BIP AbstractJTAGProtocol
BIP: ? Title: Abstract JTAG Protocol Author: Luke Dashjr <[email protected]> Status: Draft Type: Standards Track Created: 14-07-2012
Contents
Abstract
Specification
This protocol is designed to be spoken only over a reliable (including error correction) lower-level protocol, such as USB-Serial or USB-CDC, to a local device.
Packet Format
- 4 bytes: magic: always fd414a50
- 1 byte: packet length/type
- N bytes: packet data
- 2 bytes: packet data BSD “sum1” checksum
Packet length/types:
- 00 — Abort
- 01 to ef — Data packet length (1 to 239 bytes)
- f0 to fc — Reserved
- fd — Bad packet (command aborted)
- fe — ACK
- ff — End of command
ACK should be sent in response to each 239-byte packet. Bulk data transfers, such as bitstream uploads, should wait until ACK is received before sending more packets.
Checksum must include the complete packet up until the checksum itself; this is not used to prevent corruption (USB already guarantees that), but rather to avoid acting when something foreign sends stuff (possibly intermixed with a real AJP packet). If the checksum does not match, the device should send a “fd” packet back and ignore the content.
Note that while Abort packets abort the entire command, but do not guarantee it had no effect.
Anything up to the initial magic is ignored.
Command Format
- 1 byte: request id
- 1 byte: command id
- Cx — JTAG interface commands
- Dx — Replies to JTAG interface commands
- Ex — JAP Controller commands
- Fx — Replies to JAP Controller commands
- 1 byte: device number (ignored for some commands)
- 00 is the controller
- 01 to fe are JTAG devices
- ff for “all JTAG devices”
- 1 byte: status (should always be 00 for requests)
- 00 — success
- 80 — failure
- N bytes: data
Commands less than 4 bytes should be ignored. Additional data beyond what is expected should be ignored.
Commands
c0 — clock
Request Data:
- 1 byte: bit field (bitwise OR’d)
- 10 — return TDI status
- 01 to 03 — number of clocks to ignore at the end
- N bytes: two bits per clock
- 1 bit: TMS high
- 1 bit: TDO high
Reply Data (only if reading):
- N bytes: one bit per clock
- 1 bit: TDI high
c1 — read/write register
Note that data is written/read in big endian bit order. This means that the first bit written/read is 80, then 40, and so on. If you are not using a multiple of 8 bits, this is still the case; for example, if you read 7 bits all high, you will get fe, not 7f.
Request Data:
- 1 byte: bit values (bitwise or’d)
- Mode:
- 00 — Continue already-started r/w
- 80 — Start r/w of DR register
- 40 — Start r/w of IR register
- 20 — Finish r/w
- 10 — Read+Write (default is Write only)
- 01 to 07 — Don’t do last N bits of data
- Mode:
- N bytes: data to write
Reply Data (may be parallel with request):
- N bytes: data read (only if Read+Write set in request)
c2 — reset
(No Request or Reply Data)
c3 — run
Request Data:
- 1 byte: number of iterations to run
e0 — ping
Device number ignored. Replies with same data as request
e1 — get device count
Device number ignored. May be required before device access.
Reply Data:
- 1 byte: number of devices
- N bytes:
- 1 byte: device id number
e2 — hardware version
Note: Only expected to work for controller
Reply Data:
- 4 bytes: hardware version (big endian)
- 2 bytes: hardware vendor id authority
- 0000 — USB
- ffff — Ad-hoc
- 1 byte: length of hardware vendor id
- N bytes: hardware vendor id (binary)
- 1 byte: length of hardware device id
- N bytes: hardware device id (binary)
- 1 byte: length of hardware serial number
- N bytes: hardware serial number (UTF-8)
- 1 byte: length of human-readable hardware model
- N bytes: human-readable hardware model/version string (UTF-8)
e3 — software version
Note: Only expected to work for controller
Reply Data:
- 4 bytes: software version (big endian)
- ffffffff — Unknown
- 1 byte: length of software-specific unique identifier (git commit?)
- N bytes: software-specific unique identifier
- 1 byte: length of human-readable software name
- N bytes: human-readable hardware model/version string (UTF-8)
- 2 byte: number of AJP features supported
e4 — device capabilities
Reply Data:
- 2*N bytes: supported capabilities
- c000 — JTAG protocol commands
- e50x — watch/poll command, with up to X concurrent watches
e5 — watch/poll
Request Data:
- 1 byte: how long to watch, in 1/0x10000th of a day (about 1.32 seconds)
- 00 — cancel watch
- ff — never expire
- 2 bytes: how often to poll, in 1/0x1000000th of a day (about 0.005 seconds)
- 0000 — constantly poll
- 2d83 — about once a minute
- N bytes: packets to send
Reply (immediately for all, and whenever results change individually):
- Same as if the packets were received directly
Examples
Reset the command queue
To reset the command queue, send 243 zero bytes followed by the Abort packet (fd414a50 00 7052); this will pad-out any “open” packet, and abort any open command.
It is also advisable to cancel any watch active: fd414a50 05 00e50000 00 5b9f