Sunrise 博客
0%

TI-CC2640R2-LaunchPad开发指南

发表于 更新于

硬件简介

硬件架构

  • CC2640R2F器件是一款无线微控制器(MCU),主要适用于Bluetooth® 4.2Bluetooth 5低功耗 应用.cc2640r2f数据手册.
    cc2640r2f_arch_block-diagram.jpeg
  • 下面笔记是参照simplelink_cc2640r2_sdk_1_50_00_58/docs/blestack/ble_user_guide文档,验证总结的.建议有问题查看官方SDK各种文档.

BLE软件架构

  • CC2640R2F蓝牙软件环境包含两个部分:APP应用程序,蓝牙协议栈.应用程序中包含TI RTOS内核,驱动,蓝牙Profie三部.它们两部分之间消息通信是通过ICall来实现.
  • 蓝牙栈的SDK中有是exe的安装包,如果是Linux系统需要从exe里复制出来使用,也可以使用WineHQ来安装本用户目录下.
    cc2640r2f_app_icall_stack.jpeg

开箱测试

蓝牙主机测试(Host_test)

  • Academy教程是在simplelink_academy_cc2640r2sdk_3_40_02_00/modules/projects/ble_hosttest/information.html

导入工程

  • 从本地simplelink_cc2640r2_sdk_3_40_00_10SDK里的examples导入工程examples/rtos/CC2640R2_LAUNCHXL/blestack/host_test/tirtos/host_test_cc2640r2lp_app,导入成功后.
  • 会看到两个工程host_test_cc2640r2lp_apphost_test_cc2640r2lp_stack_library,这个_app工程是要依赖_stack_library工程,所以只编译与Debug这个_app工程时,它会先去调动编译_stack_library工程,该工程会生成一个库文件_stack_library/FlashROM_Library/host_test_cc2640r2lp_stack_library.lib去给到_app工程链接的,这里不像是之前的版本把stack编译成独立的hexbin文件,而是做为一个库去给app链接调用.

编译工程

  • 编译工程,如果想知道IDE在编译工程时的细节,可以这样操作,把Window-->Preferences-->Build-->Console verbosity level选择Verbose.
  • 下面是_app工程的编译与链接以及最终生成hex文件的细节.注意${SDK_DIR}${CCS_DIR},${WORKSPACE}是替换过的实际绝对路径的变量.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
[...]
Finished building: "${SDK_DIR}/simplelink_cc2640r2_sdk_3_40_00_10/source/ti/blestack/icall/app/icall_hci_tl.c"

Building target: "host_test_cc2640r2lp_app.out"
Invoking: ARM Linker
"${CCS_DIR}/ccs/tools/compiler/ti-cgt-arm_18.12.3.LTS/bin/armcl"
--cmd_file="${SDK_DIR}/simplelink_cc2640r2_sdk_3_40_00_10/source/ti/blestack/config/build_components.opt"
--cmd_file="${SDK_DIR}/simplelink_cc2640r2_sdk_3_40_00_10/source/ti/blestack/config/factory_config.opt"
--cmd_file="${WORKSPACE}/host_test_cc2640r2lp_stack_library/TOOLS/build_config.opt"
-mv7M3 --code_state=16 -me -O4 --opt_for_speed=0 --define=DeviceFamily_CC26X0R2
--define=Display_DISABLE_ALL --define=CC2640R2_LAUNCHXL --define=CC26XX --define=CC26XX_R2 --define=ICALL_EVENTS
--define=ICALL_JT --define=ICALL_LITE --define=ICALL_MAX_NUM_ENTITIES=6 --define=ICALL_MAX_NUM_TASKS=3
--define=ICALL_STACK0_ADDR --define=MAX_NUM_BLE_CONNS=1 --define=MAX_PDU_SIZE=255 --define=NPI_USE_UART --define=xNPI_USE_SPI
--define=NPI_SPI_CONFIG=Board_SPI0 --define=xPOWER_SAVING --define=STACK_LIBRARY --define=USE_ICALL --define=xdc_runtime_Assert_DISABLE_ALL --define=xdc_runtime_Log_DISABLE_ALL -g --c99 --gcc --diag_warning=225 --diag_wrap=off
--display_error_number --gen_func_subsections=on --abi=eabi -z -m"host_test_cc2640r2lp_app.map" --heap_size=0 --stack_size=256
-i"${CCS_DIR}/ccs/tools/compiler/ti-cgt-arm_18.12.3.LTS/lib" -i"${CCS_DIR}/ccs/tools/compiler/ti-cgt-arm_18.12.3.LTS/include"
--reread_libs --define=CC26X0ROM=2 --diag_suppress=16002-D --diag_suppress=10247-D --diag_suppress=10325-D --diag_suppress=10229-D
--diag_suppress=16032-D --diag_wrap=off --display_error_number --warn_sections
--xml_link_info="host_test_cc2640r2lp_app_linkInfo.xml"
--rom_model -o "host_test_cc2640r2lp_app.out" "./Application/host_test_app.obj" "./Application/util.obj" "./Drivers/ECC/ECCROMCC26XX.obj" "./Drivers/RF/RFCC26XX_singleMode.obj" "./Drivers/TRNG/TRNGCC26XX.obj" "./ICall/icall.obj" "./ICall/icall_cc2650.obj" "./ICall/icall_user_config.obj" "./ICallBLE/ble_user_config.obj" "./ICallBLE/icall_api_lite.obj" "./ICallBLE/icall_hci_tl.obj"
"./NPI/Transport/SPI/npi_tl_spi.obj" "./NPI/Transport/UART/npi_tl_uart.obj" "./NPI/Transport/npi_tl.obj" "./NPI/npi_frame_hci.obj" "./NPI/npi_rxbuf.obj" "./NPI/npi_task.obj" "./PROFILES/devinfoservice.obj" "./PROFILES/gatt_uuid.obj" "./PROFILES/gattservapp_util.obj" "./PROFILES/peripheral.obj" "./PROFILES/simple_gatt_profile.obj" "./Startup/board.obj" "./Startup/ccfg_app_ble.obj" "./Startup/main.obj"
-l"configPkg/linker.cmd" -l"${SDK_DIR}/simplelink_cc2640r2_sdk_3_40_00_10/source/ti/devices/cc26x0r2/driverlib/bin/ccs/driverlib.lib"
-l"${SDK_DIR}/simplelink_cc2640r2_sdk_3_40_00_10/kernel/tirtos/packages/ti/dpl/lib/dpl_cc26x0r2.aem3"
-l"${SDK_DIR}/simplelink_cc2640r2_sdk_3_40_00_10/source/ti/drivers/lib/drivers_cc26x0r2.aem3"
-l"${SDK_DIR}/simplelink_cc2640r2_sdk_3_40_00_10/source/ti/display/lib/display.aem3"
-l"${SDK_DIR}/simplelink_cc2640r2_sdk_3_40_00_10/source/ti/grlib/lib/ccs/m3/grlib.a"
-l"${WORKSPACE}/host_test_cc2640r2lp_stack_library/FlashROM_Library/ble_r2.symbols"
-l"${WORKSPACE}/host_test_cc2640r2lp_stack_library/FlashROM_Library/lib_linker.cmd"
-l"${WORKSPACE}/host_test_cc2640r2lp_stack_library/FlashROM_Library/host_test_cc2640r2lp_stack_library.lib"
-l"${SDK_DIR}/simplelink_cc2640r2_sdk_3_40_00_10/source/ti/blestack/common/cc26xx/ccs/cc26xx_app.cmd" -llibc.a
<Linking>
Finished building target: "host_test_cc2640r2lp_app.out"

${CCS_DIR}/ccs/tools/compiler/ti-cgt-arm_18.12.3.LTS/bin/armhex -order MS --memwidth=8 --romwidth=8 --intel
-o host_test_cc2640r2lp_app.hex host_test_cc2640r2lp_app.out
Translating to Intel format...
   "host_test_cc2640r2lp_app.out" .resetVecs ==> .resetVecs
[...]
  • 连接TI-CC2640R2-LaunchPad板子,查看板子上的XDS110串号.
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    ~$ ti/ccs920/ccs/ccs_base/common/uscif/xds110/xdsdfu -e

    USB Device Firmware Upgrade Utility
    Copyright (c) 2008-2019 Texas Instruments Incorporated.  All rights reserved.
    Scanning USB buses for supported XDS110 devices...
    <<<< Device 0 >>>>

    VID: 0x0451    PID: 0xbef3
    Device Name:   XDS110 Embed with CMSIS-DAP
    Version:       3.0.0.11
    Manufacturer:  Texas Instruments
    Serial Num:    L50012VN
    Mode:          Runtime
    Configuration: Standard

    Found 1 device.
  • 修改host_test_cc2640r2lp_app工程文件的targetConfigs/CC2640R2F.ccxml,打开后会显示Basic界面如下图:
    cc2640_debugger_connection
    cc2640_debugger_connection_serial
  • 把串号L50012VN写入上图的Enter the serial number栏中,并保存.现在可以调试或加载host_test_cc2640r2lp_app工程到TI-CC2640R2-LaunchPad板子.

BTool测试

  • BTool是一个PC工具,可以单独下载,SimpleLink SDK里带有最新版本,它在${SIMPLELINK_CORE_SDK_INSTALL_DIR}/simplelink_cc2640r2_sdk_1_50_00_58/tools/blestack/btool.

  • 它的使用说明在${SIMPLELINK_CORE_SDK_INSTALL_DIR}/simplelink_cc2640r2_sdk_3_40_00_10/docs/ble5stack/btool_user_guide/BTool_Users_Guide/index.html.

  • 在Linux下使用btool.exe需要安装mono支持.

    1
    2
    3
    ~$ sudo apt-get install mono -y
    ~$ cd simplelink_cc2640r2_sdk_1_50_00_58/tools/blestack/
    ~$ mono btool.exe

  • Serial Bootloader (SBL)串口启动,Over-the-Air Download(OAD)空中下载.

Bootloader

  • 参照官方文档《CC13x0, CC26x0 SimpleLinkTM Wireless MCU Technical Reference Manual.pdf》第8章描述,swcu117h.pdf,ROM bootlaoder主要功能是为了下载固件的,也可以通过它读取固件.安全起见可以关闭Bootloader功能,也可以设置”后门(8.1.2 Bootloader Backdoor)”.与bootloader的通信接口可以是2-pin UARTSSI.

反向工程

dump ROM

  • 删除flash内存
1
2
3
4
5
6
7
8
9
10
11
12
13
 ti/uniflash_7.1.0$ ./dslite.sh --mode cc13xx-cc26xx-mass-erase -d XDS110
Executing the following command:
> /fullpath/ti/uniflash_7.1.0/deskdb/content/TICloudAgent/linux/ccs_base/DebugServer/bin/DSLite cc13xx-cc26xx-mass-erase -d XDS110

For more details and examples, please refer to the UniFlash Quick Start guide.

Cortex_M3_0: GEL Output: Memory Map Initialization Complete.
Performing Device Unlock via Mass Erase...
Cortex_M3_0: MassErase(): Initializing.
Cortex_M3_0: MassErase(): Issuing Board Reset.
Cortex_M3_0: MassErase(): Mass erase complete.
Device Unlocked

安装GHIDRA

1
2
3
~$ export JAVA_HOME=~/IDE_DIR/jdk-11.0.14.1+1/
~$ export PATH=$JAVA_HOME/bin:$PATH
~$ sdk install gradle 7.4.1
1
2
3
~$ git clone https://github.com/NationalSecurityAgency/ghidra.git
~$ cd ghidra
~$ gradle -I gradle/support/fetchDependencies.gradle init

安装SVD插件

  • 克隆https://github.com/leveldown-security/SVD-Loader-Ghidra$USER_HOME/ghidra_scripts目录下。或者放到安装目录的$GHIDRA_HOME/Ghidra/Features目录下都可以。或者打开Windows-> Script Manager -> Manage Script directories的菜单项,靠近右上角关闭按钮的位置。打开脚本扫描路径的列表,添加一个目录路径,选择SVD-Loader-Ghidra所在位置,再刷新所有的脚本列表. 就会在左边栏里,多了一行leveldown security的目录。

设备配置

厂家配置 Factory Configuration(FCFG)

用户配置 Customer Configuration(CCFG)

  • CCFG片区是在FLASH的尾部(0x1fff=128*1024)它是用来设置硬件功能的,而且是与驱动程序版本是相关联的,CCFG的修改必需与相应驱动程序一致.具体详情可以查看SDK里的示例工程源码.
  • 如:simplelink_cc2640r2_sdk_3_40_00_10/examples/rtos/CC2640R2_LAUNCHXL/ble5stack/host_test/src/ccfg_app_blc.c.它是包含一个设备启动文件simplelink_cc2640r2_sdk_3_40_00_10/source/ti/devices/cc26x0r2/startup_files/ccfg.c.
  • 看文件内的描述,是通过宏把这些定义位(bit)值拼接成字节,再附加到FLASH的尾端,官方建议如果要修改参数,肯定是不要去改动原SDK内的文件,可以自定义一个文件如<customer_ccfg.c>:覆盖原来的参数值如:
1
2
3
4
#define SET_CCFG_BL_CONFIG_BOOTLOADER_ENABLE  0xC5 // Enable ROM boot loader
#define SET_CCFG_MODE_CONF_SCLK_LF_OPTION     0x3  // LF RCOSC
//---- Use default values for all others ----
#include "<project-path>/source/ti/devices/<device>/startup_files/ccfg.c"

OAD下载

进度

CC1352R1

谢谢支持

  • 微信二维码: