kinetis: Revise CPU un-securing code

Old version of the code had several problems, among them are:
 * Located in a generic ADI source file instead of some Kinetis
   specific location
 * Incorrect MCU detection code that would read generic ARM ID
   registers
 * Presence of SRST line was mandatory
 * There didn't seem to be any place where after SRST line assertion
   it would be de-asserted.
 * Reset was asserted after waiting for "Flash Controller Ready" bit
   to be set, which contradicts official programming guide AN4835
 * Mass erase algorithm implemented by that code was very strange:
   ** After mass erase was initiated instead of just polling for the
      state of "Mass Erase Acknowledged" bit the code would repeatedly
      initiate mass erase AND poll the state of the "Mass Erase
      Acknowledged"
   ** Instead of just polling for the state of "Flash Mass Erase in
      Progress"(bit 0 in Control register) to wait for the end of the
      mass erase operation the code would: write 0 to Control
      register, read out Status register ignoring the result and then
      read Control register again and see if it is zero.
 * dap_syssec_kinetis_mdmap assumed that previously selected(before
   it was called) AP was 0.

This commit moves all of the code to kinetis flash driver and
introduces three new commands:

o "kinetis mdm check_security" -- the intent of that function is to be used as
  'examine-end' hook for any Kinetis target that has that kind of
  JTAG/SWD security mechanism.

o "kinetis mdm mass_erase""  -- This function removes secure status from
  MCU be performing special version of flash mass erase.

o "kinetis mdm test_securing" -- Function that allows to test securing
  fucntionality. All it does is erase the page with flash security settings thus
  making MCU 'secured'.

New version of the code implements the algorithms specified in AN4835
"Production Flash Programming Best Practices for Kinetis K-
and L-series MCUs", specifically sections 4.1.1 and 4.2.1.
It also adds KL26 MCU to the list of devices for which this security
check is performed. Implementing that algorithm also allowed to simplify
mass command in kinetis driver, since we no longer need to write security
bytes. The result that the old version of mass erase code can now be
acheived using 'kinetis mdm mass_erase'

Tested on accidentally locked FRDM-KL26Z with KL26 Kinetis MCU.

Change-Id: Ic085195edfd963dda9d3d4d8acd1e40cc366b16b
Signed-off-by: Andrey Smrinov <andrew.smirnov@gmail.com>
Reviewed-on: http://openocd.zylin.com/2034
Tested-by: jenkins
Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>

1 files changed, 8 insertions, 0 deletions

diff --git a/tcl/target/kl25z_hla.cfg b/tcl/target/kl25z_hla.cfg
index 218a28d..3e561f1 100644
--- a/tcl/target/kl25z_hla.cfg
+++ b/tcl/target/kl25z_hla.cfg
@@ -24,6 +24,14 @@ hla newtap $_CHIPNAME cpu -expected-id $_CPUTAPID
 set _TARGETNAME $_CHIPNAME.cpu
 target create $_TARGETNAME hla_target -chain-position $_TARGETNAME
 
+# It is important that "kinetis mdm check_security" is called for
+# 'examine-end' event and not 'eximine-start'. Calling it in 'examine-start'
+# causes "kinetis mdm check_security" to fail the first time openocd
+# calls it when it tries to connect after the CPU has been power-cycled.
+$_CHIPNAME.cpu configure -event examine-end {
+	kinetis mdm check_security
+}
+
 $_TARGETNAME configure -work-area-phys 0x20000000 -work-area-size $_WORKAREASIZE -work-area-backup 0
 
 flash bank pflash kinetis 0x00000000 0x20000 0 4 $_TARGETNAME