How do I enable the EDITR register in an Armv8-A processor?
Information in this article applies to:
How do I enable the EDITR register in an Arm®v8-A processor?
The Armv8-A architecture defines the EDITR register. This register allows an external debugger to insert the instructions that it wants a CPU to execute by using the debug APB interface. What is the detailed sequence for enabling the EDITR register in ARMv8-A processors?
To enable the EDITR register in an ARMv8-A processor, the following pseudocode functions are introduced:
apb_write_access (write address, write data) // APB write transaction initiated by an external // debugger with write address and write data. apb_read_access (read address) // APB read transaction initiated by an external // debugger with read address.
The base addresses of the debug registers are system-dependent. This document assumes that the target CPU is CPU0 and that the base addresses for the CPU0 debug registers and Cross Trigger Interface (CTI) are as follows:
The base address of the CPU0 debug register is 0x10000.
The base address of the CPU0 CTI is 0x20000.
You can also find the offset of a specific register in the relevantTechnical Reference Manual (TRM).
The following code shows you the detailed sequence to enable the EDITR register:
// Make sure that DBGEN or SPIDEN is enabled before programming. // Halt the CPU by programming the CTI register. apb_write_access(32'h00020FB0,32'hC5ACCE55); // Program the CTI Lock Access Register to enable // memory-mapped write to the CTI register. apb_read_access(32'h00020FB4); // Check bit 1 of the CTI Lock Status. Register to // see whether the write was successful.
apb_write_access(32'h000200A0,32'h00000001); // Program CTIOUTEN0 to map input channel 0 to // output trigger 0.
apb_write_access(32'h00020000,32'h00000001); // Enable the GLBEN.
apb_write_access(32'h0002001C,32'h00000001); // Pulse channel 0 by writing 0x1 to the // Application Pulse register.
// To unlock the access to the debug register, the CPU needs to Program OSDLR_EL1 to unlock the // OS Double Lock. The default value of the OS Double Lock is 0, which indicates that the OS // Double Lock is unlocked. apb_write_access(32'h00010FB0,32'hC5ACCE55); // Program the Debug Lock Access Register to enable // memory-mapped write to the debug register.
apb_read_access(32'h00010FB4); // Read the Debug Lock Status Register to check // whether the write was successful.
apb_write_access(32'h00010300,32'h00000000); // Program the Debug Lock Access Register to enable // memory-mapped write to the debug register.
//Program the EDITR register to instructions that you want to execute. apb_write_access(32'h00010084,32'hd2a40007); // Specify the opcode d2a40007 to execute the // instruction “MOV x7, 0x20000000”.
apb_write_access(32'h00010084,32'h52878009); // Specify the opcode 52878009 to execute the // instruction “MOV w9, #0x3c00”.
Note: The instructions that can be executed in Debug state are constrained. For details, see the section Executing instructions in Debug state in the Armv8-A Architecture Reference Manual.