 |
|
| If you can't view the Datasheet, Please click here to try to view without PDF Reader . |
|
|
|
| If you can't view the Datasheet, Please click here to try to view without PDF Reader . |
|
|
| Datasheet File OCR Text: |
| rev. 4210d?can?05/06 1 features ? protocol ? can used as a physical layer ? 7 isp can identifiers ? relocatable isp can identifiers ? autobaud ? in-system programming ? read/write flash and eeprom memories ? read device id ? full-chip erase ? read/write configuration bytes ? security setting from isp command ? remote application start command ? in-application programming/self-programming ? read/write flash and eeprom memories ? read device id ? block erase ? read/write configuration bytes ? bootloader start description this document describes the can bootloader functionalities as well as the can proto- col to efficiently perform operations on the on-chip flash (eeprom) memories. additional information on the t89c51cc01 product can be found in the t89c51cc01 datasheet and the t89c51cc01 errata sheet available on the atmel web site, www.atmel.com. the bootloader software package (source code and binary) currently used for produc- tion is available from the atmel web site. bootloader revision purpose of modifications date revisions 1.0.4 and higher first release 02/12/2001 can microcontrollers t89c51cc01 can bootloader
2 t89c51cc01 can bootloader 4210d?can?05/06 functional description the t89c51cc01 bootloader facilitates in-system programming and in-application programming. in-system programming capability in-system programming allows the user to program or reprogram a microcontroller on- chip flash memory without removing it from the system and without the need of a pre- programmed application. the can bootloader can manage a communication with a host through the can net- work. it can also access and perform requested operations on the on-chip flash memory. in-application programming or self- programming capability in-application programming (iap) allows the reprogramming of a microcontroller on- chip flash memory without removing it from the system and wh ile the embedded appli- cation is running. the can bootloader contains some application programming interface routines named api routines allowing iap by using the user?s firmware. block diagram this section describes the different parts of the bootloader. figure 1 shows the on-chip bootloader and iap processes. figure 1. bootloader process description isp communication management user application can protocol communication management flash memory external host via the flash memory iap management user call on-chip 3 t89c51cc01 can bootloader 4210d?can?05/06 isp communication management the purpose of this process is to manage the communication and its protocol between the on-chip bootloader and an external device (host). the on-chip bootloader imple- ments a can protocol (see section ?protocol?, page 10). this process translates serial communication frames (can) into flash memory accesses (read, write, erase...). user call management several application program interface (api) calls are available to the application pro- gram to selectively erase and program flash pages. all calls are made through a common interface (api calls) included in the bootloader. the purpose of this process is to translate the application request into internal flash memory operations. flash memory management this process manages low level accesses to the flash memory (performs read and write accesses). bootloader configuration configuration and manufacturer information the following table lists configuration and manufacturer byte information used by the bootloader. this information can be accessed through a set of api or isp commands. mnemonic description default value bsb boot status byte ffh sbv software boot vector fch ssb software security byte ffh eb extra byte ffh canbt1 can bit timing 1 ffh canbt2 can bit timing 2 ffh canbt3 can bit timing 3 ffh nnb node number byte ffh cris can relocatable identifier segment 00h manufacturer 58h id1: family code d7h id2: product name bbh id3: product revision ffh 4 t89c51cc01 can bootloader 4210d?can?05/06 mapping and default value of hardware security byte the 4 most significant byte (msb) of the hardware byte can be read/written by soft- ware (this area is called fuse bits). the 4 (least significant byte) lsb can only be read by software and written by hardware in parallel mode (with parallel programmer devices). note: 1. u: unprogram = 1 p: program = 0 security the bootloader has software security byte (ssb) to protect itself from user access or isp access. the software security byte (ssb) protects from isp accesses. the command ?program software security bit? can only write a higher priority level. there are three levels of security: ? level 0: no_security (ffh) this is the default level. from level 0, one can write level 1 or level 2. ? level 1: write_security (feh) in this level it is impossible to write in the flash memory, bsb and sbv. the bootloader returns id_error message. from level 1, one can write only level 2. ? level 2: rd_wr_security (fch) level 2 forbids all read and write accesses to/from the flash memory. the bootloader returns id_error message. only a full chip erase command can reset the software security bits. bit position mnemonic default value description 7 x2b u to start in x1 mode 6 bljb p to map the boot area in code area between f800h-ffffh 5 reserved u 4 reserved u 3 reserved u 2lb2 p to lock the chip (see datasheet) 1lb1 u 0lb0 u level 0 level 1 level 2 flash/eeprom any access allowed read only access allowed all access not allowed fuse bit any access allowed read only access allowed all access not allowed bsb & sbv & eb any access allowed read only access allowed all access not allowed ssb any access allowed write level2 allowed read only access allowed manufacturer info read only access allowed read only access allowed all access not allowed bootloader info read only access allowed read only access allowed all access not allowed erase block allowed not allowed not allowed full chip erase allowed allowed allowed blank check allowed allowed allowed 5 t89c51cc01 can bootloader 4210d?can?05/06 software boot vector the software boot vector (sbv) forces the execution of a user bootloader starting at address [sbv]00h in the application area (fm0). the way to start this user bootloader is described in section ?boot process?. figure 2. software boot vector flip software program flip is a pc software program running under windows ? 9x/2000/xp windows nt ? and linux ? that supports all atmel flash microcontroller and can protocol communication media. several can dongles are supported by flip (for windows). this software program is available free of charge from the atmel web site. can bootloader application user bootloader [sbv]00h fm1 fm0 6 t89c51cc01 can bootloader 4210d?can?05/06 in-system programming isp allows the user to program or reprogr am a microcontroller?s on-chip flash memory through the can network without removing it from the system and wi thout the need of a pre-programmed application. this section describes how to start the can bootloader and the higher level protocols over the can. boot process the bootloader can be activated in two ways: ? hardware condition ? regular boot process hardware condition the hardware conditions (ea = 1, psen = 0) during the reset falling edge force the on-chip bootloader execution. in this way the bootloader can be carried out whatever the user flash memory content. as psen is an output port in normal operating mode (running user application or boot- loader code) after reset, it is recommended to release psen after falling edge of reset signal. the hardware conditions are sampled at reset signal falling edge, thus they can be released at any time when reset input is low. 7 t89c51cc01 can bootloader 4210d?can?05/06 figure 3. regular boot process reset bljb = 1 hardware c ondition start bootloader fcon = 00h sbv < 7fh start user bootloader start application yes no yes yes no no hardware boot process software boot process bit enboot in auxr1 register is initialized with bljb inverted enboot = 1 pc = f800h fcon = f0h enboot = 0 pc = 0000h enboot = 1 pc = f800h fcon = 00h yes no 8 t89c51cc01 can bootloader 4210d?can?05/06 physical layer the can is used to transmit information has the following configuration: ? standard frame can format 2.0a (identifier 11-bit) ? frame: data frame ? baud rate: autobaud is performed by the bootloader can controller initialization two ways are possible to initialize the can controller: ? use the software autobaud ? use the user configuration stored in the canbt1, canbt2 and canbt3 the selection between these two solutions is made with eb: ? eb = ffh: the autobaud is performed. ? eb not equal to ffh: the canbt1:2:3 are used. canbt1:3 and eb can be modified by user through a set of api or with isp commands. the figure below describes the can controller flow. figure 4. can controller initialization can controller initialization eb = ffh read canbt1 value read canbt2 value read canbt3 value canbtx = ffh x=(1,3) can error can macro initialized yes no no no yes yes configure the can controller autobaud ok set the can controller in autobaud mode yes no 9 t89c51cc01 can bootloader 4210d?can?05/06 can autobaud the following table shows the auto baud performance for a point-to-point connection in x1 mode. note: ??? indicates an impossible configuration. can autobaud limitation the can autobaud implemented in the bootloader is efficient only in point-to-point connection. because in a point-to-point connection, the transmit can message is repeated until a hardware acknowledge is done by the receiver. the bootloader can acknowledge an incoming can frame only if a configuration is found. this functionality is not guaranteed on a network with several can nodes. 8 mhz 11.059 mhz 12 mhz 16 mhz 20 mhz 22.1184 mhz 24 mhz 25 mhz 32 mhz 40 mhz 20k 100k 125k ?? 250k ? 500k 1m ??? 10 t89c51cc01 can bootloader 4210d?can?05/06 protocol generic can frame description ? identifier: identifies the frame (or message). only the standard mode (11-bit) is used. ? control: contains the dlc information (number of data in data field) 4-bit. ? data: data field consists of zero to eight bytes. the interpretation within the frame depends on the identifier field. the can protocol manages directly using hardware a checksum and an acknowledge. note: to describe the isp can protocol, we use symbolic name for identifier, but default val- ues are given. command description this protocol allows to: ? initiate the communication ? program the flash or eeprom data ? read the flash or eeprom data ? program configuration information ? read configuration and manufacturer information ? erase the flash ? start the application overview of the protocol is detailed in appendix-a. several can message identifiers are defined to manage this protocol. it is possible to allocate a new value for can isp identifiers by writing the byte cris with the base value for the group of identifier. the maximum value for cris is 7fh and the default cris value is 00h. identifier control data 11-bit 1 byte 8 bytes max identifier command effect value id_select_node open/close a communication with a node [cris]0h id_prog_start start a flash/eeprom programming [cris]1h id_prog_data data for flash/eeprom programming [cris]2h id_display_data display data [cris]3h id_write_command write in xaf, or hardware byte [cris]4h id_read_command read from xaf or hardware byte and special data [cris]5h id_error error message from bootloader only [cris]6h 11 t89c51cc01 can bootloader 4210d?can?05/06 figure 5. identifier remapping communication initialization the communication with a device (can node) must be opened prior to initiate any isp communication. to open communication with the device, the host sends a ?connecting? can message (id_select_node) with the node number (nnb) passed in parameter. if the node number passed is equal to ffh then the can bootloader accepts the com- munication (figure 6). otherwise the node number passed in parameter must be equal to the local node num- ber (figure 7). figure 6. first connection figure 7. on network connection can identifiers 000h 7ffh id_error id_read_command id_write_command id_display_data id_prog_data id_prog_start id_select_node can isp identifiers group of 7can messages used for managing can is p [cris]0h host interface board between pc and can network node 1 nnb = ffh (default value) host interface board between pc and can network node 0 node 3 node 1 node n nnb = 00h nnb = 01h nnb = 03h nnb = n 12 t89c51cc01 can bootloader 4210d?can?05/06 before opening a new communication with another device, the current device communi- cation must be closed with its connecting can message (id_select_node). request from host note: num_node is the nnb (node number byte) to which the host wants to talk to. answers from bootloader note: data[0] contains the bootloader version. if the communication is closed then all the others messages won?t be managed by bootloader. id_select_node flow description example identifier length data[0] id_select_node 1 num_node identifier length data[0] data[1] comment id_select_node 2 boot_version 00h communication close 01h communication open host bootloader id_select_node message wait select node send bootloader version read bootloader version send select node message time-out 10 ms wait select node or command aborted command finished command finished with node number in parameter id_select_node message node select = ffh node select = local node number state com = com open state com = com open state com = com closed and state of communication host id_select_node bootloader id_select_node identifier length data 01 ff 02 01 01 13 t89c51cc01 can bootloader 4210d?can?05/06 programming the flash or eeprom data the id_prog_start flow described below shows how to program data in the flash memory or in the eeprom data memory. this operation can be executed only with a device previously opened in communication. 1. the first step is to indicate which memory area (flash or eeprom data) is selected and the range address to program. 2. the second step is to transmit the data. the bootloader programs on a page of 128 bytes basis when it is possible. the host must take care of the following: ? the data to program transmitted within a can frame are in the same page. ? to transmit 8 data bytes in can message when it is possible 3. to start the programming operation, the host sends a ?start programming? can message (id_prog_start) with the area memory selected in data[0], the start address and the end address passed in parameter. requests from host notes: 1. data[0] chooses the area to program: - 00h: flash - 01h: eeprom data 2. address_start gives the start address of the programming command. 3. address_end gives the last address of the programming command. answers from bootloader the device has two possible answers: ? if the chip is protected from program access an ?error? can message is sent (see section ?error message description?, page 22). ? otherwise an acknowledge is sent. the second step of the programming operation is to send data to program. request from host to send data to program, the host sends a ?programming data? can message (id_prog_data) with up to 8 data by message and must wait for the answer of the device before sending the next data to program. identifier length data[0] data[1] data[2] data[3] data[4] id_prog_start 5 00h address_start address_end 01h identifier length id_prog_start 0 identifier length data[0] ... data[7] id_prog_data up to 8 x ... x 14 t89c51cc01 can bootloader 4210d?can?05/06 answers from bootloader the device has two possible answers: ? if the device is ready to receive new data, it sends a ?programming data? can message (id_prog_data) with the result command_new passed in parameter. ? if the device has finished the programming, it sends a ?programming data? can message (id_prog_data) with the result command_ok passed in parameter. id_prog_data flow description identifier length data[0] description id_prog_data 1 00h command ok 01h command fail 02h command new data host bootloader id_prog_start message id_error message id_prog_data message id_prog_data message column latch full all bytes received wait prog start ssb = level 0 send command_ok wait data prog wait programming all bytes received send error send command_new_data id_prog_data message send prog_start message with addresses wait error send prog_data message with 8 datas wait command_n wait command_ok wait prog start or or command aborted command finished command finished send progstart id_prog_start message 15 t89c51cc01 can bootloader 4210d?can?05/06 example reading the flash or eeprom data the id_display_data flow described below allows the user to read data in the flash memory or in the eeprom data memory. a blank check comm and on the flash mem- ory is possible with this flow. this operation can be executed only with a device previously opened in communication. to start the reading operation, the host sends a ?display data? can message (id_display_data) with the area memory selected, the start address and the end address passed in parameter. the device splits into block of 8 bytes data to transfer to the host if the number of data to display is greater than 8 data bytes. requests from host notes: 1. d ata[0] selects the area to read and the operation - 00h: display flash - 01h: blank check on the flash - 02h: display eeprom data 2. the address_start gives the start address to read. 3. the address_end gives the last address to read. answers from bootloader the device has two possible answers: ? if the chip is protected from read access an ?error? can message is sent (see section ?error message description?, page 22). ? otherwise: for a display command the device starts to send the data up to 8 by frame to the host. for a blank check command, the device sends a result ok or the first address not erased. host id_prog_start bootloader id_prog_data programming data (write 55h from 0000h to 0008h in the flash) identifier control 05 00 08 55 00 55 00 55 data 55 55 55 55 00 55 host id_prog_data 01 02 bootloader id_prog_data 01 55 host id_prog_data 01 00 host id_prog_start programming data (write 55h from 0000h to 0008h in the flash)with ssb in write security identifier control 04 00 00 00 data 08 bootloader id_error 01 00 // command_new_data // command_ok // error_security bootloader id_prog_start 00 08 identifier length data[0] data[1] data[2] data[3] data[4] id_display_data 5 00h address_start address_end 01h 02h 16 t89c51cc01 can bootloader 4210d?can?05/06 answer to a read command: answer to a blank check command: flow description identifier length data[n] id_display_data n x identifier length data[0] data[1] description id_display_data 0 - - blank check ok 2 address_start host bootloader id_display_data message id_error message id_display_data message blank command wait display data ssb = level 2 send command_ok read data all data read send error send data read send display_data message with addresses or blank check wait error wait command_ok wait data display or or command aborted command finished nb max by frame all data read verify memory blank check command finished send command_ok id_display_data message id_display_data message wait command_ok command finished or all data read command finished 17 t89c51cc01 can bootloader 4210d?can?05/06 id_display_data example programming configuration information the id_write_command flow described below allows the user to program configu- ration information regarding the bootloader functionality. this operation can be executed only with a device previously opened in communication. the configuration information can be divided in two groups: ? boot process configuration: ? bsb ? sbv ? fuse bits (bljb and x2 bits) (see section ?mapping and default value of hardware security byte?, page 4) ? can protocol configuration: ? btc_1, btc_2, btc_3 ? ssb ?eb ? nnb ? cris note: the can protocol configuration bytes are taken into account only after the next reset. to start the programming operation, the host sends a ?write? can message (id_write_command) with the area selected, the value passed in parameter. take care that the program fuse bit command programs the 4 fuse bits at the same time. host id_display_data bootloader id_display_data display data (from 0000h to 0008h) identifier control 05 00 08 55 00 55 00 55 data 55 55 55 55 00 55 host id_display_data bootloader id_display_data blank check identifier control 05 01 00 00 00 data 00 08 08 // command ok bootloader id_display_data 01 55 18 t89c51cc01 can bootloader 4210d?can?05/06 requests from host answers from bootloader the device has two possible answers: ? if the chip is protected from program access an ?error? can message is sent (see section ?error message description?, page 22). ? otherwise an acknowledge ?command ok? is sent. id_write_command flow description identifier length data[0] data[1] data[2] description id_write_command 301h 00h value write value in bsb 01h write value in sbv 05h write value in ssb 06h write value in eb 1ch write value in btc_1 1dh write value in btc_2 1eh write value in btc_3 1fh write value in nnb 20h write value in cris 3 02h 00h value write value in fuse bits identifier length data[0] description id_write_command 1 00h command ok host bootloader id_write_command message id_error message wait write_command no_security send command_ok write data send error_security send write_command wait error_security wait command_ok or command aborted command finished id_write_command message command finished 19 t89c51cc01 can bootloader 4210d?can?05/06 example reading configuration information or manufacturer information the id_read_command flow described below allows the user to read the configura- tion or manufacturer information. this operation can be executed only with a device previously opened in communication. to start the reading operation, the host sends a ?read command? can message (id_read_command) with the information selected passed in data field. requests from host 00 host id_write_command bootloader id_write_command write bsb at 88h identifier control 03 01 01 00 88 data // command_ok 00 host id_write_command bootloader id_write_command write fuse bit at fxh identifier control 02 02 01 f0 data // command_ok identifier length data[0] data[1] description id_read_command 200h 00h read bootloader version 01h read device id1 02h read device id2 201h 00h read bsb 01h read sbv 05h read ssb 06h read eb 1ch read btc_1 1dh read btc_2 1eh read btc_3 1fh read nnb 20h read cris 30h read manufacturer code 31h read family code 60h read product name 61h read product revision 2 02h 00h read hsb (fuse bits) 20 t89c51cc01 can bootloader 4210d?can?05/06 answers from bootloader the device has two possible answers: ? if the chip is protected from read access an ?error? can message is sent (see section ?error message description?). ? otherwise: the device answers with a read answer can message (id_read_command). flow description example identifier length data[n] id_read_command 1 value host bootloader id_read_command message id_error message wait read_com send data read read data send error_security send read_com message wait error_security wait value of data or command aborted command finished id_read_command message command finished rd_wr_security host id_read_command bootloader id_read_command read bootloader version identifier control 02 00 01 f5 00 data host id_read_command bootloader id_read_command read sbv identifier control 02 01 01 01 data // sbv = f5h 55 // bootloader version 55h f0 host id_read_command bootloader id_read_command read fuse bit identifier control 01 02 01 data // fuse bit = f0h 21 t89c51cc01 can bootloader 4210d?can?05/06 erasing the flash the id_write_command flow described below allows the user to erase the flash memory. this operation can be executed only with a device previously opened in communication. two modes of flash erasing are possible: ? full chip erase ? block erase the full chip erase command erases the whole flash (32 kbytes) and sets some con- figuration bytes to their default values: ? bsb = ffh ? sbv = ffh ? ssb = ffh (no_security) the block erase command erases only a part of the flash. three blocks are defined in the t89c51cc01: ? block0 (from 0000h to 1fffh) ? block1 (from 2000h to 3fffh) ? block2 (from 4000h to 7fffh) to start the erasing operation, the host sends a ?write? can message (id_write_command). requests from host answers from bootloader as the program configuration information flows, the erase block command has two pos- sible answers: ? if the chip is protected from program access an ?error? can message is sent (see section ?error message description?, page 22). ? otherwise an acknowledge is sent. the full chip erase is always executed whatever the software security byte value is. on a full chip erase command an acknowledge ?command ok? is sent. identifier length data[0] data[1] description id_write_command 2 00h 00h erase block0 (0k to 8k) 20h erase block1 (8k to 16k) 40h erase block2 (16k to 32k) ffh full chip erase identifier length data[0] description id_write_command 1 00h command ok 22 t89c51cc01 can bootloader 4210d?can?05/06 example starting the application the id_write_command flow described below allows to start the application directly from the bootloader upon a specific command reception. this operation can be executed only with a device previously opened in communication. two options are possible: ? start the application with a reset pulse generation (using watchdog). when the device receives this command, the watchdog is enabled and the bootloader enters a waiting loop until the watchdog resets the device. take care that if an external reset chip is used, the reset pulse in output may be wrong and in this case the reset sequence is not correctly executed. ? start the application without reset a jump at the address 0000h is used to start the application without reset. to start the application, the host sends a ?start application? can message (id_write_command) with the corresponding option passed in parameter. requests from host answer from bootloader no answer is returned by the device. example error message description the error message is implemented to report when an action required is not possible. ? at the moment only the security error is implemented and only the device can answer this kind of can message (id_error). host id_write_command bootloader id_write_command full chip erase identifier control 02 00 01 ff data 00 // command_ok identifier length data[0] data[1] data[2] data[3] description id_write_command 2 03h 00h - - start application with a reset pulse generation 4 01h address start application with a jump at ?address? host id_write_command bootloader start application identifier control 04 03 01 00 00 data no answer identifier length data[0] description id_error 1 00h software security error 23 t89c51cc01 can bootloader 4210d?can?05/06 in-application programming/self- programming the iap allows to reprogram a microcontroller on-chip flash memory without removing it from the system and while the embedded application is running. the user application can call application programming interface (api) routines allowing iap. these api are executed by the bootloader. to call the corresponding api, the user must use a set of flash_api routines which can be linked with the application. example of flash_api routines are available on the atmel web site on the software appli- cation note: c flash drivers for the t89c51cc01ca for keil compilers the flash_api routines on the package work only with the can bootloader. the flash_api routines are listed in appendix-b. api call process the application selects an api by setting the 4 variables available when the flash_api library is linked to the application. these four variables are located in ram at fixed address: ? api_command: 1ch ? api_value: 1dh ? api_dph: 1eh ? api_dpl: 1fh all calls are made through a common interface ?user_call? at the address ffc0h. the jump at the user_call must be done by lcall instruction to be able to come- back in the application. before jump at the user_call, the bit enboot in auxr1 register must be set. constraints the interrupts are not disabled by the bootloader. interrupts must be disabled by user prior to jump to the user_call, then re-enabled when returning. interrupts must also be disabled before accessing eeprom data then re-enabled after. the user must take care of hardware watchdog before launching a flash operation. for more information regarding the flash writing time see the t89c51cc01 datasheet. 24 t89c51cc01 can bootloader 4210d?can?05/06 api commands several types of apis are available: ? read/program flash and eeprom data memory ? read configuration and manufacturer information ? program configuration information ?erase flash ? start bootloader read/program flash and eeprom data memory all routines to access eeprom data are ma naged directly from the application without using bootloader resources. the bootloader is not used to read the flash memory. for more details on these routines see the t89c51cc01 datasheet sections ?pro- gram/code memory? and ?eeprom data memory? two routines are available to program the flash: ? __api_wr_code_byte ? __api_wr_code_page ? the application program loads the column latches of the flash then calls the __api_wr_code_byte or __api_wr_code_page see datasheet in section ?program/code memory . ? parameter settings ? instruction: lcall ffc0h. note: no special resources are used by the bootloader during this operation. read configuration and manufacturer information ? parameter settings api name api_command api_dph api_dpl api_value __api_wr_code_byte __api_wr_code_page 0dh - - - api name api_command api_dph api_dpl api_value __api_rd_hsb 08h - 00h return hsb __api_rd_bsb 05h - 00h return bsb __api_rd_sbv 05h - 01h return sbv __api_rd_ssb 05h - 05h return ssb __api_rd_eb 05h - 06h return eb __api_rd_canbtc1 05h - 1ch return canbtc1 __api_rd_canbtc2 05h - 1dh return canbtc2 __api_rd_canbtc3 05h - 1eh return canbtc3 __api_rd_nnb 05h - 1fh return nnb __api_rd_cris 05h - 20h return cris __api_rd_manufacturer 05h - 30h return manufacturer id __api_rd_device_id1 05h - 31h return id1 25 t89c51cc01 can bootloader 4210d?can?05/06 ? instruction: lcall ffc0h. ? at the complete api execution by the bootloader, the value to read is in the api_value variable. note: no special resources are used by the bootloader during this operation. program configuration information ? parameter settings ? instruction: lcall ffc0h. note: 1. see in the t89c51cc01 datasheet the time required for a write operation. 2. no special resources are used by the bootloader during these operations. erasing the flash the t89c51cc01 flash memory is divided in three blocks of 8k bytes: block 0: from address 0000h to 1fffh block 1: from address 2000h to 3fffh block 2: from address 4000h to 7fffh these three blocks contain 128 pages. ? parameter settings __api_rd_device_id2 05h - 60h return id2 __api_rd_device_id3 05h - 61h return id3 __api_rd_bootloader_version 0eh - 00h return value api name api_command api_dph api_dpl api_value api name api_command api_dph api_dpl api_value __api_clr_bljb 07h - - (hsb & bfh) | 40h __api_set_bljb 07h - - hsb & bfh __api_clr_x2 07h - - (hsb & 7fh) | 80h __api_set_x2 07h - - hsb & 7fh __api_wr_bsb 04h - 00h value to write __api_wr_sbv 04h - 01h value to write __api_wr_ssb 04h - 05h value to write __api_wr_eb 04h - 06h value to write __api_wr_canbtc1 04h - 1ch value to write __api_wr_canbtc2 04h - 1dh value to write __api_wr_canbtc3 04h - 1eh value to write __api_wr_nnb 04h - 1fh value to write __api_wr_cris 04h - 20h value to write api name api_command api_dph api_dpl api_value __api_erase_block0 00h 00h - - 26 t89c51cc01 can bootloader 4210d?can?05/06 ? instruction: lcall ffc0h. note: 1. see the t89c51cc01 datasheet for the time required for a write operation and this time must be multiplied by the number of pages. 2. no special resources are used by the bootloader during these operations. starting the bootloader there are two start bootloader routines possible: 1. this routine allows to start at the beginning of the bootloader or after a reset. after calling this routine the regular boot process is performed and the communi- cation must be opened before any action. ? no special parameter setting ? set bit enboot in auxr1 register ? instruction: ljump or lcall at address f800h 2. this routine allows to start the bootloader with the can bit configuration of the application and start with the state "communication open". that means the boot- loader will return the message ?id_select_node? with the field com port open. ? no special parameter setting ? set bit enboot in auxr1 register ? instruction: ljump or lcall at address ff00h __api_erase_block1 00h 20h - __api_erase_block2 00h 40h - api name api_command api_dph api_dpl api_value 27 t89c51cc01 can bootloader 4210d?can?05/06 appendix-a table 1. summary of frames from host identifier length data[0] data[1] data[2] data[3] data[4] description id_select_node (cris:0h) 1 num node - - - - open/close communication id_prog_start (cris:1h) 5 00h start_address end_address init flash programming 01h init eeprom programming id_prog_data (cris:2h) n data[0:8] data to program id_display_data (cris:3h) 5 00h start_address end_address display flash data 01h blank check in flash 02h display eeprom data id_write_command (cris:4h) 200h 00h - - - erase block0 (0k to 8k) 20h - - - erase block1 (8k to 16k) 40h - - - erase block2 (16k to 32k) ffh - - - full-chip erase 301h 00h value - - write value in bsb 01h - - write value in sbv 05h - - write value in ssb 06h - - write value in eb 1ch - - write btc_1 1dh - - write btc_2 1eh - - write btc_3 1fh - - write nnb 20h - - write cris 3 02h 00h value - - write value in fuse (hsb) 2 03h 00h - - - start application with hardware reset 4 01h address - start application by ljmp address 28 t89c51cc01 can bootloader 4210d?can?05/06 id_read_command (cris:5h) 200h 00h - - - read bootloader version 01h - - - read device id1 02h - - - read device id2 201h 00h - - - read bsb 01h - - - read sbv 05h - - - read ssb 06h - - - read eb 30h - - - read manufacturer code 31h - - - read family code 60h - - - read product name 61h - - - read product revision 1ch - - - read btc_1 1dh - - - read btc_2 1eh - - - read btc_3 1fh - - - read nnb 20h - - - read cris 2 02h 00h - - - read hsb table 1. summary of frames from host (continued) identifier length data[0] data[1] data[2] data[3] data[4] description table 2. summary of frames from target (bootloader) identifier length data[0] data[1] data[2] data[3] data[4] description id_select_node (cris:0h) 2 boot version 00h - - - communication close 01h - - - communication open id_prog_start (cirs:1h) 0----- command ok id_prog_data (cris:2h) 1 00h - - - - command ok 01h - - - - command fail 02h - - - - command new data id_display_data (cris:3h) n n data (n = 0 to 8) data read 0 - - - - - blank check ok 2 first address not blank - - - blank check fail id_write_command (cirs:4h) 1 00h - - - - command ok id_read_command (cris:5h) 1 value - - - read value 29 t89c51cc01 can bootloader 4210d?can?05/06 id_error (cris:6h) 1 00h - - - - software security error table 2. summary of frames from target (bootloader) (continued) identifier length data[0] data[1] data[2] data[3] data[4] description 30 t89c51cc01 can bootloader 4210d?can?05/06 appendix-b table 3. api summary function name bootloader execution api_command api_dph api_dpl api_value __api_rd_code_byte no __api_wr_code_byte yes 0dh - - - __api_wr_code_page yes 0dh - - - __api_erase block0 yes 00h 00h - - __api_erase block1 yes 00h 20h - - __api_erase block2 yes 00h 40h - - __api_rd_hsb yes 08h - 00h return value __api_clr_bljb yes 07h - - (hsb & bfh) | 40h __api_set_bljb yes 07h - - hsb & bfh __api_clr_x2 yes 07h - - (hsb & 7fh) | 80h __api_set_x2 yes 07h - - hsb & 7fh __api_rd_bsb yes 05h - 00h return value __api_wr_bsb yes 04h - 00h value __api_rd_sbv yes 05h - 01h return value __api_wr_sbv yes 04h - 01h value __api_erase_sbv yes 04h - 01h ffh __api_rd_ssb yes 05h - 05h return value __api_wr_ssb yes 04h - 05h value __api_rd_eb yes 05h - 06h return value __api_wr_eb yes 04h - 06h value __api_rd_canbtc1 yes 05h - 1ch return value __api_wr_canbtc1 yes 04h - 1ch value __api_rd_canbtc2 yes 05h - 1dh return value __api_wr_canbtc2 yes 04h - 1dh value __api_rd_canbtc3 yes 05h - 1eh return value __api_wr_canbtc3 yes 04h - 1eh value __api_rd_nnb yes 05h - 1fh return value __api_wr_nnb yes 04h - 1fh value __api_rd_cris yes 05h - 20h return value __api_wr_cris yes 04h - 20h value __api_rd_manufacturer yes 05h - 30h return value __api_rd_device_id1 yes 05h - 31h return value 31 t89c51cc01 can bootloader 4210d?can?05/06 document revision history changes from 4210c - 12/03 to 4210d - 05/06 1. changes to full chip erase command. __api_rd_device_id2 yes 05h - 60h return value __api_rd_device_id3 yes 05h - 61h return value __api_rd_bootloader_version yes 0eh - 00h return value __api_eeprom_busy no - - - - __api_rd_eeprom_byte no - - - - __api_wr_eeprom_byte no - - - - __api_start_bootloader no - - - - __api_start_isp no - - - - table 3. api summary (continued) function name bootloader execution api_command api_dph api_dpl api_value printed on recycled paper. atmel corporation 2003. all rights reserved. atmel, the atmel logo, and combinations thereof are registered trademarks of atmel corporation or its subsidiaries. other terms and product names in this document may be the trademarks of others. windows ? is a registered trademark of microsoft corporation. linux ? is a registered trademark of linus torvalds. ? atmel corporation 2003. atmel corporation makes no warranty for the use of its products, other than those expressly contained in the company?s standard warranty which is detailed in atmel?s terms and conditions located on the company?s web site. the company assumes no responsibility for any errors which may appear in this document, reserves the right to change devices or specifications detailed herein at any time without n otice, and does not make any commitment to update the information contained herein. no licenses to patents or other intellectual property of at mel are granted by the company in connection with the sale of atmel products, expressly or by implication. atmel?s products are not authorized for use as critical components in life support devices or systems. atmel headquarters atmel operations corporate headquarters 2325 orchard parkway san jose, ca 95131 tel 1(408) 441-0311 fax 1(408) 487-2600 europe atmel sarl route des arsenaux 41 case postale 80 ch-1705 fribourg switzerland tel (41) 26-426-5555 fax (41) 26-426-5500 asia room 1219 chinachem golden plaza 77 mody road tsimhatsui east kowloon hong kong tel (852) 2721-9778 fax (852) 2722-1369 japan 9f, tonetsu shinkawa bldg. 1-24-8 shinkawa chuo-ku, tokyo 104-0033 japan tel (81) 3-3523-3551 fax (81) 3-3523-7581 memory 2325 orchard parkway san jose, ca 95131 tel 1(408) 441-0311 fax 1(408) 436-4314 microcontrollers 2325 orchard parkway san jose, ca 95131 tel 1(408) 441-0311 fax 1(408) 436-4314 la chantrerie bp 70602 44306 nantes cedex 3, france tel (33) 2-40-18-18-18 fax (33) 2-40-18-19-60 asic/assp/smart cards zone industrielle 13106 rousset cedex, france tel (33) 4-42-53-60-00 fax (33) 4-42-53-60-01 1150 east cheyenne mtn. blvd. colorado springs, co 80906 tel 1(719) 576-3300 fax 1(719) 540-1759 scottish enterprise technology park maxwell building east kilbride g75 0qr, scotland tel (44) 1355-803-000 fax (44) 1355-242-743 rf/automotive theresienstrasse 2 postfach 3535 74025 heilbronn, germany tel (49) 71-31-67-0 fax (49) 71-31-67-2340 1150 east cheyenne mtn. blvd. colorado springs, co 80906 tel 1(719) 576-3300 fax 1(719) 540-1759 biometrics/imaging/hi-rel mpu/ high speed converters/rf data- com avenue de rochepleine bp 123 38521 saint-egreve cedex, france tel (33) 4-76-58-30-00 fax (33) 4-76-58-34-80 e-mail literature@atmel.com web site http://www.atmel.com 4210d?can?05/06 /xm |
Price & Availability of T89C51CC0106
 |
|
|
|
|
All Rights Reserved © IC-ON-LINE 2003 - 2022 |
| [Add Bookmark] [Contact Us] [Link exchange] [Privacy policy] |
|
Mirror Sites : [www.datasheet.hk]
[www.maxim4u.com] [www.ic-on-line.cn]
[www.ic-on-line.com] [www.ic-on-line.net]
[www.alldatasheet.com.cn]
[www.gdcy.com]
[www.gdcy.net] |