assert: Use printf_sync() to ensure printing of assert / panic

Change-Id: Icc202e60445d9be1cdcd61176db5ed1704d583e7

.gitignore

@@ -18,6 +18,8 @@ tags
 *.bin
 *.p
 host/simtrace2-list
-host/simtrace2-remsim
-host/simtrace2-remsim-usb2udp
+host/simtrace2-cardem-pcsc
+host/contrib/simtrace2.spec
 usb_strings_generated.h
+firmware/usbstring/usbstring
+firmware/apps/*/usb_strings.txt.patched

Makefile

@@ -17,10 +17,15 @@ fw-clean: fw-simtrace-dfu-clean fw-simtrace-trace-clean fw-simtrace-cardem-clean
 fw: fw-simtrace-dfu fw-simtrace-trace fw-simtrace-cardem fw-qmod-dfu fw-qmod-cardem
 
 utils:
-	make -C host
+	(cd host && \
+	 autoreconf -fi && \
+	 ./configure --prefix=/usr --disable-werror && \
+	 make)
 
 clean: fw-clean
-	make -C host clean
+	if [ -e host/Makefile ]; then \
+		make -C host clean; \
+	fi
 
 install:
 	make -C firmware install

README.md

@@ -5,9 +5,6 @@ This is the repository for the next-generation SIMtrace devices,
 providing abilities to trace the communication between (U)SIM card and
 phone, remote (U)SIM card forward, (U)SIM man-in-the-middle, and more.
 
-This is under heavy development, and right now it is not surprising if
-things still break on a daily basis.
-
 NOTE: Nothing in this repository applies to the SIMtrace v1.x hardware
 or its associated firmware.  SIMtrace v1.x is based on a different CPU /
 microcontroller architecture and uses a completely different software
@@ -16,12 +13,6 @@ stack and host software.
 Supported Hardware
 ------------------
 
-At this point, the primary development target is still the OWHW + sysmoQMOD
-device, but we expect to add support for a SAM3 based SIMtrace hardware
-board soon.
-
-The goal is to support the following devices:
-
 * Osmocom SIMtrace 1.x with SAM3 controller
 ** this is open hardware and schematics / PCB design is published
 * sysmocom sysmoQMOD (with 4 Modems,  4 SIM slots and 2 SAM3)
@@ -37,3 +28,11 @@ This repository contains several directory
 * firmware - the firmware to run on the actual devices
 * hardware - some information related to the hardware
 * host - Programs to use on the USB host to interface with the hardware
+
+
+The host software includes
+
+* libosmo-simtrace2 - a shared library to talk to devices running the simtrace2 firmware
+* simtrace2-list - list any USB-attached devices running simtrace2 firmware
+* simtrace2-sniff - interface the 'trace' firmware to obtain card protocol traces
+* simtrace2-cardem-pcsc - interface the 'cardem' fimrware to use a SIM in a PC/SC reader

TODO-RELEASE

@@ -0,0 +1,10 @@
+# When cleaning up this file: bump API version in corresponding Makefile.am and rename corresponding debian/lib*.install
+# according to https://osmocom.org/projects/cellular-infrastructure/wiki/Make_a_new_release
+# In short: https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html#Updating-version-info
+# LIBVERSION=c:r:a
+# If the library source code has changed at all since the last update, then increment revision: c:r + 1:a.
+# If any interfaces have been added, removed, or changed since the last update: c + 1:0:0.
+# If any interfaces have been added since the last public release: c:r:a + 1.
+# If any interfaces have been removed or changed since the last public release: c:r:0.
+#library	what			description / commit summary line
+simtrace2	API/ABI change		osmo_st2_transport new member

contrib/flash.py

@@ -0,0 +1,162 @@
+#!/usr/bin/env python
+# encoding: utf-8
+# python: 3.8.1
+
+# library to enumerate USB devices
+import usb.core
+from usb.util import *
+# more elegant structure
+from typing import NamedTuple
+# regular expressions utilities
+import re
+# open utilities to handle files
+import os, sys
+# to download the firmwares
+import urllib.request
+# to flash using DFU-util
+import subprocess
+
+# SIMtrace 2 device information
+class Device(NamedTuple):
+	usb_vendor_id: int
+	usb_product_id: int
+	name: str
+	url: dict # 1: sniff/trace firmware, 2: card emulation firmware
+
+# SIMtrace 2 devices definitions
+DEVICE_SIMTRACE = Device(usb_vendor_id=0x1d50, usb_product_id=0x60e3, name="SIMtrace 2", url={"trace": "https://ftp.osmocom.org/binaries/simtrace2/firmware/latest/simtrace-trace-dfu-latest.bin", "cardem": "https://osmocom.org/attachments/download/3868/simtrace-cardem-dfu.bin"})
+DEVICE_QMOD = Device(usb_vendor_id=0x1d50, usb_product_id=0x4004, name="sysmoQMOD (Quad Modem)", url={"cardem": "https://ftp.osmocom.org/binaries/simtrace2/firmware/latest/qmod-cardem-dfu-latest.bin"})
+DEVICE_OWHW = Device(usb_vendor_id=0x1d50, usb_product_id=0x4001, name="OWHW", url={"cardem": "https://ftp.osmocom.org/binaries/simtrace2/firmware/latest/owhw-cardem-dfu-latest.bin"})
+DEVICES = [DEVICE_SIMTRACE, DEVICE_QMOD]
+
+# which firmware does the SIMtrace USN interface subclass correspond
+FIRMWARE_SUBCLASS = {1: "trace", 2: "cardem"}
+
+def print_help():
+	print("this script will flash SIMtrace 2 - based devices")
+	print("when no argument is provided, it will try to flash the application firmware of all SIMtrace 2 devices connected to USB with the latest version")
+	print("to flash a specific firmware, provide the name as argument")
+	print("the possible firmwares are: trace, cardem")
+	print("to list all devices connected to USB, provide the argument \"list\"")
+
+# the firmware to flash
+to_flash = None
+
+# parse command line argument
+if len(sys.argv) == 2:
+  to_flash = sys.argv[1]
+if to_flash not in ["list", "trace", "cardem"] and len(sys.argv) > 1:
+	print_help()
+	exit(0)
+
+# get all USB devices
+devices = []
+devices_nb = 0
+updated_nb = 0
+usb_devices = usb.core.find(find_all=True)
+for usb_device in usb_devices:
+	# find SIMtrace devices
+	definitions = list(filter(lambda x: x.usb_vendor_id == usb_device.idVendor and x.usb_product_id == usb_device.idProduct, DEVICES))
+	if 1 != len(definitions):
+		continue
+	devices_nb += 1
+	definition = definitions[0]
+	serial = usb_device.serial_number or "unknown"
+	usb_path = str(usb_device.bus) + "-" + ".".join(map(str, usb_device.port_numbers))
+	print("found " + definition.name + " device (chip ID " + serial + ") at USB path " + usb_path)
+	# determine if we are running DFU (in most cases the bootloader, but could also be the application)
+	dfu_interface = None
+	for configuration in usb_device:
+		# get DFU interface descriptor
+		dfu_interface = dfu_interface or find_descriptor(configuration, bInterfaceClass=254, bInterfaceSubClass=1)
+	if (None == dfu_interface):
+		print("no DFU USB interface found")
+		continue
+	dfu_mode = (2 == dfu_interface.bInterfaceProtocol) # InterfaceProtocol 1 is runtime mode, 2 is DFU mode
+	# determine firmware type (when not in DFU mode)
+	firmware = None
+	simtrace_interface = None
+	for configuration in usb_device:
+		simtrace_interface = simtrace_interface or find_descriptor(configuration, bInterfaceClass=255)
+	if simtrace_interface and simtrace_interface.bInterfaceSubClass in FIRMWARE_SUBCLASS:
+		firmware = firmware or FIRMWARE_SUBCLASS[simtrace_interface.bInterfaceSubClass]
+	if dfu_mode:
+		firmware = 'dfu'
+	if firmware:
+		print("installed firmware: " + firmware)
+	else:
+		print("unknown installed firmware")
+		continue
+	# determine version of the application/bootloader firmware
+	version = None
+	version_interface = None
+	for configuration in usb_device:
+		# get custom interface with string
+		version_interface = version_interface or find_descriptor(configuration, bInterfaceClass=255, bInterfaceSubClass=255)
+	if version_interface and version_interface.iInterface and version_interface.iInterface > 0 and get_string(usb_device, version_interface.iInterface):
+		version = get_string(usb_device, version_interface.iInterface)
+	if not version:
+		# the USB serial is set (in the application) since version 0.5.1.34-e026 from 2019-08-06
+		# https://git.osmocom.org/simtrace2/commit/?id=e0265462d8c05ebfa133db2039c2fbe3ebbd286e
+		# the USB serial is set (in the bootloader) since version 0.5.1.45-ac7e from 2019-11-18
+		# https://git.osmocom.org/simtrace2/commit/?id=5db9402a5f346e30288db228157f71c29aefce5a
+		# the firmware version is set (in the application) since version 0.5.1.37-ede8 from 2019-08-13
+		# https://git.osmocom.org/simtrace2/commit/?id=ede87e067dadd07119f24e96261b66ac92b3af6f
+		# the firmware version is set (in the bootloader) since version 0.5.1.45-ac7e from 2019-11-18
+		# https://git.osmocom.org/simtrace2/commit/?id=5db9402a5f346e30288db228157f71c29aefce5a
+		if dfu_mode:
+			if serial:
+				version = "< 0.5.1.45-ac7e"
+			else:
+				versoin = "< 0.5.1.45-ac7e"
+		else:
+			if serial:
+				version = "< 0.5.1.37-ede8"
+			else:
+				versoin = "< 0.5.1.34-e026"
+	print("device firmware version: " + version)
+	# flash latest firmware
+	if to_flash == "list": # we just want to list the devices, not flash them
+		continue
+	# check the firmware exists
+	if firmware == "dfu" and to_flash is None:
+		print("device is currently in DFU mode. you need to specify which firmware to flash")
+		continue
+	to_flash = to_flash or firmware
+	if to_flash not in definition.url.keys():
+		print("no firmware image available for " + firmware + " firmware")
+		continue
+	# download firmware
+	try:
+		dl_path, header = urllib.request.urlretrieve(definition.url[to_flash])
+	except:
+		print("could not download firmware " + definition.url[to_flash])
+		continue
+	dl_file = open(dl_path, "rb")
+	dl_data = dl_file.read()
+	dl_file.close()
+	# compare versions
+	dl_version = re.search(b'firmware \d+\.\d+\.\d+\.\d+-[0-9a-fA-F]{4}', dl_data)
+	if dl_version is None:
+		print("could not get version from downloaded firmware image")
+		os.remove(dl_path)
+		continue
+	dl_version = dl_version.group(0).decode("utf-8").split(" ")[1]
+	print("latest firmware version: " + dl_version)
+	versions = list(map(lambda x: int(x), version.split(" ")[-1].split("-")[0].split(".")))
+	dl_versions = list(map(lambda x: int(x), dl_version.split("-")[0].split(".")))
+	dl_newer = (versions[0] < dl_versions[0] or (versions[0] == dl_versions[0] and versions[1] < dl_versions[1]) or (versions[0] == dl_versions[0] and versions[1] == dl_versions[1] and versions[2] < dl_versions[2]) or (versions[0] == dl_versions[0] and versions[1] == dl_versions[1] and versions[2] == dl_versions[2] and versions[3] < dl_versions[3]))
+	if not dl_newer:
+		print("no need to flash latest version")
+		os.remove(dl_path)
+		continue
+	print("flashing latest version")
+	dfu_result = subprocess.run(["dfu-util", "--device", hex(definition.usb_vendor_id) + ":" + hex(definition.usb_product_id), "--path", usb_path, "--cfg", "1", "--alt", "1", "--reset", "--download", dl_path])
+	os.remove(dl_path)
+	if 0 != dfu_result.returncode:
+		printf("flashing firmware using dfu-util failed. ensure dfu-util is installed and you have the permissions to access this USB device")
+		continue
+	updated_nb += 1
+
+print(str(devices_nb)+ " SIMtrace 2 device(s) found")
+print(str(updated_nb)+ " SIMtrace 2 device(s) updated")

contrib/jenkins.sh

@@ -21,11 +21,14 @@ mkdir "$deps" || true
 
 osmo-build-dep.sh libosmocore "" '--disable-doxygen --enable-gnutls'
 
+# verify only after building the dependency (to ensure we have most recent source of dependency)
+verify_value_string_arrays_are_terminated.py $(find . -name "*.[hc]")
+
 export PKG_CONFIG_PATH="$inst/lib/pkgconfig:$PKG_CONFIG_PATH"
 export LD_LIBRARY_PATH="$inst/lib"
 
 BUILDS=""
-BUILDS+="simtrace/dfu simtrace/cardem simtrace/trace " # simtrace/triple_play
+BUILDS+="simtrace/dfu simtrace/trace simtrace/cardem "
 BUILDS+="qmod/dfu qmod/cardem "
 BUILDS+="owhw/dfu owhw/cardem "
 
@@ -50,23 +53,37 @@ make clean
 echo
 echo "=============== HOST START  =============="
 cd $TOPDIR/host
-make clean
-make
-make clean
+autoreconf --install --force
+./configure --enable-sanitize --enable-werror
+$MAKE $PARALLEL_MAKE
+#$MAKE distcheck || cat-testlogs.sh
+make dist
+
+#if [ "$WITH_MANUALS" = "1" ] && [ "$PUBLISH" = "1" ]; then
+#	make -C "$base/doc/manuals" publish
+#fi
+
+rm -rf $TOPDIR/firmware/bin/simtrace-cardem*
 
 if [ "x$publish" = "x--publish" ]; then
 	echo
 	echo "=============== UPLOAD BUILD  =============="
+	$TOPDIR/contrib/prepare_upload.sh
 
-	cat > "$WORKSPACE/known_hosts" <<EOF
-[rita.osmocom.org]:48 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDgQ9HntlpWNmh953a2Gc8NysKE4orOatVT1wQkyzhARnfYUerRuwyNr1GqMyBKdSI9amYVBXJIOUFcpV81niA7zQRUs66bpIMkE9/rHxBd81SkorEPOIS84W4vm3SZtuNqa+fADcqe88Hcb0ZdTzjKILuwi19gzrQyME2knHY71EOETe9Yow5RD2hTIpB5ecNxI0LUKDq+Ii8HfBvndPBIr0BWYDugckQ3Bocf+yn/tn2/GZieFEyFpBGF/MnLbAAfUKIdeyFRX7ufaiWWz5yKAfEhtziqdAGZaXNaLG6gkpy3EixOAy6ZXuTAk3b3Y0FUmDjhOHllbPmTOcKMry9
-[rita.osmocom.org]:48 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPdWn1kEousXuKsZ+qJEZTt/NSeASxCrUfNDW3LWtH+d8Ust7ZuKp/vuyG+5pe5pwpPOgFu7TjN+0lVjYJVXH54=
-[rita.osmocom.org]:48 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8iivY70EiR5NiGChV39gRLjNpC8lvu1ZdHtdMw2zuX
+	cat > "/build/known_hosts" <<EOF
+[ftp.osmocom.org]:48 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDgQ9HntlpWNmh953a2Gc8NysKE4orOatVT1wQkyzhARnfYUerRuwyNr1GqMyBKdSI9amYVBXJIOUFcpV81niA7zQRUs66bpIMkE9/rHxBd81SkorEPOIS84W4vm3SZtuNqa+fADcqe88Hcb0ZdTzjKILuwi19gzrQyME2knHY71EOETe9Yow5RD2hTIpB5ecNxI0LUKDq+Ii8HfBvndPBIr0BWYDugckQ3Bocf+yn/tn2/GZieFEyFpBGF/MnLbAAfUKIdeyFRX7ufaiWWz5yKAfEhtziqdAGZaXNaLG6gkpy3EixOAy6ZXuTAk3b3Y0FUmDjhOHllbPmTOcKMry9
+[ftp.osmocom.org]:48 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPdWn1kEousXuKsZ+qJEZTt/NSeASxCrUfNDW3LWtH+d8Ust7ZuKp/vuyG+5pe5pwpPOgFu7TjN+0lVjYJVXH54=
+[ftp.osmocom.org]:48 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8iivY70EiR5NiGChV39gRLjNpC8lvu1ZdHtdMw2zuX
 EOF
-	SSH_COMMAND="ssh -o 'UserKnownHostsFile=$WORKSPACE/known_hosts' -p 48"
-	rsync -avz --delete -e "$SSH_COMMAND" $TOPDIR/firmware/bin/*.bin binaries@rita.osmocom.org:web-files/simtrace2/firmware/
+	SSH_COMMAND="ssh -o 'UserKnownHostsFile=/build/known_hosts' -p 48"
+	rsync --archive --verbose --compress --delete --rsh "$SSH_COMMAND" $TOPDIR/firmware/bin/*-latest.{bin,elf} binaries@ftp.osmocom.org:web-files/simtrace2/firmware/latest/
+	rsync --archive --verbose --compress --rsh "$SSH_COMMAND" --exclude $TOPDIR/firmware/bin/*-latest.{bin,elf} $TOPDIR/firmware/bin/*-*-*-*.{bin,elf} binaries@ftp.osmocom.org:web-files/simtrace2/firmware/all/
 fi
 
+echo
+echo "=============== HOST CLEAN  =============="
+$MAKE maintainer-clean
+
 echo
 echo "=============== FIRMWARE CLEAN  =============="
 cd $TOPDIR/firmware/

contrib/prepare_upload.sh

@@ -0,0 +1,16 @@
+#!/bin/sh -e
+# Create copies of binaries with -latest, -$GIT_VERSION (OS#4413, OS#3452)
+cd "$(dirname "$0")/.."
+
+GIT_VERSION="$(./git-version-gen .tarball-version)"
+
+echo "Copying binaries with "-latest" and "-$GIT_VERSION" appended..."
+
+cd firmware/bin
+for ext in bin elf; do
+	for file in *."$ext"; do
+		without_ext="${file%.*}"
+		cp -v "$file" "$without_ext-latest.$ext"
+		cp -v "$file" "$without_ext-$GIT_VERSION.$ext"
+	done
+done

debian/changelog

@@ -1,3 +1,9 @@
+simtrace2 (0.5.2) UNRELEASED; urgency=medium
+
+  * adapt to host tools in autotools
+
+ -- Harald Welte <lafore@gnumonks.org>  Thu, 28 Nov 2019 00:44:57 +0100
+
 simtrace2 (0.5.1) unstable; urgency=medium
 
   * Backwards-compatibility with older (released, non-master) libosmocore

debian/control

@@ -3,7 +3,15 @@ Maintainer: Harald Welte <laforge@gnumonks.org>
 Section: devel
 Priority: optional
 Build-Depends: debhelper (>= 9),
+               autotools-dev,
+               autoconf,
+               automake,
+               libtool,
+               pkg-config,
+               git,
+               dh-autoreconf,
                libosmocore-dev,
+               libpcsclite-dev,
                libnewlib-arm-none-eabi,
                libusb-1.0-0-dev,
                gcc-arm-none-eabi
@@ -25,6 +33,33 @@ Package: simtrace2-utils
 Section: devel
 Architecture: any
 Multi-Arch: same
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, libosmo-simtrace2-0
 Recommends: simtrace2-firmware
 Description: Host utilities to communicate with SIMtrace2 USB Devices.
+
+Package: libosmo-simtrace2-0
+Section: libs
+Architecture: any
+Multi-Arch: same
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: Osmocom SIMtrace2 library
+  This library contains core "driver" functionality to interface with the
+  Osmocom SIMtrace2 (and compatible) USB device firmware.  It enables
+  applications to implement SIM card / smart card tracing as well as
+  SIM / smart card emulation functions.
+
+Package: libosmo-simtrace2-dev
+Section: libdevel
+Architecture: any
+Multi-Arch: same
+Depends: libosmo-simtrace2-0, ${misc:Depends}
+Description: Development headers for Osmocom SIMtrace2 library
+  This library contains core "driver" functionality to interface with the
+  Osmocom SIMtrace2 (and compatible) USB device firmware.  It enables
+  applications to implement SIM card / smart card tracing as well as
+  SIM / smart card emulation functions.
+  .
+  The header files provided by this package may be used to develop
+  with any of the libosmocore libraries.
+  .
+  Also static libraries are installed with this package.

debian/libosmo-simtrace2-0.install

@@ -0,0 +1 @@
+usr/lib/libosmo-simtrace2*.so.*

debian/libosmo-simtrace2-dev.install

@@ -0,0 +1,5 @@
+usr/include/*
+usr/lib/lib*.a
+usr/lib/lib*.so
+usr/lib/lib*.la
+usr/lib/pkgconfig/*

debian/rules

@@ -1,4 +1,19 @@
 #!/usr/bin/make -f
 
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+DEBIAN  := $(shell dpkg-parsechangelog | grep ^Version: | cut -d' ' -f2)
+DEBVERS := $(shell echo '$(DEBIAN)' | cut -d- -f1)
+VERSION := $(shell echo '$(DEBVERS)' | sed -e 's/[+-].*//' -e 's/~//g')
+
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+export DEB_LDFLAGS_MAINT_STRIP = -Wl,-Bsymbolic-functions
+
+
 %:
 	dh $@
+
+override_dh_autoreconf:
+	cd host && dh_autoreconf

debian/source/format

@@ -0,0 +1 @@
+3.0 (native)

firmware/Makefile

@@ -28,22 +28,33 @@
 
 #   Makefile for compiling the Getting Started with SAM3S Microcontrollers project
 
+GIT_VERSION=$(shell $(TOP)/git-version-gen $(TOP)/.tarball-version)
 #-------------------------------------------------------------------------------
 #        User-modifiable options
 #-------------------------------------------------------------------------------
 
+# verbosity
+V ?= 0
+ifneq ("$(V)","0")
+SILENT :=
+else
+SILENT := @
+endif
+
 # Chip & board used for compilation
 # (can be overriden by adding CHIP=chip and BOARD=board to the command-line)
 CHIP  ?= sam3s4
 BOARD ?= qmod
-
-# Defines which are the available memory targets for the SAM3S-EK board.
-MEMORIES ?= flash dfu
-
-# Output file basename
 APP ?= dfu
 
-# Output directories
+# Defines which are the available memory targets for the SAM3S-EK board.
+ifeq ($(APP), dfu)
+MEMORIES ?= flash dfu
+else
+MEMORIES ?= dfu
+endif
+
+# Output directories and filename
 OUTPUT = $(BOARD)-$(APP)
 BIN = bin
 OBJ = obj/$(BOARD)
@@ -73,7 +84,6 @@ GDB = $(CROSS_COMPILE)gdb
 NM = $(CROSS_COMPILE)nm
 
 TOP=..
-GIT_VERSION=$(shell $(TOP)/git-version-gen $(TOP)/.tarvers)
 
 #-------------------------------------------------------------------------------
 #		Files
@@ -97,10 +107,11 @@ C_LIBCHIP  = $(notdir $(wildcard $(AT91LIB)/libchip_sam3s/source/*.c) $(wildcard
 C_LIBUSB     = USBDescriptors.c USBRequests.c USBD.c USBDCallbacks.c USBDDriver.c USBDDriverCallbacks.c
 C_LIBUSB_RT  = dfu.c dfu_runtime.c
 C_LIBUSB_DFU = dfu.c dfu_desc.c dfu_driver.c
-C_LIBCOMMON  = string.c stdio.c fputs.c usb_buf.c ringbuffer.c pseudo_talloc.c host_communication.c
+C_LIBCOMMON  = string.c stdio.c fputs.c usb_buf.c ringbuffer.c pseudo_talloc.c host_communication.c \
+	       main_common.c stack_check.c
 
 C_BOARD      = $(notdir $(wildcard libboard/common/source/*.c))
-C_BOARD	    += $(notdir $(wildcard libboard/$(BOARD)/source/*.c))
+C_BOARD     += $(notdir $(wildcard libboard/$(BOARD)/source/*.c))
 
 C_APPLEVEL = $(notdir $(wildcard apps/$(APP)/*.c))
 
@@ -120,15 +131,15 @@ C_OBJECTS  = $(C_FILES:%.c=%.o)
 # TRACE_LEVEL_NO_TRACE   0
 TRACE_LEVEL ?= 4
 
-DEBUG_PHONE_SNIFF?=0
+# allow asserting the peer SAM3S ERASE signal to completely erase the flash
+# only applicable for qmod board
+ALLOW_PEER_ERASE?=0
 
 #CFLAGS+=-DUSB_NO_DEBUG=1
 
 # Optimization level, put in comment for debugging
 OPTIMIZATION ?= -Os
 
-
-
 # Flags
 INCLUDES_USB = -I$(AT91LIB)/usb/include -I$(AT91LIB)
 
@@ -161,18 +172,25 @@ CFLAGS += -Wno-suggest-attribute=noreturn
 # -mlong-calls  -Wall
 #CFLAGS += -save-temps -fverbose-asm
 #CFLAGS += -Wa,-a,-ad
-CFLAGS += -D__ARM
+CFLAGS += -D__ARM -fno-builtin
 CFLAGS += --param max-inline-insns-single=500 -mcpu=cortex-m3 -mthumb # -mfix-cortex-m3-ldrd
-CFLAGS += -ffunction-sections -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -DTRACE_LEVEL=$(TRACE_LEVEL) -DDEBUG_PHONE_SNIFF=$(DEBUG_PHONE_SNIFF)
+CFLAGS += -ffunction-sections -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -DTRACE_LEVEL=$(TRACE_LEVEL) -DALLOW_PEER_ERASE=$(ALLOW_PEER_ERASE)
 CFLAGS += -DGIT_VERSION=\"$(GIT_VERSION)\"
 CFLAGS += -DBOARD=\"$(BOARD)\" -DBOARD_$(BOARD)
 CFLAGS += -DAPPLICATION=\"$(APP)\" -DAPPLICATION_$(APP)
+
+# Disable stack protector by default (OS#5081)
+ifeq ($(STACK_PROTECTOR), 1)
+CFLAGS += -fstack-protector
+else
+CFLAGS += -fno-stack-protector
+endif
+
 ASFLAGS = -mcpu=cortex-m3 -mthumb -Wall -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -D__ASSEMBLY__
-LDFLAGS = -mcpu=cortex-m3 -mthumb -Wl,--cref -Wl,--check-sections -Wl,--gc-sections -Wl,--entry=ResetException -Wl,--unresolved-symbols=report-all -Wl,--warn-common -Wl,--warn-section-align -Wl,--warn-unresolved-symbols $(LIB)
+LDFLAGS = -mcpu=cortex-m3 -mthumb -Wl,--cref -Wl,--check-sections -Wl,--gc-sections -Wl,--entry=ResetException -Wl,--unresolved-symbols=report-all -Wl,--warn-common -Wl,--warn-section-align -Wl,--print-memory-usage -Wl,--no-undefined $(LIB)
 #LD_OPTIONAL=-Wl,--print-gc-sections -Wl,--stats
 
-
-# Append OBJ and BIN directories to output filename
+# Append BIN directories to output filename
 OUTPUT := $(BIN)/$(OUTPUT)
 
 #-------------------------------------------------------------------------------
@@ -196,7 +214,11 @@ $(BIN) $(OBJ):
 usbstring/usbstring: usbstring/usbstring.c
 	gcc $^ -o $@
 
-apps/$(APP)/usb_strings_generated.h: apps/$(APP)/usb_strings.txt usbstring/usbstring
+.PHONY: apps/$(APP)/usb_strings.txt.patched
+apps/$(APP)/usb_strings.txt.patched: apps/$(APP)/usb_strings.txt
+	sed "s/PRODUCT_STRING/$(shell cat libboard/$(BOARD)/product_string.txt)/" $< > $@
+
+apps/$(APP)/usb_strings_generated.h: apps/$(APP)/usb_strings.txt.patched usbstring/usbstring
 	cat $< | usbstring/usbstring > $@
 
 define RULES
@@ -204,18 +226,18 @@ C_OBJECTS_$(1) = $(addprefix $(OBJ)/$(1)_, $(C_OBJECTS))
 ASM_OBJECTS_$(1) = $(addprefix $(OBJ)/$(1)_, $(ASM_OBJECTS))
 
 $(1): $$(ASM_OBJECTS_$(1)) $$(C_OBJECTS_$(1))
-	@$(CC) $(LDFLAGS) $(LD_OPTIONAL) -T"libboard/common/resources/$(CHIP)/$$@.ld" -Wl,-Map,$(OUTPUT)-$$@.map -o $(OUTPUT)-$$@.elf $$^ $(LIBS)
-	@$(NM) $(OUTPUT)-$$@.elf >$(OUTPUT)-$$@.elf.txt
-	@$(OBJCOPY) -O binary $(OUTPUT)-$$@.elf $(OUTPUT)-$$@.bin
-	@$(SIZE) $$^ $(OUTPUT)-$$@.elf
+	$(SILENT)$(CC) $(LDFLAGS) $(LD_OPTIONAL) -T"libboard/common/resources/$(CHIP)/$$@.ld" -Wl,-Map,$(OUTPUT)-$$@.map -o $(OUTPUT)-$$@.elf $$^ $(LIBS)
+	$(SILENT)$(NM) $(OUTPUT)-$$@.elf >$(OUTPUT)-$$@.elf.txt
+	$(SILENT)$(OBJCOPY) -O binary $(OUTPUT)-$$@.elf $(OUTPUT)-$$@.bin
+	$(SILENT)$(SIZE) $$^ $(OUTPUT)-$$@.elf
 
 $$(C_OBJECTS_$(1)): $(OBJ)/$(1)_%.o: %.c Makefile $(OBJ) $(BIN)
 	@echo [COMPILING $$<]
-	@$(CC) $(CFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -Wa,-ahlms=$(BIN)/$$*.lst -c -o $$@ $$<
+	$(SILENT)$(CC) $(CFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -Wa,-ahlms=$(BIN)/$$*.lst -c -o $$@ $$<
 
 $$(ASM_OBJECTS_$(1)): $(OBJ)/$(1)_%.o: %.S Makefile $(OBJ) $(BIN)
 	@echo [ASSEMBLING $$@]
-	@$(CC) $(ASFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -c -o $$@ $$<
+	$(SILENT)@$(CC) $(ASFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -c -o $$@ $$<
 
 debug_$(1): $(1)
 	$(GDB) -x "$(BOARD_LIB)/resources/gcc/$(BOARD)_$(1).gdb" -ex "reset" -readnow -se $(OUTPUT)-$(1).elf
@@ -228,10 +250,11 @@ program:
 
 SERIAL ?= /dev/ttyUSB0
 log:
-	stty -F $(SERIAL) 115200
+	stty -F $(SERIAL) 921600
 	lsof $(SERIAL) && echo "log is already opened" || ( sed -u "s/\r//" $(SERIAL) | ts )
 
 clean:
+	-rm -f apps/$(APP)/usb_strings.txt.patched
 	-rm -fR $(OBJ)/*.o $(BIN)/*.bin $(BIN)/*.elf $(BIN)/*.elf.txt $(BIN)/*.map $(BIN)/*.lst `find . -name \*.p`
 
 install:

firmware/README.txt

@@ -24,6 +24,7 @@ Current boards supported are:
 * `simtrace`: The good old Osmocom SIMtrace PCB with SAM3 instead of SAM7, open hardware.
 * `qmod`: A sysmocom-proprietary quad mPCIe carrier board, publicly available
 * `owhw`: An undisclosed sysmocom-internal board, not publicly available
+* `octsimtest`: A sysmocom-proprietary production testing board, not publicly available
 
 = Firmware
 
@@ -51,6 +52,7 @@ Current applications supported are:
 * `cardem`: To provide remote SIM operation capabilities.
 * `trace`:  To monitor the communication between a SIM card and a phone (corresponds to the functionality provide by the first SIMtrace)
 * `triple_play`: To support the three previous functionalities, using USB configurations.
+* `gpio_test`: internal test code
 
 == Memories
 
@@ -76,6 +78,10 @@ $ make TRACE_LEVEL=4
 ```
 Accepted values: 0 (NO_TRACE) to 5 (DEBUG)
 
+The qmod specific option `ALLOW_PEER_ERASE` controls if the UART debug command to assert the peer SAM3S ERASE line is present in the code.
+Per default this is set to 0 to prevent accidentally erasing all firmware, including the DFU bootloader, which would then need to be flashed using SAM-BA or JTAG/SWD.
+Setting `ALLOW_PEER_ERASE` to 1 enables back the debug command and should be used only for debugging or development purposes.
+
 = Flashing
 
 To flash a firmware image follow the instructions provided in the [wiki](https://projects.osmocom.org/projects/simtrace2/wiki/).

firmware/apps/cardem/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
+C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c usb.c

firmware/apps/cardem/main.c

@@ -1,6 +1,7 @@
 /* SIMtrace 2 firmware card emulation application
  *
  * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * (C) 2018-2019, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -23,10 +24,9 @@
 #include "board.h"
 #include "simtrace.h"
 #include "utils.h"
+#include "main_common.h"
 #include <osmocom/core/timer.h>
 
-unsigned int g_unique_id[4];
-
 /*------------------------------------------------------------------------------
  *         Internal variables
  *------------------------------------------------------------------------------*/
@@ -39,7 +39,7 @@ typedef struct {
 	void (*exit) (void);
 	/* main loop content for given configuration */
 	void (*run) (void);
-	/* Interrupt handler for USART1 */
+	/* Interrupt handler for USART0 */
 	void (*usart0_irq) (void);
 	/* Interrupt handler for USART1 */
 	void (*usart1_irq) (void);
@@ -53,6 +53,8 @@ static const conf_func config_func_ptrs[] = {
 		.init = Sniffer_init,
 		.exit = Sniffer_exit,
 		.run = Sniffer_run,
+		.usart0_irq = Sniffer_usart0_irq,
+		.usart1_irq = Sniffer_usart1_irq,
 	},
 #endif
 #ifdef HAVE_CCID
@@ -101,7 +103,11 @@ static volatile enum confNum simtrace_config = CFG_NUM_CCID;
 void USBDDriverCallbacks_ConfigurationChanged(uint8_t cfgnum)
 {
 	TRACE_INFO_WP("cfgChanged%d ", cfgnum);
-	simtrace_config = cfgnum;
+	if (cfgnum < ARRAY_SIZE(config_func_ptrs)) {
+		simtrace_config = cfgnum;
+	} else {
+		TRACE_ERROR("trying to set out of bounds config %u\r\n", cfgnum);
+	}
 }
 
 void USART1_IrqHandler(void)
@@ -125,9 +131,8 @@ static void check_exec_dbg_cmd(void)
 		return;
 
 	ch = UART_GetChar();
-	/* We must echo the character to make python fdexpect happy, whcih we use in factory testing */
+	/* We must echo the character to make python fdexpect happy, which we use in factory testing */
 	fputc(ch, stdout);
-
 	board_exec_dbg_cmd(ch);
 }
 
@@ -142,7 +147,8 @@ extern int main(void)
 	unsigned int i = 0;
 
 	led_init();
-	led_blink(LED_RED, BLINK_3O_5F);
+	led_blink(LED_RED, BLINK_ALWAYS_ON);
+	led_blink(LED_GREEN, BLINK_ALWAYS_ON);
 
 	/* Enable watchdog for 2000ms, with no window */
 	WDT_Enable(WDT, WDT_MR_WDRSTEN | WDT_MR_WDDBGHLT | WDT_MR_WDIDLEHLT |
@@ -150,33 +156,7 @@ extern int main(void)
 
 	PIO_InitializeInterrupts(0);
 
-	EEFC_ReadUniqueID(g_unique_id);
-
-		printf("\n\r\n\r"
-		"=============================================================================\n\r"
-		"SIMtrace2 firmware " GIT_VERSION " (C) 2010-2016 by Harald Welte\n\r"
-		"=============================================================================\n\r");
-
-#if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
-	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
-	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
-		   g_unique_id[0], g_unique_id[1],
-		   g_unique_id[2], g_unique_id[3]);
-	uint8_t reset_cause = (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos;
-	static const char* reset_causes[] = {
-		"general reset (first power-up reset)",
-		"backup reset (return from backup mode)",
-		"watchdog reset (watchdog fault occurred)",
-		"software reset (processor reset required by the software)",
-		"user reset (NRST pin detected low)",
-	};
-	if (reset_cause < ARRAY_SIZE(reset_causes)) {
-		TRACE_INFO("Reset Cause: %s\n\r", reset_causes[reset_cause]);
-	} else {
-		TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
-	}
-#endif
-
+	print_banner();
 	board_main_top();
 
 	TRACE_INFO("USB init...\n\r");
@@ -197,14 +177,15 @@ extern int main(void)
 	}
 
 	TRACE_INFO("calling configure of all configurations...\n\r");
-	for (i = 1; i < sizeof(config_func_ptrs) / sizeof(config_func_ptrs[0]);
-	     ++i) {
+	for (i = 1; i < ARRAY_SIZE(config_func_ptrs); i++) {
 		if (config_func_ptrs[i].configure)
 			config_func_ptrs[i].configure();
 	}
 
 	TRACE_INFO("calling init of config %u...\n\r", simtrace_config);
-	config_func_ptrs[simtrace_config].init();
+	if (config_func_ptrs[simtrace_config].init) {
+		config_func_ptrs[simtrace_config].init();
+	}
 	last_simtrace_config = simtrace_config;
 
 	TRACE_INFO("entering main loop...\n\r");
@@ -232,11 +213,17 @@ extern int main(void)
 		if (last_simtrace_config != simtrace_config) {
 			TRACE_INFO("USB config chg %u -> %u\n\r",
 				   last_simtrace_config, simtrace_config);
-			config_func_ptrs[last_simtrace_config].exit();
-			config_func_ptrs[simtrace_config].init();
+			if (config_func_ptrs[last_simtrace_config].exit) {
+				config_func_ptrs[last_simtrace_config].exit();
+			}
+			if (config_func_ptrs[simtrace_config].init) {
+				config_func_ptrs[simtrace_config].init();
+			}
 			last_simtrace_config = simtrace_config;
 		} else {
-			config_func_ptrs[simtrace_config].run();
+			if (config_func_ptrs[simtrace_config].run) {
+				config_func_ptrs[simtrace_config].run();
+			}
 		}
 	}
 }

firmware/apps/cardem/usb_strings.txt

@@ -1,8 +1,8 @@
 sysmocom - s.f.m.c. GmbH
-SIMtrace 2 compatible device
+PRODUCT_STRING
 SIMtrace Sniffer
 SIMtrace CCID
-SIMtrace Phone
+SIMtrace Card Emulation
 SIMtrace MITM
 CardEmulator Modem 1
 CardEmulator Modem 2

firmware/apps/dfu/main.c

@@ -1,7 +1,7 @@
 /* SIMtrace 2 firmware USB DFU bootloader
  *
  * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
- * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * (C) 2018-2019 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -26,8 +26,15 @@
 
 #include <osmocom/core/timer.h>
 
+/* USB alternate interface index used to identify which partition to flash */
+/** USB alternate interface index indicating RAM partition */
 #define ALTIF_RAM 0
+/** USB alternate interface index indicating flash partition */
+#if defined(ENVIRONMENT_flash)
 #define ALTIF_FLASH 1
+#elif defined(ENVIRONMENT_dfu)
+#define ALTIF_FLASH 2
+#endif
 
 unsigned int g_unique_id[4];
 /* remember if the watchdog has been configured in the main loop so we can kick it in the ISR */
@@ -44,10 +51,18 @@ static const Pin pinsLeds[] = { PINS_LEDS } ;
  *----------------------------------------------------------------------------*/
 
 #define RAM_ADDR(offset) (IRAM_ADDR + BOARD_DFU_RAM_SIZE + offset)
+#if defined(ENVIRONMENT_flash)
 #define FLASH_ADDR(offset) (IFLASH_ADDR + BOARD_DFU_BOOT_SIZE + offset)
+#elif defined(ENVIRONMENT_dfu)
+#define FLASH_ADDR(offset) (IFLASH_ADDR + offset)
+#endif
 
-#define IFLASH_END	((uint8_t *)IFLASH_ADDR + IFLASH_SIZE)
-#define IRAM_END	((uint8_t *)IRAM_ADDR + IRAM_SIZE)
+#define IRAM_END ((uint8_t *)IRAM_ADDR + IRAM_SIZE)
+#if defined(ENVIRONMENT_flash)
+#define IFLASH_END ((uint8_t *)IFLASH_ADDR + IFLASH_SIZE)
+#elif defined(ENVIRONMENT_dfu)
+#define IFLASH_END ((uint8_t *)IFLASH_ADDR + BOARD_DFU_BOOT_SIZE)
+#endif
 
 /* incoming call-back: Host has transferred 'len' bytes (stored at
  * 'data'), which we shall write to 'offset' into the partition
@@ -66,7 +81,11 @@ int USBDFU_handle_dnload(uint8_t altif, unsigned int offset,
 		WDT_Restart(WDT);
 	}
 
-	printf("dnload(altif=%u, offset=%u, len=%u)\n\r", altif, offset, len);
+#if TRACE_LEVEL >= TRACE_LEVEL_INFO
+	TRACE_INFO("dnload(altif=%u, offset=%u, len=%u)\n\r", altif, offset, len);
+#else
+	printf("DL off=%u\n\r", offset);
+#endif
 
 #ifdef PINS_LEDS
 	PIO_Clear(&pinsLeds[LED_NUM_RED]);
@@ -86,7 +105,11 @@ int USBDFU_handle_dnload(uint8_t altif, unsigned int offset,
 		break;
 	case ALTIF_FLASH:
 		addr = FLASH_ADDR(offset);
+#if defined(ENVIRONMENT_flash)
 		if (addr < IFLASH_ADDR || addr + len >= IFLASH_ADDR + IFLASH_SIZE) {
+#elif defined(ENVIRONMENT_dfu)
+		if (addr < IFLASH_ADDR || addr + len >= IFLASH_ADDR + BOARD_DFU_BOOT_SIZE) {
+#endif
 			g_dfu->state = DFU_STATE_dfuERROR;
 			g_dfu->status = DFU_STATUS_errADDRESS;
 			rc = DFU_RET_STALL;
@@ -220,6 +243,17 @@ static void check_exec_dbg_cmd(void)
 	//board_exec_dbg_cmd(ch);
 }
 
+/* print a horizontal line of '=' characters; Doing this in a loop vs. using a 'const'
+ * string saves us ~60 bytes of executable size (matters particularly for DFU loader) */
+static void print_line(void)
+{
+	int i;
+	for (i = 0; i < 78; i++)
+		fputc('=', stdout);
+	fputc('\n', stdout);
+	fputc('\r', stdout);
+}
+
 /*------------------------------------------------------------------------------
  *        Main
  *------------------------------------------------------------------------------*/
@@ -242,33 +276,45 @@ extern int main(void)
 	PIO_Clear(&pinsLeds[LED_NUM_GREEN]);
 #endif
 
-	PIO_InitializeInterrupts(0);
-
 	EEFC_ReadUniqueID(g_unique_id);
 
-	printf("\n\r\n\r"
-		"=============================================================================\n\r"
-		"DFU bootloader %s for board %s (C) 2010-2017 by Harald Welte\n\r"
-		"=============================================================================\n\r",
+	printf("\n\r\n\r");
+	print_line();
+	printf("DFU bootloader %s for board %s\n\r"
+		"(C) 2010-2017 by Harald Welte, 2018-2019 by Kevin Redon\n\r",
 		manifest_revision, manifest_board);
+	print_line();
 
-	TRACE_INFO("Chip ID: 0x%08x (Ext 0x%08x)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
+#if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
+	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
 	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
 		   g_unique_id[0], g_unique_id[1],
 		   g_unique_id[2], g_unique_id[3]);
-	TRACE_INFO("Reset Cause: 0x%x\n\r", reset_cause);
+	static const char* reset_causes[] = {
+		"general reset (first power-up reset)",
+		"backup reset (return from backup mode)",
+		"watchdog reset (watchdog fault occurred)",
+		"software reset (processor reset required by the software)",
+		"user reset (NRST pin detected low)",
+	};
+	if (reset_cause < ARRAY_SIZE(reset_causes)) {
+		TRACE_INFO("Reset Cause: %s\n\r", reset_causes[reset_cause]);
+	} else {
+		TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
+	}
+#endif
 
 #if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
 	/* Find out why we are in the DFU bootloader, and not the main application */
 	TRACE_INFO("DFU bootloader start reason: ");
 	switch (USBDFU_OverrideEnterDFU()) {
 	case 0:
-		/* 0 normally means that there is no override, but we are in the bootloader,
-		 * thus the first check in board_cstartup_gnu did return something else than 0.
-		 * this can only be g_dfu->magic which is erased when the segment are
-		 * relocated, which happens in board_cstartup_gnu just after USBDFU_OverrideEnterDFU.
-		 * no static variable can be used to store this case since this will also be overwritten
-		 */
+		if (SCB->VTOR < IFLASH_ADDR + BOARD_DFU_BOOT_SIZE) {
+			TRACE_INFO_WP("unknown\n\r");
+		} else {
+			TRACE_INFO_WP("DFU is the main application\n\r");
+		}
+		break;
 	case 1:
 		TRACE_INFO_WP("DFU switch requested by main application\n\r");
 		break;
@@ -295,17 +341,16 @@ extern int main(void)
 
 	TRACE_INFO("USB init...\n\r");
 	/* Signal USB reset by disabling the pull-up on USB D+ for at least 10 ms */
+	USBD_Disconnect();
 #ifdef PIN_USB_PULLUP
 	const Pin usb_dp_pullup = PIN_USB_PULLUP;
 	PIO_Configure(&usb_dp_pullup, 1);
 	PIO_Set(&usb_dp_pullup);
 #endif
-	USBD_HAL_Suspend();
-	mdelay(20);
+	mdelay(50);
 #ifdef PIN_USB_PULLUP
 	PIO_Clear(&usb_dp_pullup);
 #endif
-	USBD_HAL_Activate();
 
 	USBDFU_Initialize(&dfu_descriptors);
 
@@ -314,8 +359,8 @@ extern int main(void)
 		check_exec_dbg_cmd();
 #if 1
 		if (i >= MAX_USB_ITER * 3) {
-			TRACE_ERROR("Resetting board (USB could "
-				    "not be configured)\n\r");
+			TRACE_ERROR("Resetting board (USB could not be configured)\n\r");
+			g_dfu->magic = USB_DFU_MAGIC; // start the bootloader after reboot
 			USBD_Disconnect();
 			NVIC_SystemReset();
 		}

firmware/apps/dfu/usb_strings.txt

@@ -1,5 +1,6 @@
 sysmocom - s.f.m.c. GmbH
-SIMtrace 2 compatible device
+PRODUCT_STRING
 DFU (Device Firmware Upgrade)
 RAM
 Flash (Application Partition)
+Flash (Bootloader Partition)

firmware/apps/freq_ctr/Makefile

@@ -0,0 +1,3 @@
+C_FILES += $(C_LIBUSB_RT)
+
+C_FILES += freq_ctr.c

firmware/apps/freq_ctr/freq_ctr.c

@@ -0,0 +1,55 @@
+#include <stdint.h>
+#include "utils.h"
+#include "tc_etu.h"
+#include "chip.h"
+
+
+/* pins for Channel 0 of TC-block 0 */
+#define PIN_TIOA0	{PIO_PA0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+
+/* pins for Channel 1 of TC-block 0 */
+#define PIN_TIOA1	{PIO_PA15, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+#define PIN_TCLK1	{PIO_PA28, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+
+static const Pin pins_tc[] = { PIN_TIOA0, PIN_TIOA1, PIN_TCLK1 };
+
+static TcChannel *tc1 = &TC0->TC_CHANNEL[1];
+
+void TC1_IrqHandler(void)
+{
+	uint32_t sr = tc1->TC_SR;
+	printf("TC1=%lu; SR=0x%08lx\r\n", tc1->TC_RA, sr);
+}
+
+void freq_ctr_init(void)
+{
+	TcChannel *tc0 = &TC0->TC_CHANNEL[0];
+
+	PIO_Configure(pins_tc, ARRAY_SIZE(pins_tc));
+
+	PMC_EnablePeripheral(ID_TC0);
+	PMC_EnablePeripheral(ID_TC1);
+
+	/* route TCLK1 to XC1 */
+	TC0->TC_BMR &= ~TC_BMR_TC1XC1S_Msk;
+	TC0->TC_BMR |= TC_BMR_TC1XC1S_TCLK1;
+
+	/* TC0 in wveform mode: Run from SCLK. Raise TIOA on RA; lower TIOA on RC + trigger */
+	tc0->TC_CMR = TC_CMR_TCCLKS_TIMER_CLOCK5 | TC_CMR_BURST_NONE |
+		      TC_CMR_EEVTEDG_NONE | TC_CMR_WAVSEL_UP_RC | TC_CMR_WAVE |
+		      TC_CMR_ACPA_SET | TC_CMR_ACPC_CLEAR;
+	tc0->TC_RA = 16384; /* set high at 16384 */
+	tc0->TC_RC = 32786; /* set low at 32786 */
+
+	/* TC1 in capture mode: Run from XC1. Trigger on TIOA rising. Load RA on rising */
+	tc1->TC_CMR = TC_CMR_TCCLKS_XC1 | TC_CMR_BURST_NONE |
+		      TC_CMR_ETRGEDG_RISING | TC_CMR_ABETRG | TC_CMR_LDRA_RISING;
+	/* Interrupt us if the external trigger happens */
+	tc1->TC_IER = TC_IER_ETRGS;
+	NVIC_EnableIRQ(TC1_IRQn);
+
+	TC0->TC_BCR = TC_BCR_SYNC;
+
+	tc0->TC_CCR = TC_CCR_CLKEN|TC_CCR_SWTRG;
+	tc1->TC_CCR = TC_CCR_CLKEN|TC_CCR_SWTRG;
+}

firmware/apps/freq_ctr/main.c

@@ -0,0 +1,54 @@
+
+#include "board.h"
+#include "utils.h"
+#include "osmocom/core/timer.h"
+
+extern void freq_ctr_init(void);
+
+/* returns '1' in case we should break any endless loop */
+static void check_exec_dbg_cmd(void)
+{
+	int ch;
+
+	if (!UART_IsRxReady())
+		return;
+
+	ch = UART_GetChar();
+
+	board_exec_dbg_cmd(ch);
+}
+
+
+extern int main(void)
+{
+	led_init();
+	led_blink(LED_RED, BLINK_ALWAYS_ON);
+	led_blink(LED_GREEN, BLINK_ALWAYS_ON);
+
+	/* Enable watchdog for 2000 ms, with no window */
+	WDT_Enable(WDT, WDT_MR_WDRSTEN | WDT_MR_WDDBGHLT | WDT_MR_WDIDLEHLT |
+		   (WDT_GetPeriod(2000) << 16) | WDT_GetPeriod(2000));
+
+	PIO_InitializeInterrupts(0);
+
+
+	printf("\n\r\n\r"
+		"=============================================================================\n\r"
+		"Freq Ctr firmware " GIT_VERSION " (C) 2019 by Harald Welte\n\r"
+		"=============================================================================\n\r");
+
+	board_main_top();
+
+	TRACE_INFO("starting frequency counter...\n\r");
+	freq_ctr_init();
+
+	TRACE_INFO("entering main loop...\n\r");
+	while (1) {
+		WDT_Restart(WDT);
+
+		check_exec_dbg_cmd();
+		osmo_timers_prepare();
+		osmo_timers_update();
+	}
+
+}

firmware/apps/freq_ctr/usb_strings.txt

@@ -0,0 +1,10 @@
+sysmocom - s.f.m.c. GmbH
+PRODUCT_STRING
+SIMtrace Sniffer
+SIMtrace CCID
+SIMtrace Card Emulation
+SIMtrace MITM
+CardEmulator Modem 1
+CardEmulator Modem 2
+CardEmulator Modem 3
+CardEmulator Modem 4

firmware/apps/gpio_test/Makefile

@@ -0,0 +1,3 @@
+C_FILES += $(C_LIBUSB_RT)
+
+C_FILES += gpio_test.c

firmware/apps/gpio_test/gpio_test.c

@@ -0,0 +1,8 @@
+#include <stdint.h>
+#include "utils.h"
+#include "chip.h"
+
+void gpio_test_init(void)
+{
+	printf("FIXME run tests here\n\r");
+}

firmware/apps/gpio_test/main.c

@@ -0,0 +1,54 @@
+
+#include "board.h"
+#include "utils.h"
+#include "osmocom/core/timer.h"
+
+extern void gpio_test_init(void);
+
+/* returns '1' in case we should break any endless loop */
+static void check_exec_dbg_cmd(void)
+{
+	int ch;
+
+	if (!UART_IsRxReady())
+		return;
+
+	ch = UART_GetChar();
+
+	board_exec_dbg_cmd(ch);
+}
+
+
+extern int main(void)
+{
+	led_init();
+	led_blink(LED_RED, BLINK_ALWAYS_ON);
+	led_blink(LED_GREEN, BLINK_ALWAYS_ON);
+
+	/* Enable watchdog for 2000 ms, with no window */
+	WDT_Enable(WDT, WDT_MR_WDRSTEN | WDT_MR_WDDBGHLT | WDT_MR_WDIDLEHLT |
+		   (WDT_GetPeriod(2000) << 16) | WDT_GetPeriod(2000));
+
+	PIO_InitializeInterrupts(0);
+
+
+	printf("\n\r\n\r"
+		"=============================================================================\n\r"
+		"GPIO Test firmware " GIT_VERSION " (C) 2019 Sysmocom GmbH\n\r"
+		"=============================================================================\n\r");
+
+	board_main_top();
+
+	TRACE_INFO("starting gpio test...\n\r");
+	gpio_test_init();
+
+	TRACE_INFO("entering main loop...\n\r");
+	while (1) {
+		WDT_Restart(WDT);
+
+		check_exec_dbg_cmd();
+		osmo_timers_prepare();
+		osmo_timers_update();
+	}
+
+}

firmware/apps/gpio_test/usb_strings.txt

@@ -0,0 +1,10 @@
+sysmocom - s.f.m.c. GmbH
+PRODUCT_STRING
+SIMtrace Sniffer
+SIMtrace CCID
+SIMtrace Card Emulation
+SIMtrace MITM
+CardEmulator Modem 1
+CardEmulator Modem 2
+CardEmulator Modem 3
+CardEmulator Modem 4

firmware/apps/trace/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
+C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c usb.c

firmware/apps/trace/main.c

@@ -24,10 +24,9 @@
 #include "board.h"
 #include "simtrace.h"
 #include "utils.h"
+#include "main_common.h"
 #include "osmocom/core/timer.h"
 
-unsigned int g_unique_id[4];
-
 /*------------------------------------------------------------------------------
  *         Internal variables
  *------------------------------------------------------------------------------*/
@@ -158,20 +157,7 @@ extern int main(void)
 
 	PIO_InitializeInterrupts(0);
 
-	EEFC_ReadUniqueID(g_unique_id);
-
-		printf("\n\r\n\r"
-		"=============================================================================\n\r"
-		"SIMtrace2 firmware " GIT_VERSION " (C) 2010-2016 by Harald Welte\n\r"
-		"=============================================================================\n\r");
-
-	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
-	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
-		   g_unique_id[0], g_unique_id[1],
-		   g_unique_id[2], g_unique_id[3]);
-	TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
-	TRACE_INFO("USB configuration used: %d\n\r", simtrace_config);
-
+	print_banner();
 	board_main_top();
 
 	TRACE_INFO("USB init...\n\r");

firmware/apps/trace/usb_strings.txt

@@ -1,8 +1,8 @@
 sysmocom - s.f.m.c. GmbH
-SIMtrace 2 compatible device
+PRODUCT_STRING
 SIMtrace Sniffer
 SIMtrace CCID
-SIMtrace Phone
+SIMtrace Card Emulation
 SIMtrace MITM
 CardEmulator Modem 1
 CardEmulator Modem 2

firmware/apps/triple_play/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += card_emu.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
+C_FILES += card_emu.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c usb.c

firmware/apps/triple_play/main.c

@@ -26,8 +26,6 @@
 #include "req_ctx.h"
 #include <osmocom/core/timer.h>
 
-unsigned int g_unique_id[4];
-
 /*------------------------------------------------------------------------------
  *         Internal variables
  *------------------------------------------------------------------------------*/
@@ -149,17 +147,7 @@ extern int main(void)
 
 	PIO_InitializeInterrupts(0);
 
-	EEFC_ReadUniqueID(g_unique_id);
-
-		printf("\r\n\r\n"
-		"=============================================================================\r\n"
-		"SIMtrace2 firmware " GIT_REVISION " (C) 2010-2017 by Harald Welte\r\n"
-		"=============================================================================\r\n");
-
-	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\r\n",
-		   g_unique_id[0], g_unique_id[1],
-		   g_unique_id[2], g_unique_id[3]);
-
+	print_banner();
 	board_main_top();
 
 	TRACE_INFO("USB init...\r\n");

firmware/atmel_softpack_libraries/libchip_sam3s/source/USBD_HAL.c

@@ -45,11 +45,6 @@
  *      Headers
  *---------------------------------------------------------------------------*/
 
-#ifdef TRACE_LEVEL
-#undef TRACE_LEVEL
-#endif
-#define TRACE_LEVEL TRACE_LEVEL_WARNING
-
 #include "chip.h"
 #include "USBD_HAL.h"
 #include <usb/device/dfu/dfu.h>
@@ -1082,6 +1077,14 @@ static inline uint8_t UDP_Read(uint8_t  bEndpoint,
  *      Exported functions
  *---------------------------------------------------------------------------*/
 
+
+uint16_t USBD_GetEndpointSize(uint8_t bEndpoint)
+{
+    Endpoint *pEndpoint = &(endpoints[bEndpoint]);
+
+    return pEndpoint->size;
+}
+
 /**
  * USBD (UDP) interrupt handler
  * Manages device resume, suspend, end of bus reset.
@@ -1138,7 +1141,7 @@ void USBD_IrqHandler(void)
     /* Resume (Wakeup) */
     if ((status & (UDP_ISR_WAKEUP | UDP_ISR_RXRSM)) != 0) {
 
-        TRACE_INFO_WP("Res ");
+        TRACE_DEBUG_WP("Res ");
         /* Clear and disable resume interrupts */
         UDP->UDP_ICR = UDP_ICR_WAKEUP | UDP_ICR_RXRSM | UDP_ICR_RXSUSP;
         UDP->UDP_IDR = UDP_IDR_WAKEUP | UDP_IDR_RXRSM;
@@ -1150,7 +1153,7 @@ void USBD_IrqHandler(void)
        This interrupt is always treated last (hence the '==') */
     if (status == UDP_ISR_RXSUSP) {
 
-        TRACE_INFO_WP("Susp ");
+        TRACE_DEBUG_WP("Susp ");
         /* Enable wakeup */
         UDP->UDP_IER = UDP_IER_WAKEUP | UDP_IER_RXRSM;
         /* Acknowledge interrupt */
@@ -1161,19 +1164,26 @@ void USBD_IrqHandler(void)
     /* End of bus reset */
     else if ((status & UDP_ISR_ENDBUSRES) != 0) {
 
-        TRACE_INFO_WP("EoBRes ");
+        TRACE_DEBUG_WP("EoBRes ");
 
 #if defined(BOARD_USB_DFU)
 #if defined(APPLICATION_dfu)
 	/* if we are currently in the DFU bootloader, and we are beyond
 	 * the MANIFEST stage, we shall switch to the normal
 	 * application */
-	if (g_dfu->past_manifest)
+	if (g_dfu->past_manifest) {
+#if defined(ENVIRONMENT_flash)
 		USBDFU_SwitchToApp();
+#elif defined(ENVIRONMENT_dfu)
+		USBDFU_SwitchToDFU();
+#endif
+	}
+
 #else
 	/* if we are currently in the main application, and we are in
-	 * appDETACH state, switch into the DFU bootloader */
-	if (g_dfu->state == DFU_STATE_appDETACH)
+	 * appDETACH state or past downloading, switch into the DFU bootloader.
+	 */
+	if (g_dfu->state == DFU_STATE_appDETACH || g_dfu->state == DFU_STATE_dfuMANIFEST)
 		DFURT_SwitchToDFU();
 #endif /* APPLICATION_dfu */
 #endif /* BOARD_USB_DFU */
@@ -1202,7 +1212,7 @@ void USBD_IrqHandler(void)
 
                 if (status != 0) {
 
-                    TRACE_INFO_WP("\n\r  - ");
+                    TRACE_DEBUG_WP("\n\r  - ");
                 }
             }
             eptnum++;
@@ -1211,7 +1221,7 @@ void USBD_IrqHandler(void)
 
     /* Toggle LED back to its previous state */
     TRACE_DEBUG_WP("!");
-    TRACE_INFO_WP("\n\r");
+    TRACE_DEBUG_WP("\n\r");
     if (USBD_GetState() >= USBD_STATE_POWERED) {
 
         //LED_Clear(USBD_LEDUSB);
@@ -1361,7 +1371,7 @@ uint8_t USBD_HAL_ConfigureEP(const USBEndpointDescriptor *pDescriptor)
         UDP->UDP_IER = (1 << bEndpoint);
     }
 
-    TRACE_INFO_WP("CfgEp%d ", bEndpoint);
+    TRACE_DEBUG_WP("CfgEp%d ", bEndpoint);
     return bEndpoint;
 }
 
@@ -1529,7 +1539,7 @@ void USBD_HAL_RemoteWakeUp(void)
     UDP_EnableUsbClock();
     UDP_EnableTransceiver();
 
-    TRACE_INFO_WP("RWUp ");
+    TRACE_DEBUG_WP("RWUp ");
 
     // Activates a remote wakeup (edge on ESR), then clear ESR
     UDP->UDP_GLB_STAT |= UDP_GLB_STAT_ESR;
@@ -1692,7 +1702,10 @@ void USBD_HAL_Suspend(void)
     /* The device enters the Suspended state */
     UDP_DisableTransceiver();
     UDP_DisableUsbClock();
-    UDP_DisablePeripheralClock();
+    /* Don't disable peripheral clock; this somehow breaks completion of any IN transfers
+     * that have already been written to the peripheral, and which we expect to complete
+     * after resume */
+    //UDP_DisablePeripheralClock();
 }
 
 /**

firmware/atmel_softpack_libraries/libchip_sam3s/source/efc.c

@@ -163,7 +163,7 @@ extern void EFC_TranslateAddress( Efc** ppEfc, uint32_t dwAddress, uint16_t* pwP
     wPage = (dwAddress - IFLASH_ADDR) / IFLASH_PAGE_SIZE;
     wOffset = (dwAddress - IFLASH_ADDR) % IFLASH_PAGE_SIZE;
 
-    TRACE_DEBUG( "Translated 0x%08X to page=%d and offset=%d\n\r", dwAddress, wPage, wOffset ) ;
+    TRACE_DEBUG( "Translated 0x%08lX to page=%d and offset=%d\n\r", dwAddress, wPage, wOffset ) ;
     /* Store values */
     if ( pEfc )
     {

firmware/atmel_softpack_libraries/libchip_sam3s/source/flashd.c

@@ -134,7 +134,7 @@ static void ComputeLockRange( uint32_t dwStart, uint32_t dwEnd, uint32_t *pdwAct
     // Store actual page numbers
     EFC_ComputeAddress( pStartEfc, wActualStartPage, 0, pdwActualStart ) ;
     EFC_ComputeAddress( pEndEfc, wActualEndPage, 0, pdwActualEnd ) ;
-    TRACE_DEBUG( "Actual lock range is 0x%06X - 0x%06X\n\r", *pdwActualStart, *pdwActualEnd ) ;
+    TRACE_DEBUG( "Actual lock range is 0x%06lX - 0x%06lX\n\r", *pdwActualStart, *pdwActualEnd ) ;
 }
 
 

firmware/atmel_softpack_libraries/libchip_sam3s/source/pio_it.c

@@ -211,6 +211,16 @@ extern void PIO_InitializeInterrupts( uint32_t dwPriority )
     NVIC_EnableIRQ( PIOC_IRQn ) ;
 }
 
+static InterruptSource *find_intsource4pin(const Pin *pPin)
+{
+    unsigned int i ;
+    for (i = 0; i < _dwNumSources; i++) {
+        if (_aIntSources[i].pPin == pPin)
+	    return &_aIntSources[i];
+    }
+    return NULL;
+}
+
 /**
  * Configures a PIO or a group of PIO to generate an interrupt on status
  * change. The provided interrupt handler will be called with the triggering
@@ -228,15 +238,17 @@ extern void PIO_ConfigureIt( const Pin *pPin, void (*handler)( const Pin* ) )
 
     assert( pPin ) ;
     pio = pPin->pio ;
-    assert( _dwNumSources < MAX_INTERRUPT_SOURCES ) ;
 
-    /* Define new source */
-    TRACE_DEBUG( "PIO_ConfigureIt: Defining new source #%" PRIu32 ".\n\r",  _dwNumSources ) ;
-
-    pSource = &(_aIntSources[_dwNumSources]) ;
-    pSource->pPin = pPin ;
+    pSource = find_intsource4pin(pPin);
+    if (!pSource) {
+        /* Define new source */
+        TRACE_DEBUG( "PIO_ConfigureIt: Defining new source #%" PRIu32 ".\n\r",  _dwNumSources ) ;
+        assert( _dwNumSources < MAX_INTERRUPT_SOURCES ) ;
+        pSource = &(_aIntSources[_dwNumSources]) ;
+        pSource->pPin = pPin ;
+        _dwNumSources++ ;
+    }
     pSource->handler = handler ;
-    _dwNumSources++ ;
 
     /* PIO3 with additional interrupt support
      * Configure additional interrupt mode registers */

firmware/atmel_softpack_libraries/libchip_sam3s/source/unique_id.c

@@ -8,6 +8,11 @@ void EEFC_ReadUniqueID(unsigned int *pdwUniqueID)
 {
 	unsigned int status;
 
+	/* disable interrupts, as interrupt vectors are stored in flash,
+	 * and after STUI was issued, we can no longer access flassh until
+	 * SPUI complets */
+	__disable_irq();
+
 	/* Errata / Workaround: Set bit 16 of EEFC Flash Mode Register
 	 * to 1 */
 	EFC->EEFC_FMR |= (1 << 16);
@@ -40,4 +45,6 @@ void EEFC_ReadUniqueID(unsigned int *pdwUniqueID)
 	do {
 		status = EFC->EEFC_FSR;
 	} while ((status & EEFC_FSR_FRDY) != EEFC_FSR_FRDY);
+
+	__enable_irq();
 }

firmware/atmel_softpack_libraries/usb/device/core/USBD.c

@@ -300,7 +300,7 @@ void USBD_SetConfiguration(uint8_t cfgnum)
     else {
         deviceState = USBD_STATE_ADDRESS;
         /* Reset all endpoints */
-        USBD_HAL_ResetEPs(0xFFFFFFFF, USBD_STATUS_RESET, 0);
+        USBD_HAL_ResetEPs(0xFFFFFFFE, USBD_STATUS_RESET, 0);
     }
 }
 

firmware/atmel_softpack_libraries/usb/device/core/USBDDriver.c

@@ -251,7 +251,7 @@ static void GetDescriptor(
     switch (type) {
 
         case USBGenericDescriptor_DEVICE:
-            TRACE_INFO_WP("Dev ");
+            TRACE_DEBUG_WP("Dev ");
 
             /* Adjust length and send descriptor */
 
@@ -263,7 +263,7 @@ static void GetDescriptor(
             break;
 
         case USBGenericDescriptor_CONFIGURATION:
-            TRACE_INFO_WP("Cfg ");
+            TRACE_DEBUG_WP("Cfg ");
 
             /* Adjust length and send descriptor */
 
@@ -280,7 +280,7 @@ static void GetDescriptor(
             break;
 
         case USBGenericDescriptor_DEVICEQUALIFIER:
-            TRACE_INFO_WP("Qua ");
+            TRACE_DEBUG_WP("Qua ");
 
             /* Check if descriptor exists */
 
@@ -301,7 +301,7 @@ static void GetDescriptor(
             break;
 
         case USBGenericDescriptor_OTHERSPEEDCONFIGURATION:
-            TRACE_INFO_WP("OSC ");
+            TRACE_DEBUG_WP("OSC ");
 
             /* Check if descriptor exists */
 
@@ -327,7 +327,7 @@ static void GetDescriptor(
             break;
 
         case USBGenericDescriptor_STRING:
-            TRACE_INFO_WP("Str%d ", indexRDesc);
+            TRACE_DEBUG_WP("Str%d ", indexRDesc);
 
             /* Check if descriptor exists */
 
@@ -504,13 +504,13 @@ void USBDDriver_RequestHandler(
     uint32_t length;
     uint32_t address;
 
-    TRACE_INFO_WP("Std ");
+    TRACE_DEBUG_WP("Std ");
 
     /* Check request code */
     switch (USBGenericRequest_GetRequest(pRequest)) {
 
         case USBGenericRequest_GETDESCRIPTOR:
-            TRACE_INFO_WP("gDesc ");
+            TRACE_DEBUG_WP("gDesc ");
 
             /* Send the requested descriptor */
             type = USBGetDescriptorRequest_GetDescriptorType(pRequest);
@@ -520,7 +520,7 @@ void USBDDriver_RequestHandler(
             break;
 
         case USBGenericRequest_SETADDRESS:
-            TRACE_INFO_WP("sAddr ");
+            TRACE_DEBUG_WP("sAddr ");
 
             /* Sends a zero-length packet and then set the device address */
             address = USBSetAddressRequest_GetAddress(pRequest);
@@ -528,7 +528,7 @@ void USBDDriver_RequestHandler(
             break;
 
         case USBGenericRequest_SETCONFIGURATION:
-            TRACE_INFO_WP("sCfg ");
+            TRACE_DEBUG_WP("sCfg ");
 
             /* Set the requested configuration */
             cfgnum = USBSetConfigurationRequest_GetConfiguration(pRequest);
@@ -536,27 +536,27 @@ void USBDDriver_RequestHandler(
             break;
 
         case USBGenericRequest_GETCONFIGURATION:
-            TRACE_INFO_WP("gCfg ");
+            TRACE_DEBUG_WP("gCfg ");
 
             /* Send the current configuration number */
             GetConfiguration(pDriver);
             break;
 
         case USBGenericRequest_GETSTATUS:
-            TRACE_INFO_WP("gSta ");
+            TRACE_DEBUG_WP("gSta ");
 
             /* Check who is the recipient */
             switch (USBGenericRequest_GetRecipient(pRequest)) {
 
                 case USBGenericRequest_DEVICE:
-                    TRACE_INFO_WP("Dev ");
+                    TRACE_DEBUG_WP("Dev ");
 
                     /* Send the device status */
                     GetDeviceStatus(pDriver);
                     break;
 
                 case USBGenericRequest_ENDPOINT:
-                    TRACE_INFO_WP("Ept ");
+                    TRACE_DEBUG_WP("Ept ");
 
                     /* Send the endpoint status */
                     eptnum = USBGenericRequest_GetEndpointNumber(pRequest);
@@ -572,13 +572,13 @@ void USBDDriver_RequestHandler(
             break;
 
         case USBGenericRequest_CLEARFEATURE:
-            TRACE_INFO_WP("cFeat ");
+            TRACE_DEBUG_WP("cFeat ");
 
             /* Check which is the requested feature */
             switch (USBFeatureRequest_GetFeatureSelector(pRequest)) {
 
                 case USBFeatureRequest_ENDPOINTHALT:
-                    TRACE_INFO_WP("Hlt ");
+                    TRACE_DEBUG_WP("Hlt ");
 
                     /* Unhalt endpoint and send a zero-length packet */
                     USBD_Unhalt(USBGenericRequest_GetEndpointNumber(pRequest));
@@ -586,7 +586,7 @@ void USBDDriver_RequestHandler(
                     break;
 
                 case USBFeatureRequest_DEVICEREMOTEWAKEUP:
-                    TRACE_INFO_WP("RmWU ");
+                    TRACE_DEBUG_WP("RmWU ");
 
                     /* Disable remote wake-up and send a zero-length packet */
                     pDriver->isRemoteWakeUpEnabled = 0;
@@ -602,13 +602,13 @@ void USBDDriver_RequestHandler(
             break;
 
     case USBGenericRequest_SETFEATURE:
-        TRACE_INFO_WP("sFeat ");
+        TRACE_DEBUG_WP("sFeat ");
 
         /* Check which is the selected feature */
         switch (USBFeatureRequest_GetFeatureSelector(pRequest)) {
 
             case USBFeatureRequest_DEVICEREMOTEWAKEUP:
-                TRACE_INFO_WP("RmWU ");
+                TRACE_DEBUG_WP("RmWU ");
 
                 /* Enable remote wake-up and send a ZLP */
                 pDriver->isRemoteWakeUpEnabled = 1;
@@ -616,25 +616,25 @@ void USBDDriver_RequestHandler(
                 break;
 
             case USBFeatureRequest_ENDPOINTHALT:
-                TRACE_INFO_WP("Halt ");
+                TRACE_DEBUG_WP("Halt ");
                 /* Halt endpoint */
                 USBD_Halt(USBGenericRequest_GetEndpointNumber(pRequest));
                 USBD_Write(0, 0, 0, 0, 0);
                 break;
             case USBFeatureRequest_OTG_B_HNP_ENABLE:
-                    TRACE_INFO_WP("OTG_B_HNP_ENABLE ");
+                    TRACE_DEBUG_WP("OTG_B_HNP_ENABLE ");
                     pDriver->otg_features_supported |=
                         1<<USBFeatureRequest_OTG_B_HNP_ENABLE;
                     USBD_Write(0, 0, 0, 0, 0);
                 break;
             case USBFeatureRequest_OTG_A_HNP_SUPPORT:
-                    TRACE_INFO_WP("OTG_A_HNP_SUPPORT ");
+                    TRACE_DEBUG_WP("OTG_A_HNP_SUPPORT ");
                     pDriver->otg_features_supported |=
                         1<<USBFeatureRequest_OTG_A_HNP_SUPPORT;
                     USBD_Write(0, 0, 0, 0, 0);
                 break;
             case USBFeatureRequest_OTG_A_ALT_HNP_SUPPORT:
-                    TRACE_INFO_WP("OTG_A_ALT_HNP_SUPPORT ");
+                    TRACE_DEBUG_WP("OTG_A_ALT_HNP_SUPPORT ");
                     pDriver->otg_features_supported |=
                         1<<USBFeatureRequest_OTG_A_ALT_HNP_SUPPORT;
                     USBD_Write(0, 0, 0, 0, 0);
@@ -649,7 +649,7 @@ void USBDDriver_RequestHandler(
         break;
 
     case USBGenericRequest_SETINTERFACE:
-        TRACE_INFO_WP("sInterface ");
+        TRACE_DEBUG_WP("sInterface ");
 
         infnum = USBInterfaceRequest_GetInterface(pRequest);
         setting = USBInterfaceRequest_GetAlternateSetting(pRequest);
@@ -657,7 +657,7 @@ void USBDDriver_RequestHandler(
         break;
 
     case USBGenericRequest_GETINTERFACE:
-        TRACE_INFO_WP("gInterface ");
+        TRACE_DEBUG_WP("gInterface ");
 
         infnum = USBInterfaceRequest_GetInterface(pRequest);
         GetInterface(pDriver, infnum);

firmware/atmel_softpack_libraries/usb/device/dfu/dfu.h

@@ -39,8 +39,8 @@ struct dfu_desc {
 #define DFU_FUNC_DESC  {						\
 	.bLength		= USB_DT_DFU_SIZE,			\
 	.bDescriptorType	= USB_DT_DFU,				\
-	.bmAttributes		= USB_DFU_CAN_UPLOAD | USB_DFU_CAN_DOWNLOAD, \
-	.wDetachTimeOut		= 0xff00,				\
+	.bmAttributes		= USB_DFU_CAN_UPLOAD | USB_DFU_CAN_DOWNLOAD | USB_DFU_WILL_DETACH, \
+	.wDetachTimeOut		= 0x00,				\
 	.wTransferSize		= BOARD_DFU_PAGE_SIZE,			\
 	.bcdDFUVersion		= 0x0100,				\
 }
@@ -101,7 +101,7 @@ struct dfudata {
 extern struct dfudata _g_dfu;
 extern struct dfudata *g_dfu;
 
-void set_usb_serial_str(const uint8_t *serial_usbstr);
+void set_usb_serial_str(void);
 
 void DFURT_SwitchToDFU(void);
 
@@ -124,6 +124,9 @@ void USBDFU_Initialize(const USBDDriverDescriptors *pDescriptors);
 /* USBD tells us to switch from DFU mode to application mode */
 void USBDFU_SwitchToApp(void);
 
+/* USBD tells us to switch from to DFU mode */
+void USBDFU_SwitchToDFU(void);
+
 /* Return values to be used by USBDFU_handle_{dn,up}load */
 #define DFU_RET_NOTHING	0
 #define DFU_RET_ZLP	1

firmware/atmel_softpack_libraries/usb/device/dfu/dfu_desc.c

@@ -13,14 +13,107 @@
 #include <usb/common/dfu/usb_dfu.h>
 #include <usb/device/dfu/dfu.h>
 
+#include "usb_strings_generated.h"
+
 enum {
 	STR_MANUF	= 1,
 	STR_PROD,
 	STR_CONFIG,
+	// strings for the first alternate interface (e.g. DFU)
 	_STR_FIRST_ALT,
-	STR_SERIAL	= (_STR_FIRST_ALT+BOARD_DFU_NUM_IF),
+	// serial string
+	STR_SERIAL	= (_STR_FIRST_ALT + BOARD_DFU_NUM_IF),
+	// version string (on additional interface)
+	VERSION_CONF_STR,
+	VERSION_STR,
+	// count
+	STRING_DESC_CNT,
 };
 
+/* string used to replace one of both DFU flash partition atlsettings */
+static const unsigned char usb_string_notavailable[] = {
+	USBStringDescriptor_LENGTH(13),
+	USBGenericDescriptor_STRING,
+	USBStringDescriptor_UNICODE('n'),
+	USBStringDescriptor_UNICODE('o'),
+	USBStringDescriptor_UNICODE('t'),
+	USBStringDescriptor_UNICODE(' '),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('v'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('i'),
+	USBStringDescriptor_UNICODE('l'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('b'),
+	USBStringDescriptor_UNICODE('l'),
+	USBStringDescriptor_UNICODE('e'),
+};
+
+/* USB string for the serial (using 128-bit device ID) */
+static unsigned char usb_string_serial[] = {
+	USBStringDescriptor_LENGTH(32),
+	USBGenericDescriptor_STRING,
+	USBStringDescriptor_UNICODE('0'),
+	USBStringDescriptor_UNICODE('0'),
+	USBStringDescriptor_UNICODE('1'),
+	USBStringDescriptor_UNICODE('1'),
+	USBStringDescriptor_UNICODE('2'),
+	USBStringDescriptor_UNICODE('2'),
+	USBStringDescriptor_UNICODE('3'),
+	USBStringDescriptor_UNICODE('3'),
+	USBStringDescriptor_UNICODE('4'),
+	USBStringDescriptor_UNICODE('4'),
+	USBStringDescriptor_UNICODE('5'),
+	USBStringDescriptor_UNICODE('5'),
+	USBStringDescriptor_UNICODE('6'),
+	USBStringDescriptor_UNICODE('6'),
+	USBStringDescriptor_UNICODE('7'),
+	USBStringDescriptor_UNICODE('7'),
+	USBStringDescriptor_UNICODE('8'),
+	USBStringDescriptor_UNICODE('8'),
+	USBStringDescriptor_UNICODE('9'),
+	USBStringDescriptor_UNICODE('9'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('b'),
+	USBStringDescriptor_UNICODE('b'),
+	USBStringDescriptor_UNICODE('c'),
+	USBStringDescriptor_UNICODE('c'),
+	USBStringDescriptor_UNICODE('d'),
+	USBStringDescriptor_UNICODE('d'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE('f'),
+	USBStringDescriptor_UNICODE('f'),
+};
+
+/* USB string for the version */
+static const unsigned char usb_string_version_conf[] = {
+	USBStringDescriptor_LENGTH(16),
+	USBGenericDescriptor_STRING,
+	USBStringDescriptor_UNICODE('f'),
+	USBStringDescriptor_UNICODE('i'),
+	USBStringDescriptor_UNICODE('r'),
+	USBStringDescriptor_UNICODE('m'),
+	USBStringDescriptor_UNICODE('w'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('r'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE(' '),
+	USBStringDescriptor_UNICODE('v'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE('r'),
+	USBStringDescriptor_UNICODE('s'),
+	USBStringDescriptor_UNICODE('i'),
+	USBStringDescriptor_UNICODE('o'),
+	USBStringDescriptor_UNICODE('n'),
+};
+
+static const char git_version[] = GIT_VERSION;
+static unsigned char usb_string_version[2 + ARRAY_SIZE(git_version) * 2 - 2];
+/** array of static (from usb_strings) and runtime (serial, version) USB strings */
+static const unsigned char *usb_strings_extended[STRING_DESC_CNT];
+
 static const USBDeviceDescriptor fsDevice = {
 	.bLength = 		sizeof(USBDeviceDescriptor),
 	.bDescriptorType = 	USBGenericDescriptor_DEVICE,
@@ -34,12 +127,8 @@ static const USBDeviceDescriptor fsDevice = {
 	.bcdDevice = 		BOARD_USB_RELEASE,
 	.iManufacturer =	STR_MANUF,
 	.iProduct =		STR_PROD,
-#ifdef BOARD_USB_SERIAL
 	.iSerialNumber =	STR_SERIAL,
-#else
-	.iSerialNumber =	0,
-#endif
-	.bNumConfigurations =	1,
+	.bNumConfigurations =	2, // DFU + version configurations
 };
 
 /* Alternate Interface Descriptor, we use one per partition/memory type */
@@ -52,7 +141,7 @@ static const USBDeviceDescriptor fsDevice = {
 		.bNumEndpoints =	0,					\
 		.bInterfaceClass =	0xfe,					\
 		.bInterfaceSubClass =	1,					\
-		.iInterface =		(_STR_FIRST_ALT+ALT),			\
+		.iInterface =		(_STR_FIRST_ALT + ALT),			\
 		.bInterfaceProtocol =	2,					\
 	}
 
@@ -85,17 +174,79 @@ const struct dfu_desc dfu_cfg_descriptor = {
 	.func_dfu = DFU_FUNC_DESC
 };
 
-#include "usb_strings_generated.h"
-
-#if 0
-void set_usb_serial_str(const uint8_t *serial_usbstr)
+void set_usb_serial_str(void)
 {
-	usb_strings[STR_SERIAL] = serial_usbstr;
-}
+	unsigned int i;
+
+	// put device ID into USB serial number description
+	unsigned int device_id[4];
+	EEFC_ReadUniqueID(device_id);
+	char device_id_string[32 + 1];
+	snprintf(device_id_string, ARRAY_SIZE(device_id_string), "%08x%08x%08x%08x",
+		device_id[0], device_id[1], device_id[2], device_id[3]);
+	for (i = 0; i < ARRAY_SIZE(device_id_string) - 1; i++) {
+		usb_string_serial[2 + 2 * i] = device_id_string[i];
+	}
+
+	// put version into USB string
+	usb_string_version[0] = USBStringDescriptor_LENGTH(ARRAY_SIZE(git_version) - 1);
+	usb_string_version[1] = USBGenericDescriptor_STRING;
+	for (i = 0; i < ARRAY_SIZE(git_version) - 1; i++) {
+		usb_string_version[2 + i * 2 + 0] = git_version[i];
+		usb_string_version[2 + i * 2 + 1] = 0;
+	}
+
+	// fill extended USB strings
+	for (i = 0; i < ARRAY_SIZE(usb_strings) && i < ARRAY_SIZE(usb_strings_extended); i++) {
+		usb_strings_extended[i] = usb_strings[i];
+	}
+#if defined(ENVIRONMENT_dfu)
+	usb_strings_extended[_STR_FIRST_ALT + 1] = usb_string_notavailable;
+#elif defined(ENVIRONMENT_flash)
+	usb_strings_extended[_STR_FIRST_ALT + 2] = usb_string_notavailable;
 #endif
+	usb_strings_extended[STR_SERIAL] = usb_string_serial;
+	usb_strings_extended[VERSION_CONF_STR] = usb_string_version_conf;
+	usb_strings_extended[VERSION_STR] = usb_string_version;
+}
+
+/* USB descriptor just to show the version */
+typedef struct _SIMTraceDriverConfigurationDescriptorVersion {
+	/** Standard configuration descriptor. */
+	USBConfigurationDescriptor configuration;
+	USBInterfaceDescriptor version;
+} __attribute__ ((packed)) SIMTraceDriverConfigurationDescriptorVersion;
+
+static const SIMTraceDriverConfigurationDescriptorVersion
+				configurationDescriptorVersion = {
+	/* Standard configuration descriptor for the interface descriptor*/
+	.configuration = {
+		.bLength 		= sizeof(USBConfigurationDescriptor),
+		.bDescriptorType	= USBGenericDescriptor_CONFIGURATION,
+		.wTotalLength		= sizeof(SIMTraceDriverConfigurationDescriptorVersion),
+		.bNumInterfaces		= 1,
+		.bConfigurationValue	= 2,
+		.iConfiguration		= VERSION_CONF_STR,
+		.bmAttributes		= USBD_BMATTRIBUTES,
+		.bMaxPower		= USBConfigurationDescriptor_POWER(100),
+	},
+	/* Interface standard descriptor just holding the version information */
+	.version = {
+		.bLength = sizeof(USBInterfaceDescriptor),
+		.bDescriptorType 	= USBGenericDescriptor_INTERFACE,
+		.bInterfaceNumber	= 0,
+		.bAlternateSetting	= 0,
+		.bNumEndpoints		= 0,
+		.bInterfaceClass	= USB_CLASS_PROPRIETARY,
+		.bInterfaceSubClass	= 0xff,
+		.bInterfaceProtocol	= 0,
+		.iInterface		= VERSION_STR,
+	},
+};
 
 static const USBConfigurationDescriptor *conf_desc_arr[] = {
 	&dfu_cfg_descriptor.ucfg,
+	&configurationDescriptorVersion.configuration,
 };
 
 const USBDDriverDescriptors dfu_descriptors = {
@@ -108,6 +259,6 @@ const USBDDriverDescriptors dfu_descriptors = {
 	.pHsConfiguration = NULL,
 	.pHsQualifier = NULL,
 	.pHsOtherSpeed = NULL,
-	.pStrings = usb_strings,
-	.numStrings = ARRAY_SIZE(usb_strings),
+	.pStrings = usb_strings_extended,
+	.numStrings = ARRAY_SIZE(usb_strings_extended),
 };

firmware/atmel_softpack_libraries/usb/device/dfu/dfu_driver.c

@@ -33,8 +33,7 @@
 #include <usb/common/dfu/usb_dfu.h>
 #include <usb/device/dfu/dfu.h>
 
-/* FIXME: this was used for a special ELF section which then got called
- * by DFU code and Application code, across flash partitions */
+/** specific memory location shared across bootloader and application */
 #define __dfudata __attribute__ ((section (".dfudata")))
 #define __dfufunc
 
@@ -42,11 +41,14 @@
 static USBDDriver usbdDriver;
 static unsigned char if_altsettings[1];
 
+/** structure containing the DFU state and magic value to know if DFU or application should be started */
 __dfudata struct dfudata _g_dfu = {
-  	.state = DFU_STATE_appIDLE,
+	.state = DFU_STATE_dfuIDLE,
 	.past_manifest = 0,
 	.total_bytes = 0,
 };
+
+/** variable to structure containing DFU state */
 struct dfudata *g_dfu = &_g_dfu;
 
 WEAK void dfu_drv_updstatus(void)
@@ -83,7 +85,7 @@ static void __dfufunc handle_getstate(void)
 {
 	uint8_t u8 = g_dfu->state;
 
-	TRACE_DEBUG("handle_getstate(%u)\n\r", g_dfu->state);
+	TRACE_DEBUG("handle_getstate(%ld)\n\r", g_dfu->state);
 
 	USBD_Write(0, (char *)&u8, sizeof(u8), NULL, 0);
 }
@@ -447,6 +449,7 @@ void USBDFU_Initialize(const USBDDriverDescriptors *pDescriptors)
 	/* We already start in DFU idle mode */
 	g_dfu->state = DFU_STATE_dfuIDLE;
 
+	set_usb_serial_str();
 	USBDDriver_Initialize(&usbdDriver, pDescriptors, if_altsettings);
 	USBD_Init();
 	USBD_Connect();
@@ -460,7 +463,20 @@ void USBDFU_SwitchToApp(void)
 	/* make sure the MAGIC is not set to enter DFU again */
 	g_dfu->magic = 0;
 
-	printf("switching to app\r\n");
+	/* disconnect from USB to ensure re-enumeration */
+	USBD_Disconnect();
+
+	/* disable any interrupts during transition */
+	__disable_irq();
+
+	/* Tell the hybrid to execute FTL JUMP! */
+	NVIC_SystemReset();
+}
+
+void USBDFU_SwitchToDFU(void)
+{
+	/* make sure the MAGIC is not set to enter DFU again */
+	g_dfu->magic = USB_DFU_MAGIC;
 
 	/* disconnect from USB to ensure re-enumeration */
 	USBD_Disconnect();

firmware/atmel_softpack_libraries/usb/device/dfu/dfu_runtime.c

@@ -36,7 +36,12 @@
 #include <usb/common/dfu/usb_dfu.h>
 #include <usb/device/dfu/dfu.h>
 
-struct dfudata *g_dfu = (struct dfudata *) IRAM_ADDR;
+/** specific memory location shared across bootloader and application */
+#define __dfudata __attribute__ ((section (".dfudata")))
+/** structure containing the magic value to know if DFU or application should be started */
+__dfudata struct dfudata _g_dfu;
+/** variable to structure containing the magic value to know if DFU or application should be started */
+struct dfudata *g_dfu = &_g_dfu;
 
 /* FIXME: this was used for a special ELF section which then got called
  * by DFU code and Application code, across flash partitions */
@@ -63,7 +68,7 @@ static void __dfufunc handle_getstate(void)
 {
 	uint8_t u8 = g_dfu->state;
 
-	TRACE_DEBUG("handle_getstate(%u)\n\r", g_dfu->state);
+	TRACE_DEBUG("handle_getstate(%lu)\n\r", g_dfu->state);
 
 	USBD_Write(0, (char *)&u8, sizeof(u8), NULL, 0);
 }
@@ -160,6 +165,8 @@ void USBDFU_Runtime_RequestHandler(const USBGenericRequest *request)
 			 * will then trigger DFURT_SwitchToDFU() below */
 			TRACE_DEBUG("\r\n====dfu_detach\n\r");
 			g_dfu->state = DFU_STATE_appDETACH;
+			USBD_Write(0, 0, 0, 0, 0);
+			DFURT_SwitchToDFU();
 			ret = DFU_RET_ZLP;
 			goto out;
 			break;
@@ -204,13 +211,14 @@ out:
 
 void DFURT_SwitchToDFU(void)
 {
+	__disable_irq();
+
 	/* store the magic value that the DFU loader can detect and
 	 * activate itself, rather than boot into the application */
 	g_dfu->magic = USB_DFU_MAGIC;
-
-	/* Disconnect the USB by remoting the pull-up */
+	__DMB();
+	/* Disconnect the USB by removing the pull-up */
 	USBD_Disconnect();
-	__disable_irq();
 
 	/* reset the processor, we will start execution with the
 	 * ResetVector of the bootloader */

firmware/atmel_softpack_libraries/usb/include/USBD.h

@@ -214,6 +214,8 @@ typedef void (*MblTransferCallback)(void *pArg,
  *         Exported functions
  *------------------------------------------------------------------------------*/
 
+extern uint16_t USBD_GetEndpointSize(uint8_t bEndpoint);
+
 //extern void USBD_IrqHandler(void);
 
 extern void USBD_Init(void);

firmware/libboard/common/include/board_common.h

@@ -1,4 +1,7 @@
 /* SIMtrace 2 common board pin definitions
+ *
+ * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * (C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -53,18 +56,12 @@
 /** Core definition */
 #define cortexm3
 
-#define BOARD_MCK     48000000
-
-#define PIO_LED_RED     PIO_PA17
-#define PIO_LED_GREEN   PIO_PA18
-
-#define PIN_LED_RED     {PIO_LED_RED, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
-#define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
-#define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN 
-
-#define LED_NUM_RED     0
-#define LED_NUM_GREEN   1
-
+/* LEDs are used to indicate the status
+ * the LED definition is board specific
+ * most boards have two LEDs, one green and one red
+ * the red LED indicates of the main firmware is ready (on) or if there is an error (blinking)
+ * the green LED indicates if the firmware is idling (on) or if there is activity (blinking)
+ */
 /** USART0 pin RX */
 #define PIN_USART0_RXD    {PIO_PA9A_URXD0, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /** USART0 pin TX */
@@ -79,8 +76,8 @@
 #define PINS_UART  { PIO_PA9A_URXD0|PIO_PA10A_UTXD0, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 
 /** UART0 */
-/** Console baudrate always using 115200. */
-#define CONSOLE_BAUDRATE    115200
+/** Console baud rate in bps */
+#define CONSOLE_BAUDRATE    921600
 /** UART peripheral used by the console (UART0). */
 #define CONSOLE_UART       UART0
 /** UART peripheral ID used by the console (UART0). */
@@ -111,17 +108,17 @@
 /* Interrupt request ID of USART peripheral connected to the phone */
 #define IRQ_USART_PHONE USART1_IRQn
 
-#define SIM_PWEN        PIO_PA5
-#define VCC_FWD         PIO_PA26
-
 // Board has UDP controller
 #define BOARD_USB_UDP
 
 #define BOARD_USB_DFU
+
+
 #define BOARD_DFU_BOOT_SIZE	(16 * 1024)
 #define BOARD_DFU_RAM_SIZE	(2 * 1024)
 #define BOARD_DFU_PAGE_SIZE	512
-#define BOARD_DFU_NUM_IF	2
+/** number of DFU interfaces (used to flash specific partitions) */
+#define BOARD_DFU_NUM_IF	3
 
 extern void board_exec_dbg_cmd(int ch);
 extern void board_main_top(void);

firmware/libboard/common/include/sim_switch.h

@@ -14,5 +14,13 @@
  */
 #pragma once
 
+/** switch card lines to use physical or emulated card
+ *  @param[in] nr card interface number (i.e. slot)
+ *  @param[in] physical which physical interface to switch to (e.g. 0: physical, 1: virtual)
+ *  @return 0 on success, negative else
+ */
 int sim_switch_use_physical(unsigned int nr, int physical);
+/** initialise card switching capabilities
+ *  @return number of switchable card interfaces
+ */
 int sim_switch_init(void);

firmware/libboard/common/resources/sam3s4/dfu.ld

@@ -39,9 +39,9 @@ SEARCH_DIR(.)
 MEMORY
 {
 	/* reserve the first 16k (= 0x4000) for the DFU bootloader */
-	rom (rx)  : ORIGIN = 0x00404000, LENGTH = 0x0003c000 /* flash, 256K */
-	/* reserve the first 32 (= 0x20) bytes for the _g_dfu struct */
-	ram (rwx) : ORIGIN = 0x20000020, LENGTH = 0x0000bfe0 /* sram, 48K */
+	rom (rx)  : ORIGIN = 0x00400000 + 16K, LENGTH = 256K - 16K /* flash, 256K */
+	/* note: dfudata will be at the start */
+	ram (rwx) : ORIGIN = 0x20000000, LENGTH = 48K /* SRAM, 48K */
 }
 
 /* Section Definitions */ 
@@ -111,6 +111,8 @@ SECTIONS
     {
         . = ALIGN(4);
         _srelocate = .;
+        /* we must make sure the .dfudata is linked to start of RAM */
+        *(.dfudata .dfudata.*);
         *(.ramfunc .ramfunc.*);
         *(.data .data.*);
         . = ALIGN(4);

firmware/libboard/common/resources/sam3s4/flash.ld

@@ -38,8 +38,8 @@ SEARCH_DIR(.)
 /* Memory Spaces Definitions */
 MEMORY
 {
-	rom (rx)  : ORIGIN = 0x00400000, LENGTH = 0x00040000 /* flash, 256K */
-	ram (rwx) : ORIGIN = 0x20000000, LENGTH = 0x0000c000 /* sram, 48K */
+	rom (rx)  : ORIGIN = 0x00400000, LENGTH = 16K /* flash, 256K, but only the first 16K should be used for the bootloader */
+	ram (rwx) : ORIGIN = 0x20000000, LENGTH = 48K /* SRAM, 48K */
 }
 
 /* Section Definitions */ 

firmware/libboard/common/source/board_cstartup_gnu.c

@@ -126,7 +126,7 @@ IntFunc exception_table[] = {
 	IrqHandlerNotUsed   /* 35 not used */
 };
 
-#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu)
+#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu) && defined(ENVIRONMENT_flash)
 #include "usb/device/dfu/dfu.h"
 static void BootIntoApp(void)
 {
@@ -159,8 +159,9 @@ void ResetException( void )
 	LowLevelInit() ;
 
 
-#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu)
-	if (!USBDFU_OverrideEnterDFU()) {
+#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu) && defined(ENVIRONMENT_flash)
+	// boot application if there is not DFU override
+	if (!USBDFU_OverrideEnterDFU() && SCB->VTOR < IFLASH_ADDR + BOARD_DFU_BOOT_SIZE) {
 		UART_Exit();
 		__disable_irq();
 		BootIntoApp();

firmware/libboard/common/source/board_lowlevel.c

@@ -2,6 +2,7 @@
  *         ATMEL Microcontroller Software Support
  * ----------------------------------------------------------------------------
  * Copyright (c) 2009, Atmel Corporation
+ * Copyright (c) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * All rights reserved.
  *
@@ -46,39 +47,39 @@
 #define BOARD_OSCOUNT   (CKGR_MOR_MOSCXTST(0x8))
 #define BOARD_MCKR      (PMC_MCKR_PRES_CLK | PMC_MCKR_CSS_PLLA_CLK)
 
-#if (BOARD_MCK == 48000000)
-#if (BOARD_MAINOSC == 18432000)
-/* Clock settings at 48MHz  for 18 MHz crystal */
-#define BOARD_PLLAR     (CKGR_PLLAR_STUCKTO1 \
-					   | CKGR_PLLAR_MULA(13-1) \
-					   | CKGR_PLLAR_PLLACOUNT(0x1) \
-					   | CKGR_PLLAR_DIVA(5))
-#elif (BOARD_MAINOSC == 12000000)
-/* QMod has 12 MHz clock, so multply by 8 (96 MHz) and divide by 2 */
+/** configure PLL to generate main clock based on main oscillator frequency */
+#if (BOARD_MAINOSC == 12000000) && (BOARD_MCK == 48000000)
 #define BOARD_PLLAR     (CKGR_PLLAR_STUCKTO1 \
 					   | CKGR_PLLAR_MULA(8-1) \
 					   | CKGR_PLLAR_PLLACOUNT(0x1) \
 					   | CKGR_PLLAR_DIVA(2))
-#else
-#error "Please define PLLA config for your MAINOSC frequency"
-#endif /* MAINOSC */
-#elif (BOARD_MCK == 64000000)
-#if (BOARD_MAINOSC == 18432000)
-/* Clock settings at 64MHz  for 18 MHz crystal: 64.512 MHz */
+#elif (BOARD_MAINOSC == 12000000) && (BOARD_MCK == 58000000)
 #define BOARD_PLLAR     (CKGR_PLLAR_STUCKTO1 \
-					   | CKGR_PLLAR_MULA(7-1) \
+					   | CKGR_PLLAR_MULA(29-1) \
 					   | CKGR_PLLAR_PLLACOUNT(0x1) \
-					   | CKGR_PLLAR_DIVA(2))
-#elif (BOARD_MAINOSC == 12000000)
-/* QMod has 12 MHz clock, so multply by 10 / div by 2: 60 MHz */
+					   | CKGR_PLLAR_DIVA(6))
+#elif (BOARD_MAINOSC == 12000000) && (BOARD_MCK == 60000000)
 #define BOARD_PLLAR     (CKGR_PLLAR_STUCKTO1 \
 					   | CKGR_PLLAR_MULA(10-1) \
 					   | CKGR_PLLAR_PLLACOUNT(0x1) \
 					   | CKGR_PLLAR_DIVA(2))
-#error "Please define PLLA config for your MAINOSC frequency"
-#endif /* MAINOSC */
+#elif (BOARD_MAINOSC == 18432000) && (BOARD_MCK == 47923200)
+#define BOARD_PLLAR     (CKGR_PLLAR_STUCKTO1 \
+					   | CKGR_PLLAR_MULA(13-1) \
+					   | CKGR_PLLAR_PLLACOUNT(0x1) \
+					   | CKGR_PLLAR_DIVA(5))
+#elif (BOARD_MAINOSC == 18432000) && (BOARD_MCK == 58982400)
+#define BOARD_PLLAR     (CKGR_PLLAR_STUCKTO1 \
+					   | CKGR_PLLAR_MULA(16-1) \
+					   | CKGR_PLLAR_PLLACOUNT(0x1) \
+					   | CKGR_PLLAR_DIVA(5))
+#elif (BOARD_MAINOSC == 18432000) && (BOARD_MCK == 64512000)
+#define BOARD_PLLAR     (CKGR_PLLAR_STUCKTO1 \
+					   | CKGR_PLLAR_MULA(7-1) \
+					   | CKGR_PLLAR_PLLACOUNT(0x1) \
+					   | CKGR_PLLAR_DIVA(2))
 #else
-	#error "No PLL settings for current BOARD_MCK."
+	#error "Please define PLLA config for your BOARD_MCK/MAINOSC frequency"
 #endif
 
 #if (BOARD_MAINOSC == 12000000)
@@ -126,6 +127,9 @@ extern WEAK void LowLevelInit( void )
 	SUPC->SUPC_SMMR = SUPC_SMMR_SMTH_3_0V | SUPC_SMMR_SMSMPL_CSM |
 	    	      SUPC_SMMR_SMRSTEN_ENABLE;
 
+	/* disable ERASE pin to prevent accidental flash erase */
+	MATRIX->CCFG_SYSIO |= CCFG_SYSIO_SYSIO12;
+
 	/* enable both LED and green LED */
 	PIOA->PIO_PER |= PIO_LED_RED | PIO_LED_GREEN;
 	PIOA->PIO_OER |= PIO_LED_RED | PIO_LED_GREEN;
@@ -214,3 +218,8 @@ void mdelay(unsigned int msecs)
 	do {
 	} while ((jiffies - jiffies_start) < msecs);
 }
+
+void abort() {
+	NVIC_SystemReset();
+	while(1) {};
+}

firmware/libboard/common/source/uart_console.c

@@ -85,7 +85,12 @@ extern void UART_Configure( uint32_t baudrate, uint32_t masterClock)
 
 	/* Configure baudrate */
 	/* Asynchronous, no oversampling */
-	pUart->UART_BRGR = (masterClock / baudrate) / 16;
+	//pUart->UART_BRGR = (masterClock / baudrate) / 16;
+	if ((masterClock / baudrate) % 16 >= 7) {
+		pUart->UART_BRGR = ( masterClock / baudrate) / 16 + 1;
+	} else {
+		pUart->UART_BRGR = ( masterClock / baudrate) / 16 + 0;
+	}
 
 	/* Disable PDC channel */
 	pUart->UART_PTCR = UART_PTCR_RXTDIS | UART_PTCR_TXTDIS;

firmware/libboard/octsimtest/include/board.h

@@ -0,0 +1,170 @@
+/* octSIMtest with SAM3S board definition
+ *
+ * (C) 2019 by sysmocom -s.f.m.c. GmbH, Author:Joachim Steiger <jsteiger@sysmocom.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#pragma once
+#include "board_common.h"
+#include "simtrace_usb.h"
+
+/* Name of the board */
+#define BOARD_NAME "OCTSIMTEST"
+/* Board definition */
+#define octsimtest
+
+/** oscillator used as main clock source (in Hz) */
+#define BOARD_MAINOSC 18432000
+/** desired main clock frequency (in Hz, based on BOARD_MAINOSC) */
+#define BOARD_MCK 58982400 // 18.432 * 16 / 5
+
+/** Pin configuration **/
+
+/** there is no red LED, but the code needs this second LED, thus we provide an unused pin */
+#define PIO_LED_RED     PIO_PB13
+/** MCU pin connected to green LED, which is actually amber, and the logic is inverted since it is connected to an NPN transistor (used as open drain) */
+#define PIO_LED_GREEN   PIO_PA4
+/** red LED pin definition */
+#define PIN_LED_RED     {PIO_LED_RED, PIOB, ID_PIOB, PIO_OUTPUT_1, PIO_DEFAULT}
+/** green LED pin definition */
+#define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** LEDs pin definition */
+#define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN 
+/** index for red LED in LEDs pin definition array */
+#define LED_NUM_RED     0
+/** index for green LED in LEDs pin definition array */
+#define LED_NUM_GREEN   1
+
+/* Button to force bootloader start (shorted to ground when pressed */
+#define PIN_BOOTLOADER_SW      {PIO_PA5, PIOA, ID_PIOA, PIO_INPUT, PIO_PULLUP}
+
+//FIXME SIM_PWEN_PIN collides with PA5/bootloader_sw on octsimtest
+/* Enable powering the card using the second 3.3 V output of the LDO (active high) */
+#define SIM_PWEN_PIN           {PIO_PA12, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Enable powering the SIM card */
+#define PWR_PINS                SIM_PWEN_PIN
+
+// FIXME PA8 is 32khz xtal on octsimtest
+/* Card presence pin */
+#define SW_SIM                  PIO_PA11
+/* Pull card presence pin high (shorted to ground in card slot when card is present) */
+#define SMARTCARD_CONNECT_PIN  {SW_SIM, PIOA, ID_PIOA, PIO_INPUT, PIO_PULLUP | PIO_DEBOUNCE | PIO_DEGLITCH | PIO_IT_EDGE }
+
+/** Smart card connection **/
+//FIXME
+/* Card RST reset signal input (active low; RST_SIM in schematic) */
+#define PIN_SIM_RST            {PIO_PA13, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Card I/O data signal input/output (I/O_SIM in schematic) */
+#define PIN_SIM_IO             {PIO_PA6A_TXD0, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Card CLK clock input (CLK_SIM in schematic) */
+#define PIN_SIM_CLK            {PIO_PA2B_SCK0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+/* Pin to measure card I/O timing (to start measuring the ETU on I/O activity; connected I/O_SIM in schematic) */
+#define PIN_SIM_IO_INPUT       {PIO_PA1B_TIOB0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+//FIXME PIO_PA4B_TCLK0 PA4 is LED on octsimtest
+/* Pin used as clock input (to measure the ETU duration; connected to CLK_SIM in schematic) */
+#define PIN_SIM_CLK_INPUT      {PIO_PA14, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+/* Pins used to measure ETU timing (using timer counter) */ 
+#define PINS_TC                 PIN_SIM_IO_INPUT, PIN_SIM_CLK_INPUT
+
+/** Phone connection **/
+/* Phone USIM slot 1 VCC pin (VCC_PHONE in schematic) */
+#define PIN_USIM1_VCC          {PIO_PA25, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
+/* Phone USIM slot 1 RST pin (active low; RST_PHONE in schematic) */
+#define PIN_USIM1_nRST         {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_RISE_EDGE | PIO_DEGLITCH }
+/* Phone I/O data signal input/output (I/O_PHONE in schematic) */
+#define PIN_PHONE_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Phone CLK clock input (CLK_PHONE in schematic) */
+#define PIN_PHONE_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Pin used for phone USIM slot 1 communication */
+#define PINS_USIM1              PIN_PHONE_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
+/* Phone I/O data signal input/output (unused USART RX input; connected to I/O_PHONE in schematic) */
+#define PIN_PHONE_IO_INPUT     {PIO_PA21A_RXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Pin used as clock input (to measure the ETU duration; connected to CLK_PHONE in schematic) */
+#define PIN_PHONE_CLK_INPUT    {PIO_PA29B_TCLK2, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+
+/** Default pin configuration **/
+/* Disconnect VPP, CLK, and RST lines between card and phone using bus switch (high sets bus switch to high-impedance) */
+#define PIN_SC_SW_DEFAULT      {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Disconnect I/O line between card and phone using bus switch (high sets bus switch to high-impedance) */
+#define PIN_IO_SW_DEFAULT      {PIO_PA19, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Disconnect all lines (VPP, CLK, RST, and I/O) between card and phone */
+#define PINS_BUS_DEFAULT        PIN_SC_SW_DEFAULT, PIN_IO_SW_DEFAULT
+
+/** Sniffer configuration **/
+/* Connect VPP, CLK, and RST lines between card and phone using bus switch (low connects signals on bus switch) */
+#define PIN_SC_SW_SNIFF        {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Connect I/O line between card and phone using bus switch (low connects signals on bus switch) */
+#define PIN_IO_SW_SNIFF        {PIO_PA19, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Connect all lines (VPP, CLK, RST, and I/O) between card and phone */
+#define PINS_BUS_SNIFF          PIN_SC_SW_SNIFF, PIN_IO_SW_SNIFF
+/* Card RST reset signal input (use as input since the phone will drive it) */
+#define PIN_SIM_RST_SNIFF      {PIO_PA7, PIOA, ID_PIOA, PIO_INPUT, PIO_DEGLITCH | PIO_IT_EDGE}
+/* Pins used to sniff phone-card communication */
+#define PINS_SIM_SNIFF          PIN_SIM_IO, PIN_SIM_CLK, PIN_SIM_RST_SNIFF
+/* Disable power converter 4.5-6V to 3.3V (active high) */
+#define PIN_SIM_PWEN_SNIFF     {SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Enable power switch to forward VCC_PHONE to VCC_SIM (active high) */
+#define PIN_VCC_FWD_SNIFF      {VCC_FWD, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Use phone VCC to power card */
+#define PINS_PWR_SNIFF          PIN_SIM_PWEN_SNIFF, PIN_VCC_FWD_SNIFF
+
+/** CCID configuration */
+/* Card RST reset signal input (active low; RST_SIM in schematic) */
+#define PIN_ISO7816_RSTMC      {PIO_PA7, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* ISO7816-communication related pins */
+#define PINS_ISO7816            PIN_SIM_IO,  PIN_SIM_CLK,  PIN_ISO7816_RSTMC // SIM_PWEN_PIN, PIN_SIM_IO2, PIN_SIM_CLK2
+
+/** External SPI flash interface   **/
+/* SPI MISO pin definition */
+#define PIN_SPI_MISO  {PIO_PA12A_MISO, PIOA, PIOA, PIO_PERIPH_A, PIO_PULLUP}
+/* SPI MOSI pin definition */
+#define PIN_SPI_MOSI  {PIO_PA13A_MOSI, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI SCK pin definition */
+#define PIN_SPI_SCK   {PIO_PA14A_SPCK, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI pins definition. Contains MISO, MOSI & SCK */
+#define PINS_SPI       PIN_SPI_MISO, PIN_SPI_MOSI, PIN_SPI_SCK
+/* SPI chip select 0 pin definition */
+#define PIN_SPI_NPCS0 {PIO_PA11A_NPCS0, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI flash write protect pin (active low, pulled low) */
+#define PIN_SPI_WP    {PA15, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+
+/** Pin configuration to control USB pull-up on D+
+ *  @details the USB pull-up on D+ is enable by default on the board but can be disabled by setting PA16 high
+ */
+#define PIN_USB_PULLUP  {PIO_PA16, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+
+/** USB definitions */
+/* OpenMoko SIMtrace 2 USB vendor ID */
+#define BOARD_USB_VENDOR_ID	USB_VENDOR_OPENMOKO
+/* OpenMoko SIMtrace 2 USB product ID (main application/runtime mode) */
+#define BOARD_USB_PRODUCT_ID	USB_PRODUCT_SIMTRACE2
+/* OpenMoko SIMtrace 2 DFU USB product ID (DFU bootloader/DFU mode) */
+#define BOARD_DFU_USB_PRODUCT_ID USB_PRODUCT_SIMTRACE2_DFU
+/* USB release number (bcdDevice, shown as 0.00) */
+#define BOARD_USB_RELEASE	0x000
+/* Indicate SIMtrace is bus power in USB attributes */
+#define BOARD_USB_BMATTRIBUTES	USBConfigurationDescriptor_BUSPOWERED_NORWAKEUP
+
+/** Supported modes */
+/* SIMtrace board supports sniffer mode */
+//#define HAVE_SNIFFER
+/* SIMtrace board supports CCID mode */
+//#define HAVE_CCID
+/* SIMtrace board supports card emulation mode */
+//#define HAVE_CARDEM
+/* SIMtrace board supports man-in-the-middle mode */
+//#define HAVE_MITM
+/* octsimtest board supports gpio_test mode */
+#define HAVE_GPIO_TEST

firmware/libboard/octsimtest/include/i2c.h

@@ -0,0 +1,28 @@
+/* I2C EEPROM memory read and write utilities
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#pragma once
+
+#include <stdbool.h>
+
+void i2c_pin_init(void);
+
+bool i2c_write_byte(bool send_start, bool send_stop, uint8_t byte);
+uint8_t i2c_read_byte(bool nack, bool send_stop);
+void i2c_stop_cond(void);
+
+int eeprom_write_byte(uint8_t slave, uint8_t addr, uint8_t byte);
+int eeprom_read_byte(uint8_t slave, uint8_t addr);

firmware/libboard/octsimtest/include/mcp23017.h

@@ -0,0 +1,25 @@
+/* mcp23017 i2c gpio expander read and write utilities
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#pragma once
+
+#define MCP23017_ADDRESS 0x20
+
+int mcp23017_init(uint8_t slave);
+int mcp23017_test(uint8_t slave);
+int mcp23017_toggle(uint8_t slave);
+//int mcp23017_write_byte(uint8_t slave, uint8_t addr, uint8_t byte);
+//int mcp23017_read_byte(uint8_t slave, uint8_t addr);

firmware/libboard/octsimtest/product_string.txt

@@ -0,0 +1 @@
+sysmoOCTSIM-Tester

firmware/libboard/octsimtest/source/board_octsimtest.c

@@ -0,0 +1,81 @@
+/* SIMtrace with SAM3S specific application code
+ *
+ * (C) 2017 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include "board.h"
+#include "simtrace.h"
+#include "utils.h"
+#include "sim_switch.h"
+#include <osmocom/core/timer.h>
+#include "usb_buf.h"
+#include "i2c.h"
+#include "mcp23017.h"
+
+void board_exec_dbg_cmd(int ch)
+{
+	switch (ch) {
+	case '?':
+		printf("\t?\thelp\n\r");
+		printf("\tR\treset SAM3\n\r");
+		printf("\tm\trun mcp23017 test\n\r");
+		printf("\tR\ttoggle MSB of gpio on mcp23017\n\r");
+		break;
+	case 'R':
+		printf("Asking NVIC to reset us\n\r");
+		USBD_Disconnect();
+		NVIC_SystemReset();
+		break;
+	case 'm':
+		mcp23017_test(MCP23017_ADDRESS);
+		break;
+	case 't':
+		mcp23017_toggle(MCP23017_ADDRESS);
+		break;
+	default:
+		printf("Unknown command '%c'\n\r", ch);
+		break;
+	}
+}
+
+void board_main_top(void)
+{
+#ifndef APPLICATION_dfu
+	usb_buf_init();
+
+	i2c_pin_init();
+	if (!mcp23017_init(MCP23017_ADDRESS))
+		printf("mcp23017 not found!\n\r");
+	/* Initialize checking for card insert/remove events */
+	//card_present_init();
+#endif
+}
+
+int board_override_enter_dfu(void)
+{
+	const Pin bl_sw_pin = PIN_BOOTLOADER_SW;
+
+	PIO_Configure(&bl_sw_pin, 1);
+
+	/* Enter DFU bootloader in case the respective button is pressed */
+	if (PIO_Get(&bl_sw_pin) == 0) {
+		/* do not print to early since the console is not initialized yet */
+		//printf("BOOTLOADER switch pressed -> Force DFU\n\r");
+		return 1;
+	} else
+		return 0;
+}

firmware/libboard/octsimtest/source/i2c.c

@@ -0,0 +1,225 @@
+/* I2C EEPROM memory read and write utilities
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include "board.h"
+#include <stdbool.h>
+
+/* Low-Level I2C Routines */
+
+static const Pin pin_sda = {PIO_PA30, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_OPENDRAIN };
+static const Pin pin_sda_in = {PIO_PA30, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT };
+static const Pin pin_scl = {PIO_PA31, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_OPENDRAIN };
+
+static void i2c_delay()
+{
+	volatile int v;
+	int i;
+
+	/* 100 cycles results in SCL peak length of 44us, so it's about
+	 * 440ns per cycle here */
+	for (i = 0; i < 14; i++) {
+		v = 0;
+	}
+}
+
+void i2c_pin_init(void)
+{
+	PIO_Configure(&pin_scl, PIO_LISTSIZE(pin_scl));
+	PIO_Configure(&pin_sda, PIO_LISTSIZE(pin_sda));
+}
+
+static void set_scl(void)
+{
+	PIO_Set(&pin_scl);
+	i2c_delay();
+}
+
+static void set_sda(void)
+{
+	PIO_Set(&pin_sda);
+	i2c_delay();
+}
+
+static void clear_scl(void)
+{
+	PIO_Clear(&pin_scl);
+	i2c_delay();
+}
+
+static void clear_sda(void)
+{
+	PIO_Clear(&pin_sda);
+	i2c_delay();
+}
+
+static bool read_sda(void)
+{
+	bool ret;
+
+	PIO_Configure(&pin_sda_in, PIO_LISTSIZE(pin_sda_in));
+	if (PIO_Get(&pin_sda_in))
+		ret = true;
+	else
+		ret = false;
+	PIO_Configure(&pin_sda, PIO_LISTSIZE(pin_sda));
+
+	return ret;
+}
+
+/* Core I2C Routines */
+
+static bool i2c_started = false;
+
+static void i2c_start_cond(void)
+{
+	if (i2c_started) {
+		set_sda();
+		set_scl();
+	}
+
+	clear_sda();
+	i2c_delay();
+	clear_scl();
+	i2c_started = true;
+}
+
+void i2c_stop_cond(void)
+{
+	clear_sda();
+	set_scl();
+	set_sda();
+	i2c_delay();
+	i2c_started = false;
+}
+
+static void i2c_write_bit(bool bit)
+{
+	if (bit)
+		set_sda();
+	else
+		clear_sda();
+	i2c_delay(); // ?
+	set_scl();
+	clear_scl();
+}
+
+static bool i2c_read_bit(void)
+{
+	bool bit;
+
+	set_sda();
+	set_scl();
+	bit = read_sda();
+	clear_scl();
+
+	return bit;
+}
+
+bool i2c_write_byte(bool send_start, bool send_stop, uint8_t byte)
+{
+	uint8_t bit;
+	bool nack;
+
+	if (send_start)
+		i2c_start_cond();
+
+	for (bit = 0; bit < 8; bit++) {
+		i2c_write_bit((byte & 0x80) != 0);
+		byte <<= 1;
+	}
+
+	nack = i2c_read_bit();
+
+	if (send_stop)
+		i2c_stop_cond();
+
+	return nack;
+}
+
+uint8_t i2c_read_byte(bool nack, bool send_stop)
+{
+	uint8_t byte = 0;
+	uint8_t bit;
+
+	for (bit = 0; bit < 8; bit++) {
+		byte = (byte << 1) | i2c_read_bit();
+	}
+
+	i2c_write_bit(nack);
+
+	if (send_stop)
+		i2c_stop_cond();
+
+	return byte;
+}
+
+
+/* EEPROM related code */
+
+int eeprom_write_byte(uint8_t slave, uint8_t addr, uint8_t byte)
+{
+	bool nack;
+
+	WDT_Restart(WDT);
+
+	/* Write slave address */
+	nack = i2c_write_byte(true, false, slave << 1);
+	if (nack)
+		goto out_stop;
+	nack = i2c_write_byte(false, false, addr);
+	if (nack)
+		goto out_stop;
+	nack = i2c_write_byte(false, true, byte);
+	if (nack)
+		goto out_stop;
+	/* Wait tWR time to ensure EEPROM is writing correctly (tWR = 5 ms for AT24C02) */
+	mdelay(5);
+
+out_stop:
+	i2c_stop_cond();
+	if (nack)
+		return -1;
+	else
+		return 0;
+}
+
+int eeprom_read_byte(uint8_t slave, uint8_t addr)
+{
+	bool nack;
+
+	WDT_Restart(WDT);
+
+	/* dummy write cycle */
+	nack = i2c_write_byte(true, false, slave << 1);
+	if (nack)
+		goto out_stop;
+	nack = i2c_write_byte(false, false, addr);
+	if (nack)
+		goto out_stop;
+	/* Re-start with read */
+	nack = i2c_write_byte(true, false, (slave << 1) | 1);
+	if (nack)
+		goto out_stop;
+
+	return i2c_read_byte(true, true);
+
+out_stop:
+	i2c_stop_cond();
+	if (nack)
+		return -1;
+	else
+		return 0;
+}

firmware/libboard/octsimtest/source/mcp23017.c

@@ -0,0 +1,140 @@
+#include "board.h"
+#include <stdbool.h>
+#include "i2c.h"
+#include "mcp23017.h"
+
+
+//defines from https://github.com/adafruit/Adafruit-MCP23017-Arduino-Library/blob/master/Adafruit_MCP23017.h under BSD license
+
+// registers
+#define MCP23017_IODIRA 0x00
+#define MCP23017_IPOLA 0x02
+#define MCP23017_GPINTENA 0x04
+#define MCP23017_DEFVALA 0x06
+#define MCP23017_INTCONA 0x08
+#define MCP23017_IOCONA 0x0A
+#define MCP23017_GPPUA 0x0C
+#define MCP23017_INTFA 0x0E
+#define MCP23017_INTCAPA 0x10
+#define MCP23017_GPIOA 0x12
+#define MCP23017_OLATA 0x14
+
+
+#define MCP23017_IODIRB 0x01
+#define MCP23017_IPOLB 0x03
+#define MCP23017_GPINTENB 0x05
+#define MCP23017_DEFVALB 0x07
+#define MCP23017_INTCONB 0x09
+#define MCP23017_IOCONB 0x0B
+#define MCP23017_GPPUB 0x0D
+#define MCP23017_INTFB 0x0F
+#define MCP23017_INTCAPB 0x11
+#define MCP23017_GPIOB 0x13
+#define MCP23017_OLATB 0x15
+
+#define MCP23017_INT_ERR 255
+
+
+//bool i2c_write_byte(bool send_start, bool send_stop, uint8_t byte)
+//uint8_t i2c_read_byte(bool nack, bool send_stop)
+//static void i2c_stop_cond(void)
+
+int mcp23017_write_byte(uint8_t slave, uint8_t addr, uint8_t byte)
+{
+	bool nack;
+
+	WDT_Restart(WDT);
+
+//	 Write slave address 
+	nack = i2c_write_byte(true, false, slave << 1);
+	if (nack)
+		goto out_stop;
+	nack = i2c_write_byte(false, false, addr);
+	if (nack)
+		goto out_stop;
+	nack = i2c_write_byte(false, true, byte);
+	if (nack)
+		goto out_stop;
+
+out_stop:
+	i2c_stop_cond();
+	if (nack)
+		return -1;
+	else
+		return 0;
+}
+
+int mcp23017_read_byte(uint8_t slave, uint8_t addr)
+{
+	bool nack;
+
+	WDT_Restart(WDT);
+
+	// dummy write cycle
+	nack = i2c_write_byte(true, false, slave << 1);
+	if (nack)
+		goto out_stop;
+	nack = i2c_write_byte(false, false, addr);
+	if (nack)
+		goto out_stop;
+	// Re-start with read
+	nack = i2c_write_byte(true, false, (slave << 1) | 1);
+	if (nack)
+		goto out_stop;
+
+	return i2c_read_byte(true, true);
+
+out_stop:
+	i2c_stop_cond();
+	if (nack)
+		return -1;
+	else
+		return 0;
+}
+
+int mcp23017_init(uint8_t slave)
+{
+	printf("mcp23017_init\n\r");
+	// all gpio input
+	if (mcp23017_write_byte(slave, MCP23017_IODIRA, 0xff))
+		return false;
+	// msb of portb output, rest input
+	if (mcp23017_write_byte(slave, MCP23017_IODIRB, 0x7f))
+		return false;
+	if (mcp23017_write_byte(slave, MCP23017_IOCONA, 0x20)) //disable SEQOP (autoinc addressing)
+		return false;
+	printf("mcp23017 found\n\r");
+	return true;
+}
+
+int mcp23017_test(uint8_t slave)
+{
+	printf("mcp23017_test\n\r");
+	printf("GPIOA 0x%x\n\r", mcp23017_read_byte(slave,MCP23017_GPIOA));
+	printf("GPIOB 0x%x\n\r", mcp23017_read_byte(slave,MCP23017_GPIOB));
+	printf("IODIRA 0x%x\n\r", mcp23017_read_byte(slave,MCP23017_IODIRA));
+	printf("IODIRB 0x%x\n\r", mcp23017_read_byte(slave,MCP23017_IODIRB));
+	printf("IOCONA 0x%x\n\r", mcp23017_read_byte(slave,MCP23017_IOCONA));
+	printf("IOCONB 0x%x\n\r", mcp23017_read_byte(slave,MCP23017_IOCONB));
+
+	return 0;
+}
+
+int mcp23017_toggle(uint8_t slave)
+{
+	// example writing MSB of gpio
+	static bool foo=false;
+	if (foo)
+	{
+		printf("+\n\r");
+		mcp23017_write_byte(slave, MCP23017_OLATB, 0x80);
+		foo=false;
+	}
+	else
+	{
+		printf("-\n\r");
+		mcp23017_write_byte(slave, MCP23017_OLATB, 0x00);
+		foo=true;
+	}
+	return 0;
+}

firmware/libboard/owhw/include/board.h

@@ -1,6 +1,7 @@
 /* OWHW board definition
  *
  * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * (C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -25,7 +26,28 @@
 /** Board definition */
 #define owhw
 
+/** oscillator used as main clock source (in Hz) */
 #define BOARD_MAINOSC 18432000
+/** desired main clock frequency (in Hz, based on BOARD_MAINOSC) */
+#define BOARD_MCK 58982400 // 18.432 * 16 / 5
+
+/** MCU pin connected to red LED */
+#define PIO_LED_RED     PIO_PA17
+/** MCU pin connected to green LED */
+#define PIO_LED_GREEN   PIO_PA18
+/** red LED pin definition */
+#define PIN_LED_RED     {PIO_LED_RED, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** green LED pin definition */
+#define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** LEDs pin definition */
+#define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN 
+/** index for red LED in LEDs pin definition array */
+#define LED_NUM_RED     0
+/** index for green LED in LEDs pin definition array */
+#define LED_NUM_GREEN   1
+
+/* pin connected to the SIMTRACE_BOOTLOADER signal. set high to force DFU bootloader start */
+#define PIN_BOOTLOADER		{PIO_PA31, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
 
 /* USIM 2 interface (USART) */
 #define PIN_USIM2_CLK		{PIO_PA2, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}

firmware/libboard/owhw/product_string.txt

@@ -0,0 +1 @@
+OWHW

firmware/libboard/owhw/source/owhw.c

@@ -1,6 +1,7 @@
 /* Card simulator specific functions
  *
  * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * (C) 2018-2019, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -20,9 +21,35 @@
 #include "chip.h"
 #include "board.h"
 #include "utils.h"
+#include "usb_buf.h"
 
 static const Pin pins_cardsim[] = PINS_CARDSIM;
 
+void board_exec_dbg_cmd(int ch)
+{
+	switch (ch) {
+	case '?':
+		printf("\t?\thelp\n\r");
+		printf("\tR\treset SAM3\n\r");
+		break;
+	case 'R':
+		printf("Asking NVIC to reset us\n\r");
+		USBD_Disconnect();
+		NVIC_SystemReset();
+		break;
+	default:
+		printf("Unknown command '%c'\n\r", ch);
+		break;
+	}
+}
+
+void board_main_top(void)
+{
+#ifndef APPLICATION_dfu
+	usb_buf_init();
+#endif
+}
+
 void cardsim_set_simpres(uint8_t slot, int present)
 {
 	if (slot > 1)
@@ -38,3 +65,16 @@ void cardsim_gpio_init(void)
 {
 	PIO_Configure(pins_cardsim, ARRAY_SIZE(pins_cardsim));
 }
+
+int board_override_enter_dfu(void)
+{
+	const Pin bl_pin = PIN_BOOTLOADER;
+
+	PIO_Configure(&bl_pin, 1);
+
+	if (PIO_Get(&bl_pin) == 0) { // signal low
+		return 0; // do not override enter DFU
+	} else {
+		return 1; // override enter DFU
+	}
+}

firmware/libboard/qmod/include/board.h

@@ -20,15 +20,34 @@
 #include "board_common.h"
 #include "simtrace_usb.h"
 
-#define LED_USIM1	LED_GREEN
-#define LED_USIM2	LED_RED
-
 /** Name of the board */
 #define BOARD_NAME "QMOD"
 /** Board definition */
 #define qmod
 
+/** oscillator used as main clock source (in Hz) */
 #define BOARD_MAINOSC 12000000
+/** desired main clock frequency (in Hz, based on BOARD_MAINOSC) */
+#define BOARD_MCK 58000000 // 18.432 * 29 / 6
+
+/** MCU pin connected to red LED */
+#define PIO_LED_RED     PIO_PA17
+/** MCU pin connected to green LED */
+#define PIO_LED_GREEN   PIO_PA18
+/** red LED pin definition */
+#define PIN_LED_RED     {PIO_LED_RED, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** green LED pin definition */
+#define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** LEDs pin definition */
+#define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN 
+/** index for red LED in LEDs pin definition array */
+#define LED_NUM_RED     0
+/** index for green LED in LEDs pin definition array */
+#define LED_NUM_GREEN   1
+/** the green LED is actually red and used as indication for USIM1 */
+#define LED_USIM1	LED_GREEN
+/** the green LED is actually red and used as indication for USIM2 */
+#define LED_USIM2	LED_RED
 
 /* USIM 2 interface (USART) */
 #define PIN_USIM2_CLK		{PIO_PA2, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}

firmware/libboard/qmod/product_string.txt

@@ -0,0 +1 @@
+sysmoQMOD (Quad Modem)

firmware/libboard/qmod/source/board_qmod.c

@@ -1,6 +1,7 @@
 /* sysmocom quad-modem sysmoQMOD application code
  *
  * (C) 2016-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * (C) 2018-2019, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -19,6 +20,7 @@
 #include "board.h"
 #include "simtrace.h"
 #include "utils.h"
+#include "led.h"
 #include "wwan_led.h"
 #include "wwan_perst.h"
 #include "sim_switch.h"
@@ -26,6 +28,7 @@
 #include "card_pres.h"
 #include <osmocom/core/timer.h>
 #include "usb_buf.h"
+#include "i2c.h"
 
 static const Pin pin_hubpwr_override = PIN_PRTPWR_OVERRIDE;
 static const Pin pin_hub_rst = {PIO_PA13, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
@@ -44,6 +47,7 @@ static int qmod_sam3_is_12(void)
 		return 0;
 }
 
+#if (ALLOW_PEER_ERASE > 0)
 const unsigned char __eeprom_bin[256] = {
 	USB_VENDOR_OPENMOKO & 0xff,
 	USB_VENDOR_OPENMOKO >> 8,
@@ -67,7 +71,6 @@ const unsigned char __eeprom_bin[256] = {
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xA0, 0x56, 0x23, 0x71, 0x04, 0x00, /* 0xf0 - 0xff */
 };
 
-#include "i2c.h"
 static int write_hub_eeprom(void)
 {
 	int i;
@@ -90,11 +93,12 @@ static int write_hub_eeprom(void)
 	TRACE_INFO("Verifying EEPROM...\n\r");
 	for (i = 0; i < ARRAY_SIZE(__eeprom_bin); i++) {
 		int byte = eeprom_read_byte(0x50, i);
-		TRACE_INFO("0x%02x: %02x\n\r", i, byte);
+		TRACE_DEBUG("0x%02x: %02x\n\r", i, byte);
 		if (byte != __eeprom_bin[i])
 			TRACE_ERROR("Byte %u is wrong, expected 0x%02x, found 0x%02x\n\r",
 					i, __eeprom_bin[i], byte);
 	}
+	TRACE_INFO("EEPROM written\n\r");
 
 	/* FIXME: Release PIN_PRTPWR_OVERRIDE after we know the hub is
 	 * again powering us up */
@@ -119,10 +123,11 @@ static int erase_hub_eeprom(void)
 			return 1;
 		}
 	}
+	TRACE_INFO("EEPROM erased\n\r");
 
 	return 0;
 }
-
+#endif /* ALLOW_PEER_ERASE */
 
 static void board_exec_dbg_cmd_st12only(int ch)
 {
@@ -133,12 +138,14 @@ static void board_exec_dbg_cmd_st12only(int ch)
 		return;
 
 	switch (ch) {
+#if (ALLOW_PEER_ERASE > 0)
 	case 'E':
 		write_hub_eeprom();
 		break;
 	case 'e':
 		erase_hub_eeprom();
 		break;
+#endif /* ALLOW_PEER_ERASE */
 	case 'O':
 		printf("Setting PRTPWR_OVERRIDE\n\r");
 		PIO_Set(&pin_hubpwr_override);
@@ -147,6 +154,7 @@ static void board_exec_dbg_cmd_st12only(int ch)
 		printf("Clearing PRTPWR_OVERRIDE\n\r");
 		PIO_Clear(&pin_hubpwr_override);
 		break;
+#if (ALLOW_PEER_ERASE > 0)
 	case 'H':
 		printf("Clearing _HUB_RESET -> HUB_RESET high (inactive)\n\r");
 		PIO_Clear(&pin_hub_rst);
@@ -166,6 +174,7 @@ static void board_exec_dbg_cmd_st12only(int ch)
 		printf("Writing value 0x%02lx to EEPROM offset 0x%02lx\n\r", val, addr);
 		eeprom_write_byte(0x50, addr, val);
 		break;
+#endif /* ALLOW_PEER_ERASE */
 	case 'r':
 		printf("Please enter EEPROM offset:\n\r");
 		UART_GetIntegerMinMax(&addr, 0, 255);
@@ -180,33 +189,70 @@ static void board_exec_dbg_cmd_st12only(int ch)
 /* returns '1' in case we should break any endless loop */
 void board_exec_dbg_cmd(int ch)
 {
+#if (ALLOW_PEER_ERASE > 0)
+	/* this variable controls if it is allowed to assert/release the ERASE line.
+	   this is done to prevent accidental ERASE on noisy serial input since only one character can trigger the ERASE.
+	 */
+	static bool allow_erase = false;
+#endif /* ALLOW_PEER_ERASE */
+
 	switch (ch) {
 	case '?':
 		printf("\t?\thelp\n\r");
 		printf("\tR\treset SAM3\n\r");
+		printf("\tl\tswitch off LED 1\n\r");
+		printf("\tL\tswitch off LED 1\n\r");
+		printf("\tg\tswitch off LED 2\n\r");
+		printf("\tG\tswitch off LED 2\n\r");
 		if (qmod_sam3_is_12()) {
+#if (ALLOW_PEER_ERASE > 0)
 			printf("\tE\tprogram EEPROM\n\r");
 			printf("\te\tErase EEPROM\n\r");
+#endif /* ALLOW_PEER_ERASE */
 			printf("\tO\tEnable PRTPWR_OVERRIDE\n\r");
 			printf("\to\tDisable PRTPWR_OVERRIDE\n\r");
+#if (ALLOW_PEER_ERASE > 0)
 			printf("\tH\tRelease HUB RESET (high)\n\r");
 			printf("\th\tAssert HUB RESET (low)\n\r");
 			printf("\tw\tWrite single byte in EEPROM\n\r");
+#endif /* ALLOW_PEER_ERASE */
 			printf("\tr\tRead single byte from EEPROM\n\r");
 		}
 		printf("\tX\tRelease peer SAM3 from reset\n\r");
 		printf("\tx\tAssert peer SAM3 reset\n\r");
+#if (ALLOW_PEER_ERASE > 0)
 		printf("\tY\tRelease peer SAM3 ERASE signal\n\r");
+		printf("\ta\tAllow asserting peer SAM3 ERASE signal\n\r");
 		printf("\ty\tAssert peer SAM3 ERASE signal\n\r");
+#endif /* ALLOW_PEER_ERASE */
 		printf("\tU\tProceed to USB Initialization\n\r");
 		printf("\t1\tGenerate 1ms reset pulse on WWAN1\n\r");
 		printf("\t2\tGenerate 1ms reset pulse on WWAN2\n\r");
+		printf("\t!\tSwitch Channel A from physical -> remote\n\r");
+		printf("\t@\tSwitch Channel B from physical -> remote\n\r");
+		printf("\tt\t(pseudo)talloc report\n\r");
 		break;
 	case 'R':
 		printf("Asking NVIC to reset us\n\r");
 		USBD_Disconnect();
 		NVIC_SystemReset();
 		break;
+	case 'l':
+		led_blink(LED_GREEN, BLINK_ALWAYS_OFF);
+		printf("LED 1 switched off\n\r");
+		break;
+	case 'L':
+		led_blink(LED_GREEN, BLINK_ALWAYS_ON);
+		printf("LED 1 switched on\n\r");
+		break;
+	case 'g':
+		led_blink(LED_RED, BLINK_ALWAYS_OFF);
+		printf("LED 2 switched off\n\r");
+		break;
+	case 'G':
+		led_blink(LED_RED, BLINK_ALWAYS_ON);
+		printf("LED 2 switched on\n\r");
+		break;
 	case 'X':
 		printf("Clearing _SIMTRACExx_RST -> SIMTRACExx_RST high (inactive)\n\r");
 		PIO_Clear(&pin_peer_rst);
@@ -215,14 +261,24 @@ void board_exec_dbg_cmd(int ch)
 		printf("Setting _SIMTRACExx_RST -> SIMTRACExx_RST low (active)\n\r");
 		PIO_Set(&pin_peer_rst);
 		break;
+#if (ALLOW_PEER_ERASE > 0)
 	case 'Y':
 		printf("Clearing SIMTRACExx_ERASE (inactive)\n\r");
 		PIO_Clear(&pin_peer_erase);
 		break;
-	case 'y':
-		printf("Seetting SIMTRACExx_ERASE (active)\n\r");
-		PIO_Set(&pin_peer_erase);
+	case 'a':
+		printf("Asserting SIMTRACExx_ERASE allowed on next command\n\r");
+		allow_erase = true;
 		break;
+	case 'y':
+		if (allow_erase) {
+			printf("Setting SIMTRACExx_ERASE (active)\n\r");
+			PIO_Set(&pin_peer_erase);
+		} else {
+			printf("Please first allow setting SIMTRACExx_ERASE\n\r");
+		}
+		break;
+#endif /* ALLOW_PEER_ERASE */
 	case '1':
 		printf("Resetting Modem 1 (of this SAM3)\n\r");
 		wwan_perst_do_reset_pulse(0, 300);
@@ -237,6 +293,9 @@ void board_exec_dbg_cmd(int ch)
 	case '@':
 		sim_switch_use_physical(0, 0);
 		break;
+	case 't':
+		talloc_report(NULL, stdout);
+		break;
 	default:
 		if (!qmod_sam3_is_12())
 			printf("Unknown command '%c'\n\r", ch);
@@ -244,6 +303,13 @@ void board_exec_dbg_cmd(int ch)
 			board_exec_dbg_cmd_st12only(ch);
 		break;
 	}
+
+#if (ALLOW_PEER_ERASE > 0)
+	// set protection back so it can only run for one command
+	if ('a' != ch) {
+		allow_erase = false;
+	}
+#endif /* ALLOW_PEER_ERASE */
 }
 
 void board_main_top(void)
@@ -276,11 +342,13 @@ void board_main_top(void)
 		TRACE_INFO("Detected Quad-Modem ST12\n\r");
 	} else {
 		TRACE_INFO("Detected Quad-Modem ST34\n\r");
+#ifndef APPLICATION_dfu
 		/* make sure we use the second set of USB Strings
 		 * calling the interfaces "Modem 3" and "Modem 4" rather
 		 * than 1+2 */
 		usb_strings[7] = usb_strings[9];
 		usb_strings[8] = usb_strings[10];
+#endif
 	}
 
 	/* Obtain the circuit board version (currently just prints voltage */

firmware/libboard/qmod/source/sim_switch.c

@@ -0,0 +1,90 @@
+/* Code to switch between local (physical) and remote (emulated) SIM
+ *
+ * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include "board.h"
+#include "trace.h"
+#include "led.h"
+#include "sim_switch.h"
+
+#ifdef PIN_SIM_SWITCH1
+static const Pin pin_conn_usim1 = {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
+#endif
+#ifdef PIN_SIM_SWITCH2
+static const Pin pin_conn_usim2 = {PIO_PA28, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
+#endif
+
+static int initialized = 0;
+
+int sim_switch_use_physical(unsigned int nr, int physical)
+{
+	const Pin *pin;
+	enum led led;
+
+	if (!initialized) {
+		TRACE_ERROR("Somebody forgot to call sim_switch_init()\r\n");
+		sim_switch_init();
+	}
+
+	TRACE_INFO("Modem %d: %s SIM\n\r", nr,
+		   physical ? "physical" : "virtual");
+
+	switch (nr) {
+#ifdef PIN_SIM_SWITCH1
+	case 0:
+		pin = &pin_conn_usim1;
+		led = LED_USIM1;
+		break;
+#endif
+#ifdef PIN_SIM_SWITCH2
+	case 1:
+		pin = &pin_conn_usim2;
+		led = LED_USIM2;
+		break;
+#endif
+	default:
+		TRACE_ERROR("Invalid SIM%u\n\r", nr);
+		return -1;
+	}
+
+	if (physical) {
+		TRACE_INFO("%u: Use local/physical SIM\r\n", nr);
+		PIO_Clear(pin);
+		led_blink(led, BLINK_ALWAYS_ON);
+	} else {
+		TRACE_INFO("%u: Use remote/emulated SIM\r\n", nr);
+		PIO_Set(pin);
+		led_blink(led, BLINK_ALWAYS_OFF);
+	}
+
+	return 0;
+}
+
+int sim_switch_init(void)
+{
+	int num_switch = 0;
+#ifdef PIN_SIM_SWITCH1
+	PIO_Configure(&pin_conn_usim1, 1);
+	num_switch++;
+#endif
+#ifdef PIN_SIM_SWITCH2
+	PIO_Configure(&pin_conn_usim2, 1);
+	num_switch++;
+#endif
+	initialized = 1;
+	return num_switch;
+}

firmware/libboard/sam3p256/include/board.h

@@ -0,0 +1,163 @@
+/* Olimiex SAM3S-P256 board definition
+ *
+ * (C) 2019 by Harald Welte <hwelte@hmw-consulting.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#pragma once
+#include "board_common.h"
+#include "simtrace_usb.h"
+
+/* Name of the board */
+#define BOARD_NAME "SAM3S-P256"
+/* Board definition */
+#define simtrace
+
+/** oscillator used as main clock source (in Hz) */
+#define BOARD_MAINOSC 12000000
+/** desired main clock frequency (in Hz, based on BOARD_MAINOSC) */
+#define BOARD_MCK 58000000
+
+/** MCU pin connected to yellow LED2 */
+#define PIO_LED_RED     PIO_PA17
+/** MCU pin connected to green LED1 */
+#define PIO_LED_GREEN   PIO_PA18
+/** red LED pin definition */
+#define PIN_LED_RED     {PIO_LED_RED, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** green LED pin definition */
+#define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** LEDs pin definition */
+#define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN 
+/** index for red LED in LEDs pin definition array */
+#define LED_NUM_RED     0
+/** index for green LED in LEDs pin definition array */
+#define LED_NUM_GREEN   1
+
+/** Pin configuration **/
+/* Button to force bootloader start (shorted to ground when pressed */
+#define PIN_BOOTLOADER_SW      {PIO_PA20, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
+#if 0
+/* Enable powering the card using the second 3.3 V output of the LDO (active high) */
+#define SIM_PWEN_PIN           {SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Enable powering the SIM card */
+#define PWR_PINS                SIM_PWEN_PIN
+/* Card presence pin */
+#define SW_SIM                  PIO_PA8
+/* Pull card presence pin high (shorted to ground in card slot when card is present) */
+#define SMARTCARD_CONNECT_PIN  {SW_SIM, PIOA, ID_PIOA, PIO_INPUT, PIO_PULLUP | PIO_DEBOUNCE | PIO_DEGLITCH | PIO_IT_EDGE }
+
+/** Smart card connection **/
+/* Card RST reset signal input (active low; RST_SIM in schematic) */
+#define PIN_SIM_RST            {PIO_PA7, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Card I/O data signal input/output (I/O_SIM in schematic) */
+#define PIN_SIM_IO             {PIO_PA6A_TXD0, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Card CLK clock input (CLK_SIM in schematic) */
+#define PIN_SIM_CLK            {PIO_PA2B_SCK0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+/* Pin to measure card I/O timing (to start measuring the ETU on I/O activity; connected I/O_SIM in schematic) */
+#define PIN_SIM_IO_INPUT       {PIO_PA1B_TIOB0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+/* Pin used as clock input (to measure the ETU duration; connected to CLK_SIM in schematic) */
+#define PIN_SIM_CLK_INPUT      {PIO_PA4B_TCLK0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+/* Pins used to measure ETU timing (using timer counter) */ 
+#define PINS_TC                 PIN_SIM_IO_INPUT, PIN_SIM_CLK_INPUT
+
+/** Phone connection **/
+/* Phone USIM slot 1 VCC pin (VCC_PHONE in schematic) */
+#define PIN_USIM1_VCC          {PIO_PA25, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
+/* Phone USIM slot 1 RST pin (active low; RST_PHONE in schematic) */
+#define PIN_USIM1_nRST         {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_RISE_EDGE | PIO_DEGLITCH }
+/* Phone I/O data signal input/output (I/O_PHONE in schematic) */
+#define PIN_PHONE_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Phone CLK clock input (CLK_PHONE in schematic) */
+#define PIN_PHONE_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Pin used for phone USIM slot 1 communication */
+#define PINS_USIM1              PIN_PHONE_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
+/* Phone I/O data signal input/output (unused USART RX input; connected to I/O_PHONE in schematic) */
+#define PIN_PHONE_IO_INPUT     {PIO_PA21A_RXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* Pin used as clock input (to measure the ETU duration; connected to CLK_PHONE in schematic) */
+#define PIN_PHONE_CLK_INPUT    {PIO_PA29B_TCLK2, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
+
+/** Default pin configuration **/
+/* Disconnect VPP, CLK, and RST lines between card and phone using bus switch (high sets bus switch to high-impedance) */
+#define PIN_SC_SW_DEFAULT      {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Disconnect I/O line between card and phone using bus switch (high sets bus switch to high-impedance) */
+#define PIN_IO_SW_DEFAULT      {PIO_PA19, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Disconnect all lines (VPP, CLK, RST, and I/O) between card and phone */
+#define PINS_BUS_DEFAULT        PIN_SC_SW_DEFAULT, PIN_IO_SW_DEFAULT
+
+/** Sniffer configuration **/
+/* Connect VPP, CLK, and RST lines between card and phone using bus switch (low connects signals on bus switch) */
+#define PIN_SC_SW_SNIFF        {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Connect I/O line between card and phone using bus switch (low connects signals on bus switch) */
+#define PIN_IO_SW_SNIFF        {PIO_PA19, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Connect all lines (VPP, CLK, RST, and I/O) between card and phone */
+#define PINS_BUS_SNIFF          PIN_SC_SW_SNIFF, PIN_IO_SW_SNIFF
+/* Card RST reset signal input (use as input since the phone will drive it) */
+#define PIN_SIM_RST_SNIFF      {PIO_PA7, PIOA, ID_PIOA, PIO_INPUT, PIO_DEGLITCH | PIO_IT_EDGE}
+/* Pins used to sniff phone-card communication */
+#define PINS_SIM_SNIFF          PIN_SIM_IO, PIN_SIM_CLK, PIN_SIM_RST_SNIFF
+/* Disable power converter 4.5-6V to 3.3V (active high) */
+#define PIN_SIM_PWEN_SNIFF     {SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Enable power switch to forward VCC_PHONE to VCC_SIM (active high) */
+#define PIN_VCC_FWD_SNIFF      {VCC_FWD, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/* Use phone VCC to power card */
+#define PINS_PWR_SNIFF          PIN_SIM_PWEN_SNIFF, PIN_VCC_FWD_SNIFF
+
+/** CCID configuration */
+/* Card RST reset signal input (active low; RST_SIM in schematic) */
+#define PIN_ISO7816_RSTMC      {PIO_PA7, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* ISO7816-communication related pins */
+#define PINS_ISO7816            PIN_SIM_IO,  PIN_SIM_CLK,  PIN_ISO7816_RSTMC // SIM_PWEN_PIN, PIN_SIM_IO2, PIN_SIM_CLK2
+
+/** External SPI flash interface   **/
+/* SPI MISO pin definition */
+#define PIN_SPI_MISO  {PIO_PA12A_MISO, PIOA, PIOA, PIO_PERIPH_A, PIO_PULLUP}
+/* SPI MOSI pin definition */
+#define PIN_SPI_MOSI  {PIO_PA13A_MOSI, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI SCK pin definition */
+#define PIN_SPI_SCK   {PIO_PA14A_SPCK, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI pins definition. Contains MISO, MOSI & SCK */
+#define PINS_SPI       PIN_SPI_MISO, PIN_SPI_MOSI, PIN_SPI_SCK
+/* SPI chip select 0 pin definition */
+#define PIN_SPI_NPCS0 {PIO_PA11A_NPCS0, PIOA, PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+/* SPI flash write protect pin (active low, pulled low) */
+#define PIN_SPI_WP    {PA15, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+#endif
+
+/** Pin configuration to control USB pull-up on D+
+ *  @details the USB pull-up on D+ is enable by default on the board but can be disabled by setting PA16 high
+ */
+#define PIN_USB_PULLUP  {PIO_PA16, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+
+/** USB definitions */
+/* OpenMoko SIMtrace 2 USB vendor ID */
+#define BOARD_USB_VENDOR_ID	USB_VENDOR_OPENMOKO
+/* OpenMoko SIMtrace 2 USB product ID (main application/runtime mode) */
+#define BOARD_USB_PRODUCT_ID	USB_PRODUCT_SIMTRACE2
+/* OpenMoko SIMtrace 2 DFU USB product ID (DFU bootloader/DFU mode) */
+#define BOARD_DFU_USB_PRODUCT_ID USB_PRODUCT_SIMTRACE2_DFU
+/* USB release number (bcdDevice, shown as 0.00) */
+#define BOARD_USB_RELEASE	0x000
+/* Indicate SIMtrace is bus power in USB attributes */
+#define BOARD_USB_BMATTRIBUTES	USBConfigurationDescriptor_BUSPOWERED_NORWAKEUP
+
+/** Supported modes */
+/* SIMtrace board supports sniffer mode */
+#define HAVE_SNIFFER
+/* SIMtrace board supports CCID mode */
+//#define HAVE_CCID
+/* SIMtrace board supports card emulation mode */
+//#define HAVE_CARDEM
+/* SIMtrace board supports man-in-the-middle mode */
+//#define HAVE_MITM

firmware/libboard/sam3p256/source/board_sam3p256.c

@@ -0,0 +1,68 @@
+/* Olimex SAM3S-P256 specific application code
+ *
+ * (C) 2017,2019 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include "board.h"
+#include "simtrace.h"
+#include "utils.h"
+#include "sim_switch.h"
+#include <osmocom/core/timer.h>
+#include "usb_buf.h"
+
+void board_exec_dbg_cmd(int ch)
+{
+	switch (ch) {
+	case '?':
+		printf("\t?\thelp\n\r");
+		printf("\tR\treset SAM3\n\r");
+		break;
+	case 'R':
+		printf("Asking NVIC to reset us\n\r");
+		USBD_Disconnect();
+		NVIC_SystemReset();
+		break;
+	default:
+		printf("Unknown command '%c'\n\r", ch);
+		break;
+	}
+}
+
+void board_main_top(void)
+{
+#ifndef APPLICATION_dfu
+	usb_buf_init();
+
+	/* Initialize checking for card insert/remove events */
+	//card_present_init();
+#endif
+}
+
+int board_override_enter_dfu(void)
+{
+	const Pin bl_sw_pin = PIN_BOOTLOADER_SW;
+
+	PIO_Configure(&bl_sw_pin, 1);
+
+	/* Enter DFU bootloader in case the respective button is pressed */
+	if (PIO_Get(&bl_sw_pin) == 0) {
+		/* do not print to early since the console is not initialized yet */
+		//printf("BOOTLOADER switch pressed -> Force DFU\n\r");
+		return 1;
+	} else
+		return 0;
+}

firmware/libboard/simtrace/include/board.h

@@ -26,14 +26,31 @@
 /* Board definition */
 #define simtrace
 
-/* Board main oscillator frequency (in Hz) */
+/** oscillator used as main clock source (in Hz) */
 #define BOARD_MAINOSC 18432000
+/** desired main clock frequency (in Hz, based on BOARD_MAINOSC) */
+#define BOARD_MCK 58982400 // 18.432 * 16 / 5
+
+/** MCU pin connected to red LED */
+#define PIO_LED_RED     PIO_PA17
+/** MCU pin connected to green LED */
+#define PIO_LED_GREEN   PIO_PA18
+/** red LED pin definition */
+#define PIN_LED_RED     {PIO_LED_RED, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** green LED pin definition */
+#define PIN_LED_GREEN   {PIO_LED_GREEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+/** LEDs pin definition */
+#define PINS_LEDS       PIN_LED_RED, PIN_LED_GREEN 
+/** index for red LED in LEDs pin definition array */
+#define LED_NUM_RED     0
+/** index for green LED in LEDs pin definition array */
+#define LED_NUM_GREEN   1
 
 /** Pin configuration **/
 /* Button to force bootloader start (shorted to ground when pressed */
 #define PIN_BOOTLOADER_SW      {PIO_PA31, PIOA, ID_PIOA, PIO_INPUT, PIO_PULLUP}
 /* Enable powering the card using the second 3.3 V output of the LDO (active high) */
-#define SIM_PWEN_PIN           {SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+#define SIM_PWEN_PIN           {PIO_PA5, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 /* Enable powering the SIM card */
 #define PWR_PINS                SIM_PWEN_PIN
 /* Card presence pin */
@@ -57,15 +74,15 @@
 
 /** Phone connection **/
 /* Phone USIM slot 1 VCC pin (VCC_PHONE in schematic) */
-#define PIN_USIM1_VCC          {PIO_PA25, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
+#define PIN_USIM1_VCC          {PIO_PA25, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_EDGE | PIO_DEGLITCH }
 /* Phone USIM slot 1 RST pin (active low; RST_PHONE in schematic) */
-#define PIN_USIM1_nRST         {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_RISE_EDGE | PIO_DEGLITCH }
+#define PIN_USIM1_nRST         {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_EDGE | PIO_DEGLITCH }
 /* Phone I/O data signal input/output (I/O_PHONE in schematic) */
-#define PIN_PHONE_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+#define PIN_USIM1_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Phone CLK clock input (CLK_PHONE in schematic) */
-#define PIN_PHONE_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+#define PIN_USIM1_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Pin used for phone USIM slot 1 communication */
-#define PINS_USIM1              PIN_PHONE_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
+#define PINS_USIM1              PIN_USIM1_IO, PIN_USIM1_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
 /* Phone I/O data signal input/output (unused USART RX input; connected to I/O_PHONE in schematic) */
 #define PIN_PHONE_IO_INPUT     {PIO_PA21A_RXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Pin used as clock input (to measure the ETU duration; connected to CLK_PHONE in schematic) */
@@ -91,9 +108,9 @@
 /* Pins used to sniff phone-card communication */
 #define PINS_SIM_SNIFF          PIN_SIM_IO, PIN_SIM_CLK, PIN_SIM_RST_SNIFF
 /* Disable power converter 4.5-6V to 3.3V (active high) */
-#define PIN_SIM_PWEN_SNIFF     {SIM_PWEN, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+#define PIN_SIM_PWEN_SNIFF     {PIO_PA5, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
 /* Enable power switch to forward VCC_PHONE to VCC_SIM (active high) */
-#define PIN_VCC_FWD_SNIFF      {VCC_FWD, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
+#define PIN_VCC_FWD_SNIFF      {PIO_PA26, PIOA, ID_PIOA, PIO_OUTPUT_1, PIO_DEFAULT}
 /* Use phone VCC to power card */
 #define PINS_PWR_SNIFF          PIN_SIM_PWEN_SNIFF, PIN_VCC_FWD_SNIFF
 
@@ -136,10 +153,14 @@
 
 /** Supported modes */
 /* SIMtrace board supports sniffer mode */
+#ifdef APPLICATION_trace
 #define HAVE_SNIFFER
+#endif
 /* SIMtrace board supports CCID mode */
 //#define HAVE_CCID
 /* SIMtrace board supports card emulation mode */
-//#define HAVE_CARDEM
+#ifdef APPLICATION_cardem
+#define HAVE_CARDEM
+#endif
 /* SIMtrace board supports man-in-the-middle mode */
 //#define HAVE_MITM

firmware/libboard/simtrace/product_string.txt

@@ -0,0 +1 @@
+SIMtrace 2

firmware/libboard/simtrace/source/sim_switch.c

@@ -0,0 +1,54 @@
+/* Code to switch between local (physical) and remote (emulated) SIM
+ *
+ * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * (C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include "board.h"
+#include "trace.h"
+#include "led.h"
+#include "sim_switch.h"
+
+int sim_switch_use_physical(unsigned int nr, int physical)
+{
+	const Pin pin_sc = PIN_SC_SW_DEFAULT; // pin to control bus switch for VCC/RST/CLK signals
+	const Pin pin_io = PIN_IO_SW_DEFAULT; // pin to control bus switch for I/O signal
+
+	if (nr > 0) {
+		TRACE_ERROR("SIM interface for Modem %d can't be switched\r\n", nr);
+		return -1;
+	}
+
+	TRACE_INFO("Modem %u: %s SIM\n\r", nr, physical ? "physical" : "virtual");
+
+	if (physical) {
+		TRACE_INFO("%u: Use local/physical SIM\r\n", nr);
+		PIO_Set(&pin_sc);
+		PIO_Set(&pin_io);
+	} else {
+		TRACE_INFO("%u: Use remote/emulated SIM\r\n", nr);
+		PIO_Clear(&pin_sc);
+		PIO_Clear(&pin_io);
+	}
+
+	return 0;
+}
+
+int sim_switch_init(void)
+{
+	// the bus switch is already initialised
+	return 1; // SIMtrace hardware has only one switchable interface
+}

firmware/libcommon/include/assert.h

@@ -89,7 +89,7 @@
 		/// \param condition  Condition to verify.
 		#define ASSERT(condition)  { \
 			if (!(condition)) { \
-				printf("-F- ASSERT: %s %s:%d\n\r", #condition, __BASE_FILE__, __LINE__); \
+				printf_sync("-F- ASSERT: %s %s:%d\n\r", #condition, __BASE_FILE__, __LINE__); \
 				while (1); \
 			} \
 		}

firmware/libcommon/include/card_emu.h

@@ -29,8 +29,17 @@ enum card_io {
 	CARD_IO_CLK,
 };
 
-struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uart_chan,
-				  uint8_t in_ep, uint8_t irq_ep);
+/** initialise card slot
+ *  @param[in] slot_num slot number (arbitrary number)
+ *  @param[in] uart_chan UART peripheral channel
+ *  @param[in] in_ep USB IN end point number
+ *  @param[in] irq_ep USB INTerrupt end point number
+ *  @param[in] vcc_active initial VCC signal state (true = on)
+ *  @param[in] in_reset initial RST signal state (true = reset asserted)
+ *  @param[in] clocked initial CLK signat state (true = active)
+ *  @return main card handle reference
+ */
+struct card_handle *card_emu_init(uint8_t slot_num, uint8_t uart_chan, uint8_t in_ep, uint8_t irq_ep, bool vcc_active, bool in_reset, bool clocked);
 
 /* process a single byte received from the reader */
 void card_emu_process_rx_byte(struct card_handle *ch, uint8_t byte);
@@ -46,13 +55,24 @@ int card_emu_set_atr(struct card_handle *ch, const uint8_t *atr, uint8_t len);
 
 struct llist_head *card_emu_get_uart_tx_queue(struct card_handle *ch);
 void card_emu_have_new_uart_tx(struct card_handle *ch);
-void card_emu_report_status(struct card_handle *ch);
+void card_emu_report_status(struct card_handle *ch, bool report_on_irq);
 
-#define ENABLE_TX	0x01
-#define ENABLE_RX	0x02
+void card_emu_wtime_half_expired(void *ch);
+void card_emu_wtime_expired(void *ch);
+
+
+#define ENABLE_TX		0x01
+#define ENABLE_RX		0x02
+#define ENABLE_TX_TIMER_ONLY	0x03
 
 int card_emu_uart_update_fidi(uint8_t uart_chan, unsigned int fidi);
+void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt);
+void card_emu_uart_reset_wt(uint8_t uart_chan);
 int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte);
 void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx);
 void card_emu_uart_wait_tx_idle(uint8_t uart_chan);
 void card_emu_uart_interrupt(uint8_t uart_chan);
+
+struct cardemu_usb_msg_config;
+int card_emu_set_config(struct card_handle *ch, const struct cardemu_usb_msg_config *scfg,
+			unsigned int scfg_len);

firmware/libcommon/include/iso7816_fidi.h

@@ -21,10 +21,10 @@
 #include <stdint.h>
 
 /* Table 7 of ISO 7816-3:2006 */
-extern const uint16_t fi_table[];
+extern const uint16_t iso7816_3_fi_table[16];
 
 /* Table 8 from ISO 7816-3:2006 */
-extern const uint8_t di_table[];
+extern const uint8_t iso7816_3_di_table[16];
 
-/* compute the F/D ratio based on Fi and Di values */
-int compute_fidi_ratio(uint8_t fi, uint8_t di);
+/* compute the F/D ratio based on F_index and D_index values */
+int iso7816_3_compute_fd_ratio(uint8_t f_index, uint8_t d_index);

firmware/libcommon/include/main_common.h

@@ -0,0 +1,3 @@
+#pragma once
+
+void print_banner(void);

firmware/libcommon/include/ringbuffer.h

@@ -21,7 +21,7 @@
 #include <stdbool.h>
 #include <sys/types.h>
 
-#define RING_BUFLEN 512
+#define RING_BUFLEN 1024
 
 typedef struct ringbuf {
 	uint8_t buf[RING_BUFLEN];

firmware/libcommon/include/simtrace.h

@@ -1,6 +1,7 @@
 /* SIMtrace 2 mode definitions
  *
- * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * Copyright (c) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * Copyright (c) 2018-2019, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -57,6 +58,7 @@ enum confNum {
 #ifdef HAVE_MITM
 	CFG_NUM_MITM,
 #endif
+	CFG_NUM_VERSION,
 	NUM_CONF
 };
 

firmware/libcommon/include/simtrace_prot.h

@@ -62,6 +62,8 @@ enum simtrace_msg_type_cardem {
 	SIMTRACE_MSGT_DO_CEMU_RX_DATA,
 	/* Indicate PTS request from phone */
 	SIMTRACE_MSGT_DO_CEMU_PTS,
+	/* Set configurable parameters */
+	SIMTRACE_MSGT_BD_CEMU_CONFIG,
 };
 
 /* SIMTRACE_MSGC_MODEM */
@@ -228,11 +230,17 @@ struct cardemu_usb_msg_status {
 	uint32_t flags;
 	/* phone-applied target voltage in mV */
 	uint16_t voltage_mv;
-	/* Fi/Di related information */
-	uint8_t fi;
-	uint8_t di;
-	uint8_t wi;
-	uint32_t waiting_time;
+	/* F/D related information. Not actual Fn/Dn values but indexes into tables! */
+	union {
+		uint8_t F_index;	/* <! Index to ISO7816-3 Table 7 (F and f_max values) */
+		uint8_t fi;		/* <! old, wrong name for API compatibility */
+	};
+	union {
+		uint8_t D_index;	/* <! Index to ISO7816-3 Table 8 (D value) */
+		uint8_t di;		/* <! old, wrong name for API compatibility */
+	};
+	uint8_t wi;		/* <! Waiting Integer as defined in ISO7816-3 Section 10.2 */
+	uint32_t waiting_time;	/* <! Waiting Time in etu as defined in ISO7816-3 Section 8.1 */
 } __attribute__ ((packed));
 
 /* CEMU_USB_MSGT_DO_PTS */
@@ -254,6 +262,15 @@ struct cardemu_usb_msg_error {
 	uint8_t msg[0];
 } __attribute__ ((packed));
 
+/* enable/disable the generation of DO_STATUS on IRQ endpoint */
+#define CEMU_FEAT_F_STATUS_IRQ	0x00000001
+
+/* SIMTRACE_MSGT_BD_CEMU_CONFIG */
+struct cardemu_usb_msg_config {
+	/* bit-mask of CEMU_FEAT_F flags */
+	uint32_t features;
+} __attribute__ ((packed));
+
 /***********************************************************************
  * MODEM CONTROL
  ***********************************************************************/

firmware/libcommon/include/simtrace_usb.h

@@ -64,4 +64,4 @@
 #define SIMTRACE_CARDEM_USB_EP_USIM2_INT		3
 
 /*! Maximum number of endpoints */
-#define BOARD_USB_NUMENDPOINTS		6
+#define BOARD_USB_NUMENDPOINTS		7 /* 0 (control) + 2 (interfaces) * 3 (endpoints) */

firmware/libcommon/include/talloc.h

@@ -17,6 +17,7 @@
 #pragma once
 
 #include <stdlib.h>
+#include <stdio.h>
 #include <stdarg.h>
 
 /* minimalistic emulation of core talloc API functions used by msgb.c */
@@ -39,3 +40,4 @@ void *talloc_named_const(const void *context, size_t size, const char *name);
 void talloc_set_name_const(const void *ptr, const char *name);
 char *talloc_strdup(const void *t, const char *p);
 void *talloc_pool(const void *context, size_t size);
+void talloc_report(const void *ptr, FILE *f);

firmware/libcommon/include/usb_buf.h

@@ -29,6 +29,8 @@ struct usb_buffered_ep {
 	volatile uint32_t in_progress;
 	/* Tx queue (IN) / Rx queue (OUT) */
 	struct llist_head queue;
+	/* current length of queue */
+	unsigned int queue_len;
 };
 
 struct msgb *usb_buf_alloc(uint8_t ep);

firmware/libcommon/source/card_emu.c

@@ -1,6 +1,6 @@
 /* ISO7816-3 state machine for the card side
  *
- * (C) 2010-2017 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2010-2021 by Harald Welte <laforge@gnumonks.org>
  * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
@@ -27,7 +27,6 @@
 #include "utils.h"
 #include "trace.h"
 #include "iso7816_fidi.h"
-#include "tc_etu.h"
 #include "card_emu.h"
 #include "simtrace_prot.h"
 #include "usb_buf.h"
@@ -37,6 +36,9 @@
 
 #define NUM_SLOTS		2
 
+/* bit-mask of supported CEMU_FEAT_F_ flags */
+#define SUPPORTED_FEATURES	(CEMU_FEAT_F_STATUS_IRQ)
+
 #define	ISO7816_3_INIT_WTIME	9600
 #define ISO7816_3_DEFAULT_WI	10
 #define ISO7816_3_ATR_LEN_MAX	(1+32)	/* TS plus 32 chars */
@@ -55,18 +57,15 @@ enum iso7816_3_card_state {
 };
 
 const struct value_string iso7816_3_card_state_names[] = {
-	OSMO_VALUE_STRING(ISO_S_WAIT_POWER),
-	OSMO_VALUE_STRING(ISO_S_WAIT_CLK),
-	OSMO_VALUE_STRING(ISO_S_WAIT_RST),
-	OSMO_VALUE_STRING(ISO_S_WAIT_ATR),
-	OSMO_VALUE_STRING(ISO_S_IN_ATR),
-	OSMO_VALUE_STRING(ISO_S_IN_PTS),
-	OSMO_VALUE_STRING(ISO_S_WAIT_TPDU),
-	OSMO_VALUE_STRING(ISO_S_IN_TPDU),
-	{
-		.value = 0,
-		.str = NULL,
-	},
+	{ ISO_S_WAIT_POWER,	"WAIT_POWER" },
+	{ ISO_S_WAIT_CLK,	"WAIT_CLK" },
+	{ ISO_S_WAIT_RST,	"WAIT_RST" },
+	{ ISO_S_WAIT_ATR,	"WAIT_ATR" },
+	{ ISO_S_IN_ATR,		"IN_ATR" },
+	{ ISO_S_IN_PTS,		"IN_PTS" },
+	{ ISO_S_WAIT_TPDU,	"WAIT_TPDU" },
+	{ ISO_S_IN_TPDU,	"IN_TPDU" },
+	{ 0, NULL }
 };
 
 
@@ -86,6 +85,23 @@ enum pts_state {
 	PTS_S_WAIT_RESP_PCK = PTS_S_WAIT_REQ_PCK | 0x10,
 };
 
+const struct value_string pts_state_names[] = {
+	{ PTS_S_WAIT_REQ_PTSS,	"WAIT_REQ_PTSS" },
+	{ PTS_S_WAIT_REQ_PTS0,	"WAIT_REQ_PTS0" },
+	{ PTS_S_WAIT_REQ_PTS1,	"WAIT_REQ_PTS1" },
+	{ PTS_S_WAIT_REQ_PTS2,	"WAIT_REQ_PTS2" },
+	{ PTS_S_WAIT_REQ_PTS3,	"WAIT_REQ_PTS3" },
+	{ PTS_S_WAIT_REQ_PCK,	"WAIT_REQ_PCK" },
+	{ PTS_S_WAIT_RESP_PTSS,	"WAIT_RESP_PTSS" },
+	{ PTS_S_WAIT_RESP_PTS0,	"WAIT_RESP_PTS0" },
+	{ PTS_S_WAIT_RESP_PTS1,	"WAIT_RESP_PTS1" },
+	{ PTS_S_WAIT_RESP_PTS2,	"WAIT_RESP_PTS2" },
+	{ PTS_S_WAIT_RESP_PTS3,	"WAIT_RESP_PTS3" },
+	{ PTS_S_WAIT_RESP_PCK,	"WAIT_RESP_PCK" },
+	{ 0, NULL }
+};
+
+/* PTS field byte index */
 #define _PTSS	0
 #define _PTS0	1
 #define _PTS1	2
@@ -105,6 +121,19 @@ enum tpdu_state {
 	TPDU_S_WAIT_TX,		/* waiting for more data to reader */
 };
 
+const struct value_string tpdu_state_names[] = {
+	{ TPDU_S_WAIT_CLA,	"WAIT_CLA" },
+	{ TPDU_S_WAIT_INS,	"WAIT_INS" },
+	{ TPDU_S_WAIT_P1,	"WAIT_P1" },
+	{ TPDU_S_WAIT_P2,	"WAIT_P2" },
+	{ TPDU_S_WAIT_P3,	"WAIT_P3" },
+	{ TPDU_S_WAIT_PB,	"WAIT_PB" },
+	{ TPDU_S_WAIT_RX, 	"WAIT_RX" },
+	{ TPDU_S_WAIT_TX,	"WAIT_TX" },
+	{ 0, NULL }
+};
+
+/* TPDU field byte index */
 #define	_CLA	0
 #define	_INS	1
 #define	_P1	2
@@ -114,26 +143,44 @@ enum tpdu_state {
 struct card_handle {
 	unsigned int num;
 
+	/* bit-mask of enabled optional features (CEMU_FEAT_F_*) */
+	uint32_t features;
+
 	enum iso7816_3_card_state state;
 
 	/* signal levels */
-	uint8_t vcc_active;	/* 1 = on, 0 = off */
-	uint8_t in_reset;	/* 1 = RST low, 0 = RST high */
-	uint8_t clocked;	/* 1 = active, 0 = inactive */
+	bool vcc_active;	/*< if VCC is active (true = active/ON) */
+	bool in_reset;	/*< if card is in reset (true = RST low/asserted, false = RST high/ released) */
+	bool clocked;	/*< if clock is active ( true = active, false = inactive) */
 
-	/* timing parameters, from PTS */
-	uint8_t fi;
-	uint8_t di;
+	/* All below variables with _index suffix are indexes from 0..15 into Tables 7 + 8
+	 * of ISO7816-3. */
+
+	/*! Index to clock rate conversion integer Fi (ISO7816-3 Table 7).
+	 *  \note this represents the maximum value supported by the card, and can be indicated in TA1 */
+	uint8_t Fi_index;
+	/*! Current value of index to clock rate conversion integer F (ISO 7816-3 Section 7.1). */
+	uint8_t F_index;
+
+	/*! Index to baud rate adjustment factor Di (ISO7816-3 Table 8).
+	 *  \note this represents the maximum value supported by the card, and can be indicated in TA1 */
+	uint8_t Di_index;
+	/*! Current value of index to baud rate adjustment factor D (ISO 7816-3 Section 7.1). */
+	uint8_t D_index;
+
+	/*! Waiting Integer (ISO7816-3 Section 10.2).
+	 *  \note this value can be set in TA2 */
 	uint8_t wi;
 
-	uint8_t tc_chan;	/* TC channel number */
+	/*! Waiting Time, in ETU (ISO7816-3 Section 8.1).
+	 *  \note this depends on Fi, Di, and WI if T=0 is used */
+	uint32_t waiting_time;	/* in etu */
+
 	uint8_t uart_chan;	/* UART channel */
 
 	uint8_t in_ep;		/* USB IN EP */
 	uint8_t irq_ep;		/* USB IN EP */
 
-	uint32_t waiting_time;	/* in clocks */
-
 	/* ATR state machine */
 	struct {
 		uint8_t idx;
@@ -168,6 +215,27 @@ struct card_handle {
 	} stats;
 };
 
+/* reset all the 'dynamic' state of the card handle to the initial/default values */
+static void card_handle_reset(struct card_handle *ch)
+{
+	struct msgb *msg;
+
+	card_emu_uart_update_wt(ch->uart_chan, 0);
+
+	/* release any buffers we may still own */
+	if (ch->uart_tx_msg) {
+		usb_buf_free(ch->uart_tx_msg);
+		ch->uart_tx_msg = NULL;
+	}
+	if (ch->uart_rx_msg) {
+		usb_buf_free(ch->uart_rx_msg);
+		ch->uart_rx_msg = NULL;
+	}
+	while ((msg = msgb_dequeue(&ch->uart_tx_queue))) {
+		usb_buf_free(msg);
+	}
+}
+
 struct llist_head *card_emu_get_uart_tx_queue(struct card_handle *ch)
 {
 	return &ch->uart_tx_queue;
@@ -189,12 +257,35 @@ void usb_buf_upd_len_and_submit(struct msgb *msg)
 /* Allocate USB buffer and push + initialize simtrace_msg_hdr */
 struct msgb *usb_buf_alloc_st(uint8_t ep, uint8_t msg_class, uint8_t msg_type)
 {
-	struct msgb *msg;
+	struct msgb *msg = NULL;
 	struct simtrace_msg_hdr *sh;
 
-	msg = usb_buf_alloc(ep);
-	if (!msg)
-		return NULL;
+	while (!msg) {
+		msg = usb_buf_alloc(ep); // try to allocate some memory
+		if (!msg) { // allocation failed, we might be out of memory
+			struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
+			if (!bep) {
+				TRACE_ERROR("ep %u: %s queue does not exist\n\r",
+				            ep, __func__);
+				return NULL;
+			}
+			if (llist_empty(&bep->queue)) {
+				TRACE_ERROR("ep %u: %s EOMEM (queue already empty)\n\r",
+				            ep, __func__);
+				return NULL;
+			}
+			msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
+			if (!msg) {
+				TRACE_ERROR("ep %u: %s no msg in non-empty queue\n\r",
+				            ep, __func__);
+				return NULL;
+			}
+			usb_buf_free(msg);
+			msg = NULL;
+			TRACE_DEBUG("ep %u: %s queue msg dropped\n\r",
+			            ep, __func__);
+		}
+	}
 
 	msg->l1h = msgb_put(msg, sizeof(*sh));
 	sh = (struct simtrace_msg_hdr *) msg->l1h;
@@ -284,16 +375,14 @@ static void emu_update_fidi(struct card_handle *ch)
 {
 	int rc;
 
-	rc = compute_fidi_ratio(ch->fi, ch->di);
+	rc = iso7816_3_compute_fd_ratio(ch->F_index, ch->D_index);
 	if (rc > 0 && rc < 0x400) {
-		TRACE_INFO("%u: computed Fi(%u) Di(%u) ratio: %d\r\n",
-			    ch->num, ch->fi, ch->di, rc);
+		TRACE_INFO("%u: computed F(%u)/D(%u) ratio: %d\r\n", ch->num,
+			   ch->F_index, ch->D_index, rc);
 		/* make sure UART uses new F/D ratio */
 		card_emu_uart_update_fidi(ch->uart_chan, rc);
-		/* notify ETU timer about this */
-		tc_etu_set_etu(ch->tc_chan, rc);
 	} else
-		TRACE_INFO("%u: computed FiDi ration %d unsupported\r\n",
+		TRACE_INFO("%u: computed F/D ratio %d unsupported\r\n",
 			   ch->num, rc);
 }
 
@@ -304,9 +393,9 @@ static void card_set_state(struct card_handle *ch,
 	if (ch->state == new_state)
 		return;
 
-	TRACE_DEBUG("%u: 7816 card state %u (%s) -> %u (%s)\r\n", ch->num,
-		    ch->state, get_value_string(iso7816_3_card_state_names, ch->state),
-		    new_state, get_value_string(iso7816_3_card_state_names, new_state));
+	TRACE_DEBUG("%u: 7816 card state %s -> %s\r\n", ch->num,
+		    get_value_string(iso7816_3_card_state_names, ch->state),
+		    get_value_string(iso7816_3_card_state_names, new_state));
 	ch->state = new_state;
 
 	switch (new_state) {
@@ -315,19 +404,23 @@ static void card_set_state(struct card_handle *ch,
 	case ISO_S_WAIT_RST:
 		/* disable Rx and Tx of UART */
 		card_emu_uart_enable(ch->uart_chan, 0);
+		/* disable timeout */
+		card_emu_uart_update_wt(ch->uart_chan, 0);
 		break;
 	case ISO_S_WAIT_ATR:
 		/* Reset to initial Fi / Di ratio */
-		ch->fi = 1;
-		ch->di = 1;
+		ch->Fi_index = ch->F_index = 1;
+		ch->Di_index = ch->D_index = 1;
+		ch->wi = ISO7816_3_DEFAULT_WI;
+		ch->waiting_time = ISO7816_3_INIT_WTIME;
 		emu_update_fidi(ch);
+		/* enable TX to be able to use the timeout */
+		card_emu_uart_enable(ch->uart_chan, ENABLE_TX_TIMER_ONLY);
 		/* the ATR should only be sent 400 to 40k clock cycles after the RESET.
-		 * we use the tc_etu mechanism to wait this time.
+		 * we use the UART timeout mechanism to wait this time.
 		 * since the initial ETU is Fd=372/Dd=1 clock cycles long, we have to wait 2-107 ETU.
 		 */
-		tc_etu_set_wtime(ch->tc_chan, 2);
-		/* ensure the TC_ETU timer is enabled */
-		tc_etu_enable(ch->tc_chan);
+		card_emu_uart_update_wt(ch->uart_chan, 2);
 		break;
 	case ISO_S_IN_ATR:
 		/* initialize to default WI, this will be overwritten if we
@@ -337,7 +430,7 @@ static void card_set_state(struct card_handle *ch,
 		/* update waiting time to initial waiting time */
 		ch->waiting_time = ISO7816_3_INIT_WTIME;
 		/* set initial waiting time */
-		tc_etu_set_wtime(ch->tc_chan, ch->waiting_time);
+		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
 		/* Set ATR sub-state to initial state */
 		ch->atr.idx = 0;
 		/* enable USART transmission to reader */
@@ -412,11 +505,11 @@ static int tx_byte_atr(struct card_handle *ch)
 				}
 			}
 		}
-		/* update waiting time (see ISO 7816-3 10.2) */
-		ch->waiting_time = ch->wi * 960 * ch->fi;
-		tc_etu_set_wtime(ch->tc_chan, ch->waiting_time);
-		/* reset PTS to initial state */
-		set_pts_state(ch, PTS_S_WAIT_REQ_PTSS);
+		/* update waiting time (see ISO 7816-3 10.2). We can drop the Fi
+		 * multiplier as we store the waiting time in units of 'etu', and
+		 * don't really care what the number of clock cycles or the absolute
+		 * wall clock time is */
+		ch->waiting_time = ch->wi * 960;
 		/* go to next state */
 		card_set_state(ch, ISO_S_WAIT_TPDU);
 		return 0;
@@ -433,8 +526,9 @@ static int tx_byte_atr(struct card_handle *ch)
 /* Update the PTS sub-state */
 static void set_pts_state(struct card_handle *ch, enum pts_state new_ptss)
 {
-	TRACE_DEBUG("%u: 7816 PTS state %u -> %u\r\n",
-		    ch->num, ch->pts.state, new_ptss);
+	TRACE_DEBUG("%u: 7816 PTS state %s -> %s\r\n", ch->num,
+		    get_value_string(pts_state_names, ch->pts.state),
+		    get_value_string(pts_state_names, new_ptss));
 	ch->pts.state = new_ptss;
 }
 
@@ -514,8 +608,8 @@ process_byte_pts(struct card_handle *ch, uint8_t byte)
 		memcpy(ch->pts.resp, ch->pts.req, sizeof(ch->pts.resp));
 		break;
 	default:
-		TRACE_ERROR("%u: process_byte_pts() in invalid state %u\r\n",
-			    ch->num, ch->pts.state);
+		TRACE_ERROR("%u: process_byte_pts() in invalid PTS state %s\r\n", ch->num,
+			    get_value_string(pts_state_names, ch->pts.state));
 		break;
 	}
 	/* calculate the next state and set it */
@@ -550,10 +644,11 @@ static int tx_byte_pts(struct card_handle *ch)
 	case PTS_S_WAIT_RESP_PTS1:
 		byte = ch->pts.resp[_PTS1];
 		/* This must be TA1 */
-		ch->fi = byte >> 4;
-		ch->di = byte & 0xf;
-		TRACE_DEBUG("%u: found Fi=%u Di=%u\r\n", ch->num,
-			    ch->fi, ch->di);
+		ch->F_index = byte >> 4;
+		ch->D_index = byte & 0xf;
+		TRACE_DEBUG("%u: found F=%u D=%u\r\n", ch->num,
+			    iso7816_3_fi_table[ch->F_index], iso7816_3_di_table[ch->D_index]);
+		/* FIXME: if F or D are 0, become unresponsive to signal error condition */
 		break;
 	case PTS_S_WAIT_RESP_PTS2:
 		byte = ch->pts.resp[_PTS2];
@@ -565,8 +660,8 @@ static int tx_byte_pts(struct card_handle *ch)
 		byte = ch->pts.resp[_PCK];
 		break;
 	default:
-		TRACE_ERROR("%u: get_byte_pts() in invalid state %u\r\n",
-			    ch->num, ch->pts.state);
+		TRACE_ERROR("%u: get_byte_pts() in invalid PTS state %s\r\n", ch->num,
+			    get_value_string(pts_state_names, ch->pts.state));
 		return 0;
 	}
 
@@ -578,7 +673,7 @@ static int tx_byte_pts(struct card_handle *ch)
 	switch (ch->pts.state) {
 	case PTS_S_WAIT_RESP_PCK:
 		card_emu_uart_wait_tx_idle(ch->uart_chan);
-		/* update baud rate generator with Fi/Di */
+		/* update baud rate generator with F/D */
 		emu_update_fidi(ch);
 		/* Wait for the next TPDU */
 		card_set_state(ch, ISO_S_WAIT_TPDU);
@@ -651,21 +746,35 @@ static void set_tpdu_state(struct card_handle *ch, enum tpdu_state new_ts)
 	if (ch->tpdu.state == new_ts)
 		return;
 
-	TRACE_DEBUG("%u: 7816 TPDU state %u -> %u\r\n", ch->num,
-		    ch->tpdu.state, new_ts);
-
+	TRACE_DEBUG("%u: 7816 TPDU state %s -> %s\r\n", ch->num,
+		get_value_string(tpdu_state_names, ch->tpdu.state),
+		get_value_string(tpdu_state_names, new_ts));
 	ch->tpdu.state = new_ts;
 
 	switch (new_ts) {
 	case TPDU_S_WAIT_CLA:
-	case TPDU_S_WAIT_RX:
+		/* switch back to receiving mode */
 		card_emu_uart_enable(ch->uart_chan, ENABLE_RX);
+		/* disable waiting time since we don't expect any data */
+		card_emu_uart_update_wt(ch->uart_chan, 0);
+		break;
+	case TPDU_S_WAIT_INS:
+		/* start waiting for the rest of the header/body */
+		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
+		break;
+	case TPDU_S_WAIT_RX:
+		/* switch to receive mode to receive the body */
+		card_emu_uart_enable(ch->uart_chan, ENABLE_RX);
+		/* start waiting for the body */
+		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
 		break;
 	case TPDU_S_WAIT_PB:
 		/* we just completed the TPDU header from reader to card
 		 * and now need to disable the receiver, enable the
 		 * transmitter and transmit the procedure byte */
 		card_emu_uart_enable(ch->uart_chan, ENABLE_TX);
+		/* prepare to extend the waiting time once half of it is reached */
+		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
 		break;
 	default:
 		break;
@@ -772,8 +881,8 @@ process_byte_tpdu(struct card_handle *ch, uint8_t byte)
 		add_tpdu_byte(ch, byte);
 		break;
 	default:
-		TRACE_ERROR("%u: process_byte_tpdu() in invalid state %u\r\n",
-			    ch->num, ch->tpdu.state);
+		TRACE_ERROR("%u: process_byte_tpdu() in invalid TPDU state %s\r\n", ch->num,
+			    get_value_string(tpdu_state_names, ch->tpdu.state));
 	}
 
 	/* ensure we stay in TPDU ISO state */
@@ -860,6 +969,8 @@ void card_emu_process_rx_byte(struct card_handle *ch, uint8_t byte)
 	switch (ch->state) {
 	case ISO_S_WAIT_TPDU:
 		if (byte == 0xff) {
+			/* reset PTS to initial state */
+			set_pts_state(ch, PTS_S_WAIT_REQ_PTSS);
 			new_state = process_byte_pts(ch, byte);
 			ch->stats.pps++;
 			goto out_silent;
@@ -872,8 +983,8 @@ void card_emu_process_rx_byte(struct card_handle *ch, uint8_t byte)
 		new_state = process_byte_pts(ch, byte);
 		goto out_silent;
 	default:
-		TRACE_ERROR("%u: Received UART char in invalid 7816 state "
-			    "%u\r\n", ch->num, ch->state);
+		TRACE_ERROR("%u: Received UART char in invalid 7816 state %s\r\n", ch->num,
+			    get_value_string(iso7816_3_card_state_names, ch->state));
 		break;
 	}
 
@@ -926,13 +1037,16 @@ void card_emu_have_new_uart_tx(struct card_handle *ch)
 	}
 }
 
-void card_emu_report_status(struct card_handle *ch)
+void card_emu_report_status(struct card_handle *ch, bool report_on_irq)
 {
 	struct msgb *msg;
 	struct cardemu_usb_msg_status *sts;
+	uint8_t ep = ch->in_ep;
 
-	msg = usb_buf_alloc_st(ch->in_ep, SIMTRACE_MSGC_CARDEM,
-				SIMTRACE_MSGT_BD_CEMU_STATUS);
+	if (report_on_irq)
+		ep = ch->irq_ep;
+
+	msg = usb_buf_alloc_st(ep, SIMTRACE_MSGC_CARDEM, SIMTRACE_MSGT_BD_CEMU_STATUS);
 	if (!msg)
 		return;
 
@@ -945,26 +1059,46 @@ void card_emu_report_status(struct card_handle *ch)
 	if (ch->in_reset)
 		sts->flags |= CEMU_STATUS_F_RESET_ACTIVE;
 	/* FIXME: voltage + card insert */
-	sts->fi = ch->fi;
-	sts->di = ch->di;
+	sts->F_index = ch->F_index;
+	sts->D_index = ch->D_index;
 	sts->wi = ch->wi;
 	sts->waiting_time = ch->waiting_time;
 
 	usb_buf_upd_len_and_submit(msg);
 }
 
+static void card_emu_report_config(struct card_handle *ch)
+{
+	struct msgb *msg;
+	struct cardemu_usb_msg_config *cfg;
+	uint8_t ep = ch->in_ep;
+
+	msg = usb_buf_alloc_st(ch->in_ep, SIMTRACE_MSGC_CARDEM, SIMTRACE_MSGT_BD_CEMU_CONFIG);
+	if (!msg)
+		return;
+
+	cfg = (struct cardemu_usb_msg_config *) msgb_put(msg, sizeof(*cfg));
+	cfg->features = ch->features;
+
+	usb_buf_upd_len_and_submit(msg);
+}
+
 /* hardware driver informs us that a card I/O signal has changed */
 void card_emu_io_statechg(struct card_handle *ch, enum card_io io, int active)
 {
+	uint32_t chg_mask = 0;
+
 	switch (io) {
 	case CARD_IO_VCC:
 		if (active == 0 && ch->vcc_active == 1) {
 			TRACE_INFO("%u: VCC deactivated\r\n", ch->num);
-			tc_etu_disable(ch->tc_chan);
+			card_handle_reset(ch);
 			card_set_state(ch, ISO_S_WAIT_POWER);
+			chg_mask |= CEMU_STATUS_F_VCC_PRESENT;
 		} else if (active == 1 && ch->vcc_active == 0) {
 			TRACE_INFO("%u: VCC activated\r\n", ch->num);
 			card_set_state(ch, ISO_S_WAIT_CLK);
+			chg_mask |= CEMU_STATUS_F_VCC_PRESENT;
 		}
 		ch->vcc_active = active;
 		break;
@@ -973,27 +1107,49 @@ void card_emu_io_statechg(struct card_handle *ch, enum card_io io, int active)
 			TRACE_INFO("%u: CLK activated\r\n", ch->num);
 			if (ch->state == ISO_S_WAIT_CLK)
 				card_set_state(ch, ISO_S_WAIT_RST);
+			chg_mask |= CEMU_STATUS_F_CLK_ACTIVE;
 		} else if (active == 0 && ch->clocked == 1) {
 			TRACE_INFO("%u: CLK deactivated\r\n", ch->num);
+			chg_mask |= CEMU_STATUS_F_CLK_ACTIVE;
 		}
 		ch->clocked = active;
 		break;
 	case CARD_IO_RST:
 		if (active == 0 && ch->in_reset) {
 			TRACE_INFO("%u: RST released\r\n", ch->num);
-			if (ch->vcc_active && ch->clocked) {
-				/* enable the TC/ETU counter once reset has been released */
-				tc_etu_enable(ch->tc_chan);
+			if (ch->vcc_active && ch->clocked && ch->state == ISO_S_WAIT_RST) {
 				/* prepare to send the ATR */
 				card_set_state(ch, ISO_S_WAIT_ATR);
 			}
+			chg_mask |= CEMU_STATUS_F_RESET_ACTIVE;
 		} else if (active && !ch->in_reset) {
 			TRACE_INFO("%u: RST asserted\r\n", ch->num);
-			tc_etu_disable(ch->tc_chan);
+			card_handle_reset(ch);
+			chg_mask |= CEMU_STATUS_F_RESET_ACTIVE;
+			card_set_state(ch, ISO_S_WAIT_RST);
 		}
 		ch->in_reset = active;
 		break;
 	}
+
+	switch (ch->state) {
+	case ISO_S_WAIT_POWER:
+	case ISO_S_WAIT_CLK:
+	case ISO_S_WAIT_RST:
+		/* check end activation state (even if the reader does
+		 * not respect the activation sequence) */
+		if (ch->vcc_active && ch->clocked && !ch->in_reset) {
+			/* prepare to send the ATR */
+			card_set_state(ch, ISO_S_WAIT_ATR);
+		}
+		break;
+	default:
+		break;
+	}
+
+	/* notify the host about the state change */
+	if ((ch->features & CEMU_FEAT_F_STATUS_IRQ) && chg_mask)
+		card_emu_report_status(ch, true);
 }
 
 /* User sets a new ATR to be returned during next card reset */
@@ -1020,7 +1176,7 @@ int card_emu_set_atr(struct card_handle *ch, const uint8_t *atr, uint8_t len)
 }
 
 /* hardware driver informs us that one (more) ETU has expired */
-void tc_etu_wtime_half_expired(void *handle)
+void card_emu_wtime_half_expired(void *handle)
 {
 	struct card_handle *ch = handle;
 	/* transmit NULL procedure byte well before waiting time expires */
@@ -1030,7 +1186,10 @@ void tc_etu_wtime_half_expired(void *handle)
 		case TPDU_S_WAIT_PB:
 		case TPDU_S_WAIT_TX:
 			putchar('N');
+			/* we are waiting for data from the user. Send a procedure byte to ask the
+			 * reader to wait more time */
 			card_emu_uart_tx(ch->uart_chan, ISO7816_3_PB_NULL);
+			card_emu_uart_reset_wt(ch->uart_chan);
 			break;
 		default:
 			break;
@@ -1042,7 +1201,7 @@ void tc_etu_wtime_half_expired(void *handle)
 }
 
 /* hardware driver informs us that one (more) ETU has expired */
-void tc_etu_wtime_expired(void *handle)
+void card_emu_wtime_expired(void *handle)
 {
 	struct card_handle *ch = handle;
 	switch (ch->state) {
@@ -1056,13 +1215,39 @@ void tc_etu_wtime_expired(void *handle)
 	}
 }
 
-/* shortest ATR found in smartcard_list.txt */
-static const uint8_t default_atr[] = { 0x3B, 0x02, 0x14, 0x50 };
+/* reasonable ATR offering all protocols and voltages
+ * smartphones might not care, but other readers do
+ *
+ * TS =		0x3B	Direct Convention
+ * T0 =		0x80	Y(1): b1000, K: 0 (historical bytes)
+ * TD(1) =	0x80	Y(i+1) = b1000, Protocol T=0
+ * ----
+ * TD(2) =	0x81	Y(i+1) = b1000, Protocol T=1
+ * ----
+ * TD(3) =	0x1F	Y(i+1) = b0001, Protocol T=15
+ * ----
+ * TA(4) =	0xC7	Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
+ * ----
+ * Historical bytes
+ * TCK =	0x59 	correct checksum
+ */
+static const uint8_t default_atr[] = { 0x3B, 0x80, 0x80, 0x81 , 0x1F, 0xC7, 0x59 };
 
 static struct card_handle card_handles[NUM_SLOTS];
 
-struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uart_chan,
-				  uint8_t in_ep, uint8_t irq_ep)
+int card_emu_set_config(struct card_handle *ch, const struct cardemu_usb_msg_config *scfg,
+			unsigned int scfg_len)
+{
+	if (scfg_len >= sizeof(uint32_t))
+		ch->features = (scfg->features & SUPPORTED_FEATURES);
+
+	/* send back a report of our current configuration */
+	card_emu_report_config(ch);
+
+	return 0;
+}
+
+struct card_handle *card_emu_init(uint8_t slot_num, uint8_t uart_chan, uint8_t in_ep, uint8_t irq_ep, bool vcc_active, bool in_reset, bool clocked)
 {
 	struct card_handle *ch;
 
@@ -1075,20 +1260,18 @@ struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uar
 
 	INIT_LLIST_HEAD(&ch->uart_tx_queue);
 
-	/* initialize the card_handle with reasonable defaults */
 	ch->num = slot_num;
 	ch->irq_ep = irq_ep;
 	ch->in_ep = in_ep;
 	ch->state = ISO_S_WAIT_POWER;
-	ch->vcc_active = 0;
-	ch->in_reset = 1;
-	ch->clocked = 0;
+	ch->vcc_active = vcc_active;
+	ch->in_reset = in_reset;
+	ch->clocked = clocked;
 
-	ch->fi = 0;
-	ch->di = 1;
+	ch->Fi_index = ch->F_index = 1;
+	ch->Di_index = ch->D_index = 1;
 	ch->wi = ISO7816_3_DEFAULT_WI;
 
-	ch->tc_chan = tc_chan;
 	ch->uart_chan = uart_chan;
 	ch->waiting_time = ISO7816_3_INIT_WTIME;
 
@@ -1099,7 +1282,7 @@ struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uar
 	ch->pts.state = PTS_S_WAIT_REQ_PTSS;
 	ch->tpdu.state = TPDU_S_WAIT_CLA;
 
-	tc_etu_init(ch->tc_chan, ch);
+	card_handle_reset(ch);
 
 	return ch;
 }

firmware/libcommon/source/cciddriver.c

@@ -428,7 +428,7 @@ static void PCtoRDRXfrBlock( void )
 	uint16_t msglen = 0;
 	uint32_t ret;
 
-	TRACE_DEBUG("PCtoRDRXfrBlock\n");
+	TRACE_DEBUG("PCtoRDRXfrBlock\n\r");
 
 	// Check the block length
 	if ( ccidDriver.sCcidCommand.wLength > (configurationDescriptorsFS->ccid.dwMaxCCIDMessageLength-10) ) {
@@ -921,7 +921,7 @@ void USBDCallbacks_RequestReceived(const USBGenericRequest *request)
 void CCID_SmartCardRequest( void )
 {
 	unsigned char bStatus;
-	TRACE_DEBUG("CCID_req\n");
+	TRACE_DEBUG("CCID_req\n\r");
 
 	do {
 

firmware/libcommon/source/host_communication.c

@@ -27,27 +27,36 @@
  * USBD Integration API
  ***********************************************************************/
 
-/* call-back after (successful?) transfer of a buffer */
+/* call-back after (successful?) transfer of a write buffer on IN EP */
 static void usb_write_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 			 uint32_t remaining)
 {
 	struct msgb *msg = (struct msgb *) arg;
 	struct usb_buffered_ep *bep = msg->dst;
+	uint16_t ep_size = USBD_GetEndpointSize(bep->ep);
 	unsigned long x;
 
 	TRACE_DEBUG("%s (EP=0x%02x)\r\n", __func__, bep->ep);
 
+	if (((msgb_length(msg) % ep_size) == 0) && (transferred == ep_size)) {
+		/* terminate with ZLP; pass in 'msg' again as 'arg' so we get
+		 * called the second time and proceed with usb_buf_free below */
+		USBD_Write(bep->ep, 0, 0, (TransferCallback) &usb_write_cb, msg);
+		return;
+	}
+
 	local_irq_save(x);
 	bep->in_progress--;
 	local_irq_restore(x);
-	TRACE_DEBUG("%u: in_progress=%d\n", bep->ep, bep->in_progress);
+	TRACE_DEBUG("%u: in_progress=%lu\r\n", bep->ep, bep->in_progress);
 
 	if (status != USBD_STATUS_SUCCESS)
-		TRACE_ERROR("%s error, status=%d\n", __func__, status);
+		TRACE_ERROR("%s error, status=%d\r\n", __func__, status);
 
 	usb_buf_free(msg);
 }
 
+/* check if the spcified IN endpoint is idle and submit the next buffer from queue */
 int usb_refill_to_host(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
@@ -75,44 +84,44 @@ int usb_refill_to_host(uint8_t ep)
 
 	bep->in_progress++;
 
-	msg = msgb_dequeue(&bep->queue);
+	msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
 
 	local_irq_restore(x);
 
-	TRACE_DEBUG("%s (EP=0x%02x), in_progress=%d\r\n", __func__, ep, bep->in_progress);
+	TRACE_DEBUG("%s (EP=0x%02x), in_progress=%lu\r\n", __func__, ep, bep->in_progress);
 
 	msg->dst = bep;
 
 	rc = USBD_Write(ep, msgb_data(msg), msgb_length(msg),
 			(TransferCallback) &usb_write_cb, msg);
 	if (rc != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("%s error %x\n", __func__, rc);
+		TRACE_ERROR("%s error %x\r\n", __func__, rc);
 		/* re-insert to head of queue */
 		llist_add_irqsafe(&msg->list, &bep->queue);
 		local_irq_save(x);
 		bep->in_progress--;
 		local_irq_restore(x);
-		TRACE_DEBUG("%02x: in_progress=%d\n", bep->ep, bep->in_progress);
+		TRACE_DEBUG("%02x: in_progress=%lu\r\n", bep->ep, bep->in_progress);
 		return 0;
 	}
 
 	return 1;
 }
 
-/* call-back after (successful?) transfer of a buffer */
+/* call-back after (successful?) read transfer of a buffer on OUT EP */
 static void usb_read_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 			uint32_t remaining)
 {
 	struct msgb *msg = (struct msgb *) arg;
 	struct usb_buffered_ep *bep = msg->dst;
 
-	TRACE_DEBUG("%s (EP=%u, len=%u, q=%p)\r\n", __func__,
+	TRACE_DEBUG("%s (EP=%u, len=%lu, q=%p)\r\n", __func__,
 			bep->ep, transferred, &bep->queue);
 
 	bep->in_progress = 0;
 
 	if (status != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("%s error, status=%d\n", __func__, status);
+		TRACE_ERROR("%s error, status=%d\r\n", __func__, status);
 		usb_buf_free(msg);
 		return;
 	}
@@ -120,6 +129,7 @@ static void usb_read_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 	llist_add_tail_irqsafe(&msg->list, &bep->queue);
 }
 
+/* refill the read queue for data received from host PC on OUT EP, if needed */
 int usb_refill_from_host(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
@@ -150,7 +160,7 @@ int usb_refill_from_host(uint8_t ep)
 	rc = USBD_Read(ep, msg->head, msgb_tailroom(msg),
 			(TransferCallback) &usb_read_cb, msg);
 	if (rc != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("%s error %d\n", __func__, rc);
+		TRACE_ERROR("%s error %d\r\n", __func__, rc);
 		usb_buf_free(msg);
 		bep->in_progress = 0;
 	}
@@ -158,6 +168,7 @@ int usb_refill_from_host(uint8_t ep)
 	return 1;
 }
 
+/* drain any buffers from the queue of the endpoint and release their memory */
 int usb_drain_queue(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
@@ -177,7 +188,7 @@ int usb_drain_queue(uint8_t ep)
 	}
 
 	/* free all queued msgbs */
-	while ((msg = msgb_dequeue(&bep->queue))) {
+	while ((msg = msgb_dequeue_count(&bep->queue, &bep->queue_len))) {
 		usb_buf_free(msg);
 		ret++;
 	}

firmware/libcommon/source/iso7816_fidi.c

@@ -23,38 +23,38 @@
 #include "iso7816_fidi.h"
 
 /* Table 7 of ISO 7816-3:2006 */
-const uint16_t fi_table[] = {
+const uint16_t iso7816_3_fi_table[] = {
 	372, 372, 558, 744, 1116, 1488, 1860, 0,
 	0, 512, 768, 1024, 1536, 2048, 0, 0
 };
 
 /* Table 8 from ISO 7816-3:2006 */
-const uint8_t di_table[] = {
+const uint8_t iso7816_3_di_table[] = {
 	0, 1, 2, 4, 8, 16, 32, 64,
 	12, 20, 2, 4, 8, 16, 32, 64,
 };
 
 /* compute the F/D ratio based on Fi and Di values */
-int compute_fidi_ratio(uint8_t fi, uint8_t di)
+int iso7816_3_compute_fd_ratio(uint8_t f_index, uint8_t d_index)
 {
 	uint16_t f, d;
 	int ret;
 
-	if (fi >= ARRAY_SIZE(fi_table) ||
-	    di >= ARRAY_SIZE(di_table))
+	if (f_index >= ARRAY_SIZE(iso7816_3_fi_table) ||
+	    d_index >= ARRAY_SIZE(iso7816_3_di_table))
 		return -EINVAL;
 
-	f = fi_table[fi];
+	f = iso7816_3_fi_table[f_index];
 	if (f == 0)
 		return -EINVAL;
 
-	d = di_table[di];
+	d = iso7816_3_di_table[d_index];
 	if (d == 0)
 		return -EINVAL;
 
 	/* See table 7 of ISO 7816-3: From 1000 on we divide by 1/d,
 	 * which equals a multiplication by d */
-	if (di < 8)
+	if (d_index < 8)
 		ret = f / d;
 	else
 		ret = f * d;

firmware/libcommon/source/main_common.c

@@ -0,0 +1,54 @@
+/* SIMtrace 2 firmware common main helpers
+ *
+ * (C) 2015-2019 by Harald Welte <hwelte@hmw-consulting.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include "board.h"
+#include "utils.h"
+
+void print_banner(void)
+{
+	printf("\n\r\n\r"
+		"=============================================================================\n\r"
+		"SIMtrace2 firmware " GIT_VERSION ", BOARD=" BOARD ", APP=" APPLICATION "\n\r"
+		"(C) 2010-2019 by Harald Welte, 2018-2019 by Kevin Redon\n\r"
+		"=============================================================================\n\r");
+
+#if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
+	/* print chip-unique ID */
+	unsigned int unique_id[4];
+	EEFC_ReadUniqueID(unique_id);
+	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
+	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
+		   unique_id[0], unique_id[1], unique_id[2], unique_id[3]);
+
+	/* print reset cause */
+	uint8_t reset_cause = (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos;
+	static const char* reset_causes[] = {
+		"general reset (first power-up reset)",
+		"backup reset (return from backup mode)",
+		"watchdog reset (watchdog fault occurred)",
+		"software reset (processor reset required by the software)",
+		"user reset (NRST pin detected low)",
+	};
+	if (reset_cause < ARRAY_SIZE(reset_causes)) {
+		TRACE_INFO("Reset Cause: %s\n\r", reset_causes[reset_cause]);
+	} else {
+		TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
+	}
+#endif
+}

firmware/libcommon/source/mode_cardemu.c

@@ -1,7 +1,7 @@
 /* card emulation mode
  *
  * (C) 2015-2017 by Harald Welte <laforge@gnumonks.org>
- * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * (C) 2018-2019 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -44,7 +44,7 @@ static const Pin pin_usim1_rst	= PIN_USIM1_nRST;
 static const Pin pin_usim1_vcc	= PIN_USIM1_VCC;
 
 #ifdef CARDEMU_SECOND_UART
-static const Pin pins_usim2[]    = {PINS_USIM2};
+static const Pin pins_usim2[]	= {PINS_USIM2};
 static const Pin pin_usim2_rst	= PIN_USIM2_nRST;
 static const Pin pin_usim2_vcc	= PIN_USIM2_VCC;
 #endif
@@ -55,13 +55,27 @@ struct cardem_inst {
 	struct llist_head usb_out_queue;
 	struct ringbuf rb;
 	struct Usart_info usart_info;
+	struct {
+		/*! receiver waiting time to trigger timeout (0 to deactivate it) */
+		uint32_t total;
+		/*! remaining waiting time (we may need multiple timer runs to reach total */
+		uint32_t remaining;
+		/*! did we already notify about half the time having expired? */
+		bool half_time_notified;
+	} wt;
 	int usb_pending_old;
 	uint8_t ep_out;
 	uint8_t ep_in;
 	uint8_t ep_int;
 	const Pin pin_insert;
+#ifdef DETECT_VCC_BY_ADC
 	uint32_t vcc_uv;
 	uint32_t vcc_uv_last;
+#endif
+	bool vcc_active;
+	bool vcc_active_last;
+	bool rst_active;
+	bool rst_active_last;
 };
 
 struct cardem_inst cardem_inst[] = {
@@ -135,12 +149,23 @@ void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 	Usart *usart = get_usart_by_chan(uart_chan);
 	switch (rxtx) {
 	case ENABLE_TX:
-		USART_DisableIt(usart, ~US_IER_TXRDY);
+		USART_DisableIt(usart, ~(US_IER_TXRDY | US_IER_TIMEOUT));
 		/* as irritating as it is, we actually want to keep the
 		 * receiver enabled during transmit */
 		USART_SetReceiverEnabled(usart, 1);
 		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
-		USART_EnableIt(usart, US_IER_TXRDY);
+		USART_EnableIt(usart, US_IER_TXRDY | US_IER_TIMEOUT);
+		USART_SetTransmitterEnabled(usart, 1);
+		break;
+	case ENABLE_TX_TIMER_ONLY:
+		/* enable the transmitter without generating TXRDY interrupts
+		 * just so that the timer can run */
+		USART_DisableIt(usart, ~US_IER_TIMEOUT);
+		/* as irritating as it is, we actually want to keep the
+		 * receiver enabled during transmit */
+		USART_SetReceiverEnabled(usart, 1);
+		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
+		USART_EnableIt(usart, US_IER_TIMEOUT);
 		USART_SetTransmitterEnabled(usart, 1);
 		break;
 	case ENABLE_RX:
@@ -188,41 +213,111 @@ int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte)
 	return 1;
 }
 
+static uint16_t compute_next_timeout(struct cardem_inst *ci)
+{
+	uint32_t want_to_expire;
 
-/* FIXME: integrate this with actual irq handler */
+	if (ci->wt.total == 0)
+		return 0;
+
+	if (!ci->wt.half_time_notified) {
+		/* we need to make sure to expire after half the total waiting time */
+		OSMO_ASSERT(ci->wt.remaining > (ci->wt.total / 2));
+		want_to_expire = ci->wt.remaining - (ci->wt.total / 2);
+	} else
+		want_to_expire = ci->wt.remaining;
+	/* if value exceeds the USART TO range, use the maximum possible value for one round */
+	return OSMO_MIN(want_to_expire, 0xffff);
+}
+
+/*! common handler if interrupt was received.
+ *  \param[in] inst_num Instance number, range 0..1 (some boards only '0' permitted) */
 static void usart_irq_rx(uint8_t inst_num)
 {
+	OSMO_ASSERT(inst_num < ARRAY_SIZE(cardem_inst));
 	Usart *usart = get_usart_by_chan(inst_num);
 	struct cardem_inst *ci = &cardem_inst[inst_num];
 	uint32_t csr;
 	uint8_t byte = 0;
 
+	/* get one atomic snapshot of state/flags before they get changed */
 	csr = usart->US_CSR & usart->US_IMR;
 
+	/* check if one byte has been completely received and is now in the holding register */
 	if (csr & US_CSR_RXRDY) {
+		/* read the bye from the holding register */
 		byte = (usart->US_RHR) & 0xFF;
+		/* append it to the buffer */
 		if (rbuf_write(&ci->rb, byte) < 0)
 			TRACE_ERROR("rbuf overrun\r\n");
 	}
 
+	/* check if the transmitter is ready for the next byte */
 	if (csr & US_CSR_TXRDY) {
-		if (card_emu_tx_byte(ci->ch) == 0)
+		/* transmit next byte and check if more bytes are to be transmitted */
+		if (card_emu_tx_byte(ci->ch) == 0) {
+			/* stop the TX ready interrupt of no more bytes to transmit */
 			USART_DisableIt(usart, US_IER_TXRDY);
+		}
 	}
 
-	if (csr & (US_CSR_OVRE|US_CSR_FRAME|US_CSR_PARE|
-		   US_CSR_TIMEOUT|US_CSR_NACK|(1<<10))) {
+	/* check if any error flags are set */
+	if (csr & (US_CSR_OVRE|US_CSR_FRAME|US_CSR_PARE|US_CSR_NACK|(1<<10))) {
+		/* clear any error flags */
 		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
-		TRACE_ERROR("%u e 0x%x st: 0x%lx\n", ci->num, byte, csr);
+		TRACE_ERROR("%u USART error on 0x%x status: 0x%lx\n", ci->num, byte, csr);
+	}
+
+	/* check if the timeout has expired. We "abuse" the receive timer for tracking
+	 * how many etu have expired since we last sent a byte.  See section
+	 * 33.7.3.11 "Receiver Time-out" of the SAM3S8 Data Sheet */
+	if (csr & US_CSR_TIMEOUT) {
+		/* clear timeout flag (and stop timeout until next character is received) */
+		usart->US_CR |= US_CR_STTTO;
+
+		/* RX has been inactive for some time */
+		if (ci->wt.remaining <= (usart->US_RTOR & 0xffff)) {
+			/* waiting time is over; will stop the timer */
+			ci->wt.remaining = 0;
+		} else {
+			/* subtract the actual timeout since the new might not have been set and
+			 * reloaded yet */
+			ci->wt.remaining -= (usart->US_RTOR & 0xffff);
+		}
+		if (ci->wt.remaining == 0) {
+			/* let the FSM know that WT has expired */
+			card_emu_wtime_expired(ci->ch);
+			/* don't automatically re-start in this case */
+		} else {
+			bool half_time_just_reached = false;
+
+			if (ci->wt.remaining <= ci->wt.total / 2 && !ci->wt.half_time_notified) {
+				ci->wt.half_time_notified = true;
+				/* don't immediately call card_emu_wtime_half_expired(), as that
+				 * in turn may calls card_emu_uart_update_wt() which will change
+				 * the timeout but would be overridden 4 lines below */
+				half_time_just_reached = true;
+			}
+
+			/* update the counter no matter if we reached half time or not */
+			usart->US_RTOR = compute_next_timeout(ci);
+			/* restart the counter (if wt is 0, the timeout is not started) */
+			usart->US_CR |= US_CR_RETTO;
+
+			if (half_time_just_reached)
+				card_emu_wtime_half_expired(ci->ch);
+		}
 	}
 }
 
+/*! ISR called for USART0 */
 void mode_cardemu_usart0_irq(void)
 {
 	/* USART0 == Instance 1 == USIM 2 */
 	usart_irq_rx(1);
 }
 
+/*! ISR called for USART1 */
 void mode_cardemu_usart1_irq(void)
 {
 	/* USART1 == Instance 0 == USIM 1 */
@@ -241,6 +336,41 @@ int card_emu_uart_update_fidi(uint8_t uart_chan, unsigned int fidi)
 	return 0;
 }
 
+/*! Update WT on USART peripheral.  Will automatically re-start timer with new value.
+ *  \param[in] usart USART peripheral to configure
+ *  \param[in] wt inactivity Waiting Time before card_emu_wtime_expired is called (0 to disable) */
+void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt)
+{
+	OSMO_ASSERT(uart_chan < ARRAY_SIZE(cardem_inst));
+	struct cardem_inst *ci = &cardem_inst[uart_chan];
+	Usart *usart = get_usart_by_chan(uart_chan);
+
+	if (ci->wt.total != wt) {
+		TRACE_DEBUG("%u: USART WT changed from %lu to %lu ETU\r\n", uart_chan,
+			    ci->wt.total, wt);
+	}
+
+	ci->wt.total = wt;
+	/* reset and start the timer */
+	card_emu_uart_reset_wt(uart_chan);
+}
+
+/*! Reset and re-start waiting timeout count down on USART peripheral.
+ *  \param[in] usart USART peripheral to configure */
+void card_emu_uart_reset_wt(uint8_t uart_chan)
+{
+	OSMO_ASSERT(uart_chan < ARRAY_SIZE(cardem_inst));
+	struct cardem_inst *ci = &cardem_inst[uart_chan];
+	Usart *usart = get_usart_by_chan(uart_chan);
+
+	/* FIXME: guard against race with interrupt handler */
+	ci->wt.remaining = ci->wt.total;
+	ci->wt.half_time_notified = false;
+	usart->US_RTOR = compute_next_timeout(ci);
+	/* restart the counter (if wt is 0, the timeout is not started) */
+	usart->US_CR |= US_CR_RETTO;
+}
+
 /* call-back from card_emu.c to force a USART interrupt */
 void card_emu_uart_interrupt(uint8_t uart_chan)
 {
@@ -261,7 +391,7 @@ void card_emu_uart_interrupt(uint8_t uart_chan)
 
 #ifdef DETECT_VCC_BY_ADC
 
-static int adc_triggered = 0;
+static volatile int adc_triggered = 0;
 static int adc_sam3s_reva_errata = 0;
 
 static int card_vcc_adc_init(void)
@@ -309,20 +439,16 @@ static int card_vcc_adc_init(void)
 }
 
 #define VCC_UV_THRESH_1V8	1500000
-#define VCC_UV_THRESH_3V	2800000
+#define VCC_UV_THRESH_3V	2500000
 
 static void process_vcc_adc(struct cardem_inst *ci)
 {
 	if (ci->vcc_uv >= VCC_UV_THRESH_3V &&
 	    ci->vcc_uv_last < VCC_UV_THRESH_3V) {
-		card_emu_io_statechg(ci->ch, CARD_IO_VCC, 1);
-		/* FIXME do this for real */
-		card_emu_io_statechg(ci->ch, CARD_IO_CLK, 1);
+		ci->vcc_active = true;
 	} else if (ci->vcc_uv < VCC_UV_THRESH_3V &&
 		 ci->vcc_uv_last >= VCC_UV_THRESH_3V) {
-		/* FIXME do this for real */
-		card_emu_io_statechg(ci->ch, CARD_IO_CLK, 0);
-		card_emu_io_statechg(ci->ch, CARD_IO_VCC, 0);
+		ci->vcc_active = false;
 	}
 	ci->vcc_uv_last = ci->vcc_uv;
 }
@@ -347,44 +473,54 @@ void ADC_IrqHandler(void)
 		cardem_inst[0].vcc_uv = adc2uv(val);
 		process_vcc_adc(&cardem_inst[0]);
 		ADC->ADC_CR |= ADC_CR_START;
+		adc_triggered = 1;
 	}
 }
 #endif /* DETECT_VCC_BY_ADC */
 
+
+/* called from main loop; dispatches card I/O state changes to card_emu from main loop */
+static void process_io_statechg(struct cardem_inst *ci)
+{
+	if (ci->vcc_active != ci->vcc_active_last) {
+		card_emu_io_statechg(ci->ch, CARD_IO_VCC, ci->vcc_active);
+		/* FIXME do this for real */
+		card_emu_io_statechg(ci->ch, CARD_IO_CLK, ci->vcc_active);
+		ci->vcc_active_last = ci->vcc_active;
+	}
+
+	if (ci->rst_active != ci->rst_active_last) {
+		card_emu_io_statechg(ci->ch, CARD_IO_RST, ci->rst_active);
+		ci->rst_active_last = ci->rst_active;
+	}
+}
+
 /***********************************************************************
  * Core USB  / main loop integration
  ***********************************************************************/
 
 static void usim1_rst_irqhandler(const Pin *pPin)
 {
-	int active = PIO_Get(&pin_usim1_rst) ? 0 : 1;
-	card_emu_io_statechg(cardem_inst[0].ch, CARD_IO_RST, active);
+	cardem_inst[0].rst_active = PIO_Get(&pin_usim1_rst) ? false : true;
 }
 
 #ifndef DETECT_VCC_BY_ADC
 static void usim1_vcc_irqhandler(const Pin *pPin)
 {
-	int active = PIO_Get(&pin_usim1_vcc) ? 1 : 0;
-	card_emu_io_statechg(cardem_inst[0].ch, CARD_IO_VCC, active);
-	/* FIXME do this for real */
-	card_emu_io_statechg(cardem_inst[0].ch, CARD_IO_CLK, active);
+	cardem_inst[0].vcc_active = PIO_Get(&pin_usim1_vcc) ? true : false;
 }
 #endif /* !DETECT_VCC_BY_ADC */
 
 #ifdef CARDEMU_SECOND_UART
 static void usim2_rst_irqhandler(const Pin *pPin)
 {
-	int active = PIO_Get(&pin_usim2_rst) ? 0 : 1;
-	card_emu_io_statechg(cardem_inst[1].ch, CARD_IO_RST, active);
+	cardem_inst[1].rst_active = PIO_Get(&pin_usim2_rst) ? false : true;
 }
 
 #ifndef DETECT_VCC_BY_ADC
 static void usim2_vcc_irqhandler(const Pin *pPin)
 {
-	int active = PIO_Get(&pin_usim2_vcc) ? 1 : 0;
-	card_emu_io_statechg(cardem_inst[1].ch, CARD_IO_VCC, active);
-	/* FIXME do this for real */
-	card_emu_io_statechg(cardem_inst[1].ch, CARD_IO_CLK, active);
+	cardem_inst[1].vcc_active = PIO_Get(&pin_usim2_vcc) ? true : false;
 }
 #endif /* !DETECT_VCC_BY_ADC */
 #endif /* CARDEMU_SECOND_UART */
@@ -412,15 +548,28 @@ void mode_cardemu_init(void)
 	INIT_LLIST_HEAD(&cardem_inst[0].usb_out_queue);
 	rbuf_reset(&cardem_inst[0].rb);
 	PIO_Configure(pins_usim1, PIO_LISTSIZE(pins_usim1));
+
+	/* configure USART as ISO-7816 slave (e.g. card) */
 	ISO7816_Init(&cardem_inst[0].usart_info, CLK_SLAVE);
 	NVIC_EnableIRQ(USART1_IRQn);
 	PIO_ConfigureIt(&pin_usim1_rst, usim1_rst_irqhandler);
 	PIO_EnableIt(&pin_usim1_rst);
+
+	/* obtain current RST state */
+	usim1_rst_irqhandler(&pin_usim1_rst);
 #ifndef DETECT_VCC_BY_ADC
 	PIO_ConfigureIt(&pin_usim1_vcc, usim1_vcc_irqhandler);
 	PIO_EnableIt(&pin_usim1_vcc);
+
+	/* obtain current VCC state */
+	usim1_vcc_irqhandler(&pin_usim1_vcc);
+#else
+	do {} while (!adc_triggered); /* wait for first ADC reading */
 #endif /* DETECT_VCC_BY_ADC */
-	cardem_inst[0].ch = card_emu_init(0, 2, 0, SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN, SIMTRACE_CARDEM_USB_EP_USIM1_INT);
+
+	cardem_inst[0].ch = card_emu_init(0, 0, SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN,
+					  SIMTRACE_CARDEM_USB_EP_USIM1_INT, cardem_inst[0].vcc_active,
+					  cardem_inst[0].rst_active, cardem_inst[0].vcc_active);
 	sim_switch_use_physical(0, 1);
 
 #ifdef CARDEMU_SECOND_UART
@@ -428,17 +577,25 @@ void mode_cardemu_init(void)
 	rbuf_reset(&cardem_inst[1].rb);
 	PIO_Configure(pins_usim2, PIO_LISTSIZE(pins_usim2));
 	ISO7816_Init(&cardem_inst[1].usart_info, CLK_SLAVE);
+	/* TODO enable timeout */
 	NVIC_EnableIRQ(USART0_IRQn);
 	PIO_ConfigureIt(&pin_usim2_rst, usim2_rst_irqhandler);
 	PIO_EnableIt(&pin_usim2_rst);
+	usim2_rst_irqhandler(&pin_usim2_rst); /* obtain current RST state */
 #ifndef DETECT_VCC_BY_ADC
 	PIO_ConfigureIt(&pin_usim2_vcc, usim2_vcc_irqhandler);
 	PIO_EnableIt(&pin_usim2_vcc);
+	usim2_vcc_irqhandler(&pin_usim2_vcc); /* obtain current VCC state */
+#else
+	do {} while (!adc_triggered); /* wait for first ADC reading */
 #endif /* DETECT_VCC_BY_ADC */
-	cardem_inst[1].ch = card_emu_init(1, 0, 1, SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN, SIMTRACE_CARDEM_USB_EP_USIM2_INT);
-	sim_switch_use_physical(1, 1);
-#endif /* CARDEMU_SECOND_UART */
 
+	cardem_inst[1].ch = card_emu_init(1, 1, SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN,
+					  SIMTRACE_CARDEM_USB_EP_USIM2_INT, cardem_inst[1].vcc_active,
+					  cardem_inst[1].rst_active, cardem_inst[1].vcc_active);
+	sim_switch_use_physical(1, 1);
+	/* TODO check RST and VCC */
+#endif /* CARDEMU_SECOND_UART */
 }
 
 /* called if config is deactivated */
@@ -487,6 +644,7 @@ static void dispatch_usb_command_cardem(struct msgb *msg, struct cardem_inst *ci
 	struct simtrace_msg_hdr *hdr;
 	struct cardemu_usb_msg_set_atr *atr;
 	struct cardemu_usb_msg_cardinsert *cardins;
+	struct cardemu_usb_msg_config *cfg;
 	struct llist_head *queue;
 
 	hdr = (struct simtrace_msg_hdr *) msg->l1h;
@@ -506,6 +664,7 @@ static void dispatch_usb_command_cardem(struct msgb *msg, struct cardem_inst *ci
 		if (!ci->pin_insert.pio) {
 			TRACE_INFO("%u: skipping unsupported card_insert to %s\r\n",
 				   ci->num, cardins->card_insert ? "INSERTED" : "REMOVED");
+			usb_buf_free(msg);
 			break;
 		}
 		TRACE_INFO("%u: set card_insert to %s\r\n", ci->num,
@@ -517,9 +676,13 @@ static void dispatch_usb_command_cardem(struct msgb *msg, struct cardem_inst *ci
 		usb_buf_free(msg);
 		break;
 	case SIMTRACE_MSGT_BD_CEMU_STATUS:
-		card_emu_report_status(ci->ch);
+		card_emu_report_status(ci->ch, false);
 		usb_buf_free(msg);
 		break;
+	case SIMTRACE_MSGT_BD_CEMU_CONFIG:
+		cfg = (struct cardemu_usb_msg_config *) msg->l2h;
+		card_emu_set_config(ci->ch, cfg, msgb_l2len(msg));
+		break;
 	case SIMTRACE_MSGT_BD_CEMU_STATS:
 	default:
 		/* FIXME: Send Error */
@@ -653,9 +816,10 @@ static void dispatch_received_msg(struct msgb *msg, struct cardem_inst *ci)
 		}
 
 		if (mh->msg_len > msgb_length(msg)) {
-			TRACE_ERROR("%u: Unexpected large message (%u bytes)\n",
+			TRACE_ERROR("%u: Unexpected large message (%u bytes)\r\n",
 					ci->num, mh->msg_len);
 			usb_buf_free(segm);
+			break;
 		} else {
 			uint8_t *cur = msgb_put(segm, mh->msg_len);
 			segm->l1h = segm->head;
@@ -715,6 +879,8 @@ void mode_cardemu_run(void)
 			//TRACE_ERROR("%uRx%02x\r\n", i, byte);
 		}
 
+		process_io_statechg(ci);
+
 		/* first try to send any pending messages on IRQ */
 		usb_refill_to_host(ci->ep_int);
 

firmware/libcommon/source/pseudo_talloc.c

@@ -15,13 +15,16 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
  */
 #include <stdint.h>
+#include <stdio.h>
 
 #include "talloc.h"
 #include "trace.h"
 #include "utils.h"
 #include <osmocom/core/utils.h>
 
-#define NUM_RCTX_SMALL 10
+/* TODO: this number should dynamically scale. We need at least one per IN/IRQ endpoint,
+ * as well as at least 3 for every OUT endpoint.  Plus some more depending on the application */
+#define NUM_RCTX_SMALL 20
 #define RCTX_SIZE_SMALL 348
 
 static uint8_t msgb_data[NUM_RCTX_SMALL][RCTX_SIZE_SMALL] __attribute__((aligned(sizeof(long))));
@@ -63,6 +66,7 @@ int _talloc_free(void *ptr, const char *location)
 		if (ptr == msgb_data[i]) {
 			if (!msgb_inuse[i]) {
 				TRACE_ERROR("%s: double_free by %s\r\n", __func__, location);
+				OSMO_ASSERT(0);
 			} else {
 				msgb_inuse[i] = 0;
 			}
@@ -73,9 +77,24 @@ int _talloc_free(void *ptr, const char *location)
 
 	local_irq_restore(x);
 	TRACE_ERROR("%s: invalid pointer %p from %s\r\n", __func__, ptr, location);
+	OSMO_ASSERT(0);
 	return -1;
 }
 
+void talloc_report(const void *ptr, FILE *f)
+{
+	unsigned int i;
+
+	fprintf(f, "talloc_report(): ");
+	for (i = 0; i < ARRAY_SIZE(msgb_inuse); i++) {
+		if (msgb_inuse[i])
+			fputc('X', f);
+		else
+			fputc('_', f);
+	}
+	fprintf(f, "\r\n");
+}
+
 void talloc_set_name_const(const void *ptr, const char *name)
 {
 	/* do nothing */

firmware/libcommon/source/simtrace_iso7816.c

@@ -71,7 +71,7 @@ void ISR_PhoneRST(const Pin * pPin)
 	     USBD_Write(SIMTRACE_USB_EP_PHONE_INT, "R", 1,
 			(TransferCallback) & Callback_PhoneRST_ISR,
 			0)) != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("USB err status: %d (%s)\n", ret, __FUNCTION__);
+		TRACE_ERROR("USB err status: %d (%s)\r\n", ret, __FUNCTION__);
 		return;
 	}
 
@@ -80,7 +80,7 @@ void ISR_PhoneRST(const Pin * pPin)
 }
 
 /*
- *  char_stat is zero if no error occured.
+ *  char_stat is zero if no error occurred.
  *  Otherwise it is filled with the content of the status register.
  */
 void mode_trace_usart1_irq(void)
@@ -109,8 +109,8 @@ void mode_trace_usart1_irq(void)
 			/* Fill char into buffer */
 			rbuf_write(&sim_rcv_buf, c);
 		} else {
-			TRACE_DEBUG("e %x st: %x\n", c, stat);
-		}		/* else: error occured */
+			TRACE_DEBUG("e %x st: %lx\r\n", c, stat);
+		}		/* else: error occurred */
 
 		char_stat = stat;
 	}
@@ -125,7 +125,7 @@ void update_fidi(Usart_info *usart, uint8_t fidi)
 
 	uint8_t fi = fidi >> 4;
 	uint8_t di = fidi & 0xf;
-	int ratio = compute_fidi_ratio(fi, di);
+	int ratio = iso7816_3_compute_fd_ratio(fi, di);
 
 	if (ratio > 0 && ratio < 0x8000) {
 		/* make sure USART uses new F/D ratio */

firmware/libcommon/source/sniffer.c

@@ -214,8 +214,8 @@ static void update_wt(uint8_t wi, uint8_t d)
 	if (0 != d) {
 		wt_d = d;
 	}
-	wt = wt_wi*960UL*wt_d;
-	TRACE_INFO("WT updated to %lu\n\r", wt);
+	wt = wt_wi * 960UL * wt_d;
+	TRACE_INFO("WT updated to %lu ETU\n\r", wt);
 }
 
 /*! Allocate USB buffer and push + initialize simtrace_msg_hdr
@@ -303,22 +303,10 @@ static void change_state(enum iso7816_3_sniff_state iso_state_new)
 }
 
 const struct value_string data_flags[] = {
-	{
-		.value = SNIFF_DATA_FLAG_ERROR_INCOMPLETE,
-		.str = "incomplete",
-	},
-	{
-		.value = SNIFF_DATA_FLAG_ERROR_MALFORMED,
-		.str = "malformed",
-	},
-	{
-		.value = SNIFF_DATA_FLAG_ERROR_CHECKSUM,
-		.str = "checksum error",
-	},
-	{
-		.value = 0,
-		.str = NULL,
-	},
+	{ SNIFF_DATA_FLAG_ERROR_INCOMPLETE,	"incomplete" },
+	{ SNIFF_DATA_FLAG_ERROR_MALFORMED,	"malformed" },
+	{ SNIFF_DATA_FLAG_ERROR_CHECKSUM,	"checksum error" },
+	{ 0, NULL }
 };
 
 static void print_flags(const struct value_string* flag_meanings, uint32_t nb_flags, uint32_t flags) {
@@ -670,9 +658,10 @@ static void process_byte_pps(uint8_t byte)
 					fn = 1;
 					dn = 1;
 				}
-				TRACE_INFO("PPS negotiation successful: Fn=%u Dn=%u\n\r", fi_table[fn], di_table[dn]);
+				TRACE_INFO("PPS negotiation successful: Fn=%u Dn=%u\n\r",
+					   iso7816_3_fi_table[fn], iso7816_3_di_table[dn]);
 				update_fidi(&sniff_usart, pps_cur[2]);
-				update_wt(0, di_table[dn]);
+				update_wt(0, iso7816_3_di_table[dn]);
 				usb_send_fidi(pps_cur[2]); /* send Fi/Di change notification to host software over USB */
 			} else { /* checksum is invalid */
 				TRACE_INFO("PPS negotiation failed\n\r");

firmware/libcommon/source/stack_check.c

@@ -0,0 +1,14 @@
+#include <stdint.h>
+#include <osmocom/core/panic.h>
+
+/* This is what's minimally required to fix builds on Ubuntu 20.04,
+ * where stack smashing protection is enabled by default when using dpkg
+ * - even when cross-compiling: https://osmocom.org/issues/4687
+ */
+
+uintptr_t __stack_chk_guard = 0xdeadbeef;
+
+void __stack_chk_fail(void)
+{
+	osmo_panic("Stack smashing detected!\r\n");
+}

firmware/libcommon/source/stdio.c

@@ -350,19 +350,23 @@ signed int vsnprintf(char *pStr, size_t length, const char *pFormat, va_list ap)
 			}
 		
 			// Parse type
-			switch (*pFormat) {
-			case 'd': 
-			case 'i': num = PutSignedInt(pStr, fill, width, va_arg(ap, signed int)); break;
-			case 'u': num = PutUnsignedInt(pStr, fill, width, va_arg(ap, unsigned int)); break;
-			case 'x': num = PutHexa(pStr, fill, width, 0, va_arg(ap, unsigned int)); break;
-			case 'X': num = PutHexa(pStr, fill, width, 1, va_arg(ap, unsigned int)); break;
-			case 's': num = PutString(pStr, va_arg(ap, char *)); break;
-			case 'c': num = PutChar(pStr, va_arg(ap, unsigned int)); break;
-			default:
-				return EOF;
-			}
-
-			pFormat++;
+			do {
+				num = 0;
+				switch (*pFormat) {
+				case 'l': num = -1; break; // ignore long qualifier since int == long (and long long is not supported)
+				case 'd':
+				case 'i': num = PutSignedInt(pStr, fill, width, va_arg(ap, signed int)); break;
+				case 'u': num = PutUnsignedInt(pStr, fill, width, va_arg(ap, unsigned int)); break;
+				case 'x': num = PutHexa(pStr, fill, width, 0, va_arg(ap, unsigned int)); break;
+				case 'p': num = PutHexa(pStr, fill, width, 0, va_arg(ap, unsigned long)); break;
+				case 'X': num = PutHexa(pStr, fill, width, 1, va_arg(ap, unsigned int)); break;
+				case 's': num = PutString(pStr, va_arg(ap, char *)); break;
+				case 'c': num = PutChar(pStr, va_arg(ap, unsigned int)); break;
+				default:
+					return EOF;
+				}
+				pFormat++;
+			} while (num < 0);
 			pStr += num;
 			size += num;
 		}
@@ -426,12 +430,17 @@ signed int vsprintf(char *pString, const char *pFormat, va_list ap)
 signed int vfprintf(FILE *pStream, const char *pFormat, va_list ap)
 {
 	char pStr[MAX_STRING_SIZE];
-	char pError[] = "stdio.c: increase MAX_STRING_SIZE\n\r";
 
 	// Write formatted string in buffer
-	if (vsprintf(pStr, pFormat, ap) >= MAX_STRING_SIZE) {
-
-		fputs(pError, stderr);
+	int rc = vsprintf(pStr, pFormat, ap);
+	if (rc < 0) {
+		fputs("format string error in ", stderr);
+		fputs(pFormat, stderr);
+		return rc;
+	}
+	if (rc >= MAX_STRING_SIZE) {
+		fputs("stdio.c: increase MAX_STRING_SIZE\n\r", stderr);
+		return rc;
 	}
 
 	// Display string
@@ -451,12 +460,17 @@ signed int vfprintf(FILE *pStream, const char *pFormat, va_list ap)
 signed int vfprintf_sync(FILE *pStream, const char *pFormat, va_list ap)
 {
 	char pStr[MAX_STRING_SIZE];
-	char pError[] = "stdio.c: increase MAX_STRING_SIZE\n\r";
 
 	// Write formatted string in buffer
-	if (vsprintf(pStr, pFormat, ap) >= MAX_STRING_SIZE) {
-
-		fputs_sync(pError, stderr);
+	int rc = vsprintf(pStr, pFormat, ap);
+	if (rc < 0) {
+		fputs_sync("format string error in ", stderr);
+		fputs_sync(pFormat, stderr);
+		return rc;
+	}
+	if (rc >= MAX_STRING_SIZE) {
+		fputs_sync("stdio.c: increase MAX_STRING_SIZE\n\r", stderr);
+		return rc;
 	}
 
 	// Display string

firmware/libcommon/source/usb.c

@@ -2,7 +2,7 @@
  *         ATMEL Microcontroller Software Support
  * ----------------------------------------------------------------------------
  * Copyright (c) 2009, Atmel Corporation
- * Copyright (c) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * Copyright (c) 2018-2019, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * All rights reserved.
  *
@@ -46,7 +46,10 @@
  *       USB String descriptors 
  *------------------------------------------------------------------------------*/
 #include "usb_strings_generated.h"
+
+// the index of the strings (must match the order in usb_strings.txt)
 enum strDescNum {
+	// static strings from usb_strings
 	MANUF_STR = 1,
 	PRODUCT_STRING,
 	SNIFFER_CONF_STR,
@@ -55,9 +58,82 @@ enum strDescNum {
 	MITM_CONF_STR,
 	CARDEM_USIM1_INTF_STR,
 	CARDEM_USIM2_INTF_STR,
+	CARDEM_USIM3_INTF_STR,
+	CARDEM_USIM4_INTF_STR,
+	// runtime strings
+	SERIAL_STR,
+	VERSION_CONF_STR,
+	VERSION_STR,
+	// count
 	STRING_DESC_CNT
 };
 
+/** array of static (from usb_strings) and runtime (serial, version) USB strings
+ */
+static const unsigned char *usb_strings_extended[ARRAY_SIZE(usb_strings) + 3];
+
+/* USB string for the serial (using 128-bit device ID) */
+static unsigned char usb_string_serial[] = {
+	USBStringDescriptor_LENGTH(32),
+	USBGenericDescriptor_STRING,
+	USBStringDescriptor_UNICODE('0'),
+	USBStringDescriptor_UNICODE('0'),
+	USBStringDescriptor_UNICODE('1'),
+	USBStringDescriptor_UNICODE('1'),
+	USBStringDescriptor_UNICODE('2'),
+	USBStringDescriptor_UNICODE('2'),
+	USBStringDescriptor_UNICODE('3'),
+	USBStringDescriptor_UNICODE('3'),
+	USBStringDescriptor_UNICODE('4'),
+	USBStringDescriptor_UNICODE('4'),
+	USBStringDescriptor_UNICODE('5'),
+	USBStringDescriptor_UNICODE('5'),
+	USBStringDescriptor_UNICODE('6'),
+	USBStringDescriptor_UNICODE('6'),
+	USBStringDescriptor_UNICODE('7'),
+	USBStringDescriptor_UNICODE('7'),
+	USBStringDescriptor_UNICODE('8'),
+	USBStringDescriptor_UNICODE('8'),
+	USBStringDescriptor_UNICODE('9'),
+	USBStringDescriptor_UNICODE('9'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('b'),
+	USBStringDescriptor_UNICODE('b'),
+	USBStringDescriptor_UNICODE('c'),
+	USBStringDescriptor_UNICODE('c'),
+	USBStringDescriptor_UNICODE('d'),
+	USBStringDescriptor_UNICODE('d'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE('f'),
+	USBStringDescriptor_UNICODE('f'),
+};
+
+/* USB string for the version */
+static const unsigned char usb_string_version_conf[] = {
+	USBStringDescriptor_LENGTH(16),
+	USBGenericDescriptor_STRING,
+	USBStringDescriptor_UNICODE('f'),
+	USBStringDescriptor_UNICODE('i'),
+	USBStringDescriptor_UNICODE('r'),
+	USBStringDescriptor_UNICODE('m'),
+	USBStringDescriptor_UNICODE('w'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('r'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE(' '),
+	USBStringDescriptor_UNICODE('v'),
+	USBStringDescriptor_UNICODE('e'),
+	USBStringDescriptor_UNICODE('r'),
+	USBStringDescriptor_UNICODE('s'),
+	USBStringDescriptor_UNICODE('i'),
+	USBStringDescriptor_UNICODE('o'),
+	USBStringDescriptor_UNICODE('n'),
+};
+static const char git_version[] = GIT_VERSION;
+static unsigned char usb_string_version[2 + ARRAY_SIZE(git_version) * 2 - 2];
+
 /*------------------------------------------------------------------------------
  *       USB Device descriptors 
  *------------------------------------------------------------------------------*/
@@ -523,6 +599,40 @@ static const SIMTraceDriverConfigurationDescriptorMITM
 };
 #endif /* HAVE_CARDEM */
 
+/* USB descriptor just to show the version */
+typedef struct _SIMTraceDriverConfigurationDescriptorVersion {
+	/** Standard configuration descriptor. */
+	USBConfigurationDescriptor configuration;
+	USBInterfaceDescriptor version;
+} __attribute__ ((packed)) SIMTraceDriverConfigurationDescriptorVersion;
+
+static const SIMTraceDriverConfigurationDescriptorVersion
+				configurationDescriptorVersion = {
+	/* Standard configuration descriptor for the interface descriptor*/
+	.configuration = {
+		.bLength 		= sizeof(USBConfigurationDescriptor),
+		.bDescriptorType	= USBGenericDescriptor_CONFIGURATION,
+		.wTotalLength		= sizeof(SIMTraceDriverConfigurationDescriptorVersion),
+		.bNumInterfaces		= 1,
+		.bConfigurationValue	= CFG_NUM_VERSION,
+		.iConfiguration		= VERSION_CONF_STR,
+		.bmAttributes		= USBD_BMATTRIBUTES,
+		.bMaxPower		= USBConfigurationDescriptor_POWER(100),
+	},
+	/* Interface standard descriptor just holding the version information */
+	.version = {
+		.bLength = sizeof(USBInterfaceDescriptor),
+		.bDescriptorType 	= USBGenericDescriptor_INTERFACE,
+		.bInterfaceNumber	= 0,
+		.bAlternateSetting	= 0,
+		.bNumEndpoints		= 0,
+		.bInterfaceClass	= USB_CLASS_PROPRIETARY,
+		.bInterfaceSubClass	= 0xff,
+		.bInterfaceProtocol	= 0,
+		.iInterface		= VERSION_STR,
+	},
+};
+
 const USBConfigurationDescriptor *configurationDescriptorsArr[] = {
 #ifdef HAVE_SNIFFER
 	&configurationDescriptorSniffer.configuration,
@@ -536,6 +646,7 @@ const USBConfigurationDescriptor *configurationDescriptorsArr[] = {
 #ifdef HAVE_MITM
 	&configurationDescriptorMITM.configuration,
 #endif
+	&configurationDescriptorVersion.configuration,
 };
 
 /** Standard USB device descriptor for the CDC serial driver */
@@ -552,7 +663,7 @@ const USBDeviceDescriptor deviceDescriptor = {
 	.bcdDevice		= 2,	/* Release number */
 	.iManufacturer		= MANUF_STR,
 	.iProduct		= PRODUCT_STRING,
-	.iSerialNumber		= 0,
+	.iSerialNumber		= SERIAL_STR,
 	.bNumConfigurations	= ARRAY_SIZE(configurationDescriptorsArr),
 };
 
@@ -566,8 +677,8 @@ static const USBDDriverDescriptors driverDescriptors = {
 	0,			/* No high-speed configuration descriptor */
 	0,			/* No high-speed device qualifier descriptor */
 	0,			/* No high-speed other speed configuration descriptor */
-	usb_strings,
-	ARRAY_SIZE(usb_strings),/* cnt string descriptors in list */
+	usb_strings_extended,
+	ARRAY_SIZE(usb_strings_extended),/* cnt string descriptors in list */
 };
 
 /*----------------------------------------------------------------------------
@@ -576,7 +687,7 @@ static const USBDDriverDescriptors driverDescriptors = {
 
 void SIMtrace_USB_Initialize(void)
 {
-
+	unsigned int i;
 	/* Signal USB reset by disabling the pull-up on USB D+ for at least 10 ms */
 #ifdef PIN_USB_PULLUP
 	const Pin usb_dp_pullup = PIN_USB_PULLUP;
@@ -593,6 +704,32 @@ void SIMtrace_USB_Initialize(void)
 	// Get std USB driver
 	USBDDriver *pUsbd = USBD_GetDriver();
 
+	// put device ID into USB serial number description
+	unsigned int device_id[4];
+	EEFC_ReadUniqueID(device_id);
+	char device_id_string[32 + 1];
+	snprintf(device_id_string, ARRAY_SIZE(device_id_string), "%08x%08x%08x%08x",
+		device_id[0], device_id[1], device_id[2], device_id[3]);
+	for (i = 0; i < ARRAY_SIZE(device_id_string) - 1; i++) {
+		usb_string_serial[2 + 2 * i] = device_id_string[i];
+	}
+
+	// put version into USB string
+	usb_string_version[0] = USBStringDescriptor_LENGTH(ARRAY_SIZE(git_version) - 1);
+	usb_string_version[1] = USBGenericDescriptor_STRING;
+	for (i = 0; i < ARRAY_SIZE(git_version) - 1; i++) {
+		usb_string_version[2 + i * 2 + 0] = git_version[i];
+		usb_string_version[2 + i * 2 + 1] = 0;
+	}
+
+	// fill extended USB strings
+	for (i = 0; i < ARRAY_SIZE(usb_strings) && i < ARRAY_SIZE(usb_strings_extended); i++) {
+		usb_strings_extended[i] = usb_strings[i];
+	}
+	usb_strings_extended[SERIAL_STR] = usb_string_serial;
+	usb_strings_extended[VERSION_CONF_STR] = usb_string_version_conf;
+	usb_strings_extended[VERSION_STR] = usb_string_version;
+
 	// Initialize standard USB driver
 	USBDDriver_Initialize(pUsbd, &driverDescriptors, 0);	// Multiple interface settings not supported
 	USBD_Init();

firmware/libcommon/source/usb_buf.c

@@ -24,6 +24,7 @@
 #include <errno.h>
 
 #define USB_ALLOC_SIZE	280
+#define USB_MAX_QLEN	3
 
 static struct usb_buffered_ep usb_buffered_ep[BOARD_USB_NUMENDPOINTS];
 
@@ -78,7 +79,18 @@ int usb_buf_submit(struct msgb *msg)
 
 	/* no need for irqsafe operation, as the usb_tx_queue is
 	 * processed only by the main loop context */
-	msgb_enqueue(&ep->queue, msg);
+
+	if (ep->queue_len >= USB_MAX_QLEN) {
+		struct msgb *evict;
+		/* free the first pending buffer in the queue */
+		TRACE_INFO("EP%02x: dropping first queue element (qlen=%u)\r\n",
+			   ep->ep, ep->queue_len);
+		evict = msgb_dequeue_count(&ep->queue, &ep->queue_len);
+		OSMO_ASSERT(evict);
+		usb_buf_free(evict);
+	}
+
+	msgb_enqueue_count(&ep->queue, msg, &ep->queue_len);
 	return 0;
 }
 
@@ -89,5 +101,6 @@ void usb_buf_init(void)
 	for (i = 0; i < ARRAY_SIZE(usb_buffered_ep); i++) {
 		struct usb_buffered_ep *ep = &usb_buffered_ep[i];
 		INIT_LLIST_HEAD(&ep->queue);
+		ep->ep = i;
 	}
 }

firmware/libosmocore/include/osmocom/core/msgb.h

@@ -80,6 +80,49 @@ extern int msgb_resize_area(struct msgb *msg, uint8_t *area,
 extern struct msgb *msgb_copy(const struct msgb *msg, const char *name);
 static int msgb_test_invariant(const struct msgb *msg) __attribute__((pure));
 
+/*! Free all msgbs from a queue built with msgb_enqueue().
+ * \param[in] queue  list head of a msgb queue.
+ */
+static inline void msgb_queue_free(struct llist_head *queue)
+{
+	struct msgb *msg;
+	while ((msg = msgb_dequeue(queue))) msgb_free(msg);
+}
+
+/*! Enqueue message buffer to tail of a queue and increment queue size counter
+ * \param[in] queue linked list header of queue
+ * \param[in] msg message buffer to be added to the queue
+ * \param[in] count pointer to variable holding size of the queue
+ *
+ * The function will append the specified message buffer \a msg to the queue
+ * implemented by \ref llist_head \a queue using function \ref msgb_enqueue_count,
+ * then increment \a count
+ */
+static inline void msgb_enqueue_count(struct llist_head *queue, struct msgb *msg,
+					unsigned int *count)
+{
+	msgb_enqueue(queue, msg);
+	(*count)++;
+}
+
+/*! Dequeue message buffer from head of queue and decrement queue size counter
+ * \param[in] queue linked list header of queue
+ * \param[in] count pointer to variable holding size of the queue
+ * \returns message buffer (if any) or NULL if queue empty
+ *
+ * The function will remove the first message buffer from the queue
+ * implemented by \ref llist_head \a queue using function \ref msgb_enqueue_count,
+ * and decrement \a count, all if queue is not empty.
+ */
+static inline struct msgb *msgb_dequeue_count(struct llist_head *queue,
+						unsigned int *count)
+{
+	struct msgb *msg = msgb_dequeue(queue);
+	if (msg)
+		(*count)--;
+	return msg;
+}
+
 #ifdef MSGB_DEBUG
 #include <osmocom/core/panic.h>
 #define MSGB_ABORT(msg, fmt, args ...) do {		\

firmware/libosmocore/source/panic.c

@@ -46,7 +46,7 @@ static osmo_panic_handler_t osmo_panic_handler = (void*)0;
 __attribute__ ((format (printf, 1, 0)))
 static void osmo_panic_default(const char *fmt, va_list args)
 {
-	vfprintf(stderr, fmt, args);
+	vfprintf_sync(stderr, fmt, args);
 	osmo_generate_backtrace();
 	assert(0);
 }

firmware/test/Makefile

@@ -11,12 +11,12 @@ CFLAGS=-g -Wall $(LIBOSMOCORE_CFLAGS) \
 	-I../libboard/common/include \
 	-I../libboard/simtrace/include \
 	-I.
-LDFLAGS=$(LIBOSMOCORE_LIBS)
+LIBS=$(LIBOSMOCORE_LIBS)
 
 VPATH=../src_simtrace ../libcommon/source
 
 card_emu_test:	card_emu_tests.hobj card_emu.hobj usb_buf.hobj iso7816_fidi.hobj
-	$(CC) $(LDFLAGS) -o $@ $^
+	$(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
 
 %.hobj: %.c
 	$(CC) $(CFLAGS) -o $@ -c $^

firmware/test/card_emu_tests.c

@@ -13,7 +13,23 @@
 #define PHONE_INT	2
 #define PHONE_DATAOUT	3
 
-/* stub functions required by card_emu.c */
+/* stub for stdio */
+signed int printf_sync(const char *pFormat, ...)
+{
+	va_list ap;
+	signed int result;
+
+	va_start(ap, pFormat);
+	result = vprintf(pFormat, ap);
+	va_end(ap);
+
+	return result;
+}
+
+
+/***********************************************************************
+ * stub functions required by card_emu.c
+ ***********************************************************************/
 
 void card_emu_uart_wait_tx_idle(uint8_t uart_chan)
 {
@@ -30,6 +46,7 @@ int card_emu_uart_update_fidi(uint8_t uart_chan, unsigned int fidi)
 static uint8_t tx_debug_buf[1024];
 static unsigned int tx_debug_buf_idx;
 
+/* the card emulator wants to send some data to the host [reader] */
 int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte)
 {
 	printf("UART_TX(%02x)\n", byte);
@@ -37,13 +54,6 @@ int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte)
 	return 1;
 }
 
-static void reader_check_and_clear(const uint8_t *data, unsigned int len)
-{
-	assert(len == tx_debug_buf_idx);
-	assert(!memcmp(tx_debug_buf, data, len));
-	tx_debug_buf_idx = 0;
-}
-
 void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 {
 	char *rts;
@@ -54,6 +64,9 @@ void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 	case ENABLE_TX:
 		rts = "TX";
 		break;
+	case ENABLE_TX_TIMER_ONLY:
+		rts = "TX-TIMER-ONLY";
+		break;
 	case ENABLE_RX:
 		rts = "RX";
 		break;
@@ -70,32 +83,31 @@ void card_emu_uart_interrupt(uint8_t uart_chan)
 	printf("uart_interrupt(uart_chan=%u)\n", uart_chan);
 }
 
-void tc_etu_set_wtime(uint8_t tc_chan, uint16_t wtime)
+void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt)
 {
-	printf("tc_etu_set_wtime(tc_chan=%u, wtime=%u)\n", tc_chan, wtime);
+	printf("%s(uart_chan=%u, wtime=%u)\n", __func__, uart_chan, wt);
 }
 
-void tc_etu_set_etu(uint8_t tc_chan, uint16_t etu)
+void card_emu_uart_reset_wt(uint8_t uart_chan)
 {
-	printf("tc_etu_set_etu(tc_chan=%u, etu=%u)\n", tc_chan, etu);
+	printf("%s(uart_chan=%u\n", __func__, uart_chan);
 }
 
-void tc_etu_init(uint8_t chan_nr, void *handle)
+
+
+/***********************************************************************
+ * test helper functions
+ ***********************************************************************/
+
+
+static void reader_check_and_clear(const uint8_t *data, unsigned int len)
 {
-	printf("tc_etu_init(tc_chan=%u)\n", chan_nr);
+	assert(len == tx_debug_buf_idx);
+	assert(!memcmp(tx_debug_buf, data, len));
+	tx_debug_buf_idx = 0;
 }
 
-void tc_etu_enable(uint8_t chan_nr)
-{
-	printf("tc_etu_enable(tc_chan=%u)\n", chan_nr);
-}
-
-void tc_etu_disable(uint8_t chan_nr)
-{
-	printf("tc_etu_disable(tc_chan=%u)\n", chan_nr);
-}
-
-const uint8_t atr[] = { 0x3b, 0x02, 0x14, 0x50 };
+static const uint8_t atr[] = { 0x3b, 0x02, 0x14, 0x50 };
 
 static int verify_atr(struct card_handle *ch)
 {
@@ -126,10 +138,11 @@ static void io_start_card(struct card_handle *ch)
 	/* release from reset and verify th ATR */
 	card_emu_io_statechg(ch, CARD_IO_RST, 0);
 	/* simulate waiting time before ATR expired */
-	tc_etu_wtime_expired(ch);
+	card_emu_wtime_expired(ch);
 	verify_atr(ch);
 }
 
+/* emulate the host/reader sending some bytes to the [emulated] card */
 static void reader_send_bytes(struct card_handle *ch, const uint8_t *bytes, unsigned int len)
 {
 	unsigned int i;
@@ -166,14 +179,14 @@ static void dump_rctx(struct msgb *msg)
 
 static void get_and_verify_rctx(uint8_t ep, const uint8_t *data, unsigned int len)
 {
-	struct llist_head *queue = usb_get_queue(ep);
+	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
 	struct msgb *msg;
 	struct cardemu_usb_msg_tx_data *td;
 	struct cardemu_usb_msg_rx_data *rd;
 	struct simtrace_msg_hdr *mh;
 
-	assert(queue);
-	msg = msgb_dequeue(queue);
+	assert(bep);
+	msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
 	assert(msg);
 	dump_rctx(msg);
 	assert(msg->l1h);
@@ -203,13 +216,13 @@ static void get_and_verify_rctx(uint8_t ep, const uint8_t *data, unsigned int le
 
 static void get_and_verify_rctx_pps(const uint8_t *data, unsigned int len)
 {
-	struct llist_head *queue = usb_get_queue(PHONE_DATAIN);
+	struct usb_buffered_ep *bep = usb_get_buf_ep(PHONE_DATAIN);
 	struct msgb *msg;
 	struct simtrace_msg_hdr *mh;
 	struct cardemu_usb_msg_pts_info *ptsi;
 
-	assert(queue);
-	msg = msgb_dequeue(queue);
+	assert(bep);
+	msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
 	assert(msg);
 	dump_rctx(msg);
 	assert(msg->l1h);
@@ -397,7 +410,7 @@ int main(int argc, char **argv)
 	struct card_handle *ch;
 	unsigned int i;
 
-	ch = card_emu_init(0, 23, 42, PHONE_DATAIN, PHONE_INT);
+	ch = card_emu_init(0, 42, PHONE_DATAIN, PHONE_INT, false, true, false);
 	assert(ch);
 
 	usb_buf_init();