 8005068: 5d30 ldrb r0, [r6, r4] + 800506a: f7ff ffa7 bl 8004fbc + for(int i=0; i + ... + +08005074 : +{ + 8005074: b513 push {r0, r1, r4, lr} + 8005076: 9001 str r0, [sp, #4] + int ln = strlen(msg); + 8005078: f008 fc77 bl 800d96a + 800507c: 4604 mov r4, r0 + rng_delay(); + 800507e: f7fd fc55 bl 800292c + if(ln) HAL_USART_Transmit(&con, (uint8_t *)msg, ln, HAL_MAX_DELAY); + 8005082: 9901 ldr r1, [sp, #4] + 8005084: b12c cbz r4, 8005092 + 8005086: 4809 ldr r0, [pc, #36] ; (80050ac ) + 8005088: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 800508c: b2a2 uxth r2, r4 + 800508e: f7ff ff49 bl 8004f24 + HAL_USART_Transmit(&con, (uint8_t *)CRLF, 2, HAL_MAX_DELAY); + 8005092: 4907 ldr r1, [pc, #28] ; (80050b0 ) + 8005094: 4805 ldr r0, [pc, #20] ; (80050ac ) + 8005096: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 800509a: 2202 movs r2, #2 + 800509c: f7ff ff42 bl 8004f24 + rng_delay(); + 80050a0: f7fd fc44 bl 800292c +} + 80050a4: 2001 movs r0, #1 + 80050a6: b002 add sp, #8 + 80050a8: bd10 pop {r4, pc} + 80050aa: bf00 nop + 80050ac: 2009e1c4 .word 0x2009e1c4 + 80050b0: 080107c9 .word 0x080107c9 + +080050b4 : + +// psram_send_byte() +// + void +psram_send_byte(OSPI_HandleTypeDef *qh, uint8_t cmd_byte, bool is_quad) +{ + 80050b4: b570 push {r4, r5, r6, lr} + 80050b6: b094 sub sp, #80 ; 0x50 + 80050b8: 4604 mov r4, r0 + 80050ba: 460e mov r6, r1 + 80050bc: 4615 mov r5, r2 + // Send single-byte commands to the PSRAM chip. Quad mode or normal SPI. + + OSPI_RegularCmdTypeDef cmd = { + 80050be: 2100 movs r1, #0 + 80050c0: 2250 movs r2, #80 ; 0x50 + 80050c2: 4668 mov r0, sp + 80050c4: f008 fc1e bl 800d904 + .OperationType = HAL_OSPI_OPTYPE_COMMON_CFG, + .Instruction = cmd_byte, // Exit Quad Mode + .InstructionMode = is_quad ? HAL_OSPI_INSTRUCTION_4_LINES : HAL_OSPI_INSTRUCTION_1_LINE, + 80050c8: 2d00 cmp r5, #0 + 80050ca: bf14 ite ne + 80050cc: 2303 movne r3, #3 + 80050ce: 2301 moveq r3, #1 + .DataMode = HAL_OSPI_DATA_NONE, + .NbData = 0, // how much to read in bytes + }; + + // Start and finish a "Indirection functional mode" request + HAL_OSPI_Command(qh, &cmd, HAL_MAX_DELAY); + 80050d0: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 80050d4: 4669 mov r1, sp + 80050d6: 4620 mov r0, r4 + OSPI_RegularCmdTypeDef cmd = { + 80050d8: 9602 str r6, [sp, #8] + 80050da: 9303 str r3, [sp, #12] + HAL_OSPI_Command(qh, &cmd, HAL_MAX_DELAY); + 80050dc: f006 f882 bl 800b1e4 +} + 80050e0: b014 add sp, #80 ; 0x50 + 80050e2: bd70 pop {r4, r5, r6, pc} + +080050e4 : + +// psram_setup() +// + void +psram_setup(void) +{ + 80050e4: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 80050e8: b0c6 sub sp, #280 ; 0x118 + // Using OSPI1 block + OSPI_HandleTypeDef qh = { 0 }; + 80050ea: 2250 movs r2, #80 ; 0x50 + 80050ec: 2100 movs r1, #0 + 80050ee: a80a add r0, sp, #40 ; 0x28 + 80050f0: f008 fc08 bl 800d904 + + // enable clocks + __HAL_RCC_OSPI1_CLK_ENABLE(); + 80050f4: 4b6a ldr r3, [pc, #424] ; (80052a0 ) + // reset module + __HAL_RCC_OSPI1_FORCE_RESET(); + __HAL_RCC_OSPI1_RELEASE_RESET(); + + // configure pins: Port E PE10-PE15 + GPIO_InitTypeDef setup = { + 80050f6: 4c6b ldr r4, [pc, #428] ; (80052a4 ) + __HAL_RCC_OSPI1_CLK_ENABLE(); + 80050f8: 6d1a ldr r2, [r3, #80] ; 0x50 + 80050fa: f442 7280 orr.w r2, r2, #256 ; 0x100 + 80050fe: 651a str r2, [r3, #80] ; 0x50 + 8005100: 6d1a ldr r2, [r3, #80] ; 0x50 + 8005102: f402 7280 and.w r2, r2, #256 ; 0x100 + 8005106: 9201 str r2, [sp, #4] + 8005108: 9a01 ldr r2, [sp, #4] + __HAL_RCC_GPIOE_CLK_ENABLE(); + 800510a: 6cda ldr r2, [r3, #76] ; 0x4c + 800510c: f042 0210 orr.w r2, r2, #16 + 8005110: 64da str r2, [r3, #76] ; 0x4c + 8005112: 6cda ldr r2, [r3, #76] ; 0x4c + 8005114: f002 0210 and.w r2, r2, #16 + 8005118: 9202 str r2, [sp, #8] + 800511a: 9a02 ldr r2, [sp, #8] + __HAL_RCC_OSPI1_FORCE_RESET(); + 800511c: 6b1a ldr r2, [r3, #48] ; 0x30 + 800511e: f442 7280 orr.w r2, r2, #256 ; 0x100 + 8005122: 631a str r2, [r3, #48] ; 0x30 + __HAL_RCC_OSPI1_RELEASE_RESET(); + 8005124: 6b1a ldr r2, [r3, #48] ; 0x30 + 8005126: f422 7280 bic.w r2, r2, #256 ; 0x100 + 800512a: 631a str r2, [r3, #48] ; 0x30 + GPIO_InitTypeDef setup = { + 800512c: cc0f ldmia r4!, {r0, r1, r2, r3} + 800512e: ad05 add r5, sp, #20 + 8005130: c50f stmia r5!, {r0, r1, r2, r3} + 8005132: 6823 ldr r3, [r4, #0] + .Mode = GPIO_MODE_AF_PP, // not sure + .Pull = GPIO_NOPULL, // not sure + .Speed = GPIO_SPEED_FREQ_VERY_HIGH, + .Alternate = GPIO_AF10_OCTOSPIM_P1, + }; + HAL_GPIO_Init(GPIOE, &setup); + 8005134: 485c ldr r0, [pc, #368] ; (80052a8 ) + GPIO_InitTypeDef setup = { + 8005136: 602b str r3, [r5, #0] + HAL_GPIO_Init(GPIOE, &setup); + 8005138: a905 add r1, sp, #20 + 800513a: f7fc f86d bl 8001218 + + + // Config operational values + qh.Instance = OCTOSPI1; + qh.Init.FifoThreshold = 1; // ?? unused + 800513e: 4b5b ldr r3, [pc, #364] ; (80052ac ) + 8005140: 2701 movs r7, #1 + qh.Init.DualQuad = HAL_OSPI_DUALQUAD_DISABLE; + qh.Init.MemoryType = HAL_OSPI_MEMTYPE_MICRON; // want standard mode (but octo only?) + qh.Init.DeviceSize = 24; // assume max size, actual is 8Mbyte + 8005142: 2218 movs r2, #24 + qh.Init.FifoThreshold = 1; // ?? unused + 8005144: e9cd 370a strd r3, r7, [sp, #40] ; 0x28 + qh.Init.ChipSelectHighTime = 1; // 1, maxed out, seems to work + 8005148: e9cd 270e strd r2, r7, [sp, #56] ; 0x38 + qh.Init.DualQuad = HAL_OSPI_DUALQUAD_DISABLE; + 800514c: 2300 movs r3, #0 + qh.Init.DelayHoldQuarterCycle = HAL_OSPI_DHQC_ENABLE; // maybe? + 800514e: f04f 5280 mov.w r2, #268435456 ; 0x10000000 + qh.Init.FreeRunningClock = HAL_OSPI_FREERUNCLK_DISABLE; // required! + qh.Init.ClockMode = HAL_OSPI_CLOCK_MODE_0; // low clock between ops (required, see errata) +#if HCLK_FREQUENCY == 80000000 + qh.Init.ClockPrescaler = 1; // prescaler (1=>80Mhz, 2=>40Mhz, etc) +#elif HCLK_FREQUENCY == 120000000 + qh.Init.ClockPrescaler = 2; // prescaler (1=>120Mhz, 2=>60Mhz, etc) + 8005152: f04f 0802 mov.w r8, #2 +#else +# error "testing needed" +#endif + qh.Init.DelayBlockBypass = HAL_OSPI_DELAY_BLOCK_BYPASSED; // dont need it? + 8005156: f04f 0908 mov.w r9, #8 + // - (during reads) 3 => 400ns 4 => 660ns 5+ => 1us + // - LATER: Errata 2.8.1 => says shall not use + qh.Init.ChipSelectBoundary = 0; + + // module init + HAL_StatusTypeDef rv = HAL_OSPI_Init(&qh); + 800515a: a80a add r0, sp, #40 ; 0x28 + qh.Init.MemoryType = HAL_OSPI_MEMTYPE_MICRON; // want standard mode (but octo only?) + 800515c: e9cd 330c strd r3, r3, [sp, #48] ; 0x30 + qh.Init.ClockMode = HAL_OSPI_CLOCK_MODE_0; // low clock between ops (required, see errata) + 8005160: e9cd 3310 strd r3, r3, [sp, #64] ; 0x40 + qh.Init.ChipSelectBoundary = 0; + 8005164: e9cd 3915 strd r3, r9, [sp, #84] ; 0x54 + qh.Init.DelayHoldQuarterCycle = HAL_OSPI_DHQC_ENABLE; // maybe? + 8005168: 9214 str r2, [sp, #80] ; 0x50 + qh.Init.ClockPrescaler = 2; // prescaler (1=>120Mhz, 2=>60Mhz, etc) + 800516a: f8cd 8048 str.w r8, [sp, #72] ; 0x48 + HAL_StatusTypeDef rv = HAL_OSPI_Init(&qh); + 800516e: f005 ffcf bl 800b110 + ASSERT(rv == HAL_OK); + 8005172: 4606 mov r6, r0 + 8005174: b110 cbz r0, 800517c + 8005176: 484e ldr r0, [pc, #312] ; (80052b0 ) + 8005178: f7fb fc70 bl 8000a5c + + // do some SPI commands first + + // Exit Quad mode, to get to a known state, after first power-up + psram_send_byte(&qh, 0xf5, true); + 800517c: 463a mov r2, r7 + 800517e: 21f5 movs r1, #245 ; 0xf5 + 8005180: a80a add r0, sp, #40 ; 0x28 + 8005182: f7ff ff97 bl 80050b4 + + // Chip Reset sequence + psram_send_byte(&qh, 0x66, false); // reset enable + 8005186: 4632 mov r2, r6 + 8005188: 2166 movs r1, #102 ; 0x66 + 800518a: a80a add r0, sp, #40 ; 0x28 + 800518c: f7ff ff92 bl 80050b4 + + // Read Electronic ID + // - length not clear from datasheet, but repeats after 8 bytes + uint8_t psram_chip_eid[8]; + + { OSPI_RegularCmdTypeDef cmd = { + 8005190: ad32 add r5, sp, #200 ; 0xc8 + psram_send_byte(&qh, 0x99, false); // reset + 8005192: 4632 mov r2, r6 + 8005194: 2199 movs r1, #153 ; 0x99 + 8005196: a80a add r0, sp, #40 ; 0x28 + 8005198: f7ff ff8c bl 80050b4 + { OSPI_RegularCmdTypeDef cmd = { + 800519c: 2250 movs r2, #80 ; 0x50 + 800519e: 4631 mov r1, r6 + 80051a0: 4628 mov r0, r5 + 80051a2: f008 fbaf bl 800d904 + 80051a6: 239f movs r3, #159 ; 0x9f + 80051a8: e9cd 3734 strd r3, r7, [sp, #208] ; 0xd0 + 80051ac: f44f 5a00 mov.w sl, #8192 ; 0x2000 + 80051b0: f44f 7380 mov.w r3, #256 ; 0x100 + 80051b4: e9cd 3a39 strd r3, sl, [sp, #228] ; 0xe4 + .DataMode = HAL_OSPI_DATA_1_LINE, + .NbData = sizeof(psram_chip_eid), // how much to read in bytes + }; + + // Start a "Indirection functional mode" request + rv = HAL_OSPI_Command(&qh, &cmd, HAL_MAX_DELAY); + 80051b8: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + { OSPI_RegularCmdTypeDef cmd = { + 80051bc: f04f 7380 mov.w r3, #16777216 ; 0x1000000 + rv = HAL_OSPI_Command(&qh, &cmd, HAL_MAX_DELAY); + 80051c0: 4629 mov r1, r5 + 80051c2: a80a add r0, sp, #40 ; 0x28 + { OSPI_RegularCmdTypeDef cmd = { + 80051c4: e9cd 3940 strd r3, r9, [sp, #256] ; 0x100 + rv = HAL_OSPI_Command(&qh, &cmd, HAL_MAX_DELAY); + 80051c8: f006 f80c bl 800b1e4 + if(rv != HAL_OK) goto fail; + 80051cc: 2800 cmp r0, #0 + 80051ce: d15d bne.n 800528c + + rv = HAL_OSPI_Receive(&qh, psram_chip_eid, HAL_MAX_DELAY); + 80051d0: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 80051d4: a903 add r1, sp, #12 + 80051d6: a80a add r0, sp, #40 ; 0x28 + 80051d8: f006 f936 bl 800b448 + if(rv != HAL_OK) goto fail; + 80051dc: 4606 mov r6, r0 + 80051de: 2800 cmp r0, #0 + 80051e0: d154 bne.n 800528c + } + + //puts2("PSRAM EID: "); + //hex_dump(psram_chip_eid, sizeof(psram_chip_eid)); + ASSERT(psram_chip_eid[0] == 0x0d); + 80051e2: f89d 300c ldrb.w r3, [sp, #12] + 80051e6: 2b0d cmp r3, #13 + 80051e8: d1c5 bne.n 8005176 + ASSERT(psram_chip_eid[1] == 0x5d); + 80051ea: f89d 300d ldrb.w r3, [sp, #13] + 80051ee: 2b5d cmp r3, #93 ; 0x5d + 80051f0: d1c1 bne.n 8005176 + // .. other bits seem pretty similar between devices, they don't claim they are UUID + + // Put into Quad mode + psram_send_byte(&qh, 0x35, false); // 0x35 = Enter Quad Mode + 80051f2: 4602 mov r2, r0 + 80051f4: 2135 movs r1, #53 ; 0x35 + 80051f6: a80a add r0, sp, #40 ; 0x28 + 80051f8: f7ff ff5c bl 80050b4 + + // Configure read/write cycles for mem-mapped mode + { OSPI_RegularCmdTypeDef cmd = { + 80051fc: 4631 mov r1, r6 + 80051fe: 224c movs r2, #76 ; 0x4c + 8005200: a81f add r0, sp, #124 ; 0x7c + 8005202: f008 fb7f bl 800d904 + 8005206: f04f 0903 mov.w r9, #3 + 800520a: f8cd 8078 str.w r8, [sp, #120] ; 0x78 + 800520e: f8cd 8080 str.w r8, [sp, #128] ; 0x80 + .DataMode = HAL_OSPI_DATA_4_LINES, + .NbData = 0, // don't care / TBD? + }; + + // Config for write + rv = HAL_OSPI_Command(&qh, &cmd, HAL_MAX_DELAY); + 8005212: a91e add r1, sp, #120 ; 0x78 + { OSPI_RegularCmdTypeDef cmd = { + 8005214: f44f 7840 mov.w r8, #768 ; 0x300 + 8005218: f04f 7640 mov.w r6, #50331648 ; 0x3000000 + rv = HAL_OSPI_Command(&qh, &cmd, HAL_MAX_DELAY); + 800521c: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 8005220: a80a add r0, sp, #40 ; 0x28 + { OSPI_RegularCmdTypeDef cmd = { + 8005222: e9cd 8a25 strd r8, sl, [sp, #148] ; 0x94 + 8005226: f8cd 9084 str.w r9, [sp, #132] ; 0x84 + 800522a: 962c str r6, [sp, #176] ; 0xb0 + rv = HAL_OSPI_Command(&qh, &cmd, HAL_MAX_DELAY); + 800522c: f005 ffda bl 800b1e4 + if(rv != HAL_OK) goto fail; + 8005230: 4601 mov r1, r0 + 8005232: bb58 cbnz r0, 800528c + + // .. for read + OSPI_RegularCmdTypeDef cmd2 = { + 8005234: 224c movs r2, #76 ; 0x4c + 8005236: a833 add r0, sp, #204 ; 0xcc + 8005238: f008 fb64 bl 800d904 + 800523c: 23eb movs r3, #235 ; 0xeb + 800523e: e9cd 3934 strd r3, r9, [sp, #208] ; 0xd0 + .DataMode = HAL_OSPI_DATA_4_LINES, + .NbData = 0, // don't care / TBD? + }; + + // Config for read + rv = HAL_OSPI_Command(&qh, &cmd2, HAL_MAX_DELAY); + 8005242: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + OSPI_RegularCmdTypeDef cmd2 = { + 8005246: 2306 movs r3, #6 + rv = HAL_OSPI_Command(&qh, &cmd2, HAL_MAX_DELAY); + 8005248: 4629 mov r1, r5 + 800524a: a80a add r0, sp, #40 ; 0x28 + OSPI_RegularCmdTypeDef cmd2 = { + 800524c: e9cd 8a39 strd r8, sl, [sp, #228] ; 0xe4 + 8005250: 9732 str r7, [sp, #200] ; 0xc8 + 8005252: 9640 str r6, [sp, #256] ; 0x100 + 8005254: 9343 str r3, [sp, #268] ; 0x10c + rv = HAL_OSPI_Command(&qh, &cmd2, HAL_MAX_DELAY); + 8005256: f005 ffc5 bl 800b1e4 + if(rv != HAL_OK) goto fail; + 800525a: b9b8 cbnz r0, 800528c + } + + // config for memmap + { OSPI_MemoryMappedTypeDef mmap = { + 800525c: e9d4 0101 ldrd r0, r1, [r4, #4] + 8005260: e885 0003 stmia.w r5, {r0, r1} + // Need this so that CS lines returns to inactive sometimes. + .TimeOutActivation = HAL_OSPI_TIMEOUT_COUNTER_ENABLE, + .TimeOutPeriod = 16, // no idea, max value 0xffff + }; + + rv = HAL_OSPI_MemoryMapped(&qh, &mmap); + 8005264: 4629 mov r1, r5 + 8005266: a80a add r0, sp, #40 ; 0x28 + 8005268: f006 f9d4 bl 800b614 + if(rv != HAL_OK) goto fail; + 800526c: b970 cbnz r0, 800528c +#else + // Only a quick operational check only here. Non-destructive. + { __IO uint32_t *ptr = (uint32_t *)(PSRAM_BASE+PSRAM_SIZE-4); + uint32_t tmp; + + tmp = *ptr; + 800526e: 4b11 ldr r3, [pc, #68] ; (80052b4 ) + *ptr = 0x55aa1234; + 8005270: 4a11 ldr r2, [pc, #68] ; (80052b8 ) + tmp = *ptr; + 8005272: f8d3 1ffc ldr.w r1, [r3, #4092] ; 0xffc + *ptr = 0x55aa1234; + 8005276: f8c3 2ffc str.w r2, [r3, #4092] ; 0xffc + if(*ptr != 0x55aa1234) goto fail; + 800527a: f8d3 0ffc ldr.w r0, [r3, #4092] ; 0xffc + 800527e: 4290 cmp r0, r2 + 8005280: d104 bne.n 800528c + *ptr = tmp; + 8005282: f8c3 1ffc str.w r1, [r3, #4092] ; 0xffc + + oled_setup(); + oled_show(screen_fatal); + + LOCKUP_FOREVER(); +} + 8005286: b046 add sp, #280 ; 0x118 + 8005288: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + puts("PSRAM fail"); + 800528c: 480b ldr r0, [pc, #44] ; (80052bc ) + 800528e: f7ff fef1 bl 8005074 + oled_setup(); + 8005292: f7fb fd81 bl 8000d98 + oled_show(screen_fatal); + 8005296: 480a ldr r0, [pc, #40] ; (80052c0 ) + 8005298: f7fb fefe bl 8001098 + LOCKUP_FOREVER(); + 800529c: f7fe fcfe bl 8003c9c + 80052a0: 40021000 .word 0x40021000 + 80052a4: 0801080c .word 0x0801080c + 80052a8: 48001000 .word 0x48001000 + 80052ac: a0001000 .word 0xa0001000 + 80052b0: 08010470 .word 0x08010470 + 80052b4: 907ff000 .word 0x907ff000 + 80052b8: 55aa1234 .word 0x55aa1234 + 80052bc: 080107dc .word 0x080107dc + 80052c0: 0800e591 .word 0x0800e591 + +080052c4 : + +// psram_wipe() +// + void +psram_wipe(void) +{ + 80052c4: b508 push {r3, lr} + if(OCTOSPI1->CR == 0) return; // PSRAM not enabled (yet?) + 80052c6: 4b06 ldr r3, [pc, #24] ; (80052e0 ) + 80052c8: 681b ldr r3, [r3, #0] + 80052ca: b143 cbz r3, 80052de + + // Fast! But real; maybe 150ms + //puts2("PSRAM Wipe: "); + memset4((uint32_t *)PSRAM_BASE, rng_sample(), PSRAM_SIZE); + 80052cc: f7fd fada bl 8002884 + 80052d0: f04f 4310 mov.w r3, #2415919104 ; 0x90000000 + *dest = value; + 80052d4: f843 0b04 str.w r0, [r3], #4 + for(; byte_len; byte_len-=4, dest++) { + 80052d8: f113 4fdf cmn.w r3, #1870659584 ; 0x6f800000 + 80052dc: d1fa bne.n 80052d4 + //puts("done"); +} + 80052de: bd08 pop {r3, pc} + 80052e0: a0001000 .word 0xa0001000 + +080052e4 : +// NOTE: Incoming start address is typically not aligned. +// + void +psram_do_upgrade(const uint8_t *start, uint32_t size) +{ + ASSERT(size >= FW_MIN_LENGTH); + 80052e4: f5b1 2f80 cmp.w r1, #262144 ; 0x40000 +{ + 80052e8: e92d 43f7 stmdb sp!, {r0, r1, r2, r4, r5, r6, r7, r8, r9, lr} + 80052ec: 4606 mov r6, r0 + 80052ee: 460d mov r5, r1 + ASSERT(size >= FW_MIN_LENGTH); + 80052f0: d202 bcs.n 80052f8 + 80052f2: 481e ldr r0, [pc, #120] ; (800536c ) + 80052f4: f7fb fbb2 bl 8000a5c + + // In case of reset/crash, we can recover, so save + // what we need for that -- yes, we will re-verify signatures + volatile recovery_header_t *h = RECHDR_POS; + h->start = start; + 80052f8: 4b1d ldr r3, [pc, #116] ; (8005370 ) + h->size = size; + h->magic1 = RECHDR_MAGIC1; + 80052fa: 4a1e ldr r2, [pc, #120] ; (8005374 ) + h->start = start; + 80052fc: 6058 str r0, [r3, #4] + h->size = size; + 80052fe: 6099 str r1, [r3, #8] + h->magic1 = RECHDR_MAGIC1; + 8005300: 601a str r2, [r3, #0] + h->magic2 = RECHDR_MAGIC2; + 8005302: 4a1d ldr r2, [pc, #116] ; (8005378 ) + 8005304: 60da str r2, [r3, #12] + + flash_setup0(); + 8005306: f7fc ff5b bl 80021c0 + flash_unlock(); + 800530a: f7fc ff7d bl 8002208 + for(uint32_t pos=0; pos < size; pos += 8) { + uint32_t dest = FIRMWARE_START+pos; + + if(dest % (4*FLASH_ERASE_SIZE) == 0) { + // show some progress + oled_show_progress(screen_upgrading, pos*100/size); + 800530e: f8df 906c ldr.w r9, [pc, #108] ; 800537c + for(uint32_t pos=0; pos < size; pos += 8) { + 8005312: 2400 movs r4, #0 + oled_show_progress(screen_upgrading, pos*100/size); + 8005314: f04f 0864 mov.w r8, #100 ; 0x64 + uint32_t dest = FIRMWARE_START+pos; + 8005318: f104 6700 add.w r7, r4, #134217728 ; 0x8000000 + if(dest % (4*FLASH_ERASE_SIZE) == 0) { + 800531c: f3c4 030d ubfx r3, r4, #0, #14 + 8005320: f507 3700 add.w r7, r7, #131072 ; 0x20000 + 8005324: b933 cbnz r3, 8005334 + oled_show_progress(screen_upgrading, pos*100/size); + 8005326: fb08 f104 mul.w r1, r8, r4 + 800532a: 4648 mov r0, r9 + 800532c: fbb1 f1f5 udiv r1, r1, r5 + 8005330: f7fb ff2c bl 800118c + } + + if(dest % FLASH_ERASE_SIZE == 0) { + 8005334: f3c7 030b ubfx r3, r7, #0, #12 + 8005338: b923 cbnz r3, 8005344 + // page erase as we go + rv = flash_page_erase(dest); + 800533a: 4638 mov r0, r7 + 800533c: f008 fb20 bl 800d980 <__flash_page_erase_veneer> + puts2("erase rv="); + puthex2(rv); + putchar('\n'); + } +#endif + ASSERT(rv == 0); + 8005340: 2800 cmp r0, #0 + 8005342: d1d6 bne.n 80052f2 + } + + memcpy(&tmp, start+pos, 8); + 8005344: 1932 adds r2, r6, r4 + 8005346: 5930 ldr r0, [r6, r4] + 8005348: 6851 ldr r1, [r2, #4] + 800534a: 466b mov r3, sp + 800534c: c303 stmia r3!, {r0, r1} + rv = flash_burn(dest, tmp); + 800534e: 4638 mov r0, r7 + 8005350: e9dd 2300 ldrd r2, r3, [sp] + 8005354: f008 fb18 bl 800d988 <__flash_burn_veneer> + puts2(" addr="); + puthex8(dest); + putchar('\n'); + } +#endif + ASSERT(rv == 0); + 8005358: 2800 cmp r0, #0 + 800535a: d1ca bne.n 80052f2 + for(uint32_t pos=0; pos < size; pos += 8) { + 800535c: 3408 adds r4, #8 + 800535e: 42a5 cmp r5, r4 + 8005360: d8da bhi.n 8005318 + } + + flash_lock(); +} + 8005362: b003 add sp, #12 + 8005364: e8bd 43f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, lr} + flash_lock(); + 8005368: f7fc bf46 b.w 80021f8 + 800536c: 08010470 .word 0x08010470 + 8005370: 907ff800 .word 0x907ff800 + 8005374: dbcc8350 .word 0xdbcc8350 + 8005378: bafcfba3 .word 0xbafcfba3 + 800537c: 0800ff39 .word 0x0800ff39 + +08005380 : +{ + 8005380: b510 push {r4, lr} + if( (h->magic1 != RECHDR_MAGIC1) + 8005382: 4c1f ldr r4, [pc, #124] ; (8005400 ) + 8005384: 4b1f ldr r3, [pc, #124] ; (8005404 ) + 8005386: 6822 ldr r2, [r4, #0] + 8005388: 429a cmp r2, r3 +{ + 800538a: b088 sub sp, #32 + if( (h->magic1 != RECHDR_MAGIC1) + 800538c: d113 bne.n 80053b6 + || (h->magic2 != RECHDR_MAGIC2) + 800538e: 68e2 ldr r2, [r4, #12] + 8005390: 4b1d ldr r3, [pc, #116] ; (8005408 ) + 8005392: 429a cmp r2, r3 + 8005394: d10f bne.n 80053b6 + || ((uint32_t)h->start < PSRAM_BASE) + 8005396: 6863 ldr r3, [r4, #4] + 8005398: f1b3 4f10 cmp.w r3, #2415919104 ; 0x90000000 + 800539c: d30b bcc.n 80053b6 + || ((uint32_t)h->start >= PSRAM_BASE+(PSRAM_SIZE/2)) + 800539e: 6862 ldr r2, [r4, #4] + 80053a0: 4b1a ldr r3, [pc, #104] ; (800540c ) + 80053a2: 429a cmp r2, r3 + 80053a4: d807 bhi.n 80053b6 + || (h->size > FW_MAX_LENGTH_MK4) + 80053a6: 68a3 ldr r3, [r4, #8] + 80053a8: f5b3 1ff0 cmp.w r3, #1966080 ; 0x1e0000 + 80053ac: d803 bhi.n 80053b6 + || (h->size < FW_MIN_LENGTH) + 80053ae: 68a3 ldr r3, [r4, #8] + 80053b0: f5b3 2f80 cmp.w r3, #262144 ; 0x40000 + 80053b4: d205 bcs.n 80053c2 + puts("PSR: nada"); + 80053b6: 4816 ldr r0, [pc, #88] ; (8005410 ) + puts("PSR: version"); + 80053b8: f7ff fe5c bl 8005074 +} + 80053bc: 2000 movs r0, #0 + 80053be: b008 add sp, #32 + 80053c0: bd10 pop {r4, pc} + bool ok = verify_firmware_in_ram(h->start, h->size, world_check); + 80053c2: 6860 ldr r0, [r4, #4] + 80053c4: 68a1 ldr r1, [r4, #8] + 80053c6: 466a mov r2, sp + 80053c8: f7fc fd40 bl 8001e4c + if(!ok) { + 80053cc: b908 cbnz r0, 80053d2 + puts("PSR: !check"); + 80053ce: 4811 ldr r0, [pc, #68] ; (8005414 ) + 80053d0: e7f2 b.n 80053b8 + if(!verify_world_checksum(world_check)) { + 80053d2: 4668 mov r0, sp + 80053d4: f7fc fd8e bl 8001ef4 + 80053d8: b908 cbnz r0, 80053de + puts("PSR: version"); + 80053da: 480f ldr r0, [pc, #60] ; (8005418 ) + 80053dc: e7ec b.n 80053b8 + psram_do_upgrade(h->start, h->size); + 80053de: 6860 ldr r0, [r4, #4] + 80053e0: 68a1 ldr r1, [r4, #8] + 80053e2: f7ff ff7f bl 80052e4 + 80053e6: f3bf 8f4f dsb sy + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 80053ea: 490c ldr r1, [pc, #48] ; (800541c ) + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 80053ec: 4b0c ldr r3, [pc, #48] ; (8005420 ) + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 80053ee: 68ca ldr r2, [r1, #12] + 80053f0: f402 62e0 and.w r2, r2, #1792 ; 0x700 + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 80053f4: 4313 orrs r3, r2 + 80053f6: 60cb str r3, [r1, #12] + 80053f8: f3bf 8f4f dsb sy + __NOP(); + 80053fc: bf00 nop + for(;;) /* wait until reset */ + 80053fe: e7fd b.n 80053fc + 8005400: 907ff800 .word 0x907ff800 + 8005404: dbcc8350 .word 0xdbcc8350 + 8005408: bafcfba3 .word 0xbafcfba3 + 800540c: 903fffff .word 0x903fffff + 8005410: 080107e7 .word 0x080107e7 + 8005414: 080107f1 .word 0x080107f1 + 8005418: 080107fd .word 0x080107fd + 800541c: e000ed00 .word 0xe000ed00 + 8005420: 05fa0004 .word 0x05fa0004 + +08005424 : + +// sdcard_light() +// + void inline +sdcard_light(bool on) +{ + 8005424: 4602 mov r2, r0 + HAL_GPIO_WritePin(GPIOC, GPIO_PIN_7, !!on); // turn LED off + 8005426: 2180 movs r1, #128 ; 0x80 + 8005428: 4801 ldr r0, [pc, #4] ; (8005430 ) + 800542a: f7fc b86f b.w 800150c + 800542e: bf00 nop + 8005430: 48000800 .word 0x48000800 + +08005434 : + +// sdcard_is_inserted() +// + bool +sdcard_is_inserted(void) +{ + 8005434: b508 push {r3, lr} +#ifdef FOR_Q1_ONLY + return !HAL_GPIO_ReadPin(GPIOD, GPIO_PIN_3); // PD3 - inserted when low (Q) + 8005436: 2108 movs r1, #8 + 8005438: 4803 ldr r0, [pc, #12] ; (8005448 ) + 800543a: f7fc f861 bl 8001500 +#else + return !!HAL_GPIO_ReadPin(GPIOC, GPIO_PIN_13); // PC13 - inserted when high (Mk4) +#endif +} + 800543e: fab0 f080 clz r0, r0 + 8005442: 0940 lsrs r0, r0, #5 + 8005444: bd08 pop {r3, pc} + 8005446: bf00 nop + 8005448: 48000c00 .word 0x48000c00 + +0800544c : + +// sdcard_try_file() +// + void +sdcard_try_file(uint32_t blk_pos) +{ + 800544c: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 8005450: 4606 mov r6, r0 + 8005452: f5ad 7d0a sub.w sp, sp, #552 ; 0x228 + oled_show(screen_verify); + 8005456: 4832 ldr r0, [pc, #200] ; (8005520 ) + uint8_t *ps = (uint8_t *)PSRAM_BASE; + //uint8_t buf[512*8]; // half of all our SRAM 0x00002000 + uint8_t buf[512]; // slower, but works. + + for(uint32_t off = 0; off < FW_MAX_LENGTH_MK4; off += sizeof(buf)) { + int rv = HAL_SD_ReadBlocks(&hsd, buf, blk_pos+(off/512), sizeof(buf)/512, 60000); + 8005458: f8df 80e4 ldr.w r8, [pc, #228] ; 8005540 + oled_show(screen_verify); + 800545c: f7fb fe1c bl 8001098 + for(uint32_t off = 0; off < FW_MAX_LENGTH_MK4; off += sizeof(buf)) { + 8005460: 2500 movs r5, #0 + int rv = HAL_SD_ReadBlocks(&hsd, buf, blk_pos+(off/512), sizeof(buf)/512, 60000); + 8005462: f64e 2760 movw r7, #60000 ; 0xea60 + 8005466: 9700 str r7, [sp, #0] + 8005468: 2301 movs r3, #1 + 800546a: eb06 2255 add.w r2, r6, r5, lsr #9 + 800546e: a90a add r1, sp, #40 ; 0x28 + 8005470: 4640 mov r0, r8 + 8005472: f006 fe4b bl 800c10c + if(rv != HAL_OK) { + 8005476: 4604 mov r4, r0 + 8005478: b130 cbz r0, 8005488 + puts("long read fail"); + 800547a: 482a ldr r0, [pc, #168] ; (8005524 ) + + // Check we have the **right** firmware, based on the world check sum + // but don't set the light at this point. + // - this includes check over bootrom (ourselves) + if(!verify_world_checksum(world_check)) { + puts("wrong world"); + 800547c: f7ff fdfa bl 8005074 + // Do the upgrade, using PSRAM data. + psram_do_upgrade(start, len); + + // done + NVIC_SystemReset(); +} + 8005480: f50d 7d0a add.w sp, sp, #552 ; 0x228 + 8005484: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + memcpy(ps + off, buf, sizeof(buf)); + 8005488: f105 4010 add.w r0, r5, #2415919104 ; 0x90000000 + 800548c: f44f 7200 mov.w r2, #512 ; 0x200 + 8005490: a90a add r1, sp, #40 ; 0x28 + for(uint32_t off = 0; off < FW_MAX_LENGTH_MK4; off += sizeof(buf)) { + 8005492: f505 7500 add.w r5, r5, #512 ; 0x200 + memcpy(ps + off, buf, sizeof(buf)); + 8005496: f008 fa27 bl 800d8e8 + for(uint32_t off = 0; off < FW_MAX_LENGTH_MK4; off += sizeof(buf)) { + 800549a: f5b5 1ff0 cmp.w r5, #1966080 ; 0x1e0000 + 800549e: d1e2 bne.n 8005466 + for(int idx=0; idxtargets; idx++) { + 80054a0: f04f 4310 mov.w r3, #2415919104 ; 0x90000000 + if(elem->addr == FIRMWARE_START) { + 80054a4: 4d20 ldr r5, [pc, #128] ; (8005528 ) + for(int idx=0; idxtargets; idx++) { + 80054a6: 7a99 ldrb r1, [r3, #10] + 80054a8: 4620 mov r0, r4 + ptr += sizeof(DFUFile_t); + 80054aa: 330b adds r3, #11 + for(int idx=0; idxtargets; idx++) { + 80054ac: 4288 cmp r0, r1 + 80054ae: db01 blt.n 80054b4 + puts("DFU parse fail"); + 80054b0: 481e ldr r0, [pc, #120] ; (800552c ) + 80054b2: e7e3 b.n 800547c + for(int ei=0; eielements; ei++) { + 80054b4: f8d3 610e ldr.w r6, [r3, #270] ; 0x10e + 80054b8: 2200 movs r2, #0 + ptr += sizeof(DFUTarget_t); + 80054ba: f503 7389 add.w r3, r3, #274 ; 0x112 + for(int ei=0; eielements; ei++) { + 80054be: 42b2 cmp r2, r6 + 80054c0: d101 bne.n 80054c6 + for(int idx=0; idxtargets; idx++) { + 80054c2: 3001 adds r0, #1 + 80054c4: e7f2 b.n 80054ac + ptr += sizeof(DFUElement_t); + 80054c6: 461c mov r4, r3 + if(elem->addr == FIRMWARE_START) { + 80054c8: f854 7b08 ldr.w r7, [r4], #8 + 80054cc: 42af cmp r7, r5 + 80054ce: d110 bne.n 80054f2 + *target_size = elem->size; + 80054d0: 685d ldr r5, [r3, #4] + bool ok = verify_firmware_in_ram(start, len, world_check); + 80054d2: aa02 add r2, sp, #8 + 80054d4: 4629 mov r1, r5 + 80054d6: 4620 mov r0, r4 + 80054d8: f7fc fcb8 bl 8001e4c + if(!ok) return; + 80054dc: 2800 cmp r0, #0 + 80054de: d0cf beq.n 8005480 + puts("good firmware"); + 80054e0: 4813 ldr r0, [pc, #76] ; (8005530 ) + 80054e2: f7ff fdc7 bl 8005074 + if(!verify_world_checksum(world_check)) { + 80054e6: a802 add r0, sp, #8 + 80054e8: f7fc fd04 bl 8001ef4 + 80054ec: b920 cbnz r0, 80054f8 + puts("wrong world"); + 80054ee: 4811 ldr r0, [pc, #68] ; (8005534 ) + 80054f0: e7c4 b.n 800547c + for(int ei=0; eielements; ei++) { + 80054f2: 3201 adds r2, #1 + ptr += sizeof(DFUElement_t); + 80054f4: 4623 mov r3, r4 + 80054f6: e7e2 b.n 80054be + sdcard_light(false); + 80054f8: 2000 movs r0, #0 + 80054fa: f7ff ff93 bl 8005424 + psram_do_upgrade(start, len); + 80054fe: 4629 mov r1, r5 + 8005500: 4620 mov r0, r4 + 8005502: f7ff feef bl 80052e4 + 8005506: f3bf 8f4f dsb sy + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 800550a: 490b ldr r1, [pc, #44] ; (8005538 ) + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 800550c: 4b0b ldr r3, [pc, #44] ; (800553c ) + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 800550e: 68ca ldr r2, [r1, #12] + 8005510: f402 62e0 and.w r2, r2, #1792 ; 0x700 + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 8005514: 4313 orrs r3, r2 + 8005516: 60cb str r3, [r1, #12] + 8005518: f3bf 8f4f dsb sy + __NOP(); + 800551c: bf00 nop + for(;;) /* wait until reset */ + 800551e: e7fd b.n 800551c + 8005520: 08010051 .word 0x08010051 + 8005524: 08010828 .word 0x08010828 + 8005528: 08020000 .word 0x08020000 + 800552c: 08010837 .word 0x08010837 + 8005530: 08010846 .word 0x08010846 + 8005534: 08010854 .word 0x08010854 + 8005538: e000ed00 .word 0xe000ed00 + 800553c: 05fa0004 .word 0x05fa0004 + 8005540: 2009e224 .word 0x2009e224 + +08005544 : + +// sdcard_search() +// + void +sdcard_search(void) +{ + 8005544: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + oled_show(screen_search); + 8005548: 4861 ldr r0, [pc, #388] ; (80056d0 ) +{ + 800554a: f5ad 7d05 sub.w sp, sp, #532 ; 0x214 + oled_show(screen_search); + 800554e: f7fb fda3 bl 8001098 + + if(!sdcard_is_inserted()) return; + 8005552: f7ff ff6f bl 8005434 + 8005556: 2800 cmp r0, #0 + 8005558: f000 8095 beq.w 8005686 + __HAL_RCC_SDMMC1_CLK_ENABLE(); + 800555c: f8df 81b0 ldr.w r8, [pc, #432] ; 8005710 + + uint32_t num_blocks; + + // open card (power it) and get details, do setup + puts2("sdcard_search: "); + 8005560: 485c ldr r0, [pc, #368] ; (80056d4 ) + { GPIO_InitTypeDef setup = { + 8005562: 4c5d ldr r4, [pc, #372] ; (80056d8 ) + puts2("sdcard_search: "); + 8005564: f7ff fcf8 bl 8004f58 + __HAL_RCC_SDMMC1_CLK_ENABLE(); + 8005568: f8d8 304c ldr.w r3, [r8, #76] ; 0x4c + 800556c: f443 0380 orr.w r3, r3, #4194304 ; 0x400000 + 8005570: f8c8 304c str.w r3, [r8, #76] ; 0x4c + 8005574: f8d8 304c ldr.w r3, [r8, #76] ; 0x4c + 8005578: f403 0380 and.w r3, r3, #4194304 ; 0x400000 + 800557c: 9303 str r3, [sp, #12] + 800557e: 9b03 ldr r3, [sp, #12] + { GPIO_InitTypeDef setup = { + 8005580: cc0f ldmia r4!, {r0, r1, r2, r3} + 8005582: ad04 add r5, sp, #16 + 8005584: c50f stmia r5!, {r0, r1, r2, r3} + 8005586: f854 3b04 ldr.w r3, [r4], #4 + 800558a: 602b str r3, [r5, #0] + HAL_GPIO_Init(GPIOC, &setup); + 800558c: 4853 ldr r0, [pc, #332] ; (80056dc ) + 800558e: a904 add r1, sp, #16 + 8005590: f7fb fe42 bl 8001218 + GPIO_InitTypeDef setup = { + 8005594: 2700 movs r7, #0 + 8005596: f44f 5600 mov.w r6, #8192 ; 0x2000 + HAL_GPIO_Init(GPIOC, &setup); + 800559a: 4850 ldr r0, [pc, #320] ; (80056dc ) + GPIO_InitTypeDef setup = { + 800559c: 9708 str r7, [sp, #32] + HAL_GPIO_Init(GPIOC, &setup); + 800559e: a904 add r1, sp, #16 + GPIO_InitTypeDef setup = { + 80055a0: f04f 0901 mov.w r9, #1 + 80055a4: e9cd 6904 strd r6, r9, [sp, #16] + 80055a8: e9cd 7706 strd r7, r7, [sp, #24] + HAL_GPIO_Init(GPIOC, &setup); + 80055ac: f7fb fe34 bl 8001218 + HAL_GPIO_WritePin(GPIOC, GPIO_PIN_13, 0); // select A + 80055b0: 4631 mov r1, r6 + 80055b2: 484a ldr r0, [pc, #296] ; (80056dc ) + 80055b4: 463a mov r2, r7 + 80055b6: f7fb ffa9 bl 800150c + { GPIO_InitTypeDef setup = { + 80055ba: cc0f ldmia r4!, {r0, r1, r2, r3} + 80055bc: ae04 add r6, sp, #16 + 80055be: c60f stmia r6!, {r0, r1, r2, r3} + 80055c0: 6823 ldr r3, [r4, #0] + 80055c2: 602b str r3, [r5, #0] + HAL_GPIO_Init(GPIOD, &setup); + 80055c4: a904 add r1, sp, #16 + 80055c6: 4846 ldr r0, [pc, #280] ; (80056e0 ) + memset(&hsd, 0, sizeof(SD_HandleTypeDef)); + 80055c8: 4d46 ldr r5, [pc, #280] ; (80056e4 ) + HAL_GPIO_Init(GPIOD, &setup); + 80055ca: f7fb fe25 bl 8001218 + __HAL_RCC_SDMMC1_FORCE_RESET(); + 80055ce: f8d8 302c ldr.w r3, [r8, #44] ; 0x2c + 80055d2: f443 0380 orr.w r3, r3, #4194304 ; 0x400000 + 80055d6: f8c8 302c str.w r3, [r8, #44] ; 0x2c + __HAL_RCC_SDMMC1_RELEASE_RESET(); + 80055da: f8d8 302c ldr.w r3, [r8, #44] ; 0x2c + 80055de: f423 0380 bic.w r3, r3, #4194304 ; 0x400000 + 80055e2: f8c8 302c str.w r3, [r8, #44] ; 0x2c + sdcard_setup(); + delay_ms(100); + 80055e6: 2064 movs r0, #100 ; 0x64 + 80055e8: f7fe fa5e bl 8003aa8 + memset(&hsd, 0, sizeof(SD_HandleTypeDef)); + 80055ec: 2280 movs r2, #128 ; 0x80 + 80055ee: 4639 mov r1, r7 + 80055f0: 4628 mov r0, r5 + 80055f2: f008 f987 bl 800d904 + puts2("sdcard_probe: "); + 80055f6: 483c ldr r0, [pc, #240] ; (80056e8 ) + 80055f8: f7ff fcae bl 8004f58 + hsd.Instance = SDMMC1; + 80055fc: 4b3b ldr r3, [pc, #236] ; (80056ec ) + hsd.Init.HardwareFlowControl = SDMMC_HARDWARE_FLOW_CONTROL_DISABLE; + 80055fe: 612f str r7, [r5, #16] + hsd.Init.ClockEdge = SDMMC_CLOCK_EDGE_RISING; + 8005600: e9c5 3700 strd r3, r7, [r5] + hsd.Init.ClockPowerSave = SDMMC_CLOCK_POWER_SAVE_ENABLE; + 8005604: f44f 5380 mov.w r3, #4096 ; 0x1000 + hsd.Init.BusWide = SDMMC_BUS_WIDE_1B; + 8005608: e9c5 3702 strd r3, r7, [r5, #8] + int rv = HAL_SD_Init(&hsd); + 800560c: 4628 mov r0, r5 + hsd.Init.ClockDiv = SDMMC_TRANSFER_CLK_DIV; + 800560e: 2303 movs r3, #3 + 8005610: 616b str r3, [r5, #20] + int rv = HAL_SD_Init(&hsd); + 8005612: f007 faf5 bl 800cc00 + if(rv != HAL_OK) { + 8005616: 4604 mov r4, r0 + 8005618: b130 cbz r0, 8005628 + puts("init fail"); + 800561a: 4835 ldr r0, [pc, #212] ; (80056f0 ) + oled_show_progress(screen_search, pos*100 / num_blocks); + sdcard_light(true); + } + } + +} + 800561c: f50d 7d05 add.w sp, sp, #532 ; 0x214 + 8005620: e8bd 43f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, lr} + puts("bsize?"); + 8005624: f7ff bd26 b.w 8005074 + sdcard_light(true); + 8005628: 4648 mov r0, r9 + 800562a: f7ff fefb bl 8005424 + rv = HAL_SD_ConfigSpeedBusOperation(&hsd, SDMMC_SPEED_MODE_AUTO); + 800562e: 4621 mov r1, r4 + 8005630: 4628 mov r0, r5 + 8005632: f007 fbbd bl 800cdb0 + if(rv != HAL_OK) { + 8005636: b108 cbz r0, 800563c + puts("speed"); + 8005638: 482e ldr r0, [pc, #184] ; (80056f4 ) + 800563a: e7ef b.n 800561c + rv = HAL_SD_ConfigWideBusOperation(&hsd, SDMMC_BUS_WIDE_4B); + 800563c: f44f 4180 mov.w r1, #16384 ; 0x4000 + 8005640: 4628 mov r0, r5 + 8005642: f007 fa07 bl 800ca54 + if(rv != HAL_OK) { + 8005646: 4604 mov r4, r0 + 8005648: b108 cbz r0, 800564e + puts("wide"); + 800564a: 482b ldr r0, [pc, #172] ; (80056f8 ) + 800564c: e7e6 b.n 800561c + if(hsd.SdCard.BlockSize != 512) { + 800564e: 6d2b ldr r3, [r5, #80] ; 0x50 + 8005650: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 8005654: d001 beq.n 800565a + puts("bsize?"); + 8005656: 4829 ldr r0, [pc, #164] ; (80056fc ) + 8005658: e7e0 b.n 800561c + puts("ok"); + 800565a: 4829 ldr r0, [pc, #164] ; (8005700 ) + *num_blocks = hsd.SdCard.BlockNbr; + 800565c: 6cee ldr r6, [r5, #76] ; 0x4c + if(memcmp(blk, "DfuSe", 5) == 0) { + 800565e: 4f29 ldr r7, [pc, #164] ; (8005704 ) + oled_show_progress(screen_search, pos*100 / num_blocks); + 8005660: f8df 806c ldr.w r8, [pc, #108] ; 80056d0 + puts("ok"); + 8005664: f7ff fd06 bl 8005074 + for(int pos=0; pos + int rv = HAL_SD_ReadBlocks(&hsd, blk, pos, 1, 60000); + 800566c: f64e 2360 movw r3, #60000 ; 0xea60 + 8005670: 9300 str r3, [sp, #0] + 8005672: 4622 mov r2, r4 + 8005674: 2301 movs r3, #1 + 8005676: a904 add r1, sp, #16 + 8005678: 4628 mov r0, r5 + 800567a: f006 fd47 bl 800c10c + if(rv != HAL_OK) { + 800567e: b130 cbz r0, 800568e + puts("fail read"); + 8005680: 4821 ldr r0, [pc, #132] ; (8005708 ) + 8005682: f7ff fcf7 bl 8005074 +} + 8005686: f50d 7d05 add.w sp, sp, #532 ; 0x214 + 800568a: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + if(memcmp(blk, "DfuSe", 5) == 0) { + 800568e: 2205 movs r2, #5 + 8005690: 4639 mov r1, r7 + 8005692: a804 add r0, sp, #16 + 8005694: f008 f918 bl 800d8c8 + 8005698: b9b0 cbnz r0, 80056c8 + puts2("found @ "); + 800569a: 481c ldr r0, [pc, #112] ; (800570c ) + 800569c: f7ff fc5c bl 8004f58 + puthex8(pos); + 80056a0: 4620 mov r0, r4 + 80056a2: f7ff fcb5 bl 8005010 + putchar('\n'); + 80056a6: 200a movs r0, #10 + 80056a8: f7ff fc6a bl 8004f80 + sdcard_try_file(pos); + 80056ac: 4620 mov r0, r4 + 80056ae: f7ff fecd bl 800544c + oled_show_progress(screen_search, pos*100 / num_blocks); + 80056b2: 2164 movs r1, #100 ; 0x64 + 80056b4: 4640 mov r0, r8 + 80056b6: 4361 muls r1, r4 + 80056b8: fbb1 f1f6 udiv r1, r1, r6 + 80056bc: f7fb fd66 bl 800118c + sdcard_light(true); + 80056c0: 2001 movs r0, #1 + 80056c2: f7ff feaf bl 8005424 + 80056c6: e001 b.n 80056cc + if(pos % 128 == 0) { + 80056c8: 0663 lsls r3, r4, #25 + 80056ca: d0f2 beq.n 80056b2 + for(int pos=0; pos + 80056d0: 0800fa99 .word 0x0800fa99 + 80056d4: 08010860 .word 0x08010860 + 80056d8: 080108c8 .word 0x080108c8 + 80056dc: 48000800 .word 0x48000800 + 80056e0: 48000c00 .word 0x48000c00 + 80056e4: 2009e224 .word 0x2009e224 + 80056e8: 08010870 .word 0x08010870 + 80056ec: 50062400 .word 0x50062400 + 80056f0: 0801087f .word 0x0801087f + 80056f4: 08010889 .word 0x08010889 + 80056f8: 0801088f .word 0x0801088f + 80056fc: 08010894 .word 0x08010894 + 8005700: 0801089b .word 0x0801089b + 8005704: 080108a8 .word 0x080108a8 + 8005708: 0801089e .word 0x0801089e + 800570c: 080108ae .word 0x080108ae + 8005710: 40021000 .word 0x40021000 + +08005714 : + +// sdcard_recovery() +// + void +sdcard_recovery(void) +{ + 8005714: b508 push {r3, lr} + // Use SDCard to recover. Must be precise version they tried to + // install before, and will be slow AF. + + puts("Recovery mode."); + 8005716: 480b ldr r0, [pc, #44] ; (8005744 ) + while(1) { + // .. need them to insert a card + + sdcard_light(false); + while(!sdcard_is_inserted()) { + oled_show(screen_recovery); + 8005718: 4c0b ldr r4, [pc, #44] ; (8005748 ) + puts("Recovery mode."); + 800571a: f7ff fcab bl 8005074 + sdcard_light(false); + 800571e: 2000 movs r0, #0 + 8005720: f7ff fe80 bl 8005424 + while(!sdcard_is_inserted()) { + 8005724: f7ff fe86 bl 8005434 + 8005728: b128 cbz r0, 8005736 + delay_ms(200); + } + + // look for binary, will reset system if successful + sdcard_light(true); + 800572a: 2001 movs r0, #1 + 800572c: f7ff fe7a bl 8005424 + sdcard_search(); + 8005730: f7ff ff08 bl 8005544 + sdcard_light(false); + 8005734: e7f3 b.n 800571e + oled_show(screen_recovery); + 8005736: 4620 mov r0, r4 + 8005738: f7fb fcae bl 8001098 + delay_ms(200); + 800573c: 20c8 movs r0, #200 ; 0xc8 + 800573e: f7fe f9b3 bl 8003aa8 + 8005742: e7ef b.n 8005724 + 8005744: 080108b7 .word 0x080108b7 + 8005748: 0800e863 .word 0x0800e863 + +0800574c : +#include + +// so we don't need stm32l4xx_hal_hash_ex.c +HAL_StatusTypeDef HAL_HASHEx_SHA256_Accmlt(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size) +{ + return HASH_Accumulate(hhash, pInBuffer, Size,HASH_ALGOSELECTION_SHA256); + 800574c: 4b01 ldr r3, [pc, #4] ; (8005754 ) + 800574e: f005 ba25 b.w 800ab9c + 8005752: bf00 nop + 8005754: 00040080 .word 0x00040080 + +08005758 : +} + +HAL_StatusTypeDef HAL_HASHEx_SHA256_Start(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size, uint8_t* pOutBuffer, uint32_t Timeout) +{ + 8005758: b513 push {r0, r1, r4, lr} + return HASH_Start(hhash, pInBuffer, Size, pOutBuffer, Timeout, HASH_ALGOSELECTION_SHA256); + 800575a: 4c04 ldr r4, [pc, #16] ; (800576c ) + 800575c: 9401 str r4, [sp, #4] + 800575e: 9c04 ldr r4, [sp, #16] + 8005760: 9400 str r4, [sp, #0] + 8005762: f005 f977 bl 800aa54 +} + 8005766: b002 add sp, #8 + 8005768: bd10 pop {r4, pc} + 800576a: bf00 nop + 800576c: 00040080 .word 0x00040080 + +08005770 : + +HAL_StatusTypeDef HAL_HMACEx_SHA256_Start(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size, uint8_t* pOutBuffer, uint32_t Timeout) +{ + 8005770: b513 push {r0, r1, r4, lr} + return HMAC_Start(hhash, pInBuffer, Size, pOutBuffer, Timeout, HASH_ALGOSELECTION_SHA256); + 8005772: 4c04 ldr r4, [pc, #16] ; (8005784 ) + 8005774: 9401 str r4, [sp, #4] + 8005776: 9c04 ldr r4, [sp, #16] + 8005778: 9400 str r4, [sp, #0] + 800577a: f005 fbad bl 800aed8 +} + 800577e: b002 add sp, #8 + 8005780: bd10 pop {r4, pc} + 8005782: bf00 nop + 8005784: 00040080 .word 0x00040080 + +08005788 : + +void sha256_init(SHA256_CTX *ctx) +{ + 8005788: b510 push {r4, lr} + memset(ctx, 0, sizeof(SHA256_CTX)); + 800578a: 2248 movs r2, #72 ; 0x48 +{ + 800578c: 4604 mov r4, r0 + memset(ctx, 0, sizeof(SHA256_CTX)); + 800578e: 2100 movs r1, #0 + 8005790: 3004 adds r0, #4 + 8005792: f008 f8b7 bl 800d904 + +#if 1 + ctx->num_pending = 0; + ctx->hh.Init.DataType = HASH_DATATYPE_8B; + 8005796: 2320 movs r3, #32 + 8005798: 6023 str r3, [r4, #0] + HAL_HASH_Init(&ctx->hh); + 800579a: 4620 mov r0, r4 + __HAL_HASH_RESET_MDMAT(); + + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, + HASH_ALGOSELECTION_SHA256 | HASH_CR_INIT); +#endif +} + 800579c: e8bd 4010 ldmia.w sp!, {r4, lr} + HAL_HASH_Init(&ctx->hh); + 80057a0: f004 bfe6 b.w 800a770 + +080057a4 : + +void sha256_update(SHA256_CTX *ctx, const uint8_t data[], uint32_t len) +{ + 80057a4: b5f8 push {r3, r4, r5, r6, r7, lr} + HAL_StatusTypeDef rv; + + // clear out any pending bytes + if(ctx->num_pending + len >= 4) { + 80057a6: f890 3048 ldrb.w r3, [r0, #72] ; 0x48 + 80057aa: 4413 add r3, r2 + 80057ac: 2b03 cmp r3, #3 +{ + 80057ae: 4605 mov r5, r0 + 80057b0: 460e mov r6, r1 + 80057b2: 4614 mov r4, r2 + if(ctx->num_pending + len >= 4) { + 80057b4: d818 bhi.n 80057e8 + } + } + + // write full blocks + uint32_t blocks = len / 4; + if(blocks) { + 80057b6: 2c03 cmp r4, #3 + 80057b8: d926 bls.n 8005808 +#if 1 + rv = HAL_HASHEx_SHA256_Accumulate(&ctx->hh, (uint8_t *)data, blocks*4); + 80057ba: f024 0703 bic.w r7, r4, #3 + 80057be: 463a mov r2, r7 + 80057c0: 4631 mov r1, r6 + 80057c2: 4628 mov r0, r5 + 80057c4: f7ff ffc2 bl 800574c + ASSERT(rv == HAL_OK); + 80057c8: b9c8 cbnz r0, 80057fe + uint32_t tmp; + memcpy(&tmp, data, 4); + HASH->DIN = tmp; + } +#endif + len -= blocks*4; + 80057ca: f004 0403 and.w r4, r4, #3 + data += blocks*4; + 80057ce: 443e add r6, r7 + 80057d0: e01a b.n 8005808 + ctx->pending[ctx->num_pending++] = *data; + 80057d2: 1c5a adds r2, r3, #1 + 80057d4: b2d2 uxtb r2, r2 + 80057d6: f885 2048 strb.w r2, [r5, #72] ; 0x48 + 80057da: 442b add r3, r5 + 80057dc: f816 1b01 ldrb.w r1, [r6], #1 + 80057e0: f883 1044 strb.w r1, [r3, #68] ; 0x44 + if(!len) break; + 80057e4: 3c01 subs r4, #1 + 80057e6: d00d beq.n 8005804 + while(ctx->num_pending != 4) { + 80057e8: f895 3048 ldrb.w r3, [r5, #72] ; 0x48 + 80057ec: 2b04 cmp r3, #4 + 80057ee: d1f0 bne.n 80057d2 + rv = HAL_HASHEx_SHA256_Accumulate(&ctx->hh, ctx->pending, 4); + 80057f0: 2204 movs r2, #4 + 80057f2: f105 0144 add.w r1, r5, #68 ; 0x44 + 80057f6: 4628 mov r0, r5 + 80057f8: f7ff ffa8 bl 800574c + ASSERT(rv == HAL_OK); + 80057fc: b140 cbz r0, 8005810 + 80057fe: 480b ldr r0, [pc, #44] ; (800582c ) + 8005800: f7fb f92c bl 8000a5c + if(ctx->num_pending == 4) { + 8005804: 2a04 cmp r2, #4 + 8005806: d0f3 beq.n 80057f0 + 8005808: 4434 add r4, r6 + } + + // save runt for later + ASSERT(len <= 3); + while(len) { + 800580a: 42b4 cmp r4, r6 + 800580c: d103 bne.n 8005816 + ctx->pending[ctx->num_pending++] = *data; + data++; + len--; + } +} + 800580e: bdf8 pop {r3, r4, r5, r6, r7, pc} + ctx->num_pending = 0; + 8005810: f885 0048 strb.w r0, [r5, #72] ; 0x48 + 8005814: e7cf b.n 80057b6 + ctx->pending[ctx->num_pending++] = *data; + 8005816: f895 3048 ldrb.w r3, [r5, #72] ; 0x48 + 800581a: 1c5a adds r2, r3, #1 + 800581c: f885 2048 strb.w r2, [r5, #72] ; 0x48 + 8005820: 442b add r3, r5 + 8005822: f816 2b01 ldrb.w r2, [r6], #1 + 8005826: f883 2044 strb.w r2, [r3, #68] ; 0x44 + len--; + 800582a: e7ee b.n 800580a + 800582c: 08010470 .word 0x08010470 + +08005830 : + +void sha256_final(SHA256_CTX *ctx, uint8_t digest[32]) +{ + 8005830: b513 push {r0, r1, r4, lr} + // Do final 0-3 bytes, pad and return digest. +#if 1 + HAL_StatusTypeDef rv = HAL_HASHEx_SHA256_Start(&ctx->hh, + 8005832: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 8005836: 9200 str r2, [sp, #0] +{ + 8005838: 460b mov r3, r1 + HAL_StatusTypeDef rv = HAL_HASHEx_SHA256_Start(&ctx->hh, + 800583a: f890 2048 ldrb.w r2, [r0, #72] ; 0x48 + 800583e: f100 0144 add.w r1, r0, #68 ; 0x44 + 8005842: f7ff ff89 bl 8005758 + ctx->pending, ctx->num_pending, digest, HAL_MAX_DELAY); + ASSERT(rv == HAL_OK); + 8005846: b110 cbz r0, 800584e + 8005848: 4802 ldr r0, [pc, #8] ; (8005854 ) + 800584a: f7fb f907 bl 8000a5c + tmp = __REV(HASH_DIGEST->HR[6]); + memcpy(out, &tmp, 4); out += 4; + tmp = __REV(HASH_DIGEST->HR[7]); + memcpy(out, &tmp, 4); +#endif +} + 800584e: b002 add sp, #8 + 8005850: bd10 pop {r4, pc} + 8005852: bf00 nop + 8005854: 08010470 .word 0x08010470 + +08005858 : +// +// single-shot version (best) +// + void +sha256_single(const uint8_t data[], uint32_t len, uint8_t digest[32]) +{ + 8005858: b530 push {r4, r5, lr} + 800585a: b097 sub sp, #92 ; 0x5c + 800585c: 4604 mov r4, r0 + 800585e: 460d mov r5, r1 + 8005860: 9203 str r2, [sp, #12] + HASH_HandleTypeDef hh = {0}; + 8005862: 2100 movs r1, #0 + 8005864: 2240 movs r2, #64 ; 0x40 + 8005866: a806 add r0, sp, #24 + 8005868: f008 f84c bl 800d904 + + hh.Init.DataType = HASH_DATATYPE_8B; + 800586c: 2220 movs r2, #32 + + HAL_HASH_Init(&hh); + 800586e: a805 add r0, sp, #20 + hh.Init.DataType = HASH_DATATYPE_8B; + 8005870: 9205 str r2, [sp, #20] + HAL_HASH_Init(&hh); + 8005872: f004 ff7d bl 800a770 + + // It's called "Start" but it handles the runt packet, so really can only + // be used once at end of message, or for whole message. + HAL_StatusTypeDef rv = HAL_HASHEx_SHA256_Start(&hh, (uint8_t *)data, len, + 8005876: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 800587a: 9200 str r2, [sp, #0] + 800587c: 9b03 ldr r3, [sp, #12] + 800587e: 462a mov r2, r5 + 8005880: 4621 mov r1, r4 + 8005882: a805 add r0, sp, #20 + 8005884: f7ff ff68 bl 8005758 + digest, HAL_MAX_DELAY); + ASSERT(rv == HAL_OK); + 8005888: b110 cbz r0, 8005890 + 800588a: 4802 ldr r0, [pc, #8] ; (8005894 ) + 800588c: f7fb f8e6 bl 8000a5c +} + 8005890: b017 add sp, #92 ; 0x5c + 8005892: bd30 pop {r4, r5, pc} + 8005894: 08010470 .word 0x08010470 + +08005898 : +// hmac_sha256_init() +// + void +hmac_sha256_init(HMAC_CTX *ctx) +{ + memset(ctx, 0, sizeof(HMAC_CTX)); + 8005898: f44f 7282 mov.w r2, #260 ; 0x104 + 800589c: 2100 movs r1, #0 + 800589e: f008 b831 b.w 800d904 + ... + +080058a4 : + +// hmac_sha256_update() +// + void +hmac_sha256_update(HMAC_CTX *ctx, const uint8_t data[], uint32_t len) +{ + 80058a4: b538 push {r3, r4, r5, lr} + 80058a6: 4604 mov r4, r0 + // simple append + ASSERT(ctx->num_pending + len < sizeof(ctx->pending)); + 80058a8: f8d0 0100 ldr.w r0, [r0, #256] ; 0x100 + 80058ac: 1883 adds r3, r0, r2 + 80058ae: 2bff cmp r3, #255 ; 0xff +{ + 80058b0: 4615 mov r5, r2 + ASSERT(ctx->num_pending + len < sizeof(ctx->pending)); + 80058b2: d902 bls.n 80058ba + 80058b4: 4805 ldr r0, [pc, #20] ; (80058cc ) + 80058b6: f7fb f8d1 bl 8000a5c + + memcpy(ctx->pending+ctx->num_pending, data, len); + 80058ba: 4420 add r0, r4 + 80058bc: f008 f814 bl 800d8e8 + + ctx->num_pending += len; + 80058c0: f8d4 2100 ldr.w r2, [r4, #256] ; 0x100 + 80058c4: 442a add r2, r5 + 80058c6: f8c4 2100 str.w r2, [r4, #256] ; 0x100 +} + 80058ca: bd38 pop {r3, r4, r5, pc} + 80058cc: 08010470 .word 0x08010470 + +080058d0 : + +// hmac_sha256_final() +// + void +hmac_sha256_final(HMAC_CTX *ctx, const uint8_t key[32], uint8_t digest[32]) +{ + 80058d0: b530 push {r4, r5, lr} + 80058d2: b097 sub sp, #92 ; 0x5c + 80058d4: 4604 mov r4, r0 + 80058d6: 460d mov r5, r1 + 80058d8: 9203 str r2, [sp, #12] + HASH_HandleTypeDef hh = {0}; + 80058da: 2100 movs r1, #0 + 80058dc: 2238 movs r2, #56 ; 0x38 + 80058de: a808 add r0, sp, #32 + 80058e0: f008 f810 bl 800d904 + + hh.Init.DataType = HASH_DATATYPE_8B; + 80058e4: 2220 movs r2, #32 + hh.Init.pKey = (uint8_t *)key; // const viol due to API dumbness + hh.Init.KeySize = 32; + + HAL_HASH_Init(&hh); + 80058e6: a805 add r0, sp, #20 + hh.Init.KeySize = 32; + 80058e8: e9cd 2506 strd r2, r5, [sp, #24] + hh.Init.DataType = HASH_DATATYPE_8B; + 80058ec: 9205 str r2, [sp, #20] + HAL_HASH_Init(&hh); + 80058ee: f004 ff3f bl 800a770 + + HAL_StatusTypeDef rv = HAL_HMACEx_SHA256_Start(&hh, + 80058f2: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 80058f6: 9200 str r2, [sp, #0] + 80058f8: 9b03 ldr r3, [sp, #12] + 80058fa: f8d4 2100 ldr.w r2, [r4, #256] ; 0x100 + 80058fe: 4621 mov r1, r4 + 8005900: a805 add r0, sp, #20 + 8005902: f7ff ff35 bl 8005770 + ctx->pending, ctx->num_pending, digest, HAL_MAX_DELAY); + ASSERT(rv == HAL_OK); + 8005906: b110 cbz r0, 800590e + 8005908: 4802 ldr r0, [pc, #8] ; (8005914 ) + 800590a: f7fb f8a7 bl 8000a5c +} + 800590e: b017 add sp, #92 ; 0x5c + 8005910: bd30 pop {r4, r5, pc} + 8005912: bf00 nop + 8005914: 08010470 .word 0x08010470 + +08005918 : + +#if !asm_mult +uECC_VLI_API void uECC_vli_mult(uECC_word_t *result, + const uECC_word_t *left, + const uECC_word_t *right, + wordcount_t num_words) { + 8005918: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + ); + +#else /* Thumb-1 */ + uint32_t r4, r5, r6, r7; + + __asm__ volatile ( + 800591c: 3b01 subs r3, #1 + 800591e: 009b lsls r3, r3, #2 + 8005920: 4698 mov r8, r3 + 8005922: 005b lsls r3, r3, #1 + 8005924: 4699 mov r9, r3 + 8005926: 2300 movs r3, #0 + 8005928: 2400 movs r4, #0 + 800592a: 2500 movs r5, #0 + 800592c: 2600 movs r6, #0 + 800592e: b401 push {r0} + 8005930: 2700 movs r7, #0 + 8005932: e002 b.n 800593a + 8005934: 0037 movs r7, r6 + 8005936: 4640 mov r0, r8 + 8005938: 1a3f subs r7, r7, r0 + 800593a: b478 push {r3, r4, r5, r6} + 800593c: 1bf0 subs r0, r6, r7 + 800593e: 5814 ldr r4, [r2, r0] + 8005940: 59c8 ldr r0, [r1, r7] + 8005942: 0c03 lsrs r3, r0, #16 + 8005944: b280 uxth r0, r0 + 8005946: 0c25 lsrs r5, r4, #16 + 8005948: b2a4 uxth r4, r4 + 800594a: 001e movs r6, r3 + 800594c: 436e muls r6, r5 + 800594e: 4363 muls r3, r4 + 8005950: 4345 muls r5, r0 + 8005952: 4360 muls r0, r4 + 8005954: 2400 movs r4, #0 + 8005956: 195b adds r3, r3, r5 + 8005958: 4164 adcs r4, r4 + 800595a: 0424 lsls r4, r4, #16 + 800595c: 1936 adds r6, r6, r4 + 800595e: 041c lsls r4, r3, #16 + 8005960: 0c1b lsrs r3, r3, #16 + 8005962: 1900 adds r0, r0, r4 + 8005964: 415e adcs r6, r3 + 8005966: bc38 pop {r3, r4, r5} + 8005968: 181b adds r3, r3, r0 + 800596a: 4174 adcs r4, r6 + 800596c: 2000 movs r0, #0 + 800596e: 4145 adcs r5, r0 + 8005970: bc40 pop {r6} + 8005972: 3704 adds r7, #4 + 8005974: 4547 cmp r7, r8 + 8005976: dc01 bgt.n 800597c + 8005978: 42b7 cmp r7, r6 + 800597a: ddde ble.n 800593a + 800597c: 9800 ldr r0, [sp, #0] + 800597e: 5183 str r3, [r0, r6] + 8005980: 4623 mov r3, r4 + 8005982: 462c mov r4, r5 + 8005984: 2500 movs r5, #0 + 8005986: 3604 adds r6, #4 + 8005988: 4546 cmp r6, r8 + 800598a: ddd1 ble.n 8005930 + 800598c: 454e cmp r6, r9 + 800598e: ddd1 ble.n 8005934 + 8005990: 5183 str r3, [r0, r6] + 8005992: bc01 pop {r0} + [r5] "=&l" (r5), [r6] "=&l" (r6), [r7] "=&l" (r7) + : [r0] "l" (result), [r1] "l" (left), [r2] "l" (right) + : "r8", "r9", "cc", "memory" + ); +#endif +} + 8005994: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + +08005998 : + +#if !asm_clear +uECC_VLI_API void uECC_vli_clear(uECC_word_t *vli, wordcount_t num_words) { + wordcount_t i; + for (i = 0; i < num_words; ++i) { + vli[i] = 0; + 8005998: ea21 71e1 bic.w r1, r1, r1, asr #31 + 800599c: 008a lsls r2, r1, #2 + 800599e: 2100 movs r1, #0 + 80059a0: f007 bfb0 b.w 800d904 + +080059a4 : +} +#endif /* !asm_clear */ + +/* Constant-time comparison to zero - secure way to compare long integers */ +/* Returns 1 if vli == 0, 0 otherwise. */ +uECC_VLI_API uECC_word_t uECC_vli_isZero(const uECC_word_t *vli, wordcount_t num_words) { + 80059a4: b510 push {r4, lr} + uECC_word_t bits = 0; + wordcount_t i; + for (i = 0; i < num_words; ++i) { + 80059a6: 2300 movs r3, #0 + uECC_word_t bits = 0; + 80059a8: 461a mov r2, r3 + for (i = 0; i < num_words; ++i) { + 80059aa: b25c sxtb r4, r3 + 80059ac: 42a1 cmp r1, r4 + 80059ae: dc03 bgt.n 80059b8 + bits |= vli[i]; + } + return (bits == 0); +} + 80059b0: fab2 f082 clz r0, r2 + 80059b4: 0940 lsrs r0, r0, #5 + 80059b6: bd10 pop {r4, pc} + bits |= vli[i]; + 80059b8: f850 4023 ldr.w r4, [r0, r3, lsl #2] + 80059bc: 3301 adds r3, #1 + 80059be: 4322 orrs r2, r4 + for (i = 0; i < num_words; ++i) { + 80059c0: e7f3 b.n 80059aa + +080059c2 : + +/* Returns nonzero if bit 'bit' of vli is set. */ +uECC_VLI_API uECC_word_t uECC_vli_testBit(const uECC_word_t *vli, bitcount_t bit) { + return (vli[bit >> uECC_WORD_BITS_SHIFT] & ((uECC_word_t)1 << (bit & uECC_WORD_BITS_MASK))); + 80059c2: 114a asrs r2, r1, #5 + 80059c4: 2301 movs r3, #1 + 80059c6: f850 0022 ldr.w r0, [r0, r2, lsl #2] + 80059ca: f001 011f and.w r1, r1, #31 + 80059ce: fa03 f101 lsl.w r1, r3, r1 +} + 80059d2: 4008 ands r0, r1 + 80059d4: 4770 bx lr + +080059d6 : +/* Counts the number of words in vli. */ +static wordcount_t vli_numDigits(const uECC_word_t *vli, const wordcount_t max_words) { + wordcount_t i; + /* Search from the end until we find a non-zero digit. + We do it in reverse because we expect that most digits will be nonzero. */ + for (i = max_words - 1; i >= 0 && vli[i] == 0; --i) { + 80059d6: 3901 subs r1, #1 + + return (i + 1); +} + +/* Counts the number of bits required to represent vli. */ +uECC_VLI_API bitcount_t uECC_vli_numBits(const uECC_word_t *vli, const wordcount_t max_words) { + 80059d8: b510 push {r4, lr} + 80059da: b249 sxtb r1, r1 + for (i = max_words - 1; i >= 0 && vli[i] == 0; --i) { + 80059dc: 1d04 adds r4, r0, #4 + 80059de: 060a lsls r2, r1, #24 + 80059e0: b2cb uxtb r3, r1 + 80059e2: d404 bmi.n 80059ee + 80059e4: 3901 subs r1, #1 + 80059e6: f854 2021 ldr.w r2, [r4, r1, lsl #2] + 80059ea: 2a00 cmp r2, #0 + 80059ec: d0f7 beq.n 80059de + return (i + 1); + 80059ee: 3301 adds r3, #1 + 80059f0: b25b sxtb r3, r3 + uECC_word_t i; + uECC_word_t digit; + + wordcount_t num_digits = vli_numDigits(vli, max_words); + if (num_digits == 0) { + 80059f2: b173 cbz r3, 8005a12 + return 0; + } + + digit = vli[num_digits - 1]; + 80059f4: f103 4280 add.w r2, r3, #1073741824 ; 0x40000000 + 80059f8: 3a01 subs r2, #1 + 80059fa: f850 2022 ldr.w r2, [r0, r2, lsl #2] + for (i = 0; digit; ++i) { + 80059fe: 2000 movs r0, #0 + 8005a00: b922 cbnz r2, 8005a0c + digit >>= 1; + } + + return (((bitcount_t)(num_digits - 1) << uECC_WORD_BITS_SHIFT) + i); + 8005a02: 3b01 subs r3, #1 + 8005a04: eb00 1343 add.w r3, r0, r3, lsl #5 + 8005a08: b218 sxth r0, r3 +} + 8005a0a: bd10 pop {r4, pc} + digit >>= 1; + 8005a0c: 0852 lsrs r2, r2, #1 + for (i = 0; digit; ++i) { + 8005a0e: 3001 adds r0, #1 + 8005a10: e7f6 b.n 8005a00 + return 0; + 8005a12: 4618 mov r0, r3 + 8005a14: e7f9 b.n 8005a0a + +08005a16 : + +/* Sets dest = src. */ +#if !asm_set +uECC_VLI_API void uECC_vli_set(uECC_word_t *dest, const uECC_word_t *src, wordcount_t num_words) { + 8005a16: b510 push {r4, lr} + wordcount_t i; + for (i = 0; i < num_words; ++i) { + 8005a18: 2300 movs r3, #0 + 8005a1a: b25c sxtb r4, r3 + 8005a1c: 42a2 cmp r2, r4 + 8005a1e: dc00 bgt.n 8005a22 + dest[i] = src[i]; + } +} + 8005a20: bd10 pop {r4, pc} + dest[i] = src[i]; + 8005a22: f851 4023 ldr.w r4, [r1, r3, lsl #2] + 8005a26: f840 4023 str.w r4, [r0, r3, lsl #2] + for (i = 0; i < num_words; ++i) { + 8005a2a: 3301 adds r3, #1 + 8005a2c: e7f5 b.n 8005a1a + +08005a2e : +#endif /* !asm_set */ + +/* Returns sign of left - right. */ +static cmpresult_t uECC_vli_cmp_unsafe(const uECC_word_t *left, + const uECC_word_t *right, + wordcount_t num_words) { + 8005a2e: b510 push {r4, lr} + wordcount_t i; + for (i = num_words - 1; i >= 0; --i) { + 8005a30: 3a01 subs r2, #1 + 8005a32: b252 sxtb r2, r2 + 8005a34: 0613 lsls r3, r2, #24 + 8005a36: d501 bpl.n 8005a3c + return 1; + } else if (left[i] < right[i]) { + return -1; + } + } + return 0; + 8005a38: 2000 movs r0, #0 +} + 8005a3a: bd10 pop {r4, pc} + if (left[i] > right[i]) { + 8005a3c: f850 4022 ldr.w r4, [r0, r2, lsl #2] + 8005a40: f851 3022 ldr.w r3, [r1, r2, lsl #2] + 8005a44: 429c cmp r4, r3 + 8005a46: d805 bhi.n 8005a54 + } else if (left[i] < right[i]) { + 8005a48: f102 32ff add.w r2, r2, #4294967295 ; 0xffffffff + 8005a4c: d2f2 bcs.n 8005a34 + return -1; + 8005a4e: f04f 30ff mov.w r0, #4294967295 ; 0xffffffff + 8005a52: e7f2 b.n 8005a3a + return 1; + 8005a54: 2001 movs r0, #1 + 8005a56: e7f0 b.n 8005a3a + +08005a58 : +#if !asm_rshift1 +uECC_VLI_API void uECC_vli_rshift1(uECC_word_t *vli, wordcount_t num_words) { + uECC_word_t *end = vli; + uECC_word_t carry = 0; + + vli += num_words; + 8005a58: eb00 0181 add.w r1, r0, r1, lsl #2 + uECC_word_t carry = 0; + 8005a5c: 2300 movs r3, #0 + while (vli-- > end) { + 8005a5e: 4288 cmp r0, r1 + 8005a60: d300 bcc.n 8005a64 + uECC_word_t temp = *vli; + *vli = (temp >> 1) | carry; + carry = temp << (uECC_WORD_BITS - 1); + } +} + 8005a62: 4770 bx lr + uECC_word_t temp = *vli; + 8005a64: f851 2d04 ldr.w r2, [r1, #-4]! + *vli = (temp >> 1) | carry; + 8005a68: ea43 0352 orr.w r3, r3, r2, lsr #1 + 8005a6c: 600b str r3, [r1, #0] + carry = temp << (uECC_WORD_BITS - 1); + 8005a6e: 07d3 lsls r3, r2, #31 + 8005a70: e7f5 b.n 8005a5e + +08005a72 : +/* Computes result = (left * right) % mod. */ +uECC_VLI_API void uECC_vli_modMult(uECC_word_t *result, + const uECC_word_t *left, + const uECC_word_t *right, + const uECC_word_t *mod, + wordcount_t num_words) { + 8005a72: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 8005a76: b0b5 sub sp, #212 ; 0xd4 + 8005a78: 461f mov r7, r3 + 8005a7a: f99d 50f8 ldrsb.w r5, [sp, #248] ; 0xf8 + 8005a7e: 4680 mov r8, r0 + uECC_word_t product[2 * uECC_MAX_WORDS]; + uECC_vli_mult(product, left, right, num_words); + 8005a80: 462b mov r3, r5 + 8005a82: a804 add r0, sp, #16 + 8005a84: f7ff ff48 bl 8005918 + uECC_word_t *v[2] = {tmp, product}; + 8005a88: ab24 add r3, sp, #144 ; 0x90 + 8005a8a: e9cd 3002 strd r3, r0, [sp, #8] + bitcount_t shift = (num_words * 2 * uECC_WORD_BITS) - uECC_vli_numBits(mod, num_words); + 8005a8e: 4629 mov r1, r5 + 8005a90: 4638 mov r0, r7 + 8005a92: f7ff ffa0 bl 80059d6 + 8005a96: ebc0 1085 rsb r0, r0, r5, lsl #6 + 8005a9a: b204 sxth r4, r0 + wordcount_t word_shift = shift / uECC_WORD_BITS; + 8005a9c: 2c00 cmp r4, #0 + 8005a9e: 4626 mov r6, r4 + 8005aa0: bfb8 it lt + 8005aa2: f104 061f addlt.w r6, r4, #31 + wordcount_t bit_shift = shift % uECC_WORD_BITS; + 8005aa6: 4263 negs r3, r4 + wordcount_t word_shift = shift / uECC_WORD_BITS; + 8005aa8: f346 1647 sbfx r6, r6, #5, #8 + wordcount_t bit_shift = shift % uECC_WORD_BITS; + 8005aac: f003 031f and.w r3, r3, #31 + 8005ab0: f004 091f and.w r9, r4, #31 + uECC_vli_clear(mod_multiple, word_shift); + 8005ab4: 4631 mov r1, r6 + wordcount_t bit_shift = shift % uECC_WORD_BITS; + 8005ab6: bf58 it pl + 8005ab8: f1c3 0900 rsbpl r9, r3, #0 + uECC_vli_clear(mod_multiple, word_shift); + 8005abc: a814 add r0, sp, #80 ; 0x50 + 8005abe: f7ff ff6b bl 8005998 + if (bit_shift > 0) { + 8005ac2: f1b9 0f00 cmp.w r9, #0 + 8005ac6: b236 sxth r6, r6 + 8005ac8: dd2b ble.n 8005b22 + 8005aca: ab14 add r3, sp, #80 ; 0x50 + uECC_word_t carry = 0; + 8005acc: 2200 movs r2, #0 + 8005ace: eb03 0686 add.w r6, r3, r6, lsl #2 + carry = mod[index] >> (uECC_WORD_BITS - bit_shift); + 8005ad2: f1c9 0c20 rsb ip, r9, #32 + for(index = 0; index < (uECC_word_t)num_words; ++index) { + 8005ad6: 4613 mov r3, r2 + 8005ad8: 42ab cmp r3, r5 + 8005ada: d317 bcc.n 8005b0c + for (i = 0; i < num_words * 2; ++i) { + 8005adc: 006b lsls r3, r5, #1 + 8005ade: 9301 str r3, [sp, #4] + uECC_vli_rshift1(mod_multiple + num_words, num_words); + 8005ae0: ab14 add r3, sp, #80 ; 0x50 + 8005ae2: eb03 0985 add.w r9, r3, r5, lsl #2 + mod_multiple[num_words - 1] |= mod_multiple[num_words] << (uECC_WORD_BITS - 1); + 8005ae6: 1e6f subs r7, r5, #1 + 8005ae8: ab34 add r3, sp, #208 ; 0xd0 + uECC_vli_rshift1(mod_multiple + num_words, num_words); + 8005aea: 2601 movs r6, #1 + mod_multiple[num_words - 1] |= mod_multiple[num_words] << (uECC_WORD_BITS - 1); + 8005aec: eb03 0787 add.w r7, r3, r7, lsl #2 + for (index = 1; shift >= 0; --shift) { + 8005af0: 2c00 cmp r4, #0 + 8005af2: da54 bge.n 8005b9e + uECC_vli_set(result, v[index], num_words); + 8005af4: ab34 add r3, sp, #208 ; 0xd0 + 8005af6: eb03 0686 add.w r6, r3, r6, lsl #2 + 8005afa: 462a mov r2, r5 + 8005afc: f856 1cc8 ldr.w r1, [r6, #-200] + 8005b00: 4640 mov r0, r8 + 8005b02: f7ff ff88 bl 8005a16 + uECC_vli_mmod(result, product, mod, num_words); +} + 8005b06: b035 add sp, #212 ; 0xd4 + 8005b08: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + mod_multiple[word_shift + index] = (mod[index] << bit_shift) | carry; + 8005b0c: f857 0023 ldr.w r0, [r7, r3, lsl #2] + 8005b10: fa00 f109 lsl.w r1, r0, r9 + 8005b14: 430a orrs r2, r1 + 8005b16: f846 2b04 str.w r2, [r6], #4 + for(index = 0; index < (uECC_word_t)num_words; ++index) { + 8005b1a: 3301 adds r3, #1 + carry = mod[index] >> (uECC_WORD_BITS - bit_shift); + 8005b1c: fa20 f20c lsr.w r2, r0, ip + for(index = 0; index < (uECC_word_t)num_words; ++index) { + 8005b20: e7da b.n 8005ad8 + uECC_vli_set(mod_multiple + word_shift, mod, num_words); + 8005b22: ab14 add r3, sp, #80 ; 0x50 + 8005b24: 462a mov r2, r5 + 8005b26: 4639 mov r1, r7 + 8005b28: eb03 0086 add.w r0, r3, r6, lsl #2 + 8005b2c: f7ff ff73 bl 8005a16 + 8005b30: e7d4 b.n 8005adc + uECC_word_t diff = v[index][i] - mod_multiple[i] - borrow; + 8005b32: fa0f fe82 sxth.w lr, r2 + 8005b36: f85a 3cc8 ldr.w r3, [sl, #-200] + 8005b3a: f853 b02e ldr.w fp, [r3, lr, lsl #2] + 8005b3e: ab34 add r3, sp, #208 ; 0xd0 + 8005b40: eb03 0282 add.w r2, r3, r2, lsl #2 + 8005b44: 3001 adds r0, #1 + 8005b46: f852 3c80 ldr.w r3, [r2, #-128] + 8005b4a: 440b add r3, r1 + 8005b4c: ebbb 0303 subs.w r3, fp, r3 + 8005b50: bf34 ite cc + 8005b52: 2201 movcc r2, #1 + 8005b54: 2200 movcs r2, #0 + if (diff != v[index][i]) { + 8005b56: 459b cmp fp, r3 + borrow = (diff > v[index][i]); + 8005b58: bf18 it ne + 8005b5a: 4611 movne r1, r2 + v[1 - index][i] = diff; + 8005b5c: f85c 2cc8 ldr.w r2, [ip, #-200] + 8005b60: f842 302e str.w r3, [r2, lr, lsl #2] + for (i = 0; i < num_words * 2; ++i) { + 8005b64: 9b01 ldr r3, [sp, #4] + 8005b66: b242 sxtb r2, r0 + 8005b68: 429a cmp r2, r3 + 8005b6a: dbe2 blt.n 8005b32 + index = !(index ^ borrow); /* Swap the index if there was no borrow */ + 8005b6c: 1a73 subs r3, r6, r1 + 8005b6e: 425e negs r6, r3 + uECC_vli_rshift1(mod_multiple, num_words); + 8005b70: 4629 mov r1, r5 + 8005b72: a814 add r0, sp, #80 ; 0x50 + index = !(index ^ borrow); /* Swap the index if there was no borrow */ + 8005b74: 415e adcs r6, r3 + uECC_vli_rshift1(mod_multiple, num_words); + 8005b76: f7ff ff6f bl 8005a58 + mod_multiple[num_words - 1] |= mod_multiple[num_words] << (uECC_WORD_BITS - 1); + 8005b7a: ab34 add r3, sp, #208 ; 0xd0 + 8005b7c: eb03 0385 add.w r3, r3, r5, lsl #2 + uECC_vli_rshift1(mod_multiple + num_words, num_words); + 8005b80: 4629 mov r1, r5 + mod_multiple[num_words - 1] |= mod_multiple[num_words] << (uECC_WORD_BITS - 1); + 8005b82: f853 2c80 ldr.w r2, [r3, #-128] + 8005b86: f857 3c80 ldr.w r3, [r7, #-128] + 8005b8a: ea43 73c2 orr.w r3, r3, r2, lsl #31 + 8005b8e: f847 3c80 str.w r3, [r7, #-128] + uECC_vli_rshift1(mod_multiple + num_words, num_words); + 8005b92: 4648 mov r0, r9 + 8005b94: 3c01 subs r4, #1 + 8005b96: f7ff ff5f bl 8005a58 + for (index = 1; shift >= 0; --shift) { + 8005b9a: b224 sxth r4, r4 + 8005b9c: e7a8 b.n 8005af0 + uECC_word_t diff = v[index][i] - mod_multiple[i] - borrow; + 8005b9e: ab34 add r3, sp, #208 ; 0xd0 + 8005ba0: 2000 movs r0, #0 + v[1 - index][i] = diff; + 8005ba2: f1c6 0c01 rsb ip, r6, #1 + uECC_word_t borrow = 0; + 8005ba6: 4601 mov r1, r0 + uECC_word_t diff = v[index][i] - mod_multiple[i] - borrow; + 8005ba8: eb03 0a86 add.w sl, r3, r6, lsl #2 + v[1 - index][i] = diff; + 8005bac: eb03 0c8c add.w ip, r3, ip, lsl #2 + 8005bb0: e7d8 b.n 8005b64 + +08005bb2 : + +uECC_VLI_API void uECC_vli_modMult_fast(uECC_word_t *result, + const uECC_word_t *left, + const uECC_word_t *right, + uECC_Curve curve) { + 8005bb2: b530 push {r4, r5, lr} + 8005bb4: 461c mov r4, r3 + 8005bb6: b091 sub sp, #68 ; 0x44 + 8005bb8: 4605 mov r5, r0 + uECC_word_t product[2 * uECC_MAX_WORDS]; + uECC_vli_mult(product, left, right, curve->num_words); + 8005bba: f993 3000 ldrsb.w r3, [r3] + 8005bbe: 4668 mov r0, sp + 8005bc0: f7ff feaa bl 8005918 +#if (uECC_OPTIMIZATION_LEVEL > 0) + curve->mmod_fast(result, product); + 8005bc4: 4601 mov r1, r0 + 8005bc6: f8d4 30b0 ldr.w r3, [r4, #176] ; 0xb0 + 8005bca: 4628 mov r0, r5 + 8005bcc: 4798 blx r3 +#else + uECC_vli_mmod(result, product, curve->p, curve->num_words); +#endif +} + 8005bce: b011 add sp, #68 ; 0x44 + 8005bd0: bd30 pop {r4, r5, pc} + +08005bd2 : +} +#endif /* uECC_ENABLE_VLI_API */ + +uECC_VLI_API void uECC_vli_modSquare_fast(uECC_word_t *result, + const uECC_word_t *left, + uECC_Curve curve) { + 8005bd2: 4613 mov r3, r2 + uECC_vli_modMult_fast(result, left, left, curve); + 8005bd4: 460a mov r2, r1 + 8005bd6: f7ff bfec b.w 8005bb2 + +08005bda : + +/* Modify (x1, y1) => (x1 * z^2, y1 * z^3) */ +static void apply_z(uECC_word_t * X1, + uECC_word_t * Y1, + const uECC_word_t * const Z, + uECC_Curve curve) { + 8005bda: b570 push {r4, r5, r6, lr} + 8005bdc: 4614 mov r4, r2 + 8005bde: b08a sub sp, #40 ; 0x28 + 8005be0: 4606 mov r6, r0 + 8005be2: 460d mov r5, r1 + uECC_word_t t1[uECC_MAX_WORDS]; + + uECC_vli_modSquare_fast(t1, Z, curve); /* z^2 */ + 8005be4: 461a mov r2, r3 + 8005be6: 4621 mov r1, r4 + 8005be8: a802 add r0, sp, #8 + 8005bea: 9301 str r3, [sp, #4] + 8005bec: f7ff fff1 bl 8005bd2 + uECC_vli_modMult_fast(X1, X1, t1, curve); /* x1 * z^2 */ + 8005bf0: 9b01 ldr r3, [sp, #4] + 8005bf2: aa02 add r2, sp, #8 + 8005bf4: 4631 mov r1, r6 + 8005bf6: 4630 mov r0, r6 + 8005bf8: f7ff ffdb bl 8005bb2 + uECC_vli_modMult_fast(t1, t1, Z, curve); /* z^3 */ + 8005bfc: a902 add r1, sp, #8 + 8005bfe: 9b01 ldr r3, [sp, #4] + 8005c00: 4622 mov r2, r4 + 8005c02: 4608 mov r0, r1 + 8005c04: f7ff ffd5 bl 8005bb2 + uECC_vli_modMult_fast(Y1, Y1, t1, curve); /* y1 * z^3 */ + 8005c08: 9b01 ldr r3, [sp, #4] + 8005c0a: aa02 add r2, sp, #8 + 8005c0c: 4629 mov r1, r5 + 8005c0e: 4628 mov r0, r5 + 8005c10: f7ff ffcf bl 8005bb2 +} + 8005c14: b00a add sp, #40 ; 0x28 + 8005c16: bd70 pop {r4, r5, r6, pc} + +08005c18 : + +#else + +uECC_VLI_API void uECC_vli_nativeToBytes(uint8_t *bytes, + int num_bytes, + const uECC_word_t *native) { + 8005c18: b5f0 push {r4, r5, r6, r7, lr} + wordcount_t i; + for (i = 0; i < num_bytes; ++i) { + 8005c1a: 2500 movs r5, #0 + unsigned b = num_bytes - 1 - i; + 8005c1c: 1e4f subs r7, r1, #1 + 8005c1e: b26c sxtb r4, r5 + for (i = 0; i < num_bytes; ++i) { + 8005c20: 428c cmp r4, r1 + 8005c22: f105 0501 add.w r5, r5, #1 + 8005c26: db00 blt.n 8005c2a + bytes[i] = native[b / uECC_WORD_SIZE] >> (8 * (b % uECC_WORD_SIZE)); + } +} + 8005c28: bdf0 pop {r4, r5, r6, r7, pc} + unsigned b = num_bytes - 1 - i; + 8005c2a: 1b3b subs r3, r7, r4 + bytes[i] = native[b / uECC_WORD_SIZE] >> (8 * (b % uECC_WORD_SIZE)); + 8005c2c: f023 0603 bic.w r6, r3, #3 + 8005c30: f003 0303 and.w r3, r3, #3 + 8005c34: 5996 ldr r6, [r2, r6] + 8005c36: 00db lsls r3, r3, #3 + 8005c38: fa26 f303 lsr.w r3, r6, r3 + 8005c3c: 5503 strb r3, [r0, r4] + for (i = 0; i < num_bytes; ++i) { + 8005c3e: e7ee b.n 8005c1e + +08005c40 : + +uECC_VLI_API void uECC_vli_bytesToNative(uECC_word_t *native, + const uint8_t *bytes, + int num_bytes) { + 8005c40: b5f8 push {r3, r4, r5, r6, r7, lr} + 8005c42: 460e mov r6, r1 + wordcount_t i; + uECC_vli_clear(native, (num_bytes + (uECC_WORD_SIZE - 1)) / uECC_WORD_SIZE); + 8005c44: 1cd1 adds r1, r2, #3 + 8005c46: bf48 it mi + 8005c48: 1d91 addmi r1, r2, #6 + int num_bytes) { + 8005c4a: 4614 mov r4, r2 + uECC_vli_clear(native, (num_bytes + (uECC_WORD_SIZE - 1)) / uECC_WORD_SIZE); + 8005c4c: f341 0187 sbfx r1, r1, #2, #8 + int num_bytes) { + 8005c50: 4605 mov r5, r0 + for (i = 0; i < num_bytes; ++i) { + unsigned b = num_bytes - 1 - i; + 8005c52: 1e67 subs r7, r4, #1 + uECC_vli_clear(native, (num_bytes + (uECC_WORD_SIZE - 1)) / uECC_WORD_SIZE); + 8005c54: f7ff fea0 bl 8005998 + for (i = 0; i < num_bytes; ++i) { + 8005c58: 2000 movs r0, #0 + 8005c5a: b242 sxtb r2, r0 + 8005c5c: 42a2 cmp r2, r4 + 8005c5e: f100 0001 add.w r0, r0, #1 + 8005c62: db00 blt.n 8005c66 + native[b / uECC_WORD_SIZE] |= + (uECC_word_t)bytes[i] << (8 * (b % uECC_WORD_SIZE)); + } +} + 8005c64: bdf8 pop {r3, r4, r5, r6, r7, pc} + unsigned b = num_bytes - 1 - i; + 8005c66: 1abb subs r3, r7, r2 + native[b / uECC_WORD_SIZE] |= + 8005c68: f023 0103 bic.w r1, r3, #3 + (uECC_word_t)bytes[i] << (8 * (b % uECC_WORD_SIZE)); + 8005c6c: 5cb2 ldrb r2, [r6, r2] + 8005c6e: f003 0303 and.w r3, r3, #3 + 8005c72: 00db lsls r3, r3, #3 + 8005c74: fa02 f303 lsl.w r3, r2, r3 + native[b / uECC_WORD_SIZE] |= + 8005c78: 586a ldr r2, [r5, r1] + 8005c7a: 431a orrs r2, r3 + 8005c7c: 506a str r2, [r5, r1] + for (i = 0; i < num_bytes; ++i) { + 8005c7e: e7ec b.n 8005c5a + +08005c80 : + return 0; +} + +/* Compute an HMAC using K as a key (as in RFC 6979). Note that K is always + the same size as the hash result size. */ +static void HMAC_init(uECC_HashContext *hash_context, const uint8_t *K) { + 8005c80: b570 push {r4, r5, r6, lr} + uint8_t *pad = hash_context->tmp + 2 * hash_context->result_size; + 8005c82: e9d0 3504 ldrd r3, r5, [r0, #16] +static void HMAC_init(uECC_HashContext *hash_context, const uint8_t *K) { + 8005c86: 4604 mov r4, r0 + uint8_t *pad = hash_context->tmp + 2 * hash_context->result_size; + 8005c88: eb05 0543 add.w r5, r5, r3, lsl #1 + unsigned i; + for (i = 0; i < hash_context->result_size; ++i) + 8005c8c: 2300 movs r3, #0 + 8005c8e: 6922 ldr r2, [r4, #16] + 8005c90: 429a cmp r2, r3 + 8005c92: d80d bhi.n 8005cb0 + pad[i] = K[i] ^ 0x36; + for (; i < hash_context->block_size; ++i) + pad[i] = 0x36; + 8005c94: 2136 movs r1, #54 ; 0x36 + for (; i < hash_context->block_size; ++i) + 8005c96: 68e2 ldr r2, [r4, #12] + 8005c98: 429a cmp r2, r3 + 8005c9a: d80f bhi.n 8005cbc + + hash_context->init_hash(hash_context); + 8005c9c: 6823 ldr r3, [r4, #0] + 8005c9e: 4620 mov r0, r4 + 8005ca0: 4798 blx r3 + hash_context->update_hash(hash_context, pad, hash_context->block_size); + 8005ca2: 6863 ldr r3, [r4, #4] + 8005ca4: 68e2 ldr r2, [r4, #12] + 8005ca6: 4629 mov r1, r5 + 8005ca8: 4620 mov r0, r4 +} + 8005caa: e8bd 4070 ldmia.w sp!, {r4, r5, r6, lr} + hash_context->update_hash(hash_context, pad, hash_context->block_size); + 8005cae: 4718 bx r3 + pad[i] = K[i] ^ 0x36; + 8005cb0: 5cca ldrb r2, [r1, r3] + 8005cb2: f082 0236 eor.w r2, r2, #54 ; 0x36 + 8005cb6: 54ea strb r2, [r5, r3] + for (i = 0; i < hash_context->result_size; ++i) + 8005cb8: 3301 adds r3, #1 + 8005cba: e7e8 b.n 8005c8e + pad[i] = 0x36; + 8005cbc: 54e9 strb r1, [r5, r3] + for (; i < hash_context->block_size; ++i) + 8005cbe: 3301 adds r3, #1 + 8005cc0: e7e9 b.n 8005c96 + +08005cc2 : + +static void HMAC_update(uECC_HashContext *hash_context, + const uint8_t *message, + unsigned message_size) { + hash_context->update_hash(hash_context, message, message_size); + 8005cc2: 6843 ldr r3, [r0, #4] + 8005cc4: 4718 bx r3 + +08005cc6 : +} + +static void HMAC_finish(uECC_HashContext *hash_context, const uint8_t *K, uint8_t *result) { + 8005cc6: b570 push {r4, r5, r6, lr} + uint8_t *pad = hash_context->tmp + 2 * hash_context->result_size; + 8005cc8: e9d0 3604 ldrd r3, r6, [r0, #16] +static void HMAC_finish(uECC_HashContext *hash_context, const uint8_t *K, uint8_t *result) { + 8005ccc: 4604 mov r4, r0 + uint8_t *pad = hash_context->tmp + 2 * hash_context->result_size; + 8005cce: eb06 0643 add.w r6, r6, r3, lsl #1 +static void HMAC_finish(uECC_HashContext *hash_context, const uint8_t *K, uint8_t *result) { + 8005cd2: 4615 mov r5, r2 + unsigned i; + for (i = 0; i < hash_context->result_size; ++i) + 8005cd4: 2300 movs r3, #0 + 8005cd6: 6922 ldr r2, [r4, #16] + 8005cd8: 429a cmp r2, r3 + 8005cda: d81a bhi.n 8005d12 + pad[i] = K[i] ^ 0x5c; + for (; i < hash_context->block_size; ++i) + pad[i] = 0x5c; + 8005cdc: 215c movs r1, #92 ; 0x5c + for (; i < hash_context->block_size; ++i) + 8005cde: 68e2 ldr r2, [r4, #12] + 8005ce0: 429a cmp r2, r3 + 8005ce2: d81c bhi.n 8005d1e + + hash_context->finish_hash(hash_context, result); + 8005ce4: 4629 mov r1, r5 + 8005ce6: 68a3 ldr r3, [r4, #8] + 8005ce8: 4620 mov r0, r4 + 8005cea: 4798 blx r3 + + hash_context->init_hash(hash_context); + 8005cec: 6823 ldr r3, [r4, #0] + 8005cee: 4620 mov r0, r4 + 8005cf0: 4798 blx r3 + hash_context->update_hash(hash_context, pad, hash_context->block_size); + 8005cf2: 6863 ldr r3, [r4, #4] + 8005cf4: 68e2 ldr r2, [r4, #12] + 8005cf6: 4631 mov r1, r6 + 8005cf8: 4620 mov r0, r4 + 8005cfa: 4798 blx r3 + hash_context->update_hash(hash_context, result, hash_context->result_size); + 8005cfc: 6863 ldr r3, [r4, #4] + 8005cfe: 6922 ldr r2, [r4, #16] + 8005d00: 4629 mov r1, r5 + 8005d02: 4620 mov r0, r4 + 8005d04: 4798 blx r3 + hash_context->finish_hash(hash_context, result); + 8005d06: 68a3 ldr r3, [r4, #8] + 8005d08: 4629 mov r1, r5 + 8005d0a: 4620 mov r0, r4 +} + 8005d0c: e8bd 4070 ldmia.w sp!, {r4, r5, r6, lr} + hash_context->finish_hash(hash_context, result); + 8005d10: 4718 bx r3 + pad[i] = K[i] ^ 0x5c; + 8005d12: 5cca ldrb r2, [r1, r3] + 8005d14: f082 025c eor.w r2, r2, #92 ; 0x5c + 8005d18: 54f2 strb r2, [r6, r3] + for (i = 0; i < hash_context->result_size; ++i) + 8005d1a: 3301 adds r3, #1 + 8005d1c: e7db b.n 8005cd6 + pad[i] = 0x5c; + 8005d1e: 54f1 strb r1, [r6, r3] + for (; i < hash_context->block_size; ++i) + 8005d20: 3301 adds r3, #1 + 8005d22: e7dc b.n 8005cde + +08005d24 : + +/* V = HMAC_K(V) */ +static void update_V(uECC_HashContext *hash_context, uint8_t *K, uint8_t *V) { + 8005d24: b570 push {r4, r5, r6, lr} + 8005d26: 4604 mov r4, r0 + 8005d28: 4615 mov r5, r2 + 8005d2a: 460e mov r6, r1 + HMAC_init(hash_context, K); + 8005d2c: f7ff ffa8 bl 8005c80 + HMAC_update(hash_context, V, hash_context->result_size); + 8005d30: 6922 ldr r2, [r4, #16] + 8005d32: 4629 mov r1, r5 + 8005d34: 4620 mov r0, r4 + 8005d36: f7ff ffc4 bl 8005cc2 + HMAC_finish(hash_context, K, V); + 8005d3a: 462a mov r2, r5 + 8005d3c: 4631 mov r1, r6 + 8005d3e: 4620 mov r0, r4 +} + 8005d40: e8bd 4070 ldmia.w sp!, {r4, r5, r6, lr} + HMAC_finish(hash_context, K, V); + 8005d44: f7ff bfbf b.w 8005cc6 + +08005d48 : +uECC_VLI_API uECC_word_t uECC_vli_sub(uECC_word_t *result, + 8005d48: b530 push {r4, r5, lr} + __asm__ volatile ( + 8005d4a: 2300 movs r3, #0 + 8005d4c: c910 ldmia r1!, {r4} + 8005d4e: ca20 ldmia r2!, {r5} + 8005d50: 1b64 subs r4, r4, r5 + 8005d52: c010 stmia r0!, {r4} + 8005d54: c910 ldmia r1!, {r4} + 8005d56: ca20 ldmia r2!, {r5} + 8005d58: 41ac sbcs r4, r5 + 8005d5a: c010 stmia r0!, {r4} + 8005d5c: c910 ldmia r1!, {r4} + 8005d5e: ca20 ldmia r2!, {r5} + 8005d60: 41ac sbcs r4, r5 + 8005d62: c010 stmia r0!, {r4} + 8005d64: c910 ldmia r1!, {r4} + 8005d66: ca20 ldmia r2!, {r5} + 8005d68: 41ac sbcs r4, r5 + 8005d6a: c010 stmia r0!, {r4} + 8005d6c: c910 ldmia r1!, {r4} + 8005d6e: ca20 ldmia r2!, {r5} + 8005d70: 41ac sbcs r4, r5 + 8005d72: c010 stmia r0!, {r4} + 8005d74: c910 ldmia r1!, {r4} + 8005d76: ca20 ldmia r2!, {r5} + 8005d78: 41ac sbcs r4, r5 + 8005d7a: c010 stmia r0!, {r4} + 8005d7c: c910 ldmia r1!, {r4} + 8005d7e: ca20 ldmia r2!, {r5} + 8005d80: 41ac sbcs r4, r5 + 8005d82: c010 stmia r0!, {r4} + 8005d84: c910 ldmia r1!, {r4} + 8005d86: ca20 ldmia r2!, {r5} + 8005d88: 41ac sbcs r4, r5 + 8005d8a: c010 stmia r0!, {r4} + 8005d8c: 415b adcs r3, r3 +} + 8005d8e: fab3 f083 clz r0, r3 + 8005d92: 0940 lsrs r0, r0, #5 + 8005d94: bd30 pop {r4, r5, pc} + +08005d96 : + uECC_Curve curve) { + 8005d96: e92d 43f8 stmdb sp!, {r3, r4, r5, r6, r7, r8, r9, lr} + 8005d9a: 4698 mov r8, r3 + unsigned num_n_bytes = BITS_TO_BYTES(curve->num_n_bits); + 8005d9c: f9b3 3002 ldrsh.w r3, [r3, #2] + unsigned num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8005da0: f113 041f adds.w r4, r3, #31 + 8005da4: bf48 it mi + 8005da6: f103 043e addmi.w r4, r3, #62 ; 0x3e + unsigned num_n_bytes = BITS_TO_BYTES(curve->num_n_bits); + 8005daa: 1ddd adds r5, r3, #7 + 8005dac: bf48 it mi + 8005dae: f103 050e addmi.w r5, r3, #14 + unsigned num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8005db2: 1166 asrs r6, r4, #5 + unsigned num_n_bytes = BITS_TO_BYTES(curve->num_n_bits); + 8005db4: 10ec asrs r4, r5, #3 + 8005db6: 4294 cmp r4, r2 + uECC_vli_clear(native, num_n_words); + 8005db8: b275 sxtb r5, r6 + 8005dba: bf28 it cs + 8005dbc: 4614 movcs r4, r2 + uECC_Curve curve) { + 8005dbe: 4607 mov r7, r0 + 8005dc0: 4689 mov r9, r1 + uECC_vli_clear(native, num_n_words); + 8005dc2: 4629 mov r1, r5 + 8005dc4: f7ff fde8 bl 8005998 + uECC_vli_bytesToNative(native, bits, bits_size); + 8005dc8: 4622 mov r2, r4 + 8005dca: 4649 mov r1, r9 + 8005dcc: 4638 mov r0, r7 + 8005dce: f7ff ff37 bl 8005c40 + if (bits_size * 8 <= (unsigned)curve->num_n_bits) { + 8005dd2: f9b8 2002 ldrsh.w r2, [r8, #2] + 8005dd6: ebb2 0fc4 cmp.w r2, r4, lsl #3 + 8005dda: ea4f 03c4 mov.w r3, r4, lsl #3 + 8005dde: d21f bcs.n 8005e20 + int shift = bits_size * 8 - curve->num_n_bits; + 8005de0: 1a9b subs r3, r3, r2 + uECC_word_t *ptr = native + num_n_words; + 8005de2: eb07 0486 add.w r4, r7, r6, lsl #2 + uECC_word_t carry = 0; + 8005de6: 2100 movs r1, #0 + carry = temp << (uECC_WORD_BITS - shift); + 8005de8: f1c3 0620 rsb r6, r3, #32 + while (ptr-- > native) { + 8005dec: 42a7 cmp r7, r4 + 8005dee: d30e bcc.n 8005e0e + if (uECC_vli_cmp_unsafe(curve->n, native, num_n_words) != 1) { + 8005df0: f108 0824 add.w r8, r8, #36 ; 0x24 + 8005df4: 462a mov r2, r5 + 8005df6: 4639 mov r1, r7 + 8005df8: 4640 mov r0, r8 + 8005dfa: f7ff fe18 bl 8005a2e + 8005dfe: 2801 cmp r0, #1 + 8005e00: d00e beq.n 8005e20 + uECC_vli_sub(native, native, curve->n, num_n_words); + 8005e02: 4642 mov r2, r8 + 8005e04: 4638 mov r0, r7 +} + 8005e06: e8bd 43f8 ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, lr} + uECC_vli_sub(native, native, curve->n, num_n_words); + 8005e0a: f7ff bf9d b.w 8005d48 + uECC_word_t temp = *ptr; + 8005e0e: f854 0d04 ldr.w r0, [r4, #-4]! + *ptr = (temp >> shift) | carry; + 8005e12: fa20 f203 lsr.w r2, r0, r3 + 8005e16: 430a orrs r2, r1 + 8005e18: 6022 str r2, [r4, #0] + carry = temp << (uECC_WORD_BITS - shift); + 8005e1a: fa00 f106 lsl.w r1, r0, r6 + 8005e1e: e7e5 b.n 8005dec +} + 8005e20: e8bd 83f8 ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, pc} + +08005e24 : + wordcount_t num_words) { + 8005e24: b530 push {r4, r5, lr} + 8005e26: b089 sub sp, #36 ; 0x24 + 8005e28: 4615 mov r5, r2 + uECC_word_t neg = !!uECC_vli_sub(tmp, left, right, num_words); + 8005e2a: 460a mov r2, r1 + 8005e2c: 4601 mov r1, r0 + 8005e2e: 4668 mov r0, sp + 8005e30: f7ff ff8a bl 8005d48 + uECC_word_t equal = uECC_vli_isZero(tmp, num_words); + 8005e34: 4629 mov r1, r5 + uECC_word_t neg = !!uECC_vli_sub(tmp, left, right, num_words); + 8005e36: 4604 mov r4, r0 + uECC_word_t equal = uECC_vli_isZero(tmp, num_words); + 8005e38: 4668 mov r0, sp + 8005e3a: f7ff fdb3 bl 80059a4 + uECC_word_t neg = !!uECC_vli_sub(tmp, left, right, num_words); + 8005e3e: 3c00 subs r4, #0 + 8005e40: bf18 it ne + 8005e42: 2401 movne r4, #1 + return (!equal - 2 * neg); + 8005e44: 0064 lsls r4, r4, #1 +} + 8005e46: 2800 cmp r0, #0 + 8005e48: bf14 ite ne + 8005e4a: 4260 negne r0, r4 + 8005e4c: f1c4 0001 rsbeq r0, r4, #1 + 8005e50: b009 add sp, #36 ; 0x24 + 8005e52: bd30 pop {r4, r5, pc} + +08005e54 : + wordcount_t num_words) { + 8005e54: e92d 4ff8 stmdb sp!, {r3, r4, r5, r6, r7, r8, r9, sl, fp, lr} + 8005e58: 460f mov r7, r1 + if (!g_rng_function) { + 8005e5a: f8df a06c ldr.w sl, [pc, #108] ; 8005ec8 + wordcount_t num_words) { + 8005e5e: 4606 mov r6, r0 + bitcount_t num_bits = uECC_vli_numBits(top, num_words); + 8005e60: 4611 mov r1, r2 + 8005e62: 4638 mov r0, r7 + wordcount_t num_words) { + 8005e64: 4614 mov r4, r2 + bitcount_t num_bits = uECC_vli_numBits(top, num_words); + 8005e66: f7ff fdb6 bl 80059d6 + if (!g_rng_function) { + 8005e6a: f8da 3000 ldr.w r3, [sl] + 8005e6e: b303 cbz r3, 8005eb2 + if (!g_rng_function((uint8_t *)random, num_words * uECC_WORD_SIZE)) { + 8005e70: 2504 movs r5, #4 + random[num_words - 1] &= mask >> ((bitcount_t)(num_words * uECC_WORD_SIZE * 8 - num_bits)); + 8005e72: ebc0 1044 rsb r0, r0, r4, lsl #5 + if (!g_rng_function((uint8_t *)random, num_words * uECC_WORD_SIZE)) { + 8005e76: fb14 fb05 smulbb fp, r4, r5 + random[num_words - 1] &= mask >> ((bitcount_t)(num_words * uECC_WORD_SIZE * 8 - num_bits)); + 8005e7a: b200 sxth r0, r0 + 8005e7c: fb05 6504 mla r5, r5, r4, r6 + 8005e80: f04f 38ff mov.w r8, #4294967295 ; 0xffffffff + 8005e84: 3d04 subs r5, #4 + 8005e86: fa28 f800 lsr.w r8, r8, r0 + 8005e8a: f04f 0940 mov.w r9, #64 ; 0x40 + if (!g_rng_function((uint8_t *)random, num_words * uECC_WORD_SIZE)) { + 8005e8e: f8da 3000 ldr.w r3, [sl] + 8005e92: 4659 mov r1, fp + 8005e94: 4630 mov r0, r6 + 8005e96: 4798 blx r3 + 8005e98: b158 cbz r0, 8005eb2 + random[num_words - 1] &= mask >> ((bitcount_t)(num_words * uECC_WORD_SIZE * 8 - num_bits)); + 8005e9a: 682b ldr r3, [r5, #0] + 8005e9c: ea03 0308 and.w r3, r3, r8 + 8005ea0: 602b str r3, [r5, #0] + if (!uECC_vli_isZero(random, num_words) && + 8005ea2: 4621 mov r1, r4 + 8005ea4: 4630 mov r0, r6 + 8005ea6: f7ff fd7d bl 80059a4 + 8005eaa: b120 cbz r0, 8005eb6 + for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) { + 8005eac: f1b9 0901 subs.w r9, r9, #1 + 8005eb0: d1ed bne.n 8005e8e + return 0; + 8005eb2: 2000 movs r0, #0 + 8005eb4: e006 b.n 8005ec4 + uECC_vli_cmp(top, random, num_words) == 1) { + 8005eb6: 4622 mov r2, r4 + 8005eb8: 4631 mov r1, r6 + 8005eba: 4638 mov r0, r7 + 8005ebc: f7ff ffb2 bl 8005e24 + if (!uECC_vli_isZero(random, num_words) && + 8005ec0: 2801 cmp r0, #1 + 8005ec2: d1f3 bne.n 8005eac +} + 8005ec4: e8bd 8ff8 ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, sl, fp, pc} + 8005ec8: 2009e2a4 .word 0x2009e2a4 + +08005ecc : +uECC_VLI_API uECC_word_t uECC_vli_add(uECC_word_t *result, + 8005ecc: b530 push {r4, r5, lr} + __asm__ volatile ( + 8005ece: 4603 mov r3, r0 + 8005ed0: 2000 movs r0, #0 + 8005ed2: c910 ldmia r1!, {r4} + 8005ed4: ca20 ldmia r2!, {r5} + 8005ed6: 1964 adds r4, r4, r5 + 8005ed8: c310 stmia r3!, {r4} + 8005eda: c910 ldmia r1!, {r4} + 8005edc: ca20 ldmia r2!, {r5} + 8005ede: 416c adcs r4, r5 + 8005ee0: c310 stmia r3!, {r4} + 8005ee2: c910 ldmia r1!, {r4} + 8005ee4: ca20 ldmia r2!, {r5} + 8005ee6: 416c adcs r4, r5 + 8005ee8: c310 stmia r3!, {r4} + 8005eea: c910 ldmia r1!, {r4} + 8005eec: ca20 ldmia r2!, {r5} + 8005eee: 416c adcs r4, r5 + 8005ef0: c310 stmia r3!, {r4} + 8005ef2: c910 ldmia r1!, {r4} + 8005ef4: ca20 ldmia r2!, {r5} + 8005ef6: 416c adcs r4, r5 + 8005ef8: c310 stmia r3!, {r4} + 8005efa: c910 ldmia r1!, {r4} + 8005efc: ca20 ldmia r2!, {r5} + 8005efe: 416c adcs r4, r5 + 8005f00: c310 stmia r3!, {r4} + 8005f02: c910 ldmia r1!, {r4} + 8005f04: ca20 ldmia r2!, {r5} + 8005f06: 416c adcs r4, r5 + 8005f08: c310 stmia r3!, {r4} + 8005f0a: c910 ldmia r1!, {r4} + 8005f0c: ca20 ldmia r2!, {r5} + 8005f0e: 416c adcs r4, r5 + 8005f10: c310 stmia r3!, {r4} + 8005f12: 4140 adcs r0, r0 +} + 8005f14: bd30 pop {r4, r5, pc} + +08005f16 : + uECC_Curve curve) { + 8005f16: b573 push {r0, r1, r4, r5, r6, lr} + 8005f18: 460d mov r5, r1 + 8005f1a: 4616 mov r6, r2 + uECC_word_t carry = uECC_vli_add(k0, k, curve->n, num_n_words) || + 8005f1c: 4601 mov r1, r0 + 8005f1e: f103 0224 add.w r2, r3, #36 ; 0x24 + 8005f22: 4628 mov r0, r5 + 8005f24: 9201 str r2, [sp, #4] + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8005f26: f9b3 4002 ldrsh.w r4, [r3, #2] + uECC_word_t carry = uECC_vli_add(k0, k, curve->n, num_n_words) || + 8005f2a: f7ff ffcf bl 8005ecc + 8005f2e: 9a01 ldr r2, [sp, #4] + 8005f30: b9c8 cbnz r0, 8005f66 + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8005f32: f114 031f adds.w r3, r4, #31 + 8005f36: bf48 it mi + 8005f38: f104 033e addmi.w r3, r4, #62 ; 0x3e + (num_n_bits < ((bitcount_t)num_n_words * uECC_WORD_SIZE * 8) && + 8005f3c: f343 1347 sbfx r3, r3, #5, #8 + uECC_word_t carry = uECC_vli_add(k0, k, curve->n, num_n_words) || + 8005f40: ebb4 1f43 cmp.w r4, r3, lsl #5 + 8005f44: da11 bge.n 8005f6a + uECC_vli_testBit(k0, num_n_bits)); + 8005f46: 4621 mov r1, r4 + 8005f48: 4628 mov r0, r5 + 8005f4a: 9201 str r2, [sp, #4] + 8005f4c: f7ff fd39 bl 80059c2 + 8005f50: 9a01 ldr r2, [sp, #4] + (num_n_bits < ((bitcount_t)num_n_words * uECC_WORD_SIZE * 8) && + 8005f52: 1e04 subs r4, r0, #0 + 8005f54: bf18 it ne + 8005f56: 2401 movne r4, #1 + uECC_vli_add(k1, k0, curve->n, num_n_words); + 8005f58: 4629 mov r1, r5 + 8005f5a: 4630 mov r0, r6 + 8005f5c: f7ff ffb6 bl 8005ecc +} + 8005f60: 4620 mov r0, r4 + 8005f62: b002 add sp, #8 + 8005f64: bd70 pop {r4, r5, r6, pc} + uECC_word_t carry = uECC_vli_add(k0, k, curve->n, num_n_words) || + 8005f66: 2401 movs r4, #1 + 8005f68: e7f6 b.n 8005f58 + 8005f6a: 2400 movs r4, #0 + 8005f6c: e7f4 b.n 8005f58 + +08005f6e : + /* add the 2^32 multiple */ + result[4 + num_words_secp256k1] = + uECC_vli_add(result + 4, result + 4, right, num_words_secp256k1); +} +#elif uECC_WORD_SIZE == 4 +static void omega_mult_secp256k1(uint32_t * result, const uint32_t * right) { + 8005f6e: b5f8 push {r3, r4, r5, r6, r7, lr} + 8005f70: 460a mov r2, r1 + /* Multiply by (2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1). */ + uint32_t carry = 0; + 8005f72: 2300 movs r3, #0 +static void omega_mult_secp256k1(uint32_t * result, const uint32_t * right) { + 8005f74: 4604 mov r4, r0 + 8005f76: 3904 subs r1, #4 + 8005f78: 3804 subs r0, #4 + 8005f7a: f102 071c add.w r7, r2, #28 + wordcount_t k; + + for (k = 0; k < num_words_secp256k1; ++k) { + uint64_t p = (uint64_t)0x3D1 * right[k] + carry; + 8005f7e: 469e mov lr, r3 + 8005f80: f240 35d1 movw r5, #977 ; 0x3d1 + 8005f84: f851 6f04 ldr.w r6, [r1, #4]! + 8005f88: 46f4 mov ip, lr + 8005f8a: fbe6 3c05 umlal r3, ip, r6, r5 + for (k = 0; k < num_words_secp256k1; ++k) { + 8005f8e: 428f cmp r7, r1 + result[k] = p; + 8005f90: f840 3f04 str.w r3, [r0, #4]! + carry = p >> 32; + 8005f94: 4663 mov r3, ip + for (k = 0; k < num_words_secp256k1; ++k) { + 8005f96: d1f5 bne.n 8005f84 + } + result[num_words_secp256k1] = carry; + /* add the 2^32 multiple */ + result[1 + num_words_secp256k1] = + uECC_vli_add(result + 1, result + 1, right, num_words_secp256k1); + 8005f98: 1d21 adds r1, r4, #4 + result[num_words_secp256k1] = carry; + 8005f9a: f8c4 c020 str.w ip, [r4, #32] + uECC_vli_add(result + 1, result + 1, right, num_words_secp256k1); + 8005f9e: 4608 mov r0, r1 + 8005fa0: f7ff ff94 bl 8005ecc + result[1 + num_words_secp256k1] = + 8005fa4: 6260 str r0, [r4, #36] ; 0x24 +} + 8005fa6: bdf8 pop {r3, r4, r5, r6, r7, pc} + +08005fa8 : +static void vli_mmod_fast_secp256k1(uECC_word_t *result, uECC_word_t *product) { + 8005fa8: b570 push {r4, r5, r6, lr} + 8005faa: b090 sub sp, #64 ; 0x40 + 8005fac: 460e mov r6, r1 + 8005fae: 4604 mov r4, r0 + uECC_vli_clear(tmp, num_words_secp256k1); + 8005fb0: 2108 movs r1, #8 + 8005fb2: 4668 mov r0, sp + 8005fb4: f7ff fcf0 bl 8005998 + uECC_vli_clear(tmp + num_words_secp256k1, num_words_secp256k1); + 8005fb8: 2108 movs r1, #8 + 8005fba: a808 add r0, sp, #32 + 8005fbc: f7ff fcec bl 8005998 + omega_mult_secp256k1(tmp, product + num_words_secp256k1); /* (Rq, q) = q * c */ + 8005fc0: f106 0120 add.w r1, r6, #32 + 8005fc4: 4668 mov r0, sp + 8005fc6: f7ff ffd2 bl 8005f6e + carry = uECC_vli_add(result, product, tmp, num_words_secp256k1); /* (C, r) = r + q */ + 8005fca: 466a mov r2, sp + 8005fcc: 4631 mov r1, r6 + 8005fce: 4620 mov r0, r4 + 8005fd0: f7ff ff7c bl 8005ecc + uECC_vli_clear(product, num_words_secp256k1); + 8005fd4: 2108 movs r1, #8 + carry = uECC_vli_add(result, product, tmp, num_words_secp256k1); /* (C, r) = r + q */ + 8005fd6: 4605 mov r5, r0 + uECC_vli_clear(product, num_words_secp256k1); + 8005fd8: 4630 mov r0, r6 + 8005fda: f7ff fcdd bl 8005998 + omega_mult_secp256k1(product, tmp + num_words_secp256k1); /* Rq*c */ + 8005fde: 4630 mov r0, r6 + 8005fe0: a908 add r1, sp, #32 + 8005fe2: f7ff ffc4 bl 8005f6e + carry += uECC_vli_add(result, result, product, num_words_secp256k1); /* (C1, r) = r + Rq*c */ + 8005fe6: 4632 mov r2, r6 + 8005fe8: 4621 mov r1, r4 + 8005fea: 4620 mov r0, r4 + 8005fec: f7ff ff6e bl 8005ecc + uECC_vli_sub(result, result, curve_secp256k1.p, num_words_secp256k1); + 8005ff0: 4e0b ldr r6, [pc, #44] ; (8006020 ) + carry += uECC_vli_add(result, result, product, num_words_secp256k1); /* (C1, r) = r + Rq*c */ + 8005ff2: 4405 add r5, r0 + while (carry > 0) { + 8005ff4: b96d cbnz r5, 8006012 + if (uECC_vli_cmp_unsafe(result, curve_secp256k1.p, num_words_secp256k1) > 0) { + 8005ff6: 490a ldr r1, [pc, #40] ; (8006020 ) + 8005ff8: 2208 movs r2, #8 + 8005ffa: 4620 mov r0, r4 + 8005ffc: f7ff fd17 bl 8005a2e + 8006000: 2800 cmp r0, #0 + 8006002: dd04 ble.n 800600e + uECC_vli_sub(result, result, curve_secp256k1.p, num_words_secp256k1); + 8006004: 460a mov r2, r1 + 8006006: 4620 mov r0, r4 + 8006008: 4621 mov r1, r4 + 800600a: f7ff fe9d bl 8005d48 +} + 800600e: b010 add sp, #64 ; 0x40 + 8006010: bd70 pop {r4, r5, r6, pc} + uECC_vli_sub(result, result, curve_secp256k1.p, num_words_secp256k1); + 8006012: 4632 mov r2, r6 + 8006014: 4621 mov r1, r4 + 8006016: 4620 mov r0, r4 + --carry; + 8006018: 3d01 subs r5, #1 + uECC_vli_sub(result, result, curve_secp256k1.p, num_words_secp256k1); + 800601a: f7ff fe95 bl 8005d48 + 800601e: e7e9 b.n 8005ff4 + 8006020: 080108f4 .word 0x080108f4 + +08006024 : +static void vli_mmod_fast_secp256r1(uint32_t *result, uint32_t *product) { + 8006024: e92d 44f0 stmdb sp!, {r4, r5, r6, r7, sl, lr} + uECC_vli_set(result, product, num_words_secp256r1); + 8006028: 2208 movs r2, #8 +static void vli_mmod_fast_secp256r1(uint32_t *result, uint32_t *product) { + 800602a: b088 sub sp, #32 + uECC_vli_set(result, product, num_words_secp256r1); + 800602c: f7ff fcf3 bl 8005a16 + tmp[3] = product[11]; + 8006030: 6acb ldr r3, [r1, #44] ; 0x2c + 8006032: 9303 str r3, [sp, #12] + tmp[4] = product[12]; + 8006034: 6b0b ldr r3, [r1, #48] ; 0x30 + 8006036: 9304 str r3, [sp, #16] + tmp[5] = product[13]; + 8006038: 6b4b ldr r3, [r1, #52] ; 0x34 + 800603a: 9305 str r3, [sp, #20] + tmp[6] = product[14]; + 800603c: 6b8b ldr r3, [r1, #56] ; 0x38 + 800603e: 9306 str r3, [sp, #24] +static void vli_mmod_fast_secp256r1(uint32_t *result, uint32_t *product) { + 8006040: 460c mov r4, r1 + 8006042: 4682 mov sl, r0 + tmp[0] = tmp[1] = tmp[2] = 0; + 8006044: 2700 movs r7, #0 + tmp[7] = product[15]; + 8006046: 6bcb ldr r3, [r1, #60] ; 0x3c + 8006048: 9307 str r3, [sp, #28] + carry = uECC_vli_add(tmp, tmp, tmp, num_words_secp256r1); + 800604a: 466a mov r2, sp + 800604c: 4669 mov r1, sp + 800604e: 4668 mov r0, sp + tmp[0] = tmp[1] = tmp[2] = 0; + 8006050: e9cd 7701 strd r7, r7, [sp, #4] + 8006054: 9700 str r7, [sp, #0] + carry = uECC_vli_add(tmp, tmp, tmp, num_words_secp256r1); + 8006056: f7ff ff39 bl 8005ecc + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 800605a: 466a mov r2, sp + carry = uECC_vli_add(tmp, tmp, tmp, num_words_secp256r1); + 800605c: 4605 mov r5, r0 + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 800605e: 4651 mov r1, sl + 8006060: 4650 mov r0, sl + 8006062: f7ff ff33 bl 8005ecc + tmp[3] = product[12]; + 8006066: 6b23 ldr r3, [r4, #48] ; 0x30 + 8006068: 9303 str r3, [sp, #12] + tmp[4] = product[13]; + 800606a: 6b63 ldr r3, [r4, #52] ; 0x34 + 800606c: 9304 str r3, [sp, #16] + tmp[5] = product[14]; + 800606e: 6ba3 ldr r3, [r4, #56] ; 0x38 + 8006070: 9305 str r3, [sp, #20] + tmp[6] = product[15]; + 8006072: 6be3 ldr r3, [r4, #60] ; 0x3c + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 8006074: 4405 add r5, r0 + carry += uECC_vli_add(tmp, tmp, tmp, num_words_secp256r1); + 8006076: 466a mov r2, sp + 8006078: 4669 mov r1, sp + 800607a: 4668 mov r0, sp + tmp[7] = 0; + 800607c: e9cd 3706 strd r3, r7, [sp, #24] + carry += uECC_vli_add(tmp, tmp, tmp, num_words_secp256r1); + 8006080: f7ff ff24 bl 8005ecc + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 8006084: 466a mov r2, sp + carry += uECC_vli_add(tmp, tmp, tmp, num_words_secp256r1); + 8006086: 4405 add r5, r0 + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 8006088: 4651 mov r1, sl + 800608a: 4650 mov r0, sl + 800608c: f7ff ff1e bl 8005ecc + tmp[0] = product[8]; + 8006090: 6a23 ldr r3, [r4, #32] + 8006092: 9300 str r3, [sp, #0] + tmp[1] = product[9]; + 8006094: 6a63 ldr r3, [r4, #36] ; 0x24 + 8006096: 9301 str r3, [sp, #4] + tmp[2] = product[10]; + 8006098: 6aa3 ldr r3, [r4, #40] ; 0x28 + 800609a: 9302 str r3, [sp, #8] + tmp[6] = product[14]; + 800609c: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800609e: 9306 str r3, [sp, #24] + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 80060a0: 4405 add r5, r0 + tmp[7] = product[15]; + 80060a2: 6be3 ldr r3, [r4, #60] ; 0x3c + 80060a4: 9307 str r3, [sp, #28] + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 80060a6: 466a mov r2, sp + 80060a8: 4651 mov r1, sl + 80060aa: 4650 mov r0, sl + tmp[3] = tmp[4] = tmp[5] = 0; + 80060ac: e9cd 7704 strd r7, r7, [sp, #16] + 80060b0: 9703 str r7, [sp, #12] + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 80060b2: f7ff ff0b bl 8005ecc + tmp[0] = product[9]; + 80060b6: 6a63 ldr r3, [r4, #36] ; 0x24 + 80060b8: 9300 str r3, [sp, #0] + tmp[1] = product[10]; + 80060ba: 6aa3 ldr r3, [r4, #40] ; 0x28 + tmp[4] = product[14]; + 80060bc: 6ba2 ldr r2, [r4, #56] ; 0x38 + tmp[1] = product[10]; + 80060be: 9301 str r3, [sp, #4] + tmp[2] = product[11]; + 80060c0: 6ae3 ldr r3, [r4, #44] ; 0x2c + 80060c2: 9302 str r3, [sp, #8] + tmp[4] = product[14]; + 80060c4: 9204 str r2, [sp, #16] + tmp[3] = product[13]; + 80060c6: 6b63 ldr r3, [r4, #52] ; 0x34 + tmp[5] = product[15]; + 80060c8: 6be2 ldr r2, [r4, #60] ; 0x3c + tmp[3] = product[13]; + 80060ca: 9303 str r3, [sp, #12] + tmp[6] = product[13]; + 80060cc: e9cd 2305 strd r2, r3, [sp, #20] + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 80060d0: 182e adds r6, r5, r0 + tmp[7] = product[8]; + 80060d2: 6a23 ldr r3, [r4, #32] + 80060d4: 9307 str r3, [sp, #28] + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 80060d6: 466a mov r2, sp + 80060d8: 4651 mov r1, sl + 80060da: 4650 mov r0, sl + 80060dc: f7ff fef6 bl 8005ecc + tmp[0] = product[11]; + 80060e0: 6ae3 ldr r3, [r4, #44] ; 0x2c + 80060e2: 9300 str r3, [sp, #0] + tmp[1] = product[12]; + 80060e4: 6b23 ldr r3, [r4, #48] ; 0x30 + 80060e6: 9301 str r3, [sp, #4] + tmp[2] = product[13]; + 80060e8: 6b63 ldr r3, [r4, #52] ; 0x34 + 80060ea: 9302 str r3, [sp, #8] + tmp[6] = product[8]; + 80060ec: 6a23 ldr r3, [r4, #32] + 80060ee: 9306 str r3, [sp, #24] + carry += uECC_vli_add(result, result, tmp, num_words_secp256r1); + 80060f0: 1835 adds r5, r6, r0 + tmp[7] = product[10]; + 80060f2: 6aa3 ldr r3, [r4, #40] ; 0x28 + 80060f4: 9307 str r3, [sp, #28] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 80060f6: 466a mov r2, sp + 80060f8: 4651 mov r1, sl + 80060fa: 4650 mov r0, sl + tmp[3] = tmp[4] = tmp[5] = 0; + 80060fc: e9cd 7704 strd r7, r7, [sp, #16] + 8006100: 9703 str r7, [sp, #12] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8006102: f7ff fe21 bl 8005d48 + tmp[0] = product[12]; + 8006106: 6b23 ldr r3, [r4, #48] ; 0x30 + 8006108: 9300 str r3, [sp, #0] + tmp[1] = product[13]; + 800610a: 6b63 ldr r3, [r4, #52] ; 0x34 + 800610c: 9301 str r3, [sp, #4] + tmp[2] = product[14]; + 800610e: 6ba3 ldr r3, [r4, #56] ; 0x38 + 8006110: 9302 str r3, [sp, #8] + tmp[3] = product[15]; + 8006112: 6be3 ldr r3, [r4, #60] ; 0x3c + 8006114: 9303 str r3, [sp, #12] + tmp[6] = product[9]; + 8006116: 6a63 ldr r3, [r4, #36] ; 0x24 + 8006118: 9306 str r3, [sp, #24] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 800611a: 1a2e subs r6, r5, r0 + tmp[7] = product[11]; + 800611c: 6ae3 ldr r3, [r4, #44] ; 0x2c + 800611e: 9307 str r3, [sp, #28] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8006120: 466a mov r2, sp + 8006122: 4651 mov r1, sl + 8006124: 4650 mov r0, sl + tmp[4] = tmp[5] = 0; + 8006126: e9cd 7704 strd r7, r7, [sp, #16] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 800612a: f7ff fe0d bl 8005d48 + tmp[0] = product[13]; + 800612e: 6b63 ldr r3, [r4, #52] ; 0x34 + 8006130: 9300 str r3, [sp, #0] + tmp[1] = product[14]; + 8006132: 6ba3 ldr r3, [r4, #56] ; 0x38 + 8006134: 9301 str r3, [sp, #4] + tmp[2] = product[15]; + 8006136: 6be3 ldr r3, [r4, #60] ; 0x3c + 8006138: 9302 str r3, [sp, #8] + tmp[3] = product[8]; + 800613a: 6a23 ldr r3, [r4, #32] + 800613c: 9303 str r3, [sp, #12] + tmp[4] = product[9]; + 800613e: 6a63 ldr r3, [r4, #36] ; 0x24 + 8006140: 9304 str r3, [sp, #16] + tmp[5] = product[10]; + 8006142: 6aa3 ldr r3, [r4, #40] ; 0x28 + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8006144: 1a36 subs r6, r6, r0 + tmp[6] = 0; + 8006146: e9cd 3705 strd r3, r7, [sp, #20] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 800614a: 466a mov r2, sp + tmp[7] = product[12]; + 800614c: 6b23 ldr r3, [r4, #48] ; 0x30 + 800614e: 9307 str r3, [sp, #28] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8006150: 4651 mov r1, sl + 8006152: 4650 mov r0, sl + 8006154: f7ff fdf8 bl 8005d48 + tmp[0] = product[14]; + 8006158: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800615a: 9300 str r3, [sp, #0] + tmp[1] = product[15]; + 800615c: 6be3 ldr r3, [r4, #60] ; 0x3c + tmp[2] = 0; + 800615e: e9cd 3701 strd r3, r7, [sp, #4] + tmp[3] = product[9]; + 8006162: 6a63 ldr r3, [r4, #36] ; 0x24 + 8006164: 9303 str r3, [sp, #12] + tmp[4] = product[10]; + 8006166: 6aa3 ldr r3, [r4, #40] ; 0x28 + 8006168: 9304 str r3, [sp, #16] + tmp[5] = product[11]; + 800616a: 6ae3 ldr r3, [r4, #44] ; 0x2c + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 800616c: 1a36 subs r6, r6, r0 + tmp[6] = 0; + 800616e: e9cd 3705 strd r3, r7, [sp, #20] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8006172: 466a mov r2, sp + tmp[7] = product[13]; + 8006174: 6b63 ldr r3, [r4, #52] ; 0x34 + 8006176: 9307 str r3, [sp, #28] + carry -= uECC_vli_sub(result, result, tmp, num_words_secp256r1); + 8006178: 4651 mov r1, sl + 800617a: 4650 mov r0, sl + 800617c: f7ff fde4 bl 8005d48 + if (carry < 0) { + 8006180: 1a36 subs r6, r6, r0 + carry += uECC_vli_add(result, result, curve_secp256r1.p, num_words_secp256r1); + 8006182: 4c0d ldr r4, [pc, #52] ; (80061b8 ) + if (carry < 0) { + 8006184: d40e bmi.n 80061a4 + while (carry || uECC_vli_cmp_unsafe(curve_secp256r1.p, result, num_words_secp256r1) != 1) { + 8006186: b936 cbnz r6, 8006196 + 8006188: 2208 movs r2, #8 + 800618a: 4651 mov r1, sl + 800618c: 4620 mov r0, r4 + 800618e: f7ff fc4e bl 8005a2e + 8006192: 2801 cmp r0, #1 + 8006194: d00d beq.n 80061b2 + carry -= uECC_vli_sub(result, result, curve_secp256r1.p, num_words_secp256r1); + 8006196: 4622 mov r2, r4 + 8006198: 4651 mov r1, sl + 800619a: 4650 mov r0, sl + 800619c: f7ff fdd4 bl 8005d48 + 80061a0: 1a36 subs r6, r6, r0 + 80061a2: e7f0 b.n 8006186 + carry += uECC_vli_add(result, result, curve_secp256r1.p, num_words_secp256r1); + 80061a4: 4622 mov r2, r4 + 80061a6: 4651 mov r1, sl + 80061a8: 4650 mov r0, sl + 80061aa: f7ff fe8f bl 8005ecc + } while (carry < 0); + 80061ae: 1836 adds r6, r6, r0 + 80061b0: d4f8 bmi.n 80061a4 +} + 80061b2: b008 add sp, #32 + 80061b4: e8bd 84f0 ldmia.w sp!, {r4, r5, r6, r7, sl, pc} + 80061b8: 080109a8 .word 0x080109a8 + +080061bc : +static void mod_sqrt_default(uECC_word_t *a, uECC_Curve curve) { + 80061bc: b5f0 push {r4, r5, r6, r7, lr} + 80061be: b091 sub sp, #68 ; 0x44 + 80061c0: 460d mov r5, r1 + uECC_word_t p1[uECC_MAX_WORDS] = {1}; + 80061c2: 221c movs r2, #28 + 80061c4: 2100 movs r1, #0 +static void mod_sqrt_default(uECC_word_t *a, uECC_Curve curve) { + 80061c6: 4606 mov r6, r0 + uECC_word_t p1[uECC_MAX_WORDS] = {1}; + 80061c8: a801 add r0, sp, #4 + 80061ca: f007 fb9b bl 800d904 + 80061ce: 2401 movs r4, #1 + uECC_word_t l_result[uECC_MAX_WORDS] = {1}; + 80061d0: 221c movs r2, #28 + 80061d2: 2100 movs r1, #0 + 80061d4: a809 add r0, sp, #36 ; 0x24 + uECC_word_t p1[uECC_MAX_WORDS] = {1}; + 80061d6: 9400 str r4, [sp, #0] + uECC_word_t l_result[uECC_MAX_WORDS] = {1}; + 80061d8: f007 fb94 bl 800d904 + wordcount_t num_words = curve->num_words; + 80061dc: 4629 mov r1, r5 + uECC_vli_add(p1, curve->p, p1, num_words); /* p1 = curve_p + 1 */ + 80061de: 466a mov r2, sp + wordcount_t num_words = curve->num_words; + 80061e0: f911 7b04 ldrsb.w r7, [r1], #4 + uECC_word_t l_result[uECC_MAX_WORDS] = {1}; + 80061e4: 9408 str r4, [sp, #32] + uECC_vli_add(p1, curve->p, p1, num_words); /* p1 = curve_p + 1 */ + 80061e6: 4668 mov r0, sp + 80061e8: f7ff fe70 bl 8005ecc + for (i = uECC_vli_numBits(p1, num_words) - 1; i > 1; --i) { + 80061ec: 4639 mov r1, r7 + 80061ee: 4668 mov r0, sp + 80061f0: f7ff fbf1 bl 80059d6 + 80061f4: 1e44 subs r4, r0, #1 + 80061f6: b224 sxth r4, r4 + 80061f8: 2c01 cmp r4, #1 + 80061fa: dc06 bgt.n 800620a + uECC_vli_set(a, l_result, num_words); + 80061fc: 463a mov r2, r7 + 80061fe: a908 add r1, sp, #32 + 8006200: 4630 mov r0, r6 + 8006202: f7ff fc08 bl 8005a16 +} + 8006206: b011 add sp, #68 ; 0x44 + 8006208: bdf0 pop {r4, r5, r6, r7, pc} + uECC_vli_modSquare_fast(l_result, l_result, curve); + 800620a: a908 add r1, sp, #32 + 800620c: 4608 mov r0, r1 + 800620e: 462a mov r2, r5 + 8006210: f7ff fcdf bl 8005bd2 + if (uECC_vli_testBit(p1, i)) { + 8006214: 4621 mov r1, r4 + 8006216: 4668 mov r0, sp + 8006218: f7ff fbd3 bl 80059c2 + 800621c: b128 cbz r0, 800622a + uECC_vli_modMult_fast(l_result, l_result, a, curve); + 800621e: a908 add r1, sp, #32 + 8006220: 462b mov r3, r5 + 8006222: 4632 mov r2, r6 + 8006224: 4608 mov r0, r1 + 8006226: f7ff fcc4 bl 8005bb2 + for (i = uECC_vli_numBits(p1, num_words) - 1; i > 1; --i) { + 800622a: 3c01 subs r4, #1 + 800622c: e7e3 b.n 80061f6 + +0800622e : + if (!EVEN(uv)) { + 800622e: 6803 ldr r3, [r0, #0] + wordcount_t num_words) { + 8006230: b570 push {r4, r5, r6, lr} + if (!EVEN(uv)) { + 8006232: f013 0601 ands.w r6, r3, #1 + wordcount_t num_words) { + 8006236: 4605 mov r5, r0 + 8006238: 4614 mov r4, r2 + if (!EVEN(uv)) { + 800623a: d004 beq.n 8006246 + carry = uECC_vli_add(uv, uv, mod, num_words); + 800623c: 460a mov r2, r1 + 800623e: 4601 mov r1, r0 + 8006240: f7ff fe44 bl 8005ecc + 8006244: 4606 mov r6, r0 + uECC_vli_rshift1(uv, num_words); + 8006246: 4621 mov r1, r4 + 8006248: 4628 mov r0, r5 + 800624a: f7ff fc05 bl 8005a58 + if (carry) { + 800624e: b146 cbz r6, 8006262 + uv[num_words - 1] |= HIGH_BIT_SET; + 8006250: f104 4280 add.w r2, r4, #1073741824 ; 0x40000000 + 8006254: 3a01 subs r2, #1 + 8006256: f855 3022 ldr.w r3, [r5, r2, lsl #2] + 800625a: f043 4300 orr.w r3, r3, #2147483648 ; 0x80000000 + 800625e: f845 3022 str.w r3, [r5, r2, lsl #2] +} + 8006262: bd70 pop {r4, r5, r6, pc} + +08006264 : + wordcount_t num_words) { + 8006264: b5f0 push {r4, r5, r6, r7, lr} + 8006266: 460f mov r7, r1 + 8006268: b0a1 sub sp, #132 ; 0x84 + 800626a: 4606 mov r6, r0 + if (uECC_vli_isZero(input, num_words)) { + 800626c: 4619 mov r1, r3 + 800626e: 4638 mov r0, r7 + wordcount_t num_words) { + 8006270: 4615 mov r5, r2 + 8006272: 461c mov r4, r3 + if (uECC_vli_isZero(input, num_words)) { + 8006274: f7ff fb96 bl 80059a4 + 8006278: b128 cbz r0, 8006286 + uECC_vli_clear(result, num_words); + 800627a: 4630 mov r0, r6 +} + 800627c: b021 add sp, #132 ; 0x84 + 800627e: e8bd 40f0 ldmia.w sp!, {r4, r5, r6, r7, lr} + uECC_vli_clear(result, num_words); + 8006282: f7ff bb89 b.w 8005998 + uECC_vli_set(a, input, num_words); + 8006286: 4622 mov r2, r4 + 8006288: 4639 mov r1, r7 + 800628a: 4668 mov r0, sp + 800628c: f7ff fbc3 bl 8005a16 + uECC_vli_set(b, mod, num_words); + 8006290: 4629 mov r1, r5 + 8006292: a808 add r0, sp, #32 + 8006294: f7ff fbbf bl 8005a16 + uECC_vli_clear(u, num_words); + 8006298: 4621 mov r1, r4 + 800629a: a810 add r0, sp, #64 ; 0x40 + 800629c: f7ff fb7c bl 8005998 + u[0] = 1; + 80062a0: 2301 movs r3, #1 + uECC_vli_clear(v, num_words); + 80062a2: 4621 mov r1, r4 + 80062a4: a818 add r0, sp, #96 ; 0x60 + u[0] = 1; + 80062a6: 9310 str r3, [sp, #64] ; 0x40 + uECC_vli_clear(v, num_words); + 80062a8: f7ff fb76 bl 8005998 + while ((cmpResult = uECC_vli_cmp_unsafe(a, b, num_words)) != 0) { + 80062ac: 4622 mov r2, r4 + 80062ae: a908 add r1, sp, #32 + 80062b0: 4668 mov r0, sp + 80062b2: f7ff fbbc bl 8005a2e + 80062b6: b930 cbnz r0, 80062c6 + uECC_vli_set(result, u, num_words); + 80062b8: 4622 mov r2, r4 + 80062ba: a910 add r1, sp, #64 ; 0x40 + 80062bc: 4630 mov r0, r6 + 80062be: f7ff fbaa bl 8005a16 +} + 80062c2: b021 add sp, #132 ; 0x84 + 80062c4: bdf0 pop {r4, r5, r6, r7, pc} + if (EVEN(a)) { + 80062c6: 9b00 ldr r3, [sp, #0] + 80062c8: 07da lsls r2, r3, #31 + 80062ca: d409 bmi.n 80062e0 + uECC_vli_rshift1(a, num_words); + 80062cc: 4621 mov r1, r4 + 80062ce: 4668 mov r0, sp + 80062d0: f7ff fbc2 bl 8005a58 + vli_modInv_update(u, mod, num_words); + 80062d4: 4622 mov r2, r4 + 80062d6: 4629 mov r1, r5 + 80062d8: a810 add r0, sp, #64 ; 0x40 + vli_modInv_update(v, mod, num_words); + 80062da: f7ff ffa8 bl 800622e + 80062de: e7e5 b.n 80062ac + } else if (EVEN(b)) { + 80062e0: 9b08 ldr r3, [sp, #32] + 80062e2: 07db lsls r3, r3, #31 + 80062e4: d407 bmi.n 80062f6 + uECC_vli_rshift1(b, num_words); + 80062e6: 4621 mov r1, r4 + 80062e8: a808 add r0, sp, #32 + 80062ea: f7ff fbb5 bl 8005a58 + vli_modInv_update(v, mod, num_words); + 80062ee: 4622 mov r2, r4 + 80062f0: 4629 mov r1, r5 + 80062f2: a818 add r0, sp, #96 ; 0x60 + 80062f4: e7f1 b.n 80062da + } else if (cmpResult > 0) { + 80062f6: 2800 cmp r0, #0 + 80062f8: dd1a ble.n 8006330 + uECC_vli_sub(a, a, b, num_words); + 80062fa: aa08 add r2, sp, #32 + 80062fc: 4669 mov r1, sp + 80062fe: 4668 mov r0, sp + 8006300: f7ff fd22 bl 8005d48 + uECC_vli_rshift1(a, num_words); + 8006304: 4621 mov r1, r4 + 8006306: 4668 mov r0, sp + 8006308: f7ff fba6 bl 8005a58 + if (uECC_vli_cmp_unsafe(u, v, num_words) < 0) { + 800630c: 4622 mov r2, r4 + 800630e: a918 add r1, sp, #96 ; 0x60 + 8006310: a810 add r0, sp, #64 ; 0x40 + 8006312: f7ff fb8c bl 8005a2e + 8006316: 2800 cmp r0, #0 + 8006318: da04 bge.n 8006324 + uECC_vli_add(u, u, mod, num_words); + 800631a: a910 add r1, sp, #64 ; 0x40 + 800631c: 462a mov r2, r5 + 800631e: 4608 mov r0, r1 + 8006320: f7ff fdd4 bl 8005ecc + uECC_vli_sub(u, u, v, num_words); + 8006324: a910 add r1, sp, #64 ; 0x40 + 8006326: aa18 add r2, sp, #96 ; 0x60 + 8006328: 4608 mov r0, r1 + 800632a: f7ff fd0d bl 8005d48 + 800632e: e7d1 b.n 80062d4 + uECC_vli_sub(b, b, a, num_words); + 8006330: 466a mov r2, sp + 8006332: a808 add r0, sp, #32 + 8006334: f7ff fd08 bl 8005d48 + uECC_vli_rshift1(b, num_words); + 8006338: 4621 mov r1, r4 + 800633a: a808 add r0, sp, #32 + 800633c: f7ff fb8c bl 8005a58 + if (uECC_vli_cmp_unsafe(v, u, num_words) < 0) { + 8006340: 4622 mov r2, r4 + 8006342: a910 add r1, sp, #64 ; 0x40 + 8006344: a818 add r0, sp, #96 ; 0x60 + 8006346: f7ff fb72 bl 8005a2e + 800634a: 2800 cmp r0, #0 + 800634c: da04 bge.n 8006358 + uECC_vli_add(v, v, mod, num_words); + 800634e: a918 add r1, sp, #96 ; 0x60 + 8006350: 462a mov r2, r5 + 8006352: 4608 mov r0, r1 + 8006354: f7ff fdba bl 8005ecc + uECC_vli_sub(v, v, u, num_words); + 8006358: a918 add r1, sp, #96 ; 0x60 + 800635a: aa10 add r2, sp, #64 ; 0x40 + 800635c: 4608 mov r0, r1 + 800635e: f7ff fcf3 bl 8005d48 + 8006362: e7c4 b.n 80062ee + +08006364 : + wordcount_t num_words) { + 8006364: b570 push {r4, r5, r6, lr} + 8006366: 4604 mov r4, r0 + 8006368: f99d 6010 ldrsb.w r6, [sp, #16] + 800636c: 461d mov r5, r3 + uECC_word_t carry = uECC_vli_add(result, left, right, num_words); + 800636e: f7ff fdad bl 8005ecc + if (carry || uECC_vli_cmp_unsafe(mod, result, num_words) != 1) { + 8006372: b930 cbnz r0, 8006382 + 8006374: 4632 mov r2, r6 + 8006376: 4621 mov r1, r4 + 8006378: 4628 mov r0, r5 + 800637a: f7ff fb58 bl 8005a2e + 800637e: 2801 cmp r0, #1 + 8006380: d006 beq.n 8006390 + uECC_vli_sub(result, result, mod, num_words); + 8006382: 462a mov r2, r5 + 8006384: 4621 mov r1, r4 + 8006386: 4620 mov r0, r4 +} + 8006388: e8bd 4070 ldmia.w sp!, {r4, r5, r6, lr} + uECC_vli_sub(result, result, mod, num_words); + 800638c: f7ff bcdc b.w 8005d48 +} + 8006390: bd70 pop {r4, r5, r6, pc} + +08006392 : +static void x_side_secp256k1(uECC_word_t *result, const uECC_word_t *x, uECC_Curve curve) { + 8006392: b573 push {r0, r1, r4, r5, r6, lr} + 8006394: 4604 mov r4, r0 + 8006396: 4615 mov r5, r2 + 8006398: 460e mov r6, r1 + uECC_vli_modSquare_fast(result, x, curve); /* r = x^2 */ + 800639a: f7ff fc1a bl 8005bd2 + uECC_vli_modMult_fast(result, result, x, curve); /* r = x^3 */ + 800639e: 462b mov r3, r5 + 80063a0: 4632 mov r2, r6 + 80063a2: 4621 mov r1, r4 + 80063a4: 4620 mov r0, r4 + 80063a6: f7ff fc04 bl 8005bb2 + uECC_vli_modAdd(result, result, curve->b, curve->p, num_words_secp256k1); /* r = x^3 + b */ + 80063aa: 2308 movs r3, #8 + 80063ac: 9300 str r3, [sp, #0] + 80063ae: f105 0284 add.w r2, r5, #132 ; 0x84 + 80063b2: 1d2b adds r3, r5, #4 + 80063b4: 4621 mov r1, r4 + 80063b6: 4620 mov r0, r4 + 80063b8: f7ff ffd4 bl 8006364 +} + 80063bc: b002 add sp, #8 + 80063be: bd70 pop {r4, r5, r6, pc} + +080063c0 : +uECC_VLI_API void uECC_vli_modSub(uECC_word_t *result, + 80063c0: b538 push {r3, r4, r5, lr} + 80063c2: 4604 mov r4, r0 + 80063c4: 461d mov r5, r3 + uECC_word_t l_borrow = uECC_vli_sub(result, left, right, num_words); + 80063c6: f7ff fcbf bl 8005d48 + if (l_borrow) { + 80063ca: b130 cbz r0, 80063da + uECC_vli_add(result, result, mod, num_words); + 80063cc: 462a mov r2, r5 + 80063ce: 4621 mov r1, r4 + 80063d0: 4620 mov r0, r4 +} + 80063d2: e8bd 4038 ldmia.w sp!, {r3, r4, r5, lr} + uECC_vli_add(result, result, mod, num_words); + 80063d6: f7ff bd79 b.w 8005ecc +} + 80063da: bd38 pop {r3, r4, r5, pc} + +080063dc : + uECC_Curve curve) { + 80063dc: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 80063e0: b09a sub sp, #104 ; 0x68 + 80063e2: 4615 mov r5, r2 + 80063e4: 9f22 ldr r7, [sp, #136] ; 0x88 + wordcount_t num_words = curve->num_words; + 80063e6: 463c mov r4, r7 + uECC_Curve curve) { + 80063e8: 4698 mov r8, r3 + wordcount_t num_words = curve->num_words; + 80063ea: f914 ab04 ldrsb.w sl, [r4], #4 + uECC_Curve curve) { + 80063ee: 4606 mov r6, r0 + 80063f0: 4689 mov r9, r1 + uECC_vli_modSub(t5, X2, X1, curve->p, num_words); /* t5 = x2 - x1 */ + 80063f2: 4623 mov r3, r4 + 80063f4: 4602 mov r2, r0 + 80063f6: 4629 mov r1, r5 + 80063f8: a802 add r0, sp, #8 + 80063fa: f7ff ffe1 bl 80063c0 + uECC_vli_modSquare_fast(t5, t5, curve); /* t5 = (x2 - x1)^2 = A */ + 80063fe: a902 add r1, sp, #8 + 8006400: 463a mov r2, r7 + 8006402: 4608 mov r0, r1 + 8006404: f7ff fbe5 bl 8005bd2 + uECC_vli_modMult_fast(X1, X1, t5, curve); /* t1 = x1*A = B */ + 8006408: 463b mov r3, r7 + 800640a: aa02 add r2, sp, #8 + 800640c: 4631 mov r1, r6 + 800640e: 4630 mov r0, r6 + 8006410: f7ff fbcf bl 8005bb2 + uECC_vli_modMult_fast(X2, X2, t5, curve); /* t3 = x2*A = C */ + 8006414: 463b mov r3, r7 + 8006416: aa02 add r2, sp, #8 + 8006418: 4629 mov r1, r5 + 800641a: 4628 mov r0, r5 + 800641c: f7ff fbc9 bl 8005bb2 + uECC_vli_modAdd(t5, Y2, Y1, curve->p, num_words); /* t5 = y2 + y1 */ + 8006420: 4623 mov r3, r4 + 8006422: 464a mov r2, r9 + 8006424: 4641 mov r1, r8 + 8006426: a802 add r0, sp, #8 + 8006428: f8cd a000 str.w sl, [sp] + 800642c: f7ff ff9a bl 8006364 + uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y2 - y1 */ + 8006430: 4623 mov r3, r4 + 8006432: 464a mov r2, r9 + 8006434: 4641 mov r1, r8 + 8006436: 4640 mov r0, r8 + 8006438: f7ff ffc2 bl 80063c0 + uECC_vli_modSub(t6, X2, X1, curve->p, num_words); /* t6 = C - B */ + 800643c: 4623 mov r3, r4 + 800643e: 4632 mov r2, r6 + 8006440: 4629 mov r1, r5 + 8006442: a80a add r0, sp, #40 ; 0x28 + 8006444: f7ff ffbc bl 80063c0 + uECC_vli_modMult_fast(Y1, Y1, t6, curve); /* t2 = y1 * (C - B) = E */ + 8006448: 463b mov r3, r7 + 800644a: aa0a add r2, sp, #40 ; 0x28 + 800644c: 4649 mov r1, r9 + 800644e: 4648 mov r0, r9 + 8006450: f7ff fbaf bl 8005bb2 + uECC_vli_modAdd(t6, X1, X2, curve->p, num_words); /* t6 = B + C */ + 8006454: 4623 mov r3, r4 + 8006456: 462a mov r2, r5 + 8006458: 4631 mov r1, r6 + 800645a: a80a add r0, sp, #40 ; 0x28 + 800645c: f8cd a000 str.w sl, [sp] + 8006460: f7ff ff80 bl 8006364 + uECC_vli_modSquare_fast(X2, Y2, curve); /* t3 = (y2 - y1)^2 = D */ + 8006464: 463a mov r2, r7 + 8006466: 4641 mov r1, r8 + 8006468: 4628 mov r0, r5 + 800646a: f7ff fbb2 bl 8005bd2 + uECC_vli_modSub(X2, X2, t6, curve->p, num_words); /* t3 = D - (B + C) = x3 */ + 800646e: 4623 mov r3, r4 + 8006470: aa0a add r2, sp, #40 ; 0x28 + 8006472: 4629 mov r1, r5 + 8006474: 4628 mov r0, r5 + 8006476: f7ff ffa3 bl 80063c0 + uECC_vli_modSub(t7, X1, X2, curve->p, num_words); /* t7 = B - x3 */ + 800647a: 4623 mov r3, r4 + 800647c: 462a mov r2, r5 + 800647e: 4631 mov r1, r6 + 8006480: a812 add r0, sp, #72 ; 0x48 + 8006482: f7ff ff9d bl 80063c0 + uECC_vli_modMult_fast(Y2, Y2, t7, curve); /* t4 = (y2 - y1)*(B - x3) */ + 8006486: 463b mov r3, r7 + 8006488: aa12 add r2, sp, #72 ; 0x48 + 800648a: 4641 mov r1, r8 + 800648c: 4640 mov r0, r8 + 800648e: f7ff fb90 bl 8005bb2 + uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = (y2 - y1)*(B - x3) - E = y3 */ + 8006492: 4623 mov r3, r4 + 8006494: 464a mov r2, r9 + 8006496: 4641 mov r1, r8 + 8006498: 4640 mov r0, r8 + 800649a: f7ff ff91 bl 80063c0 + uECC_vli_modSquare_fast(t7, t5, curve); /* t7 = (y2 + y1)^2 = F */ + 800649e: 463a mov r2, r7 + 80064a0: a902 add r1, sp, #8 + 80064a2: a812 add r0, sp, #72 ; 0x48 + 80064a4: f7ff fb95 bl 8005bd2 + uECC_vli_modSub(t7, t7, t6, curve->p, num_words); /* t7 = F - (B + C) = x3' */ + 80064a8: a912 add r1, sp, #72 ; 0x48 + 80064aa: 4623 mov r3, r4 + 80064ac: aa0a add r2, sp, #40 ; 0x28 + 80064ae: 4608 mov r0, r1 + 80064b0: f7ff ff86 bl 80063c0 + uECC_vli_modSub(t6, t7, X1, curve->p, num_words); /* t6 = x3' - B */ + 80064b4: 4623 mov r3, r4 + 80064b6: 4632 mov r2, r6 + 80064b8: a912 add r1, sp, #72 ; 0x48 + 80064ba: a80a add r0, sp, #40 ; 0x28 + 80064bc: f7ff ff80 bl 80063c0 + uECC_vli_modMult_fast(t6, t6, t5, curve); /* t6 = (y2+y1)*(x3' - B) */ + 80064c0: a90a add r1, sp, #40 ; 0x28 + 80064c2: 463b mov r3, r7 + 80064c4: aa02 add r2, sp, #8 + 80064c6: 4608 mov r0, r1 + 80064c8: f7ff fb73 bl 8005bb2 + uECC_vli_modSub(Y1, t6, Y1, curve->p, num_words); /* t2 = (y2+y1)*(x3' - B) - E = y3' */ + 80064cc: 4623 mov r3, r4 + 80064ce: 464a mov r2, r9 + 80064d0: a90a add r1, sp, #40 ; 0x28 + 80064d2: 4648 mov r0, r9 + 80064d4: f7ff ff74 bl 80063c0 + uECC_vli_set(X1, t7, num_words); + 80064d8: 4652 mov r2, sl + 80064da: a912 add r1, sp, #72 ; 0x48 + 80064dc: 4630 mov r0, r6 + 80064de: f7ff fa9a bl 8005a16 +} + 80064e2: b01a add sp, #104 ; 0x68 + 80064e4: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + +080064e8 : + uECC_Curve curve) { + 80064e8: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 80064ec: b088 sub sp, #32 + 80064ee: 4614 mov r4, r2 + 80064f0: f8dd 8040 ldr.w r8, [sp, #64] ; 0x40 + wordcount_t num_words = curve->num_words; + 80064f4: 4645 mov r5, r8 + uECC_Curve curve) { + 80064f6: 461e mov r6, r3 + wordcount_t num_words = curve->num_words; + 80064f8: f915 ab04 ldrsb.w sl, [r5], #4 + uECC_Curve curve) { + 80064fc: 4607 mov r7, r0 + 80064fe: 4689 mov r9, r1 + uECC_vli_modSub(t5, X2, X1, curve->p, num_words); /* t5 = x2 - x1 */ + 8006500: 462b mov r3, r5 + 8006502: 4602 mov r2, r0 + 8006504: 4621 mov r1, r4 + 8006506: 4668 mov r0, sp + 8006508: f7ff ff5a bl 80063c0 + uECC_vli_modSquare_fast(t5, t5, curve); /* t5 = (x2 - x1)^2 = A */ + 800650c: 4642 mov r2, r8 + 800650e: 4669 mov r1, sp + 8006510: 4668 mov r0, sp + 8006512: f7ff fb5e bl 8005bd2 + uECC_vli_modMult_fast(X1, X1, t5, curve); /* t1 = x1*A = B */ + 8006516: 4643 mov r3, r8 + 8006518: 466a mov r2, sp + 800651a: 4639 mov r1, r7 + 800651c: 4638 mov r0, r7 + 800651e: f7ff fb48 bl 8005bb2 + uECC_vli_modMult_fast(X2, X2, t5, curve); /* t3 = x2*A = C */ + 8006522: 4643 mov r3, r8 + 8006524: 466a mov r2, sp + 8006526: 4621 mov r1, r4 + 8006528: 4620 mov r0, r4 + 800652a: f7ff fb42 bl 8005bb2 + uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y2 - y1 */ + 800652e: 462b mov r3, r5 + 8006530: 464a mov r2, r9 + 8006532: 4631 mov r1, r6 + 8006534: 4630 mov r0, r6 + 8006536: f7ff ff43 bl 80063c0 + uECC_vli_modSquare_fast(t5, Y2, curve); /* t5 = (y2 - y1)^2 = D */ + 800653a: 4642 mov r2, r8 + 800653c: 4631 mov r1, r6 + 800653e: 4668 mov r0, sp + 8006540: f7ff fb47 bl 8005bd2 + uECC_vli_modSub(t5, t5, X1, curve->p, num_words); /* t5 = D - B */ + 8006544: 462b mov r3, r5 + 8006546: 463a mov r2, r7 + 8006548: 4669 mov r1, sp + 800654a: 4668 mov r0, sp + 800654c: f7ff ff38 bl 80063c0 + uECC_vli_modSub(t5, t5, X2, curve->p, num_words); /* t5 = D - B - C = x3 */ + 8006550: 462b mov r3, r5 + 8006552: 4622 mov r2, r4 + 8006554: 4669 mov r1, sp + 8006556: 4668 mov r0, sp + 8006558: f7ff ff32 bl 80063c0 + uECC_vli_modSub(X2, X2, X1, curve->p, num_words); /* t3 = C - B */ + 800655c: 462b mov r3, r5 + 800655e: 463a mov r2, r7 + 8006560: 4621 mov r1, r4 + 8006562: 4620 mov r0, r4 + 8006564: f7ff ff2c bl 80063c0 + uECC_vli_modMult_fast(Y1, Y1, X2, curve); /* t2 = y1*(C - B) */ + 8006568: 4643 mov r3, r8 + 800656a: 4622 mov r2, r4 + 800656c: 4649 mov r1, r9 + 800656e: 4648 mov r0, r9 + 8006570: f7ff fb1f bl 8005bb2 + uECC_vli_modSub(X2, X1, t5, curve->p, num_words); /* t3 = B - x3 */ + 8006574: 462b mov r3, r5 + 8006576: 466a mov r2, sp + 8006578: 4639 mov r1, r7 + 800657a: 4620 mov r0, r4 + 800657c: f7ff ff20 bl 80063c0 + uECC_vli_modMult_fast(Y2, Y2, X2, curve); /* t4 = (y2 - y1)*(B - x3) */ + 8006580: 4643 mov r3, r8 + 8006582: 4622 mov r2, r4 + 8006584: 4631 mov r1, r6 + 8006586: 4630 mov r0, r6 + 8006588: f7ff fb13 bl 8005bb2 + uECC_vli_modSub(Y2, Y2, Y1, curve->p, num_words); /* t4 = y3 */ + 800658c: 462b mov r3, r5 + 800658e: 464a mov r2, r9 + 8006590: 4631 mov r1, r6 + 8006592: 4630 mov r0, r6 + 8006594: f7ff ff14 bl 80063c0 + uECC_vli_set(X2, t5, num_words); + 8006598: 4652 mov r2, sl + 800659a: 4669 mov r1, sp + 800659c: 4620 mov r0, r4 + 800659e: f7ff fa3a bl 8005a16 +} + 80065a2: b008 add sp, #32 + 80065a4: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + +080065a8 : + uECC_Curve curve) { + 80065a8: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 80065ac: b0b1 sub sp, #196 ; 0xc4 + 80065ae: e9cd 0102 strd r0, r1, [sp, #8] + 80065b2: 9c3b ldr r4, [sp, #236] ; 0xec + 80065b4: 9204 str r2, [sp, #16] + wordcount_t num_words = curve->num_words; + 80065b6: f994 9000 ldrsb.w r9, [r4] + uECC_vli_set(Rx[1], point, num_words); + 80065ba: a818 add r0, sp, #96 ; 0x60 + 80065bc: 464a mov r2, r9 + uECC_Curve curve) { + 80065be: 461d mov r5, r3 + uECC_vli_set(Rx[1], point, num_words); + 80065c0: f7ff fa29 bl 8005a16 + uECC_vli_set(Ry[1], point + num_words, num_words); + 80065c4: ea4f 0389 mov.w r3, r9, lsl #2 + 80065c8: 9305 str r3, [sp, #20] + 80065ca: 9b03 ldr r3, [sp, #12] + 80065cc: eb03 0a89 add.w sl, r3, r9, lsl #2 + 80065d0: 4651 mov r1, sl + 80065d2: a828 add r0, sp, #160 ; 0xa0 + 80065d4: f7ff fa1f bl 8005a16 + wordcount_t num_words = curve->num_words; + 80065d8: f994 2000 ldrsb.w r2, [r4] + if (initial_Z) { + 80065dc: 2d00 cmp r5, #0 + 80065de: f000 8082 beq.w 80066e6 + uECC_vli_set(z, initial_Z, num_words); + 80065e2: 4629 mov r1, r5 + 80065e4: a808 add r0, sp, #32 + 80065e6: f7ff fa16 bl 8005a16 + uECC_vli_set(X2, X1, num_words); + 80065ea: af10 add r7, sp, #64 ; 0x40 + 80065ec: a918 add r1, sp, #96 ; 0x60 + 80065ee: 4638 mov r0, r7 + uECC_vli_set(Y2, Y1, num_words); + 80065f0: f10d 0880 add.w r8, sp, #128 ; 0x80 + uECC_vli_set(X2, X1, num_words); + 80065f4: f7ff fa0f bl 8005a16 + uECC_vli_set(Y2, Y1, num_words); + 80065f8: a928 add r1, sp, #160 ; 0xa0 + 80065fa: 4640 mov r0, r8 + 80065fc: f7ff fa0b bl 8005a16 + apply_z(X1, Y1, z, curve); + 8006600: 4623 mov r3, r4 + 8006602: aa08 add r2, sp, #32 + 8006604: a818 add r0, sp, #96 ; 0x60 + 8006606: f7ff fae8 bl 8005bda + curve->double_jacobian(X1, Y1, z, curve); + 800660a: f8d4 50a4 ldr.w r5, [r4, #164] ; 0xa4 + 800660e: 4623 mov r3, r4 + 8006610: aa08 add r2, sp, #32 + 8006612: a928 add r1, sp, #160 ; 0xa0 + 8006614: a818 add r0, sp, #96 ; 0x60 + 8006616: 47a8 blx r5 + apply_z(X2, Y2, z, curve); + 8006618: 4623 mov r3, r4 + 800661a: aa08 add r2, sp, #32 + 800661c: 4641 mov r1, r8 + 800661e: 4638 mov r0, r7 + 8006620: f7ff fadb bl 8005bda + for (i = num_bits - 2; i > 0; --i) { + 8006624: f9bd 50e8 ldrsh.w r5, [sp, #232] ; 0xe8 + 8006628: 3d02 subs r5, #2 + 800662a: b22d sxth r5, r5 + 800662c: 2d00 cmp r5, #0 + 800662e: dc63 bgt.n 80066f8 + return (vli[bit >> uECC_WORD_BITS_SHIFT] & ((uECC_word_t)1 << (bit & uECC_WORD_BITS_MASK))); + 8006630: 9b04 ldr r3, [sp, #16] + 8006632: 681d ldr r5, [r3, #0] + XYcZ_addC(Rx[1 - nb], Ry[1 - nb], Rx[nb], Ry[nb], curve); + 8006634: 9400 str r4, [sp, #0] + return (vli[bit >> uECC_WORD_BITS_SHIFT] & ((uECC_word_t)1 << (bit & uECC_WORD_BITS_MASK))); + 8006636: f005 0601 and.w r6, r5, #1 + XYcZ_addC(Rx[1 - nb], Ry[1 - nb], Rx[nb], Ry[nb], curve); + 800663a: ab10 add r3, sp, #64 ; 0x40 + 800663c: eb03 1746 add.w r7, r3, r6, lsl #5 + 8006640: 43ed mvns r5, r5 + 8006642: ab20 add r3, sp, #128 ; 0x80 + 8006644: eb03 1646 add.w r6, r3, r6, lsl #5 + 8006648: f005 0501 and.w r5, r5, #1 + 800664c: ab10 add r3, sp, #64 ; 0x40 + 800664e: eb03 1845 add.w r8, r3, r5, lsl #5 + 8006652: ab20 add r3, sp, #128 ; 0x80 + 8006654: eb03 1545 add.w r5, r3, r5, lsl #5 + 8006658: 462b mov r3, r5 + 800665a: 4642 mov r2, r8 + 800665c: 4631 mov r1, r6 + 800665e: 4638 mov r0, r7 + uECC_vli_modSub(z, Rx[1], Rx[0], curve->p, num_words); /* X1 - X0 */ + 8006660: f104 0b04 add.w fp, r4, #4 + XYcZ_addC(Rx[1 - nb], Ry[1 - nb], Rx[nb], Ry[nb], curve); + 8006664: f7ff feba bl 80063dc + uECC_vli_modSub(z, Rx[1], Rx[0], curve->p, num_words); /* X1 - X0 */ + 8006668: 465b mov r3, fp + 800666a: aa10 add r2, sp, #64 ; 0x40 + 800666c: a918 add r1, sp, #96 ; 0x60 + 800666e: a808 add r0, sp, #32 + 8006670: f7ff fea6 bl 80063c0 + uECC_vli_modMult_fast(z, z, Ry[1 - nb], curve); /* Yb * (X1 - X0) */ + 8006674: a908 add r1, sp, #32 + 8006676: 4623 mov r3, r4 + 8006678: 4632 mov r2, r6 + 800667a: 4608 mov r0, r1 + 800667c: f7ff fa99 bl 8005bb2 + uECC_vli_modMult_fast(z, z, point, curve); /* xP * Yb * (X1 - X0) */ + 8006680: a908 add r1, sp, #32 + 8006682: 9a03 ldr r2, [sp, #12] + 8006684: 4623 mov r3, r4 + 8006686: 4608 mov r0, r1 + 8006688: f7ff fa93 bl 8005bb2 + uECC_vli_modInv(z, z, curve->p, num_words); /* 1 / (xP * Yb * (X1 - X0)) */ + 800668c: a908 add r1, sp, #32 + 800668e: 464b mov r3, r9 + 8006690: 465a mov r2, fp + 8006692: 4608 mov r0, r1 + 8006694: f7ff fde6 bl 8006264 + uECC_vli_modMult_fast(z, z, point + num_words, curve); + 8006698: a908 add r1, sp, #32 + 800669a: 4623 mov r3, r4 + 800669c: 4652 mov r2, sl + 800669e: 4608 mov r0, r1 + 80066a0: f7ff fa87 bl 8005bb2 + uECC_vli_modMult_fast(z, z, Rx[1 - nb], curve); /* Xb * yP / (xP * Yb * (X1 - X0)) */ + 80066a4: a908 add r1, sp, #32 + 80066a6: 4623 mov r3, r4 + 80066a8: 463a mov r2, r7 + 80066aa: 4608 mov r0, r1 + 80066ac: f7ff fa81 bl 8005bb2 + XYcZ_add(Rx[nb], Ry[nb], Rx[1 - nb], Ry[1 - nb], curve); + 80066b0: 4633 mov r3, r6 + 80066b2: 463a mov r2, r7 + 80066b4: 4629 mov r1, r5 + 80066b6: 4640 mov r0, r8 + 80066b8: 9400 str r4, [sp, #0] + 80066ba: f7ff ff15 bl 80064e8 + apply_z(Rx[0], Ry[0], z, curve); + 80066be: 4623 mov r3, r4 + 80066c0: aa08 add r2, sp, #32 + 80066c2: a920 add r1, sp, #128 ; 0x80 + 80066c4: a810 add r0, sp, #64 ; 0x40 + 80066c6: f7ff fa88 bl 8005bda + uECC_vli_set(result, Rx[0], num_words); + 80066ca: 9802 ldr r0, [sp, #8] + 80066cc: 464a mov r2, r9 + 80066ce: a910 add r1, sp, #64 ; 0x40 + 80066d0: f7ff f9a1 bl 8005a16 + uECC_vli_set(result + num_words, Ry[0], num_words); + 80066d4: 9802 ldr r0, [sp, #8] + 80066d6: 9b05 ldr r3, [sp, #20] + 80066d8: a920 add r1, sp, #128 ; 0x80 + 80066da: 4418 add r0, r3 + 80066dc: f7ff f99b bl 8005a16 +} + 80066e0: b031 add sp, #196 ; 0xc4 + 80066e2: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + uECC_vli_clear(z, num_words); + 80066e6: 4611 mov r1, r2 + 80066e8: a808 add r0, sp, #32 + 80066ea: 9206 str r2, [sp, #24] + 80066ec: f7ff f954 bl 8005998 + z[0] = 1; + 80066f0: 2301 movs r3, #1 + 80066f2: 9a06 ldr r2, [sp, #24] + 80066f4: 9308 str r3, [sp, #32] + 80066f6: e778 b.n 80065ea + nb = !uECC_vli_testBit(scalar, i); + 80066f8: 4629 mov r1, r5 + 80066fa: 9804 ldr r0, [sp, #16] + 80066fc: f7ff f961 bl 80059c2 + 8006700: fab0 f680 clz r6, r0 + 8006704: 0976 lsrs r6, r6, #5 + XYcZ_addC(Rx[1 - nb], Ry[1 - nb], Rx[nb], Ry[nb], curve); + 8006706: f1c6 0101 rsb r1, r6, #1 + 800670a: eb07 1b46 add.w fp, r7, r6, lsl #5 + 800670e: eb08 1646 add.w r6, r8, r6, lsl #5 + 8006712: eb07 1041 add.w r0, r7, r1, lsl #5 + 8006716: 4633 mov r3, r6 + 8006718: eb08 1141 add.w r1, r8, r1, lsl #5 + 800671c: 465a mov r2, fp + 800671e: 9400 str r4, [sp, #0] + 8006720: e9cd 0106 strd r0, r1, [sp, #24] + 8006724: f7ff fe5a bl 80063dc + XYcZ_add(Rx[nb], Ry[nb], Rx[1 - nb], Ry[1 - nb], curve); + 8006728: 9907 ldr r1, [sp, #28] + 800672a: 9806 ldr r0, [sp, #24] + 800672c: 9400 str r4, [sp, #0] + 800672e: 460b mov r3, r1 + 8006730: 4602 mov r2, r0 + 8006732: 4631 mov r1, r6 + 8006734: 4658 mov r0, fp + 8006736: f7ff fed7 bl 80064e8 + for (i = num_bits - 2; i > 0; --i) { + 800673a: 3d01 subs r5, #1 + 800673c: e775 b.n 800662a + +0800673e : + uECC_Curve curve) { + 800673e: b530 push {r4, r5, lr} + 8006740: 4614 mov r4, r2 + 8006742: b095 sub sp, #84 ; 0x54 + 8006744: 4605 mov r5, r0 + uECC_word_t *p2[2] = {tmp1, tmp2}; + 8006746: aa0c add r2, sp, #48 ; 0x30 + carry = regularize_k(private, tmp1, tmp2, curve); + 8006748: 4623 mov r3, r4 + uECC_Curve curve) { + 800674a: 4608 mov r0, r1 + uECC_word_t *p2[2] = {tmp1, tmp2}; + 800674c: a904 add r1, sp, #16 + 800674e: 9102 str r1, [sp, #8] + 8006750: 9203 str r2, [sp, #12] + carry = regularize_k(private, tmp1, tmp2, curve); + 8006752: f7ff fbe0 bl 8005f16 + EccPoint_mult(result, curve->G, p2[!carry], 0, curve->num_n_bits + 1, curve); + 8006756: fab0 f380 clz r3, r0 + 800675a: 095b lsrs r3, r3, #5 + 800675c: aa14 add r2, sp, #80 ; 0x50 + 800675e: eb02 0283 add.w r2, r2, r3, lsl #2 + 8006762: 8863 ldrh r3, [r4, #2] + 8006764: 9401 str r4, [sp, #4] + 8006766: 3301 adds r3, #1 + 8006768: b21b sxth r3, r3 + 800676a: 9300 str r3, [sp, #0] + 800676c: f852 2c48 ldr.w r2, [r2, #-72] + 8006770: 2300 movs r3, #0 + 8006772: f104 0144 add.w r1, r4, #68 ; 0x44 + 8006776: 4628 mov r0, r5 + 8006778: f7ff ff16 bl 80065a8 + if (EccPoint_isZero(result, curve)) { + 800677c: 7821 ldrb r1, [r4, #0] + 800677e: 0049 lsls r1, r1, #1 + 8006780: b249 sxtb r1, r1 + 8006782: 4628 mov r0, r5 + 8006784: f7ff f90e bl 80059a4 +} + 8006788: fab0 f080 clz r0, r0 + 800678c: 0940 lsrs r0, r0, #5 + 800678e: b015 add sp, #84 ; 0x54 + 8006790: bd30 pop {r4, r5, pc} + ... + +08006794 : + uECC_Curve curve) { + 8006794: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 8006798: ed2d 8b02 vpush {d8} + 800679c: b0a7 sub sp, #156 ; 0x9c + 800679e: 461e mov r6, r3 + 80067a0: 9d33 ldr r5, [sp, #204] ; 0xcc + wordcount_t num_words = curve->num_words; + 80067a2: f995 a000 ldrsb.w sl, [r5] + uECC_Curve curve) { + 80067a6: ee08 1a10 vmov s16, r1 + 80067aa: 4683 mov fp, r0 + uECC_word_t *k2[2] = {tmp, s}; + 80067ac: f10d 0918 add.w r9, sp, #24 + 80067b0: ab0e add r3, sp, #56 ; 0x38 + if (uECC_vli_isZero(k, num_words) || uECC_vli_cmp(curve->n, k, num_n_words) != 1) { + 80067b2: 4651 mov r1, sl + 80067b4: 4630 mov r0, r6 + uECC_Curve curve) { + 80067b6: ee08 2a90 vmov s17, r2 + uECC_word_t *k2[2] = {tmp, s}; + 80067ba: f8cd 9010 str.w r9, [sp, #16] + 80067be: 9305 str r3, [sp, #20] + if (uECC_vli_isZero(k, num_words) || uECC_vli_cmp(curve->n, k, num_n_words) != 1) { + 80067c0: f7ff f8f0 bl 80059a4 + 80067c4: b128 cbz r0, 80067d2 + return 0; + 80067c6: 2000 movs r0, #0 +} + 80067c8: b027 add sp, #156 ; 0x9c + 80067ca: ecbd 8b02 vpop {d8} + 80067ce: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 80067d2: f9b5 8002 ldrsh.w r8, [r5, #2] + 80067d6: f118 041f adds.w r4, r8, #31 + 80067da: bf48 it mi + 80067dc: f108 043e addmi.w r4, r8, #62 ; 0x3e + 80067e0: f344 1447 sbfx r4, r4, #5, #8 + if (uECC_vli_isZero(k, num_words) || uECC_vli_cmp(curve->n, k, num_n_words) != 1) { + 80067e4: f105 0724 add.w r7, r5, #36 ; 0x24 + 80067e8: 4622 mov r2, r4 + 80067ea: 4631 mov r1, r6 + 80067ec: 4638 mov r0, r7 + 80067ee: f7ff fb19 bl 8005e24 + 80067f2: 2801 cmp r0, #1 + 80067f4: 9003 str r0, [sp, #12] + 80067f6: d1e6 bne.n 80067c6 + carry = regularize_k(k, tmp, s, curve); + 80067f8: 462b mov r3, r5 + 80067fa: aa0e add r2, sp, #56 ; 0x38 + 80067fc: 4649 mov r1, r9 + 80067fe: 4630 mov r0, r6 + 8006800: f7ff fb89 bl 8005f16 + EccPoint_mult(p, curve->G, k2[!carry], 0, num_n_bits + 1, curve); + 8006804: fab0 f080 clz r0, r0 + 8006808: ab26 add r3, sp, #152 ; 0x98 + 800680a: 0940 lsrs r0, r0, #5 + 800680c: f108 0801 add.w r8, r8, #1 + 8006810: eb03 0080 add.w r0, r3, r0, lsl #2 + 8006814: fa0f f388 sxth.w r3, r8 + 8006818: 9300 str r3, [sp, #0] + 800681a: 9501 str r5, [sp, #4] + 800681c: f850 2c88 ldr.w r2, [r0, #-136] + 8006820: f105 0144 add.w r1, r5, #68 ; 0x44 + 8006824: a816 add r0, sp, #88 ; 0x58 + 8006826: 2300 movs r3, #0 + 8006828: f7ff febe bl 80065a8 + if (uECC_vli_isZero(p, num_words)) { + 800682c: 4651 mov r1, sl + 800682e: a816 add r0, sp, #88 ; 0x58 + 8006830: f7ff f8b8 bl 80059a4 + 8006834: 2800 cmp r0, #0 + 8006836: d1c6 bne.n 80067c6 + uECC_recid = (p[curve->num_words] & 0x01); + 8006838: f995 3000 ldrsb.w r3, [r5] + 800683c: aa26 add r2, sp, #152 ; 0x98 + 800683e: eb02 0383 add.w r3, r2, r3, lsl #2 + 8006842: 4a3b ldr r2, [pc, #236] ; (8006930 ) + 8006844: f853 3c40 ldr.w r3, [r3, #-64] + 8006848: f003 0301 and.w r3, r3, #1 + 800684c: 7013 strb r3, [r2, #0] + if (!g_rng_function) { + 800684e: 4b39 ldr r3, [pc, #228] ; (8006934 ) + 8006850: 681b ldr r3, [r3, #0] + 8006852: 2b00 cmp r3, #0 + 8006854: d163 bne.n 800691e + uECC_vli_clear(tmp, num_n_words); + 8006856: 4621 mov r1, r4 + 8006858: 4648 mov r0, r9 + 800685a: f7ff f89d bl 8005998 + tmp[0] = 1; + 800685e: 9b03 ldr r3, [sp, #12] + 8006860: 9306 str r3, [sp, #24] + uECC_vli_modMult(k, k, tmp, curve->n, num_n_words); /* k' = rand * k */ + 8006862: 463b mov r3, r7 + 8006864: aa06 add r2, sp, #24 + 8006866: 4631 mov r1, r6 + 8006868: 4630 mov r0, r6 + 800686a: 9400 str r4, [sp, #0] + 800686c: f7ff f901 bl 8005a72 + uECC_vli_modInv(k, k, curve->n, num_n_words); /* k = 1 / k' */ + 8006870: 4623 mov r3, r4 + 8006872: 463a mov r2, r7 + 8006874: 4631 mov r1, r6 + 8006876: 4630 mov r0, r6 + 8006878: f7ff fcf4 bl 8006264 + uECC_vli_modMult(k, k, tmp, curve->n, num_n_words); /* k = 1 / k */ + 800687c: 463b mov r3, r7 + 800687e: aa06 add r2, sp, #24 + 8006880: 4631 mov r1, r6 + 8006882: 4630 mov r0, r6 + 8006884: 9400 str r4, [sp, #0] + 8006886: f7ff f8f4 bl 8005a72 + uECC_vli_nativeToBytes(signature, curve->num_bytes, p); /* store r */ + 800688a: f995 1001 ldrsb.w r1, [r5, #1] + 800688e: 9832 ldr r0, [sp, #200] ; 0xc8 + 8006890: aa16 add r2, sp, #88 ; 0x58 + 8006892: f7ff f9c1 bl 8005c18 + uECC_vli_bytesToNative(tmp, private_key, BITS_TO_BYTES(curve->num_n_bits)); /* tmp = d */ + 8006896: f9b5 3002 ldrsh.w r3, [r5, #2] + 800689a: 1dda adds r2, r3, #7 + 800689c: bf48 it mi + 800689e: f103 020e addmi.w r2, r3, #14 + 80068a2: 10d2 asrs r2, r2, #3 + 80068a4: 4659 mov r1, fp + 80068a6: a806 add r0, sp, #24 + 80068a8: f7ff f9ca bl 8005c40 + s[num_n_words - 1] = 0; + 80068ac: aa26 add r2, sp, #152 ; 0x98 + 80068ae: 1e63 subs r3, r4, #1 + 80068b0: eb02 0383 add.w r3, r2, r3, lsl #2 + 80068b4: 2200 movs r2, #0 + uECC_vli_set(s, p, num_words); + 80068b6: a80e add r0, sp, #56 ; 0x38 + s[num_n_words - 1] = 0; + 80068b8: f843 2c60 str.w r2, [r3, #-96] + uECC_vli_set(s, p, num_words); + 80068bc: a916 add r1, sp, #88 ; 0x58 + 80068be: 4652 mov r2, sl + 80068c0: f7ff f8a9 bl 8005a16 + uECC_vli_modMult(s, tmp, s, curve->n, num_n_words); /* s = r*d */ + 80068c4: 4602 mov r2, r0 + 80068c6: 463b mov r3, r7 + 80068c8: a906 add r1, sp, #24 + 80068ca: 9400 str r4, [sp, #0] + 80068cc: f7ff f8d1 bl 8005a72 + bits2int(tmp, message_hash, hash_size, curve); + 80068d0: ee18 2a90 vmov r2, s17 + 80068d4: ee18 1a10 vmov r1, s16 + 80068d8: 462b mov r3, r5 + 80068da: a806 add r0, sp, #24 + 80068dc: f7ff fa5b bl 8005d96 + uECC_vli_modAdd(s, tmp, s, curve->n, num_n_words); /* s = e + r*d */ + 80068e0: aa0e add r2, sp, #56 ; 0x38 + 80068e2: 4610 mov r0, r2 + 80068e4: 463b mov r3, r7 + 80068e6: a906 add r1, sp, #24 + 80068e8: 9400 str r4, [sp, #0] + 80068ea: f7ff fd3b bl 8006364 + uECC_vli_modMult(s, s, k, curve->n, num_n_words); /* s = (e + r*d) / k */ + 80068ee: a90e add r1, sp, #56 ; 0x38 + 80068f0: 4608 mov r0, r1 + 80068f2: 463b mov r3, r7 + 80068f4: 4632 mov r2, r6 + 80068f6: 9400 str r4, [sp, #0] + 80068f8: f7ff f8bb bl 8005a72 + if (uECC_vli_numBits(s, num_n_words) > (bitcount_t)curve->num_bytes * 8) { + 80068fc: 4621 mov r1, r4 + 80068fe: a80e add r0, sp, #56 ; 0x38 + 8006900: f7ff f869 bl 80059d6 + 8006904: f995 1001 ldrsb.w r1, [r5, #1] + 8006908: ebb0 0fc1 cmp.w r0, r1, lsl #3 + 800690c: f73f af5b bgt.w 80067c6 + uECC_vli_nativeToBytes(signature + curve->num_bytes, curve->num_bytes, s); + 8006910: 9b32 ldr r3, [sp, #200] ; 0xc8 + 8006912: aa0e add r2, sp, #56 ; 0x38 + 8006914: 1858 adds r0, r3, r1 + 8006916: f7ff f97f bl 8005c18 + return 1; + 800691a: 2001 movs r0, #1 + 800691c: e754 b.n 80067c8 + } else if (!uECC_generate_random_int(tmp, curve->n, num_n_words)) { + 800691e: 4622 mov r2, r4 + 8006920: 4639 mov r1, r7 + 8006922: 4648 mov r0, r9 + 8006924: f7ff fa96 bl 8005e54 + 8006928: 2800 cmp r0, #0 + 800692a: d19a bne.n 8006862 + 800692c: e74b b.n 80067c6 + 800692e: bf00 nop + 8006930: 2009e2a8 .word 0x2009e2a8 + 8006934: 2009e2a4 .word 0x2009e2a4 + +08006938 : + uECC_Curve curve) { + 8006938: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + 800693c: 4605 mov r5, r0 + 800693e: b093 sub sp, #76 ; 0x4c + 8006940: 460c mov r4, r1 + if (uECC_vli_isZero(Z1, num_words_secp256k1)) { + 8006942: 4610 mov r0, r2 + 8006944: 2108 movs r1, #8 + uECC_Curve curve) { + 8006946: 4617 mov r7, r2 + 8006948: 461e mov r6, r3 + if (uECC_vli_isZero(Z1, num_words_secp256k1)) { + 800694a: f7ff f82b bl 80059a4 + 800694e: 2800 cmp r0, #0 + 8006950: d161 bne.n 8006a16 + uECC_vli_modSquare_fast(t5, Y1, curve); /* t5 = y1^2 */ + 8006952: 4632 mov r2, r6 + 8006954: 4621 mov r1, r4 + 8006956: a80a add r0, sp, #40 ; 0x28 + 8006958: f7ff f93b bl 8005bd2 + uECC_vli_modMult_fast(t4, X1, t5, curve); /* t4 = x1*y1^2 = A */ + 800695c: 4633 mov r3, r6 + 800695e: aa0a add r2, sp, #40 ; 0x28 + 8006960: 4629 mov r1, r5 + 8006962: a802 add r0, sp, #8 + 8006964: f7ff f925 bl 8005bb2 + uECC_vli_modSquare_fast(X1, X1, curve); /* t1 = x1^2 */ + 8006968: 4632 mov r2, r6 + 800696a: 4629 mov r1, r5 + 800696c: 4628 mov r0, r5 + 800696e: f7ff f930 bl 8005bd2 + uECC_vli_modSquare_fast(t5, t5, curve); /* t5 = y1^4 */ + 8006972: a90a add r1, sp, #40 ; 0x28 + 8006974: 4608 mov r0, r1 + 8006976: 4632 mov r2, r6 + 8006978: f7ff f92b bl 8005bd2 + uECC_vli_modAdd(Y1, X1, X1, curve->p, num_words_secp256k1); /* t2 = 2*x1^2 */ + 800697c: f04f 0808 mov.w r8, #8 + uECC_vli_modMult_fast(Z1, Y1, Z1, curve); /* t3 = y1*z1 = z3 */ + 8006980: 463a mov r2, r7 + 8006982: 4638 mov r0, r7 + 8006984: 4633 mov r3, r6 + 8006986: 4621 mov r1, r4 + uECC_vli_modAdd(Y1, X1, X1, curve->p, num_words_secp256k1); /* t2 = 2*x1^2 */ + 8006988: 1d37 adds r7, r6, #4 + uECC_vli_modMult_fast(Z1, Y1, Z1, curve); /* t3 = y1*z1 = z3 */ + 800698a: f7ff f912 bl 8005bb2 + uECC_vli_modAdd(Y1, X1, X1, curve->p, num_words_secp256k1); /* t2 = 2*x1^2 */ + 800698e: 463b mov r3, r7 + 8006990: 462a mov r2, r5 + 8006992: 4629 mov r1, r5 + 8006994: 4620 mov r0, r4 + 8006996: f8cd 8000 str.w r8, [sp] + 800699a: f7ff fce3 bl 8006364 + uECC_vli_modAdd(Y1, Y1, X1, curve->p, num_words_secp256k1); /* t2 = 3*x1^2 */ + 800699e: 463b mov r3, r7 + 80069a0: f8cd 8000 str.w r8, [sp] + 80069a4: 462a mov r2, r5 + 80069a6: 4621 mov r1, r4 + 80069a8: 4620 mov r0, r4 + 80069aa: f7ff fcdb bl 8006364 + return (vli[bit >> uECC_WORD_BITS_SHIFT] & ((uECC_word_t)1 << (bit & uECC_WORD_BITS_MASK))); + 80069ae: 6823 ldr r3, [r4, #0] + if (uECC_vli_testBit(Y1, 0)) { + 80069b0: 07db lsls r3, r3, #31 + 80069b2: d533 bpl.n 8006a1c + uECC_word_t carry = uECC_vli_add(Y1, Y1, curve->p, num_words_secp256k1); + 80069b4: 463a mov r2, r7 + 80069b6: 4621 mov r1, r4 + 80069b8: 4620 mov r0, r4 + 80069ba: f7ff fa87 bl 8005ecc + uECC_vli_rshift1(Y1, num_words_secp256k1); + 80069be: 4641 mov r1, r8 + uECC_word_t carry = uECC_vli_add(Y1, Y1, curve->p, num_words_secp256k1); + 80069c0: 4681 mov r9, r0 + uECC_vli_rshift1(Y1, num_words_secp256k1); + 80069c2: 4620 mov r0, r4 + 80069c4: f7ff f848 bl 8005a58 + Y1[num_words_secp256k1 - 1] |= carry << (uECC_WORD_BITS - 1); + 80069c8: 69e3 ldr r3, [r4, #28] + 80069ca: ea43 73c9 orr.w r3, r3, r9, lsl #31 + 80069ce: 61e3 str r3, [r4, #28] + uECC_vli_modSquare_fast(X1, Y1, curve); /* t1 = B^2 */ + 80069d0: 4632 mov r2, r6 + 80069d2: 4621 mov r1, r4 + 80069d4: 4628 mov r0, r5 + 80069d6: f7ff f8fc bl 8005bd2 + uECC_vli_modSub(X1, X1, t4, curve->p, num_words_secp256k1); /* t1 = B^2 - A */ + 80069da: 463b mov r3, r7 + 80069dc: aa02 add r2, sp, #8 + 80069de: 4629 mov r1, r5 + 80069e0: 4628 mov r0, r5 + 80069e2: f7ff fced bl 80063c0 + uECC_vli_modSub(X1, X1, t4, curve->p, num_words_secp256k1); /* t1 = B^2 - 2A = x3 */ + 80069e6: 463b mov r3, r7 + 80069e8: aa02 add r2, sp, #8 + 80069ea: 4629 mov r1, r5 + 80069ec: 4628 mov r0, r5 + 80069ee: f7ff fce7 bl 80063c0 + uECC_vli_modSub(t4, t4, X1, curve->p, num_words_secp256k1); /* t4 = A - x3 */ + 80069f2: a902 add r1, sp, #8 + 80069f4: 4608 mov r0, r1 + 80069f6: 463b mov r3, r7 + 80069f8: 462a mov r2, r5 + 80069fa: f7ff fce1 bl 80063c0 + uECC_vli_modMult_fast(Y1, Y1, t4, curve); /* t2 = B * (A - x3) */ + 80069fe: 4633 mov r3, r6 + 8006a00: aa02 add r2, sp, #8 + 8006a02: 4621 mov r1, r4 + 8006a04: 4620 mov r0, r4 + 8006a06: f7ff f8d4 bl 8005bb2 + uECC_vli_modSub(Y1, Y1, t5, curve->p, num_words_secp256k1); /* t2 = B * (A - x3) - y1^4 = y3 */ + 8006a0a: 463b mov r3, r7 + 8006a0c: aa0a add r2, sp, #40 ; 0x28 + 8006a0e: 4621 mov r1, r4 + 8006a10: 4620 mov r0, r4 + 8006a12: f7ff fcd5 bl 80063c0 +} + 8006a16: b013 add sp, #76 ; 0x4c + 8006a18: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + uECC_vli_rshift1(Y1, num_words_secp256k1); + 8006a1c: 4641 mov r1, r8 + 8006a1e: 4620 mov r0, r4 + 8006a20: f7ff f81a bl 8005a58 + 8006a24: e7d4 b.n 80069d0 + +08006a26 : +static void x_side_default(uECC_word_t *result, const uECC_word_t *x, uECC_Curve curve) { + 8006a26: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 8006a2a: b08a sub sp, #40 ; 0x28 + 8006a2c: 4604 mov r4, r0 + 8006a2e: 4615 mov r5, r2 + 8006a30: 460e mov r6, r1 + uECC_word_t _3[uECC_MAX_WORDS] = {3}; /* -a = 3 */ + 8006a32: 221c movs r2, #28 + 8006a34: 2100 movs r1, #0 + 8006a36: a803 add r0, sp, #12 + 8006a38: f006 ff64 bl 800d904 + uECC_vli_modSub(result, result, _3, curve->p, num_words); /* r = x^2 - 3 */ + 8006a3c: 1d2f adds r7, r5, #4 + uECC_word_t _3[uECC_MAX_WORDS] = {3}; /* -a = 3 */ + 8006a3e: 2303 movs r3, #3 + uECC_vli_modSquare_fast(result, x, curve); /* r = x^2 */ + 8006a40: 462a mov r2, r5 + 8006a42: 4631 mov r1, r6 + 8006a44: 4620 mov r0, r4 + wordcount_t num_words = curve->num_words; + 8006a46: f995 8000 ldrsb.w r8, [r5] + uECC_word_t _3[uECC_MAX_WORDS] = {3}; /* -a = 3 */ + 8006a4a: 9302 str r3, [sp, #8] + uECC_vli_modSquare_fast(result, x, curve); /* r = x^2 */ + 8006a4c: f7ff f8c1 bl 8005bd2 + uECC_vli_modSub(result, result, _3, curve->p, num_words); /* r = x^2 - 3 */ + 8006a50: 463b mov r3, r7 + 8006a52: aa02 add r2, sp, #8 + 8006a54: 4621 mov r1, r4 + 8006a56: 4620 mov r0, r4 + 8006a58: f7ff fcb2 bl 80063c0 + uECC_vli_modMult_fast(result, result, x, curve); /* r = x^3 - 3x */ + 8006a5c: 462b mov r3, r5 + 8006a5e: 4632 mov r2, r6 + 8006a60: 4621 mov r1, r4 + 8006a62: 4620 mov r0, r4 + 8006a64: f7ff f8a5 bl 8005bb2 + uECC_vli_modAdd(result, result, curve->b, curve->p, num_words); /* r = x^3 - 3x + b */ + 8006a68: f8cd 8000 str.w r8, [sp] + 8006a6c: 463b mov r3, r7 + 8006a6e: f105 0284 add.w r2, r5, #132 ; 0x84 + 8006a72: 4621 mov r1, r4 + 8006a74: 4620 mov r0, r4 + 8006a76: f7ff fc75 bl 8006364 +} + 8006a7a: b00a add sp, #40 ; 0x28 + 8006a7c: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + +08006a80 : + uECC_Curve curve) { + 8006a80: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + wordcount_t num_words = curve->num_words; + 8006a84: f993 8000 ldrsb.w r8, [r3] + uECC_Curve curve) { + 8006a88: b092 sub sp, #72 ; 0x48 + 8006a8a: 4604 mov r4, r0 + 8006a8c: 4689 mov r9, r1 + if (uECC_vli_isZero(Z1, num_words)) { + 8006a8e: 4610 mov r0, r2 + 8006a90: 4641 mov r1, r8 + uECC_Curve curve) { + 8006a92: 4615 mov r5, r2 + 8006a94: 461e mov r6, r3 + if (uECC_vli_isZero(Z1, num_words)) { + 8006a96: f7fe ff85 bl 80059a4 + 8006a9a: 2800 cmp r0, #0 + 8006a9c: f040 808e bne.w 8006bbc + uECC_vli_modSquare_fast(t4, Y1, curve); /* t4 = y1^2 */ + 8006aa0: 4632 mov r2, r6 + 8006aa2: 4649 mov r1, r9 + 8006aa4: a802 add r0, sp, #8 + 8006aa6: f7ff f894 bl 8005bd2 + uECC_vli_modMult_fast(t5, X1, t4, curve); /* t5 = x1*y1^2 = A */ + 8006aaa: 4633 mov r3, r6 + 8006aac: aa02 add r2, sp, #8 + 8006aae: 4621 mov r1, r4 + 8006ab0: a80a add r0, sp, #40 ; 0x28 + 8006ab2: f7ff f87e bl 8005bb2 + uECC_vli_modSquare_fast(t4, t4, curve); /* t4 = y1^4 */ + 8006ab6: a902 add r1, sp, #8 + 8006ab8: 4608 mov r0, r1 + 8006aba: 4632 mov r2, r6 + 8006abc: f7ff f889 bl 8005bd2 + uECC_vli_modMult_fast(Y1, Y1, Z1, curve); /* t2 = y1*z1 = z3 */ + 8006ac0: 4633 mov r3, r6 + 8006ac2: 462a mov r2, r5 + 8006ac4: 4649 mov r1, r9 + 8006ac6: 4648 mov r0, r9 + 8006ac8: f7ff f873 bl 8005bb2 + uECC_vli_modAdd(X1, X1, Z1, curve->p, num_words); /* t1 = x1 + z1^2 */ + 8006acc: 1d37 adds r7, r6, #4 + uECC_vli_modSquare_fast(Z1, Z1, curve); /* t3 = z1^2 */ + 8006ace: 4632 mov r2, r6 + 8006ad0: 4629 mov r1, r5 + 8006ad2: 4628 mov r0, r5 + 8006ad4: f7ff f87d bl 8005bd2 + uECC_vli_modAdd(X1, X1, Z1, curve->p, num_words); /* t1 = x1 + z1^2 */ + 8006ad8: 463b mov r3, r7 + 8006ada: 462a mov r2, r5 + 8006adc: 4621 mov r1, r4 + 8006ade: 4620 mov r0, r4 + 8006ae0: f8cd 8000 str.w r8, [sp] + 8006ae4: f7ff fc3e bl 8006364 + uECC_vli_modAdd(Z1, Z1, Z1, curve->p, num_words); /* t3 = 2*z1^2 */ + 8006ae8: 463b mov r3, r7 + 8006aea: 462a mov r2, r5 + 8006aec: 4629 mov r1, r5 + 8006aee: 4628 mov r0, r5 + 8006af0: f8cd 8000 str.w r8, [sp] + 8006af4: f7ff fc36 bl 8006364 + uECC_vli_modSub(Z1, X1, Z1, curve->p, num_words); /* t3 = x1 - z1^2 */ + 8006af8: 463b mov r3, r7 + 8006afa: 462a mov r2, r5 + 8006afc: 4621 mov r1, r4 + 8006afe: 4628 mov r0, r5 + 8006b00: f7ff fc5e bl 80063c0 + uECC_vli_modMult_fast(X1, X1, Z1, curve); /* t1 = x1^2 - z1^4 */ + 8006b04: 4633 mov r3, r6 + 8006b06: 462a mov r2, r5 + 8006b08: 4621 mov r1, r4 + 8006b0a: 4620 mov r0, r4 + 8006b0c: f7ff f851 bl 8005bb2 + uECC_vli_modAdd(Z1, X1, X1, curve->p, num_words); /* t3 = 2*(x1^2 - z1^4) */ + 8006b10: 463b mov r3, r7 + 8006b12: 4622 mov r2, r4 + 8006b14: 4621 mov r1, r4 + 8006b16: 4628 mov r0, r5 + 8006b18: f8cd 8000 str.w r8, [sp] + 8006b1c: f7ff fc22 bl 8006364 + uECC_vli_modAdd(X1, X1, Z1, curve->p, num_words); /* t1 = 3*(x1^2 - z1^4) */ + 8006b20: 463b mov r3, r7 + 8006b22: f8cd 8000 str.w r8, [sp] + 8006b26: 462a mov r2, r5 + 8006b28: 4621 mov r1, r4 + 8006b2a: 4620 mov r0, r4 + 8006b2c: f7ff fc1a bl 8006364 + 8006b30: 6823 ldr r3, [r4, #0] + if (uECC_vli_testBit(X1, 0)) { + 8006b32: 07db lsls r3, r3, #31 + 8006b34: d545 bpl.n 8006bc2 + uECC_word_t l_carry = uECC_vli_add(X1, X1, curve->p, num_words); + 8006b36: 463a mov r2, r7 + 8006b38: 4621 mov r1, r4 + 8006b3a: 4620 mov r0, r4 + 8006b3c: f7ff f9c6 bl 8005ecc + uECC_vli_rshift1(X1, num_words); + 8006b40: 4641 mov r1, r8 + uECC_word_t l_carry = uECC_vli_add(X1, X1, curve->p, num_words); + 8006b42: 4682 mov sl, r0 + uECC_vli_rshift1(X1, num_words); + 8006b44: 4620 mov r0, r4 + 8006b46: f7fe ff87 bl 8005a58 + X1[num_words - 1] |= l_carry << (uECC_WORD_BITS - 1); + 8006b4a: f108 4380 add.w r3, r8, #1073741824 ; 0x40000000 + 8006b4e: 3b01 subs r3, #1 + 8006b50: f854 2023 ldr.w r2, [r4, r3, lsl #2] + 8006b54: ea42 72ca orr.w r2, r2, sl, lsl #31 + 8006b58: f844 2023 str.w r2, [r4, r3, lsl #2] + uECC_vli_modSquare_fast(Z1, X1, curve); /* t3 = B^2 */ + 8006b5c: 4632 mov r2, r6 + 8006b5e: 4621 mov r1, r4 + 8006b60: 4628 mov r0, r5 + 8006b62: f7ff f836 bl 8005bd2 + uECC_vli_modSub(Z1, Z1, t5, curve->p, num_words); /* t3 = B^2 - A */ + 8006b66: 463b mov r3, r7 + 8006b68: aa0a add r2, sp, #40 ; 0x28 + 8006b6a: 4629 mov r1, r5 + 8006b6c: 4628 mov r0, r5 + 8006b6e: f7ff fc27 bl 80063c0 + uECC_vli_modSub(Z1, Z1, t5, curve->p, num_words); /* t3 = B^2 - 2A = x3 */ + 8006b72: 463b mov r3, r7 + 8006b74: aa0a add r2, sp, #40 ; 0x28 + 8006b76: 4629 mov r1, r5 + 8006b78: 4628 mov r0, r5 + 8006b7a: f7ff fc21 bl 80063c0 + uECC_vli_modSub(t5, t5, Z1, curve->p, num_words); /* t5 = A - x3 */ + 8006b7e: a90a add r1, sp, #40 ; 0x28 + 8006b80: 4608 mov r0, r1 + 8006b82: 463b mov r3, r7 + 8006b84: 462a mov r2, r5 + 8006b86: f7ff fc1b bl 80063c0 + uECC_vli_modMult_fast(X1, X1, t5, curve); /* t1 = B * (A - x3) */ + 8006b8a: 4633 mov r3, r6 + 8006b8c: aa0a add r2, sp, #40 ; 0x28 + 8006b8e: 4621 mov r1, r4 + 8006b90: 4620 mov r0, r4 + 8006b92: f7ff f80e bl 8005bb2 + uECC_vli_modSub(t4, X1, t4, curve->p, num_words); /* t4 = B * (A - x3) - y1^4 = y3 */ + 8006b96: aa02 add r2, sp, #8 + 8006b98: 463b mov r3, r7 + 8006b9a: 4610 mov r0, r2 + 8006b9c: 4621 mov r1, r4 + 8006b9e: f7ff fc0f bl 80063c0 + uECC_vli_set(X1, Z1, num_words); + 8006ba2: 4642 mov r2, r8 + 8006ba4: 4629 mov r1, r5 + 8006ba6: 4620 mov r0, r4 + 8006ba8: f7fe ff35 bl 8005a16 + uECC_vli_set(Z1, Y1, num_words); + 8006bac: 4649 mov r1, r9 + 8006bae: 4628 mov r0, r5 + 8006bb0: f7fe ff31 bl 8005a16 + uECC_vli_set(Y1, t4, num_words); + 8006bb4: a902 add r1, sp, #8 + 8006bb6: 4648 mov r0, r9 + 8006bb8: f7fe ff2d bl 8005a16 +} + 8006bbc: b012 add sp, #72 ; 0x48 + 8006bbe: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + uECC_vli_rshift1(X1, num_words); + 8006bc2: 4641 mov r1, r8 + 8006bc4: 4620 mov r0, r4 + 8006bc6: f7fe ff47 bl 8005a58 + 8006bca: e7c7 b.n 8006b5c + +08006bcc : + g_rng_function = rng_function; + 8006bcc: 4b01 ldr r3, [pc, #4] ; (8006bd4 ) + 8006bce: 6018 str r0, [r3, #0] +} + 8006bd0: 4770 bx lr + 8006bd2: bf00 nop + 8006bd4: 2009e2a4 .word 0x2009e2a4 + +08006bd8 : +uECC_Curve uECC_secp256r1(void) { return &curve_secp256r1; } + 8006bd8: 4800 ldr r0, [pc, #0] ; (8006bdc ) + 8006bda: 4770 bx lr + 8006bdc: 080109a4 .word 0x080109a4 + +08006be0 : +uECC_Curve uECC_secp256k1(void) { return &curve_secp256k1; } + 8006be0: 4800 ldr r0, [pc, #0] ; (8006be4 ) + 8006be2: 4770 bx lr + 8006be4: 080108f0 .word 0x080108f0 + +08006be8 : + uECC_Curve curve) { + 8006be8: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 8006bec: 4605 mov r5, r0 + 8006bee: b098 sub sp, #96 ; 0x60 + 8006bf0: 460f mov r7, r1 + 8006bf2: 4614 mov r4, r2 + 8006bf4: 2640 movs r6, #64 ; 0x40 + if (!uECC_generate_random_int(private, curve->n, BITS_TO_WORDS(curve->num_n_bits))) { + 8006bf6: f102 0824 add.w r8, r2, #36 ; 0x24 + 8006bfa: f9b4 3002 ldrsh.w r3, [r4, #2] + 8006bfe: f113 021f adds.w r2, r3, #31 + 8006c02: bf48 it mi + 8006c04: f103 023e addmi.w r2, r3, #62 ; 0x3e + 8006c08: f342 1247 sbfx r2, r2, #5, #8 + 8006c0c: 4641 mov r1, r8 + 8006c0e: 4668 mov r0, sp + 8006c10: f7ff f920 bl 8005e54 + 8006c14: b330 cbz r0, 8006c64 + if (EccPoint_compute_public_key(public, private, curve)) { + 8006c16: 4622 mov r2, r4 + 8006c18: 4669 mov r1, sp + 8006c1a: a808 add r0, sp, #32 + 8006c1c: f7ff fd8f bl 800673e + 8006c20: b1f0 cbz r0, 8006c60 + uECC_vli_nativeToBytes(private_key, BITS_TO_BYTES(curve->num_n_bits), private); + 8006c22: f9b4 3002 ldrsh.w r3, [r4, #2] + 8006c26: 1dd9 adds r1, r3, #7 + 8006c28: bf48 it mi + 8006c2a: f103 010e addmi.w r1, r3, #14 + 8006c2e: 466a mov r2, sp + 8006c30: 10c9 asrs r1, r1, #3 + 8006c32: 4638 mov r0, r7 + 8006c34: f7fe fff0 bl 8005c18 + uECC_vli_nativeToBytes(public_key, curve->num_bytes, public); + 8006c38: f994 1001 ldrsb.w r1, [r4, #1] + 8006c3c: aa08 add r2, sp, #32 + 8006c3e: 4628 mov r0, r5 + 8006c40: f7fe ffea bl 8005c18 + public_key + curve->num_bytes, curve->num_bytes, public + curve->num_words); + 8006c44: f994 1001 ldrsb.w r1, [r4, #1] + 8006c48: f994 2000 ldrsb.w r2, [r4] + uECC_vli_nativeToBytes( + 8006c4c: ab08 add r3, sp, #32 + 8006c4e: 1868 adds r0, r5, r1 + 8006c50: eb03 0282 add.w r2, r3, r2, lsl #2 + 8006c54: f7fe ffe0 bl 8005c18 + return 1; + 8006c58: 2001 movs r0, #1 +} + 8006c5a: b018 add sp, #96 ; 0x60 + 8006c5c: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) { + 8006c60: 3e01 subs r6, #1 + 8006c62: d1ca bne.n 8006bfa + return 0; + 8006c64: 2000 movs r0, #0 + 8006c66: e7f8 b.n 8006c5a + +08006c68 : + uECC_Curve curve) { + 8006c68: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 8006c6c: 461c mov r4, r3 + wordcount_t num_bytes = curve->num_bytes; + 8006c6e: f993 6001 ldrsb.w r6, [r3, #1] + wordcount_t num_words = curve->num_words; + 8006c72: f993 9000 ldrsb.w r9, [r3] + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006c76: f9b3 3002 ldrsh.w r3, [r3, #2] + uECC_Curve curve) { + 8006c7a: b0a6 sub sp, #152 ; 0x98 + 8006c7c: 4617 mov r7, r2 + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006c7e: 1dda adds r2, r3, #7 + 8006c80: bf48 it mi + 8006c82: f103 020e addmi.w r2, r3, #14 + uECC_word_t *p2[2] = {private, tmp}; + 8006c86: f10d 0818 add.w r8, sp, #24 + uECC_Curve curve) { + 8006c8a: 4605 mov r5, r0 + uECC_word_t *p2[2] = {private, tmp}; + 8006c8c: f10d 0a38 add.w sl, sp, #56 ; 0x38 + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006c90: 10d2 asrs r2, r2, #3 + 8006c92: 4640 mov r0, r8 + uECC_word_t *p2[2] = {private, tmp}; + 8006c94: f8cd 8010 str.w r8, [sp, #16] + 8006c98: f8cd a014 str.w sl, [sp, #20] + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006c9c: f7fe ffd0 bl 8005c40 + uECC_vli_bytesToNative(public, public_key, num_bytes); + 8006ca0: 4629 mov r1, r5 + 8006ca2: 4632 mov r2, r6 + 8006ca4: a816 add r0, sp, #88 ; 0x58 + 8006ca6: f7fe ffcb bl 8005c40 + uECC_vli_bytesToNative(public + num_words, public_key + num_bytes, num_bytes); + 8006caa: ab16 add r3, sp, #88 ; 0x58 + 8006cac: 19a9 adds r1, r5, r6 + 8006cae: eb03 0089 add.w r0, r3, r9, lsl #2 + 8006cb2: 4632 mov r2, r6 + 8006cb4: f7fe ffc4 bl 8005c40 + carry = regularize_k(private, private, tmp, curve); + 8006cb8: 4623 mov r3, r4 + 8006cba: 4652 mov r2, sl + 8006cbc: 4641 mov r1, r8 + 8006cbe: 4640 mov r0, r8 + 8006cc0: f7ff f929 bl 8005f16 + if (g_rng_function) { + 8006cc4: 4b19 ldr r3, [pc, #100] ; (8006d2c ) + 8006cc6: 681b ldr r3, [r3, #0] + carry = regularize_k(private, private, tmp, curve); + 8006cc8: 4605 mov r5, r0 + if (g_rng_function) { + 8006cca: b163 cbz r3, 8006ce6 + if (!uECC_generate_random_int(p2[carry], curve->p, num_words)) { + 8006ccc: ab26 add r3, sp, #152 ; 0x98 + 8006cce: eb03 0380 add.w r3, r3, r0, lsl #2 + 8006cd2: 464a mov r2, r9 + 8006cd4: f853 3c88 ldr.w r3, [r3, #-136] + 8006cd8: 9303 str r3, [sp, #12] + 8006cda: 4618 mov r0, r3 + 8006cdc: 1d21 adds r1, r4, #4 + 8006cde: f7ff f8b9 bl 8005e54 + 8006ce2: 9b03 ldr r3, [sp, #12] + 8006ce4: b1f0 cbz r0, 8006d24 + EccPoint_mult(public, public, p2[!carry], initial_Z, curve->num_n_bits + 1, curve); + 8006ce6: fab5 f185 clz r1, r5 + 8006cea: aa26 add r2, sp, #152 ; 0x98 + 8006cec: 0949 lsrs r1, r1, #5 + 8006cee: eb02 0181 add.w r1, r2, r1, lsl #2 + 8006cf2: 8862 ldrh r2, [r4, #2] + 8006cf4: 9401 str r4, [sp, #4] + 8006cf6: 3201 adds r2, #1 + 8006cf8: b212 sxth r2, r2 + 8006cfa: 9200 str r2, [sp, #0] + 8006cfc: f851 2c88 ldr.w r2, [r1, #-136] + 8006d00: a916 add r1, sp, #88 ; 0x58 + 8006d02: 4608 mov r0, r1 + 8006d04: f7ff fc50 bl 80065a8 + uECC_vli_nativeToBytes(secret, num_bytes, public); + 8006d08: aa16 add r2, sp, #88 ; 0x58 + 8006d0a: 4631 mov r1, r6 + 8006d0c: 4638 mov r0, r7 + 8006d0e: f7fe ff83 bl 8005c18 + return !EccPoint_isZero(public, curve); + 8006d12: 7821 ldrb r1, [r4, #0] + 8006d14: 0049 lsls r1, r1, #1 + 8006d16: b249 sxtb r1, r1 + 8006d18: 4610 mov r0, r2 + 8006d1a: f7fe fe43 bl 80059a4 + 8006d1e: fab0 f080 clz r0, r0 + 8006d22: 0940 lsrs r0, r0, #5 +} + 8006d24: b026 add sp, #152 ; 0x98 + 8006d26: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + 8006d2a: bf00 nop + 8006d2c: 2009e2a4 .word 0x2009e2a4 + +08006d30 : +void uECC_compress(const uint8_t *public_key, uint8_t *compressed, uECC_Curve curve) { + 8006d30: b530 push {r4, r5, lr} + for (i = 0; i < curve->num_bytes; ++i) { + 8006d32: 2400 movs r4, #0 + 8006d34: f992 5001 ldrsb.w r5, [r2, #1] + 8006d38: b263 sxtb r3, r4 + 8006d3a: 429d cmp r5, r3 + 8006d3c: dc08 bgt.n 8006d50 + compressed[0] = 2 + (public_key[curve->num_bytes * 2 - 1] & 0x01); + 8006d3e: eb00 0045 add.w r0, r0, r5, lsl #1 + 8006d42: f810 3c01 ldrb.w r3, [r0, #-1] + 8006d46: f003 0301 and.w r3, r3, #1 + 8006d4a: 3302 adds r3, #2 + 8006d4c: 700b strb r3, [r1, #0] +} + 8006d4e: bd30 pop {r4, r5, pc} + compressed[i+1] = public_key[i]; + 8006d50: 5cc5 ldrb r5, [r0, r3] + 8006d52: 440b add r3, r1 + 8006d54: 3401 adds r4, #1 + 8006d56: 705d strb r5, [r3, #1] + for (i = 0; i < curve->num_bytes; ++i) { + 8006d58: e7ec b.n 8006d34 + +08006d5a : +void uECC_decompress(const uint8_t *compressed, uint8_t *public_key, uECC_Curve curve) { + 8006d5a: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + uECC_word_t *y = point + curve->num_words; + 8006d5e: f992 8000 ldrsb.w r8, [r2] +void uECC_decompress(const uint8_t *compressed, uint8_t *public_key, uECC_Curve curve) { + 8006d62: b090 sub sp, #64 ; 0x40 + 8006d64: 4614 mov r4, r2 + 8006d66: 4607 mov r7, r0 + uECC_vli_bytesToNative(point, compressed + 1, curve->num_bytes); + 8006d68: f992 2001 ldrsb.w r2, [r2, #1] + uECC_word_t *y = point + curve->num_words; + 8006d6c: eb0d 0588 add.w r5, sp, r8, lsl #2 +void uECC_decompress(const uint8_t *compressed, uint8_t *public_key, uECC_Curve curve) { + 8006d70: 460e mov r6, r1 + uECC_vli_bytesToNative(point, compressed + 1, curve->num_bytes); + 8006d72: 1c41 adds r1, r0, #1 + 8006d74: 4668 mov r0, sp + 8006d76: f7fe ff63 bl 8005c40 + curve->x_side(y, point, curve); + 8006d7a: 4622 mov r2, r4 + 8006d7c: f8d4 30ac ldr.w r3, [r4, #172] ; 0xac + 8006d80: 4669 mov r1, sp + 8006d82: 4628 mov r0, r5 + 8006d84: 4798 blx r3 + curve->mod_sqrt(y, curve); + 8006d86: f8d4 30a8 ldr.w r3, [r4, #168] ; 0xa8 + 8006d8a: 4621 mov r1, r4 + 8006d8c: 4628 mov r0, r5 + 8006d8e: 4798 blx r3 + if ((y[0] & 0x01) != (compressed[0] & 0x01)) { + 8006d90: 783b ldrb r3, [r7, #0] + 8006d92: f85d 2028 ldr.w r2, [sp, r8, lsl #2] + 8006d96: 4053 eors r3, r2 + 8006d98: 07db lsls r3, r3, #31 + 8006d9a: d504 bpl.n 8006da6 + uECC_vli_sub(y, curve->p, y, curve->num_words); + 8006d9c: 462a mov r2, r5 + 8006d9e: 1d21 adds r1, r4, #4 + 8006da0: 4628 mov r0, r5 + 8006da2: f7fe ffd1 bl 8005d48 + uECC_vli_nativeToBytes(public_key, curve->num_bytes, point); + 8006da6: f994 1001 ldrsb.w r1, [r4, #1] + 8006daa: 466a mov r2, sp + 8006dac: 4630 mov r0, r6 + 8006dae: f7fe ff33 bl 8005c18 + uECC_vli_nativeToBytes(public_key + curve->num_bytes, curve->num_bytes, y); + 8006db2: f994 1001 ldrsb.w r1, [r4, #1] + 8006db6: 462a mov r2, r5 + 8006db8: 1870 adds r0, r6, r1 + 8006dba: f7fe ff2d bl 8005c18 +} + 8006dbe: b010 add sp, #64 ; 0x40 + 8006dc0: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + +08006dc4 : +int uECC_valid_point(const uECC_word_t *point, uECC_Curve curve) { + 8006dc4: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + if (EccPoint_isZero(point, curve)) { + 8006dc8: 780d ldrb r5, [r1, #0] + wordcount_t num_words = curve->num_words; + 8006dca: f991 2000 ldrsb.w r2, [r1] +int uECC_valid_point(const uECC_word_t *point, uECC_Curve curve) { + 8006dce: b092 sub sp, #72 ; 0x48 + 8006dd0: 460e mov r6, r1 + if (EccPoint_isZero(point, curve)) { + 8006dd2: 0069 lsls r1, r5, #1 + 8006dd4: b249 sxtb r1, r1 +int uECC_valid_point(const uECC_word_t *point, uECC_Curve curve) { + 8006dd6: 4607 mov r7, r0 + wordcount_t num_words = curve->num_words; + 8006dd8: 9201 str r2, [sp, #4] + if (EccPoint_isZero(point, curve)) { + 8006dda: f7fe fde3 bl 80059a4 + 8006dde: 4604 mov r4, r0 + 8006de0: bb80 cbnz r0, 8006e44 + if (uECC_vli_cmp_unsafe(curve->p, point, num_words) != 1 || + 8006de2: f106 0804 add.w r8, r6, #4 + 8006de6: 9a01 ldr r2, [sp, #4] + 8006de8: 4639 mov r1, r7 + 8006dea: 4640 mov r0, r8 + 8006dec: f7fe fe1f bl 8005a2e + 8006df0: 2801 cmp r0, #1 + 8006df2: d11a bne.n 8006e2a + uECC_vli_cmp_unsafe(curve->p, point + num_words, num_words) != 1) { + 8006df4: 9a01 ldr r2, [sp, #4] + 8006df6: 4640 mov r0, r8 + 8006df8: eb07 0182 add.w r1, r7, r2, lsl #2 + 8006dfc: f7fe fe17 bl 8005a2e + if (uECC_vli_cmp_unsafe(curve->p, point, num_words) != 1 || + 8006e00: 2801 cmp r0, #1 + 8006e02: d112 bne.n 8006e2a + uECC_vli_modSquare_fast(tmp1, point + num_words, curve); + 8006e04: 4632 mov r2, r6 + 8006e06: a802 add r0, sp, #8 + curve->x_side(tmp2, point, curve); /* tmp2 = x^3 + ax + b */ + 8006e08: f10d 0828 add.w r8, sp, #40 ; 0x28 + uECC_vli_modSquare_fast(tmp1, point + num_words, curve); + 8006e0c: f7fe fee1 bl 8005bd2 + curve->x_side(tmp2, point, curve); /* tmp2 = x^3 + ax + b */ + 8006e10: f8d6 30ac ldr.w r3, [r6, #172] ; 0xac + 8006e14: 4632 mov r2, r6 + 8006e16: 4639 mov r1, r7 + 8006e18: 4640 mov r0, r8 + 8006e1a: 4798 blx r3 + for (i = num_words - 1; i >= 0; --i) { + 8006e1c: 1e6b subs r3, r5, #1 + 8006e1e: b25b sxtb r3, r3 + 8006e20: 061a lsls r2, r3, #24 + 8006e22: d506 bpl.n 8006e32 + return (diff == 0); + 8006e24: fab4 f484 clz r4, r4 + 8006e28: 0964 lsrs r4, r4, #5 +} + 8006e2a: 4620 mov r0, r4 + 8006e2c: b012 add sp, #72 ; 0x48 + 8006e2e: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + diff |= (left[i] ^ right[i]); + 8006e32: aa02 add r2, sp, #8 + 8006e34: f858 1023 ldr.w r1, [r8, r3, lsl #2] + 8006e38: f852 2023 ldr.w r2, [r2, r3, lsl #2] + 8006e3c: 404a eors r2, r1 + 8006e3e: 4314 orrs r4, r2 + for (i = num_words - 1; i >= 0; --i) { + 8006e40: 3b01 subs r3, #1 + 8006e42: e7ed b.n 8006e20 + return 0; + 8006e44: 2400 movs r4, #0 + 8006e46: e7f0 b.n 8006e2a + +08006e48 : +int uECC_valid_public_key(const uint8_t *public_key, uECC_Curve curve) { + 8006e48: b530 push {r4, r5, lr} + 8006e4a: 460c mov r4, r1 + 8006e4c: b091 sub sp, #68 ; 0x44 + uECC_vli_bytesToNative(public, public_key, curve->num_bytes); + 8006e4e: f991 2001 ldrsb.w r2, [r1, #1] +int uECC_valid_public_key(const uint8_t *public_key, uECC_Curve curve) { + 8006e52: 4605 mov r5, r0 + uECC_vli_bytesToNative(public, public_key, curve->num_bytes); + 8006e54: 4601 mov r1, r0 + 8006e56: 4668 mov r0, sp + 8006e58: f7fe fef2 bl 8005c40 + public + curve->num_words, public_key + curve->num_bytes, curve->num_bytes); + 8006e5c: f994 2001 ldrsb.w r2, [r4, #1] + 8006e60: f994 0000 ldrsb.w r0, [r4] + uECC_vli_bytesToNative( + 8006e64: 18a9 adds r1, r5, r2 + 8006e66: eb0d 0080 add.w r0, sp, r0, lsl #2 + 8006e6a: f7fe fee9 bl 8005c40 + return uECC_valid_point(public, curve); + 8006e6e: 4621 mov r1, r4 + 8006e70: 4668 mov r0, sp + 8006e72: f7ff ffa7 bl 8006dc4 +} + 8006e76: b011 add sp, #68 ; 0x44 + 8006e78: bd30 pop {r4, r5, pc} + +08006e7a : +int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key, uECC_Curve curve) { + 8006e7a: b570 push {r4, r5, r6, lr} + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006e7c: f9b2 3002 ldrsh.w r3, [r2, #2] +int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key, uECC_Curve curve) { + 8006e80: 4614 mov r4, r2 + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006e82: 1dda adds r2, r3, #7 + 8006e84: bf48 it mi + 8006e86: f103 020e addmi.w r2, r3, #14 +int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key, uECC_Curve curve) { + 8006e8a: b098 sub sp, #96 ; 0x60 + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006e8c: 10d2 asrs r2, r2, #3 +int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key, uECC_Curve curve) { + 8006e8e: 460e mov r6, r1 + uECC_vli_bytesToNative(private, private_key, BITS_TO_BYTES(curve->num_n_bits)); + 8006e90: 4601 mov r1, r0 + 8006e92: 4668 mov r0, sp + 8006e94: f7fe fed4 bl 8005c40 + if (uECC_vli_isZero(private, BITS_TO_WORDS(curve->num_n_bits))) { + 8006e98: f9b4 3002 ldrsh.w r3, [r4, #2] + 8006e9c: f113 021f adds.w r2, r3, #31 + 8006ea0: bf48 it mi + 8006ea2: f103 023e addmi.w r2, r3, #62 ; 0x3e + 8006ea6: f342 1147 sbfx r1, r2, #5, #8 + 8006eaa: 4668 mov r0, sp + 8006eac: f7fe fd7a bl 80059a4 + 8006eb0: b110 cbz r0, 8006eb8 + return 0; + 8006eb2: 2000 movs r0, #0 +} + 8006eb4: b018 add sp, #96 ; 0x60 + 8006eb6: bd70 pop {r4, r5, r6, pc} + if (uECC_vli_cmp(curve->n, private, BITS_TO_WORDS(curve->num_n_bits)) != 1) { + 8006eb8: 460a mov r2, r1 + 8006eba: f104 0024 add.w r0, r4, #36 ; 0x24 + 8006ebe: 4669 mov r1, sp + 8006ec0: f7fe ffb0 bl 8005e24 + 8006ec4: 2801 cmp r0, #1 + 8006ec6: 4605 mov r5, r0 + 8006ec8: d1f3 bne.n 8006eb2 + if (!EccPoint_compute_public_key(public, private, curve)) { + 8006eca: 4622 mov r2, r4 + 8006ecc: 4669 mov r1, sp + 8006ece: a808 add r0, sp, #32 + 8006ed0: f7ff fc35 bl 800673e + 8006ed4: 2800 cmp r0, #0 + 8006ed6: d0ec beq.n 8006eb2 + uECC_vli_nativeToBytes(public_key, curve->num_bytes, public); + 8006ed8: f994 1001 ldrsb.w r1, [r4, #1] + 8006edc: aa08 add r2, sp, #32 + 8006ede: 4630 mov r0, r6 + 8006ee0: f7fe fe9a bl 8005c18 + public_key + curve->num_bytes, curve->num_bytes, public + curve->num_words); + 8006ee4: f994 1001 ldrsb.w r1, [r4, #1] + 8006ee8: f994 2000 ldrsb.w r2, [r4] + uECC_vli_nativeToBytes( + 8006eec: ab08 add r3, sp, #32 + 8006eee: 1870 adds r0, r6, r1 + 8006ef0: eb03 0282 add.w r2, r3, r2, lsl #2 + 8006ef4: f7fe fe90 bl 8005c18 + return 1; + 8006ef8: 4628 mov r0, r5 + 8006efa: e7db b.n 8006eb4 + +08006efc : + uECC_Curve curve) { + 8006efc: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 8006f00: b08a sub sp, #40 ; 0x28 + 8006f02: 4605 mov r5, r0 + 8006f04: f8dd 9048 ldr.w r9, [sp, #72] ; 0x48 + 8006f08: 460e mov r6, r1 + 8006f0a: 4617 mov r7, r2 + 8006f0c: 4698 mov r8, r3 + 8006f0e: 2440 movs r4, #64 ; 0x40 + if (!uECC_generate_random_int(k, curve->n, BITS_TO_WORDS(curve->num_n_bits))) { + 8006f10: f109 0a24 add.w sl, r9, #36 ; 0x24 + 8006f14: f9b9 3002 ldrsh.w r3, [r9, #2] + 8006f18: f113 021f adds.w r2, r3, #31 + 8006f1c: bf48 it mi + 8006f1e: f103 023e addmi.w r2, r3, #62 ; 0x3e + 8006f22: f342 1247 sbfx r2, r2, #5, #8 + 8006f26: 4651 mov r1, sl + 8006f28: a802 add r0, sp, #8 + 8006f2a: f7fe ff93 bl 8005e54 + 8006f2e: b150 cbz r0, 8006f46 + if (uECC_sign_with_k(private_key, message_hash, hash_size, k, signature, curve)) { + 8006f30: e9cd 8900 strd r8, r9, [sp] + 8006f34: ab02 add r3, sp, #8 + 8006f36: 463a mov r2, r7 + 8006f38: 4631 mov r1, r6 + 8006f3a: 4628 mov r0, r5 + 8006f3c: f7ff fc2a bl 8006794 + 8006f40: b928 cbnz r0, 8006f4e + for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) { + 8006f42: 3c01 subs r4, #1 + 8006f44: d1e6 bne.n 8006f14 + return 0; + 8006f46: 2000 movs r0, #0 +} + 8006f48: b00a add sp, #40 ; 0x28 + 8006f4a: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + return 1; + 8006f4e: 2001 movs r0, #1 + 8006f50: e7fa b.n 8006f48 + +08006f52 : +int uECC_sign_deterministic(const uint8_t *private_key, + const uint8_t *message_hash, + unsigned hash_size, + uECC_HashContext *hash_context, + uint8_t *signature, + uECC_Curve curve) { + 8006f52: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 8006f56: b091 sub sp, #68 ; 0x44 + 8006f58: 4693 mov fp, r2 + uint8_t *K = hash_context->tmp; + uint8_t *V = K + hash_context->result_size; + wordcount_t num_bytes = curve->num_bytes; + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8006f5a: 9a1b ldr r2, [sp, #108] ; 0x6c + 8006f5c: f9b2 8002 ldrsh.w r8, [r2, #2] + uint8_t *V = K + hash_context->result_size; + 8006f60: e9d3 6504 ldrd r6, r5, [r3, #16] + uECC_Curve curve) { + 8006f64: 461c mov r4, r3 + wordcount_t num_bytes = curve->num_bytes; + 8006f66: 9b1b ldr r3, [sp, #108] ; 0x6c + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8006f68: f118 071f adds.w r7, r8, #31 + 8006f6c: bf48 it mi + 8006f6e: f108 073e addmi.w r7, r8, #62 ; 0x3e + bitcount_t num_n_bits = curve->num_n_bits; + uECC_word_t tries; + unsigned i; + for (i = 0; i < hash_context->result_size; ++i) { + 8006f72: 2200 movs r2, #0 + wordcount_t num_bytes = curve->num_bytes; + 8006f74: f993 3001 ldrsb.w r3, [r3, #1] + uECC_Curve curve) { + 8006f78: 4681 mov r9, r0 + 8006f7a: 468a mov sl, r1 + uint8_t *V = K + hash_context->result_size; + 8006f7c: 442e add r6, r5 + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8006f7e: f347 1747 sbfx r7, r7, #5, #8 + V[i] = 0x01; + 8006f82: 2001 movs r0, #1 + K[i] = 0; + 8006f84: 4694 mov ip, r2 + for (i = 0; i < hash_context->result_size; ++i) { + 8006f86: 6921 ldr r1, [r4, #16] + 8006f88: 4291 cmp r1, r2 + 8006f8a: f200 8086 bhi.w 800709a + } + + /* K = HMAC_K(V || 0x00 || int2octets(x) || h(m)) */ + HMAC_init(hash_context, K); + 8006f8e: 4629 mov r1, r5 + 8006f90: 4620 mov r0, r4 + 8006f92: 9303 str r3, [sp, #12] + 8006f94: f7fe fe74 bl 8005c80 + V[hash_context->result_size] = 0x00; + 8006f98: 6922 ldr r2, [r4, #16] + 8006f9a: 2100 movs r1, #0 + 8006f9c: 54b1 strb r1, [r6, r2] + HMAC_update(hash_context, V, hash_context->result_size + 1); + 8006f9e: 6922 ldr r2, [r4, #16] + 8006fa0: 4631 mov r1, r6 + 8006fa2: 3201 adds r2, #1 + 8006fa4: 4620 mov r0, r4 + 8006fa6: f7fe fe8c bl 8005cc2 + HMAC_update(hash_context, private_key, num_bytes); + 8006faa: 9b03 ldr r3, [sp, #12] + 8006fac: 4649 mov r1, r9 + 8006fae: 461a mov r2, r3 + 8006fb0: 4620 mov r0, r4 + 8006fb2: f7fe fe86 bl 8005cc2 + HMAC_update(hash_context, message_hash, hash_size); + 8006fb6: 465a mov r2, fp + 8006fb8: 4651 mov r1, sl + 8006fba: 4620 mov r0, r4 + 8006fbc: f7fe fe81 bl 8005cc2 + HMAC_finish(hash_context, K, K); + 8006fc0: 462a mov r2, r5 + 8006fc2: 4629 mov r1, r5 + 8006fc4: 4620 mov r0, r4 + 8006fc6: f7fe fe7e bl 8005cc6 + + update_V(hash_context, K, V); + 8006fca: 4632 mov r2, r6 + 8006fcc: 4629 mov r1, r5 + 8006fce: 4620 mov r0, r4 + 8006fd0: f7fe fea8 bl 8005d24 + + /* K = HMAC_K(V || 0x01 || int2octets(x) || h(m)) */ + HMAC_init(hash_context, K); + 8006fd4: 4629 mov r1, r5 + 8006fd6: 4620 mov r0, r4 + 8006fd8: f7fe fe52 bl 8005c80 + V[hash_context->result_size] = 0x01; + 8006fdc: 6922 ldr r2, [r4, #16] + 8006fde: 2101 movs r1, #1 + 8006fe0: 54b1 strb r1, [r6, r2] + HMAC_update(hash_context, V, hash_context->result_size + 1); + 8006fe2: 6922 ldr r2, [r4, #16] + 8006fe4: 4620 mov r0, r4 + 8006fe6: 440a add r2, r1 + 8006fe8: 4631 mov r1, r6 + 8006fea: f7fe fe6a bl 8005cc2 + HMAC_update(hash_context, private_key, num_bytes); + 8006fee: 9b03 ldr r3, [sp, #12] + 8006ff0: 4649 mov r1, r9 + 8006ff2: 461a mov r2, r3 + 8006ff4: 4620 mov r0, r4 + 8006ff6: f7fe fe64 bl 8005cc2 + HMAC_update(hash_context, message_hash, hash_size); + 8006ffa: 465a mov r2, fp + 8006ffc: 4651 mov r1, sl + 8006ffe: 4620 mov r0, r4 + 8007000: f7fe fe5f bl 8005cc2 + HMAC_finish(hash_context, K, K); + 8007004: 462a mov r2, r5 + 8007006: 4629 mov r1, r5 + 8007008: 4620 mov r0, r4 + 800700a: f7fe fe5c bl 8005cc6 + + update_V(hash_context, K, V); + 800700e: 4632 mov r2, r6 + 8007010: 4629 mov r1, r5 + 8007012: 4620 mov r0, r4 + 8007014: f7fe fe86 bl 8005d24 + wordcount_t T_bytes = 0; + for (;;) { + update_V(hash_context, K, V); + for (i = 0; i < hash_context->result_size; ++i) { + T_ptr[T_bytes++] = V[i]; + if (T_bytes >= num_n_words * uECC_WORD_SIZE) { + 8007018: 00bb lsls r3, r7, #2 + 800701a: 9304 str r3, [sp, #16] + goto filled; + } + } + } + filled: + if ((bitcount_t)num_n_words * uECC_WORD_SIZE * 8 > num_n_bits) { + 800701c: 017b lsls r3, r7, #5 + 800701e: 9305 str r3, [sp, #20] + uECC_word_t mask = (uECC_word_t)-1; + T[num_n_words - 1] &= + mask >> ((bitcount_t)(num_n_words * uECC_WORD_SIZE * 8 - num_n_bits)); + 8007020: ebc8 1347 rsb r3, r8, r7, lsl #5 + 8007024: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 8007028: b21b sxth r3, r3 + 800702a: fa22 f303 lsr.w r3, r2, r3 + 800702e: 9306 str r3, [sp, #24] + 8007030: 2340 movs r3, #64 ; 0x40 + 8007032: 9303 str r3, [sp, #12] + T[num_n_words - 1] &= + 8007034: 4417 add r7, r2 + 8007036: 446b add r3, sp + 8007038: eb03 0787 add.w r7, r3, r7, lsl #2 + wordcount_t T_bytes = 0; + 800703c: 2300 movs r3, #0 + update_V(hash_context, K, V); + 800703e: 4632 mov r2, r6 + 8007040: 4629 mov r1, r5 + 8007042: 4620 mov r0, r4 + 8007044: 9307 str r3, [sp, #28] + 8007046: f7fe fe6d bl 8005d24 + for (i = 0; i < hash_context->result_size; ++i) { + 800704a: 6920 ldr r0, [r4, #16] + 800704c: 9b07 ldr r3, [sp, #28] + 800704e: 4631 mov r1, r6 + 8007050: 4430 add r0, r6 + 8007052: 461a mov r2, r3 + T_ptr[T_bytes++] = V[i]; + 8007054: ab08 add r3, sp, #32 + 8007056: eb03 0c02 add.w ip, r3, r2 + for (i = 0; i < hash_context->result_size; ++i) { + 800705a: 4288 cmp r0, r1 + 800705c: 4613 mov r3, r2 + 800705e: f102 0201 add.w r2, r2, #1 + 8007062: b252 sxtb r2, r2 + 8007064: d0eb beq.n 800703e + T_ptr[T_bytes++] = V[i]; + 8007066: f811 3b01 ldrb.w r3, [r1], #1 + 800706a: f88c 3000 strb.w r3, [ip] + if (T_bytes >= num_n_words * uECC_WORD_SIZE) { + 800706e: 9b04 ldr r3, [sp, #16] + 8007070: 4293 cmp r3, r2 + 8007072: dcef bgt.n 8007054 + if ((bitcount_t)num_n_words * uECC_WORD_SIZE * 8 > num_n_bits) { + 8007074: 9b05 ldr r3, [sp, #20] + 8007076: 4598 cmp r8, r3 + 8007078: db14 blt.n 80070a4 + } + + if (uECC_sign_with_k(private_key, message_hash, hash_size, T, signature, curve)) { + 800707a: 9b1b ldr r3, [sp, #108] ; 0x6c + 800707c: 9301 str r3, [sp, #4] + 800707e: 9b1a ldr r3, [sp, #104] ; 0x68 + 8007080: 9300 str r3, [sp, #0] + 8007082: 465a mov r2, fp + 8007084: ab08 add r3, sp, #32 + 8007086: 4651 mov r1, sl + 8007088: 4648 mov r0, r9 + 800708a: f7ff fb83 bl 8006794 + 800708e: b180 cbz r0, 80070b2 + return 1; + 8007090: 2301 movs r3, #1 + HMAC_finish(hash_context, K, K); + + update_V(hash_context, K, V); + } + return 0; +} + 8007092: 4618 mov r0, r3 + 8007094: b011 add sp, #68 ; 0x44 + 8007096: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + V[i] = 0x01; + 800709a: 54b0 strb r0, [r6, r2] + K[i] = 0; + 800709c: f805 c002 strb.w ip, [r5, r2] + for (i = 0; i < hash_context->result_size; ++i) { + 80070a0: 3201 adds r2, #1 + 80070a2: e770 b.n 8006f86 + T[num_n_words - 1] &= + 80070a4: f857 3c20 ldr.w r3, [r7, #-32] + 80070a8: 9a06 ldr r2, [sp, #24] + 80070aa: 4013 ands r3, r2 + 80070ac: f847 3c20 str.w r3, [r7, #-32] + 80070b0: e7e3 b.n 800707a + 80070b2: 9007 str r0, [sp, #28] + HMAC_init(hash_context, K); + 80070b4: 4629 mov r1, r5 + 80070b6: 4620 mov r0, r4 + 80070b8: f7fe fde2 bl 8005c80 + V[hash_context->result_size] = 0x00; + 80070bc: 6922 ldr r2, [r4, #16] + 80070be: 9b07 ldr r3, [sp, #28] + 80070c0: 54b3 strb r3, [r6, r2] + HMAC_update(hash_context, V, hash_context->result_size + 1); + 80070c2: 6922 ldr r2, [r4, #16] + 80070c4: 4631 mov r1, r6 + 80070c6: 3201 adds r2, #1 + 80070c8: 4620 mov r0, r4 + 80070ca: f7fe fdfa bl 8005cc2 + HMAC_finish(hash_context, K, K); + 80070ce: 462a mov r2, r5 + 80070d0: 4629 mov r1, r5 + 80070d2: 4620 mov r0, r4 + 80070d4: f7fe fdf7 bl 8005cc6 + update_V(hash_context, K, V); + 80070d8: 4632 mov r2, r6 + 80070da: 4629 mov r1, r5 + 80070dc: 4620 mov r0, r4 + 80070de: f7fe fe21 bl 8005d24 + for (tries = 0; tries < uECC_RNG_MAX_TRIES; ++tries) { + 80070e2: 9b03 ldr r3, [sp, #12] + 80070e4: 3b01 subs r3, #1 + 80070e6: 9303 str r3, [sp, #12] + 80070e8: 9b07 ldr r3, [sp, #28] + 80070ea: d1a7 bne.n 800703c + 80070ec: e7d1 b.n 8007092 + +080070ee : + +int uECC_verify(const uint8_t *public_key, + const uint8_t *message_hash, + unsigned hash_size, + const uint8_t *signature, + uECC_Curve curve) { + 80070ee: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 80070f2: ed2d 8b02 vpush {d8} + 80070f6: b0fb sub sp, #492 ; 0x1ec + 80070f8: 461c mov r4, r3 + 80070fa: 9d86 ldr r5, [sp, #536] ; 0x218 + const uECC_word_t *point; + bitcount_t num_bits; + bitcount_t i; + uECC_word_t r[uECC_MAX_WORDS], s[uECC_MAX_WORDS]; + wordcount_t num_words = curve->num_words; + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 80070fc: f9b5 3002 ldrsh.w r3, [r5, #2] + wordcount_t num_words = curve->num_words; + 8007100: f995 8000 ldrsb.w r8, [r5] + wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits); + 8007104: f113 061f adds.w r6, r3, #31 + 8007108: bf48 it mi + 800710a: f103 063e addmi.w r6, r3, #62 ; 0x3e + 800710e: f346 1647 sbfx r6, r6, #5, #8 + + rx[num_n_words - 1] = 0; + 8007112: f106 3aff add.w sl, r6, #4294967295 ; 0xffffffff + uECC_Curve curve) { + 8007116: 4691 mov r9, r2 + rx[num_n_words - 1] = 0; + 8007118: aa22 add r2, sp, #136 ; 0x88 + 800711a: 2300 movs r3, #0 + 800711c: f842 302a str.w r3, [r2, sl, lsl #2] + r[num_n_words - 1] = 0; + 8007120: aa7a add r2, sp, #488 ; 0x1e8 + 8007122: eb02 028a add.w r2, r2, sl, lsl #2 + uECC_Curve curve) { + 8007126: 4607 mov r7, r0 + r[num_n_words - 1] = 0; + 8007128: f842 3cc0 str.w r3, [r2, #-192] + s[num_n_words - 1] = 0; + 800712c: f842 3ca0 str.w r3, [r2, #-160] + uECC_Curve curve) { + 8007130: ee08 1a90 vmov s17, r1 + + uECC_vli_bytesToNative(public, public_key, curve->num_bytes); + 8007134: f995 2001 ldrsb.w r2, [r5, #1] + 8007138: 4601 mov r1, r0 + 800713a: a85a add r0, sp, #360 ; 0x168 + 800713c: f7fe fd80 bl 8005c40 + uECC_vli_bytesToNative( + public + num_words, public_key + curve->num_bytes, curve->num_bytes); + 8007140: ea4f 0388 mov.w r3, r8, lsl #2 + 8007144: f995 2001 ldrsb.w r2, [r5, #1] + 8007148: 9304 str r3, [sp, #16] + uECC_vli_bytesToNative( + 800714a: ab5a add r3, sp, #360 ; 0x168 + 800714c: eb03 0388 add.w r3, r3, r8, lsl #2 + 8007150: 4618 mov r0, r3 + 8007152: 18b9 adds r1, r7, r2 + 8007154: ee08 3a10 vmov s16, r3 + 8007158: f7fe fd72 bl 8005c40 + uECC_vli_bytesToNative(r, signature, curve->num_bytes); + 800715c: 4621 mov r1, r4 + 800715e: f995 2001 ldrsb.w r2, [r5, #1] + 8007162: a84a add r0, sp, #296 ; 0x128 + 8007164: f7fe fd6c bl 8005c40 + uECC_vli_bytesToNative(s, signature + curve->num_bytes, curve->num_bytes); + 8007168: f995 2001 ldrsb.w r2, [r5, #1] + 800716c: a852 add r0, sp, #328 ; 0x148 + 800716e: 18a1 adds r1, r4, r2 + 8007170: f7fe fd66 bl 8005c40 + + /* r, s must not be 0. */ + if (uECC_vli_isZero(r, num_words) || uECC_vli_isZero(s, num_words)) { + 8007174: 4641 mov r1, r8 + 8007176: a84a add r0, sp, #296 ; 0x128 + 8007178: f7fe fc14 bl 80059a4 + 800717c: 2300 movs r3, #0 + 800717e: 4604 mov r4, r0 + 8007180: 2800 cmp r0, #0 + 8007182: f040 812b bne.w 80073dc + 8007186: a852 add r0, sp, #328 ; 0x148 + 8007188: f7fe fc0c bl 80059a4 + 800718c: 9002 str r0, [sp, #8] + 800718e: 2800 cmp r0, #0 + 8007190: f040 8126 bne.w 80073e0 + return 0; + } + + /* r, s must be < n. */ + if (uECC_vli_cmp_unsafe(curve->n, r, num_n_words) != 1 || + 8007194: f105 0b24 add.w fp, r5, #36 ; 0x24 + 8007198: 4632 mov r2, r6 + 800719a: a94a add r1, sp, #296 ; 0x128 + 800719c: 4658 mov r0, fp + 800719e: f7fe fc46 bl 8005a2e + 80071a2: 2801 cmp r0, #1 + 80071a4: f040 811e bne.w 80073e4 + uECC_vli_cmp_unsafe(curve->n, s, num_n_words) != 1) { + 80071a8: 4632 mov r2, r6 + 80071aa: a952 add r1, sp, #328 ; 0x148 + 80071ac: 4658 mov r0, fp + 80071ae: f7fe fc3e bl 8005a2e + if (uECC_vli_cmp_unsafe(curve->n, r, num_n_words) != 1 || + 80071b2: 2801 cmp r0, #1 + uECC_vli_cmp_unsafe(curve->n, s, num_n_words) != 1) { + 80071b4: 9005 str r0, [sp, #20] + if (uECC_vli_cmp_unsafe(curve->n, r, num_n_words) != 1 || + 80071b6: f040 8115 bne.w 80073e4 + return 0; + } + + /* Calculate u1 and u2. */ + uECC_vli_modInv(z, s, curve->n, num_n_words); /* z = 1/s */ + 80071ba: ac1a add r4, sp, #104 ; 0x68 + u1[num_n_words - 1] = 0; + 80071bc: af0a add r7, sp, #40 ; 0x28 + uECC_vli_modInv(z, s, curve->n, num_n_words); /* z = 1/s */ + 80071be: 4633 mov r3, r6 + 80071c0: 465a mov r2, fp + 80071c2: 4620 mov r0, r4 + 80071c4: f7ff f84e bl 8006264 + u1[num_n_words - 1] = 0; + 80071c8: 9b02 ldr r3, [sp, #8] + 80071ca: f847 302a str.w r3, [r7, sl, lsl #2] + bits2int(u1, message_hash, hash_size, curve); + 80071ce: 464a mov r2, r9 + 80071d0: 4638 mov r0, r7 + 80071d2: ee18 1a90 vmov r1, s17 + 80071d6: 462b mov r3, r5 + 80071d8: f7fe fddd bl 8005d96 + uECC_vli_modMult(u1, u1, z, curve->n, num_n_words); /* u1 = e/s */ + 80071dc: 4639 mov r1, r7 + 80071de: 4638 mov r0, r7 + 80071e0: 465b mov r3, fp + 80071e2: 4622 mov r2, r4 + 80071e4: 9600 str r6, [sp, #0] + 80071e6: f7fe fc44 bl 8005a72 + uECC_vli_modMult(u2, r, z, curve->n, num_n_words); /* u2 = r/s */ + + /* Calculate sum = G + Q. */ + uECC_vli_set(sum, public, num_words); + 80071ea: f50d 7ad4 add.w sl, sp, #424 ; 0x1a8 + uECC_vli_modMult(u2, r, z, curve->n, num_n_words); /* u2 = r/s */ + 80071ee: 465b mov r3, fp + 80071f0: 4622 mov r2, r4 + 80071f2: a94a add r1, sp, #296 ; 0x128 + 80071f4: a812 add r0, sp, #72 ; 0x48 + 80071f6: 9600 str r6, [sp, #0] + 80071f8: f7fe fc3b bl 8005a72 + uECC_vli_set(sum, public, num_words); + 80071fc: 4642 mov r2, r8 + 80071fe: 4650 mov r0, sl + 8007200: a95a add r1, sp, #360 ; 0x168 + 8007202: f7fe fc08 bl 8005a16 + uECC_vli_set(sum + num_words, public + num_words, num_words); + 8007206: 9b04 ldr r3, [sp, #16] + 8007208: eb0a 0903 add.w r9, sl, r3 + 800720c: ee18 1a10 vmov r1, s16 + 8007210: 4648 mov r0, r9 + 8007212: f7fe fc00 bl 8005a16 + uECC_vli_set(tx, curve->G, num_words); + 8007216: f105 0344 add.w r3, r5, #68 ; 0x44 + 800721a: 4619 mov r1, r3 + 800721c: a832 add r0, sp, #200 ; 0xc8 + 800721e: 9303 str r3, [sp, #12] + 8007220: f7fe fbf9 bl 8005a16 + uECC_vli_set(ty, curve->G + num_words, num_words); + 8007224: e9dd 3103 ldrd r3, r1, [sp, #12] + 8007228: a83a add r0, sp, #232 ; 0xe8 + 800722a: 1859 adds r1, r3, r1 + 800722c: f7fe fbf3 bl 8005a16 + uECC_vli_modSub(z, sum, tx, curve->p, num_words); /* z = x2 - x1 */ + 8007230: 1d2b adds r3, r5, #4 + 8007232: ee08 3a10 vmov s16, r3 + 8007236: 4651 mov r1, sl + 8007238: aa32 add r2, sp, #200 ; 0xc8 + 800723a: 4620 mov r0, r4 + 800723c: f7ff f8c0 bl 80063c0 + XYcZ_add(tx, ty, sum, sum + num_words, curve); + 8007240: 464b mov r3, r9 + 8007242: 4652 mov r2, sl + 8007244: a93a add r1, sp, #232 ; 0xe8 + 8007246: a832 add r0, sp, #200 ; 0xc8 + 8007248: 9500 str r5, [sp, #0] + 800724a: f7ff f94d bl 80064e8 + uECC_vli_modInv(z, z, curve->p, num_words); /* z = 1/z */ + 800724e: ee18 2a10 vmov r2, s16 + 8007252: 4643 mov r3, r8 + 8007254: 4621 mov r1, r4 + 8007256: 4620 mov r0, r4 + 8007258: f7ff f804 bl 8006264 + apply_z(sum, sum + num_words, z, curve); + 800725c: 462b mov r3, r5 + 800725e: 4649 mov r1, r9 + 8007260: 4650 mov r0, sl + 8007262: 4622 mov r2, r4 + 8007264: f7fe fcb9 bl 8005bda + + /* Use Shamir's trick to calculate u1*G + u2*Q */ + points[0] = 0; + 8007268: 9a02 ldr r2, [sp, #8] + 800726a: 9206 str r2, [sp, #24] + points[1] = curve->G; + 800726c: 9a03 ldr r2, [sp, #12] + 800726e: 9207 str r2, [sp, #28] + points[2] = public; + points[3] = sum; + num_bits = smax(uECC_vli_numBits(u1, num_n_words), + 8007270: 4631 mov r1, r6 + points[2] = public; + 8007272: aa5a add r2, sp, #360 ; 0x168 + num_bits = smax(uECC_vli_numBits(u1, num_n_words), + 8007274: 4638 mov r0, r7 + points[3] = sum; + 8007276: e9cd 2a08 strd r2, sl, [sp, #32] + num_bits = smax(uECC_vli_numBits(u1, num_n_words), + 800727a: f7fe fbac bl 80059d6 + 800727e: 4631 mov r1, r6 + 8007280: 4682 mov sl, r0 + 8007282: a812 add r0, sp, #72 ; 0x48 + 8007284: f7fe fba7 bl 80059d6 + return (a > b ? a : b); + 8007288: 4550 cmp r0, sl + 800728a: bfb8 it lt + 800728c: 4650 movlt r0, sl + uECC_vli_numBits(u2, num_n_words)); + + point = points[(!!uECC_vli_testBit(u1, num_bits - 1)) | + 800728e: fa1f f980 uxth.w r9, r0 + 8007292: f109 31ff add.w r1, r9, #4294967295 ; 0xffffffff + 8007296: b209 sxth r1, r1 + 8007298: 4638 mov r0, r7 + 800729a: 9103 str r1, [sp, #12] + 800729c: f7fe fb91 bl 80059c2 + ((!!uECC_vli_testBit(u2, num_bits - 1)) << 1)]; + 80072a0: 9903 ldr r1, [sp, #12] + point = points[(!!uECC_vli_testBit(u1, num_bits - 1)) | + 80072a2: 1e07 subs r7, r0, #0 + ((!!uECC_vli_testBit(u2, num_bits - 1)) << 1)]; + 80072a4: a812 add r0, sp, #72 ; 0x48 + point = points[(!!uECC_vli_testBit(u1, num_bits - 1)) | + 80072a6: bf18 it ne + 80072a8: 2701 movne r7, #1 + ((!!uECC_vli_testBit(u2, num_bits - 1)) << 1)]; + 80072aa: f7fe fb8a bl 80059c2 + 80072ae: 2800 cmp r0, #0 + 80072b0: bf14 ite ne + 80072b2: 2002 movne r0, #2 + 80072b4: 2000 moveq r0, #0 + point = points[(!!uECC_vli_testBit(u1, num_bits - 1)) | + 80072b6: ab06 add r3, sp, #24 + 80072b8: 4307 orrs r7, r0 + uECC_vli_set(rx, point, num_words); + 80072ba: 4642 mov r2, r8 + point = points[(!!uECC_vli_testBit(u1, num_bits - 1)) | + 80072bc: f853 1027 ldr.w r1, [r3, r7, lsl #2] + uECC_vli_set(rx, point, num_words); + 80072c0: a822 add r0, sp, #136 ; 0x88 + 80072c2: f7fe fba8 bl 8005a16 + uECC_vli_set(ry, point + num_words, num_words); + 80072c6: 9b04 ldr r3, [sp, #16] + 80072c8: f10d 0aa8 add.w sl, sp, #168 ; 0xa8 + 80072cc: 4419 add r1, r3 + 80072ce: 4650 mov r0, sl + 80072d0: f7fe fba1 bl 8005a16 + uECC_vli_clear(z, num_words); + 80072d4: 4641 mov r1, r8 + 80072d6: 4620 mov r0, r4 + 80072d8: f7fe fb5e bl 8005998 + z[0] = 1; + 80072dc: 9b05 ldr r3, [sp, #20] + 80072de: 6023 str r3, [r4, #0] + + for (i = num_bits - 2; i >= 0; --i) { + 80072e0: f1a9 0902 sub.w r9, r9, #2 + 80072e4: ab22 add r3, sp, #136 ; 0x88 + 80072e6: fa0f f989 sxth.w r9, r9 + 80072ea: 9303 str r3, [sp, #12] + 80072ec: f1b9 0f00 cmp.w r9, #0 + 80072f0: da26 bge.n 8007340 + XYcZ_add(tx, ty, rx, ry, curve); + uECC_vli_modMult_fast(z, z, tz, curve); + } + } + + uECC_vli_modInv(z, z, curve->p, num_words); /* Z = 1/Z */ + 80072f2: ee18 2a10 vmov r2, s16 + 80072f6: 4643 mov r3, r8 + 80072f8: 4621 mov r1, r4 + 80072fa: 4620 mov r0, r4 + 80072fc: f7fe ffb2 bl 8006264 + apply_z(rx, ry, z, curve); + 8007300: 9803 ldr r0, [sp, #12] + 8007302: 462b mov r3, r5 + 8007304: 4622 mov r2, r4 + 8007306: 4651 mov r1, sl + 8007308: f7fe fc67 bl 8005bda + + /* v = x1 (mod n) */ + if (uECC_vli_cmp_unsafe(curve->n, rx, num_n_words) != 1) { + 800730c: 9903 ldr r1, [sp, #12] + 800730e: 4632 mov r2, r6 + 8007310: 4658 mov r0, fp + 8007312: f7fe fb8c bl 8005a2e + 8007316: 2801 cmp r0, #1 + 8007318: d003 beq.n 8007322 + uECC_vli_sub(rx, rx, curve->n, num_n_words); + 800731a: 465a mov r2, fp + 800731c: 4608 mov r0, r1 + 800731e: f7fe fd13 bl 8005d48 + for (i = num_words - 1; i >= 0; --i) { + 8007322: f108 33ff add.w r3, r8, #4294967295 ; 0xffffffff + 8007326: b25b sxtb r3, r3 + diff |= (left[i] ^ right[i]); + 8007328: a94a add r1, sp, #296 ; 0x128 + for (i = num_words - 1; i >= 0; --i) { + 800732a: 061a lsls r2, r3, #24 + 800732c: d54b bpl.n 80073c6 + return (diff == 0); + 800732e: 9b02 ldr r3, [sp, #8] + 8007330: fab3 f083 clz r0, r3 + 8007334: 0940 lsrs r0, r0, #5 + } + + /* Accept only if v == r. */ + return (int)(uECC_vli_equal(rx, r, num_words)); +} + 8007336: b07b add sp, #492 ; 0x1ec + 8007338: ecbd 8b02 vpop {d8} + 800733c: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + curve->double_jacobian(rx, ry, z, curve); + 8007340: 462b mov r3, r5 + 8007342: 4622 mov r2, r4 + 8007344: f8d5 70a4 ldr.w r7, [r5, #164] ; 0xa4 + 8007348: 9803 ldr r0, [sp, #12] + 800734a: 4651 mov r1, sl + 800734c: 47b8 blx r7 + index = (!!uECC_vli_testBit(u1, i)) | ((!!uECC_vli_testBit(u2, i)) << 1); + 800734e: 4649 mov r1, r9 + 8007350: a80a add r0, sp, #40 ; 0x28 + 8007352: f7fe fb36 bl 80059c2 + 8007356: 4649 mov r1, r9 + 8007358: 1e07 subs r7, r0, #0 + 800735a: a812 add r0, sp, #72 ; 0x48 + 800735c: bf18 it ne + 800735e: 2701 movne r7, #1 + 8007360: f7fe fb2f bl 80059c2 + 8007364: 2800 cmp r0, #0 + 8007366: bf14 ite ne + 8007368: 2002 movne r0, #2 + 800736a: 2000 moveq r0, #0 + 800736c: 4307 orrs r7, r0 + point = points[index]; + 800736e: ab06 add r3, sp, #24 + 8007370: f853 1027 ldr.w r1, [r3, r7, lsl #2] + if (point) { + 8007374: b311 cbz r1, 80073bc + uECC_vli_set(tx, point, num_words); + 8007376: 4642 mov r2, r8 + 8007378: a832 add r0, sp, #200 ; 0xc8 + 800737a: f7fe fb4c bl 8005a16 + uECC_vli_set(ty, point + num_words, num_words); + 800737e: 9b04 ldr r3, [sp, #16] + 8007380: a83a add r0, sp, #232 ; 0xe8 + 8007382: 4419 add r1, r3 + 8007384: f7fe fb47 bl 8005a16 + apply_z(tx, ty, z, curve); + 8007388: 4601 mov r1, r0 + 800738a: 462b mov r3, r5 + 800738c: 4622 mov r2, r4 + 800738e: a832 add r0, sp, #200 ; 0xc8 + 8007390: f7fe fc23 bl 8005bda + uECC_vli_modSub(tz, rx, tx, curve->p, num_words); /* Z = x2 - x1 */ + 8007394: ee18 3a10 vmov r3, s16 + 8007398: 9903 ldr r1, [sp, #12] + 800739a: aa32 add r2, sp, #200 ; 0xc8 + 800739c: a842 add r0, sp, #264 ; 0x108 + 800739e: f7ff f80f bl 80063c0 + XYcZ_add(tx, ty, rx, ry, curve); + 80073a2: 9a03 ldr r2, [sp, #12] + 80073a4: 9500 str r5, [sp, #0] + 80073a6: 4653 mov r3, sl + 80073a8: a93a add r1, sp, #232 ; 0xe8 + 80073aa: a832 add r0, sp, #200 ; 0xc8 + 80073ac: f7ff f89c bl 80064e8 + uECC_vli_modMult_fast(z, z, tz, curve); + 80073b0: 462b mov r3, r5 + 80073b2: aa42 add r2, sp, #264 ; 0x108 + 80073b4: 4621 mov r1, r4 + 80073b6: 4620 mov r0, r4 + 80073b8: f7fe fbfb bl 8005bb2 + for (i = num_bits - 2; i >= 0; --i) { + 80073bc: f109 39ff add.w r9, r9, #4294967295 ; 0xffffffff + 80073c0: fa0f f989 sxth.w r9, r9 + 80073c4: e792 b.n 80072ec + diff |= (left[i] ^ right[i]); + 80073c6: 9a03 ldr r2, [sp, #12] + 80073c8: f851 0023 ldr.w r0, [r1, r3, lsl #2] + 80073cc: f852 2023 ldr.w r2, [r2, r3, lsl #2] + 80073d0: 4042 eors r2, r0 + 80073d2: 9802 ldr r0, [sp, #8] + 80073d4: 4310 orrs r0, r2 + 80073d6: 9002 str r0, [sp, #8] + for (i = num_words - 1; i >= 0; --i) { + 80073d8: 3b01 subs r3, #1 + 80073da: e7a6 b.n 800732a + return 0; + 80073dc: 4618 mov r0, r3 + 80073de: e7aa b.n 8007336 + 80073e0: 4620 mov r0, r4 + 80073e2: e7a8 b.n 8007336 + 80073e4: 9802 ldr r0, [sp, #8] + 80073e6: e7a6 b.n 8007336 + +080073e8 : +const uint32_t MSIRangeTable[12] = {100000, 200000, 400000, 800000, 1000000, 2000000, \ + 4000000, 8000000, 16000000, 24000000, 32000000, 48000000}; +uint32_t SystemCoreClock; + +// TODO: cleanup HAL stuff to not use this +uint32_t HAL_GetTick(void) { return 53; } + 80073e8: 2035 movs r0, #53 ; 0x35 + 80073ea: 4770 bx lr + +080073ec : +uint32_t uwTickPrio = 0; /* (1UL << __NVIC_PRIO_BITS); * Invalid priority */ + +// unwanted junk from stm32l4xx_hal_rcc.c +HAL_StatusTypeDef HAL_InitTick (uint32_t TickPriority) { return 0; } + 80073ec: 2000 movs r0, #0 + 80073ee: 4770 bx lr + +080073f0 : + * or PWR_REGULATOR_VOLTAGE_SCALE1_BOOST when applicable) + */ +uint32_t HAL_PWREx_GetVoltageRange(void) +{ +#if defined(PWR_CR5_R1MODE) + if (READ_BIT(PWR->CR1, PWR_CR1_VOS) == PWR_REGULATOR_VOLTAGE_SCALE2) + 80073f0: 4b07 ldr r3, [pc, #28] ; (8007410 ) + 80073f2: 6818 ldr r0, [r3, #0] + 80073f4: f400 60c0 and.w r0, r0, #1536 ; 0x600 + 80073f8: f5b0 6f80 cmp.w r0, #1024 ; 0x400 + 80073fc: d006 beq.n 800740c + { + return PWR_REGULATOR_VOLTAGE_SCALE2; + } + else if (READ_BIT(PWR->CR5, PWR_CR5_R1MODE) == PWR_CR5_R1MODE) + 80073fe: f8d3 0080 ldr.w r0, [r3, #128] ; 0x80 + { + /* PWR_CR5_R1MODE bit set means that Range 1 Boost is disabled */ + return PWR_REGULATOR_VOLTAGE_SCALE1; + 8007402: f410 7080 ands.w r0, r0, #256 ; 0x100 + 8007406: bf18 it ne + 8007408: f44f 7000 movne.w r0, #512 ; 0x200 + return PWR_REGULATOR_VOLTAGE_SCALE1_BOOST; + } +#else + return (PWR->CR1 & PWR_CR1_VOS); +#endif +} + 800740c: 4770 bx lr + 800740e: bf00 nop + 8007410: 40007000 .word 0x40007000 + +08007414 : + uint32_t wait_loop_index; + + assert_param(IS_PWR_VOLTAGE_SCALING_RANGE(VoltageScaling)); + +#if defined(PWR_CR5_R1MODE) + if (VoltageScaling == PWR_REGULATOR_VOLTAGE_SCALE1_BOOST) + 8007414: 4b29 ldr r3, [pc, #164] ; (80074bc ) + { + /* If current range is range 2 */ + if (READ_BIT(PWR->CR1, PWR_CR1_VOS) == PWR_REGULATOR_VOLTAGE_SCALE2) + 8007416: 681a ldr r2, [r3, #0] + if (VoltageScaling == PWR_REGULATOR_VOLTAGE_SCALE1_BOOST) + 8007418: bb30 cbnz r0, 8007468 + if (READ_BIT(PWR->CR1, PWR_CR1_VOS) == PWR_REGULATOR_VOLTAGE_SCALE2) + 800741a: f402 62c0 and.w r2, r2, #1536 ; 0x600 + 800741e: f5b2 6f80 cmp.w r2, #1024 ; 0x400 + { + /* Make sure Range 1 Boost is enabled */ + CLEAR_BIT(PWR->CR5, PWR_CR5_R1MODE); + 8007422: f8d3 2080 ldr.w r2, [r3, #128] ; 0x80 + 8007426: f422 7280 bic.w r2, r2, #256 ; 0x100 + 800742a: f8c3 2080 str.w r2, [r3, #128] ; 0x80 + if (READ_BIT(PWR->CR1, PWR_CR1_VOS) == PWR_REGULATOR_VOLTAGE_SCALE2) + 800742e: d11a bne.n 8007466 + + /* Set Range 1 */ + MODIFY_REG(PWR->CR1, PWR_CR1_VOS, PWR_REGULATOR_VOLTAGE_SCALE1); + 8007430: 681a ldr r2, [r3, #0] + 8007432: f422 62c0 bic.w r2, r2, #1536 ; 0x600 + 8007436: f442 7200 orr.w r2, r2, #512 ; 0x200 + 800743a: 601a str r2, [r3, #0] + + /* Wait until VOSF is cleared */ + wait_loop_index = ((PWR_FLAG_SETTING_DELAY_US * SystemCoreClock) / 1000000U) + 1; + 800743c: 4a20 ldr r2, [pc, #128] ; (80074c0 ) + 800743e: 6812 ldr r2, [r2, #0] + 8007440: 2132 movs r1, #50 ; 0x32 + 8007442: 434a muls r2, r1 + 8007444: 491f ldr r1, [pc, #124] ; (80074c4 ) + 8007446: fbb2 f2f1 udiv r2, r2, r1 + 800744a: 3201 adds r2, #1 + while ((HAL_IS_BIT_SET(PWR->SR2, PWR_SR2_VOSF)) && (wait_loop_index != 0U)) + 800744c: 6959 ldr r1, [r3, #20] + 800744e: 0549 lsls r1, r1, #21 + 8007450: d500 bpl.n 8007454 + 8007452: b922 cbnz r2, 800745e + { + wait_loop_index--; + } + if (HAL_IS_BIT_SET(PWR->SR2, PWR_SR2_VOSF)) + 8007454: 695b ldr r3, [r3, #20] + 8007456: 0558 lsls r0, r3, #21 + 8007458: d403 bmi.n 8007462 + /* No need to wait for VOSF to be cleared for this transition */ + } + } +#endif + + return HAL_OK; + 800745a: 2000 movs r0, #0 +} + 800745c: 4770 bx lr + wait_loop_index--; + 800745e: 3a01 subs r2, #1 + 8007460: e7f4 b.n 800744c + return HAL_TIMEOUT; + 8007462: 2003 movs r0, #3 + 8007464: 4770 bx lr + CLEAR_BIT(PWR->CR5, PWR_CR5_R1MODE); + 8007466: 4770 bx lr + else if (VoltageScaling == PWR_REGULATOR_VOLTAGE_SCALE1) + 8007468: f5b0 7f00 cmp.w r0, #512 ; 0x200 + 800746c: d11f bne.n 80074ae + if (READ_BIT(PWR->CR1, PWR_CR1_VOS) == PWR_REGULATOR_VOLTAGE_SCALE2) + 800746e: f402 62c0 and.w r2, r2, #1536 ; 0x600 + 8007472: f5b2 6f80 cmp.w r2, #1024 ; 0x400 + SET_BIT(PWR->CR5, PWR_CR5_R1MODE); + 8007476: f8d3 2080 ldr.w r2, [r3, #128] ; 0x80 + 800747a: f442 7280 orr.w r2, r2, #256 ; 0x100 + 800747e: f8c3 2080 str.w r2, [r3, #128] ; 0x80 + if (READ_BIT(PWR->CR1, PWR_CR1_VOS) == PWR_REGULATOR_VOLTAGE_SCALE2) + 8007482: d1ea bne.n 800745a + MODIFY_REG(PWR->CR1, PWR_CR1_VOS, PWR_REGULATOR_VOLTAGE_SCALE1); + 8007484: 681a ldr r2, [r3, #0] + 8007486: f422 62c0 bic.w r2, r2, #1536 ; 0x600 + 800748a: f442 7200 orr.w r2, r2, #512 ; 0x200 + 800748e: 601a str r2, [r3, #0] + wait_loop_index = ((PWR_FLAG_SETTING_DELAY_US * SystemCoreClock) / 1000000U) + 1; + 8007490: 4a0b ldr r2, [pc, #44] ; (80074c0 ) + 8007492: 6812 ldr r2, [r2, #0] + 8007494: 2132 movs r1, #50 ; 0x32 + 8007496: 434a muls r2, r1 + 8007498: 490a ldr r1, [pc, #40] ; (80074c4 ) + 800749a: fbb2 f2f1 udiv r2, r2, r1 + 800749e: 3201 adds r2, #1 + while ((HAL_IS_BIT_SET(PWR->SR2, PWR_SR2_VOSF)) && (wait_loop_index != 0U)) + 80074a0: 6959 ldr r1, [r3, #20] + 80074a2: 0549 lsls r1, r1, #21 + 80074a4: d5d6 bpl.n 8007454 + 80074a6: 2a00 cmp r2, #0 + 80074a8: d0d4 beq.n 8007454 + wait_loop_index--; + 80074aa: 3a01 subs r2, #1 + 80074ac: e7f8 b.n 80074a0 + MODIFY_REG(PWR->CR1, PWR_CR1_VOS, PWR_REGULATOR_VOLTAGE_SCALE2); + 80074ae: f422 62c0 bic.w r2, r2, #1536 ; 0x600 + 80074b2: f442 6280 orr.w r2, r2, #1024 ; 0x400 + 80074b6: 601a str r2, [r3, #0] + 80074b8: e7cf b.n 800745a + 80074ba: bf00 nop + 80074bc: 40007000 .word 0x40007000 + 80074c0: 2009e2ac .word 0x2009e2ac + 80074c4: 000f4240 .word 0x000f4240 + +080074c8 : + +__weak void HAL_SDEx_DriveTransceiver_1_8V_Callback(FlagStatus status) +{ + // unused? +} + 80074c8: 4770 bx lr + +080074ca : +{ + 80074ca: b510 push {r4, lr} + 80074cc: 3801 subs r0, #1 + 80074ce: 440a add r2, r1 + *(acc) ^= *(more); + 80074d0: f811 4b01 ldrb.w r4, [r1], #1 + 80074d4: f810 3f01 ldrb.w r3, [r0, #1]! + for(; len; len--, more++, acc++) { + 80074d8: 4291 cmp r1, r2 + *(acc) ^= *(more); + 80074da: ea83 0304 eor.w r3, r3, r4 + 80074de: 7003 strb r3, [r0, #0] + for(; len; len--, more++, acc++) { + 80074e0: d1f6 bne.n 80074d0 + } +} + 80074e2: bd10 pop {r4, pc} + +080074e4 : + +// se2_write1() +// + static bool +se2_write1(uint8_t cmd, uint8_t arg) +{ + 80074e4: b51f push {r0, r1, r2, r3, r4, lr} + uint8_t data[3] = { cmd, 1, arg }; + 80074e6: 2301 movs r3, #1 + 80074e8: f88d 300d strb.w r3, [sp, #13] + + HAL_StatusTypeDef rv = HAL_I2C_Master_Transmit(&i2c_port, I2C_ADDR, + 80074ec: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + uint8_t data[3] = { cmd, 1, arg }; + 80074f0: f88d 000c strb.w r0, [sp, #12] + 80074f4: f88d 100e strb.w r1, [sp, #14] + HAL_StatusTypeDef rv = HAL_I2C_Master_Transmit(&i2c_port, I2C_ADDR, + 80074f8: 9300 str r3, [sp, #0] + 80074fa: aa03 add r2, sp, #12 + 80074fc: 2303 movs r3, #3 + 80074fe: 2136 movs r1, #54 ; 0x36 + 8007500: 4804 ldr r0, [pc, #16] ; (8007514 ) + 8007502: f004 fb77 bl 800bbf4 + data, sizeof(data), HAL_MAX_DELAY); + + return (rv != HAL_OK); +} + 8007506: 3800 subs r0, #0 + 8007508: bf18 it ne + 800750a: 2001 movne r0, #1 + 800750c: b005 add sp, #20 + 800750e: f85d fb04 ldr.w pc, [sp], #4 + 8007512: bf00 nop + 8007514: 2009e3f0 .word 0x2009e3f0 + +08007518 : + +// se2_write2() +// + static bool +se2_write2(uint8_t cmd, uint8_t arg1, uint8_t arg2) +{ + 8007518: b51f push {r0, r1, r2, r3, r4, lr} + uint8_t data[4] = { cmd, 2, arg1, arg2 }; + 800751a: 2302 movs r3, #2 + 800751c: f88d 300d strb.w r3, [sp, #13] + + HAL_StatusTypeDef rv = HAL_I2C_Master_Transmit(&i2c_port, I2C_ADDR, + 8007520: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + uint8_t data[4] = { cmd, 2, arg1, arg2 }; + 8007524: f88d 000c strb.w r0, [sp, #12] + 8007528: f88d 100e strb.w r1, [sp, #14] + 800752c: f88d 200f strb.w r2, [sp, #15] + HAL_StatusTypeDef rv = HAL_I2C_Master_Transmit(&i2c_port, I2C_ADDR, + 8007530: 9300 str r3, [sp, #0] + 8007532: aa03 add r2, sp, #12 + 8007534: 2304 movs r3, #4 + 8007536: 2136 movs r1, #54 ; 0x36 + 8007538: 4804 ldr r0, [pc, #16] ; (800754c ) + 800753a: f004 fb5b bl 800bbf4 + data, sizeof(data), HAL_MAX_DELAY); + + return (rv != HAL_OK); +} + 800753e: 3800 subs r0, #0 + 8007540: bf18 it ne + 8007542: 2001 movne r0, #1 + 8007544: b005 add sp, #20 + 8007546: f85d fb04 ldr.w pc, [sp], #4 + 800754a: bf00 nop + 800754c: 2009e3f0 .word 0x2009e3f0 + +08007550 : + +// se2_write_n() +// + static bool +se2_write_n(uint8_t cmd, uint8_t *param1, const uint8_t *data_in, uint8_t len) +{ + 8007550: b5f0 push {r4, r5, r6, r7, lr} + 8007552: 460d mov r5, r1 + uint8_t data[2 + (param1?1:0) + len], *p = data; + 8007554: 2d00 cmp r5, #0 + 8007556: bf14 ite ne + 8007558: 2403 movne r4, #3 + 800755a: 2402 moveq r4, #2 + 800755c: 441c add r4, r3 +{ + 800755e: 4611 mov r1, r2 + uint8_t data[2 + (param1?1:0) + len], *p = data; + 8007560: f104 0207 add.w r2, r4, #7 +{ + 8007564: b083 sub sp, #12 + uint8_t data[2 + (param1?1:0) + len], *p = data; + 8007566: f402 727e and.w r2, r2, #1016 ; 0x3f8 +{ + 800756a: af02 add r7, sp, #8 + uint8_t data[2 + (param1?1:0) + len], *p = data; + 800756c: ebad 0d02 sub.w sp, sp, r2 + 8007570: ae02 add r6, sp, #8 + + *(p++) = cmd; + *(p++) = sizeof(data) - 2; + 8007572: f1a4 0202 sub.w r2, r4, #2 + *(p++) = cmd; + 8007576: f88d 0008 strb.w r0, [sp, #8] + *(p++) = sizeof(data) - 2; + 800757a: 7072 strb r2, [r6, #1] + if(param1) { + *(p++) = *param1; + 800757c: bf1b ittet ne + 800757e: 782a ldrbne r2, [r5, #0] + 8007580: 70b2 strbne r2, [r6, #2] + *(p++) = sizeof(data) - 2; + 8007582: f10d 000a addeq.w r0, sp, #10 + *(p++) = *param1; + 8007586: f10d 000b addne.w r0, sp, #11 + } + if(len) { + 800758a: b113 cbz r3, 8007592 + memcpy(p, data_in, len); + 800758c: 461a mov r2, r3 + 800758e: f006 f9ab bl 800d8e8 + } + + HAL_StatusTypeDef rv = HAL_I2C_Master_Transmit(&i2c_port, I2C_ADDR, + 8007592: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 8007596: 9300 str r3, [sp, #0] + 8007598: 4632 mov r2, r6 + 800759a: 4623 mov r3, r4 + 800759c: 2136 movs r1, #54 ; 0x36 + 800759e: 4804 ldr r0, [pc, #16] ; (80075b0 ) + 80075a0: f004 fb28 bl 800bbf4 + data, sizeof(data), HAL_MAX_DELAY); + + return (rv != HAL_OK); +} + 80075a4: 3800 subs r0, #0 + 80075a6: bf18 it ne + 80075a8: 2001 movne r0, #1 + 80075aa: 3704 adds r7, #4 + 80075ac: 46bd mov sp, r7 + 80075ae: bdf0 pop {r4, r5, r6, r7, pc} + 80075b0: 2009e3f0 .word 0x2009e3f0 + +080075b4 : + +// rng_for_uECC() +// + static int +rng_for_uECC(uint8_t *dest, unsigned size) +{ + 80075b4: b508 push {r3, lr} + 'dest' was filled with random data, or 0 if the random data could not be generated. + The filled-in values should be either truly random, or from a cryptographically-secure PRNG. + + typedef int (*uECC_RNG_Function)(uint8_t *dest, unsigned size); + */ + rng_buffer(dest, size); + 80075b6: f7fb f9a3 bl 8002900 + + return 1; +} + 80075ba: 2001 movs r0, #1 + 80075bc: bd08 pop {r3, pc} + ... + +080075c0 : +{ + 80075c0: b508 push {r3, lr} + 80075c2: 4602 mov r2, r0 + CALL_CHECK(se2_write_n(0x87, NULL, data, len)); + 80075c4: b2cb uxtb r3, r1 + 80075c6: 2087 movs r0, #135 ; 0x87 + 80075c8: 2100 movs r1, #0 + 80075ca: f7ff ffc1 bl 8007550 + 80075ce: b118 cbz r0, 80075d8 + 80075d0: 4802 ldr r0, [pc, #8] ; (80075dc ) + 80075d2: 21c1 movs r1, #193 ; 0xc1 + 80075d4: f006 f9a4 bl 800d920 +} + 80075d8: bd08 pop {r3, pc} + 80075da: bf00 nop + 80075dc: 2009e394 .word 0x2009e394 + +080075e0 : +{ + 80075e0: e92d 43f7 stmdb sp!, {r0, r1, r2, r4, r5, r6, r7, r8, r9, lr} + HAL_StatusTypeDef rv = HAL_I2C_Master_Receive(&i2c_port, I2C_ADDR, rx, len, HAL_MAX_DELAY); + 80075e4: f8df 9044 ldr.w r9, [pc, #68] ; 800762c +{ + 80075e8: 4604 mov r4, r0 + 80075ea: 460d mov r5, r1 + 80075ec: f44f 7696 mov.w r6, #300 ; 0x12c + HAL_StatusTypeDef rv = HAL_I2C_Master_Receive(&i2c_port, I2C_ADDR, rx, len, HAL_MAX_DELAY); + 80075f0: b287 uxth r7, r0 + 80075f2: f04f 38ff mov.w r8, #4294967295 ; 0xffffffff + 80075f6: f8cd 8000 str.w r8, [sp] + 80075fa: 463b mov r3, r7 + 80075fc: 462a mov r2, r5 + 80075fe: 2136 movs r1, #54 ; 0x36 + 8007600: 4648 mov r0, r9 + 8007602: f004 fbab bl 800bd5c + if(rv == HAL_OK) { + 8007606: b938 cbnz r0, 8007618 + if(rx[0] != len-1) { + 8007608: 782b ldrb r3, [r5, #0] + 800760a: 3c01 subs r4, #1 + 800760c: 42a3 cmp r3, r4 + 800760e: d10a bne.n 8007626 + return rx[1]; + 8007610: 7868 ldrb r0, [r5, #1] +} + 8007612: b003 add sp, #12 + 8007614: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + delay_ms(1); + 8007618: 2001 movs r0, #1 + 800761a: f7fc fa45 bl 8003aa8 + for(int tries=0; tries<300; tries++) { + 800761e: 3e01 subs r6, #1 + 8007620: d1e9 bne.n 80075f6 + return RC_NO_ACK; + 8007622: 200f movs r0, #15 + 8007624: e7f5 b.n 8007612 + return RC_WRONG_SIZE; + 8007626: 201f movs r0, #31 + 8007628: e7f3 b.n 8007612 + 800762a: bf00 nop + 800762c: 2009e3f0 .word 0x2009e3f0 + +08007630 : +{ + 8007630: b507 push {r0, r1, r2, lr} + return se2_read_n(2, rx); + 8007632: 2002 movs r0, #2 + 8007634: a901 add r1, sp, #4 + 8007636: f7ff ffd3 bl 80075e0 +} + 800763a: b003 add sp, #12 + 800763c: f85d fb04 ldr.w pc, [sp], #4 + +08007640 : +{ + 8007640: b507 push {r0, r1, r2, lr} + CALL_CHECK(se2_write_n(0x96, &page_num, data, 32)); + 8007642: 2320 movs r3, #32 +{ + 8007644: 460a mov r2, r1 + 8007646: f88d 0007 strb.w r0, [sp, #7] + CALL_CHECK(se2_write_n(0x96, &page_num, data, 32)); + 800764a: f10d 0107 add.w r1, sp, #7 + 800764e: 2096 movs r0, #150 ; 0x96 + 8007650: f7ff ff7e bl 8007550 + 8007654: b118 cbz r0, 800765e + 8007656: 21cb movs r1, #203 ; 0xcb + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 8007658: 4805 ldr r0, [pc, #20] ; (8007670 ) + 800765a: f006 f961 bl 800d920 + 800765e: f7ff ffe7 bl 8007630 + 8007662: 28aa cmp r0, #170 ; 0xaa + 8007664: d001 beq.n 800766a + 8007666: 21cd movs r1, #205 ; 0xcd + 8007668: e7f6 b.n 8007658 +} + 800766a: b003 add sp, #12 + 800766c: f85d fb04 ldr.w pc, [sp], #4 + 8007670: 2009e394 .word 0x2009e394 + +08007674 : + ASSERT(pubkey_num < 2); + 8007674: 2801 cmp r0, #1 +{ + 8007676: b508 push {r3, lr} + ASSERT(pubkey_num < 2); + 8007678: d902 bls.n 8007680 + 800767a: 480a ldr r0, [pc, #40] ; (80076a4 ) + 800767c: f7f9 f9ee bl 8000a5c + CALL_CHECK(se2_write1(0xcb, (wpe <<6) | pubkey_num)); + 8007680: ea40 1181 orr.w r1, r0, r1, lsl #6 + 8007684: b2c9 uxtb r1, r1 + 8007686: 20cb movs r0, #203 ; 0xcb + 8007688: f7ff ff2c bl 80074e4 + 800768c: b118 cbz r0, 8007696 + 800768e: 21d9 movs r1, #217 ; 0xd9 + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 8007690: 4805 ldr r0, [pc, #20] ; (80076a8 ) + 8007692: f006 f945 bl 800d920 + 8007696: f7ff ffcb bl 8007630 + 800769a: 28aa cmp r0, #170 ; 0xaa + 800769c: d001 beq.n 80076a2 + 800769e: 21db movs r1, #219 ; 0xdb + 80076a0: e7f6 b.n 8007690 +} + 80076a2: bd08 pop {r3, pc} + 80076a4: 08010470 .word 0x08010470 + 80076a8: 2009e394 .word 0x2009e394 + +080076ac : +{ + 80076ac: b570 push {r4, r5, r6, lr} + 80076ae: b0dc sub sp, #368 ; 0x170 + 80076b0: 460d mov r5, r1 + 80076b2: f88d 0007 strb.w r0, [sp, #7] + rng_buffer(chal, sizeof(chal)); + 80076b6: 2120 movs r1, #32 + 80076b8: a802 add r0, sp, #8 +{ + 80076ba: 4616 mov r6, r2 + 80076bc: 461c mov r4, r3 + rng_buffer(chal, sizeof(chal)); + 80076be: f7fb f91f bl 8002900 + se2_write_buffer(chal, sizeof(chal)); + 80076c2: 2120 movs r1, #32 + 80076c4: a802 add r0, sp, #8 + 80076c6: f7ff ff7b bl 80075c0 + CALL_CHECK(se2_write1(0xa5, (keynum<<5) | page_num)); + 80076ca: f89d 3007 ldrb.w r3, [sp, #7] + 80076ce: ea43 1146 orr.w r1, r3, r6, lsl #5 + 80076d2: b2c9 uxtb r1, r1 + 80076d4: 20a5 movs r0, #165 ; 0xa5 + 80076d6: f7ff ff05 bl 80074e4 + 80076da: b118 cbz r0, 80076e4 + 80076dc: 21eb movs r1, #235 ; 0xeb + CHECK_RIGHT(se2_read_n(sizeof(check), check) == RC_SUCCESS); + 80076de: 481e ldr r0, [pc, #120] ; (8007758 ) + 80076e0: f006 f91e bl 800d920 + 80076e4: a912 add r1, sp, #72 ; 0x48 + 80076e6: 2022 movs r0, #34 ; 0x22 + 80076e8: f7ff ff7a bl 80075e0 + 80076ec: 28aa cmp r0, #170 ; 0xaa + 80076ee: d001 beq.n 80076f4 + 80076f0: 21ee movs r1, #238 ; 0xee + 80076f2: e7f4 b.n 80076de + hmac_sha256_init(&ctx); + 80076f4: a81b add r0, sp, #108 ; 0x6c + 80076f6: f7fe f8cf bl 8005898 + hmac_sha256_update(&ctx, SE2_SECRETS->romid, 8); + 80076fa: 4b18 ldr r3, [pc, #96] ; (800775c ) + 80076fc: 4918 ldr r1, [pc, #96] ; (8007760 ) + 80076fe: f893 20b0 ldrb.w r2, [r3, #176] ; 0xb0 + 8007702: 33b0 adds r3, #176 ; 0xb0 + 8007704: 2aff cmp r2, #255 ; 0xff + 8007706: bf18 it ne + 8007708: 4619 movne r1, r3 + 800770a: a81b add r0, sp, #108 ; 0x6c + 800770c: 2208 movs r2, #8 + 800770e: 3160 adds r1, #96 ; 0x60 + 8007710: f7fe f8c8 bl 80058a4 + hmac_sha256_update(&ctx, data, 32); + 8007714: 4629 mov r1, r5 + 8007716: a81b add r0, sp, #108 ; 0x6c + 8007718: 2220 movs r2, #32 + 800771a: f7fe f8c3 bl 80058a4 + hmac_sha256_update(&ctx, chal, 32); + 800771e: a902 add r1, sp, #8 + 8007720: a81b add r0, sp, #108 ; 0x6c + 8007722: 2220 movs r2, #32 + 8007724: f7fe f8be bl 80058a4 + hmac_sha256_update(&ctx, &page_num, 1); + 8007728: f10d 0107 add.w r1, sp, #7 + 800772c: a81b add r0, sp, #108 ; 0x6c + 800772e: 2201 movs r2, #1 + 8007730: f7fe f8b8 bl 80058a4 + hmac_sha256_update(&ctx, DEV_MANID, 2); + 8007734: a81b add r0, sp, #108 ; 0x6c + 8007736: 490b ldr r1, [pc, #44] ; (8007764 ) + 8007738: 2202 movs r2, #2 + 800773a: f7fe f8b3 bl 80058a4 + hmac_sha256_final(&ctx, secret, expect); + 800773e: aa0a add r2, sp, #40 ; 0x28 + 8007740: 4621 mov r1, r4 + 8007742: a81b add r0, sp, #108 ; 0x6c + 8007744: f7fe f8c4 bl 80058d0 + return check_equal(expect, check+2, 32); + 8007748: 2220 movs r2, #32 + 800774a: f10d 014a add.w r1, sp, #74 ; 0x4a + 800774e: a80a add r0, sp, #40 ; 0x28 + 8007750: f7fb f887 bl 8002862 +} + 8007754: b05c add sp, #368 ; 0x170 + 8007756: bd70 pop {r4, r5, r6, pc} + 8007758: 2009e394 .word 0x2009e394 + 800775c: 0801c000 .word 0x0801c000 + 8007760: 2009e2b4 .word 0x2009e2b4 + 8007764: 08010ac0 .word 0x08010ac0 + +08007768 : +{ + 8007768: b570 push {r4, r5, r6, lr} + 800776a: 4604 mov r4, r0 + 800776c: b08a sub sp, #40 ; 0x28 + 800776e: 460d mov r5, r1 + CALL_CHECK(se2_write1(0x69, page_num)); + 8007770: 4601 mov r1, r0 + 8007772: 2069 movs r0, #105 ; 0x69 +{ + 8007774: 4616 mov r6, r2 + CALL_CHECK(se2_write1(0x69, page_num)); + 8007776: f7ff feb5 bl 80074e4 + 800777a: b120 cbz r0, 8007786 + 800777c: f44f 7185 mov.w r1, #266 ; 0x10a + CHECK_RIGHT(se2_read_n(sizeof(rx), rx) == RC_SUCCESS); + 8007780: 481c ldr r0, [pc, #112] ; (80077f4 ) + 8007782: f006 f8cd bl 800d920 + 8007786: a901 add r1, sp, #4 + 8007788: 2022 movs r0, #34 ; 0x22 + 800778a: f7ff ff29 bl 80075e0 + 800778e: 28aa cmp r0, #170 ; 0xaa + 8007790: d002 beq.n 8007798 + 8007792: f240 110d movw r1, #269 ; 0x10d + 8007796: e7f3 b.n 8007780 + CHECK_RIGHT(rx[0] == 33); + 8007798: f89d 3004 ldrb.w r3, [sp, #4] + 800779c: 2b21 cmp r3, #33 ; 0x21 + 800779e: d002 beq.n 80077a6 + 80077a0: f240 110f movw r1, #271 ; 0x10f + 80077a4: e7ec b.n 8007780 + CHECK_RIGHT(rx[1] == RC_SUCCESS); + 80077a6: f89d 3005 ldrb.w r3, [sp, #5] + 80077aa: 2baa cmp r3, #170 ; 0xaa + 80077ac: d002 beq.n 80077b4 + 80077ae: f44f 7188 mov.w r1, #272 ; 0x110 + 80077b2: e7e5 b.n 8007780 + memcpy(data, rx+2, 32); + 80077b4: f10d 0306 add.w r3, sp, #6 + 80077b8: 462a mov r2, r5 + 80077ba: f10d 0126 add.w r1, sp, #38 ; 0x26 + 80077be: f853 0b04 ldr.w r0, [r3], #4 + 80077c2: f842 0b04 str.w r0, [r2], #4 + 80077c6: 428b cmp r3, r1 + 80077c8: d1f9 bne.n 80077be + if(!verify) return; + 80077ca: b186 cbz r6, 80077ee + CHECK_RIGHT(se2_verify_page(page_num, data, 0, SE2_SECRETS->pairing)); + 80077cc: 4b0a ldr r3, [pc, #40] ; (80077f8 ) + 80077ce: 4a0b ldr r2, [pc, #44] ; (80077fc ) + 80077d0: f893 10b0 ldrb.w r1, [r3, #176] ; 0xb0 + 80077d4: 4b0a ldr r3, [pc, #40] ; (8007800 ) + 80077d6: 4620 mov r0, r4 + 80077d8: 29ff cmp r1, #255 ; 0xff + 80077da: bf18 it ne + 80077dc: 4613 movne r3, r2 + 80077de: 2200 movs r2, #0 + 80077e0: 4629 mov r1, r5 + 80077e2: f7ff ff63 bl 80076ac + 80077e6: b910 cbnz r0, 80077ee + 80077e8: f44f 718b mov.w r1, #278 ; 0x116 + 80077ec: e7c8 b.n 8007780 +} + 80077ee: b00a add sp, #40 ; 0x28 + 80077f0: bd70 pop {r4, r5, r6, pc} + 80077f2: bf00 nop + 80077f4: 2009e394 .word 0x2009e394 + 80077f8: 0801c000 .word 0x0801c000 + 80077fc: 0801c0b0 .word 0x0801c0b0 + 8007800: 2009e2b4 .word 0x2009e2b4 + +08007804 : +{ + 8007804: b570 push {r4, r5, r6, lr} + 8007806: b0d6 sub sp, #344 ; 0x158 + 8007808: 461e mov r6, r3 + ASSERT((keynum == 0) || (keynum == 2)); + 800780a: f032 0302 bics.w r3, r2, #2 +{ + 800780e: 460c mov r4, r1 + 8007810: 4615 mov r5, r2 + 8007812: f88d 0007 strb.w r0, [sp, #7] + ASSERT((keynum == 0) || (keynum == 2)); + 8007816: d002 beq.n 800781e + 8007818: 4831 ldr r0, [pc, #196] ; (80078e0 ) + 800781a: f7f9 f91f bl 8000a5c + CALL_CHECK(se2_write1(0x4b, (keynum << 6) | page_num)); + 800781e: f89d 1007 ldrb.w r1, [sp, #7] + 8007822: ea41 1182 orr.w r1, r1, r2, lsl #6 + 8007826: b2c9 uxtb r1, r1 + 8007828: 204b movs r0, #75 ; 0x4b + 800782a: f7ff fe5b bl 80074e4 + 800782e: b120 cbz r0, 800783a + 8007830: f44f 71b3 mov.w r1, #358 ; 0x166 + CHECK_RIGHT(se2_read_n(sizeof(rx), rx) == RC_SUCCESS); + 8007834: 482b ldr r0, [pc, #172] ; (80078e4 ) + 8007836: f006 f873 bl 800d920 + 800783a: a90a add r1, sp, #40 ; 0x28 + 800783c: 202a movs r0, #42 ; 0x2a + 800783e: f7ff fecf bl 80075e0 + 8007842: 28aa cmp r0, #170 ; 0xaa + 8007844: d002 beq.n 800784c + 8007846: f240 1169 movw r1, #361 ; 0x169 + 800784a: e7f3 b.n 8007834 + CHECK_RIGHT(rx[1] == RC_SUCCESS); + 800784c: f89d 3029 ldrb.w r3, [sp, #41] ; 0x29 + 8007850: 2baa cmp r3, #170 ; 0xaa + 8007852: d002 beq.n 800785a + 8007854: f240 116b movw r1, #363 ; 0x16b + 8007858: e7ec b.n 8007834 + memcpy(data, rx+2+8, 32); + 800785a: f10d 0332 add.w r3, sp, #50 ; 0x32 + 800785e: 4622 mov r2, r4 + 8007860: f10d 0152 add.w r1, sp, #82 ; 0x52 + 8007864: f853 0b04 ldr.w r0, [r3], #4 + 8007868: f842 0b04 str.w r0, [r2], #4 + 800786c: 428b cmp r3, r1 + 800786e: d1f9 bne.n 8007864 + hmac_sha256_init(&ctx); + 8007870: a815 add r0, sp, #84 ; 0x54 + 8007872: f7fe f811 bl 8005898 + hmac_sha256_update(&ctx, chal, 8); + 8007876: 2208 movs r2, #8 + 8007878: f10d 012a add.w r1, sp, #42 ; 0x2a + 800787c: a815 add r0, sp, #84 ; 0x54 + 800787e: f7fe f811 bl 80058a4 + hmac_sha256_update(&ctx, SE2_SECRETS->romid, 8); + 8007882: 4b19 ldr r3, [pc, #100] ; (80078e8 ) + 8007884: 4919 ldr r1, [pc, #100] ; (80078ec ) + 8007886: f893 20b0 ldrb.w r2, [r3, #176] ; 0xb0 + 800788a: 33b0 adds r3, #176 ; 0xb0 + 800788c: 2aff cmp r2, #255 ; 0xff + 800788e: bf18 it ne + 8007890: 4619 movne r1, r3 + 8007892: 3160 adds r1, #96 ; 0x60 + 8007894: 2208 movs r2, #8 + 8007896: a815 add r0, sp, #84 ; 0x54 + 8007898: f7fe f804 bl 80058a4 + hmac_sha256_update(&ctx, &page_num, 1); + 800789c: 2201 movs r2, #1 + 800789e: f10d 0107 add.w r1, sp, #7 + 80078a2: a815 add r0, sp, #84 ; 0x54 + 80078a4: f7fd fffe bl 80058a4 + hmac_sha256_update(&ctx, DEV_MANID, 2); + 80078a8: 4911 ldr r1, [pc, #68] ; (80078f0 ) + 80078aa: 2202 movs r2, #2 + 80078ac: a815 add r0, sp, #84 ; 0x54 + 80078ae: f7fd fff9 bl 80058a4 + hmac_sha256_final(&ctx, secret, otp); + 80078b2: aa02 add r2, sp, #8 + 80078b4: 4631 mov r1, r6 + 80078b6: a815 add r0, sp, #84 ; 0x54 + 80078b8: f7fe f80a bl 80058d0 + xor_mixin(data, otp, 32); + 80078bc: 2220 movs r2, #32 + 80078be: a902 add r1, sp, #8 + 80078c0: 4620 mov r0, r4 + 80078c2: f7ff fe02 bl 80074ca + CHECK_RIGHT(se2_verify_page(page_num, data, keynum, secret)); + 80078c6: f89d 0007 ldrb.w r0, [sp, #7] + 80078ca: 4633 mov r3, r6 + 80078cc: 462a mov r2, r5 + 80078ce: 4621 mov r1, r4 + 80078d0: f7ff feec bl 80076ac + 80078d4: b910 cbnz r0, 80078dc + 80078d6: f44f 71c0 mov.w r1, #384 ; 0x180 + 80078da: e7ab b.n 8007834 +} + 80078dc: b056 add sp, #344 ; 0x158 + 80078de: bd70 pop {r4, r5, r6, pc} + 80078e0: 08010470 .word 0x08010470 + 80078e4: 2009e394 .word 0x2009e394 + 80078e8: 0801c000 .word 0x0801c000 + 80078ec: 2009e2b4 .word 0x2009e2b4 + 80078f0: 08010ac0 .word 0x08010ac0 + +080078f4 : +{ + 80078f4: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 80078f8: 460e mov r6, r1 + ASSERT((keynum == 0) || (keynum == 2)); + 80078fa: f032 0102 bics.w r1, r2, #2 +{ + 80078fe: b0e4 sub sp, #400 ; 0x190 + 8007900: 4604 mov r4, r0 + 8007902: 4617 mov r7, r2 + 8007904: 4698 mov r8, r3 + ASSERT((keynum == 0) || (keynum == 2)); + 8007906: d002 beq.n 800790e + 8007908: 4849 ldr r0, [pc, #292] ; (8007a30 ) + 800790a: f7f9 f8a7 bl 8000a5c + se2_read_encrypted(page_num, old_data, keynum, secret); + 800790e: a901 add r1, sp, #4 + 8007910: f7ff ff78 bl 8007804 + uint8_t PGDV = page_num | 0x80; + 8007914: f064 037f orn r3, r4, #127 ; 0x7f + rng_buffer(&chal_check[32], 8); + 8007918: 2108 movs r1, #8 + 800791a: a821 add r0, sp, #132 ; 0x84 + uint8_t PGDV = page_num | 0x80; + 800791c: f88d 3002 strb.w r3, [sp, #2] + rng_buffer(&chal_check[32], 8); + 8007920: f7fa ffee bl 8002900 + hmac_sha256_init(&ctx); + 8007924: a823 add r0, sp, #140 ; 0x8c + 8007926: f7fd ffb7 bl 8005898 + hmac_sha256_update(&ctx, &chal_check[32], 8); + 800792a: 2208 movs r2, #8 + 800792c: a921 add r1, sp, #132 ; 0x84 + 800792e: a823 add r0, sp, #140 ; 0x8c + 8007930: f7fd ffb8 bl 80058a4 + hmac_sha256_update(&ctx, SE2_SECRETS->romid, 8); + 8007934: 4b3f ldr r3, [pc, #252] ; (8007a34 ) + 8007936: 4940 ldr r1, [pc, #256] ; (8007a38 ) + 8007938: f893 20b0 ldrb.w r2, [r3, #176] ; 0xb0 + 800793c: 33b0 adds r3, #176 ; 0xb0 + 800793e: 2aff cmp r2, #255 ; 0xff + 8007940: bf18 it ne + 8007942: 4619 movne r1, r3 + 8007944: 3160 adds r1, #96 ; 0x60 + 8007946: 2208 movs r2, #8 + 8007948: a823 add r0, sp, #140 ; 0x8c + 800794a: f7fd ffab bl 80058a4 + hmac_sha256_update(&ctx, &PGDV, 1); + 800794e: 2201 movs r2, #1 + 8007950: f10d 0102 add.w r1, sp, #2 + 8007954: a823 add r0, sp, #140 ; 0x8c + 8007956: f7fd ffa5 bl 80058a4 + hmac_sha256_update(&ctx, DEV_MANID, 2); + 800795a: 4938 ldr r1, [pc, #224] ; (8007a3c ) + 800795c: 2202 movs r2, #2 + 800795e: a823 add r0, sp, #140 ; 0x8c + 8007960: f7fd ffa0 bl 80058a4 + ASSERT(ctx.num_pending == 19); + 8007964: 9b63 ldr r3, [sp, #396] ; 0x18c + 8007966: 2b13 cmp r3, #19 + 8007968: d1ce bne.n 8007908 + hmac_sha256_final(&ctx, secret, otp); + 800796a: aa09 add r2, sp, #36 ; 0x24 + 800796c: 4641 mov r1, r8 + 800796e: a823 add r0, sp, #140 ; 0x8c + 8007970: f7fd ffae bl 80058d0 + memcpy(tmp, data, 32); + 8007974: 4635 mov r5, r6 + 8007976: aa11 add r2, sp, #68 ; 0x44 + 8007978: f106 0c20 add.w ip, r6, #32 + 800797c: 6828 ldr r0, [r5, #0] + 800797e: 6869 ldr r1, [r5, #4] + 8007980: 4613 mov r3, r2 + 8007982: c303 stmia r3!, {r0, r1} + 8007984: 3508 adds r5, #8 + 8007986: 4565 cmp r5, ip + 8007988: 461a mov r2, r3 + 800798a: d1f7 bne.n 800797c + xor_mixin(tmp, otp, 32); + 800798c: 2220 movs r2, #32 + 800798e: a909 add r1, sp, #36 ; 0x24 + 8007990: a811 add r0, sp, #68 ; 0x44 + 8007992: f7ff fd9a bl 80074ca + hmac_sha256_init(&ctx); + 8007996: a823 add r0, sp, #140 ; 0x8c + 8007998: f7fd ff7e bl 8005898 + hmac_sha256_update(&ctx, SE2_SECRETS->romid, 8); + 800799c: 4b25 ldr r3, [pc, #148] ; (8007a34 ) + 800799e: 4926 ldr r1, [pc, #152] ; (8007a38 ) + 80079a0: f893 20b0 ldrb.w r2, [r3, #176] ; 0xb0 + 80079a4: 33b0 adds r3, #176 ; 0xb0 + 80079a6: 2aff cmp r2, #255 ; 0xff + 80079a8: bf18 it ne + 80079aa: 4619 movne r1, r3 + 80079ac: 3160 adds r1, #96 ; 0x60 + 80079ae: 2208 movs r2, #8 + 80079b0: a823 add r0, sp, #140 ; 0x8c + 80079b2: f7fd ff77 bl 80058a4 + hmac_sha256_update(&ctx, old_data, 32); + 80079b6: 2220 movs r2, #32 + 80079b8: a901 add r1, sp, #4 + 80079ba: a823 add r0, sp, #140 ; 0x8c + 80079bc: f7fd ff72 bl 80058a4 + hmac_sha256_update(&ctx, data, 32); + 80079c0: 2220 movs r2, #32 + 80079c2: 4631 mov r1, r6 + 80079c4: a823 add r0, sp, #140 ; 0x8c + 80079c6: f7fd ff6d bl 80058a4 + hmac_sha256_update(&ctx, &PGDV, 1); + 80079ca: 2201 movs r2, #1 + 80079cc: f10d 0102 add.w r1, sp, #2 + 80079d0: a823 add r0, sp, #140 ; 0x8c + 80079d2: f7fd ff67 bl 80058a4 + hmac_sha256_update(&ctx, DEV_MANID, 2); + 80079d6: 4919 ldr r1, [pc, #100] ; (8007a3c ) + 80079d8: 2202 movs r2, #2 + 80079da: a823 add r0, sp, #140 ; 0x8c + 80079dc: f7fd ff62 bl 80058a4 + ASSERT(ctx.num_pending == 75); + 80079e0: 9b63 ldr r3, [sp, #396] ; 0x18c + 80079e2: 2b4b cmp r3, #75 ; 0x4b + 80079e4: d190 bne.n 8007908 + hmac_sha256_final(&ctx, secret, chal_check); + 80079e6: aa19 add r2, sp, #100 ; 0x64 + 80079e8: 4641 mov r1, r8 + 80079ea: a823 add r0, sp, #140 ; 0x8c + 80079ec: f7fd ff70 bl 80058d0 + se2_write_buffer(chal_check, sizeof(chal_check)); + 80079f0: 2128 movs r1, #40 ; 0x28 + 80079f2: a819 add r0, sp, #100 ; 0x64 + 80079f4: f7ff fde4 bl 80075c0 + uint8_t pn = (keynum << 6) | page_num; + 80079f8: ea44 1487 orr.w r4, r4, r7, lsl #6 + CALL_CHECK(se2_write_n(0x99, &pn, tmp, 32)); + 80079fc: 2320 movs r3, #32 + 80079fe: aa11 add r2, sp, #68 ; 0x44 + 8007a00: f10d 0103 add.w r1, sp, #3 + 8007a04: 2099 movs r0, #153 ; 0x99 + uint8_t pn = (keynum << 6) | page_num; + 8007a06: f88d 4003 strb.w r4, [sp, #3] + CALL_CHECK(se2_write_n(0x99, &pn, tmp, 32)); + 8007a0a: f7ff fda1 bl 8007550 + 8007a0e: b120 cbz r0, 8007a1a + 8007a10: f44f 71aa mov.w r1, #340 ; 0x154 + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 8007a14: 480a ldr r0, [pc, #40] ; (8007a40 ) + 8007a16: f005 ff83 bl 800d920 + 8007a1a: f7ff fe09 bl 8007630 + 8007a1e: 28aa cmp r0, #170 ; 0xaa + 8007a20: d002 beq.n 8007a28 + 8007a22: f44f 71ab mov.w r1, #342 ; 0x156 + 8007a26: e7f5 b.n 8007a14 +} + 8007a28: b064 add sp, #400 ; 0x190 + 8007a2a: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + 8007a2e: bf00 nop + 8007a30: 08010470 .word 0x08010470 + 8007a34: 0801c000 .word 0x0801c000 + 8007a38: 2009e2b4 .word 0x2009e2b4 + 8007a3c: 08010ac0 .word 0x08010ac0 + 8007a40: 2009e394 .word 0x2009e394 + +08007a44 : +{ + 8007a44: b508 push {r3, lr} + 8007a46: 4601 mov r1, r0 + CALL_CHECK(se2_write1(0xaa, page_num)); + 8007a48: 20aa movs r0, #170 ; 0xaa + 8007a4a: f7ff fd4b bl 80074e4 + 8007a4e: b120 cbz r0, 8007a5a + 8007a50: 4804 ldr r0, [pc, #16] ; (8007a64 ) + 8007a52: f240 118b movw r1, #395 ; 0x18b + 8007a56: f005 ff63 bl 800d920 +} + 8007a5a: e8bd 4008 ldmia.w sp!, {r3, lr} + return se2_read1(); + 8007a5e: f7ff bde7 b.w 8007630 + 8007a62: bf00 nop + 8007a64: 2009e394 .word 0x2009e394 + +08007a68 : +{ + 8007a68: b538 push {r3, r4, r5, lr} + 8007a6a: 460c mov r4, r1 + 8007a6c: 4605 mov r5, r0 + if(se2_get_protection(page_num) == flags) { + 8007a6e: f7ff ffe9 bl 8007a44 + 8007a72: 42a0 cmp r0, r4 + 8007a74: d011 beq.n 8007a9a + CALL_CHECK(se2_write2(0xc3, page_num, flags)); + 8007a76: 4622 mov r2, r4 + 8007a78: 4629 mov r1, r5 + 8007a7a: 20c3 movs r0, #195 ; 0xc3 + 8007a7c: f7ff fd4c bl 8007518 + 8007a80: b120 cbz r0, 8007a8c + 8007a82: f240 119b movw r1, #411 ; 0x19b + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 8007a86: 4805 ldr r0, [pc, #20] ; (8007a9c ) + 8007a88: f005 ff4a bl 800d920 + 8007a8c: f7ff fdd0 bl 8007630 + 8007a90: 28aa cmp r0, #170 ; 0xaa + 8007a92: d002 beq.n 8007a9a + 8007a94: f240 119d movw r1, #413 ; 0x19d + 8007a98: e7f5 b.n 8007a86 +} + 8007a9a: bd38 pop {r3, r4, r5, pc} + 8007a9c: 2009e394 .word 0x2009e394 + +08007aa0 : +{ + 8007aa0: b500 push {lr} + if(setjmp(error_env)) { + 8007aa2: 4812 ldr r0, [pc, #72] ; (8007aec ) +{ + 8007aa4: b089 sub sp, #36 ; 0x24 + if(setjmp(error_env)) { + 8007aa6: f005 ff35 bl 800d914 + 8007aaa: b120 cbz r0, 8007ab6 + oled_show(screen_se2_issue); + 8007aac: 4810 ldr r0, [pc, #64] ; (8007af0 ) + 8007aae: f7f9 faf3 bl 8001098 + LOCKUP_FOREVER(); + 8007ab2: f7fc f8f3 bl 8003c9c + rng_delay(); + 8007ab6: f7fa ff39 bl 800292c + if(rom_secrets->se2.pairing[0] == 0xff) { + 8007aba: 4b0e ldr r3, [pc, #56] ; (8007af4 ) + 8007abc: f893 30b0 ldrb.w r3, [r3, #176] ; 0xb0 + 8007ac0: 2bff cmp r3, #255 ; 0xff + 8007ac2: d00f beq.n 8007ae4 + se2_read_page(PGN_ROM_OPTIONS, tmp, true); + 8007ac4: 2201 movs r2, #1 + 8007ac6: 4669 mov r1, sp + 8007ac8: 201c movs r0, #28 + 8007aca: f7ff fe4d bl 8007768 + CHECK_RIGHT(check_equal(&tmp[24], rom_secrets->se2.romid, 8)); + 8007ace: 490a ldr r1, [pc, #40] ; (8007af8 ) + 8007ad0: 2208 movs r2, #8 + 8007ad2: a806 add r0, sp, #24 + 8007ad4: f7fa fec5 bl 8002862 + 8007ad8: b920 cbnz r0, 8007ae4 + 8007ada: 4804 ldr r0, [pc, #16] ; (8007aec ) + 8007adc: f240 11b5 movw r1, #437 ; 0x1b5 + 8007ae0: f005 ff1e bl 800d920 +} + 8007ae4: b009 add sp, #36 ; 0x24 + 8007ae6: f85d fb04 ldr.w pc, [sp], #4 + 8007aea: bf00 nop + 8007aec: 2009e394 .word 0x2009e394 + 8007af0: 0800f3db .word 0x0800f3db + 8007af4: 0801c000 .word 0x0801c000 + 8007af8: 0801c110 .word 0x0801c110 + +08007afc : +{ + 8007afc: b510 push {r4, lr} + if(setjmp(error_env)) fatal_mitm(); + 8007afe: 4817 ldr r0, [pc, #92] ; (8007b5c ) +{ + 8007b00: b088 sub sp, #32 + if(setjmp(error_env)) fatal_mitm(); + 8007b02: f005 ff07 bl 800d914 + 8007b06: 4604 mov r4, r0 + 8007b08: b108 cbz r0, 8007b0e + 8007b0a: f7f8 ffb1 bl 8000a70 + uint8_t z32[32] = {0}; + 8007b0e: 221c movs r2, #28 + 8007b10: 4601 mov r1, r0 + 8007b12: 9000 str r0, [sp, #0] + 8007b14: a801 add r0, sp, #4 + 8007b16: f005 fef5 bl 800d904 + se2_write_page(PGN_PUBKEY_S+0, z32); + 8007b1a: 4669 mov r1, sp + 8007b1c: 201e movs r0, #30 + 8007b1e: f7ff fd8f bl 8007640 + se2_write_page(PGN_PUBKEY_S+1, z32); + 8007b22: 4669 mov r1, sp + 8007b24: 201f movs r0, #31 + 8007b26: f7ff fd8b bl 8007640 + se2_write_buffer(z32, 32); + 8007b2a: 2120 movs r1, #32 + 8007b2c: 4668 mov r0, sp + 8007b2e: f7ff fd47 bl 80075c0 + CALL_CHECK(se2_write2(0x3c, (2<<6), 0)); + 8007b32: 4622 mov r2, r4 + 8007b34: 2180 movs r1, #128 ; 0x80 + 8007b36: 203c movs r0, #60 ; 0x3c + 8007b38: f7ff fcee bl 8007518 + 8007b3c: b120 cbz r0, 8007b48 + 8007b3e: f240 11cd movw r1, #461 ; 0x1cd + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 8007b42: 4806 ldr r0, [pc, #24] ; (8007b5c ) + 8007b44: f005 feec bl 800d920 + 8007b48: f7ff fd72 bl 8007630 + 8007b4c: 28aa cmp r0, #170 ; 0xaa + 8007b4e: d002 beq.n 8007b56 + 8007b50: f44f 71e7 mov.w r1, #462 ; 0x1ce + 8007b54: e7f5 b.n 8007b42 +} + 8007b56: b008 add sp, #32 + 8007b58: bd10 pop {r4, pc} + 8007b5a: bf00 nop + 8007b5c: 2009e394 .word 0x2009e394 + +08007b60 : +{ + 8007b60: b570 push {r4, r5, r6, lr} + if((setjmp(error_env))) { + 8007b62: 485b ldr r0, [pc, #364] ; (8007cd0 ) +{ + 8007b64: b090 sub sp, #64 ; 0x40 + if((setjmp(error_env))) { + 8007b66: f005 fed5 bl 800d914 + 8007b6a: 4604 mov r4, r0 + 8007b6c: b120 cbz r0, 8007b78 + oled_show(screen_se2_issue); + 8007b6e: 4859 ldr r0, [pc, #356] ; (8007cd4 ) + 8007b70: f7f9 fa92 bl 8001098 + LOCKUP_FOREVER(); + 8007b74: f7fc f892 bl 8003c9c + if(rom_secrets->se2.pairing[0] != 0xff) { + 8007b78: 4b57 ldr r3, [pc, #348] ; (8007cd8 ) + 8007b7a: f893 10b0 ldrb.w r1, [r3, #176] ; 0xb0 + 8007b7e: 29ff cmp r1, #255 ; 0xff + 8007b80: f040 80a0 bne.w 8007cc4 + memset(&_tbd, 0xff, sizeof(_tbd)); + 8007b84: 4d55 ldr r5, [pc, #340] ; (8007cdc ) + 8007b86: 22e0 movs r2, #224 ; 0xe0 + 8007b88: 4628 mov r0, r5 + 8007b8a: f005 febb bl 800d904 + rng_buffer(_tbd.tpin_key, 32); + 8007b8e: 2120 movs r1, #32 + 8007b90: f105 0080 add.w r0, r5, #128 ; 0x80 + 8007b94: f7fa feb4 bl 8002900 + se2_read_page(PGN_ROM_OPTIONS, tmp, false); + 8007b98: 4622 mov r2, r4 + 8007b9a: 4669 mov r1, sp + 8007b9c: 201c movs r0, #28 + 8007b9e: f7ff fde3 bl 8007768 + ASSERT(tmp[1] == 0x00); // check ANON is not set + 8007ba2: f89d 3001 ldrb.w r3, [sp, #1] + 8007ba6: b113 cbz r3, 8007bae + 8007ba8: 484d ldr r0, [pc, #308] ; (8007ce0 ) + 8007baa: f7f8 ff57 bl 8000a5c + memcpy(_tbd.romid, tmp+24, 8); + 8007bae: ab06 add r3, sp, #24 + 8007bb0: cb03 ldmia r3!, {r0, r1} + 8007bb2: 6628 str r0, [r5, #96] ; 0x60 + 8007bb4: 6669 str r1, [r5, #100] ; 0x64 + rng_buffer(tmp, 32); + 8007bb6: 4668 mov r0, sp + 8007bb8: 2120 movs r1, #32 + 8007bba: f7fa fea1 bl 8002900 + se2_write_page(PGN_SECRET_B, tmp); + 8007bbe: 4669 mov r1, sp + 8007bc0: 201a movs r0, #26 + 8007bc2: f7ff fd3d bl 8007640 + se2_pick_keypair(0, true); + 8007bc6: 2101 movs r1, #1 + 8007bc8: 4620 mov r0, r4 + 8007bca: f7ff fd53 bl 8007674 + se2_read_page(PGN_PUBKEY_A, &_tbd.pubkey_A[0], false); + 8007bce: 4622 mov r2, r4 + 8007bd0: f105 0120 add.w r1, r5, #32 + 8007bd4: 2010 movs r0, #16 + 8007bd6: f7ff fdc7 bl 8007768 + memset(tmp, 0, 32); + 8007bda: 2620 movs r6, #32 + se2_read_page(PGN_PUBKEY_A+1, &_tbd.pubkey_A[32], false); + 8007bdc: 4622 mov r2, r4 + 8007bde: f105 0140 add.w r1, r5, #64 ; 0x40 + 8007be2: 2011 movs r0, #17 + 8007be4: f7ff fdc0 bl 8007768 + memset(tmp, 0, 32); + 8007be8: 4632 mov r2, r6 + 8007bea: 4621 mov r1, r4 + 8007bec: 4668 mov r0, sp + 8007bee: f005 fe89 bl 800d904 + se2_write_page(PGN_PRIVKEY_B, tmp); + 8007bf2: 4669 mov r1, sp + 8007bf4: 2017 movs r0, #23 + 8007bf6: f7ff fd23 bl 8007640 + se2_write_page(PGN_PRIVKEY_B+1, tmp); + 8007bfa: 4669 mov r1, sp + 8007bfc: 2018 movs r0, #24 + 8007bfe: f7ff fd1f bl 8007640 + se2_write_page(PGN_PUBKEY_B, tmp); + 8007c02: 4669 mov r1, sp + 8007c04: 2012 movs r0, #18 + 8007c06: f7ff fd1b bl 8007640 + se2_write_page(PGN_PUBKEY_B+1, tmp); + 8007c0a: 4669 mov r1, sp + 8007c0c: 2013 movs r0, #19 + 8007c0e: f7ff fd17 bl 8007640 + rng_buffer(_tbd.pairing, 32); + 8007c12: 4631 mov r1, r6 + 8007c14: 4628 mov r0, r5 + 8007c16: f7fa fe73 bl 8002900 + } while(_tbd.pairing[0] == 0xff); + 8007c1a: 782b ldrb r3, [r5, #0] + 8007c1c: 2bff cmp r3, #255 ; 0xff + 8007c1e: d0f8 beq.n 8007c12 + se2_write_page(PGN_SECRET_A, _tbd.pairing); + 8007c20: 4629 mov r1, r5 + 8007c22: 2019 movs r0, #25 + rng_buffer(tmp, 32); + 8007c24: 466d mov r5, sp + se2_write_page(PGN_SECRET_A, _tbd.pairing); + 8007c26: f7ff fd0b bl 8007640 + rng_buffer(tmp, 32); + 8007c2a: 2120 movs r1, #32 + 8007c2c: 4628 mov r0, r5 + 8007c2e: f7fa fe67 bl 8002900 + se2_write_page(PGN_SE2_EASY_KEY, tmp); + 8007c32: 4629 mov r1, r5 + 8007c34: 200e movs r0, #14 + 8007c36: f7ff fd03 bl 8007640 + memset(tmp, 0, 32); + 8007c3a: 2220 movs r2, #32 + 8007c3c: 2100 movs r1, #0 + 8007c3e: 4628 mov r0, r5 + 8007c40: f005 fe60 bl 800d904 + for(int pn=0; pn <= PGN_LAST_TRICK; pn++) { + 8007c44: 4626 mov r6, r4 + se2_write_page(pn, tmp); + 8007c46: b2f0 uxtb r0, r6 + 8007c48: 4629 mov r1, r5 + for(int pn=0; pn <= PGN_LAST_TRICK; pn++) { + 8007c4a: 3601 adds r6, #1 + se2_write_page(pn, tmp); + 8007c4c: f7ff fcf8 bl 8007640 + for(int pn=0; pn <= PGN_LAST_TRICK; pn++) { + 8007c50: 2e0e cmp r6, #14 + 8007c52: d1f8 bne.n 8007c46 + flash_save_se2_data(&_tbd); + 8007c54: 4821 ldr r0, [pc, #132] ; (8007cdc ) + 8007c56: f7fa fb63 bl 8002320 + se2_set_protection(PGN_SECRET_A, PROT_WP); + 8007c5a: 2102 movs r1, #2 + 8007c5c: 2019 movs r0, #25 + 8007c5e: f7ff ff03 bl 8007a68 + se2_set_protection(PGN_SECRET_B, PROT_WP); + 8007c62: 2102 movs r1, #2 + 8007c64: 201a movs r0, #26 + 8007c66: f7ff feff bl 8007a68 + se2_set_protection(PGN_PUBKEY_A, PROT_WP); + 8007c6a: 2102 movs r1, #2 + 8007c6c: 2010 movs r0, #16 + 8007c6e: f7ff fefb bl 8007a68 + se2_set_protection(PGN_PUBKEY_B, PROT_WP); + 8007c72: 2102 movs r1, #2 + 8007c74: 2012 movs r0, #18 + 8007c76: f7ff fef7 bl 8007a68 + se2_set_protection(PGN_SE2_EASY_KEY, PROT_EPH); + 8007c7a: 2110 movs r1, #16 + 8007c7c: 4630 mov r0, r6 + 8007c7e: f7ff fef3 bl 8007a68 + se2_set_protection(pn, PROT_EPH); + 8007c82: 2510 movs r5, #16 + 8007c84: b2e0 uxtb r0, r4 + 8007c86: 4629 mov r1, r5 + for(int pn=0; pn <= PGN_LAST_TRICK; pn++) { + 8007c88: 3401 adds r4, #1 + se2_set_protection(pn, PROT_EPH); + 8007c8a: f7ff feed bl 8007a68 + for(int pn=0; pn <= PGN_LAST_TRICK; pn++) { + 8007c8e: 2c0e cmp r4, #14 + 8007c90: d1f8 bne.n 8007c84 + se2_set_protection(PGN_ROM_OPTIONS, PROT_APH); // not planning to change + 8007c92: 2108 movs r1, #8 + 8007c94: 201c movs r0, #28 + 8007c96: f7ff fee7 bl 8007a68 + se2_read_page(PGN_DEC_COUNTER, tmp, false); + 8007c9a: 2200 movs r2, #0 + 8007c9c: a908 add r1, sp, #32 + 8007c9e: 201b movs r0, #27 + 8007ca0: f7ff fd62 bl 8007768 + if(tmp[2] == 0xff) { + 8007ca4: f89d 3022 ldrb.w r3, [sp, #34] ; 0x22 + 8007ca8: 2bff cmp r3, #255 ; 0xff + 8007caa: d10d bne.n 8007cc8 + tmp[0] = val & 0x0ff; + 8007cac: 2380 movs r3, #128 ; 0x80 + 8007cae: f88d 3020 strb.w r3, [sp, #32] + se2_write_page(PGN_DEC_COUNTER, tmp); + 8007cb2: a908 add r1, sp, #32 + tmp[1] = (val >> 8) & 0x0ff; + 8007cb4: 2300 movs r3, #0 + se2_write_page(PGN_DEC_COUNTER, tmp); + 8007cb6: 201b movs r0, #27 + tmp[1] = (val >> 8) & 0x0ff; + 8007cb8: f88d 3021 strb.w r3, [sp, #33] ; 0x21 + tmp[2] = (val >> 16) & 0x01; + 8007cbc: f88d 3022 strb.w r3, [sp, #34] ; 0x22 + se2_write_page(PGN_DEC_COUNTER, tmp); + 8007cc0: f7ff fcbe bl 8007640 +} + 8007cc4: b010 add sp, #64 ; 0x40 + 8007cc6: bd70 pop {r4, r5, r6, pc} + puts("ctr set?"); // not expected, but keep going + 8007cc8: 4806 ldr r0, [pc, #24] ; (8007ce4 ) + 8007cca: f7fd f9d3 bl 8005074 + 8007cce: e7f9 b.n 8007cc4 + 8007cd0: 2009e394 .word 0x2009e394 + 8007cd4: 0800f3db .word 0x0800f3db + 8007cd8: 0801c000 .word 0x0801c000 + 8007cdc: 2009e2b4 .word 0x2009e2b4 + 8007ce0: 08010470 .word 0x08010470 + 8007ce4: 08010aa0 .word 0x08010aa0 + +08007ce8 : +{ + 8007ce8: b510 push {r4, lr} + 8007cea: b08a sub sp, #40 ; 0x28 + 8007cec: 9001 str r0, [sp, #4] + if(setjmp(error_env)) fatal_mitm(); + 8007cee: 481e ldr r0, [pc, #120] ; (8007d68 ) + 8007cf0: f005 fe10 bl 800d914 + 8007cf4: b108 cbz r0, 8007cfa + 8007cf6: f7f8 febb bl 8000a70 + ASSERT(check_all_ones(rom_secrets->se2.auth_pubkey, 64)); + 8007cfa: 481c ldr r0, [pc, #112] ; (8007d6c ) + 8007cfc: 2140 movs r1, #64 ; 0x40 + 8007cfe: f7fa fd97 bl 8002830 + 8007d02: b910 cbnz r0, 8007d0a + 8007d04: 481a ldr r0, [pc, #104] ; (8007d70 ) + 8007d06: f7f8 fea9 bl 8000a5c + memcpy(&_tbd, &rom_secrets->se2, sizeof(_tbd)); + 8007d0a: 4c1a ldr r4, [pc, #104] ; (8007d74 ) + 8007d0c: 491a ldr r1, [pc, #104] ; (8007d78 ) + 8007d0e: 22e0 movs r2, #224 ; 0xe0 + 8007d10: 4620 mov r0, r4 + 8007d12: f005 fde9 bl 800d8e8 + rng_buffer(tmp, 32); + 8007d16: 2120 movs r1, #32 + 8007d18: a802 add r0, sp, #8 + 8007d1a: f7fa fdf1 bl 8002900 + se2_write_page(PGN_SE2_HARD_KEY, tmp); + 8007d1e: a902 add r1, sp, #8 + 8007d20: 200f movs r0, #15 + 8007d22: f7ff fc8d bl 8007640 + se2_write_page(PGN_PUBKEY_C, &pubkey[0]); + 8007d26: 9901 ldr r1, [sp, #4] + 8007d28: 2014 movs r0, #20 + 8007d2a: f7ff fc89 bl 8007640 + se2_write_page(PGN_PUBKEY_C+1, &pubkey[32]); + 8007d2e: 9b01 ldr r3, [sp, #4] + 8007d30: 2015 movs r0, #21 + 8007d32: f103 0120 add.w r1, r3, #32 + 8007d36: f7ff fc83 bl 8007640 + memcpy(_tbd.auth_pubkey, pubkey, 64); + 8007d3a: 9b01 ldr r3, [sp, #4] + 8007d3c: 34a0 adds r4, #160 ; 0xa0 + 8007d3e: f103 0240 add.w r2, r3, #64 ; 0x40 + 8007d42: f853 1b04 ldr.w r1, [r3], #4 + 8007d46: f844 1b04 str.w r1, [r4], #4 + 8007d4a: 4293 cmp r3, r2 + 8007d4c: d1f9 bne.n 8007d42 + flash_save_se2_data(&_tbd); + 8007d4e: 4809 ldr r0, [pc, #36] ; (8007d74 ) + 8007d50: f7fa fae6 bl 8002320 + se2_set_protection(PGN_SE2_HARD_KEY, PROT_WP | PROT_ECH | PROT_ECW); + 8007d54: 21c2 movs r1, #194 ; 0xc2 + 8007d56: 200f movs r0, #15 + 8007d58: f7ff fe86 bl 8007a68 + se2_set_protection(PGN_PUBKEY_C, PROT_WP | PROT_RP | PROT_AUTH); + 8007d5c: 2123 movs r1, #35 ; 0x23 + 8007d5e: 2014 movs r0, #20 + 8007d60: f7ff fe82 bl 8007a68 +} + 8007d64: b00a add sp, #40 ; 0x28 + 8007d66: bd10 pop {r4, pc} + 8007d68: 2009e394 .word 0x2009e394 + 8007d6c: 0801c150 .word 0x0801c150 + 8007d70: 08010470 .word 0x08010470 + 8007d74: 2009e2b4 .word 0x2009e2b4 + 8007d78: 0801c0b0 .word 0x0801c0b0 + +08007d7c : +{ + 8007d7c: b530 push {r4, r5, lr} + 8007d7e: 4614 mov r4, r2 + ASSERT(pin_len >= 0); // 12-12 typical, but empty = blank PIN + 8007d80: 1e0a subs r2, r1, #0 +{ + 8007d82: b0c5 sub sp, #276 ; 0x114 + 8007d84: 4605 mov r5, r0 + ASSERT(pin_len >= 0); // 12-12 typical, but empty = blank PIN + 8007d86: da02 bge.n 8007d8e + 8007d88: 4812 ldr r0, [pc, #72] ; (8007dd4 ) + 8007d8a: f7f8 fe67 bl 8000a5c + hmac_sha256_init(&ctx); + 8007d8e: a803 add r0, sp, #12 + 8007d90: 9201 str r2, [sp, #4] + 8007d92: f7fd fd81 bl 8005898 + hmac_sha256_update(&ctx, (uint8_t *)pin, pin_len); + 8007d96: 9a01 ldr r2, [sp, #4] + 8007d98: 4629 mov r1, r5 + 8007d9a: a803 add r0, sp, #12 + 8007d9c: f7fd fd82 bl 80058a4 + hmac_sha256_final(&ctx, SE2_SECRETS->tpin_key, tpin_hash); + 8007da0: 4b0d ldr r3, [pc, #52] ; (8007dd8 ) + 8007da2: 490e ldr r1, [pc, #56] ; (8007ddc ) + 8007da4: f893 20b0 ldrb.w r2, [r3, #176] ; 0xb0 + 8007da8: 33b0 adds r3, #176 ; 0xb0 + 8007daa: 2aff cmp r2, #255 ; 0xff + 8007dac: bf18 it ne + 8007dae: 4619 movne r1, r3 + 8007db0: a803 add r0, sp, #12 + 8007db2: 4622 mov r2, r4 + 8007db4: 3180 adds r1, #128 ; 0x80 + 8007db6: f7fd fd8b bl 80058d0 + sha256_single(tpin_hash, 32, tpin_hash); + 8007dba: 4622 mov r2, r4 + 8007dbc: 4620 mov r0, r4 + 8007dbe: 2120 movs r1, #32 + 8007dc0: f7fd fd4a bl 8005858 + sha256_single(tpin_hash, 32, tpin_hash); + 8007dc4: 4622 mov r2, r4 + 8007dc6: 2120 movs r1, #32 + 8007dc8: 4620 mov r0, r4 + 8007dca: f7fd fd45 bl 8005858 +} + 8007dce: b045 add sp, #276 ; 0x114 + 8007dd0: bd30 pop {r4, r5, pc} + 8007dd2: bf00 nop + 8007dd4: 08010470 .word 0x08010470 + 8007dd8: 0801c000 .word 0x0801c000 + 8007ddc: 2009e2b4 .word 0x2009e2b4 + +08007de0 : + +// p256_gen_keypair() +// + void +p256_gen_keypair(uint8_t privkey[32], uint8_t pubkey[64]) +{ + 8007de0: b538 push {r3, r4, r5, lr} + 8007de2: 4605 mov r5, r0 + uECC_set_rng(rng_for_uECC); + 8007de4: 4808 ldr r0, [pc, #32] ; (8007e08 ) +{ + 8007de6: 460c mov r4, r1 + uECC_set_rng(rng_for_uECC); + 8007de8: f7fe fef0 bl 8006bcc + + int ok = uECC_make_key(pubkey, privkey, uECC_secp256r1()); + 8007dec: f7fe fef4 bl 8006bd8 + 8007df0: 4629 mov r1, r5 + 8007df2: 4602 mov r2, r0 + 8007df4: 4620 mov r0, r4 + 8007df6: f7fe fef7 bl 8006be8 + ASSERT(ok == 1); + 8007dfa: 2801 cmp r0, #1 + 8007dfc: d002 beq.n 8007e04 + 8007dfe: 4803 ldr r0, [pc, #12] ; (8007e0c ) + 8007e00: f7f8 fe2c bl 8000a5c +} + 8007e04: bd38 pop {r3, r4, r5, pc} + 8007e06: bf00 nop + 8007e08: 080075b5 .word 0x080075b5 + 8007e0c: 08010470 .word 0x08010470 + +08007e10 : + +// ps256_ecdh() +// + void +ps256_ecdh(const uint8_t pubkey[64], const uint8_t privkey[32], uint8_t result[32]) +{ + 8007e10: b513 push {r0, r1, r4, lr} + 8007e12: 4604 mov r4, r0 + uECC_set_rng(rng_for_uECC); + 8007e14: 4809 ldr r0, [pc, #36] ; (8007e3c ) +{ + 8007e16: e9cd 2100 strd r2, r1, [sp] + uECC_set_rng(rng_for_uECC); + 8007e1a: f7fe fed7 bl 8006bcc + + int ok = uECC_shared_secret(pubkey, privkey, result, uECC_secp256r1()); + 8007e1e: f7fe fedb bl 8006bd8 + 8007e22: e9dd 2100 ldrd r2, r1, [sp] + 8007e26: 4603 mov r3, r0 + 8007e28: 4620 mov r0, r4 + 8007e2a: f7fe ff1d bl 8006c68 + ASSERT(ok == 1); + 8007e2e: 2801 cmp r0, #1 + 8007e30: d002 beq.n 8007e38 + 8007e32: 4803 ldr r0, [pc, #12] ; (8007e40 ) + 8007e34: f7f8 fe12 bl 8000a5c +} + 8007e38: b002 add sp, #8 + 8007e3a: bd10 pop {r4, pc} + 8007e3c: 080075b5 .word 0x080075b5 + 8007e40: 08010470 .word 0x08010470 + +08007e44 : + +// se2_read_hard_secret() +// + static bool +se2_read_hard_secret(uint8_t hard_key[32], const uint8_t pin_digest[32]) +{ + 8007e44: b510 push {r4, lr} + 8007e46: b0e8 sub sp, #416 ; 0x1a0 + 8007e48: e9cd 0102 strd r0, r1, [sp, #8] + if(setjmp(error_env)) { + 8007e4c: 4836 ldr r0, [pc, #216] ; (8007f28 ) + 8007e4e: f005 fd61 bl 800d914 + 8007e52: 2800 cmp r0, #0 + 8007e54: d165 bne.n 8007f22 + // + SHA256_CTX ctx; + + // pick a temp key pair, share public part w/ SE2 + uint8_t tmp_privkey[32], tmp_pubkey[64]; + p256_gen_keypair(tmp_privkey, tmp_pubkey); + 8007e56: a925 add r1, sp, #148 ; 0x94 + 8007e58: a805 add r0, sp, #20 + 8007e5a: f7ff ffc1 bl 8007de0 + + // - this can be mitm-ed, but we sign it next so doesn't matter + se2_write_page(PGN_PUBKEY_S, &tmp_pubkey[0]); + 8007e5e: a925 add r1, sp, #148 ; 0x94 + 8007e60: 201e movs r0, #30 + 8007e62: f7ff fbed bl 8007640 + se2_write_page(PGN_PUBKEY_S+1, &tmp_pubkey[32]); + 8007e66: a92d add r1, sp, #180 ; 0xb4 + 8007e68: 201f movs r0, #31 + 8007e6a: f7ff fbe9 bl 8007640 + + // pick nonce + uint8_t chal[32+32]; + rng_buffer(chal, sizeof(chal)); + 8007e6e: 2140 movs r1, #64 ; 0x40 + 8007e70: a835 add r0, sp, #212 ; 0xd4 + 8007e72: f7fa fd45 bl 8002900 + se2_write_buffer(chal, sizeof(chal)); + 8007e76: 2140 movs r1, #64 ; 0x40 + 8007e78: a835 add r0, sp, #212 ; 0xd4 + 8007e7a: f7ff fba1 bl 80075c0 + + // md = ngu.hash.sha256s(T_pubkey + chal[0:32]) + sha256_init(&ctx); + 8007e7e: a855 add r0, sp, #340 ; 0x154 + 8007e80: f7fd fc82 bl 8005788 + sha256_update(&ctx, tmp_pubkey, 64); + 8007e84: 2240 movs r2, #64 ; 0x40 + 8007e86: a925 add r1, sp, #148 ; 0x94 + 8007e88: a855 add r0, sp, #340 ; 0x154 + 8007e8a: f7fd fc8b bl 80057a4 + sha256_update(&ctx, chal, 32); // only first 32 bytes + 8007e8e: 2220 movs r2, #32 + 8007e90: a935 add r1, sp, #212 ; 0xd4 + 8007e92: a855 add r0, sp, #340 ; 0x154 + 8007e94: f7fd fc86 bl 80057a4 + + uint8_t md[32]; + sha256_final(&ctx, md); + 8007e98: a90d add r1, sp, #52 ; 0x34 + 8007e9a: a855 add r0, sp, #340 ; 0x154 + 8007e9c: f7fd fcc8 bl 8005830 + // Get that digest signed by SE1 now, and doing that requires + // the main pin, because the required slot requires auth by that key. + // - this is the critical step attackers would not be able to emulate w/o SE1 contents + // - fails here if PIN wrong + uint8_t signature[64]; + int arc = ae_sign_authed(KEYNUM_joiner_key, md, signature, KEYNUM_main_pin, pin_digest); + 8007ea0: 9b03 ldr r3, [sp, #12] + 8007ea2: 9300 str r3, [sp, #0] + 8007ea4: aa45 add r2, sp, #276 ; 0x114 + 8007ea6: 2303 movs r3, #3 + 8007ea8: a90d add r1, sp, #52 ; 0x34 + 8007eaa: 2007 movs r0, #7 + 8007eac: f7fb f85e bl 8002f6c + CHECK_RIGHT(arc == 0); + 8007eb0: 4604 mov r4, r0 + 8007eb2: b120 cbz r0, 8007ebe + 8007eb4: f240 4141 movw r1, #1089 ; 0x441 + + // "Authenticate ECDSA Public Key" = 0xA8 + // cs_offset=32 ecdh_keynum=0=pubA ECDH=1 WR=0 + uint8_t param = ((32-1) << 3) | (0 << 2) | 0x2; + se2_write_n(0xA8, ¶m, signature, 64); + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 8007eb8: 481b ldr r0, [pc, #108] ; (8007f28 ) + 8007eba: f005 fd31 bl 800d920 + uint8_t param = ((32-1) << 3) | (0 << 2) | 0x2; + 8007ebe: 23fa movs r3, #250 ; 0xfa + 8007ec0: f88d 3013 strb.w r3, [sp, #19] + se2_write_n(0xA8, ¶m, signature, 64); + 8007ec4: aa45 add r2, sp, #276 ; 0x114 + 8007ec6: 2340 movs r3, #64 ; 0x40 + 8007ec8: f10d 0113 add.w r1, sp, #19 + 8007ecc: 20a8 movs r0, #168 ; 0xa8 + 8007ece: f7ff fb3f bl 8007550 + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 8007ed2: f7ff fbad bl 8007630 + 8007ed6: 28aa cmp r0, #170 ; 0xaa + 8007ed8: d002 beq.n 8007ee0 + 8007eda: f240 4147 movw r1, #1095 ; 0x447 + 8007ede: e7eb b.n 8007eb8 + + uint8_t shared_x[32], shared_secret[32]; + ps256_ecdh(rom_secrets->se2.pubkey_A, tmp_privkey, shared_x); + 8007ee0: aa15 add r2, sp, #84 ; 0x54 + 8007ee2: a905 add r1, sp, #20 + 8007ee4: 4811 ldr r0, [pc, #68] ; (8007f2c ) + 8007ee6: f7ff ff93 bl 8007e10 + + // shared secret S will be SHA over X of shared ECDH point + chal[32:] + // s = ngu.hash.sha256s(x + chal[32:]) + sha256_init(&ctx); + 8007eea: a855 add r0, sp, #340 ; 0x154 + 8007eec: f7fd fc4c bl 8005788 + sha256_update(&ctx, shared_x, 32); + 8007ef0: 2220 movs r2, #32 + 8007ef2: a915 add r1, sp, #84 ; 0x54 + 8007ef4: a855 add r0, sp, #340 ; 0x154 + 8007ef6: f7fd fc55 bl 80057a4 + sha256_update(&ctx, &chal[32], 32); // second half + 8007efa: 2220 movs r2, #32 + 8007efc: a93d add r1, sp, #244 ; 0xf4 + 8007efe: a855 add r0, sp, #340 ; 0x154 + 8007f00: f7fd fc50 bl 80057a4 + sha256_final(&ctx, shared_secret); + 8007f04: a91d add r1, sp, #116 ; 0x74 + 8007f06: a855 add r0, sp, #340 ; 0x154 + 8007f08: f7fd fc92 bl 8005830 + + se2_read_encrypted(PGN_SE2_HARD_KEY, hard_key, 2, shared_secret); + 8007f0c: 200f movs r0, #15 + 8007f0e: 9902 ldr r1, [sp, #8] + 8007f10: ab1d add r3, sp, #116 ; 0x74 + 8007f12: 2202 movs r2, #2 + 8007f14: f7ff fc76 bl 8007804 + + // CONCERN: secret "S" is retained in SE2's sram. No API to clear it. + // - but you'd need to see our copy of that value to make use of it + // - and PIN checked already to get here, so you could re-do anyway + se2_clear_volatile(); + 8007f18: f7ff fdf0 bl 8007afc + + return false; + 8007f1c: 4620 mov r0, r4 +} + 8007f1e: b068 add sp, #416 ; 0x1a0 + 8007f20: bd10 pop {r4, pc} + return true; + 8007f22: 2001 movs r0, #1 + 8007f24: e7fb b.n 8007f1e + 8007f26: bf00 nop + 8007f28: 2009e394 .word 0x2009e394 + 8007f2c: 0801c0d0 .word 0x0801c0d0 + +08007f30 : + +// se2_calc_seed_key() +// + static bool +se2_calc_seed_key(uint8_t aes_key[32], const mcu_key_t *mcu_key, const uint8_t pin_digest[32]) +{ + 8007f30: b570 push {r4, r5, r6, lr} + 8007f32: b0d2 sub sp, #328 ; 0x148 + 8007f34: 4614 mov r4, r2 + // Gather key parts from all over. Combine them w/ HMAC into a AES-256 key + uint8_t se1_easy_key[32], se1_hard_key[32]; + se2_read_encrypted(PGN_SE2_EASY_KEY, se1_easy_key, 0, rom_secrets->se2.pairing); + 8007f36: 4b15 ldr r3, [pc, #84] ; (8007f8c ) + 8007f38: 2200 movs r2, #0 +{ + 8007f3a: 4605 mov r5, r0 + 8007f3c: 460e mov r6, r1 + se2_read_encrypted(PGN_SE2_EASY_KEY, se1_easy_key, 0, rom_secrets->se2.pairing); + 8007f3e: 200e movs r0, #14 + 8007f40: a901 add r1, sp, #4 + 8007f42: f7ff fc5f bl 8007804 + + if(se2_read_hard_secret(se1_hard_key, pin_digest)) return true; + 8007f46: 4621 mov r1, r4 + 8007f48: a809 add r0, sp, #36 ; 0x24 + 8007f4a: f7ff ff7b bl 8007e44 + 8007f4e: 4604 mov r4, r0 + 8007f50: b9c8 cbnz r0, 8007f86 + + HMAC_CTX ctx; + hmac_sha256_init(&ctx); + 8007f52: a811 add r0, sp, #68 ; 0x44 + 8007f54: f7fd fca0 bl 8005898 + hmac_sha256_update(&ctx, mcu_key->value, 32); + 8007f58: 2220 movs r2, #32 + 8007f5a: 4631 mov r1, r6 + 8007f5c: a811 add r0, sp, #68 ; 0x44 + 8007f5e: f7fd fca1 bl 80058a4 + hmac_sha256_update(&ctx, se1_hard_key, 32); + 8007f62: 2220 movs r2, #32 + 8007f64: a909 add r1, sp, #36 ; 0x24 + 8007f66: a811 add r0, sp, #68 ; 0x44 + 8007f68: f7fd fc9c bl 80058a4 + hmac_sha256_update(&ctx, se1_easy_key, 32); + 8007f6c: 2220 movs r2, #32 + 8007f6e: a901 add r1, sp, #4 + 8007f70: a811 add r0, sp, #68 ; 0x44 + 8007f72: f7fd fc97 bl 80058a4 + + // combine them all using anther MCU key via HMAC-SHA256 + hmac_sha256_final(&ctx, rom_secrets->mcu_hmac_key, aes_key); + 8007f76: a811 add r0, sp, #68 ; 0x44 + 8007f78: 4905 ldr r1, [pc, #20] ; (8007f90 ) + 8007f7a: 462a mov r2, r5 + 8007f7c: f7fd fca8 bl 80058d0 + hmac_sha256_init(&ctx); // clear secrets + 8007f80: a811 add r0, sp, #68 ; 0x44 + 8007f82: f7fd fc89 bl 8005898 + + return false; +} + 8007f86: 4620 mov r0, r4 + 8007f88: b052 add sp, #328 ; 0x148 + 8007f8a: bd70 pop {r4, r5, r6, pc} + 8007f8c: 0801c0b0 .word 0x0801c0b0 + 8007f90: 0801c090 .word 0x0801c090 + +08007f94 : +{ + 8007f94: b5f0 push {r4, r5, r6, r7, lr} + if(i2c_port.Instance == I2C2) { + 8007f96: 4e1b ldr r6, [pc, #108] ; (8008004 ) + 8007f98: 4f1b ldr r7, [pc, #108] ; (8008008 ) + 8007f9a: 6833 ldr r3, [r6, #0] + 8007f9c: 42bb cmp r3, r7 +{ + 8007f9e: b089 sub sp, #36 ; 0x24 + if(i2c_port.Instance == I2C2) { + 8007fa0: d02e beq.n 8008000 + __HAL_RCC_GPIOB_CLK_ENABLE(); + 8007fa2: 4b1a ldr r3, [pc, #104] ; (800800c ) + GPIO_InitTypeDef setup = { + 8007fa4: 4d1a ldr r5, [pc, #104] ; (8008010 ) + __HAL_RCC_GPIOB_CLK_ENABLE(); + 8007fa6: 6cda ldr r2, [r3, #76] ; 0x4c + 8007fa8: f042 0202 orr.w r2, r2, #2 + 8007fac: 64da str r2, [r3, #76] ; 0x4c + 8007fae: 6cda ldr r2, [r3, #76] ; 0x4c + 8007fb0: f002 0202 and.w r2, r2, #2 + 8007fb4: 9201 str r2, [sp, #4] + 8007fb6: 9a01 ldr r2, [sp, #4] + __HAL_RCC_I2C2_CLK_ENABLE(); + 8007fb8: 6d9a ldr r2, [r3, #88] ; 0x58 + 8007fba: f442 0280 orr.w r2, r2, #4194304 ; 0x400000 + 8007fbe: 659a str r2, [r3, #88] ; 0x58 + 8007fc0: 6d9b ldr r3, [r3, #88] ; 0x58 + 8007fc2: f403 0380 and.w r3, r3, #4194304 ; 0x400000 + 8007fc6: 9302 str r3, [sp, #8] + 8007fc8: 9b02 ldr r3, [sp, #8] + GPIO_InitTypeDef setup = { + 8007fca: cd0f ldmia r5!, {r0, r1, r2, r3} + 8007fcc: ac03 add r4, sp, #12 + 8007fce: c40f stmia r4!, {r0, r1, r2, r3} + 8007fd0: 682b ldr r3, [r5, #0] + HAL_GPIO_Init(GPIOB, &setup); + 8007fd2: 4810 ldr r0, [pc, #64] ; (8008014 ) + GPIO_InitTypeDef setup = { + 8007fd4: 6023 str r3, [r4, #0] + HAL_GPIO_Init(GPIOB, &setup); + 8007fd6: a903 add r1, sp, #12 + 8007fd8: f7f9 f91e bl 8001218 + memset(&i2c_port, 0, sizeof(i2c_port)); + 8007fdc: 2244 movs r2, #68 ; 0x44 + 8007fde: 2100 movs r1, #0 + 8007fe0: f106 0008 add.w r0, r6, #8 + 8007fe4: f005 fc8e bl 800d904 + i2c_port.Init.AddressingMode = I2C_ADDRESSINGMODE_7BIT; + 8007fe8: 2301 movs r3, #1 + 8007fea: 60f3 str r3, [r6, #12] + HAL_StatusTypeDef rv = HAL_I2C_Init(&i2c_port); + 8007fec: 4630 mov r0, r6 + i2c_port.Init.Timing = 0x00b03fb8; // 400khz "fast mode" in CubeMX @ 120Mhz (measured ok) + 8007fee: 4b0a ldr r3, [pc, #40] ; (8008018 ) + i2c_port.Instance = I2C2; + 8007ff0: 6037 str r7, [r6, #0] + i2c_port.Init.Timing = 0x00b03fb8; // 400khz "fast mode" in CubeMX @ 120Mhz (measured ok) + 8007ff2: 6073 str r3, [r6, #4] + HAL_StatusTypeDef rv = HAL_I2C_Init(&i2c_port); + 8007ff4: f003 fdac bl 800bb50 + ASSERT(rv == HAL_OK); + 8007ff8: b110 cbz r0, 8008000 + 8007ffa: 4808 ldr r0, [pc, #32] ; (800801c ) + 8007ffc: f7f8 fd2e bl 8000a5c +} + 8008000: b009 add sp, #36 ; 0x24 + 8008002: bdf0 pop {r4, r5, r6, r7, pc} + 8008004: 2009e3f0 .word 0x2009e3f0 + 8008008: 40005800 .word 0x40005800 + 800800c: 40021000 .word 0x40021000 + 8008010: 08010aac .word 0x08010aac + 8008014: 48000400 .word 0x48000400 + 8008018: 00b03fb8 .word 0x00b03fb8 + 800801c: 08010470 .word 0x08010470 + +08008020 : +{ + 8008020: b5f0 push {r4, r5, r6, r7, lr} + 8008022: b089 sub sp, #36 ; 0x24 + se2_setup(); + 8008024: f7ff ffb6 bl 8007f94 + if(setjmp(error_env)) fatal_mitm(); + 8008028: 480f ldr r0, [pc, #60] ; (8008068 ) + 800802a: f005 fc73 bl 800d914 + 800802e: 4604 mov r4, r0 + 8008030: b108 cbz r0, 8008036 + 8008032: f7f8 fd1d bl 8000a70 + uint8_t tmp[32] = {0}; + 8008036: 9000 str r0, [sp, #0] + 8008038: 4601 mov r1, r0 + 800803a: 221c movs r2, #28 + 800803c: a801 add r0, sp, #4 + 800803e: f005 fc61 bl 800d904 + se2_write_encrypted(pn, tmp, 0, SE2_SECRETS->pairing); + 8008042: 4f0a ldr r7, [pc, #40] ; (800806c ) + 8008044: 4e0a ldr r6, [pc, #40] ; (8008070 ) + 8008046: 4d0b ldr r5, [pc, #44] ; (8008074 ) + 8008048: f897 30b0 ldrb.w r3, [r7, #176] ; 0xb0 + 800804c: b2e0 uxtb r0, r4 + 800804e: 2bff cmp r3, #255 ; 0xff + 8008050: bf0c ite eq + 8008052: 4633 moveq r3, r6 + 8008054: 462b movne r3, r5 + 8008056: 2200 movs r2, #0 + 8008058: 4669 mov r1, sp + for(int pn=0; pn <= PGN_LAST_TRICK; pn++) { + 800805a: 3401 adds r4, #1 + se2_write_encrypted(pn, tmp, 0, SE2_SECRETS->pairing); + 800805c: f7ff fc4a bl 80078f4 + for(int pn=0; pn <= PGN_LAST_TRICK; pn++) { + 8008060: 2c0e cmp r4, #14 + 8008062: d1f1 bne.n 8008048 +} + 8008064: b009 add sp, #36 ; 0x24 + 8008066: bdf0 pop {r4, r5, r6, r7, pc} + 8008068: 2009e394 .word 0x2009e394 + 800806c: 0801c000 .word 0x0801c000 + 8008070: 2009e2b4 .word 0x2009e2b4 + 8008074: 0801c0b0 .word 0x0801c0b0 + +08008078 : +{ + 8008078: b5f0 push {r4, r5, r6, r7, lr} + 800807a: b087 sub sp, #28 + 800807c: e9cd 0102 strd r0, r1, [sp, #8] + if(setjmp(error_env)) fatal_mitm(); + 8008080: 4816 ldr r0, [pc, #88] ; (80080dc ) +{ + 8008082: 9201 str r2, [sp, #4] + if(setjmp(error_env)) fatal_mitm(); + 8008084: f005 fc46 bl 800d914 + 8008088: b108 cbz r0, 800808e + 800808a: f7f8 fcf1 bl 8000a70 + se2_read_encrypted(slot_num+1, &data[0], 0, SE2_SECRETS->pairing); + 800808e: 4f14 ldr r7, [pc, #80] ; (80080e0 ) + 8008090: 9005 str r0, [sp, #20] + se2_setup(); + 8008092: f7ff ff7f bl 8007f94 + se2_read_encrypted(slot_num+1, &data[0], 0, SE2_SECRETS->pairing); + 8008096: f89d 4008 ldrb.w r4, [sp, #8] + 800809a: f897 30b0 ldrb.w r3, [r7, #176] ; 0xb0 + 800809e: 4e11 ldr r6, [pc, #68] ; (80080e4 ) + 80080a0: 4d11 ldr r5, [pc, #68] ; (80080e8 ) + 80080a2: 9a05 ldr r2, [sp, #20] + 80080a4: 9901 ldr r1, [sp, #4] + 80080a6: 9204 str r2, [sp, #16] + 80080a8: 1c60 adds r0, r4, #1 + 80080aa: 2bff cmp r3, #255 ; 0xff + 80080ac: bf0c ite eq + 80080ae: 4633 moveq r3, r6 + 80080b0: 462b movne r3, r5 + 80080b2: b2c0 uxtb r0, r0 + 80080b4: f7ff fba6 bl 8007804 + if(tc_flags & TC_XPRV_WALLET) { + 80080b8: 9b03 ldr r3, [sp, #12] + 80080ba: 051b lsls r3, r3, #20 + 80080bc: d50c bpl.n 80080d8 + se2_read_encrypted(slot_num+2, &data[32], 0, SE2_SECRETS->pairing); + 80080be: f897 30b0 ldrb.w r3, [r7, #176] ; 0xb0 + 80080c2: 9901 ldr r1, [sp, #4] + 80080c4: 9a04 ldr r2, [sp, #16] + 80080c6: 3402 adds r4, #2 + 80080c8: 2bff cmp r3, #255 ; 0xff + 80080ca: bf0c ite eq + 80080cc: 4633 moveq r3, r6 + 80080ce: 462b movne r3, r5 + 80080d0: 3120 adds r1, #32 + 80080d2: b2e0 uxtb r0, r4 + 80080d4: f7ff fb96 bl 8007804 +} + 80080d8: b007 add sp, #28 + 80080da: bdf0 pop {r4, r5, r6, r7, pc} + 80080dc: 2009e394 .word 0x2009e394 + 80080e0: 0801c000 .word 0x0801c000 + 80080e4: 2009e2b4 .word 0x2009e2b4 + 80080e8: 0801c0b0 .word 0x0801c0b0 + +080080ec : +{ + 80080ec: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 80080f0: b0fe sub sp, #504 ; 0x1f8 + 80080f2: e9cd 1002 strd r1, r0, [sp, #8] + 80080f6: e9cd 2300 strd r2, r3, [sp] + se2_setup(); + 80080fa: f7ff ff4b bl 8007f94 + if(setjmp(error_env)) { + 80080fe: 486a ldr r0, [pc, #424] ; (80082a8 ) + 8008100: f005 fc08 bl 800d914 + 8008104: 4604 mov r4, r0 + 8008106: b138 cbz r0, 8008118 + if(!safety_mode) fatal_mitm(); + 8008108: 9b01 ldr r3, [sp, #4] + 800810a: b11b cbz r3, 8008114 + return false; + 800810c: 2000 movs r0, #0 +} + 800810e: b07e add sp, #504 ; 0x1f8 + 8008110: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + if(!safety_mode) fatal_mitm(); + 8008114: f7f8 fcac bl 8000a70 + if(!pin_len) return false; + 8008118: 9b02 ldr r3, [sp, #8] + 800811a: 2b00 cmp r3, #0 + 800811c: d0f6 beq.n 800810c + trick_pin_hash(pin, pin_len, tpin_hash); + 800811e: 9803 ldr r0, [sp, #12] + se2_read_encrypted(pn, slots[i], 0, SE2_SECRETS->pairing); + 8008120: f8df a194 ldr.w sl, [pc, #404] ; 80082b8 + 8008124: f8df 9194 ldr.w r9, [pc, #404] ; 80082bc + 8008128: f8df 8194 ldr.w r8, [pc, #404] ; 80082c0 + trick_pin_hash(pin, pin_len, tpin_hash); + 800812c: aa06 add r2, sp, #24 + 800812e: 4619 mov r1, r3 + 8008130: f7ff fe24 bl 8007d7c + 8008134: ad0e add r5, sp, #56 ; 0x38 + 8008136: 462f mov r7, r5 + int pn = PGN_TRICK(0); + 8008138: 4626 mov r6, r4 + se2_read_encrypted(pn, slots[i], 0, SE2_SECRETS->pairing); + 800813a: f89a 30b0 ldrb.w r3, [sl, #176] ; 0xb0 + 800813e: 4639 mov r1, r7 + 8008140: 2bff cmp r3, #255 ; 0xff + 8008142: bf0c ite eq + 8008144: 464b moveq r3, r9 + 8008146: 4643 movne r3, r8 + 8008148: b2f0 uxtb r0, r6 + 800814a: 2200 movs r2, #0 + for(int i=0; ipairing); + 800814e: f7ff fb59 bl 8007804 + for(int i=0; i + se2_clear_volatile(); + 800815a: f7ff fccf bl 8007afc + uint32_t blank = 0; + 800815e: 2700 movs r7, #0 + int found = -1; + 8008160: f04f 36ff mov.w r6, #4294967295 ; 0xffffffff + if(check_equal(here, tpin_hash, 28)) { + 8008164: f04f 091c mov.w r9, #28 + blank |= (!!check_all_zeros(here, 32)) << i; + 8008168: f04f 0820 mov.w r8, #32 + if(check_equal(here, tpin_hash, 28)) { + 800816c: 464a mov r2, r9 + 800816e: a906 add r1, sp, #24 + 8008170: 4628 mov r0, r5 + 8008172: f7fa fb76 bl 8002862 + blank |= (!!check_all_zeros(here, 32)) << i; + 8008176: 4641 mov r1, r8 + if(check_equal(here, tpin_hash, 28)) { + 8008178: 2800 cmp r0, #0 + 800817a: bf18 it ne + 800817c: 4626 movne r6, r4 + blank |= (!!check_all_zeros(here, 32)) << i; + 800817e: 4628 mov r0, r5 + 8008180: f7fa fb60 bl 8002844 + 8008184: 40a0 lsls r0, r4 + for(int i=0; i + rng_delay(); + 8008194: f7fa fbca bl 800292c + memset(found_slot, 0, sizeof(trick_slot_t)); + 8008198: 9800 ldr r0, [sp, #0] + 800819a: 2280 movs r2, #128 ; 0x80 + 800819c: 2100 movs r1, #0 + 800819e: f005 fbb1 bl 800d904 + if(safety_mode) { + 80081a2: 9b01 ldr r3, [sp, #4] + 80081a4: b10b cbz r3, 80081aa + found_slot->blank_slots = blank; + 80081a6: 9b00 ldr r3, [sp, #0] + 80081a8: 65df str r7, [r3, #92] ; 0x5c + if(found >= 0) { + 80081aa: 1c72 adds r2, r6, #1 + 80081ac: d074 beq.n 8008298 + found_slot->slot_num = found; + 80081ae: 9b00 ldr r3, [sp, #0] + 80081b0: 0174 lsls r4, r6, #5 + 80081b2: 601e str r6, [r3, #0] + memcpy(meta, &slots[found][28], 4); + 80081b4: ab15 add r3, sp, #84 ; 0x54 + xor_mixin(meta, &tpin_hash[28], 4); + 80081b6: 2204 movs r2, #4 + memcpy(meta, &slots[found][28], 4); + 80081b8: 591b ldr r3, [r3, r4] + 80081ba: 9305 str r3, [sp, #20] + xor_mixin(meta, &tpin_hash[28], 4); + 80081bc: a90d add r1, sp, #52 ; 0x34 + 80081be: a805 add r0, sp, #20 + 80081c0: f7ff f983 bl 80074ca + memcpy(&found_slot->tc_flags, &meta[0], 2); + 80081c4: 9b00 ldr r3, [sp, #0] + 80081c6: f8bd 5014 ldrh.w r5, [sp, #20] + memcpy(&found_slot->tc_arg, &meta[2], 2); + 80081ca: 9a00 ldr r2, [sp, #0] + memcpy(&found_slot->tc_flags, &meta[0], 2); + 80081cc: 809d strh r5, [r3, #4] + memcpy(&found_slot->tc_arg, &meta[2], 2); + 80081ce: f8bd 3016 ldrh.w r3, [sp, #22] + 80081d2: 80d3 strh r3, [r2, #6] + if(found_slot->tc_flags & TC_WORD_WALLET) { + 80081d4: 04eb lsls r3, r5, #19 + 80081d6: d513 bpl.n 8008200 + if(found+1 < NUM_TRICKS) { + 80081d8: 2e0c cmp r6, #12 + 80081da: dc0e bgt.n 80081fa + memcpy(found_slot->xdata, &slots[found+1][0], 32); + 80081dc: f504 73fc add.w r3, r4, #504 ; 0x1f8 + 80081e0: eb0d 0403 add.w r4, sp, r3 + 80081e4: f5a4 73d0 sub.w r3, r4, #416 ; 0x1a0 + 80081e8: 3208 adds r2, #8 + 80081ea: f5a4 74c0 sub.w r4, r4, #384 ; 0x180 + 80081ee: f853 1b04 ldr.w r1, [r3], #4 + 80081f2: f842 1b04 str.w r1, [r2], #4 + 80081f6: 42a3 cmp r3, r4 + 80081f8: d1f9 bne.n 80081ee + if(!safety_mode && todo) { + 80081fa: 9b01 ldr r3, [sp, #4] + 80081fc: b33b cbz r3, 800824e + 80081fe: e049 b.n 8008294 + } else if(found_slot->tc_flags & TC_XPRV_WALLET) { + 8008200: 052f lsls r7, r5, #20 + 8008202: d521 bpl.n 8008248 + if(found+2 < NUM_TRICKS) { + 8008204: 2e0b cmp r6, #11 + 8008206: dcf8 bgt.n 80081fa + memcpy(&found_slot->xdata[0], &slots[found+1][0], 32); + 8008208: 9900 ldr r1, [sp, #0] + 800820a: f504 73fc add.w r3, r4, #504 ; 0x1f8 + 800820e: 446b add r3, sp + 8008210: f5a3 72d0 sub.w r2, r3, #416 ; 0x1a0 + 8008214: 3108 adds r1, #8 + 8008216: f5a3 73c0 sub.w r3, r3, #384 ; 0x180 + 800821a: f852 0b04 ldr.w r0, [r2], #4 + 800821e: f841 0b04 str.w r0, [r1], #4 + 8008222: 429a cmp r2, r3 + 8008224: d1f9 bne.n 800821a + memcpy(&found_slot->xdata[32], &slots[found+2][0], 32); + 8008226: f504 73fc add.w r3, r4, #504 ; 0x1f8 + 800822a: 9a00 ldr r2, [sp, #0] + 800822c: eb0d 0403 add.w r4, sp, r3 + 8008230: f5a4 73c0 sub.w r3, r4, #384 ; 0x180 + 8008234: 3228 adds r2, #40 ; 0x28 + 8008236: f5a4 74b0 sub.w r4, r4, #352 ; 0x160 + 800823a: f853 1b04 ldr.w r1, [r3], #4 + 800823e: f842 1b04 str.w r1, [r2], #4 + 8008242: 42a3 cmp r3, r4 + 8008244: d1f9 bne.n 800823a + 8008246: e7d8 b.n 80081fa + if(!safety_mode && todo) { + 8008248: 9b01 ldr r3, [sp, #4] + 800824a: bb1b cbnz r3, 8008294 + 800824c: b315 cbz r5, 8008294 + if(todo & TC_WIPE) { + 800824e: 0428 lsls r0, r5, #16 + 8008250: d50a bpl.n 8008268 + mcu_key_clear(NULL); + 8008252: 2000 movs r0, #0 + 8008254: f7fa f9d8 bl 8002608 + if(todo == TC_WIPE) { + 8008258: f5b5 4f00 cmp.w r5, #32768 ; 0x8000 + 800825c: d104 bne.n 8008268 + oled_show(screen_wiped); + 800825e: 4813 ldr r0, [pc, #76] ; (80082ac ) + 8008260: f7f8 ff1a bl 8001098 + LOCKUP_FOREVER(); + 8008264: f7fb fd1a bl 8003c9c + if(todo & TC_BRICK) { + 8008268: 0469 lsls r1, r5, #17 + 800826a: d40e bmi.n 800828a + if(todo & TC_REBOOT) { + 800826c: 05aa lsls r2, r5, #22 + 800826e: d50f bpl.n 8008290 + 8008270: f3bf 8f4f dsb sy + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 8008274: 490e ldr r1, [pc, #56] ; (80082b0 ) + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 8008276: 4b0f ldr r3, [pc, #60] ; (80082b4 ) + (SCB->AIRCR & SCB_AIRCR_PRIGROUP_Msk) | + 8008278: 68ca ldr r2, [r1, #12] + 800827a: f402 62e0 and.w r2, r2, #1792 ; 0x700 + SCB->AIRCR = (uint32_t)((0x5FAUL << SCB_AIRCR_VECTKEY_Pos) | + 800827e: 4313 orrs r3, r2 + 8008280: 60cb str r3, [r1, #12] + 8008282: f3bf 8f4f dsb sy + __NOP(); + 8008286: bf00 nop + for(;;) /* wait until reset */ + 8008288: e7fd b.n 8008286 + fast_brick(); + 800828a: f7fa fa81 bl 8002790 + 800828e: e7ed b.n 800826c + if(todo & TC_FAKE_OUT) { + 8008290: 04ab lsls r3, r5, #18 + 8008292: d401 bmi.n 8008298 + return true; + 8008294: 2001 movs r0, #1 + 8008296: e73a b.n 800810e + found_slot->slot_num = -1; + 8008298: 9a00 ldr r2, [sp, #0] + 800829a: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 800829e: 6013 str r3, [r2, #0] + rng_delay(); + 80082a0: f7fa fb44 bl 800292c + 80082a4: e732 b.n 800810c + 80082a6: bf00 nop + 80082a8: 2009e394 .word 0x2009e394 + 80082ac: 08010178 .word 0x08010178 + 80082b0: e000ed00 .word 0xe000ed00 + 80082b4: 05fa0004 .word 0x05fa0004 + 80082b8: 0801c000 .word 0x0801c000 + 80082bc: 2009e2b4 .word 0x2009e2b4 + 80082c0: 0801c0b0 .word 0x0801c0b0 + +080082c4 : +{ + 80082c4: b510 push {r4, lr} + 80082c6: b0a2 sub sp, #136 ; 0x88 + 80082c8: 4604 mov r4, r0 + bool is_trick = se2_test_trick_pin("!p", 2, &slot, true); + 80082ca: 2301 movs r3, #1 + 80082cc: 4811 ldr r0, [pc, #68] ; (8008314 ) + 80082ce: aa02 add r2, sp, #8 + 80082d0: 2102 movs r1, #2 + 80082d2: f7ff ff0b bl 80080ec + if(!is_trick) return; + 80082d6: b1d8 cbz r0, 8008310 + if(num_fails >= slot.tc_arg) { + 80082d8: f8bd 300e ldrh.w r3, [sp, #14] + 80082dc: 42a3 cmp r3, r4 + 80082de: dc17 bgt.n 8008310 + if(slot.tc_flags & TC_WIPE) { + 80082e0: f9bd 300c ldrsh.w r3, [sp, #12] + 80082e4: 2b00 cmp r3, #0 + 80082e6: da0d bge.n 8008304 + const mcu_key_t *cur = mcu_key_get(&valid); + 80082e8: f10d 0007 add.w r0, sp, #7 + 80082ec: f7fa f96c bl 80025c8 + if(valid) { + 80082f0: f89d 3007 ldrb.w r3, [sp, #7] + 80082f4: b133 cbz r3, 8008304 + mcu_key_clear(cur); + 80082f6: f7fa f987 bl 8002608 + oled_show(screen_wiped); + 80082fa: 4807 ldr r0, [pc, #28] ; (8008318 ) + 80082fc: f7f8 fecc bl 8001098 + LOCKUP_FOREVER(); + 8008300: f7fb fccc bl 8003c9c + if(slot.tc_flags & TC_BRICK) { + 8008304: f8bd 300c ldrh.w r3, [sp, #12] + 8008308: 045b lsls r3, r3, #17 + 800830a: d501 bpl.n 8008310 + fast_brick(); + 800830c: f7fa fa40 bl 8002790 +} + 8008310: b022 add sp, #136 ; 0x88 + 8008312: bd10 pop {r4, pc} + 8008314: 08010aa9 .word 0x08010aa9 + 8008318: 08010178 .word 0x08010178 + +0800831c : +{ + 800831c: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 8008320: b094 sub sp, #80 ; 0x50 + 8008322: 9001 str r0, [sp, #4] + se2_setup(); + 8008324: f7ff fe36 bl 8007f94 + if(setjmp(error_env)) { + 8008328: 4848 ldr r0, [pc, #288] ; (800844c ) + 800832a: f005 faf3 bl 800d914 + 800832e: 4604 mov r4, r0 + 8008330: 2800 cmp r0, #0 + 8008332: f040 8088 bne.w 8008446 + if((config->slot_num < 0) || (config->slot_num >= NUM_TRICKS) ) { + 8008336: 9b01 ldr r3, [sp, #4] + 8008338: 681b ldr r3, [r3, #0] + 800833a: 2b0d cmp r3, #13 + 800833c: d804 bhi.n 8008348 + if((config->slot_num >= NUM_TRICKS-1) && (config->tc_flags & TC_WORD_WALLET) ) { + 800833e: d106 bne.n 800834e + 8008340: 9b01 ldr r3, [sp, #4] + 8008342: 889b ldrh r3, [r3, #4] + 8008344: 04d9 lsls r1, r3, #19 + 8008346: d504 bpl.n 8008352 + return EPIN_RANGE_ERR; + 8008348: f06f 0466 mvn.w r4, #102 ; 0x66 + 800834c: e01f b.n 800838e + if((config->slot_num >= NUM_TRICKS-2) && (config->tc_flags & TC_XPRV_WALLET) ) { + 800834e: 2b0c cmp r3, #12 + 8008350: d103 bne.n 800835a + 8008352: 9b01 ldr r3, [sp, #4] + 8008354: 889b ldrh r3, [r3, #4] + 8008356: 051a lsls r2, r3, #20 + 8008358: d4f6 bmi.n 8008348 + if(config->pin_len > sizeof(config->pin)) { + 800835a: 9b01 ldr r3, [sp, #4] + 800835c: 6d99 ldr r1, [r3, #88] ; 0x58 + 800835e: 2910 cmp r1, #16 + 8008360: d8f2 bhi.n 8008348 + if(config->blank_slots) { + 8008362: 6ddd ldr r5, [r3, #92] ; 0x5c + 8008364: b31d cbz r5, 80083ae + uint8_t zeros[32] = { 0 }; + 8008366: 2100 movs r1, #0 + 8008368: 221c movs r2, #28 + 800836a: a805 add r0, sp, #20 + 800836c: 9104 str r1, [sp, #16] + 800836e: f005 fac9 bl 800d904 + se2_write_encrypted(PGN_TRICK(i), zeros, 0, SE2_SECRETS->pairing); + 8008372: f8df 80e4 ldr.w r8, [pc, #228] ; 8008458 + 8008376: 4f36 ldr r7, [pc, #216] ; (8008450 ) + 8008378: 4e36 ldr r6, [pc, #216] ; (8008454 ) + for(int i=0; iblank_slots) { + 800837c: 9a01 ldr r2, [sp, #4] + uint32_t mask = (1 << i); + 800837e: 2301 movs r3, #1 + if(mask & config->blank_slots) { + 8008380: 6dd2 ldr r2, [r2, #92] ; 0x5c + uint32_t mask = (1 << i); + 8008382: 40ab lsls r3, r5 + if(mask & config->blank_slots) { + 8008384: 4213 tst r3, r2 + 8008386: d106 bne.n 8008396 + for(int i=0; i +} + 800838e: 4620 mov r0, r4 + 8008390: b014 add sp, #80 ; 0x50 + 8008392: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + se2_write_encrypted(PGN_TRICK(i), zeros, 0, SE2_SECRETS->pairing); + 8008396: f898 30b0 ldrb.w r3, [r8, #176] ; 0xb0 + 800839a: 2200 movs r2, #0 + 800839c: 2bff cmp r3, #255 ; 0xff + 800839e: bf0c ite eq + 80083a0: 463b moveq r3, r7 + 80083a2: 4633 movne r3, r6 + 80083a4: a904 add r1, sp, #16 + 80083a6: b2e8 uxtb r0, r5 + 80083a8: f7ff faa4 bl 80078f4 + 80083ac: e7ec b.n 8008388 + trick_pin_hash(config->pin, config->pin_len, tpin_digest); + 80083ae: 9b01 ldr r3, [sp, #4] + se2_write_encrypted(PGN_TRICK(config->slot_num), tpin_digest, 0, SE2_SECRETS->pairing); + 80083b0: f8df 80a4 ldr.w r8, [pc, #164] ; 8008458 + 80083b4: 4f26 ldr r7, [pc, #152] ; (8008450 ) + 80083b6: 4e27 ldr r6, [pc, #156] ; (8008454 ) + trick_pin_hash(config->pin, config->pin_len, tpin_digest); + 80083b8: f103 0048 add.w r0, r3, #72 ; 0x48 + 80083bc: aa0c add r2, sp, #48 ; 0x30 + 80083be: f7ff fcdd bl 8007d7c + memcpy(&meta[0], &config->tc_flags, 2); + 80083c2: 9b01 ldr r3, [sp, #4] + 80083c4: 889b ldrh r3, [r3, #4] + 80083c6: f8ad 300c strh.w r3, [sp, #12] + memcpy(&meta[2], &config->tc_arg, 2); + 80083ca: 9b01 ldr r3, [sp, #4] + xor_mixin(&tpin_digest[28], meta, 4); + 80083cc: 2204 movs r2, #4 + memcpy(&meta[2], &config->tc_arg, 2); + 80083ce: 88db ldrh r3, [r3, #6] + 80083d0: f8ad 300e strh.w r3, [sp, #14] + xor_mixin(&tpin_digest[28], meta, 4); + 80083d4: a903 add r1, sp, #12 + 80083d6: a813 add r0, sp, #76 ; 0x4c + 80083d8: f7ff f877 bl 80074ca + se2_write_encrypted(PGN_TRICK(config->slot_num), tpin_digest, 0, SE2_SECRETS->pairing); + 80083dc: f898 30b0 ldrb.w r3, [r8, #176] ; 0xb0 + 80083e0: 9801 ldr r0, [sp, #4] + 80083e2: 2bff cmp r3, #255 ; 0xff + 80083e4: bf0c ite eq + 80083e6: 463b moveq r3, r7 + 80083e8: 4633 movne r3, r6 + 80083ea: 7800 ldrb r0, [r0, #0] + 80083ec: 462a mov r2, r5 + 80083ee: a90c add r1, sp, #48 ; 0x30 + 80083f0: f7ff fa80 bl 80078f4 + if(config->tc_flags & (TC_WORD_WALLET | TC_XPRV_WALLET)) { + 80083f4: 9b01 ldr r3, [sp, #4] + 80083f6: 889b ldrh r3, [r3, #4] + 80083f8: f403 53c0 and.w r3, r3, #6144 ; 0x1800 + 80083fc: b9a3 cbnz r3, 8008428 + if(config->tc_flags & TC_XPRV_WALLET) { + 80083fe: 9b01 ldr r3, [sp, #4] + 8008400: 889b ldrh r3, [r3, #4] + 8008402: 051b lsls r3, r3, #20 + 8008404: d5c3 bpl.n 800838e + se2_write_encrypted(PGN_TRICK(config->slot_num+2), &config->xdata[32], + 8008406: 9901 ldr r1, [sp, #4] + 0, SE2_SECRETS->pairing); + 8008408: 4b13 ldr r3, [pc, #76] ; (8008458 ) + se2_write_encrypted(PGN_TRICK(config->slot_num+2), &config->xdata[32], + 800840a: f851 0b28 ldr.w r0, [r1], #40 + 0, SE2_SECRETS->pairing); + 800840e: f893 50b0 ldrb.w r5, [r3, #176] ; 0xb0 + se2_write_encrypted(PGN_TRICK(config->slot_num+2), &config->xdata[32], + 8008412: 4a10 ldr r2, [pc, #64] ; (8008454 ) + 8008414: 4b0e ldr r3, [pc, #56] ; (8008450 ) + 8008416: 3002 adds r0, #2 + 8008418: 2dff cmp r5, #255 ; 0xff + 800841a: bf18 it ne + 800841c: 4613 movne r3, r2 + 800841e: b2c0 uxtb r0, r0 + 8008420: 2200 movs r2, #0 + 8008422: f7ff fa67 bl 80078f4 + 8008426: e7b2 b.n 800838e + se2_write_encrypted(PGN_TRICK(config->slot_num+1), &config->xdata[0], + 8008428: 9901 ldr r1, [sp, #4] + 0, SE2_SECRETS->pairing); + 800842a: f898 30b0 ldrb.w r3, [r8, #176] ; 0xb0 + se2_write_encrypted(PGN_TRICK(config->slot_num+1), &config->xdata[0], + 800842e: f851 0b08 ldr.w r0, [r1], #8 + 8008432: 3001 adds r0, #1 + 8008434: 2bff cmp r3, #255 ; 0xff + 8008436: bf0c ite eq + 8008438: 463b moveq r3, r7 + 800843a: 4633 movne r3, r6 + 800843c: 462a mov r2, r5 + 800843e: b2c0 uxtb r0, r0 + 8008440: f7ff fa58 bl 80078f4 + 8008444: e7db b.n 80083fe + return EPIN_SE2_FAIL; + 8008446: f06f 0472 mvn.w r4, #114 ; 0x72 + 800844a: e7a0 b.n 800838e + 800844c: 2009e394 .word 0x2009e394 + 8008450: 2009e2b4 .word 0x2009e2b4 + 8008454: 0801c0b0 .word 0x0801c0b0 + 8008458: 0801c000 .word 0x0801c000 + +0800845c : +// + bool +se2_encrypt_secret(const uint8_t secret[], int secret_len, int offset, + uint8_t main_slot[], uint8_t *check_value, + const uint8_t pin_digest[32]) +{ + 800845c: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 8008460: f5ad 7d10 sub.w sp, sp, #576 ; 0x240 + 8008464: 4699 mov r9, r3 + 8008466: 4682 mov sl, r0 + 8008468: 460f mov r7, r1 + 800846a: 4614 mov r4, r2 + 800846c: f8dd 8260 ldr.w r8, [sp, #608] ; 0x260 + se2_setup(); + 8008470: f7ff fd90 bl 8007f94 + + bool is_valid; + const mcu_key_t *cur = mcu_key_get(&is_valid); + 8008474: f10d 000b add.w r0, sp, #11 + 8008478: f7fa f8a6 bl 80025c8 + + if(!is_valid) { + 800847c: f89d 300b ldrb.w r3, [sp, #11] + 8008480: b953 cbnz r3, 8008498 + if(!check_value) { + 8008482: f1b8 0f00 cmp.w r8, #0 + 8008486: d105 bne.n 8008494 + // problem: we are not writing the check value but it would be changed. + // ie: change long secret before real secret--unlikely + return true; + 8008488: 2501 movs r5, #1 + ctx.num_pending = 32; + aes_done(&ctx, check_value, 32, aes_key, nonce); + } + + return false; +} + 800848a: 4628 mov r0, r5 + 800848c: f50d 7d10 add.w sp, sp, #576 ; 0x240 + 8008490: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + cur = mcu_key_pick(); + 8008494: f7fa f900 bl 8002698 + if(se2_calc_seed_key(aes_key, cur, pin_digest)) return true; + 8008498: 4601 mov r1, r0 + 800849a: 9a99 ldr r2, [sp, #612] ; 0x264 + 800849c: a807 add r0, sp, #28 + 800849e: f7ff fd47 bl 8007f30 + 80084a2: 4605 mov r5, r0 + 80084a4: 2800 cmp r0, #0 + 80084a6: d1ef bne.n 8008488 + memcpy(nonce, rom_secrets->mcu_hmac_key, sizeof(nonce)-1); + 80084a8: 4b16 ldr r3, [pc, #88] ; (8008504 ) + 80084aa: cb0f ldmia r3, {r0, r1, r2, r3} + 80084ac: ae03 add r6, sp, #12 + 80084ae: 46b4 mov ip, r6 + 80084b0: e8ac 0007 stmia.w ip!, {r0, r1, r2} + nonce[15] = offset / AES_BLOCK_SIZE; + 80084b4: 2c00 cmp r4, #0 + memcpy(nonce, rom_secrets->mcu_hmac_key, sizeof(nonce)-1); + 80084b6: f82c 3b02 strh.w r3, [ip], #2 + nonce[15] = offset / AES_BLOCK_SIZE; + 80084ba: bfb8 it lt + 80084bc: 340f addlt r4, #15 + memcpy(nonce, rom_secrets->mcu_hmac_key, sizeof(nonce)-1); + 80084be: 0c1b lsrs r3, r3, #16 + 80084c0: f88c 3000 strb.w r3, [ip] + aes_init(&ctx); + 80084c4: a80f add r0, sp, #60 ; 0x3c + nonce[15] = offset / AES_BLOCK_SIZE; + 80084c6: 1124 asrs r4, r4, #4 + 80084c8: 73f4 strb r4, [r6, #15] + aes_init(&ctx); + 80084ca: f000 f92b bl 8008724 + aes_add(&ctx, secret, secret_len); + 80084ce: 463a mov r2, r7 + 80084d0: 4651 mov r1, sl + 80084d2: a80f add r0, sp, #60 ; 0x3c + 80084d4: f000 f92c bl 8008730 + aes_done(&ctx, main_slot, secret_len, aes_key, nonce); + 80084d8: 9600 str r6, [sp, #0] + 80084da: ab07 add r3, sp, #28 + 80084dc: 463a mov r2, r7 + 80084de: 4649 mov r1, r9 + 80084e0: a80f add r0, sp, #60 ; 0x3c + 80084e2: f000 f93b bl 800875c + if(check_value) { + 80084e6: f1b8 0f00 cmp.w r8, #0 + 80084ea: d0ce beq.n 800848a + aes_init(&ctx); + 80084ec: a80f add r0, sp, #60 ; 0x3c + 80084ee: f000 f919 bl 8008724 + ctx.num_pending = 32; + 80084f2: 2220 movs r2, #32 + aes_done(&ctx, check_value, 32, aes_key, nonce); + 80084f4: 9600 str r6, [sp, #0] + 80084f6: ab07 add r3, sp, #28 + 80084f8: 4641 mov r1, r8 + 80084fa: a80f add r0, sp, #60 ; 0x3c + ctx.num_pending = 32; + 80084fc: 928f str r2, [sp, #572] ; 0x23c + aes_done(&ctx, check_value, 32, aes_key, nonce); + 80084fe: f000 f92d bl 800875c + 8008502: e7c2 b.n 800848a + 8008504: 0801c090 .word 0x0801c090 + +08008508 : +// + void +se2_decrypt_secret(uint8_t secret[], int secret_len, int offset, + const uint8_t main_slot[], const uint8_t *check_value, + const uint8_t pin_digest[32], bool *is_valid) +{ + 8008508: b530 push {r4, r5, lr} + 800850a: f5ad 7d1f sub.w sp, sp, #636 ; 0x27c + 800850e: e9cd 2306 strd r2, r3, [sp, #24] + 8008512: 9005 str r0, [sp, #20] + 8008514: 9103 str r1, [sp, #12] + se2_setup(); + 8008516: f7ff fd3d bl 8007f94 + + const mcu_key_t *cur = mcu_key_get(is_valid); + 800851a: 98a4 ldr r0, [sp, #656] ; 0x290 + 800851c: f7fa f854 bl 80025c8 + if(!*is_valid) { + 8008520: 9ba4 ldr r3, [sp, #656] ; 0x290 + const mcu_key_t *cur = mcu_key_get(is_valid); + 8008522: 9004 str r0, [sp, #16] + if(!*is_valid) { + 8008524: 781b ldrb r3, [r3, #0] + 8008526: b133 cbz r3, 8008536 + // no key set? won't be able to decrypt. + return; + } + + int line_num; + if((line_num = setjmp(error_env))) { + 8008528: 4825 ldr r0, [pc, #148] ; (80085c0 ) + 800852a: f005 f9f3 bl 800d914 + 800852e: b128 cbz r0, 800853c + // internal failures / broken i2c buses will come here + *is_valid = false; + 8008530: 9aa4 ldr r2, [sp, #656] ; 0x290 + 8008532: 2300 movs r3, #0 + 8008534: 7013 strb r3, [r2, #0] + + // decrypt the real data + aes_init(&ctx); + aes_add(&ctx, main_slot, secret_len); + aes_done(&ctx, secret, secret_len, aes_key, nonce); +} + 8008536: f50d 7d1f add.w sp, sp, #636 ; 0x27c + 800853a: bd30 pop {r4, r5, pc} + if(se2_calc_seed_key(aes_key, cur, pin_digest)) { + 800853c: 9aa3 ldr r2, [sp, #652] ; 0x28c + 800853e: 9904 ldr r1, [sp, #16] + 8008540: a80d add r0, sp, #52 ; 0x34 + 8008542: f7ff fcf5 bl 8007f30 + 8008546: 2800 cmp r0, #0 + 8008548: d1f2 bne.n 8008530 + memcpy(nonce, rom_secrets->mcu_hmac_key, sizeof(nonce)-1); + 800854a: 4b1e ldr r3, [pc, #120] ; (80085c4 ) + 800854c: cb0f ldmia r3, {r0, r1, r2, r3} + 800854e: ad09 add r5, sp, #36 ; 0x24 + 8008550: 462c mov r4, r5 + 8008552: c407 stmia r4!, {r0, r1, r2} + 8008554: f824 3b02 strh.w r3, [r4], #2 + 8008558: 0c1b lsrs r3, r3, #16 + 800855a: 7023 strb r3, [r4, #0] + nonce[15] = offset / AES_BLOCK_SIZE; + 800855c: 9b06 ldr r3, [sp, #24] + 800855e: 2b00 cmp r3, #0 + 8008560: bfb8 it lt + 8008562: 330f addlt r3, #15 + 8008564: 111b asrs r3, r3, #4 + 8008566: 73eb strb r3, [r5, #15] + if(check_value) { + 8008568: 9ba2 ldr r3, [sp, #648] ; 0x288 + 800856a: b1bb cbz r3, 800859c + aes_init(&ctx); + 800856c: a81d add r0, sp, #116 ; 0x74 + 800856e: f000 f8d9 bl 8008724 + aes_add(&ctx, check_value, 32); + 8008572: 99a2 ldr r1, [sp, #648] ; 0x288 + 8008574: 2220 movs r2, #32 + 8008576: a81d add r0, sp, #116 ; 0x74 + 8008578: f000 f8da bl 8008730 + aes_done(&ctx, got, 32, aes_key, nonce); + 800857c: ab09 add r3, sp, #36 ; 0x24 + 800857e: 9300 str r3, [sp, #0] + 8008580: a915 add r1, sp, #84 ; 0x54 + 8008582: a81d add r0, sp, #116 ; 0x74 + 8008584: ab0d add r3, sp, #52 ; 0x34 + 8008586: 2220 movs r2, #32 + 8008588: f000 f8e8 bl 800875c + if(!check_all_zeros(got, 32)) { + 800858c: 2120 movs r1, #32 + 800858e: a815 add r0, sp, #84 ; 0x54 + 8008590: f7fa f958 bl 8002844 + 8008594: b910 cbnz r0, 800859c + *is_valid = false; + 8008596: 9ba4 ldr r3, [sp, #656] ; 0x290 + 8008598: 7018 strb r0, [r3, #0] + return; + 800859a: e7cc b.n 8008536 + aes_init(&ctx); + 800859c: a81d add r0, sp, #116 ; 0x74 + 800859e: f000 f8c1 bl 8008724 + aes_add(&ctx, main_slot, secret_len); + 80085a2: 9a03 ldr r2, [sp, #12] + 80085a4: 9907 ldr r1, [sp, #28] + 80085a6: a81d add r0, sp, #116 ; 0x74 + 80085a8: f000 f8c2 bl 8008730 + aes_done(&ctx, secret, secret_len, aes_key, nonce); + 80085ac: ab09 add r3, sp, #36 ; 0x24 + 80085ae: 9300 str r3, [sp, #0] + 80085b0: 9a03 ldr r2, [sp, #12] + 80085b2: 9905 ldr r1, [sp, #20] + 80085b4: ab0d add r3, sp, #52 ; 0x34 + 80085b6: a81d add r0, sp, #116 ; 0x74 + 80085b8: f000 f8d0 bl 800875c + 80085bc: e7bb b.n 8008536 + 80085be: bf00 nop + 80085c0: 2009e394 .word 0x2009e394 + 80085c4: 0801c090 .word 0x0801c090 + +080085c8 : +// +// Hash up a PIN code for login attempt: to tie it into SE2's contents. +// + void +se2_pin_hash(uint8_t digest_io[32], uint32_t purpose) +{ + 80085c8: b5f0 push {r4, r5, r6, r7, lr} + if(purpose != PIN_PURPOSE_NORMAL) { + 80085ca: 4b41 ldr r3, [pc, #260] ; (80086d0 ) +{ + 80085cc: b0d5 sub sp, #340 ; 0x154 + if(purpose != PIN_PURPOSE_NORMAL) { + 80085ce: 4299 cmp r1, r3 +{ + 80085d0: e9cd 0100 strd r0, r1, [sp] + if(purpose != PIN_PURPOSE_NORMAL) { + 80085d4: d17a bne.n 80086cc + // do nothing except for real PIN case (ie. not for prefix words) + return; + } + + se2_setup(); + 80085d6: f7ff fcdd bl 8007f94 + if((setjmp(error_env))) { + 80085da: 483e ldr r0, [pc, #248] ; (80086d4 ) + 80085dc: f005 f99a bl 800d914 + 80085e0: 4604 mov r4, r0 + 80085e2: b120 cbz r0, 80085ee + oled_show(screen_se2_issue); + 80085e4: 483c ldr r0, [pc, #240] ; (80086d8 ) + 80085e6: f7f8 fd57 bl 8001098 + + LOCKUP_FOREVER(); + 80085ea: f7fb fb57 bl 8003c9c + uint8_t rx[34]; // 2 bytes of len+status, then 32 bytes of data + uint8_t tmp[32]; + HMAC_CTX ctx; + + // HMAC(key=tpin_key, msg=given hash so far) + hmac_sha256_init(&ctx); + 80085ee: a813 add r0, sp, #76 ; 0x4c + 80085f0: f7fd f952 bl 8005898 + hmac_sha256_update(&ctx, digest_io, 32); + 80085f4: 9900 ldr r1, [sp, #0] + 80085f6: 2220 movs r2, #32 + 80085f8: a813 add r0, sp, #76 ; 0x4c + 80085fa: f7fd f953 bl 80058a4 + hmac_sha256_update(&ctx, (uint8_t *)&purpose, 4); + 80085fe: 2204 movs r2, #4 + 8008600: eb0d 0102 add.w r1, sp, r2 + 8008604: a813 add r0, sp, #76 ; 0x4c + 8008606: f7fd f94d bl 80058a4 + hmac_sha256_final(&ctx, SE2_SECRETS->tpin_key, tmp); + 800860a: 4b34 ldr r3, [pc, #208] ; (80086dc ) + 800860c: 4934 ldr r1, [pc, #208] ; (80086e0 ) + 800860e: f893 20b0 ldrb.w r2, [r3, #176] ; 0xb0 + 8008612: 33b0 adds r3, #176 ; 0xb0 + 8008614: 2aff cmp r2, #255 ; 0xff + 8008616: bf18 it ne + 8008618: 4619 movne r1, r3 + 800861a: 3180 adds r1, #128 ; 0x80 + 800861c: aa02 add r2, sp, #8 + 800861e: a813 add r0, sp, #76 ; 0x4c + 8008620: f7fd f956 bl 80058d0 + + // NOTE: exposed as cleartext here + se2_write_buffer(tmp, 32); + 8008624: 2120 movs r1, #32 + 8008626: a802 add r0, sp, #8 + 8008628: f7fe ffca bl 80075c0 + 800862c: 25aa movs r5, #170 ; 0xaa + se2_write_buffer(rx+2, 32); + } + + // HMAC(key=secret-B, msg=consts+easy_key+buffer+consts) + // - result put in secret-S (ram) + CALL_CHECK(se2_write2(0x3c, (2<<6) | (1<<4) | PGN_SE2_EASY_KEY, 0)); + 800862e: 269e movs r6, #158 ; 0x9e + 8008630: 273c movs r7, #60 ; 0x3c + 8008632: 4622 mov r2, r4 + 8008634: 4631 mov r1, r6 + 8008636: 4638 mov r0, r7 + 8008638: f7fe ff6e bl 8007518 + 800863c: b150 cbz r0, 8008654 + 800863e: f240 510c movw r1, #1292 ; 0x50c + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 8008642: 4824 ldr r0, [pc, #144] ; (80086d4 ) + 8008644: f005 f96c bl 800d920 + se2_write_buffer(rx+2, 32); + 8008648: 2120 movs r1, #32 + 800864a: f10d 002a add.w r0, sp, #42 ; 0x2a + 800864e: f7fe ffb7 bl 80075c0 + 8008652: e7ee b.n 8008632 + CHECK_RIGHT(se2_read1() == RC_SUCCESS); + 8008654: f7fe ffec bl 8007630 + 8008658: 28aa cmp r0, #170 ; 0xaa + 800865a: d002 beq.n 8008662 + 800865c: f240 510d movw r1, #1293 ; 0x50d + 8008660: e7ef b.n 8008642 + + // HMAC(key=S, msg=counter+junk), so we have something to read out + // - not 100% clear what contents of 'buffer' are here, but seems + // to be deterministic and unchanged from prev command + CALL_CHECK(se2_write1(0xa5, (2<<5) | PGN_DEC_COUNTER)); + 8008662: 215b movs r1, #91 ; 0x5b + 8008664: 20a5 movs r0, #165 ; 0xa5 + 8008666: f7fe ff3d bl 80074e4 + 800866a: b110 cbz r0, 8008672 + 800866c: f240 5112 movw r1, #1298 ; 0x512 + 8008670: e7e7 b.n 8008642 + + CHECK_RIGHT(se2_read_n(sizeof(rx), rx) == RC_SUCCESS); + 8008672: a90a add r1, sp, #40 ; 0x28 + 8008674: 2022 movs r0, #34 ; 0x22 + 8008676: f7fe ffb3 bl 80075e0 + 800867a: 28aa cmp r0, #170 ; 0xaa + 800867c: d002 beq.n 8008684 + 800867e: f240 5114 movw r1, #1300 ; 0x514 + 8008682: e7de b.n 8008642 + CHECK_RIGHT(rx[1] == RC_SUCCESS); + 8008684: f89d 3029 ldrb.w r3, [sp, #41] ; 0x29 + 8008688: 2baa cmp r3, #170 ; 0xaa + 800868a: d002 beq.n 8008692 + 800868c: f240 5115 movw r1, #1301 ; 0x515 + 8008690: e7d7 b.n 8008642 + for(int i=0; i + } + + // one final HMAC because we had to read cleartext from bus + hmac_sha256_init(&ctx); + 8008696: a813 add r0, sp, #76 ; 0x4c + 8008698: f7fd f8fe bl 8005898 + hmac_sha256_update(&ctx, rx+2, 32); + 800869c: 2220 movs r2, #32 + 800869e: f10d 012a add.w r1, sp, #42 ; 0x2a + 80086a2: a813 add r0, sp, #76 ; 0x4c + 80086a4: f7fd f8fe bl 80058a4 + hmac_sha256_update(&ctx, digest_io, 32); + 80086a8: 9900 ldr r1, [sp, #0] + 80086aa: 2220 movs r2, #32 + 80086ac: a813 add r0, sp, #76 ; 0x4c + 80086ae: f7fd f8f9 bl 80058a4 + hmac_sha256_final(&ctx, SE2_SECRETS->tpin_key, digest_io); + 80086b2: 4b0a ldr r3, [pc, #40] ; (80086dc ) + 80086b4: 490a ldr r1, [pc, #40] ; (80086e0 ) + 80086b6: f893 20b0 ldrb.w r2, [r3, #176] ; 0xb0 + 80086ba: 33b0 adds r3, #176 ; 0xb0 + 80086bc: 2aff cmp r2, #255 ; 0xff + 80086be: bf18 it ne + 80086c0: 4619 movne r1, r3 + 80086c2: 3180 adds r1, #128 ; 0x80 + 80086c4: 9a00 ldr r2, [sp, #0] + 80086c6: a813 add r0, sp, #76 ; 0x4c + 80086c8: f7fd f902 bl 80058d0 +} + 80086cc: b055 add sp, #340 ; 0x154 + 80086ce: bdf0 pop {r4, r5, r6, r7, pc} + 80086d0: 334d1858 .word 0x334d1858 + 80086d4: 2009e394 .word 0x2009e394 + 80086d8: 0800f3db .word 0x0800f3db + 80086dc: 0801c000 .word 0x0801c000 + 80086e0: 2009e2b4 .word 0x2009e2b4 + +080086e4 : +// +// Read some random bytes, which we know cannot be MitM'ed. +// + void +se2_read_rng(uint8_t value[8]) +{ + 80086e4: b500 push {lr} + 80086e6: b08b sub sp, #44 ; 0x2c + 80086e8: 9001 str r0, [sp, #4] + // funny business means MitM here + se2_setup(); + 80086ea: f7ff fc53 bl 8007f94 + if(setjmp(error_env)) fatal_mitm(); + 80086ee: 4809 ldr r0, [pc, #36] ; (8008714 ) + 80086f0: f005 f910 bl 800d914 + 80086f4: b108 cbz r0, 80086fa + 80086f6: f7f8 f9bb bl 8000a70 + + // read a field with "RPS" bytes, and verify those were read true + uint8_t tmp[32]; + se2_read_page(PGN_ROM_OPTIONS, tmp, true); + 80086fa: a902 add r1, sp, #8 + 80086fc: 2201 movs r2, #1 + 80086fe: 201c movs r0, #28 + 8008700: f7ff f832 bl 8007768 + + memcpy(value, &tmp[4], 8); + 8008704: ab03 add r3, sp, #12 + 8008706: cb03 ldmia r3!, {r0, r1} + 8008708: 9b01 ldr r3, [sp, #4] + 800870a: 6018 str r0, [r3, #0] + 800870c: 6059 str r1, [r3, #4] +} + 800870e: b00b add sp, #44 ; 0x2c + 8008710: f85d fb04 ldr.w pc, [sp], #4 + 8008714: 2009e394 .word 0x2009e394 + +08008718 : + uint32_t rv; + + if(((uint32_t)src) & 0x3) { + memcpy(&rv, *src, 4); + } else { + rv = *(uint32_t *)(*src); + 8008718: 6803 ldr r3, [r0, #0] + 800871a: f853 2b04 ldr.w r2, [r3], #4 + } + (*src) += 4; + 800871e: 6003 str r3, [r0, #0] + + return __REV(rv); +} + 8008720: ba10 rev r0, r2 + 8008722: 4770 bx lr + +08008724 : + memset(ctx, 0, sizeof(AES_CTX)); + 8008724: f44f 7201 mov.w r2, #516 ; 0x204 + 8008728: 2100 movs r1, #0 + 800872a: f005 b8eb b.w 800d904 + ... + +08008730 : +{ + 8008730: b538 push {r3, r4, r5, lr} + 8008732: 4605 mov r5, r0 + memcpy(ctx->pending+ctx->num_pending, data_in, len); + 8008734: f8d0 0200 ldr.w r0, [r0, #512] ; 0x200 + 8008738: 4428 add r0, r5 +{ + 800873a: 4614 mov r4, r2 + memcpy(ctx->pending+ctx->num_pending, data_in, len); + 800873c: f005 f8d4 bl 800d8e8 + ctx->num_pending += len; + 8008740: f8d5 2200 ldr.w r2, [r5, #512] ; 0x200 + 8008744: 4422 add r2, r4 + ASSERT(ctx->num_pending < sizeof(ctx->pending)); + 8008746: f5b2 7f00 cmp.w r2, #512 ; 0x200 + ctx->num_pending += len; + 800874a: f8c5 2200 str.w r2, [r5, #512] ; 0x200 + ASSERT(ctx->num_pending < sizeof(ctx->pending)); + 800874e: d302 bcc.n 8008756 + 8008750: 4801 ldr r0, [pc, #4] ; (8008758 ) + 8008752: f7f8 f983 bl 8000a5c +} + 8008756: bd38 pop {r3, r4, r5, pc} + 8008758: 08010470 .word 0x08010470 + +0800875c : +// +// Do the decryption. +// + void +aes_done(AES_CTX *ctx, uint8_t data_out[], uint32_t len, const uint8_t key[32], const uint8_t nonce[AES_BLOCK_SIZE]) +{ + 800875c: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + 8008760: 4688 mov r8, r1 + 8008762: 4611 mov r1, r2 + ASSERT(len <= ctx->num_pending); + 8008764: f8d0 2200 ldr.w r2, [r0, #512] ; 0x200 +{ + 8008768: b085 sub sp, #20 + ASSERT(len <= ctx->num_pending); + 800876a: 428a cmp r2, r1 +{ + 800876c: f8dd 9030 ldr.w r9, [sp, #48] ; 0x30 + 8008770: 4606 mov r6, r0 + ASSERT(len <= ctx->num_pending); + 8008772: d202 bcs.n 800877a + 8008774: 4858 ldr r0, [pc, #352] ; (80088d8 ) + 8008776: f7f8 f971 bl 8000a5c + + // enable clock to block + __HAL_RCC_AES_CLK_ENABLE(); + 800877a: 4d58 ldr r5, [pc, #352] ; (80088dc ) + + // most changes have to be made w/ module disabled + AES->CR &= ~AES_CR_EN; + 800877c: 4c58 ldr r4, [pc, #352] ; (80088e0 ) + __HAL_RCC_AES_CLK_ENABLE(); + 800877e: 6cea ldr r2, [r5, #76] ; 0x4c + 8008780: f442 3280 orr.w r2, r2, #65536 ; 0x10000 + 8008784: 64ea str r2, [r5, #76] ; 0x4c + 8008786: 6cea ldr r2, [r5, #76] ; 0x4c + 8008788: f402 3280 and.w r2, r2, #65536 ; 0x10000 + 800878c: 9201 str r2, [sp, #4] + 800878e: 9a01 ldr r2, [sp, #4] + AES->CR &= ~AES_CR_EN; + 8008790: 6822 ldr r2, [r4, #0] + 8008792: f022 0201 bic.w r2, r2, #1 + 8008796: 6022 str r2, [r4, #0] + + // set the key size and operation mode + MODIFY_REG(AES->CR, AES_CR_KEYSIZE, CRYP_KEYSIZE_256B); + 8008798: 6822 ldr r2, [r4, #0] + 800879a: f442 2280 orr.w r2, r2, #262144 ; 0x40000 + 800879e: 6022 str r2, [r4, #0] + MODIFY_REG(AES->CR, AES_CR_DATATYPE|AES_CR_MODE|AES_CR_CHMOD, + 80087a0: 6827 ldr r7, [r4, #0] + 80087a2: f427 3780 bic.w r7, r7, #65536 ; 0x10000 + 80087a6: f027 077e bic.w r7, r7, #126 ; 0x7e + 80087aa: f047 0744 orr.w r7, r7, #68 ; 0x44 + 80087ae: 6027 str r7, [r4, #0] + CRYP_DATATYPE_8B | CRYP_ALGOMODE_ENCRYPT | CRYP_CHAINMODE_AES_CTR); + + // load key and IV values + const uint8_t *K = key; + AES->KEYR7 = word_pump_bytes(&K); + 80087b0: a802 add r0, sp, #8 + const uint8_t *K = key; + 80087b2: 9302 str r3, [sp, #8] + AES->KEYR7 = word_pump_bytes(&K); + 80087b4: f7ff ffb0 bl 8008718 + 80087b8: 63e0 str r0, [r4, #60] ; 0x3c + AES->KEYR6 = word_pump_bytes(&K); + 80087ba: a802 add r0, sp, #8 + 80087bc: f7ff ffac bl 8008718 + 80087c0: 63a0 str r0, [r4, #56] ; 0x38 + AES->KEYR5 = word_pump_bytes(&K); + 80087c2: a802 add r0, sp, #8 + 80087c4: f7ff ffa8 bl 8008718 + 80087c8: 6360 str r0, [r4, #52] ; 0x34 + AES->KEYR4 = word_pump_bytes(&K); + 80087ca: a802 add r0, sp, #8 + 80087cc: f7ff ffa4 bl 8008718 + 80087d0: 6320 str r0, [r4, #48] ; 0x30 + AES->KEYR3 = word_pump_bytes(&K); + 80087d2: a802 add r0, sp, #8 + 80087d4: f7ff ffa0 bl 8008718 + 80087d8: 61e0 str r0, [r4, #28] + AES->KEYR2 = word_pump_bytes(&K); + 80087da: a802 add r0, sp, #8 + 80087dc: f7ff ff9c bl 8008718 + 80087e0: 61a0 str r0, [r4, #24] + AES->KEYR1 = word_pump_bytes(&K); + 80087e2: a802 add r0, sp, #8 + 80087e4: f7ff ff98 bl 8008718 + 80087e8: 6160 str r0, [r4, #20] + AES->KEYR0 = word_pump_bytes(&K); + 80087ea: a802 add r0, sp, #8 + 80087ec: f7ff ff94 bl 8008718 + 80087f0: 6120 str r0, [r4, #16] + + if(nonce) { + 80087f2: f1b9 0f00 cmp.w r9, #0 + 80087f6: d045 beq.n 8008884 + const uint8_t *N = nonce; + AES->IVR3 = word_pump_bytes(&N); + 80087f8: a803 add r0, sp, #12 + const uint8_t *N = nonce; + 80087fa: f8cd 900c str.w r9, [sp, #12] + AES->IVR3 = word_pump_bytes(&N); + 80087fe: f7ff ff8b bl 8008718 + 8008802: 62e0 str r0, [r4, #44] ; 0x2c + AES->IVR2 = word_pump_bytes(&N); + 8008804: a803 add r0, sp, #12 + 8008806: f7ff ff87 bl 8008718 + 800880a: 62a0 str r0, [r4, #40] ; 0x28 + AES->IVR1 = word_pump_bytes(&N); + 800880c: a803 add r0, sp, #12 + 800880e: f7ff ff83 bl 8008718 + 8008812: 6260 str r0, [r4, #36] ; 0x24 + AES->IVR0 = word_pump_bytes(&N); + 8008814: a803 add r0, sp, #12 + 8008816: f7ff ff7f bl 8008718 + 800881a: 6220 str r0, [r4, #32] + AES->IVR1 = 0; + AES->IVR0 = 0; // maybe should be byte-swapped one, but whatever + } + + // Enable the Peripheral + AES->CR |= AES_CR_EN; + 800881c: 4b30 ldr r3, [pc, #192] ; (80088e0 ) + 800881e: 681a ldr r2, [r3, #0] + + ASSERT((((uint32_t)&ctx->pending) & 3) == 0); // safe because of special attr + 8008820: 07b0 lsls r0, r6, #30 + AES->CR |= AES_CR_EN; + 8008822: f042 0201 orr.w r2, r2, #1 + 8008826: 601a str r2, [r3, #0] + ASSERT((((uint32_t)&ctx->pending) & 3) == 0); // safe because of special attr + 8008828: d1a4 bne.n 8008774 + + uint32_t *p = (uint32_t *)ctx->pending; + for(int i=0; i < ctx->num_pending; i += 16) { + 800882a: f06f 070f mvn.w r7, #15 + 800882e: f8d6 0200 ldr.w r0, [r6, #512] ; 0x200 + 8008832: f106 0410 add.w r4, r6, #16 + 8008836: 1bbf subs r7, r7, r6 + 8008838: 193a adds r2, r7, r4 + 800883a: 4282 cmp r2, r0 + 800883c: db2b blt.n 8008896 + *out = AES->DOUTR; out++; + *out = AES->DOUTR; out++; + *out = AES->DOUTR; + } + + memcpy(data_out, ctx->pending, len); + 800883e: 460a mov r2, r1 + 8008840: 4640 mov r0, r8 + 8008842: 4631 mov r1, r6 + 8008844: f005 f850 bl 800d8e8 + + memset(ctx, 0, sizeof(AES_CTX)); + 8008848: f44f 7201 mov.w r2, #516 ; 0x204 + 800884c: 2100 movs r1, #0 + 800884e: 4630 mov r0, r6 + 8008850: f005 f858 bl 800d904 + + // reset state of chip block, and leave clock off as well + __HAL_RCC_AES_CLK_ENABLE(); + 8008854: 6ceb ldr r3, [r5, #76] ; 0x4c + 8008856: f443 3380 orr.w r3, r3, #65536 ; 0x10000 + 800885a: 64eb str r3, [r5, #76] ; 0x4c + 800885c: 6ceb ldr r3, [r5, #76] ; 0x4c + 800885e: f403 3380 and.w r3, r3, #65536 ; 0x10000 + 8008862: 9303 str r3, [sp, #12] + 8008864: 9b03 ldr r3, [sp, #12] + __HAL_RCC_AES_FORCE_RESET(); + 8008866: 6aeb ldr r3, [r5, #44] ; 0x2c + 8008868: f443 3380 orr.w r3, r3, #65536 ; 0x10000 + 800886c: 62eb str r3, [r5, #44] ; 0x2c + __HAL_RCC_AES_RELEASE_RESET(); + 800886e: 6aeb ldr r3, [r5, #44] ; 0x2c + 8008870: f423 3380 bic.w r3, r3, #65536 ; 0x10000 + 8008874: 62eb str r3, [r5, #44] ; 0x2c + __HAL_RCC_AES_CLK_DISABLE(); + 8008876: 6ceb ldr r3, [r5, #76] ; 0x4c + 8008878: f423 3380 bic.w r3, r3, #65536 ; 0x10000 + 800887c: 64eb str r3, [r5, #76] ; 0x4c +} + 800887e: b005 add sp, #20 + 8008880: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + AES->IVR3 = 0; + 8008884: f8c4 902c str.w r9, [r4, #44] ; 0x2c + AES->IVR2 = 0; + 8008888: f8c4 9028 str.w r9, [r4, #40] ; 0x28 + AES->IVR1 = 0; + 800888c: f8c4 9024 str.w r9, [r4, #36] ; 0x24 + AES->IVR0 = 0; // maybe should be byte-swapped one, but whatever + 8008890: f8c4 9020 str.w r9, [r4, #32] + 8008894: e7c2 b.n 800881c + AES->DINR = *p; p++; + 8008896: f854 2c10 ldr.w r2, [r4, #-16] + 800889a: 609a str r2, [r3, #8] + AES->DINR = *p; p++; + 800889c: f854 2c0c ldr.w r2, [r4, #-12] + 80088a0: 609a str r2, [r3, #8] + AES->DINR = *p; p++; + 80088a2: f854 2c08 ldr.w r2, [r4, #-8] + 80088a6: 609a str r2, [r3, #8] + AES->DINR = *p; p++; + 80088a8: f854 2c04 ldr.w r2, [r4, #-4] + 80088ac: 609a str r2, [r3, #8] + while(HAL_IS_BIT_CLR(AES->SR, AES_SR_CCF)) { + 80088ae: 685a ldr r2, [r3, #4] + 80088b0: 07d2 lsls r2, r2, #31 + 80088b2: d5fc bpl.n 80088ae + SET_BIT(AES->CR, CRYP_CCF_CLEAR); + 80088b4: 681a ldr r2, [r3, #0] + 80088b6: f042 0280 orr.w r2, r2, #128 ; 0x80 + 80088ba: 601a str r2, [r3, #0] + *out = AES->DOUTR; out++; + 80088bc: 68da ldr r2, [r3, #12] + 80088be: f844 2c10 str.w r2, [r4, #-16] + *out = AES->DOUTR; out++; + 80088c2: 68da ldr r2, [r3, #12] + 80088c4: f844 2c0c str.w r2, [r4, #-12] + *out = AES->DOUTR; out++; + 80088c8: 68da ldr r2, [r3, #12] + 80088ca: f844 2c08 str.w r2, [r4, #-8] + *out = AES->DOUTR; + 80088ce: 68da ldr r2, [r3, #12] + 80088d0: f844 2c04 str.w r2, [r4, #-4] + for(int i=0; i < ctx->num_pending; i += 16) { + 80088d4: 3410 adds r4, #16 + 80088d6: e7af b.n 8008838 + 80088d8: 08010470 .word 0x08010470 + 80088dc: 40021000 .word 0x40021000 + 80088e0: 50060000 .word 0x50060000 + +080088e4 : + voltage range. + * @param msirange MSI range value from RCC_MSIRANGE_0 to RCC_MSIRANGE_11 + * @retval HAL status + */ +static HAL_StatusTypeDef RCC_SetFlashLatencyFromMSIRange(uint32_t msirange) +{ + 80088e4: b537 push {r0, r1, r2, r4, r5, lr} + uint32_t vos; + uint32_t latency = FLASH_LATENCY_0; /* default value 0WS */ + + if(__HAL_RCC_PWR_IS_CLK_ENABLED()) + 80088e6: 4d1c ldr r5, [pc, #112] ; (8008958 ) + 80088e8: 6dab ldr r3, [r5, #88] ; 0x58 + 80088ea: 00da lsls r2, r3, #3 +{ + 80088ec: 4604 mov r4, r0 + if(__HAL_RCC_PWR_IS_CLK_ENABLED()) + 80088ee: d518 bpl.n 8008922 + { + vos = HAL_PWREx_GetVoltageRange(); + 80088f0: f7fe fd7e bl 80073f0 + __HAL_RCC_PWR_CLK_ENABLE(); + vos = HAL_PWREx_GetVoltageRange(); + __HAL_RCC_PWR_CLK_DISABLE(); + } + + if(vos == PWR_REGULATOR_VOLTAGE_SCALE1) + 80088f4: f5b0 7f00 cmp.w r0, #512 ; 0x200 + 80088f8: d123 bne.n 8008942 + { + if(msirange > RCC_MSIRANGE_8) + 80088fa: 2c80 cmp r4, #128 ; 0x80 + 80088fc: d928 bls.n 8008950 + latency = FLASH_LATENCY_2; /* 2WS */ + } + else + { + /* MSI 24Mhz or 32Mhz */ + latency = FLASH_LATENCY_1; /* 1WS */ + 80088fe: 2ca0 cmp r4, #160 ; 0xa0 + 8008900: bf8c ite hi + 8008902: 2002 movhi r0, #2 + 8008904: 2001 movls r0, #1 + /* else MSI < 8Mhz default FLASH_LATENCY_0 0WS */ + } +#endif + } + + __HAL_FLASH_SET_LATENCY(latency); + 8008906: 4a15 ldr r2, [pc, #84] ; (800895c ) + 8008908: 6813 ldr r3, [r2, #0] + 800890a: f023 030f bic.w r3, r3, #15 + 800890e: 4303 orrs r3, r0 + 8008910: 6013 str r3, [r2, #0] + + /* Check that the new number of wait states is taken into account to access the Flash + memory by reading the FLASH_ACR register */ + if(__HAL_FLASH_GET_LATENCY() != latency) + 8008912: 6813 ldr r3, [r2, #0] + 8008914: f003 030f and.w r3, r3, #15 + { + return HAL_ERROR; + } + + return HAL_OK; +} + 8008918: 1a18 subs r0, r3, r0 + 800891a: bf18 it ne + 800891c: 2001 movne r0, #1 + 800891e: b003 add sp, #12 + 8008920: bd30 pop {r4, r5, pc} + __HAL_RCC_PWR_CLK_ENABLE(); + 8008922: 6dab ldr r3, [r5, #88] ; 0x58 + 8008924: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + 8008928: 65ab str r3, [r5, #88] ; 0x58 + 800892a: 6dab ldr r3, [r5, #88] ; 0x58 + 800892c: f003 5380 and.w r3, r3, #268435456 ; 0x10000000 + 8008930: 9301 str r3, [sp, #4] + 8008932: 9b01 ldr r3, [sp, #4] + vos = HAL_PWREx_GetVoltageRange(); + 8008934: f7fe fd5c bl 80073f0 + __HAL_RCC_PWR_CLK_DISABLE(); + 8008938: 6dab ldr r3, [r5, #88] ; 0x58 + 800893a: f023 5380 bic.w r3, r3, #268435456 ; 0x10000000 + 800893e: 65ab str r3, [r5, #88] ; 0x58 + 8008940: e7d8 b.n 80088f4 + if(msirange >= RCC_MSIRANGE_8) + 8008942: 2c7f cmp r4, #127 ; 0x7f + 8008944: d806 bhi.n 8008954 + if(msirange == RCC_MSIRANGE_7) + 8008946: f1a4 0370 sub.w r3, r4, #112 ; 0x70 + 800894a: 4258 negs r0, r3 + 800894c: 4158 adcs r0, r3 + 800894e: e7da b.n 8008906 + uint32_t latency = FLASH_LATENCY_0; /* default value 0WS */ + 8008950: 2000 movs r0, #0 + 8008952: e7d8 b.n 8008906 + latency = FLASH_LATENCY_2; /* 2WS */ + 8008954: 2002 movs r0, #2 + 8008956: e7d6 b.n 8008906 + 8008958: 40021000 .word 0x40021000 + 800895c: 40022000 .word 0x40022000 + +08008960 : +{ + 8008960: b5f8 push {r3, r4, r5, r6, r7, lr} + SET_BIT(RCC->CR, RCC_CR_MSION); + 8008962: 4c32 ldr r4, [pc, #200] ; (8008a2c ) + 8008964: 6823 ldr r3, [r4, #0] + 8008966: f043 0301 orr.w r3, r3, #1 + 800896a: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 800896c: f7fe fd3c bl 80073e8 + 8008970: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_MSIRDY) == 0U) + 8008972: 6823 ldr r3, [r4, #0] + 8008974: 079b lsls r3, r3, #30 + 8008976: d543 bpl.n 8008a00 + MODIFY_REG(RCC->CR, RCC_CR_MSIRANGE, RCC_MSIRANGE_6); + 8008978: 6823 ldr r3, [r4, #0] + SystemCoreClock = MSI_VALUE; + 800897a: 4a2d ldr r2, [pc, #180] ; (8008a30 ) + MODIFY_REG(RCC->CR, RCC_CR_MSIRANGE, RCC_MSIRANGE_6); + 800897c: f023 03f0 bic.w r3, r3, #240 ; 0xf0 + 8008980: f043 0360 orr.w r3, r3, #96 ; 0x60 + 8008984: 6023 str r3, [r4, #0] + CLEAR_REG(RCC->CFGR); + 8008986: 2300 movs r3, #0 + 8008988: 60a3 str r3, [r4, #8] + SystemCoreClock = MSI_VALUE; + 800898a: 4b2a ldr r3, [pc, #168] ; (8008a34 ) + 800898c: 601a str r2, [r3, #0] + if(HAL_InitTick(uwTickPrio) != HAL_OK) + 800898e: 4b2a ldr r3, [pc, #168] ; (8008a38 ) + 8008990: 6818 ldr r0, [r3, #0] + 8008992: f7fe fd2b bl 80073ec + 8008996: 4605 mov r5, r0 + 8008998: 2800 cmp r0, #0 + 800899a: d145 bne.n 8008a28 + tickstart = HAL_GetTick(); + 800899c: f7fe fd24 bl 80073e8 + if((HAL_GetTick() - tickstart) > CLOCKSWITCH_TIMEOUT_VALUE) + 80089a0: f241 3788 movw r7, #5000 ; 0x1388 + tickstart = HAL_GetTick(); + 80089a4: 4606 mov r6, r0 + while(READ_BIT(RCC->CFGR, RCC_CFGR_SWS) != RCC_CFGR_SWS_MSI) + 80089a6: 68a3 ldr r3, [r4, #8] + 80089a8: f013 0f0c tst.w r3, #12 + 80089ac: d130 bne.n 8008a10 + CLEAR_BIT(RCC->CR, RCC_CR_HSEON | RCC_CR_HSION | RCC_CR_HSIKERON| RCC_CR_HSIASFS | RCC_CR_PLLON | RCC_CR_PLLSAI1ON | RCC_CR_PLLSAI2ON); + 80089ae: 6822 ldr r2, [r4, #0] + 80089b0: 4b22 ldr r3, [pc, #136] ; (8008a3c ) + 80089b2: 4013 ands r3, r2 + 80089b4: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 80089b6: f7fe fd17 bl 80073e8 + 80089ba: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLRDY | RCC_CR_PLLSAI1RDY | RCC_CR_PLLSAI2RDY) != 0U) + 80089bc: 6823 ldr r3, [r4, #0] + 80089be: f013 5328 ands.w r3, r3, #704643072 ; 0x2a000000 + 80089c2: d12b bne.n 8008a1c + CLEAR_REG(RCC->PLLCFGR); + 80089c4: 60e3 str r3, [r4, #12] + SET_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN_4 ); + 80089c6: 68e2 ldr r2, [r4, #12] + 80089c8: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 80089cc: 60e2 str r2, [r4, #12] + CLEAR_REG(RCC->PLLSAI1CFGR); + 80089ce: 6123 str r3, [r4, #16] + SET_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1N_4 ); + 80089d0: 6922 ldr r2, [r4, #16] + 80089d2: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 80089d6: 6122 str r2, [r4, #16] + CLEAR_REG(RCC->PLLSAI2CFGR); + 80089d8: 6163 str r3, [r4, #20] + SET_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2N_4 ); + 80089da: 6962 ldr r2, [r4, #20] + 80089dc: f442 5280 orr.w r2, r2, #4096 ; 0x1000 + 80089e0: 6162 str r2, [r4, #20] + CLEAR_BIT(RCC->CR, RCC_CR_HSEBYP); + 80089e2: 6822 ldr r2, [r4, #0] + 80089e4: f422 2280 bic.w r2, r2, #262144 ; 0x40000 + 80089e8: 6022 str r2, [r4, #0] + CLEAR_REG(RCC->CIER); + 80089ea: 61a3 str r3, [r4, #24] + WRITE_REG(RCC->CICR, 0xFFFFFFFFU); + 80089ec: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 80089f0: 6223 str r3, [r4, #32] + SET_BIT(RCC->CSR, RCC_CSR_RMVF); + 80089f2: f8d4 3094 ldr.w r3, [r4, #148] ; 0x94 + 80089f6: f443 0300 orr.w r3, r3, #8388608 ; 0x800000 + 80089fa: f8c4 3094 str.w r3, [r4, #148] ; 0x94 + return HAL_OK; + 80089fe: e005 b.n 8008a0c + if((HAL_GetTick() - tickstart) > MSI_TIMEOUT_VALUE) + 8008a00: f7fe fcf2 bl 80073e8 + 8008a04: 1b40 subs r0, r0, r5 + 8008a06: 2802 cmp r0, #2 + 8008a08: d9b3 bls.n 8008972 + return HAL_TIMEOUT; + 8008a0a: 2503 movs r5, #3 +} + 8008a0c: 4628 mov r0, r5 + 8008a0e: bdf8 pop {r3, r4, r5, r6, r7, pc} + if((HAL_GetTick() - tickstart) > CLOCKSWITCH_TIMEOUT_VALUE) + 8008a10: f7fe fcea bl 80073e8 + 8008a14: 1b80 subs r0, r0, r6 + 8008a16: 42b8 cmp r0, r7 + 8008a18: d9c5 bls.n 80089a6 + 8008a1a: e7f6 b.n 8008a0a + if((HAL_GetTick() - tickstart) > PLL_TIMEOUT_VALUE) + 8008a1c: f7fe fce4 bl 80073e8 + 8008a20: 1b80 subs r0, r0, r6 + 8008a22: 2802 cmp r0, #2 + 8008a24: d9ca bls.n 80089bc + 8008a26: e7f0 b.n 8008a0a + return HAL_ERROR; + 8008a28: 2501 movs r5, #1 + 8008a2a: e7ef b.n 8008a0c + 8008a2c: 40021000 .word 0x40021000 + 8008a30: 003d0900 .word 0x003d0900 + 8008a34: 2009e2ac .word 0x2009e2ac + 8008a38: 2009e2b0 .word 0x2009e2b0 + 8008a3c: eafef4ff .word 0xeafef4ff + +08008a40 : +{ + 8008a40: b570 push {r4, r5, r6, lr} + __MCO1_CLK_ENABLE(); + 8008a42: 4c12 ldr r4, [pc, #72] ; (8008a8c ) + 8008a44: 6ce3 ldr r3, [r4, #76] ; 0x4c + 8008a46: f043 0301 orr.w r3, r3, #1 + 8008a4a: 64e3 str r3, [r4, #76] ; 0x4c + 8008a4c: 6ce3 ldr r3, [r4, #76] ; 0x4c +{ + 8008a4e: b086 sub sp, #24 + __MCO1_CLK_ENABLE(); + 8008a50: f003 0301 and.w r3, r3, #1 + 8008a54: 9300 str r3, [sp, #0] + 8008a56: 9b00 ldr r3, [sp, #0] +{ + 8008a58: 4616 mov r6, r2 + GPIO_InitStruct.Mode = GPIO_MODE_AF_PP; + 8008a5a: 2302 movs r3, #2 + 8008a5c: f44f 7280 mov.w r2, #256 ; 0x100 + 8008a60: e9cd 2301 strd r2, r3, [sp, #4] +{ + 8008a64: 460d mov r5, r1 + GPIO_InitStruct.Speed = GPIO_SPEED_FREQ_HIGH; + 8008a66: 9304 str r3, [sp, #16] + HAL_GPIO_Init(MCO1_GPIO_PORT, &GPIO_InitStruct); + 8008a68: a901 add r1, sp, #4 + GPIO_InitStruct.Pull = GPIO_NOPULL; + 8008a6a: 2300 movs r3, #0 + HAL_GPIO_Init(MCO1_GPIO_PORT, &GPIO_InitStruct); + 8008a6c: f04f 4090 mov.w r0, #1207959552 ; 0x48000000 + GPIO_InitStruct.Pull = GPIO_NOPULL; + 8008a70: 9303 str r3, [sp, #12] + GPIO_InitStruct.Alternate = GPIO_AF0_MCO; + 8008a72: 9305 str r3, [sp, #20] + HAL_GPIO_Init(MCO1_GPIO_PORT, &GPIO_InitStruct); + 8008a74: f7f8 fbd0 bl 8001218 + MODIFY_REG(RCC->CFGR, (RCC_CFGR_MCOSEL | RCC_CFGR_MCOPRE), (RCC_MCOSource | RCC_MCODiv )); + 8008a78: 68a3 ldr r3, [r4, #8] + 8008a7a: f023 43fe bic.w r3, r3, #2130706432 ; 0x7f000000 + 8008a7e: ea43 0206 orr.w r2, r3, r6 + 8008a82: 432a orrs r2, r5 + 8008a84: 60a2 str r2, [r4, #8] +} + 8008a86: b006 add sp, #24 + 8008a88: bd70 pop {r4, r5, r6, pc} + 8008a8a: bf00 nop + 8008a8c: 40021000 .word 0x40021000 + +08008a90 : + sysclk_source = __HAL_RCC_GET_SYSCLK_SOURCE(); + 8008a90: 4b22 ldr r3, [pc, #136] ; (8008b1c ) + 8008a92: 689a ldr r2, [r3, #8] + pll_oscsource = __HAL_RCC_GET_PLL_OSCSOURCE(); + 8008a94: 68d9 ldr r1, [r3, #12] + if((sysclk_source == RCC_CFGR_SWS_MSI) || + 8008a96: f012 020c ands.w r2, r2, #12 + 8008a9a: d005 beq.n 8008aa8 + 8008a9c: 2a0c cmp r2, #12 + 8008a9e: d115 bne.n 8008acc + pll_oscsource = __HAL_RCC_GET_PLL_OSCSOURCE(); + 8008aa0: f001 0103 and.w r1, r1, #3 + ((sysclk_source == RCC_CFGR_SWS_PLL) && (pll_oscsource == RCC_PLLSOURCE_MSI))) + 8008aa4: 2901 cmp r1, #1 + 8008aa6: d118 bne.n 8008ada + if(READ_BIT(RCC->CR, RCC_CR_MSIRGSEL) == 0U) + 8008aa8: 6819 ldr r1, [r3, #0] + msirange = MSIRangeTable[msirange]; + 8008aaa: 481d ldr r0, [pc, #116] ; (8008b20 ) + if(READ_BIT(RCC->CR, RCC_CR_MSIRGSEL) == 0U) + 8008aac: 0709 lsls r1, r1, #28 + msirange = READ_BIT(RCC->CSR, RCC_CSR_MSISRANGE) >> RCC_CSR_MSISRANGE_Pos; + 8008aae: bf55 itete pl + 8008ab0: f8d3 1094 ldrpl.w r1, [r3, #148] ; 0x94 + msirange = READ_BIT(RCC->CR, RCC_CR_MSIRANGE) >> RCC_CR_MSIRANGE_Pos; + 8008ab4: 6819 ldrmi r1, [r3, #0] + msirange = READ_BIT(RCC->CSR, RCC_CSR_MSISRANGE) >> RCC_CSR_MSISRANGE_Pos; + 8008ab6: f3c1 2103 ubfxpl r1, r1, #8, #4 + msirange = READ_BIT(RCC->CR, RCC_CR_MSIRANGE) >> RCC_CR_MSIRANGE_Pos; + 8008aba: f3c1 1103 ubfxmi r1, r1, #4, #4 + msirange = MSIRangeTable[msirange]; + 8008abe: f850 0021 ldr.w r0, [r0, r1, lsl #2] + if(sysclk_source == RCC_CFGR_SWS_MSI) + 8008ac2: b34a cbz r2, 8008b18 + if(sysclk_source == RCC_CFGR_SWS_PLL) + 8008ac4: 2a0c cmp r2, #12 + 8008ac6: d009 beq.n 8008adc + 8008ac8: 2000 movs r0, #0 + return sysclockfreq; + 8008aca: 4770 bx lr + else if(sysclk_source == RCC_CFGR_SWS_HSI) + 8008acc: 2a04 cmp r2, #4 + 8008ace: d022 beq.n 8008b16 + else if(sysclk_source == RCC_CFGR_SWS_HSE) + 8008ad0: 2a08 cmp r2, #8 + 8008ad2: 4814 ldr r0, [pc, #80] ; (8008b24 ) + 8008ad4: bf18 it ne + 8008ad6: 2000 movne r0, #0 + 8008ad8: 4770 bx lr + uint32_t msirange = 0U, sysclockfreq = 0U; + 8008ada: 2000 movs r0, #0 + pllsource = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC); + 8008adc: 68da ldr r2, [r3, #12] + 8008ade: f002 0203 and.w r2, r2, #3 + switch (pllsource) + 8008ae2: 2a02 cmp r2, #2 + 8008ae4: d015 beq.n 8008b12 + 8008ae6: 490f ldr r1, [pc, #60] ; (8008b24 ) + 8008ae8: 2a03 cmp r2, #3 + 8008aea: bf08 it eq + 8008aec: 4608 moveq r0, r1 + pllm = (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U ; + 8008aee: 68d9 ldr r1, [r3, #12] + pllvco = (pllvco * (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos)) / pllm; + 8008af0: 68da ldr r2, [r3, #12] + 8008af2: f3c2 2206 ubfx r2, r2, #8, #7 + 8008af6: 4342 muls r2, r0 + pllr = ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLR) >> RCC_PLLCFGR_PLLR_Pos) + 1U ) * 2U; + 8008af8: 68d8 ldr r0, [r3, #12] + 8008afa: f3c0 6041 ubfx r0, r0, #25, #2 + pllm = (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U ; + 8008afe: f3c1 1103 ubfx r1, r1, #4, #4 + pllr = ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLR) >> RCC_PLLCFGR_PLLR_Pos) + 1U ) * 2U; + 8008b02: 3001 adds r0, #1 + pllm = (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U ; + 8008b04: 3101 adds r1, #1 + pllr = ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLR) >> RCC_PLLCFGR_PLLR_Pos) + 1U ) * 2U; + 8008b06: 0040 lsls r0, r0, #1 + pllvco = (pllvco * (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos)) / pllm; + 8008b08: fbb2 f2f1 udiv r2, r2, r1 + sysclockfreq = pllvco / pllr; + 8008b0c: fbb2 f0f0 udiv r0, r2, r0 + 8008b10: 4770 bx lr + pllvco = HSI_VALUE; + 8008b12: 4805 ldr r0, [pc, #20] ; (8008b28 ) + 8008b14: e7eb b.n 8008aee + sysclockfreq = HSI_VALUE; + 8008b16: 4804 ldr r0, [pc, #16] ; (8008b28 ) +} + 8008b18: 4770 bx lr + 8008b1a: bf00 nop + 8008b1c: 40021000 .word 0x40021000 + 8008b20: 08010a70 .word 0x08010a70 + 8008b24: 007a1200 .word 0x007a1200 + 8008b28: 00f42400 .word 0x00f42400 + +08008b2c : +{ + 8008b2c: e92d 43f7 stmdb sp!, {r0, r1, r2, r4, r5, r6, r7, r8, r9, lr} + if(RCC_OscInitStruct == NULL) + 8008b30: 4605 mov r5, r0 + 8008b32: b908 cbnz r0, 8008b38 + return HAL_ERROR; + 8008b34: 2001 movs r0, #1 + 8008b36: e047 b.n 8008bc8 + sysclk_source = __HAL_RCC_GET_SYSCLK_SOURCE(); + 8008b38: 4c94 ldr r4, [pc, #592] ; (8008d8c ) + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_MSI) == RCC_OSCILLATORTYPE_MSI) + 8008b3a: 6803 ldr r3, [r0, #0] + sysclk_source = __HAL_RCC_GET_SYSCLK_SOURCE(); + 8008b3c: 68a6 ldr r6, [r4, #8] + pll_config = __HAL_RCC_GET_PLL_OSCSOURCE(); + 8008b3e: 68e7 ldr r7, [r4, #12] + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_MSI) == RCC_OSCILLATORTYPE_MSI) + 8008b40: 06db lsls r3, r3, #27 + sysclk_source = __HAL_RCC_GET_SYSCLK_SOURCE(); + 8008b42: f006 060c and.w r6, r6, #12 + pll_config = __HAL_RCC_GET_PLL_OSCSOURCE(); + 8008b46: f007 0703 and.w r7, r7, #3 + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_MSI) == RCC_OSCILLATORTYPE_MSI) + 8008b4a: d575 bpl.n 8008c38 + if((sysclk_source == RCC_CFGR_SWS_MSI) || + 8008b4c: b11e cbz r6, 8008b56 + 8008b4e: 2e0c cmp r6, #12 + 8008b50: d154 bne.n 8008bfc + ((sysclk_source == RCC_CFGR_SWS_PLL) && (pll_config == RCC_PLLSOURCE_MSI))) + 8008b52: 2f01 cmp r7, #1 + 8008b54: d152 bne.n 8008bfc + if((READ_BIT(RCC->CR, RCC_CR_MSIRDY) != 0U) && (RCC_OscInitStruct->MSIState == RCC_MSI_OFF)) + 8008b56: 6823 ldr r3, [r4, #0] + 8008b58: 0798 lsls r0, r3, #30 + 8008b5a: d502 bpl.n 8008b62 + 8008b5c: 69ab ldr r3, [r5, #24] + 8008b5e: 2b00 cmp r3, #0 + 8008b60: d0e8 beq.n 8008b34 + if(RCC_OscInitStruct->MSIClockRange > __HAL_RCC_GET_MSI_RANGE()) + 8008b62: 6823 ldr r3, [r4, #0] + 8008b64: 6a28 ldr r0, [r5, #32] + 8008b66: 0719 lsls r1, r3, #28 + 8008b68: bf56 itet pl + 8008b6a: f8d4 3094 ldrpl.w r3, [r4, #148] ; 0x94 + 8008b6e: 6823 ldrmi r3, [r4, #0] + 8008b70: 091b lsrpl r3, r3, #4 + 8008b72: f003 03f0 and.w r3, r3, #240 ; 0xf0 + 8008b76: 4298 cmp r0, r3 + 8008b78: d929 bls.n 8008bce + if(RCC_SetFlashLatencyFromMSIRange(RCC_OscInitStruct->MSIClockRange) != HAL_OK) + 8008b7a: f7ff feb3 bl 80088e4 + 8008b7e: 2800 cmp r0, #0 + 8008b80: d1d8 bne.n 8008b34 + __HAL_RCC_MSI_RANGE_CONFIG(RCC_OscInitStruct->MSIClockRange); + 8008b82: 6823 ldr r3, [r4, #0] + 8008b84: f043 0308 orr.w r3, r3, #8 + 8008b88: 6023 str r3, [r4, #0] + 8008b8a: 6823 ldr r3, [r4, #0] + 8008b8c: 6a2a ldr r2, [r5, #32] + 8008b8e: f023 03f0 bic.w r3, r3, #240 ; 0xf0 + 8008b92: 4313 orrs r3, r2 + 8008b94: 6023 str r3, [r4, #0] + __HAL_RCC_MSI_CALIBRATIONVALUE_ADJUST(RCC_OscInitStruct->MSICalibrationValue); + 8008b96: 6863 ldr r3, [r4, #4] + 8008b98: 69ea ldr r2, [r5, #28] + 8008b9a: f423 437f bic.w r3, r3, #65280 ; 0xff00 + 8008b9e: ea43 2302 orr.w r3, r3, r2, lsl #8 + 8008ba2: 6063 str r3, [r4, #4] + SystemCoreClock = HAL_RCC_GetSysClockFreq() >> (AHBPrescTable[READ_BIT(RCC->CFGR, RCC_CFGR_HPRE) >> RCC_CFGR_HPRE_Pos] & 0x1FU); + 8008ba4: f7ff ff74 bl 8008a90 + 8008ba8: 68a3 ldr r3, [r4, #8] + 8008baa: 4a79 ldr r2, [pc, #484] ; (8008d90 ) + 8008bac: f3c3 1303 ubfx r3, r3, #4, #4 + 8008bb0: 5cd3 ldrb r3, [r2, r3] + 8008bb2: f003 031f and.w r3, r3, #31 + 8008bb6: 40d8 lsrs r0, r3 + 8008bb8: 4b76 ldr r3, [pc, #472] ; (8008d94 ) + 8008bba: 6018 str r0, [r3, #0] + status = HAL_InitTick(uwTickPrio); + 8008bbc: 4b76 ldr r3, [pc, #472] ; (8008d98 ) + 8008bbe: 6818 ldr r0, [r3, #0] + 8008bc0: f7fe fc14 bl 80073ec + if(status != HAL_OK) + 8008bc4: 2800 cmp r0, #0 + 8008bc6: d037 beq.n 8008c38 +} + 8008bc8: b003 add sp, #12 + 8008bca: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + __HAL_RCC_MSI_RANGE_CONFIG(RCC_OscInitStruct->MSIClockRange); + 8008bce: 6823 ldr r3, [r4, #0] + 8008bd0: f043 0308 orr.w r3, r3, #8 + 8008bd4: 6023 str r3, [r4, #0] + 8008bd6: 6823 ldr r3, [r4, #0] + 8008bd8: f023 03f0 bic.w r3, r3, #240 ; 0xf0 + 8008bdc: 4303 orrs r3, r0 + 8008bde: 6023 str r3, [r4, #0] + __HAL_RCC_MSI_CALIBRATIONVALUE_ADJUST(RCC_OscInitStruct->MSICalibrationValue); + 8008be0: 6863 ldr r3, [r4, #4] + 8008be2: 69ea ldr r2, [r5, #28] + 8008be4: f423 437f bic.w r3, r3, #65280 ; 0xff00 + 8008be8: ea43 2302 orr.w r3, r3, r2, lsl #8 + 8008bec: 6063 str r3, [r4, #4] + if(sysclk_source == RCC_CFGR_SWS_MSI) + 8008bee: 2e00 cmp r6, #0 + 8008bf0: d1d8 bne.n 8008ba4 + if(RCC_SetFlashLatencyFromMSIRange(RCC_OscInitStruct->MSIClockRange) != HAL_OK) + 8008bf2: f7ff fe77 bl 80088e4 + 8008bf6: 2800 cmp r0, #0 + 8008bf8: d0d4 beq.n 8008ba4 + 8008bfa: e79b b.n 8008b34 + if(RCC_OscInitStruct->MSIState != RCC_MSI_OFF) + 8008bfc: 69ab ldr r3, [r5, #24] + 8008bfe: 2b00 cmp r3, #0 + 8008c00: d03a beq.n 8008c78 + __HAL_RCC_MSI_ENABLE(); + 8008c02: 6823 ldr r3, [r4, #0] + 8008c04: f043 0301 orr.w r3, r3, #1 + 8008c08: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8008c0a: f7fe fbed bl 80073e8 + 8008c0e: 4680 mov r8, r0 + while(READ_BIT(RCC->CR, RCC_CR_MSIRDY) == 0U) + 8008c10: 6823 ldr r3, [r4, #0] + 8008c12: 079a lsls r2, r3, #30 + 8008c14: d528 bpl.n 8008c68 + __HAL_RCC_MSI_RANGE_CONFIG(RCC_OscInitStruct->MSIClockRange); + 8008c16: 6823 ldr r3, [r4, #0] + 8008c18: f043 0308 orr.w r3, r3, #8 + 8008c1c: 6023 str r3, [r4, #0] + 8008c1e: 6823 ldr r3, [r4, #0] + 8008c20: 6a2a ldr r2, [r5, #32] + 8008c22: f023 03f0 bic.w r3, r3, #240 ; 0xf0 + 8008c26: 4313 orrs r3, r2 + 8008c28: 6023 str r3, [r4, #0] + __HAL_RCC_MSI_CALIBRATIONVALUE_ADJUST(RCC_OscInitStruct->MSICalibrationValue); + 8008c2a: 6863 ldr r3, [r4, #4] + 8008c2c: 69ea ldr r2, [r5, #28] + 8008c2e: f423 437f bic.w r3, r3, #65280 ; 0xff00 + 8008c32: ea43 2302 orr.w r3, r3, r2, lsl #8 + 8008c36: 6063 str r3, [r4, #4] + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_HSE) == RCC_OSCILLATORTYPE_HSE) + 8008c38: 682b ldr r3, [r5, #0] + 8008c3a: 07d8 lsls r0, r3, #31 + 8008c3c: d42d bmi.n 8008c9a + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_HSI) == RCC_OSCILLATORTYPE_HSI) + 8008c3e: 682b ldr r3, [r5, #0] + 8008c40: 0799 lsls r1, r3, #30 + 8008c42: d46b bmi.n 8008d1c + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_LSI) == RCC_OSCILLATORTYPE_LSI) + 8008c44: 682b ldr r3, [r5, #0] + 8008c46: 0718 lsls r0, r3, #28 + 8008c48: f100 80a8 bmi.w 8008d9c + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_LSE) == RCC_OSCILLATORTYPE_LSE) + 8008c4c: 682b ldr r3, [r5, #0] + 8008c4e: 0759 lsls r1, r3, #29 + 8008c50: f100 80ce bmi.w 8008df0 + if(((RCC_OscInitStruct->OscillatorType) & RCC_OSCILLATORTYPE_HSI48) == RCC_OSCILLATORTYPE_HSI48) + 8008c54: 682b ldr r3, [r5, #0] + 8008c56: 069f lsls r7, r3, #26 + 8008c58: f100 8137 bmi.w 8008eca + if(RCC_OscInitStruct->PLL.PLLState != RCC_PLL_NONE) + 8008c5c: 6aab ldr r3, [r5, #40] ; 0x28 + 8008c5e: 2b00 cmp r3, #0 + 8008c60: f040 815d bne.w 8008f1e + return HAL_OK; + 8008c64: 2000 movs r0, #0 + 8008c66: e7af b.n 8008bc8 + if((HAL_GetTick() - tickstart) > MSI_TIMEOUT_VALUE) + 8008c68: f7fe fbbe bl 80073e8 + 8008c6c: eba0 0008 sub.w r0, r0, r8 + 8008c70: 2802 cmp r0, #2 + 8008c72: d9cd bls.n 8008c10 + return HAL_TIMEOUT; + 8008c74: 2003 movs r0, #3 + 8008c76: e7a7 b.n 8008bc8 + __HAL_RCC_MSI_DISABLE(); + 8008c78: 6823 ldr r3, [r4, #0] + 8008c7a: f023 0301 bic.w r3, r3, #1 + 8008c7e: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8008c80: f7fe fbb2 bl 80073e8 + 8008c84: 4680 mov r8, r0 + while(READ_BIT(RCC->CR, RCC_CR_MSIRDY) != 0U) + 8008c86: 6823 ldr r3, [r4, #0] + 8008c88: 079b lsls r3, r3, #30 + 8008c8a: d5d5 bpl.n 8008c38 + if((HAL_GetTick() - tickstart) > MSI_TIMEOUT_VALUE) + 8008c8c: f7fe fbac bl 80073e8 + 8008c90: eba0 0008 sub.w r0, r0, r8 + 8008c94: 2802 cmp r0, #2 + 8008c96: d9f6 bls.n 8008c86 + 8008c98: e7ec b.n 8008c74 + if((sysclk_source == RCC_CFGR_SWS_HSE) || + 8008c9a: 2e08 cmp r6, #8 + 8008c9c: d003 beq.n 8008ca6 + 8008c9e: 2e0c cmp r6, #12 + 8008ca0: d108 bne.n 8008cb4 + ((sysclk_source == RCC_CFGR_SWS_PLL) && (pll_config == RCC_PLLSOURCE_HSE))) + 8008ca2: 2f03 cmp r7, #3 + 8008ca4: d106 bne.n 8008cb4 + if((READ_BIT(RCC->CR, RCC_CR_HSERDY) != 0U) && (RCC_OscInitStruct->HSEState == RCC_HSE_OFF)) + 8008ca6: 6823 ldr r3, [r4, #0] + 8008ca8: 039a lsls r2, r3, #14 + 8008caa: d5c8 bpl.n 8008c3e + 8008cac: 686b ldr r3, [r5, #4] + 8008cae: 2b00 cmp r3, #0 + 8008cb0: d1c5 bne.n 8008c3e + 8008cb2: e73f b.n 8008b34 + __HAL_RCC_HSE_CONFIG(RCC_OscInitStruct->HSEState); + 8008cb4: 686b ldr r3, [r5, #4] + 8008cb6: f5b3 3f80 cmp.w r3, #65536 ; 0x10000 + 8008cba: d110 bne.n 8008cde + 8008cbc: 6823 ldr r3, [r4, #0] + 8008cbe: f443 3380 orr.w r3, r3, #65536 ; 0x10000 + 8008cc2: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8008cc4: f7fe fb90 bl 80073e8 + 8008cc8: 4680 mov r8, r0 + while(READ_BIT(RCC->CR, RCC_CR_HSERDY) == 0U) + 8008cca: 6823 ldr r3, [r4, #0] + 8008ccc: 039b lsls r3, r3, #14 + 8008cce: d4b6 bmi.n 8008c3e + if((HAL_GetTick() - tickstart) > HSE_TIMEOUT_VALUE) + 8008cd0: f7fe fb8a bl 80073e8 + 8008cd4: eba0 0008 sub.w r0, r0, r8 + 8008cd8: 2864 cmp r0, #100 ; 0x64 + 8008cda: d9f6 bls.n 8008cca + 8008cdc: e7ca b.n 8008c74 + __HAL_RCC_HSE_CONFIG(RCC_OscInitStruct->HSEState); + 8008cde: f5b3 2fa0 cmp.w r3, #327680 ; 0x50000 + 8008ce2: d104 bne.n 8008cee + 8008ce4: 6823 ldr r3, [r4, #0] + 8008ce6: f443 2380 orr.w r3, r3, #262144 ; 0x40000 + 8008cea: 6023 str r3, [r4, #0] + 8008cec: e7e6 b.n 8008cbc + 8008cee: 6822 ldr r2, [r4, #0] + 8008cf0: f422 3280 bic.w r2, r2, #65536 ; 0x10000 + 8008cf4: 6022 str r2, [r4, #0] + 8008cf6: 6822 ldr r2, [r4, #0] + 8008cf8: f422 2280 bic.w r2, r2, #262144 ; 0x40000 + 8008cfc: 6022 str r2, [r4, #0] + if(RCC_OscInitStruct->HSEState != RCC_HSE_OFF) + 8008cfe: 2b00 cmp r3, #0 + 8008d00: d1e0 bne.n 8008cc4 + tickstart = HAL_GetTick(); + 8008d02: f7fe fb71 bl 80073e8 + 8008d06: 4680 mov r8, r0 + while(READ_BIT(RCC->CR, RCC_CR_HSERDY) != 0U) + 8008d08: 6823 ldr r3, [r4, #0] + 8008d0a: 0398 lsls r0, r3, #14 + 8008d0c: d597 bpl.n 8008c3e + if((HAL_GetTick() - tickstart) > HSE_TIMEOUT_VALUE) + 8008d0e: f7fe fb6b bl 80073e8 + 8008d12: eba0 0008 sub.w r0, r0, r8 + 8008d16: 2864 cmp r0, #100 ; 0x64 + 8008d18: d9f6 bls.n 8008d08 + 8008d1a: e7ab b.n 8008c74 + if((sysclk_source == RCC_CFGR_SWS_HSI) || + 8008d1c: 2e04 cmp r6, #4 + 8008d1e: d003 beq.n 8008d28 + 8008d20: 2e0c cmp r6, #12 + 8008d22: d110 bne.n 8008d46 + ((sysclk_source == RCC_CFGR_SWS_PLL) && (pll_config == RCC_PLLSOURCE_HSI))) + 8008d24: 2f02 cmp r7, #2 + 8008d26: d10e bne.n 8008d46 + if((READ_BIT(RCC->CR, RCC_CR_HSIRDY) != 0U) && (RCC_OscInitStruct->HSIState == RCC_HSI_OFF)) + 8008d28: 6823 ldr r3, [r4, #0] + 8008d2a: 0559 lsls r1, r3, #21 + 8008d2c: d503 bpl.n 8008d36 + 8008d2e: 68eb ldr r3, [r5, #12] + 8008d30: 2b00 cmp r3, #0 + 8008d32: f43f aeff beq.w 8008b34 + __HAL_RCC_HSI_CALIBRATIONVALUE_ADJUST(RCC_OscInitStruct->HSICalibrationValue); + 8008d36: 6863 ldr r3, [r4, #4] + 8008d38: 692a ldr r2, [r5, #16] + 8008d3a: f023 43fe bic.w r3, r3, #2130706432 ; 0x7f000000 + 8008d3e: ea43 6302 orr.w r3, r3, r2, lsl #24 + 8008d42: 6063 str r3, [r4, #4] + 8008d44: e77e b.n 8008c44 + if(RCC_OscInitStruct->HSIState != RCC_HSI_OFF) + 8008d46: 68eb ldr r3, [r5, #12] + 8008d48: b17b cbz r3, 8008d6a + __HAL_RCC_HSI_ENABLE(); + 8008d4a: 6823 ldr r3, [r4, #0] + 8008d4c: f443 7380 orr.w r3, r3, #256 ; 0x100 + 8008d50: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8008d52: f7fe fb49 bl 80073e8 + 8008d56: 4607 mov r7, r0 + while(READ_BIT(RCC->CR, RCC_CR_HSIRDY) == 0U) + 8008d58: 6823 ldr r3, [r4, #0] + 8008d5a: 055a lsls r2, r3, #21 + 8008d5c: d4eb bmi.n 8008d36 + if((HAL_GetTick() - tickstart) > HSI_TIMEOUT_VALUE) + 8008d5e: f7fe fb43 bl 80073e8 + 8008d62: 1bc0 subs r0, r0, r7 + 8008d64: 2802 cmp r0, #2 + 8008d66: d9f7 bls.n 8008d58 + 8008d68: e784 b.n 8008c74 + __HAL_RCC_HSI_DISABLE(); + 8008d6a: 6823 ldr r3, [r4, #0] + 8008d6c: f423 7380 bic.w r3, r3, #256 ; 0x100 + 8008d70: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8008d72: f7fe fb39 bl 80073e8 + 8008d76: 4607 mov r7, r0 + while(READ_BIT(RCC->CR, RCC_CR_HSIRDY) != 0U) + 8008d78: 6823 ldr r3, [r4, #0] + 8008d7a: 055b lsls r3, r3, #21 + 8008d7c: f57f af62 bpl.w 8008c44 + if((HAL_GetTick() - tickstart) > HSI_TIMEOUT_VALUE) + 8008d80: f7fe fb32 bl 80073e8 + 8008d84: 1bc0 subs r0, r0, r7 + 8008d86: 2802 cmp r0, #2 + 8008d88: d9f6 bls.n 8008d78 + 8008d8a: e773 b.n 8008c74 + 8008d8c: 40021000 .word 0x40021000 + 8008d90: 08010a58 .word 0x08010a58 + 8008d94: 2009e2ac .word 0x2009e2ac + 8008d98: 2009e2b0 .word 0x2009e2b0 + if(RCC_OscInitStruct->LSIState != RCC_LSI_OFF) + 8008d9c: 696b ldr r3, [r5, #20] + 8008d9e: b19b cbz r3, 8008dc8 + __HAL_RCC_LSI_ENABLE(); + 8008da0: f8d4 3094 ldr.w r3, [r4, #148] ; 0x94 + 8008da4: f043 0301 orr.w r3, r3, #1 + 8008da8: f8c4 3094 str.w r3, [r4, #148] ; 0x94 + tickstart = HAL_GetTick(); + 8008dac: f7fe fb1c bl 80073e8 + 8008db0: 4607 mov r7, r0 + while(READ_BIT(RCC->CSR, RCC_CSR_LSIRDY) == 0U) + 8008db2: f8d4 3094 ldr.w r3, [r4, #148] ; 0x94 + 8008db6: 079a lsls r2, r3, #30 + 8008db8: f53f af48 bmi.w 8008c4c + if((HAL_GetTick() - tickstart) > LSI_TIMEOUT_VALUE) + 8008dbc: f7fe fb14 bl 80073e8 + 8008dc0: 1bc0 subs r0, r0, r7 + 8008dc2: 2802 cmp r0, #2 + 8008dc4: d9f5 bls.n 8008db2 + 8008dc6: e755 b.n 8008c74 + __HAL_RCC_LSI_DISABLE(); + 8008dc8: f8d4 3094 ldr.w r3, [r4, #148] ; 0x94 + 8008dcc: f023 0301 bic.w r3, r3, #1 + 8008dd0: f8c4 3094 str.w r3, [r4, #148] ; 0x94 + tickstart = HAL_GetTick(); + 8008dd4: f7fe fb08 bl 80073e8 + 8008dd8: 4607 mov r7, r0 + while(READ_BIT(RCC->CSR, RCC_CSR_LSIRDY) != 0U) + 8008dda: f8d4 3094 ldr.w r3, [r4, #148] ; 0x94 + 8008dde: 079b lsls r3, r3, #30 + 8008de0: f57f af34 bpl.w 8008c4c + if((HAL_GetTick() - tickstart) > LSI_TIMEOUT_VALUE) + 8008de4: f7fe fb00 bl 80073e8 + 8008de8: 1bc0 subs r0, r0, r7 + 8008dea: 2802 cmp r0, #2 + 8008dec: d9f5 bls.n 8008dda + 8008dee: e741 b.n 8008c74 + if(HAL_IS_BIT_CLR(RCC->APB1ENR1, RCC_APB1ENR1_PWREN)) + 8008df0: 6da3 ldr r3, [r4, #88] ; 0x58 + 8008df2: 00df lsls r7, r3, #3 + 8008df4: d429 bmi.n 8008e4a + __HAL_RCC_PWR_CLK_ENABLE(); + 8008df6: 6da3 ldr r3, [r4, #88] ; 0x58 + 8008df8: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + 8008dfc: 65a3 str r3, [r4, #88] ; 0x58 + 8008dfe: 6da3 ldr r3, [r4, #88] ; 0x58 + 8008e00: f003 5380 and.w r3, r3, #268435456 ; 0x10000000 + 8008e04: 9301 str r3, [sp, #4] + 8008e06: 9b01 ldr r3, [sp, #4] + pwrclkchanged = SET; + 8008e08: f04f 0801 mov.w r8, #1 + if(HAL_IS_BIT_CLR(PWR->CR1, PWR_CR1_DBP)) + 8008e0c: 4f9c ldr r7, [pc, #624] ; (8009080 ) + 8008e0e: 683b ldr r3, [r7, #0] + 8008e10: 05d8 lsls r0, r3, #23 + 8008e12: d51d bpl.n 8008e50 + __HAL_RCC_LSE_CONFIG(RCC_OscInitStruct->LSEState); + 8008e14: 68ab ldr r3, [r5, #8] + 8008e16: 2b01 cmp r3, #1 + 8008e18: d12b bne.n 8008e72 + 8008e1a: f8d4 3090 ldr.w r3, [r4, #144] ; 0x90 + 8008e1e: f043 0301 orr.w r3, r3, #1 + 8008e22: f8c4 3090 str.w r3, [r4, #144] ; 0x90 + tickstart = HAL_GetTick(); + 8008e26: f7fe fadf bl 80073e8 + if((HAL_GetTick() - tickstart) > RCC_LSE_TIMEOUT_VALUE) + 8008e2a: f241 3988 movw r9, #5000 ; 0x1388 + tickstart = HAL_GetTick(); + 8008e2e: 4607 mov r7, r0 + while(READ_BIT(RCC->BDCR, RCC_BDCR_LSERDY) == 0U) + 8008e30: f8d4 3090 ldr.w r3, [r4, #144] ; 0x90 + 8008e34: 079a lsls r2, r3, #30 + 8008e36: d542 bpl.n 8008ebe + if(pwrclkchanged == SET) + 8008e38: f1b8 0f00 cmp.w r8, #0 + 8008e3c: f43f af0a beq.w 8008c54 + __HAL_RCC_PWR_CLK_DISABLE(); + 8008e40: 6da3 ldr r3, [r4, #88] ; 0x58 + 8008e42: f023 5380 bic.w r3, r3, #268435456 ; 0x10000000 + 8008e46: 65a3 str r3, [r4, #88] ; 0x58 + 8008e48: e704 b.n 8008c54 + FlagStatus pwrclkchanged = RESET; + 8008e4a: f04f 0800 mov.w r8, #0 + 8008e4e: e7dd b.n 8008e0c + SET_BIT(PWR->CR1, PWR_CR1_DBP); + 8008e50: 683b ldr r3, [r7, #0] + 8008e52: f443 7380 orr.w r3, r3, #256 ; 0x100 + 8008e56: 603b str r3, [r7, #0] + tickstart = HAL_GetTick(); + 8008e58: f7fe fac6 bl 80073e8 + 8008e5c: 4681 mov r9, r0 + while(HAL_IS_BIT_CLR(PWR->CR1, PWR_CR1_DBP)) + 8008e5e: 683b ldr r3, [r7, #0] + 8008e60: 05d9 lsls r1, r3, #23 + 8008e62: d4d7 bmi.n 8008e14 + if((HAL_GetTick() - tickstart) > RCC_DBP_TIMEOUT_VALUE) + 8008e64: f7fe fac0 bl 80073e8 + 8008e68: eba0 0009 sub.w r0, r0, r9 + 8008e6c: 2802 cmp r0, #2 + 8008e6e: d9f6 bls.n 8008e5e + 8008e70: e700 b.n 8008c74 + __HAL_RCC_LSE_CONFIG(RCC_OscInitStruct->LSEState); + 8008e72: 2b05 cmp r3, #5 + 8008e74: d106 bne.n 8008e84 + 8008e76: f8d4 3090 ldr.w r3, [r4, #144] ; 0x90 + 8008e7a: f043 0304 orr.w r3, r3, #4 + 8008e7e: f8c4 3090 str.w r3, [r4, #144] ; 0x90 + 8008e82: e7ca b.n 8008e1a + 8008e84: f8d4 2090 ldr.w r2, [r4, #144] ; 0x90 + 8008e88: f022 0201 bic.w r2, r2, #1 + 8008e8c: f8c4 2090 str.w r2, [r4, #144] ; 0x90 + 8008e90: f8d4 2090 ldr.w r2, [r4, #144] ; 0x90 + 8008e94: f022 0204 bic.w r2, r2, #4 + 8008e98: f8c4 2090 str.w r2, [r4, #144] ; 0x90 + if(RCC_OscInitStruct->LSEState != RCC_LSE_OFF) + 8008e9c: 2b00 cmp r3, #0 + 8008e9e: d1c2 bne.n 8008e26 + tickstart = HAL_GetTick(); + 8008ea0: f7fe faa2 bl 80073e8 + if((HAL_GetTick() - tickstart) > RCC_LSE_TIMEOUT_VALUE) + 8008ea4: f241 3988 movw r9, #5000 ; 0x1388 + tickstart = HAL_GetTick(); + 8008ea8: 4607 mov r7, r0 + while(READ_BIT(RCC->BDCR, RCC_BDCR_LSERDY) != 0U) + 8008eaa: f8d4 3090 ldr.w r3, [r4, #144] ; 0x90 + 8008eae: 079b lsls r3, r3, #30 + 8008eb0: d5c2 bpl.n 8008e38 + if((HAL_GetTick() - tickstart) > RCC_LSE_TIMEOUT_VALUE) + 8008eb2: f7fe fa99 bl 80073e8 + 8008eb6: 1bc0 subs r0, r0, r7 + 8008eb8: 4548 cmp r0, r9 + 8008eba: d9f6 bls.n 8008eaa + 8008ebc: e6da b.n 8008c74 + if((HAL_GetTick() - tickstart) > RCC_LSE_TIMEOUT_VALUE) + 8008ebe: f7fe fa93 bl 80073e8 + 8008ec2: 1bc0 subs r0, r0, r7 + 8008ec4: 4548 cmp r0, r9 + 8008ec6: d9b3 bls.n 8008e30 + 8008ec8: e6d4 b.n 8008c74 + if(RCC_OscInitStruct->HSI48State != RCC_HSI48_OFF) + 8008eca: 6a6b ldr r3, [r5, #36] ; 0x24 + 8008ecc: b19b cbz r3, 8008ef6 + __HAL_RCC_HSI48_ENABLE(); + 8008ece: f8d4 3098 ldr.w r3, [r4, #152] ; 0x98 + 8008ed2: f043 0301 orr.w r3, r3, #1 + 8008ed6: f8c4 3098 str.w r3, [r4, #152] ; 0x98 + tickstart = HAL_GetTick(); + 8008eda: f7fe fa85 bl 80073e8 + 8008ede: 4607 mov r7, r0 + while(READ_BIT(RCC->CRRCR, RCC_CRRCR_HSI48RDY) == 0U) + 8008ee0: f8d4 3098 ldr.w r3, [r4, #152] ; 0x98 + 8008ee4: 0798 lsls r0, r3, #30 + 8008ee6: f53f aeb9 bmi.w 8008c5c + if((HAL_GetTick() - tickstart) > HSI48_TIMEOUT_VALUE) + 8008eea: f7fe fa7d bl 80073e8 + 8008eee: 1bc0 subs r0, r0, r7 + 8008ef0: 2802 cmp r0, #2 + 8008ef2: d9f5 bls.n 8008ee0 + 8008ef4: e6be b.n 8008c74 + __HAL_RCC_HSI48_DISABLE(); + 8008ef6: f8d4 3098 ldr.w r3, [r4, #152] ; 0x98 + 8008efa: f023 0301 bic.w r3, r3, #1 + 8008efe: f8c4 3098 str.w r3, [r4, #152] ; 0x98 + tickstart = HAL_GetTick(); + 8008f02: f7fe fa71 bl 80073e8 + 8008f06: 4607 mov r7, r0 + while(READ_BIT(RCC->CRRCR, RCC_CRRCR_HSI48RDY) != 0U) + 8008f08: f8d4 3098 ldr.w r3, [r4, #152] ; 0x98 + 8008f0c: 0799 lsls r1, r3, #30 + 8008f0e: f57f aea5 bpl.w 8008c5c + if((HAL_GetTick() - tickstart) > HSI48_TIMEOUT_VALUE) + 8008f12: f7fe fa69 bl 80073e8 + 8008f16: 1bc0 subs r0, r0, r7 + 8008f18: 2802 cmp r0, #2 + 8008f1a: d9f5 bls.n 8008f08 + 8008f1c: e6aa b.n 8008c74 + if(RCC_OscInitStruct->PLL.PLLState == RCC_PLL_ON) + 8008f1e: 2b02 cmp r3, #2 + 8008f20: f040 808c bne.w 800903c + pll_config = RCC->PLLCFGR; + 8008f24: 68e3 ldr r3, [r4, #12] + if((READ_BIT(pll_config, RCC_PLLCFGR_PLLSRC) != RCC_OscInitStruct->PLL.PLLSource) || + 8008f26: 6aea ldr r2, [r5, #44] ; 0x2c + 8008f28: f003 0103 and.w r1, r3, #3 + 8008f2c: 4291 cmp r1, r2 + 8008f2e: d122 bne.n 8008f76 + (READ_BIT(pll_config, RCC_PLLCFGR_PLLM) != ((RCC_OscInitStruct->PLL.PLLM - 1U) << RCC_PLLCFGR_PLLM_Pos)) || + 8008f30: 6b29 ldr r1, [r5, #48] ; 0x30 + 8008f32: f003 02f0 and.w r2, r3, #240 ; 0xf0 + 8008f36: 3901 subs r1, #1 + if((READ_BIT(pll_config, RCC_PLLCFGR_PLLSRC) != RCC_OscInitStruct->PLL.PLLSource) || + 8008f38: ebb2 1f01 cmp.w r2, r1, lsl #4 + 8008f3c: d11b bne.n 8008f76 + (READ_BIT(pll_config, RCC_PLLCFGR_PLLN) != (RCC_OscInitStruct->PLL.PLLN << RCC_PLLCFGR_PLLN_Pos)) || + 8008f3e: 6b69 ldr r1, [r5, #52] ; 0x34 + 8008f40: f403 42fe and.w r2, r3, #32512 ; 0x7f00 + (READ_BIT(pll_config, RCC_PLLCFGR_PLLM) != ((RCC_OscInitStruct->PLL.PLLM - 1U) << RCC_PLLCFGR_PLLM_Pos)) || + 8008f44: ebb2 2f01 cmp.w r2, r1, lsl #8 + 8008f48: d115 bne.n 8008f76 + (READ_BIT(pll_config, RCC_PLLCFGR_PLLPDIV) != (RCC_OscInitStruct->PLL.PLLP << RCC_PLLCFGR_PLLPDIV_Pos)) || + 8008f4a: 6ba9 ldr r1, [r5, #56] ; 0x38 + 8008f4c: f003 4278 and.w r2, r3, #4160749568 ; 0xf8000000 + (READ_BIT(pll_config, RCC_PLLCFGR_PLLN) != (RCC_OscInitStruct->PLL.PLLN << RCC_PLLCFGR_PLLN_Pos)) || + 8008f50: ebb2 6fc1 cmp.w r2, r1, lsl #27 + 8008f54: d10f bne.n 8008f76 + (READ_BIT(pll_config, RCC_PLLCFGR_PLLQ) != ((((RCC_OscInitStruct->PLL.PLLQ) >> 1U) - 1U) << RCC_PLLCFGR_PLLQ_Pos)) || + 8008f56: 6bea ldr r2, [r5, #60] ; 0x3c + 8008f58: 0852 lsrs r2, r2, #1 + 8008f5a: f403 01c0 and.w r1, r3, #6291456 ; 0x600000 + 8008f5e: 3a01 subs r2, #1 + (READ_BIT(pll_config, RCC_PLLCFGR_PLLPDIV) != (RCC_OscInitStruct->PLL.PLLP << RCC_PLLCFGR_PLLPDIV_Pos)) || + 8008f60: ebb1 5f42 cmp.w r1, r2, lsl #21 + 8008f64: d107 bne.n 8008f76 + (READ_BIT(pll_config, RCC_PLLCFGR_PLLR) != ((((RCC_OscInitStruct->PLL.PLLR) >> 1U) - 1U) << RCC_PLLCFGR_PLLR_Pos))) + 8008f66: 6c2a ldr r2, [r5, #64] ; 0x40 + 8008f68: 0852 lsrs r2, r2, #1 + 8008f6a: f003 63c0 and.w r3, r3, #100663296 ; 0x6000000 + 8008f6e: 3a01 subs r2, #1 + (READ_BIT(pll_config, RCC_PLLCFGR_PLLQ) != ((((RCC_OscInitStruct->PLL.PLLQ) >> 1U) - 1U) << RCC_PLLCFGR_PLLQ_Pos)) || + 8008f70: ebb3 6f42 cmp.w r3, r2, lsl #25 + 8008f74: d049 beq.n 800900a + if(sysclk_source != RCC_CFGR_SWS_PLL) + 8008f76: 2e0c cmp r6, #12 + 8008f78: f43f addc beq.w 8008b34 + if((READ_BIT(RCC->CR, RCC_CR_PLLSAI1ON) != 0U) + 8008f7c: 6823 ldr r3, [r4, #0] + 8008f7e: 015a lsls r2, r3, #5 + 8008f80: f53f add8 bmi.w 8008b34 + || (READ_BIT(RCC->CR, RCC_CR_PLLSAI2ON) != 0U) + 8008f84: 6823 ldr r3, [r4, #0] + 8008f86: 00db lsls r3, r3, #3 + 8008f88: f53f add4 bmi.w 8008b34 + __HAL_RCC_PLL_DISABLE(); + 8008f8c: 6823 ldr r3, [r4, #0] + 8008f8e: f023 7380 bic.w r3, r3, #16777216 ; 0x1000000 + 8008f92: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 8008f94: f7fe fa28 bl 80073e8 + 8008f98: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLRDY) != 0U) + 8008f9a: 6823 ldr r3, [r4, #0] + 8008f9c: 019f lsls r7, r3, #6 + 8008f9e: d42e bmi.n 8008ffe + __HAL_RCC_PLL_CONFIG(RCC_OscInitStruct->PLL.PLLSource, + 8008fa0: 68e2 ldr r2, [r4, #12] + 8008fa2: 4b38 ldr r3, [pc, #224] ; (8009084 ) + 8008fa4: 4013 ands r3, r2 + 8008fa6: 6aea ldr r2, [r5, #44] ; 0x2c + 8008fa8: 4313 orrs r3, r2 + 8008faa: 6b6a ldr r2, [r5, #52] ; 0x34 + 8008fac: ea43 2302 orr.w r3, r3, r2, lsl #8 + 8008fb0: 6baa ldr r2, [r5, #56] ; 0x38 + 8008fb2: ea43 63c2 orr.w r3, r3, r2, lsl #27 + 8008fb6: 6b2a ldr r2, [r5, #48] ; 0x30 + 8008fb8: 3a01 subs r2, #1 + 8008fba: ea43 1302 orr.w r3, r3, r2, lsl #4 + 8008fbe: 6bea ldr r2, [r5, #60] ; 0x3c + 8008fc0: 0852 lsrs r2, r2, #1 + 8008fc2: 3a01 subs r2, #1 + 8008fc4: ea43 5342 orr.w r3, r3, r2, lsl #21 + 8008fc8: 6c2a ldr r2, [r5, #64] ; 0x40 + 8008fca: 0852 lsrs r2, r2, #1 + 8008fcc: 3a01 subs r2, #1 + 8008fce: ea43 6342 orr.w r3, r3, r2, lsl #25 + 8008fd2: 60e3 str r3, [r4, #12] + __HAL_RCC_PLL_ENABLE(); + 8008fd4: 6823 ldr r3, [r4, #0] + 8008fd6: f043 7380 orr.w r3, r3, #16777216 ; 0x1000000 + 8008fda: 6023 str r3, [r4, #0] + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_SYSCLK); + 8008fdc: 68e3 ldr r3, [r4, #12] + 8008fde: f043 7380 orr.w r3, r3, #16777216 ; 0x1000000 + 8008fe2: 60e3 str r3, [r4, #12] + tickstart = HAL_GetTick(); + 8008fe4: f7fe fa00 bl 80073e8 + 8008fe8: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLRDY) == 0U) + 8008fea: 6823 ldr r3, [r4, #0] + 8008fec: 0198 lsls r0, r3, #6 + 8008fee: f53f ae39 bmi.w 8008c64 + if((HAL_GetTick() - tickstart) > PLL_TIMEOUT_VALUE) + 8008ff2: f7fe f9f9 bl 80073e8 + 8008ff6: 1b40 subs r0, r0, r5 + 8008ff8: 2802 cmp r0, #2 + 8008ffa: d9f6 bls.n 8008fea + 8008ffc: e63a b.n 8008c74 + if((HAL_GetTick() - tickstart) > PLL_TIMEOUT_VALUE) + 8008ffe: f7fe f9f3 bl 80073e8 + 8009002: 1b80 subs r0, r0, r6 + 8009004: 2802 cmp r0, #2 + 8009006: d9c8 bls.n 8008f9a + 8009008: e634 b.n 8008c74 + if(READ_BIT(RCC->CR, RCC_CR_PLLRDY) == 0U) + 800900a: 6823 ldr r3, [r4, #0] + 800900c: 0199 lsls r1, r3, #6 + 800900e: f53f ae29 bmi.w 8008c64 + __HAL_RCC_PLL_ENABLE(); + 8009012: 6823 ldr r3, [r4, #0] + 8009014: f043 7380 orr.w r3, r3, #16777216 ; 0x1000000 + 8009018: 6023 str r3, [r4, #0] + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_SYSCLK); + 800901a: 68e3 ldr r3, [r4, #12] + 800901c: f043 7380 orr.w r3, r3, #16777216 ; 0x1000000 + 8009020: 60e3 str r3, [r4, #12] + tickstart = HAL_GetTick(); + 8009022: f7fe f9e1 bl 80073e8 + 8009026: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLRDY) == 0U) + 8009028: 6823 ldr r3, [r4, #0] + 800902a: 019a lsls r2, r3, #6 + 800902c: f53f ae1a bmi.w 8008c64 + if((HAL_GetTick() - tickstart) > PLL_TIMEOUT_VALUE) + 8009030: f7fe f9da bl 80073e8 + 8009034: 1b40 subs r0, r0, r5 + 8009036: 2802 cmp r0, #2 + 8009038: d9f6 bls.n 8009028 + 800903a: e61b b.n 8008c74 + if(sysclk_source != RCC_CFGR_SWS_PLL) + 800903c: 2e0c cmp r6, #12 + 800903e: f43f ad79 beq.w 8008b34 + __HAL_RCC_PLL_DISABLE(); + 8009042: 6823 ldr r3, [r4, #0] + 8009044: f023 7380 bic.w r3, r3, #16777216 ; 0x1000000 + 8009048: 6023 str r3, [r4, #0] + if(READ_BIT(RCC->CR, (RCC_CR_PLLSAI1RDY | RCC_CR_PLLSAI2RDY)) == 0U) + 800904a: 6823 ldr r3, [r4, #0] + 800904c: f013 5f20 tst.w r3, #671088640 ; 0x28000000 + MODIFY_REG(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC, RCC_PLLSOURCE_NONE); + 8009050: bf02 ittt eq + 8009052: 68e3 ldreq r3, [r4, #12] + 8009054: f023 0303 biceq.w r3, r3, #3 + 8009058: 60e3 streq r3, [r4, #12] + __HAL_RCC_PLLCLKOUT_DISABLE(RCC_PLL_SYSCLK | RCC_PLL_48M1CLK | RCC_PLL_SAI3CLK); + 800905a: 68e3 ldr r3, [r4, #12] + 800905c: f023 7388 bic.w r3, r3, #17825792 ; 0x1100000 + 8009060: f423 3380 bic.w r3, r3, #65536 ; 0x10000 + 8009064: 60e3 str r3, [r4, #12] + tickstart = HAL_GetTick(); + 8009066: f7fe f9bf bl 80073e8 + 800906a: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLRDY) != 0U) + 800906c: 6823 ldr r3, [r4, #0] + 800906e: 019b lsls r3, r3, #6 + 8009070: f57f adf8 bpl.w 8008c64 + if((HAL_GetTick() - tickstart) > PLL_TIMEOUT_VALUE) + 8009074: f7fe f9b8 bl 80073e8 + 8009078: 1b40 subs r0, r0, r5 + 800907a: 2802 cmp r0, #2 + 800907c: d9f6 bls.n 800906c + 800907e: e5f9 b.n 8008c74 + 8009080: 40007000 .word 0x40007000 + 8009084: 019d800c .word 0x019d800c + +08009088 : +{ + 8009088: e92d 43f8 stmdb sp!, {r3, r4, r5, r6, r7, r8, r9, lr} + 800908c: 460e mov r6, r1 + if(RCC_ClkInitStruct == NULL) + 800908e: 4605 mov r5, r0 + 8009090: b910 cbnz r0, 8009098 + return HAL_ERROR; + 8009092: 2001 movs r0, #1 +} + 8009094: e8bd 83f8 ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, pc} + if(FLatency > __HAL_FLASH_GET_LATENCY()) + 8009098: 4a6f ldr r2, [pc, #444] ; (8009258 ) + 800909a: 6813 ldr r3, [r2, #0] + 800909c: f003 030f and.w r3, r3, #15 + 80090a0: 428b cmp r3, r1 + 80090a2: d335 bcc.n 8009110 + if(((RCC_ClkInitStruct->ClockType) & RCC_CLOCKTYPE_SYSCLK) == RCC_CLOCKTYPE_SYSCLK) + 80090a4: 6829 ldr r1, [r5, #0] + 80090a6: f011 0701 ands.w r7, r1, #1 + 80090aa: d13c bne.n 8009126 + if(((RCC_ClkInitStruct->ClockType) & RCC_CLOCKTYPE_HCLK) == RCC_CLOCKTYPE_HCLK) + 80090ac: 682a ldr r2, [r5, #0] + 80090ae: 0791 lsls r1, r2, #30 + 80090b0: f140 80b7 bpl.w 8009222 + MODIFY_REG(RCC->CFGR, RCC_CFGR_HPRE, RCC_ClkInitStruct->AHBCLKDivider); + 80090b4: 4969 ldr r1, [pc, #420] ; (800925c ) + 80090b6: 68a8 ldr r0, [r5, #8] + 80090b8: 688b ldr r3, [r1, #8] + 80090ba: f023 03f0 bic.w r3, r3, #240 ; 0xf0 + 80090be: 4303 orrs r3, r0 + MODIFY_REG(RCC->CFGR, RCC_CFGR_HPRE, RCC_SYSCLK_DIV1); + 80090c0: 608b str r3, [r1, #8] + if(FLatency < __HAL_FLASH_GET_LATENCY()) + 80090c2: 4965 ldr r1, [pc, #404] ; (8009258 ) + 80090c4: 680b ldr r3, [r1, #0] + 80090c6: f003 030f and.w r3, r3, #15 + 80090ca: 42b3 cmp r3, r6 + 80090cc: f200 80b1 bhi.w 8009232 + if(((RCC_ClkInitStruct->ClockType) & RCC_CLOCKTYPE_PCLK1) == RCC_CLOCKTYPE_PCLK1) + 80090d0: f012 0f04 tst.w r2, #4 + 80090d4: 4c61 ldr r4, [pc, #388] ; (800925c ) + 80090d6: f040 80b8 bne.w 800924a + if(((RCC_ClkInitStruct->ClockType) & RCC_CLOCKTYPE_PCLK2) == RCC_CLOCKTYPE_PCLK2) + 80090da: 0713 lsls r3, r2, #28 + 80090dc: d506 bpl.n 80090ec + MODIFY_REG(RCC->CFGR, RCC_CFGR_PPRE2, ((RCC_ClkInitStruct->APB2CLKDivider) << 3U)); + 80090de: 68a3 ldr r3, [r4, #8] + 80090e0: 692a ldr r2, [r5, #16] + 80090e2: f423 5360 bic.w r3, r3, #14336 ; 0x3800 + 80090e6: ea43 03c2 orr.w r3, r3, r2, lsl #3 + 80090ea: 60a3 str r3, [r4, #8] + SystemCoreClock = HAL_RCC_GetSysClockFreq() >> (AHBPrescTable[READ_BIT(RCC->CFGR, RCC_CFGR_HPRE) >> RCC_CFGR_HPRE_Pos] & 0x1FU); + 80090ec: f7ff fcd0 bl 8008a90 + 80090f0: 68a3 ldr r3, [r4, #8] + 80090f2: 4a5b ldr r2, [pc, #364] ; (8009260 ) + 80090f4: f3c3 1303 ubfx r3, r3, #4, #4 + 80090f8: 5cd3 ldrb r3, [r2, r3] + 80090fa: f003 031f and.w r3, r3, #31 + 80090fe: 40d8 lsrs r0, r3 + 8009100: 4b58 ldr r3, [pc, #352] ; (8009264 ) + 8009102: 6018 str r0, [r3, #0] + status = HAL_InitTick(uwTickPrio); + 8009104: 4b58 ldr r3, [pc, #352] ; (8009268 ) + 8009106: 6818 ldr r0, [r3, #0] +} + 8009108: e8bd 43f8 ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, lr} + status = HAL_InitTick(uwTickPrio); + 800910c: f7fe b96e b.w 80073ec + __HAL_FLASH_SET_LATENCY(FLatency); + 8009110: 6813 ldr r3, [r2, #0] + 8009112: f023 030f bic.w r3, r3, #15 + 8009116: 430b orrs r3, r1 + 8009118: 6013 str r3, [r2, #0] + if(__HAL_FLASH_GET_LATENCY() != FLatency) + 800911a: 6813 ldr r3, [r2, #0] + 800911c: f003 030f and.w r3, r3, #15 + 8009120: 428b cmp r3, r1 + 8009122: d1b6 bne.n 8009092 + 8009124: e7be b.n 80090a4 + if(RCC_ClkInitStruct->SYSCLKSource == RCC_SYSCLKSOURCE_PLLCLK) + 8009126: 686b ldr r3, [r5, #4] + 8009128: 4c4c ldr r4, [pc, #304] ; (800925c ) + 800912a: 2b03 cmp r3, #3 + 800912c: d163 bne.n 80091f6 + if(READ_BIT(RCC->CR, RCC_CR_PLLRDY) == 0U) + 800912e: 6823 ldr r3, [r4, #0] + 8009130: 019b lsls r3, r3, #6 + 8009132: d5ae bpl.n 8009092 +static uint32_t RCC_GetSysClockFreqFromPLLSource(void) +{ + uint32_t msirange = 0U; + uint32_t pllvco, pllsource, pllr, pllm, sysclockfreq; /* no init needed */ + + if(__HAL_RCC_GET_PLL_OSCSOURCE() == RCC_PLLSOURCE_MSI) + 8009134: 68e3 ldr r3, [r4, #12] + 8009136: f003 0303 and.w r3, r3, #3 + 800913a: 2b01 cmp r3, #1 + 800913c: d145 bne.n 80091ca + { + /* Get MSI range source */ + if(READ_BIT(RCC->CR, RCC_CR_MSIRGSEL) == 0U) + 800913e: 6823 ldr r3, [r4, #0] + else + { /* MSIRANGE from RCC_CR applies */ + msirange = READ_BIT(RCC->CR, RCC_CR_MSIRANGE) >> RCC_CR_MSIRANGE_Pos; + } + /*MSI frequency range in HZ*/ + msirange = MSIRangeTable[msirange]; + 8009140: 4a4a ldr r2, [pc, #296] ; (800926c ) + if(READ_BIT(RCC->CR, RCC_CR_MSIRGSEL) == 0U) + 8009142: 071f lsls r7, r3, #28 + msirange = READ_BIT(RCC->CSR, RCC_CSR_MSISRANGE) >> RCC_CSR_MSISRANGE_Pos; + 8009144: bf55 itete pl + 8009146: f8d4 3094 ldrpl.w r3, [r4, #148] ; 0x94 + msirange = READ_BIT(RCC->CR, RCC_CR_MSIRANGE) >> RCC_CR_MSIRANGE_Pos; + 800914a: 6823 ldrmi r3, [r4, #0] + msirange = READ_BIT(RCC->CSR, RCC_CSR_MSISRANGE) >> RCC_CSR_MSISRANGE_Pos; + 800914c: f3c3 2303 ubfxpl r3, r3, #8, #4 + msirange = READ_BIT(RCC->CR, RCC_CR_MSIRANGE) >> RCC_CR_MSIRANGE_Pos; + 8009150: f3c3 1303 ubfxmi r3, r3, #4, #4 + msirange = MSIRangeTable[msirange]; + 8009154: f852 2023 ldr.w r2, [r2, r3, lsl #2] + } + + /* PLL_VCO = (HSE_VALUE or HSI_VALUE or MSI_VALUE) * PLLN / PLLM + SYSCLK = PLL_VCO / PLLR + */ + pllsource = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC); + 8009158: 68e3 ldr r3, [r4, #12] + 800915a: f003 0303 and.w r3, r3, #3 + + switch (pllsource) + 800915e: 2b02 cmp r3, #2 + 8009160: d035 beq.n 80091ce + 8009162: 4843 ldr r0, [pc, #268] ; (8009270 ) + 8009164: 2b03 cmp r3, #3 + 8009166: bf08 it eq + 8009168: 4602 moveq r2, r0 + case RCC_PLLSOURCE_MSI: /* MSI used as PLL clock source */ + default: + pllvco = msirange; + break; + } + pllm = (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U ; + 800916a: 68e0 ldr r0, [r4, #12] + pllvco = (pllvco * (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos)) / pllm; + 800916c: 68e3 ldr r3, [r4, #12] + 800916e: f3c3 2306 ubfx r3, r3, #8, #7 + 8009172: 4353 muls r3, r2 + pllr = ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLR) >> RCC_PLLCFGR_PLLR_Pos) + 1U ) * 2U; + 8009174: 68e2 ldr r2, [r4, #12] + 8009176: f3c2 6241 ubfx r2, r2, #25, #2 + pllm = (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U ; + 800917a: f3c0 1003 ubfx r0, r0, #4, #4 + pllr = ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLR) >> RCC_PLLCFGR_PLLR_Pos) + 1U ) * 2U; + 800917e: 3201 adds r2, #1 + 8009180: 0052 lsls r2, r2, #1 + pllm = (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U ; + 8009182: 3001 adds r0, #1 + pllvco = (pllvco * (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos)) / pllm; + 8009184: fbb3 f3f0 udiv r3, r3, r0 + sysclockfreq = pllvco / pllr; + 8009188: fbb3 f3f2 udiv r3, r3, r2 + if(RCC_GetSysClockFreqFromPLLSource() > 80000000U) + 800918c: 4a39 ldr r2, [pc, #228] ; (8009274 ) + 800918e: 4293 cmp r3, r2 + 8009190: d81f bhi.n 80091d2 + uint32_t hpre = RCC_SYSCLK_DIV1; + 8009192: 2700 movs r7, #0 + MODIFY_REG(RCC->CFGR, RCC_CFGR_SW, RCC_ClkInitStruct->SYSCLKSource); + 8009194: 68a3 ldr r3, [r4, #8] + 8009196: 686a ldr r2, [r5, #4] + 8009198: f023 0303 bic.w r3, r3, #3 + 800919c: 4313 orrs r3, r2 + 800919e: 60a3 str r3, [r4, #8] + tickstart = HAL_GetTick(); + 80091a0: f7fe f922 bl 80073e8 + if((HAL_GetTick() - tickstart) > CLOCKSWITCH_TIMEOUT_VALUE) + 80091a4: f241 3988 movw r9, #5000 ; 0x1388 + tickstart = HAL_GetTick(); + 80091a8: 4680 mov r8, r0 + while(__HAL_RCC_GET_SYSCLK_SOURCE() != (RCC_ClkInitStruct->SYSCLKSource << RCC_CFGR_SWS_Pos)) + 80091aa: 68a3 ldr r3, [r4, #8] + 80091ac: 686a ldr r2, [r5, #4] + 80091ae: f003 030c and.w r3, r3, #12 + 80091b2: ebb3 0f82 cmp.w r3, r2, lsl #2 + 80091b6: f43f af79 beq.w 80090ac + if((HAL_GetTick() - tickstart) > CLOCKSWITCH_TIMEOUT_VALUE) + 80091ba: f7fe f915 bl 80073e8 + 80091be: eba0 0008 sub.w r0, r0, r8 + 80091c2: 4548 cmp r0, r9 + 80091c4: d9f1 bls.n 80091aa + return HAL_TIMEOUT; + 80091c6: 2003 movs r0, #3 + 80091c8: e764 b.n 8009094 + uint32_t msirange = 0U; + 80091ca: 2200 movs r2, #0 + 80091cc: e7c4 b.n 8009158 + pllvco = HSI_VALUE; + 80091ce: 4a2a ldr r2, [pc, #168] ; (8009278 ) + 80091d0: e7cb b.n 800916a + if(READ_BIT(RCC->CFGR, RCC_CFGR_HPRE) == RCC_SYSCLK_DIV1) + 80091d2: 68a3 ldr r3, [r4, #8] + 80091d4: f013 0ff0 tst.w r3, #240 ; 0xf0 + 80091d8: d107 bne.n 80091ea + MODIFY_REG(RCC->CFGR, RCC_CFGR_HPRE, RCC_SYSCLK_DIV2); + 80091da: 68a3 ldr r3, [r4, #8] + 80091dc: f023 03f0 bic.w r3, r3, #240 ; 0xf0 + 80091e0: f043 0380 orr.w r3, r3, #128 ; 0x80 + 80091e4: 60a3 str r3, [r4, #8] + hpre = RCC_SYSCLK_DIV2; + 80091e6: 2780 movs r7, #128 ; 0x80 + 80091e8: e7d4 b.n 8009194 + else if((((RCC_ClkInitStruct->ClockType) & RCC_CLOCKTYPE_HCLK) == RCC_CLOCKTYPE_HCLK) && (RCC_ClkInitStruct->AHBCLKDivider == RCC_SYSCLK_DIV1)) + 80091ea: 0788 lsls r0, r1, #30 + 80091ec: d5d1 bpl.n 8009192 + 80091ee: 68ab ldr r3, [r5, #8] + 80091f0: 2b00 cmp r3, #0 + 80091f2: d1ce bne.n 8009192 + 80091f4: e7f1 b.n 80091da + if(RCC_ClkInitStruct->SYSCLKSource == RCC_SYSCLKSOURCE_HSE) + 80091f6: 2b02 cmp r3, #2 + 80091f8: d10a bne.n 8009210 + if(READ_BIT(RCC->CR, RCC_CR_HSERDY) == 0U) + 80091fa: 6823 ldr r3, [r4, #0] + 80091fc: f413 3f00 tst.w r3, #131072 ; 0x20000 + if(READ_BIT(RCC->CR, RCC_CR_HSIRDY) == 0U) + 8009200: f43f af47 beq.w 8009092 + if(HAL_RCC_GetSysClockFreq() > 80000000U) + 8009204: f7ff fc44 bl 8008a90 + 8009208: 4b1a ldr r3, [pc, #104] ; (8009274 ) + 800920a: 4298 cmp r0, r3 + 800920c: d9c1 bls.n 8009192 + 800920e: e7e4 b.n 80091da + else if(RCC_ClkInitStruct->SYSCLKSource == RCC_SYSCLKSOURCE_MSI) + 8009210: b91b cbnz r3, 800921a + if(READ_BIT(RCC->CR, RCC_CR_MSIRDY) == 0U) + 8009212: 6823 ldr r3, [r4, #0] + 8009214: f013 0f02 tst.w r3, #2 + 8009218: e7f2 b.n 8009200 + if(READ_BIT(RCC->CR, RCC_CR_HSIRDY) == 0U) + 800921a: 6823 ldr r3, [r4, #0] + 800921c: f413 6f80 tst.w r3, #1024 ; 0x400 + 8009220: e7ee b.n 8009200 + if(hpre == RCC_SYSCLK_DIV2) + 8009222: 2f80 cmp r7, #128 ; 0x80 + 8009224: f47f af4d bne.w 80090c2 + MODIFY_REG(RCC->CFGR, RCC_CFGR_HPRE, RCC_SYSCLK_DIV1); + 8009228: 490c ldr r1, [pc, #48] ; (800925c ) + 800922a: 688b ldr r3, [r1, #8] + 800922c: f023 03f0 bic.w r3, r3, #240 ; 0xf0 + 8009230: e746 b.n 80090c0 + __HAL_FLASH_SET_LATENCY(FLatency); + 8009232: 680b ldr r3, [r1, #0] + 8009234: f023 030f bic.w r3, r3, #15 + 8009238: 4333 orrs r3, r6 + 800923a: 600b str r3, [r1, #0] + if(__HAL_FLASH_GET_LATENCY() != FLatency) + 800923c: 680b ldr r3, [r1, #0] + 800923e: f003 030f and.w r3, r3, #15 + 8009242: 42b3 cmp r3, r6 + 8009244: f47f af25 bne.w 8009092 + 8009248: e742 b.n 80090d0 + MODIFY_REG(RCC->CFGR, RCC_CFGR_PPRE1, RCC_ClkInitStruct->APB1CLKDivider); + 800924a: 68a3 ldr r3, [r4, #8] + 800924c: 68e9 ldr r1, [r5, #12] + 800924e: f423 63e0 bic.w r3, r3, #1792 ; 0x700 + 8009252: 430b orrs r3, r1 + 8009254: 60a3 str r3, [r4, #8] + 8009256: e740 b.n 80090da + 8009258: 40022000 .word 0x40022000 + 800925c: 40021000 .word 0x40021000 + 8009260: 08010a58 .word 0x08010a58 + 8009264: 2009e2ac .word 0x2009e2ac + 8009268: 2009e2b0 .word 0x2009e2b0 + 800926c: 08010a70 .word 0x08010a70 + 8009270: 007a1200 .word 0x007a1200 + 8009274: 04c4b400 .word 0x04c4b400 + 8009278: 00f42400 .word 0x00f42400 + +0800927c : +} + 800927c: 4b01 ldr r3, [pc, #4] ; (8009284 ) + 800927e: 6818 ldr r0, [r3, #0] + 8009280: 4770 bx lr + 8009282: bf00 nop + 8009284: 2009e2ac .word 0x2009e2ac + +08009288 : + return (HAL_RCC_GetHCLKFreq() >> (APBPrescTable[READ_BIT(RCC->CFGR, RCC_CFGR_PPRE1) >> RCC_CFGR_PPRE1_Pos] & 0x1FU)); + 8009288: 4b05 ldr r3, [pc, #20] ; (80092a0 ) + 800928a: 4a06 ldr r2, [pc, #24] ; (80092a4 ) + 800928c: 689b ldr r3, [r3, #8] + 800928e: f3c3 2302 ubfx r3, r3, #8, #3 + 8009292: 5cd3 ldrb r3, [r2, r3] + 8009294: 4a04 ldr r2, [pc, #16] ; (80092a8 ) + 8009296: 6810 ldr r0, [r2, #0] + 8009298: f003 031f and.w r3, r3, #31 +} + 800929c: 40d8 lsrs r0, r3 + 800929e: 4770 bx lr + 80092a0: 40021000 .word 0x40021000 + 80092a4: 08010a68 .word 0x08010a68 + 80092a8: 2009e2ac .word 0x2009e2ac + +080092ac : + return (HAL_RCC_GetHCLKFreq()>> (APBPrescTable[READ_BIT(RCC->CFGR, RCC_CFGR_PPRE2) >> RCC_CFGR_PPRE2_Pos] & 0x1FU)); + 80092ac: 4b05 ldr r3, [pc, #20] ; (80092c4 ) + 80092ae: 4a06 ldr r2, [pc, #24] ; (80092c8 ) + 80092b0: 689b ldr r3, [r3, #8] + 80092b2: f3c3 23c2 ubfx r3, r3, #11, #3 + 80092b6: 5cd3 ldrb r3, [r2, r3] + 80092b8: 4a04 ldr r2, [pc, #16] ; (80092cc ) + 80092ba: 6810 ldr r0, [r2, #0] + 80092bc: f003 031f and.w r3, r3, #31 +} + 80092c0: 40d8 lsrs r0, r3 + 80092c2: 4770 bx lr + 80092c4: 40021000 .word 0x40021000 + 80092c8: 08010a68 .word 0x08010a68 + 80092cc: 2009e2ac .word 0x2009e2ac + +080092d0 : + RCC_OscInitStruct->OscillatorType = RCC_OSCILLATORTYPE_HSE | RCC_OSCILLATORTYPE_HSI | RCC_OSCILLATORTYPE_MSI | \ + 80092d0: 233f movs r3, #63 ; 0x3f + 80092d2: 6003 str r3, [r0, #0] + if(READ_BIT(RCC->CR, RCC_CR_HSEBYP) == RCC_CR_HSEBYP) + 80092d4: 4b2e ldr r3, [pc, #184] ; (8009390 ) + 80092d6: 681a ldr r2, [r3, #0] + 80092d8: 0351 lsls r1, r2, #13 + 80092da: d54a bpl.n 8009372 + RCC_OscInitStruct->HSEState = RCC_HSE_BYPASS; + 80092dc: f44f 22a0 mov.w r2, #327680 ; 0x50000 + RCC_OscInitStruct->HSEState = RCC_HSE_OFF; + 80092e0: 6042 str r2, [r0, #4] + if(READ_BIT(RCC->CR, RCC_CR_MSION) == RCC_CR_MSION) + 80092e2: 681a ldr r2, [r3, #0] + 80092e4: f002 0201 and.w r2, r2, #1 + 80092e8: 6182 str r2, [r0, #24] + RCC_OscInitStruct->MSICalibrationValue = READ_BIT(RCC->ICSCR, RCC_ICSCR_MSITRIM) >> RCC_ICSCR_MSITRIM_Pos; + 80092ea: 685a ldr r2, [r3, #4] + 80092ec: f3c2 2207 ubfx r2, r2, #8, #8 + 80092f0: 61c2 str r2, [r0, #28] + RCC_OscInitStruct->MSIClockRange = READ_BIT(RCC->CR, RCC_CR_MSIRANGE); + 80092f2: 681a ldr r2, [r3, #0] + 80092f4: f002 02f0 and.w r2, r2, #240 ; 0xf0 + 80092f8: 6202 str r2, [r0, #32] + if(READ_BIT(RCC->CR, RCC_CR_HSION) == RCC_CR_HSION) + 80092fa: 681a ldr r2, [r3, #0] + RCC_OscInitStruct->HSIState = RCC_HSI_ON; + 80092fc: f402 7280 and.w r2, r2, #256 ; 0x100 + 8009300: 60c2 str r2, [r0, #12] + RCC_OscInitStruct->HSICalibrationValue = READ_BIT(RCC->ICSCR, RCC_ICSCR_HSITRIM) >> RCC_ICSCR_HSITRIM_Pos; + 8009302: 685a ldr r2, [r3, #4] + 8009304: f3c2 6206 ubfx r2, r2, #24, #7 + 8009308: 6102 str r2, [r0, #16] + if(READ_BIT(RCC->BDCR, RCC_BDCR_LSEBYP) == RCC_BDCR_LSEBYP) + 800930a: f8d3 2090 ldr.w r2, [r3, #144] ; 0x90 + 800930e: 0752 lsls r2, r2, #29 + 8009310: d536 bpl.n 8009380 + RCC_OscInitStruct->LSEState = RCC_LSE_BYPASS; + 8009312: 2205 movs r2, #5 + RCC_OscInitStruct->LSEState = RCC_LSE_OFF; + 8009314: 6082 str r2, [r0, #8] + if(READ_BIT(RCC->CSR, RCC_CSR_LSION) == RCC_CSR_LSION) + 8009316: f8d3 2094 ldr.w r2, [r3, #148] ; 0x94 + 800931a: f002 0201 and.w r2, r2, #1 + 800931e: 6142 str r2, [r0, #20] + if(READ_BIT(RCC->CRRCR, RCC_CRRCR_HSI48ON) == RCC_CRRCR_HSI48ON) + 8009320: f8d3 2098 ldr.w r2, [r3, #152] ; 0x98 + 8009324: f002 0201 and.w r2, r2, #1 + 8009328: 6242 str r2, [r0, #36] ; 0x24 + if(READ_BIT(RCC->CR, RCC_CR_PLLON) == RCC_CR_PLLON) + 800932a: 681a ldr r2, [r3, #0] + RCC_OscInitStruct->PLL.PLLState = RCC_PLL_OFF; + 800932c: f012 7f80 tst.w r2, #16777216 ; 0x1000000 + 8009330: bf14 ite ne + 8009332: 2202 movne r2, #2 + 8009334: 2201 moveq r2, #1 + 8009336: 6282 str r2, [r0, #40] ; 0x28 + RCC_OscInitStruct->PLL.PLLSource = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC); + 8009338: 68da ldr r2, [r3, #12] + 800933a: f002 0203 and.w r2, r2, #3 + 800933e: 62c2 str r2, [r0, #44] ; 0x2c + RCC_OscInitStruct->PLL.PLLM = (READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U; + 8009340: 68da ldr r2, [r3, #12] + 8009342: f3c2 1203 ubfx r2, r2, #4, #4 + 8009346: 3201 adds r2, #1 + 8009348: 6302 str r2, [r0, #48] ; 0x30 + RCC_OscInitStruct->PLL.PLLN = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 800934a: 68da ldr r2, [r3, #12] + 800934c: f3c2 2206 ubfx r2, r2, #8, #7 + 8009350: 6342 str r2, [r0, #52] ; 0x34 + RCC_OscInitStruct->PLL.PLLQ = (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U); + 8009352: 68da ldr r2, [r3, #12] + 8009354: f3c2 5241 ubfx r2, r2, #21, #2 + 8009358: 3201 adds r2, #1 + 800935a: 0052 lsls r2, r2, #1 + 800935c: 63c2 str r2, [r0, #60] ; 0x3c + RCC_OscInitStruct->PLL.PLLR = (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLR) >> RCC_PLLCFGR_PLLR_Pos) + 1U) << 1U); + 800935e: 68da ldr r2, [r3, #12] + 8009360: f3c2 6241 ubfx r2, r2, #25, #2 + 8009364: 3201 adds r2, #1 + 8009366: 0052 lsls r2, r2, #1 + 8009368: 6402 str r2, [r0, #64] ; 0x40 + RCC_OscInitStruct->PLL.PLLP = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLPDIV) >> RCC_PLLCFGR_PLLPDIV_Pos; + 800936a: 68db ldr r3, [r3, #12] + 800936c: 0edb lsrs r3, r3, #27 + 800936e: 6383 str r3, [r0, #56] ; 0x38 +} + 8009370: 4770 bx lr + else if(READ_BIT(RCC->CR, RCC_CR_HSEON) == RCC_CR_HSEON) + 8009372: 681a ldr r2, [r3, #0] + 8009374: f412 3280 ands.w r2, r2, #65536 ; 0x10000 + RCC_OscInitStruct->HSEState = RCC_HSE_ON; + 8009378: bf18 it ne + 800937a: f44f 3280 movne.w r2, #65536 ; 0x10000 + 800937e: e7af b.n 80092e0 + else if(READ_BIT(RCC->BDCR, RCC_BDCR_LSEON) == RCC_BDCR_LSEON) + 8009380: f8d3 2090 ldr.w r2, [r3, #144] ; 0x90 + 8009384: f012 0201 ands.w r2, r2, #1 + RCC_OscInitStruct->LSEState = RCC_LSE_ON; + 8009388: bf18 it ne + 800938a: 2201 movne r2, #1 + 800938c: e7c2 b.n 8009314 + 800938e: bf00 nop + 8009390: 40021000 .word 0x40021000 + +08009394 : + RCC_ClkInitStruct->ClockType = RCC_CLOCKTYPE_SYSCLK | RCC_CLOCKTYPE_HCLK | RCC_CLOCKTYPE_PCLK1 | RCC_CLOCKTYPE_PCLK2; + 8009394: 230f movs r3, #15 + 8009396: 6003 str r3, [r0, #0] + RCC_ClkInitStruct->SYSCLKSource = READ_BIT(RCC->CFGR, RCC_CFGR_SW); + 8009398: 4b0b ldr r3, [pc, #44] ; (80093c8 ) + 800939a: 689a ldr r2, [r3, #8] + 800939c: f002 0203 and.w r2, r2, #3 + 80093a0: 6042 str r2, [r0, #4] + RCC_ClkInitStruct->AHBCLKDivider = READ_BIT(RCC->CFGR, RCC_CFGR_HPRE); + 80093a2: 689a ldr r2, [r3, #8] + 80093a4: f002 02f0 and.w r2, r2, #240 ; 0xf0 + 80093a8: 6082 str r2, [r0, #8] + RCC_ClkInitStruct->APB1CLKDivider = READ_BIT(RCC->CFGR, RCC_CFGR_PPRE1); + 80093aa: 689a ldr r2, [r3, #8] + 80093ac: f402 62e0 and.w r2, r2, #1792 ; 0x700 + 80093b0: 60c2 str r2, [r0, #12] + RCC_ClkInitStruct->APB2CLKDivider = (READ_BIT(RCC->CFGR, RCC_CFGR_PPRE2) >> 3U); + 80093b2: 689b ldr r3, [r3, #8] + 80093b4: 08db lsrs r3, r3, #3 + 80093b6: f403 63e0 and.w r3, r3, #1792 ; 0x700 + 80093ba: 6103 str r3, [r0, #16] + *pFLatency = __HAL_FLASH_GET_LATENCY(); + 80093bc: 4b03 ldr r3, [pc, #12] ; (80093cc ) + 80093be: 681b ldr r3, [r3, #0] + 80093c0: f003 030f and.w r3, r3, #15 + 80093c4: 600b str r3, [r1, #0] +} + 80093c6: 4770 bx lr + 80093c8: 40021000 .word 0x40021000 + 80093cc: 40022000 .word 0x40022000 + +080093d0 : + SET_BIT(RCC->CR, RCC_CR_CSSON) ; + 80093d0: 4a02 ldr r2, [pc, #8] ; (80093dc ) + 80093d2: 6813 ldr r3, [r2, #0] + 80093d4: f443 2300 orr.w r3, r3, #524288 ; 0x80000 + 80093d8: 6013 str r3, [r2, #0] +} + 80093da: 4770 bx lr + 80093dc: 40021000 .word 0x40021000 + +080093e0 : +} + 80093e0: 4770 bx lr + ... + +080093e4 : +{ + 80093e4: b510 push {r4, lr} + if(__HAL_RCC_GET_IT(RCC_IT_CSS)) + 80093e6: 4c05 ldr r4, [pc, #20] ; (80093fc ) + 80093e8: 69e3 ldr r3, [r4, #28] + 80093ea: 05db lsls r3, r3, #23 + 80093ec: d504 bpl.n 80093f8 + HAL_RCC_CSSCallback(); + 80093ee: f7ff fff7 bl 80093e0 + __HAL_RCC_CLEAR_IT(RCC_IT_CSS); + 80093f2: f44f 7380 mov.w r3, #256 ; 0x100 + 80093f6: 6223 str r3, [r4, #32] +} + 80093f8: bd10 pop {r4, pc} + 80093fa: bf00 nop + 80093fc: 40021000 .word 0x40021000 + +08009400 : +#if defined(RCC_PLLP_SUPPORT) + uint32_t pllp = 0U; +#endif /* RCC_PLLP_SUPPORT */ + + /* Handle SAIs */ + if(PeriphClk == RCC_PERIPHCLK_SAI1) + 8009400: f5b0 6f00 cmp.w r0, #2048 ; 0x800 + 8009404: 4a3d ldr r2, [pc, #244] ; (80094fc ) + 8009406: d108 bne.n 800941a + { + srcclk = __HAL_RCC_GET_SAI1_SOURCE(); + 8009408: f8d2 309c ldr.w r3, [r2, #156] ; 0x9c + 800940c: f003 03e0 and.w r3, r3, #224 ; 0xe0 + if(srcclk == RCC_SAI1CLKSOURCE_PIN) + 8009410: 2b60 cmp r3, #96 ; 0x60 + 8009412: d12d bne.n 8009470 + { + frequency = EXTERNAL_SAI1_CLOCK_VALUE; + 8009414: f64b 3080 movw r0, #48000 ; 0xbb80 + 8009418: 4770 bx lr + /* Else, PLL clock output to check below */ + } +#if defined(SAI2) + else + { + if(PeriphClk == RCC_PERIPHCLK_SAI2) + 800941a: f5b0 5f80 cmp.w r0, #4096 ; 0x1000 + 800941e: d12a bne.n 8009476 + { + srcclk = __HAL_RCC_GET_SAI2_SOURCE(); + 8009420: f8d2 309c ldr.w r3, [r2, #156] ; 0x9c + 8009424: f403 63e0 and.w r3, r3, #1792 ; 0x700 + if(srcclk == RCC_SAI2CLKSOURCE_PIN) + 8009428: f5b3 7f40 cmp.w r3, #768 ; 0x300 + 800942c: d0f2 beq.n 8009414 + if(frequency == 0U) + { + pllvco = InputFrequency; + +#if defined(SAI2) + if((srcclk == RCC_SAI1CLKSOURCE_PLL) || (srcclk == RCC_SAI2CLKSOURCE_PLL)) + 800942e: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 8009432: d15c bne.n 80094ee + { + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLRDY) && (__HAL_RCC_GET_PLLCLKOUT_CONFIG(RCC_PLL_SAI3CLK) != 0U)) + 8009434: 6810 ldr r0, [r2, #0] + 8009436: f010 7000 ands.w r0, r0, #33554432 ; 0x2000000 + 800943a: d05d beq.n 80094f8 + 800943c: 68d0 ldr r0, [r2, #12] + 800943e: f410 3080 ands.w r0, r0, #65536 ; 0x10000 + 8009442: d059 beq.n 80094f8 + { + /* f(PLL Source) / PLLM */ + pllvco = (pllvco / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009444: 68d0 ldr r0, [r2, #12] + 8009446: f3c0 1003 ubfx r0, r0, #4, #4 + 800944a: 3001 adds r0, #1 + 800944c: fbb1 f0f0 udiv r0, r1, r0 + /* f(PLLSAI3CLK) = f(VCO input) * PLLN / PLLP */ + plln = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 8009450: 68d1 ldr r1, [r2, #12] +#if defined(RCC_PLLP_DIV_2_31_SUPPORT) + pllp = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLPDIV) >> RCC_PLLCFGR_PLLPDIV_Pos; + 8009452: 68d3 ldr r3, [r2, #12] +#endif + if(pllp == 0U) + 8009454: 0edb lsrs r3, r3, #27 + plln = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 8009456: f3c1 2106 ubfx r1, r1, #8, #7 + if(pllp == 0U) + 800945a: d105 bne.n 8009468 + { + if(READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLP) != 0U) + 800945c: 68d3 ldr r3, [r2, #12] + { + pllp = 17U; + } + else + { + pllp = 7U; + 800945e: f413 3f00 tst.w r3, #131072 ; 0x20000 + 8009462: bf14 ite ne + 8009464: 2311 movne r3, #17 + 8009466: 2307 moveq r3, #7 + } + } + frequency = (pllvco * plln) / pllp; + 8009468: 4348 muls r0, r1 + 800946a: fbb0 f0f3 udiv r0, r0, r3 + 800946e: 4770 bx lr + if((srcclk == RCC_SAI1CLKSOURCE_PLL) || (srcclk == RCC_SAI2CLKSOURCE_PLL)) + 8009470: 2b40 cmp r3, #64 ; 0x40 + 8009472: d0df beq.n 8009434 + else if(srcclk == 0U) /* RCC_SAI1CLKSOURCE_PLLSAI1 || RCC_SAI2CLKSOURCE_PLLSAI1 */ + 8009474: b9ab cbnz r3, 80094a2 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLSAI1RDY) && (__HAL_RCC_GET_PLLSAI1CLKOUT_CONFIG(RCC_PLLSAI1_SAI1CLK) != 0U)) + 8009476: 6810 ldr r0, [r2, #0] + 8009478: f010 6000 ands.w r0, r0, #134217728 ; 0x8000000 + 800947c: d03c beq.n 80094f8 + 800947e: 6910 ldr r0, [r2, #16] + 8009480: f410 3080 ands.w r0, r0, #65536 ; 0x10000 + 8009484: d038 beq.n 80094f8 + pllvco = (pllvco / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009486: 6913 ldr r3, [r2, #16] + plln = READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1N) >> RCC_PLLSAI1CFGR_PLLSAI1N_Pos; + 8009488: 6910 ldr r0, [r2, #16] + pllvco = (pllvco / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 800948a: f3c3 1303 ubfx r3, r3, #4, #4 + 800948e: 3301 adds r3, #1 + 8009490: fbb1 f1f3 udiv r1, r1, r3 + pllp = READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1PDIV) >> RCC_PLLSAI1CFGR_PLLSAI1PDIV_Pos; + 8009494: 6913 ldr r3, [r2, #16] + if(pllp == 0U) + 8009496: 0edb lsrs r3, r3, #27 + plln = READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1N) >> RCC_PLLSAI1CFGR_PLLSAI1N_Pos; + 8009498: f3c0 2006 ubfx r0, r0, #8, #7 + if(pllp == 0U) + 800949c: d1e4 bne.n 8009468 + if(READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1P) != 0U) + 800949e: 6913 ldr r3, [r2, #16] + 80094a0: e7dd b.n 800945e + else if((srcclk == RCC_SAI1CLKSOURCE_HSI) || (srcclk == RCC_SAI2CLKSOURCE_HSI)) + 80094a2: 2b80 cmp r3, #128 ; 0x80 + 80094a4: d106 bne.n 80094b4 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_HSIRDY)) + 80094a6: 6810 ldr r0, [r2, #0] + frequency = HSI_VALUE; + 80094a8: 4b15 ldr r3, [pc, #84] ; (8009500 ) + 80094aa: f410 6080 ands.w r0, r0, #1024 ; 0x400 + 80094ae: bf18 it ne + 80094b0: 4618 movne r0, r3 + 80094b2: 4770 bx lr + else if((srcclk == RCC_SAI1CLKSOURCE_PLLSAI2) || (srcclk == RCC_SAI2CLKSOURCE_PLLSAI2)) + 80094b4: 2b20 cmp r3, #32 + 80094b6: d002 beq.n 80094be + 80094b8: f5b3 7f80 cmp.w r3, #256 ; 0x100 + 80094bc: d115 bne.n 80094ea + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLSAI2RDY) && (__HAL_RCC_GET_PLLSAI2CLKOUT_CONFIG(RCC_PLLSAI2_SAI2CLK) != 0U)) + 80094be: 6810 ldr r0, [r2, #0] + 80094c0: f010 5000 ands.w r0, r0, #536870912 ; 0x20000000 + 80094c4: d018 beq.n 80094f8 + 80094c6: 6950 ldr r0, [r2, #20] + 80094c8: f410 3080 ands.w r0, r0, #65536 ; 0x10000 + 80094cc: d014 beq.n 80094f8 + pllvco = (pllvco / ((READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2M) >> RCC_PLLSAI2CFGR_PLLSAI2M_Pos) + 1U)); + 80094ce: 6953 ldr r3, [r2, #20] + 80094d0: f3c3 1303 ubfx r3, r3, #4, #4 + 80094d4: 3301 adds r3, #1 + 80094d6: fbb1 f0f3 udiv r0, r1, r3 + plln = READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2N) >> RCC_PLLSAI2CFGR_PLLSAI2N_Pos; + 80094da: 6951 ldr r1, [r2, #20] + pllp = READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2PDIV) >> RCC_PLLSAI2CFGR_PLLSAI2PDIV_Pos; + 80094dc: 6953 ldr r3, [r2, #20] + if(pllp == 0U) + 80094de: 0edb lsrs r3, r3, #27 + plln = READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2N) >> RCC_PLLSAI2CFGR_PLLSAI2N_Pos; + 80094e0: f3c1 2106 ubfx r1, r1, #8, #7 + if(pllp == 0U) + 80094e4: d1c0 bne.n 8009468 + if(READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2P) != 0U) + 80094e6: 6953 ldr r3, [r2, #20] + 80094e8: e7b9 b.n 800945e + 80094ea: 2000 movs r0, #0 + /* No clock source, frequency default init at 0 */ + } + } + + + return frequency; + 80094ec: 4770 bx lr + else if(srcclk == 0U) /* RCC_SAI1CLKSOURCE_PLLSAI1 || RCC_SAI2CLKSOURCE_PLLSAI1 */ + 80094ee: 2b00 cmp r3, #0 + 80094f0: d0c1 beq.n 8009476 + else if((srcclk == RCC_SAI1CLKSOURCE_HSI) || (srcclk == RCC_SAI2CLKSOURCE_HSI)) + 80094f2: f5b3 6f80 cmp.w r3, #1024 ; 0x400 + 80094f6: e7d5 b.n 80094a4 +} + 80094f8: 4770 bx lr + 80094fa: bf00 nop + 80094fc: 40021000 .word 0x40021000 + 8009500: 00f42400 .word 0x00f42400 + +08009504 : +{ + 8009504: b5f8 push {r3, r4, r5, r6, r7, lr} + if(__HAL_RCC_GET_PLL_OSCSOURCE() != RCC_PLLSOURCE_NONE) + 8009506: 4c3c ldr r4, [pc, #240] ; (80095f8 ) + if((__HAL_RCC_GET_PLL_OSCSOURCE() != PllSai1->PLLSAI1Source) + 8009508: 6803 ldr r3, [r0, #0] + if(__HAL_RCC_GET_PLL_OSCSOURCE() != RCC_PLLSOURCE_NONE) + 800950a: 68e2 ldr r2, [r4, #12] +{ + 800950c: 4605 mov r5, r0 + if(__HAL_RCC_GET_PLL_OSCSOURCE() != RCC_PLLSOURCE_NONE) + 800950e: 0790 lsls r0, r2, #30 +{ + 8009510: 460f mov r7, r1 + if(__HAL_RCC_GET_PLL_OSCSOURCE() != RCC_PLLSOURCE_NONE) + 8009512: d023 beq.n 800955c + if((__HAL_RCC_GET_PLL_OSCSOURCE() != PllSai1->PLLSAI1Source) + 8009514: 68e2 ldr r2, [r4, #12] + 8009516: f002 0203 and.w r2, r2, #3 + 800951a: 429a cmp r2, r3 + 800951c: d16a bne.n 80095f4 + || + 800951e: 2a00 cmp r2, #0 + 8009520: d068 beq.n 80095f4 + __HAL_RCC_PLLSAI1_DISABLE(); + 8009522: 6823 ldr r3, [r4, #0] + 8009524: f023 6380 bic.w r3, r3, #67108864 ; 0x4000000 + 8009528: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 800952a: f7fd ff5d bl 80073e8 + 800952e: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI1RDY) != 0U) + 8009530: 6823 ldr r3, [r4, #0] + 8009532: 011a lsls r2, r3, #4 + 8009534: d42d bmi.n 8009592 + MODIFY_REG(RCC->PLLSAI1CFGR, + 8009536: 68ab ldr r3, [r5, #8] + 8009538: 021e lsls r6, r3, #8 + 800953a: 686b ldr r3, [r5, #4] + 800953c: 3b01 subs r3, #1 + 800953e: 0118 lsls r0, r3, #4 + if(Divider == DIVIDER_P_UPDATE) + 8009540: b377 cbz r7, 80095a0 + else if(Divider == DIVIDER_Q_UPDATE) + 8009542: 2f01 cmp r7, #1 + 8009544: d145 bne.n 80095d2 + MODIFY_REG(RCC->PLLSAI1CFGR, + 8009546: 692b ldr r3, [r5, #16] + 8009548: 6927 ldr r7, [r4, #16] + 800954a: 085b lsrs r3, r3, #1 + 800954c: 1e59 subs r1, r3, #1 + 800954e: 4b2b ldr r3, [pc, #172] ; (80095fc ) + 8009550: 403b ands r3, r7 + 8009552: 4333 orrs r3, r6 + 8009554: 4303 orrs r3, r0 + 8009556: ea43 5341 orr.w r3, r3, r1, lsl #21 + 800955a: e029 b.n 80095b0 + switch(PllSai1->PLLSAI1Source) + 800955c: 2b02 cmp r3, #2 + 800955e: d00d beq.n 800957c + 8009560: 2b03 cmp r3, #3 + 8009562: d00f beq.n 8009584 + 8009564: 2b01 cmp r3, #1 + 8009566: d145 bne.n 80095f4 + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_MSIRDY)) + 8009568: 6822 ldr r2, [r4, #0] + 800956a: f012 0f02 tst.w r2, #2 + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSEBYP)) + 800956e: d041 beq.n 80095f4 + MODIFY_REG(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC, PllSai1->PLLSAI1Source); + 8009570: 68e0 ldr r0, [r4, #12] + 8009572: f020 0003 bic.w r0, r0, #3 + 8009576: 4318 orrs r0, r3 + 8009578: 60e0 str r0, [r4, #12] + if(status == HAL_OK) + 800957a: e7d2 b.n 8009522 + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSIRDY)) + 800957c: 6822 ldr r2, [r4, #0] + 800957e: f412 6f80 tst.w r2, #1024 ; 0x400 + 8009582: e7f4 b.n 800956e + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSERDY)) + 8009584: 6822 ldr r2, [r4, #0] + 8009586: 0391 lsls r1, r2, #14 + 8009588: d4f2 bmi.n 8009570 + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSEBYP)) + 800958a: 6822 ldr r2, [r4, #0] + 800958c: f412 2f80 tst.w r2, #262144 ; 0x40000 + 8009590: e7ed b.n 800956e + if((HAL_GetTick() - tickstart) > PLLSAI1_TIMEOUT_VALUE) + 8009592: f7fd ff29 bl 80073e8 + 8009596: 1b80 subs r0, r0, r6 + 8009598: 2802 cmp r0, #2 + 800959a: d9c9 bls.n 8009530 + status = HAL_TIMEOUT; + 800959c: 2003 movs r0, #3 +} + 800959e: bdf8 pop {r3, r4, r5, r6, r7, pc} + MODIFY_REG(RCC->PLLSAI1CFGR, + 80095a0: 68e9 ldr r1, [r5, #12] + 80095a2: 6922 ldr r2, [r4, #16] + 80095a4: ea46 63c1 orr.w r3, r6, r1, lsl #27 + 80095a8: 4915 ldr r1, [pc, #84] ; (8009600 ) + 80095aa: 4011 ands r1, r2 + 80095ac: 430b orrs r3, r1 + 80095ae: 4303 orrs r3, r0 + MODIFY_REG(RCC->PLLSAI1CFGR, + 80095b0: 6123 str r3, [r4, #16] + __HAL_RCC_PLLSAI1_ENABLE(); + 80095b2: 6823 ldr r3, [r4, #0] + 80095b4: f043 6380 orr.w r3, r3, #67108864 ; 0x4000000 + 80095b8: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 80095ba: f7fd ff15 bl 80073e8 + 80095be: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI1RDY) == 0U) + 80095c0: 6823 ldr r3, [r4, #0] + 80095c2: 011b lsls r3, r3, #4 + 80095c4: d510 bpl.n 80095e8 + __HAL_RCC_PLLSAI1CLKOUT_ENABLE(PllSai1->PLLSAI1ClockOut); + 80095c6: 6923 ldr r3, [r4, #16] + 80095c8: 69aa ldr r2, [r5, #24] + 80095ca: 4313 orrs r3, r2 + 80095cc: 6123 str r3, [r4, #16] + 80095ce: 2000 movs r0, #0 + return status; + 80095d0: e7e5 b.n 800959e + MODIFY_REG(RCC->PLLSAI1CFGR, + 80095d2: 696b ldr r3, [r5, #20] + 80095d4: 6921 ldr r1, [r4, #16] + 80095d6: 085b lsrs r3, r3, #1 + 80095d8: 1e5a subs r2, r3, #1 + 80095da: 4b0a ldr r3, [pc, #40] ; (8009604 ) + 80095dc: 400b ands r3, r1 + 80095de: 4333 orrs r3, r6 + 80095e0: 4303 orrs r3, r0 + 80095e2: ea43 6342 orr.w r3, r3, r2, lsl #25 + 80095e6: e7e3 b.n 80095b0 + if((HAL_GetTick() - tickstart) > PLLSAI1_TIMEOUT_VALUE) + 80095e8: f7fd fefe bl 80073e8 + 80095ec: 1b80 subs r0, r0, r6 + 80095ee: 2802 cmp r0, #2 + 80095f0: d9e6 bls.n 80095c0 + 80095f2: e7d3 b.n 800959c + status = HAL_ERROR; + 80095f4: 2001 movs r0, #1 + 80095f6: e7d2 b.n 800959e + 80095f8: 40021000 .word 0x40021000 + 80095fc: ff9f800f .word 0xff9f800f + 8009600: 07ff800f .word 0x07ff800f + 8009604: f9ff800f .word 0xf9ff800f + +08009608 : +static HAL_StatusTypeDef RCCEx_PLLSAI2_Config(RCC_PLLSAI2InitTypeDef *PllSai2, uint32_t Divider) + 8009608: b570 push {r4, r5, r6, lr} + if(__HAL_RCC_GET_PLL_OSCSOURCE() != RCC_PLLSOURCE_NONE) + 800960a: 4c2f ldr r4, [pc, #188] ; (80096c8 ) + if((__HAL_RCC_GET_PLL_OSCSOURCE() != PllSai2->PLLSAI2Source) + 800960c: 6803 ldr r3, [r0, #0] + if(__HAL_RCC_GET_PLL_OSCSOURCE() != RCC_PLLSOURCE_NONE) + 800960e: 68e2 ldr r2, [r4, #12] +static HAL_StatusTypeDef RCCEx_PLLSAI2_Config(RCC_PLLSAI2InitTypeDef *PllSai2, uint32_t Divider) + 8009610: 4605 mov r5, r0 + if(__HAL_RCC_GET_PLL_OSCSOURCE() != RCC_PLLSOURCE_NONE) + 8009612: 0790 lsls r0, r2, #30 + 8009614: d026 beq.n 8009664 + if((__HAL_RCC_GET_PLL_OSCSOURCE() != PllSai2->PLLSAI2Source) + 8009616: 68e2 ldr r2, [r4, #12] + 8009618: f002 0203 and.w r2, r2, #3 + 800961c: 429a cmp r2, r3 + 800961e: d151 bne.n 80096c4 + || + 8009620: 2a00 cmp r2, #0 + 8009622: d04f beq.n 80096c4 + __HAL_RCC_PLLSAI2_DISABLE(); + 8009624: 6823 ldr r3, [r4, #0] + 8009626: f023 5380 bic.w r3, r3, #268435456 ; 0x10000000 + 800962a: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 800962c: f7fd fedc bl 80073e8 + 8009630: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI2RDY) != 0U) + 8009632: 6823 ldr r3, [r4, #0] + 8009634: 009a lsls r2, r3, #2 + 8009636: d430 bmi.n 800969a + MODIFY_REG(RCC->PLLSAI2CFGR, + 8009638: e9d5 2302 ldrd r2, r3, [r5, #8] + 800963c: 06db lsls r3, r3, #27 + 800963e: 6961 ldr r1, [r4, #20] + 8009640: ea43 2302 orr.w r3, r3, r2, lsl #8 + 8009644: 4a21 ldr r2, [pc, #132] ; (80096cc ) + 8009646: 400a ands r2, r1 + 8009648: 4313 orrs r3, r2 + 800964a: 686a ldr r2, [r5, #4] + 800964c: 3a01 subs r2, #1 + 800964e: ea43 1302 orr.w r3, r3, r2, lsl #4 + 8009652: 6163 str r3, [r4, #20] + __HAL_RCC_PLLSAI2_ENABLE(); + 8009654: 6823 ldr r3, [r4, #0] + 8009656: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + 800965a: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 800965c: f7fd fec4 bl 80073e8 + 8009660: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI2RDY) == 0U) + 8009662: e026 b.n 80096b2 + switch(PllSai2->PLLSAI2Source) + 8009664: 2b02 cmp r3, #2 + 8009666: d00d beq.n 8009684 + 8009668: 2b03 cmp r3, #3 + 800966a: d00f beq.n 800968c + 800966c: 2b01 cmp r3, #1 + 800966e: d129 bne.n 80096c4 + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_MSIRDY)) + 8009670: 6822 ldr r2, [r4, #0] + 8009672: f012 0f02 tst.w r2, #2 + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSEBYP)) + 8009676: d025 beq.n 80096c4 + MODIFY_REG(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC, PllSai2->PLLSAI2Source); + 8009678: 68e0 ldr r0, [r4, #12] + 800967a: f020 0003 bic.w r0, r0, #3 + 800967e: 4318 orrs r0, r3 + 8009680: 60e0 str r0, [r4, #12] + if(status == HAL_OK) + 8009682: e7cf b.n 8009624 + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSIRDY)) + 8009684: 6822 ldr r2, [r4, #0] + 8009686: f412 6f80 tst.w r2, #1024 ; 0x400 + 800968a: e7f4 b.n 8009676 + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSERDY)) + 800968c: 6822 ldr r2, [r4, #0] + 800968e: 0391 lsls r1, r2, #14 + 8009690: d4f2 bmi.n 8009678 + if(HAL_IS_BIT_CLR(RCC->CR, RCC_CR_HSEBYP)) + 8009692: 6822 ldr r2, [r4, #0] + 8009694: f412 2f80 tst.w r2, #262144 ; 0x40000 + 8009698: e7ed b.n 8009676 + if((HAL_GetTick() - tickstart) > PLLSAI2_TIMEOUT_VALUE) + 800969a: f7fd fea5 bl 80073e8 + 800969e: 1b80 subs r0, r0, r6 + 80096a0: 2802 cmp r0, #2 + 80096a2: d9c6 bls.n 8009632 + status = HAL_TIMEOUT; + 80096a4: 2003 movs r0, #3 +} + 80096a6: bd70 pop {r4, r5, r6, pc} + if((HAL_GetTick() - tickstart) > PLLSAI2_TIMEOUT_VALUE) + 80096a8: f7fd fe9e bl 80073e8 + 80096ac: 1b80 subs r0, r0, r6 + 80096ae: 2802 cmp r0, #2 + 80096b0: d8f8 bhi.n 80096a4 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI2RDY) == 0U) + 80096b2: 6823 ldr r3, [r4, #0] + 80096b4: 009b lsls r3, r3, #2 + 80096b6: d5f7 bpl.n 80096a8 + __HAL_RCC_PLLSAI2CLKOUT_ENABLE(PllSai2->PLLSAI2ClockOut); + 80096b8: 6963 ldr r3, [r4, #20] + 80096ba: 69aa ldr r2, [r5, #24] + 80096bc: 4313 orrs r3, r2 + 80096be: 6163 str r3, [r4, #20] + 80096c0: 2000 movs r0, #0 + return status; + 80096c2: e7f0 b.n 80096a6 + status = HAL_ERROR; + 80096c4: 2001 movs r0, #1 + 80096c6: e7ee b.n 80096a6 + 80096c8: 40021000 .word 0x40021000 + 80096cc: 07ff800f .word 0x07ff800f + +080096d0 : +{ + 80096d0: e92d 47f3 stmdb sp!, {r0, r1, r4, r5, r6, r7, r8, r9, sl, lr} + if((((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_SAI1) == RCC_PERIPHCLK_SAI1)) + 80096d4: 6806 ldr r6, [r0, #0] + 80096d6: f416 6600 ands.w r6, r6, #2048 ; 0x800 +{ + 80096da: 4604 mov r4, r0 + if((((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_SAI1) == RCC_PERIPHCLK_SAI1)) + 80096dc: d007 beq.n 80096ee + switch(PeriphClkInit->Sai1ClockSelection) + 80096de: 6ec1 ldr r1, [r0, #108] ; 0x6c + 80096e0: 2940 cmp r1, #64 ; 0x40 + 80096e2: d022 beq.n 800972a + 80096e4: d812 bhi.n 800970c + 80096e6: b331 cbz r1, 8009736 + 80096e8: 2920 cmp r1, #32 + 80096ea: d02b beq.n 8009744 + 80096ec: 2601 movs r6, #1 + if((((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_SAI2) == RCC_PERIPHCLK_SAI2)) + 80096ee: 6823 ldr r3, [r4, #0] + 80096f0: 04db lsls r3, r3, #19 + 80096f2: d509 bpl.n 8009708 + switch(PeriphClkInit->Sai2ClockSelection) + 80096f4: 6f21 ldr r1, [r4, #112] ; 0x70 + 80096f6: f5b1 7f00 cmp.w r1, #512 ; 0x200 + 80096fa: d02f beq.n 800975c + 80096fc: d826 bhi.n 800974c + 80096fe: b399 cbz r1, 8009768 + 8009700: f5b1 7f80 cmp.w r1, #256 ; 0x100 + 8009704: d073 beq.n 80097ee + 8009706: 2601 movs r6, #1 + 8009708: 4635 mov r5, r6 + 800970a: e03c b.n 8009786 + switch(PeriphClkInit->Sai1ClockSelection) + 800970c: 2960 cmp r1, #96 ; 0x60 + 800970e: d001 beq.n 8009714 + 8009710: 2980 cmp r1, #128 ; 0x80 + 8009712: d1eb bne.n 80096ec + __HAL_RCC_SAI1_CONFIG(PeriphClkInit->Sai1ClockSelection); + 8009714: 4a3b ldr r2, [pc, #236] ; (8009804 ) + 8009716: 6ee1 ldr r1, [r4, #108] ; 0x6c + 8009718: f8d2 309c ldr.w r3, [r2, #156] ; 0x9c + 800971c: f023 03e0 bic.w r3, r3, #224 ; 0xe0 + 8009720: 430b orrs r3, r1 + 8009722: f8c2 309c str.w r3, [r2, #156] ; 0x9c + 8009726: 2600 movs r6, #0 + 8009728: e7e1 b.n 80096ee + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_SAI3CLK); + 800972a: 4a36 ldr r2, [pc, #216] ; (8009804 ) + 800972c: 68d3 ldr r3, [r2, #12] + 800972e: f443 3380 orr.w r3, r3, #65536 ; 0x10000 + 8009732: 60d3 str r3, [r2, #12] + if(ret == HAL_OK) + 8009734: e7ee b.n 8009714 + ret = RCCEx_PLLSAI1_Config(&(PeriphClkInit->PLLSAI1), DIVIDER_P_UPDATE); + 8009736: 3004 adds r0, #4 + 8009738: f7ff fee4 bl 8009504 + ret = RCCEx_PLLSAI2_Config(&(PeriphClkInit->PLLSAI2), DIVIDER_P_UPDATE); + 800973c: 4606 mov r6, r0 + if(ret == HAL_OK) + 800973e: 2800 cmp r0, #0 + 8009740: d1d5 bne.n 80096ee + 8009742: e7e7 b.n 8009714 + ret = RCCEx_PLLSAI2_Config(&(PeriphClkInit->PLLSAI2), DIVIDER_P_UPDATE); + 8009744: 3020 adds r0, #32 + 8009746: f7ff ff5f bl 8009608 + 800974a: e7f7 b.n 800973c + switch(PeriphClkInit->Sai2ClockSelection) + 800974c: f5b1 7f40 cmp.w r1, #768 ; 0x300 + 8009750: d002 beq.n 8009758 + 8009752: f5b1 6f80 cmp.w r1, #1024 ; 0x400 + 8009756: d1d6 bne.n 8009706 + 8009758: 4635 mov r5, r6 + 800975a: e009 b.n 8009770 + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_SAI3CLK); + 800975c: 4a29 ldr r2, [pc, #164] ; (8009804 ) + 800975e: 68d3 ldr r3, [r2, #12] + 8009760: f443 3380 orr.w r3, r3, #65536 ; 0x10000 + 8009764: 60d3 str r3, [r2, #12] + break; + 8009766: e7f7 b.n 8009758 + ret = RCCEx_PLLSAI1_Config(&(PeriphClkInit->PLLSAI1), DIVIDER_P_UPDATE); + 8009768: 1d20 adds r0, r4, #4 + 800976a: f7ff fecb bl 8009504 + ret = RCCEx_PLLSAI2_Config(&(PeriphClkInit->PLLSAI2), DIVIDER_P_UPDATE); + 800976e: 4605 mov r5, r0 + if(ret == HAL_OK) + 8009770: 2d00 cmp r5, #0 + 8009772: d141 bne.n 80097f8 + __HAL_RCC_SAI2_CONFIG(PeriphClkInit->Sai2ClockSelection); + 8009774: 4a23 ldr r2, [pc, #140] ; (8009804 ) + 8009776: 6f21 ldr r1, [r4, #112] ; 0x70 + 8009778: f8d2 309c ldr.w r3, [r2, #156] ; 0x9c + 800977c: f423 63e0 bic.w r3, r3, #1792 ; 0x700 + 8009780: 430b orrs r3, r1 + 8009782: f8c2 309c str.w r3, [r2, #156] ; 0x9c + if((PeriphClkInit->PeriphClockSelection & RCC_PERIPHCLK_RTC) == RCC_PERIPHCLK_RTC) + 8009786: 6823 ldr r3, [r4, #0] + 8009788: 039f lsls r7, r3, #14 + 800978a: f140 817d bpl.w 8009a88 + if(__HAL_RCC_PWR_IS_CLK_DISABLED() != 0U) + 800978e: 4f1d ldr r7, [pc, #116] ; (8009804 ) + 8009790: 6dbb ldr r3, [r7, #88] ; 0x58 + 8009792: 00d8 lsls r0, r3, #3 + 8009794: d432 bmi.n 80097fc + __HAL_RCC_PWR_CLK_ENABLE(); + 8009796: 6dbb ldr r3, [r7, #88] ; 0x58 + 8009798: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + 800979c: 65bb str r3, [r7, #88] ; 0x58 + 800979e: 6dbb ldr r3, [r7, #88] ; 0x58 + 80097a0: f003 5380 and.w r3, r3, #268435456 ; 0x10000000 + 80097a4: 9301 str r3, [sp, #4] + 80097a6: 9b01 ldr r3, [sp, #4] + pwrclkchanged = SET; + 80097a8: f04f 0801 mov.w r8, #1 + SET_BIT(PWR->CR1, PWR_CR1_DBP); + 80097ac: f8df 9058 ldr.w r9, [pc, #88] ; 8009808 + 80097b0: f8d9 3000 ldr.w r3, [r9] + 80097b4: f443 7380 orr.w r3, r3, #256 ; 0x100 + 80097b8: f8c9 3000 str.w r3, [r9] + tickstart = HAL_GetTick(); + 80097bc: f7fd fe14 bl 80073e8 + 80097c0: 4682 mov sl, r0 + while(READ_BIT(PWR->CR1, PWR_CR1_DBP) == 0U) + 80097c2: f8d9 3000 ldr.w r3, [r9] + 80097c6: 05d9 lsls r1, r3, #23 + 80097c8: d520 bpl.n 800980c + if(ret == HAL_OK) + 80097ca: bb35 cbnz r5, 800981a + tmpregister = READ_BIT(RCC->BDCR, RCC_BDCR_RTCSEL); + 80097cc: f8d7 3090 ldr.w r3, [r7, #144] ; 0x90 + if((tmpregister != RCC_RTCCLKSOURCE_NONE) && (tmpregister != PeriphClkInit->RTCClockSelection)) + 80097d0: f413 7340 ands.w r3, r3, #768 ; 0x300 + 80097d4: f040 812e bne.w 8009a34 + __HAL_RCC_RTC_CONFIG(PeriphClkInit->RTCClockSelection); + 80097d8: f8d7 3090 ldr.w r3, [r7, #144] ; 0x90 + 80097dc: f8d4 2090 ldr.w r2, [r4, #144] ; 0x90 + 80097e0: f423 7340 bic.w r3, r3, #768 ; 0x300 + 80097e4: 4313 orrs r3, r2 + 80097e6: f8c7 3090 str.w r3, [r7, #144] ; 0x90 + 80097ea: 4635 mov r5, r6 + 80097ec: e015 b.n 800981a + ret = RCCEx_PLLSAI2_Config(&(PeriphClkInit->PLLSAI2), DIVIDER_P_UPDATE); + 80097ee: f104 0020 add.w r0, r4, #32 + 80097f2: f7ff ff09 bl 8009608 + 80097f6: e7ba b.n 800976e + 80097f8: 462e mov r6, r5 + 80097fa: e7c4 b.n 8009786 + FlagStatus pwrclkchanged = RESET; + 80097fc: f04f 0800 mov.w r8, #0 + 8009800: e7d4 b.n 80097ac + 8009802: bf00 nop + 8009804: 40021000 .word 0x40021000 + 8009808: 40007000 .word 0x40007000 + if((HAL_GetTick() - tickstart) > RCC_DBP_TIMEOUT_VALUE) + 800980c: f7fd fdec bl 80073e8 + 8009810: eba0 000a sub.w r0, r0, sl + 8009814: 2802 cmp r0, #2 + 8009816: d9d4 bls.n 80097c2 + ret = HAL_TIMEOUT; + 8009818: 2503 movs r5, #3 + if(pwrclkchanged == SET) + 800981a: f1b8 0f00 cmp.w r8, #0 + 800981e: d003 beq.n 8009828 + __HAL_RCC_PWR_CLK_DISABLE(); + 8009820: 6dbb ldr r3, [r7, #88] ; 0x58 + 8009822: f023 5380 bic.w r3, r3, #268435456 ; 0x10000000 + 8009826: 65bb str r3, [r7, #88] ; 0x58 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_USART1) == RCC_PERIPHCLK_USART1) + 8009828: 6823 ldr r3, [r4, #0] + 800982a: 07d8 lsls r0, r3, #31 + 800982c: d508 bpl.n 8009840 + __HAL_RCC_USART1_CONFIG(PeriphClkInit->Usart1ClockSelection); + 800982e: 49b2 ldr r1, [pc, #712] ; (8009af8 ) + 8009830: 6be0 ldr r0, [r4, #60] ; 0x3c + 8009832: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 8009836: f022 0203 bic.w r2, r2, #3 + 800983a: 4302 orrs r2, r0 + 800983c: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_USART2) == RCC_PERIPHCLK_USART2) + 8009840: 0799 lsls r1, r3, #30 + 8009842: d508 bpl.n 8009856 + __HAL_RCC_USART2_CONFIG(PeriphClkInit->Usart2ClockSelection); + 8009844: 49ac ldr r1, [pc, #688] ; (8009af8 ) + 8009846: 6c20 ldr r0, [r4, #64] ; 0x40 + 8009848: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 800984c: f022 020c bic.w r2, r2, #12 + 8009850: 4302 orrs r2, r0 + 8009852: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_USART3) == RCC_PERIPHCLK_USART3) + 8009856: 075a lsls r2, r3, #29 + 8009858: d508 bpl.n 800986c + __HAL_RCC_USART3_CONFIG(PeriphClkInit->Usart3ClockSelection); + 800985a: 49a7 ldr r1, [pc, #668] ; (8009af8 ) + 800985c: 6c60 ldr r0, [r4, #68] ; 0x44 + 800985e: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 8009862: f022 0230 bic.w r2, r2, #48 ; 0x30 + 8009866: 4302 orrs r2, r0 + 8009868: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_UART4) == RCC_PERIPHCLK_UART4) + 800986c: 071f lsls r7, r3, #28 + 800986e: d508 bpl.n 8009882 + __HAL_RCC_UART4_CONFIG(PeriphClkInit->Uart4ClockSelection); + 8009870: 49a1 ldr r1, [pc, #644] ; (8009af8 ) + 8009872: 6ca0 ldr r0, [r4, #72] ; 0x48 + 8009874: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 8009878: f022 02c0 bic.w r2, r2, #192 ; 0xc0 + 800987c: 4302 orrs r2, r0 + 800987e: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_UART5) == RCC_PERIPHCLK_UART5) + 8009882: 06de lsls r6, r3, #27 + 8009884: d508 bpl.n 8009898 + __HAL_RCC_UART5_CONFIG(PeriphClkInit->Uart5ClockSelection); + 8009886: 499c ldr r1, [pc, #624] ; (8009af8 ) + 8009888: 6ce0 ldr r0, [r4, #76] ; 0x4c + 800988a: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 800988e: f422 7240 bic.w r2, r2, #768 ; 0x300 + 8009892: 4302 orrs r2, r0 + 8009894: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_LPUART1) == RCC_PERIPHCLK_LPUART1) + 8009898: 0698 lsls r0, r3, #26 + 800989a: d508 bpl.n 80098ae + __HAL_RCC_LPUART1_CONFIG(PeriphClkInit->Lpuart1ClockSelection); + 800989c: 4996 ldr r1, [pc, #600] ; (8009af8 ) + 800989e: 6d20 ldr r0, [r4, #80] ; 0x50 + 80098a0: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 80098a4: f422 6240 bic.w r2, r2, #3072 ; 0xc00 + 80098a8: 4302 orrs r2, r0 + 80098aa: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_LPTIM1) == (RCC_PERIPHCLK_LPTIM1)) + 80098ae: 0599 lsls r1, r3, #22 + 80098b0: d508 bpl.n 80098c4 + __HAL_RCC_LPTIM1_CONFIG(PeriphClkInit->Lptim1ClockSelection); + 80098b2: 4991 ldr r1, [pc, #580] ; (8009af8 ) + 80098b4: 6e60 ldr r0, [r4, #100] ; 0x64 + 80098b6: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 80098ba: f422 2240 bic.w r2, r2, #786432 ; 0xc0000 + 80098be: 4302 orrs r2, r0 + 80098c0: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_LPTIM2) == (RCC_PERIPHCLK_LPTIM2)) + 80098c4: 055a lsls r2, r3, #21 + 80098c6: d508 bpl.n 80098da + __HAL_RCC_LPTIM2_CONFIG(PeriphClkInit->Lptim2ClockSelection); + 80098c8: 498b ldr r1, [pc, #556] ; (8009af8 ) + 80098ca: 6ea0 ldr r0, [r4, #104] ; 0x68 + 80098cc: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 80098d0: f422 1240 bic.w r2, r2, #3145728 ; 0x300000 + 80098d4: 4302 orrs r2, r0 + 80098d6: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_I2C1) == RCC_PERIPHCLK_I2C1) + 80098da: 065f lsls r7, r3, #25 + 80098dc: d508 bpl.n 80098f0 + __HAL_RCC_I2C1_CONFIG(PeriphClkInit->I2c1ClockSelection); + 80098de: 4986 ldr r1, [pc, #536] ; (8009af8 ) + 80098e0: 6d60 ldr r0, [r4, #84] ; 0x54 + 80098e2: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 80098e6: f422 5240 bic.w r2, r2, #12288 ; 0x3000 + 80098ea: 4302 orrs r2, r0 + 80098ec: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_I2C2) == RCC_PERIPHCLK_I2C2) + 80098f0: 061e lsls r6, r3, #24 + 80098f2: d508 bpl.n 8009906 + __HAL_RCC_I2C2_CONFIG(PeriphClkInit->I2c2ClockSelection); + 80098f4: 4980 ldr r1, [pc, #512] ; (8009af8 ) + 80098f6: 6da0 ldr r0, [r4, #88] ; 0x58 + 80098f8: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 80098fc: f422 4240 bic.w r2, r2, #49152 ; 0xc000 + 8009900: 4302 orrs r2, r0 + 8009902: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_I2C3) == RCC_PERIPHCLK_I2C3) + 8009906: 05d8 lsls r0, r3, #23 + 8009908: d508 bpl.n 800991c + __HAL_RCC_I2C3_CONFIG(PeriphClkInit->I2c3ClockSelection); + 800990a: 497b ldr r1, [pc, #492] ; (8009af8 ) + 800990c: 6de0 ldr r0, [r4, #92] ; 0x5c + 800990e: f8d1 2088 ldr.w r2, [r1, #136] ; 0x88 + 8009912: f422 3240 bic.w r2, r2, #196608 ; 0x30000 + 8009916: 4302 orrs r2, r0 + 8009918: f8c1 2088 str.w r2, [r1, #136] ; 0x88 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_I2C4) == RCC_PERIPHCLK_I2C4) + 800991c: 02d9 lsls r1, r3, #11 + 800991e: d508 bpl.n 8009932 + __HAL_RCC_I2C4_CONFIG(PeriphClkInit->I2c4ClockSelection); + 8009920: 4975 ldr r1, [pc, #468] ; (8009af8 ) + 8009922: 6e20 ldr r0, [r4, #96] ; 0x60 + 8009924: f8d1 209c ldr.w r2, [r1, #156] ; 0x9c + 8009928: f022 0203 bic.w r2, r2, #3 + 800992c: 4302 orrs r2, r0 + 800992e: f8c1 209c str.w r2, [r1, #156] ; 0x9c + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_USB) == (RCC_PERIPHCLK_USB)) + 8009932: 049a lsls r2, r3, #18 + 8009934: d510 bpl.n 8009958 + __HAL_RCC_USB_CONFIG(PeriphClkInit->UsbClockSelection); + 8009936: 4a70 ldr r2, [pc, #448] ; (8009af8 ) + 8009938: 6f61 ldr r1, [r4, #116] ; 0x74 + 800993a: f8d2 3088 ldr.w r3, [r2, #136] ; 0x88 + 800993e: f023 6340 bic.w r3, r3, #201326592 ; 0xc000000 + 8009942: 430b orrs r3, r1 + if(PeriphClkInit->UsbClockSelection == RCC_USBCLKSOURCE_PLL) + 8009944: f1b1 6f00 cmp.w r1, #134217728 ; 0x8000000 + __HAL_RCC_USB_CONFIG(PeriphClkInit->UsbClockSelection); + 8009948: f8c2 3088 str.w r3, [r2, #136] ; 0x88 + if(PeriphClkInit->UsbClockSelection == RCC_USBCLKSOURCE_PLL) + 800994c: f040 809e bne.w 8009a8c + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_48M1CLK); + 8009950: 68d3 ldr r3, [r2, #12] + 8009952: f443 1380 orr.w r3, r3, #1048576 ; 0x100000 + 8009956: 60d3 str r3, [r2, #12] + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_SDMMC1) == (RCC_PERIPHCLK_SDMMC1)) + 8009958: 6823 ldr r3, [r4, #0] + 800995a: 031b lsls r3, r3, #12 + 800995c: d50f bpl.n 800997e + __HAL_RCC_SDMMC1_CONFIG(PeriphClkInit->Sdmmc1ClockSelection); + 800995e: 6fa1 ldr r1, [r4, #120] ; 0x78 + 8009960: 4b65 ldr r3, [pc, #404] ; (8009af8 ) + 8009962: f5b1 4f80 cmp.w r1, #16384 ; 0x4000 + 8009966: f8d3 209c ldr.w r2, [r3, #156] ; 0x9c + 800996a: f040 809b bne.w 8009aa4 + 800996e: f442 4280 orr.w r2, r2, #16384 ; 0x4000 + 8009972: f8c3 209c str.w r2, [r3, #156] ; 0x9c + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_SAI3CLK); + 8009976: 68da ldr r2, [r3, #12] + 8009978: f442 3280 orr.w r2, r2, #65536 ; 0x10000 + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_48M1CLK); + 800997c: 60da str r2, [r3, #12] + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_RNG) == (RCC_PERIPHCLK_RNG)) + 800997e: 6823 ldr r3, [r4, #0] + 8009980: 035f lsls r7, r3, #13 + 8009982: d510 bpl.n 80099a6 + __HAL_RCC_RNG_CONFIG(PeriphClkInit->RngClockSelection); + 8009984: 4a5c ldr r2, [pc, #368] ; (8009af8 ) + 8009986: 6fe1 ldr r1, [r4, #124] ; 0x7c + 8009988: f8d2 3088 ldr.w r3, [r2, #136] ; 0x88 + 800998c: f023 6340 bic.w r3, r3, #201326592 ; 0xc000000 + 8009990: 430b orrs r3, r1 + if(PeriphClkInit->RngClockSelection == RCC_RNGCLKSOURCE_PLL) + 8009992: f1b1 6f00 cmp.w r1, #134217728 ; 0x8000000 + __HAL_RCC_RNG_CONFIG(PeriphClkInit->RngClockSelection); + 8009996: f8c2 3088 str.w r3, [r2, #136] ; 0x88 + if(PeriphClkInit->RngClockSelection == RCC_RNGCLKSOURCE_PLL) + 800999a: f040 80a1 bne.w 8009ae0 + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_48M1CLK); + 800999e: 68d3 ldr r3, [r2, #12] + 80099a0: f443 1380 orr.w r3, r3, #1048576 ; 0x100000 + 80099a4: 60d3 str r3, [r2, #12] + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_ADC) == RCC_PERIPHCLK_ADC) + 80099a6: 6823 ldr r3, [r4, #0] + 80099a8: 045e lsls r6, r3, #17 + 80099aa: d513 bpl.n 80099d4 + __HAL_RCC_ADC_CONFIG(PeriphClkInit->AdcClockSelection); + 80099ac: 4952 ldr r1, [pc, #328] ; (8009af8 ) + 80099ae: f8d4 2080 ldr.w r2, [r4, #128] ; 0x80 + 80099b2: f8d1 3088 ldr.w r3, [r1, #136] ; 0x88 + 80099b6: f023 5340 bic.w r3, r3, #805306368 ; 0x30000000 + 80099ba: 4313 orrs r3, r2 + if(PeriphClkInit->AdcClockSelection == RCC_ADCCLKSOURCE_PLLSAI1) + 80099bc: f1b2 5f80 cmp.w r2, #268435456 ; 0x10000000 + __HAL_RCC_ADC_CONFIG(PeriphClkInit->AdcClockSelection); + 80099c0: f8c1 3088 str.w r3, [r1, #136] ; 0x88 + if(PeriphClkInit->AdcClockSelection == RCC_ADCCLKSOURCE_PLLSAI1) + 80099c4: d106 bne.n 80099d4 + ret = RCCEx_PLLSAI1_Config(&(PeriphClkInit->PLLSAI1), DIVIDER_R_UPDATE); + 80099c6: 2102 movs r1, #2 + 80099c8: 1d20 adds r0, r4, #4 + 80099ca: f7ff fd9b bl 8009504 + if(ret != HAL_OK) + 80099ce: 2800 cmp r0, #0 + 80099d0: bf18 it ne + 80099d2: 4605 movne r5, r0 + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_DFSDM1) == RCC_PERIPHCLK_DFSDM1) + 80099d4: 6822 ldr r2, [r4, #0] + 80099d6: 03d0 lsls r0, r2, #15 + 80099d8: d509 bpl.n 80099ee + __HAL_RCC_DFSDM1_CONFIG(PeriphClkInit->Dfsdm1ClockSelection); + 80099da: 4947 ldr r1, [pc, #284] ; (8009af8 ) + 80099dc: f8d4 0084 ldr.w r0, [r4, #132] ; 0x84 + 80099e0: f8d1 309c ldr.w r3, [r1, #156] ; 0x9c + 80099e4: f023 0304 bic.w r3, r3, #4 + 80099e8: 4303 orrs r3, r0 + 80099ea: f8c1 309c str.w r3, [r1, #156] ; 0x9c + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_DFSDM1AUDIO) == RCC_PERIPHCLK_DFSDM1AUDIO) + 80099ee: 0291 lsls r1, r2, #10 + 80099f0: d509 bpl.n 8009a06 + __HAL_RCC_DFSDM1AUDIO_CONFIG(PeriphClkInit->Dfsdm1AudioClockSelection); + 80099f2: 4941 ldr r1, [pc, #260] ; (8009af8 ) + 80099f4: f8d4 0088 ldr.w r0, [r4, #136] ; 0x88 + 80099f8: f8d1 309c ldr.w r3, [r1, #156] ; 0x9c + 80099fc: f023 0318 bic.w r3, r3, #24 + 8009a00: 4303 orrs r3, r0 + 8009a02: f8c1 309c str.w r3, [r1, #156] ; 0x9c + if(((PeriphClkInit->PeriphClockSelection) & RCC_PERIPHCLK_OSPI) == RCC_PERIPHCLK_OSPI) + 8009a06: 01d3 lsls r3, r2, #7 + 8009a08: d510 bpl.n 8009a2c + __HAL_RCC_OSPI_CONFIG(PeriphClkInit->OspiClockSelection); + 8009a0a: 4a3b ldr r2, [pc, #236] ; (8009af8 ) + 8009a0c: f8d4 108c ldr.w r1, [r4, #140] ; 0x8c + 8009a10: f8d2 309c ldr.w r3, [r2, #156] ; 0x9c + 8009a14: f423 1340 bic.w r3, r3, #3145728 ; 0x300000 + 8009a18: 430b orrs r3, r1 + 8009a1a: f8c2 309c str.w r3, [r2, #156] ; 0x9c + if(PeriphClkInit->OspiClockSelection == RCC_OSPICLKSOURCE_PLL) + 8009a1e: f5b1 1f00 cmp.w r1, #2097152 ; 0x200000 + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_48M1CLK); + 8009a22: bf02 ittt eq + 8009a24: 68d3 ldreq r3, [r2, #12] + 8009a26: f443 1380 orreq.w r3, r3, #1048576 ; 0x100000 + 8009a2a: 60d3 streq r3, [r2, #12] +} + 8009a2c: 4628 mov r0, r5 + 8009a2e: b002 add sp, #8 + 8009a30: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + if((tmpregister != RCC_RTCCLKSOURCE_NONE) && (tmpregister != PeriphClkInit->RTCClockSelection)) + 8009a34: f8d4 2090 ldr.w r2, [r4, #144] ; 0x90 + 8009a38: 429a cmp r2, r3 + 8009a3a: f43f aecd beq.w 80097d8 + tmpregister = READ_BIT(RCC->BDCR, ~(RCC_BDCR_RTCSEL)); + 8009a3e: f8d7 2090 ldr.w r2, [r7, #144] ; 0x90 + __HAL_RCC_BACKUPRESET_FORCE(); + 8009a42: f8d7 3090 ldr.w r3, [r7, #144] ; 0x90 + 8009a46: f443 3380 orr.w r3, r3, #65536 ; 0x10000 + 8009a4a: f8c7 3090 str.w r3, [r7, #144] ; 0x90 + __HAL_RCC_BACKUPRESET_RELEASE(); + 8009a4e: f8d7 3090 ldr.w r3, [r7, #144] ; 0x90 + tmpregister = READ_BIT(RCC->BDCR, ~(RCC_BDCR_RTCSEL)); + 8009a52: f422 7140 bic.w r1, r2, #768 ; 0x300 + __HAL_RCC_BACKUPRESET_RELEASE(); + 8009a56: f423 3380 bic.w r3, r3, #65536 ; 0x10000 + if (HAL_IS_BIT_SET(tmpregister, RCC_BDCR_LSEON)) + 8009a5a: 07d2 lsls r2, r2, #31 + __HAL_RCC_BACKUPRESET_RELEASE(); + 8009a5c: f8c7 3090 str.w r3, [r7, #144] ; 0x90 + RCC->BDCR = tmpregister; + 8009a60: f8c7 1090 str.w r1, [r7, #144] ; 0x90 + if (HAL_IS_BIT_SET(tmpregister, RCC_BDCR_LSEON)) + 8009a64: f57f aeb8 bpl.w 80097d8 + tickstart = HAL_GetTick(); + 8009a68: f7fd fcbe bl 80073e8 + if((HAL_GetTick() - tickstart) > RCC_LSE_TIMEOUT_VALUE) + 8009a6c: f241 3988 movw r9, #5000 ; 0x1388 + tickstart = HAL_GetTick(); + 8009a70: 4605 mov r5, r0 + while(READ_BIT(RCC->BDCR, RCC_BDCR_LSERDY) == 0U) + 8009a72: f8d7 3090 ldr.w r3, [r7, #144] ; 0x90 + 8009a76: 079b lsls r3, r3, #30 + 8009a78: f53f aeae bmi.w 80097d8 + if((HAL_GetTick() - tickstart) > RCC_LSE_TIMEOUT_VALUE) + 8009a7c: f7fd fcb4 bl 80073e8 + 8009a80: 1b40 subs r0, r0, r5 + 8009a82: 4548 cmp r0, r9 + 8009a84: d9f5 bls.n 8009a72 + 8009a86: e6c7 b.n 8009818 + 8009a88: 4635 mov r5, r6 + 8009a8a: e6cd b.n 8009828 + if(PeriphClkInit->UsbClockSelection == RCC_USBCLKSOURCE_PLLSAI1) + 8009a8c: f1b1 6f80 cmp.w r1, #67108864 ; 0x4000000 + 8009a90: f47f af62 bne.w 8009958 + ret = RCCEx_PLLSAI1_Config(&(PeriphClkInit->PLLSAI1), DIVIDER_Q_UPDATE); + 8009a94: 2101 movs r1, #1 + 8009a96: 1d20 adds r0, r4, #4 + 8009a98: f7ff fd34 bl 8009504 + if(ret != HAL_OK) + 8009a9c: 2800 cmp r0, #0 + 8009a9e: bf18 it ne + 8009aa0: 4605 movne r5, r0 + 8009aa2: e759 b.n 8009958 + __HAL_RCC_SDMMC1_CONFIG(PeriphClkInit->Sdmmc1ClockSelection); + 8009aa4: f422 4280 bic.w r2, r2, #16384 ; 0x4000 + 8009aa8: f8c3 209c str.w r2, [r3, #156] ; 0x9c + 8009aac: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009ab0: f022 6240 bic.w r2, r2, #201326592 ; 0xc000000 + 8009ab4: 430a orrs r2, r1 + if(PeriphClkInit->Sdmmc1ClockSelection == RCC_SDMMC1CLKSOURCE_PLL) /* PLL "Q" ? */ + 8009ab6: f1b1 6f00 cmp.w r1, #134217728 ; 0x8000000 + __HAL_RCC_SDMMC1_CONFIG(PeriphClkInit->Sdmmc1ClockSelection); + 8009aba: f8c3 2088 str.w r2, [r3, #136] ; 0x88 + if(PeriphClkInit->Sdmmc1ClockSelection == RCC_SDMMC1CLKSOURCE_PLL) /* PLL "Q" ? */ + 8009abe: d103 bne.n 8009ac8 + __HAL_RCC_PLLCLKOUT_ENABLE(RCC_PLL_48M1CLK); + 8009ac0: 68da ldr r2, [r3, #12] + 8009ac2: f442 1280 orr.w r2, r2, #1048576 ; 0x100000 + 8009ac6: e759 b.n 800997c + else if(PeriphClkInit->Sdmmc1ClockSelection == RCC_SDMMC1CLKSOURCE_PLLSAI1) + 8009ac8: f1b1 6f80 cmp.w r1, #67108864 ; 0x4000000 + 8009acc: f47f af57 bne.w 800997e + ret = RCCEx_PLLSAI1_Config(&(PeriphClkInit->PLLSAI1), DIVIDER_Q_UPDATE); + 8009ad0: 2101 movs r1, #1 + 8009ad2: 1d20 adds r0, r4, #4 + 8009ad4: f7ff fd16 bl 8009504 + if(ret != HAL_OK) + 8009ad8: 2800 cmp r0, #0 + 8009ada: bf18 it ne + 8009adc: 4605 movne r5, r0 + 8009ade: e74e b.n 800997e + else if(PeriphClkInit->RngClockSelection == RCC_RNGCLKSOURCE_PLLSAI1) + 8009ae0: f1b1 6f80 cmp.w r1, #67108864 ; 0x4000000 + 8009ae4: f47f af5f bne.w 80099a6 + ret = RCCEx_PLLSAI1_Config(&(PeriphClkInit->PLLSAI1), DIVIDER_Q_UPDATE); + 8009ae8: 2101 movs r1, #1 + 8009aea: 1d20 adds r0, r4, #4 + 8009aec: f7ff fd0a bl 8009504 + if(ret != HAL_OK) + 8009af0: 2800 cmp r0, #0 + 8009af2: bf18 it ne + 8009af4: 4605 movne r5, r0 + 8009af6: e756 b.n 80099a6 + 8009af8: 40021000 .word 0x40021000 + +08009afc : + PeriphClkInit->PeriphClockSelection = RCC_PERIPHCLK_USART1 | RCC_PERIPHCLK_USART2 | RCC_PERIPHCLK_USART3 | RCC_PERIPHCLK_UART4 | RCC_PERIPHCLK_UART5 | \ + 8009afc: 4b5b ldr r3, [pc, #364] ; (8009c6c ) + 8009afe: 6003 str r3, [r0, #0] + PeriphClkInit->PLLSAI1.PLLSAI1Source = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC) >> RCC_PLLCFGR_PLLSRC_Pos; + 8009b00: 4b5b ldr r3, [pc, #364] ; (8009c70 ) + 8009b02: 68d9 ldr r1, [r3, #12] + 8009b04: f001 0103 and.w r1, r1, #3 + 8009b08: 6041 str r1, [r0, #4] + PeriphClkInit->PLLSAI1.PLLSAI1M = (READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U; + 8009b0a: 691a ldr r2, [r3, #16] + 8009b0c: f3c2 1203 ubfx r2, r2, #4, #4 + 8009b10: 3201 adds r2, #1 + 8009b12: 6082 str r2, [r0, #8] + PeriphClkInit->PLLSAI1.PLLSAI1N = READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1N) >> RCC_PLLSAI1CFGR_PLLSAI1N_Pos; + 8009b14: 691a ldr r2, [r3, #16] + 8009b16: f3c2 2206 ubfx r2, r2, #8, #7 + 8009b1a: 60c2 str r2, [r0, #12] + PeriphClkInit->PLLSAI1.PLLSAI1P = ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1P) >> RCC_PLLSAI1CFGR_PLLSAI1P_Pos) << 4U) + 7U; + 8009b1c: 691a ldr r2, [r3, #16] + 8009b1e: 0b52 lsrs r2, r2, #13 + 8009b20: f002 0210 and.w r2, r2, #16 + 8009b24: 3207 adds r2, #7 + 8009b26: 6102 str r2, [r0, #16] + PeriphClkInit->PLLSAI1.PLLSAI1Q = ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1Q) >> RCC_PLLSAI1CFGR_PLLSAI1Q_Pos) + 1U) * 2U; + 8009b28: 691a ldr r2, [r3, #16] + 8009b2a: f3c2 5241 ubfx r2, r2, #21, #2 + 8009b2e: 3201 adds r2, #1 + 8009b30: 0052 lsls r2, r2, #1 + 8009b32: 6142 str r2, [r0, #20] + PeriphClkInit->PLLSAI1.PLLSAI1R = ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1R) >> RCC_PLLSAI1CFGR_PLLSAI1R_Pos) + 1U) * 2U; + 8009b34: 691a ldr r2, [r3, #16] + PeriphClkInit->PLLSAI2.PLLSAI2Source = PeriphClkInit->PLLSAI1.PLLSAI1Source; + 8009b36: 6201 str r1, [r0, #32] + PeriphClkInit->PLLSAI1.PLLSAI1R = ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1R) >> RCC_PLLSAI1CFGR_PLLSAI1R_Pos) + 1U) * 2U; + 8009b38: f3c2 6241 ubfx r2, r2, #25, #2 + 8009b3c: 3201 adds r2, #1 + 8009b3e: 0052 lsls r2, r2, #1 + 8009b40: 6182 str r2, [r0, #24] + PeriphClkInit->PLLSAI2.PLLSAI2M = (READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2M) >> RCC_PLLSAI2CFGR_PLLSAI2M_Pos) + 1U; + 8009b42: 695a ldr r2, [r3, #20] + 8009b44: f3c2 1203 ubfx r2, r2, #4, #4 + 8009b48: 3201 adds r2, #1 + 8009b4a: 6242 str r2, [r0, #36] ; 0x24 + PeriphClkInit->PLLSAI2.PLLSAI2N = READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2N) >> RCC_PLLSAI2CFGR_PLLSAI2N_Pos; + 8009b4c: 695a ldr r2, [r3, #20] + 8009b4e: f3c2 2206 ubfx r2, r2, #8, #7 + 8009b52: 6282 str r2, [r0, #40] ; 0x28 + PeriphClkInit->PLLSAI2.PLLSAI2P = ((READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2P) >> RCC_PLLSAI2CFGR_PLLSAI2P_Pos) << 4U) + 7U; + 8009b54: 695a ldr r2, [r3, #20] + 8009b56: 0b52 lsrs r2, r2, #13 + 8009b58: f002 0210 and.w r2, r2, #16 + 8009b5c: 3207 adds r2, #7 + 8009b5e: 62c2 str r2, [r0, #44] ; 0x2c + PeriphClkInit->PLLSAI2.PLLSAI2Q = ((READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2Q) >> RCC_PLLSAI2CFGR_PLLSAI2Q_Pos) + 1U) * 2U; + 8009b60: 695a ldr r2, [r3, #20] + 8009b62: f3c2 5241 ubfx r2, r2, #21, #2 + 8009b66: 3201 adds r2, #1 + 8009b68: 0052 lsls r2, r2, #1 + 8009b6a: 6302 str r2, [r0, #48] ; 0x30 + PeriphClkInit->PLLSAI2.PLLSAI2R = ((READ_BIT(RCC->PLLSAI2CFGR, RCC_PLLSAI2CFGR_PLLSAI2R)>> RCC_PLLSAI2CFGR_PLLSAI2R_Pos) + 1U) * 2U; + 8009b6c: 695a ldr r2, [r3, #20] + 8009b6e: f3c2 6241 ubfx r2, r2, #25, #2 + 8009b72: 3201 adds r2, #1 + 8009b74: 0052 lsls r2, r2, #1 + 8009b76: 6342 str r2, [r0, #52] ; 0x34 + PeriphClkInit->Usart1ClockSelection = __HAL_RCC_GET_USART1_SOURCE(); + 8009b78: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009b7c: f002 0203 and.w r2, r2, #3 + 8009b80: 63c2 str r2, [r0, #60] ; 0x3c + PeriphClkInit->Usart2ClockSelection = __HAL_RCC_GET_USART2_SOURCE(); + 8009b82: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009b86: f002 020c and.w r2, r2, #12 + 8009b8a: 6402 str r2, [r0, #64] ; 0x40 + PeriphClkInit->Usart3ClockSelection = __HAL_RCC_GET_USART3_SOURCE(); + 8009b8c: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009b90: f002 0230 and.w r2, r2, #48 ; 0x30 + 8009b94: 6442 str r2, [r0, #68] ; 0x44 + PeriphClkInit->Uart4ClockSelection = __HAL_RCC_GET_UART4_SOURCE(); + 8009b96: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009b9a: f002 02c0 and.w r2, r2, #192 ; 0xc0 + 8009b9e: 6482 str r2, [r0, #72] ; 0x48 + PeriphClkInit->Uart5ClockSelection = __HAL_RCC_GET_UART5_SOURCE(); + 8009ba0: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009ba4: f402 7240 and.w r2, r2, #768 ; 0x300 + 8009ba8: 64c2 str r2, [r0, #76] ; 0x4c + PeriphClkInit->Lpuart1ClockSelection = __HAL_RCC_GET_LPUART1_SOURCE(); + 8009baa: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009bae: f402 6240 and.w r2, r2, #3072 ; 0xc00 + 8009bb2: 6502 str r2, [r0, #80] ; 0x50 + PeriphClkInit->I2c1ClockSelection = __HAL_RCC_GET_I2C1_SOURCE(); + 8009bb4: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009bb8: f402 5240 and.w r2, r2, #12288 ; 0x3000 + 8009bbc: 6542 str r2, [r0, #84] ; 0x54 + PeriphClkInit->I2c2ClockSelection = __HAL_RCC_GET_I2C2_SOURCE(); + 8009bbe: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009bc2: f402 4240 and.w r2, r2, #49152 ; 0xc000 + 8009bc6: 6582 str r2, [r0, #88] ; 0x58 + PeriphClkInit->I2c3ClockSelection = __HAL_RCC_GET_I2C3_SOURCE(); + 8009bc8: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009bcc: f402 3240 and.w r2, r2, #196608 ; 0x30000 + 8009bd0: 65c2 str r2, [r0, #92] ; 0x5c + PeriphClkInit->I2c4ClockSelection = __HAL_RCC_GET_I2C4_SOURCE(); + 8009bd2: f8d3 209c ldr.w r2, [r3, #156] ; 0x9c + 8009bd6: f002 0203 and.w r2, r2, #3 + 8009bda: 6602 str r2, [r0, #96] ; 0x60 + PeriphClkInit->Lptim1ClockSelection = __HAL_RCC_GET_LPTIM1_SOURCE(); + 8009bdc: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009be0: f402 2240 and.w r2, r2, #786432 ; 0xc0000 + 8009be4: 6642 str r2, [r0, #100] ; 0x64 + PeriphClkInit->Lptim2ClockSelection = __HAL_RCC_GET_LPTIM2_SOURCE(); + 8009be6: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009bea: f402 1240 and.w r2, r2, #3145728 ; 0x300000 + 8009bee: 6682 str r2, [r0, #104] ; 0x68 + PeriphClkInit->Sai1ClockSelection = __HAL_RCC_GET_SAI1_SOURCE(); + 8009bf0: f8d3 209c ldr.w r2, [r3, #156] ; 0x9c + 8009bf4: f002 02e0 and.w r2, r2, #224 ; 0xe0 + 8009bf8: 66c2 str r2, [r0, #108] ; 0x6c + PeriphClkInit->Sai2ClockSelection = __HAL_RCC_GET_SAI2_SOURCE(); + 8009bfa: f8d3 209c ldr.w r2, [r3, #156] ; 0x9c + 8009bfe: f402 62e0 and.w r2, r2, #1792 ; 0x700 + 8009c02: 6702 str r2, [r0, #112] ; 0x70 + PeriphClkInit->RTCClockSelection = __HAL_RCC_GET_RTC_SOURCE(); + 8009c04: f8d3 2090 ldr.w r2, [r3, #144] ; 0x90 + 8009c08: f402 7240 and.w r2, r2, #768 ; 0x300 + 8009c0c: f8c0 2090 str.w r2, [r0, #144] ; 0x90 + PeriphClkInit->UsbClockSelection = __HAL_RCC_GET_USB_SOURCE(); + 8009c10: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009c14: f002 6240 and.w r2, r2, #201326592 ; 0xc000000 + 8009c18: 6742 str r2, [r0, #116] ; 0x74 + PeriphClkInit->Sdmmc1ClockSelection = __HAL_RCC_GET_SDMMC1_SOURCE(); + 8009c1a: f8d3 209c ldr.w r2, [r3, #156] ; 0x9c + 8009c1e: 0452 lsls r2, r2, #17 + 8009c20: bf56 itet pl + 8009c22: f8d3 2088 ldrpl.w r2, [r3, #136] ; 0x88 + 8009c26: f44f 4280 movmi.w r2, #16384 ; 0x4000 + 8009c2a: f002 6240 andpl.w r2, r2, #201326592 ; 0xc000000 + 8009c2e: 6782 str r2, [r0, #120] ; 0x78 + PeriphClkInit->RngClockSelection = __HAL_RCC_GET_RNG_SOURCE(); + 8009c30: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009c34: f002 6240 and.w r2, r2, #201326592 ; 0xc000000 + 8009c38: 67c2 str r2, [r0, #124] ; 0x7c + PeriphClkInit->AdcClockSelection = __HAL_RCC_GET_ADC_SOURCE(); + 8009c3a: f8d3 2088 ldr.w r2, [r3, #136] ; 0x88 + 8009c3e: f002 5240 and.w r2, r2, #805306368 ; 0x30000000 + 8009c42: f8c0 2080 str.w r2, [r0, #128] ; 0x80 + PeriphClkInit->Dfsdm1ClockSelection = __HAL_RCC_GET_DFSDM1_SOURCE(); + 8009c46: f8d3 209c ldr.w r2, [r3, #156] ; 0x9c + 8009c4a: f002 0204 and.w r2, r2, #4 + 8009c4e: f8c0 2084 str.w r2, [r0, #132] ; 0x84 + PeriphClkInit->Dfsdm1AudioClockSelection = __HAL_RCC_GET_DFSDM1AUDIO_SOURCE(); + 8009c52: f8d3 209c ldr.w r2, [r3, #156] ; 0x9c + 8009c56: f002 0218 and.w r2, r2, #24 + 8009c5a: f8c0 2088 str.w r2, [r0, #136] ; 0x88 + PeriphClkInit->OspiClockSelection = __HAL_RCC_GET_OSPI_SOURCE(); + 8009c5e: f8d3 309c ldr.w r3, [r3, #156] ; 0x9c + 8009c62: f403 1340 and.w r3, r3, #3145728 ; 0x300000 + 8009c66: f8c0 308c str.w r3, [r0, #140] ; 0x8c +} + 8009c6a: 4770 bx lr + 8009c6c: 013f7fff .word 0x013f7fff + 8009c70: 40021000 .word 0x40021000 + +08009c74 : + if(PeriphClk == RCC_PERIPHCLK_RTC) + 8009c74: f5b0 3f00 cmp.w r0, #131072 ; 0x20000 +{ + 8009c78: b4f0 push {r4, r5, r6, r7} + 8009c7a: 4d9a ldr r5, [pc, #616] ; (8009ee4 ) + if(PeriphClk == RCC_PERIPHCLK_RTC) + 8009c7c: d11c bne.n 8009cb8 + srcclk = __HAL_RCC_GET_RTC_SOURCE(); + 8009c7e: f8d5 3090 ldr.w r3, [r5, #144] ; 0x90 + 8009c82: f403 7340 and.w r3, r3, #768 ; 0x300 + switch(srcclk) + 8009c86: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 8009c8a: f000 8085 beq.w 8009d98 + 8009c8e: f5b3 7f40 cmp.w r3, #768 ; 0x300 + 8009c92: d00a beq.n 8009caa + 8009c94: f5b3 7f80 cmp.w r3, #256 ; 0x100 + 8009c98: d154 bne.n 8009d44 + if(HAL_IS_BIT_SET(RCC->BDCR, RCC_BDCR_LSERDY)) + 8009c9a: f8d5 0090 ldr.w r0, [r5, #144] ; 0x90 + frequency = LSE_VALUE; + 8009c9e: f010 0002 ands.w r0, r0, #2 + 8009ca2: bf18 it ne + 8009ca4: f44f 4000 movne.w r0, #32768 ; 0x8000 + 8009ca8: e11a b.n 8009ee0 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_HSERDY)) + 8009caa: 6828 ldr r0, [r5, #0] + frequency = HSE_VALUE / 32U; + 8009cac: 4b8e ldr r3, [pc, #568] ; (8009ee8 ) + 8009cae: f410 3000 ands.w r0, r0, #131072 ; 0x20000 + frequency = HSI_VALUE; + 8009cb2: bf18 it ne + 8009cb4: 4618 movne r0, r3 + 8009cb6: e113 b.n 8009ee0 + pll_oscsource = __HAL_RCC_GET_PLL_OSCSOURCE(); + 8009cb8: 68eb ldr r3, [r5, #12] + 8009cba: f003 0303 and.w r3, r3, #3 + switch(pll_oscsource) + 8009cbe: 2b02 cmp r3, #2 + 8009cc0: d02f beq.n 8009d22 + 8009cc2: 2b03 cmp r3, #3 + 8009cc4: d034 beq.n 8009d30 + 8009cc6: 2b01 cmp r3, #1 + 8009cc8: d137 bne.n 8009d3a + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_MSIRDY)) + 8009cca: 6829 ldr r1, [r5, #0] + 8009ccc: f011 0102 ands.w r1, r1, #2 + 8009cd0: d00c beq.n 8009cec + pllvco = MSIRangeTable[(__HAL_RCC_GET_MSI_RANGE() >> 4U)]; + 8009cd2: 682b ldr r3, [r5, #0] + 8009cd4: 4a85 ldr r2, [pc, #532] ; (8009eec ) + 8009cd6: 0719 lsls r1, r3, #28 + 8009cd8: bf4b itete mi + 8009cda: 682b ldrmi r3, [r5, #0] + 8009cdc: f8d5 3094 ldrpl.w r3, [r5, #148] ; 0x94 + 8009ce0: f3c3 1303 ubfxmi r3, r3, #4, #4 + 8009ce4: f3c3 2303 ubfxpl r3, r3, #8, #4 + 8009ce8: f852 1023 ldr.w r1, [r2, r3, lsl #2] + switch(PeriphClk) + 8009cec: f5b0 6f80 cmp.w r0, #1024 ; 0x400 + 8009cf0: f000 8226 beq.w 800a140 + 8009cf4: d858 bhi.n 8009da8 + 8009cf6: 2820 cmp r0, #32 + 8009cf8: f000 81be beq.w 800a078 + 8009cfc: d824 bhi.n 8009d48 + 8009cfe: 2808 cmp r0, #8 + 8009d00: d81d bhi.n 8009d3e + 8009d02: 2800 cmp r0, #0 + 8009d04: f000 80ec beq.w 8009ee0 + 8009d08: 3801 subs r0, #1 + 8009d0a: 2807 cmp r0, #7 + 8009d0c: d81a bhi.n 8009d44 + 8009d0e: e8df f010 tbh [pc, r0, lsl #1] + 8009d12: 0164 .short 0x0164 + 8009d14: 00190177 .word 0x00190177 + 8009d18: 00190189 .word 0x00190189 + 8009d1c: 00190019 .word 0x00190019 + 8009d20: 0196 .short 0x0196 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_HSIRDY)) + 8009d22: 6829 ldr r1, [r5, #0] + pllvco = HSI_VALUE; + 8009d24: 4b72 ldr r3, [pc, #456] ; (8009ef0 ) + 8009d26: f411 6180 ands.w r1, r1, #1024 ; 0x400 + pllvco = HSE_VALUE; + 8009d2a: bf18 it ne + 8009d2c: 4619 movne r1, r3 + 8009d2e: e7dd b.n 8009cec + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_HSERDY)) + 8009d30: 6829 ldr r1, [r5, #0] + pllvco = HSE_VALUE; + 8009d32: 4b70 ldr r3, [pc, #448] ; (8009ef4 ) + 8009d34: f411 3100 ands.w r1, r1, #131072 ; 0x20000 + 8009d38: e7f7 b.n 8009d2a + switch(pll_oscsource) + 8009d3a: 2100 movs r1, #0 + 8009d3c: e7d6 b.n 8009cec + switch(PeriphClk) + 8009d3e: 2810 cmp r0, #16 + 8009d40: f000 818a beq.w 800a058 + 8009d44: 2000 movs r0, #0 + 8009d46: e0cb b.n 8009ee0 + 8009d48: f5b0 7f80 cmp.w r0, #256 ; 0x100 + 8009d4c: f000 81ea beq.w 800a124 + 8009d50: d80f bhi.n 8009d72 + 8009d52: 2840 cmp r0, #64 ; 0x40 + 8009d54: f000 81d5 beq.w 800a102 + 8009d58: 2880 cmp r0, #128 ; 0x80 + 8009d5a: d1f3 bne.n 8009d44 + srcclk = __HAL_RCC_GET_I2C2_SOURCE(); + 8009d5c: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009d60: f403 4340 and.w r3, r3, #49152 ; 0xc000 + switch(srcclk) + 8009d64: f5b3 4f80 cmp.w r3, #16384 ; 0x4000 + 8009d68: f000 8157 beq.w 800a01a + 8009d6c: f5b3 4f00 cmp.w r3, #32768 ; 0x8000 + 8009d70: e1d0 b.n 800a114 + switch(PeriphClk) + 8009d72: f5b0 7f00 cmp.w r0, #512 ; 0x200 + 8009d76: d1e5 bne.n 8009d44 + srcclk = __HAL_RCC_GET_LPTIM1_SOURCE(); + 8009d78: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009d7c: f403 2340 and.w r3, r3, #786432 ; 0xc0000 + switch(srcclk) + 8009d80: f5b3 2f00 cmp.w r3, #524288 ; 0x80000 + 8009d84: f000 8137 beq.w 8009ff6 + 8009d88: f200 81d7 bhi.w 800a13a + 8009d8c: 2b00 cmp r3, #0 + 8009d8e: f000 81c6 beq.w 800a11e + 8009d92: f5b3 2f80 cmp.w r3, #262144 ; 0x40000 + 8009d96: d1d5 bne.n 8009d44 + if(HAL_IS_BIT_SET(RCC->CSR, RCC_CSR_LSIRDY)) + 8009d98: f8d5 0094 ldr.w r0, [r5, #148] ; 0x94 + frequency = LSI_VALUE; + 8009d9c: f010 0002 ands.w r0, r0, #2 + 8009da0: bf18 it ne + 8009da2: f44f 40fa movne.w r0, #32000 ; 0x7d00 + 8009da6: e09b b.n 8009ee0 + switch(PeriphClk) + 8009da8: f5b0 2f80 cmp.w r0, #262144 ; 0x40000 + 8009dac: d040 beq.n 8009e30 + 8009dae: d819 bhi.n 8009de4 + 8009db0: f5b0 5f00 cmp.w r0, #8192 ; 0x2000 + 8009db4: d03c beq.n 8009e30 + 8009db6: d808 bhi.n 8009dca + 8009db8: f5b0 6f00 cmp.w r0, #2048 ; 0x800 + 8009dbc: d002 beq.n 8009dc4 + 8009dbe: f5b0 5f80 cmp.w r0, #4096 ; 0x1000 + 8009dc2: d1bf bne.n 8009d44 +} + 8009dc4: bcf0 pop {r4, r5, r6, r7} + frequency = RCCEx_GetSAIxPeriphCLKFreq(RCC_PERIPHCLK_SAI1, pllvco); + 8009dc6: f7ff bb1b b.w 8009400 + switch(PeriphClk) + 8009dca: f5b0 4f80 cmp.w r0, #16384 ; 0x4000 + 8009dce: f000 8163 beq.w 800a098 + 8009dd2: f5b0 3f80 cmp.w r0, #65536 ; 0x10000 + 8009dd6: d1b5 bne.n 8009d44 + srcclk = __HAL_RCC_GET_DFSDM1_SOURCE(); + 8009dd8: f8d5 309c ldr.w r3, [r5, #156] ; 0x9c + if(srcclk == RCC_DFSDM1CLKSOURCE_PCLK2) + 8009ddc: 075a lsls r2, r3, #29 + 8009dde: f100 811c bmi.w 800a01a + 8009de2: e105 b.n 8009ff0 + switch(PeriphClk) + 8009de4: f5b0 1f00 cmp.w r0, #2097152 ; 0x200000 + 8009de8: f000 817c beq.w 800a0e4 + 8009dec: d80f bhi.n 8009e0e + 8009dee: f5b0 2f00 cmp.w r0, #524288 ; 0x80000 + 8009df2: f000 8081 beq.w 8009ef8 + 8009df6: f5b0 1f80 cmp.w r0, #1048576 ; 0x100000 + 8009dfa: d1a3 bne.n 8009d44 + srcclk = __HAL_RCC_GET_I2C4_SOURCE(); + 8009dfc: f8d5 309c ldr.w r3, [r5, #156] ; 0x9c + 8009e00: f003 0303 and.w r3, r3, #3 + switch(srcclk) + 8009e04: 2b01 cmp r3, #1 + 8009e06: f000 8108 beq.w 800a01a + 8009e0a: 2b02 cmp r3, #2 + 8009e0c: e182 b.n 800a114 + switch(PeriphClk) + 8009e0e: f1b0 7f80 cmp.w r0, #16777216 ; 0x1000000 + 8009e12: d197 bne.n 8009d44 + srcclk = __HAL_RCC_GET_OSPI_SOURCE(); + 8009e14: f8d5 309c ldr.w r3, [r5, #156] ; 0x9c + 8009e18: f403 1340 and.w r3, r3, #3145728 ; 0x300000 + switch(srcclk) + 8009e1c: f5b3 1f80 cmp.w r3, #1048576 ; 0x100000 + 8009e20: d033 beq.n 8009e8a + 8009e22: f5b3 1f00 cmp.w r3, #2097152 ; 0x200000 + 8009e26: f000 819c beq.w 800a162 + 8009e2a: 2b00 cmp r3, #0 + 8009e2c: d18a bne.n 8009d44 + 8009e2e: e0f4 b.n 800a01a + srcclk = READ_BIT(RCC->CCIPR, RCC_CCIPR_CLK48SEL); + 8009e30: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009e34: f003 6340 and.w r3, r3, #201326592 ; 0xc000000 + switch(srcclk) + 8009e38: f1b3 6f00 cmp.w r3, #134217728 ; 0x8000000 + 8009e3c: d037 beq.n 8009eae + 8009e3e: d820 bhi.n 8009e82 + 8009e40: 2b00 cmp r3, #0 + 8009e42: f000 80c4 beq.w 8009fce + 8009e46: f1b3 6f80 cmp.w r3, #67108864 ; 0x4000000 + 8009e4a: f47f af7b bne.w 8009d44 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLSAI1RDY)) + 8009e4e: 6828 ldr r0, [r5, #0] + 8009e50: f010 6000 ands.w r0, r0, #134217728 ; 0x8000000 + 8009e54: d044 beq.n 8009ee0 + if(HAL_IS_BIT_SET(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1QEN)) + 8009e56: 6928 ldr r0, [r5, #16] + 8009e58: f410 1080 ands.w r0, r0, #1048576 ; 0x100000 + 8009e5c: d040 beq.n 8009ee0 + plln = READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1N) >> RCC_PLLSAI1CFGR_PLLSAI1N_Pos; + 8009e5e: 692f ldr r7, [r5, #16] + 8009e60: f3c7 2706 ubfx r7, r7, #8, #7 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009e64: 4379 muls r1, r7 + 8009e66: 692f ldr r7, [r5, #16] + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1Q) >> RCC_PLLSAI1CFGR_PLLSAI1Q_Pos) + 1U) << 1U)); + 8009e68: 6928 ldr r0, [r5, #16] + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009e6a: f3c7 1703 ubfx r7, r7, #4, #4 + 8009e6e: 3701 adds r7, #1 + 8009e70: fbb1 f1f7 udiv r1, r1, r7 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009e74: f3c0 5041 ubfx r0, r0, #21, #2 + 8009e78: 3001 adds r0, #1 + 8009e7a: 0040 lsls r0, r0, #1 + 8009e7c: fbb1 f0f0 udiv r0, r1, r0 + 8009e80: e02e b.n 8009ee0 + 8009e82: f1b3 6f40 cmp.w r3, #201326592 ; 0xc000000 + 8009e86: f47f af5d bne.w 8009d44 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_MSIRDY)) + 8009e8a: 6828 ldr r0, [r5, #0] + 8009e8c: f010 0002 ands.w r0, r0, #2 + 8009e90: d026 beq.n 8009ee0 + frequency = MSIRangeTable[(__HAL_RCC_GET_MSI_RANGE() >> 4U)]; + 8009e92: 682b ldr r3, [r5, #0] + 8009e94: 4a15 ldr r2, [pc, #84] ; (8009eec ) + 8009e96: 071b lsls r3, r3, #28 + 8009e98: bf4b itete mi + 8009e9a: 682b ldrmi r3, [r5, #0] + 8009e9c: f8d5 3094 ldrpl.w r3, [r5, #148] ; 0x94 + 8009ea0: f3c3 1303 ubfxmi r3, r3, #4, #4 + 8009ea4: f3c3 2303 ubfxpl r3, r3, #8, #4 + 8009ea8: f852 0023 ldr.w r0, [r2, r3, lsl #2] + 8009eac: e018 b.n 8009ee0 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLRDY)) + 8009eae: 6828 ldr r0, [r5, #0] + 8009eb0: f010 7000 ands.w r0, r0, #33554432 ; 0x2000000 + 8009eb4: d014 beq.n 8009ee0 + if(HAL_IS_BIT_SET(RCC->PLLCFGR, RCC_PLLCFGR_PLLQEN)) + 8009eb6: 68e8 ldr r0, [r5, #12] + 8009eb8: f410 1080 ands.w r0, r0, #1048576 ; 0x100000 + 8009ebc: d010 beq.n 8009ee0 + plln = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 8009ebe: 68e8 ldr r0, [r5, #12] + 8009ec0: f3c0 2006 ubfx r0, r0, #8, #7 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009ec4: 4348 muls r0, r1 + 8009ec6: 68e9 ldr r1, [r5, #12] + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009ec8: 68ed ldr r5, [r5, #12] + 8009eca: f3c5 5541 ubfx r5, r5, #21, #2 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009ece: f3c1 1103 ubfx r1, r1, #4, #4 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009ed2: 3501 adds r5, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009ed4: 3101 adds r1, #1 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009ed6: 006d lsls r5, r5, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009ed8: fbb0 f0f1 udiv r0, r0, r1 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009edc: fbb0 f0f5 udiv r0, r0, r5 +} + 8009ee0: bcf0 pop {r4, r5, r6, r7} + 8009ee2: 4770 bx lr + 8009ee4: 40021000 .word 0x40021000 + 8009ee8: 0003d090 .word 0x0003d090 + 8009eec: 08010a70 .word 0x08010a70 + 8009ef0: 00f42400 .word 0x00f42400 + 8009ef4: 007a1200 .word 0x007a1200 + if(HAL_IS_BIT_SET(RCC->CCIPR2, RCC_CCIPR2_SDMMCSEL)) /* PLL "P" ? */ + 8009ef8: f8d5 009c ldr.w r0, [r5, #156] ; 0x9c + 8009efc: f410 4080 ands.w r0, r0, #16384 ; 0x4000 + 8009f00: d01f beq.n 8009f42 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLRDY)) + 8009f02: 6828 ldr r0, [r5, #0] + 8009f04: f010 7000 ands.w r0, r0, #33554432 ; 0x2000000 + 8009f08: d0ea beq.n 8009ee0 + if(HAL_IS_BIT_SET(RCC->PLLCFGR, RCC_PLLCFGR_PLLPEN)) + 8009f0a: 68e8 ldr r0, [r5, #12] + 8009f0c: f410 3080 ands.w r0, r0, #65536 ; 0x10000 + 8009f10: d0e6 beq.n 8009ee0 + plln = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 8009f12: 68ee ldr r6, [r5, #12] + 8009f14: f3c6 2606 ubfx r6, r6, #8, #7 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009f18: fb01 f006 mul.w r0, r1, r6 + 8009f1c: 68ee ldr r6, [r5, #12] + pllp = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLPDIV) >> RCC_PLLCFGR_PLLPDIV_Pos; + 8009f1e: 68eb ldr r3, [r5, #12] + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009f20: f3c6 1603 ubfx r6, r6, #4, #4 + if(pllp == 0U) + 8009f24: 0edb lsrs r3, r3, #27 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009f26: f106 0601 add.w r6, r6, #1 + 8009f2a: fbb0 f0f6 udiv r0, r0, r6 + if(pllp == 0U) + 8009f2e: d105 bne.n 8009f3c + if(READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLP) != 0U) + 8009f30: 68eb ldr r3, [r5, #12] + pllp = 7U; + 8009f32: f413 3f00 tst.w r3, #131072 ; 0x20000 + 8009f36: bf14 ite ne + 8009f38: 2311 movne r3, #17 + 8009f3a: 2307 moveq r3, #7 + frequency = (pllvco / pllp); + 8009f3c: fbb0 f0f3 udiv r0, r0, r3 + 8009f40: e7ce b.n 8009ee0 + srcclk = READ_BIT(RCC->CCIPR, RCC_CCIPR_CLK48SEL); + 8009f42: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009f46: f003 6340 and.w r3, r3, #201326592 ; 0xc000000 + switch(srcclk) + 8009f4a: f1b3 6f00 cmp.w r3, #134217728 ; 0x8000000 + 8009f4e: d024 beq.n 8009f9a + 8009f50: d81e bhi.n 8009f90 + 8009f52: 2b00 cmp r3, #0 + 8009f54: d03b beq.n 8009fce + 8009f56: f1b3 6f80 cmp.w r3, #67108864 ; 0x4000000 + 8009f5a: d1c1 bne.n 8009ee0 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLSAI1RDY)) + 8009f5c: 6828 ldr r0, [r5, #0] + 8009f5e: f010 6000 ands.w r0, r0, #134217728 ; 0x8000000 + 8009f62: d0bd beq.n 8009ee0 + if(HAL_IS_BIT_SET(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1QEN)) + 8009f64: 6928 ldr r0, [r5, #16] + 8009f66: f410 1080 ands.w r0, r0, #1048576 ; 0x100000 + 8009f6a: d0b9 beq.n 8009ee0 + plln = READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1N) >> RCC_PLLSAI1CFGR_PLLSAI1N_Pos; + 8009f6c: 692a ldr r2, [r5, #16] + 8009f6e: f3c2 2206 ubfx r2, r2, #8, #7 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009f72: 434a muls r2, r1 + 8009f74: 6929 ldr r1, [r5, #16] + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1Q) >> RCC_PLLSAI1CFGR_PLLSAI1Q_Pos) + 1U) << 1U)); + 8009f76: 6928 ldr r0, [r5, #16] + 8009f78: f3c0 5041 ubfx r0, r0, #21, #2 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009f7c: f3c1 1103 ubfx r1, r1, #4, #4 + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1Q) >> RCC_PLLSAI1CFGR_PLLSAI1Q_Pos) + 1U) << 1U)); + 8009f80: 3001 adds r0, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009f82: 3101 adds r1, #1 + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1Q) >> RCC_PLLSAI1CFGR_PLLSAI1Q_Pos) + 1U) << 1U)); + 8009f84: 0040 lsls r0, r0, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 8009f86: fbb2 f2f1 udiv r2, r2, r1 + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1Q) >> RCC_PLLSAI1CFGR_PLLSAI1Q_Pos) + 1U) << 1U)); + 8009f8a: fbb2 f0f0 udiv r0, r2, r0 + 8009f8e: e7a7 b.n 8009ee0 + 8009f90: f1b3 6f40 cmp.w r3, #201326592 ; 0xc000000 + 8009f94: f43f af79 beq.w 8009e8a + 8009f98: e7a2 b.n 8009ee0 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLRDY)) + 8009f9a: 6828 ldr r0, [r5, #0] + 8009f9c: f010 7000 ands.w r0, r0, #33554432 ; 0x2000000 + 8009fa0: d09e beq.n 8009ee0 + if(HAL_IS_BIT_SET(RCC->PLLCFGR, RCC_PLLCFGR_PLLQEN)) + 8009fa2: 68e8 ldr r0, [r5, #12] + 8009fa4: f410 1080 ands.w r0, r0, #1048576 ; 0x100000 + 8009fa8: d09a beq.n 8009ee0 + plln = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 8009faa: 68ec ldr r4, [r5, #12] + 8009fac: f3c4 2406 ubfx r4, r4, #8, #7 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009fb0: 434c muls r4, r1 + 8009fb2: 68e9 ldr r1, [r5, #12] + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009fb4: 68e8 ldr r0, [r5, #12] + 8009fb6: f3c0 5041 ubfx r0, r0, #21, #2 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009fba: f3c1 1103 ubfx r1, r1, #4, #4 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009fbe: 3001 adds r0, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009fc0: 3101 adds r1, #1 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009fc2: 0040 lsls r0, r0, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 8009fc4: fbb4 f4f1 udiv r4, r4, r1 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 8009fc8: fbb4 f0f0 udiv r0, r4, r0 + 8009fcc: e788 b.n 8009ee0 + if(HAL_IS_BIT_SET(RCC->CRRCR, RCC_CRRCR_HSI48RDY)) /* HSI48 ? */ + 8009fce: f8d5 0098 ldr.w r0, [r5, #152] ; 0x98 + frequency = HSI48_VALUE; + 8009fd2: 4b6f ldr r3, [pc, #444] ; (800a190 ) + 8009fd4: f010 0002 ands.w r0, r0, #2 + 8009fd8: e66b b.n 8009cb2 + srcclk = __HAL_RCC_GET_USART1_SOURCE(); + 8009fda: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 8009fde: f003 0303 and.w r3, r3, #3 + switch(srcclk) + 8009fe2: 2b02 cmp r3, #2 + 8009fe4: d007 beq.n 8009ff6 + 8009fe6: 2b03 cmp r3, #3 + 8009fe8: f43f ae57 beq.w 8009c9a + 8009fec: 2b01 cmp r3, #1 + 8009fee: d014 beq.n 800a01a +} + 8009ff0: bcf0 pop {r4, r5, r6, r7} + frequency = HAL_RCC_GetPCLK2Freq(); + 8009ff2: f7ff b95b b.w 80092ac + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_HSIRDY)) + 8009ff6: 6828 ldr r0, [r5, #0] + frequency = HSI_VALUE; + 8009ff8: 4b66 ldr r3, [pc, #408] ; (800a194 ) + 8009ffa: f410 6080 ands.w r0, r0, #1024 ; 0x400 + 8009ffe: e658 b.n 8009cb2 + srcclk = __HAL_RCC_GET_USART2_SOURCE(); + 800a000: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 800a004: f003 030c and.w r3, r3, #12 + switch(srcclk) + 800a008: 2b08 cmp r3, #8 + 800a00a: d0f4 beq.n 8009ff6 + 800a00c: d808 bhi.n 800a020 + 800a00e: 2b00 cmp r3, #0 + 800a010: f000 8085 beq.w 800a11e + 800a014: 2b04 cmp r3, #4 + 800a016: f47f ae95 bne.w 8009d44 +} + 800a01a: bcf0 pop {r4, r5, r6, r7} + frequency = HAL_RCC_GetSysClockFreq(); + 800a01c: f7fe bd38 b.w 8008a90 + 800a020: 2b0c cmp r3, #12 + 800a022: e639 b.n 8009c98 + srcclk = __HAL_RCC_GET_USART3_SOURCE(); + 800a024: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 800a028: f003 0330 and.w r3, r3, #48 ; 0x30 + switch(srcclk) + 800a02c: 2b20 cmp r3, #32 + 800a02e: d0e2 beq.n 8009ff6 + 800a030: d803 bhi.n 800a03a + 800a032: 2b00 cmp r3, #0 + 800a034: d073 beq.n 800a11e + 800a036: 2b10 cmp r3, #16 + 800a038: e7ed b.n 800a016 + 800a03a: 2b30 cmp r3, #48 ; 0x30 + 800a03c: e62c b.n 8009c98 + srcclk = __HAL_RCC_GET_UART4_SOURCE(); + 800a03e: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 800a042: f003 03c0 and.w r3, r3, #192 ; 0xc0 + switch(srcclk) + 800a046: 2b80 cmp r3, #128 ; 0x80 + 800a048: d0d5 beq.n 8009ff6 + 800a04a: d803 bhi.n 800a054 + 800a04c: 2b00 cmp r3, #0 + 800a04e: d066 beq.n 800a11e + 800a050: 2b40 cmp r3, #64 ; 0x40 + 800a052: e7e0 b.n 800a016 + 800a054: 2bc0 cmp r3, #192 ; 0xc0 + 800a056: e61f b.n 8009c98 + srcclk = __HAL_RCC_GET_UART5_SOURCE(); + 800a058: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 800a05c: f403 7340 and.w r3, r3, #768 ; 0x300 + switch(srcclk) + 800a060: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800a064: d0c7 beq.n 8009ff6 + 800a066: d804 bhi.n 800a072 + 800a068: 2b00 cmp r3, #0 + 800a06a: d058 beq.n 800a11e + 800a06c: f5b3 7f80 cmp.w r3, #256 ; 0x100 + 800a070: e7d1 b.n 800a016 + 800a072: f5b3 7f40 cmp.w r3, #768 ; 0x300 + 800a076: e60f b.n 8009c98 + srcclk = __HAL_RCC_GET_LPUART1_SOURCE(); + 800a078: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 800a07c: f403 6340 and.w r3, r3, #3072 ; 0xc00 + switch(srcclk) + 800a080: f5b3 6f00 cmp.w r3, #2048 ; 0x800 + 800a084: d0b7 beq.n 8009ff6 + 800a086: d804 bhi.n 800a092 + 800a088: 2b00 cmp r3, #0 + 800a08a: d048 beq.n 800a11e + 800a08c: f5b3 6f80 cmp.w r3, #1024 ; 0x400 + 800a090: e7c1 b.n 800a016 + 800a092: f5b3 6f40 cmp.w r3, #3072 ; 0xc00 + 800a096: e5ff b.n 8009c98 + srcclk = __HAL_RCC_GET_ADC_SOURCE(); + 800a098: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 800a09c: f003 5340 and.w r3, r3, #805306368 ; 0x30000000 + switch(srcclk) + 800a0a0: f1b3 5f80 cmp.w r3, #268435456 ; 0x10000000 + 800a0a4: d002 beq.n 800a0ac + 800a0a6: f1b3 5f40 cmp.w r3, #805306368 ; 0x30000000 + 800a0aa: e7b4 b.n 800a016 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLSAI1RDY) && (__HAL_RCC_GET_PLLSAI1CLKOUT_CONFIG(RCC_PLLSAI1_ADC1CLK) != 0U)) + 800a0ac: 6828 ldr r0, [r5, #0] + 800a0ae: f010 6000 ands.w r0, r0, #134217728 ; 0x8000000 + 800a0b2: f43f af15 beq.w 8009ee0 + 800a0b6: 6928 ldr r0, [r5, #16] + 800a0b8: f010 7080 ands.w r0, r0, #16777216 ; 0x1000000 + 800a0bc: f43f af10 beq.w 8009ee0 + plln = READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1N) >> RCC_PLLSAI1CFGR_PLLSAI1N_Pos; + 800a0c0: 692b ldr r3, [r5, #16] + 800a0c2: f3c3 2306 ubfx r3, r3, #8, #7 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 800a0c6: 434b muls r3, r1 + 800a0c8: 6929 ldr r1, [r5, #16] + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1R) >> RCC_PLLSAI1CFGR_PLLSAI1R_Pos) + 1U) << 1U)); + 800a0ca: 6928 ldr r0, [r5, #16] + 800a0cc: f3c0 6041 ubfx r0, r0, #25, #2 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 800a0d0: f3c1 1103 ubfx r1, r1, #4, #4 + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1R) >> RCC_PLLSAI1CFGR_PLLSAI1R_Pos) + 1U) << 1U)); + 800a0d4: 3001 adds r0, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 800a0d6: 3101 adds r1, #1 + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1R) >> RCC_PLLSAI1CFGR_PLLSAI1R_Pos) + 1U) << 1U)); + 800a0d8: 0040 lsls r0, r0, #1 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1M) >> RCC_PLLSAI1CFGR_PLLSAI1M_Pos) + 1U)); + 800a0da: fbb3 f3f1 udiv r3, r3, r1 + frequency = (pllvco / (((READ_BIT(RCC->PLLSAI1CFGR, RCC_PLLSAI1CFGR_PLLSAI1R) >> RCC_PLLSAI1CFGR_PLLSAI1R_Pos) + 1U) << 1U)); + 800a0de: fbb3 f0f0 udiv r0, r3, r0 + 800a0e2: e6fd b.n 8009ee0 + srcclk = __HAL_RCC_GET_DFSDM1AUDIO_SOURCE(); + 800a0e4: f8d5 309c ldr.w r3, [r5, #156] ; 0x9c + 800a0e8: f003 0318 and.w r3, r3, #24 + switch(srcclk) + 800a0ec: 2b08 cmp r3, #8 + 800a0ee: d082 beq.n 8009ff6 + 800a0f0: 2b10 cmp r3, #16 + 800a0f2: f43f aeca beq.w 8009e8a + 800a0f6: 2b00 cmp r3, #0 + 800a0f8: f47f ae24 bne.w 8009d44 + frequency = RCCEx_GetSAIxPeriphCLKFreq(RCC_PERIPHCLK_SAI1, pllvco); + 800a0fc: f44f 6000 mov.w r0, #2048 ; 0x800 + 800a100: e660 b.n 8009dc4 + srcclk = __HAL_RCC_GET_I2C1_SOURCE(); + 800a102: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 800a106: f403 5340 and.w r3, r3, #12288 ; 0x3000 + switch(srcclk) + 800a10a: f5b3 5f80 cmp.w r3, #4096 ; 0x1000 + 800a10e: d084 beq.n 800a01a + 800a110: f5b3 5f00 cmp.w r3, #8192 ; 0x2000 + 800a114: f43f af6f beq.w 8009ff6 + 800a118: 2b00 cmp r3, #0 + 800a11a: f47f ae13 bne.w 8009d44 +} + 800a11e: bcf0 pop {r4, r5, r6, r7} + frequency = HAL_RCC_GetPCLK1Freq(); + 800a120: f7ff b8b2 b.w 8009288 + srcclk = __HAL_RCC_GET_I2C3_SOURCE(); + 800a124: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 800a128: f403 3340 and.w r3, r3, #196608 ; 0x30000 + switch(srcclk) + 800a12c: f5b3 3f80 cmp.w r3, #65536 ; 0x10000 + 800a130: f43f af73 beq.w 800a01a + 800a134: f5b3 3f00 cmp.w r3, #131072 ; 0x20000 + 800a138: e7ec b.n 800a114 + 800a13a: f5b3 2f40 cmp.w r3, #786432 ; 0xc0000 + 800a13e: e5ab b.n 8009c98 + srcclk = __HAL_RCC_GET_LPTIM2_SOURCE(); + 800a140: f8d5 3088 ldr.w r3, [r5, #136] ; 0x88 + 800a144: f403 1340 and.w r3, r3, #3145728 ; 0x300000 + switch(srcclk) + 800a148: f5b3 1f00 cmp.w r3, #2097152 ; 0x200000 + 800a14c: f43f af53 beq.w 8009ff6 + 800a150: d804 bhi.n 800a15c + 800a152: 2b00 cmp r3, #0 + 800a154: d0e3 beq.n 800a11e + 800a156: f5b3 1f80 cmp.w r3, #1048576 ; 0x100000 + 800a15a: e61c b.n 8009d96 + 800a15c: f5b3 1f40 cmp.w r3, #3145728 ; 0x300000 + 800a160: e59a b.n 8009c98 + if(HAL_IS_BIT_SET(RCC->CR, RCC_CR_PLLRDY)) + 800a162: 6828 ldr r0, [r5, #0] + 800a164: f010 7000 ands.w r0, r0, #33554432 ; 0x2000000 + 800a168: f43f aeba beq.w 8009ee0 + if(HAL_IS_BIT_SET(RCC->PLLCFGR, RCC_PLLCFGR_PLLQEN)) + 800a16c: 68e8 ldr r0, [r5, #12] + 800a16e: f410 1080 ands.w r0, r0, #1048576 ; 0x100000 + 800a172: f43f aeb5 beq.w 8009ee0 + plln = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 800a176: 68e8 ldr r0, [r5, #12] + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 800a178: 68eb ldr r3, [r5, #12] + plln = READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLN) >> RCC_PLLCFGR_PLLN_Pos; + 800a17a: f3c0 2006 ubfx r0, r0, #8, #7 + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 800a17e: f3c3 1303 ubfx r3, r3, #4, #4 + 800a182: 4341 muls r1, r0 + 800a184: 3301 adds r3, #1 + frequency = (pllvco / (((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLQ) >> RCC_PLLCFGR_PLLQ_Pos) + 1U) << 1U)); + 800a186: 68e8 ldr r0, [r5, #12] + pllvco = ((pllvco * plln) / ((READ_BIT(RCC->PLLCFGR, RCC_PLLCFGR_PLLM) >> RCC_PLLCFGR_PLLM_Pos) + 1U)); + 800a188: fbb1 f1f3 udiv r1, r1, r3 + 800a18c: e672 b.n 8009e74 + 800a18e: bf00 nop + 800a190: 02dc6c00 .word 0x02dc6c00 + 800a194: 00f42400 .word 0x00f42400 + +0800a198 : +{ + 800a198: b570 push {r4, r5, r6, lr} + __HAL_RCC_PLLSAI1_DISABLE(); + 800a19a: 4c20 ldr r4, [pc, #128] ; (800a21c ) + 800a19c: 6823 ldr r3, [r4, #0] + 800a19e: f023 6380 bic.w r3, r3, #67108864 ; 0x4000000 + 800a1a2: 6023 str r3, [r4, #0] +{ + 800a1a4: 4605 mov r5, r0 + tickstart = HAL_GetTick(); + 800a1a6: f7fd f91f bl 80073e8 + 800a1aa: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI1RDY) != 0U) + 800a1ac: 6823 ldr r3, [r4, #0] + 800a1ae: 011a lsls r2, r3, #4 + 800a1b0: d423 bmi.n 800a1fa + __HAL_RCC_PLLSAI1_CONFIG(PLLSAI1Init->PLLSAI1M, PLLSAI1Init->PLLSAI1N, PLLSAI1Init->PLLSAI1P, PLLSAI1Init->PLLSAI1Q, PLLSAI1Init->PLLSAI1R); + 800a1b2: e9d5 2302 ldrd r2, r3, [r5, #8] + 800a1b6: 06db lsls r3, r3, #27 + 800a1b8: 6921 ldr r1, [r4, #16] + 800a1ba: ea43 2302 orr.w r3, r3, r2, lsl #8 + 800a1be: 4a18 ldr r2, [pc, #96] ; (800a220 ) + 800a1c0: 400a ands r2, r1 + 800a1c2: 4313 orrs r3, r2 + 800a1c4: 686a ldr r2, [r5, #4] + 800a1c6: 3a01 subs r2, #1 + 800a1c8: ea43 1302 orr.w r3, r3, r2, lsl #4 + 800a1cc: 692a ldr r2, [r5, #16] + 800a1ce: 0852 lsrs r2, r2, #1 + 800a1d0: 3a01 subs r2, #1 + 800a1d2: ea43 5342 orr.w r3, r3, r2, lsl #21 + 800a1d6: 696a ldr r2, [r5, #20] + 800a1d8: 0852 lsrs r2, r2, #1 + 800a1da: 3a01 subs r2, #1 + 800a1dc: ea43 6342 orr.w r3, r3, r2, lsl #25 + 800a1e0: 6123 str r3, [r4, #16] + __HAL_RCC_PLLSAI1CLKOUT_ENABLE(PLLSAI1Init->PLLSAI1ClockOut); + 800a1e2: 6923 ldr r3, [r4, #16] + 800a1e4: 69aa ldr r2, [r5, #24] + 800a1e6: 4313 orrs r3, r2 + 800a1e8: 6123 str r3, [r4, #16] + __HAL_RCC_PLLSAI1_ENABLE(); + 800a1ea: 6823 ldr r3, [r4, #0] + 800a1ec: f043 6380 orr.w r3, r3, #67108864 ; 0x4000000 + 800a1f0: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 800a1f2: f7fd f8f9 bl 80073e8 + 800a1f6: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI1RDY) == 0U) + 800a1f8: e00b b.n 800a212 + if((HAL_GetTick() - tickstart) > PLLSAI1_TIMEOUT_VALUE) + 800a1fa: f7fd f8f5 bl 80073e8 + 800a1fe: 1b80 subs r0, r0, r6 + 800a200: 2802 cmp r0, #2 + 800a202: d9d3 bls.n 800a1ac + status = HAL_TIMEOUT; + 800a204: 2003 movs r0, #3 +} + 800a206: bd70 pop {r4, r5, r6, pc} + if((HAL_GetTick() - tickstart) > PLLSAI1_TIMEOUT_VALUE) + 800a208: f7fd f8ee bl 80073e8 + 800a20c: 1b40 subs r0, r0, r5 + 800a20e: 2802 cmp r0, #2 + 800a210: d8f8 bhi.n 800a204 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI1RDY) == 0U) + 800a212: 6823 ldr r3, [r4, #0] + 800a214: 011b lsls r3, r3, #4 + 800a216: d5f7 bpl.n 800a208 + 800a218: 2000 movs r0, #0 + return status; + 800a21a: e7f4 b.n 800a206 + 800a21c: 40021000 .word 0x40021000 + 800a220: 019d800f .word 0x019d800f + +0800a224 : +{ + 800a224: b538 push {r3, r4, r5, lr} + __HAL_RCC_PLLSAI1_DISABLE(); + 800a226: 4c11 ldr r4, [pc, #68] ; (800a26c ) + 800a228: 6823 ldr r3, [r4, #0] + 800a22a: f023 6380 bic.w r3, r3, #67108864 ; 0x4000000 + 800a22e: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 800a230: f7fd f8da bl 80073e8 + 800a234: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI1RDY) != 0U) + 800a236: 6823 ldr r3, [r4, #0] + 800a238: f013 6300 ands.w r3, r3, #134217728 ; 0x8000000 + 800a23c: d10f bne.n 800a25e + HAL_StatusTypeDef status = HAL_OK; + 800a23e: 4618 mov r0, r3 + __HAL_RCC_PLLSAI1CLKOUT_DISABLE(RCC_PLLSAI1CFGR_PLLSAI1PEN|RCC_PLLSAI1CFGR_PLLSAI1QEN|RCC_PLLSAI1CFGR_PLLSAI1REN); + 800a240: 6923 ldr r3, [r4, #16] + 800a242: f023 7388 bic.w r3, r3, #17825792 ; 0x1100000 + 800a246: f423 3380 bic.w r3, r3, #65536 ; 0x10000 + 800a24a: 6123 str r3, [r4, #16] + if(READ_BIT(RCC->CR, (RCC_CR_PLLRDY | RCC_CR_PLLSAI2RDY)) == 0U) + 800a24c: 6823 ldr r3, [r4, #0] + 800a24e: f013 5f08 tst.w r3, #570425344 ; 0x22000000 + MODIFY_REG(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC, RCC_PLLSOURCE_NONE); + 800a252: bf02 ittt eq + 800a254: 68e3 ldreq r3, [r4, #12] + 800a256: f023 0303 biceq.w r3, r3, #3 + 800a25a: 60e3 streq r3, [r4, #12] +} + 800a25c: bd38 pop {r3, r4, r5, pc} + if((HAL_GetTick() - tickstart) > PLLSAI1_TIMEOUT_VALUE) + 800a25e: f7fd f8c3 bl 80073e8 + 800a262: 1b40 subs r0, r0, r5 + 800a264: 2802 cmp r0, #2 + 800a266: d9e6 bls.n 800a236 + status = HAL_TIMEOUT; + 800a268: 2003 movs r0, #3 + 800a26a: e7e9 b.n 800a240 + 800a26c: 40021000 .word 0x40021000 + +0800a270 : +{ + 800a270: b570 push {r4, r5, r6, lr} + __HAL_RCC_PLLSAI2_DISABLE(); + 800a272: 4c20 ldr r4, [pc, #128] ; (800a2f4 ) + 800a274: 6823 ldr r3, [r4, #0] + 800a276: f023 5380 bic.w r3, r3, #268435456 ; 0x10000000 + 800a27a: 6023 str r3, [r4, #0] +{ + 800a27c: 4605 mov r5, r0 + tickstart = HAL_GetTick(); + 800a27e: f7fd f8b3 bl 80073e8 + 800a282: 4606 mov r6, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI2RDY) != 0U) + 800a284: 6823 ldr r3, [r4, #0] + 800a286: 009a lsls r2, r3, #2 + 800a288: d423 bmi.n 800a2d2 + __HAL_RCC_PLLSAI2_CONFIG(PLLSAI2Init->PLLSAI2M, PLLSAI2Init->PLLSAI2N, PLLSAI2Init->PLLSAI2P, PLLSAI2Init->PLLSAI2Q, PLLSAI2Init->PLLSAI2R); + 800a28a: e9d5 2302 ldrd r2, r3, [r5, #8] + 800a28e: 06db lsls r3, r3, #27 + 800a290: 6961 ldr r1, [r4, #20] + 800a292: ea43 2302 orr.w r3, r3, r2, lsl #8 + 800a296: 4a18 ldr r2, [pc, #96] ; (800a2f8 ) + 800a298: 400a ands r2, r1 + 800a29a: 4313 orrs r3, r2 + 800a29c: 686a ldr r2, [r5, #4] + 800a29e: 3a01 subs r2, #1 + 800a2a0: ea43 1302 orr.w r3, r3, r2, lsl #4 + 800a2a4: 692a ldr r2, [r5, #16] + 800a2a6: 0852 lsrs r2, r2, #1 + 800a2a8: 3a01 subs r2, #1 + 800a2aa: ea43 5342 orr.w r3, r3, r2, lsl #21 + 800a2ae: 696a ldr r2, [r5, #20] + 800a2b0: 0852 lsrs r2, r2, #1 + 800a2b2: 3a01 subs r2, #1 + 800a2b4: ea43 6342 orr.w r3, r3, r2, lsl #25 + 800a2b8: 6163 str r3, [r4, #20] + __HAL_RCC_PLLSAI2CLKOUT_ENABLE(PLLSAI2Init->PLLSAI2ClockOut); + 800a2ba: 6963 ldr r3, [r4, #20] + 800a2bc: 69aa ldr r2, [r5, #24] + 800a2be: 4313 orrs r3, r2 + 800a2c0: 6163 str r3, [r4, #20] + __HAL_RCC_PLLSAI2_ENABLE(); + 800a2c2: 6823 ldr r3, [r4, #0] + 800a2c4: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + 800a2c8: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 800a2ca: f7fd f88d bl 80073e8 + 800a2ce: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI2RDY) == 0U) + 800a2d0: e00b b.n 800a2ea + if((HAL_GetTick() - tickstart) > PLLSAI2_TIMEOUT_VALUE) + 800a2d2: f7fd f889 bl 80073e8 + 800a2d6: 1b80 subs r0, r0, r6 + 800a2d8: 2802 cmp r0, #2 + 800a2da: d9d3 bls.n 800a284 + status = HAL_TIMEOUT; + 800a2dc: 2003 movs r0, #3 +} + 800a2de: bd70 pop {r4, r5, r6, pc} + if((HAL_GetTick() - tickstart) > PLLSAI2_TIMEOUT_VALUE) + 800a2e0: f7fd f882 bl 80073e8 + 800a2e4: 1b40 subs r0, r0, r5 + 800a2e6: 2802 cmp r0, #2 + 800a2e8: d8f8 bhi.n 800a2dc + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI2RDY) == 0U) + 800a2ea: 6823 ldr r3, [r4, #0] + 800a2ec: 009b lsls r3, r3, #2 + 800a2ee: d5f7 bpl.n 800a2e0 + 800a2f0: 2000 movs r0, #0 + return status; + 800a2f2: e7f4 b.n 800a2de + 800a2f4: 40021000 .word 0x40021000 + 800a2f8: 019d800f .word 0x019d800f + +0800a2fc : +{ + 800a2fc: b538 push {r3, r4, r5, lr} + __HAL_RCC_PLLSAI2_DISABLE(); + 800a2fe: 4c11 ldr r4, [pc, #68] ; (800a344 ) + 800a300: 6823 ldr r3, [r4, #0] + 800a302: f023 5380 bic.w r3, r3, #268435456 ; 0x10000000 + 800a306: 6023 str r3, [r4, #0] + tickstart = HAL_GetTick(); + 800a308: f7fd f86e bl 80073e8 + 800a30c: 4605 mov r5, r0 + while(READ_BIT(RCC->CR, RCC_CR_PLLSAI2RDY) != 0U) + 800a30e: 6823 ldr r3, [r4, #0] + 800a310: f013 5300 ands.w r3, r3, #536870912 ; 0x20000000 + 800a314: d10f bne.n 800a336 + HAL_StatusTypeDef status = HAL_OK; + 800a316: 4618 mov r0, r3 + __HAL_RCC_PLLSAI2CLKOUT_DISABLE(RCC_PLLSAI2CFGR_PLLSAI2PEN|RCC_PLLSAI2CFGR_PLLSAI2QEN|RCC_PLLSAI2CFGR_PLLSAI2REN); + 800a318: 6963 ldr r3, [r4, #20] + 800a31a: f023 7388 bic.w r3, r3, #17825792 ; 0x1100000 + 800a31e: f423 3380 bic.w r3, r3, #65536 ; 0x10000 + 800a322: 6163 str r3, [r4, #20] + if(READ_BIT(RCC->CR, (RCC_CR_PLLRDY | RCC_CR_PLLSAI1RDY)) == 0U) + 800a324: 6823 ldr r3, [r4, #0] + 800a326: f013 6f20 tst.w r3, #167772160 ; 0xa000000 + MODIFY_REG(RCC->PLLCFGR, RCC_PLLCFGR_PLLSRC, RCC_PLLSOURCE_NONE); + 800a32a: bf02 ittt eq + 800a32c: 68e3 ldreq r3, [r4, #12] + 800a32e: f023 0303 biceq.w r3, r3, #3 + 800a332: 60e3 streq r3, [r4, #12] +} + 800a334: bd38 pop {r3, r4, r5, pc} + if((HAL_GetTick() - tickstart) > PLLSAI2_TIMEOUT_VALUE) + 800a336: f7fd f857 bl 80073e8 + 800a33a: 1b40 subs r0, r0, r5 + 800a33c: 2802 cmp r0, #2 + 800a33e: d9e6 bls.n 800a30e + status = HAL_TIMEOUT; + 800a340: 2003 movs r0, #3 + 800a342: e7e9 b.n 800a318 + 800a344: 40021000 .word 0x40021000 + +0800a348 : + __HAL_RCC_WAKEUPSTOP_CLK_CONFIG(WakeUpClk); + 800a348: 4a03 ldr r2, [pc, #12] ; (800a358 ) + 800a34a: 6893 ldr r3, [r2, #8] + 800a34c: f423 4300 bic.w r3, r3, #32768 ; 0x8000 + 800a350: 4318 orrs r0, r3 + 800a352: 6090 str r0, [r2, #8] +} + 800a354: 4770 bx lr + 800a356: bf00 nop + 800a358: 40021000 .word 0x40021000 + +0800a35c : + __HAL_RCC_MSI_STANDBY_RANGE_CONFIG(MSIRange); + 800a35c: 4a04 ldr r2, [pc, #16] ; (800a370 ) + 800a35e: f8d2 3094 ldr.w r3, [r2, #148] ; 0x94 + 800a362: f423 6370 bic.w r3, r3, #3840 ; 0xf00 + 800a366: ea43 1000 orr.w r0, r3, r0, lsl #4 + 800a36a: f8c2 0094 str.w r0, [r2, #148] ; 0x94 +} + 800a36e: 4770 bx lr + 800a370: 40021000 .word 0x40021000 + +0800a374 : + SET_BIT(RCC->BDCR, RCC_BDCR_LSECSSON); + 800a374: 4a03 ldr r2, [pc, #12] ; (800a384 ) + 800a376: f8d2 3090 ldr.w r3, [r2, #144] ; 0x90 + 800a37a: f043 0320 orr.w r3, r3, #32 + 800a37e: f8c2 3090 str.w r3, [r2, #144] ; 0x90 +} + 800a382: 4770 bx lr + 800a384: 40021000 .word 0x40021000 + +0800a388 : + CLEAR_BIT(RCC->BDCR, RCC_BDCR_LSECSSON) ; + 800a388: 4b05 ldr r3, [pc, #20] ; (800a3a0 ) + 800a38a: f8d3 2090 ldr.w r2, [r3, #144] ; 0x90 + 800a38e: f022 0220 bic.w r2, r2, #32 + 800a392: f8c3 2090 str.w r2, [r3, #144] ; 0x90 + __HAL_RCC_DISABLE_IT(RCC_IT_LSECSS); + 800a396: 699a ldr r2, [r3, #24] + 800a398: f422 7200 bic.w r2, r2, #512 ; 0x200 + 800a39c: 619a str r2, [r3, #24] +} + 800a39e: 4770 bx lr + 800a3a0: 40021000 .word 0x40021000 + +0800a3a4 : + SET_BIT(RCC->BDCR, RCC_BDCR_LSECSSON) ; + 800a3a4: 4b0a ldr r3, [pc, #40] ; (800a3d0 ) + 800a3a6: f8d3 2090 ldr.w r2, [r3, #144] ; 0x90 + 800a3aa: f042 0220 orr.w r2, r2, #32 + 800a3ae: f8c3 2090 str.w r2, [r3, #144] ; 0x90 + __HAL_RCC_ENABLE_IT(RCC_IT_LSECSS); + 800a3b2: 699a ldr r2, [r3, #24] + 800a3b4: f442 7200 orr.w r2, r2, #512 ; 0x200 + 800a3b8: 619a str r2, [r3, #24] + __HAL_RCC_LSECSS_EXTI_ENABLE_IT(); + 800a3ba: f5a3 3386 sub.w r3, r3, #68608 ; 0x10c00 + 800a3be: 681a ldr r2, [r3, #0] + 800a3c0: f442 2200 orr.w r2, r2, #524288 ; 0x80000 + 800a3c4: 601a str r2, [r3, #0] + __HAL_RCC_LSECSS_EXTI_ENABLE_RISING_EDGE(); + 800a3c6: 689a ldr r2, [r3, #8] + 800a3c8: f442 2200 orr.w r2, r2, #524288 ; 0x80000 + 800a3cc: 609a str r2, [r3, #8] +} + 800a3ce: 4770 bx lr + 800a3d0: 40021000 .word 0x40021000 + +0800a3d4 : +} + 800a3d4: 4770 bx lr + ... + +0800a3d8 : +{ + 800a3d8: b510 push {r4, lr} + if(__HAL_RCC_GET_IT(RCC_IT_LSECSS)) + 800a3da: 4c05 ldr r4, [pc, #20] ; (800a3f0 ) + 800a3dc: 69e3 ldr r3, [r4, #28] + 800a3de: 059b lsls r3, r3, #22 + 800a3e0: d504 bpl.n 800a3ec + HAL_RCCEx_LSECSS_Callback(); + 800a3e2: f7ff fff7 bl 800a3d4 + __HAL_RCC_CLEAR_IT(RCC_IT_LSECSS); + 800a3e6: f44f 7300 mov.w r3, #512 ; 0x200 + 800a3ea: 6223 str r3, [r4, #32] +} + 800a3ec: bd10 pop {r4, pc} + 800a3ee: bf00 nop + 800a3f0: 40021000 .word 0x40021000 + +0800a3f4 : + SET_BIT(RCC->CR, RCC_CR_MSIPLLEN) ; + 800a3f4: 4a02 ldr r2, [pc, #8] ; (800a400 ) + 800a3f6: 6813 ldr r3, [r2, #0] + 800a3f8: f043 0304 orr.w r3, r3, #4 + 800a3fc: 6013 str r3, [r2, #0] +} + 800a3fe: 4770 bx lr + 800a400: 40021000 .word 0x40021000 + +0800a404 : + CLEAR_BIT(RCC->CR, RCC_CR_MSIPLLEN) ; + 800a404: 4a02 ldr r2, [pc, #8] ; (800a410 ) + 800a406: 6813 ldr r3, [r2, #0] + 800a408: f023 0304 bic.w r3, r3, #4 + 800a40c: 6013 str r3, [r2, #0] +} + 800a40e: 4770 bx lr + 800a410: 40021000 .word 0x40021000 + +0800a414 : + MODIFY_REG(RCC->DLYCFGR, RCC_DLYCFGR_OCTOSPI1_DLY|RCC_DLYCFGR_OCTOSPI2_DLY, (Delay1 | (Delay2 << RCC_DLYCFGR_OCTOSPI2_DLY_Pos))) ; + 800a414: 4a05 ldr r2, [pc, #20] ; (800a42c ) + 800a416: f8d2 30a4 ldr.w r3, [r2, #164] ; 0xa4 + 800a41a: f023 03ff bic.w r3, r3, #255 ; 0xff + 800a41e: 4318 orrs r0, r3 + 800a420: ea40 1101 orr.w r1, r0, r1, lsl #4 + 800a424: f8c2 10a4 str.w r1, [r2, #164] ; 0xa4 +} + 800a428: 4770 bx lr + 800a42a: bf00 nop + 800a42c: 40021000 .word 0x40021000 + +0800a430 : + __HAL_RCC_CRS_FORCE_RESET(); + 800a430: 4b10 ldr r3, [pc, #64] ; (800a474 ) + 800a432: 6b9a ldr r2, [r3, #56] ; 0x38 + 800a434: f042 7280 orr.w r2, r2, #16777216 ; 0x1000000 + 800a438: 639a str r2, [r3, #56] ; 0x38 + __HAL_RCC_CRS_RELEASE_RESET(); + 800a43a: 6b9a ldr r2, [r3, #56] ; 0x38 + 800a43c: f022 7280 bic.w r2, r2, #16777216 ; 0x1000000 + 800a440: 639a str r2, [r3, #56] ; 0x38 + value = (pInit->Prescaler | pInit->Source | pInit->Polarity); + 800a442: e9d0 3200 ldrd r3, r2, [r0] + 800a446: 4313 orrs r3, r2 + 800a448: 6882 ldr r2, [r0, #8] + 800a44a: 4313 orrs r3, r2 + value |= pInit->ReloadValue; + 800a44c: 68c2 ldr r2, [r0, #12] + 800a44e: 4313 orrs r3, r2 + value |= (pInit->ErrorLimitValue << CRS_CFGR_FELIM_Pos); + 800a450: 6902 ldr r2, [r0, #16] + 800a452: ea43 4302 orr.w r3, r3, r2, lsl #16 + WRITE_REG(CRS->CFGR, value); + 800a456: 4a08 ldr r2, [pc, #32] ; (800a478 ) + 800a458: 6053 str r3, [r2, #4] + MODIFY_REG(CRS->CR, CRS_CR_TRIM, (pInit->HSI48CalibrationValue << CRS_CR_TRIM_Pos)); + 800a45a: 6813 ldr r3, [r2, #0] + 800a45c: 6941 ldr r1, [r0, #20] + 800a45e: f423 537c bic.w r3, r3, #16128 ; 0x3f00 + 800a462: ea43 2301 orr.w r3, r3, r1, lsl #8 + 800a466: 6013 str r3, [r2, #0] + SET_BIT(CRS->CR, CRS_CR_AUTOTRIMEN | CRS_CR_CEN); + 800a468: 6813 ldr r3, [r2, #0] + 800a46a: f043 0360 orr.w r3, r3, #96 ; 0x60 + 800a46e: 6013 str r3, [r2, #0] +} + 800a470: 4770 bx lr + 800a472: bf00 nop + 800a474: 40021000 .word 0x40021000 + 800a478: 40006000 .word 0x40006000 + +0800a47c : + SET_BIT(CRS->CR, CRS_CR_SWSYNC); + 800a47c: 4a02 ldr r2, [pc, #8] ; (800a488 ) + 800a47e: 6813 ldr r3, [r2, #0] + 800a480: f043 0380 orr.w r3, r3, #128 ; 0x80 + 800a484: 6013 str r3, [r2, #0] +} + 800a486: 4770 bx lr + 800a488: 40006000 .word 0x40006000 + +0800a48c : + pSynchroInfo->ReloadValue = (READ_BIT(CRS->CFGR, CRS_CFGR_RELOAD)); + 800a48c: 4b07 ldr r3, [pc, #28] ; (800a4ac ) + 800a48e: 685a ldr r2, [r3, #4] + 800a490: b292 uxth r2, r2 + 800a492: 6002 str r2, [r0, #0] + pSynchroInfo->HSI48CalibrationValue = (READ_BIT(CRS->CR, CRS_CR_TRIM) >> CRS_CR_TRIM_Pos); + 800a494: 681a ldr r2, [r3, #0] + 800a496: f3c2 2205 ubfx r2, r2, #8, #6 + 800a49a: 6042 str r2, [r0, #4] + pSynchroInfo->FreqErrorCapture = (READ_BIT(CRS->ISR, CRS_ISR_FECAP) >> CRS_ISR_FECAP_Pos); + 800a49c: 689a ldr r2, [r3, #8] + 800a49e: 0c12 lsrs r2, r2, #16 + 800a4a0: 6082 str r2, [r0, #8] + pSynchroInfo->FreqErrorDirection = (READ_BIT(CRS->ISR, CRS_ISR_FEDIR)); + 800a4a2: 689b ldr r3, [r3, #8] + 800a4a4: f403 4300 and.w r3, r3, #32768 ; 0x8000 + 800a4a8: 60c3 str r3, [r0, #12] +} + 800a4aa: 4770 bx lr + 800a4ac: 40006000 .word 0x40006000 + +0800a4b0 : +{ + 800a4b0: b5f8 push {r3, r4, r5, r6, r7, lr} + 800a4b2: 4605 mov r5, r0 + tickstart = HAL_GetTick(); + 800a4b4: f7fc ff98 bl 80073e8 + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCOK)) + 800a4b8: 4c1e ldr r4, [pc, #120] ; (800a534 ) + tickstart = HAL_GetTick(); + 800a4ba: 4606 mov r6, r0 + __HAL_RCC_CRS_CLEAR_FLAG(RCC_CRS_FLAG_SYNCOK); + 800a4bc: 2701 movs r7, #1 + if(Timeout != HAL_MAX_DELAY) + 800a4be: 1c68 adds r0, r5, #1 + 800a4c0: d12f bne.n 800a522 + crsstatus = RCC_CRS_TIMEOUT; + 800a4c2: 2000 movs r0, #0 + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCOK)) + 800a4c4: 68a2 ldr r2, [r4, #8] + 800a4c6: 07d1 lsls r1, r2, #31 + __HAL_RCC_CRS_CLEAR_FLAG(RCC_CRS_FLAG_SYNCOK); + 800a4c8: bf48 it mi + 800a4ca: 60e7 strmi r7, [r4, #12] + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCWARN)) + 800a4cc: 68a2 ldr r2, [r4, #8] + crsstatus |= RCC_CRS_SYNCOK; + 800a4ce: bf48 it mi + 800a4d0: f040 0002 orrmi.w r0, r0, #2 + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCWARN)) + 800a4d4: 0792 lsls r2, r2, #30 + __HAL_RCC_CRS_CLEAR_FLAG(RCC_CRS_FLAG_SYNCWARN); + 800a4d6: bf44 itt mi + 800a4d8: 2202 movmi r2, #2 + 800a4da: 60e2 strmi r2, [r4, #12] + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_TRIMOVF)) + 800a4dc: 68a2 ldr r2, [r4, #8] + crsstatus |= RCC_CRS_SYNCWARN; + 800a4de: bf48 it mi + 800a4e0: f040 0004 orrmi.w r0, r0, #4 + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_TRIMOVF)) + 800a4e4: 0553 lsls r3, r2, #21 + __HAL_RCC_CRS_CLEAR_FLAG(RCC_CRS_FLAG_TRIMOVF); + 800a4e6: bf44 itt mi + 800a4e8: 2204 movmi r2, #4 + 800a4ea: 60e2 strmi r2, [r4, #12] + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCERR)) + 800a4ec: 68a2 ldr r2, [r4, #8] + crsstatus |= RCC_CRS_TRIMOVF; + 800a4ee: bf48 it mi + 800a4f0: f040 0020 orrmi.w r0, r0, #32 + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCERR)) + 800a4f4: 05d1 lsls r1, r2, #23 + __HAL_RCC_CRS_CLEAR_FLAG(RCC_CRS_FLAG_SYNCERR); + 800a4f6: bf44 itt mi + 800a4f8: 2204 movmi r2, #4 + 800a4fa: 60e2 strmi r2, [r4, #12] + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCMISS)) + 800a4fc: 68a2 ldr r2, [r4, #8] + crsstatus |= RCC_CRS_SYNCERR; + 800a4fe: bf48 it mi + 800a500: f040 0008 orrmi.w r0, r0, #8 + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_SYNCMISS)) + 800a504: 0592 lsls r2, r2, #22 + __HAL_RCC_CRS_CLEAR_FLAG(RCC_CRS_FLAG_SYNCMISS); + 800a506: bf44 itt mi + 800a508: 2204 movmi r2, #4 + 800a50a: 60e2 strmi r2, [r4, #12] + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_ESYNC)) + 800a50c: 68a2 ldr r2, [r4, #8] + crsstatus |= RCC_CRS_SYNCMISS; + 800a50e: bf48 it mi + 800a510: f040 0010 orrmi.w r0, r0, #16 + if(__HAL_RCC_CRS_GET_FLAG(RCC_CRS_FLAG_ESYNC)) + 800a514: 0713 lsls r3, r2, #28 + __HAL_RCC_CRS_CLEAR_FLAG(RCC_CRS_FLAG_ESYNC); + 800a516: bf44 itt mi + 800a518: 2208 movmi r2, #8 + 800a51a: 60e2 strmi r2, [r4, #12] + } while(RCC_CRS_NONE == crsstatus); + 800a51c: 2800 cmp r0, #0 + 800a51e: d0ce beq.n 800a4be +} + 800a520: bdf8 pop {r3, r4, r5, r6, r7, pc} + if(((HAL_GetTick() - tickstart) > Timeout) || (Timeout == 0U)) + 800a522: f7fc ff61 bl 80073e8 + 800a526: 1b80 subs r0, r0, r6 + 800a528: 42a8 cmp r0, r5 + 800a52a: d801 bhi.n 800a530 + 800a52c: 2d00 cmp r5, #0 + 800a52e: d1c8 bne.n 800a4c2 + crsstatus = RCC_CRS_TIMEOUT; + 800a530: 2001 movs r0, #1 + 800a532: e7c7 b.n 800a4c4 + 800a534: 40006000 .word 0x40006000 + +0800a538 : + 800a538: 4770 bx lr + +0800a53a : + 800a53a: 4770 bx lr + +0800a53c : + 800a53c: 4770 bx lr + +0800a53e : +} + 800a53e: 4770 bx lr + +0800a540 : + uint32_t itflags = READ_REG(CRS->ISR); + 800a540: 491b ldr r1, [pc, #108] ; (800a5b0 ) +{ + 800a542: b508 push {r3, lr} + uint32_t itflags = READ_REG(CRS->ISR); + 800a544: 688b ldr r3, [r1, #8] + uint32_t itsources = READ_REG(CRS->CR); + 800a546: 680a ldr r2, [r1, #0] + if(((itflags & RCC_CRS_FLAG_SYNCOK) != 0U) && ((itsources & RCC_CRS_IT_SYNCOK) != 0U)) + 800a548: 07d8 lsls r0, r3, #31 + 800a54a: d506 bpl.n 800a55a + 800a54c: 07d0 lsls r0, r2, #31 + 800a54e: d504 bpl.n 800a55a + WRITE_REG(CRS->ICR, CRS_ICR_SYNCOKC); + 800a550: 2301 movs r3, #1 + 800a552: 60cb str r3, [r1, #12] + HAL_RCCEx_CRS_SyncOkCallback(); + 800a554: f7ff fff0 bl 800a538 +} + 800a558: bd08 pop {r3, pc} + else if(((itflags & RCC_CRS_FLAG_SYNCWARN) != 0U) && ((itsources & RCC_CRS_IT_SYNCWARN) != 0U)) + 800a55a: 0798 lsls r0, r3, #30 + 800a55c: d507 bpl.n 800a56e + 800a55e: 0791 lsls r1, r2, #30 + 800a560: d505 bpl.n 800a56e + WRITE_REG(CRS->ICR, CRS_ICR_SYNCWARNC); + 800a562: 4b13 ldr r3, [pc, #76] ; (800a5b0 ) + 800a564: 2202 movs r2, #2 + 800a566: 60da str r2, [r3, #12] + HAL_RCCEx_CRS_SyncWarnCallback(); + 800a568: f7ff ffe7 bl 800a53a + 800a56c: e7f4 b.n 800a558 + else if(((itflags & RCC_CRS_FLAG_ESYNC) != 0U) && ((itsources & RCC_CRS_IT_ESYNC) != 0U)) + 800a56e: 0718 lsls r0, r3, #28 + 800a570: d507 bpl.n 800a582 + 800a572: 0711 lsls r1, r2, #28 + 800a574: d505 bpl.n 800a582 + WRITE_REG(CRS->ICR, CRS_ICR_ESYNCC); + 800a576: 4b0e ldr r3, [pc, #56] ; (800a5b0 ) + 800a578: 2208 movs r2, #8 + 800a57a: 60da str r2, [r3, #12] + HAL_RCCEx_CRS_ExpectedSyncCallback(); + 800a57c: f7ff ffde bl 800a53c + 800a580: e7ea b.n 800a558 + if(((itflags & RCC_CRS_FLAG_ERR) != 0U) && ((itsources & RCC_CRS_IT_ERR) != 0U)) + 800a582: 0758 lsls r0, r3, #29 + 800a584: d5e8 bpl.n 800a558 + 800a586: 0751 lsls r1, r2, #29 + 800a588: d5e6 bpl.n 800a558 + crserror |= RCC_CRS_SYNCERR; + 800a58a: f413 7080 ands.w r0, r3, #256 ; 0x100 + 800a58e: bf18 it ne + 800a590: 2008 movne r0, #8 + if((itflags & RCC_CRS_FLAG_SYNCMISS) != 0U) + 800a592: 059a lsls r2, r3, #22 + crserror |= RCC_CRS_SYNCMISS; + 800a594: bf48 it mi + 800a596: f040 0010 orrmi.w r0, r0, #16 + if((itflags & RCC_CRS_FLAG_TRIMOVF) != 0U) + 800a59a: 055b lsls r3, r3, #21 + WRITE_REG(CRS->ICR, CRS_ICR_ERRC); + 800a59c: 4b04 ldr r3, [pc, #16] ; (800a5b0 ) + 800a59e: f04f 0204 mov.w r2, #4 + crserror |= RCC_CRS_TRIMOVF; + 800a5a2: bf48 it mi + 800a5a4: f040 0020 orrmi.w r0, r0, #32 + WRITE_REG(CRS->ICR, CRS_ICR_ERRC); + 800a5a8: 60da str r2, [r3, #12] + HAL_RCCEx_CRS_ErrorCallback(crserror); + 800a5aa: f7ff ffc8 bl 800a53e +} + 800a5ae: e7d3 b.n 800a558 + 800a5b0: 40006000 .word 0x40006000 + +0800a5b4 : + * processing is suspended when possible and the Peripheral feeding point reached at + * suspension time is stored in the handle for resumption later on. + * @retval HAL status + */ +static HAL_StatusTypeDef HASH_WriteData(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size) +{ + 800a5b4: b573 push {r0, r1, r4, r5, r6, lr} + __IO uint32_t inputaddr = (uint32_t) pInBuffer; + + for(buffercounter = 0U; buffercounter < Size; buffercounter+=4U) + { + /* Write input data 4 bytes at a time */ + HASH->DIN = *(uint32_t*)inputaddr; + 800a5b6: 4d1e ldr r5, [pc, #120] ; (800a630 ) + __IO uint32_t inputaddr = (uint32_t) pInBuffer; + 800a5b8: 9101 str r1, [sp, #4] +{ + 800a5ba: 4604 mov r4, r0 + for(buffercounter = 0U; buffercounter < Size; buffercounter+=4U) + 800a5bc: 2100 movs r1, #0 + 800a5be: 4291 cmp r1, r2 + 800a5c0: d221 bcs.n 800a606 + HASH->DIN = *(uint32_t*)inputaddr; + 800a5c2: 9b01 ldr r3, [sp, #4] + 800a5c4: 681b ldr r3, [r3, #0] + 800a5c6: 606b str r3, [r5, #4] + inputaddr+=4U; + 800a5c8: 9b01 ldr r3, [sp, #4] + + /* If the suspension flag has been raised and if the processing is not about + to end, suspend processing */ + if ((hhash->SuspendRequest == HAL_HASH_SUSPEND) && ((buffercounter+4U) < Size)) + 800a5ca: f894 0036 ldrb.w r0, [r4, #54] ; 0x36 + inputaddr+=4U; + 800a5ce: 3304 adds r3, #4 + if ((hhash->SuspendRequest == HAL_HASH_SUSPEND) && ((buffercounter+4U) < Size)) + 800a5d0: 2801 cmp r0, #1 + inputaddr+=4U; + 800a5d2: 9301 str r3, [sp, #4] + if ((hhash->SuspendRequest == HAL_HASH_SUSPEND) && ((buffercounter+4U) < Size)) + 800a5d4: f101 0304 add.w r3, r1, #4 + 800a5d8: d127 bne.n 800a62a + 800a5da: 4293 cmp r3, r2 + 800a5dc: d225 bcs.n 800a62a + { + /* Wait for DINIS = 1, which occurs when 16 32-bit locations are free + in the input buffer */ + if (__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS)) + 800a5de: 6a6e ldr r6, [r5, #36] ; 0x24 + 800a5e0: 07f6 lsls r6, r6, #31 + 800a5e2: d522 bpl.n 800a62a + /* Reset SuspendRequest */ + hhash->SuspendRequest = HAL_HASH_SUSPEND_NONE; + + /* Depending whether the key or the input data were fed to the Peripheral, the feeding point + reached at suspension time is not saved in the same handle fields */ + if ((hhash->Phase == HAL_HASH_PHASE_PROCESS) || (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_2)) + 800a5e4: f894 302d ldrb.w r3, [r4, #45] ; 0x2d + hhash->SuspendRequest = HAL_HASH_SUSPEND_NONE; + 800a5e8: 2500 movs r5, #0 + if ((hhash->Phase == HAL_HASH_PHASE_PROCESS) || (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_2)) + 800a5ea: 2b02 cmp r3, #2 + hhash->SuspendRequest = HAL_HASH_SUSPEND_NONE; + 800a5ec: f884 5036 strb.w r5, [r4, #54] ; 0x36 + if ((hhash->Phase == HAL_HASH_PHASE_PROCESS) || (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_2)) + 800a5f0: d001 beq.n 800a5f6 + 800a5f2: 2b04 cmp r3, #4 + 800a5f4: d109 bne.n 800a60a + { + /* Save current reading and writing locations of Input and Output buffers */ + hhash->pHashInBuffPtr = (uint8_t *)inputaddr; + /* Save the number of bytes that remain to be processed at this point */ + hhash->HashInCount = Size - (buffercounter + 4U); + 800a5f6: 3a04 subs r2, #4 + hhash->pHashInBuffPtr = (uint8_t *)inputaddr; + 800a5f8: 9b01 ldr r3, [sp, #4] + 800a5fa: 60e3 str r3, [r4, #12] + hhash->HashInCount = Size - (buffercounter + 4U); + 800a5fc: 1a52 subs r2, r2, r1 + 800a5fe: 6222 str r2, [r4, #32] + __HAL_UNLOCK(hhash); + return HAL_ERROR; + } + + /* Set the HASH state to Suspended and exit to stop entering data */ + hhash->State = HAL_HASH_STATE_SUSPENDED; + 800a600: 2308 movs r3, #8 + 800a602: f884 3035 strb.w r3, [r4, #53] ; 0x35 + } /* if (__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS)) */ + } /* if ((hhash->SuspendRequest == HAL_HASH_SUSPEND) && ((buffercounter+4) < Size)) */ + } /* for(buffercounter = 0; buffercounter < Size; buffercounter+=4) */ + + /* At this point, all the data have been entered to the Peripheral: exit */ + return HAL_OK; + 800a606: 2000 movs r0, #0 + 800a608: e00d b.n 800a626 + else if ((hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_1) || (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_3)) + 800a60a: 2b03 cmp r3, #3 + 800a60c: d001 beq.n 800a612 + 800a60e: 2b05 cmp r3, #5 + 800a610: d105 bne.n 800a61e + hhash->HashKeyCount = Size - (buffercounter + 4U); + 800a612: 3a04 subs r2, #4 + hhash->pHashKeyBuffPtr = (uint8_t *)inputaddr; + 800a614: 9b01 ldr r3, [sp, #4] + 800a616: 6163 str r3, [r4, #20] + hhash->HashKeyCount = Size - (buffercounter + 4U); + 800a618: 1a52 subs r2, r2, r1 + 800a61a: 62a2 str r2, [r4, #40] ; 0x28 + 800a61c: e7f0 b.n 800a600 + hhash->State = HAL_HASH_STATE_READY; + 800a61e: f884 0035 strb.w r0, [r4, #53] ; 0x35 + __HAL_UNLOCK(hhash); + 800a622: f884 5034 strb.w r5, [r4, #52] ; 0x34 +} + 800a626: b002 add sp, #8 + 800a628: bd70 pop {r4, r5, r6, pc} + 800a62a: 4619 mov r1, r3 + 800a62c: e7c7 b.n 800a5be + 800a62e: bf00 nop + 800a630: 50060400 .word 0x50060400 + +0800a634 : + */ +static void HASH_GetDigest(uint8_t *pMsgDigest, uint8_t Size) +{ + uint32_t msgdigest = (uint32_t)pMsgDigest; + + switch(Size) + 800a634: 291c cmp r1, #28 + 800a636: d027 beq.n 800a688 + 800a638: d804 bhi.n 800a644 + 800a63a: 2910 cmp r1, #16 + 800a63c: d005 beq.n 800a64a + 800a63e: 2914 cmp r1, #20 + 800a640: d011 beq.n 800a666 + 800a642: 4770 bx lr + 800a644: 2920 cmp r1, #32 + 800a646: d037 beq.n 800a6b8 + 800a648: 4770 bx lr + { + /* Read the message digest */ + case 16: /* MD5 */ + *(uint32_t*)(msgdigest) = __REV(HASH->HR[0]); + 800a64a: 4b29 ldr r3, [pc, #164] ; (800a6f0 ) + 800a64c: 68da ldr r2, [r3, #12] + \return Reversed value + */ +__STATIC_FORCEINLINE uint32_t __REV(uint32_t value) +{ +#if (__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) + return __builtin_bswap32(value); + 800a64e: ba12 rev r2, r2 + 800a650: 6002 str r2, [r0, #0] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[1]); + 800a652: 691a ldr r2, [r3, #16] + 800a654: ba12 rev r2, r2 + 800a656: 6042 str r2, [r0, #4] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[2]); + 800a658: 695a ldr r2, [r3, #20] + 800a65a: ba12 rev r2, r2 + 800a65c: 6082 str r2, [r0, #8] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[3]); + 800a65e: 699b ldr r3, [r3, #24] + 800a660: ba1b rev r3, r3 + 800a662: 60c3 str r3, [r0, #12] + break; + 800a664: 4770 bx lr + case 20: /* SHA1 */ + *(uint32_t*)(msgdigest) = __REV(HASH->HR[0]); + 800a666: 4b22 ldr r3, [pc, #136] ; (800a6f0 ) + 800a668: 68da ldr r2, [r3, #12] + 800a66a: ba12 rev r2, r2 + 800a66c: 6002 str r2, [r0, #0] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[1]); + 800a66e: 691a ldr r2, [r3, #16] + 800a670: ba12 rev r2, r2 + 800a672: 6042 str r2, [r0, #4] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[2]); + 800a674: 695a ldr r2, [r3, #20] + 800a676: ba12 rev r2, r2 + 800a678: 6082 str r2, [r0, #8] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[3]); + 800a67a: 699a ldr r2, [r3, #24] + 800a67c: ba12 rev r2, r2 + 800a67e: 60c2 str r2, [r0, #12] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[4]); + 800a680: 69db ldr r3, [r3, #28] + 800a682: ba1b rev r3, r3 + 800a684: 6103 str r3, [r0, #16] + break; + 800a686: 4770 bx lr + case 28: /* SHA224 */ + *(uint32_t*)(msgdigest) = __REV(HASH->HR[0]); + 800a688: 4b19 ldr r3, [pc, #100] ; (800a6f0 ) + 800a68a: 68da ldr r2, [r3, #12] + 800a68c: ba12 rev r2, r2 + 800a68e: 6002 str r2, [r0, #0] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[1]); + 800a690: 691a ldr r2, [r3, #16] + 800a692: ba12 rev r2, r2 + 800a694: 6042 str r2, [r0, #4] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[2]); + 800a696: 695a ldr r2, [r3, #20] + 800a698: ba12 rev r2, r2 + 800a69a: 6082 str r2, [r0, #8] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[3]); + 800a69c: 699a ldr r2, [r3, #24] + 800a69e: ba12 rev r2, r2 + 800a6a0: 60c2 str r2, [r0, #12] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[4]); + 800a6a2: 69db ldr r3, [r3, #28] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH_DIGEST->HR[5]); + 800a6a4: 4a13 ldr r2, [pc, #76] ; (800a6f4 ) + 800a6a6: ba1b rev r3, r3 + *(uint32_t*)(msgdigest) = __REV(HASH->HR[4]); + 800a6a8: 6103 str r3, [r0, #16] + *(uint32_t*)(msgdigest) = __REV(HASH_DIGEST->HR[5]); + 800a6aa: 6a53 ldr r3, [r2, #36] ; 0x24 + 800a6ac: ba1b rev r3, r3 + 800a6ae: 6143 str r3, [r0, #20] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH_DIGEST->HR[6]); + 800a6b0: 6a93 ldr r3, [r2, #40] ; 0x28 + 800a6b2: ba1b rev r3, r3 + 800a6b4: 6183 str r3, [r0, #24] + break; + 800a6b6: 4770 bx lr + case 32: /* SHA256 */ + *(uint32_t*)(msgdigest) = __REV(HASH->HR[0]); + 800a6b8: 4b0d ldr r3, [pc, #52] ; (800a6f0 ) + 800a6ba: 68da ldr r2, [r3, #12] + 800a6bc: ba12 rev r2, r2 + 800a6be: 6002 str r2, [r0, #0] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[1]); + 800a6c0: 691a ldr r2, [r3, #16] + 800a6c2: ba12 rev r2, r2 + 800a6c4: 6042 str r2, [r0, #4] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[2]); + 800a6c6: 695a ldr r2, [r3, #20] + 800a6c8: ba12 rev r2, r2 + 800a6ca: 6082 str r2, [r0, #8] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[3]); + 800a6cc: 699a ldr r2, [r3, #24] + 800a6ce: ba12 rev r2, r2 + 800a6d0: 60c2 str r2, [r0, #12] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH->HR[4]); + 800a6d2: 69db ldr r3, [r3, #28] + 800a6d4: ba1b rev r3, r3 + 800a6d6: 6103 str r3, [r0, #16] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH_DIGEST->HR[5]); + 800a6d8: 4b06 ldr r3, [pc, #24] ; (800a6f4 ) + 800a6da: 6a5a ldr r2, [r3, #36] ; 0x24 + 800a6dc: ba12 rev r2, r2 + 800a6de: 6142 str r2, [r0, #20] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH_DIGEST->HR[6]); + 800a6e0: 6a9a ldr r2, [r3, #40] ; 0x28 + 800a6e2: ba12 rev r2, r2 + 800a6e4: 6182 str r2, [r0, #24] + msgdigest+=4U; + *(uint32_t*)(msgdigest) = __REV(HASH_DIGEST->HR[7]); + 800a6e6: 6adb ldr r3, [r3, #44] ; 0x2c + 800a6e8: ba1b rev r3, r3 + 800a6ea: 61c3 str r3, [r0, #28] + break; + default: + break; + } +} + 800a6ec: 4770 bx lr + 800a6ee: bf00 nop + 800a6f0: 50060400 .word 0x50060400 + 800a6f4: 50060700 .word 0x50060700 + +0800a6f8 : + * @param Status the Flag status (SET or RESET). + * @param Timeout Timeout duration. + * @retval HAL status + */ +static HAL_StatusTypeDef HASH_WaitOnFlagUntilTimeout(HASH_HandleTypeDef *hhash, uint32_t Flag, FlagStatus Status, uint32_t Timeout) +{ + 800a6f8: e92d 43f8 stmdb sp!, {r3, r4, r5, r6, r7, r8, r9, lr} + 800a6fc: 4604 mov r4, r0 + 800a6fe: 460e mov r6, r1 + 800a700: 4691 mov r9, r2 + 800a702: 461d mov r5, r3 + uint32_t tickstart = HAL_GetTick(); + 800a704: f7fc fe70 bl 80073e8 + 800a708: f8df 805c ldr.w r8, [pc, #92] ; 800a768 + 800a70c: 4607 mov r7, r0 + + /* Wait until flag is set */ + if(Status == RESET) + 800a70e: f1b9 0f00 cmp.w r9, #0 + 800a712: d021 beq.n 800a758 + } + } + } + else + { + while(__HAL_HASH_GET_FLAG(Flag) != RESET) + 800a714: f8d8 3024 ldr.w r3, [r8, #36] ; 0x24 + 800a718: ea36 0303 bics.w r3, r6, r3 + 800a71c: d121 bne.n 800a762 + { + /* Check for the Timeout */ + if(Timeout != HAL_MAX_DELAY) + 800a71e: 1c6b adds r3, r5, #1 + 800a720: d0f8 beq.n 800a714 + { + if(((HAL_GetTick()-tickstart) > Timeout) || (Timeout == 0U)) + 800a722: f7fc fe61 bl 80073e8 + 800a726: 1bc0 subs r0, r0, r7 + 800a728: 42a8 cmp r0, r5 + 800a72a: d80a bhi.n 800a742 + 800a72c: 2d00 cmp r5, #0 + 800a72e: d1f1 bne.n 800a714 + 800a730: e007 b.n 800a742 + if(Timeout != HAL_MAX_DELAY) + 800a732: 1c6a adds r2, r5, #1 + 800a734: d010 beq.n 800a758 + if(((HAL_GetTick()-tickstart) > Timeout) || (Timeout == 0U)) + 800a736: f7fc fe57 bl 80073e8 + 800a73a: 1bc0 subs r0, r0, r7 + 800a73c: 42a8 cmp r0, r5 + 800a73e: d800 bhi.n 800a742 + 800a740: b955 cbnz r5, 800a758 + { + /* Set State to Ready to be able to restart later on */ + hhash->State = HAL_HASH_STATE_READY; + 800a742: 2301 movs r3, #1 + 800a744: f884 3035 strb.w r3, [r4, #53] ; 0x35 + /* Store time out issue in handle status */ + hhash->Status = HAL_TIMEOUT; + + /* Process Unlocked */ + __HAL_UNLOCK(hhash); + 800a748: 2200 movs r2, #0 + hhash->Status = HAL_TIMEOUT; + 800a74a: 2303 movs r3, #3 + 800a74c: f884 302c strb.w r3, [r4, #44] ; 0x2c + __HAL_UNLOCK(hhash); + 800a750: f884 2034 strb.w r2, [r4, #52] ; 0x34 + + return HAL_TIMEOUT; + 800a754: 4618 mov r0, r3 + 800a756: e005 b.n 800a764 + while(__HAL_HASH_GET_FLAG(Flag) == RESET) + 800a758: f8d8 3024 ldr.w r3, [r8, #36] ; 0x24 + 800a75c: ea36 0303 bics.w r3, r6, r3 + 800a760: d1e7 bne.n 800a732 + } + } + } + } + return HAL_OK; + 800a762: 2000 movs r0, #0 +} + 800a764: e8bd 83f8 ldmia.w sp!, {r3, r4, r5, r6, r7, r8, r9, pc} + 800a768: 50060400 .word 0x50060400 + +0800a76c : +} + 800a76c: 4770 bx lr + ... + +0800a770 : +{ + 800a770: b538 push {r3, r4, r5, lr} + if(hhash == NULL) + 800a772: 4604 mov r4, r0 + 800a774: b328 cbz r0, 800a7c2 + if(hhash->State == HAL_HASH_STATE_RESET) + 800a776: f890 3035 ldrb.w r3, [r0, #53] ; 0x35 + 800a77a: f003 02ff and.w r2, r3, #255 ; 0xff + 800a77e: b91b cbnz r3, 800a788 + hhash->Lock = HAL_UNLOCKED; + 800a780: f880 2034 strb.w r2, [r0, #52] ; 0x34 + HAL_HASH_MspInit(hhash); + 800a784: f7ff fff2 bl 800a76c + hhash->HashInCount = 0; + 800a788: 2000 movs r0, #0 + MODIFY_REG(HASH->CR, HASH_CR_DATATYPE, hhash->Init.DataType); + 800a78a: 4a0f ldr r2, [pc, #60] ; (800a7c8 ) + hhash->HashBuffSize = 0; + 800a78c: 61e0 str r0, [r4, #28] + hhash->State = HAL_HASH_STATE_BUSY; + 800a78e: 2302 movs r3, #2 + hhash->Phase = HAL_HASH_PHASE_READY; + 800a790: 2101 movs r1, #1 + hhash->State = HAL_HASH_STATE_BUSY; + 800a792: f884 3035 strb.w r3, [r4, #53] ; 0x35 + hhash->Phase = HAL_HASH_PHASE_READY; + 800a796: f884 102d strb.w r1, [r4, #45] ; 0x2d + hhash->HashInCount = 0; + 800a79a: 6220 str r0, [r4, #32] + hhash->SuspendRequest = HAL_HASH_SUSPEND_NONE; + 800a79c: 86e0 strh r0, [r4, #54] ; 0x36 + hhash->HashITCounter = 0; + 800a79e: 6260 str r0, [r4, #36] ; 0x24 + hhash->NbWordsAlreadyPushed = 0; + 800a7a0: 63a0 str r0, [r4, #56] ; 0x38 + MODIFY_REG(HASH->CR, HASH_CR_DATATYPE, hhash->Init.DataType); + 800a7a2: 6813 ldr r3, [r2, #0] + 800a7a4: 6825 ldr r5, [r4, #0] + 800a7a6: f023 0330 bic.w r3, r3, #48 ; 0x30 + 800a7aa: 432b orrs r3, r5 + 800a7ac: 6013 str r3, [r2, #0] +__HAL_HASH_RESET_MDMAT(); + 800a7ae: 6813 ldr r3, [r2, #0] + 800a7b0: f423 5300 bic.w r3, r3, #8192 ; 0x2000 + 800a7b4: 6013 str r3, [r2, #0] + hhash->State = HAL_HASH_STATE_READY; + 800a7b6: f884 1035 strb.w r1, [r4, #53] ; 0x35 + hhash->Status = HAL_OK; + 800a7ba: f884 002c strb.w r0, [r4, #44] ; 0x2c + hhash->ErrorCode = HAL_HASH_ERROR_NONE; + 800a7be: 63e0 str r0, [r4, #60] ; 0x3c +} + 800a7c0: bd38 pop {r3, r4, r5, pc} + return HAL_ERROR; + 800a7c2: 2001 movs r0, #1 + 800a7c4: e7fc b.n 800a7c0 + 800a7c6: bf00 nop + 800a7c8: 50060400 .word 0x50060400 + +0800a7cc : + 800a7cc: 4770 bx lr + +0800a7ce : + 800a7ce: 4770 bx lr + +0800a7d0 : + 800a7d0: 4770 bx lr + +0800a7d2 : + 800a7d2: 4770 bx lr + +0800a7d4 : +{ + 800a7d4: b570 push {r4, r5, r6, lr} + * suspension time is stored in the handle for resumption later on. + * @retval HAL status + */ +static HAL_StatusTypeDef HASH_IT(HASH_HandleTypeDef *hhash) +{ + if (hhash->State == HAL_HASH_STATE_BUSY) + 800a7d6: f890 3035 ldrb.w r3, [r0, #53] ; 0x35 + 800a7da: 2b02 cmp r3, #2 +{ + 800a7dc: 4604 mov r4, r0 + if (hhash->State == HAL_HASH_STATE_BUSY) + 800a7de: b2da uxtb r2, r3 + 800a7e0: f040 80e7 bne.w 800a9b2 + { + /* ITCounter must not be equal to 0 at this point. Report an error if this is the case. */ + if(hhash->HashITCounter == 0U) + 800a7e4: 6a43 ldr r3, [r0, #36] ; 0x24 + 800a7e6: 4d74 ldr r5, [pc, #464] ; (800a9b8 ) + 800a7e8: b94b cbnz r3, 800a7fe + { + /* Disable Interrupts */ + __HAL_HASH_DISABLE_IT(HASH_IT_DINI|HASH_IT_DCI); + 800a7ea: 6a2b ldr r3, [r5, #32] + 800a7ec: f023 0303 bic.w r3, r3, #3 + 800a7f0: 622b str r3, [r5, #32] + /* HASH state set back to Ready to prevent any issue in user code + present in HAL_HASH_ErrorCallback() */ + hhash->State = HAL_HASH_STATE_READY; + 800a7f2: 2301 movs r3, #1 + 800a7f4: f880 3035 strb.w r3, [r0, #53] ; 0x35 + hhash->Status = HASH_IT(hhash); + 800a7f8: f884 302c strb.w r3, [r4, #44] ; 0x2c + if (hhash->Status != HAL_OK) + 800a7fc: e099 b.n 800a932 + return HAL_ERROR; + } + else if (hhash->HashITCounter == 1U) + 800a7fe: 6a43 ldr r3, [r0, #36] ; 0x24 + 800a800: 2b01 cmp r3, #1 + } + else + { + /* Cruise speed reached, HashITCounter remains equal to 3 until the end of + the HASH processing or the end of the current step for HMAC processing. */ + hhash->HashITCounter = 3U; + 800a802: bf16 itet ne + 800a804: 2303 movne r3, #3 + hhash->HashITCounter = 2U; + 800a806: 6242 streq r2, [r0, #36] ; 0x24 + hhash->HashITCounter = 3U; + 800a808: 6243 strne r3, [r0, #36] ; 0x24 + } + + /* If digest is ready */ + if (__HAL_HASH_GET_FLAG(HASH_FLAG_DCIS)) + 800a80a: 6a6b ldr r3, [r5, #36] ; 0x24 + 800a80c: f013 0302 ands.w r3, r3, #2 + 800a810: d022 beq.n 800a858 + { + /* Read the digest */ + HASH_GetDigest(hhash->pHashOutBuffPtr, HASH_DIGEST_LENGTH()); + 800a812: 682a ldr r2, [r5, #0] + 800a814: 4b69 ldr r3, [pc, #420] ; (800a9bc ) + 800a816: 6900 ldr r0, [r0, #16] + 800a818: 421a tst r2, r3 + 800a81a: d019 beq.n 800a850 + 800a81c: 682a ldr r2, [r5, #0] + 800a81e: 401a ands r2, r3 + 800a820: f5b2 2f80 cmp.w r2, #262144 ; 0x40000 + 800a824: d016 beq.n 800a854 + 800a826: 682a ldr r2, [r5, #0] + 800a828: 4393 bics r3, r2 + 800a82a: bf0c ite eq + 800a82c: 2120 moveq r1, #32 + 800a82e: 2110 movne r1, #16 + 800a830: f7ff ff00 bl 800a634 + + /* Disable Interrupts */ + __HAL_HASH_DISABLE_IT(HASH_IT_DINI|HASH_IT_DCI); + 800a834: 6a2b ldr r3, [r5, #32] + 800a836: f023 0303 bic.w r3, r3, #3 + 800a83a: 622b str r3, [r5, #32] + /* Change the HASH state */ + hhash->State = HAL_HASH_STATE_READY; + 800a83c: 2301 movs r3, #1 + 800a83e: f884 3035 strb.w r3, [r4, #53] ; 0x35 + /* Reset HASH state machine */ + hhash->Phase = HAL_HASH_PHASE_READY; + 800a842: f884 302d strb.w r3, [r4, #45] ; 0x2d + /* Call digest computation complete call back */ +#if (USE_HAL_HASH_REGISTER_CALLBACKS == 1) + hhash->DgstCpltCallback(hhash); +#else + HAL_HASH_DgstCpltCallback(hhash); + 800a846: 4620 mov r0, r4 + 800a848: f7ff ffc2 bl 800a7d0 + hhash->Status = HAL_OK; + 800a84c: 2300 movs r3, #0 + 800a84e: e015 b.n 800a87c + HASH_GetDigest(hhash->pHashOutBuffPtr, HASH_DIGEST_LENGTH()); + 800a850: 2114 movs r1, #20 + 800a852: e7ed b.n 800a830 + 800a854: 211c movs r1, #28 + 800a856: e7eb b.n 800a830 + + return HAL_OK; + } + + /* If Peripheral ready to accept new data */ + if (__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS)) + 800a858: 6a6a ldr r2, [r5, #36] ; 0x24 + 800a85a: 07d2 lsls r2, r2, #31 + 800a85c: d5f6 bpl.n 800a84c + { + + /* If the suspension flag has been raised and if the processing is not about + to end, suspend processing */ + if ( (hhash->HashInCount != 0U) && (hhash->SuspendRequest == HAL_HASH_SUSPEND)) + 800a85e: 6a02 ldr r2, [r0, #32] + 800a860: b17a cbz r2, 800a882 + 800a862: f890 2036 ldrb.w r2, [r0, #54] ; 0x36 + 800a866: 2a01 cmp r2, #1 + 800a868: d10b bne.n 800a882 + { + /* Disable Interrupts */ + __HAL_HASH_DISABLE_IT(HASH_IT_DINI|HASH_IT_DCI); + 800a86a: 6a2a ldr r2, [r5, #32] + 800a86c: f022 0203 bic.w r2, r2, #3 + 800a870: 622a str r2, [r5, #32] + + /* Reset SuspendRequest */ + hhash->SuspendRequest = HAL_HASH_SUSPEND_NONE; + + /* Change the HASH state */ + hhash->State = HAL_HASH_STATE_SUSPENDED; + 800a872: 2208 movs r2, #8 + hhash->SuspendRequest = HAL_HASH_SUSPEND_NONE; + 800a874: f880 3036 strb.w r3, [r0, #54] ; 0x36 + hhash->State = HAL_HASH_STATE_SUSPENDED; + 800a878: f880 2035 strb.w r2, [r0, #53] ; 0x35 + hhash->Status = HAL_OK; + 800a87c: f884 302c strb.w r3, [r4, #44] ; 0x2c +} + 800a880: e076 b.n 800a970 + uint32_t buffercounter; + uint32_t inputcounter; + uint32_t ret = HASH_DIGEST_CALCULATION_NOT_STARTED; + + /* If there are more than 64 bytes remaining to be entered */ + if(hhash->HashInCount > 64U) + 800a882: 6a21 ldr r1, [r4, #32] + { + inputaddr = (uint32_t)hhash->pHashInBuffPtr; + 800a884: 68e3 ldr r3, [r4, #12] + if(hhash->HashInCount > 64U) + 800a886: 2940 cmp r1, #64 ; 0x40 + inputaddr = (uint32_t)hhash->pHashInBuffPtr; + 800a888: 461a mov r2, r3 + if(hhash->HashInCount > 64U) + 800a88a: d91c bls.n 800a8c6 + 800a88c: f103 0140 add.w r1, r3, #64 ; 0x40 + /* Write the Input block in the Data IN register + (16 32-bit words, or 64 bytes are entered) */ + for(buffercounter = 0U; buffercounter < 64U; buffercounter+=4U) + { + HASH->DIN = *(uint32_t*)inputaddr; + 800a890: f853 0b04 ldr.w r0, [r3], #4 + 800a894: 6068 str r0, [r5, #4] + for(buffercounter = 0U; buffercounter < 64U; buffercounter+=4U) + 800a896: 4299 cmp r1, r3 + 800a898: d1fa bne.n 800a890 + inputaddr+=4U; + } + /* If this is the start of input data entering, an additional word + must be entered to start up the HASH processing */ + if(hhash->HashITCounter == 2U) + 800a89a: 6a63 ldr r3, [r4, #36] ; 0x24 + 800a89c: 2b02 cmp r3, #2 + 800a89e: d10d bne.n 800a8bc + { + HASH->DIN = *(uint32_t*)inputaddr; + 800a8a0: 680b ldr r3, [r1, #0] + 800a8a2: 606b str r3, [r5, #4] + if(hhash->HashInCount >= 68U) + 800a8a4: 6a23 ldr r3, [r4, #32] + 800a8a6: 2b43 cmp r3, #67 ; 0x43 + 800a8a8: d905 bls.n 800a8b6 + { + /* There are still data waiting to be entered in the Peripheral. + Decrement buffer counter and set pointer to the proper + memory location for the next data entering round. */ + hhash->HashInCount -= 68U; + 800a8aa: 6a23 ldr r3, [r4, #32] + 800a8ac: 3b44 subs r3, #68 ; 0x44 + 800a8ae: 6223 str r3, [r4, #32] + hhash->pHashInBuffPtr+= 68U; + 800a8b0: 3244 adds r2, #68 ; 0x44 + { + /* 64 bytes have been entered and there are still some remaining: + Decrement buffer counter and set pointer to the proper + memory location for the next data entering round.*/ + hhash->HashInCount -= 64U; + hhash->pHashInBuffPtr+= 64U; + 800a8b2: 60e2 str r2, [r4, #12] + /* Reset buffer counter */ + hhash->HashInCount = 0; + } + + /* Return whether or digest calculation has started */ + return ret; + 800a8b4: e7ca b.n 800a84c + hhash->HashInCount = 0U; + 800a8b6: 2300 movs r3, #0 + 800a8b8: 6223 str r3, [r4, #32] + return ret; + 800a8ba: e7c7 b.n 800a84c + hhash->HashInCount -= 64U; + 800a8bc: 6a23 ldr r3, [r4, #32] + 800a8be: 3b40 subs r3, #64 ; 0x40 + 800a8c0: 6223 str r3, [r4, #32] + hhash->pHashInBuffPtr+= 64U; + 800a8c2: 3240 adds r2, #64 ; 0x40 + 800a8c4: e7f5 b.n 800a8b2 + inputcounter = hhash->HashInCount; + 800a8c6: 6a22 ldr r2, [r4, #32] + __HAL_HASH_DISABLE_IT(HASH_IT_DINI); + 800a8c8: 6a29 ldr r1, [r5, #32] + for(buffercounter = 0U; buffercounter < ((inputcounter+3U)/4U); buffercounter++) + 800a8ca: 3203 adds r2, #3 + __HAL_HASH_DISABLE_IT(HASH_IT_DINI); + 800a8cc: f021 0101 bic.w r1, r1, #1 + 800a8d0: f022 0203 bic.w r2, r2, #3 + 800a8d4: 6229 str r1, [r5, #32] + for(buffercounter = 0U; buffercounter < ((inputcounter+3U)/4U); buffercounter++) + 800a8d6: 441a add r2, r3 + 800a8d8: 4293 cmp r3, r2 + 800a8da: d10b bne.n 800a8f4 + if (hhash->Accumulation == 1U) + 800a8dc: 6c23 ldr r3, [r4, #64] ; 0x40 + 800a8de: 2b01 cmp r3, #1 + 800a8e0: d10c bne.n 800a8fc + hhash->Accumulation = 0U; + 800a8e2: 2500 movs r5, #0 + 800a8e4: 6425 str r5, [r4, #64] ; 0x40 + HAL_HASH_InCpltCallback(hhash); + 800a8e6: 4620 mov r0, r4 + hhash->State = HAL_HASH_STATE_READY; + 800a8e8: f884 3035 strb.w r3, [r4, #53] ; 0x35 + HAL_HASH_InCpltCallback(hhash); + 800a8ec: f7ff ff6f bl 800a7ce + hhash->HashInCount = 0; + 800a8f0: 6225 str r5, [r4, #32] + return ret; + 800a8f2: e7ab b.n 800a84c + HASH->DIN = *(uint32_t*)inputaddr; + 800a8f4: f853 1b04 ldr.w r1, [r3], #4 + 800a8f8: 6069 str r1, [r5, #4] + for(buffercounter = 0U; buffercounter < ((inputcounter+3U)/4U); buffercounter++) + 800a8fa: e7ed b.n 800a8d8 + __HAL_HASH_START_DIGEST(); + 800a8fc: 68ab ldr r3, [r5, #8] + 800a8fe: f443 7380 orr.w r3, r3, #256 ; 0x100 + 800a902: 60ab str r3, [r5, #8] + hhash->HashInCount = 0; + 800a904: 2300 movs r3, #0 + 800a906: 6223 str r3, [r4, #32] + HAL_HASH_InCpltCallback(hhash); + 800a908: 4620 mov r0, r4 + 800a90a: f7ff ff60 bl 800a7ce + if (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_1) + 800a90e: f894 602d ldrb.w r6, [r4, #45] ; 0x2d + 800a912: 2e03 cmp r6, #3 + 800a914: d12d bne.n 800a972 + if (HASH_WaitOnFlagUntilTimeout(hhash, HASH_FLAG_BUSY, SET, HASH_TIMEOUTVALUE) != HAL_OK) + 800a916: f44f 737a mov.w r3, #1000 ; 0x3e8 + 800a91a: 2201 movs r2, #1 + 800a91c: 2108 movs r1, #8 + 800a91e: 4620 mov r0, r4 + 800a920: f7ff feea bl 800a6f8 + 800a924: b168 cbz r0, 800a942 + __HAL_HASH_DISABLE_IT(HASH_IT_DINI|HASH_IT_DCI); + 800a926: 6a2b ldr r3, [r5, #32] + 800a928: f023 0303 bic.w r3, r3, #3 + 800a92c: 622b str r3, [r5, #32] + hhash->Status = HASH_IT(hhash); + 800a92e: f884 602c strb.w r6, [r4, #44] ; 0x2c + hhash->ErrorCode |= HAL_HASH_ERROR_IT; + 800a932: 6be3 ldr r3, [r4, #60] ; 0x3c + 800a934: f043 0301 orr.w r3, r3, #1 + 800a938: 63e3 str r3, [r4, #60] ; 0x3c + HAL_HASH_ErrorCallback(hhash); + 800a93a: 4620 mov r0, r4 + 800a93c: f7ff ff49 bl 800a7d2 + 800a940: e784 b.n 800a84c + hhash->Phase = HAL_HASH_PHASE_HMAC_STEP_2; /* Move phase from Step 1 to Step 2 */ + 800a942: 2304 movs r3, #4 + 800a944: f884 302d strb.w r3, [r4, #45] ; 0x2d + __HAL_HASH_SET_NBVALIDBITS(hhash->HashBuffSize); /* Set NBLW for the input message */ + 800a948: 68ab ldr r3, [r5, #8] + 800a94a: 69e2 ldr r2, [r4, #28] + 800a94c: f023 031f bic.w r3, r3, #31 + 800a950: f002 0103 and.w r1, r2, #3 + 800a954: ea43 03c1 orr.w r3, r3, r1, lsl #3 + 800a958: 60ab str r3, [r5, #8] + hhash->pHashInBuffPtr = hhash->pHashMsgBuffPtr; /* Set the input data address */ + 800a95a: 69a3 ldr r3, [r4, #24] + hhash->HashInCount = hhash->HashBuffSize; /* Set the input data size (in bytes) */ + 800a95c: 6222 str r2, [r4, #32] + hhash->pHashInBuffPtr = hhash->Init.pKey; /* Set the key address */ + 800a95e: 60e3 str r3, [r4, #12] + hhash->HashITCounter = 1; /* Set ITCounter to 1 to indicate the start of a new phase */ + 800a960: 2301 movs r3, #1 + 800a962: 6263 str r3, [r4, #36] ; 0x24 + __HAL_HASH_ENABLE_IT(HASH_IT_DINI); /* Enable IT (was disabled in HASH_Write_Block_Data) */ + 800a964: 6a2b ldr r3, [r5, #32] + 800a966: f043 0301 orr.w r3, r3, #1 + 800a96a: 622b str r3, [r5, #32] + hhash->Status = HASH_IT(hhash); + 800a96c: f884 002c strb.w r0, [r4, #44] ; 0x2c +} + 800a970: bd70 pop {r4, r5, r6, pc} + else if (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_2) + 800a972: 2e04 cmp r6, #4 + 800a974: f47f af6a bne.w 800a84c + if (HASH_WaitOnFlagUntilTimeout(hhash, HASH_FLAG_BUSY, SET, HASH_TIMEOUTVALUE) != HAL_OK) + 800a978: f44f 737a mov.w r3, #1000 ; 0x3e8 + 800a97c: 2201 movs r2, #1 + 800a97e: 2108 movs r1, #8 + 800a980: 4620 mov r0, r4 + 800a982: f7ff feb9 bl 800a6f8 + 800a986: b128 cbz r0, 800a994 + __HAL_HASH_DISABLE_IT(HASH_IT_DINI|HASH_IT_DCI); + 800a988: 6a2b ldr r3, [r5, #32] + 800a98a: f023 0303 bic.w r3, r3, #3 + 800a98e: 622b str r3, [r5, #32] + hhash->Status = HASH_IT(hhash); + 800a990: 2303 movs r3, #3 + 800a992: e731 b.n 800a7f8 + hhash->Phase = HAL_HASH_PHASE_HMAC_STEP_3; /* Move phase from Step 2 to Step 3 */ + 800a994: 2305 movs r3, #5 + 800a996: f884 302d strb.w r3, [r4, #45] ; 0x2d + __HAL_HASH_SET_NBVALIDBITS(hhash->Init.KeySize); /* Set NBLW for the key */ + 800a99a: 68ab ldr r3, [r5, #8] + 800a99c: 6862 ldr r2, [r4, #4] + 800a99e: f023 031f bic.w r3, r3, #31 + 800a9a2: f002 0103 and.w r1, r2, #3 + 800a9a6: ea43 03c1 orr.w r3, r3, r1, lsl #3 + 800a9aa: 60ab str r3, [r5, #8] + hhash->pHashInBuffPtr = hhash->Init.pKey; /* Set the key address */ + 800a9ac: 68a3 ldr r3, [r4, #8] + hhash->HashInCount = hhash->Init.KeySize; /* Set the key size (in bytes) */ + 800a9ae: 6222 str r2, [r4, #32] + hhash->pHashInBuffPtr = hhash->Init.pKey; /* Set the key address */ + 800a9b0: e7d5 b.n 800a95e + hhash->Status = HASH_IT(hhash); + 800a9b2: 2302 movs r3, #2 + 800a9b4: e720 b.n 800a7f8 + 800a9b6: bf00 nop + 800a9b8: 50060400 .word 0x50060400 + 800a9bc: 00040080 .word 0x00040080 + +0800a9c0 : + return hhash->State; + 800a9c0: f890 0035 ldrb.w r0, [r0, #53] ; 0x35 +} + 800a9c4: 4770 bx lr + +0800a9c6 : +} + 800a9c6: f890 002c ldrb.w r0, [r0, #44] ; 0x2c + 800a9ca: 4770 bx lr + +0800a9cc : + *(uint32_t*)(mem_ptr) = READ_BIT(HASH->IMR,HASH_IT_DINI|HASH_IT_DCI); + 800a9cc: 4b0e ldr r3, [pc, #56] ; (800aa08 ) + 800a9ce: 6a1a ldr r2, [r3, #32] + 800a9d0: f002 0203 and.w r2, r2, #3 + 800a9d4: 600a str r2, [r1, #0] + *(uint32_t*)(mem_ptr) = READ_BIT(HASH->STR,HASH_STR_NBLW); + 800a9d6: 689a ldr r2, [r3, #8] + 800a9d8: f002 021f and.w r2, r2, #31 + 800a9dc: 604a str r2, [r1, #4] + *(uint32_t*)(mem_ptr) = READ_BIT(HASH->CR,HASH_CR_DMAE|HASH_CR_DATATYPE|HASH_CR_MODE|HASH_CR_ALGO|HASH_CR_LKEY|HASH_CR_MDMAT); + 800a9de: 681b ldr r3, [r3, #0] + for (i = HASH_NUMBER_OF_CSR_REGISTERS; i >0U; i--) + 800a9e0: 4a0a ldr r2, [pc, #40] ; (800aa0c ) + *(uint32_t*)(mem_ptr) = READ_BIT(HASH->CR,HASH_CR_DMAE|HASH_CR_DATATYPE|HASH_CR_MODE|HASH_CR_ALGO|HASH_CR_LKEY|HASH_CR_MDMAT); + 800a9e2: f023 437f bic.w r3, r3, #4278190080 ; 0xff000000 + 800a9e6: f423 037a bic.w r3, r3, #16384000 ; 0xfa0000 + 800a9ea: f423 435f bic.w r3, r3, #57088 ; 0xdf00 + 800a9ee: f023 0307 bic.w r3, r3, #7 + 800a9f2: 608b str r3, [r1, #8] + uint32_t csr_ptr = (uint32_t)HASH->CSR; + 800a9f4: 4b06 ldr r3, [pc, #24] ; (800aa10 ) + mem_ptr+=4U; + 800a9f6: 310c adds r1, #12 + *(uint32_t*)(mem_ptr) = *(uint32_t*)(csr_ptr); + 800a9f8: f853 0b04 ldr.w r0, [r3], #4 + 800a9fc: f841 0b04 str.w r0, [r1], #4 + for (i = HASH_NUMBER_OF_CSR_REGISTERS; i >0U; i--) + 800aa00: 4293 cmp r3, r2 + 800aa02: d1f9 bne.n 800a9f8 +} + 800aa04: 4770 bx lr + 800aa06: bf00 nop + 800aa08: 50060400 .word 0x50060400 + 800aa0c: 500605d0 .word 0x500605d0 + 800aa10: 500604f8 .word 0x500604f8 + +0800aa14 : + WRITE_REG(HASH->IMR, (*(uint32_t*)(mem_ptr))); + 800aa14: 4b0a ldr r3, [pc, #40] ; (800aa40 ) + 800aa16: 680a ldr r2, [r1, #0] + 800aa18: 621a str r2, [r3, #32] + WRITE_REG(HASH->STR, (*(uint32_t*)(mem_ptr))); + 800aa1a: 684a ldr r2, [r1, #4] + 800aa1c: 609a str r2, [r3, #8] + WRITE_REG(HASH->CR, (*(uint32_t*)(mem_ptr))); + 800aa1e: 688a ldr r2, [r1, #8] + 800aa20: 601a str r2, [r3, #0] + __HAL_HASH_INIT(); + 800aa22: 681a ldr r2, [r3, #0] + 800aa24: f042 0204 orr.w r2, r2, #4 + 800aa28: 601a str r2, [r3, #0] + for (i = HASH_NUMBER_OF_CSR_REGISTERS; i >0U; i--) + 800aa2a: 4a06 ldr r2, [pc, #24] ; (800aa44 ) + mem_ptr+=4U; + 800aa2c: 310c adds r1, #12 + uint32_t csr_ptr = (uint32_t)HASH->CSR; + 800aa2e: 33f8 adds r3, #248 ; 0xf8 + WRITE_REG((*(uint32_t*)(csr_ptr)), (*(uint32_t*)(mem_ptr))); + 800aa30: f851 0b04 ldr.w r0, [r1], #4 + 800aa34: f843 0b04 str.w r0, [r3], #4 + for (i = HASH_NUMBER_OF_CSR_REGISTERS; i >0U; i--) + 800aa38: 4293 cmp r3, r2 + 800aa3a: d1f9 bne.n 800aa30 +} + 800aa3c: 4770 bx lr + 800aa3e: bf00 nop + 800aa40: 50060400 .word 0x50060400 + 800aa44: 500605d0 .word 0x500605d0 + +0800aa48 : + hhash->SuspendRequest = HAL_HASH_SUSPEND; + 800aa48: 2301 movs r3, #1 + 800aa4a: f880 3036 strb.w r3, [r0, #54] ; 0x36 +} + 800aa4e: 4770 bx lr + +0800aa50 : + return hhash->ErrorCode; + 800aa50: 6bc0 ldr r0, [r0, #60] ; 0x3c +} + 800aa52: 4770 bx lr + +0800aa54 : + * @param Timeout Timeout value. + * @param Algorithm HASH algorithm. + * @retval HAL status + */ +HAL_StatusTypeDef HASH_Start(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size, uint8_t* pOutBuffer, uint32_t Timeout, uint32_t Algorithm) +{ + 800aa54: b5f8 push {r3, r4, r5, r6, r7, lr} + 800aa56: 461e mov r6, r3 + uint8_t *pInBuffer_tmp; /* input data address, input parameter of HASH_WriteData() */ + uint32_t Size_tmp; /* input data size (in bytes), input parameter of HASH_WriteData() */ + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800aa58: f890 3035 ldrb.w r3, [r0, #53] ; 0x35 + + + /* Initiate HASH processing in case of start or resumption */ +if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800aa5c: 2b01 cmp r3, #1 +{ + 800aa5e: 4604 mov r4, r0 + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800aa60: b2d8 uxtb r0, r3 +if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800aa62: d001 beq.n 800aa68 + 800aa64: 2808 cmp r0, #8 + 800aa66: d17a bne.n 800ab5e + { + /* Check input parameters */ + if ((pInBuffer == NULL) || (pOutBuffer == NULL)) + 800aa68: b101 cbz r1, 800aa6c + 800aa6a: b926 cbnz r6, 800aa76 + { + hhash->State = HAL_HASH_STATE_READY; + 800aa6c: 2501 movs r5, #1 + 800aa6e: f884 5035 strb.w r5, [r4, #53] ; 0x35 + } + else + { + return HAL_BUSY; + } +} + 800aa72: 4628 mov r0, r5 + 800aa74: bdf8 pop {r3, r4, r5, r6, r7, pc} + __HAL_LOCK(hhash); + 800aa76: f894 3034 ldrb.w r3, [r4, #52] ; 0x34 + 800aa7a: 2b01 cmp r3, #1 + 800aa7c: d06f beq.n 800ab5e + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800aa7e: f894 302d ldrb.w r3, [r4, #45] ; 0x2d + __HAL_LOCK(hhash); + 800aa82: 2501 movs r5, #1 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800aa84: 42ab cmp r3, r5 + __HAL_LOCK(hhash); + 800aa86: f884 5034 strb.w r5, [r4, #52] ; 0x34 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800aa8a: d148 bne.n 800ab1e + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_CR_INIT); + 800aa8c: 4f36 ldr r7, [pc, #216] ; (800ab68 ) + 800aa8e: 9b07 ldr r3, [sp, #28] + hhash->State = HAL_HASH_STATE_BUSY; + 800aa90: f04f 0c02 mov.w ip, #2 + 800aa94: f884 c035 strb.w ip, [r4, #53] ; 0x35 + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_CR_INIT); + 800aa98: 683d ldr r5, [r7, #0] + 800aa9a: f425 25a0 bic.w r5, r5, #327680 ; 0x50000 + 800aa9e: f025 05c4 bic.w r5, r5, #196 ; 0xc4 + 800aaa2: 431d orrs r5, r3 + 800aaa4: f045 0504 orr.w r5, r5, #4 + 800aaa8: 603d str r5, [r7, #0] + __HAL_HASH_SET_NBVALIDBITS(Size); + 800aaaa: 68b8 ldr r0, [r7, #8] + 800aaac: f002 0303 and.w r3, r2, #3 + 800aab0: f020 001f bic.w r0, r0, #31 + 800aab4: ea40 03c3 orr.w r3, r0, r3, lsl #3 + 800aab8: 60bb str r3, [r7, #8] + hhash->Phase = HAL_HASH_PHASE_PROCESS; + 800aaba: f884 c02d strb.w ip, [r4, #45] ; 0x2d + hhash->Status = HASH_WriteData(hhash, pInBuffer_tmp, Size_tmp); + 800aabe: 4620 mov r0, r4 + 800aac0: f7ff fd78 bl 800a5b4 + 800aac4: 4605 mov r5, r0 + 800aac6: f884 002c strb.w r0, [r4, #44] ; 0x2c + if (hhash->Status != HAL_OK) + 800aaca: 2800 cmp r0, #0 + 800aacc: d1d1 bne.n 800aa72 + if (hhash->State != HAL_HASH_STATE_SUSPENDED) + 800aace: f894 3035 ldrb.w r3, [r4, #53] ; 0x35 + 800aad2: 2b08 cmp r3, #8 + 800aad4: d03b beq.n 800ab4e + __HAL_HASH_START_DIGEST(); + 800aad6: 4f24 ldr r7, [pc, #144] ; (800ab68 ) + 800aad8: 68bb ldr r3, [r7, #8] + 800aada: f443 7380 orr.w r3, r3, #256 ; 0x100 + 800aade: 60bb str r3, [r7, #8] + if (HASH_WaitOnFlagUntilTimeout(hhash, HASH_FLAG_DCIS, RESET, Timeout) != HAL_OK) + 800aae0: 4602 mov r2, r0 + 800aae2: 9b06 ldr r3, [sp, #24] + 800aae4: 2102 movs r1, #2 + 800aae6: 4620 mov r0, r4 + 800aae8: f7ff fe06 bl 800a6f8 + 800aaec: 2800 cmp r0, #0 + 800aaee: d138 bne.n 800ab62 + HASH_GetDigest(pOutBuffer, HASH_DIGEST_LENGTH()); + 800aaf0: 683a ldr r2, [r7, #0] + 800aaf2: 4b1e ldr r3, [pc, #120] ; (800ab6c ) + 800aaf4: 421a tst r2, r3 + 800aaf6: d02e beq.n 800ab56 + 800aaf8: 683a ldr r2, [r7, #0] + 800aafa: 401a ands r2, r3 + 800aafc: f5b2 2f80 cmp.w r2, #262144 ; 0x40000 + 800ab00: d02b beq.n 800ab5a + 800ab02: 683a ldr r2, [r7, #0] + 800ab04: 4393 bics r3, r2 + 800ab06: bf0c ite eq + 800ab08: 2120 moveq r1, #32 + 800ab0a: 2110 movne r1, #16 + 800ab0c: 4630 mov r0, r6 + 800ab0e: f7ff fd91 bl 800a634 + hhash->State = HAL_HASH_STATE_READY; + 800ab12: 2301 movs r3, #1 + 800ab14: f884 3035 strb.w r3, [r4, #53] ; 0x35 + hhash->Phase = HAL_HASH_PHASE_READY; + 800ab18: f884 302d strb.w r3, [r4, #45] ; 0x2d + 800ab1c: e017 b.n 800ab4e + else if (hhash->Phase == HAL_HASH_PHASE_PROCESS) + 800ab1e: 2b02 cmp r3, #2 + 800ab20: d113 bne.n 800ab4a + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800ab22: f894 3035 ldrb.w r3, [r4, #53] ; 0x35 + 800ab26: 2b08 cmp r3, #8 + __HAL_HASH_SET_NBVALIDBITS(Size); + 800ab28: bf15 itete ne + 800ab2a: 4d0f ldrne r5, [pc, #60] ; (800ab68 ) + Size_tmp = hhash->HashInCount; + 800ab2c: 6a22 ldreq r2, [r4, #32] + __HAL_HASH_SET_NBVALIDBITS(Size); + 800ab2e: 68a8 ldrne r0, [r5, #8] + pInBuffer_tmp = hhash->pHashInBuffPtr; + 800ab30: 68e1 ldreq r1, [r4, #12] + __HAL_HASH_SET_NBVALIDBITS(Size); + 800ab32: bf1f itttt ne + 800ab34: f002 0303 andne.w r3, r2, #3 + 800ab38: f020 001f bicne.w r0, r0, #31 + 800ab3c: ea40 03c3 orrne.w r3, r0, r3, lsl #3 + 800ab40: 60ab strne r3, [r5, #8] + hhash->State = HAL_HASH_STATE_BUSY; + 800ab42: 2302 movs r3, #2 + 800ab44: f884 3035 strb.w r3, [r4, #53] ; 0x35 + 800ab48: e7b9 b.n 800aabe + hhash->State = HAL_HASH_STATE_READY; + 800ab4a: f884 5035 strb.w r5, [r4, #53] ; 0x35 + __HAL_UNLOCK(hhash); + 800ab4e: 2300 movs r3, #0 + 800ab50: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_OK; + 800ab54: e78d b.n 800aa72 + HASH_GetDigest(pOutBuffer, HASH_DIGEST_LENGTH()); + 800ab56: 2114 movs r1, #20 + 800ab58: e7d8 b.n 800ab0c + 800ab5a: 211c movs r1, #28 + 800ab5c: e7d6 b.n 800ab0c + return HAL_BUSY; + 800ab5e: 2502 movs r5, #2 + 800ab60: e787 b.n 800aa72 + return HAL_TIMEOUT; + 800ab62: 2503 movs r5, #3 + 800ab64: e785 b.n 800aa72 + 800ab66: bf00 nop + 800ab68: 50060400 .word 0x50060400 + 800ab6c: 00040080 .word 0x00040080 + +0800ab70 : +{ + 800ab70: b513 push {r0, r1, r4, lr} + return HASH_Start(hhash, pInBuffer, Size, pOutBuffer, Timeout, HASH_ALGOSELECTION_MD5); + 800ab72: 2480 movs r4, #128 ; 0x80 + 800ab74: 9401 str r4, [sp, #4] + 800ab76: 9c04 ldr r4, [sp, #16] + 800ab78: 9400 str r4, [sp, #0] + 800ab7a: f7ff ff6b bl 800aa54 +} + 800ab7e: b002 add sp, #8 + 800ab80: bd10 pop {r4, pc} + +0800ab82 : + 800ab82: f7ff bff5 b.w 800ab70 + +0800ab86 : +{ + 800ab86: b513 push {r0, r1, r4, lr} + return HASH_Start(hhash, pInBuffer, Size, pOutBuffer, Timeout, HASH_ALGOSELECTION_SHA1); + 800ab88: 2400 movs r4, #0 + 800ab8a: 9401 str r4, [sp, #4] + 800ab8c: 9c04 ldr r4, [sp, #16] + 800ab8e: 9400 str r4, [sp, #0] + 800ab90: f7ff ff60 bl 800aa54 +} + 800ab94: b002 add sp, #8 + 800ab96: bd10 pop {r4, pc} + +0800ab98 : + 800ab98: f7ff bff5 b.w 800ab86 + +0800ab9c : + * @param Size length of the input buffer in bytes, must be a multiple of 4. + * @param Algorithm HASH algorithm. + * @retval HAL status + */ +HAL_StatusTypeDef HASH_Accumulate(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size, uint32_t Algorithm) +{ + 800ab9c: b570 push {r4, r5, r6, lr} + uint8_t *pInBuffer_tmp; /* input data address, input parameter of HASH_WriteData() */ + uint32_t Size_tmp; /* input data size (in bytes), input parameter of HASH_WriteData() */ + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800ab9e: f890 5035 ldrb.w r5, [r0, #53] ; 0x35 +{ + 800aba2: 4604 mov r4, r0 + + /* Make sure the input buffer size (in bytes) is a multiple of 4 */ + if ((Size % 4U) != 0U) + 800aba4: 0790 lsls r0, r2, #30 + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800aba6: b2ed uxtb r5, r5 + if ((Size % 4U) != 0U) + 800aba8: d13e bne.n 800ac28 + { + return HAL_ERROR; + } + + /* Initiate HASH processing in case of start or resumption */ +if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800abaa: 2d01 cmp r5, #1 + 800abac: d001 beq.n 800abb2 + 800abae: 2d08 cmp r5, #8 + 800abb0: d13c bne.n 800ac2c + { + /* Check input parameters */ + if ((pInBuffer == NULL) || (Size == 0U)) + 800abb2: b101 cbz r1, 800abb6 + 800abb4: b91a cbnz r2, 800abbe + { + hhash->State = HAL_HASH_STATE_READY; + 800abb6: 2001 movs r0, #1 + 800abb8: f884 0035 strb.w r0, [r4, #53] ; 0x35 + { + return HAL_BUSY; + } + + +} + 800abbc: bd70 pop {r4, r5, r6, pc} + __HAL_LOCK(hhash); + 800abbe: f894 0034 ldrb.w r0, [r4, #52] ; 0x34 + 800abc2: 2801 cmp r0, #1 + 800abc4: d032 beq.n 800ac2c + 800abc6: 2001 movs r0, #1 + 800abc8: f884 0034 strb.w r0, [r4, #52] ; 0x34 + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800abcc: f894 0035 ldrb.w r0, [r4, #53] ; 0x35 + 800abd0: 2808 cmp r0, #8 + 800abd2: f04f 0002 mov.w r0, #2 + hhash->State = HAL_HASH_STATE_BUSY; + 800abd6: f884 0035 strb.w r0, [r4, #53] ; 0x35 + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800abda: d113 bne.n 800ac04 + pInBuffer_tmp = hhash->pHashInBuffPtr; /* pInBuffer_tmp is set to the input data address */ + 800abdc: 68e1 ldr r1, [r4, #12] + Size_tmp = hhash->HashInCount; /* Size_tmp contains the input data size in bytes */ + 800abde: 6a22 ldr r2, [r4, #32] + hhash->Status = HASH_WriteData(hhash, pInBuffer_tmp, Size_tmp); + 800abe0: 4620 mov r0, r4 + 800abe2: f7ff fce7 bl 800a5b4 + 800abe6: f884 002c strb.w r0, [r4, #44] ; 0x2c + if (hhash->Status != HAL_OK) + 800abea: 2800 cmp r0, #0 + 800abec: d1e6 bne.n 800abbc + if (hhash->State != HAL_HASH_STATE_SUSPENDED) + 800abee: f894 3035 ldrb.w r3, [r4, #53] ; 0x35 + 800abf2: 2b08 cmp r3, #8 + hhash->State = HAL_HASH_STATE_READY; + 800abf4: bf1c itt ne + 800abf6: 2301 movne r3, #1 + 800abf8: f884 3035 strbne.w r3, [r4, #53] ; 0x35 + __HAL_UNLOCK(hhash); + 800abfc: 2300 movs r3, #0 + 800abfe: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_OK; + 800ac02: e7db b.n 800abbc + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800ac04: f894 002d ldrb.w r0, [r4, #45] ; 0x2d + 800ac08: 2801 cmp r0, #1 + 800ac0a: d109 bne.n 800ac20 + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_CR_INIT); + 800ac0c: 4e08 ldr r6, [pc, #32] ; (800ac30 ) + 800ac0e: 6830 ldr r0, [r6, #0] + 800ac10: f420 20a0 bic.w r0, r0, #327680 ; 0x50000 + 800ac14: f020 00c4 bic.w r0, r0, #196 ; 0xc4 + 800ac18: 4318 orrs r0, r3 + 800ac1a: f040 0004 orr.w r0, r0, #4 + 800ac1e: 6030 str r0, [r6, #0] + hhash->Phase = HAL_HASH_PHASE_PROCESS; + 800ac20: 2302 movs r3, #2 + 800ac22: f884 302d strb.w r3, [r4, #45] ; 0x2d + 800ac26: e7db b.n 800abe0 + return HAL_ERROR; + 800ac28: 2001 movs r0, #1 + 800ac2a: e7c7 b.n 800abbc + return HAL_BUSY; + 800ac2c: 2002 movs r0, #2 + 800ac2e: e7c5 b.n 800abbc + 800ac30: 50060400 .word 0x50060400 + +0800ac34 : + return HASH_Accumulate(hhash, pInBuffer, Size,HASH_ALGOSELECTION_MD5); + 800ac34: 2380 movs r3, #128 ; 0x80 + 800ac36: f7ff bfb1 b.w 800ab9c + +0800ac3a : + return HASH_Accumulate(hhash, pInBuffer, Size,HASH_ALGOSELECTION_SHA1); + 800ac3a: 2300 movs r3, #0 + 800ac3c: f7ff bfae b.w 800ab9c + +0800ac40 : + * @param Size length of the input buffer in bytes, must be a multiple of 4. + * @param Algorithm HASH algorithm. + * @retval HAL status + */ +HAL_StatusTypeDef HASH_Accumulate_IT(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size, uint32_t Algorithm) +{ + 800ac40: b567 push {r0, r1, r2, r5, r6, lr} + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800ac42: f890 5035 ldrb.w r5, [r0, #53] ; 0x35 + __IO uint32_t inputaddr = (uint32_t) pInBuffer; + 800ac46: 9101 str r1, [sp, #4] + uint32_t SizeVar = Size; + + /* Make sure the input buffer size (in bytes) is a multiple of 4 */ + if ((Size % 4U) != 0U) + 800ac48: 0796 lsls r6, r2, #30 + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800ac4a: b2ed uxtb r5, r5 + if ((Size % 4U) != 0U) + 800ac4c: d154 bne.n 800acf8 + { + return HAL_ERROR; + } + + /* Initiate HASH processing in case of start or resumption */ + if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800ac4e: 2d01 cmp r5, #1 + 800ac50: d001 beq.n 800ac56 + 800ac52: 2d08 cmp r5, #8 + 800ac54: d152 bne.n 800acfc + { + /* Check input parameters */ + if ((pInBuffer == NULL) || (Size == 0U)) + 800ac56: b101 cbz r1, 800ac5a + 800ac58: b92a cbnz r2, 800ac66 + { + hhash->State = HAL_HASH_STATE_READY; + 800ac5a: 2301 movs r3, #1 + 800ac5c: f880 3035 strb.w r3, [r0, #53] ; 0x35 + else + { + return HAL_BUSY; + } + +} + 800ac60: 4618 mov r0, r3 + 800ac62: b003 add sp, #12 + 800ac64: bd60 pop {r5, r6, pc} + __HAL_LOCK(hhash); + 800ac66: f890 1034 ldrb.w r1, [r0, #52] ; 0x34 + 800ac6a: 2901 cmp r1, #1 + 800ac6c: d046 beq.n 800acfc + 800ac6e: 2101 movs r1, #1 + 800ac70: f880 1034 strb.w r1, [r0, #52] ; 0x34 + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800ac74: f890 1035 ldrb.w r1, [r0, #53] ; 0x35 + 800ac78: 4d21 ldr r5, [pc, #132] ; (800ad00 ) + 800ac7a: 2908 cmp r1, #8 + 800ac7c: f04f 0102 mov.w r1, #2 + hhash->State = HAL_HASH_STATE_BUSY; + 800ac80: f880 1035 strb.w r1, [r0, #53] ; 0x35 + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800ac84: d109 bne.n 800ac9a + hhash->Accumulation = 1U; + 800ac86: 2301 movs r3, #1 + 800ac88: 6403 str r3, [r0, #64] ; 0x40 + __HAL_UNLOCK(hhash); + 800ac8a: 2300 movs r3, #0 + 800ac8c: f880 3034 strb.w r3, [r0, #52] ; 0x34 + __HAL_HASH_ENABLE_IT(HASH_IT_DINI); + 800ac90: 6a2a ldr r2, [r5, #32] + 800ac92: f042 0201 orr.w r2, r2, #1 + 800ac96: 622a str r2, [r5, #32] + return HAL_OK; + 800ac98: e7e2 b.n 800ac60 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800ac9a: f890 602d ldrb.w r6, [r0, #45] ; 0x2d + 800ac9e: 2e01 cmp r6, #1 + 800aca0: d11b bne.n 800acda + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_CR_INIT); + 800aca2: 6829 ldr r1, [r5, #0] + 800aca4: f421 21a0 bic.w r1, r1, #327680 ; 0x50000 + 800aca8: f021 01c4 bic.w r1, r1, #196 ; 0xc4 + 800acac: 4319 orrs r1, r3 + 800acae: f041 0104 orr.w r1, r1, #4 + 800acb2: 6029 str r1, [r5, #0] + hhash->HashITCounter = 1; + 800acb4: 6246 str r6, [r0, #36] ; 0x24 + hhash->Phase = HAL_HASH_PHASE_PROCESS; + 800acb6: 2302 movs r3, #2 + 800acb8: f880 302d strb.w r3, [r0, #45] ; 0x2d + while((!(__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS))) && (SizeVar > 0U)) + 800acbc: 6a6b ldr r3, [r5, #36] ; 0x24 + 800acbe: 07d9 lsls r1, r3, #31 + 800acc0: d400 bmi.n 800acc4 + 800acc2: b96a cbnz r2, 800ace0 + if ((!(__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS))) || (SizeVar == 0U)) + 800acc4: 6a6b ldr r3, [r5, #36] ; 0x24 + 800acc6: 07db lsls r3, r3, #31 + 800acc8: d500 bpl.n 800accc + 800acca: b98a cbnz r2, 800acf0 + hhash->State = HAL_HASH_STATE_READY; + 800accc: 2301 movs r3, #1 + 800acce: f880 3035 strb.w r3, [r0, #53] ; 0x35 + __HAL_UNLOCK(hhash); + 800acd2: 2300 movs r3, #0 + 800acd4: f880 3034 strb.w r3, [r0, #52] ; 0x34 + return HAL_OK; + 800acd8: e7c2 b.n 800ac60 + hhash->HashITCounter = 3; /* 'cruise-speed' reached during a previous buffer processing */ + 800acda: 2303 movs r3, #3 + 800acdc: 6243 str r3, [r0, #36] ; 0x24 + 800acde: e7ea b.n 800acb6 + HASH->DIN = *(uint32_t*)inputaddr; + 800ace0: 9b01 ldr r3, [sp, #4] + 800ace2: 681b ldr r3, [r3, #0] + 800ace4: 606b str r3, [r5, #4] + inputaddr+=4U; + 800ace6: 9b01 ldr r3, [sp, #4] + 800ace8: 3304 adds r3, #4 + 800acea: 9301 str r3, [sp, #4] + SizeVar-=4U; + 800acec: 3a04 subs r2, #4 + 800acee: e7e5 b.n 800acbc + hhash->HashInCount = SizeVar; /* Counter used to keep track of number of data + 800acf0: 6202 str r2, [r0, #32] + hhash->pHashInBuffPtr = (uint8_t *)inputaddr; /* Points at data which will be fed to the Peripheral at + 800acf2: 9b01 ldr r3, [sp, #4] + 800acf4: 60c3 str r3, [r0, #12] + 800acf6: e7c6 b.n 800ac86 + return HAL_ERROR; + 800acf8: 2301 movs r3, #1 + 800acfa: e7b1 b.n 800ac60 + return HAL_BUSY; + 800acfc: 2302 movs r3, #2 + 800acfe: e7af b.n 800ac60 + 800ad00: 50060400 .word 0x50060400 + +0800ad04 : + return HASH_Accumulate_IT(hhash, pInBuffer, Size,HASH_ALGOSELECTION_MD5); + 800ad04: 2380 movs r3, #128 ; 0x80 + 800ad06: f7ff bf9b b.w 800ac40 + +0800ad0a : + return HASH_Accumulate_IT(hhash, pInBuffer, Size,HASH_ALGOSELECTION_SHA1); + 800ad0a: 2300 movs r3, #0 + 800ad0c: f7ff bf98 b.w 800ac40 + +0800ad10 : + * @param pOutBuffer pointer to the computed digest. + * @param Algorithm HASH algorithm. + * @retval HAL status + */ +HAL_StatusTypeDef HASH_Start_IT(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size, uint8_t* pOutBuffer, uint32_t Algorithm) +{ + 800ad10: b573 push {r0, r1, r4, r5, r6, lr} + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800ad12: f890 4035 ldrb.w r4, [r0, #53] ; 0x35 + __IO uint32_t inputaddr = (uint32_t) pInBuffer; + 800ad16: 9101 str r1, [sp, #4] + uint32_t polling_step = 0U; + uint32_t initialization_skipped = 0U; + uint32_t SizeVar = Size; + + /* If State is ready or suspended, start or resume IT-based HASH processing */ +if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800ad18: 2c01 cmp r4, #1 + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800ad1a: b2e5 uxtb r5, r4 +if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800ad1c: d001 beq.n 800ad22 + 800ad1e: 2d08 cmp r5, #8 + 800ad20: d17f bne.n 800ae22 + { + /* Check input parameters */ + if ((pInBuffer == NULL) || (Size == 0U) || (pOutBuffer == NULL)) + 800ad22: b109 cbz r1, 800ad28 + 800ad24: b102 cbz r2, 800ad28 + 800ad26: b92b cbnz r3, 800ad34 + { + hhash->State = HAL_HASH_STATE_READY; + 800ad28: 2201 movs r2, #1 + 800ad2a: f880 2035 strb.w r2, [r0, #53] ; 0x35 + else + { + return HAL_BUSY; + } + +} + 800ad2e: 4610 mov r0, r2 + 800ad30: b002 add sp, #8 + 800ad32: bd70 pop {r4, r5, r6, pc} + __HAL_LOCK(hhash); + 800ad34: f890 4034 ldrb.w r4, [r0, #52] ; 0x34 + 800ad38: 2c01 cmp r4, #1 + 800ad3a: f04f 0402 mov.w r4, #2 + 800ad3e: d072 beq.n 800ae26 + hhash->State = HAL_HASH_STATE_BUSY; + 800ad40: f880 4035 strb.w r4, [r0, #53] ; 0x35 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800ad44: f890 402d ldrb.w r4, [r0, #45] ; 0x2d + __HAL_LOCK(hhash); + 800ad48: 2601 movs r6, #1 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800ad4a: 42b4 cmp r4, r6 + __HAL_LOCK(hhash); + 800ad4c: f880 6034 strb.w r6, [r0, #52] ; 0x34 + hhash->HashITCounter = 1; + 800ad50: 4c36 ldr r4, [pc, #216] ; (800ae2c ) + 800ad52: 6246 str r6, [r0, #36] ; 0x24 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800ad54: d115 bne.n 800ad82 + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_CR_INIT); + 800ad56: 6825 ldr r5, [r4, #0] + 800ad58: 9e06 ldr r6, [sp, #24] + 800ad5a: f425 25a0 bic.w r5, r5, #327680 ; 0x50000 + 800ad5e: f025 05c4 bic.w r5, r5, #196 ; 0xc4 + 800ad62: 4335 orrs r5, r6 + 800ad64: f045 0504 orr.w r5, r5, #4 + 800ad68: 6025 str r5, [r4, #0] + __HAL_HASH_SET_NBVALIDBITS(SizeVar); + 800ad6a: 68a6 ldr r6, [r4, #8] + 800ad6c: f002 0503 and.w r5, r2, #3 + 800ad70: f026 061f bic.w r6, r6, #31 + 800ad74: ea46 05c5 orr.w r5, r6, r5, lsl #3 + 800ad78: 60a5 str r5, [r4, #8] + hhash->pHashOutBuffPtr = pOutBuffer; /* Points at the computed digest */ + 800ad7a: e9c0 1303 strd r1, r3, [r0, #12] + hhash->HashInCount = SizeVar; /* Counter used to keep track of number of data + 800ad7e: 6202 str r2, [r0, #32] + uint32_t initialization_skipped = 0U; + 800ad80: 2600 movs r6, #0 + hhash->Phase = HAL_HASH_PHASE_PROCESS; + 800ad82: 2102 movs r1, #2 + 800ad84: f880 102d strb.w r1, [r0, #45] ; 0x2d + uint32_t polling_step = 0U; + 800ad88: 2100 movs r1, #0 + while((!(__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS))) && (SizeVar > 3U)) + 800ad8a: 6a65 ldr r5, [r4, #36] ; 0x24 + 800ad8c: 07ed lsls r5, r5, #31 + 800ad8e: d401 bmi.n 800ad94 + 800ad90: 2a03 cmp r2, #3 + 800ad92: d80d bhi.n 800adb0 + if (polling_step == 1U) + 800ad94: b349 cbz r1, 800adea + if (SizeVar == 0U) + 800ad96: b9a2 cbnz r2, 800adc2 + hhash->pHashOutBuffPtr = pOutBuffer; /* Points at the computed digest */ + 800ad98: 6103 str r3, [r0, #16] + __HAL_HASH_START_DIGEST(); + 800ad9a: 68a3 ldr r3, [r4, #8] + 800ad9c: f443 7380 orr.w r3, r3, #256 ; 0x100 + 800ada0: 60a3 str r3, [r4, #8] + __HAL_UNLOCK(hhash); + 800ada2: f880 2034 strb.w r2, [r0, #52] ; 0x34 + __HAL_HASH_ENABLE_IT(HASH_IT_DCI); + 800ada6: 6a23 ldr r3, [r4, #32] + 800ada8: f043 0302 orr.w r3, r3, #2 + __HAL_HASH_ENABLE_IT(HASH_IT_DINI|HASH_IT_DCI); + 800adac: 6223 str r3, [r4, #32] + return HAL_OK; + 800adae: e7be b.n 800ad2e + HASH->DIN = *(uint32_t*)inputaddr; + 800adb0: 9901 ldr r1, [sp, #4] + 800adb2: 6809 ldr r1, [r1, #0] + 800adb4: 6061 str r1, [r4, #4] + inputaddr+=4U; + 800adb6: 9901 ldr r1, [sp, #4] + 800adb8: 3104 adds r1, #4 + 800adba: 9101 str r1, [sp, #4] + SizeVar-=4U; + 800adbc: 3a04 subs r2, #4 + polling_step = 1U; /* note that some words are entered before enabling the interrupt */ + 800adbe: 2101 movs r1, #1 + 800adc0: e7e3 b.n 800ad8a + else if (__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS)) + 800adc2: 6a61 ldr r1, [r4, #36] ; 0x24 + __HAL_HASH_SET_NBVALIDBITS(SizeVar); /* Update the configuration of the number of valid bits in last word of the message */ + 800adc4: f002 0503 and.w r5, r2, #3 + else if (__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS)) + 800adc8: f011 0101 ands.w r1, r1, #1 + __HAL_HASH_SET_NBVALIDBITS(SizeVar); /* Update the configuration of the number of valid bits in last word of the message */ + 800adcc: ea4f 05c5 mov.w r5, r5, lsl #3 + else if (__HAL_HASH_GET_FLAG(HASH_FLAG_DINIS)) + 800add0: d012 beq.n 800adf8 + hhash->HashInCount = SizeVar; + 800add2: 6202 str r2, [r0, #32] + hhash->pHashInBuffPtr = (uint8_t *)inputaddr; + 800add4: 9a01 ldr r2, [sp, #4] + 800add6: 60c2 str r2, [r0, #12] + __HAL_HASH_SET_NBVALIDBITS(SizeVar); /* Update the configuration of the number of valid bits in last word of the message */ + 800add8: 68a2 ldr r2, [r4, #8] + 800adda: f022 021f bic.w r2, r2, #31 + 800adde: 432a orrs r2, r5 + 800ade0: 60a2 str r2, [r4, #8] + hhash->pHashOutBuffPtr = pOutBuffer; /* Points at the computed digest */ + 800ade2: 6103 str r3, [r0, #16] + if (initialization_skipped == 1U) + 800ade4: b10e cbz r6, 800adea + hhash->HashITCounter = 3; /* 'cruise-speed' reached during a previous buffer processing */ + 800ade6: 2303 movs r3, #3 + 800ade8: 6243 str r3, [r0, #36] ; 0x24 + __HAL_UNLOCK(hhash); + 800adea: 2200 movs r2, #0 + 800adec: f880 2034 strb.w r2, [r0, #52] ; 0x34 + __HAL_HASH_ENABLE_IT(HASH_IT_DINI|HASH_IT_DCI); + 800adf0: 6a23 ldr r3, [r4, #32] + 800adf2: f043 0303 orr.w r3, r3, #3 + 800adf6: e7d9 b.n 800adac + __HAL_HASH_SET_NBVALIDBITS(SizeVar); + 800adf8: 68a2 ldr r2, [r4, #8] + 800adfa: f022 021f bic.w r2, r2, #31 + 800adfe: 432a orrs r2, r5 + 800ae00: 60a2 str r2, [r4, #8] + HASH->DIN = *(uint32_t*)inputaddr; + 800ae02: 9a01 ldr r2, [sp, #4] + 800ae04: 6812 ldr r2, [r2, #0] + 800ae06: 6062 str r2, [r4, #4] + hhash->pHashOutBuffPtr = pOutBuffer; /* Points at the computed digest */ + 800ae08: 6103 str r3, [r0, #16] + __HAL_HASH_START_DIGEST(); + 800ae0a: 68a3 ldr r3, [r4, #8] + 800ae0c: f443 7380 orr.w r3, r3, #256 ; 0x100 + 800ae10: 60a3 str r3, [r4, #8] + __HAL_UNLOCK(hhash); + 800ae12: f880 1034 strb.w r1, [r0, #52] ; 0x34 + __HAL_HASH_ENABLE_IT(HASH_IT_DCI); + 800ae16: 6a23 ldr r3, [r4, #32] + 800ae18: f043 0302 orr.w r3, r3, #2 + 800ae1c: 6223 str r3, [r4, #32] + return HAL_OK; + 800ae1e: 460a mov r2, r1 + 800ae20: e785 b.n 800ad2e + return HAL_BUSY; + 800ae22: 2202 movs r2, #2 + 800ae24: e783 b.n 800ad2e + 800ae26: 4622 mov r2, r4 + 800ae28: e781 b.n 800ad2e + 800ae2a: bf00 nop + 800ae2c: 50060400 .word 0x50060400 + +0800ae30 : +{ + 800ae30: b513 push {r0, r1, r4, lr} + return HASH_Start_IT(hhash, pInBuffer, Size, pOutBuffer,HASH_ALGOSELECTION_MD5); + 800ae32: 2480 movs r4, #128 ; 0x80 + 800ae34: 9400 str r4, [sp, #0] + 800ae36: f7ff ff6b bl 800ad10 +} + 800ae3a: b002 add sp, #8 + 800ae3c: bd10 pop {r4, pc} + +0800ae3e : + 800ae3e: f7ff bff7 b.w 800ae30 + +0800ae42 : +{ + 800ae42: b513 push {r0, r1, r4, lr} + return HASH_Start_IT(hhash, pInBuffer, Size, pOutBuffer,HASH_ALGOSELECTION_SHA1); + 800ae44: 2400 movs r4, #0 + 800ae46: 9400 str r4, [sp, #0] + 800ae48: f7ff ff62 bl 800ad10 +} + 800ae4c: b002 add sp, #8 + 800ae4e: bd10 pop {r4, pc} + +0800ae50 : + 800ae50: f7ff bff7 b.w 800ae42 + +0800ae54 : + * @param pOutBuffer pointer to the computed digest. + * @param Timeout Timeout value. + * @retval HAL status + */ +HAL_StatusTypeDef HASH_Finish(HASH_HandleTypeDef *hhash, uint8_t* pOutBuffer, uint32_t Timeout) +{ + 800ae54: b570 push {r4, r5, r6, lr} + 800ae56: 4613 mov r3, r2 + + if(hhash->State == HAL_HASH_STATE_READY) + 800ae58: f890 2035 ldrb.w r2, [r0, #53] ; 0x35 + 800ae5c: 2a01 cmp r2, #1 +{ + 800ae5e: 4605 mov r5, r0 + 800ae60: 460e mov r6, r1 + if(hhash->State == HAL_HASH_STATE_READY) + 800ae62: b2d4 uxtb r4, r2 + 800ae64: d12f bne.n 800aec6 + { + /* Check parameter */ + if (pOutBuffer == NULL) + 800ae66: b341 cbz r1, 800aeba + { + return HAL_ERROR; + } + + /* Process Locked */ + __HAL_LOCK(hhash); + 800ae68: f890 2034 ldrb.w r2, [r0, #52] ; 0x34 + 800ae6c: 2a01 cmp r2, #1 + 800ae6e: f04f 0102 mov.w r1, #2 + 800ae72: d028 beq.n 800aec6 + 800ae74: f880 4034 strb.w r4, [r0, #52] ; 0x34 + + /* Change the HASH state to busy */ + hhash->State = HAL_HASH_STATE_BUSY; + 800ae78: f880 1035 strb.w r1, [r0, #53] ; 0x35 + + /* Wait for DCIS flag to be set */ + if (HASH_WaitOnFlagUntilTimeout(hhash, HASH_FLAG_DCIS, RESET, Timeout) != HAL_OK) + 800ae7c: 2200 movs r2, #0 + 800ae7e: f7ff fc3b bl 800a6f8 + 800ae82: 4604 mov r4, r0 + 800ae84: bb08 cbnz r0, 800aeca + { + return HAL_TIMEOUT; + } + + /* Read the message digest */ + HASH_GetDigest(pOutBuffer, HASH_DIGEST_LENGTH()); + 800ae86: 4a12 ldr r2, [pc, #72] ; (800aed0 ) + 800ae88: 4b12 ldr r3, [pc, #72] ; (800aed4 ) + 800ae8a: 6811 ldr r1, [r2, #0] + 800ae8c: 4219 tst r1, r3 + 800ae8e: d016 beq.n 800aebe + 800ae90: 6811 ldr r1, [r2, #0] + 800ae92: 4019 ands r1, r3 + 800ae94: f5b1 2f80 cmp.w r1, #262144 ; 0x40000 + 800ae98: d013 beq.n 800aec2 + 800ae9a: 6812 ldr r2, [r2, #0] + 800ae9c: 4393 bics r3, r2 + 800ae9e: bf0c ite eq + 800aea0: 2120 moveq r1, #32 + 800aea2: 2110 movne r1, #16 + 800aea4: 4630 mov r0, r6 + 800aea6: f7ff fbc5 bl 800a634 + + /* Change the HASH state to ready */ + hhash->State = HAL_HASH_STATE_READY; + 800aeaa: 2301 movs r3, #1 + 800aeac: f885 3035 strb.w r3, [r5, #53] ; 0x35 + + /* Reset HASH state machine */ + hhash->Phase = HAL_HASH_PHASE_READY; + 800aeb0: f885 302d strb.w r3, [r5, #45] ; 0x2d + + /* Process UnLock */ + __HAL_UNLOCK(hhash); + 800aeb4: 2300 movs r3, #0 + 800aeb6: f885 3034 strb.w r3, [r5, #52] ; 0x34 + else + { + return HAL_BUSY; + } + +} + 800aeba: 4620 mov r0, r4 + 800aebc: bd70 pop {r4, r5, r6, pc} + HASH_GetDigest(pOutBuffer, HASH_DIGEST_LENGTH()); + 800aebe: 2114 movs r1, #20 + 800aec0: e7f0 b.n 800aea4 + 800aec2: 211c movs r1, #28 + 800aec4: e7ee b.n 800aea4 + return HAL_BUSY; + 800aec6: 2402 movs r4, #2 + 800aec8: e7f7 b.n 800aeba + return HAL_TIMEOUT; + 800aeca: 2403 movs r4, #3 + 800aecc: e7f5 b.n 800aeba + 800aece: bf00 nop + 800aed0: 50060400 .word 0x50060400 + 800aed4: 00040080 .word 0x00040080 + +0800aed8 : + * @param Timeout Timeout value. + * @param Algorithm HASH algorithm. + * @retval HAL status + */ +HAL_StatusTypeDef HMAC_Start(HASH_HandleTypeDef *hhash, uint8_t *pInBuffer, uint32_t Size, uint8_t* pOutBuffer, uint32_t Timeout, uint32_t Algorithm) +{ + 800aed8: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 800aedc: 4604 mov r4, r0 + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800aede: f890 0035 ldrb.w r0, [r0, #53] ; 0x35 + + /* If State is ready or suspended, start or resume polling-based HASH processing */ +if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800aee2: 2801 cmp r0, #1 +{ + 800aee4: e9dd 7e06 ldrd r7, lr, [sp, #24] + HAL_HASH_StateTypeDef State_tmp = hhash->State; + 800aee8: b2c5 uxtb r5, r0 +if((State_tmp == HAL_HASH_STATE_READY) || (State_tmp == HAL_HASH_STATE_SUSPENDED)) + 800aeea: d002 beq.n 800aef2 + 800aeec: 2d08 cmp r5, #8 + 800aeee: f040 80df bne.w 800b0b0 + { + /* Check input parameters */ + if ((pInBuffer == NULL) || /*(Size == 0U) ||*/ (hhash->Init.pKey == NULL) || (hhash->Init.KeySize == 0U) || (pOutBuffer == NULL)) + 800aef2: b139 cbz r1, 800af04 + 800aef4: f8d4 c008 ldr.w ip, [r4, #8] + 800aef8: f1bc 0f00 cmp.w ip, #0 + 800aefc: d002 beq.n 800af04 + 800aefe: 6865 ldr r5, [r4, #4] + 800af00: b105 cbz r5, 800af04 + 800af02: b923 cbnz r3, 800af0e + { + hhash->State = HAL_HASH_STATE_READY; + 800af04: 2001 movs r0, #1 + 800af06: f884 0035 strb.w r0, [r4, #53] ; 0x35 + return HMAC_Processing(hhash, Timeout); + + } + else + { + return HAL_BUSY; + 800af0a: 4605 mov r5, r0 + 800af0c: e05b b.n 800afc6 + __HAL_LOCK(hhash); + 800af0e: f894 0034 ldrb.w r0, [r4, #52] ; 0x34 + 800af12: 2801 cmp r0, #1 + 800af14: f04f 0002 mov.w r0, #2 + 800af18: d0f7 beq.n 800af0a + hhash->State = HAL_HASH_STATE_BUSY; + 800af1a: f884 0035 strb.w r0, [r4, #53] ; 0x35 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800af1e: f894 002d ldrb.w r0, [r4, #45] ; 0x2d + __HAL_LOCK(hhash); + 800af22: 2601 movs r6, #1 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800af24: 42b0 cmp r0, r6 + __HAL_LOCK(hhash); + 800af26: f884 6034 strb.w r6, [r4, #52] ; 0x34 + if(hhash->Phase == HAL_HASH_PHASE_READY) + 800af2a: d118 bne.n 800af5e + if(hhash->Init.KeySize > 64U) + 800af2c: 4e61 ldr r6, [pc, #388] ; (800b0b4 ) + 800af2e: f8df 818c ldr.w r8, [pc, #396] ; 800b0bc + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_ALGOMODE_HMAC | HASH_HMAC_KEYTYPE_LONGKEY | HASH_CR_INIT); + 800af32: 6830 ldr r0, [r6, #0] + 800af34: ea00 0008 and.w r0, r0, r8 + 800af38: ea40 000e orr.w r0, r0, lr + if(hhash->Init.KeySize > 64U) + 800af3c: 2d40 cmp r5, #64 ; 0x40 + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_ALGOMODE_HMAC | HASH_HMAC_KEYTYPE_LONGKEY | HASH_CR_INIT); + 800af3e: bf88 it hi + 800af40: f440 3080 orrhi.w r0, r0, #65536 ; 0x10000 + MODIFY_REG(HASH->CR, HASH_CR_LKEY|HASH_CR_ALGO|HASH_CR_MODE|HASH_CR_INIT, Algorithm | HASH_ALGOMODE_HMAC | HASH_CR_INIT); + 800af44: f040 0044 orr.w r0, r0, #68 ; 0x44 + 800af48: 6030 str r0, [r6, #0] + hhash->pHashInBuffPtr = pInBuffer; /* Input data address, HMAC_Processing input parameter for Step 2 */ + 800af4a: e9c4 1303 strd r1, r3, [r4, #12] + hhash->Phase = HAL_HASH_PHASE_HMAC_STEP_1; + 800af4e: 2003 movs r0, #3 + hhash->HashInCount = Size; /* Input data size, HMAC_Processing input parameter for Step 2 */ + 800af50: 6222 str r2, [r4, #32] + hhash->Phase = HAL_HASH_PHASE_HMAC_STEP_1; + 800af52: f884 002d strb.w r0, [r4, #45] ; 0x2d + hhash->HashBuffSize = Size; /* Store the input buffer size for the whole HMAC process */ + 800af56: 61e2 str r2, [r4, #28] + hhash->pHashKeyBuffPtr = hhash->Init.pKey; /* Key address, HMAC_Processing input parameter for Step 1 and Step 3 */ + 800af58: f8c4 c014 str.w ip, [r4, #20] + hhash->HashKeyCount = hhash->Init.KeySize; /* Key size, HMAC_Processing input parameter for Step 1 and Step 3 */ + 800af5c: 62a5 str r5, [r4, #40] ; 0x28 + if ((hhash->Phase != HAL_HASH_PHASE_HMAC_STEP_1) && (hhash->Phase != HAL_HASH_PHASE_HMAC_STEP_2) && (hhash->Phase != HAL_HASH_PHASE_HMAC_STEP_3)) + 800af5e: f894 302d ldrb.w r3, [r4, #45] ; 0x2d + 800af62: 1eda subs r2, r3, #3 + 800af64: 2a02 cmp r2, #2 + 800af66: d906 bls.n 800af76 + hhash->State = HAL_HASH_STATE_READY; + 800af68: 2001 movs r0, #1 + __HAL_UNLOCK(hhash); + 800af6a: 2300 movs r3, #0 + hhash->State = HAL_HASH_STATE_READY; + 800af6c: f884 0035 strb.w r0, [r4, #53] ; 0x35 + __HAL_UNLOCK(hhash); + 800af70: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_ERROR; + 800af74: e7c9 b.n 800af0a + if (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_1) + 800af76: 2b03 cmp r3, #3 + 800af78: 4e4e ldr r6, [pc, #312] ; (800b0b4 ) + 800af7a: d155 bne.n 800b028 + __HAL_HASH_SET_NBVALIDBITS(hhash->Init.KeySize); + 800af7c: 68b3 ldr r3, [r6, #8] + hhash->Status = HASH_WriteData(hhash, hhash->pHashKeyBuffPtr, hhash->HashKeyCount); + 800af7e: 6961 ldr r1, [r4, #20] + __HAL_HASH_SET_NBVALIDBITS(hhash->Init.KeySize); + 800af80: f023 031f bic.w r3, r3, #31 + 800af84: f005 0503 and.w r5, r5, #3 + 800af88: ea43 05c5 orr.w r5, r3, r5, lsl #3 + 800af8c: 60b5 str r5, [r6, #8] + hhash->Status = HASH_WriteData(hhash, hhash->pHashKeyBuffPtr, hhash->HashKeyCount); + 800af8e: 6aa2 ldr r2, [r4, #40] ; 0x28 + 800af90: 4620 mov r0, r4 + 800af92: f7ff fb0f bl 800a5b4 + 800af96: 4605 mov r5, r0 + 800af98: f884 002c strb.w r0, [r4, #44] ; 0x2c + if (hhash->Status != HAL_OK) + 800af9c: b998 cbnz r0, 800afc6 + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800af9e: f894 3035 ldrb.w r3, [r4, #53] ; 0x35 + 800afa2: 2b08 cmp r3, #8 + 800afa4: d103 bne.n 800afae + __HAL_UNLOCK(hhash); + 800afa6: 2000 movs r0, #0 + 800afa8: f884 0034 strb.w r0, [r4, #52] ; 0x34 + return HAL_OK; + 800afac: e7ad b.n 800af0a + __HAL_HASH_START_DIGEST(); + 800afae: 68b3 ldr r3, [r6, #8] + 800afb0: f443 7380 orr.w r3, r3, #256 ; 0x100 + 800afb4: 60b3 str r3, [r6, #8] + if (HASH_WaitOnFlagUntilTimeout(hhash, HASH_FLAG_BUSY, SET, Timeout) != HAL_OK) + 800afb6: 2201 movs r2, #1 + 800afb8: 463b mov r3, r7 + 800afba: 2108 movs r1, #8 + 800afbc: 4620 mov r0, r4 + 800afbe: f7ff fb9b bl 800a6f8 + 800afc2: b118 cbz r0, 800afcc + return HAL_TIMEOUT; + 800afc4: 2503 movs r5, #3 + } +} + 800afc6: 4628 mov r0, r5 + 800afc8: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + hhash->Phase = HAL_HASH_PHASE_HMAC_STEP_2; + 800afcc: 2304 movs r3, #4 + 800afce: f884 302d strb.w r3, [r4, #45] ; 0x2d + __HAL_HASH_SET_NBVALIDBITS(hhash->HashBuffSize); + 800afd2: 68b3 ldr r3, [r6, #8] + 800afd4: 69e2 ldr r2, [r4, #28] + hhash->Status = HASH_WriteData(hhash, hhash->pHashInBuffPtr, hhash->HashInCount); + 800afd6: 68e1 ldr r1, [r4, #12] + __HAL_HASH_SET_NBVALIDBITS(hhash->HashBuffSize); + 800afd8: f002 0203 and.w r2, r2, #3 + 800afdc: f023 031f bic.w r3, r3, #31 + 800afe0: ea43 03c2 orr.w r3, r3, r2, lsl #3 + 800afe4: 60b3 str r3, [r6, #8] + hhash->Status = HASH_WriteData(hhash, hhash->pHashInBuffPtr, hhash->HashInCount); + 800afe6: 6a22 ldr r2, [r4, #32] + 800afe8: 4620 mov r0, r4 + 800afea: f7ff fae3 bl 800a5b4 + 800afee: 4605 mov r5, r0 + 800aff0: f884 002c strb.w r0, [r4, #44] ; 0x2c + if (hhash->Status != HAL_OK) + 800aff4: 2800 cmp r0, #0 + 800aff6: d1e6 bne.n 800afc6 + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800aff8: f894 3035 ldrb.w r3, [r4, #53] ; 0x35 + 800affc: 2b08 cmp r3, #8 + 800affe: d0d2 beq.n 800afa6 + __HAL_HASH_START_DIGEST(); + 800b000: 68b3 ldr r3, [r6, #8] + 800b002: f443 7380 orr.w r3, r3, #256 ; 0x100 + 800b006: 60b3 str r3, [r6, #8] + if (HASH_WaitOnFlagUntilTimeout(hhash, HASH_FLAG_BUSY, SET, Timeout) != HAL_OK) + 800b008: 2201 movs r2, #1 + 800b00a: 463b mov r3, r7 + 800b00c: 2108 movs r1, #8 + 800b00e: 4620 mov r0, r4 + 800b010: f7ff fb72 bl 800a6f8 + 800b014: 2800 cmp r0, #0 + 800b016: d1d5 bne.n 800afc4 + hhash->Phase = HAL_HASH_PHASE_HMAC_STEP_3; + 800b018: 2305 movs r3, #5 + 800b01a: f884 302d strb.w r3, [r4, #45] ; 0x2d + hhash->pHashKeyBuffPtr = hhash->Init.pKey; + 800b01e: 68a3 ldr r3, [r4, #8] + 800b020: 6163 str r3, [r4, #20] + hhash->HashKeyCount = hhash->Init.KeySize; + 800b022: 6863 ldr r3, [r4, #4] + 800b024: 62a3 str r3, [r4, #40] ; 0x28 + if (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_3) + 800b026: e001 b.n 800b02c + if (hhash->Phase == HAL_HASH_PHASE_HMAC_STEP_2) + 800b028: 2b04 cmp r3, #4 + 800b02a: d0d2 beq.n 800afd2 + __HAL_HASH_SET_NBVALIDBITS(hhash->Init.KeySize); + 800b02c: 68b3 ldr r3, [r6, #8] + 800b02e: 6862 ldr r2, [r4, #4] + hhash->Status = HASH_WriteData(hhash, hhash->pHashKeyBuffPtr, hhash->HashKeyCount); + 800b030: 6961 ldr r1, [r4, #20] + __HAL_HASH_SET_NBVALIDBITS(hhash->Init.KeySize); + 800b032: f002 0203 and.w r2, r2, #3 + 800b036: f023 031f bic.w r3, r3, #31 + 800b03a: ea43 03c2 orr.w r3, r3, r2, lsl #3 + 800b03e: 60b3 str r3, [r6, #8] + hhash->Status = HASH_WriteData(hhash, hhash->pHashKeyBuffPtr, hhash->HashKeyCount); + 800b040: 6aa2 ldr r2, [r4, #40] ; 0x28 + 800b042: 4620 mov r0, r4 + 800b044: f7ff fab6 bl 800a5b4 + 800b048: 4605 mov r5, r0 + 800b04a: f884 002c strb.w r0, [r4, #44] ; 0x2c + if (hhash->Status != HAL_OK) + 800b04e: 2800 cmp r0, #0 + 800b050: d1b9 bne.n 800afc6 + if (hhash->State == HAL_HASH_STATE_SUSPENDED) + 800b052: f894 3035 ldrb.w r3, [r4, #53] ; 0x35 + 800b056: 2b08 cmp r3, #8 + 800b058: d0a5 beq.n 800afa6 + __HAL_HASH_START_DIGEST(); + 800b05a: 68b3 ldr r3, [r6, #8] + 800b05c: f443 7380 orr.w r3, r3, #256 ; 0x100 + 800b060: 60b3 str r3, [r6, #8] + if (HASH_WaitOnFlagUntilTimeout(hhash, HASH_FLAG_DCIS, RESET, Timeout) != HAL_OK) + 800b062: 4602 mov r2, r0 + 800b064: 463b mov r3, r7 + 800b066: 2102 movs r1, #2 + 800b068: 4620 mov r0, r4 + 800b06a: f7ff fb45 bl 800a6f8 + 800b06e: 4605 mov r5, r0 + 800b070: 2800 cmp r0, #0 + 800b072: d1a7 bne.n 800afc4 + HASH_GetDigest(hhash->pHashOutBuffPtr, HASH_DIGEST_LENGTH()); + 800b074: 6832 ldr r2, [r6, #0] + 800b076: 4b10 ldr r3, [pc, #64] ; (800b0b8 ) + 800b078: 6920 ldr r0, [r4, #16] + 800b07a: 421a tst r2, r3 + 800b07c: d014 beq.n 800b0a8 + 800b07e: 6832 ldr r2, [r6, #0] + 800b080: 401a ands r2, r3 + 800b082: f5b2 2f80 cmp.w r2, #262144 ; 0x40000 + 800b086: d011 beq.n 800b0ac + 800b088: 6832 ldr r2, [r6, #0] + 800b08a: 4393 bics r3, r2 + 800b08c: bf0c ite eq + 800b08e: 2120 moveq r1, #32 + 800b090: 2110 movne r1, #16 + 800b092: f7ff facf bl 800a634 + hhash->Phase = HAL_HASH_PHASE_READY; + 800b096: 2301 movs r3, #1 + 800b098: f884 302d strb.w r3, [r4, #45] ; 0x2d + hhash->State = HAL_HASH_STATE_READY; + 800b09c: f884 3035 strb.w r3, [r4, #53] ; 0x35 + __HAL_UNLOCK(hhash); + 800b0a0: 2300 movs r3, #0 + 800b0a2: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_OK; + 800b0a6: e78e b.n 800afc6 + HASH_GetDigest(hhash->pHashOutBuffPtr, HASH_DIGEST_LENGTH()); + 800b0a8: 2114 movs r1, #20 + 800b0aa: e7f2 b.n 800b092 + 800b0ac: 211c movs r1, #28 + 800b0ae: e7f0 b.n 800b092 + return HAL_BUSY; + 800b0b0: 2502 movs r5, #2 + 800b0b2: e788 b.n 800afc6 + 800b0b4: 50060400 .word 0x50060400 + 800b0b8: 00040080 .word 0x00040080 + 800b0bc: fffaff3b .word 0xfffaff3b + +0800b0c0 : + * @param Tickstart : Tick start value + * @retval HAL status + */ +static HAL_StatusTypeDef OSPI_WaitFlagStateUntilTimeout(OSPI_HandleTypeDef *hospi, uint32_t Flag, + FlagStatus State, uint32_t Tickstart, uint32_t Timeout) +{ + 800b0c0: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 800b0c4: f8dd 8018 ldr.w r8, [sp, #24] + 800b0c8: 4604 mov r4, r0 + 800b0ca: 460e mov r6, r1 + 800b0cc: 4615 mov r5, r2 + 800b0ce: 461f mov r7, r3 + /* Wait until flag is in expected state */ + while((__HAL_OSPI_GET_FLAG(hospi, Flag)) != State) + 800b0d0: 6822 ldr r2, [r4, #0] + 800b0d2: 6a13 ldr r3, [r2, #32] + 800b0d4: 4233 tst r3, r6 + 800b0d6: bf14 ite ne + 800b0d8: 2301 movne r3, #1 + 800b0da: 2300 moveq r3, #0 + 800b0dc: 42ab cmp r3, r5 + 800b0de: d101 bne.n 800b0e4 + + return HAL_ERROR; + } + } + } + return HAL_OK; + 800b0e0: 2000 movs r0, #0 + 800b0e2: e012 b.n 800b10a + if (Timeout != HAL_MAX_DELAY) + 800b0e4: f1b8 3fff cmp.w r8, #4294967295 ; 0xffffffff + 800b0e8: d0f3 beq.n 800b0d2 + if(((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 800b0ea: f7fc f97d bl 80073e8 + 800b0ee: 1bc0 subs r0, r0, r7 + 800b0f0: 4540 cmp r0, r8 + 800b0f2: d802 bhi.n 800b0fa + 800b0f4: f1b8 0f00 cmp.w r8, #0 + 800b0f8: d1ea bne.n 800b0d0 + hospi->State = HAL_OSPI_STATE_ERROR; + 800b0fa: f44f 7300 mov.w r3, #512 ; 0x200 + 800b0fe: 6463 str r3, [r4, #68] ; 0x44 + hospi->ErrorCode |= HAL_OSPI_ERROR_TIMEOUT; + 800b100: 6ca3 ldr r3, [r4, #72] ; 0x48 + 800b102: f043 0301 orr.w r3, r3, #1 + 800b106: 64a3 str r3, [r4, #72] ; 0x48 + 800b108: 2001 movs r0, #1 +} + 800b10a: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + +0800b10e : +} + 800b10e: 4770 bx lr + +0800b110 : +{ + 800b110: b5f0 push {r4, r5, r6, r7, lr} + 800b112: b085 sub sp, #20 + 800b114: 4604 mov r4, r0 + uint32_t tickstart = HAL_GetTick(); + 800b116: f7fc f967 bl 80073e8 + 800b11a: 4603 mov r3, r0 + if (hospi == NULL) + 800b11c: 2c00 cmp r4, #0 + 800b11e: d05d beq.n 800b1dc + hospi->ErrorCode = HAL_OSPI_ERROR_NONE; + 800b120: 2000 movs r0, #0 + 800b122: 64a0 str r0, [r4, #72] ; 0x48 + if (hospi->State == HAL_OSPI_STATE_RESET) + 800b124: 6c66 ldr r6, [r4, #68] ; 0x44 + 800b126: 2e00 cmp r6, #0 + 800b128: d156 bne.n 800b1d8 + HAL_OSPI_MspInit(hospi); + 800b12a: 4620 mov r0, r4 + 800b12c: 9303 str r3, [sp, #12] + 800b12e: f7ff ffee bl 800b10e + MODIFY_REG(hospi->Instance->DCR1, + 800b132: 6b20 ldr r0, [r4, #48] ; 0x30 + 800b134: 68e1 ldr r1, [r4, #12] + 800b136: 6825 ldr r5, [r4, #0] + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_BUSY, RESET, tickstart, hospi->Timeout); + 800b138: 9b03 ldr r3, [sp, #12] + MODIFY_REG(hospi->Instance->DCR1, + 800b13a: 68af ldr r7, [r5, #8] + 800b13c: 4301 orrs r1, r0 + 800b13e: 69e0 ldr r0, [r4, #28] + 800b140: 4301 orrs r1, r0 + 800b142: 4827 ldr r0, [pc, #156] ; (800b1e0 ) + 800b144: 4038 ands r0, r7 + 800b146: 4301 orrs r1, r0 + 800b148: 6920 ldr r0, [r4, #16] + 800b14a: 3801 subs r0, #1 + 800b14c: ea41 4100 orr.w r1, r1, r0, lsl #16 + 800b150: 6960 ldr r0, [r4, #20] + 800b152: 3801 subs r0, #1 + hospi->Timeout = Timeout; + 800b154: f241 3288 movw r2, #5000 ; 0x1388 + MODIFY_REG(hospi->Instance->DCR1, + 800b158: ea41 2100 orr.w r1, r1, r0, lsl #8 + hospi->Timeout = Timeout; + 800b15c: 64e2 str r2, [r4, #76] ; 0x4c + MODIFY_REG(hospi->Instance->DCR1, + 800b15e: 60a9 str r1, [r5, #8] + hospi->Instance->DCR3 = (hospi->Init.ChipSelectBoundary << OCTOSPI_DCR3_CSBOUND_Pos); + 800b160: 6ae1 ldr r1, [r4, #44] ; 0x2c + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FTHRES, ((hospi->Init.FifoThreshold - 1U) << OCTOSPI_CR_FTHRES_Pos)); + 800b162: 6860 ldr r0, [r4, #4] + hospi->Instance->DCR3 = (hospi->Init.ChipSelectBoundary << OCTOSPI_DCR3_CSBOUND_Pos); + 800b164: 0409 lsls r1, r1, #16 + 800b166: 6129 str r1, [r5, #16] + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FTHRES, ((hospi->Init.FifoThreshold - 1U) << OCTOSPI_CR_FTHRES_Pos)); + 800b168: 6829 ldr r1, [r5, #0] + 800b16a: 3801 subs r0, #1 + 800b16c: f421 51f8 bic.w r1, r1, #7936 ; 0x1f00 + 800b170: ea41 2100 orr.w r1, r1, r0, lsl #8 + 800b174: 6029 str r1, [r5, #0] + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_BUSY, RESET, tickstart, hospi->Timeout); + 800b176: 4620 mov r0, r4 + 800b178: 9200 str r2, [sp, #0] + 800b17a: 2120 movs r1, #32 + 800b17c: 4632 mov r2, r6 + 800b17e: f7ff ff9f bl 800b0c0 + if (status == HAL_OK) + 800b182: bb48 cbnz r0, 800b1d8 + MODIFY_REG(hospi->Instance->DCR2, OCTOSPI_DCR2_PRESCALER, ((hospi->Init.ClockPrescaler - 1U) << OCTOSPI_DCR2_PRESCALER_Pos)); + 800b184: 6823 ldr r3, [r4, #0] + 800b186: 6a22 ldr r2, [r4, #32] + 800b188: 68d9 ldr r1, [r3, #12] + 800b18a: 3a01 subs r2, #1 + 800b18c: f021 01ff bic.w r1, r1, #255 ; 0xff + 800b190: 430a orrs r2, r1 + 800b192: 60da str r2, [r3, #12] + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_DQM, hospi->Init.DualQuad); + 800b194: 681a ldr r2, [r3, #0] + 800b196: 68a1 ldr r1, [r4, #8] + 800b198: f022 0240 bic.w r2, r2, #64 ; 0x40 + 800b19c: 430a orrs r2, r1 + 800b19e: 601a str r2, [r3, #0] + MODIFY_REG(hospi->Instance->TCR, (OCTOSPI_TCR_SSHIFT | OCTOSPI_TCR_DHQC), (hospi->Init.SampleShifting | hospi->Init.DelayHoldQuarterCycle)); + 800b1a0: e9d4 2509 ldrd r2, r5, [r4, #36] ; 0x24 + 800b1a4: f8d3 1108 ldr.w r1, [r3, #264] ; 0x108 + 800b1a8: 432a orrs r2, r5 + 800b1aa: f021 41a0 bic.w r1, r1, #1342177280 ; 0x50000000 + 800b1ae: 430a orrs r2, r1 + 800b1b0: f8c3 2108 str.w r2, [r3, #264] ; 0x108 + __HAL_OSPI_ENABLE(hospi); + 800b1b4: 681a ldr r2, [r3, #0] + 800b1b6: f042 0201 orr.w r2, r2, #1 + 800b1ba: 601a str r2, [r3, #0] + if (hospi->Init.FreeRunningClock == HAL_OSPI_FREERUNCLK_ENABLE) + 800b1bc: 69a2 ldr r2, [r4, #24] + 800b1be: 2a02 cmp r2, #2 + SET_BIT(hospi->Instance->DCR1, OCTOSPI_DCR1_FRCK); + 800b1c0: bf02 ittt eq + 800b1c2: 689a ldreq r2, [r3, #8] + 800b1c4: f042 0202 orreq.w r2, r2, #2 + 800b1c8: 609a streq r2, [r3, #8] + if (hospi->Init.MemoryType == HAL_OSPI_MEMTYPE_HYPERBUS) + 800b1ca: 68e3 ldr r3, [r4, #12] + 800b1cc: f1b3 6f80 cmp.w r3, #67108864 ; 0x4000000 + hospi->State = HAL_OSPI_STATE_HYPERBUS_INIT; + 800b1d0: bf0c ite eq + 800b1d2: 2301 moveq r3, #1 + hospi->State = HAL_OSPI_STATE_READY; + 800b1d4: 2302 movne r3, #2 + 800b1d6: 6463 str r3, [r4, #68] ; 0x44 +} + 800b1d8: b005 add sp, #20 + 800b1da: bdf0 pop {r4, r5, r6, r7, pc} + status = HAL_ERROR; + 800b1dc: 2001 movs r0, #1 + 800b1de: e7fb b.n 800b1d8 + 800b1e0: f8e0f8f4 .word 0xf8e0f8f4 + +0800b1e4 : +{ + 800b1e4: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 800b1e8: 4605 mov r5, r0 + 800b1ea: b085 sub sp, #20 + 800b1ec: 460c mov r4, r1 + 800b1ee: 9202 str r2, [sp, #8] + uint32_t tickstart = HAL_GetTick(); + 800b1f0: f7fc f8fa bl 80073e8 + state = hospi->State; + 800b1f4: 6c6a ldr r2, [r5, #68] ; 0x44 + if (((state == HAL_OSPI_STATE_READY) && (hospi->Init.MemoryType != HAL_OSPI_MEMTYPE_HYPERBUS)) || + 800b1f6: 2a02 cmp r2, #2 + uint32_t tickstart = HAL_GetTick(); + 800b1f8: ee07 0a90 vmov s15, r0 + if (((state == HAL_OSPI_STATE_READY) && (hospi->Init.MemoryType != HAL_OSPI_MEMTYPE_HYPERBUS)) || + 800b1fc: d105 bne.n 800b20a + 800b1fe: 68ea ldr r2, [r5, #12] + 800b200: f1b2 6f80 cmp.w r2, #67108864 ; 0x4000000 + 800b204: d107 bne.n 800b216 + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b206: 2310 movs r3, #16 + 800b208: e109 b.n 800b41e + if (((state == HAL_OSPI_STATE_READY) && (hospi->Init.MemoryType != HAL_OSPI_MEMTYPE_HYPERBUS)) || + 800b20a: 2a14 cmp r2, #20 + 800b20c: f040 8084 bne.w 800b318 + ((state == HAL_OSPI_STATE_READ_CMD_CFG) && (cmd->OperationType == HAL_OSPI_OPTYPE_WRITE_CFG)) || + 800b210: 6822 ldr r2, [r4, #0] + 800b212: 2a02 cmp r2, #2 + ((state == HAL_OSPI_STATE_WRITE_CMD_CFG) && (cmd->OperationType == HAL_OSPI_OPTYPE_READ_CFG))) + 800b214: d1f7 bne.n 800b206 + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_BUSY, RESET, tickstart, Timeout); + 800b216: 9a02 ldr r2, [sp, #8] + 800b218: 9200 str r2, [sp, #0] + 800b21a: ee17 3a90 vmov r3, s15 + 800b21e: 2200 movs r2, #0 + 800b220: 2120 movs r1, #32 + 800b222: 4628 mov r0, r5 + 800b224: edcd 7a03 vstr s15, [sp, #12] + 800b228: f7ff ff4a bl 800b0c0 + if (status == HAL_OK) + 800b22c: eddd 7a03 vldr s15, [sp, #12] + 800b230: 2800 cmp r0, #0 + 800b232: f040 80b9 bne.w 800b3a8 +{ + HAL_StatusTypeDef status = HAL_OK; + __IO uint32_t *ccr_reg, *tcr_reg, *ir_reg, *abr_reg; + + /* Re-initialize the value of the functional mode */ + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FMODE, 0U); + 800b236: 6829 ldr r1, [r5, #0] + hospi->ErrorCode = HAL_OSPI_ERROR_NONE; + 800b238: 64a8 str r0, [r5, #72] ; 0x48 + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FMODE, 0U); + 800b23a: 680a ldr r2, [r1, #0] + 800b23c: f022 5240 bic.w r2, r2, #805306368 ; 0x30000000 + 800b240: 600a str r2, [r1, #0] + + /* Configure the flash ID */ + if (hospi->Init.DualQuad == HAL_OSPI_DUALQUAD_DISABLE) + 800b242: 68aa ldr r2, [r5, #8] + 800b244: b92a cbnz r2, 800b252 + { + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FSEL, cmd->FlashId); + 800b246: 680a ldr r2, [r1, #0] + 800b248: 6866 ldr r6, [r4, #4] + 800b24a: f022 0280 bic.w r2, r2, #128 ; 0x80 + 800b24e: 4332 orrs r2, r6 + 800b250: 600a str r2, [r1, #0] + } + + if (cmd->OperationType == HAL_OSPI_OPTYPE_WRITE_CFG) + 800b252: 6822 ldr r2, [r4, #0] + ir_reg = &(hospi->Instance->IR); + abr_reg = &(hospi->Instance->ABR); + } + + /* Configure the CCR register with DQS and SIOO modes */ + *ccr_reg = (cmd->DQSMode | cmd->SIOOMode); + 800b254: e9d4 6712 ldrd r6, r7, [r4, #72] ; 0x48 + if (cmd->OperationType == HAL_OSPI_OPTYPE_WRITE_CFG) + 800b258: 2a02 cmp r2, #2 + ccr_reg = &(hospi->Instance->WCCR); + 800b25a: bf0c ite eq + 800b25c: f501 72c0 addeq.w r2, r1, #384 ; 0x180 + ccr_reg = &(hospi->Instance->CCR); + 800b260: f501 7280 addne.w r2, r1, #256 ; 0x100 + *ccr_reg = (cmd->DQSMode | cmd->SIOOMode); + 800b264: ea46 0607 orr.w r6, r6, r7 + 800b268: 6016 str r6, [r2, #0] + + if (cmd->AlternateBytesMode != HAL_OSPI_ALTERNATE_BYTES_NONE) + 800b26a: 6ae6 ldr r6, [r4, #44] ; 0x2c + tcr_reg = &(hospi->Instance->WTCR); + 800b26c: bf03 ittte eq + 800b26e: f501 7cc4 addeq.w ip, r1, #392 ; 0x188 + ir_reg = &(hospi->Instance->WIR); + 800b272: f501 7ec8 addeq.w lr, r1, #400 ; 0x190 + abr_reg = &(hospi->Instance->WABR); + 800b276: f501 78d0 addeq.w r8, r1, #416 ; 0x1a0 + tcr_reg = &(hospi->Instance->TCR); + 800b27a: f501 7c84 addne.w ip, r1, #264 ; 0x108 + ir_reg = &(hospi->Instance->IR); + 800b27e: bf1c itt ne + 800b280: f501 7e88 addne.w lr, r1, #272 ; 0x110 + abr_reg = &(hospi->Instance->ABR); + 800b284: f501 7890 addne.w r8, r1, #288 ; 0x120 + if (cmd->AlternateBytesMode != HAL_OSPI_ALTERNATE_BYTES_NONE) + 800b288: b16e cbz r6, 800b2a6 + { + /* Configure the ABR register with alternate bytes value */ + *abr_reg = cmd->AlternateBytes; + 800b28a: 6aa6 ldr r6, [r4, #40] ; 0x28 + 800b28c: f8c8 6000 str.w r6, [r8] + + /* Configure the CCR register with alternate bytes communication parameters */ + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_ABMODE | OCTOSPI_CCR_ABDTR | OCTOSPI_CCR_ABSIZE), + 800b290: 6ae3 ldr r3, [r4, #44] ; 0x2c + 800b292: 6b67 ldr r7, [r4, #52] ; 0x34 + 800b294: 6816 ldr r6, [r2, #0] + 800b296: 431f orrs r7, r3 + 800b298: 6b23 ldr r3, [r4, #48] ; 0x30 + 800b29a: f426 187c bic.w r8, r6, #4128768 ; 0x3f0000 + 800b29e: 431f orrs r7, r3 + 800b2a0: ea47 0708 orr.w r7, r7, r8 + 800b2a4: 6017 str r7, [r2, #0] + (cmd->AlternateBytesMode | cmd->AlternateBytesDtrMode | cmd->AlternateBytesSize)); + } + + /* Configure the TCR register with the number of dummy cycles */ + MODIFY_REG((*tcr_reg), OCTOSPI_TCR_DCYC, cmd->DummyCycles); + 800b2a6: f8dc 7000 ldr.w r7, [ip] + 800b2aa: 6c66 ldr r6, [r4, #68] ; 0x44 + 800b2ac: f027 071f bic.w r7, r7, #31 + 800b2b0: 433e orrs r6, r7 + 800b2b2: f8cc 6000 str.w r6, [ip] + + if (cmd->DataMode != HAL_OSPI_DATA_NONE) + 800b2b6: f8d4 c038 ldr.w ip, [r4, #56] ; 0x38 + 800b2ba: f1bc 0f00 cmp.w ip, #0 + 800b2be: d004 beq.n 800b2ca + { + if (cmd->OperationType == HAL_OSPI_OPTYPE_COMMON_CFG) + 800b2c0: 6827 ldr r7, [r4, #0] + 800b2c2: b917 cbnz r7, 800b2ca + { + /* Configure the DLR register with the number of data */ + hospi->Instance->DLR = (cmd->NbData - 1U); + 800b2c4: 6be7 ldr r7, [r4, #60] ; 0x3c + 800b2c6: 3f01 subs r7, #1 + 800b2c8: 640f str r7, [r1, #64] ; 0x40 + } + } + + if (cmd->InstructionMode != HAL_OSPI_INSTRUCTION_NONE) + 800b2ca: 68e6 ldr r6, [r4, #12] + { + if (cmd->AddressMode != HAL_OSPI_ADDRESS_NONE) + 800b2cc: 69e7 ldr r7, [r4, #28] + if (cmd->InstructionMode != HAL_OSPI_INSTRUCTION_NONE) + 800b2ce: 2e00 cmp r6, #0 + 800b2d0: f000 8082 beq.w 800b3d8 + if (cmd->DataMode != HAL_OSPI_DATA_NONE) + { + /* ---- Command with instruction, address and data ---- */ + + /* Configure the CCR register with all communication parameters */ + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_IMODE | OCTOSPI_CCR_IDTR | OCTOSPI_CCR_ISIZE | + 800b2d4: e9d4 8904 ldrd r8, r9, [r4, #16] + if (cmd->AddressMode != HAL_OSPI_ADDRESS_NONE) + 800b2d8: 2f00 cmp r7, #0 + 800b2da: d040 beq.n 800b35e + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_IMODE | OCTOSPI_CCR_IDTR | OCTOSPI_CCR_ISIZE | + 800b2dc: e9d4 ab08 ldrd sl, fp, [r4, #32] + if (cmd->DataMode != HAL_OSPI_DATA_NONE) + 800b2e0: f1bc 0f00 cmp.w ip, #0 + 800b2e4: d01e beq.n 800b324 + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_IMODE | OCTOSPI_CCR_IDTR | OCTOSPI_CCR_ISIZE | + 800b2e6: ea4c 0606 orr.w r6, ip, r6 + 800b2ea: 433e orrs r6, r7 + 800b2ec: ea46 0909 orr.w r9, r6, r9 + 800b2f0: ea49 0808 orr.w r8, r9, r8 + 800b2f4: 6813 ldr r3, [r2, #0] + 800b2f6: 6c26 ldr r6, [r4, #64] ; 0x40 + 800b2f8: 4f52 ldr r7, [pc, #328] ; (800b444 ) + 800b2fa: ea48 0b0b orr.w fp, r8, fp + 800b2fe: ea4b 0b0a orr.w fp, fp, sl + 800b302: ea4b 0606 orr.w r6, fp, r6 + 800b306: 401f ands r7, r3 + 800b308: 433e orrs r6, r7 + + /* The DHQC bit is linked with DDTR bit which should be activated */ + if ((hospi->Init.DelayHoldQuarterCycle == HAL_OSPI_DHQC_ENABLE) && + (cmd->InstructionDtrMode == HAL_OSPI_INSTRUCTION_DTR_ENABLE)) + { + MODIFY_REG((*ccr_reg), OCTOSPI_CCR_DDTR, HAL_OSPI_DATA_DTR_ENABLE); + 800b30a: 6016 str r6, [r2, #0] + } + } + + /* Configure the IR register with the instruction value */ + *ir_reg = cmd->Instruction; + 800b30c: 68a2 ldr r2, [r4, #8] + 800b30e: f8ce 2000 str.w r2, [lr] + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_ADMODE | OCTOSPI_CCR_ADDTR | OCTOSPI_CCR_ADSIZE), + (cmd->AddressMode | cmd->AddressDtrMode | cmd->AddressSize)); + } + + /* Configure the AR register with the instruction value */ + hospi->Instance->AR = cmd->Address; + 800b312: 69a2 ldr r2, [r4, #24] + 800b314: 648a str r2, [r1, #72] ; 0x48 + if (status == HAL_OK) + 800b316: e038 b.n 800b38a + ((state == HAL_OSPI_STATE_READ_CMD_CFG) && (cmd->OperationType == HAL_OSPI_OPTYPE_WRITE_CFG)) || + 800b318: 2a24 cmp r2, #36 ; 0x24 + 800b31a: f47f af74 bne.w 800b206 + ((state == HAL_OSPI_STATE_WRITE_CMD_CFG) && (cmd->OperationType == HAL_OSPI_OPTYPE_READ_CFG))) + 800b31e: 6822 ldr r2, [r4, #0] + 800b320: 2a01 cmp r2, #1 + 800b322: e777 b.n 800b214 + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_IMODE | OCTOSPI_CCR_IDTR | OCTOSPI_CCR_ISIZE | + 800b324: 433e orrs r6, r7 + 800b326: f8d2 c000 ldr.w ip, [r2] + 800b32a: ea46 0609 orr.w r6, r6, r9 + 800b32e: ea46 0608 orr.w r6, r6, r8 + 800b332: ea46 060b orr.w r6, r6, fp + 800b336: f42c 5c7c bic.w ip, ip, #16128 ; 0x3f00 + 800b33a: ea46 060a orr.w r6, r6, sl + 800b33e: f02c 0c3f bic.w ip, ip, #63 ; 0x3f + 800b342: ea46 060c orr.w r6, r6, ip + 800b346: 6016 str r6, [r2, #0] + if ((hospi->Init.DelayHoldQuarterCycle == HAL_OSPI_DHQC_ENABLE) && + 800b348: 6aae ldr r6, [r5, #40] ; 0x28 + 800b34a: f1b6 5f80 cmp.w r6, #268435456 ; 0x10000000 + 800b34e: d1dd bne.n 800b30c + 800b350: 6966 ldr r6, [r4, #20] + 800b352: 2e08 cmp r6, #8 + 800b354: d1da bne.n 800b30c + MODIFY_REG((*ccr_reg), OCTOSPI_CCR_DDTR, HAL_OSPI_DATA_DTR_ENABLE); + 800b356: 6816 ldr r6, [r2, #0] + 800b358: f046 6600 orr.w r6, r6, #134217728 ; 0x8000000 + 800b35c: e7d5 b.n 800b30a + if (cmd->DataMode != HAL_OSPI_DATA_NONE) + 800b35e: f1bc 0f00 cmp.w ip, #0 + 800b362: d024 beq.n 800b3ae + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_IMODE | OCTOSPI_CCR_IDTR | OCTOSPI_CCR_ISIZE | + 800b364: ea4c 0106 orr.w r1, ip, r6 + 800b368: 6817 ldr r7, [r2, #0] + 800b36a: 6c26 ldr r6, [r4, #64] ; 0x40 + 800b36c: ea41 0109 orr.w r1, r1, r9 + 800b370: ea41 0108 orr.w r1, r1, r8 + 800b374: f027 6a70 bic.w sl, r7, #251658240 ; 0xf000000 + 800b378: 4331 orrs r1, r6 + 800b37a: f02a 0a3f bic.w sl, sl, #63 ; 0x3f + 800b37e: ea41 010a orr.w r1, r1, sl + MODIFY_REG((*ccr_reg), OCTOSPI_CCR_DDTR, HAL_OSPI_DATA_DTR_ENABLE); + 800b382: 6011 str r1, [r2, #0] + *ir_reg = cmd->Instruction; + 800b384: 68a2 ldr r2, [r4, #8] + 800b386: f8ce 2000 str.w r2, [lr] + if (cmd->DataMode == HAL_OSPI_DATA_NONE) + 800b38a: 6ba2 ldr r2, [r4, #56] ; 0x38 + 800b38c: 2a00 cmp r2, #0 + 800b38e: d149 bne.n 800b424 + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_TC, SET, tickstart, Timeout); + 800b390: 9b02 ldr r3, [sp, #8] + 800b392: 9300 str r3, [sp, #0] + 800b394: 2201 movs r2, #1 + 800b396: ee17 3a90 vmov r3, s15 + 800b39a: 2102 movs r1, #2 + 800b39c: 4628 mov r0, r5 + 800b39e: f7ff fe8f bl 800b0c0 + __HAL_OSPI_CLEAR_FLAG(hospi, HAL_OSPI_FLAG_TC); + 800b3a2: 682b ldr r3, [r5, #0] + 800b3a4: 2202 movs r2, #2 + 800b3a6: 625a str r2, [r3, #36] ; 0x24 +} + 800b3a8: b005 add sp, #20 + 800b3aa: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_IMODE | OCTOSPI_CCR_IDTR | OCTOSPI_CCR_ISIZE), + 800b3ae: 6811 ldr r1, [r2, #0] + 800b3b0: ea46 0609 orr.w r6, r6, r9 + 800b3b4: ea46 0808 orr.w r8, r6, r8 + 800b3b8: f021 063f bic.w r6, r1, #63 ; 0x3f + 800b3bc: ea48 0606 orr.w r6, r8, r6 + 800b3c0: 6016 str r6, [r2, #0] + if ((hospi->Init.DelayHoldQuarterCycle == HAL_OSPI_DHQC_ENABLE) && + 800b3c2: 6aa9 ldr r1, [r5, #40] ; 0x28 + 800b3c4: f1b1 5f80 cmp.w r1, #268435456 ; 0x10000000 + 800b3c8: d1dc bne.n 800b384 + 800b3ca: 6961 ldr r1, [r4, #20] + 800b3cc: 2908 cmp r1, #8 + 800b3ce: d1d9 bne.n 800b384 + MODIFY_REG((*ccr_reg), OCTOSPI_CCR_DDTR, HAL_OSPI_DATA_DTR_ENABLE); + 800b3d0: 6811 ldr r1, [r2, #0] + 800b3d2: f041 6100 orr.w r1, r1, #134217728 ; 0x8000000 + 800b3d6: e7d4 b.n 800b382 + if (cmd->AddressMode != HAL_OSPI_ADDRESS_NONE) + 800b3d8: b307 cbz r7, 800b41c + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_IMODE | OCTOSPI_CCR_IDTR | OCTOSPI_CCR_ISIZE | + 800b3da: e9d4 9808 ldrd r9, r8, [r4, #32] + if (cmd->DataMode != HAL_OSPI_DATA_NONE) + 800b3de: f1bc 0f00 cmp.w ip, #0 + 800b3e2: d011 beq.n 800b408 + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_ADMODE | OCTOSPI_CCR_ADDTR | OCTOSPI_CCR_ADSIZE | + 800b3e4: f8d2 e000 ldr.w lr, [r2] + 800b3e8: 6c23 ldr r3, [r4, #64] ; 0x40 + 800b3ea: ea4c 0607 orr.w r6, ip, r7 + 800b3ee: ea46 0608 orr.w r6, r6, r8 + 800b3f2: ea46 0609 orr.w r6, r6, r9 + 800b3f6: f02e 6e70 bic.w lr, lr, #251658240 ; 0xf000000 + 800b3fa: 431e orrs r6, r3 + 800b3fc: f42e 5e7c bic.w lr, lr, #16128 ; 0x3f00 + 800b400: ea46 060e orr.w r6, r6, lr + MODIFY_REG((*ccr_reg), (OCTOSPI_CCR_ADMODE | OCTOSPI_CCR_ADDTR | OCTOSPI_CCR_ADSIZE), + 800b404: 6016 str r6, [r2, #0] + 800b406: e784 b.n 800b312 + 800b408: f8d2 c000 ldr.w ip, [r2] + 800b40c: ea48 0607 orr.w r6, r8, r7 + 800b410: ea46 0609 orr.w r6, r6, r9 + 800b414: f42c 577c bic.w r7, ip, #16128 ; 0x3f00 + 800b418: 433e orrs r6, r7 + 800b41a: e7f3 b.n 800b404 + } + else + { + /* ---- Invalid command configuration (no instruction, no address) ---- */ + status = HAL_ERROR; + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_PARAM; + 800b41c: 2308 movs r3, #8 + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b41e: 64ab str r3, [r5, #72] ; 0x48 + status = HAL_ERROR; + 800b420: 2001 movs r0, #1 + 800b422: e7c1 b.n 800b3a8 + if (cmd->OperationType == HAL_OSPI_OPTYPE_COMMON_CFG) + 800b424: 6823 ldr r3, [r4, #0] + 800b426: b90b cbnz r3, 800b42c + hospi->State = HAL_OSPI_STATE_CMD_CFG; + 800b428: 2304 movs r3, #4 + 800b42a: e005 b.n 800b438 + else if (cmd->OperationType == HAL_OSPI_OPTYPE_READ_CFG) + 800b42c: 2b01 cmp r3, #1 + if (hospi->State == HAL_OSPI_STATE_WRITE_CMD_CFG) + 800b42e: 6c6b ldr r3, [r5, #68] ; 0x44 + else if (cmd->OperationType == HAL_OSPI_OPTYPE_READ_CFG) + 800b430: d104 bne.n 800b43c + if (hospi->State == HAL_OSPI_STATE_WRITE_CMD_CFG) + 800b432: 2b24 cmp r3, #36 ; 0x24 + 800b434: d0f8 beq.n 800b428 + hospi->State = HAL_OSPI_STATE_READ_CMD_CFG; + 800b436: 2314 movs r3, #20 + hospi->State = HAL_OSPI_STATE_WRITE_CMD_CFG; + 800b438: 646b str r3, [r5, #68] ; 0x44 + 800b43a: e7b5 b.n 800b3a8 + if (hospi->State == HAL_OSPI_STATE_READ_CMD_CFG) + 800b43c: 2b14 cmp r3, #20 + 800b43e: d0f3 beq.n 800b428 + hospi->State = HAL_OSPI_STATE_WRITE_CMD_CFG; + 800b440: 2324 movs r3, #36 ; 0x24 + 800b442: e7f9 b.n 800b438 + 800b444: f0ffc0c0 .word 0xf0ffc0c0 + +0800b448 : +{ + 800b448: b5f0 push {r4, r5, r6, r7, lr} + 800b44a: 4604 mov r4, r0 + 800b44c: b085 sub sp, #20 + 800b44e: 460f mov r7, r1 + 800b450: 4616 mov r6, r2 + uint32_t tickstart = HAL_GetTick(); + 800b452: f7fb ffc9 bl 80073e8 + __IO uint32_t *data_reg = &hospi->Instance->DR; + 800b456: 6825 ldr r5, [r4, #0] + uint32_t tickstart = HAL_GetTick(); + 800b458: 4603 mov r3, r0 + uint32_t addr_reg = hospi->Instance->AR; + 800b45a: 6ca8 ldr r0, [r5, #72] ; 0x48 + uint32_t ir_reg = hospi->Instance->IR; + 800b45c: f8d5 c110 ldr.w ip, [r5, #272] ; 0x110 + if (pData == NULL) + 800b460: b91f cbnz r7, 800b46a + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_PARAM; + 800b462: 2308 movs r3, #8 + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b464: 64a3 str r3, [r4, #72] ; 0x48 + status = HAL_ERROR; + 800b466: 2001 movs r0, #1 + 800b468: e034 b.n 800b4d4 + if (hospi->State == HAL_OSPI_STATE_CMD_CFG) + 800b46a: 6c62 ldr r2, [r4, #68] ; 0x44 + 800b46c: 2a04 cmp r2, #4 + 800b46e: d13b bne.n 800b4e8 + hospi->XferCount = READ_REG(hospi->Instance->DLR) + 1U; + 800b470: 6c2a ldr r2, [r5, #64] ; 0x40 + hospi->pBuffPtr = pData; + 800b472: 6367 str r7, [r4, #52] ; 0x34 + hospi->XferCount = READ_REG(hospi->Instance->DLR) + 1U; + 800b474: 3201 adds r2, #1 + 800b476: 63e2 str r2, [r4, #60] ; 0x3c + hospi->XferSize = hospi->XferCount; + 800b478: 6be2 ldr r2, [r4, #60] ; 0x3c + 800b47a: 63a2 str r2, [r4, #56] ; 0x38 + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FMODE, OSPI_FUNCTIONAL_MODE_INDIRECT_READ); + 800b47c: 6829 ldr r1, [r5, #0] + if (hospi->Init.MemoryType == HAL_OSPI_MEMTYPE_HYPERBUS) + 800b47e: 68e2 ldr r2, [r4, #12] + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FMODE, OSPI_FUNCTIONAL_MODE_INDIRECT_READ); + 800b480: f021 5140 bic.w r1, r1, #805306368 ; 0x30000000 + 800b484: f041 5180 orr.w r1, r1, #268435456 ; 0x10000000 + if (hospi->Init.MemoryType == HAL_OSPI_MEMTYPE_HYPERBUS) + 800b488: f1b2 6f80 cmp.w r2, #67108864 ; 0x4000000 + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FMODE, OSPI_FUNCTIONAL_MODE_INDIRECT_READ); + 800b48c: 6029 str r1, [r5, #0] + if (hospi->Init.MemoryType == HAL_OSPI_MEMTYPE_HYPERBUS) + 800b48e: d123 bne.n 800b4d8 + WRITE_REG(hospi->Instance->AR, addr_reg); + 800b490: 64a8 str r0, [r5, #72] ; 0x48 + status = OSPI_WaitFlagStateUntilTimeout(hospi, (HAL_OSPI_FLAG_FT | HAL_OSPI_FLAG_TC), SET, tickstart, Timeout); + 800b492: 9600 str r6, [sp, #0] + 800b494: 2201 movs r2, #1 + 800b496: 2106 movs r1, #6 + 800b498: 4620 mov r0, r4 + 800b49a: 9303 str r3, [sp, #12] + 800b49c: f7ff fe10 bl 800b0c0 + if (status != HAL_OK) + 800b4a0: b9c0 cbnz r0, 800b4d4 + *hospi->pBuffPtr = *((__IO uint8_t *)data_reg); + 800b4a2: 6b62 ldr r2, [r4, #52] ; 0x34 + 800b4a4: f895 1050 ldrb.w r1, [r5, #80] ; 0x50 + 800b4a8: 7011 strb r1, [r2, #0] + hospi->pBuffPtr++; + 800b4aa: 6b62 ldr r2, [r4, #52] ; 0x34 + } while(hospi->XferCount > 0U); + 800b4ac: 9b03 ldr r3, [sp, #12] + hospi->pBuffPtr++; + 800b4ae: 3201 adds r2, #1 + 800b4b0: 6362 str r2, [r4, #52] ; 0x34 + hospi->XferCount--; + 800b4b2: 6be2 ldr r2, [r4, #60] ; 0x3c + 800b4b4: 3a01 subs r2, #1 + 800b4b6: 63e2 str r2, [r4, #60] ; 0x3c + } while(hospi->XferCount > 0U); + 800b4b8: 6be2 ldr r2, [r4, #60] ; 0x3c + 800b4ba: 2a00 cmp r2, #0 + 800b4bc: d1e9 bne.n 800b492 + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_TC, SET, tickstart, Timeout); + 800b4be: 9600 str r6, [sp, #0] + 800b4c0: 2201 movs r2, #1 + 800b4c2: 2102 movs r1, #2 + 800b4c4: 4620 mov r0, r4 + 800b4c6: f7ff fdfb bl 800b0c0 + if (status == HAL_OK) + 800b4ca: b918 cbnz r0, 800b4d4 + __HAL_OSPI_CLEAR_FLAG(hospi, HAL_OSPI_FLAG_TC); + 800b4cc: 6822 ldr r2, [r4, #0] + 800b4ce: 2302 movs r3, #2 + 800b4d0: 6253 str r3, [r2, #36] ; 0x24 + hospi->State = HAL_OSPI_STATE_READY; + 800b4d2: 6463 str r3, [r4, #68] ; 0x44 +} + 800b4d4: b005 add sp, #20 + 800b4d6: bdf0 pop {r4, r5, r6, r7, pc} + if (READ_BIT(hospi->Instance->CCR, OCTOSPI_CCR_ADMODE) != HAL_OSPI_ADDRESS_NONE) + 800b4d8: f8d5 2100 ldr.w r2, [r5, #256] ; 0x100 + 800b4dc: f412 6fe0 tst.w r2, #1792 ; 0x700 + 800b4e0: d1d6 bne.n 800b490 + WRITE_REG(hospi->Instance->IR, ir_reg); + 800b4e2: f8c5 c110 str.w ip, [r5, #272] ; 0x110 + 800b4e6: e7d4 b.n 800b492 + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b4e8: 2310 movs r3, #16 + 800b4ea: e7bb b.n 800b464 + +0800b4ec : +{ + 800b4ec: e92d 41ff stmdb sp!, {r0, r1, r2, r3, r4, r5, r6, r7, r8, lr} + 800b4f0: 4604 mov r4, r0 + 800b4f2: 4616 mov r6, r2 + 800b4f4: 460d mov r5, r1 + uint32_t tickstart = HAL_GetTick(); + 800b4f6: f7fb ff77 bl 80073e8 + uint32_t addr_reg = hospi->Instance->AR; + 800b4fa: 6822 ldr r2, [r4, #0] + 800b4fc: 6c97 ldr r7, [r2, #72] ; 0x48 + uint32_t ir_reg = hospi->Instance->IR; + 800b4fe: f8d2 8110 ldr.w r8, [r2, #272] ; 0x110 + if ((hospi->State == HAL_OSPI_STATE_CMD_CFG) && (cfg->AutomaticStop == HAL_OSPI_AUTOMATIC_STOP_ENABLE)) + 800b502: 6c62 ldr r2, [r4, #68] ; 0x44 + 800b504: 2a04 cmp r2, #4 + uint32_t tickstart = HAL_GetTick(); + 800b506: 4603 mov r3, r0 + if ((hospi->State == HAL_OSPI_STATE_CMD_CFG) && (cfg->AutomaticStop == HAL_OSPI_AUTOMATIC_STOP_ENABLE)) + 800b508: d13c bne.n 800b584 + 800b50a: 68ea ldr r2, [r5, #12] + 800b50c: f5b2 0f80 cmp.w r2, #4194304 ; 0x400000 + 800b510: d138 bne.n 800b584 + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_BUSY, RESET, tickstart, Timeout); + 800b512: 9003 str r0, [sp, #12] + 800b514: 9600 str r6, [sp, #0] + 800b516: 2200 movs r2, #0 + 800b518: 2120 movs r1, #32 + 800b51a: 4620 mov r0, r4 + 800b51c: f7ff fdd0 bl 800b0c0 + if (status == HAL_OK) + 800b520: bb28 cbnz r0, 800b56e + WRITE_REG (hospi->Instance->PSMAR, cfg->Match); + 800b522: 6822 ldr r2, [r4, #0] + 800b524: 6829 ldr r1, [r5, #0] + 800b526: f8c2 1088 str.w r1, [r2, #136] ; 0x88 + WRITE_REG (hospi->Instance->PSMKR, cfg->Mask); + 800b52a: 6869 ldr r1, [r5, #4] + 800b52c: f8c2 1080 str.w r1, [r2, #128] ; 0x80 + WRITE_REG (hospi->Instance->PIR, cfg->Interval); + 800b530: 6929 ldr r1, [r5, #16] + 800b532: f8c2 1090 str.w r1, [r2, #144] ; 0x90 + MODIFY_REG(hospi->Instance->CR, (OCTOSPI_CR_PMM | OCTOSPI_CR_APMS | OCTOSPI_CR_FMODE), + 800b536: e9d5 1502 ldrd r1, r5, [r5, #8] + 800b53a: 6810 ldr r0, [r2, #0] + if (hospi->Init.MemoryType == HAL_OSPI_MEMTYPE_HYPERBUS) + 800b53c: 9b03 ldr r3, [sp, #12] + MODIFY_REG(hospi->Instance->CR, (OCTOSPI_CR_PMM | OCTOSPI_CR_APMS | OCTOSPI_CR_FMODE), + 800b53e: 4329 orrs r1, r5 + 800b540: f020 5043 bic.w r0, r0, #817889280 ; 0x30c00000 + 800b544: 4301 orrs r1, r0 + 800b546: f041 5100 orr.w r1, r1, #536870912 ; 0x20000000 + 800b54a: 6011 str r1, [r2, #0] + if (hospi->Init.MemoryType == HAL_OSPI_MEMTYPE_HYPERBUS) + 800b54c: 68e1 ldr r1, [r4, #12] + 800b54e: f1b1 6f80 cmp.w r1, #67108864 ; 0x4000000 + 800b552: d10f bne.n 800b574 + WRITE_REG(hospi->Instance->AR, addr_reg); + 800b554: 6497 str r7, [r2, #72] ; 0x48 + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_SM, SET, tickstart, Timeout); + 800b556: 9600 str r6, [sp, #0] + 800b558: 2201 movs r2, #1 + 800b55a: 2108 movs r1, #8 + 800b55c: 4620 mov r0, r4 + 800b55e: f7ff fdaf bl 800b0c0 + if (status == HAL_OK) + 800b562: b920 cbnz r0, 800b56e + __HAL_OSPI_CLEAR_FLAG(hospi, HAL_OSPI_FLAG_SM); + 800b564: 6823 ldr r3, [r4, #0] + 800b566: 2208 movs r2, #8 + 800b568: 625a str r2, [r3, #36] ; 0x24 + hospi->State = HAL_OSPI_STATE_READY; + 800b56a: 2302 movs r3, #2 + 800b56c: 6463 str r3, [r4, #68] ; 0x44 +} + 800b56e: b004 add sp, #16 + 800b570: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + if (READ_BIT(hospi->Instance->CCR, OCTOSPI_CCR_ADMODE) != HAL_OSPI_ADDRESS_NONE) + 800b574: f8d2 1100 ldr.w r1, [r2, #256] ; 0x100 + 800b578: f411 6fe0 tst.w r1, #1792 ; 0x700 + 800b57c: d1ea bne.n 800b554 + WRITE_REG(hospi->Instance->IR, ir_reg); + 800b57e: f8c2 8110 str.w r8, [r2, #272] ; 0x110 + 800b582: e7e8 b.n 800b556 + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b584: 2310 movs r3, #16 + 800b586: 64a3 str r3, [r4, #72] ; 0x48 + status = HAL_ERROR; + 800b588: 2001 movs r0, #1 + 800b58a: e7f0 b.n 800b56e + +0800b58c : +{ + 800b58c: b5f7 push {r0, r1, r2, r4, r5, r6, r7, lr} + 800b58e: 4604 mov r4, r0 + 800b590: 460f mov r7, r1 + uint32_t tickstart = HAL_GetTick(); + 800b592: f7fb ff29 bl 80073e8 + uint32_t addr_reg = hospi->Instance->AR; + 800b596: 6822 ldr r2, [r4, #0] + 800b598: 6c95 ldr r5, [r2, #72] ; 0x48 + uint32_t ir_reg = hospi->Instance->IR; + 800b59a: f8d2 6110 ldr.w r6, [r2, #272] ; 0x110 + if (hospi->State == HAL_OSPI_STATE_CMD_CFG) + 800b59e: 6c62 ldr r2, [r4, #68] ; 0x44 + 800b5a0: 2a04 cmp r2, #4 + uint32_t tickstart = HAL_GetTick(); + 800b5a2: 4603 mov r3, r0 + if (hospi->State == HAL_OSPI_STATE_CMD_CFG) + 800b5a4: d132 bne.n 800b60c + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_BUSY, RESET, tickstart, hospi->Timeout); + 800b5a6: 6ce2 ldr r2, [r4, #76] ; 0x4c + 800b5a8: 9200 str r2, [sp, #0] + 800b5aa: 2120 movs r1, #32 + 800b5ac: 2200 movs r2, #0 + 800b5ae: 4620 mov r0, r4 + 800b5b0: f7ff fd86 bl 800b0c0 + if (status == HAL_OK) + 800b5b4: bb00 cbnz r0, 800b5f8 + WRITE_REG (hospi->Instance->PSMAR, cfg->Match); + 800b5b6: 6823 ldr r3, [r4, #0] + 800b5b8: 683a ldr r2, [r7, #0] + 800b5ba: f8c3 2088 str.w r2, [r3, #136] ; 0x88 + WRITE_REG (hospi->Instance->PSMKR, cfg->Mask); + 800b5be: 687a ldr r2, [r7, #4] + 800b5c0: f8c3 2080 str.w r2, [r3, #128] ; 0x80 + WRITE_REG (hospi->Instance->PIR, cfg->Interval); + 800b5c4: 693a ldr r2, [r7, #16] + 800b5c6: f8c3 2090 str.w r2, [r3, #144] ; 0x90 + MODIFY_REG(hospi->Instance->CR, (OCTOSPI_CR_PMM | OCTOSPI_CR_APMS | OCTOSPI_CR_FMODE), + 800b5ca: e9d7 2702 ldrd r2, r7, [r7, #8] + 800b5ce: 6819 ldr r1, [r3, #0] + 800b5d0: 433a orrs r2, r7 + 800b5d2: f021 5143 bic.w r1, r1, #817889280 ; 0x30c00000 + 800b5d6: 430a orrs r2, r1 + 800b5d8: f042 5200 orr.w r2, r2, #536870912 ; 0x20000000 + 800b5dc: 601a str r2, [r3, #0] + __HAL_OSPI_CLEAR_FLAG(hospi, HAL_OSPI_FLAG_TE | HAL_OSPI_FLAG_SM); + 800b5de: 2209 movs r2, #9 + 800b5e0: 625a str r2, [r3, #36] ; 0x24 + hospi->State = HAL_OSPI_STATE_BUSY_AUTO_POLLING; + 800b5e2: 2248 movs r2, #72 ; 0x48 + 800b5e4: 6462 str r2, [r4, #68] ; 0x44 + __HAL_OSPI_ENABLE_IT(hospi, HAL_OSPI_IT_SM | HAL_OSPI_IT_TE); + 800b5e6: 681a ldr r2, [r3, #0] + 800b5e8: f442 2210 orr.w r2, r2, #589824 ; 0x90000 + 800b5ec: 601a str r2, [r3, #0] + if (hospi->Init.MemoryType == HAL_OSPI_MEMTYPE_HYPERBUS) + 800b5ee: 68e2 ldr r2, [r4, #12] + 800b5f0: f1b2 6f80 cmp.w r2, #67108864 ; 0x4000000 + 800b5f4: d102 bne.n 800b5fc + WRITE_REG(hospi->Instance->AR, addr_reg); + 800b5f6: 649d str r5, [r3, #72] ; 0x48 +} + 800b5f8: b003 add sp, #12 + 800b5fa: bdf0 pop {r4, r5, r6, r7, pc} + if (READ_BIT(hospi->Instance->CCR, OCTOSPI_CCR_ADMODE) != HAL_OSPI_ADDRESS_NONE) + 800b5fc: f8d3 2100 ldr.w r2, [r3, #256] ; 0x100 + 800b600: f412 6fe0 tst.w r2, #1792 ; 0x700 + 800b604: d1f7 bne.n 800b5f6 + WRITE_REG(hospi->Instance->IR, ir_reg); + 800b606: f8c3 6110 str.w r6, [r3, #272] ; 0x110 + 800b60a: e7f5 b.n 800b5f8 + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b60c: 2310 movs r3, #16 + 800b60e: 64a3 str r3, [r4, #72] ; 0x48 + status = HAL_ERROR; + 800b610: 2001 movs r0, #1 + 800b612: e7f1 b.n 800b5f8 + +0800b614 : +{ + 800b614: b573 push {r0, r1, r4, r5, r6, lr} + 800b616: 4604 mov r4, r0 + 800b618: 460d mov r5, r1 + uint32_t tickstart = HAL_GetTick(); + 800b61a: f7fb fee5 bl 80073e8 + if (hospi->State == HAL_OSPI_STATE_CMD_CFG) + 800b61e: 6c62 ldr r2, [r4, #68] ; 0x44 + 800b620: 2a04 cmp r2, #4 + uint32_t tickstart = HAL_GetTick(); + 800b622: 4603 mov r3, r0 + if (hospi->State == HAL_OSPI_STATE_CMD_CFG) + 800b624: d121 bne.n 800b66a + status = OSPI_WaitFlagStateUntilTimeout(hospi, HAL_OSPI_FLAG_BUSY, RESET, tickstart, hospi->Timeout); + 800b626: 6ce2 ldr r2, [r4, #76] ; 0x4c + 800b628: 9200 str r2, [sp, #0] + 800b62a: 2120 movs r1, #32 + 800b62c: 2200 movs r2, #0 + 800b62e: 4620 mov r0, r4 + 800b630: f7ff fd46 bl 800b0c0 + if (status == HAL_OK) + 800b634: b9b8 cbnz r0, 800b666 + if (cfg->TimeOutActivation == HAL_OSPI_TIMEOUT_COUNTER_ENABLE) + 800b636: 682e ldr r6, [r5, #0] + WRITE_REG(hospi->Instance->LPTR, cfg->TimeOutPeriod); + 800b638: 6822 ldr r2, [r4, #0] + hospi->State = HAL_OSPI_STATE_BUSY_MEM_MAPPED; + 800b63a: 2388 movs r3, #136 ; 0x88 + if (cfg->TimeOutActivation == HAL_OSPI_TIMEOUT_COUNTER_ENABLE) + 800b63c: 2e08 cmp r6, #8 + hospi->State = HAL_OSPI_STATE_BUSY_MEM_MAPPED; + 800b63e: 6463 str r3, [r4, #68] ; 0x44 + if (cfg->TimeOutActivation == HAL_OSPI_TIMEOUT_COUNTER_ENABLE) + 800b640: d108 bne.n 800b654 + WRITE_REG(hospi->Instance->LPTR, cfg->TimeOutPeriod); + 800b642: 686b ldr r3, [r5, #4] + 800b644: f8c2 3130 str.w r3, [r2, #304] ; 0x130 + __HAL_OSPI_CLEAR_FLAG(hospi, HAL_OSPI_FLAG_TO); + 800b648: 2310 movs r3, #16 + 800b64a: 6253 str r3, [r2, #36] ; 0x24 + __HAL_OSPI_ENABLE_IT(hospi, HAL_OSPI_IT_TO); + 800b64c: 6811 ldr r1, [r2, #0] + 800b64e: f441 1180 orr.w r1, r1, #1048576 ; 0x100000 + 800b652: 6011 str r1, [r2, #0] + MODIFY_REG(hospi->Instance->CR, (OCTOSPI_CR_TCEN | OCTOSPI_CR_FMODE), + 800b654: 6813 ldr r3, [r2, #0] + 800b656: f023 5340 bic.w r3, r3, #805306368 ; 0x30000000 + 800b65a: f023 0308 bic.w r3, r3, #8 + 800b65e: 4333 orrs r3, r6 + 800b660: f043 5340 orr.w r3, r3, #805306368 ; 0x30000000 + 800b664: 6013 str r3, [r2, #0] +} + 800b666: b002 add sp, #8 + 800b668: bd70 pop {r4, r5, r6, pc} + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b66a: 2310 movs r3, #16 + 800b66c: 64a3 str r3, [r4, #72] ; 0x48 + status = HAL_ERROR; + 800b66e: 2001 movs r0, #1 + 800b670: e7f9 b.n 800b666 + +0800b672 : + if ((hospi->State & OSPI_BUSY_STATE_MASK) == 0U) + 800b672: 6c43 ldr r3, [r0, #68] ; 0x44 + 800b674: f013 0308 ands.w r3, r3, #8 + 800b678: d10a bne.n 800b690 + hospi->Init.FifoThreshold = Threshold; + 800b67a: 6041 str r1, [r0, #4] + MODIFY_REG(hospi->Instance->CR, OCTOSPI_CR_FTHRES, ((hospi->Init.FifoThreshold-1U) << OCTOSPI_CR_FTHRES_Pos)); + 800b67c: 6800 ldr r0, [r0, #0] + 800b67e: 6802 ldr r2, [r0, #0] + 800b680: 3901 subs r1, #1 + 800b682: f422 52f8 bic.w r2, r2, #7936 ; 0x1f00 + 800b686: ea42 2101 orr.w r1, r2, r1, lsl #8 + 800b68a: 6001 str r1, [r0, #0] + HAL_StatusTypeDef status = HAL_OK; + 800b68c: 4618 mov r0, r3 + 800b68e: 4770 bx lr + hospi->ErrorCode = HAL_OSPI_ERROR_INVALID_SEQUENCE; + 800b690: 2310 movs r3, #16 + 800b692: 6483 str r3, [r0, #72] ; 0x48 + status = HAL_ERROR; + 800b694: 2001 movs r0, #1 +} + 800b696: 4770 bx lr + +0800b698 : + return ((READ_BIT(hospi->Instance->CR, OCTOSPI_CR_FTHRES) >> OCTOSPI_CR_FTHRES_Pos) + 1U); + 800b698: 6803 ldr r3, [r0, #0] + 800b69a: 6818 ldr r0, [r3, #0] + 800b69c: f3c0 2004 ubfx r0, r0, #8, #5 +} + 800b6a0: 3001 adds r0, #1 + 800b6a2: 4770 bx lr + +0800b6a4 : + hospi->Timeout = Timeout; + 800b6a4: 64c1 str r1, [r0, #76] ; 0x4c +} + 800b6a6: 2000 movs r0, #0 + 800b6a8: 4770 bx lr + +0800b6aa : + return hospi->ErrorCode; + 800b6aa: 6c80 ldr r0, [r0, #72] ; 0x48 +} + 800b6ac: 4770 bx lr + +0800b6ae : + return hospi->State; + 800b6ae: 6c40 ldr r0, [r0, #68] ; 0x44 +} + 800b6b0: 4770 bx lr + ... + +0800b6b4 : +{ + 800b6b4: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + if (hospi->Instance == OCTOSPI1) + 800b6b8: 6802 ldr r2, [r0, #0] + other_instance = 0U; + 800b6ba: 4bbf ldr r3, [pc, #764] ; (800b9b8 ) + * @retval HAL status + */ +static HAL_StatusTypeDef OSPIM_GetConfig(uint8_t instance_nb, OSPIM_CfgTypeDef *cfg) +{ + HAL_StatusTypeDef status = HAL_OK; + uint32_t reg, value = 0U; + 800b6bc: f8df 8304 ldr.w r8, [pc, #772] ; 800b9c4 + other_instance = 0U; + 800b6c0: 429a cmp r2, r3 +{ + 800b6c2: b08b sub sp, #44 ; 0x2c + } + + /* Get the information about the instance */ + for (index = 0U; index < OSPI_IOM_NB_PORTS; index ++) + { + reg = OCTOSPIM->PCR[index]; + 800b6c4: 4bbd ldr r3, [pc, #756] ; (800b9bc ) + other_instance = 0U; + 800b6c6: bf0b itete eq + 800b6c8: f04f 0a01 moveq.w sl, #1 + 800b6cc: f04f 0a00 movne.w sl, #0 + 800b6d0: 2000 moveq r0, #0 + 800b6d2: 2001 movne r0, #1 + for (index = 0U; index < OSPI_NB_INSTANCE; index++) + 800b6d4: 466a mov r2, sp + instance = 1U; + 800b6d6: 2501 movs r5, #1 + cfg->ClkPort = 0U; + 800b6d8: 2700 movs r7, #0 + cfg->DQSPort = 0U; + 800b6da: e9c2 7700 strd r7, r7, [r2] + cfg->IOLowPort = 0U; + 800b6de: e9c2 7702 strd r7, r7, [r2, #8] + uint32_t reg, value = 0U; + 800b6e2: 2d02 cmp r5, #2 + 800b6e4: bf0c ite eq + 800b6e6: 46c4 moveq ip, r8 + 800b6e8: f04f 0c00 movne.w ip, #0 + cfg->IOHighPort = 0U; + 800b6ec: 6117 str r7, [r2, #16] + for (index = 0U; index < OSPI_IOM_NB_PORTS; index ++) + 800b6ee: f04f 0e00 mov.w lr, #0 + reg = OCTOSPIM->PCR[index]; + 800b6f2: eb03 048e add.w r4, r3, lr, lsl #2 + { + /* The clock is enabled on this port */ + if ((reg & OCTOSPIM_PCR_CLKSRC) == (value & OCTOSPIM_PCR_CLKSRC)) + { + /* The clock correspond to the instance passed as parameter */ + cfg->ClkPort = index+1U; + 800b6f6: f10e 0601 add.w r6, lr, #1 + reg = OCTOSPIM->PCR[index]; + 800b6fa: 6864 ldr r4, [r4, #4] + if ((reg & OCTOSPIM_PCR_CLKEN) != 0U) + 800b6fc: f014 0f01 tst.w r4, #1 + 800b700: d005 beq.n 800b70e + if ((reg & OCTOSPIM_PCR_CLKSRC) == (value & OCTOSPIM_PCR_CLKSRC)) + 800b702: ea84 0e0c eor.w lr, r4, ip + 800b706: f01e 0f02 tst.w lr, #2 + cfg->ClkPort = index+1U; + 800b70a: bf08 it eq + 800b70c: 6016 streq r6, [r2, #0] + } + } + + if ((reg & OCTOSPIM_PCR_DQSEN) != 0U) + 800b70e: f014 0f10 tst.w r4, #16 + 800b712: d005 beq.n 800b720 + { + /* The DQS is enabled on this port */ + if ((reg & OCTOSPIM_PCR_DQSSRC) == (value & OCTOSPIM_PCR_DQSSRC)) + 800b714: ea84 0e0c eor.w lr, r4, ip + 800b718: f01e 0f20 tst.w lr, #32 + { + /* The DQS correspond to the instance passed as parameter */ + cfg->DQSPort = index+1U; + 800b71c: bf08 it eq + 800b71e: 6056 streq r6, [r2, #4] + } + } + + if ((reg & OCTOSPIM_PCR_NCSEN) != 0U) + 800b720: f414 7f80 tst.w r4, #256 ; 0x100 + 800b724: d005 beq.n 800b732 + { + /* The nCS is enabled on this port */ + if ((reg & OCTOSPIM_PCR_NCSSRC) == (value & OCTOSPIM_PCR_NCSSRC)) + 800b726: ea84 0e0c eor.w lr, r4, ip + 800b72a: f41e 7f00 tst.w lr, #512 ; 0x200 + { + /* The nCS correspond to the instance passed as parameter */ + cfg->NCSPort = index+1U; + 800b72e: bf08 it eq + 800b730: 6096 streq r6, [r2, #8] + } + } + + if ((reg & OCTOSPIM_PCR_IOLEN) != 0U) + 800b732: f414 3f80 tst.w r4, #65536 ; 0x10000 + 800b736: d00d beq.n 800b754 + { + /* The IO Low is enabled on this port */ + if ((reg & OCTOSPIM_PCR_IOLSRC_1) == (value & OCTOSPIM_PCR_IOLSRC_1)) + 800b738: ea84 0e0c eor.w lr, r4, ip + 800b73c: f41e 2f80 tst.w lr, #262144 ; 0x40000 + 800b740: d108 bne.n 800b754 + { + /* The IO Low correspond to the instance passed as parameter */ + if ((reg & OCTOSPIM_PCR_IOLSRC_0) == 0U) + 800b742: f414 3f00 tst.w r4, #131072 ; 0x20000 + { + cfg->IOLowPort = (OCTOSPIM_PCR_IOLEN | (index+1U)); + 800b746: bf0c ite eq + 800b748: f446 3e80 orreq.w lr, r6, #65536 ; 0x10000 + } + else + { + cfg->IOLowPort = (OCTOSPIM_PCR_IOHEN | (index+1U)); + 800b74c: f046 7e80 orrne.w lr, r6, #16777216 ; 0x1000000 + 800b750: f8c2 e00c str.w lr, [r2, #12] + } + } + } + + if ((reg & OCTOSPIM_PCR_IOHEN) != 0U) + 800b754: f014 7f80 tst.w r4, #16777216 ; 0x1000000 + 800b758: d00b beq.n 800b772 + { + /* The IO High is enabled on this port */ + if ((reg & OCTOSPIM_PCR_IOHSRC_1) == (value & OCTOSPIM_PCR_IOHSRC_1)) + 800b75a: ea84 0e0c eor.w lr, r4, ip + 800b75e: f01e 6f80 tst.w lr, #67108864 ; 0x4000000 + 800b762: d106 bne.n 800b772 + { + /* The IO High correspond to the instance passed as parameter */ + if ((reg & OCTOSPIM_PCR_IOHSRC_0) == 0U) + 800b764: 01a4 lsls r4, r4, #6 + { + cfg->IOHighPort = (OCTOSPIM_PCR_IOLEN | (index+1U)); + 800b766: bf54 ite pl + 800b768: f446 3480 orrpl.w r4, r6, #65536 ; 0x10000 + } + else + { + cfg->IOHighPort = (OCTOSPIM_PCR_IOHEN | (index+1U)); + 800b76c: f046 7480 orrmi.w r4, r6, #16777216 ; 0x1000000 + 800b770: 6114 str r4, [r2, #16] + for (index = 0U; index < OSPI_IOM_NB_PORTS; index ++) + 800b772: 2e02 cmp r6, #2 + 800b774: f04f 0e01 mov.w lr, #1 + 800b778: d1bb bne.n 800b6f2 + for (index = 0U; index < OSPI_NB_INSTANCE; index++) + 800b77a: 2d02 cmp r5, #2 + 800b77c: f102 0214 add.w r2, r2, #20 + 800b780: f040 8117 bne.w 800b9b2 + if ((OCTOSPI1->CR & OCTOSPI_CR_EN) != 0U) + 800b784: 4c8c ldr r4, [pc, #560] ; (800b9b8 ) + 800b786: 6825 ldr r5, [r4, #0] + 800b788: ea15 050e ands.w r5, r5, lr + CLEAR_BIT(OCTOSPI1->CR, OCTOSPI_CR_EN); + 800b78c: bf1e ittt ne + 800b78e: 6822 ldrne r2, [r4, #0] + 800b790: f022 0201 bicne.w r2, r2, #1 + 800b794: 6022 strne r2, [r4, #0] + if ((OCTOSPI2->CR & OCTOSPI_CR_EN) != 0U) + 800b796: 4a8a ldr r2, [pc, #552] ; (800b9c0 ) + 800b798: 6814 ldr r4, [r2, #0] + ospi_enabled |= 0x1U; + 800b79a: bf18 it ne + 800b79c: 4675 movne r5, lr + if ((OCTOSPI2->CR & OCTOSPI_CR_EN) != 0U) + 800b79e: 07e6 lsls r6, r4, #31 + CLEAR_BIT(OCTOSPI2->CR, OCTOSPI_CR_EN); + 800b7a0: bf42 ittt mi + 800b7a2: 6814 ldrmi r4, [r2, #0] + 800b7a4: f024 0401 bicmi.w r4, r4, #1 + 800b7a8: 6014 strmi r4, [r2, #0] + CLEAR_BIT(OCTOSPIM->PCR[(IOM_cfg[instance].NCSPort-1U)], OCTOSPIM_PCR_NCSEN); + 800b7aa: aa0a add r2, sp, #40 ; 0x28 + 800b7ac: f04f 0414 mov.w r4, #20 + 800b7b0: fb04 2400 mla r4, r4, r0, r2 + ospi_enabled |= 0x2U; + 800b7b4: bf48 it mi + 800b7b6: f045 0b02 orrmi.w fp, r5, #2 + CLEAR_BIT(OCTOSPIM->PCR[(IOM_cfg[instance].NCSPort-1U)], OCTOSPIM_PCR_NCSEN); + 800b7ba: f854 2c20 ldr.w r2, [r4, #-32] + 800b7be: f102 32ff add.w r2, r2, #4294967295 ; 0xffffffff + 800b7c2: eb03 0282 add.w r2, r3, r2, lsl #2 + 800b7c6: bf58 it pl + 800b7c8: 46ab movpl fp, r5 + 800b7ca: 6856 ldr r6, [r2, #4] + 800b7cc: f426 7680 bic.w r6, r6, #256 ; 0x100 + 800b7d0: 6056 str r6, [r2, #4] + if (IOM_cfg[instance].ClkPort != 0U) + 800b7d2: f854 2c28 ldr.w r2, [r4, #-40] + 800b7d6: b382 cbz r2, 800b83a + CLEAR_BIT(OCTOSPIM->PCR[(IOM_cfg[instance].ClkPort-1U)], OCTOSPIM_PCR_CLKEN); + 800b7d8: 3a01 subs r2, #1 + 800b7da: eb03 0282 add.w r2, r3, r2, lsl #2 + 800b7de: 6856 ldr r6, [r2, #4] + 800b7e0: f026 0601 bic.w r6, r6, #1 + 800b7e4: 6056 str r6, [r2, #4] + if (IOM_cfg[instance].DQSPort != 0U) + 800b7e6: f854 2c24 ldr.w r2, [r4, #-36] + 800b7ea: b132 cbz r2, 800b7fa + CLEAR_BIT(OCTOSPIM->PCR[(IOM_cfg[instance].DQSPort-1U)], OCTOSPIM_PCR_DQSEN); + 800b7ec: 3a01 subs r2, #1 + 800b7ee: eb03 0282 add.w r2, r3, r2, lsl #2 + 800b7f2: 6854 ldr r4, [r2, #4] + 800b7f4: f024 0410 bic.w r4, r4, #16 + 800b7f8: 6054 str r4, [r2, #4] + if (IOM_cfg[instance].IOLowPort != HAL_OSPIM_IOPORT_NONE) + 800b7fa: 2214 movs r2, #20 + 800b7fc: ac0a add r4, sp, #40 ; 0x28 + 800b7fe: fb02 4200 mla r2, r2, r0, r4 + 800b802: f852 2c1c ldr.w r2, [r2, #-28] + 800b806: b142 cbz r2, 800b81a + CLEAR_BIT(OCTOSPIM->PCR[((IOM_cfg[instance].IOLowPort-1U)& OSPI_IOM_PORT_MASK)], OCTOSPIM_PCR_IOLEN); + 800b808: 3a01 subs r2, #1 + 800b80a: f002 0201 and.w r2, r2, #1 + 800b80e: eb03 0282 add.w r2, r3, r2, lsl #2 + 800b812: 6854 ldr r4, [r2, #4] + 800b814: f424 3480 bic.w r4, r4, #65536 ; 0x10000 + 800b818: 6054 str r4, [r2, #4] + if (IOM_cfg[instance].IOHighPort != HAL_OSPIM_IOPORT_NONE) + 800b81a: 2214 movs r2, #20 + 800b81c: ac0a add r4, sp, #40 ; 0x28 + 800b81e: fb02 4200 mla r2, r2, r0, r4 + 800b822: f852 2c18 ldr.w r2, [r2, #-24] + 800b826: b142 cbz r2, 800b83a + CLEAR_BIT(OCTOSPIM->PCR[((IOM_cfg[instance].IOHighPort-1U)& OSPI_IOM_PORT_MASK)], OCTOSPIM_PCR_IOHEN); + 800b828: 3a01 subs r2, #1 + 800b82a: f002 0201 and.w r2, r2, #1 + 800b82e: eb03 0282 add.w r2, r3, r2, lsl #2 + 800b832: 6854 ldr r4, [r2, #4] + 800b834: f024 7480 bic.w r4, r4, #16777216 ; 0x1000000 + 800b838: 6054 str r4, [r2, #4] + if ((cfg->ClkPort == IOM_cfg[other_instance].ClkPort) || (cfg->DQSPort == IOM_cfg[other_instance].DQSPort) || + 800b83a: aa0a add r2, sp, #40 ; 0x28 + 800b83c: f04f 0914 mov.w r9, #20 + 800b840: fb09 290a mla r9, r9, sl, r2 + 800b844: f8d1 c000 ldr.w ip, [r1] + 800b848: f859 8c28 ldr.w r8, [r9, #-40] + (cfg->IOHighPort == IOM_cfg[other_instance].IOHighPort)) + 800b84c: f859 4c18 ldr.w r4, [r9, #-24] + if ((cfg->ClkPort == IOM_cfg[other_instance].ClkPort) || (cfg->DQSPort == IOM_cfg[other_instance].DQSPort) || + 800b850: 45c4 cmp ip, r8 + (cfg->NCSPort == IOM_cfg[other_instance].NCSPort) || (cfg->IOLowPort == IOM_cfg[other_instance].IOLowPort) || + 800b852: e9d1 6e01 ldrd r6, lr, [r1, #4] + (cfg->IOHighPort == IOM_cfg[other_instance].IOHighPort)) + 800b856: e9d1 2103 ldrd r2, r1, [r1, #12] + if ((cfg->ClkPort == IOM_cfg[other_instance].ClkPort) || (cfg->DQSPort == IOM_cfg[other_instance].DQSPort) || + 800b85a: d00d beq.n 800b878 + 800b85c: f859 7c24 ldr.w r7, [r9, #-36] + 800b860: 42b7 cmp r7, r6 + 800b862: d009 beq.n 800b878 + 800b864: f859 7c20 ldr.w r7, [r9, #-32] + 800b868: 45be cmp lr, r7 + 800b86a: d005 beq.n 800b878 + (cfg->NCSPort == IOM_cfg[other_instance].NCSPort) || (cfg->IOLowPort == IOM_cfg[other_instance].IOLowPort) || + 800b86c: f859 7c1c ldr.w r7, [r9, #-28] + 800b870: 4297 cmp r7, r2 + 800b872: d001 beq.n 800b878 + 800b874: 428c cmp r4, r1 + 800b876: d142 bne.n 800b8fe + CLEAR_BIT(OCTOSPIM->PCR[(IOM_cfg[other_instance].ClkPort-1U)], OCTOSPIM_PCR_CLKEN); + 800b878: f108 38ff add.w r8, r8, #4294967295 ; 0xffffffff + 800b87c: eb03 0888 add.w r8, r3, r8, lsl #2 + 800b880: f8d8 7004 ldr.w r7, [r8, #4] + 800b884: f027 0701 bic.w r7, r7, #1 + 800b888: f8c8 7004 str.w r7, [r8, #4] + if (IOM_cfg[other_instance].DQSPort != 0U) + 800b88c: 2714 movs r7, #20 + 800b88e: f10d 0828 add.w r8, sp, #40 ; 0x28 + 800b892: fb07 870a mla r7, r7, sl, r8 + 800b896: f857 7c24 ldr.w r7, [r7, #-36] + 800b89a: b147 cbz r7, 800b8ae + CLEAR_BIT(OCTOSPIM->PCR[(IOM_cfg[other_instance].DQSPort-1U)], OCTOSPIM_PCR_DQSEN); + 800b89c: 3f01 subs r7, #1 + 800b89e: eb03 0787 add.w r7, r3, r7, lsl #2 + 800b8a2: f8d7 8004 ldr.w r8, [r7, #4] + 800b8a6: f028 0810 bic.w r8, r8, #16 + 800b8aa: f8c7 8004 str.w r8, [r7, #4] + CLEAR_BIT(OCTOSPIM->PCR[(IOM_cfg[other_instance].NCSPort-1U)], OCTOSPIM_PCR_NCSEN); + 800b8ae: 2714 movs r7, #20 + 800b8b0: f10d 0828 add.w r8, sp, #40 ; 0x28 + 800b8b4: fb07 8a0a mla sl, r7, sl, r8 + 800b8b8: f85a 7c20 ldr.w r7, [sl, #-32] + 800b8bc: 3f01 subs r7, #1 + 800b8be: eb03 0787 add.w r7, r3, r7, lsl #2 + 800b8c2: f8d7 8004 ldr.w r8, [r7, #4] + 800b8c6: f428 7880 bic.w r8, r8, #256 ; 0x100 + 800b8ca: f8c7 8004 str.w r8, [r7, #4] + if (IOM_cfg[other_instance].IOLowPort != HAL_OSPIM_IOPORT_NONE) + 800b8ce: f85a 7c1c ldr.w r7, [sl, #-28] + 800b8d2: b157 cbz r7, 800b8ea + CLEAR_BIT(OCTOSPIM->PCR[((IOM_cfg[other_instance].IOLowPort-1U)& OSPI_IOM_PORT_MASK)], OCTOSPIM_PCR_IOLEN); + 800b8d4: 3f01 subs r7, #1 + 800b8d6: f007 0701 and.w r7, r7, #1 + 800b8da: eb03 0787 add.w r7, r3, r7, lsl #2 + 800b8de: f8d7 8004 ldr.w r8, [r7, #4] + 800b8e2: f428 3880 bic.w r8, r8, #65536 ; 0x10000 + 800b8e6: f8c7 8004 str.w r8, [r7, #4] + if (IOM_cfg[other_instance].IOHighPort != HAL_OSPIM_IOPORT_NONE) + 800b8ea: b144 cbz r4, 800b8fe + CLEAR_BIT(OCTOSPIM->PCR[((IOM_cfg[other_instance].IOHighPort-1U)& OSPI_IOM_PORT_MASK)], OCTOSPIM_PCR_IOHEN); + 800b8ec: 3c01 subs r4, #1 + 800b8ee: f004 0401 and.w r4, r4, #1 + 800b8f2: eb03 0484 add.w r4, r3, r4, lsl #2 + 800b8f6: 6867 ldr r7, [r4, #4] + 800b8f8: f027 7780 bic.w r7, r7, #16777216 ; 0x1000000 + 800b8fc: 6067 str r7, [r4, #4] + MODIFY_REG(OCTOSPIM->PCR[(cfg->NCSPort-1U)], (OCTOSPIM_PCR_NCSEN | OCTOSPIM_PCR_NCSSRC), (OCTOSPIM_PCR_NCSEN | (instance << OCTOSPIM_PCR_NCSSRC_Pos))); + 800b8fe: f10e 3eff add.w lr, lr, #4294967295 ; 0xffffffff + 800b902: eb03 0e8e add.w lr, r3, lr, lsl #2 + MODIFY_REG(OCTOSPIM->PCR[(cfg->ClkPort-1U)], (OCTOSPIM_PCR_CLKEN | OCTOSPIM_PCR_CLKSRC), (OCTOSPIM_PCR_CLKEN | (instance << OCTOSPIM_PCR_CLKSRC_Pos))); + 800b906: f10c 3cff add.w ip, ip, #4294967295 ; 0xffffffff + MODIFY_REG(OCTOSPIM->PCR[(cfg->NCSPort-1U)], (OCTOSPIM_PCR_NCSEN | OCTOSPIM_PCR_NCSSRC), (OCTOSPIM_PCR_NCSEN | (instance << OCTOSPIM_PCR_NCSSRC_Pos))); + 800b90a: f8de 4004 ldr.w r4, [lr, #4] + 800b90e: f424 7440 bic.w r4, r4, #768 ; 0x300 + 800b912: ea44 2440 orr.w r4, r4, r0, lsl #9 + 800b916: f444 7480 orr.w r4, r4, #256 ; 0x100 + MODIFY_REG(OCTOSPIM->PCR[(cfg->ClkPort-1U)], (OCTOSPIM_PCR_CLKEN | OCTOSPIM_PCR_CLKSRC), (OCTOSPIM_PCR_CLKEN | (instance << OCTOSPIM_PCR_CLKSRC_Pos))); + 800b91a: eb03 0c8c add.w ip, r3, ip, lsl #2 + MODIFY_REG(OCTOSPIM->PCR[(cfg->NCSPort-1U)], (OCTOSPIM_PCR_NCSEN | OCTOSPIM_PCR_NCSSRC), (OCTOSPIM_PCR_NCSEN | (instance << OCTOSPIM_PCR_NCSSRC_Pos))); + 800b91e: f8ce 4004 str.w r4, [lr, #4] + MODIFY_REG(OCTOSPIM->PCR[(cfg->ClkPort-1U)], (OCTOSPIM_PCR_CLKEN | OCTOSPIM_PCR_CLKSRC), (OCTOSPIM_PCR_CLKEN | (instance << OCTOSPIM_PCR_CLKSRC_Pos))); + 800b922: f8dc 4004 ldr.w r4, [ip, #4] + 800b926: f024 0403 bic.w r4, r4, #3 + 800b92a: ea44 0440 orr.w r4, r4, r0, lsl #1 + 800b92e: f044 0401 orr.w r4, r4, #1 + 800b932: f8cc 4004 str.w r4, [ip, #4] + if (cfg->DQSPort != 0U) + 800b936: b156 cbz r6, 800b94e + MODIFY_REG(OCTOSPIM->PCR[(cfg->DQSPort-1U)], (OCTOSPIM_PCR_DQSEN | OCTOSPIM_PCR_DQSSRC), (OCTOSPIM_PCR_DQSEN | (instance << OCTOSPIM_PCR_DQSSRC_Pos))); + 800b938: 3e01 subs r6, #1 + 800b93a: eb03 0686 add.w r6, r3, r6, lsl #2 + 800b93e: 6874 ldr r4, [r6, #4] + 800b940: f024 0430 bic.w r4, r4, #48 ; 0x30 + 800b944: ea44 1440 orr.w r4, r4, r0, lsl #5 + 800b948: f044 0410 orr.w r4, r4, #16 + 800b94c: 6074 str r4, [r6, #4] + if ((cfg->IOLowPort & OCTOSPIM_PCR_IOLEN) != 0U) + 800b94e: 03d4 lsls r4, r2, #15 + 800b950: d53a bpl.n 800b9c8 + MODIFY_REG(OCTOSPIM->PCR[((cfg->IOLowPort-1U)& OSPI_IOM_PORT_MASK)], (OCTOSPIM_PCR_IOLEN | OCTOSPIM_PCR_IOLSRC), + 800b952: 3a01 subs r2, #1 + 800b954: f002 0201 and.w r2, r2, #1 + 800b958: eb03 0282 add.w r2, r3, r2, lsl #2 + 800b95c: 6854 ldr r4, [r2, #4] + 800b95e: f424 24e0 bic.w r4, r4, #458752 ; 0x70000 + 800b962: ea44 4480 orr.w r4, r4, r0, lsl #18 + 800b966: f444 3480 orr.w r4, r4, #65536 ; 0x10000 + MODIFY_REG(OCTOSPIM->PCR[((cfg->IOLowPort-1U)& OSPI_IOM_PORT_MASK)], (OCTOSPIM_PCR_IOHEN | OCTOSPIM_PCR_IOHSRC), + 800b96a: 6054 str r4, [r2, #4] + if ((cfg->IOHighPort & OCTOSPIM_PCR_IOLEN) != 0U) + 800b96c: 03ca lsls r2, r1, #15 + 800b96e: d53a bpl.n 800b9e6 + MODIFY_REG(OCTOSPIM->PCR[((cfg->IOHighPort-1U)& OSPI_IOM_PORT_MASK)], (OCTOSPIM_PCR_IOLEN | OCTOSPIM_PCR_IOLSRC), + 800b970: 3901 subs r1, #1 + 800b972: f001 0101 and.w r1, r1, #1 + 800b976: eb03 0381 add.w r3, r3, r1, lsl #2 + 800b97a: 685a ldr r2, [r3, #4] + 800b97c: f422 22e0 bic.w r2, r2, #458752 ; 0x70000 + 800b980: ea42 4080 orr.w r0, r2, r0, lsl #18 + 800b984: f440 3040 orr.w r0, r0, #196608 ; 0x30000 + MODIFY_REG(OCTOSPIM->PCR[((cfg->IOHighPort-1U)& OSPI_IOM_PORT_MASK)], (OCTOSPIM_PCR_IOHEN | OCTOSPIM_PCR_IOHSRC), + 800b988: 6058 str r0, [r3, #4] + if ((ospi_enabled & 0x1U) != 0U) + 800b98a: b125 cbz r5, 800b996 + SET_BIT(OCTOSPI1->CR, OCTOSPI_CR_EN); + 800b98c: 4a0a ldr r2, [pc, #40] ; (800b9b8 ) + 800b98e: 6813 ldr r3, [r2, #0] + 800b990: f043 0301 orr.w r3, r3, #1 + 800b994: 6013 str r3, [r2, #0] + if ((ospi_enabled & 0x2U) != 0U) + 800b996: f01b 0f02 tst.w fp, #2 + SET_BIT(OCTOSPI2->CR, OCTOSPI_CR_EN); + 800b99a: bf1c itt ne + 800b99c: 4a08 ldrne r2, [pc, #32] ; (800b9c0 ) + 800b99e: 6813 ldrne r3, [r2, #0] +} + 800b9a0: f04f 0000 mov.w r0, #0 + SET_BIT(OCTOSPI2->CR, OCTOSPI_CR_EN); + 800b9a4: bf1c itt ne + 800b9a6: f043 0301 orrne.w r3, r3, #1 + 800b9aa: 6013 strne r3, [r2, #0] +} + 800b9ac: b00b add sp, #44 ; 0x2c + 800b9ae: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + 800b9b2: 4635 mov r5, r6 + 800b9b4: e691 b.n 800b6da + 800b9b6: bf00 nop + 800b9b8: a0001000 .word 0xa0001000 + 800b9bc: 50061c00 .word 0x50061c00 + 800b9c0: a0001400 .word 0xa0001400 + 800b9c4: 04040222 .word 0x04040222 + else if (cfg->IOLowPort != HAL_OSPIM_IOPORT_NONE) + 800b9c8: 2a00 cmp r2, #0 + 800b9ca: d0cf beq.n 800b96c + MODIFY_REG(OCTOSPIM->PCR[((cfg->IOLowPort-1U)& OSPI_IOM_PORT_MASK)], (OCTOSPIM_PCR_IOHEN | OCTOSPIM_PCR_IOHSRC), + 800b9cc: 3a01 subs r2, #1 + 800b9ce: f002 0201 and.w r2, r2, #1 + 800b9d2: eb03 0282 add.w r2, r3, r2, lsl #2 + 800b9d6: 6854 ldr r4, [r2, #4] + 800b9d8: f024 64e0 bic.w r4, r4, #117440512 ; 0x7000000 + 800b9dc: ea44 6480 orr.w r4, r4, r0, lsl #26 + 800b9e0: f044 7480 orr.w r4, r4, #16777216 ; 0x1000000 + 800b9e4: e7c1 b.n 800b96a + else if (cfg->IOHighPort != HAL_OSPIM_IOPORT_NONE) + 800b9e6: 2900 cmp r1, #0 + 800b9e8: d0cf beq.n 800b98a + MODIFY_REG(OCTOSPIM->PCR[((cfg->IOHighPort-1U)& OSPI_IOM_PORT_MASK)], (OCTOSPIM_PCR_IOHEN | OCTOSPIM_PCR_IOHSRC), + 800b9ea: 3901 subs r1, #1 + 800b9ec: f001 0101 and.w r1, r1, #1 + 800b9f0: eb03 0381 add.w r3, r3, r1, lsl #2 + 800b9f4: 685a ldr r2, [r3, #4] + 800b9f6: f022 62e0 bic.w r2, r2, #117440512 ; 0x7000000 + 800b9fa: ea42 6080 orr.w r0, r2, r0, lsl #26 + 800b9fe: f040 7040 orr.w r0, r0, #50331648 ; 0x3000000 + 800ba02: e7c1 b.n 800b988 + +0800ba04 : + * @arg @ref I2C_GENERATE_START_WRITE Generate Restart for write request. + * @retval None + */ +static void I2C_TransferConfig(I2C_HandleTypeDef *hi2c, uint16_t DevAddress, uint8_t Size, uint32_t Mode, + uint32_t Request) +{ + 800ba04: b530 push {r4, r5, lr} + 800ba06: 9d03 ldr r5, [sp, #12] + assert_param(IS_I2C_ALL_INSTANCE(hi2c->Instance)); + assert_param(IS_TRANSFER_MODE(Mode)); + assert_param(IS_TRANSFER_REQUEST(Request)); + + /* update CR2 register */ + MODIFY_REG(hi2c->Instance->CR2, + 800ba08: 6804 ldr r4, [r0, #0] + 800ba0a: ea45 4202 orr.w r2, r5, r2, lsl #16 + 800ba0e: 431a orrs r2, r3 + 800ba10: 4b05 ldr r3, [pc, #20] ; (800ba28 ) + 800ba12: 6860 ldr r0, [r4, #4] + 800ba14: f3c1 0109 ubfx r1, r1, #0, #10 + 800ba18: ea43 5355 orr.w r3, r3, r5, lsr #21 + 800ba1c: 430a orrs r2, r1 + 800ba1e: ea20 0003 bic.w r0, r0, r3 + 800ba22: 4302 orrs r2, r0 + 800ba24: 6062 str r2, [r4, #4] + ((I2C_CR2_SADD | I2C_CR2_NBYTES | I2C_CR2_RELOAD | I2C_CR2_AUTOEND | \ + (I2C_CR2_RD_WRN & (uint32_t)(Request >> (31U - I2C_CR2_RD_WRN_Pos))) | I2C_CR2_START | I2C_CR2_STOP)), \ + (uint32_t)(((uint32_t)DevAddress & I2C_CR2_SADD) | + (((uint32_t)Size << I2C_CR2_NBYTES_Pos) & I2C_CR2_NBYTES) | (uint32_t)Mode | (uint32_t)Request)); +} + 800ba26: bd30 pop {r4, r5, pc} + 800ba28: 03ff63ff .word 0x03ff63ff + +0800ba2c : + if (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_AF) == SET) + 800ba2c: 6803 ldr r3, [r0, #0] +{ + 800ba2e: b570 push {r4, r5, r6, lr} + 800ba30: 4604 mov r4, r0 + if (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_AF) == SET) + 800ba32: 6998 ldr r0, [r3, #24] + 800ba34: f010 0010 ands.w r0, r0, #16 +{ + 800ba38: 460d mov r5, r1 + 800ba3a: 4616 mov r6, r2 + if (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_AF) == SET) + 800ba3c: d116 bne.n 800ba6c +} + 800ba3e: bd70 pop {r4, r5, r6, pc} + if (Timeout != HAL_MAX_DELAY) + 800ba40: 1c6a adds r2, r5, #1 + 800ba42: d014 beq.n 800ba6e + if (((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 800ba44: f7fb fcd0 bl 80073e8 + 800ba48: 1b80 subs r0, r0, r6 + 800ba4a: 4285 cmp r5, r0 + 800ba4c: d300 bcc.n 800ba50 + 800ba4e: b96d cbnz r5, 800ba6c + hi2c->ErrorCode |= HAL_I2C_ERROR_TIMEOUT; + 800ba50: 6c63 ldr r3, [r4, #68] ; 0x44 + 800ba52: f043 0320 orr.w r3, r3, #32 + hi2c->ErrorCode |= HAL_I2C_ERROR_AF; + 800ba56: 6463 str r3, [r4, #68] ; 0x44 + hi2c->State = HAL_I2C_STATE_READY; + 800ba58: 2320 movs r3, #32 + 800ba5a: f884 3041 strb.w r3, [r4, #65] ; 0x41 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800ba5e: 2300 movs r3, #0 + 800ba60: f884 3042 strb.w r3, [r4, #66] ; 0x42 + __HAL_UNLOCK(hi2c); + 800ba64: f884 3040 strb.w r3, [r4, #64] ; 0x40 + return HAL_ERROR; + 800ba68: 2001 movs r0, #1 + 800ba6a: e7e8 b.n 800ba3e + while (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_STOPF) == RESET) + 800ba6c: 6823 ldr r3, [r4, #0] + 800ba6e: 699a ldr r2, [r3, #24] + 800ba70: 0690 lsls r0, r2, #26 + 800ba72: d5e5 bpl.n 800ba40 + __HAL_I2C_CLEAR_FLAG(hi2c, I2C_FLAG_AF); + 800ba74: 2210 movs r2, #16 + 800ba76: 61da str r2, [r3, #28] + __HAL_I2C_CLEAR_FLAG(hi2c, I2C_FLAG_STOPF); + 800ba78: 2220 movs r2, #32 + 800ba7a: 61da str r2, [r3, #28] + if (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_TXIS) != RESET) + 800ba7c: 699a ldr r2, [r3, #24] + 800ba7e: 0791 lsls r1, r2, #30 + hi2c->Instance->TXDR = 0x00U; + 800ba80: bf44 itt mi + 800ba82: 2200 movmi r2, #0 + 800ba84: 629a strmi r2, [r3, #40] ; 0x28 + if (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_TXE) == RESET) + 800ba86: 699a ldr r2, [r3, #24] + 800ba88: 07d2 lsls r2, r2, #31 + __HAL_I2C_CLEAR_FLAG(hi2c, I2C_FLAG_TXE); + 800ba8a: bf5e ittt pl + 800ba8c: 699a ldrpl r2, [r3, #24] + 800ba8e: f042 0201 orrpl.w r2, r2, #1 + 800ba92: 619a strpl r2, [r3, #24] + I2C_RESET_CR2(hi2c); + 800ba94: 685a ldr r2, [r3, #4] + 800ba96: f022 72ff bic.w r2, r2, #33423360 ; 0x1fe0000 + 800ba9a: f422 328b bic.w r2, r2, #71168 ; 0x11600 + 800ba9e: f422 72ff bic.w r2, r2, #510 ; 0x1fe + 800baa2: f022 0201 bic.w r2, r2, #1 + 800baa6: 605a str r2, [r3, #4] + hi2c->ErrorCode |= HAL_I2C_ERROR_AF; + 800baa8: 6c63 ldr r3, [r4, #68] ; 0x44 + 800baaa: f043 0304 orr.w r3, r3, #4 + 800baae: e7d2 b.n 800ba56 + +0800bab0 : +{ + 800bab0: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 800bab4: 9f06 ldr r7, [sp, #24] + 800bab6: 4604 mov r4, r0 + 800bab8: 4688 mov r8, r1 + 800baba: 4616 mov r6, r2 + 800babc: 461d mov r5, r3 + while (__HAL_I2C_GET_FLAG(hi2c, Flag) == Status) + 800babe: 6822 ldr r2, [r4, #0] + 800bac0: 6993 ldr r3, [r2, #24] + 800bac2: ea38 0303 bics.w r3, r8, r3 + 800bac6: bf0c ite eq + 800bac8: 2301 moveq r3, #1 + 800baca: 2300 movne r3, #0 + 800bacc: 42b3 cmp r3, r6 + 800bace: d001 beq.n 800bad4 + return HAL_OK; + 800bad0: 2000 movs r0, #0 + 800bad2: e015 b.n 800bb00 + if (Timeout != HAL_MAX_DELAY) + 800bad4: 1c6b adds r3, r5, #1 + 800bad6: d0f3 beq.n 800bac0 + if (((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 800bad8: f7fb fc86 bl 80073e8 + 800badc: 1bc0 subs r0, r0, r7 + 800bade: 42a8 cmp r0, r5 + 800bae0: d801 bhi.n 800bae6 + 800bae2: 2d00 cmp r5, #0 + 800bae4: d1eb bne.n 800babe + hi2c->ErrorCode |= HAL_I2C_ERROR_TIMEOUT; + 800bae6: 6c63 ldr r3, [r4, #68] ; 0x44 + 800bae8: f043 0320 orr.w r3, r3, #32 + 800baec: 6463 str r3, [r4, #68] ; 0x44 + hi2c->State = HAL_I2C_STATE_READY; + 800baee: 2320 movs r3, #32 + 800baf0: f884 3041 strb.w r3, [r4, #65] ; 0x41 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800baf4: 2300 movs r3, #0 + 800baf6: f884 3042 strb.w r3, [r4, #66] ; 0x42 + __HAL_UNLOCK(hi2c); + 800bafa: f884 3040 strb.w r3, [r4, #64] ; 0x40 + 800bafe: 2001 movs r0, #1 +} + 800bb00: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + +0800bb04 : +{ + 800bb04: b570 push {r4, r5, r6, lr} + 800bb06: 4604 mov r4, r0 + 800bb08: 460d mov r5, r1 + 800bb0a: 4616 mov r6, r2 + while (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_STOPF) == RESET) + 800bb0c: 6823 ldr r3, [r4, #0] + 800bb0e: 699b ldr r3, [r3, #24] + 800bb10: 069b lsls r3, r3, #26 + 800bb12: d501 bpl.n 800bb18 + return HAL_OK; + 800bb14: 2000 movs r0, #0 +} + 800bb16: bd70 pop {r4, r5, r6, pc} + if (I2C_IsAcknowledgeFailed(hi2c, Timeout, Tickstart) != HAL_OK) + 800bb18: 4632 mov r2, r6 + 800bb1a: 4629 mov r1, r5 + 800bb1c: 4620 mov r0, r4 + 800bb1e: f7ff ff85 bl 800ba2c + 800bb22: b990 cbnz r0, 800bb4a + if (((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 800bb24: f7fb fc60 bl 80073e8 + 800bb28: 1b80 subs r0, r0, r6 + 800bb2a: 42a8 cmp r0, r5 + 800bb2c: d801 bhi.n 800bb32 + 800bb2e: 2d00 cmp r5, #0 + 800bb30: d1ec bne.n 800bb0c + hi2c->ErrorCode |= HAL_I2C_ERROR_TIMEOUT; + 800bb32: 6c63 ldr r3, [r4, #68] ; 0x44 + 800bb34: f043 0320 orr.w r3, r3, #32 + 800bb38: 6463 str r3, [r4, #68] ; 0x44 + hi2c->State = HAL_I2C_STATE_READY; + 800bb3a: 2320 movs r3, #32 + 800bb3c: f884 3041 strb.w r3, [r4, #65] ; 0x41 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800bb40: 2300 movs r3, #0 + 800bb42: f884 3042 strb.w r3, [r4, #66] ; 0x42 + __HAL_UNLOCK(hi2c); + 800bb46: f884 3040 strb.w r3, [r4, #64] ; 0x40 + return HAL_ERROR; + 800bb4a: 2001 movs r0, #1 + 800bb4c: e7e3 b.n 800bb16 + +0800bb4e : +} + 800bb4e: 4770 bx lr + +0800bb50 : +{ + 800bb50: b510 push {r4, lr} + if (hi2c == NULL) + 800bb52: 4604 mov r4, r0 + 800bb54: 2800 cmp r0, #0 + 800bb56: d04a beq.n 800bbee + if (hi2c->State == HAL_I2C_STATE_RESET) + 800bb58: f890 3041 ldrb.w r3, [r0, #65] ; 0x41 + 800bb5c: f003 02ff and.w r2, r3, #255 ; 0xff + 800bb60: b91b cbnz r3, 800bb6a + hi2c->Lock = HAL_UNLOCKED; + 800bb62: f880 2040 strb.w r2, [r0, #64] ; 0x40 + HAL_I2C_MspInit(hi2c); + 800bb66: f7ff fff2 bl 800bb4e + hi2c->State = HAL_I2C_STATE_BUSY; + 800bb6a: 2324 movs r3, #36 ; 0x24 + 800bb6c: f884 3041 strb.w r3, [r4, #65] ; 0x41 + __HAL_I2C_DISABLE(hi2c); + 800bb70: 6823 ldr r3, [r4, #0] + 800bb72: 681a ldr r2, [r3, #0] + 800bb74: f022 0201 bic.w r2, r2, #1 + 800bb78: 601a str r2, [r3, #0] + hi2c->Instance->TIMINGR = hi2c->Init.Timing & TIMING_CLEAR_MASK; + 800bb7a: 6862 ldr r2, [r4, #4] + 800bb7c: f022 6270 bic.w r2, r2, #251658240 ; 0xf000000 + 800bb80: 611a str r2, [r3, #16] + hi2c->Instance->OAR1 &= ~I2C_OAR1_OA1EN; + 800bb82: 689a ldr r2, [r3, #8] + 800bb84: f422 4200 bic.w r2, r2, #32768 ; 0x8000 + 800bb88: 609a str r2, [r3, #8] + hi2c->Instance->OAR1 = (I2C_OAR1_OA1EN | hi2c->Init.OwnAddress1); + 800bb8a: e9d4 2102 ldrd r2, r1, [r4, #8] + if (hi2c->Init.AddressingMode == I2C_ADDRESSINGMODE_7BIT) + 800bb8e: 2901 cmp r1, #1 + 800bb90: d124 bne.n 800bbdc + hi2c->Instance->OAR1 = (I2C_OAR1_OA1EN | hi2c->Init.OwnAddress1); + 800bb92: f442 4200 orr.w r2, r2, #32768 ; 0x8000 + 800bb96: 609a str r2, [r3, #8] + hi2c->Instance->CR2 |= (I2C_CR2_AUTOEND | I2C_CR2_NACK); + 800bb98: 685a ldr r2, [r3, #4] + 800bb9a: f042 7200 orr.w r2, r2, #33554432 ; 0x2000000 + 800bb9e: f442 4200 orr.w r2, r2, #32768 ; 0x8000 + 800bba2: 605a str r2, [r3, #4] + hi2c->Instance->OAR2 &= ~I2C_DUALADDRESS_ENABLE; + 800bba4: 68da ldr r2, [r3, #12] + 800bba6: f422 4200 bic.w r2, r2, #32768 ; 0x8000 + 800bbaa: 60da str r2, [r3, #12] + hi2c->Instance->OAR2 = (hi2c->Init.DualAddressMode | hi2c->Init.OwnAddress2 | (hi2c->Init.OwnAddress2Masks << 8)); + 800bbac: e9d4 2104 ldrd r2, r1, [r4, #16] + 800bbb0: 430a orrs r2, r1 + 800bbb2: 69a1 ldr r1, [r4, #24] + 800bbb4: ea42 2201 orr.w r2, r2, r1, lsl #8 + 800bbb8: 60da str r2, [r3, #12] + hi2c->Instance->CR1 = (hi2c->Init.GeneralCallMode | hi2c->Init.NoStretchMode); + 800bbba: e9d4 2107 ldrd r2, r1, [r4, #28] + 800bbbe: 430a orrs r2, r1 + 800bbc0: 601a str r2, [r3, #0] + __HAL_I2C_ENABLE(hi2c); + 800bbc2: 681a ldr r2, [r3, #0] + 800bbc4: f042 0201 orr.w r2, r2, #1 + 800bbc8: 601a str r2, [r3, #0] + hi2c->ErrorCode = HAL_I2C_ERROR_NONE; + 800bbca: 2000 movs r0, #0 + hi2c->State = HAL_I2C_STATE_READY; + 800bbcc: 2320 movs r3, #32 + hi2c->ErrorCode = HAL_I2C_ERROR_NONE; + 800bbce: 6460 str r0, [r4, #68] ; 0x44 + hi2c->State = HAL_I2C_STATE_READY; + 800bbd0: f884 3041 strb.w r3, [r4, #65] ; 0x41 + hi2c->PreviousState = I2C_STATE_NONE; + 800bbd4: 6320 str r0, [r4, #48] ; 0x30 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800bbd6: f884 0042 strb.w r0, [r4, #66] ; 0x42 +} + 800bbda: bd10 pop {r4, pc} + hi2c->Instance->OAR1 = (I2C_OAR1_OA1EN | I2C_OAR1_OA1MODE | hi2c->Init.OwnAddress1); + 800bbdc: f442 4204 orr.w r2, r2, #33792 ; 0x8400 + if (hi2c->Init.AddressingMode == I2C_ADDRESSINGMODE_10BIT) + 800bbe0: 2902 cmp r1, #2 + hi2c->Instance->OAR1 = (I2C_OAR1_OA1EN | I2C_OAR1_OA1MODE | hi2c->Init.OwnAddress1); + 800bbe2: 609a str r2, [r3, #8] + hi2c->Instance->CR2 = (I2C_CR2_ADD10); + 800bbe4: bf04 itt eq + 800bbe6: f44f 6200 moveq.w r2, #2048 ; 0x800 + 800bbea: 605a streq r2, [r3, #4] + 800bbec: e7d4 b.n 800bb98 + return HAL_ERROR; + 800bbee: 2001 movs r0, #1 + 800bbf0: e7f3 b.n 800bbda + +0800bbf2 : + 800bbf2: 4770 bx lr + +0800bbf4 : +{ + 800bbf4: e92d 47f3 stmdb sp!, {r0, r1, r4, r5, r6, r7, r8, r9, sl, lr} + 800bbf8: 4698 mov r8, r3 + if (hi2c->State == HAL_I2C_STATE_READY) + 800bbfa: f890 3041 ldrb.w r3, [r0, #65] ; 0x41 +{ + 800bbfe: 9f0a ldr r7, [sp, #40] ; 0x28 + if (hi2c->State == HAL_I2C_STATE_READY) + 800bc00: 2b20 cmp r3, #32 +{ + 800bc02: 4604 mov r4, r0 + 800bc04: 460e mov r6, r1 + 800bc06: 4691 mov r9, r2 + if (hi2c->State == HAL_I2C_STATE_READY) + 800bc08: f040 80a3 bne.w 800bd52 + __HAL_LOCK(hi2c); + 800bc0c: f890 3040 ldrb.w r3, [r0, #64] ; 0x40 + 800bc10: 2b01 cmp r3, #1 + 800bc12: f000 809e beq.w 800bd52 + 800bc16: f04f 0a01 mov.w sl, #1 + 800bc1a: f880 a040 strb.w sl, [r0, #64] ; 0x40 + tickstart = HAL_GetTick(); + 800bc1e: f7fb fbe3 bl 80073e8 + if (I2C_WaitOnFlagUntilTimeout(hi2c, I2C_FLAG_BUSY, SET, I2C_TIMEOUT_BUSY, tickstart) != HAL_OK) + 800bc22: 2319 movs r3, #25 + tickstart = HAL_GetTick(); + 800bc24: 4605 mov r5, r0 + if (I2C_WaitOnFlagUntilTimeout(hi2c, I2C_FLAG_BUSY, SET, I2C_TIMEOUT_BUSY, tickstart) != HAL_OK) + 800bc26: 9000 str r0, [sp, #0] + 800bc28: 4652 mov r2, sl + 800bc2a: f44f 4100 mov.w r1, #32768 ; 0x8000 + 800bc2e: 4620 mov r0, r4 + 800bc30: f7ff ff3e bl 800bab0 + 800bc34: b118 cbz r0, 800bc3e + return HAL_ERROR; + 800bc36: 2001 movs r0, #1 +} + 800bc38: b002 add sp, #8 + 800bc3a: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + hi2c->State = HAL_I2C_STATE_BUSY_TX; + 800bc3e: 2321 movs r3, #33 ; 0x21 + 800bc40: f884 3041 strb.w r3, [r4, #65] ; 0x41 + hi2c->Mode = HAL_I2C_MODE_MASTER; + 800bc44: 2310 movs r3, #16 + 800bc46: f884 3042 strb.w r3, [r4, #66] ; 0x42 + hi2c->ErrorCode = HAL_I2C_ERROR_NONE; + 800bc4a: 6460 str r0, [r4, #68] ; 0x44 + hi2c->XferCount = Size; + 800bc4c: f8a4 802a strh.w r8, [r4, #42] ; 0x2a + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800bc50: 8d63 ldrh r3, [r4, #42] ; 0x2a + hi2c->pBuffPtr = pData; + 800bc52: f8c4 9024 str.w r9, [r4, #36] ; 0x24 + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800bc56: b29b uxth r3, r3 + 800bc58: 2bff cmp r3, #255 ; 0xff + hi2c->XferISR = NULL; + 800bc5a: 6360 str r0, [r4, #52] ; 0x34 + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800bc5c: 4b3e ldr r3, [pc, #248] ; (800bd58 ) + 800bc5e: d927 bls.n 800bcb0 + hi2c->XferSize = MAX_NBYTE_SIZE; + 800bc60: 22ff movs r2, #255 ; 0xff + 800bc62: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_RELOAD_MODE, I2C_GENERATE_START_WRITE); + 800bc64: 9300 str r3, [sp, #0] + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_RELOAD_MODE, I2C_NO_STARTSTOP); + 800bc66: f04f 7380 mov.w r3, #16777216 ; 0x1000000 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800bc6a: 4631 mov r1, r6 + 800bc6c: 4620 mov r0, r4 + 800bc6e: f7ff fec9 bl 800ba04 + while (hi2c->XferCount > 0U) + 800bc72: 8d63 ldrh r3, [r4, #42] ; 0x2a + 800bc74: b29b uxth r3, r3 + 800bc76: 2b00 cmp r3, #0 + 800bc78: d13e bne.n 800bcf8 + if (I2C_WaitOnSTOPFlagUntilTimeout(hi2c, Timeout, tickstart) != HAL_OK) + 800bc7a: 462a mov r2, r5 + 800bc7c: 4639 mov r1, r7 + 800bc7e: 4620 mov r0, r4 + 800bc80: f7ff ff40 bl 800bb04 + 800bc84: 2800 cmp r0, #0 + 800bc86: d1d6 bne.n 800bc36 + __HAL_I2C_CLEAR_FLAG(hi2c, I2C_FLAG_STOPF); + 800bc88: 6823 ldr r3, [r4, #0] + 800bc8a: 2120 movs r1, #32 + 800bc8c: 61d9 str r1, [r3, #28] + I2C_RESET_CR2(hi2c); + 800bc8e: 685a ldr r2, [r3, #4] + 800bc90: f022 72ff bic.w r2, r2, #33423360 ; 0x1fe0000 + 800bc94: f422 328b bic.w r2, r2, #71168 ; 0x11600 + 800bc98: f422 72ff bic.w r2, r2, #510 ; 0x1fe + 800bc9c: f022 0201 bic.w r2, r2, #1 + 800bca0: 605a str r2, [r3, #4] + hi2c->State = HAL_I2C_STATE_READY; + 800bca2: f884 1041 strb.w r1, [r4, #65] ; 0x41 + __HAL_UNLOCK(hi2c); + 800bca6: f884 0040 strb.w r0, [r4, #64] ; 0x40 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800bcaa: f884 0042 strb.w r0, [r4, #66] ; 0x42 + return HAL_OK; + 800bcae: e7c3 b.n 800bc38 + hi2c->XferSize = hi2c->XferCount; + 800bcb0: 8d62 ldrh r2, [r4, #42] ; 0x2a + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_GENERATE_START_WRITE); + 800bcb2: 9300 str r3, [sp, #0] + hi2c->XferSize = hi2c->XferCount; + 800bcb4: b292 uxth r2, r2 + 800bcb6: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800bcb8: f04f 7300 mov.w r3, #33554432 ; 0x2000000 + 800bcbc: b2d2 uxtb r2, r2 + 800bcbe: e7d4 b.n 800bc6a + if (I2C_IsAcknowledgeFailed(hi2c, Timeout, Tickstart) != HAL_OK) + 800bcc0: 462a mov r2, r5 + 800bcc2: 4639 mov r1, r7 + 800bcc4: 4620 mov r0, r4 + 800bcc6: f7ff feb1 bl 800ba2c + 800bcca: 2800 cmp r0, #0 + 800bccc: d1b3 bne.n 800bc36 + if (Timeout != HAL_MAX_DELAY) + 800bcce: 1c7a adds r2, r7, #1 + 800bcd0: d012 beq.n 800bcf8 + if (((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 800bcd2: f7fb fb89 bl 80073e8 + 800bcd6: 1b40 subs r0, r0, r5 + 800bcd8: 4287 cmp r7, r0 + 800bcda: d300 bcc.n 800bcde + 800bcdc: b967 cbnz r7, 800bcf8 + hi2c->ErrorCode |= HAL_I2C_ERROR_TIMEOUT; + 800bcde: 6c63 ldr r3, [r4, #68] ; 0x44 + 800bce0: f043 0320 orr.w r3, r3, #32 + 800bce4: 6463 str r3, [r4, #68] ; 0x44 + hi2c->State = HAL_I2C_STATE_READY; + 800bce6: 2320 movs r3, #32 + 800bce8: f884 3041 strb.w r3, [r4, #65] ; 0x41 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800bcec: 2300 movs r3, #0 + 800bcee: f884 3042 strb.w r3, [r4, #66] ; 0x42 + __HAL_UNLOCK(hi2c); + 800bcf2: f884 3040 strb.w r3, [r4, #64] ; 0x40 + 800bcf6: e79e b.n 800bc36 + while (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_TXIS) == RESET) + 800bcf8: 6822 ldr r2, [r4, #0] + 800bcfa: 6993 ldr r3, [r2, #24] + 800bcfc: 079b lsls r3, r3, #30 + 800bcfe: d5df bpl.n 800bcc0 + hi2c->Instance->TXDR = *hi2c->pBuffPtr; + 800bd00: 6a63 ldr r3, [r4, #36] ; 0x24 + 800bd02: f813 1b01 ldrb.w r1, [r3], #1 + 800bd06: 6291 str r1, [r2, #40] ; 0x28 + hi2c->pBuffPtr++; + 800bd08: 6263 str r3, [r4, #36] ; 0x24 + hi2c->XferCount--; + 800bd0a: 8d63 ldrh r3, [r4, #42] ; 0x2a + hi2c->XferSize--; + 800bd0c: 8d22 ldrh r2, [r4, #40] ; 0x28 + hi2c->XferCount--; + 800bd0e: 3b01 subs r3, #1 + 800bd10: b29b uxth r3, r3 + 800bd12: 8563 strh r3, [r4, #42] ; 0x2a + if ((hi2c->XferCount != 0U) && (hi2c->XferSize == 0U)) + 800bd14: 8d63 ldrh r3, [r4, #42] ; 0x2a + hi2c->XferSize--; + 800bd16: 3a01 subs r2, #1 + 800bd18: b292 uxth r2, r2 + if ((hi2c->XferCount != 0U) && (hi2c->XferSize == 0U)) + 800bd1a: b29b uxth r3, r3 + hi2c->XferSize--; + 800bd1c: 8522 strh r2, [r4, #40] ; 0x28 + if ((hi2c->XferCount != 0U) && (hi2c->XferSize == 0U)) + 800bd1e: 2b00 cmp r3, #0 + 800bd20: d0a7 beq.n 800bc72 + 800bd22: 2a00 cmp r2, #0 + 800bd24: d1a5 bne.n 800bc72 + if (I2C_WaitOnFlagUntilTimeout(hi2c, I2C_FLAG_TCR, RESET, Timeout, tickstart) != HAL_OK) + 800bd26: 9500 str r5, [sp, #0] + 800bd28: 463b mov r3, r7 + 800bd2a: 2180 movs r1, #128 ; 0x80 + 800bd2c: 4620 mov r0, r4 + 800bd2e: f7ff febf bl 800bab0 + 800bd32: 2800 cmp r0, #0 + 800bd34: f47f af7f bne.w 800bc36 + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800bd38: 8d63 ldrh r3, [r4, #42] ; 0x2a + 800bd3a: b29b uxth r3, r3 + 800bd3c: 2bff cmp r3, #255 ; 0xff + 800bd3e: d903 bls.n 800bd48 + hi2c->XferSize = MAX_NBYTE_SIZE; + 800bd40: 22ff movs r2, #255 ; 0xff + 800bd42: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_RELOAD_MODE, I2C_NO_STARTSTOP); + 800bd44: 9000 str r0, [sp, #0] + 800bd46: e78e b.n 800bc66 + hi2c->XferSize = hi2c->XferCount; + 800bd48: 8d62 ldrh r2, [r4, #42] ; 0x2a + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800bd4a: 9000 str r0, [sp, #0] + hi2c->XferSize = hi2c->XferCount; + 800bd4c: b292 uxth r2, r2 + 800bd4e: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800bd50: e7b2 b.n 800bcb8 + return HAL_BUSY; + 800bd52: 2002 movs r0, #2 + 800bd54: e770 b.n 800bc38 + 800bd56: bf00 nop + 800bd58: 80002000 .word 0x80002000 + +0800bd5c : +{ + 800bd5c: e92d 47f3 stmdb sp!, {r0, r1, r4, r5, r6, r7, r8, r9, sl, lr} + 800bd60: 4698 mov r8, r3 + if (hi2c->State == HAL_I2C_STATE_READY) + 800bd62: f890 3041 ldrb.w r3, [r0, #65] ; 0x41 +{ + 800bd66: 9f0a ldr r7, [sp, #40] ; 0x28 + if (hi2c->State == HAL_I2C_STATE_READY) + 800bd68: 2b20 cmp r3, #32 +{ + 800bd6a: 4604 mov r4, r0 + 800bd6c: 460e mov r6, r1 + 800bd6e: 4691 mov r9, r2 + if (hi2c->State == HAL_I2C_STATE_READY) + 800bd70: f040 80be bne.w 800bef0 + __HAL_LOCK(hi2c); + 800bd74: f890 3040 ldrb.w r3, [r0, #64] ; 0x40 + 800bd78: 2b01 cmp r3, #1 + 800bd7a: f000 80b9 beq.w 800bef0 + 800bd7e: f04f 0a01 mov.w sl, #1 + 800bd82: f880 a040 strb.w sl, [r0, #64] ; 0x40 + tickstart = HAL_GetTick(); + 800bd86: f7fb fb2f bl 80073e8 + if (I2C_WaitOnFlagUntilTimeout(hi2c, I2C_FLAG_BUSY, SET, I2C_TIMEOUT_BUSY, tickstart) != HAL_OK) + 800bd8a: 2319 movs r3, #25 + tickstart = HAL_GetTick(); + 800bd8c: 4605 mov r5, r0 + if (I2C_WaitOnFlagUntilTimeout(hi2c, I2C_FLAG_BUSY, SET, I2C_TIMEOUT_BUSY, tickstart) != HAL_OK) + 800bd8e: 9000 str r0, [sp, #0] + 800bd90: 4652 mov r2, sl + 800bd92: f44f 4100 mov.w r1, #32768 ; 0x8000 + 800bd96: 4620 mov r0, r4 + 800bd98: f7ff fe8a bl 800bab0 + 800bd9c: b118 cbz r0, 800bda6 + return HAL_ERROR; + 800bd9e: 2001 movs r0, #1 +} + 800bda0: b002 add sp, #8 + 800bda2: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + hi2c->State = HAL_I2C_STATE_BUSY_RX; + 800bda6: 2322 movs r3, #34 ; 0x22 + 800bda8: f884 3041 strb.w r3, [r4, #65] ; 0x41 + hi2c->Mode = HAL_I2C_MODE_MASTER; + 800bdac: 2310 movs r3, #16 + 800bdae: f884 3042 strb.w r3, [r4, #66] ; 0x42 + hi2c->ErrorCode = HAL_I2C_ERROR_NONE; + 800bdb2: 6460 str r0, [r4, #68] ; 0x44 + hi2c->XferCount = Size; + 800bdb4: f8a4 802a strh.w r8, [r4, #42] ; 0x2a + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800bdb8: 8d63 ldrh r3, [r4, #42] ; 0x2a + hi2c->pBuffPtr = pData; + 800bdba: f8c4 9024 str.w r9, [r4, #36] ; 0x24 + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800bdbe: b29b uxth r3, r3 + 800bdc0: 2bff cmp r3, #255 ; 0xff + hi2c->XferISR = NULL; + 800bdc2: 6360 str r0, [r4, #52] ; 0x34 + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800bdc4: 4b4b ldr r3, [pc, #300] ; (800bef4 ) + 800bdc6: d909 bls.n 800bddc + hi2c->XferSize = MAX_NBYTE_SIZE; + 800bdc8: 22ff movs r2, #255 ; 0xff + 800bdca: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_RELOAD_MODE, I2C_GENERATE_START_READ); + 800bdcc: 9300 str r3, [sp, #0] + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_RELOAD_MODE, I2C_NO_STARTSTOP); + 800bdce: f04f 7380 mov.w r3, #16777216 ; 0x1000000 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800bdd2: 4631 mov r1, r6 + 800bdd4: 4620 mov r0, r4 + 800bdd6: f7ff fe15 bl 800ba04 + 800bdda: e052 b.n 800be82 + hi2c->XferSize = hi2c->XferCount; + 800bddc: 8d62 ldrh r2, [r4, #42] ; 0x2a + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_GENERATE_START_READ); + 800bdde: 9300 str r3, [sp, #0] + hi2c->XferSize = hi2c->XferCount; + 800bde0: b292 uxth r2, r2 + 800bde2: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800bde4: f04f 7300 mov.w r3, #33554432 ; 0x2000000 + 800bde8: b2d2 uxtb r2, r2 + 800bdea: e7f2 b.n 800bdd2 + __HAL_I2C_CLEAR_FLAG(hi2c, I2C_FLAG_STOPF); + 800bdec: 2120 movs r1, #32 + 800bdee: 61d9 str r1, [r3, #28] + I2C_RESET_CR2(hi2c); + 800bdf0: 685a ldr r2, [r3, #4] + 800bdf2: f022 72ff bic.w r2, r2, #33423360 ; 0x1fe0000 + 800bdf6: f422 328b bic.w r2, r2, #71168 ; 0x11600 + 800bdfa: f422 72ff bic.w r2, r2, #510 ; 0x1fe + 800bdfe: f022 0201 bic.w r2, r2, #1 + 800be02: 605a str r2, [r3, #4] + hi2c->ErrorCode = HAL_I2C_ERROR_NONE; + 800be04: 2300 movs r3, #0 + 800be06: 6463 str r3, [r4, #68] ; 0x44 + hi2c->State = HAL_I2C_STATE_READY; + 800be08: f884 1041 strb.w r1, [r4, #65] ; 0x41 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800be0c: f884 3042 strb.w r3, [r4, #66] ; 0x42 + __HAL_UNLOCK(hi2c); + 800be10: f884 3040 strb.w r3, [r4, #64] ; 0x40 + 800be14: e7c3 b.n 800bd9e + if (((HAL_GetTick() - Tickstart) > Timeout) || (Timeout == 0U)) + 800be16: f7fb fae7 bl 80073e8 + 800be1a: 1b40 subs r0, r0, r5 + 800be1c: 4287 cmp r7, r0 + 800be1e: d300 bcc.n 800be22 + 800be20: b947 cbnz r7, 800be34 + hi2c->ErrorCode |= HAL_I2C_ERROR_TIMEOUT; + 800be22: 6c63 ldr r3, [r4, #68] ; 0x44 + 800be24: f043 0320 orr.w r3, r3, #32 + 800be28: 6463 str r3, [r4, #68] ; 0x44 + hi2c->State = HAL_I2C_STATE_READY; + 800be2a: 2320 movs r3, #32 + 800be2c: f884 3041 strb.w r3, [r4, #65] ; 0x41 + __HAL_UNLOCK(hi2c); + 800be30: 2300 movs r3, #0 + 800be32: e7ed b.n 800be10 + while (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_RXNE) == RESET) + 800be34: 6823 ldr r3, [r4, #0] + 800be36: 699b ldr r3, [r3, #24] + 800be38: 075b lsls r3, r3, #29 + 800be3a: d410 bmi.n 800be5e + if (I2C_IsAcknowledgeFailed(hi2c, Timeout, Tickstart) != HAL_OK) + 800be3c: 462a mov r2, r5 + 800be3e: 4639 mov r1, r7 + 800be40: 4620 mov r0, r4 + 800be42: f7ff fdf3 bl 800ba2c + 800be46: 2800 cmp r0, #0 + 800be48: d1a9 bne.n 800bd9e + if (__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_STOPF) == SET) + 800be4a: 6823 ldr r3, [r4, #0] + 800be4c: 699a ldr r2, [r3, #24] + 800be4e: 0691 lsls r1, r2, #26 + 800be50: d5e1 bpl.n 800be16 + if ((__HAL_I2C_GET_FLAG(hi2c, I2C_FLAG_RXNE) == SET) && (hi2c->XferSize > 0U)) + 800be52: 699a ldr r2, [r3, #24] + 800be54: 0752 lsls r2, r2, #29 + 800be56: d5c9 bpl.n 800bdec + 800be58: 8d22 ldrh r2, [r4, #40] ; 0x28 + 800be5a: 2a00 cmp r2, #0 + 800be5c: d0c6 beq.n 800bdec + *hi2c->pBuffPtr = (uint8_t)hi2c->Instance->RXDR; + 800be5e: 6823 ldr r3, [r4, #0] + 800be60: 6a5a ldr r2, [r3, #36] ; 0x24 + 800be62: 6a63 ldr r3, [r4, #36] ; 0x24 + 800be64: 701a strb r2, [r3, #0] + hi2c->pBuffPtr++; + 800be66: 6a63 ldr r3, [r4, #36] ; 0x24 + hi2c->XferSize--; + 800be68: 8d22 ldrh r2, [r4, #40] ; 0x28 + hi2c->pBuffPtr++; + 800be6a: 3301 adds r3, #1 + 800be6c: 6263 str r3, [r4, #36] ; 0x24 + hi2c->XferCount--; + 800be6e: 8d63 ldrh r3, [r4, #42] ; 0x2a + 800be70: 3b01 subs r3, #1 + 800be72: b29b uxth r3, r3 + 800be74: 8563 strh r3, [r4, #42] ; 0x2a + if ((hi2c->XferCount != 0U) && (hi2c->XferSize == 0U)) + 800be76: 8d63 ldrh r3, [r4, #42] ; 0x2a + hi2c->XferSize--; + 800be78: 3a01 subs r2, #1 + 800be7a: b292 uxth r2, r2 + if ((hi2c->XferCount != 0U) && (hi2c->XferSize == 0U)) + 800be7c: b29b uxth r3, r3 + hi2c->XferSize--; + 800be7e: 8522 strh r2, [r4, #40] ; 0x28 + if ((hi2c->XferCount != 0U) && (hi2c->XferSize == 0U)) + 800be80: b9f3 cbnz r3, 800bec0 + while (hi2c->XferCount > 0U) + 800be82: 8d63 ldrh r3, [r4, #42] ; 0x2a + 800be84: b29b uxth r3, r3 + 800be86: 2b00 cmp r3, #0 + 800be88: d1d4 bne.n 800be34 + if (I2C_WaitOnSTOPFlagUntilTimeout(hi2c, Timeout, tickstart) != HAL_OK) + 800be8a: 462a mov r2, r5 + 800be8c: 4639 mov r1, r7 + 800be8e: 4620 mov r0, r4 + 800be90: f7ff fe38 bl 800bb04 + 800be94: 2800 cmp r0, #0 + 800be96: d182 bne.n 800bd9e + __HAL_I2C_CLEAR_FLAG(hi2c, I2C_FLAG_STOPF); + 800be98: 6823 ldr r3, [r4, #0] + 800be9a: 2120 movs r1, #32 + 800be9c: 61d9 str r1, [r3, #28] + I2C_RESET_CR2(hi2c); + 800be9e: 685a ldr r2, [r3, #4] + 800bea0: f022 72ff bic.w r2, r2, #33423360 ; 0x1fe0000 + 800bea4: f422 328b bic.w r2, r2, #71168 ; 0x11600 + 800bea8: f422 72ff bic.w r2, r2, #510 ; 0x1fe + 800beac: f022 0201 bic.w r2, r2, #1 + 800beb0: 605a str r2, [r3, #4] + hi2c->State = HAL_I2C_STATE_READY; + 800beb2: f884 1041 strb.w r1, [r4, #65] ; 0x41 + __HAL_UNLOCK(hi2c); + 800beb6: f884 0040 strb.w r0, [r4, #64] ; 0x40 + hi2c->Mode = HAL_I2C_MODE_NONE; + 800beba: f884 0042 strb.w r0, [r4, #66] ; 0x42 + return HAL_OK; + 800bebe: e76f b.n 800bda0 + if ((hi2c->XferCount != 0U) && (hi2c->XferSize == 0U)) + 800bec0: 2a00 cmp r2, #0 + 800bec2: d1de bne.n 800be82 + if (I2C_WaitOnFlagUntilTimeout(hi2c, I2C_FLAG_TCR, RESET, Timeout, tickstart) != HAL_OK) + 800bec4: 9500 str r5, [sp, #0] + 800bec6: 463b mov r3, r7 + 800bec8: 2180 movs r1, #128 ; 0x80 + 800beca: 4620 mov r0, r4 + 800becc: f7ff fdf0 bl 800bab0 + 800bed0: 2800 cmp r0, #0 + 800bed2: f47f af64 bne.w 800bd9e + if (hi2c->XferCount > MAX_NBYTE_SIZE) + 800bed6: 8d63 ldrh r3, [r4, #42] ; 0x2a + 800bed8: b29b uxth r3, r3 + 800beda: 2bff cmp r3, #255 ; 0xff + 800bedc: d903 bls.n 800bee6 + hi2c->XferSize = MAX_NBYTE_SIZE; + 800bede: 22ff movs r2, #255 ; 0xff + 800bee0: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_RELOAD_MODE, I2C_NO_STARTSTOP); + 800bee2: 9000 str r0, [sp, #0] + 800bee4: e773 b.n 800bdce + hi2c->XferSize = hi2c->XferCount; + 800bee6: 8d62 ldrh r2, [r4, #42] ; 0x2a + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800bee8: 9000 str r0, [sp, #0] + hi2c->XferSize = hi2c->XferCount; + 800beea: b292 uxth r2, r2 + 800beec: 8522 strh r2, [r4, #40] ; 0x28 + I2C_TransferConfig(hi2c, DevAddress, (uint8_t)hi2c->XferSize, I2C_AUTOEND_MODE, I2C_NO_STARTSTOP); + 800beee: e779 b.n 800bde4 + return HAL_BUSY; + 800bef0: 2002 movs r0, #2 + 800bef2: e755 b.n 800bda0 + 800bef4: 80002400 .word 0x80002400 + +0800bef8 : + * @param hsd Pointer to SD handle + * @param pSCR pointer to the buffer that will contain the SCR value + * @retval error state + */ +static uint32_t SD_FindSCR(SD_HandleTypeDef *hsd, uint32_t *pSCR) +{ + 800bef8: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + 800befc: b086 sub sp, #24 + 800befe: 4605 mov r5, r0 + 800bf00: 4688 mov r8, r1 + SDMMC_DataInitTypeDef config; + uint32_t errorstate; + uint32_t tickstart = HAL_GetTick(); + 800bf02: f7fb fa71 bl 80073e8 + uint32_t index = 0U; + uint32_t tempscr[2U] = {0UL, 0UL}; + uint32_t *scr = pSCR; + + /* Set Block Size To 8 Bytes */ + errorstate = SDMMC_CmdBlockLength(hsd->Instance, 8U); + 800bf06: 2108 movs r1, #8 + uint32_t tickstart = HAL_GetTick(); + 800bf08: 4681 mov r9, r0 + errorstate = SDMMC_CmdBlockLength(hsd->Instance, 8U); + 800bf0a: 6828 ldr r0, [r5, #0] + 800bf0c: f001 f996 bl 800d23c + if(errorstate != HAL_SD_ERROR_NONE) + 800bf10: 4604 mov r4, r0 + 800bf12: bb48 cbnz r0, 800bf68 + { + return errorstate; + } + + /* Send CMD55 APP_CMD with argument as card's RCA */ + errorstate = SDMMC_CmdAppCommand(hsd->Instance, (uint32_t)((hsd->SdCard.RelCardAdd) << 16U)); + 800bf14: 6ca9 ldr r1, [r5, #72] ; 0x48 + 800bf16: 6828 ldr r0, [r5, #0] + 800bf18: 0409 lsls r1, r1, #16 + 800bf1a: f001 fac8 bl 800d4ae + if(errorstate != HAL_SD_ERROR_NONE) + 800bf1e: 4604 mov r4, r0 + 800bf20: bb10 cbnz r0, 800bf68 + { + return errorstate; + } + + config.DataTimeOut = SDMMC_DATATIMEOUT; + config.DataLength = 8U; + 800bf22: f04f 30ff mov.w r0, #4294967295 ; 0xffffffff + 800bf26: 2308 movs r3, #8 + 800bf28: e9cd 0300 strd r0, r3, [sp] + config.DataBlockSize = SDMMC_DATABLOCK_SIZE_8B; + config.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800bf2c: 2630 movs r6, #48 ; 0x30 + 800bf2e: 2302 movs r3, #2 + 800bf30: e9cd 6302 strd r6, r3, [sp, #8] + config.TransferMode = SDMMC_TRANSFER_MODE_BLOCK; + config.DPSM = SDMMC_DPSM_ENABLE; + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800bf34: 4669 mov r1, sp + config.DPSM = SDMMC_DPSM_ENABLE; + 800bf36: 2301 movs r3, #1 + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800bf38: 6828 ldr r0, [r5, #0] + config.TransferMode = SDMMC_TRANSFER_MODE_BLOCK; + 800bf3a: 9404 str r4, [sp, #16] + config.DPSM = SDMMC_DPSM_ENABLE; + 800bf3c: 9305 str r3, [sp, #20] + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800bf3e: f001 f8a1 bl 800d084 + + /* Send ACMD51 SD_APP_SEND_SCR with argument as 0 */ + errorstate = SDMMC_CmdSendSCR(hsd->Instance); + 800bf42: 6828 ldr r0, [r5, #0] + 800bf44: f001 fae7 bl 800d516 + if(errorstate != HAL_SD_ERROR_NONE) + 800bf48: 4604 mov r4, r0 + 800bf4a: b968 cbnz r0, 800bf68 + uint32_t tempscr[2U] = {0UL, 0UL}; + 800bf4c: 4607 mov r7, r0 + 800bf4e: 4606 mov r6, r0 + { + return errorstate; + } + +#if defined(STM32L4P5xx) || defined(STM32L4Q5xx) || defined(STM32L4R5xx) || defined(STM32L4R7xx) || defined(STM32L4R9xx) || defined(STM32L4S5xx) || defined(STM32L4S7xx) || defined(STM32L4S9xx) + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DBCKEND | SDMMC_FLAG_DATAEND)) + 800bf50: f240 5a2a movw sl, #1322 ; 0x52a + 800bf54: 6828 ldr r0, [r5, #0] + 800bf56: 6b42 ldr r2, [r0, #52] ; 0x34 + 800bf58: ea12 0f0a tst.w r2, sl + { + if((!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXFIFOE)) && (index == 0U)) + 800bf5c: 6b42 ldr r2, [r0, #52] ; 0x34 + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DBCKEND | SDMMC_FLAG_DATAEND)) + 800bf5e: d007 beq.n 800bf70 + return HAL_SD_ERROR_TIMEOUT; + } + } +#endif /* STM32L4P5xx || STM32L4Q5xx || STM32L4R5xx || STM32L4R7xx || STM32L4R9xx || STM32L4S5xx || STM32L4S7xx || STM32L4S9xx */ + + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DTIMEOUT)) + 800bf60: 0712 lsls r2, r2, #28 + 800bf62: d519 bpl.n 800bf98 + { + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DTIMEOUT); + 800bf64: 2408 movs r4, #8 + + return HAL_SD_ERROR_DATA_CRC_FAIL; + } + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + { + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800bf66: 6384 str r4, [r0, #56] ; 0x38 + ((tempscr[0] & SDMMC_16TO23BITS) >> 8) | ((tempscr[0] & SDMMC_24TO31BITS) >> 24)); + + } + + return HAL_SD_ERROR_NONE; +} + 800bf68: 4620 mov r0, r4 + 800bf6a: b006 add sp, #24 + 800bf6c: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + if((!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXFIFOE)) && (index == 0U)) + 800bf70: 0311 lsls r1, r2, #12 + 800bf72: d408 bmi.n 800bf86 + 800bf74: b93c cbnz r4, 800bf86 + tempscr[0] = SDMMC_ReadFIFO(hsd->Instance); + 800bf76: f001 f849 bl 800d00c + 800bf7a: 4606 mov r6, r0 + tempscr[1] = SDMMC_ReadFIFO(hsd->Instance); + 800bf7c: 6828 ldr r0, [r5, #0] + 800bf7e: f001 f845 bl 800d00c + index++; + 800bf82: 2401 movs r4, #1 + tempscr[1] = SDMMC_ReadFIFO(hsd->Instance); + 800bf84: 4607 mov r7, r0 + if((HAL_GetTick() - tickstart) >= SDMMC_DATATIMEOUT) + 800bf86: f7fb fa2f bl 80073e8 + 800bf8a: eba0 0009 sub.w r0, r0, r9 + 800bf8e: 3001 adds r0, #1 + 800bf90: d1e0 bne.n 800bf54 + return HAL_SD_ERROR_TIMEOUT; + 800bf92: f04f 4400 mov.w r4, #2147483648 ; 0x80000000 + 800bf96: e7e7 b.n 800bf68 + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DCRCFAIL)) + 800bf98: 6b42 ldr r2, [r0, #52] ; 0x34 + 800bf9a: 0793 lsls r3, r2, #30 + 800bf9c: d501 bpl.n 800bfa2 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DCRCFAIL); + 800bf9e: 2402 movs r4, #2 + 800bfa0: e7e1 b.n 800bf66 + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + 800bfa2: 6b44 ldr r4, [r0, #52] ; 0x34 + 800bfa4: f014 0420 ands.w r4, r4, #32 + 800bfa8: d001 beq.n 800bfae + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800bfaa: 2420 movs r4, #32 + 800bfac: e7db b.n 800bf66 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_DATA_FLAGS); + 800bfae: 4a04 ldr r2, [pc, #16] ; (800bfc0 ) + 800bfb0: 6382 str r2, [r0, #56] ; 0x38 + *scr = (((tempscr[1] & SDMMC_0TO7BITS) << 24) | ((tempscr[1] & SDMMC_8TO15BITS) << 8) |\ + 800bfb2: ba3f rev r7, r7 + 800bfb4: ba36 rev r6, r6 + 800bfb6: f8c8 7000 str.w r7, [r8] + *scr = (((tempscr[0] & SDMMC_0TO7BITS) << 24) | ((tempscr[0] & SDMMC_8TO15BITS) << 8) |\ + 800bfba: f8c8 6004 str.w r6, [r8, #4] + return HAL_SD_ERROR_NONE; + 800bfbe: e7d3 b.n 800bf68 + 800bfc0: 18000f3a .word 0x18000f3a + +0800bfc4 : + * of PLL to have SDMMCCK clock between 50 and 120 MHz + * @param hsd SD handle + * @retval SD Card error state + */ +static uint32_t SD_UltraHighSpeed(SD_HandleTypeDef *hsd) +{ + 800bfc4: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + uint32_t errorstate = HAL_SD_ERROR_NONE; + SDMMC_DataInitTypeDef sdmmc_datainitstructure; + uint32_t SD_hs[16] = {0}; + 800bfc8: 2640 movs r6, #64 ; 0x40 +{ + 800bfca: b096 sub sp, #88 ; 0x58 + 800bfcc: 4605 mov r5, r0 + uint32_t SD_hs[16] = {0}; + 800bfce: 4632 mov r2, r6 + 800bfd0: 2100 movs r1, #0 + 800bfd2: a806 add r0, sp, #24 + 800bfd4: f001 fc96 bl 800d904 + uint32_t count, loop = 0 ; + uint32_t Timeout = HAL_GetTick(); + 800bfd8: f7fb fa06 bl 80073e8 + + if(hsd->SdCard.CardSpeed == CARD_NORMAL_SPEED) + 800bfdc: 6deb ldr r3, [r5, #92] ; 0x5c + uint32_t Timeout = HAL_GetTick(); + 800bfde: 4680 mov r8, r0 + if(hsd->SdCard.CardSpeed == CARD_NORMAL_SPEED) + 800bfe0: 2b00 cmp r3, #0 + 800bfe2: d067 beq.n 800c0b4 + { + /* Standard Speed Card <= 12.5Mhz */ + return HAL_SD_ERROR_REQUEST_NOT_APPLICABLE; + } + + if((hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) && + 800bfe4: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800bfe8: d167 bne.n 800c0ba + 800bfea: 69af ldr r7, [r5, #24] + 800bfec: 2f01 cmp r7, #1 + 800bfee: d164 bne.n 800c0ba + (hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE)) + { + /* Initialize the Data control register */ + hsd->Instance->DCTRL = 0; + 800bff0: 6828 ldr r0, [r5, #0] + 800bff2: 2300 movs r3, #0 + 800bff4: 62c3 str r3, [r0, #44] ; 0x2c + errorstate = SDMMC_CmdBlockLength(hsd->Instance, 64U); + 800bff6: 4631 mov r1, r6 + 800bff8: f001 f920 bl 800d23c + + if (errorstate != HAL_SD_ERROR_NONE) + 800bffc: 4604 mov r4, r0 + 800bffe: 2800 cmp r0, #0 + 800c000: d13e bne.n 800c080 + { + return errorstate; + } + + /* Configure the SD DPSM (Data Path State Machine) */ + sdmmc_datainitstructure.DataTimeOut = SDMMC_DATATIMEOUT; + 800c002: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + sdmmc_datainitstructure.DataLength = 64U; + 800c006: e9cd 3600 strd r3, r6, [sp] + sdmmc_datainitstructure.DataBlockSize = SDMMC_DATABLOCK_SIZE_64B ; + sdmmc_datainitstructure.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + sdmmc_datainitstructure.TransferMode = SDMMC_TRANSFER_MODE_BLOCK; + sdmmc_datainitstructure.DPSM = SDMMC_DPSM_ENABLE; + 800c00a: e9cd 0704 strd r0, r7, [sp, #16] + sdmmc_datainitstructure.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800c00e: 2660 movs r6, #96 ; 0x60 + 800c010: 2302 movs r3, #2 + + if ( SDMMC_ConfigData(hsd->Instance, &sdmmc_datainitstructure) != HAL_OK) + 800c012: 6828 ldr r0, [r5, #0] + 800c014: 4669 mov r1, sp + sdmmc_datainitstructure.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800c016: e9cd 6302 strd r6, r3, [sp, #8] + if ( SDMMC_ConfigData(hsd->Instance, &sdmmc_datainitstructure) != HAL_OK) + 800c01a: f001 f833 bl 800d084 + 800c01e: 2800 cmp r0, #0 + 800c020: d14d bne.n 800c0be + { + return (HAL_SD_ERROR_GENERAL_UNKNOWN_ERR); + } + + errorstate = SDMMC_CmdSwitch(hsd->Instance, SDMMC_SDR104_SWITCH_PATTERN); + 800c022: 492a ldr r1, [pc, #168] ; (800c0cc ) + 800c024: 6828 ldr r0, [r5, #0] + 800c026: f001 fa74 bl 800d512 + if(errorstate != HAL_SD_ERROR_NONE) + 800c02a: 4604 mov r4, r0 + 800c02c: bb40 cbnz r0, 800c080 + uint32_t count, loop = 0 ; + 800c02e: 4607 mov r7, r0 + { + return errorstate; + } + + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DBCKEND| SDMMC_FLAG_DATAEND )) + 800c030: f240 592a movw r9, #1322 ; 0x52a + 800c034: 682b ldr r3, [r5, #0] + 800c036: 6b5e ldr r6, [r3, #52] ; 0x34 + 800c038: ea16 0609 ands.w r6, r6, r9 + 800c03c: d005 beq.n 800c04a + hsd->State= HAL_SD_STATE_READY; + return HAL_SD_ERROR_TIMEOUT; + } + } + + if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DTIMEOUT)) + 800c03e: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c040: 0711 lsls r1, r2, #28 + 800c042: d521 bpl.n 800c088 + { + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DTIMEOUT); + 800c044: 2208 movs r2, #8 + 800c046: 639a str r2, [r3, #56] ; 0x38 + + return errorstate; + 800c048: e01a b.n 800c080 + if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXFIFOHF)) + 800c04a: 6b5b ldr r3, [r3, #52] ; 0x34 + 800c04c: 0418 lsls r0, r3, #16 + 800c04e: d50b bpl.n 800c068 + 800c050: ab06 add r3, sp, #24 + 800c052: eb03 1a47 add.w sl, r3, r7, lsl #5 + SD_hs[(8U*loop)+count] = SDMMC_ReadFIFO(hsd->Instance); + 800c056: 6828 ldr r0, [r5, #0] + 800c058: f000 ffd8 bl 800d00c + for (count = 0U; count < 8U; count++) + 800c05c: 3601 adds r6, #1 + 800c05e: 2e08 cmp r6, #8 + SD_hs[(8U*loop)+count] = SDMMC_ReadFIFO(hsd->Instance); + 800c060: f84a 0b04 str.w r0, [sl], #4 + for (count = 0U; count < 8U; count++) + 800c064: d1f7 bne.n 800c056 + loop ++; + 800c066: 3701 adds r7, #1 + if((HAL_GetTick()-Timeout) >= SDMMC_DATATIMEOUT) + 800c068: f7fb f9be bl 80073e8 + 800c06c: eba0 0008 sub.w r0, r0, r8 + 800c070: 3001 adds r0, #1 + 800c072: d1df bne.n 800c034 + hsd->ErrorCode = HAL_SD_ERROR_TIMEOUT; + 800c074: f04f 4400 mov.w r4, #2147483648 ; 0x80000000 + hsd->State= HAL_SD_STATE_READY; + 800c078: 2301 movs r3, #1 + hsd->ErrorCode = HAL_SD_ERROR_TIMEOUT; + 800c07a: 63ac str r4, [r5, #56] ; 0x38 + hsd->State= HAL_SD_STATE_READY; + 800c07c: f885 3034 strb.w r3, [r5, #52] ; 0x34 +#endif /* (DLYB_SDMMC1) || (DLYB_SDMMC2) */ + } + } + + return errorstate; +} + 800c080: 4620 mov r0, r4 + 800c082: b016 add sp, #88 ; 0x58 + 800c084: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + else if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DCRCFAIL)) + 800c088: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c08a: 0792 lsls r2, r2, #30 + 800c08c: d502 bpl.n 800c094 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DCRCFAIL); + 800c08e: 2402 movs r4, #2 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800c090: 639c str r4, [r3, #56] ; 0x38 + return errorstate; + 800c092: e7f5 b.n 800c080 + else if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + 800c094: 6b5c ldr r4, [r3, #52] ; 0x34 + 800c096: f014 0420 ands.w r4, r4, #32 + 800c09a: d001 beq.n 800c0a0 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800c09c: 2420 movs r4, #32 + 800c09e: e7f7 b.n 800c090 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_DATA_FLAGS); + 800c0a0: 4a0b ldr r2, [pc, #44] ; (800c0d0 ) + 800c0a2: 639a str r2, [r3, #56] ; 0x38 + if ((((uint8_t*)SD_hs)[13] & 2U) != 2U) + 800c0a4: f89d 3025 ldrb.w r3, [sp, #37] ; 0x25 + 800c0a8: 079b lsls r3, r3, #30 + 800c0aa: d50b bpl.n 800c0c4 + HAL_SDEx_DriveTransceiver_1_8V_Callback(SET); + 800c0ac: 2001 movs r0, #1 + 800c0ae: f7fb fa0b bl 80074c8 + 800c0b2: e7e5 b.n 800c080 + return HAL_SD_ERROR_REQUEST_NOT_APPLICABLE; + 800c0b4: f04f 6480 mov.w r4, #67108864 ; 0x4000000 + 800c0b8: e7e2 b.n 800c080 + uint32_t errorstate = HAL_SD_ERROR_NONE; + 800c0ba: 2400 movs r4, #0 + 800c0bc: e7e0 b.n 800c080 + return (HAL_SD_ERROR_GENERAL_UNKNOWN_ERR); + 800c0be: f44f 3480 mov.w r4, #65536 ; 0x10000 + 800c0c2: e7dd b.n 800c080 + errorstate = SDMMC_ERROR_UNSUPPORTED_FEATURE; + 800c0c4: f04f 5480 mov.w r4, #268435456 ; 0x10000000 + 800c0c8: e7da b.n 800c080 + 800c0ca: bf00 nop + 800c0cc: 80ff1f03 .word 0x80ff1f03 + 800c0d0: 18000f3a .word 0x18000f3a + +0800c0d4 : +} + 800c0d4: 4770 bx lr + +0800c0d6 : + 800c0d6: 4770 bx lr + +0800c0d8 : +{ + 800c0d8: b510 push {r4, lr} + if(hsd == NULL) + 800c0da: 4604 mov r4, r0 + 800c0dc: b198 cbz r0, 800c106 + hsd->State = HAL_SD_STATE_BUSY; + 800c0de: 2303 movs r3, #3 + 800c0e0: f880 3034 strb.w r3, [r0, #52] ; 0x34 + if(hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE) + 800c0e4: 6983 ldr r3, [r0, #24] + 800c0e6: 2b01 cmp r3, #1 + 800c0e8: d102 bne.n 800c0f0 + HAL_SDEx_DriveTransceiver_1_8V_Callback(RESET); + 800c0ea: 2000 movs r0, #0 + 800c0ec: f7fb f9ec bl 80074c8 + (void)SDMMC_PowerState_OFF(hsd->Instance); + 800c0f0: 6820 ldr r0, [r4, #0] + 800c0f2: f000 ffa3 bl 800d03c + HAL_SD_MspDeInit(hsd); + 800c0f6: 4620 mov r0, r4 + 800c0f8: f7ff ffed bl 800c0d6 + hsd->ErrorCode = HAL_SD_ERROR_NONE; + 800c0fc: 2000 movs r0, #0 + 800c0fe: 63a0 str r0, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_RESET; + 800c100: f884 0034 strb.w r0, [r4, #52] ; 0x34 +} + 800c104: bd10 pop {r4, pc} + return HAL_ERROR; + 800c106: 2001 movs r0, #1 + 800c108: e7fc b.n 800c104 + ... + +0800c10c : +{ + 800c10c: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 800c110: b087 sub sp, #28 + 800c112: 4604 mov r4, r0 + 800c114: 460e mov r6, r1 + 800c116: 4692 mov sl, r2 + 800c118: 461f mov r7, r3 + uint32_t tickstart = HAL_GetTick(); + 800c11a: f7fb f965 bl 80073e8 + 800c11e: 4681 mov r9, r0 + if(NULL == pData) + 800c120: b936 cbnz r6, 800c130 + hsd->ErrorCode |= HAL_SD_ERROR_PARAM; + 800c122: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c124: f043 6300 orr.w r3, r3, #134217728 ; 0x8000000 + hsd->ErrorCode |= HAL_SD_ERROR_BUSY; + 800c128: 63a3 str r3, [r4, #56] ; 0x38 + return HAL_ERROR; + 800c12a: f04f 0801 mov.w r8, #1 + 800c12e: e011 b.n 800c154 + if(hsd->State == HAL_SD_STATE_READY) + 800c130: f894 3034 ldrb.w r3, [r4, #52] ; 0x34 + 800c134: 2b01 cmp r3, #1 + 800c136: fa5f f883 uxtb.w r8, r3 + 800c13a: f040 80c3 bne.w 800c2c4 + if((add + NumberOfBlocks) > (hsd->SdCard.LogBlockNbr)) + 800c13e: 6d62 ldr r2, [r4, #84] ; 0x54 + 800c140: eb0a 0307 add.w r3, sl, r7 + hsd->ErrorCode = HAL_SD_ERROR_NONE; + 800c144: 2100 movs r1, #0 + if((add + NumberOfBlocks) > (hsd->SdCard.LogBlockNbr)) + 800c146: 4293 cmp r3, r2 + hsd->ErrorCode = HAL_SD_ERROR_NONE; + 800c148: 63a1 str r1, [r4, #56] ; 0x38 + if((add + NumberOfBlocks) > (hsd->SdCard.LogBlockNbr)) + 800c14a: d907 bls.n 800c15c + hsd->ErrorCode |= HAL_SD_ERROR_ADDR_OUT_OF_RANGE; + 800c14c: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c14e: f043 7300 orr.w r3, r3, #33554432 ; 0x2000000 + 800c152: 63a3 str r3, [r4, #56] ; 0x38 +} + 800c154: 4640 mov r0, r8 + 800c156: b007 add sp, #28 + 800c158: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + hsd->State = HAL_SD_STATE_BUSY; + 800c15c: 2303 movs r3, #3 + 800c15e: f884 3034 strb.w r3, [r4, #52] ; 0x34 + if(hsd->SdCard.CardType != CARD_SDHC_SDXC) + 800c162: 6be3 ldr r3, [r4, #60] ; 0x3c + hsd->Instance->DCTRL = 0U; + 800c164: 6820 ldr r0, [r4, #0] + if(hsd->SdCard.CardType != CARD_SDHC_SDXC) + 800c166: 2b01 cmp r3, #1 + config.DataTimeOut = SDMMC_DATATIMEOUT; + 800c168: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 800c16c: 9300 str r3, [sp, #0] + config.DataLength = NumberOfBlocks * BLOCKSIZE; + 800c16e: ea4f 2347 mov.w r3, r7, lsl #9 + 800c172: 9301 str r3, [sp, #4] + config.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800c174: f04f 0502 mov.w r5, #2 + 800c178: f04f 0390 mov.w r3, #144 ; 0x90 + 800c17c: e9cd 3502 strd r3, r5, [sp, #8] + hsd->Instance->DCTRL = 0U; + 800c180: 62c1 str r1, [r0, #44] ; 0x2c + config.TransferMode = SDMMC_TRANSFER_MODE_BLOCK; + 800c182: f04f 0300 mov.w r3, #0 + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800c186: 4669 mov r1, sp + config.DPSM = SDMMC_DPSM_DISABLE; + 800c188: e9cd 3304 strd r3, r3, [sp, #16] + add *= 512U; + 800c18c: bf18 it ne + 800c18e: ea4f 2a4a movne.w sl, sl, lsl #9 + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800c192: f000 ff77 bl 800d084 + __SDMMC_CMDTRANS_ENABLE( hsd->Instance); + 800c196: 6820 ldr r0, [r4, #0] + 800c198: 68c3 ldr r3, [r0, #12] + if(NumberOfBlocks > 1U) + 800c19a: 2f01 cmp r7, #1 + __SDMMC_CMDTRANS_ENABLE( hsd->Instance); + 800c19c: f043 0340 orr.w r3, r3, #64 ; 0x40 + 800c1a0: 60c3 str r3, [r0, #12] + if(NumberOfBlocks > 1U) + 800c1a2: d910 bls.n 800c1c6 + hsd->Context = SD_CONTEXT_READ_MULTIPLE_BLOCK; + 800c1a4: 6325 str r5, [r4, #48] ; 0x30 + errorstate = SDMMC_CmdReadMultiBlock(hsd->Instance, add); + 800c1a6: 4651 mov r1, sl + 800c1a8: f001 f87a bl 800d2a0 + if(errorstate != HAL_SD_ERROR_NONE) + 800c1ac: b188 cbz r0, 800c1d2 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c1ae: 6823 ldr r3, [r4, #0] + 800c1b0: 4a46 ldr r2, [pc, #280] ; (800c2cc ) + 800c1b2: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= errorstate; + 800c1b4: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c1b6: 4318 orrs r0, r3 + 800c1b8: 63a0 str r0, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c1ba: 2301 movs r3, #1 + 800c1bc: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800c1c0: 2300 movs r3, #0 + 800c1c2: 6323 str r3, [r4, #48] ; 0x30 + return HAL_ERROR; + 800c1c4: e7c6 b.n 800c154 + hsd->Context = SD_CONTEXT_READ_SINGLE_BLOCK; + 800c1c6: 2301 movs r3, #1 + 800c1c8: 6323 str r3, [r4, #48] ; 0x30 + errorstate = SDMMC_CmdReadSingleBlock(hsd->Instance, add); + 800c1ca: 4651 mov r1, sl + 800c1cc: f001 f84f bl 800d26e + 800c1d0: e7ec b.n 800c1ac + dataremaining = config.DataLength; + 800c1d2: 9d01 ldr r5, [sp, #4] + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DATAEND)) + 800c1d4: 6820 ldr r0, [r4, #0] + 800c1d6: 6b43 ldr r3, [r0, #52] ; 0x34 + 800c1d8: f413 7f95 tst.w r3, #298 ; 0x12a + 800c1dc: d01b beq.n 800c216 + __SDMMC_CMDTRANS_DISABLE( hsd->Instance); + 800c1de: 68c3 ldr r3, [r0, #12] + 800c1e0: f023 0340 bic.w r3, r3, #64 ; 0x40 + 800c1e4: 60c3 str r3, [r0, #12] + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DATAEND) && (NumberOfBlocks > 1U)) + 800c1e6: 6b43 ldr r3, [r0, #52] ; 0x34 + 800c1e8: 05db lsls r3, r3, #23 + 800c1ea: d508 bpl.n 800c1fe + 800c1ec: 2f01 cmp r7, #1 + 800c1ee: d906 bls.n 800c1fe + if(hsd->SdCard.CardType != CARD_SECURED) + 800c1f0: 6be3 ldr r3, [r4, #60] ; 0x3c + 800c1f2: 2b03 cmp r3, #3 + 800c1f4: d003 beq.n 800c1fe + errorstate = SDMMC_CmdStopTransfer(hsd->Instance); + 800c1f6: f001 f91b bl 800d430 + if(errorstate != HAL_SD_ERROR_NONE) + 800c1fa: 2800 cmp r0, #0 + 800c1fc: d1d7 bne.n 800c1ae + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DTIMEOUT)) + 800c1fe: 6823 ldr r3, [r4, #0] + 800c200: 6b58 ldr r0, [r3, #52] ; 0x34 + 800c202: f010 0008 ands.w r0, r0, #8 + 800c206: d038 beq.n 800c27a + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c208: 4a30 ldr r2, [pc, #192] ; (800c2cc ) + 800c20a: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_DATA_TIMEOUT; + 800c20c: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c20e: f043 0308 orr.w r3, r3, #8 + 800c212: 63a3 str r3, [r4, #56] ; 0x38 + 800c214: e7d1 b.n 800c1ba + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXFIFOHF) && (dataremaining > 0U)) + 800c216: 6b43 ldr r3, [r0, #52] ; 0x34 + 800c218: 041a lsls r2, r3, #16 + 800c21a: d518 bpl.n 800c24e + 800c21c: b1bd cbz r5, 800c24e + 800c21e: f106 0a04 add.w sl, r6, #4 + 800c222: f106 0b24 add.w fp, r6, #36 ; 0x24 + data = SDMMC_ReadFIFO(hsd->Instance); + 800c226: 6820 ldr r0, [r4, #0] + 800c228: f000 fef0 bl 800d00c + *tempbuff = (uint8_t)((data >> 8U) & 0xFFU); + 800c22c: 0a02 lsrs r2, r0, #8 + 800c22e: f80a 2c03 strb.w r2, [sl, #-3] + *tempbuff = (uint8_t)((data >> 16U) & 0xFFU); + 800c232: 0c02 lsrs r2, r0, #16 + 800c234: f80a 2c02 strb.w r2, [sl, #-2] + *tempbuff = (uint8_t)((data >> 24U) & 0xFFU); + 800c238: 0e02 lsrs r2, r0, #24 + *tempbuff = (uint8_t)(data & 0xFFU); + 800c23a: f80a 0c04 strb.w r0, [sl, #-4] + *tempbuff = (uint8_t)((data >> 24U) & 0xFFU); + 800c23e: f80a 2c01 strb.w r2, [sl, #-1] + for(count = 0U; count < 8U; count++) + 800c242: f10a 0a04 add.w sl, sl, #4 + 800c246: 45d3 cmp fp, sl + 800c248: d1ed bne.n 800c226 + tempbuff++; + 800c24a: 3620 adds r6, #32 + dataremaining--; + 800c24c: 3d20 subs r5, #32 + if(((HAL_GetTick()-tickstart) >= Timeout) || (Timeout == 0U)) + 800c24e: f7fb f8cb bl 80073e8 + 800c252: 9b10 ldr r3, [sp, #64] ; 0x40 + 800c254: eba0 0009 sub.w r0, r0, r9 + 800c258: 4298 cmp r0, r3 + 800c25a: d3bb bcc.n 800c1d4 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c25c: 6823 ldr r3, [r4, #0] + 800c25e: 4a1b ldr r2, [pc, #108] ; (800c2cc ) + 800c260: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_TIMEOUT; + 800c262: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c264: f043 4300 orr.w r3, r3, #2147483648 ; 0x80000000 + 800c268: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State= HAL_SD_STATE_READY; + 800c26a: 2301 movs r3, #1 + 800c26c: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800c270: 2300 movs r3, #0 + 800c272: 6323 str r3, [r4, #48] ; 0x30 + return HAL_TIMEOUT; + 800c274: f04f 0803 mov.w r8, #3 + 800c278: e76c b.n 800c154 + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DCRCFAIL)) + 800c27a: 6b59 ldr r1, [r3, #52] ; 0x34 + 800c27c: f011 0102 ands.w r1, r1, #2 + 800c280: d00a beq.n 800c298 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c282: 4a12 ldr r2, [pc, #72] ; (800c2cc ) + 800c284: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_DATA_CRC_FAIL; + 800c286: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c288: f043 0302 orr.w r3, r3, #2 + 800c28c: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c28e: 2301 movs r3, #1 + 800c290: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800c294: 6320 str r0, [r4, #48] ; 0x30 + return HAL_ERROR; + 800c296: e75d b.n 800c154 + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + 800c298: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c29a: f012 0220 ands.w r2, r2, #32 + 800c29e: d00a beq.n 800c2b6 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c2a0: 4a0a ldr r2, [pc, #40] ; (800c2cc ) + 800c2a2: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_RX_OVERRUN; + 800c2a4: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c2a6: f043 0320 orr.w r3, r3, #32 + 800c2aa: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c2ac: 2301 movs r3, #1 + 800c2ae: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800c2b2: 6321 str r1, [r4, #48] ; 0x30 + return HAL_ERROR; + 800c2b4: e74e b.n 800c154 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_DATA_FLAGS); + 800c2b6: 4906 ldr r1, [pc, #24] ; (800c2d0 ) + 800c2b8: 6399 str r1, [r3, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c2ba: 2301 movs r3, #1 + 800c2bc: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_OK; + 800c2c0: 4690 mov r8, r2 + 800c2c2: e747 b.n 800c154 + hsd->ErrorCode |= HAL_SD_ERROR_BUSY; + 800c2c4: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c2c6: f043 5300 orr.w r3, r3, #536870912 ; 0x20000000 + 800c2ca: e72d b.n 800c128 + 800c2cc: 1fe00fff .word 0x1fe00fff + 800c2d0: 18000f3a .word 0x18000f3a + +0800c2d4 : +{ + 800c2d4: e92d 4ff0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr} + 800c2d8: b089 sub sp, #36 ; 0x24 + 800c2da: 4604 mov r4, r0 + 800c2dc: 460d mov r5, r1 + 800c2de: 4692 mov sl, r2 + 800c2e0: 461f mov r7, r3 + uint32_t tickstart = HAL_GetTick(); + 800c2e2: f7fb f881 bl 80073e8 + 800c2e6: 4681 mov r9, r0 + if(NULL == pData) + 800c2e8: b935 cbnz r5, 800c2f8 + hsd->ErrorCode |= HAL_SD_ERROR_PARAM; + 800c2ea: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c2ec: f043 6300 orr.w r3, r3, #134217728 ; 0x8000000 + hsd->ErrorCode |= HAL_SD_ERROR_BUSY; + 800c2f0: 63a3 str r3, [r4, #56] ; 0x38 + return HAL_ERROR; + 800c2f2: f04f 0801 mov.w r8, #1 + 800c2f6: e011 b.n 800c31c + if(hsd->State == HAL_SD_STATE_READY) + 800c2f8: f894 3034 ldrb.w r3, [r4, #52] ; 0x34 + 800c2fc: 2b01 cmp r3, #1 + 800c2fe: fa5f f883 uxtb.w r8, r3 + 800c302: f040 80b4 bne.w 800c46e + if((add + NumberOfBlocks) > (hsd->SdCard.LogBlockNbr)) + 800c306: 6d62 ldr r2, [r4, #84] ; 0x54 + 800c308: eb0a 0307 add.w r3, sl, r7 + hsd->ErrorCode = HAL_SD_ERROR_NONE; + 800c30c: 2100 movs r1, #0 + if((add + NumberOfBlocks) > (hsd->SdCard.LogBlockNbr)) + 800c30e: 4293 cmp r3, r2 + hsd->ErrorCode = HAL_SD_ERROR_NONE; + 800c310: 63a1 str r1, [r4, #56] ; 0x38 + if((add + NumberOfBlocks) > (hsd->SdCard.LogBlockNbr)) + 800c312: d907 bls.n 800c324 + hsd->ErrorCode |= HAL_SD_ERROR_ADDR_OUT_OF_RANGE; + 800c314: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c316: f043 7300 orr.w r3, r3, #33554432 ; 0x2000000 + 800c31a: 63a3 str r3, [r4, #56] ; 0x38 +} + 800c31c: 4640 mov r0, r8 + 800c31e: b009 add sp, #36 ; 0x24 + 800c320: e8bd 8ff0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, fp, pc} + hsd->State = HAL_SD_STATE_BUSY; + 800c324: 2303 movs r3, #3 + 800c326: f884 3034 strb.w r3, [r4, #52] ; 0x34 + if(hsd->SdCard.CardType != CARD_SDHC_SDXC) + 800c32a: 6be3 ldr r3, [r4, #60] ; 0x3c + hsd->Instance->DCTRL = 0U; + 800c32c: 6820 ldr r0, [r4, #0] + if(hsd->SdCard.CardType != CARD_SDHC_SDXC) + 800c32e: 2b01 cmp r3, #1 + config.DataTimeOut = SDMMC_DATATIMEOUT; + 800c330: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + 800c334: 9302 str r3, [sp, #8] + config.DataLength = NumberOfBlocks * BLOCKSIZE; + 800c336: ea4f 2347 mov.w r3, r7, lsl #9 + hsd->Instance->DCTRL = 0U; + 800c33a: 62c1 str r1, [r0, #44] ; 0x2c + config.DataLength = NumberOfBlocks * BLOCKSIZE; + 800c33c: 9303 str r3, [sp, #12] + config.TransferDir = SDMMC_TRANSFER_DIR_TO_CARD; + 800c33e: f04f 0190 mov.w r1, #144 ; 0x90 + 800c342: f04f 0300 mov.w r3, #0 + 800c346: e9cd 1304 strd r1, r3, [sp, #16] + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800c34a: a902 add r1, sp, #8 + config.DPSM = SDMMC_DPSM_DISABLE; + 800c34c: e9cd 3306 strd r3, r3, [sp, #24] + add *= 512U; + 800c350: bf18 it ne + 800c352: ea4f 2a4a movne.w sl, sl, lsl #9 + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800c356: f000 fe95 bl 800d084 + __SDMMC_CMDTRANS_ENABLE( hsd->Instance); + 800c35a: 6820 ldr r0, [r4, #0] + 800c35c: 68c3 ldr r3, [r0, #12] + if(NumberOfBlocks > 1U) + 800c35e: 2f01 cmp r7, #1 + __SDMMC_CMDTRANS_ENABLE( hsd->Instance); + 800c360: f043 0340 orr.w r3, r3, #64 ; 0x40 + 800c364: 60c3 str r3, [r0, #12] + if(NumberOfBlocks > 1U) + 800c366: d911 bls.n 800c38c + hsd->Context = SD_CONTEXT_WRITE_MULTIPLE_BLOCK; + 800c368: 2320 movs r3, #32 + 800c36a: 6323 str r3, [r4, #48] ; 0x30 + errorstate = SDMMC_CmdWriteMultiBlock(hsd->Instance, add); + 800c36c: 4651 mov r1, sl + 800c36e: f000 ffc9 bl 800d304 + if(errorstate != HAL_SD_ERROR_NONE) + 800c372: b188 cbz r0, 800c398 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c374: 6823 ldr r3, [r4, #0] + 800c376: 4a40 ldr r2, [pc, #256] ; (800c478 ) + 800c378: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= errorstate; + 800c37a: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c37c: 4318 orrs r0, r3 + 800c37e: 63a0 str r0, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c380: 2301 movs r3, #1 + 800c382: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800c386: 2300 movs r3, #0 + 800c388: 6323 str r3, [r4, #48] ; 0x30 + return HAL_ERROR; + 800c38a: e7c7 b.n 800c31c + hsd->Context = SD_CONTEXT_WRITE_SINGLE_BLOCK; + 800c38c: 2310 movs r3, #16 + 800c38e: 6323 str r3, [r4, #48] ; 0x30 + errorstate = SDMMC_CmdWriteSingleBlock(hsd->Instance, add); + 800c390: 4651 mov r1, sl + 800c392: f000 ff9e bl 800d2d2 + 800c396: e7ec b.n 800c372 + dataremaining = config.DataLength; + 800c398: 9e03 ldr r6, [sp, #12] + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_TXUNDERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DATAEND)) + 800c39a: 6820 ldr r0, [r4, #0] + 800c39c: 6b43 ldr r3, [r0, #52] ; 0x34 + 800c39e: f413 7f8d tst.w r3, #282 ; 0x11a + 800c3a2: d01b beq.n 800c3dc + __SDMMC_CMDTRANS_DISABLE( hsd->Instance); + 800c3a4: 68c3 ldr r3, [r0, #12] + 800c3a6: f023 0340 bic.w r3, r3, #64 ; 0x40 + 800c3aa: 60c3 str r3, [r0, #12] + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DATAEND) && (NumberOfBlocks > 1U)) + 800c3ac: 6b43 ldr r3, [r0, #52] ; 0x34 + 800c3ae: 05db lsls r3, r3, #23 + 800c3b0: d508 bpl.n 800c3c4 + 800c3b2: 2f01 cmp r7, #1 + 800c3b4: d906 bls.n 800c3c4 + if(hsd->SdCard.CardType != CARD_SECURED) + 800c3b6: 6be3 ldr r3, [r4, #60] ; 0x3c + 800c3b8: 2b03 cmp r3, #3 + 800c3ba: d003 beq.n 800c3c4 + errorstate = SDMMC_CmdStopTransfer(hsd->Instance); + 800c3bc: f001 f838 bl 800d430 + if(errorstate != HAL_SD_ERROR_NONE) + 800c3c0: 2800 cmp r0, #0 + 800c3c2: d1d7 bne.n 800c374 + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DTIMEOUT)) + 800c3c4: 6823 ldr r3, [r4, #0] + 800c3c6: 6b58 ldr r0, [r3, #52] ; 0x34 + 800c3c8: f010 0008 ands.w r0, r0, #8 + 800c3cc: d02a beq.n 800c424 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c3ce: 4a2a ldr r2, [pc, #168] ; (800c478 ) + 800c3d0: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_DATA_TIMEOUT; + 800c3d2: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c3d4: f043 0308 orr.w r3, r3, #8 + 800c3d8: 63a3 str r3, [r4, #56] ; 0x38 + 800c3da: e7d1 b.n 800c380 + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_TXFIFOHE) && (dataremaining > 0U)) + 800c3dc: 6b43 ldr r3, [r0, #52] ; 0x34 + 800c3de: 045a lsls r2, r3, #17 + 800c3e0: d50c bpl.n 800c3fc + 800c3e2: b15e cbz r6, 800c3fc + 800c3e4: f105 0b20 add.w fp, r5, #32 + data |= ((uint32_t)(*tempbuff) << 24U); + 800c3e8: f855 3b04 ldr.w r3, [r5], #4 + (void)SDMMC_WriteFIFO(hsd->Instance, &data); + 800c3ec: 6820 ldr r0, [r4, #0] + data |= ((uint32_t)(*tempbuff) << 24U); + 800c3ee: 9301 str r3, [sp, #4] + (void)SDMMC_WriteFIFO(hsd->Instance, &data); + 800c3f0: a901 add r1, sp, #4 + 800c3f2: f000 fe0e bl 800d012 + for(count = 0U; count < 8U; count++) + 800c3f6: 45ab cmp fp, r5 + 800c3f8: d1f6 bne.n 800c3e8 + dataremaining--; + 800c3fa: 3e20 subs r6, #32 + if(((HAL_GetTick()-tickstart) >= Timeout) || (Timeout == 0U)) + 800c3fc: f7fa fff4 bl 80073e8 + 800c400: 9b12 ldr r3, [sp, #72] ; 0x48 + 800c402: eba0 0009 sub.w r0, r0, r9 + 800c406: 4298 cmp r0, r3 + 800c408: d3c7 bcc.n 800c39a + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c40a: 6823 ldr r3, [r4, #0] + 800c40c: 4a1a ldr r2, [pc, #104] ; (800c478 ) + 800c40e: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= errorstate; + 800c410: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c412: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c414: 2301 movs r3, #1 + 800c416: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800c41a: 2300 movs r3, #0 + 800c41c: 6323 str r3, [r4, #48] ; 0x30 + return HAL_TIMEOUT; + 800c41e: f04f 0803 mov.w r8, #3 + 800c422: e77b b.n 800c31c + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DCRCFAIL)) + 800c424: 6b59 ldr r1, [r3, #52] ; 0x34 + 800c426: f011 0102 ands.w r1, r1, #2 + 800c42a: d00a beq.n 800c442 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c42c: 4a12 ldr r2, [pc, #72] ; (800c478 ) + 800c42e: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_DATA_CRC_FAIL; + 800c430: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c432: f043 0302 orr.w r3, r3, #2 + 800c436: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c438: 2301 movs r3, #1 + 800c43a: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800c43e: 6320 str r0, [r4, #48] ; 0x30 + return HAL_ERROR; + 800c440: e76c b.n 800c31c + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_TXUNDERR)) + 800c442: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c444: f012 0210 ands.w r2, r2, #16 + 800c448: d00a beq.n 800c460 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c44a: 4a0b ldr r2, [pc, #44] ; (800c478 ) + 800c44c: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_TX_UNDERRUN; + 800c44e: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c450: f043 0310 orr.w r3, r3, #16 + 800c454: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c456: 2301 movs r3, #1 + 800c458: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800c45c: 6321 str r1, [r4, #48] ; 0x30 + return HAL_ERROR; + 800c45e: e75d b.n 800c31c + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_DATA_FLAGS); + 800c460: 4906 ldr r1, [pc, #24] ; (800c47c ) + 800c462: 6399 str r1, [r3, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c464: 2301 movs r3, #1 + 800c466: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_OK; + 800c46a: 4690 mov r8, r2 + 800c46c: e756 b.n 800c31c + hsd->ErrorCode |= HAL_SD_ERROR_BUSY; + 800c46e: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c470: f043 5300 orr.w r3, r3, #536870912 ; 0x20000000 + 800c474: e73c b.n 800c2f0 + 800c476: bf00 nop + 800c478: 1fe00fff .word 0x1fe00fff + 800c47c: 18000f3a .word 0x18000f3a + +0800c480 : + return hsd->State; + 800c480: f890 0034 ldrb.w r0, [r0, #52] ; 0x34 +} + 800c484: 4770 bx lr + +0800c486 : + return hsd->ErrorCode; + 800c486: 6b80 ldr r0, [r0, #56] ; 0x38 +} + 800c488: 4770 bx lr + +0800c48a : + 800c48a: 4770 bx lr + +0800c48c : + 800c48c: 4770 bx lr + +0800c48e : + 800c48e: 4770 bx lr + +0800c490 : + 800c490: 4770 bx lr + ... + +0800c494 : + pCSD->CSDStruct = (uint8_t)((hsd->CSD[0] & 0xC0000000U) >> 30U); + 800c494: 6e03 ldr r3, [r0, #96] ; 0x60 + 800c496: 0f9a lsrs r2, r3, #30 + 800c498: 700a strb r2, [r1, #0] + pCSD->SysSpecVersion = (uint8_t)((hsd->CSD[0] & 0x3C000000U) >> 26U); + 800c49a: f3c3 6283 ubfx r2, r3, #26, #4 + 800c49e: 704a strb r2, [r1, #1] + pCSD->Reserved1 = (uint8_t)((hsd->CSD[0] & 0x03000000U) >> 24U); + 800c4a0: f3c3 6201 ubfx r2, r3, #24, #2 + 800c4a4: 708a strb r2, [r1, #2] + pCSD->TAAC = (uint8_t)((hsd->CSD[0] & 0x00FF0000U) >> 16U); + 800c4a6: f3c3 4207 ubfx r2, r3, #16, #8 + 800c4aa: 70ca strb r2, [r1, #3] + pCSD->NSAC = (uint8_t)((hsd->CSD[0] & 0x0000FF00U) >> 8U); + 800c4ac: f3c3 2207 ubfx r2, r3, #8, #8 + pCSD->MaxBusClkFrec = (uint8_t)(hsd->CSD[0] & 0x000000FFU); + 800c4b0: b2db uxtb r3, r3 + pCSD->NSAC = (uint8_t)((hsd->CSD[0] & 0x0000FF00U) >> 8U); + 800c4b2: 710a strb r2, [r1, #4] + pCSD->MaxBusClkFrec = (uint8_t)(hsd->CSD[0] & 0x000000FFU); + 800c4b4: 714b strb r3, [r1, #5] + pCSD->CardComdClasses = (uint16_t)((hsd->CSD[1] & 0xFFF00000U) >> 20U); + 800c4b6: 6e43 ldr r3, [r0, #100] ; 0x64 + 800c4b8: 0d1a lsrs r2, r3, #20 + 800c4ba: 80ca strh r2, [r1, #6] + pCSD->RdBlockLen = (uint8_t)((hsd->CSD[1] & 0x000F0000U) >> 16U); + 800c4bc: f3c3 4203 ubfx r2, r3, #16, #4 + 800c4c0: 720a strb r2, [r1, #8] + pCSD->PartBlockRead = (uint8_t)((hsd->CSD[1] & 0x00008000U) >> 15U); + 800c4c2: f3c3 32c0 ubfx r2, r3, #15, #1 + 800c4c6: 724a strb r2, [r1, #9] + pCSD->WrBlockMisalign = (uint8_t)((hsd->CSD[1] & 0x00004000U) >> 14U); + 800c4c8: f3c3 3280 ubfx r2, r3, #14, #1 + 800c4cc: 728a strb r2, [r1, #10] + pCSD->RdBlockMisalign = (uint8_t)((hsd->CSD[1] & 0x00002000U) >> 13U); + 800c4ce: f3c3 3240 ubfx r2, r3, #13, #1 + 800c4d2: 72ca strb r2, [r1, #11] + pCSD->DSRImpl = (uint8_t)((hsd->CSD[1] & 0x00001000U) >> 12U); + 800c4d4: f3c3 3200 ubfx r2, r3, #12, #1 + 800c4d8: 730a strb r2, [r1, #12] + pCSD->Reserved2 = 0U; /*!< Reserved */ + 800c4da: 2200 movs r2, #0 + 800c4dc: 734a strb r2, [r1, #13] + if(hsd->SdCard.CardType == CARD_SDSC) + 800c4de: 6bc2 ldr r2, [r0, #60] ; 0x3c +{ + 800c4e0: b510 push {r4, lr} + if(hsd->SdCard.CardType == CARD_SDSC) + 800c4e2: 2a00 cmp r2, #0 + 800c4e4: d16c bne.n 800c5c0 + pCSD->DeviceSize = (((hsd->CSD[1] & 0x000003FFU) << 2U) | ((hsd->CSD[2] & 0xC0000000U) >> 30U)); + 800c4e6: 6e82 ldr r2, [r0, #104] ; 0x68 + 800c4e8: f640 74fc movw r4, #4092 ; 0xffc + 800c4ec: ea04 0383 and.w r3, r4, r3, lsl #2 + 800c4f0: ea43 7392 orr.w r3, r3, r2, lsr #30 + 800c4f4: 610b str r3, [r1, #16] + pCSD->MaxRdCurrentVDDMin = (uint8_t)((hsd->CSD[2] & 0x38000000U) >> 27U); + 800c4f6: f3c2 63c2 ubfx r3, r2, #27, #3 + 800c4fa: 750b strb r3, [r1, #20] + pCSD->MaxRdCurrentVDDMax = (uint8_t)((hsd->CSD[2] & 0x07000000U) >> 24U); + 800c4fc: f3c2 6302 ubfx r3, r2, #24, #3 + 800c500: 754b strb r3, [r1, #21] + pCSD->MaxWrCurrentVDDMin = (uint8_t)((hsd->CSD[2] & 0x00E00000U) >> 21U); + 800c502: f3c2 5342 ubfx r3, r2, #21, #3 + 800c506: 758b strb r3, [r1, #22] + pCSD->MaxWrCurrentVDDMax = (uint8_t)((hsd->CSD[2] & 0x001C0000U) >> 18U); + 800c508: f3c2 4382 ubfx r3, r2, #18, #3 + pCSD->DeviceSizeMul = (uint8_t)((hsd->CSD[2] & 0x00038000U) >> 15U); + 800c50c: f3c2 32c2 ubfx r2, r2, #15, #3 + pCSD->MaxWrCurrentVDDMax = (uint8_t)((hsd->CSD[2] & 0x001C0000U) >> 18U); + 800c510: 75cb strb r3, [r1, #23] + pCSD->DeviceSizeMul = (uint8_t)((hsd->CSD[2] & 0x00038000U) >> 15U); + 800c512: 760a strb r2, [r1, #24] + hsd->SdCard.BlockNbr = (pCSD->DeviceSize + 1U) ; + 800c514: 690b ldr r3, [r1, #16] + hsd->SdCard.BlockNbr *= (1UL << ((pCSD->DeviceSizeMul & 0x07U) + 2U)); + 800c516: 7e0a ldrb r2, [r1, #24] + 800c518: f002 0207 and.w r2, r2, #7 + hsd->SdCard.BlockNbr = (pCSD->DeviceSize + 1U) ; + 800c51c: 3301 adds r3, #1 + hsd->SdCard.BlockNbr *= (1UL << ((pCSD->DeviceSizeMul & 0x07U) + 2U)); + 800c51e: 3202 adds r2, #2 + 800c520: fa03 f202 lsl.w r2, r3, r2 + 800c524: 64c2 str r2, [r0, #76] ; 0x4c + hsd->SdCard.BlockSize = (1UL << (pCSD->RdBlockLen & 0x0FU)); + 800c526: 7a0b ldrb r3, [r1, #8] + 800c528: f003 040f and.w r4, r3, #15 + 800c52c: 2301 movs r3, #1 + 800c52e: 40a3 lsls r3, r4 + 800c530: 6503 str r3, [r0, #80] ; 0x50 + hsd->SdCard.LogBlockNbr = (hsd->SdCard.BlockNbr) * ((hsd->SdCard.BlockSize) / 512U); + 800c532: 0a5b lsrs r3, r3, #9 + 800c534: 4353 muls r3, r2 + 800c536: 6543 str r3, [r0, #84] ; 0x54 + hsd->SdCard.LogBlockSize = 512U; + 800c538: f44f 7300 mov.w r3, #512 ; 0x200 + hsd->SdCard.LogBlockSize = hsd->SdCard.BlockSize; + 800c53c: 6583 str r3, [r0, #88] ; 0x58 + pCSD->EraseGrSize = (uint8_t)((hsd->CSD[2] & 0x00004000U) >> 14U); + 800c53e: 6e83 ldr r3, [r0, #104] ; 0x68 + 800c540: f3c3 3280 ubfx r2, r3, #14, #1 + 800c544: 764a strb r2, [r1, #25] + pCSD->EraseGrMul = (uint8_t)((hsd->CSD[2] & 0x00003F80U) >> 7U); + 800c546: f3c3 12c6 ubfx r2, r3, #7, #7 + pCSD->WrProtectGrSize = (uint8_t)(hsd->CSD[2] & 0x0000007FU); + 800c54a: f003 037f and.w r3, r3, #127 ; 0x7f + pCSD->EraseGrMul = (uint8_t)((hsd->CSD[2] & 0x00003F80U) >> 7U); + 800c54e: 768a strb r2, [r1, #26] + pCSD->WrProtectGrSize = (uint8_t)(hsd->CSD[2] & 0x0000007FU); + 800c550: 76cb strb r3, [r1, #27] + pCSD->WrProtectGrEnable = (uint8_t)((hsd->CSD[3] & 0x80000000U) >> 31U); + 800c552: 6ec3 ldr r3, [r0, #108] ; 0x6c + 800c554: 0fda lsrs r2, r3, #31 + 800c556: 770a strb r2, [r1, #28] + pCSD->ManDeflECC = (uint8_t)((hsd->CSD[3] & 0x60000000U) >> 29U); + 800c558: f3c3 7241 ubfx r2, r3, #29, #2 + 800c55c: 774a strb r2, [r1, #29] + pCSD->WrSpeedFact = (uint8_t)((hsd->CSD[3] & 0x1C000000U) >> 26U); + 800c55e: f3c3 6282 ubfx r2, r3, #26, #3 + 800c562: 778a strb r2, [r1, #30] + pCSD->MaxWrBlockLen= (uint8_t)((hsd->CSD[3] & 0x03C00000U) >> 22U); + 800c564: f3c3 5283 ubfx r2, r3, #22, #4 + 800c568: 77ca strb r2, [r1, #31] + pCSD->WriteBlockPaPartial = (uint8_t)((hsd->CSD[3] & 0x00200000U) >> 21U); + 800c56a: f3c3 5240 ubfx r2, r3, #21, #1 + 800c56e: f881 2020 strb.w r2, [r1, #32] + pCSD->Reserved3 = 0; + 800c572: 2000 movs r0, #0 + pCSD->ContentProtectAppli = (uint8_t)((hsd->CSD[3] & 0x00010000U) >> 16U); + 800c574: f3c3 4200 ubfx r2, r3, #16, #1 + pCSD->Reserved3 = 0; + 800c578: f881 0021 strb.w r0, [r1, #33] ; 0x21 + pCSD->ContentProtectAppli = (uint8_t)((hsd->CSD[3] & 0x00010000U) >> 16U); + 800c57c: f881 2022 strb.w r2, [r1, #34] ; 0x22 + pCSD->FileFormatGroup = (uint8_t)((hsd->CSD[3] & 0x00008000U) >> 15U); + 800c580: f3c3 32c0 ubfx r2, r3, #15, #1 + 800c584: f881 2023 strb.w r2, [r1, #35] ; 0x23 + pCSD->CopyFlag = (uint8_t)((hsd->CSD[3] & 0x00004000U) >> 14U); + 800c588: f3c3 3280 ubfx r2, r3, #14, #1 + 800c58c: f881 2024 strb.w r2, [r1, #36] ; 0x24 + pCSD->PermWrProtect = (uint8_t)((hsd->CSD[3] & 0x00002000U) >> 13U); + 800c590: f3c3 3240 ubfx r2, r3, #13, #1 + 800c594: f881 2025 strb.w r2, [r1, #37] ; 0x25 + pCSD->TempWrProtect = (uint8_t)((hsd->CSD[3] & 0x00001000U) >> 12U); + 800c598: f3c3 3200 ubfx r2, r3, #12, #1 + 800c59c: f881 2026 strb.w r2, [r1, #38] ; 0x26 + pCSD->FileFormat = (uint8_t)((hsd->CSD[3] & 0x00000C00U) >> 10U); + 800c5a0: f3c3 2281 ubfx r2, r3, #10, #2 + 800c5a4: f881 2027 strb.w r2, [r1, #39] ; 0x27 + pCSD->ECC= (uint8_t)((hsd->CSD[3] & 0x00000300U) >> 8U); + 800c5a8: f3c3 2201 ubfx r2, r3, #8, #2 + pCSD->CSD_CRC = (uint8_t)((hsd->CSD[3] & 0x000000FEU) >> 1U); + 800c5ac: f3c3 0346 ubfx r3, r3, #1, #7 + pCSD->ECC= (uint8_t)((hsd->CSD[3] & 0x00000300U) >> 8U); + 800c5b0: f881 2028 strb.w r2, [r1, #40] ; 0x28 + pCSD->CSD_CRC = (uint8_t)((hsd->CSD[3] & 0x000000FEU) >> 1U); + 800c5b4: f881 3029 strb.w r3, [r1, #41] ; 0x29 + pCSD->Reserved4 = 1; + 800c5b8: 2301 movs r3, #1 + 800c5ba: f881 302a strb.w r3, [r1, #42] ; 0x2a +} + 800c5be: bd10 pop {r4, pc} + else if(hsd->SdCard.CardType == CARD_SDHC_SDXC) + 800c5c0: 2a01 cmp r2, #1 + 800c5c2: d10f bne.n 800c5e4 + pCSD->DeviceSize = (((hsd->CSD[1] & 0x0000003FU) << 16U) | ((hsd->CSD[2] & 0xFFFF0000U) >> 16U)); + 800c5c4: f8b0 206a ldrh.w r2, [r0, #106] ; 0x6a + 800c5c8: 041b lsls r3, r3, #16 + 800c5ca: f403 137c and.w r3, r3, #4128768 ; 0x3f0000 + 800c5ce: 4313 orrs r3, r2 + 800c5d0: 610b str r3, [r1, #16] + hsd->SdCard.BlockNbr = ((pCSD->DeviceSize + 1U) * 1024U); + 800c5d2: 690b ldr r3, [r1, #16] + 800c5d4: 3301 adds r3, #1 + 800c5d6: 029b lsls r3, r3, #10 + 800c5d8: 64c3 str r3, [r0, #76] ; 0x4c + hsd->SdCard.LogBlockNbr = hsd->SdCard.BlockNbr; + 800c5da: 6543 str r3, [r0, #84] ; 0x54 + hsd->SdCard.BlockSize = 512U; + 800c5dc: f44f 7300 mov.w r3, #512 ; 0x200 + 800c5e0: 6503 str r3, [r0, #80] ; 0x50 + 800c5e2: e7ab b.n 800c53c + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c5e4: 6803 ldr r3, [r0, #0] + 800c5e6: 4a05 ldr r2, [pc, #20] ; (800c5fc ) + 800c5e8: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= HAL_SD_ERROR_UNSUPPORTED_FEATURE; + 800c5ea: 6b83 ldr r3, [r0, #56] ; 0x38 + 800c5ec: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + 800c5f0: 6383 str r3, [r0, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c5f2: 2301 movs r3, #1 + 800c5f4: f880 3034 strb.w r3, [r0, #52] ; 0x34 + return HAL_ERROR; + 800c5f8: 4618 mov r0, r3 + 800c5fa: e7e0 b.n 800c5be + 800c5fc: 1fe00fff .word 0x1fe00fff + +0800c600 : +{ + 800c600: e92d 43f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, lr} + Init.ClockEdge = SDMMC_CLOCK_EDGE_RISING; + 800c604: 2300 movs r3, #0 +{ + 800c606: b099 sub sp, #100 ; 0x64 + 800c608: 4604 mov r4, r0 + sdmmc_clk = HAL_RCCEx_GetPeriphCLKFreq(RCC_PERIPHCLK_SDMMC1); + 800c60a: f44f 2000 mov.w r0, #524288 ; 0x80000 + Init.ClockPowerSave = SDMMC_CLOCK_POWER_SAVE_DISABLE; + 800c60e: e9cd 3307 strd r3, r3, [sp, #28] + Init.HardwareFlowControl = SDMMC_HARDWARE_FLOW_CONTROL_DISABLE; + 800c612: e9cd 3309 strd r3, r3, [sp, #36] ; 0x24 + sdmmc_clk = HAL_RCCEx_GetPeriphCLKFreq(RCC_PERIPHCLK_SDMMC1); + 800c616: f7fd fb2d bl 8009c74 + if (sdmmc_clk == 0U) + 800c61a: 4605 mov r5, r0 + 800c61c: b948 cbnz r0, 800c632 + hsd->State = HAL_SD_STATE_READY; + 800c61e: 2501 movs r5, #1 + hsd->ErrorCode = SDMMC_ERROR_INVALID_PARAMETER; + 800c620: f04f 6300 mov.w r3, #134217728 ; 0x8000000 + hsd->State = HAL_SD_STATE_READY; + 800c624: f884 5034 strb.w r5, [r4, #52] ; 0x34 + hsd->ErrorCode = SDMMC_ERROR_INVALID_PARAMETER; + 800c628: 63a3 str r3, [r4, #56] ; 0x38 +} + 800c62a: 4628 mov r0, r5 + 800c62c: b019 add sp, #100 ; 0x64 + 800c62e: e8bd 83f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, pc} + Init.Transceiver = hsd->Init.Transceiver; + 800c632: 69a3 ldr r3, [r4, #24] + hsd->Instance->POWER |= SDMMC_POWER_DIRPOL; + 800c634: 6827 ldr r7, [r4, #0] + Init.Transceiver = hsd->Init.Transceiver; + 800c636: 930c str r3, [sp, #48] ; 0x30 + if(hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE) + 800c638: 2b01 cmp r3, #1 + hsd->Instance->POWER |= SDMMC_POWER_DIRPOL; + 800c63a: bf08 it eq + 800c63c: 683b ldreq r3, [r7, #0] + Init.ClockDiv = sdmmc_clk / (2U * SD_INIT_FREQ); + 800c63e: 4e99 ldr r6, [pc, #612] ; (800c8a4 ) + 800c640: fbb0 f6f6 udiv r6, r0, r6 + hsd->Instance->POWER |= SDMMC_POWER_DIRPOL; + 800c644: bf04 itt eq + 800c646: f043 0310 orreq.w r3, r3, #16 + 800c64a: 603b streq r3, [r7, #0] + status = SDMMC_Init(hsd->Instance, Init); + 800c64c: 960b str r6, [sp, #44] ; 0x2c + 800c64e: ab0a add r3, sp, #40 ; 0x28 + 800c650: e893 0007 ldmia.w r3, {r0, r1, r2} + 800c654: e88d 0007 stmia.w sp, {r0, r1, r2} + 800c658: ab07 add r3, sp, #28 + 800c65a: cb0e ldmia r3, {r1, r2, r3} + 800c65c: 4638 mov r0, r7 + 800c65e: f000 fcbb bl 800cfd8 + if(status != HAL_OK) + 800c662: b108 cbz r0, 800c668 + return HAL_ERROR; + 800c664: 2501 movs r5, #1 + 800c666: e7e0 b.n 800c62a + status = SDMMC_PowerState_ON(hsd->Instance); + 800c668: 6820 ldr r0, [r4, #0] + 800c66a: f000 fcd7 bl 800d01c + if(status != HAL_OK) + 800c66e: 4607 mov r7, r0 + 800c670: 2800 cmp r0, #0 + 800c672: d1f7 bne.n 800c664 + sdmmc_clk = sdmmc_clk/(2U*Init.ClockDiv); + 800c674: 0076 lsls r6, r6, #1 + HAL_Delay(1U+ (74U*1000U/(sdmmc_clk))); + 800c676: 488c ldr r0, [pc, #560] ; (800c8a8 ) + sdmmc_clk = sdmmc_clk/(2U*Init.ClockDiv); + 800c678: fbb5 f5f6 udiv r5, r5, r6 + HAL_Delay(1U+ (74U*1000U/(sdmmc_clk))); + 800c67c: fbb0 f0f5 udiv r0, r0, r5 + 800c680: 3001 adds r0, #1 + 800c682: f7f7 fa1e bl 8003ac2 + __IO uint32_t count = 0U; + 800c686: 9706 str r7, [sp, #24] + uint32_t tickstart = HAL_GetTick(); + 800c688: f7fa feae bl 80073e8 + 800c68c: 4606 mov r6, r0 + errorstate = SDMMC_CmdGoIdleState(hsd->Instance); + 800c68e: 6820 ldr r0, [r4, #0] + 800c690: f000 fd18 bl 800d0c4 + if(errorstate != HAL_SD_ERROR_NONE) + 800c694: 4605 mov r5, r0 + 800c696: b940 cbnz r0, 800c6aa + errorstate = SDMMC_CmdOperCond(hsd->Instance); + 800c698: 6820 ldr r0, [r4, #0] + 800c69a: f001 f8fd bl 800d898 + if(errorstate != HAL_SD_ERROR_NONE) + 800c69e: b158 cbz r0, 800c6b8 + errorstate = SDMMC_CmdGoIdleState(hsd->Instance); + 800c6a0: 6820 ldr r0, [r4, #0] + hsd->SdCard.CardVersion = CARD_V1_X; + 800c6a2: 6425 str r5, [r4, #64] ; 0x40 + errorstate = SDMMC_CmdGoIdleState(hsd->Instance); + 800c6a4: f000 fd0e bl 800d0c4 + if(errorstate != HAL_SD_ERROR_NONE) + 800c6a8: b180 cbz r0, 800c6cc + hsd->State = HAL_SD_STATE_READY; + 800c6aa: 2501 movs r5, #1 + 800c6ac: f884 5034 strb.w r5, [r4, #52] ; 0x34 + hsd->ErrorCode |= errorstate; + 800c6b0: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c6b2: 4318 orrs r0, r3 + 800c6b4: 63a0 str r0, [r4, #56] ; 0x38 + return HAL_ERROR; + 800c6b6: e7b8 b.n 800c62a + hsd->SdCard.CardVersion = CARD_V2_X; + 800c6b8: 2301 movs r3, #1 + 800c6ba: 6423 str r3, [r4, #64] ; 0x40 + errorstate = SDMMC_CmdAppCommand(hsd->Instance, 0); + 800c6bc: 6820 ldr r0, [r4, #0] + 800c6be: 2100 movs r1, #0 + 800c6c0: f000 fef5 bl 800d4ae + if(errorstate != HAL_SD_ERROR_NONE) + 800c6c4: b128 cbz r0, 800c6d2 + return HAL_SD_ERROR_UNSUPPORTED_FEATURE; + 800c6c6: f04f 5080 mov.w r0, #268435456 ; 0x10000000 + 800c6ca: e7ee b.n 800c6aa + if( hsd->SdCard.CardVersion == CARD_V2_X) + 800c6cc: 6c23 ldr r3, [r4, #64] ; 0x40 + 800c6ce: 2b01 cmp r3, #1 + 800c6d0: d0f4 beq.n 800c6bc + errorstate = SDMMC_CmdAppOperCommand(hsd->Instance, SDMMC_VOLTAGE_WINDOW_SD | SDMMC_HIGH_CAPACITY | SD_SWITCH_1_8V_CAPACITY); + 800c6d2: f8df 91dc ldr.w r9, [pc, #476] ; 800c8b0 +{ + 800c6d6: 2700 movs r7, #0 + while((count < SDMMC_MAX_VOLT_TRIAL) && (validvoltage == 0U)) + 800c6d8: f64f 78fe movw r8, #65534 ; 0xfffe + 800c6dc: 9b06 ldr r3, [sp, #24] + 800c6de: 4543 cmp r3, r8 + 800c6e0: d800 bhi.n 800c6e4 + 800c6e2: b12f cbz r7, 800c6f0 + if(count >= SDMMC_MAX_VOLT_TRIAL) + 800c6e4: 9b06 ldr r3, [sp, #24] + 800c6e6: 4543 cmp r3, r8 + 800c6e8: d918 bls.n 800c71c + return HAL_SD_ERROR_INVALID_VOLTRANGE; + 800c6ea: f04f 7080 mov.w r0, #16777216 ; 0x1000000 + 800c6ee: e7dc b.n 800c6aa + errorstate = SDMMC_CmdAppCommand(hsd->Instance, 0); + 800c6f0: 6820 ldr r0, [r4, #0] + 800c6f2: 4639 mov r1, r7 + 800c6f4: f000 fedb bl 800d4ae + if(errorstate != HAL_SD_ERROR_NONE) + 800c6f8: 2800 cmp r0, #0 + 800c6fa: d1d6 bne.n 800c6aa + errorstate = SDMMC_CmdAppOperCommand(hsd->Instance, SDMMC_VOLTAGE_WINDOW_SD | SDMMC_HIGH_CAPACITY | SD_SWITCH_1_8V_CAPACITY); + 800c6fc: 6820 ldr r0, [r4, #0] + 800c6fe: 4649 mov r1, r9 + 800c700: f001 f816 bl 800d730 + if(errorstate != HAL_SD_ERROR_NONE) + 800c704: 2800 cmp r0, #0 + 800c706: d1de bne.n 800c6c6 + response = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1); + 800c708: 4639 mov r1, r7 + 800c70a: 6820 ldr r0, [r4, #0] + 800c70c: f000 fcb7 bl 800d07e + count++; + 800c710: 9b06 ldr r3, [sp, #24] + 800c712: 3301 adds r3, #1 + response = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1); + 800c714: 4605 mov r5, r0 + validvoltage = (((response >> 31U) == 1U) ? 1U : 0U); + 800c716: 0fc7 lsrs r7, r0, #31 + count++; + 800c718: 9306 str r3, [sp, #24] + 800c71a: e7df b.n 800c6dc + if((response & SDMMC_HIGH_CAPACITY) == SDMMC_HIGH_CAPACITY) /* (response &= SD_HIGH_CAPACITY) */ + 800c71c: f015 4380 ands.w r3, r5, #1073741824 ; 0x40000000 + 800c720: d04b beq.n 800c7ba + hsd->SdCard.CardType = CARD_SDHC_SDXC; + 800c722: 2301 movs r3, #1 + 800c724: 63e3 str r3, [r4, #60] ; 0x3c + if(hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE) + 800c726: 69a3 ldr r3, [r4, #24] + errorstate = SDMMC_CmdAppCommand(hsd->Instance, 0); + 800c728: 6820 ldr r0, [r4, #0] + if(hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE) + 800c72a: 2b01 cmp r3, #1 + 800c72c: d12d bne.n 800c78a + if((response & SD_SWITCH_1_8V_CAPACITY) == SD_SWITCH_1_8V_CAPACITY) + 800c72e: 01ef lsls r7, r5, #7 + 800c730: d52b bpl.n 800c78a + hsd->SdCard.CardSpeed = CARD_ULTRA_HIGH_SPEED; + 800c732: f44f 7300 mov.w r3, #512 ; 0x200 + 800c736: 65e3 str r3, [r4, #92] ; 0x5c + hsd->Instance->POWER |= SDMMC_POWER_VSWITCHEN; + 800c738: 6803 ldr r3, [r0, #0] + 800c73a: f043 0308 orr.w r3, r3, #8 + 800c73e: 6003 str r3, [r0, #0] + errorstate = SDMMC_CmdVoltageSwitch(hsd->Instance); + 800c740: f000 ff4e bl 800d5e0 + if(errorstate != HAL_SD_ERROR_NONE) + 800c744: 2800 cmp r0, #0 + 800c746: d1b0 bne.n 800c6aa + while(( hsd->Instance->STA & SDMMC_FLAG_CKSTOP) != SDMMC_FLAG_CKSTOP) + 800c748: 6823 ldr r3, [r4, #0] + 800c74a: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c74c: 0155 lsls r5, r2, #5 + 800c74e: d526 bpl.n 800c79e + hsd->Instance->ICR = SDMMC_FLAG_CKSTOP; + 800c750: f04f 6280 mov.w r2, #67108864 ; 0x4000000 + 800c754: 639a str r2, [r3, #56] ; 0x38 + if(( hsd->Instance->STA & SDMMC_FLAG_BUSYD0) != SDMMC_FLAG_BUSYD0) + 800c756: 6b5b ldr r3, [r3, #52] ; 0x34 + 800c758: 02d8 lsls r0, r3, #11 + 800c75a: d5b4 bpl.n 800c6c6 + HAL_SDEx_DriveTransceiver_1_8V_Callback(SET); + 800c75c: 2001 movs r0, #1 + 800c75e: f7fa feb3 bl 80074c8 + hsd->Instance->POWER |= SDMMC_POWER_VSWITCH; + 800c762: 6822 ldr r2, [r4, #0] + 800c764: 6813 ldr r3, [r2, #0] + 800c766: f043 0304 orr.w r3, r3, #4 + 800c76a: 6013 str r3, [r2, #0] + while(( hsd->Instance->STA & SDMMC_FLAG_VSWEND) != SDMMC_FLAG_VSWEND) + 800c76c: 6823 ldr r3, [r4, #0] + 800c76e: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c770: 0191 lsls r1, r2, #6 + 800c772: d51c bpl.n 800c7ae + hsd->Instance->ICR = SDMMC_FLAG_VSWEND; + 800c774: f04f 7200 mov.w r2, #33554432 ; 0x2000000 + 800c778: 639a str r2, [r3, #56] ; 0x38 + if(( hsd->Instance->STA & SDMMC_FLAG_BUSYD0) == SDMMC_FLAG_BUSYD0) + 800c77a: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c77c: 02d2 lsls r2, r2, #11 + 800c77e: d4b4 bmi.n 800c6ea + hsd->Instance->POWER = 0x13U; + 800c780: 2213 movs r2, #19 + 800c782: 601a str r2, [r3, #0] + hsd->Instance->ICR = 0xFFFFFFFFU; + 800c784: f04f 32ff mov.w r2, #4294967295 ; 0xffffffff + 800c788: 639a str r2, [r3, #56] ; 0x38 + uint16_t sd_rca = 1U; + 800c78a: 2301 movs r3, #1 + if(SDMMC_GetPowerState(hsd->Instance) == 0U) + 800c78c: 6820 ldr r0, [r4, #0] + uint16_t sd_rca = 1U; + 800c78e: f8ad 3016 strh.w r3, [sp, #22] + if(SDMMC_GetPowerState(hsd->Instance) == 0U) + 800c792: f000 fc59 bl 800d048 + 800c796: b990 cbnz r0, 800c7be + return HAL_SD_ERROR_REQUEST_NOT_APPLICABLE; + 800c798: f04f 6080 mov.w r0, #67108864 ; 0x4000000 + 800c79c: e785 b.n 800c6aa + if((HAL_GetTick() - tickstart) >= SDMMC_DATATIMEOUT) + 800c79e: f7fa fe23 bl 80073e8 + 800c7a2: 1b80 subs r0, r0, r6 + 800c7a4: 3001 adds r0, #1 + 800c7a6: d1cf bne.n 800c748 + return HAL_SD_ERROR_TIMEOUT; + 800c7a8: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 + 800c7ac: e77d b.n 800c6aa + if((HAL_GetTick() - tickstart) >= SDMMC_DATATIMEOUT) + 800c7ae: f7fa fe1b bl 80073e8 + 800c7b2: 1b80 subs r0, r0, r6 + 800c7b4: 3001 adds r0, #1 + 800c7b6: d1d9 bne.n 800c76c + 800c7b8: e7f6 b.n 800c7a8 + hsd->SdCard.CardType = CARD_SDSC; + 800c7ba: 63e3 str r3, [r4, #60] ; 0x3c + if(errorstate != HAL_SD_ERROR_NONE) + 800c7bc: e7e5 b.n 800c78a + if(hsd->SdCard.CardType != CARD_SECURED) + 800c7be: 6be3 ldr r3, [r4, #60] ; 0x3c + 800c7c0: 2b03 cmp r3, #3 + 800c7c2: d045 beq.n 800c850 + errorstate = SDMMC_CmdSendCID(hsd->Instance); + 800c7c4: 6820 ldr r0, [r4, #0] + 800c7c6: f000 ff65 bl 800d694 + if(errorstate != HAL_SD_ERROR_NONE) + 800c7ca: 2800 cmp r0, #0 + 800c7cc: f47f af6d bne.w 800c6aa + hsd->CID[0U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1); + 800c7d0: 4601 mov r1, r0 + 800c7d2: 6820 ldr r0, [r4, #0] + 800c7d4: f000 fc53 bl 800d07e + hsd->CID[1U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP2); + 800c7d8: 2104 movs r1, #4 + hsd->CID[0U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1); + 800c7da: 6720 str r0, [r4, #112] ; 0x70 + hsd->CID[1U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP2); + 800c7dc: 6820 ldr r0, [r4, #0] + 800c7de: f000 fc4e bl 800d07e + hsd->CID[2U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP3); + 800c7e2: 2108 movs r1, #8 + hsd->CID[1U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP2); + 800c7e4: 6760 str r0, [r4, #116] ; 0x74 + hsd->CID[2U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP3); + 800c7e6: 6820 ldr r0, [r4, #0] + 800c7e8: f000 fc49 bl 800d07e + hsd->CID[3U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP4); + 800c7ec: 210c movs r1, #12 + hsd->CID[2U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP3); + 800c7ee: 67a0 str r0, [r4, #120] ; 0x78 + hsd->CID[3U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP4); + 800c7f0: 6820 ldr r0, [r4, #0] + 800c7f2: f000 fc44 bl 800d07e + if(hsd->SdCard.CardType != CARD_SECURED) + 800c7f6: 6be3 ldr r3, [r4, #60] ; 0x3c + hsd->CID[3U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP4); + 800c7f8: 67e0 str r0, [r4, #124] ; 0x7c + if(hsd->SdCard.CardType != CARD_SECURED) + 800c7fa: 2b03 cmp r3, #3 + 800c7fc: d028 beq.n 800c850 + errorstate = SDMMC_CmdSetRelAdd(hsd->Instance, &sd_rca); + 800c7fe: 6820 ldr r0, [r4, #0] + 800c800: f10d 0116 add.w r1, sp, #22 + 800c804: f001 f804 bl 800d810 + if(errorstate != HAL_SD_ERROR_NONE) + 800c808: 2800 cmp r0, #0 + 800c80a: f47f af4e bne.w 800c6aa + if(hsd->SdCard.CardType != CARD_SECURED) + 800c80e: 6be3 ldr r3, [r4, #60] ; 0x3c + errorstate = SDMMC_CmdSendCSD(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800c810: 6820 ldr r0, [r4, #0] + if(hsd->SdCard.CardType != CARD_SECURED) + 800c812: 2b03 cmp r3, #3 + 800c814: d01c beq.n 800c850 + hsd->SdCard.RelCardAdd = sd_rca; + 800c816: f8bd 1016 ldrh.w r1, [sp, #22] + 800c81a: 64a1 str r1, [r4, #72] ; 0x48 + errorstate = SDMMC_CmdSendCSD(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800c81c: 0409 lsls r1, r1, #16 + 800c81e: f000 ff4f bl 800d6c0 + if(errorstate != HAL_SD_ERROR_NONE) + 800c822: 2800 cmp r0, #0 + 800c824: f47f af41 bne.w 800c6aa + hsd->CSD[0U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1); + 800c828: 4601 mov r1, r0 + 800c82a: 6820 ldr r0, [r4, #0] + 800c82c: f000 fc27 bl 800d07e + hsd->CSD[1U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP2); + 800c830: 2104 movs r1, #4 + hsd->CSD[0U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1); + 800c832: 6620 str r0, [r4, #96] ; 0x60 + hsd->CSD[1U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP2); + 800c834: 6820 ldr r0, [r4, #0] + 800c836: f000 fc22 bl 800d07e + hsd->CSD[2U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP3); + 800c83a: 2108 movs r1, #8 + hsd->CSD[1U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP2); + 800c83c: 6660 str r0, [r4, #100] ; 0x64 + hsd->CSD[2U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP3); + 800c83e: 6820 ldr r0, [r4, #0] + 800c840: f000 fc1d bl 800d07e + hsd->CSD[3U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP4); + 800c844: 210c movs r1, #12 + hsd->CSD[2U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP3); + 800c846: 66a0 str r0, [r4, #104] ; 0x68 + hsd->CSD[3U] = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP4); + 800c848: 6820 ldr r0, [r4, #0] + 800c84a: f000 fc18 bl 800d07e + 800c84e: 66e0 str r0, [r4, #108] ; 0x6c + hsd->SdCard.Class = (SDMMC_GetResponse(hsd->Instance, SDMMC_RESP2) >> 20U); + 800c850: 2104 movs r1, #4 + 800c852: 6820 ldr r0, [r4, #0] + 800c854: f000 fc13 bl 800d07e + 800c858: 0d00 lsrs r0, r0, #20 + 800c85a: 6460 str r0, [r4, #68] ; 0x44 + if (HAL_SD_GetCardCSD(hsd, &CSD) != HAL_OK) + 800c85c: a90d add r1, sp, #52 ; 0x34 + 800c85e: 4620 mov r0, r4 + 800c860: f7ff fe18 bl 800c494 + 800c864: 4605 mov r5, r0 + 800c866: 2800 cmp r0, #0 + 800c868: f47f af2d bne.w 800c6c6 + errorstate = SDMMC_CmdSelDesel(hsd->Instance, (uint32_t)(((uint32_t)hsd->SdCard.RelCardAdd) << 16U)); + 800c86c: 6ca2 ldr r2, [r4, #72] ; 0x48 + 800c86e: 4603 mov r3, r0 + 800c870: 0412 lsls r2, r2, #16 + 800c872: 6820 ldr r0, [r4, #0] + 800c874: f000 fe02 bl 800d47c + if(errorstate != HAL_SD_ERROR_NONE) + 800c878: 2800 cmp r0, #0 + 800c87a: f47f af16 bne.w 800c6aa + errorstate = SDMMC_CmdBlockLength(hsd->Instance, BLOCKSIZE); + 800c87e: 6820 ldr r0, [r4, #0] + 800c880: f44f 7100 mov.w r1, #512 ; 0x200 + 800c884: f000 fcda bl 800d23c + if(errorstate != HAL_SD_ERROR_NONE) + 800c888: 2800 cmp r0, #0 + 800c88a: f43f aece beq.w 800c62a + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c88e: 6823 ldr r3, [r4, #0] + 800c890: 4a06 ldr r2, [pc, #24] ; (800c8ac ) + 800c892: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= errorstate; + 800c894: 6ba3 ldr r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c896: 2501 movs r5, #1 + hsd->ErrorCode |= errorstate; + 800c898: 4318 orrs r0, r3 + 800c89a: 63a0 str r0, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c89c: f884 5034 strb.w r5, [r4, #52] ; 0x34 + return HAL_ERROR; + 800c8a0: e6c3 b.n 800c62a + 800c8a2: bf00 nop + 800c8a4: 000c3500 .word 0x000c3500 + 800c8a8: 00012110 .word 0x00012110 + 800c8ac: 1fe00fff .word 0x1fe00fff + 800c8b0: c1100000 .word 0xc1100000 + +0800c8b4 : +{ + 800c8b4: e92d 41f0 stmdb sp!, {r4, r5, r6, r7, r8, lr} + 800c8b8: b096 sub sp, #88 ; 0x58 + 800c8ba: 4604 mov r4, r0 + 800c8bc: 460d mov r5, r1 + uint32_t tickstart = HAL_GetTick(); + 800c8be: f7fa fd93 bl 80073e8 + if((SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1) & SDMMC_CARD_LOCKED) == SDMMC_CARD_LOCKED) + 800c8c2: 2100 movs r1, #0 + uint32_t tickstart = HAL_GetTick(); + 800c8c4: 4606 mov r6, r0 + if((SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1) & SDMMC_CARD_LOCKED) == SDMMC_CARD_LOCKED) + 800c8c6: 6820 ldr r0, [r4, #0] + 800c8c8: f000 fbd9 bl 800d07e + 800c8cc: 0183 lsls r3, r0, #6 + 800c8ce: d50b bpl.n 800c8e8 + return HAL_SD_ERROR_LOCK_UNLOCK_FAILED; + 800c8d0: f44f 6000 mov.w r0, #2048 ; 0x800 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800c8d4: 6823 ldr r3, [r4, #0] + 800c8d6: 4a54 ldr r2, [pc, #336] ; (800ca28 ) + 800c8d8: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= errorstate; + 800c8da: 6ba3 ldr r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c8dc: 2501 movs r5, #1 + hsd->ErrorCode |= errorstate; + 800c8de: 4318 orrs r0, r3 + 800c8e0: 63a0 str r0, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800c8e2: f884 5034 strb.w r5, [r4, #52] ; 0x34 + status = HAL_ERROR; + 800c8e6: e08a b.n 800c9fe + errorstate = SDMMC_CmdBlockLength(hsd->Instance, 64U); + 800c8e8: 6820 ldr r0, [r4, #0] + 800c8ea: 2140 movs r1, #64 ; 0x40 + 800c8ec: f000 fca6 bl 800d23c + if(errorstate != HAL_SD_ERROR_NONE) + 800c8f0: b110 cbz r0, 800c8f8 + hsd->ErrorCode |= HAL_SD_ERROR_NONE; + 800c8f2: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800c8f4: 63a3 str r3, [r4, #56] ; 0x38 + return errorstate; + 800c8f6: e7ed b.n 800c8d4 + errorstate = SDMMC_CmdAppCommand(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800c8f8: 6ca1 ldr r1, [r4, #72] ; 0x48 + 800c8fa: 6820 ldr r0, [r4, #0] + 800c8fc: 0409 lsls r1, r1, #16 + 800c8fe: f000 fdd6 bl 800d4ae + if(errorstate != HAL_SD_ERROR_NONE) + 800c902: 2800 cmp r0, #0 + 800c904: d1f5 bne.n 800c8f2 + config.DataLength = 64U; + 800c906: 2340 movs r3, #64 ; 0x40 + 800c908: f04f 37ff mov.w r7, #4294967295 ; 0xffffffff + 800c90c: e9cd 7300 strd r7, r3, [sp] + config.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800c910: f04f 0c60 mov.w ip, #96 ; 0x60 + 800c914: 2302 movs r3, #2 + 800c916: e9cd c302 strd ip, r3, [sp, #8] + config.TransferMode = SDMMC_TRANSFER_MODE_BLOCK; + 800c91a: 9004 str r0, [sp, #16] + config.DPSM = SDMMC_DPSM_ENABLE; + 800c91c: 2301 movs r3, #1 + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800c91e: 6820 ldr r0, [r4, #0] + config.DPSM = SDMMC_DPSM_ENABLE; + 800c920: 9305 str r3, [sp, #20] + (void)SDMMC_ConfigData(hsd->Instance, &config); + 800c922: 4669 mov r1, sp + 800c924: f000 fbae bl 800d084 + errorstate = SDMMC_CmdStatusRegister(hsd->Instance); + 800c928: 6820 ldr r0, [r4, #0] + 800c92a: f000 fe40 bl 800d5ae + if(errorstate != HAL_SD_ERROR_NONE) + 800c92e: 2800 cmp r0, #0 + 800c930: d1df bne.n 800c8f2 + uint32_t *pData = pSDstatus; + 800c932: af06 add r7, sp, #24 + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DATAEND)) + 800c934: 6823 ldr r3, [r4, #0] + 800c936: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c938: f412 7f95 tst.w r2, #298 ; 0x12a + 800c93c: d00a beq.n 800c954 + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DTIMEOUT)) + 800c93e: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c940: 0711 lsls r1, r2, #28 + 800c942: d46f bmi.n 800ca24 + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DCRCFAIL)) + 800c944: 6b5a ldr r2, [r3, #52] ; 0x34 + 800c946: 0792 lsls r2, r2, #30 + 800c948: d46a bmi.n 800ca20 + else if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + 800c94a: 6b5b ldr r3, [r3, #52] ; 0x34 + 800c94c: 069b lsls r3, r3, #26 + 800c94e: d51e bpl.n 800c98e + return HAL_SD_ERROR_RX_OVERRUN; + 800c950: 2020 movs r0, #32 + 800c952: e7bf b.n 800c8d4 + if(__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXFIFOHF)) + 800c954: 6b5b ldr r3, [r3, #52] ; 0x34 + 800c956: 0418 lsls r0, r3, #16 + 800c958: d508 bpl.n 800c96c + 800c95a: f107 0820 add.w r8, r7, #32 + *pData = SDMMC_ReadFIFO(hsd->Instance); + 800c95e: 6820 ldr r0, [r4, #0] + 800c960: f000 fb54 bl 800d00c + 800c964: f847 0b04 str.w r0, [r7], #4 + for(count = 0U; count < 8U; count++) + 800c968: 45b8 cmp r8, r7 + 800c96a: d1f8 bne.n 800c95e + if((HAL_GetTick() - tickstart) >= SDMMC_DATATIMEOUT) + 800c96c: f7fa fd3c bl 80073e8 + 800c970: 1b80 subs r0, r0, r6 + 800c972: 3001 adds r0, #1 + 800c974: d1de bne.n 800c934 + return HAL_SD_ERROR_TIMEOUT; + 800c976: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 + if(errorstate != HAL_SD_ERROR_NONE) + 800c97a: e7ab b.n 800c8d4 + *pData = SDMMC_ReadFIFO(hsd->Instance); + 800c97c: f000 fb46 bl 800d00c + 800c980: f847 0b04 str.w r0, [r7], #4 + if((HAL_GetTick() - tickstart) >= SDMMC_DATATIMEOUT) + 800c984: f7fa fd30 bl 80073e8 + 800c988: 1b80 subs r0, r0, r6 + 800c98a: 3001 adds r0, #1 + 800c98c: d0f3 beq.n 800c976 + while ((__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DPSMACT))) + 800c98e: 6820 ldr r0, [r4, #0] + 800c990: 6b43 ldr r3, [r0, #52] ; 0x34 + 800c992: f413 5380 ands.w r3, r3, #4096 ; 0x1000 + 800c996: d1f1 bne.n 800c97c + pStatus->DataBusWidth = (uint8_t)((sd_status[0] & 0xC0U) >> 6U); + 800c998: 9906 ldr r1, [sp, #24] + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_DATA_FLAGS); + 800c99a: 4a24 ldr r2, [pc, #144] ; (800ca2c ) + 800c99c: 6382 str r2, [r0, #56] ; 0x38 + pStatus->DataBusWidth = (uint8_t)((sd_status[0] & 0xC0U) >> 6U); + 800c99e: f3c1 1281 ubfx r2, r1, #6, #2 + 800c9a2: 702a strb r2, [r5, #0] + pStatus->SecuredMode = (uint8_t)((sd_status[0] & 0x20U) >> 5U); + 800c9a4: f3c1 1240 ubfx r2, r1, #5, #1 + 800c9a8: 706a strb r2, [r5, #1] + pStatus->CardType = (uint16_t)(((sd_status[0] & 0x00FF0000U) >> 8U) | ((sd_status[0] & 0xFF000000U) >> 24U)); + 800c9aa: 0a0a lsrs r2, r1, #8 + 800c9ac: f022 02ff bic.w r2, r2, #255 ; 0xff + 800c9b0: ea42 6211 orr.w r2, r2, r1, lsr #24 + 800c9b4: b292 uxth r2, r2 + 800c9b6: 806a strh r2, [r5, #2] + pStatus->ProtectedAreaSize = (((sd_status[1] & 0xFFU) << 24U) | ((sd_status[1] & 0xFF00U) << 8U) | + 800c9b8: 9a07 ldr r2, [sp, #28] + 800c9ba: ba12 rev r2, r2 + 800c9bc: 606a str r2, [r5, #4] + pStatus->SpeedClass = (uint8_t)(sd_status[2] & 0xFFU); + 800c9be: 9a08 ldr r2, [sp, #32] + 800c9c0: b2d1 uxtb r1, r2 + 800c9c2: 7229 strb r1, [r5, #8] + pStatus->PerformanceMove = (uint8_t)((sd_status[2] & 0xFF00U) >> 8U); + 800c9c4: f3c2 2107 ubfx r1, r2, #8, #8 + 800c9c8: 7269 strb r1, [r5, #9] + pStatus->AllocationUnitSize = (uint8_t)((sd_status[2] & 0xF00000U) >> 20U); + 800c9ca: f3c2 5103 ubfx r1, r2, #20, #4 + 800c9ce: 72a9 strb r1, [r5, #10] + pStatus->EraseSize = (uint16_t)(((sd_status[2] & 0xFF000000U) >> 16U) | (sd_status[3] & 0xFFU)); + 800c9d0: 9909 ldr r1, [sp, #36] ; 0x24 + 800c9d2: 0c12 lsrs r2, r2, #16 + 800c9d4: b2c8 uxtb r0, r1 + 800c9d6: f022 02ff bic.w r2, r2, #255 ; 0xff + 800c9da: 4302 orrs r2, r0 + 800c9dc: 81aa strh r2, [r5, #12] + pStatus->EraseTimeout = (uint8_t)((sd_status[3] & 0xFC00U) >> 10U); + 800c9de: f3c1 2285 ubfx r2, r1, #10, #6 + 800c9e2: 73aa strb r2, [r5, #14] + pStatus->EraseOffset = (uint8_t)((sd_status[3] & 0x0300U) >> 8U); + 800c9e4: f3c1 2201 ubfx r2, r1, #8, #2 + 800c9e8: 73ea strb r2, [r5, #15] + pStatus->UhsSpeedGrade = (uint8_t)((sd_status[3] & 0x00F0U) >> 4U); + 800c9ea: f3c1 1203 ubfx r2, r1, #4, #4 + 800c9ee: 742a strb r2, [r5, #16] + pStatus->UhsAllocationUnitSize = (uint8_t)(sd_status[3] & 0x000FU) ; + 800c9f0: f001 010f and.w r1, r1, #15 + pStatus->VideoSpeedClass = (uint8_t)((sd_status[4] & 0xFF000000U) >> 24U); + 800c9f4: f89d 202b ldrb.w r2, [sp, #43] ; 0x2b + pStatus->UhsAllocationUnitSize = (uint8_t)(sd_status[3] & 0x000FU) ; + 800c9f8: 7469 strb r1, [r5, #17] + pStatus->VideoSpeedClass = (uint8_t)((sd_status[4] & 0xFF000000U) >> 24U); + 800c9fa: 74aa strb r2, [r5, #18] + HAL_StatusTypeDef status = HAL_OK; + 800c9fc: 461d mov r5, r3 + errorstate = SDMMC_CmdBlockLength(hsd->Instance, BLOCKSIZE); + 800c9fe: 6820 ldr r0, [r4, #0] + 800ca00: f44f 7100 mov.w r1, #512 ; 0x200 + 800ca04: f000 fc1a bl 800d23c + if(errorstate != HAL_SD_ERROR_NONE) + 800ca08: b130 cbz r0, 800ca18 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800ca0a: 6823 ldr r3, [r4, #0] + 800ca0c: 4a06 ldr r2, [pc, #24] ; (800ca28 ) + 800ca0e: 639a str r2, [r3, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800ca10: 2501 movs r5, #1 + hsd->ErrorCode = errorstate; + 800ca12: 63a0 str r0, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800ca14: f884 5034 strb.w r5, [r4, #52] ; 0x34 +} + 800ca18: 4628 mov r0, r5 + 800ca1a: b016 add sp, #88 ; 0x58 + 800ca1c: e8bd 81f0 ldmia.w sp!, {r4, r5, r6, r7, r8, pc} + return HAL_SD_ERROR_DATA_CRC_FAIL; + 800ca20: 2002 movs r0, #2 + 800ca22: e757 b.n 800c8d4 + return HAL_SD_ERROR_DATA_TIMEOUT; + 800ca24: 2008 movs r0, #8 + 800ca26: e755 b.n 800c8d4 + 800ca28: 1fe00fff .word 0x1fe00fff + 800ca2c: 18000f3a .word 0x18000f3a + +0800ca30 : + pCardInfo->CardType = (uint32_t)(hsd->SdCard.CardType); + 800ca30: 6bc3 ldr r3, [r0, #60] ; 0x3c + 800ca32: 600b str r3, [r1, #0] + pCardInfo->CardVersion = (uint32_t)(hsd->SdCard.CardVersion); + 800ca34: 6c03 ldr r3, [r0, #64] ; 0x40 + 800ca36: 604b str r3, [r1, #4] + pCardInfo->Class = (uint32_t)(hsd->SdCard.Class); + 800ca38: 6c43 ldr r3, [r0, #68] ; 0x44 + 800ca3a: 608b str r3, [r1, #8] + pCardInfo->RelCardAdd = (uint32_t)(hsd->SdCard.RelCardAdd); + 800ca3c: 6c83 ldr r3, [r0, #72] ; 0x48 + 800ca3e: 60cb str r3, [r1, #12] + pCardInfo->BlockNbr = (uint32_t)(hsd->SdCard.BlockNbr); + 800ca40: 6cc3 ldr r3, [r0, #76] ; 0x4c + 800ca42: 610b str r3, [r1, #16] + pCardInfo->BlockSize = (uint32_t)(hsd->SdCard.BlockSize); + 800ca44: 6d03 ldr r3, [r0, #80] ; 0x50 + 800ca46: 614b str r3, [r1, #20] + pCardInfo->LogBlockNbr = (uint32_t)(hsd->SdCard.LogBlockNbr); + 800ca48: 6d43 ldr r3, [r0, #84] ; 0x54 + 800ca4a: 618b str r3, [r1, #24] + pCardInfo->LogBlockSize = (uint32_t)(hsd->SdCard.LogBlockSize); + 800ca4c: 6d83 ldr r3, [r0, #88] ; 0x58 + 800ca4e: 61cb str r3, [r1, #28] +} + 800ca50: 2000 movs r0, #0 + 800ca52: 4770 bx lr + +0800ca54 : +{ + 800ca54: b530 push {r4, r5, lr} + hsd->State = HAL_SD_STATE_BUSY; + 800ca56: 2303 movs r3, #3 + 800ca58: f880 3034 strb.w r3, [r0, #52] ; 0x34 + if(hsd->SdCard.CardType != CARD_SECURED) + 800ca5c: 6bc3 ldr r3, [r0, #60] ; 0x3c + 800ca5e: 2b03 cmp r3, #3 +{ + 800ca60: b08b sub sp, #44 ; 0x2c + 800ca62: 4604 mov r4, r0 + 800ca64: 460d mov r5, r1 + if(hsd->SdCard.CardType != CARD_SECURED) + 800ca66: d002 beq.n 800ca6e + if(WideMode == SDMMC_BUS_WIDE_8B) + 800ca68: f5b1 4f00 cmp.w r1, #32768 ; 0x8000 + 800ca6c: d103 bne.n 800ca76 + hsd->ErrorCode |= HAL_SD_ERROR_UNSUPPORTED_FEATURE; + 800ca6e: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800ca70: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + 800ca74: e049 b.n 800cb0a + else if(WideMode == SDMMC_BUS_WIDE_4B) + 800ca76: f5b1 4f80 cmp.w r1, #16384 ; 0x4000 + 800ca7a: d123 bne.n 800cac4 + uint32_t scr[2U] = {0UL, 0UL}; + 800ca7c: 2100 movs r1, #0 + if((SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1) & SDMMC_CARD_LOCKED) == SDMMC_CARD_LOCKED) + 800ca7e: 6800 ldr r0, [r0, #0] + uint32_t scr[2U] = {0UL, 0UL}; + 800ca80: e9cd 1104 strd r1, r1, [sp, #16] + if((SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1) & SDMMC_CARD_LOCKED) == SDMMC_CARD_LOCKED) + 800ca84: f000 fafb bl 800d07e + 800ca88: 0180 lsls r0, r0, #6 + 800ca8a: d435 bmi.n 800caf8 + errorstate = SD_FindSCR(hsd, scr); + 800ca8c: a904 add r1, sp, #16 + 800ca8e: 4620 mov r0, r4 + 800ca90: f7ff fa32 bl 800bef8 + if(errorstate != HAL_SD_ERROR_NONE) + 800ca94: b960 cbnz r0, 800cab0 + if((scr[1U] & SDMMC_WIDE_BUS_SUPPORT) != SDMMC_ALLZERO) + 800ca96: 9b05 ldr r3, [sp, #20] + 800ca98: 0359 lsls r1, r3, #13 + 800ca9a: d530 bpl.n 800cafe + errorstate = SDMMC_CmdAppCommand(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800ca9c: 6ca1 ldr r1, [r4, #72] ; 0x48 + 800ca9e: 6820 ldr r0, [r4, #0] + 800caa0: 0409 lsls r1, r1, #16 + 800caa2: f000 fd04 bl 800d4ae + if(errorstate != HAL_SD_ERROR_NONE) + 800caa6: b918 cbnz r0, 800cab0 + errorstate = SDMMC_CmdBusWidth(hsd->Instance, 2U); + 800caa8: 2102 movs r1, #2 + errorstate = SDMMC_CmdBusWidth(hsd->Instance, 0U); + 800caaa: 6820 ldr r0, [r4, #0] + 800caac: f000 fd18 bl 800d4e0 + hsd->ErrorCode |= errorstate; + 800cab0: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800cab2: 4318 orrs r0, r3 + 800cab4: 63a0 str r0, [r4, #56] ; 0x38 + if(hsd->ErrorCode != HAL_SD_ERROR_NONE) + 800cab6: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800cab8: b34b cbz r3, 800cb0e + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800caba: 6823 ldr r3, [r4, #0] + 800cabc: 4a42 ldr r2, [pc, #264] ; (800cbc8 ) + 800cabe: 639a str r2, [r3, #56] ; 0x38 + status = HAL_ERROR; + 800cac0: 2501 movs r5, #1 + 800cac2: e054 b.n 800cb6e + else if(WideMode == SDMMC_BUS_WIDE_1B) + 800cac4: b9f1 cbnz r1, 800cb04 + if((SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1) & SDMMC_CARD_LOCKED) == SDMMC_CARD_LOCKED) + 800cac6: 6800 ldr r0, [r0, #0] + uint32_t scr[2U] = {0UL, 0UL}; + 800cac8: e9cd 1104 strd r1, r1, [sp, #16] + if((SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1) & SDMMC_CARD_LOCKED) == SDMMC_CARD_LOCKED) + 800cacc: f000 fad7 bl 800d07e + 800cad0: 0182 lsls r2, r0, #6 + 800cad2: d411 bmi.n 800caf8 + errorstate = SD_FindSCR(hsd, scr); + 800cad4: a904 add r1, sp, #16 + 800cad6: 4620 mov r0, r4 + 800cad8: f7ff fa0e bl 800bef8 + if(errorstate != HAL_SD_ERROR_NONE) + 800cadc: 2800 cmp r0, #0 + 800cade: d1e7 bne.n 800cab0 + if((scr[1U] & SDMMC_SINGLE_BUS_SUPPORT) != SDMMC_ALLZERO) + 800cae0: 9b05 ldr r3, [sp, #20] + 800cae2: 03db lsls r3, r3, #15 + 800cae4: d50b bpl.n 800cafe + errorstate = SDMMC_CmdAppCommand(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800cae6: 6ca1 ldr r1, [r4, #72] ; 0x48 + 800cae8: 6820 ldr r0, [r4, #0] + 800caea: 0409 lsls r1, r1, #16 + 800caec: f000 fcdf bl 800d4ae + if(errorstate != HAL_SD_ERROR_NONE) + 800caf0: 2800 cmp r0, #0 + 800caf2: d1dd bne.n 800cab0 + errorstate = SDMMC_CmdBusWidth(hsd->Instance, 0U); + 800caf4: 4601 mov r1, r0 + 800caf6: e7d8 b.n 800caaa + return HAL_SD_ERROR_LOCK_UNLOCK_FAILED; + 800caf8: f44f 6000 mov.w r0, #2048 ; 0x800 + 800cafc: e7d8 b.n 800cab0 + return HAL_SD_ERROR_REQUEST_NOT_APPLICABLE; + 800cafe: f04f 6080 mov.w r0, #67108864 ; 0x4000000 + 800cb02: e7d5 b.n 800cab0 + hsd->ErrorCode |= HAL_SD_ERROR_PARAM; + 800cb04: 6b83 ldr r3, [r0, #56] ; 0x38 + 800cb06: f043 6300 orr.w r3, r3, #134217728 ; 0x8000000 + hsd->ErrorCode |= HAL_SD_ERROR_UNSUPPORTED_FEATURE; + 800cb0a: 63a3 str r3, [r4, #56] ; 0x38 + 800cb0c: e7d3 b.n 800cab6 + sdmmc_clk = HAL_RCCEx_GetPeriphCLKFreq(RCC_PERIPHCLK_SDMMC1); + 800cb0e: f44f 2000 mov.w r0, #524288 ; 0x80000 + 800cb12: f7fd f8af bl 8009c74 + if (sdmmc_clk != 0U) + 800cb16: 2800 cmp r0, #0 + 800cb18: d051 beq.n 800cbbe + Init.ClockEdge = hsd->Init.ClockEdge; + 800cb1a: 6863 ldr r3, [r4, #4] + 800cb1c: 9304 str r3, [sp, #16] + Init.ClockPowerSave = hsd->Init.ClockPowerSave; + 800cb1e: 68a3 ldr r3, [r4, #8] + if (hsd->Init.ClockDiv >= (sdmmc_clk / (2U * SD_NORMAL_SPEED_FREQ))) + 800cb20: 492a ldr r1, [pc, #168] ; (800cbcc ) + 800cb22: fbb0 f2f1 udiv r2, r0, r1 + Init.BusWide = WideMode; + 800cb26: e9cd 3505 strd r3, r5, [sp, #20] + Init.HardwareFlowControl = hsd->Init.HardwareFlowControl; + 800cb2a: 6923 ldr r3, [r4, #16] + 800cb2c: 9307 str r3, [sp, #28] + if (hsd->Init.ClockDiv >= (sdmmc_clk / (2U * SD_NORMAL_SPEED_FREQ))) + 800cb2e: 6963 ldr r3, [r4, #20] + 800cb30: 4293 cmp r3, r2 + 800cb32: d301 bcc.n 800cb38 + Init.ClockDiv = sdmmc_clk / (2U * SD_NORMAL_SPEED_FREQ); + 800cb34: 9308 str r3, [sp, #32] + 800cb36: e00d b.n 800cb54 + else if (hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) + 800cb38: 6de5 ldr r5, [r4, #92] ; 0x5c + 800cb3a: f5b5 7f00 cmp.w r5, #512 ; 0x200 + 800cb3e: d0f9 beq.n 800cb34 + else if (hsd->SdCard.CardSpeed == CARD_HIGH_SPEED) + 800cb40: f5b5 7f80 cmp.w r5, #256 ; 0x100 + 800cb44: d12e bne.n 800cba4 + if (hsd->Init.ClockDiv == 0U) + 800cb46: bb3b cbnz r3, 800cb98 + if (sdmmc_clk > SD_HIGH_SPEED_FREQ) + 800cb48: 4288 cmp r0, r1 + 800cb4a: d923 bls.n 800cb94 + Init.ClockDiv = sdmmc_clk / (2U * SD_HIGH_SPEED_FREQ); + 800cb4c: 4b20 ldr r3, [pc, #128] ; (800cbd0 ) + 800cb4e: fbb0 f0f3 udiv r0, r0, r3 + 800cb52: 9008 str r0, [sp, #32] + Init.Transceiver = hsd->Init.Transceiver; + 800cb54: 69a3 ldr r3, [r4, #24] + 800cb56: 9309 str r3, [sp, #36] ; 0x24 + (void)SDMMC_Init(hsd->Instance, Init); + 800cb58: ab0a add r3, sp, #40 ; 0x28 + 800cb5a: e913 0007 ldmdb r3, {r0, r1, r2} + 800cb5e: e88d 0007 stmia.w sp, {r0, r1, r2} + 800cb62: ab04 add r3, sp, #16 + 800cb64: cb0e ldmia r3, {r1, r2, r3} + 800cb66: 6820 ldr r0, [r4, #0] + 800cb68: f000 fa36 bl 800cfd8 + HAL_StatusTypeDef status = HAL_OK; + 800cb6c: 2500 movs r5, #0 + errorstate = SDMMC_CmdBlockLength(hsd->Instance, BLOCKSIZE); + 800cb6e: 6820 ldr r0, [r4, #0] + 800cb70: f44f 7100 mov.w r1, #512 ; 0x200 + 800cb74: f000 fb62 bl 800d23c + if(errorstate != HAL_SD_ERROR_NONE) + 800cb78: b130 cbz r0, 800cb88 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800cb7a: 6823 ldr r3, [r4, #0] + 800cb7c: 4a12 ldr r2, [pc, #72] ; (800cbc8 ) + 800cb7e: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= errorstate; + 800cb80: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800cb82: 4318 orrs r0, r3 + 800cb84: 63a0 str r0, [r4, #56] ; 0x38 + status = HAL_ERROR; + 800cb86: 2501 movs r5, #1 + hsd->State = HAL_SD_STATE_READY; + 800cb88: 2301 movs r3, #1 +} + 800cb8a: 4628 mov r0, r5 + hsd->State = HAL_SD_STATE_READY; + 800cb8c: f884 3034 strb.w r3, [r4, #52] ; 0x34 +} + 800cb90: b00b add sp, #44 ; 0x2c + 800cb92: bd30 pop {r4, r5, pc} + Init.ClockDiv = hsd->Init.ClockDiv; + 800cb94: 2300 movs r3, #0 + 800cb96: e7cd b.n 800cb34 + if ((sdmmc_clk/(2U * hsd->Init.ClockDiv)) > SD_HIGH_SPEED_FREQ) + 800cb98: 005a lsls r2, r3, #1 + 800cb9a: fbb0 f2f2 udiv r2, r0, r2 + 800cb9e: 428a cmp r2, r1 + 800cba0: d9c8 bls.n 800cb34 + 800cba2: e7d3 b.n 800cb4c + if (hsd->Init.ClockDiv == 0U) + 800cba4: 490b ldr r1, [pc, #44] ; (800cbd4 ) + 800cba6: b91b cbnz r3, 800cbb0 + if (sdmmc_clk > SD_NORMAL_SPEED_FREQ) + 800cba8: 4288 cmp r0, r1 + 800cbaa: d9f3 bls.n 800cb94 + Init.ClockDiv = sdmmc_clk / (2U * SD_NORMAL_SPEED_FREQ); + 800cbac: 9208 str r2, [sp, #32] + 800cbae: e7d1 b.n 800cb54 + if ((sdmmc_clk/(2U * hsd->Init.ClockDiv)) > SD_NORMAL_SPEED_FREQ) + 800cbb0: 005d lsls r5, r3, #1 + 800cbb2: fbb0 f0f5 udiv r0, r0, r5 + Init.ClockDiv = sdmmc_clk / (2U * SD_NORMAL_SPEED_FREQ); + 800cbb6: 4288 cmp r0, r1 + 800cbb8: bf88 it hi + 800cbba: 4613 movhi r3, r2 + 800cbbc: e7ba b.n 800cb34 + hsd->ErrorCode |= SDMMC_ERROR_INVALID_PARAMETER; + 800cbbe: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800cbc0: f043 6300 orr.w r3, r3, #134217728 ; 0x8000000 + 800cbc4: 63a3 str r3, [r4, #56] ; 0x38 + 800cbc6: e77b b.n 800cac0 + 800cbc8: 1fe00fff .word 0x1fe00fff + 800cbcc: 02faf080 .word 0x02faf080 + 800cbd0: 05f5e100 .word 0x05f5e100 + 800cbd4: 017d7840 .word 0x017d7840 + +0800cbd8 : + errorstate = SDMMC_CmdSendStatus(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800cbd8: 6c81 ldr r1, [r0, #72] ; 0x48 +{ + 800cbda: b510 push {r4, lr} + errorstate = SDMMC_CmdSendStatus(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800cbdc: 0409 lsls r1, r1, #16 +{ + 800cbde: 4604 mov r4, r0 + errorstate = SDMMC_CmdSendStatus(hsd->Instance, (uint32_t)(hsd->SdCard.RelCardAdd << 16U)); + 800cbe0: 6800 ldr r0, [r0, #0] + 800cbe2: f000 fccb bl 800d57c + if(errorstate != HAL_SD_ERROR_NONE) + 800cbe6: 4601 mov r1, r0 + 800cbe8: b928 cbnz r0, 800cbf6 + *pCardStatus = SDMMC_GetResponse(hsd->Instance, SDMMC_RESP1); + 800cbea: 6820 ldr r0, [r4, #0] + 800cbec: f000 fa47 bl 800d07e +} + 800cbf0: f3c0 2043 ubfx r0, r0, #9, #4 + 800cbf4: bd10 pop {r4, pc} + hsd->ErrorCode |= errorstate; + 800cbf6: 6ba0 ldr r0, [r4, #56] ; 0x38 + 800cbf8: 4308 orrs r0, r1 + 800cbfa: 63a0 str r0, [r4, #56] ; 0x38 + uint32_t resp1 = 0; + 800cbfc: 2000 movs r0, #0 + 800cbfe: e7f7 b.n 800cbf0 + +0800cc00 : +{ + 800cc00: b570 push {r4, r5, r6, lr} + if(hsd == NULL) + 800cc02: 4604 mov r4, r0 +{ + 800cc04: b086 sub sp, #24 + if(hsd == NULL) + 800cc06: b918 cbnz r0, 800cc10 + return HAL_ERROR; + 800cc08: 2501 movs r5, #1 +} + 800cc0a: 4628 mov r0, r5 + 800cc0c: b006 add sp, #24 + 800cc0e: bd70 pop {r4, r5, r6, pc} + if(hsd->State == HAL_SD_STATE_RESET) + 800cc10: f890 3034 ldrb.w r3, [r0, #52] ; 0x34 + 800cc14: f003 02ff and.w r2, r3, #255 ; 0xff + 800cc18: b913 cbnz r3, 800cc20 + hsd->Lock = HAL_UNLOCKED; + 800cc1a: 7702 strb r2, [r0, #28] + HAL_SD_MspInit(hsd); + 800cc1c: f7ff fa5a bl 800c0d4 + hsd->State = HAL_SD_STATE_BUSY; + 800cc20: 2303 movs r3, #3 + 800cc22: f884 3034 strb.w r3, [r4, #52] ; 0x34 + if (HAL_SD_InitCard(hsd) != HAL_OK) + 800cc26: 4620 mov r0, r4 + 800cc28: f7ff fcea bl 800c600 + 800cc2c: 2800 cmp r0, #0 + 800cc2e: d1eb bne.n 800cc08 + if( HAL_SD_GetCardStatus(hsd, &CardStatus) != HAL_OK) + 800cc30: a901 add r1, sp, #4 + 800cc32: 4620 mov r0, r4 + 800cc34: f7ff fe3e bl 800c8b4 + 800cc38: 2800 cmp r0, #0 + 800cc3a: d1e5 bne.n 800cc08 + if ((hsd->SdCard.CardType == CARD_SDHC_SDXC) && ((speedgrade != 0U) || (unitsize != 0U))) + 800cc3c: 6be1 ldr r1, [r4, #60] ; 0x3c + speedgrade = CardStatus.UhsSpeedGrade; + 800cc3e: f89d 2014 ldrb.w r2, [sp, #20] + unitsize = CardStatus.UhsAllocationUnitSize; + 800cc42: f89d 3015 ldrb.w r3, [sp, #21] + if ((hsd->SdCard.CardType == CARD_SDHC_SDXC) && ((speedgrade != 0U) || (unitsize != 0U))) + 800cc46: 2901 cmp r1, #1 + speedgrade = CardStatus.UhsSpeedGrade; + 800cc48: b2d2 uxtb r2, r2 + unitsize = CardStatus.UhsAllocationUnitSize; + 800cc4a: b2db uxtb r3, r3 + if ((hsd->SdCard.CardType == CARD_SDHC_SDXC) && ((speedgrade != 0U) || (unitsize != 0U))) + 800cc4c: d11c bne.n 800cc88 + 800cc4e: 4313 orrs r3, r2 + hsd->SdCard.CardSpeed = CARD_ULTRA_HIGH_SPEED; + 800cc50: bf14 ite ne + 800cc52: f44f 7300 movne.w r3, #512 ; 0x200 + hsd->SdCard.CardSpeed = CARD_HIGH_SPEED; + 800cc56: f44f 7380 moveq.w r3, #256 ; 0x100 + 800cc5a: 65e3 str r3, [r4, #92] ; 0x5c + if(HAL_SD_ConfigWideBusOperation(hsd, hsd->Init.BusWide) != HAL_OK) + 800cc5c: 68e1 ldr r1, [r4, #12] + 800cc5e: 4620 mov r0, r4 + 800cc60: f7ff fef8 bl 800ca54 + 800cc64: 4605 mov r5, r0 + 800cc66: 2800 cmp r0, #0 + 800cc68: d1ce bne.n 800cc08 + tickstart = HAL_GetTick(); + 800cc6a: f7fa fbbd bl 80073e8 + 800cc6e: 4606 mov r6, r0 + while((HAL_SD_GetCardState(hsd) != HAL_SD_CARD_TRANSFER)) + 800cc70: 4620 mov r0, r4 + 800cc72: f7ff ffb1 bl 800cbd8 + 800cc76: 2804 cmp r0, #4 + 800cc78: d108 bne.n 800cc8c + hsd->ErrorCode = HAL_SD_ERROR_NONE; + 800cc7a: 2300 movs r3, #0 + 800cc7c: 63a3 str r3, [r4, #56] ; 0x38 + hsd->Context = SD_CONTEXT_NONE; + 800cc7e: 6323 str r3, [r4, #48] ; 0x30 + hsd->State = HAL_SD_STATE_READY; + 800cc80: 2301 movs r3, #1 + 800cc82: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_OK; + 800cc86: e7c0 b.n 800cc0a + hsd->SdCard.CardSpeed = CARD_NORMAL_SPEED; + 800cc88: 65e0 str r0, [r4, #92] ; 0x5c + 800cc8a: e7e7 b.n 800cc5c + if((HAL_GetTick()-tickstart) >= SDMMC_DATATIMEOUT) + 800cc8c: f7fa fbac bl 80073e8 + 800cc90: 1b80 subs r0, r0, r6 + 800cc92: 3001 adds r0, #1 + 800cc94: d1ec bne.n 800cc70 + hsd->ErrorCode = HAL_SD_ERROR_TIMEOUT; + 800cc96: f04f 4300 mov.w r3, #2147483648 ; 0x80000000 + 800cc9a: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State= HAL_SD_STATE_READY; + 800cc9c: 2301 movs r3, #1 + 800cc9e: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->Context = SD_CONTEXT_NONE; + 800cca2: 2300 movs r3, #0 + 800cca4: 6323 str r3, [r4, #48] ; 0x30 + return HAL_TIMEOUT; + 800cca6: 2503 movs r5, #3 + 800cca8: e7af b.n 800cc0a + ... + +0800ccac : +{ + 800ccac: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + uint32_t SD_hs[16] = {0}; + 800ccb0: 2640 movs r6, #64 ; 0x40 +{ + 800ccb2: b096 sub sp, #88 ; 0x58 + 800ccb4: 4605 mov r5, r0 + uint32_t SD_hs[16] = {0}; + 800ccb6: 4632 mov r2, r6 + 800ccb8: 2100 movs r1, #0 + 800ccba: a806 add r0, sp, #24 + 800ccbc: f000 fe22 bl 800d904 + uint32_t Timeout = HAL_GetTick(); + 800ccc0: f7fa fb92 bl 80073e8 + if(hsd->SdCard.CardSpeed == CARD_NORMAL_SPEED) + 800ccc4: 6deb ldr r3, [r5, #92] ; 0x5c + uint32_t Timeout = HAL_GetTick(); + 800ccc6: 4680 mov r8, r0 + if(hsd->SdCard.CardSpeed == CARD_NORMAL_SPEED) + 800ccc8: 2b00 cmp r3, #0 + 800ccca: d066 beq.n 800cd9a + if(hsd->SdCard.CardSpeed == CARD_HIGH_SPEED) + 800cccc: f5b3 7f80 cmp.w r3, #256 ; 0x100 + 800ccd0: d004 beq.n 800ccdc + uint32_t errorstate = HAL_SD_ERROR_NONE; + 800ccd2: 2400 movs r4, #0 +} + 800ccd4: 4620 mov r0, r4 + 800ccd6: b016 add sp, #88 ; 0x58 + 800ccd8: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + hsd->Instance->DCTRL = 0; + 800ccdc: 6828 ldr r0, [r5, #0] + 800ccde: 2300 movs r3, #0 + 800cce0: 62c3 str r3, [r0, #44] ; 0x2c + errorstate = SDMMC_CmdBlockLength(hsd->Instance, 64U); + 800cce2: 4631 mov r1, r6 + 800cce4: f000 faaa bl 800d23c + if (errorstate != HAL_SD_ERROR_NONE) + 800cce8: 4604 mov r4, r0 + 800ccea: 2800 cmp r0, #0 + 800ccec: d1f2 bne.n 800ccd4 + sdmmc_datainitstructure.DataTimeOut = SDMMC_DATATIMEOUT; + 800ccee: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + sdmmc_datainitstructure.DataLength = 64U; + 800ccf2: e9cd 3600 strd r3, r6, [sp] + sdmmc_datainitstructure.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800ccf6: 2260 movs r2, #96 ; 0x60 + 800ccf8: 2302 movs r3, #2 + 800ccfa: e9cd 2302 strd r2, r3, [sp, #8] + sdmmc_datainitstructure.TransferMode = SDMMC_TRANSFER_MODE_BLOCK; + 800ccfe: 9004 str r0, [sp, #16] + sdmmc_datainitstructure.DPSM = SDMMC_DPSM_ENABLE; + 800cd00: 2301 movs r3, #1 + if ( SDMMC_ConfigData(hsd->Instance, &sdmmc_datainitstructure) != HAL_OK) + 800cd02: 6828 ldr r0, [r5, #0] + sdmmc_datainitstructure.DPSM = SDMMC_DPSM_ENABLE; + 800cd04: 9305 str r3, [sp, #20] + if ( SDMMC_ConfigData(hsd->Instance, &sdmmc_datainitstructure) != HAL_OK) + 800cd06: 4669 mov r1, sp + 800cd08: f000 f9bc bl 800d084 + 800cd0c: 2800 cmp r0, #0 + 800cd0e: d147 bne.n 800cda0 + errorstate = SDMMC_CmdSwitch(hsd->Instance,SDMMC_SDR25_SWITCH_PATTERN); + 800cd10: 4925 ldr r1, [pc, #148] ; (800cda8 ) + 800cd12: 6828 ldr r0, [r5, #0] + 800cd14: f000 fbfd bl 800d512 + if(errorstate != HAL_SD_ERROR_NONE) + 800cd18: 4604 mov r4, r0 + 800cd1a: 2800 cmp r0, #0 + 800cd1c: d1da bne.n 800ccd4 + uint32_t count, loop = 0 ; + 800cd1e: 4607 mov r7, r0 + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DBCKEND| SDMMC_FLAG_DATAEND )) + 800cd20: f240 592a movw r9, #1322 ; 0x52a + 800cd24: 682b ldr r3, [r5, #0] + 800cd26: 6b5e ldr r6, [r3, #52] ; 0x34 + 800cd28: ea16 0609 ands.w r6, r6, r9 + 800cd2c: d005 beq.n 800cd3a + if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DTIMEOUT)) + 800cd2e: 6b5a ldr r2, [r3, #52] ; 0x34 + 800cd30: 0710 lsls r0, r2, #28 + 800cd32: d51e bpl.n 800cd72 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DTIMEOUT); + 800cd34: 2208 movs r2, #8 + 800cd36: 639a str r2, [r3, #56] ; 0x38 + return errorstate; + 800cd38: e7cc b.n 800ccd4 + if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXFIFOHF)) + 800cd3a: 6b5b ldr r3, [r3, #52] ; 0x34 + 800cd3c: 041b lsls r3, r3, #16 + 800cd3e: d50b bpl.n 800cd58 + 800cd40: ab06 add r3, sp, #24 + 800cd42: eb03 1a47 add.w sl, r3, r7, lsl #5 + SD_hs[(8U*loop)+count] = SDMMC_ReadFIFO(hsd->Instance); + 800cd46: 6828 ldr r0, [r5, #0] + 800cd48: f000 f960 bl 800d00c + for (count = 0U; count < 8U; count++) + 800cd4c: 3601 adds r6, #1 + 800cd4e: 2e08 cmp r6, #8 + SD_hs[(8U*loop)+count] = SDMMC_ReadFIFO(hsd->Instance); + 800cd50: f84a 0b04 str.w r0, [sl], #4 + for (count = 0U; count < 8U; count++) + 800cd54: d1f7 bne.n 800cd46 + loop ++; + 800cd56: 3701 adds r7, #1 + if((HAL_GetTick()-Timeout) >= SDMMC_DATATIMEOUT) + 800cd58: f7fa fb46 bl 80073e8 + 800cd5c: eba0 0008 sub.w r0, r0, r8 + 800cd60: 3001 adds r0, #1 + 800cd62: d1df bne.n 800cd24 + hsd->ErrorCode = HAL_SD_ERROR_TIMEOUT; + 800cd64: f04f 4400 mov.w r4, #2147483648 ; 0x80000000 + hsd->State= HAL_SD_STATE_READY; + 800cd68: 2301 movs r3, #1 + hsd->ErrorCode = HAL_SD_ERROR_TIMEOUT; + 800cd6a: 63ac str r4, [r5, #56] ; 0x38 + hsd->State= HAL_SD_STATE_READY; + 800cd6c: f885 3034 strb.w r3, [r5, #52] ; 0x34 + return HAL_SD_ERROR_TIMEOUT; + 800cd70: e7b0 b.n 800ccd4 + else if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DCRCFAIL)) + 800cd72: 6b5a ldr r2, [r3, #52] ; 0x34 + 800cd74: 0791 lsls r1, r2, #30 + 800cd76: d502 bpl.n 800cd7e + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DCRCFAIL); + 800cd78: 2402 movs r4, #2 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800cd7a: 639c str r4, [r3, #56] ; 0x38 + return errorstate; + 800cd7c: e7aa b.n 800ccd4 + else if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + 800cd7e: 6b5a ldr r2, [r3, #52] ; 0x34 + 800cd80: 0692 lsls r2, r2, #26 + 800cd82: d501 bpl.n 800cd88 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800cd84: 2420 movs r4, #32 + 800cd86: e7f8 b.n 800cd7a + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_DATA_FLAGS); + 800cd88: 4a08 ldr r2, [pc, #32] ; (800cdac ) + 800cd8a: 639a str r2, [r3, #56] ; 0x38 + if ((((uint8_t*)SD_hs)[13] & 2U) != 2U) + 800cd8c: f89d 3025 ldrb.w r3, [sp, #37] ; 0x25 + 800cd90: 079b lsls r3, r3, #30 + 800cd92: d49e bmi.n 800ccd2 + errorstate = SDMMC_ERROR_UNSUPPORTED_FEATURE; + 800cd94: f04f 5480 mov.w r4, #268435456 ; 0x10000000 + 800cd98: e79c b.n 800ccd4 + return HAL_SD_ERROR_REQUEST_NOT_APPLICABLE; + 800cd9a: f04f 6480 mov.w r4, #67108864 ; 0x4000000 + 800cd9e: e799 b.n 800ccd4 + return (HAL_SD_ERROR_GENERAL_UNKNOWN_ERR); + 800cda0: f44f 3480 mov.w r4, #65536 ; 0x10000 + 800cda4: e796 b.n 800ccd4 + 800cda6: bf00 nop + 800cda8: 80ffff01 .word 0x80ffff01 + 800cdac: 18000f3a .word 0x18000f3a + +0800cdb0 : +{ + 800cdb0: e92d 47f0 stmdb sp!, {r4, r5, r6, r7, r8, r9, sl, lr} + hsd->State = HAL_SD_STATE_BUSY; + 800cdb4: 2303 movs r3, #3 + 800cdb6: f880 3034 strb.w r3, [r0, #52] ; 0x34 + if(hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE) + 800cdba: 6983 ldr r3, [r0, #24] + 800cdbc: 2b01 cmp r3, #1 +{ + 800cdbe: b096 sub sp, #88 ; 0x58 + 800cdc0: 4604 mov r4, r0 + if(hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE) + 800cdc2: f040 80cf bne.w 800cf64 + switch (SpeedMode) + 800cdc6: 2904 cmp r1, #4 + 800cdc8: f200 80eb bhi.w 800cfa2 + 800cdcc: e8df f011 tbh [pc, r1, lsl #1] + 800cdd0: 00150005 .word 0x00150005 + 800cdd4: 001e00dc .word 0x001e00dc + 800cdd8: 0031 .short 0x0031 + if ((hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) || + 800cdda: 6dc3 ldr r3, [r0, #92] ; 0x5c + 800cddc: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800cde0: d002 beq.n 800cde8 + 800cde2: 6bc2 ldr r2, [r0, #60] ; 0x3c + 800cde4: 2a01 cmp r2, #1 + 800cde6: d10a bne.n 800cdfe + hsd->Instance->CLKCR |= 0x00100000U; + 800cde8: 6822 ldr r2, [r4, #0] + 800cdea: 6853 ldr r3, [r2, #4] + 800cdec: f443 1380 orr.w r3, r3, #1048576 ; 0x100000 + 800cdf0: 6053 str r3, [r2, #4] + if (SD_UltraHighSpeed(hsd) != HAL_SD_ERROR_NONE) + 800cdf2: 4620 mov r0, r4 + 800cdf4: f7ff f8e6 bl 800bfc4 + 800cdf8: b920 cbnz r0, 800ce04 + switch (SpeedMode) + 800cdfa: 2500 movs r5, #0 + 800cdfc: e063 b.n 800cec6 + else if (hsd->SdCard.CardSpeed == CARD_HIGH_SPEED) + 800cdfe: f5b3 7f80 cmp.w r3, #256 ; 0x100 + (hsd->SdCard.CardSpeed == CARD_HIGH_SPEED) || + 800ce02: d1fa bne.n 800cdfa + if (SD_HighSpeed(hsd) != HAL_SD_ERROR_NONE) + 800ce04: 4620 mov r0, r4 + 800ce06: f7ff ff51 bl 800ccac + 800ce0a: e00f b.n 800ce2c + if ((hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) || + 800ce0c: 6dc3 ldr r3, [r0, #92] ; 0x5c + 800ce0e: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800ce12: d003 beq.n 800ce1c + 800ce14: 6bc3 ldr r3, [r0, #60] ; 0x3c + 800ce16: 2b01 cmp r3, #1 + 800ce18: f040 8089 bne.w 800cf2e + hsd->Instance->CLKCR |= 0x00100000U; + 800ce1c: 6822 ldr r2, [r4, #0] + 800ce1e: 6853 ldr r3, [r2, #4] + 800ce20: f443 1380 orr.w r3, r3, #1048576 ; 0x100000 + 800ce24: 6053 str r3, [r2, #4] + if (SD_UltraHighSpeed(hsd) != HAL_SD_ERROR_NONE) + 800ce26: 4620 mov r0, r4 + 800ce28: f7ff f8cc bl 800bfc4 + if (SD_HighSpeed(hsd) != HAL_SD_ERROR_NONE) + 800ce2c: 2800 cmp r0, #0 + 800ce2e: d0e4 beq.n 800cdfa + 800ce30: e07d b.n 800cf2e + if ((hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) || + 800ce32: 6dc3 ldr r3, [r0, #92] ; 0x5c + 800ce34: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800ce38: d002 beq.n 800ce40 + 800ce3a: 6bc3 ldr r3, [r0, #60] ; 0x3c + 800ce3c: 2b01 cmp r3, #1 + 800ce3e: d176 bne.n 800cf2e + hsd->Instance->CLKCR |= 0x00100000U; + 800ce40: 6822 ldr r2, [r4, #0] + 800ce42: 6853 ldr r3, [r2, #4] + */ +static uint32_t SD_DDR_Mode(SD_HandleTypeDef *hsd) +{ + uint32_t errorstate = HAL_SD_ERROR_NONE; + SDMMC_DataInitTypeDef sdmmc_datainitstructure; + uint32_t SD_hs[16] = {0}; + 800ce44: 2540 movs r5, #64 ; 0x40 + hsd->Instance->CLKCR |= 0x00100000U; + 800ce46: f443 1380 orr.w r3, r3, #1048576 ; 0x100000 + 800ce4a: 6053 str r3, [r2, #4] + uint32_t SD_hs[16] = {0}; + 800ce4c: 2100 movs r1, #0 + 800ce4e: 462a mov r2, r5 + 800ce50: a806 add r0, sp, #24 + 800ce52: f000 fd57 bl 800d904 + uint32_t count, loop = 0 ; + uint32_t Timeout = HAL_GetTick(); + 800ce56: f7fa fac7 bl 80073e8 + + if(hsd->SdCard.CardSpeed == CARD_NORMAL_SPEED) + 800ce5a: 6de3 ldr r3, [r4, #92] ; 0x5c + uint32_t Timeout = HAL_GetTick(); + 800ce5c: 4680 mov r8, r0 + if(hsd->SdCard.CardSpeed == CARD_NORMAL_SPEED) + 800ce5e: 2b00 cmp r3, #0 + 800ce60: d065 beq.n 800cf2e + { + /* Standard Speed Card <= 12.5Mhz */ + return HAL_SD_ERROR_REQUEST_NOT_APPLICABLE; + } + + if((hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) && + 800ce62: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800ce66: d1c8 bne.n 800cdfa + 800ce68: 69a6 ldr r6, [r4, #24] + 800ce6a: 2e01 cmp r6, #1 + 800ce6c: d1c5 bne.n 800cdfa + (hsd->Init.Transceiver == SDMMC_TRANSCEIVER_ENABLE)) + { + /* Initialize the Data control register */ + hsd->Instance->DCTRL = 0; + 800ce6e: 6820 ldr r0, [r4, #0] + 800ce70: 2300 movs r3, #0 + 800ce72: 62c3 str r3, [r0, #44] ; 0x2c + errorstate = SDMMC_CmdBlockLength(hsd->Instance, 64U); + 800ce74: 4629 mov r1, r5 + 800ce76: f000 f9e1 bl 800d23c + + if (errorstate != HAL_SD_ERROR_NONE) + 800ce7a: 2800 cmp r0, #0 + 800ce7c: d157 bne.n 800cf2e + { + return errorstate; + } + + /* Configure the SD DPSM (Data Path State Machine) */ + sdmmc_datainitstructure.DataTimeOut = SDMMC_DATATIMEOUT; + 800ce7e: f04f 33ff mov.w r3, #4294967295 ; 0xffffffff + sdmmc_datainitstructure.DataLength = 64U; + 800ce82: e9cd 3500 strd r3, r5, [sp] + sdmmc_datainitstructure.DataBlockSize = SDMMC_DATABLOCK_SIZE_64B ; + sdmmc_datainitstructure.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + sdmmc_datainitstructure.TransferMode = SDMMC_TRANSFER_MODE_BLOCK; + sdmmc_datainitstructure.DPSM = SDMMC_DPSM_ENABLE; + 800ce86: e9cd 0604 strd r0, r6, [sp, #16] + sdmmc_datainitstructure.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800ce8a: 2260 movs r2, #96 ; 0x60 + 800ce8c: 2302 movs r3, #2 + + if ( SDMMC_ConfigData(hsd->Instance, &sdmmc_datainitstructure) != HAL_OK) + 800ce8e: 6820 ldr r0, [r4, #0] + 800ce90: 4669 mov r1, sp + sdmmc_datainitstructure.TransferDir = SDMMC_TRANSFER_DIR_TO_SDMMC; + 800ce92: e9cd 2302 strd r2, r3, [sp, #8] + if ( SDMMC_ConfigData(hsd->Instance, &sdmmc_datainitstructure) != HAL_OK) + 800ce96: f000 f8f5 bl 800d084 + 800ce9a: 4605 mov r5, r0 + 800ce9c: 2800 cmp r0, #0 + 800ce9e: d146 bne.n 800cf2e + { + return (HAL_SD_ERROR_GENERAL_UNKNOWN_ERR); + } + + errorstate = SDMMC_CmdSwitch(hsd->Instance, SDMMC_DDR50_SWITCH_PATTERN); + 800cea0: 494a ldr r1, [pc, #296] ; (800cfcc ) + 800cea2: 6820 ldr r0, [r4, #0] + 800cea4: f000 fb35 bl 800d512 + if(errorstate != HAL_SD_ERROR_NONE) + 800cea8: 4607 mov r7, r0 + 800ceaa: 2800 cmp r0, #0 + 800ceac: d13f bne.n 800cf2e + { + return errorstate; + } + + while(!__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR | SDMMC_FLAG_DCRCFAIL | SDMMC_FLAG_DTIMEOUT | SDMMC_FLAG_DBCKEND| SDMMC_FLAG_DATAEND )) + 800ceae: f240 592a movw r9, #1322 ; 0x52a + 800ceb2: 6823 ldr r3, [r4, #0] + 800ceb4: 6b5e ldr r6, [r3, #52] ; 0x34 + 800ceb6: ea16 0609 ands.w r6, r6, r9 + 800ceba: d01d beq.n 800cef8 + hsd->State= HAL_SD_STATE_READY; + return HAL_SD_ERROR_TIMEOUT; + } + } + + if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DTIMEOUT)) + 800cebc: 6b5a ldr r2, [r3, #52] ; 0x34 + 800cebe: 0710 lsls r0, r2, #28 + 800cec0: d53b bpl.n 800cf3a + { + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DTIMEOUT); + 800cec2: 2208 movs r2, #8 + 800cec4: 639a str r2, [r3, #56] ; 0x38 + tickstart = HAL_GetTick(); + 800cec6: f7fa fa8f bl 80073e8 + 800ceca: 4606 mov r6, r0 + while ((HAL_SD_GetCardState(hsd) != HAL_SD_CARD_TRANSFER)) + 800cecc: 4620 mov r0, r4 + 800cece: f7ff fe83 bl 800cbd8 + 800ced2: 2804 cmp r0, #4 + 800ced4: d169 bne.n 800cfaa + errorstate = SDMMC_CmdBlockLength(hsd->Instance, BLOCKSIZE); + 800ced6: 6820 ldr r0, [r4, #0] + 800ced8: f44f 7100 mov.w r1, #512 ; 0x200 + 800cedc: f000 f9ae bl 800d23c + if(errorstate != HAL_SD_ERROR_NONE) + 800cee0: b130 cbz r0, 800cef0 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_FLAGS); + 800cee2: 6823 ldr r3, [r4, #0] + 800cee4: 4a3a ldr r2, [pc, #232] ; (800cfd0 ) + 800cee6: 639a str r2, [r3, #56] ; 0x38 + hsd->ErrorCode |= errorstate; + 800cee8: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800ceea: 4318 orrs r0, r3 + 800ceec: 63a0 str r0, [r4, #56] ; 0x38 + status = HAL_ERROR; + 800ceee: 2501 movs r5, #1 + hsd->State = HAL_SD_STATE_READY; + 800cef0: 2301 movs r3, #1 + 800cef2: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return status; + 800cef6: e064 b.n 800cfc2 + if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXFIFOHF)) + 800cef8: 6b5b ldr r3, [r3, #52] ; 0x34 + 800cefa: 041b lsls r3, r3, #16 + 800cefc: d50b bpl.n 800cf16 + 800cefe: ab06 add r3, sp, #24 + 800cf00: eb03 1a47 add.w sl, r3, r7, lsl #5 + SD_hs[(8U*loop)+count] = SDMMC_ReadFIFO(hsd->Instance); + 800cf04: 6820 ldr r0, [r4, #0] + 800cf06: f000 f881 bl 800d00c + for (count = 0U; count < 8U; count++) + 800cf0a: 3601 adds r6, #1 + 800cf0c: 2e08 cmp r6, #8 + SD_hs[(8U*loop)+count] = SDMMC_ReadFIFO(hsd->Instance); + 800cf0e: f84a 0b04 str.w r0, [sl], #4 + for (count = 0U; count < 8U; count++) + 800cf12: d1f7 bne.n 800cf04 + loop ++; + 800cf14: 3701 adds r7, #1 + if((HAL_GetTick()-Timeout) >= SDMMC_DATATIMEOUT) + 800cf16: f7fa fa67 bl 80073e8 + 800cf1a: eba0 0008 sub.w r0, r0, r8 + 800cf1e: 3001 adds r0, #1 + 800cf20: d1c7 bne.n 800ceb2 + hsd->ErrorCode = HAL_SD_ERROR_TIMEOUT; + 800cf22: f04f 4300 mov.w r3, #2147483648 ; 0x80000000 + 800cf26: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State= HAL_SD_STATE_READY; + 800cf28: 2301 movs r3, #1 + 800cf2a: f884 3034 strb.w r3, [r4, #52] ; 0x34 + hsd->ErrorCode |= HAL_SD_ERROR_UNSUPPORTED_FEATURE; + 800cf2e: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800cf30: f043 5380 orr.w r3, r3, #268435456 ; 0x10000000 + hsd->ErrorCode |= HAL_SD_ERROR_PARAM; + 800cf34: 63a3 str r3, [r4, #56] ; 0x38 + status = HAL_ERROR; + 800cf36: 2501 movs r5, #1 + break; + 800cf38: e7c5 b.n 800cec6 + + return errorstate; + } + else if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_DCRCFAIL)) + 800cf3a: 6b5a ldr r2, [r3, #52] ; 0x34 + 800cf3c: 0791 lsls r1, r2, #30 + 800cf3e: d502 bpl.n 800cf46 + { + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_DCRCFAIL); + 800cf40: 2202 movs r2, #2 + + return errorstate; + } + else if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + { + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800cf42: 639a str r2, [r3, #56] ; 0x38 + + errorstate = SDMMC_ERROR_RX_OVERRUN; + + return errorstate; + 800cf44: e7f3 b.n 800cf2e + else if (__HAL_SD_GET_FLAG(hsd, SDMMC_FLAG_RXOVERR)) + 800cf46: 6b5a ldr r2, [r3, #52] ; 0x34 + 800cf48: 0692 lsls r2, r2, #26 + 800cf4a: d501 bpl.n 800cf50 + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_FLAG_RXOVERR); + 800cf4c: 2220 movs r2, #32 + 800cf4e: e7f8 b.n 800cf42 + { + /* No error flag set */ + } + + /* Clear all the static flags */ + __HAL_SD_CLEAR_FLAG(hsd, SDMMC_STATIC_DATA_FLAGS); + 800cf50: 4a20 ldr r2, [pc, #128] ; (800cfd4 ) + 800cf52: 639a str r2, [r3, #56] ; 0x38 + + /* Test if the switch mode is ok */ + if ((((uint8_t*)SD_hs)[13] & 2U) != 2U) + 800cf54: f89d 3025 ldrb.w r3, [sp, #37] ; 0x25 + 800cf58: 079b lsls r3, r3, #30 + 800cf5a: d5e8 bpl.n 800cf2e + else + { +#if defined (USE_HAL_SD_REGISTER_CALLBACKS) && (USE_HAL_SD_REGISTER_CALLBACKS == 1U) + hsd->DriveTransceiver_1_8V_Callback(SET); +#else + HAL_SDEx_DriveTransceiver_1_8V_Callback(SET); + 800cf5c: 2001 movs r0, #1 + 800cf5e: f7fa fab3 bl 80074c8 + 800cf62: e7b0 b.n 800cec6 + switch (SpeedMode) + 800cf64: 2901 cmp r1, #1 + 800cf66: f43f af48 beq.w 800cdfa + 800cf6a: 2902 cmp r1, #2 + 800cf6c: d00c beq.n 800cf88 + 800cf6e: b9c1 cbnz r1, 800cfa2 + if ((hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) || + 800cf70: 6dc3 ldr r3, [r0, #92] ; 0x5c + 800cf72: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800cf76: f43f af45 beq.w 800ce04 + 800cf7a: f5b3 7f80 cmp.w r3, #256 ; 0x100 + 800cf7e: f43f af41 beq.w 800ce04 + (hsd->SdCard.CardSpeed == CARD_HIGH_SPEED) || + 800cf82: 6bc3 ldr r3, [r0, #60] ; 0x3c + 800cf84: 2b01 cmp r3, #1 + 800cf86: e73c b.n 800ce02 + if ((hsd->SdCard.CardSpeed == CARD_ULTRA_HIGH_SPEED) || + 800cf88: 6de3 ldr r3, [r4, #92] ; 0x5c + 800cf8a: f5b3 7f00 cmp.w r3, #512 ; 0x200 + 800cf8e: f43f af39 beq.w 800ce04 + 800cf92: f5b3 7f80 cmp.w r3, #256 ; 0x100 + 800cf96: f43f af35 beq.w 800ce04 + (hsd->SdCard.CardSpeed == CARD_HIGH_SPEED) || + 800cf9a: 6be3 ldr r3, [r4, #60] ; 0x3c + 800cf9c: 2b01 cmp r3, #1 + 800cf9e: d1c6 bne.n 800cf2e + 800cfa0: e730 b.n 800ce04 + hsd->ErrorCode |= HAL_SD_ERROR_PARAM; + 800cfa2: 6ba3 ldr r3, [r4, #56] ; 0x38 + 800cfa4: f043 6300 orr.w r3, r3, #134217728 ; 0x8000000 + 800cfa8: e7c4 b.n 800cf34 + if ((HAL_GetTick() - tickstart) >= SDMMC_DATATIMEOUT) + 800cfaa: f7fa fa1d bl 80073e8 + 800cfae: 1b80 subs r0, r0, r6 + 800cfb0: 3001 adds r0, #1 + 800cfb2: d18b bne.n 800cecc + hsd->ErrorCode = HAL_SD_ERROR_TIMEOUT; + 800cfb4: f04f 4300 mov.w r3, #2147483648 ; 0x80000000 + 800cfb8: 63a3 str r3, [r4, #56] ; 0x38 + hsd->State = HAL_SD_STATE_READY; + 800cfba: 2301 movs r3, #1 + 800cfbc: f884 3034 strb.w r3, [r4, #52] ; 0x34 + return HAL_TIMEOUT; + 800cfc0: 2503 movs r5, #3 +} + 800cfc2: 4628 mov r0, r5 + 800cfc4: b016 add sp, #88 ; 0x58 + 800cfc6: e8bd 87f0 ldmia.w sp!, {r4, r5, r6, r7, r8, r9, sl, pc} + 800cfca: bf00 nop + 800cfcc: 80ffff04 .word 0x80ffff04 + 800cfd0: 1fe00fff .word 0x1fe00fff + 800cfd4: 18000f3a .word 0x18000f3a + +0800cfd8 : + * @param SDMMCx Pointer to SDMMC register base + * @param Init SDMMC initialization structure + * @retval HAL status + */ +HAL_StatusTypeDef SDMMC_Init(SDMMC_TypeDef *SDMMCx, SDMMC_InitTypeDef Init) +{ + 800cfd8: b084 sub sp, #16 + 800cfda: b510 push {r4, lr} + 800cfdc: ac03 add r4, sp, #12 + 800cfde: e884 000e stmia.w r4, {r1, r2, r3} + + /* Set SDMMC configuration parameters */ +#if !defined(STM32L4P5xx) && !defined(STM32L4Q5xx) && !defined(STM32L4R5xx) && !defined(STM32L4R7xx) && !defined(STM32L4R9xx) && !defined(STM32L4S5xx) && !defined(STM32L4S7xx) && !defined(STM32L4S9xx) + tmpreg |= Init.ClockBypass; +#endif + tmpreg |= (Init.ClockEdge |\ + 800cfe2: 9b03 ldr r3, [sp, #12] + Init.HardwareFlowControl |\ + Init.ClockDiv + ); + + /* Write to SDMMC CLKCR */ + MODIFY_REG(SDMMCx->CLKCR, CLKCR_CLEAR_MASK, tmpreg); + 800cfe4: 6841 ldr r1, [r0, #4] + tmpreg |= (Init.ClockEdge |\ + 800cfe6: 4313 orrs r3, r2 + Init.ClockPowerSave |\ + 800cfe8: 9a05 ldr r2, [sp, #20] + 800cfea: 4313 orrs r3, r2 + Init.BusWide |\ + 800cfec: 9a06 ldr r2, [sp, #24] + 800cfee: 4313 orrs r3, r2 + Init.HardwareFlowControl |\ + 800cff0: 9a07 ldr r2, [sp, #28] + + return HAL_OK; +} + 800cff2: e8bd 4010 ldmia.w sp!, {r4, lr} + Init.HardwareFlowControl |\ + 800cff6: 4313 orrs r3, r2 + MODIFY_REG(SDMMCx->CLKCR, CLKCR_CLEAR_MASK, tmpreg); + 800cff8: 4a03 ldr r2, [pc, #12] ; (800d008 ) + 800cffa: 400a ands r2, r1 + 800cffc: 4313 orrs r3, r2 + 800cffe: 6043 str r3, [r0, #4] +} + 800d000: b004 add sp, #16 + 800d002: 2000 movs r0, #0 + 800d004: 4770 bx lr + 800d006: bf00 nop + 800d008: ffc02c00 .word 0xffc02c00 + +0800d00c : + * @retval HAL status + */ +uint32_t SDMMC_ReadFIFO(SDMMC_TypeDef *SDMMCx) +{ + /* Read data from Rx FIFO */ + return (SDMMCx->FIFO); + 800d00c: f8d0 0080 ldr.w r0, [r0, #128] ; 0x80 +} + 800d010: 4770 bx lr + +0800d012 : + * @retval HAL status + */ +HAL_StatusTypeDef SDMMC_WriteFIFO(SDMMC_TypeDef *SDMMCx, uint32_t *pWriteData) +{ + /* Write data to FIFO */ + SDMMCx->FIFO = *pWriteData; + 800d012: 680b ldr r3, [r1, #0] + 800d014: f8c0 3080 str.w r3, [r0, #128] ; 0x80 + + return HAL_OK; +} + 800d018: 2000 movs r0, #0 + 800d01a: 4770 bx lr + +0800d01c : + * @brief Set SDMMC Power state to ON. + * @param SDMMCx Pointer to SDMMC register base + * @retval HAL status + */ +HAL_StatusTypeDef SDMMC_PowerState_ON(SDMMC_TypeDef *SDMMCx) +{ + 800d01c: b508 push {r3, lr} + /* Set power state to ON */ +#if defined(STM32L4P5xx) || defined(STM32L4Q5xx) || defined(STM32L4R5xx) || defined(STM32L4R7xx) || defined(STM32L4R9xx) || defined(STM32L4S5xx) || defined(STM32L4S7xx) || defined(STM32L4S9xx) + SDMMCx->POWER |= SDMMC_POWER_PWRCTRL; + 800d01e: 6803 ldr r3, [r0, #0] + 800d020: f043 0303 orr.w r3, r3, #3 + 800d024: 6003 str r3, [r0, #0] + SDMMCx->POWER = SDMMC_POWER_PWRCTRL; +#endif /* STM32L4P5xx || STM32L4Q5xx || STM32L4R5xx || STM32L4R7xx || STM32L4R9xx || STM32L4S5xx || STM32L4S7xx || STM32L4S9xx */ + + /* 1ms: required power up waiting time before starting the SD initialization + sequence */ + HAL_Delay(2); + 800d026: 2002 movs r0, #2 + 800d028: f7f6 fd4b bl 8003ac2 + + return HAL_OK; +} + 800d02c: 2000 movs r0, #0 + 800d02e: bd08 pop {r3, pc} + +0800d030 : + * @retval HAL status + */ +HAL_StatusTypeDef SDMMC_PowerState_Cycle(SDMMC_TypeDef *SDMMCx) +{ + /* Set power state to Power Cycle*/ + SDMMCx->POWER |= SDMMC_POWER_PWRCTRL_1; + 800d030: 6803 ldr r3, [r0, #0] + 800d032: f043 0302 orr.w r3, r3, #2 + 800d036: 6003 str r3, [r0, #0] + + return HAL_OK; +} + 800d038: 2000 movs r0, #0 + 800d03a: 4770 bx lr + +0800d03c : + */ +HAL_StatusTypeDef SDMMC_PowerState_OFF(SDMMC_TypeDef *SDMMCx) +{ + /* Set power state to OFF */ +#if defined(STM32L4P5xx) || defined(STM32L4Q5xx) || defined(STM32L4R5xx) || defined(STM32L4R7xx) || defined(STM32L4R9xx) || defined(STM32L4S5xx) || defined(STM32L4S7xx) || defined(STM32L4S9xx) + SDMMCx->POWER &= ~(SDMMC_POWER_PWRCTRL); + 800d03c: 6803 ldr r3, [r0, #0] + 800d03e: f023 0303 bic.w r3, r3, #3 + 800d042: 6003 str r3, [r0, #0] +#else + SDMMCx->POWER = (uint32_t)0x00000000; +#endif /* STM32L4P5xx || STM32L4Q5xx || STM32L4R5xx || STM32L4R7xx || STM32L4R9xx || STM32L4S5xx || STM32L4S7xx || STM32L4S9xx */ + + return HAL_OK; +} + 800d044: 2000 movs r0, #0 + 800d046: 4770 bx lr + +0800d048 : + * - 0x02: Power UP + * - 0x03: Power ON + */ +uint32_t SDMMC_GetPowerState(SDMMC_TypeDef *SDMMCx) +{ + return (SDMMCx->POWER & SDMMC_POWER_PWRCTRL); + 800d048: 6800 ldr r0, [r0, #0] +} + 800d04a: f000 0003 and.w r0, r0, #3 + 800d04e: 4770 bx lr + +0800d050 : + assert_param(IS_SDMMC_RESPONSE(Command->Response)); + assert_param(IS_SDMMC_WAIT(Command->WaitForInterrupt)); + assert_param(IS_SDMMC_CPSM(Command->CPSM)); + + /* Set the SDMMC Argument value */ + SDMMCx->ARG = Command->Argument; + 800d050: 680b ldr r3, [r1, #0] +{ + 800d052: b510 push {r4, lr} + SDMMCx->ARG = Command->Argument; + 800d054: 6083 str r3, [r0, #8] + + /* Set SDMMC command parameters */ + tmpreg |= (uint32_t)(Command->CmdIndex |\ + 800d056: e9d1 3201 ldrd r3, r2, [r1, #4] + 800d05a: 4313 orrs r3, r2 + Command->Response |\ + 800d05c: 68ca ldr r2, [r1, #12] + Command->WaitForInterrupt |\ + Command->CPSM); + + /* Write to SDMMC CMD register */ + MODIFY_REG(SDMMCx->CMD, CMD_CLEAR_MASK, tmpreg); + 800d05e: 68c4 ldr r4, [r0, #12] + Command->Response |\ + 800d060: 4313 orrs r3, r2 + Command->WaitForInterrupt |\ + 800d062: 690a ldr r2, [r1, #16] + 800d064: 4313 orrs r3, r2 + MODIFY_REG(SDMMCx->CMD, CMD_CLEAR_MASK, tmpreg); + 800d066: 4a03 ldr r2, [pc, #12] ; (800d074 ) + 800d068: 4022 ands r2, r4 + 800d06a: 4313 orrs r3, r2 + 800d06c: 60c3 str r3, [r0, #12] + + return HAL_OK; +} + 800d06e: 2000 movs r0, #0 + 800d070: bd10 pop {r4, pc} + 800d072: bf00 nop + 800d074: fffee0c0 .word 0xfffee0c0 + +0800d078 : + * @param SDMMCx Pointer to SDMMC register base + * @retval Command index of the last command response received + */ +uint8_t SDMMC_GetCommandResponse(SDMMC_TypeDef *SDMMCx) +{ + return (uint8_t)(SDMMCx->RESPCMD); + 800d078: 6900 ldr r0, [r0, #16] +} + 800d07a: b2c0 uxtb r0, r0 + 800d07c: 4770 bx lr + +0800d07e : + + /* Check the parameters */ + assert_param(IS_SDMMC_RESP(Response)); + + /* Get the response */ + tmp = (uint32_t)(&(SDMMCx->RESP1)) + Response; + 800d07e: 3014 adds r0, #20 + + return (*(__IO uint32_t *) tmp); + 800d080: 5840 ldr r0, [r0, r1] +} + 800d082: 4770 bx lr + +0800d084 : + assert_param(IS_SDMMC_TRANSFER_DIR(Data->TransferDir)); + assert_param(IS_SDMMC_TRANSFER_MODE(Data->TransferMode)); + assert_param(IS_SDMMC_DPSM(Data->DPSM)); + + /* Set the SDMMC Data TimeOut value */ + SDMMCx->DTIMER = Data->DataTimeOut; + 800d084: 680b ldr r3, [r1, #0] +{ + 800d086: b510 push {r4, lr} + SDMMCx->DTIMER = Data->DataTimeOut; + 800d088: 6243 str r3, [r0, #36] ; 0x24 + + /* Set the SDMMC DataLength value */ + SDMMCx->DLEN = Data->DataLength; + 800d08a: 684b ldr r3, [r1, #4] + 800d08c: 6283 str r3, [r0, #40] ; 0x28 + + /* Set the SDMMC data configuration parameters */ + tmpreg |= (uint32_t)(Data->DataBlockSize |\ + 800d08e: e9d1 3402 ldrd r3, r4, [r1, #8] + 800d092: 4323 orrs r3, r4 + Data->TransferDir |\ + 800d094: 690c ldr r4, [r1, #16] + Data->TransferMode |\ + Data->DPSM); + + /* Write to SDMMC DCTRL */ + MODIFY_REG(SDMMCx->DCTRL, DCTRL_CLEAR_MASK, tmpreg); + 800d096: 6ac2 ldr r2, [r0, #44] ; 0x2c + Data->TransferMode |\ + 800d098: 6949 ldr r1, [r1, #20] + Data->TransferDir |\ + 800d09a: 4323 orrs r3, r4 + Data->TransferMode |\ + 800d09c: 430b orrs r3, r1 + MODIFY_REG(SDMMCx->DCTRL, DCTRL_CLEAR_MASK, tmpreg); + 800d09e: f022 02ff bic.w r2, r2, #255 ; 0xff + 800d0a2: 4313 orrs r3, r2 + 800d0a4: 62c3 str r3, [r0, #44] ; 0x2c + + return HAL_OK; + +} + 800d0a6: 2000 movs r0, #0 + 800d0a8: bd10 pop {r4, pc} + +0800d0aa : + * @param SDMMCx Pointer to SDMMC register base + * @retval Number of remaining data bytes to be transferred + */ +uint32_t SDMMC_GetDataCounter(SDMMC_TypeDef *SDMMCx) +{ + return (SDMMCx->DCOUNT); + 800d0aa: 6b00 ldr r0, [r0, #48] ; 0x30 +} + 800d0ac: 4770 bx lr + +0800d0ae : + 800d0ae: f8d0 0080 ldr.w r0, [r0, #128] ; 0x80 + 800d0b2: 4770 bx lr + +0800d0b4 : +{ + /* Check the parameters */ + assert_param(IS_SDMMC_READWAIT_MODE(SDMMC_ReadWaitMode)); + + /* Set SDMMC read wait mode */ + MODIFY_REG(SDMMCx->DCTRL, SDMMC_DCTRL_RWMOD, SDMMC_ReadWaitMode); + 800d0b4: 6ac3 ldr r3, [r0, #44] ; 0x2c + 800d0b6: f423 6380 bic.w r3, r3, #1024 ; 0x400 + 800d0ba: 4319 orrs r1, r3 + 800d0bc: 62c1 str r1, [r0, #44] ; 0x2c + + return HAL_OK; +} + 800d0be: 2000 movs r0, #0 + 800d0c0: 4770 bx lr + ... + +0800d0c4 : + * @brief Send the Go Idle State command and check the response. + * @param SDMMCx Pointer to SDMMC register base + * @retval HAL status + */ +uint32_t SDMMC_CmdGoIdleState(SDMMC_TypeDef *SDMMCx) +{ + 800d0c4: b510 push {r4, lr} + SDMMC_CmdInitTypeDef sdmmc_cmdinit; + uint32_t errorstate; + + sdmmc_cmdinit.Argument = 0U; + 800d0c6: 2300 movs r3, #0 +{ + 800d0c8: b086 sub sp, #24 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_GO_IDLE_STATE; + 800d0ca: e9cd 3301 strd r3, r3, [sp, #4] + sdmmc_cmdinit.Response = SDMMC_RESPONSE_NO; + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d0ce: e9cd 3303 strd r3, r3, [sp, #12] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d0d2: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d0d4: f44f 5380 mov.w r3, #4096 ; 0x1000 + 800d0d8: 9305 str r3, [sp, #20] +{ + 800d0da: 4604 mov r4, r0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d0dc: f7ff ffb8 bl 800d050 + */ +static uint32_t SDMMC_GetCmdError(SDMMC_TypeDef *SDMMCx) +{ + /* 8 is the number of required instructions cycles for the below loop statement. + The SDMMC_CMDTIMEOUT is expressed in ms */ + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d0e0: 4b0a ldr r3, [pc, #40] ; (800d10c ) + 800d0e2: f44f 52fa mov.w r2, #8000 ; 0x1f40 + 800d0e6: 681b ldr r3, [r3, #0] + 800d0e8: fbb3 f3f2 udiv r3, r3, r2 + 800d0ec: f241 3288 movw r2, #5000 ; 0x1388 + 800d0f0: 4353 muls r3, r2 + + do + { + if (count-- == 0U) + 800d0f2: 3b01 subs r3, #1 + 800d0f4: d307 bcc.n 800d106 + { + return SDMMC_ERROR_TIMEOUT; + } + + }while(!__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CMDSENT)); + 800d0f6: 6b62 ldr r2, [r4, #52] ; 0x34 + 800d0f8: 0612 lsls r2, r2, #24 + 800d0fa: d5fa bpl.n 800d0f2 + + /* Clear all the static flags */ + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_STATIC_CMD_FLAGS); + 800d0fc: 4b04 ldr r3, [pc, #16] ; (800d110 ) + 800d0fe: 63a3 str r3, [r4, #56] ; 0x38 + + return SDMMC_ERROR_NONE; + 800d100: 2000 movs r0, #0 +} + 800d102: b006 add sp, #24 + 800d104: bd10 pop {r4, pc} + return SDMMC_ERROR_TIMEOUT; + 800d106: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 + return errorstate; + 800d10a: e7fa b.n 800d102 + 800d10c: 2009e2ac .word 0x2009e2ac + 800d110: 002000c5 .word 0x002000c5 + +0800d114 : + uint32_t count = Timeout * (SystemCoreClock / 8U /1000U); + 800d114: 4b45 ldr r3, [pc, #276] ; (800d22c ) +{ + 800d116: b510 push {r4, lr} + uint32_t count = Timeout * (SystemCoreClock / 8U /1000U); + 800d118: 681b ldr r3, [r3, #0] +{ + 800d11a: 4604 mov r4, r0 + uint32_t count = Timeout * (SystemCoreClock / 8U /1000U); + 800d11c: f44f 50fa mov.w r0, #8000 ; 0x1f40 + 800d120: fbb3 f3f0 udiv r3, r3, r0 + }while(((sta_reg & (SDMMC_FLAG_CCRCFAIL | SDMMC_FLAG_CMDREND | SDMMC_FLAG_CTIMEOUT | SDMMC_FLAG_BUSYD0END)) == 0U) || + 800d124: 4842 ldr r0, [pc, #264] ; (800d230 ) + uint32_t count = Timeout * (SystemCoreClock / 8U /1000U); + 800d126: 435a muls r2, r3 + if (count-- == 0U) + 800d128: 2a00 cmp r2, #0 + 800d12a: d048 beq.n 800d1be + sta_reg = SDMMCx->STA; + 800d12c: 6b63 ldr r3, [r4, #52] ; 0x34 + ((sta_reg & SDMMC_FLAG_CMDACT) != 0U )); + 800d12e: 4203 tst r3, r0 + 800d130: d007 beq.n 800d142 + }while(((sta_reg & (SDMMC_FLAG_CCRCFAIL | SDMMC_FLAG_CMDREND | SDMMC_FLAG_CTIMEOUT | SDMMC_FLAG_BUSYD0END)) == 0U) || + 800d132: 049b lsls r3, r3, #18 + 800d134: d405 bmi.n 800d142 + if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT)) + 800d136: 6b63 ldr r3, [r4, #52] ; 0x34 + 800d138: 0758 lsls r0, r3, #29 + 800d13a: d504 bpl.n 800d146 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT); + 800d13c: 2004 movs r0, #4 + 800d13e: 63a0 str r0, [r4, #56] ; 0x38 +} + 800d140: bd10 pop {r4, pc} + 800d142: 3a01 subs r2, #1 + 800d144: e7f0 b.n 800d128 + else if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL)) + 800d146: 6b60 ldr r0, [r4, #52] ; 0x34 + 800d148: f010 0001 ands.w r0, r0, #1 + 800d14c: d002 beq.n 800d154 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL); + 800d14e: 2301 movs r3, #1 + 800d150: 63a3 str r3, [r4, #56] ; 0x38 + return SDMMC_ERROR_CMD_CRC_FAIL; + 800d152: e7f5 b.n 800d140 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_STATIC_CMD_FLAGS); + 800d154: 4b37 ldr r3, [pc, #220] ; (800d234 ) + 800d156: 63a3 str r3, [r4, #56] ; 0x38 + return (uint8_t)(SDMMCx->RESPCMD); + 800d158: 6923 ldr r3, [r4, #16] + if(SDMMC_GetCommandResponse(SDMMCx) != SD_CMD) + 800d15a: b2db uxtb r3, r3 + 800d15c: 4299 cmp r1, r3 + 800d15e: d131 bne.n 800d1c4 + return (*(__IO uint32_t *) tmp); + 800d160: 6963 ldr r3, [r4, #20] + if((response_r1 & SDMMC_OCR_ERRORBITS) == SDMMC_ALLZERO) + 800d162: 4835 ldr r0, [pc, #212] ; (800d238 ) + 800d164: 4018 ands r0, r3 + 800d166: 2800 cmp r0, #0 + 800d168: d0ea beq.n 800d140 + else if((response_r1 & SDMMC_OCR_ADDR_OUT_OF_RANGE) == SDMMC_OCR_ADDR_OUT_OF_RANGE) + 800d16a: 2b00 cmp r3, #0 + 800d16c: db2c blt.n 800d1c8 + else if((response_r1 & SDMMC_OCR_ADDR_MISALIGNED) == SDMMC_OCR_ADDR_MISALIGNED) + 800d16e: 005a lsls r2, r3, #1 + 800d170: d42d bmi.n 800d1ce + else if((response_r1 & SDMMC_OCR_BLOCK_LEN_ERR) == SDMMC_OCR_BLOCK_LEN_ERR) + 800d172: 009c lsls r4, r3, #2 + 800d174: d42d bmi.n 800d1d2 + else if((response_r1 & SDMMC_OCR_ERASE_SEQ_ERR) == SDMMC_OCR_ERASE_SEQ_ERR) + 800d176: 00d9 lsls r1, r3, #3 + 800d178: d42d bmi.n 800d1d6 + else if((response_r1 & SDMMC_OCR_BAD_ERASE_PARAM) == SDMMC_OCR_BAD_ERASE_PARAM) + 800d17a: 011a lsls r2, r3, #4 + 800d17c: d42e bmi.n 800d1dc + else if((response_r1 & SDMMC_OCR_WRITE_PROT_VIOLATION) == SDMMC_OCR_WRITE_PROT_VIOLATION) + 800d17e: 015c lsls r4, r3, #5 + 800d180: d42f bmi.n 800d1e2 + else if((response_r1 & SDMMC_OCR_LOCK_UNLOCK_FAILED) == SDMMC_OCR_LOCK_UNLOCK_FAILED) + 800d182: 01d9 lsls r1, r3, #7 + 800d184: d430 bmi.n 800d1e8 + else if((response_r1 & SDMMC_OCR_COM_CRC_FAILED) == SDMMC_OCR_COM_CRC_FAILED) + 800d186: 021a lsls r2, r3, #8 + 800d188: d431 bmi.n 800d1ee + else if((response_r1 & SDMMC_OCR_ILLEGAL_CMD) == SDMMC_OCR_ILLEGAL_CMD) + 800d18a: 025c lsls r4, r3, #9 + 800d18c: d432 bmi.n 800d1f4 + else if((response_r1 & SDMMC_OCR_CARD_ECC_FAILED) == SDMMC_OCR_CARD_ECC_FAILED) + 800d18e: 0299 lsls r1, r3, #10 + 800d190: d433 bmi.n 800d1fa + else if((response_r1 & SDMMC_OCR_CC_ERROR) == SDMMC_OCR_CC_ERROR) + 800d192: 02da lsls r2, r3, #11 + 800d194: d434 bmi.n 800d200 + else if((response_r1 & SDMMC_OCR_STREAM_READ_UNDERRUN) == SDMMC_OCR_STREAM_READ_UNDERRUN) + 800d196: 035c lsls r4, r3, #13 + 800d198: d435 bmi.n 800d206 + else if((response_r1 & SDMMC_OCR_STREAM_WRITE_OVERRUN) == SDMMC_OCR_STREAM_WRITE_OVERRUN) + 800d19a: 0399 lsls r1, r3, #14 + 800d19c: d436 bmi.n 800d20c + else if((response_r1 & SDMMC_OCR_CID_CSD_OVERWRITE) == SDMMC_OCR_CID_CSD_OVERWRITE) + 800d19e: 03da lsls r2, r3, #15 + 800d1a0: d437 bmi.n 800d212 + else if((response_r1 & SDMMC_OCR_WP_ERASE_SKIP) == SDMMC_OCR_WP_ERASE_SKIP) + 800d1a2: 041c lsls r4, r3, #16 + 800d1a4: d438 bmi.n 800d218 + else if((response_r1 & SDMMC_OCR_CARD_ECC_DISABLED) == SDMMC_OCR_CARD_ECC_DISABLED) + 800d1a6: 0459 lsls r1, r3, #17 + 800d1a8: d439 bmi.n 800d21e + else if((response_r1 & SDMMC_OCR_ERASE_RESET) == SDMMC_OCR_ERASE_RESET) + 800d1aa: 049a lsls r2, r3, #18 + 800d1ac: d43a bmi.n 800d224 + return SDMMC_ERROR_GENERAL_UNKNOWN_ERR; + 800d1ae: f013 0f08 tst.w r3, #8 + 800d1b2: bf14 ite ne + 800d1b4: f44f 0000 movne.w r0, #8388608 ; 0x800000 + 800d1b8: f44f 3080 moveq.w r0, #65536 ; 0x10000 + 800d1bc: e7c0 b.n 800d140 + return SDMMC_ERROR_TIMEOUT; + 800d1be: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 + 800d1c2: e7bd b.n 800d140 + return SDMMC_ERROR_CMD_CRC_FAIL; + 800d1c4: 2001 movs r0, #1 + 800d1c6: e7bb b.n 800d140 + return SDMMC_ERROR_ADDR_OUT_OF_RANGE; + 800d1c8: f04f 7000 mov.w r0, #33554432 ; 0x2000000 + 800d1cc: e7b8 b.n 800d140 + return SDMMC_ERROR_ADDR_MISALIGNED; + 800d1ce: 2040 movs r0, #64 ; 0x40 + 800d1d0: e7b6 b.n 800d140 + return SDMMC_ERROR_BLOCK_LEN_ERR; + 800d1d2: 2080 movs r0, #128 ; 0x80 + 800d1d4: e7b4 b.n 800d140 + return SDMMC_ERROR_ERASE_SEQ_ERR; + 800d1d6: f44f 7080 mov.w r0, #256 ; 0x100 + 800d1da: e7b1 b.n 800d140 + return SDMMC_ERROR_BAD_ERASE_PARAM; + 800d1dc: f44f 7000 mov.w r0, #512 ; 0x200 + 800d1e0: e7ae b.n 800d140 + return SDMMC_ERROR_WRITE_PROT_VIOLATION; + 800d1e2: f44f 6080 mov.w r0, #1024 ; 0x400 + 800d1e6: e7ab b.n 800d140 + return SDMMC_ERROR_LOCK_UNLOCK_FAILED; + 800d1e8: f44f 6000 mov.w r0, #2048 ; 0x800 + 800d1ec: e7a8 b.n 800d140 + return SDMMC_ERROR_COM_CRC_FAILED; + 800d1ee: f44f 5080 mov.w r0, #4096 ; 0x1000 + 800d1f2: e7a5 b.n 800d140 + return SDMMC_ERROR_ILLEGAL_CMD; + 800d1f4: f44f 5000 mov.w r0, #8192 ; 0x2000 + 800d1f8: e7a2 b.n 800d140 + return SDMMC_ERROR_CARD_ECC_FAILED; + 800d1fa: f44f 4080 mov.w r0, #16384 ; 0x4000 + 800d1fe: e79f b.n 800d140 + return SDMMC_ERROR_CC_ERR; + 800d200: f44f 4000 mov.w r0, #32768 ; 0x8000 + 800d204: e79c b.n 800d140 + return SDMMC_ERROR_STREAM_READ_UNDERRUN; + 800d206: f44f 3000 mov.w r0, #131072 ; 0x20000 + 800d20a: e799 b.n 800d140 + return SDMMC_ERROR_STREAM_WRITE_OVERRUN; + 800d20c: f44f 2080 mov.w r0, #262144 ; 0x40000 + 800d210: e796 b.n 800d140 + return SDMMC_ERROR_CID_CSD_OVERWRITE; + 800d212: f44f 2000 mov.w r0, #524288 ; 0x80000 + 800d216: e793 b.n 800d140 + return SDMMC_ERROR_WP_ERASE_SKIP; + 800d218: f44f 1080 mov.w r0, #1048576 ; 0x100000 + 800d21c: e790 b.n 800d140 + return SDMMC_ERROR_CARD_ECC_DISABLED; + 800d21e: f44f 1000 mov.w r0, #2097152 ; 0x200000 + 800d222: e78d b.n 800d140 + return SDMMC_ERROR_ERASE_RESET; + 800d224: f44f 0080 mov.w r0, #4194304 ; 0x400000 + 800d228: e78a b.n 800d140 + 800d22a: bf00 nop + 800d22c: 2009e2ac .word 0x2009e2ac + 800d230: 00200045 .word 0x00200045 + 800d234: 002000c5 .word 0x002000c5 + 800d238: fdffe008 .word 0xfdffe008 + +0800d23c : +{ + 800d23c: b530 push {r4, r5, lr} + 800d23e: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d240: 2510 movs r5, #16 + 800d242: f44f 7380 mov.w r3, #256 ; 0x100 + 800d246: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d24a: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d24c: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)BlockSize; + 800d250: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d252: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d254: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d256: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d25a: f7ff fef9 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SET_BLOCKLEN, SDMMC_CMDTIMEOUT); + 800d25e: f241 3288 movw r2, #5000 ; 0x1388 + 800d262: 4629 mov r1, r5 + 800d264: 4620 mov r0, r4 + 800d266: f7ff ff55 bl 800d114 +} + 800d26a: b007 add sp, #28 + 800d26c: bd30 pop {r4, r5, pc} + +0800d26e : +{ + 800d26e: b530 push {r4, r5, lr} + 800d270: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d272: 2511 movs r5, #17 + 800d274: f44f 7380 mov.w r3, #256 ; 0x100 + 800d278: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d27c: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d27e: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)ReadAdd; + 800d282: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d284: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d286: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d288: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d28c: f7ff fee0 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_READ_SINGLE_BLOCK, SDMMC_CMDTIMEOUT); + 800d290: f241 3288 movw r2, #5000 ; 0x1388 + 800d294: 4629 mov r1, r5 + 800d296: 4620 mov r0, r4 + 800d298: f7ff ff3c bl 800d114 +} + 800d29c: b007 add sp, #28 + 800d29e: bd30 pop {r4, r5, pc} + +0800d2a0 : +{ + 800d2a0: b530 push {r4, r5, lr} + 800d2a2: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d2a4: 2512 movs r5, #18 + 800d2a6: f44f 7380 mov.w r3, #256 ; 0x100 + 800d2aa: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d2ae: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d2b0: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)ReadAdd; + 800d2b4: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d2b6: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d2b8: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d2ba: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d2be: f7ff fec7 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_READ_MULT_BLOCK, SDMMC_CMDTIMEOUT); + 800d2c2: f241 3288 movw r2, #5000 ; 0x1388 + 800d2c6: 4629 mov r1, r5 + 800d2c8: 4620 mov r0, r4 + 800d2ca: f7ff ff23 bl 800d114 +} + 800d2ce: b007 add sp, #28 + 800d2d0: bd30 pop {r4, r5, pc} + +0800d2d2 : +{ + 800d2d2: b530 push {r4, r5, lr} + 800d2d4: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d2d6: 2518 movs r5, #24 + 800d2d8: f44f 7380 mov.w r3, #256 ; 0x100 + 800d2dc: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d2e0: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d2e2: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)WriteAdd; + 800d2e6: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d2e8: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d2ea: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d2ec: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d2f0: f7ff feae bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_WRITE_SINGLE_BLOCK, SDMMC_CMDTIMEOUT); + 800d2f4: f241 3288 movw r2, #5000 ; 0x1388 + 800d2f8: 4629 mov r1, r5 + 800d2fa: 4620 mov r0, r4 + 800d2fc: f7ff ff0a bl 800d114 +} + 800d300: b007 add sp, #28 + 800d302: bd30 pop {r4, r5, pc} + +0800d304 : +{ + 800d304: b530 push {r4, r5, lr} + 800d306: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d308: 2519 movs r5, #25 + 800d30a: f44f 7380 mov.w r3, #256 ; 0x100 + 800d30e: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d312: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d314: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)WriteAdd; + 800d318: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d31a: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d31c: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d31e: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d322: f7ff fe95 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_WRITE_MULT_BLOCK, SDMMC_CMDTIMEOUT); + 800d326: f241 3288 movw r2, #5000 ; 0x1388 + 800d32a: 4629 mov r1, r5 + 800d32c: 4620 mov r0, r4 + 800d32e: f7ff fef1 bl 800d114 +} + 800d332: b007 add sp, #28 + 800d334: bd30 pop {r4, r5, pc} + +0800d336 : +{ + 800d336: b530 push {r4, r5, lr} + 800d338: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d33a: 2520 movs r5, #32 + 800d33c: f44f 7380 mov.w r3, #256 ; 0x100 + 800d340: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d344: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d346: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)StartAdd; + 800d34a: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d34c: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d34e: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d350: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d354: f7ff fe7c bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SD_ERASE_GRP_START, SDMMC_CMDTIMEOUT); + 800d358: f241 3288 movw r2, #5000 ; 0x1388 + 800d35c: 4629 mov r1, r5 + 800d35e: 4620 mov r0, r4 + 800d360: f7ff fed8 bl 800d114 +} + 800d364: b007 add sp, #28 + 800d366: bd30 pop {r4, r5, pc} + +0800d368 : +{ + 800d368: b530 push {r4, r5, lr} + 800d36a: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d36c: 2521 movs r5, #33 ; 0x21 + 800d36e: f44f 7380 mov.w r3, #256 ; 0x100 + 800d372: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d376: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d378: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)EndAdd; + 800d37c: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d37e: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d380: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d382: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d386: f7ff fe63 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SD_ERASE_GRP_END, SDMMC_CMDTIMEOUT); + 800d38a: f241 3288 movw r2, #5000 ; 0x1388 + 800d38e: 4629 mov r1, r5 + 800d390: 4620 mov r0, r4 + 800d392: f7ff febf bl 800d114 +} + 800d396: b007 add sp, #28 + 800d398: bd30 pop {r4, r5, pc} + +0800d39a : +{ + 800d39a: b530 push {r4, r5, lr} + 800d39c: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d39e: 2523 movs r5, #35 ; 0x23 + 800d3a0: f44f 7380 mov.w r3, #256 ; 0x100 + 800d3a4: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d3a8: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d3aa: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)StartAdd; + 800d3ae: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d3b0: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d3b2: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d3b4: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d3b8: f7ff fe4a bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_ERASE_GRP_START, SDMMC_CMDTIMEOUT); + 800d3bc: f241 3288 movw r2, #5000 ; 0x1388 + 800d3c0: 4629 mov r1, r5 + 800d3c2: 4620 mov r0, r4 + 800d3c4: f7ff fea6 bl 800d114 +} + 800d3c8: b007 add sp, #28 + 800d3ca: bd30 pop {r4, r5, pc} + +0800d3cc : +{ + 800d3cc: b530 push {r4, r5, lr} + 800d3ce: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d3d0: 2524 movs r5, #36 ; 0x24 + 800d3d2: f44f 7380 mov.w r3, #256 ; 0x100 + 800d3d6: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d3da: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d3dc: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)EndAdd; + 800d3e0: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d3e2: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d3e4: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d3e6: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d3ea: f7ff fe31 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_ERASE_GRP_END, SDMMC_CMDTIMEOUT); + 800d3ee: f241 3288 movw r2, #5000 ; 0x1388 + 800d3f2: 4629 mov r1, r5 + 800d3f4: 4620 mov r0, r4 + 800d3f6: f7ff fe8d bl 800d114 +} + 800d3fa: b007 add sp, #28 + 800d3fc: bd30 pop {r4, r5, pc} + +0800d3fe : +{ + 800d3fe: b530 push {r4, r5, lr} + 800d400: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d402: 2526 movs r5, #38 ; 0x26 + 800d404: f44f 7380 mov.w r3, #256 ; 0x100 + 800d408: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d40c: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d40e: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = EraseType; + 800d412: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d414: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d416: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d418: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d41c: f7ff fe18 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_ERASE, SDMMC_MAXERASETIMEOUT); + 800d420: f24f 6218 movw r2, #63000 ; 0xf618 + 800d424: 4629 mov r1, r5 + 800d426: 4620 mov r0, r4 + 800d428: f7ff fe74 bl 800d114 +} + 800d42c: b007 add sp, #28 + 800d42e: bd30 pop {r4, r5, pc} + +0800d430 : +{ + 800d430: b530 push {r4, r5, lr} + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_STOP_TRANSMISSION; + 800d432: 2300 movs r3, #0 +{ + 800d434: b087 sub sp, #28 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_STOP_TRANSMISSION; + 800d436: 250c movs r5, #12 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d438: f44f 7280 mov.w r2, #256 ; 0x100 + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d43c: e9cd 2303 strd r2, r3, [sp, #12] + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_STOP_TRANSMISSION; + 800d440: e9cd 3501 strd r3, r5, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d444: f44f 5380 mov.w r3, #4096 ; 0x1000 + 800d448: 9305 str r3, [sp, #20] + __SDMMC_CMDSTOP_ENABLE(SDMMCx); + 800d44a: 68c3 ldr r3, [r0, #12] + 800d44c: f043 0380 orr.w r3, r3, #128 ; 0x80 + 800d450: 60c3 str r3, [r0, #12] + __SDMMC_CMDTRANS_DISABLE(SDMMCx); + 800d452: 68c3 ldr r3, [r0, #12] + 800d454: f023 0340 bic.w r3, r3, #64 ; 0x40 +{ + 800d458: 4604 mov r4, r0 + __SDMMC_CMDTRANS_DISABLE(SDMMCx); + 800d45a: 60c3 str r3, [r0, #12] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d45c: a901 add r1, sp, #4 + 800d45e: f7ff fdf7 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_STOP_TRANSMISSION, SDMMC_STOPTRANSFERTIMEOUT); + 800d462: 4a05 ldr r2, [pc, #20] ; (800d478 ) + 800d464: 4629 mov r1, r5 + 800d466: 4620 mov r0, r4 + 800d468: f7ff fe54 bl 800d114 + __SDMMC_CMDSTOP_DISABLE(SDMMCx); + 800d46c: 68e3 ldr r3, [r4, #12] + 800d46e: f023 0380 bic.w r3, r3, #128 ; 0x80 + 800d472: 60e3 str r3, [r4, #12] +} + 800d474: b007 add sp, #28 + 800d476: bd30 pop {r4, r5, pc} + 800d478: 05f5e100 .word 0x05f5e100 + +0800d47c : +{ + 800d47c: b530 push {r4, r5, lr} + 800d47e: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d480: 2507 movs r5, #7 + 800d482: f44f 7380 mov.w r3, #256 ; 0x100 + 800d486: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d48a: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d48c: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)Addr; + 800d490: 9201 str r2, [sp, #4] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d492: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d494: 2200 movs r2, #0 + 800d496: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d49a: f7ff fdd9 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SEL_DESEL_CARD, SDMMC_CMDTIMEOUT); + 800d49e: f241 3288 movw r2, #5000 ; 0x1388 + 800d4a2: 4629 mov r1, r5 + 800d4a4: 4620 mov r0, r4 + 800d4a6: f7ff fe35 bl 800d114 +} + 800d4aa: b007 add sp, #28 + 800d4ac: bd30 pop {r4, r5, pc} + +0800d4ae : +{ + 800d4ae: b530 push {r4, r5, lr} + 800d4b0: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d4b2: 2537 movs r5, #55 ; 0x37 + 800d4b4: f44f 7380 mov.w r3, #256 ; 0x100 + 800d4b8: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d4bc: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d4be: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)Argument; + 800d4c2: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d4c4: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d4c6: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d4c8: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d4cc: f7ff fdc0 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_APP_CMD, SDMMC_CMDTIMEOUT); + 800d4d0: f241 3288 movw r2, #5000 ; 0x1388 + 800d4d4: 4629 mov r1, r5 + 800d4d6: 4620 mov r0, r4 + 800d4d8: f7ff fe1c bl 800d114 +} + 800d4dc: b007 add sp, #28 + 800d4de: bd30 pop {r4, r5, pc} + +0800d4e0 : +{ + 800d4e0: b530 push {r4, r5, lr} + 800d4e2: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d4e4: 2506 movs r5, #6 + 800d4e6: f44f 7380 mov.w r3, #256 ; 0x100 + 800d4ea: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d4ee: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d4f0: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = (uint32_t)BusWidth; + 800d4f4: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d4f6: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d4f8: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d4fa: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d4fe: f7ff fda7 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_APP_SD_SET_BUSWIDTH, SDMMC_CMDTIMEOUT); + 800d502: f241 3288 movw r2, #5000 ; 0x1388 + 800d506: 4629 mov r1, r5 + 800d508: 4620 mov r0, r4 + 800d50a: f7ff fe03 bl 800d114 +} + 800d50e: b007 add sp, #28 + 800d510: bd30 pop {r4, r5, pc} + +0800d512 : + 800d512: f7ff bfe5 b.w 800d4e0 + +0800d516 : +{ + 800d516: b530 push {r4, r5, lr} + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SD_APP_SEND_SCR; + 800d518: 2300 movs r3, #0 +{ + 800d51a: b087 sub sp, #28 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SD_APP_SEND_SCR; + 800d51c: 2533 movs r5, #51 ; 0x33 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d51e: f44f 7280 mov.w r2, #256 ; 0x100 + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d522: e9cd 2303 strd r2, r3, [sp, #12] + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SD_APP_SEND_SCR; + 800d526: e9cd 3501 strd r3, r5, [sp, #4] +{ + 800d52a: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d52c: f44f 5380 mov.w r3, #4096 ; 0x1000 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d530: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d532: 9305 str r3, [sp, #20] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d534: f7ff fd8c bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SD_APP_SEND_SCR, SDMMC_CMDTIMEOUT); + 800d538: f241 3288 movw r2, #5000 ; 0x1388 + 800d53c: 4629 mov r1, r5 + 800d53e: 4620 mov r0, r4 + 800d540: f7ff fde8 bl 800d114 +} + 800d544: b007 add sp, #28 + 800d546: bd30 pop {r4, r5, pc} + +0800d548 : +{ + 800d548: b530 push {r4, r5, lr} + 800d54a: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d54c: 2503 movs r5, #3 + sdmmc_cmdinit.Argument = ((uint32_t)RCA << 16U); + 800d54e: 0409 lsls r1, r1, #16 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d550: f44f 7380 mov.w r3, #256 ; 0x100 + 800d554: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d558: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d55a: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = ((uint32_t)RCA << 16U); + 800d55e: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d560: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d562: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d564: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d568: f7ff fd72 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SET_REL_ADDR, SDMMC_CMDTIMEOUT); + 800d56c: f241 3288 movw r2, #5000 ; 0x1388 + 800d570: 4629 mov r1, r5 + 800d572: 4620 mov r0, r4 + 800d574: f7ff fdce bl 800d114 +} + 800d578: b007 add sp, #28 + 800d57a: bd30 pop {r4, r5, pc} + +0800d57c : +{ + 800d57c: b530 push {r4, r5, lr} + 800d57e: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d580: 250d movs r5, #13 + 800d582: f44f 7380 mov.w r3, #256 ; 0x100 + 800d586: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d58a: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d58c: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = Argument; + 800d590: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d592: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d594: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d596: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d59a: f7ff fd59 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SEND_STATUS, SDMMC_CMDTIMEOUT); + 800d59e: f241 3288 movw r2, #5000 ; 0x1388 + 800d5a2: 4629 mov r1, r5 + 800d5a4: 4620 mov r0, r4 + 800d5a6: f7ff fdb5 bl 800d114 +} + 800d5aa: b007 add sp, #28 + 800d5ac: bd30 pop {r4, r5, pc} + +0800d5ae : +{ + 800d5ae: b530 push {r4, r5, lr} + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SD_APP_STATUS; + 800d5b0: 2300 movs r3, #0 +{ + 800d5b2: b087 sub sp, #28 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SD_APP_STATUS; + 800d5b4: 250d movs r5, #13 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d5b6: f44f 7280 mov.w r2, #256 ; 0x100 + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d5ba: e9cd 2303 strd r2, r3, [sp, #12] + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SD_APP_STATUS; + 800d5be: e9cd 3501 strd r3, r5, [sp, #4] +{ + 800d5c2: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d5c4: f44f 5380 mov.w r3, #4096 ; 0x1000 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d5c8: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d5ca: 9305 str r3, [sp, #20] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d5cc: f7ff fd40 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_SD_APP_STATUS, SDMMC_CMDTIMEOUT); + 800d5d0: f241 3288 movw r2, #5000 ; 0x1388 + 800d5d4: 4629 mov r1, r5 + 800d5d6: 4620 mov r0, r4 + 800d5d8: f7ff fd9c bl 800d114 +} + 800d5dc: b007 add sp, #28 + 800d5de: bd30 pop {r4, r5, pc} + +0800d5e0 : +{ + 800d5e0: b530 push {r4, r5, lr} + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_VOLTAGE_SWITCH; + 800d5e2: 2300 movs r3, #0 +{ + 800d5e4: b087 sub sp, #28 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_VOLTAGE_SWITCH; + 800d5e6: 250b movs r5, #11 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d5e8: f44f 7280 mov.w r2, #256 ; 0x100 + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d5ec: e9cd 2303 strd r2, r3, [sp, #12] + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_VOLTAGE_SWITCH; + 800d5f0: e9cd 3501 strd r3, r5, [sp, #4] +{ + 800d5f4: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d5f6: f44f 5380 mov.w r3, #4096 ; 0x1000 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d5fa: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d5fc: 9305 str r3, [sp, #20] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d5fe: f7ff fd27 bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_VOLTAGE_SWITCH, SDMMC_CMDTIMEOUT); + 800d602: f241 3288 movw r2, #5000 ; 0x1388 + 800d606: 4629 mov r1, r5 + 800d608: 4620 mov r0, r4 + 800d60a: f7ff fd83 bl 800d114 +} + 800d60e: b007 add sp, #28 + 800d610: bd30 pop {r4, r5, pc} + +0800d612 : +{ + 800d612: b530 push {r4, r5, lr} + 800d614: b087 sub sp, #28 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d616: 2508 movs r5, #8 + 800d618: f44f 7380 mov.w r3, #256 ; 0x100 + 800d61c: e9cd 5302 strd r5, r3, [sp, #8] +{ + 800d620: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d622: f44f 5380 mov.w r3, #4096 ; 0x1000 + sdmmc_cmdinit.Argument = Argument; + 800d626: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d628: 2200 movs r2, #0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d62a: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d62c: e9cd 2304 strd r2, r3, [sp, #16] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d630: f7ff fd0e bl 800d050 + errorstate = SDMMC_GetCmdResp1(SDMMCx, SDMMC_CMD_HS_SEND_EXT_CSD,SDMMC_CMDTIMEOUT); + 800d634: f241 3288 movw r2, #5000 ; 0x1388 + 800d638: 4629 mov r1, r5 + 800d63a: 4620 mov r0, r4 + 800d63c: f7ff fd6a bl 800d114 +} + 800d640: b007 add sp, #28 + 800d642: bd30 pop {r4, r5, pc} + +0800d644 : + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d644: 4b11 ldr r3, [pc, #68] ; (800d68c ) + 800d646: f44f 51fa mov.w r1, #8000 ; 0x1f40 + 800d64a: 681b ldr r3, [r3, #0] + 800d64c: fbb3 f3f1 udiv r3, r3, r1 + 800d650: f241 3188 movw r1, #5000 ; 0x1388 +{ + 800d654: 4602 mov r2, r0 + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d656: 434b muls r3, r1 + if (count-- == 0U) + 800d658: 3b01 subs r3, #1 + 800d65a: d313 bcc.n 800d684 + sta_reg = SDMMCx->STA; + 800d65c: 6b51 ldr r1, [r2, #52] ; 0x34 + ((sta_reg & SDMMC_FLAG_CMDACT) != 0U )); + 800d65e: f011 0f45 tst.w r1, #69 ; 0x45 + 800d662: d0f9 beq.n 800d658 + }while(((sta_reg & (SDMMC_FLAG_CCRCFAIL | SDMMC_FLAG_CMDREND | SDMMC_FLAG_CTIMEOUT)) == 0U) || + 800d664: 0489 lsls r1, r1, #18 + 800d666: d4f7 bmi.n 800d658 + if (__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT)) + 800d668: 6b53 ldr r3, [r2, #52] ; 0x34 + 800d66a: 075b lsls r3, r3, #29 + 800d66c: d502 bpl.n 800d674 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT); + 800d66e: 2004 movs r0, #4 + 800d670: 6390 str r0, [r2, #56] ; 0x38 + return SDMMC_ERROR_CMD_RSP_TIMEOUT; + 800d672: 4770 bx lr + else if (__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL)) + 800d674: 6b50 ldr r0, [r2, #52] ; 0x34 + 800d676: f010 0001 ands.w r0, r0, #1 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_STATIC_CMD_FLAGS); + 800d67a: bf0c ite eq + 800d67c: 4b04 ldreq r3, [pc, #16] ; (800d690 ) + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL); + 800d67e: 2301 movne r3, #1 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_STATIC_CMD_FLAGS); + 800d680: 6393 str r3, [r2, #56] ; 0x38 + return SDMMC_ERROR_NONE; + 800d682: 4770 bx lr + return SDMMC_ERROR_TIMEOUT; + 800d684: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 +} + 800d688: 4770 bx lr + 800d68a: bf00 nop + 800d68c: 2009e2ac .word 0x2009e2ac + 800d690: 002000c5 .word 0x002000c5 + +0800d694 : +{ + 800d694: b510 push {r4, lr} + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_ALL_SEND_CID; + 800d696: 2300 movs r3, #0 +{ + 800d698: b086 sub sp, #24 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_ALL_SEND_CID; + 800d69a: 2202 movs r2, #2 + 800d69c: e9cd 3201 strd r3, r2, [sp, #4] + sdmmc_cmdinit.Response = SDMMC_RESPONSE_LONG; + 800d6a0: f44f 7240 mov.w r2, #768 ; 0x300 + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d6a4: e9cd 2303 strd r2, r3, [sp, #12] +{ + 800d6a8: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d6aa: f44f 5380 mov.w r3, #4096 ; 0x1000 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d6ae: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d6b0: 9305 str r3, [sp, #20] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d6b2: f7ff fccd bl 800d050 + errorstate = SDMMC_GetCmdResp2(SDMMCx); + 800d6b6: 4620 mov r0, r4 + 800d6b8: f7ff ffc4 bl 800d644 +} + 800d6bc: b006 add sp, #24 + 800d6be: bd10 pop {r4, pc} + +0800d6c0 : +{ + 800d6c0: b510 push {r4, lr} + 800d6c2: b086 sub sp, #24 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_LONG; + 800d6c4: 2209 movs r2, #9 + 800d6c6: f44f 7340 mov.w r3, #768 ; 0x300 + 800d6ca: e9cd 2302 strd r2, r3, [sp, #8] + sdmmc_cmdinit.Argument = Argument; + 800d6ce: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d6d0: f44f 5380 mov.w r3, #4096 ; 0x1000 + 800d6d4: 2100 movs r1, #0 + 800d6d6: e9cd 1304 strd r1, r3, [sp, #16] +{ + 800d6da: 4604 mov r4, r0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d6dc: a901 add r1, sp, #4 + 800d6de: f7ff fcb7 bl 800d050 + errorstate = SDMMC_GetCmdResp2(SDMMCx); + 800d6e2: 4620 mov r0, r4 + 800d6e4: f7ff ffae bl 800d644 +} + 800d6e8: b006 add sp, #24 + 800d6ea: bd10 pop {r4, pc} + +0800d6ec : + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d6ec: 4b0e ldr r3, [pc, #56] ; (800d728 ) + 800d6ee: f44f 51fa mov.w r1, #8000 ; 0x1f40 + 800d6f2: 681b ldr r3, [r3, #0] + 800d6f4: fbb3 f3f1 udiv r3, r3, r1 + 800d6f8: f241 3188 movw r1, #5000 ; 0x1388 +{ + 800d6fc: 4602 mov r2, r0 + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d6fe: 434b muls r3, r1 + if (count-- == 0U) + 800d700: 3b01 subs r3, #1 + 800d702: d30e bcc.n 800d722 + sta_reg = SDMMCx->STA; + 800d704: 6b51 ldr r1, [r2, #52] ; 0x34 + ((sta_reg & SDMMC_FLAG_CMDACT) != 0U )); + 800d706: f011 0f45 tst.w r1, #69 ; 0x45 + 800d70a: d0f9 beq.n 800d700 + }while(((sta_reg & (SDMMC_FLAG_CCRCFAIL | SDMMC_FLAG_CMDREND | SDMMC_FLAG_CTIMEOUT)) == 0U) || + 800d70c: 0489 lsls r1, r1, #18 + 800d70e: d4f7 bmi.n 800d700 + if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT)) + 800d710: 6b50 ldr r0, [r2, #52] ; 0x34 + 800d712: f010 0004 ands.w r0, r0, #4 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT); + 800d716: bf15 itete ne + 800d718: 2004 movne r0, #4 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_STATIC_CMD_FLAGS); + 800d71a: 4b04 ldreq r3, [pc, #16] ; (800d72c ) + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT); + 800d71c: 6390 strne r0, [r2, #56] ; 0x38 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_STATIC_CMD_FLAGS); + 800d71e: 6393 streq r3, [r2, #56] ; 0x38 + return SDMMC_ERROR_NONE; + 800d720: 4770 bx lr + return SDMMC_ERROR_TIMEOUT; + 800d722: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 +} + 800d726: 4770 bx lr + 800d728: 2009e2ac .word 0x2009e2ac + 800d72c: 002000c5 .word 0x002000c5 + +0800d730 : +{ + 800d730: b510 push {r4, lr} + 800d732: b086 sub sp, #24 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d734: 2229 movs r2, #41 ; 0x29 + 800d736: f44f 7380 mov.w r3, #256 ; 0x100 + 800d73a: e9cd 2302 strd r2, r3, [sp, #8] + sdmmc_cmdinit.Argument = Argument; + 800d73e: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d740: f44f 5380 mov.w r3, #4096 ; 0x1000 + 800d744: 2100 movs r1, #0 + 800d746: e9cd 1304 strd r1, r3, [sp, #16] +{ + 800d74a: 4604 mov r4, r0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d74c: a901 add r1, sp, #4 + 800d74e: f7ff fc7f bl 800d050 + errorstate = SDMMC_GetCmdResp3(SDMMCx); + 800d752: 4620 mov r0, r4 + 800d754: f7ff ffca bl 800d6ec +} + 800d758: b006 add sp, #24 + 800d75a: bd10 pop {r4, pc} + +0800d75c : +{ + 800d75c: b510 push {r4, lr} + 800d75e: b086 sub sp, #24 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d760: 2201 movs r2, #1 + 800d762: f44f 7380 mov.w r3, #256 ; 0x100 + 800d766: e9cd 2302 strd r2, r3, [sp, #8] + sdmmc_cmdinit.Argument = Argument; + 800d76a: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d76c: f44f 5380 mov.w r3, #4096 ; 0x1000 + 800d770: 2100 movs r1, #0 + 800d772: e9cd 1304 strd r1, r3, [sp, #16] +{ + 800d776: 4604 mov r4, r0 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d778: a901 add r1, sp, #4 + 800d77a: f7ff fc69 bl 800d050 + errorstate = SDMMC_GetCmdResp3(SDMMCx); + 800d77e: 4620 mov r0, r4 + 800d780: f7ff ffb4 bl 800d6ec +} + 800d784: b006 add sp, #24 + 800d786: bd10 pop {r4, pc} + +0800d788 : + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d788: 4b1f ldr r3, [pc, #124] ; (800d808 ) +{ + 800d78a: b510 push {r4, lr} + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d78c: 681b ldr r3, [r3, #0] +{ + 800d78e: 4604 mov r4, r0 + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d790: f44f 50fa mov.w r0, #8000 ; 0x1f40 + 800d794: fbb3 f3f0 udiv r3, r3, r0 + 800d798: f241 3088 movw r0, #5000 ; 0x1388 + 800d79c: 4343 muls r3, r0 + if (count-- == 0U) + 800d79e: 3b01 subs r3, #1 + 800d7a0: d329 bcc.n 800d7f6 + sta_reg = SDMMCx->STA; + 800d7a2: 6b60 ldr r0, [r4, #52] ; 0x34 + ((sta_reg & SDMMC_FLAG_CMDACT) != 0U )); + 800d7a4: f010 0f45 tst.w r0, #69 ; 0x45 + 800d7a8: d0f9 beq.n 800d79e + }while(((sta_reg & (SDMMC_FLAG_CCRCFAIL | SDMMC_FLAG_CMDREND | SDMMC_FLAG_CTIMEOUT)) == 0U) || + 800d7aa: 0480 lsls r0, r0, #18 + 800d7ac: d4f7 bmi.n 800d79e + if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT)) + 800d7ae: 6b63 ldr r3, [r4, #52] ; 0x34 + 800d7b0: 0758 lsls r0, r3, #29 + 800d7b2: d502 bpl.n 800d7ba + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT); + 800d7b4: 2004 movs r0, #4 + 800d7b6: 63a0 str r0, [r4, #56] ; 0x38 +} + 800d7b8: bd10 pop {r4, pc} + else if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL)) + 800d7ba: 6b60 ldr r0, [r4, #52] ; 0x34 + 800d7bc: f010 0001 ands.w r0, r0, #1 + 800d7c0: d002 beq.n 800d7c8 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL); + 800d7c2: 2301 movs r3, #1 + 800d7c4: 63a3 str r3, [r4, #56] ; 0x38 + return SDMMC_ERROR_CMD_CRC_FAIL; + 800d7c6: e7f7 b.n 800d7b8 + return (uint8_t)(SDMMCx->RESPCMD); + 800d7c8: 6923 ldr r3, [r4, #16] + if(SDMMC_GetCommandResponse(SDMMCx) != SD_CMD) + 800d7ca: b2db uxtb r3, r3 + 800d7cc: 4299 cmp r1, r3 + 800d7ce: d115 bne.n 800d7fc + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_STATIC_CMD_FLAGS); + 800d7d0: 4b0e ldr r3, [pc, #56] ; (800d80c ) + 800d7d2: 63a3 str r3, [r4, #56] ; 0x38 + return (*(__IO uint32_t *) tmp); + 800d7d4: 6963 ldr r3, [r4, #20] + if((response_r1 & (SDMMC_R6_GENERAL_UNKNOWN_ERROR | SDMMC_R6_ILLEGAL_CMD | SDMMC_R6_COM_CRC_FAILED)) == SDMMC_ALLZERO) + 800d7d6: f413 4060 ands.w r0, r3, #57344 ; 0xe000 + 800d7da: d102 bne.n 800d7e2 + *pRCA = (uint16_t) (response_r1 >> 16); + 800d7dc: 0c1b lsrs r3, r3, #16 + 800d7de: 8013 strh r3, [r2, #0] + return SDMMC_ERROR_NONE; + 800d7e0: e7ea b.n 800d7b8 + else if((response_r1 & SDMMC_R6_ILLEGAL_CMD) == SDMMC_R6_ILLEGAL_CMD) + 800d7e2: 045a lsls r2, r3, #17 + 800d7e4: d40c bmi.n 800d800 + return SDMMC_ERROR_GENERAL_UNKNOWN_ERR; + 800d7e6: f413 4f00 tst.w r3, #32768 ; 0x8000 + 800d7ea: bf14 ite ne + 800d7ec: f44f 5080 movne.w r0, #4096 ; 0x1000 + 800d7f0: f44f 3080 moveq.w r0, #65536 ; 0x10000 + 800d7f4: e7e0 b.n 800d7b8 + return SDMMC_ERROR_TIMEOUT; + 800d7f6: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 + 800d7fa: e7dd b.n 800d7b8 + return SDMMC_ERROR_CMD_CRC_FAIL; + 800d7fc: 2001 movs r0, #1 + 800d7fe: e7db b.n 800d7b8 + return SDMMC_ERROR_ILLEGAL_CMD; + 800d800: f44f 5000 mov.w r0, #8192 ; 0x2000 + 800d804: e7d8 b.n 800d7b8 + 800d806: bf00 nop + 800d808: 2009e2ac .word 0x2009e2ac + 800d80c: 002000c5 .word 0x002000c5 + +0800d810 : +{ + 800d810: b530 push {r4, r5, lr} + 800d812: b089 sub sp, #36 ; 0x24 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SET_REL_ADDR; + 800d814: 2300 movs r3, #0 +{ + 800d816: 9101 str r1, [sp, #4] + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SET_REL_ADDR; + 800d818: 2503 movs r5, #3 + sdmmc_cmdinit.Response = SDMMC_RESPONSE_SHORT; + 800d81a: f44f 7180 mov.w r1, #256 ; 0x100 + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d81e: e9cd 1305 strd r1, r3, [sp, #20] + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_SET_REL_ADDR; + 800d822: e9cd 3503 strd r3, r5, [sp, #12] +{ + 800d826: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d828: f44f 5380 mov.w r3, #4096 ; 0x1000 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d82c: a903 add r1, sp, #12 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d82e: 9307 str r3, [sp, #28] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d830: f7ff fc0e bl 800d050 + errorstate = SDMMC_GetCmdResp6(SDMMCx, SDMMC_CMD_SET_REL_ADDR, pRCA); + 800d834: 9a01 ldr r2, [sp, #4] + 800d836: 4629 mov r1, r5 + 800d838: 4620 mov r0, r4 + 800d83a: f7ff ffa5 bl 800d788 +} + 800d83e: b009 add sp, #36 ; 0x24 + 800d840: bd30 pop {r4, r5, pc} + ... + +0800d844 : + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d844: 4b13 ldr r3, [pc, #76] ; (800d894 ) + 800d846: f44f 51fa mov.w r1, #8000 ; 0x1f40 + 800d84a: 681b ldr r3, [r3, #0] + 800d84c: fbb3 f3f1 udiv r3, r3, r1 + 800d850: f241 3188 movw r1, #5000 ; 0x1388 +{ + 800d854: 4602 mov r2, r0 + uint32_t count = SDMMC_CMDTIMEOUT * (SystemCoreClock / 8U /1000U); + 800d856: 434b muls r3, r1 + if (count-- == 0U) + 800d858: 3b01 subs r3, #1 + 800d85a: d317 bcc.n 800d88c + sta_reg = SDMMCx->STA; + 800d85c: 6b51 ldr r1, [r2, #52] ; 0x34 + ((sta_reg & SDMMC_FLAG_CMDACT) != 0U )); + 800d85e: f011 0f45 tst.w r1, #69 ; 0x45 + 800d862: d0f9 beq.n 800d858 + }while(((sta_reg & (SDMMC_FLAG_CCRCFAIL | SDMMC_FLAG_CMDREND | SDMMC_FLAG_CTIMEOUT)) == 0U) || + 800d864: 0488 lsls r0, r1, #18 + 800d866: d4f7 bmi.n 800d858 + if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT)) + 800d868: 6b53 ldr r3, [r2, #52] ; 0x34 + 800d86a: 0759 lsls r1, r3, #29 + 800d86c: d502 bpl.n 800d874 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CTIMEOUT); + 800d86e: 2004 movs r0, #4 + 800d870: 6390 str r0, [r2, #56] ; 0x38 + return SDMMC_ERROR_CMD_RSP_TIMEOUT; + 800d872: 4770 bx lr + else if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL)) + 800d874: 6b50 ldr r0, [r2, #52] ; 0x34 + 800d876: f010 0001 ands.w r0, r0, #1 + 800d87a: d002 beq.n 800d882 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CCRCFAIL); + 800d87c: 2301 movs r3, #1 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CMDREND); + 800d87e: 6393 str r3, [r2, #56] ; 0x38 + 800d880: 4770 bx lr + if(__SDMMC_GET_FLAG(SDMMCx, SDMMC_FLAG_CMDREND)) + 800d882: 6b53 ldr r3, [r2, #52] ; 0x34 + 800d884: 065b lsls r3, r3, #25 + 800d886: d503 bpl.n 800d890 + __SDMMC_CLEAR_FLAG(SDMMCx, SDMMC_FLAG_CMDREND); + 800d888: 2340 movs r3, #64 ; 0x40 + 800d88a: e7f8 b.n 800d87e + return SDMMC_ERROR_TIMEOUT; + 800d88c: f04f 4000 mov.w r0, #2147483648 ; 0x80000000 +} + 800d890: 4770 bx lr + 800d892: bf00 nop + 800d894: 2009e2ac .word 0x2009e2ac + +0800d898 : +{ + 800d898: b510 push {r4, lr} + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_HS_SEND_EXT_CSD; + 800d89a: f44f 72d5 mov.w r2, #426 ; 0x1aa +{ + 800d89e: b086 sub sp, #24 + sdmmc_cmdinit.CmdIndex = SDMMC_CMD_HS_SEND_EXT_CSD; + 800d8a0: 2308 movs r3, #8 + 800d8a2: e9cd 2301 strd r2, r3, [sp, #4] + sdmmc_cmdinit.WaitForInterrupt = SDMMC_WAIT_NO; + 800d8a6: f44f 7180 mov.w r1, #256 ; 0x100 + 800d8aa: 2300 movs r3, #0 + 800d8ac: e9cd 1303 strd r1, r3, [sp, #12] +{ + 800d8b0: 4604 mov r4, r0 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d8b2: f44f 5380 mov.w r3, #4096 ; 0x1000 + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d8b6: a901 add r1, sp, #4 + sdmmc_cmdinit.CPSM = SDMMC_CPSM_ENABLE; + 800d8b8: 9305 str r3, [sp, #20] + (void)SDMMC_SendCommand(SDMMCx, &sdmmc_cmdinit); + 800d8ba: f7ff fbc9 bl 800d050 + errorstate = SDMMC_GetCmdResp7(SDMMCx); + 800d8be: 4620 mov r0, r4 + 800d8c0: f7ff ffc0 bl 800d844 +} + 800d8c4: b006 add sp, #24 + 800d8c6: bd10 pop {r4, pc} + +0800d8c8 : + 800d8c8: b510 push {r4, lr} + 800d8ca: 3901 subs r1, #1 + 800d8cc: 4402 add r2, r0 + 800d8ce: 4290 cmp r0, r2 + 800d8d0: d101 bne.n 800d8d6 + 800d8d2: 2000 movs r0, #0 + 800d8d4: e005 b.n 800d8e2 + 800d8d6: 7803 ldrb r3, [r0, #0] + 800d8d8: f811 4f01 ldrb.w r4, [r1, #1]! + 800d8dc: 42a3 cmp r3, r4 + 800d8de: d001 beq.n 800d8e4 + 800d8e0: 1b18 subs r0, r3, r4 + 800d8e2: bd10 pop {r4, pc} + 800d8e4: 3001 adds r0, #1 + 800d8e6: e7f2 b.n 800d8ce + +0800d8e8 : + 800d8e8: 440a add r2, r1 + 800d8ea: 4291 cmp r1, r2 + 800d8ec: f100 33ff add.w r3, r0, #4294967295 ; 0xffffffff + 800d8f0: d100 bne.n 800d8f4 + 800d8f2: 4770 bx lr + 800d8f4: b510 push {r4, lr} + 800d8f6: f811 4b01 ldrb.w r4, [r1], #1 + 800d8fa: f803 4f01 strb.w r4, [r3, #1]! + 800d8fe: 4291 cmp r1, r2 + 800d900: d1f9 bne.n 800d8f6 + 800d902: bd10 pop {r4, pc} + +0800d904 : + 800d904: 4402 add r2, r0 + 800d906: 4603 mov r3, r0 + 800d908: 4293 cmp r3, r2 + 800d90a: d100 bne.n 800d90e + 800d90c: 4770 bx lr + 800d90e: f803 1b01 strb.w r1, [r3], #1 + 800d912: e7f9 b.n 800d908 + +0800d914 : + 800d914: 46ec mov ip, sp + 800d916: e8a0 5ff0 stmia.w r0!, {r4, r5, r6, r7, r8, r9, sl, fp, ip, lr} + 800d91a: f04f 0000 mov.w r0, #0 + 800d91e: 4770 bx lr + +0800d920 : + 800d920: e8b0 5ff0 ldmia.w r0!, {r4, r5, r6, r7, r8, r9, sl, fp, ip, lr} + 800d924: 46e5 mov sp, ip + 800d926: 0008 movs r0, r1 + 800d928: bf08 it eq + 800d92a: 2001 moveq r0, #1 + 800d92c: 4770 bx lr + 800d92e: bf00 nop + +0800d930 : + 800d930: 4603 mov r3, r0 + 800d932: f811 2b01 ldrb.w r2, [r1], #1 + 800d936: f803 2b01 strb.w r2, [r3], #1 + 800d93a: 2a00 cmp r2, #0 + 800d93c: d1f9 bne.n 800d932 + 800d93e: 4770 bx lr + +0800d940 : + 800d940: b510 push {r4, lr} + 800d942: 460b mov r3, r1 + 800d944: b162 cbz r2, 800d960 + 800d946: 3a01 subs r2, #1 + 800d948: d008 beq.n 800d95c + 800d94a: f813 4b01 ldrb.w r4, [r3], #1 + 800d94e: f800 4b01 strb.w r4, [r0], #1 + 800d952: 2c00 cmp r4, #0 + 800d954: d1f7 bne.n 800d946 + 800d956: 1a58 subs r0, r3, r1 + 800d958: 3801 subs r0, #1 + 800d95a: bd10 pop {r4, pc} + 800d95c: 2200 movs r2, #0 + 800d95e: 7002 strb r2, [r0, #0] + 800d960: f813 2b01 ldrb.w r2, [r3], #1 + 800d964: 2a00 cmp r2, #0 + 800d966: d1fb bne.n 800d960 + 800d968: e7f5 b.n 800d956 + +0800d96a : + 800d96a: 4603 mov r3, r0 + 800d96c: f813 2b01 ldrb.w r2, [r3], #1 + 800d970: 2a00 cmp r2, #0 + 800d972: d1fb bne.n 800d96c + 800d974: 1a18 subs r0, r3, r0 + 800d976: 3801 subs r0, #1 + 800d978: 4770 bx lr + 800d97a: 0000 movs r0, r0 + 800d97c: 0000 movs r0, r0 + ... + +0800d980 <__flash_page_erase_veneer>: + 800d980: f85f f000 ldr.w pc, [pc] ; 800d984 <__flash_page_erase_veneer+0x4> + 800d984: 2009e08d .word 0x2009e08d + +0800d988 <__flash_burn_veneer>: + 800d988: f85f f000 ldr.w pc, [pc] ; 800d98c <__flash_burn_veneer+0x4> + 800d98c: 2009e001 .word 0x2009e001 + 800d990: 6f636e69 .word 0x6f636e69 + 800d994: 006e .short 0x006e + 800d996: 6944 .short 0x6944 + 800d998: 44203a65 .word 0x44203a65 + 800d99c: 44005546 .word 0x44005546 + 800d9a0: 203a6569 .word 0x203a6569 + 800d9a4: 6e776f44 .word 0x6e776f44 + 800d9a8: 64617267 .word 0x64617267 + 800d9ac: 69440065 .word 0x69440065 + 800d9b0: 42203a65 .word 0x42203a65 + 800d9b4: 6b6e616c .word 0x6b6e616c + 800d9b8: 00687369 .word 0x00687369 + 800d9bc: 3a656944 .word 0x3a656944 + 800d9c0: 69724220 .word 0x69724220 + 800d9c4: 42006b63 .word 0x42006b63 + 800d9c8: 32746f6f .word 0x32746f6f + 800d9cc: 00554644 .word 0x00554644 + 800d9d0: 43455441 .word 0x43455441 + 800d9d4: 38303643 .word 0x38303643 + 800d9d8: 53440a42 .word 0x53440a42 + 800d9dc: 33433832 .word 0x33433832 + 800d9e0: 4c004236 .word 0x4c004236 + 800d9e4: 0052 .short 0x0052 + 800d9e6: 6e65 .short 0x6e65 + 800d9e8: 5f726574 .word 0x5f726574 + 800d9ec: 28756664 .word 0x28756664 + 800d9f0: 0029 .short 0x0029 + 800d9f2: 0a0d .short 0x0a0d + 800d9f4: 2031510a .word 0x2031510a + 800d9f8: 746f6f42 .word 0x746f6f42 + 800d9fc: 64616f6c .word 0x64616f6c + 800da00: 203a7265 .word 0x203a7265 + 800da04: 49463e00 .word 0x49463e00 + 800da08: 41574552 .word 0x41574552 + 800da0c: 44454c4c .word 0x44454c4c + 800da10: 6170003c .word 0x6170003c + 800da14: 622d7269 .word 0x622d7269 + 800da18: 6b636972 .word 0x6b636972 + 800da1c: 56006465 .word 0x56006465 + 800da20: 66697265 .word 0x66697265 + 800da24: 00203a79 .word 0x00203a79 + 800da28: 52414554 .word 0x52414554 + 800da2c: 6d697420 .word 0x6d697420 + 800da30: 74756f65 .word 0x74756f65 + 800da34: 00000000 .word 0x00000000 + 800da38: 00000150 .word 0x00000150 + 800da3c: 00000011 .word 0x00000011 + 800da40: 00000001 .word 0x00000001 + 800da44: 00000001 .word 0x00000001 + 800da48: 00000000 .word 0x00000000 + +0800da4c : + 800da4c: 0011627f 01001886 22180080 00188600 .b.........".... + 800da5c: 18008001 00117d7f .....}... + +0800da65 : + 800da65: 000f577f 07e00182 1e408100 10018600 .W........@..... + 800da75: 01000200 40810003 0186001e 00020008 .......@........ + 800da85: 81000301 82001e40 00030801 00030181 ....@........... + 800da95: 001e4081 5c08018a 08c1010e 1e40071c .@.....\......@. + 800daa5: 08018a00 21020262 c0082210 018a001e ....b..!."...... + 800dab5: 040241f0 10412011 8a001e40 02400801 .A... A.@.....@. + 800dac5: 41400104 001e4010 4004018a c0010402 ..@A.@.....@.... + 800dad5: 1e40107f 04018a00 01040240 40104020 ..@.....@... @.@ + 800dae5: 018a001e 04024004 10401011 8a001e40 .....@....@.@... + 800daf5: 02400801 21082102 001ec008 40f0018a ..@..!.!.......@ + 800db05: 04c10102 7f40071e 00000f7d ......@.}... + +0800db11 : + 800db11: 0016237f 00270881 00247f81 ff031f81 .#....'...$..... + 800db21: 0023c081 e081ff04 07810022 e382ff03 ..#....."....... + 800db31: 860022e0 ff0fff1f 0022f081 03c03f82 ."........"..?.. + 800db41: 22f08100 04ff8100 21788100 fc018200 ..."......x!.... + 800db51: 78810004 03820021 810004f0 83002178 ...x!.......x!.. + 800db61: 030fe007 21788100 800f8700 0000803f ......x!....?... + 800db71: 870021f8 80ff001f 21f00000 033e8300 .!.........!..>. + 800db81: 810003ff 830021f0 03f8077c 21e08100 .....!..|......! + 800db91: 0ff88700 010000c0 870021e0 00801ff0 .........!...... + 800dba1: 20e00100 e0018300 8200033e 0020e001 ... ....>..... . + 800dbb1: 7ce00383 01820003 830020e0 04f8c003 ...|..... ...... + 800dbc1: 20e08100 81078300 810004f0 830020e0 ... ......... .. + 800dbd1: 04e08307 20e08100 030f8300 810004c0 ....... ........ + 800dbe1: 830020f0 04c0070f 20f08100 0f1e8300 . ......... .... + 800dbf1: 81000480 820020f0 00050f1e 0020f081 ..... ........ . + 800dc01: 051f1e82 20f08100 1e1e8200 f0810005 ....... ........ + 800dc11: 1c820020 8100051e 820020f0 00051c3c ........ ..<... + 800dc21: 0020f081 053c3c82 20f08100 1c3c8200 .. ..<<.... ..<. + 800dc31: f0810005 3c810020 e0810006 3c810020 .... ..<.... ..< + 800dc41: 01820005 810020e0 8200053c 0020e001 ..... ..<..... . + 800dc51: 00053c81 20e00182 053c8100 c0018200 .<..... ..<..... + 800dc61: 3c810020 03820005 810020c0 8200053c ..<..... ..<... + 800dc71: 0020c003 00053c81 20800782 051c8100 .. ..<..... .... + 800dc81: 80078200 1c810020 0f810005 1c810021 .... .......!... + 800dc91: 1f810005 1e810021 1e810005 1e810021 ....!.......!... + 800dca1: 3c810005 1e810021 7c810005 1c810021 ..... + 800dd01: 22e0ffc3 1f1f8200 8081ff03 1f810022 ..."........"... + 800dd11: fc81ff03 0f810023 e081ff03 03820023 ....#.......#... + 800dd21: 810027f8 24297f40 f00f8200 03820008 .'..@.)$........ + 800dd31: 83001cc0 07200008 20048200 0883001c ...... .... .... + 800dd41: 00082000 001c1081 000a0881 001c1081 . .............. + 800dd51: e000088c 08c83d5c 00075cf8 8c001c20 ....\=...\.. ... + 800dd61: 6220c00f 04882822 40800862 088c001c .. b"(..b..@.... + 800dd71: 22412000 41048828 1c804010 00088b00 . A"(..A.@...... + 800dd81: 28224020 1040fc88 8b001d41 40200008 @"(..@.A..... @ + 800dd91: 04892822 1dc11f40 00088a00 25224020 "(..@....... @"% + 800dda1: 10400451 088a001e 22402000 40045125 Q.@...... @"%Q.@ + 800ddb1: 8b001e10 40200008 0c512520 1d410840 ...... @ %Q.@.A. + 800ddc1: 00088b00 22204020 0740f420 0f4b7f81 .... @ " .@...K. + ... + +0800ddd3 : + 800ddd3: 0010237f 00272081 00087081 f8e31f83 .#... '..p...... + 800dde3: 7181001c 3f830008 001bfeff 80730e83 ...q...?......s. + 800ddf3: 7f830007 001bfeff 80770f83 fc830007 ..........w..... + 800de03: 001b9fff 08ff0782 3ef08400 001a800f ...........>.... + 800de13: 078e0382 f0018500 23800700 e0018500 ...........#.... + 800de23: 1bc00300 e0078200 03850006 c00300c0 ................ + 800de33: 0183001a 0006e087 00c00385 0019e001 ................ + 800de43: c403f883 07850007 e0010080 01840018 ................ + 800de53: 07ee07fc 803f8500 17fc0100 fb7f8500 ......?......... + 800de63: 07cf0ffe 80ff8500 16ff0000 ff038700 ................ + 800de73: 871fdfff 82000580 0003ff01 1580ff82 ................ + 800de83: ff0f8700 03bf8fff 82000580 0003f803 ................ + 800de93: 15c00f82 ff3f8500 07fe07ff e0038200 ......?......... + 800dea3: 03820003 850015e0 0303807f 820007fc ................ + 800deb3: 0003c003 15e00182 00fe8500 07f80100 ................ + 800dec3: c0038200 01820003 820014e0 0003f801 ................ + 800ded3: 0007f881 03e00382 c0038200 03820014 ................ + 800dee3: 810003e0 8200077c 0003f803 14c00f82 ....|........... + 800def3: c0078200 3e810003 01870007 0100c0ff .......>........ + 800df03: 001480ff 78800f86 081f0000 15ff0500 .......x........ + 800df13: 031f8700 0f0000f8 81000780 81ff033f ............?... + 800df23: 870015fc 00f8071e 07c00700 031f8100 ................ + 800df33: 15f881ff 0f3c8700 030000f8 850007c0 ......<......... + 800df43: feff3f1e 87001578 00801f7c 07c00300 .?..x...|....... + 800df53: 3f1e8500 1578fce7 3e788200 07820003 ...?..x...x>.... + 800df63: 850007c0 fce33f1e 82001578 00037c78 .....?..x...x|.. + 800df73: 06800f82 fe038700 7ffcc31f 820014e0 ................ + 800df83: 000378f0 00071f81 0fff0387 e07ff881 .x.............. + 800df93: f0820014 81000378 8700071e 0003ff03 ....x........... + 800dfa3: 14c0ff40 f0e08200 1e810003 01820007 @............... + 800dfb3: 820003ff 0013c0ff f0e00183 1e810003 ................ + 800dfc3: 01870007 000080ff 0013c0ff f0e00183 ................ + 800dfd3: 0e810003 01870007 0100c0ff 001380ff ................ + 800dfe3: 70e00183 0f810003 ff860008 ff0300c0 ...p............ + 800dff3: 82001380 0004e001 00080f81 00e0ff85 ................ + 800e003: 0014ff07 04e00182 080f8100 f87f8500 ................ + 800e013: 14ff0f00 e0018200 0f810004 ff860008 ................ + 800e023: ff3f00fc 82001380 0004e001 00070f81 ..?............. + 800e033: ffff0387 c0ffff80 01820013 810004e0 ................ + 800e043: 8700070f ff3ff007 13e00ffc e0018200 ......?......... + 800e053: 0f810004 07870007 f8ff1fc0 0013f003 ................ + 800e063: 04e00182 070e8100 800f8700 00f8ff1f ................ + 800e073: 810014f8 810004e0 8700071e 3e1f001f ...............> + 800e083: 14780078 04f08100 071e8100 001e8700 x.x............. + 800e093: 00f8800f 8100147c 810004f0 8700071e ....|........... + 800e0a3: 810f001e 143c00f8 04f08100 073c8100 ......<.......<. + 800e0b3: 003c8700 00f8c10f 8100143c 81000478 ..<.....<...x... + 800e0c3: 8700073c c30f003c 141c00f0 047c8100 <...<.........|. + 800e0d3: 07788100 003c8700 00f0c30f 8100141c ..x...<......... + 800e0e3: 8100043c 87000778 c30f003c 141e00f0 <...x...<....... + 800e0f3: 043e8100 07f08100 003c8700 00f0c10f ..>.......<..... + 800e103: 8100141e 8200031f 0007f001 07003c87 .............<.. + 800e113: 1e00f0c1 0f860014 03000080 870007e0 ................ + 800e123: c107003c 141e00f0 c00f8600 c0070000 <............... + 800e133: 3c870007 f0810700 00141e00 00e00786 ...<............ + 800e143: 07800f00 003c8700 00e08107 8500141e ......<......... + 800e153: 0000f003 8700083f 8107003c 141e00e0 ....?...<....... + 800e163: fc018500 087e0000 003c8700 00e08007 ......~...<..... + 800e173: 8400151e fc03007f 3c870008 e0800300 ...........<.... + 800e183: 00151e00 1ff83f84 870008f8 8003003e .....?......>... + 800e193: 153c00e0 ff0f8400 0008e0ff ff053f81 ..<..........?.. + 800e1a3: 0015fc81 ffff0384 81000880 81ff051f ................ + 800e1b3: 820016f8 0009fcff ff050f81 0016f081 ................ + 800e1c3: 000a0381 ff050181 297fc081 01820014 ...........).... + 800e1d3: 840006e0 70000004 04810006 01820015 .......p........ + 800e1e3: 87000610 88000004 03010000 15048100 ................ + 800e1f3: 08018200 04870006 00040100 00030100 ................ + 800e203: 00150481 06040182 00048700 00000401 ................ + 800e213: 81000301 93001504 173e0401 5c70d001 ..........>...p\ + 800e223: 00010004 e0870f41 1504f770 04019300 ....A...p....... + 800e233: 30821801 00046288 10410001 88880041 ...0.b....A.A... + 800e243: 93001584 10010401 41041144 00010004 ........D..A.... + 800e253: 01011041 15848804 04019300 1144103f A...........?.D. + 800e263: 00044004 10410001 88040101 93001584 .@....A......... + 800e273: 10410401 40fc1144 00010004 01810f41 ..A.D..@....A... + 800e283: 15848804 04019300 11441041 00004000 ........A.D..@.. + 800e293: 00410401 88040141 93001580 10410801 ..A.A.........A. + 800e2a3: 40003142 04010000 01410041 15808804 B1.@....A.A..... + 800e2b3: 10019300 d0411043 00044084 10238800 ....C.A..@....#. + 800e2c3: 80881041 93001584 103de001 40781040 A.........=.@.x@ + 800e2d3: 70000004 e0800f1d 1a848070 26108100 ...p....p......& + 800e2e3: 10048200 02820026 82002620 477fc001 ....&... &.....G + 800e2f3: ... + +0800e2f6 : + 800e2f6: 0013247f 26c00382 ffff8200 0c860023 .$.....&....#... + 800e306: ffff0700 860022e0 ff1f001e 0022f8ff ....."........". + 800e316: 7f001e86 22fe7ffe 001e8600 ff0180ff ......."........ + 800e326: 1e870022 0000fc03 0021c03f f0071e87 ".......?.!..... + 800e336: e00f0000 1e870021 0000c00f 0021f003 ....!.........!. + 800e346: 801f1e87 f8010000 1e820021 8100043f ........!...?... + 800e356: 820021fc 00047e1e 00217e81 00fc1e87 .!...~...~!..... + 800e366: 3f00c003 1e870021 c00300f8 00211f00 ...?!.........!. + 800e376: 00f01f88 0f00c003 88002080 0300e01f ......... ...... + 800e386: 800700c0 1f880020 c00300e0 20c00700 .... .......... + 800e396: c01f8800 00c00300 0020c003 fcff1f88 .......... ..... + 800e3a6: 0100c003 880020e0 03feff1f e00100c0 ..... .......... + 800e3b6: 1f880020 c003feff 20f00100 ff1f8800 .......... .... + 800e3c6: 00c003fc 0023f000 00c00385 0023f000 ......#.......#. + 800e3d6: 00c00385 0023f000 00c00385 00237800 ......#......x#. + 800e3e6: 00c00385 00237800 00c00385 00237800 .....x#......x#. + 800e3f6: 00c00385 00237800 00c00385 00237800 .....x#......x#. + 800e406: 00c00385 00237800 00c00385 00237800 .....x#......x#. + 800e416: 00e00385 00237800 00f80385 00247800 .....x#......x$. + 800e426: 0000fc84 84002478 7800007f 3f840024 ....x$.....x$..? + 800e436: 24f00080 c00f8400 0024f000 00e00784 ...$......$..... + 800e446: 840024f0 f001e001 c0830025 0026e001 .$......%.....&. + 800e456: 26e00182 e0038200 07820026 820026c0 ...&....&....&.. + 800e466: 00268007 26800f82 271f8100 273f8100 ..&....&...'..?' + 800e476: 227e8100 04078100 22fc8100 800f8600 ..~".......".... + 800e486: f8010000 0f860022 030000c0 860022f0 ...."........".. + 800e496: 0000f007 0022e00f 00fc0386 23c03f00 ......"......?.# + 800e4a6: 80ff8400 0024ff01 7ffe7f84 840024fe ......$......$.. + 800e4b6: f8ffff1f 07840024 25e0ffff ffff8200 ....$......%.... + 800e4c6: 01820026 212a7f80 08f08100 00088300 &.....*!........ + 800e4d6: 81001c1e 83000888 1c210008 08848100 ..........!..... + 800e4e6: 00088400 001b8000 00088281 00000884 ................ + 800e4f6: 8c001b80 12100e82 072e3ae0 0138e8c0 .........:....8. + 800e506: 828c001c 10131111 21003146 1c024418 ........F1.!.D.. + 800e516: 20828c00 82081291 08228020 001c0482 ... .... ."..... + 800e526: 9120828c 20820812 8208e207 8c001c08 .. .... ........ + 800e536: 12912082 08208208 08fe0822 828b001c . .... ."....... + 800e546: 08a28a20 22082082 001d8008 8a20848b .... ."...... . + 800e556: 204608a2 80082208 888c001d 08a20a11 ..F .".......... + 800e566: 6108203a 1c084218 0ef08c00 02084204 : .a.B.......B.. + 800e576: e8a00720 0021083c 00270281 00278281 ...<.!...'...'. + 800e586: 00274481 477f3881 .D'..8.G... + +0800e591 : + 800e591: 0013577f 01001c84 850023c0 02002288 .W.......#...".. + 800e5a1: 84002320 02002088 88840024 23020020 #... ..$... ..# + 800e5b1: fc038500 23424020 10018500 23424420 .... @B#.... DB# + 800e5c1: 10018600 c04f44fc 01850022 42442010 .....DO.".... DB + 800e5d1: 07850023 424420f8 02850023 822a2020 #.... DB#... *. + 800e5e1: 02850023 822a2020 02850023 822a2020 #... *.#... *. + 800e5f1: 20830025 7d7f0211 %.. ...}... + +0800e5fc : + 800e5fc: 0002bc7f 0000fe84 82000801 00198007 ................ + 800e60c: 18000185 00060100 04001084 85001940 ............@... + 800e61c: 000c0001 84000601 20040010 01850019 ........... .... + 800e62c: 01000600 10840006 19100400 00019200 ................ + 800e63c: 00010003 c141071c 04007e04 075c7010 ......A..~...p\. + 800e64c: 01930016 01800100 c2082200 00100421 ........."..!... + 800e65c: 62881004 00158008 00000193 410001c0 ...b...........A + 800e66c: 04114410 11040010 40104104 01930015 .D.......A.@.... + 800e67c: 01e0ff07 44104100 00100411 41041104 .....A.D.......A + 800e68c: 00154010 00000193 410001c0 04114410 .@.........A.D.. + 800e69c: 11040010 c01f4104 01920015 01800100 .....A.......... + 800e6ac: 44104100 00100411 41041104 92001610 .A.D.......A.... + 800e6bc: 00030001 08410001 100411c4 04210400 ......A.......!. + 800e6cc: 00161041 06000193 22000100 8c204207 A..........".B . + 800e6dc: 40040011 40084188 01930015 01000c00 ...@.A.@........ + 800e6ec: 41001cfc 000e74c0 41708007 00158007 ...A.t....pA.... + 800e6fc: 18000183 40810005 fe810020 10820005 .......@ ....... + 800e70c: 82002640 00268008 147f0781 @&....&........ + +0800e71b : + 800e71b: 0014577f 00271081 00271081 00272081 .W....'...'.. '. + 800e72b: 00272081 00274081 00274081 00258081 . '..@'..@'...%. + 800e73b: 81c01f84 810025fc 81002701 81002701 .....%...'...'.. + 800e74b: 81002702 81002702 81002704 147c7f04 .'...'...'....|. + ... + +0800e75d : + 800e75d: 0003ba7f 0026c081 26c01082 c3308500 ......&....&..0. + 800e76d: 06f00100 00078400 001938e0 80c16085 .........8...`.. + 800e77d: 00060801 10810884 85001944 0180c040 ........D...@... + 800e78d: 84000604 40004110 c0030019 06040182 .....A.@........ + 800e79d: 41108400 00194000 40c0808f 201c0401 ...A.@.....@... + 800e7ad: 0070c121 40004110 80850019 040140c0 !.p..A.@.....@.. + 800e7bd: 21872203 41100088 00184000 c0800190 .".!...A.@...... + 800e7cd: 41080160 04112422 e1471000 900018f8 `..A"$....G..... + 800e7dd: 60c08001 2241f001 00001124 40004110 ...`..A"$....A.@ + 800e7ed: 01900018 0160c080 27224100 100000f1 ......`..A"'.... + 800e7fd: 18400041 80019000 00014000 01441541 A.@......@..A.D. + 800e80d: 41100000 00194000 4000808f 15410001 ...A.@.....@..A. + 800e81d: 00000144 40004110 c08f0019 0001c000 D....A.@........ + 800e82d: 11421522 81080000 00194000 8000408f ".B......@...@.. + 800e83d: 081c0001 0000e181 40000107 60830019 ...........@...` + 800e84d: 00258001 26033082 0c0c8200 07820026 ..%..0.&....&... + 800e85d: 24147ff8 ...$.. + +0800e863 : + 800e863: 000f277f 00052081 ff040181 001c8081 .'... .......... + 800e873: 00057081 ff040781 001cf081 0005f881 .p.............. + 800e883: ff040f81 001cf881 0005fc81 ff041f81 ................ + 800e893: 001cfc81 00057e81 003c1e86 1cfe0700 .....~....<..... + 800e8a3: 053f8100 3c1e8600 bf070000 1f82001c ..?....<........ + 800e8b3: 87000480 00003c1e 1b809f07 c00f8200 .....<.......... + 800e8c3: 1e870004 0700003c 001bc08f 04e00782 ....<........... + 800e8d3: 3c1e8700 87070000 82001be0 0004f003 ...<............ + 800e8e3: 003c1e87 f0830700 0182001b 870004f8 ..<............. + 800e8f3: 00003c1e 1cf88107 04fc8100 3c1e8700 .<.............< + 800e903: 80070000 81001cfc 8700047e 00003c1e ........~....<.. + 800e913: 1c7c8007 043f8100 3c1e8700 80070000 ..|...?....<.... + 800e923: 82001c3e 0003801f 003c1e87 1e800700 >.........<..... + 800e933: 0f82001c 820003c0 ff033f1e 1c0e8082 .........?...... + 800e943: e0078200 1e820003 82ff031f 001c0f00 ................ + 800e953: 03f00382 1f1e8200 0082ff03 82001c0f ................ + 800e963: 0003f801 ff0f1e87 0f00feff fc81001d ................ + 800e973: 1e810003 0f810005 7e81001d 1e810003 ...........~.... + 800e983: 0f810005 3f81001d 1e810003 0f810005 .......?........ + 800e993: 1f85001d 1e000080 0f810005 0f85001d ................ + 800e9a3: 1e0000c0 0f810005 078b001d 1e0000e0 ................ + 800e9b3: 807f0000 00180f00 f08aff06 001e0000 ................ + 800e9c3: 00e0ff01 0600180f 00f88aff 03001e00 ................ + 800e9d3: 0f00f0ff ff060018 0000f08a fb07001e ................ + 800e9e3: 180f00f8 057f8100 00e08aff 07001e00 ................ + 800e9f3: 0f007cc0 0f8b001d 1e0000c0 3e800f00 .|.............> + 800ea03: 001d0f00 00801f8b 0f001e00 0f001e00 ................ + 800ea13: 3f81001d 1e870003 1e001e00 001d0f00 ...?............ + 800ea23: 00037e81 1e001e87 0f000e00 fc81001d .~.............. + 800ea33: 1e870003 0f001e00 001c0f00 03f80182 ................ + 800ea43: 001e8700 000f001e 82001c0f 0003f003 ................ + 800ea53: 1e001e87 0f000e00 0782001c 870003e0 ................ + 800ea63: 001e001e 1c0f001e c00f8200 1e870003 ................ + 800ea73: 1e000f00 001c0f00 03801f82 001e8700 ................ + 800ea83: 003e000f 81001c0f 8700043f c007001e ..>.....?....... + 800ea93: 1c0f007c 047e8100 001e8700 00f8fb07 |.....~......... + 800eaa3: 81001c0f 870004fc ff03001e 1b0f00f0 ................ + 800eab3: f8018200 1e870004 e0ff0100 001b0f00 ................ + 800eac3: 04f00382 001e8700 00807f00 82001b0f ................ + 800ead3: 0004e007 00051e81 001b0f81 04c00f82 ................ + 800eae3: 051e8100 1b0f8100 801f8200 1e810004 ................ + 800eaf3: 0f810005 3f81001b 1e810005 0e810005 .......?........ + 800eb03: 7e81001b 1e810005 1e810005 fc81001b ...~............ + 800eb13: 1f810005 fe81ff05 f881001b 0f810005 ................ + 800eb23: fc81ff05 7081001b 07810005 f881ff05 .......p........ + 800eb33: 2081001b 01810005 e081ff05 00192d7f ... .........-.. + 800eb43: 07800f82 031c8100 1a048100 05028100 ................ + 800eb53: 00018400 00032200 001a0481 00050281 .....".......... + 800eb63: 00000184 81000341 81001a04 84000502 ....A........... + 800eb73: 41000001 04810003 028e001a 1cf8c005 ...A............ + 800eb83: 00e00717 c0850f40 8e001a74 04210602 ....@...t.....!. + 800eb93: 00811822 46004000 001a8c20 1104028e "....@.F ....... + 800eba3: 41104100 00400000 1a041144 04028e00 .A.A..@.D....... + 800ebb3: 10410011 40000001 0401c40f 028e001a ..A....@........ + 800ebc3: 7ff81004 00000110 01441040 8e001a04 ........@.D..... + 800ebd3: 04100402 00011040 44104100 001a0401 ....@....A.D.... + 800ebe3: 1004028e 01104004 10410000 1a040144 .....@....A.D... + 800ebf3: 04028e00 10210411 22001001 8c00c410 ......!....".... + 800ec03: 0f8e001a 1ef81084 00e00010 00440f1c ..............D. + 800ec13: 0d4b7f74 t.K... + +0800ec19 : + 800ec19: 0010237f 00272081 00087081 f8e31f83 .#... '..p...... + 800ec29: 7181001c 3f830008 001bfeff 80730e83 ...q...?......s. + 800ec39: 7f830007 001bfeff 80770f83 fc830007 ..........w..... + 800ec49: 001b9fff 08ff0782 3ef08400 001a800f ...........>.... + 800ec59: 078e0382 f0018500 23800700 e0018500 ...........#.... + 800ec69: 1bc00300 e0078200 03850006 c00300c0 ................ + 800ec79: 0183001a 0006e087 00c00385 0019e001 ................ + 800ec89: c403f883 07850007 e0010080 01840018 ................ + 800ec99: 07ee07fc 803f8500 17fc0100 fb7f8500 ......?......... + 800eca9: 07cf0ffe 80ff8500 16ff0000 ff038700 ................ + 800ecb9: 871fdfff 82000580 0003ff01 1580ff82 ................ + 800ecc9: ff0f8700 03bf8fff 82000580 0003f803 ................ + 800ecd9: 15c00f82 ff3f8500 07fe07ff e0038200 ......?......... + 800ece9: 03820003 850015e0 0303807f 820007fc ................ + 800ecf9: 0003c003 15e00182 00fe8500 07f80100 ................ + 800ed09: c0038200 01820003 820014e0 0003f801 ................ + 800ed19: 0007f881 03e00382 c0038200 03820014 ................ + 800ed29: 810003e0 8200077c 0003f803 14c00f82 ....|........... + 800ed39: c0078200 3e810003 01870007 0100c0ff .......>........ + 800ed49: 001480ff 78800f86 081f0000 15ff0500 .......x........ + 800ed59: 031f8700 0f0000f8 81000780 81ff033f ............?... + 800ed69: 870015fc 00f8071e 07c00700 031f8100 ................ + 800ed79: 15f881ff 0f3c8700 030000f8 850007c0 ......<......... + 800ed89: feff3f1e 87001578 00801f7c 07c00300 .?..x...|....... + 800ed99: 3f1e8500 1578fce7 3e788200 07820003 ...?..x...x>.... + 800eda9: 850007c0 fce33f1e 82001578 00037c78 .....?..x...x|.. + 800edb9: 06800f82 fe038700 7ffcc31f 820014e0 ................ + 800edc9: 000378f0 00071f81 0fff0387 e07ff881 .x.............. + 800edd9: f0820014 81000378 8700071e 0003ff03 ....x........... + 800ede9: 14c0ff40 f0e08200 1e810003 01820007 @............... + 800edf9: 820003ff 0013c0ff f0e00183 1e810003 ................ + 800ee09: 01870007 000080ff 0013c0ff f0e00183 ................ + 800ee19: 0e810003 01870007 0100c0ff 001380ff ................ + 800ee29: 70e00183 0f810003 ff860008 ff0300c0 ...p............ + 800ee39: 82001380 0004e001 00080f81 00e0ff85 ................ + 800ee49: 0014ff07 04e00182 080f8100 f87f8500 ................ + 800ee59: 14ff0f00 e0018200 0f810004 ff860008 ................ + 800ee69: ff3f00fc 82001380 0004e001 00070f81 ..?............. + 800ee79: ffff0387 c0ffff80 01820013 810004e0 ................ + 800ee89: 8700070f ff3ff007 13e00ffc e0018200 ......?......... + 800ee99: 0f810004 07870007 f8ff1fc0 0013f003 ................ + 800eea9: 04e00182 070e8100 800f8700 00f8ff1f ................ + 800eeb9: 810014f8 810004e0 8700071e 3e1f001f ...............> + 800eec9: 14780078 04f08100 071e8100 001e8700 x.x............. + 800eed9: 00f8800f 8100147c 810004f0 8700071e ....|........... + 800eee9: 810f001e 143c00f8 04f08100 073c8100 ......<.......<. + 800eef9: 003c8700 00f8c10f 8100143c 81000478 ..<.....<...x... + 800ef09: 8700073c c30f003c 141c00f0 047c8100 <...<.........|. + 800ef19: 07788100 003c8700 00f0c30f 8100141c ..x...<......... + 800ef29: 8100043c 87000778 c30f003c 141e00f0 <...x...<....... + 800ef39: 043e8100 07f08100 003c8700 00f0c10f ..>.......<..... + 800ef49: 8100141e 8200031f 0007f001 07003c87 .............<.. + 800ef59: 1e00f0c1 0f860014 03000080 870007e0 ................ + 800ef69: c107003c 141e00f0 c00f8600 c0070000 <............... + 800ef79: 3c870007 f0810700 00141e00 00e00786 ...<............ + 800ef89: 07800f00 003c8700 00e08107 8500141e ......<......... + 800ef99: 0000f003 8700083f 8107003c 141e00e0 ....?...<....... + 800efa9: fc018500 087e0000 003c8700 00e08007 ......~...<..... + 800efb9: 8400151e fc03007f 3c870008 e0800300 ...........<.... + 800efc9: 00151e00 1ff83f84 870008f8 8003003e .....?......>... + 800efd9: 153c00e0 ff0f8400 0008e0ff ff053f81 ..<..........?.. + 800efe9: 0015fc81 ffff0384 81000880 81ff051f ................ + 800eff9: 820016f8 0009fcff ff050f81 0016f081 ................ + 800f009: 000a0381 ff050181 297fc081 3c810014 ...........)...< + 800f019: 80830007 00080e00 00142081 00072281 ......... ...".. + 800f029: 11008083 20820003 81000304 81001420 ....... .... ... + 800f039: 88000721 80200080 04200000 20810003 !..... ... .... + 800f049: 20820014 87000680 80200080 04200000 ... ...... ... . + 800f059: 14208100 87209400 0e3ae0c2 0080800b .. ... ...:..... + 800f069: 08c20720 82031cfc 001420e0 23802094 ........ ... .# + 800f079: 0c114610 20008040 20082200 10430404 .F..@.. .". ..C. + 800f089: 94001420 08228020 20882082 00200080 ... .".. . .. . + 800f099: 04200822 20082208 20940014 8208e287 ". ..". ... .... + 800f0a9: 80008820 e2072000 08042008 14200822 .... ... ..". . + 800f0b9: 88209400 3f820822 00800088 08220820 .. ."..?.... .". + 800f0c9: 22080420 00142008 22882087 08208208 ..". ... .".. . + 800f0d9: 20890003 20082288 08220804 21870015 ... .". .."....! + 800f0e9: 46082208 00030820 22882089 08042008 .".F .... .". .. + 800f0f9: 00150822 62082294 88103a08 11008000 "....".b.:...... + 800f109: 22186108 08420404 94001420 08a2073c .a."..B. ...<... + 800f119: 00080f02 070e0080 041ce8a0 20088203 ............... + 800f129: 02810018 82810027 44810027 38810027 ....'...'..D'..8 + 800f139: 0019477f .G... + +0800f13e : + 800f13e: 0013247f 26f83f82 feff8200 01840025 .$...?.&....%... + 800f14e: 2480ffff f8038400 0024c03f 07e00784 ...$....?.$..... + 800f15e: 840024e0 f001800f 1f840024 24f80000 .$......$......$ + 800f16e: 001e8400 00247800 00003c84 8600227c .....x$..<..|".. + 800f17e: 003c000e 00223c00 78000f88 003c0000 ..<..<"....x..<. + 800f18e: 880020e0 0078800f e0011e00 07880020 . ....x..... ... + 800f19e: 000078c0 20e0031e e0038800 1e000078 .x..... ....x... + 800f1ae: 0020c007 ff060181 00218081 0022ff06 .. .......!...". + 800f1be: ff047f81 0022fe81 ff047f81 0022fc81 ......".......". + 800f1ce: 00047881 00223c81 00047881 00223c81 .x...<"..x...<". + 800f1de: 00047881 00223c81 00047881 00223c81 .x...<"..x...<". + 800f1ee: 00047881 00223c81 00047881 00223c81 .x...<"..x...<". + 800f1fe: 00047881 00223c81 00047881 00223c81 .x...<"..x...<". + 800f20e: 03007886 223c0080 00788600 3c00c003 .x....<"..x....< + 800f21e: 78860022 00c00300 8600223c c0030078 "..x....<"..x... + 800f22e: 00223c00 03007886 213c00c0 f87f8800 .<"..x....: + 800f3db: 0013247f 26f83f82 feff8200 01840025 .$...?.&....%... + 800f3eb: 2480ffff f8038400 0024c03f 07e00784 ...$....?.$..... + 800f3fb: 840024e0 f001800f 1f840024 24f80000 .$......$......$ + 800f40b: 001e8400 00247800 00003c84 8600227c .....x$..<..|".. + 800f41b: 003c000e 00223c00 78000f88 003c0000 ..<..<"....x..<. + 800f42b: 880020e0 0078800f e0011e00 07880020 . ....x..... ... + 800f43b: 000078c0 20e0031e e0038800 1e000078 .x..... ....x... + 800f44b: 0020c007 ff060181 00218081 0022ff06 .. .......!...". + 800f45b: ff047f81 0022fe81 ff047f81 0022fc81 ......".......". + 800f46b: 00047881 00223c81 00047881 00223c81 .x...<"..x...<". + 800f47b: 00047881 00223c81 00047881 00223c81 .x...<"..x...<". + 800f48b: 00047881 00223c81 00047881 00223c81 .x...<"..x...<". + 800f49b: 00047881 00223c81 00047881 00223c81 .x...<"..x...<". + 800f4ab: 03007886 223c0080 00788600 3c00c003 .x....<"..x....< + 800f4bb: 78860022 00c00300 8600223c c0030078 "..x....<"..x... + 800f4cb: 00223c00 03007886 213c00c0 f87f8800 .<"..x....: + 800f675: 0013247f 26c00182 ffff8200 07840025 .$.....&....%... + 800f685: 24e0ffff ff1f8400 0024f8ff 0ff07f84 ...$......$..... + 800f695: 840024fe ff0000ff 03860023 1f0000f8 .$......#....... + 800f6a5: 860022c0 0000e007 0022e00f 00c00f86 ."........"..... + 800f6b5: 22f00300 031f8100 f8018200 3e810022 ..."........"..> + 800f6c5: 7c810004 7c810022 3e810004 f8860022 ...|"..|...>"... + 800f6d5: 00c00300 8600221f c00300f0 00210f00 ....."........!. + 800f6e5: 00f00188 0f00c003 88002080 0300e001 ......... ...... + 800f6f5: 800700c0 03880020 c00300c0 20c00300 .... .......... + 800f705: c0078800 00c00300 0020c003 00800788 .......... ..... + 800f715: 0100c003 880020e0 03008007 e00100c0 ..... .......... + 800f725: 0f880020 c0030000 20f00000 000f8800 .......... .... + 800f735: 00c00300 0020f000 00000f88 0000c003 ...... ......... + 800f745: 880020f0 0300000e 700000c0 1e880020 . .........p ... + 800f755: c0030000 20780000 001e8800 00c00300 ......x ........ + 800f765: 00207800 00001e88 0000c003 88002078 .x .........x .. + 800f775: 0300001e 780000c0 1e880020 c0030000 .......x ....... + 800f785: 20780000 001e8800 00c00300 00207800 ..x .........x . + 800f795: 00001e88 0000e003 88002078 0300001e ........x ...... + 800f7a5: 780000f0 1e880020 f8030000 20780000 ...x .........x + 800f7b5: 001e8800 00fe0100 00207800 00031e81 .........x ..... + 800f7c5: 00007f84 81002078 8400030e 7000803f ....x ......?..p + 800f7d5: 0f810020 1f840003 20f000e0 030f8100 .......... .... + 800f7e5: e0078400 0020f000 00030f81 00e00384 ...... ......... + 800f7f5: 880020f0 00008007 e001c001 07820020 . .......... ... + 800f805: 82000480 0020e001 04c00782 c0038200 ...... ......... + 800f815: 03820020 820004c0 0020c003 04e00182 ......... ..... + 800f825: 80078200 01820020 820004f0 0021800f .... .........!. + 800f835: 0004f081 00220f81 0004f881 00221e81 ......".......". + 800f845: 00047c81 00223e81 00043e81 00227c81 .|...>"..>...|". + 800f855: 00041f81 0022f881 00c00f86 22f00300 ......"........" + 800f865: e0078600 e0070000 03860022 1f0000f8 ........"....... + 800f875: 840023c0 ff0000ff 7f840024 24fe0ff0 .#......$......$ + 800f885: ff1f8400 0024f8ff ffff0784 820025e0 ......$......%.. + 800f895: 0026ffff 7f800182 8500142a 00f88303 ..&.....*....... + 800f8a5: 8200070e 00090101 09104082 01078300 .........@...... + 800f8b5: 880003c0 00004204 80000011 01860004 .....B.......... + 800f8c5: 00010001 86000480 00104040 00068000 ........@@...... + 800f8d5: 20820883 08880003 20000022 04800080 ... ....".. .... + 800f8e5: 01018600 80000100 40860004 00001040 ...........@@... + 800f8f5: 82000680 00040208 00020888 00002000 ............. .. + 800f905: 82000480 00030101 00058081 00104085 .............@.. + 800f915: 00068000 04020882 0208a400 03200000 .............. . + 800f925: 2e82f083 01010003 f003071f 11100000 ................ + 800f935: 001040c0 2e82f003 3800800b 00040208 .@.........8.... + 800f945: 000204a4 40041000 03318280 00110100 .......@..1..... + 800f955: 00800081 40101100 00001040 0c318280 .......@@.....1. + 800f965: 08440040 a5000402 00f08303 8020080e @.D........... . + 800f975: 00802082 81001101 00008000 40401011 . ............@@ + 800f985: 80000010 20882082 0f3f8200 a30004c0 ..... . ..?..... + 800f995: 01000042 82802008 01008020 00811f11 B.... .. ....... + 800f9a5: 11000080 10404010 82800000 00200820 .....@@..... . . + 800f9b5: 05020882 03228100 e08f9f00 80208280 ......"....... . + 800f9c5: 20290100 00800081 40101100 00001040 ..) .......@@... + 800f9d5: 08208280 08820020 81000502 9f000322 .. . ......."... + 800f9e5: 82800088 00008020 008120aa 0a000080 .... .... ...... + 800f9f5: 104040a0 82800000 00200820 04020882 .@@..... . ..... + 800fa05: 22088a00 88200000 31828000 aa970003 ...".. ....1.... + 800fa15: 80008120 a00a0000 00104040 20828000 .......@@..... + 800fa25: 82002008 00040208 004204ce 20041100 . ........B.... + 800fa35: 032e4688 21440000 30880081 40a00a00 .F....D!...0...@ + 800fa45: 00001040 08204688 08440020 00c00002 @....F . .D..... + 800fa55: f8830300 c0030e00 03203a70 1e440000 ........p: ...D. + 800fa65: 30700081 40400400 00000e38 08203a70 ..p0..@@8...p: . + 800fa75: 08380020 0bc00002 08208100 1e608100 .8....... ...`. + 800fa85: 08208100 1ec08100 27208100 7f208100 .. ....... '.. . + 800fa95: 00001d47 G... + +0800fa99 : + 800fa99: 000e237f 00260881 e0ff0783 1f830025 .#....&.....%... + 800faa9: 0025fcff ffff7f83 01850024 c0ff80ff ..%.....$....... + 800fab9: 1f810005 f881ff03 03850019 e01f00f8 ................ + 800fac9: 7f810005 0019ff04 00e00f85 0005f003 ................ + 800fad9: 8081ff05 1f850018 f8010080 01810004 ................ + 800fae9: c081ff05 3f810018 7c810003 01870004 .......?...|.... + 800faf9: 0000c0e3 0018e07f 00037e81 00043e81 .........~...>.. + 800fb09: c0e30187 f07b0000 78810018 1f810003 ......{....x.... + 800fb19: 01870004 0000c0e3 0018f879 0003f881 ........y....... + 800fb29: 03800f82 e3018700 780000c0 820017fc ...........x.... + 800fb39: 0003f001 03800782 e3018700 780000c0 ...............x + 800fb49: 8200177e 0003e001 03c00382 e3018700 ~............... + 800fb59: 780000c0 8200173f 0003e003 03c00382 ...x?........... + 800fb69: e3018800 780000c0 0016801f 03c00382 .......x........ + 800fb79: e0018200 01880003 0000c0e3 16c00f78 ............x... + 800fb89: c0078200 01820003 880003e0 00c0e301 ................ + 800fb99: c0077800 07820016 81000480 880003f0 .x.............. + 800fba9: 00c0e301 e0037800 07820016 81000480 .....x.......... + 800fbb9: 880003f0 00c0e301 e0017800 07810016 .........x...... + 800fbc9: f0810005 01820003 83ff03e3 16e000f8 ................ + 800fbd9: 050f8100 03708100 e1018200 f083ff03 ......p......... + 800fbe9: 0016f000 00050f81 00037881 03e10182 .........x...... + 800fbf9: 00f083ff 810016f0 8100050f 82000378 ............x... + 800fc09: ff03e001 f000e083 0f810016 78810005 ...............x + 800fc19: 01820003 810005e0 810016f0 8100050f ................ + 800fc29: 82000378 0005e001 0016f081 00050f81 x............... + 800fc39: 00037881 05e00182 16f08100 050f8100 .x.............. + 800fc49: 03788100 e0018200 f0810005 0f810016 ..x............. + 800fc59: 78810005 01820003 810005e0 810016f0 ...x............ + 800fc69: 8100050f 88000370 0700e001 f00000f8 ....p........... + 800fc79: 0f810016 f0810005 01880003 fe1f00e0 ................ + 800fc89: 16f00000 05078100 03f08100 e0018800 ................ + 800fc99: 00ff3f00 0016f000 04800782 03f08100 .?.............. + 800fca9: e0018800 80bf7f00 0016f000 04800782 ................ + 800fcb9: 03f08100 e0018800 c0077c00 0016f000 .........|...... + 800fcc9: 03c00382 e0018200 01880003 03f800e0 ................ + 800fcd9: 16f000e0 c0038200 01820003 880003e0 ................ + 800fce9: f000e001 f000e001 03820016 820003e0 ................ + 800fcf9: 0003c003 01e00188 00e001e0 820016f0 ................ + 800fd09: 0003e001 03c00782 e0018800 e000e001 ................ + 800fd19: 0016f000 03f00182 80078200 01880003 ................ + 800fd29: 00e001e0 17f000f0 03f88100 800f8200 ................ + 800fd39: 01880003 00e001e0 17f000f0 037c8100 ..............|. + 800fd49: 041f8100 e0018800 e000e001 0017f000 ................ + 800fd59: 00033e81 00043e81 01e00188 00e001e0 .>...>.......... + 800fd69: 810017f0 8100033f 8800047f f000e001 ....?........... + 800fd79: f000e001 1f860017 ff0100c0 88000380 ................ + 800fd89: f000e001 f000e003 07860017 f70700e0 ................ + 800fd99: 880003c0 7c00e001 f000c007 03860017 .......|........ + 800fda9: e71f00fc 880003e0 7f00e001 f00080bf ................ + 800fdb9: 01810017 8382ff03 880003f0 3f00e001 ...............? + 800fdc9: f00000ff 7f850018 f801ffff 01880003 ................ + 800fdd9: fe1f00e0 18f00000 ff1f8500 03fc00fc ................ + 800fde9: e0018800 00f80700 0018f000 e0ff0385 ................ + 800fdf9: 00037e00 05e00182 1cf08100 033f8100 .~............?. + 800fe09: e0018200 f0810005 1f86001c 01000080 ................ + 800fe19: 810005e0 86001cf0 0000c00f 0005e001 ................ + 800fe29: 001ce081 00e00786 04e00100 e0018200 ................ + 800fe39: 0385001c 010000f0 e081ff06 0182001c ................ + 800fe49: 060003f8 1dc081ff 03fc8100 057f8100 ................ + 800fe59: 1d8081ff 037e8100 041f8100 1efe81ff ......~......... + 800fe69: 273f8100 271f8100 7f0e8100 8100222a ..?'...'....*".. + 800fe79: 810005e0 82002080 00051001 1f048082 ..... .......... + 800fe89: 08028200 80820005 81001f04 81000602 ................ + 800fe99: 8c002080 1f380002 bce0800b e8800b1c . ....8......... + 800fea9: 018c001c 8c004400 04c21041 1d18410c .....D..A....A.. + 800feb9: 82e08b00 08228800 22080482 8b001d08 ......"....".... + 800fec9: 881f8210 04820002 1d082208 fe088b00 ........."...... + 800fed9: 00028820 22080482 8b001d08 88208008 ......"...... . + 800fee9: 04820002 1c082208 08028c00 02882080 ....."....... .. + 800fef9: 08048208 001c1821 4210018f 10018821 ....!......B!... + 800ff09: 20080482 030c30e8 e08e001a 00881e3c ... .0......<... + 800ff19: 080482e0 0c300820 81002403 82002608 .... .0..$...&.. + 800ff29: 00260802 27100182 7fe08100 00001047 ..&....'....G... + +0800ff39 : + 800ff39: 0001bc7f 00030181 05040182 1c018100 ................ + 800ff49: 00018600 0401c00f 01820005 86001b02 ................ + 800ff59: 40080001 00050401 1b020182 00018600 ...@............ + 800ff69: 0401400c 01810005 0190001c 01400600 .@............@. + 800ff79: 45075c04 0e1df8c0 1874c005 01019000 .\.E......t..... + 800ff89: 0401400f 20c60862 06022304 00188c20 .@..b.. .#.. ... + 800ff99: 99030190 410401c0 04104410 11040241 .......A.D..A... + 800ffa9: 90001804 00f00601 10410401 41fc0044 ..........A.D..A + 800ffb9: 04110402 01900018 0100600c 44104104 .........`...A.D + 800ffc9: 02410401 18041104 08019000 04010000 ..A............. + 800ffd9: 01441041 04024104 00180411 00100190 A.D..A.......... + 800ffe9: 62040100 0401c408 10040241 8100188c ...b....A....... + 800fff9: 8b000401 44075c88 02230c01 18741004 .....\.D..#...t. + 8010009: 04018100 40708b00 f4004400 1004021d ......p@.D...... + 8010019: 81001804 83000501 06400040 18048100 ........@.@..... + 8010029: ff018900 0000e0ff 05401040 04018200 ........@.@..... + 8010039: 4083001e 00068008 001e8881 07074082 ...@.........@.. + 8010049: 7f708100 00001714 ..p..... + +08010051 : + 8010051: 0002b97f 26f80782 0c0c8200 30820026 .......&....&..0 + 8010061: 85002603 01800160 81000404 85001e38 .&..`.......8... + 8010071: 0180c040 84000304 02004480 c003001c @........D...... + 8010081: 03040182 40808400 001c0200 40c08085 .......@.......@ + 8010091: 00040401 001e4081 40c0808f 171c0401 .....@.....@.... + 80100a1: 41408003 74c0050e 01900018 0160c080 ..@A...t......`. + 80100b1: 80182204 02414080 188c2006 80019000 ."...@A.. ...... + 80100c1: 040160c0 81401041 040241f8 00180411 .`..A.@..A...... + 80100d1: e0800190 41040160 40800010 11040241 ....`..A...@A... + 80100e1: 8f001904 00403080 00107f88 02414080 .....0@......@A. + 80100f1: 19041104 18808f00 40880040 40800010 ........@..@...@ + 8010101: 11040241 8f001904 00c000c0 00104050 A...........P@.. + 8010111: 02234080 198c1004 00409300 21500080 .@#.......@...P! + 8010121: 40800010 1004021d 01061874 93001580 ...@....t....... + 8010131: 00800160 00101e20 02014080 18041004 `... ....@...... + 8010141: 15800106 03308200 01810008 04810003 ......0......... + 8010151: 0c820019 8500080c 01000001 82001904 ................ + 8010161: 0008f807 00034281 00238881 00033c81 .....B....#..<.. + 8010171: 147f7081 .p..... + +08010178 : + 8010178: 0014237f 00268081 26c00382 c0038200 .#....&....&.... + 8010188: 03820026 820026c0 0026c003 24c00382 &....&....&....$ + 8010198: c0018500 2303c003 e0038600 c007c003 .......#........ + 80101a8: 07860022 07c003e0 860022e0 c003c00f "........"...... + 80101b8: 0022f003 03001f86 22f800c0 003e8600 .."........"..>. + 80101c8: 7c00c003 7c860022 00c00300 8600223e ...|"..|....>".. + 80101d8: c00300f8 00221f00 0300f086 210f00c0 ......"........! + 80101e8: f0018800 00c00300 0020800f 00e00388 .......... ..... + 80101f8: 0700c003 88002080 0300c003 c00300c0 ..... .......... + 8010208: 07880020 c00300c0 20c00300 80078800 .......... .... + 8010218: 00c00300 0020e001 00800788 0100c003 ...... ......... + 8010228: 880020e0 0300000f f00000c0 0f880020 . .......... ... + 8010238: c0030000 20f00000 000f8800 00c00300 ....... ........ + 8010248: 0020f000 00000e88 0000c003 88002070 .. .........p .. + 8010258: 0300001e 780000c0 1e880020 c0030000 .......x ....... + 8010268: 20780000 001e8800 00c00300 00207800 ..x .........x . + 8010278: 00001e88 0000c003 88002078 0300001e ........x ...... + 8010288: 780000c0 1e880020 c0030000 20780000 ...x .........x + 8010298: 001e8800 00c00300 00207800 00001e88 .........x ..... + 80102a8: 0000c003 88002078 0300001e 780000c0 ....x .........x + 80102b8: 1e810020 78810006 1e810020 78810006 ......x ......x + 80102c8: 1e810020 70810006 0f810020 f0810006 ......p ....... + 80102d8: 0f810020 f0810006 0f810020 f0810006 ....... ....... + 80102e8: 07820020 82000480 0020e001 04800782 ......... ..... + 80102f8: e0018200 07820020 820004c0 0020c003 .... ......... . + 8010308: 04c00382 c0038200 03820020 820004e0 ........ ....... + 8010318: 00208007 04f00182 800f8200 f0810021 .. .........!... + 8010328: 0f810004 f8810022 1f810004 7c810022 ...."......."..| + 8010338: 3e810004 3e810022 7c810004 1f810022 ...>"..>...|"... + 8010348: f8810004 0f860022 030000c0 860022f0 ...."........".. + 8010358: 0000e007 0022e007 00f80386 23c01f00 ......"........# + 8010368: 00ff8400 0024ff00 0ff07f84 840024fe ......$......$.. + 8010378: f8ffff1f 07840024 25e0ffff ffff8200 ....$......%.... + 8010388: 01820026 212a7f80 03388100 00088400 &.....*!..8..... + 8010398: 00044040 001b8081 00034481 40000884 @@.......D.....@ + 80103a8: 81000441 81001b80 84000382 41400008 A.............@A + 80103b8: 80810004 8081001b 08840003 04404000 .............@@. + 80103c8: 1b808100 0e808d00 00e88003 e0024740 ............@G.. + 80103d8: 1b800e38 11408d00 00184104 10034144 8.....@..A..DA.. + 80103e8: 1b801144 20388d00 00082288 08024144 D.....8 ."..DA.. + 80103f8: 1b802082 20048d00 00082288 08024144 . ..... ."..DA.. + 8010408: 1b802082 3f028d00 0008e28f 0802414a . .....?....JA.. + 8010418: 1b8020fe 20028d00 00080208 0802812a . ..... ....*... + 8010428: 1b802080 20828d00 00080208 1003812a . ..... ....*... + 8010438: 1b802080 10448d00 00182184 e0020111 . ....D..!...... + 8010448: 1b801142 0f388d00 00e8c003 00020111 B.....8......... + 8010458: 23800e3c 27028100 27028100 27028100 <..#...'...'...' + 8010468: 7f028100 00001147 65737361 64007472 ....G...assert.d + 8010478: 676e776f 65646172 67697300 69616620 owngrade.sig fai + 8010488: 6f6e006c 72696620 7261776d 61460065 l.no firmware.Fa + 8010498: 726f7463 6f622079 5700746f 3a4e5241 ctory boot.WARN: + 80104a8: 64655220 67696c20 57007468 3a4e5241 Red light.WARN: + 80104b8: 736e5520 656e6769 69662064 61776d72 Unsigned firmwa + 80104c8: 47006572 20646f6f 6d726966 65726177 re.Good firmware + 80104d8: 726f6300 74707572 72696620 7261776d .corrupt firmwar + 80104e8: e. + +080104ea : + 80104ea: 2641cbb4 f36ce1f7 71b4f28f 0123fb1d ..A&..l....q..#. + 80104fa: 66d6760d 6ca38aa7 f6f9539b 0518587b .v.f...l.S..{X.. + 801050a: e93b0b58 b89fc431 113c0444 470f0896 X.;.1...D.<....G + 801051a: 37ed2581 4a9e237a 3818b7af da0438ba .%.7z#.J...8.8.. + 801052a: 1dc8a2d6 df5e811c 6d290ca6 8d8f57b8 ......^...)m.W.. + 801053a: 9269295e c178d1ce 31d7207b b596a17b ^)i...x.{ .1{... + 801054a: 0c1bef3d c31a79aa c8c45845 ffeb2d8a =....y..EX...-.. + 801055a: 01829bfe bc5e5f87 4fe5a596 9ffe68c7 ....._^....O.h.. + 801056a: 0166ef42 95cfc456 38f0b5f4 c5261164 B.f.V......8d.&. + 801057a: 66c13999 14120632 689c254c bad38c35 .9.f2...L%.h5... + 801058a: 8cde7824 6cdfab52 7809bfb8 3a63bb03 $x..R..l...x..c: + 801059a: 0ed90111 8f737aa4 7f3b18bf c87b0af0 .....zs...;...{. + 80105aa: 56546067 c5ec0c82 0882bc1d ef39c116 g`TV..........9. + 80105ba: 32babff5 e35fce7c d7621e74 4cc5fce9 ...2|._.t.b....L + 80105ca: 8d11e88a 13c2adc3 2a4f2992 a4f8d2ea .........)O*.... + 80105da: fe7cd5c4 3b450512 07598954 88d7d6da ..|...E;T.Y..... + 80105ea: 37cfb143 1f897cd2 f3acfe5b 95fc33ba C..7.|..[....3.. + 80105fa: dde7d981 14ef9525 bb97efdd a7d8f333 ....%.......3... + 801060a: 977a2b34 73aab3ba 32419de7 17a1fcd8 4+z....s..A2.... + 801061a: fe0bb566 89214063 8e7b92c9 590bdf72 f...c@!...{.r..Y + 801062a: 76dc5cd0 30dd3016 56f180c2 61a85c26 .\.v.0.0...V&\.a + 801063a: 69694fd7 3d57b8e5 582ae235 c69acedd .Oii..W=5.*X.... + 801064a: 2b1ca945 8efc010c 13513fbf 137c7e80 E..+.....?Q..~|. + 801065a: 5e4b4fd5 d59b4c9b e0d81d9e 2246c0ad .OK^.L........F" + 801066a: 20314553 666e6f63 66206769 006c6961 SE1 config fail. + 801067a: 72726f63 20747075 72696170 63657320 corrupt pair sec + 801068a: 75636d00 6c756620 7562006c 66206e72 .mcu full.burn f + 801069a: 3a6c6961 76210020 64696c61 6162003f ail: .!valid?.ba + 80106aa: 61762064 66003f6c 20747361 63697262 d val?.fast bric + 80106ba: 2e2e2e6b 64200020 00656e6f 79706f43 k... . done.Copy + 80106ca: 68676972 30322074 202d3831 43207962 right 2018- by C + 80106da: 6b6e696f 20657469 2e636e49 206f6e00 oinkite Inc..no + 80106ea: 00726573 66206b77 0016006c 01410800 ser.wk fl.....A. + ... + 8010706: 000000ee 006100e1 218f0000 438f808f ......a....!...C + 8010716: 430080af 20834300 43c343c3 43c343c3 ...C.C. .C.C.C.C + 8010726: 43c343c3 0000438f ffffffff 00000000 .C.C.C.......... + 8010736: ffffffff 00000000 00000000 000000f0 ................ + ... + 801074e: 00001502 003c0000 01bc005c 01bc01fc ......<.\....... + 801075e: 01dc01dc 03dc03d1 03dc03dc 03dc03dc ................ + 801076e: 01dc03dc 0001003c 00120000 00000000 ....<........... + 801077e: 00010000 00080000 02000000 00020000 ................ + 801078e: 00000000 00010000 00070000 .............. + +0801079c : + 801079c: 0d0c0b09 .... + +080107a0 : + 80107a0: 2e302e31 69742033 323d656d 30343230 1.0.3 time=20240 + 80107b0: 2e373032 30353031 67203033 513d7469 207.105030 git=Q + 80107c0: 39646240 66356631 000a0d00 @bd91f5f.... + +080107cc : + 80107cc: 33323130 37363534 62613938 66656463 0123456789abcdef + 80107dc: 41525350 6166204d 50006c69 203a5253 PSRAM fail.PSR: + 80107ec: 6164616e 52535000 6321203a 6b636568 nada.PSR: !check + 80107fc: 52535000 6576203a 6f697372 0000006e .PSR: version... + 801080c: 0000fc00 00000002 00000000 00000003 ................ + 801081c: 0000000a 00000008 00000010 676e6f6c ............long + 801082c: 61657220 61662064 44006c69 70205546 read fail.DFU p + 801083c: 65737261 69616620 6f67006c 6620646f arse fail.good f + 801084c: 776d7269 00657261 6e6f7277 6f772067 irmware.wrong wo + 801085c: 00646c72 61636473 735f6472 63726165 rld.sdcard_searc + 801086c: 00203a68 61636473 705f6472 65626f72 h: .sdcard_probe + 801087c: 6900203a 2074696e 6c696166 65707300 : .init fail.spe + 801088c: 77006465 00656469 7a697362 6f003f65 ed.wide.bsize?.o + 801089c: 6166006b 72206c69 00646165 53756644 k.fail read.DfuS + 80108ac: 6f660065 20646e75 52002040 766f6365 e.found @ .Recov + 80108bc: 20797265 65646f6d 0000002e 00001f00 ery mode........ + 80108cc: 00000002 00000001 00000003 0000000c ................ + 80108dc: 00000004 00000002 00000001 00000003 ................ + 80108ec: 0000000c .... + +080108f0 : + 80108f0: 01002008 fffffc2f fffffffe ffffffff . ../........... + 8010900: ffffffff ffffffff ffffffff ffffffff ................ + 8010910: ffffffff d0364141 bfd25e8c af48a03b ....AA6..^..;.H. + 8010920: baaedce6 fffffffe ffffffff ffffffff ................ + 8010930: ffffffff 16f81798 59f2815b 2dce28d9 ........[..Y.(.- + 8010940: 029bfcdb ce870b07 55a06295 f9dcbbac .........b.U.... + 8010950: 79be667e fb10d4b8 9c47d08f a6855419 ~f.y......G..T.. + 8010960: fd17b448 0e1108a8 5da4fbfc 26a3c465 H..........]e..& + 8010970: 483ada77 00000007 00000000 00000000 w.:H............ + ... + 8010994: 08006939 080061bd 08006393 08005fa9 9i...a...c..._.. + +080109a4 : + 80109a4: 01002008 ffffffff ffffffff ffffffff . .............. + ... + 80109c0: 00000001 ffffffff fc632551 f3b9cac2 ........Q%c..... + 80109d0: a7179e84 bce6faad ffffffff ffffffff ................ + 80109e0: 00000000 ffffffff d898c296 f4a13945 ............E9.. + 80109f0: 2deb33a0 77037d81 63a440f2 f8bce6e5 .3.-.}.w.@.c.... + 8010a00: e12c4247 6b17d1f2 37bf51f5 cbb64068 GB,....k.Q.7h@.. + 8010a10: 6b315ece 2bce3357 7c0f9e16 8ee7eb4a .^1kW3.+...|J... + 8010a20: fe1a7f9b 4fe342e2 27d2604b 3bce3c3e .....B.OK`.'><.; + 8010a30: cc53b0f6 651d06b0 769886bc b3ebbd55 ..S....e...vU... + 8010a40: aa3a93e7 5ac635d8 08006a81 080061bd ..:..5.Z.j...a.. + 8010a50: 08006a27 08006025 'j..%`.. + +08010a58 : + ... + 8010a60: 04030201 09080706 ........ + +08010a68 : + 8010a68: 00000000 04030201 ........ + +08010a70 : + 8010a70: 000186a0 00030d40 00061a80 000c3500 ....@........5.. + 8010a80: 000f4240 001e8480 003d0900 007a1200 @B........=...z. + 8010a90: 00f42400 016e3600 01e84800 02dc6c00 .$...6n..H...l.. + 8010aa0: 20727463 3f746573 00702100 00006000 ctr set?.!p..`.. + 8010ab0: 00000012 00000000 00000003 00000004 ................ + +08010ac0 : + 8010ac0: 00008000 .... + +Disassembly of section .relocate: + +2009e000 : +{ +2009e000: b530 push {r4, r5, lr} + while(__HAL_FLASH_GET_FLAG(FLASH_FLAG_BSY)) { +2009e002: 4920 ldr r1, [pc, #128] ; (2009e084 ) +2009e004: 690c ldr r4, [r1, #16] +2009e006: 03e5 lsls r5, r4, #15 +2009e008: d4fc bmi.n 2009e004 + uint32_t error = (FLASH->SR & FLASH_FLAG_SR_ERRORS); +2009e00a: 690d ldr r5, [r1, #16] + if(error) { +2009e00c: 4c1e ldr r4, [pc, #120] ; (2009e088 ) +2009e00e: 4225 tst r5, r4 +2009e010: d104 bne.n 2009e01c + if (__HAL_FLASH_GET_FLAG(FLASH_FLAG_EOP)) { +2009e012: 690c ldr r4, [r1, #16] +2009e014: 07e4 lsls r4, r4, #31 + __HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP); +2009e016: bf44 itt mi +2009e018: 2401 movmi r4, #1 +2009e01a: 610c strmi r4, [r1, #16] + FLASH->SR = FLASH->SR & FLASH_FLAG_SR_ERRORS; +2009e01c: 4919 ldr r1, [pc, #100] ; (2009e084 ) +2009e01e: 4d1a ldr r5, [pc, #104] ; (2009e088 ) +2009e020: 690c ldr r4, [r1, #16] +2009e022: 402c ands r4, r5 +2009e024: 610c str r4, [r1, #16] + __HAL_FLASH_DATA_CACHE_DISABLE(); +2009e026: 680c ldr r4, [r1, #0] +2009e028: f424 6480 bic.w r4, r4, #1024 ; 0x400 +2009e02c: 600c str r4, [r1, #0] + CLEAR_BIT(FLASH->CR, (FLASH_CR_PG | FLASH_CR_MER1 | FLASH_CR_PER | FLASH_CR_PNB)); // added +2009e02e: 694c ldr r4, [r1, #20] +2009e030: f424 64ff bic.w r4, r4, #2040 ; 0x7f8 +2009e034: f024 0407 bic.w r4, r4, #7 +2009e038: 614c str r4, [r1, #20] + SET_BIT(FLASH->CR, FLASH_CR_PG); +2009e03a: 694c ldr r4, [r1, #20] +2009e03c: f044 0401 orr.w r4, r4, #1 +2009e040: 614c str r4, [r1, #20] + *(__IO uint32_t *)(address) = (uint32_t)val; +2009e042: 6002 str r2, [r0, #0] + __ASM volatile ("isb 0xF":::"memory"); +2009e044: f3bf 8f6f isb sy + *(__IO uint32_t *)(address+4) = (uint32_t)(val >> 32); +2009e048: 6043 str r3, [r0, #4] + while(__HAL_FLASH_GET_FLAG(FLASH_FLAG_BSY)) { +2009e04a: 690b ldr r3, [r1, #16] +2009e04c: 03da lsls r2, r3, #15 +2009e04e: d4fc bmi.n 2009e04a + uint32_t error = (FLASH->SR & FLASH_FLAG_SR_ERRORS); +2009e050: 6908 ldr r0, [r1, #16] + if(error) { +2009e052: 4028 ands r0, r5 +2009e054: d104 bne.n 2009e060 + if (__HAL_FLASH_GET_FLAG(FLASH_FLAG_EOP)) { +2009e056: 690b ldr r3, [r1, #16] +2009e058: 07db lsls r3, r3, #31 + __HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP); +2009e05a: bf44 itt mi +2009e05c: 2301 movmi r3, #1 +2009e05e: 610b strmi r3, [r1, #16] + CLEAR_BIT(FLASH->CR, FLASH_CR_PG); +2009e060: 4b08 ldr r3, [pc, #32] ; (2009e084 ) +2009e062: 695a ldr r2, [r3, #20] +2009e064: f022 0201 bic.w r2, r2, #1 +2009e068: 615a str r2, [r3, #20] + __HAL_FLASH_DATA_CACHE_RESET(); +2009e06a: 681a ldr r2, [r3, #0] +2009e06c: f442 5280 orr.w r2, r2, #4096 ; 0x1000 +2009e070: 601a str r2, [r3, #0] +2009e072: 681a ldr r2, [r3, #0] +2009e074: f422 5280 bic.w r2, r2, #4096 ; 0x1000 +2009e078: 601a str r2, [r3, #0] + __HAL_FLASH_DATA_CACHE_ENABLE(); +2009e07a: 681a ldr r2, [r3, #0] +2009e07c: f442 6280 orr.w r2, r2, #1024 ; 0x400 +2009e080: 601a str r2, [r3, #0] +} +2009e082: bd30 pop {r4, r5, pc} +2009e084: 40022000 .word 0x40022000 +2009e088: 0002c3fa .word 0x0002c3fa + +2009e08c : + if(page_num < ((BL_FLASH_SIZE + BL_NVROM_SIZE) / FLASH_ERASE_SIZE)) { +2009e08c: 4b2d ldr r3, [pc, #180] ; (2009e144 ) +2009e08e: 4003 ands r3, r0 +{ +2009e090: b510 push {r4, lr} + if(page_num < ((BL_FLASH_SIZE + BL_NVROM_SIZE) / FLASH_ERASE_SIZE)) { +2009e092: 2b00 cmp r3, #0 +2009e094: d054 beq.n 2009e140 + while(__HAL_FLASH_GET_FLAG(FLASH_FLAG_BSY)) { +2009e096: 4b2c ldr r3, [pc, #176] ; (2009e148 ) + page_num &= 0xff; +2009e098: f3c0 3207 ubfx r2, r0, #12, #8 + while(__HAL_FLASH_GET_FLAG(FLASH_FLAG_BSY)) { +2009e09c: 6919 ldr r1, [r3, #16] +2009e09e: 03c9 lsls r1, r1, #15 +2009e0a0: d4fc bmi.n 2009e09c + uint32_t error = (FLASH->SR & FLASH_FLAG_SR_ERRORS); +2009e0a2: 691c ldr r4, [r3, #16] + if(error) { +2009e0a4: 4929 ldr r1, [pc, #164] ; (2009e14c ) +2009e0a6: 420c tst r4, r1 +2009e0a8: d104 bne.n 2009e0b4 + if (__HAL_FLASH_GET_FLAG(FLASH_FLAG_EOP)) { +2009e0aa: 6919 ldr r1, [r3, #16] +2009e0ac: 07cc lsls r4, r1, #31 + __HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP); +2009e0ae: bf44 itt mi +2009e0b0: 2101 movmi r1, #1 +2009e0b2: 6119 strmi r1, [r3, #16] + FLASH->SR = FLASH->SR & 0xffff; +2009e0b4: 4b24 ldr r3, [pc, #144] ; (2009e148 ) +2009e0b6: 6919 ldr r1, [r3, #16] +2009e0b8: b289 uxth r1, r1 +2009e0ba: 6119 str r1, [r3, #16] + __HAL_FLASH_DATA_CACHE_DISABLE(); +2009e0bc: 6819 ldr r1, [r3, #0] +2009e0be: f421 6180 bic.w r1, r1, #1024 ; 0x400 +2009e0c2: 6019 str r1, [r3, #0] + SET_BIT(FLASH->CR, FLASH_CR_BKER); +2009e0c4: 6959 ldr r1, [r3, #20] + if(bank2) { +2009e0c6: f010 6ffe tst.w r0, #133169152 ; 0x7f00000 + SET_BIT(FLASH->CR, FLASH_CR_BKER); +2009e0ca: bf14 ite ne +2009e0cc: f441 6100 orrne.w r1, r1, #2048 ; 0x800 + CLEAR_BIT(FLASH->CR, FLASH_CR_BKER); +2009e0d0: f421 6100 biceq.w r1, r1, #2048 ; 0x800 +2009e0d4: 6159 str r1, [r3, #20] + MODIFY_REG(FLASH->CR, FLASH_CR_PNB, (page_num << POSITION_VAL(FLASH_CR_PNB))); +2009e0d6: 6959 ldr r1, [r3, #20] + uint32_t result; + +#if ((defined (__ARM_ARCH_7M__ ) && (__ARM_ARCH_7M__ == 1)) || \ + (defined (__ARM_ARCH_7EM__ ) && (__ARM_ARCH_7EM__ == 1)) || \ + (defined (__ARM_ARCH_8M_MAIN__ ) && (__ARM_ARCH_8M_MAIN__ == 1)) ) + __ASM volatile ("rbit %0, %1" : "=r" (result) : "r" (value) ); +2009e0d8: f44f 63ff mov.w r3, #2040 ; 0x7f8 +2009e0dc: f421 61ff bic.w r1, r1, #2040 ; 0x7f8 +2009e0e0: fa93 f3a3 rbit r3, r3 + */ + if (value == 0U) + { + return 32U; + } + return __builtin_clz(value); +2009e0e4: fab3 f383 clz r3, r3 +2009e0e8: 409a lsls r2, r3 +2009e0ea: 4b17 ldr r3, [pc, #92] ; (2009e148 ) +2009e0ec: 430a orrs r2, r1 +2009e0ee: 615a str r2, [r3, #20] + SET_BIT(FLASH->CR, FLASH_CR_PER); +2009e0f0: 695a ldr r2, [r3, #20] +2009e0f2: f042 0202 orr.w r2, r2, #2 +2009e0f6: 615a str r2, [r3, #20] + SET_BIT(FLASH->CR, FLASH_CR_STRT); +2009e0f8: 695a ldr r2, [r3, #20] +2009e0fa: f442 3280 orr.w r2, r2, #65536 ; 0x10000 +2009e0fe: 615a str r2, [r3, #20] + while(__HAL_FLASH_GET_FLAG(FLASH_FLAG_BSY)) { +2009e100: 691a ldr r2, [r3, #16] +2009e102: 03d1 lsls r1, r2, #15 +2009e104: d4fc bmi.n 2009e100 + uint32_t error = (FLASH->SR & FLASH_FLAG_SR_ERRORS); +2009e106: 6918 ldr r0, [r3, #16] +2009e108: 4a10 ldr r2, [pc, #64] ; (2009e14c ) + if(error) { +2009e10a: 4010 ands r0, r2 +2009e10c: d104 bne.n 2009e118 + if (__HAL_FLASH_GET_FLAG(FLASH_FLAG_EOP)) { +2009e10e: 691a ldr r2, [r3, #16] +2009e110: 07d2 lsls r2, r2, #31 + __HAL_FLASH_CLEAR_FLAG(FLASH_FLAG_EOP); +2009e112: bf44 itt mi +2009e114: 2201 movmi r2, #1 +2009e116: 611a strmi r2, [r3, #16] + CLEAR_BIT(FLASH->CR, (FLASH_CR_PER | FLASH_CR_PNB)); +2009e118: 4b0b ldr r3, [pc, #44] ; (2009e148 ) +2009e11a: 695a ldr r2, [r3, #20] +2009e11c: f422 62ff bic.w r2, r2, #2040 ; 0x7f8 +2009e120: f022 0202 bic.w r2, r2, #2 +2009e124: 615a str r2, [r3, #20] + __HAL_FLASH_DATA_CACHE_RESET(); +2009e126: 681a ldr r2, [r3, #0] +2009e128: f442 5280 orr.w r2, r2, #4096 ; 0x1000 +2009e12c: 601a str r2, [r3, #0] +2009e12e: 681a ldr r2, [r3, #0] +2009e130: f422 5280 bic.w r2, r2, #4096 ; 0x1000 +2009e134: 601a str r2, [r3, #0] + __HAL_FLASH_DATA_CACHE_ENABLE(); +2009e136: 681a ldr r2, [r3, #0] +2009e138: f442 6280 orr.w r2, r2, #1024 ; 0x400 +2009e13c: 601a str r2, [r3, #0] +} +2009e13e: bd10 pop {r4, pc} + return 1; +2009e140: 2001 movs r0, #1 +2009e142: e7fc b.n 2009e13e +2009e144: 07fe0000 .word 0x07fe0000 +2009e148: 40022000 .word 0x40022000 +2009e14c: 0002c3fa .word 0x0002c3fa