Re: Confused about Flash


John Larkin wrote:
One of my engineers left to go Indonesia and teach, or something, and
I have inherited 17,000 lines of really ghastly, buggy, ugly assembly
code for an embedded product. It looks easier to rewrite it from
scratch than to try to fix it, so that keeps me off the streets for
the rest of the month.

This thing has an ST flash chip, M29W400BB, which is 4M bits, used in
256kx16 mode. The data*** is typically confusing. So please check me
on this:

If I write a secret combination of words to a secret list of addresses
in the chip, six writes total, I can tell it to erase one of its 11
sub-blocks of memory. Apparently I can't do normal reads during erase,
so I can't run the code out of the same flash I'm erasing. I have to
erase a block (to all 1's, like an eprom) before I can program it. A
block erase can take up to 6 seconds, but I can poll it to see when
it's done. Apparently I select which block is to be erased by writing
0x30 into any address of that block, as the last operation of the
erase command.

(The data*** is cute. I's not obvious whether writing to address
"BA" means "write to address 0xBA" or "write to an address in the
block". Seems like the latter makes sense.)

Write 0xAA to 0x555
0x55 to 0x2AA
0x80 to 0x555
0xAA to 0x555
0x55 to 0x2AA
0x30 to any address in block to be erased

wait 6 secs or poll for erase done


Programming flash is less clear. Apparently I execute a chunk of
secret writes, one for each word I want to load, each with three
command code writes followed by an address+data word write. "The final
write operation... starts the write state machine." I assume from this
that the actual burn of a single word begins after each
poke-a-write-word command sequence, and it seems to take 10 us typ,
200 us max, and is again pollable for done.

Write 0xAA to 0x555
0x55 to 0x2AA
0xA0 to 0X555
data to target address

wait 200 usec or poll for write done


It sounds like here, once I erase a whole block, I can program any
addresses within that block, as many or as few as I like, at any
desired addresses, at any time. There seems to be no time constraints
on how long it takes me to do this.

During erase or program, I again can't execute code out of flash, so
I'll have to relocate the flash erase and write routines into CPU ram
and run them from there.

Of course the data*** has no straightforward "to write a block, do
this..." stuff, or any examples.


Oh well, even if nobody answers this post, just typing it has helped
me figure out what's probably going on.


John

You may also want to reference this link:

http://www.ate.agilent.com/pcb_test/ent_all/3070/3070_manuals/user_UX/1INTRFSH.PDF

Intel has been a champion of the CFI (_C_ommon _F_lash _I_nterface) for
a long time now.

- mkaras

.

Quantcast